selinux: shorten the policy capability enum names

The SELinux policy capability enum names are rather long and follow
the "POLICYDB_CAPABILITY_XXX format".  While the "POLICYDB_" prefix
is helpful in tying the enums to other SELinux policy constants,
macros, etc. there is no reason why we need to spell out
"CAPABILITY" completely.  Shorten "CAPABILITY" to "CAP" in order to
make things a bit shorter and cleaner.

Moving forward, the SELinux policy capability enum names should
follow the "POLICYDB_CAP_XXX" format.

Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/selinux/ima.c b/security/selinux/ima.c
index 727c4e43219d7106c95a062377093b7a8cf50b6a..fded01981a3932ca4c82e395212e13cc2749677e 100644 (file)
--- a/security/selinux/ima.c
+++ b/security/selinux/ima.c
@@ -29,7 +29,7 @@ static char *selinux_ima_collect_state(struct selinux_state *state)
        buf_len = strlen("initialized=0;enforcing=0;checkreqprot=0;") + 1;
 
        len = strlen(on);
-       for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++)
+       for (i = 0; i < __POLICYDB_CAP_MAX; i++)
                buf_len += strlen(selinux_policycap_names[i]) + len;
 
        buf = kzalloc(buf_len, GFP_KERNEL);
@@ -54,7 +54,7 @@ static char *selinux_ima_collect_state(struct selinux_state *state)
        rc = strlcat(buf, checkreqprot_get(state) ? on : off, buf_len);
        WARN_ON(rc >= buf_len);
 
-       for (i = 0; i < __POLICYDB_CAPABILITY_MAX; i++) {
+       for (i = 0; i < __POLICYDB_CAP_MAX; i++) {
                rc = strlcat(buf, selinux_policycap_names[i], buf_len);
                WARN_ON(rc >= buf_len);
 

diff --git a/security/selinux/include/policycap.h b/security/selinux/include/policycap.h
index a9e572ca4fd96d00ea26c917c25f6c91d552475f..2680aa21205ce2c43db315c9fdf26fb4fa9353e2 100644 (file)
--- a/security/selinux/include/policycap.h
+++ b/security/selinux/include/policycap.h
@@ -4,18 +4,18 @@
 
 /* Policy capabilities */
 enum {
-       POLICYDB_CAPABILITY_NETPEER,
-       POLICYDB_CAPABILITY_OPENPERM,
-       POLICYDB_CAPABILITY_EXTSOCKCLASS,
-       POLICYDB_CAPABILITY_ALWAYSNETWORK,
-       POLICYDB_CAPABILITY_CGROUPSECLABEL,
-       POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION,
-       POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS,
-       POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC,
-       __POLICYDB_CAPABILITY_MAX
+       POLICYDB_CAP_NETPEER,
+       POLICYDB_CAP_OPENPERM,
+       POLICYDB_CAP_EXTSOCKCLASS,
+       POLICYDB_CAP_ALWAYSNETWORK,
+       POLICYDB_CAP_CGROUPSECLABEL,
+       POLICYDB_CAP_NNP_NOSUID_TRANSITION,
+       POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS,
+       POLICYDB_CAP_IOCTL_SKIP_CLOEXEC,
+       __POLICYDB_CAP_MAX
 };
-#define POLICYDB_CAPABILITY_MAX (__POLICYDB_CAPABILITY_MAX - 1)
+#define POLICYDB_CAP_MAX (__POLICYDB_CAP_MAX - 1)
 
-extern const char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX];
+extern const char *selinux_policycap_names[__POLICYDB_CAP_MAX];
 
 #endif /* _SELINUX_POLICYCAP_H_ */

diff --git a/security/selinux/include/policycap_names.h b/security/selinux/include/policycap_names.h
index ebd64afe1defd13dfb20fd9f9fd05c54f61f218f..100da7d043dbf9a2409e5344596668b52a1084cc 100644 (file)
--- a/security/selinux/include/policycap_names.h
+++ b/security/selinux/include/policycap_names.h
@@ -5,7 +5,7 @@
 #include "policycap.h"
 
 /* Policy capability names */
-const char *selinux_policycap_names[__POLICYDB_CAPABILITY_MAX] = {
+const char *selinux_policycap_names[__POLICYDB_CAP_MAX] = {
        "network_peer_controls",
        "open_perms",
        "extended_socket_class",

diff --git a/security/selinux/include/security.h b/security/selinux/include/security.h
index 84f42fa8012f1eaa90b1cce79c18c2b645cbd94d..ace4bd13e8084502a844c119737bde7ed102627f 100644 (file)
--- a/security/selinux/include/security.h
+++ b/security/selinux/include/security.h
@@ -96,7 +96,7 @@ struct selinux_state {
 #endif
        bool checkreqprot;
        bool initialized;
-       bool policycap[__POLICYDB_CAPABILITY_MAX];
+       bool policycap[__POLICYDB_CAP_MAX];
 
        struct page *status_page;
        struct mutex status_lock;
@@ -174,56 +174,56 @@ static inline bool selinux_policycap_netpeer(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NETPEER]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_NETPEER]);
 }
 
 static inline bool selinux_policycap_openperm(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_OPENPERM]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_OPENPERM]);
 }
 
 static inline bool selinux_policycap_extsockclass(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_EXTSOCKCLASS]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_EXTSOCKCLASS]);
 }
 
 static inline bool selinux_policycap_alwaysnetwork(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_ALWAYSNETWORK]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_ALWAYSNETWORK]);
 }
 
 static inline bool selinux_policycap_cgroupseclabel(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_CGROUPSECLABEL]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_CGROUPSECLABEL]);
 }
 
 static inline bool selinux_policycap_nnp_nosuid_transition(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_NNP_NOSUID_TRANSITION]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_NNP_NOSUID_TRANSITION]);
 }
 
 static inline bool selinux_policycap_genfs_seclabel_symlinks(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_GENFS_SECLABEL_SYMLINKS]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]);
 }
 
 static inline bool selinux_policycap_ioctl_skip_cloexec(void)
 {
        struct selinux_state *state = &selinux_state;
 
-       return READ_ONCE(state->policycap[POLICYDB_CAPABILITY_IOCTL_SKIP_CLOEXEC]);
+       return READ_ONCE(state->policycap[POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]);
 }
 
 struct selinux_policy_convert_data;

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index f2f6203e0fff5a6ec981a2e59f404429d3f6b288..097c6d866ec4db19e2c799c865164d2a71378706 100644 (file)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -1983,7 +1983,7 @@ static int sel_make_policycap(struct selinux_fs_info *fsi)
        struct dentry *dentry = NULL;
        struct inode *inode = NULL;
 
-       for (iter = 0; iter <= POLICYDB_CAPABILITY_MAX; iter++) {
+       for (iter = 0; iter <= POLICYDB_CAP_MAX; iter++) {
                if (iter < ARRAY_SIZE(selinux_policycap_names))
                        dentry = d_alloc_name(fsi->policycap_dir,
                                              selinux_policycap_names[iter]);