diff options
author | Paul Moore <paul@paul-moore.com> | 2022-03-01 18:39:20 +0100 |
---|---|---|
committer | Paul Moore <paul@paul-moore.com> | 2022-03-02 17:37:03 +0100 |
commit | cdbec3ede0b8cb318c36f5cc945b9360329cbd25 (patch) | |
tree | 779484bf8cd18ab49ec73a481f91b7178d0cb76d /security | |
parent | docs: fix 'make htmldocs' warning in SCTP.rst (diff) | |
download | linux-cdbec3ede0b8cb318c36f5cc945b9360329cbd25.tar.xz linux-cdbec3ede0b8cb318c36f5cc945b9360329cbd25.zip |
selinux: shorten the policy capability enum names
The SELinux policy capability enum names are rather long and follow
the "POLICYDB_CAPABILITY_XXX format". While the "POLICYDB_" prefix
is helpful in tying the enums to other SELinux policy constants,
macros, etc. there is no reason why we need to spell out
"CAPABILITY" completely. Shorten "CAPABILITY" to "CAP" in order to
make things a bit shorter and cleaner.
Moving forward, the SELinux policy capability enum names should
follow the "POLICYDB_CAP_XXX" format.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ima.c | 4 | ||||
-rw-r--r-- | security/selinux/include/policycap.h | 22 | ||||
-rw-r--r-- | security/selinux/include/policycap_names.h | 2 | ||||
-rw-r--r-- | security/selinux/include/security.h | 18 | ||||
-rw-r--r-- | security/selinux/selinuxfs.c | 2 |
5 files changed, 24 insertions, 24 deletions
diff --git a/security/selinux/ima.c b/security/selinux/ima.c index 727c4e43219d..fded01981a39 100644 --- a/security/selinux/ima.c +++ b/security/selinux/ima.c @@ -29,7 +29,7 @@ static char *selinux_ima_collect_state(struct selinux_state *state) buf_len = strlen("initialized=0;enforcing=0;checkreqprot=0;") + 1; len = strlen(on); - for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++) + for (i = 0; i < __POLICYDB_CAP_MAX; i++) buf_len += strlen(selinux_policycap_names[i]) + len; buf = kzalloc(buf_len, GFP_KERNEL); @@ -54,7 +54,7 @@ static char *selinux_ima_collect_state(struct selinux_state *state) rc = strlcat(buf, checkreqprot_get(state) ? on : off, buf_len); WARN_ON(rc >= buf_len); - for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++) { + for (i = 0; i < __POLICYDB_CAP_MAX; i++) { rc = strlcat(buf, selinux_policycap_names[i], buf_len); WARN_ON(rc >= buf_len); diff --git a/security/selinux/include/policycap.h b/security/selinux/include/policycap.h index a9e572ca4fd9..2680aa21205c 100644 --- a/security/selinux/include/policycap.h +++ b/security/selinux/include/policycap.h @@ -4,18 +4,18 @@ /* Policy capabilities */ enum { - POLICYDB_CAPABILITY_NETPEER, - POLICYDB_CAPABILITY_OPENPERM, - POLICYDB_CAPABILITY_EXTSOCKCLASS, - POLICYDB_CAPABILITY_ALWAYSNETWORK, - POLICYDB_CAPABILITY_CGROUPSECLABEL, - POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION, - POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS, - POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC, - __POLICYDB_CAPABILITY_MAX + POLICYDB_CAP_NETPEER, + POLICYDB_CAP_OPENPERM, + POLICYDB_CAP_EXTSOCKCLASS, + POLICYDB_CAP_ALWAYSNETWORK, + POLICYDB_CAP_CGROUPSECLABEL, + POLICYDB_CAP_NNP_NOSUID_TRANSITION, + POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS, + POLICYDB_CAP_IOCTL_SKIP_CLOEXEC, + __POLICYDB_CAP_MAX }; -#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1) +#define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1) -extern const char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX]; +extern const char *selinux_policycap_names[__POLICYDB_CAP_MAX]; #endif /* _SELINUX_POLICYCAP_H_ */ diff --git a/security/selinux/include/policycap_names.h b/security/selinux/include/policycap_names.h index ebd64afe1def..100da7d043db 100644 --- a/security/selinux/include/policycap_names.h +++ b/security/selinux/include/policycap_names.h @@ -5,7 +5,7 @@ #include "policycap.h" /* Policy capability names */ -const char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = { +const char *selinux_policycap_names[__POLICYDB_CAP_MAX] = { "network_peer_controls", "open_perms", "extended_socket_class", diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h index 84f42fa8012f..ace4bd13e808 100644 --- a/security/selinux/include/security.h +++ b/security/selinux/include/security.h @@ -96,7 +96,7 @@ struct selinux_state { #endif bool checkreqprot; bool initialized; - bool policycap[__POLICYDB_CAPABILITY_MAX]; + bool policycap[__POLICYDB_CAP_MAX]; struct page *status_page; struct mutex status_lock; @@ -174,56 +174,56 @@ static inline bool selinux_policycap_netpeer(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NETPEER]); + return READ_ONCE(state->policycap[POLICYDB_CAP_NETPEER]); } static inline bool selinux_policycap_openperm(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_OPENPERM]); + return READ_ONCE(state->policycap[POLICYDB_CAP_OPENPERM]); } static inline bool selinux_policycap_extsockclass(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]); + return READ_ONCE(state->policycap[POLICYDB_CAP_EXTSOCKCLASS]); } static inline bool selinux_policycap_alwaysnetwork(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]); + return READ_ONCE(state->policycap[POLICYDB_CAP_ALWAYSNETWORK]); } static inline bool selinux_policycap_cgroupseclabel(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]); + return READ_ONCE(state->policycap[POLICYDB_CAP_CGROUPSECLABEL]); } static inline bool selinux_policycap_nnp_nosuid_transition(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]); + return READ_ONCE(state->policycap[POLICYDB_CAP_NNP_NOSUID_TRANSITION]); } static inline bool selinux_policycap_genfs_seclabel_symlinks(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]); + return READ_ONCE(state->policycap[POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]); } static inline bool selinux_policycap_ioctl_skip_cloexec(void) { struct selinux_state *state = &selinux_state; - return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC]); + return READ_ONCE(state->policycap[POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]); } struct selinux_policy_convert_data; diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index f2f6203e0fff..097c6d866ec4 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -1983,7 +1983,7 @@ static int sel_make_policycap(struct selinux_fs_info *fsi) struct dentry *dentry = NULL; struct inode *inode = NULL; - for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) { + for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) { if (iter < ARRAY_SIZE(selinux_policycap_names)) dentry = d_alloc_name(fsi->policycap_dir, selinux_policycap_names[iter]); |