1 files changed, 36 insertions, 3 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index fda15c1fc1c0..daf7a45f70f1 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -15,6 +15,37 @@ DEFINE_MUTEX(tomoyo_policy_lock);
 /* Has /sbin/init started? */
 bool tomoyo_policy_loaded;
+/*
+ * Mapping table from "enum tomoyo_mac_index" to
+ * "enum tomoyo_mac_category_index".
+ */
+const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = {
+        /* CONFIG::file group */
+        [TOMOYO_MAC_FILE_EXECUTE]    = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_OPEN]       = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_CREATE]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_UNLINK]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_GETATTR]    = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_MKDIR]      = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_RMDIR]      = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_MKFIFO]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_MKSOCK]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_TRUNCATE]   = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_SYMLINK]    = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_MKBLOCK]    = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_MKCHAR]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_LINK]       = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_RENAME]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_CHMOD]      = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_CHOWN]      = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_CHGRP]      = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_IOCTL]      = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_CHROOT]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_MOUNT]      = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_UMOUNT]     = TOMOYO_MAC_CATEGORY_FILE,
+        [TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,
+};
 /**
 * tomoyo_permstr - Find permission keywords.
 *
@@ -936,9 +967,11 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
        if (count < tomoyo_profile(domain->ns, domain->profile)->
            pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])
                return true;
-        if (!domain->quota_warned) {
+        if (!domain->flags[TOMOYO_DIF_QUOTA_WARNED]) {
-                domain->quota_warned = true;
+                domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
-                printk(KERN_WARNING "TOMOYO-WARNING: "
+                /* r->granted = false; */
+                tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
+                printk(KERN_WARNING "WARNING: "
                       "Domain '%s' has too many ACLs to hold. "
                       "Stopped learning mode.\n", domain->domainname->name);
        }

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index fda15c1fc1c0..daf7a45f70f1 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c
@@ -15,6 +15,37 @@ DEFINE_MUTEX(tomoyo_policy_lock);
15	/* Has /sbin/init started? */	15	/* Has /sbin/init started? */
16	bool tomoyo_policy_loaded;	16	bool tomoyo_policy_loaded;
17		17
		18	/*
		19	* Mapping table from "enum tomoyo_mac_index" to
		20	* "enum tomoyo_mac_category_index".
		21	*/
		22	const u8 tomoyo_index2category[TOMOYO_MAX_MAC_INDEX] = {
		23	/* CONFIG::file group */
		24	[TOMOYO_MAC_FILE_EXECUTE] = TOMOYO_MAC_CATEGORY_FILE,
		25	[TOMOYO_MAC_FILE_OPEN] = TOMOYO_MAC_CATEGORY_FILE,
		26	[TOMOYO_MAC_FILE_CREATE] = TOMOYO_MAC_CATEGORY_FILE,
		27	[TOMOYO_MAC_FILE_UNLINK] = TOMOYO_MAC_CATEGORY_FILE,
		28	[TOMOYO_MAC_FILE_GETATTR] = TOMOYO_MAC_CATEGORY_FILE,
		29	[TOMOYO_MAC_FILE_MKDIR] = TOMOYO_MAC_CATEGORY_FILE,
		30	[TOMOYO_MAC_FILE_RMDIR] = TOMOYO_MAC_CATEGORY_FILE,
		31	[TOMOYO_MAC_FILE_MKFIFO] = TOMOYO_MAC_CATEGORY_FILE,
		32	[TOMOYO_MAC_FILE_MKSOCK] = TOMOYO_MAC_CATEGORY_FILE,
		33	[TOMOYO_MAC_FILE_TRUNCATE] = TOMOYO_MAC_CATEGORY_FILE,
		34	[TOMOYO_MAC_FILE_SYMLINK] = TOMOYO_MAC_CATEGORY_FILE,
		35	[TOMOYO_MAC_FILE_MKBLOCK] = TOMOYO_MAC_CATEGORY_FILE,
		36	[TOMOYO_MAC_FILE_MKCHAR] = TOMOYO_MAC_CATEGORY_FILE,
		37	[TOMOYO_MAC_FILE_LINK] = TOMOYO_MAC_CATEGORY_FILE,
		38	[TOMOYO_MAC_FILE_RENAME] = TOMOYO_MAC_CATEGORY_FILE,
		39	[TOMOYO_MAC_FILE_CHMOD] = TOMOYO_MAC_CATEGORY_FILE,
		40	[TOMOYO_MAC_FILE_CHOWN] = TOMOYO_MAC_CATEGORY_FILE,
		41	[TOMOYO_MAC_FILE_CHGRP] = TOMOYO_MAC_CATEGORY_FILE,
		42	[TOMOYO_MAC_FILE_IOCTL] = TOMOYO_MAC_CATEGORY_FILE,
		43	[TOMOYO_MAC_FILE_CHROOT] = TOMOYO_MAC_CATEGORY_FILE,
		44	[TOMOYO_MAC_FILE_MOUNT] = TOMOYO_MAC_CATEGORY_FILE,
		45	[TOMOYO_MAC_FILE_UMOUNT] = TOMOYO_MAC_CATEGORY_FILE,
		46	[TOMOYO_MAC_FILE_PIVOT_ROOT] = TOMOYO_MAC_CATEGORY_FILE,
		47	};
		48
18	/**	49	/**
19	* tomoyo_permstr - Find permission keywords.	50	* tomoyo_permstr - Find permission keywords.
20	*	51	*
@@ -936,9 +967,11 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
936	if (count < tomoyo_profile(domain->ns, domain->profile)->	967	if (count < tomoyo_profile(domain->ns, domain->profile)->
937	pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])	968	pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])
938	return true;	969	return true;
939	if (!domain->quota_warned) {	970	if (!domain->flags[TOMOYO_DIF_QUOTA_WARNED]) {
940	domain->quota_warned = true;	971	domain->flags[TOMOYO_DIF_QUOTA_WARNED] = true;
941	printk(KERN_WARNING "TOMOYO-WARNING: "	972	/* r->granted = false; */
		973	tomoyo_write_log(r, "%s", tomoyo_dif[TOMOYO_DIF_QUOTA_WARNED]);
		974	printk(KERN_WARNING "WARNING: "
942	"Domain '%s' has too many ACLs to hold. "	975	"Domain '%s' has too many ACLs to hold. "
943	"Stopped learning mode.\n", domain->domainname->name);	976	"Stopped learning mode.\n", domain->domainname->name);
944	}	977	}