All of lore.kernel.org
 help / color / mirror / Atom feed
From: Paul Moore <paul@paul-moore.com>
To: "Christian Göttsche" <cgzones@googlemail.com>
Cc: selinux@vger.kernel.org,
	Stephen Smalley <stephen.smalley.work@gmail.com>,
	Eric Paris <eparis@parisplace.org>,
	Ondrej Mosnacek <omosnace@redhat.com>,
	"David S. Miller" <davem@davemloft.net>,
	Jeremy Kerr <jk@codeconstruct.com.au>,
	Richard Haines <richard_c_haines@btinternet.com>,
	Xiu Jianfeng <xiujianfeng@huawei.com>,
	Nick Desaulniers <ndesaulniers@google.com>,
	Jiapeng Chong <jiapeng.chong@linux.alibaba.com>,
	Michal Orzel <michalorzel.eng@gmail.com>,
	Yang Li <yang.lee@linux.alibaba.com>,
	Austin Kim <austin.kim@lge.com>,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3] selinux: declare data arrays const
Date: Tue, 3 May 2022 15:59:00 -0400	[thread overview]
Message-ID: <CAHC9VhRhi_dA5XyvQpBmh3aBz-zLp9y4iGuGc4pV2qKc=Q-ouw@mail.gmail.com> (raw)
In-Reply-To: <20220502144345.81949-1-cgzones@googlemail.com>

On Mon, May 2, 2022 at 10:43 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> The arrays for the policy capability names, the initial sid identifiers
> and the class and permission names are not changed at runtime.  Declare
> them const to avoid accidental modification.
>
> Do not override the classmap and the initial sid list in the build time
> script genheaders.
>
> Check flose(3) is successful in genheaders.c, otherwise the written data
> might be corrupted or incomplete.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v2:
>   Drop const exemption for genheaders script by rewriting stoupperx().
> v3:
>   - Declare some additional data array const
>   - Do not use static buffer in genheaders.c::stoupperx()
>   - Check fclose(3) in genheaders.c
> ---
>  scripts/selinux/genheaders/genheaders.c       | 75 +++++++++++--------
>  scripts/selinux/mdp/mdp.c                     |  4 +-
>  security/selinux/avc.c                        |  2 +-
>  security/selinux/include/avc_ss.h             |  2 +-
>  security/selinux/include/classmap.h           |  2 +-
>  .../selinux/include/initial_sid_to_string.h   |  4 +-
>  security/selinux/include/policycap.h          |  2 +-
>  security/selinux/include/policycap_names.h    |  2 +-
>  security/selinux/ss/avtab.c                   |  2 +-
>  security/selinux/ss/policydb.c                | 36 ++++-----
>  security/selinux/ss/services.c                |  4 +-
>  11 files changed, 72 insertions(+), 63 deletions(-)

Thanks this revision is much better, merged into selinux/next.  I did
have to apply parts of this patch manually, so if you notice anything
wrong with the commit please let me know.

-- 
paul-moore.com

  reply	other threads:[~2022-05-03 19:59 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-02-17 14:21 [PATCH 2/5] selinux: use correct type for context length Christian Göttsche
2022-02-17 14:21 ` [PATCH 3/5] selinux: use consistent pointer types for boolean arrays Christian Göttsche
2022-02-18 16:01   ` Paul Moore
2022-03-08 15:57     ` Christian Göttsche
2022-02-17 14:21 ` [PATCH 4/5] selinux: declare data arrays const Christian Göttsche
2022-02-18 16:13   ` Paul Moore
2022-02-18 17:24     ` Nick Desaulniers
2022-02-22 23:16       ` Paul Moore
2022-03-08 16:55   ` [PATCH v2 " Christian Göttsche
2022-04-04 20:03     ` Paul Moore
2022-05-02 14:43     ` [PATCH v3] " Christian Göttsche
2022-05-03 19:59       ` Paul Moore [this message]
2022-02-17 14:21 ` [PATCH 5/5] selinux: drop unnecessary NULL check Christian Göttsche
2022-02-18 16:22   ` Paul Moore
2022-02-18 17:31   ` Nick Desaulniers
2022-03-08 16:09     ` Christian Göttsche
2022-05-02 13:43       ` Christian Göttsche
2022-05-04 11:15         ` Ondrej Mosnacek
2022-06-07 21:22   ` Paul Moore
2022-06-07 21:26     ` Nick Desaulniers
2022-06-07 21:35       ` Paul Moore
2022-02-17 14:21 ` [PATCH 1/5] selinux: drop return statement at end of void functions Christian Göttsche
2022-02-18 15:44   ` Paul Moore
2022-02-18 15:47 ` [PATCH 2/5] selinux: use correct type for context length Paul Moore

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHC9VhRhi_dA5XyvQpBmh3aBz-zLp9y4iGuGc4pV2qKc=Q-ouw@mail.gmail.com' \
    --to=paul@paul-moore.com \
    --cc=austin.kim@lge.com \
    --cc=cgzones@googlemail.com \
    --cc=davem@davemloft.net \
    --cc=eparis@parisplace.org \
    --cc=jiapeng.chong@linux.alibaba.com \
    --cc=jk@codeconstruct.com.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=michalorzel.eng@gmail.com \
    --cc=ndesaulniers@google.com \
    --cc=omosnace@redhat.com \
    --cc=richard_c_haines@btinternet.com \
    --cc=selinux@vger.kernel.org \
    --cc=stephen.smalley.work@gmail.com \
    --cc=xiujianfeng@huawei.com \
    --cc=yang.lee@linux.alibaba.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.