diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2016-05-17 23:41:03 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2016-05-17 23:41:03 +0200 |
commit | c52b76185b7a1b300e5f15ff871c8f45ced3dee9 (patch) | |
tree | 071bb551fb652d1e1b7e8e82e410d16630c0f2dc /security | |
parent | Merge branch 'for-cifs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro... (diff) | |
parent | constify ima_d_path() (diff) | |
download | linux-c52b76185b7a1b300e5f15ff871c8f45ced3dee9.tar.xz linux-c52b76185b7a1b300e5f15ff871c8f45ced3dee9.zip |
Merge branch 'work.const-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull 'struct path' constification update from Al Viro:
"'struct path' is passed by reference to a bunch of Linux security
methods; in theory, there's nothing to stop them from modifying the
damn thing and LSM community being what it is, sooner or later some
enterprising soul is going to decide that it's a good idea.
Let's remove the temptation and constify all of those..."
* 'work.const-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
constify ima_d_path()
constify security_sb_pivotroot()
constify security_path_chroot()
constify security_path_{link,rename}
apparmor: remove useless checks for NULL ->mnt
constify security_path_{mkdir,mknod,symlink}
constify security_path_{unlink,rmdir}
apparmor: constify common_perm_...()
apparmor: constify aa_path_link()
apparmor: new helper - common_path_perm()
constify chmod_common/security_path_chmod
constify security_sb_mount()
constify chown_common/security_path_chown
tomoyo: constify assorted struct path *
apparmor_path_truncate(): path->mnt is never NULL
constify vfs_truncate()
constify security_path_truncate()
[apparmor] constify struct path * in a bunch of helpers
Diffstat (limited to 'security')
-rw-r--r-- | security/apparmor/file.c | 4 | ||||
-rw-r--r-- | security/apparmor/include/file.h | 4 | ||||
-rw-r--r-- | security/apparmor/include/path.h | 2 | ||||
-rw-r--r-- | security/apparmor/lsm.c | 83 | ||||
-rw-r--r-- | security/apparmor/path.c | 8 | ||||
-rw-r--r-- | security/integrity/ima/ima.h | 2 | ||||
-rw-r--r-- | security/integrity/ima/ima_api.c | 2 | ||||
-rw-r--r-- | security/security.c | 28 | ||||
-rw-r--r-- | security/selinux/hooks.c | 2 | ||||
-rw-r--r-- | security/tomoyo/common.h | 12 | ||||
-rw-r--r-- | security/tomoyo/file.c | 10 | ||||
-rw-r--r-- | security/tomoyo/mount.c | 4 | ||||
-rw-r--r-- | security/tomoyo/tomoyo.c | 28 |
13 files changed, 83 insertions, 106 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c index 913f377a038a..d186674f973a 100644 --- a/security/apparmor/file.c +++ b/security/apparmor/file.c @@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry) * * Returns: %0 else error if access denied or other error */ -int aa_path_perm(int op, struct aa_profile *profile, struct path *path, +int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, int flags, u32 request, struct path_cond *cond) { char *buffer = NULL; @@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target) * Returns: %0 if allowed else error */ int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry) + const struct path *new_dir, struct dentry *new_dentry) { struct path link = { new_dir->mnt, new_dentry }; struct path target = { new_dir->mnt, old_dentry }; diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h index 2c922b86bd44..4803c97d1992 100644 --- a/security/apparmor/include/file.h +++ b/security/apparmor/include/file.h @@ -171,11 +171,11 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start, const char *name, struct path_cond *cond, struct file_perms *perms); -int aa_path_perm(int op, struct aa_profile *profile, struct path *path, +int aa_path_perm(int op, struct aa_profile *profile, const struct path *path, int flags, u32 request, struct path_cond *cond); int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry); + const struct path *new_dir, struct dentry *new_dentry); int aa_file_perm(int op, struct aa_profile *profile, struct file *file, u32 request); diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h index 286ac75dc88b..73560f258784 100644 --- a/security/apparmor/include/path.h +++ b/security/apparmor/include/path.h @@ -26,7 +26,7 @@ enum path_flags { PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */ }; -int aa_path_name(struct path *path, int flags, char **buffer, +int aa_path_name(const struct path *path, int flags, char **buffer, const char **name, const char **info); #endif /* __AA_PATH_H */ diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index dec607c17b64..2660fbcf94d1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns, * * Returns: %0 else error code if error or permission denied */ -static int common_perm(int op, struct path *path, u32 mask, +static int common_perm(int op, const struct path *path, u32 mask, struct path_cond *cond) { struct aa_profile *profile; @@ -172,7 +172,7 @@ static int common_perm(int op, struct path *path, u32 mask, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_dir_dentry(int op, struct path *dir, +static int common_perm_dir_dentry(int op, const struct path *dir, struct dentry *dentry, u32 mask, struct path_cond *cond) { @@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir, } /** - * common_perm_mnt_dentry - common permission wrapper when mnt, dentry + * common_perm_path - common permission wrapper when mnt, dentry * @op: operation being checked - * @mnt: mount point of dentry (NOT NULL) - * @dentry: dentry to check (NOT NULL) + * @path: location to check (NOT NULL) * @mask: requested permissions mask * * Returns: %0 else error code if error or permission denied */ -static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, - struct dentry *dentry, u32 mask) +static inline int common_perm_path(int op, const struct path *path, u32 mask) { - struct path path = { mnt, dentry }; - struct path_cond cond = { d_backing_inode(dentry)->i_uid, - d_backing_inode(dentry)->i_mode + struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, + d_backing_inode(path->dentry)->i_mode }; + if (!mediated_filesystem(path->dentry)) + return 0; - return common_perm(op, &path, mask, &cond); + return common_perm(op, path, mask, &cond); } /** @@ -210,13 +209,13 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_rm(int op, struct path *dir, +static int common_perm_rm(int op, const struct path *dir, struct dentry *dentry, u32 mask) { struct inode *inode = d_backing_inode(dentry); struct path_cond cond = { }; - if (!inode || !dir->mnt || !mediated_filesystem(dentry)) + if (!inode || !mediated_filesystem(dentry)) return 0; cond.uid = inode->i_uid; @@ -235,61 +234,53 @@ static int common_perm_rm(int op, struct path *dir, * * Returns: %0 else error code if error or permission denied */ -static int common_perm_create(int op, struct path *dir, struct dentry *dentry, - u32 mask, umode_t mode) +static int common_perm_create(int op, const struct path *dir, + struct dentry *dentry, u32 mask, umode_t mode) { struct path_cond cond = { current_fsuid(), mode }; - if (!dir->mnt || !mediated_filesystem(dir->dentry)) + if (!mediated_filesystem(dir->dentry)) return 0; return common_perm_dir_dentry(op, dir, dentry, mask, &cond); } -static int apparmor_path_unlink(struct path *dir, struct dentry *dentry) +static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry) { return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE); } -static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry, +static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) { return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE, S_IFDIR); } -static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry) +static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry) { return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE); } -static int apparmor_path_mknod(struct path *dir, struct dentry *dentry, +static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode); } -static int apparmor_path_truncate(struct path *path) +static int apparmor_path_truncate(const struct path *path) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!path->mnt || !mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE, - &cond); + return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE); } -static int apparmor_path_symlink(struct path *dir, struct dentry *dentry, +static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name) { return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE, S_IFLNK); } -static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, +static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { struct aa_profile *profile; @@ -304,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir, return error; } -static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry) +static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry) { struct aa_profile *profile; int error = 0; @@ -334,33 +325,19 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry, return error; } -static int apparmor_path_chmod(struct path *path, umode_t mode) +static int apparmor_path_chmod(const struct path *path, umode_t mode) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD); + return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD); } -static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid) +static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { - struct path_cond cond = { d_backing_inode(path->dentry)->i_uid, - d_backing_inode(path->dentry)->i_mode - }; - - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond); + return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN); } static int apparmor_inode_getattr(const struct path *path) { - if (!mediated_filesystem(path->dentry)) - return 0; - - return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry, - AA_MAY_META_READ); + return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ); } static int apparmor_file_open(struct file *file, const struct cred *cred) diff --git a/security/apparmor/path.c b/security/apparmor/path.c index 71e0e3a15b9d..edddc026406b 100644 --- a/security/apparmor/path.c +++ b/security/apparmor/path.c @@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen) * When no error the path name is returned in @name which points to * to a position in @buf */ -static int d_namespace_path(struct path *path, char *buf, int buflen, +static int d_namespace_path(const struct path *path, char *buf, int buflen, char **name, int flags) { char *res; @@ -158,7 +158,7 @@ out: * * Returns: %0 else error on failure */ -static int get_name_to_buffer(struct path *path, int flags, char *buffer, +static int get_name_to_buffer(const struct path *path, int flags, char *buffer, int size, char **name, const char **info) { int adjust = (flags & PATH_IS_DIR) ? 1 : 0; @@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer, * * Returns: %0 else error code if could retrieve name */ -int aa_path_name(struct path *path, int flags, char **buffer, const char **name, - const char **info) +int aa_path_name(const struct path *path, int flags, char **buffer, + const char **name, const char **info) { char *buf, *str = NULL; int size = 256; diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index 5d0f61163d98..d3a939bf2781 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data, int ima_store_template(struct ima_template_entry *entry, int violation, struct inode *inode, const unsigned char *filename); void ima_free_template_entry(struct ima_template_entry *entry); -const char *ima_d_path(struct path *path, char **pathbuf); +const char *ima_d_path(const struct path *path, char **pathbuf); /* IMA policy related functions */ int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask, diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index 370e42dfc5c5..5a2218fe877a 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint, iint->flags |= IMA_AUDITED; } -const char *ima_d_path(struct path *path, char **pathbuf) +const char *ima_d_path(const struct path *path, char **pathbuf) { char *pathname = NULL; diff --git a/security/security.c b/security/security.c index 8c44a64f191d..d17e4a6d269c 100644 --- a/security/security.c +++ b/security/security.c @@ -302,7 +302,7 @@ int security_sb_statfs(struct dentry *dentry) return call_int_hook(sb_statfs, 0, dentry); } -int security_sb_mount(const char *dev_name, struct path *path, +int security_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) { return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data); @@ -313,7 +313,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags) return call_int_hook(sb_umount, 0, mnt, flags); } -int security_sb_pivotroot(struct path *old_path, struct path *new_path) +int security_sb_pivotroot(const struct path *old_path, const struct path *new_path) { return call_int_hook(sb_pivotroot, 0, old_path, new_path); } @@ -410,7 +410,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir, EXPORT_SYMBOL(security_old_inode_init_security); #ifdef CONFIG_SECURITY_PATH -int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, +int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode, unsigned int dev) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) @@ -419,7 +419,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode, } EXPORT_SYMBOL(security_path_mknod); -int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) +int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; @@ -427,14 +427,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode) } EXPORT_SYMBOL(security_path_mkdir); -int security_path_rmdir(struct path *dir, struct dentry *dentry) +int security_path_rmdir(const struct path *dir, struct dentry *dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; return call_int_hook(path_rmdir, 0, dir, dentry); } -int security_path_unlink(struct path *dir, struct dentry *dentry) +int security_path_unlink(const struct path *dir, struct dentry *dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) return 0; @@ -442,7 +442,7 @@ int security_path_unlink(struct path *dir, struct dentry *dentry) } EXPORT_SYMBOL(security_path_unlink); -int security_path_symlink(struct path *dir, struct dentry *dentry, +int security_path_symlink(const struct path *dir, struct dentry *dentry, const char *old_name) { if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry)))) @@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry, return call_int_hook(path_symlink, 0, dir, dentry, old_name); } -int security_path_link(struct dentry *old_dentry, struct path *new_dir, +int security_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)))) @@ -458,8 +458,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir, return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry); } -int security_path_rename(struct path *old_dir, struct dentry *old_dentry, - struct path *new_dir, struct dentry *new_dentry, +int security_path_rename(const struct path *old_dir, struct dentry *old_dentry, + const struct path *new_dir, struct dentry *new_dentry, unsigned int flags) { if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) || @@ -478,28 +478,28 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry, } EXPORT_SYMBOL(security_path_rename); -int security_path_truncate(struct path *path) +int security_path_truncate(const struct path *path) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return call_int_hook(path_truncate, 0, path); } -int security_path_chmod(struct path *path, umode_t mode) +int security_path_chmod(const struct path *path, umode_t mode) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return call_int_hook(path_chmod, 0, path, mode); } -int security_path_chown(struct path *path, kuid_t uid, kgid_t gid) +int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry)))) return 0; return call_int_hook(path_chown, 0, path, uid, gid); } -int security_path_chroot(struct path *path) +int security_path_chroot(const struct path *path) { return call_int_hook(path_chroot, 0, path); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 469f5c75bd4b..3140efa76a75 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2761,7 +2761,7 @@ static int selinux_sb_statfs(struct dentry *dentry) } static int selinux_mount(const char *dev_name, - struct path *path, + const struct path *path, const char *type, unsigned long flags, void *data) diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h index f9c9fb1d56b4..361e7a284699 100644 --- a/security/tomoyo/common.h +++ b/security/tomoyo/common.h @@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name); const struct tomoyo_path_info *tomoyo_path_matches_group (const struct tomoyo_path_info *pathname, const struct tomoyo_group *group); int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, - struct path *path, const int flag); + const struct path *path, const int flag); void tomoyo_close_control(struct tomoyo_io_buffer *head); int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env); int tomoyo_execute_permission(struct tomoyo_request_info *r, @@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile, int tomoyo_init_request_info(struct tomoyo_request_info *r, struct tomoyo_domain_info *domain, const u8 index); -int tomoyo_mkdev_perm(const u8 operation, struct path *path, +int tomoyo_mkdev_perm(const u8 operation, const struct path *path, const unsigned int mode, unsigned int dev); -int tomoyo_mount_permission(const char *dev_name, struct path *path, +int tomoyo_mount_permission(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data_page); int tomoyo_open_control(const u8 type, struct file *file); -int tomoyo_path2_perm(const u8 operation, struct path *path1, - struct path *path2); -int tomoyo_path_number_perm(const u8 operation, struct path *path, +int tomoyo_path2_perm(const u8 operation, const struct path *path1, + const struct path *path2); +int tomoyo_path_number_perm(const u8 operation, const struct path *path, unsigned long number); int tomoyo_path_perm(const u8 operation, const struct path *path, const char *target); diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c index 2367b100cc62..7041a580019e 100644 --- a/security/tomoyo/file.c +++ b/security/tomoyo/file.c @@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path_number_perm(const u8 type, struct path *path, +int tomoyo_path_number_perm(const u8 type, const struct path *path, unsigned long number) { struct tomoyo_request_info r; @@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path, * Returns 0 on success, negative value otherwise. */ int tomoyo_check_open_permission(struct tomoyo_domain_info *domain, - struct path *path, const int flag) + const struct path *path, const int flag) { const u8 acc_mode = ACC_MODE(flag); int error = 0; @@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta * * Returns 0 on success, negative value otherwise. */ -int tomoyo_mkdev_perm(const u8 operation, struct path *path, +int tomoyo_mkdev_perm(const u8 operation, const struct path *path, const unsigned int mode, unsigned int dev) { struct tomoyo_request_info r; @@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_path2_perm(const u8 operation, struct path *path1, - struct path *path2) +int tomoyo_path2_perm(const u8 operation, const struct path *path1, + const struct path *path2) { int error = -ENOMEM; struct tomoyo_path_info buf1; diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c index 390c646013cb..14b53fb2a0cf 100644 --- a/security/tomoyo/mount.c +++ b/security/tomoyo/mount.c @@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r, */ static int tomoyo_mount_acl(struct tomoyo_request_info *r, const char *dev_name, - struct path *dir, const char *type, + const struct path *dir, const char *type, unsigned long flags) { struct tomoyo_obj_info obj = { }; @@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r, * * Returns 0 on success, negative value otherwise. */ -int tomoyo_mount_permission(const char *dev_name, struct path *path, +int tomoyo_mount_permission(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data_page) { diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c index cbf3df422c87..75c998700190 100644 --- a/security/tomoyo/tomoyo.c +++ b/security/tomoyo/tomoyo.c @@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_truncate(struct path *path) +static int tomoyo_path_truncate(const struct path *path) { return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL); } @@ -163,7 +163,7 @@ static int tomoyo_path_truncate(struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) +static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry) { struct path path = { parent->mnt, dentry }; return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL); @@ -178,7 +178,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, +static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry, umode_t mode) { struct path path = { parent->mnt, dentry }; @@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) +static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry) { struct path path = { parent->mnt, dentry }; return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL); @@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, +static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry, const char *old_name) { struct path path = { parent->mnt, dentry }; @@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, +static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry, umode_t mode, unsigned int dev) { struct path path = { parent->mnt, dentry }; @@ -265,7 +265,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, +static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir, struct dentry *new_dentry) { struct path path1 = { new_dir->mnt, old_dentry }; @@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_rename(struct path *old_parent, +static int tomoyo_path_rename(const struct path *old_parent, struct dentry *old_dentry, - struct path *new_parent, + const struct path *new_parent, struct dentry *new_dentry) { struct path path1 = { old_parent->mnt, old_dentry }; @@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd, * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chmod(struct path *path, umode_t mode) +static int tomoyo_path_chmod(const struct path *path, umode_t mode) { return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path, mode & S_IALLUGO); @@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) +static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid) { int error = 0; if (uid_valid(uid)) @@ -385,7 +385,7 @@ static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_path_chroot(struct path *path) +static int tomoyo_path_chroot(const struct path *path) { return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL); } @@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_sb_mount(const char *dev_name, struct path *path, +static int tomoyo_sb_mount(const char *dev_name, const struct path *path, const char *type, unsigned long flags, void *data) { return tomoyo_mount_permission(dev_name, path, type, flags, data); @@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags) * * Returns 0 on success, negative value otherwise. */ -static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path) +static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path) { return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path); } |