From: "Christian Göttsche" <cgzones@googlemail.com>
To: selinux@vger.kernel.org
Subject: [PATCH 23/23] libsepol: declare read-only arrays const
Date: Tue, 8 Jun 2021 17:59:12 +0200 [thread overview]
Message-ID: <20210608155912.32047-24-cgzones@googlemail.com> (raw)
In-Reply-To: <20210608155912.32047-1-cgzones@googlemail.com>
Make it more apparent that those data does not change and enforce it.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/avrule_block.c | 2 +-
libsepol/src/avtab.c | 2 +-
libsepol/src/link.c | 2 +-
libsepol/src/polcaps.c | 2 +-
libsepol/src/policydb.c | 22 +++++++++++-----------
libsepol/src/policydb_internal.h | 2 +-
libsepol/src/private.h | 6 +++---
libsepol/src/write.c | 8 ++++----
8 files changed, 23 insertions(+), 23 deletions(-)
diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
index a9832d0d..dcfce8b8 100644
--- a/libsepol/src/avrule_block.c
+++ b/libsepol/src/avrule_block.c
@@ -30,7 +30,7 @@
/* It is anticipated that there be less declarations within an avrule
* block than the global policy. Thus the symbol table sizes are
* smaller than those listed in policydb.c */
-static unsigned int symtab_sizes[SYM_NUM] = {
+static const unsigned int symtab_sizes[SYM_NUM] = {
2,
4,
8,
diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
index c2ccb005..7b80377c 100644
--- a/libsepol/src/avtab.c
+++ b/libsepol/src/avtab.c
@@ -424,7 +424,7 @@ void avtab_hash_eval(avtab_t * h, char *tag)
}
/* Ordering of datums in the original avtab format in the policy file. */
-static uint16_t spec_order[] = {
+static const uint16_t spec_order[] = {
AVTAB_ALLOWED,
AVTAB_AUDITDENY,
AVTAB_AUDITALLOW,
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
index bdc1fcbf..461d2feb 100644
--- a/libsepol/src/link.c
+++ b/libsepol/src/link.c
@@ -78,7 +78,7 @@ typedef struct missing_requirement {
uint32_t perm_value;
} missing_requirement_t;
-static const char *symtab_names[SYM_NUM] = {
+static const char * const symtab_names[SYM_NUM] = {
"common", "class", "role", "type/attribute", "user",
"bool", "level", "category"
};
diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
index 67ed5786..6a74ec7d 100644
--- a/libsepol/src/polcaps.c
+++ b/libsepol/src/polcaps.c
@@ -5,7 +5,7 @@
#include <string.h>
#include <sepol/policydb/polcaps.h>
-static const char *polcap_names[] = {
+static const char * const polcap_names[] = {
"network_peer_controls", /* POLICYDB_CAPABILITY_NETPEER */
"open_perms", /* POLICYDB_CAPABILITY_OPENPERM */
"extended_socket_class", /* POLICYDB_CAPABILITY_EXTSOCKCLASS */
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 7739b0fb..0bc0ead8 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -57,10 +57,10 @@
#include "policydb_validate.h"
#define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
-const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
+const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
/* These need to be updated if SYM_NUM or OCON_NUM changes */
-static struct policydb_compat_info policydb_compat[] = {
+static const struct policydb_compat_info policydb_compat[] = {
{
.type = POLICY_KERN,
.version = POLICYDB_VERSION_BOUNDARY,
@@ -460,7 +460,7 @@ static char *symtab_name[SYM_NUM] = {
};
#endif
-static unsigned int symtab_sizes[SYM_NUM] = {
+static const unsigned int symtab_sizes[SYM_NUM] = {
2,
32,
16,
@@ -471,12 +471,12 @@ static unsigned int symtab_sizes[SYM_NUM] = {
16,
};
-struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
- unsigned int type,
- unsigned int target_platform)
+const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
+ unsigned int type,
+ unsigned int target_platform)
{
unsigned int i;
- struct policydb_compat_info *info = NULL;
+ const struct policydb_compat_info *info = NULL;
for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
if (policydb_compat[i].version == version &&
@@ -2854,7 +2854,7 @@ static int filename_trans_read(policydb_t *p, struct policy_file *fp)
return 0;
}
-static int ocontext_read_xen(struct policydb_compat_info *info,
+static int ocontext_read_xen(const struct policydb_compat_info *info,
policydb_t *p, struct policy_file *fp)
{
unsigned int i, j;
@@ -2963,7 +2963,7 @@ static int ocontext_read_xen(struct policydb_compat_info *info,
}
return 0;
}
-static int ocontext_read_selinux(struct policydb_compat_info *info,
+static int ocontext_read_selinux(const struct policydb_compat_info *info,
policydb_t * p, struct policy_file *fp)
{
unsigned int i, j;
@@ -3141,7 +3141,7 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
return 0;
}
-static int ocontext_read(struct policydb_compat_info *info,
+static int ocontext_read(const struct policydb_compat_info *info,
policydb_t *p, struct policy_file *fp)
{
int rc = -1;
@@ -4198,7 +4198,7 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
uint32_t buf[5];
size_t len, nprim, nel;
char *policydb_str;
- struct policydb_compat_info *info;
+ const struct policydb_compat_info *info;
unsigned int policy_type, bufindex;
ebitmap_node_t *tnode;
int rc;
diff --git a/libsepol/src/policydb_internal.h b/libsepol/src/policydb_internal.h
index 06ba5c8b..dd8f25d0 100644
--- a/libsepol/src/policydb_internal.h
+++ b/libsepol/src/policydb_internal.h
@@ -3,5 +3,5 @@
#include <sepol/policydb.h>
-extern const char *policydb_target_strings[];
+extern const char * const policydb_target_strings[];
#endif
diff --git a/libsepol/src/private.h b/libsepol/src/private.h
index f5b5277f..72f21262 100644
--- a/libsepol/src/private.h
+++ b/libsepol/src/private.h
@@ -56,9 +56,9 @@ struct policydb_compat_info {
unsigned int target_platform;
};
-extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
- unsigned int type,
- unsigned int target_platform);
+extern const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
+ unsigned int type,
+ unsigned int target_platform);
/* Reading from a policy "file". */
extern int next_entry(void *buf, struct policy_file *fp, size_t bytes);
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index 84bcaf3f..3bd034d6 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -1345,7 +1345,7 @@ static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
common_write, class_write, role_write, type_write, user_write,
cond_write_bool, sens_write, cat_write,};
-static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
+static int ocontext_write_xen(const struct policydb_compat_info *info, policydb_t *p,
struct policy_file *fp)
{
unsigned int i, j;
@@ -1453,7 +1453,7 @@ static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
return POLICYDB_SUCCESS;
}
-static int ocontext_write_selinux(struct policydb_compat_info *info,
+static int ocontext_write_selinux(const struct policydb_compat_info *info,
policydb_t *p, struct policy_file *fp)
{
unsigned int i, j;
@@ -1583,7 +1583,7 @@ static int ocontext_write_selinux(struct policydb_compat_info *info,
return POLICYDB_SUCCESS;
}
-static int ocontext_write(struct policydb_compat_info *info, policydb_t * p,
+static int ocontext_write(const struct policydb_compat_info *info, policydb_t * p,
struct policy_file *fp)
{
int rc = POLICYDB_ERROR;
@@ -2179,7 +2179,7 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
unsigned int i, num_syms;
uint32_t buf[32], config;
size_t items, items2, len;
- struct policydb_compat_info *info;
+ const struct policydb_compat_info *info;
struct policy_data pd;
const char *policydb_str;
--
2.32.0
next prev parent reply other threads:[~2021-06-08 16:00 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-08 15:58 [PATCH 00/23] libsepol: miscellaneous cleanup Christian Göttsche
2021-06-08 15:58 ` [PATCH 01/23] libsepol: fix typos Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:58 ` [PATCH 02/23] libsepol: resolve missing prototypes Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:58 ` [PATCH 03/23] libsepol: remove unused functions Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:58 ` [PATCH 04/23] libsepol: ignore UBSAN false-positives Christian Göttsche
2021-06-09 13:44 ` Ondrej Mosnacek
2021-06-09 14:05 ` James Carter
2021-07-01 18:06 ` [PATCH v2 1/3] " Christian Göttsche
2021-07-12 7:34 ` Nicolas Iooss
2021-07-13 19:59 ` Nicolas Iooss
2021-06-08 15:58 ` [PATCH 05/23] libsepol: avoid implicit conversions Christian Göttsche
2021-06-09 13:47 ` Ondrej Mosnacek
2021-07-01 18:06 ` [PATCH v2 2/3] " Christian Göttsche
2021-07-12 7:36 ` Nicolas Iooss
2021-07-13 20:01 ` Nicolas Iooss
2021-06-08 15:58 ` [PATCH 06/23] libsepol: avoid unsigned integer overflow Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:58 ` [PATCH 07/23] libsepol: follow declaration-after-statement Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:58 ` [PATCH 08/23] libsepol/cil: " Christian Göttsche
2021-06-21 20:56 ` James Carter
2021-06-08 15:58 ` [PATCH 09/23] libsepol: remove dead stores Christian Göttsche
2021-06-08 15:58 ` [PATCH 10/23] libsepol: mark read-only parameters of ebitmap interfaces const Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:59 ` [PATCH 11/23] libsepol: mark read-only parameters of type_set_ " Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:59 ` [PATCH 12/23] libsepol: do not allocate memory of size 0 Christian Göttsche
2021-06-21 20:59 ` James Carter
2021-06-08 15:59 ` [PATCH 13/23] libsepol: assure string NUL-termination Christian Göttsche
2021-06-09 14:38 ` James Carter
2021-07-01 18:07 ` [PATCH v2 3/3] libsepol: assure string NUL-termination of ibdev_name Christian Göttsche
2021-07-12 7:35 ` Nicolas Iooss
2021-07-13 19:59 ` Nicolas Iooss
2021-06-08 15:59 ` [PATCH 14/23] libsepol: remove dead stores Christian Göttsche
2021-06-08 15:59 ` [PATCH 15/23] libsepol/cil: silence cast warning Christian Göttsche
2021-06-21 20:58 ` James Carter
2021-06-08 15:59 ` [PATCH 16/23] libsepol/cil: drop extra semicolon Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:59 ` [PATCH 17/23] libsepol/cil: drop dead store Christian Göttsche
2021-06-21 20:56 ` James Carter
2021-06-08 15:59 ` [PATCH 18/23] libsepol/cil: drop unnecessary casts Christian Göttsche
2021-06-21 20:55 ` James Carter
2021-06-08 15:59 ` [PATCH 19/23] libsepol/cil: avoid using maybe uninitialized variables Christian Göttsche
2021-06-21 21:00 ` James Carter
2021-06-08 15:59 ` [PATCH 20/23] libsepol: drop repeated semicolons Christian Göttsche
2021-06-21 20:54 ` James Carter
2021-06-08 15:59 ` [PATCH 21/23] libsepol: drop unnecessary casts Christian Göttsche
2021-06-21 20:57 ` James Carter
2021-06-08 15:59 ` [PATCH 22/23] libsepol: declare file local variable static Christian Göttsche
2021-06-21 21:00 ` James Carter
2021-06-08 15:59 ` Christian Göttsche [this message]
2021-06-21 20:59 ` [PATCH 23/23] libsepol: declare read-only arrays const James Carter
2021-06-24 14:29 ` [PATCH 00/23] libsepol: miscellaneous cleanup James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210608155912.32047-24-cgzones@googlemail.com \
--to=cgzones@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).