tomoyo: remove "undelete domain" command.

Since TOMOYO's policy management tools does not use the "undelete domain" command, we decided to remove that command. Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: James Morris <jmorris@namei.org>
author: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> 2009-04-06 07:49:14 -0400
committer: James Morris <jmorris@namei.org> 2009-04-07 02:08:56 -0400
commit: a0558fc3491c0494feb8472cf6c0119e43fd9484 (patch)
tree: e26a2baaa63c07761686f97cde9aa4aaa527f82f /security
parent: d508afb437daee7cf07da085b635c44a4ebf9b38 (diff)
3 files changed, 5 insertions, 100 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 92cea656ad21..a0affd9cfca8 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
        struct tomoyo_domain_info *domain = head->write_var1;
        bool is_delete = false;
        bool is_select = false;
-        bool is_undelete = false;
        unsigned int profile;
        if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
                is_delete = true;
        else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
                is_select = true;
-        else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
-                is_undelete = true;
        if (is_select && tomoyo_is_select_one(head, data))
                return 0;
        /* Don't allow updating policies by non manager programs. */
@@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
                        down_read(&tomoyo_domain_list_lock);
                        domain = tomoyo_find_domain(data);
                        up_read(&tomoyo_domain_list_lock);
-                } else if (is_undelete)
+                } else
-                        domain = tomoyo_undelete_domain(data);
-                else
                        domain = tomoyo_find_or_assign_new_domain(data, 0);
                head->write_var1 = domain;
                return 0;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 26a76d67aa1c..e77e6a6de0f2 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -88,10 +88,7 @@ struct tomoyo_domain_info {
        /* Name of this domain. Never NULL.          */
        const struct tomoyo_path_info *domainname;
        u8 profile;        /* Profile number to use. */
-        u8 is_deleted;     /* Delete flag.
+        bool is_deleted;   /* Delete flag.           */
-                              0 = active.
-                              1 = deleted but undeletable.
-                              255 = deleted and no longer undeletable. */
        bool quota_warned; /* Quota warnning flag.   */
        /* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */
        u8 flags;
@@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record {
 #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
 #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
 #define TOMOYO_KEYWORD_SELECT                    "select "
-#define TOMOYO_KEYWORD_UNDELETE                  "undelete "
 #define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
 #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
 /* A domain definition starts with <kernel>. */
@@ -267,8 +263,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                                                            domainname,
                                                            const u8 profile);
-/* Undelete a domain. */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname);
 /* Check mode for specified functionality. */
 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
                                const u8 index);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 093a756030bd..2f2b449ffd2d 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
        return tomoyo_update_alias_entry(data, cp, is_delete);
 }
-/* Domain create/delete/undelete handler. */
+/* Domain create/delete handler. */
-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
 /**
 * tomoyo_delete_domain - Delete a domain.
@@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname)
        tomoyo_fill_path_info(&name);
        /***** EXCLUSIVE SECTION START *****/
        down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-        printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(domain->domainname, &name))
-                        continue;
-                printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-        }
-#endif
        /* Is there an active domain? */
        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                struct tomoyo_domain_info *domain2;
                /* Never delete tomoyo_kernel_domain */
                if (domain == &tomoyo_kernel_domain)
                        continue;
                if (domain->is_deleted ||
                    tomoyo_pathcmp(domain->domainname, &name))
                        continue;
-                /* Mark already deleted domains as non undeletable. */
+                domain->is_deleted = true;
-                list_for_each_entry(domain2, &tomoyo_domain_list, list) {
-                        if (!domain2->is_deleted ||
-                            tomoyo_pathcmp(domain2->domainname, &name))
-                                continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                        if (domain2->is_deleted != 255)
-                                printk(KERN_DEBUG
-                                       "Marked %p as non undeletable\n",
-                                       domain2);
-#endif
-                        domain2->is_deleted = 255;
-                }
-                /* Delete and mark active domain as undeletable. */
-                domain->is_deleted = 1;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
-#endif
                break;
        }
        up_write(&tomoyo_domain_list_lock);
@@ -614,58 +586,6 @@ int tomoyo_delete_domain(char *domainname)
 }
 /**
- * tomoyo_undelete_domain - Undelete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
- */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname)
-{
-        struct tomoyo_domain_info *domain;
-        struct tomoyo_domain_info *candidate_domain = NULL;
-        struct tomoyo_path_info name;
-        name.name = domainname;
-        tomoyo_fill_path_info(&name);
-        /***** EXCLUSIVE SECTION START *****/
-        down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-        printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(domain->domainname, &name))
-                        continue;
-                printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-        }
-#endif
-        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-                if (tomoyo_pathcmp(&name, domain->domainname))
-                        continue;
-                if (!domain->is_deleted) {
-                        /* This domain is active. I can't undelete. */
-                        candidate_domain = NULL;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                        printk(KERN_DEBUG "%p is active. I can't undelete.\n",
-                               domain);
-#endif
-                        break;
-                }
-                /* Is this domain undeletable? */
-                if (domain->is_deleted == 1)
-                        candidate_domain = domain;
-        }
-        if (candidate_domain) {
-                candidate_domain->is_deleted = 0;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
-#endif
-        }
-        up_write(&tomoyo_domain_list_lock);
-        /***** EXCLUSIVE SECTION END *****/
-        return candidate_domain;
-}
-/**
 * tomoyo_find_or_assign_new_domain - Create a domain.
 *
 * @domainname: The name of domain.
@@ -711,10 +631,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                /***** CRITICAL SECTION END *****/
                if (flag)
                        continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                printk(KERN_DEBUG "Reusing %p %s\n", domain,
-                       domain->domainname->name);
-#endif
                list_for_each_entry(ptr, &domain->acl_info_list, list) {
                        ptr->type |= TOMOYO_ACL_DELETED;
                }
@@ -722,7 +638,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                domain->profile = profile;
                domain->quota_warned = false;
                mb(); /* Avoid out-of-order execution. */
-                domain->is_deleted = 0;
+                domain->is_deleted = false;
                goto out;
        }
        /* No memory reusable. Create using new memory. */
author	Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>	2009-04-06 07:49:14 -0400
committer	James Morris <jmorris@namei.org>	2009-04-07 02:08:56 -0400
commit	a0558fc3491c0494feb8472cf6c0119e43fd9484 (patch)
tree	e26a2baaa63c07761686f97cde9aa4aaa527f82f /security
parent	d508afb437daee7cf07da085b635c44a4ebf9b38 (diff)

diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 92cea656ad21..a0affd9cfca8 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c
@@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1252	struct tomoyo_domain_info *domain = head->write_var1;	1252	struct tomoyo_domain_info *domain = head->write_var1;
1253	bool is_delete = false;	1253	bool is_delete = false;
1254	bool is_select = false;	1254	bool is_select = false;
1255	bool is_undelete = false;
1256	unsigned int profile;	1255	unsigned int profile;
1257		1256
1258	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))	1257	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
1259	is_delete = true;	1258	is_delete = true;
1260	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))	1259	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
1261	is_select = true;	1260	is_select = true;
1262	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
1263	is_undelete = true;
1264	if (is_select && tomoyo_is_select_one(head, data))	1261	if (is_select && tomoyo_is_select_one(head, data))
1265	return 0;	1262	return 0;
1266	/* Don't allow updating policies by non manager programs. */	1263	/* Don't allow updating policies by non manager programs. */
@@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
1274	down_read(&tomoyo_domain_list_lock);	1271	down_read(&tomoyo_domain_list_lock);
1275	domain = tomoyo_find_domain(data);	1272	domain = tomoyo_find_domain(data);
1276	up_read(&tomoyo_domain_list_lock);	1273	up_read(&tomoyo_domain_list_lock);
1277	} else if (is_undelete)	1274	} else
1278	domain = tomoyo_undelete_domain(data);
1279	else
1280	domain = tomoyo_find_or_assign_new_domain(data, 0);	1275	domain = tomoyo_find_or_assign_new_domain(data, 0);
1281	head->write_var1 = domain;	1276	head->write_var1 = domain;
1282	return 0;	1277	return 0;


diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 26a76d67aa1c..e77e6a6de0f2 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h
@@ -88,10 +88,7 @@ struct tomoyo_domain_info {
88	/* Name of this domain. Never NULL. */	88	/* Name of this domain. Never NULL. */
89	const struct tomoyo_path_info *domainname;	89	const struct tomoyo_path_info *domainname;
90	u8 profile; /* Profile number to use. */	90	u8 profile; /* Profile number to use. */
91	u8 is_deleted; /* Delete flag.	91	bool is_deleted; /* Delete flag. */
92	0 = active.
93	1 = deleted but undeletable.
94	255 = deleted and no longer undeletable. */
95	bool quota_warned; /* Quota warnning flag. */	92	bool quota_warned; /* Quota warnning flag. */
96	/* DOMAIN_FLAGS_. Use tomoyo_set_domain_flag() to modify. /	93	/* DOMAIN_FLAGS_. Use tomoyo_set_domain_flag() to modify. /
97	u8 flags;	94	u8 flags;
@@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record {
144	#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "	141	#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
145	#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "	142	#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
146	#define TOMOYO_KEYWORD_SELECT "select "	143	#define TOMOYO_KEYWORD_SELECT "select "
147	#define TOMOYO_KEYWORD_UNDELETE "undelete "
148	#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "	144	#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "
149	#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"	145	#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
150	/* A domain definition starts with <kernel>. */	146	/* A domain definition starts with <kernel>. */
@@ -267,8 +263,6 @@ struct tomoyo_domain_info tomoyo_find_domain(const char domainname);
267	struct tomoyo_domain_info tomoyo_find_or_assign_new_domain(const char	263	struct tomoyo_domain_info tomoyo_find_or_assign_new_domain(const char
268	domainname,	264	domainname,
269	const u8 profile);	265	const u8 profile);
270	/* Undelete a domain. */
271	struct tomoyo_domain_info tomoyo_undelete_domain(const char domainname);
272	/* Check mode for specified functionality. */	266	/* Check mode for specified functionality. */
273	unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,	267	unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
274	const u8 index);	268	const u8 index);


diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 093a756030bd..2f2b449ffd2d 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c
@@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
551	return tomoyo_update_alias_entry(data, cp, is_delete);	551	return tomoyo_update_alias_entry(data, cp, is_delete);
552	}	552	}
553		553
554	/* Domain create/delete/undelete handler. */	554	/* Domain create/delete handler. */
555
556	/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
557		555
558	/**	556	/**
559	* tomoyo_delete_domain - Delete a domain.	557	* tomoyo_delete_domain - Delete a domain.
@@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname)
571	tomoyo_fill_path_info(&name);	569	tomoyo_fill_path_info(&name);
572	/*** EXCLUSIVE SECTION START ***/	570	/*** EXCLUSIVE SECTION START ***/
573	down_write(&tomoyo_domain_list_lock);	571	down_write(&tomoyo_domain_list_lock);
574	#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
575	printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
576	list_for_each_entry(domain, &tomoyo_domain_list, list) {
577	if (tomoyo_pathcmp(domain->domainname, &name))
578	continue;
579	printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
580	}
581	#endif
582	/* Is there an active domain? */	572	/* Is there an active domain? */
583	list_for_each_entry(domain, &tomoyo_domain_list, list) {	573	list_for_each_entry(domain, &tomoyo_domain_list, list) {
584	struct tomoyo_domain_info *domain2;
585	/* Never delete tomoyo_kernel_domain */	574	/* Never delete tomoyo_kernel_domain */
586	if (domain == &tomoyo_kernel_domain)	575	if (domain == &tomoyo_kernel_domain)
587	continue;	576	continue;
588	if (domain->is_deleted \|\|	577	if (domain->is_deleted \|\|
589	tomoyo_pathcmp(domain->domainname, &name))	578	tomoyo_pathcmp(domain->domainname, &name))
590	continue;	579	continue;
591	/* Mark already deleted domains as non undeletable. */	580	domain->is_deleted = true;
592	list_for_each_entry(domain2, &tomoyo_domain_list, list) {
593	if (!domain2->is_deleted \|\|
594	tomoyo_pathcmp(domain2->domainname, &name))
595	continue;
596	#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
597	if (domain2->is_deleted != 255)
598	printk(KERN_DEBUG
599	"Marked %p as non undeletable\n",
600	domain2);
601	#endif
602	domain2->is_deleted = 255;
603	}
604	/* Delete and mark active domain as undeletable. */
605	domain->is_deleted = 1;
606	#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
607	printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
608	#endif
609	break;	581	break;
610	}	582	}
611	up_write(&tomoyo_domain_list_lock);	583	up_write(&tomoyo_domain_list_lock);
@@ -614,58 +586,6 @@ int tomoyo_delete_domain(char *domainname)
614	}	586	}
615		587
616	/**	588	/**
617	* tomoyo_undelete_domain - Undelete a domain.
618	*
619	* @domainname: The name of domain.
620	*
621	* Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
622	*/
623	struct tomoyo_domain_info tomoyo_undelete_domain(const char domainname)
624	{
625	struct tomoyo_domain_info *domain;
626	struct tomoyo_domain_info *candidate_domain = NULL;
627	struct tomoyo_path_info name;
628
629	name.name = domainname;
630	tomoyo_fill_path_info(&name);
631	/*** EXCLUSIVE SECTION START ***/
632	down_write(&tomoyo_domain_list_lock);
633	#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
634	printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
635	list_for_each_entry(domain, &tomoyo_domain_list, list) {
636	if (tomoyo_pathcmp(domain->domainname, &name))
637	continue;
638	printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
639	}
640	#endif
641	list_for_each_entry(domain, &tomoyo_domain_list, list) {
642	if (tomoyo_pathcmp(&name, domain->domainname))
643	continue;
644	if (!domain->is_deleted) {
645	/* This domain is active. I can't undelete. */
646	candidate_domain = NULL;
647	#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
648	printk(KERN_DEBUG "%p is active. I can't undelete.\n",
649	domain);
650	#endif
651	break;
652	}
653	/* Is this domain undeletable? */
654	if (domain->is_deleted == 1)
655	candidate_domain = domain;
656	}
657	if (candidate_domain) {
658	candidate_domain->is_deleted = 0;
659	#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
660	printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
661	#endif
662	}
663	up_write(&tomoyo_domain_list_lock);
664	/*** EXCLUSIVE SECTION END ***/
665	return candidate_domain;
666	}
667
668	/**
669	* tomoyo_find_or_assign_new_domain - Create a domain.	589	* tomoyo_find_or_assign_new_domain - Create a domain.
670	*	590	*
671	* @domainname: The name of domain.	591	* @domainname: The name of domain.
@@ -711,10 +631,6 @@ struct tomoyo_domain_info tomoyo_find_or_assign_new_domain(const char
711	/*** CRITICAL SECTION END ***/	631	/*** CRITICAL SECTION END ***/
712	if (flag)	632	if (flag)
713	continue;	633	continue;
714	#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
715	printk(KERN_DEBUG "Reusing %p %s\n", domain,
716	domain->domainname->name);
717	#endif
718	list_for_each_entry(ptr, &domain->acl_info_list, list) {	634	list_for_each_entry(ptr, &domain->acl_info_list, list) {
719	ptr->type \|= TOMOYO_ACL_DELETED;	635	ptr->type \|= TOMOYO_ACL_DELETED;
720	}	636	}
@@ -722,7 +638,7 @@ struct tomoyo_domain_info tomoyo_find_or_assign_new_domain(const char
722	domain->profile = profile;	638	domain->profile = profile;
723	domain->quota_warned = false;	639	domain->quota_warned = false;
724	mb(); /* Avoid out-of-order execution. */	640	mb(); /* Avoid out-of-order execution. */
725	domain->is_deleted = 0;	641	domain->is_deleted = false;
726	goto out;	642	goto out;
727	}	643	}
728	/* No memory reusable. Create using new memory. */	644	/* No memory reusable. Create using new memory. */