BACKPORT: Smack: Remove pointless hooks

Prior to the 4.2 kernel there no no harm in providing
a security module hook that does nothing, as the default
hook would get called if the module did not supply one.
With the list based infrastructure an empty hook adds
overhead. This patch removes the three Smack hooks that
don't actually do anything.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry-picked from upstream 491a0b08d38e7f0961a1850d43d0dea02f918d66)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 17a90132e5c64b7af80901f1a7fbedd7e3375d1f..34f5f95169faa892e9cca5f7ae8cfe4ea2738faf 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1550,12 +1550,8 @@ static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
  * File Hooks
  */
 
-/**
- * smack_file_permission - Smack check on file operations
- * @file: unused
- * @mask: unused
- *
- * Returns 0
+/*
+ * There is no smack_file_permission hook
  *
  * Should access checks be done on each read or write?
  * UNICOS and SELinux say yes.
@@ -1564,10 +1560,6 @@ static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
  * I'll say no for now. Smack does not do the frequent
  * label changing that SELinux does.
  */
-static int smack_file_permission(struct file *file, int mask)
-{
-       return 0;
-}
 
 /**
  * smack_file_alloc_security - assign a file security blob
@@ -4509,16 +4501,10 @@ static int smack_audit_rule_match(u32 secid, u32 field, u32 op, void *vrule,
        return 0;
 }
 
-/**
- * smack_audit_rule_free - free smack rule representation
- * @vrule: rule to be freed.
- *
+/*
+ * There is no need for a smack_audit_rule_free hook.
  * No memory was allocated.
  */
-static void smack_audit_rule_free(void *vrule)
-{
-       /* No-op */
-}
 
 #endif /* CONFIG_AUDIT */
 
@@ -4569,16 +4555,11 @@ static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
        return 0;
 }
 
-/**
- * smack_release_secctx - don't do anything.
- * @secdata: unused
- * @seclen: unused
- *
- * Exists to make sure nothing gets done, and properly
+/*
+ * There used to be a smack_release_secctx hook
+ * that did nothing back when hooks were in a vector.
+ * Now that there's a list such a hook adds cost.
  */
-static void smack_release_secctx(char *secdata, u32 seclen)
-{
-}
 
 static int smack_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen)
 {
@@ -4637,7 +4618,6 @@ static struct security_hook_list smack_hooks[] = {
        LSM_HOOK_INIT(inode_listsecurity, smack_inode_listsecurity),
        LSM_HOOK_INIT(inode_getsecid, smack_inode_getsecid),
 
-       LSM_HOOK_INIT(file_permission, smack_file_permission),
        LSM_HOOK_INIT(file_alloc_security, smack_file_alloc_security),
        LSM_HOOK_INIT(file_free_security, smack_file_free_security),
        LSM_HOOK_INIT(file_ioctl, smack_file_ioctl),
@@ -4732,13 +4712,11 @@ static struct security_hook_list smack_hooks[] = {
        LSM_HOOK_INIT(audit_rule_init, smack_audit_rule_init),
        LSM_HOOK_INIT(audit_rule_known, smack_audit_rule_known),
        LSM_HOOK_INIT(audit_rule_match, smack_audit_rule_match),
-       LSM_HOOK_INIT(audit_rule_free, smack_audit_rule_free),
 #endif /* CONFIG_AUDIT */
 
        LSM_HOOK_INIT(ismaclabel, smack_ismaclabel),
        LSM_HOOK_INIT(secid_to_secctx, smack_secid_to_secctx),
        LSM_HOOK_INIT(secctx_to_secid, smack_secctx_to_secid),
-       LSM_HOOK_INIT(release_secctx, smack_release_secctx),
        LSM_HOOK_INIT(inode_notifysecctx, smack_inode_notifysecctx),
        LSM_HOOK_INIT(inode_setsecctx, smack_inode_setsecctx),
        LSM_HOOK_INIT(inode_getsecctx, smack_inode_getsecctx),