diff options
author | Eric W. Biederman <ebiederm@xmission.com> | 2009-11-20 12:24:19 -0500 |
---|---|---|
committer | Eric W. Biederman <ebiederm@xmission.com> | 2009-11-20 12:37:51 -0500 |
commit | c656ae95d1c5c8ed5763356263ace2d03087efec (patch) | |
tree | 41409482c06e8d773a189dcfa8e3351f2a333e1f | |
parent | a4054b6b20e9c2cca63715a319759bf8d37d82fc (diff) |
security/tomoyo: Remove now unnecessary handling of security_sysctl.
Now that sys_sysctl is an emulation on top of proc sys all sysctl
operations look like normal filesystem operations and we don't need
to use the special sysctl hook to authenticate them.
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
-rw-r--r-- | security/tomoyo/file.c | 21 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 72 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.h | 2 |
3 files changed, 0 insertions, 95 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 5ae3a571559..8346938809b 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c | |||
@@ -1096,27 +1096,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info * | |||
1096 | } | 1096 | } |
1097 | 1097 | ||
1098 | /** | 1098 | /** |
1099 | * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write". | ||
1100 | * | ||
1101 | * @domain: Pointer to "struct tomoyo_domain_info". | ||
1102 | * @filename: Filename to check. | ||
1103 | * @perm: Mode ("read" or "write" or "read/write"). | ||
1104 | * Returns 0 on success, negative value otherwise. | ||
1105 | */ | ||
1106 | int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, | ||
1107 | const char *filename, const u8 perm) | ||
1108 | { | ||
1109 | struct tomoyo_path_info name; | ||
1110 | const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE); | ||
1111 | |||
1112 | if (!mode) | ||
1113 | return 0; | ||
1114 | name.name = filename; | ||
1115 | tomoyo_fill_path_info(&name); | ||
1116 | return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode); | ||
1117 | } | ||
1118 | |||
1119 | /** | ||
1120 | * tomoyo_check_exec_perm - Check permission for "execute". | 1099 | * tomoyo_check_exec_perm - Check permission for "execute". |
1121 | * | 1100 | * |
1122 | * @domain: Pointer to "struct tomoyo_domain_info". | 1101 | * @domain: Pointer to "struct tomoyo_domain_info". |
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3f93bb91768..8a00ade8516 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c | |||
@@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) | |||
85 | return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); | 85 | return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); |
86 | } | 86 | } |
87 | 87 | ||
88 | #ifdef CONFIG_SYSCTL | ||
89 | |||
90 | static int tomoyo_prepend(char **buffer, int *buflen, const char *str) | ||
91 | { | ||
92 | int namelen = strlen(str); | ||
93 | |||
94 | if (*buflen < namelen) | ||
95 | return -ENOMEM; | ||
96 | *buflen -= namelen; | ||
97 | *buffer -= namelen; | ||
98 | memcpy(*buffer, str, namelen); | ||
99 | return 0; | ||
100 | } | ||
101 | |||
102 | /** | ||
103 | * tomoyo_sysctl_path - return the realpath of a ctl_table. | ||
104 | * @table: pointer to "struct ctl_table". | ||
105 | * | ||
106 | * Returns realpath(3) of the @table on success. | ||
107 | * Returns NULL on failure. | ||
108 | * | ||
109 | * This function uses tomoyo_alloc(), so the caller must call tomoyo_free() | ||
110 | * if this function didn't return NULL. | ||
111 | */ | ||
112 | static char *tomoyo_sysctl_path(struct ctl_table *table) | ||
113 | { | ||
114 | int buflen = TOMOYO_MAX_PATHNAME_LEN; | ||
115 | char *buf = tomoyo_alloc(buflen); | ||
116 | char *end = buf + buflen; | ||
117 | int error = -ENOMEM; | ||
118 | |||
119 | if (!buf) | ||
120 | return NULL; | ||
121 | |||
122 | *--end = '\0'; | ||
123 | buflen--; | ||
124 | while (table) { | ||
125 | if (tomoyo_prepend(&end, &buflen, table->procname) || | ||
126 | tomoyo_prepend(&end, &buflen, "/")) | ||
127 | goto out; | ||
128 | table = table->parent; | ||
129 | } | ||
130 | if (tomoyo_prepend(&end, &buflen, "/proc/sys")) | ||
131 | goto out; | ||
132 | error = tomoyo_encode(buf, end - buf, end); | ||
133 | out: | ||
134 | if (!error) | ||
135 | return buf; | ||
136 | tomoyo_free(buf); | ||
137 | return NULL; | ||
138 | } | ||
139 | |||
140 | static int tomoyo_sysctl(struct ctl_table *table, int op) | ||
141 | { | ||
142 | int error; | ||
143 | char *name; | ||
144 | |||
145 | op &= MAY_READ | MAY_WRITE; | ||
146 | if (!op) | ||
147 | return 0; | ||
148 | name = tomoyo_sysctl_path(table); | ||
149 | if (!name) | ||
150 | return -ENOMEM; | ||
151 | error = tomoyo_check_file_perm(tomoyo_domain(), name, op); | ||
152 | tomoyo_free(name); | ||
153 | return error; | ||
154 | } | ||
155 | #endif | ||
156 | |||
157 | static int tomoyo_path_truncate(struct path *path, loff_t length, | 88 | static int tomoyo_path_truncate(struct path *path, loff_t length, |
158 | unsigned int time_attrs) | 89 | unsigned int time_attrs) |
159 | { | 90 | { |
@@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = { | |||
274 | .cred_transfer = tomoyo_cred_transfer, | 205 | .cred_transfer = tomoyo_cred_transfer, |
275 | .bprm_set_creds = tomoyo_bprm_set_creds, | 206 | .bprm_set_creds = tomoyo_bprm_set_creds, |
276 | .bprm_check_security = tomoyo_bprm_check_security, | 207 | .bprm_check_security = tomoyo_bprm_check_security, |
277 | #ifdef CONFIG_SYSCTL | ||
278 | .sysctl = tomoyo_sysctl, | ||
279 | #endif | ||
280 | .file_fcntl = tomoyo_file_fcntl, | 208 | .file_fcntl = tomoyo_file_fcntl, |
281 | .dentry_open = tomoyo_dentry_open, | 209 | .dentry_open = tomoyo_dentry_open, |
282 | .path_truncate = tomoyo_path_truncate, | 210 | .path_truncate = tomoyo_path_truncate, |
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index cd6ba0bf706..ed758325b1a 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h | |||
@@ -18,8 +18,6 @@ struct inode; | |||
18 | struct linux_binprm; | 18 | struct linux_binprm; |
19 | struct pt_regs; | 19 | struct pt_regs; |
20 | 20 | ||
21 | int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, | ||
22 | const char *filename, const u8 perm); | ||
23 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, | 21 | int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, |
24 | const struct tomoyo_path_info *filename); | 22 | const struct tomoyo_path_info *filename); |
25 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, | 23 | int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, |