提交 6b89a74b 编写于 作者: A Ahmed S. Darwish 提交者: James Morris

SELinux: remove redundant exports

Remove the following exported SELinux interfaces:
selinux_get_inode_sid(inode, sid)
selinux_get_ipc_sid(ipcp, sid)
selinux_get_task_sid(tsk, sid)
selinux_sid_to_string(sid, ctx, len)

They can be substitued with the following generic equivalents
respectively:
new LSM hook, inode_getsecid(inode, secid)
new LSM hook, ipc_getsecid*(ipcp, secid)
LSM hook, task_getsecid(tsk, secid)
LSM hook, sid_to_secctx(sid, ctx, len)
Signed-off-by: NCasey Schaufler <casey@schaufler-ca.com>
Signed-off-by: NAhmed S. Darwish <darwish.07@gmail.com>
Acked-by: NJames Morris <jmorris@namei.org>
Reviewed-by: NPaul Moore <paul.moore@hp.com>
上级 0ce784ca
...@@ -16,7 +16,6 @@ ...@@ -16,7 +16,6 @@
struct selinux_audit_rule; struct selinux_audit_rule;
struct audit_context; struct audit_context;
struct inode;
struct kern_ipc_perm; struct kern_ipc_perm;
#ifdef CONFIG_SECURITY_SELINUX #ifdef CONFIG_SECURITY_SELINUX
...@@ -69,45 +68,6 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op, ...@@ -69,45 +68,6 @@ int selinux_audit_rule_match(u32 sid, u32 field, u32 op,
*/ */
void selinux_audit_set_callback(int (*callback)(void)); void selinux_audit_set_callback(int (*callback)(void));
/**
* selinux_sid_to_string - map a security context ID to a string
* @sid: security context ID to be converted.
* @ctx: address of context string to be returned
* @ctxlen: length of returned context string.
*
* Returns 0 if successful, -errno if not. On success, the context
* string will be allocated internally, and the caller must call
* kfree() on it after use.
*/
int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen);
/**
* selinux_get_inode_sid - get the inode's security context ID
* @inode: inode structure to get the sid from.
* @sid: pointer to security context ID to be filled in.
*
* Returns nothing
*/
void selinux_get_inode_sid(const struct inode *inode, u32 *sid);
/**
* selinux_get_ipc_sid - get the ipc security context ID
* @ipcp: ipc structure to get the sid from.
* @sid: pointer to security context ID to be filled in.
*
* Returns nothing
*/
void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid);
/**
* selinux_get_task_sid - return the SID of task
* @tsk: the task whose SID will be returned
* @sid: pointer to security context ID to be filled in.
*
* Returns nothing
*/
void selinux_get_task_sid(struct task_struct *tsk, u32 *sid);
/** /**
* selinux_string_to_sid - map a security context string to a security ID * selinux_string_to_sid - map a security context string to a security ID
* @str: the security context string to be mapped * @str: the security context string to be mapped
...@@ -175,28 +135,6 @@ static inline void selinux_audit_set_callback(int (*callback)(void)) ...@@ -175,28 +135,6 @@ static inline void selinux_audit_set_callback(int (*callback)(void))
return; return;
} }
static inline int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
{
*ctx = NULL;
*ctxlen = 0;
return 0;
}
static inline void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
{
*sid = 0;
}
static inline void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
{
*sid = 0;
}
static inline void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
{
*sid = 0;
}
static inline int selinux_string_to_sid(const char *str, u32 *sid) static inline int selinux_string_to_sid(const char *str, u32 *sid)
{ {
*sid = 0; *sid = 0;
......
...@@ -25,48 +25,6 @@ ...@@ -25,48 +25,6 @@
/* SECMARK reference count */ /* SECMARK reference count */
extern atomic_t selinux_secmark_refcount; extern atomic_t selinux_secmark_refcount;
int selinux_sid_to_string(u32 sid, char **ctx, u32 *ctxlen)
{
if (selinux_enabled)
return security_sid_to_context(sid, ctx, ctxlen);
else {
*ctx = NULL;
*ctxlen = 0;
}
return 0;
}
void selinux_get_inode_sid(const struct inode *inode, u32 *sid)
{
if (selinux_enabled) {
struct inode_security_struct *isec = inode->i_security;
*sid = isec->sid;
return;
}
*sid = 0;
}
void selinux_get_ipc_sid(const struct kern_ipc_perm *ipcp, u32 *sid)
{
if (selinux_enabled) {
struct ipc_security_struct *isec = ipcp->security;
*sid = isec->sid;
return;
}
*sid = 0;
}
void selinux_get_task_sid(struct task_struct *tsk, u32 *sid)
{
if (selinux_enabled) {
struct task_security_struct *tsec = tsk->security;
*sid = tsec->sid;
return;
}
*sid = 0;
}
int selinux_string_to_sid(char *str, u32 *sid) int selinux_string_to_sid(char *str, u32 *sid)
{ {
if (selinux_enabled) if (selinux_enabled)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册