kevin/linux
1
Fork 0
Code

security,bpf: constify struct path in bpf_token_create() LSM hook

Browse Source 
There is no reason why struct path pointer shouldn't be const-qualified
when being passed into bpf_token_create() LSM hook. Add that const.

Acked-by: Paul Moore <paul@paul-moore.com> (LSM/SELinux)
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>
This commit is contained in:
Andrii Nakryiko 2024-08-06 15:38:12 -07:00
parent eceb7b33e5
commit 433d7ce2d8
4 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/linux/lsm_hook_defs.h
View File

@ -431,7 +431,7 @@ LSM_HOOK(int, 0, bpf_prog_load, struct bpf_prog *prog, union bpf_attr *attr,
struct bpf_token *token) struct bpf_token *token)
LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free, struct bpf_prog *prog) LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free, struct bpf_prog *prog)
LSM_HOOK(int, 0, bpf_token_create, struct bpf_token *token, union bpf_attr *attr, LSM_HOOK(int, 0, bpf_token_create, struct bpf_token *token, union bpf_attr *attr,
struct path *path) const struct path *path)
LSM_HOOK(void, LSM_RET_VOID, bpf_token_free, struct bpf_token *token) LSM_HOOK(void, LSM_RET_VOID, bpf_token_free, struct bpf_token *token)
LSM_HOOK(int, 0, bpf_token_cmd, const struct bpf_token *token, enum bpf_cmd cmd) LSM_HOOK(int, 0, bpf_token_cmd, const struct bpf_token *token, enum bpf_cmd cmd)
LSM_HOOK(int, 0, bpf_token_capable, const struct bpf_token *token, int cap) LSM_HOOK(int, 0, bpf_token_capable, const struct bpf_token *token, int cap)

4
include/linux/security.h
View File

@ -2137,7 +2137,7 @@ extern int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
struct bpf_token *token); struct bpf_token *token);
extern void security_bpf_prog_free(struct bpf_prog *prog); extern void security_bpf_prog_free(struct bpf_prog *prog);
extern int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, extern int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
struct path *path); const struct path *path);
extern void security_bpf_token_free(struct bpf_token *token); extern void security_bpf_token_free(struct bpf_token *token);
extern int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd); extern int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd);
extern int security_bpf_token_capable(const struct bpf_token *token, int cap); extern int security_bpf_token_capable(const struct bpf_token *token, int cap);
@ -2177,7 +2177,7 @@ static inline void security_bpf_prog_free(struct bpf_prog *prog)
{ } { }
static inline int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, static inline int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
struct path *path) const struct path *path)
{ {
return 0; return 0;
} }

2
security/security.c
View File

@ -5510,7 +5510,7 @@ int security_bpf_prog_load(struct bpf_prog *prog, union bpf_attr *attr,
* Return: Returns 0 on success, error on failure. * Return: Returns 0 on success, error on failure.
*/ */
int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
struct path *path) const struct path *path)
{ {
return call_int_hook(bpf_token_create, token, attr, path); return call_int_hook(bpf_token_create, token, attr, path);
} }

2
security/selinux/hooks.c
View File

@ -6965,7 +6965,7 @@ static void selinux_bpf_prog_free(struct bpf_prog *prog)
} }
static int selinux_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, static int selinux_bpf_token_create(struct bpf_token *token, union bpf_attr *attr,
struct path *path) const struct path *path)
{ {
struct bpf_security_struct *bpfsec; struct bpf_security_struct *bpfsec;