diff options
| author | Khadija Kamran <kamrankhadijadj@gmail.com> | 2023-08-23 12:47:56 +0500 |
|---|---|---|
| committer | Paul Moore <paul@paul-moore.com> | 2023-09-13 18:13:05 -0400 |
| commit | 64fc9526147c7fc14535134d8ea79b9c8dc549a7 (patch) | |
| tree | 20aabf4c2f533e7b164f5acab23a9ae40b90b607 /security | |
| parent | 4a00c673068e72c12d243f5c31000246d6984e44 (diff) | |
lsm: constify 'bprm' parameter in security_bprm_committing_creds()
The 'bprm_committing_creds' hook has implementations registered in
SELinux and Apparmor. Looking at the function implementations we observe
that the 'bprm' parameter is not changing.
Mark the 'bprm' parameter of LSM hook security_bprm_committing_creds()
as 'const' since it will not be changing in the LSM hook.
Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/lsm.c | 2 | ||||
| -rw-r--r-- | security/security.c | 2 | ||||
| -rw-r--r-- | security/selinux/hooks.c | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 108eccc5ada5..b03f46e0f6c5 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -734,7 +734,7 @@ fail: * apparmor_bprm_committing_creds - do task cleanup on committing new creds * @bprm: binprm for the exec (NOT NULL) */ -static void apparmor_bprm_committing_creds(struct linux_binprm *bprm) +static void apparmor_bprm_committing_creds(const struct linux_binprm *bprm) { struct aa_label *label = aa_current_raw_label(); struct aa_label *new_label = cred_label(bprm->cred); diff --git a/security/security.c b/security/security.c index bde8813e89ff..77a1601ead36 100644 --- a/security/security.c +++ b/security/security.c @@ -1118,7 +1118,7 @@ int security_bprm_check(struct linux_binprm *bprm) * open file descriptors to which access will no longer be granted when the * attributes are changed. This is called immediately before commit_creds(). */ -void security_bprm_committing_creds(struct linux_binprm *bprm) +void security_bprm_committing_creds(const struct linux_binprm *bprm) { call_void_hook(bprm_committing_creds, bprm); } diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index e1c7640a5df1..f42a1b78bc43 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -2455,7 +2455,7 @@ static inline void flush_unauthorized_files(const struct cred *cred, /* * Prepare a process for imminent new credential changes due to exec */ -static void selinux_bprm_committing_creds(struct linux_binprm *bprm) +static void selinux_bprm_committing_creds(const struct linux_binprm *bprm) { struct task_security_struct *new_tsec; struct rlimit *rlim, *initrlim; |