Function report |
Source Code:security\apparmor\audit.c |
Create Date:2022-07-28 19:50:19 |
Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
home page | Tree |
Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:aa_audit - Log a profile based audit event to the audit subsystem*@type: audit type for the message*@profile: profile to check against (NOT NULL)*@sa: audit event (NOT NULL)*@cb: optional callback fn for type specific fields (MAYBE NULL)* Handle default
Proto:int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, void (*cb)(struct audit_buffer *, void *))
Type:int
Parameter:
Type | Parameter | Name |
---|---|---|
int | type | |
struct aa_profile * | profile | |
struct common_audit_data * | sa | |
void (* | cb |
130 | If type == AUDIT_APPARMOR_AUTO Then |
131 | If Value is more likely to compile time(!error) Then |
132 | If AUDIT_MODE(profile) != AUDIT_ALL Then Return 0 |
134 | type = AUDIT_APPARMOR_AUDIT |
135 | Else if COMPLAIN_MODE(profile) Then type = AUDIT_APPARMOR_ALLOWED |
137 | Else type = AUDIT_APPARMOR_DENIED |
140 | If AUDIT_MODE(profile) == quiet all messages || type == AUDIT_APPARMOR_DENIED && AUDIT_MODE(profile) == quiet all messages Then Return error |
145 | If KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED Then type = AUDIT_APPARMOR_KILL |
152 | If type == AUDIT_APPARMOR_KILL Then These are for backward compatibility with the rest of the kernel source. |
157 | If type == AUDIT_APPARMOR_ALLOWED Then Return complain_error(error) |
160 | Return error |
Name | Describe |
---|---|
audit_caps | audit_caps - audit a capability*@sa: audit data*@profile: profile being tested for confinement (NOT NULL)*@cap: capability tested*@error: error code returned by test* Do auditing of capability and handle, audit/complain/kill modes switching |
profile_tracer_perm | |
audit_iface | audit_iface - do audit message for policy unpacking/load/replace/remove*@new: profile if it has been allocated (MAYBE NULL)*@ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)*@name: name of the profile being manipulated (MAYBE |
audit_resource | audit_resource - audit setting resource limit*@profile: profile being enforced (NOT NULL)*@resource: rlimit being auditing*@value: value being set*@error: error value* Returns: 0 or sa->error else other error code on failure |
aa_audit_file | aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being |
audit_mount | audit_mount - handle the auditing of mount operations*@profile: the profile being enforced (NOT NULL)*@op: operation being mediated (NOT NULL)*@name: name of object being mediated (MAYBE NULL)*@src_name: src_name of object being mediated |
Source code conversion tool public plug-in interface | X |
---|---|
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |