diff options
| author | Stephen Smalley <sds@tycho.nsa.gov> | 2017-01-11 16:33:54 -0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2017-01-12 11:10:24 -0500 |
| commit | b4ba35c75a0671a06b978b6386b54148efddf39f (patch) | |
| tree | 4bfa2351efd78ca32f2b6706b08f947f29e47d1f /security | |
| parent | 900fde06cb9d27625fec4f5cabd7f5462adc79fb (diff) | |
selinux: drop unused socket security classes
Several of the extended socket classes introduced by
commit da69a5306ab92e07 ("selinux: support distinctions
among all network address families") are never used because
sockets can never be created with the associated address family.
Remove these unused socket security classes. The removed classes
are bridge_socket for PF_BRIDGE, ib_socket for PF_IB, and mpls_socket
for PF_MPLS.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 6 | ||||
| -rw-r--r-- | security/selinux/include/classmap.h | 6 |
2 files changed, 0 insertions, 12 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index bada3cd42b9c..55ad878f1146 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
| @@ -1353,8 +1353,6 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc | |||
| 1353 | return SECCLASS_IPX_SOCKET; | 1353 | return SECCLASS_IPX_SOCKET; |
| 1354 | case PF_NETROM: | 1354 | case PF_NETROM: |
| 1355 | return SECCLASS_NETROM_SOCKET; | 1355 | return SECCLASS_NETROM_SOCKET; |
| 1356 | case PF_BRIDGE: | ||
| 1357 | return SECCLASS_BRIDGE_SOCKET; | ||
| 1358 | case PF_ATMPVC: | 1356 | case PF_ATMPVC: |
| 1359 | return SECCLASS_ATMPVC_SOCKET; | 1357 | return SECCLASS_ATMPVC_SOCKET; |
| 1360 | case PF_X25: | 1358 | case PF_X25: |
| @@ -1373,10 +1371,6 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc | |||
| 1373 | return SECCLASS_PPPOX_SOCKET; | 1371 | return SECCLASS_PPPOX_SOCKET; |
| 1374 | case PF_LLC: | 1372 | case PF_LLC: |
| 1375 | return SECCLASS_LLC_SOCKET; | 1373 | return SECCLASS_LLC_SOCKET; |
| 1376 | case PF_IB: | ||
| 1377 | return SECCLASS_IB_SOCKET; | ||
| 1378 | case PF_MPLS: | ||
| 1379 | return SECCLASS_MPLS_SOCKET; | ||
| 1380 | case PF_CAN: | 1374 | case PF_CAN: |
| 1381 | return SECCLASS_CAN_SOCKET; | 1375 | return SECCLASS_CAN_SOCKET; |
| 1382 | case PF_TIPC: | 1376 | case PF_TIPC: |
diff --git a/security/selinux/include/classmap.h b/security/selinux/include/classmap.h index 0dfd26d0b8d8..7898ffa6d3e6 100644 --- a/security/selinux/include/classmap.h +++ b/security/selinux/include/classmap.h | |||
| @@ -183,8 +183,6 @@ struct security_class_mapping secclass_map[] = { | |||
| 183 | { COMMON_SOCK_PERMS, NULL } }, | 183 | { COMMON_SOCK_PERMS, NULL } }, |
| 184 | { "netrom_socket", | 184 | { "netrom_socket", |
| 185 | { COMMON_SOCK_PERMS, NULL } }, | 185 | { COMMON_SOCK_PERMS, NULL } }, |
| 186 | { "bridge_socket", | ||
| 187 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 188 | { "atmpvc_socket", | 186 | { "atmpvc_socket", |
| 189 | { COMMON_SOCK_PERMS, NULL } }, | 187 | { COMMON_SOCK_PERMS, NULL } }, |
| 190 | { "x25_socket", | 188 | { "x25_socket", |
| @@ -203,10 +201,6 @@ struct security_class_mapping secclass_map[] = { | |||
| 203 | { COMMON_SOCK_PERMS, NULL } }, | 201 | { COMMON_SOCK_PERMS, NULL } }, |
| 204 | { "llc_socket", | 202 | { "llc_socket", |
| 205 | { COMMON_SOCK_PERMS, NULL } }, | 203 | { COMMON_SOCK_PERMS, NULL } }, |
| 206 | { "ib_socket", | ||
| 207 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 208 | { "mpls_socket", | ||
| 209 | { COMMON_SOCK_PERMS, NULL } }, | ||
| 210 | { "can_socket", | 204 | { "can_socket", |
| 211 | { COMMON_SOCK_PERMS, NULL } }, | 205 | { COMMON_SOCK_PERMS, NULL } }, |
| 212 | { "tipc_socket", | 206 | { "tipc_socket", |