函数逻辑报告 |
Source Code:include\linux\audit.h |
Create Date:2022-07-27 08:09:12 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| 首页 | 函数Tree |
| 注解内核,赢得工具 | 下载SCCT | English |
函数名称:audit_context
函数原型:static inline struct audit_context *audit_context(void)
返回类型:struct audit_context
参数:无
| 540 | 返回:NULL |
| 名称 | 描述 |
|---|---|
| audit_log_config_change | |
| audit_log_feature_change | |
| audit_receive_msg | |
| audit_log_path_denied | audit_log_path_denied - report a path restriction denial*@type: audit message type (AUDIT_ANOM_LINK, AUDIT_ANOM_CREAT, etc)*@operation: specific operation name |
| audit_log_set_loginuid | |
| audit_log_rule_change | Log rule additions and removals |
| audit_log_proctitle | |
| audit_log_exit | |
| __audit_syscall_entry | __audit_syscall_entry - fill in an audit record at syscall entry*@major: major syscall type (function)*@a1: additional syscall register 1*@a2: additional syscall register 2*@a3: additional syscall register 3*@a4: additional syscall register 4 |
| __audit_syscall_exit | __audit_syscall_exit - deallocate audit context after a system call*@success: success value of the syscall*@return_code: return value of the syscall* Tear down after system call |
| handle_one | |
| handle_path | |
| __audit_reusename | __audit_reusename - fill out filename with info from existing entry*@uptr: userland ptr to pathname* Search the audit_names list for the current audit context. If there is an* existing entry with a matching "uptr" then return the filename |
| __audit_getname | __audit_getname - add a name to the list*@name: name to add* Add a name to the list of audit names for this context.* Called from fs/namei.c:getname(). |
| __audit_inode | __audit_inode - store the inode and device from a lookup*@name: name being audited*@dentry: dentry being audited*@flags: attributes for this particular entry |
| __audit_inode_child | __audit_inode_child - collect inode info for created/removed objects*@parent: inode of dentry parent*@dentry: dentry being audited*@type: AUDIT_TYPE_* value that we're looking for* For syscalls that create or remove filesystem objects, audit_inode |
| __audit_mq_open | __audit_mq_open - record audit data for a POSIX MQ open*@oflag: open flag*@mode: mode bits*@attr: queue attributes |
| __audit_mq_sendrecv | __audit_mq_sendrecv - record audit data for a POSIX MQ timed send/receive*@mqdes: MQ descriptor*@msg_len: Message length*@msg_prio: Message priority*@abs_timeout: Message timeout in absolute time |
| __audit_mq_notify | __audit_mq_notify - record audit data for a POSIX MQ notify*@mqdes: MQ descriptor*@notification: Notification event |
| __audit_mq_getsetattr | __audit_mq_getsetattr - record audit data for a POSIX MQ get/set attribute*@mqdes: MQ descriptor*@mqstat: MQ flags |
| __audit_ipc_obj | __audit_ipc_obj - record audit data for ipc object*@ipcp: ipc permissions |
| __audit_ipc_set_perm | __audit_ipc_set_perm - record audit data for new ipc permissions*@qbytes: msgq bytes*@uid: msgq user id*@gid: msgq group id*@mode: msgq mode (permissions)* Called only after audit_ipc_obj(). |
| __audit_bprm | |
| __audit_socketcall | __audit_socketcall - record audit data for sys_socketcall*@nargs: number of args, which should not be more than AUDITSC_ARGS.*@args: args array |
| __audit_fd_pair | __audit_fd_pair - record audit data for pipe and socketpair*@fd1: the first file descriptor*@fd2: the second file descriptor |
| __audit_sockaddr | __audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto*@len: data length in user space*@a: data address in kernel space* Returns 0 for success or NULL context or < 0 on error. |
| __audit_ptrace | |
| audit_signal_info_syscall | audit_signal_info_syscall - record signal info for syscalls*@t: task being signaled* If the audit subsystem is being terminated, record the task (pid)* and uid that is doing that. |
| __audit_log_bprm_fcaps | __audit_log_bprm_fcaps - store information about a loading bprm and relevant fcaps*@bprm: pointer to the bprm being processed*@new: the proposed new credentials*@old: the old credentials* Simply check if the proc already has the caps given by the file and |
| __audit_log_capset | __audit_log_capset - store information about the arguments to the capset syscall*@new: the new credentials*@old: the old (current) credentials* Record the arguments userspace sent to sys_capset for later printing by the* audit system if applicable |
| __audit_mmap_fd | |
| __audit_log_kern_module | |
| __audit_fanotify | |
| __audit_tk_injoffset | |
| audit_log_ntp_val | |
| audit_core_dumps | audit_core_dumps - record information about processes that end abnormally*@signr: signal value* If a process ends with a core dump, something fishy is going on and we* should record the event for investigation. |
| audit_seccomp | audit_seccomp - record information about a seccomp action*@syscall: syscall number*@signr: signal value*@code: the seccomp action* Record the information associated with a seccomp action. Event filtering for |
| audit_seccomp_actions_logged | |
| audit_killed_trees | |
| audit_watch_log_rule_change | |
| audit_update_watch | Update inode info in audit rules based on filesystem event. |
| audit_mark_log_rule_change | |
| trim_marked | rim the uncommitted chunks from tree |
| evict_chunk | Here comes the stuff asynchronous to auditctl operations |
| selinux_inode_setxattr | |
| selinux_setprocattr | |
| sel_write_load | |
| common_lsm_audit | mmon_lsm_audit - generic LSM auditing function*@a: auxiliary audit data*@pre_audit: lsm-specific pre-audit callback*@post_audit: lsm-specific post-audit callback* setup the audit buffer for common security information* uses callback to print LSM specific |
| integrity_audit_msg | |
| ima_audit_measurement | |
| ima_parse_rule |
| 源代码转换工具 开放的插件接口 | X |
|---|---|
| 支持:c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现:逻辑报告 代码生成和批量转换代码 |