From 9fb8df7f1675cef89f32e3dd1a187cc5d53e08e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Tue, 8 Jun 2021 17:59:12 +0200 Subject: [PATCH] libsepol: declare read-only arrays const MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Make it more apparent that those data does not change and enforce it. Signed-off-by: Christian Göttsche Acked-by: James Carter --- libsepol/src/avrule_block.c | 2 +- libsepol/src/avtab.c | 2 +- libsepol/src/link.c | 2 +- libsepol/src/polcaps.c | 2 +- libsepol/src/policydb.c | 22 +++++++++++----------- libsepol/src/policydb_internal.h | 2 +- libsepol/src/private.h | 6 +++--- libsepol/src/write.c | 8 ++++---- 8 files changed, 23 insertions(+), 23 deletions(-) diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c index a9832d0d..dcfce8b8 100644 --- a/libsepol/src/avrule_block.c +++ b/libsepol/src/avrule_block.c @@ -30,7 +30,7 @@ /* It is anticipated that there be less declarations within an avrule * block than the global policy. Thus the symbol table sizes are * smaller than those listed in policydb.c */ -static unsigned int symtab_sizes[SYM_NUM] = { +static const unsigned int symtab_sizes[SYM_NUM] = { 2, 4, 8, diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c index 257f051a..88e9d510 100644 --- a/libsepol/src/avtab.c +++ b/libsepol/src/avtab.c @@ -418,7 +418,7 @@ void avtab_hash_eval(avtab_t * h, char *tag) } /* Ordering of datums in the original avtab format in the policy file. */ -static uint16_t spec_order[] = { +static const uint16_t spec_order[] = { AVTAB_ALLOWED, AVTAB_AUDITDENY, AVTAB_AUDITALLOW, diff --git a/libsepol/src/link.c b/libsepol/src/link.c index bdc1fcbf..461d2feb 100644 --- a/libsepol/src/link.c +++ b/libsepol/src/link.c @@ -78,7 +78,7 @@ typedef struct missing_requirement { uint32_t perm_value; } missing_requirement_t; -static const char *symtab_names[SYM_NUM] = { +static const char * const symtab_names[SYM_NUM] = { "common", "class", "role", "type/attribute", "user", "bool", "level", "category" }; diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c index 67ed5786..6a74ec7d 100644 --- a/libsepol/src/polcaps.c +++ b/libsepol/src/polcaps.c @@ -5,7 +5,7 @@ #include #include -static const char *polcap_names[] = { +static const char * const polcap_names[] = { "network_peer_controls", /* POLICYDB_CAPABILITY_NETPEER */ "open_perms", /* POLICYDB_CAPABILITY_OPENPERM */ "extended_socket_class", /* POLICYDB_CAPABILITY_EXTSOCKCLASS */ diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c index b4e427af..ef2217c2 100644 --- a/libsepol/src/policydb.c +++ b/libsepol/src/policydb.c @@ -57,10 +57,10 @@ #include "policydb_validate.h" #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings) -const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; +const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING }; /* These need to be updated if SYM_NUM or OCON_NUM changes */ -static struct policydb_compat_info policydb_compat[] = { +static const struct policydb_compat_info policydb_compat[] = { { .type = POLICY_KERN, .version = POLICYDB_VERSION_BOUNDARY, @@ -460,7 +460,7 @@ static char *symtab_name[SYM_NUM] = { }; #endif -static unsigned int symtab_sizes[SYM_NUM] = { +static const unsigned int symtab_sizes[SYM_NUM] = { 2, 32, 16, @@ -471,12 +471,12 @@ static unsigned int symtab_sizes[SYM_NUM] = { 16, }; -struct policydb_compat_info *policydb_lookup_compat(unsigned int version, - unsigned int type, - unsigned int target_platform) +const struct policydb_compat_info *policydb_lookup_compat(unsigned int version, + unsigned int type, + unsigned int target_platform) { unsigned int i; - struct policydb_compat_info *info = NULL; + const struct policydb_compat_info *info = NULL; for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) { if (policydb_compat[i].version == version && @@ -2848,7 +2848,7 @@ static int filename_trans_read(policydb_t *p, struct policy_file *fp) return 0; } -static int ocontext_read_xen(struct policydb_compat_info *info, +static int ocontext_read_xen(const struct policydb_compat_info *info, policydb_t *p, struct policy_file *fp) { unsigned int i, j; @@ -2957,7 +2957,7 @@ static int ocontext_read_xen(struct policydb_compat_info *info, } return 0; } -static int ocontext_read_selinux(struct policydb_compat_info *info, +static int ocontext_read_selinux(const struct policydb_compat_info *info, policydb_t * p, struct policy_file *fp) { unsigned int i, j; @@ -3135,7 +3135,7 @@ static int ocontext_read_selinux(struct policydb_compat_info *info, return 0; } -static int ocontext_read(struct policydb_compat_info *info, +static int ocontext_read(const struct policydb_compat_info *info, policydb_t *p, struct policy_file *fp) { int rc = -1; @@ -4192,7 +4192,7 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose) uint32_t buf[5]; size_t len, nprim, nel; char *policydb_str; - struct policydb_compat_info *info; + const struct policydb_compat_info *info; unsigned int policy_type, bufindex; ebitmap_node_t *tnode; int rc; diff --git a/libsepol/src/policydb_internal.h b/libsepol/src/policydb_internal.h index 06ba5c8b..dd8f25d0 100644 --- a/libsepol/src/policydb_internal.h +++ b/libsepol/src/policydb_internal.h @@ -3,5 +3,5 @@ #include -extern const char *policydb_target_strings[]; +extern const char * const policydb_target_strings[]; #endif diff --git a/libsepol/src/private.h b/libsepol/src/private.h index f5b5277f..72f21262 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -56,9 +56,9 @@ struct policydb_compat_info { unsigned int target_platform; }; -extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version, - unsigned int type, - unsigned int target_platform); +extern const struct policydb_compat_info *policydb_lookup_compat(unsigned int version, + unsigned int type, + unsigned int target_platform); /* Reading from a policy "file". */ extern int next_entry(void *buf, struct policy_file *fp, size_t bytes); diff --git a/libsepol/src/write.c b/libsepol/src/write.c index 84bcaf3f..3bd034d6 100644 --- a/libsepol/src/write.c +++ b/libsepol/src/write.c @@ -1345,7 +1345,7 @@ static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum, common_write, class_write, role_write, type_write, user_write, cond_write_bool, sens_write, cat_write,}; -static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p, +static int ocontext_write_xen(const struct policydb_compat_info *info, policydb_t *p, struct policy_file *fp) { unsigned int i, j; @@ -1453,7 +1453,7 @@ static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p, return POLICYDB_SUCCESS; } -static int ocontext_write_selinux(struct policydb_compat_info *info, +static int ocontext_write_selinux(const struct policydb_compat_info *info, policydb_t *p, struct policy_file *fp) { unsigned int i, j; @@ -1583,7 +1583,7 @@ static int ocontext_write_selinux(struct policydb_compat_info *info, return POLICYDB_SUCCESS; } -static int ocontext_write(struct policydb_compat_info *info, policydb_t * p, +static int ocontext_write(const struct policydb_compat_info *info, policydb_t * p, struct policy_file *fp) { int rc = POLICYDB_ERROR; @@ -2179,7 +2179,7 @@ int policydb_write(policydb_t * p, struct policy_file *fp) unsigned int i, num_syms; uint32_t buf[32], config; size_t items, items2, len; - struct policydb_compat_info *info; + const struct policydb_compat_info *info; struct policy_data pd; const char *policydb_str;