selinux: constify source policy in cond_policydb_dup()

cgzones · pcmoore · commit 581646c3fb98 · 2024-04-30T19:01:04.000-04:00
cond_policydb_dup() duplicates conditional parts of an existing policy.
Declare the source policy const, since it should not be modified.

Signed-off-by: Christian Göttsche &lt;cgzones@googlemail.com&gt;
[PM: various line length fixups]
Signed-off-by: Paul Moore &lt;paul@paul-moore.com&gt;
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
@@ -603,7 +603,8 @@ void cond_compute_av(struct avtab *ctab, struct avtab_key *key,
 	}
 }
 
-static int cond_dup_av_list(struct cond_av_list *new, struct cond_av_list *orig,
+static int cond_dup_av_list(struct cond_av_list *new,
+			    const struct cond_av_list *orig,
 			    struct avtab *avtab)
 {
 	u32 i;
@@ -626,7 +627,7 @@ static int cond_dup_av_list(struct cond_av_list *new, struct cond_av_list *orig,
 }
 
 static int duplicate_policydb_cond_list(struct policydb *newp,
-					struct policydb *origp)
+					const struct policydb *origp)
 {
 	int rc;
 	u32 i;
@@ -643,7 +644,7 @@ static int duplicate_policydb_cond_list(struct policydb *newp,
 
 	for (i = 0; i < origp->cond_list_len; i++) {
 		struct cond_node *newn = &newp->cond_list[i];
-		struct cond_node *orign = &origp->cond_list[i];
+		const struct cond_node *orign = &origp->cond_list[i];
 
 		newp->cond_list_len++;
 
@@ -683,8 +684,8 @@ static int cond_bools_destroy(void *key, void *datum, void *args)
 	return 0;
 }
 
-static int cond_bools_copy(struct hashtab_node *new, struct hashtab_node *orig,
-			   void *args)
+static int cond_bools_copy(struct hashtab_node *new,
+			   const struct hashtab_node *orig, void *args)
 {
 	struct cond_bool_datum *datum;
 
@@ -710,7 +711,7 @@ static int cond_bools_index(void *key, void *datum, void *args)
 }
 
 static int duplicate_policydb_bools(struct policydb *newdb,
-				    struct policydb *orig)
+				    const struct policydb *orig)
 {
 	struct cond_bool_datum **cond_bool_array;
 	int rc;
@@ -743,7 +744,7 @@ void cond_policydb_destroy_dup(struct policydb *p)
 	cond_policydb_destroy(p);
 }
 
-int cond_policydb_dup(struct policydb *new, struct policydb *orig)
+int cond_policydb_dup(struct policydb *new, const struct policydb *orig)
 {
 	cond_policydb_init(new);
 
diff --git a/security/selinux/ss/conditional.h b/security/selinux/ss/conditional.h
@@ -79,6 +79,6 @@ void cond_compute_xperms(struct avtab *ctab, struct avtab_key *key,
 			 struct extended_perms_decision *xpermd);
 void evaluate_cond_nodes(struct policydb *p);
 void cond_policydb_destroy_dup(struct policydb *p);
-int cond_policydb_dup(struct policydb *new, struct policydb *orig);
+int cond_policydb_dup(struct policydb *new, const struct policydb *orig);
 
 #endif /* _CONDITIONAL_H_ */
diff --git a/security/selinux/ss/hashtab.c b/security/selinux/ss/hashtab.c
@@ -136,11 +136,12 @@ void hashtab_stat(struct hashtab *h, struct hashtab_info *info)
 }
 #endif /* CONFIG_SECURITY_SELINUX_DEBUG */
 
-int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
+int hashtab_duplicate(struct hashtab *new, const struct hashtab *orig,
 		      int (*copy)(struct hashtab_node *new,
-				  struct hashtab_node *orig, void *args),
+				  const struct hashtab_node *orig, void *args),
 		      int (*destroy)(void *k, void *d, void *args), void *args)
 {
+	const struct hashtab_node *orig_cur;
 	struct hashtab_node *cur, *tmp, *tail;
 	u32 i;
 	int rc;
@@ -155,12 +156,13 @@ int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
 
 	for (i = 0; i < orig->size; i++) {
 		tail = NULL;
-		for (cur = orig->htable[i]; cur; cur = cur->next) {
+		for (orig_cur = orig->htable[i]; orig_cur;
+		     orig_cur = orig_cur->next) {
 			tmp = kmem_cache_zalloc(hashtab_node_cachep,
 						GFP_KERNEL);
 			if (!tmp)
 				goto error;
-			rc = copy(tmp, cur, args);
+			rc = copy(tmp, orig_cur, args);
 			if (rc) {
 				kmem_cache_free(hashtab_node_cachep, tmp);
 				goto error;
diff --git a/security/selinux/ss/hashtab.h b/security/selinux/ss/hashtab.h
@@ -136,9 +136,9 @@ void hashtab_destroy(struct hashtab *h);
 int hashtab_map(struct hashtab *h, int (*apply)(void *k, void *d, void *args),
 		void *args);
 
-int hashtab_duplicate(struct hashtab *new, struct hashtab *orig,
+int hashtab_duplicate(struct hashtab *new, const struct hashtab *orig,
 		      int (*copy)(struct hashtab_node *new,
-				  struct hashtab_node *orig, void *args),
+				  const struct hashtab_node *orig, void *args),
 		      int (*destroy)(void *k, void *d, void *args), void *args);
 
 #ifdef CONFIG_SECURITY_SELINUX_DEBUG

Original file line number	Diff line number	Diff line change
`@@ -603,7 +603,8 @@ void cond_compute_av(struct avtab ctab, struct avtab_key key,`
`603`	`603`	`}`
`604`	`604`	`}`
`605`	`605`
`606`		`-static int cond_dup_av_list(struct cond_av_list new, struct cond_av_list orig,`
	`606`	`+static int cond_dup_av_list(struct cond_av_list *new,`
	`607`	`+ const struct cond_av_list *orig,`
`607`	`608`	`struct avtab *avtab)`
`608`	`609`	`{`
`609`	`610`	`u32 i;`
`@@ -626,7 +627,7 @@ static int cond_dup_av_list(struct cond_av_list new, struct cond_av_list orig,`
`626`	`627`	`}`
`627`	`628`
`628`	`629`	`static int duplicate_policydb_cond_list(struct policydb *newp,`
`629`		`- struct policydb *origp)`
	`630`	`+ const struct policydb *origp)`
`630`	`631`	`{`
`631`	`632`	`int rc;`
`632`	`633`	`u32 i;`
`@@ -643,7 +644,7 @@ static int duplicate_policydb_cond_list(struct policydb *newp,`
`643`	`644`
`644`	`645`	`for (i = 0; i < origp->cond_list_len; i++) {`
`645`	`646`	`struct cond_node *newn = &newp->cond_list[i];`
`646`		`- struct cond_node *orign = &origp->cond_list[i];`
	`647`	`+ const struct cond_node *orign = &origp->cond_list[i];`
`647`	`648`
`648`	`649`	`newp->cond_list_len++;`
`649`	`650`
`@@ -683,8 +684,8 @@ static int cond_bools_destroy(void key, void datum, void *args)`
`683`	`684`	`return 0;`
`684`	`685`	`}`
`685`	`686`
`686`		`-static int cond_bools_copy(struct hashtab_node new, struct hashtab_node orig,`
`687`		`- void *args)`
	`687`	`+static int cond_bools_copy(struct hashtab_node *new,`
	`688`	`+ const struct hashtab_node orig, void args)`
`688`	`689`	`{`
`689`	`690`	`struct cond_bool_datum *datum;`
`690`	`691`
`@@ -710,7 +711,7 @@ static int cond_bools_index(void key, void datum, void *args)`
`710`	`711`	`}`
`711`	`712`
`712`	`713`	`static int duplicate_policydb_bools(struct policydb *newdb,`
`713`		`- struct policydb *orig)`
	`714`	`+ const struct policydb *orig)`
`714`	`715`	`{`
`715`	`716`	`struct cond_bool_datum **cond_bool_array;`
`716`	`717`	`int rc;`
`@@ -743,7 +744,7 @@ void cond_policydb_destroy_dup(struct policydb *p)`
`743`	`744`	`cond_policydb_destroy(p);`
`744`	`745`	`}`
`745`	`746`
`746`		`-int cond_policydb_dup(struct policydb new, struct policydb orig)`
	`747`	`+int cond_policydb_dup(struct policydb new, const struct policydb orig)`
`747`	`748`	`{`
`748`	`749`	`cond_policydb_init(new);`
`749`	`750`