3 files changed, 0 insertions, 95 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 5ae3a571559f..8346938809b1 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -1096,27 +1096,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
 }
 /**
- * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write".
- *
- * @domain:    Pointer to "struct tomoyo_domain_info".
- * @filename:  Filename to check.
- * @perm:      Mode ("read" or "write" or "read/write").
- * Returns 0 on success, negative value otherwise.
- */
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
-                           const char *filename, const u8 perm)
-{
-        struct tomoyo_path_info name;
-        const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
-        if (!mode)
-                return 0;
-        name.name = filename;
-        tomoyo_fill_path_info(&name);
-        return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode);
-}
-/**
 * tomoyo_check_exec_perm - Check permission for "execute".
 *
 * @domain:   Pointer to "struct tomoyo_domain_info".
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 3f93bb91768b..8a00ade85166 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
        return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);
 }
-#ifdef CONFIG_SYSCTL
-static int tomoyo_prepend(char **buffer, int *buflen, const char *str)
-{
-        int namelen = strlen(str);
-        if (*buflen < namelen)
-                return -ENOMEM;
-        *buflen -= namelen;
-        *buffer -= namelen;
-        memcpy(*buffer, str, namelen);
-        return 0;
-}
-/**
- * tomoyo_sysctl_path - return the realpath of a ctl_table.
- * @table: pointer to "struct ctl_table".
- *
- * Returns realpath(3) of the @table on success.
- * Returns NULL on failure.
- *
- * This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
- * if this function didn't return NULL.
- */
-static char *tomoyo_sysctl_path(struct ctl_table *table)
-{
-        int buflen = TOMOYO_MAX_PATHNAME_LEN;
-        char *buf = tomoyo_alloc(buflen);
-        char *end = buf + buflen;
-        int error = -ENOMEM;
-        if (!buf)
-                return NULL;
-        *--end = '\0';
-        buflen--;
-        while (table) {
-                if (tomoyo_prepend(&end, &buflen, table->procname) ||
-                    tomoyo_prepend(&end, &buflen, "/"))
-                        goto out;
-                table = table->parent;
-        }
-        if (tomoyo_prepend(&end, &buflen, "/proc/sys"))
-                goto out;
-        error = tomoyo_encode(buf, end - buf, end);
- out:
-        if (!error)
-                return buf;
-        tomoyo_free(buf);
-        return NULL;
-}
-static int tomoyo_sysctl(struct ctl_table *table, int op)
-{
-        int error;
-        char *name;
-        op &= MAY_READ | MAY_WRITE;
-        if (!op)
-                return 0;
-        name = tomoyo_sysctl_path(table);
-        if (!name)
-                return -ENOMEM;
-        error = tomoyo_check_file_perm(tomoyo_domain(), name, op);
-        tomoyo_free(name);
-        return error;
-}
-#endif
 static int tomoyo_path_truncate(struct path *path, loff_t length,
                                unsigned int time_attrs)
 {
@@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = {
        .cred_transfer       = tomoyo_cred_transfer,
        .bprm_set_creds      = tomoyo_bprm_set_creds,
        .bprm_check_security = tomoyo_bprm_check_security,
-#ifdef CONFIG_SYSCTL
-        .sysctl              = tomoyo_sysctl,
-#endif
        .file_fcntl          = tomoyo_file_fcntl,
        .dentry_open         = tomoyo_dentry_open,
        .path_truncate       = tomoyo_path_truncate,
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
index cd6ba0bf7069..ed758325b1ae 100644
--- a/security/tomoyo/tomoyo.h
+++ b/security/tomoyo/tomoyo.h
@@ -18,8 +18,6 @@ struct inode;
 struct linux_binprm;
 struct pt_regs;
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
-                           const char *filename, const u8 perm);
 int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
                           const struct tomoyo_path_info *filename);
 int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,

diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 5ae3a571559f..8346938809b1 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c
@@ -1096,27 +1096,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
1096	}	1096	}
1097		1097
1098	/**	1098	/**
1099	* tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write".
1100	*
1101	* @domain: Pointer to "struct tomoyo_domain_info".
1102	* @filename: Filename to check.
1103	* @perm: Mode ("read" or "write" or "read/write").
1104	* Returns 0 on success, negative value otherwise.
1105	*/
1106	int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
1107	const char *filename, const u8 perm)
1108	{
1109	struct tomoyo_path_info name;
1110	const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
1111
1112	if (!mode)
1113	return 0;
1114	name.name = filename;
1115	tomoyo_fill_path_info(&name);
1116	return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode);
1117	}
1118
1119	/**
1120	* tomoyo_check_exec_perm - Check permission for "execute".	1099	* tomoyo_check_exec_perm - Check permission for "execute".
1121	*	1100	*
1122	* @domain: Pointer to "struct tomoyo_domain_info".	1101	* @domain: Pointer to "struct tomoyo_domain_info".


diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3f93bb91768b..8a00ade85166 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c
@@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
85	return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);	85	return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);
86	}	86	}
87		87
88	#ifdef CONFIG_SYSCTL
89
90	static int tomoyo_prepend(char *buffer, int buflen, const char *str)
91	{
92	int namelen = strlen(str);
93
94	if (*buflen < namelen)
95	return -ENOMEM;
96	*buflen -= namelen;
97	*buffer -= namelen;
98	memcpy(*buffer, str, namelen);
99	return 0;
100	}
101
102	/**
103	* tomoyo_sysctl_path - return the realpath of a ctl_table.
104	* @table: pointer to "struct ctl_table".
105	*
106	* Returns realpath(3) of the @table on success.
107	* Returns NULL on failure.
108	*
109	* This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
110	* if this function didn't return NULL.
111	*/
112	static char tomoyo_sysctl_path(struct ctl_table table)
113	{
114	int buflen = TOMOYO_MAX_PATHNAME_LEN;
115	char *buf = tomoyo_alloc(buflen);
116	char *end = buf + buflen;
117	int error = -ENOMEM;
118
119	if (!buf)
120	return NULL;
121
122	*--end = '\0';
123	buflen--;
124	while (table) {
125	if (tomoyo_prepend(&end, &buflen, table->procname) \|\|
126	tomoyo_prepend(&end, &buflen, "/"))
127	goto out;
128	table = table->parent;
129	}
130	if (tomoyo_prepend(&end, &buflen, "/proc/sys"))
131	goto out;
132	error = tomoyo_encode(buf, end - buf, end);
133	out:
134	if (!error)
135	return buf;
136	tomoyo_free(buf);
137	return NULL;
138	}
139
140	static int tomoyo_sysctl(struct ctl_table *table, int op)
141	{
142	int error;
143	char *name;
144
145	op &= MAY_READ \| MAY_WRITE;
146	if (!op)
147	return 0;
148	name = tomoyo_sysctl_path(table);
149	if (!name)
150	return -ENOMEM;
151	error = tomoyo_check_file_perm(tomoyo_domain(), name, op);
152	tomoyo_free(name);
153	return error;
154	}
155	#endif
156
157	static int tomoyo_path_truncate(struct path *path, loff_t length,	88	static int tomoyo_path_truncate(struct path *path, loff_t length,
158	unsigned int time_attrs)	89	unsigned int time_attrs)
159	{	90	{
@@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = {
274	.cred_transfer = tomoyo_cred_transfer,	205	.cred_transfer = tomoyo_cred_transfer,
275	.bprm_set_creds = tomoyo_bprm_set_creds,	206	.bprm_set_creds = tomoyo_bprm_set_creds,
276	.bprm_check_security = tomoyo_bprm_check_security,	207	.bprm_check_security = tomoyo_bprm_check_security,
277	#ifdef CONFIG_SYSCTL
278	.sysctl = tomoyo_sysctl,
279	#endif
280	.file_fcntl = tomoyo_file_fcntl,	208	.file_fcntl = tomoyo_file_fcntl,
281	.dentry_open = tomoyo_dentry_open,	209	.dentry_open = tomoyo_dentry_open,
282	.path_truncate = tomoyo_path_truncate,	210	.path_truncate = tomoyo_path_truncate,


diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index cd6ba0bf7069..ed758325b1ae 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h
@@ -18,8 +18,6 @@ struct inode;
18	struct linux_binprm;	18	struct linux_binprm;
19	struct pt_regs;	19	struct pt_regs;
20		20
21	int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
22	const char *filename, const u8 perm);
23	int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,	21	int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
24	const struct tomoyo_path_info *filename);	22	const struct tomoyo_path_info *filename);
25	int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,	23	int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,