Function Report

Linux Kernel (v4.4)

Source File:kernel\auditsc.c Create Date:2016-01-14 11:32:53
Last Modify:2016-01-11 07:01:32 Copyright©Brick
home page Tree
Annotate the kernelChinese

Function Name:audit_alloc

Function:int audit_alloc(struct task_struct *tsk)

Return Type:int

Parameter:

Type Parameter NameRemarks
struct task_struct * tsk task

Function description: allocate an audit context block for a task

924  *key = NULL
926  If Value is more likely to compile time then Returning 0
929  At task start time, the audit_state is set in the audit_context using a per-task filter. At syscall entry, the audit_state is augmented by the syscall filter. = At process creation time, we can determine if system-call auditing is completely disabled for this task. Since we only have the task structure at this point, we can only check uid and gid.
930  If At task start time, the audit_state is set in the audit_context using a per-task filter. At syscall entry, the audit_state is augmented by the syscall filter. == Do not create per-task audit_context. No syscall-specific audit records can be generated. then
931  clear_tsk_thread_flag( task, syscall auditing active)
932  Returning 0
935  If !(The per-task audit context. = audit_alloc_context(At task start time, the audit_state is set in the audit_context using a per-task filter. At syscall entry, the audit_state is augmented by the syscall filter.)) then
936  kfree(key)
937  conditionally log lost audit message event
938  Returning -Out of memory
940  key for rule that triggered record = key
942  audit_context = The per-task audit context.
943  set thread flags in other task's structures- see asm/thread_info.h for TIF_xxxx flags available
944  Returning 0
Caller
Function NameFunction description
copy_processCreate a new process