On Thu, 2005-07-14 at 12:41 -0700, Chris Wright wrote: > * Stephen Smalley (sds@private) wrote: > > This patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks > > as they are obsoleted by the new inode_init_security hook that enables > > atomic inode security labeling. If anyone sees any reason to retain these hooks, > > please speak now. Also, is anyone using the post_rename/link hooks; if not, > > those could also be removed. > > Please remove post_rename. The dentry args are garbage anyway. This patch removes the inode_post_link and inode_post_rename LSM hooks as they are unused (and likely useless). Signed-off-by: Stephen Smalley <sds@private> --- fs/namei.c | 10 +-------- include/linux/security.h | 49 ----------------------------------------------- security/dummy.c | 17 ---------------- security/selinux/hooks.c | 13 ------------ 5 files changed, 2 insertions(+), 87 deletions(-) diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/fs/namei.c linux-2.6.13-rc2-mm2-killpost2/fs/namei.c --- linux-2.6.13-rc2-mm2-killpost/fs/namei.c 2005-07-14 10:53:01.000000000 -0400 +++ linux-2.6.13-rc2-mm2-killpost2/fs/namei.c 2005-07-14 16:21:49.000000000 -0400 @@ -2015,10 +2015,8 @@ int vfs_link(struct dentry *old_dentry, DQUOT_INIT(dir); error = dir->i_op->link(old_dentry, dir, new_dentry); up(&old_dentry->d_inode->i_sem); - if (!error) { + if (!error) fsnotify_create(dir, new_dentry->d_name.name); - security_inode_post_link(old_dentry, dir, new_dentry); - } return error; } @@ -2137,11 +2135,8 @@ static int vfs_rename_dir(struct inode * d_rehash(new_dentry); dput(new_dentry); } - if (!error) { + if (!error) d_move(old_dentry,new_dentry); - security_inode_post_rename(old_dir, old_dentry, - new_dir, new_dentry); - } return error; } @@ -2167,7 +2162,6 @@ static int vfs_rename_other(struct inode /* The following d_move() should become unconditional */ if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME)) d_move(old_dentry, new_dentry); - security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry); } if (target) up(&target->i_sem); diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/include/linux/security.h linux-2.6.13-rc2-mm2-killpost2/include/linux/security.h --- linux-2.6.13-rc2-mm2-killpost/include/linux/security.h 2005-07-14 10:53:01.000000000 -0400 +++ linux-2.6.13-rc2-mm2-killpost2/include/linux/security.h 2005-07-14 16:36:07.000000000 -0400 @@ -281,11 +281,6 @@ struct swap_info_struct; * @dir contains the inode structure of the parent directory of the new link. * @new_dentry contains the dentry structure for the new link. * Return 0 if permission is granted. - * @inode_post_link: - * Set security attributes for a new hard link to a file. - * @old_dentry contains the dentry structure for the existing link. - * @dir contains the inode structure of the parent directory of the new file. - * @new_dentry contains the dentry structure for the new file link. * @inode_unlink: * Check the permission to remove a hard link to a file. * @dir contains the inode structure of parent directory of the file. @@ -326,12 +321,6 @@ struct swap_info_struct; * @new_dir contains the inode structure for parent of the new link. * @new_dentry contains the dentry structure of the new link. * Return 0 if permission is granted. - * @inode_post_rename: - * Set security attributes on a renamed file or directory. - * @old_dir contains the inode structure for parent of the old link. - * @old_dentry contains the dentry structure of the old link. - * @new_dir contains the inode structure for parent of the new link. - * @new_dentry contains the dentry structure of the new link. * @inode_readlink: * Check the permission to read the symbolic link. * @dentry contains the dentry structure for the file link. @@ -1080,8 +1069,6 @@ struct security_operations { struct dentry *dentry, int mode); int (*inode_link) (struct dentry *old_dentry, struct inode *dir, struct dentry *new_dentry); - void (*inode_post_link) (struct dentry *old_dentry, - struct inode *dir, struct dentry *new_dentry); int (*inode_unlink) (struct inode *dir, struct dentry *dentry); int (*inode_symlink) (struct inode *dir, struct dentry *dentry, const char *old_name); @@ -1091,10 +1078,6 @@ struct security_operations { int mode, dev_t dev); int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry); - void (*inode_post_rename) (struct inode *old_dir, - struct dentry *old_dentry, - struct inode *new_dir, - struct dentry *new_dentry); int (*inode_readlink) (struct dentry *dentry); int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd); int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd); @@ -1459,15 +1442,6 @@ static inline int security_inode_link (s return security_ops->inode_link (old_dentry, dir, new_dentry); } -static inline void security_inode_post_link (struct dentry *old_dentry, - struct inode *dir, - struct dentry *new_dentry) -{ - if (new_dentry->d_inode && unlikely (IS_PRIVATE (new_dentry->d_inode))) - return; - security_ops->inode_post_link (old_dentry, dir, new_dentry); -} - static inline int security_inode_unlink (struct inode *dir, struct dentry *dentry) { @@ -1523,18 +1497,6 @@ static inline int security_inode_rename new_dir, new_dentry); } -static inline void security_inode_post_rename (struct inode *old_dir, - struct dentry *old_dentry, - struct inode *new_dir, - struct dentry *new_dentry) -{ - if (unlikely (IS_PRIVATE (old_dentry->d_inode) || - (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode)))) - return; - security_ops->inode_post_rename (old_dir, old_dentry, - new_dir, new_dentry); -} - static inline int security_inode_readlink (struct dentry *dentry) { if (unlikely (IS_PRIVATE (dentry->d_inode))) @@ -2162,11 +2124,6 @@ static inline int security_inode_link (s return 0; } -static inline void security_inode_post_link (struct dentry *old_dentry, - struct inode *dir, - struct dentry *new_dentry) -{ } - static inline int security_inode_unlink (struct inode *dir, struct dentry *dentry) { @@ -2208,12 +2165,6 @@ static inline int security_inode_rename return 0; } -static inline void security_inode_post_rename (struct inode *old_dir, - struct dentry *old_dentry, - struct inode *new_dir, - struct dentry *new_dentry) -{ } - static inline int security_inode_readlink (struct dentry *dentry) { return 0; diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/security/dummy.c linux-2.6.13-rc2-mm2-killpost2/security/dummy.c --- linux-2.6.13-rc2-mm2-killpost/security/dummy.c 2005-07-14 10:53:01.000000000 -0400 +++ linux-2.6.13-rc2-mm2-killpost2/security/dummy.c 2005-07-14 16:36:28.000000000 -0400 @@ -276,13 +276,6 @@ static int dummy_inode_link (struct dent return 0; } -static void dummy_inode_post_link (struct dentry *old_dentry, - struct inode *inode, - struct dentry *new_dentry) -{ - return; -} - static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry) { return 0; @@ -319,14 +312,6 @@ static int dummy_inode_rename (struct in return 0; } -static void dummy_inode_post_rename (struct inode *old_inode, - struct dentry *old_dentry, - struct inode *new_inode, - struct dentry *new_dentry) -{ - return; -} - static int dummy_inode_readlink (struct dentry *dentry) { return 0; @@ -871,14 +856,12 @@ void security_fixup_ops (struct security set_to_dummy_if_null(ops, inode_init_security); set_to_dummy_if_null(ops, inode_create); set_to_dummy_if_null(ops, inode_link); - set_to_dummy_if_null(ops, inode_post_link); set_to_dummy_if_null(ops, inode_unlink); set_to_dummy_if_null(ops, inode_symlink); set_to_dummy_if_null(ops, inode_mkdir); set_to_dummy_if_null(ops, inode_rmdir); set_to_dummy_if_null(ops, inode_mknod); set_to_dummy_if_null(ops, inode_rename); - set_to_dummy_if_null(ops, inode_post_rename); set_to_dummy_if_null(ops, inode_readlink); set_to_dummy_if_null(ops, inode_follow_link); set_to_dummy_if_null(ops, inode_permission); diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/security/selinux/hooks.c linux-2.6.13-rc2-mm2-killpost2/security/selinux/hooks.c --- linux-2.6.13-rc2-mm2-killpost/security/selinux/hooks.c 2005-07-14 11:02:55.000000000 -0400 +++ linux-2.6.13-rc2-mm2-killpost2/security/selinux/hooks.c 2005-07-14 16:21:26.000000000 -0400 @@ -2009,11 +2009,6 @@ static int selinux_inode_link(struct den return may_link(dir, old_dentry, MAY_LINK); } -static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *inode, struct dentry *new_dentry) -{ - return; -} - static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry) { int rc; @@ -2056,12 +2051,6 @@ static int selinux_inode_rename(struct i return may_rename(old_inode, old_dentry, new_inode, new_dentry); } -static void selinux_inode_post_rename(struct inode *old_inode, struct dentry *old_dentry, - struct inode *new_inode, struct dentry *new_dentry) -{ - return; -} - static int selinux_inode_readlink(struct dentry *dentry) { return dentry_has_perm(current, NULL, dentry, FILE__READ); @@ -4257,14 +4246,12 @@ static struct security_operations selinu .inode_init_security = selinux_inode_init_security, .inode_create = selinux_inode_create, .inode_link = selinux_inode_link, - .inode_post_link = selinux_inode_post_link, .inode_unlink = selinux_inode_unlink, .inode_symlink = selinux_inode_symlink, .inode_mkdir = selinux_inode_mkdir, .inode_rmdir = selinux_inode_rmdir, .inode_mknod = selinux_inode_mknod, .inode_rename = selinux_inode_rename, - .inode_post_rename = selinux_inode_post_rename, .inode_readlink = selinux_inode_readlink, .inode_follow_link = selinux_inode_follow_link, .inode_permission = selinux_inode_permission, -- Stephen Smalley National Security Agency
This archive was generated by hypermail 2.1.3 : Thu Jul 14 2005 - 13:54:49 PDT