summaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorKhadija Kamran <kamrankhadijadj@gmail.com>2023-08-12 17:31:08 +0200
committerPaul Moore <paul@paul-moore.com>2023-08-15 22:04:34 +0200
commit8e4672d6f902d5c4db1e87e8aa9f530149d85bc6 (patch)
tree8b2450fcb8a618c672456e1b90801b3f8ebf1e09 /security/selinux
parentlsm: constify the 'target' parameter in security_capget() (diff)
downloadlinux-8e4672d6f902d5c4db1e87e8aa9f530149d85bc6.tar.xz
linux-8e4672d6f902d5c4db1e87e8aa9f530149d85bc6.zip
lsm: constify the 'file' parameter in security_binder_transfer_file()
SELinux registers the implementation for the "binder_transfer_file" hook. Looking at the function implementation we observe that the parameter "file" is not changing. Mark the "file" parameter of LSM hook security_binder_transfer_file() as "const" since it will not be changing in the LSM hook. Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com> [PM: subject line whitespace fix] Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/hooks.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c816dc5de627..ee7c49c2cfd3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1691,7 +1691,7 @@ static inline int file_path_has_perm(const struct cred *cred,
}
#ifdef CONFIG_BPF_SYSCALL
-static int bpf_fd_pass(struct file *file, u32 sid);
+static int bpf_fd_pass(const struct file *file, u32 sid);
#endif
/* Check whether a task can use an open file descriptor to
@@ -1952,7 +1952,7 @@ static inline u32 file_mask_to_av(int mode, int mask)
}
/* Convert a Linux file to an access vector. */
-static inline u32 file_to_av(struct file *file)
+static inline u32 file_to_av(const struct file *file)
{
u32 av = 0;
@@ -2027,7 +2027,7 @@ static int selinux_binder_transfer_binder(const struct cred *from,
static int selinux_binder_transfer_file(const struct cred *from,
const struct cred *to,
- struct file *file)
+ const struct file *file)
{
u32 sid = cred_sid(to);
struct file_security_struct *fsec = selinux_file(file);
@@ -6718,7 +6718,7 @@ static u32 bpf_map_fmode_to_av(fmode_t fmode)
* access the bpf object and that's why we have to add this additional check in
* selinux_file_receive and selinux_binder_transfer_files.
*/
-static int bpf_fd_pass(struct file *file, u32 sid)
+static int bpf_fd_pass(const struct file *file, u32 sid)
{
struct bpf_security_struct *bpfsec;
struct bpf_prog *prog;