security: remove sb_check_sb hooks

Unused hook.  Remove it.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>

diff --git a/fs/namespace.c b/fs/namespace.c
index 8174c8a..c1d0d87 100644 (file)
--- a/fs/namespace.c
+++ b/fs/namespace.c
@@ -1435,11 +1435,6 @@ static int graft_tree(struct vfsmount *mnt, struct path *path)
        if (IS_DEADDIR(path->dentry->d_inode))
                goto out_unlock;
 
-       err = security_sb_check_sb(mnt, path);
-       if (err)
-               goto out_unlock;
-
-       err = -ENOENT;
        if (!d_unlinked(path->dentry))
                err = attach_recursive_mnt(mnt, path, NULL);
 out_unlock:

diff --git a/include/linux/security.h b/include/linux/security.h
index 233d20b..9ebd2e4 100644 (file)
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -267,12 +267,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts)
  *     @orig the original mount data copied from userspace.
  *     @copy copied data which will be passed to the security module.
  *     Returns 0 if the copy was successful.
- * @sb_check_sb:
- *     Check permission before the device with superblock @mnt->sb is mounted
- *     on the mount point named by @nd.
- *     @mnt contains the vfsmount for device being mounted.
- *     @path contains the path for the mount point.
- *     Return 0 if permission is granted.
  * @sb_umount:
  *     Check permission before the @mnt file system is unmounted.
  *     @mnt contains the mounted file system.
@@ -1484,7 +1478,6 @@ struct security_operations {
        int (*sb_statfs) (struct dentry *dentry);
        int (*sb_mount) (char *dev_name, struct path *path,
                         char *type, unsigned long flags, void *data);
-       int (*sb_check_sb) (struct vfsmount *mnt, struct path *path);
        int (*sb_umount) (struct vfsmount *mnt, int flags);
        void (*sb_umount_close) (struct vfsmount *mnt);
        void (*sb_umount_busy) (struct vfsmount *mnt);
@@ -1783,7 +1776,6 @@ int security_sb_show_options(struct seq_file *m, struct super_block *sb);
 int security_sb_statfs(struct dentry *dentry);
 int security_sb_mount(char *dev_name, struct path *path,
                      char *type, unsigned long flags, void *data);
-int security_sb_check_sb(struct vfsmount *mnt, struct path *path);
 int security_sb_umount(struct vfsmount *mnt, int flags);
 void security_sb_umount_close(struct vfsmount *mnt);
 void security_sb_umount_busy(struct vfsmount *mnt);
@@ -2099,12 +2091,6 @@ static inline int security_sb_mount(char *dev_name, struct path *path,
        return 0;
 }
 
-static inline int security_sb_check_sb(struct vfsmount *mnt,
-                                      struct path *path)
-{
-       return 0;
-}
-
 static inline int security_sb_umount(struct vfsmount *mnt, int flags)
 {
        return 0;

diff --git a/security/capability.c b/security/capability.c
index 4875142..a7e905d 100644 (file)
--- a/security/capability.c
+++ b/security/capability.c
@@ -80,11 +80,6 @@ static int cap_sb_mount(char *dev_name, struct path *path, char *type,
        return 0;
 }
 
-static int cap_sb_check_sb(struct vfsmount *mnt, struct path *path)
-{
-       return 0;
-}
-
 static int cap_sb_umount(struct vfsmount *mnt, int flags)
 {
        return 0;
@@ -941,7 +936,6 @@ void security_fixup_ops(struct security_operations *ops)
        set_to_cap_if_null(ops, sb_show_options);
        set_to_cap_if_null(ops, sb_statfs);
        set_to_cap_if_null(ops, sb_mount);
-       set_to_cap_if_null(ops, sb_check_sb);
        set_to_cap_if_null(ops, sb_umount);
        set_to_cap_if_null(ops, sb_umount_close);
        set_to_cap_if_null(ops, sb_umount_busy);

diff --git a/security/security.c b/security/security.c
index b98334b..a0bee70 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -306,11 +306,6 @@ int security_sb_mount(char *dev_name, struct path *path,
        return security_ops->sb_mount(dev_name, path, type, flags, data);
 }
 
-int security_sb_check_sb(struct vfsmount *mnt, struct path *path)
-{
-       return security_ops->sb_check_sb(mnt, path);
-}
-
 int security_sb_umount(struct vfsmount *mnt, int flags)
 {
        return security_ops->sb_umount(mnt, flags);