change_hat 1.4 was an experiement is more directly controlling change_hat by adding hat rulles to the profile. It has not been used since the original experiment (4 years). So remove it
Signed-off-by: John Johansen <[email protected]> --- parser/parser_policy.c | 68 -------------------------------------------------- 1 file changed, 68 deletions(-) diff --git a/parser/parser_policy.c b/parser/parser_policy.c index f147be7..76a65c8 100644 --- a/parser/parser_policy.c +++ b/parser/parser_policy.c @@ -394,28 +394,6 @@ static void __add_hat_rules_parent(const void *nodep, const VISIT value, if ((*t)->local) return; - /* add rule to grant permission to change_hat - * An opensuse 11.0, AA 2.3 requirement, - * rules are added to the parent of the hat - */ - if ((flag_changehat_version == FLAG_CHANGEHAT_1_4) && - (*t)->parent) { - char *buffer = (char *) malloc(strlen((*t)->name) + 1); - if (!buffer) { - PERROR("Memory allocation error\n"); - exit(1); - } - - strcpy(buffer, (*t)->name); - - entry = new_entry(NULL, buffer, AA_CHANGE_HAT, NULL); - if (!entry) { - PERROR("Memory allocation error\n"); - exit(1); - } - add_entry_to_policy((*t)->parent, entry); - } - entry = new_entry(NULL, strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL); if (!entry) { PERROR(_("ERROR adding hat access rule for profile %s\n"), @@ -427,56 +405,10 @@ static void __add_hat_rules_parent(const void *nodep, const VISIT value, twalk((*t)->hat_table, __add_hat_rules_parent); } -/* Deprecated: used to support changehat rules of AppArmor 2.3 - * add the same hat rules to the hats as the parent so that hats can - * change to sibling hats - */ -static void __add_hat_rules_hats(const void *nodep, const VISIT value, - const int __unused depth) -{ - struct codomain **t = (struct codomain **) nodep; - - if (value == preorder || value == endorder) - return; - - /* don't add hat rules if a parent profile with no hats */ - if (!(*t)->hat_table && !(*t)->parent) - return; - - /* don't add hat rules for local_profiles */ - if ((*t)->local) - return; - - /* hat */ - if ((*t)->parent) { - struct cod_entry *entry, *new_ent; - list_for_each((*t)->parent->entries, entry) { - if (entry->mode & AA_CHANGE_HAT) { - char *buffer = strdup(entry->name); - if (!buffer) { - PERROR("Memory allocation error\n"); - exit(1); - } - new_ent = new_entry(NULL, buffer, - AA_CHANGE_HAT, NULL); - if (!entry) { - PERROR("Memory allocation error\n"); - exit(1); - } - add_entry_to_policy((*t), new_ent); - } - } - } - twalk((*t)->hat_table, __add_hat_rules_hats); -} - static int add_hat_rules(void) { twalk(policy_list, __add_hat_rules_parent); - /* support hat rules of AppArmor 2.3 in opensuse 11.0 */ - if (flag_changehat_version == FLAG_CHANGEHAT_1_4) - twalk(policy_list, __add_hat_rules_hats); return 0; } -- 1.8.1.2 -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
