函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-27 12:28:04
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Translate kernel rule representation to struct audit_rule_data.

函数原型:static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)

返回类型:struct audit_rule_data

参数:

类型参数名称
struct audit_krule *krule
632  data等于开辟内存
633  如果此条件成立可能性小(为编译器优化)(!data)则返回:NULL
635  memset(data, 0, data的长度)
637  AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND 等于flags按位或listnr
638  AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS 等于action
639  field_count等于field_count
640  bufp等于string fields buffer
641 i小于field_count循环
642  f等于fields[i]
644  fields[i]等于type
645  fieldflags[i]等于audit_ops[op]
647  :type恒等于security label user
648  :type恒等于security label role
649  :type恒等于security label type
650  :type恒等于security label sensitivity label
651  :type恒等于security label clearance label
652  :type恒等于AUDIT_OBJ_USER
653  :type恒等于AUDIT_OBJ_ROLE
654  :type恒等于AUDIT_OBJ_TYPE
655  :type恒等于AUDIT_OBJ_LEV_LOW
656  :type恒等于AUDIT_OBJ_LEV_HIGH
657  al length of string fields 加等于values[i]等于Pack a filter field's string representation into data block.
659  退出
660  :type恒等于AUDIT_WATCH
661  al length of string fields 加等于values[i]等于Pack a filter field's string representation into data block.
664  退出
665  :type恒等于AUDIT_DIR
666  al length of string fields 加等于values[i]等于Pack a filter field's string representation into data block.
669  退出
670  :type恒等于AUDIT_FILTERKEY
671  al length of string fields 加等于values[i]等于Pack a filter field's string representation into data block.
673  退出
674  :type恒等于AUDIT_EXE
675  al length of string fields 加等于values[i]等于Pack a filter field's string representation into data block.
677  退出
678  :type恒等于AUDIT_LOGINUID_SET
679  如果pflags按位与Flag to indicate legacy AUDIT_LOGINUID unset usage 且非val
680  fields[i]等于AUDIT_LOGINUID
681  values[i]等于AUDIT_UID_UNSET
682  退出
685  默认
686  values[i]等于val
689 i小于AUDIT_BITMASK_SIZE循环syscall(s) affected [i]等于mask[i]
691  返回:data
调用者
名称描述
audit_list_rulesList rules using struct audit_rule_data.