summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/core/dbus-manager.c16
-rw-r--r--src/core/selinux-access.c27
-rw-r--r--src/core/selinux-access.h2
3 files changed, 0 insertions, 45 deletions
diff --git a/src/core/dbus-manager.c b/src/core/dbus-manager.c
index 5722e3c2bb..0b365391ec 100644
--- a/src/core/dbus-manager.c
+++ b/src/core/dbus-manager.c
@@ -1650,10 +1650,6 @@ static int method_enable_unit_files_generic(
if (r < 0)
return r;
- r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
- if (r < 0)
- return r;
-
r = bus_verify_manage_unit_files_async(m, message, error);
if (r < 0)
return r;
@@ -1723,10 +1719,6 @@ static int method_preset_unit_files_with_mode(sd_bus_message *message, void *use
return -EINVAL;
}
- r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
- if (r < 0)
- return r;
-
r = bus_verify_manage_unit_files_async(m, message, error);
if (r < 0)
return r;
@@ -1766,10 +1758,6 @@ static int method_disable_unit_files_generic(
if (r < 0)
return r;
- r = mac_selinux_unit_access_check_strv(l, message, m, verb, error);
- if (r < 0)
- return r;
-
scope = m->running_as == MANAGER_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
r = bus_verify_manage_unit_files_async(m, message, error);
@@ -1902,10 +1890,6 @@ static int method_add_dependency_unit_files(sd_bus_message *message, void *userd
if (dep < 0)
return -EINVAL;
- r = mac_selinux_unit_access_check_strv(l, message, m, "enable", error);
- if (r < 0)
- return r;
-
scope = m->running_as == MANAGER_SYSTEM ? UNIT_FILE_SYSTEM : UNIT_FILE_USER;
r = unit_file_add_dependency(scope, runtime, NULL, l, target, dep, force, &changes, &n_changes);
diff --git a/src/core/selinux-access.c b/src/core/selinux-access.c
index 2ecfa40974..f920c2e2cd 100644
--- a/src/core/selinux-access.c
+++ b/src/core/selinux-access.c
@@ -289,30 +289,3 @@ finish:
return 0;
#endif
}
-
-int mac_selinux_unit_access_check_strv(
- char **units,
- sd_bus_message *message,
- Manager *m,
- const char *permission,
- sd_bus_error *error) {
-
-#ifdef HAVE_SELINUX
- char **i;
- Unit *u;
- int r;
-
- STRV_FOREACH(i, units) {
- if (is_path(*i))
- r = manager_load_unit(m, NULL, *i, error, &u);
- else
- r = manager_load_unit(m, *i, NULL, error, &u);
- if (r < 0)
- return r;
- r = mac_selinux_unit_access_check(u, message, permission, error);
- if (r < 0)
- return r;
- }
-#endif
- return 0;
-}
diff --git a/src/core/selinux-access.h b/src/core/selinux-access.h
index b5758e2e42..e6b4dd7fee 100644
--- a/src/core/selinux-access.h
+++ b/src/core/selinux-access.h
@@ -29,8 +29,6 @@ void mac_selinux_access_free(void);
int mac_selinux_generic_access_check(sd_bus_message *message, const char *path, const char *permission, sd_bus_error *error);
-int mac_selinux_unit_access_check_strv(char **units, sd_bus_message *message, Manager *m, const char *permission, sd_bus_error *error);
-
#ifdef HAVE_SELINUX
#define mac_selinux_access_check(message, permission, error) \