libsepol: update policy capabilities array

Use their enum values as indices to clarify their relationships.
Specify array size to verify it at compile time.
Remove unnecessary trailing entry, since all access is controlled by a
check against POLICYDB_CAP_MAX.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Acked-by: James Carter <jwcart2@gmail.com>

libsepol/src/polcaps.c

@@ -5,17 +5,16 @@
 #include <string.h>
 #include <sepol/policydb/polcaps.h>
 
-static const char * const polcap_names[] = {
-	"network_peer_controls",	/* POLICYDB_CAP_NETPEER */
-	"open_perms",			/* POLICYDB_CAP_OPENPERM */
-	"extended_socket_class",	/* POLICYDB_CAP_EXTSOCKCLASS */
-	"always_check_network",		/* POLICYDB_CAP_ALWAYSNETWORK */
-	"cgroup_seclabel",		/* POLICYDB_CAP_SECLABEL */
-	"nnp_nosuid_transition",	/* POLICYDB_CAP_NNP_NOSUID_TRANSITION */
-	"genfs_seclabel_symlinks",	/* POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS */
-	"ioctl_skip_cloexec",		/* POLICYDB_CAP_IOCTL_SKIP_CLOEXEC */
-	"userspace_initial_context",	/* POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT */
-	NULL
+static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
+	[POLICYDB_CAP_NETPEER]				= "network_peer_controls",
+	[POLICYDB_CAP_OPENPERM]				= "open_perms",
+	[POLICYDB_CAP_EXTSOCKCLASS]			= "extended_socket_class",
+	[POLICYDB_CAP_ALWAYSNETWORK]			= "always_check_network",
+	[POLICYDB_CAP_CGROUPSECLABEL]			= "cgroup_seclabel",
+	[POLICYDB_CAP_NNP_NOSUID_TRANSITION]		= "nnp_nosuid_transition",
+	[POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]		= "genfs_seclabel_symlinks",
+	[POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]		= "ioctl_skip_cloexec",
+	[POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT]	= "userspace_initial_context",
 };
 
 int sepol_polcap_getnum(const char *name)