函数逻辑报告

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-27 12:28:16
Last Modify:2020-03-12 14:18:49 Copyright©Brick
首页 函数Tree
注解内核,赢得工具下载SCCTEnglish

函数名称:Duplicate an audit rule. This will be a deep copy with the exception* of the watch - that pointer is carried over. The LSM specific fields* will be updated in the copy. The point is to be able to replace the old

函数原型:struct audit_entry *audit_dupe_rule(struct audit_krule *old)

返回类型:struct audit_entry

参数:

类型参数名称
struct audit_krule *old
813  fcount等于field_count
817  err等于0
819  entry等于Initialize an audit filterlist entry.
820  如果此条件成立可能性小(为编译器优化)(!entry)则返回:错误号
823  new等于rule
824  flags等于flags
825  pflags等于pflags
826  listnr等于listnr
827  action等于action
828 i小于AUDIT_BITMASK_SIZE循环mask[i]等于mask[i]
830  prio等于prio
831  for data alloc on list rules 等于 for data alloc on list rules
832  quick access to an inode field 等于 quick access to an inode field
833  field_count等于field_count
842  associated watched tree 等于 associated watched tree
843  内存复制(fields, fields, sizeof(structaudit_field) * fcount)
847 i小于fcount循环
849  :type恒等于security label user
850  :type恒等于security label role
851  :type恒等于security label type
852  :type恒等于security label sensitivity label
853  :type恒等于security label clearance label
854  :type恒等于AUDIT_OBJ_USER
855  :type恒等于AUDIT_OBJ_ROLE
856  :type恒等于AUDIT_OBJ_TYPE
857  :type恒等于AUDIT_OBJ_LEV_LOW
858  :type恒等于AUDIT_OBJ_LEV_HIGH
859  err等于Duplicate LSM field information. The lsm_rule is opaque, so must be* re-initialized.
861  退出
862  :type恒等于AUDIT_FILTERKEY
863  fk等于kstrdup( ties events to rules , GFP_KERNEL)
864  如果此条件成立可能性小(为编译器优化)(!fk)则err等于负ENOMEM
866  否则 ties events to rules 等于fk
868  退出
869  :type恒等于AUDIT_EXE
870  err等于audit_dupe_exe(new, old)
871  退出
873  如果err
874  如果exe
876  audit_free_rule(entry)
877  返回:错误号
881  如果 associated watch
883  associated watch 等于 associated watch
886  返回:entry
调用者
名称描述
update_lsm_rule
audit_update_watchUpdate inode info in audit rules based on filesystem event.