On Sun, Jul 21, 2013 at 10:32:51PM -0700, John Johansen wrote:
> change_hat 1.4 was an experiement is more directly controlling change_hat
> by adding hat rulles to the profile. It has not been used since the
> original experiment (4 years).  So remove it
> 
> 
> Signed-off-by: John Johansen <[email protected]>

Acked-by: Seth Arnold <[email protected]>

> ---
>  parser/parser_policy.c | 68 
> --------------------------------------------------
>  1 file changed, 68 deletions(-)
> 
> diff --git a/parser/parser_policy.c b/parser/parser_policy.c
> index f147be7..76a65c8 100644
> --- a/parser/parser_policy.c
> +++ b/parser/parser_policy.c
> @@ -394,28 +394,6 @@ static void __add_hat_rules_parent(const void *nodep, 
> const VISIT value,
>       if ((*t)->local)
>               return;
>  
> -     /* add rule to grant permission to change_hat
> -      * An opensuse 11.0, AA 2.3 requirement,
> -      * rules are added to the parent of the hat
> -      */
> -     if ((flag_changehat_version == FLAG_CHANGEHAT_1_4) &&
> -         (*t)->parent) {
> -             char *buffer = (char *) malloc(strlen((*t)->name) + 1);
> -             if (!buffer) {
> -                     PERROR("Memory allocation error\n");
> -                     exit(1);
> -             }
> -
> -             strcpy(buffer, (*t)->name);
> -
> -             entry = new_entry(NULL, buffer, AA_CHANGE_HAT, NULL);
> -             if (!entry) {
> -                     PERROR("Memory allocation error\n");
> -                     exit(1);
> -             }
> -             add_entry_to_policy((*t)->parent, entry);
> -     }
> -
>       entry = new_entry(NULL, strdup(CHANGEHAT_PATH), AA_MAY_WRITE, NULL);
>       if (!entry) {
>               PERROR(_("ERROR adding hat access rule for profile %s\n"),
> @@ -427,56 +405,10 @@ static void __add_hat_rules_parent(const void *nodep, 
> const VISIT value,
>       twalk((*t)->hat_table, __add_hat_rules_parent);
>  }
>  
> -/* Deprecated: used to support changehat rules of AppArmor 2.3
> - * add the same hat rules to the hats as the parent so that hats can
> - * change to sibling hats
> - */
> -static void __add_hat_rules_hats(const void *nodep, const VISIT value,
> -                              const int __unused depth)
> -{
> -     struct codomain **t = (struct codomain **) nodep;
> -
> -     if (value == preorder || value == endorder)
> -             return;
> -
> -     /* don't add hat rules if a parent profile with no hats */
> -     if (!(*t)->hat_table && !(*t)->parent)
> -             return;
> -
> -     /* don't add hat rules for local_profiles */
> -     if ((*t)->local)
> -             return;
> -
> -     /* hat */
> -     if ((*t)->parent) {
> -             struct cod_entry *entry, *new_ent;
> -             list_for_each((*t)->parent->entries, entry) {
> -                     if (entry->mode & AA_CHANGE_HAT) {
> -                             char *buffer = strdup(entry->name);
> -                             if (!buffer) {
> -                                     PERROR("Memory allocation error\n");
> -                                     exit(1);
> -                             }
> -                             new_ent = new_entry(NULL, buffer,
> -                                                 AA_CHANGE_HAT, NULL);
> -                             if (!entry) {
> -                                     PERROR("Memory allocation error\n");
> -                                     exit(1);
> -                             }
> -                             add_entry_to_policy((*t), new_ent);
> -                     }
> -             }
> -         }
> -         twalk((*t)->hat_table, __add_hat_rules_hats);
> -}
> -
>  static int add_hat_rules(void)
>  {
>       twalk(policy_list, __add_hat_rules_parent);
>  
> -     /* support hat rules of AppArmor 2.3 in opensuse 11.0 */
> -     if (flag_changehat_version == FLAG_CHANGEHAT_1_4)
> -             twalk(policy_list, __add_hat_rules_hats);
>       return 0;
>  }
>  
> -- 
> 1.8.1.2
> 
> 
> -- 
> AppArmor mailing list
> [email protected]
> Modify settings or unsubscribe at: 
> https://lists.ubuntu.com/mailman/listinfo/apparmor
> 

Attachment: signature.asc
Description: Digital signature

-- 
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Reply via email to