From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: nicolas.iooss@m4x.org, James Carter <jwcart2@gmail.com>
Subject: [PATCH 11/11] libsepol/cil: Move check for the shadowing of macro parameters
Date: Thu, 8 Apr 2021 15:16:14 -0400 [thread overview]
Message-ID: <20210408191614.262173-12-jwcart2@gmail.com> (raw)
In-Reply-To: <20210408191614.262173-1-jwcart2@gmail.com>
In cil_gen_node(), after the declaration is added to the symbol
table, if the parent is a macro, then a check is made to ensure
the declaration does not shadow any of the macro's parameters.
This check also needs to be done when copying the AST.
Move the check for the shadowing of macro parameters to its own
function, cil_verify_decl_does_not_shadow_macro_parameter(), and
refactor cil_gen_node() and __cil_copy_node_helper() to use the
new function.
Signed-off-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_build_ast.c | 16 +++-------------
libsepol/cil/src/cil_copy_ast.c | 20 ++++----------------
libsepol/cil/src/cil_verify.c | 18 ++++++++++++++++++
libsepol/cil/src/cil_verify.h | 1 +
4 files changed, 26 insertions(+), 29 deletions(-)
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index ec81db55..a4a2baa0 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -161,19 +161,9 @@ int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_s
}
if (ast_node->parent->flavor == CIL_MACRO) {
- struct cil_list_item *item;
- struct cil_list *param_list = ((struct cil_macro*)ast_node->parent->data)->params;
- if (param_list != NULL) {
- cil_list_for_each(item, param_list) {
- struct cil_param *param = item->data;
- if (param->flavor == ast_node->flavor) {
- if (param->str == key) {
- cil_log(CIL_ERR, "%s %s shadows a macro parameter in macro declaration\n", cil_node_to_string(ast_node), key);
- rc = SEPOL_ERR;
- goto exit;
- }
- }
- }
+ rc = cil_verify_decl_does_not_shadow_macro_parameter(ast_node->parent->data, ast_node, key);
+ if (rc != SEPOL_OK) {
+ goto exit;
}
}
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index 12bc553c..954eab33 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -40,6 +40,7 @@
#include "cil_copy_ast.h"
#include "cil_build_ast.h"
#include "cil_strpool.h"
+#include "cil_verify.h"
struct cil_args_copy {
struct cil_tree_node *dest;
@@ -1716,7 +1717,6 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u
struct cil_db *db = NULL;
struct cil_args_copy *args = NULL;
struct cil_tree_node *namespace = NULL;
- struct cil_param *param = NULL;
enum cil_sym_index sym_index = CIL_SYM_UNKNOWN;
symtab_t *symtab = NULL;
void *data = NULL;
@@ -2043,21 +2043,9 @@ int __cil_copy_node_helper(struct cil_tree_node *orig, __attribute__((unused)) u
}
if (namespace->flavor == CIL_MACRO) {
- struct cil_macro *macro = namespace->data;
- struct cil_list *param_list = macro->params;
- if (param_list != NULL) {
- struct cil_list_item *item;
- cil_list_for_each(item, param_list) {
- param = item->data;
- if (param->flavor == new->flavor) {
- if (param->str == ((struct cil_symtab_datum*)new->data)->name) {
- cil_tree_log(orig, CIL_ERR, "%s %s shadows a macro parameter", cil_node_to_string(new), ((struct cil_symtab_datum*)orig->data)->name);
- cil_tree_log(namespace, CIL_ERR, "Note: macro declaration");
- rc = SEPOL_ERR;
- goto exit;
- }
- }
- }
+ rc = cil_verify_decl_does_not_shadow_macro_parameter(namespace->data, orig, DATUM(orig->data)->name);
+ if (rc != SEPOL_OK) {
+ goto exit;
}
}
}
diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
index 6e46fef6..5517461c 100644
--- a/libsepol/cil/src/cil_verify.c
+++ b/libsepol/cil/src/cil_verify.c
@@ -412,6 +412,24 @@ int cil_verify_conditional_blocks(struct cil_tree_node *current)
return SEPOL_OK;
}
+int cil_verify_decl_does_not_shadow_macro_parameter(struct cil_macro *macro, struct cil_tree_node *node, const char *name)
+{
+ struct cil_list_item *item;
+ struct cil_list *param_list = macro->params;
+ if (param_list != NULL) {
+ cil_list_for_each(item, param_list) {
+ struct cil_param *param = item->data;
+ if (param->flavor == node->flavor) {
+ if (param->str == name) {
+ cil_log(CIL_ERR, "%s %s shadows a macro parameter in macro declaration\n", cil_node_to_string(node), name);
+ return SEPOL_ERR;
+ }
+ }
+ }
+ }
+ return SEPOL_OK;
+}
+
int cil_verify_no_self_reference(struct cil_symtab_datum *datum, struct cil_list *datum_list)
{
struct cil_list_item *i;
diff --git a/libsepol/cil/src/cil_verify.h b/libsepol/cil/src/cil_verify.h
index 1887ae3f..c497018f 100644
--- a/libsepol/cil/src/cil_verify.h
+++ b/libsepol/cil/src/cil_verify.h
@@ -62,6 +62,7 @@ int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, en
int cil_verify_constraint_leaf_expr_syntax(enum cil_flavor l_flavor, enum cil_flavor r_flavor, enum cil_flavor op, enum cil_flavor expr_flavor);
int cil_verify_constraint_expr_syntax(struct cil_tree_node *current, enum cil_flavor op);
int cil_verify_conditional_blocks(struct cil_tree_node *current);
+int cil_verify_decl_does_not_shadow_macro_parameter(struct cil_macro *macro, struct cil_tree_node *node, const char *name);
int cil_verify_no_self_reference(struct cil_symtab_datum *datum, struct cil_list *datum_list);
int __cil_verify_ranges(struct cil_list *list);
int __cil_verify_ordered_node_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args);
--
2.26.3
next prev parent reply other threads:[~2021-04-08 19:16 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-08 19:16 [PATCH 00/11] Various CIL patches James Carter
2021-04-08 19:16 ` [PATCH 01/11] libsepol/cil: Fix out-of-bound read of file context pattern ending with "\" James Carter
2021-04-08 19:16 ` [PATCH 02/11] libsepol/cil: Destroy classperms list when resetting classpermission James Carter
2021-04-08 19:16 ` [PATCH 03/11] libsepol/cil: Destroy classperm list when resetting map perms James Carter
2021-04-08 19:16 ` [PATCH 04/11] libsepol/cil: cil_reset_classperms_set() should not reset classpermission James Carter
2021-04-08 19:16 ` [PATCH 05/11] libsepol/cil: Set class field to NULL when resetting struct cil_classperms James Carter
2021-04-08 19:16 ` [PATCH 06/11] libsepol/cil: More strict verification of constraint leaf expressions James Carter
2021-04-08 19:16 ` [PATCH 07/11 v2] libsepol/cil: Exit with an error if declaration name is a reserved word James Carter
2021-04-08 19:16 ` [PATCH 08/11] libsepol/cil: Allow permission expressions when using map classes James Carter
2021-04-08 19:16 ` [PATCH 09/11] libsepol/cil: Refactor helper function for cil_gen_node() James Carter
2021-04-08 19:16 ` [PATCH 10/11] libsepol/cil: Create function cil_add_decl_to_symtab() and refactor James Carter
2021-04-08 19:16 ` James Carter [this message]
2021-04-15 20:44 ` [PATCH 00/11] Various CIL patches James Carter
2021-04-19 16:20 ` Petr Lautrbach
2021-04-19 18:24 ` James Carter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210408191614.262173-12-jwcart2@gmail.com \
--to=jwcart2@gmail.com \
--cc=nicolas.iooss@m4x.org \
--cc=selinux@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.