Searched refs:rule (Results 1 – 6 of 6) sorted by relevance
| /kernel/ |
| A D | auditfilter.c | 266 if (rule->action != AUDIT_NEVER && rule->action != AUDIT_ALWAYS) in audit_to_entry_common()
276 entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND; in audit_to_entry_common()
278 entry->rule.action = rule->action; in audit_to_entry_common()
279 entry->rule.field_count = rule->field_count; in audit_to_entry_common()
282 entry->rule.mask[i] = rule->mask[i]; in audit_to_entry_common()
608 if (entry->rule.inode_f && entry->rule.inode_f->op == Audit_not_equal) in audit_data_to_entry()
916 if (!audit_compare_rule(&entry->rule, &e->rule)) { in audit_find_rule()
927 if (!audit_compare_rule(&entry->rule, &e->rule)) { in audit_find_rule()
1049 if (e->rule.watch) in audit_del_rule()
1052 if (e->rule.tree) in audit_del_rule()
[all …]
|
| A D | audit_tree.c | 548 entry = container_of(rule, struct audit_entry, rule); in kill_rules()
551 if (rule->tree) { in kill_rules()
556 rule->tree = NULL; in kill_rules()
650 tree = rule->tree; in audit_remove_tree_rule()
659 rule->tree = NULL; in audit_remove_tree_rule()
664 rule->tree = NULL; in audit_remove_tree_rule()
730 rule->inode_f || rule->watch || rule->tree) in audit_make_tree()
733 if (!rule->tree) in audit_make_tree()
811 rule->tree = NULL; in audit_add_tree_rule()
815 rule->tree = tree; in audit_add_tree_rule()
[all …]
|
| A D | audit_fsnotify.c | 31 struct audit_krule *rule; member
101 audit_mark->rule = krule; in audit_alloc_mark()
118 struct audit_krule *rule = audit_mark->rule; in audit_mark_log_rule_change() local
128 audit_log_key(ab, rule->filterkey); in audit_mark_log_rule_change()
129 audit_log_format(ab, " list=%d res=1", rule->listnr); in audit_mark_log_rule_change()
148 struct audit_krule *rule = audit_mark->rule; in audit_autoremove_mark_rule() local
149 struct audit_entry *entry = container_of(rule, struct audit_entry, rule); in audit_autoremove_mark_rule()
|
| A D | audit_watch.c | 280 list_del(&oentry->rule.rlist); in audit_update_watch()
283 nentry = audit_dupe_rule(&oentry->rule); in audit_update_watch()
285 list_del(&oentry->rule.list); in audit_update_watch()
295 audit_put_watch(nentry->rule.watch); in audit_update_watch()
297 nentry->rule.watch = nwatch; in audit_update_watch()
300 list_replace(&oentry->rule.list, in audit_update_watch()
301 &nentry->rule.list); in audit_update_watch()
303 if (oentry->rule.exe) in audit_update_watch()
304 audit_remove_mark(oentry->rule.exe); in audit_update_watch()
333 if (e->rule.exe) in audit_remove_parent_watches()
[all …]
|
| A D | audit.h | 53 struct audit_krule rule; member
293 extern int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op);
294 extern int audit_add_tree_rule(struct audit_krule *rule);
295 extern int audit_remove_tree_rule(struct audit_krule *rule);
324 #define audit_remove_tree_rule(rule) BUG() argument
325 #define audit_add_tree_rule(rule) -EINVAL argument
326 #define audit_make_tree(rule, str, op) -EINVAL argument
330 #define audit_tree_path(rule) "" /* never called */ argument
|
| A D | auditsc.c | 465 struct audit_krule *rule, in audit_filter_rules() argument
476 if (ctx && rule->prio <= ctx->prio) in audit_filter_rules()
481 for (i = 0; i < rule->field_count; i++) { in audit_filter_rules()
482 struct audit_field *f = &rule->fields[i]; in audit_filter_rules()
757 if (rule->filterkey) { in audit_filter_rules()
761 ctx->prio = rule->prio; in audit_filter_rules()
763 switch (rule->action) { in audit_filter_rules()
810 return rule->mask[word] & bit; in audit_in_mask()
837 if (audit_in_mask(&e->rule, op) && in __audit_filter_op()
2311 && e->rule.action == AUDIT_NEVER) { in __audit_inode()
[all …]
|
Completed in 23 milliseconds