aboutsummaryrefslogtreecommitdiffstats
path: root/security/tomoyo
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2011-07-07 08:20:35 -0400
committerJames Morris <jmorris@namei.org>2011-07-07 19:25:36 -0400
commit5c4274f13819b40e726f6ee4ef13b4952cff5010 (patch)
treec32b5d2932369f24fbfbeb62908b09c505a01186 /security/tomoyo
parentea504819122a76a236f8b95d1556f807a0a41397 (diff)
TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.
/sys/kernel/security/tomoyo/.domain_status can be easily emulated using /sys/kernel/security/tomoyo/domain_policy . We can remove this interface by updating /usr/sbin/tomoyo-setprofile utility. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c73
-rw-r--r--security/tomoyo/common.h1
-rw-r--r--security/tomoyo/securityfs_if.c2
3 files changed, 0 insertions, 76 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 8b14cef2338..b340137a921 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1213,73 +1213,6 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head)
1213} 1213}
1214 1214
1215/** 1215/**
1216 * tomoyo_write_domain_profile - Assign profile for specified domain.
1217 *
1218 * @head: Pointer to "struct tomoyo_io_buffer".
1219 *
1220 * Returns 0 on success, -EINVAL otherwise.
1221 *
1222 * This is equivalent to doing
1223 *
1224 * ( echo "select " $domainname; echo "use_profile " $profile ) |
1225 * /usr/sbin/tomoyo-loadpolicy -d
1226 *
1227 * Caller holds tomoyo_read_lock().
1228 */
1229static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
1230{
1231 char *data = head->write_buf;
1232 char *cp = strchr(data, ' ');
1233 struct tomoyo_domain_info *domain;
1234 unsigned long profile;
1235
1236 if (!cp)
1237 return -EINVAL;
1238 *cp = '\0';
1239 domain = tomoyo_find_domain(cp + 1);
1240 if (strict_strtoul(data, 10, &profile))
1241 return -EINVAL;
1242 if (domain && (!tomoyo_policy_loaded ||
1243 head->w.ns->profile_ptr[(u8) profile]))
1244 domain->profile = (u8) profile;
1245 return 0;
1246}
1247
1248/**
1249 * tomoyo_read_domain_profile - Read only domainname and profile.
1250 *
1251 * @head: Pointer to "struct tomoyo_io_buffer".
1252 *
1253 * Returns list of profile number and domainname pairs.
1254 *
1255 * This is equivalent to doing
1256 *
1257 * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
1258 * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
1259 * domainname = $0; } else if ( $1 == "use_profile" ) {
1260 * print $2 " " domainname; domainname = ""; } } ; '
1261 *
1262 * Caller holds tomoyo_read_lock().
1263 */
1264static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
1265{
1266 if (head->r.eof)
1267 return;
1268 list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
1269 struct tomoyo_domain_info *domain =
1270 list_entry(head->r.domain, typeof(*domain), list);
1271 if (domain->is_deleted)
1272 continue;
1273 if (!tomoyo_flush(head))
1274 return;
1275 tomoyo_io_printf(head, "%u ", domain->profile);
1276 tomoyo_set_string(head, domain->domainname->name);
1277 tomoyo_set_lf(head);
1278 }
1279 head->r.eof = true;
1280}
1281
1282/**
1283 * tomoyo_write_pid: Specify PID to obtain domainname. 1216 * tomoyo_write_pid: Specify PID to obtain domainname.
1284 * 1217 *
1285 * @head: Pointer to "struct tomoyo_io_buffer". 1218 * @head: Pointer to "struct tomoyo_io_buffer".
@@ -1994,11 +1927,6 @@ int tomoyo_open_control(const u8 type, struct file *file)
1994 /* /sys/kernel/security/tomoyo/self_domain */ 1927 /* /sys/kernel/security/tomoyo/self_domain */
1995 head->read = tomoyo_read_self_domain; 1928 head->read = tomoyo_read_self_domain;
1996 break; 1929 break;
1997 case TOMOYO_DOMAIN_STATUS:
1998 /* /sys/kernel/security/tomoyo/.domain_status */
1999 head->write = tomoyo_write_domain_profile;
2000 head->read = tomoyo_read_domain_profile;
2001 break;
2002 case TOMOYO_PROCESS_STATUS: 1930 case TOMOYO_PROCESS_STATUS:
2003 /* /sys/kernel/security/tomoyo/.process_status */ 1931 /* /sys/kernel/security/tomoyo/.process_status */
2004 head->write = tomoyo_write_pid; 1932 head->write = tomoyo_write_pid;
@@ -2291,7 +2219,6 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head,
2291 switch (head->type) { 2219 switch (head->type) {
2292 case TOMOYO_DOMAINPOLICY: 2220 case TOMOYO_DOMAINPOLICY:
2293 case TOMOYO_EXCEPTIONPOLICY: 2221 case TOMOYO_EXCEPTIONPOLICY:
2294 case TOMOYO_DOMAIN_STATUS:
2295 case TOMOYO_STAT: 2222 case TOMOYO_STAT:
2296 case TOMOYO_PROFILE: 2223 case TOMOYO_PROFILE:
2297 case TOMOYO_MANAGER: 2224 case TOMOYO_MANAGER:
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 465e34bd4eb..beb7d0eb522 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -172,7 +172,6 @@ enum tomoyo_path_number_acl_index {
172enum tomoyo_securityfs_interface_index { 172enum tomoyo_securityfs_interface_index {
173 TOMOYO_DOMAINPOLICY, 173 TOMOYO_DOMAINPOLICY,
174 TOMOYO_EXCEPTIONPOLICY, 174 TOMOYO_EXCEPTIONPOLICY,
175 TOMOYO_DOMAIN_STATUS,
176 TOMOYO_PROCESS_STATUS, 175 TOMOYO_PROCESS_STATUS,
177 TOMOYO_STAT, 176 TOMOYO_STAT,
178 TOMOYO_SELFDOMAIN, 177 TOMOYO_SELFDOMAIN,
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index b509e2cd2ab..888e83dd4cf 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -139,8 +139,6 @@ static int __init tomoyo_initerface_init(void)
139 TOMOYO_AUDIT); 139 TOMOYO_AUDIT);
140 tomoyo_create_entry("self_domain", 0400, tomoyo_dir, 140 tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
141 TOMOYO_SELFDOMAIN); 141 TOMOYO_SELFDOMAIN);
142 tomoyo_create_entry(".domain_status", 0600, tomoyo_dir,
143 TOMOYO_DOMAIN_STATUS);
144 tomoyo_create_entry(".process_status", 0600, tomoyo_dir, 142 tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
145 TOMOYO_PROCESS_STATUS); 143 TOMOYO_PROCESS_STATUS);
146 tomoyo_create_entry("stat", 0644, tomoyo_dir, 144 tomoyo_create_entry("stat", 0644, tomoyo_dir,