forked from luck/tmp_suning_uos_patched
[PATCH] selinux: remove security struct magic number fields and tests
Remove the SELinux security structure magic number fields and tests, along with some unnecessary tests for NULL security pointers. These fields and tests are leftovers from the early attempts to support SELinux as a loadable module during LSM development. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
26d2a4be6a
commit
9ac49d2213
|
@ -127,7 +127,6 @@ static int task_alloc_security(struct task_struct *task)
|
||||||
if (!tsec)
|
if (!tsec)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
tsec->magic = SELINUX_MAGIC;
|
|
||||||
tsec->task = task;
|
tsec->task = task;
|
||||||
tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
|
tsec->osid = tsec->sid = tsec->ptrace_sid = SECINITSID_UNLABELED;
|
||||||
task->security = tsec;
|
task->security = tsec;
|
||||||
|
@ -138,10 +137,6 @@ static int task_alloc_security(struct task_struct *task)
|
||||||
static void task_free_security(struct task_struct *task)
|
static void task_free_security(struct task_struct *task)
|
||||||
{
|
{
|
||||||
struct task_security_struct *tsec = task->security;
|
struct task_security_struct *tsec = task->security;
|
||||||
|
|
||||||
if (!tsec || tsec->magic != SELINUX_MAGIC)
|
|
||||||
return;
|
|
||||||
|
|
||||||
task->security = NULL;
|
task->security = NULL;
|
||||||
kfree(tsec);
|
kfree(tsec);
|
||||||
}
|
}
|
||||||
|
@ -157,14 +152,10 @@ static int inode_alloc_security(struct inode *inode)
|
||||||
|
|
||||||
init_MUTEX(&isec->sem);
|
init_MUTEX(&isec->sem);
|
||||||
INIT_LIST_HEAD(&isec->list);
|
INIT_LIST_HEAD(&isec->list);
|
||||||
isec->magic = SELINUX_MAGIC;
|
|
||||||
isec->inode = inode;
|
isec->inode = inode;
|
||||||
isec->sid = SECINITSID_UNLABELED;
|
isec->sid = SECINITSID_UNLABELED;
|
||||||
isec->sclass = SECCLASS_FILE;
|
isec->sclass = SECCLASS_FILE;
|
||||||
if (tsec && tsec->magic == SELINUX_MAGIC)
|
isec->task_sid = tsec->sid;
|
||||||
isec->task_sid = tsec->sid;
|
|
||||||
else
|
|
||||||
isec->task_sid = SECINITSID_UNLABELED;
|
|
||||||
inode->i_security = isec;
|
inode->i_security = isec;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -175,9 +166,6 @@ static void inode_free_security(struct inode *inode)
|
||||||
struct inode_security_struct *isec = inode->i_security;
|
struct inode_security_struct *isec = inode->i_security;
|
||||||
struct superblock_security_struct *sbsec = inode->i_sb->s_security;
|
struct superblock_security_struct *sbsec = inode->i_sb->s_security;
|
||||||
|
|
||||||
if (!isec || isec->magic != SELINUX_MAGIC)
|
|
||||||
return;
|
|
||||||
|
|
||||||
spin_lock(&sbsec->isec_lock);
|
spin_lock(&sbsec->isec_lock);
|
||||||
if (!list_empty(&isec->list))
|
if (!list_empty(&isec->list))
|
||||||
list_del_init(&isec->list);
|
list_del_init(&isec->list);
|
||||||
|
@ -196,15 +184,9 @@ static int file_alloc_security(struct file *file)
|
||||||
if (!fsec)
|
if (!fsec)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
fsec->magic = SELINUX_MAGIC;
|
|
||||||
fsec->file = file;
|
fsec->file = file;
|
||||||
if (tsec && tsec->magic == SELINUX_MAGIC) {
|
fsec->sid = tsec->sid;
|
||||||
fsec->sid = tsec->sid;
|
fsec->fown_sid = tsec->sid;
|
||||||
fsec->fown_sid = tsec->sid;
|
|
||||||
} else {
|
|
||||||
fsec->sid = SECINITSID_UNLABELED;
|
|
||||||
fsec->fown_sid = SECINITSID_UNLABELED;
|
|
||||||
}
|
|
||||||
file->f_security = fsec;
|
file->f_security = fsec;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -213,10 +195,6 @@ static int file_alloc_security(struct file *file)
|
||||||
static void file_free_security(struct file *file)
|
static void file_free_security(struct file *file)
|
||||||
{
|
{
|
||||||
struct file_security_struct *fsec = file->f_security;
|
struct file_security_struct *fsec = file->f_security;
|
||||||
|
|
||||||
if (!fsec || fsec->magic != SELINUX_MAGIC)
|
|
||||||
return;
|
|
||||||
|
|
||||||
file->f_security = NULL;
|
file->f_security = NULL;
|
||||||
kfree(fsec);
|
kfree(fsec);
|
||||||
}
|
}
|
||||||
|
@ -233,7 +211,6 @@ static int superblock_alloc_security(struct super_block *sb)
|
||||||
INIT_LIST_HEAD(&sbsec->list);
|
INIT_LIST_HEAD(&sbsec->list);
|
||||||
INIT_LIST_HEAD(&sbsec->isec_head);
|
INIT_LIST_HEAD(&sbsec->isec_head);
|
||||||
spin_lock_init(&sbsec->isec_lock);
|
spin_lock_init(&sbsec->isec_lock);
|
||||||
sbsec->magic = SELINUX_MAGIC;
|
|
||||||
sbsec->sb = sb;
|
sbsec->sb = sb;
|
||||||
sbsec->sid = SECINITSID_UNLABELED;
|
sbsec->sid = SECINITSID_UNLABELED;
|
||||||
sbsec->def_sid = SECINITSID_FILE;
|
sbsec->def_sid = SECINITSID_FILE;
|
||||||
|
@ -246,9 +223,6 @@ static void superblock_free_security(struct super_block *sb)
|
||||||
{
|
{
|
||||||
struct superblock_security_struct *sbsec = sb->s_security;
|
struct superblock_security_struct *sbsec = sb->s_security;
|
||||||
|
|
||||||
if (!sbsec || sbsec->magic != SELINUX_MAGIC)
|
|
||||||
return;
|
|
||||||
|
|
||||||
spin_lock(&sb_security_lock);
|
spin_lock(&sb_security_lock);
|
||||||
if (!list_empty(&sbsec->list))
|
if (!list_empty(&sbsec->list))
|
||||||
list_del_init(&sbsec->list);
|
list_del_init(&sbsec->list);
|
||||||
|
@ -270,7 +244,6 @@ static int sk_alloc_security(struct sock *sk, int family, gfp_t priority)
|
||||||
if (!ssec)
|
if (!ssec)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
ssec->magic = SELINUX_MAGIC;
|
|
||||||
ssec->sk = sk;
|
ssec->sk = sk;
|
||||||
ssec->peer_sid = SECINITSID_UNLABELED;
|
ssec->peer_sid = SECINITSID_UNLABELED;
|
||||||
sk->sk_security = ssec;
|
sk->sk_security = ssec;
|
||||||
|
@ -282,7 +255,7 @@ static void sk_free_security(struct sock *sk)
|
||||||
{
|
{
|
||||||
struct sk_security_struct *ssec = sk->sk_security;
|
struct sk_security_struct *ssec = sk->sk_security;
|
||||||
|
|
||||||
if (sk->sk_family != PF_UNIX || ssec->magic != SELINUX_MAGIC)
|
if (sk->sk_family != PF_UNIX)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
sk->sk_security = NULL;
|
sk->sk_security = NULL;
|
||||||
|
@ -1483,7 +1456,6 @@ static int selinux_bprm_alloc_security(struct linux_binprm *bprm)
|
||||||
if (!bsec)
|
if (!bsec)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
bsec->magic = SELINUX_MAGIC;
|
|
||||||
bsec->bprm = bprm;
|
bsec->bprm = bprm;
|
||||||
bsec->sid = SECINITSID_UNLABELED;
|
bsec->sid = SECINITSID_UNLABELED;
|
||||||
bsec->set = 0;
|
bsec->set = 0;
|
||||||
|
@ -3634,14 +3606,9 @@ static int ipc_alloc_security(struct task_struct *task,
|
||||||
if (!isec)
|
if (!isec)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
isec->magic = SELINUX_MAGIC;
|
|
||||||
isec->sclass = sclass;
|
isec->sclass = sclass;
|
||||||
isec->ipc_perm = perm;
|
isec->ipc_perm = perm;
|
||||||
if (tsec) {
|
isec->sid = tsec->sid;
|
||||||
isec->sid = tsec->sid;
|
|
||||||
} else {
|
|
||||||
isec->sid = SECINITSID_UNLABELED;
|
|
||||||
}
|
|
||||||
perm->security = isec;
|
perm->security = isec;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -3650,9 +3617,6 @@ static int ipc_alloc_security(struct task_struct *task,
|
||||||
static void ipc_free_security(struct kern_ipc_perm *perm)
|
static void ipc_free_security(struct kern_ipc_perm *perm)
|
||||||
{
|
{
|
||||||
struct ipc_security_struct *isec = perm->security;
|
struct ipc_security_struct *isec = perm->security;
|
||||||
if (!isec || isec->magic != SELINUX_MAGIC)
|
|
||||||
return;
|
|
||||||
|
|
||||||
perm->security = NULL;
|
perm->security = NULL;
|
||||||
kfree(isec);
|
kfree(isec);
|
||||||
}
|
}
|
||||||
|
@ -3665,7 +3629,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
|
||||||
if (!msec)
|
if (!msec)
|
||||||
return -ENOMEM;
|
return -ENOMEM;
|
||||||
|
|
||||||
msec->magic = SELINUX_MAGIC;
|
|
||||||
msec->msg = msg;
|
msec->msg = msg;
|
||||||
msec->sid = SECINITSID_UNLABELED;
|
msec->sid = SECINITSID_UNLABELED;
|
||||||
msg->security = msec;
|
msg->security = msec;
|
||||||
|
@ -3676,8 +3639,6 @@ static int msg_msg_alloc_security(struct msg_msg *msg)
|
||||||
static void msg_msg_free_security(struct msg_msg *msg)
|
static void msg_msg_free_security(struct msg_msg *msg)
|
||||||
{
|
{
|
||||||
struct msg_security_struct *msec = msg->security;
|
struct msg_security_struct *msec = msg->security;
|
||||||
if (!msec || msec->magic != SELINUX_MAGIC)
|
|
||||||
return;
|
|
||||||
|
|
||||||
msg->security = NULL;
|
msg->security = NULL;
|
||||||
kfree(msec);
|
kfree(msec);
|
||||||
|
|
|
@ -27,7 +27,6 @@
|
||||||
#include "avc.h"
|
#include "avc.h"
|
||||||
|
|
||||||
struct task_security_struct {
|
struct task_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct task_struct *task; /* back pointer to task object */
|
struct task_struct *task; /* back pointer to task object */
|
||||||
u32 osid; /* SID prior to last execve */
|
u32 osid; /* SID prior to last execve */
|
||||||
u32 sid; /* current SID */
|
u32 sid; /* current SID */
|
||||||
|
@ -37,7 +36,6 @@ struct task_security_struct {
|
||||||
};
|
};
|
||||||
|
|
||||||
struct inode_security_struct {
|
struct inode_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct inode *inode; /* back pointer to inode object */
|
struct inode *inode; /* back pointer to inode object */
|
||||||
struct list_head list; /* list of inode_security_struct */
|
struct list_head list; /* list of inode_security_struct */
|
||||||
u32 task_sid; /* SID of creating task */
|
u32 task_sid; /* SID of creating task */
|
||||||
|
@ -49,14 +47,12 @@ struct inode_security_struct {
|
||||||
};
|
};
|
||||||
|
|
||||||
struct file_security_struct {
|
struct file_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct file *file; /* back pointer to file object */
|
struct file *file; /* back pointer to file object */
|
||||||
u32 sid; /* SID of open file description */
|
u32 sid; /* SID of open file description */
|
||||||
u32 fown_sid; /* SID of file owner (for SIGIO) */
|
u32 fown_sid; /* SID of file owner (for SIGIO) */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct superblock_security_struct {
|
struct superblock_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct super_block *sb; /* back pointer to sb object */
|
struct super_block *sb; /* back pointer to sb object */
|
||||||
struct list_head list; /* list of superblock_security_struct */
|
struct list_head list; /* list of superblock_security_struct */
|
||||||
u32 sid; /* SID of file system */
|
u32 sid; /* SID of file system */
|
||||||
|
@ -70,20 +66,17 @@ struct superblock_security_struct {
|
||||||
};
|
};
|
||||||
|
|
||||||
struct msg_security_struct {
|
struct msg_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct msg_msg *msg; /* back pointer */
|
struct msg_msg *msg; /* back pointer */
|
||||||
u32 sid; /* SID of message */
|
u32 sid; /* SID of message */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct ipc_security_struct {
|
struct ipc_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct kern_ipc_perm *ipc_perm; /* back pointer */
|
struct kern_ipc_perm *ipc_perm; /* back pointer */
|
||||||
u16 sclass; /* security class of this object */
|
u16 sclass; /* security class of this object */
|
||||||
u32 sid; /* SID of IPC resource */
|
u32 sid; /* SID of IPC resource */
|
||||||
};
|
};
|
||||||
|
|
||||||
struct bprm_security_struct {
|
struct bprm_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct linux_binprm *bprm; /* back pointer to bprm object */
|
struct linux_binprm *bprm; /* back pointer to bprm object */
|
||||||
u32 sid; /* SID for transformed process */
|
u32 sid; /* SID for transformed process */
|
||||||
unsigned char set;
|
unsigned char set;
|
||||||
|
@ -102,7 +95,6 @@ struct netif_security_struct {
|
||||||
};
|
};
|
||||||
|
|
||||||
struct sk_security_struct {
|
struct sk_security_struct {
|
||||||
unsigned long magic; /* magic number for this module */
|
|
||||||
struct sock *sk; /* back pointer to sk object */
|
struct sock *sk; /* back pointer to sk object */
|
||||||
u32 peer_sid; /* SID of peer */
|
u32 peer_sid; /* SID of peer */
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in New Issue
Block a user