Function report |
Source Code:kernel\auditfilter.c |
Create Date:2022-07-28 11:25:13 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:Find an existing audit rule.* Caller must hold audit_filter_mutex to prevent stale rule data.
Proto:static struct audit_entry *audit_find_rule(struct audit_entry *entry, struct list_head **p)
Type:struct audit_entry
Parameter:
| Type | Parameter | Name |
|---|---|---|
| struct audit_entry * | entry | |
| struct list_head ** | p |
| 894 | struct audit_entry * e, * found = NULL |
| 898 | If quick access to an inode field Then |
| 899 | h = audit_hash_ino(val) |
| 900 | p = list = Hash for inode-based rules [h] |
| 901 | Else if associated watch Then |
| 903 | When h < AUDIT_INODE_BUCKETS cycle |
| 904 | list = Hash for inode-based rules [h] |
| 911 | Go to out |
| 912 | Else |
| 913 |
p = list = Audit filter lists, defined in |
| 916 | list_for_each_entry - iterate over list of given type*@pos: the type * to use as a loop cursor.*@head: the head for your list.*@member: the name of the list_head within the struct.(e, list, list) |
| 922 | out : |
| 923 | Return found |
| Name | Describe |
|---|---|
| audit_add_rule | Add rule to given filterlist if not a duplicate. |
| audit_del_rule | Remove an existing rule from filterlist. |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |