aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAdrian Bunk <bunk@kernel.org>2007-10-17 02:31:38 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-10-17 11:43:07 -0400
commitcbfee34520666862f8ff539e580c48958fbb7706 (patch)
treeded5cafce333e908a0fbeda1f7c55eaf7c1fbaaa
parentb53767719b6cd8789392ea3e7e2eb7b8906898f0 (diff)
security/ cleanups
This patch contains the following cleanups that are now possible: - remove the unused security_operations->inode_xattr_getsuffix - remove the no longer used security_operations->unregister_security - remove some no longer required exit code - remove a bunch of no longer used exports Signed-off-by: Adrian Bunk <bunk@kernel.org> Acked-by: James Morris <jmorris@namei.org> Cc: Chris Wright <chrisw@sous-sol.org> Cc: Stephen Smalley <sds@tycho.nsa.gov> Cc: Serge Hallyn <serue@us.ibm.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--drivers/usb/core/usb.c1
-rw-r--r--fs/exec.c2
-rw-r--r--include/linux/security.h15
-rw-r--r--kernel/capability.c4
-rw-r--r--mm/mmap.c2
-rw-r--r--mm/nommu.c1
-rw-r--r--security/commoncap.c21
-rw-r--r--security/dummy.c12
-rw-r--r--security/inode.c8
-rw-r--r--security/security.c58
-rw-r--r--security/selinux/hooks.c20
11 files changed, 1 insertions, 143 deletions
diff --git a/drivers/usb/core/usb.c b/drivers/usb/core/usb.c
index c99938d5f78e..69aa68287d3f 100644
--- a/drivers/usb/core/usb.c
+++ b/drivers/usb/core/usb.c
@@ -982,7 +982,6 @@ EXPORT_SYMBOL(usb_altnum_to_altsetting);
982 982
983EXPORT_SYMBOL(__usb_get_extra_descriptor); 983EXPORT_SYMBOL(__usb_get_extra_descriptor);
984 984
985EXPORT_SYMBOL(usb_find_device);
986EXPORT_SYMBOL(usb_get_current_frame_number); 985EXPORT_SYMBOL(usb_get_current_frame_number);
987 986
988EXPORT_SYMBOL(usb_buffer_alloc); 987EXPORT_SYMBOL(usb_buffer_alloc);
diff --git a/fs/exec.c b/fs/exec.c
index aa470a93540a..070ddf13cb71 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -64,7 +64,6 @@ int core_uses_pid;
64char core_pattern[CORENAME_MAX_SIZE] = "core"; 64char core_pattern[CORENAME_MAX_SIZE] = "core";
65int suid_dumpable = 0; 65int suid_dumpable = 0;
66 66
67EXPORT_SYMBOL(suid_dumpable);
68/* The maximal length of core_pattern is also specified in sysctl.c */ 67/* The maximal length of core_pattern is also specified in sysctl.c */
69 68
70static LIST_HEAD(formats); 69static LIST_HEAD(formats);
@@ -1662,7 +1661,6 @@ void set_dumpable(struct mm_struct *mm, int value)
1662 break; 1661 break;
1663 } 1662 }
1664} 1663}
1665EXPORT_SYMBOL_GPL(set_dumpable);
1666 1664
1667int get_dumpable(struct mm_struct *mm) 1665int get_dumpable(struct mm_struct *mm)
1668{ 1666{
diff --git a/include/linux/security.h b/include/linux/security.h
index df591d289ec9..9b0b63c50f44 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1158,10 +1158,6 @@ struct request_sock;
1158 * allow module stacking. 1158 * allow module stacking.
1159 * @name contains the name of the security module being stacked. 1159 * @name contains the name of the security module being stacked.
1160 * @ops contains a pointer to the struct security_operations of the module to stack. 1160 * @ops contains a pointer to the struct security_operations of the module to stack.
1161 * @unregister_security:
1162 * remove a stacked module.
1163 * @name contains the name of the security module being unstacked.
1164 * @ops contains a pointer to the struct security_operations of the module to unstack.
1165 * 1161 *
1166 * @secid_to_secctx: 1162 * @secid_to_secctx:
1167 * Convert secid to security context. 1163 * Convert secid to security context.
@@ -1259,7 +1255,6 @@ struct security_operations {
1259 int (*inode_removexattr) (struct dentry *dentry, char *name); 1255 int (*inode_removexattr) (struct dentry *dentry, char *name);
1260 int (*inode_need_killpriv) (struct dentry *dentry); 1256 int (*inode_need_killpriv) (struct dentry *dentry);
1261 int (*inode_killpriv) (struct dentry *dentry); 1257 int (*inode_killpriv) (struct dentry *dentry);
1262 const char *(*inode_xattr_getsuffix) (void);
1263 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err); 1258 int (*inode_getsecurity)(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1264 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1259 int (*inode_setsecurity)(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1265 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size); 1260 int (*inode_listsecurity)(struct inode *inode, char *buffer, size_t buffer_size);
@@ -1350,8 +1345,6 @@ struct security_operations {
1350 /* allow module stacking */ 1345 /* allow module stacking */
1351 int (*register_security) (const char *name, 1346 int (*register_security) (const char *name,
1352 struct security_operations *ops); 1347 struct security_operations *ops);
1353 int (*unregister_security) (const char *name,
1354 struct security_operations *ops);
1355 1348
1356 void (*d_instantiate) (struct dentry *dentry, struct inode *inode); 1349 void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
1357 1350
@@ -1432,9 +1425,7 @@ struct security_operations {
1432/* prototypes */ 1425/* prototypes */
1433extern int security_init (void); 1426extern int security_init (void);
1434extern int register_security (struct security_operations *ops); 1427extern int register_security (struct security_operations *ops);
1435extern int unregister_security (struct security_operations *ops);
1436extern int mod_reg_security (const char *name, struct security_operations *ops); 1428extern int mod_reg_security (const char *name, struct security_operations *ops);
1437extern int mod_unreg_security (const char *name, struct security_operations *ops);
1438extern struct dentry *securityfs_create_file(const char *name, mode_t mode, 1429extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
1439 struct dentry *parent, void *data, 1430 struct dentry *parent, void *data,
1440 const struct file_operations *fops); 1431 const struct file_operations *fops);
@@ -1518,7 +1509,6 @@ int security_inode_listxattr(struct dentry *dentry);
1518int security_inode_removexattr(struct dentry *dentry, char *name); 1509int security_inode_removexattr(struct dentry *dentry, char *name);
1519int security_inode_need_killpriv(struct dentry *dentry); 1510int security_inode_need_killpriv(struct dentry *dentry);
1520int security_inode_killpriv(struct dentry *dentry); 1511int security_inode_killpriv(struct dentry *dentry);
1521const char *security_inode_xattr_getsuffix(void);
1522int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err); 1512int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err);
1523int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags); 1513int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
1524int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size); 1514int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
@@ -1923,11 +1913,6 @@ static inline int security_inode_killpriv(struct dentry *dentry)
1923 return cap_inode_killpriv(dentry); 1913 return cap_inode_killpriv(dentry);
1924} 1914}
1925 1915
1926static inline const char *security_inode_xattr_getsuffix (void)
1927{
1928 return NULL ;
1929}
1930
1931static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) 1916static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
1932{ 1917{
1933 return -EOPNOTSUPP; 1918 return -EOPNOTSUPP;
diff --git a/kernel/capability.c b/kernel/capability.c
index c8d3c7762034..4e350a36ed6a 100644
--- a/kernel/capability.c
+++ b/kernel/capability.c
@@ -17,9 +17,6 @@
17unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ 17unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
18kernel_cap_t cap_bset = CAP_INIT_EFF_SET; 18kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
19 19
20EXPORT_SYMBOL(securebits);
21EXPORT_SYMBOL(cap_bset);
22
23/* 20/*
24 * This lock protects task->cap_* for all tasks including current. 21 * This lock protects task->cap_* for all tasks including current.
25 * Locking rule: acquire this prior to tasklist_lock. 22 * Locking rule: acquire this prior to tasklist_lock.
@@ -244,7 +241,6 @@ int __capable(struct task_struct *t, int cap)
244 } 241 }
245 return 0; 242 return 0;
246} 243}
247EXPORT_SYMBOL(__capable);
248 244
249int capable(int cap) 245int capable(int cap)
250{ 246{
diff --git a/mm/mmap.c b/mm/mmap.c
index 9e685b9abcde..4275e81e25ba 100644
--- a/mm/mmap.c
+++ b/mm/mmap.c
@@ -181,8 +181,6 @@ error:
181 return -ENOMEM; 181 return -ENOMEM;
182} 182}
183 183
184EXPORT_SYMBOL(__vm_enough_memory);
185
186/* 184/*
187 * Requires inode->i_mapping->i_mmap_lock 185 * Requires inode->i_mapping->i_mmap_lock
188 */ 186 */
diff --git a/mm/nommu.c b/mm/nommu.c
index 8ed0cb43118a..42fb84e9e815 100644
--- a/mm/nommu.c
+++ b/mm/nommu.c
@@ -44,7 +44,6 @@ int sysctl_max_map_count = DEFAULT_MAX_MAP_COUNT;
44int heap_stack_gap = 0; 44int heap_stack_gap = 0;
45 45
46EXPORT_SYMBOL(mem_map); 46EXPORT_SYMBOL(mem_map);
47EXPORT_SYMBOL(__vm_enough_memory);
48EXPORT_SYMBOL(num_physpages); 47EXPORT_SYMBOL(num_physpages);
49 48
50/* list of shareable VMAs */ 49/* list of shareable VMAs */
diff --git a/security/commoncap.c b/security/commoncap.c
index afca6dd4ae69..778cb0cfc5d8 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -30,8 +30,6 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
30 return 0; 30 return 0;
31} 31}
32 32
33EXPORT_SYMBOL(cap_netlink_send);
34
35int cap_netlink_recv(struct sk_buff *skb, int cap) 33int cap_netlink_recv(struct sk_buff *skb, int cap)
36{ 34{
37 if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) 35 if (!cap_raised(NETLINK_CB(skb).eff_cap, cap))
@@ -532,22 +530,3 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages)
532 return __vm_enough_memory(mm, pages, cap_sys_admin); 530 return __vm_enough_memory(mm, pages, cap_sys_admin);
533} 531}
534 532
535EXPORT_SYMBOL(cap_capable);
536EXPORT_SYMBOL(cap_settime);
537EXPORT_SYMBOL(cap_ptrace);
538EXPORT_SYMBOL(cap_capget);
539EXPORT_SYMBOL(cap_capset_check);
540EXPORT_SYMBOL(cap_capset_set);
541EXPORT_SYMBOL(cap_bprm_set_security);
542EXPORT_SYMBOL(cap_bprm_apply_creds);
543EXPORT_SYMBOL(cap_bprm_secureexec);
544EXPORT_SYMBOL(cap_inode_setxattr);
545EXPORT_SYMBOL(cap_inode_removexattr);
546EXPORT_SYMBOL(cap_task_post_setuid);
547EXPORT_SYMBOL(cap_task_kill);
548EXPORT_SYMBOL(cap_task_setscheduler);
549EXPORT_SYMBOL(cap_task_setioprio);
550EXPORT_SYMBOL(cap_task_setnice);
551EXPORT_SYMBOL(cap_task_reparent_to_init);
552EXPORT_SYMBOL(cap_syslog);
553EXPORT_SYMBOL(cap_vm_enough_memory);
diff --git a/security/dummy.c b/security/dummy.c
index c77dec822385..bc43d4c7383e 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -401,11 +401,6 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu
401 return 0; 401 return 0;
402} 402}
403 403
404static const char *dummy_inode_xattr_getsuffix(void)
405{
406 return NULL;
407}
408
409static int dummy_file_permission (struct file *file, int mask) 404static int dummy_file_permission (struct file *file, int mask)
410{ 405{
411 return 0; 406 return 0;
@@ -915,11 +910,6 @@ static int dummy_register_security (const char *name, struct security_operations
915 return -EINVAL; 910 return -EINVAL;
916} 911}
917 912
918static int dummy_unregister_security (const char *name, struct security_operations *ops)
919{
920 return -EINVAL;
921}
922
923static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) 913static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
924{ 914{
925 return; 915 return;
@@ -1034,7 +1024,6 @@ void security_fixup_ops (struct security_operations *ops)
1034 set_to_dummy_if_null(ops, inode_removexattr); 1024 set_to_dummy_if_null(ops, inode_removexattr);
1035 set_to_dummy_if_null(ops, inode_need_killpriv); 1025 set_to_dummy_if_null(ops, inode_need_killpriv);
1036 set_to_dummy_if_null(ops, inode_killpriv); 1026 set_to_dummy_if_null(ops, inode_killpriv);
1037 set_to_dummy_if_null(ops, inode_xattr_getsuffix);
1038 set_to_dummy_if_null(ops, inode_getsecurity); 1027 set_to_dummy_if_null(ops, inode_getsecurity);
1039 set_to_dummy_if_null(ops, inode_setsecurity); 1028 set_to_dummy_if_null(ops, inode_setsecurity);
1040 set_to_dummy_if_null(ops, inode_listsecurity); 1029 set_to_dummy_if_null(ops, inode_listsecurity);
@@ -1095,7 +1084,6 @@ void security_fixup_ops (struct security_operations *ops)
1095 set_to_dummy_if_null(ops, netlink_send); 1084 set_to_dummy_if_null(ops, netlink_send);
1096 set_to_dummy_if_null(ops, netlink_recv); 1085 set_to_dummy_if_null(ops, netlink_recv);
1097 set_to_dummy_if_null(ops, register_security); 1086 set_to_dummy_if_null(ops, register_security);
1098 set_to_dummy_if_null(ops, unregister_security);
1099 set_to_dummy_if_null(ops, d_instantiate); 1087 set_to_dummy_if_null(ops, d_instantiate);
1100 set_to_dummy_if_null(ops, getprocattr); 1088 set_to_dummy_if_null(ops, getprocattr);
1101 set_to_dummy_if_null(ops, setprocattr); 1089 set_to_dummy_if_null(ops, setprocattr);
diff --git a/security/inode.c b/security/inode.c
index 307211ac7346..b28a8acae34d 100644
--- a/security/inode.c
+++ b/security/inode.c
@@ -332,14 +332,6 @@ static int __init securityfs_init(void)
332 return retval; 332 return retval;
333} 333}
334 334
335static void __exit securityfs_exit(void)
336{
337 simple_release_fs(&mount, &mount_count);
338 unregister_filesystem(&fs_type);
339 subsystem_unregister(&security_subsys);
340}
341
342core_initcall(securityfs_init); 335core_initcall(securityfs_init);
343module_exit(securityfs_exit);
344MODULE_LICENSE("GPL"); 336MODULE_LICENSE("GPL");
345 337
diff --git a/security/security.c b/security/security.c
index 2e1b35dd2550..0e1f1f124368 100644
--- a/security/security.c
+++ b/security/security.c
@@ -71,8 +71,7 @@ int __init security_init(void)
71 * 71 *
72 * This function is to allow a security module to register itself with the 72 * This function is to allow a security module to register itself with the
73 * kernel security subsystem. Some rudimentary checking is done on the @ops 73 * kernel security subsystem. Some rudimentary checking is done on the @ops
74 * value passed to this function. A call to unregister_security() should be 74 * value passed to this function.
75 * done to remove this security_options structure from the kernel.
76 * 75 *
77 * If there is already a security module registered with the kernel, 76 * If there is already a security module registered with the kernel,
78 * an error will be returned. Otherwise 0 is returned on success. 77 * an error will be returned. Otherwise 0 is returned on success.
@@ -94,31 +93,6 @@ int register_security(struct security_operations *ops)
94} 93}
95 94
96/** 95/**
97 * unregister_security - unregisters a security framework with the kernel
98 * @ops: a pointer to the struct security_options that is to be registered
99 *
100 * This function removes a struct security_operations variable that had
101 * previously been registered with a successful call to register_security().
102 *
103 * If @ops does not match the valued previously passed to register_security()
104 * an error is returned. Otherwise the default security options is set to the
105 * the dummy_security_ops structure, and 0 is returned.
106 */
107int unregister_security(struct security_operations *ops)
108{
109 if (ops != security_ops) {
110 printk(KERN_INFO "%s: trying to unregister "
111 "a security_opts structure that is not "
112 "registered, failing.\n", __FUNCTION__);
113 return -EINVAL;
114 }
115
116 security_ops = &dummy_security_ops;
117
118 return 0;
119}
120
121/**
122 * mod_reg_security - allows security modules to be "stacked" 96 * mod_reg_security - allows security modules to be "stacked"
123 * @name: a pointer to a string with the name of the security_options to be registered 97 * @name: a pointer to a string with the name of the security_options to be registered
124 * @ops: a pointer to the struct security_options that is to be registered 98 * @ops: a pointer to the struct security_options that is to be registered
@@ -147,30 +121,6 @@ int mod_reg_security(const char *name, struct security_operations *ops)
147 return security_ops->register_security(name, ops); 121 return security_ops->register_security(name, ops);
148} 122}
149 123
150/**
151 * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
152 * @name: a pointer to a string with the name of the security_options to be removed
153 * @ops: a pointer to the struct security_options that is to be removed
154 *
155 * This function allows security modules that have been successfully registered
156 * with a call to mod_reg_security() to be unloaded from the system.
157 * This calls the currently loaded security module's unregister_security() call
158 * with the @name and @ops variables.
159 *
160 * The return value depends on the currently loaded security module, with 0 as
161 * success.
162 */
163int mod_unreg_security(const char *name, struct security_operations *ops)
164{
165 if (ops == security_ops) {
166 printk(KERN_INFO "%s invalid attempt to unregister "
167 " primary security ops.\n", __FUNCTION__);
168 return -EINVAL;
169 }
170
171 return security_ops->unregister_security(name, ops);
172}
173
174/* Security operations */ 124/* Security operations */
175 125
176int security_ptrace(struct task_struct *parent, struct task_struct *child) 126int security_ptrace(struct task_struct *parent, struct task_struct *child)
@@ -528,11 +478,6 @@ int security_inode_killpriv(struct dentry *dentry)
528 return security_ops->inode_killpriv(dentry); 478 return security_ops->inode_killpriv(dentry);
529} 479}
530 480
531const char *security_inode_xattr_getsuffix(void)
532{
533 return security_ops->inode_xattr_getsuffix();
534}
535
536int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) 481int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
537{ 482{
538 if (unlikely(IS_PRIVATE(inode))) 483 if (unlikely(IS_PRIVATE(inode)))
@@ -858,7 +803,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb)
858{ 803{
859 return security_ops->netlink_send(sk, skb); 804 return security_ops->netlink_send(sk, skb);
860} 805}
861EXPORT_SYMBOL(security_netlink_send);
862 806
863int security_netlink_recv(struct sk_buff *skb, int cap) 807int security_netlink_recv(struct sk_buff *skb, int cap)
864{ 808{
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 221def6a0b1d..24e1b1885de7 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2409,11 +2409,6 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name)
2409 return -EACCES; 2409 return -EACCES;
2410} 2410}
2411 2411
2412static const char *selinux_inode_xattr_getsuffix(void)
2413{
2414 return XATTR_SELINUX_SUFFIX;
2415}
2416
2417/* 2412/*
2418 * Copy the in-core inode security context value to the user. If the 2413 * Copy the in-core inode security context value to the user. If the
2419 * getxattr() prior to this succeeded, check to see if we need to 2414 * getxattr() prior to this succeeded, check to see if we need to
@@ -4554,19 +4549,6 @@ static int selinux_register_security (const char *name, struct security_operatio
4554 return 0; 4549 return 0;
4555} 4550}
4556 4551
4557static int selinux_unregister_security (const char *name, struct security_operations *ops)
4558{
4559 if (ops != secondary_ops) {
4560 printk(KERN_ERR "%s: trying to unregister a security module "
4561 "that is not registered.\n", __FUNCTION__);
4562 return -EINVAL;
4563 }
4564
4565 secondary_ops = original_ops;
4566
4567 return 0;
4568}
4569
4570static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) 4552static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
4571{ 4553{
4572 if (inode) 4554 if (inode)
@@ -4844,7 +4826,6 @@ static struct security_operations selinux_ops = {
4844 .inode_getxattr = selinux_inode_getxattr, 4826 .inode_getxattr = selinux_inode_getxattr,
4845 .inode_listxattr = selinux_inode_listxattr, 4827 .inode_listxattr = selinux_inode_listxattr,
4846 .inode_removexattr = selinux_inode_removexattr, 4828 .inode_removexattr = selinux_inode_removexattr,
4847 .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix,
4848 .inode_getsecurity = selinux_inode_getsecurity, 4829 .inode_getsecurity = selinux_inode_getsecurity,
4849 .inode_setsecurity = selinux_inode_setsecurity, 4830 .inode_setsecurity = selinux_inode_setsecurity,
4850 .inode_listsecurity = selinux_inode_listsecurity, 4831 .inode_listsecurity = selinux_inode_listsecurity,
@@ -4914,7 +4895,6 @@ static struct security_operations selinux_ops = {
4914 .sem_semop = selinux_sem_semop, 4895 .sem_semop = selinux_sem_semop,
4915 4896
4916 .register_security = selinux_register_security, 4897 .register_security = selinux_register_security,
4917 .unregister_security = selinux_unregister_security,
4918 4898
4919 .d_instantiate = selinux_d_instantiate, 4899 .d_instantiate = selinux_d_instantiate,
4920 4900