diff mbox series

security,selinux: remove security_add_mnt_opt()

Message ID 20211206132406.235872-1-omosnace@redhat.com (mailing list archive)
State Accepted
Delegated to: Paul Moore
Headers show
Series security,selinux: remove security_add_mnt_opt() | expand

Commit Message

Ondrej Mosnacek Dec. 6, 2021, 1:24 p.m. UTC
Its last user has been removed in commit f2aedb713c28 ("NFS: Add
fs_context support.").

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
---
 include/linux/lsm_hook_defs.h |  2 --
 include/linux/lsm_hooks.h     |  2 --
 include/linux/security.h      |  8 -------
 security/security.c           |  8 -------
 security/selinux/hooks.c      | 39 -----------------------------------
 5 files changed, 59 deletions(-)

Comments

Casey Schaufler Dec. 6, 2021, 3:55 p.m. UTC | #1
On 12/6/2021 5:24 AM, Ondrej Mosnacek wrote:
> Its last user has been removed in commit f2aedb713c28 ("NFS: Add
> fs_context support.").
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>

> ---
>   include/linux/lsm_hook_defs.h |  2 --
>   include/linux/lsm_hooks.h     |  2 --
>   include/linux/security.h      |  8 -------
>   security/security.c           |  8 -------
>   security/selinux/hooks.c      | 39 -----------------------------------
>   5 files changed, 59 deletions(-)
>
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index df8de62f4710..7f5c35d72082 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -78,8 +78,6 @@ LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts,
>   LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb,
>   	 struct super_block *newsb, unsigned long kern_flags,
>   	 unsigned long *set_kern_flags)
> -LSM_HOOK(int, 0, sb_add_mnt_opt, const char *option, const char *val,
> -	 int len, void **mnt_opts)
>   LSM_HOOK(int, 0, move_mount, const struct path *from_path,
>   	 const struct path *to_path)
>   LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index d45b6f6e27fd..73cb0ab2bc03 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -180,8 +180,6 @@
>    *	Copy all security options from a given superblock to another
>    *	@oldsb old superblock which contain information to clone
>    *	@newsb new superblock which needs filled in
> - * @sb_add_mnt_opt:
> - * 	Add one mount @option to @mnt_opts.
>    * @sb_parse_opts_str:
>    *	Parse a string of security data filling in the opts structure
>    *	@options string containing all mount options known by the LSM
> diff --git a/include/linux/security.h b/include/linux/security.h
> index bbf44a466832..a4f0c421dd0c 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -313,8 +313,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>   				struct super_block *newsb,
>   				unsigned long kern_flags,
>   				unsigned long *set_kern_flags);
> -int security_add_mnt_opt(const char *option, const char *val,
> -				int len, void **mnt_opts);
>   int security_move_mount(const struct path *from_path, const struct path *to_path);
>   int security_dentry_init_security(struct dentry *dentry, int mode,
>   				  const struct qstr *name,
> @@ -711,12 +709,6 @@ static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>   	return 0;
>   }
>   
> -static inline int security_add_mnt_opt(const char *option, const char *val,
> -					int len, void **mnt_opts)
> -{
> -	return 0;
> -}
> -
>   static inline int security_move_mount(const struct path *from_path,
>   				      const struct path *to_path)
>   {
> diff --git a/security/security.c b/security/security.c
> index c88167a414b4..0c49a1f05ac4 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -994,14 +994,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>   }
>   EXPORT_SYMBOL(security_sb_clone_mnt_opts);
>   
> -int security_add_mnt_opt(const char *option, const char *val, int len,
> -			 void **mnt_opts)
> -{
> -	return call_int_hook(sb_add_mnt_opt, -EINVAL,
> -					option, val, len, mnt_opts);
> -}
> -EXPORT_SYMBOL(security_add_mnt_opt);
> -
>   int security_move_mount(const struct path *from_path, const struct path *to_path)
>   {
>   	return call_int_hook(move_mount, 0, from_path, to_path);
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 62d30c0a30c2..8ea92f08e6bd 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1023,44 +1023,6 @@ Einval:
>   	return -EINVAL;
>   }
>   
> -static int selinux_add_mnt_opt(const char *option, const char *val, int len,
> -			       void **mnt_opts)
> -{
> -	int token = Opt_error;
> -	int rc, i;
> -
> -	for (i = 0; i < ARRAY_SIZE(tokens); i++) {
> -		if (strcmp(option, tokens[i].name) == 0) {
> -			token = tokens[i].opt;
> -			break;
> -		}
> -	}
> -
> -	if (token == Opt_error)
> -		return -EINVAL;
> -
> -	if (token != Opt_seclabel) {
> -		val = kmemdup_nul(val, len, GFP_KERNEL);
> -		if (!val) {
> -			rc = -ENOMEM;
> -			goto free_opt;
> -		}
> -	}
> -	rc = selinux_add_opt(token, val, mnt_opts);
> -	if (unlikely(rc)) {
> -		kfree(val);
> -		goto free_opt;
> -	}
> -	return rc;
> -
> -free_opt:
> -	if (*mnt_opts) {
> -		selinux_free_mnt_opts(*mnt_opts);
> -		*mnt_opts = NULL;
> -	}
> -	return rc;
> -}
> -
>   static int show_sid(struct seq_file *m, u32 sid)
>   {
>   	char *context = NULL;
> @@ -7298,7 +7260,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
>   	LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
>   	LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
>   	LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
> -	LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
>   #ifdef CONFIG_SECURITY_NETWORK_XFRM
>   	LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
>   #endif
Paul Moore Dec. 6, 2021, 6:48 p.m. UTC | #2
On Mon, Dec 6, 2021 at 8:24 AM Ondrej Mosnacek <omosnace@redhat.com> wrote:
>
> Its last user has been removed in commit f2aedb713c28 ("NFS: Add
> fs_context support.").
>
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
> ---
>  include/linux/lsm_hook_defs.h |  2 --
>  include/linux/lsm_hooks.h     |  2 --
>  include/linux/security.h      |  8 -------
>  security/security.c           |  8 -------
>  security/selinux/hooks.c      | 39 -----------------------------------
>  5 files changed, 59 deletions(-)

Good catch.  As this really only affects SELinux, I've merged this
into the selinux/next tree.
James Morris Dec. 6, 2021, 11:36 p.m. UTC | #3
On Mon, 6 Dec 2021, Ondrej Mosnacek wrote:

> Its last user has been removed in commit f2aedb713c28 ("NFS: Add
> fs_context support.").
> 
> Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>


Acked-by: James Morris <jamorris@linux.microsoft.com>

> ---
>  include/linux/lsm_hook_defs.h |  2 --
>  include/linux/lsm_hooks.h     |  2 --
>  include/linux/security.h      |  8 -------
>  security/security.c           |  8 -------
>  security/selinux/hooks.c      | 39 -----------------------------------
>  5 files changed, 59 deletions(-)
> 
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index df8de62f4710..7f5c35d72082 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -78,8 +78,6 @@ LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts,
>  LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb,
>  	 struct super_block *newsb, unsigned long kern_flags,
>  	 unsigned long *set_kern_flags)
> -LSM_HOOK(int, 0, sb_add_mnt_opt, const char *option, const char *val,
> -	 int len, void **mnt_opts)
>  LSM_HOOK(int, 0, move_mount, const struct path *from_path,
>  	 const struct path *to_path)
>  LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index d45b6f6e27fd..73cb0ab2bc03 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -180,8 +180,6 @@
>   *	Copy all security options from a given superblock to another
>   *	@oldsb old superblock which contain information to clone
>   *	@newsb new superblock which needs filled in
> - * @sb_add_mnt_opt:
> - * 	Add one mount @option to @mnt_opts.
>   * @sb_parse_opts_str:
>   *	Parse a string of security data filling in the opts structure
>   *	@options string containing all mount options known by the LSM
> diff --git a/include/linux/security.h b/include/linux/security.h
> index bbf44a466832..a4f0c421dd0c 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -313,8 +313,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>  				struct super_block *newsb,
>  				unsigned long kern_flags,
>  				unsigned long *set_kern_flags);
> -int security_add_mnt_opt(const char *option, const char *val,
> -				int len, void **mnt_opts);
>  int security_move_mount(const struct path *from_path, const struct path *to_path);
>  int security_dentry_init_security(struct dentry *dentry, int mode,
>  				  const struct qstr *name,
> @@ -711,12 +709,6 @@ static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>  	return 0;
>  }
>  
> -static inline int security_add_mnt_opt(const char *option, const char *val,
> -					int len, void **mnt_opts)
> -{
> -	return 0;
> -}
> -
>  static inline int security_move_mount(const struct path *from_path,
>  				      const struct path *to_path)
>  {
> diff --git a/security/security.c b/security/security.c
> index c88167a414b4..0c49a1f05ac4 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -994,14 +994,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>  }
>  EXPORT_SYMBOL(security_sb_clone_mnt_opts);
>  
> -int security_add_mnt_opt(const char *option, const char *val, int len,
> -			 void **mnt_opts)
> -{
> -	return call_int_hook(sb_add_mnt_opt, -EINVAL,
> -					option, val, len, mnt_opts);
> -}
> -EXPORT_SYMBOL(security_add_mnt_opt);
> -
>  int security_move_mount(const struct path *from_path, const struct path *to_path)
>  {
>  	return call_int_hook(move_mount, 0, from_path, to_path);
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 62d30c0a30c2..8ea92f08e6bd 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1023,44 +1023,6 @@ Einval:
>  	return -EINVAL;
>  }
>  
> -static int selinux_add_mnt_opt(const char *option, const char *val, int len,
> -			       void **mnt_opts)
> -{
> -	int token = Opt_error;
> -	int rc, i;
> -
> -	for (i = 0; i < ARRAY_SIZE(tokens); i++) {
> -		if (strcmp(option, tokens[i].name) == 0) {
> -			token = tokens[i].opt;
> -			break;
> -		}
> -	}
> -
> -	if (token == Opt_error)
> -		return -EINVAL;
> -
> -	if (token != Opt_seclabel) {
> -		val = kmemdup_nul(val, len, GFP_KERNEL);
> -		if (!val) {
> -			rc = -ENOMEM;
> -			goto free_opt;
> -		}
> -	}
> -	rc = selinux_add_opt(token, val, mnt_opts);
> -	if (unlikely(rc)) {
> -		kfree(val);
> -		goto free_opt;
> -	}
> -	return rc;
> -
> -free_opt:
> -	if (*mnt_opts) {
> -		selinux_free_mnt_opts(*mnt_opts);
> -		*mnt_opts = NULL;
> -	}
> -	return rc;
> -}
> -
>  static int show_sid(struct seq_file *m, u32 sid)
>  {
>  	char *context = NULL;
> @@ -7298,7 +7260,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
>  	LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
>  	LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
>  	LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
> -	LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
>  #ifdef CONFIG_SECURITY_NETWORK_XFRM
>  	LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
>  #endif
> -- 
> 2.33.1
>
diff mbox series

Patch

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index df8de62f4710..7f5c35d72082 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -78,8 +78,6 @@  LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts,
 LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb,
 	 struct super_block *newsb, unsigned long kern_flags,
 	 unsigned long *set_kern_flags)
-LSM_HOOK(int, 0, sb_add_mnt_opt, const char *option, const char *val,
-	 int len, void **mnt_opts)
 LSM_HOOK(int, 0, move_mount, const struct path *from_path,
 	 const struct path *to_path)
 LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry,
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index d45b6f6e27fd..73cb0ab2bc03 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -180,8 +180,6 @@ 
  *	Copy all security options from a given superblock to another
  *	@oldsb old superblock which contain information to clone
  *	@newsb new superblock which needs filled in
- * @sb_add_mnt_opt:
- * 	Add one mount @option to @mnt_opts.
  * @sb_parse_opts_str:
  *	Parse a string of security data filling in the opts structure
  *	@options string containing all mount options known by the LSM
diff --git a/include/linux/security.h b/include/linux/security.h
index bbf44a466832..a4f0c421dd0c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -313,8 +313,6 @@  int security_sb_clone_mnt_opts(const struct super_block *oldsb,
 				struct super_block *newsb,
 				unsigned long kern_flags,
 				unsigned long *set_kern_flags);
-int security_add_mnt_opt(const char *option, const char *val,
-				int len, void **mnt_opts);
 int security_move_mount(const struct path *from_path, const struct path *to_path);
 int security_dentry_init_security(struct dentry *dentry, int mode,
 				  const struct qstr *name,
@@ -711,12 +709,6 @@  static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
 	return 0;
 }
 
-static inline int security_add_mnt_opt(const char *option, const char *val,
-					int len, void **mnt_opts)
-{
-	return 0;
-}
-
 static inline int security_move_mount(const struct path *from_path,
 				      const struct path *to_path)
 {
diff --git a/security/security.c b/security/security.c
index c88167a414b4..0c49a1f05ac4 100644
--- a/security/security.c
+++ b/security/security.c
@@ -994,14 +994,6 @@  int security_sb_clone_mnt_opts(const struct super_block *oldsb,
 }
 EXPORT_SYMBOL(security_sb_clone_mnt_opts);
 
-int security_add_mnt_opt(const char *option, const char *val, int len,
-			 void **mnt_opts)
-{
-	return call_int_hook(sb_add_mnt_opt, -EINVAL,
-					option, val, len, mnt_opts);
-}
-EXPORT_SYMBOL(security_add_mnt_opt);
-
 int security_move_mount(const struct path *from_path, const struct path *to_path)
 {
 	return call_int_hook(move_mount, 0, from_path, to_path);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 62d30c0a30c2..8ea92f08e6bd 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1023,44 +1023,6 @@  Einval:
 	return -EINVAL;
 }
 
-static int selinux_add_mnt_opt(const char *option, const char *val, int len,
-			       void **mnt_opts)
-{
-	int token = Opt_error;
-	int rc, i;
-
-	for (i = 0; i < ARRAY_SIZE(tokens); i++) {
-		if (strcmp(option, tokens[i].name) == 0) {
-			token = tokens[i].opt;
-			break;
-		}
-	}
-
-	if (token == Opt_error)
-		return -EINVAL;
-
-	if (token != Opt_seclabel) {
-		val = kmemdup_nul(val, len, GFP_KERNEL);
-		if (!val) {
-			rc = -ENOMEM;
-			goto free_opt;
-		}
-	}
-	rc = selinux_add_opt(token, val, mnt_opts);
-	if (unlikely(rc)) {
-		kfree(val);
-		goto free_opt;
-	}
-	return rc;
-
-free_opt:
-	if (*mnt_opts) {
-		selinux_free_mnt_opts(*mnt_opts);
-		*mnt_opts = NULL;
-	}
-	return rc;
-}
-
 static int show_sid(struct seq_file *m, u32 sid)
 {
 	char *context = NULL;
@@ -7298,7 +7260,6 @@  static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
 	LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
 	LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
 	LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
-	LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 	LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
 #endif