Security control method and computer system

What is claimed is: 1. A computer system including a first domain and a second domain deployed in the computer system, the computer system comprising: a tracer; a memory storing computer readable instructions; and a processor in communication with the tracer and the memory, the processor is configured to: execute the computer readable instructions; start the tracer; and execute a program in the first domain; and obtain a process identification of a current process from the first domain before the tracer collects a to-be-audited information; the tracer is configured to collect the to-be-audited information during execution of the program, the to-be-audited information comprising control flow information of the program; and the processor is further configured to execute the computer readable instructions to: obtain the to-be-audited information in the second domain; use the process identification together with the control flow information as the to-be-audited information; search the second domain for an audit rule that matches the process identification; audit the to-be-audited information according to the audit rule; and determine that the audit succeeds when the to-be-audited information matches the audit rule. 2. The computer system according to claim 1 , wherein the to-be-audited information further comprises data flow information of the program. 3. The computer system according to claim 1 , wherein the processor is further configured to: review the tracer when the processor is in the second domain before performing the audit; and perform the audit after the review succeeds. 4. The computer system according to claim 1 , wherein: the processor is further configured to store the process identification in a first register of the tracer; the tracer is further configured to read the process identification currently stored in the first register when collecting the control flow information; and the processor is further configured to audit the control flow information according to the audit rule. 5. The computer system according to claim 1 , wherein the computer system further comprises a first random number generator deployed in the first domain, and the second domain comprises a text segment of the program; the processor is further configured to: call the first random number generator in the first domain to generate a random number RX before executing the program; store the random number RX in a second register of the tracer; and obtain a hash value H1 through calculation based on the random number RX and the text segment of the process that executes the program; the tracer is further configured to: read the random number RX stored in the second register when collecting the control flow information; and use the random number RX together with the control flow information as the to-be-audited information; and the processor is further configured to: obtain the hash value H1 from the second domain; obtain a hash value H2 through calculation based on the random number RX and the text segment comprised in the second domain; compare H1 with H2; and determine that the audit succeeds when H1 is the same as H2 and the to-be-audited information matches the audit rule. 6. The computer system according to claim 1 , wherein the computer system further comprises a first random number generator deployed in the first domain and a second random number generator deployed in the second domain; the processor is further configured to: call the first random number generator to generate a random number when executing the program in the first domain; and store the random number in a third register of the tracer; the tracer is further configured to: read the random number currently stored in the third register when collecting the control flow information; and use the random number together with the control flow information as the to-be-audited information; and the processor is further configured to: obtain, from the second domain, the last random number RY generated by the first random number generator in an execution procedure of the program; obtain a quantity n of random number generation times preconfigured in the second domain; trigger, based on n, the second random number generator to generate n random numbers; compare an n th random number Rn with RY; and determine that the audit succeeds when Rn is the same as RY and the to-be-audited information matches the audit rule. 7. The computer system according to claim 1 , wherein at least some components of the tracer are deployed in the second domain through hardware division, or the at least some components of the tracer are deployed in the second domain through software permission management, and the second domain is more secure than the first domain. 8. The computer system according to claim 1 , wherein the audit rule is obtained using a machine learning method. 9. The computer system according to claim 1 , wherein the program is stored in a read-only storage area of the memory. 10. A security control method for a computer system in which a first domain and a second domain are deployed, the security control method comprising: obtaining a process identification of a current process from the first domain before a tracer collects a to-be-audited information; obtaining the to-be-audited information in the second domain using the tracer when a program in the first domain is executed, the to-be-audited information comprising control flow information of the program; using the process identification together with the control flow information as the to-be-audited information; searching the second domain for an audit rule that matches the process identification; auditing, in the second domain, the to-be-audited information according to an audit rule; and determining that the audit succeeds and allowing access to the second domain when the to-be-audited information matches the audit rule. 11. The method according to claim 10 , wherein the to-be-audited information further comprises data flow information of the program. 12. The method according to claim 10 , wherein before the control flow information is audited, the method further comprises: reviewing the tracer in the second domain; and auditing the control flow information after the review succeeds. 13. The method according to claim 10 , wherein the method further comprises: storing the process identification in a first register of the tracer; reading the process identification currently stored in the first register when collecting the control flow information; and auditing the control flow information according to the found audit rule. 14. The method according to claim 10 , wherein the computer system further comprises a first random number generator deployed in the first domain, and the second domain comprises a text segment of the program, the method further comprising: calling the first random number generator in the first domain to generate a random number RX before the program is executed; storing the random number RX in a second register of the tracer; and obtaining a hash value H1 through calculation based on the random number RX and the text segment of the process that executes the program; the obtaining the to-be-audited information using the tracer comprises: obtaining the to-be-audited information collected by the tracer, the to-be-audited information further comprising the random number RX, and RX is obtained by the tracer accessing the second register; and the auditing the to-be-audited information according to an audit rule comprises: obtaining the has