4 files changed, 0 insertions, 34 deletions
diff --git a/security/capability.c b/security/capability.c
index 2984ea4f776f..a2c064d10448 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -999,7 +999,6 @@ void __init security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, sem_semctl);
        set_to_cap_if_null(ops, sem_semop);
        set_to_cap_if_null(ops, netlink_send);
-        set_to_cap_if_null(ops, netlink_recv);
        set_to_cap_if_null(ops, d_instantiate);
        set_to_cap_if_null(ops, getprocattr);
        set_to_cap_if_null(ops, setprocattr);
diff --git a/security/commoncap.c b/security/commoncap.c
index 89f02ff66af9..7817a763444d 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -56,14 +56,6 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
        return 0;
 }
-int cap_netlink_recv(struct sk_buff *skb, int cap)
-{
-        if (!cap_raised(current_cap(), cap))
-                return -EPERM;
-        return 0;
-}
-EXPORT_SYMBOL(cap_netlink_recv);
 /**
 * cap_capable - Determine whether a task has a particular effective capability
 * @cred: The credentials to use
diff --git a/security/security.c b/security/security.c
index 8900c5c4db5c..85481a9c5632 100644
--- a/security/security.c
+++ b/security/security.c
@@ -922,12 +922,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb)
        return security_ops->netlink_send(sk, skb);
 }
-int security_netlink_recv(struct sk_buff *skb, int cap)
-{
-        return security_ops->netlink_recv(skb, cap);
-}
-EXPORT_SYMBOL(security_netlink_recv);
 int security_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
 {
        return security_ops->secid_to_secctx(secid, secdata, seclen);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 14f94cd29c80..3e37d25a9bbe 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4713,24 +4713,6 @@ static int selinux_netlink_send(struct sock *sk, struct sk_buff *skb)
        return selinux_nlmsg_perm(sk, skb);
 }
-static int selinux_netlink_recv(struct sk_buff *skb, int capability)
-{
-        int err;
-        struct common_audit_data ad;
-        u32 sid;
-        err = cap_netlink_recv(skb, capability);
-        if (err)
-                return err;
-        COMMON_AUDIT_DATA_INIT(&ad, CAP);
-        ad.u.cap = capability;
-        security_task_getsecid(current, &sid);
-        return avc_has_perm(sid, sid, SECCLASS_CAPABILITY,
-                            CAP_TO_MASK(capability), &ad);
-}
 static int ipc_alloc_security(struct task_struct *task,
                              struct kern_ipc_perm *perm,
                              u16 sclass)
@@ -5459,7 +5441,6 @@ static struct security_operations selinux_ops = {
        .vm_enough_memory =             selinux_vm_enough_memory,
        .netlink_send =                 selinux_netlink_send,
-        .netlink_recv =                 selinux_netlink_recv,
        .bprm_set_creds =               selinux_bprm_set_creds,
        .bprm_committing_creds =        selinux_bprm_committing_creds,

diff --git a/security/capability.c b/security/capability.c index 2984ea4f776f..a2c064d10448 100644 --- a/security/capability.c +++ b/security/capability.c
@@ -999,7 +999,6 @@ void __init security_fixup_ops(struct security_operations *ops)
999	set_to_cap_if_null(ops, sem_semctl);	999	set_to_cap_if_null(ops, sem_semctl);
1000	set_to_cap_if_null(ops, sem_semop);	1000	set_to_cap_if_null(ops, sem_semop);
1001	set_to_cap_if_null(ops, netlink_send);	1001	set_to_cap_if_null(ops, netlink_send);
1002	set_to_cap_if_null(ops, netlink_recv);
1003	set_to_cap_if_null(ops, d_instantiate);	1002	set_to_cap_if_null(ops, d_instantiate);
1004	set_to_cap_if_null(ops, getprocattr);	1003	set_to_cap_if_null(ops, getprocattr);
1005	set_to_cap_if_null(ops, setprocattr);	1004	set_to_cap_if_null(ops, setprocattr);


diff --git a/security/commoncap.c b/security/commoncap.c index 89f02ff66af9..7817a763444d 100644 --- a/security/commoncap.c +++ b/security/commoncap.c
@@ -56,14 +56,6 @@ int cap_netlink_send(struct sock sk, struct sk_buff skb)
56	return 0;	56	return 0;
57	}	57	}
58		58
59	int cap_netlink_recv(struct sk_buff *skb, int cap)
60	{
61	if (!cap_raised(current_cap(), cap))
62	return -EPERM;
63	return 0;
64	}
65	EXPORT_SYMBOL(cap_netlink_recv);
66
67	/**	59	/**
68	* cap_capable - Determine whether a task has a particular effective capability	60	* cap_capable - Determine whether a task has a particular effective capability
69	* @cred: The credentials to use	61	* @cred: The credentials to use


diff --git a/security/security.c b/security/security.c index 8900c5c4db5c..85481a9c5632 100644 --- a/security/security.c +++ b/security/security.c
@@ -922,12 +922,6 @@ int security_netlink_send(struct sock sk, struct sk_buff skb)
922	return security_ops->netlink_send(sk, skb);	922	return security_ops->netlink_send(sk, skb);
923	}	923	}
924		924
925	int security_netlink_recv(struct sk_buff *skb, int cap)
926	{
927	return security_ops->netlink_recv(skb, cap);
928	}
929	EXPORT_SYMBOL(security_netlink_recv);
930
931	int security_secid_to_secctx(u32 secid, char *secdata, u32 seclen)	925	int security_secid_to_secctx(u32 secid, char *secdata, u32 seclen)
932	{	926	{
933	return security_ops->secid_to_secctx(secid, secdata, seclen);	927	return security_ops->secid_to_secctx(secid, secdata, seclen);


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 14f94cd29c80..3e37d25a9bbe 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -4713,24 +4713,6 @@ static int selinux_netlink_send(struct sock sk, struct sk_buff skb)
4713	return selinux_nlmsg_perm(sk, skb);	4713	return selinux_nlmsg_perm(sk, skb);
4714	}	4714	}
4715		4715
4716	static int selinux_netlink_recv(struct sk_buff *skb, int capability)
4717	{
4718	int err;
4719	struct common_audit_data ad;
4720	u32 sid;
4721
4722	err = cap_netlink_recv(skb, capability);
4723	if (err)
4724	return err;
4725
4726	COMMON_AUDIT_DATA_INIT(&ad, CAP);
4727	ad.u.cap = capability;
4728
4729	security_task_getsecid(current, &sid);
4730	return avc_has_perm(sid, sid, SECCLASS_CAPABILITY,
4731	CAP_TO_MASK(capability), &ad);
4732	}
4733
4734	static int ipc_alloc_security(struct task_struct *task,	4716	static int ipc_alloc_security(struct task_struct *task,
4735	struct kern_ipc_perm *perm,	4717	struct kern_ipc_perm *perm,
4736	u16 sclass)	4718	u16 sclass)
@@ -5459,7 +5441,6 @@ static struct security_operations selinux_ops = {
5459	.vm_enough_memory = selinux_vm_enough_memory,	5441	.vm_enough_memory = selinux_vm_enough_memory,
5460		5442
5461	.netlink_send = selinux_netlink_send,	5443	.netlink_send = selinux_netlink_send,
5462	.netlink_recv = selinux_netlink_recv,
5463		5444
5464	.bprm_set_creds = selinux_bprm_set_creds,	5445	.bprm_set_creds = selinux_bprm_set_creds,
5465	.bprm_committing_creds = selinux_bprm_committing_creds,	5446	.bprm_committing_creds = selinux_bprm_committing_creds,