diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index fd8ae7a7b905..7e2396d51ced 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -533,10 +533,6 @@ start_init(void *dummy) vfs_mountroot(); -#ifdef MAC - mac_create_root_mount(td->td_ucred, TAILQ_FIRST(&mountlist)); -#endif - /* * Need just enough stack to hold the faked-up "execve()" arguments. */ diff --git a/sys/security/mac/mac_vfs.c b/sys/security/mac/mac_vfs.c index 647697b0055c..59aa61bc792d 100644 --- a/sys/security/mac/mac_vfs.c +++ b/sys/security/mac/mac_vfs.c @@ -921,14 +921,6 @@ mac_create_mount(struct ucred *cred, struct mount *mp) mp->mnt_fslabel); } -void -mac_create_root_mount(struct ucred *cred, struct mount *mp) -{ - - MAC_PERFORM(create_root_mount, cred, mp, mp->mnt_mntlabel, - mp->mnt_fslabel); -} - int mac_check_mount_stat(struct ucred *cred, struct mount *mount) { diff --git a/sys/security/mac_biba/mac_biba.c b/sys/security/mac_biba/mac_biba.c index 8d5e9db8da36..946ec9004039 100644 --- a/sys/security/mac_biba/mac_biba.c +++ b/sys/security/mac_biba/mac_biba.c @@ -837,19 +837,6 @@ mac_biba_create_mount(struct ucred *cred, struct mount *mp, mac_biba_copy_effective(source, dest); } -static void -mac_biba_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - struct mac_biba *mac_biba; - - /* Always mount root as high integrity. */ - mac_biba = SLOT(fslabel); - mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); - mac_biba = SLOT(mntlabel); - mac_biba_set_effective(mac_biba, MAC_BIBA_TYPE_HIGH, 0, NULL); -} - static void mac_biba_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label) @@ -3086,7 +3073,6 @@ static struct mac_policy_ops mac_biba_ops = .mpo_create_devfs_directory = mac_biba_create_devfs_directory, .mpo_create_devfs_symlink = mac_biba_create_devfs_symlink, .mpo_create_mount = mac_biba_create_mount, - .mpo_create_root_mount = mac_biba_create_root_mount, .mpo_relabel_vnode = mac_biba_relabel_vnode, .mpo_update_devfsdirent = mac_biba_update_devfsdirent, .mpo_associate_vnode_devfs = mac_biba_associate_vnode_devfs, diff --git a/sys/security/mac_lomac/mac_lomac.c b/sys/security/mac_lomac/mac_lomac.c index cb2ebdfc421b..6808257dcc15 100644 --- a/sys/security/mac_lomac/mac_lomac.c +++ b/sys/security/mac_lomac/mac_lomac.c @@ -958,19 +958,6 @@ mac_lomac_create_mount(struct ucred *cred, struct mount *mp, mac_lomac_copy_single(source, dest); } -static void -mac_lomac_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - struct mac_lomac *mac_lomac; - - /* Always mount root as high integrity. */ - mac_lomac = SLOT(fslabel); - mac_lomac_set_single(mac_lomac, MAC_LOMAC_TYPE_HIGH, 0); - mac_lomac = SLOT(mntlabel); - mac_lomac_set_single(mac_lomac, MAC_LOMAC_TYPE_HIGH, 0); -} - static void mac_lomac_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label) @@ -2617,7 +2604,6 @@ static struct mac_policy_ops mac_lomac_ops = .mpo_create_devfs_directory = mac_lomac_create_devfs_directory, .mpo_create_devfs_symlink = mac_lomac_create_devfs_symlink, .mpo_create_mount = mac_lomac_create_mount, - .mpo_create_root_mount = mac_lomac_create_root_mount, .mpo_relabel_vnode = mac_lomac_relabel_vnode, .mpo_update_devfsdirent = mac_lomac_update_devfsdirent, .mpo_associate_vnode_devfs = mac_lomac_associate_vnode_devfs, diff --git a/sys/security/mac_mls/mac_mls.c b/sys/security/mac_mls/mac_mls.c index 1599cc0a4c58..ffd97f82486b 100644 --- a/sys/security/mac_mls/mac_mls.c +++ b/sys/security/mac_mls/mac_mls.c @@ -806,19 +806,6 @@ mac_mls_create_mount(struct ucred *cred, struct mount *mp, mac_mls_copy_effective(source, dest); } -static void -mac_mls_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - struct mac_mls *mac_mls; - - /* Always mount root as high integrity. */ - mac_mls = SLOT(fslabel); - mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); - mac_mls = SLOT(mntlabel); - mac_mls_set_effective(mac_mls, MAC_MLS_TYPE_LOW, 0, NULL); -} - static void mac_mls_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label) @@ -2860,7 +2847,6 @@ static struct mac_policy_ops mac_mls_ops = .mpo_create_devfs_directory = mac_mls_create_devfs_directory, .mpo_create_devfs_symlink = mac_mls_create_devfs_symlink, .mpo_create_mount = mac_mls_create_mount, - .mpo_create_root_mount = mac_mls_create_root_mount, .mpo_relabel_vnode = mac_mls_relabel_vnode, .mpo_update_devfsdirent = mac_mls_update_devfsdirent, .mpo_associate_vnode_devfs = mac_mls_associate_vnode_devfs, diff --git a/sys/security/mac_stub/mac_stub.c b/sys/security/mac_stub/mac_stub.c index 8ab11e976bd6..3be11ba9acf7 100644 --- a/sys/security/mac_stub/mac_stub.c +++ b/sys/security/mac_stub/mac_stub.c @@ -224,13 +224,6 @@ stub_create_mount(struct ucred *cred, struct mount *mp, } -static void -stub_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - -} - static void stub_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label) @@ -1438,7 +1431,6 @@ static struct mac_policy_ops mac_stub_ops = .mpo_create_sysv_shm = stub_create_sysv_shm, .mpo_create_vnode_extattr = stub_create_vnode_extattr, .mpo_create_mount = stub_create_mount, - .mpo_create_root_mount = stub_create_root_mount, .mpo_relabel_vnode = stub_relabel_vnode, .mpo_setlabel_vnode_extattr = stub_setlabel_vnode_extattr, .mpo_update_devfsdirent = stub_update_devfsdirent, diff --git a/sys/security/mac_test/mac_test.c b/sys/security/mac_test/mac_test.c index 3c51215518e4..a7441864debb 100644 --- a/sys/security/mac_test/mac_test.c +++ b/sys/security/mac_test/mac_test.c @@ -917,16 +917,6 @@ mac_test_create_mount(struct ucred *cred, struct mount *mp, ASSERT_MOUNT_LABEL(fslabel); } -static void -mac_test_create_root_mount(struct ucred *cred, struct mount *mp, - struct label *mntlabel, struct label *fslabel) -{ - - ASSERT_CRED_LABEL(cred->cr_label); - ASSERT_MOUNT_LABEL(mntlabel); - ASSERT_MOUNT_LABEL(fslabel); -} - static void mac_test_relabel_vnode(struct ucred *cred, struct vnode *vp, struct label *vnodelabel, struct label *label) @@ -2472,7 +2462,6 @@ static struct mac_policy_ops mac_test_ops = .mpo_create_devfs_symlink = mac_test_create_devfs_symlink, .mpo_create_vnode_extattr = mac_test_create_vnode_extattr, .mpo_create_mount = mac_test_create_mount, - .mpo_create_root_mount = mac_test_create_root_mount, .mpo_relabel_vnode = mac_test_relabel_vnode, .mpo_setlabel_vnode_extattr = mac_test_setlabel_vnode_extattr, .mpo_update_devfsdirent = mac_test_update_devfsdirent,