From 340133318800b55784792d762c7713265c96336a Mon Sep 17 00:00:00 2001 From: Lukas Bulwahn Date: Fri, 24 Mar 2023 10:21:14 +0100 Subject: [PATCH] selinux: clean up dead code after removing runtime disable Commit f22f9aaf6c3d ("selinux: remove the runtime disable functionality") removes the config SECURITY_SELINUX_DISABLE. This results in some dead code in lsm_hooks.h. Remove this dead code. Signed-off-by: Lukas Bulwahn Signed-off-by: Paul Moore --- include/linux/lsm_hooks.h | 23 ----------------------- 1 file changed, 23 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index af87b96..60cdc83 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1740,29 +1740,6 @@ extern struct lsm_info __start_early_lsm_info[], __end_early_lsm_info[]; __used __section(".early_lsm_info.init") \ __aligned(sizeof(unsigned long)) -#ifdef CONFIG_SECURITY_SELINUX_DISABLE -/* - * Assuring the safety of deleting a security module is up to - * the security module involved. This may entail ordering the - * module's hook list in a particular way, refusing to disable - * the module once a policy is loaded or any number of other - * actions better imagined than described. - * - * The name of the configuration option reflects the only module - * that currently uses the mechanism. Any developer who thinks - * disabling their module is a good idea needs to be at least as - * careful as the SELinux team. - */ -static inline void security_delete_hooks(struct security_hook_list *hooks, - int count) -{ - int i; - - for (i = 0; i < count; i++) - hlist_del_rcu(&hooks[i].list); -} -#endif /* CONFIG_SECURITY_SELINUX_DISABLE */ - extern int lsm_inode_alloc(struct inode *inode); #endif /* ! __LINUX_LSM_HOOKS_H */ -- 2.7.4