aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/xattr.c41
-rw-r--r--include/linux/security.h43
-rw-r--r--include/linux/syscalls.h30
-rw-r--r--include/linux/xattr.h6
-rw-r--r--security/commoncap.c6
-rw-r--r--security/dummy.c13
-rw-r--r--security/security.c12
-rw-r--r--security/selinux/hooks.c14
-rw-r--r--security/selinux/include/security.h2
-rw-r--r--security/selinux/ss/services.c4
-rw-r--r--security/smack/smack_lsm.c12
11 files changed, 96 insertions, 87 deletions
diff --git a/fs/xattr.c b/fs/xattr.c
index 89a942f07e1b..4706a8b1f495 100644
--- a/fs/xattr.c
+++ b/fs/xattr.c
@@ -67,7 +67,7 @@ xattr_permission(struct inode *inode, const char *name, int mask)
67} 67}
68 68
69int 69int
70vfs_setxattr(struct dentry *dentry, char *name, void *value, 70vfs_setxattr(struct dentry *dentry, const char *name, const void *value,
71 size_t size, int flags) 71 size_t size, int flags)
72{ 72{
73 struct inode *inode = dentry->d_inode; 73 struct inode *inode = dentry->d_inode;
@@ -131,7 +131,7 @@ out_noalloc:
131EXPORT_SYMBOL_GPL(xattr_getsecurity); 131EXPORT_SYMBOL_GPL(xattr_getsecurity);
132 132
133ssize_t 133ssize_t
134vfs_getxattr(struct dentry *dentry, char *name, void *value, size_t size) 134vfs_getxattr(struct dentry *dentry, const char *name, void *value, size_t size)
135{ 135{
136 struct inode *inode = dentry->d_inode; 136 struct inode *inode = dentry->d_inode;
137 int error; 137 int error;
@@ -187,7 +187,7 @@ vfs_listxattr(struct dentry *d, char *list, size_t size)
187EXPORT_SYMBOL_GPL(vfs_listxattr); 187EXPORT_SYMBOL_GPL(vfs_listxattr);
188 188
189int 189int
190vfs_removexattr(struct dentry *dentry, char *name) 190vfs_removexattr(struct dentry *dentry, const char *name)
191{ 191{
192 struct inode *inode = dentry->d_inode; 192 struct inode *inode = dentry->d_inode;
193 int error; 193 int error;
@@ -218,7 +218,7 @@ EXPORT_SYMBOL_GPL(vfs_removexattr);
218 * Extended attribute SET operations 218 * Extended attribute SET operations
219 */ 219 */
220static long 220static long
221setxattr(struct dentry *d, char __user *name, void __user *value, 221setxattr(struct dentry *d, const char __user *name, const void __user *value,
222 size_t size, int flags) 222 size_t size, int flags)
223{ 223{
224 int error; 224 int error;
@@ -252,8 +252,8 @@ setxattr(struct dentry *d, char __user *name, void __user *value,
252} 252}
253 253
254asmlinkage long 254asmlinkage long
255sys_setxattr(char __user *path, char __user *name, void __user *value, 255sys_setxattr(const char __user *path, const char __user *name,
256 size_t size, int flags) 256 const void __user *value, size_t size, int flags)
257{ 257{
258 struct nameidata nd; 258 struct nameidata nd;
259 int error; 259 int error;
@@ -271,8 +271,8 @@ sys_setxattr(char __user *path, char __user *name, void __user *value,
271} 271}
272 272
273asmlinkage long 273asmlinkage long
274sys_lsetxattr(char __user *path, char __user *name, void __user *value, 274sys_lsetxattr(const char __user *path, const char __user *name,
275 size_t size, int flags) 275 const void __user *value, size_t size, int flags)
276{ 276{
277 struct nameidata nd; 277 struct nameidata nd;
278 int error; 278 int error;
@@ -290,7 +290,7 @@ sys_lsetxattr(char __user *path, char __user *name, void __user *value,
290} 290}
291 291
292asmlinkage long 292asmlinkage long
293sys_fsetxattr(int fd, char __user *name, void __user *value, 293sys_fsetxattr(int fd, const char __user *name, const void __user *value,
294 size_t size, int flags) 294 size_t size, int flags)
295{ 295{
296 struct file *f; 296 struct file *f;
@@ -315,7 +315,8 @@ sys_fsetxattr(int fd, char __user *name, void __user *value,
315 * Extended attribute GET operations 315 * Extended attribute GET operations
316 */ 316 */
317static ssize_t 317static ssize_t
318getxattr(struct dentry *d, char __user *name, void __user *value, size_t size) 318getxattr(struct dentry *d, const char __user *name, void __user *value,
319 size_t size)
319{ 320{
320 ssize_t error; 321 ssize_t error;
321 void *kvalue = NULL; 322 void *kvalue = NULL;
@@ -349,8 +350,8 @@ getxattr(struct dentry *d, char __user *name, void __user *value, size_t size)
349} 350}
350 351
351asmlinkage ssize_t 352asmlinkage ssize_t
352sys_getxattr(char __user *path, char __user *name, void __user *value, 353sys_getxattr(const char __user *path, const char __user *name,
353 size_t size) 354 void __user *value, size_t size)
354{ 355{
355 struct nameidata nd; 356 struct nameidata nd;
356 ssize_t error; 357 ssize_t error;
@@ -364,7 +365,7 @@ sys_getxattr(char __user *path, char __user *name, void __user *value,
364} 365}
365 366
366asmlinkage ssize_t 367asmlinkage ssize_t
367sys_lgetxattr(char __user *path, char __user *name, void __user *value, 368sys_lgetxattr(const char __user *path, const char __user *name, void __user *value,
368 size_t size) 369 size_t size)
369{ 370{
370 struct nameidata nd; 371 struct nameidata nd;
@@ -379,7 +380,7 @@ sys_lgetxattr(char __user *path, char __user *name, void __user *value,
379} 380}
380 381
381asmlinkage ssize_t 382asmlinkage ssize_t
382sys_fgetxattr(int fd, char __user *name, void __user *value, size_t size) 383sys_fgetxattr(int fd, const char __user *name, void __user *value, size_t size)
383{ 384{
384 struct file *f; 385 struct file *f;
385 ssize_t error = -EBADF; 386 ssize_t error = -EBADF;
@@ -424,7 +425,7 @@ listxattr(struct dentry *d, char __user *list, size_t size)
424} 425}
425 426
426asmlinkage ssize_t 427asmlinkage ssize_t
427sys_listxattr(char __user *path, char __user *list, size_t size) 428sys_listxattr(const char __user *path, char __user *list, size_t size)
428{ 429{
429 struct nameidata nd; 430 struct nameidata nd;
430 ssize_t error; 431 ssize_t error;
@@ -438,7 +439,7 @@ sys_listxattr(char __user *path, char __user *list, size_t size)
438} 439}
439 440
440asmlinkage ssize_t 441asmlinkage ssize_t
441sys_llistxattr(char __user *path, char __user *list, size_t size) 442sys_llistxattr(const char __user *path, char __user *list, size_t size)
442{ 443{
443 struct nameidata nd; 444 struct nameidata nd;
444 ssize_t error; 445 ssize_t error;
@@ -470,7 +471,7 @@ sys_flistxattr(int fd, char __user *list, size_t size)
470 * Extended attribute REMOVE operations 471 * Extended attribute REMOVE operations
471 */ 472 */
472static long 473static long
473removexattr(struct dentry *d, char __user *name) 474removexattr(struct dentry *d, const char __user *name)
474{ 475{
475 int error; 476 int error;
476 char kname[XATTR_NAME_MAX + 1]; 477 char kname[XATTR_NAME_MAX + 1];
@@ -485,7 +486,7 @@ removexattr(struct dentry *d, char __user *name)
485} 486}
486 487
487asmlinkage long 488asmlinkage long
488sys_removexattr(char __user *path, char __user *name) 489sys_removexattr(const char __user *path, const char __user *name)
489{ 490{
490 struct nameidata nd; 491 struct nameidata nd;
491 int error; 492 int error;
@@ -503,7 +504,7 @@ sys_removexattr(char __user *path, char __user *name)
503} 504}
504 505
505asmlinkage long 506asmlinkage long
506sys_lremovexattr(char __user *path, char __user *name) 507sys_lremovexattr(const char __user *path, const char __user *name)
507{ 508{
508 struct nameidata nd; 509 struct nameidata nd;
509 int error; 510 int error;
@@ -521,7 +522,7 @@ sys_lremovexattr(char __user *path, char __user *name)
521} 522}
522 523
523asmlinkage long 524asmlinkage long
524sys_fremovexattr(int fd, char __user *name) 525sys_fremovexattr(int fd, const char __user *name)
525{ 526{
526 struct file *f; 527 struct file *f;
527 struct dentry *dentry; 528 struct dentry *dentry;
diff --git a/include/linux/security.h b/include/linux/security.h
index d0a28fd1747a..3ebcdd00b17d 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -53,8 +53,9 @@ extern void cap_capset_set(struct task_struct *target, kernel_cap_t *effective,
53extern int cap_bprm_set_security(struct linux_binprm *bprm); 53extern int cap_bprm_set_security(struct linux_binprm *bprm);
54extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); 54extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
55extern int cap_bprm_secureexec(struct linux_binprm *bprm); 55extern int cap_bprm_secureexec(struct linux_binprm *bprm);
56extern int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags); 56extern int cap_inode_setxattr(struct dentry *dentry, const char *name,
57extern int cap_inode_removexattr(struct dentry *dentry, char *name); 57 const void *value, size_t size, int flags);
58extern int cap_inode_removexattr(struct dentry *dentry, const char *name);
58extern int cap_inode_need_killpriv(struct dentry *dentry); 59extern int cap_inode_need_killpriv(struct dentry *dentry);
59extern int cap_inode_killpriv(struct dentry *dentry); 60extern int cap_inode_killpriv(struct dentry *dentry);
60extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags); 61extern int cap_task_post_setuid(uid_t old_ruid, uid_t old_euid, uid_t old_suid, int flags);
@@ -1362,13 +1363,13 @@ struct security_operations {
1362 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr); 1363 int (*inode_setattr) (struct dentry *dentry, struct iattr *attr);
1363 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry); 1364 int (*inode_getattr) (struct vfsmount *mnt, struct dentry *dentry);
1364 void (*inode_delete) (struct inode *inode); 1365 void (*inode_delete) (struct inode *inode);
1365 int (*inode_setxattr) (struct dentry *dentry, char *name, void *value, 1366 int (*inode_setxattr) (struct dentry *dentry, const char *name,
1366 size_t size, int flags); 1367 const void *value, size_t size, int flags);
1367 void (*inode_post_setxattr) (struct dentry *dentry, char *name, void *value, 1368 void (*inode_post_setxattr) (struct dentry *dentry, const char *name,
1368 size_t size, int flags); 1369 const void *value, size_t size, int flags);
1369 int (*inode_getxattr) (struct dentry *dentry, char *name); 1370 int (*inode_getxattr) (struct dentry *dentry, const char *name);
1370 int (*inode_listxattr) (struct dentry *dentry); 1371 int (*inode_listxattr) (struct dentry *dentry);
1371 int (*inode_removexattr) (struct dentry *dentry, char *name); 1372 int (*inode_removexattr) (struct dentry *dentry, const char *name);
1372 int (*inode_need_killpriv) (struct dentry *dentry); 1373 int (*inode_need_killpriv) (struct dentry *dentry);
1373 int (*inode_killpriv) (struct dentry *dentry); 1374 int (*inode_killpriv) (struct dentry *dentry);
1374 int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc); 1375 int (*inode_getsecurity) (const struct inode *inode, const char *name, void **buffer, bool alloc);
@@ -1633,13 +1634,13 @@ int security_inode_permission(struct inode *inode, int mask, struct nameidata *n
1633int security_inode_setattr(struct dentry *dentry, struct iattr *attr); 1634int security_inode_setattr(struct dentry *dentry, struct iattr *attr);
1634int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry); 1635int security_inode_getattr(struct vfsmount *mnt, struct dentry *dentry);
1635void security_inode_delete(struct inode *inode); 1636void security_inode_delete(struct inode *inode);
1636int security_inode_setxattr(struct dentry *dentry, char *name, 1637int security_inode_setxattr(struct dentry *dentry, const char *name,
1637 void *value, size_t size, int flags); 1638 const void *value, size_t size, int flags);
1638void security_inode_post_setxattr(struct dentry *dentry, char *name, 1639void security_inode_post_setxattr(struct dentry *dentry, const char *name,
1639 void *value, size_t size, int flags); 1640 const void *value, size_t size, int flags);
1640int security_inode_getxattr(struct dentry *dentry, char *name); 1641int security_inode_getxattr(struct dentry *dentry, const char *name);
1641int security_inode_listxattr(struct dentry *dentry); 1642int security_inode_listxattr(struct dentry *dentry);
1642int security_inode_removexattr(struct dentry *dentry, char *name); 1643int security_inode_removexattr(struct dentry *dentry, const char *name);
1643int security_inode_need_killpriv(struct dentry *dentry); 1644int security_inode_need_killpriv(struct dentry *dentry);
1644int security_inode_killpriv(struct dentry *dentry); 1645int security_inode_killpriv(struct dentry *dentry);
1645int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc); 1646int security_inode_getsecurity(const struct inode *inode, const char *name, void **buffer, bool alloc);
@@ -2041,17 +2042,18 @@ static inline int security_inode_getattr(struct vfsmount *mnt,
2041static inline void security_inode_delete(struct inode *inode) 2042static inline void security_inode_delete(struct inode *inode)
2042{ } 2043{ }
2043 2044
2044static inline int security_inode_setxattr(struct dentry *dentry, char *name, 2045static inline int security_inode_setxattr(struct dentry *dentry,
2045 void *value, size_t size, int flags) 2046 const char *name, const void *value, size_t size, int flags)
2046{ 2047{
2047 return cap_inode_setxattr(dentry, name, value, size, flags); 2048 return cap_inode_setxattr(dentry, name, value, size, flags);
2048} 2049}
2049 2050
2050static inline void security_inode_post_setxattr(struct dentry *dentry, char *name, 2051static inline void security_inode_post_setxattr(struct dentry *dentry,
2051 void *value, size_t size, int flags) 2052 const char *name, const void *value, size_t size, int flags)
2052{ } 2053{ }
2053 2054
2054static inline int security_inode_getxattr(struct dentry *dentry, char *name) 2055static inline int security_inode_getxattr(struct dentry *dentry,
2056 const char *name)
2055{ 2057{
2056 return 0; 2058 return 0;
2057} 2059}
@@ -2061,7 +2063,8 @@ static inline int security_inode_listxattr(struct dentry *dentry)
2061 return 0; 2063 return 0;
2062} 2064}
2063 2065
2064static inline int security_inode_removexattr(struct dentry *dentry, char *name) 2066static inline int security_inode_removexattr(struct dentry *dentry,
2067 const char *name)
2065{ 2068{
2066 return cap_inode_removexattr(dentry, name); 2069 return cap_inode_removexattr(dentry, name);
2067} 2070}
diff --git a/include/linux/syscalls.h b/include/linux/syscalls.h
index 8df6d1382ac8..0522f368f9d7 100644
--- a/include/linux/syscalls.h
+++ b/include/linux/syscalls.h
@@ -240,26 +240,28 @@ asmlinkage long sys_truncate64(const char __user *path, loff_t length);
240asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length); 240asmlinkage long sys_ftruncate64(unsigned int fd, loff_t length);
241#endif 241#endif
242 242
243asmlinkage long sys_setxattr(char __user *path, char __user *name, 243asmlinkage long sys_setxattr(const char __user *path, const char __user *name,
244 void __user *value, size_t size, int flags); 244 const void __user *value, size_t size, int flags);
245asmlinkage long sys_lsetxattr(char __user *path, char __user *name, 245asmlinkage long sys_lsetxattr(const char __user *path, const char __user *name,
246 void __user *value, size_t size, int flags); 246 const void __user *value, size_t size, int flags);
247asmlinkage long sys_fsetxattr(int fd, char __user *name, void __user *value, 247asmlinkage long sys_fsetxattr(int fd, const char __user *name,
248 size_t size, int flags); 248 const void __user *value, size_t size, int flags);
249asmlinkage ssize_t sys_getxattr(char __user *path, char __user *name, 249asmlinkage ssize_t sys_getxattr(const char __user *path, const char __user *name,
250 void __user *value, size_t size); 250 void __user *value, size_t size);
251asmlinkage ssize_t sys_lgetxattr(char __user *path, char __user *name, 251asmlinkage ssize_t sys_lgetxattr(const char __user *path, const char __user *name,
252 void __user *value, size_t size); 252 void __user *value, size_t size);
253asmlinkage ssize_t sys_fgetxattr(int fd, char __user *name, 253asmlinkage ssize_t sys_fgetxattr(int fd, const char __user *name,
254 void __user *value, size_t size); 254 void __user *value, size_t size);
255asmlinkage ssize_t sys_listxattr(char __user *path, char __user *list, 255asmlinkage ssize_t sys_listxattr(const char __user *path, char __user *list,
256 size_t size); 256 size_t size);
257asmlinkage ssize_t sys_llistxattr(char __user *path, char __user *list, 257asmlinkage ssize_t sys_llistxattr(const char __user *path, char __user *list,
258 size_t size); 258 size_t size);
259asmlinkage ssize_t sys_flistxattr(int fd, char __user *list, size_t size); 259asmlinkage ssize_t sys_flistxattr(int fd, char __user *list, size_t size);
260asmlinkage long sys_removexattr(char __user *path, char __user *name); 260asmlinkage long sys_removexattr(const char __user *path,
261asmlinkage long sys_lremovexattr(char __user *path, char __user *name); 261 const char __user *name);
262asmlinkage long sys_fremovexattr(int fd, char __user *name); 262asmlinkage long sys_lremovexattr(const char __user *path,
263 const char __user *name);
264asmlinkage long sys_fremovexattr(int fd, const char __user *name);
263 265
264asmlinkage unsigned long sys_brk(unsigned long brk); 266asmlinkage unsigned long sys_brk(unsigned long brk);
265asmlinkage long sys_mprotect(unsigned long start, size_t len, 267asmlinkage long sys_mprotect(unsigned long start, size_t len,
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index df6b95d2218e..d131e352cfe1 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -47,10 +47,10 @@ struct xattr_handler {
47}; 47};
48 48
49ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t); 49ssize_t xattr_getsecurity(struct inode *, const char *, void *, size_t);
50ssize_t vfs_getxattr(struct dentry *, char *, void *, size_t); 50ssize_t vfs_getxattr(struct dentry *, const char *, void *, size_t);
51ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size); 51ssize_t vfs_listxattr(struct dentry *d, char *list, size_t size);
52int vfs_setxattr(struct dentry *, char *, void *, size_t, int); 52int vfs_setxattr(struct dentry *, const char *, const void *, size_t, int);
53int vfs_removexattr(struct dentry *, char *); 53int vfs_removexattr(struct dentry *, const char *);
54 54
55ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size); 55ssize_t generic_getxattr(struct dentry *dentry, const char *name, void *buffer, size_t size);
56ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size); 56ssize_t generic_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size);
diff --git a/security/commoncap.c b/security/commoncap.c
index e8c3f5e46705..5edabc7542ae 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -383,8 +383,8 @@ int cap_bprm_secureexec (struct linux_binprm *bprm)
383 current->egid != current->gid); 383 current->egid != current->gid);
384} 384}
385 385
386int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, 386int cap_inode_setxattr(struct dentry *dentry, const char *name,
387 size_t size, int flags) 387 const void *value, size_t size, int flags)
388{ 388{
389 if (!strcmp(name, XATTR_NAME_CAPS)) { 389 if (!strcmp(name, XATTR_NAME_CAPS)) {
390 if (!capable(CAP_SETFCAP)) 390 if (!capable(CAP_SETFCAP))
@@ -397,7 +397,7 @@ int cap_inode_setxattr(struct dentry *dentry, char *name, void *value,
397 return 0; 397 return 0;
398} 398}
399 399
400int cap_inode_removexattr(struct dentry *dentry, char *name) 400int cap_inode_removexattr(struct dentry *dentry, const char *name)
401{ 401{
402 if (!strcmp(name, XATTR_NAME_CAPS)) { 402 if (!strcmp(name, XATTR_NAME_CAPS)) {
403 if (!capable(CAP_SETFCAP)) 403 if (!capable(CAP_SETFCAP))
diff --git a/security/dummy.c b/security/dummy.c
index 58d4dd1af5c7..26ee06ef0e93 100644
--- a/security/dummy.c
+++ b/security/dummy.c
@@ -365,8 +365,8 @@ static void dummy_inode_delete (struct inode *ino)
365 return; 365 return;
366} 366}
367 367
368static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value, 368static int dummy_inode_setxattr (struct dentry *dentry, const char *name,
369 size_t size, int flags) 369 const void *value, size_t size, int flags)
370{ 370{
371 if (!strncmp(name, XATTR_SECURITY_PREFIX, 371 if (!strncmp(name, XATTR_SECURITY_PREFIX,
372 sizeof(XATTR_SECURITY_PREFIX) - 1) && 372 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
@@ -375,12 +375,13 @@ static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value,
375 return 0; 375 return 0;
376} 376}
377 377
378static void dummy_inode_post_setxattr (struct dentry *dentry, char *name, void *value, 378static void dummy_inode_post_setxattr (struct dentry *dentry, const char *name,
379 size_t size, int flags) 379 const void *value, size_t size,
380 int flags)
380{ 381{
381} 382}
382 383
383static int dummy_inode_getxattr (struct dentry *dentry, char *name) 384static int dummy_inode_getxattr (struct dentry *dentry, const char *name)
384{ 385{
385 return 0; 386 return 0;
386} 387}
@@ -390,7 +391,7 @@ static int dummy_inode_listxattr (struct dentry *dentry)
390 return 0; 391 return 0;
391} 392}
392 393
393static int dummy_inode_removexattr (struct dentry *dentry, char *name) 394static int dummy_inode_removexattr (struct dentry *dentry, const char *name)
394{ 395{
395 if (!strncmp(name, XATTR_SECURITY_PREFIX, 396 if (!strncmp(name, XATTR_SECURITY_PREFIX,
396 sizeof(XATTR_SECURITY_PREFIX) - 1) && 397 sizeof(XATTR_SECURITY_PREFIX) - 1) &&
diff --git a/security/security.c b/security/security.c
index d5cb5898d967..a809035441ab 100644
--- a/security/security.c
+++ b/security/security.c
@@ -491,23 +491,23 @@ void security_inode_delete(struct inode *inode)
491 security_ops->inode_delete(inode); 491 security_ops->inode_delete(inode);
492} 492}
493 493
494int security_inode_setxattr(struct dentry *dentry, char *name, 494int security_inode_setxattr(struct dentry *dentry, const char *name,
495 void *value, size_t size, int flags) 495 const void *value, size_t size, int flags)
496{ 496{
497 if (unlikely(IS_PRIVATE(dentry->d_inode))) 497 if (unlikely(IS_PRIVATE(dentry->d_inode)))
498 return 0; 498 return 0;
499 return security_ops->inode_setxattr(dentry, name, value, size, flags); 499 return security_ops->inode_setxattr(dentry, name, value, size, flags);
500} 500}
501 501
502void security_inode_post_setxattr(struct dentry *dentry, char *name, 502void security_inode_post_setxattr(struct dentry *dentry, const char *name,
503 void *value, size_t size, int flags) 503 const void *value, size_t size, int flags)
504{ 504{
505 if (unlikely(IS_PRIVATE(dentry->d_inode))) 505 if (unlikely(IS_PRIVATE(dentry->d_inode)))
506 return; 506 return;
507 security_ops->inode_post_setxattr(dentry, name, value, size, flags); 507 security_ops->inode_post_setxattr(dentry, name, value, size, flags);
508} 508}
509 509
510int security_inode_getxattr(struct dentry *dentry, char *name) 510int security_inode_getxattr(struct dentry *dentry, const char *name)
511{ 511{
512 if (unlikely(IS_PRIVATE(dentry->d_inode))) 512 if (unlikely(IS_PRIVATE(dentry->d_inode)))
513 return 0; 513 return 0;
@@ -521,7 +521,7 @@ int security_inode_listxattr(struct dentry *dentry)
521 return security_ops->inode_listxattr(dentry); 521 return security_ops->inode_listxattr(dentry);
522} 522}
523 523
524int security_inode_removexattr(struct dentry *dentry, char *name) 524int security_inode_removexattr(struct dentry *dentry, const char *name)
525{ 525{
526 if (unlikely(IS_PRIVATE(dentry->d_inode))) 526 if (unlikely(IS_PRIVATE(dentry->d_inode)))
527 return 0; 527 return 0;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 04acb5af8317..047365ac9faa 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2619,7 +2619,7 @@ static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
2619 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); 2619 return dentry_has_perm(current, mnt, dentry, FILE__GETATTR);
2620} 2620}
2621 2621
2622static int selinux_inode_setotherxattr(struct dentry *dentry, char *name) 2622static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name)
2623{ 2623{
2624 if (!strncmp(name, XATTR_SECURITY_PREFIX, 2624 if (!strncmp(name, XATTR_SECURITY_PREFIX,
2625 sizeof XATTR_SECURITY_PREFIX - 1)) { 2625 sizeof XATTR_SECURITY_PREFIX - 1)) {
@@ -2638,7 +2638,8 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, char *name)
2638 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); 2638 return dentry_has_perm(current, NULL, dentry, FILE__SETATTR);
2639} 2639}
2640 2640
2641static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) 2641static int selinux_inode_setxattr(struct dentry *dentry, const char *name,
2642 const void *value, size_t size, int flags)
2642{ 2643{
2643 struct task_security_struct *tsec = current->security; 2644 struct task_security_struct *tsec = current->security;
2644 struct inode *inode = dentry->d_inode; 2645 struct inode *inode = dentry->d_inode;
@@ -2687,8 +2688,9 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value
2687 &ad); 2688 &ad);
2688} 2689}
2689 2690
2690static void selinux_inode_post_setxattr(struct dentry *dentry, char *name, 2691static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name,
2691 void *value, size_t size, int flags) 2692 const void *value, size_t size,
2693 int flags)
2692{ 2694{
2693 struct inode *inode = dentry->d_inode; 2695 struct inode *inode = dentry->d_inode;
2694 struct inode_security_struct *isec = inode->i_security; 2696 struct inode_security_struct *isec = inode->i_security;
@@ -2711,7 +2713,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, char *name,
2711 return; 2713 return;
2712} 2714}
2713 2715
2714static int selinux_inode_getxattr(struct dentry *dentry, char *name) 2716static int selinux_inode_getxattr(struct dentry *dentry, const char *name)
2715{ 2717{
2716 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2718 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2717} 2719}
@@ -2721,7 +2723,7 @@ static int selinux_inode_listxattr(struct dentry *dentry)
2721 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); 2723 return dentry_has_perm(current, NULL, dentry, FILE__GETATTR);
2722} 2724}
2723 2725
2724static int selinux_inode_removexattr(struct dentry *dentry, char *name) 2726static int selinux_inode_removexattr(struct dentry *dentry, const char *name)
2725{ 2727{
2726 if (strcmp(name, XATTR_NAME_SELINUX)) 2728 if (strcmp(name, XATTR_NAME_SELINUX))
2727 return selinux_inode_setotherxattr(dentry, name); 2729 return selinux_inode_setotherxattr(dentry, name);
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 6445b6440648..cdb14add27d2 100644
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -93,7 +93,7 @@ int security_change_sid(u32 ssid, u32 tsid,
93int security_sid_to_context(u32 sid, char **scontext, 93int security_sid_to_context(u32 sid, char **scontext,
94 u32 *scontext_len); 94 u32 *scontext_len);
95 95
96int security_context_to_sid(char *scontext, u32 scontext_len, 96int security_context_to_sid(const char *scontext, u32 scontext_len,
97 u32 *out_sid); 97 u32 *out_sid);
98 98
99int security_context_to_sid_default(char *scontext, u32 scontext_len, 99int security_context_to_sid_default(char *scontext, u32 scontext_len,
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 2daaddbb301d..25cac5a2aa8e 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -708,7 +708,7 @@ out:
708 708
709} 709}
710 710
711static int security_context_to_sid_core(char *scontext, u32 scontext_len, 711static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
712 u32 *sid, u32 def_sid, gfp_t gfp_flags) 712 u32 *sid, u32 def_sid, gfp_t gfp_flags)
713{ 713{
714 char *scontext2; 714 char *scontext2;
@@ -835,7 +835,7 @@ out:
835 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient 835 * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient
836 * memory is available, or 0 on success. 836 * memory is available, or 0 on success.
837 */ 837 */
838int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) 838int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid)
839{ 839{
840 return security_context_to_sid_core(scontext, scontext_len, 840 return security_context_to_sid_core(scontext, scontext_len,
841 sid, SECSID_NULL, GFP_KERNEL); 841 sid, SECSID_NULL, GFP_KERNEL);
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 77ec16a3b68b..5d2ec5650e61 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -574,8 +574,8 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
574 * 574 *
575 * Returns 0 if access is permitted, an error code otherwise 575 * Returns 0 if access is permitted, an error code otherwise
576 */ 576 */
577static int smack_inode_setxattr(struct dentry *dentry, char *name, 577static int smack_inode_setxattr(struct dentry *dentry, const char *name,
578 void *value, size_t size, int flags) 578 const void *value, size_t size, int flags)
579{ 579{
580 int rc = 0; 580 int rc = 0;
581 581
@@ -604,8 +604,8 @@ static int smack_inode_setxattr(struct dentry *dentry, char *name,
604 * Set the pointer in the inode blob to the entry found 604 * Set the pointer in the inode blob to the entry found
605 * in the master label list. 605 * in the master label list.
606 */ 606 */
607static void smack_inode_post_setxattr(struct dentry *dentry, char *name, 607static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
608 void *value, size_t size, int flags) 608 const void *value, size_t size, int flags)
609{ 609{
610 struct inode_smack *isp; 610 struct inode_smack *isp;
611 char *nsp; 611 char *nsp;
@@ -641,7 +641,7 @@ static void smack_inode_post_setxattr(struct dentry *dentry, char *name,
641 * 641 *
642 * Returns 0 if access is permitted, an error code otherwise 642 * Returns 0 if access is permitted, an error code otherwise
643 */ 643 */
644static int smack_inode_getxattr(struct dentry *dentry, char *name) 644static int smack_inode_getxattr(struct dentry *dentry, const char *name)
645{ 645{
646 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); 646 return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
647} 647}
@@ -655,7 +655,7 @@ static int smack_inode_getxattr(struct dentry *dentry, char *name)
655 * 655 *
656 * Returns 0 if access is permitted, an error code otherwise 656 * Returns 0 if access is permitted, an error code otherwise
657 */ 657 */
658static int smack_inode_removexattr(struct dentry *dentry, char *name) 658static int smack_inode_removexattr(struct dentry *dentry, const char *name)
659{ 659{
660 int rc = 0; 660 int rc = 0;
661 661
generated by cgit v1.2.2 (git 2.25.0) at 2024-11-07 22:05:38 -0500