diff options
author | Adrian Bunk <bunk@kernel.org> | 2007-10-17 02:31:38 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-17 11:43:07 -0400 |
commit | cbfee34520666862f8ff539e580c48958fbb7706 (patch) | |
tree | ded5cafce333e908a0fbeda1f7c55eaf7c1fbaaa /security | |
parent | b53767719b6cd8789392ea3e7e2eb7b8906898f0 (diff) |
security/ cleanups
This patch contains the following cleanups that are now possible:
- remove the unused security_operations->inode_xattr_getsuffix
- remove the no longer used security_operations->unregister_security
- remove some no longer required exit code
- remove a bunch of no longer used exports
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 21 | ||||
-rw-r--r-- | security/dummy.c | 12 | ||||
-rw-r--r-- | security/inode.c | 8 | ||||
-rw-r--r-- | security/security.c | 58 | ||||
-rw-r--r-- | security/selinux/hooks.c | 20 |
5 files changed, 1 insertions, 118 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index afca6dd4ae69..778cb0cfc5d8 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -30,8 +30,6 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
30 | return 0; | 30 | return 0; |
31 | } | 31 | } |
32 | 32 | ||
33 | EXPORT_SYMBOL(cap_netlink_send); | ||
34 | |||
35 | int cap_netlink_recv(struct sk_buff *skb, int cap) | 33 | int cap_netlink_recv(struct sk_buff *skb, int cap) |
36 | { | 34 | { |
37 | if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) | 35 | if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) |
@@ -532,22 +530,3 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) | |||
532 | return __vm_enough_memory(mm, pages, cap_sys_admin); | 530 | return __vm_enough_memory(mm, pages, cap_sys_admin); |
533 | } | 531 | } |
534 | 532 | ||
535 | EXPORT_SYMBOL(cap_capable); | ||
536 | EXPORT_SYMBOL(cap_settime); | ||
537 | EXPORT_SYMBOL(cap_ptrace); | ||
538 | EXPORT_SYMBOL(cap_capget); | ||
539 | EXPORT_SYMBOL(cap_capset_check); | ||
540 | EXPORT_SYMBOL(cap_capset_set); | ||
541 | EXPORT_SYMBOL(cap_bprm_set_security); | ||
542 | EXPORT_SYMBOL(cap_bprm_apply_creds); | ||
543 | EXPORT_SYMBOL(cap_bprm_secureexec); | ||
544 | EXPORT_SYMBOL(cap_inode_setxattr); | ||
545 | EXPORT_SYMBOL(cap_inode_removexattr); | ||
546 | EXPORT_SYMBOL(cap_task_post_setuid); | ||
547 | EXPORT_SYMBOL(cap_task_kill); | ||
548 | EXPORT_SYMBOL(cap_task_setscheduler); | ||
549 | EXPORT_SYMBOL(cap_task_setioprio); | ||
550 | EXPORT_SYMBOL(cap_task_setnice); | ||
551 | EXPORT_SYMBOL(cap_task_reparent_to_init); | ||
552 | EXPORT_SYMBOL(cap_syslog); | ||
553 | EXPORT_SYMBOL(cap_vm_enough_memory); | ||
diff --git a/security/dummy.c b/security/dummy.c index c77dec822385..bc43d4c7383e 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -401,11 +401,6 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu | |||
401 | return 0; | 401 | return 0; |
402 | } | 402 | } |
403 | 403 | ||
404 | static const char *dummy_inode_xattr_getsuffix(void) | ||
405 | { | ||
406 | return NULL; | ||
407 | } | ||
408 | |||
409 | static int dummy_file_permission (struct file *file, int mask) | 404 | static int dummy_file_permission (struct file *file, int mask) |
410 | { | 405 | { |
411 | return 0; | 406 | return 0; |
@@ -915,11 +910,6 @@ static int dummy_register_security (const char *name, struct security_operations | |||
915 | return -EINVAL; | 910 | return -EINVAL; |
916 | } | 911 | } |
917 | 912 | ||
918 | static int dummy_unregister_security (const char *name, struct security_operations *ops) | ||
919 | { | ||
920 | return -EINVAL; | ||
921 | } | ||
922 | |||
923 | static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) | 913 | static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) |
924 | { | 914 | { |
925 | return; | 915 | return; |
@@ -1034,7 +1024,6 @@ void security_fixup_ops (struct security_operations *ops) | |||
1034 | set_to_dummy_if_null(ops, inode_removexattr); | 1024 | set_to_dummy_if_null(ops, inode_removexattr); |
1035 | set_to_dummy_if_null(ops, inode_need_killpriv); | 1025 | set_to_dummy_if_null(ops, inode_need_killpriv); |
1036 | set_to_dummy_if_null(ops, inode_killpriv); | 1026 | set_to_dummy_if_null(ops, inode_killpriv); |
1037 | set_to_dummy_if_null(ops, inode_xattr_getsuffix); | ||
1038 | set_to_dummy_if_null(ops, inode_getsecurity); | 1027 | set_to_dummy_if_null(ops, inode_getsecurity); |
1039 | set_to_dummy_if_null(ops, inode_setsecurity); | 1028 | set_to_dummy_if_null(ops, inode_setsecurity); |
1040 | set_to_dummy_if_null(ops, inode_listsecurity); | 1029 | set_to_dummy_if_null(ops, inode_listsecurity); |
@@ -1095,7 +1084,6 @@ void security_fixup_ops (struct security_operations *ops) | |||
1095 | set_to_dummy_if_null(ops, netlink_send); | 1084 | set_to_dummy_if_null(ops, netlink_send); |
1096 | set_to_dummy_if_null(ops, netlink_recv); | 1085 | set_to_dummy_if_null(ops, netlink_recv); |
1097 | set_to_dummy_if_null(ops, register_security); | 1086 | set_to_dummy_if_null(ops, register_security); |
1098 | set_to_dummy_if_null(ops, unregister_security); | ||
1099 | set_to_dummy_if_null(ops, d_instantiate); | 1087 | set_to_dummy_if_null(ops, d_instantiate); |
1100 | set_to_dummy_if_null(ops, getprocattr); | 1088 | set_to_dummy_if_null(ops, getprocattr); |
1101 | set_to_dummy_if_null(ops, setprocattr); | 1089 | set_to_dummy_if_null(ops, setprocattr); |
diff --git a/security/inode.c b/security/inode.c index 307211ac7346..b28a8acae34d 100644 --- a/security/inode.c +++ b/security/inode.c | |||
@@ -332,14 +332,6 @@ static int __init securityfs_init(void) | |||
332 | return retval; | 332 | return retval; |
333 | } | 333 | } |
334 | 334 | ||
335 | static void __exit securityfs_exit(void) | ||
336 | { | ||
337 | simple_release_fs(&mount, &mount_count); | ||
338 | unregister_filesystem(&fs_type); | ||
339 | subsystem_unregister(&security_subsys); | ||
340 | } | ||
341 | |||
342 | core_initcall(securityfs_init); | 335 | core_initcall(securityfs_init); |
343 | module_exit(securityfs_exit); | ||
344 | MODULE_LICENSE("GPL"); | 336 | MODULE_LICENSE("GPL"); |
345 | 337 | ||
diff --git a/security/security.c b/security/security.c index 2e1b35dd2550..0e1f1f124368 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -71,8 +71,7 @@ int __init security_init(void) | |||
71 | * | 71 | * |
72 | * This function is to allow a security module to register itself with the | 72 | * This function is to allow a security module to register itself with the |
73 | * kernel security subsystem. Some rudimentary checking is done on the @ops | 73 | * kernel security subsystem. Some rudimentary checking is done on the @ops |
74 | * value passed to this function. A call to unregister_security() should be | 74 | * value passed to this function. |
75 | * done to remove this security_options structure from the kernel. | ||
76 | * | 75 | * |
77 | * If there is already a security module registered with the kernel, | 76 | * If there is already a security module registered with the kernel, |
78 | * an error will be returned. Otherwise 0 is returned on success. | 77 | * an error will be returned. Otherwise 0 is returned on success. |
@@ -94,31 +93,6 @@ int register_security(struct security_operations *ops) | |||
94 | } | 93 | } |
95 | 94 | ||
96 | /** | 95 | /** |
97 | * unregister_security - unregisters a security framework with the kernel | ||
98 | * @ops: a pointer to the struct security_options that is to be registered | ||
99 | * | ||
100 | * This function removes a struct security_operations variable that had | ||
101 | * previously been registered with a successful call to register_security(). | ||
102 | * | ||
103 | * If @ops does not match the valued previously passed to register_security() | ||
104 | * an error is returned. Otherwise the default security options is set to the | ||
105 | * the dummy_security_ops structure, and 0 is returned. | ||
106 | */ | ||
107 | int unregister_security(struct security_operations *ops) | ||
108 | { | ||
109 | if (ops != security_ops) { | ||
110 | printk(KERN_INFO "%s: trying to unregister " | ||
111 | "a security_opts structure that is not " | ||
112 | "registered, failing.\n", __FUNCTION__); | ||
113 | return -EINVAL; | ||
114 | } | ||
115 | |||
116 | security_ops = &dummy_security_ops; | ||
117 | |||
118 | return 0; | ||
119 | } | ||
120 | |||
121 | /** | ||
122 | * mod_reg_security - allows security modules to be "stacked" | 96 | * mod_reg_security - allows security modules to be "stacked" |
123 | * @name: a pointer to a string with the name of the security_options to be registered | 97 | * @name: a pointer to a string with the name of the security_options to be registered |
124 | * @ops: a pointer to the struct security_options that is to be registered | 98 | * @ops: a pointer to the struct security_options that is to be registered |
@@ -147,30 +121,6 @@ int mod_reg_security(const char *name, struct security_operations *ops) | |||
147 | return security_ops->register_security(name, ops); | 121 | return security_ops->register_security(name, ops); |
148 | } | 122 | } |
149 | 123 | ||
150 | /** | ||
151 | * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded | ||
152 | * @name: a pointer to a string with the name of the security_options to be removed | ||
153 | * @ops: a pointer to the struct security_options that is to be removed | ||
154 | * | ||
155 | * This function allows security modules that have been successfully registered | ||
156 | * with a call to mod_reg_security() to be unloaded from the system. | ||
157 | * This calls the currently loaded security module's unregister_security() call | ||
158 | * with the @name and @ops variables. | ||
159 | * | ||
160 | * The return value depends on the currently loaded security module, with 0 as | ||
161 | * success. | ||
162 | */ | ||
163 | int mod_unreg_security(const char *name, struct security_operations *ops) | ||
164 | { | ||
165 | if (ops == security_ops) { | ||
166 | printk(KERN_INFO "%s invalid attempt to unregister " | ||
167 | " primary security ops.\n", __FUNCTION__); | ||
168 | return -EINVAL; | ||
169 | } | ||
170 | |||
171 | return security_ops->unregister_security(name, ops); | ||
172 | } | ||
173 | |||
174 | /* Security operations */ | 124 | /* Security operations */ |
175 | 125 | ||
176 | int security_ptrace(struct task_struct *parent, struct task_struct *child) | 126 | int security_ptrace(struct task_struct *parent, struct task_struct *child) |
@@ -528,11 +478,6 @@ int security_inode_killpriv(struct dentry *dentry) | |||
528 | return security_ops->inode_killpriv(dentry); | 478 | return security_ops->inode_killpriv(dentry); |
529 | } | 479 | } |
530 | 480 | ||
531 | const char *security_inode_xattr_getsuffix(void) | ||
532 | { | ||
533 | return security_ops->inode_xattr_getsuffix(); | ||
534 | } | ||
535 | |||
536 | int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) | 481 | int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) |
537 | { | 482 | { |
538 | if (unlikely(IS_PRIVATE(inode))) | 483 | if (unlikely(IS_PRIVATE(inode))) |
@@ -858,7 +803,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb) | |||
858 | { | 803 | { |
859 | return security_ops->netlink_send(sk, skb); | 804 | return security_ops->netlink_send(sk, skb); |
860 | } | 805 | } |
861 | EXPORT_SYMBOL(security_netlink_send); | ||
862 | 806 | ||
863 | int security_netlink_recv(struct sk_buff *skb, int cap) | 807 | int security_netlink_recv(struct sk_buff *skb, int cap) |
864 | { | 808 | { |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 221def6a0b1d..24e1b1885de7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2409,11 +2409,6 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name) | |||
2409 | return -EACCES; | 2409 | return -EACCES; |
2410 | } | 2410 | } |
2411 | 2411 | ||
2412 | static const char *selinux_inode_xattr_getsuffix(void) | ||
2413 | { | ||
2414 | return XATTR_SELINUX_SUFFIX; | ||
2415 | } | ||
2416 | |||
2417 | /* | 2412 | /* |
2418 | * Copy the in-core inode security context value to the user. If the | 2413 | * Copy the in-core inode security context value to the user. If the |
2419 | * getxattr() prior to this succeeded, check to see if we need to | 2414 | * getxattr() prior to this succeeded, check to see if we need to |
@@ -4554,19 +4549,6 @@ static int selinux_register_security (const char *name, struct security_operatio | |||
4554 | return 0; | 4549 | return 0; |
4555 | } | 4550 | } |
4556 | 4551 | ||
4557 | static int selinux_unregister_security (const char *name, struct security_operations *ops) | ||
4558 | { | ||
4559 | if (ops != secondary_ops) { | ||
4560 | printk(KERN_ERR "%s: trying to unregister a security module " | ||
4561 | "that is not registered.\n", __FUNCTION__); | ||
4562 | return -EINVAL; | ||
4563 | } | ||
4564 | |||
4565 | secondary_ops = original_ops; | ||
4566 | |||
4567 | return 0; | ||
4568 | } | ||
4569 | |||
4570 | static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) | 4552 | static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) |
4571 | { | 4553 | { |
4572 | if (inode) | 4554 | if (inode) |
@@ -4844,7 +4826,6 @@ static struct security_operations selinux_ops = { | |||
4844 | .inode_getxattr = selinux_inode_getxattr, | 4826 | .inode_getxattr = selinux_inode_getxattr, |
4845 | .inode_listxattr = selinux_inode_listxattr, | 4827 | .inode_listxattr = selinux_inode_listxattr, |
4846 | .inode_removexattr = selinux_inode_removexattr, | 4828 | .inode_removexattr = selinux_inode_removexattr, |
4847 | .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix, | ||
4848 | .inode_getsecurity = selinux_inode_getsecurity, | 4829 | .inode_getsecurity = selinux_inode_getsecurity, |
4849 | .inode_setsecurity = selinux_inode_setsecurity, | 4830 | .inode_setsecurity = selinux_inode_setsecurity, |
4850 | .inode_listsecurity = selinux_inode_listsecurity, | 4831 | .inode_listsecurity = selinux_inode_listsecurity, |
@@ -4914,7 +4895,6 @@ static struct security_operations selinux_ops = { | |||
4914 | .sem_semop = selinux_sem_semop, | 4895 | .sem_semop = selinux_sem_semop, |
4915 | 4896 | ||
4916 | .register_security = selinux_register_security, | 4897 | .register_security = selinux_register_security, |
4917 | .unregister_security = selinux_unregister_security, | ||
4918 | 4898 | ||
4919 | .d_instantiate = selinux_d_instantiate, | 4899 | .d_instantiate = selinux_d_instantiate, |
4920 | 4900 | ||