audit_watch_handle_event

函数名称：Update watch data in audit rules based on fsnotify events.

函数原型：static int audit_watch_handle_event(struct fsnotify_group *group, struct inode *to_tell, unsigned int mask, const void *data, int data_type, const struct qstr *dname, unsigned int cookie, struct fsnotify_iter_info *iter_info)

返回类型：int

参数：

类型	参数	名称
struct fsnotify_group *	group
struct inode *	to_tell
unsigned int	mask
const void *	data
int	data_type
const struct qstr *	dname
unsigned int	cookie
struct fsnotify_iter_info *	iter_info

475

inode_mark等于fsnotify_iter_inode_mark(iter_info)

479

parent等于container_of - cast a member of a structure out to the containing structure*@ptr: the pointer to the member.*@type: the type of the container struct this is embedded in.*@member: the name of the member within the struct.(inode_mark, structaudit_parent, mark)

481

BUG_ON(group != snotify handle. )

484

当:data_type恒等于FSNOTIFY_EVENT_PATH

485

inode等于d_backing_inode - Get upper or lower inode we should be using*@upper: The upper layer* This is the helper that should be used to get at the inode that will be used* if this dentry were to be opened as a file. The inode may be on the upper

486

487

当:data_type恒等于FSNOTIFY_EVENT_INODE

488

inode等于data

489

490

默认

491

BUG()

492

inode = NULL

493

496

如果mask按位与Subfile was created 按位或File was moved to Y 的值且inode则Update inode info in audit rules based on filesystem event.

498

否则如果mask按位与Subfile was deleted 按位或File was moved from X 的值则Update inode info in audit rules based on filesystem event.

500

否则如果mask按位与Self was deleted 按位或de on umount fs 按位或Self was moved 的值则Remove all watches & rules associated with a parent that is going away.

503

返回:0

源代码转换工具开放的插件接口	X
支持：c/c++/esqlc/java Oracle/Informix/Mysql 插件可实现：逻辑报告代码生成和批量转换代码