Function report |
Source Code:kernel\auditfilter.c |
Create Date:2022-07-28 11:24:32 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:Common user-space to kernel rule translation.
Proto:static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *rule)
Type:struct audit_entry
Parameter:
| Type | Parameter | Name |
|---|---|---|
| struct audit_rule_data * | rule |
| 244 | Default |
| 245 | Go to exit_err |
| 253 | Case listnr == Apply rule to user-generated messages |
| 254 | Case listnr == Apply rule before record creation |
| 255 | Case listnr == Apply rule at __audit_inode_child |
| 262 | If AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS != Do not build context if rule matches && AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS != Generate audit record if rule matches Then Go to exit_err |
| 264 | If field_count > Rule structure sizes -- if these change, different AUDIT_ADD and* AUDIT_LIST commands must be implemented. Then Go to exit_err |
| 275 | field_count = field_count |
| 277 | When i < AUDIT_BITMASK_SIZE cycle mask[i] = syscall(s) affected [i] |
| 280 | When i < AUDIT_SYSCALL_CLASSES cycle |
| 296 | Return entry |
| 298 | exit_err : |
| Name | Describe |
|---|---|
| audit_data_to_entry | Translate struct audit_rule_data to kernel's rule representation. |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |