Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit_watch.c Create Date:2022-07-28 11:29:24
Last Modify:2020-03-17 17:15:07 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:audit_exe_compare

Proto:int audit_exe_compare(struct task_struct *tsk, struct audit_fsnotify_mark *mark)

Type:int

Parameter:

TypeParameterName
struct task_struct *tsk
struct audit_fsnotify_mark *mark
547  exe_file = get_task_exe_file - acquire a reference to the task's executable file* Returns %NULL if task's mm (if any) has no associated executable file or* this is a kernel thread with borrowed mm (see the comment above get_task_mm).
548  If Not exe_file Then Return 0
550  ino = Stat data, not accessed from path walking
551  dev = s_dev
552  fput(exe_file)
553  Return audit_mark_compare(mark, ino, dev)
Caller
NameDescribe
audit_filter
audit_filter_rulesCompare a task_struct with an audit_rule. Return 1 on match, 0* otherwise.* If task_creation is true, this is an explicit indication that we are* filtering a task rule at task creation time. This and tsk == current are