[apparmor] [PATCH 4/5] apparmor: constify pointer arguments for verify_* in policy_unpack.c

Mon, 03 Mar 2025 17:12:22 -0800 

These functions are not supposed to change the profile struct (or
component thereof), so make the pointers passed into them const.

Signed-off-by: Ryan Lee <ryan....@canonical.com>
---
 security/apparmor/policy_unpack.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/apparmor/policy_unpack.c 
b/security/apparmor/policy_unpack.c
index 22af940a5f58..813bcbdfc773 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -60,7 +60,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
  *
  * Returns: %0 or error
  */
-static int audit_iface(struct aa_profile *new, const char *ns_name,
+static int audit_iface(const struct aa_profile *new, const char *ns_name,
                       const char *name, const char *info, struct aa_ext *e,
                       int error)
 {
@@ -1257,7 +1257,7 @@ static int unpack_and_verify_header(struct aa_ext *e, int 
required, const char *
  * @dfa: the dfa to check accept indexes are in range
  * @table_size: the permission table size the indexes should be within
  */
-static bool verify_dfa_accept_index(struct aa_dfa *dfa, int table_size)
+static bool verify_dfa_accept_index(const struct aa_dfa *dfa, int table_size)
 {
        int i;
        for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
@@ -1267,7 +1267,7 @@ static bool verify_dfa_accept_index(struct aa_dfa *dfa, 
int table_size)
        return true;
 }
 
-static bool verify_perm(struct aa_perms *perm)
+static bool verify_perm(const struct aa_perms *perm)
 {
        /* TODO: allow option to just force the perms into a valid state */
        if (perm->allow & perm->deny)
@@ -1290,7 +1290,7 @@ static bool verify_perm(struct aa_perms *perm)
        return true;
 }
 
-static bool verify_perms(struct aa_policydb *pdb)
+static bool verify_perms(const struct aa_policydb *pdb)
 {
        int i;
 
@@ -1319,7 +1319,7 @@ static bool verify_perms(struct aa_policydb *pdb)
  *
  * This verification is post any unpack mapping or changes
  */
-static int verify_profile(struct aa_profile *profile)
+static int verify_profile(const struct aa_profile *profile)
 {
        struct aa_ruleset *rules = list_first_entry(&profile->rules,
                                                    typeof(*rules), list);
-- 
2.43.0

Reply via email to