aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2006-02-01 06:05:56 -0500
committerLinus Torvalds <torvalds@g5.osdl.org>2006-02-01 11:53:19 -0500
commit9ac49d22138348198f729f07371ffb11991368e6 (patch)
tree4fb692731e6e72d0dc50add294128f6e5083d205
parent26d2a4be6a56eec575dac651f6606756a971f0fb (diff)
[PATCH] selinux: remove security struct magic number fields and tests
Remove the SELinux security structure magic number fields and tests, along with some unnecessary tests for NULL security pointers. These fields and tests are leftovers from the early attempts to support SELinux as a loadable module during LSM development. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--security/selinux/hooks.c49
-rw-r--r--security/selinux/include/objsec.h8
2 files changed, 5 insertions, 52 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 5e61635610bb..4ae834d89bce 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -127,7 +127,6 @@ static int task_alloc_security(struct task_struct *task)
127 if (!tsec) 127 if (!tsec)
128 return -ENOMEM; 128 return -ENOMEM;
129 129
130 tsec->magic = SELINUX_MAGIC;
131 tsec->task = task; 130 tsec->task = task;
132 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED; 131 tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
133 task->security = tsec; 132 task->security = tsec;
@@ -138,10 +137,6 @@ static int task_alloc_security(struct task_struct *task)
138static void task_free_security(struct task_struct *task) 137static void task_free_security(struct task_struct *task)
139{ 138{
140 struct task_security_struct *tsec = task->security; 139 struct task_security_struct *tsec = task->security;
141
142 if (!tsec || tsec->magic != SELINUX_MAGIC)
143 return;
144
145 task->security = NULL; 140 task->security = NULL;
146 kfree(tsec); 141 kfree(tsec);
147} 142}
@@ -157,14 +152,10 @@ static int inode_alloc_security(struct inode *inode)
157 152
158 init_MUTEX(&isec->sem); 153 init_MUTEX(&isec->sem);
159 INIT_LIST_HEAD(&isec->list); 154 INIT_LIST_HEAD(&isec->list);
160 isec->magic = SELINUX_MAGIC;
161 isec->inode = inode; 155 isec->inode = inode;
162 isec->sid = SECINITSID_UNLABELED; 156 isec->sid = SECINITSID_UNLABELED;
163 isec->sclass = SECCLASS_FILE; 157 isec->sclass = SECCLASS_FILE;
164 if (tsec && tsec->magic == SELINUX_MAGIC) 158 isec->task_sid = tsec->sid;
165 isec->task_sid = tsec->sid;
166 else
167 isec->task_sid = SECINITSID_UNLABELED;
168 inode->i_security = isec; 159 inode->i_security = isec;
169 160
170 return 0; 161 return 0;
@@ -175,9 +166,6 @@ static void inode_free_security(struct inode *inode)
175 struct inode_security_struct *isec = inode->i_security; 166 struct inode_security_struct *isec = inode->i_security;
176 struct superblock_security_struct *sbsec = inode->i_sb->s_security; 167 struct superblock_security_struct *sbsec = inode->i_sb->s_security;
177 168
178 if (!isec || isec->magic != SELINUX_MAGIC)
179 return;
180
181 spin_lock(&sbsec->isec_lock); 169 spin_lock(&sbsec->isec_lock);
182 if (!list_empty(&isec->list)) 170 if (!list_empty(&isec->list))
183 list_del_init(&isec->list); 171 list_del_init(&isec->list);
@@ -196,15 +184,9 @@ static int file_alloc_security(struct file *file)
196 if (!fsec) 184 if (!fsec)
197 return -ENOMEM; 185 return -ENOMEM;
198 186
199 fsec->magic = SELINUX_MAGIC;
200 fsec->file = file; 187 fsec->file = file;
201 if (tsec && tsec->magic == SELINUX_MAGIC) { 188 fsec->sid = tsec->sid;
202 fsec->sid = tsec->sid; 189 fsec->fown_sid = tsec->sid;
203 fsec->fown_sid = tsec->sid;
204 } else {
205 fsec->sid = SECINITSID_UNLABELED;
206 fsec->fown_sid = SECINITSID_UNLABELED;
207 }
208 file->f_security = fsec; 190 file->f_security = fsec;
209 191
210 return 0; 192 return 0;
@@ -213,10 +195,6 @@ static int file_alloc_security(struct file *file)
213static void file_free_security(struct file *file) 195static void file_free_security(struct file *file)
214{ 196{
215 struct file_security_struct *fsec = file->f_security; 197 struct file_security_struct *fsec = file->f_security;
216
217 if (!fsec || fsec->magic != SELINUX_MAGIC)
218 return;
219
220 file->f_security = NULL; 198 file->f_security = NULL;
221 kfree(fsec); 199 kfree(fsec);
222} 200}
@@ -233,7 +211,6 @@ static int superblock_alloc_security(struct super_block *sb)
233 INIT_LIST_HEAD(&sbsec->list); 211 INIT_LIST_HEAD(&sbsec->list);
234 INIT_LIST_HEAD(&sbsec->isec_head); 212 INIT_LIST_HEAD(&sbsec->isec_head);
235 spin_lock_init(&sbsec->isec_lock); 213 spin_lock_init(&sbsec->isec_lock);
236 sbsec->magic = SELINUX_MAGIC;
237 sbsec->sb = sb; 214 sbsec->sb = sb;
238 sbsec->sid = SECINITSID_UNLABELED; 215 sbsec->sid = SECINITSID_UNLABELED;
239 sbsec->def_sid = SECINITSID_FILE; 216 sbsec->def_sid = SECINITSID_FILE;
@@ -246,9 +223,6 @@ static void superblock_free_security(struct super_block *sb)
246{ 223{
247 struct superblock_security_struct *sbsec = sb->s_security; 224 struct superblock_security_struct *sbsec = sb->s_security;
248 225
249 if (!sbsec || sbsec->magic != SELINUX_MAGIC)
250 return;
251
252 spin_lock(&sb_security_lock); 226 spin_lock(&sb_security_lock);
253 if (!list_empty(&sbsec->list)) 227 if (!list_empty(&sbsec->list))
254 list_del_init(&sbsec->list); 228 list_del_init(&sbsec->list);
@@ -270,7 +244,6 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
270 if (!ssec) 244 if (!ssec)
271 return -ENOMEM; 245 return -ENOMEM;
272 246
273 ssec->magic = SELINUX_MAGIC;
274 ssec->sk = sk; 247 ssec->sk = sk;
275 ssec->peer_sid = SECINITSID_UNLABELED; 248 ssec->peer_sid = SECINITSID_UNLABELED;
276 sk->sk_security = ssec; 249 sk->sk_security = ssec;
@@ -282,7 +255,7 @@ static void sk_free_security(struct sock *sk)
282{ 255{
283 struct sk_security_struct *ssec = sk->sk_security; 256 struct sk_security_struct *ssec = sk->sk_security;
284 257
285 if (sk->sk_family != PF_UNIX || ssec->magic != SELINUX_MAGIC) 258 if (sk->sk_family != PF_UNIX)
286 return; 259 return;
287 260
288 sk->sk_security = NULL; 261 sk->sk_security = NULL;
@@ -1483,7 +1456,6 @@ static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
1483 if (!bsec) 1456 if (!bsec)
1484 return -ENOMEM; 1457 return -ENOMEM;
1485 1458
1486 bsec->magic = SELINUX_MAGIC;
1487 bsec->bprm = bprm; 1459 bsec->bprm = bprm;
1488 bsec->sid = SECINITSID_UNLABELED; 1460 bsec->sid = SECINITSID_UNLABELED;
1489 bsec->set = 0; 1461 bsec->set = 0;
@@ -3634,14 +3606,9 @@ static int ipc_alloc_security(struct task_struct *task,
3634 if (!isec) 3606 if (!isec)
3635 return -ENOMEM; 3607 return -ENOMEM;
3636 3608
3637 isec->magic = SELINUX_MAGIC;
3638 isec->sclass = sclass; 3609 isec->sclass = sclass;
3639 isec->ipc_perm = perm; 3610 isec->ipc_perm = perm;
3640 if (tsec) { 3611 isec->sid = tsec->sid;
3641 isec->sid = tsec->sid;
3642 } else {
3643 isec->sid = SECINITSID_UNLABELED;
3644 }
3645 perm->security = isec; 3612 perm->security = isec;
3646 3613
3647 return 0; 3614 return 0;
@@ -3650,9 +3617,6 @@ static int ipc_alloc_security(struct task_struct *task,
3650static void ipc_free_security(struct kern_ipc_perm *perm) 3617static void ipc_free_security(struct kern_ipc_perm *perm)
3651{ 3618{
3652 struct ipc_security_struct *isec = perm->security; 3619 struct ipc_security_struct *isec = perm->security;
3653 if (!isec || isec->magic != SELINUX_MAGIC)
3654 return;
3655
3656 perm->security = NULL; 3620 perm->security = NULL;
3657 kfree(isec); 3621 kfree(isec);
3658} 3622}
@@ -3665,7 +3629,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
3665 if (!msec) 3629 if (!msec)
3666 return -ENOMEM; 3630 return -ENOMEM;
3667 3631
3668 msec->magic = SELINUX_MAGIC;
3669 msec->msg = msg; 3632 msec->msg = msg;
3670 msec->sid = SECINITSID_UNLABELED; 3633 msec->sid = SECINITSID_UNLABELED;
3671 msg->security = msec; 3634 msg->security = msec;
@@ -3676,8 +3639,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
3676static void msg_msg_free_security(struct msg_msg *msg) 3639static void msg_msg_free_security(struct msg_msg *msg)
3677{ 3640{
3678 struct msg_security_struct *msec = msg->security; 3641 struct msg_security_struct *msec = msg->security;
3679 if (!msec || msec->magic != SELINUX_MAGIC)
3680 return;
3681 3642
3682 msg->security = NULL; 3643 msg->security = NULL;
3683 kfree(msec); 3644 kfree(msec);
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index 887937c8134a..54c030778882 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -27,7 +27,6 @@
27#include "avc.h" 27#include "avc.h"
28 28
29struct task_security_struct { 29struct task_security_struct {
30 unsigned long magic; /* magic number for this module */
31 struct task_struct *task; /* back pointer to task object */ 30 struct task_struct *task; /* back pointer to task object */
32 u32 osid; /* SID prior to last execve */ 31 u32 osid; /* SID prior to last execve */
33 u32 sid; /* current SID */ 32 u32 sid; /* current SID */
@@ -37,7 +36,6 @@ struct task_security_struct {
37}; 36};
38 37
39struct inode_security_struct { 38struct inode_security_struct {
40 unsigned long magic; /* magic number for this module */
41 struct inode *inode; /* back pointer to inode object */ 39 struct inode *inode; /* back pointer to inode object */
42 struct list_head list; /* list of inode_security_struct */ 40 struct list_head list; /* list of inode_security_struct */
43 u32 task_sid; /* SID of creating task */ 41 u32 task_sid; /* SID of creating task */
@@ -49,14 +47,12 @@ struct inode_security_struct {
49}; 47};
50 48
51struct file_security_struct { 49struct file_security_struct {
52 unsigned long magic; /* magic number for this module */
53 struct file *file; /* back pointer to file object */ 50 struct file *file; /* back pointer to file object */
54 u32 sid; /* SID of open file description */ 51 u32 sid; /* SID of open file description */
55 u32 fown_sid; /* SID of file owner (for SIGIO) */ 52 u32 fown_sid; /* SID of file owner (for SIGIO) */
56}; 53};
57 54
58struct superblock_security_struct { 55struct superblock_security_struct {
59 unsigned long magic; /* magic number for this module */
60 struct super_block *sb; /* back pointer to sb object */ 56 struct super_block *sb; /* back pointer to sb object */
61 struct list_head list; /* list of superblock_security_struct */ 57 struct list_head list; /* list of superblock_security_struct */
62 u32 sid; /* SID of file system */ 58 u32 sid; /* SID of file system */
@@ -70,20 +66,17 @@ struct superblock_security_struct {
70}; 66};
71 67
72struct msg_security_struct { 68struct msg_security_struct {
73 unsigned long magic; /* magic number for this module */
74 struct msg_msg *msg; /* back pointer */ 69 struct msg_msg *msg; /* back pointer */
75 u32 sid; /* SID of message */ 70 u32 sid; /* SID of message */
76}; 71};
77 72
78struct ipc_security_struct { 73struct ipc_security_struct {
79 unsigned long magic; /* magic number for this module */
80 struct kern_ipc_perm *ipc_perm; /* back pointer */ 74 struct kern_ipc_perm *ipc_perm; /* back pointer */
81 u16 sclass; /* security class of this object */ 75 u16 sclass; /* security class of this object */
82 u32 sid; /* SID of IPC resource */ 76 u32 sid; /* SID of IPC resource */
83}; 77};
84 78
85struct bprm_security_struct { 79struct bprm_security_struct {
86 unsigned long magic; /* magic number for this module */
87 struct linux_binprm *bprm; /* back pointer to bprm object */ 80 struct linux_binprm *bprm; /* back pointer to bprm object */
88 u32 sid; /* SID for transformed process */ 81 u32 sid; /* SID for transformed process */
89 unsigned char set; 82 unsigned char set;
@@ -102,7 +95,6 @@ struct netif_security_struct {
102}; 95};
103 96
104struct sk_security_struct { 97struct sk_security_struct {
105 unsigned long magic; /* magic number for this module */
106 struct sock *sk; /* back pointer to sk object */ 98 struct sock *sk; /* back pointer to sk object */
107 u32 peer_sid; /* SID of peer */ 99 u32 peer_sid; /* SID of peer */
108}; 100};