On Mon, 2015-11-02 at 00:39 +0200, Petko Manolov wrote: > + > +#ifdef CONFIG_IMA_READ_POLICY > +enum { > + mask_err = -1, > + mask_exec = 1, mask_write, mask_read, mask_append > +}; > + > +static match_table_t mask_tokens = { > + {mask_exec, "MAY_EXEC"}, > + {mask_write, "MAY_WRITE"}, > + {mask_read, "MAY_READ"}, > + {mask_append, "MAY_APPEND"}, > + {mask_err, NULL} > +}; > + > +enum { > + func_err = -1, > + func_file = 1, func_mmap, func_bprm, > + func_module, func_firmware, func_post > +}; > + > +static match_table_t func_tokens = { > + {func_file, "FILE_CHECK"}, > + {func_mmap, "MMAP_CHECK"}, > + {func_bprm, "BPRM_CHECK"}, > + {func_module, "MODULE_CHECK"}, > + {func_firmware, "FIRMWARE_CHECK"}, > + {func_post, "POST_SETATTR"}, > + {func_err, NULL} > +};
Why are we using match_table_t? Why not define an array of strings which corresponds to the function hooks or use the __stringify macro? static const char *ima_hooks_string[] = {"", "FILE_CHECK", "MMAP_CHECK", "BPRM_CHECK", "MODULE_CHECK", "FIRMWARE_CHECK", "POST_SETATTR"}; In the first case, to display the function hook string would be "ima_hooks_string[func]". Using __stringify requires the hook name (eg. __stringify(FILE_CHECK)). In either case, there would be a lot less code. Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html