apparmor/kernel-patches/for-mainline/apparmor-ditch-revalidation.diff

Get rid of revalidation

Index: b/security/apparmor/lsm.c
===================================================================
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -451,50 +451,6 @@ static int apparmor_inode_removexattr(st
 				   AA_MAY_WRITE);
 }
 
-static int apparmor_file_permission(struct file *file, int mask)
-{
-	struct aa_profile *active;
-	struct aa_profile *file_profile = (struct aa_profile*)file->f_security;
-	int error = 0;
-
-	/* FIXME: get rid of revalidation. */
-	if (!file_profile)
-		goto out;
-
-	active = get_active_aa_profile();
-	if (active && file_profile != active) {
-		struct dentry *dentry = file->f_dentry;
-
-		error = aa_permission(dentry->d_inode, dentry, file->f_vfsmnt,
-				      mask & (MAY_READ | MAY_WRITE | MAY_EXEC));
-	}
-	put_aa_profile(active);
-
-out:
-	return error;
-}
-
-static int apparmor_file_alloc_security(struct file *file)
-{
-	struct aa_profile *active;
-
-	active = get_active_aa_profile();
-	if (active) {
-		/* FIXME: get rid of revalidation. */
-		file->f_security = active;
-	}
-
-	return 0;
-}
-
-static void apparmor_file_free_security(struct file *file)
-{
-	struct aa_profile *file_profile = (struct aa_profile*)file->f_security;
-
-	/* FIXME: get rid of revalidation. */
-	put_aa_profile(file_profile);
-}
-
 static inline int aa_mmap(struct file *file, unsigned long prot,
 			  unsigned long flags)
 {
@@ -717,9 +673,6 @@ struct security_operations apparmor_ops 
 	.inode_getxattr =		apparmor_inode_getxattr,
 	.inode_listxattr =		apparmor_inode_listxattr,
 	.inode_removexattr =		apparmor_inode_removexattr,
-	.file_permission =		apparmor_file_permission,
-	.file_alloc_security =		apparmor_file_alloc_security,
-	.file_free_security =		apparmor_file_free_security,
 	.file_mmap =			apparmor_file_mmap,
 	.file_mprotect =		apparmor_file_mprotect,
Check in the revised versions of John's fixes and cleanups. Check in a series of additional cleanups. 2007-02-11 02:09:31 +00:00			`Get rid of revalidation`

			`Index: b/security/apparmor/lsm.c`
			`===================================================================`
			`--- a/security/apparmor/lsm.c`
			`+++ b/security/apparmor/lsm.c`
			`@@ -451,50 +451,6 @@ static int apparmor_inode_removexattr(st`
			`AA_MAY_WRITE);`
			`}`

			`-static int apparmor_file_permission(struct file *file, int mask)`
			`-{`
			`- struct aa_profile *active;`
			`- struct aa_profile file_profile = (struct aa_profile)file->f_security;`
			`- int error = 0;`
			`-`
			`- /* FIXME: get rid of revalidation. */`
			`- if (!file_profile)`
			`- goto out;`
			`-`
			`- active = get_active_aa_profile();`
			`- if (active && file_profile != active) {`
			`- struct dentry *dentry = file->f_dentry;`
			`-`
			`- error = aa_permission(dentry->d_inode, dentry, file->f_vfsmnt,`
			`- mask & (MAY_READ \| MAY_WRITE \| MAY_EXEC));`
			`- }`
			`- put_aa_profile(active);`
			`-`
			`-out:`
			`- return error;`
			`-}`
			`-`
			`-static int apparmor_file_alloc_security(struct file *file)`
			`-{`
			`- struct aa_profile *active;`
			`-`
			`- active = get_active_aa_profile();`
			`- if (active) {`
			`- /* FIXME: get rid of revalidation. */`
			`- file->f_security = active;`
			`- }`
			`-`
			`- return 0;`
			`-}`
			`-`
			`-static void apparmor_file_free_security(struct file *file)`
			`-{`
			`- struct aa_profile file_profile = (struct aa_profile)file->f_security;`
			`-`
			`- /* FIXME: get rid of revalidation. */`
			`- put_aa_profile(file_profile);`
			`-}`
			`-`
			`static inline int aa_mmap(struct file *file, unsigned long prot,`
			`unsigned long flags)`
			`{`
			`@@ -717,9 +673,6 @@ struct security_operations apparmor_ops`
			`.inode_getxattr = apparmor_inode_getxattr,`
			`.inode_listxattr = apparmor_inode_listxattr,`
			`.inode_removexattr = apparmor_inode_removexattr,`
			`- .file_permission = apparmor_file_permission,`
			`- .file_alloc_security = apparmor_file_alloc_security,`
			`- .file_free_security = apparmor_file_free_security,`
			`.file_mmap = apparmor_file_mmap,`
			`.file_mprotect = apparmor_file_mprotect,`