On Tue, Jun 8, 2021 at 12:02 PM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Make it more apparent that those data does not change and enforce it.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libsepol/src/avrule_block.c | 2 +-
> libsepol/src/avtab.c | 2 +-
> libsepol/src/link.c | 2 +-
> libsepol/src/polcaps.c | 2 +-
> libsepol/src/policydb.c | 22 +++++++++++-----------
> libsepol/src/policydb_internal.h | 2 +-
> libsepol/src/private.h | 6 +++---
> libsepol/src/write.c | 8 ++++----
> 8 files changed, 23 insertions(+), 23 deletions(-)
>
> diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
> index a9832d0d..dcfce8b8 100644
> --- a/libsepol/src/avrule_block.c
> +++ b/libsepol/src/avrule_block.c
> @@ -30,7 +30,7 @@
> /* It is anticipated that there be less declarations within an avrule
> * block than the global policy. Thus the symbol table sizes are
> * smaller than those listed in policydb.c */
> -static unsigned int symtab_sizes[SYM_NUM] = {
> +static const unsigned int symtab_sizes[SYM_NUM] = {
> 2,
> 4,
> 8,
> diff --git a/libsepol/src/avtab.c b/libsepol/src/avtab.c
> index c2ccb005..7b80377c 100644
> --- a/libsepol/src/avtab.c
> +++ b/libsepol/src/avtab.c
> @@ -424,7 +424,7 @@ void avtab_hash_eval(avtab_t * h, char *tag)
> }
>
> /* Ordering of datums in the original avtab format in the policy file. */
> -static uint16_t spec_order[] = {
> +static const uint16_t spec_order[] = {
> AVTAB_ALLOWED,
> AVTAB_AUDITDENY,
> AVTAB_AUDITALLOW,
> diff --git a/libsepol/src/link.c b/libsepol/src/link.c
> index bdc1fcbf..461d2feb 100644
> --- a/libsepol/src/link.c
> +++ b/libsepol/src/link.c
> @@ -78,7 +78,7 @@ typedef struct missing_requirement {
> uint32_t perm_value;
> } missing_requirement_t;
>
> -static const char *symtab_names[SYM_NUM] = {
> +static const char * const symtab_names[SYM_NUM] = {
> "common", "class", "role", "type/attribute", "user",
> "bool", "level", "category"
> };
> diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
> index 67ed5786..6a74ec7d 100644
> --- a/libsepol/src/polcaps.c
> +++ b/libsepol/src/polcaps.c
> @@ -5,7 +5,7 @@
> #include <string.h>
> #include <sepol/policydb/polcaps.h>
>
> -static const char *polcap_names[] = {
> +static const char * const polcap_names[] = {
> "network_peer_controls", /* POLICYDB_CAPABILITY_NETPEER */
> "open_perms", /* POLICYDB_CAPABILITY_OPENPERM */
> "extended_socket_class", /* POLICYDB_CAPABILITY_EXTSOCKCLASS */
> diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
> index 7739b0fb..0bc0ead8 100644
> --- a/libsepol/src/policydb.c
> +++ b/libsepol/src/policydb.c
> @@ -57,10 +57,10 @@
> #include "policydb_validate.h"
>
> #define POLICYDB_TARGET_SZ ARRAY_SIZE(policydb_target_strings)
> -const char *policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
> +const char * const policydb_target_strings[] = { POLICYDB_STRING, POLICYDB_XEN_STRING };
>
> /* These need to be updated if SYM_NUM or OCON_NUM changes */
> -static struct policydb_compat_info policydb_compat[] = {
> +static const struct policydb_compat_info policydb_compat[] = {
> {
> .type = POLICY_KERN,
> .version = POLICYDB_VERSION_BOUNDARY,
> @@ -460,7 +460,7 @@ static char *symtab_name[SYM_NUM] = {
> };
> #endif
>
> -static unsigned int symtab_sizes[SYM_NUM] = {
> +static const unsigned int symtab_sizes[SYM_NUM] = {
> 2,
> 32,
> 16,
> @@ -471,12 +471,12 @@ static unsigned int symtab_sizes[SYM_NUM] = {
> 16,
> };
>
> -struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
> - unsigned int type,
> - unsigned int target_platform)
> +const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
> + unsigned int type,
> + unsigned int target_platform)
> {
> unsigned int i;
> - struct policydb_compat_info *info = NULL;
> + const struct policydb_compat_info *info = NULL;
>
> for (i = 0; i < sizeof(policydb_compat) / sizeof(*info); i++) {
> if (policydb_compat[i].version == version &&
> @@ -2854,7 +2854,7 @@ static int filename_trans_read(policydb_t *p, struct policy_file *fp)
> return 0;
> }
>
> -static int ocontext_read_xen(struct policydb_compat_info *info,
> +static int ocontext_read_xen(const struct policydb_compat_info *info,
> policydb_t *p, struct policy_file *fp)
> {
> unsigned int i, j;
> @@ -2963,7 +2963,7 @@ static int ocontext_read_xen(struct policydb_compat_info *info,
> }
> return 0;
> }
> -static int ocontext_read_selinux(struct policydb_compat_info *info,
> +static int ocontext_read_selinux(const struct policydb_compat_info *info,
> policydb_t * p, struct policy_file *fp)
> {
> unsigned int i, j;
> @@ -3141,7 +3141,7 @@ static int ocontext_read_selinux(struct policydb_compat_info *info,
> return 0;
> }
>
> -static int ocontext_read(struct policydb_compat_info *info,
> +static int ocontext_read(const struct policydb_compat_info *info,
> policydb_t *p, struct policy_file *fp)
> {
> int rc = -1;
> @@ -4198,7 +4198,7 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
> uint32_t buf[5];
> size_t len, nprim, nel;
> char *policydb_str;
> - struct policydb_compat_info *info;
> + const struct policydb_compat_info *info;
> unsigned int policy_type, bufindex;
> ebitmap_node_t *tnode;
> int rc;
> diff --git a/libsepol/src/policydb_internal.h b/libsepol/src/policydb_internal.h
> index 06ba5c8b..dd8f25d0 100644
> --- a/libsepol/src/policydb_internal.h
> +++ b/libsepol/src/policydb_internal.h
> @@ -3,5 +3,5 @@
>
> #include <sepol/policydb.h>
>
> -extern const char *policydb_target_strings[];
> +extern const char * const policydb_target_strings[];
> #endif
> diff --git a/libsepol/src/private.h b/libsepol/src/private.h
> index f5b5277f..72f21262 100644
> --- a/libsepol/src/private.h
> +++ b/libsepol/src/private.h
> @@ -56,9 +56,9 @@ struct policydb_compat_info {
> unsigned int target_platform;
> };
>
> -extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
> - unsigned int type,
> - unsigned int target_platform);
> +extern const struct policydb_compat_info *policydb_lookup_compat(unsigned int version,
> + unsigned int type,
> + unsigned int target_platform);
>
> /* Reading from a policy "file". */
> extern int next_entry(void *buf, struct policy_file *fp, size_t bytes);
> diff --git a/libsepol/src/write.c b/libsepol/src/write.c
> index 84bcaf3f..3bd034d6 100644
> --- a/libsepol/src/write.c
> +++ b/libsepol/src/write.c
> @@ -1345,7 +1345,7 @@ static int (*write_f[SYM_NUM]) (hashtab_key_t key, hashtab_datum_t datum,
> common_write, class_write, role_write, type_write, user_write,
> cond_write_bool, sens_write, cat_write,};
>
> -static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
> +static int ocontext_write_xen(const struct policydb_compat_info *info, policydb_t *p,
> struct policy_file *fp)
> {
> unsigned int i, j;
> @@ -1453,7 +1453,7 @@ static int ocontext_write_xen(struct policydb_compat_info *info, policydb_t *p,
> return POLICYDB_SUCCESS;
> }
>
> -static int ocontext_write_selinux(struct policydb_compat_info *info,
> +static int ocontext_write_selinux(const struct policydb_compat_info *info,
> policydb_t *p, struct policy_file *fp)
> {
> unsigned int i, j;
> @@ -1583,7 +1583,7 @@ static int ocontext_write_selinux(struct policydb_compat_info *info,
> return POLICYDB_SUCCESS;
> }
>
> -static int ocontext_write(struct policydb_compat_info *info, policydb_t * p,
> +static int ocontext_write(const struct policydb_compat_info *info, policydb_t * p,
> struct policy_file *fp)
> {
> int rc = POLICYDB_ERROR;
> @@ -2179,7 +2179,7 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
> unsigned int i, num_syms;
> uint32_t buf[32], config;
> size_t items, items2, len;
> - struct policydb_compat_info *info;
> + const struct policydb_compat_info *info;
> struct policy_data pd;
> const char *policydb_str;
>
> --
> 2.32.0
>
