aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/security.h20
-rw-r--r--security/capability.c8
-rw-r--r--security/keys/keyctl.c7
-rw-r--r--security/security.c7
4 files changed, 0 insertions, 42 deletions
diff --git a/include/linux/security.h b/include/linux/security.h
index 73505f0c9b75..ac536eedec90 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1067,13 +1067,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
1067 * Return the length of the string (including terminating NUL) or -ve if 1067 * Return the length of the string (including terminating NUL) or -ve if
1068 * an error. 1068 * an error.
1069 * May also return 0 (and a NULL buffer pointer) if there is no label. 1069 * May also return 0 (and a NULL buffer pointer) if there is no label.
1070 * @key_session_to_parent:
1071 * Forcibly assign the session keyring from a process to its parent
1072 * process.
1073 * @cred: Pointer to process's credentials
1074 * @parent_cred: Pointer to parent process's credentials
1075 * @keyring: Proposed new session keyring
1076 * Return 0 if permission is granted, -ve error otherwise.
1077 * 1070 *
1078 * Security hooks affecting all System V IPC operations. 1071 * Security hooks affecting all System V IPC operations.
1079 * 1072 *
@@ -1642,9 +1635,6 @@ struct security_operations {
1642 const struct cred *cred, 1635 const struct cred *cred,
1643 key_perm_t perm); 1636 key_perm_t perm);
1644 int (*key_getsecurity)(struct key *key, char **_buffer); 1637 int (*key_getsecurity)(struct key *key, char **_buffer);
1645 int (*key_session_to_parent)(const struct cred *cred,
1646 const struct cred *parent_cred,
1647 struct key *key);
1648#endif /* CONFIG_KEYS */ 1638#endif /* CONFIG_KEYS */
1649 1639
1650#ifdef CONFIG_AUDIT 1640#ifdef CONFIG_AUDIT
@@ -2918,9 +2908,6 @@ void security_key_free(struct key *key);
2918int security_key_permission(key_ref_t key_ref, 2908int security_key_permission(key_ref_t key_ref,
2919 const struct cred *cred, key_perm_t perm); 2909 const struct cred *cred, key_perm_t perm);
2920int security_key_getsecurity(struct key *key, char **_buffer); 2910int security_key_getsecurity(struct key *key, char **_buffer);
2921int security_key_session_to_parent(const struct cred *cred,
2922 const struct cred *parent_cred,
2923 struct key *key);
2924 2911
2925#else 2912#else
2926 2913
@@ -2948,13 +2935,6 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer)
2948 return 0; 2935 return 0;
2949} 2936}
2950 2937
2951static inline int security_key_session_to_parent(const struct cred *cred,
2952 const struct cred *parent_cred,
2953 struct key *key)
2954{
2955 return 0;
2956}
2957
2958#endif 2938#endif
2959#endif /* CONFIG_KEYS */ 2939#endif /* CONFIG_KEYS */
2960 2940
diff --git a/security/capability.c b/security/capability.c
index 247c04edd468..8cc2b8f3b166 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -826,13 +826,6 @@ static int cap_key_getsecurity(struct key *key, char **_buffer)
826 return 0; 826 return 0;
827} 827}
828 828
829static int cap_key_session_to_parent(const struct cred *cred,
830 const struct cred *parent_cred,
831 struct key *key)
832{
833 return 0;
834}
835
836#endif /* CONFIG_KEYS */ 829#endif /* CONFIG_KEYS */
837 830
838#ifdef CONFIG_AUDIT 831#ifdef CONFIG_AUDIT
@@ -1053,7 +1046,6 @@ void security_fixup_ops(struct security_operations *ops)
1053 set_to_cap_if_null(ops, key_free); 1046 set_to_cap_if_null(ops, key_free);
1054 set_to_cap_if_null(ops, key_permission); 1047 set_to_cap_if_null(ops, key_permission);
1055 set_to_cap_if_null(ops, key_getsecurity); 1048 set_to_cap_if_null(ops, key_getsecurity);
1056 set_to_cap_if_null(ops, key_session_to_parent);
1057#endif /* CONFIG_KEYS */ 1049#endif /* CONFIG_KEYS */
1058#ifdef CONFIG_AUDIT 1050#ifdef CONFIG_AUDIT
1059 set_to_cap_if_null(ops, audit_rule_init); 1051 set_to_cap_if_null(ops, audit_rule_init);
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c
index e9c2e7c584d9..34b302b40dea 100644
--- a/security/keys/keyctl.c
+++ b/security/keys/keyctl.c
@@ -1295,13 +1295,6 @@ long keyctl_session_to_parent(void)
1295 mycred->tgcred->session_keyring->uid != mycred->euid) 1295 mycred->tgcred->session_keyring->uid != mycred->euid)
1296 goto not_permitted; 1296 goto not_permitted;
1297 1297
1298 /* the LSM must permit the replacement of the parent's keyring with the
1299 * keyring from this process */
1300 ret = security_key_session_to_parent(mycred, pcred,
1301 key_ref_to_ptr(keyring_r));
1302 if (ret < 0)
1303 goto not_permitted;
1304
1305 /* if there's an already pending keyring replacement, then we replace 1298 /* if there's an already pending keyring replacement, then we replace
1306 * that */ 1299 * that */
1307 oldcred = parent->replacement_session_keyring; 1300 oldcred = parent->replacement_session_keyring;
diff --git a/security/security.c b/security/security.c
index 5cf9ca6890f6..490f77753b2d 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1262,13 +1262,6 @@ int security_key_getsecurity(struct key *key, char **_buffer)
1262 return security_ops->key_getsecurity(key, _buffer); 1262 return security_ops->key_getsecurity(key, _buffer);
1263} 1263}
1264 1264
1265int security_key_session_to_parent(const struct cred *cred,
1266 const struct cred *parent_cred,
1267 struct key *key)
1268{
1269 return security_ops->key_session_to_parent(cred, parent_cred, key);
1270}
1271
1272#endif /* CONFIG_KEYS */ 1265#endif /* CONFIG_KEYS */
1273 1266
1274#ifdef CONFIG_AUDIT 1267#ifdef CONFIG_AUDIT
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-20 05:35:20 -0500