tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

security: Constify sk in the sk_getsecid hook.

The sk_getsecid hook shouldn't need to modify its socket argument.
Make it const so that callers of security_sk_classify_flow() can use a
const struct sock *.

Signed-off-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Guillaume Nault and committed by
David S. Miller 5b52ad34 def3833f

+7 -6
+1 -1
include/linux/lsm_hook_defs.h
··· 316 316 LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk) 317 317 LSM_HOOK(void, LSM_RET_VOID, sk_clone_security, const struct sock *sk, 318 318 struct sock *newsk) 319 - LSM_HOOK(void, LSM_RET_VOID, sk_getsecid, struct sock *sk, u32 *secid) 319 + LSM_HOOK(void, LSM_RET_VOID, sk_getsecid, const struct sock *sk, u32 *secid) 320 320 LSM_HOOK(void, LSM_RET_VOID, sock_graft, struct sock *sk, struct socket *parent) 321 321 LSM_HOOK(int, 0, inet_conn_request, const struct sock *sk, struct sk_buff *skb, 322 322 struct request_sock *req)
+3 -2
include/linux/security.h
··· 1439 1439 int security_sk_alloc(struct sock *sk, int family, gfp_t priority); 1440 1440 void security_sk_free(struct sock *sk); 1441 1441 void security_sk_clone(const struct sock *sk, struct sock *newsk); 1442 - void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic); 1442 + void security_sk_classify_flow(const struct sock *sk, 1443 + struct flowi_common *flic); 1443 1444 void security_req_classify_flow(const struct request_sock *req, 1444 1445 struct flowi_common *flic); 1445 1446 void security_sock_graft(struct sock*sk, struct socket *parent); ··· 1598 1597 { 1599 1598 } 1600 1599 1601 - static inline void security_sk_classify_flow(struct sock *sk, 1600 + static inline void security_sk_classify_flow(const struct sock *sk, 1602 1601 struct flowi_common *flic) 1603 1602 { 1604 1603 }
+1 -1
security/security.c
··· 4396 4396 } 4397 4397 EXPORT_SYMBOL(security_sk_clone); 4398 4398 4399 - void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic) 4399 + void security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic) 4400 4400 { 4401 4401 call_void_hook(sk_getsecid, sk, &flic->flowic_secid); 4402 4402 }
+2 -2
security/selinux/hooks.c
··· 5167 5167 selinux_netlbl_sk_security_reset(newsksec); 5168 5168 } 5169 5169 5170 - static void selinux_sk_getsecid(struct sock *sk, u32 *secid) 5170 + static void selinux_sk_getsecid(const struct sock *sk, u32 *secid) 5171 5171 { 5172 5172 if (!sk) 5173 5173 *secid = SECINITSID_ANY_SOCKET; 5174 5174 else { 5175 - struct sk_security_struct *sksec = sk->sk_security; 5175 + const struct sk_security_struct *sksec = sk->sk_security; 5176 5176 5177 5177 *secid = sksec->sid; 5178 5178 }