| Message ID | 20211206132406.235872-1-omosnace@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | security,selinux: remove security_add_mnt_opt() | expand |
On 12/6/2021 5:24 AM, Ondrej Mosnacek wrote: > Its last user has been removed in commit f2aedb713c28 ("NFS: Add > fs_context support."). > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com> > --- > include/linux/lsm_hook_defs.h | 2 -- > include/linux/lsm_hooks.h | 2 -- > include/linux/security.h | 8 ------- > security/security.c | 8 ------- > security/selinux/hooks.c | 39 ----------------------------------- > 5 files changed, 59 deletions(-) > > diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h > index df8de62f4710..7f5c35d72082 100644 > --- a/include/linux/lsm_hook_defs.h > +++ b/include/linux/lsm_hook_defs.h > @@ -78,8 +78,6 @@ LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts, > LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb, > struct super_block *newsb, unsigned long kern_flags, > unsigned long *set_kern_flags) > -LSM_HOOK(int, 0, sb_add_mnt_opt, const char *option, const char *val, > - int len, void **mnt_opts) > LSM_HOOK(int, 0, move_mount, const struct path *from_path, > const struct path *to_path) > LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry, > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index d45b6f6e27fd..73cb0ab2bc03 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -180,8 +180,6 @@ > * Copy all security options from a given superblock to another > * @oldsb old superblock which contain information to clone > * @newsb new superblock which needs filled in > - * @sb_add_mnt_opt: > - * Add one mount @option to @mnt_opts. > * @sb_parse_opts_str: > * Parse a string of security data filling in the opts structure > * @options string containing all mount options known by the LSM > diff --git a/include/linux/security.h b/include/linux/security.h > index bbf44a466832..a4f0c421dd0c 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -313,8 +313,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, > struct super_block *newsb, > unsigned long kern_flags, > unsigned long *set_kern_flags); > -int security_add_mnt_opt(const char *option, const char *val, > - int len, void **mnt_opts); > int security_move_mount(const struct path *from_path, const struct path *to_path); > int security_dentry_init_security(struct dentry *dentry, int mode, > const struct qstr *name, > @@ -711,12 +709,6 @@ static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, > return 0; > } > > -static inline int security_add_mnt_opt(const char *option, const char *val, > - int len, void **mnt_opts) > -{ > - return 0; > -} > - > static inline int security_move_mount(const struct path *from_path, > const struct path *to_path) > { > diff --git a/security/security.c b/security/security.c > index c88167a414b4..0c49a1f05ac4 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -994,14 +994,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, > } > EXPORT_SYMBOL(security_sb_clone_mnt_opts); > > -int security_add_mnt_opt(const char *option, const char *val, int len, > - void **mnt_opts) > -{ > - return call_int_hook(sb_add_mnt_opt, -EINVAL, > - option, val, len, mnt_opts); > -} > -EXPORT_SYMBOL(security_add_mnt_opt); > - > int security_move_mount(const struct path *from_path, const struct path *to_path) > { > return call_int_hook(move_mount, 0, from_path, to_path); > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 62d30c0a30c2..8ea92f08e6bd 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1023,44 +1023,6 @@ Einval: > return -EINVAL; > } > > -static int selinux_add_mnt_opt(const char *option, const char *val, int len, > - void **mnt_opts) > -{ > - int token = Opt_error; > - int rc, i; > - > - for (i = 0; i < ARRAY_SIZE(tokens); i++) { > - if (strcmp(option, tokens[i].name) == 0) { > - token = tokens[i].opt; > - break; > - } > - } > - > - if (token == Opt_error) > - return -EINVAL; > - > - if (token != Opt_seclabel) { > - val = kmemdup_nul(val, len, GFP_KERNEL); > - if (!val) { > - rc = -ENOMEM; > - goto free_opt; > - } > - } > - rc = selinux_add_opt(token, val, mnt_opts); > - if (unlikely(rc)) { > - kfree(val); > - goto free_opt; > - } > - return rc; > - > -free_opt: > - if (*mnt_opts) { > - selinux_free_mnt_opts(*mnt_opts); > - *mnt_opts = NULL; > - } > - return rc; > -} > - > static int show_sid(struct seq_file *m, u32 sid) > { > char *context = NULL; > @@ -7298,7 +7260,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { > LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup), > LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param), > LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts), > - LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt), > #ifdef CONFIG_SECURITY_NETWORK_XFRM > LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone), > #endif
On Mon, Dec 6, 2021 at 8:24 AM Ondrej Mosnacek <omosnace@redhat.com> wrote: > > Its last user has been removed in commit f2aedb713c28 ("NFS: Add > fs_context support."). > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> > --- > include/linux/lsm_hook_defs.h | 2 -- > include/linux/lsm_hooks.h | 2 -- > include/linux/security.h | 8 ------- > security/security.c | 8 ------- > security/selinux/hooks.c | 39 ----------------------------------- > 5 files changed, 59 deletions(-) Good catch. As this really only affects SELinux, I've merged this into the selinux/next tree.
On Mon, 6 Dec 2021, Ondrej Mosnacek wrote: > Its last user has been removed in commit f2aedb713c28 ("NFS: Add > fs_context support."). > > Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Acked-by: James Morris <jamorris@linux.microsoft.com> > --- > include/linux/lsm_hook_defs.h | 2 -- > include/linux/lsm_hooks.h | 2 -- > include/linux/security.h | 8 ------- > security/security.c | 8 ------- > security/selinux/hooks.c | 39 ----------------------------------- > 5 files changed, 59 deletions(-) > > diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h > index df8de62f4710..7f5c35d72082 100644 > --- a/include/linux/lsm_hook_defs.h > +++ b/include/linux/lsm_hook_defs.h > @@ -78,8 +78,6 @@ LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts, > LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb, > struct super_block *newsb, unsigned long kern_flags, > unsigned long *set_kern_flags) > -LSM_HOOK(int, 0, sb_add_mnt_opt, const char *option, const char *val, > - int len, void **mnt_opts) > LSM_HOOK(int, 0, move_mount, const struct path *from_path, > const struct path *to_path) > LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry, > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index d45b6f6e27fd..73cb0ab2bc03 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -180,8 +180,6 @@ > * Copy all security options from a given superblock to another > * @oldsb old superblock which contain information to clone > * @newsb new superblock which needs filled in > - * @sb_add_mnt_opt: > - * Add one mount @option to @mnt_opts. > * @sb_parse_opts_str: > * Parse a string of security data filling in the opts structure > * @options string containing all mount options known by the LSM > diff --git a/include/linux/security.h b/include/linux/security.h > index bbf44a466832..a4f0c421dd0c 100644 > --- a/include/linux/security.h > +++ b/include/linux/security.h > @@ -313,8 +313,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, > struct super_block *newsb, > unsigned long kern_flags, > unsigned long *set_kern_flags); > -int security_add_mnt_opt(const char *option, const char *val, > - int len, void **mnt_opts); > int security_move_mount(const struct path *from_path, const struct path *to_path); > int security_dentry_init_security(struct dentry *dentry, int mode, > const struct qstr *name, > @@ -711,12 +709,6 @@ static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, > return 0; > } > > -static inline int security_add_mnt_opt(const char *option, const char *val, > - int len, void **mnt_opts) > -{ > - return 0; > -} > - > static inline int security_move_mount(const struct path *from_path, > const struct path *to_path) > { > diff --git a/security/security.c b/security/security.c > index c88167a414b4..0c49a1f05ac4 100644 > --- a/security/security.c > +++ b/security/security.c > @@ -994,14 +994,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, > } > EXPORT_SYMBOL(security_sb_clone_mnt_opts); > > -int security_add_mnt_opt(const char *option, const char *val, int len, > - void **mnt_opts) > -{ > - return call_int_hook(sb_add_mnt_opt, -EINVAL, > - option, val, len, mnt_opts); > -} > -EXPORT_SYMBOL(security_add_mnt_opt); > - > int security_move_mount(const struct path *from_path, const struct path *to_path) > { > return call_int_hook(move_mount, 0, from_path, to_path); > diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c > index 62d30c0a30c2..8ea92f08e6bd 100644 > --- a/security/selinux/hooks.c > +++ b/security/selinux/hooks.c > @@ -1023,44 +1023,6 @@ Einval: > return -EINVAL; > } > > -static int selinux_add_mnt_opt(const char *option, const char *val, int len, > - void **mnt_opts) > -{ > - int token = Opt_error; > - int rc, i; > - > - for (i = 0; i < ARRAY_SIZE(tokens); i++) { > - if (strcmp(option, tokens[i].name) == 0) { > - token = tokens[i].opt; > - break; > - } > - } > - > - if (token == Opt_error) > - return -EINVAL; > - > - if (token != Opt_seclabel) { > - val = kmemdup_nul(val, len, GFP_KERNEL); > - if (!val) { > - rc = -ENOMEM; > - goto free_opt; > - } > - } > - rc = selinux_add_opt(token, val, mnt_opts); > - if (unlikely(rc)) { > - kfree(val); > - goto free_opt; > - } > - return rc; > - > -free_opt: > - if (*mnt_opts) { > - selinux_free_mnt_opts(*mnt_opts); > - *mnt_opts = NULL; > - } > - return rc; > -} > - > static int show_sid(struct seq_file *m, u32 sid) > { > char *context = NULL; > @@ -7298,7 +7260,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { > LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup), > LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param), > LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts), > - LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt), > #ifdef CONFIG_SECURITY_NETWORK_XFRM > LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone), > #endif > -- > 2.33.1 >
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h index df8de62f4710..7f5c35d72082 100644 --- a/include/linux/lsm_hook_defs.h +++ b/include/linux/lsm_hook_defs.h @@ -78,8 +78,6 @@ LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts, LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb, struct super_block *newsb, unsigned long kern_flags, unsigned long *set_kern_flags) -LSM_HOOK(int, 0, sb_add_mnt_opt, const char *option, const char *val, - int len, void **mnt_opts) LSM_HOOK(int, 0, move_mount, const struct path *from_path, const struct path *to_path) LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry, diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index d45b6f6e27fd..73cb0ab2bc03 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -180,8 +180,6 @@ * Copy all security options from a given superblock to another * @oldsb old superblock which contain information to clone * @newsb new superblock which needs filled in - * @sb_add_mnt_opt: - * Add one mount @option to @mnt_opts. * @sb_parse_opts_str: * Parse a string of security data filling in the opts structure * @options string containing all mount options known by the LSM diff --git a/include/linux/security.h b/include/linux/security.h index bbf44a466832..a4f0c421dd0c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -313,8 +313,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, struct super_block *newsb, unsigned long kern_flags, unsigned long *set_kern_flags); -int security_add_mnt_opt(const char *option, const char *val, - int len, void **mnt_opts); int security_move_mount(const struct path *from_path, const struct path *to_path); int security_dentry_init_security(struct dentry *dentry, int mode, const struct qstr *name, @@ -711,12 +709,6 @@ static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb, return 0; } -static inline int security_add_mnt_opt(const char *option, const char *val, - int len, void **mnt_opts) -{ - return 0; -} - static inline int security_move_mount(const struct path *from_path, const struct path *to_path) { diff --git a/security/security.c b/security/security.c index c88167a414b4..0c49a1f05ac4 100644 --- a/security/security.c +++ b/security/security.c @@ -994,14 +994,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb, } EXPORT_SYMBOL(security_sb_clone_mnt_opts); -int security_add_mnt_opt(const char *option, const char *val, int len, - void **mnt_opts) -{ - return call_int_hook(sb_add_mnt_opt, -EINVAL, - option, val, len, mnt_opts); -} -EXPORT_SYMBOL(security_add_mnt_opt); - int security_move_mount(const struct path *from_path, const struct path *to_path) { return call_int_hook(move_mount, 0, from_path, to_path); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 62d30c0a30c2..8ea92f08e6bd 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1023,44 +1023,6 @@ Einval: return -EINVAL; } -static int selinux_add_mnt_opt(const char *option, const char *val, int len, - void **mnt_opts) -{ - int token = Opt_error; - int rc, i; - - for (i = 0; i < ARRAY_SIZE(tokens); i++) { - if (strcmp(option, tokens[i].name) == 0) { - token = tokens[i].opt; - break; - } - } - - if (token == Opt_error) - return -EINVAL; - - if (token != Opt_seclabel) { - val = kmemdup_nul(val, len, GFP_KERNEL); - if (!val) { - rc = -ENOMEM; - goto free_opt; - } - } - rc = selinux_add_opt(token, val, mnt_opts); - if (unlikely(rc)) { - kfree(val); - goto free_opt; - } - return rc; - -free_opt: - if (*mnt_opts) { - selinux_free_mnt_opts(*mnt_opts); - *mnt_opts = NULL; - } - return rc; -} - static int show_sid(struct seq_file *m, u32 sid) { char *context = NULL; @@ -7298,7 +7260,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = { LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup), LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param), LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts), - LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt), #ifdef CONFIG_SECURITY_NETWORK_XFRM LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone), #endif
Its last user has been removed in commit f2aedb713c28 ("NFS: Add fs_context support."). Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> --- include/linux/lsm_hook_defs.h | 2 -- include/linux/lsm_hooks.h | 2 -- include/linux/security.h | 8 ------- security/security.c | 8 ------- security/selinux/hooks.c | 39 ----------------------------------- 5 files changed, 59 deletions(-)