[apparmor] [PATCH 08/10] From 69da7ad9b8007d33bbf4ffe4474f03e81e13eaa6 Mon Sep 17 00:00:00 2001 From: John Johansen <john.johansen at canonical.com> Date: Sat, 3 Nov 2012 08:19:52 -0700 Subject: [PATCH 08/10] remove support for change_hat 1.4
Seth Arnold
seth.arnold at canonical.com
Thu Jul 25 23:05:07 UTC 2013
On Sun, Jul 21, 2013 at 10:32:51PM -0700, John Johansen wrote:
> change_hat 1.4 was an experiement is more directly controlling change_hat
> by adding hat rulles to the profile. It has not been used since the
> original experiment (4 years). So remove it
>
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
> ---
> parser/parser_policy.c | 68 --------------------------------------------------
> 1 file changed, 68 deletions(-)
>
> diff --git a/parser/parser_policy.c b/parser/parser_policy.c
> index f147be7..76a65c8 100644
> --- a/parser/parser_policy.c
> +++ b/parser/parser_policy.c
> @@ -394,28 +394,6 @@ static void __add_hat_rules_parent(const void *nodep, const VISIT value,
> if ((*t)->local)
> return;
>
> - /* add rule to grant permission to change_hat
> - * An opensuse 11.0, AA 2.3 requirement,
> - * rules are added to the parent of the hat
> - */
> - if ((flag_changehat_version == FLAG_CHANGEHAT_1_4) &&
> - (*t)->parent) {
> - char *buffer = (char *) malloc(strlen((*t)->name) + 1);
> - if (!buffer) {
> - PERROR("Memory allocation error\n");
> - exit(1);
> - }
> -
> - strcpy(buffer, (*t)->name);
> -
> - entry = new_entry(NULL, buffer, AA_CHANGE_HAT, NULL);
> - if (!entry) {
> - PERROR("Memory allocation error\n");
> - exit(1);
> - }
> - add_entry_to_policy((*t)->parent, entry);
> - }
> -
> entry = new_entry(NULL, strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL);
> if (!entry) {
> PERROR(_("ERROR adding hat access rule for profile %s\n"),
> @@ -427,56 +405,10 @@ static void __add_hat_rules_parent(const void *nodep, const VISIT value,
> twalk((*t)->hat_table, __add_hat_rules_parent);
> }
>
> -/* Deprecated: used to support changehat rules of AppArmor 2.3
> - * add the same hat rules to the hats as the parent so that hats can
> - * change to sibling hats
> - */
> -static void __add_hat_rules_hats(const void *nodep, const VISIT value,
> - const int __unused depth)
> -{
> - struct codomain **t = (struct codomain **) nodep;
> -
> - if (value == preorder || value == endorder)
> - return;
> -
> - /* don't add hat rules if a parent profile with no hats */
> - if (!(*t)->hat_table && !(*t)->parent)
> - return;
> -
> - /* don't add hat rules for local_profiles */
> - if ((*t)->local)
> - return;
> -
> - /* hat */
> - if ((*t)->parent) {
> - struct cod_entry *entry, *new_ent;
> - list_for_each((*t)->parent->entries, entry) {
> - if (entry->mode & AA_CHANGE_HAT) {
> - char *buffer = strdup(entry->name);
> - if (!buffer) {
> - PERROR("Memory allocation error\n");
> - exit(1);
> - }
> - new_ent = new_entry(NULL, buffer,
> - AA_CHANGE_HAT, NULL);
> - if (!entry) {
> - PERROR("Memory allocation error\n");
> - exit(1);
> - }
> - add_entry_to_policy((*t), new_ent);
> - }
> - }
> - }
> - twalk((*t)->hat_table, __add_hat_rules_hats);
> -}
> -
> static int add_hat_rules(void)
> {
> twalk(policy_list, __add_hat_rules_parent);
>
> - /* support hat rules of AppArmor 2.3 in opensuse 11.0 */
> - if (flag_changehat_version == FLAG_CHANGEHAT_1_4)
> - twalk(policy_list, __add_hat_rules_hats);
> return 0;
> }
>
> --
> 1.8.1.2
>
>
> --
> AppArmor mailing list
> AppArmor at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20130725/ae07fe2b/attachment-0001.pgp>
More information about the AppArmor
mailing list