函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-27 12:28:46
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:audit_filter

函数原型:int audit_filter(int msgtype, unsigned int listtype)

返回类型:int

参数:

类型参数名称
intmsgtype
unsigned intlisttype
1325  ret等于1
1327  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
1329  result等于0
1331 i小于field_count循环
1332  f等于fields[i]
1337  :type恒等于These are useful when checking the* task structure at task creation time* (AUDIT_PER_TASK).
1338  pid等于task_pid_nr(当前进程)
1339  result等于audit_comparator(pid, op, val)
1340  退出
1341  :type恒等于AUDIT_UID
1342  result等于audit_uid_comparator(current_uid(), op, uid)
1343  退出
1344  :type恒等于AUDIT_GID
1345  result等于audit_gid_comparator(current_gid(), op, gid)
1346  退出
1347  :type恒等于AUDIT_LOGINUID
1348  result等于audit_uid_comparator(audit_get_loginuid(当前进程), op, uid)
1350  退出
1351  :type恒等于AUDIT_LOGINUID_SET
1352  result等于audit_comparator(audit_loginuid_set(当前进程), op, val)
1354  退出
1355  :type恒等于AUDIT_MSGTYPE
1356  result等于audit_comparator(msgtype, op, val)
1357  退出
1358  :type恒等于security label user
1359  :type恒等于security label role
1360  :type恒等于security label type
1361  :type恒等于security label sensitivity label
1362  :type恒等于security label clearance label
1363  如果lsm_rule
1368  退出
1369  :type恒等于AUDIT_EXE
1370  result等于audit_exe_compare(当前进程, exe)
1371  如果op恒等于Audit_not_equalresult等于非result
1373  退出
1374  默认
1375  转到:unlock_and_return
1377  如果result小于0则转到:unlock_and_return
1379  如果非result退出
1382  如果result大于0则
1383  如果action恒等于Do not build context if rule matches listtype恒等于Apply rule before record creation ret等于0
1385  退出
1388  unlock_and_return :
1389  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
1390  返回:ret
调用者
名称描述
audit_log_start申请审计缓冲区
audit_receive_msg