security: remove the security_netlink_recv hook as it is equivalent to capable()

Once upon a time netlink was not sync and we had to get the effective capabilities from the skb that was being received. Today we instead get the capabilities from the current task. This has rendered the entire purpose of the hook moot as it is now functionally equivalent to the capable() call. Signed-off-by: Eric Paris <eparis@redhat.com>
author: Eric Paris <eparis@redhat.com> 2012-01-03 12:25:16 -0500
committer: Eric Paris <eparis@redhat.com> 2012-01-05 18:53:01 -0500
commit: fd778461524849afd035679030ae8e8873c72b81 (patch)
tree: 32a5849c1879413fce0307af304e372eaa8225b4 /security/selinux/hooks.c
parent: 69f594a38967f4540ce7a29b3fd214e68a8330bd (diff)
1 files changed, 0 insertions, 19 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 14f94cd29c80..3e37d25a9bbe 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4713,24 +4713,6 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
        return selinux_nlmsg_perm(sk, skb);
 }
-static int selinux_netlink_recv(struct sk_buff *skb, int capability)
-{
-        int err;
-        struct common_audit_data ad;
-        u32 sid;
-        err = cap_netlink_recv(skb, capability);
-        if (err)
-                return err;
-        COMMON_AUDIT_DATA_INIT(&ad, CAP);
-        ad.u.cap = capability;
-        security_task_getsecid(current, &sid);
-        return avc_has_perm(sid, sid, SECCLASS_CAPABILITY,
-                            CAP_TO_MASK(capability), &ad);
-}
 static int ipc_alloc_security(struct task_struct *task,
                              struct kern_ipc_perm *perm,
                              u16 sclass)
@@ -5459,7 +5441,6 @@ static struct security_operations selinux_ops = {
        .vm_enough_memory =             selinux_vm_enough_memory,
        .netlink_send =                 selinux_netlink_send,
-        .netlink_recv =                 selinux_netlink_recv,
        .bprm_set_creds =               selinux_bprm_set_creds,
        .bprm_committing_creds =        selinux_bprm_committing_creds,
author	Eric Paris <eparis@redhat.com>	2012-01-03 12:25:16 -0500
committer	Eric Paris <eparis@redhat.com>	2012-01-05 18:53:01 -0500
commit	fd778461524849afd035679030ae8e8873c72b81 (patch)
tree	32a5849c1879413fce0307af304e372eaa8225b4 /security/selinux/hooks.c
parent	69f594a38967f4540ce7a29b3fd214e68a8330bd (diff)

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 14f94cd29c80..3e37d25a9bbe 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -4713,24 +4713,6 @@ static int selinux_netlink_send(struct sock sk, struct sk_buff skb)
4713	return selinux_nlmsg_perm(sk, skb);	4713	return selinux_nlmsg_perm(sk, skb);
4714	}	4714	}
4715		4715
4716	static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4717	{
4718	int err;
4719	struct common_audit_data ad;
4720	u32 sid;
4721
4722	err = cap_netlink_recv(skb, capability);
4723	if (err)
4724	return err;
4725
4726	COMMON_AUDIT_DATA_INIT(&ad, CAP);
4727	ad.u.cap = capability;
4728
4729	security_task_getsecid(current, &sid);
4730	return avc_has_perm(sid, sid, SECCLASS_CAPABILITY,
4731	CAP_TO_MASK(capability), &ad);
4732	}
4733
4734	static int ipc_alloc_security(struct task_struct *task,	4716	static int ipc_alloc_security(struct task_struct *task,
4735	struct kern_ipc_perm *perm,	4717	struct kern_ipc_perm *perm,
4736	u16 sclass)	4718	u16 sclass)
@@ -5459,7 +5441,6 @@ static struct security_operations selinux_ops = {
5459	.vm_enough_memory = selinux_vm_enough_memory,	5441	.vm_enough_memory = selinux_vm_enough_memory,
5460		5442
5461	.netlink_send = selinux_netlink_send,	5443	.netlink_send = selinux_netlink_send,
5462	.netlink_recv = selinux_netlink_recv,
5463		5444
5464	.bprm_set_creds = selinux_bprm_set_creds,	5445	.bprm_set_creds = selinux_bprm_set_creds,
5465	.bprm_committing_creds = selinux_bprm_committing_creds,	5446	.bprm_committing_creds = selinux_bprm_committing_creds,