[apparmor] [PATCH 4/5] apparmor: constify pointer arguments for verify_* in policy_unpack.c

Ryan Lee ryan.lee at canonical.com
Tue Mar 4 01:11:40 UTC 2025 

These functions are not supposed to change the profile struct (or
component thereof), so make the pointers passed into them const.

Signed-off-by: Ryan Lee <ryan.lee at canonical.com>
---
 security/apparmor/policy_unpack.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 22af940a5f58..813bcbdfc773 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -60,7 +60,7 @@ static void audit_cb(struct audit_buffer *ab, void *va)
  *
  * Returns: %0 or error
  */
-static int audit_iface(struct aa_profile *new, const char *ns_name,
+static int audit_iface(const struct aa_profile *new, const char *ns_name,
 		       const char *name, const char *info, struct aa_ext *e,
 		       int error)
 {
@@ -1257,7 +1257,7 @@ static int unpack_and_verify_header(struct aa_ext *e, int required, const char *
  * @dfa: the dfa to check accept indexes are in range
  * @table_size: the permission table size the indexes should be within
  */
-static bool verify_dfa_accept_index(struct aa_dfa *dfa, int table_size)
+static bool verify_dfa_accept_index(const struct aa_dfa *dfa, int table_size)
 {
 	int i;
 	for (i = 0; i < dfa->tables[YYTD_ID_ACCEPT]->td_lolen; i++) {
@@ -1267,7 +1267,7 @@ static bool verify_dfa_accept_index(struct aa_dfa *dfa, int table_size)
 	return true;
 }
 
-static bool verify_perm(struct aa_perms *perm)
+static bool verify_perm(const struct aa_perms *perm)
 {
 	/* TODO: allow option to just force the perms into a valid state */
 	if (perm->allow & perm->deny)
@@ -1290,7 +1290,7 @@ static bool verify_perm(struct aa_perms *perm)
 	return true;
 }
 
-static bool verify_perms(struct aa_policydb *pdb)
+static bool verify_perms(const struct aa_policydb *pdb)
 {
 	int i;
 
@@ -1319,7 +1319,7 @@ static bool verify_perms(struct aa_policydb *pdb)
  *
  * This verification is post any unpack mapping or changes
  */
-static int verify_profile(struct aa_profile *profile)
+static int verify_profile(const struct aa_profile *profile)
 {
 	struct aa_ruleset *rules = list_first_entry(&profile->rules,
 						    typeof(*rules), list);
-- 
2.43.0

More information about the AppArmor mailing list