On Thu, 2005-07-14 at 12:41 -0700, Chris Wright wrote:
> * Stephen Smalley (sds@private) wrote:
> > This patch removes the inode_post_create/mkdir/mknod/symlink LSM hooks
> > as they are obsoleted by the new inode_init_security hook that enables
> > atomic inode security labeling. If anyone sees any reason to retain these hooks,
> > please speak now. Also, is anyone using the post_rename/link hooks; if not,
> > those could also be removed.
>
> Please remove post_rename. The dentry args are garbage anyway.
This patch removes the inode_post_link and inode_post_rename LSM hooks
as they are unused (and likely useless).
Signed-off-by: Stephen Smalley <sds@private>
---
fs/namei.c | 10 +--------
include/linux/security.h | 49 -----------------------------------------------
security/dummy.c | 17 ----------------
security/selinux/hooks.c | 13 ------------
5 files changed, 2 insertions(+), 87 deletions(-)
diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/fs/namei.c linux-2.6.13-rc2-mm2-killpost2/fs/namei.c
--- linux-2.6.13-rc2-mm2-killpost/fs/namei.c 2005-07-14 10:53:01.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/fs/namei.c 2005-07-14 16:21:49.000000000 -0400
@@ -2015,10 +2015,8 @@ int vfs_link(struct dentry *old_dentry,
DQUOT_INIT(dir);
error = dir->i_op->link(old_dentry, dir, new_dentry);
up(&old_dentry->d_inode->i_sem);
- if (!error) {
+ if (!error)
fsnotify_create(dir, new_dentry->d_name.name);
- security_inode_post_link(old_dentry, dir, new_dentry);
- }
return error;
}
@@ -2137,11 +2135,8 @@ static int vfs_rename_dir(struct inode *
d_rehash(new_dentry);
dput(new_dentry);
}
- if (!error) {
+ if (!error)
d_move(old_dentry,new_dentry);
- security_inode_post_rename(old_dir, old_dentry,
- new_dir, new_dentry);
- }
return error;
}
@@ -2167,7 +2162,6 @@ static int vfs_rename_other(struct inode
/* The following d_move() should become unconditional */
if (!(old_dir->i_sb->s_type->fs_flags & FS_ODD_RENAME))
d_move(old_dentry, new_dentry);
- security_inode_post_rename(old_dir, old_dentry, new_dir, new_dentry);
}
if (target)
up(&target->i_sem);
diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/include/linux/security.h linux-2.6.13-rc2-mm2-killpost2/include/linux/security.h
--- linux-2.6.13-rc2-mm2-killpost/include/linux/security.h 2005-07-14 10:53:01.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/include/linux/security.h 2005-07-14 16:36:07.000000000 -0400
@@ -281,11 +281,6 @@ struct swap_info_struct;
* @dir contains the inode structure of the parent directory of the new link.
* @new_dentry contains the dentry structure for the new link.
* Return 0 if permission is granted.
- * @inode_post_link:
- * Set security attributes for a new hard link to a file.
- * @old_dentry contains the dentry structure for the existing link.
- * @dir contains the inode structure of the parent directory of the new file.
- * @new_dentry contains the dentry structure for the new file link.
* @inode_unlink:
* Check the permission to remove a hard link to a file.
* @dir contains the inode structure of parent directory of the file.
@@ -326,12 +321,6 @@ struct swap_info_struct;
* @new_dir contains the inode structure for parent of the new link.
* @new_dentry contains the dentry structure of the new link.
* Return 0 if permission is granted.
- * @inode_post_rename:
- * Set security attributes on a renamed file or directory.
- * @old_dir contains the inode structure for parent of the old link.
- * @old_dentry contains the dentry structure of the old link.
- * @new_dir contains the inode structure for parent of the new link.
- * @new_dentry contains the dentry structure of the new link.
* @inode_readlink:
* Check the permission to read the symbolic link.
* @dentry contains the dentry structure for the file link.
@@ -1080,8 +1069,6 @@ struct security_operations {
struct dentry *dentry, int mode);
int (*inode_link) (struct dentry *old_dentry,
struct inode *dir, struct dentry *new_dentry);
- void (*inode_post_link) (struct dentry *old_dentry,
- struct inode *dir, struct dentry *new_dentry);
int (*inode_unlink) (struct inode *dir, struct dentry *dentry);
int (*inode_symlink) (struct inode *dir,
struct dentry *dentry, const char *old_name);
@@ -1091,10 +1078,6 @@ struct security_operations {
int mode, dev_t dev);
int (*inode_rename) (struct inode *old_dir, struct dentry *old_dentry,
struct inode *new_dir, struct dentry *new_dentry);
- void (*inode_post_rename) (struct inode *old_dir,
- struct dentry *old_dentry,
- struct inode *new_dir,
- struct dentry *new_dentry);
int (*inode_readlink) (struct dentry *dentry);
int (*inode_follow_link) (struct dentry *dentry, struct nameidata *nd);
int (*inode_permission) (struct inode *inode, int mask, struct nameidata *nd);
@@ -1459,15 +1442,6 @@ static inline int security_inode_link (s
return security_ops->inode_link (old_dentry, dir, new_dentry);
}
-static inline void security_inode_post_link (struct dentry *old_dentry,
- struct inode *dir,
- struct dentry *new_dentry)
-{
- if (new_dentry->d_inode && unlikely (IS_PRIVATE (new_dentry->d_inode)))
- return;
- security_ops->inode_post_link (old_dentry, dir, new_dentry);
-}
-
static inline int security_inode_unlink (struct inode *dir,
struct dentry *dentry)
{
@@ -1523,18 +1497,6 @@ static inline int security_inode_rename
new_dir, new_dentry);
}
-static inline void security_inode_post_rename (struct inode *old_dir,
- struct dentry *old_dentry,
- struct inode *new_dir,
- struct dentry *new_dentry)
-{
- if (unlikely (IS_PRIVATE (old_dentry->d_inode) ||
- (new_dentry->d_inode && IS_PRIVATE (new_dentry->d_inode))))
- return;
- security_ops->inode_post_rename (old_dir, old_dentry,
- new_dir, new_dentry);
-}
-
static inline int security_inode_readlink (struct dentry *dentry)
{
if (unlikely (IS_PRIVATE (dentry->d_inode)))
@@ -2162,11 +2124,6 @@ static inline int security_inode_link (s
return 0;
}
-static inline void security_inode_post_link (struct dentry *old_dentry,
- struct inode *dir,
- struct dentry *new_dentry)
-{ }
-
static inline int security_inode_unlink (struct inode *dir,
struct dentry *dentry)
{
@@ -2208,12 +2165,6 @@ static inline int security_inode_rename
return 0;
}
-static inline void security_inode_post_rename (struct inode *old_dir,
- struct dentry *old_dentry,
- struct inode *new_dir,
- struct dentry *new_dentry)
-{ }
-
static inline int security_inode_readlink (struct dentry *dentry)
{
return 0;
diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/security/dummy.c linux-2.6.13-rc2-mm2-killpost2/security/dummy.c
--- linux-2.6.13-rc2-mm2-killpost/security/dummy.c 2005-07-14 10:53:01.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/security/dummy.c 2005-07-14 16:36:28.000000000 -0400
@@ -276,13 +276,6 @@ static int dummy_inode_link (struct dent
return 0;
}
-static void dummy_inode_post_link (struct dentry *old_dentry,
- struct inode *inode,
- struct dentry *new_dentry)
-{
- return;
-}
-
static int dummy_inode_unlink (struct inode *inode, struct dentry *dentry)
{
return 0;
@@ -319,14 +312,6 @@ static int dummy_inode_rename (struct in
return 0;
}
-static void dummy_inode_post_rename (struct inode *old_inode,
- struct dentry *old_dentry,
- struct inode *new_inode,
- struct dentry *new_dentry)
-{
- return;
-}
-
static int dummy_inode_readlink (struct dentry *dentry)
{
return 0;
@@ -871,14 +856,12 @@ void security_fixup_ops (struct security
set_to_dummy_if_null(ops, inode_init_security);
set_to_dummy_if_null(ops, inode_create);
set_to_dummy_if_null(ops, inode_link);
- set_to_dummy_if_null(ops, inode_post_link);
set_to_dummy_if_null(ops, inode_unlink);
set_to_dummy_if_null(ops, inode_symlink);
set_to_dummy_if_null(ops, inode_mkdir);
set_to_dummy_if_null(ops, inode_rmdir);
set_to_dummy_if_null(ops, inode_mknod);
set_to_dummy_if_null(ops, inode_rename);
- set_to_dummy_if_null(ops, inode_post_rename);
set_to_dummy_if_null(ops, inode_readlink);
set_to_dummy_if_null(ops, inode_follow_link);
set_to_dummy_if_null(ops, inode_permission);
diff -X /home/sds/dontdiff -rup linux-2.6.13-rc2-mm2-killpost/security/selinux/hooks.c linux-2.6.13-rc2-mm2-killpost2/security/selinux/hooks.c
--- linux-2.6.13-rc2-mm2-killpost/security/selinux/hooks.c 2005-07-14 11:02:55.000000000 -0400
+++ linux-2.6.13-rc2-mm2-killpost2/security/selinux/hooks.c 2005-07-14 16:21:26.000000000 -0400
@@ -2009,11 +2009,6 @@ static int selinux_inode_link(struct den
return may_link(dir, old_dentry, MAY_LINK);
}
-static void selinux_inode_post_link(struct dentry *old_dentry, struct inode *inode, struct dentry *new_dentry)
-{
- return;
-}
-
static int selinux_inode_unlink(struct inode *dir, struct dentry *dentry)
{
int rc;
@@ -2056,12 +2051,6 @@ static int selinux_inode_rename(struct i
return may_rename(old_inode, old_dentry, new_inode, new_dentry);
}
-static void selinux_inode_post_rename(struct inode *old_inode, struct dentry *old_dentry,
- struct inode *new_inode, struct dentry *new_dentry)
-{
- return;
-}
-
static int selinux_inode_readlink(struct dentry *dentry)
{
return dentry_has_perm(current, NULL, dentry, FILE__READ);
@@ -4257,14 +4246,12 @@ static struct security_operations selinu
.inode_init_security = selinux_inode_init_security,
.inode_create = selinux_inode_create,
.inode_link = selinux_inode_link,
- .inode_post_link = selinux_inode_post_link,
.inode_unlink = selinux_inode_unlink,
.inode_symlink = selinux_inode_symlink,
.inode_mkdir = selinux_inode_mkdir,
.inode_rmdir = selinux_inode_rmdir,
.inode_mknod = selinux_inode_mknod,
.inode_rename = selinux_inode_rename,
- .inode_post_rename = selinux_inode_post_rename,
.inode_readlink = selinux_inode_readlink,
.inode_follow_link = selinux_inode_follow_link,
.inode_permission = selinux_inode_permission,
--
Stephen Smalley
National Security Agency
This archive was generated by hypermail 2.1.3 : Thu Jul 14 2005 - 13:54:49 PDT