On Sun, Jul 21, 2013 at 10:32:51PM -0700, John Johansen wrote: > change_hat 1.4 was an experiement is more directly controlling change_hat > by adding hat rulles to the profile. It has not been used since the > original experiment (4 years). So remove it > > > Signed-off-by: John Johansen <[email protected]>
Acked-by: Seth Arnold <[email protected]> > --- > parser/parser_policy.c | 68 > -------------------------------------------------- > 1 file changed, 68 deletions(-) > > diff --git a/parser/parser_policy.c b/parser/parser_policy.c > index f147be7..76a65c8 100644 > --- a/parser/parser_policy.c > +++ b/parser/parser_policy.c > @@ -394,28 +394,6 @@ static void __add_hat_rules_parent(const void *nodep, > const VISIT value, > if ((*t)->local) > return; > > - /* add rule to grant permission to change_hat > - * An opensuse 11.0, AA 2.3 requirement, > - * rules are added to the parent of the hat > - */ > - if ((flag_changehat_version == FLAG_CHANGEHAT_1_4) && > - (*t)->parent) { > - char *buffer = (char *) malloc(strlen((*t)->name) + 1); > - if (!buffer) { > - PERROR("Memory allocation error\n"); > - exit(1); > - } > - > - strcpy(buffer, (*t)->name); > - > - entry = new_entry(NULL, buffer, AA_CHANGE_HAT, NULL); > - if (!entry) { > - PERROR("Memory allocation error\n"); > - exit(1); > - } > - add_entry_to_policy((*t)->parent, entry); > - } > - > entry = new_entry(NULL, strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL); > if (!entry) { > PERROR(_("ERROR adding hat access rule for profile %s\n"), > @@ -427,56 +405,10 @@ static void __add_hat_rules_parent(const void *nodep, > const VISIT value, > twalk((*t)->hat_table, __add_hat_rules_parent); > } > > -/* Deprecated: used to support changehat rules of AppArmor 2.3 > - * add the same hat rules to the hats as the parent so that hats can > - * change to sibling hats > - */ > -static void __add_hat_rules_hats(const void *nodep, const VISIT value, > - const int __unused depth) > -{ > - struct codomain **t = (struct codomain **) nodep; > - > - if (value == preorder || value == endorder) > - return; > - > - /* don't add hat rules if a parent profile with no hats */ > - if (!(*t)->hat_table && !(*t)->parent) > - return; > - > - /* don't add hat rules for local_profiles */ > - if ((*t)->local) > - return; > - > - /* hat */ > - if ((*t)->parent) { > - struct cod_entry *entry, *new_ent; > - list_for_each((*t)->parent->entries, entry) { > - if (entry->mode & AA_CHANGE_HAT) { > - char *buffer = strdup(entry->name); > - if (!buffer) { > - PERROR("Memory allocation error\n"); > - exit(1); > - } > - new_ent = new_entry(NULL, buffer, > - AA_CHANGE_HAT, NULL); > - if (!entry) { > - PERROR("Memory allocation error\n"); > - exit(1); > - } > - add_entry_to_policy((*t), new_ent); > - } > - } > - } > - twalk((*t)->hat_table, __add_hat_rules_hats); > -} > - > static int add_hat_rules(void) > { > twalk(policy_list, __add_hat_rules_parent); > > - /* support hat rules of AppArmor 2.3 in opensuse 11.0 */ > - if (flag_changehat_version == FLAG_CHANGEHAT_1_4) > - twalk(policy_list, __add_hat_rules_hats); > return 0; > } > > -- > 1.8.1.2 > > > -- > AppArmor mailing list > [email protected] > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/apparmor >
signature.asc
Description: Digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
