From 353633100d8d684ac0acae4ce93fb833f92881f4 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:15 -0400 Subject: security: remove sb_check_sb hooks Unused hook. Remove it. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 233d20b..9ebd2e4 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -267,12 +267,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @orig the original mount data copied from userspace. * @copy copied data which will be passed to the security module. * Returns 0 if the copy was successful. - * @sb_check_sb: - * Check permission before the device with superblock @mnt->sb is mounted - * on the mount point named by @nd. - * @mnt contains the vfsmount for device being mounted. - * @path contains the path for the mount point. - * Return 0 if permission is granted. * @sb_umount: * Check permission before the @mnt file system is unmounted. * @mnt contains the mounted file system. @@ -1484,7 +1478,6 @@ struct security_operations { int (*sb_statfs) (struct dentry *dentry); int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); - int (*sb_check_sb) (struct vfsmount *mnt, struct path *path); int (*sb_umount) (struct vfsmount *mnt, int flags); void (*sb_umount_close) (struct vfsmount *mnt); void (*sb_umount_busy) (struct vfsmount *mnt); @@ -1783,7 +1776,6 @@ int security_sb_show_options(struct seq_file *m, struct super_block *sb); int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); -int security_sb_check_sb(struct vfsmount *mnt, struct path *path); int security_sb_umount(struct vfsmount *mnt, int flags); void security_sb_umount_close(struct vfsmount *mnt); void security_sb_umount_busy(struct vfsmount *mnt); @@ -2099,12 +2091,6 @@ static inline int security_sb_mount(char *dev_name, struct path *path, return 0; } -static inline int security_sb_check_sb(struct vfsmount *mnt, - struct path *path) -{ - return 0; -} - static inline int security_sb_umount(struct vfsmount *mnt, int flags) { return 0; -- cgit v1.1 From 231923bd0e06cba69f7c2028f4a68602b8d22160 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:21 -0400 Subject: security: remove dead hook sb_umount_close Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 10 ---------- 1 file changed, 10 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 9ebd2e4..354b0ce 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,11 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_umount_close: - * Close any files in the @mnt mounted filesystem that are held open by - * the security module. This hook is called during an umount operation - * prior to checking whether the filesystem is still busy. - * @mnt contains the mounted filesystem. * @sb_umount_busy: * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening * any files that were closed by umount_close. This hook is called during @@ -1479,7 +1474,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_umount_close) (struct vfsmount *mnt); void (*sb_umount_busy) (struct vfsmount *mnt); void (*sb_post_remount) (struct vfsmount *mnt, unsigned long flags, void *data); @@ -1777,7 +1771,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_umount_close(struct vfsmount *mnt); void security_sb_umount_busy(struct vfsmount *mnt); void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); @@ -2096,9 +2089,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_umount_close(struct vfsmount *mnt) -{ } - static inline void security_sb_umount_busy(struct vfsmount *mnt) { } -- cgit v1.1 From 4b61d12c84293ac061909f27f567c1905e4d90e3 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:27 -0400 Subject: security: remove dead hook sb_umount_busy Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 354b0ce..b206795 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,12 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_umount_busy: - * Handle a failed umount of the @mnt mounted filesystem, e.g. re-opening - * any files that were closed by umount_close. This hook is called during - * an umount operation if the umount fails after a call to the - * umount_close hook. - * @mnt contains the mounted filesystem. * @sb_post_remount: * Update the security module's state when a filesystem is remounted. * This hook is only called if the remount was successful. @@ -1474,7 +1468,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_umount_busy) (struct vfsmount *mnt); void (*sb_post_remount) (struct vfsmount *mnt, unsigned long flags, void *data); void (*sb_post_addmount) (struct vfsmount *mnt, @@ -1771,7 +1764,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_umount_busy(struct vfsmount *mnt); void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); int security_sb_pivotroot(struct path *old_path, struct path *new_path); @@ -2089,9 +2081,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_umount_busy(struct vfsmount *mnt) -{ } - static inline void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data) { } -- cgit v1.1 From 82dab10453d65ad9ca551de5b8925673ca05c7e9 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:33 -0400 Subject: security: remove dead hook sb_post_remount Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index b206795..338617a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,12 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_post_remount: - * Update the security module's state when a filesystem is remounted. - * This hook is only called if the remount was successful. - * @mnt contains the mounted file system. - * @flags contains the new filesystem flags. - * @data contains the filesystem-specific data. * @sb_post_addmount: * Update the security module's state when a filesystem is mounted. * This hook is called any time a mount is successfully grafetd to @@ -1468,8 +1462,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_post_remount) (struct vfsmount *mnt, - unsigned long flags, void *data); void (*sb_post_addmount) (struct vfsmount *mnt, struct path *mountpoint); int (*sb_pivotroot) (struct path *old_path, @@ -1764,7 +1756,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_post_remount(struct vfsmount *mnt, unsigned long flags, void *data); void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); int security_sb_pivotroot(struct path *old_path, struct path *new_path); void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); @@ -2081,10 +2072,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_post_remount(struct vfsmount *mnt, - unsigned long flags, void *data) -{ } - static inline void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint) { } -- cgit v1.1 From 3db291017753e539af64c8bab373785f34e43ed2 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:39 -0400 Subject: security: remove dead hook sb_post_addmount Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 13 ------------- 1 file changed, 13 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 338617a..a42d733 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -272,12 +272,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt contains the mounted file system. * @flags contains the unmount flags, e.g. MNT_FORCE. * Return 0 if permission is granted. - * @sb_post_addmount: - * Update the security module's state when a filesystem is mounted. - * This hook is called any time a mount is successfully grafetd to - * the tree. - * @mnt contains the mounted filesystem. - * @mountpoint contains the path for the mount point. * @sb_pivotroot: * Check permission before pivoting the root filesystem. * @old_path contains the path for the new location of the current root (put_old). @@ -1462,8 +1456,6 @@ struct security_operations { int (*sb_mount) (char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int (*sb_umount) (struct vfsmount *mnt, int flags); - void (*sb_post_addmount) (struct vfsmount *mnt, - struct path *mountpoint); int (*sb_pivotroot) (struct path *old_path, struct path *new_path); void (*sb_post_pivotroot) (struct path *old_path, @@ -1756,7 +1748,6 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -void security_sb_post_addmount(struct vfsmount *mnt, struct path *mountpoint); int security_sb_pivotroot(struct path *old_path, struct path *new_path); void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); @@ -2072,10 +2063,6 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline void security_sb_post_addmount(struct vfsmount *mnt, - struct path *mountpoint) -{ } - static inline int security_sb_pivotroot(struct path *old_path, struct path *new_path) { -- cgit v1.1 From 91a9420f5826db482030c21eca8c507271bbc441 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:45 -0400 Subject: security: remove dead hook sb_post_pivotroot Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index a42d733..4de5bbb 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -277,10 +277,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @old_path contains the path for the new location of the current root (put_old). * @new_path contains the path for the new root (new_root). * Return 0 if permission is granted. - * @sb_post_pivotroot: - * Update module state after a successful pivot. - * @old_path contains the path for the old root. - * @new_path contains the path for the new root. * @sb_set_mnt_opts: * Set the security relevant mount options used for a superblock * @sb the superblock to set security mount options for @@ -1458,8 +1454,6 @@ struct security_operations { int (*sb_umount) (struct vfsmount *mnt, int flags); int (*sb_pivotroot) (struct path *old_path, struct path *new_path); - void (*sb_post_pivotroot) (struct path *old_path, - struct path *new_path); int (*sb_set_mnt_opts) (struct super_block *sb, struct security_mnt_opts *opts); void (*sb_clone_mnt_opts) (const struct super_block *oldsb, @@ -1749,7 +1743,6 @@ int security_sb_mount(char *dev_name, struct path *path, char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); int security_sb_pivotroot(struct path *old_path, struct path *new_path); -void security_sb_post_pivotroot(struct path *old_path, struct path *new_path); int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts); void security_sb_clone_mnt_opts(const struct super_block *oldsb, struct super_block *newsb); @@ -2069,10 +2062,6 @@ static inline int security_sb_pivotroot(struct path *old_path, return 0; } -static inline void security_sb_post_pivotroot(struct path *old_path, - struct path *new_path) -{ } - static inline int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts) { -- cgit v1.1 From 9d5ed77dadc66a72b40419c91df942adfa55a102 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:50 -0400 Subject: security: remove dead hook inode_delete Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 4de5bbb..ef6edc7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -478,12 +478,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @mnt is the vfsmount where the dentry was looked up * @dentry contains the dentry structure for the file. * Return 0 if permission is granted. - * @inode_delete: - * @inode contains the inode structure for deleted inode. - * This hook is called when a deleted inode is released (i.e. an inode - * with no hard links has its use count drop to zero). A security module - * can use this hook to release any persistent label associated with the - * inode. * @inode_setxattr: * Check permission before setting the extended attributes * @value identified by @name for @dentry. @@ -1502,7 +1496,6 @@ struct security_operations { int (*inode_permission) (struct inode *inode, int mask); int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); - void (*inode_delete) (struct inode *inode); int (*inode_setxattr) (struct dentry *dentry, const char *name, const void *value, size_t size, int flags); void (*inode_post_setxattr) (struct dentry *dentry, const char *name, @@ -1768,7 +1761,6 @@ int security_inode_follow_link(struct dentry *dentry, struct nameidata *nd); int security_inode_permission(struct inode *inode, int mask); int security_inode_setattr(struct dentry *dentry, struct iattr *attr); int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); -void security_inode_delete(struct inode *inode); int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags); void security_inode_post_setxattr(struct dentry *dentry, const char *name, @@ -2177,9 +2169,6 @@ static inline int security_inode_getattr(struct vfsmount *mnt, return 0; } -static inline void security_inode_delete(struct inode *inode) -{ } - static inline int security_inode_setxattr(struct dentry *dentry, const char *name, const void *value, size_t size, int flags) { -- cgit v1.1 From 0968d0060a3c885e53d453380266c7792a55d302 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:14:56 -0400 Subject: security: remove dead hook cred_commit Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 11 ----------- 1 file changed, 11 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index ef6edc7..33b0c1b 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -652,10 +652,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @old points to the original credentials. * @gfp indicates the atomicity of any memory allocations. * Prepare a new set of credentials by copying the data from the old set. - * @cred_commit: - * @new points to the new credentials. - * @old points to the original credentials. - * Install a new set of credentials. * @cred_transfer: * @new points to the new credentials. * @old points to the original credentials. @@ -1536,7 +1532,6 @@ struct security_operations { void (*cred_free) (struct cred *cred); int (*cred_prepare)(struct cred *new, const struct cred *old, gfp_t gfp); - void (*cred_commit)(struct cred *new, const struct cred *old); void (*cred_transfer)(struct cred *new, const struct cred *old); int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); @@ -1794,7 +1789,6 @@ int security_task_create(unsigned long clone_flags); int security_cred_alloc_blank(struct cred *cred, gfp_t gfp); void security_cred_free(struct cred *cred); int security_prepare_creds(struct cred *new, const struct cred *old, gfp_t gfp); -void security_commit_creds(struct cred *new, const struct cred *old); void security_transfer_creds(struct cred *new, const struct cred *old); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); @@ -2315,11 +2309,6 @@ static inline int security_prepare_creds(struct cred *new, return 0; } -static inline void security_commit_creds(struct cred *new, - const struct cred *old) -{ -} - static inline void security_transfer_creds(struct cred *new, const struct cred *old) { -- cgit v1.1 From 43ed8c3b4573d5f5cd314937fee63b4ab046ac5f Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:02 -0400 Subject: security: remove dead hook task_setuid Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 33b0c1b..447c57f 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -674,18 +674,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * userspace to load a kernel module with the given name. * @kmod_name name of the module requested by the kernel * Return 0 if successful. - * @task_setuid: - * Check permission before setting one or more of the user identity - * attributes of the current process. The @flags parameter indicates - * which of the set*uid system calls invoked this hook and how to - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID - * definitions at the beginning of this file for the @flags values and - * their meanings. - * @id0 contains a uid. - * @id1 contains a uid. - * @id2 contains a uid. - * @flags contains one of the LSM_SETID_* values. - * Return 0 if permission is granted. * @task_fix_setuid: * Update the module's state after setting one or more of the user * identity attributes of the current process. The @flags parameter @@ -1536,7 +1524,6 @@ struct security_operations { int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); - int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); int (*task_fix_setuid) (struct cred *new, const struct cred *old, int flags); int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); @@ -1793,7 +1780,6 @@ void security_transfer_creds(struct cred *new, const struct cred *old); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags); int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); @@ -2330,12 +2316,6 @@ static inline int security_kernel_module_request(char *kmod_name) return 0; } -static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, - int flags) -{ - return 0; -} - static inline int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) -- cgit v1.1 From 06ad187e280e725e356c62c3a30ddcd01564f8be Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:08 -0400 Subject: security: remove dead hook task_setgid Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 447c57f..04ce0d6 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -683,18 +683,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @old is the set of credentials that are being replaces * @flags contains one of the LSM_SETID_* values. * Return 0 on success. - * @task_setgid: - * Check permission before setting one or more of the group identity - * attributes of the current process. The @flags parameter indicates - * which of the set*gid system calls invoked this hook and how to - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID - * definitions at the beginning of this file for the @flags values and - * their meanings. - * @id0 contains a gid. - * @id1 contains a gid. - * @id2 contains a gid. - * @flags contains one of the LSM_SETID_* values. - * Return 0 if permission is granted. * @task_setpgid: * Check permission before setting the process group identifier of the * process @p to @pgid. @@ -1526,7 +1514,6 @@ struct security_operations { int (*kernel_module_request)(char *kmod_name); int (*task_fix_setuid) (struct cred *new, const struct cred *old, int flags); - int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); int (*task_setpgid) (struct task_struct *p, pid_t pgid); int (*task_getpgid) (struct task_struct *p); int (*task_getsid) (struct task_struct *p); @@ -1782,7 +1769,6 @@ int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags); -int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); @@ -2323,12 +2309,6 @@ static inline int security_task_fix_setuid(struct cred *new, return cap_task_fix_setuid(new, old, flags); } -static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, - int flags) -{ - return 0; -} - static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) { return 0; -- cgit v1.1 From 6307f8fee295b364716d28686df6e69c2fee751a Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:13 -0400 Subject: security: remove dead hook task_setgroups Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 12 ------------ 1 file changed, 12 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 04ce0d6..73505f0 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -704,11 +704,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @p contains the task_struct for the process and place is into @secid. * In case of failure, @secid will be set to zero. * - * @task_setgroups: - * Check permission before setting the supplementary group set of the - * current process. - * @group_info contains the new group information. - * Return 0 if permission is granted. * @task_setnice: * Check permission before setting the nice value of @p to @nice. * @p contains the task_struct of process. @@ -1518,7 +1513,6 @@ struct security_operations { int (*task_getpgid) (struct task_struct *p); int (*task_getsid) (struct task_struct *p); void (*task_getsecid) (struct task_struct *p, u32 *secid); - int (*task_setgroups) (struct group_info *group_info); int (*task_setnice) (struct task_struct *p, int nice); int (*task_setioprio) (struct task_struct *p, int ioprio); int (*task_getioprio) (struct task_struct *p); @@ -1773,7 +1767,6 @@ int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); void security_task_getsecid(struct task_struct *p, u32 *secid); -int security_task_setgroups(struct group_info *group_info); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -2329,11 +2322,6 @@ static inline void security_task_getsecid(struct task_struct *p, u32 *secid) *secid = 0; } -static inline int security_task_setgroups(struct group_info *group_info) -{ - return 0; -} - static inline int security_task_setnice(struct task_struct *p, int nice) { return cap_task_setnice(p, nice); -- cgit v1.1 From 3011a344cdcda34cdbcb40c3fb3d1a6e89954abb Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:19 -0400 Subject: security: remove dead hook key_session_to_parent Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 20 -------------------- 1 file changed, 20 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index 73505f0..ac536ee 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1067,13 +1067,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * Return the length of the string (including terminating NUL) or -ve if * an error. * May also return 0 (and a NULL buffer pointer) if there is no label. - * @key_session_to_parent: - * Forcibly assign the session keyring from a process to its parent - * process. - * @cred: Pointer to process's credentials - * @parent_cred: Pointer to parent process's credentials - * @keyring: Proposed new session keyring - * Return 0 if permission is granted, -ve error otherwise. * * Security hooks affecting all System V IPC operations. * @@ -1642,9 +1635,6 @@ struct security_operations { const struct cred *cred, key_perm_t perm); int (*key_getsecurity)(struct key *key, char **_buffer); - int (*key_session_to_parent)(const struct cred *cred, - const struct cred *parent_cred, - struct key *key); #endif /* CONFIG_KEYS */ #ifdef CONFIG_AUDIT @@ -2918,9 +2908,6 @@ void security_key_free(struct key *key); int security_key_permission(key_ref_t key_ref, const struct cred *cred, key_perm_t perm); int security_key_getsecurity(struct key *key, char **_buffer); -int security_key_session_to_parent(const struct cred *cred, - const struct cred *parent_cred, - struct key *key); #else @@ -2948,13 +2935,6 @@ static inline int security_key_getsecurity(struct key *key, char **_buffer) return 0; } -static inline int security_key_session_to_parent(const struct cred *cred, - const struct cred *parent_cred, - struct key *key) -{ - return 0; -} - #endif #endif /* CONFIG_KEYS */ -- cgit v1.1 From 05b90496f2f366b9d3eea468351888ddf010782a Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Wed, 7 Apr 2010 15:15:25 -0400 Subject: security: remove dead hook acct Unused hook. Remove. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/security.h | 14 -------------- 1 file changed, 14 deletions(-) (limited to 'include') diff --git a/include/linux/security.h b/include/linux/security.h index ac536ee..d670c9a 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1254,13 +1254,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @cap contains the capability . * @audit: Whether to write an audit message or not * Return 0 if the capability is granted for @tsk. - * @acct: - * Check permission before enabling or disabling process accounting. If - * accounting is being enabled, then @file refers to the open file used to - * store accounting records. If accounting is being disabled, then @file - * is NULL. - * @file contains the file structure for the accounting file (may be NULL). - * Return 0 if permission is granted. * @sysctl: * Check permission before accessing the @table sysctl variable in the * manner specified by @op. @@ -1383,7 +1376,6 @@ struct security_operations { const kernel_cap_t *permitted); int (*capable) (struct task_struct *tsk, const struct cred *cred, int cap, int audit); - int (*acct) (struct file *file); int (*sysctl) (struct ctl_table *table, int op); int (*quotactl) (int cmds, int type, int id, struct super_block *sb); int (*quota_on) (struct dentry *dentry); @@ -1665,7 +1657,6 @@ int security_capset(struct cred *new, const struct cred *old, int security_capable(int cap); int security_real_capable(struct task_struct *tsk, int cap); int security_real_capable_noaudit(struct task_struct *tsk, int cap); -int security_acct(struct file *file); int security_sysctl(struct ctl_table *table, int op); int security_quotactl(int cmds, int type, int id, struct super_block *sb); int security_quota_on(struct dentry *dentry); @@ -1883,11 +1874,6 @@ int security_real_capable_noaudit(struct task_struct *tsk, int cap) return ret; } -static inline int security_acct(struct file *file) -{ - return 0; -} - static inline int security_sysctl(struct ctl_table *table, int op) { return 0; -- cgit v1.1 From cb84aa9b42b506299e5aea1ba4da26c03ab12877 Mon Sep 17 00:00:00 2001 From: Eric Paris Date: Tue, 27 Apr 2010 17:20:38 -0400 Subject: LSM Audit: rename LSM_AUDIT_NO_AUDIT to LSM_AUDIT_DATA_NONE Most of the LSM common audit work uses LSM_AUDIT_DATA_* for the naming. This was not so for LSM_AUDIT_NO_AUDIT which means the generic initializer cannot be used. This patch just renames the flag so the generic initializer can be used. Signed-off-by: Eric Paris Signed-off-by: James Morris --- include/linux/lsm_audit.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index f78f83d..6907251 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h @@ -33,7 +33,7 @@ struct common_audit_data { #define LSM_AUDIT_DATA_IPC 4 #define LSM_AUDIT_DATA_TASK 5 #define LSM_AUDIT_DATA_KEY 6 -#define LSM_AUDIT_NO_AUDIT 7 +#define LSM_AUDIT_DATA_NONE 7 #define LSM_AUDIT_DATA_KMOD 8 struct task_struct *tsk; union { -- cgit v1.1