audit_mark - Linux

kernel/audit.h

286

extern void audit_remove_mark(struct audit_fsnotify_mark *audit_mark);

kernel/audit_fsnotify.c

100

audit_mark->path = pathname;

kernel/audit_fsnotify.c

101

audit_update_mark(audit_mark, dentry->d_inode);

kernel/audit_fsnotify.c

102

audit_mark->rule = krule;

kernel/audit_fsnotify.c

104

ret = fsnotify_add_inode_mark(&audit_mark->mark, path.dentry->d_inode, 0);

kernel/audit_fsnotify.c

106

audit_mark->path = NULL;

kernel/audit_fsnotify.c

107

fsnotify_put_mark(&audit_mark->mark);

kernel/audit_fsnotify.c

108

audit_mark = ERR_PTR(ret);

kernel/audit_fsnotify.c

113

return audit_mark;

kernel/audit_fsnotify.c

116

static void audit_mark_log_rule_change(struct audit_fsnotify_mark *audit_mark, char *op)

kernel/audit_fsnotify.c

119

struct audit_krule *rule = audit_mark->rule;

kernel/audit_fsnotify.c

128

audit_log_untrustedstring(ab, audit_mark->path);

kernel/audit_fsnotify.c

134

void audit_remove_mark(struct audit_fsnotify_mark *audit_mark)

kernel/audit_fsnotify.c

136

fsnotify_destroy_mark(&audit_mark->mark, audit_fsnotify_group);

kernel/audit_fsnotify.c

137

fsnotify_put_mark(&audit_mark->mark);

kernel/audit_fsnotify.c

147

static void audit_autoremove_mark_rule(struct audit_fsnotify_mark *audit_mark)

kernel/audit_fsnotify.c

149

struct audit_krule *rule = audit_mark->rule;

kernel/audit_fsnotify.c

152

audit_mark_log_rule_change(audit_mark, "autoremove_rule");

kernel/audit_fsnotify.c

161

struct audit_fsnotify_mark *audit_mark;

kernel/audit_fsnotify.c

163

audit_mark = container_of(inode_mark, struct audit_fsnotify_mark, mark);

kernel/audit_fsnotify.c

169

if (audit_compare_dname_path(dname, audit_mark->path, AUDIT_NAME_FULL))

kernel/audit_fsnotify.c

171

audit_update_mark(audit_mark, inode);

kernel/audit_fsnotify.c

173

audit_autoremove_mark_rule(audit_mark);

kernel/audit_fsnotify.c

41

static void audit_fsnotify_mark_free(struct audit_fsnotify_mark *audit_mark)

kernel/audit_fsnotify.c

43

kfree(audit_mark->path);

kernel/audit_fsnotify.c

44

kfree(audit_mark);

kernel/audit_fsnotify.c

49

struct audit_fsnotify_mark *audit_mark;

kernel/audit_fsnotify.c

51

audit_mark = container_of(mark, struct audit_fsnotify_mark, mark);

kernel/audit_fsnotify.c

52

audit_fsnotify_mark_free(audit_mark);

kernel/audit_fsnotify.c

67

static void audit_update_mark(struct audit_fsnotify_mark *audit_mark,

kernel/audit_fsnotify.c

70

audit_mark->dev = inode ? inode->i_sb->s_dev : AUDIT_DEV_UNSET;

kernel/audit_fsnotify.c

71

audit_mark->ino = inode ? inode->i_ino : AUDIT_INO_UNSET;

kernel/audit_fsnotify.c

76

struct audit_fsnotify_mark *audit_mark;

kernel/audit_fsnotify.c

88

audit_mark = ERR_PTR(-ENOENT);

kernel/audit_fsnotify.c

92

audit_mark = kzalloc_obj(*audit_mark);

kernel/audit_fsnotify.c

93

if (unlikely(!audit_mark)) {

kernel/audit_fsnotify.c

94

audit_mark = ERR_PTR(-ENOMEM);

kernel/audit_fsnotify.c

98

fsnotify_init_mark(&audit_mark->mark, audit_fsnotify_group);

kernel/audit_fsnotify.c

99

audit_mark->mark.mask = AUDIT_FS_EVENTS;

kernel/audit_tree.c

170

return audit_mark(mark)->chunk;

kernel/audit_tree.c

175

kmem_cache_free(audit_tree_mark_cachep, audit_mark(mark));

kernel/audit_tree.c

288

audit_mark(mark)->chunk = chunk;

kernel/audit_watch.c

510

struct audit_fsnotify_mark *audit_mark;

kernel/audit_watch.c

517

audit_mark = audit_alloc_mark(new, pathname, strlen(pathname));

kernel/audit_watch.c

518

if (IS_ERR(audit_mark)) {

kernel/audit_watch.c

520

return PTR_ERR(audit_mark);

kernel/audit_watch.c

522

new->exe = audit_mark;

kernel/auditfilter.c

458

struct audit_fsnotify_mark *audit_mark;

kernel/auditfilter.c

593

audit_mark = audit_alloc_mark(&entry->rule, str, f_val);

kernel/auditfilter.c

594

if (IS_ERR(audit_mark)) {

kernel/auditfilter.c

596

err = PTR_ERR(audit_mark);

kernel/auditfilter.c

600

entry->rule.exe = audit_mark;