/linux-4.4.14/tools/perf/scripts/python/Perf-Trace-Util/lib/Perf/Trace/ |
H A D | Util.py | 53 import audit 55 'x86_64': audit.MACH_86_64, 56 'alpha' : audit.MACH_ALPHA, 57 'ia64' : audit.MACH_IA64, 58 'ppc' : audit.MACH_PPC, 59 'ppc64' : audit.MACH_PPC64, 60 's390' : audit.MACH_S390, 61 's390x' : audit.MACH_S390X, 62 'i386' : audit.MACH_X86, 63 'i586' : audit.MACH_X86, 64 'i686' : audit.MACH_X86, 67 machine_to_id['armeb'] = audit.MACH_ARMEB 74 print "Install the audit-libs-python package to get syscall names" 78 return audit.audit_syscall_to_name(id, machine_id)
|
/linux-4.4.14/arch/alpha/include/asm/ |
H A D | syscall.h | 4 #include <uapi/linux/audit.h>
|
H A D | thread_info.h | 66 #define TIF_SYSCALL_AUDIT 4 /* syscall audit active */
|
/linux-4.4.14/security/apparmor/ |
H A D | capability.c | 23 #include "include/audit.h" 43 * audit_cb - call back for capability components of audit struct 44 * @ab - audit buffer (NOT NULL) 45 * @va - audit struct to audit data from (NOT NULL) 55 * audit_caps - audit a capability 60 * Do auditing of capability and handle, audit/complain/kill modes switching 80 !cap_raised(profile->caps.audit, cap))) audit_caps() 126 * @audit: whether an audit record should be generated 132 int aa_capable(struct aa_profile *profile, int cap, int audit) aa_capable() argument 136 if (!audit) { aa_capable()
|
H A D | audit.c | 15 #include <linux/audit.h> 19 #include "include/audit.h" 96 * Currently AppArmor auditing is fed straight into the audit framework. 101 * system control of whether user audit messages go to system log 106 * @ab: audit buffer to fill (NOT NULL) 107 * @ca: audit structure containing data to audit (NOT NULL) 109 * Record common AppArmor audit data from @sa 149 * aa_audit_msg - Log a message to the audit subsystem 150 * @sa: audit event structure (NOT NULL) 161 * aa_audit - Log a profile based audit event to the audit subsystem 162 * @type: audit type for the message 165 * @sa: audit event (NOT NULL) 168 * Handle default message switching based off of audit mode flags
|
H A D | file.c | 16 #include "include/audit.h" 61 * file_audit_cb - call back for file specific audit fields 63 * @va: audit struct to audit values of (NOT NULL) 124 u32 mask = perms->audit; aa_audit_file() 208 perms.audit = map_old_perms(dfa_user_audit(dfa, state)); compute_perms() 213 perms.audit = map_old_perms(dfa_other_audit(dfa, state)); compute_perms() 268 * aa_path_perm - do permissions check & audit for @path 370 goto audit; aa_path_link() 376 goto audit; aa_path_link() 384 goto audit; aa_path_link() 390 /* force audit/quiet masks for link are stored in the second entry aa_path_link() 393 lperms.audit = perms.audit; aa_path_link() 399 goto audit; aa_path_link() 418 goto audit; aa_path_link() 424 goto audit; aa_path_link() 430 audit: aa_path_link() 440 * aa_file_perm - do permission revalidation check & audit for @file
|
H A D | domain.c | 23 #include "include/audit.h" 106 perms.audit = perms.quiet = perms.kill = 0; change_profile_perms() 374 goto audit; apparmor_bprm_set_creds() 403 goto audit; apparmor_bprm_set_creds() 415 goto audit; apparmor_bprm_set_creds() 438 /* remove MAY_EXEC to audit as failure */ apparmor_bprm_set_creds() 468 goto audit; apparmor_bprm_set_creds() 479 goto audit; apparmor_bprm_set_creds() 513 audit: apparmor_bprm_set_creds() 632 goto audit; aa_change_hat() 675 goto audit; aa_change_hat() 683 goto audit; aa_change_hat() 691 goto audit; aa_change_hat() 714 audit: aa_change_hat() 788 goto audit; aa_change_profile() 806 goto audit; aa_change_profile() 815 goto audit; aa_change_profile() 821 goto audit; aa_change_profile() 829 goto audit; aa_change_profile() 833 goto audit; aa_change_profile() 840 audit: aa_change_profile()
|
H A D | resource.c | 15 #include <linux/audit.h> 17 #include "include/audit.h" 32 /* audit callback for resource specific fields */ audit_cb() 42 * audit_resource - audit setting resource limit
|
H A D | ipc.c | 18 #include "include/audit.h" 24 /* call back to audit ptrace fields */ audit_cb()
|
H A D | Makefile | 5 apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
|
H A D | policy_unpack.c | 25 #include "include/audit.h" 69 /* audit callback for unpack fields */ audit_cb() 83 * audit_iface - do audit message for policy unpacking/load/replace/remove 473 * NOTE: unpack profile sets audit struct if there is a failure 513 /* per profile debug flags (complain, audit) */ unpack_profile() 531 profile->audit = AUDIT_ALL; unpack_profile() 545 if (!unpack_u32(e, &(profile->caps.audit.cap[0]), NULL)) unpack_profile() 556 if (!unpack_u32(e, &(profile->caps.audit.cap[1]), NULL)) unpack_profile()
|
H A D | lsm.c | 24 #include <linux/audit.h> 30 #include "include/audit.h" 132 int cap, int audit) apparmor_capable() 139 error = aa_capable(profile, cap, audit); apparmor_capable() 701 module_param_call(audit, param_set_audit, param_get_audit, 704 /* Determines if audit header is included in audited messages. This 705 * provides more context if the audit daemon is not running 131 apparmor_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) apparmor_capable() argument
|
H A D | lib.c | 20 #include "include/audit.h"
|
H A D | path.c | 198 * may contain a partial or invalid name that can be used for audit purposes,
|
H A D | apparmorfs.c | 27 #include "include/audit.h"
|
H A D | policy.c | 901 * Returns: the error to be returned after audit is done 1288 /* don't fail removal if audit fails */ aa_remove_profiles()
|
/linux-4.4.14/arch/x86/um/asm/ |
H A D | syscall.h | 4 #include <uapi/linux/audit.h>
|
/linux-4.4.14/security/apparmor/include/ |
H A D | capability.h | 26 * @audit: caps that are to be audited 33 kernel_cap_t audit; member in struct:aa_caps 41 int aa_capable(struct aa_profile *profile, int cap, int audit);
|
H A D | audit.h | 18 #include <linux/audit.h> 34 AUDIT_NOQUIET, /* do not quiet audit messages */ 35 AUDIT_ALL /* audit all accesses */
|
H A D | file.h | 80 * @audit: mask of permissions to force an audit message for 81 * @quiet: mask of permissions to quiet audit messages for 85 * The @audit and @queit mask should be mutually exclusive. 89 u32 audit; member in struct:file_perms 97 #define COMBINED_PERM_MASK(X) ((X).allow | (X).audit | (X).quiet | (X).kill)
|
H A D | policy.h | 26 #include "audit.h" 171 * @audit: the auditing mode of the profile 211 enum audit_mode audit; member in struct:aa_profile 403 return profile->audit; AUDIT_MODE()
|
/linux-4.4.14/net/netlabel/ |
H A D | netlabel_user.c | 34 #include <linux/audit.h> 82 * netlbl_audit_start_common - Start an audit message 83 * @type: audit message type 84 * @audit_info: NetLabel audit information 87 * Start an audit message using the type specified in @type and fill the audit 88 * message with some fields common to all NetLabel audit messages. Returns 89 * a pointer to the audit buffer on success, NULL on failure.
|
H A D | netlabel_user.h | 36 #include <linux/audit.h> 44 * netlbl_netlink_auditinfo - Fetch the audit information from a NETLINK msg 46 * @audit_info: NetLabel audit information
|
H A D | netlabel_domainhash.c | 36 #include <linux/audit.h> 185 * netlbl_domhsh_audit_add - Generate an audit entry for an add event 190 * @audit_info: NetLabel audit information 193 * Generate an audit record for adding a new NetLabel/LSM mapping entry with 357 * @audit_info: NetLabel audit information 478 * @audit_info: NetLabel audit information 495 * @audit_info: NetLabel audit information 562 * @audit_info: NetLabel audit information 628 * @audit_info: NetLabel audit information 654 * @audit_info: NetLabel audit information
|
H A D | netlabel_kapi.c | 33 #include <linux/audit.h> 60 * @audit_info: NetLabel audit information 94 * @audit_info: NetLabel audit information 206 * @audit_info: NetLabel audit information 249 * @audit_info: NetLabel audit information 287 * @audit_info: NetLabel audit information 303 * @audit_info: NetLabel audit information 321 * @audit_info: NetLabel audit information 1148 * netlbl_audit_start - Start an audit message 1149 * @type: audit message type 1150 * @audit_info: NetLabel audit information 1153 * Start an audit message using the type specified in @type and fill the audit 1154 * message with some fields common to all NetLabel audit messages. This 1156 * pointer to the audit buffer on success, NULL on failure.
|
H A D | netlabel_addrlist.c | 41 #include <linux/audit.h> 314 * @audit_buf: audit buffer 347 * @audit_buf: audit buffer
|
H A D | netlabel_addrlist.h | 38 #include <linux/audit.h>
|
H A D | netlabel_cipso_v4.c | 34 #include <linux/audit.h> 133 * @audit_info: NetLabel audit information 334 * @audit_info: NetLabel audit information 373 * @audit_info: NetLabel audit information
|
H A D | netlabel_unlabeled.c | 37 #include <linux/audit.h> 376 * @audit_info: NetLabel audit information 478 * @audit_info: NetLabel audit information 540 * @audit_info: NetLabel audit information 640 * @audit_info: NetLabel audit information 748 * @audit_info: NetLabel audit information 1531 * it is called is at bootup before the audit subsystem is reporting netlbl_unlabel_defconf()
|
H A D | netlabel_mgmt.c | 84 * @audit_info: NetLabel audit information
|
/linux-4.4.14/security/integrity/ |
H A D | integrity_audit.c | 15 #include <linux/audit.h> 23 unsigned long audit; integrity_audit_setup() local 25 if (!kstrtoul(str, 0, &audit)) integrity_audit_setup() 26 integrity_audit_info = audit ? 1 : 0; integrity_audit_setup()
|
/linux-4.4.14/arch/s390/kernel/ |
H A D | compat_audit.c | 3 #include "audit.h"
|
H A D | audit.c | 3 #include <linux/audit.h> 5 #include "audit.h"
|
H A D | Makefile | 55 obj-$(CONFIG_AUDIT) += audit.o
|
H A D | ptrace.c | 17 #include <linux/audit.h>
|
/linux-4.4.14/security/selinux/include/ |
H A D | audit.h | 22 * selinux_audit_rule_init - alloc/init an selinux audit rule structure. 35 * selinux_audit_rule_free - free an selinux audit rule structure. 36 * @rule: pointer to the audit rule to be freed 48 * @rule: pointer to the audit rule to check against 49 * @actx: the audit context (can be NULL) associated with the check
|
H A D | avc.h | 15 #include <linux/audit.h> 50 * We only need this data after we have decided to send an audit message. 90 * We will NOT audit the denial even though the denied avc_audit_required() 117 * @a: auxiliary audit data
|
/linux-4.4.14/security/tomoyo/ |
H A D | Makefile | 1 obj-y = audit.o common.o condition.o domain.o environ.o file.o gc.o group.o load_policy.o memory.o mount.o network.o realpath.o securityfs_if.o tomoyo.o util.o
|
H A D | audit.c | 2 * security/tomoyo/audit.c 138 * tomoyo_print_header - Get header line of audit log. 229 * tomoyo_init_log - Allocate buffer for audit logs. 292 /* Wait queue for /sys/kernel/security/tomoyo/audit. */ 295 /* Structure for audit log. */ 312 * tomoyo_get_audit - Get audit mode. 349 * tomoyo_write_log2 - Write an audit log. 404 * tomoyo_write_log - Write an audit log. 424 * tomoyo_read_log - Read an audit log. 453 * tomoyo_poll_log - Wait for an audit log. 458 * Returns POLLIN | POLLRDNORM when ready to read an audit log.
|
H A D | memory.c | 30 /* Memoy currently used by policy/audit log/query. */ 32 /* Memory quota for "policy"/"audit log"/"query". */
|
H A D | securityfs_if.c | 254 tomoyo_create_entry("audit", 0400, tomoyo_dir, tomoyo_initerface_init()
|
H A D | common.c | 230 /* Add '\0' for audit logs and query. */ tomoyo_flush() 2006 /* Write /sys/kernel/security/tomoyo/audit. */ tomoyo_supervisor() 2252 [TOMOYO_MEMORY_AUDIT] = "audit log:", 2365 /* /sys/kernel/security/tomoyo/audit */ tomoyo_open_control()
|
H A D | common.h | 185 /* Index numbers for audit type. */ 562 /* Subset of "struct stat". Used by conditional ACL and audit logs. */
|
/linux-4.4.14/drivers/tty/ |
H A D | tty_audit.c | 2 * Creating audit events from TTY input. 12 #include <linux/audit.h> 91 * Generate an audit message from the contents of @buf, which is owned by 129 * tty_audit_fork - Copy TTY audit state for a new task 131 * Set up TTY audit state in @sig from current. @sig needs no locking. 176 * tty_audit_push_current - Flush current's pending audit data 178 * Try to lock sighand and get a reference to the tty audit buffer if available. 213 * tty_audit_buf_get - Get an audit buffer. 215 * Get an audit buffer for @tty, allocate it if necessary. Return %NULL 323 * Make sure no audit data is pending for @tty on the current process.
|
H A D | n_tty.c | 48 #include <linux/audit.h>
|
/linux-4.4.14/arch/sparc/kernel/ |
H A D | Makefile | 112 obj-$(CONFIG_AUDIT) += audit.o 113 audit--$(CONFIG_AUDIT) := compat_audit.o 114 obj-$(CONFIG_COMPAT) += $(audit--y)
|
H A D | audit.c | 3 #include <linux/audit.h>
|
H A D | ptrace_64.c | 23 #include <linux/audit.h>
|
/linux-4.4.14/arch/alpha/kernel/ |
H A D | audit.c | 3 #include <linux/audit.h>
|
H A D | Makefile | 20 obj-$(CONFIG_AUDIT) += audit.o
|
H A D | ptrace.c | 17 #include <linux/audit.h>
|
/linux-4.4.14/include/uapi/linux/ |
H A D | audit.h | 0 /* audit.h -- Auditing support 30 /* The netlink messages for the audit system is divided into blocks: 31 * 1000 - 1099 are for commanding the audit system 33 * 1200 - 1299 messages internal to the audit daemon 34 * 1300 - 1399 audit event messages 41 * 2000 is for otherwise unclassified kernel audit messages (legacy) 71 #define AUDIT_SET_FEATURE 1018 /* Turn an audit feature on or off */ 101 #define AUDIT_FD_PAIR 1317 /* audit record for pipe/socketpair */ 112 #define AUDIT_FEATURE_CHANGE 1328 /* audit log listing feature changes */ 145 #define AUDIT_KERNEL 2000 /* Asynchronous audit record. NOT A REQUEST. */ 162 #define AUDIT_ALWAYS 2 /* Generate audit record if rule matches */ 185 * are currently used in an audit field constant understood by the kernel. 377 /* do not define AUDIT_ARCH_PPCLE since it is not supported by audit */ 398 /* MAX_AUDIT_MESSAGE_LENGTH is set in audit:lib/libaudit.h as: 422 __u32 version; /* deprecated: audit api version num */ 423 __u32 feature_bitmap; /* bitmap of kernel audit features */
|
H A D | seccomp.h | 42 * as defined in <linux/audit.h>.
|
H A D | capability.h | 311 /* Allow writing the audit log via unicast netlink socket */ 315 /* Allow configuration of audit via unicast netlink socket */ 350 /* Allow reading the audit log via multicast netlink socket */
|
/linux-4.4.14/arch/parisc/include/asm/ |
H A D | syscall.h | 6 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/parisc/kernel/ |
H A D | Makefile | 32 obj-$(CONFIG_AUDIT) += audit.o
|
H A D | audit.c | 3 #include <linux/audit.h>
|
H A D | ptrace.c | 23 #include <linux/audit.h>
|
/linux-4.4.14/arch/ia64/kernel/ |
H A D | audit.c | 3 #include <linux/audit.h>
|
H A D | Makefile | 32 obj-$(CONFIG_AUDIT) += audit.o
|
H A D | ivt.S | 811 and r9=_TIF_SYSCALL_TRACEAUDIT,r9 // A mask trace or audit
|
H A D | ptrace.c | 19 #include <linux/audit.h>
|
/linux-4.4.14/arch/arm/include/asm/ |
H A D | syscall.h | 10 #include <uapi/linux/audit.h> /* for AUDIT_ARCH_* */ 108 /* ARM tasks don't change audit architectures on the fly. */ syscall_get_arch()
|
/linux-4.4.14/include/linux/ |
H A D | lsm_audit.h | 19 #include <linux/audit.h> 48 /* Auxiliary data to use in generating the audit record. */
|
H A D | audit.h | 0 /* audit.h -- Auditing support 28 #include <uapi/linux/audit.h> 104 #define AUDIT_TYPE_NORMAL 1 /* a "normal" audit record */ 105 #define AUDIT_TYPE_PARENT 2 /* a parent audit record */ 136 #define AUDIT_INODE_HIDDEN 2 /* audit record should be hidden */ 226 /* Private API (for audit.c only) */ 450 /* These are defined in audit.c */ 494 /* Private API (for audit.c only) */
|
H A D | capability.h | 248 /* audit system wants to get cap info from files as well */
|
H A D | fsnotify.h | 15 #include <linux/audit.h>
|
H A D | lsm_hooks.h | 1183 * @audit: Whether to write an audit message or not 1234 * Allocate and initialize an LSM audit rule structure. 1236 * Fields flags are defined in include/linux/audit.h 1246 * @rule contains the audit rule of interest. 1255 * @rule points to the audit rule that will be checked against. 1256 * @actx points to the audit context associated with the check. 1260 * Deallocate the LSM audit rule structure previously allocated by 1323 int cap, int audit);
|
H A D | security.h | 57 /* If capable should audit the security request */ 71 int cap, int audit);
|
H A D | sched.h | 1180 struct audit_context; /* See audit.c */ prefetch_stack()
|
/linux-4.4.14/kernel/ |
H A D | audit.c | 0 /* audit.c -- Auditing support 2 * Gateway between the kernel (e.g., selinux) and the user-space audit daemon. 27 * b) Small when syscall auditing is enabled and no audit record 33 * 3) Ability to disable syscall auditing at boot time (audit=0). 41 * Example user-space utilities: http://people.redhat.com/sgrubb/audit/ 58 #include <linux/audit.h> 71 #include "audit.h" 95 * If audit records are to be written to the netlink socket, audit_pid 102 /* If audit_rate_limit is non-zero, limit the rate of sending audit records 104 * audit records being dropped. */ 115 /* The identity of the user shutting down the audit system. */ 136 /* The audit_freelist is a list of pre-allocated audit buffers (if more 137 * than AUDIT_MAXFREE are in use, the audit buffer is freed instead of 165 * audit records. Since printk uses a 1024 byte buffer, this buffer 173 /* The audit_buffer is used when formatting an audit record. The caller 211 panic("audit: %s\n", message); audit_panic() 246 * audit_log_lost - conditionally log lost audit message event 247 * @message: the message stating reason for lost audit message 373 * notification and stuff. This is just nice to get audit messages during 375 * This only holds messages is audit_default is set, aka booting with audit=1 390 * audit daemon, just send it to printk. 603 * audit_send_reply - send an audit reply message via netlink 606 * @type: audit message type 645 * Check for appropriate CAP_AUDIT_ capabilities on incoming audit 655 * that audit was not configured into the kernel. Lots of users audit_netlink_ok() 657 * to reject login if unable to send messages to audit. If we return audit_netlink_ok() 658 * ECONNREFUSED the PAM stack thinks the kernel does not have audit audit_netlink_ok() 1167 /* Initialize audit support at boot time. */ audit_init() 1194 /* Process kernel command-line parameter at boot time. audit=0 or audit=1. */ audit_enable() 1206 __setup("audit=", audit_enable); 1292 * audit_serial - compute a serial number for the audit record 1294 * Compute a serial number for the audit record. Audit records are 1296 * audit record may be written in several pieces. The timestamp of the 1298 * determine which pieces belong to the same audit record. The 1303 * audit context (for those records that have a context), and emit them 1344 * audit_log_start - obtain an audit buffer 1347 * @type: audit message type 1351 * Obtain an audit buffer. This routine does locking to obtain the 1352 * audit buffer, but then no locking is required for calls to 1354 * syscall, then the syscall is marked as auditable and an audit record 1414 audit_log_format(ab, "audit(%lu.%03lu:%u): ", audit_log_start() 1420 * audit_expand - expand skb in the audit buffer 1444 * Format an audit message into the audit buffer. If there isn't enough 1445 * room in the audit buffer, more room will be allocated and vsnprint 1488 * audit_log_format - format a message into the audit buffer. 1507 * audit_log_hex - convert a buffer to hex and append it to the audit skb 1547 * Format a string of no more than slen characters into the audit buffer, 1952 * audit_log_end - end one audit record 1956 * (last arg, flags, is not set to MSG_DONTWAIT), so the audit buffer is placed 1995 * audit_log - Log an audit record 1996 * @ctx: audit context 1998 * @type: audit message type 2028 * secid to secctx and then adds the (converted) SELinux context to the audit
|
H A D | audit_fsnotify.c | 19 #include <linux/audit.h> 29 #include "audit.h" 166 /* Update mark data in audit rules based on fsnotify events. */ audit_mark_handle_event() 212 audit_panic("cannot create audit fsnotify group"); audit_fsnotify_init()
|
H A D | audit.h | 0 /* audit -- definition of audit_context structure and supporting types 23 #include <linux/audit.h> 37 * No syscall-specific audit records can 47 * time, and always write out the audit 96 * names allocated in the task audit context. Thus this name 107 /* The per-task audit context. */ 227 /* Indicates that audit should log the full pathname. */ 265 /* audit watch functions */
|
H A D | auditsc.c | 58 #include <linux/audit.h> 78 #include "audit.h" 85 /* no execve audit message should be longer than this (userspace limits) */ 88 /* max length to print of cmdline/proctitle value during audit */ 91 /* number of audit rules */ 745 * also not high enough that we already know we have to write an audit 821 /* Transfer the audit context pointer to the caller, clearing it in the tsk's struct */ audit_take_context() 833 * we need to fix up the return code in the audit logs if the actual audit_take_context() 912 * audit_alloc - allocate an audit context block for a task 915 * Filter on the task information and allocate a per-task audit context 998 * space in every audit message. In one 7500 byte message we can log up to 1452 * audit_free - free a per-task audit context 1453 * @tsk: task whose audit context block to free 1479 * audit_syscall_entry - fill in an audit record at syscall entry 1486 * Fill in audit context at syscall entry. This only happens if the 1487 * audit context was created when the task was created and the state or 1488 * filters demand the audit context be built. If the state from the 1533 * audit_syscall_exit - deallocate audit context after a system call 1537 * Tear down after system call. If the audit context has been marked as 1539 * filtering, or because some other part of the kernel wrote an audit 1603 pr_warn("out of memory, audit has lost a tree reference\n"); handle_one() 1662 pr_warn("out of memory, audit has lost a tree reference\n"); handle_path() 1698 * Search the audit_names list for the current audit context. If there is an 1723 * Add a name to the list of audit names for this context. 1845 * This call updates the audit context with the child's information. 2035 * __audit_mq_open - record audit data for a POSIX MQ open 2057 * __audit_mq_sendrecv - record audit data for a POSIX MQ timed send/receive 2083 * __audit_mq_notify - record audit data for a POSIX MQ notify 2103 * __audit_mq_getsetattr - record audit data for a POSIX MQ get/set attribute 2117 * audit_ipc_obj - record audit data for ipc object 2133 * audit_ipc_set_perm - record audit data for new ipc permissions 2162 * audit_socketcall - record audit data for sys_socketcall 2180 * __audit_fd_pair - record audit data for pipe and socketpair 2193 * audit_sockaddr - record audit data for sys_bind, sys_connect, sys_sendto 2228 * audit_signal_info - record signal info for shutting down audit subsystem 2232 * If the audit subsystem is being terminated, record the task (pid) 2339 * audit system if applicable
|
H A D | auditfilter.c | 1 /* auditfilter.c -- filtering of audit events 25 #include <linux/audit.h> 36 #include "audit.h" 42 * Synchronizes writes and blocking reads of audit's filterlist 51 /* Audit filter lists, defined in <linux/audit.h> */ 114 /* Initialize an audit filterlist entry. */ audit_init_entry() 332 /* check if an audit field is valid */ audit_field_valid() 502 pr_warn("audit rule for LSM \'%s\' is invalid\n", audit_data_to_entry() 768 pr_warn("audit rule for LSM \'%s\' is invalid\n", audit_dupe_lsm_field() 776 /* Duplicate an audit rule. This will be a deep copy with the exception 860 /* Find an existing audit rule. 1086 * @type: audit message type 1087 * @portid: target port id for netlink audit messages 1088 * @seq: netlink audit message sequence (serial) number 1126 * audit_list_rules_send - list the audit rules 1128 * @seq: netlink audit message sequence (serial) number
|
H A D | audit_watch.c | 23 #include <linux/audit.h> 33 #include "audit.h" 211 /* Duplicate the given audit watch. The new watch's rules list is initialized 256 /* Update inode info in audit rules based on filesystem event. */ audit_update_watch() 469 /* Update watch data in audit rules based on fsnotify events. */ audit_watch_handle_event() 516 audit_panic("cannot create audit fsnotify group"); audit_watch_init()
|
H A D | Makefile | 67 obj-$(CONFIG_AUDIT) += audit.o auditfilter.o
|
H A D | capability.c | 12 #include <linux/audit.h> 331 * Do not write an audit message for the check. 355 * audit message for the check.
|
H A D | audit_tree.c | 1 #include "audit.h" 103 /* to avoid bringing the entire thing in audit.h */ audit_tree_path()
|
H A D | sys.c | 319 * a security audit over a program. 456 * a security audit over a program.
|
H A D | ptrace.c | 21 #include <linux/audit.h>
|
H A D | seccomp.c | 17 #include <linux/audit.h>
|
H A D | exit.c | 43 #include <linux/audit.h> /* for audit_free() */
|
H A D | fork.c | 50 #include <linux/audit.h>
|
H A D | signal.c | 46 #include "audit.h" /* audit_signal_info() */ 725 error = audit_signal_info(sig, t); /* Let audit system see the signal */ check_kill_permission()
|
/linux-4.4.14/security/ |
H A D | lsm_audit.c | 23 #include <linux/audit.h> 37 * @ad : the audit data to fill 106 * @ad : the audit data to fill 207 * dump_common_audit_data - helper to dump common audit data 208 * @a : common audit data 405 * @a: auxiliary audit data 406 * @pre_audit: lsm-specific pre-audit callback 407 * @post_audit: lsm-specific post-audit callback 409 * setup the audit buffer for common security information
|
H A D | commoncap.c | 11 #include <linux/audit.h> 61 * @audit: Whether to write an audit message or not 72 int cap, int audit) cap_capable() 589 * We do not bother to audit if 3 things are true: cap_bprm_set_creds() 596 * that is interesting information to audit. cap_bprm_set_creds() 71 cap_capable(const struct cred *cred, struct user_namespace *targ_ns, int cap, int audit) cap_capable() argument
|
/linux-4.4.14/arch/x86/kernel/ |
H A D | audit_64.c | 3 #include <linux/audit.h>
|
H A D | ptrace.c | 18 #include <linux/audit.h>
|
H A D | smpboot.c | 1037 * RED-PEN audit/test this more. I bet there is more state messed up here.
|
H A D | vm86_32.c | 45 #include <linux/audit.h>
|
/linux-4.4.14/lib/ |
H A D | audit.c | 3 #include <linux/audit.h>
|
H A D | Makefile | 114 obj-$(CONFIG_AUDIT_GENERIC) += audit.o
|
/linux-4.4.14/arch/powerpc/kernel/ |
H A D | audit.c | 3 #include <linux/audit.h>
|
H A D | Makefile | 113 obj-$(CONFIG_AUDIT) += audit.o
|
H A D | ptrace.c | 31 #include <linux/audit.h> 1790 * state to what ptrace and audit expect. do_seccomp() 1808 * ptrace, syscall tracepoints and audit. do_seccomp()
|
H A D | machine_kexec_64.c | 318 * current, but that audit has not been performed.
|
/linux-4.4.14/net/netfilter/ |
H A D | xt_AUDIT.c | 2 * Creates audit record for dropped/accepted packets 14 #include <linux/audit.h> 28 MODULE_DESCRIPTION("Xtables: creates audit records for dropped/accepted packets");
|
H A D | x_tables.c | 28 #include <linux/audit.h>
|
/linux-4.4.14/samples/seccomp/ |
H A D | dropper.c | 18 #include <linux/audit.h>
|
/linux-4.4.14/arch/sh/include/asm/ |
H A D | syscall_64.h | 4 #include <uapi/linux/audit.h>
|
H A D | syscall_32.h | 4 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/microblaze/include/asm/ |
H A D | syscall.h | 4 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/openrisc/include/asm/ |
H A D | syscall.h | 22 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/ia64/include/asm/ |
H A D | syscall.h | 16 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/s390/include/asm/ |
H A D | syscall.h | 15 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/arm64/include/asm/ |
H A D | syscall.h | 19 #include <uapi/linux/audit.h>
|
/linux-4.4.14/security/smack/ |
H A D | smack_access.c | 117 * @a : a pointer to the audit data 221 * @a : common audit data 273 * @a : common audit data 316 * will be called by generic audit code 344 * @a: auxiliary audit data 371 /* end preparing the audit data */ smack_log()
|
H A D | smack.h | 279 * Smack audit data; is empty if CONFIG_AUDIT not set 406 * some inline functions to set up audit data
|
H A D | smack_lsm.c | 37 #include <linux/audit.h> 414 * @func: name of the function that called us, used for audit 1217 /* May be droppable after audit */ smack_inode_permission() 2058 * @caller: name of the calling function for audit 4383 * works as a glue between the audit hooks. 4386 * the smack_known label address related to the given audit rule as 4393 * smack_audit_rule_init - Initialize a smack audit rule 4394 * @field: audit rule fields given from user-space (audit.h) 4397 * @vrule: pointer to save our own audit rule representation 4399 * Prepare to audit cases where (@field @op @rulestr) is true. 4424 * smack_audit_rule_known - Distinguish Smack audit rules 4449 * @field: audit rule flags given from user-space 4452 * @actx: audit context associated with the check 4455 * whether to audit or not to audit a given object. 4533 * Exists for audit and networking code.
|
H A D | smackfs.c | 28 #include <linux/audit.h>
|
/linux-4.4.14/arch/tile/include/asm/ |
H A D | syscall.h | 23 #include <linux/audit.h>
|
/linux-4.4.14/arch/um/kernel/ |
H A D | ptrace.c | 6 #include <linux/audit.h>
|
/linux-4.4.14/security/selinux/ |
H A D | avc.c | 30 #include <linux/audit.h> 707 * will be called by generic audit code 708 * @ab: the audit buffer 723 * will be called by generic audit code 724 * @ab: the audit buffer 740 /* This is the slow part of avc audit with big stack footprint */ slow_avc_audit() 755 * When in a RCU walk do the audit on the RCU retry. This is because slow_avc_audit() 756 * the collection of the dname in an inode audit message is not RCU slow_avc_audit() 1132 * @auditdata: auxiliary audit data
|
H A D | nlmsgtab.c | 19 #include <linux/audit.h>
|
H A D | hooks.c | 76 #include <linux/audit.h> 94 #include "audit.h" 1564 int cap, int audit) cred_has_capability() 1591 if (audit == SECURITY_CAP_AUDIT) { cred_has_capability() 1610 The 'adp' parameter is optional and allows other audit 1631 /* Same as inode_has_perm, but pass explicit audit data containing 1646 /* Same as inode_has_perm, but pass explicit audit data containing 2080 int cap, int audit) selinux_capable() 2082 return cred_has_capability(cred, cap, audit); selinux_capable() 2152 * Do not audit the selinux permission check, as this is applied to all 3015 * context contains a nul and we should audit that */ selinux_inode_setxattr() 5655 * context contains a nul and we should audit that */ selinux_setprocattr() 1563 cred_has_capability(const struct cred *cred, int cap, int audit) cred_has_capability() argument 2079 selinux_capable(const struct cred *cred, struct user_namespace *ns, int cap, int audit) selinux_capable() argument
|
H A D | netlabel.c | 361 * @ad: the audit data
|
H A D | selinuxfs.c | 29 #include <linux/audit.h>
|
/linux-4.4.14/kernel/locking/ |
H A D | mcs_spinlock.h | 84 * audit lock status, then set node->locked value here. mcs_spin_lock()
|
/linux-4.4.14/arch/powerpc/include/asm/ |
H A D | syscall.h | 16 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/mips/include/asm/ |
H A D | syscall.h | 17 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/sparc/include/asm/ |
H A D | syscall.h | 4 #include <uapi/linux/audit.h>
|
/linux-4.4.14/security/integrity/ima/ |
H A D | ima.h | 25 #include <linux/audit.h> 233 /* LSM based policy rules require audit */
|
H A D | ima_policy.c | 61 void *args_p; /* audit value */ 62 int type; /* audit type */ 448 {Opt_audit, "audit"}, 555 ima_log_string(ab, "action", "audit"); ima_parse_rule()
|
H A D | ima_main.c | 174 * bitmask based on the appraise/audit/measurement policy. process_measurement()
|
/linux-4.4.14/arch/x86/entry/ |
H A D | common.c | 17 #include <linux/audit.h> 152 * then audit in phase 1. Phase 2 always audits, so, if syscall_trace_enter_phase1() 153 * we audit here, then we can't go on to phase 2. syscall_trace_enter_phase1()
|
H A D | entry_64.S | 40 /* Avoid __ASSEMBLER__'ifying <linux/audit.h> just for this. */
|
/linux-4.4.14/arch/x86/include/asm/ |
H A D | syscall.h | 16 #include <uapi/linux/audit.h>
|
/linux-4.4.14/arch/microblaze/kernel/ |
H A D | ptrace.c | 33 #include <linux/audit.h>
|
/linux-4.4.14/arch/openrisc/kernel/ |
H A D | ptrace.c | 27 #include <linux/audit.h>
|
/linux-4.4.14/arch/h8300/kernel/ |
H A D | ptrace.c | 14 #include <linux/audit.h>
|
/linux-4.4.14/arch/x86/kvm/ |
H A D | mmu_audit.c | 32 printk(KERN_ERR "audit: (%s) error: " \
|
/linux-4.4.14/ipc/ |
H A D | util.c | 13 * Mar 2006 - support for audit of ipc object properties 57 #include <linux/audit.h> 678 * This function does some common audit and permissions check for some IPC_XXX 682 * - performs some audit and permission check, depending on the given cmd
|
H A D | msg.c | 17 * support for audit of ipc object properties and permission changes 35 #include <linux/audit.h>
|
H A D | shm.c | 16 * support for audit of ipc object properties and permission changes 37 #include <linux/audit.h>
|
H A D | sem.c | 17 * support for audit of ipc object properties and permission changes 82 #include <linux/audit.h>
|
H A D | mqueue.c | 30 #include <linux/audit.h>
|
/linux-4.4.14/net/ipv4/ |
H A D | xfrm4_policy.c | 92 * it was magically lost, so this code needs audit */ xfrm4_fill_dst()
|
H A D | cipso_ipv4.c | 45 #include <linux/audit.h> 456 * @audit_info: NetLabel audit information 585 * @audit_secid: the LSM secid to use in the audit message
|
H A D | tcp_input.c | 59 * Panu Kuhlberg: Experimental audit of TCP (re)transmission
|
/linux-4.4.14/security/selinux/ss/ |
H A D | services.c | 10 * Support for context based audit filters. 27 * Added support for bounds domain and audit messaged on masked permissions 50 #include <linux/audit.h> 71 #include "audit.h" 248 * should audit that denial map_decision() 505 /* audit a message */ security_dump_masked_av() 613 /* audit masked permissions */ type_attribute_bounds_av() 747 * permission and notice it to userspace via audit.
|
H A D | conditional.c | 652 * permission we do NOT want to audit (dontaudit), we use cond_compute_av()
|
H A D | policydb.c | 33 #include <linux/audit.h>
|
/linux-4.4.14/include/net/iucv/ |
H A D | iucv.h | 106 * audit: 32 bit error information of purged or replied messages 116 u32 audit; member in struct:iucv_message
|
/linux-4.4.14/fs/f2fs/ |
H A D | crypto.c | 21 * This has not yet undergone a rigorous security audit.
|
H A D | crypto_fname.c | 16 * This has not yet undergone a rigorous security audit.
|
/linux-4.4.14/fs/ext4/ |
H A D | crypto.c | 15 * This has not yet undergone a rigorous security audit.
|
H A D | crypto_fname.c | 10 * This has not yet undergone a rigorous security audit.
|
/linux-4.4.14/arch/sh/kernel/ |
H A D | ptrace_32.c | 23 #include <linux/audit.h>
|
H A D | ptrace_64.c | 29 #include <linux/audit.h>
|
/linux-4.4.14/net/ipv6/ |
H A D | xfrm6_policy.c | 105 * it was magically lost, so this code needs audit */ xfrm6_fill_dst()
|
/linux-4.4.14/tools/perf/ |
H A D | builtin-trace.c | 1405 } audit; member in struct:trace 1687 const char *name = audit_syscall_to_name(id, trace->audit.machine); trace__read_syscall_info() 1758 int id = audit_name_to_syscall(sc, trace->audit.machine); trace__validate_ev_qualifier() 2040 if (id == trace->audit.open_id && ret >= 0 && ttrace->filename.pending_open) { trace__sys_exit() 3026 .audit = { cmd_trace() 3028 .open_id = audit_name_to_syscall("open", trace.audit.machine), cmd_trace()
|
H A D | perf.c | 567 "trace command not available: missing audit-libs devel package at build time.\n"); main()
|
/linux-4.4.14/drivers/scsi/ |
H A D | qlogicfas408.c | 27 SCSI driver cleanup and audit. This driver still needs work on the
|
H A D | constants.c | 576 {0x2404, "Security audit value frozen"},
|
H A D | scsi_error.c | 1153 * XXX: Long term this code should go away, but that needs an audit of
|
/linux-4.4.14/security/integrity/evm/ |
H A D | evm_main.c | 21 #include <linux/audit.h>
|
/linux-4.4.14/include/scsi/ |
H A D | osd_protocol.h | 561 /*10*/ u8 audit[20]; member in struct:osd_capability_head
|
/linux-4.4.14/drivers/scsi/libsas/ |
H A D | sas_ata.c | 190 /* TODO: audit callers to ensure they are ready for qc_issue to sas_ata_qc_issue()
|
/linux-4.4.14/fs/ |
H A D | coredump.c | 27 #include <linux/audit.h>
|
H A D | open.c | 28 #include <linux/audit.h>
|
H A D | pipe.c | 21 #include <linux/audit.h>
|
H A D | xattr.c | 21 #include <linux/audit.h>
|
H A D | exec.c | 51 #include <linux/audit.h>
|
H A D | namei.c | 30 #include <linux/audit.h> 3101 * create/update audit record if it already exists. do_last()
|
/linux-4.4.14/include/net/ |
H A D | netlabel.h | 109 /* NetLabel audit information */
|
H A D | xfrm.h | 14 #include <linux/audit.h>
|
/linux-4.4.14/arch/mips/kernel/ |
H A D | ptrace.c | 30 #include <linux/audit.h>
|
/linux-4.4.14/arch/arm/kernel/ |
H A D | ptrace.c | 26 #include <linux/audit.h>
|
/linux-4.4.14/tools/perf/config/ |
H A D | Makefile | 391 msg := $(warning No libaudit.h found, disables 'trace' tool, please install audit-libs-devel or libaudit-dev);
|
/linux-4.4.14/net/xfrm/ |
H A D | xfrm_state.c | 22 #include <linux/audit.h> 2222 * of audit message */ xfrm_audit_state_replay_overflow()
|
H A D | xfrm_policy.c | 27 #include <linux/audit.h>
|
/linux-4.4.14/net/iucv/ |
H A D | iucv.c | 1101 msg->audit = (*(u32 *) &parm->purge.ipaudit) >> 8; iucv_message_purge() 1680 msg.audit = imc->ipaudit; iucv_message_complete()
|
/linux-4.4.14/drivers/scsi/bfa/ |
H A D | bfa_defs.h | 521 /* BFA audit events */
|
H A D | bfa_defs_svc.h | 1446 struct bfa_audit_aen_data_s audit; member in union:bfa_aen_data_u
|
H A D | bfa_ioc.c | 4212 aen_entry->aen_data.audit.pwwn = ioc->attr->pwwn; bfa_flash_aen_audit_post() 4213 aen_entry->aen_data.audit.partition_inst = inst; bfa_flash_aen_audit_post() 4214 aen_entry->aen_data.audit.partition_type = type; bfa_flash_aen_audit_post()
|
/linux-4.4.14/arch/x86/tools/ |
H A D | relocs.c | 598 * User need to audit the code to make sure print_absolute_relocs()
|
/linux-4.4.14/fs/ntfs/ |
H A D | layout.h | 1385 * The ACE flags (8-bit) for audit and inheritance (see below). 1387 * SUCCESSFUL_ACCESS_ACE_FLAG is only used with system audit and alarm ACE 1391 * FAILED_ACCESS_ACE_FLAG is only used with system audit and alarm ACE types 1403 /* The audit flags. */
|
/linux-4.4.14/arch/arm64/kernel/ |
H A D | ptrace.c | 22 #include <linux/audit.h>
|
/linux-4.4.14/drivers/usb/musb/ |
H A D | cppi_dma.c | 36 * evidently also directly update the RX and TX CSRs ... so audit all
|
/linux-4.4.14/drivers/tty/hvc/ |
H A D | hvc_iucv.c | 945 * msg->audit: rejected messages (0x040000 (IPADRJCT)), and
|
/linux-4.4.14/drivers/scsi/osd/ |
H A D | osd_initiator.c | 447 * TODO: Keep error code in or->async_error. Need to audit all _put_request()
|
/linux-4.4.14/drivers/block/drbd/ |
H A D | drbd_req.c | 572 * enforces that it is all in this one place, where it is easier to audit,
|
/linux-4.4.14/arch/x86/kernel/cpu/mcheck/ |
H A D | mce.c | 469 * wrong CPU (can happen when audit sleeps) mce_report_event()
|
/linux-4.4.14/mm/ |
H A D | nommu.c | 35 #include <linux/audit.h>
|
H A D | mmap.c | 36 #include <linux/audit.h>
|
/linux-4.4.14/net/bridge/netfilter/ |
H A D | ebtables.c | 29 #include <linux/audit.h>
|
/linux-4.4.14/net/decnet/ |
H A D | af_decnet.c | 2393 * Requires an audit of the code to check for memory leaks and
|
/linux-4.4.14/scripts/mod/ |
H A D | modpost.c | 1150 * cpumask_empty.constprop.3 that appears in the audit. If the const that
|
/linux-4.4.14/net/ |
H A D | socket.c | 86 #include <linux/audit.h>
|
/linux-4.4.14/fs/proc/ |
H A D | base.c | 79 #include <linux/audit.h>
|
/linux-4.4.14/net/netlink/ |
H A D | af_netlink.c | 57 #include <linux/audit.h>
|
/linux-4.4.14/drivers/block/ |
H A D | floppy.c | 144 * Better audit of register_blkdev.
|
/linux-4.4.14/sound/pci/hda/ |
H A D | hda_codec.c | 3893 * @val: pin ctl value to audit
|
/linux-4.4.14/drivers/scsi/qla2xxx/ |
H A D | qla_init.c | 4445 "Invalid audit type specified.\n"); qla83xx_idc_audit()
|
/linux-4.4.14/net/core/ |
H A D | dev.c | 114 #include <linux/audit.h>
|