audit_compare

Name:Compare two rules in kernel format. Considered success if rules* don't match.

Proto:static int audit_compare_rule(struct audit_krule *a, struct audit_krule *b)

Type:int

Parameter:

Type	Parameter	Name
struct audit_krule *	a
struct audit_krule *	b

708

If type != type || op != op Then Return 1

713

Case type == security label user

714

Case type == security label role

715

Case type == security label type

716

Case type == security label sensitivity label

717

Case type == security label clearance label

718

Case type == AUDIT_OBJ_USER

719

Case type == AUDIT_OBJ_ROLE

720

Case type == AUDIT_OBJ_TYPE

721

Case type == AUDIT_OBJ_LEV_LOW

722

Case type == AUDIT_OBJ_LEV_HIGH

723

If strcmp(lsm_str, lsm_str) Then Return 1

725

Break

726

Case type == AUDIT_WATCH

727

If strcmp(audit_watch_path( associated watch ), audit_watch_path( associated watch )) Then Return 1

730

Break

731

Case type == AUDIT_DIR

732

If strcmp(ver called ( associated watched tree ), ver called ( associated watched tree )) Then Return 1

735

Break

736

Case type == AUDIT_FILTERKEY

738

If strcmp( ties events to rules , ties events to rules ) Then Return 1

740

Break

741

Case type == AUDIT_EXE

743

If strcmp(audit_mark_path(exe), audit_mark_path(exe)) Then Return 1

746

Break

747

Case type == AUDIT_UID

748

Case type == AUDIT_EUID

749

Case type == AUDIT_SUID

750

Case type == AUDIT_FSUID

751

Case type == AUDIT_LOGINUID

752

Case type == AUDIT_OBJ_UID

753

If Not uid_eq(uid, uid) Then Return 1

755

Break

756

Case type == AUDIT_GID

757

Case type == AUDIT_EGID

758

Case type == AUDIT_SGID

759

Case type == AUDIT_FSGID

760

Case type == AUDIT_OBJ_GID

761

If Not gid_eq(gid, gid) Then Return 1

763

Break

764

Default

765

If val != val Then Return 1

Function report