| Message ID | 20230324092114.13907-1-lukas.bulwahn@gmail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Delegated to: | Paul Moore |
| Headers | show |
| Series | [v2] selinux: clean up dead code after removing runtime disable | expand |
On Fri, Mar 24, 2023 at 5:23 AM Lukas Bulwahn <lukas.bulwahn@gmail.com> wrote: > > Commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality") > removes the config SECURITY_SELINUX_DISABLE. This results in some dead code > in lsm_hooks.h. > > Remove this dead code. > > Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> > --- > include/linux/lsm_hooks.h | 23 ----------------------- > 1 file changed, 23 deletions(-) Thanks Lukas, this looks much better. Merged into selinux/next. > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h > index 2b04f94a31bd..ab2b2fafa4a4 100644 > --- a/include/linux/lsm_hooks.h > +++ b/include/linux/lsm_hooks.h > @@ -117,29 +117,6 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; > __used __section(".early_lsm_info.init") \ > __aligned(sizeof(unsigned long)) > > -#ifdef CONFIG_SECURITY_SELINUX_DISABLE > -/* > - * Assuring the safety of deleting a security module is up to > - * the security module involved. This may entail ordering the > - * module's hook list in a particular way, refusing to disable > - * the module once a policy is loaded or any number of other > - * actions better imagined than described. > - * > - * The name of the configuration option reflects the only module > - * that currently uses the mechanism. Any developer who thinks > - * disabling their module is a good idea needs to be at least as > - * careful as the SELinux team. > - */ > -static inline void security_delete_hooks(struct security_hook_list *hooks, > - int count) > -{ > - int i; > - > - for (i = 0; i < count; i++) > - hlist_del_rcu(&hooks[i].list); > -} > -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */ > - > extern int lsm_inode_alloc(struct inode *inode); > > #endif /* ! __LINUX_LSM_HOOKS_H */ > -- > 2.17.1
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 2b04f94a31bd..ab2b2fafa4a4 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -117,29 +117,6 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; __used __section(".early_lsm_info.init") \ __aligned(sizeof(unsigned long)) -#ifdef CONFIG_SECURITY_SELINUX_DISABLE -/* - * Assuring the safety of deleting a security module is up to - * the security module involved. This may entail ordering the - * module's hook list in a particular way, refusing to disable - * the module once a policy is loaded or any number of other - * actions better imagined than described. - * - * The name of the configuration option reflects the only module - * that currently uses the mechanism. Any developer who thinks - * disabling their module is a good idea needs to be at least as - * careful as the SELinux team. - */ -static inline void security_delete_hooks(struct security_hook_list *hooks, - int count) -{ - int i; - - for (i = 0; i < count; i++) - hlist_del_rcu(&hooks[i].list); -} -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */ - extern int lsm_inode_alloc(struct inode *inode); #endif /* ! __LINUX_LSM_HOOKS_H */
Commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality") removes the config SECURITY_SELINUX_DISABLE. This results in some dead code in lsm_hooks.h. Remove this dead code. Signed-off-by: Lukas Bulwahn <lukas.bulwahn@gmail.com> --- include/linux/lsm_hooks.h | 23 ----------------------- 1 file changed, 23 deletions(-)