audit_data_to

函数名称：Translate struct audit_rule_data to kernel's rule representation.

函数原型：static struct audit_entry *audit_data_to_entry(struct audit_rule_data *data, size_t datasz)

返回类型：struct audit_entry

参数：

类型	参数	名称
struct audit_rule_data *	data
size_t	datasz

458

f等于fields[i]

461

err等于负EINVAL

463

op等于audit_to_op(fieldflags[i])

464

如果op恒等于Audit_bad则转到:exit_free

467

type等于fields[i]

468

f_val等于values[i]

471

如果type恒等于AUDIT_LOGINUID且f_val恒等于AUDIT_UID_UNSET则

472

type等于AUDIT_LOGINUID_SET

473

f_val等于0

474

pflags或等于Flag to indicate legacy AUDIT_LOGINUID unset usage

477

err等于heck if an audit field is valid

478

如果err则转到:exit_free

481

err等于负EINVAL

483

当:type恒等于AUDIT_LOGINUID

484

当:type恒等于AUDIT_UID

485

当:type恒等于AUDIT_EUID

486

当:type恒等于AUDIT_SUID

487

当:type恒等于AUDIT_FSUID

488

当:type恒等于AUDIT_OBJ_UID

489

uid等于make_kuid - Map a user-namespace uid pair into a kuid

490

如果非uid_valid(uid)则转到:exit_free

492

退出

493

当:type恒等于AUDIT_GID

494

当:type恒等于AUDIT_EGID

495

当:type恒等于AUDIT_SGID

496

当:type恒等于AUDIT_FSGID

497

当:type恒等于AUDIT_OBJ_GID

498

gid等于make_kgid - Map a user-namespace gid pair into a kgid

499

如果非gid_valid(gid)则转到:exit_free

501

退出

502

当:type恒等于AUDIT_ARCH

503

val等于f_val

504

quick access to arch field 等于f

505

退出

506

当:type恒等于security label user

507

当:type恒等于security label role

508

当:type恒等于security label type

509

当:type恒等于security label sensitivity label

510

当:type恒等于security label clearance label

511

当:type恒等于AUDIT_OBJ_USER

512

当:type恒等于AUDIT_OBJ_ROLE

513

当:type恒等于AUDIT_OBJ_TYPE

514

当:type恒等于AUDIT_OBJ_LEV_LOW

515

当:type恒等于AUDIT_OBJ_LEV_HIGH

516

str等于Unpack a filter field's string representation from user-space* buffer.

517

如果是错误则

518

err等于错误

519

转到:exit_free

521

for data alloc on list rules 加等于f_val

522

lsm_str等于str

523

err等于security_audit_rule_init(type, op, str, (void * * ) & lsm_rule)

527

如果err恒等于负EINVAL则

528

打印警告信息("audit rule for LSM \'%s\' is invalid\n", str)

530

err等于0

531

否则如果err则转到:exit_free

533

退出

534

当:type恒等于AUDIT_WATCH

535

str等于Unpack a filter field's string representation from user-space* buffer.

536

如果是错误则

537

err等于错误

538

转到:exit_free

540

err等于audit_to_watch( & rule, str, f_val, op)

541

如果err则

542

kfree(str)

543

转到:exit_free

545

for data alloc on list rules 加等于f_val

546

退出

547

当:type恒等于AUDIT_DIR

548

str等于Unpack a filter field's string representation from user-space* buffer.

549

如果是错误则

550

err等于错误

551

转到:exit_free

553

err等于audit_make_tree( & rule, str, op)

554

kfree(str)

555

如果err则转到:exit_free

557

for data alloc on list rules 加等于f_val

558

退出

559

当:type恒等于AUDIT_INODE

560

val等于f_val

561

err等于Translate an inode field to kernel representation.

562

如果err则转到:exit_free

564

退出

565

当:type恒等于AUDIT_FILTERKEY

566

如果 ties events to rules 或f_val大于AUDIT_MAX_KEY_LEN则转到:exit_free

568

str等于Unpack a filter field's string representation from user-space* buffer.

569

如果是错误则

570

err等于错误

571

转到:exit_free

573

for data alloc on list rules 加等于f_val

574

ties events to rules 等于str

575

退出

576

当:type恒等于AUDIT_EXE

577

如果exe或f_val大于# chars in a path name including nul 则转到:exit_free

579

str等于Unpack a filter field's string representation from user-space* buffer.

580

如果是错误则

581

err等于错误

582

转到:exit_free

584

audit_mark等于audit_alloc_mark( & rule, str, f_val)

585

如果是错误则

586

kfree(str)

587

err等于错误

588

转到:exit_free

590

for data alloc on list rules 加等于f_val

591

exe等于audit_mark

592

退出

593

默认

594

val等于f_val

595

退出

函数逻辑报告