函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-27 12:30:20
Last Modify:2020-03-17 16:31:21 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:At syscall exit time, this filter is called if any audit_names have been* collected during syscall processing. We only check rules in sublists at hash* buckets applicable to the inode numbers in audit_names.

函数原型:void audit_filter_inodes(struct task_struct *tsk, struct audit_context *ctx)

返回类型:void

参数:

类型参数名称
struct task_struct *tsk
struct audit_context *ctx
835  如果auditd_test_task - Check to see if a given task is an audit daemon*@task: the task to check* Description:* Return 1 if the task is a registered audit daemon, 0 otherwise.则返回
838  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
841  如果Given an audit_name check the inode hash table to see if they match.* Called holding the rcu read lock to protect the use of audit_inode_hash退出
844  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
调用者
名称描述
__audit_free__audit_free - free a per-task audit context*@tsk: task whose audit context block to free* Called from copy_process and do_exit
__audit_syscall_exit__audit_syscall_exit - deallocate audit context after a system call*@success: success value of the syscall*@return_code: return value of the syscall* Tear down after system call
audit_update_watchUpdate inode info in audit rules based on filesystem event.