函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-27 12:26:59
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:发送审计信息,并释放缓冲区

函数原型:void audit_log_end(struct audit_buffer *ab)

返回类型:void

参数:

类型参数名称
struct audit_buffer *ab
2307  如果非ab则返回
2310  如果audit_rate_check()则
2311  skb等于rmatted skb ready to send
2312  rmatted skb ready to send = NULL
2316  nlh等于nlmsg_hdr(skb)
2317  Length of message including header 等于lenNLMSG_HDRLEN
2320  列表末尾的缓冲区
2321  wake_up_interruptible( & kauditd_wait)
2322  否则audit_log_lost - conditionally log lost audit message event*@message: the message stating reason for lost audit message* Emit at least 1 message per second, even if audit_rate_check is* throttling.* Always increment the lost messages counter.
2325  audit_buffer_free(ab)
调用者
名称描述
audit_log_config_change
audit_log_feature_change
audit_receive_msg
audit_log_path_deniedaudit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name
audit_log_set_loginuid
audit_logaudit_log - Log an audit record*@ctx: audit context*@gfp_mask: type of allocation*@type: audit message type*@fmt: format string to use*@...: variable parameters matching the format string* This is a convenience function that calls audit_log_start,
audit_log_rule_changeLog rule additions and removals
audit_log_pid_context
audit_log_execve_info
show_special
audit_log_nameaudit_log_name - produce AUDIT_PATH record from struct audit_names*@context: audit_context for the task*@n: audit_names structure with reportable details*@path: optional path to report instead of audit_names->name*@record_num: record number to report when
audit_log_proctitle
audit_log_exit
audit_core_dumpsaudit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation.
audit_seccompaudit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for
audit_seccomp_actions_logged
audit_watch_log_rule_change
audit_mark_log_rule_change
audit_tree_log_remove_rule
selinux_setprocattr
common_lsm_auditmmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific
integrity_audit_msg
ima_audit_measurement
ima_parse_rule
selinux_inode_setxattr