lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070814212618.GZ18945@stusta.de>
Date:	Tue, 14 Aug 2007 23:26:19 +0200
From:	Adrian Bunk <bunk@...nel.org>
To:	Andrew Morton <akpm@...ux-foundation.org>,
	James Morris <jmorris@...ei.org>,
	Chris Wright <chrisw@...s-sol.org>,
	Stephen Smalley <sds@...ho.nsa.gov>, greg@...ah.com
Cc:	linux-kernel@...r.kernel.org
Subject: [-mm patch] security/ cleanups

This patch contains the following cleanups that are now possible:
- remove the unused security_operations->inode_xattr_getsuffix
- remove the no longer used security_operations->unregister_security
- remove some no longer required exit code
- remove a bunch of no longer used exports

Signed-off-by: Adrian Bunk <bunk@...nel.org>
Acked-by: James Morris <jmorris@...ei.org>

---

 drivers/usb/core/usb.c   |    2 -
 fs/exec.c                |    2 -
 include/linux/security.h |   15 ----------
 kernel/capability.c      |    4 --
 mm/mmap.c                |    2 -
 mm/nommu.c               |    1 
 security/commoncap.c     |   21 --------------
 security/dummy.c         |   12 --------
 security/inode.c         |    8 -----
 security/security.c      |   58 ---------------------------------------
 security/selinux/hooks.c |   20 -------------
 11 files changed, 1 insertion(+), 144 deletions(-)

--- linux-2.6.23-rc1-mm1/include/linux/security.h.old	2007-07-26 03:03:21.000000000 +0200
+++ linux-2.6.23-rc1-mm1/include/linux/security.h	2007-07-26 03:08:11.000000000 +0200
@@ -1136,10 +1136,6 @@ struct request_sock;
  * 	allow module stacking.
  * 	@name contains the name of the security module being stacked.
  * 	@ops contains a pointer to the struct security_operations of the module to stack.
- * @unregister_security:
- *	remove a stacked module.
- *	@name contains the name of the security module being unstacked.
- *	@ops contains a pointer to the struct security_operations of the module to unstack.
  * 
  * @secid_to_secctx:
  *	Convert secid to security context.
@@ -1235,1 +1231,0 @@ struct security_operations {
-	const char *(*inode_xattr_getsuffix) (void);
@@ -1325,8 +1320,6 @@ struct security_operations {
 	/* allow module stacking */
 	int (*register_security) (const char *name,
 	                          struct security_operations *ops);
-	int (*unregister_security) (const char *name,
-	                            struct security_operations *ops);
 
 	void (*d_instantiate) (struct dentry *dentry, struct inode *inode);
 
@@ -1407,9 +1400,7 @@ struct security_operations {
 /* prototypes */
 extern int security_init	(void);
 extern int register_security	(struct security_operations *ops);
-extern int unregister_security	(struct security_operations *ops);
 extern int mod_reg_security	(const char *name, struct security_operations *ops);
-extern int mod_unreg_security	(const char *name, struct security_operations *ops);
 extern struct dentry *securityfs_create_file(const char *name, mode_t mode,
 					     struct dentry *parent, void *data,
 					     const struct file_operations *fops);
@@ -1490,1 +1481,0 @@ void security_inode_post_setxattr(struct
-const char *security_inode_xattr_getsuffix(void);
@@ -1879,9 +1869,4 @@ static inline int security_inode_removex
 }
 
-static inline const char *security_inode_xattr_getsuffix (void)
-{
-	return NULL ;
-}
-
 static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
 {
--- linux-2.6.23-rc1-mm1/security/security.c.old	2007-07-26 03:03:33.000000000 +0200
+++ linux-2.6.23-rc1-mm1/security/security.c	2007-07-27 22:24:41.000000000 +0200
@@ -71,6 +71,5 @@ int __init security_init(void)
  * This function is to allow a security module to register itself with the
  * kernel security subsystem.  Some rudimentary checking is done on the @ops
- * value passed to this function.  A call to unregister_security() should be
- * done to remove this security_options structure from the kernel.
+ * value passed to this function.
  *
  * If there is already a security module registered with the kernel,
@@ -94,31 +93,6 @@ int register_security(struct security_op
 }
 
 /**
- * unregister_security - unregisters a security framework with the kernel
- * @ops: a pointer to the struct security_options that is to be registered
- *
- * This function removes a struct security_operations variable that had
- * previously been registered with a successful call to register_security().
- *
- * If @ops does not match the valued previously passed to register_security()
- * an error is returned.  Otherwise the default security options is set to the
- * the dummy_security_ops structure, and 0 is returned.
- */
-int unregister_security(struct security_operations *ops)
-{
-	if (ops != security_ops) {
-		printk(KERN_INFO "%s: trying to unregister "
-		       "a security_opts structure that is not "
-		       "registered, failing.\n", __FUNCTION__);
-		return -EINVAL;
-	}
-
-	security_ops = &dummy_security_ops;
-
-	return 0;
-}
-
-/**
  * mod_reg_security - allows security modules to be "stacked"
  * @name: a pointer to a string with the name of the security_options to be registered
  * @ops: a pointer to the struct security_options that is to be registered
@@ -147,30 +121,6 @@ int mod_reg_security(const char *name, s
 	return security_ops->register_security(name, ops);
 }
 
-/**
- * mod_unreg_security - allows a security module registered with mod_reg_security() to be unloaded
- * @name: a pointer to a string with the name of the security_options to be removed
- * @ops: a pointer to the struct security_options that is to be removed
- *
- * This function allows security modules that have been successfully registered
- * with a call to mod_reg_security() to be unloaded from the system.
- * This calls the currently loaded security module's unregister_security() call
- * with the @name and @ops variables.
- *
- * The return value depends on the currently loaded security module, with 0 as
- * success.
- */
-int mod_unreg_security(const char *name, struct security_operations *ops)
-{
-	if (ops == security_ops) {
-		printk(KERN_INFO "%s invalid attempt to unregister "
-		       " primary security ops.\n", __FUNCTION__);
-		return -EINVAL;
-	}
-
-	return security_ops->unregister_security(name, ops);
-}
-
 /* Security operations */
 
 int security_ptrace(struct task_struct *parent, struct task_struct *child)
@@ -515,9 +465,4 @@ int security_inode_removexattr(struct de
 }
 
-const char *security_inode_xattr_getsuffix(void)
-{
-	return security_ops->inode_xattr_getsuffix();
-}
-
 int security_inode_getsecurity(const struct inode *inode, const char *name, void *buffer, size_t size, int err)
 {
@@ -841,7 +786,6 @@ int security_netlink_send(struct sock *s
 {
 	return security_ops->netlink_send(sk, skb);
 }
-EXPORT_SYMBOL(security_netlink_send);
 
 int security_netlink_recv(struct sk_buff *skb, int cap)
 {
--- linux-2.6.23-rc1-mm1/security/selinux/hooks.c.old	2007-07-26 03:05:47.000000000 +0200
+++ linux-2.6.23-rc1-mm1/security/selinux/hooks.c	2007-07-26 04:31:00.000000000 +0200
@@ -2402,11 +2402,6 @@ static int selinux_inode_removexattr (st
 	return -EACCES;
 }
 
-static const char *selinux_inode_xattr_getsuffix(void)
-{
-      return XATTR_SELINUX_SUFFIX;
-}
-
 /*
  * Copy the in-core inode security context value to the user.  If the
  * getxattr() prior to this succeeded, check to see if we need to
@@ -4486,19 +4481,6 @@ static int selinux_register_security (co
 	return 0;
 }
 
-static int selinux_unregister_security (const char *name, struct security_operations *ops)
-{
-	if (ops != secondary_ops) {
-		printk(KERN_ERR "%s:  trying to unregister a security module "
-		        "that is not registered.\n", __FUNCTION__);
-		return -EINVAL;
-	}
-
-	secondary_ops = original_ops;
-
-	return 0;
-}
-
 static void selinux_d_instantiate (struct dentry *dentry, struct inode *inode)
 {
 	if (inode)
@@ -4777,7 +4759,6 @@ static struct security_operations selinu
 	.inode_getxattr =		selinux_inode_getxattr,
 	.inode_listxattr =		selinux_inode_listxattr,
 	.inode_removexattr =		selinux_inode_removexattr,
-	.inode_xattr_getsuffix =        selinux_inode_xattr_getsuffix,
 	.inode_getsecurity =            selinux_inode_getsecurity,
 	.inode_setsecurity =            selinux_inode_setsecurity,
 	.inode_listsecurity =           selinux_inode_listsecurity,
@@ -4843,7 +4824,6 @@ static struct security_operations selinu
 	.sem_semop =			selinux_sem_semop,
 
 	.register_security =		selinux_register_security,
-	.unregister_security =		selinux_unregister_security,
 
 	.d_instantiate =                selinux_d_instantiate,
 
--- linux-2.6.23-rc1-mm1/security/dummy.c.old	2007-07-26 03:07:10.000000000 +0200
+++ linux-2.6.23-rc1-mm1/security/dummy.c	2007-07-26 03:08:21.000000000 +0200
@@ -391,11 +391,6 @@ static int dummy_inode_listsecurity(stru
 	return 0;
 }
 
-static const char *dummy_inode_xattr_getsuffix(void)
-{
-	return NULL;
-}
-
 static int dummy_file_permission (struct file *file, int mask)
 {
 	return 0;
@@ -900,11 +895,6 @@ static int dummy_register_security (cons
 	return -EINVAL;
 }
 
-static int dummy_unregister_security (const char *name, struct security_operations *ops)
-{
-	return -EINVAL;
-}
-
 static void dummy_d_instantiate (struct dentry *dentry, struct inode *inode)
 {
 	return;
@@ -1017,1 +1007,0 @@ void security_fixup_ops (struct security
-	set_to_dummy_if_null(ops, inode_xattr_getsuffix);
@@ -1077,7 +1066,6 @@ void security_fixup_ops (struct security
 	set_to_dummy_if_null(ops, netlink_send);
 	set_to_dummy_if_null(ops, netlink_recv);
 	set_to_dummy_if_null(ops, register_security);
-	set_to_dummy_if_null(ops, unregister_security);
 	set_to_dummy_if_null(ops, d_instantiate);
  	set_to_dummy_if_null(ops, getprocattr);
  	set_to_dummy_if_null(ops, setprocattr);
--- linux-2.6.23-rc1-mm1/security/inode.c.old	2007-07-26 03:12:26.000000000 +0200
+++ linux-2.6.23-rc1-mm1/security/inode.c	2007-07-26 03:14:11.000000000 +0200
@@ -332,14 +332,6 @@ static int __init securityfs_init(void)
 	return retval;
 }
 
-static void __exit securityfs_exit(void)
-{
-	simple_release_fs(&mount, &mount_count);
-	unregister_filesystem(&fs_type);
-	subsystem_unregister(&security_subsys);
-}
-
 core_initcall(securityfs_init);
-module_exit(securityfs_exit);
 MODULE_LICENSE("GPL");
 
--- linux-2.6.23-rc1-mm1/mm/mmap.c.old	2007-07-26 03:30:41.000000000 +0200
+++ linux-2.6.23-rc1-mm1/mm/mmap.c	2007-07-26 03:30:51.000000000 +0200
@@ -180,8 +180,6 @@ error:
 	return -ENOMEM;
 }
 
-EXPORT_SYMBOL(__vm_enough_memory);
-
 /*
  * Requires inode->i_mapping->i_mmap_lock
  */
--- linux-2.6.23-rc1-mm1/mm/nommu.c.old	2007-07-26 03:31:02.000000000 +0200
+++ linux-2.6.23-rc1-mm1/mm/nommu.c	2007-07-26 03:31:05.000000000 +0200
@@ -44,7 +44,6 @@ int sysctl_max_map_count = DEFAULT_MAX_M
 int heap_stack_gap = 0;
 
 EXPORT_SYMBOL(mem_map);
-EXPORT_SYMBOL(__vm_enough_memory);
 EXPORT_SYMBOL(num_physpages);
 
 /* list of shareable VMAs */
--- linux-2.6.23-rc1-mm1/kernel/capability.c.old	2007-07-26 03:32:34.000000000 +0200
+++ linux-2.6.23-rc1-mm1/kernel/capability.c	2007-07-26 03:34:42.000000000 +0200
@@ -18,9 +18,6 @@
 unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */
 kernel_cap_t cap_bset = CAP_INIT_EFF_SET;
 
-EXPORT_SYMBOL(securebits);
-EXPORT_SYMBOL(cap_bset);
-
 /*
  * This lock protects task->cap_* for all tasks including current.
  * Locking rule: acquire this prior to tasklist_lock.
@@ -245,7 +242,6 @@ int __capable(struct task_struct *t, int
 	}
 	return 0;
 }
-EXPORT_SYMBOL(__capable);
 
 int capable(int cap)
 {
--- linux-2.6.23-rc1-mm1/fs/exec.c.old	2007-07-26 03:33:12.000000000 +0200
+++ linux-2.6.23-rc1-mm1/fs/exec.c	2007-07-26 03:33:52.000000000 +0200
@@ -64,7 +64,6 @@ int core_uses_pid;
 char core_pattern[CORENAME_MAX_SIZE] = "core";
 int suid_dumpable = 0;
 
-EXPORT_SYMBOL(suid_dumpable);
 /* The maximal length of core_pattern is also specified in sysctl.c */
 
 static LIST_HEAD(formats);
@@ -1682,7 +1681,6 @@ void set_dumpable(struct mm_struct *mm, 
 		break;
 	}
 }
-EXPORT_SYMBOL_GPL(set_dumpable);
 
 int get_dumpable(struct mm_struct *mm)
 {
--- linux-2.6.23-rc1-mm1/security/commoncap.c.old	2007-07-26 03:44:04.000000000 +0200
+++ linux-2.6.23-rc1-mm1/security/commoncap.c	2007-07-26 04:24:01.000000000 +0200
@@ -31,8 +31,6 @@ int cap_netlink_send(struct sock *sk, st
 	return 0;
 }
 
-EXPORT_SYMBOL(cap_netlink_send);
-
 int cap_netlink_recv(struct sk_buff *skb, int cap)
 {
 	if (!cap_raised(NETLINK_CB(skb).eff_cap, cap))
@@ -498,22 +496,3 @@ int cap_vm_enough_memory(long pages)
 	return __vm_enough_memory(pages, cap_sys_admin);
 }
 
-EXPORT_SYMBOL(cap_capable);
-EXPORT_SYMBOL(cap_settime);
-EXPORT_SYMBOL(cap_ptrace);
-EXPORT_SYMBOL(cap_capget);
-EXPORT_SYMBOL(cap_capset_check);
-EXPORT_SYMBOL(cap_capset_set);
-EXPORT_SYMBOL(cap_bprm_set_security);
-EXPORT_SYMBOL(cap_bprm_apply_creds);
-EXPORT_SYMBOL(cap_bprm_secureexec);
-EXPORT_SYMBOL(cap_inode_setxattr);
-EXPORT_SYMBOL(cap_inode_removexattr);
-EXPORT_SYMBOL(cap_task_post_setuid);
-EXPORT_SYMBOL(cap_task_kill);
-EXPORT_SYMBOL(cap_task_setscheduler);
-EXPORT_SYMBOL(cap_task_setioprio);
-EXPORT_SYMBOL(cap_task_setnice);
-EXPORT_SYMBOL(cap_task_reparent_to_init);
-EXPORT_SYMBOL(cap_syslog);
-EXPORT_SYMBOL(cap_vm_enough_memory);
--- linux-2.6.23-rc1-mm1/drivers/usb/core/usb.c.old	2007-07-26 03:50:10.000000000 +0200
+++ linux-2.6.23-rc1-mm1/drivers/usb/core/usb.c	2007-07-26 03:50:19.000000000 +0200
@@ -981,7 +981,6 @@ EXPORT_SYMBOL(usb_altnum_to_altsetting);
 
 EXPORT_SYMBOL(__usb_get_extra_descriptor);
 
-EXPORT_SYMBOL(usb_find_device);
 EXPORT_SYMBOL(usb_get_current_frame_number);
 
 EXPORT_SYMBOL(usb_buffer_alloc);

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ