diff --git a/include/linux/security.h b/include/linux/security.h index 04ce0d6e4edf..73505f0c9b75 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -704,11 +704,6 @@ static inline void security_free_mnt_opts(struct security_mnt_opts *opts) * @p contains the task_struct for the process and place is into @secid. * In case of failure, @secid will be set to zero. * - * @task_setgroups: - * Check permission before setting the supplementary group set of the - * current process. - * @group_info contains the new group information. - * Return 0 if permission is granted. * @task_setnice: * Check permission before setting the nice value of @p to @nice. * @p contains the task_struct of process. @@ -1518,7 +1513,6 @@ struct security_operations { int (*task_getpgid) (struct task_struct *p); int (*task_getsid) (struct task_struct *p); void (*task_getsecid) (struct task_struct *p, u32 *secid); - int (*task_setgroups) (struct group_info *group_info); int (*task_setnice) (struct task_struct *p, int nice); int (*task_setioprio) (struct task_struct *p, int ioprio); int (*task_getioprio) (struct task_struct *p); @@ -1773,7 +1767,6 @@ int security_task_setpgid(struct task_struct *p, pid_t pgid); int security_task_getpgid(struct task_struct *p); int security_task_getsid(struct task_struct *p); void security_task_getsecid(struct task_struct *p, u32 *secid); -int security_task_setgroups(struct group_info *group_info); int security_task_setnice(struct task_struct *p, int nice); int security_task_setioprio(struct task_struct *p, int ioprio); int security_task_getioprio(struct task_struct *p); @@ -2329,11 +2322,6 @@ static inline void security_task_getsecid(struct task_struct *p, u32 *secid) *secid = 0; } -static inline int security_task_setgroups(struct group_info *group_info) -{ - return 0; -} - static inline int security_task_setnice(struct task_struct *p, int nice) { return cap_task_setnice(p, nice); diff --git a/kernel/groups.c b/kernel/groups.c index 2b45b2ee3964..53b1916c9492 100644 --- a/kernel/groups.c +++ b/kernel/groups.c @@ -164,12 +164,6 @@ int groups_search(const struct group_info *group_info, gid_t grp) */ int set_groups(struct cred *new, struct group_info *group_info) { - int retval; - - retval = security_task_setgroups(group_info); - if (retval) - return retval; - put_group_info(new->group_info); groups_sort(group_info); get_group_info(group_info); diff --git a/security/capability.c b/security/capability.c index 66cd7453563f..247c04edd468 100644 --- a/security/capability.c +++ b/security/capability.c @@ -412,11 +412,6 @@ static void cap_task_getsecid(struct task_struct *p, u32 *secid) *secid = 0; } -static int cap_task_setgroups(struct group_info *group_info) -{ - return 0; -} - static int cap_task_getioprio(struct task_struct *p) { return 0; @@ -967,7 +962,6 @@ void security_fixup_ops(struct security_operations *ops) set_to_cap_if_null(ops, task_getpgid); set_to_cap_if_null(ops, task_getsid); set_to_cap_if_null(ops, task_getsecid); - set_to_cap_if_null(ops, task_setgroups); set_to_cap_if_null(ops, task_setnice); set_to_cap_if_null(ops, task_setioprio); set_to_cap_if_null(ops, task_getioprio); diff --git a/security/security.c b/security/security.c index 1e35dd669209..5cf9ca6890f6 100644 --- a/security/security.c +++ b/security/security.c @@ -759,11 +759,6 @@ void security_task_getsecid(struct task_struct *p, u32 *secid) } EXPORT_SYMBOL(security_task_getsecid); -int security_task_setgroups(struct group_info *group_info) -{ - return security_ops->task_setgroups(group_info); -} - int security_task_setnice(struct task_struct *p, int nice) { return security_ops->task_setnice(p, nice);