1
It's just insane to keep a table of capability names that can go
2
out of sync with capabilities.h at any time. Just generate the
3
table on the fly instead.
5
Index: b/security/apparmor/Makefile
6
===================================================================
7
--- a/security/apparmor/Makefile
8
+++ b/security/apparmor/Makefile
11
obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
13
-apparmor-y := main.o list.o procattr.o lsm.o apparmorfs.o capabilities.o \
14
+apparmor-y := main.o list.o procattr.o lsm.o apparmorfs.o \
15
module_interface.o match.o
17
+quiet_cmd_make-caps = GEN $@
18
+cmd_make-caps = sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z > $@
20
+$(obj)/main.o : $(obj)/capability_names.h
21
+$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
22
+ $(call cmd,make-caps)
23
Index: b/security/apparmor/capabilities.c
24
===================================================================
25
--- a/security/apparmor/capabilities.c
29
- * Copyright (C) 2005 Novell/SUSE
31
- * This program is free software; you can redistribute it and/or
32
- * modify it under the terms of the GNU General Public License as
33
- * published by the Free Software Foundation, version 2 of the
36
- * AppArmor capability definitions
39
-#include "apparmor.h"
41
-static const char *cap_names[] = {
75
-const char *capability_to_name(unsigned int cap)
79
- name = (cap < (sizeof(cap_names) / sizeof(char *))
80
- ? cap_names[cap] : "invalid-capability");
84
Index: b/security/apparmor/main.c
85
===================================================================
86
--- a/security/apparmor/main.c
87
+++ b/security/apparmor/main.c
93
+ * A table of capability names: we generate it from capabilities.h.
95
+static const char *capability_names[] = {
96
+#include "capability_names.h"
99
/* NULL complain profile
101
* Used when in complain mode, to emit Permitting messages for non-existant
102
@@ -446,7 +453,7 @@ int aa_audit(struct aa_profile *active,
103
} else if (sa->type == AA_AUDITTYPE_CAP) {
105
"access to capability '%s' ",
106
- capability_to_name(sa->capability));
107
+ capability_names[sa->capability]);
109
opspec_error = -EPERM;
110
} else if (sa->type == AA_AUDITTYPE_SYSCALL) {
111
Index: b/security/apparmor/apparmor.h
112
===================================================================
113
--- a/security/apparmor/apparmor.h
114
+++ b/security/apparmor/apparmor.h
115
@@ -267,9 +267,6 @@ extern int aa_setprocattr_setprofile(str
116
extern int create_apparmorfs(void);
117
extern void destroy_apparmorfs(void);
119
-/* capabilities.c */
120
-extern const char *capability_to_name(unsigned int cap);
123
struct aa_dfa *aa_match_alloc(void);
124
void aa_match_free(struct aa_dfa *dfa);