Re: [RFC][PATCH] Remove security_inode_post_create/mkdir/symlink/mknod hooks

From: Stephen Smalley (sds@private)
Date: Thu Jul 14 2005 - 13:51:32 PDT


On Thu, 2005-07-14 at 12:41 -0700, Chris Wright wrote:
> * Stephen Smalley (sds@private) wrote:
> > This patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks
> > as they are obsoleted by the new inode_init_security hook that enables
> > atomic inode security labeling.  If anyone sees any reason to retain these hooks,
> > please speak now.  Also, is anyone using the post_rename/link hooks; if not,
> > those could also be removed.
> 
> Please remove post_rename.  The dentry args are garbage anyway.

This patch removes the inode_post_link and inode_post_rename LSM hooks
as they are unused (and likely useless). 

Signed-off-by:  Stephen Smalley <sds@private>
---

 fs/namei.c               |   10 +--------
 include/linux/security.h |   49 -----------------------------------------------
 security/dummy.c         |   17 ----------------
 security/selinux/hooks.c |   13 ------------
 5 files changed, 2 insertions(+), 87 deletions(-)

diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/fs/namei.c linux-2.6.13-rc2-mm2-killpost2/fs/namei.c
--- linux-2.6.13-rc2-mm2-killpost/fs/namei.c	2005-07-14 10:53:01.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/fs/namei.c	2005-07-14 16:21:49.000000000 -0400
@@ -2015,10 +2015,8 @@ int vfs_link(struct dentry *old_dentry, 
 	DQUOT_INIT(dir);
 	error = dir->i_op->link(old_dentry, dir, new_dentry);
 	up(&old_dentry->d_inode->i_sem);
-	if (!error) {
+	if (!error)
 		fsnotify_create(dir, new_dentry->d_name.name);
-		security_inode_post_link(old_dentry, dir, new_dentry);
-	}
 	return error;
 }
 
@@ -2137,11 +2135,8 @@ static int vfs_rename_dir(struct inode *
 			d_rehash(new_dentry);
 		dput(new_dentry);
 	}
-	if (!error) {
+	if (!error)
 		d_move(old_dentry,new_dentry);
-		security_inode_post_rename(old_dir, old_dentry,
-					   new_dir, new_dentry);
-	}
 	return error;
 }
 
@@ -2167,7 +2162,6 @@ static int vfs_rename_other(struct inode
 		/* The following d_move() should become unconditional */
 		if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
 			d_move(old_dentry, new_dentry);
-		security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
 	}
 	if (target)
 		up(&target->i_sem);
diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/include/linux/security.h linux-2.6.13-rc2-mm2-killpost2/include/linux/security.h
--- linux-2.6.13-rc2-mm2-killpost/include/linux/security.h	2005-07-14 10:53:01.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/include/linux/security.h	2005-07-14 16:36:07.000000000 -0400
@@ -281,11 +281,6 @@ struct swap_info_struct;
  *	@dir contains the inode structure of the parent directory of the new link.
  *	@new_dentry contains the dentry structure for the new link.
  *	Return 0 if permission is granted.
- * @inode_post_link:
- *	Set security attributes for a new hard link to a file.
- *	@old_dentry contains the dentry structure for the existing link.
- *	@dir contains the inode structure of the parent directory of the new file.
- *	@new_dentry contains the dentry structure for the new file link.
  * @inode_unlink:
  *	Check the permission to remove a hard link to a file. 
  *	@dir contains the inode structure of parent directory of the file.
@@ -326,12 +321,6 @@ struct swap_info_struct;
  *	@new_dir contains the inode structure for parent of the new link.
  *	@new_dentry contains the dentry structure of the new link.
  *	Return 0 if permission is granted.
- * @inode_post_rename:
- *	Set security attributes on a renamed file or directory.
- *	@old_dir contains the inode structure for parent of the old link.
- *	@old_dentry contains the dentry structure of the old link.
- *	@new_dir contains the inode structure for parent of the new link.
- *	@new_dentry contains the dentry structure of the new link.
  * @inode_readlink:
  *	Check the permission to read the symbolic link.
  *	@dentry contains the dentry structure for the file link.
@@ -1080,8 +1069,6 @@ struct security_operations {
 	                     struct dentry *dentry, int mode);
 	int (*inode_link) (struct dentry *old_dentry,
 	                   struct inode *dir, struct dentry *new_dentry);
-	void (*inode_post_link) (struct dentry *old_dentry,
-	                         struct inode *dir, struct dentry *new_dentry);
 	int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
 	int (*inode_symlink) (struct inode *dir,
 	                      struct dentry *dentry, const char *old_name);
@@ -1091,10 +1078,6 @@ struct security_operations {
 	                    int mode, dev_t dev);
 	int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
 	                     struct inode *new_dir, struct dentry *new_dentry);
-	void (*inode_post_rename) (struct inode *old_dir,
-	                           struct dentry *old_dentry,
-	                           struct inode *new_dir,
-	                           struct dentry *new_dentry);
 	int (*inode_readlink) (struct dentry *dentry);
 	int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
 	int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
@@ -1459,15 +1442,6 @@ static inline int security_inode_link (s
 	return security_ops->inode_link (old_dentry, dir, new_dentry);
 }
 
-static inline void security_inode_post_link (struct dentry *old_dentry,
-					     struct inode *dir,
-					     struct dentry *new_dentry)
-{
-	if (new_dentry->d_inode && unlikely (IS_PRIVATE (new_dentry->d_inode)))
-		return;
-	security_ops->inode_post_link (old_dentry, dir, new_dentry);
-}
-
 static inline int security_inode_unlink (struct inode *dir,
 					 struct dentry *dentry)
 {
@@ -1523,18 +1497,6 @@ static inline int security_inode_rename 
 					   new_dir, new_dentry);
 }
 
-static inline void security_inode_post_rename (struct inode *old_dir,
-					       struct dentry *old_dentry,
-					       struct inode *new_dir,
-					       struct dentry *new_dentry)
-{
-	if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
-	    (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
-		return;
-	security_ops->inode_post_rename (old_dir, old_dentry,
-						new_dir, new_dentry);
-}
-
 static inline int security_inode_readlink (struct dentry *dentry)
 {
 	if (unlikely (IS_PRIVATE (dentry->d_inode)))
@@ -2162,11 +2124,6 @@ static inline int security_inode_link (s
 	return 0;
 }
 
-static inline void security_inode_post_link (struct dentry *old_dentry,
-					     struct inode *dir,
-					     struct dentry *new_dentry)
-{ }
-
 static inline int security_inode_unlink (struct inode *dir,
 					 struct dentry *dentry)
 {
@@ -2208,12 +2165,6 @@ static inline int security_inode_rename 
 	return 0;
 }
 
-static inline void security_inode_post_rename (struct inode *old_dir,
-					       struct dentry *old_dentry,
-					       struct inode *new_dir,
-					       struct dentry *new_dentry)
-{ }
-
 static inline int security_inode_readlink (struct dentry *dentry)
 {
 	return 0;
diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/security/dummy.c linux-2.6.13-rc2-mm2-killpost2/security/dummy.c
--- linux-2.6.13-rc2-mm2-killpost/security/dummy.c	2005-07-14 10:53:01.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/security/dummy.c	2005-07-14 16:36:28.000000000 -0400
@@ -276,13 +276,6 @@ static int dummy_inode_link (struct dent
 	return 0;
 }
 
-static void dummy_inode_post_link (struct dentry *old_dentry,
-				   struct inode *inode,
-				   struct dentry *new_dentry)
-{
-	return;
-}
-
 static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
 {
 	return 0;
@@ -319,14 +312,6 @@ static int dummy_inode_rename (struct in
 	return 0;
 }
 
-static void dummy_inode_post_rename (struct inode *old_inode,
-				     struct dentry *old_dentry,
-				     struct inode *new_inode,
-				     struct dentry *new_dentry)
-{
-	return;
-}
-
 static int dummy_inode_readlink (struct dentry *dentry)
 {
 	return 0;
@@ -871,14 +856,12 @@ void security_fixup_ops (struct security
 	set_to_dummy_if_null(ops, inode_init_security);
 	set_to_dummy_if_null(ops, inode_create);
 	set_to_dummy_if_null(ops, inode_link);
-	set_to_dummy_if_null(ops, inode_post_link);
 	set_to_dummy_if_null(ops, inode_unlink);
 	set_to_dummy_if_null(ops, inode_symlink);
 	set_to_dummy_if_null(ops, inode_mkdir);
 	set_to_dummy_if_null(ops, inode_rmdir);
 	set_to_dummy_if_null(ops, inode_mknod);
 	set_to_dummy_if_null(ops, inode_rename);
-	set_to_dummy_if_null(ops, inode_post_rename);
 	set_to_dummy_if_null(ops, inode_readlink);
 	set_to_dummy_if_null(ops, inode_follow_link);
 	set_to_dummy_if_null(ops, inode_permission);
diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/security/selinux/hooks.c linux-2.6.13-rc2-mm2-killpost2/security/selinux/hooks.c
--- linux-2.6.13-rc2-mm2-killpost/security/selinux/hooks.c	2005-07-14 11:02:55.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/security/selinux/hooks.c	2005-07-14 16:21:26.000000000 -0400
@@ -2009,11 +2009,6 @@ static int selinux_inode_link(struct den
 	return may_link(dir, old_dentry, MAY_LINK);
 }
 
-static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *inode, struct dentry *new_dentry)
-{
-	return;
-}
-
 static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
 {
 	int rc;
@@ -2056,12 +2051,6 @@ static int selinux_inode_rename(struct i
 	return may_rename(old_inode, old_dentry, new_inode, new_dentry);
 }
 
-static void selinux_inode_post_rename(struct inode *old_inode, struct dentry *old_dentry,
-                                      struct inode *new_inode, struct dentry *new_dentry)
-{
-	return;
-}
-
 static int selinux_inode_readlink(struct dentry *dentry)
 {
 	return dentry_has_perm(current, NULL, dentry, FILE__READ);
@@ -4257,14 +4246,12 @@ static struct security_operations selinu
 	.inode_init_security =		selinux_inode_init_security,
 	.inode_create =			selinux_inode_create,
 	.inode_link =			selinux_inode_link,
-	.inode_post_link =		selinux_inode_post_link,
 	.inode_unlink =			selinux_inode_unlink,
 	.inode_symlink =		selinux_inode_symlink,
 	.inode_mkdir =			selinux_inode_mkdir,
 	.inode_rmdir =			selinux_inode_rmdir,
 	.inode_mknod =			selinux_inode_mknod,
 	.inode_rename =			selinux_inode_rename,
-	.inode_post_rename =		selinux_inode_post_rename,
 	.inode_readlink =		selinux_inode_readlink,
 	.inode_follow_link =		selinux_inode_follow_link,
 	.inode_permission =		selinux_inode_permission,

-- 
Stephen Smalley
National Security Agency



This archive was generated by hypermail 2.1.3 : Thu Jul 14 2005 - 13:54:49 PDT