From patchwork Wed Oct 25 01:52:31 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Casey Schaufler <casey@schaufler-ca.com>
X-Patchwork-Id: 10025559
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	B65276035E
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 25 Oct 2017 01:52:39 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A702127CF9
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 25 Oct 2017 01:52:39 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 9970028AC7; Wed, 25 Oct 2017 01:52:39 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 212DC27CF9
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 25 Oct 2017 01:52:39 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751784AbdJYBwh (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Tue, 24 Oct 2017 21:52:37 -0400
Received: from sonic305-28.consmr.mail.ne1.yahoo.com ([66.163.185.154]:46266
	"EHLO sonic305-28.consmr.mail.ne1.yahoo.com"
	rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1751737AbdJYBwg (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Tue, 24 Oct 2017 21:52:36 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
	t=1508896356; bh=bYv/54tP66pzgLY3031Kv7sKc8/beGXbFnc5WWrdwcI=;
	h=To:Cc:From:Subject:Date:From:Subject;
	b=owv1xQue8lBNwU2gMYedLzMQf/50LK+6ckmuJSdnGiHb+eqvqk7iwm6eDHkfIW7UEoUc1W1pmkXYNhXw5An0vSPt9E/JalAH7vYbwhuy4WpJIzKYieOqkZJszSAPv5tfeSCo1FpkuIHH+7Lcr7b+vhskCXG58HXyZfMfxa/+HYKMbV59vEUEe9gfSbVTIIwwi8ooKdf4ZWyEEMg3sguLg10vcr5WheGZeullDrlRztj27kFQ0pfWz/8mWXY0ott7dyj6PlOUVjeH5SuieRvMyprMrfasVA/SNsi4+mx/ahaqzb5K29h5g77PvCia8TYTiXmy88rOPLCVQBXXdwZzlA==
X-YMail-OSG: 32muUycVM1k_x9RhRiwfwEL12ngczmCCAfeEiafSryzWJgB9HamdVEAhqAUafWJ
	cKH0R16qTpiR.7QbFiu09Dx4akKZcelS.UVmgPvXHqNxKUlcspEhGrkJKexVWwodsWOhrwQ8m.dC
	LCjcfFUaHNRtvAR3bPAzL_JX7NlQRzB5Wga4q5qeqbKL2mEZZ_GHgDvgOaFf_T3_uo5RpjbZYB6E
	_fTHQp2Ns51o0q92_bUMe6CDEhNHZdURTpovk4BGog3kZ3Cphrk5FX14rEfiEUEtH999tkT1RqTp
	E1yH1FN6NPRMtIIsQ19TNQIgywANbYyF9v9yI8t3iJ15ehpLATuFRTVCjt607MAvlQrMBV_qG614
	s_M7U8LhuYxCYBxRr5Qq6d.io00txXpuKgu5339.27DuRqEjSZt6.a97W1VaeCzh_1_wc37v5cyp
	LM6cGO6CJrNOwVA8AYaN1nw3GocekkIBzGuc0qW.gzqAqVaWMioAxmUzkQzxaeauPyk93R4aJQeh
	BvLyyPBwUw6NOZLWxosp.2CcPzEglgwKowoE-
Received: from sonic.gate.mail.ne1.yahoo.com by
	sonic305.consmr.mail.ne1.yahoo.com with HTTP;
	Wed, 25 Oct 2017 01:52:36 +0000
Received: from [127.0.0.1] by smtp113.mail.ne1.yahoo.com with NNFMP;
	25 Oct 2017 01:52:34 -0000
X-Yahoo-Newman-Id: 165507.35307.bm@smtp113.mail.ne1.yahoo.com
X-Yahoo-Newman-Property: ymail-3
X-YMail-OSG: 32muUycVM1k_x9RhRiwfwEL12ngczmCCAfeEiafSryzWJgB
	9HamdVEAhqAUafWJcKH0R16qTpiR.7QbFiu09Dx4akKZcelS.UVmgPvXHqNx
	KUlcspEhGrkJKexVWwodsWOhrwQ8m.dCLCjcfFUaHNRtvAR3bPAzL_JX7NlQ
	RzB5Wga4q5qeqbKL2mEZZ_GHgDvgOaFf_T3_uo5RpjbZYB6E_fTHQp2Ns51o
	0q92_bUMe6CDEhNHZdURTpovk4BGog3kZ3Cphrk5FX14rEfiEUEtH999tkT1
	RqTpE1yH1FN6NPRMtIIsQ19TNQIgywANbYyF9v9yI8t3iJ15ehpLATuFRTVC
	jt607MAvlQrMBV_qG614s_M7U8LhuYxCYBxRr5Qq6d.io00txXpuKgu5339.
	27DuRqEjSZt6.a97W1VaeCzh_1_wc37v5cypLM6cGO6CJrNOwVA8AYaN1nw3
	GocekkIBzGuc0qW.gzqAqVaWMioAxmUzkQzxaeauPyk93R4aJQehBvLyyPBw
	Uw6NOZLWxosp.2CcPzEglgwKowoE-
X-Yahoo-SMTP: OIJXglSswBDfgLtXluJ6wiAYv6_cnw--
To: LSM <linux-security-module@vger.kernel.org>,
	Linux Audit <linux-audit@redhat.com>, Paul Moore <paul@paul-moore.com>,
	LKLM <linux-kernel@vger.kernel.org>
Cc: Casey Schaufler <casey@schaufler-ca.com>
From: Casey Schaufler <casey@schaufler-ca.com>
Subject: [PATCH] Audit: remove unused audit_log_secctx function
Message-ID: <7138b693-9f67-05b1-926a-f0b8ca4035d2@schaufler-ca.com>
Date: Tue, 24 Oct 2017 18:52:31 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101
	Thunderbird/52.4.0
MIME-Version: 1.0
Content-Language: en-US
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

The function audit_log_secctx() is unused in the upstream kernel.
All it does is wrap another function that doesn't need wrapping.
It claims to give you the SELinux context, but that is not true if
you are using a different security module.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
---
 include/linux/audit.h |  8 --------
 kernel/audit.c        | 26 --------------------------
 2 files changed, 34 deletions(-)


--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/include/linux/audit.h b/include/linux/audit.h
index cb708eb..9b275b6 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -149,12 +149,6 @@ extern void		    audit_log_key(struct audit_buffer *ab,
 extern void		    audit_log_link_denied(const char *operation,
 						  const struct path *link);
 extern void		    audit_log_lost(const char *message);
-#ifdef CONFIG_SECURITY
-extern void 		    audit_log_secctx(struct audit_buffer *ab, u32 secid);
-#else
-static inline void	    audit_log_secctx(struct audit_buffer *ab, u32 secid)
-{ }
-#endif
 
 extern int audit_log_task_context(struct audit_buffer *ab);
 extern void audit_log_task_info(struct audit_buffer *ab,
@@ -203,8 +197,6 @@ static inline void audit_log_key(struct audit_buffer *ab, char *key)
 static inline void audit_log_link_denied(const char *string,
 					 const struct path *link)
 { }
-static inline void audit_log_secctx(struct audit_buffer *ab, u32 secid)
-{ }
 static inline int audit_log_task_context(struct audit_buffer *ab)
 {
 	return 0;
diff --git a/kernel/audit.c b/kernel/audit.c
index be1c28f..4254fde 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -2337,32 +2337,6 @@ void audit_log(struct audit_context *ctx, gfp_t gfp_mask, int type,
 	}
 }
 
-#ifdef CONFIG_SECURITY
-/**
- * audit_log_secctx - Converts and logs SELinux context
- * @ab: audit_buffer
- * @secid: security number
- *
- * This is a helper function that calls security_secid_to_secctx to convert
- * secid to secctx and then adds the (converted) SELinux context to the audit
- * log by calling audit_log_format, thus also preventing leak of internal secid
- * to userspace. If secid cannot be converted audit_panic is called.
- */
-void audit_log_secctx(struct audit_buffer *ab, u32 secid)
-{
-	u32 len;
-	char *secctx;
-
-	if (security_secid_to_secctx(secid, &secctx, &len)) {
-		audit_panic("Cannot convert secid to context");
-	} else {
-		audit_log_format(ab, " obj=%s", secctx);
-		security_release_secctx(secctx, len);
-	}
-}
-EXPORT_SYMBOL(audit_log_secctx);
-#endif
-
 EXPORT_SYMBOL(audit_log_start);
 EXPORT_SYMBOL(audit_log_end);
 EXPORT_SYMBOL(audit_log_format);