Commit 433d7ce2 authored Aug 06, 2024 by Andrii Nakryiko

security,bpf: constify struct path in bpf_token_create() LSM hook



There is no reason why struct path pointer shouldn't be const-qualified
when being passed into bpf_token_create() LSM hook. Add that const.

Acked-by: Paul Moore <paul@paul-moore.com> (LSM/SELinux)
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>

parent eceb7b33

include/linux/lsm_hook_defs.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -431,7 +431,7 @@ LSM_HOOK(int, 0, bpf_prog_load, struct bpf_prog prog, union bpf_attr attr,
		struct bpf_token *token)
		LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free, struct bpf_prog *prog)
		LSM_HOOK(int, 0, bpf_token_create, struct bpf_token token, union bpf_attr attr,
		struct path *path)
		const struct path *path)
		LSM_HOOK(void, LSM_RET_VOID, bpf_token_free, struct bpf_token *token)
		LSM_HOOK(int, 0, bpf_token_cmd, const struct bpf_token *token, enum bpf_cmd cmd)
		LSM_HOOK(int, 0, bpf_token_capable, const struct bpf_token *token, int cap)

include/linux/security.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -2137,7 +2137,7 @@ extern int security_bpf_prog_load(struct bpf_prog prog, union bpf_attr attr,
		struct bpf_token *token);
		extern void security_bpf_prog_free(struct bpf_prog *prog);
		extern int security_bpf_token_create(struct bpf_token token, union bpf_attr attr,
		struct path *path);
		const struct path *path);
		extern void security_bpf_token_free(struct bpf_token *token);
		extern int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd);
		extern int security_bpf_token_capable(const struct bpf_token *token, int cap);
		@@ -2177,7 +2177,7 @@ static inline void security_bpf_prog_free(struct bpf_prog *prog)
		{ }

		static inline int security_bpf_token_create(struct bpf_token token, union bpf_attr attr,
		struct path *path)
		const struct path *path)
		{
		return 0;
		}

security/security.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -5510,7 +5510,7 @@ int security_bpf_prog_load(struct bpf_prog prog, union bpf_attr attr,
		* Return: Returns 0 on success, error on failure.
		*/
		int security_bpf_token_create(struct bpf_token token, union bpf_attr attr,
		struct path *path)
		const struct path *path)
		{
		return call_int_hook(bpf_token_create, token, attr, path);
		}

security/selinux/hooks.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -6965,7 +6965,7 @@ static void selinux_bpf_prog_free(struct bpf_prog *prog)
		}

		static int selinux_bpf_token_create(struct bpf_token token, union bpf_attr attr,
		struct path *path)
		const struct path *path)
		{
		struct bpf_security_struct *bpfsec;