krule            1805 include/linux/lsm_hooks.h 	int (*audit_rule_known)(struct audit_krule *krule);
krule            1781 include/linux/security.h int security_audit_rule_known(struct audit_krule *krule);
krule            1793 include/linux/security.h static inline int security_audit_rule_known(struct audit_krule *krule)
krule             257 kernel/audit.h extern int audit_to_watch(struct audit_krule *krule, char *path, int len,
krule             259 kernel/audit.h extern int audit_add_watch(struct audit_krule *krule, struct list_head **list);
krule             260 kernel/audit.h extern void audit_remove_watch_rule(struct audit_krule *krule);
krule             265 kernel/audit.h extern struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule,
krule             269 kernel/audit.h extern void audit_remove_mark_rule(struct audit_krule *krule);
krule              74 kernel/audit_fsnotify.c struct audit_fsnotify_mark *audit_alloc_mark(struct audit_krule *krule, char *pathname, int len)
krule             101 kernel/audit_fsnotify.c 	audit_mark->rule = krule;
krule             138 kernel/audit_fsnotify.c void audit_remove_mark_rule(struct audit_krule *krule)
krule             140 kernel/audit_fsnotify.c 	struct audit_fsnotify_mark *mark = krule->exe;
krule             178 kernel/audit_watch.c int audit_to_watch(struct audit_krule *krule, char *path, int len, u32 op)
krule             186 kernel/audit_watch.c 	    krule->listnr != AUDIT_FILTER_EXIT ||
krule             188 kernel/audit_watch.c 	    krule->inode_f || krule->watch || krule->tree)
krule             195 kernel/audit_watch.c 	krule->watch = watch;
krule             366 kernel/audit_watch.c static void audit_add_to_parent(struct audit_krule *krule,
krule             369 kernel/audit_watch.c 	struct audit_watch *w, *watch = krule->watch;
krule             384 kernel/audit_watch.c 		krule->watch = watch = w;
krule             396 kernel/audit_watch.c 	list_add(&krule->rlist, &watch->rules);
krule             401 kernel/audit_watch.c int audit_add_watch(struct audit_krule *krule, struct list_head **list)
krule             403 kernel/audit_watch.c 	struct audit_watch *watch = krule->watch;
krule             438 kernel/audit_watch.c 	audit_add_to_parent(krule, parent);
krule             448 kernel/audit_watch.c void audit_remove_watch_rule(struct audit_krule *krule)
krule             450 kernel/audit_watch.c 	struct audit_watch *watch = krule->watch;
krule             453 kernel/audit_watch.c 	list_del(&krule->rlist);
krule             151 kernel/auditfilter.c static inline int audit_to_inode(struct audit_krule *krule,
krule             154 kernel/auditfilter.c 	if (krule->listnr != AUDIT_FILTER_EXIT ||
krule             155 kernel/auditfilter.c 	    krule->inode_f || krule->watch || krule->tree ||
krule             159 kernel/auditfilter.c 	krule->inode_f = f;
krule             626 kernel/auditfilter.c static struct audit_rule_data *audit_krule_to_data(struct audit_krule *krule)
krule             632 kernel/auditfilter.c 	data = kmalloc(sizeof(*data) + krule->buflen, GFP_KERNEL);
krule             637 kernel/auditfilter.c 	data->flags = krule->flags | krule->listnr;
krule             638 kernel/auditfilter.c 	data->action = krule->action;
krule             639 kernel/auditfilter.c 	data->field_count = krule->field_count;
krule             642 kernel/auditfilter.c 		struct audit_field *f = &krule->fields[i];
krule             663 kernel/auditfilter.c 						  audit_watch_path(krule->watch));
krule             668 kernel/auditfilter.c 						  audit_tree_path(krule->tree));
krule             672 kernel/auditfilter.c 				audit_pack_string(&bufp, krule->filterkey);
krule             676 kernel/auditfilter.c 				audit_pack_string(&bufp, audit_mark_path(krule->exe));
krule             679 kernel/auditfilter.c 			if (krule->pflags & AUDIT_LOGINUID_LEGACY && !f->val) {
krule             689 kernel/auditfilter.c 	for (i = 0; i < AUDIT_BITMASK_SIZE; i++) data->mask[i] = krule->mask[i];
krule            2355 security/security.c int security_audit_rule_known(struct audit_krule *krule)
krule            2357 security/security.c 	return call_int_hook(audit_rule_known, 0, krule);
krule              54 security/selinux/include/audit.h int selinux_audit_rule_known(struct audit_krule *krule);
krule            4367 security/smack/smack_lsm.c static int smack_audit_rule_known(struct audit_krule *krule)
krule            4372 security/smack/smack_lsm.c 	for (i = 0; i < krule->field_count; i++) {
krule            4373 security/smack/smack_lsm.c 		f = &krule->fields[i];