From 2c7661ff419580f5c06ea409e31407e0ff52cb95 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:18:14 -0400
Subject: [PATCH 01/18] [apparmor] constify struct path * in a bunch of helpers
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/apparmor/file.c | 2 +-
security/apparmor/include/file.h | 2 +-
security/apparmor/include/path.h | 2 +-
security/apparmor/lsm.c | 2 +-
security/apparmor/path.c | 8 ++++----
5 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 913f377a038a..4dfc5d0d8413 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry)
*
* Returns: %0 else error if access denied or other error
*/
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
+int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
int flags, u32 request, struct path_cond *cond)
{
char *buffer = NULL;
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 2c922b86bd44..afc5b294e0d5 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -171,7 +171,7 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
const char *name, struct path_cond *cond,
struct file_perms *perms);
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
+int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
int flags, u32 request, struct path_cond *cond);
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h
index 286ac75dc88b..73560f258784 100644
--- a/security/apparmor/include/path.h
+++ b/security/apparmor/include/path.h
@@ -26,7 +26,7 @@ enum path_flags {
PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */
};
-int aa_path_name(struct path *path, int flags, char **buffer,
+int aa_path_name(const struct path *path, int flags, char **buffer,
const char **name, const char **info);
#endif /* __AA_PATH_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index dec607c17b64..9713037e5257 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm(int op, struct path *path, u32 mask,
+static int common_perm(int op, const struct path *path, u32 mask,
struct path_cond *cond)
{
struct aa_profile *profile;
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 71e0e3a15b9d..edddc026406b 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
* When no error the path name is returned in @name which points to
* to a position in @buf
*/
-static int d_namespace_path(struct path *path, char *buf, int buflen,
+static int d_namespace_path(const struct path *path, char *buf, int buflen,
char **name, int flags)
{
char *res;
@@ -158,7 +158,7 @@ out:
*
* Returns: %0 else error on failure
*/
-static int get_name_to_buffer(struct path *path, int flags, char *buffer,
+static int get_name_to_buffer(const struct path *path, int flags, char *buffer,
int size, char **name, const char **info)
{
int adjust = (flags & PATH_IS_DIR) ? 1 : 0;
@@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer,
*
* Returns: %0 else error code if could retrieve name
*/
-int aa_path_name(struct path *path, int flags, char **buffer, const char **name,
- const char **info)
+int aa_path_name(const struct path *path, int flags, char **buffer,
+ const char **name, const char **info)
{
char *buf, *str = NULL;
int size = 256;
From 81f4c50607b423a59f8a1b03e1e8fc409a1dcd22 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:22:01 -0400
Subject: [PATCH 02/18] constify security_path_truncate()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
security/apparmor/lsm.c | 2 +-
security/security.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
5 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index cdee11cbcdf1..77c3bfdacf16 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1366,7 +1366,7 @@ union security_list_options {
int (*path_rmdir)(struct path *dir, struct dentry *dentry);
int (*path_mknod)(struct path *dir, struct dentry *dentry,
umode_t mode, unsigned int dev);
- int (*path_truncate)(struct path *path);
+ int (*path_truncate)(const struct path *path);
int (*path_symlink)(struct path *dir, struct dentry *dentry,
const char *old_name);
int (*path_link)(struct dentry *old_dentry, struct path *new_dir,
diff --git a/include/linux/security.h b/include/linux/security.h
index 157f0cb1e4d2..be37ccab2286 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1447,7 +1447,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
int security_path_rmdir(struct path *dir, struct dentry *dentry);
int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev);
-int security_path_truncate(struct path *path);
+int security_path_truncate(const struct path *path);
int security_path_symlink(struct path *dir, struct dentry *dentry,
const char *old_name);
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
@@ -1481,7 +1481,7 @@ static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
return 0;
}
-static inline int security_path_truncate(struct path *path)
+static inline int security_path_truncate(const struct path *path)
{
return 0;
}
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 9713037e5257..83e9c3c2cfc8 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -269,7 +269,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
}
-static int apparmor_path_truncate(struct path *path)
+static int apparmor_path_truncate(const struct path *path)
{
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
d_backing_inode(path->dentry)->i_mode
diff --git a/security/security.c b/security/security.c
index 3644b0344d29..23ffb6cc3974 100644
--- a/security/security.c
+++ b/security/security.c
@@ -478,7 +478,7 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
}
EXPORT_SYMBOL(security_path_rename);
-int security_path_truncate(struct path *path)
+int security_path_truncate(const struct path *path)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index cbf3df422c87..8573eee2b58e 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_truncate(struct path *path)
+static int tomoyo_path_truncate(const struct path *path)
{
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
}
From 7df818b2370a9aab5fc58a85b70b8af3d835affa Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:24:09 -0400
Subject: [PATCH 03/18] constify vfs_truncate()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/open.c | 2 +-
include/linux/fs.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 17cb6b1dab75..2f49fce5c952 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -65,7 +65,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs,
return ret;
}
-long vfs_truncate(struct path *path, loff_t length)
+long vfs_truncate(const struct path *path, loff_t length)
{
struct inode *inode;
long error;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 14a97194b34b..09a68517e952 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -2253,7 +2253,7 @@ struct filename {
const char iname[];
};
-extern long vfs_truncate(struct path *, loff_t);
+extern long vfs_truncate(const struct path *, loff_t);
extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs,
struct file *filp);
extern int vfs_fallocate(struct file *file, int mode, loff_t offset,
From 928e1ebfb576f6c0480ac852becfc142b248242c Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:24:49 -0400
Subject: [PATCH 04/18] apparmor_path_truncate(): path->mnt is never NULL
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/apparmor/lsm.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 83e9c3c2cfc8..21dae6070bb9 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -275,7 +275,7 @@ static int apparmor_path_truncate(const struct path *path)
d_backing_inode(path->dentry)->i_mode
};
- if (!path->mnt || !mediated_filesystem(path->dentry))
+ if (!mediated_filesystem(path->dentry))
return 0;
return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
From e6641eddf0e7f0227493e91a1d91546f6bd73525 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:41:28 -0400
Subject: [PATCH 05/18] tomoyo: constify assorted struct path *
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/tomoyo/common.h | 12 ++++++------
security/tomoyo/file.c | 10 +++++-----
security/tomoyo/mount.c | 4 ++--
3 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index f9c9fb1d56b4..361e7a284699 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name);
const struct tomoyo_path_info *tomoyo_path_matches_group
(const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
- struct path *path, const int flag);
+ const struct path *path, const int flag);
void tomoyo_close_control(struct tomoyo_io_buffer *head);
int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
int tomoyo_execute_permission(struct tomoyo_request_info *r,
@@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
int tomoyo_init_request_info(struct tomoyo_request_info *r,
struct tomoyo_domain_info *domain,
const u8 index);
-int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
const unsigned int mode, unsigned int dev);
-int tomoyo_mount_permission(const char *dev_name, struct path *path,
+int tomoyo_mount_permission(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data_page);
int tomoyo_open_control(const u8 type, struct file *file);
-int tomoyo_path2_perm(const u8 operation, struct path *path1,
- struct path *path2);
-int tomoyo_path_number_perm(const u8 operation, struct path *path,
+int tomoyo_path2_perm(const u8 operation, const struct path *path1,
+ const struct path *path2);
+int tomoyo_path_number_perm(const u8 operation, const struct path *path,
unsigned long number);
int tomoyo_path_perm(const u8 operation, const struct path *path,
const char *target);
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 2367b100cc62..7041a580019e 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_path_number_perm(const u8 type, struct path *path,
+int tomoyo_path_number_perm(const u8 type, const struct path *path,
unsigned long number)
{
struct tomoyo_request_info r;
@@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
* Returns 0 on success, negative value otherwise.
*/
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
- struct path *path, const int flag)
+ const struct path *path, const int flag)
{
const u8 acc_mode = ACC_MODE(flag);
int error = 0;
@@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
const unsigned int mode, unsigned int dev)
{
struct tomoyo_request_info r;
@@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_path2_perm(const u8 operation, struct path *path1,
- struct path *path2)
+int tomoyo_path2_perm(const u8 operation, const struct path *path1,
+ const struct path *path2)
{
int error = -ENOMEM;
struct tomoyo_path_info buf1;
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 390c646013cb..14b53fb2a0cf 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
*/
static int tomoyo_mount_acl(struct tomoyo_request_info *r,
const char *dev_name,
- struct path *dir, const char *type,
+ const struct path *dir, const char *type,
unsigned long flags)
{
struct tomoyo_obj_info obj = { };
@@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_mount_permission(const char *dev_name, struct path *path,
+int tomoyo_mount_permission(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data_page)
{
From 7fd25dac9ad3970bede16f2834daf9f9d779d1b0 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:44:41 -0400
Subject: [PATCH 06/18] constify chown_common/security_path_chown
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/open.c | 2 +-
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
security/apparmor/lsm.c | 2 +-
security/security.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 2f49fce5c952..651bf74745a2 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -564,7 +564,7 @@ SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode)
return sys_fchmodat(AT_FDCWD, filename, mode);
}
-static int chown_common(struct path *path, uid_t user, gid_t group)
+static int chown_common(const struct path *path, uid_t user, gid_t group)
{
struct inode *inode = path->dentry->d_inode;
struct inode *delegated_inode = NULL;
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 77c3bfdacf16..84f76cbc6d06 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1375,7 +1375,7 @@ union security_list_options {
struct path *new_dir,
struct dentry *new_dentry);
int (*path_chmod)(struct path *path, umode_t mode);
- int (*path_chown)(struct path *path, kuid_t uid, kgid_t gid);
+ int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid);
int (*path_chroot)(struct path *path);
#endif
diff --git a/include/linux/security.h b/include/linux/security.h
index be37ccab2286..f83ca920ed46 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1456,7 +1456,7 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct path *new_dir, struct dentry *new_dentry,
unsigned int flags);
int security_path_chmod(struct path *path, umode_t mode);
-int security_path_chown(struct path *path, kuid_t uid, kgid_t gid);
+int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
int security_path_chroot(struct path *path);
#else /* CONFIG_SECURITY_PATH */
static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
@@ -1513,7 +1513,7 @@ static inline int security_path_chmod(struct path *path, umode_t mode)
return 0;
}
-static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
return 0;
}
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 21dae6070bb9..3adbff987b77 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -342,7 +342,7 @@ static int apparmor_path_chmod(struct path *path, umode_t mode)
return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
}
-static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
d_backing_inode(path->dentry)->i_mode
diff --git a/security/security.c b/security/security.c
index 23ffb6cc3974..4a3e7e99abbb 100644
--- a/security/security.c
+++ b/security/security.c
@@ -492,7 +492,7 @@ int security_path_chmod(struct path *path, umode_t mode)
return call_int_hook(path_chmod, 0, path, mode);
}
-int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 8573eee2b58e..f0989ec978e1 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
int error = 0;
if (uid_valid(uid))
From 8a04c43b8741ebb40508d160cf87ca74b70941af Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:52:53 -0400
Subject: [PATCH 07/18] constify security_sb_mount()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
security/security.c | 2 +-
security/selinux/hooks.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
5 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 84f76cbc6d06..47117751f4eb 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1343,7 +1343,7 @@ union security_list_options {
int (*sb_kern_mount)(struct super_block *sb, int flags, void *data);
int (*sb_show_options)(struct seq_file *m, struct super_block *sb);
int (*sb_statfs)(struct dentry *dentry);
- int (*sb_mount)(const char *dev_name, struct path *path,
+ int (*sb_mount)(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data);
int (*sb_umount)(struct vfsmount *mnt, int flags);
int (*sb_pivotroot)(struct path *old_path, struct path *new_path);
diff --git a/include/linux/security.h b/include/linux/security.h
index f83ca920ed46..415a357efe4c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -222,7 +222,7 @@ int security_sb_remount(struct super_block *sb, void *data);
int security_sb_kern_mount(struct super_block *sb, int flags, void *data);
int security_sb_show_options(struct seq_file *m, struct super_block *sb);
int security_sb_statfs(struct dentry *dentry);
-int security_sb_mount(const char *dev_name, struct path *path,
+int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data);
int security_sb_umount(struct vfsmount *mnt, int flags);
int security_sb_pivotroot(struct path *old_path, struct path *new_path);
@@ -530,7 +530,7 @@ static inline int security_sb_statfs(struct dentry *dentry)
return 0;
}
-static inline int security_sb_mount(const char *dev_name, struct path *path,
+static inline int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data)
{
diff --git a/security/security.c b/security/security.c
index 4a3e7e99abbb..fc567656b16f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -302,7 +302,7 @@ int security_sb_statfs(struct dentry *dentry)
return call_int_hook(sb_statfs, 0, dentry);
}
-int security_sb_mount(const char *dev_name, struct path *path,
+int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data)
{
return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 912deee3f01e..e3aeacc13545 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2760,7 +2760,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
}
static int selinux_mount(const char *dev_name,
- struct path *path,
+ const struct path *path,
const char *type,
unsigned long flags,
void *data)
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index f0989ec978e1..c1177f885247 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_sb_mount(const char *dev_name, struct path *path,
+static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data)
{
return tomoyo_mount_permission(dev_name, path, type, flags, data);
From be01f9f28e66fa846f02196eb047c6bc445642db Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 14:56:23 -0400
Subject: [PATCH 08/18] constify chmod_common/security_path_chmod
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/open.c | 2 +-
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
security/apparmor/lsm.c | 2 +-
security/security.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
6 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/fs/open.c b/fs/open.c
index 651bf74745a2..cfdf71a6704e 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -499,7 +499,7 @@ out:
return error;
}
-static int chmod_common(struct path *path, umode_t mode)
+static int chmod_common(const struct path *path, umode_t mode)
{
struct inode *inode = path->dentry->d_inode;
struct inode *delegated_inode = NULL;
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 47117751f4eb..294fdfe902bf 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1374,7 +1374,7 @@ union security_list_options {
int (*path_rename)(struct path *old_dir, struct dentry *old_dentry,
struct path *new_dir,
struct dentry *new_dentry);
- int (*path_chmod)(struct path *path, umode_t mode);
+ int (*path_chmod)(const struct path *path, umode_t mode);
int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid);
int (*path_chroot)(struct path *path);
#endif
diff --git a/include/linux/security.h b/include/linux/security.h
index 415a357efe4c..d6593ee2d0a9 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1455,7 +1455,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
struct path *new_dir, struct dentry *new_dentry,
unsigned int flags);
-int security_path_chmod(struct path *path, umode_t mode);
+int security_path_chmod(const struct path *path, umode_t mode);
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
int security_path_chroot(struct path *path);
#else /* CONFIG_SECURITY_PATH */
@@ -1508,7 +1508,7 @@ static inline int security_path_rename(struct path *old_dir,
return 0;
}
-static inline int security_path_chmod(struct path *path, umode_t mode)
+static inline int security_path_chmod(const struct path *path, umode_t mode)
{
return 0;
}
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 3adbff987b77..8d19615dcb73 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -334,7 +334,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
return error;
}
-static int apparmor_path_chmod(struct path *path, umode_t mode)
+static int apparmor_path_chmod(const struct path *path, umode_t mode)
{
if (!mediated_filesystem(path->dentry))
return 0;
diff --git a/security/security.c b/security/security.c
index fc567656b16f..b333429fe718 100644
--- a/security/security.c
+++ b/security/security.c
@@ -485,7 +485,7 @@ int security_path_truncate(const struct path *path)
return call_int_hook(path_truncate, 0, path);
}
-int security_path_chmod(struct path *path, umode_t mode)
+int security_path_chmod(const struct path *path, umode_t mode)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index c1177f885247..e48d0a4e4128 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chmod(struct path *path, umode_t mode)
+static int tomoyo_path_chmod(const struct path *path, umode_t mode)
{
return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
mode & S_IALLUGO);
From 741aca71d61c3485d1e9db3bcea00d4509cf2301 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:04:36 -0400
Subject: [PATCH 09/18] apparmor: new helper - common_path_perm()
was open-coded in several places...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/apparmor/lsm.c | 47 +++++++++++------------------------------
1 file changed, 12 insertions(+), 35 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 8d19615dcb73..ead56bfaa056 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir,
}
/**
- * common_perm_mnt_dentry - common permission wrapper when mnt, dentry
+ * common_perm_path - common permission wrapper when mnt, dentry
* @op: operation being checked
- * @mnt: mount point of dentry (NOT NULL)
- * @dentry: dentry to check (NOT NULL)
+ * @path: location to check (NOT NULL)
* @mask: requested permissions mask
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
- struct dentry *dentry, u32 mask)
+static inline int common_perm_path(int op, const struct path *path, u32 mask)
{
- struct path path = { mnt, dentry };
- struct path_cond cond = { d_backing_inode(dentry)->i_uid,
- d_backing_inode(dentry)->i_mode
+ struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
+ d_backing_inode(path->dentry)->i_mode
};
+ if (!mediated_filesystem(path->dentry))
+ return 0;
- return common_perm(op, &path, mask, &cond);
+ return common_perm(op, path, mask, &cond);
}
/**
@@ -271,15 +270,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
static int apparmor_path_truncate(const struct path *path)
{
- struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
- d_backing_inode(path->dentry)->i_mode
- };
-
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
- &cond);
+ return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
}
static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
@@ -336,31 +327,17 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
static int apparmor_path_chmod(const struct path *path, umode_t mode)
{
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
+ return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD);
}
static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
- struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
- d_backing_inode(path->dentry)->i_mode
- };
-
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
+ return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN);
}
static int apparmor_inode_getattr(const struct path *path)
{
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry,
- AA_MAY_META_READ);
+ return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ);
}
static int apparmor_file_open(struct file *file, const struct cred *cred)
From 3539aaf670cdd68a37314cd5db400c0c77287c88 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:07:03 -0400
Subject: [PATCH 10/18] apparmor: constify aa_path_link()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/apparmor/file.c | 2 +-
security/apparmor/include/file.h | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 4dfc5d0d8413..d186674f973a 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target)
* Returns: %0 if allowed else error
*/
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
+ const struct path *new_dir, struct dentry *new_dentry)
{
struct path link = { new_dir->mnt, new_dentry };
struct path target = { new_dir->mnt, old_dentry };
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index afc5b294e0d5..4803c97d1992 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -175,7 +175,7 @@ int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
int flags, u32 request, struct path_cond *cond);
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry);
+ const struct path *new_dir, struct dentry *new_dentry);
int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
u32 request);
From d6b49f7ad2f38b5c3af27ac1a6f475b1ec13ea6e Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:10:04 -0400
Subject: [PATCH 11/18] apparmor: constify common_perm_...()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/apparmor/lsm.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index ead56bfaa056..4d2638f4676d 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -172,7 +172,7 @@ static int common_perm(int op, const struct path *path, u32 mask,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_dir_dentry(int op, struct path *dir,
+static int common_perm_dir_dentry(int op, const struct path *dir,
struct dentry *dentry, u32 mask,
struct path_cond *cond)
{
@@ -209,7 +209,7 @@ static inline int common_perm_path(int op, const struct path *path, u32 mask)
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_rm(int op, struct path *dir,
+static int common_perm_rm(int op, const struct path *dir,
struct dentry *dentry, u32 mask)
{
struct inode *inode = d_backing_inode(dentry);
@@ -234,8 +234,8 @@ static int common_perm_rm(int op, struct path *dir,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
- u32 mask, umode_t mode)
+static int common_perm_create(int op, const struct path *dir,
+ struct dentry *dentry, u32 mask, umode_t mode)
{
struct path_cond cond = { current_fsuid(), mode };
From 989f74e0500a1e136d369bb619adc22786ea5e68 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:13:39 -0400
Subject: [PATCH 12/18] constify security_path_{unlink,rmdir}
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
include/linux/lsm_hooks.h | 4 ++--
include/linux/security.h | 8 ++++----
security/apparmor/lsm.c | 4 ++--
security/security.c | 4 ++--
security/tomoyo/tomoyo.c | 4 ++--
5 files changed, 12 insertions(+), 12 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 294fdfe902bf..322912cc2da1 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1360,10 +1360,10 @@ union security_list_options {
#ifdef CONFIG_SECURITY_PATH
- int (*path_unlink)(struct path *dir, struct dentry *dentry);
+ int (*path_unlink)(const struct path *dir, struct dentry *dentry);
int (*path_mkdir)(struct path *dir, struct dentry *dentry,
umode_t mode);
- int (*path_rmdir)(struct path *dir, struct dentry *dentry);
+ int (*path_rmdir)(const struct path *dir, struct dentry *dentry);
int (*path_mknod)(struct path *dir, struct dentry *dentry,
umode_t mode, unsigned int dev);
int (*path_truncate)(const struct path *path);
diff --git a/include/linux/security.h b/include/linux/security.h
index d6593ee2d0a9..e292d8cb21d7 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1442,9 +1442,9 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi
#endif /* CONFIG_SECURITY_NETWORK_XFRM */
#ifdef CONFIG_SECURITY_PATH
-int security_path_unlink(struct path *dir, struct dentry *dentry);
+int security_path_unlink(const struct path *dir, struct dentry *dentry);
int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
-int security_path_rmdir(struct path *dir, struct dentry *dentry);
+int security_path_rmdir(const struct path *dir, struct dentry *dentry);
int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev);
int security_path_truncate(const struct path *path);
@@ -1459,7 +1459,7 @@ int security_path_chmod(const struct path *path, umode_t mode);
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
int security_path_chroot(struct path *path);
#else /* CONFIG_SECURITY_PATH */
-static inline int security_path_unlink(struct path *dir, struct dentry *dentry)
+static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
return 0;
}
@@ -1470,7 +1470,7 @@ static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
return 0;
}
-static inline int security_path_rmdir(struct path *dir, struct dentry *dentry)
+static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry)
{
return 0;
}
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 4d2638f4676d..b760fe026b82 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -245,7 +245,7 @@ static int common_perm_create(int op, const struct path *dir,
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
}
-static int apparmor_path_unlink(struct path *dir, struct dentry *dentry)
+static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry)
{
return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
}
@@ -257,7 +257,7 @@ static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry,
S_IFDIR);
}
-static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry)
+static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry)
{
return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
}
diff --git a/security/security.c b/security/security.c
index b333429fe718..20f2070b3ace 100644
--- a/security/security.c
+++ b/security/security.c
@@ -427,14 +427,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
}
EXPORT_SYMBOL(security_path_mkdir);
-int security_path_rmdir(struct path *dir, struct dentry *dentry)
+int security_path_rmdir(const struct path *dir, struct dentry *dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
-int security_path_unlink(struct path *dir, struct dentry *dentry)
+int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index e48d0a4e4128..be5b1ae02f02 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -163,7 +163,7 @@ static int tomoyo_path_truncate(const struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
@@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
From d360775217070ff0f4291e47d3f568f0fe0b7374 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:21:09 -0400
Subject: [PATCH 13/18] constify security_path_{mkdir,mknod,symlink}
... as well as unix_mknod() and may_o_create()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
fs/namei.c | 2 +-
include/linux/lsm_hooks.h | 6 +++---
include/linux/security.h | 12 ++++++------
net/unix/af_unix.c | 2 +-
security/apparmor/lsm.c | 6 +++---
security/security.c | 6 +++---
security/tomoyo/tomoyo.c | 6 +++---
7 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/fs/namei.c b/fs/namei.c
index 794f81dce766..8c97544d6883 100644
--- a/fs/namei.c
+++ b/fs/namei.c
@@ -2783,7 +2783,7 @@ static inline int open_to_namei_flags(int flag)
return flag;
}
-static int may_o_create(struct path *dir, struct dentry *dentry, umode_t mode)
+static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode)
{
int error = security_path_mknod(dir, dentry, mode, 0);
if (error)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 322912cc2da1..919fb4f98e4f 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1361,13 +1361,13 @@ union security_list_options {
#ifdef CONFIG_SECURITY_PATH
int (*path_unlink)(const struct path *dir, struct dentry *dentry);
- int (*path_mkdir)(struct path *dir, struct dentry *dentry,
+ int (*path_mkdir)(const struct path *dir, struct dentry *dentry,
umode_t mode);
int (*path_rmdir)(const struct path *dir, struct dentry *dentry);
- int (*path_mknod)(struct path *dir, struct dentry *dentry,
+ int (*path_mknod)(const struct path *dir, struct dentry *dentry,
umode_t mode, unsigned int dev);
int (*path_truncate)(const struct path *path);
- int (*path_symlink)(struct path *dir, struct dentry *dentry,
+ int (*path_symlink)(const struct path *dir, struct dentry *dentry,
const char *old_name);
int (*path_link)(struct dentry *old_dentry, struct path *new_dir,
struct dentry *new_dentry);
diff --git a/include/linux/security.h b/include/linux/security.h
index e292d8cb21d7..ccb8c2a170e3 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1443,12 +1443,12 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi
#ifdef CONFIG_SECURITY_PATH
int security_path_unlink(const struct path *dir, struct dentry *dentry);
-int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode);
+int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode);
int security_path_rmdir(const struct path *dir, struct dentry *dentry);
-int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
+int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev);
int security_path_truncate(const struct path *path);
-int security_path_symlink(struct path *dir, struct dentry *dentry,
+int security_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name);
int security_path_link(struct dentry *old_dentry, struct path *new_dir,
struct dentry *new_dentry);
@@ -1464,7 +1464,7 @@ static inline int security_path_unlink(const struct path *dir, struct dentry *de
return 0;
}
-static inline int security_path_mkdir(struct path *dir, struct dentry *dentry,
+static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry,
umode_t mode)
{
return 0;
@@ -1475,7 +1475,7 @@ static inline int security_path_rmdir(const struct path *dir, struct dentry *den
return 0;
}
-static inline int security_path_mknod(struct path *dir, struct dentry *dentry,
+static inline int security_path_mknod(const struct path *dir, struct dentry *dentry,
umode_t mode, unsigned int dev)
{
return 0;
@@ -1486,7 +1486,7 @@ static inline int security_path_truncate(const struct path *path)
return 0;
}
-static inline int security_path_symlink(struct path *dir, struct dentry *dentry,
+static inline int security_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name)
{
return 0;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 8269da73e9e5..80aa6a3e6817 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -953,7 +953,7 @@ fail:
return NULL;
}
-static int unix_mknod(struct dentry *dentry, struct path *path, umode_t mode,
+static int unix_mknod(struct dentry *dentry, const struct path *path, umode_t mode,
struct path *res)
{
int err;
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index b760fe026b82..7ae540565097 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -250,7 +250,7 @@ static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry)
return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
}
-static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry,
+static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry,
umode_t mode)
{
return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
@@ -262,7 +262,7 @@ static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry)
return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
}
-static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
+static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry,
umode_t mode, unsigned int dev)
{
return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
@@ -273,7 +273,7 @@ static int apparmor_path_truncate(const struct path *path)
return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
}
-static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
+static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name)
{
return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE,
diff --git a/security/security.c b/security/security.c
index 20f2070b3ace..7f62e2ed6a28 100644
--- a/security/security.c
+++ b/security/security.c
@@ -410,7 +410,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
EXPORT_SYMBOL(security_old_inode_init_security);
#ifdef CONFIG_SECURITY_PATH
-int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
+int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
@@ -419,7 +419,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
}
EXPORT_SYMBOL(security_path_mknod);
-int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
+int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
@@ -442,7 +442,7 @@ int security_path_unlink(const struct path *dir, struct dentry *dentry)
}
EXPORT_SYMBOL(security_path_unlink);
-int security_path_symlink(struct path *dir, struct dentry *dentry,
+int security_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index be5b1ae02f02..d44752562b9b 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -178,7 +178,7 @@ static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
umode_t mode)
{
struct path path = { parent->mnt, dentry };
@@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
const char *old_name)
{
struct path path = { parent->mnt, dentry };
@@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
umode_t mode, unsigned int dev)
{
struct path path = { parent->mnt, dentry };
From 8db0185659c33143915768bdd33fc2fb1b1cbb58 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:22:49 -0400
Subject: [PATCH 14/18] apparmor: remove useless checks for NULL ->mnt
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/apparmor/lsm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index 7ae540565097..eadaa58bd6fd 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -215,7 +215,7 @@ static int common_perm_rm(int op, const struct path *dir,
struct inode *inode = d_backing_inode(dentry);
struct path_cond cond = { };
- if (!inode || !dir->mnt || !mediated_filesystem(dentry))
+ if (!inode || !mediated_filesystem(dentry))
return 0;
cond.uid = inode->i_uid;
@@ -239,7 +239,7 @@ static int common_perm_create(int op, const struct path *dir,
{
struct path_cond cond = { current_fsuid(), mode };
- if (!dir->mnt || !mediated_filesystem(dir->dentry))
+ if (!mediated_filesystem(dir->dentry))
return 0;
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
From 3ccee46ab487d5b87d0621824efe2500b2857c58 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:27:45 -0400
Subject: [PATCH 15/18] constify security_path_{link,rename}
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
include/linux/lsm_hooks.h | 6 +++---
include/linux/security.h | 12 ++++++------
security/apparmor/lsm.c | 6 +++---
security/security.c | 6 +++---
security/tomoyo/tomoyo.c | 6 +++---
5 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 919fb4f98e4f..52c2ac5f4855 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1369,10 +1369,10 @@ union security_list_options {
int (*path_truncate)(const struct path *path);
int (*path_symlink)(const struct path *dir, struct dentry *dentry,
const char *old_name);
- int (*path_link)(struct dentry *old_dentry, struct path *new_dir,
+ int (*path_link)(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry);
- int (*path_rename)(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir,
+ int (*path_rename)(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir,
struct dentry *new_dentry);
int (*path_chmod)(const struct path *path, umode_t mode);
int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid);
diff --git a/include/linux/security.h b/include/linux/security.h
index ccb8c2a170e3..82854115e36b 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1450,10 +1450,10 @@ int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t m
int security_path_truncate(const struct path *path);
int security_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name);
-int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry);
-int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry,
+int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir, struct dentry *new_dentry,
unsigned int flags);
int security_path_chmod(const struct path *path, umode_t mode);
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
@@ -1493,15 +1493,15 @@ static inline int security_path_symlink(const struct path *dir, struct dentry *d
}
static inline int security_path_link(struct dentry *old_dentry,
- struct path *new_dir,
+ const struct path *new_dir,
struct dentry *new_dentry)
{
return 0;
}
-static inline int security_path_rename(struct path *old_dir,
+static inline int security_path_rename(const struct path *old_dir,
struct dentry *old_dentry,
- struct path *new_dir,
+ const struct path *new_dir,
struct dentry *new_dentry,
unsigned int flags)
{
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index eadaa58bd6fd..2660fbcf94d1 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -280,7 +280,7 @@ static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry,
S_IFLNK);
}
-static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
+static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
struct aa_profile *profile;
@@ -295,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
return error;
}
-static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
+static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir, struct dentry *new_dentry)
{
struct aa_profile *profile;
int error = 0;
diff --git a/security/security.c b/security/security.c
index 7f62e2ed6a28..33b85a960128 100644
--- a/security/security.c
+++ b/security/security.c
@@ -450,7 +450,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry,
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
-int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
@@ -458,8 +458,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
-int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry,
+int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir, struct dentry *new_dentry,
unsigned int flags)
{
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index d44752562b9b..6a858f2f4063 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -265,7 +265,7 @@ static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
+static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
struct path path1 = { new_dir->mnt, old_dentry };
@@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_rename(struct path *old_parent,
+static int tomoyo_path_rename(const struct path *old_parent,
struct dentry *old_dentry,
- struct path *new_parent,
+ const struct path *new_parent,
struct dentry *new_dentry)
{
struct path path1 = { old_parent->mnt, old_dentry };
From 77b286c0d26a5399912f5affd90ed73e2d8b42a5 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:28:43 -0400
Subject: [PATCH 16/18] constify security_path_chroot()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 4 ++--
security/security.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
4 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 52c2ac5f4855..e2baca48e596 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1376,7 +1376,7 @@ union security_list_options {
struct dentry *new_dentry);
int (*path_chmod)(const struct path *path, umode_t mode);
int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid);
- int (*path_chroot)(struct path *path);
+ int (*path_chroot)(const struct path *path);
#endif
int (*inode_alloc_security)(struct inode *inode);
diff --git a/include/linux/security.h b/include/linux/security.h
index 82854115e36b..cb53cffbfae4 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1457,7 +1457,7 @@ int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
unsigned int flags);
int security_path_chmod(const struct path *path, umode_t mode);
int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid);
-int security_path_chroot(struct path *path);
+int security_path_chroot(const struct path *path);
#else /* CONFIG_SECURITY_PATH */
static inline int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
@@ -1518,7 +1518,7 @@ static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_
return 0;
}
-static inline int security_path_chroot(struct path *path)
+static inline int security_path_chroot(const struct path *path)
{
return 0;
}
diff --git a/security/security.c b/security/security.c
index 33b85a960128..cf6f31df524a 100644
--- a/security/security.c
+++ b/security/security.c
@@ -499,7 +499,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
return call_int_hook(path_chown, 0, path, uid, gid);
}
-int security_path_chroot(struct path *path)
+int security_path_chroot(const struct path *path)
{
return call_int_hook(path_chroot, 0, path);
}
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index 6a858f2f4063..c7764bb747aa 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -385,7 +385,7 @@ static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chroot(struct path *path)
+static int tomoyo_path_chroot(const struct path *path)
{
return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
}
From 3b73b68c05db0b3c9b282c6e8e6eb71acc589a02 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:31:19 -0400
Subject: [PATCH 17/18] constify security_sb_pivotroot()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
include/linux/lsm_hooks.h | 2 +-
include/linux/security.h | 6 +++---
security/security.c | 2 +-
security/tomoyo/tomoyo.c | 2 +-
4 files changed, 6 insertions(+), 6 deletions(-)
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index e2baca48e596..41c0aa6d39ea 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1346,7 +1346,7 @@ union security_list_options {
int (*sb_mount)(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data);
int (*sb_umount)(struct vfsmount *mnt, int flags);
- int (*sb_pivotroot)(struct path *old_path, struct path *new_path);
+ int (*sb_pivotroot)(const struct path *old_path, const struct path *new_path);
int (*sb_set_mnt_opts)(struct super_block *sb,
struct security_mnt_opts *opts,
unsigned long kern_flags,
diff --git a/include/linux/security.h b/include/linux/security.h
index cb53cffbfae4..fcfa211c694f 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -225,7 +225,7 @@ int security_sb_statfs(struct dentry *dentry);
int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data);
int security_sb_umount(struct vfsmount *mnt, int flags);
-int security_sb_pivotroot(struct path *old_path, struct path *new_path);
+int security_sb_pivotroot(const struct path *old_path, const struct path *new_path);
int security_sb_set_mnt_opts(struct super_block *sb,
struct security_mnt_opts *opts,
unsigned long kern_flags,
@@ -542,8 +542,8 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags)
return 0;
}
-static inline int security_sb_pivotroot(struct path *old_path,
- struct path *new_path)
+static inline int security_sb_pivotroot(const struct path *old_path,
+ const struct path *new_path)
{
return 0;
}
diff --git a/security/security.c b/security/security.c
index cf6f31df524a..f7af0aaa173e 100644
--- a/security/security.c
+++ b/security/security.c
@@ -313,7 +313,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
return call_int_hook(sb_umount, 0, mnt, flags);
}
-int security_sb_pivotroot(struct path *old_path, struct path *new_path)
+int security_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
return call_int_hook(sb_pivotroot, 0, old_path, new_path);
}
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index c7764bb747aa..75c998700190 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
+static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
}
From 81cd8896a64cc34bd59f097fa619b11ab40ca7a6 Mon Sep 17 00:00:00 2001
From: Al Viro <viro@zeniv.linux.org.uk>
Date: Fri, 25 Mar 2016 15:33:04 -0400
Subject: [PATCH 18/18] constify ima_d_path()
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
security/integrity/ima/ima.h | 2 +-
security/integrity/ima/ima_api.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 5d0f61163d98..d3a939bf2781 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
int ima_store_template(struct ima_template_entry *entry, int violation,
struct inode *inode, const unsigned char *filename);
void ima_free_template_entry(struct ima_template_entry *entry);
-const char *ima_d_path(struct path *path, char **pathbuf);
+const char *ima_d_path(const struct path *path, char **pathbuf);
/* IMA policy related functions */
int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 370e42dfc5c5..5a2218fe877a 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
iint->flags |= IMA_AUDITED;
}
-const char *ima_d_path(struct path *path, char **pathbuf)
+const char *ima_d_path(const struct path *path, char **pathbuf)
{
char *pathname = NULL;