apparmor: Remove deadcode

aa_label_audit, aa_label_find, aa_label_seq_print and aa_update_label_name
were added by commit
f1bd904175 ("apparmor: add the base fns() for domain labels")
but never used.

aa_profile_label_perm was added by commit
637f688dc3 ("apparmor: switch from profiles to using labels on contexts")
but never used.

aa_secid_update was added by commit
c092921219 ("apparmor: add support for mapping secids and using secctxes")
but never used.

aa_split_fqname has been unused since commit
3664268f19 ("apparmor: add namespace lookup fns()")

aa_lookup_profile has been unused since commit
93c98a484c ("apparmor: move exec domain mediation to using labels")

aa_audit_perms_cb was only used by aa_profile_label_perm (see above).

All of these commits are from around 2017.

Remove them.

Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org>
Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
Dr. David Alan Gilbert 2024-09-21 00:55:17 +01:00 committed by John Johansen
parent 648e45d724
commit 75535669c9
9 changed files with 0 additions and 146 deletions

View File

@ -291,8 +291,6 @@ bool aa_label_replace(struct aa_label *old, struct aa_label *new);
bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old, bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old,
struct aa_label *new); struct aa_label *new);
struct aa_label *aa_label_find(struct aa_label *l);
struct aa_profile *aa_label_next_in_merge(struct label_it *I, struct aa_profile *aa_label_next_in_merge(struct label_it *I,
struct aa_label *a, struct aa_label *a,
struct aa_label *b); struct aa_label *b);
@ -320,8 +318,6 @@ void aa_label_seq_xprint(struct seq_file *f, struct aa_ns *ns,
struct aa_label *label, int flags, gfp_t gfp); struct aa_label *label, int flags, gfp_t gfp);
void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags, void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
gfp_t gfp); gfp_t gfp);
void aa_label_audit(struct audit_buffer *ab, struct aa_label *label, gfp_t gfp);
void aa_label_seq_print(struct seq_file *f, struct aa_label *label, gfp_t gfp);
void aa_label_printk(struct aa_label *label, gfp_t gfp); void aa_label_printk(struct aa_label *label, gfp_t gfp);
struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str, struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,

View File

@ -59,7 +59,6 @@ extern int apparmor_initialized;
/* fn's in lib */ /* fn's in lib */
const char *skipn_spaces(const char *str, size_t n); const char *skipn_spaces(const char *str, size_t n);
char *aa_split_fqname(char *args, char **ns_name);
const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name, const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name,
size_t *ns_len); size_t *ns_len);
void aa_info_message(const char *str); void aa_info_message(const char *str);

View File

@ -213,9 +213,6 @@ void aa_perms_accum_raw(struct aa_perms *accum, struct aa_perms *addend);
void aa_profile_match_label(struct aa_profile *profile, void aa_profile_match_label(struct aa_profile *profile,
struct aa_ruleset *rules, struct aa_label *label, struct aa_ruleset *rules, struct aa_label *label,
int type, u32 request, struct aa_perms *perms); int type, u32 request, struct aa_perms *perms);
int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
u32 request, int type, u32 *deny,
struct apparmor_audit_data *ad);
int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms, int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
u32 request, struct apparmor_audit_data *ad, u32 request, struct apparmor_audit_data *ad,
void (*cb)(struct audit_buffer *, void *)); void (*cb)(struct audit_buffer *, void *));

View File

@ -264,7 +264,6 @@ void aa_free_profile(struct aa_profile *profile);
struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name); struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname, struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
size_t n); size_t n);
struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name);
struct aa_profile *aa_fqlookupn_profile(struct aa_label *base, struct aa_profile *aa_fqlookupn_profile(struct aa_label *base,
const char *fqname, size_t n); const char *fqname, size_t n);

View File

@ -34,6 +34,5 @@ void apparmor_release_secctx(char *secdata, u32 seclen);
int aa_alloc_secid(struct aa_label *label, gfp_t gfp); int aa_alloc_secid(struct aa_label *label, gfp_t gfp);
void aa_free_secid(u32 secid); void aa_free_secid(u32 secid);
void aa_secid_update(u32 secid, struct aa_label *label);
#endif /* __AA_SECID_H */ #endif /* __AA_SECID_H */

View File

@ -899,23 +899,6 @@ struct aa_label *aa_vec_find_or_create_label(struct aa_profile **vec, int len,
return vec_create_and_insert_label(vec, len, gfp); return vec_create_and_insert_label(vec, len, gfp);
} }
/**
* aa_label_find - find label @label in label set
* @label: label to find (NOT NULL)
*
* Requires: caller to hold a valid ref on l
*
* Returns: refcounted @label if @label is in tree
* refcounted label that is equiv to @label in tree
* else NULL if @label or equiv is not in tree
*/
struct aa_label *aa_label_find(struct aa_label *label)
{
AA_BUG(!label);
return vec_find(label->vec, label->size);
}
/** /**
* aa_label_insert - insert label @label into @ls or return existing label * aa_label_insert - insert label @label into @ls or return existing label
@ -1811,22 +1794,6 @@ void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
pr_info("%s", label->hname); pr_info("%s", label->hname);
} }
void aa_label_audit(struct audit_buffer *ab, struct aa_label *label, gfp_t gfp)
{
struct aa_ns *ns = aa_get_current_ns();
aa_label_xaudit(ab, ns, label, FLAG_VIEW_SUBNS, gfp);
aa_put_ns(ns);
}
void aa_label_seq_print(struct seq_file *f, struct aa_label *label, gfp_t gfp)
{
struct aa_ns *ns = aa_get_current_ns();
aa_label_seq_xprint(f, ns, label, FLAG_VIEW_SUBNS, gfp);
aa_put_ns(ns);
}
void aa_label_printk(struct aa_label *label, gfp_t gfp) void aa_label_printk(struct aa_label *label, gfp_t gfp)
{ {
struct aa_ns *ns = aa_get_current_ns(); struct aa_ns *ns = aa_get_current_ns();

View File

@ -45,44 +45,6 @@ void aa_free_str_table(struct aa_str_table *t)
} }
} }
/**
* aa_split_fqname - split a fqname into a profile and namespace name
* @fqname: a full qualified name in namespace profile format (NOT NULL)
* @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
*
* Returns: profile name or NULL if one is not specified
*
* Split a namespace name from a profile name (see policy.c for naming
* description). If a portion of the name is missing it returns NULL for
* that portion.
*
* NOTE: may modify the @fqname string. The pointers returned point
* into the @fqname string.
*/
char *aa_split_fqname(char *fqname, char **ns_name)
{
char *name = strim(fqname);
*ns_name = NULL;
if (name[0] == ':') {
char *split = strchr(&name[1], ':');
*ns_name = skip_spaces(&name[1]);
if (split) {
/* overwrite ':' with \0 */
*split++ = 0;
if (strncmp(split, "//", 2) == 0)
split += 2;
name = skip_spaces(split);
} else
/* a ns name without a following profile is allowed */
name = NULL;
}
if (name && *name == 0)
name = NULL;
return name;
}
/** /**
* skipn_spaces - Removes leading whitespace from @str. * skipn_spaces - Removes leading whitespace from @str.
* @str: The string to be stripped. * @str: The string to be stripped.
@ -275,33 +237,6 @@ void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs,
audit_log_format(ab, "\""); audit_log_format(ab, "\"");
} }
/**
* aa_audit_perms_cb - generic callback fn for auditing perms
* @ab: audit buffer (NOT NULL)
* @va: audit struct to audit values of (NOT NULL)
*/
static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
{
struct common_audit_data *sa = va;
struct apparmor_audit_data *ad = aad(sa);
if (ad->request) {
audit_log_format(ab, " requested_mask=");
aa_audit_perm_mask(ab, ad->request, aa_file_perm_chrs,
PERMS_CHRS_MASK, aa_file_perm_names,
PERMS_NAMES_MASK);
}
if (ad->denied) {
audit_log_format(ab, "denied_mask=");
aa_audit_perm_mask(ab, ad->denied, aa_file_perm_chrs,
PERMS_CHRS_MASK, aa_file_perm_names,
PERMS_NAMES_MASK);
}
audit_log_format(ab, " peer=");
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
FLAGS_NONE, GFP_ATOMIC);
}
/** /**
* aa_apply_modes_to_perms - apply namespace and profile flags to perms * aa_apply_modes_to_perms - apply namespace and profile flags to perms
* @profile: that perms where computed from * @profile: that perms where computed from
@ -349,25 +284,6 @@ void aa_profile_match_label(struct aa_profile *profile,
} }
/* currently unused */
int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
u32 request, int type, u32 *deny,
struct apparmor_audit_data *ad)
{
struct aa_ruleset *rules = list_first_entry(&profile->rules,
typeof(*rules), list);
struct aa_perms perms;
ad->peer = &target->label;
ad->request = request;
aa_profile_match_label(profile, rules, &target->label, type, request,
&perms);
aa_apply_modes_to_perms(profile, &perms);
*deny |= request & perms.deny;
return aa_check_perms(profile, &perms, request, ad, aa_audit_perms_cb);
}
/** /**
* aa_check_perms - do audit mode selection based on perms set * aa_check_perms - do audit mode selection based on perms set
* @profile: profile being checked * @profile: profile being checked

View File

@ -579,11 +579,6 @@ struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
return profile; return profile;
} }
struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname)
{
return aa_lookupn_profile(ns, hname, strlen(hname));
}
struct aa_profile *aa_fqlookupn_profile(struct aa_label *base, struct aa_profile *aa_fqlookupn_profile(struct aa_label *base,
const char *fqname, size_t n) const char *fqname, size_t n)
{ {

View File

@ -39,20 +39,6 @@ int apparmor_display_secid_mode;
* TODO: use secid_update in label replace * TODO: use secid_update in label replace
*/ */
/**
* aa_secid_update - update a secid mapping to a new label
* @secid: secid to update
* @label: label the secid will now map to
*/
void aa_secid_update(u32 secid, struct aa_label *label)
{
unsigned long flags;
xa_lock_irqsave(&aa_secids, flags);
__xa_store(&aa_secids, secid, label, 0);
xa_unlock_irqrestore(&aa_secids, flags);
}
/* /*
* see label for inverse aa_label_to_secid * see label for inverse aa_label_to_secid
*/ */