tomoyo: remove "undelete domain" command.
Tetsuo Handa [Mon, 6 Apr 2009 11:49:14 +0000 (20:49 +0900)]
Since TOMOYO's policy management tools does not use the "undelete domain"
command, we decided to remove that command.

Signed-off-by: Kentaro Takeda <takedakn@nttdata.co.jp>
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: Toshiharu Harada <haradats@nttdata.co.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/common.c
security/tomoyo/common.h
security/tomoyo/domain.c

index 92cea65..a0affd9 100644 (file)
@@ -1252,15 +1252,12 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
        struct tomoyo_domain_info *domain = head->write_var1;
        bool is_delete = false;
        bool is_select = false;
-       bool is_undelete = false;
        unsigned int profile;
 
        if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_DELETE))
                is_delete = true;
        else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_SELECT))
                is_select = true;
-       else if (tomoyo_str_starts(&data, TOMOYO_KEYWORD_UNDELETE))
-               is_undelete = true;
        if (is_select && tomoyo_is_select_one(head, data))
                return 0;
        /* Don't allow updating policies by non manager programs. */
@@ -1274,9 +1271,7 @@ static int tomoyo_write_domain_policy(struct tomoyo_io_buffer *head)
                        down_read(&tomoyo_domain_list_lock);
                        domain = tomoyo_find_domain(data);
                        up_read(&tomoyo_domain_list_lock);
-               } else if (is_undelete)
-                       domain = tomoyo_undelete_domain(data);
-               else
+               } else
                        domain = tomoyo_find_or_assign_new_domain(data, 0);
                head->write_var1 = domain;
                return 0;
index 26a76d6..e77e6a6 100644 (file)
@@ -88,10 +88,7 @@ struct tomoyo_domain_info {
        /* Name of this domain. Never NULL.          */
        const struct tomoyo_path_info *domainname;
        u8 profile;        /* Profile number to use. */
-       u8 is_deleted;     /* Delete flag.
-                             0 = active.
-                             1 = deleted but undeletable.
-                             255 = deleted and no longer undeletable. */
+       bool is_deleted;   /* Delete flag.           */
        bool quota_warned; /* Quota warnning flag.   */
        /* DOMAIN_FLAGS_*. Use tomoyo_set_domain_flag() to modify. */
        u8 flags;
@@ -144,7 +141,6 @@ struct tomoyo_double_path_acl_record {
 #define TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN      "no_initialize_domain "
 #define TOMOYO_KEYWORD_NO_KEEP_DOMAIN            "no_keep_domain "
 #define TOMOYO_KEYWORD_SELECT                    "select "
-#define TOMOYO_KEYWORD_UNDELETE                  "undelete "
 #define TOMOYO_KEYWORD_USE_PROFILE               "use_profile "
 #define TOMOYO_KEYWORD_IGNORE_GLOBAL_ALLOW_READ  "ignore_global_allow_read"
 /* A domain definition starts with <kernel>. */
@@ -267,8 +263,6 @@ struct tomoyo_domain_info *tomoyo_find_domain(const char *domainname);
 struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                                                            domainname,
                                                            const u8 profile);
-/* Undelete a domain. */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname);
 /* Check mode for specified functionality. */
 unsigned int tomoyo_check_flags(const struct tomoyo_domain_info *domain,
                                const u8 index);
index 093a756..2f2b449 100644 (file)
@@ -551,9 +551,7 @@ int tomoyo_write_alias_policy(char *data, const bool is_delete)
        return tomoyo_update_alias_entry(data, cp, is_delete);
 }
 
-/* Domain create/delete/undelete handler. */
-
-/* #define TOMOYO_DEBUG_DOMAIN_UNDELETE */
+/* Domain create/delete handler. */
 
 /**
  * tomoyo_delete_domain - Delete a domain.
@@ -571,41 +569,15 @@ int tomoyo_delete_domain(char *domainname)
        tomoyo_fill_path_info(&name);
        /***** EXCLUSIVE SECTION START *****/
        down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-       printk(KERN_DEBUG "tomoyo_delete_domain %s\n", domainname);
-       list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               if (tomoyo_pathcmp(domain->domainname, &name))
-                       continue;
-               printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-       }
-#endif
        /* Is there an active domain? */
        list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               struct tomoyo_domain_info *domain2;
                /* Never delete tomoyo_kernel_domain */
                if (domain == &tomoyo_kernel_domain)
                        continue;
                if (domain->is_deleted ||
                    tomoyo_pathcmp(domain->domainname, &name))
                        continue;
-               /* Mark already deleted domains as non undeletable. */
-               list_for_each_entry(domain2, &tomoyo_domain_list, list) {
-                       if (!domain2->is_deleted ||
-                           tomoyo_pathcmp(domain2->domainname, &name))
-                               continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                       if (domain2->is_deleted != 255)
-                               printk(KERN_DEBUG
-                                      "Marked %p as non undeletable\n",
-                                      domain2);
-#endif
-                       domain2->is_deleted = 255;
-               }
-               /* Delete and mark active domain as undeletable. */
-               domain->is_deleted = 1;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-               printk(KERN_DEBUG "Marked %p as undeletable\n", domain);
-#endif
+               domain->is_deleted = true;
                break;
        }
        up_write(&tomoyo_domain_list_lock);
@@ -614,58 +586,6 @@ int tomoyo_delete_domain(char *domainname)
 }
 
 /**
- * tomoyo_undelete_domain - Undelete a domain.
- *
- * @domainname: The name of domain.
- *
- * Returns pointer to "struct tomoyo_domain_info" on success, NULL otherwise.
- */
-struct tomoyo_domain_info *tomoyo_undelete_domain(const char *domainname)
-{
-       struct tomoyo_domain_info *domain;
-       struct tomoyo_domain_info *candidate_domain = NULL;
-       struct tomoyo_path_info name;
-
-       name.name = domainname;
-       tomoyo_fill_path_info(&name);
-       /***** EXCLUSIVE SECTION START *****/
-       down_write(&tomoyo_domain_list_lock);
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-       printk(KERN_DEBUG "tomoyo_undelete_domain %s\n", domainname);
-       list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               if (tomoyo_pathcmp(domain->domainname, &name))
-                       continue;
-               printk(KERN_DEBUG "List: %p %u\n", domain, domain->is_deleted);
-       }
-#endif
-       list_for_each_entry(domain, &tomoyo_domain_list, list) {
-               if (tomoyo_pathcmp(&name, domain->domainname))
-                       continue;
-               if (!domain->is_deleted) {
-                       /* This domain is active. I can't undelete. */
-                       candidate_domain = NULL;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-                       printk(KERN_DEBUG "%p is active. I can't undelete.\n",
-                              domain);
-#endif
-                       break;
-               }
-               /* Is this domain undeletable? */
-               if (domain->is_deleted == 1)
-                       candidate_domain = domain;
-       }
-       if (candidate_domain) {
-               candidate_domain->is_deleted = 0;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-               printk(KERN_DEBUG "%p was undeleted.\n", candidate_domain);
-#endif
-       }
-       up_write(&tomoyo_domain_list_lock);
-       /***** EXCLUSIVE SECTION END *****/
-       return candidate_domain;
-}
-
-/**
  * tomoyo_find_or_assign_new_domain - Create a domain.
  *
  * @domainname: The name of domain.
@@ -711,10 +631,6 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                /***** CRITICAL SECTION END *****/
                if (flag)
                        continue;
-#ifdef TOMOYO_DEBUG_DOMAIN_UNDELETE
-               printk(KERN_DEBUG "Reusing %p %s\n", domain,
-                      domain->domainname->name);
-#endif
                list_for_each_entry(ptr, &domain->acl_info_list, list) {
                        ptr->type |= TOMOYO_ACL_DELETED;
                }
@@ -722,7 +638,7 @@ struct tomoyo_domain_info *tomoyo_find_or_assign_new_domain(const char *
                domain->profile = profile;
                domain->quota_warned = false;
                mb(); /* Avoid out-of-order execution. */
-               domain->is_deleted = 0;
+               domain->is_deleted = false;
                goto out;
        }
        /* No memory reusable. Create using new memory. */