Lines Matching refs:ab
1097 struct audit_buffer *ab;
1102 ab = audit_log_start(context, GFP_KERNEL, AUDIT_OBJ_PID);
1103 if (!ab)
1106 audit_log_format(ab, "opid=%d oauid=%d ouid=%d oses=%d", pid,
1111 audit_log_format(ab, " obj=(none)");
1114 audit_log_format(ab, " obj=%s", ctx);
1118 audit_log_format(ab, " ocomm=");
1119 audit_log_untrustedstring(ab, comm);
1120 audit_log_end(ab);
1126 struct audit_buffer **ab)
1162 audit_log_format(*ab, "argc=%d", context->execve.argc);
1233 audit_log_end(*ab);
1234 *ab = audit_log_start(context,
1236 if (!*ab)
1261 audit_log_format(*ab, "%s", abuf);
1267 audit_log_n_hex(*ab, buf, len_tmp);
1273 audit_log_n_string(*ab, buf, len_tmp);
1299 static void audit_log_cap(struct audit_buffer *ab, char *prefix,
1303 audit_log_format(ab, " %s=0", prefix);
1306 audit_log_format(ab, " %s=%016llx", prefix, cap->val);
1309 static void audit_log_fcaps(struct audit_buffer *ab, struct audit_names *name)
1312 audit_log_format(ab, " cap_fe=? cap_fver=? cap_fp=? cap_fi=?");
1315 audit_log_cap(ab, "cap_fp", &name->fcap.permitted);
1316 audit_log_cap(ab, "cap_fi", &name->fcap.inheritable);
1317 audit_log_format(ab, " cap_fe=%d cap_fver=%x cap_frootid=%d",
1322 static void audit_log_time(struct audit_context *context, struct audit_buffer **ab)
1339 if (!*ab) {
1340 *ab = audit_log_start(context,
1343 if (!*ab)
1346 audit_log_format(*ab, "op=%s old=%lli new=%lli",
1350 audit_log_end(*ab);
1351 *ab = NULL;
1356 if (!*ab) {
1357 *ab = audit_log_start(context, GFP_KERNEL,
1359 if (!*ab)
1362 audit_log_format(*ab, "sec=%lli nsec=%li",
1364 audit_log_end(*ab);
1365 *ab = NULL;
1371 struct audit_buffer *ab;
1374 ab = audit_log_start(context, GFP_KERNEL, context->type);
1375 if (!ab)
1382 audit_log_format(ab, "nargs=%d", nargs);
1384 audit_log_format(ab, " a%d=%lx", i,
1390 audit_log_format(ab, "ouid=%u ogid=%u mode=%#ho",
1399 audit_log_format(ab, " osid=%u", osid);
1402 audit_log_format(ab, " obj=%s", ctx);
1407 audit_log_end(ab);
1408 ab = audit_log_start(context, GFP_KERNEL,
1410 if (unlikely(!ab))
1412 audit_log_format(ab,
1421 audit_log_format(ab,
1431 audit_log_format(ab,
1441 audit_log_format(ab, "mqdes=%d sigev_signo=%d",
1448 audit_log_format(ab,
1456 audit_log_format(ab, "pid=%d", context->capset.pid);
1457 audit_log_cap(ab, "cap_pi", &context->capset.cap.inheritable);
1458 audit_log_cap(ab, "cap_pp", &context->capset.cap.permitted);
1459 audit_log_cap(ab, "cap_pe", &context->capset.cap.effective);
1460 audit_log_cap(ab, "cap_pa", &context->capset.cap.ambient);
1463 audit_log_format(ab, "fd=%d flags=0x%x", context->mmap.fd,
1467 audit_log_format(ab, "oflag=0%llo mode=0%llo resolve=0x%llx",
1473 audit_log_execve_info(context, &ab);
1476 audit_log_format(ab, "name=");
1478 audit_log_untrustedstring(ab, context->module.name);
1480 audit_log_format(ab, "(null)");
1486 audit_log_time(context, &ab);
1489 audit_log_end(ab);
1516 struct audit_buffer *ab;
1518 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PATH);
1519 if (!ab)
1522 audit_log_format(ab, "item=%d", record_num);
1525 audit_log_d_path(ab, " name=", path);
1530 audit_log_format(ab, " name=");
1531 audit_log_untrustedstring(ab, n->name->name);
1538 audit_log_d_path(ab, " name=", &context->pwd);
1540 audit_log_format(ab, " name=(null)");
1544 audit_log_format(ab, " name=");
1545 audit_log_n_untrustedstring(ab, n->name->name,
1549 audit_log_format(ab, " name=(null)");
1552 audit_log_format(ab, " inode=%lu dev=%02x:%02x mode=%#ho ouid=%u ogid=%u rdev=%02x:%02x",
1567 audit_log_format(ab, " osid=%u", n->osid);
1571 audit_log_format(ab, " obj=%s", ctx);
1579 audit_log_format(ab, " nametype=NORMAL");
1582 audit_log_format(ab, " nametype=PARENT");
1585 audit_log_format(ab, " nametype=DELETE");
1588 audit_log_format(ab, " nametype=CREATE");
1591 audit_log_format(ab, " nametype=UNKNOWN");
1595 audit_log_fcaps(ab, n);
1596 audit_log_end(ab);
1606 struct audit_buffer *ab;
1608 ab = audit_log_start(context, GFP_KERNEL, AUDIT_PROCTITLE);
1609 if (!ab)
1612 audit_log_format(ab, "proctitle=");
1636 audit_log_n_untrustedstring(ab, msg, len);
1637 audit_log_end(ab);
1646 struct audit_buffer *ab;
1649 ab = audit_log_start(ctx, GFP_ATOMIC, AUDIT_URINGOP);
1650 if (!ab)
1653 audit_log_format(ab, "uring_op=%d", ctx->uring_op);
1655 audit_log_format(ab, " success=%s exit=%ld",
1659 audit_log_format(ab,
1673 audit_log_task_context(ab);
1674 audit_log_key(ab, ctx->filterkey);
1675 audit_log_end(ab);
1682 struct audit_buffer *ab;
1690 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SYSCALL);
1691 if (!ab)
1693 audit_log_format(ab, "arch=%x syscall=%d",
1696 audit_log_format(ab, " per=%lx", context->personality);
1698 audit_log_format(ab, " success=%s exit=%ld",
1702 audit_log_format(ab,
1709 audit_log_task_info(ab);
1710 audit_log_key(ab, context->filterkey);
1711 audit_log_end(ab);
1723 ab = audit_log_start(context, GFP_KERNEL, aux->type);
1724 if (!ab)
1732 audit_log_format(ab, "fver=%x", axs->fcap_ver);
1733 audit_log_cap(ab, "fp", &axs->fcap.permitted);
1734 audit_log_cap(ab, "fi", &axs->fcap.inheritable);
1735 audit_log_format(ab, " fe=%d", axs->fcap.fE);
1736 audit_log_cap(ab, "old_pp", &axs->old_pcap.permitted);
1737 audit_log_cap(ab, "old_pi", &axs->old_pcap.inheritable);
1738 audit_log_cap(ab, "old_pe", &axs->old_pcap.effective);
1739 audit_log_cap(ab, "old_pa", &axs->old_pcap.ambient);
1740 audit_log_cap(ab, "pp", &axs->new_pcap.permitted);
1741 audit_log_cap(ab, "pi", &axs->new_pcap.inheritable);
1742 audit_log_cap(ab, "pe", &axs->new_pcap.effective);
1743 audit_log_cap(ab, "pa", &axs->new_pcap.ambient);
1744 audit_log_format(ab, " frootid=%d",
1750 audit_log_end(ab);
1757 ab = audit_log_start(context, GFP_KERNEL, AUDIT_FD_PAIR);
1758 if (ab) {
1759 audit_log_format(ab, "fd0=%d fd1=%d",
1761 audit_log_end(ab);
1766 ab = audit_log_start(context, GFP_KERNEL, AUDIT_SOCKADDR);
1767 if (ab) {
1768 audit_log_format(ab, "saddr=");
1769 audit_log_n_hex(ab, (void *)context->sockaddr,
1771 audit_log_end(ab);
1796 ab = audit_log_start(context, GFP_KERNEL, AUDIT_CWD);
1797 if (ab) {
1798 audit_log_d_path(ab, "cwd=", &context->pwd);
1799 audit_log_end(ab);
1814 ab = audit_log_start(context, GFP_KERNEL, AUDIT_EOE);
1815 if (ab)
1816 audit_log_end(ab);
2927 struct audit_buffer *ab;
2930 ab = audit_log_start(audit_context(), gfp, AUDIT_NETFILTER_CFG);
2931 if (!ab)
2933 audit_log_format(ab, "table=%s family=%u entries=%u op=%s",
2936 audit_log_format(ab, " pid=%u", task_pid_nr(current));
2937 audit_log_task_context(ab); /* subj= */
2938 audit_log_format(ab, " comm=");
2939 audit_log_untrustedstring(ab, get_task_comm(comm, current));
2940 audit_log_end(ab);
2944 static void audit_log_task(struct audit_buffer *ab)
2955 audit_log_format(ab, "auid=%u uid=%u gid=%u ses=%u",
2960 audit_log_task_context(ab);
2961 audit_log_format(ab, " pid=%d comm=", task_tgid_nr(current));
2962 audit_log_untrustedstring(ab, get_task_comm(comm, current));
2963 audit_log_d_path_exe(ab, current->mm);
2975 struct audit_buffer *ab;
2983 ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_ANOM_ABEND);
2984 if (unlikely(!ab))
2986 audit_log_task(ab);
2987 audit_log_format(ab, " sig=%ld res=1", signr);
2988 audit_log_end(ab);
3005 struct audit_buffer *ab;
3007 ab = audit_log_start(audit_context(), GFP_KERNEL, AUDIT_SECCOMP);
3008 if (unlikely(!ab))
3010 audit_log_task(ab);
3011 audit_log_format(ab, " sig=%ld arch=%x syscall=%ld compat=%d ip=0x%lx code=0x%x",
3014 audit_log_end(ab);
3020 struct audit_buffer *ab;
3025 ab = audit_log_start(audit_context(), GFP_KERNEL,
3027 if (unlikely(!ab))
3030 audit_log_format(ab,
3033 audit_log_end(ab);