summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>2017-07-14 12:38:36 +0200
committerJames Morris <james.l.morris@oracle.com>2017-07-18 09:24:03 +0200
commit3cf29931453215536916d0c4da953fce1911ced3 (patch)
tree04745a9399692f288e5494acef2e1a912f0e550e
parentapparmor: put back designators in struct initialisers (diff)
downloadlinux-3cf29931453215536916d0c4da953fce1911ced3.tar.xz
linux-3cf29931453215536916d0c4da953fce1911ced3.zip
LSM: Remove security_task_create() hook.
Since commit a79be238600d1a03 ("selinux: Use task_alloc hook rather than task_create hook") changed to use task_alloc hook, task_create hook is no longer used. Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <james.l.morris@oracle.com>
-rw-r--r--include/linux/lsm_hooks.h7
-rw-r--r--include/linux/security.h6
-rw-r--r--kernel/fork.c4
-rw-r--r--security/security.c5
4 files changed, 0 insertions, 22 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 3cc9d77c7527..575703cb17b8 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -529,11 +529,6 @@
*
* Security hooks for task operations.
*
- * @task_create:
- * Check permission before creating a child process. See the clone(2)
- * manual page for definitions of the @clone_flags.
- * @clone_flags contains the flags indicating what should be shared.
- * Return 0 if permission is granted.
* @task_alloc:
* @task task being allocated.
* @clone_flags contains the flags indicating what should be shared.
@@ -1509,7 +1504,6 @@ union security_list_options {
int (*file_receive)(struct file *file);
int (*file_open)(struct file *file, const struct cred *cred);
- int (*task_create)(unsigned long clone_flags);
int (*task_alloc)(struct task_struct *task, unsigned long clone_flags);
void (*task_free)(struct task_struct *task);
int (*cred_alloc_blank)(struct cred *cred, gfp_t gfp);
@@ -1784,7 +1778,6 @@ struct security_hook_heads {
struct list_head file_send_sigiotask;
struct list_head file_receive;
struct list_head file_open;
- struct list_head task_create;
struct list_head task_alloc;
struct list_head task_free;
struct list_head cred_alloc_blank;
diff --git a/include/linux/security.h b/include/linux/security.h
index b6ea1dc9cc9d..458e24bea2d4 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -318,7 +318,6 @@ int security_file_send_sigiotask(struct task_struct *tsk,
struct fown_struct *fown, int sig);
int security_file_receive(struct file *file);
int security_file_open(struct file *file, const struct cred *cred);
-int security_task_create(unsigned long clone_flags);
int security_task_alloc(struct task_struct *task, unsigned long clone_flags);
void security_task_free(struct task_struct *task);
int security_cred_alloc_blank(struct cred *cred, gfp_t gfp);
@@ -885,11 +884,6 @@ static inline int security_file_open(struct file *file,
return 0;
}
-static inline int security_task_create(unsigned long clone_flags)
-{
- return 0;
-}
-
static inline int security_task_alloc(struct task_struct *task,
unsigned long clone_flags)
{
diff --git a/kernel/fork.c b/kernel/fork.c
index aa1076c5e4a9..3a13a940a6ea 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1568,10 +1568,6 @@ static __latent_entropy struct task_struct *copy_process(
return ERR_PTR(-EINVAL);
}
- retval = security_task_create(clone_flags);
- if (retval)
- goto fork_out;
-
retval = -ENOMEM;
p = dup_task_struct(current, node);
if (!p)
diff --git a/security/security.c b/security/security.c
index 30132378d103..55b5997e4b72 100644
--- a/security/security.c
+++ b/security/security.c
@@ -979,11 +979,6 @@ int security_file_open(struct file *file, const struct cred *cred)
return fsnotify_perm(file, MAY_OPEN);
}
-int security_task_create(unsigned long clone_flags)
-{
- return call_int_hook(task_create, 0, clone_flags);
-}
-
int security_task_alloc(struct task_struct *task, unsigned long clone_flags)
{
return call_int_hook(task_alloc, 0, task, clone_flags);