Re: [PATCH] libsepol: update policy capabilities array

James Carter <jwcart2@xxxxxxxxx> · Thu, 16 Nov 2023 09:57:44 -0500

On Tue, Nov 14, 2023 at 3:41 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Thu, Nov 9, 2023 at 8:54 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Use their enum values as indices to clarify their relationships.
> > Specify array size to verify it at compile time.
> > Remove unnecessary trailing entry, since all access is controlled by a
> > check against POLICYDB_CAP_MAX.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>

This patch has been merged.
Thanks,
Jim

> > ---
> >  libsepol/src/polcaps.c | 21 ++++++++++-----------
> >  1 file changed, 10 insertions(+), 11 deletions(-)
> >
> > diff --git a/libsepol/src/polcaps.c b/libsepol/src/polcaps.c
> > index be12580a..8289443a 100644
> > --- a/libsepol/src/polcaps.c
> > +++ b/libsepol/src/polcaps.c
> > @@ -5,17 +5,16 @@
> >  #include <string.h>
> >  #include <sepol/policydb/polcaps.h>
> >
> > -static const char * const polcap_names[] = {
> > -       "network_peer_controls",        /* POLICYDB_CAP_NETPEER */
> > -       "open_perms",                   /* POLICYDB_CAP_OPENPERM */
> > -       "extended_socket_class",        /* POLICYDB_CAP_EXTSOCKCLASS */
> > -       "always_check_network",         /* POLICYDB_CAP_ALWAYSNETWORK */
> > -       "cgroup_seclabel",              /* POLICYDB_CAP_SECLABEL */
> > -       "nnp_nosuid_transition",        /* POLICYDB_CAP_NNP_NOSUID_TRANSITION */
> > -       "genfs_seclabel_symlinks",      /* POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS */
> > -       "ioctl_skip_cloexec",           /* POLICYDB_CAP_IOCTL_SKIP_CLOEXEC */
> > -       "userspace_initial_context",    /* POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT */
> > -       NULL
> > +static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
> > +       [POLICYDB_CAP_NETPEER]                          = "network_peer_controls",
> > +       [POLICYDB_CAP_OPENPERM]                         = "open_perms",
> > +       [POLICYDB_CAP_EXTSOCKCLASS]                     = "extended_socket_class",
> > +       [POLICYDB_CAP_ALWAYSNETWORK]                    = "always_check_network",
> > +       [POLICYDB_CAP_CGROUPSECLABEL]                   = "cgroup_seclabel",
> > +       [POLICYDB_CAP_NNP_NOSUID_TRANSITION]            = "nnp_nosuid_transition",
> > +       [POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]          = "genfs_seclabel_symlinks",
> > +       [POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]               = "ioctl_skip_cloexec",
> > +       [POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT]        = "userspace_initial_context",
> >  };
> >
> >  int sepol_polcap_getnum(const char *name)
> > --
> > 2.42.0
> >