1 files changed, 33 insertions, 1 deletions
diff --git a/kernel/audit.h b/kernel/audit.h
index 95877435c347..2554bd524fd1 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -73,6 +73,9 @@ struct audit_field {
        struct selinux_audit_rule       *se_rule;
 };
+struct audit_tree;
+struct audit_chunk;
 struct audit_krule {
        int                     vers_ops;
        u32                     flags;
@@ -86,7 +89,8 @@ struct audit_krule {
        struct audit_field      *arch_f; /* quick access to arch field */
        struct audit_field      *inode_f; /* quick access to an inode field */
        struct audit_watch      *watch; /* associated watch */
-        struct list_head        rlist;  /* entry in audit_watch.rules list */
+        struct audit_tree       *tree;  /* associated watched tree */
+        struct list_head        rlist;  /* entry in audit_{watch,tree}.rules list */
 };
 struct audit_entry {
@@ -130,6 +134,34 @@ extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
                                const char *, struct inode *);
 extern int selinux_audit_rule_update(void);
+extern struct mutex audit_filter_mutex;
+extern void audit_free_rule_rcu(struct rcu_head *);
+#ifdef CONFIG_AUDIT_TREE
+extern struct audit_chunk *audit_tree_lookup(const struct inode *);
+extern void audit_put_chunk(struct audit_chunk *);
+extern int audit_tree_match(struct audit_chunk *, struct audit_tree *);
+extern int audit_make_tree(struct audit_krule *, char *, u32);
+extern int audit_add_tree_rule(struct audit_krule *);
+extern int audit_remove_tree_rule(struct audit_krule *);
+extern void audit_trim_trees(void);
+extern int audit_tag_tree(char *old, char *new);
+extern void audit_schedule_prune(void);
+extern void audit_prune_trees(void);
+extern const char *audit_tree_path(struct audit_tree *);
+extern void audit_put_tree(struct audit_tree *);
+#else
+#define audit_remove_tree_rule(rule) BUG()
+#define audit_add_tree_rule(rule) -EINVAL
+#define audit_make_tree(rule, str, op) -EINVAL
+#define audit_trim_trees() (void)0
+#define audit_put_tree(tree) (void)0
+#define audit_tag_tree(old, new) -EINVAL
+#define audit_tree_path(rule) ""        /* never called */
+#endif
+extern char *audit_unpack_string(void **, size_t *, size_t);
 #ifdef CONFIG_AUDITSYSCALL
 extern int __audit_signal_info(int sig, struct task_struct *t);
 static inline int audit_signal_info(int sig, struct task_struct *t)

diff --git a/kernel/audit.h b/kernel/audit.h index 95877435c347..2554bd524fd1 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -73,6 +73,9 @@ struct audit_field {
73	struct selinux_audit_rule *se_rule;	73	struct selinux_audit_rule *se_rule;
74	};	74	};
75		75
		76	struct audit_tree;
		77	struct audit_chunk;
		78
76	struct audit_krule {	79	struct audit_krule {
77	int vers_ops;	80	int vers_ops;
78	u32 flags;	81	u32 flags;
@@ -86,7 +89,8 @@ struct audit_krule {
86	struct audit_field arch_f; / quick access to arch field */	89	struct audit_field arch_f; / quick access to arch field */
87	struct audit_field inode_f; / quick access to an inode field */	90	struct audit_field inode_f; / quick access to an inode field */
88	struct audit_watch watch; / associated watch */	91	struct audit_watch watch; / associated watch */
89	struct list_head rlist; /* entry in audit_watch.rules list */	92	struct audit_tree tree; / associated watched tree */
		93	struct list_head rlist; /* entry in audit_{watch,tree}.rules list */
90	};	94	};
91		95
92	struct audit_entry {	96	struct audit_entry {
@@ -130,6 +134,34 @@ extern void audit_handle_ievent(struct inotify_watch *, u32, u32, u32,
130	const char , struct inode );	134	const char , struct inode );
131	extern int selinux_audit_rule_update(void);	135	extern int selinux_audit_rule_update(void);
132		136
		137	extern struct mutex audit_filter_mutex;
		138	extern void audit_free_rule_rcu(struct rcu_head *);
		139
		140	#ifdef CONFIG_AUDIT_TREE
		141	extern struct audit_chunk audit_tree_lookup(const struct inode );
		142	extern void audit_put_chunk(struct audit_chunk *);
		143	extern int audit_tree_match(struct audit_chunk , struct audit_tree );
		144	extern int audit_make_tree(struct audit_krule , char , u32);
		145	extern int audit_add_tree_rule(struct audit_krule *);
		146	extern int audit_remove_tree_rule(struct audit_krule *);
		147	extern void audit_trim_trees(void);
		148	extern int audit_tag_tree(char old, char new);
		149	extern void audit_schedule_prune(void);
		150	extern void audit_prune_trees(void);
		151	extern const char audit_tree_path(struct audit_tree );
		152	extern void audit_put_tree(struct audit_tree *);
		153	#else
		154	#define audit_remove_tree_rule(rule) BUG()
		155	#define audit_add_tree_rule(rule) -EINVAL
		156	#define audit_make_tree(rule, str, op) -EINVAL
		157	#define audit_trim_trees() (void)0
		158	#define audit_put_tree(tree) (void)0
		159	#define audit_tag_tree(old, new) -EINVAL
		160	#define audit_tree_path(rule) "" /* never called */
		161	#endif
		162
		163	extern char audit_unpack_string(void , size_t , size_t);
		164
133	#ifdef CONFIG_AUDITSYSCALL	165	#ifdef CONFIG_AUDITSYSCALL
134	extern int __audit_signal_info(int sig, struct task_struct *t);	166	extern int __audit_signal_info(int sig, struct task_struct *t);
135	static inline int audit_signal_info(int sig, struct task_struct *t)	167	static inline int audit_signal_info(int sig, struct task_struct *t)