selinux: declare data arrays const (ded34574) · Commits · EulixOS / Software / Kernel

scripts/selinux/genheaders/genheaders.c

+45 −30

Original line number	Diff line number	Diff line
		@@ -59,35 +59,27 @@ int main(int argc, char *argv[])
		exit(2);
		}

		for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		map->name = stoupperx(map->name);
		for (j = 0; map->perms[j]; j++)
		map->perms[j] = stoupperx(map->perms[j]);
		}

		isids_len = sizeof(initial_sid_to_string) / sizeof (char *);
		for (i = 1; i < isids_len; i++) {
		const char *s = initial_sid_to_string[i];

		if (s)
		initial_sid_to_string[i] = stoupperx(s);
		}

		fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
		fprintf(fout, "#ifndef _SELINUX_FLASK_H_\n#define _SELINUX_FLASK_H_\n\n");

		for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		fprintf(fout, "#define SECCLASS_%-39s %2d\n", map->name, i+1);
		char *name = stoupperx(secclass_map[i].name);

		fprintf(fout, "#define SECCLASS_%-39s %2d\n", name, i+1);
		free(name);
		}

		fprintf(fout, "\n");

		isids_len = sizeof(initial_sid_to_string) / sizeof(char *);
		for (i = 1; i < isids_len; i++) {
		const char *s = initial_sid_to_string[i];
		if (s)
		fprintf(fout, "#define SECINITSID_%-39s %2d\n", s, i);
		if (s) {
		char *sidname = stoupperx(s);

		fprintf(fout, "#define SECINITSID_%-39s %2d\n", sidname, i);
		free(sidname);
		}
		}
		fprintf(fout, "\n#define SECINITSID_NUM %d\n", i-1);
		fprintf(fout, "\nstatic inline bool security_is_socket_class(u16 kern_tclass)\n");
		@@ -96,10 +88,14 @@ int main(int argc, char *argv[])
		fprintf(fout, "\tswitch (kern_tclass) {\n");
		for (i = 0; secclass_map[i].name; i++) {
		static char s[] = "SOCKET";
		struct security_class_mapping *map = &secclass_map[i];
		int len = strlen(map->name), l = sizeof(s) - 1;
		if (len >= l && memcmp(map->name + len - l, s, l) == 0)
		fprintf(fout, "\tcase SECCLASS_%s:\n", map->name);
		int len, l;
		char *name = stoupperx(secclass_map[i].name);

		len = strlen(name);
		l = sizeof(s) - 1;
		if (len >= l && memcmp(name + len - l, s, l) == 0)
		fprintf(fout, "\tcase SECCLASS_%s:\n", name);
		free(name);
		}
		fprintf(fout, "\t\tsock = true;\n");
		fprintf(fout, "\t\tbreak;\n");
		@@ -110,33 +106,52 @@ int main(int argc, char *argv[])
		fprintf(fout, "}\n");

		fprintf(fout, "\n#endif\n");
		fclose(fout);

		if (fclose(fout) != 0) {
		fprintf(stderr, "Could not successfully close %s: %s\n",
		argv[1], strerror(errno));
		exit(4);
		}

		fout = fopen(argv[2], "w");
		if (!fout) {
		fprintf(stderr, "Could not open %s for writing: %s\n",
		argv[2], strerror(errno));
		exit(4);
		exit(5);
		}

		fprintf(fout, "/* This file is automatically generated. Do not edit. */\n");
		fprintf(fout, "#ifndef _SELINUX_AV_PERMISSIONS_H_\n#define _SELINUX_AV_PERMISSIONS_H_\n\n");

		for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		int len = strlen(map->name);
		const struct security_class_mapping *map = &secclass_map[i];
		int len;
		char *name = stoupperx(map->name);

		len = strlen(name);
		for (j = 0; map->perms[j]; j++) {
		char *permname;

		if (j >= 32) {
		fprintf(stderr, "Too many permissions to fit into an access vector at (%s, %s).\n",
		map->name, map->perms[j]);
		exit(5);
		}
		fprintf(fout, "#define %s__%-*s 0x%08xU\n", map->name,
		39-len, map->perms[j], 1U<<j);
		permname = stoupperx(map->perms[j]);
		fprintf(fout, "#define %s__%-*s 0x%08xU\n", name,
		39-len, permname, 1U<<j);
		free(permname);
		}
		free(name);
		}

		fprintf(fout, "\n#endif\n");
		fclose(fout);

		if (fclose(fout) != 0) {
		fprintf(stderr, "Could not successfully close %s: %s\n",
		argv[2], strerror(errno));
		exit(6);
		}

		exit(0);
		}

scripts/selinux/mdp/mdp.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -82,7 +82,7 @@ int main(int argc, char *argv[])

		/* print out the class permissions */
		for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		const struct security_class_mapping *map = &secclass_map[i];
		fprintf(fout, "class %s\n", map->name);
		fprintf(fout, "{\n");
		for (j = 0; map->perms[j]; j++)
		@@ -103,7 +103,7 @@ int main(int argc, char *argv[])
		#define SYSTEMLOW "s0"
		#define SYSTEMHIGH "s1:c0.c1"
		for (i = 0; secclass_map[i].name; i++) {
		struct security_class_mapping *map = &secclass_map[i];
		const struct security_class_mapping *map = &secclass_map[i];

		fprintf(fout, "mlsconstrain %s {\n", map->name);
		for (j = 0; map->perms[j]; j++)

security/selinux/avc.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -668,7 +668,7 @@ static void avc_audit_pre_callback(struct audit_buffer ab, void a)
		struct common_audit_data *ad = a;
		struct selinux_audit_data *sad = ad->selinux_audit_data;
		u32 av = sad->audited;
		const char **perms;
		const char const perms;
		int i, perm;

		audit_log_format(ab, "avc: %s ", sad->denied ? "denied" : "granted");

security/selinux/include/avc_ss.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -18,7 +18,7 @@ struct security_class_mapping {
		const char perms[sizeof(u32) 8 + 1];
		};

		extern struct security_class_mapping secclass_map[];
		extern const struct security_class_mapping secclass_map[];

		#endif /* _SELINUX_AVC_SS_H_ */

security/selinux/include/classmap.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -38,7 +38,7 @@
		* Note: The name for any socket class should be suffixed by "socket",
		* and doesn't contain more than one substr of "socket".
		*/
		struct security_class_mapping secclass_map[] = {
		const struct security_class_mapping secclass_map[] = {
		{ "security",
		{ "compute_av", "compute_create", "compute_member",
		"check_context", "load_policy", "compute_relabel",