security: Make inode argument of inode_getsecurity non-const

Make the inode argument of the inode_getsecurity hook non-const so that we can use it to revalidate invalid security labels. Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Paul Moore <pmoore@redhat.com>
author: Andreas Gruenbacher <agruenba@redhat.com> 2015-12-24 11:09:39 -0500
committer: Paul Moore <pmoore@redhat.com> 2015-12-24 11:09:39 -0500
commit: ea861dfd9e0e7e044a6e65fa02a14b9159b568da (patch)
tree: 6769298c6df0c9de8f0d0860d49e04df5e41faf1
parent: a44ca52ca6bd10ce588102789dde33f9fd6569cf (diff)
5 files changed, 6 insertions, 6 deletions
diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index ec3a6bab29de..bdd0a3a8a0e4 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1413,7 +1413,7 @@ union security_list_options {
        int (*inode_removexattr)(struct dentry *dentry, const char *name);
        int (*inode_need_killpriv)(struct dentry *dentry);
        int (*inode_killpriv)(struct dentry *dentry);
-        int (*inode_getsecurity)(const struct inode *inode, const char *name,
+        int (*inode_getsecurity)(struct inode *inode, const char *name,
                                        void **buffer, bool alloc);
        int (*inode_setsecurity)(struct inode *inode, const char *name,
                                        const void *value, size_t size,
diff --git a/include/linux/security.h b/include/linux/security.h
index 2f4c1f7aa7db..9ee61b264b23 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -270,7 +270,7 @@ int security_inode_listxattr(struct dentry *dentry);
 int security_inode_removexattr(struct dentry *dentry, const char *name);
 int security_inode_need_killpriv(struct dentry *dentry);
 int security_inode_killpriv(struct dentry *dentry);
-int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
+int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc);
 int security_inode_setsecurity(struct inode *inode, const char *name, const void *value, size_t size, int flags);
 int security_inode_listsecurity(struct inode *inode, char *buffer, size_t buffer_size);
 void security_inode_getsecid(const struct inode *inode, u32 *secid);
@@ -719,7 +719,7 @@ static inline int security_inode_killpriv(struct dentry *dentry)
        return cap_inode_killpriv(dentry);
 }
-static inline int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
+static inline int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
 {
        return -EOPNOTSUPP;
 }
diff --git a/security/security.c b/security/security.c
index 46f405ce6b0f..73514c91d87f 100644
--- a/security/security.c
+++ b/security/security.c
@@ -697,7 +697,7 @@ int security_inode_killpriv(struct dentry *dentry)
        return call_int_hook(inode_killpriv, 0, dentry);
 }
-int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
+int security_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
 {
        if (unlikely(IS_PRIVATE(inode)))
                return -EOPNOTSUPP;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 714acadc027e..2e40c9c4e12c 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -3108,7 +3108,7 @@ static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
 *
 * Permission check is handled by selinux_inode_getxattr hook.
 */
-static int selinux_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc)
+static int selinux_inode_getsecurity(struct inode *inode, const char *name, void **buffer, bool alloc)
 {
        u32 size;
        int error;
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index ff81026f6ddb..f0e694bccfd4 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1465,7 +1465,7 @@ static int smack_inode_removexattr(struct dentry *dentry, const char *name)
 *
 * Returns the size of the attribute or an error code
 */
-static int smack_inode_getsecurity(const struct inode *inode,
+static int smack_inode_getsecurity(struct inode *inode,
                                   const char *name, void **buffer,
                                   bool alloc)
 {
author	Andreas Gruenbacher <agruenba@redhat.com>	2015-12-24 11:09:39 -0500
committer	Paul Moore <pmoore@redhat.com>	2015-12-24 11:09:39 -0500
commit	ea861dfd9e0e7e044a6e65fa02a14b9159b568da (patch)
tree	6769298c6df0c9de8f0d0860d49e04df5e41faf1
parent	a44ca52ca6bd10ce588102789dde33f9fd6569cf (diff)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h index ec3a6bab29de..bdd0a3a8a0e4 100644 --- a/include/linux/lsm_hooks.h +++ b/include/linux/lsm_hooks.h
@@ -1413,7 +1413,7 @@ union security_list_options {
1413	int (inode_removexattr)(struct dentry dentry, const char *name);	1413	int (inode_removexattr)(struct dentry dentry, const char *name);
1414	int (inode_need_killpriv)(struct dentry dentry);	1414	int (inode_need_killpriv)(struct dentry dentry);
1415	int (inode_killpriv)(struct dentry dentry);	1415	int (inode_killpriv)(struct dentry dentry);
1416	int (inode_getsecurity)(const struct inode inode, const char *name,	1416	int (inode_getsecurity)(struct inode inode, const char *name,
1417	void **buffer, bool alloc);	1417	void **buffer, bool alloc);
1418	int (inode_setsecurity)(struct inode inode, const char *name,	1418	int (inode_setsecurity)(struct inode inode, const char *name,
1419	const void *value, size_t size,	1419	const void *value, size_t size,


diff --git a/include/linux/security.h b/include/linux/security.h index 2f4c1f7aa7db..9ee61b264b23 100644 --- a/include/linux/security.h +++ b/include/linux/security.h
@@ -270,7 +270,7 @@ int security_inode_listxattr(struct dentry *dentry);
270	int security_inode_removexattr(struct dentry dentry, const char name);	270	int security_inode_removexattr(struct dentry dentry, const char name);
271	int security_inode_need_killpriv(struct dentry *dentry);	271	int security_inode_need_killpriv(struct dentry *dentry);
272	int security_inode_killpriv(struct dentry *dentry);	272	int security_inode_killpriv(struct dentry *dentry);
273	int security_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc);	273	int security_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc);
274	int security_inode_setsecurity(struct inode inode, const char name, const void *value, size_t size, int flags);	274	int security_inode_setsecurity(struct inode inode, const char name, const void *value, size_t size, int flags);
275	int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size);	275	int security_inode_listsecurity(struct inode inode, char buffer, size_t buffer_size);
276	void security_inode_getsecid(const struct inode inode, u32 secid);	276	void security_inode_getsecid(const struct inode inode, u32 secid);
@@ -719,7 +719,7 @@ static inline int security_inode_killpriv(struct dentry *dentry)
719	return cap_inode_killpriv(dentry);	719	return cap_inode_killpriv(dentry);
720	}	720	}
721		721
722	static inline int security_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc)	722	static inline int security_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc)
723	{	723	{
724	return -EOPNOTSUPP;	724	return -EOPNOTSUPP;
725	}	725	}


diff --git a/security/security.c b/security/security.c index 46f405ce6b0f..73514c91d87f 100644 --- a/security/security.c +++ b/security/security.c
@@ -697,7 +697,7 @@ int security_inode_killpriv(struct dentry *dentry)
697	return call_int_hook(inode_killpriv, 0, dentry);	697	return call_int_hook(inode_killpriv, 0, dentry);
698	}	698	}
699		699
700	int security_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc)	700	int security_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc)
701	{	701	{
702	if (unlikely(IS_PRIVATE(inode)))	702	if (unlikely(IS_PRIVATE(inode)))
703	return -EOPNOTSUPP;	703	return -EOPNOTSUPP;


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 714acadc027e..2e40c9c4e12c 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -3108,7 +3108,7 @@ static int selinux_inode_removexattr(struct dentry dentry, const char name)
3108	*	3108	*
3109	* Permission check is handled by selinux_inode_getxattr hook.	3109	* Permission check is handled by selinux_inode_getxattr hook.
3110	*/	3110	*/
3111	static int selinux_inode_getsecurity(const struct inode inode, const char name, void **buffer, bool alloc)	3111	static int selinux_inode_getsecurity(struct inode inode, const char name, void **buffer, bool alloc)
3112	{	3112	{
3113	u32 size;	3113	u32 size;
3114	int error;	3114	int error;


diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index ff81026f6ddb..f0e694bccfd4 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c
@@ -1465,7 +1465,7 @@ static int smack_inode_removexattr(struct dentry dentry, const char name)
1465	*	1465	*
1466	* Returns the size of the attribute or an error code	1466	* Returns the size of the attribute or an error code
1467	*/	1467	*/
1468	static int smack_inode_getsecurity(const struct inode *inode,	1468	static int smack_inode_getsecurity(struct inode *inode,
1469	const char name, void *buffer,	1469	const char name, void *buffer,
1470	bool alloc)	1470	bool alloc)
1471	{	1471	{