From 1f067a682a9bd252107ac6f6946b7332fde42344 Mon Sep 17 00:00:00 2001
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Sat, 10 Sep 2011 15:24:56 +0900
Subject: TOMOYO: Allow controlling generation of access granted logs for per
 an entry basis.

Add per-entry flag which controls generation of grant logs because Xen and KVM
issues ioctl requests so frequently. For example,

  file ioctl /dev/null 0x5401 grant_log=no

will suppress /sys/kernel/security/tomoyo/audit even if preference says
grant_log=yes .

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
---
 security/tomoyo/common.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'security/tomoyo/common.c')

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 85d915587a71..2704c384bf1e 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1272,6 +1272,10 @@ static bool tomoyo_print_condition(struct tomoyo_io_buffer *head,
 		head->r.cond_step++;
 		/* fall through */
 	case 3:
+		if (cond->grant_log != TOMOYO_GRANTLOG_AUTO)
+			tomoyo_io_printf(head, " grant_log=%s",
+					 tomoyo_yesno(cond->grant_log ==
+						      TOMOYO_GRANTLOG_YES));
 		tomoyo_set_lf(head);
 		return true;
 	}
-- 
cgit v1.2.3