apparmor: remove "permipc" command

The "permipc" command is unused and unfinished, remove it.

Signed-off-by: John Johansen <john.johansen@canonical.com>
Acked-by: Kees Cook <kees@ubuntu.com>

diff --git a/security/apparmor/include/procattr.h b/security/apparmor/include/procattr.h
index 544aa6b766a4209b47d3df2b50a1c3c46e315b7e..6bd5f33d9533ab166907b5dceb9eb9f8cc591549 100644 (file)
--- a/security/apparmor/include/procattr.h
+++ b/security/apparmor/include/procattr.h
@@ -21,6 +21,5 @@
 int aa_getprocattr(struct aa_profile *profile, char **string);
 int aa_setprocattr_changehat(char *args, size_t size, int test);
 int aa_setprocattr_changeprofile(char *fqname, bool onexec, int test);
-int aa_setprocattr_permipc(char *fqname);
 
 #endif /* __AA_PROCATTR_H */

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 0f61dadca9e6e4f122546ac16d800772ede2b15f..ed7e3aadba3a35764283596371fafe58c7ae1c6b 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -572,8 +572,6 @@ static int apparmor_setprocattr(struct task_struct *task, char *name,
                } else if (strcmp(command, "permprofile") == 0) {
                        error = aa_setprocattr_changeprofile(args, !AA_ONEXEC,
                                                             AA_DO_TEST);
-               } else if (strcmp(command, "permipc") == 0) {
-                       error = aa_setprocattr_permipc(args);
                } else {
                        struct common_audit_data sa;
                        struct apparmor_audit_data aad = {0,};

diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c
index 1b41c542d376721646ba67dc4f17a3e21e1f241f..6c9390179b8909882e8a86e91e4f61349d79dd09 100644 (file)
--- a/security/apparmor/procattr.c
+++ b/security/apparmor/procattr.c
@@ -163,9 +163,3 @@ int aa_setprocattr_changeprofile(char *fqname, bool onexec, int test)
        name = aa_split_fqname(fqname, &ns_name);
        return aa_change_profile(ns_name, name, onexec, test);
 }
-
-int aa_setprocattr_permipc(char *fqname)
-{
-       /* TODO: add ipc permission querying */
-       return -ENOTSUPP;
-}