libsepol: declare read-only arrays const
Make it more apparent that those data does not change and enforce it. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
parent
4572bf254a
commit
9fb8df7f16
|
@ -30,7 +30,7 @@
|
|||
/* It is anticipated that there be less declarations within an avrule
|
||||
* block than the global policy. Thus the symbol table sizes are
|
||||
* smaller than those listed in policydb.c */
|
||||
static unsigned int symtab_sizes[SYM_NUM] = {
|
||||
static const unsigned int symtab_sizes[SYM_NUM] = {
|
||||
2,
|
||||
4,
|
||||
8,
|
||||
|
|
|
@ -418,7 +418,7 @@ void avtab_hash_eval(avtab_t * h, char *tag)
|
|||
}
|
||||
|
||||
/* Ordering of datums in the original avtab format in the policy file. */
|
||||
static uint16_t spec_order[] = {
|
||||
static const uint16_t spec_order[] = {
|
||||
AVTAB_ALLOWED,
|
||||
AVTAB_AUDITDENY,
|
||||
AVTAB_AUDITALLOW,
|
||||
|
|
|
@ -78,7 +78,7 @@ typedef struct missing_requirement {
|
|||
uint32_t perm_value;
|
||||
} missing_requirement_t;
|
||||
|
||||
static const char *symtab_names[SYM_NUM] = {
|
||||
static const char * const symtab_names[SYM_NUM] = {
|
||||
"common", "class", "role", "type/attribute", "user",
|
||||
"bool", "level", "category"
|
||||
};
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
#include <string.h>
|
||||
#include <sepol/policydb/polcaps.h>
|
||||
|
||||
static const char *polcap_names[] = {
|
||||
static const char * const polcap_names[] = {
|
||||
"network_peer_controls", /* POLICYDB_CAPABILITY_NETPEER */
|
||||
"open_perms", /* POLICYDB_CAPABILITY_OPENPERM */
|
||||
"extended_socket_class", /* POLICYDB_CAPABILITY_EXTSOCKCLASS */
|
||||
|
|
|
@ -57,10 +57,10 @@
|
|||
#include "policydb_validate.h"
|
||||
|
||||
#define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
|
||||
const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
|
||||
const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
|
||||
|
||||
/* These need to be updated if SYM_NUM or OCON_NUM changes */
|
||||
static struct policydb_compat_info policydb_compat[] = {
|
||||
static const struct policydb_compat_info policydb_compat[] = {
|
||||
{
|
||||
.type = POLICY_KERN,
|
||||
.version = POLICYDB_VERSION_BOUNDARY,
|
||||
|
@ -460,7 +460,7 @@ static char *symtab_name[SYM_NUM] = {
|
|||
};
|
||||
#endif
|
||||
|
||||
static unsigned int symtab_sizes[SYM_NUM] = {
|
||||
static const unsigned int symtab_sizes[SYM_NUM] = {
|
||||
2,
|
||||
32,
|
||||
16,
|
||||
|
@ -471,12 +471,12 @@ static unsigned int symtab_sizes[SYM_NUM] = {
|
|||
16,
|
||||
};
|
||||
|
||||
struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
||||
const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
||||
unsigned int type,
|
||||
unsigned int target_platform)
|
||||
{
|
||||
unsigned int i;
|
||||
struct policydb_compat_info *info = NULL;
|
||||
const struct policydb_compat_info *info = NULL;
|
||||
|
||||
for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
|
||||
if (policydb_compat[i].version == version &&
|
||||
|
@ -2848,7 +2848,7 @@ static int filename_trans_read(policydb_t *p, struct policy_file *fp)
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int ocontext_read_xen(struct policydb_compat_info *info,
|
||||
static int ocontext_read_xen(const struct policydb_compat_info *info,
|
||||
policydb_t *p, struct policy_file *fp)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
@ -2957,7 +2957,7 @@ static int ocontext_read_xen(struct policydb_compat_info *info,
|
|||
}
|
||||
return 0;
|
||||
}
|
||||
static int ocontext_read_selinux(struct policydb_compat_info *info,
|
||||
static int ocontext_read_selinux(const struct policydb_compat_info *info,
|
||||
policydb_t * p, struct policy_file *fp)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
@ -3135,7 +3135,7 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
|
|||
return 0;
|
||||
}
|
||||
|
||||
static int ocontext_read(struct policydb_compat_info *info,
|
||||
static int ocontext_read(const struct policydb_compat_info *info,
|
||||
policydb_t *p, struct policy_file *fp)
|
||||
{
|
||||
int rc = -1;
|
||||
|
@ -4192,7 +4192,7 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
|
|||
uint32_t buf[5];
|
||||
size_t len, nprim, nel;
|
||||
char *policydb_str;
|
||||
struct policydb_compat_info *info;
|
||||
const struct policydb_compat_info *info;
|
||||
unsigned int policy_type, bufindex;
|
||||
ebitmap_node_t *tnode;
|
||||
int rc;
|
||||
|
|
|
@ -3,5 +3,5 @@
|
|||
|
||||
#include <sepol/policydb.h>
|
||||
|
||||
extern const char *policydb_target_strings[];
|
||||
extern const char * const policydb_target_strings[];
|
||||
#endif
|
||||
|
|
|
@ -56,7 +56,7 @@ struct policydb_compat_info {
|
|||
unsigned int target_platform;
|
||||
};
|
||||
|
||||
extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
||||
extern const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
|
||||
unsigned int type,
|
||||
unsigned int target_platform);
|
||||
|
||||
|
|
|
@ -1345,7 +1345,7 @@ static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
|
|||
common_write, class_write, role_write, type_write, user_write,
|
||||
cond_write_bool, sens_write, cat_write,};
|
||||
|
||||
static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
|
||||
static int ocontext_write_xen(const struct policydb_compat_info *info, policydb_t *p,
|
||||
struct policy_file *fp)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
@ -1453,7 +1453,7 @@ static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
|
|||
return POLICYDB_SUCCESS;
|
||||
}
|
||||
|
||||
static int ocontext_write_selinux(struct policydb_compat_info *info,
|
||||
static int ocontext_write_selinux(const struct policydb_compat_info *info,
|
||||
policydb_t *p, struct policy_file *fp)
|
||||
{
|
||||
unsigned int i, j;
|
||||
|
@ -1583,7 +1583,7 @@ static int ocontext_write_selinux(struct policydb_compat_info *info,
|
|||
return POLICYDB_SUCCESS;
|
||||
}
|
||||
|
||||
static int ocontext_write(struct policydb_compat_info *info, policydb_t * p,
|
||||
static int ocontext_write(const struct policydb_compat_info *info, policydb_t * p,
|
||||
struct policy_file *fp)
|
||||
{
|
||||
int rc = POLICYDB_ERROR;
|
||||
|
@ -2179,7 +2179,7 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
|
|||
unsigned int i, num_syms;
|
||||
uint32_t buf[32], config;
|
||||
size_t items, items2, len;
|
||||
struct policydb_compat_info *info;
|
||||
const struct policydb_compat_info *info;
|
||||
struct policy_data pd;
|
||||
const char *policydb_str;
|
||||
|
||||
|
|
Loading…
Reference in New Issue