[PATCH 34/58] AppArmor: Remove unnecessary hook stub

[PATCH 00/58] LSM: Module stacking for AppArmor · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 01/58] LSM: Infrastructure management of the superblock · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 01/58] LSM: Infrastructure management of the superblock · Kees Cook <hidden> · 2019-06-01
[PATCH 03/58] LSM: Infrastructure management of the key security blob · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 03/58] LSM: Infrastructure management of the key security blob · Kees Cook <hidden> · 2019-06-01
[PATCH 04/58] LSM: Create an lsm_export data structure. · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 04/58] LSM: Create an lsm_export data structure. · Kees Cook <hidden> · 2019-06-01
Re: [PATCH 04/58] LSM: Create an lsm_export data structure. · Casey Schaufler <casey@schaufler-ca.com> · 2019-06-03
[PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks · Kees Cook <hidden> · 2019-06-02
Re: [PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-06-04
Re: [PATCH 05/58] LSM: Use lsm_export in the inode_getsecid hooks · Kees Cook <hidden> · 2019-06-06
[PATCH 07/58] LSM: Use lsm_export in the ipc_getsecid and task_getsecid hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 06/58] LSM: Use lsm_export in the cred_getsecid hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 08/58] LSM: Use lsm_export in the kernel_ask_as hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 09/58] LSM: Use lsm_export in the getpeersec_dgram hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 10/58] LSM: Use lsm_export in the audit_rule_match hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 11/58] LSM: Use lsm_export in the secid_to_secctx hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 13/58] LSM: Use lsm_export in security_audit_rule_match · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 12/58] LSM: Use lsm_export in the secctx_to_secid hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 14/58] LSM: Use lsm_export in security_kernel_act_as · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 15/58] LSM: Use lsm_export in security_socket_getpeersec_dgram · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 16/58] LSM: Use lsm_export in security_secctx_to_secid · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 02/58] LSM: Infrastructure management of the sock security · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 02/58] LSM: Infrastructure management of the sock security · Kees Cook <hidden> · 2019-06-01
[PATCH 17/58] LSM: Use lsm_export in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 18/58] LSM: Use lsm_export in security_ipc_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 19/58] LSM: Use lsm_export in security_task_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 21/58] LSM: Use lsm_export in security_cred_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 20/58] LSM: Use lsm_export in security_inode_getsecid · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 23/58] Audit: Convert target_sid to an lsm_export structure · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Kees Cook <hidden> · 2019-06-02
Re: [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Casey Schaufler <casey@schaufler-ca.com> · 2019-06-03
Re: [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Kees Cook <hidden> · 2019-06-06
Re: [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Casey Schaufler <casey@schaufler-ca.com> · 2019-06-06
Re: [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Kees Cook <hidden> · 2019-06-06
Re: [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Casey Schaufler <casey@schaufler-ca.com> · 2019-06-06
Re: [PATCH 22/58] Audit: Change audit_sig_sid to audit_sig_lsm · Kees Cook <hidden> · 2019-06-06
[PATCH 24/58] Audit: Convert osid to an lsm_export structure · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 25/58] IMA: Clean out lsm_export scaffolding · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 25/58] IMA: Clean out lsm_export scaffolding · Kees Cook <hidden> · 2019-06-02
Re: [PATCH 25/58] IMA: Clean out lsm_export scaffolding · Casey Schaufler <casey@schaufler-ca.com> · 2019-06-03
[PATCH 27/58] NET: Remove scaffolding on secmarks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 26/58] NET: Change the UNIXCB from a secid to an lsm_export · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 28/58] NET: Remove scaffolding on new secmarks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 29/58] NET: Remove netfilter scaffolding for lsm_export · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 31/58] LSM: Remove lsm_export scaffolding functions · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 30/58] Netlabel: Replace secids with lsm_export · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 32/58] IMA: FIXUP prototype using lsm_export · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 33/58] Smack: Restore the release_secctx hook · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 35/58] LSM: Limit calls to certain module hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 34/58] AppArmor: Remove unnecessary hook stub · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 36/58] LSM: Create a data structure for a security context · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 37/58] LSM: Use lsm_context in secid_to_secctx hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 38/58] LSM: Use lsm_context in secctx_to_secid hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 39/58] LSM: Use lsm_context in inode_getsecctx hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 40/58] LSM: Use lsm_context in inode_notifysecctx hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 41/58] LSM: Use lsm_context in dentry_init_security hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 42/58] LSM: Use lsm_context in security_dentry_init_security · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 43/58] LSM: Use lsm_context in security_inode_notifysecctx · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 45/58] LSM: Use lsm_context in security_secctx_to_secid · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 44/58] LSM: Use lsm_context in security_inode_getsecctx · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 46/58] LSM: Use lsm_context in release_secctx hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 46/58] LSM: Use lsm_context in release_secctx hooks · Kees Cook <hidden> · 2019-06-02
Re: [PATCH 46/58] LSM: Use lsm_context in release_secctx hooks · Casey Schaufler <casey@schaufler-ca.com> · 2019-06-03
[PATCH 47/58] LSM: Use lsm_context in security_release_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 49/58] fs: remove lsm_context scaffolding · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 48/58] LSM: Use lsm_context in security_secid_to_secctx · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
[PATCH 50/58] LSM: Add the release function to the lsm_context · Casey Schaufler <casey@schaufler-ca.com> · 2019-05-31
Re: [PATCH 00/58] LSM: Module stacking for AppArmor · Kees Cook <hidden> · 2019-06-01
Re: [PATCH 00/58] LSM: Module stacking for AppArmor · Kees Cook <hidden> · 2019-06-02

From: Casey Schaufler <casey@schaufler-ca.com>
Date: 2019-05-31 23:16:23
Also in: selinux
Subsystem: apparmor security module, security subsystem, the rest · Maintainers: John Johansen, Paul Moore, James Morris, "Serge E. Hallyn", Linus Torvalds

Remove the getpeersec_dgram hook stub. It's unnecessary
and disrupts stacking.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
---
 security/apparmor/lsm.c | 12 ++----------
 1 file changed, 2 insertions(+), 10 deletions(-)

diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 24b638bd4305..76c409737370 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c

@@ -1094,15 +1094,9 @@ static int apparmor_socket_getpeersec_stream(struct socket *sock,
  * @secid: pointer to where to put the secid of the packet
  *
  * Sets the netlabel socket state on sk from parent
+ *
+ * The TODO stub interfered with stacking and was removed - Casey
  */
-static int apparmor_socket_getpeersec_dgram(struct socket *sock,
-					    struct sk_buff *skb,
-					    struct lsm_export *l)
-
-{
-	/* TODO: requires secid support */
-	return -ENOPROTOOPT;
-}
 
 /**
  * apparmor_sock_graft - Initialize newly created socket

@@ -1202,8 +1196,6 @@ static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
 #endif
 	LSM_HOOK_INIT(socket_getpeersec_stream,
 		      apparmor_socket_getpeersec_stream),
-	LSM_HOOK_INIT(socket_getpeersec_dgram,
-		      apparmor_socket_getpeersec_dgram),
 	LSM_HOOK_INIT(sock_graft, apparmor_sock_graft),
 #ifdef CONFIG_NETWORK_SECMARK
 	LSM_HOOK_INIT(inet_conn_request, apparmor_inet_conn_request),

-- 
2.19.1

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help