Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-28 11:28:06
Last Modify:2020-03-17 16:31:21 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:__audit_inode - store the inode and device from a lookup*@name: name being audited*@dentry: dentry being audited*@flags: attributes for this particular entry

Proto:void __audit_inode(struct filename *name, const struct dentry *dentry, unsigned int flags)

Type:void

Parameter:

TypeParameterName
struct filename *name
const struct dentry *dentry
unsigned intflags
1947  context = audit_context()
1948  inode = d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper
1950  parent = flags & dentry represents the parent
1952  list = Audit filter lists, defined in [Apply rule at __audit_inode_child ]
1955  If Not 1 if task is in a syscall Then Return
1958  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
1960  When i < field_count cycle
1961  f = fields[i]
1963  If type == FileSystem Type && audit_comparator(s_magic, op, val) && action == Do not build context if rule matches Then
1967  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
1968  Return
1972  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
1974  If Not name Then Go to out_alloc
1981  n = aname
1982  If n Then
1983  If parent Then
1984  If cord type == a parent audit record || cord type == we don't know yet Then Go to out
1987  Else
1988  If cord type != a parent audit record Then Go to out
1994  If ino Then
1996  If ino != Stat data, not accessed from path walking || dev != s_dev Then Continue
1999  Else if name Then
2003  Else Continue
2008  If parent Then
2012  Else
2013  If cord type != a parent audit record Then Go to out
2018  out_alloc :
2020  n = audit_alloc_name(context, we don't know yet )
2021  If Not n Then Return
2023  If name Then
2024  name = name
2025  refcnt++
2028  out :
2029  If parent Then
2030  umber of chars to log = If name Then parent_len - find the length of the parent portion of a pathname*@path: pathname of which to determine length Else Indicates that audit should log the full pathname.
2031  cord type = a parent audit record
2032  If flags & audit record should be hidden Then don't log this record = true
2034  Else
2035  umber of chars to log = Indicates that audit should log the full pathname.
2036  cord type = a "normal" audit record
2038  handle_path(dentry)
2039  Copy inode data into an audit_names.
Caller
NameDescribe
__audit_file