SELinux: Remove cred security blob poisoning

The SELinux specific credential poisioning only makes sense if SELinux is managing the credentials. As the intent of this patch set is to move the blob management out of the modules and into the infrastructure, the SELinux specific code has to go. The poisioning could be introduced into the infrastructure at some later date. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Kees Cook <keescook@chromium.org>
author: Casey Schaufler <casey@schaufler-ca.com> 2018-09-21 17:17:25 -0700
committer: Kees Cook <keescook@chromium.org> 2019-01-08 13:18:44 -0800
commit: 98c88651365767c72ec6dc672072423bc19a39aa (patch)
tree: 82204d5efbc14a204669c5092646e7604add60c2 /security
parent: 0c6cfa622cf57109607f3416b286b6b55561a2ea (diff)
1 files changed, 0 insertions, 6 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index beec1de5c2da..ad227177550b 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3708,12 +3708,6 @@ static void selinux_cred_free(struct cred *cred)
 {
 	struct task_security_struct *tsec = selinux_cred(cred);
 
-	/*
-	 * cred->security == NULL if security_cred_alloc_blank() or
-	 * security_prepare_creds() returned an error.
-	 */
-	BUG_ON(cred->security && (unsigned long) cred->security < PAGE_SIZE);
-	cred->security = (void *) 0x7UL;
 	kfree(tsec);
 }
author	Casey Schaufler <casey@schaufler-ca.com>	2018-09-21 17:17:25 -0700
committer	Kees Cook <keescook@chromium.org>	2019-01-08 13:18:44 -0800
commit	98c88651365767c72ec6dc672072423bc19a39aa (patch)
tree	82204d5efbc14a204669c5092646e7604add60c2 /security
parent	0c6cfa622cf57109607f3416b286b6b55561a2ea (diff)