函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-27 12:31:30
Last Modify:2020-03-17 16:31:21 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:__audit_inode_child - collect inode info for created/removed objects*@parent: inode of dentry parent*@dentry: dentry being audited*@type: AUDIT_TYPE_* value that we're looking for* For syscalls that create or remove filesystem objects, audit_inode

函数原型:void __audit_inode_child(struct inode *parent, const struct dentry *dentry, const unsigned char type)

返回类型:void

参数:

类型参数名称
struct inode *parent
const struct dentry *dentry
const unsigned chartype
2065  context等于audit_context()
2066  inode等于d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper
2067  dname等于d_name
2068  struct audit_names * n, * found_parent = NULL, * found_child = NULL
2070  list等于Audit filter lists, defined in [Apply rule at __audit_inode_child ]
2073  如果非是系统调用则返回
2076  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
2078 i小于field_count循环
2079  f等于fields[i]
2081  如果type恒等于FileSystem Type audit_comparator(s_magic, op, val)且action恒等于Do not build context if rule matches
2085  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
2086  返回
2090  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
2092  如果inodehandle_one(inode)
2097  如果非namecord type 不等于a parent audit record cord type 不等于we don't know yet 则继续下一循环
2102  如果ino恒等于Stat data, not accessed from path walking dev恒等于s_dev且非audit_compare_dname_path - compare given dentry name with last component in* given path. Return of 0 indicates a match.*@dname: dentry name that we're comparing*@path: full pathname that we're comparing*@parentlen: length of the parent if known
2105  如果cord type 恒等于we don't know yet cord type 等于a parent audit record
2107  found_parent等于n
2108  退出
2115  如果非namecord type 不等于typecord type 不等于we don't know yet 则继续下一循环
2119  如果非字符串比较或非audit_compare_dname_path - compare given dentry name with last component in* given path. Return of 0 indicates a match.*@dname: dentry name that we're comparing*@path: full pathname that we're comparing*@parentlen: length of the parent if known
2124  如果cord type 恒等于we don't know yet cord type 等于type
2126  found_child等于n
2127  退出
2131  如果非found_parent
2133  n等于audit_alloc_name(context, a parent audit record )
2134  如果非n则返回
2136  Copy inode data into an audit_names.
2139  如果非found_child
2140  found_child等于audit_alloc_name(context, type)
2141  如果非found_child则返回
2147  如果found_parent
2148  name等于name
2149  umber of chars to log 等于Indicates that audit should log the full pathname.
2150  refcnt自加
2154  如果inodeCopy inode data into an audit_names.
2156  否则ino等于AUDIT_INO_UNSET