krule 1805 include/linux/lsm_hooks.h int (*audit_rule_known)(struct audit_krule *krule); krule 1781 include/linux/security.h int security_audit_rule_known(struct audit_krule *krule); krule 1793 include/linux/security.h static inline int security_audit_rule_known(struct audit_krule *krule) krule 257 kernel/audit.h extern int audit_to_watch(struct audit_krule *krule, char *path, int len, krule 259 kernel/audit.h extern int audit_add_watch(struct audit_krule *krule, struct list_head **list); krule 260 kernel/audit.h extern void audit_remove_watch_rule(struct audit_krule *krule); krule 265 kernel/audit.h extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, krule 269 kernel/audit.h extern void audit_remove_mark_rule(struct audit_krule *krule); krule 74 kernel/audit_fsnotify.c struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char *pathname, int len) krule 101 kernel/audit_fsnotify.c audit_mark->rule = krule; krule 138 kernel/audit_fsnotify.c void audit_remove_mark_rule(struct audit_krule *krule) krule 140 kernel/audit_fsnotify.c struct audit_fsnotify_mark *mark = krule->exe; krule 178 kernel/audit_watch.c int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op) krule 186 kernel/audit_watch.c krule->listnr != AUDIT_FILTER_EXIT || krule 188 kernel/audit_watch.c krule->inode_f || krule->watch || krule->tree) krule 195 kernel/audit_watch.c krule->watch = watch; krule 366 kernel/audit_watch.c static void audit_add_to_parent(struct audit_krule *krule, krule 369 kernel/audit_watch.c struct audit_watch *w, *watch = krule->watch; krule 384 kernel/audit_watch.c krule->watch = watch = w; krule 396 kernel/audit_watch.c list_add(&krule->rlist, &watch->rules); krule 401 kernel/audit_watch.c int audit_add_watch(struct audit_krule *krule, struct list_head **list) krule 403 kernel/audit_watch.c struct audit_watch *watch = krule->watch; krule 438 kernel/audit_watch.c audit_add_to_parent(krule, parent); krule 448 kernel/audit_watch.c void audit_remove_watch_rule(struct audit_krule *krule) krule 450 kernel/audit_watch.c struct audit_watch *watch = krule->watch; krule 453 kernel/audit_watch.c list_del(&krule->rlist); krule 151 kernel/auditfilter.c static inline int audit_to_inode(struct audit_krule *krule, krule 154 kernel/auditfilter.c if (krule->listnr != AUDIT_FILTER_EXIT || krule 155 kernel/auditfilter.c krule->inode_f || krule->watch || krule->tree || krule 159 kernel/auditfilter.c krule->inode_f = f; krule 626 kernel/auditfilter.c static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule) krule 632 kernel/auditfilter.c data = kmalloc(sizeof(*data) + krule->buflen, GFP_KERNEL); krule 637 kernel/auditfilter.c data->flags = krule->flags | krule->listnr; krule 638 kernel/auditfilter.c data->action = krule->action; krule 639 kernel/auditfilter.c data->field_count = krule->field_count; krule 642 kernel/auditfilter.c struct audit_field *f = &krule->fields[i]; krule 663 kernel/auditfilter.c audit_watch_path(krule->watch)); krule 668 kernel/auditfilter.c audit_tree_path(krule->tree)); krule 672 kernel/auditfilter.c audit_pack_string(&bufp, krule->filterkey); krule 676 kernel/auditfilter.c audit_pack_string(&bufp, audit_mark_path(krule->exe)); krule 679 kernel/auditfilter.c if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) { krule 689 kernel/auditfilter.c for (i = 0; i < AUDIT_BITMASK_SIZE; i++) data->mask[i] = krule->mask[i]; krule 2355 security/security.c int security_audit_rule_known(struct audit_krule *krule) krule 2357 security/security.c return call_int_hook(audit_rule_known, 0, krule); krule 54 security/selinux/include/audit.h int selinux_audit_rule_known(struct audit_krule *krule); krule 4367 security/smack/smack_lsm.c static int smack_audit_rule_known(struct audit_krule *krule) krule 4372 security/smack/smack_lsm.c for (i = 0; i < krule->field_count; i++) { krule 4373 security/smack/smack_lsm.c f = &krule->fields[i];