diff options
Diffstat (limited to 'security')
-rw-r--r-- | security/commoncap.c | 6 | ||||
-rw-r--r-- | security/dummy.c | 13 | ||||
-rw-r--r-- | security/security.c | 12 | ||||
-rw-r--r-- | security/selinux/hooks.c | 14 | ||||
-rw-r--r-- | security/selinux/include/security.h | 2 | ||||
-rw-r--r-- | security/selinux/ss/services.c | 4 | ||||
-rw-r--r-- | security/smack/smack_lsm.c | 12 |
7 files changed, 33 insertions, 30 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index e8c3f5e46705..5edabc7542ae 100644 --- a/security/commoncap.c +++ b/security/commoncap.c | |||
@@ -383,8 +383,8 @@ int cap_bprm_secureexec (struct linux_binprm *bprm) | |||
383 | current->egid != current->gid); | 383 | current->egid != current->gid); |
384 | } | 384 | } |
385 | 385 | ||
386 | int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, | 386 | int cap_inode_setxattr(struct dentry *dentry, const char *name, |
387 | size_t size, int flags) | 387 | const void *value, size_t size, int flags) |
388 | { | 388 | { |
389 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 389 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
390 | if (!capable(CAP_SETFCAP)) | 390 | if (!capable(CAP_SETFCAP)) |
@@ -397,7 +397,7 @@ int cap_inode_setxattr(struct dentry *dentry, char *name, void *value, | |||
397 | return 0; | 397 | return 0; |
398 | } | 398 | } |
399 | 399 | ||
400 | int cap_inode_removexattr(struct dentry *dentry, char *name) | 400 | int cap_inode_removexattr(struct dentry *dentry, const char *name) |
401 | { | 401 | { |
402 | if (!strcmp(name, XATTR_NAME_CAPS)) { | 402 | if (!strcmp(name, XATTR_NAME_CAPS)) { |
403 | if (!capable(CAP_SETFCAP)) | 403 | if (!capable(CAP_SETFCAP)) |
diff --git a/security/dummy.c b/security/dummy.c index 58d4dd1af5c7..26ee06ef0e93 100644 --- a/security/dummy.c +++ b/security/dummy.c | |||
@@ -365,8 +365,8 @@ static void dummy_inode_delete (struct inode *ino) | |||
365 | return; | 365 | return; |
366 | } | 366 | } |
367 | 367 | ||
368 | static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value, | 368 | static int dummy_inode_setxattr (struct dentry *dentry, const char *name, |
369 | size_t size, int flags) | 369 | const void *value, size_t size, int flags) |
370 | { | 370 | { |
371 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | 371 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
372 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 372 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
@@ -375,12 +375,13 @@ static int dummy_inode_setxattr (struct dentry *dentry, char *name, void *value, | |||
375 | return 0; | 375 | return 0; |
376 | } | 376 | } |
377 | 377 | ||
378 | static void dummy_inode_post_setxattr (struct dentry *dentry, char *name, void *value, | 378 | static void dummy_inode_post_setxattr (struct dentry *dentry, const char *name, |
379 | size_t size, int flags) | 379 | const void *value, size_t size, |
380 | int flags) | ||
380 | { | 381 | { |
381 | } | 382 | } |
382 | 383 | ||
383 | static int dummy_inode_getxattr (struct dentry *dentry, char *name) | 384 | static int dummy_inode_getxattr (struct dentry *dentry, const char *name) |
384 | { | 385 | { |
385 | return 0; | 386 | return 0; |
386 | } | 387 | } |
@@ -390,7 +391,7 @@ static int dummy_inode_listxattr (struct dentry *dentry) | |||
390 | return 0; | 391 | return 0; |
391 | } | 392 | } |
392 | 393 | ||
393 | static int dummy_inode_removexattr (struct dentry *dentry, char *name) | 394 | static int dummy_inode_removexattr (struct dentry *dentry, const char *name) |
394 | { | 395 | { |
395 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | 396 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
396 | sizeof(XATTR_SECURITY_PREFIX) - 1) && | 397 | sizeof(XATTR_SECURITY_PREFIX) - 1) && |
diff --git a/security/security.c b/security/security.c index d5cb5898d967..a809035441ab 100644 --- a/security/security.c +++ b/security/security.c | |||
@@ -491,23 +491,23 @@ void security_inode_delete(struct inode *inode) | |||
491 | security_ops->inode_delete(inode); | 491 | security_ops->inode_delete(inode); |
492 | } | 492 | } |
493 | 493 | ||
494 | int security_inode_setxattr(struct dentry *dentry, char *name, | 494 | int security_inode_setxattr(struct dentry *dentry, const char *name, |
495 | void *value, size_t size, int flags) | 495 | const void *value, size_t size, int flags) |
496 | { | 496 | { |
497 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 497 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
498 | return 0; | 498 | return 0; |
499 | return security_ops->inode_setxattr(dentry, name, value, size, flags); | 499 | return security_ops->inode_setxattr(dentry, name, value, size, flags); |
500 | } | 500 | } |
501 | 501 | ||
502 | void security_inode_post_setxattr(struct dentry *dentry, char *name, | 502 | void security_inode_post_setxattr(struct dentry *dentry, const char *name, |
503 | void *value, size_t size, int flags) | 503 | const void *value, size_t size, int flags) |
504 | { | 504 | { |
505 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 505 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
506 | return; | 506 | return; |
507 | security_ops->inode_post_setxattr(dentry, name, value, size, flags); | 507 | security_ops->inode_post_setxattr(dentry, name, value, size, flags); |
508 | } | 508 | } |
509 | 509 | ||
510 | int security_inode_getxattr(struct dentry *dentry, char *name) | 510 | int security_inode_getxattr(struct dentry *dentry, const char *name) |
511 | { | 511 | { |
512 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 512 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
513 | return 0; | 513 | return 0; |
@@ -521,7 +521,7 @@ int security_inode_listxattr(struct dentry *dentry) | |||
521 | return security_ops->inode_listxattr(dentry); | 521 | return security_ops->inode_listxattr(dentry); |
522 | } | 522 | } |
523 | 523 | ||
524 | int security_inode_removexattr(struct dentry *dentry, char *name) | 524 | int security_inode_removexattr(struct dentry *dentry, const char *name) |
525 | { | 525 | { |
526 | if (unlikely(IS_PRIVATE(dentry->d_inode))) | 526 | if (unlikely(IS_PRIVATE(dentry->d_inode))) |
527 | return 0; | 527 | return 0; |
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 04acb5af8317..047365ac9faa 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c | |||
@@ -2619,7 +2619,7 @@ static int selinux_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | |||
2619 | return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); | 2619 | return dentry_has_perm(current, mnt, dentry, FILE__GETATTR); |
2620 | } | 2620 | } |
2621 | 2621 | ||
2622 | static int selinux_inode_setotherxattr(struct dentry *dentry, char *name) | 2622 | static int selinux_inode_setotherxattr(struct dentry *dentry, const char *name) |
2623 | { | 2623 | { |
2624 | if (!strncmp(name, XATTR_SECURITY_PREFIX, | 2624 | if (!strncmp(name, XATTR_SECURITY_PREFIX, |
2625 | sizeof XATTR_SECURITY_PREFIX - 1)) { | 2625 | sizeof XATTR_SECURITY_PREFIX - 1)) { |
@@ -2638,7 +2638,8 @@ static int selinux_inode_setotherxattr(struct dentry *dentry, char *name) | |||
2638 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); | 2638 | return dentry_has_perm(current, NULL, dentry, FILE__SETATTR); |
2639 | } | 2639 | } |
2640 | 2640 | ||
2641 | static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value, size_t size, int flags) | 2641 | static int selinux_inode_setxattr(struct dentry *dentry, const char *name, |
2642 | const void *value, size_t size, int flags) | ||
2642 | { | 2643 | { |
2643 | struct task_security_struct *tsec = current->security; | 2644 | struct task_security_struct *tsec = current->security; |
2644 | struct inode *inode = dentry->d_inode; | 2645 | struct inode *inode = dentry->d_inode; |
@@ -2687,8 +2688,9 @@ static int selinux_inode_setxattr(struct dentry *dentry, char *name, void *value | |||
2687 | &ad); | 2688 | &ad); |
2688 | } | 2689 | } |
2689 | 2690 | ||
2690 | static void selinux_inode_post_setxattr(struct dentry *dentry, char *name, | 2691 | static void selinux_inode_post_setxattr(struct dentry *dentry, const char *name, |
2691 | void *value, size_t size, int flags) | 2692 | const void *value, size_t size, |
2693 | int flags) | ||
2692 | { | 2694 | { |
2693 | struct inode *inode = dentry->d_inode; | 2695 | struct inode *inode = dentry->d_inode; |
2694 | struct inode_security_struct *isec = inode->i_security; | 2696 | struct inode_security_struct *isec = inode->i_security; |
@@ -2711,7 +2713,7 @@ static void selinux_inode_post_setxattr(struct dentry *dentry, char *name, | |||
2711 | return; | 2713 | return; |
2712 | } | 2714 | } |
2713 | 2715 | ||
2714 | static int selinux_inode_getxattr(struct dentry *dentry, char *name) | 2716 | static int selinux_inode_getxattr(struct dentry *dentry, const char *name) |
2715 | { | 2717 | { |
2716 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2718 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); |
2717 | } | 2719 | } |
@@ -2721,7 +2723,7 @@ static int selinux_inode_listxattr(struct dentry *dentry) | |||
2721 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); | 2723 | return dentry_has_perm(current, NULL, dentry, FILE__GETATTR); |
2722 | } | 2724 | } |
2723 | 2725 | ||
2724 | static int selinux_inode_removexattr(struct dentry *dentry, char *name) | 2726 | static int selinux_inode_removexattr(struct dentry *dentry, const char *name) |
2725 | { | 2727 | { |
2726 | if (strcmp(name, XATTR_NAME_SELINUX)) | 2728 | if (strcmp(name, XATTR_NAME_SELINUX)) |
2727 | return selinux_inode_setotherxattr(dentry, name); | 2729 | return selinux_inode_setotherxattr(dentry, name); |
diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 6445b6440648..cdb14add27d2 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h | |||
@@ -93,7 +93,7 @@ int security_change_sid(u32 ssid, u32 tsid, | |||
93 | int security_sid_to_context(u32 sid, char **scontext, | 93 | int security_sid_to_context(u32 sid, char **scontext, |
94 | u32 *scontext_len); | 94 | u32 *scontext_len); |
95 | 95 | ||
96 | int security_context_to_sid(char *scontext, u32 scontext_len, | 96 | int security_context_to_sid(const char *scontext, u32 scontext_len, |
97 | u32 *out_sid); | 97 | u32 *out_sid); |
98 | 98 | ||
99 | int security_context_to_sid_default(char *scontext, u32 scontext_len, | 99 | int security_context_to_sid_default(char *scontext, u32 scontext_len, |
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index 2daaddbb301d..25cac5a2aa8e 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c | |||
@@ -708,7 +708,7 @@ out: | |||
708 | 708 | ||
709 | } | 709 | } |
710 | 710 | ||
711 | static int security_context_to_sid_core(char *scontext, u32 scontext_len, | 711 | static int security_context_to_sid_core(const char *scontext, u32 scontext_len, |
712 | u32 *sid, u32 def_sid, gfp_t gfp_flags) | 712 | u32 *sid, u32 def_sid, gfp_t gfp_flags) |
713 | { | 713 | { |
714 | char *scontext2; | 714 | char *scontext2; |
@@ -835,7 +835,7 @@ out: | |||
835 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient | 835 | * Returns -%EINVAL if the context is invalid, -%ENOMEM if insufficient |
836 | * memory is available, or 0 on success. | 836 | * memory is available, or 0 on success. |
837 | */ | 837 | */ |
838 | int security_context_to_sid(char *scontext, u32 scontext_len, u32 *sid) | 838 | int security_context_to_sid(const char *scontext, u32 scontext_len, u32 *sid) |
839 | { | 839 | { |
840 | return security_context_to_sid_core(scontext, scontext_len, | 840 | return security_context_to_sid_core(scontext, scontext_len, |
841 | sid, SECSID_NULL, GFP_KERNEL); | 841 | sid, SECSID_NULL, GFP_KERNEL); |
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 77ec16a3b68b..5d2ec5650e61 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c | |||
@@ -574,8 +574,8 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry) | |||
574 | * | 574 | * |
575 | * Returns 0 if access is permitted, an error code otherwise | 575 | * Returns 0 if access is permitted, an error code otherwise |
576 | */ | 576 | */ |
577 | static int smack_inode_setxattr(struct dentry *dentry, char *name, | 577 | static int smack_inode_setxattr(struct dentry *dentry, const char *name, |
578 | void *value, size_t size, int flags) | 578 | const void *value, size_t size, int flags) |
579 | { | 579 | { |
580 | int rc = 0; | 580 | int rc = 0; |
581 | 581 | ||
@@ -604,8 +604,8 @@ static int smack_inode_setxattr(struct dentry *dentry, char *name, | |||
604 | * Set the pointer in the inode blob to the entry found | 604 | * Set the pointer in the inode blob to the entry found |
605 | * in the master label list. | 605 | * in the master label list. |
606 | */ | 606 | */ |
607 | static void smack_inode_post_setxattr(struct dentry *dentry, char *name, | 607 | static void smack_inode_post_setxattr(struct dentry *dentry, const char *name, |
608 | void *value, size_t size, int flags) | 608 | const void *value, size_t size, int flags) |
609 | { | 609 | { |
610 | struct inode_smack *isp; | 610 | struct inode_smack *isp; |
611 | char *nsp; | 611 | char *nsp; |
@@ -641,7 +641,7 @@ static void smack_inode_post_setxattr(struct dentry *dentry, char *name, | |||
641 | * | 641 | * |
642 | * Returns 0 if access is permitted, an error code otherwise | 642 | * Returns 0 if access is permitted, an error code otherwise |
643 | */ | 643 | */ |
644 | static int smack_inode_getxattr(struct dentry *dentry, char *name) | 644 | static int smack_inode_getxattr(struct dentry *dentry, const char *name) |
645 | { | 645 | { |
646 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); | 646 | return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ); |
647 | } | 647 | } |
@@ -655,7 +655,7 @@ static int smack_inode_getxattr(struct dentry *dentry, char *name) | |||
655 | * | 655 | * |
656 | * Returns 0 if access is permitted, an error code otherwise | 656 | * Returns 0 if access is permitted, an error code otherwise |
657 | */ | 657 | */ |
658 | static int smack_inode_removexattr(struct dentry *dentry, char *name) | 658 | static int smack_inode_removexattr(struct dentry *dentry, const char *name) |
659 | { | 659 | { |
660 | int rc = 0; | 660 | int rc = 0; |
661 | 661 | ||