aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2009-04-07 08:02:02 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2009-04-07 08:02:02 -0700
commit548cbdc858bb81d72fbcb91a196069559b2b4684 (patch)
treef53fbd41701703169fb6051d79780e3e19d5aec2
parenta01da1d0f643142fa6845eb3bd14daab8ce7bea5 (diff)
parenta0558fc3491c0494feb8472cf6c0119e43fd9484 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6: tomoyo: remove "undelete domain" command.
-rw-r--r--security/tomoyo/common.c7
-rw-r--r--security/tomoyo/common.h8
-rw-r--r--security/tomoyo/domain.c90
3 files changed, 5 insertions, 100 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 92cea656ad2..a0affd9cfca 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
struct tomoyo_domain_info *domain = head->write_var1;
bool is_delete = false;
bool is_select = false;
- bool is_undelete = false;
unsigned int profile;
if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
is_delete = true;
else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
is_select = true;
- else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
- is_undelete = true;
if (is_select && tomoyo_is_select_one(head, data))
return 0;
/* Don't allow updating policies by non manager programs. */
@@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
down_read(&tomoyo_domain_list_lock);
domain = tomoyo_find_domain(data);
up_read(&tomoyo_domain_list_lock);
- } else if (is_undelete)
- domain = tomoyo_undelete_domain(data);
- else
+ } else
domain = tomoyo_find_or_assign_new_domain(data, 0);
head->write_var1 = domain;
return 0;
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 26a76d67aa1..e77e6a6de0f 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -88,10 +88,7 @@ struct tomoyo_domain_info {
/* Name of this domain. Never NULL. */
const struct tomoyo_path_info *domainname;
u8 profile; /* Profile number to use. */
- u8 is_deleted; /* Delete flag.
- 0 = active.
- 1 = deleted but undeletable.
- 255 = deleted and no longer undeletable. */
+ bool is_deleted; /* Delete flag. */
bool quota_warned; /* Quota warnning flag. */
/* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */
u8 flags;
@@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record {
#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
#define TOMOYO_KEYWORD_SELECT "select "
-#define TOMOYO_KEYWORD_UNDELETE "undelete "
#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "
#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
/* A domain definition starts with <kernel>. */
@@ -267,8 +263,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
domainname,
const u8 profile);
-/* Undelete a domain. */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname);
/* Check mode for specified functionality. */
unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
const u8 index);
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 093a756030b..2f2b449ffd2 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
return tomoyo_update_alias_entry(data, cp, is_delete);
}
-/* Domain create/delete/undelete handler. */
-
-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
+/* Domain create/delete handler. */
/**
* tomoyo_delete_domain - Delete a domain.
@@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname)
tomoyo_fill_path_info(&name);
/***** EXCLUSIVE SECTION START *****/
down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
- printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
- list_for_each_entry(domain, &tomoyo_domain_list, list) {
- if (tomoyo_pathcmp(domain->domainname, &name))
- continue;
- printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
- }
-#endif
/* Is there an active domain? */
list_for_each_entry(domain, &tomoyo_domain_list, list) {
- struct tomoyo_domain_info *domain2;
/* Never delete tomoyo_kernel_domain */
if (domain == &tomoyo_kernel_domain)
continue;
if (domain->is_deleted ||
tomoyo_pathcmp(domain->domainname, &name))
continue;
- /* Mark already deleted domains as non undeletable. */
- list_for_each_entry(domain2, &tomoyo_domain_list, list) {
- if (!domain2->is_deleted ||
- tomoyo_pathcmp(domain2->domainname, &name))
- continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
- if (domain2->is_deleted != 255)
- printk(KERN_DEBUG
- "Marked %p as non undeletable\n",
- domain2);
-#endif
- domain2->is_deleted = 255;
- }
- /* Delete and mark active domain as undeletable. */
- domain->is_deleted = 1;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
- printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
-#endif
+ domain->is_deleted = true;
break;
}
up_write(&tomoyo_domain_list_lock);
@@ -614,58 +586,6 @@ int tomoyo_delete_domain(char *domainname)
}
/**
- * tomoyo_undelete_domain - Undelete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
- */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname)
-{
- struct tomoyo_domain_info *domain;
- struct tomoyo_domain_info *candidate_domain = NULL;
- struct tomoyo_path_info name;
-
- name.name = domainname;
- tomoyo_fill_path_info(&name);
- /***** EXCLUSIVE SECTION START *****/
- down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
- printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
- list_for_each_entry(domain, &tomoyo_domain_list, list) {
- if (tomoyo_pathcmp(domain->domainname, &name))
- continue;
- printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
- }
-#endif
- list_for_each_entry(domain, &tomoyo_domain_list, list) {
- if (tomoyo_pathcmp(&name, domain->domainname))
- continue;
- if (!domain->is_deleted) {
- /* This domain is active. I can't undelete. */
- candidate_domain = NULL;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
- printk(KERN_DEBUG "%p is active. I can't undelete.\n",
- domain);
-#endif
- break;
- }
- /* Is this domain undeletable? */
- if (domain->is_deleted == 1)
- candidate_domain = domain;
- }
- if (candidate_domain) {
- candidate_domain->is_deleted = 0;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
- printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
-#endif
- }
- up_write(&tomoyo_domain_list_lock);
- /***** EXCLUSIVE SECTION END *****/
- return candidate_domain;
-}
-
-/**
* tomoyo_find_or_assign_new_domain - Create a domain.
*
* @domainname: The name of domain.
@@ -711,10 +631,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
/***** CRITICAL SECTION END *****/
if (flag)
continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
- printk(KERN_DEBUG "Reusing %p %s\n", domain,
- domain->domainname->name);
-#endif
list_for_each_entry(ptr, &domain->acl_info_list, list) {
ptr->type |= TOMOYO_ACL_DELETED;
}
@@ -722,7 +638,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
domain->profile = profile;
domain->quota_warned = false;
mb(); /* Avoid out-of-order execution. */
- domain->is_deleted = 0;
+ domain->is_deleted = false;
goto out;
}
/* No memory reusable. Create using new memory. */