selinux: constify network address pointer

The network address, either an IPv4 or IPv6 one, is not modified.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/include/netnode.h b/security/selinux/include/netnode.h
index 9b8b655a8cd3154e1ec16af654aa453c9c0e5009..e4dc904c358551de0d04f56fc59780a1fc837412 100644 (file)
--- a/security/selinux/include/netnode.h
+++ b/security/selinux/include/netnode.h
@@ -21,6 +21,6 @@
 
 void sel_netnode_flush(void);
 
-int sel_netnode_sid(void *addr, u16 family, u32 *sid);
+int sel_netnode_sid(const void *addr, u16 family, u32 *sid);
 
 #endif

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index e7827ed7be5f1bd6cb5096a8771b57d4967ae896..278c144c22d6094bfd7fbf54b3878679b55a1465 100644 (file)
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -309,7 +309,7 @@ int security_ib_endport_sid(const char *dev_name, u8 port_num, u32 *out_sid);
 
 int security_netif_sid(const char *name, u32 *if_sid);
 
-int security_node_sid(u16 domain, void *addr, u32 addrlen, u32 *out_sid);
+int security_node_sid(u16 domain, const void *addr, u32 addrlen, u32 *out_sid);
 
 int security_validate_transition(u32 oldsid, u32 newsid, u32 tasksid,
                                 u16 tclass);

diff --git a/security/selinux/netnode.c b/security/selinux/netnode.c
index 5c8c77e50aadfac077f3039f705afc948fc2685e..b7900d5ae557ca276e2e100573b195dcbe0dd108 100644 (file)
--- a/security/selinux/netnode.c
+++ b/security/selinux/netnode.c
@@ -187,7 +187,7 @@ static void sel_netnode_insert(struct sel_netnode *node)
  * failure.
  *
  */
-static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
+static int sel_netnode_sid_slow(const void *addr, u16 family, u32 *sid)
 {
        int ret;
        struct sel_netnode *node;
@@ -207,13 +207,13 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
                ret = security_node_sid(PF_INET,
                                        addr, sizeof(struct in_addr), sid);
                if (new)
-                       new->nsec.addr.ipv4 = *(__be32 *)addr;
+                       new->nsec.addr.ipv4 = *(const __be32 *)addr;
                break;
        case PF_INET6:
                ret = security_node_sid(PF_INET6,
                                        addr, sizeof(struct in6_addr), sid);
                if (new)
-                       new->nsec.addr.ipv6 = *(struct in6_addr *)addr;
+                       new->nsec.addr.ipv6 = *(const struct in6_addr *)addr;
                break;
        default:
                BUG();
@@ -247,7 +247,7 @@ static int sel_netnode_sid_slow(void *addr, u16 family, u32 *sid)
  * on failure.
  *
  */
-int sel_netnode_sid(void *addr, u16 family, u32 *sid)
+int sel_netnode_sid(const void *addr, u16 family, u32 *sid)
 {
        struct sel_netnode *node;
 

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index e431772c6168909769496312299e01ed488588d5..ec9ddfccc7ee0ab243fb0d84686661008586a46c 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2643,7 +2643,7 @@ static bool match_ipv6_addrmask(const u32 input[4], const u32 addr[4], const u32
  * @out_sid: security identifier
  */
 int security_node_sid(u16 domain,
-                     void *addrp,
+                     const void *addrp,
                      u32 addrlen,
                      u32 *out_sid)
 {
@@ -2672,7 +2672,7 @@ retry:
                if (addrlen != sizeof(u32))
                        goto out;
 
-               addr = *((u32 *)addrp);
+               addr = *((const u32 *)addrp);
 
                c = policydb->ocontexts[OCON_NODE];
                while (c) {