diff options
| author | Paul Moore <paul.moore@hp.com> | 2009-03-27 17:10:48 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-03-28 00:01:37 -0400 |
| commit | 8651d5c0b1f874c5b8307ae2b858bc40f9f02482 (patch) | |
| tree | c09bee8fdc4c659d155b47911dc87ce4c09b6676 | |
| parent | 58bfbb51ff2b0fdc6c732ff3d72f50aa632b67a2 (diff) | |
lsm: Remove the socket_post_accept() hook
The socket_post_accept() hook is not currently used by any in-tree modules
and its existence continues to cause problems by confusing people about
what can be safely accomplished using this hook. If a legitimate need for
this hook arises in the future it can always be reintroduced.
Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: James Morris <jmorris@namei.org>
| -rw-r--r-- | include/linux/security.h | 13 | ||||
| -rw-r--r-- | net/socket.c | 2 | ||||
| -rw-r--r-- | security/capability.c | 5 | ||||
| -rw-r--r-- | security/security.c | 5 |
4 files changed, 0 insertions, 25 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 1f2ab6353c00..54ed15799a83 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
| @@ -880,11 +880,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
| 880 | * @sock contains the listening socket structure. | 880 | * @sock contains the listening socket structure. |
| 881 | * @newsock contains the newly created server socket for connection. | 881 | * @newsock contains the newly created server socket for connection. |
| 882 | * Return 0 if permission is granted. | 882 | * Return 0 if permission is granted. |
| 883 | * @socket_post_accept: | ||
| 884 | * This hook allows a security module to copy security | ||
| 885 | * information into the newly created socket's inode. | ||
| 886 | * @sock contains the listening socket structure. | ||
| 887 | * @newsock contains the newly created server socket for connection. | ||
| 888 | * @socket_sendmsg: | 883 | * @socket_sendmsg: |
| 889 | * Check permission before transmitting a message to another socket. | 884 | * Check permission before transmitting a message to another socket. |
| 890 | * @sock contains the socket structure. | 885 | * @sock contains the socket structure. |
| @@ -1554,8 +1549,6 @@ struct security_operations { | |||
| 1554 | struct sockaddr *address, int addrlen); | 1549 | struct sockaddr *address, int addrlen); |
| 1555 | int (*socket_listen) (struct socket *sock, int backlog); | 1550 | int (*socket_listen) (struct socket *sock, int backlog); |
| 1556 | int (*socket_accept) (struct socket *sock, struct socket *newsock); | 1551 | int (*socket_accept) (struct socket *sock, struct socket *newsock); |
| 1557 | void (*socket_post_accept) (struct socket *sock, | ||
| 1558 | struct socket *newsock); | ||
| 1559 | int (*socket_sendmsg) (struct socket *sock, | 1552 | int (*socket_sendmsg) (struct socket *sock, |
| 1560 | struct msghdr *msg, int size); | 1553 | struct msghdr *msg, int size); |
| 1561 | int (*socket_recvmsg) (struct socket *sock, | 1554 | int (*socket_recvmsg) (struct socket *sock, |
| @@ -2537,7 +2530,6 @@ int security_socket_bind(struct socket *sock, struct sockaddr *address, int addr | |||
| 2537 | int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); | 2530 | int security_socket_connect(struct socket *sock, struct sockaddr *address, int addrlen); |
| 2538 | int security_socket_listen(struct socket *sock, int backlog); | 2531 | int security_socket_listen(struct socket *sock, int backlog); |
| 2539 | int security_socket_accept(struct socket *sock, struct socket *newsock); | 2532 | int security_socket_accept(struct socket *sock, struct socket *newsock); |
| 2540 | void security_socket_post_accept(struct socket *sock, struct socket *newsock); | ||
| 2541 | int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); | 2533 | int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size); |
| 2542 | int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, | 2534 | int security_socket_recvmsg(struct socket *sock, struct msghdr *msg, |
| 2543 | int size, int flags); | 2535 | int size, int flags); |
| @@ -2616,11 +2608,6 @@ static inline int security_socket_accept(struct socket *sock, | |||
| 2616 | return 0; | 2608 | return 0; |
| 2617 | } | 2609 | } |
| 2618 | 2610 | ||
| 2619 | static inline void security_socket_post_accept(struct socket *sock, | ||
| 2620 | struct socket *newsock) | ||
| 2621 | { | ||
| 2622 | } | ||
| 2623 | |||
| 2624 | static inline int security_socket_sendmsg(struct socket *sock, | 2611 | static inline int security_socket_sendmsg(struct socket *sock, |
| 2625 | struct msghdr *msg, int size) | 2612 | struct msghdr *msg, int size) |
| 2626 | { | 2613 | { |
diff --git a/net/socket.c b/net/socket.c index 0b14b79c03af..91d0c0254ffe 100644 --- a/net/socket.c +++ b/net/socket.c | |||
| @@ -1536,8 +1536,6 @@ SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr, | |||
| 1536 | fd_install(newfd, newfile); | 1536 | fd_install(newfd, newfile); |
| 1537 | err = newfd; | 1537 | err = newfd; |
| 1538 | 1538 | ||
| 1539 | security_socket_post_accept(sock, newsock); | ||
| 1540 | |||
| 1541 | out_put: | 1539 | out_put: |
| 1542 | fput_light(sock->file, fput_needed); | 1540 | fput_light(sock->file, fput_needed); |
| 1543 | out: | 1541 | out: |
diff --git a/security/capability.c b/security/capability.c index c545bd1300b5..21b6cead6a8e 100644 --- a/security/capability.c +++ b/security/capability.c | |||
| @@ -620,10 +620,6 @@ static int cap_socket_accept(struct socket *sock, struct socket *newsock) | |||
| 620 | return 0; | 620 | return 0; |
| 621 | } | 621 | } |
| 622 | 622 | ||
| 623 | static void cap_socket_post_accept(struct socket *sock, struct socket *newsock) | ||
| 624 | { | ||
| 625 | } | ||
| 626 | |||
| 627 | static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) | 623 | static int cap_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) |
| 628 | { | 624 | { |
| 629 | return 0; | 625 | return 0; |
| @@ -1014,7 +1010,6 @@ void security_fixup_ops(struct security_operations *ops) | |||
| 1014 | set_to_cap_if_null(ops, socket_connect); | 1010 | set_to_cap_if_null(ops, socket_connect); |
| 1015 | set_to_cap_if_null(ops, socket_listen); | 1011 | set_to_cap_if_null(ops, socket_listen); |
| 1016 | set_to_cap_if_null(ops, socket_accept); | 1012 | set_to_cap_if_null(ops, socket_accept); |
| 1017 | set_to_cap_if_null(ops, socket_post_accept); | ||
| 1018 | set_to_cap_if_null(ops, socket_sendmsg); | 1013 | set_to_cap_if_null(ops, socket_sendmsg); |
| 1019 | set_to_cap_if_null(ops, socket_recvmsg); | 1014 | set_to_cap_if_null(ops, socket_recvmsg); |
| 1020 | set_to_cap_if_null(ops, socket_getsockname); | 1015 | set_to_cap_if_null(ops, socket_getsockname); |
diff --git a/security/security.c b/security/security.c index c3586c0d97e2..206e53844d2f 100644 --- a/security/security.c +++ b/security/security.c | |||
| @@ -1007,11 +1007,6 @@ int security_socket_accept(struct socket *sock, struct socket *newsock) | |||
| 1007 | return security_ops->socket_accept(sock, newsock); | 1007 | return security_ops->socket_accept(sock, newsock); |
| 1008 | } | 1008 | } |
| 1009 | 1009 | ||
| 1010 | void security_socket_post_accept(struct socket *sock, struct socket *newsock) | ||
| 1011 | { | ||
| 1012 | security_ops->socket_post_accept(sock, newsock); | ||
| 1013 | } | ||
| 1014 | |||
| 1015 | int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) | 1010 | int security_socket_sendmsg(struct socket *sock, struct msghdr *msg, int size) |
| 1016 | { | 1011 | { |
| 1017 | return security_ops->socket_sendmsg(sock, msg, size); | 1012 | return security_ops->socket_sendmsg(sock, msg, size); |