From d48c6fade5a5d9e364c788e64e2c0534ec8a56e5 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Thu, 20 Mar 2008 09:48:15 -0700
Subject: [PATCH] --- yaml --- r: 87545 b: refs/heads/master c:
 ba422428295f19a3eef072b47c83202492ccab2f h: refs/heads/master i:   87543:
 e84ab466c47b9a733a416da955760eb1843e4982 v: v3

---
 [refs]                           |  2 +-
 trunk/include/linux/security.h   |  3 +--
 trunk/security/capability.c      |  1 -
 trunk/security/commoncap.c       | 40 --------------------------------
 trunk/security/smack/smack_lsm.c |  5 ----
 5 files changed, 2 insertions(+), 49 deletions(-)

diff --git a/[refs] b/[refs]
index 5ab868de9dcb..a053a389f88d 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: eee4470f197cfe88fd8aa871e9227b7033495b67
+refs/heads/master: ba422428295f19a3eef072b47c83202492ccab2f
diff --git a/trunk/include/linux/security.h b/trunk/include/linux/security.h
index b07357ca2137..c673dfd4dffc 100644
--- a/trunk/include/linux/security.h
+++ b/trunk/include/linux/security.h
@@ -57,7 +57,6 @@ extern int cap_inode_need_killpriv(struct dentry *dentry);
 extern int cap_inode_killpriv(struct dentry *dentry);
 extern int cap_task_post_setuid (uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
 extern void cap_task_reparent_to_init (struct task_struct *p);
-extern int cap_task_kill(struct task_struct *p, struct siginfo *info, int sig, u32 secid);
 extern int cap_task_setscheduler (struct task_struct *p, int policy, struct sched_param *lp);
 extern int cap_task_setioprio (struct task_struct *p, int ioprio);
 extern int cap_task_setnice (struct task_struct *p, int nice);
@@ -2187,7 +2186,7 @@ static inline int security_task_kill (struct task_struct *p,
 				      struct siginfo *info, int sig,
 				      u32 secid)
 {
-	return cap_task_kill(p, info, sig, secid);
+	return 0;
 }
 
 static inline int security_task_wait (struct task_struct *p)
diff --git a/trunk/security/capability.c b/trunk/security/capability.c
index 9e99f36a8b5c..2c6e06d18fab 100644
--- a/trunk/security/capability.c
+++ b/trunk/security/capability.c
@@ -40,7 +40,6 @@ static struct security_operations capability_ops = {
 	.inode_need_killpriv =		cap_inode_need_killpriv,
 	.inode_killpriv =		cap_inode_killpriv,
 
-	.task_kill =			cap_task_kill,
 	.task_setscheduler =		cap_task_setscheduler,
 	.task_setioprio =		cap_task_setioprio,
 	.task_setnice =			cap_task_setnice,
diff --git a/trunk/security/commoncap.c b/trunk/security/commoncap.c
index bb0c095f5761..06d5c9469ba3 100644
--- a/trunk/security/commoncap.c
+++ b/trunk/security/commoncap.c
@@ -540,41 +540,6 @@ int cap_task_setnice (struct task_struct *p, int nice)
 	return cap_safe_nice(p);
 }
 
-int cap_task_kill(struct task_struct *p, struct siginfo *info,
-				int sig, u32 secid)
-{
-	if (info != SEND_SIG_NOINFO && (is_si_special(info) || SI_FROMKERNEL(info)))
-		return 0;
-
-	/*
-	 * Running a setuid root program raises your capabilities.
-	 * Killing your own setuid root processes was previously
-	 * allowed.
-	 * We must preserve legacy signal behavior in this case.
-	 */
-	if (p->uid == current->uid)
-		return 0;
-
-	/* sigcont is permitted within same session */
-	if (sig == SIGCONT && (task_session_nr(current) == task_session_nr(p)))
-		return 0;
-
-	if (secid)
-		/*
-		 * Signal sent as a particular user.
-		 * Capabilities are ignored.  May be wrong, but it's the
-		 * only thing we can do at the moment.
-		 * Used only by usb drivers?
-		 */
-		return 0;
-	if (cap_issubset(p->cap_permitted, current->cap_permitted))
-		return 0;
-	if (capable(CAP_KILL))
-		return 0;
-
-	return -EPERM;
-}
-
 /*
  * called from kernel/sys.c for prctl(PR_CABSET_DROP)
  * done without task_capability_lock() because it introduces
@@ -605,11 +570,6 @@ int cap_task_setnice (struct task_struct *p, int nice)
 {
 	return 0;
 }
-int cap_task_kill(struct task_struct *p, struct siginfo *info,
-				int sig, u32 secid)
-{
-	return 0;
-}
 #endif
 
 void cap_task_reparent_to_init (struct task_struct *p)
diff --git a/trunk/security/smack/smack_lsm.c b/trunk/security/smack/smack_lsm.c
index 38d707593b31..732ba27923c4 100644
--- a/trunk/security/smack/smack_lsm.c
+++ b/trunk/security/smack/smack_lsm.c
@@ -1117,11 +1117,6 @@ static int smack_task_movememory(struct task_struct *p)
 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
 			   int sig, u32 secid)
 {
-	int rc;
-
-	rc = cap_task_kill(p, info, sig, secid);
-	if (rc != 0)
-		return rc;
 	/*
 	 * Special cases where signals really ought to go through
 	 * in spite of policy. Stephen Smalley suggests it may