Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\audit.c Create Date:2022-07-28 11:22:16
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:auditd_test_task - Check to see if a given task is an audit daemon*@task: the task to check* Description:* Return 1 if the task is a registered audit daemon, 0 otherwise.

Proto:int auditd_test_task(struct task_struct *task)

Type:int

Parameter:

TypeParameterName
struct task_struct *task
217  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
218  ac = fetch RCU-protected pointer for dereferencing(struct auditd_connection - kernel/auditd connection state*@pid: auditd PID*@portid: netlink portid*@net: the associated network namespace*@rcu: RCU head* Description:* This struct is RCU protected; you must either hold the RCU lock for reading)
219  rc = If ac && pid == task_tgid(task) Then 1 Else 0
220  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
222  Return rc
Caller
NameDescribe
audit_log_startaudit_log_start - obtain an audit buffer*@ctx: audit_context (may be NULL)*@gfp_mask: type of allocation*@type: audit message type* Returns audit_buffer pointer on success or NULL on error
audit_signal_infoaudit_signal_info - record signal info for shutting down audit subsystem*@sig: signal value*@t: task being signaled* If the audit subsystem is being terminated, record the task (pid)* and uid that is doing that.
audit_filter_syscallAt syscall entry and exit time, this filter is called if the* audit_state is not low enough that auditing cannot take place, but is* also not high enough that we already know we have to write an audit* record (i
audit_filter_inodesAt syscall exit time, this filter is called if any audit_names have been* collected during syscall processing. We only check rules in sublists at hash* buckets applicable to the inode numbers in audit_names.
__audit_syscall_entry__audit_syscall_entry - fill in an audit record at syscall entry*@major: major syscall type (function)*@a1: additional syscall register 1*@a2: additional syscall register 2*@a3: additional syscall register 3*@a4: additional syscall register 4