Re: [RFC] No more module_* hooks

From: Greg KH (gregat_private)
Date: Thu Sep 26 2002 - 16:42:00 PDT

  • Next message: Greg KH: "Re: [RFC] No more module_* hooks"

    # This is a BitKeeper generated patch for the following project:
    # Project Name: Linux Security Module
    # This patch format is intended for GNU patch command version 2.5 or higher.
    # This patch includes the following deltas:
    #	           ChangeSet	1.506   -> 1.507  
    #	    security/owlsm.c	1.28    -> 1.29   
    #	security/lids/lids_lsm.c	1.26    -> 1.27   
    #	include/linux/security.h	1.9     -> 1.10   
    #	    security/dummy.c	1.10    -> 1.11   
    #	  security/dte/dte.c	1.28    -> 1.29   
    #	     kernel/module.c	1.21    -> 1.22   
    #	security/selinux/hooks.c	1.55    -> 1.56   
    #	security/capability.c	1.10    -> 1.11   
    #
    # The following is the BitKeeper ChangeSet Log
    # --------------------------------------------
    # 02/09/26	gregat_private	1.507
    # removed module_create hook, as no one was using it.
    # --------------------------------------------
    #
    diff -Nru a/include/linux/security.h b/include/linux/security.h
    --- a/include/linux/security.h	Thu Sep 26 16:39:36 2002
    +++ b/include/linux/security.h	Thu Sep 26 16:39:36 2002
    @@ -800,11 +800,6 @@
      *
      * Security hooks for kernel module operations.
      *
    - * @module_create:
    - *	Check the permission before allocating space for a module.
    - *	@name contains the module name.
    - *	@size contains the module size.
    - *	Return 0 if permission is granted.
      * @module_initialize:
      * 	Check permission before initializing a module.
      * 	@mod contains a pointer to the module being initialized.
    @@ -1355,7 +1350,6 @@
     
     	void (*netdev_unregister) (struct net_device * dev);
     
    -	int (*module_create) (const char *name, size_t size);
     	int (*module_initialize) (struct module * mod);
     	int (*module_delete) (const struct module * mod);
     
    diff -Nru a/kernel/module.c b/kernel/module.c
    --- a/kernel/module.c	Thu Sep 26 16:39:36 2002
    +++ b/kernel/module.c	Thu Sep 26 16:39:36 2002
    @@ -315,11 +315,6 @@
     		goto err1;
     	}
     
    -	/* check that we have permission to do this */
    -	error = security_ops->module_create(name, size);
    -	if (error)
    -		goto err1;
    -
     	if ((mod = (struct module *)module_map(size)) == NULL) {
     		error = -ENOMEM;
     		goto err1;
    diff -Nru a/security/capability.c b/security/capability.c
    --- a/security/capability.c	Thu Sep 26 16:39:36 2002
    +++ b/security/capability.c	Thu Sep 26 16:39:36 2002
    @@ -892,11 +892,6 @@
     	return 0;
     }
     
    -static int cap_module_create (const char *name_user, size_t size)
    -{
    -	return 0;
    -}
    -
     static int cap_module_initialize (struct module *mod_user)
     {
     	return 0;
    @@ -1198,7 +1193,6 @@
     
     	.netdev_unregister =		cap_netdev_unregister,
     
    -	.module_create =		cap_module_create,
     	.module_initialize =		cap_module_initialize,
     	.module_delete =		cap_module_delete,
     
    diff -Nru a/security/dte/dte.c b/security/dte/dte.c
    --- a/security/dte/dte.c	Thu Sep 26 16:39:36 2002
    +++ b/security/dte/dte.c	Thu Sep 26 16:39:36 2002
    @@ -729,11 +729,6 @@
     	return 0;
     }
     
    -static int dte_module_create_module (const char *name_user, size_t size)
    -{
    -	return 0;
    -}
    -
     static int dte_module_init_module (struct module *mod_user)
     {
     	return 0;
    @@ -1062,7 +1057,6 @@
     	
     	netdev_unregister:		dte_netdev_unregister,
     	
    -	module_create:			dte_module_create_module,
     	module_initialize:		dte_module_init_module,
     	module_delete:			dte_module_delete_module,
     	
    diff -Nru a/security/dummy.c b/security/dummy.c
    --- a/security/dummy.c	Thu Sep 26 16:39:36 2002
    +++ b/security/dummy.c	Thu Sep 26 16:39:36 2002
    @@ -710,11 +710,6 @@
     	return 0;
     }
     
    -static int dummy_module_create (const char *name_user, size_t size)
    -{
    -	return 0;
    -}
    -
     static int dummy_module_initialize (struct module *mod_user)
     {
     	return 0;
    @@ -1021,7 +1016,6 @@
     
     	.netdev_unregister =		dummy_netdev_unregister,
     
    -	.module_create =		dummy_module_create,
     	.module_initialize =		dummy_module_initialize,
     	.module_delete =		dummy_module_delete,
     
    diff -Nru a/security/lids/lids_lsm.c b/security/lids/lids_lsm.c
    --- a/security/lids/lids_lsm.c	Thu Sep 26 16:39:36 2002
    +++ b/security/lids/lids_lsm.c	Thu Sep 26 16:39:36 2002
    @@ -888,11 +888,6 @@
     	return 0;
     }
     
    -static int lids_module_create_module (const char *name_user, size_t size)
    -{
    -	return 0;
    -}
    -
     static int lids_module_init_module (struct module *mod_user)
     {
     	return 0;
    @@ -1220,7 +1215,6 @@
     	
     	netdev_unregister:		lids_netdev_unregister,
     	
    -	module_create:			lids_module_create_module,
     	module_initialize:		lids_module_init_module,
     	module_delete:			lids_module_delete_module,
     	
    diff -Nru a/security/owlsm.c b/security/owlsm.c
    --- a/security/owlsm.c	Thu Sep 26 16:39:36 2002
    +++ b/security/owlsm.c	Thu Sep 26 16:39:36 2002
    @@ -710,11 +710,6 @@
     	return 0;
     }
     
    -static int owlsm_module_create_module (const char *name_user, size_t size)
    -{
    -	return 0;
    -}
    -
     static int owlsm_module_init_module (struct module *mod)
     {
     	return 0;
    @@ -1015,7 +1010,6 @@
     
     	netdev_unregister:		owlsm_netdev_unregister,
     	
    -	module_create:			owlsm_module_create_module,
     	module_initialize:		owlsm_module_init_module,
     	module_delete:			owlsm_module_delete_module,
     	
    diff -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c
    --- a/security/selinux/hooks.c	Thu Sep 26 16:39:36 2002
    +++ b/security/selinux/hooks.c	Thu Sep 26 16:39:36 2002
    @@ -3815,12 +3815,6 @@
     
     /* module security operations */
     
    -static int selinux_module_create_module(const char *name, size_t size)
    -{
    -	/* Controlled via the capable hook - CAP_SYS_MODULE */
    -	return 0;
    -}
    -
     static int selinux_module_init_module(struct module *mod)
     {
     	/* Controlled via the capable hook - CAP_SYS_MODULE */
    @@ -4761,7 +4755,6 @@
     	
     	netdev_unregister:		selinux_netdev_unregister,
     	
    -	module_create:			selinux_module_create_module,
     	module_initialize:		selinux_module_init_module,
     	module_delete:			selinux_module_delete_module,
     	
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 16:44:57 PDT