# This is a BitKeeper generated patch for the following project: # Project Name: Linux Security Module # This patch format is intended for GNU patch command version 2.5 or higher. # This patch includes the following deltas: # ChangeSet 1.508 -> 1.509 # security/owlsm.c 1.30 -> 1.31 # security/lids/lids_lsm.c 1.28 -> 1.29 # include/linux/security.h 1.11 -> 1.12 # security/dummy.c 1.12 -> 1.13 # security/dte/dte.c 1.30 -> 1.31 # kernel/module.c 1.23 -> 1.24 # security/selinux/hooks.c 1.57 -> 1.58 # security/capability.c 1.12 -> 1.13 # # The following is the BitKeeper ChangeSet Log # -------------------------------------------- # 02/09/26 gregat_private 1.509 # removed module_delete hook, as no one used it. # -------------------------------------------- # diff -Nru a/include/linux/security.h b/include/linux/security.h --- a/include/linux/security.h Thu Sep 26 16:39:33 2002 +++ b/include/linux/security.h Thu Sep 26 16:39:33 2002 @@ -798,17 +798,6 @@ * dev->security field on the first access to the device, but should be careful * to use nonblocking allocation. * - * Security hooks for kernel module operations. - * - * @module_delete: - * Check permission before removing a module. - * @mod contains a pointer to the module being deleted. - * Return 0 if permission is granted. - * - * These are the hooks for kernel module operations. All hooks are called with - * the big kernel lock held, and @delete_module is also called with the - * unload_lock held. - * * Security hooks affecting all System V IPC operations. * * @ipc_permission: @@ -1345,9 +1334,6 @@ const char *optptr, unsigned char **pp_ptr); void (*netdev_unregister) (struct net_device * dev); - - int (*module_initialize) (struct module * mod); - int (*module_delete) (const struct module * mod); int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag); int (*ipc_getinfo) (int id, int cmd); diff -Nru a/kernel/module.c b/kernel/module.c --- a/kernel/module.c Thu Sep 26 16:39:33 2002 +++ b/kernel/module.c Thu Sep 26 16:39:33 2002 @@ -11,7 +11,6 @@ #include <linux/kmod.h> #include <linux/seq_file.h> #include <linux/fs.h> -#include <linux/security.h> #include <asm/cacheflush.h> /* @@ -624,12 +623,6 @@ spin_lock(&unload_lock); if (!__MOD_IN_USE(mod)) { - /* check that we have permission to do this */ - error = security_ops->module_delete(mod); - if (error) { - spin_unlock(&unload_lock); - goto out; - } mod->flags |= MOD_DELETED; spin_unlock(&unload_lock); free_module(mod, 0); @@ -658,13 +651,6 @@ spin_unlock(&unload_lock); mod->flags &= ~MOD_VISITED; } else { - /* check that we have permission to do this - * an error is not propagated if perm fails - */ - if (security_ops->module_delete(mod)) { - spin_unlock(&unload_lock); - continue; - } mod->flags |= MOD_DELETED; spin_unlock(&unload_lock); free_module(mod, 1); diff -Nru a/security/capability.c b/security/capability.c --- a/security/capability.c Thu Sep 26 16:39:33 2002 +++ b/security/capability.c Thu Sep 26 16:39:33 2002 @@ -892,11 +892,6 @@ return 0; } -static int cap_module_delete (const struct module *mod) -{ - return 0; -} - static int cap_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; @@ -1187,8 +1182,6 @@ .ip_decode_options = cap_ip_decode_options, .netdev_unregister = cap_netdev_unregister, - - .module_delete = cap_module_delete, .ipc_permission = cap_ipc_permission, .ipc_getinfo = cap_ipc_getinfo, diff -Nru a/security/dte/dte.c b/security/dte/dte.c --- a/security/dte/dte.c Thu Sep 26 16:39:33 2002 +++ b/security/dte/dte.c Thu Sep 26 16:39:33 2002 @@ -729,14 +729,6 @@ return 0; } -static int dte_module_delete_module (const struct module *mod) -{ - if (strcmp(mod->name,"dte_plug")==0) { - return 1; - } - return 0; -} - static int dte_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; @@ -1051,8 +1043,6 @@ ip_decode_options: dte_ip_decode_options, netdev_unregister: dte_netdev_unregister, - - module_delete: dte_module_delete_module, ipc_permission: dte_ipc_permission, ipc_getinfo: dte_ipc_getinfo, diff -Nru a/security/dummy.c b/security/dummy.c --- a/security/dummy.c Thu Sep 26 16:39:33 2002 +++ b/security/dummy.c Thu Sep 26 16:39:33 2002 @@ -710,11 +710,6 @@ return 0; } -static int dummy_module_delete (const struct module *mod) -{ - return 0; -} - static int dummy_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; @@ -1010,8 +1005,6 @@ .ipc_getinfo = dummy_ipc_getinfo, .netdev_unregister = dummy_netdev_unregister, - - .module_delete = dummy_module_delete, .msg_msg_alloc_security = dummy_msg_msg_alloc_security, .msg_msg_free_security = dummy_msg_msg_free_security, diff -Nru a/security/lids/lids_lsm.c b/security/lids/lids_lsm.c --- a/security/lids/lids_lsm.c Thu Sep 26 16:39:33 2002 +++ b/security/lids/lids_lsm.c Thu Sep 26 16:39:33 2002 @@ -888,11 +888,6 @@ return 0; } -static int lids_module_delete_module (const struct module *mod) -{ - return 0; -} - static int lids_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; @@ -1209,8 +1204,6 @@ ipc_getinfo: lids_ipc_getinfo, netdev_unregister: lids_netdev_unregister, - - module_delete: lids_module_delete_module, msg_msg_alloc_security: lids_msg_msg_alloc_security, msg_msg_free_security: lids_msg_msg_free_security, diff -Nru a/security/owlsm.c b/security/owlsm.c --- a/security/owlsm.c Thu Sep 26 16:39:33 2002 +++ b/security/owlsm.c Thu Sep 26 16:39:33 2002 @@ -710,11 +710,6 @@ return 0; } -static int owlsm_module_delete_module (const struct module *mod) -{ - return 0; -} - static int owlsm_ipc_permission (struct kern_ipc_perm *ipcp, short flag) { return 0; @@ -1004,8 +999,6 @@ ip_decode_options: owlsm_decode_options, netdev_unregister: owlsm_netdev_unregister, - - module_delete: owlsm_module_delete_module, ipc_permission: owlsm_ipc_permission, ipc_getinfo: owlsm_ipc_getinfo, diff -Nru a/security/selinux/hooks.c b/security/selinux/hooks.c --- a/security/selinux/hooks.c Thu Sep 26 16:39:33 2002 +++ b/security/selinux/hooks.c Thu Sep 26 16:39:33 2002 @@ -3813,14 +3813,6 @@ return extsocket_unix_may_send(isec, other_isec, &ad); } -/* module security operations */ - -static int selinux_module_delete_module(const struct module *mod) -{ - /* Controlled via the capable hook - CAP_SYS_MODULE */ - return 0; -} - static spinlock_t ipc_alloc_lock = SPIN_LOCK_UNLOCKED; static int ipc_alloc_security(struct task_struct *task, @@ -4748,8 +4740,6 @@ ip_decode_options: selinux_ip_decode_options, netdev_unregister: selinux_netdev_unregister, - - module_delete: selinux_module_delete_module, ipc_permission: selinux_ipc_permission, ipc_getinfo: selinux_ipc_getinfo, _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 16:46:51 PDT