diff options
author | Lucian Adrian Grijincu <lucian.grijincu@gmail.com> | 2011-02-01 11:44:56 -0500 |
---|---|---|
committer | Eric Paris <eparis@redhat.com> | 2011-02-01 11:54:02 -0500 |
commit | 4916ca401e3051dad326ddd69765bd0e3f32fb9b (patch) | |
tree | 593778babcd691a498a909a5eaf462f29d241cf6 | |
parent | 8e6c96935fcc1ed3dbebc96fddfef3f2f2395afc (diff) |
security: remove unused security_sysctl hook
The only user for this hook was selinux. sysctl routes every call
through /proc/sys/. Selinux and other security modules use the file
system checks for sysctl too, so no need for this hook any more.
Signed-off-by: Lucian Adrian Grijincu <lucian.grijincu@gmail.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
-rw-r--r-- | include/linux/security.h | 13 | ||||
-rw-r--r-- | kernel/sysctl.c | 5 | ||||
-rw-r--r-- | security/capability.c | 6 | ||||
-rw-r--r-- | security/security.c | 5 |
4 files changed, 0 insertions, 29 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 05dd5a64aa76..14167f2eb35a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1259,12 +1259,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) | |||
1259 | * @cap contains the capability <include/linux/capability.h>. | 1259 | * @cap contains the capability <include/linux/capability.h>. |
1260 | * @audit: Whether to write an audit message or not | 1260 | * @audit: Whether to write an audit message or not |
1261 | * Return 0 if the capability is granted for @tsk. | 1261 | * Return 0 if the capability is granted for @tsk. |
1262 | * @sysctl: | ||
1263 | * Check permission before accessing the @table sysctl variable in the | ||
1264 | * manner specified by @op. | ||
1265 | * @table contains the ctl_table structure for the sysctl variable. | ||
1266 | * @op contains the operation (001 = search, 002 = write, 004 = read). | ||
1267 | * Return 0 if permission is granted. | ||
1268 | * @syslog: | 1262 | * @syslog: |
1269 | * Check permission before accessing the kernel message ring or changing | 1263 | * Check permission before accessing the kernel message ring or changing |
1270 | * logging to the console. | 1264 | * logging to the console. |
@@ -1385,7 +1379,6 @@ struct security_operations { | |||
1385 | const kernel_cap_t *permitted); | 1379 | const kernel_cap_t *permitted); |
1386 | int (*capable) (struct task_struct *tsk, const struct cred *cred, | 1380 | int (*capable) (struct task_struct *tsk, const struct cred *cred, |
1387 | int cap, int audit); | 1381 | int cap, int audit); |
1388 | int (*sysctl) (struct ctl_table *table, int op); | ||
1389 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); | 1382 | int (*quotactl) (int cmds, int type, int id, struct super_block *sb); |
1390 | int (*quota_on) (struct dentry *dentry); | 1383 | int (*quota_on) (struct dentry *dentry); |
1391 | int (*syslog) (int type); | 1384 | int (*syslog) (int type); |
@@ -1668,7 +1661,6 @@ int security_capset(struct cred *new, const struct cred *old, | |||
1668 | int security_capable(int cap); | 1661 | int security_capable(int cap); |
1669 | int security_real_capable(struct task_struct *tsk, int cap); | 1662 | int security_real_capable(struct task_struct *tsk, int cap); |
1670 | int security_real_capable_noaudit(struct task_struct *tsk, int cap); | 1663 | int security_real_capable_noaudit(struct task_struct *tsk, int cap); |
1671 | int security_sysctl(struct ctl_table *table, int op); | ||
1672 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); | 1664 | int security_quotactl(int cmds, int type, int id, struct super_block *sb); |
1673 | int security_quota_on(struct dentry *dentry); | 1665 | int security_quota_on(struct dentry *dentry); |
1674 | int security_syslog(int type); | 1666 | int security_syslog(int type); |
@@ -1887,11 +1879,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap) | |||
1887 | return ret; | 1879 | return ret; |
1888 | } | 1880 | } |
1889 | 1881 | ||
1890 | static inline int security_sysctl(struct ctl_table *table, int op) | ||
1891 | { | ||
1892 | return 0; | ||
1893 | } | ||
1894 | |||
1895 | static inline int security_quotactl(int cmds, int type, int id, | 1882 | static inline int security_quotactl(int cmds, int type, int id, |
1896 | struct super_block *sb) | 1883 | struct super_block *sb) |
1897 | { | 1884 | { |
diff --git a/kernel/sysctl.c b/kernel/sysctl.c index ae5cbb1e3ced..e24254c27eaf 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c | |||
@@ -1691,13 +1691,8 @@ static int test_perm(int mode, int op) | |||
1691 | 1691 | ||
1692 | int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op) | 1692 | int sysctl_perm(struct ctl_table_root *root, struct ctl_table *table, int op) |
1693 | { | 1693 | { |
1694 | int error; | ||
1695 | int mode; | 1694 | int mode; |
1696 | 1695 | ||
1697 | error = security_sysctl(table, op & (MAY_READ | MAY_WRITE | MAY_EXEC)); | ||
1698 | if (error) | ||
1699 | return error; | ||
1700 | |||
1701 | if (root->permissions) | 1696 | if (root->permissions) |
1702 | mode = root->permissions(root, current->nsproxy, table); | 1697 | mode = root->permissions(root, current->nsproxy, table); |
1703 | else | 1698 | else |
diff --git a/security/capability.c b/security/capability.c index 383d14dc12ef..85b67c8632df 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -12,11 +12,6 @@ | |||
12 | 12 | ||
13 | #include <linux/security.h> | 13 | #include <linux/security.h> |
14 | 14 | ||
15 | static int cap_sysctl(ctl_table *table, int op) | ||
16 | { | ||
17 | return 0; | ||
18 | } | ||
19 | |||
20 | static int cap_syslog(int type) | 15 | static int cap_syslog(int type) |
21 | { | 16 | { |
22 | return 0; | 17 | return 0; |
@@ -881,7 +876,6 @@ void __init security_fixup_ops(struct security_operations *ops) | |||
881 | set_to_cap_if_null(ops, capable); | 876 | set_to_cap_if_null(ops, capable); |
882 | set_to_cap_if_null(ops, quotactl); | 877 | set_to_cap_if_null(ops, quotactl); |
883 | set_to_cap_if_null(ops, quota_on); | 878 | set_to_cap_if_null(ops, quota_on); |
884 | set_to_cap_if_null(ops, sysctl); | ||
885 | set_to_cap_if_null(ops, syslog); | 879 | set_to_cap_if_null(ops, syslog); |
886 | set_to_cap_if_null(ops, settime); | 880 | set_to_cap_if_null(ops, settime); |
887 | set_to_cap_if_null(ops, vm_enough_memory); | 881 | set_to_cap_if_null(ops, vm_enough_memory); |
diff --git a/security/security.c b/security/security.c index 4830f36e1ab5..8f28685ee0d9 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -182,11 +182,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap) | |||
182 | return ret; | 182 | return ret; |
183 | } | 183 | } |
184 | 184 | ||
185 | int security_sysctl(struct ctl_table *table, int op) | ||
186 | { | ||
187 | return security_ops->sysctl(table, op); | ||
188 | } | ||
189 | |||
190 | int security_quotactl(int cmds, int type, int id, struct super_block *sb) | 185 | int security_quotactl(int cmds, int type, int id, struct super_block *sb) |
191 | { | 186 | { |
192 | return security_ops->quotactl(cmds, type, id, sb); | 187 | return security_ops->quotactl(cmds, type, id, sb); |