函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit_watch.c Create Date:2022-07-27 12:32:31
Last Modify:2020-03-17 17:15:07 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Update inode info in audit rules based on filesystem event.

函数原型:static void audit_update_watch(struct audit_parent *parent, const struct qstr *dname, dev_t dev, unsigned long ino, unsigned invalidating)

返回类型:void

参数:

类型参数名称
struct audit_parent *parent
const struct qstr *dname
dev_tdev
unsigned longino
unsignedinvalidating
252  mutex_lock( & audit_filter_mutex)
256  如果audit_compare_dname_path - compare given dentry name with last component in* given path. Return of 0 indicates a match.*@dname: dentry name that we're comparing*@path: full pathname that we're comparing*@parentlen: length of the parent if known则继续下一循环
262  如果invalidating且非audit_dummy_context()则At syscall exit time, this filter is called if any audit_names have been* collected during syscall processing. We only check rules in sublists at hash* buckets applicable to the inode numbers in audit_names.
267  nwatch等于Duplicate the given audit watch. The new watch's rules list is initialized* to an empty list and wlist is undefined.
268  如果是错误
269  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
270  audit_panic("error updating watch, skipping")
271  返回
273  associated superblock device 等于dev
274  associated inode number 等于ino
278  oentry等于container_of - cast a member of a structure out to the containing structure*@ptr: the pointer to the member.*@type: the type of the container struct this is embedded in.*@member: the name of the member within the struct.(r, structaudit_entry, rule)
279  删除链表项
280  删除不需要重新初始化的列表项
282  nentry等于Duplicate an audit rule. This will be a deep copy with the exception* of the watch - that pointer is carried over. The LSM specific fields* will be updated in the copy. The point is to be able to replace the old
283  如果是错误
284  删除链表项
285  audit_panic("error updating watch, removing")
286  否则
287  h等于audit_hash_ino((u32)ino)
294  audit_put_watch( associated watch )
295  audit_get_watch(nwatch)
296  associated watch 等于nwatch
297  添加链表项
298  添加RCU保护项
299  更新链表项
302  如果exe
305  audit_watch_log_rule_change(r, owatch, "updated_rules")
307  all_rcu() - Queue an RCU callback for invocation after a grace period
310  audit_remove_watch(owatch)
311  转到:add_watch_to_parent
313  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
314  返回
316  add_watch_to_parent :
317  添加链表项
318  mutex_unlock - release the mutex*@lock: the mutex to be released* Unlock a mutex that has been locked by this task previously.* This function must not be used in interrupt context. Unlocking* of a not locked mutex is not allowed.
319  返回
调用者
名称描述
audit_watch_handle_eventUpdate watch data in audit rules based on fsnotify events.