security/tomoyo: Remove now unnecessary handling of security_sysctl.

Now that sys_sysctl is an emulation on top of proc sys all sysctl operations look like normal filesystem operations and we don't need to use the special sysctl hook to authenticate them. Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
author: Eric W. Biederman <ebiederm@xmission.com> 2009-11-20 12:24:19 -0500
committer: Eric W. Biederman <ebiederm@xmission.com> 2009-11-20 12:37:51 -0500
commit: c656ae95d1c5c8ed5763356263ace2d03087efec (patch)
tree: 41409482c06e8d773a189dcfa8e3351f2a333e1f /security
parent: a4054b6b20e9c2cca63715a319759bf8d37d82fc (diff)
3 files changed, 0 insertions, 95 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 5ae3a571559f..8346938809b1 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -1096,27 +1096,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
 }
 /**
- * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write".
- *
- * @domain:    Pointer to "struct tomoyo_domain_info".
- * @filename:  Filename to check.
- * @perm:      Mode ("read" or "write" or "read/write").
- * Returns 0 on success, negative value otherwise.
- */
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
-                           const char *filename, const u8 perm)
-{
-        struct tomoyo_path_info name;
-        const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
-        if (!mode)
-                return 0;
-        name.name = filename;
-        tomoyo_fill_path_info(&name);
-        return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode);
-}
-/**
 * tomoyo_check_exec_perm - Check permission for "execute".
 *
 * @domain:   Pointer to "struct tomoyo_domain_info".
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 3f93bb91768b..8a00ade85166 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
        return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);
 }
-#ifdef CONFIG_SYSCTL
-static int tomoyo_prepend(char **buffer, int *buflen, const char *str)
-{
-        int namelen = strlen(str);
-        if (*buflen < namelen)
-                return -ENOMEM;
-        *buflen -= namelen;
-        *buffer -= namelen;
-        memcpy(*buffer, str, namelen);
-        return 0;
-}
-/**
- * tomoyo_sysctl_path - return the realpath of a ctl_table.
- * @table: pointer to "struct ctl_table".
- *
- * Returns realpath(3) of the @table on success.
- * Returns NULL on failure.
- *
- * This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
- * if this function didn't return NULL.
- */
-static char *tomoyo_sysctl_path(struct ctl_table *table)
-{
-        int buflen = TOMOYO_MAX_PATHNAME_LEN;
-        char *buf = tomoyo_alloc(buflen);
-        char *end = buf + buflen;
-        int error = -ENOMEM;
-        if (!buf)
-                return NULL;
-        *--end = '\0';
-        buflen--;
-        while (table) {
-                if (tomoyo_prepend(&end, &buflen, table->procname) ||
-                    tomoyo_prepend(&end, &buflen, "/"))
-                        goto out;
-                table = table->parent;
-        }
-        if (tomoyo_prepend(&end, &buflen, "/proc/sys"))
-                goto out;
-        error = tomoyo_encode(buf, end - buf, end);
- out:
-        if (!error)
-                return buf;
-        tomoyo_free(buf);
-        return NULL;
-}
-static int tomoyo_sysctl(struct ctl_table *table, int op)
-{
-        int error;
-        char *name;
-        op &= MAY_READ | MAY_WRITE;
-        if (!op)
-                return 0;
-        name = tomoyo_sysctl_path(table);
-        if (!name)
-                return -ENOMEM;
-        error = tomoyo_check_file_perm(tomoyo_domain(), name, op);
-        tomoyo_free(name);
-        return error;
-}
-#endif
 static int tomoyo_path_truncate(struct path *path, loff_t length,
                                unsigned int time_attrs)
 {
@@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = {
        .cred_transfer       = tomoyo_cred_transfer,
        .bprm_set_creds      = tomoyo_bprm_set_creds,
        .bprm_check_security = tomoyo_bprm_check_security,
-#ifdef CONFIG_SYSCTL
-        .sysctl              = tomoyo_sysctl,
-#endif
        .file_fcntl          = tomoyo_file_fcntl,
        .dentry_open         = tomoyo_dentry_open,
        .path_truncate       = tomoyo_path_truncate,
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
index cd6ba0bf7069..ed758325b1ae 100644
--- a/security/tomoyo/tomoyo.h
+++ b/security/tomoyo/tomoyo.h
@@ -18,8 +18,6 @@ struct inode;
 struct linux_binprm;
 struct pt_regs;
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
-                           const char *filename, const u8 perm);
 int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
                           const struct tomoyo_path_info *filename);
 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
author	Eric W. Biederman <ebiederm@xmission.com>	2009-11-20 12:24:19 -0500
committer	Eric W. Biederman <ebiederm@xmission.com>	2009-11-20 12:37:51 -0500
commit	c656ae95d1c5c8ed5763356263ace2d03087efec (patch)
tree	41409482c06e8d773a189dcfa8e3351f2a333e1f /security
parent	a4054b6b20e9c2cca63715a319759bf8d37d82fc (diff)

diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 5ae3a571559f..8346938809b1 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c
@@ -1096,27 +1096,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
1096	}	1096	}
1097		1097
1098	/**	1098	/**
1099	* tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write".
1100	*
1101	* @domain: Pointer to "struct tomoyo_domain_info".
1102	* @filename: Filename to check.
1103	* @perm: Mode ("read" or "write" or "read/write").
1104	* Returns 0 on success, negative value otherwise.
1105	*/
1106	int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
1107	const char *filename, const u8 perm)
1108	{
1109	struct tomoyo_path_info name;
1110	const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1111
1112	if (!mode)
1113	return 0;
1114	name.name = filename;
1115	tomoyo_fill_path_info(&name);
1116	return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode);
1117	}
1118
1119	/**
1120	* tomoyo_check_exec_perm - Check permission for "execute".	1099	* tomoyo_check_exec_perm - Check permission for "execute".
1121	*	1100	*
1122	* @domain: Pointer to "struct tomoyo_domain_info".	1101	* @domain: Pointer to "struct tomoyo_domain_info".


diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3f93bb91768b..8a00ade85166 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c
@@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
85	return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);	85	return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);
86	}	86	}
87		87
88	#ifdef CONFIG_SYSCTL
89
90	static int tomoyo_prepend(char *buffer, int buflen, const char *str)
91	{
92	int namelen = strlen(str);
93
94	if (*buflen < namelen)
95	return -ENOMEM;
96	*buflen -= namelen;
97	*buffer -= namelen;
98	memcpy(*buffer, str, namelen);
99	return 0;
100	}
101
102	/**
103	* tomoyo_sysctl_path - return the realpath of a ctl_table.
104	* @table: pointer to "struct ctl_table".
105	*
106	* Returns realpath(3) of the @table on success.
107	* Returns NULL on failure.
108	*
109	* This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
110	* if this function didn't return NULL.
111	*/
112	static char tomoyo_sysctl_path(struct ctl_table table)
113	{
114	int buflen = TOMOYO_MAX_PATHNAME_LEN;
115	char *buf = tomoyo_alloc(buflen);
116	char *end = buf + buflen;
117	int error = -ENOMEM;
118
119	if (!buf)
120	return NULL;
121
122	*--end = '\0';
123	buflen--;
124	while (table) {
125	if (tomoyo_prepend(&end, &buflen, table->procname) \|\|
126	tomoyo_prepend(&end, &buflen, "/"))
127	goto out;
128	table = table->parent;
129	}
130	if (tomoyo_prepend(&end, &buflen, "/proc/sys"))
131	goto out;
132	error = tomoyo_encode(buf, end - buf, end);
133	out:
134	if (!error)
135	return buf;
136	tomoyo_free(buf);
137	return NULL;
138	}
139
140	static int tomoyo_sysctl(struct ctl_table *table, int op)
141	{
142	int error;
143	char *name;
144
145	op &= MAY_READ \| MAY_WRITE;
146	if (!op)
147	return 0;
148	name = tomoyo_sysctl_path(table);
149	if (!name)
150	return -ENOMEM;
151	error = tomoyo_check_file_perm(tomoyo_domain(), name, op);
152	tomoyo_free(name);
153	return error;
154	}
155	#endif
156
157	static int tomoyo_path_truncate(struct path *path, loff_t length,	88	static int tomoyo_path_truncate(struct path *path, loff_t length,
158	unsigned int time_attrs)	89	unsigned int time_attrs)
159	{	90	{
@@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = {
274	.cred_transfer = tomoyo_cred_transfer,	205	.cred_transfer = tomoyo_cred_transfer,
275	.bprm_set_creds = tomoyo_bprm_set_creds,	206	.bprm_set_creds = tomoyo_bprm_set_creds,
276	.bprm_check_security = tomoyo_bprm_check_security,	207	.bprm_check_security = tomoyo_bprm_check_security,
277	#ifdef CONFIG_SYSCTL
278	.sysctl = tomoyo_sysctl,
279	#endif
280	.file_fcntl = tomoyo_file_fcntl,	208	.file_fcntl = tomoyo_file_fcntl,
281	.dentry_open = tomoyo_dentry_open,	209	.dentry_open = tomoyo_dentry_open,
282	.path_truncate = tomoyo_path_truncate,	210	.path_truncate = tomoyo_path_truncate,


diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index cd6ba0bf7069..ed758325b1ae 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h
@@ -18,8 +18,6 @@ struct inode;
18	struct linux_binprm;	18	struct linux_binprm;
19	struct pt_regs;	19	struct pt_regs;
20		20
21	int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
22	const char *filename, const u8 perm);
23	int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,	21	int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
24	const struct tomoyo_path_info *filename);	22	const struct tomoyo_path_info *filename);
25	int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,	23	int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,