audit_log_execve

Name:audit_log_execve_info

Proto:static void audit_log_execve_info(struct audit_context *context, struct audit_buffer **ab)

Type:void

Parameter:

Type	Parameter	Name
struct audit_context *	context
struct audit_buffer **	ab

1041

If len_full == 0 Then len_full = Get the size of a string in user space - 1

1045

If require_data Then

1047

If buf != buf_head Then

1048

memmove(buf_head, buf, len_buf)

1049

buf = buf_head

1053

len_tmp = Copy a NUL terminated string from userspace

1055

If len_tmp == -EFAULT Then

1057

send_sig(SIGKILL, current process, 0)

1058

Go to out

1059

Else if len_tmp == len_max - len_buf Then

1061

require_data = true

1066

encode = true

1067

len_full = len_full * 2

1068

p += len_tmp

1069

Else

1070

require_data = false

1071

If Not encode Then encode = audit_string_contains_control - does a string need to be logged in hex*@string: string to be checked*@len: max length of the string to check

1075

If len_full < len_max Then len_full = If encode Then len_tmp * 2 Else len_tmp

1078

p += len_tmp + 1

1080

len_buf += len_tmp

1081

buf_head[len_buf] = '\0'

1084

len_abuf = If encode Then len_buf * 2 Else len_buf + 2

1088

If len_buf >= 0 Then

1093

If size of abuf + 8 > len_rem Then

1094

len_rem = len_max

1095

audit_log_end - end one audit record*@ab: the audit_buffer* We can not do a netlink send inside an irq context because it blocks (last* arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed on a* queue and a tasklet is scheduled to remove

1096

ab = audit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error

1098

If Not ab Then Go to out

1103

len_tmp = 0

1104

If require_data || iter > 0 || len_abuf + size of abuf > len_rem Then

1106

If iter == 0 Then

1107

len_tmp += snprintf - Format a string and place it in a buffer*@buf: The buffer to place the result into*@size: The size of the buffer, including the trailing null space*@fmt: The format string to use*@

1112

1115

Else len_tmp += snprintf - Format a string and place it in a buffer*@buf: The buffer to place the result into*@size: The size of the buffer, including the trailing null space*@fmt: The format string to use*@

1119

WARN_ON(len_tmp >= size of abuf )

1120

abuf[ size of abuf - 1] = '\0'

1123

audit_log_format - format a message into the audit buffer.*@ab: audit_buffer*@fmt: format string*@...: optional parameters matching @fmt string* All the work is done in audit_log_vformat.

1124

len_rem -= len_tmp

1125

len_tmp = len_buf

1126

If encode Then

1127

If len_abuf > len_rem Then len_tmp = len_rem / 2

1129

audit_log_n_hex - convert a buffer to hex and append it to the audit skb*@ab: the audit_buffer*@buf: buffer to convert to hex*@len: length of @buf to be converted* No return value; failure to expand is silently ignored

1130

len_rem -= len_tmp * 2

1131

len_abuf -= len_tmp * 2

1132

Else

1133

If len_abuf > len_rem Then len_tmp = len_rem - 2

1135

Format a string of no more than slen characters into the audit buffer,* enclosed in quote marks.

1136

len_rem -= len_tmp + 2

1139

len_abuf -= len_tmp

1141

len_buf -= len_tmp

1142

buf += len_tmp

1146

If len_buf == 0 && Not require_data Then

1147

arg++

1148

iter = 0

1149

len_full = 0

1150

require_data = true

1151

encode = false

Function report