函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-27 12:31:07
Last Modify:2020-03-17 16:31:21 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:__audit_syscall_exit - deallocate audit context after a system call*@success: success value of the syscall*@return_code: return value of the syscall* Tear down after system call

函数原型:void __audit_syscall_exit(int success, long return_code)

返回类型:void

参数:

类型参数名称
intsuccess
longreturn_code
1678  context等于audit_context()
1679  如果非context则返回
1682  如果非链表为空audit_kill_trees(context)
1685  如果非调用号是系统调用
1686  如果success返回值等于AUDITSC_SUCCESS
1688  否则返回值等于AUDITSC_FAILURE
1702  如果此条件成立可能性小(为编译器优化)(return_code <= - These should never be seen by user programs. To return one of ERESTART** codes, signal_pending() MUST be set. Note that ptrace can observe these* at syscall exit tracing, but they will never be left for the debugged user* process to see.)且return_code大于等于负start by calling sys_restart_syscall return_code不等于负No ioctl command 返回码等于负EINTR
1706  否则返回码等于return_code
1709  At syscall entry and exit time, this filter is called if the* audit_state is not low enough that auditing cannot take place, but is* also not high enough that we already know we have to write an audit* record (i
1711  At syscall exit time, this filter is called if any audit_names have been* collected during syscall processing. We only check rules in sublists at hash* buckets applicable to the inode numbers in audit_names.
1712  如果当前状态恒等于全程审计audit_log_exit()
1716  是系统调用等于0
1717  prio等于如果状态恒等于全程审计则0ULL的反否则0
1719  audit_free_module(context)
1720  audit_free_names(context)
1721  unroll_tree_refs(context, NULL, 0)
1722  audit_free_aux(context)
1723  审计数据 = NULL
1724  aux_pids = NULL
1725  target_pid等于0
1726  target_sid等于0
1727  sockaddr_len等于0
1728  type等于0
1729  fds[0]等于负1
1730  如果状态不等于全程审计
1731  kfree(过滤规则)
1732  过滤规则 = NULL