• Home
  • History
  • Annotate
  • Raw
  • Download
  • only in /netgear-WNDR4500v2-V1.0.0.60_1.0.38/src/linux/linux-2.6/kernel/

Lines Matching refs:rule

135 	if (e->rule.watch)
136 		audit_put_watch(e->rule.watch);
137 	if (e->rule.fields)
138 		for (i = 0; i < e->rule.field_count; i++) {
139 			struct audit_field *f = &e->rule.fields[i];
143 	kfree(e->rule.fields);
144 	kfree(e->rule.filterkey);
213 	entry->rule.fields = fields;
269 	    krule->inode_f || krule->watch) /* 1 inode # per rule, for hash */
329 	struct audit_field *arch = entry->rule.arch_f;
335 					       entry->rule.mask) &&
337 					       entry->rule.mask));
343 					       entry->rule.mask));
346 					       entry->rule.mask));
353 /* Common user-space to kernel rule translation. */
354 static inline struct audit_entry *audit_to_entry_common(struct audit_rule *rule)
361 	listnr = rule->flags & ~AUDIT_FILTER_PREPEND;
374 	if (unlikely(rule->action == AUDIT_POSSIBLE)) {
378 	if (rule->action != AUDIT_NEVER && rule->action != AUDIT_ALWAYS)
380 	if (rule->field_count > AUDIT_MAX_FIELDS)
384 	entry = audit_init_entry(rule->field_count);
388 	entry->rule.flags = rule->flags & AUDIT_FILTER_PREPEND;
389 	entry->rule.listnr = listnr;
390 	entry->rule.action = rule->action;
391 	entry->rule.field_count = rule->field_count;
394 		entry->rule.mask[i] = rule->mask[i];
398 		__u32 *p = &entry->rule.mask[AUDIT_WORD(bit)];
408 				entry->rule.mask[j] |= class[j];
418 /* Translate struct audit_rule to kernel's rule respresentation.
420 static struct audit_entry *audit_rule_to_entry(struct audit_rule *rule)
427 	entry = audit_to_entry_common(rule);
431 	for (i = 0; i < rule->field_count; i++) {
432 		struct audit_field *f = &entry->rule.fields[i];
434 		f->op = rule->fields[i] & (AUDIT_NEGATE|AUDIT_OPERATORS);
435 		f->type = rule->fields[i] & ~(AUDIT_NEGATE|AUDIT_OPERATORS);
436 		f->val = rule->values[i];
471 			entry->rule.arch_f = f;
478 			err = audit_to_inode(&entry->rule, f);
484 		entry->rule.vers_ops = (f->op & AUDIT_OPERATORS) ? 2 : 1;
498 	f = entry->rule.inode_f;
502 			entry->rule.inode_f = NULL;
519 /* Translate struct audit_rule_data to kernel's rule respresentation. */
536 	entry->rule.vers_ops = 2;
538 		struct audit_field *f = &entry->rule.fields[i];
574 			entry->rule.arch_f = f;
589 			entry->rule.buflen += f->val;
596 				printk(KERN_WARNING "audit rule for selinux "
610 			entry->rule.buflen += f->val;
612 			err = audit_to_watch(&entry->rule, str, f->val, f->op);
619 			err = audit_to_inode(&entry->rule, f);
625 			if (entry->rule.filterkey || f->val > AUDIT_MAX_KEY_LEN)
630 			entry->rule.buflen += f->val;
631 			entry->rule.filterkey = str;
642 	f = entry->rule.inode_f;
646 			entry->rule.inode_f = NULL;
674 /* Translate kernel rule respresentation to struct audit_rule.
678 	struct audit_rule *rule;
681 	rule = kzalloc(sizeof(*rule), GFP_KERNEL);
682 	if (unlikely(!rule))
685 	rule->flags = krule->flags | krule->listnr;
686 	rule->action = krule->action;
687 	rule->field_count = krule->field_count;
688 	for (i = 0; i < rule->field_count; i++) {
689 		rule->values[i] = krule->fields[i].val;
690 		rule->fields[i] = krule->fields[i].type;
694 				rule->fields[i] |= AUDIT_NEGATE;
696 			rule->fields[i] |= krule->fields[i].op;
699 	for (i = 0; i < AUDIT_BITMASK_SIZE; i++) rule->mask[i] = krule->mask[i];
701 	return rule;
704 /* Translate kernel rule respresentation to struct audit_rule_data. */
855 		printk(KERN_WARNING "audit rule for selinux \'%s\' is "
863 /* Duplicate an audit rule.  This will be a deep copy with the exception
866  * rule with the new rule in the filterlist, then free the old rule.
882 	new = &entry->rule;
896 	 * the originals will all be freed when the old rule is freed. */
965 			oentry = container_of(r, struct audit_entry, rule);
966 			list_del(&oentry->rule.rlist);
969 			nentry = audit_dupe_rule(&oentry->rule, nwatch);
974 				list_add(&nentry->rule.rlist, &nwatch->rules);
1012 			e = container_of(r, struct audit_entry, rule);
1015 			audit_log_format(ab, "op=remove rule path=");
1048 /* Find an existing audit rule.
1049  * Caller must hold audit_filter_mutex to prevent stale rule data. */
1056 	if (entry->rule.watch) {
1061 				if (!audit_compare_rule(&entry->rule, &e->rule)) {
1070 		if (!audit_compare_rule(&entry->rule, &e->rule)) {
1128 /* Associate the given rule with an existing parent inotify_watch.
1206 /* Add rule to given filterlist if not a duplicate. */
1211 	struct audit_field *inode_f = entry->rule.inode_f;
1212 	struct audit_watch *watch = entry->rule.watch;
1219 	if (entry->rule.listnr == AUDIT_FILTER_USER ||
1220 		entry->rule.listnr == AUDIT_FILTER_TYPE)
1248 		err = audit_add_watch(&entry->rule, ndp, ndw);
1257 	if (entry->rule.flags & AUDIT_FILTER_PREPEND) {
1259 		entry->rule.flags &= ~AUDIT_FILTER_PREPEND;
1285 /* Remove an existing rule from filterlist. */
1290 	struct audit_field *inode_f = entry->rule.inode_f;
1291 	struct audit_watch *watch, *tmp_watch = entry->rule.watch;
1298 	if (entry->rule.listnr == AUDIT_FILTER_USER ||
1299 		entry->rule.listnr == AUDIT_FILTER_TYPE)
1316 	watch = e->rule.watch;
1320 		list_del(&e->rule.rlist);
1370 			struct audit_rule *rule;
1372 			rule = audit_krule_to_rule(&entry->rule);
1373 			if (unlikely(!rule))
1376 					 rule, sizeof(*rule));
1379 			kfree(rule);
1384 			struct audit_rule *rule;
1386 			rule = audit_krule_to_rule(&entry->rule);
1387 			if (unlikely(!rule))
1390 					 rule, sizeof(*rule));
1393 			kfree(rule);
1414 			data = audit_krule_to_data(&e->rule);
1428 			data = audit_krule_to_data(&e->rule);
1443 /* Log rule additions and removals */
1445 				  struct audit_krule *rule, int res)
1462 	audit_log_format(ab, " op=%s rule key=", action);
1463 	if (rule->filterkey)
1464 		audit_log_untrustedstring(ab, rule->filterkey);
1467 	audit_log_format(ab, " list=%d res=%d", rule->listnr, res);
1529 				     &audit_filter_list[entry->rule.listnr]);
1530 		audit_log_rule_change(loginuid, sid, "add", &entry->rule, !err);
1545 				     &audit_filter_list[entry->rule.listnr]);
1546 		audit_log_rule_change(loginuid, sid, "remove", &entry->rule,
1617 				   struct audit_krule *rule,
1622 	for (i = 0; i < rule->field_count; i++) {
1623 		struct audit_field *f = &rule->fields[i];
1644 	switch (rule->action) {
1659 		if (audit_filter_user_rules(cb, &e->rule, &state)) {
1682 		for (i = 0; i < e->rule.field_count; i++) {
1683 			struct audit_field *f = &e->rule.fields[i];
1698 /* Check to see if the rule contains any selinux fields.  Returns 1 if there
1699    are selinux fields specified in the rule, 0 otherwise. */
1700 static inline int audit_rule_has_selinux(struct audit_krule *rule)
1704 	for (i = 0; i < rule->field_count; i++) {
1705 		struct audit_field *f = &rule->fields[i];
1726  * specific filter fields.  When such a rule is found, it is copied, the
1727  * selinux field is re-initialized, and the old rule is replaced with the
1728  * updated rule. */
1740 			if (!audit_rule_has_selinux(&entry->rule))
1743 			watch = entry->rule.watch;
1744 			nentry = audit_dupe_rule(&entry->rule, watch);
1752 					list_del(&entry->rule.rlist);
1756 					list_add(&nentry->rule.rlist,
1758 					list_del(&entry->rule.rlist);