diff options
author | Adrian Bunk <bunk@kernel.org> | 2007-10-17 08:31:38 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-17 17:43:07 +0200 |
commit | cbfee34520666862f8ff539e580c48958fbb7706 (patch) | |
tree | ded5cafce333e908a0fbeda1f7c55eaf7c1fbaaa /security | |
parent | Implement file posix capabilities (diff) | |
download | linux-cbfee34520666862f8ff539e580c48958fbb7706.tar.xz linux-cbfee34520666862f8ff539e580c48958fbb7706.zip |
security/ cleanups
This patch contains the following cleanups that are now possible:
- remove the unused security_operations->inode_xattr_getsuffix
- remove the no longer used security_operations->unregister_security
- remove some no longer required exit code
- remove a bunch of no longer used exports
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Acked-by: James Morris <jmorris@namei.org>
Cc: Chris Wright <chrisw@sous-sol.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 21 | ||||
-rw-r--r-- | security/dummy.c | 12 | ||||
-rw-r--r-- | security/inode.c | 8 | ||||
-rw-r--r-- | security/security.c | 58 | ||||
-rw-r--r-- | security/selinux/hooks.c | 20 |
5 files changed, 1 insertions, 118 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index afca6dd4ae69..778cb0cfc5d8 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -30,8 +30,6 @@ int cap_netlink_send(struct sock *sk, struct sk_buff *skb) return 0; } -EXPORT_SYMBOL(cap_netlink_send); - int cap_netlink_recv(struct sk_buff *skb, int cap) { if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) @@ -532,22 +530,3 @@ int cap_vm_enough_memory(struct mm_struct *mm, long pages) return __vm_enough_memory(mm, pages, cap_sys_admin); } -EXPORT_SYMBOL(cap_capable); -EXPORT_SYMBOL(cap_settime); -EXPORT_SYMBOL(cap_ptrace); -EXPORT_SYMBOL(cap_capget); -EXPORT_SYMBOL(cap_capset_check); -EXPORT_SYMBOL(cap_capset_set); -EXPORT_SYMBOL(cap_bprm_set_security); -EXPORT_SYMBOL(cap_bprm_apply_creds); -EXPORT_SYMBOL(cap_bprm_secureexec); -EXPORT_SYMBOL(cap_inode_setxattr); -EXPORT_SYMBOL(cap_inode_removexattr); -EXPORT_SYMBOL(cap_task_post_setuid); -EXPORT_SYMBOL(cap_task_kill); -EXPORT_SYMBOL(cap_task_setscheduler); -EXPORT_SYMBOL(cap_task_setioprio); -EXPORT_SYMBOL(cap_task_setnice); -EXPORT_SYMBOL(cap_task_reparent_to_init); -EXPORT_SYMBOL(cap_syslog); -EXPORT_SYMBOL(cap_vm_enough_memory); diff --git a/security/dummy.c b/security/dummy.c index c77dec822385..bc43d4c7383e 100644 --- a/security/dummy.c +++ b/security/dummy.c @@ -401,11 +401,6 @@ static int dummy_inode_listsecurity(struct inode *inode, char *buffer, size_t bu return 0; } -static const char *dummy_inode_xattr_getsuffix(void) -{ - return NULL; -} - static int dummy_file_permission (struct file *file, int mask) { return 0; @@ -915,11 +910,6 @@ static int dummy_register_security (const char *name, struct security_operations return -EINVAL; } -static int dummy_unregister_security (const char *name, struct security_operations *ops) -{ - return -EINVAL; -} - static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode) { return; @@ -1034,7 +1024,6 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, inode_removexattr); set_to_dummy_if_null(ops, inode_need_killpriv); set_to_dummy_if_null(ops, inode_killpriv); - set_to_dummy_if_null(ops, inode_xattr_getsuffix); set_to_dummy_if_null(ops, inode_getsecurity); set_to_dummy_if_null(ops, inode_setsecurity); set_to_dummy_if_null(ops, inode_listsecurity); @@ -1095,7 +1084,6 @@ void security_fixup_ops (struct security_operations *ops) set_to_dummy_if_null(ops, netlink_send); set_to_dummy_if_null(ops, netlink_recv); set_to_dummy_if_null(ops, register_security); - set_to_dummy_if_null(ops, unregister_security); set_to_dummy_if_null(ops, d_instantiate); set_to_dummy_if_null(ops, getprocattr); set_to_dummy_if_null(ops, setprocattr); diff --git a/security/inode.c b/security/inode.c index 307211ac7346..b28a8acae34d 100644 --- a/security/inode.c +++ b/security/inode.c @@ -332,14 +332,6 @@ static int __init securityfs_init(void) return retval; } -static void __exit securityfs_exit(void) -{ - simple_release_fs(&mount, &mount_count); - unregister_filesystem(&fs_type); - subsystem_unregister(&security_subsys); -} - core_initcall(securityfs_init); -module_exit(securityfs_exit); MODULE_LICENSE("GPL"); diff --git a/security/security.c b/security/security.c index 2e1b35dd2550..0e1f1f124368 100644 --- a/security/security.c +++ b/security/security.c @@ -71,8 +71,7 @@ int __init security_init(void) * * This function is to allow a security module to register itself with the * kernel security subsystem. Some rudimentary checking is done on the @ops - * value passed to this function. A call to unregister_security() should be - * done to remove this security_options structure from the kernel. + * value passed to this function. * * If there is already a security module registered with the kernel, * an error will be returned. Otherwise 0 is returned on success. @@ -94,31 +93,6 @@ int register_security(struct security_operations *ops) } /** - * unregister_security - unregisters a security framework with the kernel - * @ops: a pointer to the struct security_options that is to be registered - * - * This function removes a struct security_operations variable that had - * previously been registered with a successful call to register_security(). - * - * If @ops does not match the valued previously passed to register_security() - * an error is returned. Otherwise the default security options is set to the - * the dummy_security_ops structure, and 0 is returned. - */ -int unregister_security(struct security_operations *ops) -{ - if (ops != security_ops) { - printk(KERN_INFO "%s: trying to unregister " - "a security_opts structure that is not " - "registered, failing.\n", __FUNCTION__); - return -EINVAL; - } - - security_ops = &dummy_security_ops; - - return 0; -} - -/** * mod_reg_security - allows security modules to be "stacked" * @name: a pointer to a string with the name of the security_options to be registered * @ops: a pointer to the struct security_options that is to be registered @@ -147,30 +121,6 @@ int mod_reg_security(const char *name, struct security_operations *ops) return security_ops->register_security(name, ops); } -/** - * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded - * @name: a pointer to a string with the name of the security_options to be removed - * @ops: a pointer to the struct security_options that is to be removed - * - * This function allows security modules that have been successfully registered - * with a call to mod_reg_security() to be unloaded from the system. - * This calls the currently loaded security module's unregister_security() call - * with the @name and @ops variables. - * - * The return value depends on the currently loaded security module, with 0 as - * success. - */ -int mod_unreg_security(const char *name, struct security_operations *ops) -{ - if (ops == security_ops) { - printk(KERN_INFO "%s invalid attempt to unregister " - " primary security ops.\n", __FUNCTION__); - return -EINVAL; - } - - return security_ops->unregister_security(name, ops); -} - /* Security operations */ int security_ptrace(struct task_struct *parent, struct task_struct *child) @@ -528,11 +478,6 @@ int security_inode_killpriv(struct dentry *dentry) return security_ops->inode_killpriv(dentry); } -const char *security_inode_xattr_getsuffix(void) -{ - return security_ops->inode_xattr_getsuffix(); -} - int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err) { if (unlikely(IS_PRIVATE(inode))) @@ -858,7 +803,6 @@ int security_netlink_send(struct sock *sk, struct sk_buff *skb) { return security_ops->netlink_send(sk, skb); } -EXPORT_SYMBOL(security_netlink_send); int security_netlink_recv(struct sk_buff *skb, int cap) { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 221def6a0b1d..24e1b1885de7 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2409,11 +2409,6 @@ static int selinux_inode_removexattr (struct dentry *dentry, char *name) return -EACCES; } -static const char *selinux_inode_xattr_getsuffix(void) -{ - return XATTR_SELINUX_SUFFIX; -} - /* * Copy the in-core inode security context value to the user. If the * getxattr() prior to this succeeded, check to see if we need to @@ -4554,19 +4549,6 @@ static int selinux_register_security (const char *name, struct security_operatio return 0; } -static int selinux_unregister_security (const char *name, struct security_operations *ops) -{ - if (ops != secondary_ops) { - printk(KERN_ERR "%s: trying to unregister a security module " - "that is not registered.\n", __FUNCTION__); - return -EINVAL; - } - - secondary_ops = original_ops; - - return 0; -} - static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode) { if (inode) @@ -4844,7 +4826,6 @@ static struct security_operations selinux_ops = { .inode_getxattr = selinux_inode_getxattr, .inode_listxattr = selinux_inode_listxattr, .inode_removexattr = selinux_inode_removexattr, - .inode_xattr_getsuffix = selinux_inode_xattr_getsuffix, .inode_getsecurity = selinux_inode_getsecurity, .inode_setsecurity = selinux_inode_setsecurity, .inode_listsecurity = selinux_inode_listsecurity, @@ -4914,7 +4895,6 @@ static struct security_operations selinux_ops = { .sem_semop = selinux_sem_semop, .register_security = selinux_register_security, - .unregister_security = selinux_unregister_security, .d_instantiate = selinux_d_instantiate, |