security/tomoyo/audit.c
Source file repositories/reference/linux-study-clean/security/tomoyo/audit.c
File Facts
- System
- Linux kernel
- Corpus path
security/tomoyo/audit.c- Extension
.c- Size
- 12715 bytes
- Lines
- 478
- Domain
- Core OS
- Bucket
- Security And Isolation
- Inferred role
- Core OS: implementation source
- Status
- source implementation candidate
Why This File Exists
Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Core operating-system implementation surface: boot, tasks, memory, VFS, syscall-facing interfaces, synchronization, credentials, and isolation.
- Uses kernel synchronization; read lock ordering, sleepability, and interrupt context assumptions before translating.
- Allocates kernel memory; connect allocation flags and lifetime to context constraints.
- Defines or uses C structs; map object ownership, embedded links, reference counts, and lock ownership.
Dependency Surface
common.hlinux/slab.h
Detected Declarations
struct tomoyo_logfunction Copyrightfunction kmallocfunction kzallocfunction tomoyo_get_auditfunction tomoyo_write_log2function tomoyo_write_logfunction tomoyo_read_logfunction tomoyo_poll_log
Annotated Snippet
struct tomoyo_log {
struct list_head list;
char *log;
int size;
};
/* The list for "struct tomoyo_log". */
static LIST_HEAD(tomoyo_log);
/* Lock for "struct list_head tomoyo_log". */
static DEFINE_SPINLOCK(tomoyo_log_lock);
/* Length of "struct list_head tomoyo_log". */
static unsigned int tomoyo_log_count;
/**
* tomoyo_get_audit - Get audit mode.
*
* @ns: Pointer to "struct tomoyo_policy_namespace".
* @profile: Profile number.
* @index: Index number of functionality.
* @matched_acl: Pointer to "struct tomoyo_acl_info".
* @is_granted: True if granted log, false otherwise.
*
* Returns true if this request should be audited, false otherwise.
*/
static bool tomoyo_get_audit(const struct tomoyo_policy_namespace *ns,
const u8 profile, const u8 index,
const struct tomoyo_acl_info *matched_acl,
const bool is_granted)
{
u8 mode;
const u8 category = tomoyo_index2category[index] +
TOMOYO_MAX_MAC_INDEX;
struct tomoyo_profile *p;
if (!tomoyo_policy_loaded)
return false;
p = tomoyo_profile(ns, profile);
if (tomoyo_log_count >= p->pref[TOMOYO_PREF_MAX_AUDIT_LOG])
return false;
if (is_granted && matched_acl && matched_acl->cond &&
matched_acl->cond->grant_log != TOMOYO_GRANTLOG_AUTO)
return matched_acl->cond->grant_log == TOMOYO_GRANTLOG_YES;
mode = p->config[index];
if (mode == TOMOYO_CONFIG_USE_DEFAULT)
mode = p->config[category];
if (mode == TOMOYO_CONFIG_USE_DEFAULT)
mode = p->default_config;
if (is_granted)
return mode & TOMOYO_CONFIG_WANT_GRANT_LOG;
return mode & TOMOYO_CONFIG_WANT_REJECT_LOG;
}
/**
* tomoyo_write_log2 - Write an audit log.
*
* @r: Pointer to "struct tomoyo_request_info".
* @len: Buffer size needed for @fmt and @args.
* @fmt: The printf()'s format string.
* @args: va_list structure for @fmt.
*
* Returns nothing.
*/
void tomoyo_write_log2(struct tomoyo_request_info *r, int len, const char *fmt,
va_list args)
{
char *buf;
struct tomoyo_log *entry;
bool quota_exceeded = false;
if (!tomoyo_get_audit(r->domain->ns, r->profile, r->type,
r->matched_acl, r->granted))
goto out;
buf = tomoyo_init_log(r, len, fmt, args);
if (!buf)
goto out;
entry = kzalloc_obj(*entry, GFP_NOFS);
if (!entry) {
kfree(buf);
goto out;
}
entry->log = buf;
len = kmalloc_size_roundup(strlen(buf) + 1);
/*
* The entry->size is used for memory quota checks.
* Don't go beyond strlen(entry->log).
*/
entry->size = len + kmalloc_size_roundup(sizeof(*entry));
spin_lock(&tomoyo_log_lock);
Annotation
- Immediate include surface: `common.h`, `linux/slab.h`.
- Detected declarations: `struct tomoyo_log`, `function Copyright`, `function kmalloc`, `function kzalloc`, `function tomoyo_get_audit`, `function tomoyo_write_log2`, `function tomoyo_write_log`, `function tomoyo_read_log`, `function tomoyo_poll_log`.
- Atlas domain: Core OS / Security And Isolation.
- Implementation status: source implementation candidate.
- Synchronization appears in or near this file; preserve lock ordering, sleepability, and interrupt-context constraints.
Implementation Notes
- This generated page is the file-by-file coverage layer; curated subsystem chapters should link here when they synthesize a multi-file control flow.
- Core OS pages should be promoted from atlas-only to deep-reviewed when they explain data structures, invariants, locking, lifecycle, and C implementation snippets.
- Driver-family pages are intentionally pattern-oriented unless they are part of the selected PCIe/NVMe representative device path.