Searched refs:audit (Results 1 - 196 of 196) sorted by relevance

/linux-4.4.14/tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/
H A DUtil.py53 import audit
55 'x86_64': audit.MACH_86_64,
56 'alpha' : audit.MACH_ALPHA,
57 'ia64' : audit.MACH_IA64,
58 'ppc' : audit.MACH_PPC,
59 'ppc64' : audit.MACH_PPC64,
60 's390' : audit.MACH_S390,
61 's390x' : audit.MACH_S390X,
62 'i386' : audit.MACH_X86,
63 'i586' : audit.MACH_X86,
64 'i686' : audit.MACH_X86,
67 machine_to_id['armeb'] = audit.MACH_ARMEB
74 print "Install the audit-libs-python package to get syscall names"
78 return audit.audit_syscall_to_name(id, machine_id)
/linux-4.4.14/arch/alpha/include/asm/
H A Dsyscall.h4 #include <uapi/linux/audit.h>
H A Dthread_info.h66 #define TIF_SYSCALL_AUDIT 4 /* syscall audit active */
/linux-4.4.14/security/apparmor/
H A Dcapability.c23 #include "include/audit.h"
43 * audit_cb - call back for capability components of audit struct
44 * @ab - audit buffer (NOT NULL)
45 * @va - audit struct to audit data from (NOT NULL)
55 * audit_caps - audit a capability
60 * Do auditing of capability and handle, audit/complain/kill modes switching
80 !cap_raised(profile->caps.audit, cap))) audit_caps()
126 * @audit: whether an audit record should be generated
132 int aa_capable(struct aa_profile *profile, int cap, int audit) aa_capable() argument
136 if (!audit) { aa_capable()
H A Daudit.c15 #include <linux/audit.h>
19 #include "include/audit.h"
96 * Currently AppArmor auditing is fed straight into the audit framework.
101 * system control of whether user audit messages go to system log
106 * @ab: audit buffer to fill (NOT NULL)
107 * @ca: audit structure containing data to audit (NOT NULL)
109 * Record common AppArmor audit data from @sa
149 * aa_audit_msg - Log a message to the audit subsystem
150 * @sa: audit event structure (NOT NULL)
161 * aa_audit - Log a profile based audit event to the audit subsystem
162 * @type: audit type for the message
165 * @sa: audit event (NOT NULL)
168 * Handle default message switching based off of audit mode flags
H A Dfile.c16 #include "include/audit.h"
61 * file_audit_cb - call back for file specific audit fields
63 * @va: audit struct to audit values of (NOT NULL)
124 u32 mask = perms->audit; aa_audit_file()
208 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); compute_perms()
213 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); compute_perms()
268 * aa_path_perm - do permissions check & audit for @path
370 goto audit; aa_path_link()
376 goto audit; aa_path_link()
384 goto audit; aa_path_link()
390 /* force audit/quiet masks for link are stored in the second entry aa_path_link()
393 lperms.audit = perms.audit; aa_path_link()
399 goto audit; aa_path_link()
418 goto audit; aa_path_link()
424 goto audit; aa_path_link()
430 audit: aa_path_link()
440 * aa_file_perm - do permission revalidation check & audit for @file
H A Ddomain.c23 #include "include/audit.h"
106 perms.audit = perms.quiet = perms.kill = 0; change_profile_perms()
374 goto audit; apparmor_bprm_set_creds()
403 goto audit; apparmor_bprm_set_creds()
415 goto audit; apparmor_bprm_set_creds()
438 /* remove MAY_EXEC to audit as failure */ apparmor_bprm_set_creds()
468 goto audit; apparmor_bprm_set_creds()
479 goto audit; apparmor_bprm_set_creds()
513 audit: apparmor_bprm_set_creds()
632 goto audit; aa_change_hat()
675 goto audit; aa_change_hat()
683 goto audit; aa_change_hat()
691 goto audit; aa_change_hat()
714 audit: aa_change_hat()
788 goto audit; aa_change_profile()
806 goto audit; aa_change_profile()
815 goto audit; aa_change_profile()
821 goto audit; aa_change_profile()
829 goto audit; aa_change_profile()
833 goto audit; aa_change_profile()
840 audit: aa_change_profile()
H A Dresource.c15 #include <linux/audit.h>
17 #include "include/audit.h"
32 /* audit callback for resource specific fields */ audit_cb()
42 * audit_resource - audit setting resource limit
H A Dipc.c18 #include "include/audit.h"
24 /* call back to audit ptrace fields */ audit_cb()
H A DMakefile5 apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
H A Dpolicy_unpack.c25 #include "include/audit.h"
69 /* audit callback for unpack fields */ audit_cb()
83 * audit_iface - do audit message for policy unpacking/load/replace/remove
473 * NOTE: unpack profile sets audit struct if there is a failure
513 /* per profile debug flags (complain, audit) */ unpack_profile()
531 profile->audit = AUDIT_ALL; unpack_profile()
545 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) unpack_profile()
556 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) unpack_profile()
H A Dlsm.c24 #include <linux/audit.h>
30 #include "include/audit.h"
132 int cap, int audit) apparmor_capable()
139 error = aa_capable(profile, cap, audit); apparmor_capable()
701 module_param_call(audit, param_set_audit, param_get_audit,
704 /* Determines if audit header is included in audited messages. This
705 * provides more context if the audit daemon is not running
131 apparmor_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) apparmor_capable() argument
H A Dlib.c20 #include "include/audit.h"
H A Dpath.c198 * may contain a partial or invalid name that can be used for audit purposes,
H A Dapparmorfs.c27 #include "include/audit.h"
H A Dpolicy.c901 * Returns: the error to be returned after audit is done
1288 /* don't fail removal if audit fails */ aa_remove_profiles()
/linux-4.4.14/arch/x86/um/asm/
H A Dsyscall.h4 #include <uapi/linux/audit.h>
/linux-4.4.14/security/apparmor/include/
H A Dcapability.h26 * @audit: caps that are to be audited
33 kernel_cap_t audit; member in struct:aa_caps
41 int aa_capable(struct aa_profile *profile, int cap, int audit);
H A Daudit.h18 #include <linux/audit.h>
34 AUDIT_NOQUIET, /* do not quiet audit messages */
35 AUDIT_ALL /* audit all accesses */
H A Dfile.h80 * @audit: mask of permissions to force an audit message for
81 * @quiet: mask of permissions to quiet audit messages for
85 * The @audit and @queit mask should be mutually exclusive.
89 u32 audit; member in struct:file_perms
97 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
H A Dpolicy.h26 #include "audit.h"
171 * @audit: the auditing mode of the profile
211 enum audit_mode audit; member in struct:aa_profile
403 return profile->audit; AUDIT_MODE()
/linux-4.4.14/net/netlabel/
H A Dnetlabel_user.c34 #include <linux/audit.h>
82 * netlbl_audit_start_common - Start an audit message
83 * @type: audit message type
84 * @audit_info: NetLabel audit information
87 * Start an audit message using the type specified in @type and fill the audit
88 * message with some fields common to all NetLabel audit messages. Returns
89 * a pointer to the audit buffer on success, NULL on failure.
H A Dnetlabel_user.h36 #include <linux/audit.h>
44 * netlbl_netlink_auditinfo - Fetch the audit information from a NETLINK msg
46 * @audit_info: NetLabel audit information
H A Dnetlabel_domainhash.c36 #include <linux/audit.h>
185 * netlbl_domhsh_audit_add - Generate an audit entry for an add event
190 * @audit_info: NetLabel audit information
193 * Generate an audit record for adding a new NetLabel/LSM mapping entry with
357 * @audit_info: NetLabel audit information
478 * @audit_info: NetLabel audit information
495 * @audit_info: NetLabel audit information
562 * @audit_info: NetLabel audit information
628 * @audit_info: NetLabel audit information
654 * @audit_info: NetLabel audit information
H A Dnetlabel_kapi.c33 #include <linux/audit.h>
60 * @audit_info: NetLabel audit information
94 * @audit_info: NetLabel audit information
206 * @audit_info: NetLabel audit information
249 * @audit_info: NetLabel audit information
287 * @audit_info: NetLabel audit information
303 * @audit_info: NetLabel audit information
321 * @audit_info: NetLabel audit information
1148 * netlbl_audit_start - Start an audit message
1149 * @type: audit message type
1150 * @audit_info: NetLabel audit information
1153 * Start an audit message using the type specified in @type and fill the audit
1154 * message with some fields common to all NetLabel audit messages. This
1156 * pointer to the audit buffer on success, NULL on failure.
H A Dnetlabel_addrlist.c41 #include <linux/audit.h>
314 * @audit_buf: audit buffer
347 * @audit_buf: audit buffer
H A Dnetlabel_addrlist.h38 #include <linux/audit.h>
H A Dnetlabel_cipso_v4.c34 #include <linux/audit.h>
133 * @audit_info: NetLabel audit information
334 * @audit_info: NetLabel audit information
373 * @audit_info: NetLabel audit information
H A Dnetlabel_unlabeled.c37 #include <linux/audit.h>
376 * @audit_info: NetLabel audit information
478 * @audit_info: NetLabel audit information
540 * @audit_info: NetLabel audit information
640 * @audit_info: NetLabel audit information
748 * @audit_info: NetLabel audit information
1531 * it is called is at bootup before the audit subsystem is reporting netlbl_unlabel_defconf()
H A Dnetlabel_mgmt.c84 * @audit_info: NetLabel audit information
/linux-4.4.14/security/integrity/
H A Dintegrity_audit.c15 #include <linux/audit.h>
23 unsigned long audit; integrity_audit_setup() local
25 if (!kstrtoul(str, 0, &audit)) integrity_audit_setup()
26 integrity_audit_info = audit ? 1 : 0; integrity_audit_setup()
/linux-4.4.14/arch/s390/kernel/
H A Dcompat_audit.c3 #include "audit.h"
H A Daudit.c3 #include <linux/audit.h>
5 #include "audit.h"
H A DMakefile55 obj-$(CONFIG_AUDIT) += audit.o
H A Dptrace.c17 #include <linux/audit.h>
/linux-4.4.14/security/selinux/include/
H A Daudit.h22 * selinux_audit_rule_init - alloc/init an selinux audit rule structure.
35 * selinux_audit_rule_free - free an selinux audit rule structure.
36 * @rule: pointer to the audit rule to be freed
48 * @rule: pointer to the audit rule to check against
49 * @actx: the audit context (can be NULL) associated with the check
H A Davc.h15 #include <linux/audit.h>
50 * We only need this data after we have decided to send an audit message.
90 * We will NOT audit the denial even though the denied avc_audit_required()
117 * @a: auxiliary audit data
/linux-4.4.14/security/tomoyo/
H A DMakefile1 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
H A Daudit.c2 * security/tomoyo/audit.c
138 * tomoyo_print_header - Get header line of audit log.
229 * tomoyo_init_log - Allocate buffer for audit logs.
292 /* Wait queue for /sys/kernel/security/tomoyo/audit. */
295 /* Structure for audit log. */
312 * tomoyo_get_audit - Get audit mode.
349 * tomoyo_write_log2 - Write an audit log.
404 * tomoyo_write_log - Write an audit log.
424 * tomoyo_read_log - Read an audit log.
453 * tomoyo_poll_log - Wait for an audit log.
458 * Returns POLLIN | POLLRDNORM when ready to read an audit log.
H A Dmemory.c30 /* Memoy currently used by policy/audit log/query. */
32 /* Memory quota for "policy"/"audit log"/"query". */
H A Dsecurityfs_if.c254 tomoyo_create_entry("audit", 0400, tomoyo_dir, tomoyo_initerface_init()
H A Dcommon.c230 /* Add '\0' for audit logs and query. */ tomoyo_flush()
2006 /* Write /sys/kernel/security/tomoyo/audit. */ tomoyo_supervisor()
2252 [TOMOYO_MEMORY_AUDIT] = "audit log:",
2365 /* /sys/kernel/security/tomoyo/audit */ tomoyo_open_control()
H A Dcommon.h185 /* Index numbers for audit type. */
562 /* Subset of "struct stat". Used by conditional ACL and audit logs. */
/linux-4.4.14/drivers/tty/
H A Dtty_audit.c2 * Creating audit events from TTY input.
12 #include <linux/audit.h>
91 * Generate an audit message from the contents of @buf, which is owned by
129 * tty_audit_fork - Copy TTY audit state for a new task
131 * Set up TTY audit state in @sig from current. @sig needs no locking.
176 * tty_audit_push_current - Flush current's pending audit data
178 * Try to lock sighand and get a reference to the tty audit buffer if available.
213 * tty_audit_buf_get - Get an audit buffer.
215 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL
323 * Make sure no audit data is pending for @tty on the current process.
H A Dn_tty.c48 #include <linux/audit.h>
/linux-4.4.14/arch/sparc/kernel/
H A DMakefile112 obj-$(CONFIG_AUDIT) += audit.o
113 audit--$(CONFIG_AUDIT) := compat_audit.o
114 obj-$(CONFIG_COMPAT) += $(audit--y)
H A Daudit.c3 #include <linux/audit.h>
H A Dptrace_64.c23 #include <linux/audit.h>
/linux-4.4.14/arch/alpha/kernel/
H A Daudit.c3 #include <linux/audit.h>
H A DMakefile20 obj-$(CONFIG_AUDIT) += audit.o
H A Dptrace.c17 #include <linux/audit.h>
/linux-4.4.14/include/uapi/linux/
H A Daudit.h0 /* audit.h -- Auditing support
30 /* The netlink messages for the audit system is divided into blocks:
31 * 1000 - 1099 are for commanding the audit system
33 * 1200 - 1299 messages internal to the audit daemon
34 * 1300 - 1399 audit event messages
41 * 2000 is for otherwise unclassified kernel audit messages (legacy)
71 #define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */
101 #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */
112 #define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */
145 #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */
162 #define AUDIT_ALWAYS 2 /* Generate audit record if rule matches */
185 * are currently used in an audit field constant understood by the kernel.
377 /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */
398 /* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as:
422 __u32 version; /* deprecated: audit api version num */
423 __u32 feature_bitmap; /* bitmap of kernel audit features */
H A Dseccomp.h42 * as defined in <linux/audit.h>.
H A Dcapability.h311 /* Allow writing the audit log via unicast netlink socket */
315 /* Allow configuration of audit via unicast netlink socket */
350 /* Allow reading the audit log via multicast netlink socket */
/linux-4.4.14/arch/parisc/include/asm/
H A Dsyscall.h6 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/parisc/kernel/
H A DMakefile32 obj-$(CONFIG_AUDIT) += audit.o
H A Daudit.c3 #include <linux/audit.h>
H A Dptrace.c23 #include <linux/audit.h>
/linux-4.4.14/arch/ia64/kernel/
H A Daudit.c3 #include <linux/audit.h>
H A DMakefile32 obj-$(CONFIG_AUDIT) += audit.o
H A Divt.S811 and r9=_TIF_SYSCALL_TRACEAUDIT,r9 // A mask trace or audit
H A Dptrace.c19 #include <linux/audit.h>
/linux-4.4.14/arch/arm/include/asm/
H A Dsyscall.h10 #include <uapi/linux/audit.h> /* for AUDIT_ARCH_* */
108 /* ARM tasks don't change audit architectures on the fly. */ syscall_get_arch()
/linux-4.4.14/include/linux/
H A Dlsm_audit.h19 #include <linux/audit.h>
48 /* Auxiliary data to use in generating the audit record. */
H A Daudit.h0 /* audit.h -- Auditing support
28 #include <uapi/linux/audit.h>
104 #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */
105 #define AUDIT_TYPE_PARENT 2 /* a parent audit record */
136 #define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */
226 /* Private API (for audit.c only) */
450 /* These are defined in audit.c */
494 /* Private API (for audit.c only) */
H A Dcapability.h248 /* audit system wants to get cap info from files as well */
H A Dfsnotify.h15 #include <linux/audit.h>
H A Dlsm_hooks.h1183 * @audit: Whether to write an audit message or not
1234 * Allocate and initialize an LSM audit rule structure.
1236 * Fields flags are defined in include/linux/audit.h
1246 * @rule contains the audit rule of interest.
1255 * @rule points to the audit rule that will be checked against.
1256 * @actx points to the audit context associated with the check.
1260 * Deallocate the LSM audit rule structure previously allocated by
1323 int cap, int audit);
H A Dsecurity.h57 /* If capable should audit the security request */
71 int cap, int audit);
H A Dsched.h1180 struct audit_context; /* See audit.c */ prefetch_stack()
/linux-4.4.14/kernel/
H A Daudit.c0 /* audit.c -- Auditing support
2 * Gateway between the kernel (e.g., selinux) and the user-space audit daemon.
27 * b) Small when syscall auditing is enabled and no audit record
33 * 3) Ability to disable syscall auditing at boot time (audit=0).
41 * Example user-space utilities: http://people.redhat.com/sgrubb/audit/
58 #include <linux/audit.h>
71 #include "audit.h"
95 * If audit records are to be written to the netlink socket, audit_pid
102 /* If audit_rate_limit is non-zero, limit the rate of sending audit records
104 * audit records being dropped. */
115 /* The identity of the user shutting down the audit system. */
136 /* The audit_freelist is a list of pre-allocated audit buffers (if more
137 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of
165 * audit records. Since printk uses a 1024 byte buffer, this buffer
173 /* The audit_buffer is used when formatting an audit record. The caller
211 panic("audit: %s\n", message); audit_panic()
246 * audit_log_lost - conditionally log lost audit message event
247 * @message: the message stating reason for lost audit message
373 * notification and stuff. This is just nice to get audit messages during
375 * This only holds messages is audit_default is set, aka booting with audit=1
390 * audit daemon, just send it to printk.
603 * audit_send_reply - send an audit reply message via netlink
606 * @type: audit message type
645 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit
655 * that audit was not configured into the kernel. Lots of users audit_netlink_ok()
657 * to reject login if unable to send messages to audit. If we return audit_netlink_ok()
658 * ECONNREFUSED the PAM stack thinks the kernel does not have audit audit_netlink_ok()
1167 /* Initialize audit support at boot time. */ audit_init()
1194 /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ audit_enable()
1206 __setup("audit=", audit_enable);
1292 * audit_serial - compute a serial number for the audit record
1294 * Compute a serial number for the audit record. Audit records are
1296 * audit record may be written in several pieces. The timestamp of the
1298 * determine which pieces belong to the same audit record. The
1303 * audit context (for those records that have a context), and emit them
1344 * audit_log_start - obtain an audit buffer
1347 * @type: audit message type
1351 * Obtain an audit buffer. This routine does locking to obtain the
1352 * audit buffer, but then no locking is required for calls to
1354 * syscall, then the syscall is marked as auditable and an audit record
1414 audit_log_format(ab, "audit(%lu.%03lu:%u): ", audit_log_start()
1420 * audit_expand - expand skb in the audit buffer
1444 * Format an audit message into the audit buffer. If there isn't enough
1445 * room in the audit buffer, more room will be allocated and vsnprint
1488 * audit_log_format - format a message into the audit buffer.
1507 * audit_log_hex - convert a buffer to hex and append it to the audit skb
1547 * Format a string of no more than slen characters into the audit buffer,
1952 * audit_log_end - end one audit record
1956 * (last arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed
1995 * audit_log - Log an audit record
1996 * @ctx: audit context
1998 * @type: audit message type
2028 * secid to secctx and then adds the (converted) SELinux context to the audit
H A Daudit_fsnotify.c19 #include <linux/audit.h>
29 #include "audit.h"
166 /* Update mark data in audit rules based on fsnotify events. */ audit_mark_handle_event()
212 audit_panic("cannot create audit fsnotify group"); audit_fsnotify_init()
H A Daudit.h0 /* audit -- definition of audit_context structure and supporting types
23 #include <linux/audit.h>
37 * No syscall-specific audit records can
47 * time, and always write out the audit
96 * names allocated in the task audit context. Thus this name
107 /* The per-task audit context. */
227 /* Indicates that audit should log the full pathname. */
265 /* audit watch functions */
H A Dauditsc.c58 #include <linux/audit.h>
78 #include "audit.h"
85 /* no execve audit message should be longer than this (userspace limits) */
88 /* max length to print of cmdline/proctitle value during audit */
91 /* number of audit rules */
745 * also not high enough that we already know we have to write an audit
821 /* Transfer the audit context pointer to the caller, clearing it in the tsk's struct */ audit_take_context()
833 * we need to fix up the return code in the audit logs if the actual audit_take_context()
912 * audit_alloc - allocate an audit context block for a task
915 * Filter on the task information and allocate a per-task audit context
998 * space in every audit message. In one 7500 byte message we can log up to
1452 * audit_free - free a per-task audit context
1453 * @tsk: task whose audit context block to free
1479 * audit_syscall_entry - fill in an audit record at syscall entry
1486 * Fill in audit context at syscall entry. This only happens if the
1487 * audit context was created when the task was created and the state or
1488 * filters demand the audit context be built. If the state from the
1533 * audit_syscall_exit - deallocate audit context after a system call
1537 * Tear down after system call. If the audit context has been marked as
1539 * filtering, or because some other part of the kernel wrote an audit
1603 pr_warn("out of memory, audit has lost a tree reference\n"); handle_one()
1662 pr_warn("out of memory, audit has lost a tree reference\n"); handle_path()
1698 * Search the audit_names list for the current audit context. If there is an
1723 * Add a name to the list of audit names for this context.
1845 * This call updates the audit context with the child's information.
2035 * __audit_mq_open - record audit data for a POSIX MQ open
2057 * __audit_mq_sendrecv - record audit data for a POSIX MQ timed send/receive
2083 * __audit_mq_notify - record audit data for a POSIX MQ notify
2103 * __audit_mq_getsetattr - record audit data for a POSIX MQ get/set attribute
2117 * audit_ipc_obj - record audit data for ipc object
2133 * audit_ipc_set_perm - record audit data for new ipc permissions
2162 * audit_socketcall - record audit data for sys_socketcall
2180 * __audit_fd_pair - record audit data for pipe and socketpair
2193 * audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto
2228 * audit_signal_info - record signal info for shutting down audit subsystem
2232 * If the audit subsystem is being terminated, record the task (pid)
2339 * audit system if applicable
H A Dauditfilter.c1 /* auditfilter.c -- filtering of audit events
25 #include <linux/audit.h>
36 #include "audit.h"
42 * Synchronizes writes and blocking reads of audit's filterlist
51 /* Audit filter lists, defined in <linux/audit.h> */
114 /* Initialize an audit filterlist entry. */ audit_init_entry()
332 /* check if an audit field is valid */ audit_field_valid()
502 pr_warn("audit rule for LSM \'%s\' is invalid\n", audit_data_to_entry()
768 pr_warn("audit rule for LSM \'%s\' is invalid\n", audit_dupe_lsm_field()
776 /* Duplicate an audit rule. This will be a deep copy with the exception
860 /* Find an existing audit rule.
1086 * @type: audit message type
1087 * @portid: target port id for netlink audit messages
1088 * @seq: netlink audit message sequence (serial) number
1126 * audit_list_rules_send - list the audit rules
1128 * @seq: netlink audit message sequence (serial) number
H A Daudit_watch.c23 #include <linux/audit.h>
33 #include "audit.h"
211 /* Duplicate the given audit watch. The new watch's rules list is initialized
256 /* Update inode info in audit rules based on filesystem event. */ audit_update_watch()
469 /* Update watch data in audit rules based on fsnotify events. */ audit_watch_handle_event()
516 audit_panic("cannot create audit fsnotify group"); audit_watch_init()
H A DMakefile67 obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
H A Dcapability.c12 #include <linux/audit.h>
331 * Do not write an audit message for the check.
355 * audit message for the check.
H A Daudit_tree.c1 #include "audit.h"
103 /* to avoid bringing the entire thing in audit.h */ audit_tree_path()
H A Dsys.c319 * a security audit over a program.
456 * a security audit over a program.
H A Dptrace.c21 #include <linux/audit.h>
H A Dseccomp.c17 #include <linux/audit.h>
H A Dexit.c43 #include <linux/audit.h> /* for audit_free() */
H A Dfork.c50 #include <linux/audit.h>
H A Dsignal.c46 #include "audit.h" /* audit_signal_info() */
725 error = audit_signal_info(sig, t); /* Let audit system see the signal */ check_kill_permission()
/linux-4.4.14/security/
H A Dlsm_audit.c23 #include <linux/audit.h>
37 * @ad : the audit data to fill
106 * @ad : the audit data to fill
207 * dump_common_audit_data - helper to dump common audit data
208 * @a : common audit data
405 * @a: auxiliary audit data
406 * @pre_audit: lsm-specific pre-audit callback
407 * @post_audit: lsm-specific post-audit callback
409 * setup the audit buffer for common security information
H A Dcommoncap.c11 #include <linux/audit.h>
61 * @audit: Whether to write an audit message or not
72 int cap, int audit) cap_capable()
589 * We do not bother to audit if 3 things are true: cap_bprm_set_creds()
596 * that is interesting information to audit. cap_bprm_set_creds()
71 cap_capable(const struct cred *cred, struct user_namespace *targ_ns, int cap, int audit) cap_capable() argument
/linux-4.4.14/arch/x86/kernel/
H A Daudit_64.c3 #include <linux/audit.h>
H A Dptrace.c18 #include <linux/audit.h>
H A Dsmpboot.c1037 * RED-PEN audit/test this more. I bet there is more state messed up here.
H A Dvm86_32.c45 #include <linux/audit.h>
/linux-4.4.14/lib/
H A Daudit.c3 #include <linux/audit.h>
H A DMakefile114 obj-$(CONFIG_AUDIT_GENERIC) += audit.o
/linux-4.4.14/arch/powerpc/kernel/
H A Daudit.c3 #include <linux/audit.h>
H A DMakefile113 obj-$(CONFIG_AUDIT) += audit.o
H A Dptrace.c31 #include <linux/audit.h>
1790 * state to what ptrace and audit expect. do_seccomp()
1808 * ptrace, syscall tracepoints and audit. do_seccomp()
H A Dmachine_kexec_64.c318 * current, but that audit has not been performed.
/linux-4.4.14/net/netfilter/
H A Dxt_AUDIT.c2 * Creates audit record for dropped/accepted packets
14 #include <linux/audit.h>
28 MODULE_DESCRIPTION("Xtables: creates audit records for dropped/accepted packets");
H A Dx_tables.c28 #include <linux/audit.h>
/linux-4.4.14/samples/seccomp/
H A Ddropper.c18 #include <linux/audit.h>
/linux-4.4.14/arch/sh/include/asm/
H A Dsyscall_64.h4 #include <uapi/linux/audit.h>
H A Dsyscall_32.h4 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/microblaze/include/asm/
H A Dsyscall.h4 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/openrisc/include/asm/
H A Dsyscall.h22 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/ia64/include/asm/
H A Dsyscall.h16 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/s390/include/asm/
H A Dsyscall.h15 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/arm64/include/asm/
H A Dsyscall.h19 #include <uapi/linux/audit.h>
/linux-4.4.14/security/smack/
H A Dsmack_access.c117 * @a : a pointer to the audit data
221 * @a : common audit data
273 * @a : common audit data
316 * will be called by generic audit code
344 * @a: auxiliary audit data
371 /* end preparing the audit data */ smack_log()
H A Dsmack.h279 * Smack audit data; is empty if CONFIG_AUDIT not set
406 * some inline functions to set up audit data
H A Dsmack_lsm.c37 #include <linux/audit.h>
414 * @func: name of the function that called us, used for audit
1217 /* May be droppable after audit */ smack_inode_permission()
2058 * @caller: name of the calling function for audit
4383 * works as a glue between the audit hooks.
4386 * the smack_known label address related to the given audit rule as
4393 * smack_audit_rule_init - Initialize a smack audit rule
4394 * @field: audit rule fields given from user-space (audit.h)
4397 * @vrule: pointer to save our own audit rule representation
4399 * Prepare to audit cases where (@field @op @rulestr) is true.
4424 * smack_audit_rule_known - Distinguish Smack audit rules
4449 * @field: audit rule flags given from user-space
4452 * @actx: audit context associated with the check
4455 * whether to audit or not to audit a given object.
4533 * Exists for audit and networking code.
H A Dsmackfs.c28 #include <linux/audit.h>
/linux-4.4.14/arch/tile/include/asm/
H A Dsyscall.h23 #include <linux/audit.h>
/linux-4.4.14/arch/um/kernel/
H A Dptrace.c6 #include <linux/audit.h>
/linux-4.4.14/security/selinux/
H A Davc.c30 #include <linux/audit.h>
707 * will be called by generic audit code
708 * @ab: the audit buffer
723 * will be called by generic audit code
724 * @ab: the audit buffer
740 /* This is the slow part of avc audit with big stack footprint */ slow_avc_audit()
755 * When in a RCU walk do the audit on the RCU retry. This is because slow_avc_audit()
756 * the collection of the dname in an inode audit message is not RCU slow_avc_audit()
1132 * @auditdata: auxiliary audit data
H A Dnlmsgtab.c19 #include <linux/audit.h>
H A Dhooks.c76 #include <linux/audit.h>
94 #include "audit.h"
1564 int cap, int audit) cred_has_capability()
1591 if (audit == SECURITY_CAP_AUDIT) { cred_has_capability()
1610 The 'adp' parameter is optional and allows other audit
1631 /* Same as inode_has_perm, but pass explicit audit data containing
1646 /* Same as inode_has_perm, but pass explicit audit data containing
2080 int cap, int audit) selinux_capable()
2082 return cred_has_capability(cred, cap, audit); selinux_capable()
2152 * Do not audit the selinux permission check, as this is applied to all
3015 * context contains a nul and we should audit that */ selinux_inode_setxattr()
5655 * context contains a nul and we should audit that */ selinux_setprocattr()
1563 cred_has_capability(const struct cred *cred, int cap, int audit) cred_has_capability() argument
2079 selinux_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) selinux_capable() argument
H A Dnetlabel.c361 * @ad: the audit data
H A Dselinuxfs.c29 #include <linux/audit.h>
/linux-4.4.14/kernel/locking/
H A Dmcs_spinlock.h84 * audit lock status, then set node->locked value here. mcs_spin_lock()
/linux-4.4.14/arch/powerpc/include/asm/
H A Dsyscall.h16 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/mips/include/asm/
H A Dsyscall.h17 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/sparc/include/asm/
H A Dsyscall.h4 #include <uapi/linux/audit.h>
/linux-4.4.14/security/integrity/ima/
H A Dima.h25 #include <linux/audit.h>
233 /* LSM based policy rules require audit */
H A Dima_policy.c61 void *args_p; /* audit value */
62 int type; /* audit type */
448 {Opt_audit, "audit"},
555 ima_log_string(ab, "action", "audit"); ima_parse_rule()
H A Dima_main.c174 * bitmask based on the appraise/audit/measurement policy. process_measurement()
/linux-4.4.14/arch/x86/entry/
H A Dcommon.c17 #include <linux/audit.h>
152 * then audit in phase 1. Phase 2 always audits, so, if syscall_trace_enter_phase1()
153 * we audit here, then we can't go on to phase 2. syscall_trace_enter_phase1()
H A Dentry_64.S40 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
/linux-4.4.14/arch/x86/include/asm/
H A Dsyscall.h16 #include <uapi/linux/audit.h>
/linux-4.4.14/arch/microblaze/kernel/
H A Dptrace.c33 #include <linux/audit.h>
/linux-4.4.14/arch/openrisc/kernel/
H A Dptrace.c27 #include <linux/audit.h>
/linux-4.4.14/arch/h8300/kernel/
H A Dptrace.c14 #include <linux/audit.h>
/linux-4.4.14/arch/x86/kvm/
H A Dmmu_audit.c32 printk(KERN_ERR "audit: (%s) error: " \
/linux-4.4.14/ipc/
H A Dutil.c13 * Mar 2006 - support for audit of ipc object properties
57 #include <linux/audit.h>
678 * This function does some common audit and permissions check for some IPC_XXX
682 * - performs some audit and permission check, depending on the given cmd
H A Dmsg.c17 * support for audit of ipc object properties and permission changes
35 #include <linux/audit.h>
H A Dshm.c16 * support for audit of ipc object properties and permission changes
37 #include <linux/audit.h>
H A Dsem.c17 * support for audit of ipc object properties and permission changes
82 #include <linux/audit.h>
H A Dmqueue.c30 #include <linux/audit.h>
/linux-4.4.14/net/ipv4/
H A Dxfrm4_policy.c92 * it was magically lost, so this code needs audit */ xfrm4_fill_dst()
H A Dcipso_ipv4.c45 #include <linux/audit.h>
456 * @audit_info: NetLabel audit information
585 * @audit_secid: the LSM secid to use in the audit message
H A Dtcp_input.c59 * Panu Kuhlberg: Experimental audit of TCP (re)transmission
/linux-4.4.14/security/selinux/ss/
H A Dservices.c10 * Support for context based audit filters.
27 * Added support for bounds domain and audit messaged on masked permissions
50 #include <linux/audit.h>
71 #include "audit.h"
248 * should audit that denial map_decision()
505 /* audit a message */ security_dump_masked_av()
613 /* audit masked permissions */ type_attribute_bounds_av()
747 * permission and notice it to userspace via audit.
H A Dconditional.c652 * permission we do NOT want to audit (dontaudit), we use cond_compute_av()
H A Dpolicydb.c33 #include <linux/audit.h>
/linux-4.4.14/include/net/iucv/
H A Diucv.h106 * audit: 32 bit error information of purged or replied messages
116 u32 audit; member in struct:iucv_message
/linux-4.4.14/fs/f2fs/
H A Dcrypto.c21 * This has not yet undergone a rigorous security audit.
H A Dcrypto_fname.c16 * This has not yet undergone a rigorous security audit.
/linux-4.4.14/fs/ext4/
H A Dcrypto.c15 * This has not yet undergone a rigorous security audit.
H A Dcrypto_fname.c10 * This has not yet undergone a rigorous security audit.
/linux-4.4.14/arch/sh/kernel/
H A Dptrace_32.c23 #include <linux/audit.h>
H A Dptrace_64.c29 #include <linux/audit.h>
/linux-4.4.14/net/ipv6/
H A Dxfrm6_policy.c105 * it was magically lost, so this code needs audit */ xfrm6_fill_dst()
/linux-4.4.14/tools/perf/
H A Dbuiltin-trace.c1405 } audit; member in struct:trace
1687 const char *name = audit_syscall_to_name(id, trace->audit.machine); trace__read_syscall_info()
1758 int id = audit_name_to_syscall(sc, trace->audit.machine); trace__validate_ev_qualifier()
2040 if (id == trace->audit.open_id && ret >= 0 && ttrace->filename.pending_open) { trace__sys_exit()
3026 .audit = { cmd_trace()
3028 .open_id = audit_name_to_syscall("open", trace.audit.machine), cmd_trace()
H A Dperf.c567 "trace command not available: missing audit-libs devel package at build time.\n"); main()
/linux-4.4.14/drivers/scsi/
H A Dqlogicfas408.c27 SCSI driver cleanup and audit. This driver still needs work on the
H A Dconstants.c576 {0x2404, "Security audit value frozen"},
H A Dscsi_error.c1153 * XXX: Long term this code should go away, but that needs an audit of
/linux-4.4.14/security/integrity/evm/
H A Devm_main.c21 #include <linux/audit.h>
/linux-4.4.14/include/scsi/
H A Dosd_protocol.h561 /*10*/ u8 audit[20]; member in struct:osd_capability_head
/linux-4.4.14/drivers/scsi/libsas/
H A Dsas_ata.c190 /* TODO: audit callers to ensure they are ready for qc_issue to sas_ata_qc_issue()
/linux-4.4.14/fs/
H A Dcoredump.c27 #include <linux/audit.h>
H A Dopen.c28 #include <linux/audit.h>
H A Dpipe.c21 #include <linux/audit.h>
H A Dxattr.c21 #include <linux/audit.h>
H A Dexec.c51 #include <linux/audit.h>
H A Dnamei.c30 #include <linux/audit.h>
3101 * create/update audit record if it already exists. do_last()
/linux-4.4.14/include/net/
H A Dnetlabel.h109 /* NetLabel audit information */
H A Dxfrm.h14 #include <linux/audit.h>
/linux-4.4.14/arch/mips/kernel/
H A Dptrace.c30 #include <linux/audit.h>
/linux-4.4.14/arch/arm/kernel/
H A Dptrace.c26 #include <linux/audit.h>
/linux-4.4.14/tools/perf/config/
H A DMakefile391 msg := $(warning No libaudit.h found, disables 'trace' tool, please install audit-libs-devel or libaudit-dev);
/linux-4.4.14/net/xfrm/
H A Dxfrm_state.c22 #include <linux/audit.h>
2222 * of audit message */ xfrm_audit_state_replay_overflow()
H A Dxfrm_policy.c27 #include <linux/audit.h>
/linux-4.4.14/net/iucv/
H A Diucv.c1101 msg->audit = (*(u32 *) &parm->purge.ipaudit) >> 8; iucv_message_purge()
1680 msg.audit = imc->ipaudit; iucv_message_complete()
/linux-4.4.14/drivers/scsi/bfa/
H A Dbfa_defs.h521 /* BFA audit events */
H A Dbfa_defs_svc.h1446 struct bfa_audit_aen_data_s audit; member in union:bfa_aen_data_u
H A Dbfa_ioc.c4212 aen_entry->aen_data.audit.pwwn = ioc->attr->pwwn; bfa_flash_aen_audit_post()
4213 aen_entry->aen_data.audit.partition_inst = inst; bfa_flash_aen_audit_post()
4214 aen_entry->aen_data.audit.partition_type = type; bfa_flash_aen_audit_post()
/linux-4.4.14/arch/x86/tools/
H A Drelocs.c598 * User need to audit the code to make sure print_absolute_relocs()
/linux-4.4.14/fs/ntfs/
H A Dlayout.h1385 * The ACE flags (8-bit) for audit and inheritance (see below).
1387 * SUCCESSFUL_ACCESS_ACE_FLAG is only used with system audit and alarm ACE
1391 * FAILED_ACCESS_ACE_FLAG is only used with system audit and alarm ACE types
1403 /* The audit flags. */
/linux-4.4.14/arch/arm64/kernel/
H A Dptrace.c22 #include <linux/audit.h>
/linux-4.4.14/drivers/usb/musb/
H A Dcppi_dma.c36 * evidently also directly update the RX and TX CSRs ... so audit all
/linux-4.4.14/drivers/tty/hvc/
H A Dhvc_iucv.c945 * msg->audit: rejected messages (0x040000 (IPADRJCT)), and
/linux-4.4.14/drivers/scsi/osd/
H A Dosd_initiator.c447 * TODO: Keep error code in or->async_error. Need to audit all _put_request()
/linux-4.4.14/drivers/block/drbd/
H A Ddrbd_req.c572 * enforces that it is all in this one place, where it is easier to audit,
/linux-4.4.14/arch/x86/kernel/cpu/mcheck/
H A Dmce.c469 * wrong CPU (can happen when audit sleeps) mce_report_event()
/linux-4.4.14/mm/
H A Dnommu.c35 #include <linux/audit.h>
H A Dmmap.c36 #include <linux/audit.h>
/linux-4.4.14/net/bridge/netfilter/
H A Debtables.c29 #include <linux/audit.h>
/linux-4.4.14/net/decnet/
H A Daf_decnet.c2393 * Requires an audit of the code to check for memory leaks and
/linux-4.4.14/scripts/mod/
H A Dmodpost.c1150 * cpumask_empty.constprop.3 that appears in the audit. If the const that
/linux-4.4.14/net/
H A Dsocket.c86 #include <linux/audit.h>
/linux-4.4.14/fs/proc/
H A Dbase.c79 #include <linux/audit.h>
/linux-4.4.14/net/netlink/
H A Daf_netlink.c57 #include <linux/audit.h>
/linux-4.4.14/drivers/block/
H A Dfloppy.c144 * Better audit of register_blkdev.
/linux-4.4.14/sound/pci/hda/
H A Dhda_codec.c3893 * @val: pin ctl value to audit
/linux-4.4.14/drivers/scsi/qla2xxx/
H A Dqla_init.c4445 "Invalid audit type specified.\n"); qla83xx_idc_audit()
/linux-4.4.14/net/core/
H A Ddev.c114 #include <linux/audit.h>

Completed in 8194 milliseconds