summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/tomoyo/file.c21
-rw-r--r--security/tomoyo/tomoyo.c72
-rw-r--r--security/tomoyo/tomoyo.h2
3 files changed, 0 insertions, 95 deletions
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 5ae3a571559..8346938809b 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -1096,27 +1096,6 @@ static int tomoyo_check_single_path_permission2(struct tomoyo_domain_info *
}
/**
- * tomoyo_check_file_perm - Check permission for sysctl()'s "read" and "write".
- *
- * @domain: Pointer to "struct tomoyo_domain_info".
- * @filename: Filename to check.
- * @perm: Mode ("read" or "write" or "read/write").
- * Returns 0 on success, negative value otherwise.
- */
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
- const char *filename, const u8 perm)
-{
- struct tomoyo_path_info name;
- const u8 mode = tomoyo_check_flags(domain, TOMOYO_MAC_FOR_FILE);
-
- if (!mode)
- return 0;
- name.name = filename;
- tomoyo_fill_path_info(&name);
- return tomoyo_check_file_perm2(domain, &name, perm, "sysctl", mode);
-}
-
-/**
* tomoyo_check_exec_perm - Check permission for "execute".
*
* @domain: Pointer to "struct tomoyo_domain_info".
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 3f93bb91768..8a00ade8516 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -85,75 +85,6 @@ static int tomoyo_bprm_check_security(struct linux_binprm *bprm)
return tomoyo_check_open_permission(domain, &bprm->file->f_path, 1);
}
-#ifdef CONFIG_SYSCTL
-
-static int tomoyo_prepend(char **buffer, int *buflen, const char *str)
-{
- int namelen = strlen(str);
-
- if (*buflen < namelen)
- return -ENOMEM;
- *buflen -= namelen;
- *buffer -= namelen;
- memcpy(*buffer, str, namelen);
- return 0;
-}
-
-/**
- * tomoyo_sysctl_path - return the realpath of a ctl_table.
- * @table: pointer to "struct ctl_table".
- *
- * Returns realpath(3) of the @table on success.
- * Returns NULL on failure.
- *
- * This function uses tomoyo_alloc(), so the caller must call tomoyo_free()
- * if this function didn't return NULL.
- */
-static char *tomoyo_sysctl_path(struct ctl_table *table)
-{
- int buflen = TOMOYO_MAX_PATHNAME_LEN;
- char *buf = tomoyo_alloc(buflen);
- char *end = buf + buflen;
- int error = -ENOMEM;
-
- if (!buf)
- return NULL;
-
- *--end = '\0';
- buflen--;
- while (table) {
- if (tomoyo_prepend(&end, &buflen, table->procname) ||
- tomoyo_prepend(&end, &buflen, "/"))
- goto out;
- table = table->parent;
- }
- if (tomoyo_prepend(&end, &buflen, "/proc/sys"))
- goto out;
- error = tomoyo_encode(buf, end - buf, end);
- out:
- if (!error)
- return buf;
- tomoyo_free(buf);
- return NULL;
-}
-
-static int tomoyo_sysctl(struct ctl_table *table, int op)
-{
- int error;
- char *name;
-
- op &= MAY_READ | MAY_WRITE;
- if (!op)
- return 0;
- name = tomoyo_sysctl_path(table);
- if (!name)
- return -ENOMEM;
- error = tomoyo_check_file_perm(tomoyo_domain(), name, op);
- tomoyo_free(name);
- return error;
-}
-#endif
-
static int tomoyo_path_truncate(struct path *path, loff_t length,
unsigned int time_attrs)
{
@@ -274,9 +205,6 @@ static struct security_operations tomoyo_security_ops = {
.cred_transfer = tomoyo_cred_transfer,
.bprm_set_creds = tomoyo_bprm_set_creds,
.bprm_check_security = tomoyo_bprm_check_security,
-#ifdef CONFIG_SYSCTL
- .sysctl = tomoyo_sysctl,
-#endif
.file_fcntl = tomoyo_file_fcntl,
.dentry_open = tomoyo_dentry_open,
.path_truncate = tomoyo_path_truncate,
diff --git a/security/tomoyo/tomoyo.h b/security/tomoyo/tomoyo.h
index cd6ba0bf706..ed758325b1a 100644
--- a/security/tomoyo/tomoyo.h
+++ b/security/tomoyo/tomoyo.h
@@ -18,8 +18,6 @@ struct inode;
struct linux_binprm;
struct pt_regs;
-int tomoyo_check_file_perm(struct tomoyo_domain_info *domain,
- const char *filename, const u8 perm);
int tomoyo_check_exec_perm(struct tomoyo_domain_info *domain,
const struct tomoyo_path_info *filename);
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,