From 5c4274f13819b40e726f6ee4ef13b4952cff5010 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Thu, 7 Jul 2011 21:20:35 +0900 Subject: TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface. /sys/kernel/security/tomoyo/.domain_status can be easily emulated using /sys/kernel/security/tomoyo/domain_policy . We can remove this interface by updating /usr/sbin/tomoyo-setprofile utility. Signed-off-by: Tetsuo Handa Signed-off-by: James Morris --- security/tomoyo/common.c | 73 ----------------------------------------- security/tomoyo/common.h | 1 - security/tomoyo/securityfs_if.c | 2 -- 3 files changed, 76 deletions(-) (limited to 'security/tomoyo') diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 8b14cef2338d..b340137a9216 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -1212,73 +1212,6 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head) head->r.eof = true; } -/** - * tomoyo_write_domain_profile - Assign profile for specified domain. - * - * @head: Pointer to "struct tomoyo_io_buffer". - * - * Returns 0 on success, -EINVAL otherwise. - * - * This is equivalent to doing - * - * ( echo "select " $domainname; echo "use_profile " $profile ) | - * /usr/sbin/tomoyo-loadpolicy -d - * - * Caller holds tomoyo_read_lock(). - */ -static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) -{ - char *data = head->write_buf; - char *cp = strchr(data, ' '); - struct tomoyo_domain_info *domain; - unsigned long profile; - - if (!cp) - return -EINVAL; - *cp = '\0'; - domain = tomoyo_find_domain(cp + 1); - if (strict_strtoul(data, 10, &profile)) - return -EINVAL; - if (domain && (!tomoyo_policy_loaded || - head->w.ns->profile_ptr[(u8) profile])) - domain->profile = (u8) profile; - return 0; -} - -/** - * tomoyo_read_domain_profile - Read only domainname and profile. - * - * @head: Pointer to "struct tomoyo_io_buffer". - * - * Returns list of profile number and domainname pairs. - * - * This is equivalent to doing - * - * grep -A 1 '^' /sys/kernel/security/tomoyo/domain_policy | - * awk ' { if ( domainname == "" ) { if ( $1 == "" ) - * domainname = $0; } else if ( $1 == "use_profile" ) { - * print $2 " " domainname; domainname = ""; } } ; ' - * - * Caller holds tomoyo_read_lock(). - */ -static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) -{ - if (head->r.eof) - return; - list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { - struct tomoyo_domain_info *domain = - list_entry(head->r.domain, typeof(*domain), list); - if (domain->is_deleted) - continue; - if (!tomoyo_flush(head)) - return; - tomoyo_io_printf(head, "%u ", domain->profile); - tomoyo_set_string(head, domain->domainname->name); - tomoyo_set_lf(head); - } - head->r.eof = true; -} - /** * tomoyo_write_pid: Specify PID to obtain domainname. * @@ -1994,11 +1927,6 @@ int tomoyo_open_control(const u8 type, struct file *file) /* /sys/kernel/security/tomoyo/self_domain */ head->read = tomoyo_read_self_domain; break; - case TOMOYO_DOMAIN_STATUS: - /* /sys/kernel/security/tomoyo/.domain_status */ - head->write = tomoyo_write_domain_profile; - head->read = tomoyo_read_domain_profile; - break; case TOMOYO_PROCESS_STATUS: /* /sys/kernel/security/tomoyo/.process_status */ head->write = tomoyo_write_pid; @@ -2291,7 +2219,6 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, switch (head->type) { case TOMOYO_DOMAINPOLICY: case TOMOYO_EXCEPTIONPOLICY: - case TOMOYO_DOMAIN_STATUS: case TOMOYO_STAT: case TOMOYO_PROFILE: case TOMOYO_MANAGER: diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 465e34bd4eb9..beb7d0eb5222 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -172,7 +172,6 @@ enum tomoyo_path_number_acl_index { enum tomoyo_securityfs_interface_index { TOMOYO_DOMAINPOLICY, TOMOYO_EXCEPTIONPOLICY, - TOMOYO_DOMAIN_STATUS, TOMOYO_PROCESS_STATUS, TOMOYO_STAT, TOMOYO_SELFDOMAIN, diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index b509e2cd2ab1..888e83dd4cf6 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -139,8 +139,6 @@ static int __init tomoyo_initerface_init(void) TOMOYO_AUDIT); tomoyo_create_entry("self_domain", 0400, tomoyo_dir, TOMOYO_SELFDOMAIN); - tomoyo_create_entry(".domain_status", 0600, tomoyo_dir, - TOMOYO_DOMAIN_STATUS); tomoyo_create_entry(".process_status", 0600, tomoyo_dir, TOMOYO_PROCESS_STATUS); tomoyo_create_entry("stat", 0644, tomoyo_dir, -- cgit v1.2.3