diff options
-rw-r--r-- | include/linux/security.h | 20 | ||||
-rw-r--r-- | kernel/sys.c | 15 | ||||
-rw-r--r-- | security/capability.c | 6 | ||||
-rw-r--r-- | security/security.c | 5 |
4 files changed, 0 insertions, 46 deletions
diff --git a/include/linux/security.h b/include/linux/security.h index 33b0c1b27f8..447c57fcec8 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -674,18 +674,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * userspace to load a kernel module with the given name. * @kmod_name name of the module requested by the kernel * Return 0 if successful. - * @task_setuid: - * Check permission before setting one or more of the user identity - * attributes of the current process. The @flags parameter indicates - * which of the set*uid system calls invoked this hook and how to - * interpret the @id0, @id1, and @id2 parameters. See the LSM_SETID - * definitions at the beginning of this file for the @flags values and - * their meanings. - * @id0 contains a uid. - * @id1 contains a uid. - * @id2 contains a uid. - * @flags contains one of the LSM_SETID_* values. - * Return 0 if permission is granted. * @task_fix_setuid: * Update the module's state after setting one or more of the user * identity attributes of the current process. The @flags parameter @@ -1536,7 +1524,6 @@ struct security_operations { int (*kernel_act_as)(struct cred *new, u32 secid); int (*kernel_create_files_as)(struct cred *new, struct inode *inode); int (*kernel_module_request)(char *kmod_name); - int (*task_setuid) (uid_t id0, uid_t id1, uid_t id2, int flags); int (*task_fix_setuid) (struct cred *new, const struct cred *old, int flags); int (*task_setgid) (gid_t id0, gid_t id1, gid_t id2, int flags); @@ -1793,7 +1780,6 @@ void security_transfer_creds(struct cred *new, const struct cred *old); int security_kernel_act_as(struct cred *new, u32 secid); int security_kernel_create_files_as(struct cred *new, struct inode *inode); int security_kernel_module_request(char *kmod_name); -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags); int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags); int security_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags); @@ -2330,12 +2316,6 @@ static inline int security_kernel_module_request(char *kmod_name) return 0; } -static inline int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, - int flags) -{ - return 0; -} - static inline int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) diff --git a/kernel/sys.c b/kernel/sys.c index 8298878f4f7..396c11cd9a2 100644 --- a/kernel/sys.c +++ b/kernel/sys.c @@ -609,10 +609,6 @@ SYSCALL_DEFINE2(setreuid, uid_t, ruid, uid_t, euid) return -ENOMEM; old = current_cred(); - retval = security_task_setuid(ruid, euid, (uid_t)-1, LSM_SETID_RE); - if (retval) - goto error; - retval = -EPERM; if (ruid != (uid_t) -1) { new->uid = ruid; @@ -674,10 +670,6 @@ SYSCALL_DEFINE1(setuid, uid_t, uid) return -ENOMEM; old = current_cred(); - retval = security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_ID); - if (retval) - goto error; - retval = -EPERM; if (capable(CAP_SETUID)) { new->suid = new->uid = uid; @@ -718,9 +710,6 @@ SYSCALL_DEFINE3(setresuid, uid_t, ruid, uid_t, euid, uid_t, suid) if (!new) return -ENOMEM; - retval = security_task_setuid(ruid, euid, suid, LSM_SETID_RES); - if (retval) - goto error; old = current_cred(); retval = -EPERM; @@ -850,9 +839,6 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) old = current_cred(); old_fsuid = old->fsuid; - if (security_task_setuid(uid, (uid_t)-1, (uid_t)-1, LSM_SETID_FS) < 0) - goto error; - if (uid == old->uid || uid == old->euid || uid == old->suid || uid == old->fsuid || capable(CAP_SETUID)) { @@ -863,7 +849,6 @@ SYSCALL_DEFINE1(setfsuid, uid_t, uid) } } -error: abort_creds(new); return old_fsuid; diff --git a/security/capability.c b/security/capability.c index a927bdea181..41ff54f3b4d 100644 --- a/security/capability.c +++ b/security/capability.c @@ -392,11 +392,6 @@ static int cap_kernel_module_request(char *kmod_name) return 0; } -static int cap_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) -{ - return 0; -} - static int cap_task_setgid(gid_t id0, gid_t id1, gid_t id2, int flags) { return 0; @@ -972,7 +967,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, kernel_act_as); set_to_cap_if_null(ops, kernel_create_files_as); set_to_cap_if_null(ops, kernel_module_request); - set_to_cap_if_null(ops, task_setuid); set_to_cap_if_null(ops, task_fix_setuid); set_to_cap_if_null(ops, task_setgid); set_to_cap_if_null(ops, task_setpgid); diff --git a/security/security.c b/security/security.c index 6e5942653d4..3900da3da87 100644 --- a/security/security.c +++ b/security/security.c @@ -732,11 +732,6 @@ int security_kernel_module_request(char *kmod_name) return security_ops->kernel_module_request(kmod_name); } -int security_task_setuid(uid_t id0, uid_t id1, uid_t id2, int flags) -{ - return security_ops->task_setuid(id0, id1, id2, flags); -} - int security_task_fix_setuid(struct cred *new, const struct cred *old, int flags) { |