Searched refs:rule (Results 1 – 6 of 6) sorted by relevance
| /kernel/ |
| D | auditfilter.c | 86 struct audit_krule *erule = &e->rule; in audit_free_rule()
120 entry->rule.fields = fields; in audit_init_entry()
213 struct audit_field *arch = entry->rule.arch_f; in audit_match_signal()
219 entry->rule.mask) && in audit_match_signal()
221 entry->rule.mask)); in audit_match_signal()
227 entry->rule.mask)); in audit_match_signal()
230 entry->rule.mask)); in audit_match_signal()
238 static inline struct audit_entry *audit_to_entry_common(struct audit_rule_data *rule) in audit_to_entry_common() argument
245 listnr = rule->flags & ~AUDIT_FILTER_PREPEND; in audit_to_entry_common()
262 if (unlikely(rule->action == AUDIT_POSSIBLE)) { in audit_to_entry_common()
[all …]
|
| D | audit_tree.c | 526 struct audit_krule *rule) in audit_tree_log_remove_rule() argument
536 audit_log_untrustedstring(ab, rule->tree->pathname); in audit_tree_log_remove_rule()
537 audit_log_key(ab, rule->filterkey); in audit_tree_log_remove_rule()
538 audit_log_format(ab, " list=%d res=1", rule->listnr); in audit_tree_log_remove_rule()
544 struct audit_krule *rule, *next; in kill_rules() local
547 list_for_each_entry_safe(rule, next, &tree->rules, rlist) { in kill_rules()
548 entry = container_of(rule, struct audit_entry, rule); in kill_rules()
550 list_del_init(&rule->rlist); in kill_rules()
551 if (rule->tree) { in kill_rules()
553 audit_tree_log_remove_rule(context, rule); in kill_rules()
[all …]
|
| D | audit_fsnotify.c | 31 struct audit_krule *rule; member
101 audit_mark->rule = krule; in audit_alloc_mark()
118 struct audit_krule *rule = audit_mark->rule; in audit_mark_log_rule_change() local
128 audit_log_key(ab, rule->filterkey); in audit_mark_log_rule_change()
129 audit_log_format(ab, " list=%d res=1", rule->listnr); in audit_mark_log_rule_change()
148 struct audit_krule *rule = audit_mark->rule; in audit_autoremove_mark_rule() local
149 struct audit_entry *entry = container_of(rule, struct audit_entry, rule); in audit_autoremove_mark_rule()
|
| D | audit_watch.c | 279 oentry = container_of(r, struct audit_entry, rule); in audit_update_watch()
280 list_del(&oentry->rule.rlist); in audit_update_watch()
283 nentry = audit_dupe_rule(&oentry->rule); in audit_update_watch()
285 list_del(&oentry->rule.list); in audit_update_watch()
295 audit_put_watch(nentry->rule.watch); in audit_update_watch()
297 nentry->rule.watch = nwatch; in audit_update_watch()
298 list_add(&nentry->rule.rlist, &nwatch->rules); in audit_update_watch()
300 list_replace(&oentry->rule.list, in audit_update_watch()
301 &nentry->rule.list); in audit_update_watch()
303 if (oentry->rule.exe) in audit_update_watch()
[all …]
|
| D | audit.h | 52 struct audit_krule rule; member
292 extern int audit_make_tree(struct audit_krule *rule, char *pathname, u32 op);
293 extern int audit_add_tree_rule(struct audit_krule *rule);
294 extern int audit_remove_tree_rule(struct audit_krule *rule);
323 #define audit_remove_tree_rule(rule) BUG() argument
324 #define audit_add_tree_rule(rule) -EINVAL argument
325 #define audit_make_tree(rule, str, op) -EINVAL argument
329 #define audit_tree_path(rule) "" /* never called */ argument
|
| D | auditsc.c | 462 struct audit_krule *rule, in audit_filter_rules() argument
473 if (ctx && rule->prio <= ctx->prio) in audit_filter_rules()
478 for (i = 0; i < rule->field_count; i++) { in audit_filter_rules()
479 struct audit_field *f = &rule->fields[i]; in audit_filter_rules()
497 result = audit_exe_compare(tsk, rule->exe); in audit_filter_rules()
631 result = audit_watch_compare(rule->watch, in audit_filter_rules()
640 result = match_tree_refs(ctx, rule->tree); in audit_filter_rules()
752 if (rule->filterkey) { in audit_filter_rules()
754 ctx->filterkey = kstrdup(rule->filterkey, GFP_ATOMIC); in audit_filter_rules()
756 ctx->prio = rule->prio; in audit_filter_rules()
[all …]
|