linux/kernel/audit_watch.c
<<
9.5" /spaion /formon a 9.5" href="../linux+v3v12../kernel/audit_watch.c">9.5" img src="../.static/gfx/right.png" alt=">>">9. /spaion9. spai class="lxr_search">9.5"9.5" input typluehidden" namluenavtarget" n value">9.5" input typluetext" namluesearch" iduesearch">9.5" butttiotypluesubmit">Search9.5" Prefsn /a>9. /spaion5" /divon5" form acopti="ajax+*" method="post" onsubmit="return false;">9. input typluehidden" namlueajax_lookup" idueajax_lookup" n value">95" /formon95" div class="headingbotttm">n div iduefile_contents"o
 
1 /a> spai class="comment">/* audit_watch.c -- watching inodes /spaion
 
2 /a> spai class="comment"> * /spaion
 
3 /a> spai class="comment"> * Copyright 2003-2009 Red Hat, Inc. /spaion
 
4 /a> spai class="comment"> * Copyright 2005 Hewlett-Packard Development Compaiy, L.P. /spaion
 
5 /a> spai class="comment"> * Copyright 2005 IBM Corporaopti /spaion
 
6 /a> spai class="comment"> * /spaion
 
7 /a> spai class="comment"> * This program is free software; you cai redistribute it and/or modify /spaion
 
8 /a> spai class="comment"> * it under the terms of the GNU General Public License as published by /spaion
 
9 /a> spai class="comment"> * the Free Software Foundaopti; either versptio2 of the License, or /spaion
 8.11a> spai class="comment"> * (at your 
 11 /a> spai class="comment"> * /spaion
 12 /a> spai class="comment"> * This program is distributed in the hope that it will be useful, /spaion
 13 /a> spai class="comment"> * but WITHOUT ANY WARRANTY; without even the implied warranty of /spaion
 14 /a> spai class="comment"> * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the /spaion
 15 /a> spai class="comment"> * GNU General Public License for more details. /spaion
 16 /a> spai class="comment"> * /spaion
 17 /a> spai class="comment"> * You should have received a copy of the GNU General Public License /spaion
 18 /a> spai class="comment"> * along with this program; if not, write to the Free Software /spaion
 19 /a> spai class="comment"> * Foundaopti, Inc., 59 Temple Place, Suite 330, Bostti, MA  02111-1307  USA /spaion
 2.11a> spai class="comment"> */ /spaion
 21 /a>n
 22 /a>#include <linux/kernel.h /a>>n
 23 /a>#include <linux/audit.h /a>>n
 24 /a>#include <linux/kthread.h /a>>n
 25 /a>#include <linux/mutex.h /a>>n
 26 /a>#include <linux/fs.h /a>>n
 27 /a>#include <linux/fsnotify_backend.h /a>>n
 28 /a>#include <linux/namli.h /a>>n
 29 /a>#include <linux/netlink.h /a>>n
 30 /a>#include <linux/sched.h /a>>n
 31 /a>#include <linux/slab.h /a>>n
 32 /a>#include <linux/security.h /a>>n
 33 /a>#include "audit.h /a>"n
 34 /a>n
 35 /a> spai class="comment">/* /spaion
 36 /a> spai class="comment"> * Reference counting: /spaion
 37 /a> spai class="comment"> * /spaion
 38 /a> spai class="comment"> * audit_parent: lifetime is from audit_init_parent() to receipt of ai FS_IGNORED /spaion
 39 /a> spai class="comment"> *      event.  Each audit_watch holds a reference to its associated parent. /spaion
 4.11a> spai class="comment"> * /spaion
 41 /a> spai class="comment"> * audit_watch: if added to lists, lifetime is from audit_init_watch() to /spaion
 42 /a> spai class="comment"> *      audit_remove_watch().  Additptially, ai audit_watch may exist /spaion
 43 /a> spai class="comment"> *      temporarily to assist in searching existing filter daoa.  Each /spaion
 44 /a> spai class="comment"> *      audit_krule holds a reference to its associated watch. /spaion
 45 /a> spai class="comment"> */ /spaion
 46 /a>n
 47 /a>struct
 a href="+code=audit_watch" class="sref">audit_watch /a> {n
 48 /a>         a href="+code=atomic_t" class="sref">atomic_t /a>                 a href="+code=count" class="sref">count /a>;   spai class="comment">/* reference count */ /spaion
 49 /a>         a href="+code=dev_t" class="sref">dev_t /a>                    a href="+code=dev" class="sref">dev /a>;     spai class="comment">/* associated superblock device */ /spaion
 50 /a>        char                    * a href="+code=path" class="sref">path /a>;   spai class="comment">/* inseroptiopath */ /spaion
 51 /a>        unsigned long            a href="+code=ino" class="sref">ino /a>;     spai class="comment">/* associated inode number */ /spaion
 52 /a>        struct
 a href="+code=audit_parent" class="sref">audit_parent /a>     * a href="+code=parent" class="sref">parent /a>;  spai class="comment">/* associated parent */ /spaion
 53 /a>        struct
 a href="+code=list_head" class="sref">list_head /a>         a href="+code=wlist" class="sref">wlist /a>;   spai class="comment">/* entry in parent->watches list */ /spaion
 54 /a>        struct
 a href="+code=list_head" class="sref">list_head /a>         a href="+code=rules" class="sref">rules /a>;   spai class="comment">/* anchor for krule->rlist */ /spaion
 55 /a>};n
 56 /a>n
 57 /a>struct
 a href="+code=audit_parent" class="sref">audit_parent /a> {n
 58 /a>        struct
 a href="+code=list_head" class="sref">list_head /a>         a href="+code=watches" class="sref">watches /a>;  spai class="comment">/* anchor for audit_watch->wlist */ /spaion
 59 /a>        struct
 a href="+code=fsnotify_mark" class="sref">fsnotify_mark /a>  a href="+code=mark" class="sref">mark /a>;  spai class="comment">/* fsnotify mark on the inode */ /spaion
 60 /a>};n
 61 /a>n
 62 /a> spai class="comment">/* fsnotify handle. */ /spaion
 63 /a>static struct
 a href="+code=fsnotify_group" class="sref">fsnotify_group /a> * a href="+code=audit_watch_group" class="sref">audit_watch_group /a>;n
 64 /a>n
 65 /a> spai class="comment">/* fsnotify events we care about. */ /spaion
 66 /a>#define
 a href="+code=AUDIT_FS_WATCH" class="sref">AUDIT_FS_WATCH /a> ( a href="+code=FS_MOVE" class="sref">FS_MOVE /a> |
 a href="+code=FS_CREATE" class="sref">FS_CREATE /a> |
 a href="+code=FS_DELETE" class="sref">FS_DELETE /a> |
 a href="+code=FS_DELETE_SELF" class="sref">FS_DELETE_SELF /a> |\n
 67 /a>                         a href="+code=FS_MOVE_SELF" class="sref">FS_MOVE_SELF /a> |
 a href="+code=FS_EVENT_ON_CHILD" class="sref">FS_EVENT_ON_CHILD /a>)n
 68 /a>n
 69 /a>static void
 a href="+code=audit_free_parent" class="sref">audit_free_parent /a>(struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>)n
 70 /a>{n
 71 /a>         a href="+code=WARN_ON" class="sref">WARN_ON /a>(! a href="+code=list_empty" class="sref">list_empty /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>));n
 72 /a>         a href="+code=kfree" class="sref">kfree /a>( a href="+code=parent" class="sref">parent /a>);n
 73 /a>}n
 74 /a>n
 75 /a>static void
 a href="+code=audit_watch_free_mark" class="sref">audit_watch_free_mark /a>(struct
 a href="+code=fsnotify_mark" class="sref">fsnotify_mark /a> * a href="+code=entry" class="sref">entry /a>)n
 76 /a>{n
 77 /a>        struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>;n
 78 /a>n
 79 /a>         a href="+code=parent" class="sref">parent /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=entry" class="sref">entry /a>, struct
 a href="+code=audit_parent" class="sref">audit_parent /a>,  a href="+code=mark" class="sref">mark /a>);n
 80 /a>         a href="+code=audit_free_parent" class="sref">audit_free_parent /a>( a href="+code=parent" class="sref">parent /a>);n
 81 /a>}n
 82 /a>n
 83 /a>static void
 a href="+code=audit_get_parent" class="sref">audit_get_parent /a>(struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>)n
 84 /a>{n
 85 /a>        if ( a href="+code=likely" class="sref">likely /a>( a href="+code=parent" class="sref">parent /a>))n
 86 /a>                 a href="+code=fsnotify_get_mark" class="sref">fsnotify_get_mark /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=mark" class="sref">mark /a>);n
 87 /a>}n
 88 /a>n
 89 /a>static void
 a href="+code=audit_put_parent" class="sref">audit_put_parent /a>(struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>)n
 90 /a>{n
 91 /a>        if ( a href="+code=likely" class="sref">likely /a>( a href="+code=parent" class="sref">parent /a>))n
 92 /a>                 a href="+code=fsnotify_put_mark" class="sref">fsnotify_put_mark /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=mark" class="sref">mark /a>);n
 93 /a>}n
 94 /a>n
 95 /a> spai class="comment">/* /spaion
 96 /a> spai class="comment"> * Find and return the audit_parent on the given inode.  If found a reference /spaion
 97 /a> spai class="comment"> * is taken on this parent. /spaion
 98 /a> spai class="comment"> */ /spaion
 99 /a>static  a href="+code=inline" class="sref">inline /a> struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=audit_find_parent" class="sref">audit_find_parent /a>(struct
 a href="+code=inode" class="sref">inode /a> * a href="+code=inode" class="sref">inode /a>)n
100 /a>{n
101 /a>        struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a> =  a href="+code=NULL" class="sref">NULL /a>;n
102 /a>        struct
 a href="+code=fsnotify_mark" class="sref">fsnotify_mark /a> * a href="+code=entry" class="sref">entry /a>;n
103 /a>n
104 /a>         a href="+code=entry" class="sref">entry /a> =  a href="+code=fsnotify_find_inode_mark" class="sref">fsnotify_find_inode_mark /a>( a href="+code=audit_watch_group" class="sref">audit_watch_group /a>,  a href="+code=inode" class="sref">inode /a>);n
105 /a>        if ( a href="+code=entry" class="sref">entry /a>)n
106 /a>                 a href="+code=parent" class="sref">parent /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=entry" class="sref">entry /a>, struct
 a href="+code=audit_parent" class="sref">audit_parent /a>,  a href="+code=mark" class="sref">mark /a>);n
107 /a>n
108 /a>        return  a href="+code=parent" class="sref">parent /a>;n
109 /a>}n
18.11a>n
111 /a>void
 a href="+code=audit_get_watch" class="sref">audit_get_watch /a>(struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>)n
112 /a>{n
113 /a>         a href="+code=atomic_inc" class="sref">atomic_inc /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=count" class="sref">count /a>);n
114 /a>}n
115 /a>n
116 /a>void
 a href="+code=audit_put_watch" class="sref">audit_put_watch /a>(struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>)n
117 /a>{n
118 /a>        if ( a href="+code=atomic_dec_and_test" class="sref">atomic_dec_and_test /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=count" class="sref">count /a>)) {n
119 /a>                 a href="+code=WARN_ON" class="sref">WARN_ON /a>( a href="+code=watch" class="sref">watch /a>-> a href="+code=parent" class="sref">parent /a>);n
120 /a>                 a href="+code=WARN_ON" class="sref">WARN_ON /a>(! a href="+code=list_empty" class="sref">list_empty /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=rules" class="sref">rules /a>));n
121 /a>                 a href="+code=kfree" class="sref">kfree /a>( a href="+code=watch" class="sref">watch /a>-> a href="+code=path" class="sref">path /a>);n
122 /a>                 a href="+code=kfree" class="sref">kfree /a>( a href="+code=watch" class="sref">watch /a>);n
123 /a>        }n
124 /a>}n
125 /a>n
126 /a>static void
 a href="+code=audit_remove_watch" class="sref">audit_remove_watch /a>(struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>)n
127 /a>{n
128 /a>         a href="+code=list_del" class="sref">list_del /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=wlist" class="sref">wlist /a>);n
129 /a>         a href="+code=audit_put_parent" class="sref">audit_put_parent /a>( a href="+code=watch" class="sref">watch /a>-> a href="+code=parent" class="sref">parent /a>);n
130 /a>         a href="+code=watch" class="sref">watch /a>-> a href="+code=parent" class="sref">parent /a> =  a href="+code=NULL" class="sref">NULL /a>;n
131 /a>         a href="+code=audit_put_watch" class="sref">audit_put_watch /a>( a href="+code=watch" class="sref">watch /a>);  spai class="comment">/* match initial get */ /spaion
132 /a>}n
133 /a>n
134 /a>char * a href="+code=audit_watch_path" class="sref">audit_watch_path /a>(struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>)n
135 /a>{n
136 /a>        return  a href="+code=watch" class="sref">watch /a>-> a href="+code=path" class="sref">path /a>;n
137 /a>}n
138 /a>n
139 /a>int
 a href="+code=audit_watch_compare" class="sref">audit_watch_compare /a>(struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>, unsigned long  a href="+code=ino" class="sref">ino /a>,  a href="+code=dev_t" class="sref">dev_t /a>  a href="+code=dev" class="sref">dev /a>)n
140 /a>{n
141 /a>        return ( a href="+code=watch" class="sref">watch /a>-> a href="+code=ino" class="sref">ino /a> != (unsigned long)-1) &&n
142 /a>                ( a href="+code=watch" class="sref">watch /a>-> a href="+code=ino" class="sref">ino /a> ==  a href="+code=ino" class="sref">ino /a>) &&n
143 /a>                ( a href="+code=watch" class="sref">watch /a>-> a href="+code=dev" class="sref">dev /a> ==  a href="+code=dev" class="sref">dev /a>);n
144 /a>}n
145 /a>n
146 /a> spai class="comment">/* Initialize a parent watch entry. */ /spaion
147 /a>static struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=audit_init_parent" class="sref">audit_init_parent /a>(struct
 a href="+code=path" class="sref">path /a> * a href="+code=path" class="sref">path /a>)n
148 /a>{n
149 /a>        struct
 a href="+code=inode" class="sref">inode /a> * a href="+code=inode" class="sref">inode /a> =  a href="+code=path" class="sref">path /a>-> a href="+code=dentry" class="sref">dentry /a>-> a href="+code=d_inode" class="sref">d_inode /a>;n
150 /a>        struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>;n
151 /a>        int
 a href="+code=ret" class="sref">ret /a>;n
152 /a>n
153 /a>         a href="+code=parent" class="sref">parent /a> =  a href="+code=kzalloc" class="sref">kzalloc /a>(sizeof(* a href="+code=parent" class="sref">parent /a>),  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);n
154 /a>        if ( a href="+code=unlikely" class="sref">unlikely /a>(! a href="+code=parent" class="sref">parent /a>))n
155 /a>                return  a href="+code=ERR_PTR" class="sref">ERR_PTR /a>(- a href="+code=ENOMEM" class="sref">ENOMEM /a>);n
156 /a>n
157 /a>         a href="+code=INIT_LIST_HEAD" class="sref">INIT_LIST_HEAD /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>);n
158 /a>n
159 /a>         a href="+code=fsnotify_init_mark" class="sref">fsnotify_init_mark /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=mark" class="sref">mark /a>,  a href="+code=audit_watch_free_mark" class="sref">audit_watch_free_mark /a>);n
160 /a>         a href="+code=parent" class="sref">parent /a>-> a href="+code=mark" class="sref">mark /a>. a href="+code=mask" class="sref">mask /a> =  a href="+code=AUDIT_FS_WATCH" class="sref">AUDIT_FS_WATCH /a>;n
161 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=fsnotify_add_mark" class="sref">fsnotify_add_mark /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=mark" class="sref">mark /a>,  a href="+code=audit_watch_group" class="sref">audit_watch_group /a>,  a href="+code=inode" class="sref">inode /a>,  a href="+code=NULL" class="sref">NULL /a>, 0);n
162 /a>        if ( a href="+code=ret" class="sref">ret /a> < 0) {n
163 /a>                 a href="+code=audit_free_parent" class="sref">audit_free_parent /a>( a href="+code=parent" class="sref">parent /a>);n
164 /a>                return  a href="+code=ERR_PTR" class="sref">ERR_PTR /a>( a href="+code=ret" class="sref">ret /a>);n
165 /a>        }n
166 /a>n
167 /a>        return  a href="+code=parent" class="sref">parent /a>;n
168 /a>}n
169 /a>n
17.11a> spai class="comment">/* Initialize a watch entry. */ /spaion
171 /a>static struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=audit_init_watch" class="sref">audit_init_watch /a>(char * a href="+code=path" class="sref">path /a>)n
172 /a>{n
173 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>;n
174 /a>n
175 /a>         a href="+code=watch" class="sref">watch /a> =  a href="+code=kzalloc" class="sref">kzalloc /a>(sizeof(* a href="+code=watch" class="sref">watch /a>),  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);n
176 /a>        if ( a href="+code=unlikely" class="sref">unlikely /a>(! a href="+code=watch" class="sref">watch /a>))n
177 /a>                return  a href="+code=ERR_PTR" class="sref">ERR_PTR /a>(- a href="+code=ENOMEM" class="sref">ENOMEM /a>);n
178 /a>n
179 /a>         a href="+code=INIT_LIST_HEAD" class="sref">INIT_LIST_HEAD /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=rules" class="sref">rules /a>);n
180 /a>         a href="+code=atomic_set" class="sref">atomic_set /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=count" class="sref">count /a>, 1);n
181 /a>         a href="+code=watch" class="sref">watch /a>-> a href="+code=path" class="sref">path /a> =  a href="+code=path" class="sref">path /a>;n
182 /a>         a href="+code=watch" class="sref">watch /a>-> a href="+code=dev" class="sref">dev /a> = ( a href="+code=dev_t" class="sref">dev_t /a>)-1;n
183 /a>         a href="+code=watch" class="sref">watch /a>-> a href="+code=ino" class="sref">ino /a> = (unsigned long)-1;n
184 /a>n
185 /a>        return  a href="+code=watch" class="sref">watch /a>;n
186 /a>}n
187 /a>n
188 /a> spai class="comment">/* Translate a watch string to kernel respresentaopti. */ /spaion
189 /a>int
 a href="+code=audit_to_watch" class="sref">audit_to_watch(struct
 a href="+code=audit_krule" class="sref">audit_krule /a> * a href="+code=krule" class="sref">krule /a>, char * a href="+code=path" class="sref">path /a>, int
 a href="+code=len" class="sref">len /a>,  a href="+code=u32" class="sref">u32 /a>  a href="+code=op" class="sref">op /a>)n
190 /a>{n
191 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>;n
192 /a>n
193 /a>        if (! a href="+code=audit_watch_group" class="sref">audit_watch_group /a>)n
194 /a>                return - a href="+code=EOPNOTSUPP" class="sref">EOPNOTSUPP /a>;n
195 /a>n
196 /a>        if ( a href="+code=path" class="sref">path /a>[0] !=  spai class="string">'/' /spaio ||
 a href="+code=path" class="sref">path /a>[ a href="+code=len" class="sref">len /a>-1] ==  spai class="string">'/' /spaio ||n
197 /a>             a href="+code=krule" class="sref">krule /a>-> a href="+code=listnr" class="sref">listnr /a> !=  a href="+code=AUDIT_FILTER_EXIT" class="sref">AUDIT_FILTER_EXIT /a> ||n
198 /a>             a href="+code=op" class="sref">op /a> !=  a href="+code=Audit_equal" class="sref">Audit_equal /a> ||n
199 /a>             a href="+code=krule" class="sref">krule /a>-> a href="+code=inode_f" class="sref">inode_f /a> ||  a href="+code=krule" class="sref">krule /a>-> a href="+code=watch" class="sref">watch /a> ||  a href="+code=krule" class="sref">krule /a>-> a href="+code=tree" class="sref">tree /a>)n
200 /a>                return - a href="+code=EINVAL" class="sref">EINVAL /a>;n
201 /a>n
202 /a>         a href="+code=watch" class="sref">watch /a> =  a href="+code=audit_init_watch" class="sref">audit_init_watch /a>( a href="+code=path" class="sref">path /a>);n
203 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=watch" class="sref">watch /a>))n
204 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=watch" class="sref">watch /a>);n
205 /a>n
206 /a>         a href="+code=audit_get_watch" class="sref">audit_get_watch /a>( a href="+code=watch" class="sref">watch /a>);n
207 /a>         a href="+code=krule" class="sref">krule /a>-> a href="+code=watch" class="sref">watch /a> =  a href="+code=watch" class="sref">watch /a>;n
208 /a>n
209 /a>        return 0;n
28.11a>}n
211 /a>n
212 /a> spai class="comment">/* Duplicate the given audit watch.  The new watch's rules list is initialized /spaion
213 /a> spai class="comment"> * to an empty list and wlist is undefined. */ /spaion
214 /a>static struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=audit_dupe_watch" class="sref">audit_dupe_watch(struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=old" class="sref">old /a>)n
215 /a>{n
216 /a>        char * a href="+code=path" class="sref">path /a>;n
217 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=new" class="sref">new /a>;n
218 /a>n
219 /a>         a href="+code=path" class="sref">path /a> =  a href="+code=kstrdup" class="sref">kstrdup /a>( a href="+code=old" class="sref">old /a>-> a href="+code=path" class="sref">path /a>,  a href="+code=GFP_KERNEL" class="sref">GFP_KERNEL /a>);n
220 /a>        if ( a href="+code=unlikely" class="sref">unlikely /a>(! a href="+code=path" class="sref">path /a>))n
221 /a>                return  a href="+code=ERR_PTR" class="sref">ERR_PTR /a>(- a href="+code=ENOMEM" class="sref">ENOMEM /a>);n
222 /a>n
223 /a>         a href="+code=new" class="sref">new /a> =  a href="+code=audit_init_watch" class="sref">audit_init_watch /a>( a href="+code=path" class="sref">path /a>);n
224 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=new" class="sref">new /a>)) {n
225 /a>                 a href="+code=kfree" class="sref">kfree /a>( a href="+code=path" class="sref">path /a>);n
226 /a>                goto  a href="+code=out" class="sref">out /a>;n
227 /a>        }n
228 /a>n
229 /a>         a href="+code=new" class="sref">new /a>-> a href="+code=dev" class="sref">dev /a> =  a href="+code=old" class="sref">old /a>-> a href="+code=dev" class="sref">dev /a>;n
230 /a>         a href="+code=new" class="sref">new /a>-> a href="+code=ino" class="sref">ino /a> =  a href="+code=old" class="sref">old /a>-> a href="+code=ino" class="sref">ino /a>;n
231 /a>         a href="+code=audit_get_parent" class="sref">audit_get_parent /a>( a href="+code=old" class="sref">old /a>-> a href="+code=parent" class="sref">parent /a>);n
232 /a>         a href="+code=new" class="sref">new /a>-> a href="+code=parent" class="sref">parent /a> =  a href="+code=old" class="sref">old /a>-> a href="+code=parent" class="sref">parent /a>;n
233 /a>n
234 /a> a href="+code=out" class="sref">out /a>:n
235 /a>        return  a href="+code=new" class="sref">new /a>;n
236 /a>}n
237 /a>n
238 /a>static void
 a href="+code=audit_watch_log_rule_change" class="sref">audit_watch_log_rule_change(struct
 a href="+code=audit_krule" class="sref">audit_krule /a> * a href="+code=r" class="sref">r /a>, struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=w" class="sref">w /a>, char * a href="+code=op" class="sref">op /a>)n
239 /a>{n
240 /a>        if ( a href="+code=audit_enabled" class="sref">audit_enabled /a>) {n
241 /a>                struct
 a href="+code=audit_buffer" class="sref">audit_buffer /a> * a href="+code=ab" class="sref">ab /a>;n
242 /a>                 a href="+code=ab" class="sref">ab /a> =  a href="+code=audit_log_start" class="sref">audit_log_start /a>( a href="+code=NULL" class="sref">NULL /a>,  a href="+code=GFP_NOFS" class="sref">GFP_NOFS /a>,  a href="+code=AUDIT_CONFIG_CHANGE" class="sref">AUDIT_CONFIG_CHANGE /a>);n
243 /a>                if ( a href="+code=unlikely" class="sref">unlikely /a>(! a href="+code=ab" class="sref">ab /a>))n
244 /a>                        return;n
245 /a>                 a href="+code=audit_log_format" class="sref">audit_log_format /a>( a href="+code=ab" class="sref">ab /a>,  spai class="string">"auidu%u sesu%u op=" /spaio,n
246 /a>                                  a href="+code=from_kuid" class="sref">from_kuid /a>(& a href="+code=init_user_ns" class="sref">init_user_ns /a>,  a href="+code=audit_get_loginuid" class="sref">audit_get_loginuid /a>( a href="+code=current" class="sref">current /a>)),n
247 /a>                                  a href="+code=audit_get_sessionid" class="sref">audit_get_sessionid /a>( a href="+code=current" class="sref">current /a>));n
248 /a>                 a href="+code=audit_log_string" class="sref">audit_log_string /a>( a href="+code=ab" class="sref">ab /a>,  a href="+code=op" class="sref">op /a>);n
249 /a>                 a href="+code=audit_log_format" class="sref">audit_log_format /a>( a href="+code=ab" class="sref">ab /a>,  spai class="string">" path=" /spaio);n
250 /a>                 a href="+code=audit_log_untrustedstring" class="sref">audit_log_untrustedstring /a>( a href="+code=ab" class="sref">ab /a>,  a href="+code=w" class="sref">w /a>-> a href="+code=path" class="sref">path /a>);n
251 /a>                 a href="+code=audit_log_key" class="sref">audit_log_key /a>( a href="+code=ab" class="sref">ab /a>,  a href="+code=r" class="sref">r /a>-> a href="+code=filterkey" class="sref">filterkey /a>);n
252 /a>                 a href="+code=audit_log_format" class="sref">audit_log_format /a>( a href="+code=ab" class="sref">ab /a>,  spai class="string">" listu%d res=1" /spaio,  a href="+code=r" class="sref">r /a>-> a href="+code=listnr" class="sref">listnr /a>);n
253 /a>                 a href="+code=audit_log_end" class="sref">audit_log_end /a>( a href="+code=ab" class="sref">ab /a>);n
254 /a>        }n
255 /a>}n
256 /a>n
257 /a> spai class="comment">/* Update inode info in audit rules based on filesystem event. */ /spaion
258 /a>static void
 a href="+code=audit_update_watch" class="sref">audit_update_watch(struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>,n
259 /a>                               const char * a href="+code=dnaml" class="sref">dnaml /a>,  a href="+code=dev_t" class="sref">dev_t /a>  a href="+code=dev" class="sref">dev /a>,n
260 /a>                               unsigned long  a href="+code=ino" class="sref">ino /a>, unsigned  a href="+code=invalidating" class="sref">invalidating /a>)n
261 /a>{n
262 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=owatch" class="sref">owatch /a>, * a href="+code=nwatch" class="sref">nwatch /a>, * a href="+code=nextw" class="sref">nextw /a>;n
263 /a>        struct
 a href="+code=audit_krule" class="sref">audit_krule /a> * a href="+code=r" class="sref">r /a>, * a href="+code=nextr" class="sref">nextr /a>;n
264 /a>        struct
 a href="+code=audit_entry" class="sref">audit_entry /a> * a href="+code=oentry" class="sref">oentry /a>, * a href="+code=nentry" class="sref">nentry /a>;n
265 /a>n
266 /a>         a href="+code=mutex_lock" class="sref">mutex_lock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
267 /a>         spai class="comment">/* Run all of the watches on this parent looking for the one that /spaion
268 /a> spai class="comment">         * matches the given dnaml */ /spaion
269 /a>         a href="+code=list_for_each_entry_safe" class="sref">list_for_each_entry_safe /a>( a href="+code=owatch" class="sref">owatch /a>,  a href="+code=nextw" class="sref">nextw /a>, & a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>,  a href="+code=wlist" class="sref">wlist /a>) {n
270 /a>                if ( a href="+code=audit_compare_dnaml_path" class="sref">audit_compare_dnaml_path /a>( a href="+code=dnaml" class="sref">dnaml /a>,  a href="+code=owatch" class="sref">owatch /a>-> a href="+code=path" class="sref">path /a>,n
271 /a>                                              a href="+code=AUDIT_NAME_FULL" class="sref">AUDIT_NAME_FULL /a>))n
272 /a>                        continue;n
273 /a>n
274 /a>                 spai class="comment">/* If the update involves invalidating rules, do the inode-based /spaion
275 /a> spai class="comment">                 * filtering now, so we don't omit records. */ /spaion
276 /a>                if ( a href="+code=invalidating" class="sref">invalidating /a> && ! a href="+code=audit_dummy_context" class="sref">audit_dummy_context /a>())n
277 /a>                         a href="+code=audit_filter_inodes" class="sref">audit_filter_inodes /a>( a href="+code=current" class="sref">current /a>,  a href="+code=current" class="sref">current /a>-> a href="+code=audit_context" class="sref">audit_context /a>);n
278 /a>n
279 /a>                 spai class="comment">/* updating ino will likely change which audit_hash_list we /spaion
28.11a> spai class="comment">                 * are on so we need a new watch for the new list */ /spaion
281 /a>                 a href="+code=nwatch" class="sref">nwatch /a> =  a href="+code=audit_dupe_watch" class="sref">audit_dupe_watch( a href="+code=owatch" class="sref">owatch /a>);n
282 /a>                if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=nwatch" class="sref">nwatch /a>)) {n
283 /a>                         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
284 /a>                         a href="+code=audit_panic" class="sref">audit_panic /a>( spai class="string">"error updating watch, skipping" /spaio);n
285 /a>                        return;n
286 /a>                }n
287 /a>                 a href="+code=nwatch" class="sref">nwatch /a>-> a href="+code=dev" class="sref">dev /a> =  a href="+code=dev" class="sref">dev /a>;n
288 /a>                 a href="+code=nwatch" class="sref">nwatch /a>-> a href="+code=ino" class="sref">ino /a> =  a href="+code=ino" class="sref">ino /a>;n
289 /a>n
290 /a>                 a href="+code=list_for_each_entry_safe" class="sref">list_for_each_entry_safe /a>( a href="+code=r" class="sref">r /a>,  a href="+code=nextr" class="sref">nextr /a>, & a href="+code=owatch" class="sref">owatch /a>-> a href="+code=rules" class="sref">rules /a>,  a href="+code=rlist" class="sref">rlist /a>) {n
291 /a>n
292 /a>                         a href="+code=oentry" class="sref">oentry /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=r" class="sref">r /a>, struct
 a href="+code=audit_entry" class="sref">audit_entry /a>,  a href="+code=rule" class="sref">rule /a>);n
293 /a>                         a href="+code=list_del" class="sref">list_del /a>(& a href="+code=oentry" class="sref">oentry /a>-> a href="+code=rule" class="sref">rule /a>. a href="+code=rlist" class="sref">rlist /a>);n
294 /a>                         a href="+code=list_del_rcu" class="sref">list_del_rcu /a>(& a href="+code=oentry" class="sref">oentry /a>-> a href="+code=list" class="sref">list /a>);n
295 /a>n
296 /a>                         a href="+code=nentry" class="sref">nentry /a> =  a href="+code=audit_dupe_rule" class="sref">audit_dupe_rule /a>(& a href="+code=oentry" class="sref">oentry /a>-> a href="+code=rule" class="sref">rule /a>);n
297 /a>                        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=nentry" class="sref">nentry /a>)) {n
298 /a>                                 a href="+code=list_del" class="sref">list_del /a>(& a href="+code=oentry" class="sref">oentry /a>-> a href="+code=rule" class="sref">rule /a>. a href="+code=list" class="sref">list /a>);n
299 /a>                                 a href="+code=audit_panic" class="sref">audit_panic /a>( spai class="string">"error updating watch, removing" /spaio);n
300 /a>                        } else {n
301 /a>                                int
 a href="+code=h" class="sref">h /a> =  a href="+code=audit_hash_ino" class="sref">audit_hash_ino /a>(( a href="+code=u32" class="sref">u32 /a>) a href="+code=ino" class="sref">ino /a>);n
302 /a>n
303 /a>                                 spai class="comment">/* /spaion
304 /a> spai class="comment">                                 * nentry->rule.watch == oentry->rule.watch so /spaion
305 /a> spai class="comment">                                 * we must drop that reference and set it to our /spaion
306 /a> spai class="comment">                                 * new watch. /spaion
307 /a> spai class="comment">                                 */ /spaion
308 /a>                                 a href="+code=audit_put_watch" class="sref">audit_put_watch /a>( a href="+code=nentry" class="sref">nentry /a>-> a href="+code=rule" class="sref">rule /a>. a href="+code=watch" class="sref">watch /a>);n
309 /a>                                 a href="+code=audit_get_watch" class="sref">audit_get_watch /a>( a href="+code=nwatch" class="sref">nwatch /a>);n
310 /a>                                 a href="+code=nentry" class="sref">nentry /a>-> a href="+code=rule" class="sref">rule /a>. a href="+code=watch" class="sref">watch /a> =  a href="+code=nwatch" class="sref">nwatch /a>;n
311 /a>                                 a href="+code=list_add" class="sref">list_add /a>(& a href="+code=nentry" class="sref">nentry /a>-> a href="+code=rule" class="sref">rule /a>. a href="+code=rlist" class="sref">rlist /a>, & a href="+code=nwatch" class="sref">nwatch /a>-> a href="+code=rules" class="sref">rules /a>);n
312 /a>                                 a href="+code=list_add_rcu" class="sref">list_add_rcu /a>(& a href="+code=nentry" class="sref">nentry /a>-> a href="+code=list" class="sref">list /a>, & a href="+code=audit_inode_hash" class="sref">audit_inode_hash /a>[ a href="+code=h" class="sref">h /a>]);n
313 /a>                                 a href="+code=list_replace" class="sref">list_replace /a>(& a href="+code=oentry" class="sref">oentry /a>-> a href="+code=rule" class="sref">rule /a>. a href="+code=list" class="sref">list /a>,n
314 /a>                                             & a href="+code=nentry" class="sref">nentry /a>-> a href="+code=rule" class="sref">rule /a>. a href="+code=list" class="sref">list /a>);n
315 /a>                        }n
316 /a>n
317 /a>                         a href="+code=audit_watch_log_rule_change" class="sref">audit_watch_log_rule_change( a href="+code=r" class="sref">r /a>,  a href="+code=owatch" class="sref">owatch /a>,  spai class="string">"updated rules" /spaio);n
318 /a>n
319 /a>                         a href="+code=call_rcu" class="sref">call_rcu /a>(& a href="+code=oentry" class="sref">oentry /a>-> a href="+code=rcu" class="sref">rcu /a>,  a href="+code=audit_free_rule_rcu" class="sref">audit_free_rule_rcu /a>);n
320 /a>                }n
321 /a>n
322 /a>                 a href="+code=audit_remove_watch" class="sref">audit_remove_watch( a href="+code=owatch" class="sref">owatch /a>);n
323 /a>                goto  a href="+code=add_watch_to_parent" class="sref">add_watch_to_parent /a>;  spai class="comment">/* event applies to a single watch */ /spaion
324 /a>        }n
325 /a>         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
326 /a>        return;n
327 /a>n
328 /a> a href="+code=add_watch_to_parent" class="sref">add_watch_to_parent /a>:n
329 /a>         a href="+code=list_add" class="sref">list_add /a>(& a href="+code=nwatch" class="sref">nwatch /a>-> a href="+code=wlist" class="sref">wlist /a>, & a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>);n
330 /a>         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
331 /a>        return;n
332 /a>}n
333 /a>n
334 /a> spai class="comment">/* Remove all watches & rules associated with a parent that is going away. */ /spaion
335 /a>static void
 a href="+code=audit_remove_parent_watches" class="sref">audit_remove_parent_watches /a>(struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>)n
336 /a>{n
337 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=w" class="sref">w /a>, * a href="+code=nextw" class="sref">nextw /a>;n
338 /a>        struct
 a href="+code=audit_krule" class="sref">audit_krule /a> * a href="+code=r" class="sref">r /a>, * a href="+code=nextr" class="sref">nextr /a>;n
339 /a>        struct
 a href="+code=audit_entry" class="sref">audit_entry /a> * a href="+code=e" class="sref">e /a>;n
340 /a>n
341 /a>         a href="+code=mutex_lock" class="sref">mutex_lock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
342 /a>         a href="+code=list_for_each_entry_safe" class="sref">list_for_each_entry_safe /a>( a href="+code=w" class="sref">w /a>,  a href="+code=nextw" class="sref">nextw /a>, & a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>,  a href="+code=wlist" class="sref">wlist /a>) {n
343 /a>                 a href="+code=list_for_each_entry_safe" class="sref">list_for_each_entry_safe /a>( a href="+code=r" class="sref">r /a>,  a href="+code=nextr" class="sref">nextr /a>, & a href="+code=w" class="sref">w /a>-> a href="+code=rules" class="sref">rules /a>,  a href="+code=rlist" class="sref">rlist /a>) {n
344 /a>                         a href="+code=e" class="sref">e /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=r" class="sref">r /a>, struct
 a href="+code=audit_entry" class="sref">audit_entry /a>,  a href="+code=rule" class="sref">rule /a>);n
345 /a>                         a href="+code=audit_watch_log_rule_change" class="sref">audit_watch_log_rule_change( a href="+code=r" class="sref">r /a>,  a href="+code=w" class="sref">w /a>,  spai class="string">"remove rule" /spaio);n
346 /a>                         a href="+code=list_del" class="sref">list_del /a>(& a href="+code=r" class="sref">r /a>-> a href="+code=rlist" class="sref">rlist /a>);n
347 /a>                         a href="+code=list_del" class="sref">list_del /a>(& a href="+code=r" class="sref">r /a>-> a href="+code=list" class="sref">list /a>);n
348 /a>                         a href="+code=list_del_rcu" class="sref">list_del_rcu /a>(& a href="+code=e" class="sref">e /a>-> a href="+code=list" class="sref">list /a>);n
349 /a>                         a href="+code=call_rcu" class="sref">call_rcu /a>(& a href="+code=e" class="sref">e /a>-> a href="+code=rcu" class="sref">rcu /a>,  a href="+code=audit_free_rule_rcu" class="sref">audit_free_rule_rcu /a>);n
350 /a>                }n
351 /a>                 a href="+code=audit_remove_watch" class="sref">audit_remove_watch( a href="+code=w" class="sref">w /a>);n
352 /a>        }n
353 /a>         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
354 /a>n
355 /a>         a href="+code=fsnotify_destroy_mark" class="sref">fsnotify_destroy_mark /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=mark" class="sref">mark /a>,  a href="+code=audit_watch_group" class="sref">audit_watch_group /a>);n
356 /a>}n
357 /a>n
358 /a> spai class="comment">/* Get path information necessary for adding watches. */ /spaion
359 /a>static int
 a href="+code=audit_get_nd" class="sref">audit_get_nd /a>(struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a>, struct
 a href="+code=path" class="sref">path /a> * a href="+code=parent" class="sref">parent /a>)n
360 /a>{n
361 /a>        struct
 a href="+code=dentry" class="sref">dentry /a> * a href="+code=d" class="sref">d /a> =  a href="+code=kern_path_locked" class="sref">kern_path_locked( a href="+code=watch" class="sref">watch /a>-> a href="+code=path" class="sref">path /a>,  a href="+code=parent" class="sref">parent /a>);n
362 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=d" class="sref">d /a>))n
363 /a>                return  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=d" class="sref">d /a>);n
364 /a>         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=dentry" class="sref">dentry /a>-> a href="+code=d_inode" class="sref">d_inode /a>-> a href="+code=i_mutex" class="sref">i_mutex /a>);n
365 /a>        if ( a href="+code=d" class="sref">d /a>-> a href="+code=d_inode" class="sref">d_inode /a>) {n
366 /a>                 spai class="comment">/* update watch filter fields */ /spaion
367 /a>                 a href="+code=watch" class="sref">watch /a>-> a href="+code=dev" class="sref">dev /a> =  a href="+code=d" class="sref">d /a>-> a href="+code=d_inode" class="sref">d_inode /a>-> a href="+code=i_sb" class="sref">i_sb /a>-> a href="+code=s_dev" class="sref">s_dev /a>;n
368 /a>                 a href="+code=watch" class="sref">watch /a>-> a href="+code=ino" class="sref">ino /a> =  a href="+code=d" class="sref">d /a>-> a href="+code=d_inode" class="sref">d_inode /a>-> a href="+code=i_ino" class="sref">i_ino /a>;n
369 /a>        }n
370 /a>         a href="+code=dput" class="sref">dput /a>( a href="+code=d" class="sref">d /a>);n
371 /a>        return 0;n
372 /a>}n
373 /a>n
374 /a> spai class="comment">/* Associate the given rule with an existing parent. /spaion
375 /a> spai class="comment"> * Caller must hold audit_filter_mutex. */ /spaion
376 /a>static void
 a href="+code=audit_add_to_parent" class="sref">audit_add_to_parent /a>(struct
 a href="+code=audit_krule" class="sref">audit_krule /a> * a href="+code=krule" class="sref">krule /a>,n
377 /a>                                struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>)n
378 /a>{n
379 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=w" class="sref">w /a>, * a href="+code=watch" class="sref">watch /a> =  a href="+code=krule" class="sref">krule /a>-> a href="+code=watch" class="sref">watch /a>;n
380 /a>        int
 a href="+code=watch_found" class="sref">watch_found /a> = 0;n
381 /a>n
382 /a>         a href="+code=BUG_ON" class="sref">BUG_ON /a>(! a href="+code=mutex_is_locked" class="sref">mutex_is_locked /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>));n
383 /a>n
384 /a>         a href="+code=list_for_each_entry" class="sref">list_for_each_entry( a href="+code=w" class="sref">w /a>, & a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>,  a href="+code=wlist" class="sref">wlist /a>) {n
385 /a>                if ( a href="+code=strcmp" class="sref">strcmp( a href="+code=watch" class="sref">watch /a>-> a href="+code=path" class="sref">path /a>,  a href="+code=w" class="sref">w /a>-> a href="+code=path" class="sref">path /a>))n
386 /a>                        continue;n
387 /a>n
388 /a>                 a href="+code=watch_found" class="sref">watch_found /a> = 1;n
389 /a>n
390 /a>                 spai class="comment">/* put krule's and initial refs to temporary watch */ /spaion
391 /a>                 a href="+code=audit_put_watch" class="sref">audit_put_watch /a>( a href="+code=watch" class="sref">watch /a>);n
392 /a>                 a href="+code=audit_put_watch" class="sref">audit_put_watch /a>( a href="+code=watch" class="sref">watch /a>);n
393 /a>n
394 /a>                 a href="+code=audit_get_watch" class="sref">audit_get_watch /a>( a href="+code=w" class="sref">w /a>);n
395 /a>                 a href="+code=krule" class="sref">krule /a>-> a href="+code=watch" class="sref">watch /a> =  a href="+code=watch" class="sref">watch /a> =  a href="+code=w" class="sref">w /a>;n
396 /a>                break;n
397 /a>        }n
398 /a>n
399 /a>        if (! a href="+code=watch_found" class="sref">watch_found /a>) {n
400 /a>                 a href="+code=audit_get_parent" class="sref">audit_get_parent /a>( a href="+code=parent" class="sref">parent /a>);n
401 /a>                 a href="+code=watch" class="sref">watch /a>-> a href="+code=parent" class="sref">parent /a> =  a href="+code=parent" class="sref">parent /a>;n
402 /a>n
403 /a>                 a href="+code=list_add" class="sref">list_add /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=wlist" class="sref">wlist /a>, & a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>);n
404 /a>        }n
405 /a>         a href="+code=list_add" class="sref">list_add /a>(& a href="+code=krule" class="sref">krule /a>-> a href="+code=rlist" class="sref">rlist /a>, & a href="+code=watch" class="sref">watch /a>-> a href="+code=rules" class="sref">rules /a>);n
406 /a>}n
407 /a>n
408 /a> spai class="comment">/* Find a matching watch entry, or add this one. /spaion
409 /a> spai class="comment"> * Caller must hold audit_filter_mutex. */ /spaion
410 /a>int
 a href="+code=audit_add_watch" class="sref">audit_add_watch /a>(struct
 a href="+code=audit_krule" class="sref">audit_krule /a> * a href="+code=krule" class="sref">krule /a>, struct
 a href="+code=list_head" class="sref">list_head /a> ** a href="+code=list" class="sref">list /a>)n
411 /a>{n
412 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a> =  a href="+code=krule" class="sref">krule /a>-> a href="+code=watch" class="sref">watch /a>;n
413 /a>        struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>;n
414 /a>        struct
 a href="+code=path" class="sref">path /a>  a href="+code=parent_path" class="sref">parent_path /a>;n
415 /a>        int
 a href="+code=h" class="sref">h /a>,  a href="+code=ret" class="sref">ret /a> = 0;n
416 /a>n
417 /a>         a href="+code=mutex_unlock" class="sref">mutex_unlock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
418 /a>n
419 /a>         spai class="comment">/* Avoid
calling path_lookup under audit_filter_mutex. */ /spaion
420 /a>         a href="+code=ret" class="sref">ret /a> =  a href="+code=audit_get_nd" class="sref">audit_get_nd /a>( a href="+code=watch" class="sref">watch /a>, & a href="+code=parent_path" class="sref">parent_path /a>);n
421 /a>n
422 /a>         spai class="comment">/* caller expects mutex locked */ /spaion
423 /a>         a href="+code=mutex_lock" class="sref">mutex_lock /a>(& a href="+code=audit_filter_mutex" class="sref">audit_filter_mutex /a>);n
424 /a>n
425 /a>        if ( a href="+code=ret" class="sref">ret /a>)n
426 /a>                return  a href="+code=ret" class="sref">ret /a>;n
427 /a>n
428 /a>         spai class="comment">/* either find an old parent or attach a new one */ /spaion
429 /a>         a href="+code=parent" class="sref">parent /a> =  a href="+code=audit_find_parent" class="sref">audit_find_parent /a>( a href="+code=parent_path" class="sref">parent_path /a>. a href="+code=dentry" class="sref">dentry /a>-> a href="+code=d_inode" class="sref">d_inode /a>);n
430 /a>        if (! a href="+code=parent" class="sref">parent /a>) {n
431 /a>                 a href="+code=parent" class="sref">parent /a> =  a href="+code=audit_init_parent" class="sref">audit_init_parent /a>(& a href="+code=parent_path" class="sref">parent_path /a>);n
432 /a>                if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=parent" class="sref">parent /a>)) {n
433 /a>                         a href="+code=ret" class="sref">ret /a> =  a href="+code=PTR_ERR" class="sref">PTR_ERR /a>( a href="+code=parent" class="sref">parent /a>);n
434 /a>                        goto  a href="+code=error" class="sref">error /a>;n
435 /a>                }n
436 /a>        }n
437 /a>n
438 /a>         a href="+code=audit_add_to_parent" class="sref">audit_add_to_parent /a>( a href="+code=krule" class="sref">krule /a>,  a href="+code=parent" class="sref">parent /a>);n
439 /a>n
440 /a>         spai class="comment">/* match get in audit_find_parent or audit_init_parent */ /spaion
441 /a>         a href="+code=audit_put_parent" class="sref">audit_put_parent /a>( a href="+code=parent" class="sref">parent /a>);n
442 /a>n
443 /a>         a href="+code=h" class="sref">h /a> =  a href="+code=audit_hash_ino" class="sref">audit_hash_ino /a>(( a href="+code=u32" class="sref">u32 /a>) a href="+code=watch" class="sref">watch /a>-> a href="+code=ino" class="sref">ino /a>);n
444 /a>        * a href="+code=list" class="sref">list /a> = & a href="+code=audit_inode_hash" class="sref">audit_inode_hash /a>[ a href="+code=h" class="sref">h /a>];n
445 /a> a href="+code=error" class="sref">error /a>:n
446 /a>         a href="+code=path_put" class="sref">path_put /a>(& a href="+code=parent_path" class="sref">parent_path /a>);n
447 /a>        return  a href="+code=ret" class="sref">ret /a>;n
448 /a>}n
449 /a>n
450 /a>void
 a href="+code=audit_remove_watch_rule" class="sref">audit_remove_watch_rule(struct
 a href="+code=audit_krule" class="sref">audit_krule /a> * a href="+code=krule" class="sref">krule /a>)n
451 /a>{n
452 /a>        struct
 a href="+code=audit_watch" class="sref">audit_watch /a> * a href="+code=watch" class="sref">watch /a> =  a href="+code=krule" class="sref">krule /a>-> a href="+code=watch" class="sref">watch /a>;n
453 /a>        struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a> =  a href="+code=watch" class="sref">watch /a>-> a href="+code=parent" class="sref">parent /a>;n
454 /a>n
455 /a>         a href="+code=list_del" class="sref">list_del /a>(& a href="+code=krule" class="sref">krule /a>-> a href="+code=rlist" class="sref">rlist /a>);n
456 /a>n
457 /a>        if ( a href="+code=list_empty" class="sref">list_empty /a>(& a href="+code=watch" class="sref">watch /a>-> a href="+code=rules" class="sref">rules /a>)) {n
458 /a>                 a href="+code=audit_remove_watch" class="sref">audit_remove_watch /a>( a href="+code=watch" class="sref">watch /a>);n
459 /a>n
460 /a>                if ( a href="+code=list_empty" class="sref">list_empty /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=watches" class="sref">watches /a>)) {n
461 /a>                         a href="+code=audit_get_parent" class="sref">audit_get_parent /a>( a href="+code=parent" class="sref">parent /a>);n
462 /a>                         a href="+code=fsnotify_destroy_mark" class="sref">fsnotify_destroy_mark /a>(& a href="+code=parent" class="sref">parent /a>-> a href="+code=mark" class="sref">mark /a>,  a href="+code=audit_watch_group" class="sref">audit_watch_group /a>);n
463 /a>                         a href="+code=audit_put_parent" class="sref">audit_put_parent /a>( a href="+code=parent" class="sref">parent /a>);n
464 /a>                }n
465 /a>        }n
466 /a>}n
467 /a>n
468 /a>static  a href="+code=bool" class="sref">bool /a>  a href="+code=audit_watch_should_send_event" class="sref">audit_watch_should_send_event(struct
 a href="+code=fsnotify_group" class="sref">fsnotify_group /a> * a href="+code=group" class="sref">group /a>, struct
 a href="+code=inode" class="sref">inode /a> * a href="+code=inode" class="sref">inode /a>,n
469 /a>                                          struct
 a href="+code=fsnotify_mark" class="sref">fsnotify_mark /a> * a href="+code=inode_mark" class="sref">inode_mark /a>,n
470 /a>                                          struct
 a href="+code=fsnotify_mark" class="sref">fsnotify_mark /a> * a href="+code=vfsmount_mark" class="sref">vfsmount_mark /a>,n
471 /a>                                           a href="+code=__u32" class="sref">__u32 /a>  a href="+code=mask" class="sref">mask /a>, void
* a href="+code=data" class="sref">data /a>, int
 a href="+code=data_type" class="sref">data_type /a>)n
472 /a>{n
473 /a>       return  a href="+code=true" class="sref">true /a>;n
474 /a>}n
475 /a>n
476 /a> spai class="comment">/* Update watch data in audit rules based on fsnotify events. */ /spaion
477 /a>static int
 a href="+code=audit_watch_handle_event" class="sref">audit_watch_handle_event(struct
 a href="+code=fsnotify_group" class="sref">fsnotify_group /a> * a href="+code=group" class="sref">group /a>,n
478 /a>                                    struct
 a href="+code=fsnotify_mark" class="sref">fsnotify_mark /a> * a href="+code=inode_mark" class="sref">inode_mark /a>,n
479 /a>                                    struct
 a href="+code=fsnotify_mark" class="sref">fsnotify_mark /a> * a href="+code=vfsmount_mark" class="sref">vfsmount_mark /a>,n
480 /a>                                    struct
 a href="+code=fsnotify_event" class="sref">fsnotify_event /a> * a href="+code=event" class="sref">event /a>)n
481 /a>{n
482 /a>        struct
 a href="+code=inode" class="sref">inode /a> * a href="+code=inode" class="sref">inode /a>;n
483 /a>         a href="+code=__u32" class="sref">__u32 /a>  a href="+code=mask" class="sref">mask /a> =  a href="+code=event" class="sref">event /a>-> a href="+code=mask" class="sref">mask /a>;n
484 /a>        const char
* a href="+code=dnaml" class="sref">dnaml /a> =  a href="+code=event" class="sref">event /a>-> a href="+code=file_naml" class="sref">file_naml /a>;n
485 /a>        struct
 a href="+code=audit_parent" class="sref">audit_parent /a> * a href="+code=parent" class="sref">parent /a>;n
486 /a>n
487 /a>         a href="+code=parent" class="sref">parent /a> =  a href="+code=container_of" class="sref">container_of /a>( a href="+code=inode_mark" class="sref">inode_mark /a>, struct
 a href="+code=audit_parent" class="sref">audit_parent /a>,  a href="+code=mark" class="sref">mark /a>);n
488 /a>n
489 /a>         a href="+code=BUG_ON" class="sref">BUG_ON /a>( a href="+code=group" class="sref">group /a> !=  a href="+code=audit_watch_group" class="sref">audit_watch_group /a>);n
490 /a>n
491 /a>        switch ( a href="+code=event" class="sref">event /a>-> a href="+code=data_type" class="sref">data_type /a>) {n
492 /a>        case ( a href="+code=FSNOTIFY_EVENT_PATH" class="sref">FSNOTIFY_EVENT_PATH /a>):n
493 /a>                 a href="+code=inode" class="sref">inode /a> =  a href="+code=event" class="sref">event /a>-> a href="+code=path" class="sref">path /a>. a href="+code=dentry" class="sref">dentry /a>-> a href="+code=d_inode" class="sref">d_inode /a>;n
494 /a>                break;n
495 /a>        case ( a href="+code=FSNOTIFY_EVENT_INODE" class="sref">FSNOTIFY_EVENT_INODE /a>):n
496 /a>                 a href="+code=inode" class="sref">inode /a> =  a href="+code=event" class="sref">event /a>-> a href="+code=inode" class="sref">inode /a>;n
497 /a>                break;n
498 /a>        default:n
499 /a>                 a href="+code=BUG" class="sref">BUG /a>();n
500 /a>                 a href="+code=inode" class="sref">inode /a> =  a href="+code=NULL" class="sref">NULL /a>;n
501 /a>                break;n
502 /a>        };n
503 /a>n
504 /a>        if ( a href="+code=mask" class="sref">mask /a> & ( a href="+code=FS_CREATE" class="sref">FS_CREATE /a>| a href="+code=FS_MOVED_TO" class="sref">FS_MOVED_TO /a>) &&  a href="+code=inode" class="sref">inode /a>)n
505 /a>                 a href="+code=audit_update_watch" class="sref">audit_update_watch /a>( a href="+code=parent" class="sref">parent /a>,  a href="+code=dnaml" class="sref">dnaml /a>,  a href="+code=inode" class="sref">inode /a>-> a href="+code=i_sb" class="sref">i_sb /a>-> a href="+code=s_dev" class="sref">s_dev /a>,  a href="+code=inode" class="sref">inode /a>-> a href="+code=i_ino" class="sref">i_ino /a>, 0);n
506 /a>        else if ( a href="+code=mask" class="sref">mask /a> & ( a href="+code=FS_DELETE" class="sref">FS_DELETE /a>| a href="+code=FS_MOVED_FROM" class="sref">FS_MOVED_FROM /a>))n
507 /a>                 a href="+code=audit_update_watch" class="sref">audit_update_watch /a>( a href="+code=parent" class="sref">parent /a>,  a href="+code=dnaml" class="sref">dnaml /a>, ( a href="+code=dev_t" class="sref">dev_t /a>)-1, (unsigned long)-1, 1);n
508 /a>        else if ( a href="+code=mask" class="sref">mask /a> & ( a href="+code=FS_DELETE_SELF" class="sref">FS_DELETE_SELF /a>| a href="+code=FS_UNMOUNT" class="sref">FS_UNMOUNT /a>| a href="+code=FS_MOVE_SELF" class="sref">FS_MOVE_SELF /a>))n
509 /a>                 a href="+code=audit_remove_parent_watches" class="sref">audit_remove_parent_watches /a>( a href="+code=parent" class="sref">parent /a>);n
510 /a>n
511 /a>        return 0;n
512 /a>}n
513 /a>n
514 /a>static const struct
 a href="+code=fsnotify_ops" class="sref">fsnotify_ops /a>  a href="+code=audit_watch_fsnotify_ops" class="sref">audit_watch_fsnotify_ops /a> = {n
515 /a>        . a href="+code=should_send_event" class="sref">should_send_event =     a href="+code=audit_watch_should_send_event" class="sref">audit_watch_should_send_event,n
516 /a>        . a href="+code=handle_event" class="sref">handle_event =          a href="+code=audit_watch_handle_event" class="sref">audit_watch_handle_event,n
517 /a>        . a href="+code=free_group_priv" class="sref">free_group_priv =       a href="+code=NULL" class="sref">NULL /a>,n
518 /a>        . a href="+code=freeing_mark" class="sref">freeing_mark =          a href="+code=NULL" class="sref">NULL /a>,n
519 /a>        . a href="+code=free_event_priv" class="sref">free_event_priv =       a href="+code=NULL" class="sref">NULL /a>,n
520 /a>};n
521 /a>n
522 /a>static int
 a href="+code=__init" class="sref">__init /a>  a href="+code=audit_watch_init" class="sref">audit_watch_init /a>(void)n
523 /a>{n
524 /a>         a href="+code=audit_watch_group" class="sref">audit_watch_group /a> =  a href="+code=fsnotify_alloc_group" class="sref">fsnotify_alloc_group /a>(& a href="+code=audit_watch_fsnotify_ops" class="sref">audit_watch_fsnotify_ops /a>);n
525 /a>        if ( a href="+code=IS_ERR" class="sref">IS_ERR /a>( a href="+code=audit_watch_group" class="sref">audit_watch_group /a>)) {n
526 /a>                 a href="+code=audit_watch_group" class="sref">audit_watch_group /a> =  a href="+code=NULL" class="sref">NULL /a>;n
527 /a>                 a href="+code=audit_panic" class="sref">audit_panic /a>( spai class="string">"cannot create audit fsnotify group" /spaio);n
528 /a>        }n
529 /a>        return 0;n
530 /a>}n
531 /a> a href="+code=device_initcall" class="sref">device_initcall /a>( a href="+code=audit_watch_init" class="sref">audit_watch_init /a>);n
532 /a>
lxr.linux.no kindly hosted by Redpill Linpro AS /a>, provider of Linux consulting and operations services since 1995.