Function report |
Source Code:kernel\auditfilter.c |
Create Date:2022-07-28 11:24:22 |
| Last Modify:2020-03-12 14:18:49 | Copyright©Brick |
| home page | Tree |
| Annotation kernel can get tool activity | Download SCCT | Chinese |
Name:audit_free_rule
Proto:static inline void audit_free_rule(struct audit_entry *e)
Type:void
Parameter:
| Type | Parameter | Name |
|---|---|---|
| struct audit_entry * | e |
| 87 | If associated watch Then |
| 89 | If fields Then When i < field_count cycle |
| 91 | audit_free_lsm_field( & fields[i]) |
| 93 | kfree( ties events to rules ) |
| Name | Describe |
|---|---|
| audit_free_rule_rcu | |
| audit_data_to_entry | Translate struct audit_rule_data to kernel's rule representation. |
| audit_dupe_rule | Duplicate an audit rule. This will be a deep copy with the exception* of the watch - that pointer is carried over. The LSM specific fields* will be updated in the copy. The point is to be able to replace the old |
| audit_rule_change | audit_rule_change - apply all rules to the specified message type*@type: audit message type*@seq: netlink audit message sequence (serial) number*@data: payload data*@datasz: size of payload data |
| Source code conversion tool public plug-in interface | X |
|---|---|
| Support c/c++/esqlc/java Oracle/Informix/Mysql Plug-in can realize: logical Report Code generation and batch code conversion |