/* * Setup a watch. The "name" of the watch in userspace will be the <path> to * the watch. When this potential watch reaches the kernel, it will resolve * down to <name> (of terminating file or directory). * Returns a 1 on success & -1 on failure. */ static int audit_setup_watch_name(struct audit_rule_data **rulep, char *path) { int type = AUDIT_WATCH; size_t len; struct stat buf; if (check_path(path)) return -1; // Trim trailing '/' should they exist len = strlen(path); if (len > 2 && path[len-1] == '/') { while (path[len-1] == '/' && len > 1) { path[len-1] = 0; len--; } } if (stat(path, &buf) == 0) { if (S_ISDIR(buf.st_mode)) type = AUDIT_DIR; } /* FIXME: might want to check to see that rule is empty */ if (audit_add_watch_dir(type, rulep, path)) return -1; return 1; }
int audit_add_dir(struct audit_rule_data **rulep, const char *path) { return audit_add_watch_dir(AUDIT_DIR, rulep, path); }