aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/ocfs2/xattr.h2
-rw-r--r--include/linux/security.h8
-rw-r--r--include/linux/xattr.h2
-rw-r--r--include/uapi/linux/reiserfs_xattr.h2
-rw-r--r--security/capability.c2
-rw-r--r--security/integrity/evm/evm_main.c2
-rw-r--r--security/security.c8
-rw-r--r--security/selinux/hooks.c17
-rw-r--r--security/smack/smack_lsm.c9
9 files changed, 21 insertions, 31 deletions
diff --git a/fs/ocfs2/xattr.h b/fs/ocfs2/xattr.h
index e5c7f15465b4..19f134e896a9 100644
--- a/fs/ocfs2/xattr.h
+++ b/fs/ocfs2/xattr.h
@@ -32,7 +32,7 @@ enum ocfs2_xattr_type {
32 32
33struct ocfs2_security_xattr_info { 33struct ocfs2_security_xattr_info {
34 int enable; 34 int enable;
35 char *name; 35 const char *name;
36 void *value; 36 void *value;
37 size_t value_len; 37 size_t value_len;
38}; 38};
diff --git a/include/linux/security.h b/include/linux/security.h
index 7ce53ae1266b..9d37e2b9d3ec 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1492,7 +1492,7 @@ struct security_operations {
1492 int (*inode_alloc_security) (struct inode *inode); 1492 int (*inode_alloc_security) (struct inode *inode);
1493 void (*inode_free_security) (struct inode *inode); 1493 void (*inode_free_security) (struct inode *inode);
1494 int (*inode_init_security) (struct inode *inode, struct inode *dir, 1494 int (*inode_init_security) (struct inode *inode, struct inode *dir,
1495 const struct qstr *qstr, char **name, 1495 const struct qstr *qstr, const char **name,
1496 void **value, size_t *len); 1496 void **value, size_t *len);
1497 int (*inode_create) (struct inode *dir, 1497 int (*inode_create) (struct inode *dir,
1498 struct dentry *dentry, umode_t mode); 1498 struct dentry *dentry, umode_t mode);
@@ -1770,7 +1770,7 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
1770 const struct qstr *qstr, 1770 const struct qstr *qstr,
1771 initxattrs initxattrs, void *fs_data); 1771 initxattrs initxattrs, void *fs_data);
1772int security_old_inode_init_security(struct inode *inode, struct inode *dir, 1772int security_old_inode_init_security(struct inode *inode, struct inode *dir,
1773 const struct qstr *qstr, char **name, 1773 const struct qstr *qstr, const char **name,
1774 void **value, size_t *len); 1774 void **value, size_t *len);
1775int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode); 1775int security_inode_create(struct inode *dir, struct dentry *dentry, umode_t mode);
1776int security_inode_link(struct dentry *old_dentry, struct inode *dir, 1776int security_inode_link(struct dentry *old_dentry, struct inode *dir,
@@ -2094,8 +2094,8 @@ static inline int security_inode_init_security(struct inode *inode,
2094static inline int security_old_inode_init_security(struct inode *inode, 2094static inline int security_old_inode_init_security(struct inode *inode,
2095 struct inode *dir, 2095 struct inode *dir,
2096 const struct qstr *qstr, 2096 const struct qstr *qstr,
2097 char **name, void **value, 2097 const char **name,
2098 size_t *len) 2098 void **value, size_t *len)
2099{ 2099{
2100 return -EOPNOTSUPP; 2100 return -EOPNOTSUPP;
2101} 2101}
diff --git a/include/linux/xattr.h b/include/linux/xattr.h
index fdbafc6841cf..91b0a68d38dc 100644
--- a/include/linux/xattr.h
+++ b/include/linux/xattr.h
@@ -31,7 +31,7 @@ struct xattr_handler {
31}; 31};
32 32
33struct xattr { 33struct xattr {
34 char *name; 34 const char *name;
35 void *value; 35 void *value;
36 size_t value_len; 36 size_t value_len;
37}; 37};
diff --git a/include/uapi/linux/reiserfs_xattr.h b/include/uapi/linux/reiserfs_xattr.h
index d8ce17c2459a..38fdd648be21 100644
--- a/include/uapi/linux/reiserfs_xattr.h
+++ b/include/uapi/linux/reiserfs_xattr.h
@@ -16,7 +16,7 @@ struct reiserfs_xattr_header {
16}; 16};
17 17
18struct reiserfs_security_handle { 18struct reiserfs_security_handle {
19 char *name; 19 const char *name;
20 void *value; 20 void *value;
21 size_t length; 21 size_t length;
22}; 22};
diff --git a/security/capability.c b/security/capability.c
index 32b515766df1..dbeb9bc27b24 100644
--- a/security/capability.c
+++ b/security/capability.c
@@ -129,7 +129,7 @@ static void cap_inode_free_security(struct inode *inode)
129} 129}
130 130
131static int cap_inode_init_security(struct inode *inode, struct inode *dir, 131static int cap_inode_init_security(struct inode *inode, struct inode *dir,
132 const struct qstr *qstr, char **name, 132 const struct qstr *qstr, const char **name,
133 void **value, size_t *len) 133 void **value, size_t *len)
134{ 134{
135 return -EOPNOTSUPP; 135 return -EOPNOTSUPP;
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index df0fa451a871..af9b6852f4e1 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -418,7 +418,7 @@ int evm_inode_init_security(struct inode *inode,
418 418
419 evm_xattr->value = xattr_data; 419 evm_xattr->value = xattr_data;
420 evm_xattr->value_len = sizeof(*xattr_data); 420 evm_xattr->value_len = sizeof(*xattr_data);
421 evm_xattr->name = kstrdup(XATTR_EVM_SUFFIX, GFP_NOFS); 421 evm_xattr->name = XATTR_EVM_SUFFIX;
422 return 0; 422 return 0;
423out: 423out:
424 kfree(xattr_data); 424 kfree(xattr_data);
diff --git a/security/security.c b/security/security.c
index 94b35aef6871..4dc31f4f2700 100644
--- a/security/security.c
+++ b/security/security.c
@@ -348,10 +348,10 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
348 if (unlikely(IS_PRIVATE(inode))) 348 if (unlikely(IS_PRIVATE(inode)))
349 return 0; 349 return 0;
350 350
351 memset(new_xattrs, 0, sizeof new_xattrs);
352 if (!initxattrs) 351 if (!initxattrs)
353 return security_ops->inode_init_security(inode, dir, qstr, 352 return security_ops->inode_init_security(inode, dir, qstr,
354 NULL, NULL, NULL); 353 NULL, NULL, NULL);
354 memset(new_xattrs, 0, sizeof(new_xattrs));
355 lsm_xattr = new_xattrs; 355 lsm_xattr = new_xattrs;
356 ret = security_ops->inode_init_security(inode, dir, qstr, 356 ret = security_ops->inode_init_security(inode, dir, qstr,
357 &lsm_xattr->name, 357 &lsm_xattr->name,
@@ -366,16 +366,14 @@ int security_inode_init_security(struct inode *inode, struct inode *dir,
366 goto out; 366 goto out;
367 ret = initxattrs(inode, new_xattrs, fs_data); 367 ret = initxattrs(inode, new_xattrs, fs_data);
368out: 368out:
369 for (xattr = new_xattrs; xattr->name != NULL; xattr++) { 369 for (xattr = new_xattrs; xattr->value != NULL; xattr++)
370 kfree(xattr->name);
371 kfree(xattr->value); 370 kfree(xattr->value);
372 }
373 return (ret == -EOPNOTSUPP) ? 0 : ret; 371 return (ret == -EOPNOTSUPP) ? 0 : ret;
374} 372}
375EXPORT_SYMBOL(security_inode_init_security); 373EXPORT_SYMBOL(security_inode_init_security);
376 374
377int security_old_inode_init_security(struct inode *inode, struct inode *dir, 375int security_old_inode_init_security(struct inode *inode, struct inode *dir,
378 const struct qstr *qstr, char **name, 376 const struct qstr *qstr, const char **name,
379 void **value, size_t *len) 377 void **value, size_t *len)
380{ 378{
381 if (unlikely(IS_PRIVATE(inode))) 379 if (unlikely(IS_PRIVATE(inode)))
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index c956390a9136..a5091ec06aa6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2587,7 +2587,8 @@ static int selinux_dentry_init_security(struct dentry *dentry, int mode,
2587} 2587}
2588 2588
2589static int selinux_inode_init_security(struct inode *inode, struct inode *dir, 2589static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2590 const struct qstr *qstr, char **name, 2590 const struct qstr *qstr,
2591 const char **name,
2591 void **value, size_t *len) 2592 void **value, size_t *len)
2592{ 2593{
2593 const struct task_security_struct *tsec = current_security(); 2594 const struct task_security_struct *tsec = current_security();
@@ -2595,7 +2596,7 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2595 struct superblock_security_struct *sbsec; 2596 struct superblock_security_struct *sbsec;
2596 u32 sid, newsid, clen; 2597 u32 sid, newsid, clen;
2597 int rc; 2598 int rc;
2598 char *namep = NULL, *context; 2599 char *context;
2599 2600
2600 dsec = dir->i_security; 2601 dsec = dir->i_security;
2601 sbsec = dir->i_sb->s_security; 2602 sbsec = dir->i_sb->s_security;
@@ -2631,19 +2632,13 @@ static int selinux_inode_init_security(struct inode *inode, struct inode *dir,
2631 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP)) 2632 if (!ss_initialized || !(sbsec->flags & SE_SBLABELSUPP))
2632 return -EOPNOTSUPP; 2633 return -EOPNOTSUPP;
2633 2634
2634 if (name) { 2635 if (name)
2635 namep = kstrdup(XATTR_SELINUX_SUFFIX, GFP_NOFS); 2636 *name = XATTR_SELINUX_SUFFIX;
2636 if (!namep)
2637 return -ENOMEM;
2638 *name = namep;
2639 }
2640 2637
2641 if (value && len) { 2638 if (value && len) {
2642 rc = security_sid_to_context_force(newsid, &context, &clen); 2639 rc = security_sid_to_context_force(newsid, &context, &clen);
2643 if (rc) { 2640 if (rc)
2644 kfree(namep);
2645 return rc; 2641 return rc;
2646 }
2647 *value = context; 2642 *value = context;
2648 *len = clen; 2643 *len = clen;
2649 } 2644 }
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3f7682a387b7..a113a779f00c 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -582,7 +582,7 @@ static void smack_inode_free_security(struct inode *inode)
582 * Returns 0 if it all works out, -ENOMEM if there's no memory 582 * Returns 0 if it all works out, -ENOMEM if there's no memory
583 */ 583 */
584static int smack_inode_init_security(struct inode *inode, struct inode *dir, 584static int smack_inode_init_security(struct inode *inode, struct inode *dir,
585 const struct qstr *qstr, char **name, 585 const struct qstr *qstr, const char **name,
586 void **value, size_t *len) 586 void **value, size_t *len)
587{ 587{
588 struct inode_smack *issp = inode->i_security; 588 struct inode_smack *issp = inode->i_security;
@@ -591,11 +591,8 @@ static int smack_inode_init_security(struct inode *inode, struct inode *dir,
591 char *dsp = smk_of_inode(dir); 591 char *dsp = smk_of_inode(dir);
592 int may; 592 int may;
593 593
594 if (name) { 594 if (name)
595 *name = kstrdup(XATTR_SMACK_SUFFIX, GFP_NOFS); 595 *name = XATTR_SMACK_SUFFIX;
596 if (*name == NULL)
597 return -ENOMEM;
598 }
599 596
600 if (value) { 597 if (value) {
601 rcu_read_lock(); 598 rcu_read_lock();