Re: [RFC] No more module_* hooks

From: Greg KH (gregat_private)
Date: Thu Sep 26 2002 - 16:42:33 PDT

  • Next message: Greg KH: "Re: [RFC] No more module_* hooks"

    # This is a BitKeeper generated patch for the following project:
    # Project Name: Linux Security Module
    # This patch format is intended for GNU patch command version 2.5 or higher.
    # This patch includes the following deltas:
    #	           ChangeSet	1.508   -> 1.509  
    #	    security/owlsm.c	1.30    -> 1.31   
    #	security/lids/lids_lsm.c	1.28    -> 1.29   
    #	include/linux/security.h	1.11    -> 1.12   
    #	    security/dummy.c	1.12    -> 1.13   
    #	  security/dte/dte.c	1.30    -> 1.31   
    #	     kernel/module.c	1.23    -> 1.24   
    #	security/selinux/hooks.c	1.57    -> 1.58   
    #	security/capability.c	1.12    -> 1.13   
    #
    # The following is the BitKeeper ChangeSet Log
    # --------------------------------------------
    # 02/09/26	gregat_private	1.509
    # removed module_delete hook, as no one used it.
    # --------------------------------------------
    #
    diff -Nru a/include/linux/security.h b/include/linux/security.h
    --- a/include/linux/security.h	Thu Sep 26 16:39:33 2002
    +++ b/include/linux/security.h	Thu Sep 26 16:39:33 2002
    @@ -798,17 +798,6 @@
      * dev->security field on the first access to the device, but should be careful
      * to use nonblocking allocation.
      *
    - * Security hooks for kernel module operations.
    - *
    - * @module_delete:
    - *	Check permission before removing a module.
    - *	@mod contains a pointer to the module being deleted.
    - *	Return 0 if permission is granted.
    - * 
    - * These are the hooks for kernel module operations.  All hooks are called with
    - * the big kernel lock held, and @delete_module is also called with the
    - * unload_lock held.
    - *
      * Security hooks affecting all System V IPC operations.
      *
      * @ipc_permission:
    @@ -1345,9 +1334,6 @@
     				  const char *optptr, unsigned char **pp_ptr);
     
     	void (*netdev_unregister) (struct net_device * dev);
    -
    -	int (*module_initialize) (struct module * mod);
    -	int (*module_delete) (const struct module * mod);
     
     	int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
     	int (*ipc_getinfo) (int id, int cmd);
    diff -Nru a/kernel/module.c b/kernel/module.c
    --- a/kernel/module.c	Thu Sep 26 16:39:33 2002
    +++ b/kernel/module.c	Thu Sep 26 16:39:33 2002
    @@ -11,7 +11,6 @@
     #include <linux/kmod.h>
     #include <linux/seq_file.h>
     #include <linux/fs.h>
    -#include <linux/security.h>
     #include <asm/cacheflush.h>
     
     /*
    @@ -624,12 +623,6 @@
     
     		spin_lock(&unload_lock);
     		if (!__MOD_IN_USE(mod)) {
    -			/* check that we have permission to do this */
    -			error = security_ops->module_delete(mod);
    -			if (error) {
    -				spin_unlock(&unload_lock);
    -				goto out;
    -			}
     			mod->flags |= MOD_DELETED;
     			spin_unlock(&unload_lock);
     			free_module(mod, 0);
    @@ -658,13 +651,6 @@
     				spin_unlock(&unload_lock);
     				mod->flags &= ~MOD_VISITED;
     			} else {
    -				/* check that we have permission to do this
    -				 * an error is not propagated if perm fails
    -				 */
    -				if (security_ops->module_delete(mod)) {
    -					spin_unlock(&unload_lock);
    -					continue;
    -				}
     				mod->flags |= MOD_DELETED;
     				spin_unlock(&unload_lock);
     				free_module(mod, 1);
    diff -Nru a/security/capability.c b/security/capability.c
    --- a/security/capability.c	Thu Sep 26 16:39:33 2002
    +++ b/security/capability.c	Thu Sep 26 16:39:33 2002
    @@ -892,11 +892,6 @@
     	return 0;
     }
     
    -static int cap_module_delete (const struct module *mod)
    -{
    -	return 0;
    -}
    -
     static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
     {
     	return 0;
    @@ -1187,8 +1182,6 @@
     	.ip_decode_options =		cap_ip_decode_options,
     
     	.netdev_unregister =		cap_netdev_unregister,
    -
    -	.module_delete =		cap_module_delete,
     
     	.ipc_permission =		cap_ipc_permission,
     	.ipc_getinfo =			cap_ipc_getinfo,
    diff -Nru a/security/dte/dte.c b/security/dte/dte.c
    --- a/security/dte/dte.c	Thu Sep 26 16:39:33 2002
    +++ b/security/dte/dte.c	Thu Sep 26 16:39:33 2002
    @@ -729,14 +729,6 @@
     	return 0;
     }
     
    -static int dte_module_delete_module (const struct module *mod)
    -{
    -	if (strcmp(mod->name,"dte_plug")==0) {
    -		return 1;
    -	}
    -	return 0;
    -}
    -
     static int dte_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
     {
     	return 0;
    @@ -1051,8 +1043,6 @@
     	ip_decode_options:		dte_ip_decode_options,
     	
     	netdev_unregister:		dte_netdev_unregister,
    -	
    -	module_delete:			dte_module_delete_module,
     	
     	ipc_permission:			dte_ipc_permission,
     	ipc_getinfo:			dte_ipc_getinfo,
    diff -Nru a/security/dummy.c b/security/dummy.c
    --- a/security/dummy.c	Thu Sep 26 16:39:33 2002
    +++ b/security/dummy.c	Thu Sep 26 16:39:33 2002
    @@ -710,11 +710,6 @@
     	return 0;
     }
     
    -static int dummy_module_delete (const struct module *mod)
    -{
    -	return 0;
    -}
    -
     static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
     {
     	return 0;
    @@ -1010,8 +1005,6 @@
     	.ipc_getinfo =			dummy_ipc_getinfo,
     
     	.netdev_unregister =		dummy_netdev_unregister,
    -
    -	.module_delete =		dummy_module_delete,
     
     	.msg_msg_alloc_security =	dummy_msg_msg_alloc_security,
     	.msg_msg_free_security =	dummy_msg_msg_free_security,
    diff -Nru a/security/lids/lids_lsm.c b/security/lids/lids_lsm.c
    --- a/security/lids/lids_lsm.c	Thu Sep 26 16:39:33 2002
    +++ b/security/lids/lids_lsm.c	Thu Sep 26 16:39:33 2002
    @@ -888,11 +888,6 @@
     	return 0;
     }
     
    -static int lids_module_delete_module (const struct module *mod)
    -{
    -	return 0;
    -}
    -
     static int lids_ipc_permission (struct kern_ipc_perm *ipcp, short flag)
     {
     	return 0;
    @@ -1209,8 +1204,6 @@
     	ipc_getinfo:			lids_ipc_getinfo,
     	
     	netdev_unregister:		lids_netdev_unregister,
    -	
    -	module_delete:			lids_module_delete_module,
     	
     	msg_msg_alloc_security:		lids_msg_msg_alloc_security,
     	msg_msg_free_security:		lids_msg_msg_free_security,
    diff -Nru a/security/owlsm.c b/security/owlsm.c
    --- a/security/owlsm.c	Thu Sep 26 16:39:33 2002
    +++ b/security/owlsm.c	Thu Sep 26 16:39:33 2002
    @@ -710,11 +710,6 @@
     	return 0;
     }
     
    -static int owlsm_module_delete_module (const struct module *mod)	
    -{
    -	return 0;
    -}
    -
     static int owlsm_ipc_permission (struct kern_ipc_perm *ipcp, short flag) 
     {
     	return 0;
    @@ -1004,8 +999,6 @@
     	ip_decode_options:		owlsm_decode_options,
     
     	netdev_unregister:		owlsm_netdev_unregister,
    -	
    -	module_delete:			owlsm_module_delete_module,
     	
     	ipc_permission:			owlsm_ipc_permission,
     	ipc_getinfo:			owlsm_ipc_getinfo,
    diff -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c
    --- a/security/selinux/hooks.c	Thu Sep 26 16:39:33 2002
    +++ b/security/selinux/hooks.c	Thu Sep 26 16:39:33 2002
    @@ -3813,14 +3813,6 @@
     	return extsocket_unix_may_send(isec, other_isec, &ad);
     }
     
    -/* module security operations */
    -
    -static int selinux_module_delete_module(const struct module *mod)
    -{
    -	/* Controlled via the capable hook - CAP_SYS_MODULE */
    -	return 0;
    -}
    -
     static spinlock_t ipc_alloc_lock = SPIN_LOCK_UNLOCKED;
     
     static int ipc_alloc_security(struct task_struct *task, 
    @@ -4748,8 +4740,6 @@
     	ip_decode_options:		selinux_ip_decode_options,
     	
     	netdev_unregister:		selinux_netdev_unregister,
    -	
    -	module_delete:			selinux_module_delete_module,
     	
     	ipc_permission:			selinux_ipc_permission,
     	ipc_getinfo:			selinux_ipc_getinfo,
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 16:46:51 PDT