audit_mark_handle_event

Name:Update mark data in audit rules based on fsnotify events.

Proto:static int audit_mark_handle_event(struct fsnotify_group *group, struct inode *to_tell, unsigned int mask, const void *data, int data_type, const struct qstr *dname, unsigned int cookie, struct fsnotify_iter_info *iter_info)

Type:int

Parameter:

Type	Parameter	Name
struct fsnotify_group *	group
struct inode *	to_tell
unsigned int	mask
const void *	data
int	data_type
const struct qstr *	dname
unsigned int	cookie
struct fsnotify_iter_info *	iter_info

161

inode_mark = fsnotify_iter_inode_mark(iter_info)

163

const struct inode * inode = NULL

165

audit_mark = container_of - cast a member of a structure out to the containing structure*@ptr: the pointer to the member.*@type: the type of the container struct this is embedded in.*@member: the name of the member within the struct.(inode_mark, structaudit_fsnotify_mark, mark)

167

BUG_ON(group != snotify handle. )

170

Case data_type == FSNOTIFY_EVENT_PATH

171

inode = Where the name belongs to - NULL is * negative

172

Break

173

Case data_type == FSNOTIFY_EVENT_INODE

174

175

Break

176

Default

177

BUG()

178

Return 0

181

If mask & ( Subfile was created | File was moved to Y | Subfile was deleted | File was moved from X ) Then

182

If audit_compare_dname_path - compare given dentry name with last component in* given path. Return of 0 indicates a match.*@dname: dentry name that we're comparing*@path: full pathname that we're comparing*@parentlen: length of the parent if known Then Return 0

184

audit_update_mark(audit_mark, inode)

185

Else if mask & ( Self was deleted | de on umount fs | Self was moved ) Then audit_autoremove_mark_rule(audit_mark)

188

Return 0

Source code conversion tool public plug-in interface	X
Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion