security/ cleanups
This patch contains the following cleanups that are now possible: - remove the unused security_operations->inode_xattr_getsuffix - remove the no longer used security_operations->unregister_security - remove some no longer required exit code - remove a bunch of no longer used exports Signed-off-by: Adrian Bunk <bunk@kernel.org> Acked-by: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Adrian Bunk
committed by
Linus Torvalds
Linus Torvalds
parent
b53767719b
commit
cbfee34520
@ -30,8 +30,6 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
|
||||
return 0;
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(cap_netlink_send);
|
||||
|
||||
int cap_netlink_recv(struct sk_buff *skb, int cap)
|
||||
{
|
||||
if (!cap_raised(NETLINK_CB(skb).eff_cap, cap))
|
||||
@ -532,22 +530,3 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
|
||||
return __vm_enough_memory(mm, pages, cap_sys_admin);
|
||||
}
|
||||
|
||||
EXPORT_SYMBOL(cap_capable);
|
||||
EXPORT_SYMBOL(cap_settime);
|
||||
EXPORT_SYMBOL(cap_ptrace);
|
||||
EXPORT_SYMBOL(cap_capget);
|
||||
EXPORT_SYMBOL(cap_capset_check);
|
||||
EXPORT_SYMBOL(cap_capset_set);
|
||||
EXPORT_SYMBOL(cap_bprm_set_security);
|
||||
EXPORT_SYMBOL(cap_bprm_apply_creds);
|
||||
EXPORT_SYMBOL(cap_bprm_secureexec);
|
||||
EXPORT_SYMBOL(cap_inode_setxattr);
|
||||
EXPORT_SYMBOL(cap_inode_removexattr);
|
||||
EXPORT_SYMBOL(cap_task_post_setuid);
|
||||
EXPORT_SYMBOL(cap_task_kill);
|
||||
EXPORT_SYMBOL(cap_task_setscheduler);
|
||||
EXPORT_SYMBOL(cap_task_setioprio);
|
||||
EXPORT_SYMBOL(cap_task_setnice);
|
||||
EXPORT_SYMBOL(cap_task_reparent_to_init);
|
||||
EXPORT_SYMBOL(cap_syslog);
|
||||
EXPORT_SYMBOL(cap_vm_enough_memory);
|
||||
|
||||
@ -401,11 +401,6 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu
|
||||
return 0;
|
||||
}
|
||||
|
||||
static const char *dummy_inode_xattr_getsuffix(void)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static int dummy_file_permission (struct file *file, int mask)
|
||||
{
|
||||
return 0;
|
||||
@ -915,11 +910,6 @@ static int dummy_register_security (const char *name, struct security_operations
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
static int dummy_unregister_security (const char *name, struct security_operations *ops)
|
||||
{
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
|
||||
{
|
||||
return;
|
||||
@ -1034,7 +1024,6 @@ void security_fixup_ops (struct security_operations *ops)
|
||||
set_to_dummy_if_null(ops, inode_removexattr);
|
||||
set_to_dummy_if_null(ops, inode_need_killpriv);
|
||||
set_to_dummy_if_null(ops, inode_killpriv);
|
||||
set_to_dummy_if_null(ops, inode_xattr_getsuffix);
|
||||
set_to_dummy_if_null(ops, inode_getsecurity);
|
||||
set_to_dummy_if_null(ops, inode_setsecurity);
|
||||
set_to_dummy_if_null(ops, inode_listsecurity);
|
||||
@ -1095,7 +1084,6 @@ void security_fixup_ops (struct security_operations *ops)
|
||||
set_to_dummy_if_null(ops, netlink_send);
|
||||
set_to_dummy_if_null(ops, netlink_recv);
|
||||
set_to_dummy_if_null(ops, register_security);
|
||||
set_to_dummy_if_null(ops, unregister_security);
|
||||
set_to_dummy_if_null(ops, d_instantiate);
|
||||
set_to_dummy_if_null(ops, getprocattr);
|
||||
set_to_dummy_if_null(ops, setprocattr);
|
||||
|
||||
@ -332,14 +332,6 @@ static int __init securityfs_init(void)
|
||||
return retval;
|
||||
}
|
||||
|
||||
static void __exit securityfs_exit(void)
|
||||
{
|
||||
simple_release_fs(&mount, &mount_count);
|
||||
unregister_filesystem(&fs_type);
|
||||
subsystem_unregister(&security_subsys);
|
||||
}
|
||||
|
||||
core_initcall(securityfs_init);
|
||||
module_exit(securityfs_exit);
|
||||
MODULE_LICENSE("GPL");
|
||||
|
||||
|
||||
@ -71,8 +71,7 @@ int __init security_init(void)
|
||||
*
|
||||
* This function is to allow a security module to register itself with the
|
||||
* kernel security subsystem. Some rudimentary checking is done on the @ops
|
||||
* value passed to this function. A call to unregister_security() should be
|
||||
* done to remove this security_options structure from the kernel.
|
||||
* value passed to this function.
|
||||
*
|
||||
* If there is already a security module registered with the kernel,
|
||||
* an error will be returned. Otherwise 0 is returned on success.
|
||||
@ -93,31 +92,6 @@ int register_security(struct security_operations *ops)
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* unregister_security - unregisters a security framework with the kernel
|
||||
* @ops: a pointer to the struct security_options that is to be registered
|
||||
*
|
||||
* This function removes a struct security_operations variable that had
|
||||
* previously been registered with a successful call to register_security().
|
||||
*
|
||||
* If @ops does not match the valued previously passed to register_security()
|
||||
* an error is returned. Otherwise the default security options is set to the
|
||||
* the dummy_security_ops structure, and 0 is returned.
|
||||
*/
|
||||
int unregister_security(struct security_operations *ops)
|
||||
{
|
||||
if (ops != security_ops) {
|
||||
printk(KERN_INFO "%s: trying to unregister "
|
||||
"a security_opts structure that is not "
|
||||
"registered, failing.\n", __FUNCTION__);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
security_ops = &dummy_security_ops;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* mod_reg_security - allows security modules to be "stacked"
|
||||
* @name: a pointer to a string with the name of the security_options to be registered
|
||||
@ -147,30 +121,6 @@ int mod_reg_security(const char *name, struct security_operations *ops)
|
||||
return security_ops->register_security(name, ops);
|
||||
}
|
||||
|
||||
/**
|
||||
* mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
|
||||
* @name: a pointer to a string with the name of the security_options to be removed
|
||||
* @ops: a pointer to the struct security_options that is to be removed
|
||||
*
|
||||
* This function allows security modules that have been successfully registered
|
||||
* with a call to mod_reg_security() to be unloaded from the system.
|
||||
* This calls the currently loaded security module's unregister_security() call
|
||||
* with the @name and @ops variables.
|
||||
*
|
||||
* The return value depends on the currently loaded security module, with 0 as
|
||||
* success.
|
||||
*/
|
||||
int mod_unreg_security(const char *name, struct security_operations *ops)
|
||||
{
|
||||
if (ops == security_ops) {
|
||||
printk(KERN_INFO "%s invalid attempt to unregister "
|
||||
" primary security ops.\n", __FUNCTION__);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return security_ops->unregister_security(name, ops);
|
||||
}
|
||||
|
||||
/* Security operations */
|
||||
|
||||
int security_ptrace(struct task_struct *parent, struct task_struct *child)
|
||||
@ -528,11 +478,6 @@ int security_inode_killpriv(struct dentry *dentry)
|
||||
return security_ops->inode_killpriv(dentry);
|
||||
}
|
||||
|
||||
const char *security_inode_xattr_getsuffix(void)
|
||||
{
|
||||
return security_ops->inode_xattr_getsuffix();
|
||||
}
|
||||
|
||||
int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
|
||||
{
|
||||
if (unlikely(IS_PRIVATE(inode)))
|
||||
@ -858,7 +803,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb)
|
||||
{
|
||||
return security_ops->netlink_send(sk, skb);
|
||||
}
|
||||
EXPORT_SYMBOL(security_netlink_send);
|
||||
|
||||
int security_netlink_recv(struct sk_buff *skb, int cap)
|
||||
{
|
||||
|
||||
@ -2409,11 +2409,6 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name)
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
static const char *selinux_inode_xattr_getsuffix(void)
|
||||
{
|
||||
return XATTR_SELINUX_SUFFIX;
|
||||
}
|
||||
|
||||
/*
|
||||
* Copy the in-core inode security context value to the user. If the
|
||||
* getxattr() prior to this succeeded, check to see if we need to
|
||||
@ -4554,19 +4549,6 @@ static int selinux_register_security (const char *name, struct security_operatio
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int selinux_unregister_security (const char *name, struct security_operations *ops)
|
||||
{
|
||||
if (ops != secondary_ops) {
|
||||
printk(KERN_ERR "%s: trying to unregister a security module "
|
||||
"that is not registered.\n", __FUNCTION__);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
secondary_ops = original_ops;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
|
||||
{
|
||||
if (inode)
|
||||
@ -4844,7 +4826,6 @@ static struct security_operations selinux_ops = {
|
||||
.inode_getxattr = selinux_inode_getxattr,
|
||||
.inode_listxattr = selinux_inode_listxattr,
|
||||
.inode_removexattr = selinux_inode_removexattr,
|
||||
.inode_xattr_getsuffix = selinux_inode_xattr_getsuffix,
|
||||
.inode_getsecurity = selinux_inode_getsecurity,
|
||||
.inode_setsecurity = selinux_inode_setsecurity,
|
||||
.inode_listsecurity = selinux_inode_listsecurity,
|
||||
@ -4914,7 +4895,6 @@ static struct security_operations selinux_ops = {
|
||||
.sem_semop = selinux_sem_semop,
|
||||
|
||||
.register_security = selinux_register_security,
|
||||
.unregister_security = selinux_unregister_security,
|
||||
|
||||
.d_instantiate = selinux_d_instantiate,
|
||||
|
||||
|
||||
Reference in New Issue
Block a user