From 2c7661ff419580f5c06ea409e31407e0ff52cb95 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:18:14 -0400 Subject: [PATCH 01/18] [apparmor] constify struct path * in a bunch of helpers Signed-off-by: Al Viro --- security/apparmor/file.c | 2 +- security/apparmor/include/file.h | 2 +- security/apparmor/include/path.h | 2 +- security/apparmor/lsm.c | 2 +- security/apparmor/path.c | 8 ++++---- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 913f377a038a67..4dfc5d0d8413e2 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry) * * Returns: %0 else error if access denied or other error */ -int aa_path_perm(int op, struct aa_profile *profile, struct path *path, +int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, int flags, u32 request, struct path_cond *cond) { char *buffer = NULL; diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 2c922b86bd44f5..afc5b294e0d538 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -171,7 +171,7 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, struct file_perms *perms); -int aa_path_perm(int op, struct aa_profile *profile, struct path *path, +int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, int flags, u32 request, struct path_cond *cond); int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h index 286ac75dc88b62..73560f258784fc 100644 --- a/security/apparmor/include/path.h +++ b/security/apparmor/include/path.h @@ -26,7 +26,7 @@ enum path_flags { PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */ }; -int aa_path_name(struct path *path, int flags, char **buffer, +int aa_path_name(const struct path *path, int flags, char **buffer, const char **name, const char **info); #endif /* __AA_PATH_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dec607c17b6434..9713037e52575b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, * * Returns: %0 else error code if error or permission denied */ -static int common_perm(int op, struct path *path, u32 mask, +static int common_perm(int op, const struct path *path, u32 mask, struct path_cond *cond) { struct aa_profile *profile; diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 71e0e3a15b9dc3..edddc026406b4e 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen) * When no error the path name is returned in @name which points to * to a position in @buf */ -static int d_namespace_path(struct path *path, char *buf, int buflen, +static int d_namespace_path(const struct path *path, char *buf, int buflen, char **name, int flags) { char *res; @@ -158,7 +158,7 @@ static int d_namespace_path(struct path *path, char *buf, int buflen, * * Returns: %0 else error on failure */ -static int get_name_to_buffer(struct path *path, int flags, char *buffer, +static int get_name_to_buffer(const struct path *path, int flags, char *buffer, int size, char **name, const char **info) { int adjust = (flags & PATH_IS_DIR) ? 1 : 0; @@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer, * * Returns: %0 else error code if could retrieve name */ -int aa_path_name(struct path *path, int flags, char **buffer, const char **name, - const char **info) +int aa_path_name(const struct path *path, int flags, char **buffer, + const char **name, const char **info) { char *buf, *str = NULL; int size = 256; From 81f4c50607b423a59f8a1b03e1e8fc409a1dcd22 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:22:01 -0400 Subject: [PATCH 02/18] constify security_path_truncate() Signed-off-by: Al Viro --- include/linux/lsm_hooks.h | 2 +- include/linux/security.h | 4 ++-- security/apparmor/lsm.c | 2 +- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index cdee11cbcdf148..77c3bfdacf1680 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1366,7 +1366,7 @@ union security_list_options { int (*path_rmdir)(struct path *dir, struct dentry *dentry); int (*path_mknod)(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev); - int (*path_truncate)(struct path *path); + int (*path_truncate)(const struct path *path); int (*path_symlink)(struct path *dir, struct dentry *dentry, const char *old_name); int (*path_link)(struct dentry *old_dentry, struct path *new_dir, diff --git a/include/linux/security.h b/include/linux/security.h index 157f0cb1e4d2f9..be37ccab228684 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1447,7 +1447,7 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode); int security_path_rmdir(struct path *dir, struct dentry *dentry); int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev); -int security_path_truncate(struct path *path); +int security_path_truncate(const struct path *path); int security_path_symlink(struct path *dir, struct dentry *dentry, const char *old_name); int security_path_link(struct dentry *old_dentry, struct path *new_dir, @@ -1481,7 +1481,7 @@ static inline int security_path_mknod(struct path *dir, struct dentry *dentry, return 0; } -static inline int security_path_truncate(struct path *path) +static inline int security_path_truncate(const struct path *path) { return 0; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 9713037e52575b..83e9c3c2cfc807 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -269,7 +269,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); } -static int apparmor_path_truncate(struct path *path) +static int apparmor_path_truncate(const struct path *path) { struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, d_backing_inode(path->dentry)->i_mode diff --git a/security/security.c b/security/security.c index 3644b0344d29f3..23ffb6cc3974ba 100644 --- a/security/security.c +++ b/security/security.c @@ -478,7 +478,7 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry, } EXPORT_SYMBOL(security_path_rename); -int security_path_truncate(struct path *path) +int security_path_truncate(const struct path *path) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index cbf3df422c8724..8573eee2b58eb1 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_truncate(struct path *path) +static int tomoyo_path_truncate(const struct path *path) { return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); } From 7df818b2370a9aab5fc58a85b70b8af3d835affa Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:24:09 -0400 Subject: [PATCH 03/18] constify vfs_truncate() Signed-off-by: Al Viro --- fs/open.c | 2 +- include/linux/fs.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/open.c b/fs/open.c index 17cb6b1dab753b..2f49fce5c95260 100644 --- a/fs/open.c +++ b/fs/open.c @@ -65,7 +65,7 @@ int do_truncate(struct dentry *dentry, loff_t length, unsigned int time_attrs, return ret; } -long vfs_truncate(struct path *path, loff_t length) +long vfs_truncate(const struct path *path, loff_t length) { struct inode *inode; long error; diff --git a/include/linux/fs.h b/include/linux/fs.h index 14a97194b34ba1..09a68517e952a5 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2253,7 +2253,7 @@ struct filename { const char iname[]; }; -extern long vfs_truncate(struct path *, loff_t); +extern long vfs_truncate(const struct path *, loff_t); extern int do_truncate(struct dentry *, loff_t start, unsigned int time_attrs, struct file *filp); extern int vfs_fallocate(struct file *file, int mode, loff_t offset, From 928e1ebfb576f6c0480ac852becfc142b248242c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:24:49 -0400 Subject: [PATCH 04/18] apparmor_path_truncate(): path->mnt is never NULL Signed-off-by: Al Viro --- security/apparmor/lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 83e9c3c2cfc807..21dae6070bb9dd 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -275,7 +275,7 @@ static int apparmor_path_truncate(const struct path *path) d_backing_inode(path->dentry)->i_mode }; - if (!path->mnt || !mediated_filesystem(path->dentry)) + if (!mediated_filesystem(path->dentry)) return 0; return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, From e6641eddf0e7f0227493e91a1d91546f6bd73525 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:41:28 -0400 Subject: [PATCH 05/18] tomoyo: constify assorted struct path * Signed-off-by: Al Viro --- security/tomoyo/common.h | 12 ++++++------ security/tomoyo/file.c | 10 +++++----- security/tomoyo/mount.c | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index f9c9fb1d56b4bd..361e7a284699b5 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name); const struct tomoyo_path_info *tomoyo_path_matches_group (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, - struct path *path, const int flag); + const struct path *path, const int flag); void tomoyo_close_control(struct tomoyo_io_buffer *head); int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); int tomoyo_execute_permission(struct tomoyo_request_info *r, @@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, int tomoyo_init_request_info(struct tomoyo_request_info *r, struct tomoyo_domain_info *domain, const u8 index); -int tomoyo_mkdev_perm(const u8 operation, struct path *path, +int tomoyo_mkdev_perm(const u8 operation, const struct path *path, const unsigned int mode, unsigned int dev); -int tomoyo_mount_permission(const char *dev_name, struct path *path, +int tomoyo_mount_permission(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data_page); int tomoyo_open_control(const u8 type, struct file *file); -int tomoyo_path2_perm(const u8 operation, struct path *path1, - struct path *path2); -int tomoyo_path_number_perm(const u8 operation, struct path *path, +int tomoyo_path2_perm(const u8 operation, const struct path *path1, + const struct path *path2); +int tomoyo_path_number_perm(const u8 operation, const struct path *path, unsigned long number); int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 2367b100cc62da..7041a580019ec5 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path_number_perm(const u8 type, struct path *path, +int tomoyo_path_number_perm(const u8 type, const struct path *path, unsigned long number) { struct tomoyo_request_info r; @@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, * Returns 0 on success, negative value otherwise. */ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, - struct path *path, const int flag) + const struct path *path, const int flag) { const u8 acc_mode = ACC_MODE(flag); int error = 0; @@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta * * Returns 0 on success, negative value otherwise. */ -int tomoyo_mkdev_perm(const u8 operation, struct path *path, +int tomoyo_mkdev_perm(const u8 operation, const struct path *path, const unsigned int mode, unsigned int dev) { struct tomoyo_request_info r; @@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path2_perm(const u8 operation, struct path *path1, - struct path *path2) +int tomoyo_path2_perm(const u8 operation, const struct path *path1, + const struct path *path2) { int error = -ENOMEM; struct tomoyo_path_info buf1; diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 390c646013cb29..14b53fb2a0cfef 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c @@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r, */ static int tomoyo_mount_acl(struct tomoyo_request_info *r, const char *dev_name, - struct path *dir, const char *type, + const struct path *dir, const char *type, unsigned long flags) { struct tomoyo_obj_info obj = { }; @@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_mount_permission(const char *dev_name, struct path *path, +int tomoyo_mount_permission(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data_page) { From 7fd25dac9ad3970bede16f2834daf9f9d779d1b0 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:44:41 -0400 Subject: [PATCH 06/18] constify chown_common/security_path_chown Signed-off-by: Al Viro --- fs/open.c | 2 +- include/linux/lsm_hooks.h | 2 +- include/linux/security.h | 4 ++-- security/apparmor/lsm.c | 2 +- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/open.c b/fs/open.c index 2f49fce5c95260..651bf74745a297 100644 --- a/fs/open.c +++ b/fs/open.c @@ -564,7 +564,7 @@ SYSCALL_DEFINE2(chmod, const char __user *, filename, umode_t, mode) return sys_fchmodat(AT_FDCWD, filename, mode); } -static int chown_common(struct path *path, uid_t user, gid_t group) +static int chown_common(const struct path *path, uid_t user, gid_t group) { struct inode *inode = path->dentry->d_inode; struct inode *delegated_inode = NULL; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 77c3bfdacf1680..84f76cbc6d06cb 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1375,7 +1375,7 @@ union security_list_options { struct path *new_dir, struct dentry *new_dentry); int (*path_chmod)(struct path *path, umode_t mode); - int (*path_chown)(struct path *path, kuid_t uid, kgid_t gid); + int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid); int (*path_chroot)(struct path *path); #endif diff --git a/include/linux/security.h b/include/linux/security.h index be37ccab228684..f83ca920ed46d7 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1456,7 +1456,7 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry, unsigned int flags); int security_path_chmod(struct path *path, umode_t mode); -int security_path_chown(struct path *path, kuid_t uid, kgid_t gid); +int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); int security_path_chroot(struct path *path); #else /* CONFIG_SECURITY_PATH */ static inline int security_path_unlink(struct path *dir, struct dentry *dentry) @@ -1513,7 +1513,7 @@ static inline int security_path_chmod(struct path *path, umode_t mode) return 0; } -static inline int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) +static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { return 0; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 21dae6070bb9dd..3adbff987b7762 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -342,7 +342,7 @@ static int apparmor_path_chmod(struct path *path, umode_t mode) return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); } -static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) +static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, d_backing_inode(path->dentry)->i_mode diff --git a/security/security.c b/security/security.c index 23ffb6cc3974ba..4a3e7e99abbbc8 100644 --- a/security/security.c +++ b/security/security.c @@ -492,7 +492,7 @@ int security_path_chmod(struct path *path, umode_t mode) return call_int_hook(path_chmod, 0, path, mode); } -int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) +int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 8573eee2b58eb1..f0989ec978e140 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) +static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { int error = 0; if (uid_valid(uid)) From 8a04c43b8741ebb40508d160cf87ca74b70941af Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:52:53 -0400 Subject: [PATCH 07/18] constify security_sb_mount() Signed-off-by: Al Viro --- include/linux/lsm_hooks.h | 2 +- include/linux/security.h | 4 ++-- security/security.c | 2 +- security/selinux/hooks.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 84f76cbc6d06cb..47117751f4eb3a 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1343,7 +1343,7 @@ union security_list_options { int (*sb_kern_mount)(struct super_block *sb, int flags, void *data); int (*sb_show_options)(struct seq_file *m, struct super_block *sb); int (*sb_statfs)(struct dentry *dentry); - int (*sb_mount)(const char *dev_name, struct path *path, + int (*sb_mount)(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data); int (*sb_umount)(struct vfsmount *mnt, int flags); int (*sb_pivotroot)(struct path *old_path, struct path *new_path); diff --git a/include/linux/security.h b/include/linux/security.h index f83ca920ed46d7..415a357efe4cdd 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -222,7 +222,7 @@ int security_sb_remount(struct super_block *sb, void *data); int security_sb_kern_mount(struct super_block *sb, int flags, void *data); int security_sb_show_options(struct seq_file *m, struct super_block *sb); int security_sb_statfs(struct dentry *dentry); -int security_sb_mount(const char *dev_name, struct path *path, +int security_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); int security_sb_pivotroot(struct path *old_path, struct path *new_path); @@ -530,7 +530,7 @@ static inline int security_sb_statfs(struct dentry *dentry) return 0; } -static inline int security_sb_mount(const char *dev_name, struct path *path, +static inline int security_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) { diff --git a/security/security.c b/security/security.c index 4a3e7e99abbbc8..fc567656b16f86 100644 --- a/security/security.c +++ b/security/security.c @@ -302,7 +302,7 @@ int security_sb_statfs(struct dentry *dentry) return call_int_hook(sb_statfs, 0, dentry); } -int security_sb_mount(const char *dev_name, struct path *path, +int security_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) { return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 912deee3f01ef8..e3aeacc135457c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2760,7 +2760,7 @@ static int selinux_sb_statfs(struct dentry *dentry) } static int selinux_mount(const char *dev_name, - struct path *path, + const struct path *path, const char *type, unsigned long flags, void *data) diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index f0989ec978e140..c1177f885247b8 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_sb_mount(const char *dev_name, struct path *path, +static int tomoyo_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) { return tomoyo_mount_permission(dev_name, path, type, flags, data); From be01f9f28e66fa846f02196eb047c6bc445642db Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 14:56:23 -0400 Subject: [PATCH 08/18] constify chmod_common/security_path_chmod Signed-off-by: Al Viro --- fs/open.c | 2 +- include/linux/lsm_hooks.h | 2 +- include/linux/security.h | 4 ++-- security/apparmor/lsm.c | 2 +- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 6 files changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/open.c b/fs/open.c index 651bf74745a297..cfdf71a6704e4a 100644 --- a/fs/open.c +++ b/fs/open.c @@ -499,7 +499,7 @@ SYSCALL_DEFINE1(chroot, const char __user *, filename) return error; } -static int chmod_common(struct path *path, umode_t mode) +static int chmod_common(const struct path *path, umode_t mode) { struct inode *inode = path->dentry->d_inode; struct inode *delegated_inode = NULL; diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 47117751f4eb3a..294fdfe902bf86 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1374,7 +1374,7 @@ union security_list_options { int (*path_rename)(struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry); - int (*path_chmod)(struct path *path, umode_t mode); + int (*path_chmod)(const struct path *path, umode_t mode); int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid); int (*path_chroot)(struct path *path); #endif diff --git a/include/linux/security.h b/include/linux/security.h index 415a357efe4cdd..d6593ee2d0a972 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1455,7 +1455,7 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, int security_path_rename(struct path *old_dir, struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry, unsigned int flags); -int security_path_chmod(struct path *path, umode_t mode); +int security_path_chmod(const struct path *path, umode_t mode); int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); int security_path_chroot(struct path *path); #else /* CONFIG_SECURITY_PATH */ @@ -1508,7 +1508,7 @@ static inline int security_path_rename(struct path *old_dir, return 0; } -static inline int security_path_chmod(struct path *path, umode_t mode) +static inline int security_path_chmod(const struct path *path, umode_t mode) { return 0; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 3adbff987b7762..8d19615dcb73d6 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -334,7 +334,7 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, return error; } -static int apparmor_path_chmod(struct path *path, umode_t mode) +static int apparmor_path_chmod(const struct path *path, umode_t mode) { if (!mediated_filesystem(path->dentry)) return 0; diff --git a/security/security.c b/security/security.c index fc567656b16f86..b333429fe71898 100644 --- a/security/security.c +++ b/security/security.c @@ -485,7 +485,7 @@ int security_path_truncate(const struct path *path) return call_int_hook(path_truncate, 0, path); } -int security_path_chmod(struct path *path, umode_t mode) +int security_path_chmod(const struct path *path, umode_t mode) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index c1177f885247b8..e48d0a4e4128f3 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chmod(struct path *path, umode_t mode) +static int tomoyo_path_chmod(const struct path *path, umode_t mode) { return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, mode & S_IALLUGO); From 741aca71d61c3485d1e9db3bcea00d4509cf2301 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:04:36 -0400 Subject: [PATCH 09/18] apparmor: new helper - common_path_perm() was open-coded in several places... Signed-off-by: Al Viro --- security/apparmor/lsm.c | 47 +++++++++++------------------------------ 1 file changed, 12 insertions(+), 35 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 8d19615dcb73d6..ead56bfaa056e0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir, } /** - * common_perm_mnt_dentry - common permission wrapper when mnt, dentry + * common_perm_path - common permission wrapper when mnt, dentry * @op: operation being checked - * @mnt: mount point of dentry (NOT NULL) - * @dentry: dentry to check (NOT NULL) + * @path: location to check (NOT NULL) * @mask: requested permissions mask * * Returns: %0 else error code if error or permission denied */ -static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, - struct dentry *dentry, u32 mask) +static inline int common_perm_path(int op, const struct path *path, u32 mask) { - struct path path = { mnt, dentry }; - struct path_cond cond = { d_backing_inode(dentry)->i_uid, - d_backing_inode(dentry)->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; + if (!mediated_filesystem(path->dentry)) + return 0; - return common_perm(op, &path, mask, &cond); + return common_perm(op, path, mask, &cond); } /** @@ -271,15 +270,7 @@ static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, static int apparmor_path_truncate(const struct path *path) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, - &cond); + return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE); } static int apparmor_path_symlink(struct path *dir, struct dentry *dentry, @@ -336,31 +327,17 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, static int apparmor_path_chmod(const struct path *path, umode_t mode) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); + return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD); } static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); + return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN); } static int apparmor_inode_getattr(const struct path *path) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry, - AA_MAY_META_READ); + return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ); } static int apparmor_file_open(struct file *file, const struct cred *cred) From 3539aaf670cdd68a37314cd5db400c0c77287c88 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:07:03 -0400 Subject: [PATCH 10/18] apparmor: constify aa_path_link() Signed-off-by: Al Viro --- security/apparmor/file.c | 2 +- security/apparmor/include/file.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 4dfc5d0d8413e2..d186674f973a37 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target) * Returns: %0 if allowed else error */ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry) + const struct path *new_dir, struct dentry *new_dentry) { struct path link = { new_dir->mnt, new_dentry }; struct path target = { new_dir->mnt, old_dentry }; diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index afc5b294e0d538..4803c97d19924c 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -175,7 +175,7 @@ int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, int flags, u32 request, struct path_cond *cond); int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry); + const struct path *new_dir, struct dentry *new_dentry); int aa_file_perm(int op, struct aa_profile *profile, struct file *file, u32 request); From d6b49f7ad2f38b5c3af27ac1a6f475b1ec13ea6e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:10:04 -0400 Subject: [PATCH 11/18] apparmor: constify common_perm_...() Signed-off-by: Al Viro --- security/apparmor/lsm.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index ead56bfaa056e0..4d2638f4676d7b 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -172,7 +172,7 @@ static int common_perm(int op, const struct path *path, u32 mask, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_dir_dentry(int op, struct path *dir, +static int common_perm_dir_dentry(int op, const struct path *dir, struct dentry *dentry, u32 mask, struct path_cond *cond) { @@ -209,7 +209,7 @@ static inline int common_perm_path(int op, const struct path *path, u32 mask) * * Returns: %0 else error code if error or permission denied */ -static int common_perm_rm(int op, struct path *dir, +static int common_perm_rm(int op, const struct path *dir, struct dentry *dentry, u32 mask) { struct inode *inode = d_backing_inode(dentry); @@ -234,8 +234,8 @@ static int common_perm_rm(int op, struct path *dir, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_create(int op, struct path *dir, struct dentry *dentry, - u32 mask, umode_t mode) +static int common_perm_create(int op, const struct path *dir, + struct dentry *dentry, u32 mask, umode_t mode) { struct path_cond cond = { current_fsuid(), mode }; From 989f74e0500a1e136d369bb619adc22786ea5e68 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:13:39 -0400 Subject: [PATCH 12/18] constify security_path_{unlink,rmdir} Signed-off-by: Al Viro --- include/linux/lsm_hooks.h | 4 ++-- include/linux/security.h | 8 ++++---- security/apparmor/lsm.c | 4 ++-- security/security.c | 4 ++-- security/tomoyo/tomoyo.c | 4 ++-- 5 files changed, 12 insertions(+), 12 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 294fdfe902bf86..322912cc2da1ad 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1360,10 +1360,10 @@ union security_list_options { #ifdef CONFIG_SECURITY_PATH - int (*path_unlink)(struct path *dir, struct dentry *dentry); + int (*path_unlink)(const struct path *dir, struct dentry *dentry); int (*path_mkdir)(struct path *dir, struct dentry *dentry, umode_t mode); - int (*path_rmdir)(struct path *dir, struct dentry *dentry); + int (*path_rmdir)(const struct path *dir, struct dentry *dentry); int (*path_mknod)(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev); int (*path_truncate)(const struct path *path); diff --git a/include/linux/security.h b/include/linux/security.h index d6593ee2d0a972..e292d8cb21d73c 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1442,9 +1442,9 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi #endif /* CONFIG_SECURITY_NETWORK_XFRM */ #ifdef CONFIG_SECURITY_PATH -int security_path_unlink(struct path *dir, struct dentry *dentry); +int security_path_unlink(const struct path *dir, struct dentry *dentry); int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode); -int security_path_rmdir(struct path *dir, struct dentry *dentry); +int security_path_rmdir(const struct path *dir, struct dentry *dentry); int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev); int security_path_truncate(const struct path *path); @@ -1459,7 +1459,7 @@ int security_path_chmod(const struct path *path, umode_t mode); int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); int security_path_chroot(struct path *path); #else /* CONFIG_SECURITY_PATH */ -static inline int security_path_unlink(struct path *dir, struct dentry *dentry) +static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) { return 0; } @@ -1470,7 +1470,7 @@ static inline int security_path_mkdir(struct path *dir, struct dentry *dentry, return 0; } -static inline int security_path_rmdir(struct path *dir, struct dentry *dentry) +static inline int security_path_rmdir(const struct path *dir, struct dentry *dentry) { return 0; } diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 4d2638f4676d7b..b760fe026b82b9 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -245,7 +245,7 @@ static int common_perm_create(int op, const struct path *dir, return common_perm_dir_dentry(op, dir, dentry, mask, &cond); } -static int apparmor_path_unlink(struct path *dir, struct dentry *dentry) +static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry) { return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE); } @@ -257,7 +257,7 @@ static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, S_IFDIR); } -static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry) +static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry) { return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE); } diff --git a/security/security.c b/security/security.c index b333429fe71898..20f2070b3acee4 100644 --- a/security/security.c +++ b/security/security.c @@ -427,14 +427,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) } EXPORT_SYMBOL(security_path_mkdir); -int security_path_rmdir(struct path *dir, struct dentry *dentry) +int security_path_rmdir(const struct path *dir, struct dentry *dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } -int security_path_unlink(struct path *dir, struct dentry *dentry) +int security_path_unlink(const struct path *dir, struct dentry *dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index e48d0a4e4128f3..be5b1ae02f0233 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -163,7 +163,7 @@ static int tomoyo_path_truncate(const struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) +static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) { struct path path = { parent->mnt, dentry }; return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); @@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) +static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) { struct path path = { parent->mnt, dentry }; return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); From d360775217070ff0f4291e47d3f568f0fe0b7374 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:21:09 -0400 Subject: [PATCH 13/18] constify security_path_{mkdir,mknod,symlink} ... as well as unix_mknod() and may_o_create() Signed-off-by: Al Viro --- fs/namei.c | 2 +- include/linux/lsm_hooks.h | 6 +++--- include/linux/security.h | 12 ++++++------ net/unix/af_unix.c | 2 +- security/apparmor/lsm.c | 6 +++--- security/security.c | 6 +++--- security/tomoyo/tomoyo.c | 6 +++--- 7 files changed, 20 insertions(+), 20 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 794f81dce76606..8c97544d68833b 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2783,7 +2783,7 @@ static inline int open_to_namei_flags(int flag) return flag; } -static int may_o_create(struct path *dir, struct dentry *dentry, umode_t mode) +static int may_o_create(const struct path *dir, struct dentry *dentry, umode_t mode) { int error = security_path_mknod(dir, dentry, mode, 0); if (error) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 322912cc2da1ad..919fb4f98e4fb1 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1361,13 +1361,13 @@ union security_list_options { #ifdef CONFIG_SECURITY_PATH int (*path_unlink)(const struct path *dir, struct dentry *dentry); - int (*path_mkdir)(struct path *dir, struct dentry *dentry, + int (*path_mkdir)(const struct path *dir, struct dentry *dentry, umode_t mode); int (*path_rmdir)(const struct path *dir, struct dentry *dentry); - int (*path_mknod)(struct path *dir, struct dentry *dentry, + int (*path_mknod)(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev); int (*path_truncate)(const struct path *path); - int (*path_symlink)(struct path *dir, struct dentry *dentry, + int (*path_symlink)(const struct path *dir, struct dentry *dentry, const char *old_name); int (*path_link)(struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry); diff --git a/include/linux/security.h b/include/linux/security.h index e292d8cb21d73c..ccb8c2a170e33d 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1443,12 +1443,12 @@ static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi #ifdef CONFIG_SECURITY_PATH int security_path_unlink(const struct path *dir, struct dentry *dentry); -int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode); +int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode); int security_path_rmdir(const struct path *dir, struct dentry *dentry); -int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, +int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev); int security_path_truncate(const struct path *path); -int security_path_symlink(struct path *dir, struct dentry *dentry, +int security_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name); int security_path_link(struct dentry *old_dentry, struct path *new_dir, struct dentry *new_dentry); @@ -1464,7 +1464,7 @@ static inline int security_path_unlink(const struct path *dir, struct dentry *de return 0; } -static inline int security_path_mkdir(struct path *dir, struct dentry *dentry, +static inline int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) { return 0; @@ -1475,7 +1475,7 @@ static inline int security_path_rmdir(const struct path *dir, struct dentry *den return 0; } -static inline int security_path_mknod(struct path *dir, struct dentry *dentry, +static inline int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { return 0; @@ -1486,7 +1486,7 @@ static inline int security_path_truncate(const struct path *path) return 0; } -static inline int security_path_symlink(struct path *dir, struct dentry *dentry, +static inline int security_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name) { return 0; diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c index 8269da73e9e5f1..80aa6a3e681763 100644 --- a/net/unix/af_unix.c +++ b/net/unix/af_unix.c @@ -953,7 +953,7 @@ static struct sock *unix_find_other(struct net *net, return NULL; } -static int unix_mknod(struct dentry *dentry, struct path *path, umode_t mode, +static int unix_mknod(struct dentry *dentry, const struct path *path, umode_t mode, struct path *res) { int err; diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index b760fe026b82b9..7ae5405650974f 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -250,7 +250,7 @@ static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry) return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE); } -static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, +static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) { return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, @@ -262,7 +262,7 @@ static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry) return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE); } -static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, +static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); @@ -273,7 +273,7 @@ static int apparmor_path_truncate(const struct path *path) return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE); } -static int apparmor_path_symlink(struct path *dir, struct dentry *dentry, +static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name) { return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE, diff --git a/security/security.c b/security/security.c index 20f2070b3acee4..7f62e2ed6a2805 100644 --- a/security/security.c +++ b/security/security.c @@ -410,7 +410,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, EXPORT_SYMBOL(security_old_inode_init_security); #ifdef CONFIG_SECURITY_PATH -int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, +int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) @@ -419,7 +419,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, } EXPORT_SYMBOL(security_path_mknod); -int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) +int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; @@ -442,7 +442,7 @@ int security_path_unlink(const struct path *dir, struct dentry *dentry) } EXPORT_SYMBOL(security_path_unlink); -int security_path_symlink(struct path *dir, struct dentry *dentry, +int security_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index be5b1ae02f0233..d44752562b9b9f 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -178,7 +178,7 @@ static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, +static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, umode_t mode) { struct path path = { parent->mnt, dentry }; @@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, +static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, const char *old_name) { struct path path = { parent->mnt, dentry }; @@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, +static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, umode_t mode, unsigned int dev) { struct path path = { parent->mnt, dentry }; From 8db0185659c33143915768bdd33fc2fb1b1cbb58 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:22:49 -0400 Subject: [PATCH 14/18] apparmor: remove useless checks for NULL ->mnt Signed-off-by: Al Viro --- security/apparmor/lsm.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 7ae5405650974f..eadaa58bd6fdd9 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -215,7 +215,7 @@ static int common_perm_rm(int op, const struct path *dir, struct inode *inode = d_backing_inode(dentry); struct path_cond cond = { }; - if (!inode || !dir->mnt || !mediated_filesystem(dentry)) + if (!inode || !mediated_filesystem(dentry)) return 0; cond.uid = inode->i_uid; @@ -239,7 +239,7 @@ static int common_perm_create(int op, const struct path *dir, { struct path_cond cond = { current_fsuid(), mode }; - if (!dir->mnt || !mediated_filesystem(dir->dentry)) + if (!mediated_filesystem(dir->dentry)) return 0; return common_perm_dir_dentry(op, dir, dentry, mask, &cond); From 3ccee46ab487d5b87d0621824efe2500b2857c58 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:27:45 -0400 Subject: [PATCH 15/18] constify security_path_{link,rename} Signed-off-by: Al Viro --- include/linux/lsm_hooks.h | 6 +++--- include/linux/security.h | 12 ++++++------ security/apparmor/lsm.c | 6 +++--- security/security.c | 6 +++--- security/tomoyo/tomoyo.c | 6 +++--- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 919fb4f98e4fb1..52c2ac5f4855a4 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1369,10 +1369,10 @@ union security_list_options { int (*path_truncate)(const struct path *path); int (*path_symlink)(const struct path *dir, struct dentry *dentry, const char *old_name); - int (*path_link)(struct dentry *old_dentry, struct path *new_dir, + int (*path_link)(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry); - int (*path_rename)(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, + int (*path_rename)(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry); int (*path_chmod)(const struct path *path, umode_t mode); int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid); diff --git a/include/linux/security.h b/include/linux/security.h index ccb8c2a170e33d..82854115e36b7e 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1450,10 +1450,10 @@ int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t m int security_path_truncate(const struct path *path); int security_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name); -int security_path_link(struct dentry *old_dentry, struct path *new_dir, +int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry); -int security_path_rename(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry, +int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry, unsigned int flags); int security_path_chmod(const struct path *path, umode_t mode); int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); @@ -1493,15 +1493,15 @@ static inline int security_path_symlink(const struct path *dir, struct dentry *d } static inline int security_path_link(struct dentry *old_dentry, - struct path *new_dir, + const struct path *new_dir, struct dentry *new_dentry) { return 0; } -static inline int security_path_rename(struct path *old_dir, +static inline int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, + const struct path *new_dir, struct dentry *new_dentry, unsigned int flags) { diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index eadaa58bd6fdd9..2660fbcf94d1e0 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -280,7 +280,7 @@ static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry, S_IFLNK); } -static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, +static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { struct aa_profile *profile; @@ -295,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, return error; } -static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry) +static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry) { struct aa_profile *profile; int error = 0; diff --git a/security/security.c b/security/security.c index 7f62e2ed6a2805..33b85a9601288f 100644 --- a/security/security.c +++ b/security/security.c @@ -450,7 +450,7 @@ int security_path_symlink(const struct path *dir, struct dentry *dentry, return call_int_hook(path_symlink, 0, dir, dentry, old_name); } -int security_path_link(struct dentry *old_dentry, struct path *new_dir, +int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) @@ -458,8 +458,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } -int security_path_rename(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry, +int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry, unsigned int flags) { if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index d44752562b9b9f..6a858f2f406393 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -265,7 +265,7 @@ static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, +static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { struct path path1 = { new_dir->mnt, old_dentry }; @@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_rename(struct path *old_parent, +static int tomoyo_path_rename(const struct path *old_parent, struct dentry *old_dentry, - struct path *new_parent, + const struct path *new_parent, struct dentry *new_dentry) { struct path path1 = { old_parent->mnt, old_dentry }; From 77b286c0d26a5399912f5affd90ed73e2d8b42a5 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:28:43 -0400 Subject: [PATCH 16/18] constify security_path_chroot() Signed-off-by: Al Viro --- include/linux/lsm_hooks.h | 2 +- include/linux/security.h | 4 ++-- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index 52c2ac5f4855a4..e2baca48e596e2 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1376,7 +1376,7 @@ union security_list_options { struct dentry *new_dentry); int (*path_chmod)(const struct path *path, umode_t mode); int (*path_chown)(const struct path *path, kuid_t uid, kgid_t gid); - int (*path_chroot)(struct path *path); + int (*path_chroot)(const struct path *path); #endif int (*inode_alloc_security)(struct inode *inode); diff --git a/include/linux/security.h b/include/linux/security.h index 82854115e36b7e..cb53cffbfae416 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -1457,7 +1457,7 @@ int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, unsigned int flags); int security_path_chmod(const struct path *path, umode_t mode); int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid); -int security_path_chroot(struct path *path); +int security_path_chroot(const struct path *path); #else /* CONFIG_SECURITY_PATH */ static inline int security_path_unlink(const struct path *dir, struct dentry *dentry) { @@ -1518,7 +1518,7 @@ static inline int security_path_chown(const struct path *path, kuid_t uid, kgid_ return 0; } -static inline int security_path_chroot(struct path *path) +static inline int security_path_chroot(const struct path *path) { return 0; } diff --git a/security/security.c b/security/security.c index 33b85a9601288f..cf6f31df524aa7 100644 --- a/security/security.c +++ b/security/security.c @@ -499,7 +499,7 @@ int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) return call_int_hook(path_chown, 0, path, uid, gid); } -int security_path_chroot(struct path *path) +int security_path_chroot(const struct path *path) { return call_int_hook(path_chroot, 0, path); } diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index 6a858f2f406393..c7764bb747aa28 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -385,7 +385,7 @@ static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chroot(struct path *path) +static int tomoyo_path_chroot(const struct path *path) { return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); } From 3b73b68c05db0b3c9b282c6e8e6eb71acc589a02 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:31:19 -0400 Subject: [PATCH 17/18] constify security_sb_pivotroot() Signed-off-by: Al Viro --- include/linux/lsm_hooks.h | 2 +- include/linux/security.h | 6 +++--- security/security.c | 2 +- security/tomoyo/tomoyo.c | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index e2baca48e596e2..41c0aa6d39ea51 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h @@ -1346,7 +1346,7 @@ union security_list_options { int (*sb_mount)(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data); int (*sb_umount)(struct vfsmount *mnt, int flags); - int (*sb_pivotroot)(struct path *old_path, struct path *new_path); + int (*sb_pivotroot)(const struct path *old_path, const struct path *new_path); int (*sb_set_mnt_opts)(struct super_block *sb, struct security_mnt_opts *opts, unsigned long kern_flags, diff --git a/include/linux/security.h b/include/linux/security.h index cb53cffbfae416..fcfa211c694f03 100644 --- a/include/linux/security.h +++ b/include/linux/security.h @@ -225,7 +225,7 @@ int security_sb_statfs(struct dentry *dentry); int security_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data); int security_sb_umount(struct vfsmount *mnt, int flags); -int security_sb_pivotroot(struct path *old_path, struct path *new_path); +int security_sb_pivotroot(const struct path *old_path, const struct path *new_path); int security_sb_set_mnt_opts(struct super_block *sb, struct security_mnt_opts *opts, unsigned long kern_flags, @@ -542,8 +542,8 @@ static inline int security_sb_umount(struct vfsmount *mnt, int flags) return 0; } -static inline int security_sb_pivotroot(struct path *old_path, - struct path *new_path) +static inline int security_sb_pivotroot(const struct path *old_path, + const struct path *new_path) { return 0; } diff --git a/security/security.c b/security/security.c index cf6f31df524aa7..f7af0aaa173eba 100644 --- a/security/security.c +++ b/security/security.c @@ -313,7 +313,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags) return call_int_hook(sb_umount, 0, mnt, flags); } -int security_sb_pivotroot(struct path *old_path, struct path *new_path) +int security_sb_pivotroot(const struct path *old_path, const struct path *new_path) { return call_int_hook(sb_pivotroot, 0, old_path, new_path); } diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index c7764bb747aa28..75c998700190ce 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) +static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) { return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); } From 81cd8896a64cc34bd59f097fa619b11ab40ca7a6 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Mar 2016 15:33:04 -0400 Subject: [PATCH 18/18] constify ima_d_path() Signed-off-by: Al Viro --- security/integrity/ima/ima.h | 2 +- security/integrity/ima/ima_api.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 5d0f61163d982d..d3a939bf278115 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data, int ima_store_template(struct ima_template_entry *entry, int violation, struct inode *inode, const unsigned char *filename); void ima_free_template_entry(struct ima_template_entry *entry); -const char *ima_d_path(struct path *path, char **pathbuf); +const char *ima_d_path(const struct path *path, char **pathbuf); /* IMA policy related functions */ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 370e42dfc5c58b..5a2218fe877aea 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, iint->flags |= IMA_AUDITED; } -const char *ima_d_path(struct path *path, char **pathbuf) +const char *ima_d_path(const struct path *path, char **pathbuf) { char *pathname = NULL;