Re: [PATCH] libsepol: update policy capabilities array

James Carter <jwcart2@xxxxxxxxx> · Tue, 14 Nov 2023 15:41:09 -0500



On Thu, Nov 9, 2023 at 8:54 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Use their enum values as indices to clarify their relationships.
> Specify array size to verify it at compile time.
> Remove unnecessary trailing entry, since all access is controlled by a
> check against POLICYDB_CAP_MAX.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Acked-by: James Carter <jwcart2@xxxxxxxxx>

> ---
>  libsepol/src/polcaps.c | 21 ++++++++++-----------
>  1 file changed, 10 insertions(+), 11 deletions(-)
>
> diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
> index be12580a..8289443a 100644
> --- a/libsepol/src/polcaps.c
> +++ b/libsepol/src/polcaps.c
> @@ -5,17 +5,16 @@
>  #include <string.h>
>  #include <sepol/policydb/polcaps.h>
>
> -static const char * const polcap_names[] = {
> -       "network_peer_controls",        /* POLICYDB_CAP_NETPEER */
> -       "open_perms",                   /* POLICYDB_CAP_OPENPERM */
> -       "extended_socket_class",        /* POLICYDB_CAP_EXTSOCKCLASS */
> -       "always_check_network",         /* POLICYDB_CAP_ALWAYSNETWORK */
> -       "cgroup_seclabel",              /* POLICYDB_CAP_SECLABEL */
> -       "nnp_nosuid_transition",        /* POLICYDB_CAP_NNP_NOSUID_TRANSITION */
> -       "genfs_seclabel_symlinks",      /* POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS */
> -       "ioctl_skip_cloexec",           /* POLICYDB_CAP_IOCTL_SKIP_CLOEXEC */
> -       "userspace_initial_context",    /* POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT */
> -       NULL
> +static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
> +       [POLICYDB_CAP_NETPEER]                          = "network_peer_controls",
> +       [POLICYDB_CAP_OPENPERM]                         = "open_perms",
> +       [POLICYDB_CAP_EXTSOCKCLASS]                     = "extended_socket_class",
> +       [POLICYDB_CAP_ALWAYSNETWORK]                    = "always_check_network",
> +       [POLICYDB_CAP_CGROUPSECLABEL]                   = "cgroup_seclabel",
> +       [POLICYDB_CAP_NNP_NOSUID_TRANSITION]            = "nnp_nosuid_transition",
> +       [POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]          = "genfs_seclabel_symlinks",
> +       [POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]               = "ioctl_skip_cloexec",
> +       [POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT]        = "userspace_initial_context",
>  };
>
>  int sepol_polcap_getnum(const char *name)
> --
> 2.42.0
>