aa_log_extract_tokens: Fix audit type to be ALLOWED rather than PERMIT

The actual type for "should-be-denied-but-in-complain-mode-so-go-ahead" audit
messages is `ALLOWED`, not `PERMIT`.

See https://github.com/torvalds/linux/blob/v4.19/security/apparmor/audit.c#L32Signed-off-by: Emanuele Aina <emanuele.aina@collabora.com>

usr/bin/aa_get_complaints.sh

@@ -37,7 +37,7 @@ sudo apt-get -y --force-yes install apparmor-utils
 
 say "Checking for apparmor complaints ..."
 sudo journalctl -b -t audit -o cat | aa_log_extract_tokens.sh \
-    PERMIT DENIED > "${TMPDIR}/complaint_tokens.log"
+    ALLOWED DENIED > "${TMPDIR}/complaint_tokens.log"
 
 if ! [ -s "${TMPDIR}/complaint_tokens.log" ]; then
     say "No complaints found!"

usr/bin/aa_log_extract_tokens.sh

@@ -4,13 +4,13 @@
 usage() {
     echo "Usage: $0 <event mode> [event mode]..."
     echo "And pipe logs to it"
-    echo "Valid values for [event mode] are: PERMIT, DENIED, AUDIT"
+    echo "Valid values for [event mode] are: ALLOWED, DENIED, AUDIT"
 }
 
 events=""
 while [ $# -gt 0 ] ; do
 	case $1 in
-		AUDIT|PERMIT|DENIED)
+		AUDIT|ALLOWED|DENIED)
 			events="$events $1"
 			;;
 		*)

usr/bin/watch-aa

 #!/bin/sh
-exec sudo journalctl -b -t audit -o cat -f | /usr/bin/aa_log_extract_tokens.sh PERMIT DENIED
+exec sudo journalctl -b -t audit -o cat -f | /usr/bin/aa_log_extract_tokens.sh ALLOWED DENIED