函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-27 12:27:36
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Common user-space to kernel rule translation.

函数原型:static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *rule)

返回类型:struct audit_entry

参数:

类型参数名称
struct audit_rule_data *rule
241  err等于负EINVAL
242  listnr等于AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND 按位与Prepend to front of list 的反
244  默认
245  转到:exit_err
253  :listnr恒等于Apply rule to user-generated messages
254  :listnr恒等于Apply rule before record creation
255  :listnr恒等于Apply rule at __audit_inode_child
258  如果此条件成立可能性小(为编译器优化)(AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS == Build context if rule matches )则
259  打印错误信息("AUDIT_POSSIBLE is deprecated\n")
260  转到:exit_err
262  如果AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS 不等于Do not build context if rule matches AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS 不等于Generate audit record if rule matches 则转到:exit_err
264  如果field_count大于Rule structure sizes -- if these change, different AUDIT_ADD and* AUDIT_LIST commands must be implemented. 则转到:exit_err
267  err等于负ENOMEM
268  entry等于Initialize an audit filterlist entry.
269  如果非entry则转到:exit_err
272  flags等于AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND 按位与Prepend to front of list
273  listnr等于listnr
274  action等于AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS
275  field_count等于field_count
277 i小于AUDIT_BITMASK_SIZE循环mask[i]等于syscall(s) affected [i]
280 i小于AUDIT_SYSCALL_CLASSES循环
281  bit等于AUDIT_BITMASK_SIZE乘32减i减1
282  p等于mask[AUDIT_WORD(bit)]
285  如果非p按位与AUDIT_BIT(bit)的值则继续下一循环
287  p与等于AUDIT_BIT(bit)的反
288  class等于classes[i]
289  如果class
291 j小于AUDIT_BITMASK_SIZE循环mask[j]或等于class[j]
296  返回:entry
298  exit_err :
299  返回:错误号
调用者
名称描述
audit_data_to_entryTranslate struct audit_rule_data to kernel's rule representation.