Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-28 11:27:50
Last Modify:2020-03-17 16:31:21 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:__audit_syscall_exit - deallocate audit context after a system call*@success: success value of the syscall*@return_code: return value of the syscall* Tear down after system call

Proto:void __audit_syscall_exit(int success, long return_code)

Type:void

Parameter:

TypeParameterName
intsuccess
longreturn_code
1678  context = audit_context()
1679  If Not context Then Return
1682  If Not list_empty - tests whether a list is empty*@head: the list to test. Then audit_kill_trees(context)
1685  If Not must be the first element && 1 if task is in a syscall Then
1686  If success Then urn code is valid = AUDITSC_SUCCESS
1688  Else urn code is valid = AUDITSC_FAILURE
1702  If Value for the false possibility is greater at compile time(return_code <= - These should never be seen by user programs. To return one of ERESTART** codes, signal_pending() MUST be set. Note that ptrace can observe these* at syscall exit tracing, but they will never be left for the debugged user* process to see.) && return_code >= -start by calling sys_restart_syscall && return_code != -No ioctl command Then syscall return code = -EINTR
1706  Else syscall return code = return_code
1709  At syscall entry and exit time, this filter is called if the* audit_state is not low enough that auditing cannot take place, but is* also not high enough that we already know we have to write an audit* record (i
1711  At syscall exit time, this filter is called if any audit_names have been* collected during syscall processing. We only check rules in sublists at hash* buckets applicable to the inode numbers in audit_names.
1712  If current_state == AUDIT_RECORD_CONTEXT Then audit_log_exit()
1716  1 if task is in a syscall = 0
1717  prio = If state == AUDIT_RECORD_CONTEXT Then ~0ULL Else 0
1719  audit_free_module(context)
1720  audit_free_names(context)
1721  unroll_tree_refs(context, NULL, 0)
1722  audit_free_aux(context)
1723  aux = NULL
1724  aux_pids = NULL
1725  target_pid = 0
1726  target_sid = 0
1727  sockaddr_len = 0
1728  type = 0
1729  fds[0] = -1
1730  If state != AUDIT_RECORD_CONTEXT Then
1731  kfree(key for rule that triggered record )
1732  key for rule that triggered record = NULL