Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-28 11:27:01
Last Modify:2020-03-17 16:31:21 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:At process creation time, we can determine if system-call auditing is* completely disabled for this task. Since we only have the task* structure at this point, we can only check uid and gid.

Proto:static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)

Type:enum audit_state

Parameter:

TypeParameterName
struct task_struct *tsk
char **key
745  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
747  If Compare a task_struct with an audit_rule. Return 1 on match, 0* otherwise.* If task_creation is true, this is an explicit indication that we are* filtering a task rule at task creation time. This and tsk == current are Then
749  If state == AUDIT_RECORD_CONTEXT Then key = kstrdup( ties events to rules , DOC: Useful GFP flag combinations* Useful GFP flag combinations* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~* Useful GFP flag combinations that are commonly used. It is recommended* that subsystems start with one of these combinations and then set/clear)
751  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
752  Return state
755  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
756  Return Create the per-task audit_context,* and fill it in at syscall* entry time. This makes a full* syscall record available if some* other part of the kernel decides it* should be recorded.
Caller
NameDescribe
audit_allocaudit_alloc - allocate an audit context block for a task*@tsk: task* Filter on the task information and allocate a per-task audit context* if necessary. Doing so turns on system call auditing for the* specified task