summaryrefslogtreecommitdiff
path: root/security/tomoyo
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2010-06-17 16:54:33 +0900
committerJames Morris <jmorris@namei.org>2010-08-02 15:34:41 +1000
commit31845e8c6d3f4f26702e567c667277f9fd1f73a3 (patch)
tree5c457513fcdae4e7e39b19d36e1698ae298ce8d4 /security/tomoyo
parenta230f9e7121cbcbfe23bd5a630abf6b53cece555 (diff)
downloadlwn-31845e8c6d3f4f26702e567c667277f9fd1f73a3.tar.gz
lwn-31845e8c6d3f4f26702e567c667277f9fd1f73a3.zip
TOMOYO: Aggregate reader functions.
Now lists are accessible via array index. Aggregate reader functions using index. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/tomoyo')
-rw-r--r--security/tomoyo/common.c259
-rw-r--r--security/tomoyo/common.h22
-rw-r--r--security/tomoyo/domain.c140
-rw-r--r--security/tomoyo/file.c87
-rw-r--r--security/tomoyo/number_group.c41
-rw-r--r--security/tomoyo/path_group.c35
6 files changed, 200 insertions, 384 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index cb1aaf148ad4..044115d49033 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -1192,75 +1192,216 @@ static int tomoyo_write_exception_policy(struct tomoyo_io_buffer *head)
return -EINVAL;
}
+static void tomoyo_print_number(char *buffer, int buffer_len,
+ const struct tomoyo_number_union *ptr)
+{
+ int i;
+ unsigned long min = ptr->values[0];
+ const unsigned long max = ptr->values[1];
+ u8 min_type = ptr->min_type;
+ const u8 max_type = ptr->max_type;
+ memset(buffer, 0, buffer_len);
+ buffer_len -= 2;
+ for (i = 0; i < 2; i++) {
+ int len;
+ switch (min_type) {
+ case TOMOYO_VALUE_TYPE_HEXADECIMAL:
+ snprintf(buffer, buffer_len, "0x%lX", min);
+ break;
+ case TOMOYO_VALUE_TYPE_OCTAL:
+ snprintf(buffer, buffer_len, "0%lo", min);
+ break;
+ default:
+ snprintf(buffer, buffer_len, "%lu", min);
+ break;
+ }
+ if (min == max && min_type == max_type)
+ break;
+ len = strlen(buffer);
+ buffer[len++] = '-';
+ buffer += len;
+ buffer_len -= len;
+ min_type = max_type;
+ min = max;
+ }
+}
+
+static const char *tomoyo_group_name[TOMOYO_MAX_GROUP] = {
+ [TOMOYO_PATH_GROUP] = TOMOYO_KEYWORD_PATH_GROUP,
+ [TOMOYO_NUMBER_GROUP] = TOMOYO_KEYWORD_NUMBER_GROUP
+};
+
/**
- * tomoyo_read_exception_policy - Read exception policy.
+ * tomoyo_read_group - Read "struct tomoyo_path_group"/"struct tomoyo_number_group" list.
*
* @head: Pointer to "struct tomoyo_io_buffer".
+ * @idx: Index number.
+ *
+ * Returns true on success, false otherwise.
*
* Caller holds tomoyo_read_lock().
*/
-static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
+static bool tomoyo_read_group(struct tomoyo_io_buffer *head, const int idx)
{
- if (!head->read_eof) {
- switch (head->read_step) {
- case 0:
- head->read_var2 = NULL;
- head->read_step = 1;
- case 1:
- if (!tomoyo_read_domain_keeper_policy(head))
- break;
- head->read_var2 = NULL;
- head->read_step = 2;
- case 2:
- if (!tomoyo_read_globally_readable_policy(head))
- break;
- head->read_var2 = NULL;
- head->read_step = 3;
- case 3:
- head->read_var2 = NULL;
- head->read_step = 4;
- case 4:
- if (!tomoyo_read_domain_initializer_policy(head))
- break;
- head->read_var2 = NULL;
- head->read_step = 5;
- case 5:
- if (!tomoyo_read_alias_policy(head))
- break;
- head->read_var2 = NULL;
- head->read_step = 6;
- case 6:
- if (!tomoyo_read_aggregator_policy(head))
- break;
- head->read_var2 = NULL;
- head->read_step = 7;
- case 7:
- if (!tomoyo_read_file_pattern(head))
- break;
- head->read_var2 = NULL;
- head->read_step = 8;
- case 8:
- if (!tomoyo_read_no_rewrite_policy(head))
- break;
- head->read_var2 = NULL;
- head->read_step = 9;
- case 9:
- if (!tomoyo_read_path_group_policy(head))
- break;
- head->read_var1 = NULL;
- head->read_var2 = NULL;
- head->read_step = 10;
- case 10:
- if (!tomoyo_read_number_group_policy(head))
- break;
- head->read_var1 = NULL;
- head->read_var2 = NULL;
- head->read_step = 11;
- case 11:
- head->read_eof = true;
+ struct list_head *gpos;
+ struct list_head *mpos;
+ const char *w[3] = { "", "", "" };
+ w[0] = tomoyo_group_name[idx];
+ list_for_each_cookie(gpos, head->read_var1, &tomoyo_group_list[idx]) {
+ struct tomoyo_group *group =
+ list_entry(gpos, struct tomoyo_group, list);
+ w[1] = group->group_name->name;
+ list_for_each_cookie(mpos, head->read_var2,
+ &group->member_list) {
+ char buffer[128];
+ struct tomoyo_acl_head *ptr =
+ list_entry(mpos, struct tomoyo_acl_head, list);
+ if (ptr->is_deleted)
+ continue;
+ if (idx == TOMOYO_PATH_GROUP) {
+ w[2] = container_of(ptr,
+ struct tomoyo_path_group,
+ head)->member_name->name;
+ } else if (idx == TOMOYO_NUMBER_GROUP) {
+ tomoyo_print_number(buffer, sizeof(buffer),
+ &container_of
+ (ptr, struct
+ tomoyo_number_group,
+ head)->number);
+ w[2] = buffer;
+ }
+ if (!tomoyo_io_printf(head, "%s%s %s\n", w[0], w[1],
+ w[2]))
+ return false;
+ }
+ }
+ return true;
+}
+
+/**
+ * tomoyo_read_policy - Read "struct tomoyo_..._entry" list.
+ *
+ * @head: Pointer to "struct tomoyo_io_buffer".
+ * @idx: Index number.
+ *
+ * Returns true on success, false otherwise.
+ *
+ * Caller holds tomoyo_read_lock().
+ */
+static bool tomoyo_read_policy(struct tomoyo_io_buffer *head, const int idx)
+{
+ struct list_head *pos;
+ list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list[idx]) {
+ const char *w[4] = { "", "", "", "" };
+ struct tomoyo_acl_head *acl = container_of(pos, typeof(*acl),
+ list);
+ if (acl->is_deleted)
+ continue;
+ switch (idx) {
+ case TOMOYO_ID_DOMAIN_KEEPER:
+ {
+ struct tomoyo_domain_keeper_entry *ptr =
+ container_of(acl, typeof(*ptr), head);
+ w[0] = ptr->is_not ?
+ TOMOYO_KEYWORD_NO_KEEP_DOMAIN :
+ TOMOYO_KEYWORD_KEEP_DOMAIN;
+ if (ptr->program) {
+ w[1] = ptr->program->name;
+ w[2] = " from ";
+ }
+ w[3] = ptr->domainname->name;
+ }
+ break;
+ case TOMOYO_ID_DOMAIN_INITIALIZER:
+ {
+ struct tomoyo_domain_initializer_entry *ptr =
+ container_of(acl, typeof(*ptr), head);
+ w[0] = ptr->is_not ?
+ TOMOYO_KEYWORD_NO_INITIALIZE_DOMAIN :
+ TOMOYO_KEYWORD_INITIALIZE_DOMAIN;
+ w[1] = ptr->program->name;
+ if (ptr->domainname) {
+ w[2] = " from ";
+ w[3] = ptr->domainname->name;
+ }
+ }
break;
+ case TOMOYO_ID_GLOBALLY_READABLE:
+ {
+ struct tomoyo_globally_readable_file_entry *ptr
+ = container_of(acl, typeof(*ptr), head);
+ w[0] = TOMOYO_KEYWORD_ALLOW_READ;
+ w[1] = ptr->filename->name;
+ }
+ break;
+ case TOMOYO_ID_ALIAS:
+ {
+ struct tomoyo_alias_entry *ptr =
+ container_of(acl, typeof(*ptr), head);
+ w[0] = TOMOYO_KEYWORD_ALIAS;
+ w[1] = ptr->original_name->name;
+ w[2] = " ";
+ w[3] = ptr->aliased_name->name;
+ }
+ break;
+ case TOMOYO_ID_AGGREGATOR:
+ {
+ struct tomoyo_aggregator_entry *ptr =
+ container_of(acl, typeof(*ptr), head);
+ w[0] = TOMOYO_KEYWORD_AGGREGATOR;
+ w[1] = ptr->original_name->name;
+ w[2] = " ";
+ w[3] = ptr->aggregated_name->name;
+ }
+ break;
+ case TOMOYO_ID_PATTERN:
+ {
+ struct tomoyo_pattern_entry *ptr =
+ container_of(acl, typeof(*ptr), head);
+ w[0] = TOMOYO_KEYWORD_FILE_PATTERN;
+ w[1] = ptr->pattern->name;
+ }
+ break;
+ case TOMOYO_ID_NO_REWRITE:
+ {
+ struct tomoyo_no_rewrite_entry *ptr =
+ container_of(acl, typeof(*ptr), head);
+ w[0] = TOMOYO_KEYWORD_DENY_REWRITE;
+ w[1] = ptr->pattern->name;
+ }
+ break;
+ default:
+ continue;
}
+ if (!tomoyo_io_printf(head, "%s%s%s%s\n", w[0], w[1], w[2],
+ w[3]))
+ return false;
}
+ return true;
+}
+
+/**
+ * tomoyo_read_exception_policy - Read exception policy.
+ *
+ * @head: Pointer to "struct tomoyo_io_buffer".
+ *
+ * Caller holds tomoyo_read_lock().
+ */
+static void tomoyo_read_exception_policy(struct tomoyo_io_buffer *head)
+{
+ if (head->read_eof)
+ return;
+ while (head->read_step < TOMOYO_MAX_POLICY &&
+ tomoyo_read_policy(head, head->read_step))
+ head->read_step++;
+ if (head->read_step < TOMOYO_MAX_POLICY)
+ return;
+ while (head->read_step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP &&
+ tomoyo_read_group(head, head->read_step - TOMOYO_MAX_POLICY))
+ head->read_step++;
+ if (head->read_step < TOMOYO_MAX_POLICY + TOMOYO_MAX_GROUP)
+ return;
+ head->read_eof = true;
}
/**
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index 451dc3c1036a..21eb1e7885b8 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -794,28 +794,6 @@ bool tomoyo_path_matches_pattern(const struct tomoyo_path_info *filename,
bool tomoyo_print_number_union(struct tomoyo_io_buffer *head,
const struct tomoyo_number_union *ptr);
bool tomoyo_parse_number_union(char *data, struct tomoyo_number_union *num);
-
-/* Read "aggregator" entry in exception policy. */
-bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head);
-/* Read "alias" entry in exception policy. */
-bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head);
-/*
- * Read "initialize_domain" and "no_initialize_domain" entry
- * in exception policy.
- */
-bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head);
-/* Read "keep_domain" and "no_keep_domain" entry in exception policy. */
-bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head);
-/* Read "file_pattern" entry in exception policy. */
-bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head);
-/* Read "path_group" entry in exception policy. */
-bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head);
-/* Read "number_group" entry in exception policy. */
-bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head);
-/* Read "allow_read" entry in exception policy. */
-bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head);
-/* Read "deny_rewrite" entry in exception policy. */
-bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head);
/* Tokenize a line. */
bool tomoyo_tokenize(char *buffer, char *w[], size_t size);
/* Write domain policy violation warning message to console? */
diff --git a/security/tomoyo/domain.c b/security/tomoyo/domain.c
index 3575b0e7c7fd..038071a8a3d3 100644
--- a/security/tomoyo/domain.c
+++ b/security/tomoyo/domain.c
@@ -210,45 +210,6 @@ static int tomoyo_update_domain_initializer_entry(const char *domainname,
}
/**
- * tomoyo_read_domain_initializer_policy - Read "struct tomoyo_domain_initializer_entry" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_domain_initializer_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *pos;
- bool done = true;
-
- list_for_each_cookie(pos, head->read_var2, &tomoyo_policy_list
- [TOMOYO_ID_DOMAIN_INITIALIZER]) {
- const char *no;
- const char *from = "";
- const char *domain = "";
- struct tomoyo_domain_initializer_entry *ptr;
- ptr = list_entry(pos, struct tomoyo_domain_initializer_entry,
- head.list);
- if (ptr->head.is_deleted)
- continue;
- no = ptr->is_not ? "no_" : "";
- if (ptr->domainname) {
- from = " from ";
- domain = ptr->domainname->name;
- }
- done = tomoyo_io_printf(head,
- "%s" TOMOYO_KEYWORD_INITIALIZE_DOMAIN
- "%s%s%s\n", no, ptr->program->name,
- from, domain);
- if (!done)
- break;
- }
- return done;
-}
-
-/**
* tomoyo_write_domain_initializer_policy - Write "struct tomoyo_domain_initializer_entry" list.
*
* @data: String to parse.
@@ -399,46 +360,6 @@ int tomoyo_write_domain_keeper_policy(char *data, const bool is_not,
}
/**
- * tomoyo_read_domain_keeper_policy - Read "struct tomoyo_domain_keeper_entry" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_domain_keeper_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *pos;
- bool done = true;
-
- list_for_each_cookie(pos, head->read_var2,
- &tomoyo_policy_list[TOMOYO_ID_DOMAIN_KEEPER]) {
- struct tomoyo_domain_keeper_entry *ptr;
- const char *no;
- const char *from = "";
- const char *program = "";
-
- ptr = list_entry(pos, struct tomoyo_domain_keeper_entry,
- head.list);
- if (ptr->head.is_deleted)
- continue;
- no = ptr->is_not ? "no_" : "";
- if (ptr->program) {
- from = " from ";
- program = ptr->program->name;
- }
- done = tomoyo_io_printf(head,
- "%s" TOMOYO_KEYWORD_KEEP_DOMAIN
- "%s%s%s\n", no, program, from,
- ptr->domainname->name);
- if (!done)
- break;
- }
- return done;
-}
-
-/**
* tomoyo_domain_keeper - Check whether the given program causes domain transition suppression.
*
* @domainname: The name of domain.
@@ -527,37 +448,6 @@ static int tomoyo_update_aggregator_entry(const char *original_name,
}
/**
- * tomoyo_read_aggregator_policy - Read "struct tomoyo_aggregator_entry" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_aggregator_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *pos;
- bool done = true;
-
- list_for_each_cookie(pos, head->read_var2,
- &tomoyo_policy_list[TOMOYO_ID_AGGREGATOR]) {
- struct tomoyo_aggregator_entry *ptr;
-
- ptr = list_entry(pos, struct tomoyo_aggregator_entry,
- head.list);
- if (ptr->head.is_deleted)
- continue;
- done = tomoyo_io_printf(head, TOMOYO_KEYWORD_AGGREGATOR
- "%s %s\n", ptr->original_name->name,
- ptr->aggregated_name->name);
- if (!done)
- break;
- }
- return done;
-}
-
-/**
* tomoyo_write_aggregator_policy - Write "struct tomoyo_aggregator_entry" list.
*
* @data: String to parse.
@@ -624,36 +514,6 @@ static int tomoyo_update_alias_entry(const char *original_name,
}
/**
- * tomoyo_read_alias_policy - Read "struct tomoyo_alias_entry" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_alias_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *pos;
- bool done = true;
-
- list_for_each_cookie(pos, head->read_var2,
- &tomoyo_policy_list[TOMOYO_ID_ALIAS]) {
- struct tomoyo_alias_entry *ptr;
-
- ptr = list_entry(pos, struct tomoyo_alias_entry, head.list);
- if (ptr->head.is_deleted)
- continue;
- done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALIAS "%s %s\n",
- ptr->original_name->name,
- ptr->aliased_name->name);
- if (!done)
- break;
- }
- return done;
-}
-
-/**
* tomoyo_write_alias_policy - Write "struct tomoyo_alias_entry" list.
*
* @data: String to parse.
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index df3b203d7d4f..e7687ebdc5f6 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -344,36 +344,6 @@ int tomoyo_write_globally_readable_policy(char *data, const bool is_delete)
return tomoyo_update_globally_readable_entry(data, is_delete);
}
-/**
- * tomoyo_read_globally_readable_policy - Read "struct tomoyo_globally_readable_file_entry" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_globally_readable_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *pos;
- bool done = true;
-
- list_for_each_cookie(pos, head->read_var2,
- &tomoyo_policy_list[TOMOYO_ID_GLOBALLY_READABLE]) {
- struct tomoyo_globally_readable_file_entry *ptr;
- ptr = list_entry(pos,
- struct tomoyo_globally_readable_file_entry,
- head.list);
- if (ptr->head.is_deleted)
- continue;
- done = tomoyo_io_printf(head, TOMOYO_KEYWORD_ALLOW_READ "%s\n",
- ptr->filename->name);
- if (!done)
- break;
- }
- return done;
-}
-
static bool tomoyo_same_pattern(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b)
{
@@ -457,34 +427,6 @@ int tomoyo_write_pattern_policy(char *data, const bool is_delete)
return tomoyo_update_file_pattern_entry(data, is_delete);
}
-/**
- * tomoyo_read_file_pattern - Read "struct tomoyo_pattern_entry" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_file_pattern(struct tomoyo_io_buffer *head)
-{
- struct list_head *pos;
- bool done = true;
-
- list_for_each_cookie(pos, head->read_var2,
- &tomoyo_policy_list[TOMOYO_ID_PATTERN]) {
- struct tomoyo_pattern_entry *ptr;
- ptr = list_entry(pos, struct tomoyo_pattern_entry, head.list);
- if (ptr->head.is_deleted)
- continue;
- done = tomoyo_io_printf(head, TOMOYO_KEYWORD_FILE_PATTERN
- "%s\n", ptr->pattern->name);
- if (!done)
- break;
- }
- return done;
-}
-
static bool tomoyo_same_no_rewrite(const struct tomoyo_acl_head *a,
const struct tomoyo_acl_head *b)
{
@@ -563,35 +505,6 @@ int tomoyo_write_no_rewrite_policy(char *data, const bool is_delete)
return tomoyo_update_no_rewrite_entry(data, is_delete);
}
-/**
- * tomoyo_read_no_rewrite_policy - Read "struct tomoyo_no_rewrite_entry" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_no_rewrite_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *pos;
- bool done = true;
-
- list_for_each_cookie(pos, head->read_var2,
- &tomoyo_policy_list[TOMOYO_ID_NO_REWRITE]) {
- struct tomoyo_no_rewrite_entry *ptr;
- ptr = list_entry(pos, struct tomoyo_no_rewrite_entry,
- head.list);
- if (ptr->head.is_deleted)
- continue;
- done = tomoyo_io_printf(head, TOMOYO_KEYWORD_DENY_REWRITE
- "%s\n", ptr->pattern->name);
- if (!done)
- break;
- }
- return done;
-}
-
static bool tomoyo_check_path_acl(const struct tomoyo_request_info *r,
const struct tomoyo_acl_info *ptr)
{
diff --git a/security/tomoyo/number_group.c b/security/tomoyo/number_group.c
index 99694153b947..5e75f5314bda 100644
--- a/security/tomoyo/number_group.c
+++ b/security/tomoyo/number_group.c
@@ -97,47 +97,6 @@ int tomoyo_write_number_group_policy(char *data, const bool is_delete)
}
/**
- * tomoyo_read_number_group_policy - Read "struct tomoyo_number_group" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_number_group_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *gpos;
- struct list_head *mpos;
- list_for_each_cookie(gpos, head->read_var1,
- &tomoyo_group_list[TOMOYO_NUMBER_GROUP]) {
- struct tomoyo_group *group;
- const char *name;
- group = list_entry(gpos, struct tomoyo_group, list);
- name = group->group_name->name;
- list_for_each_cookie(mpos, head->read_var2,
- &group->member_list) {
- int pos;
- const struct tomoyo_number_group *member
- = list_entry(mpos,
- struct tomoyo_number_group,
- head.list);
- if (member->head.is_deleted)
- continue;
- pos = head->read_avail;
- if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_NUMBER_GROUP
- "%s", name) ||
- !tomoyo_print_number_union(head, &member->number) ||
- !tomoyo_io_printf(head, "\n")) {
- head->read_avail = pos;
- return false;
- }
- }
- }
- return true;
-}
-
-/**
* tomoyo_number_matches_group - Check whether the given number matches members of the given number group.
*
* @min: Min number.
diff --git a/security/tomoyo/path_group.c b/security/tomoyo/path_group.c
index 44e8a5b1ca67..2f9f9240bf5a 100644
--- a/security/tomoyo/path_group.c
+++ b/security/tomoyo/path_group.c
@@ -95,41 +95,6 @@ int tomoyo_write_path_group_policy(char *data, const bool is_delete)
}
/**
- * tomoyo_read_path_group_policy - Read "struct tomoyo_path_group" list.
- *
- * @head: Pointer to "struct tomoyo_io_buffer".
- *
- * Returns true on success, false otherwise.
- *
- * Caller holds tomoyo_read_lock().
- */
-bool tomoyo_read_path_group_policy(struct tomoyo_io_buffer *head)
-{
- struct list_head *gpos;
- struct list_head *mpos;
- list_for_each_cookie(gpos, head->read_var1,
- &tomoyo_group_list[TOMOYO_PATH_GROUP]) {
- struct tomoyo_group *group;
- group = list_entry(gpos, struct tomoyo_group, list);
- list_for_each_cookie(mpos, head->read_var2,
- &group->member_list) {
- struct tomoyo_path_group *member;
- member = list_entry(mpos,
- struct tomoyo_path_group,
- head.list);
- if (member->head.is_deleted)
- continue;
- if (!tomoyo_io_printf(head, TOMOYO_KEYWORD_PATH_GROUP
- "%s %s\n",
- group->group_name->name,
- member->member_name->name))
- return false;
- }
- }
- return true;
-}
-
-/**
* tomoyo_path_matches_group - Check whether the given pathname matches members of the given pathname group.
*
* @pathname: The name of pathname.