kdbus: Remove kdbus Linux Security Module hooks

This commit removes support for kdbus-LSM hooks as policy decisions
are handled solely by userspace (libdbuspolicy library).  This commit
reverts following:

 - 802de9506 ("lsm: smack: smack callbacks for kdbus security hooks")

 - f13b7e7bd ("kdbus: use LSM hooks in kdbus code")

 - 067afa709 ("lsm: smack: Make ipc/kdbus includes visible so smack callbacks could see them")

 - 442f047fd ("lsm: make security_file_receive available for external modules")

 - 3b556db4b ("lsm: kdbus security hooks")

Change-Id: Iae90cdb9577a9e706288b28d70bd57574398276e
Signed-off-by: Karol Lewandowski <k.lewandowsk@samsung.com>
Signed-off-by: Seung-Woo Kim <sw0312.kim@samsung.com>

4 files changed, 0 insertions, 111 deletions

diff --git a/security/capability.c b/security/capability.c
index 4b01edd1755d..0d03fcc489a4 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -595,25 +595,6 @@ static int cap_sem_semop(struct sem_array *sma, struct sembuf *sops,
 	return 0;
 }
 
-#ifdef CONFIG_KDBUS
-
-static int cap_kdbus_conn_alloc(struct kdbus_conn *conn)
-{
-	return 0;
-}
-
-static void cap_kdbus_conn_free(struct kdbus_conn *conn)
-{
-}
-
-static int cap_kdbus_talk(const struct kdbus_conn *src,
-			  const struct kdbus_conn *dst)
-{
-	return 0;
-}
-
-#endif /* CONFIG_KDBUS */
-
 #ifdef CONFIG_SECURITY_NETWORK
 static int cap_unix_stream_connect(struct sock *sock, struct sock *other,
 				   struct sock *newsk)
@@ -1111,11 +1092,6 @@ void __init security_fixup_ops(struct security_operations *ops)
 	set_to_cap_if_null(ops, inode_notifysecctx);
 	set_to_cap_if_null(ops, inode_setsecctx);
 	set_to_cap_if_null(ops, inode_getsecctx);
-#ifdef CONFIG_KDBUS
-	set_to_cap_if_null(ops, kdbus_conn_alloc);
-	set_to_cap_if_null(ops, kdbus_conn_free);
-	set_to_cap_if_null(ops, kdbus_talk);
-#endif /* CONFIG_KDBUS */
 #ifdef CONFIG_SECURITY_NETWORK
 	set_to_cap_if_null(ops, unix_stream_connect);
 	set_to_cap_if_null(ops, unix_may_send);
diff --git a/security/security.c b/security/security.c
index f24430258b34..8e9b1f4b9b45 100644
--- a/security/security.c
+++ b/security/security.c
@@ -812,7 +812,6 @@ int security_file_receive(struct file *file)
 {
 	return security_ops->file_receive(file);
 }
-EXPORT_SYMBOL(security_file_receive);
 
 int security_file_open(struct file *file, const struct cred *cred)
 {
@@ -1153,29 +1152,6 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
 }
 EXPORT_SYMBOL(security_inode_getsecctx);
 
-#ifdef CONFIG_KDBUS
-
-int security_kdbus_conn_alloc(struct kdbus_conn *conn)
-{
-	return security_ops->kdbus_conn_alloc(conn);
-}
-EXPORT_SYMBOL(security_kdbus_conn_alloc);
-
-void security_kdbus_conn_free(struct kdbus_conn *conn)
-{
-	security_ops->kdbus_conn_free(conn);
-}
-EXPORT_SYMBOL(security_kdbus_conn_free);
-
-int security_kdbus_talk(const struct kdbus_conn *src,
-			const struct kdbus_conn *dst)
-{
-	return security_ops->kdbus_talk(src, dst);
-}
-EXPORT_SYMBOL(security_kdbus_talk);
-
-#endif /* CONFIG_KDBUS */
-
 #ifdef CONFIG_SECURITY_NETWORK
 
 int security_unix_stream_connect(struct sock *sock, struct sock *other, struct sock *newsk)
diff --git a/security/smack/Makefile b/security/smack/Makefile
index bd6927c3459d..ee2ebd504541 100644
--- a/security/smack/Makefile
+++ b/security/smack/Makefile
@@ -6,5 +6,3 @@ obj-$(CONFIG_SECURITY_SMACK) := smack.o
 
 smack-y := smack_lsm.o smack_access.o smackfs.o
 smack-$(CONFIG_SECURITY_SMACK_NETFILTER) += smack_netfilter.o
-
-ccflags-y += -Iipc
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 64c6ece64133..8f8cdbd46717 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -42,7 +42,6 @@
 #include <linux/shm.h>
 #include <linux/binfmts.h>
 #include <linux/parser.h>
-#include <kdbus/connection.h>
 #include "smack.h"
 
 #define TRANS_TRUE	"TRUE"
@@ -3626,60 +3625,6 @@ static int smack_setprocattr(struct task_struct *p, char *name,
 	return size;
 }
 
-#ifdef CONFIG_KDBUS
-
-/**
- * smack_kdbus_conn_alloc - Set the security blob for a KDBus connection
- * @conn: the connection
- *
- * Returns 0
- */
-static int smack_kdbus_conn_alloc(struct kdbus_conn *conn)
-{
-	conn->security = smk_of_current();
-
-	return 0;
-}
-
-/**
- * smack_kdbus_conn_free - Clear the security blob for a KDBus connection
- * @conn: the connection
- *
- * Clears the blob pointer
- */
-static void smack_kdbus_conn_free(struct kdbus_conn *conn)
-{
-	conn->security = NULL;
-}
-
-/**
- * smack_kdbus_talk - Smack access on KDBus
- * @src: source kdbus connection
- * @dst: destination kdbus connection
- *
- * Return 0 if a subject with the smack of sock could access
- * an object with the smack of other, otherwise an error code
- */
-static int smack_kdbus_talk(const struct kdbus_conn *src,
-			    const struct kdbus_conn *dst)
-{
-	struct smk_audit_info ad;
-	struct smack_known *sskp = src->security;
-	struct smack_known *dskp = dst->security;
-	int rc;
-
-	if (smack_privileged(CAP_MAC_OVERRIDE))
-		return 0;
-
-	smk_ad_init(&ad, __func__, LSM_AUDIT_DATA_NONE);
-
-	rc = smk_access(sskp, dskp, MAY_WRITE, &ad);
-	rc = smk_bu_note("kdbus talk", sskp, dskp, MAY_WRITE, rc);
-	return rc;
-}
-
-#endif /* CONFIG_KDBUS */
-
 /**
  * smack_unix_stream_connect - Smack access on UDS
  * @sock: one sock
@@ -4701,12 +4646,6 @@ struct security_operations smack_ops = {
 	.getprocattr = 			smack_getprocattr,
 	.setprocattr = 			smack_setprocattr,
 
-#ifdef CONFIG_KDBUS
-	.kdbus_conn_alloc =		smack_kdbus_conn_alloc,
-	.kdbus_conn_free =		smack_kdbus_conn_free,
-	.kdbus_talk =			smack_kdbus_talk,
-#endif
-
 	.unix_stream_connect = 		smack_unix_stream_connect,
 	.unix_may_send = 		smack_unix_may_send,