/*
* Setup a watch. The "name" of the watch in userspace will be the <path> to
* the watch. When this potential watch reaches the kernel, it will resolve
* down to <name> (of terminating file or directory).
* Returns a 1 on success & -1 on failure.
*/
static int audit_setup_watch_name(struct audit_rule_data **rulep, char *path)
{
int type = AUDIT_WATCH;
size_t len;
struct stat buf;
if (check_path(path))
return -1;
// Trim trailing '/' should they exist
len = strlen(path);
if (len > 2 && path[len-1] == '/') {
while (path[len-1] == '/' && len > 1) {
path[len-1] = 0;
len--;
}
}
if (stat(path, &buf) == 0) {
if (S_ISDIR(buf.st_mode))
type = AUDIT_DIR;
}
/* FIXME: might want to check to see that rule is empty */
if (audit_add_watch_dir(type, rulep, path))
return -1;
return 1;
}
int audit_add_dir(struct audit_rule_data **rulep, const char *path)
{
return audit_add_watch_dir(AUDIT_DIR, rulep, path);
}
