[PATCH] security: declare member holding string literal const

[PATCH] security: declare member holding string literal const

[Christian Göttsche]

The struct security_hook_list member lsm is assigned in
security_add_hooks() with string literals passed from the individual
security modules.  Declare the function parameter and the struct member
const to signal their immutability.

Reported by Clang [-Wwrite-strings]:

    security/selinux/hooks.c:7388:63: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
            security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), selinux);
                                                                         ^~~~~~~~~
    ./include/linux/lsm_hooks.h:1629:11: note: passing argument to parameter 'lsm' here
                                    char *lsm);
                                          ^

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 include/linux/lsm_hooks.h | 4 ++--
 security/security.c       | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
index 419b5febc3ca..47cdf3fbecef 100644
--- a/include/linux/lsm_hooks.h
+++ b/include/linux/lsm_hooks.h
@@ -1595,7 +1595,7 @@ struct security_hook_list {
 	struct hlist_node		list;
 	struct hlist_head		*head;
 	union security_list_options	hook;
-	char				*lsm;
+	const char			*lsm;
 } __randomize_layout;
 
 /*
@@ -1630,7 +1630,7 @@ extern struct security_hook_heads security_hook_heads;
 extern char *lsm_names;
 
 extern void security_add_hooks(struct security_hook_list *hooks, int count,
-				char *lsm);
+				const char *lsm);
 
 #define LSM_FLAG_LEGACY_MAJOR	BIT(0)
 #define LSM_FLAG_EXCLUSIVE	BIT(1)
diff --git a/security/security.c b/security/security.c
index 9663ffcca4b0..a48eb3badfdd 100644
--- a/security/security.c
+++ b/security/security.c
@@ -478,7 +478,7 @@ static int lsm_append(const char *new, char **result)
  * Each LSM has to register its hooks with the infrastructure.
  */
 void __init security_add_hooks(struct security_hook_list *hooks, int count,
-				char *lsm)
+				const char *lsm)
 {
 	int i;
 
-- 
2.35.1

Re: [PATCH] security: declare member holding string literal const

[Paul Moore]

On Thu, Feb 17, 2022 at 9:19 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> The struct security_hook_list member lsm is assigned in
> security_add_hooks() with string literals passed from the individual
> security modules.  Declare the function parameter and the struct member
> const to signal their immutability.
>
> Reported by Clang [-Wwrite-strings]:
>
>     security/selinux/hooks.c:7388:63: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
>             security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), selinux);
>                                                                          ^~~~~~~~~
>     ./include/linux/lsm_hooks.h:1629:11: note: passing argument to parameter 'lsm' here
>                                     char *lsm);
>                                           ^
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
>  include/linux/lsm_hooks.h | 4 ++--
>  security/security.c       | 2 +-
>  2 files changed, 3 insertions(+), 3 deletions(-)

Thanks Christian.

Reviewed-by: Paul Moore <paul@paul-moore.com>

-- 
paul-moore.com

Re: [PATCH] security: declare member holding string literal const

[Casey Schaufler]

On 2/17/2022 6:18 AM, Christian Göttsche wrote:
> The struct security_hook_list member lsm is assigned in
> security_add_hooks() with string literals passed from the individual
> security modules.  Declare the function parameter and the struct member
> const to signal their immutability.
>
> Reported by Clang [-Wwrite-strings]:
>
>      security/selinux/hooks.c:7388:63: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
>              security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), selinux);
>                                                                           ^~~~~~~~~
>      ./include/linux/lsm_hooks.h:1629:11: note: passing argument to parameter 'lsm' here
>                                      char *lsm);
>                                            ^
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>

> ---
>   include/linux/lsm_hooks.h | 4 ++--
>   security/security.c       | 2 +-
>   2 files changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> index 419b5febc3ca..47cdf3fbecef 100644
> --- a/include/linux/lsm_hooks.h
> +++ b/include/linux/lsm_hooks.h
> @@ -1595,7 +1595,7 @@ struct security_hook_list {
>   	struct hlist_node		list;
>   	struct hlist_head		*head;
>   	union security_list_options	hook;
> -	char				*lsm;
> +	const char			*lsm;
>   } __randomize_layout;
>   
>   /*
> @@ -1630,7 +1630,7 @@ extern struct security_hook_heads security_hook_heads;
>   extern char *lsm_names;
>   
>   extern void security_add_hooks(struct security_hook_list *hooks, int count,
> -				char *lsm);
> +				const char *lsm);
>   
>   #define LSM_FLAG_LEGACY_MAJOR	BIT(0)
>   #define LSM_FLAG_EXCLUSIVE	BIT(1)
> diff --git a/security/security.c b/security/security.c
> index 9663ffcca4b0..a48eb3badfdd 100644
> --- a/security/security.c
> +++ b/security/security.c
> @@ -478,7 +478,7 @@ static int lsm_append(const char *new, char **result)
>    * Each LSM has to register its hooks with the infrastructure.
>    */
>   void __init security_add_hooks(struct security_hook_list *hooks, int count,
> -				char *lsm)
> +				const char *lsm)
>   {
>   	int i;
>   

Re: [PATCH] security: declare member holding string literal const

[Christian Göttsche]

On Thu, 17 Feb 2022 at 23:50, Casey Schaufler <casey@schaufler-ca.com> wrote:
>
> On 2/17/2022 6:18 AM, Christian Göttsche wrote:
> > The struct security_hook_list member lsm is assigned in
> > security_add_hooks() with string literals passed from the individual
> > security modules.  Declare the function parameter and the struct member
> > const to signal their immutability.
> >
> > Reported by Clang [-Wwrite-strings]:
> >
> >      security/selinux/hooks.c:7388:63: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
> >              security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), selinux);
> >                                                                           ^~~~~~~~~
> >      ./include/linux/lsm_hooks.h:1629:11: note: passing argument to parameter 'lsm' here
> >                                      char *lsm);
> >                                            ^
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
>

Kindly ping;
any progress on this one?

> > ---
> >   include/linux/lsm_hooks.h | 4 ++--
> >   security/security.c       | 2 +-
> >   2 files changed, 3 insertions(+), 3 deletions(-)
> >
> > diff --git a/include/linux/lsm_hooks.h b/include/linux/lsm_hooks.h
> > index 419b5febc3ca..47cdf3fbecef 100644
> > --- a/include/linux/lsm_hooks.h
> > +++ b/include/linux/lsm_hooks.h
> > @@ -1595,7 +1595,7 @@ struct security_hook_list {
> >       struct hlist_node               list;
> >       struct hlist_head               *head;
> >       union security_list_options     hook;
> > -     char                            *lsm;
> > +     const char                      *lsm;
> >   } __randomize_layout;
> >
> >   /*
> > @@ -1630,7 +1630,7 @@ extern struct security_hook_heads security_hook_heads;
> >   extern char *lsm_names;
> >
> >   extern void security_add_hooks(struct security_hook_list *hooks, int count,
> > -                             char *lsm);
> > +                             const char *lsm);
> >
> >   #define LSM_FLAG_LEGACY_MAJOR       BIT(0)
> >   #define LSM_FLAG_EXCLUSIVE  BIT(1)
> > diff --git a/security/security.c b/security/security.c
> > index 9663ffcca4b0..a48eb3badfdd 100644
> > --- a/security/security.c
> > +++ b/security/security.c
> > @@ -478,7 +478,7 @@ static int lsm_append(const char *new, char **result)
> >    * Each LSM has to register its hooks with the infrastructure.
> >    */
> >   void __init security_add_hooks(struct security_hook_list *hooks, int count,
> > -                             char *lsm)
> > +                             const char *lsm)
> >   {
> >       int i;
> >

Re: [PATCH] security: declare member holding string literal const

[Paul Moore]

On Mon, May 2, 2022 at 9:38 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
> On Thu, 17 Feb 2022 at 23:50, Casey Schaufler <casey@schaufler-ca.com> wrote:
> > On 2/17/2022 6:18 AM, Christian Göttsche wrote:
> > > The struct security_hook_list member lsm is assigned in
> > > security_add_hooks() with string literals passed from the individual
> > > security modules.  Declare the function parameter and the struct member
> > > const to signal their immutability.
> > >
> > > Reported by Clang [-Wwrite-strings]:
> > >
> > >      security/selinux/hooks.c:7388:63: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
> > >              security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), selinux);
> > >                                                                           ^~~~~~~~~
> > >      ./include/linux/lsm_hooks.h:1629:11: note: passing argument to parameter 'lsm' here
> > >                                      char *lsm);
> > >                                            ^
> > >
> > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> >
> > Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
> >
>
> Kindly ping;
> any progress on this one?

I've already added my Reviewed-by tag, as has Casey, so I think it's
pretty "safe" at this point.  The next step is for James to pull this
into the LSM tree.  If it is still collecting dust at the end of this
week, ping us again and I can just go ahead and pull it into the
SELinux tree, it's small enough that it shouldn't cause any problems.

-- 
paul-moore.com

Re: [PATCH] security: declare member holding string literal const

[Christian Göttsche]

On Tue, 3 May 2022 at 22:02, Paul Moore <paul@paul-moore.com> wrote:
>
> On Mon, May 2, 2022 at 9:38 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> > On Thu, 17 Feb 2022 at 23:50, Casey Schaufler <casey@schaufler-ca.com> wrote:
> > > On 2/17/2022 6:18 AM, Christian Göttsche wrote:
> > > > The struct security_hook_list member lsm is assigned in
> > > > security_add_hooks() with string literals passed from the individual
> > > > security modules.  Declare the function parameter and the struct member
> > > > const to signal their immutability.
> > > >
> > > > Reported by Clang [-Wwrite-strings]:
> > > >
> > > >      security/selinux/hooks.c:7388:63: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
> > > >              security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), selinux);
> > > >                                                                           ^~~~~~~~~
> > > >      ./include/linux/lsm_hooks.h:1629:11: note: passing argument to parameter 'lsm' here
> > > >                                      char *lsm);
> > > >                                            ^
> > > >
> > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> > >
> > > Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
> > >
> >
> > Kindly ping;
> > any progress on this one?
>
> I've already added my Reviewed-by tag, as has Casey, so I think it's
> pretty "safe" at this point.  The next step is for James to pull this
> into the LSM tree.  If it is still collecting dust at the end of this
> week, ping us again and I can just go ahead and pull it into the
> SELinux tree, it's small enough that it shouldn't cause any problems.

end-of-the-week-ping

>
> --
> paul-moore.com

Re: [PATCH] security: declare member holding string literal const

[Paul Moore]

On Fri, May 13, 2022 at 1:16 PM Christian Göttsche
<cgzones@googlemail.com> wrote:
> On Tue, 3 May 2022 at 22:02, Paul Moore <paul@paul-moore.com> wrote:
> > On Mon, May 2, 2022 at 9:38 AM Christian Göttsche
> > <cgzones@googlemail.com> wrote:
> > > On Thu, 17 Feb 2022 at 23:50, Casey Schaufler <casey@schaufler-ca.com> wrote:
> > > > On 2/17/2022 6:18 AM, Christian Göttsche wrote:
> > > > > The struct security_hook_list member lsm is assigned in
> > > > > security_add_hooks() with string literals passed from the individual
> > > > > security modules.  Declare the function parameter and the struct member
> > > > > const to signal their immutability.
> > > > >
> > > > > Reported by Clang [-Wwrite-strings]:
> > > > >
> > > > >      security/selinux/hooks.c:7388:63: error: passing 'const char [8]' to parameter of type 'char *' discards qualifiers [-Werror,-Wincompatible-pointer-types-discards-qualifiers]
> > > > >              security_add_hooks(selinux_hooks, ARRAY_SIZE(selinux_hooks), selinux);
> > > > >                                                                           ^~~~~~~~~
> > > > >      ./include/linux/lsm_hooks.h:1629:11: note: passing argument to parameter 'lsm' here
> > > > >                                      char *lsm);
> > > > >                                            ^
> > > > >
> > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> > > >
> > > > Reviewed-by: Casey Schaufler <casey@schaufler-ca.com>
> > > >
> > >
> > > Kindly ping;
> > > any progress on this one?
> >
> > I've already added my Reviewed-by tag, as has Casey, so I think it's
> > pretty "safe" at this point.  The next step is for James to pull this
> > into the LSM tree.  If it is still collecting dust at the end of this
> > week, ping us again and I can just go ahead and pull it into the
> > SELinux tree, it's small enough that it shouldn't cause any problems.
>
> end-of-the-week-ping

Thanks for the reminder.  I haven't seen any other action on this so
I've gone ahead and merged this into selinux/next; thanks for your
patience and persistence on this Christian!

-- 
paul-moore.com