[PATCH] security,selinux: remove security_add_mnt_opt()

Casey Schaufler casey at schaufler-ca.com
Mon Dec 6 15:55:27 UTC 2021 

On 12/6/2021 5:24 AM, Ondrej Mosnacek wrote:
> Its last user has been removed in commit f2aedb713c28 ("NFS: Add
> fs_context support.").
>
> Signed-off-by: Ondrej Mosnacek <omosnace at redhat.com>

Reviewed-by: Casey Schaufler <casey at schaufler-ca.com>

> ---
>   include/linux/lsm_hook_defs.h |  2 --
>   include/linux/lsm_hooks.h     |  2 --
>   include/linux/security.h      |  8 -------
>   security/security.c           |  8 -------
>   security/selinux/hooks.c      | 39 -----------------------------------
>   5 files changed, 59 deletions(-)
>
> diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
> index df8de62f4710..7f5c35d72082 100644
> --- a/include/linux/lsm_hook_defs.h
> +++ b/include/linux/lsm_hook_defs.h
> @@ -78,8 +78,6 @@ LSM_HOOK(int, 0, sb_set_mnt_opts, struct super_block *sb, void *mnt_opts,
>   LSM_HOOK(int, 0, sb_clone_mnt_opts, const struct super_block *oldsb,
>   	 struct super_block *newsb, unsigned long kern_flags,
>   	 unsigned long *set_kern_flags)
> -LSM_HOOK(int, 0, sb_add_mnt_opt, const char *option, const char *val,
> -	 int len, void **mnt_opts)
>   LSM_HOOK(int, 0, move_mount, const struct path *from_path,
>   	 const struct path *to_path)
>   LSM_HOOK(int, 0, dentry_init_security, struct dentry *dentry,
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index d45b6f6e27fd..73cb0ab2bc03 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -180,8 +180,6 @@
>    *	Copy all security options from a given superblock to another
>    *	@oldsb old superblock which contain information to clone
>    *	@newsb new superblock which needs filled in
> - * @sb_add_mnt_opt:
> - * 	Add one mount @option to @mnt_opts.
>    * @sb_parse_opts_str:
>    *	Parse a string of security data filling in the opts structure
>    *	@options string containing all mount options known by the LSM
> diff --git a/include/linux/security.h b/include/linux/security.h
> index bbf44a466832..a4f0c421dd0c 100644
> --- a/include/linux/security.h
> +++ b/include/linux/security.h
> @@ -313,8 +313,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>   				struct super_block *newsb,
>   				unsigned long kern_flags,
>   				unsigned long *set_kern_flags);
> -int security_add_mnt_opt(const char *option, const char *val,
> -				int len, void **mnt_opts);
>   int security_move_mount(const struct path *from_path, const struct path *to_path);
>   int security_dentry_init_security(struct dentry *dentry, int mode,
>   				  const struct qstr *name,
> @@ -711,12 +709,6 @@ static inline int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>   	return 0;
>   }
>   
> -static inline int security_add_mnt_opt(const char *option, const char *val,
> -					int len, void **mnt_opts)
> -{
> -	return 0;
> -}
> -
>   static inline int security_move_mount(const struct path *from_path,
>   				      const struct path *to_path)
>   {
> diff --git a/security/security.c b/security/security.c
> index c88167a414b4..0c49a1f05ac4 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -994,14 +994,6 @@ int security_sb_clone_mnt_opts(const struct super_block *oldsb,
>   }
>   EXPORT_SYMBOL(security_sb_clone_mnt_opts);
>   
> -int security_add_mnt_opt(const char *option, const char *val, int len,
> -			 void **mnt_opts)
> -{
> -	return call_int_hook(sb_add_mnt_opt, -EINVAL,
> -					option, val, len, mnt_opts);
> -}
> -EXPORT_SYMBOL(security_add_mnt_opt);
> -
>   int security_move_mount(const struct path *from_path, const struct path *to_path)
>   {
>   	return call_int_hook(move_mount, 0, from_path, to_path);
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 62d30c0a30c2..8ea92f08e6bd 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1023,44 +1023,6 @@ Einval:
>   	return -EINVAL;
>   }
>   
> -static int selinux_add_mnt_opt(const char *option, const char *val, int len,
> -			       void **mnt_opts)
> -{
> -	int token = Opt_error;
> -	int rc, i;
> -
> -	for (i = 0; i < ARRAY_SIZE(tokens); i++) {
> -		if (strcmp(option, tokens[i].name) == 0) {
> -			token = tokens[i].opt;
> -			break;
> -		}
> -	}
> -
> -	if (token == Opt_error)
> -		return -EINVAL;
> -
> -	if (token != Opt_seclabel) {
> -		val = kmemdup_nul(val, len, GFP_KERNEL);
> -		if (!val) {
> -			rc = -ENOMEM;
> -			goto free_opt;
> -		}
> -	}
> -	rc = selinux_add_opt(token, val, mnt_opts);
> -	if (unlikely(rc)) {
> -		kfree(val);
> -		goto free_opt;
> -	}
> -	return rc;
> -
> -free_opt:
> -	if (*mnt_opts) {
> -		selinux_free_mnt_opts(*mnt_opts);
> -		*mnt_opts = NULL;
> -	}
> -	return rc;
> -}
> -
>   static int show_sid(struct seq_file *m, u32 sid)
>   {
>   	char *context = NULL;
> @@ -7298,7 +7260,6 @@ static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
>   	LSM_HOOK_INIT(fs_context_dup, selinux_fs_context_dup),
>   	LSM_HOOK_INIT(fs_context_parse_param, selinux_fs_context_parse_param),
>   	LSM_HOOK_INIT(sb_eat_lsm_opts, selinux_sb_eat_lsm_opts),
> -	LSM_HOOK_INIT(sb_add_mnt_opt, selinux_add_mnt_opt),
>   #ifdef CONFIG_SECURITY_NETWORK_XFRM
>   	LSM_HOOK_INIT(xfrm_policy_clone_security, selinux_xfrm_policy_clone),
>   #endif

More information about the Linux-security-module-archive mailing list