6 files changed, 5 insertions, 105 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 43c6357568a3..31c8851ec5d0 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1239,11 +1239,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
 *      @pages contains the number of pages.
 *      Return 0 if permission is granted.
 *
- * @register_security:
- *      allow module stacking.
- *      @name contains the name of the security module being stacked.
- *      @ops contains a pointer to the struct security_operations of the module to stack.
- *
 * @secid_to_secctx:
 *      Convert secid to security context.
 *      @secid contains the security ID.
@@ -1471,10 +1466,6 @@ struct security_operations {
        int (*netlink_send) (struct sock *sk, struct sk_buff *skb);
        int (*netlink_recv) (struct sk_buff *skb, int cap);
-        /* allow module stacking */
-        int (*register_security) (const char *name,
-                                  struct security_operations *ops);
        void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
        int (*getprocattr) (struct task_struct *p, char *name, char **value);
@@ -1564,7 +1555,6 @@ struct security_operations {
 extern int security_init(void);
 extern int security_module_enable(struct security_operations *ops);
 extern int register_security(struct security_operations *ops);
-extern int mod_reg_security(const char *name, struct security_operations *ops);
 extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
                                             struct dentry *parent, void *data,
                                             const struct file_operations *fops);
diff --git a/security/capability.c b/security/capability.c
index 6e0671c82018..5b01c0b02422 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -721,12 +721,6 @@ static int cap_xfrm_decode_session(struct sk_buff *skb, u32 *fl, int ckall)
 }
 #endif /* CONFIG_SECURITY_NETWORK_XFRM */
-static int cap_register_security(const char *name,
-                                 struct security_operations *ops)
-{
-        return -EINVAL;
-}
 static void cap_d_instantiate(struct dentry *dentry, struct inode *inode)
 {
 }
@@ -940,7 +934,6 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, sem_semop);
        set_to_cap_if_null(ops, netlink_send);
        set_to_cap_if_null(ops, netlink_recv);
-        set_to_cap_if_null(ops, register_security);
        set_to_cap_if_null(ops, d_instantiate);
        set_to_cap_if_null(ops, getprocattr);
        set_to_cap_if_null(ops, setprocattr);
diff --git a/security/root_plug.c b/security/root_plug.c
index a41cf42a4fa0..be0ebec2580b 100644
--- a/security/root_plug.c
+++ b/security/root_plug.c
@@ -28,9 +28,6 @@
 #include <linux/usb.h>
 #include <linux/moduleparam.h>
-/* flag to keep track of how we were registered */
-static int secondary;
 /* default is a generic type of usb to serial converter */
 static int vendor_id = 0x0557;
 static int product_id = 0x2008;
@@ -97,13 +94,7 @@ static int __init rootplug_init (void)
        if (register_security (&rootplug_security_ops)) {
                printk (KERN_INFO 
                        "Failure registering Root Plug module with the kernel\n");
-                /* try registering with primary module */
-                if (mod_reg_security (MY_NAME, &rootplug_security_ops)) {
-                        printk (KERN_INFO "Failure registering Root Plug "
-                                " module with primary security module.\n");
                        return -EINVAL;
-                }
-                secondary = 1;
        }
        printk (KERN_INFO "Root Plug module initialized, "
                "vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);
diff --git a/security/security.c b/security/security.c
index 30b0278de394..59f23b5918b3 100644
--- a/security/security.c
+++ b/security/security.c
@@ -125,35 +125,6 @@ int register_security(struct security_operations *ops)
        return 0;
 }
-/**
- * mod_reg_security - allows security modules to be "stacked"
- * @name: a pointer to a string with the name of the security_options to be registered
- * @ops: a pointer to the struct security_options that is to be registered
- *
- * This function allows security modules to be stacked if the currently loaded
- * security module allows this to happen.  It passes the @name and @ops to the
- * register_security function of the currently loaded security module.
- *
- * The return value depends on the currently loaded security module, with 0 as
- * success.
- */
-int mod_reg_security(const char *name, struct security_operations *ops)
-{
-        if (verify(ops)) {
-                printk(KERN_INFO "%s could not verify "
-                       "security operations.\n", __func__);
-                return -EINVAL;
-        }
-        if (ops == security_ops) {
-                printk(KERN_INFO "%s security operations "
-                       "already registered.\n", __func__);
-                return -EINVAL;
-        }
-        return security_ops->register_security(name, ops);
-}
 /* Security operations */
 int security_ptrace(struct task_struct *parent, struct task_struct *child,
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 745a69e74e38..91200feb3f9c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -126,13 +126,11 @@ __setup("selinux=", selinux_enabled_setup);
 int selinux_enabled = 1;
 #endif
-/* Original (dummy) security module. */
-static struct security_operations *original_ops;
-/* Minimal support for a secondary security module,
+/*
-   just to allow the use of the dummy or capability modules.
+ * Minimal support for a secondary security module,
-   The owlsm module can alternatively be used as a secondary
+ * just to allow the use of the capability module.
-   module as long as CONFIG_OWLSM_FD is not enabled. */
+ */
 static struct security_operations *secondary_ops;
 /* Lists of inode and superblock security structures initialized
@@ -5115,24 +5113,6 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm *ipcp, u32 *secid)
        *secid = isec->sid;
 }
-/* module stacking operations */
-static int selinux_register_security(const char *name, struct security_operations *ops)
-{
-        if (secondary_ops != original_ops) {
-                printk(KERN_ERR "%s:  There is already a secondary security "
-                       "module registered.\n", __func__);
-                return -EINVAL;
-        }
-        secondary_ops = ops;
-        printk(KERN_INFO "%s:  Registering secondary module %s\n",
-               __func__,
-               name);
-        return 0;
-}
 static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
 {
        if (inode)
@@ -5517,8 +5497,6 @@ static struct security_operations selinux_ops = {
        .sem_semctl =                   selinux_sem_semctl,
        .sem_semop =                    selinux_sem_semop,
-        .register_security =            selinux_register_security,
        .d_instantiate =                selinux_d_instantiate,
        .getprocattr =                  selinux_getprocattr,
@@ -5612,7 +5590,7 @@ static __init int selinux_init(void)
                                            0, SLAB_PANIC, NULL);
        avc_init();
-        original_ops = secondary_ops = security_ops;
+        secondary_ops = security_ops;
        if (!secondary_ops)
                panic("SELinux: No initial security operations\n");
        if (register_security(&selinux_ops))
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3c7150b3493d..ee5a51cbc5eb 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1822,27 +1822,6 @@ static void smack_ipc_getsecid(struct kern_ipc_perm *ipp, u32 *secid)
        *secid = smack_to_secid(smack);
 }
-/* module stacking operations */
-/**
- * smack_register_security - stack capability module
- * @name: module name
- * @ops: module operations - ignored
- *
- * Allow the capability module to register.
- */
-static int smack_register_security(const char *name,
-                                   struct security_operations *ops)
-{
-        if (strcmp(name, "capability") != 0)
-                return -EINVAL;
-        printk(KERN_INFO "%s:  Registering secondary module %s\n",
-               __func__, name);
-        return 0;
-}
 /**
 * smack_d_instantiate - Make sure the blob is correct on an inode
 * @opt_dentry: unused
@@ -2673,8 +2652,6 @@ struct security_operations smack_ops = {
        .netlink_send =                 cap_netlink_send,
        .netlink_recv =                 cap_netlink_recv,
-        .register_security =            smack_register_security,
        .d_instantiate =                smack_d_instantiate,
        .getprocattr =                  smack_getprocattr,

diff --git a/include/linux/security.h b/include/linux/security.h index 43c6357568a3..31c8851ec5d0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -1239,11 +1239,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1239	* @pages contains the number of pages.	1239	* @pages contains the number of pages.
1240	* Return 0 if permission is granted.	1240	* Return 0 if permission is granted.
1241	*	1241	*
1242	* @register_security:
1243	* allow module stacking.
1244	* @name contains the name of the security module being stacked.
1245	* @ops contains a pointer to the struct security_operations of the module to stack.
1246	*
1247	* @secid_to_secctx:	1242	* @secid_to_secctx:
1248	* Convert secid to security context.	1243	* Convert secid to security context.
1249	* @secid contains the security ID.	1244	* @secid contains the security ID.
@@ -1471,10 +1466,6 @@ struct security_operations {
1471	int (netlink_send) (struct sock sk, struct sk_buff *skb);	1466	int (netlink_send) (struct sock sk, struct sk_buff *skb);
1472	int (netlink_recv) (struct sk_buff skb, int cap);	1467	int (netlink_recv) (struct sk_buff skb, int cap);
1473		1468
1474	/* allow module stacking */
1475	int (register_security) (const char name,
1476	struct security_operations *ops);
1477
1478	void (d_instantiate) (struct dentry dentry, struct inode *inode);	1469	void (d_instantiate) (struct dentry dentry, struct inode *inode);
1479		1470
1480	int (getprocattr) (struct task_struct p, char name, char *value);	1471	int (getprocattr) (struct task_struct p, char name, char *value);
@@ -1564,7 +1555,6 @@ struct security_operations {
1564	extern int security_init(void);	1555	extern int security_init(void);
1565	extern int security_module_enable(struct security_operations *ops);	1556	extern int security_module_enable(struct security_operations *ops);
1566	extern int register_security(struct security_operations *ops);	1557	extern int register_security(struct security_operations *ops);
1567	extern int mod_reg_security(const char name, struct security_operations ops);
1568	extern struct dentry securityfs_create_file(const char name, mode_t mode,	1558	extern struct dentry securityfs_create_file(const char name, mode_t mode,
1569	struct dentry parent, void data,	1559	struct dentry parent, void data,
1570	const struct file_operations *fops);	1560	const struct file_operations *fops);


diff --git a/security/capability.c b/security/capability.c index 6e0671c82018..5b01c0b02422 100644 --- a/security/capability.c +++ b/security/capability.c
@@ -721,12 +721,6 @@ static int cap_xfrm_decode_session(struct sk_buff skb, u32 fl, int ckall)
721	}	721	}
722		722
723	#endif /* CONFIG_SECURITY_NETWORK_XFRM */	723	#endif /* CONFIG_SECURITY_NETWORK_XFRM */
724	static int cap_register_security(const char *name,
725	struct security_operations *ops)
726	{
727	return -EINVAL;
728	}
729
730	static void cap_d_instantiate(struct dentry dentry, struct inode inode)	724	static void cap_d_instantiate(struct dentry dentry, struct inode inode)
731	{	725	{
732	}	726	}
@@ -940,7 +934,6 @@ void security_fixup_ops(struct security_operations *ops)
940	set_to_cap_if_null(ops, sem_semop);	934	set_to_cap_if_null(ops, sem_semop);
941	set_to_cap_if_null(ops, netlink_send);	935	set_to_cap_if_null(ops, netlink_send);
942	set_to_cap_if_null(ops, netlink_recv);	936	set_to_cap_if_null(ops, netlink_recv);
943	set_to_cap_if_null(ops, register_security);
944	set_to_cap_if_null(ops, d_instantiate);	937	set_to_cap_if_null(ops, d_instantiate);
945	set_to_cap_if_null(ops, getprocattr);	938	set_to_cap_if_null(ops, getprocattr);
946	set_to_cap_if_null(ops, setprocattr);	939	set_to_cap_if_null(ops, setprocattr);


diff --git a/security/root_plug.c b/security/root_plug.c index a41cf42a4fa0..be0ebec2580b 100644 --- a/security/root_plug.c +++ b/security/root_plug.c
@@ -28,9 +28,6 @@
28	#include <linux/usb.h>	28	#include <linux/usb.h>
29	#include <linux/moduleparam.h>	29	#include <linux/moduleparam.h>
30		30
31	/* flag to keep track of how we were registered */
32	static int secondary;
33
34	/* default is a generic type of usb to serial converter */	31	/* default is a generic type of usb to serial converter */
35	static int vendor_id = 0x0557;	32	static int vendor_id = 0x0557;
36	static int product_id = 0x2008;	33	static int product_id = 0x2008;
@@ -97,13 +94,7 @@ static int __init rootplug_init (void)
97	if (register_security (&rootplug_security_ops)) {	94	if (register_security (&rootplug_security_ops)) {
98	printk (KERN_INFO	95	printk (KERN_INFO
99	"Failure registering Root Plug module with the kernel\n");	96	"Failure registering Root Plug module with the kernel\n");
100	/* try registering with primary module */
101	if (mod_reg_security (MY_NAME, &rootplug_security_ops)) {
102	printk (KERN_INFO "Failure registering Root Plug "
103	" module with primary security module.\n");
104	return -EINVAL;	97	return -EINVAL;
105	}
106	secondary = 1;
107	}	98	}
108	printk (KERN_INFO "Root Plug module initialized, "	99	printk (KERN_INFO "Root Plug module initialized, "
109	"vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);	100	"vendor_id = %4.4x, product id = %4.4x\n", vendor_id, product_id);


diff --git a/security/security.c b/security/security.c index 30b0278de394..59f23b5918b3 100644 --- a/security/security.c +++ b/security/security.c
@@ -125,35 +125,6 @@ int register_security(struct security_operations *ops)
125	return 0;	125	return 0;
126	}	126	}
127		127
128	/**
129	* mod_reg_security - allows security modules to be "stacked"
130	* @name: a pointer to a string with the name of the security_options to be registered
131	* @ops: a pointer to the struct security_options that is to be registered
132	*
133	* This function allows security modules to be stacked if the currently loaded
134	* security module allows this to happen. It passes the @name and @ops to the
135	* register_security function of the currently loaded security module.
136	*
137	* The return value depends on the currently loaded security module, with 0 as
138	* success.
139	*/
140	int mod_reg_security(const char name, struct security_operations ops)
141	{
142	if (verify(ops)) {
143	printk(KERN_INFO "%s could not verify "
144	"security operations.\n", __func__);
145	return -EINVAL;
146	}
147
148	if (ops == security_ops) {
149	printk(KERN_INFO "%s security operations "
150	"already registered.\n", __func__);
151	return -EINVAL;
152	}
153
154	return security_ops->register_security(name, ops);
155	}
156
157	/* Security operations */	128	/* Security operations */
158		129
159	int security_ptrace(struct task_struct parent, struct task_struct child,	130	int security_ptrace(struct task_struct parent, struct task_struct child,


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 745a69e74e38..91200feb3f9c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -126,13 +126,11 @@ __setup("selinux=", selinux_enabled_setup);
126	int selinux_enabled = 1;	126	int selinux_enabled = 1;
127	#endif	127	#endif
128		128
129	/* Original (dummy) security module. */
130	static struct security_operations *original_ops;
131		129
132	/* Minimal support for a secondary security module,	130	/*
133	just to allow the use of the dummy or capability modules.	131	* Minimal support for a secondary security module,
134	The owlsm module can alternatively be used as a secondary	132	* just to allow the use of the capability module.
135	module as long as CONFIG_OWLSM_FD is not enabled. */	133	*/
136	static struct security_operations *secondary_ops;	134	static struct security_operations *secondary_ops;
137		135
138	/* Lists of inode and superblock security structures initialized	136	/* Lists of inode and superblock security structures initialized
@@ -5115,24 +5113,6 @@ static void selinux_ipc_getsecid(struct kern_ipc_perm ipcp, u32 secid)
5115	*secid = isec->sid;	5113	*secid = isec->sid;
5116	}	5114	}
5117		5115
5118	/* module stacking operations */
5119	static int selinux_register_security(const char name, struct security_operations ops)
5120	{
5121	if (secondary_ops != original_ops) {
5122	printk(KERN_ERR "%s: There is already a secondary security "
5123	"module registered.\n", __func__);
5124	return -EINVAL;
5125	}
5126
5127	secondary_ops = ops;
5128
5129	printk(KERN_INFO "%s: Registering secondary module %s\n",
5130	__func__,
5131	name);
5132
5133	return 0;
5134	}
5135
5136	static void selinux_d_instantiate(struct dentry dentry, struct inode inode)	5116	static void selinux_d_instantiate(struct dentry dentry, struct inode inode)
5137	{	5117	{
5138	if (inode)	5118	if (inode)
@@ -5517,8 +5497,6 @@ static struct security_operations selinux_ops = {
5517	.sem_semctl = selinux_sem_semctl,	5497	.sem_semctl = selinux_sem_semctl,
5518	.sem_semop = selinux_sem_semop,	5498	.sem_semop = selinux_sem_semop,
5519		5499
5520	.register_security = selinux_register_security,
5521
5522	.d_instantiate = selinux_d_instantiate,	5500	.d_instantiate = selinux_d_instantiate,
5523		5501
5524	.getprocattr = selinux_getprocattr,	5502	.getprocattr = selinux_getprocattr,
@@ -5612,7 +5590,7 @@ static __init int selinux_init(void)
5612	0, SLAB_PANIC, NULL);	5590	0, SLAB_PANIC, NULL);
5613	avc_init();	5591	avc_init();
5614		5592
5615	original_ops = secondary_ops = security_ops;	5593	secondary_ops = security_ops;
5616	if (!secondary_ops)	5594	if (!secondary_ops)
5617	panic("SELinux: No initial security operations\n");	5595	panic("SELinux: No initial security operations\n");
5618	if (register_security(&selinux_ops))	5596	if (register_security(&selinux_ops))


diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3c7150b3493d..ee5a51cbc5eb 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -1822,27 +1822,6 @@ static void smack_ipc_getsecid(struct kern_ipc_perm ipp, u32 secid)
1822	*secid = smack_to_secid(smack);	1822	*secid = smack_to_secid(smack);
1823	}	1823	}
1824		1824
1825	/* module stacking operations */
1826
1827	/**
1828	* smack_register_security - stack capability module
1829	* @name: module name
1830	* @ops: module operations - ignored
1831	*
1832	* Allow the capability module to register.
1833	*/
1834	static int smack_register_security(const char *name,
1835	struct security_operations *ops)
1836	{
1837	if (strcmp(name, "capability") != 0)
1838	return -EINVAL;
1839
1840	printk(KERN_INFO "%s: Registering secondary module %s\n",
1841	__func__, name);
1842
1843	return 0;
1844	}
1845
1846	/**	1825	/**
1847	* smack_d_instantiate - Make sure the blob is correct on an inode	1826	* smack_d_instantiate - Make sure the blob is correct on an inode
1848	* @opt_dentry: unused	1827	* @opt_dentry: unused
@@ -2673,8 +2652,6 @@ struct security_operations smack_ops = {
2673	.netlink_send = cap_netlink_send,	2652	.netlink_send = cap_netlink_send,
2674	.netlink_recv = cap_netlink_recv,	2653	.netlink_recv = cap_netlink_recv,
2675		2654
2676	.register_security = smack_register_security,
2677
2678	.d_instantiate = smack_d_instantiate,	2655	.d_instantiate = smack_d_instantiate,
2679		2656
2680	.getprocattr = smack_getprocattr,	2657	.getprocattr = smack_getprocattr,