diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 5ae3a571559f..8346938809b1 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -1095,27 +1095,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info * return error; } -/** - * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write". - * - * @domain: Pointer to "struct tomoyo_domain_info". - * @filename: Filename to check. - * @perm: Mode ("read" or "write" or "read/write"). - * Returns 0 on success, negative value otherwise. - */ -int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, - const char *filename, const u8 perm) -{ - struct tomoyo_path_info name; - const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE); - - if (!mode) - return 0; - name.name = filename; - tomoyo_fill_path_info(&name); - return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode); -} - /** * tomoyo_check_exec_perm - Check permission for "execute". * diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3f93bb91768b..8a00ade85166 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); } -#ifdef CONFIG_SYSCTL - -static int tomoyo_prepend(char **buffer, int *buflen, const char *str) -{ - int namelen = strlen(str); - - if (*buflen < namelen) - return -ENOMEM; - *buflen -= namelen; - *buffer -= namelen; - memcpy(*buffer, str, namelen); - return 0; -} - -/** - * tomoyo_sysctl_path - return the realpath of a ctl_table. - * @table: pointer to "struct ctl_table". - * - * Returns realpath(3) of the @table on success. - * Returns NULL on failure. - * - * This function uses tomoyo_alloc(), so the caller must call tomoyo_free() - * if this function didn't return NULL. - */ -static char *tomoyo_sysctl_path(struct ctl_table *table) -{ - int buflen = TOMOYO_MAX_PATHNAME_LEN; - char *buf = tomoyo_alloc(buflen); - char *end = buf + buflen; - int error = -ENOMEM; - - if (!buf) - return NULL; - - *--end = '\0'; - buflen--; - while (table) { - if (tomoyo_prepend(&end, &buflen, table->procname) || - tomoyo_prepend(&end, &buflen, "/")) - goto out; - table = table->parent; - } - if (tomoyo_prepend(&end, &buflen, "/proc/sys")) - goto out; - error = tomoyo_encode(buf, end - buf, end); - out: - if (!error) - return buf; - tomoyo_free(buf); - return NULL; -} - -static int tomoyo_sysctl(struct ctl_table *table, int op) -{ - int error; - char *name; - - op &= MAY_READ | MAY_WRITE; - if (!op) - return 0; - name = tomoyo_sysctl_path(table); - if (!name) - return -ENOMEM; - error = tomoyo_check_file_perm(tomoyo_domain(), name, op); - tomoyo_free(name); - return error; -} -#endif - static int tomoyo_path_truncate(struct path *path, loff_t length, unsigned int time_attrs) { @@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = { .cred_transfer = tomoyo_cred_transfer, .bprm_set_creds = tomoyo_bprm_set_creds, .bprm_check_security = tomoyo_bprm_check_security, -#ifdef CONFIG_SYSCTL - .sysctl = tomoyo_sysctl, -#endif .file_fcntl = tomoyo_file_fcntl, .dentry_open = tomoyo_dentry_open, .path_truncate = tomoyo_path_truncate, diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h index cd6ba0bf7069..ed758325b1ae 100644 --- a/security/tomoyo/tomoyo.h +++ b/security/tomoyo/tomoyo.h @@ -18,8 +18,6 @@ struct inode; struct linux_binprm; struct pt_regs; -int tomoyo_check_file_perm(struct tomoyo_domain_info *domain, - const char *filename, const u8 perm); int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain, const struct tomoyo_path_info *filename); int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,