security/apparmor/include/audit.h
Source file repositories/reference/linux-study-clean/security/apparmor/include/audit.h
File Facts
- System
- Linux kernel
- Corpus path
security/apparmor/include/audit.h- Extension
.h- Size
- 4999 bytes
- Lines
- 213
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/audit.hlinux/fs.hlinux/lsm_audit.hlinux/sched.hlinux/slab.hfile.hlabel.h
Detected Declarations
struct apparmor_audit_dataenum audit_modeenum audit_typefunction complain_error
Annotated Snippet
struct apparmor_audit_data {
int error;
int type;
u16 class;
const char *op;
const struct cred *subj_cred;
struct aa_label *subj_label;
const char *name;
const char *info;
u32 request;
u32 denied;
u32 tags;
union {
/* these entries require a custom callback fn */
struct {
struct aa_label *peer;
union {
struct {
const char *target;
kuid_t ouid;
} fs;
struct {
int rlim;
unsigned long max;
} rlim;
struct {
int signal;
int unmappedsig;
};
struct {
int type, protocol;
void *addr;
int addrlen;
struct {
void *addr;
int addrlen;
} peer;
} net;
};
};
struct {
struct aa_profile *profile;
const char *ns;
long pos;
} iface;
struct {
const char *src_name;
const char *type;
const char *trans;
const char *data;
unsigned long flags;
} mnt;
struct {
struct aa_label *target;
} uring;
};
struct common_audit_data common;
};
/* macros for dealing with apparmor_audit_data structure */
#define aad(SA) (container_of(SA, struct apparmor_audit_data, common))
#define aad_of_va(VA) aad((struct common_audit_data *)(VA))
#define DEFINE_AUDIT_DATA(NAME, T, C, X) \
/* TODO: cleanup audit init so we don't need _aad = {0,} */ \
struct apparmor_audit_data NAME = { \
.class = (C), \
.op = (X), \
.common.type = (T), \
.common.u.tsk = NULL, \
.common.apparmor_audit_data = &NAME, \
};
void aa_audit_msg(int type, struct apparmor_audit_data *ad,
void (*cb) (struct audit_buffer *, void *));
int aa_audit(int type, struct aa_profile *profile,
struct apparmor_audit_data *ad,
void (*cb) (struct audit_buffer *, void *));
#define aa_audit_error(ERROR, AD, CB) \
({ \
(AD)->error = (ERROR); \
aa_audit_msg(AUDIT_APPARMOR_ERROR, (AD), (CB)); \
(AD)->error; \
})
static inline int complain_error(int error)
Annotation
- Immediate include surface: `linux/audit.h`, `linux/fs.h`, `linux/lsm_audit.h`, `linux/sched.h`, `linux/slab.h`, `file.h`, `label.h`.
- Detected declarations: `struct apparmor_audit_data`, `enum audit_mode`, `enum audit_type`, `function complain_error`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.