18 files changed, 107 insertions, 107 deletions

diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h
index 9ec23abb..37dd279a 100644
--- a/libselinux/include/selinux/avc.h
+++ b/libselinux/include/selinux/avc.h
@@ -51,8 +51,8 @@ int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
  * to the SID structure into the memory referenced by @sid, 
  * returning %0 on success or -%1 on error with @errno set.  
  */
-int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
-int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid(const security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid_raw(const security_context_t ctx, security_id_t * sid);
 
 /**
  * sidget - increment SID reference counter.
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index 834a1ee0..0725b570 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -36,8 +36,8 @@ extern int getcon_raw(security_context_t * con);
    instead. Note that the application may lose access to its open descriptors
    as a result of a setcon() unless policy allows it to use descriptors opened
    by the old context. */
-extern int setcon(security_context_t con);
-extern int setcon_raw(security_context_t con);
+extern int setcon(const security_context_t con);
+extern int setcon_raw(const security_context_t con);
 
 /* Get context of process identified by pid, and 
    set *con to refer to it.  Caller must free via freecon. */
@@ -57,8 +57,8 @@ extern int getexeccon_raw(security_context_t * con);
 
 /* Set exec security context for the next execve. 
    Call with NULL if you want to reset to the default. */
-extern int setexeccon(security_context_t con);
-extern int setexeccon_raw(security_context_t con);
+extern int setexeccon(const security_context_t con);
+extern int setexeccon_raw(const security_context_t con);
 
 /* Get fscreate context, and set *con to refer to it.
    Sets *con to NULL if no fs create context has been set, i.e. using default.
@@ -68,8 +68,8 @@ extern int getfscreatecon_raw(security_context_t * con);
 
 /* Set the fscreate security context for subsequent file creations.
    Call with NULL if you want to reset to the default. */
-extern int setfscreatecon(security_context_t context);
-extern int setfscreatecon_raw(security_context_t context);
+extern int setfscreatecon(const security_context_t context);
+extern int setfscreatecon_raw(const security_context_t context);
 
 /* Get keycreate context, and set *con to refer to it.
    Sets *con to NULL if no key create context has been set, i.e. using default.
@@ -79,8 +79,8 @@ extern int getkeycreatecon_raw(security_context_t * con);
 
 /* Set the keycreate security context for subsequent key creations.
    Call with NULL if you want to reset to the default. */
-extern int setkeycreatecon(security_context_t context);
-extern int setkeycreatecon_raw(security_context_t context);
+extern int setkeycreatecon(const security_context_t context);
+extern int setkeycreatecon_raw(const security_context_t context);
 
 /* Get sockcreate context, and set *con to refer to it.
    Sets *con to NULL if no socket create context has been set, i.e. using default.
@@ -90,8 +90,8 @@ extern int getsockcreatecon_raw(security_context_t * con);
 
 /* Set the sockcreate security context for subsequent socket creations.
    Call with NULL if you want to reset to the default. */
-extern int setsockcreatecon(security_context_t context);
-extern int setsockcreatecon_raw(security_context_t context);
+extern int setsockcreatecon(const security_context_t context);
+extern int setsockcreatecon_raw(const security_context_t context);
 
 /* Wrappers for the xattr API. */
 
@@ -179,67 +179,67 @@ extern void selinux_set_callback(int type, union selinux_callback cb);
 #define SELINUX_AVC		3
 
 /* Compute an access decision. */
-extern int security_compute_av(security_context_t scon,
-			       security_context_t tcon,
+extern int security_compute_av(const security_context_t scon,
+			       const security_context_t tcon,
 			       security_class_t tclass,
 			       access_vector_t requested,
 			       struct av_decision *avd);
-extern int security_compute_av_raw(security_context_t scon,
-				   security_context_t tcon,
+extern int security_compute_av_raw(const security_context_t scon,
+				   const security_context_t tcon,
 				   security_class_t tclass,
 				   access_vector_t requested,
 				   struct av_decision *avd);
 
-extern int security_compute_av_flags(security_context_t scon,
-				     security_context_t tcon,
+extern int security_compute_av_flags(const security_context_t scon,
+				     const security_context_t tcon,
 				     security_class_t tclass,
 				     access_vector_t requested,
 				     struct av_decision *avd);
-extern int security_compute_av_flags_raw(security_context_t scon,
-					 security_context_t tcon,
+extern int security_compute_av_flags_raw(const security_context_t scon,
+					 const security_context_t tcon,
 					 security_class_t tclass,
 					 access_vector_t requested,
 					 struct av_decision *avd);
 
 /* Compute a labeling decision and set *newcon to refer to it.
    Caller must free via freecon. */
-extern int security_compute_create(security_context_t scon,
-				   security_context_t tcon,
+extern int security_compute_create(const security_context_t scon,
+				   const security_context_t tcon,
 				   security_class_t tclass,
 				   security_context_t * newcon);
-extern int security_compute_create_raw(security_context_t scon,
-				       security_context_t tcon,
+extern int security_compute_create_raw(const security_context_t scon,
+				       const security_context_t tcon,
 				       security_class_t tclass,
 				       security_context_t * newcon);
 
 /* Compute a relabeling decision and set *newcon to refer to it.
    Caller must free via freecon. */
-extern int security_compute_relabel(security_context_t scon,
-				    security_context_t tcon,
+extern int security_compute_relabel(const security_context_t scon,
+				    const security_context_t tcon,
 				    security_class_t tclass,
 				    security_context_t * newcon);
-extern int security_compute_relabel_raw(security_context_t scon,
-					security_context_t tcon,
+extern int security_compute_relabel_raw(const security_context_t scon,
+					const security_context_t tcon,
 					security_class_t tclass,
 					security_context_t * newcon);
 
 /* Compute a polyinstantiation member decision and set *newcon to refer to it.
    Caller must free via freecon. */
-extern int security_compute_member(security_context_t scon,
-				   security_context_t tcon,
+extern int security_compute_member(const security_context_t scon,
+				   const security_context_t tcon,
 				   security_class_t tclass,
 				   security_context_t * newcon);
-extern int security_compute_member_raw(security_context_t scon,
-				       security_context_t tcon,
+extern int security_compute_member_raw(const security_context_t scon,
+				       const security_context_t tcon,
 				       security_class_t tclass,
 				       security_context_t * newcon);
 
 /* Compute the set of reachable user contexts and set *con to refer to 
    the NULL-terminated array of contexts.  Caller must free via freeconary. */
-extern int security_compute_user(security_context_t scon,
+extern int security_compute_user(const security_context_t scon,
 				 const char *username,
 				 security_context_t ** con);
-extern int security_compute_user_raw(security_context_t scon,
+extern int security_compute_user_raw(const security_context_t scon,
 				     const char *username,
 				     security_context_t ** con);
 
@@ -301,13 +301,13 @@ extern int security_set_boolean_list(size_t boolcnt,
 extern int security_load_booleans(char *path);
 
 /* Check the validity of a security context. */
-extern int security_check_context(security_context_t con);
-extern int security_check_context_raw(security_context_t con);
+extern int security_check_context(const security_context_t con);
+extern int security_check_context_raw(const security_context_t con);
 
 /* Canonicalize a security context. */
-extern int security_canonicalize_context(security_context_t con,
+extern int security_canonicalize_context(const security_context_t con,
 					 security_context_t * canoncon);
-extern int security_canonicalize_context_raw(security_context_t con,
+extern int security_canonicalize_context_raw(const security_context_t con,
 					     security_context_t * canoncon);
 
 /* Get the enforce flag value. */
@@ -506,7 +506,7 @@ extern int checkPasswdAccess(access_vector_t requested);
 
 /* Check if the tty_context is defined as a securetty
    Return 0 if secure, < 0 otherwise. */
-extern int selinux_check_securetty_context(security_context_t tty_context);
+extern int selinux_check_securetty_context(const security_context_t tty_context);
 
 /* Set the path to the selinuxfs mount point explicitly.
    Normally, this is determined automatically during libselinux 
@@ -521,16 +521,16 @@ extern int rpm_execcon(unsigned int verified,
 
 /* Returns whether a file context is customizable, and should not 
    be relabeled . */
-extern int is_context_customizable(security_context_t scontext);
+extern int is_context_customizable(const security_context_t scontext);
 
 /* Perform context translation between the human-readable format
    ("translated") and the internal system format ("raw"). 
    Caller must free the resulting context via freecon.  
    Returns -1 upon an error or 0 otherwise.
    If passed NULL, sets the returned context to NULL and returns 0. */
-extern int selinux_trans_to_raw_context(security_context_t trans,
+extern int selinux_trans_to_raw_context(const security_context_t trans,
 					security_context_t * rawp);
-extern int selinux_raw_to_trans_context(security_context_t raw,
+extern int selinux_raw_to_trans_context(const security_context_t raw,
 					security_context_t * transp);
 
 /* Perform context translation between security contexts
@@ -538,7 +538,7 @@ extern int selinux_raw_to_trans_context(security_context_t raw,
    ten hex RGB triples prefixed by hash marks, e.g. "#ff0000".
    Caller must free the resulting string via free.
    Returns -1 upon an error or 0 otherwise. */
-extern int selinux_raw_context_to_color(security_context_t raw,
+extern int selinux_raw_context_to_color(const security_context_t raw,
 					char **color_str);
 
 /* Get the SELinux username and level to use for a given Linux username. 
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
index e9e35296..74591b4f 100644
--- a/libselinux/src/avc.c
+++ b/libselinux/src/avc.c
@@ -66,7 +66,7 @@ static inline int avc_hash(security_id_t ssid,
 	    & (AVC_CACHE_SLOTS - 1);
 }
 
-int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid)
+int avc_context_to_sid_raw(const security_context_t ctx, security_id_t * sid)
 {
 	int rc;
 	avc_get_lock(avc_lock);
@@ -75,7 +75,7 @@ int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid)
 	return rc;
 }
 
-int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
+int avc_context_to_sid(const security_context_t ctx, security_id_t * sid)
 {
 	int ret;
 	security_context_t rctx;
diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
index 3ca1d1fd..0b696bb8 100644
--- a/libselinux/src/avc_sidtab.c
+++ b/libselinux/src/avc_sidtab.c
@@ -46,7 +46,7 @@ int sidtab_init(struct sidtab *s)
 	return rc;
 }
 
-int sidtab_insert(struct sidtab *s, security_context_t ctx)
+int sidtab_insert(struct sidtab *s, const security_context_t ctx)
 {
 	int hvalue, rc = 0;
 	struct sidtab_node *newnode;
@@ -76,7 +76,7 @@ int sidtab_insert(struct sidtab *s, security_context_t ctx)
 
 int
 sidtab_context_to_sid(struct sidtab *s,
-		      security_context_t ctx, security_id_t * sid)
+		      const security_context_t ctx, security_id_t * sid)
 {
 	int hvalue, rc = 0;
 	struct sidtab_node *cur;
diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
index 85bbbfad..176c45aa 100644
--- a/libselinux/src/canonicalize_context.c
+++ b/libselinux/src/canonicalize_context.c
@@ -9,7 +9,7 @@
 #include "policy.h"
 #include <limits.h>
 
-int security_canonicalize_context_raw(security_context_t con,
+int security_canonicalize_context_raw(const security_context_t con,
 				      security_context_t * canoncon)
 {
 	char path[PATH_MAX];
@@ -62,11 +62,11 @@ int security_canonicalize_context_raw(security_context_t con,
 
 hidden_def(security_canonicalize_context_raw)
 
-int security_canonicalize_context(security_context_t con,
+int security_canonicalize_context(const security_context_t con,
 				  security_context_t * canoncon)
 {
 	int ret;
-	security_context_t rcon = con;
+	security_context_t rcon;
 	security_context_t rcanoncon;
 
 	if (selinux_trans_to_raw_context(con, &rcon))
diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c
index 0e8fb864..33ab5e31 100644
--- a/libselinux/src/check_context.c
+++ b/libselinux/src/check_context.c
@@ -9,7 +9,7 @@
 #include "policy.h"
 #include <limits.h>
 
-int security_check_context_raw(security_context_t con)
+int security_check_context_raw(const security_context_t con)
 {
 	char path[PATH_MAX];
 	int fd, ret;
@@ -33,10 +33,10 @@ int security_check_context_raw(security_context_t con)
 
 hidden_def(security_check_context_raw)
 
-int security_check_context(security_context_t con)
+int security_check_context(const security_context_t con)
 {
 	int ret;
-	security_context_t rcon = con;
+	security_context_t rcon;
 
 	if (selinux_trans_to_raw_context(con, &rcon))
 		return -1;
diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
index a821d178..86ff2740 100644
--- a/libselinux/src/compute_av.c
+++ b/libselinux/src/compute_av.c
@@ -10,8 +10,8 @@
 #include "policy.h"
 #include "mapping.h"
 
-int security_compute_av_flags_raw(security_context_t scon,
-				  security_context_t tcon,
+int security_compute_av_flags_raw(const security_context_t scon,
+				  const security_context_t tcon,
 				  security_class_t tclass,
 				  access_vector_t requested,
 				  struct av_decision *avd)
@@ -72,8 +72,8 @@ int security_compute_av_flags_raw(security_context_t scon,
 
 hidden_def(security_compute_av_flags_raw)
 
-int security_compute_av_raw(security_context_t scon,
-			    security_context_t tcon,
+int security_compute_av_raw(const security_context_t scon,
+			    const security_context_t tcon,
 			    security_class_t tclass,
 			    access_vector_t requested,
 			    struct av_decision *avd)
@@ -99,14 +99,14 @@ int security_compute_av_raw(security_context_t scon,
 
 hidden_def(security_compute_av_raw)
 
-int security_compute_av_flags(security_context_t scon,
-			      security_context_t tcon,
+int security_compute_av_flags(const security_context_t scon,
+			      const security_context_t tcon,
 			      security_class_t tclass,
 			      access_vector_t requested,
 			      struct av_decision *avd)
 {
-	security_context_t rscon = scon;
-	security_context_t rtcon = tcon;
+	security_context_t rscon;
+	security_context_t rtcon;
 	int ret;
 
 	if (selinux_trans_to_raw_context(scon, &rscon))
@@ -126,8 +126,8 @@ int security_compute_av_flags(security_context_t scon,
 
 hidden_def(security_compute_av_flags)
 
-int security_compute_av(security_context_t scon,
-			security_context_t tcon,
+int security_compute_av(const security_context_t scon,
+			const security_context_t tcon,
 			security_class_t tclass,
 			access_vector_t requested, struct av_decision *avd)
 {
diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
index 1c56f0fb..0bbeeed6 100644
--- a/libselinux/src/compute_create.c
+++ b/libselinux/src/compute_create.c
@@ -10,8 +10,8 @@
 #include "policy.h"
 #include "mapping.h"
 
-int security_compute_create_raw(security_context_t scon,
-				security_context_t tcon,
+int security_compute_create_raw(const security_context_t scon,
+				const security_context_t tcon,
 				security_class_t tclass,
 				security_context_t * newcon)
 {
@@ -62,14 +62,14 @@ int security_compute_create_raw(security_context_t scon,
 
 hidden_def(security_compute_create_raw)
 
-int security_compute_create(security_context_t scon,
-			    security_context_t tcon,
+int security_compute_create(const security_context_t scon,
+			    const security_context_t tcon,
 			    security_class_t tclass,
 			    security_context_t * newcon)
 {
 	int ret;
-	security_context_t rscon = scon;
-	security_context_t rtcon = tcon;
+	security_context_t rscon;
+	security_context_t rtcon;
 	security_context_t rnewcon;
 
 	if (selinux_trans_to_raw_context(scon, &rscon))
diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
index e5495e44..dad0a775 100644
--- a/libselinux/src/compute_member.c
+++ b/libselinux/src/compute_member.c
@@ -10,8 +10,8 @@
 #include "policy.h"
 #include "mapping.h"
 
-int security_compute_member_raw(security_context_t scon,
-				security_context_t tcon,
+int security_compute_member_raw(const security_context_t scon,
+				const security_context_t tcon,
 				security_class_t tclass,
 				security_context_t * newcon)
 {
@@ -62,14 +62,14 @@ int security_compute_member_raw(security_context_t scon,
 
 hidden_def(security_compute_member_raw)
 
-int security_compute_member(security_context_t scon,
-			    security_context_t tcon,
+int security_compute_member(const security_context_t scon,
+			    const security_context_t tcon,
 			    security_class_t tclass,
 			    security_context_t * newcon)
 {
 	int ret;
-	security_context_t rscon = scon;
-	security_context_t rtcon = tcon;
+	security_context_t rscon;
+	security_context_t rtcon;
 	security_context_t rnewcon;
 
 	if (selinux_trans_to_raw_context(scon, &rscon))
diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
index ae9c6483..656f00af 100644
--- a/libselinux/src/compute_relabel.c
+++ b/libselinux/src/compute_relabel.c
@@ -10,8 +10,8 @@
 #include "policy.h"
 #include "mapping.h"
 
-int security_compute_relabel_raw(security_context_t scon,
-				 security_context_t tcon,
+int security_compute_relabel_raw(const security_context_t scon,
+				 const security_context_t tcon,
 				 security_class_t tclass,
 				 security_context_t * newcon)
 {
@@ -62,14 +62,14 @@ int security_compute_relabel_raw(security_context_t scon,
 
 hidden_def(security_compute_relabel_raw)
 
-int security_compute_relabel(security_context_t scon,
-			     security_context_t tcon,
+int security_compute_relabel(const security_context_t scon,
+			     const security_context_t tcon,
 			     security_class_t tclass,
 			     security_context_t * newcon)
 {
 	int ret;
-	security_context_t rscon = scon;
-	security_context_t rtcon = tcon;
+	security_context_t rscon;
+	security_context_t rtcon;
 	security_context_t rnewcon;
 
 	if (selinux_trans_to_raw_context(scon, &rscon))
diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
index fa6f650a..3b39ddd1 100644
--- a/libselinux/src/compute_user.c
+++ b/libselinux/src/compute_user.c
@@ -9,7 +9,7 @@
 #include "policy.h"
 #include <limits.h>
 
-int security_compute_user_raw(security_context_t scon,
+int security_compute_user_raw(const security_context_t scon,
 			      const char *user, security_context_t ** con)
 {
 	char path[PATH_MAX];
@@ -79,11 +79,11 @@ int security_compute_user_raw(security_context_t scon,
 
 hidden_def(security_compute_user_raw)
 
-int security_compute_user(security_context_t scon,
+int security_compute_user(const security_context_t scon,
 			  const char *user, security_context_t ** con)
 {
 	int ret;
-	security_context_t rscon = scon;
+	security_context_t rscon;
 
 	if (selinux_trans_to_raw_context(scon, &rscon))
 		return -1;
diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
index 6cad4d7e..309105c2 100644
--- a/libselinux/src/fsetfilecon.c
+++ b/libselinux/src/fsetfilecon.c
@@ -7,7 +7,7 @@
 #include "selinux_internal.h"
 #include "policy.h"
 
-int fsetfilecon_raw(int fd, security_context_t context)
+int fsetfilecon_raw(int fd, const security_context_t context)
 {
 	return fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1,
 			 0);
@@ -15,10 +15,10 @@ int fsetfilecon_raw(int fd, security_context_t context)
 
 hidden_def(fsetfilecon_raw)
 
-int fsetfilecon(int fd, security_context_t context)
+int fsetfilecon(int fd, const security_context_t context)
 {
 	int ret;
-	security_context_t rcontext = context;
+	security_context_t rcontext;
 
 	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c
index 67854050..a8e2183e 100644
--- a/libselinux/src/is_customizable_type.c
+++ b/libselinux/src/is_customizable_type.c
@@ -61,7 +61,7 @@ static int get_customizable_type_list(security_context_t ** retlist)
 
 static security_context_t *customizable_list = NULL;
 
-int is_context_customizable(security_context_t scontext)
+int is_context_customizable(const security_context_t scontext)
 {
 	int i;
 	const char *type;
diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
index 844e5c7d..461e3f7c 100644
--- a/libselinux/src/lsetfilecon.c
+++ b/libselinux/src/lsetfilecon.c
@@ -7,7 +7,7 @@
 #include "selinux_internal.h"
 #include "policy.h"
 
-int lsetfilecon_raw(const char *path, security_context_t context)
+int lsetfilecon_raw(const char *path, const security_context_t context)
 {
 	return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
 			 0);
@@ -15,10 +15,10 @@ int lsetfilecon_raw(const char *path, security_context_t context)
 
 hidden_def(lsetfilecon_raw)
 
-int lsetfilecon(const char *path, security_context_t context)
+int lsetfilecon(const char *path, const security_context_t context)
 {
 	int ret;
-	security_context_t rcontext = context;
+	security_context_t rcontext;
 
 	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index 8f3f4014..83381e4b 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src/procattr.c
@@ -126,11 +126,11 @@ static int setprocattrcon_raw(security_context_t context,
 		return 0;
 }
 
-static int setprocattrcon(security_context_t context,
+static int setprocattrcon(const security_context_t context,
 			  pid_t pid, const char *attr)
 {
 	int ret;
-	security_context_t rcontext = context;
+	security_context_t rcontext;
 
 	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
@@ -153,11 +153,11 @@ static int setprocattrcon(security_context_t context,
 	}
 
 #define setselfattr_def(fn, attr) \
-	int set##fn##_raw(security_context_t c) \
+	int set##fn##_raw(const security_context_t c) \
 	{ \
 		return setprocattrcon_raw(c, 0, #attr); \
 	} \
-	int set##fn(security_context_t c) \
+	int set##fn(const security_context_t c) \
 	{ \
 		return setprocattrcon(c, 0, #attr); \
 	}
diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c
index fdb5a592..e6d25017 100644
--- a/libselinux/src/selinux_check_securetty_context.c
+++ b/libselinux/src/selinux_check_securetty_context.c
@@ -6,7 +6,7 @@
 #include "selinux_internal.h"
 #include "context_internal.h"
 
-int selinux_check_securetty_context(security_context_t tty_context)
+int selinux_check_securetty_context(const security_context_t tty_context)
 {
 	char *line = NULL;
 	char *start, *end = NULL;
diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c
index 8c633efb..7465c6a4 100644
--- a/libselinux/src/setfilecon.c
+++ b/libselinux/src/setfilecon.c
@@ -7,7 +7,7 @@
 #include "selinux_internal.h"
 #include "policy.h"
 
-int setfilecon_raw(const char *path, security_context_t context)
+int setfilecon_raw(const char *path, const security_context_t context)
 {
 	return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
 			0);
@@ -15,10 +15,10 @@ int setfilecon_raw(const char *path, security_context_t context)
 
 hidden_def(setfilecon_raw)
 
-int setfilecon(const char *path, security_context_t context)
+int setfilecon(const char *path, const security_context_t context)
 {
 	int ret;
-	security_context_t rcontext = context;
+	security_context_t rcontext;
 
 	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c
index 2bbcbde1..ef54442e 100644
--- a/libselinux/src/setrans_client.c
+++ b/libselinux/src/setrans_client.c
@@ -165,7 +165,7 @@ receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val)
 	return 0;
 }
 
-static int raw_to_trans_context(char *raw, char **transp)
+static int raw_to_trans_context(const char *raw, char **transp)
 {
 	int ret;
 	int32_t ret_val;
@@ -191,7 +191,7 @@ static int raw_to_trans_context(char *raw, char **transp)
 	return ret;
 }
 
-static int trans_to_raw_context(char *trans, char **rawp)
+static int trans_to_raw_context(const char *trans, char **rawp)
 {
 	int ret;
 	int32_t ret_val;
@@ -216,7 +216,7 @@ static int trans_to_raw_context(char *trans, char **rawp)
 	return ret;
 }
 
-static int raw_context_to_color(char *raw, char **colors)
+static int raw_context_to_color(const char *raw, char **colors)
 {
 	int ret;
 	int32_t ret_val;
@@ -245,7 +245,7 @@ static void init_context_translations(void)
 	mls_enabled = is_selinux_mls_enabled();
 }
 
-int selinux_trans_to_raw_context(security_context_t trans,
+int selinux_trans_to_raw_context(const security_context_t trans,
 				 security_context_t * rawp)
 {
 	if (!trans) {
@@ -286,7 +286,7 @@ int selinux_trans_to_raw_context(security_context_t trans,
 
 hidden_def(selinux_trans_to_raw_context)
 
-int selinux_raw_to_trans_context(security_context_t raw,
+int selinux_raw_to_trans_context(const security_context_t raw,
 				 security_context_t * transp)
 {
 	if (!raw) {
@@ -327,7 +327,7 @@ int selinux_raw_to_trans_context(security_context_t raw,
 
 hidden_def(selinux_raw_to_trans_context)
 
-int selinux_raw_context_to_color(security_context_t raw, char **transp)
+int selinux_raw_context_to_color(const security_context_t raw, char **transp)
 {
 	if (!raw) {
 		*transp = NULL;
@@ -361,7 +361,7 @@ int selinux_raw_context_to_color(security_context_t raw, char **transp)
 hidden_def(selinux_raw_context_to_color)
 #else /*DISABLE_SETRANS*/
 
-int selinux_trans_to_raw_context(security_context_t trans,
+int selinux_trans_to_raw_context(const security_context_t trans,
 				 security_context_t * rawp)
 {
 	if (!trans) {
@@ -376,7 +376,7 @@ int selinux_trans_to_raw_context(security_context_t trans,
 
 hidden_def(selinux_trans_to_raw_context)
 
-int selinux_raw_to_trans_context(security_context_t raw,
+int selinux_raw_to_trans_context(const security_context_t raw,
 				 security_context_t * transp)
 {
 	if (!raw) {