__audit_syscall_entry

Name:__audit_syscall_entry - fill in an audit record at syscall entry*@major: major syscall type (function)*@a1: additional syscall register 1*@a2: additional syscall register 2*@a3: additional syscall register 3*@a4: additional syscall register 4

Proto:void __audit_syscall_entry(int major, unsigned long a1, unsigned long a2, unsigned long a3, unsigned long a4)

Type:void

Parameter:

Type	Parameter	Name
int	major
unsigned long	a1
unsigned long	a2
unsigned long	a3
unsigned long	a4

1631

context = audit_context()

1634

If Not audit_enabled || Not context Then Return

1637

BUG_ON(1 if task is in a syscall || al records in names_list )

1639

1640

If state == Do not create per-task audit_context.* No syscall-specific audit records can* be generated. Then Return

1643

must be the first element = Not umber of audit rules

1644

If Not must be the first element && state == Create the per-task audit_context,* and fill it in at syscall* entry time. This makes a full* syscall record available if some* other part of the kernel decides it* should be recorded. Then

1645

prio = 0

1646

If auditd_test_task - Check to see if a given task is an audit daemon*@task: the task to check* Description:* Return 1 if the task is a registered audit daemon, 0 otherwise. Then Return

1650

arch = syscall_get_arch(current process)

1651

syscall number = major

1652

syscall arguments [0] = a1

1653

syscall arguments [1] = a2

1654

syscall arguments [2] = a3

1655

syscall arguments [3] = a4

1656

serial number for record = 0

1657

1 if task is in a syscall = 1

1658

current_state = state

1659

Save things to print about task_struct = 0

1660

ktime_get_coarse_real_ts64( & ime of syscall entry )

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion