Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:security\apparmor\audit.c Create Date:2022-07-28 19:50:19
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:aa_audit - Log a profile based audit event to the audit subsystem*@type: audit type for the message*@profile: profile to check against (NOT NULL)*@sa: audit event (NOT NULL)*@cb: optional callback fn for type specific fields (MAYBE NULL)* Handle default

Proto:int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, void (*cb)(struct audit_buffer *, void *))

Type:int

Parameter:

TypeParameterName
inttype
struct aa_profile *profile
struct common_audit_data *sa
void (*cb
128  AA_BUG(!profile)
130  If type == AUDIT_APPARMOR_AUTO Then
132  If AUDIT_MODE(profile) != AUDIT_ALL Then Return 0
135  Else if COMPLAIN_MODE(profile) Then type = AUDIT_APPARMOR_ALLOWED
137  Else type = AUDIT_APPARMOR_DENIED
140  If AUDIT_MODE(profile) == quiet all messages || type == AUDIT_APPARMOR_DENIED && AUDIT_MODE(profile) == quiet all messages Then Return error
145  If KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED Then type = AUDIT_APPARMOR_KILL
148  label = label
150  aa_audit_msg - Log a message to the audit subsystem*@sa: audit event structure (NOT NULL)*@cb: optional callback fn for type specific fields (MAYBE NULL)
152  If type == AUDIT_APPARMOR_KILL Then These are for backward compatibility with the rest of the kernel source.
157  If type == AUDIT_APPARMOR_ALLOWED Then Return complain_error(error)
160  Return error
Caller
NameDescribe
audit_capsaudit_caps - audit a capability*@sa: audit data*@profile: profile being tested for confinement (NOT NULL)*@cap: capability tested*@error: error code returned by test* Do auditing of capability and handle, audit/complain/kill modes switching
profile_tracer_perm
audit_ifaceaudit_iface - do audit message for policy unpacking/load/replace/remove*@new: profile if it has been allocated (MAYBE NULL)*@ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)*@name: name of the profile being manipulated (MAYBE
audit_resourceaudit_resource - audit setting resource limit*@profile: profile being enforced (NOT NULL)*@resource: rlimit being auditing*@value: value being set*@error: error value* Returns: 0 or sa->error else other error code on failure
aa_audit_fileaa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being
audit_mountaudit_mount - handle the auditing of mount operations*@profile: the profile being enforced (NOT NULL)*@op: operation being mediated (NOT NULL)*@name: name of object being mediated (MAYBE NULL)*@src_name: src_name of object being mediated