Commit 43ed8c3b4573d5f5cd314937fee63b4ab046ac5f
Committed by
James Morris
James Morris
1 parent
0968d0060a
Exists in
master
and in
7 other branches
security: remove dead hook task_setuid
Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 4 changed files with 0 additions and 46 deletions Side-by-side Diff
include/linux/security.h
| ... | ... | @@ -674,18 +674,6 @@ |
| 674 | 674 | * userspace to load a kernel module with the given name. |
| 675 | 675 | * @kmod_name name of the module requested by the kernel |
| 676 | 676 | * Return 0 if successful. |
| 677 | - * @task_setuid: | |
| 678 | - * Check permission before setting one or more of the user identity | |
| 679 | - * attributes of the current process. The @flags parameter indicates | |
| 680 | - * which of the set*uid system calls invoked this hook and how to | |
| 681 | - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID | |
| 682 | - * definitions at the beginning of this file for the @flags values and | |
| 683 | - * their meanings. | |
| 684 | - * @id0 contains a uid. | |
| 685 | - * @id1 contains a uid. | |
| 686 | - * @id2 contains a uid. | |
| 687 | - * @flags contains one of the LSM_SETID_* values. | |
| 688 | - * Return 0 if permission is granted. | |
| 689 | 677 | * @task_fix_setuid: |
| 690 | 678 | * Update the module's state after setting one or more of the user |
| 691 | 679 | * identity attributes of the current process. The @flags parameter |
| ... | ... | @@ -1536,7 +1524,6 @@ |
| 1536 | 1524 | int (*kernel_act_as)(struct cred *new, u32 secid); |
| 1537 | 1525 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); |
| 1538 | 1526 | int (*kernel_module_request)(char *kmod_name); |
| 1539 | - int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | |
| 1540 | 1527 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
| 1541 | 1528 | int flags); |
| 1542 | 1529 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); |
| ... | ... | @@ -1793,7 +1780,6 @@ |
| 1793 | 1780 | int security_kernel_act_as(struct cred *new, u32 secid); |
| 1794 | 1781 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); |
| 1795 | 1782 | int security_kernel_module_request(char *kmod_name); |
| 1796 | -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | |
| 1797 | 1783 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
| 1798 | 1784 | int flags); |
| 1799 | 1785 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); |
| ... | ... | @@ -2326,12 +2312,6 @@ |
| 2326 | 2312 | } |
| 2327 | 2313 | |
| 2328 | 2314 | static inline int security_kernel_module_request(char *kmod_name) |
| 2329 | -{ | |
| 2330 | - return 0; | |
| 2331 | -} | |
| 2332 | - | |
| 2333 | -static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | |
| 2334 | - int flags) | |
| 2335 | 2315 | { |
| 2336 | 2316 | return 0; |
| 2337 | 2317 | } |
kernel/sys.c
| ... | ... | @@ -609,10 +609,6 @@ |
| 609 | 609 | return -ENOMEM; |
| 610 | 610 | old = current_cred(); |
| 611 | 611 | |
| 612 | - retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); | |
| 613 | - if (retval) | |
| 614 | - goto error; | |
| 615 | - | |
| 616 | 612 | retval = -EPERM; |
| 617 | 613 | if (ruid != (uid_t) -1) { |
| 618 | 614 | new->uid = ruid; |
| ... | ... | @@ -674,10 +670,6 @@ |
| 674 | 670 | return -ENOMEM; |
| 675 | 671 | old = current_cred(); |
| 676 | 672 | |
| 677 | - retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); | |
| 678 | - if (retval) | |
| 679 | - goto error; | |
| 680 | - | |
| 681 | 673 | retval = -EPERM; |
| 682 | 674 | if (capable(CAP_SETUID)) { |
| 683 | 675 | new->suid = new->uid = uid; |
| ... | ... | @@ -718,9 +710,6 @@ |
| 718 | 710 | if (!new) |
| 719 | 711 | return -ENOMEM; |
| 720 | 712 | |
| 721 | - retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); | |
| 722 | - if (retval) | |
| 723 | - goto error; | |
| 724 | 713 | old = current_cred(); |
| 725 | 714 | |
| 726 | 715 | retval = -EPERM; |
| ... | ... | @@ -850,9 +839,6 @@ |
| 850 | 839 | old = current_cred(); |
| 851 | 840 | old_fsuid = old->fsuid; |
| 852 | 841 | |
| 853 | - if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0) | |
| 854 | - goto error; | |
| 855 | - | |
| 856 | 842 | if (uid == old->uid || uid == old->euid || |
| 857 | 843 | uid == old->suid || uid == old->fsuid || |
| 858 | 844 | capable(CAP_SETUID)) { |
| ... | ... | @@ -863,7 +849,6 @@ |
| 863 | 849 | } |
| 864 | 850 | } |
| 865 | 851 | |
| 866 | -error: | |
| 867 | 852 | abort_creds(new); |
| 868 | 853 | return old_fsuid; |
| 869 | 854 |
security/capability.c
| ... | ... | @@ -392,11 +392,6 @@ |
| 392 | 392 | return 0; |
| 393 | 393 | } |
| 394 | 394 | |
| 395 | -static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |
| 396 | -{ | |
| 397 | - return 0; | |
| 398 | -} | |
| 399 | - | |
| 400 | 395 | static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) |
| 401 | 396 | { |
| 402 | 397 | return 0; |
| ... | ... | @@ -972,7 +967,6 @@ |
| 972 | 967 | set_to_cap_if_null(ops, kernel_act_as); |
| 973 | 968 | set_to_cap_if_null(ops, kernel_create_files_as); |
| 974 | 969 | set_to_cap_if_null(ops, kernel_module_request); |
| 975 | - set_to_cap_if_null(ops, task_setuid); | |
| 976 | 970 | set_to_cap_if_null(ops, task_fix_setuid); |
| 977 | 971 | set_to_cap_if_null(ops, task_setgid); |
| 978 | 972 | set_to_cap_if_null(ops, task_setpgid); |
security/security.c
| ... | ... | @@ -732,11 +732,6 @@ |
| 732 | 732 | return security_ops->kernel_module_request(kmod_name); |
| 733 | 733 | } |
| 734 | 734 | |
| 735 | -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |
| 736 | -{ | |
| 737 | - return security_ops->task_setuid(id0, id1, id2, flags); | |
| 738 | -} | |
| 739 | - | |
| 740 | 735 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
| 741 | 736 | int flags) |
| 742 | 737 | { |