security: mark LSM hooks as __ro_after_init

author James Morris <jmorris@namei.org>

Tue, 14 Feb 2017 13:18:51 +0000 (00:18 +1100)

committer James Morris <james.l.morris@oracle.com>

Mon, 6 Mar 2017 00:00:15 +0000 (11:00 +1100)
author James Morris <jmorris@namei.org>
Tue, 14 Feb 2017 13:18:51 +0000 (00:18 +1100)
committer James Morris <james.l.morris@oracle.com>
Mon, 6 Mar 2017 00:00:15 +0000 (11:00 +1100)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c

index 709eacd23909acfa5438e9173085d91eb1780991..e287b691a30e4a205e9253e60e44e3a80793908e 100644 (file)
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
@@ -587,7 +587,7 @@ static int apparmor_task_setrlimit(struct task_struct *task,
         return error;
  }
  
-static struct security_hook_list apparmor_hooks[] = {
+static struct security_hook_list apparmor_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(ptrace_access_check, apparmor_ptrace_access_check),
         LSM_HOOK_INIT(ptrace_traceme, apparmor_ptrace_traceme),
         LSM_HOOK_INIT(capget, apparmor_capget),
diff --git a/security/commoncap.c b/security/commoncap.c

index 78b37838a2d3e24302578581d32c0a4b0978a946..7abebd782d5e02d0c024ca0b2b1b189b1f4f83d1 100644 (file)
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -1071,7 +1071,7 @@ int cap_mmap_file(struct file *file, unsigned long reqprot,
  
  #ifdef CONFIG_SECURITY
  
-struct security_hook_list capability_hooks[] = {
+struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(capable, cap_capable),
         LSM_HOOK_INIT(settime, cap_settime),
         LSM_HOOK_INIT(ptrace_access_check, cap_ptrace_access_check),
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c

index 1d82eae3a5b834c4beadf9bdf79415ecb9078ffe..dbe6efde77a0a908d3a5d239df892874c2bfb292 100644 (file)
--- a/security/loadpin/loadpin.c
+++ b/security/loadpin/loadpin.c
@@ -174,7 +174,7 @@ static int loadpin_read_file(struct file *file, enum kernel_read_file_id id)
         return 0;
  }
  
-static struct security_hook_list loadpin_hooks[] = {
+static struct security_hook_list loadpin_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(sb_free_security, loadpin_sb_free_security),
         LSM_HOOK_INIT(kernel_read_file, loadpin_read_file),
  };
diff --git a/security/security.c b/security/security.c

index 905dad2811d334935b1ae9f0913f703a985de65b..d6d18a3721aa019a8a25e8f4c506bae644232e56 100644 (file)
--- a/security/security.c
+++ b/security/security.c
@@ -1628,7 +1628,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule,
  }
  #endif /* CONFIG_AUDIT */
  
-struct security_hook_heads security_hook_heads = {
+struct security_hook_heads security_hook_heads __lsm_ro_after_init = {
         .binder_set_context_mgr =
                 LIST_HEAD_INIT(security_hook_heads.binder_set_context_mgr),
         .binder_transaction =
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c

index 3ba5ce1f4e05a2e59a1d9c283ac6d6f648b2d77e..d37a72316e9d1a9afe217f8629f5d84bc8db59ed 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -6123,7 +6123,7 @@ static int selinux_key_getsecurity(struct key *key, char **_buffer)
  
  #endif
  
-static struct security_hook_list selinux_hooks[] = {
+static struct security_hook_list selinux_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(binder_set_context_mgr, selinux_binder_set_context_mgr),
         LSM_HOOK_INIT(binder_transaction, selinux_binder_transaction),
         LSM_HOOK_INIT(binder_transfer_binder, selinux_binder_transfer_binder),
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c

index fc8fb31fc24f6ef1041806c574ebb21a8697f56f..927e60e622d1e83c52c9e09ba1514ca854bc698f 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -4633,7 +4633,7 @@ static int smack_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen)
         return 0;
  }
  
-static struct security_hook_list smack_hooks[] = {
+static struct security_hook_list smack_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(ptrace_access_check, smack_ptrace_access_check),
         LSM_HOOK_INIT(ptrace_traceme, smack_ptrace_traceme),
         LSM_HOOK_INIT(syslog, smack_syslog),
diff --git a/security/tomoyo/tomoyo.c b/security/tomoyo/tomoyo.c

index edc52d620f29cf7b027dd962ab0976a75eef3ba4..b5fb930349a99aa62c9f3d2bbc3545247440598f 100644 (file)
--- a/security/tomoyo/tomoyo.c
+++ b/security/tomoyo/tomoyo.c
@@ -496,7 +496,7 @@ static int tomoyo_socket_sendmsg(struct socket *sock, struct msghdr *msg,
   * tomoyo_security_ops is a "struct security_operations" which is used for
   * registering TOMOYO.
   */
-static struct security_hook_list tomoyo_hooks[] = {
+static struct security_hook_list tomoyo_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(cred_alloc_blank, tomoyo_cred_alloc_blank),
         LSM_HOOK_INIT(cred_prepare, tomoyo_cred_prepare),
         LSM_HOOK_INIT(cred_transfer, tomoyo_cred_transfer),
diff --git a/security/yama/yama_lsm.c b/security/yama/yama_lsm.c

index 88271a3bf37f8378fbc6be1d63dd6b4d2de8054c..8298e094f4f7fa6338814902f3c6067b276a6032 100644 (file)
--- a/security/yama/yama_lsm.c
+++ b/security/yama/yama_lsm.c
@@ -428,7 +428,7 @@ int yama_ptrace_traceme(struct task_struct *parent)
         return rc;
  }
  
-static struct security_hook_list yama_hooks[] = {
+static struct security_hook_list yama_hooks[] __lsm_ro_after_init = {
         LSM_HOOK_INIT(ptrace_access_check, yama_ptrace_access_check),
         LSM_HOOK_INIT(ptrace_traceme, yama_ptrace_traceme),
         LSM_HOOK_INIT(task_prctl, yama_task_prctl),
author	James Morris <jmorris@namei.org>
	Tue, 14 Feb 2017 13:18:51 +0000 (00:18 +1100)
committer	James Morris <james.l.morris@oracle.com>
	Mon, 6 Mar 2017 00:00:15 +0000 (11:00 +1100)
security/apparmor/lsm.c		patch \| blob \| blame \| history
security/commoncap.c		patch \| blob \| blame \| history
security/loadpin/loadpin.c		patch \| blob \| blame \| history
security/security.c		patch \| blob \| blame \| history
security/selinux/hooks.c		patch \| blob \| blame \| history
security/smack/smack_lsm.c		patch \| blob \| blame \| history
security/tomoyo/tomoyo.c		patch \| blob \| blame \| history
security/yama/yama_lsm.c		patch \| blob \| blame \| history