Small changes for improving usability.

Tetsuo Handa (3):
   tomoyo: automatically use patterns for several situations in learning mode
   tomoyo: use realpath if symlink's pathname refers to procfs
   tomoyo: don't emit warning in tomoyo_write_control()
 
  security/tomoyo/common.c |   32 +++++++++++++++++++++++++++++++-
  security/tomoyo/domain.c |   11 +++++++++--
  2 files changed, 40 insertions(+), 3 deletions(-)
 -----BEGIN PGP SIGNATURE-----
 
 iQJXBAABCABBFiEEQ8gzaWI9etOpbC/HQl8SjQxk9SoFAmeRdEUjHHBlbmd1aW4t
 a2VybmVsQGktbG92ZS5zYWt1cmEubmUuanAACgkQQl8SjQxk9SqbCRAAg0aZ5pu/
 p9uJhsZFzBZzTE8BcFRdMWKS+t5+RGE1KqHoNc/YsP73eb9ui/N1jckJjsYCFh4m
 NsqWvadVMtma4qTcAw5Um48kZ898QVoq9kFBpxCklRnH0eGJsn2kNjNmgywYKK9q
 TOSKTzJM2DfOEjrSdepvthp/FK76nbHdrKREBYsslPcSLFx5c5qBqx60l6p8hS0A
 1+zKQM8m9H2nZ7KnuCr0e4Lhiq1W6C/BaIN/+NzHxbPVXl55nE1i4OXM3WSTC92H
 i6Fe+eKv5B9B5zaQwWbAGhfONcL8pkmgwTvPFtZLj7y5t5HW8TxmPMFZ/jE5E1Kt
 AFFLWvXIlDZ5aYU4pbNUAA4RCNm2hWw1vniPgLPiJte2ft2AdSxBHO9J6w/W4xs9
 W44TvsFXDfJgKsoY4Hy5HR3VxleIFA5tvIyWp1ONp7rZ+4WKolTQYW0hEz26V30K
 +urTZFusv3+229z3ZM8qsPUbL/WLML1jRw8E3AtnBMRJ92c8tpFaBA8b+o829zz8
 QAFWeca3psgPqxHPZsnNeM8lOLOrtBik3+CNpmXJLq6KL2BrI9eRDUntBwHbBoRu
 /hAJX0feI/4yoixzr5sOk5UMNlp+G5CDBQb9NkTynUnr3Q1KRcgKWC4f8cAQlTb2
 6OfT8xw2AID0/XXxJVLOdDRTPnYEVU3VH9c=
 =wawL
 -----END PGP SIGNATURE-----

Merge tag 'tomoyo-pr-20250123' of git://git.code.sf.net/p/tomoyo/tomoyo

Pull tomoyo updates from Tetsuo Handa:
 "Small changes to improve usability"

* tag 'tomoyo-pr-20250123' of git://git.code.sf.net/p/tomoyo/tomoyo:
  tomoyo: automatically use patterns for several situations in learning mode
  tomoyo: use realpath if symlink's pathname refers to procfs
  tomoyo: don't emit warning in tomoyo_write_control()

security/tomoyo/common.c

@@ -2024,6 +2024,36 @@ static void tomoyo_add_entry(struct tomoyo_domain_info *domain, char *header)
 	if (!buffer)
 		return;
 	snprintf(buffer, len - 1, "%s", cp);
+	if (*cp == 'f' && strchr(buffer, ':')) {
+		/* Automatically replace 2 or more digits with \$ pattern. */
+		char *cp2;
+
+		/* e.g. file read proc:/$PID/stat */
+		cp = strstr(buffer, " proc:/");
+		if (cp && simple_strtoul(cp + 7, &cp2, 10) >= 10 && *cp2 == '/') {
+			*(cp + 7) = '\\';
+			*(cp + 8) = '$';
+			memmove(cp + 9, cp2, strlen(cp2) + 1);
+			goto ok;
+		}
+		/* e.g. file ioctl pipe:[$INO] $CMD */
+		cp = strstr(buffer, " pipe:[");
+		if (cp && simple_strtoul(cp + 7, &cp2, 10) >= 10 && *cp2 == ']') {
+			*(cp + 7) = '\\';
+			*(cp + 8) = '$';
+			memmove(cp + 9, cp2, strlen(cp2) + 1);
+			goto ok;
+		}
+		/* e.g. file ioctl socket:[$INO] $CMD */
+		cp = strstr(buffer, " socket:[");
+		if (cp && simple_strtoul(cp + 9, &cp2, 10) >= 10 && *cp2 == ']') {
+			*(cp + 9) = '\\';
+			*(cp + 10) = '$';
+			memmove(cp + 11, cp2, strlen(cp2) + 1);
+			goto ok;
+		}
+	}
+ok:
 	if (realpath)
 		tomoyo_addprintf(buffer, len, " exec.%s", realpath);
 	if (argv0)
@@ -2665,7 +2695,7 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
 
 		if (head->w.avail >= head->writebuf_size - 1) {
 			const int len = head->writebuf_size * 2;
-			char *cp = kzalloc(len, GFP_NOFS);
+			char *cp = kzalloc(len, GFP_NOFS | __GFP_NOWARN);
 
 			if (!cp) {
 				error = -ENOMEM;

security/tomoyo/domain.c

@@ -722,10 +722,17 @@ int tomoyo_find_next_domain(struct linux_binprm *bprm)
 	ee->bprm = bprm;
 	ee->r.obj = &ee->obj;
 	ee->obj.path1 = bprm->file->f_path;
-	/* Get symlink's pathname of program. */
+	/*
+	 * Get symlink's pathname of program, but fallback to realpath if
+	 * symlink's pathname does not exist or symlink's pathname refers
+	 * to proc filesystem (e.g. /dev/fd/<num> or /proc/self/fd/<num> ).
+	 */
 	exename.name = tomoyo_realpath_nofollow(original_name);
+	if (exename.name && !strncmp(exename.name, "proc:/", 6)) {
+		kfree(exename.name);
+		exename.name = NULL;
+	}
 	if (!exename.name) {
-		/* Fallback to realpath if symlink's pathname does not exist. */
 		exename.name = tomoyo_realpath_from_path(&bprm->file->f_path);
 		if (!exename.name)
 			goto out;