Function report

Linux Kernel

v5.5.9

Brick Technologies Co., Ltd

Source Code:kernel\auditfilter.c Create Date:2022-07-28 11:25:23
Last Modify:2020-03-12 14:18:49 Copyright©Brick
home page Tree
Annotation kernel can get tool activityDownload SCCTChinese

Name:audit_rule_change - apply all rules to the specified message type*@type: audit message type*@seq: netlink audit message sequence (serial) number*@data: payload data*@datasz: size of payload data

Proto:int audit_rule_change(int type, int seq, void *data, size_t datasz)

Type:int

Parameter:

TypeParameterName
inttype
intseq
void *data
size_tdatasz
1125  err = 0
1129  Case type == Add syscall filtering rule
1130  entry = Translate struct audit_rule_data to kernel's rule representation.
1131  If IS_ERR(entry) Then Return PTR_ERR(entry)
1133  err = Add rule to given filterlist if not a duplicate.
1134  Log rule additions and removals
1135  Break
1136  Case type == Delete syscall filtering rule
1137  entry = Translate struct audit_rule_data to kernel's rule representation.
1138  If IS_ERR(entry) Then Return PTR_ERR(entry)
1140  err = Remove an existing rule from filterlist.
1141  Log rule additions and removals
1142  Break
1143  Default
1144  WARN_ON(1)
1145  Return -EINVAL
1148  If err || type == Delete syscall filtering rule Then
1149  If exe Then
1151  audit_free_rule(entry)
1154  Return err