Commit 06ad187e280e725e356c62c3a30ddcd01564f8be
Committed by
James Morris
James Morris
1 parent
43ed8c3b45
Exists in
master
and in
4 other branches
security: remove dead hook task_setgid
Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 4 changed files with 0 additions and 47 deletions Side-by-side Diff
include/linux/security.h
| ... | ... | @@ -683,18 +683,6 @@ |
| 683 | 683 | * @old is the set of credentials that are being replaces |
| 684 | 684 | * @flags contains one of the LSM_SETID_* values. |
| 685 | 685 | * Return 0 on success. |
| 686 | - * @task_setgid: | |
| 687 | - * Check permission before setting one or more of the group identity | |
| 688 | - * attributes of the current process. The @flags parameter indicates | |
| 689 | - * which of the set*gid system calls invoked this hook and how to | |
| 690 | - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID | |
| 691 | - * definitions at the beginning of this file for the @flags values and | |
| 692 | - * their meanings. | |
| 693 | - * @id0 contains a gid. | |
| 694 | - * @id1 contains a gid. | |
| 695 | - * @id2 contains a gid. | |
| 696 | - * @flags contains one of the LSM_SETID_* values. | |
| 697 | - * Return 0 if permission is granted. | |
| 698 | 686 | * @task_setpgid: |
| 699 | 687 | * Check permission before setting the process group identifier of the |
| 700 | 688 | * process @p to @pgid. |
| ... | ... | @@ -1526,7 +1514,6 @@ |
| 1526 | 1514 | int (*kernel_module_request)(char *kmod_name); |
| 1527 | 1515 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
| 1528 | 1516 | int flags); |
| 1529 | - int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | |
| 1530 | 1517 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
| 1531 | 1518 | int (*task_getpgid) (struct task_struct *p); |
| 1532 | 1519 | int (*task_getsid) (struct task_struct *p); |
| ... | ... | @@ -1782,7 +1769,6 @@ |
| 1782 | 1769 | int security_kernel_module_request(char *kmod_name); |
| 1783 | 1770 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
| 1784 | 1771 | int flags); |
| 1785 | -int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | |
| 1786 | 1772 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
| 1787 | 1773 | int security_task_getpgid(struct task_struct *p); |
| 1788 | 1774 | int security_task_getsid(struct task_struct *p); |
| ... | ... | @@ -2321,12 +2307,6 @@ |
| 2321 | 2307 | int flags) |
| 2322 | 2308 | { |
| 2323 | 2309 | return cap_task_fix_setuid(new, old, flags); |
| 2324 | -} | |
| 2325 | - | |
| 2326 | -static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | |
| 2327 | - int flags) | |
| 2328 | -{ | |
| 2329 | - return 0; | |
| 2330 | 2310 | } |
| 2331 | 2311 | |
| 2332 | 2312 | static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) |
kernel/sys.c
| ... | ... | @@ -491,10 +491,6 @@ |
| 491 | 491 | return -ENOMEM; |
| 492 | 492 | old = current_cred(); |
| 493 | 493 | |
| 494 | - retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); | |
| 495 | - if (retval) | |
| 496 | - goto error; | |
| 497 | - | |
| 498 | 494 | retval = -EPERM; |
| 499 | 495 | if (rgid != (gid_t) -1) { |
| 500 | 496 | if (old->gid == rgid || |
| ... | ... | @@ -542,10 +538,6 @@ |
| 542 | 538 | return -ENOMEM; |
| 543 | 539 | old = current_cred(); |
| 544 | 540 | |
| 545 | - retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); | |
| 546 | - if (retval) | |
| 547 | - goto error; | |
| 548 | - | |
| 549 | 541 | retval = -EPERM; |
| 550 | 542 | if (capable(CAP_SETGID)) |
| 551 | 543 | new->gid = new->egid = new->sgid = new->fsgid = gid; |
| ... | ... | @@ -776,10 +768,6 @@ |
| 776 | 768 | return -ENOMEM; |
| 777 | 769 | old = current_cred(); |
| 778 | 770 | |
| 779 | - retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); | |
| 780 | - if (retval) | |
| 781 | - goto error; | |
| 782 | - | |
| 783 | 771 | retval = -EPERM; |
| 784 | 772 | if (!capable(CAP_SETGID)) { |
| 785 | 773 | if (rgid != (gid_t) -1 && rgid != old->gid && |
| ... | ... | @@ -872,9 +860,6 @@ |
| 872 | 860 | old = current_cred(); |
| 873 | 861 | old_fsgid = old->fsgid; |
| 874 | 862 | |
| 875 | - if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) | |
| 876 | - goto error; | |
| 877 | - | |
| 878 | 863 | if (gid == old->gid || gid == old->egid || |
| 879 | 864 | gid == old->sgid || gid == old->fsgid || |
| 880 | 865 | capable(CAP_SETGID)) { |
| ... | ... | @@ -884,7 +869,6 @@ |
| 884 | 869 | } |
| 885 | 870 | } |
| 886 | 871 | |
| 887 | -error: | |
| 888 | 872 | abort_creds(new); |
| 889 | 873 | return old_fsgid; |
| 890 | 874 |
security/capability.c
| ... | ... | @@ -392,11 +392,6 @@ |
| 392 | 392 | return 0; |
| 393 | 393 | } |
| 394 | 394 | |
| 395 | -static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | |
| 396 | -{ | |
| 397 | - return 0; | |
| 398 | -} | |
| 399 | - | |
| 400 | 395 | static int cap_task_setpgid(struct task_struct *p, pid_t pgid) |
| 401 | 396 | { |
| 402 | 397 | return 0; |
| ... | ... | @@ -968,7 +963,6 @@ |
| 968 | 963 | set_to_cap_if_null(ops, kernel_create_files_as); |
| 969 | 964 | set_to_cap_if_null(ops, kernel_module_request); |
| 970 | 965 | set_to_cap_if_null(ops, task_fix_setuid); |
| 971 | - set_to_cap_if_null(ops, task_setgid); | |
| 972 | 966 | set_to_cap_if_null(ops, task_setpgid); |
| 973 | 967 | set_to_cap_if_null(ops, task_getpgid); |
| 974 | 968 | set_to_cap_if_null(ops, task_getsid); |
security/security.c
| ... | ... | @@ -738,11 +738,6 @@ |
| 738 | 738 | return security_ops->task_fix_setuid(new, old, flags); |
| 739 | 739 | } |
| 740 | 740 | |
| 741 | -int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | |
| 742 | -{ | |
| 743 | - return security_ops->task_setgid(id0, id1, id2, flags); | |
| 744 | -} | |
| 745 | - | |
| 746 | 741 | int security_task_setpgid(struct task_struct *p, pid_t pgid) |
| 747 | 742 | { |
| 748 | 743 | return security_ops->task_setpgid(p, pgid); |