diff options
-rw-r--r-- | fs/ocfs2/xattr.h | 2 | ||||
-rw-r--r-- | include/linux/security.h | 8 | ||||
-rw-r--r-- | include/linux/xattr.h | 2 | ||||
-rw-r--r-- | include/uapi/linux/reiserfs_xattr.h | 2 | ||||
-rw-r--r-- | security/capability.c | 2 | ||||
-rw-r--r-- | security/integrity/evm/evm_main.c | 2 | ||||
-rw-r--r-- | security/security.c | 8 | ||||
-rw-r--r-- | security/selinux/hooks.c | 17 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 9 |
9 files changed, 21 insertions, 31 deletions
diff --git a/fs/ocfs2/xattr.h b/fs/ocfs2/xattr.h index e5c7f15465b4..19f134e896a9 100644 --- a/fs/ocfs2/xattr.h +++ b/fs/ocfs2/xattr.h | |||
@@ -32,7 +32,7 @@ enum ocfs2_xattr_type { | |||
32 | 32 | ||
33 | struct ocfs2_security_xattr_info { | 33 | struct ocfs2_security_xattr_info { |
34 | int enable; | 34 | int enable; |
35 | char *name; | 35 | const char *name; |
36 | void *value; | 36 | void *value; |
37 | size_t value_len; | 37 | size_t value_len; |
38 | }; | 38 | }; |
diff --git a/include/linux/security.h b/include/linux/security.h index 7ce53ae1266b..9d37e2b9d3ec 100644 --- a/include/linux/security.h +++ b/include/linux/security.h | |||
@@ -1492,7 +1492,7 @@ struct security_operations { | |||
1492 | int (*inode_alloc_security) (struct inode *inode); | 1492 | int (*inode_alloc_security) (struct inode *inode); |
1493 | void (*inode_free_security) (struct inode *inode); | 1493 | void (*inode_free_security) (struct inode *inode); |
1494 | int (*inode_init_security) (struct inode *inode, struct inode *dir, | 1494 | int (*inode_init_security) (struct inode *inode, struct inode *dir, |
1495 | const struct qstr *qstr, char **name, | 1495 | const struct qstr *qstr, const char **name, |
1496 | void **value, size_t *len); | 1496 | void **value, size_t *len); |
1497 | int (*inode_create) (struct inode *dir, | 1497 | int (*inode_create) (struct inode *dir, |
1498 | struct dentry *dentry, umode_t mode); | 1498 | struct dentry *dentry, umode_t mode); |
@@ -1770,7 +1770,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, | |||
1770 | const struct qstr *qstr, | 1770 | const struct qstr *qstr, |
1771 | initxattrs initxattrs, void *fs_data); | 1771 | initxattrs initxattrs, void *fs_data); |
1772 | int security_old_inode_init_security(struct inode *inode, struct inode *dir, | 1772 | int security_old_inode_init_security(struct inode *inode, struct inode *dir, |
1773 | const struct qstr *qstr, char **name, | 1773 | const struct qstr *qstr, const char **name, |
1774 | void **value, size_t *len); | 1774 | void **value, size_t *len); |
1775 | int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); | 1775 | int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); |
1776 | int security_inode_link(struct dentry *old_dentry, struct inode *dir, | 1776 | int security_inode_link(struct dentry *old_dentry, struct inode *dir, |
@@ -2094,8 +2094,8 @@ static inline int security_inode_init_security(struct inode *inode, | |||
2094 | static inline int security_old_inode_init_security(struct inode *inode, | 2094 | static inline int security_old_inode_init_security(struct inode *inode, |
2095 | struct inode *dir, | 2095 | struct inode *dir, |
2096 | const struct qstr *qstr, | 2096 | const struct qstr *qstr, |
2097 | char **name, void **value, | 2097 | const char **name, |
2098 | size_t *len) | 2098 | void **value, size_t *len) |
2099 | { | 2099 | { |
2100 | return -EOPNOTSUPP; | 2100 | return -EOPNOTSUPP; |
2101 | } | 2101 | } |
diff --git a/include/linux/xattr.h b/include/linux/xattr.h index fdbafc6841cf..91b0a68d38dc 100644 --- a/include/linux/xattr.h +++ b/include/linux/xattr.h | |||
@@ -31,7 +31,7 @@ struct xattr_handler { | |||
31 | }; | 31 | }; |
32 | 32 | ||
33 | struct xattr { | 33 | struct xattr { |
34 | char *name; | 34 | const char *name; |
35 | void *value; | 35 | void *value; |
36 | size_t value_len; | 36 | size_t value_len; |
37 | }; | 37 | }; |
diff --git a/include/uapi/linux/reiserfs_xattr.h b/include/uapi/linux/reiserfs_xattr.h index d8ce17c2459a..38fdd648be21 100644 --- a/include/uapi/linux/reiserfs_xattr.h +++ b/include/uapi/linux/reiserfs_xattr.h | |||
@@ -16,7 +16,7 @@ struct reiserfs_xattr_header { | |||
16 | }; | 16 | }; |
17 | 17 | ||
18 | struct reiserfs_security_handle { | 18 | struct reiserfs_security_handle { |
19 | char *name; | 19 | const char *name; |
20 | void *value; | 20 | void *value; |
21 | size_t length; | 21 | size_t length; |
22 | }; | 22 | }; |
diff --git a/security/capability.c b/security/capability.c index 32b515766df1..dbeb9bc27b24 100644 --- a/security/capability.c +++ b/security/capability.c | |||
@@ -129,7 +129,7 @@ static void cap_inode_free_security(struct inode *inode) | |||
129 | } | 129 | } |
130 | 130 | ||
131 | static int cap_inode_init_security(struct inode *inode, struct inode *dir, | 131 | static int cap_inode_init_security(struct inode *inode, struct inode *dir, |
132 | const struct qstr *qstr, char **name, | 132 | const struct qstr *qstr, const char **name, |
133 | void **value, size_t *len) | 133 | void **value, size_t *len) |
134 | { | 134 | { |
135 | return -EOPNOTSUPP; | 135 | return -EOPNOTSUPP; |
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index df0fa451a871..af9b6852f4e1 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c | |||
@@ -418,7 +418,7 @@ int evm_inode_init_security(struct inode *inode, | |||
418 | 418 | ||
419 | evm_xattr->value = xattr_data; | 419 | evm_xattr->value = xattr_data; |
420 | evm_xattr->value_len = sizeof(*xattr_data); | 420 | evm_xattr->value_len = sizeof(*xattr_data); |
421 | evm_xattr->name = kstrdup(XATTR_EVM_SUFFIX, GFP_NOFS); | 421 | evm_xattr->name = XATTR_EVM_SUFFIX; |
422 | return 0; | 422 | return 0; |
423 | out: | 423 | out: |
424 | kfree(xattr_data); | 424 | kfree(xattr_data); |
diff --git a/security/security.c b/security/security.c index 94b35aef6871..4dc31f4f2700 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -348,10 +348,10 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, | |||
348 | if (unlikely(IS_PRIVATE(inode))) | 348 | if (unlikely(IS_PRIVATE(inode))) |
349 | return 0; | 349 | return 0; |
350 | 350 | ||
351 | memset(new_xattrs, 0, sizeof new_xattrs); | ||
352 | if (!initxattrs) | 351 | if (!initxattrs) |
353 | return security_ops->inode_init_security(inode, dir, qstr, | 352 | return security_ops->inode_init_security(inode, dir, qstr, |
354 | NULL, NULL, NULL); | 353 | NULL, NULL, NULL); |
354 | memset(new_xattrs, 0, sizeof(new_xattrs)); | ||
355 | lsm_xattr = new_xattrs; | 355 | lsm_xattr = new_xattrs; |
356 | ret = security_ops->inode_init_security(inode, dir, qstr, | 356 | ret = security_ops->inode_init_security(inode, dir, qstr, |
357 | &lsm_xattr->name, | 357 | &lsm_xattr->name, |
@@ -366,16 +366,14 @@ int security_inode_init_security(struct inode *inode, struct inode *dir, | |||
366 | goto out; | 366 | goto out; |
367 | ret = initxattrs(inode, new_xattrs, fs_data); | 367 | ret = initxattrs(inode, new_xattrs, fs_data); |
368 | out: | 368 | out: |
369 | for (xattr = new_xattrs; xattr->name != NULL; xattr++) { | 369 | for (xattr = new_xattrs; xattr->value != NULL; xattr++) |
370 | kfree(xattr->name); | ||
371 | kfree(xattr->value); | 370 | kfree(xattr->value); |
372 | } | ||
373 | return (ret == -EOPNOTSUPP) ? 0 : ret; | 371 | return (ret == -EOPNOTSUPP) ? 0 : ret; |
374 | } | 372 | } |
375 | EXPORT_SYMBOL(security_inode_init_security); | 373 | EXPORT_SYMBOL(security_inode_init_security); |
376 | 374 | ||
377 | int security_old_inode_init_security(struct inode *inode, struct inode *dir, | 375 | int security_old_inode_init_security(struct inode *inode, struct inode *dir, |
378 | const struct qstr *qstr, char **name, | 376 | const struct qstr *qstr, const char **name, |
379 | void **value, size_t *len) | 377 | void **value, size_t *len) |
380 | { | 378 | { |
381 | if (unlikely(IS_PRIVATE(inode))) | 379 | if (unlikely(IS_PRIVATE(inode))) |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c956390a9136..a5091ec06aa6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2587,7 +2587,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode, | |||
2587 | } | 2587 | } |
2588 | 2588 | ||
2589 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | 2589 | static int selinux_inode_init_security(struct inode *inode, struct inode *dir, |
2590 | const struct qstr *qstr, char **name, | 2590 | const struct qstr *qstr, |
2591 | const char **name, | ||
2591 | void **value, size_t *len) | 2592 | void **value, size_t *len) |
2592 | { | 2593 | { |
2593 | const struct task_security_struct *tsec = current_security(); | 2594 | const struct task_security_struct *tsec = current_security(); |
@@ -2595,7 +2596,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2595 | struct superblock_security_struct *sbsec; | 2596 | struct superblock_security_struct *sbsec; |
2596 | u32 sid, newsid, clen; | 2597 | u32 sid, newsid, clen; |
2597 | int rc; | 2598 | int rc; |
2598 | char *namep = NULL, *context; | 2599 | char *context; |
2599 | 2600 | ||
2600 | dsec = dir->i_security; | 2601 | dsec = dir->i_security; |
2601 | sbsec = dir->i_sb->s_security; | 2602 | sbsec = dir->i_sb->s_security; |
@@ -2631,19 +2632,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir, | |||
2631 | if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) | 2632 | if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) |
2632 | return -EOPNOTSUPP; | 2633 | return -EOPNOTSUPP; |
2633 | 2634 | ||
2634 | if (name) { | 2635 | if (name) |
2635 | namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); | 2636 | *name = XATTR_SELINUX_SUFFIX; |
2636 | if (!namep) | ||
2637 | return -ENOMEM; | ||
2638 | *name = namep; | ||
2639 | } | ||
2640 | 2637 | ||
2641 | if (value && len) { | 2638 | if (value && len) { |
2642 | rc = security_sid_to_context_force(newsid, &context, &clen); | 2639 | rc = security_sid_to_context_force(newsid, &context, &clen); |
2643 | if (rc) { | 2640 | if (rc) |
2644 | kfree(namep); | ||
2645 | return rc; | 2641 | return rc; |
2646 | } | ||
2647 | *value = context; | 2642 | *value = context; |
2648 | *len = clen; | 2643 | *len = clen; |
2649 | } | 2644 | } |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 3f7682a387b7..a113a779f00c 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -582,7 +582,7 @@ static void smack_inode_free_security(struct inode *inode) | |||
582 | * Returns 0 if it all works out, -ENOMEM if there's no memory | 582 | * Returns 0 if it all works out, -ENOMEM if there's no memory |
583 | */ | 583 | */ |
584 | static int smack_inode_init_security(struct inode *inode, struct inode *dir, | 584 | static int smack_inode_init_security(struct inode *inode, struct inode *dir, |
585 | const struct qstr *qstr, char **name, | 585 | const struct qstr *qstr, const char **name, |
586 | void **value, size_t *len) | 586 | void **value, size_t *len) |
587 | { | 587 | { |
588 | struct inode_smack *issp = inode->i_security; | 588 | struct inode_smack *issp = inode->i_security; |
@@ -591,11 +591,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir, | |||
591 | char *dsp = smk_of_inode(dir); | 591 | char *dsp = smk_of_inode(dir); |
592 | int may; | 592 | int may; |
593 | 593 | ||
594 | if (name) { | 594 | if (name) |
595 | *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS); | 595 | *name = XATTR_SMACK_SUFFIX; |
596 | if (*name == NULL) | ||
597 | return -ENOMEM; | ||
598 | } | ||
599 | 596 | ||
600 | if (value) { | 597 | if (value) { |
601 | rcu_read_lock(); | 598 | rcu_read_lock(); |