lsm: constify 'sb' parameter in security_quotactl()

KhadijaKamran · pcmoore · commit 25cc71d1527b · 2023-09-13T17:57:01.000-04:00
SELinux registers the implementation for the "quotactl" hook. Looking at
the function implementation we observe that the parameter "sb" is not
changing.

Mark the "sb" parameter of LSM hook security_quotactl() as "const" since
it will not be changing in the LSM hook.

Signed-off-by: Khadija Kamran &lt;kamrankhadijadj@gmail.com&gt;
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/include/linux/lsm_hook_defs.h b/include/linux/lsm_hook_defs.h
@@ -43,7 +43,7 @@ LSM_HOOK(int, 0, capset, struct cred *new, const struct cred *old,
 	 const kernel_cap_t *permitted)
 LSM_HOOK(int, 0, capable, const struct cred *cred, struct user_namespace *ns,
 	 int cap, unsigned int opts)
-LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, struct super_block *sb)
+LSM_HOOK(int, 0, quotactl, int cmds, int type, int id, const struct super_block *sb)
 LSM_HOOK(int, 0, quota_on, struct dentry *dentry)
 LSM_HOOK(int, 0, syslog, int type)
 LSM_HOOK(int, 0, settime, const struct timespec64 *ts,
diff --git a/include/linux/security.h b/include/linux/security.h
@@ -284,7 +284,7 @@ int security_capable(const struct cred *cred,
 		       struct user_namespace *ns,
 		       int cap,
 		       unsigned int opts);
-int security_quotactl(int cmds, int type, int id, struct super_block *sb);
+int security_quotactl(int cmds, int type, int id, const struct super_block *sb);
 int security_quota_on(struct dentry *dentry);
 int security_syslog(int type);
 int security_settime64(const struct timespec64 *ts, const struct timezone *tz);
@@ -581,7 +581,7 @@ static inline int security_capable(const struct cred *cred,
 }
 
 static inline int security_quotactl(int cmds, int type, int id,
-				     struct super_block *sb)
+				     const struct super_block *sb)
 {
 	return 0;
 }
diff --git a/security/security.c b/security/security.c
@@ -957,7 +957,7 @@ int security_capable(const struct cred *cred,
  *
  * Return: Returns 0 if permission is granted.
  */
-int security_quotactl(int cmds, int type, int id, struct super_block *sb)
+int security_quotactl(int cmds, int type, int id, const struct super_block *sb)
 {
 	return call_int_hook(quotactl, 0, cmds, type, id, sb);
 }
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
@@ -1937,7 +1937,7 @@ static inline int may_rename(struct inode *old_dir,
 
 /* Check whether a task can perform a filesystem operation. */
 static int superblock_has_perm(const struct cred *cred,
-			       struct super_block *sb,
+			       const struct super_block *sb,
 			       u32 perms,
 			       struct common_audit_data *ad)
 {
@@ -2139,7 +2139,7 @@ static int selinux_capable(const struct cred *cred, struct user_namespace *ns,
 	return cred_has_capability(cred, cap, opts, ns == &init_user_ns);
 }
 
-static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)
+static int selinux_quotactl(int cmds, int type, int id, const struct super_block *sb)
 {
 	const struct cred *cred = current_cred();
 	int rc = 0;

Original file line number	Diff line number	Diff line change
`@@ -284,7 +284,7 @@ int security_capable(const struct cred *cred,`
`284`	`284`	`struct user_namespace *ns,`
`285`	`285`	`int cap,`
`286`	`286`	`unsigned int opts);`
`287`		`-int security_quotactl(int cmds, int type, int id, struct super_block *sb);`
	`287`	`+int security_quotactl(int cmds, int type, int id, const struct super_block *sb);`
`288`	`288`	`int security_quota_on(struct dentry *dentry);`
`289`	`289`	`int security_syslog(int type);`
`290`	`290`	`int security_settime64(const struct timespec64 ts, const struct timezone tz);`
`@@ -581,7 +581,7 @@ static inline int security_capable(const struct cred *cred,`
`581`	`581`	`}`
`582`	`582`
`583`	`583`	`static inline int security_quotactl(int cmds, int type, int id,`
`584`		`- struct super_block *sb)`
	`584`	`+ const struct super_block *sb)`
`585`	`585`	`{`
`586`	`586`	`return 0;`
`587`	`587`	`}`
Original file line number	Diff line number	Diff line change
`@@ -957,7 +957,7 @@ int security_capable(const struct cred *cred,`
`957`	`957`	`*`
`958`	`958`	`* Return: Returns 0 if permission is granted.`
`959`	`959`	`*/`
`960`		`-int security_quotactl(int cmds, int type, int id, struct super_block *sb)`
	`960`	`+int security_quotactl(int cmds, int type, int id, const struct super_block *sb)`
`961`	`961`	`{`
`962`	`962`	`return call_int_hook(quotactl, 0, cmds, type, id, sb);`
`963`	`963`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1937,7 +1937,7 @@ static inline int may_rename(struct inode *old_dir,`
`1937`	`1937`
`1938`	`1938`	`/* Check whether a task can perform a filesystem operation. */`
`1939`	`1939`	`static int superblock_has_perm(const struct cred *cred,`
`1940`		`- struct super_block *sb,`
	`1940`	`+ const struct super_block *sb,`
`1941`	`1941`	`u32 perms,`
`1942`	`1942`	`struct common_audit_data *ad)`
`1943`	`1943`	`{`
`@@ -2139,7 +2139,7 @@ static int selinux_capable(const struct cred cred, struct user_namespace ns,`
`2139`	`2139`	`return cred_has_capability(cred, cap, opts, ns == &init_user_ns);`
`2140`	`2140`	`}`
`2141`	`2141`
`2142`		`-static int selinux_quotactl(int cmds, int type, int id, struct super_block *sb)`
	`2142`	`+static int selinux_quotactl(int cmds, int type, int id, const struct super_block *sb)`
`2143`	`2143`	`{`
`2144`	`2144`	`const struct cred *cred = current_cred();`
`2145`	`2145`	`int rc = 0;`