selinux: drop unused socket security classes

Several of the extended socket classes introduced by commit da69a530 ("selinux: support distinctions among all network address families") are never used because sockets can never be created with the associated address family. Remove these unused socket security classes. The removed classes are bridge_socket for PF_BRIDGE, ib_socket for PF_IB, and mpls_socket for PF_MPLS. Signed-off-by: N Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: N Paul Moore <paul@paul-moore.com>

selinux: drop unused socket security classes
Several of the extended socket classes introduced by commit da69a530 ("selinux: support distinctions among all network address families") are never used because sockets can never be created with the associated address family. Remove these unused socket security classes. The removed classes are bridge_socket for PF_BRIDGE, ib_socket for PF_IB, and mpls_socket for PF_MPLS. Signed-off-by: N Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: N Paul Moore <paul@paul-moore.com>
b4ba35c7 · Stephen Smalley · Paul Moore · 900fde06 · b4ba35c7 · b4ba35c7
隐藏空白更改
内联并排

Showing with 0 addition and 12 deletion

security/selinux/hooks.c security/selinux/hooks.c +0 -6

security/selinux/include/classmap.h security/selinux/include/classmap.h +0 -6

未找到文件。
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1353,8 +1353,6 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 			return SECCLASS_IPX_SOCKET;
 		case PF_NETROM:
 			return SECCLASS_NETROM_SOCKET;
-		case PF_BRIDGE:
-			return SECCLASS_BRIDGE_SOCKET;
 		case PF_ATMPVC:
 			return SECCLASS_ATMPVC_SOCKET;
 		case PF_X25:
@@ -1373,10 +1371,6 @@ static inline u16 socket_type_to_security_class(int family, int type, int protoc
 			return SECCLASS_PPPOX_SOCKET;
 		case PF_LLC:
 			return SECCLASS_LLC_SOCKET;
-		case PF_IB:
-			return SECCLASS_IB_SOCKET;
-		case PF_MPLS:
-			return SECCLASS_MPLS_SOCKET;
 		case PF_CAN:
 			return SECCLASS_CAN_SOCKET;
 		case PF_TIPC:

--- a/security/selinux/include/classmap.h
+++ b/security/selinux/include/classmap.h
@@ -183,8 +183,6 @@ struct security_class_mapping secclass_map[] = {
 	  { COMMON_SOCK_PERMS, NULL } },
 	{ "netrom_socket",
 	  { COMMON_SOCK_PERMS, NULL } },
-	{ "bridge_socket",
-	  { COMMON_SOCK_PERMS, NULL } },
 	{ "atmpvc_socket",
 	  { COMMON_SOCK_PERMS, NULL } },
 	{ "x25_socket",
@@ -203,10 +201,6 @@ struct security_class_mapping secclass_map[] = {
 	  { COMMON_SOCK_PERMS, NULL } },
 	{ "llc_socket",
 	  { COMMON_SOCK_PERMS, NULL } },
-	{ "ib_socket",
-	  { COMMON_SOCK_PERMS, NULL } },
-	{ "mpls_socket",
-	  { COMMON_SOCK_PERMS, NULL } },
 	{ "can_socket",
 	  { COMMON_SOCK_PERMS, NULL } },
 	{ "tipc_socket",