leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security/integrity: constify some read-only data

Browse Source 
Constify some static data that is never modified,
so that it is placed in .rodata.

Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Eric Biggers 2018-09-07 13:22:23 -07:00 committed by Mimi Zohar
parent 691115c351
commit b2724d5802
8 changed files with 16 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/integrity/digsig.c
View File

@ -26,7 +26,7 @@
static struct key *keyring[INTEGRITY_KEYRING_MAX]; static struct key *keyring[INTEGRITY_KEYRING_MAX];
static const char *keyring_name[INTEGRITY_KEYRING_MAX] = { static const char * const keyring_name[INTEGRITY_KEYRING_MAX] = {
#ifndef CONFIG_INTEGRITY_TRUSTED_KEYRING #ifndef CONFIG_INTEGRITY_TRUSTED_KEYRING
"_evm", "_evm",
"_ima", "_ima",

4
security/integrity/evm/evm_crypto.c
View File

@ -27,7 +27,7 @@
#define EVMKEY "evm-key" #define EVMKEY "evm-key"
#define MAX_KEY_SIZE 128 #define MAX_KEY_SIZE 128
static unsigned char evmkey[MAX_KEY_SIZE]; static unsigned char evmkey[MAX_KEY_SIZE];
static int evmkey_len = MAX_KEY_SIZE; static const int evmkey_len = MAX_KEY_SIZE;
struct crypto_shash *hmac_tfm; struct crypto_shash *hmac_tfm;
static struct crypto_shash *evm_tfm[HASH_ALGO__LAST]; static struct crypto_shash *evm_tfm[HASH_ALGO__LAST];
@ -38,7 +38,7 @@ static DEFINE_MUTEX(mutex);
static unsigned long evm_set_key_flags; static unsigned long evm_set_key_flags;
static char * const evm_hmac = "hmac(sha1)"; static const char evm_hmac[] = "hmac(sha1)";
/** /**
* evm_set_key() - set EVM HMAC key from the kernel * evm_set_key() - set EVM HMAC key from the kernel

2
security/integrity/ima/ima.h
View File

@ -88,7 +88,7 @@ struct ima_template_desc {
char *name; char *name;
char *fmt; char *fmt;
int num_fields; int num_fields;
struct ima_template_field **fields; const struct ima_template_field **fields;
}; };
struct ima_template_entry { struct ima_template_entry {

3
security/integrity/ima/ima_api.c
View File

@ -51,7 +51,8 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
(*entry)->template_desc = template_desc; (*entry)->template_desc = template_desc;
for (i = 0; i < template_desc->num_fields; i++) { for (i = 0; i < template_desc->num_fields; i++) {
struct ima_template_field *field = template_desc->fields[i]; const struct ima_template_field *field =
template_desc->fields[i];
u32 len; u32 len;
result = field->field_init(event_data, result = field->field_init(event_data,

3
security/integrity/ima/ima_fs.c
View File

@ -179,7 +179,8 @@ int ima_measurements_show(struct seq_file *m, void *v)
/* 6th: template specific data */ /* 6th: template specific data */
for (i = 0; i < e->template_desc->num_fields; i++) { for (i = 0; i < e->template_desc->num_fields; i++) {
enum ima_show_type show = IMA_SHOW_BINARY; enum ima_show_type show = IMA_SHOW_BINARY;
struct ima_template_field *field = e->template_desc->fields[i]; const struct ima_template_field *field =
e->template_desc->fields[i];
if (is_ima_template && strcmp(field->field_id, "d") == 0) if (is_ima_template && strcmp(field->field_id, "d") == 0)
show = IMA_SHOW_BINARY_NO_FIELD_LEN; show = IMA_SHOW_BINARY_NO_FIELD_LEN;

2
security/integrity/ima/ima_init.c
View File

@ -25,7 +25,7 @@
#include "ima.h" #include "ima.h"
/* name for boot aggregate entry */ /* name for boot aggregate entry */
static const char *boot_aggregate_name = "boot_aggregate"; static const char boot_aggregate_name[] = "boot_aggregate";
struct tpm_chip *ima_tpm_chip; struct tpm_chip *ima_tpm_chip;
/* Add the boot aggregate to the IMA measurement list and extend /* Add the boot aggregate to the IMA measurement list and extend

2
security/integrity/ima/ima_main.c
View File

@ -440,7 +440,7 @@ int ima_read_file(struct file *file, enum kernel_read_file_id read_id)
return 0; return 0;
} }
static int read_idmap[READING_MAX_ID] = { static const int read_idmap[READING_MAX_ID] = {
[READING_FIRMWARE] = FIRMWARE_CHECK, [READING_FIRMWARE] = FIRMWARE_CHECK,
[READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK, [READING_FIRMWARE_PREALLOC_BUFFER] = FIRMWARE_CHECK,
[READING_MODULE] = MODULE_CHECK, [READING_MODULE] = MODULE_CHECK,

11
security/integrity/ima/ima_template.c
View File

@ -32,7 +32,7 @@ static struct ima_template_desc builtin_templates[] = {
static LIST_HEAD(defined_templates); static LIST_HEAD(defined_templates);
static DEFINE_SPINLOCK(template_list); static DEFINE_SPINLOCK(template_list);
static struct ima_template_field supported_fields[] = { static const struct ima_template_field supported_fields[] = {
{.field_id = "d", .field_init = ima_eventdigest_init, {.field_id = "d", .field_init = ima_eventdigest_init,
.field_show = ima_show_template_digest}, .field_show = ima_show_template_digest},
{.field_id = "n", .field_init = ima_eventname_init, {.field_id = "n", .field_init = ima_eventname_init,
@ -49,7 +49,7 @@ static struct ima_template_field supported_fields[] = {
static struct ima_template_desc *ima_template; static struct ima_template_desc *ima_template;
static struct ima_template_desc *lookup_template_desc(const char *name); static struct ima_template_desc *lookup_template_desc(const char *name);
static int template_desc_init_fields(const char *template_fmt, static int template_desc_init_fields(const char *template_fmt,
struct ima_template_field ***fields, const struct ima_template_field ***fields,
int *num_fields); int *num_fields);
static int __init ima_template_setup(char *str) static int __init ima_template_setup(char *str)
@ -125,7 +125,8 @@ static struct ima_template_desc *lookup_template_desc(const char *name)
return found ? template_desc : NULL; return found ? template_desc : NULL;
} }
static struct ima_template_field *lookup_template_field(const char *field_id) static const struct ima_template_field *
lookup_template_field(const char *field_id)
{ {
int i; int i;
@ -153,11 +154,11 @@ static int template_fmt_size(const char *template_fmt)
} }
static int template_desc_init_fields(const char *template_fmt, static int template_desc_init_fields(const char *template_fmt,
struct ima_template_field ***fields, const struct ima_template_field ***fields,
int *num_fields) int *num_fields)
{ {
const char *template_fmt_ptr; const char *template_fmt_ptr;
struct ima_template_field *found_fields[IMA_TEMPLATE_NUM_FIELDS_MAX]; const struct ima_template_field *found_fields[IMA_TEMPLATE_NUM_FIELDS_MAX];
int template_num_fields; int template_num_fields;
int i, len; int i, len;