selinux: declare data arrays const The arrays for the policy capability names, the initial sid identifiers and the class and permission names are not changed at runtime. Declare them const to avoid accidental modification. Do not override the classmap and the initial sid list in the build time script genheaders. Check flose(3) is successful in genheaders.c, otherwise the written data might be corrupted or incomplete. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> [PM: manual merge due to fuzz, minor style tweaks] Signed-off-by: Paul Moore <paul@paul-moore.com>

commit: ded34574d4d351ab0ca095a45496b393cef611c2 [log] [tgz]
author: Christian Göttsche <cgzones@googlemail.com> Mon May 02 16:43:38 2022 +0200
committer: Paul Moore <paul@paul-moore.com> Tue May 03 15:53:49 2022 -0400
tree: 6884a97c4ba2c10ad542db83cfbd8afeab326895
parent: a9029d97045468bc25281971d452b6cecf009553 [diff] [blame]
diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 874c1c6..9a43af0 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c

@@ -668,7 +668,7 @@ static void avc_audit_pre_callback(struct audit_buffer *ab, void *a)
 	struct common_audit_data *ad = a;
 	struct selinux_audit_data *sad = ad->selinux_audit_data;
 	u32 av = sad->audited;
-	const char **perms;
+	const char *const *perms;
 	int i, perm;
 
 	audit_log_format(ab, "avc:  %s ", sad->denied ? "denied" : "granted");
commit	ded34574d4d351ab0ca095a45496b393cef611c2	[log] [tgz]
author	Christian Göttsche <cgzones@googlemail.com>	Mon May 02 16:43:38 2022 +0200
committer	Paul Moore <paul@paul-moore.com>	Tue May 03 15:53:49 2022 -0400
tree	6884a97c4ba2c10ad542db83cfbd8afeab326895
parent	a9029d97045468bc25281971d452b6cecf009553 [diff] [blame]