diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-06-26 10:17:46 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2011-06-28 19:31:20 -0400 |
| commit | 0d2171d711cbfca84cc0001121be8a6cc8e4d148 (patch) | |
| tree | 998c6fb0c61e15686a7b70276e17ad9e396741f4 /security/tomoyo/file.c | |
| parent | a238cf5b89ed5285be8de56335665d023972f7d5 (diff) | |
TOMOYO: Rename directives.
Convert "allow_..." style directives to "file ..." style directives.
By converting to the latter style, we can pack policy like
"file read/write/execute /path/to/file".
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo/file.c')
| -rw-r--r-- | security/tomoyo/file.c | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index e60745f9f31e..0673a69b1320 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
| @@ -69,7 +69,7 @@ static const u8 tomoyo_p2mac[TOMOYO_MAX_PATH_OPERATION] = { | |||
| 69 | /* | 69 | /* |
| 70 | * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index". | 70 | * Mapping table from "enum tomoyo_mkdev_acl_index" to "enum tomoyo_mac_index". |
| 71 | */ | 71 | */ |
| 72 | static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { | 72 | const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { |
| 73 | [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, | 73 | [TOMOYO_TYPE_MKBLOCK] = TOMOYO_MAC_FILE_MKBLOCK, |
| 74 | [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, | 74 | [TOMOYO_TYPE_MKCHAR] = TOMOYO_MAC_FILE_MKCHAR, |
| 75 | }; | 75 | }; |
| @@ -77,7 +77,7 @@ static const u8 tomoyo_pnnn2mac[TOMOYO_MAX_MKDEV_OPERATION] = { | |||
| 77 | /* | 77 | /* |
| 78 | * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index". | 78 | * Mapping table from "enum tomoyo_path2_acl_index" to "enum tomoyo_mac_index". |
| 79 | */ | 79 | */ |
| 80 | static const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { | 80 | const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { |
| 81 | [TOMOYO_TYPE_LINK] = TOMOYO_MAC_FILE_LINK, | 81 | [TOMOYO_TYPE_LINK] = TOMOYO_MAC_FILE_LINK, |
| 82 | [TOMOYO_TYPE_RENAME] = TOMOYO_MAC_FILE_RENAME, | 82 | [TOMOYO_TYPE_RENAME] = TOMOYO_MAC_FILE_RENAME, |
| 83 | [TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT, | 83 | [TOMOYO_TYPE_PIVOT_ROOT] = TOMOYO_MAC_FILE_PIVOT_ROOT, |
| @@ -87,7 +87,7 @@ static const u8 tomoyo_pp2mac[TOMOYO_MAX_PATH2_OPERATION] = { | |||
| 87 | * Mapping table from "enum tomoyo_path_number_acl_index" to | 87 | * Mapping table from "enum tomoyo_path_number_acl_index" to |
| 88 | * "enum tomoyo_mac_index". | 88 | * "enum tomoyo_mac_index". |
| 89 | */ | 89 | */ |
| 90 | static const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = { | 90 | const u8 tomoyo_pn2mac[TOMOYO_MAX_PATH_NUMBER_OPERATION] = { |
| 91 | [TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE, | 91 | [TOMOYO_TYPE_CREATE] = TOMOYO_MAC_FILE_CREATE, |
| 92 | [TOMOYO_TYPE_MKDIR] = TOMOYO_MAC_FILE_MKDIR, | 92 | [TOMOYO_TYPE_MKDIR] = TOMOYO_MAC_FILE_MKDIR, |
| 93 | [TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO, | 93 | [TOMOYO_TYPE_MKFIFO] = TOMOYO_MAC_FILE_MKFIFO, |
| @@ -211,8 +211,7 @@ static int tomoyo_audit_path_log(struct tomoyo_request_info *r) | |||
| 211 | if (r->granted) | 211 | if (r->granted) |
| 212 | return 0; | 212 | return 0; |
| 213 | tomoyo_warn_log(r, "%s %s", operation, filename->name); | 213 | tomoyo_warn_log(r, "%s %s", operation, filename->name); |
| 214 | return tomoyo_supervisor(r, "allow_%s %s\n", operation, | 214 | return tomoyo_supervisor(r, "file %s %s\n", operation, filename->name); |
| 215 | filename->name); | ||
| 216 | } | 215 | } |
| 217 | 216 | ||
| 218 | /** | 217 | /** |
| @@ -231,7 +230,7 @@ static int tomoyo_audit_path2_log(struct tomoyo_request_info *r) | |||
| 231 | return 0; | 230 | return 0; |
| 232 | tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, | 231 | tomoyo_warn_log(r, "%s %s %s", operation, filename1->name, |
| 233 | filename2->name); | 232 | filename2->name); |
| 234 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, | 233 | return tomoyo_supervisor(r, "file %s %s %s\n", operation, |
| 235 | filename1->name, filename2->name); | 234 | filename1->name, filename2->name); |
| 236 | } | 235 | } |
| 237 | 236 | ||
| @@ -253,7 +252,7 @@ static int tomoyo_audit_mkdev_log(struct tomoyo_request_info *r) | |||
| 253 | return 0; | 252 | return 0; |
| 254 | tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, | 253 | tomoyo_warn_log(r, "%s %s 0%o %u %u", operation, filename->name, mode, |
| 255 | major, minor); | 254 | major, minor); |
| 256 | return tomoyo_supervisor(r, "allow_%s %s 0%o %u %u\n", operation, | 255 | return tomoyo_supervisor(r, "file %s %s 0%o %u %u\n", operation, |
| 257 | filename->name, mode, major, minor); | 256 | filename->name, mode, major, minor); |
| 258 | } | 257 | } |
| 259 | 258 | ||
| @@ -291,7 +290,7 @@ static int tomoyo_audit_path_number_log(struct tomoyo_request_info *r) | |||
| 291 | tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, | 290 | tomoyo_print_ulong(buffer, sizeof(buffer), r->param.path_number.number, |
| 292 | radix); | 291 | radix); |
| 293 | tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); | 292 | tomoyo_warn_log(r, "%s %s %s", operation, filename->name, buffer); |
| 294 | return tomoyo_supervisor(r, "allow_%s %s %s\n", operation, | 293 | return tomoyo_supervisor(r, "file %s %s %s\n", operation, |
| 295 | filename->name, buffer); | 294 | filename->name, buffer); |
| 296 | } | 295 | } |
| 297 | 296 | ||