security/lsm_audit.c
Source file repositories/reference/linux-study-clean/security/lsm_audit.c
File Facts
- System
- Linux kernel
- Corpus path
security/lsm_audit.c- Extension
.c- Size
- 11009 bytes
- Lines
- 458
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
linux/types.hlinux/stddef.hlinux/kernel.hlinux/gfp.hlinux/fs.hlinux/init.hnet/sock.hlinux/un.hnet/af_unix.hlinux/audit.hlinux/ipv6.hlinux/ip.hnet/ip.hnet/ipv6.hlinux/tcp.hlinux/udp.hlinux/sctp.hlinux/lsm_audit.hlinux/security.h
Detected Declarations
function ipv4_skb_to_auditdatafunction ipv6_skb_to_auditdatafunction print_ipv6_addrfunction print_ipv4_addrfunction audit_log_lsm_datafunction dump_common_audit_datafunction common_lsm_audit
Annotated Snippet
if (inode) {
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%llu", inode->i_ino);
}
break;
}
case LSM_AUDIT_DATA_FILE: {
struct inode *inode;
audit_log_d_path(ab, " path=", &a->u.file->f_path);
inode = file_inode(a->u.file);
if (inode) {
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%llu", inode->i_ino);
}
break;
}
case LSM_AUDIT_DATA_IOCTL_OP: {
struct inode *inode;
audit_log_d_path(ab, " path=", &a->u.op->path);
inode = a->u.op->path.dentry->d_inode;
if (inode) {
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%llu", inode->i_ino);
}
audit_log_format(ab, " ioctlcmd=0x%hx", a->u.op->cmd);
break;
}
case LSM_AUDIT_DATA_DENTRY: {
struct inode *inode;
audit_log_format(ab, " name=");
spin_lock(&a->u.dentry->d_lock);
audit_log_untrustedstring(ab, a->u.dentry->d_name.name);
spin_unlock(&a->u.dentry->d_lock);
inode = d_backing_inode(a->u.dentry);
if (inode) {
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%llu", inode->i_ino);
}
break;
}
case LSM_AUDIT_DATA_INODE: {
struct dentry *dentry;
struct inode *inode;
rcu_read_lock();
inode = a->u.inode;
dentry = d_find_alias_rcu(inode);
if (dentry) {
audit_log_format(ab, " name=");
spin_lock(&dentry->d_lock);
audit_log_untrustedstring(ab, dentry->d_name.name);
spin_unlock(&dentry->d_lock);
}
audit_log_format(ab, " dev=");
audit_log_untrustedstring(ab, inode->i_sb->s_id);
audit_log_format(ab, " ino=%llu", inode->i_ino);
rcu_read_unlock();
break;
}
case LSM_AUDIT_DATA_TASK: {
struct task_struct *tsk = a->u.tsk;
if (tsk) {
pid_t pid = task_tgid_nr(tsk);
if (pid) {
char tskcomm[sizeof(tsk->comm)];
audit_log_format(ab, " opid=%d ocomm=", pid);
audit_log_untrustedstring(ab,
get_task_comm(tskcomm, tsk));
}
}
break;
}
case LSM_AUDIT_DATA_NET:
if (a->u.net->sk) {
const struct sock *sk = a->u.net->sk;
const struct unix_sock *u;
struct unix_address *addr;
int len = 0;
char *p = NULL;
Annotation
- Immediate include surface: `linux/types.h`, `linux/stddef.h`, `linux/kernel.h`, `linux/gfp.h`, `linux/fs.h`, `linux/init.h`, `net/sock.h`, `linux/un.h`.
- Detected declarations: `function ipv4_skb_to_auditdata`, `function ipv6_skb_to_auditdata`, `function print_ipv6_addr`, `function print_ipv4_addr`, `function audit_log_lsm_data`, `function dump_common_audit_data`, `function common_lsm_audit`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.