From 86b1bc68e2f4244e4ea5db5458df9d19259fbb30 Mon Sep 17 00:00:00 2001 From: Tetsuo Handa Date: Mon, 9 Nov 2009 09:12:15 +0900 Subject: sysctl security/tomoyo: Don't look at ctl_name ctl_name field was removed. Always use procname field. Signed-off-by: Tetsuo Handa Signed-off-by: Eric W. Biederman --- security/tomoyo/tomoyo.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) (limited to 'security/tomoyo/tomoyo.c') diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 9548a09..3f93bb9 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -122,15 +122,7 @@ static char *tomoyo_sysctl_path(struct ctl_table *table) *--end = '\0'; buflen--; while (table) { - char num[32]; - const char *sp = table->procname; - - if (!sp) { - memset(num, 0, sizeof(num)); - snprintf(num, sizeof(num) - 1, "=%d=", table->ctl_name); - sp = num; - } - if (tomoyo_prepend(&end, &buflen, sp) || + if (tomoyo_prepend(&end, &buflen, table->procname) || tomoyo_prepend(&end, &buflen, "/")) goto out; table = table->parent; -- cgit v1.1 From c656ae95d1c5c8ed5763356263ace2d03087efec Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Fri, 20 Nov 2009 09:24:19 -0800 Subject: security/tomoyo: Remove now unnecessary handling of security_sysctl. Now that sys_sysctl is an emulation on top of proc sys all sysctl operations look like normal filesystem operations and we don't need to use the special sysctl hook to authenticate them. Acked-by: Tetsuo Handa Signed-off-by: Eric W. Biederman --- security/tomoyo/tomoyo.c | 72 ------------------------------------------------ 1 file changed, 72 deletions(-) (limited to 'security/tomoyo/tomoyo.c') diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 3f93bb9..8a00ade 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm) return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1); } -#ifdef CONFIG_SYSCTL - -static int tomoyo_prepend(char **buffer, int *buflen, const char *str) -{ - int namelen = strlen(str); - - if (*buflen < namelen) - return -ENOMEM; - *buflen -= namelen; - *buffer -= namelen; - memcpy(*buffer, str, namelen); - return 0; -} - -/** - * tomoyo_sysctl_path - return the realpath of a ctl_table. - * @table: pointer to "struct ctl_table". - * - * Returns realpath(3) of the @table on success. - * Returns NULL on failure. - * - * This function uses tomoyo_alloc(), so the caller must call tomoyo_free() - * if this function didn't return NULL. - */ -static char *tomoyo_sysctl_path(struct ctl_table *table) -{ - int buflen = TOMOYO_MAX_PATHNAME_LEN; - char *buf = tomoyo_alloc(buflen); - char *end = buf + buflen; - int error = -ENOMEM; - - if (!buf) - return NULL; - - *--end = '\0'; - buflen--; - while (table) { - if (tomoyo_prepend(&end, &buflen, table->procname) || - tomoyo_prepend(&end, &buflen, "/")) - goto out; - table = table->parent; - } - if (tomoyo_prepend(&end, &buflen, "/proc/sys")) - goto out; - error = tomoyo_encode(buf, end - buf, end); - out: - if (!error) - return buf; - tomoyo_free(buf); - return NULL; -} - -static int tomoyo_sysctl(struct ctl_table *table, int op) -{ - int error; - char *name; - - op &= MAY_READ | MAY_WRITE; - if (!op) - return 0; - name = tomoyo_sysctl_path(table); - if (!name) - return -ENOMEM; - error = tomoyo_check_file_perm(tomoyo_domain(), name, op); - tomoyo_free(name); - return error; -} -#endif - static int tomoyo_path_truncate(struct path *path, loff_t length, unsigned int time_attrs) { @@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = { .cred_transfer = tomoyo_cred_transfer, .bprm_set_creds = tomoyo_bprm_set_creds, .bprm_check_security = tomoyo_bprm_check_security, -#ifdef CONFIG_SYSCTL - .sysctl = tomoyo_sysctl, -#endif .file_fcntl = tomoyo_file_fcntl, .dentry_open = tomoyo_dentry_open, .path_truncate = tomoyo_path_truncate, -- cgit v1.1