From 850cba069c266d6f31b81c5a199052a3482a63fc Mon Sep 17 00:00:00 2001 From: David Howells Date: Sun, 31 Oct 2021 12:58:05 +0000 Subject: cachefiles: Delete the cachefiles driver pending rewrite Delete the code from the cachefiles driver to make it easier to rewrite and resubmit in a logical manner. Signed-off-by: David Howells Reviewed-by: Jeff Layton cc: linux-cachefs@redhat.com Link: https://lore.kernel.org/r/163819577641.215744.12718114397770666596.stgit@warthog.procyon.org.uk/ # v1 Link: https://lore.kernel.org/r/163906883770.143852.4149714614981373410.stgit@warthog.procyon.org.uk/ # v2 Link: https://lore.kernel.org/r/163967076066.1823006.7175712134577687753.stgit@warthog.procyon.org.uk/ # v3 Link: https://lore.kernel.org/r/164021483619.640689.7586546280515844702.stgit@warthog.procyon.org.uk/ # v4 --- fs/cachefiles/security.c | 112 ----------------------------------------------- 1 file changed, 112 deletions(-) delete mode 100644 fs/cachefiles/security.c (limited to 'fs/cachefiles/security.c') diff --git a/fs/cachefiles/security.c b/fs/cachefiles/security.c deleted file mode 100644 index aec13fd94692..000000000000 --- a/fs/cachefiles/security.c +++ /dev/null @@ -1,112 +0,0 @@ -// SPDX-License-Identifier: GPL-2.0-or-later -/* CacheFiles security management - * - * Copyright (C) 2007 Red Hat, Inc. All Rights Reserved. - * Written by David Howells (dhowells@redhat.com) - */ - -#include -#include -#include "internal.h" - -/* - * determine the security context within which we access the cache from within - * the kernel - */ -int cachefiles_get_security_ID(struct cachefiles_cache *cache) -{ - struct cred *new; - int ret; - - _enter("{%s}", cache->secctx); - - new = prepare_kernel_cred(current); - if (!new) { - ret = -ENOMEM; - goto error; - } - - if (cache->secctx) { - ret = set_security_override_from_ctx(new, cache->secctx); - if (ret < 0) { - put_cred(new); - pr_err("Security denies permission to nominate security context: error %d\n", - ret); - goto error; - } - } - - cache->cache_cred = new; - ret = 0; -error: - _leave(" = %d", ret); - return ret; -} - -/* - * see if mkdir and create can be performed in the root directory - */ -static int cachefiles_check_cache_dir(struct cachefiles_cache *cache, - struct dentry *root) -{ - int ret; - - ret = security_inode_mkdir(d_backing_inode(root), root, 0); - if (ret < 0) { - pr_err("Security denies permission to make dirs: error %d", - ret); - return ret; - } - - ret = security_inode_create(d_backing_inode(root), root, 0); - if (ret < 0) - pr_err("Security denies permission to create files: error %d", - ret); - - return ret; -} - -/* - * check the security details of the on-disk cache - * - must be called with security override in force - * - must return with a security override in force - even in the case of an - * error - */ -int cachefiles_determine_cache_security(struct cachefiles_cache *cache, - struct dentry *root, - const struct cred **_saved_cred) -{ - struct cred *new; - int ret; - - _enter(""); - - /* duplicate the cache creds for COW (the override is currently in - * force, so we can use prepare_creds() to do this) */ - new = prepare_creds(); - if (!new) - return -ENOMEM; - - cachefiles_end_secure(cache, *_saved_cred); - - /* use the cache root dir's security context as the basis with - * which create files */ - ret = set_create_files_as(new, d_backing_inode(root)); - if (ret < 0) { - abort_creds(new); - cachefiles_begin_secure(cache, _saved_cred); - _leave(" = %d [cfa]", ret); - return ret; - } - - put_cred(cache->cache_cred); - cache->cache_cred = new; - - cachefiles_begin_secure(cache, _saved_cred); - ret = cachefiles_check_cache_dir(cache, root); - - if (ret == -EOPNOTSUPP) - ret = 0; - _leave(" = %d", ret); - return ret; -} -- cgit v1.2.3