mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-12-29 09:16:33 +00:00
lsm: remove lsm_prop scaffolding
Remove the scaffold member from the lsm_prop. Remove the remaining places it is being set. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> [PM: subj line tweak] Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
05a344e54d
commit
8afd8c8faa
@ -156,11 +156,6 @@ enum lockdown_reason {
|
|||||||
LOCKDOWN_CONFIDENTIALITY_MAX,
|
LOCKDOWN_CONFIDENTIALITY_MAX,
|
||||||
};
|
};
|
||||||
|
|
||||||
/* scaffolding */
|
|
||||||
struct lsm_prop_scaffold {
|
|
||||||
u32 secid;
|
|
||||||
};
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Data exported by the security modules
|
* Data exported by the security modules
|
||||||
*/
|
*/
|
||||||
@ -169,7 +164,6 @@ struct lsm_prop {
|
|||||||
struct lsm_prop_smack smack;
|
struct lsm_prop_smack smack;
|
||||||
struct lsm_prop_apparmor apparmor;
|
struct lsm_prop_apparmor apparmor;
|
||||||
struct lsm_prop_bpf bpf;
|
struct lsm_prop_bpf bpf;
|
||||||
struct lsm_prop_scaffold scaffold;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
|
extern const char *const lockdown_reasons[LOCKDOWN_CONFIDENTIALITY_MAX+1];
|
||||||
|
@ -270,11 +270,7 @@ int aa_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, void *vrule)
|
|||||||
struct aa_label *label;
|
struct aa_label *label;
|
||||||
int found = 0;
|
int found = 0;
|
||||||
|
|
||||||
/* scaffolding */
|
label = prop->apparmor.label;
|
||||||
if (!prop->apparmor.label && prop->scaffold.secid)
|
|
||||||
label = aa_secid_to_label(prop->scaffold.secid);
|
|
||||||
else
|
|
||||||
label = prop->apparmor.label;
|
|
||||||
|
|
||||||
if (!label)
|
if (!label)
|
||||||
return -ENOENT;
|
return -ENOENT;
|
||||||
|
@ -987,8 +987,6 @@ static void apparmor_current_getlsmprop_subj(struct lsm_prop *prop)
|
|||||||
struct aa_label *label = __begin_current_label_crit_section();
|
struct aa_label *label = __begin_current_label_crit_section();
|
||||||
|
|
||||||
prop->apparmor.label = label;
|
prop->apparmor.label = label;
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = label->secid;
|
|
||||||
__end_current_label_crit_section(label);
|
__end_current_label_crit_section(label);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -998,8 +996,6 @@ static void apparmor_task_getlsmprop_obj(struct task_struct *p,
|
|||||||
struct aa_label *label = aa_get_task_label(p);
|
struct aa_label *label = aa_get_task_label(p);
|
||||||
|
|
||||||
prop->apparmor.label = label;
|
prop->apparmor.label = label;
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = label->secid;
|
|
||||||
aa_put_label(label);
|
aa_put_label(label);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -102,11 +102,7 @@ int apparmor_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
|
|||||||
{
|
{
|
||||||
struct aa_label *label;
|
struct aa_label *label;
|
||||||
|
|
||||||
/* scaffolding */
|
label = prop->apparmor.label;
|
||||||
if (!prop->apparmor.label && prop->scaffold.secid)
|
|
||||||
label = aa_secid_to_label(prop->scaffold.secid);
|
|
||||||
else
|
|
||||||
label = prop->apparmor.label;
|
|
||||||
|
|
||||||
return apparmor_label_to_secctx(label, secdata, seclen);
|
return apparmor_label_to_secctx(label, secdata, seclen);
|
||||||
}
|
}
|
||||||
|
@ -3508,8 +3508,6 @@ static void selinux_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
|
|||||||
struct inode_security_struct *isec = inode_security_novalidate(inode);
|
struct inode_security_struct *isec = inode_security_novalidate(inode);
|
||||||
|
|
||||||
prop->selinux.secid = isec->sid;
|
prop->selinux.secid = isec->sid;
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = isec->sid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
|
static int selinux_inode_copy_up(struct dentry *src, struct cred **new)
|
||||||
@ -4040,8 +4038,6 @@ static void selinux_cred_getsecid(const struct cred *c, u32 *secid)
|
|||||||
static void selinux_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop)
|
static void selinux_cred_getlsmprop(const struct cred *c, struct lsm_prop *prop)
|
||||||
{
|
{
|
||||||
prop->selinux.secid = cred_sid(c);
|
prop->selinux.secid = cred_sid(c);
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = prop->selinux.secid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -4182,16 +4178,12 @@ static int selinux_task_getsid(struct task_struct *p)
|
|||||||
static void selinux_current_getlsmprop_subj(struct lsm_prop *prop)
|
static void selinux_current_getlsmprop_subj(struct lsm_prop *prop)
|
||||||
{
|
{
|
||||||
prop->selinux.secid = current_sid();
|
prop->selinux.secid = current_sid();
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = prop->selinux.secid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void selinux_task_getlsmprop_obj(struct task_struct *p,
|
static void selinux_task_getlsmprop_obj(struct task_struct *p,
|
||||||
struct lsm_prop *prop)
|
struct lsm_prop *prop)
|
||||||
{
|
{
|
||||||
prop->selinux.secid = task_sid_obj(p);
|
prop->selinux.secid = task_sid_obj(p);
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = prop->selinux.secid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int selinux_task_setnice(struct task_struct *p, int nice)
|
static int selinux_task_setnice(struct task_struct *p, int nice)
|
||||||
@ -6339,8 +6331,6 @@ static void selinux_ipc_getlsmprop(struct kern_ipc_perm *ipcp,
|
|||||||
{
|
{
|
||||||
struct ipc_security_struct *isec = selinux_ipc(ipcp);
|
struct ipc_security_struct *isec = selinux_ipc(ipcp);
|
||||||
prop->selinux.secid = isec->sid;
|
prop->selinux.secid = isec->sid;
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = isec->sid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
|
static void selinux_d_instantiate(struct dentry *dentry, struct inode *inode)
|
||||||
@ -6625,13 +6615,7 @@ static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
|
|||||||
static int selinux_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
|
static int selinux_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
|
||||||
u32 *seclen)
|
u32 *seclen)
|
||||||
{
|
{
|
||||||
u32 secid = prop->selinux.secid;
|
return selinux_secid_to_secctx(prop->selinux.secid, secdata, seclen);
|
||||||
|
|
||||||
/* scaffolding */
|
|
||||||
if (!secid)
|
|
||||||
secid = prop->scaffold.secid;
|
|
||||||
|
|
||||||
return selinux_secid_to_secctx(secid, secdata, seclen);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
|
static int selinux_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
|
||||||
|
@ -3661,10 +3661,6 @@ int selinux_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op, void *vru
|
|||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* scaffolding */
|
|
||||||
if (!prop->selinux.secid && prop->scaffold.secid)
|
|
||||||
prop->selinux.secid = prop->scaffold.secid;
|
|
||||||
|
|
||||||
ctxt = sidtab_search(policy->sidtab, prop->selinux.secid);
|
ctxt = sidtab_search(policy->sidtab, prop->selinux.secid);
|
||||||
if (unlikely(!ctxt)) {
|
if (unlikely(!ctxt)) {
|
||||||
WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
|
WARN_ONCE(1, "selinux_audit_rule_match: unrecognized SID %d\n",
|
||||||
|
@ -1655,11 +1655,7 @@ static int smack_inode_listsecurity(struct inode *inode, char *buffer,
|
|||||||
*/
|
*/
|
||||||
static void smack_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
|
static void smack_inode_getlsmprop(struct inode *inode, struct lsm_prop *prop)
|
||||||
{
|
{
|
||||||
struct smack_known *skp = smk_of_inode(inode);
|
prop->smack.skp = smk_of_inode(inode);
|
||||||
|
|
||||||
prop->smack.skp = skp;
|
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = skp->smk_secid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -2162,8 +2158,6 @@ static void smack_cred_getlsmprop(const struct cred *cred,
|
|||||||
{
|
{
|
||||||
rcu_read_lock();
|
rcu_read_lock();
|
||||||
prop->smack.skp = smk_of_task(smack_cred(cred));
|
prop->smack.skp = smk_of_task(smack_cred(cred));
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = prop->smack.skp->smk_secid;
|
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2265,11 +2259,7 @@ static int smack_task_getsid(struct task_struct *p)
|
|||||||
*/
|
*/
|
||||||
static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
|
static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
|
||||||
{
|
{
|
||||||
struct smack_known *skp = smk_of_current();
|
prop->smack.skp = smk_of_current();
|
||||||
|
|
||||||
prop->smack.skp = skp;
|
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = skp->smk_secid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -2282,11 +2272,7 @@ static void smack_current_getlsmprop_subj(struct lsm_prop *prop)
|
|||||||
static void smack_task_getlsmprop_obj(struct task_struct *p,
|
static void smack_task_getlsmprop_obj(struct task_struct *p,
|
||||||
struct lsm_prop *prop)
|
struct lsm_prop *prop)
|
||||||
{
|
{
|
||||||
struct smack_known *skp = smk_of_task_struct_obj(p);
|
prop->smack.skp = smk_of_task_struct_obj(p);
|
||||||
|
|
||||||
prop->smack.skp = skp;
|
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = skp->smk_secid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -3466,11 +3452,8 @@ static int smack_ipc_permission(struct kern_ipc_perm *ipp, short flag)
|
|||||||
static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
|
static void smack_ipc_getlsmprop(struct kern_ipc_perm *ipp, struct lsm_prop *prop)
|
||||||
{
|
{
|
||||||
struct smack_known **iskpp = smack_ipc(ipp);
|
struct smack_known **iskpp = smack_ipc(ipp);
|
||||||
struct smack_known *iskp = *iskpp;
|
|
||||||
|
|
||||||
prop->smack.skp = iskp;
|
prop->smack.skp = *iskpp;
|
||||||
/* scaffolding */
|
|
||||||
prop->scaffold.secid = iskp->smk_secid;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -4805,10 +4788,6 @@ static int smack_audit_rule_match(struct lsm_prop *prop, u32 field, u32 op,
|
|||||||
if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
|
if (field != AUDIT_SUBJ_USER && field != AUDIT_OBJ_USER)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
/* scaffolding */
|
|
||||||
if (!skp && prop->scaffold.secid)
|
|
||||||
skp = smack_from_secid(prop->scaffold.secid);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* No need to do string comparisons. If a match occurs,
|
* No need to do string comparisons. If a match occurs,
|
||||||
* both pointers will point to the same smack_known
|
* both pointers will point to the same smack_known
|
||||||
@ -4869,10 +4848,6 @@ static int smack_lsmprop_to_secctx(struct lsm_prop *prop, char **secdata,
|
|||||||
{
|
{
|
||||||
struct smack_known *skp = prop->smack.skp;
|
struct smack_known *skp = prop->smack.skp;
|
||||||
|
|
||||||
/* scaffolding */
|
|
||||||
if (!skp && prop->scaffold.secid)
|
|
||||||
skp = smack_from_secid(prop->scaffold.secid);
|
|
||||||
|
|
||||||
if (secdata)
|
if (secdata)
|
||||||
*secdata = skp->smk_known;
|
*secdata = skp->smk_known;
|
||||||
*seclen = strlen(skp->smk_known);
|
*seclen = strlen(skp->smk_known);
|
||||||
|
Loading…
Reference in New Issue
Block a user