TOMOYO: Add auditing interface.
Add /sys/kernel/security/tomoyo/audit interface. This interface generates audit
logs in the form of domain policy so that /usr/sbin/tomoyo-auditd can reuse
audit logs for appending to /sys/kernel/security/tomoyo/domain_policy
interface.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 1e610f9..8ba28fd 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -27,29 +27,11 @@
*/
static int tomoyo_audit_mount_log(struct tomoyo_request_info *r)
{
- const char *dev = r->param.mount.dev->name;
- const char *dir = r->param.mount.dir->name;
- const char *type = r->param.mount.type->name;
- const unsigned long flags = r->param.mount.flags;
- if (r->granted)
- return 0;
- if (type == tomoyo_mounts[TOMOYO_MOUNT_REMOUNT])
- tomoyo_warn_log(r, "mount -o remount %s 0x%lX", dir, flags);
- else if (type == tomoyo_mounts[TOMOYO_MOUNT_BIND]
- || type == tomoyo_mounts[TOMOYO_MOUNT_MOVE])
- tomoyo_warn_log(r, "mount %s %s %s 0x%lX", type, dev, dir,
- flags);
- else if (type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_UNBINDABLE] ||
- type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_PRIVATE] ||
- type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SLAVE] ||
- type == tomoyo_mounts[TOMOYO_MOUNT_MAKE_SHARED])
- tomoyo_warn_log(r, "mount %s %s 0x%lX", type, dir, flags);
- else
- tomoyo_warn_log(r, "mount -t %s %s %s 0x%lX", type, dev, dir,
- flags);
- return tomoyo_supervisor(r, "allow_mount %s %s %s 0x%lX\n",
+ return tomoyo_supervisor(r, "file mount %s %s %s 0x%lX\n",
r->param.mount.dev->name,
- r->param.mount.dir->name, type, flags);
+ r->param.mount.dir->name,
+ r->param.mount.type->name,
+ r->param.mount.flags);
}
/**