TOMOYO: Remove /sys/kernel/security/tomoyo/.domain_status interface.
/sys/kernel/security/tomoyo/.domain_status can be easily emulated using
/sys/kernel/security/tomoyo/domain_policy . We can remove this interface by
updating /usr/sbin/tomoyo-setprofile utility.
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index 8b14cef..b340137 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1213,73 +1213,6 @@
}
/**
- * tomoyo_write_domain_profile - Assign profile for specified domain.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns 0 on success, -EINVAL otherwise.
- *
- * This is equivalent to doing
- *
- * ( echo "select " $domainname; echo "use_profile " $profile ) |
- * /usr/sbin/tomoyo-loadpolicy -d
- *
- * Caller holds tomoyo_read_lock().
- */
-static int tomoyo_write_domain_profile(struct tomoyo_io_buffer *head)
-{
- char *data = head->write_buf;
- char *cp = strchr(data, ' ');
- struct tomoyo_domain_info *domain;
- unsigned long profile;
-
- if (!cp)
- return -EINVAL;
- *cp = '\0';
- domain = tomoyo_find_domain(cp + 1);
- if (strict_strtoul(data, 10, &profile))
- return -EINVAL;
- if (domain && (!tomoyo_policy_loaded ||
- head->w.ns->profile_ptr[(u8) profile]))
- domain->profile = (u8) profile;
- return 0;
-}
-
-/**
- * tomoyo_read_domain_profile - Read only domainname and profile.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns list of profile number and domainname pairs.
- *
- * This is equivalent to doing
- *
- * grep -A 1 '^<kernel>' /sys/kernel/security/tomoyo/domain_policy |
- * awk ' { if ( domainname == "" ) { if ( $1 == "<kernel>" )
- * domainname = $0; } else if ( $1 == "use_profile" ) {
- * print $2 " " domainname; domainname = ""; } } ; '
- *
- * Caller holds tomoyo_read_lock().
- */
-static void tomoyo_read_domain_profile(struct tomoyo_io_buffer *head)
-{
- if (head->r.eof)
- return;
- list_for_each_cookie(head->r.domain, &tomoyo_domain_list) {
- struct tomoyo_domain_info *domain =
- list_entry(head->r.domain, typeof(*domain), list);
- if (domain->is_deleted)
- continue;
- if (!tomoyo_flush(head))
- return;
- tomoyo_io_printf(head, "%u ", domain->profile);
- tomoyo_set_string(head, domain->domainname->name);
- tomoyo_set_lf(head);
- }
- head->r.eof = true;
-}
-
-/**
* tomoyo_write_pid: Specify PID to obtain domainname.
*
* @head: Pointer to "struct tomoyo_io_buffer".
@@ -1994,11 +1927,6 @@
/* /sys/kernel/security/tomoyo/self_domain */
head->read = tomoyo_read_self_domain;
break;
- case TOMOYO_DOMAIN_STATUS:
- /* /sys/kernel/security/tomoyo/.domain_status */
- head->write = tomoyo_write_domain_profile;
- head->read = tomoyo_read_domain_profile;
- break;
case TOMOYO_PROCESS_STATUS:
/* /sys/kernel/security/tomoyo/.process_status */
head->write = tomoyo_write_pid;
@@ -2291,7 +2219,6 @@
switch (head->type) {
case TOMOYO_DOMAINPOLICY:
case TOMOYO_EXCEPTIONPOLICY:
- case TOMOYO_DOMAIN_STATUS:
case TOMOYO_STAT:
case TOMOYO_PROFILE:
case TOMOYO_MANAGER:
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 465e34b..beb7d0e 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -172,7 +172,6 @@
enum tomoyo_securityfs_interface_index {
TOMOYO_DOMAINPOLICY,
TOMOYO_EXCEPTIONPOLICY,
- TOMOYO_DOMAIN_STATUS,
TOMOYO_PROCESS_STATUS,
TOMOYO_STAT,
TOMOYO_SELFDOMAIN,
diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c
index b509e2c..888e83d 100644
--- a/security/tomoyo/securityfs_if.c
+++ b/security/tomoyo/securityfs_if.c
@@ -139,8 +139,6 @@
TOMOYO_AUDIT);
tomoyo_create_entry("self_domain", 0400, tomoyo_dir,
TOMOYO_SELFDOMAIN);
- tomoyo_create_entry(".domain_status", 0600, tomoyo_dir,
- TOMOYO_DOMAIN_STATUS);
tomoyo_create_entry(".process_status", 0600, tomoyo_dir,
TOMOYO_PROCESS_STATUS);
tomoyo_create_entry("stat", 0644, tomoyo_dir,