[PATCH 0/4] Fix build warnings with gcc 8

[PATCH 0/4] Fix build warnings with gcc 8

[Stephen Smalley]

I encountered a number of build warnings on the selinux userspace
using gcc 8, which is the default now in F28 and rawhide. This fixes
the ones that are treated as fatal errors by default.  There are still
known warnings due to the flex skeleton and something to do with the
python bindings, but those are not new.

Stephen Smalley (4):
  libsepol: remove unused function and type
  libselinux: fix build warning in save_booleans()
  libselinux: avcstat: fix build warning
  libselinux: audit2why: fix build warnings

 libselinux/src/audit2why.c                 | 2 +-
 libselinux/src/booleans.c                  | 4 +++-
 libselinux/utils/avcstat.c                 | 3 ++-
 libsepol/include/sepol/policydb/policydb.h | 3 ---
 libsepol/src/policydb.c                    | 8 --------
 5 files changed, 6 insertions(+), 14 deletions(-)

-- 
2.14.3

[PATCH 1/4] libsepol: remove unused function and type

[Stephen Smalley]

Fix the following build warning:
policydb.c: In function ‘get_symtab_destroy_func’:
policydb.c:1581:9: error: cast between incompatible function types from ‘int (*)(char *, void *, void *)’ to ‘void (*)(char *, void *, void *)’ [-Werror=cast-function-type]
  return (hashtab_destroy_func_t) destroy_f[sym_num];
         ^

It turns out that this function and type are long unused in libsepol
and are not exported APIs for the shared library, so just remove them.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libsepol/include/sepol/policydb/policydb.h | 3 ---
 libsepol/src/policydb.c                    | 8 --------
 2 files changed, 11 deletions(-)

diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
index f8626ef4..271a82c9 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -646,9 +646,6 @@ extern int policydb_context_isvalid(const policydb_t * p,
 
 extern void symtabs_destroy(symtab_t * symtab);
 extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
-typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d,
-					void *args);
-extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num);
 
 extern void class_perm_node_init(class_perm_node_t * x);
 extern void type_set_init(type_set_t * x);
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index c7521235..dfedfafe 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -1573,14 +1573,6 @@ int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
 	return 0;
 }
 
-hashtab_destroy_func_t get_symtab_destroy_func(int sym_num)
-{
-	if (sym_num < 0 || sym_num >= SYM_NUM) {
-		return NULL;
-	}
-	return (hashtab_destroy_func_t) destroy_f[sym_num];
-}
-
 /*
  * Load the initial SIDs specified in a policy database
  * structure into a SID table.
-- 
2.14.3

[PATCH 2/4] libselinux: fix build warning in save_booleans()

[Stephen Smalley]

Fix the following warning in save_booleans().  We could likely drop
the function altogether, either ignoring or returning EINVAL if
a non-zero permanent argument is passed to security_set_boolean_list(),
since setting persistent booleans is now handled via libsemanage.  This
code and the corresponding security_load_booleans() code is legacy from
RHEL4 days and could be removed although we would need to keep the ABI
for compatibility.

booleans.c: In function ‘save_booleans’:
booleans.c:441:13: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 8191 [-Werror=format-truncation=]
         "%s=%d\n", boolname,
             ^~
booleans.c:440:7: note: ‘snprintf’ output between 4 and 8205 bytes into a destination of size 8192
       snprintf(outbuf, sizeof(outbuf),
       ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         "%s=%d\n", boolname,
         ~~~~~~~~~~~~~~~~~~~~
         boollist[i].value);
         ~~~~~~~~~~~~~~~~~~
booleans.c:454:12: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 8191 [-Werror=format-truncation=]
        "%s=%d\n", boolname, val);
            ^~
booleans.c:453:6: note: ‘snprintf’ output between 4 and 8205 bytes into a destination of size 8192
      snprintf(outbuf, sizeof(outbuf),
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        "%s=%d\n", boolname, val);
        ~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libselinux/src/booleans.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
index 1da55bfd..b3ea3623 100644
--- a/libselinux/src/booleans.c
+++ b/libselinux/src/booleans.c
@@ -416,7 +416,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist)
 		ssize_t ret;
 		size_t size = 0;
 		int val;
-		char boolname[BUFSIZ];
+		char boolname[BUFSIZ-3];
 		char *buffer;
 		inbuf = NULL;
 		__fsetlocking(boolf, FSETLOCKING_BYCALLER);
@@ -450,6 +450,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist)
 					}
 				}
 				if (i == boolcnt) {
+					val = !!val;
 					snprintf(outbuf, sizeof(outbuf),
 						 "%s=%d\n", boolname, val);
 					len = strlen(outbuf);
@@ -505,6 +506,7 @@ int security_set_boolean_list(size_t boolcnt, SELboolean * boollist,
 
 	size_t i;
 	for (i = 0; i < boolcnt; i++) {
+		boollist[i].value = !!boollist[i].value;
 		if (security_set_boolean(boollist[i].name, boollist[i].value)) {
 			rollback(boollist, i);
 			return -1;
-- 
2.14.3

[PATCH 3/4] libselinux: avcstat: fix build warning

[Stephen Smalley]

Fix the following build warning.

avcstat.c: In function ‘main’:
avcstat.c:113:4: error: ‘strncpy’ specified bound 4096 equals destination size [-Werror=stringop-truncation]
    strncpy(avcstatfile, optarg, sizeof avcstatfile);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libselinux/utils/avcstat.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c
index 5ff582b8..884a10bf 100644
--- a/libselinux/utils/avcstat.c
+++ b/libselinux/utils/avcstat.c
@@ -110,7 +110,8 @@ int main(int argc, char **argv)
 			cumulative = 1;
 			break;
 		case 'f':
-			strncpy(avcstatfile, optarg, sizeof avcstatfile);
+			strncpy(avcstatfile, optarg, sizeof(avcstatfile) - 1);
+			avcstatfile[sizeof(avcstatfile)-1] = '\0';
 			break;
 		case 'h':
 		case '-':
-- 
2.14.3

[PATCH 4/4] libselinux: audit2why: fix build warnings

[Stephen Smalley]

Fix the following build warnings.

audit2why.c: In function ‘__policy_init’:
audit2why.c:207:22: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4081 [-Wformat-truncation=]
      "unable to open %s:  %s\n",
                      ^~
      path, strerror(errno));
      ~~~~
audit2why.c:206:4: note: ‘snprintf’ output 20 or more bytes (assuming 4115) into a destination of size 4096
    snprintf(errormsg, sizeof(errormsg),
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      "unable to open %s:  %s\n",
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      path, strerror(errno));
      ~~~~~~~~~~~~~~~~~~~~~~
audit2why.c:253:28: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4074 [-Wformat-truncation=]
     "invalid binary policy %s\n", path);
                            ^~     ~~~~
audit2why.c:252:3: note: ‘snprintf’ output between 24 and 4119 bytes into a destination of size 4096
   snprintf(errormsg, sizeof(errormsg),
   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     "invalid binary policy %s\n", path);
     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 libselinux/src/audit2why.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index 857383ac..0331fdfd 100644
--- a/libselinux/src/audit2why.c
+++ b/libselinux/src/audit2why.c
@@ -193,7 +193,7 @@ static int __policy_init(const char *init_path)
 {
 	FILE *fp;
 	char path[PATH_MAX];
-	char errormsg[PATH_MAX];
+	char errormsg[PATH_MAX+1024+20];
 	struct sepol_policy_file *pf = NULL;
 	int rc;
 	unsigned int cnt;
-- 
2.14.3

Re: [PATCH 0/4] Fix build warnings with gcc 8

[Stephen Smalley]

On 05/03/2018 02:48 PM, Stephen Smalley wrote:
> I encountered a number of build warnings on the selinux userspace
> using gcc 8, which is the default now in F28 and rawhide. This fixes
> the ones that are treated as fatal errors by default.  There are still
> known warnings due to the flex skeleton and something to do with the
> python bindings, but those are not new.
> 
> Stephen Smalley (4):
>   libsepol: remove unused function and type
>   libselinux: fix build warning in save_booleans()
>   libselinux: avcstat: fix build warning
>   libselinux: audit2why: fix build warnings
> 
>  libselinux/src/audit2why.c                 | 2 +-
>  libselinux/src/booleans.c                  | 4 +++-
>  libselinux/utils/avcstat.c                 | 3 ++-
>  libsepol/include/sepol/policydb/policydb.h | 3 ---
>  libsepol/src/policydb.c                    | 8 --------
>  5 files changed, 6 insertions(+), 14 deletions(-)

Applied.