|
 |
71cd55 |
From 9fb8df7f1675cef89f32e3dd1a187cc5d53e08e4 Mon Sep 17 00:00:00 2001
|
|
|
71cd55 |
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
|
71cd55 |
Date: Tue, 8 Jun 2021 17:59:12 +0200
|
|
|
71cd55 |
Subject: [PATCH] libsepol: declare read-only arrays const
|
|
|
71cd55 |
MIME-Version: 1.0
|
|
|
71cd55 |
Content-Type: text/plain; charset=UTF-8
|
|
|
71cd55 |
Content-Transfer-Encoding: 8bit
|
|
|
71cd55 |
|
|
|
71cd55 |
Make it more apparent that those data does not change and enforce it.
|
|
|
71cd55 |
|
|
|
71cd55 |
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
|
|
|
71cd55 |
Acked-by: James Carter <jwcart2@gmail.com>
|
|
|
71cd55 |
---
|
|
|
71cd55 |
libsepol/src/avrule_block.c | 2 +-
|
|
|
71cd55 |
libsepol/src/avtab.c | 2 +-
|
|
|
71cd55 |
libsepol/src/link.c | 2 +-
|
|
|
71cd55 |
libsepol/src/polcaps.c | 2 +-
|
|
|
71cd55 |
libsepol/src/policydb.c | 22 +++++++++++-----------
|
|
|
71cd55 |
libsepol/src/policydb_internal.h | 2 +-
|
|
|
71cd55 |
libsepol/src/private.h | 6 +++---
|
|
|
71cd55 |
libsepol/src/write.c | 8 ++++----
|
|
|
71cd55 |
8 files changed, 23 insertions(+), 23 deletions(-)
|
|
|
71cd55 |
|
|
|
71cd55 |
diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
|
|
|
71cd55 |
index a9832d0d118f..dcfce8b8492c 100644
|
|
|
71cd55 |
--- a/libsepol/src/avrule_block.c
|
|
|
71cd55 |
+++ b/libsepol/src/avrule_block.c
|
|
|
71cd55 |
@@ -30,7 +30,7 @@
|
|
|
71cd55 |
/* It is anticipated that there be less declarations within an avrule
|
|
|
71cd55 |
* block than the global policy. Thus the symbol table sizes are
|
|
|
71cd55 |
* smaller than those listed in policydb.c */
|
|
|
71cd55 |
-static unsigned int symtab_sizes[SYM_NUM] = {
|
|
|
71cd55 |
+static const unsigned int symtab_sizes[SYM_NUM] = {
|
|
|
71cd55 |
2,
|
|
|
71cd55 |
4,
|
|
|
71cd55 |
8,
|
|
|
71cd55 |
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
|
|
|
71cd55 |
index 257f051a86ec..88e9d510f981 100644
|
|
|
71cd55 |
--- a/libsepol/src/avtab.c
|
|
|
71cd55 |
+++ b/libsepol/src/avtab.c
|
|
|
71cd55 |
@@ -418,7 +418,7 @@ void avtab_hash_eval(avtab_t * h, char *tag)
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
/* Ordering of datums in the original avtab format in the policy file. */
|
|
|
71cd55 |
-static uint16_t spec_order[] = {
|
|
|
71cd55 |
+static const uint16_t spec_order[] = {
|
|
|
71cd55 |
AVTAB_ALLOWED,
|
|
|
71cd55 |
AVTAB_AUDITDENY,
|
|
|
71cd55 |
AVTAB_AUDITALLOW,
|
|
|
71cd55 |
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
|
|
|
71cd55 |
index bdc1fcbf59d3..461d2feb8190 100644
|
|
|
71cd55 |
--- a/libsepol/src/link.c
|
|
|
71cd55 |
+++ b/libsepol/src/link.c
|
|
|
71cd55 |
@@ -78,7 +78,7 @@ typedef struct missing_requirement {
|
|
|
71cd55 |
uint32_t perm_value;
|
|
|
71cd55 |
} missing_requirement_t;
|
|
|
71cd55 |
|
|
|
71cd55 |
-static const char *symtab_names[SYM_NUM] = {
|
|
|
71cd55 |
+static const char * const symtab_names[SYM_NUM] = {
|
|
|
71cd55 |
"common", "class", "role", "type/attribute", "user",
|
|
|
71cd55 |
"bool", "level", "category"
|
|
|
71cd55 |
};
|
|
|
71cd55 |
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
|
|
|
71cd55 |
index 67ed5786db16..6a74ec7d3c3a 100644
|
|
|
71cd55 |
--- a/libsepol/src/polcaps.c
|
|
|
71cd55 |
+++ b/libsepol/src/polcaps.c
|
|
|
71cd55 |
@@ -5,7 +5,7 @@
|
|
|
71cd55 |
#include <string.h>
|
|
|
71cd55 |
#include <sepol/policydb/polcaps.h>
|
|
|
71cd55 |
|
|
|
71cd55 |
-static const char *polcap_names[] = {
|
|
|
71cd55 |
+static const char * const polcap_names[] = {
|
|
|
71cd55 |
"network_peer_controls", /* POLICYDB_CAPABILITY_NETPEER */
|
|
|
71cd55 |
"open_perms", /* POLICYDB_CAPABILITY_OPENPERM */
|
|
|
71cd55 |
"extended_socket_class", /* POLICYDB_CAPABILITY_EXTSOCKCLASS */
|
|
|
71cd55 |
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
|
|
|
71cd55 |
index b4e427af05c8..ef2217c28c91 100644
|
|
|
71cd55 |
--- a/libsepol/src/policydb.c
|
|
|
71cd55 |
+++ b/libsepol/src/policydb.c
|
|
|
71cd55 |
@@ -57,10 +57,10 @@
|
|
|
71cd55 |
#include "policydb_validate.h"
|
|
|
71cd55 |
|
|
|
71cd55 |
#define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
|
|
|
71cd55 |
-const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
|
|
|
71cd55 |
+const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
|
|
|
71cd55 |
|
|
|
71cd55 |
/* These need to be updated if SYM_NUM or OCON_NUM changes */
|
|
|
71cd55 |
-static struct policydb_compat_info policydb_compat[] = {
|
|
|
71cd55 |
+static const struct policydb_compat_info policydb_compat[] = {
|
|
|
71cd55 |
{
|
|
|
71cd55 |
.type = POLICY_KERN,
|
|
|
71cd55 |
.version = POLICYDB_VERSION_BOUNDARY,
|
|
|
71cd55 |
@@ -460,7 +460,7 @@ static char *symtab_name[SYM_NUM] = {
|
|
|
71cd55 |
};
|
|
|
71cd55 |
#endif
|
|
|
71cd55 |
|
|
|
71cd55 |
-static unsigned int symtab_sizes[SYM_NUM] = {
|
|
|
71cd55 |
+static const unsigned int symtab_sizes[SYM_NUM] = {
|
|
|
71cd55 |
2,
|
|
|
71cd55 |
32,
|
|
|
71cd55 |
16,
|
|
|
71cd55 |
@@ -471,12 +471,12 @@ static unsigned int symtab_sizes[SYM_NUM] = {
|
|
|
71cd55 |
16,
|
|
|
71cd55 |
};
|
|
|
71cd55 |
|
|
|
71cd55 |
-struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
|
|
71cd55 |
- unsigned int type,
|
|
|
71cd55 |
- unsigned int target_platform)
|
|
|
71cd55 |
+const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
|
|
71cd55 |
+ unsigned int type,
|
|
|
71cd55 |
+ unsigned int target_platform)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
unsigned int i;
|
|
|
71cd55 |
- struct policydb_compat_info *info = NULL;
|
|
|
71cd55 |
+ const struct policydb_compat_info *info = NULL;
|
|
|
71cd55 |
|
|
|
71cd55 |
for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
|
|
|
71cd55 |
if (policydb_compat[i].version == version &&
|
|
|
71cd55 |
@@ -2848,7 +2848,7 @@ static int filename_trans_read(policydb_t *p, struct policy_file *fp)
|
|
|
71cd55 |
return 0;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
-static int ocontext_read_xen(struct policydb_compat_info *info,
|
|
|
71cd55 |
+static int ocontext_read_xen(const struct policydb_compat_info *info,
|
|
|
71cd55 |
policydb_t *p, struct policy_file *fp)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
unsigned int i, j;
|
|
|
71cd55 |
@@ -2957,7 +2957,7 @@ static int ocontext_read_xen(struct policydb_compat_info *info,
|
|
|
71cd55 |
}
|
|
|
71cd55 |
return 0;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
-static int ocontext_read_selinux(struct policydb_compat_info *info,
|
|
|
71cd55 |
+static int ocontext_read_selinux(const struct policydb_compat_info *info,
|
|
|
71cd55 |
policydb_t * p, struct policy_file *fp)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
unsigned int i, j;
|
|
|
71cd55 |
@@ -3135,7 +3135,7 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
|
|
|
71cd55 |
return 0;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
-static int ocontext_read(struct policydb_compat_info *info,
|
|
|
71cd55 |
+static int ocontext_read(const struct policydb_compat_info *info,
|
|
|
71cd55 |
policydb_t *p, struct policy_file *fp)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
int rc = -1;
|
|
|
71cd55 |
@@ -4192,7 +4192,7 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
|
|
|
71cd55 |
uint32_t buf[5];
|
|
|
71cd55 |
size_t len, nprim, nel;
|
|
|
71cd55 |
char *policydb_str;
|
|
|
71cd55 |
- struct policydb_compat_info *info;
|
|
|
71cd55 |
+ const struct policydb_compat_info *info;
|
|
|
71cd55 |
unsigned int policy_type, bufindex;
|
|
|
71cd55 |
ebitmap_node_t *tnode;
|
|
|
71cd55 |
int rc;
|
|
|
71cd55 |
diff --git a/libsepol/src/policydb_internal.h b/libsepol/src/policydb_internal.h
|
|
|
71cd55 |
index 06ba5c8be144..dd8f25d0fc74 100644
|
|
|
71cd55 |
--- a/libsepol/src/policydb_internal.h
|
|
|
71cd55 |
+++ b/libsepol/src/policydb_internal.h
|
|
|
71cd55 |
@@ -3,5 +3,5 @@
|
|
|
71cd55 |
|
|
|
71cd55 |
#include <sepol/policydb.h>
|
|
|
71cd55 |
|
|
|
71cd55 |
-extern const char *policydb_target_strings[];
|
|
|
71cd55 |
+extern const char * const policydb_target_strings[];
|
|
|
71cd55 |
#endif
|
|
|
71cd55 |
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
|
|
|
71cd55 |
index f5b5277f183a..72f212628314 100644
|
|
|
71cd55 |
--- a/libsepol/src/private.h
|
|
|
71cd55 |
+++ b/libsepol/src/private.h
|
|
|
71cd55 |
@@ -56,9 +56,9 @@ struct policydb_compat_info {
|
|
|
71cd55 |
unsigned int target_platform;
|
|
|
71cd55 |
};
|
|
|
71cd55 |
|
|
|
71cd55 |
-extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
|
|
71cd55 |
- unsigned int type,
|
|
|
71cd55 |
- unsigned int target_platform);
|
|
|
71cd55 |
+extern const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
|
|
71cd55 |
+ unsigned int type,
|
|
|
71cd55 |
+ unsigned int target_platform);
|
|
|
71cd55 |
|
|
|
71cd55 |
/* Reading from a policy "file". */
|
|
|
71cd55 |
extern int next_entry(void *buf, struct policy_file *fp, size_t bytes);
|
|
|
71cd55 |
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
|
|
|
71cd55 |
index 84bcaf3f57ca..3bd034d65cb1 100644
|
|
|
71cd55 |
--- a/libsepol/src/write.c
|
|
|
71cd55 |
+++ b/libsepol/src/write.c
|
|
|
71cd55 |
@@ -1345,7 +1345,7 @@ static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
|
|
|
71cd55 |
common_write, class_write, role_write, type_write, user_write,
|
|
|
71cd55 |
cond_write_bool, sens_write, cat_write,};
|
|
|
71cd55 |
|
|
|
71cd55 |
-static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
|
|
|
71cd55 |
+static int ocontext_write_xen(const struct policydb_compat_info *info, policydb_t *p,
|
|
|
71cd55 |
struct policy_file *fp)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
unsigned int i, j;
|
|
|
71cd55 |
@@ -1453,7 +1453,7 @@ static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
|
|
|
71cd55 |
return POLICYDB_SUCCESS;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
-static int ocontext_write_selinux(struct policydb_compat_info *info,
|
|
|
71cd55 |
+static int ocontext_write_selinux(const struct policydb_compat_info *info,
|
|
|
71cd55 |
policydb_t *p, struct policy_file *fp)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
unsigned int i, j;
|
|
|
71cd55 |
@@ -1583,7 +1583,7 @@ static int ocontext_write_selinux(struct policydb_compat_info *info,
|
|
|
71cd55 |
return POLICYDB_SUCCESS;
|
|
|
71cd55 |
}
|
|
|
71cd55 |
|
|
|
71cd55 |
-static int ocontext_write(struct policydb_compat_info *info, policydb_t * p,
|
|
|
71cd55 |
+static int ocontext_write(const struct policydb_compat_info *info, policydb_t * p,
|
|
|
71cd55 |
struct policy_file *fp)
|
|
|
71cd55 |
{
|
|
|
71cd55 |
int rc = POLICYDB_ERROR;
|
|
|
71cd55 |
@@ -2179,7 +2179,7 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
|
|
|
71cd55 |
unsigned int i, num_syms;
|
|
|
71cd55 |
uint32_t buf[32], config;
|
|
|
71cd55 |
size_t items, items2, len;
|
|
|
71cd55 |
- struct policydb_compat_info *info;
|
|
|
71cd55 |
+ const struct policydb_compat_info *info;
|
|
|
71cd55 |
struct policy_data pd;
|
|
|
71cd55 |
const char *policydb_str;
|
|
|
71cd55 |
|
|
|
71cd55 |
--
|
|
|
71cd55 |
2.32.0
|
|
|
71cd55 |
|