| Function report | 
| Source Code: kernel\auditfilter.c | Create Date:2022-07-28 11:25:27 | 
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick | 
| home page | Tree | 
| Annotation kernel can get tool activity | Download SCCT | Chinese | 
Name:audit_comparator
Proto:int audit_comparator(unsigned int left, unsigned int op, unsigned int right)
Type:int
Parameter:
| Type | Parameter | Name | 
|---|---|---|
| unsigned int | left | |
| unsigned int | op | |
| unsigned int | right | 
| 1200 | Case op == Audit_equal | 
| 1202 | Case op == Audit_not_equal | 
| 1212 | Case op == Audit_bitmask | 
| 1214 | Case op == Audit_bittest | 
| 1216 | Default | 
| 1217 | Return 0 | 
| Name | Describe | 
|---|---|
| audit_filter | |
| audit_filter_rules | Compare a task_struct with an audit_rule. Return 1 on match, 0* otherwise.* If task_creation is true, this is an explicit indication that we are* filtering a task rule at task creation time. This and tsk == current are | 
| __audit_inode | __audit_inode - store the inode and device from a lookup*@name: name being audited*@dentry: dentry being audited*@flags: attributes for this particular entry | 
| __audit_inode_child | __audit_inode_child - collect inode info for created/removed objects*@parent: inode of dentry parent*@dentry: dentry being audited*@type: AUDIT_TYPE_* value that we're looking for* For syscalls that create or remove filesystem objects, audit_inode | 
| Source code conversion tool public plug-in interface | X | 
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |