tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

apparmor/af_unix: constify struct path * arguments

unix_sk(sock)->path should never be modified, least of all by LSM...

Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

Al Viro 39e6bc58 5f587dd9

+7 -7
+7 -7
security/apparmor/af_unix.c
··· 31 31 } 32 32 33 33 static int unix_fs_perm(const char *op, u32 mask, const struct cred *subj_cred, 34 - struct aa_label *label, struct path *path) 34 + struct aa_label *label, const struct path *path) 35 35 { 36 36 AA_BUG(!label); 37 37 AA_BUG(!path); ··· 224 224 225 225 static int profile_sk_perm(struct aa_profile *profile, 226 226 struct apparmor_audit_data *ad, 227 - u32 request, struct sock *sk, struct path *path) 227 + u32 request, struct sock *sk, const struct path *path) 228 228 { 229 229 struct aa_ruleset *rules = profile->label.rules[0]; 230 230 struct aa_perms *p = NULL; ··· 386 386 387 387 /* null peer_label is allowed, in which case the peer_sk label is used */ 388 388 static int profile_peer_perm(struct aa_profile *profile, u32 request, 389 - struct sock *sk, struct path *path, 389 + struct sock *sk, const struct path *path, 390 390 struct sockaddr_un *peer_addr, 391 - int peer_addrlen, struct path *peer_path, 391 + int peer_addrlen, const struct path *peer_path, 392 392 struct aa_label *peer_label, 393 393 struct apparmor_audit_data *ad) 394 394 { ··· 445 445 static int aa_unix_label_sk_perm(const struct cred *subj_cred, 446 446 struct aa_label *label, 447 447 const char *op, u32 request, struct sock *sk, 448 - struct path *path) 448 + const struct path *path) 449 449 { 450 450 if (!unconfined(label)) { 451 451 struct aa_profile *profile; ··· 599 599 600 600 static int unix_peer_perm(const struct cred *subj_cred, 601 601 struct aa_label *label, const char *op, u32 request, 602 - struct sock *sk, struct path *path, 602 + struct sock *sk, const struct path *path, 603 603 struct sockaddr_un *peer_addr, int peer_addrlen, 604 - struct path *peer_path, struct aa_label *peer_label) 604 + const struct path *peer_path, struct aa_label *peer_label) 605 605 { 606 606 struct aa_profile *profile; 607 607 DEFINE_AUDIT_SK(ad, op, subj_cred, sk);