selinux: remove secondary ops call to file_mprotect
authorJames Morris <jmorris@namei.org>
Thu, 29 Jan 2009 01:19:51 +0000 (12:19 +1100)
committerJames Morris <jmorris@namei.org>
Thu, 29 Jan 2009 21:55:11 +0000 (08:55 +1100)
Remove secondary ops call to file_mprotect, which is
a noop in capabilities.

Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Eric Paris <eparis@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
security/selinux/hooks.c

index 08b506846a1f007af9b8c260da39e46ee00492b8..2c98071fba8bba6f559a3e5a0477d85f3eb2594b 100644 (file)
@@ -3056,18 +3056,13 @@ static int selinux_file_mprotect(struct vm_area_struct *vma,
                                 unsigned long prot)
 {
        const struct cred *cred = current_cred();
-       int rc;
-
-       rc = secondary_ops->file_mprotect(vma, reqprot, prot);
-       if (rc)
-               return rc;
 
        if (selinux_checkreqprot)
                prot = reqprot;
 
 #ifndef CONFIG_PPC32
        if ((prot & PROT_EXEC) && !(vma->vm_flags & VM_EXEC)) {
-               rc = 0;
+               int rc = 0;
                if (vma->vm_start >= vma->vm_mm->start_brk &&
                    vma->vm_end <= vma->vm_mm->brk) {
                        rc = cred_has_perm(cred, cred, PROCESS__EXECHEAP);