security: Make inode argument of inode_getsecid non-const

Make the inode argument of the inode_getsecid hook non-const so that we can use it to revalidate invalid security labels. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Andreas Gruenbacher <agruenba@redhat.com> 2015-12-24 11:09:39 -0500
committer: Paul Moore <pmoore@redhat.com> 2015-12-24 11:09:39 -0500
commit: d6335d77a7622a88380f3f207cc1f727f878dd21 (patch)
tree: 4333468b8ce63aba39de0c37ed1214f0bdb22b9f
parent: ea861dfd9e0e7e044a6e65fa02a14b9159b568da (diff)
9 files changed, 15 insertions, 15 deletions
diff --git a/include/linux/audit.h b/include/linux/audit.h
index 20eba1eb0a3c..8a2d046e9f6b 100644
--- a/include/linux/audit.h
+++ b/include/linux/audit.h
@@ -137,7 +137,7 @@ extern void __audit_getname(struct filename *name);
 extern void __audit_inode(struct filename *name, const struct dentry *dentry,
                                unsigned int flags);
 extern void __audit_file(const struct file *);
-extern void __audit_inode_child(const struct inode *parent,
+extern void __audit_inode_child(struct inode *parent,
                                const struct dentry *dentry,
                                const unsigned char type);
 extern void __audit_seccomp(unsigned long syscall, long signr, int code);
@@ -202,7 +202,7 @@ static inline void audit_inode_parent_hidden(struct filename *name,
                __audit_inode(name, dentry,
                                AUDIT_INODE_PARENT | AUDIT_INODE_HIDDEN);
 }
-static inline void audit_inode_child(const struct inode *parent,
+static inline void audit_inode_child(struct inode *parent,
                                     const struct dentry *dentry,
                                     const unsigned char type) {
        if (unlikely(!audit_dummy_context()))
@@ -359,7 +359,7 @@ static inline void __audit_inode(struct filename *name,
                                        const struct dentry *dentry,
                                        unsigned int flags)
 { }
-static inline void __audit_inode_child(const struct inode *parent,
+static inline void __audit_inode_child(struct inode *parent,
                                        const struct dentry *dentry,
                                        const unsigned char type)
 { }
@@ -373,7 +373,7 @@ static inline void audit_file(struct file *file)
 static inline void audit_inode_parent_hidden(struct filename *name,
                                const struct dentry *dentry)
 { }
-static inline void audit_inode_child(const struct inode *parent,
+static inline void audit_inode_child(struct inode *parent,
                                     const struct dentry *dentry,
                                     const unsigned char type)
 { }
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index bdd0a3a8a0e4..4c48227450e6 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1420,7 +1420,7 @@ union security_list_options {
                                        int flags);
        int (*inode_listsecurity)(struct inode *inode, char *buffer,
                                        size_t buffer_size);
-        void (*inode_getsecid)(const struct inode *inode, u32 *secid);
+        void (*inode_getsecid)(struct inode *inode, u32 *secid);
        int (*file_permission)(struct file *file, int mask);
        int (*file_alloc_security)(struct file *file);
diff --git a/include/linux/security.h b/include/linux/security.h
index 9ee61b264b23..e79149a06454 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -273,7 +273,7 @@ int security_inode_killpriv(struct dentry *dentry);
 int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc);
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
-void security_inode_getsecid(const struct inode *inode, u32 *secid);
+void security_inode_getsecid(struct inode *inode, u32 *secid);
 int security_file_permission(struct file *file, int mask);
 int security_file_alloc(struct file *file);
 void security_file_free(struct file *file);
@@ -734,7 +734,7 @@ static inline int security_inode_listsecurity(struct inode *inode, char *buffer,
        return 0;
 }
-static inline void security_inode_getsecid(const struct inode *inode, u32 *secid)
+static inline void security_inode_getsecid(struct inode *inode, u32 *secid)
 {
        *secid = 0;
 }
diff --git a/kernel/audit.c b/kernel/audit.c
index 5ffcbd354a52..bc2ff61bc1d6 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -1722,7 +1722,7 @@ static inline int audit_copy_fcaps(struct audit_names *name,
 /* Copy inode data into an audit_names. */
 void audit_copy_inode(struct audit_names *name, const struct dentry *dentry,
-                      const struct inode *inode)
+                      struct inode *inode)
 {
        name->ino   = inode->i_ino;
        name->dev   = inode->i_sb->s_dev;
diff --git a/kernel/audit.h b/kernel/audit.h
index de6cbb7cf547..cbbe6bb6496e 100644
--- a/kernel/audit.h
+++ b/kernel/audit.h
@@ -207,7 +207,7 @@ extern u32 audit_ever_enabled;
 extern void audit_copy_inode(struct audit_names *name,
                             const struct dentry *dentry,
-                             const struct inode *inode);
+                             struct inode *inode);
 extern void audit_log_cap(struct audit_buffer *ab, char *prefix,
                          kernel_cap_t *cap);
 extern void audit_log_name(struct audit_context *context,
diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index b86cc04959de..195ffaee50b9 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -1754,7 +1754,7 @@ void __audit_inode(struct filename *name, const struct dentry *dentry,
                   unsigned int flags)
 {
        struct audit_context *context = current->audit_context;
-        const struct inode *inode = d_backing_inode(dentry);
+        struct inode *inode = d_backing_inode(dentry);
        struct audit_names *n;
        bool parent = flags & AUDIT_INODE_PARENT;
@@ -1848,12 +1848,12 @@ void __audit_file(const struct file *file)
 * must be hooked prior, in order to capture the target inode during
 * unsuccessful attempts.
 */
-void __audit_inode_child(const struct inode *parent,
+void __audit_inode_child(struct inode *parent,
                         const struct dentry *dentry,
                         const unsigned char type)
 {
        struct audit_context *context = current->audit_context;
-        const struct inode *inode = d_backing_inode(dentry);
+        struct inode *inode = d_backing_inode(dentry);
        const char *dname = dentry->d_name.name;
        struct audit_names *n, *found_parent = NULL, *found_child = NULL;
diff --git a/security/security.c b/security/security.c
index 73514c91d87f..c5beb7e90721 100644
--- a/security/security.c
+++ b/security/security.c
@@ -721,7 +721,7 @@ int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer
 }
 EXPORT_SYMBOL(security_inode_listsecurity);
-void security_inode_getsecid(const struct inode *inode, u32 *secid)
+void security_inode_getsecid(struct inode *inode, u32 *secid)
 {
        call_void_hook(inode_getsecid, inode, secid);
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 2e40c9c4e12c..19a8f1500a7e 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3180,7 +3180,7 @@ static int selinux_inode_listsecurity(struct inode *inode, char *buffer, size_t
        return len;
 }
-static void selinux_inode_getsecid(const struct inode *inode, u32 *secid)
+static void selinux_inode_getsecid(struct inode *inode, u32 *secid)
 {
        struct inode_security_struct *isec = inode->i_security;
        *secid = isec->sid;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index f0e694bccfd4..ac7436f1bc2b 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1538,7 +1538,7 @@ static int smack_inode_listsecurity(struct inode *inode, char *buffer,
 * @inode: inode to extract the info from
 * @secid: where result will be saved
 */
-static void smack_inode_getsecid(const struct inode *inode, u32 *secid)
+static void smack_inode_getsecid(struct inode *inode, u32 *secid)
 {
        struct inode_smack *isp = inode->i_security;
author	Andreas Gruenbacher <agruenba@redhat.com>	2015-12-24 11:09:39 -0500
committer	Paul Moore <pmoore@redhat.com>	2015-12-24 11:09:39 -0500
commit	d6335d77a7622a88380f3f207cc1f727f878dd21 (patch)
tree	4333468b8ce63aba39de0c37ed1214f0bdb22b9f
parent	ea861dfd9e0e7e044a6e65fa02a14b9159b568da (diff)

diff --git a/include/linux/audit.h b/include/linux/audit.h index 20eba1eb0a3c..8a2d046e9f6b 100644 --- a/include/linux/audit.h +++ b/include/linux/audit.h
@@ -137,7 +137,7 @@ extern void __audit_getname(struct filename *name);
137	extern void __audit_inode(struct filename name, const struct dentry dentry,	137	extern void __audit_inode(struct filename name, const struct dentry dentry,
138	unsigned int flags);	138	unsigned int flags);
139	extern void __audit_file(const struct file *);	139	extern void __audit_file(const struct file *);
140	extern void __audit_inode_child(const struct inode *parent,	140	extern void __audit_inode_child(struct inode *parent,
141	const struct dentry *dentry,	141	const struct dentry *dentry,
142	const unsigned char type);	142	const unsigned char type);
143	extern void __audit_seccomp(unsigned long syscall, long signr, int code);	143	extern void __audit_seccomp(unsigned long syscall, long signr, int code);
@@ -202,7 +202,7 @@ static inline void audit_inode_parent_hidden(struct filename *name,
202	__audit_inode(name, dentry,	202	__audit_inode(name, dentry,
203	AUDIT_INODE_PARENT \| AUDIT_INODE_HIDDEN);	203	AUDIT_INODE_PARENT \| AUDIT_INODE_HIDDEN);
204	}	204	}
205	static inline void audit_inode_child(const struct inode *parent,	205	static inline void audit_inode_child(struct inode *parent,
206	const struct dentry *dentry,	206	const struct dentry *dentry,
207	const unsigned char type) {	207	const unsigned char type) {
208	if (unlikely(!audit_dummy_context()))	208	if (unlikely(!audit_dummy_context()))
@@ -359,7 +359,7 @@ static inline void __audit_inode(struct filename *name,
359	const struct dentry *dentry,	359	const struct dentry *dentry,
360	unsigned int flags)	360	unsigned int flags)
361	{ }	361	{ }
362	static inline void __audit_inode_child(const struct inode *parent,	362	static inline void __audit_inode_child(struct inode *parent,
363	const struct dentry *dentry,	363	const struct dentry *dentry,
364	const unsigned char type)	364	const unsigned char type)
365	{ }	365	{ }
@@ -373,7 +373,7 @@ static inline void audit_file(struct file *file)
373	static inline void audit_inode_parent_hidden(struct filename *name,	373	static inline void audit_inode_parent_hidden(struct filename *name,
374	const struct dentry *dentry)	374	const struct dentry *dentry)
375	{ }	375	{ }
376	static inline void audit_inode_child(const struct inode *parent,	376	static inline void audit_inode_child(struct inode *parent,
377	const struct dentry *dentry,	377	const struct dentry *dentry,
378	const unsigned char type)	378	const unsigned char type)
379	{ }	379	{ }


diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index bdd0a3a8a0e4..4c48227450e6 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h
@@ -1420,7 +1420,7 @@ union security_list_options {
1420	int flags);	1420	int flags);
1421	int (inode_listsecurity)(struct inode inode, char *buffer,	1421	int (inode_listsecurity)(struct inode inode, char *buffer,
1422	size_t buffer_size);	1422	size_t buffer_size);
1423	void (inode_getsecid)(const struct inode inode, u32 *secid);	1423	void (inode_getsecid)(struct inode inode, u32 *secid);
1424		1424
1425	int (file_permission)(struct file file, int mask);	1425	int (file_permission)(struct file file, int mask);
1426	int (file_alloc_security)(struct file file);	1426	int (file_alloc_security)(struct file file);


diff --git a/include/linux/security.h b/include/linux/security.h index 9ee61b264b23..e79149a06454 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -273,7 +273,7 @@ int security_inode_killpriv(struct dentry *dentry);
273	int security_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc);	273	int security_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc);
274	int security_inode_setsecurity(struct inode inode, const char name, const void *value, size_t size, int flags);	274	int security_inode_setsecurity(struct inode inode, const char name, const void *value, size_t size, int flags);
275	int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size);	275	int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size);
276	void security_inode_getsecid(const struct inode inode, u32 secid);	276	void security_inode_getsecid(struct inode inode, u32 secid);
277	int security_file_permission(struct file *file, int mask);	277	int security_file_permission(struct file *file, int mask);
278	int security_file_alloc(struct file *file);	278	int security_file_alloc(struct file *file);
279	void security_file_free(struct file *file);	279	void security_file_free(struct file *file);
@@ -734,7 +734,7 @@ static inline int security_inode_listsecurity(struct inode inode, char buffer,
734	return 0;	734	return 0;
735	}	735	}
736		736
737	static inline void security_inode_getsecid(const struct inode inode, u32 secid)	737	static inline void security_inode_getsecid(struct inode inode, u32 secid)
738	{	738	{
739	*secid = 0;	739	*secid = 0;
740	}	740	}


diff --git a/kernel/audit.c b/kernel/audit.c index 5ffcbd354a52..bc2ff61bc1d6 100644 --- a/kernel/audit.c +++ b/kernel/audit.c
@@ -1722,7 +1722,7 @@ static inline int audit_copy_fcaps(struct audit_names *name,
1722		1722
1723	/* Copy inode data into an audit_names. */	1723	/* Copy inode data into an audit_names. */
1724	void audit_copy_inode(struct audit_names name, const struct dentry dentry,	1724	void audit_copy_inode(struct audit_names name, const struct dentry dentry,
1725	const struct inode *inode)	1725	struct inode *inode)
1726	{	1726	{
1727	name->ino = inode->i_ino;	1727	name->ino = inode->i_ino;
1728	name->dev = inode->i_sb->s_dev;	1728	name->dev = inode->i_sb->s_dev;


diff --git a/kernel/audit.h b/kernel/audit.h index de6cbb7cf547..cbbe6bb6496e 100644 --- a/kernel/audit.h +++ b/kernel/audit.h
@@ -207,7 +207,7 @@ extern u32 audit_ever_enabled;
207		207
208	extern void audit_copy_inode(struct audit_names *name,	208	extern void audit_copy_inode(struct audit_names *name,
209	const struct dentry *dentry,	209	const struct dentry *dentry,
210	const struct inode *inode);	210	struct inode *inode);
211	extern void audit_log_cap(struct audit_buffer ab, char prefix,	211	extern void audit_log_cap(struct audit_buffer ab, char prefix,
212	kernel_cap_t *cap);	212	kernel_cap_t *cap);
213	extern void audit_log_name(struct audit_context *context,	213	extern void audit_log_name(struct audit_context *context,


diff --git a/kernel/auditsc.c b/kernel/auditsc.c index b86cc04959de..195ffaee50b9 100644 --- a/kernel/auditsc.c +++ b/kernel/auditsc.c
@@ -1754,7 +1754,7 @@ void __audit_inode(struct filename name, const struct dentry dentry,
1754	unsigned int flags)	1754	unsigned int flags)
1755	{	1755	{
1756	struct audit_context *context = current->audit_context;	1756	struct audit_context *context = current->audit_context;
1757	const struct inode *inode = d_backing_inode(dentry);	1757	struct inode *inode = d_backing_inode(dentry);
1758	struct audit_names *n;	1758	struct audit_names *n;
1759	bool parent = flags & AUDIT_INODE_PARENT;	1759	bool parent = flags & AUDIT_INODE_PARENT;
1760		1760
@@ -1848,12 +1848,12 @@ void __audit_file(const struct file *file)
1848	* must be hooked prior, in order to capture the target inode during	1848	* must be hooked prior, in order to capture the target inode during
1849	* unsuccessful attempts.	1849	* unsuccessful attempts.
1850	*/	1850	*/
1851	void __audit_inode_child(const struct inode *parent,	1851	void __audit_inode_child(struct inode *parent,
1852	const struct dentry *dentry,	1852	const struct dentry *dentry,
1853	const unsigned char type)	1853	const unsigned char type)
1854	{	1854	{
1855	struct audit_context *context = current->audit_context;	1855	struct audit_context *context = current->audit_context;
1856	const struct inode *inode = d_backing_inode(dentry);	1856	struct inode *inode = d_backing_inode(dentry);
1857	const char *dname = dentry->d_name.name;	1857	const char *dname = dentry->d_name.name;
1858	struct audit_names n, found_parent = NULL, *found_child = NULL;	1858	struct audit_names n, found_parent = NULL, *found_child = NULL;
1859		1859


diff --git a/security/security.c b/security/security.c index 73514c91d87f..c5beb7e90721 100644 --- a/security/security.c +++ b/security/security.c
@@ -721,7 +721,7 @@ int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer
721	}	721	}
722	EXPORT_SYMBOL(security_inode_listsecurity);	722	EXPORT_SYMBOL(security_inode_listsecurity);
723		723
724	void security_inode_getsecid(const struct inode inode, u32 secid)	724	void security_inode_getsecid(struct inode inode, u32 secid)
725	{	725	{
726	call_void_hook(inode_getsecid, inode, secid);	726	call_void_hook(inode_getsecid, inode, secid);
727	}	727	}


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 2e40c9c4e12c..19a8f1500a7e 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -3180,7 +3180,7 @@ static int selinux_inode_listsecurity(struct inode inode, char buffer, size_t
3180	return len;	3180	return len;
3181	}	3181	}
3182		3182
3183	static void selinux_inode_getsecid(const struct inode inode, u32 secid)	3183	static void selinux_inode_getsecid(struct inode inode, u32 secid)
3184	{	3184	{
3185	struct inode_security_struct *isec = inode->i_security;	3185	struct inode_security_struct *isec = inode->i_security;
3186	*secid = isec->sid;	3186	*secid = isec->sid;


diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index f0e694bccfd4..ac7436f1bc2b 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -1538,7 +1538,7 @@ static int smack_inode_listsecurity(struct inode inode, char buffer,
1538	* @inode: inode to extract the info from	1538	* @inode: inode to extract the info from
1539	* @secid: where result will be saved	1539	* @secid: where result will be saved
1540	*/	1540	*/
1541	static void smack_inode_getsecid(const struct inode inode, u32 secid)	1541	static void smack_inode_getsecid(struct inode inode, u32 secid)
1542	{	1542	{
1543	struct inode_smack *isp = inode->i_security;	1543	struct inode_smack *isp = inode->i_security;
1544		1544