Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit_watch.c Create Date:2022-07-28 11:29:10
Last Modify:2020-03-17 17:15:07 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Update inode info in audit rules based on filesystem event.

Proto:static void audit_update_watch(struct audit_parent *parent, const struct qstr *dname, dev_t dev, unsigned long ino, unsigned invalidating)

Type:void

Parameter:

TypeParameterName
struct audit_parent *parent
const struct qstr *dname
dev_tdev
unsigned longino
unsignedinvalidating
252  mutex_lock( & audit_filter_mutex)
256  If audit_compare_dname_path - compare given dentry name with last component in* given path. Return of 0 indicates a match.*@dname: dentry name that we're comparing*@path: full pathname that we're comparing*@parentlen: length of the parent if known Then Continue
262  If invalidating && Not audit_dummy_context() Then At syscall exit time, this filter is called if any audit_names have been* collected during syscall processing. We only check rules in sublists at hash* buckets applicable to the inode numbers in audit_names.
267  nwatch = Duplicate the given audit watch. The new watch's rules list is initialized* to an empty list and wlist is undefined.
268  If IS_ERR(nwatch) Then
269  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
270  audit_panic("error updating watch, skipping")
271  Return
273  associated superblock device = dev
274  associated inode number = ino
278  oentry = container_of - cast a member of a structure out to the containing structure*@ptr: the pointer to the member.*@type: the type of the container struct this is embedded in.*@member: the name of the member within the struct.(r, structaudit_entry, rule)
279  deletes entry from list
280  list_del_rcu - deletes entry from list without re-initialization*@entry: the element to delete from the list
282  nentry = Duplicate an audit rule. This will be a deep copy with the exception* of the watch - that pointer is carried over. The LSM specific fields* will be updated in the copy. The point is to be able to replace the old
283  If IS_ERR(nentry) Then
284  deletes entry from list
285  audit_panic("error updating watch, removing")
286  Else
287  h = audit_hash_ino((u32)ino)
294  audit_put_watch( associated watch )
295  audit_get_watch(nwatch)
296  associated watch = nwatch
297  list_add - add a new entry*@new: new entry to be added*@head: list head to add it after* Insert a new entry after the specified head.* This is good for implementing stacks.
298  list_add_rcu - add a new entry to rcu-protected list*@new: new entry to be added*@head: list head to add it after* Insert a new entry after the specified head
299  list_replace - replace old entry by new one*@old : the element to be replaced*@new : the new element to insert* If @old was empty, it will be overwritten.
302  If exe Then
305  audit_watch_log_rule_change(r, owatch, "updated_rules")
307  all_rcu() - Queue an RCU callback for invocation after a grace period
310  audit_remove_watch(owatch)
311  Go to add_watch_to_parent
313  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
314  Return
316  add_watch_to_parent :
317  list_add - add a new entry*@new: new entry to be added*@head: list head to add it after* Insert a new entry after the specified head.* This is good for implementing stacks.
318  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
319  Return
Caller
NameDescribe
audit_watch_handle_eventUpdate watch data in audit rules based on fsnotify events.