lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

CRED: Constify the kernel_cap_t arguments to the capset LSM hooks

Browse Source 
Constify the kernel_cap_t arguments to the capset LSM hooks.

Signed-off-by: David Howells <dhowells@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
David Howells
2008-11-14 10:39:15 +11:00
committed by James Morris
parent 1cdcbec1a3
commit 15a2460ed0
4 changed files with 42 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
include/linux/security.h
View File

@@ -53,8 +53,12 @@ extern int cap_settime(struct timespec *ts, struct timezone *tz);
extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode); extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);
extern int cap_ptrace_traceme(struct task_struct *parent); extern int cap_ptrace_traceme(struct task_struct *parent);
extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);
extern int cap_capset_check(kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); extern int cap_capset_check(const kernel_cap_t *effective,
extern void cap_capset_set(kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted); const kernel_cap_t *inheritable,
const kernel_cap_t *permitted);
extern void cap_capset_set(const kernel_cap_t *effective,
const kernel_cap_t *inheritable,
const kernel_cap_t *permitted);
extern int cap_bprm_set_security(struct linux_binprm *bprm); extern int cap_bprm_set_security(struct linux_binprm *bprm);
extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe); extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);
extern int cap_bprm_secureexec(struct linux_binprm *bprm); extern int cap_bprm_secureexec(struct linux_binprm *bprm);
@@ -1293,12 +1297,12 @@ struct security_operations {
int (*capget) (struct task_struct *target, int (*capget) (struct task_struct *target,
kernel_cap_t *effective, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted); kernel_cap_t *inheritable, kernel_cap_t *permitted);
int (*capset_check) (kernel_cap_t *effective, int (*capset_check) (const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted); const kernel_cap_t *permitted);
void (*capset_set) (kernel_cap_t *effective, void (*capset_set) (const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted); const kernel_cap_t *permitted);
int (*capable) (struct task_struct *tsk, int cap, int audit); int (*capable) (struct task_struct *tsk, int cap, int audit);
int (*acct) (struct file *file); int (*acct) (struct file *file);
int (*sysctl) (struct ctl_table *table, int op); int (*sysctl) (struct ctl_table *table, int op);
@@ -1560,12 +1564,12 @@ int security_capget(struct task_struct *target,
kernel_cap_t *effective, kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *inheritable,
kernel_cap_t *permitted); kernel_cap_t *permitted);
int security_capset_check(kernel_cap_t *effective, int security_capset_check(const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted); const kernel_cap_t *permitted);
void security_capset_set(kernel_cap_t *effective, void security_capset_set(const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted); const kernel_cap_t *permitted);
int security_capable(struct task_struct *tsk, int cap); int security_capable(struct task_struct *tsk, int cap);
int security_capable_noaudit(struct task_struct *tsk, int cap); int security_capable_noaudit(struct task_struct *tsk, int cap);
int security_acct(struct file *file); int security_acct(struct file *file);
@@ -1755,16 +1759,16 @@ static inline int security_capget(struct task_struct *target,
return cap_capget(target, effective, inheritable, permitted); return cap_capget(target, effective, inheritable, permitted);
} }
static inline int security_capset_check(kernel_cap_t *effective, static inline int security_capset_check(const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted) const kernel_cap_t *permitted)
{ {
return cap_capset_check(effective, inheritable, permitted); return cap_capset_check(effective, inheritable, permitted);
} }
static inline void security_capset_set(kernel_cap_t *effective, static inline void security_capset_set(const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted) const kernel_cap_t *permitted)
{ {
cap_capset_set(effective, inheritable, permitted); cap_capset_set(effective, inheritable, permitted);
} }

10
security/commoncap.c
View File

@@ -118,8 +118,9 @@ static inline int cap_limit_ptraced_target(void)
#endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */ #endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */
int cap_capset_check (kernel_cap_t *effective, int cap_capset_check(const kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted) const kernel_cap_t *inheritable,
const kernel_cap_t *permitted)
{ {
if (cap_inh_is_capped() if (cap_inh_is_capped()
&& !cap_issubset(*inheritable, && !cap_issubset(*inheritable,
@@ -150,8 +151,9 @@ int cap_capset_check (kernel_cap_t *effective,
return 0; return 0;
} }
void cap_capset_set (kernel_cap_t *effective, void cap_capset_set(const kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted) const kernel_cap_t *inheritable,
const kernel_cap_t *permitted)
{ {
current->cap_effective = *effective; current->cap_effective = *effective;
current->cap_inheritable = *inheritable; current->cap_inheritable = *inheritable;

12
security/security.c
View File

@@ -145,16 +145,16 @@ int security_capget(struct task_struct *target,
return security_ops->capget(target, effective, inheritable, permitted); return security_ops->capget(target, effective, inheritable, permitted);
} }
int security_capset_check(kernel_cap_t *effective, int security_capset_check(const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted) const kernel_cap_t *permitted)
{ {
return security_ops->capset_check(effective, inheritable, permitted); return security_ops->capset_check(effective, inheritable, permitted);
} }
void security_capset_set(kernel_cap_t *effective, void security_capset_set(const kernel_cap_t *effective,
kernel_cap_t *inheritable, const kernel_cap_t *inheritable,
kernel_cap_t *permitted) const kernel_cap_t *permitted)
{ {
security_ops->capset_set(effective, inheritable, permitted); security_ops->capset_set(effective, inheritable, permitted);
} }

10
security/selinux/hooks.c
View File

@@ -1790,8 +1790,9 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective,
return secondary_ops->capget(target, effective, inheritable, permitted); return secondary_ops->capget(target, effective, inheritable, permitted);
} }
static int selinux_capset_check(kernel_cap_t *effective, static int selinux_capset_check(const kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted) const kernel_cap_t *inheritable,
const kernel_cap_t *permitted)
{ {
int error; int error;
@@ -1802,8 +1803,9 @@ static int selinux_capset_check(kernel_cap_t *effective,
return task_has_perm(current, current, PROCESS__SETCAP); return task_has_perm(current, current, PROCESS__SETCAP);
} }
static void selinux_capset_set(kernel_cap_t *effective, static void selinux_capset_set(const kernel_cap_t *effective,
kernel_cap_t *inheritable, kernel_cap_t *permitted) const kernel_cap_t *inheritable,
const kernel_cap_t *permitted)
{ {
secondary_ops->capset_set(effective, inheritable, permitted); secondary_ops->capset_set(effective, inheritable, permitted);
} }