mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
synced 2025-01-01 10:43:43 +00:00
lsm: constify 'file' parameter in security_bprm_creds_from_file()
The 'bprm_creds_from_file' hook has implementation registered in commoncap. Looking at the function implementation we observe that the 'file' parameter is not changing. Mark the 'file' parameter of LSM hook security_bprm_creds_from_file() as 'const' since it will not be changing in the LSM hook. Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
This commit is contained in:
parent
25cc71d152
commit
4a00c67306
@ -2450,7 +2450,7 @@ struct filename {
|
||||
};
|
||||
static_assert(offsetof(struct filename, iname) % sizeof(long) == 0);
|
||||
|
||||
static inline struct mnt_idmap *file_mnt_idmap(struct file *file)
|
||||
static inline struct mnt_idmap *file_mnt_idmap(const struct file *file)
|
||||
{
|
||||
return mnt_idmap(file->f_path.mnt);
|
||||
}
|
||||
|
@ -50,7 +50,7 @@ LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
|
||||
const struct timezone *tz)
|
||||
LSM_HOOK(int, 0, vm_enough_memory, struct mm_struct *mm, long pages)
|
||||
LSM_HOOK(int, 0, bprm_creds_for_exec, struct linux_binprm *bprm)
|
||||
LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, struct file *file)
|
||||
LSM_HOOK(int, 0, bprm_creds_from_file, struct linux_binprm *bprm, const struct file *file)
|
||||
LSM_HOOK(int, 0, bprm_check_security, struct linux_binprm *bprm)
|
||||
LSM_HOOK(void, LSM_RET_VOID, bprm_committing_creds, struct linux_binprm *bprm)
|
||||
LSM_HOOK(void, LSM_RET_VOID, bprm_committed_creds, struct linux_binprm *bprm)
|
||||
|
@ -151,7 +151,7 @@ extern int cap_capset(struct cred *new, const struct cred *old,
|
||||
const kernel_cap_t *effective,
|
||||
const kernel_cap_t *inheritable,
|
||||
const kernel_cap_t *permitted);
|
||||
extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
|
||||
extern int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
|
||||
int cap_inode_setxattr(struct dentry *dentry, const char *name,
|
||||
const void *value, size_t size, int flags);
|
||||
int cap_inode_removexattr(struct mnt_idmap *idmap,
|
||||
@ -290,7 +290,7 @@ int security_syslog(int type);
|
||||
int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
|
||||
int security_vm_enough_memory_mm(struct mm_struct *mm, long pages);
|
||||
int security_bprm_creds_for_exec(struct linux_binprm *bprm);
|
||||
int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file);
|
||||
int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file);
|
||||
int security_bprm_check(struct linux_binprm *bprm);
|
||||
void security_bprm_committing_creds(struct linux_binprm *bprm);
|
||||
void security_bprm_committed_creds(struct linux_binprm *bprm);
|
||||
@ -613,7 +613,7 @@ static inline int security_bprm_creds_for_exec(struct linux_binprm *bprm)
|
||||
}
|
||||
|
||||
static inline int security_bprm_creds_from_file(struct linux_binprm *bprm,
|
||||
struct file *file)
|
||||
const struct file *file)
|
||||
{
|
||||
return cap_bprm_creds_from_file(bprm, file);
|
||||
}
|
||||
|
@ -720,7 +720,7 @@ int get_vfs_caps_from_disk(struct mnt_idmap *idmap,
|
||||
* its xattrs and, if present, apply them to the proposed credentials being
|
||||
* constructed by execve().
|
||||
*/
|
||||
static int get_file_caps(struct linux_binprm *bprm, struct file *file,
|
||||
static int get_file_caps(struct linux_binprm *bprm, const struct file *file,
|
||||
bool *effective, bool *has_fcap)
|
||||
{
|
||||
int rc = 0;
|
||||
@ -882,7 +882,7 @@ static inline bool nonroot_raised_pE(struct cred *new, const struct cred *old,
|
||||
*
|
||||
* Return: 0 if successful, -ve on error.
|
||||
*/
|
||||
int cap_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file)
|
||||
int cap_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file)
|
||||
{
|
||||
/* Process setpcap binaries and capabilities for uid 0 */
|
||||
const struct cred *old = current_cred();
|
||||
|
@ -1079,7 +1079,7 @@ int security_bprm_creds_for_exec(struct linux_binprm *bprm)
|
||||
*
|
||||
* Return: Returns 0 if the hook is successful and permission is granted.
|
||||
*/
|
||||
int security_bprm_creds_from_file(struct linux_binprm *bprm, struct file *file)
|
||||
int security_bprm_creds_from_file(struct linux_binprm *bprm, const struct file *file)
|
||||
{
|
||||
return call_int_hook(bprm_creds_from_file, 0, bprm, file);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user