tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

security,bpf: constify struct path in bpf_token_create() LSM hook

There is no reason why struct path pointer shouldn't be const-qualified
when being passed into bpf_token_create() LSM hook. Add that const.

Acked-by: Paul Moore <paul@paul-moore.com> (LSM/SELinux)
Suggested-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Andrii Nakryiko <andrii@kernel.org>

Andrii Nakryiko 433d7ce2 eceb7b33

+5 -5
+1 -1
include/linux/lsm_hook_defs.h
··· 431 431 struct bpf_token *token) 432 432 LSM_HOOK(void, LSM_RET_VOID, bpf_prog_free, struct bpf_prog *prog) 433 433 LSM_HOOK(int, 0, bpf_token_create, struct bpf_token *token, union bpf_attr *attr, 434 - struct path *path) 434 + const struct path *path) 435 435 LSM_HOOK(void, LSM_RET_VOID, bpf_token_free, struct bpf_token *token) 436 436 LSM_HOOK(int, 0, bpf_token_cmd, const struct bpf_token *token, enum bpf_cmd cmd) 437 437 LSM_HOOK(int, 0, bpf_token_capable, const struct bpf_token *token, int cap)
+2 -2
include/linux/security.h
··· 2137 2137 struct bpf_token *token); 2138 2138 extern void security_bpf_prog_free(struct bpf_prog *prog); 2139 2139 extern int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, 2140 - struct path *path); 2140 + const struct path *path); 2141 2141 extern void security_bpf_token_free(struct bpf_token *token); 2142 2142 extern int security_bpf_token_cmd(const struct bpf_token *token, enum bpf_cmd cmd); 2143 2143 extern int security_bpf_token_capable(const struct bpf_token *token, int cap); ··· 2177 2177 { } 2178 2178 2179 2179 static inline int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, 2180 - struct path *path) 2180 + const struct path *path) 2181 2181 { 2182 2182 return 0; 2183 2183 }
+1 -1
security/security.c
··· 5510 5510 * Return: Returns 0 on success, error on failure. 5511 5511 */ 5512 5512 int security_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, 5513 - struct path *path) 5513 + const struct path *path) 5514 5514 { 5515 5515 return call_int_hook(bpf_token_create, token, attr, path); 5516 5516 }
+1 -1
security/selinux/hooks.c
··· 6965 6965 } 6966 6966 6967 6967 static int selinux_bpf_token_create(struct bpf_token *token, union bpf_attr *attr, 6968 - struct path *path) 6968 + const struct path *path) 6969 6969 { 6970 6970 struct bpf_security_struct *bpfsec; 6971 6971