diff options
| author | Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> | 2009-04-06 20:49:14 +0900 | 
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-04-07 08:17:43 +1000 | 
| commit | 7ba5779533819fc061b4afafcb4a609d55f37057 (patch) | |
| tree | aef85844963c54661d33ed82dad8ff9afac7ea9d /security | |
| parent | b5f22a59c0356655a501190959db9f7f5dd07e3f (diff) | |
tomoyo: remove "undelete domain" command.
Since TOMOYO's policy management tools does not use the "undelete domain"
command, we decided to remove that command.
Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/tomoyo/common.c | 7 | ||||
| -rw-r--r-- | security/tomoyo/common.h | 8 | ||||
| -rw-r--r-- | security/tomoyo/domain.c | 90 | 
3 files changed, 5 insertions, 100 deletions
| diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index 92cea656ad2..a0affd9cfca 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)  	struct tomoyo_domain_info *domain = head->write_var1;  	bool is_delete = false;  	bool is_select = false; -	bool is_undelete = false;  	unsigned int profile;  	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))  		is_delete = true;  	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))  		is_select = true; -	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE)) -		is_undelete = true;  	if (is_select && tomoyo_is_select_one(head, data))  		return 0;  	/* Don't allow updating policies by non manager programs. */ @@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)  			down_read(&tomoyo_domain_list_lock);  			domain = tomoyo_find_domain(data);  			up_read(&tomoyo_domain_list_lock); -		} else if (is_undelete) -			domain = tomoyo_undelete_domain(data); -		else +		} else  			domain = tomoyo_find_or_assign_new_domain(data, 0);  		head->write_var1 = domain;  		return 0; diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index 26a76d67aa1..e77e6a6de0f 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -88,10 +88,7 @@ struct tomoyo_domain_info {  	/* Name of this domain. Never NULL.          */  	const struct tomoyo_path_info *domainname;  	u8 profile;        /* Profile number to use. */ -	u8 is_deleted;     /* Delete flag. -			      0 = active. -			      1 = deleted but undeletable. -			      255 = deleted and no longer undeletable. */ +	bool is_deleted;   /* Delete flag.           */  	bool quota_warned; /* Quota warnning flag.   */  	/* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */  	u8 flags; @@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record {  #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "  #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "  #define TOMOYO_KEYWORD_SELECT                    "select " -#define TOMOYO_KEYWORD_UNDELETE                  "undelete "  #define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "  #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"  /* A domain definition starts with <kernel>. */ @@ -267,8 +263,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);  struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *  							    domainname,  							    const u8 profile); -/* Undelete a domain. */ -struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname);  /* Check mode for specified functionality. */  unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,  				const u8 index); diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c index 093a756030b..2f2b449ffd2 100644 --- a/security/tomoyo/domain.c +++ b/security/tomoyo/domain.c @@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)  	return tomoyo_update_alias_entry(data, cp, is_delete);  } -/* Domain create/delete/undelete handler. */ - -/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */ +/* Domain create/delete handler. */  /**   * tomoyo_delete_domain - Delete a domain. @@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname)  	tomoyo_fill_path_info(&name);  	/***** EXCLUSIVE SECTION START *****/  	down_write(&tomoyo_domain_list_lock); -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE -	printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname); -	list_for_each_entry(domain, &tomoyo_domain_list, list) { -		if (tomoyo_pathcmp(domain->domainname, &name)) -			continue; -		printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted); -	} -#endif  	/* Is there an active domain? */  	list_for_each_entry(domain, &tomoyo_domain_list, list) { -		struct tomoyo_domain_info *domain2;  		/* Never delete tomoyo_kernel_domain */  		if (domain == &tomoyo_kernel_domain)  			continue;  		if (domain->is_deleted ||  		    tomoyo_pathcmp(domain->domainname, &name))  			continue; -		/* Mark already deleted domains as non undeletable. */ -		list_for_each_entry(domain2, &tomoyo_domain_list, list) { -			if (!domain2->is_deleted || -			    tomoyo_pathcmp(domain2->domainname, &name)) -				continue; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE -			if (domain2->is_deleted != 255) -				printk(KERN_DEBUG -				       "Marked %p as non undeletable\n", -				       domain2); -#endif -			domain2->is_deleted = 255; -		} -		/* Delete and mark active domain as undeletable. */ -		domain->is_deleted = 1; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE -		printk(KERN_DEBUG "Marked %p as undeletable\n", domain); -#endif +		domain->is_deleted = true;  		break;  	}  	up_write(&tomoyo_domain_list_lock); @@ -614,58 +586,6 @@ int tomoyo_delete_domain(char *domainname)  }  /** - * tomoyo_undelete_domain - Undelete a domain. - * - * @domainname: The name of domain. - * - * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise. - */ -struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname) -{ -	struct tomoyo_domain_info *domain; -	struct tomoyo_domain_info *candidate_domain = NULL; -	struct tomoyo_path_info name; - -	name.name = domainname; -	tomoyo_fill_path_info(&name); -	/***** EXCLUSIVE SECTION START *****/ -	down_write(&tomoyo_domain_list_lock); -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE -	printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname); -	list_for_each_entry(domain, &tomoyo_domain_list, list) { -		if (tomoyo_pathcmp(domain->domainname, &name)) -			continue; -		printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted); -	} -#endif -	list_for_each_entry(domain, &tomoyo_domain_list, list) { -		if (tomoyo_pathcmp(&name, domain->domainname)) -			continue; -		if (!domain->is_deleted) { -			/* This domain is active. I can't undelete. */ -			candidate_domain = NULL; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE -			printk(KERN_DEBUG "%p is active. I can't undelete.\n", -			       domain); -#endif -			break; -		} -		/* Is this domain undeletable? */ -		if (domain->is_deleted == 1) -			candidate_domain = domain; -	} -	if (candidate_domain) { -		candidate_domain->is_deleted = 0; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE -		printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain); -#endif -	} -	up_write(&tomoyo_domain_list_lock); -	/***** EXCLUSIVE SECTION END *****/ -	return candidate_domain; -} - -/**   * tomoyo_find_or_assign_new_domain - Create a domain.   *   * @domainname: The name of domain. @@ -711,10 +631,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *  		/***** CRITICAL SECTION END *****/  		if (flag)  			continue; -#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE -		printk(KERN_DEBUG "Reusing %p %s\n", domain, -		       domain->domainname->name); -#endif  		list_for_each_entry(ptr, &domain->acl_info_list, list) {  			ptr->type |= TOMOYO_ACL_DELETED;  		} @@ -722,7 +638,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *  		domain->profile = profile;  		domain->quota_warned = false;  		mb(); /* Avoid out-of-order execution. */ -		domain->is_deleted = 0; +		domain->is_deleted = false;  		goto out;  	}  	/* No memory reusable. Create using new memory. */ | 
