diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-06-26 10:17:46 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-06-28 19:31:20 -0400 |
commit | 0d2171d711cbfca84cc0001121be8a6cc8e4d148 (patch) | |
tree | 998c6fb0c61e15686a7b70276e17ad9e396741f4 | |
parent | a238cf5b89ed5285be8de56335665d023972f7d5 (diff) |
TOMOYO: Rename directives.
Convert "allow_..." style directives to "file ..." style directives.
By converting to the latter style, we can pack policy like
"file read/write/execute /path/to/file".
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/tomoyo/common.c | 147 | ||||
-rw-r--r-- | security/tomoyo/common.h | 6 | ||||
-rw-r--r-- | security/tomoyo/domain.c | 4 | ||||
-rw-r--r-- | security/tomoyo/file.c | 15 |
4 files changed, 113 insertions, 59 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 2cfadafd02f5..465df022c211 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -56,7 +56,7 @@ static const char *tomoyo_mac_keywords[TOMOYO_MAX_MAC_INDEX | |||
56 | [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl", | 56 | [TOMOYO_MAC_FILE_IOCTL] = "file::ioctl", |
57 | [TOMOYO_MAC_FILE_CHROOT] = "file::chroot", | 57 | [TOMOYO_MAC_FILE_CHROOT] = "file::chroot", |
58 | [TOMOYO_MAC_FILE_MOUNT] = "file::mount", | 58 | [TOMOYO_MAC_FILE_MOUNT] = "file::mount", |
59 | [TOMOYO_MAC_FILE_UMOUNT] = "file::umount", | 59 | [TOMOYO_MAC_FILE_UMOUNT] = "file::unmount", |
60 | [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root", | 60 | [TOMOYO_MAC_FILE_PIVOT_ROOT] = "file::pivot_root", |
61 | [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", | 61 | [TOMOYO_MAX_MAC_INDEX + TOMOYO_MAC_CATEGORY_FILE] = "file", |
62 | }; | 62 | }; |
@@ -171,11 +171,25 @@ void tomoyo_io_printf(struct tomoyo_io_buffer *head, const char *fmt, ...) | |||
171 | tomoyo_set_string(head, head->read_buf + pos); | 171 | tomoyo_set_string(head, head->read_buf + pos); |
172 | } | 172 | } |
173 | 173 | ||
174 | /** | ||
175 | * tomoyo_set_space - Put a space to "struct tomoyo_io_buffer" structure. | ||
176 | * | ||
177 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
178 | * | ||
179 | * Returns nothing. | ||
180 | */ | ||
174 | static void tomoyo_set_space(struct tomoyo_io_buffer *head) | 181 | static void tomoyo_set_space(struct tomoyo_io_buffer *head) |
175 | { | 182 | { |
176 | tomoyo_set_string(head, " "); | 183 | tomoyo_set_string(head, " "); |
177 | } | 184 | } |
178 | 185 | ||
186 | /** | ||
187 | * tomoyo_set_lf - Put a line feed to "struct tomoyo_io_buffer" structure. | ||
188 | * | ||
189 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
190 | * | ||
191 | * Returns nothing. | ||
192 | */ | ||
179 | static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) | 193 | static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) |
180 | { | 194 | { |
181 | tomoyo_set_string(head, "\n"); | 195 | tomoyo_set_string(head, "\n"); |
@@ -183,6 +197,18 @@ static bool tomoyo_set_lf(struct tomoyo_io_buffer *head) | |||
183 | } | 197 | } |
184 | 198 | ||
185 | /** | 199 | /** |
200 | * tomoyo_set_slash - Put a shash to "struct tomoyo_io_buffer" structure. | ||
201 | * | ||
202 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
203 | * | ||
204 | * Returns nothing. | ||
205 | */ | ||
206 | static void tomoyo_set_slash(struct tomoyo_io_buffer *head) | ||
207 | { | ||
208 | tomoyo_set_string(head, "/"); | ||
209 | } | ||
210 | |||
211 | /** | ||
186 | * tomoyo_print_name_union - Print a tomoyo_name_union. | 212 | * tomoyo_print_name_union - Print a tomoyo_name_union. |
187 | * | 213 | * |
188 | * @head: Pointer to "struct tomoyo_io_buffer". | 214 | * @head: Pointer to "struct tomoyo_io_buffer". |
@@ -913,19 +939,17 @@ static int tomoyo_write_domain(struct tomoyo_io_buffer *head) | |||
913 | } | 939 | } |
914 | 940 | ||
915 | /** | 941 | /** |
916 | * tomoyo_fns - Find next set bit. | 942 | * tomoyo_set_group - Print category name. |
917 | * | 943 | * |
918 | * @perm: 8 bits value. | 944 | * @head: Pointer to "struct tomoyo_io_buffer". |
919 | * @bit: First bit to find. | 945 | * @category: Category name. |
920 | * | 946 | * |
921 | * Returns next on-bit on success, 8 otherwise. | 947 | * Returns nothing. |
922 | */ | 948 | */ |
923 | static u8 tomoyo_fns(const u8 perm, u8 bit) | 949 | static void tomoyo_set_group(struct tomoyo_io_buffer *head, |
950 | const char *category) | ||
924 | { | 951 | { |
925 | for ( ; bit < 8; bit++) | 952 | tomoyo_set_string(head, category); |
926 | if (perm & (1 << bit)) | ||
927 | break; | ||
928 | return bit; | ||
929 | } | 953 | } |
930 | 954 | ||
931 | /** | 955 | /** |
@@ -940,58 +964,94 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, | |||
940 | struct tomoyo_acl_info *acl) | 964 | struct tomoyo_acl_info *acl) |
941 | { | 965 | { |
942 | const u8 acl_type = acl->type; | 966 | const u8 acl_type = acl->type; |
967 | bool first = true; | ||
943 | u8 bit; | 968 | u8 bit; |
944 | 969 | ||
945 | if (acl->is_deleted) | 970 | if (acl->is_deleted) |
946 | return true; | 971 | return true; |
947 | next: | ||
948 | bit = head->r.bit; | ||
949 | if (!tomoyo_flush(head)) | 972 | if (!tomoyo_flush(head)) |
950 | return false; | 973 | return false; |
951 | else if (acl_type == TOMOYO_TYPE_PATH_ACL) { | 974 | else if (acl_type == TOMOYO_TYPE_PATH_ACL) { |
952 | struct tomoyo_path_acl *ptr = | 975 | struct tomoyo_path_acl *ptr = |
953 | container_of(acl, typeof(*ptr), head); | 976 | container_of(acl, typeof(*ptr), head); |
954 | const u16 perm = ptr->perm; | 977 | const u16 perm = ptr->perm; |
955 | for ( ; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { | 978 | for (bit = 0; bit < TOMOYO_MAX_PATH_OPERATION; bit++) { |
956 | if (!(perm & (1 << bit))) | 979 | if (!(perm & (1 << bit))) |
957 | continue; | 980 | continue; |
958 | if (head->r.print_execute_only && | 981 | if (head->r.print_execute_only && |
959 | bit != TOMOYO_TYPE_EXECUTE) | 982 | bit != TOMOYO_TYPE_EXECUTE) |
960 | continue; | 983 | continue; |
961 | break; | 984 | if (first) { |
985 | tomoyo_set_group(head, "file "); | ||
986 | first = false; | ||
987 | } else { | ||
988 | tomoyo_set_slash(head); | ||
989 | } | ||
990 | tomoyo_set_string(head, tomoyo_path_keyword[bit]); | ||
962 | } | 991 | } |
963 | if (bit >= TOMOYO_MAX_PATH_OPERATION) | 992 | if (first) |
964 | goto done; | 993 | return true; |
965 | tomoyo_io_printf(head, "allow_%s", tomoyo_path_keyword[bit]); | ||
966 | tomoyo_print_name_union(head, &ptr->name); | 994 | tomoyo_print_name_union(head, &ptr->name); |
967 | } else if (head->r.print_execute_only) { | 995 | } else if (head->r.print_execute_only) { |
968 | return true; | 996 | return true; |
969 | } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { | 997 | } else if (acl_type == TOMOYO_TYPE_PATH2_ACL) { |
970 | struct tomoyo_path2_acl *ptr = | 998 | struct tomoyo_path2_acl *ptr = |
971 | container_of(acl, typeof(*ptr), head); | 999 | container_of(acl, typeof(*ptr), head); |
972 | bit = tomoyo_fns(ptr->perm, bit); | 1000 | const u8 perm = ptr->perm; |
973 | if (bit >= TOMOYO_MAX_PATH2_OPERATION) | 1001 | for (bit = 0; bit < TOMOYO_MAX_PATH2_OPERATION; bit++) { |
974 | goto done; | 1002 | if (!(perm & (1 << bit))) |
975 | tomoyo_io_printf(head, "allow_%s", tomoyo_path2_keyword[bit]); | 1003 | continue; |
1004 | if (first) { | ||
1005 | tomoyo_set_group(head, "file "); | ||
1006 | first = false; | ||
1007 | } else { | ||
1008 | tomoyo_set_slash(head); | ||
1009 | } | ||
1010 | tomoyo_set_string(head, tomoyo_mac_keywords | ||
1011 | [tomoyo_pp2mac[bit]]); | ||
1012 | } | ||
1013 | if (first) | ||
1014 | return true; | ||
976 | tomoyo_print_name_union(head, &ptr->name1); | 1015 | tomoyo_print_name_union(head, &ptr->name1); |
977 | tomoyo_print_name_union(head, &ptr->name2); | 1016 | tomoyo_print_name_union(head, &ptr->name2); |
978 | } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { | 1017 | } else if (acl_type == TOMOYO_TYPE_PATH_NUMBER_ACL) { |
979 | struct tomoyo_path_number_acl *ptr = | 1018 | struct tomoyo_path_number_acl *ptr = |
980 | container_of(acl, typeof(*ptr), head); | 1019 | container_of(acl, typeof(*ptr), head); |
981 | bit = tomoyo_fns(ptr->perm, bit); | 1020 | const u8 perm = ptr->perm; |
982 | if (bit >= TOMOYO_MAX_PATH_NUMBER_OPERATION) | 1021 | for (bit = 0; bit < TOMOYO_MAX_PATH_NUMBER_OPERATION; bit++) { |
983 | goto done; | 1022 | if (!(perm & (1 << bit))) |
984 | tomoyo_io_printf(head, "allow_%s", | 1023 | continue; |
985 | tomoyo_path_number_keyword[bit]); | 1024 | if (first) { |
1025 | tomoyo_set_group(head, "file "); | ||
1026 | first = false; | ||
1027 | } else { | ||
1028 | tomoyo_set_slash(head); | ||
1029 | } | ||
1030 | tomoyo_set_string(head, tomoyo_mac_keywords | ||
1031 | [tomoyo_pn2mac[bit]]); | ||
1032 | } | ||
1033 | if (first) | ||
1034 | return true; | ||
986 | tomoyo_print_name_union(head, &ptr->name); | 1035 | tomoyo_print_name_union(head, &ptr->name); |
987 | tomoyo_print_number_union(head, &ptr->number); | 1036 | tomoyo_print_number_union(head, &ptr->number); |
988 | } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { | 1037 | } else if (acl_type == TOMOYO_TYPE_MKDEV_ACL) { |
989 | struct tomoyo_mkdev_acl *ptr = | 1038 | struct tomoyo_mkdev_acl *ptr = |
990 | container_of(acl, typeof(*ptr), head); | 1039 | container_of(acl, typeof(*ptr), head); |
991 | bit = tomoyo_fns(ptr->perm, bit); | 1040 | const u8 perm = ptr->perm; |
992 | if (bit >= TOMOYO_MAX_MKDEV_OPERATION) | 1041 | for (bit = 0; bit < TOMOYO_MAX_MKDEV_OPERATION; bit++) { |
993 | goto done; | 1042 | if (!(perm & (1 << bit))) |
994 | tomoyo_io_printf(head, "allow_%s", tomoyo_mkdev_keyword[bit]); | 1043 | continue; |
1044 | if (first) { | ||
1045 | tomoyo_set_group(head, "file "); | ||
1046 | first = false; | ||
1047 | } else { | ||
1048 | tomoyo_set_slash(head); | ||
1049 | } | ||
1050 | tomoyo_set_string(head, tomoyo_mac_keywords | ||
1051 | [tomoyo_pnnn2mac[bit]]); | ||
1052 | } | ||
1053 | if (first) | ||
1054 | return true; | ||
995 | tomoyo_print_name_union(head, &ptr->name); | 1055 | tomoyo_print_name_union(head, &ptr->name); |
996 | tomoyo_print_number_union(head, &ptr->mode); | 1056 | tomoyo_print_number_union(head, &ptr->mode); |
997 | tomoyo_print_number_union(head, &ptr->major); | 1057 | tomoyo_print_number_union(head, &ptr->major); |
@@ -999,18 +1059,13 @@ static bool tomoyo_print_entry(struct tomoyo_io_buffer *head, | |||
999 | } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { | 1059 | } else if (acl_type == TOMOYO_TYPE_MOUNT_ACL) { |
1000 | struct tomoyo_mount_acl *ptr = | 1060 | struct tomoyo_mount_acl *ptr = |
1001 | container_of(acl, typeof(*ptr), head); | 1061 | container_of(acl, typeof(*ptr), head); |
1002 | tomoyo_io_printf(head, "allow_mount"); | 1062 | tomoyo_set_group(head, "file mount"); |
1003 | tomoyo_print_name_union(head, &ptr->dev_name); | 1063 | tomoyo_print_name_union(head, &ptr->dev_name); |
1004 | tomoyo_print_name_union(head, &ptr->dir_name); | 1064 | tomoyo_print_name_union(head, &ptr->dir_name); |
1005 | tomoyo_print_name_union(head, &ptr->fs_type); | 1065 | tomoyo_print_name_union(head, &ptr->fs_type); |
1006 | tomoyo_print_number_union(head, &ptr->flags); | 1066 | tomoyo_print_number_union(head, &ptr->flags); |
1007 | } | 1067 | } |
1008 | head->r.bit = bit + 1; | 1068 | tomoyo_set_lf(head); |
1009 | tomoyo_io_printf(head, "\n"); | ||
1010 | if (acl_type != TOMOYO_TYPE_MOUNT_ACL) | ||
1011 | goto next; | ||
1012 | done: | ||
1013 | head->r.bit = 0; | ||
1014 | return true; | 1069 | return true; |
1015 | } | 1070 | } |
1016 | 1071 | ||
@@ -1316,18 +1371,14 @@ static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx) | |||
1316 | { | 1371 | { |
1317 | struct tomoyo_transition_control *ptr = | 1372 | struct tomoyo_transition_control *ptr = |
1318 | container_of(acl, typeof(*ptr), head); | 1373 | container_of(acl, typeof(*ptr), head); |
1319 | tomoyo_set_string(head, | 1374 | tomoyo_set_string(head, tomoyo_transition_type |
1320 | tomoyo_transition_type | ||
1321 | [ptr->type]); | 1375 | [ptr->type]); |
1322 | if (ptr->program) | 1376 | tomoyo_set_string(head, ptr->program ? |
1323 | tomoyo_set_string(head, | 1377 | ptr->program->name : "any"); |
1324 | ptr->program->name); | 1378 | tomoyo_set_string(head, " from "); |
1325 | if (ptr->program && ptr->domainname) | 1379 | tomoyo_set_string(head, ptr->domainname ? |
1326 | tomoyo_set_string(head, " from "); | 1380 | ptr->domainname->name : |
1327 | if (ptr->domainname) | 1381 | "any"); |
1328 | tomoyo_set_string(head, | ||
1329 | ptr->domainname-> | ||
1330 | name); | ||
1331 | } | 1382 | } |
1332 | break; | 1383 | break; |
1333 | case TOMOYO_ID_AGGREGATOR: | 1384 | case TOMOYO_ID_AGGREGATOR: |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 6f9711ff73c1..139ad7544460 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -404,7 +404,7 @@ struct tomoyo_acl_param { | |||
404 | bool is_delete; | 404 | bool is_delete; |
405 | }; | 405 | }; |
406 | 406 | ||
407 | #define TOMOYO_MAX_IO_READ_QUEUE 32 | 407 | #define TOMOYO_MAX_IO_READ_QUEUE 64 |
408 | 408 | ||
409 | /* | 409 | /* |
410 | * Structure for reading/writing policy via /sys/kernel/security/tomoyo | 410 | * Structure for reading/writing policy via /sys/kernel/security/tomoyo |
@@ -639,6 +639,10 @@ extern const char *tomoyo_mkdev_keyword[TOMOYO_MAX_MKDEV_OPERATION]; | |||
639 | extern const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION]; | 639 | extern const char *tomoyo_path2_keyword[TOMOYO_MAX_PATH2_OPERATION]; |
640 | extern const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION]; | 640 | extern const char *tomoyo_path_number_keyword[TOMOYO_MAX_PATH_NUMBER_OPERATION]; |
641 | 641 | ||
642 | extern const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION]; | ||
643 | extern const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION]; | ||
644 | extern const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION]; | ||
645 | |||
642 | extern unsigned int tomoyo_quota_for_query; | 646 | extern unsigned int tomoyo_quota_for_query; |
643 | extern unsigned int tomoyo_query_memory_size; | 647 | extern unsigned int tomoyo_query_memory_size; |
644 | 648 | ||
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index d818717954f8..cb5d2b05c244 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c | |||
@@ -209,14 +209,14 @@ int tomoyo_write_transition_control(struct tomoyo_acl_param *param, | |||
209 | domainname = program; | 209 | domainname = program; |
210 | program = NULL; | 210 | program = NULL; |
211 | } | 211 | } |
212 | if (program) { | 212 | if (program && strcmp(program, "any")) { |
213 | if (!tomoyo_correct_path(program)) | 213 | if (!tomoyo_correct_path(program)) |
214 | return -EINVAL; | 214 | return -EINVAL; |
215 | e.program = tomoyo_get_name(program); | 215 | e.program = tomoyo_get_name(program); |
216 | if (!e.program) | 216 | if (!e.program) |
217 | goto out; | 217 | goto out; |
218 | } | 218 | } |
219 | if (domainname) { | 219 | if (domainname && strcmp(domainname, "any")) { |
220 | if (!tomoyo_correct_domain(domainname)) { | 220 | if (!tomoyo_correct_domain(domainname)) { |
221 | if (!tomoyo_correct_path(domainname)) | 221 | if (!tomoyo_correct_path(domainname)) |
222 | goto out; | 222 | goto out; |
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index e60745f9f31e..0673a69b1320 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -69,7 +69,7 @@ static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = { | |||
69 | /* | 69 | /* |
70 | * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index". | 70 | * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index". |
71 | */ | 71 | */ |
72 | static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { | 72 | const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { |
73 | [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, | 73 | [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, |
74 | [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, | 74 | [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, |
75 | }; | 75 | }; |
@@ -77,7 +77,7 @@ static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { | |||
77 | /* | 77 | /* |
78 | * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index". | 78 | * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index". |
79 | */ | 79 | */ |
80 | static const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { | 80 | const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { |
81 | [TOMOYO_TYPE_LINK] = TOMOYO_MAC_FILE_LINK, | 81 | [TOMOYO_TYPE_LINK] = TOMOYO_MAC_FILE_LINK, |
82 | [TOMOYO_TYPE_RENAME] = TOMOYO_MAC_FILE_RENAME, | 82 | [TOMOYO_TYPE_RENAME] = TOMOYO_MAC_FILE_RENAME, |
83 | [TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT, | 83 | [TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT, |
@@ -87,7 +87,7 @@ static const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { | |||
87 | * Mapping table from "enum tomoyo_path_number_acl_index" to | 87 | * Mapping table from "enum tomoyo_path_number_acl_index" to |
88 | * "enum tomoyo_mac_index". | 88 | * "enum tomoyo_mac_index". |
89 | */ | 89 | */ |
90 | static const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = { | 90 | const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = { |
91 | [TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE, | 91 | [TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE, |
92 | [TOMOYO_TYPE_MKDIR] = TOMOYO_MAC_FILE_MKDIR, | 92 | [TOMOYO_TYPE_MKDIR] = TOMOYO_MAC_FILE_MKDIR, |
93 | [TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO, | 93 | [TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO, |
@@ -211,8 +211,7 @@ static int tomoyo_audit_path_log(struct tomoyo_request_info *r) | |||
211 | if (r->granted) | 211 | if (r->granted) |
212 | return 0; | 212 | return 0; |
213 | tomoyo_warn_log(r, "%s %s", operation, filename->name); | 213 | tomoyo_warn_log(r, "%s %s", operation, filename->name); |
214 | return tomoyo_supervisor(r, "allow_%s %s\n", operation, | 214 | return tomoyo_supervisor(r, "file %s %s\n", operation, filename->name); |
215 | filename->name); | ||
216 | } | 215 | } |
217 | 216 | ||
218 | /** | 217 | /** |
@@ -231,7 +230,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) | |||
231 | return 0; | 230 | return 0; |
232 | tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, | 231 | tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, |
233 | filename2->name); | 232 | filename2->name); |
234 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, | 233 | return tomoyo_supervisor(r, "file %s %s %s\n", operation, |
235 | filename1->name, filename2->name); | 234 | filename1->name, filename2->name); |
236 | } | 235 | } |
237 | 236 | ||
@@ -253,7 +252,7 @@ static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) | |||
253 | return 0; | 252 | return 0; |
254 | tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, | 253 | tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, |
255 | major, minor); | 254 | major, minor); |
256 | return tomoyo_supervisor(r, "allow_%s %s 0%o %u %u\n", operation, | 255 | return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n", operation, |
257 | filename->name, mode, major, minor); | 256 | filename->name, mode, major, minor); |
258 | } | 257 | } |
259 | 258 | ||
@@ -291,7 +290,7 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) | |||
291 | tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, | 290 | tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, |
292 | radix); | 291 | radix); |
293 | tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); | 292 | tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); |
294 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, | 293 | return tomoyo_supervisor(r, "file %s %s %s\n", operation, |
295 | filename->name, buffer); | 294 | filename->name, buffer); |
296 | } | 295 | } |
297 | 296 | ||