TOMOYO: Simplify profile structure.

Remove global preference from profile structure in order to make code simpler. Due to this structure change, printk() warnings upon policy violation are temporarily disabled. They will be replaced by /sys/kernel/security/tomoyo/audit by next patch. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2011-06-26 10:18:21 -0400
committer: James Morris <jmorris@namei.org> 2011-06-28 19:31:20 -0400
commit: d5ca1725ac9ba876c2dd614bb9826d0c4e13d818 (patch)
tree: fbff7fe1e39597c5bac981f63a2be659f4ec84e7 /security/tomoyo/util.c
parent: 0d2171d711cbfca84cc0001121be8a6cc8e4d148 (diff)
1 files changed, 7 insertions, 32 deletions
diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c
index 72cd2b97cae..adcbdebd735 100644
--- a/security/tomoyo/util.c
+++ b/security/tomoyo/util.c
@@ -899,35 +899,10 @@ const char *tomoyo_last_word(const char *name)
 */
 void tomoyo_warn_log(struct tomoyo_request_info *r, const char *fmt, ...)
 {
-        va_list args;
+        /*
-        char *buffer;
+         * Temporarily disabled.
-        const struct tomoyo_domain_info * const domain = r->domain;
+         * Will be replaced with /sys/kernel/security/tomoyo/audit interface.
-        const struct tomoyo_profile *profile = tomoyo_profile(domain->profile);
+         */
-        switch (r->mode) {
-        case TOMOYO_CONFIG_ENFORCING:
-                if (!profile->enforcing->enforcing_verbose)
-                        return;
-                break;
-        case TOMOYO_CONFIG_PERMISSIVE:
-                if (!profile->permissive->permissive_verbose)
-                        return;
-                break;
-        case TOMOYO_CONFIG_LEARNING:
-                if (!profile->learning->learning_verbose)
-                        return;
-                break;
-        }
-        buffer = kmalloc(4096, GFP_NOFS);
-        if (!buffer)
-                return;
-        va_start(args, fmt);
-        vsnprintf(buffer, 4095, fmt, args);
-        va_end(args);
-        buffer[4095] = '\0';
-        printk(KERN_WARNING "%s: Access %s denied for %s\n",
-               r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING", buffer,
-               tomoyo_last_word(domain->domainname->name));
-        kfree(buffer);
 }
 /**
@@ -978,13 +953,13 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
                        if (perm & (1 << i))
                                count++;
        }
-        if (count < tomoyo_profile(domain->profile)->learning->
+        if (count < tomoyo_profile(domain->profile)->
-            learning_max_entry)
+            pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])
                return true;
        if (!domain->quota_warned) {
                domain->quota_warned = true;
                printk(KERN_WARNING "TOMOYO-WARNING: "
-                       "Domain '%s' has so many ACLs to hold. "
+                       "Domain '%s' has too many ACLs to hold. "
                       "Stopped learning mode.\n", domain->domainname->name);
        }
        return false;
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2011-06-26 10:18:21 -0400
committer	James Morris <jmorris@namei.org>	2011-06-28 19:31:20 -0400
commit	d5ca1725ac9ba876c2dd614bb9826d0c4e13d818 (patch)
tree	fbff7fe1e39597c5bac981f63a2be659f4ec84e7 /security/tomoyo/util.c
parent	0d2171d711cbfca84cc0001121be8a6cc8e4d148 (diff)

diff --git a/security/tomoyo/util.c b/security/tomoyo/util.c index 72cd2b97cae..adcbdebd735 100644 --- a/security/tomoyo/util.c +++ b/security/tomoyo/util.c
@@ -899,35 +899,10 @@ const char tomoyo_last_word(const char name)
899	*/	899	*/
900	void tomoyo_warn_log(struct tomoyo_request_info r, const char fmt, ...)	900	void tomoyo_warn_log(struct tomoyo_request_info r, const char fmt, ...)
901	{	901	{
902	va_list args;	902	/*
903	char *buffer;	903	* Temporarily disabled.
904	const struct tomoyo_domain_info * const domain = r->domain;	904	* Will be replaced with /sys/kernel/security/tomoyo/audit interface.
905	const struct tomoyo_profile *profile = tomoyo_profile(domain->profile);	905	*/
906	switch (r->mode) {
907	case TOMOYO_CONFIG_ENFORCING:
908	if (!profile->enforcing->enforcing_verbose)
909	return;
910	break;
911	case TOMOYO_CONFIG_PERMISSIVE:
912	if (!profile->permissive->permissive_verbose)
913	return;
914	break;
915	case TOMOYO_CONFIG_LEARNING:
916	if (!profile->learning->learning_verbose)
917	return;
918	break;
919	}
920	buffer = kmalloc(4096, GFP_NOFS);
921	if (!buffer)
922	return;
923	va_start(args, fmt);
924	vsnprintf(buffer, 4095, fmt, args);
925	va_end(args);
926	buffer[4095] = '\0';
927	printk(KERN_WARNING "%s: Access %s denied for %s\n",
928	r->mode == TOMOYO_CONFIG_ENFORCING ? "ERROR" : "WARNING", buffer,
929	tomoyo_last_word(domain->domainname->name));
930	kfree(buffer);
931	}	906	}
932		907
933	/**	908	/**
@@ -978,13 +953,13 @@ bool tomoyo_domain_quota_is_ok(struct tomoyo_request_info *r)
978	if (perm & (1 << i))	953	if (perm & (1 << i))
979	count++;	954	count++;
980	}	955	}
981	if (count < tomoyo_profile(domain->profile)->learning->	956	if (count < tomoyo_profile(domain->profile)->
982	learning_max_entry)	957	pref[TOMOYO_PREF_MAX_LEARNING_ENTRY])
983	return true;	958	return true;
984	if (!domain->quota_warned) {	959	if (!domain->quota_warned) {
985	domain->quota_warned = true;	960	domain->quota_warned = true;
986	printk(KERN_WARNING "TOMOYO-WARNING: "	961	printk(KERN_WARNING "TOMOYO-WARNING: "
987	"Domain '%s' has so many ACLs to hold. "	962	"Domain '%s' has too many ACLs to hold. "
988	"Stopped learning mode.\n", domain->domainname->name);	963	"Stopped learning mode.\n", domain->domainname->name);
989	}	964	}
990	return false;	965	return false;