TOMOYO: Cleanup part 1. In order to synchronize with TOMOYO 1.8's syntax, (1) Remove special handling for allow_read/write permission. (2) Replace deny_rewrite/allow_rewrite permission with allow_append permission. (3) Remove file_pattern keyword. (4) Remove allow_read permission from exception policy. (5) Allow creating domains in enforcing mode without calling supervisor. (6) Add permission check for opening directory for reading. (7) Add permission check for stat() operation. (8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if "cat /sys/kernel/security/tomoyo/self_domain". Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>

commit: 7c75964f432d14062d8eccfc916aa290f56b5aab [log] [tgz]
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Sun Jun 26 23:15:31 2011 +0900
committer: James Morris <jmorris@namei.org> Wed Jun 29 09:31:19 2011 +1000
tree: 8aecdb96f9f079dd36735c3acccb79f3d10d6559
parent: 1252cc3b232e582e887623dc5f70979418caaaa2 [diff] [blame]
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 162a864..f1d9e1a 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c

@@ -55,9 +55,8 @@
 				flags);
 	return tomoyo_supervisor(r,
 				 TOMOYO_KEYWORD_ALLOW_MOUNT "%s %s %s 0x%lX\n",
-				 tomoyo_pattern(r->param.mount.dev),
-				 tomoyo_pattern(r->param.mount.dir), type,
-				 flags);
+				 r->param.mount.dev->name,
+				 r->param.mount.dir->name, type, flags);
 }
 
 static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
commit	7c75964f432d14062d8eccfc916aa290f56b5aab	[log] [tgz]
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	Sun Jun 26 23:15:31 2011 +0900
committer	James Morris <jmorris@namei.org>	Wed Jun 29 09:31:19 2011 +1000
tree	8aecdb96f9f079dd36735c3acccb79f3d10d6559
parent	1252cc3b232e582e887623dc5f70979418caaaa2 [diff] [blame]