From patchwork Wed Aug 23 06:44:41 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Khadija Kamran <kamrankhadijadj@gmail.com>
X-Patchwork-Id: 13361679
X-Patchwork-Delegate: paul@paul-moore.com
Return-Path: <selinux-owner@vger.kernel.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by smtp.lore.kernel.org (Postfix) with ESMTP id B34D2EE49AB
	for <selinux@archiver.kernel.org>; Wed, 23 Aug 2023 06:44:50 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232986AbjHWGou (ORCPT <rfc822;selinux@archiver.kernel.org>);
        Wed, 23 Aug 2023 02:44:50 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36306 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232656AbjHWGot (ORCPT
        <rfc822;selinux@vger.kernel.org>); Wed, 23 Aug 2023 02:44:49 -0400
Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com
 [IPv6:2a00:1450:4864:20::329])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id C9E5AE46;
        Tue, 22 Aug 2023 23:44:47 -0700 (PDT)
Received: by mail-wm1-x329.google.com with SMTP id
 5b1f17b1804b1-3fee51329feso23372295e9.0;
        Tue, 22 Aug 2023 23:44:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20221208; t=1692773086; x=1693377886;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :from:to:cc:subject:date:message-id:reply-to;
        bh=2h2lr/08wRAzvYuPaGRiGBkl2WzgYmq6pFayFTNRKXs=;
        b=YCldIJYGiowEN1ktPV0XNIzDcd4QvmSOQP43EDDuQz5EJcI27ScKX0sJk8mkMZv7l8
         KfvN+qRVpTS36FwOf1fcDDj/H6iCC7tOuzPf9fh6OPzGwZk3ND3HvcHGkORrlBrfgGaT
         lFuJvs4QChAVXHsyFTegfnBxBie1JIpXHRnxLuuvLo4xUEFEqaQ2QYwpJuuxJshK2VtG
         Zg9GhkRxwsCDJAK3KmsT4nZST3UlHMdDHAaJJrIkxO7uKADgBdUgCEocTuQcTfl+rs8H
         7fciZXWrYJEm90Q0kPMyFJtx4OjmA6Xv75Q+4ZqAY5mkspFCMXcM5K0DjA67myDUu2km
         SSPA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20221208; t=1692773086; x=1693377886;
        h=content-disposition:mime-version:message-id:subject:to:from:date
         :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
        bh=2h2lr/08wRAzvYuPaGRiGBkl2WzgYmq6pFayFTNRKXs=;
        b=gNRh2/d35ela9b4eAVzJBEQJiSwL+SbkuzX1tm1uNnroWwgv7x5mQuALchtulBBGnr
         rGirMnuYC1PnlJxl4xWqqkbexnVZzCkEql4jW28yqt16MrmrVNFt8eVIdlGW+XCuL54h
         TROuPbBO47WC9imyr+3IWw8WU/5ZfBZ4VNuxKSFOdFEieVbEvxODdmZc++fQb354SJx8
         4HifWwVaUbmyHfomsJeF1bm/TCpY4IpT6FzgFS84l2HOgB8uJl7Y6Ai7QepkU1jwFv0U
         WlfJiyfbvLClfY84SOjxgiHSraHh4eYzoZvXF+NTFPtreqT/yK6ZCPpi3plsSCI+94V6
         rsfw==
X-Gm-Message-State: AOJu0Yx98OqzTM5f74YUhygIYL1AHw4kCkDctb8kfOBhm7wYik0HKxiA
        CaKu+DU3CvjXZ801NgOZIJOPkQEhdyV7tYcLWAY=
X-Google-Smtp-Source: 
 AGHT+IENrgjkvPL+4cUPqfqOAcYackdWmRWn5U+gHOvzc0QIp12DaxuLFMaNdpqyelGUnj7lCnMVHg==
X-Received: by 2002:a05:600c:448a:b0:3fa:955a:9291 with SMTP id
 e10-20020a05600c448a00b003fa955a9291mr8953524wmo.9.1692773085945;
        Tue, 22 Aug 2023 23:44:45 -0700 (PDT)
Received: from khadija-virtual-machine ([124.29.208.67])
        by smtp.gmail.com with ESMTPSA id
 p21-20020a1c7415000000b003feef5b0baesm9801527wmc.26.2023.08.22.23.44.44
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 22 Aug 2023 23:44:45 -0700 (PDT)
Date: Wed, 23 Aug 2023 11:44:41 +0500
From: Khadija Kamran <kamrankhadijadj@gmail.com>
To: linux-kernel@vger.kernel.org, Paul Moore <paul@paul-moore.com>,
        James Morris <jmorris@namei.org>,
        "Serge E. Hallyn" <serge@hallyn.com>,
        linux-security-module@vger.kernel.org,
        Stephen Smalley <stephen.smalley.work@gmail.com>,
        Eric Paris <eparis@parisplace.org>, selinux@vger.kernel.org,
        ztarkhani@microsoft.com, alison.schofield@intel.com
Subject: [PATCH] lsm: constify 'sb' parameter in security_quotactl()
Message-ID: <ZOWq2d5c7MpLl5A4@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
Precedence: bulk
List-ID: <selinux.vger.kernel.org>
X-Mailing-List: selinux@vger.kernel.org

SELinux registers the implementation for the "quotactl" hook. Looking at
the function implementation we observe that the parameter "sb" is not
changing.

Mark the "sb" parameter of LSM hook security_quotactl() as "const" since
it will not be changing in the LSM hook.

Signed-off-by: Khadija Kamran <kamrankhadijadj@gmail.com>
---
 include/linux/lsm_hook_defs.h | 2 +-
 include/linux/security.h      | 4 ++--
 security/security.c           | 2 +-
 security/selinux/hooks.c      | 4 ++--
 4 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
index 6bb55e61e8e8..b63672ef6f11 100644
--- a/include/linux/lsm_hook_defs.h
+++ b/include/linux/lsm_hook_defs.h
@@ -43,7 +43,7 @@ LSM_HOOK(int, 0, capset, struct cred *new, const struct cred *old,
 	 const kernel_cap_t *permitted)
 LSM_HOOK(int, 0, capable, const struct cred *cred, struct user_namespace *ns,
 	 int cap, unsigned int opts)
-LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, struct super_block *sb)
+LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, const struct super_block *sb)
 LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
 LSM_HOOK(int, 0, syslog, int type)
 LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
diff --git a/include/linux/security.h b/include/linux/security.h
index e2734e9e44d5..b4d1e160bd76 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -283,7 +283,7 @@ int security_capable(const struct cred *cred,
 		       struct user_namespace *ns,
 		       int cap,
 		       unsigned int opts);
-int security_quotactl(int cmds, int type, int id, struct super_block *sb);
+int security_quotactl(int cmds, int type, int id, const struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
 int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
@@ -579,7 +579,7 @@ static inline int security_capable(const struct cred *cred,
 }
 
 static inline int security_quotactl(int cmds, int type, int id,
-				     struct super_block *sb)
+				     const struct super_block *sb)
 {
 	return 0;
 }
diff --git a/security/security.c b/security/security.c
index d5ff7ff45b77..1844b8ab3317 100644
--- a/security/security.c
+++ b/security/security.c
@@ -956,7 +956,7 @@ int security_capable(const struct cred *cred,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_quotactl(int cmds, int type, int id, struct super_block *sb)
+int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
 {
 	return call_int_hook(quotactl, 0, cmds, type, id, sb);
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 79b4890e9936..8d4611ac5ec3 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1886,7 +1886,7 @@ static inline int may_rename(struct inode *old_dir,
 
 /* Check whether a task can perform a filesystem operation. */
 static int superblock_has_perm(const struct cred *cred,
-			       struct super_block *sb,
+			       const struct super_block *sb,
 			       u32 perms,
 			       struct common_audit_data *ad)
 {
@@ -2088,7 +2088,7 @@ static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
 	return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
 }
 
-static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
+static int selinux_quotactl(int cmds, int type, int id, const struct super_block *sb)
 {
 	const struct cred *cred = current_cred();
 	int rc = 0;