Commit 06ad187e280e725e356c62c3a30ddcd01564f8be
Committed by
James Morris
1 parent
43ed8c3b45
Exists in
master
and in
4 other branches
security: remove dead hook task_setgid
Unused hook. Remove. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Showing 4 changed files with 0 additions and 47 deletions Side-by-side Diff
include/linux/security.h
... | ... | @@ -683,18 +683,6 @@ |
683 | 683 | * @old is the set of credentials that are being replaces |
684 | 684 | * @flags contains one of the LSM_SETID_* values. |
685 | 685 | * Return 0 on success. |
686 | - * @task_setgid: | |
687 | - * Check permission before setting one or more of the group identity | |
688 | - * attributes of the current process. The @flags parameter indicates | |
689 | - * which of the set*gid system calls invoked this hook and how to | |
690 | - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID | |
691 | - * definitions at the beginning of this file for the @flags values and | |
692 | - * their meanings. | |
693 | - * @id0 contains a gid. | |
694 | - * @id1 contains a gid. | |
695 | - * @id2 contains a gid. | |
696 | - * @flags contains one of the LSM_SETID_* values. | |
697 | - * Return 0 if permission is granted. | |
698 | 686 | * @task_setpgid: |
699 | 687 | * Check permission before setting the process group identifier of the |
700 | 688 | * process @p to @pgid. |
... | ... | @@ -1526,7 +1514,6 @@ |
1526 | 1514 | int (*kernel_module_request)(char *kmod_name); |
1527 | 1515 | int (*task_fix_setuid) (struct cred *new, const struct cred *old, |
1528 | 1516 | int flags); |
1529 | - int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); | |
1530 | 1517 | int (*task_setpgid) (struct task_struct *p, pid_t pgid); |
1531 | 1518 | int (*task_getpgid) (struct task_struct *p); |
1532 | 1519 | int (*task_getsid) (struct task_struct *p); |
... | ... | @@ -1782,7 +1769,6 @@ |
1782 | 1769 | int security_kernel_module_request(char *kmod_name); |
1783 | 1770 | int security_task_fix_setuid(struct cred *new, const struct cred *old, |
1784 | 1771 | int flags); |
1785 | -int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); | |
1786 | 1772 | int security_task_setpgid(struct task_struct *p, pid_t pgid); |
1787 | 1773 | int security_task_getpgid(struct task_struct *p); |
1788 | 1774 | int security_task_getsid(struct task_struct *p); |
... | ... | @@ -2321,12 +2307,6 @@ |
2321 | 2307 | int flags) |
2322 | 2308 | { |
2323 | 2309 | return cap_task_fix_setuid(new, old, flags); |
2324 | -} | |
2325 | - | |
2326 | -static inline int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, | |
2327 | - int flags) | |
2328 | -{ | |
2329 | - return 0; | |
2330 | 2310 | } |
2331 | 2311 | |
2332 | 2312 | static inline int security_task_setpgid(struct task_struct *p, pid_t pgid) |
kernel/sys.c
... | ... | @@ -491,10 +491,6 @@ |
491 | 491 | return -ENOMEM; |
492 | 492 | old = current_cred(); |
493 | 493 | |
494 | - retval = security_task_setgid(rgid, egid, (gid_t)-1, LSM_SETID_RE); | |
495 | - if (retval) | |
496 | - goto error; | |
497 | - | |
498 | 494 | retval = -EPERM; |
499 | 495 | if (rgid != (gid_t) -1) { |
500 | 496 | if (old->gid == rgid || |
... | ... | @@ -542,10 +538,6 @@ |
542 | 538 | return -ENOMEM; |
543 | 539 | old = current_cred(); |
544 | 540 | |
545 | - retval = security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_ID); | |
546 | - if (retval) | |
547 | - goto error; | |
548 | - | |
549 | 541 | retval = -EPERM; |
550 | 542 | if (capable(CAP_SETGID)) |
551 | 543 | new->gid = new->egid = new->sgid = new->fsgid = gid; |
... | ... | @@ -776,10 +768,6 @@ |
776 | 768 | return -ENOMEM; |
777 | 769 | old = current_cred(); |
778 | 770 | |
779 | - retval = security_task_setgid(rgid, egid, sgid, LSM_SETID_RES); | |
780 | - if (retval) | |
781 | - goto error; | |
782 | - | |
783 | 771 | retval = -EPERM; |
784 | 772 | if (!capable(CAP_SETGID)) { |
785 | 773 | if (rgid != (gid_t) -1 && rgid != old->gid && |
... | ... | @@ -872,9 +860,6 @@ |
872 | 860 | old = current_cred(); |
873 | 861 | old_fsgid = old->fsgid; |
874 | 862 | |
875 | - if (security_task_setgid(gid, (gid_t)-1, (gid_t)-1, LSM_SETID_FS)) | |
876 | - goto error; | |
877 | - | |
878 | 863 | if (gid == old->gid || gid == old->egid || |
879 | 864 | gid == old->sgid || gid == old->fsgid || |
880 | 865 | capable(CAP_SETGID)) { |
... | ... | @@ -884,7 +869,6 @@ |
884 | 869 | } |
885 | 870 | } |
886 | 871 | |
887 | -error: | |
888 | 872 | abort_creds(new); |
889 | 873 | return old_fsgid; |
890 | 874 |
security/capability.c
... | ... | @@ -392,11 +392,6 @@ |
392 | 392 | return 0; |
393 | 393 | } |
394 | 394 | |
395 | -static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | |
396 | -{ | |
397 | - return 0; | |
398 | -} | |
399 | - | |
400 | 395 | static int cap_task_setpgid(struct task_struct *p, pid_t pgid) |
401 | 396 | { |
402 | 397 | return 0; |
... | ... | @@ -968,7 +963,6 @@ |
968 | 963 | set_to_cap_if_null(ops, kernel_create_files_as); |
969 | 964 | set_to_cap_if_null(ops, kernel_module_request); |
970 | 965 | set_to_cap_if_null(ops, task_fix_setuid); |
971 | - set_to_cap_if_null(ops, task_setgid); | |
972 | 966 | set_to_cap_if_null(ops, task_setpgid); |
973 | 967 | set_to_cap_if_null(ops, task_getpgid); |
974 | 968 | set_to_cap_if_null(ops, task_getsid); |
security/security.c
... | ... | @@ -738,11 +738,6 @@ |
738 | 738 | return security_ops->task_fix_setuid(new, old, flags); |
739 | 739 | } |
740 | 740 | |
741 | -int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) | |
742 | -{ | |
743 | - return security_ops->task_setgid(id0, id1, id2, flags); | |
744 | -} | |
745 | - | |
746 | 741 | int security_task_setpgid(struct task_struct *p, pid_t pgid) |
747 | 742 | { |
748 | 743 | return security_ops->task_setpgid(p, pgid); |