From 1cda52f1b4611f4daa9d89e69d9428fb4137dc3f Mon Sep 17 00:00:00 2001
From: Song Liu <song@kernel.org>
Date: Sat, 12 Oct 2024 17:22:48 -0700
Subject: fsnotify, lsm: Decouple fsnotify from lsm

Currently, fsnotify_open_perm() is called from security_file_open().
This is a a bit unexpected and creates otherwise unnecessary dependency
of CONFIG_FANOTIFY_ACCESS_PERMISSIONS on CONFIG_SECURITY. Fix this by
calling fsnotify_open_perm() directly.

Signed-off-by: Song Liu <song@kernel.org>
Acked-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20241013002248.3984442-1-song@kernel.org
---
 security/security.c | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

(limited to 'security/security.c')

diff --git a/security/security.c b/security/security.c
index c5981e558bc2..19e87a159303 100644
--- a/security/security.c
+++ b/security/security.c
@@ -19,7 +19,6 @@
 #include <linux/kernel.h>
 #include <linux/kernel_read_file.h>
 #include <linux/lsm_hooks.h>
-#include <linux/fsnotify.h>
 #include <linux/mman.h>
 #include <linux/mount.h>
 #include <linux/personality.h>
@@ -3104,13 +3103,7 @@ int security_file_receive(struct file *file)
  */
 int security_file_open(struct file *file)
 {
-	int ret;
-
-	ret = call_int_hook(file_open, file);
-	if (ret)
-		return ret;
-
-	return fsnotify_open_perm(file);
+	return call_int_hook(file_open, file);
 }
 
 /**
-- 
cgit v1.2.3