From mboxrd@z Thu Jan  1 00:00:00 1970
From: Paul Moore <pmoore@redhat.com>
Subject: [PATCH] audit: constify parts of common_audit_data and
	lsm_network_audit
Date: Mon, 05 Oct 2015 09:17:04 -0400
Message-ID: <20151005131704.927.44314.stgit@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
Cc: linux-security-module@vger.kernel.org
List-Id: linux-audit@redhat.com

For the most part audit should never munge with any of the data in
these LSM common structs so constify as much as we can; this patch
handles some easy fields that don't require any real code changes.

Signed-off-by: Paul Moore <pmoore@redhat.com>
---
 include/linux/lsm_audit.h |    8 ++++----
 security/lsm_audit.c      |    4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h
index 1cc89e9..6c4c7ac 100644
--- a/include/linux/lsm_audit.h
+++ b/include/linux/lsm_audit.h
@@ -24,7 +24,7 @@
 
 struct lsm_network_audit {
 	int netif;
-	struct sock *sk;
+	const struct sock *sk;
 	u16 family;
 	__be16 dport;
 	__be16 sport;
@@ -55,7 +55,7 @@ struct common_audit_data {
 #define LSM_AUDIT_DATA_DENTRY	10
 	union 	{
 		struct path path;
-		struct dentry *dentry;
+		const struct dentry *dentry;
 		struct inode *inode;
 		struct lsm_network_audit *net;
 		int cap;
@@ -64,10 +64,10 @@ struct common_audit_data {
 #ifdef CONFIG_KEYS
 		struct {
 			key_serial_t key;
-			char *key_desc;
+			const char *key_desc;
 		} key_struct;
 #endif
-		char *kmod_name;
+		const char *kmod_name;
 	} u;
 	/* this union contains LSM specific data */
 	union {
diff --git a/security/lsm_audit.c b/security/lsm_audit.c
index 07fc997..bd61075 100644
--- a/security/lsm_audit.c
+++ b/security/lsm_audit.c
@@ -185,7 +185,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb,
 
 
 static inline void print_ipv6_addr(struct audit_buffer *ab,
-				   struct in6_addr *addr, __be16 port,
+				   const struct in6_addr *addr, __be16 port,
 				   char *name1, char *name2)
 {
 	if (!ipv6_addr_any(addr))
@@ -288,7 +288,7 @@ static void dump_common_audit_data(struct audit_buffer *ab,
 		break;
 	case LSM_AUDIT_DATA_NET:
 		if (a->u.net->sk) {
-			struct sock *sk = a->u.net->sk;
+			const struct sock *sk = a->u.net->sk;
 			struct unix_sock *u;
 			int len = 0;
 			char *p = NULL;