For the most part audit should never munge with any of the data in these LSM common structs so constify as much as we can; this patch handles some easy fields that don't require any real code changes.
Signed-off-by: Paul Moore <[email protected]> --- include/linux/lsm_audit.h | 8 ++++---- security/lsm_audit.c | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/include/linux/lsm_audit.h b/include/linux/lsm_audit.h index 1cc89e9..6c4c7ac 100644 --- a/include/linux/lsm_audit.h +++ b/include/linux/lsm_audit.h @@ -24,7 +24,7 @@ struct lsm_network_audit { int netif; - struct sock *sk; + const struct sock *sk; u16 family; __be16 dport; __be16 sport; @@ -55,7 +55,7 @@ struct common_audit_data { #define LSM_AUDIT_DATA_DENTRY 10 union { struct path path; - struct dentry *dentry; + const struct dentry *dentry; struct inode *inode; struct lsm_network_audit *net; int cap; @@ -64,10 +64,10 @@ struct common_audit_data { #ifdef CONFIG_KEYS struct { key_serial_t key; - char *key_desc; + const char *key_desc; } key_struct; #endif - char *kmod_name; + const char *kmod_name; } u; /* this union contains LSM specific data */ union { diff --git a/security/lsm_audit.c b/security/lsm_audit.c index 07fc997..bd61075 100644 --- a/security/lsm_audit.c +++ b/security/lsm_audit.c @@ -185,7 +185,7 @@ int ipv6_skb_to_auditdata(struct sk_buff *skb, static inline void print_ipv6_addr(struct audit_buffer *ab, - struct in6_addr *addr, __be16 port, + const struct in6_addr *addr, __be16 port, char *name1, char *name2) { if (!ipv6_addr_any(addr)) @@ -288,7 +288,7 @@ static void dump_common_audit_data(struct audit_buffer *ab, break; case LSM_AUDIT_DATA_NET: if (a->u.net->sk) { - struct sock *sk = a->u.net->sk; + const struct sock *sk = a->u.net->sk; struct unix_sock *u; int len = 0; char *p = NULL; -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
