函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditsc.c Create Date:2022-07-27 12:30:16
Last Modify:2020-03-17 16:31:21 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:At process creation time, we can determine if system-call auditing is* completely disabled for this task. Since we only have the task* structure at this point, we can only check uid and gid.

函数原型:static enum audit_state audit_filter_task(struct task_struct *tsk, char **key)

返回类型:enum audit_state

参数:

类型参数名称
struct task_struct *tsk
char **key
745  _read_lock() - mark the beginning of an RCU read-side critical section* When synchronize_rcu() is invoked on one CPU while other CPUs* are within RCU read-side critical sections, then the* synchronize_rcu() is guaranteed to block until after all the other
747  如果Compare a task_struct with an audit_rule. Return 1 on match, 0* otherwise.* If task_creation is true, this is an explicit indication that we are* filtering a task rule at task creation time. This and tsk == current are
749  如果state恒等于全程审计key等于kstrdup( ties events to rules , DOC: Useful GFP flag combinations* Useful GFP flag combinations* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~* Useful GFP flag combinations that are commonly used. It is recommended* that subsystems start with one of these combinations and then set/clear)
751  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
752  返回:state
755  _read_unlock() - marks the end of an RCU read-side critical section.* In most situations, rcu_read_unlock() is immune from deadlock.* However, in kernels built with CONFIG_RCU_BOOST, rcu_read_unlock()
756  返回:创建时审计
调用者
名称描述
audit_alloc安全审计