106 	struct audit_entry *entry;  in audit_init_entry()  local
109 	entry = kzalloc(sizeof(*entry), GFP_KERNEL);  in audit_init_entry()
110 	if (unlikely(!entry))  in audit_init_entry()
115 		kfree(entry);  in audit_init_entry()
118 	entry->rule.fields = fields;  in audit_init_entry()
120 	return entry;  in audit_init_entry()
208 static int audit_match_signal(struct audit_entry *entry)  in audit_match_signal()  argument
210 	struct audit_field *arch = entry->rule.arch_f;  in audit_match_signal()
216 					       entry->rule.mask) &&  in audit_match_signal()
218 					       entry->rule.mask));  in audit_match_signal()
224 					       entry->rule.mask));  in audit_match_signal()
227 					       entry->rule.mask));  in audit_match_signal()
238 	struct audit_entry *entry;  in audit_to_entry_common()  local
268 	entry = audit_init_entry(rule->field_count);  in audit_to_entry_common()
269 	if (!entry)  in audit_to_entry_common()
272 	entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND;  in audit_to_entry_common()
273 	entry->rule.listnr = listnr;  in audit_to_entry_common()
274 	entry->rule.action = rule->action;  in audit_to_entry_common()
275 	entry->rule.field_count = rule->field_count;  in audit_to_entry_common()
278 		entry->rule.mask[i] = rule->mask[i];  in audit_to_entry_common()
282 		__u32 *p = &entry->rule.mask[AUDIT_WORD(bit)];  in audit_to_entry_common()
292 				entry->rule.mask[j] |= class[j];  in audit_to_entry_common()
296 	return entry;  in audit_to_entry_common()
323 static int audit_field_valid(struct audit_entry *entry, struct audit_field *f)  in audit_field_valid()  argument
327 		if (entry->rule.listnr != AUDIT_FILTER_EXCLUDE &&  in audit_field_valid()
328 		    entry->rule.listnr != AUDIT_FILTER_USER)  in audit_field_valid()
332 		if (entry->rule.listnr != AUDIT_FILTER_FS)  in audit_field_valid()
337 	switch (entry->rule.listnr) {  in audit_field_valid()
445 	struct audit_entry *entry;  in audit_data_to_entry()  local
452 	entry = audit_to_entry_common(data);  in audit_data_to_entry()
453 	if (IS_ERR(entry))  in audit_data_to_entry()
458 		struct audit_field *f = &entry->rule.fields[i];  in audit_data_to_entry()
474 			entry->rule.pflags |= AUDIT_LOGINUID_LEGACY;  in audit_data_to_entry()
477 		err = audit_field_valid(entry, f);  in audit_data_to_entry()
504 			entry->rule.arch_f = f;  in audit_data_to_entry()
521 			entry->rule.buflen += f_val;  in audit_data_to_entry()
540 			err = audit_to_watch(&entry->rule, str, f_val, f->op);  in audit_data_to_entry()
545 			entry->rule.buflen += f_val;  in audit_data_to_entry()
553 			err = audit_make_tree(&entry->rule, str, f->op);  in audit_data_to_entry()
557 			entry->rule.buflen += f_val;  in audit_data_to_entry()
561 			err = audit_to_inode(&entry->rule, f);  in audit_data_to_entry()
566 			if (entry->rule.filterkey || f_val > AUDIT_MAX_KEY_LEN)  in audit_data_to_entry()
573 			entry->rule.buflen += f_val;  in audit_data_to_entry()
574 			entry->rule.filterkey = str;  in audit_data_to_entry()
577 			if (entry->rule.exe || f_val > PATH_MAX)  in audit_data_to_entry()
584 			audit_mark = audit_alloc_mark(&entry->rule, str, f_val);  in audit_data_to_entry()
590 			entry->rule.buflen += f_val;  in audit_data_to_entry()
591 			entry->rule.exe = audit_mark;  in audit_data_to_entry()
599 	if (entry->rule.inode_f && entry->rule.inode_f->op == Audit_not_equal)  in audit_data_to_entry()
600 		entry->rule.inode_f = NULL;  in audit_data_to_entry()
603 	return entry;  in audit_data_to_entry()
606 	if (entry->rule.tree)  in audit_data_to_entry()
607 		audit_put_tree(entry->rule.tree); /* that's the temporary one */  in audit_data_to_entry()
608 	if (entry->rule.exe)  in audit_data_to_entry()
609 		audit_remove_mark(entry->rule.exe); /* that's the template one */  in audit_data_to_entry()
610 	audit_free_rule(entry);  in audit_data_to_entry()
814 	struct audit_entry *entry;  in audit_dupe_rule()  local
819 	entry = audit_init_entry(fcount);  in audit_dupe_rule()
820 	if (unlikely(!entry))  in audit_dupe_rule()
823 	new = &entry->rule;  in audit_dupe_rule()
876 			audit_free_rule(entry);  in audit_dupe_rule()
886 	return entry;  in audit_dupe_rule()
891 static struct audit_entry *audit_find_rule(struct audit_entry *entry,  in audit_find_rule()  argument
898 	if (entry->rule.inode_f) {  in audit_find_rule()
899 		h = audit_hash_ino(entry->rule.inode_f->val);  in audit_find_rule()
901 	} else if (entry->rule.watch) {  in audit_find_rule()
906 				if (!audit_compare_rule(&entry->rule, &e->rule)) {  in audit_find_rule()
913 		*p = list = &audit_filter_list[entry->rule.listnr];  in audit_find_rule()
917 		if (!audit_compare_rule(&entry->rule, &e->rule)) {  in audit_find_rule()
930 static inline int audit_add_rule(struct audit_entry *entry)  in audit_add_rule()  argument
933 	struct audit_watch *watch = entry->rule.watch;  in audit_add_rule()
934 	struct audit_tree *tree = entry->rule.tree;  in audit_add_rule()
941 	switch(entry->rule.listnr) {  in audit_add_rule()
950 	e = audit_find_rule(entry, &list);  in audit_add_rule()
962 		err = audit_add_watch(&entry->rule, &list);  in audit_add_rule()
975 		err = audit_add_tree_rule(&entry->rule);  in audit_add_rule()
982 	entry->rule.prio = ~0ULL;  in audit_add_rule()
983 	if (entry->rule.listnr == AUDIT_FILTER_EXIT) {  in audit_add_rule()
984 		if (entry->rule.flags & AUDIT_FILTER_PREPEND)  in audit_add_rule()
985 			entry->rule.prio = ++prio_high;  in audit_add_rule()
987 			entry->rule.prio = --prio_low;  in audit_add_rule()
990 	if (entry->rule.flags & AUDIT_FILTER_PREPEND) {  in audit_add_rule()
991 		list_add(&entry->rule.list,  in audit_add_rule()
992 			 &audit_rules_list[entry->rule.listnr]);  in audit_add_rule()
993 		list_add_rcu(&entry->list, list);  in audit_add_rule()
994 		entry->rule.flags &= ~AUDIT_FILTER_PREPEND;  in audit_add_rule()
996 		list_add_tail(&entry->rule.list,  in audit_add_rule()
997 			      &audit_rules_list[entry->rule.listnr]);  in audit_add_rule()
998 		list_add_tail_rcu(&entry->list, list);  in audit_add_rule()
1004 	if (!audit_match_signal(entry))  in audit_add_rule()
1013 int audit_del_rule(struct audit_entry *entry)  in audit_del_rule()  argument
1016 	struct audit_tree *tree = entry->rule.tree;  in audit_del_rule()
1023 	switch(entry->rule.listnr) {  in audit_del_rule()
1032 	e = audit_find_rule(entry, &list);  in audit_del_rule()
1051 	if (!audit_match_signal(entry))  in audit_del_rule()
1126 	struct audit_entry *entry;  in audit_rule_change()  local
1130 		entry = audit_data_to_entry(data, datasz);  in audit_rule_change()
1131 		if (IS_ERR(entry))  in audit_rule_change()
1132 			return PTR_ERR(entry);  in audit_rule_change()
1133 		err = audit_add_rule(entry);  in audit_rule_change()
1134 		audit_log_rule_change("add_rule", &entry->rule, !err);  in audit_rule_change()
1137 		entry = audit_data_to_entry(data, datasz);  in audit_rule_change()
1138 		if (IS_ERR(entry))  in audit_rule_change()
1139 			return PTR_ERR(entry);  in audit_rule_change()
1140 		err = audit_del_rule(entry);  in audit_rule_change()
1141 		audit_log_rule_change("remove_rule", &entry->rule, !err);  in audit_rule_change()
1149 		if (entry->rule.exe)  in audit_rule_change()
1150 			audit_remove_mark(entry->rule.exe);  in audit_rule_change()
1151 		audit_free_rule(entry);  in audit_rule_change()
1393 	struct audit_entry *entry = container_of(r, struct audit_entry, rule);  in update_lsm_rule()  local
1401 	if (entry->rule.exe)  in update_lsm_rule()
1402 		audit_remove_mark(entry->rule.exe);  in update_lsm_rule()
1410 		list_del_rcu(&entry->list);  in update_lsm_rule()
1415 		list_replace_rcu(&entry->list, &nentry->list);  in update_lsm_rule()
1418 	call_rcu(&entry->rcu, audit_free_rule_rcu);  in update_lsm_rule()