[PATCH] lsm: constify 'sb' parameter in security

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [PATCH] lsm: constify 'sb' parameter in security_quotactl()
@ 2023-08-23  6:44 Khadija Kamran
  2023-09-13 21:56 ` Paul Moore
  0 siblings, 1 reply; 2+ messages in thread
From: Khadija Kamran @ 2023-08-23  6:44 UTC (permalink / raw)
  To: linux-kernel, Paul Moore, James Morris, Serge E. Hallyn,
	linux-security-module, Stephen Smalley, Eric Paris, selinux,
	ztarkhani, alison.schofield

SELinux registers the implementation for the "quotactl" hook. Looking at
the function implementation we observe that the parameter "sb" is not
changing.

Mark the "sb" parameter of LSM hook security_quotactl() as "const" since
it will not be changing in the LSM hook.

Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com>
---
 include/linux/lsm_hook_defs.h | 2 +-
 include/linux/security.h      | 4 ++--
 security/security.c           | 2 +-
 security/selinux/hooks.c      | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 6bb55e61e8e8..b63672ef6f11 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -43,7 +43,7 @@ LSM_HOOK(int, 0, capset, struct cred *new, const struct cred *old,
 	 const kernel_cap_t *permitted)
 LSM_HOOK(int, 0, capable, const struct cred *cred, struct user_namespace *ns,
 	 int cap, unsigned int opts)
-LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, struct super_block *sb)
+LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, const struct super_block *sb)
 LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
 LSM_HOOK(int, 0, syslog, int type)
 LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
diff --git a/include/linux/security.h b/include/linux/security.h
index e2734e9e44d5..b4d1e160bd76 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -283,7 +283,7 @@ int security_capable(const struct cred *cred,
 		       struct user_namespace *ns,
 		       int cap,
 		       unsigned int opts);
-int security_quotactl(int cmds, int type, int id, struct super_block *sb);
+int security_quotactl(int cmds, int type, int id, const struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
 int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
@@ -579,7 +579,7 @@ static inline int security_capable(const struct cred *cred,
 }
 
 static inline int security_quotactl(int cmds, int type, int id,
-				     struct super_block *sb)
+				     const struct super_block *sb)
 {
 	return 0;
 }
diff --git a/security/security.c b/security/security.c
index d5ff7ff45b77..1844b8ab3317 100644
--- a/security/security.c
+++ b/security/security.c
@@ -956,7 +956,7 @@ int security_capable(const struct cred *cred,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_quotactl(int cmds, int type, int id, struct super_block *sb)
+int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
 {
 	return call_int_hook(quotactl, 0, cmds, type, id, sb);
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 79b4890e9936..8d4611ac5ec3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1886,7 +1886,7 @@ static inline int may_rename(struct inode *old_dir,
 
 /* Check whether a task can perform a filesystem operation. */
 static int superblock_has_perm(const struct cred *cred,
-			       struct super_block *sb,
+			       const struct super_block *sb,
 			       u32 perms,
 			       struct common_audit_data *ad)
 {
@@ -2088,7 +2088,7 @@ static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
 	return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
 }
 
-static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
+static int selinux_quotactl(int cmds, int type, int id, const struct super_block *sb)
 {
 	const struct cred *cred = current_cred();
 	int rc = 0;
-- 
2.34.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] lsm: constify 'sb' parameter in security_quotactl()
  2023-08-23  6:44 [PATCH] lsm: constify 'sb' parameter in security_quotactl() Khadija Kamran
@ 2023-09-13 21:56 ` Paul Moore
  0 siblings, 0 replies; 2+ messages in thread
From: Paul Moore @ 2023-09-13 21:56 UTC (permalink / raw)
  To: Khadija Kamran, linux-kernel, James Morris, Serge E. Hallyn,
	linux-security-module, Stephen Smalley, Eric Paris, selinux,
	ztarkhani, alison.schofield

On Aug 23, 2023 Khadija Kamran <kamrankhadijadj@gmail.com> wrote:
> 
> SELinux registers the implementation for the "quotactl" hook. Looking at
> the function implementation we observe that the parameter "sb" is not
> changing.
> 
> Mark the "sb" parameter of LSM hook security_quotactl() as "const" since
> it will not be changing in the LSM hook.
> 
> Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com>
> ---
>  include/linux/lsm_hook_defs.h | 2 +-
>  include/linux/security.h      | 4 ++--
>  security/security.c           | 2 +-
>  security/selinux/hooks.c      | 4 ++--
>  4 files changed, 6 insertions(+), 6 deletions(-)

Looks good to me, merged into lsm/next.  Thanks!

--
paul-moore.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-09-13 21:57 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-23  6:44 [PATCH] lsm: constify 'sb' parameter in security_quotactl() Khadija Kamran
2023-09-13 21:56 ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox