Commit 43ed8c3b4573d5f5cd314937fee63b4ab046ac5f
Committed by
James Morris
1 parent
0968d0060a
Exists in
master
and in
7 other branches
security: remove dead hook task_setuid
Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 4 changed files with 0 additions and 46 deletions Side-by-side Diff
include/linux/security.h
... | ... | @@ -674,18 +674,6 @@ |
674 | 674 | * userspace to load a kernel module with the given name. |
675 | 675 | * @kmod_name name of the module requested by the kernel |
676 | 676 | * Return 0 if successful. |
677 | - * @task_setuid: | |
678 | - * Check permission before setting one or more of the user identity | |
679 | - * attributes of the current process. The @flags parameter indicates | |
680 | - * which of the set*uid system calls invoked this hook and how to | |
681 | - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID | |
682 | - * definitions at the beginning of this file for the @flags values and | |
683 | - * their meanings. | |
684 | - * @id0 contains a uid. | |
685 | - * @id1 contains a uid. | |
686 | - * @id2 contains a uid. | |
687 | - * @flags contains one of the LSM_SETID_* values. | |
688 | - * Return 0 if permission is granted. | |
689 | 677 | * @task_fix_setuid: |
690 | 678 | * Update the module's state after setting one or more of the user |
691 | 679 | * identity attributes of the current process. The @flags parameter |
... | ... | @@ -1536,7 +1524,6 @@ |
1536 | 1524 | int (*kernel_act_as)(struct cred *new, u32 secid); |
1537 | 1525 | int (*kernel_create_files_as)(struct cred *new, struct inode *inode); |
1538 | 1526 | int (*kernel_module_request)(char *kmod_name); |
1539 | - int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); | |
1540 | 1527 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1541 | 1528 | int flags); |
1542 | 1529 | int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); |
... | ... | @@ -1793,7 +1780,6 @@ |
1793 | 1780 | int security_kernel_act_as(struct cred *new, u32 secid); |
1794 | 1781 | int security_kernel_create_files_as(struct cred *new, struct inode *inode); |
1795 | 1782 | int security_kernel_module_request(char *kmod_name); |
1796 | -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); | |
1797 | 1783 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1798 | 1784 | int flags); |
1799 | 1785 | int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); |
... | ... | @@ -2326,12 +2312,6 @@ |
2326 | 2312 | } |
2327 | 2313 | |
2328 | 2314 | static inline int security_kernel_module_request(char *kmod_name) |
2329 | -{ | |
2330 | - return 0; | |
2331 | -} | |
2332 | - | |
2333 | -static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, | |
2334 | - int flags) | |
2335 | 2315 | { |
2336 | 2316 | return 0; |
2337 | 2317 | } |
kernel/sys.c
... | ... | @@ -609,10 +609,6 @@ |
609 | 609 | return -ENOMEM; |
610 | 610 | old = current_cred(); |
611 | 611 | |
612 | - retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); | |
613 | - if (retval) | |
614 | - goto error; | |
615 | - | |
616 | 612 | retval = -EPERM; |
617 | 613 | if (ruid != (uid_t) -1) { |
618 | 614 | new->uid = ruid; |
... | ... | @@ -674,10 +670,6 @@ |
674 | 670 | return -ENOMEM; |
675 | 671 | old = current_cred(); |
676 | 672 | |
677 | - retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); | |
678 | - if (retval) | |
679 | - goto error; | |
680 | - | |
681 | 673 | retval = -EPERM; |
682 | 674 | if (capable(CAP_SETUID)) { |
683 | 675 | new->suid = new->uid = uid; |
... | ... | @@ -718,9 +710,6 @@ |
718 | 710 | if (!new) |
719 | 711 | return -ENOMEM; |
720 | 712 | |
721 | - retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); | |
722 | - if (retval) | |
723 | - goto error; | |
724 | 713 | old = current_cred(); |
725 | 714 | |
726 | 715 | retval = -EPERM; |
... | ... | @@ -850,9 +839,6 @@ |
850 | 839 | old = current_cred(); |
851 | 840 | old_fsuid = old->fsuid; |
852 | 841 | |
853 | - if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0) | |
854 | - goto error; | |
855 | - | |
856 | 842 | if (uid == old->uid || uid == old->euid || |
857 | 843 | uid == old->suid || uid == old->fsuid || |
858 | 844 | capable(CAP_SETUID)) { |
... | ... | @@ -863,7 +849,6 @@ |
863 | 849 | } |
864 | 850 | } |
865 | 851 | |
866 | -error: | |
867 | 852 | abort_creds(new); |
868 | 853 | return old_fsuid; |
869 | 854 |
security/capability.c
... | ... | @@ -392,11 +392,6 @@ |
392 | 392 | return 0; |
393 | 393 | } |
394 | 394 | |
395 | -static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |
396 | -{ | |
397 | - return 0; | |
398 | -} | |
399 | - | |
400 | 395 | static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) |
401 | 396 | { |
402 | 397 | return 0; |
... | ... | @@ -972,7 +967,6 @@ |
972 | 967 | set_to_cap_if_null(ops, kernel_act_as); |
973 | 968 | set_to_cap_if_null(ops, kernel_create_files_as); |
974 | 969 | set_to_cap_if_null(ops, kernel_module_request); |
975 | - set_to_cap_if_null(ops, task_setuid); | |
976 | 970 | set_to_cap_if_null(ops, task_fix_setuid); |
977 | 971 | set_to_cap_if_null(ops, task_setgid); |
978 | 972 | set_to_cap_if_null(ops, task_setpgid); |
security/security.c
... | ... | @@ -732,11 +732,6 @@ |
732 | 732 | return security_ops->kernel_module_request(kmod_name); |
733 | 733 | } |
734 | 734 | |
735 | -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) | |
736 | -{ | |
737 | - return security_ops->task_setuid(id0, id1, id2, flags); | |
738 | -} | |
739 | - | |
740 | 735 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
741 | 736 | int flags) |
742 | 737 | { |