Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-28 11:25:37
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:audit_filter

Proto:int audit_filter(int msgtype, unsigned int listtype)

Type:int

Parameter:

TypeParameterName
intmsgtype
unsigned intlisttype
1325  ret = 1
1327  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
1329  result = 0
1331  When i < field_count cycle
1332  f = fields[i]
1337  Case type == These are useful when checking the* task structure at task creation time* (AUDIT_PER_TASK).
1338  pid = task_pid_nr(current process)
1339  result = audit_comparator(pid, op, val)
1340  Break
1341  Case type == AUDIT_UID
1342  result = audit_uid_comparator(current_uid(), op, uid)
1343  Break
1344  Case type == AUDIT_GID
1345  result = audit_gid_comparator(current_gid(), op, gid)
1346  Break
1347  Case type == AUDIT_LOGINUID
1348  result = audit_uid_comparator(audit_get_loginuid(current process), op, uid)
1350  Break
1351  Case type == AUDIT_LOGINUID_SET
1352  result = audit_comparator(audit_loginuid_set(current process), op, val)
1354  Break
1355  Case type == AUDIT_MSGTYPE
1356  result = audit_comparator(msgtype, op, val)
1357  Break
1358  Case type == security label user
1359  Case type == security label role
1360  Case type == security label type
1361  Case type == security label sensitivity label
1362  Case type == security label clearance label
1363  If lsm_rule Then
1368  Break
1369  Case type == AUDIT_EXE
1370  result = audit_exe_compare(current process, exe)
1371  If op == Audit_not_equal Then result = Not result
1373  Break
1374  Default
1375  Go to unlock_and_return
1377  If result < 0 Then Go to unlock_and_return
1379  If Not result Then Break
1382  If result > 0 Then
1383  If action == Do not build context if rule matches || listtype == Apply rule before record creation Then ret = 0
1385  Break
1388  unlock_and_return :
1389  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
1390  Return ret
Caller
NameDescribe
audit_log_startaudit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error