From fc03c6008052aa85f1d88a0c53ddc837491c1602 Mon Sep 17 00:00:00 2001
From: "Lee, Chun-Yi" <jlee@suse.com>
Date: Thu, 5 May 2016 16:28:24 +0800
Subject: [PATCH] Remove BSD-style securelevel sysfs file
Patch-mainline: never, SUSE specific
References: fate#320387
The BSD-style securelevel patches didn't accept by kernel upstream, but
I think those secure boot lock down patches that are still better to align
with the patches in Matthew's linux-mjg59 git tree. This patch removed
securelevel sysfs file then userspace can not pull up securelevel.
Signed-off-by: Lee, Chun-Yi <jlee@suse.com>
---
security/securelevel.c | 70 -------------------------------------------------
1 file changed, 70 deletions(-)
--- a/security/securelevel.c
+++ b/security/securelevel.c
@@ -44,73 +44,3 @@ out:
return ret;
}
EXPORT_SYMBOL(set_securelevel);
-
-static ssize_t securelevel_read(struct file *filp, char __user *buf,
- size_t count, loff_t *ppos)
-{
- char tmpbuf[12];
- ssize_t length;
-
- length = scnprintf(tmpbuf, sizeof(tmpbuf), "%d", securelevel);
- return simple_read_from_buffer(buf, count, ppos, tmpbuf, length);
-}
-
-static ssize_t securelevel_write(struct file *file, const char __user *buf,
- size_t count, loff_t *ppos)
-{
- char *page = NULL;
- ssize_t length;
- int new_securelevel;
-
- length = -ENOMEM;
- if (count >= PAGE_SIZE)
- goto out;
-
- length = -EINVAL;
- if (*ppos != 0)
- goto out;
-
- length = -ENOMEM;
- page = (char *)get_zeroed_page(GFP_KERNEL);
- if (!page)
- goto out;
-
- length = -EFAULT;
- if (copy_from_user(page, buf, count))
- goto out;
-
- length = -EINVAL;
- if (sscanf(page, "%d", &new_securelevel) != 1)
- goto out;
-
- length = set_securelevel(new_securelevel);
- if (length)
- goto out;
-
- length = count;
-out:
- free_page((unsigned long) page);
- return length;
-}
-
-static const struct file_operations securelevel_fops = {
- .read = securelevel_read,
- .write = securelevel_write,
- .llseek = generic_file_llseek,
-};
-
-static __init int setup_securelevel(void)
-{
- struct dentry *securelevel_file;
-
- securelevel_file = securityfs_create_file("securelevel",
- S_IWUSR | S_IRUGO,
- NULL, NULL,
- &securelevel_fops);
-
- if (IS_ERR(securelevel_file))
- return PTR_ERR(securelevel_file);
-
- return 0;
-}
-late_initcall(setup_securelevel);