tomoyo: remove "undelete domain" command.

Since TOMOYO's policy management tools does not use the "undelete domain" command, we decided to remove that command. Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: James Morris <jmorris@namei.org>

tomoyo: remove "undelete domain" command.
Since TOMOYO's policy management tools does not use the "undelete domain" command, we decided to remove that command. Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp> Signed-off-by: James Morris <jmorris@namei.org>
Tetsuo Handa · James Morris
1 parent d508afb437
Showing 3 changed files with 5 additions and 100 deletions Side-by-side Diff
security/tomoyo/common.c
security/tomoyo/common.h
security/tomoyo/domain.c
@@ -1252,15 +1252,12 @@
 	struct tomoyo_domain_info *domain = head->write_var1;
 	bool is_delete = false;
 	bool is_select = false;
-	bool is_undelete = false;
 	unsigned int profile;
  
 	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
 		is_delete = true;
 	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
 		is_select = true;
-	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
-		is_undelete = true;
 	if (is_select && tomoyo_is_select_one(head, data))
 		return 0;
 	/* Don't allow updating policies by non manager programs. */
@@ -1274,9 +1271,7 @@
 			down_read(&tomoyo_domain_list_lock);
 			domain = tomoyo_find_domain(data);
 			up_read(&tomoyo_domain_list_lock);
-		} else if (is_undelete)
-			domain = tomoyo_undelete_domain(data);
-		else
+		} else
 			domain = tomoyo_find_or_assign_new_domain(data, 0);
 		head->write_var1 = domain;
 		return 0;
@@ -88,10 +88,7 @@
 	/* Name of this domain. Never NULL.          */
 	const struct tomoyo_path_info *domainname;
 	u8 profile;        /* Profile number to use. */
-	u8 is_deleted;     /* Delete flag.
-			      0 = active.
-			      1 = deleted but undeletable.
-			      255 = deleted and no longer undeletable. */
+	bool is_deleted;   /* Delete flag.           */
 	bool quota_warned; /* Quota warnning flag.   */
 	/* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */
 	u8 flags;
@@ -144,7 +141,6 @@
 #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
 #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
 #define TOMOYO_KEYWORD_SELECT                    "select "
-#define TOMOYO_KEYWORD_UNDELETE                  "undelete "
 #define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
 #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
 /* A domain definition starts with <kernel>. */
@@ -267,8 +263,6 @@
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
 							    domainname,
 							    const u8 profile);
-/* Undelete a domain. */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname);
 /* Check mode for specified functionality. */
 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
 				const u8 index);
@@ -551,10 +551,8 @@
 	return tomoyo_update_alias_entry(data, cp, is_delete);
 }
  
-/* Domain create/delete/undelete handler. */
+/* Domain create/delete handler. */
  
-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
-
 /**
  * tomoyo_delete_domain - Delete a domain.
  *
  
  
@@ -571,41 +569,15 @@
 	tomoyo_fill_path_info(&name);
 	/***** EXCLUSIVE SECTION START *****/
 	down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-	printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
-	list_for_each_entry(domain, &tomoyo_domain_list, list) {
-		if (tomoyo_pathcmp(domain->domainname, &name))
-			continue;
-		printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-	}
-#endif
 	/* Is there an active domain? */
 	list_for_each_entry(domain, &tomoyo_domain_list, list) {
-		struct tomoyo_domain_info *domain2;
 		/* Never delete tomoyo_kernel_domain */
 		if (domain == &tomoyo_kernel_domain)
 			continue;
 		if (domain->is_deleted ||
 		    tomoyo_pathcmp(domain->domainname, &name))
 			continue;
-		/* Mark already deleted domains as non undeletable. */
-		list_for_each_entry(domain2, &tomoyo_domain_list, list) {
-			if (!domain2->is_deleted ||
-			    tomoyo_pathcmp(domain2->domainname, &name))
-				continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-			if (domain2->is_deleted != 255)
-				printk(KERN_DEBUG
-				       "Marked %p as non undeletable\n",
-				       domain2);
-#endif
-			domain2->is_deleted = 255;
-		}
-		/* Delete and mark active domain as undeletable. */
-		domain->is_deleted = 1;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-		printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
-#endif
+		domain->is_deleted = true;
 		break;
 	}
 	up_write(&tomoyo_domain_list_lock);
@@ -614,58 +586,6 @@
 }
  
 /**
- * tomoyo_undelete_domain - Undelete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
- */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname)
-{
-	struct tomoyo_domain_info *domain;
-	struct tomoyo_domain_info *candidate_domain = NULL;
-	struct tomoyo_path_info name;
-
-	name.name = domainname;
-	tomoyo_fill_path_info(&name);
-	/***** EXCLUSIVE SECTION START *****/
-	down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-	printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
-	list_for_each_entry(domain, &tomoyo_domain_list, list) {
-		if (tomoyo_pathcmp(domain->domainname, &name))
-			continue;
-		printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-	}
-#endif
-	list_for_each_entry(domain, &tomoyo_domain_list, list) {
-		if (tomoyo_pathcmp(&name, domain->domainname))
-			continue;
-		if (!domain->is_deleted) {
-			/* This domain is active. I can't undelete. */
-			candidate_domain = NULL;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-			printk(KERN_DEBUG "%p is active. I can't undelete.\n",
-			       domain);
-#endif
-			break;
-		}
-		/* Is this domain undeletable? */
-		if (domain->is_deleted == 1)
-			candidate_domain = domain;
-	}
-	if (candidate_domain) {
-		candidate_domain->is_deleted = 0;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-		printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
-#endif
-	}
-	up_write(&tomoyo_domain_list_lock);
-	/***** EXCLUSIVE SECTION END *****/
-	return candidate_domain;
-}
-
-/**
  * tomoyo_find_or_assign_new_domain - Create a domain.
  *
  * @domainname: The name of domain.
@@ -711,10 +631,6 @@
 		/***** CRITICAL SECTION END *****/
 		if (flag)
 			continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-		printk(KERN_DEBUG "Reusing %p %s\n", domain,
-		       domain->domainname->name);
-#endif
 		list_for_each_entry(ptr, &domain->acl_info_list, list) {
 			ptr->type |= TOMOYO_ACL_DELETED;
 		}
@@ -722,7 +638,7 @@
 		domain->profile = profile;
 		domain->quota_warned = false;
 		mb(); /* Avoid out-of-order execution. */
-		domain->is_deleted = 0;
+		domain->is_deleted = false;
 		goto out;
 	}
 	/* No memory reusable. Create using new memory. */
...	...	@@ -1252,15 +1252,12 @@
1252	1252	struct tomoyo_domain_info *domain = head->write_var1;
1253	1253	bool is_delete = false;
1254	1254	bool is_select = false;
1255		- bool is_undelete = false;
1256	1255	unsigned int profile;
1257	1256
1258	1257	if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
1259	1258	is_delete = true;
1260	1259	else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
1261	1260	is_select = true;
1262		- else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
1263		- is_undelete = true;
1264	1261	if (is_select && tomoyo_is_select_one(head, data))
1265	1262	return 0;
1266	1263	/* Don't allow updating policies by non manager programs. */
...	...	@@ -1274,9 +1271,7 @@
1274	1271	down_read(&tomoyo_domain_list_lock);
1275	1272	domain = tomoyo_find_domain(data);
1276	1273	up_read(&tomoyo_domain_list_lock);
1277		- } else if (is_undelete)
1278		- domain = tomoyo_undelete_domain(data);
1279		- else
	1274	+ } else
1280	1275	domain = tomoyo_find_or_assign_new_domain(data, 0);
1281	1276	head->write_var1 = domain;
1282	1277	return 0;
...	...	@@ -88,10 +88,7 @@
88	88	/* Name of this domain. Never NULL. */
89	89	const struct tomoyo_path_info *domainname;
90	90	u8 profile; /* Profile number to use. */
91		- u8 is_deleted; /* Delete flag.
92		- 0 = active.
93		- 1 = deleted but undeletable.
94		- 255 = deleted and no longer undeletable. */
	91	+ bool is_deleted; /* Delete flag. */
95	92	bool quota_warned; /* Quota warnning flag. */
96	93	/* DOMAIN_FLAGS_. Use tomoyo_set_domain_flag() to modify. /
97	94	u8 flags;
...	...	@@ -144,7 +141,6 @@
144	141	#define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN "no_initialize_domain "
145	142	#define TOMOYO_KEYWORD_NO_KEEP_DOMAIN "no_keep_domain "
146	143	#define TOMOYO_KEYWORD_SELECT "select "
147		-#define TOMOYO_KEYWORD_UNDELETE "undelete "
148	144	#define TOMOYO_KEYWORD_USE_PROFILE "use_profile "
149	145	#define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ "ignore_global_allow_read"
150	146	/* A domain definition starts with <kernel>. */
...	...	@@ -267,8 +263,6 @@
267	263	struct tomoyo_domain_info tomoyo_find_or_assign_new_domain(const char
268	264	domainname,
269	265	const u8 profile);
270		-/* Undelete a domain. */
271		-struct tomoyo_domain_info tomoyo_undelete_domain(const char domainname);
272	266	/* Check mode for specified functionality. */
273	267	unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
274	268	const u8 index);
...	...	@@ -551,10 +551,8 @@
551	551	return tomoyo_update_alias_entry(data, cp, is_delete);
552	552	}
553	553
554		-/* Domain create/delete/undelete handler. */
	554	+/* Domain create/delete handler. */
555	555
556		-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
557		-
558	556	/**
559	557	* tomoyo_delete_domain - Delete a domain.
560	558	*
561	559
562	560
...	...	@@ -571,41 +569,15 @@
571	569	tomoyo_fill_path_info(&name);
572	570	/*** EXCLUSIVE SECTION START ***/
573	571	down_write(&tomoyo_domain_list_lock);
574		-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
575		- printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
576		- list_for_each_entry(domain, &tomoyo_domain_list, list) {
577		- if (tomoyo_pathcmp(domain->domainname, &name))
578		- continue;
579		- printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
580		- }
581		-#endif
582	572	/* Is there an active domain? */
583	573	list_for_each_entry(domain, &tomoyo_domain_list, list) {
584		- struct tomoyo_domain_info *domain2;
585	574	/* Never delete tomoyo_kernel_domain */
586	575	if (domain == &tomoyo_kernel_domain)
587	576	continue;
588	577	if (domain->is_deleted \|\|
589	578	tomoyo_pathcmp(domain->domainname, &name))
590	579	continue;
591		- /* Mark already deleted domains as non undeletable. */
592		- list_for_each_entry(domain2, &tomoyo_domain_list, list) {
593		- if (!domain2->is_deleted \|\|
594		- tomoyo_pathcmp(domain2->domainname, &name))
595		- continue;
596		-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
597		- if (domain2->is_deleted != 255)
598		- printk(KERN_DEBUG
599		- "Marked %p as non undeletable\n",
600		- domain2);
601		-#endif
602		- domain2->is_deleted = 255;
603		- }
604		- /* Delete and mark active domain as undeletable. */
605		- domain->is_deleted = 1;
606		-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
607		- printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
608		-#endif
	580	+ domain->is_deleted = true;
609	581	break;
610	582	}
611	583	up_write(&tomoyo_domain_list_lock);
...	...	@@ -614,58 +586,6 @@
614	586	}
615	587
616	588	/**
617		- * tomoyo_undelete_domain - Undelete a domain.
618		- *
619		- * @domainname: The name of domain.
620		- *
621		- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
622		- */
623		-struct tomoyo_domain_info tomoyo_undelete_domain(const char domainname)
624		-{
625		- struct tomoyo_domain_info *domain;
626		- struct tomoyo_domain_info *candidate_domain = NULL;
627		- struct tomoyo_path_info name;
628		-
629		- name.name = domainname;
630		- tomoyo_fill_path_info(&name);
631		- /*** EXCLUSIVE SECTION START ***/
632		- down_write(&tomoyo_domain_list_lock);
633		-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
634		- printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
635		- list_for_each_entry(domain, &tomoyo_domain_list, list) {
636		- if (tomoyo_pathcmp(domain->domainname, &name))
637		- continue;
638		- printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
639		- }
640		-#endif
641		- list_for_each_entry(domain, &tomoyo_domain_list, list) {
642		- if (tomoyo_pathcmp(&name, domain->domainname))
643		- continue;
644		- if (!domain->is_deleted) {
645		- /* This domain is active. I can't undelete. */
646		- candidate_domain = NULL;
647		-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
648		- printk(KERN_DEBUG "%p is active. I can't undelete.\n",
649		- domain);
650		-#endif
651		- break;
652		- }
653		- /* Is this domain undeletable? */
654		- if (domain->is_deleted == 1)
655		- candidate_domain = domain;
656		- }
657		- if (candidate_domain) {
658		- candidate_domain->is_deleted = 0;
659		-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
660		- printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
661		-#endif
662		- }
663		- up_write(&tomoyo_domain_list_lock);
664		- /*** EXCLUSIVE SECTION END ***/
665		- return candidate_domain;
666		-}
667		-
668		-/**
669	589	* tomoyo_find_or_assign_new_domain - Create a domain.
670	590	*
671	591	* @domainname: The name of domain.
...	...	@@ -711,10 +631,6 @@
711	631	/*** CRITICAL SECTION END ***/
712	632	if (flag)
713	633	continue;
714		-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
715		- printk(KERN_DEBUG "Reusing %p %s\n", domain,
716		- domain->domainname->name);
717		-#endif
718	634	list_for_each_entry(ptr, &domain->acl_info_list, list) {
719	635	ptr->type \|= TOMOYO_ACL_DELETED;
720	636	}
...	...	@@ -722,7 +638,7 @@
722	638	domain->profile = profile;
723	639	domain->quota_warned = false;
724	640	mb(); /* Avoid out-of-order execution. */
725		- domain->is_deleted = 0;
	641	+ domain->is_deleted = false;
726	642	goto out;
727	643	}
728	644	/* No memory reusable. Create using new memory. */