1 files changed, 14 insertions, 32 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 2d6e9bdea398..11f79013ae1f 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1442,9 +1442,13 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
         * Don't do anything special for these.
         *      XATTR_NAME_SMACKIPIN
         *      XATTR_NAME_SMACKIPOUT
-         *      XATTR_NAME_SMACKEXEC
         */
-        if (strcmp(name, XATTR_NAME_SMACK) == 0)
+        if (strcmp(name, XATTR_NAME_SMACK) == 0) {
+                struct super_block *sbp = d_backing_inode(dentry)->i_sb;
+                struct superblock_smack *sbsp = sbp->s_security;
+                isp->smk_inode = sbsp->smk_default;
+        } else if (strcmp(name, XATTR_NAME_SMACKEXEC) == 0)
                isp->smk_task = NULL;
        else if (strcmp(name, XATTR_NAME_SMACKMMAP) == 0)
                isp->smk_mmap = NULL;
@@ -1545,12 +1549,8 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid)
 * File Hooks
 */
-/**
+/*
- * smack_file_permission - Smack check on file operations
+ * There is no smack_file_permission hook
- * @file: unused
- * @mask: unused
- *
- * Returns 0
 *
 * Should access checks be done on each read or write?
 * UNICOS and SELinux say yes.
@@ -1559,10 +1559,6 @@ static void smack_inode_getsecid(struct inode *inode, u32 *secid)
 * I'll say no for now. Smack does not do the frequent
 * label changing that SELinux does.
 */
-static int smack_file_permission(struct file *file, int mask)
-{
-        return 0;
-}
 /**
 * smack_file_alloc_security - assign a file security blob
@@ -4503,16 +4499,10 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
        return 0;
 }
-/**
+/*
- * smack_audit_rule_free - free smack rule representation
+ * There is no need for a smack_audit_rule_free hook.
- * @vrule: rule to be freed.
- *
 * No memory was allocated.
 */
-static void smack_audit_rule_free(void *vrule)
-{
-        /* No-op */
-}
 #endif /* CONFIG_AUDIT */
@@ -4563,16 +4553,11 @@ static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
        return 0;
 }
-/**
+/*
- * smack_release_secctx - don't do anything.
+ * There used to be a smack_release_secctx hook
- * @secdata: unused
+ * that did nothing back when hooks were in a vector.
- * @seclen: unused
+ * Now that there's a list such a hook adds cost.
- *
- * Exists to make sure nothing gets done, and properly
 */
-static void smack_release_secctx(char *secdata, u32 seclen)
-{
-}
 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
 {
@@ -4631,7 +4616,6 @@ static struct security_hook_list smack_hooks[] = {
        LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
        LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
-        LSM_HOOK_INIT(file_permission, smack_file_permission),
        LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
        LSM_HOOK_INIT(file_free_security, smack_file_free_security),
        LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
@@ -4726,13 +4710,11 @@ static struct security_hook_list smack_hooks[] = {
        LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
        LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
        LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
-        LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free),
 #endif /* CONFIG_AUDIT */
        LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
        LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
        LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
-        LSM_HOOK_INIT(release_secctx, smack_release_secctx),
        LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
        LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
        LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),