Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-28 11:25:13
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Find an existing audit rule.* Caller must hold audit_filter_mutex to prevent stale rule data.

Proto:static struct audit_entry *audit_find_rule(struct audit_entry *entry, struct list_head **p)

Type:struct audit_entry

Parameter:

TypeParameterName
struct audit_entry *entry
struct list_head **p
894  struct audit_entry * e, * found = NULL
898  If quick access to an inode field Then
899  h = audit_hash_ino(val)
900  p = list = Hash for inode-based rules [h]
901  Else if associated watch Then
903  When h < AUDIT_INODE_BUCKETS cycle
907  found = e
908  Go to out
911  Go to out
912  Else
913  p = list = Audit filter lists, defined in [listnr]
916  list_for_each_entry - iterate over list of given type*@pos: the type * to use as a loop cursor.*@head: the head for your list.*@member: the name of the list_head within the struct.(e, list, list)
917  If Not Compare two rules in kernel format. Considered success if rules* don't match. Then
918  found = e
919  Go to out
922  out :
923  Return found
Caller
NameDescribe
audit_add_ruleAdd rule to given filterlist if not a duplicate.
audit_del_ruleRemove an existing rule from filterlist.