security: remove register_security hook

The register security hook is no longer required, as the capability module is always registered. LSMs wishing to stack capability as a secondary module should do so explicitly. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Greg Kroah-Hartman <gregkh@suse.de>
author: James Morris <jmorris@namei.org> 2008-07-10 04:02:07 -0400
committer: James Morris <jmorris@namei.org> 2008-07-14 01:04:06 -0400
commit: 6f0f0fd496333777d53daff21a4e3b28c4d03a6d (patch)
tree: 202de67376fce2547b44ae5b016d6424c3c7409c /security/selinux
parent: 93cbace7a058bce7f99319ef6ceff4b78cf45051 (diff)
1 files changed, 5 insertions, 27 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 745a69e74e38..91200feb3f9c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -126,13 +126,11 @@ __setup("selinux=", selinux_enabled_setup);
 int selinux_enabled = 1;
 #endif
-/* Original (dummy) security module. */
-static struct security_operations *original_ops;
-/* Minimal support for a secondary security module,
+/*
-   just to allow the use of the dummy or capability modules.
+ * Minimal support for a secondary security module,
-   The owlsm module can alternatively be used as a secondary
+ * just to allow the use of the capability module.
-   module as long as CONFIG_OWLSM_FD is not enabled. */
+ */
 static struct security_operations *secondary_ops;
 /* Lists of inode and superblock security structures initialized
@@ -5115,24 +5113,6 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
        *secid = isec->sid;
 }
-/* module stacking operations */
-static int selinux_register_security(const char *name, struct security_operations *ops)
-{
-        if (secondary_ops != original_ops) {
-                printk(KERN_ERR "%s:  There is already a secondary security "
-                       "module registered.\n", __func__);
-                return -EINVAL;
-        }
-        secondary_ops = ops;
-        printk(KERN_INFO "%s:  Registering secondary module %s\n",
-               __func__,
-               name);
-        return 0;
-}
 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
 {
        if (inode)
@@ -5517,8 +5497,6 @@ static struct security_operations selinux_ops = {
        .sem_semctl =                   selinux_sem_semctl,
        .sem_semop =                    selinux_sem_semop,
-        .register_security =            selinux_register_security,
        .d_instantiate =                selinux_d_instantiate,
        .getprocattr =                  selinux_getprocattr,
@@ -5612,7 +5590,7 @@ static __init int selinux_init(void)
                                            0, SLAB_PANIC, NULL);
        avc_init();
-        original_ops = secondary_ops = security_ops;
+        secondary_ops = security_ops;
        if (!secondary_ops)
                panic("SELinux: No initial security operations\n");
        if (register_security(&selinux_ops))
author	James Morris <jmorris@namei.org>	2008-07-10 04:02:07 -0400
committer	James Morris <jmorris@namei.org>	2008-07-14 01:04:06 -0400
commit	6f0f0fd496333777d53daff21a4e3b28c4d03a6d (patch)
tree	202de67376fce2547b44ae5b016d6424c3c7409c /security/selinux
parent	93cbace7a058bce7f99319ef6ceff4b78cf45051 (diff)