/src/selinux/libsepol/src/polcaps.c

Source
/*
 * Policy capability support functions
 */

#include <string.h>
#include <sepol/policydb/polcaps.h>

static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
  [POLICYDB_CAP_NETPEER]        = "network_peer_controls",
  [POLICYDB_CAP_OPENPERM]       = "open_perms",
  [POLICYDB_CAP_EXTSOCKCLASS]     = "extended_socket_class",
  [POLICYDB_CAP_ALWAYSNETWORK]      = "always_check_network",
  [POLICYDB_CAP_CGROUPSECLABEL]     = "cgroup_seclabel",
  [POLICYDB_CAP_NNP_NOSUID_TRANSITION]    = "nnp_nosuid_transition",
  [POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS]    = "genfs_seclabel_symlinks",
  [POLICYDB_CAP_IOCTL_SKIP_CLOEXEC]   = "ioctl_skip_cloexec",
  [POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT]  = "userspace_initial_context",
  [POLICYDB_CAP_NETLINK_XPERM]      = "netlink_xperm",
  [POLICYDB_CAP_NETIF_WILDCARD]     = "netif_wildcard",
  [POLICYDB_CAP_GENFS_SECLABEL_WILDCARD]    = "genfs_seclabel_wildcard",
  [POLICYDB_CAP_FUNCTIONFS_SECLABEL]    = "functionfs_seclabel",
  [POLICYDB_CAP_MEMFD_CLASS]      = "memfd_class",
};

int sepol_polcap_getnum(const char *name)
{
  int capnum;

  for (capnum = 0; capnum <= POLICYDB_CAP_MAX; capnum++) {
    if (polcap_names[capnum] == NULL)
      continue;
    if (strcasecmp(polcap_names[capnum], name) == 0)
      return capnum;
  }
  return -1;
}

const char *sepol_polcap_getname(unsigned int capnum)
{
  if (capnum > POLICYDB_CAP_MAX)
    return NULL;

  return polcap_names[capnum];
}

Line	Count	Source
1		/*
2		* Policy capability support functions
3		*/
4
5		#include <string.h>
6		#include <sepol/policydb/polcaps.h>
7
8		static const char * const polcap_names[POLICYDB_CAP_MAX + 1] = {
9		[POLICYDB_CAP_NETPEER] = "network_peer_controls",
10		[POLICYDB_CAP_OPENPERM] = "open_perms",
11		[POLICYDB_CAP_EXTSOCKCLASS] = "extended_socket_class",
12		[POLICYDB_CAP_ALWAYSNETWORK] = "always_check_network",
13		[POLICYDB_CAP_CGROUPSECLABEL] = "cgroup_seclabel",
14		[POLICYDB_CAP_NNP_NOSUID_TRANSITION] = "nnp_nosuid_transition",
15		[POLICYDB_CAP_GENFS_SECLABEL_SYMLINKS] = "genfs_seclabel_symlinks",
16		[POLICYDB_CAP_IOCTL_SKIP_CLOEXEC] = "ioctl_skip_cloexec",
17		[POLICYDB_CAP_USERSPACE_INITIAL_CONTEXT] = "userspace_initial_context",
18		[POLICYDB_CAP_NETLINK_XPERM] = "netlink_xperm",
19		[POLICYDB_CAP_NETIF_WILDCARD] = "netif_wildcard",
20		[POLICYDB_CAP_GENFS_SECLABEL_WILDCARD] = "genfs_seclabel_wildcard",
21		[POLICYDB_CAP_FUNCTIONFS_SECLABEL] = "functionfs_seclabel",
22		[POLICYDB_CAP_MEMFD_CLASS] = "memfd_class",
23		};
24
25		int sepol_polcap_getnum(const char *name)
26	2.15k	{
27	2.15k	int capnum;
28
29	7.04k	for (capnum = 0; capnum <= POLICYDB_CAP_MAX; capnum++) {
30	6.90k	if (polcap_names[capnum] == NULL)
31	0	continue;
32	6.90k	if (strcasecmp(polcap_names[capnum], name) == 0)
33	2.02k	return capnum;
34	6.90k	}
35	137	return -1;
36	2.15k	}
37
38		const char *sepol_polcap_getname(unsigned int capnum)
39	0	{
40	0	if (capnum > POLICYDB_CAP_MAX)
41	0	return NULL;
42
43	0	return polcap_names[capnum];
44	0	}

Coverage Report

Created: 2026-01-17 06:07