[PATCH][RFC] Remove kmod_set_label hook

From: Chris Wright (chrisat_private)
Date: Tue Mar 25 2003 - 11:04:26 PST

  • Next message: Greg KH: "Re: [PATCH][RFC] Remove kmod_set_label hook"

    Current 2.5 kernels have reworked the kmod logic such that all work is
    done my keventd.  keventd already does reparent_to_init, so there is no
    need to worry about getting the security labels right for code running
    off the keventd workqueue.  This patch removes the task_kmod_set_label
    hook.  Any objections?
    
    thanks,
    -chris
    -- 
    Linux Security Modules     http://lsm.immunix.org     http://lsm.bkbits.net
    
    ===== include/linux/security.h 1.28 vs edited =====
    --- 1.28/include/linux/security.h	Mon Mar 17 18:22:28 2003
    +++ edited/include/linux/security.h	Mon Mar 24 09:37:05 2003
    @@ -47,7 +47,6 @@
     extern int cap_bprm_set_security (struct linux_binprm *bprm);
     extern void cap_bprm_compute_creds (struct linux_binprm *bprm);
     extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
    -extern void cap_task_kmod_set_label (void);
     extern void cap_task_reparent_to_init (struct task_struct *p);
     extern int cap_syslog (int type);
     
    @@ -596,10 +595,6 @@
      *	@arg4 contains a argument.
      *	@arg5 contains a argument.
      *	Return 0 if permission is granted.
    - * @task_kmod_set_label:
    - *	Set the security attributes in current->security for the kernel module
    - *	loader thread, so that it has the permissions needed to perform its
    - *	function.
      * @task_reparent_to_init:
      * 	Set the security attributes in @p->security for a kernel thread that
      * 	is being reparented to the init task.
    @@ -1303,7 +1298,6 @@
     	int (*task_prctl) (int option, unsigned long arg2,
     			   unsigned long arg3, unsigned long arg4,
     			   unsigned long arg5);
    -	void (*task_kmod_set_label) (void);
     	void (*task_reparent_to_init) (struct task_struct * p);
     
     	int (*ipc_permission) (struct kern_ipc_perm * ipcp, short flag);
    @@ -1935,11 +1929,6 @@
     	return security_ops->task_prctl (option, arg2, arg3, arg4, arg5);
     }
     
    -static inline void security_task_kmod_set_label (void)
    -{
    -	security_ops->task_kmod_set_label ();
    -}
    -
     static inline void security_task_reparent_to_init (struct task_struct *p)
     {
     	security_ops->task_reparent_to_init (p);
    @@ -2579,11 +2568,6 @@
     				       unsigned long arg5)
     {
     	return 0;
    -}
    -
    -static inline void security_task_kmod_set_label (void)
    -{
    -	cap_task_kmod_set_label ();
     }
     
     static inline void security_task_reparent_to_init (struct task_struct *p)
    ===== security/capability.c 1.29 vs edited =====
    --- 1.29/security/capability.c	Mon Mar 17 16:24:04 2003
    +++ edited/security/capability.c	Mon Mar 24 09:39:11 2003
    @@ -248,12 +248,6 @@
     	return 0;
     }
     
    -void cap_task_kmod_set_label (void)
    -{
    -	cap_set_full (current->cap_effective);
    -	return;
    -}
    -
     void cap_task_reparent_to_init (struct task_struct *p)
     {
     	p->cap_effective = CAP_INIT_EFF_SET;
    @@ -278,7 +272,6 @@
     EXPORT_SYMBOL(cap_bprm_set_security);
     EXPORT_SYMBOL(cap_bprm_compute_creds);
     EXPORT_SYMBOL(cap_task_post_setuid);
    -EXPORT_SYMBOL(cap_task_kmod_set_label);
     EXPORT_SYMBOL(cap_task_reparent_to_init);
     EXPORT_SYMBOL(cap_syslog);
     
    @@ -297,7 +290,6 @@
     	.bprm_set_security =		cap_bprm_set_security,
     
     	.task_post_setuid =		cap_task_post_setuid,
    -	.task_kmod_set_label =		cap_task_kmod_set_label,
     	.task_reparent_to_init =	cap_task_reparent_to_init,
     
     	.syslog =                       cap_syslog,
    ===== security/dummy.c 1.31 vs edited =====
    --- 1.31/security/dummy.c	Tue Mar 18 17:28:47 2003
    +++ edited/security/dummy.c	Mon Mar 24 09:40:31 2003
    @@ -538,11 +538,6 @@
     	return 0;
     }
     
    -static void dummy_task_kmod_set_label (void)
    -{
    -	return;
    -}
    -
     static void dummy_task_reparent_to_init (struct task_struct *p)
     {
     	p->euid = p->fsuid = 0;
    @@ -996,7 +991,6 @@
     	set_to_dummy_if_null(ops, task_wait);
     	set_to_dummy_if_null(ops, task_kill);
     	set_to_dummy_if_null(ops, task_prctl);
    -	set_to_dummy_if_null(ops, task_kmod_set_label);
     	set_to_dummy_if_null(ops, task_reparent_to_init);
     	set_to_dummy_if_null(ops, ipc_permission);
     	set_to_dummy_if_null(ops, msg_msg_alloc_security);
    ===== security/owlsm.c 1.40 vs edited =====
    --- 1.40/security/owlsm.c	Wed Dec 18 13:44:24 2002
    +++ edited/security/owlsm.c	Tue Mar 25 09:06:39 2003
    @@ -97,7 +97,6 @@
     	.capable =			cap_capable,
     
     	.task_post_setuid =		cap_task_post_setuid,
    -	.task_kmod_set_label =		cap_task_kmod_set_label,
     	.task_reparent_to_init =	cap_task_reparent_to_init,
     
     	.bprm_alloc_security =		owlsm_binprm_alloc_security,
    ===== security/root_plug.c 1.2 vs edited =====
    --- 1.2/security/root_plug.c	Mon Dec 23 13:22:00 2002
    +++ edited/security/root_plug.c	Mon Mar 24 09:40:55 2003
    @@ -143,7 +143,6 @@
     	.bprm_set_security =		cap_bprm_set_security,
     
     	.task_post_setuid =		cap_task_post_setuid,
    -	.task_kmod_set_label =		cap_task_kmod_set_label,
     	.task_reparent_to_init =	cap_task_reparent_to_init,
     
     	.bprm_check_security =		rootplug_bprm_check_security,
    ===== security/dte/dte.c 1.41 vs edited =====
    --- 1.41/security/dte/dte.c	Wed Feb 19 18:10:20 2003
    +++ edited/security/dte/dte.c	Mon Mar 24 09:37:28 2003
    @@ -575,12 +575,6 @@
     	return 0;
     }
     
    -static void dte_task_kmod_set_label (void)
    -{
    -	if (dte_secondary_ops)
    -		dte_secondary_ops->task_kmod_set_label();
    -}
    -
     static void dte_task_reparent_to_init (struct task_struct *p)
     {
     	if (dte_secondary_ops)
    @@ -828,7 +822,6 @@
     	task_wait:			dte_task_wait,
     	task_kill:			dte_task_kill,
     	task_prctl:			dte_task_prctl,
    -	task_kmod_set_label:		dte_task_kmod_set_label,
     	task_reparent_to_init:		dte_task_reparent_to_init,
     
     	ip_decode_options:		dte_ip_decode_options,
    ===== security/lids/lids_lsm.c 1.36 vs edited =====
    --- 1.36/security/lids/lids_lsm.c	Fri Jan  3 11:56:08 2003
    +++ edited/security/lids/lids_lsm.c	Mon Mar 24 09:37:52 2003
    @@ -643,11 +643,6 @@
     	return 0;
     }
     
    -static void lids_task_kmod_set_label (void)
    -{
    -	return;
    -}
    -
     static void lids_task_reparent_to_init (struct task_struct *p)
     {
     	p->euid = p->fsuid = 0;
    @@ -804,7 +799,6 @@
     	.task_wait =			lids_task_wait,
     	.task_kill =			lids_task_kill,
     	.task_prctl =			lids_task_prctl,
    -	.task_kmod_set_label =		lids_task_kmod_set_label,
     	.task_reparent_to_init =	lids_task_reparent_to_init,
     
     	.ipc_permission =		lids_ipc_permission,
    ===== security/selinux/hooks.c 1.81 vs edited =====
    --- 1.81/security/selinux/hooks.c	Tue Mar 25 08:12:10 2003
    +++ edited/security/selinux/hooks.c	Tue Mar 25 08:23:06 2003
    @@ -2403,18 +2403,6 @@
     	return task_has_perm(p, current, perm);
     }
     
    -static void selinux_task_kmod_set_label(void)
    -{
    -  	struct task_security_struct *tsec;
    -
    -	secondary_ops->task_kmod_set_label();
    -
    -	tsec = current->security;
    -	tsec->osid = tsec->sid;
    -	tsec->sid = SECINITSID_KMOD;
    -	return;
    -}
    -
     static void selinux_task_reparent_to_init(struct task_struct *p)
     {
       	struct task_security_struct *tsec;
    @@ -4061,7 +4049,6 @@
     	task_kill:			selinux_task_kill,
     	task_wait:			selinux_task_wait,
     	task_prctl:			selinux_task_prctl,
    -	task_kmod_set_label:		selinux_task_kmod_set_label,
     	task_reparent_to_init:		selinux_task_reparent_to_init,
     
     	ipc_permission:			selinux_ipc_permission,
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Tue Mar 25 2003 - 11:06:58 PST