• Tetsuo Handa's avatar
    TOMOYO: Cleanup part 1. · 7c75964f
    Tetsuo Handa authored
    In order to synchronize with TOMOYO 1.8's syntax,
    
    (1) Remove special handling for allow_read/write permission.
    (2) Replace deny_rewrite/allow_rewrite permission with allow_append permission.
    (3) Remove file_pattern keyword.
    (4) Remove allow_read permission from exception policy.
    (5) Allow creating domains in enforcing mode without calling supervisor.
    (6) Add permission check for opening directory for reading.
    (7) Add permission check for stat() operation.
    (8) Make "cat < /sys/kernel/security/tomoyo/self_domain" behave as if
        "cat /sys/kernel/security/tomoyo/self_domain".
    Signed-off-by: default avatarTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    7c75964f
common.c 53 KB