summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2016-05-17 23:41:03 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2016-05-17 23:41:03 +0200
commitc52b76185b7a1b300e5f15ff871c8f45ced3dee9 (patch)
tree071bb551fb652d1e1b7e8e82e410d16630c0f2dc /security
parentMerge branch 'for-cifs' of git://git.kernel.org/pub/scm/linux/kernel/git/viro... (diff)
parentconstify ima_d_path() (diff)
downloadlinux-c52b76185b7a1b300e5f15ff871c8f45ced3dee9.tar.xz
linux-c52b76185b7a1b300e5f15ff871c8f45ced3dee9.zip
Merge branch 'work.const-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull 'struct path' constification update from Al Viro: "'struct path' is passed by reference to a bunch of Linux security methods; in theory, there's nothing to stop them from modifying the damn thing and LSM community being what it is, sooner or later some enterprising soul is going to decide that it's a good idea. Let's remove the temptation and constify all of those..." * 'work.const-path' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs: constify ima_d_path() constify security_sb_pivotroot() constify security_path_chroot() constify security_path_{link,rename} apparmor: remove useless checks for NULL ->mnt constify security_path_{mkdir,mknod,symlink} constify security_path_{unlink,rmdir} apparmor: constify common_perm_...() apparmor: constify aa_path_link() apparmor: new helper - common_path_perm() constify chmod_common/security_path_chmod constify security_sb_mount() constify chown_common/security_path_chown tomoyo: constify assorted struct path * apparmor_path_truncate(): path->mnt is never NULL constify vfs_truncate() constify security_path_truncate() [apparmor] constify struct path * in a bunch of helpers
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/file.c4
-rw-r--r--security/apparmor/include/file.h4
-rw-r--r--security/apparmor/include/path.h2
-rw-r--r--security/apparmor/lsm.c83
-rw-r--r--security/apparmor/path.c8
-rw-r--r--security/integrity/ima/ima.h2
-rw-r--r--security/integrity/ima/ima_api.c2
-rw-r--r--security/security.c28
-rw-r--r--security/selinux/hooks.c2
-rw-r--r--security/tomoyo/common.h12
-rw-r--r--security/tomoyo/file.c10
-rw-r--r--security/tomoyo/mount.c4
-rw-r--r--security/tomoyo/tomoyo.c28
13 files changed, 83 insertions, 106 deletions
diff --git a/security/apparmor/file.c b/security/apparmor/file.c
index 913f377a038a..d186674f973a 100644
--- a/security/apparmor/file.c
+++ b/security/apparmor/file.c
@@ -275,7 +275,7 @@ static inline bool is_deleted(struct dentry *dentry)
*
* Returns: %0 else error if access denied or other error
*/
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
+int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
int flags, u32 request, struct path_cond *cond)
{
char *buffer = NULL;
@@ -346,7 +346,7 @@ static inline bool xindex_is_subset(u32 link, u32 target)
* Returns: %0 if allowed else error
*/
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
+ const struct path *new_dir, struct dentry *new_dentry)
{
struct path link = { new_dir->mnt, new_dentry };
struct path target = { new_dir->mnt, old_dentry };
diff --git a/security/apparmor/include/file.h b/security/apparmor/include/file.h
index 2c922b86bd44..4803c97d1992 100644
--- a/security/apparmor/include/file.h
+++ b/security/apparmor/include/file.h
@@ -171,11 +171,11 @@ unsigned int aa_str_perms(struct aa_dfa *dfa, unsigned int start,
const char *name, struct path_cond *cond,
struct file_perms *perms);
-int aa_path_perm(int op, struct aa_profile *profile, struct path *path,
+int aa_path_perm(int op, struct aa_profile *profile, const struct path *path,
int flags, u32 request, struct path_cond *cond);
int aa_path_link(struct aa_profile *profile, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry);
+ const struct path *new_dir, struct dentry *new_dentry);
int aa_file_perm(int op, struct aa_profile *profile, struct file *file,
u32 request);
diff --git a/security/apparmor/include/path.h b/security/apparmor/include/path.h
index 286ac75dc88b..73560f258784 100644
--- a/security/apparmor/include/path.h
+++ b/security/apparmor/include/path.h
@@ -26,7 +26,7 @@ enum path_flags {
PATH_MEDIATE_DELETED = 0x10000, /* mediate deleted paths */
};
-int aa_path_name(struct path *path, int flags, char **buffer,
+int aa_path_name(const struct path *path, int flags, char **buffer,
const char **name, const char **info);
#endif /* __AA_PATH_H */
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
index dec607c17b64..2660fbcf94d1 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -149,7 +149,7 @@ static int apparmor_capable(const struct cred *cred, struct user_namespace *ns,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm(int op, struct path *path, u32 mask,
+static int common_perm(int op, const struct path *path, u32 mask,
struct path_cond *cond)
{
struct aa_profile *profile;
@@ -172,7 +172,7 @@ static int common_perm(int op, struct path *path, u32 mask,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_dir_dentry(int op, struct path *dir,
+static int common_perm_dir_dentry(int op, const struct path *dir,
struct dentry *dentry, u32 mask,
struct path_cond *cond)
{
@@ -182,23 +182,22 @@ static int common_perm_dir_dentry(int op, struct path *dir,
}
/**
- * common_perm_mnt_dentry - common permission wrapper when mnt, dentry
+ * common_perm_path - common permission wrapper when mnt, dentry
* @op: operation being checked
- * @mnt: mount point of dentry (NOT NULL)
- * @dentry: dentry to check (NOT NULL)
+ * @path: location to check (NOT NULL)
* @mask: requested permissions mask
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
- struct dentry *dentry, u32 mask)
+static inline int common_perm_path(int op, const struct path *path, u32 mask)
{
- struct path path = { mnt, dentry };
- struct path_cond cond = { d_backing_inode(dentry)->i_uid,
- d_backing_inode(dentry)->i_mode
+ struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
+ d_backing_inode(path->dentry)->i_mode
};
+ if (!mediated_filesystem(path->dentry))
+ return 0;
- return common_perm(op, &path, mask, &cond);
+ return common_perm(op, path, mask, &cond);
}
/**
@@ -210,13 +209,13 @@ static int common_perm_mnt_dentry(int op, struct vfsmount *mnt,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_rm(int op, struct path *dir,
+static int common_perm_rm(int op, const struct path *dir,
struct dentry *dentry, u32 mask)
{
struct inode *inode = d_backing_inode(dentry);
struct path_cond cond = { };
- if (!inode || !dir->mnt || !mediated_filesystem(dentry))
+ if (!inode || !mediated_filesystem(dentry))
return 0;
cond.uid = inode->i_uid;
@@ -235,61 +234,53 @@ static int common_perm_rm(int op, struct path *dir,
*
* Returns: %0 else error code if error or permission denied
*/
-static int common_perm_create(int op, struct path *dir, struct dentry *dentry,
- u32 mask, umode_t mode)
+static int common_perm_create(int op, const struct path *dir,
+ struct dentry *dentry, u32 mask, umode_t mode)
{
struct path_cond cond = { current_fsuid(), mode };
- if (!dir->mnt || !mediated_filesystem(dir->dentry))
+ if (!mediated_filesystem(dir->dentry))
return 0;
return common_perm_dir_dentry(op, dir, dentry, mask, &cond);
}
-static int apparmor_path_unlink(struct path *dir, struct dentry *dentry)
+static int apparmor_path_unlink(const struct path *dir, struct dentry *dentry)
{
return common_perm_rm(OP_UNLINK, dir, dentry, AA_MAY_DELETE);
}
-static int apparmor_path_mkdir(struct path *dir, struct dentry *dentry,
+static int apparmor_path_mkdir(const struct path *dir, struct dentry *dentry,
umode_t mode)
{
return common_perm_create(OP_MKDIR, dir, dentry, AA_MAY_CREATE,
S_IFDIR);
}
-static int apparmor_path_rmdir(struct path *dir, struct dentry *dentry)
+static int apparmor_path_rmdir(const struct path *dir, struct dentry *dentry)
{
return common_perm_rm(OP_RMDIR, dir, dentry, AA_MAY_DELETE);
}
-static int apparmor_path_mknod(struct path *dir, struct dentry *dentry,
+static int apparmor_path_mknod(const struct path *dir, struct dentry *dentry,
umode_t mode, unsigned int dev)
{
return common_perm_create(OP_MKNOD, dir, dentry, AA_MAY_CREATE, mode);
}
-static int apparmor_path_truncate(struct path *path)
+static int apparmor_path_truncate(const struct path *path)
{
- struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
- d_backing_inode(path->dentry)->i_mode
- };
-
- if (!path->mnt || !mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE,
- &cond);
+ return common_perm_path(OP_TRUNC, path, MAY_WRITE | AA_MAY_META_WRITE);
}
-static int apparmor_path_symlink(struct path *dir, struct dentry *dentry,
+static int apparmor_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name)
{
return common_perm_create(OP_SYMLINK, dir, dentry, AA_MAY_CREATE,
S_IFLNK);
}
-static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
+static int apparmor_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
struct aa_profile *profile;
@@ -304,8 +295,8 @@ static int apparmor_path_link(struct dentry *old_dentry, struct path *new_dir,
return error;
}
-static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry)
+static int apparmor_path_rename(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir, struct dentry *new_dentry)
{
struct aa_profile *profile;
int error = 0;
@@ -334,33 +325,19 @@ static int apparmor_path_rename(struct path *old_dir, struct dentry *old_dentry,
return error;
}
-static int apparmor_path_chmod(struct path *path, umode_t mode)
+static int apparmor_path_chmod(const struct path *path, umode_t mode)
{
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm_mnt_dentry(OP_CHMOD, path->mnt, path->dentry, AA_MAY_CHMOD);
+ return common_perm_path(OP_CHMOD, path, AA_MAY_CHMOD);
}
-static int apparmor_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+static int apparmor_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
- struct path_cond cond = { d_backing_inode(path->dentry)->i_uid,
- d_backing_inode(path->dentry)->i_mode
- };
-
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm(OP_CHOWN, path, AA_MAY_CHOWN, &cond);
+ return common_perm_path(OP_CHOWN, path, AA_MAY_CHOWN);
}
static int apparmor_inode_getattr(const struct path *path)
{
- if (!mediated_filesystem(path->dentry))
- return 0;
-
- return common_perm_mnt_dentry(OP_GETATTR, path->mnt, path->dentry,
- AA_MAY_META_READ);
+ return common_perm_path(OP_GETATTR, path, AA_MAY_META_READ);
}
static int apparmor_file_open(struct file *file, const struct cred *cred)
diff --git a/security/apparmor/path.c b/security/apparmor/path.c
index 71e0e3a15b9d..edddc026406b 100644
--- a/security/apparmor/path.c
+++ b/security/apparmor/path.c
@@ -53,7 +53,7 @@ static int prepend(char **buffer, int buflen, const char *str, int namelen)
* When no error the path name is returned in @name which points to
* to a position in @buf
*/
-static int d_namespace_path(struct path *path, char *buf, int buflen,
+static int d_namespace_path(const struct path *path, char *buf, int buflen,
char **name, int flags)
{
char *res;
@@ -158,7 +158,7 @@ out:
*
* Returns: %0 else error on failure
*/
-static int get_name_to_buffer(struct path *path, int flags, char *buffer,
+static int get_name_to_buffer(const struct path *path, int flags, char *buffer,
int size, char **name, const char **info)
{
int adjust = (flags & PATH_IS_DIR) ? 1 : 0;
@@ -204,8 +204,8 @@ static int get_name_to_buffer(struct path *path, int flags, char *buffer,
*
* Returns: %0 else error code if could retrieve name
*/
-int aa_path_name(struct path *path, int flags, char **buffer, const char **name,
- const char **info)
+int aa_path_name(const struct path *path, int flags, char **buffer,
+ const char **name, const char **info)
{
char *buf, *str = NULL;
int size = 256;
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 5d0f61163d98..d3a939bf2781 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -170,7 +170,7 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
int ima_store_template(struct ima_template_entry *entry, int violation,
struct inode *inode, const unsigned char *filename);
void ima_free_template_entry(struct ima_template_entry *entry);
-const char *ima_d_path(struct path *path, char **pathbuf);
+const char *ima_d_path(const struct path *path, char **pathbuf);
/* IMA policy related functions */
int ima_match_policy(struct inode *inode, enum ima_hooks func, int mask,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 370e42dfc5c5..5a2218fe877a 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -313,7 +313,7 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
iint->flags |= IMA_AUDITED;
}
-const char *ima_d_path(struct path *path, char **pathbuf)
+const char *ima_d_path(const struct path *path, char **pathbuf)
{
char *pathname = NULL;
diff --git a/security/security.c b/security/security.c
index 8c44a64f191d..d17e4a6d269c 100644
--- a/security/security.c
+++ b/security/security.c
@@ -302,7 +302,7 @@ int security_sb_statfs(struct dentry *dentry)
return call_int_hook(sb_statfs, 0, dentry);
}
-int security_sb_mount(const char *dev_name, struct path *path,
+int security_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data)
{
return call_int_hook(sb_mount, 0, dev_name, path, type, flags, data);
@@ -313,7 +313,7 @@ int security_sb_umount(struct vfsmount *mnt, int flags)
return call_int_hook(sb_umount, 0, mnt, flags);
}
-int security_sb_pivotroot(struct path *old_path, struct path *new_path)
+int security_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
return call_int_hook(sb_pivotroot, 0, old_path, new_path);
}
@@ -410,7 +410,7 @@ int security_old_inode_init_security(struct inode *inode, struct inode *dir,
EXPORT_SYMBOL(security_old_inode_init_security);
#ifdef CONFIG_SECURITY_PATH
-int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
+int security_path_mknod(const struct path *dir, struct dentry *dentry, umode_t mode,
unsigned int dev)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
@@ -419,7 +419,7 @@ int security_path_mknod(struct path *dir, struct dentry *dentry, umode_t mode,
}
EXPORT_SYMBOL(security_path_mknod);
-int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
+int security_path_mkdir(const struct path *dir, struct dentry *dentry, umode_t mode)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
@@ -427,14 +427,14 @@ int security_path_mkdir(struct path *dir, struct dentry *dentry, umode_t mode)
}
EXPORT_SYMBOL(security_path_mkdir);
-int security_path_rmdir(struct path *dir, struct dentry *dentry)
+int security_path_rmdir(const struct path *dir, struct dentry *dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
return call_int_hook(path_rmdir, 0, dir, dentry);
}
-int security_path_unlink(struct path *dir, struct dentry *dentry)
+int security_path_unlink(const struct path *dir, struct dentry *dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
return 0;
@@ -442,7 +442,7 @@ int security_path_unlink(struct path *dir, struct dentry *dentry)
}
EXPORT_SYMBOL(security_path_unlink);
-int security_path_symlink(struct path *dir, struct dentry *dentry,
+int security_path_symlink(const struct path *dir, struct dentry *dentry,
const char *old_name)
{
if (unlikely(IS_PRIVATE(d_backing_inode(dir->dentry))))
@@ -450,7 +450,7 @@ int security_path_symlink(struct path *dir, struct dentry *dentry,
return call_int_hook(path_symlink, 0, dir, dentry, old_name);
}
-int security_path_link(struct dentry *old_dentry, struct path *new_dir,
+int security_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry))))
@@ -458,8 +458,8 @@ int security_path_link(struct dentry *old_dentry, struct path *new_dir,
return call_int_hook(path_link, 0, old_dentry, new_dir, new_dentry);
}
-int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
- struct path *new_dir, struct dentry *new_dentry,
+int security_path_rename(const struct path *old_dir, struct dentry *old_dentry,
+ const struct path *new_dir, struct dentry *new_dentry,
unsigned int flags)
{
if (unlikely(IS_PRIVATE(d_backing_inode(old_dentry)) ||
@@ -478,28 +478,28 @@ int security_path_rename(struct path *old_dir, struct dentry *old_dentry,
}
EXPORT_SYMBOL(security_path_rename);
-int security_path_truncate(struct path *path)
+int security_path_truncate(const struct path *path)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
return call_int_hook(path_truncate, 0, path);
}
-int security_path_chmod(struct path *path, umode_t mode)
+int security_path_chmod(const struct path *path, umode_t mode)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
return call_int_hook(path_chmod, 0, path, mode);
}
-int security_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+int security_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
if (unlikely(IS_PRIVATE(d_backing_inode(path->dentry))))
return 0;
return call_int_hook(path_chown, 0, path, uid, gid);
}
-int security_path_chroot(struct path *path)
+int security_path_chroot(const struct path *path)
{
return call_int_hook(path_chroot, 0, path);
}
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 469f5c75bd4b..3140efa76a75 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2761,7 +2761,7 @@ static int selinux_sb_statfs(struct dentry *dentry)
}
static int selinux_mount(const char *dev_name,
- struct path *path,
+ const struct path *path,
const char *type,
unsigned long flags,
void *data)
diff --git a/security/tomoyo/common.h b/security/tomoyo/common.h
index f9c9fb1d56b4..361e7a284699 100644
--- a/security/tomoyo/common.h
+++ b/security/tomoyo/common.h
@@ -957,7 +957,7 @@ const struct tomoyo_path_info *tomoyo_get_name(const char *name);
const struct tomoyo_path_info *tomoyo_path_matches_group
(const struct tomoyo_path_info *pathname, const struct tomoyo_group *group);
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
- struct path *path, const int flag);
+ const struct path *path, const int flag);
void tomoyo_close_control(struct tomoyo_io_buffer *head);
int tomoyo_env_perm(struct tomoyo_request_info *r, const char *env);
int tomoyo_execute_permission(struct tomoyo_request_info *r,
@@ -968,15 +968,15 @@ int tomoyo_get_mode(const struct tomoyo_policy_namespace *ns, const u8 profile,
int tomoyo_init_request_info(struct tomoyo_request_info *r,
struct tomoyo_domain_info *domain,
const u8 index);
-int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
const unsigned int mode, unsigned int dev);
-int tomoyo_mount_permission(const char *dev_name, struct path *path,
+int tomoyo_mount_permission(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data_page);
int tomoyo_open_control(const u8 type, struct file *file);
-int tomoyo_path2_perm(const u8 operation, struct path *path1,
- struct path *path2);
-int tomoyo_path_number_perm(const u8 operation, struct path *path,
+int tomoyo_path2_perm(const u8 operation, const struct path *path1,
+ const struct path *path2);
+int tomoyo_path_number_perm(const u8 operation, const struct path *path,
unsigned long number);
int tomoyo_path_perm(const u8 operation, const struct path *path,
const char *target);
diff --git a/security/tomoyo/file.c b/security/tomoyo/file.c
index 2367b100cc62..7041a580019e 100644
--- a/security/tomoyo/file.c
+++ b/security/tomoyo/file.c
@@ -687,7 +687,7 @@ static int tomoyo_update_path_number_acl(const u8 perm,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_path_number_perm(const u8 type, struct path *path,
+int tomoyo_path_number_perm(const u8 type, const struct path *path,
unsigned long number)
{
struct tomoyo_request_info r;
@@ -733,7 +733,7 @@ int tomoyo_path_number_perm(const u8 type, struct path *path,
* Returns 0 on success, negative value otherwise.
*/
int tomoyo_check_open_permission(struct tomoyo_domain_info *domain,
- struct path *path, const int flag)
+ const struct path *path, const int flag)
{
const u8 acc_mode = ACC_MODE(flag);
int error = 0;
@@ -838,7 +838,7 @@ int tomoyo_path_perm(const u8 operation, const struct path *path, const char *ta
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_mkdev_perm(const u8 operation, struct path *path,
+int tomoyo_mkdev_perm(const u8 operation, const struct path *path,
const unsigned int mode, unsigned int dev)
{
struct tomoyo_request_info r;
@@ -882,8 +882,8 @@ int tomoyo_mkdev_perm(const u8 operation, struct path *path,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_path2_perm(const u8 operation, struct path *path1,
- struct path *path2)
+int tomoyo_path2_perm(const u8 operation, const struct path *path1,
+ const struct path *path2)
{
int error = -ENOMEM;
struct tomoyo_path_info buf1;
diff --git a/security/tomoyo/mount.c b/security/tomoyo/mount.c
index 390c646013cb..14b53fb2a0cf 100644
--- a/security/tomoyo/mount.c
+++ b/security/tomoyo/mount.c
@@ -73,7 +73,7 @@ static bool tomoyo_check_mount_acl(struct tomoyo_request_info *r,
*/
static int tomoyo_mount_acl(struct tomoyo_request_info *r,
const char *dev_name,
- struct path *dir, const char *type,
+ const struct path *dir, const char *type,
unsigned long flags)
{
struct tomoyo_obj_info obj = { };
@@ -184,7 +184,7 @@ static int tomoyo_mount_acl(struct tomoyo_request_info *r,
*
* Returns 0 on success, negative value otherwise.
*/
-int tomoyo_mount_permission(const char *dev_name, struct path *path,
+int tomoyo_mount_permission(const char *dev_name, const struct path *path,
const char *type, unsigned long flags,
void *data_page)
{
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c
index cbf3df422c87..75c998700190 100644
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -150,7 +150,7 @@ static int tomoyo_inode_getattr(const struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_truncate(struct path *path)
+static int tomoyo_path_truncate(const struct path *path)
{
return tomoyo_path_perm(TOMOYO_TYPE_TRUNCATE, path, NULL);
}
@@ -163,7 +163,7 @@ static int tomoyo_path_truncate(struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
+static int tomoyo_path_unlink(const struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_UNLINK, &path, NULL);
@@ -178,7 +178,7 @@ static int tomoyo_path_unlink(struct path *parent, struct dentry *dentry)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_mkdir(const struct path *parent, struct dentry *dentry,
umode_t mode)
{
struct path path = { parent->mnt, dentry };
@@ -194,7 +194,7 @@ static int tomoyo_path_mkdir(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
+static int tomoyo_path_rmdir(const struct path *parent, struct dentry *dentry)
{
struct path path = { parent->mnt, dentry };
return tomoyo_path_perm(TOMOYO_TYPE_RMDIR, &path, NULL);
@@ -209,7 +209,7 @@ static int tomoyo_path_rmdir(struct path *parent, struct dentry *dentry)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_symlink(const struct path *parent, struct dentry *dentry,
const char *old_name)
{
struct path path = { parent->mnt, dentry };
@@ -226,7 +226,7 @@ static int tomoyo_path_symlink(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
+static int tomoyo_path_mknod(const struct path *parent, struct dentry *dentry,
umode_t mode, unsigned int dev)
{
struct path path = { parent->mnt, dentry };
@@ -265,7 +265,7 @@ static int tomoyo_path_mknod(struct path *parent, struct dentry *dentry,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
+static int tomoyo_path_link(struct dentry *old_dentry, const struct path *new_dir,
struct dentry *new_dentry)
{
struct path path1 = { new_dir->mnt, old_dentry };
@@ -283,9 +283,9 @@ static int tomoyo_path_link(struct dentry *old_dentry, struct path *new_dir,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_rename(struct path *old_parent,
+static int tomoyo_path_rename(const struct path *old_parent,
struct dentry *old_dentry,
- struct path *new_parent,
+ const struct path *new_parent,
struct dentry *new_dentry)
{
struct path path1 = { old_parent->mnt, old_dentry };
@@ -351,7 +351,7 @@ static int tomoyo_file_ioctl(struct file *file, unsigned int cmd,
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chmod(struct path *path, umode_t mode)
+static int tomoyo_path_chmod(const struct path *path, umode_t mode)
{
return tomoyo_path_number_perm(TOMOYO_TYPE_CHMOD, path,
mode & S_IALLUGO);
@@ -366,7 +366,7 @@ static int tomoyo_path_chmod(struct path *path, umode_t mode)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
+static int tomoyo_path_chown(const struct path *path, kuid_t uid, kgid_t gid)
{
int error = 0;
if (uid_valid(uid))
@@ -385,7 +385,7 @@ static int tomoyo_path_chown(struct path *path, kuid_t uid, kgid_t gid)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_path_chroot(struct path *path)
+static int tomoyo_path_chroot(const struct path *path)
{
return tomoyo_path_perm(TOMOYO_TYPE_CHROOT, path, NULL);
}
@@ -401,7 +401,7 @@ static int tomoyo_path_chroot(struct path *path)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_sb_mount(const char *dev_name, struct path *path,
+static int tomoyo_sb_mount(const char *dev_name, const struct path *path,
const char *type, unsigned long flags, void *data)
{
return tomoyo_mount_permission(dev_name, path, type, flags, data);
@@ -429,7 +429,7 @@ static int tomoyo_sb_umount(struct vfsmount *mnt, int flags)
*
* Returns 0 on success, negative value otherwise.
*/
-static int tomoyo_sb_pivotroot(struct path *old_path, struct path *new_path)
+static int tomoyo_sb_pivotroot(const struct path *old_path, const struct path *new_path)
{
return tomoyo_path2_perm(TOMOYO_TYPE_PIVOT_ROOT, new_path, old_path);
}