From: "Christian Göttsche" <cgoettsche@seltendoof.de>
To: selinux@vger.kernel.org
Cc: "Christian Göttsche" <cgzones@googlemail.com>
Subject: [PATCH 4/4] checkpolicy: drop global policyvers variable
Date: Mon, 8 Apr 2024 17:08:02 +0200 [thread overview]
Message-ID: <20240408150802.63941-4-cgoettsche@seltendoof.de> (raw)
In-Reply-To: <20240408150802.63941-1-cgoettsche@seltendoof.de>
From: Christian Göttsche <cgzones@googlemail.com>
Drop the global variable policyvers. The variable is only used within
checkpolicy.c and checkmodule.c, but never in any shared code.
Since the variable declaration is the only content of checkpolicy.h drop
it.
Also set the policy version before calls to read_source_policy(), so the
parser can access the requested version for checks this way.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/checkmodule.c | 11 +++++------
checkpolicy/checkpolicy.c | 8 +++-----
checkpolicy/checkpolicy.h | 6 ------
checkpolicy/fuzz/checkpolicy-fuzzer.c | 1 +
checkpolicy/policy_define.c | 1 -
checkpolicy/policy_parse.y | 1 -
6 files changed, 9 insertions(+), 19 deletions(-)
delete mode 100644 checkpolicy/checkpolicy.h
diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
index e7869bf1..2d6f2399 100644
--- a/checkpolicy/checkmodule.c
+++ b/checkpolicy/checkmodule.c
@@ -31,7 +31,6 @@
#include <sepol/policydb/sidtab.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "parse_util.h"
static sidtab_t sidtab;
@@ -43,9 +42,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN;
static const char *txtfile = "policy.conf";
static const char *binfile = "policy";
-static unsigned int policy_type = POLICY_BASE;
-unsigned int policyvers = MOD_POLICYDB_VERSION_MAX;
-
static int read_binary_policy(policydb_t * p, const char *file, const char *progname)
{
int fd;
@@ -107,7 +103,7 @@ static int read_binary_policy(policydb_t * p, const char *file, const char *prog
return 0;
}
-static int write_binary_policy(policydb_t * p, FILE *outfp)
+static int write_binary_policy(policydb_t * p, FILE *outfp, unsigned int policy_type, unsigned int policyvers)
{
struct policy_file pf;
@@ -150,6 +146,8 @@ int main(int argc, char **argv)
{
const char *file = txtfile, *outfile = NULL;
unsigned int binary = 0, cil = 0, disable_neverallow = 0;
+ unsigned int policy_type = POLICY_BASE;
+ unsigned int policyvers = MOD_POLICYDB_VERSION_MAX;
int ch;
int show_version = 0;
policydb_t modpolicydb;
@@ -279,6 +277,7 @@ int main(int argc, char **argv)
modpolicydb.policy_type = policy_type;
modpolicydb.mls = mlspol;
modpolicydb.handle_unknown = handle_unknown;
+ modpolicydb.policyvers = policyvers;
if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {
exit(1);
@@ -343,7 +342,7 @@ int main(int argc, char **argv)
}
if (!cil) {
- if (write_binary_policy(&modpolicydb, outfp) != 0) {
+ if (write_binary_policy(&modpolicydb, outfp, policy_type, policyvers) != 0) {
fprintf(stderr, "%s: error writing %s\n", argv[0], outfile);
exit(1);
}
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index d7cafaa4..ede2b6ad 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -89,7 +89,6 @@
#include <sepol/policydb/link.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "parse_util.h"
static policydb_t policydb;
@@ -103,8 +102,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN;
static const char *txtfile = "policy.conf";
static const char *binfile = "policy";
-unsigned int policyvers = 0;
-
static __attribute__((__noreturn__)) void usage(const char *progname)
{
printf
@@ -395,6 +392,7 @@ int main(int argc, char **argv)
unsigned int binary = 0, debug = 0, sort = 0, cil = 0, conf = 0, optimize = 0, disable_neverallow = 0;
struct val_to_name v;
int ret, ch, fd, target = SEPOL_TARGET_SELINUX;
+ unsigned int policyvers = 0;
unsigned int nel, uret;
struct stat sb;
void *map;
@@ -613,6 +611,7 @@ int main(int argc, char **argv)
/* Let sepol know if we are dealing with MLS support */
parse_policy.mls = mlspol;
parse_policy.handle_unknown = handle_unknown;
+ parse_policy.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
policydbp = &parse_policy;
@@ -637,11 +636,10 @@ int main(int argc, char **argv)
fprintf(stderr, "Error while expanding policy\n");
exit(1);
}
+ policydb.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
policydb_destroy(policydbp);
policydbp = &policydb;
}
-
- policydbp->policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
}
if (policydb_load_isids(&policydb, &sidtab))
diff --git a/checkpolicy/checkpolicy.h b/checkpolicy/checkpolicy.h
deleted file mode 100644
index f127687e..00000000
--- a/checkpolicy/checkpolicy.h
+++ /dev/null
@@ -1,6 +0,0 @@
-#ifndef _CHECKPOLICY_H_
-#define _CHECKPOLICY_H_
-
-extern unsigned int policyvers;
-
-#endif
diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c
index 6c5ce02f..ddb43260 100644
--- a/checkpolicy/fuzz/checkpolicy-fuzzer.c
+++ b/checkpolicy/fuzz/checkpolicy-fuzzer.c
@@ -200,6 +200,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
parsepolicydb.policy_type = POLICY_BASE;
parsepolicydb.mls = mls;
parsepolicydb.handle_unknown = DENY_UNKNOWN;
+ parsepolicydb.policyvers = policyvers;
policydb_set_target_platform(&parsepolicydb, platform);
if (read_source_policy(&parsepolicydb, data, size))
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 1c019a3b..aa2ac2e6 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -55,7 +55,6 @@
#include <sepol/policydb/hierarchy.h>
#include <sepol/policydb/polcaps.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "module_compiler.h"
#include "policy_define.h"
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index 1b275ebc..c57a988a 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -49,7 +49,6 @@
#include <sepol/policydb/hierarchy.h>
#include <sepol/policydb/polcaps.h>
#include "queue.h"
-#include "checkpolicy.h"
#include "module_compiler.h"
#include "policy_define.h"
--
2.43.0
next prev parent reply other threads:[~2024-04-08 15:08 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-08 15:07 [PATCH 1/4] libsepol: improve policy lookup failure message Christian Göttsche
2024-04-08 15:08 ` [PATCH 2/4] checkpolicy/tests: add test for splitting xperm rule Christian Göttsche
2024-04-08 15:08 ` [PATCH 3/4] checkpolicy: declare file local variable static Christian Göttsche
2024-04-08 15:08 ` Christian Göttsche [this message]
2024-04-22 20:48 ` [PATCH 1/4] libsepol: improve policy lookup failure message James Carter
2024-05-02 18:03 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240408150802.63941-4-cgoettsche@seltendoof.de \
--to=cgoettsche@seltendoof.de \
--cc=cgzones@googlemail.com \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).