Searched refs:rule (Results 1 – 6 of 6) sorted by relevance
| /kernel/ |
| D | auditfilter.c | 95 struct audit_krule *erule = &e->rule; in audit_free_rule()
129 entry->rule.fields = fields; in audit_init_entry()
221 struct audit_field *arch = entry->rule.arch_f; in audit_match_signal()
227 entry->rule.mask) && in audit_match_signal()
229 entry->rule.mask)); in audit_match_signal()
235 entry->rule.mask)); in audit_match_signal()
238 entry->rule.mask)); in audit_match_signal()
246 static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *rule) in audit_to_entry_common() argument
253 listnr = rule->flags & ~AUDIT_FILTER_PREPEND; in audit_to_entry_common()
259 if (rule->action == AUDIT_ALWAYS) in audit_to_entry_common()
[all …]
|
| D | audit_tree.c | 454 static void audit_tree_log_remove_rule(struct audit_krule *rule) in audit_tree_log_remove_rule() argument
464 audit_log_untrustedstring(ab, rule->tree->pathname); in audit_tree_log_remove_rule()
465 audit_log_key(ab, rule->filterkey); in audit_tree_log_remove_rule()
466 audit_log_format(ab, " list=%d res=1", rule->listnr); in audit_tree_log_remove_rule()
472 struct audit_krule *rule, *next; in kill_rules() local
475 list_for_each_entry_safe(rule, next, &tree->rules, rlist) { in kill_rules()
476 entry = container_of(rule, struct audit_entry, rule); in kill_rules()
478 list_del_init(&rule->rlist); in kill_rules()
479 if (rule->tree) { in kill_rules()
481 audit_tree_log_remove_rule(rule); in kill_rules()
[all …]
|
| D | audit_fsnotify.c | 40 struct audit_krule *rule; member
110 audit_mark->rule = krule; in audit_alloc_mark()
126 struct audit_krule *rule = audit_mark->rule; in audit_mark_log_rule_change() local
139 audit_log_key(ab, rule->filterkey); in audit_mark_log_rule_change()
140 audit_log_format(ab, " list=%d res=1", rule->listnr); in audit_mark_log_rule_change()
159 struct audit_krule *rule = audit_mark->rule; in audit_autoremove_mark_rule() local
160 struct audit_entry *entry = container_of(rule, struct audit_entry, rule); in audit_autoremove_mark_rule()
|
| D | audit_watch.c | 292 oentry = container_of(r, struct audit_entry, rule); in audit_update_watch()
293 list_del(&oentry->rule.rlist); in audit_update_watch()
296 nentry = audit_dupe_rule(&oentry->rule); in audit_update_watch()
298 list_del(&oentry->rule.list); in audit_update_watch()
308 audit_put_watch(nentry->rule.watch); in audit_update_watch()
310 nentry->rule.watch = nwatch; in audit_update_watch()
311 list_add(&nentry->rule.rlist, &nwatch->rules); in audit_update_watch()
313 list_replace(&oentry->rule.list, in audit_update_watch()
314 &nentry->rule.list); in audit_update_watch()
316 if (oentry->rule.exe) in audit_update_watch()
[all …]
|
| D | audit.h | 60 struct audit_krule rule; member
314 #define audit_remove_tree_rule(rule) BUG() argument
315 #define audit_add_tree_rule(rule) -EINVAL argument
316 #define audit_make_tree(rule, str, op) -EINVAL argument
320 #define audit_tree_path(rule) "" /* never called */ argument
|
| D | auditsc.c | 441 struct audit_krule *rule, in audit_filter_rules() argument
453 for (i = 0; i < rule->field_count; i++) { in audit_filter_rules()
454 struct audit_field *f = &rule->fields[i]; in audit_filter_rules()
472 result = audit_exe_compare(tsk, rule->exe); in audit_filter_rules()
602 result = audit_watch_compare(rule->watch, name->ino, name->dev); in audit_filter_rules()
606 result = match_tree_refs(ctx, rule->tree); in audit_filter_rules()
693 if (rule->prio <= ctx->prio) in audit_filter_rules()
695 if (rule->filterkey) { in audit_filter_rules()
697 ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); in audit_filter_rules()
699 ctx->prio = rule->prio; in audit_filter_rules()
[all …]
|