Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 15a2460e authored by David Howells's avatar David Howells Committed by James Morris
Browse files

CRED: Constify the kernel_cap_t arguments to the capset LSM hooks 



Constify the kernel_cap_t arguments to the capset LSM hooks.

Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Acked-by: default avatarJames Morris <jmorris@namei.org>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 1cdcbec1

include/linux/security.h

+24 −20
Original line number Diff line number Diff line
@@ -53,8 +53,12 @@ extern int cap_settime(struct timespec *ts, struct timezone *tz); 
extern int cap_ptrace_may_access(struct task_struct *child, unsigned int mode);

extern int cap_ptrace_traceme(struct task_struct *parent);

extern int cap_capget(struct task_struct *target, kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);

extern int cap_capset_check(kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);

extern void cap_capset_set(kernel_cap_t *effective, kernel_cap_t *inheritable, kernel_cap_t *permitted);

extern int cap_capset_check(const kernel_cap_t *effective,

			    const kernel_cap_t *inheritable,

			    const kernel_cap_t *permitted);

extern void cap_capset_set(const kernel_cap_t *effective,

			   const kernel_cap_t *inheritable,

			   const kernel_cap_t *permitted);

extern int cap_bprm_set_security(struct linux_binprm *bprm);

extern void cap_bprm_apply_creds(struct linux_binprm *bprm, int unsafe);

extern int cap_bprm_secureexec(struct linux_binprm *bprm);
@@ -1293,12 +1297,12 @@ struct security_operations { 
	int (*capget) (struct task_struct *target,

		       kernel_cap_t *effective,

		       kernel_cap_t *inheritable, kernel_cap_t *permitted);

	int (*capset_check) (kernel_cap_t *effective,

			     kernel_cap_t *inheritable,

			     kernel_cap_t *permitted);

	void (*capset_set) (kernel_cap_t *effective,

			    kernel_cap_t *inheritable,

			    kernel_cap_t *permitted);

	int (*capset_check) (const kernel_cap_t *effective,

			     const kernel_cap_t *inheritable,

			     const kernel_cap_t *permitted);

	void (*capset_set) (const kernel_cap_t *effective,

			    const kernel_cap_t *inheritable,

			    const kernel_cap_t *permitted);

	int (*capable) (struct task_struct *tsk, int cap, int audit);

	int (*acct) (struct file *file);

	int (*sysctl) (struct ctl_table *table, int op);
@@ -1560,12 +1564,12 @@ int security_capget(struct task_struct *target, 
		    kernel_cap_t *effective,

		    kernel_cap_t *inheritable,

		    kernel_cap_t *permitted);

int security_capset_check(kernel_cap_t *effective,

			  kernel_cap_t *inheritable,

			  kernel_cap_t *permitted);

void security_capset_set(kernel_cap_t *effective,

			 kernel_cap_t *inheritable,

			 kernel_cap_t *permitted);

int security_capset_check(const kernel_cap_t *effective,

			  const kernel_cap_t *inheritable,

			  const kernel_cap_t *permitted);

void security_capset_set(const kernel_cap_t *effective,

			 const kernel_cap_t *inheritable,

			 const kernel_cap_t *permitted);

int security_capable(struct task_struct *tsk, int cap);

int security_capable_noaudit(struct task_struct *tsk, int cap);

int security_acct(struct file *file);
@@ -1755,16 +1759,16 @@ static inline int security_capget(struct task_struct *target, 
	return cap_capget(target, effective, inheritable, permitted);

}



static inline int security_capset_check(kernel_cap_t *effective,

					kernel_cap_t *inheritable,

					kernel_cap_t *permitted)

static inline int security_capset_check(const kernel_cap_t *effective,

					const kernel_cap_t *inheritable,

					const kernel_cap_t *permitted)

{

	return cap_capset_check(effective, inheritable, permitted);

}



static inline void security_capset_set(kernel_cap_t *effective,

				       kernel_cap_t *inheritable,

				       kernel_cap_t *permitted)

static inline void security_capset_set(const kernel_cap_t *effective,

				       const kernel_cap_t *inheritable,

				       const kernel_cap_t *permitted)

{

	cap_capset_set(effective, inheritable, permitted);

}

security/commoncap.c

+6 −4
Original line number Diff line number Diff line
@@ -118,8 +118,9 @@ static inline int cap_limit_ptraced_target(void) 


#endif /* def CONFIG_SECURITY_FILE_CAPABILITIES */



int cap_capset_check (kernel_cap_t *effective,

		      kernel_cap_t *inheritable, kernel_cap_t *permitted)

int cap_capset_check(const kernel_cap_t *effective,

		     const kernel_cap_t *inheritable,

		     const kernel_cap_t *permitted)

{

	if (cap_inh_is_capped()

	    && !cap_issubset(*inheritable,
@@ -150,8 +151,9 @@ int cap_capset_check (kernel_cap_t *effective, 
	return 0;

}



void cap_capset_set (kernel_cap_t *effective,

		     kernel_cap_t *inheritable, kernel_cap_t *permitted)

void cap_capset_set(const kernel_cap_t *effective,

		    const kernel_cap_t *inheritable,

		    const kernel_cap_t *permitted)

{

	current->cap_effective = *effective;

	current->cap_inheritable = *inheritable;

security/security.c

+6 −6
Original line number Diff line number Diff line
@@ -145,16 +145,16 @@ int security_capget(struct task_struct *target, 
	return security_ops->capget(target, effective, inheritable, permitted);

}



int security_capset_check(kernel_cap_t *effective,

			  kernel_cap_t *inheritable,

			  kernel_cap_t *permitted)

int security_capset_check(const kernel_cap_t *effective,

			  const kernel_cap_t *inheritable,

			  const kernel_cap_t *permitted)

{

	return security_ops->capset_check(effective, inheritable, permitted);

}



void security_capset_set(kernel_cap_t *effective,

			 kernel_cap_t *inheritable,

			 kernel_cap_t *permitted)

void security_capset_set(const kernel_cap_t *effective,

			 const kernel_cap_t *inheritable,

			 const kernel_cap_t *permitted)

{

	security_ops->capset_set(effective, inheritable, permitted);

}

security/selinux/hooks.c

+6 −4
Original line number Diff line number Diff line
@@ -1790,8 +1790,9 @@ static int selinux_capget(struct task_struct *target, kernel_cap_t *effective, 
	return secondary_ops->capget(target, effective, inheritable, permitted);

}



static int selinux_capset_check(kernel_cap_t *effective,

				kernel_cap_t *inheritable, kernel_cap_t *permitted)

static int selinux_capset_check(const kernel_cap_t *effective,

				const kernel_cap_t *inheritable,

				const kernel_cap_t *permitted)

{

	int error;
@@ -1802,8 +1803,9 @@ static int selinux_capset_check(kernel_cap_t *effective, 
	return task_has_perm(current, current, PROCESS__SETCAP);

}



static void selinux_capset_set(kernel_cap_t *effective,

			       kernel_cap_t *inheritable, kernel_cap_t *permitted)

static void selinux_capset_set(const kernel_cap_t *effective,

			       const kernel_cap_t *inheritable,

			       const kernel_cap_t *permitted)

{

	secondary_ops->capset_set(effective, inheritable, permitted);

}