Function report |
Source Code:security\apparmor\audit.c |
Create Date:2022-07-28 19:50:19 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:aa_audit - Log a profile based audit event to the audit subsystem*@type: audit type for the message*@profile: profile to check against (NOT NULL)*@sa: audit event (NOT NULL)*@cb: optional callback fn for type specific fields (MAYBE NULL)* Handle default
Proto:int aa_audit(int type, struct aa_profile *profile, struct common_audit_data *sa, void (*cb)(struct audit_buffer *, void *))
Type:int
Parameter:
| Type | Parameter | Name |
|---|---|---|
| int | type | |
| struct aa_profile * | profile | |
| struct common_audit_data * | sa | |
| void (* | cb |
| 130 | If type == AUDIT_APPARMOR_AUTO Then |
| 131 | If Value is more likely to compile time(!error) Then |
| 132 | If AUDIT_MODE(profile) != AUDIT_ALL Then Return 0 |
| 134 | type = AUDIT_APPARMOR_AUDIT |
| 135 | Else if COMPLAIN_MODE(profile) Then type = AUDIT_APPARMOR_ALLOWED |
| 137 | Else type = AUDIT_APPARMOR_DENIED |
| 140 | If AUDIT_MODE(profile) == quiet all messages || type == AUDIT_APPARMOR_DENIED && AUDIT_MODE(profile) == quiet all messages Then Return error |
| 145 | If KILL_MODE(profile) && type == AUDIT_APPARMOR_DENIED Then type = AUDIT_APPARMOR_KILL |
| 152 | If type == AUDIT_APPARMOR_KILL Then These are for backward compatibility with the rest of the kernel source. |
| 157 | If type == AUDIT_APPARMOR_ALLOWED Then Return complain_error(error) |
| 160 | Return error |
| Name | Describe |
|---|---|
| audit_caps | audit_caps - audit a capability*@sa: audit data*@profile: profile being tested for confinement (NOT NULL)*@cap: capability tested*@error: error code returned by test* Do auditing of capability and handle, audit/complain/kill modes switching |
| profile_tracer_perm | |
| audit_iface | audit_iface - do audit message for policy unpacking/load/replace/remove*@new: profile if it has been allocated (MAYBE NULL)*@ns_name: name of the ns the profile is to be loaded to (MAY BE NULL)*@name: name of the profile being manipulated (MAYBE |
| audit_resource | audit_resource - audit setting resource limit*@profile: profile being enforced (NOT NULL)*@resource: rlimit being auditing*@value: value being set*@error: error value* Returns: 0 or sa->error else other error code on failure |
| aa_audit_file | aa_audit_file - handle the auditing of file operations*@profile: the profile being enforced (NOT NULL)*@perms: the permissions computed for the request (NOT NULL)*@op: operation being mediated*@request: permissions requested*@name: name of object being |
| audit_mount | audit_mount - handle the auditing of mount operations*@profile: the profile being enforced (NOT NULL)*@op: operation being mediated (NOT NULL)*@name: name of object being mediated (MAYBE NULL)*@src_name: src_name of object being mediated |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |