mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-04 01:24:12 +08:00
security: Constify sk in the sk_getsecid hook.
The sk_getsecid hook shouldn't need to modify its socket argument. Make it const so that callers of security_sk_classify_flow() can use a const struct sock *. Signed-off-by: Guillaume Nault <gnault@redhat.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
def3833fc6
commit
5b52ad34f9
@ -316,7 +316,7 @@ LSM_HOOK(int, 0, sk_alloc_security, struct sock *sk, int family, gfp_t priority)
|
|||||||
LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk)
|
LSM_HOOK(void, LSM_RET_VOID, sk_free_security, struct sock *sk)
|
||||||
LSM_HOOK(void, LSM_RET_VOID, sk_clone_security, const struct sock *sk,
|
LSM_HOOK(void, LSM_RET_VOID, sk_clone_security, const struct sock *sk,
|
||||||
struct sock *newsk)
|
struct sock *newsk)
|
||||||
LSM_HOOK(void, LSM_RET_VOID, sk_getsecid, struct sock *sk, u32 *secid)
|
LSM_HOOK(void, LSM_RET_VOID, sk_getsecid, const struct sock *sk, u32 *secid)
|
||||||
LSM_HOOK(void, LSM_RET_VOID, sock_graft, struct sock *sk, struct socket *parent)
|
LSM_HOOK(void, LSM_RET_VOID, sock_graft, struct sock *sk, struct socket *parent)
|
||||||
LSM_HOOK(int, 0, inet_conn_request, const struct sock *sk, struct sk_buff *skb,
|
LSM_HOOK(int, 0, inet_conn_request, const struct sock *sk, struct sk_buff *skb,
|
||||||
struct request_sock *req)
|
struct request_sock *req)
|
||||||
|
@ -1439,7 +1439,8 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
|
|||||||
int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
|
int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
|
||||||
void security_sk_free(struct sock *sk);
|
void security_sk_free(struct sock *sk);
|
||||||
void security_sk_clone(const struct sock *sk, struct sock *newsk);
|
void security_sk_clone(const struct sock *sk, struct sock *newsk);
|
||||||
void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic);
|
void security_sk_classify_flow(const struct sock *sk,
|
||||||
|
struct flowi_common *flic);
|
||||||
void security_req_classify_flow(const struct request_sock *req,
|
void security_req_classify_flow(const struct request_sock *req,
|
||||||
struct flowi_common *flic);
|
struct flowi_common *flic);
|
||||||
void security_sock_graft(struct sock*sk, struct socket *parent);
|
void security_sock_graft(struct sock*sk, struct socket *parent);
|
||||||
@ -1597,7 +1598,7 @@ static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
static inline void security_sk_classify_flow(struct sock *sk,
|
static inline void security_sk_classify_flow(const struct sock *sk,
|
||||||
struct flowi_common *flic)
|
struct flowi_common *flic)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
@ -4396,7 +4396,7 @@ void security_sk_clone(const struct sock *sk, struct sock *newsk)
|
|||||||
}
|
}
|
||||||
EXPORT_SYMBOL(security_sk_clone);
|
EXPORT_SYMBOL(security_sk_clone);
|
||||||
|
|
||||||
void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic)
|
void security_sk_classify_flow(const struct sock *sk, struct flowi_common *flic)
|
||||||
{
|
{
|
||||||
call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
|
call_void_hook(sk_getsecid, sk, &flic->flowic_secid);
|
||||||
}
|
}
|
||||||
|
@ -5167,12 +5167,12 @@ static void selinux_sk_clone_security(const struct sock *sk, struct sock *newsk)
|
|||||||
selinux_netlbl_sk_security_reset(newsksec);
|
selinux_netlbl_sk_security_reset(newsksec);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void selinux_sk_getsecid(struct sock *sk, u32 *secid)
|
static void selinux_sk_getsecid(const struct sock *sk, u32 *secid)
|
||||||
{
|
{
|
||||||
if (!sk)
|
if (!sk)
|
||||||
*secid = SECINITSID_ANY_SOCKET;
|
*secid = SECINITSID_ANY_SOCKET;
|
||||||
else {
|
else {
|
||||||
struct sk_security_struct *sksec = sk->sk_security;
|
const struct sk_security_struct *sksec = sk->sk_security;
|
||||||
|
|
||||||
*secid = sksec->sid;
|
*secid = sksec->sid;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user