Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-28 11:24:58
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:Translate kernel rule representation to struct audit_rule_data.

Proto:static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)

Type:struct audit_rule_data

Parameter:

TypeParameterName
struct audit_krule *krule
632  data = Allocation memory
633  If Value for the false possibility is greater at compile time(!data) Then Return NULL
635  memset(data, 0, size of data )
637  AUDIT_PER_{TASK,CALL}, AUDIT_PREPEND = flags | listnr
638  AUDIT_NEVER, AUDIT_POSSIBLE, AUDIT_ALWAYS = action
639  field_count = field_count
640  bufp = string fields buffer
641  When i < field_count cycle
642  f = fields[i]
644  fields[i] = type
645  fieldflags[i] = audit_ops[op]
647  Case type == security label user
648  Case type == security label role
649  Case type == security label type
650  Case type == security label sensitivity label
651  Case type == security label clearance label
652  Case type == AUDIT_OBJ_USER
653  Case type == AUDIT_OBJ_ROLE
654  Case type == AUDIT_OBJ_TYPE
655  Case type == AUDIT_OBJ_LEV_LOW
656  Case type == AUDIT_OBJ_LEV_HIGH
657  al length of string fields += values[i] = Pack a filter field's string representation into data block.
659  Break
660  Case type == AUDIT_WATCH
661  al length of string fields += values[i] = Pack a filter field's string representation into data block.
664  Break
665  Case type == AUDIT_DIR
666  al length of string fields += values[i] = Pack a filter field's string representation into data block.
669  Break
670  Case type == AUDIT_FILTERKEY
671  al length of string fields += values[i] = Pack a filter field's string representation into data block.
673  Break
674  Case type == AUDIT_EXE
675  al length of string fields += values[i] = Pack a filter field's string representation into data block.
677  Break
678  Case type == AUDIT_LOGINUID_SET
679  If pflags & Flag to indicate legacy AUDIT_LOGINUID unset usage && Not val Then
680  fields[i] = AUDIT_LOGINUID
681  values[i] = AUDIT_UID_UNSET
682  Break
685  Default
686  values[i] = val
689  When i < AUDIT_BITMASK_SIZE cycle syscall(s) affected [i] = mask[i]
691  Return data
Caller
NameDescribe
audit_list_rulesList rules using struct audit_rule_data.