Security: Make secctx_to_secid() take const secdata

[safe/jmp/linux-2.6] / security / smack / smack_lsm.c

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 770eb06..92baee5 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -189,17 +189,10 @@ static void smack_sb_free_security(struct super_block *sb)
  * Copy the Smack specific mount options out of the mount
  * options list.
  */
-static int smack_sb_copy_data(struct file_system_type *type, void *orig,
-                             void *smackopts)
+static int smack_sb_copy_data(char *orig, char *smackopts)
 {
        char *cp, *commap, *otheropts, *dp;
 
-       /* Binary mount data: just copy */
-       if (type->fs_flags & FS_BINARY_MOUNTDATA) {
-               copy_page(smackopts, orig);
-               return 0;
-       }
-
        otheropts = (char *)get_zeroed_page(GFP_KERNEL);
        if (otheropts == NULL)
                return -ENOMEM;
@@ -322,10 +315,10 @@ static int smack_sb_statfs(struct dentry *dentry)
  * Returns 0 if current can write the floor of the filesystem
  * being mounted on, an error code otherwise.
  */
-static int smack_sb_mount(char *dev_name, struct nameidata *nd,
+static int smack_sb_mount(char *dev_name, struct path *path,
                          char *type, unsigned long flags, void *data)
 {
-       struct superblock_smack *sbp = nd->path.mnt->mnt_sb->s_security;
+       struct superblock_smack *sbp = path->mnt->mnt_sb->s_security;
 
        return smk_curacc(sbp->smk_floor, MAY_WRITE);
 }
@@ -581,8 +574,8 @@ static int smack_inode_getattr(struct vfsmount *mnt, struct dentry *dentry)
  *
  * Returns 0 if access is permitted, an error code otherwise
  */
-static int smack_inode_setxattr(struct dentry *dentry, char *name,
-                               void *value, size_t size, int flags)
+static int smack_inode_setxattr(struct dentry *dentry, const char *name,
+                               const void *value, size_t size, int flags)
 {
        int rc = 0;
 
@@ -611,8 +604,8 @@ static int smack_inode_setxattr(struct dentry *dentry, char *name,
  * Set the pointer in the inode blob to the entry found
  * in the master label list.
  */
-static void smack_inode_post_setxattr(struct dentry *dentry, char *name,
-                                     void *value, size_t size, int flags)
+static void smack_inode_post_setxattr(struct dentry *dentry, const char *name,
+                                     const void *value, size_t size, int flags)
 {
        struct inode_smack *isp;
        char *nsp;
@@ -648,7 +641,7 @@ static void smack_inode_post_setxattr(struct dentry *dentry, char *name,
  *
  * Returns 0 if access is permitted, an error code otherwise
  */
-static int smack_inode_getxattr(struct dentry *dentry, char *name)
+static int smack_inode_getxattr(struct dentry *dentry, const char *name)
 {
        return smk_curacc(smk_of_inode(dentry->d_inode), MAY_READ);
 }
@@ -662,7 +655,7 @@ static int smack_inode_getxattr(struct dentry *dentry, char *name)
  *
  * Returns 0 if access is permitted, an error code otherwise
  */
-static int smack_inode_removexattr(struct dentry *dentry, char *name)
+static int smack_inode_removexattr(struct dentry *dentry, const char *name)
 {
        int rc = 0;
 
@@ -1124,11 +1117,6 @@ static int smack_task_movememory(struct task_struct *p)
 static int smack_task_kill(struct task_struct *p, struct siginfo *info,
                           int sig, u32 secid)
 {
-       int rc;
-
-       rc = cap_task_kill(p, info, sig, secid);
-       if (rc != 0)
-               return rc;
        /*
         * Special cases where signals really ought to go through
         * in spite of policy. Stephen Smalley suggests it may
@@ -1254,7 +1242,7 @@ static void smack_set_catset(char *catset, struct netlbl_lsm_secattr *sap)
        int rc;
        int byte;
 
-       if (catset == 0)
+       if (!catset)
                return;
 
        sap->flags |= NETLBL_SECATTR_MLS_CAT;
@@ -1287,7 +1275,7 @@ static void smack_to_secattr(char *smack, struct netlbl_lsm_secattr *nlsp)
 
        switch (smack_net_nltype) {
        case NETLBL_NLTYPE_CIPSOV4:
-               nlsp->domain = kstrdup(smack, GFP_ATOMIC);
+               nlsp->domain = smack;
                nlsp->flags = NETLBL_SECATTR_DOMAIN | NETLBL_SECATTR_MLS_LVL;
 
                rc = smack_to_cipso(smack, &cipso);
@@ -1515,7 +1503,7 @@ static int smack_shm_associate(struct shmid_kernel *shp, int shmflg)
  */
 static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
 {
-       char *ssp = smack_of_shm(shp);
+       char *ssp;
        int may;
 
        switch (cmd) {
@@ -1539,6 +1527,7 @@ static int smack_shm_shmctl(struct shmid_kernel *shp, int cmd)
                return -EINVAL;
        }
 
+       ssp = smack_of_shm(shp);
        return smk_curacc(ssp, may);
 }
 
@@ -1623,7 +1612,7 @@ static int smack_sem_associate(struct sem_array *sma, int semflg)
  */
 static int smack_sem_semctl(struct sem_array *sma, int cmd)
 {
-       char *ssp = smack_of_sem(sma);
+       char *ssp;
        int may;
 
        switch (cmd) {
@@ -1652,6 +1641,7 @@ static int smack_sem_semctl(struct sem_array *sma, int cmd)
                return -EINVAL;
        }
 
+       ssp = smack_of_sem(sma);
        return smk_curacc(ssp, may);
 }
 
@@ -1737,7 +1727,7 @@ static int smack_msg_queue_associate(struct msg_queue *msq, int msqflg)
  */
 static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
 {
-       char *msp = smack_of_msq(msq);
+       char *msp;
        int may;
 
        switch (cmd) {
@@ -1759,6 +1749,7 @@ static int smack_msg_queue_msgctl(struct msg_queue *msq, int cmd)
                return -EINVAL;
        }
 
+       msp = smack_of_msq(msq);
        return smk_curacc(msp, may);
 }
 
@@ -2415,7 +2406,7 @@ static int smack_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
  *
  * Exists for audit and networking code.
  */
-static int smack_secctx_to_secid(char *secdata, u32 seclen, u32 *secid)
+static int smack_secctx_to_secid(const char *secdata, u32 seclen, u32 *secid)
 {
        *secid = smack_to_secid(secdata);
        return 0;
@@ -2433,7 +2424,9 @@ static void smack_release_secctx(char *secdata, u32 seclen)
 {
 }
 
-static struct security_operations smack_ops = {
+struct security_operations smack_ops = {
+       .name =                         "smack",
+
        .ptrace =                       smack_ptrace,
        .capget =                       cap_capget,
        .capset_check =                 cap_capset_check,
@@ -2502,6 +2495,7 @@ static struct security_operations smack_ops = {
        .task_wait =                    smack_task_wait,
        .task_reparent_to_init =        cap_task_reparent_to_init,
        .task_to_inode =                smack_task_to_inode,
+       .task_prctl =                   cap_task_prctl,
 
        .ipc_permission =               smack_ipc_permission,
 
@@ -2566,6 +2560,9 @@ static struct security_operations smack_ops = {
  */
 static __init int smack_init(void)
 {
+       if (!security_module_enable(&smack_ops))
+               return 0;
+
        printk(KERN_INFO "Smack:  Initializing.\n");
 
        /*