From 353633100d8d684ac0acae4ce93fb833f92881f4 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:15 -0400 Subject: security: remove sb_check_sb hooks Unused hook. Remove it. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index 233d20b52c1b..9ebd2e411d2d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -267,12 +267,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @orig the original mount data copied from userspace. * @copy copied data which will be passed to the security module. * Returns 0 if the copy was successful. - * @sb_check_sb: - * Check permission before the device with superblock @mnt->sb is mounted - * on the mount point named by @nd. - * @mnt contains the vfsmount for device being mounted. - * @path contains the path for the mount point. - * Return 0 if permission is granted. * @sb_umount: * Check permission before the @mnt file system is unmounted. * @mnt contains the mounted file system. @@ -1484,7 +1478,6 @@ struct security_operations { int (*sb_statfs) (struct dentry *dentry); int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); - int (*sb_check_sb) (struct vfsmount *mnt, struct path *path); int (*sb_umount) (struct vfsmount *mnt, int flags); void (*sb_umount_close) (struct vfsmount *mnt); void (*sb_umount_busy) (struct vfsmount *mnt); @@ -1783,7 +1776,6 @@ int security_sb_show_options(struct seq_file *m, struct super_block *sb); int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); -int security_sb_check_sb(struct vfsmount *mnt, struct path *path); int security_sb_umount(struct vfsmount *mnt, int flags); void security_sb_umount_close(struct vfsmount *mnt); void security_sb_umount_busy(struct vfsmount *mnt); @@ -2099,12 +2091,6 @@ static inline int security_sb_mount(char *dev_name, struct path *path, return 0; } -static inline int security_sb_check_sb(struct vfsmount *mnt, - struct path *path) -{ - return 0; -} - static inline int security_sb_umount(struct vfsmount *mnt, int flags) { return 0; -- cgit v1.2.3 From 231923bd0e06cba69f7c2028f4a68602b8d22160 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:21 -0400 Subject: security: remove dead hook sb_umount_close Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- fs/namespace.c | 1 - include/linux/security.h | 10 ---------- security/capability.c | 5 ----- security/security.c | 5 ----- 4 files changed, 21 deletions(-) (limited to 'include/linux/security.h') diff --git a/fs/namespace.c b/fs/namespace.c index c1d0d877bab7..8aea78c8e760 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -628,7 +628,6 @@ repeat: mnt->mnt_pinned = 0; spin_unlock(&vfsmount_lock); acct_auto_close_mnt(mnt); - security_sb_umount_close(mnt); goto repeat; } } diff --git a/include/linux/security.h b/include/linux/security.h index 9ebd2e411d2d..354b0ceefc87 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,11 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_umount_close: - * Close any files in the @mnt mounted filesystem that are held open by - * the security module. This hook is called during an umount operation - * prior to checking whether the filesystem is still busy. - * @mnt contains the mounted filesystem. * @sb_umount_busy: * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening * any files that were closed by umount_close. This hook is called during @@ -1479,7 +1474,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_umount_close) (struct vfsmount *mnt); void (*sb_umount_busy) (struct vfsmount *mnt); void (*sb_post_remount) (struct vfsmount *mnt, unsigned long flags, void *data); @@ -1777,7 +1771,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_umount_close(struct vfsmount *mnt); void security_sb_umount_busy(struct vfsmount *mnt); void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); @@ -2096,9 +2089,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_umount_close(struct vfsmount *mnt) -{ } - static inline void security_sb_umount_busy(struct vfsmount *mnt) { } diff --git a/security/capability.c b/security/capability.c index a7e905d8f1d3..db72f4f5a9e1 100644 --- a/security/capability.c +++ b/security/capability.c @@ -85,10 +85,6 @@ static int cap_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static void cap_sb_umount_close(struct vfsmount *mnt) -{ -} - static void cap_sb_umount_busy(struct vfsmount *mnt) { } @@ -937,7 +933,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, sb_statfs); set_to_cap_if_null(ops, sb_mount); set_to_cap_if_null(ops, sb_umount); - set_to_cap_if_null(ops, sb_umount_close); set_to_cap_if_null(ops, sb_umount_busy); set_to_cap_if_null(ops, sb_post_remount); set_to_cap_if_null(ops, sb_post_addmount); diff --git a/security/security.c b/security/security.c index a0bee70ed4b6..591c25fd430f 100644 --- a/security/security.c +++ b/security/security.c @@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags) return security_ops->sb_umount(mnt, flags); } -void security_sb_umount_close(struct vfsmount *mnt) -{ - security_ops->sb_umount_close(mnt); -} - void security_sb_umount_busy(struct vfsmount *mnt) { security_ops->sb_umount_busy(mnt); -- cgit v1.2.3 From 4b61d12c84293ac061909f27f567c1905e4d90e3 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:27 -0400 Subject: security: remove dead hook sb_umount_busy Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- fs/namespace.c | 2 -- include/linux/security.h | 11 ----------- security/capability.c | 5 ----- security/security.c | 5 ----- 4 files changed, 23 deletions(-) (limited to 'include/linux/security.h') diff --git a/fs/namespace.c b/fs/namespace.c index 8aea78c8e760..6c9ca7358aad 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1116,8 +1116,6 @@ static int do_umount(struct vfsmount *mnt, int flags) retval = 0; } spin_unlock(&vfsmount_lock); - if (retval) - security_sb_umount_busy(mnt); up_write(&namespace_sem); release_mounts(&umount_list); return retval; diff --git a/include/linux/security.h b/include/linux/security.h index 354b0ceefc87..b206795c09f7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,12 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_umount_busy: - * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening - * any files that were closed by umount_close. This hook is called during - * an umount operation if the umount fails after a call to the - * umount_close hook. - * @mnt contains the mounted filesystem. * @sb_post_remount: * Update the security module's state when a filesystem is remounted. * This hook is only called if the remount was successful. @@ -1474,7 +1468,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_umount_busy) (struct vfsmount *mnt); void (*sb_post_remount) (struct vfsmount *mnt, unsigned long flags, void *data); void (*sb_post_addmount) (struct vfsmount *mnt, @@ -1771,7 +1764,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_umount_busy(struct vfsmount *mnt); void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); int security_sb_pivotroot(struct path *old_path, struct path *new_path); @@ -2089,9 +2081,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_umount_busy(struct vfsmount *mnt) -{ } - static inline void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data) { } diff --git a/security/capability.c b/security/capability.c index db72f4f5a9e1..476d43030906 100644 --- a/security/capability.c +++ b/security/capability.c @@ -85,10 +85,6 @@ static int cap_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static void cap_sb_umount_busy(struct vfsmount *mnt) -{ -} - static void cap_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data) { @@ -933,7 +929,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, sb_statfs); set_to_cap_if_null(ops, sb_mount); set_to_cap_if_null(ops, sb_umount); - set_to_cap_if_null(ops, sb_umount_busy); set_to_cap_if_null(ops, sb_post_remount); set_to_cap_if_null(ops, sb_post_addmount); set_to_cap_if_null(ops, sb_pivotroot); diff --git a/security/security.c b/security/security.c index 591c25fd430f..c1341fbe98ca 100644 --- a/security/security.c +++ b/security/security.c @@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags) return security_ops->sb_umount(mnt, flags); } -void security_sb_umount_busy(struct vfsmount *mnt) -{ - security_ops->sb_umount_busy(mnt); -} - void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data) { security_ops->sb_post_remount(mnt, flags, data); -- cgit v1.2.3 From 82dab10453d65ad9ca551de5b8925673ca05c7e9 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:33 -0400 Subject: security: remove dead hook sb_post_remount Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- fs/namespace.c | 2 -- include/linux/security.h | 13 ------------- security/capability.c | 6 ------ security/security.c | 5 ----- 4 files changed, 26 deletions(-) (limited to 'include/linux/security.h') diff --git a/fs/namespace.c b/fs/namespace.c index 6c9ca7358aad..f87f56e348fd 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1573,8 +1573,6 @@ static int do_remount(struct path *path, int flags, int mnt_flags, } up_write(&sb->s_umount); if (!err) { - security_sb_post_remount(path->mnt, flags, data); - spin_lock(&vfsmount_lock); touch_mnt_namespace(path->mnt->mnt_ns); spin_unlock(&vfsmount_lock); diff --git a/include/linux/security.h b/include/linux/security.h index b206795c09f7..338617a50fa3 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,12 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_post_remount: - * Update the security module's state when a filesystem is remounted. - * This hook is only called if the remount was successful. - * @mnt contains the mounted file system. - * @flags contains the new filesystem flags. - * @data contains the filesystem-specific data. * @sb_post_addmount: * Update the security module's state when a filesystem is mounted. * This hook is called any time a mount is successfully grafetd to @@ -1468,8 +1462,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_post_remount) (struct vfsmount *mnt, - unsigned long flags, void *data); void (*sb_post_addmount) (struct vfsmount *mnt, struct path *mountpoint); int (*sb_pivotroot) (struct path *old_path, @@ -1764,7 +1756,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); int security_sb_pivotroot(struct path *old_path, struct path *new_path); void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); @@ -2081,10 +2072,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_post_remount(struct vfsmount *mnt, - unsigned long flags, void *data) -{ } - static inline void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint) { } diff --git a/security/capability.c b/security/capability.c index 476d43030906..26fc92caa339 100644 --- a/security/capability.c +++ b/security/capability.c @@ -85,11 +85,6 @@ static int cap_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static void cap_sb_post_remount(struct vfsmount *mnt, unsigned long flags, - void *data) -{ -} - static void cap_sb_post_addmount(struct vfsmount *mnt, struct path *path) { } @@ -929,7 +924,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, sb_statfs); set_to_cap_if_null(ops, sb_mount); set_to_cap_if_null(ops, sb_umount); - set_to_cap_if_null(ops, sb_post_remount); set_to_cap_if_null(ops, sb_post_addmount); set_to_cap_if_null(ops, sb_pivotroot); set_to_cap_if_null(ops, sb_post_pivotroot); diff --git a/security/security.c b/security/security.c index c1341fbe98ca..d9538d98736b 100644 --- a/security/security.c +++ b/security/security.c @@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags) return security_ops->sb_umount(mnt, flags); } -void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data) -{ - security_ops->sb_post_remount(mnt, flags, data); -} - void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint) { security_ops->sb_post_addmount(mnt, mountpoint); -- cgit v1.2.3 From 3db291017753e539af64c8bab373785f34e43ed2 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:39 -0400 Subject: security: remove dead hook sb_post_addmount Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- fs/namespace.c | 2 -- include/linux/security.h | 13 ------------- security/capability.c | 5 ----- security/security.c | 5 ----- 4 files changed, 25 deletions(-) (limited to 'include/linux/security.h') diff --git a/fs/namespace.c b/fs/namespace.c index f87f56e348fd..7a0c9ce62bed 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -1436,8 +1436,6 @@ static int graft_tree(struct vfsmount *mnt, struct path *path) err = attach_recursive_mnt(mnt, path, NULL); out_unlock: mutex_unlock(&path->dentry->d_inode->i_mutex); - if (!err) - security_sb_post_addmount(mnt, path); return err; } diff --git a/include/linux/security.h b/include/linux/security.h index 338617a50fa3..a42d733086a1 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,12 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_post_addmount: - * Update the security module's state when a filesystem is mounted. - * This hook is called any time a mount is successfully grafetd to - * the tree. - * @mnt contains the mounted filesystem. - * @mountpoint contains the path for the mount point. * @sb_pivotroot: * Check permission before pivoting the root filesystem. * @old_path contains the path for the new location of the current root (put_old). @@ -1462,8 +1456,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_post_addmount) (struct vfsmount *mnt, - struct path *mountpoint); int (*sb_pivotroot) (struct path *old_path, struct path *new_path); void (*sb_post_pivotroot) (struct path *old_path, @@ -1756,7 +1748,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); int security_sb_pivotroot(struct path *old_path, struct path *new_path); void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); @@ -2072,10 +2063,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_post_addmount(struct vfsmount *mnt, - struct path *mountpoint) -{ } - static inline int security_sb_pivotroot(struct path *old_path, struct path *new_path) { diff --git a/security/capability.c b/security/capability.c index 26fc92caa339..38752ddf69d7 100644 --- a/security/capability.c +++ b/security/capability.c @@ -85,10 +85,6 @@ static int cap_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static void cap_sb_post_addmount(struct vfsmount *mnt, struct path *path) -{ -} - static int cap_sb_pivotroot(struct path *old_path, struct path *new_path) { return 0; @@ -924,7 +920,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, sb_statfs); set_to_cap_if_null(ops, sb_mount); set_to_cap_if_null(ops, sb_umount); - set_to_cap_if_null(ops, sb_post_addmount); set_to_cap_if_null(ops, sb_pivotroot); set_to_cap_if_null(ops, sb_post_pivotroot); set_to_cap_if_null(ops, sb_set_mnt_opts); diff --git a/security/security.c b/security/security.c index d9538d98736b..6a8e5411d7a0 100644 --- a/security/security.c +++ b/security/security.c @@ -311,11 +311,6 @@ int security_sb_umount(struct vfsmount *mnt, int flags) return security_ops->sb_umount(mnt, flags); } -void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint) -{ - security_ops->sb_post_addmount(mnt, mountpoint); -} - int security_sb_pivotroot(struct path *old_path, struct path *new_path) { return security_ops->sb_pivotroot(old_path, new_path); -- cgit v1.2.3 From 91a9420f5826db482030c21eca8c507271bbc441 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:45 -0400 Subject: security: remove dead hook sb_post_pivotroot Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- fs/namespace.c | 1 - include/linux/security.h | 11 ----------- security/capability.c | 5 ----- security/security.c | 5 ----- 4 files changed, 22 deletions(-) (limited to 'include/linux/security.h') diff --git a/fs/namespace.c b/fs/namespace.c index 7a0c9ce62bed..c36785a2fd86 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2265,7 +2265,6 @@ SYSCALL_DEFINE2(pivot_root, const char __user *, new_root, touch_mnt_namespace(current->nsproxy->mnt_ns); spin_unlock(&vfsmount_lock); chroot_fs_refs(&root, &new); - security_sb_post_pivotroot(&root, &new); error = 0; path_put(&root_parent); path_put(&parent_path); diff --git a/include/linux/security.h b/include/linux/security.h index a42d733086a1..4de5bbb39052 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -277,10 +277,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @old_path contains the path for the new location of the current root (put_old). * @new_path contains the path for the new root (new_root). * Return 0 if permission is granted. - * @sb_post_pivotroot: - * Update module state after a successful pivot. - * @old_path contains the path for the old root. - * @new_path contains the path for the new root. * @sb_set_mnt_opts: * Set the security relevant mount options used for a superblock * @sb the superblock to set security mount options for @@ -1458,8 +1454,6 @@ struct security_operations { int (*sb_umount) (struct vfsmount *mnt, int flags); int (*sb_pivotroot) (struct path *old_path, struct path *new_path); - void (*sb_post_pivotroot) (struct path *old_path, - struct path *new_path); int (*sb_set_mnt_opts) (struct super_block *sb, struct security_mnt_opts *opts); void (*sb_clone_mnt_opts) (const struct super_block *oldsb, @@ -1749,7 +1743,6 @@ int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); int security_sb_pivotroot(struct path *old_path, struct path *new_path); -void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); void security_sb_clone_mnt_opts(const struct super_block *oldsb, struct super_block *newsb); @@ -2069,10 +2062,6 @@ static inline int security_sb_pivotroot(struct path *old_path, return 0; } -static inline void security_sb_post_pivotroot(struct path *old_path, - struct path *new_path) -{ } - static inline int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts) { diff --git a/security/capability.c b/security/capability.c index 38752ddf69d7..b64b50105a04 100644 --- a/security/capability.c +++ b/security/capability.c @@ -90,10 +90,6 @@ static int cap_sb_pivotroot(struct path *old_path, struct path *new_path) return 0; } -static void cap_sb_post_pivotroot(struct path *old_path, struct path *new_path) -{ -} - static int cap_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts) { @@ -921,7 +917,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, sb_mount); set_to_cap_if_null(ops, sb_umount); set_to_cap_if_null(ops, sb_pivotroot); - set_to_cap_if_null(ops, sb_post_pivotroot); set_to_cap_if_null(ops, sb_set_mnt_opts); set_to_cap_if_null(ops, sb_clone_mnt_opts); set_to_cap_if_null(ops, sb_parse_opts_str); diff --git a/security/security.c b/security/security.c index 6a8e5411d7a0..5223fa408271 100644 --- a/security/security.c +++ b/security/security.c @@ -316,11 +316,6 @@ int security_sb_pivotroot(struct path *old_path, struct path *new_path) return security_ops->sb_pivotroot(old_path, new_path); } -void security_sb_post_pivotroot(struct path *old_path, struct path *new_path) -{ - security_ops->sb_post_pivotroot(old_path, new_path); -} - int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts) { -- cgit v1.2.3 From 9d5ed77dadc66a72b40419c91df942adfa55a102 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:50 -0400 Subject: security: remove dead hook inode_delete Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- fs/inode.c | 2 -- include/linux/security.h | 11 ----------- security/capability.c | 5 ----- security/security.c | 7 ------- 4 files changed, 25 deletions(-) (limited to 'include/linux/security.h') diff --git a/fs/inode.c b/fs/inode.c index 407bf392e20a..258ec22bb298 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -1205,8 +1205,6 @@ void generic_delete_inode(struct inode *inode) inodes_stat.nr_inodes--; spin_unlock(&inode_lock); - security_inode_delete(inode); - if (op->delete_inode) { void (*delete)(struct inode *) = op->delete_inode; /* Filesystems implementing their own diff --git a/include/linux/security.h b/include/linux/security.h index 4de5bbb39052..ef6edc759891 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -478,12 +478,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt is the vfsmount where the dentry was looked up * @dentry contains the dentry structure for the file. * Return 0 if permission is granted. - * @inode_delete: - * @inode contains the inode structure for deleted inode. - * This hook is called when a deleted inode is released (i.e. an inode - * with no hard links has its use count drop to zero). A security module - * can use this hook to release any persistent label associated with the - * inode. * @inode_setxattr: * Check permission before setting the extended attributes * @value identified by @name for @dentry. @@ -1502,7 +1496,6 @@ struct security_operations { int (*inode_permission) (struct inode *inode, int mask); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); - void (*inode_delete) (struct inode *inode); int (*inode_setxattr) (struct dentry *dentry, const char *name, const void *value, size_t size, int flags); void (*inode_post_setxattr) (struct dentry *dentry, const char *name, @@ -1768,7 +1761,6 @@ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask); int security_inode_setattr(struct dentry *dentry, struct iattr *attr); int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); -void security_inode_delete(struct inode *inode); int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); void security_inode_post_setxattr(struct dentry *dentry, const char *name, @@ -2177,9 +2169,6 @@ static inline int security_inode_getattr(struct vfsmount *mnt, return 0; } -static inline void security_inode_delete(struct inode *inode) -{ } - static inline int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { diff --git a/security/capability.c b/security/capability.c index b64b50105a04..b855e9f27f0e 100644 --- a/security/capability.c +++ b/security/capability.c @@ -195,10 +195,6 @@ static int cap_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) return 0; } -static void cap_inode_delete(struct inode *ino) -{ -} - static void cap_inode_post_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { @@ -936,7 +932,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, inode_permission); set_to_cap_if_null(ops, inode_setattr); set_to_cap_if_null(ops, inode_getattr); - set_to_cap_if_null(ops, inode_delete); set_to_cap_if_null(ops, inode_setxattr); set_to_cap_if_null(ops, inode_post_setxattr); set_to_cap_if_null(ops, inode_getxattr); diff --git a/security/security.c b/security/security.c index 5223fa408271..c65b0bca05bb 100644 --- a/security/security.c +++ b/security/security.c @@ -550,13 +550,6 @@ int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) return security_ops->inode_getattr(mnt, dentry); } -void security_inode_delete(struct inode *inode) -{ - if (unlikely(IS_PRIVATE(inode))) - return; - security_ops->inode_delete(inode); -} - int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { -- cgit v1.2.3 From 0968d0060a3c885e53d453380266c7792a55d302 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:56 -0400 Subject: security: remove dead hook cred_commit Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 11 ----------- kernel/cred.c | 2 -- security/capability.c | 5 ----- security/security.c | 5 ----- 4 files changed, 23 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index ef6edc759891..33b0c1b27f82 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -652,10 +652,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @old points to the original credentials. * @gfp indicates the atomicity of any memory allocations. * Prepare a new set of credentials by copying the data from the old set. - * @cred_commit: - * @new points to the new credentials. - * @old points to the original credentials. - * Install a new set of credentials. * @cred_transfer: * @new points to the new credentials. * @old points to the original credentials. @@ -1536,7 +1532,6 @@ struct security_operations { void (*cred_free) (struct cred *cred); int (*cred_prepare)(struct cred *new, const struct cred *old, gfp_t gfp); - void (*cred_commit)(struct cred *new, const struct cred *old); void (*cred_transfer)(struct cred *new, const struct cred *old); int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); @@ -1794,7 +1789,6 @@ int security_task_create(unsigned long clone_flags); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); -void security_commit_creds(struct cred *new, const struct cred *old); void security_transfer_creds(struct cred *new, const struct cred *old); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); @@ -2315,11 +2309,6 @@ static inline int security_prepare_creds(struct cred *new, return 0; } -static inline void security_commit_creds(struct cred *new, - const struct cred *old) -{ -} - static inline void security_transfer_creds(struct cred *new, const struct cred *old) { diff --git a/kernel/cred.c b/kernel/cred.c index 1b1129d0cce8..fecb34640482 100644 --- a/kernel/cred.c +++ b/kernel/cred.c @@ -520,8 +520,6 @@ int commit_creds(struct cred *new) #endif BUG_ON(atomic_read(&new->usage) < 1); - security_commit_creds(new, old); - get_cred(new); /* we will require a ref for the subj creds too */ /* dumpability changes */ diff --git a/security/capability.c b/security/capability.c index b855e9f27f0e..a927bdea1816 100644 --- a/security/capability.c +++ b/security/capability.c @@ -373,10 +373,6 @@ static int cap_cred_prepare(struct cred *new, const struct cred *old, gfp_t gfp) return 0; } -static void cap_cred_commit(struct cred *new, const struct cred *old) -{ -} - static void cap_cred_transfer(struct cred *new, const struct cred *old) { } @@ -972,7 +968,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, cred_alloc_blank); set_to_cap_if_null(ops, cred_free); set_to_cap_if_null(ops, cred_prepare); - set_to_cap_if_null(ops, cred_commit); set_to_cap_if_null(ops, cred_transfer); set_to_cap_if_null(ops, kernel_act_as); set_to_cap_if_null(ops, kernel_create_files_as); diff --git a/security/security.c b/security/security.c index c65b0bca05bb..6e5942653d4f 100644 --- a/security/security.c +++ b/security/security.c @@ -712,11 +712,6 @@ int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp) return security_ops->cred_prepare(new, old, gfp); } -void security_commit_creds(struct cred *new, const struct cred *old) -{ - security_ops->cred_commit(new, old); -} - void security_transfer_creds(struct cred *new, const struct cred *old) { security_ops->cred_transfer(new, old); -- cgit v1.2.3 From 43ed8c3b4573d5f5cd314937fee63b4ab046ac5f Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:02 -0400 Subject: security: remove dead hook task_setuid Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 20 -------------------- kernel/sys.c | 15 --------------- security/capability.c | 6 ------ security/security.c | 5 ----- 4 files changed, 46 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index 33b0c1b27f82..447c57fcec88 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -674,18 +674,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * userspace to load a kernel module with the given name. * @kmod_name name of the module requested by the kernel * Return 0 if successful. - * @task_setuid: - * Check permission before setting one or more of the user identity - * attributes of the current process. The @flags parameter indicates - * which of the set*uid system calls invoked this hook and how to - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID - * definitions at the beginning of this file for the @flags values and - * their meanings. - * @id0 contains a uid. - * @id1 contains a uid. - * @id2 contains a uid. - * @flags contains one of the LSM_SETID_* values. - * Return 0 if permission is granted. * @task_fix_setuid: * Update the module's state after setting one or more of the user * identity attributes of the current process. The @flags parameter @@ -1536,7 +1524,6 @@ struct security_operations { int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); - int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); int (*task_fix_setuid) (struct cred *new, const struct cred *old, int flags); int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); @@ -1793,7 +1780,6 @@ void security_transfer_creds(struct cred *new, const struct cred *old); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags); int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); @@ -2330,12 +2316,6 @@ static inline int security_kernel_module_request(char *kmod_name) return 0; } -static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, - int flags) -{ - return 0; -} - static inline int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) diff --git a/kernel/sys.c b/kernel/sys.c index 8298878f4f71..396c11cd9a20 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -609,10 +609,6 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) return -ENOMEM; old = current_cred(); - retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); - if (retval) - goto error; - retval = -EPERM; if (ruid != (uid_t) -1) { new->uid = ruid; @@ -674,10 +670,6 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) return -ENOMEM; old = current_cred(); - retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); - if (retval) - goto error; - retval = -EPERM; if (capable(CAP_SETUID)) { new->suid = new->uid = uid; @@ -718,9 +710,6 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) if (!new) return -ENOMEM; - retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); - if (retval) - goto error; old = current_cred(); retval = -EPERM; @@ -850,9 +839,6 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) old = current_cred(); old_fsuid = old->fsuid; - if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0) - goto error; - if (uid == old->uid || uid == old->euid || uid == old->suid || uid == old->fsuid || capable(CAP_SETUID)) { @@ -863,7 +849,6 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) } } -error: abort_creds(new); return old_fsuid; diff --git a/security/capability.c b/security/capability.c index a927bdea1816..41ff54f3b4d8 100644 --- a/security/capability.c +++ b/security/capability.c @@ -392,11 +392,6 @@ static int cap_kernel_module_request(char *kmod_name) return 0; } -static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) -{ - return 0; -} - static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) { return 0; @@ -972,7 +967,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, kernel_act_as); set_to_cap_if_null(ops, kernel_create_files_as); set_to_cap_if_null(ops, kernel_module_request); - set_to_cap_if_null(ops, task_setuid); set_to_cap_if_null(ops, task_fix_setuid); set_to_cap_if_null(ops, task_setgid); set_to_cap_if_null(ops, task_setpgid); diff --git a/security/security.c b/security/security.c index 6e5942653d4f..3900da3da87b 100644 --- a/security/security.c +++ b/security/security.c @@ -732,11 +732,6 @@ int security_kernel_module_request(char *kmod_name) return security_ops->kernel_module_request(kmod_name); } -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) -{ - return security_ops->task_setuid(id0, id1, id2, flags); -} - int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) { -- cgit v1.2.3 From 06ad187e280e725e356c62c3a30ddcd01564f8be Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:08 -0400 Subject: security: remove dead hook task_setgid Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 20 -------------------- kernel/sys.c | 16 ---------------- security/capability.c | 6 ------ security/security.c | 5 ----- 4 files changed, 47 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index 447c57fcec88..04ce0d6e4edf 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -683,18 +683,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @old is the set of credentials that are being replaces * @flags contains one of the LSM_SETID_* values. * Return 0 on success. - * @task_setgid: - * Check permission before setting one or more of the group identity - * attributes of the current process. The @flags parameter indicates - * which of the set*gid system calls invoked this hook and how to - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID - * definitions at the beginning of this file for the @flags values and - * their meanings. - * @id0 contains a gid. - * @id1 contains a gid. - * @id2 contains a gid. - * @flags contains one of the LSM_SETID_* values. - * Return 0 if permission is granted. * @task_setpgid: * Check permission before setting the process group identifier of the * process @p to @pgid. @@ -1526,7 +1514,6 @@ struct security_operations { int (*kernel_module_request)(char *kmod_name); int (*task_fix_setuid) (struct cred *new, const struct cred *old, int flags); - int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); int (*task_setpgid) (struct task_struct *p, pid_t pgid); int (*task_getpgid) (struct task_struct *p); int (*task_getsid) (struct task_struct *p); @@ -1782,7 +1769,6 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags); -int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); @@ -2323,12 +2309,6 @@ static inline int security_task_fix_setuid(struct cred *new, return cap_task_fix_setuid(new, old, flags); } -static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, - int flags) -{ - return 0; -} - static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) { return 0; diff --git a/kernel/sys.c b/kernel/sys.c index 396c11cd9a20..eb1ec5c7f03b 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -491,10 +491,6 @@ SYSCALL_DEFINE2(setregid, gid_t, rgid, gid_t, egid) return -ENOMEM; old = current_cred(); - retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); - if (retval) - goto error; - retval = -EPERM; if (rgid != (gid_t) -1) { if (old->gid == rgid || @@ -542,10 +538,6 @@ SYSCALL_DEFINE1(setgid, gid_t, gid) return -ENOMEM; old = current_cred(); - retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); - if (retval) - goto error; - retval = -EPERM; if (capable(CAP_SETGID)) new->gid = new->egid = new->sgid = new->fsgid = gid; @@ -776,10 +768,6 @@ SYSCALL_DEFINE3(setresgid, gid_t, rgid, gid_t, egid, gid_t, sgid) return -ENOMEM; old = current_cred(); - retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); - if (retval) - goto error; - retval = -EPERM; if (!capable(CAP_SETGID)) { if (rgid != (gid_t) -1 && rgid != old->gid && @@ -872,9 +860,6 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) old = current_cred(); old_fsgid = old->fsgid; - if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) - goto error; - if (gid == old->gid || gid == old->egid || gid == old->sgid || gid == old->fsgid || capable(CAP_SETGID)) { @@ -884,7 +869,6 @@ SYSCALL_DEFINE1(setfsgid, gid_t, gid) } } -error: abort_creds(new); return old_fsgid; diff --git a/security/capability.c b/security/capability.c index 41ff54f3b4d8..66cd7453563f 100644 --- a/security/capability.c +++ b/security/capability.c @@ -392,11 +392,6 @@ static int cap_kernel_module_request(char *kmod_name) return 0; } -static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) -{ - return 0; -} - static int cap_task_setpgid(struct task_struct *p, pid_t pgid) { return 0; @@ -968,7 +963,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, kernel_create_files_as); set_to_cap_if_null(ops, kernel_module_request); set_to_cap_if_null(ops, task_fix_setuid); - set_to_cap_if_null(ops, task_setgid); set_to_cap_if_null(ops, task_setpgid); set_to_cap_if_null(ops, task_getpgid); set_to_cap_if_null(ops, task_getsid); diff --git a/security/security.c b/security/security.c index 3900da3da87b..1e35dd669209 100644 --- a/security/security.c +++ b/security/security.c @@ -738,11 +738,6 @@ int security_task_fix_setuid(struct cred *new, const struct cred *old, return security_ops->task_fix_setuid(new, old, flags); } -int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) -{ - return security_ops->task_setgid(id0, id1, id2, flags); -} - int security_task_setpgid(struct task_struct *p, pid_t pgid) { return security_ops->task_setpgid(p, pgid); -- cgit v1.2.3 From 6307f8fee295b364716d28686df6e69c2fee751a Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:13 -0400 Subject: security: remove dead hook task_setgroups Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 12 ------------ kernel/groups.c | 6 ------ security/capability.c | 6 ------ security/security.c | 5 ----- 4 files changed, 29 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index 04ce0d6e4edf..73505f0c9b75 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -704,11 +704,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @p contains the task_struct for the process and place is into @secid. * In case of failure, @secid will be set to zero. * - * @task_setgroups: - * Check permission before setting the supplementary group set of the - * current process. - * @group_info contains the new group information. - * Return 0 if permission is granted. * @task_setnice: * Check permission before setting the nice value of @p to @nice. * @p contains the task_struct of process. @@ -1518,7 +1513,6 @@ struct security_operations { int (*task_getpgid) (struct task_struct *p); int (*task_getsid) (struct task_struct *p); void (*task_getsecid) (struct task_struct *p, u32 *secid); - int (*task_setgroups) (struct group_info *group_info); int (*task_setnice) (struct task_struct *p, int nice); int (*task_setioprio) (struct task_struct *p, int ioprio); int (*task_getioprio) (struct task_struct *p); @@ -1773,7 +1767,6 @@ int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); void security_task_getsecid(struct task_struct *p, u32 *secid); -int security_task_setgroups(struct group_info *group_info); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -2329,11 +2322,6 @@ static inline void security_task_getsecid(struct task_struct *p, u32 *secid) *secid = 0; } -static inline int security_task_setgroups(struct group_info *group_info) -{ - return 0; -} - static inline int security_task_setnice(struct task_struct *p, int nice) { return cap_task_setnice(p, nice); diff --git a/kernel/groups.c b/kernel/groups.c index 2b45b2ee3964..53b1916c9492 100644 --- a/kernel/groups.c +++ b/kernel/groups.c @@ -164,12 +164,6 @@ int groups_search(const struct group_info *group_info, gid_t grp) */ int set_groups(struct cred *new, struct group_info *group_info) { - int retval; - - retval = security_task_setgroups(group_info); - if (retval) - return retval; - put_group_info(new->group_info); groups_sort(group_info); get_group_info(group_info); diff --git a/security/capability.c b/security/capability.c index 66cd7453563f..247c04edd468 100644 --- a/security/capability.c +++ b/security/capability.c @@ -412,11 +412,6 @@ static void cap_task_getsecid(struct task_struct *p, u32 *secid) *secid = 0; } -static int cap_task_setgroups(struct group_info *group_info) -{ - return 0; -} - static int cap_task_getioprio(struct task_struct *p) { return 0; @@ -967,7 +962,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, task_getpgid); set_to_cap_if_null(ops, task_getsid); set_to_cap_if_null(ops, task_getsecid); - set_to_cap_if_null(ops, task_setgroups); set_to_cap_if_null(ops, task_setnice); set_to_cap_if_null(ops, task_setioprio); set_to_cap_if_null(ops, task_getioprio); diff --git a/security/security.c b/security/security.c index 1e35dd669209..5cf9ca6890f6 100644 --- a/security/security.c +++ b/security/security.c @@ -759,11 +759,6 @@ void security_task_getsecid(struct task_struct *p, u32 *secid) } EXPORT_SYMBOL(security_task_getsecid); -int security_task_setgroups(struct group_info *group_info) -{ - return security_ops->task_setgroups(group_info); -} - int security_task_setnice(struct task_struct *p, int nice) { return security_ops->task_setnice(p, nice); -- cgit v1.2.3 From 3011a344cdcda34cdbcb40c3fb3d1a6e89954abb Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:19 -0400 Subject: security: remove dead hook key_session_to_parent Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 20 -------------------- security/capability.c | 8 -------- security/keys/keyctl.c | 7 ------- security/security.c | 7 ------- 4 files changed, 42 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index 73505f0c9b75..ac536eedec90 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1067,13 +1067,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * Return the length of the string (including terminating NUL) or -ve if * an error. * May also return 0 (and a NULL buffer pointer) if there is no label. - * @key_session_to_parent: - * Forcibly assign the session keyring from a process to its parent - * process. - * @cred: Pointer to process's credentials - * @parent_cred: Pointer to parent process's credentials - * @keyring: Proposed new session keyring - * Return 0 if permission is granted, -ve error otherwise. * * Security hooks affecting all System V IPC operations. * @@ -1642,9 +1635,6 @@ struct security_operations { const struct cred *cred, key_perm_t perm); int (*key_getsecurity)(struct key *key, char **_buffer); - int (*key_session_to_parent)(const struct cred *cred, - const struct cred *parent_cred, - struct key *key); #endif /* CONFIG_KEYS */ #ifdef CONFIG_AUDIT @@ -2918,9 +2908,6 @@ void security_key_free(struct key *key); int security_key_permission(key_ref_t key_ref, const struct cred *cred, key_perm_t perm); int security_key_getsecurity(struct key *key, char **_buffer); -int security_key_session_to_parent(const struct cred *cred, - const struct cred *parent_cred, - struct key *key); #else @@ -2948,13 +2935,6 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) return 0; } -static inline int security_key_session_to_parent(const struct cred *cred, - const struct cred *parent_cred, - struct key *key) -{ - return 0; -} - #endif #endif /* CONFIG_KEYS */ diff --git a/security/capability.c b/security/capability.c index 247c04edd468..8cc2b8f3b166 100644 --- a/security/capability.c +++ b/security/capability.c @@ -826,13 +826,6 @@ static int cap_key_getsecurity(struct key *key, char **_buffer) return 0; } -static int cap_key_session_to_parent(const struct cred *cred, - const struct cred *parent_cred, - struct key *key) -{ - return 0; -} - #endif /* CONFIG_KEYS */ #ifdef CONFIG_AUDIT @@ -1053,7 +1046,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, key_free); set_to_cap_if_null(ops, key_permission); set_to_cap_if_null(ops, key_getsecurity); - set_to_cap_if_null(ops, key_session_to_parent); #endif /* CONFIG_KEYS */ #ifdef CONFIG_AUDIT set_to_cap_if_null(ops, audit_rule_init); diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index e9c2e7c584d9..34b302b40dea 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -1295,13 +1295,6 @@ long keyctl_session_to_parent(void) mycred->tgcred->session_keyring->uid != mycred->euid) goto not_permitted; - /* the LSM must permit the replacement of the parent's keyring with the - * keyring from this process */ - ret = security_key_session_to_parent(mycred, pcred, - key_ref_to_ptr(keyring_r)); - if (ret < 0) - goto not_permitted; - /* if there's an already pending keyring replacement, then we replace * that */ oldcred = parent->replacement_session_keyring; diff --git a/security/security.c b/security/security.c index 5cf9ca6890f6..490f77753b2d 100644 --- a/security/security.c +++ b/security/security.c @@ -1262,13 +1262,6 @@ int security_key_getsecurity(struct key *key, char **_buffer) return security_ops->key_getsecurity(key, _buffer); } -int security_key_session_to_parent(const struct cred *cred, - const struct cred *parent_cred, - struct key *key) -{ - return security_ops->key_session_to_parent(cred, parent_cred, key); -} - #endif /* CONFIG_KEYS */ #ifdef CONFIG_AUDIT -- cgit v1.2.3 From 05b90496f2f366b9d3eea468351888ddf010782a Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:25 -0400 Subject: security: remove dead hook acct Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 14 -------------- kernel/acct.c | 20 +++++--------------- security/capability.c | 6 ------ security/security.c | 5 ----- 4 files changed, 5 insertions(+), 40 deletions(-) (limited to 'include/linux/security.h') diff --git a/include/linux/security.h b/include/linux/security.h index ac536eedec90..d670c9a3ec2b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1254,13 +1254,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @cap contains the capability . * @audit: Whether to write an audit message or not * Return 0 if the capability is granted for @tsk. - * @acct: - * Check permission before enabling or disabling process accounting. If - * accounting is being enabled, then @file refers to the open file used to - * store accounting records. If accounting is being disabled, then @file - * is NULL. - * @file contains the file structure for the accounting file (may be NULL). - * Return 0 if permission is granted. * @sysctl: * Check permission before accessing the @table sysctl variable in the * manner specified by @op. @@ -1383,7 +1376,6 @@ struct security_operations { const kernel_cap_t *permitted); int (*capable) (struct task_struct *tsk, const struct cred *cred, int cap, int audit); - int (*acct) (struct file *file); int (*sysctl) (struct ctl_table *table, int op); int (*quotactl) (int cmds, int type, int id, struct super_block *sb); int (*quota_on) (struct dentry *dentry); @@ -1665,7 +1657,6 @@ int security_capset(struct cred *new, const struct cred *old, int security_capable(int cap); int security_real_capable(struct task_struct *tsk, int cap); int security_real_capable_noaudit(struct task_struct *tsk, int cap); -int security_acct(struct file *file); int security_sysctl(struct ctl_table *table, int op); int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); @@ -1883,11 +1874,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap) return ret; } -static inline int security_acct(struct file *file) -{ - return 0; -} - static inline int security_sysctl(struct ctl_table *table, int op) { return 0; diff --git a/kernel/acct.c b/kernel/acct.c index 24f8c81fc48d..9e53bb2acfff 100644 --- a/kernel/acct.c +++ b/kernel/acct.c @@ -216,7 +216,6 @@ static int acct_on(char *name) { struct file *file; struct vfsmount *mnt; - int error; struct pid_namespace *ns; struct bsd_acct_struct *acct = NULL; @@ -244,13 +243,6 @@ static int acct_on(char *name) } } - error = security_acct(file); - if (error) { - kfree(acct); - filp_close(file, NULL); - return error; - } - spin_lock(&acct_lock); if (ns->bacct == NULL) { ns->bacct = acct; @@ -281,7 +273,7 @@ static int acct_on(char *name) */ SYSCALL_DEFINE1(acct, const char __user *, name) { - int error; + int error = 0; if (!capable(CAP_SYS_PACCT)) return -EPERM; @@ -299,13 +291,11 @@ SYSCALL_DEFINE1(acct, const char __user *, name) if (acct == NULL) return 0; - error = security_acct(NULL); - if (!error) { - spin_lock(&acct_lock); - acct_file_reopen(acct, NULL, NULL); - spin_unlock(&acct_lock); - } + spin_lock(&acct_lock); + acct_file_reopen(acct, NULL, NULL); + spin_unlock(&acct_lock); } + return error; } diff --git a/security/capability.c b/security/capability.c index 8cc2b8f3b166..7f093d573ede 100644 --- a/security/capability.c +++ b/security/capability.c @@ -12,11 +12,6 @@ #include -static int cap_acct(struct file *file) -{ - return 0; -} - static int cap_sysctl(ctl_table *table, int op) { return 0; @@ -865,7 +860,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, ptrace_traceme); set_to_cap_if_null(ops, capget); set_to_cap_if_null(ops, capset); - set_to_cap_if_null(ops, acct); set_to_cap_if_null(ops, capable); set_to_cap_if_null(ops, quotactl); set_to_cap_if_null(ops, quota_on); diff --git a/security/security.c b/security/security.c index 490f77753b2d..8585019a1a59 100644 --- a/security/security.c +++ b/security/security.c @@ -190,11 +190,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap) return ret; } -int security_acct(struct file *file) -{ - return security_ops->acct(file); -} - int security_sysctl(struct ctl_table *table, int op) { return security_ops->sysctl(table, op); -- cgit v1.2.3