mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 09:16:33 +00:00
apparmor: Remove deadcode
aa_label_audit, aa_label_find, aa_label_seq_print and aa_update_label_name were added by commitf1bd904175
("apparmor: add the base fns() for domain labels") but never used. aa_profile_label_perm was added by commit637f688dc3
("apparmor: switch from profiles to using labels on contexts") but never used. aa_secid_update was added by commitc092921219
("apparmor: add support for mapping secids and using secctxes") but never used. aa_split_fqname has been unused since commit3664268f19
("apparmor: add namespace lookup fns()") aa_lookup_profile has been unused since commit93c98a484c
("apparmor: move exec domain mediation to using labels") aa_audit_perms_cb was only used by aa_profile_label_perm (see above). All of these commits are from around 2017. Remove them. Signed-off-by: Dr. David Alan Gilbert <linux@treblig.org> Signed-off-by: John Johansen <john.johansen@canonical.com>
This commit is contained in:
parent
648e45d724
commit
75535669c9
@ -291,8 +291,6 @@ bool aa_label_replace(struct aa_label *old, struct aa_label *new);
|
|||||||
bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old,
|
bool aa_label_make_newest(struct aa_labelset *ls, struct aa_label *old,
|
||||||
struct aa_label *new);
|
struct aa_label *new);
|
||||||
|
|
||||||
struct aa_label *aa_label_find(struct aa_label *l);
|
|
||||||
|
|
||||||
struct aa_profile *aa_label_next_in_merge(struct label_it *I,
|
struct aa_profile *aa_label_next_in_merge(struct label_it *I,
|
||||||
struct aa_label *a,
|
struct aa_label *a,
|
||||||
struct aa_label *b);
|
struct aa_label *b);
|
||||||
@ -320,8 +318,6 @@ void aa_label_seq_xprint(struct seq_file *f, struct aa_ns *ns,
|
|||||||
struct aa_label *label, int flags, gfp_t gfp);
|
struct aa_label *label, int flags, gfp_t gfp);
|
||||||
void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
|
void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
|
||||||
gfp_t gfp);
|
gfp_t gfp);
|
||||||
void aa_label_audit(struct audit_buffer *ab, struct aa_label *label, gfp_t gfp);
|
|
||||||
void aa_label_seq_print(struct seq_file *f, struct aa_label *label, gfp_t gfp);
|
|
||||||
void aa_label_printk(struct aa_label *label, gfp_t gfp);
|
void aa_label_printk(struct aa_label *label, gfp_t gfp);
|
||||||
|
|
||||||
struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
|
struct aa_label *aa_label_strn_parse(struct aa_label *base, const char *str,
|
||||||
|
@ -59,7 +59,6 @@ extern int apparmor_initialized;
|
|||||||
|
|
||||||
/* fn's in lib */
|
/* fn's in lib */
|
||||||
const char *skipn_spaces(const char *str, size_t n);
|
const char *skipn_spaces(const char *str, size_t n);
|
||||||
char *aa_split_fqname(char *args, char **ns_name);
|
|
||||||
const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name,
|
const char *aa_splitn_fqname(const char *fqname, size_t n, const char **ns_name,
|
||||||
size_t *ns_len);
|
size_t *ns_len);
|
||||||
void aa_info_message(const char *str);
|
void aa_info_message(const char *str);
|
||||||
|
@ -213,9 +213,6 @@ void aa_perms_accum_raw(struct aa_perms *accum, struct aa_perms *addend);
|
|||||||
void aa_profile_match_label(struct aa_profile *profile,
|
void aa_profile_match_label(struct aa_profile *profile,
|
||||||
struct aa_ruleset *rules, struct aa_label *label,
|
struct aa_ruleset *rules, struct aa_label *label,
|
||||||
int type, u32 request, struct aa_perms *perms);
|
int type, u32 request, struct aa_perms *perms);
|
||||||
int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
|
|
||||||
u32 request, int type, u32 *deny,
|
|
||||||
struct apparmor_audit_data *ad);
|
|
||||||
int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
|
int aa_check_perms(struct aa_profile *profile, struct aa_perms *perms,
|
||||||
u32 request, struct apparmor_audit_data *ad,
|
u32 request, struct apparmor_audit_data *ad,
|
||||||
void (*cb)(struct audit_buffer *, void *));
|
void (*cb)(struct audit_buffer *, void *));
|
||||||
|
@ -264,7 +264,6 @@ void aa_free_profile(struct aa_profile *profile);
|
|||||||
struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
|
struct aa_profile *aa_find_child(struct aa_profile *parent, const char *name);
|
||||||
struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
|
struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
|
||||||
size_t n);
|
size_t n);
|
||||||
struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *name);
|
|
||||||
struct aa_profile *aa_fqlookupn_profile(struct aa_label *base,
|
struct aa_profile *aa_fqlookupn_profile(struct aa_label *base,
|
||||||
const char *fqname, size_t n);
|
const char *fqname, size_t n);
|
||||||
|
|
||||||
|
@ -34,6 +34,5 @@ void apparmor_release_secctx(char *secdata, u32 seclen);
|
|||||||
|
|
||||||
int aa_alloc_secid(struct aa_label *label, gfp_t gfp);
|
int aa_alloc_secid(struct aa_label *label, gfp_t gfp);
|
||||||
void aa_free_secid(u32 secid);
|
void aa_free_secid(u32 secid);
|
||||||
void aa_secid_update(u32 secid, struct aa_label *label);
|
|
||||||
|
|
||||||
#endif /* __AA_SECID_H */
|
#endif /* __AA_SECID_H */
|
||||||
|
@ -899,23 +899,6 @@ struct aa_label *aa_vec_find_or_create_label(struct aa_profile **vec, int len,
|
|||||||
return vec_create_and_insert_label(vec, len, gfp);
|
return vec_create_and_insert_label(vec, len, gfp);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* aa_label_find - find label @label in label set
|
|
||||||
* @label: label to find (NOT NULL)
|
|
||||||
*
|
|
||||||
* Requires: caller to hold a valid ref on l
|
|
||||||
*
|
|
||||||
* Returns: refcounted @label if @label is in tree
|
|
||||||
* refcounted label that is equiv to @label in tree
|
|
||||||
* else NULL if @label or equiv is not in tree
|
|
||||||
*/
|
|
||||||
struct aa_label *aa_label_find(struct aa_label *label)
|
|
||||||
{
|
|
||||||
AA_BUG(!label);
|
|
||||||
|
|
||||||
return vec_find(label->vec, label->size);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* aa_label_insert - insert label @label into @ls or return existing label
|
* aa_label_insert - insert label @label into @ls or return existing label
|
||||||
@ -1811,22 +1794,6 @@ void aa_label_xprintk(struct aa_ns *ns, struct aa_label *label, int flags,
|
|||||||
pr_info("%s", label->hname);
|
pr_info("%s", label->hname);
|
||||||
}
|
}
|
||||||
|
|
||||||
void aa_label_audit(struct audit_buffer *ab, struct aa_label *label, gfp_t gfp)
|
|
||||||
{
|
|
||||||
struct aa_ns *ns = aa_get_current_ns();
|
|
||||||
|
|
||||||
aa_label_xaudit(ab, ns, label, FLAG_VIEW_SUBNS, gfp);
|
|
||||||
aa_put_ns(ns);
|
|
||||||
}
|
|
||||||
|
|
||||||
void aa_label_seq_print(struct seq_file *f, struct aa_label *label, gfp_t gfp)
|
|
||||||
{
|
|
||||||
struct aa_ns *ns = aa_get_current_ns();
|
|
||||||
|
|
||||||
aa_label_seq_xprint(f, ns, label, FLAG_VIEW_SUBNS, gfp);
|
|
||||||
aa_put_ns(ns);
|
|
||||||
}
|
|
||||||
|
|
||||||
void aa_label_printk(struct aa_label *label, gfp_t gfp)
|
void aa_label_printk(struct aa_label *label, gfp_t gfp)
|
||||||
{
|
{
|
||||||
struct aa_ns *ns = aa_get_current_ns();
|
struct aa_ns *ns = aa_get_current_ns();
|
||||||
|
@ -45,44 +45,6 @@ void aa_free_str_table(struct aa_str_table *t)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* aa_split_fqname - split a fqname into a profile and namespace name
|
|
||||||
* @fqname: a full qualified name in namespace profile format (NOT NULL)
|
|
||||||
* @ns_name: pointer to portion of the string containing the ns name (NOT NULL)
|
|
||||||
*
|
|
||||||
* Returns: profile name or NULL if one is not specified
|
|
||||||
*
|
|
||||||
* Split a namespace name from a profile name (see policy.c for naming
|
|
||||||
* description). If a portion of the name is missing it returns NULL for
|
|
||||||
* that portion.
|
|
||||||
*
|
|
||||||
* NOTE: may modify the @fqname string. The pointers returned point
|
|
||||||
* into the @fqname string.
|
|
||||||
*/
|
|
||||||
char *aa_split_fqname(char *fqname, char **ns_name)
|
|
||||||
{
|
|
||||||
char *name = strim(fqname);
|
|
||||||
|
|
||||||
*ns_name = NULL;
|
|
||||||
if (name[0] == ':') {
|
|
||||||
char *split = strchr(&name[1], ':');
|
|
||||||
*ns_name = skip_spaces(&name[1]);
|
|
||||||
if (split) {
|
|
||||||
/* overwrite ':' with \0 */
|
|
||||||
*split++ = 0;
|
|
||||||
if (strncmp(split, "//", 2) == 0)
|
|
||||||
split += 2;
|
|
||||||
name = skip_spaces(split);
|
|
||||||
} else
|
|
||||||
/* a ns name without a following profile is allowed */
|
|
||||||
name = NULL;
|
|
||||||
}
|
|
||||||
if (name && *name == 0)
|
|
||||||
name = NULL;
|
|
||||||
|
|
||||||
return name;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* skipn_spaces - Removes leading whitespace from @str.
|
* skipn_spaces - Removes leading whitespace from @str.
|
||||||
* @str: The string to be stripped.
|
* @str: The string to be stripped.
|
||||||
@ -275,33 +237,6 @@ void aa_audit_perm_mask(struct audit_buffer *ab, u32 mask, const char *chrs,
|
|||||||
audit_log_format(ab, "\"");
|
audit_log_format(ab, "\"");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* aa_audit_perms_cb - generic callback fn for auditing perms
|
|
||||||
* @ab: audit buffer (NOT NULL)
|
|
||||||
* @va: audit struct to audit values of (NOT NULL)
|
|
||||||
*/
|
|
||||||
static void aa_audit_perms_cb(struct audit_buffer *ab, void *va)
|
|
||||||
{
|
|
||||||
struct common_audit_data *sa = va;
|
|
||||||
struct apparmor_audit_data *ad = aad(sa);
|
|
||||||
|
|
||||||
if (ad->request) {
|
|
||||||
audit_log_format(ab, " requested_mask=");
|
|
||||||
aa_audit_perm_mask(ab, ad->request, aa_file_perm_chrs,
|
|
||||||
PERMS_CHRS_MASK, aa_file_perm_names,
|
|
||||||
PERMS_NAMES_MASK);
|
|
||||||
}
|
|
||||||
if (ad->denied) {
|
|
||||||
audit_log_format(ab, "denied_mask=");
|
|
||||||
aa_audit_perm_mask(ab, ad->denied, aa_file_perm_chrs,
|
|
||||||
PERMS_CHRS_MASK, aa_file_perm_names,
|
|
||||||
PERMS_NAMES_MASK);
|
|
||||||
}
|
|
||||||
audit_log_format(ab, " peer=");
|
|
||||||
aa_label_xaudit(ab, labels_ns(ad->subj_label), ad->peer,
|
|
||||||
FLAGS_NONE, GFP_ATOMIC);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* aa_apply_modes_to_perms - apply namespace and profile flags to perms
|
* aa_apply_modes_to_perms - apply namespace and profile flags to perms
|
||||||
* @profile: that perms where computed from
|
* @profile: that perms where computed from
|
||||||
@ -349,25 +284,6 @@ void aa_profile_match_label(struct aa_profile *profile,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* currently unused */
|
|
||||||
int aa_profile_label_perm(struct aa_profile *profile, struct aa_profile *target,
|
|
||||||
u32 request, int type, u32 *deny,
|
|
||||||
struct apparmor_audit_data *ad)
|
|
||||||
{
|
|
||||||
struct aa_ruleset *rules = list_first_entry(&profile->rules,
|
|
||||||
typeof(*rules), list);
|
|
||||||
struct aa_perms perms;
|
|
||||||
|
|
||||||
ad->peer = &target->label;
|
|
||||||
ad->request = request;
|
|
||||||
|
|
||||||
aa_profile_match_label(profile, rules, &target->label, type, request,
|
|
||||||
&perms);
|
|
||||||
aa_apply_modes_to_perms(profile, &perms);
|
|
||||||
*deny |= request & perms.deny;
|
|
||||||
return aa_check_perms(profile, &perms, request, ad, aa_audit_perms_cb);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* aa_check_perms - do audit mode selection based on perms set
|
* aa_check_perms - do audit mode selection based on perms set
|
||||||
* @profile: profile being checked
|
* @profile: profile being checked
|
||||||
|
@ -579,11 +579,6 @@ struct aa_profile *aa_lookupn_profile(struct aa_ns *ns, const char *hname,
|
|||||||
return profile;
|
return profile;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct aa_profile *aa_lookup_profile(struct aa_ns *ns, const char *hname)
|
|
||||||
{
|
|
||||||
return aa_lookupn_profile(ns, hname, strlen(hname));
|
|
||||||
}
|
|
||||||
|
|
||||||
struct aa_profile *aa_fqlookupn_profile(struct aa_label *base,
|
struct aa_profile *aa_fqlookupn_profile(struct aa_label *base,
|
||||||
const char *fqname, size_t n)
|
const char *fqname, size_t n)
|
||||||
{
|
{
|
||||||
|
@ -39,20 +39,6 @@ int apparmor_display_secid_mode;
|
|||||||
* TODO: use secid_update in label replace
|
* TODO: use secid_update in label replace
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
|
||||||
* aa_secid_update - update a secid mapping to a new label
|
|
||||||
* @secid: secid to update
|
|
||||||
* @label: label the secid will now map to
|
|
||||||
*/
|
|
||||||
void aa_secid_update(u32 secid, struct aa_label *label)
|
|
||||||
{
|
|
||||||
unsigned long flags;
|
|
||||||
|
|
||||||
xa_lock_irqsave(&aa_secids, flags);
|
|
||||||
__xa_store(&aa_secids, secid, label, 0);
|
|
||||||
xa_unlock_irqrestore(&aa_secids, flags);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* see label for inverse aa_label_to_secid
|
* see label for inverse aa_label_to_secid
|
||||||
*/
|
*/
|
||||||
|
Loading…
Reference in New Issue
Block a user