diff options
author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2011-07-07 08:20:35 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2011-07-07 19:25:36 -0400 |
commit | 5c4274f13819b40e726f6ee4ef13b4952cff5010 (patch) | |
tree | c32b5d2932369f24fbfbeb62908b09c505a01186 /security/tomoyo | |
parent | ea504819122a76a236f8b95d1556f807a0a41397 (diff) |
TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.
/sys/kernel/security/tomoyo/.domain_status can be easily emulated using
/sys/kernel/security/tomoyo/domain_policy . We can remove this interface by
updating /usr/sbin/tomoyo-setprofile utility.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r-- | security/tomoyo/common.c | 73 | ||||
-rw-r--r-- | security/tomoyo/common.h | 1 | ||||
-rw-r--r-- | security/tomoyo/securityfs_if.c | 2 |
3 files changed, 0 insertions, 76 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 8b14cef2338d..b340137a9216 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c | |||
@@ -1213,73 +1213,6 @@ static void tomoyo_read_domain(struct tomoyo_io_buffer *head) | |||
1213 | } | 1213 | } |
1214 | 1214 | ||
1215 | /** | 1215 | /** |
1216 | * tomoyo_write_domain_profile - Assign profile for specified domain. | ||
1217 | * | ||
1218 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
1219 | * | ||
1220 | * Returns 0 on success, -EINVAL otherwise. | ||
1221 | * | ||
1222 | * This is equivalent to doing | ||
1223 | * | ||
1224 | * ( echo "select " $domainname; echo "use_profile " $profile ) | | ||
1225 | * /usr/sbin/tomoyo-loadpolicy -d | ||
1226 | * | ||
1227 | * Caller holds tomoyo_read_lock(). | ||
1228 | */ | ||
1229 | static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head) | ||
1230 | { | ||
1231 | char *data = head->write_buf; | ||
1232 | char *cp = strchr(data, ' '); | ||
1233 | struct tomoyo_domain_info *domain; | ||
1234 | unsigned long profile; | ||
1235 | |||
1236 | if (!cp) | ||
1237 | return -EINVAL; | ||
1238 | *cp = '\0'; | ||
1239 | domain = tomoyo_find_domain(cp + 1); | ||
1240 | if (strict_strtoul(data, 10, &profile)) | ||
1241 | return -EINVAL; | ||
1242 | if (domain && (!tomoyo_policy_loaded || | ||
1243 | head->w.ns->profile_ptr[(u8) profile])) | ||
1244 | domain->profile = (u8) profile; | ||
1245 | return 0; | ||
1246 | } | ||
1247 | |||
1248 | /** | ||
1249 | * tomoyo_read_domain_profile - Read only domainname and profile. | ||
1250 | * | ||
1251 | * @head: Pointer to "struct tomoyo_io_buffer". | ||
1252 | * | ||
1253 | * Returns list of profile number and domainname pairs. | ||
1254 | * | ||
1255 | * This is equivalent to doing | ||
1256 | * | ||
1257 | * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy | | ||
1258 | * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" ) | ||
1259 | * domainname = $0; } else if ( $1 == "use_profile" ) { | ||
1260 | * print $2 " " domainname; domainname = ""; } } ; ' | ||
1261 | * | ||
1262 | * Caller holds tomoyo_read_lock(). | ||
1263 | */ | ||
1264 | static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head) | ||
1265 | { | ||
1266 | if (head->r.eof) | ||
1267 | return; | ||
1268 | list_for_each_cookie(head->r.domain, &tomoyo_domain_list) { | ||
1269 | struct tomoyo_domain_info *domain = | ||
1270 | list_entry(head->r.domain, typeof(*domain), list); | ||
1271 | if (domain->is_deleted) | ||
1272 | continue; | ||
1273 | if (!tomoyo_flush(head)) | ||
1274 | return; | ||
1275 | tomoyo_io_printf(head, "%u ", domain->profile); | ||
1276 | tomoyo_set_string(head, domain->domainname->name); | ||
1277 | tomoyo_set_lf(head); | ||
1278 | } | ||
1279 | head->r.eof = true; | ||
1280 | } | ||
1281 | |||
1282 | /** | ||
1283 | * tomoyo_write_pid: Specify PID to obtain domainname. | 1216 | * tomoyo_write_pid: Specify PID to obtain domainname. |
1284 | * | 1217 | * |
1285 | * @head: Pointer to "struct tomoyo_io_buffer". | 1218 | * @head: Pointer to "struct tomoyo_io_buffer". |
@@ -1994,11 +1927,6 @@ int tomoyo_open_control(const u8 type, struct file *file) | |||
1994 | /* /sys/kernel/security/tomoyo/self_domain */ | 1927 | /* /sys/kernel/security/tomoyo/self_domain */ |
1995 | head->read = tomoyo_read_self_domain; | 1928 | head->read = tomoyo_read_self_domain; |
1996 | break; | 1929 | break; |
1997 | case TOMOYO_DOMAIN_STATUS: | ||
1998 | /* /sys/kernel/security/tomoyo/.domain_status */ | ||
1999 | head->write = tomoyo_write_domain_profile; | ||
2000 | head->read = tomoyo_read_domain_profile; | ||
2001 | break; | ||
2002 | case TOMOYO_PROCESS_STATUS: | 1930 | case TOMOYO_PROCESS_STATUS: |
2003 | /* /sys/kernel/security/tomoyo/.process_status */ | 1931 | /* /sys/kernel/security/tomoyo/.process_status */ |
2004 | head->write = tomoyo_write_pid; | 1932 | head->write = tomoyo_write_pid; |
@@ -2291,7 +2219,6 @@ ssize_t tomoyo_write_control(struct tomoyo_io_buffer *head, | |||
2291 | switch (head->type) { | 2219 | switch (head->type) { |
2292 | case TOMOYO_DOMAINPOLICY: | 2220 | case TOMOYO_DOMAINPOLICY: |
2293 | case TOMOYO_EXCEPTIONPOLICY: | 2221 | case TOMOYO_EXCEPTIONPOLICY: |
2294 | case TOMOYO_DOMAIN_STATUS: | ||
2295 | case TOMOYO_STAT: | 2222 | case TOMOYO_STAT: |
2296 | case TOMOYO_PROFILE: | 2223 | case TOMOYO_PROFILE: |
2297 | case TOMOYO_MANAGER: | 2224 | case TOMOYO_MANAGER: |
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 465e34bd4eb9..beb7d0eb5222 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h | |||
@@ -172,7 +172,6 @@ enum tomoyo_path_number_acl_index { | |||
172 | enum tomoyo_securityfs_interface_index { | 172 | enum tomoyo_securityfs_interface_index { |
173 | TOMOYO_DOMAINPOLICY, | 173 | TOMOYO_DOMAINPOLICY, |
174 | TOMOYO_EXCEPTIONPOLICY, | 174 | TOMOYO_EXCEPTIONPOLICY, |
175 | TOMOYO_DOMAIN_STATUS, | ||
176 | TOMOYO_PROCESS_STATUS, | 175 | TOMOYO_PROCESS_STATUS, |
177 | TOMOYO_STAT, | 176 | TOMOYO_STAT, |
178 | TOMOYO_SELFDOMAIN, | 177 | TOMOYO_SELFDOMAIN, |
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index b509e2cd2ab1..888e83dd4cf6 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c | |||
@@ -139,8 +139,6 @@ static int __init tomoyo_initerface_init(void) | |||
139 | TOMOYO_AUDIT); | 139 | TOMOYO_AUDIT); |
140 | tomoyo_create_entry("self_domain", 0400, tomoyo_dir, | 140 | tomoyo_create_entry("self_domain", 0400, tomoyo_dir, |
141 | TOMOYO_SELFDOMAIN); | 141 | TOMOYO_SELFDOMAIN); |
142 | tomoyo_create_entry(".domain_status", 0600, tomoyo_dir, | ||
143 | TOMOYO_DOMAIN_STATUS); | ||
144 | tomoyo_create_entry(".process_status", 0600, tomoyo_dir, | 142 | tomoyo_create_entry(".process_status", 0600, tomoyo_dir, |
145 | TOMOYO_PROCESS_STATUS); | 143 | TOMOYO_PROCESS_STATUS); |
146 | tomoyo_create_entry("stat", 0644, tomoyo_dir, | 144 | tomoyo_create_entry("stat", 0644, tomoyo_dir, |