aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Smalley <sds@tycho.nsa.gov>2005-09-09 16:01:44 -0400
committerLinus Torvalds <torvalds@g5.osdl.org>2005-09-09 16:57:28 -0400
commita74574aafea3a63add3251047601611111f44562 (patch)
treea8f4a809589513c666c6f5518cbe84f50ee5523e
parent570bc1c2e5ccdb408081e77507a385dc7ebed7fa (diff)
[PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks
This patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks as they are obsoleted by the new inode_init_security hook that enables atomic inode security labeling. If anyone sees any reason to retain these hooks, please speak now. Also, is anyone using the post_rename/link hooks; if not, those could also be removed. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--fs/namei.c16
-rw-r--r--include/linux/security.h90
-rw-r--r--security/dummy.c28
-rw-r--r--security/selinux/hooks.c111
-rw-r--r--security/selinux/include/objsec.h1
5 files changed, 4 insertions, 242 deletions
diff --git a/fs/namei.c b/fs/namei.c
index 145e852c4bd0..993a65a7d570 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -1316,10 +1316,8 @@ int vfs_create(struct inode *dir, struct dentry *dentry, int mode,
1316 return error; 1316 return error;
1317 DQUOT_INIT(dir); 1317 DQUOT_INIT(dir);
1318 error = dir->i_op->create(dir, dentry, mode, nd); 1318 error = dir->i_op->create(dir, dentry, mode, nd);
1319 if (!error) { 1319 if (!error)
1320 fsnotify_create(dir, dentry->d_name.name); 1320 fsnotify_create(dir, dentry->d_name.name);
1321 security_inode_post_create(dir, dentry, mode);
1322 }
1323 return error; 1321 return error;
1324} 1322}
1325 1323
@@ -1635,10 +1633,8 @@ int vfs_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
1635 1633
1636 DQUOT_INIT(dir); 1634 DQUOT_INIT(dir);
1637 error = dir->i_op->mknod(dir, dentry, mode, dev); 1635 error = dir->i_op->mknod(dir, dentry, mode, dev);
1638 if (!error) { 1636 if (!error)
1639 fsnotify_create(dir, dentry->d_name.name); 1637 fsnotify_create(dir, dentry->d_name.name);
1640 security_inode_post_mknod(dir, dentry, mode, dev);
1641 }
1642 return error; 1638 return error;
1643} 1639}
1644 1640
@@ -1708,10 +1704,8 @@ int vfs_mkdir(struct inode *dir, struct dentry *dentry, int mode)
1708 1704
1709 DQUOT_INIT(dir); 1705 DQUOT_INIT(dir);
1710 error = dir->i_op->mkdir(dir, dentry, mode); 1706 error = dir->i_op->mkdir(dir, dentry, mode);
1711 if (!error) { 1707 if (!error)
1712 fsnotify_mkdir(dir, dentry->d_name.name); 1708 fsnotify_mkdir(dir, dentry->d_name.name);
1713 security_inode_post_mkdir(dir,dentry, mode);
1714 }
1715 return error; 1709 return error;
1716} 1710}
1717 1711
@@ -1947,10 +1941,8 @@ int vfs_symlink(struct inode *dir, struct dentry *dentry, const char *oldname, i
1947 1941
1948 DQUOT_INIT(dir); 1942 DQUOT_INIT(dir);
1949 error = dir->i_op->symlink(dir, dentry, oldname); 1943 error = dir->i_op->symlink(dir, dentry, oldname);
1950 if (!error) { 1944 if (!error)
1951 fsnotify_create(dir, dentry->d_name.name); 1945 fsnotify_create(dir, dentry->d_name.name);
1952 security_inode_post_symlink(dir, dentry, oldname);
1953 }
1954 return error; 1946 return error;
1955} 1947}
1956 1948
diff --git a/include/linux/security.h b/include/linux/security.h
index d4f3b7a94ea6..875225bf8986 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -275,12 +275,6 @@ struct swap_info_struct;
275 * @dentry contains the dentry structure for the file to be created. 275 * @dentry contains the dentry structure for the file to be created.
276 * @mode contains the file mode of the file to be created. 276 * @mode contains the file mode of the file to be created.
277 * Return 0 if permission is granted. 277 * Return 0 if permission is granted.
278 * @inode_post_create:
279 * Set the security attributes on a newly created regular file. This hook
280 * is called after a file has been successfully created.
281 * @dir contains the inode structure of the parent directory of the new file.
282 * @dentry contains the the dentry structure for the newly created file.
283 * @mode contains the file mode.
284 * @inode_link: 278 * @inode_link:
285 * Check permission before creating a new hard link to a file. 279 * Check permission before creating a new hard link to a file.
286 * @old_dentry contains the dentry structure for an existing link to the file. 280 * @old_dentry contains the dentry structure for an existing link to the file.
@@ -303,13 +297,6 @@ struct swap_info_struct;
303 * @dentry contains the dentry structure of the symbolic link. 297 * @dentry contains the dentry structure of the symbolic link.
304 * @old_name contains the pathname of file. 298 * @old_name contains the pathname of file.
305 * Return 0 if permission is granted. 299 * Return 0 if permission is granted.
306 * @inode_post_symlink:
307 * @dir contains the inode structure of the parent directory of the new link.
308 * @dentry contains the dentry structure of new symbolic link.
309 * @old_name contains the pathname of file.
310 * Set security attributes for a newly created symbolic link. Note that
311 * @dentry->d_inode may be NULL, since the filesystem might not
312 * instantiate the dentry (e.g. NFS).
313 * @inode_mkdir: 300 * @inode_mkdir:
314 * Check permissions to create a new directory in the existing directory 301 * Check permissions to create a new directory in the existing directory
315 * associated with inode strcture @dir. 302 * associated with inode strcture @dir.
@@ -317,11 +304,6 @@ struct swap_info_struct;
317 * @dentry contains the dentry structure of new directory. 304 * @dentry contains the dentry structure of new directory.
318 * @mode contains the mode of new directory. 305 * @mode contains the mode of new directory.
319 * Return 0 if permission is granted. 306 * Return 0 if permission is granted.
320 * @inode_post_mkdir:
321 * Set security attributes on a newly created directory.
322 * @dir contains the inode structure of parent of the directory to be created.
323 * @dentry contains the dentry structure of new directory.
324 * @mode contains the mode of new directory.
325 * @inode_rmdir: 307 * @inode_rmdir:
326 * Check the permission to remove a directory. 308 * Check the permission to remove a directory.
327 * @dir contains the inode structure of parent of the directory to be removed. 309 * @dir contains the inode structure of parent of the directory to be removed.
@@ -337,13 +319,6 @@ struct swap_info_struct;
337 * @mode contains the mode of the new file. 319 * @mode contains the mode of the new file.
338 * @dev contains the the device number. 320 * @dev contains the the device number.
339 * Return 0 if permission is granted. 321 * Return 0 if permission is granted.
340 * @inode_post_mknod:
341 * Set security attributes on a newly created special file (or socket or
342 * fifo file created via the mknod system call).
343 * @dir contains the inode structure of parent of the new node.
344 * @dentry contains the dentry structure of the new node.
345 * @mode contains the mode of the new node.
346 * @dev contains the the device number.
347 * @inode_rename: 322 * @inode_rename:
348 * Check for permission to rename a file or directory. 323 * Check for permission to rename a file or directory.
349 * @old_dir contains the inode structure for parent of the old link. 324 * @old_dir contains the inode structure for parent of the old link.
@@ -1103,8 +1078,6 @@ struct security_operations {
1103 char **name, void **value, size_t *len); 1078 char **name, void **value, size_t *len);
1104 int (*inode_create) (struct inode *dir, 1079 int (*inode_create) (struct inode *dir,
1105 struct dentry *dentry, int mode); 1080 struct dentry *dentry, int mode);
1106 void (*inode_post_create) (struct inode *dir,
1107 struct dentry *dentry, int mode);
1108 int (*inode_link) (struct dentry *old_dentry, 1081 int (*inode_link) (struct dentry *old_dentry,
1109 struct inode *dir, struct dentry *new_dentry); 1082 struct inode *dir, struct dentry *new_dentry);
1110 void (*inode_post_link) (struct dentry *old_dentry, 1083 void (*inode_post_link) (struct dentry *old_dentry,
@@ -1112,17 +1085,10 @@ struct security_operations {
1112 int (*inode_unlink) (struct inode *dir, struct dentry *dentry); 1085 int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
1113 int (*inode_symlink) (struct inode *dir, 1086 int (*inode_symlink) (struct inode *dir,
1114 struct dentry *dentry, const char *old_name); 1087 struct dentry *dentry, const char *old_name);
1115 void (*inode_post_symlink) (struct inode *dir,
1116 struct dentry *dentry,
1117 const char *old_name);
1118 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode); 1088 int (*inode_mkdir) (struct inode *dir, struct dentry *dentry, int mode);
1119 void (*inode_post_mkdir) (struct inode *dir, struct dentry *dentry,
1120 int mode);
1121 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry); 1089 int (*inode_rmdir) (struct inode *dir, struct dentry *dentry);
1122 int (*inode_mknod) (struct inode *dir, struct dentry *dentry, 1090 int (*inode_mknod) (struct inode *dir, struct dentry *dentry,
1123 int mode, dev_t dev); 1091 int mode, dev_t dev);
1124 void (*inode_post_mknod) (struct inode *dir, struct dentry *dentry,
1125 int mode, dev_t dev);
1126 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, 1092 int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
1127 struct inode *new_dir, struct dentry *new_dentry); 1093 struct inode *new_dir, struct dentry *new_dentry);
1128 void (*inode_post_rename) (struct inode *old_dir, 1094 void (*inode_post_rename) (struct inode *old_dir,
@@ -1484,15 +1450,6 @@ static inline int security_inode_create (struct inode *dir,
1484 return security_ops->inode_create (dir, dentry, mode); 1450 return security_ops->inode_create (dir, dentry, mode);
1485} 1451}
1486 1452
1487static inline void security_inode_post_create (struct inode *dir,
1488 struct dentry *dentry,
1489 int mode)
1490{
1491 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1492 return;
1493 security_ops->inode_post_create (dir, dentry, mode);
1494}
1495
1496static inline int security_inode_link (struct dentry *old_dentry, 1453static inline int security_inode_link (struct dentry *old_dentry,
1497 struct inode *dir, 1454 struct inode *dir,
1498 struct dentry *new_dentry) 1455 struct dentry *new_dentry)
@@ -1528,15 +1485,6 @@ static inline int security_inode_symlink (struct inode *dir,
1528 return security_ops->inode_symlink (dir, dentry, old_name); 1485 return security_ops->inode_symlink (dir, dentry, old_name);
1529} 1486}
1530 1487
1531static inline void security_inode_post_symlink (struct inode *dir,
1532 struct dentry *dentry,
1533 const char *old_name)
1534{
1535 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1536 return;
1537 security_ops->inode_post_symlink (dir, dentry, old_name);
1538}
1539
1540static inline int security_inode_mkdir (struct inode *dir, 1488static inline int security_inode_mkdir (struct inode *dir,
1541 struct dentry *dentry, 1489 struct dentry *dentry,
1542 int mode) 1490 int mode)
@@ -1546,15 +1494,6 @@ static inline int security_inode_mkdir (struct inode *dir,
1546 return security_ops->inode_mkdir (dir, dentry, mode); 1494 return security_ops->inode_mkdir (dir, dentry, mode);
1547} 1495}
1548 1496
1549static inline void security_inode_post_mkdir (struct inode *dir,
1550 struct dentry *dentry,
1551 int mode)
1552{
1553 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1554 return;
1555 security_ops->inode_post_mkdir (dir, dentry, mode);
1556}
1557
1558static inline int security_inode_rmdir (struct inode *dir, 1497static inline int security_inode_rmdir (struct inode *dir,
1559 struct dentry *dentry) 1498 struct dentry *dentry)
1560{ 1499{
@@ -1572,15 +1511,6 @@ static inline int security_inode_mknod (struct inode *dir,
1572 return security_ops->inode_mknod (dir, dentry, mode, dev); 1511 return security_ops->inode_mknod (dir, dentry, mode, dev);
1573} 1512}
1574 1513
1575static inline void security_inode_post_mknod (struct inode *dir,
1576 struct dentry *dentry,
1577 int mode, dev_t dev)
1578{
1579 if (dentry->d_inode && unlikely (IS_PRIVATE (dentry->d_inode)))
1580 return;
1581 security_ops->inode_post_mknod (dir, dentry, mode, dev);
1582}
1583
1584static inline int security_inode_rename (struct inode *old_dir, 1514static inline int security_inode_rename (struct inode *old_dir,
1585 struct dentry *old_dentry, 1515 struct dentry *old_dentry,
1586 struct inode *new_dir, 1516 struct inode *new_dir,
@@ -2220,11 +2150,6 @@ static inline int security_inode_create (struct inode *dir,
2220 return 0; 2150 return 0;
2221} 2151}
2222 2152
2223static inline void security_inode_post_create (struct inode *dir,
2224 struct dentry *dentry,
2225 int mode)
2226{ }
2227
2228static inline int security_inode_link (struct dentry *old_dentry, 2153static inline int security_inode_link (struct dentry *old_dentry,
2229 struct inode *dir, 2154 struct inode *dir,
2230 struct dentry *new_dentry) 2155 struct dentry *new_dentry)
@@ -2250,11 +2175,6 @@ static inline int security_inode_symlink (struct inode *dir,
2250 return 0; 2175 return 0;
2251} 2176}
2252 2177
2253static inline void security_inode_post_symlink (struct inode *dir,
2254 struct dentry *dentry,
2255 const char *old_name)
2256{ }
2257
2258static inline int security_inode_mkdir (struct inode *dir, 2178static inline int security_inode_mkdir (struct inode *dir,
2259 struct dentry *dentry, 2179 struct dentry *dentry,
2260 int mode) 2180 int mode)
@@ -2262,11 +2182,6 @@ static inline int security_inode_mkdir (struct inode *dir,
2262 return 0; 2182 return 0;
2263} 2183}
2264 2184
2265static inline void security_inode_post_mkdir (struct inode *dir,
2266 struct dentry *dentry,
2267 int mode)
2268{ }
2269
2270static inline int security_inode_rmdir (struct inode *dir, 2185static inline int security_inode_rmdir (struct inode *dir,
2271 struct dentry *dentry) 2186 struct dentry *dentry)
2272{ 2187{
@@ -2280,11 +2195,6 @@ static inline int security_inode_mknod (struct inode *dir,
2280 return 0; 2195 return 0;
2281} 2196}
2282 2197
2283static inline void security_inode_post_mknod (struct inode *dir,
2284 struct dentry *dentry,
2285 int mode, dev_t dev)
2286{ }
2287
2288static inline int security_inode_rename (struct inode *old_dir, 2198static inline int security_inode_rename (struct inode *old_dir,
2289 struct dentry *old_dentry, 2199 struct dentry *old_dentry,
2290 struct inode *new_dir, 2200 struct inode *new_dir,
diff --git a/security/dummy.c b/security/dummy.c
index e8a00fa80469..5083314e14b1 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -270,12 +270,6 @@ static int dummy_inode_create (struct inode *inode, struct dentry *dentry,
270 return 0; 270 return 0;
271} 271}
272 272
273static void dummy_inode_post_create (struct inode *inode, struct dentry *dentry,
274 int mask)
275{
276 return;
277}
278
279static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode, 273static int dummy_inode_link (struct dentry *old_dentry, struct inode *inode,
280 struct dentry *new_dentry) 274 struct dentry *new_dentry)
281{ 275{
@@ -300,24 +294,12 @@ static int dummy_inode_symlink (struct inode *inode, struct dentry *dentry,
300 return 0; 294 return 0;
301} 295}
302 296
303static void dummy_inode_post_symlink (struct inode *inode,
304 struct dentry *dentry, const char *name)
305{
306 return;
307}
308
309static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry, 297static int dummy_inode_mkdir (struct inode *inode, struct dentry *dentry,
310 int mask) 298 int mask)
311{ 299{
312 return 0; 300 return 0;
313} 301}
314 302
315static void dummy_inode_post_mkdir (struct inode *inode, struct dentry *dentry,
316 int mask)
317{
318 return;
319}
320
321static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry) 303static int dummy_inode_rmdir (struct inode *inode, struct dentry *dentry)
322{ 304{
323 return 0; 305 return 0;
@@ -329,12 +311,6 @@ static int dummy_inode_mknod (struct inode *inode, struct dentry *dentry,
329 return 0; 311 return 0;
330} 312}
331 313
332static void dummy_inode_post_mknod (struct inode *inode, struct dentry *dentry,
333 int mode, dev_t dev)
334{
335 return;
336}
337
338static int dummy_inode_rename (struct inode *old_inode, 314static int dummy_inode_rename (struct inode *old_inode,
339 struct dentry *old_dentry, 315 struct dentry *old_dentry,
340 struct inode *new_inode, 316 struct inode *new_inode,
@@ -894,17 +870,13 @@ void security_fixup_ops (struct security_operations *ops)
894 set_to_dummy_if_null(ops, inode_free_security); 870 set_to_dummy_if_null(ops, inode_free_security);
895 set_to_dummy_if_null(ops, inode_init_security); 871 set_to_dummy_if_null(ops, inode_init_security);
896 set_to_dummy_if_null(ops, inode_create); 872 set_to_dummy_if_null(ops, inode_create);
897 set_to_dummy_if_null(ops, inode_post_create);
898 set_to_dummy_if_null(ops, inode_link); 873 set_to_dummy_if_null(ops, inode_link);
899 set_to_dummy_if_null(ops, inode_post_link); 874 set_to_dummy_if_null(ops, inode_post_link);
900 set_to_dummy_if_null(ops, inode_unlink); 875 set_to_dummy_if_null(ops, inode_unlink);
901 set_to_dummy_if_null(ops, inode_symlink); 876 set_to_dummy_if_null(ops, inode_symlink);
902 set_to_dummy_if_null(ops, inode_post_symlink);
903 set_to_dummy_if_null(ops, inode_mkdir); 877 set_to_dummy_if_null(ops, inode_mkdir);
904 set_to_dummy_if_null(ops, inode_post_mkdir);
905 set_to_dummy_if_null(ops, inode_rmdir); 878 set_to_dummy_if_null(ops, inode_rmdir);
906 set_to_dummy_if_null(ops, inode_mknod); 879 set_to_dummy_if_null(ops, inode_mknod);
907 set_to_dummy_if_null(ops, inode_post_mknod);
908 set_to_dummy_if_null(ops, inode_rename); 880 set_to_dummy_if_null(ops, inode_rename);
909 set_to_dummy_if_null(ops, inode_post_rename); 881 set_to_dummy_if_null(ops, inode_post_rename);
910 set_to_dummy_if_null(ops, inode_readlink); 882 set_to_dummy_if_null(ops, inode_readlink);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 265f33d3af9b..c9c20828be79 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1265,91 +1265,6 @@ static int inode_security_set_sid(struct inode *inode, u32 sid)
1265 return 0; 1265 return 0;
1266} 1266}
1267 1267
1268/* Set the security attributes on a newly created file. */
1269static int post_create(struct inode *dir,
1270 struct dentry *dentry)
1271{
1272
1273 struct task_security_struct *tsec;
1274 struct inode *inode;
1275 struct inode_security_struct *dsec;
1276 struct superblock_security_struct *sbsec;
1277 struct inode_security_struct *isec;
1278 u32 newsid;
1279 char *context;
1280 unsigned int len;
1281 int rc;
1282
1283 tsec = current->security;
1284 dsec = dir->i_security;
1285 sbsec = dir->i_sb->s_security;
1286
1287 inode = dentry->d_inode;
1288 if (!inode) {
1289 /* Some file system types (e.g. NFS) may not instantiate
1290 a dentry for all create operations (e.g. symlink),
1291 so we have to check to see if the inode is non-NULL. */
1292 printk(KERN_WARNING "post_create: no inode, dir (dev=%s, "
1293 "ino=%ld)\n", dir->i_sb->s_id, dir->i_ino);
1294 return 0;
1295 }
1296
1297 isec = inode->i_security;
1298
1299 if (isec->security_attr_init)
1300 return 0;
1301
1302 if (tsec->create_sid && sbsec->behavior != SECURITY_FS_USE_MNTPOINT) {
1303 newsid = tsec->create_sid;
1304 } else {
1305 rc = security_transition_sid(tsec->sid, dsec->sid,
1306 inode_mode_to_security_class(inode->i_mode),
1307 &newsid);
1308 if (rc) {
1309 printk(KERN_WARNING "post_create: "
1310 "security_transition_sid failed, rc=%d (dev=%s "
1311 "ino=%ld)\n",
1312 -rc, inode->i_sb->s_id, inode->i_ino);
1313 return rc;
1314 }
1315 }
1316
1317 rc = inode_security_set_sid(inode, newsid);
1318 if (rc) {
1319 printk(KERN_WARNING "post_create: inode_security_set_sid "
1320 "failed, rc=%d (dev=%s ino=%ld)\n",
1321 -rc, inode->i_sb->s_id, inode->i_ino);
1322 return rc;
1323 }
1324
1325 if (sbsec->behavior == SECURITY_FS_USE_XATTR &&
1326 inode->i_op->setxattr) {
1327 /* Use extended attributes. */
1328 rc = security_sid_to_context(newsid, &context, &len);
1329 if (rc) {
1330 printk(KERN_WARNING "post_create: sid_to_context "
1331 "failed, rc=%d (dev=%s ino=%ld)\n",
1332 -rc, inode->i_sb->s_id, inode->i_ino);
1333 return rc;
1334 }
1335 down(&inode->i_sem);
1336 rc = inode->i_op->setxattr(dentry,
1337 XATTR_NAME_SELINUX,
1338 context, len, 0);
1339 up(&inode->i_sem);
1340 kfree(context);
1341 if (rc < 0) {
1342 printk(KERN_WARNING "post_create: setxattr failed, "
1343 "rc=%d (dev=%s ino=%ld)\n",
1344 -rc, inode->i_sb->s_id, inode->i_ino);
1345 return rc;
1346 }
1347 }
1348
1349 return 0;
1350}
1351
1352
1353/* Hook functions begin here. */ 1268/* Hook functions begin here. */
1354 1269
1355static int selinux_ptrace(struct task_struct *parent, struct task_struct *child) 1270static int selinux_ptrace(struct task_struct *parent, struct task_struct *child)
@@ -2076,8 +1991,6 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2076 *len = clen; 1991 *len = clen;
2077 } 1992 }
2078 1993
2079 isec->security_attr_init = 1;
2080
2081 return 0; 1994 return 0;
2082} 1995}
2083 1996
@@ -2086,11 +1999,6 @@ static int selinux_inode_create(struct inode *dir, struct dentry *dentry, int ma
2086 return may_create(dir, dentry, SECCLASS_FILE); 1999 return may_create(dir, dentry, SECCLASS_FILE);
2087} 2000}
2088 2001
2089static void selinux_inode_post_create(struct inode *dir, struct dentry *dentry, int mask)
2090{
2091 post_create(dir, dentry);
2092}
2093
2094static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry) 2002static int selinux_inode_link(struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry)
2095{ 2003{
2096 int rc; 2004 int rc;
@@ -2121,21 +2029,11 @@ static int selinux_inode_symlink(struct inode *dir, struct dentry *dentry, const
2121 return may_create(dir, dentry, SECCLASS_LNK_FILE); 2029 return may_create(dir, dentry, SECCLASS_LNK_FILE);
2122} 2030}
2123 2031
2124static void selinux_inode_post_symlink(struct inode *dir, struct dentry *dentry, const char *name)
2125{
2126 post_create(dir, dentry);
2127}
2128
2129static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask) 2032static int selinux_inode_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2130{ 2033{
2131 return may_create(dir, dentry, SECCLASS_DIR); 2034 return may_create(dir, dentry, SECCLASS_DIR);
2132} 2035}
2133 2036
2134static void selinux_inode_post_mkdir(struct inode *dir, struct dentry *dentry, int mask)
2135{
2136 post_create(dir, dentry);
2137}
2138
2139static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry) 2037static int selinux_inode_rmdir(struct inode *dir, struct dentry *dentry)
2140{ 2038{
2141 return may_link(dir, dentry, MAY_RMDIR); 2039 return may_link(dir, dentry, MAY_RMDIR);
@@ -2152,11 +2050,6 @@ static int selinux_inode_mknod(struct inode *dir, struct dentry *dentry, int mod
2152 return may_create(dir, dentry, inode_mode_to_security_class(mode)); 2050 return may_create(dir, dentry, inode_mode_to_security_class(mode));
2153} 2051}
2154 2052
2155static void selinux_inode_post_mknod(struct inode *dir, struct dentry *dentry, int mode, dev_t dev)
2156{
2157 post_create(dir, dentry);
2158}
2159
2160static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry, 2053static int selinux_inode_rename(struct inode *old_inode, struct dentry *old_dentry,
2161 struct inode *new_inode, struct dentry *new_dentry) 2054 struct inode *new_inode, struct dentry *new_dentry)
2162{ 2055{
@@ -4363,17 +4256,13 @@ static struct security_operations selinux_ops = {
4363 .inode_free_security = selinux_inode_free_security, 4256 .inode_free_security = selinux_inode_free_security,
4364 .inode_init_security = selinux_inode_init_security, 4257 .inode_init_security = selinux_inode_init_security,
4365 .inode_create = selinux_inode_create, 4258 .inode_create = selinux_inode_create,
4366 .inode_post_create = selinux_inode_post_create,
4367 .inode_link = selinux_inode_link, 4259 .inode_link = selinux_inode_link,
4368 .inode_post_link = selinux_inode_post_link, 4260 .inode_post_link = selinux_inode_post_link,
4369 .inode_unlink = selinux_inode_unlink, 4261 .inode_unlink = selinux_inode_unlink,
4370 .inode_symlink = selinux_inode_symlink, 4262 .inode_symlink = selinux_inode_symlink,
4371 .inode_post_symlink = selinux_inode_post_symlink,
4372 .inode_mkdir = selinux_inode_mkdir, 4263 .inode_mkdir = selinux_inode_mkdir,
4373 .inode_post_mkdir = selinux_inode_post_mkdir,
4374 .inode_rmdir = selinux_inode_rmdir, 4264 .inode_rmdir = selinux_inode_rmdir,
4375 .inode_mknod = selinux_inode_mknod, 4265 .inode_mknod = selinux_inode_mknod,
4376 .inode_post_mknod = selinux_inode_post_mknod,
4377 .inode_rename = selinux_inode_rename, 4266 .inode_rename = selinux_inode_rename,
4378 .inode_post_rename = selinux_inode_post_rename, 4267 .inode_post_rename = selinux_inode_post_rename,
4379 .inode_readlink = selinux_inode_readlink, 4268 .inode_readlink = selinux_inode_readlink,
diff --git a/security/selinux/include/objsec.h b/security/selinux/include/objsec.h
index c515bc0b58a1..887937c8134a 100644
--- a/security/selinux/include/objsec.h
+++ b/security/selinux/include/objsec.h
@@ -46,7 +46,6 @@ struct inode_security_struct {
46 unsigned char initialized; /* initialization flag */ 46 unsigned char initialized; /* initialization flag */
47 struct semaphore sem; 47 struct semaphore sem;
48 unsigned char inherit; /* inherit SID from parent entry */ 48 unsigned char inherit; /* inherit SID from parent entry */
49 unsigned char security_attr_init; /* security attributes init flag */
50}; 49};
51 50
52struct file_security_struct { 51struct file_security_struct {