[PATCH 1/3] libsepol: remove unused files

[PATCH 1/3] libsepol: remove unused files

[Nicolas Iooss]

libsepol/src/roles.c contains functions which do not match its header
file libsepol/include/sepol/roles.h:

    // In roles.c
    int sepol_role_exists(sepol_handle_t * handle __attribute__ ((unused)),
                          sepol_policydb_t * p, const char *role, int *response)
    // In roles.h
    extern int sepol_role_exists(const sepol_policydb_t * policydb,
                                 const char *role, int *response);

and:

    // In roles.c
    int sepol_role_list(sepol_handle_t * handle,
                        sepol_policydb_t * p, char ***roles, unsigned int *nroles)
    // In roles.h
    extern int sepol_role_list(const sepol_policydb_t * policydb,
                               char ***roles, unsigned int *nroles);

Instead of fixing the parameter type (using sepol_handle_t or
sepol_policydb_t but not different ones), remove these functions, as
they appear not to be used. They are not exported in libsepol.so.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/include/sepol/roles.h | 18 ------------
 libsepol/src/roles.c           | 53 ----------------------------------
 2 files changed, 71 deletions(-)
 delete mode 100644 libsepol/include/sepol/roles.h
 delete mode 100644 libsepol/src/roles.c

diff --git a/libsepol/include/sepol/roles.h b/libsepol/include/sepol/roles.h
deleted file mode 100644
index e750078c8dab..000000000000
--- a/libsepol/include/sepol/roles.h
+++ /dev/null
@@ -1,18 +0,0 @@
-#ifndef _SEPOL_ROLES_H_
-#define _SEPOL_ROLES_H_
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-extern int sepol_role_exists(const sepol_policydb_t * policydb,
-			     const char *role, int *response);
-
-extern int sepol_role_list(const sepol_policydb_t * policydb,
-			   char ***roles, unsigned int *nroles);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/libsepol/src/roles.c b/libsepol/src/roles.c
deleted file mode 100644
index 4540cee80e19..000000000000
--- a/libsepol/src/roles.c
+++ /dev/null
@@ -1,53 +0,0 @@
-#include <stdlib.h>
-#include <string.h>
-
-#include <sepol/policydb/hashtab.h>
-#include <sepol/policydb/policydb.h>
-
-#include "debug.h"
-#include "handle.h"
-
-/* Check if a role exists */
-int sepol_role_exists(sepol_handle_t * handle __attribute__ ((unused)),
-		      sepol_policydb_t * p, const char *role, int *response)
-{
-
-	policydb_t *policydb = &p->p;
-	*response = (hashtab_search(policydb->p_roles.table, role) != NULL);
-
-	return STATUS_SUCCESS;
-}
-
-/* Fill an array with all valid roles */
-int sepol_role_list(sepol_handle_t * handle,
-		    sepol_policydb_t * p, char ***roles, unsigned int *nroles)
-{
-
-	policydb_t *policydb = &p->p;
-	unsigned int tmp_nroles = policydb->p_roles.nprim;
-	char **tmp_roles = (char **)malloc(tmp_nroles * sizeof(char *));
-	char **ptr;
-	unsigned int i;
-	if (!tmp_roles)
-		goto omem;
-
-	for (i = 0; i < tmp_nroles; i++) {
-		tmp_roles[i] = strdup(policydb->p_role_val_to_name[i]);
-		if (!tmp_roles[i])
-			goto omem;
-	}
-
-	*nroles = tmp_nroles;
-	*roles = tmp_roles;
-
-	return STATUS_SUCCESS;
-
-      omem:
-	ERR(handle, "out of memory, could not list roles");
-
-	ptr = tmp_roles;
-	while (ptr && *ptr)
-		free(*ptr++);
-	free(tmp_roles);
-	return STATUS_ERR;
-}
-- 
2.30.0

[PATCH 2/3] libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check

[Nicolas Iooss]

In libsepol/src/mls.c, functions sepol_mls_contains and sepol_mls_check
used "sepol_policydb_t * policydb" even though
libsepol/include/sepol/context.h used "const sepol_policydb_t *
policydb".

Add const qualifiers in mls.c in order to match the header file. Detect
such mismatching error at compile time by including the header file in
mls.c.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/src/mls.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c
index 1ee90cf8dee1..366a1114ce96 100644
--- a/libsepol/src/mls.c
+++ b/libsepol/src/mls.c
@@ -27,6 +27,7 @@
  * Implementation of the multi-level security (MLS) policy.
  */
 
+#include <sepol/context.h>
 #include <sepol/policydb/policydb.h>
 #include <sepol/policydb/services.h>
 #include <sepol/policydb/context.h>
@@ -664,7 +665,7 @@ int mls_compute_sid(policydb_t * policydb,
 }
 
 int sepol_mls_contains(sepol_handle_t * handle,
-		       sepol_policydb_t * policydb,
+		       const sepol_policydb_t * policydb,
 		       const char *mls1, const char *mls2, int *response)
 {
 
@@ -703,7 +704,7 @@ int sepol_mls_contains(sepol_handle_t * handle,
 }
 
 int sepol_mls_check(sepol_handle_t * handle,
-		    sepol_policydb_t * policydb, const char *mls)
+		    const sepol_policydb_t * policydb, const char *mls)
 {
 
 	int ret;
-- 
2.30.0

[PATCH 3/3] libsepol: include header files in source files when matching declarations

[Nicolas Iooss]

It is good practise in C to include the header file that specifies the
prototype of functions which are defined in the source file. Otherwise,
the function prototypes which be different, which could cause unexpected
issues.

Add the include directives to do this.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/cil/src/cil_find.c      | 1 +
 libsepol/cil/src/cil_fqn.c       | 1 +
 libsepol/cil/src/cil_mem.c       | 1 +
 libsepol/cil/src/cil_parser.c    | 1 +
 libsepol/cil/src/cil_policy.c    | 1 +
 libsepol/cil/src/cil_reset_ast.c | 1 +
 libsepol/src/kernel_to_cil.c     | 1 +
 libsepol/src/kernel_to_conf.c    | 1 +
 libsepol/src/services.c          | 1 +
 9 files changed, 9 insertions(+)

diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c
index 638b675db826..3898725f18d5 100644
--- a/libsepol/cil/src/cil_find.c
+++ b/libsepol/cil/src/cil_find.c
@@ -30,6 +30,7 @@
 #include <sepol/policydb/ebitmap.h>
 
 #include "cil_internal.h"
+#include "cil_find.h"
 #include "cil_flavor.h"
 #include "cil_list.h"
 #include "cil_log.h"
diff --git a/libsepol/cil/src/cil_fqn.c b/libsepol/cil/src/cil_fqn.c
index 2e76f8737754..097222a83da9 100644
--- a/libsepol/cil/src/cil_fqn.c
+++ b/libsepol/cil/src/cil_fqn.c
@@ -31,6 +31,7 @@
 #include <stdio.h>
 #include <string.h>
 
+#include "cil_fqn.h"
 #include "cil_internal.h"
 #include "cil_log.h"
 #include "cil_strpool.h"
diff --git a/libsepol/cil/src/cil_mem.c b/libsepol/cil/src/cil_mem.c
index f73021b58d50..8e4a1d246f2c 100644
--- a/libsepol/cil/src/cil_mem.c
+++ b/libsepol/cil/src/cil_mem.c
@@ -33,6 +33,7 @@
 #include <string.h>
 
 #include "cil_log.h"
+#include "cil_mem.h"
 
 void *cil_malloc(size_t size)
 {
diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c
index b62043b95806..0038eed6dd1b 100644
--- a/libsepol/cil/src/cil_parser.c
+++ b/libsepol/cil/src/cil_parser.c
@@ -38,6 +38,7 @@
 #include "cil_mem.h"
 #include "cil_tree.h"
 #include "cil_lexer.h"
+#include "cil_parser.h"
 #include "cil_strpool.h"
 #include "cil_stack.h"
 
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index 06d7d74e54c3..74edb34575ea 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -41,6 +41,7 @@
 #include "cil_flavor.h"
 #include "cil_find.h"
 #include "cil_mem.h"
+#include "cil_policy.h"
 #include "cil_tree.h"
 #include "cil_list.h"
 #include "cil_symtab.h"
diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
index 52e5f64011d2..3da1b9a64167 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -2,6 +2,7 @@
 #include "cil_internal.h"
 #include "cil_log.h"
 #include "cil_list.h"
+#include "cil_reset_ast.h"
 #include "cil_symtab.h"
 
 static inline void cil_reset_classperms_list(struct cil_list *cp_list);
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index c247b32f9e75..a146ac514018 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -16,6 +16,7 @@
 #define IPPROTO_SCTP 132
 #endif
 
+#include <sepol/kernel_to_cil.h>
 #include <sepol/policydb/avtab.h>
 #include <sepol/policydb/conditional.h>
 #include <sepol/policydb/hashtab.h>
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 62bf706c1aa0..a22f196df9e9 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -15,6 +15,7 @@
 #define IPPROTO_SCTP 132
 #endif
 
+#include <sepol/kernel_to_conf.h>
 #include <sepol/policydb/avtab.h>
 #include <sepol/policydb/conditional.h>
 #include <sepol/policydb/hashtab.h>
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 72b39657cd2e..6596431c38e2 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -59,6 +59,7 @@
 #include <sepol/policydb/services.h>
 #include <sepol/policydb/conditional.h>
 #include <sepol/policydb/util.h>
+#include <sepol/sepol.h>
 
 #include "debug.h"
 #include "private.h"
-- 
2.30.0

Re: [PATCH 1/3] libsepol: remove unused files

[James Carter]

On Wed, Feb 3, 2021 at 4:00 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> libsepol/src/roles.c contains functions which do not match its header
> file libsepol/include/sepol/roles.h:
>
>     // In roles.c
>     int sepol_role_exists(sepol_handle_t * handle __attribute__ ((unused)),
>                           sepol_policydb_t * p, const char *role, int *response)
>     // In roles.h
>     extern int sepol_role_exists(const sepol_policydb_t * policydb,
>                                  const char *role, int *response);
>
> and:
>
>     // In roles.c
>     int sepol_role_list(sepol_handle_t * handle,
>                         sepol_policydb_t * p, char ***roles, unsigned int *nroles)
>     // In roles.h
>     extern int sepol_role_list(const sepol_policydb_t * policydb,
>                                char ***roles, unsigned int *nroles);
>
> Instead of fixing the parameter type (using sepol_handle_t or
> sepol_policydb_t but not different ones), remove these functions, as
> they appear not to be used. They are not exported in libsepol.so.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/include/sepol/roles.h | 18 ------------
>  libsepol/src/roles.c           | 53 ----------------------------------
>  2 files changed, 71 deletions(-)
>  delete mode 100644 libsepol/include/sepol/roles.h
>  delete mode 100644 libsepol/src/roles.c
>
> diff --git a/libsepol/include/sepol/roles.h b/libsepol/include/sepol/roles.h
> deleted file mode 100644
> index e750078c8dab..000000000000
> --- a/libsepol/include/sepol/roles.h
> +++ /dev/null
> @@ -1,18 +0,0 @@
> -#ifndef _SEPOL_ROLES_H_
> -#define _SEPOL_ROLES_H_
> -
> -#ifdef __cplusplus
> -extern "C" {
> -#endif
> -
> -extern int sepol_role_exists(const sepol_policydb_t * policydb,
> -                            const char *role, int *response);
> -
> -extern int sepol_role_list(const sepol_policydb_t * policydb,
> -                          char ***roles, unsigned int *nroles);
> -
> -#ifdef __cplusplus
> -}
> -#endif
> -
> -#endif
> diff --git a/libsepol/src/roles.c b/libsepol/src/roles.c
> deleted file mode 100644
> index 4540cee80e19..000000000000
> --- a/libsepol/src/roles.c
> +++ /dev/null
> @@ -1,53 +0,0 @@
> -#include <stdlib.h>
> -#include <string.h>
> -
> -#include <sepol/policydb/hashtab.h>
> -#include <sepol/policydb/policydb.h>
> -
> -#include "debug.h"
> -#include "handle.h"
> -
> -/* Check if a role exists */
> -int sepol_role_exists(sepol_handle_t * handle __attribute__ ((unused)),
> -                     sepol_policydb_t * p, const char *role, int *response)
> -{
> -
> -       policydb_t *policydb = &p->p;
> -       *response = (hashtab_search(policydb->p_roles.table, role) != NULL);
> -
> -       return STATUS_SUCCESS;
> -}
> -
> -/* Fill an array with all valid roles */
> -int sepol_role_list(sepol_handle_t * handle,
> -                   sepol_policydb_t * p, char ***roles, unsigned int *nroles)
> -{
> -
> -       policydb_t *policydb = &p->p;
> -       unsigned int tmp_nroles = policydb->p_roles.nprim;
> -       char **tmp_roles = (char **)malloc(tmp_nroles * sizeof(char *));
> -       char **ptr;
> -       unsigned int i;
> -       if (!tmp_roles)
> -               goto omem;
> -
> -       for (i = 0; i < tmp_nroles; i++) {
> -               tmp_roles[i] = strdup(policydb->p_role_val_to_name[i]);
> -               if (!tmp_roles[i])
> -                       goto omem;
> -       }
> -
> -       *nroles = tmp_nroles;
> -       *roles = tmp_roles;
> -
> -       return STATUS_SUCCESS;
> -
> -      omem:
> -       ERR(handle, "out of memory, could not list roles");
> -
> -       ptr = tmp_roles;
> -       while (ptr && *ptr)
> -               free(*ptr++);
> -       free(tmp_roles);
> -       return STATUS_ERR;
> -}
> --
> 2.30.0
>

Re: [PATCH 2/3] libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check

[James Carter]

On Wed, Feb 3, 2021 at 4:00 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> In libsepol/src/mls.c, functions sepol_mls_contains and sepol_mls_check
> used "sepol_policydb_t * policydb" even though
> libsepol/include/sepol/context.h used "const sepol_policydb_t *
> policydb".
>
> Add const qualifiers in mls.c in order to match the header file. Detect
> such mismatching error at compile time by including the header file in
> mls.c.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/src/mls.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c
> index 1ee90cf8dee1..366a1114ce96 100644
> --- a/libsepol/src/mls.c
> +++ b/libsepol/src/mls.c
> @@ -27,6 +27,7 @@
>   * Implementation of the multi-level security (MLS) policy.
>   */
>
> +#include <sepol/context.h>
>  #include <sepol/policydb/policydb.h>
>  #include <sepol/policydb/services.h>
>  #include <sepol/policydb/context.h>
> @@ -664,7 +665,7 @@ int mls_compute_sid(policydb_t * policydb,
>  }
>
>  int sepol_mls_contains(sepol_handle_t * handle,
> -                      sepol_policydb_t * policydb,
> +                      const sepol_policydb_t * policydb,
>                        const char *mls1, const char *mls2, int *response)
>  {
>
> @@ -703,7 +704,7 @@ int sepol_mls_contains(sepol_handle_t * handle,
>  }
>
>  int sepol_mls_check(sepol_handle_t * handle,
> -                   sepol_policydb_t * policydb, const char *mls)
> +                   const sepol_policydb_t * policydb, const char *mls)
>  {
>
>         int ret;
> --
> 2.30.0
>

Re: [PATCH 3/3] libsepol: include header files in source files when matching declarations

[James Carter]

On Wed, Feb 3, 2021 at 4:00 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
>
> It is good practise in C to include the header file that specifies the
> prototype of functions which are defined in the source file. Otherwise,
> the function prototypes which be different, which could cause unexpected
> issues.
>
> Add the include directives to do this.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/cil/src/cil_find.c      | 1 +
>  libsepol/cil/src/cil_fqn.c       | 1 +
>  libsepol/cil/src/cil_mem.c       | 1 +
>  libsepol/cil/src/cil_parser.c    | 1 +
>  libsepol/cil/src/cil_policy.c    | 1 +
>  libsepol/cil/src/cil_reset_ast.c | 1 +
>  libsepol/src/kernel_to_cil.c     | 1 +
>  libsepol/src/kernel_to_conf.c    | 1 +
>  libsepol/src/services.c          | 1 +
>  9 files changed, 9 insertions(+)
>
> diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c
> index 638b675db826..3898725f18d5 100644
> --- a/libsepol/cil/src/cil_find.c
> +++ b/libsepol/cil/src/cil_find.c
> @@ -30,6 +30,7 @@
>  #include <sepol/policydb/ebitmap.h>
>
>  #include "cil_internal.h"
> +#include "cil_find.h"
>  #include "cil_flavor.h"
>  #include "cil_list.h"
>  #include "cil_log.h"
> diff --git a/libsepol/cil/src/cil_fqn.c b/libsepol/cil/src/cil_fqn.c
> index 2e76f8737754..097222a83da9 100644
> --- a/libsepol/cil/src/cil_fqn.c
> +++ b/libsepol/cil/src/cil_fqn.c
> @@ -31,6 +31,7 @@
>  #include <stdio.h>
>  #include <string.h>
>
> +#include "cil_fqn.h"
>  #include "cil_internal.h"
>  #include "cil_log.h"
>  #include "cil_strpool.h"
> diff --git a/libsepol/cil/src/cil_mem.c b/libsepol/cil/src/cil_mem.c
> index f73021b58d50..8e4a1d246f2c 100644
> --- a/libsepol/cil/src/cil_mem.c
> +++ b/libsepol/cil/src/cil_mem.c
> @@ -33,6 +33,7 @@
>  #include <string.h>
>
>  #include "cil_log.h"
> +#include "cil_mem.h"
>
>  void *cil_malloc(size_t size)
>  {
> diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c
> index b62043b95806..0038eed6dd1b 100644
> --- a/libsepol/cil/src/cil_parser.c
> +++ b/libsepol/cil/src/cil_parser.c
> @@ -38,6 +38,7 @@
>  #include "cil_mem.h"
>  #include "cil_tree.h"
>  #include "cil_lexer.h"
> +#include "cil_parser.h"
>  #include "cil_strpool.h"
>  #include "cil_stack.h"
>
> diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
> index 06d7d74e54c3..74edb34575ea 100644
> --- a/libsepol/cil/src/cil_policy.c
> +++ b/libsepol/cil/src/cil_policy.c
> @@ -41,6 +41,7 @@
>  #include "cil_flavor.h"
>  #include "cil_find.h"
>  #include "cil_mem.h"
> +#include "cil_policy.h"
>  #include "cil_tree.h"
>  #include "cil_list.h"
>  #include "cil_symtab.h"
> diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
> index 52e5f64011d2..3da1b9a64167 100644
> --- a/libsepol/cil/src/cil_reset_ast.c
> +++ b/libsepol/cil/src/cil_reset_ast.c
> @@ -2,6 +2,7 @@
>  #include "cil_internal.h"
>  #include "cil_log.h"
>  #include "cil_list.h"
> +#include "cil_reset_ast.h"
>  #include "cil_symtab.h"
>
>  static inline void cil_reset_classperms_list(struct cil_list *cp_list);
> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> index c247b32f9e75..a146ac514018 100644
> --- a/libsepol/src/kernel_to_cil.c
> +++ b/libsepol/src/kernel_to_cil.c
> @@ -16,6 +16,7 @@
>  #define IPPROTO_SCTP 132
>  #endif
>
> +#include <sepol/kernel_to_cil.h>
>  #include <sepol/policydb/avtab.h>
>  #include <sepol/policydb/conditional.h>
>  #include <sepol/policydb/hashtab.h>
> diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> index 62bf706c1aa0..a22f196df9e9 100644
> --- a/libsepol/src/kernel_to_conf.c
> +++ b/libsepol/src/kernel_to_conf.c
> @@ -15,6 +15,7 @@
>  #define IPPROTO_SCTP 132
>  #endif
>
> +#include <sepol/kernel_to_conf.h>
>  #include <sepol/policydb/avtab.h>
>  #include <sepol/policydb/conditional.h>
>  #include <sepol/policydb/hashtab.h>
> diff --git a/libsepol/src/services.c b/libsepol/src/services.c
> index 72b39657cd2e..6596431c38e2 100644
> --- a/libsepol/src/services.c
> +++ b/libsepol/src/services.c
> @@ -59,6 +59,7 @@
>  #include <sepol/policydb/services.h>
>  #include <sepol/policydb/conditional.h>
>  #include <sepol/policydb/util.h>
> +#include <sepol/sepol.h>
>
>  #include "debug.h"
>  #include "private.h"
> --
> 2.30.0
>

Re: [PATCH 1/3] libsepol: remove unused files

[Nicolas Iooss]

On Thu, Feb 4, 2021 at 8:21 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, Feb 3, 2021 at 4:00 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
> >
> > libsepol/src/roles.c contains functions which do not match its header
> > file libsepol/include/sepol/roles.h:
> >
> >     // In roles.c
> >     int sepol_role_exists(sepol_handle_t * handle __attribute__ ((unused)),
> >                           sepol_policydb_t * p, const char *role, int *response)
> >     // In roles.h
> >     extern int sepol_role_exists(const sepol_policydb_t * policydb,
> >                                  const char *role, int *response);
> >
> > and:
> >
> >     // In roles.c
> >     int sepol_role_list(sepol_handle_t * handle,
> >                         sepol_policydb_t * p, char ***roles, unsigned int *nroles)
> >     // In roles.h
> >     extern int sepol_role_list(const sepol_policydb_t * policydb,
> >                                char ***roles, unsigned int *nroles);
> >
> > Instead of fixing the parameter type (using sepol_handle_t or
> > sepol_policydb_t but not different ones), remove these functions, as
> > they appear not to be used. They are not exported in libsepol.so.
> >
> > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>
> Acked-by: James Carter <jwcart2@gmail.com>

Merged.
Nicolas

> > ---
> >  libsepol/include/sepol/roles.h | 18 ------------
> >  libsepol/src/roles.c           | 53 ----------------------------------
> >  2 files changed, 71 deletions(-)
> >  delete mode 100644 libsepol/include/sepol/roles.h
> >  delete mode 100644 libsepol/src/roles.c
> >
> > diff --git a/libsepol/include/sepol/roles.h b/libsepol/include/sepol/roles.h
> > deleted file mode 100644
> > index e750078c8dab..000000000000
> > --- a/libsepol/include/sepol/roles.h
> > +++ /dev/null
> > @@ -1,18 +0,0 @@
> > -#ifndef _SEPOL_ROLES_H_
> > -#define _SEPOL_ROLES_H_
> > -
> > -#ifdef __cplusplus
> > -extern "C" {
> > -#endif
> > -
> > -extern int sepol_role_exists(const sepol_policydb_t * policydb,
> > -                            const char *role, int *response);
> > -
> > -extern int sepol_role_list(const sepol_policydb_t * policydb,
> > -                          char ***roles, unsigned int *nroles);
> > -
> > -#ifdef __cplusplus
> > -}
> > -#endif
> > -
> > -#endif
> > diff --git a/libsepol/src/roles.c b/libsepol/src/roles.c
> > deleted file mode 100644
> > index 4540cee80e19..000000000000
> > --- a/libsepol/src/roles.c
> > +++ /dev/null
> > @@ -1,53 +0,0 @@
> > -#include <stdlib.h>
> > -#include <string.h>
> > -
> > -#include <sepol/policydb/hashtab.h>
> > -#include <sepol/policydb/policydb.h>
> > -
> > -#include "debug.h"
> > -#include "handle.h"
> > -
> > -/* Check if a role exists */
> > -int sepol_role_exists(sepol_handle_t * handle __attribute__ ((unused)),
> > -                     sepol_policydb_t * p, const char *role, int *response)
> > -{
> > -
> > -       policydb_t *policydb = &p->p;
> > -       *response = (hashtab_search(policydb->p_roles.table, role) != NULL);
> > -
> > -       return STATUS_SUCCESS;
> > -}
> > -
> > -/* Fill an array with all valid roles */
> > -int sepol_role_list(sepol_handle_t * handle,
> > -                   sepol_policydb_t * p, char ***roles, unsigned int *nroles)
> > -{
> > -
> > -       policydb_t *policydb = &p->p;
> > -       unsigned int tmp_nroles = policydb->p_roles.nprim;
> > -       char **tmp_roles = (char **)malloc(tmp_nroles * sizeof(char *));
> > -       char **ptr;
> > -       unsigned int i;
> > -       if (!tmp_roles)
> > -               goto omem;
> > -
> > -       for (i = 0; i < tmp_nroles; i++) {
> > -               tmp_roles[i] = strdup(policydb->p_role_val_to_name[i]);
> > -               if (!tmp_roles[i])
> > -                       goto omem;
> > -       }
> > -
> > -       *nroles = tmp_nroles;
> > -       *roles = tmp_roles;
> > -
> > -       return STATUS_SUCCESS;
> > -
> > -      omem:
> > -       ERR(handle, "out of memory, could not list roles");
> > -
> > -       ptr = tmp_roles;
> > -       while (ptr && *ptr)
> > -               free(*ptr++);
> > -       free(tmp_roles);
> > -       return STATUS_ERR;
> > -}
> > --
> > 2.30.0
> >

Re: [PATCH 2/3] libsepol: uniformize prototypes of sepol_mls_contains and sepol_mls_check

[Nicolas Iooss]

On Thu, Feb 4, 2021 at 8:21 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, Feb 3, 2021 at 4:00 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
> >
> > In libsepol/src/mls.c, functions sepol_mls_contains and sepol_mls_check
> > used "sepol_policydb_t * policydb" even though
> > libsepol/include/sepol/context.h used "const sepol_policydb_t *
> > policydb".
> >
> > Add const qualifiers in mls.c in order to match the header file. Detect
> > such mismatching error at compile time by including the header file in
> > mls.c.
> >
> > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>
> Acked-by: James Carter <jwcart2@gmail.com>

Merged.
Nicolas

> > ---
> >  libsepol/src/mls.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> >
> > diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c
> > index 1ee90cf8dee1..366a1114ce96 100644
> > --- a/libsepol/src/mls.c
> > +++ b/libsepol/src/mls.c
> > @@ -27,6 +27,7 @@
> >   * Implementation of the multi-level security (MLS) policy.
> >   */
> >
> > +#include <sepol/context.h>
> >  #include <sepol/policydb/policydb.h>
> >  #include <sepol/policydb/services.h>
> >  #include <sepol/policydb/context.h>
> > @@ -664,7 +665,7 @@ int mls_compute_sid(policydb_t * policydb,
> >  }
> >
> >  int sepol_mls_contains(sepol_handle_t * handle,
> > -                      sepol_policydb_t * policydb,
> > +                      const sepol_policydb_t * policydb,
> >                        const char *mls1, const char *mls2, int *response)
> >  {
> >
> > @@ -703,7 +704,7 @@ int sepol_mls_contains(sepol_handle_t * handle,
> >  }
> >
> >  int sepol_mls_check(sepol_handle_t * handle,
> > -                   sepol_policydb_t * policydb, const char *mls)
> > +                   const sepol_policydb_t * policydb, const char *mls)
> >  {
> >
> >         int ret;
> > --
> > 2.30.0
> >

Re: [PATCH 3/3] libsepol: include header files in source files when matching declarations

[Nicolas Iooss]

On Thu, Feb 4, 2021 at 8:22 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, Feb 3, 2021 at 4:00 AM Nicolas Iooss <nicolas.iooss@m4x.org> wrote:
> >
> > It is good practise in C to include the header file that specifies the
> > prototype of functions which are defined in the source file. Otherwise,
> > the function prototypes which be different, which could cause unexpected
> > issues.
> >
> > Add the include directives to do this.
> >
> > Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
>
> Acked-by: James Carter <jwcart2@gmail.com>

Merged.
Nicolas

> > ---
> >  libsepol/cil/src/cil_find.c      | 1 +
> >  libsepol/cil/src/cil_fqn.c       | 1 +
> >  libsepol/cil/src/cil_mem.c       | 1 +
> >  libsepol/cil/src/cil_parser.c    | 1 +
> >  libsepol/cil/src/cil_policy.c    | 1 +
> >  libsepol/cil/src/cil_reset_ast.c | 1 +
> >  libsepol/src/kernel_to_cil.c     | 1 +
> >  libsepol/src/kernel_to_conf.c    | 1 +
> >  libsepol/src/services.c          | 1 +
> >  9 files changed, 9 insertions(+)
> >
> > diff --git a/libsepol/cil/src/cil_find.c b/libsepol/cil/src/cil_find.c
> > index 638b675db826..3898725f18d5 100644
> > --- a/libsepol/cil/src/cil_find.c
> > +++ b/libsepol/cil/src/cil_find.c
> > @@ -30,6 +30,7 @@
> >  #include <sepol/policydb/ebitmap.h>
> >
> >  #include "cil_internal.h"
> > +#include "cil_find.h"
> >  #include "cil_flavor.h"
> >  #include "cil_list.h"
> >  #include "cil_log.h"
> > diff --git a/libsepol/cil/src/cil_fqn.c b/libsepol/cil/src/cil_fqn.c
> > index 2e76f8737754..097222a83da9 100644
> > --- a/libsepol/cil/src/cil_fqn.c
> > +++ b/libsepol/cil/src/cil_fqn.c
> > @@ -31,6 +31,7 @@
> >  #include <stdio.h>
> >  #include <string.h>
> >
> > +#include "cil_fqn.h"
> >  #include "cil_internal.h"
> >  #include "cil_log.h"
> >  #include "cil_strpool.h"
> > diff --git a/libsepol/cil/src/cil_mem.c b/libsepol/cil/src/cil_mem.c
> > index f73021b58d50..8e4a1d246f2c 100644
> > --- a/libsepol/cil/src/cil_mem.c
> > +++ b/libsepol/cil/src/cil_mem.c
> > @@ -33,6 +33,7 @@
> >  #include <string.h>
> >
> >  #include "cil_log.h"
> > +#include "cil_mem.h"
> >
> >  void *cil_malloc(size_t size)
> >  {
> > diff --git a/libsepol/cil/src/cil_parser.c b/libsepol/cil/src/cil_parser.c
> > index b62043b95806..0038eed6dd1b 100644
> > --- a/libsepol/cil/src/cil_parser.c
> > +++ b/libsepol/cil/src/cil_parser.c
> > @@ -38,6 +38,7 @@
> >  #include "cil_mem.h"
> >  #include "cil_tree.h"
> >  #include "cil_lexer.h"
> > +#include "cil_parser.h"
> >  #include "cil_strpool.h"
> >  #include "cil_stack.h"
> >
> > diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
> > index 06d7d74e54c3..74edb34575ea 100644
> > --- a/libsepol/cil/src/cil_policy.c
> > +++ b/libsepol/cil/src/cil_policy.c
> > @@ -41,6 +41,7 @@
> >  #include "cil_flavor.h"
> >  #include "cil_find.h"
> >  #include "cil_mem.h"
> > +#include "cil_policy.h"
> >  #include "cil_tree.h"
> >  #include "cil_list.h"
> >  #include "cil_symtab.h"
> > diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
> > index 52e5f64011d2..3da1b9a64167 100644
> > --- a/libsepol/cil/src/cil_reset_ast.c
> > +++ b/libsepol/cil/src/cil_reset_ast.c
> > @@ -2,6 +2,7 @@
> >  #include "cil_internal.h"
> >  #include "cil_log.h"
> >  #include "cil_list.h"
> > +#include "cil_reset_ast.h"
> >  #include "cil_symtab.h"
> >
> >  static inline void cil_reset_classperms_list(struct cil_list *cp_list);
> > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> > index c247b32f9e75..a146ac514018 100644
> > --- a/libsepol/src/kernel_to_cil.c
> > +++ b/libsepol/src/kernel_to_cil.c
> > @@ -16,6 +16,7 @@
> >  #define IPPROTO_SCTP 132
> >  #endif
> >
> > +#include <sepol/kernel_to_cil.h>
> >  #include <sepol/policydb/avtab.h>
> >  #include <sepol/policydb/conditional.h>
> >  #include <sepol/policydb/hashtab.h>
> > diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> > index 62bf706c1aa0..a22f196df9e9 100644
> > --- a/libsepol/src/kernel_to_conf.c
> > +++ b/libsepol/src/kernel_to_conf.c
> > @@ -15,6 +15,7 @@
> >  #define IPPROTO_SCTP 132
> >  #endif
> >
> > +#include <sepol/kernel_to_conf.h>
> >  #include <sepol/policydb/avtab.h>
> >  #include <sepol/policydb/conditional.h>
> >  #include <sepol/policydb/hashtab.h>
> > diff --git a/libsepol/src/services.c b/libsepol/src/services.c
> > index 72b39657cd2e..6596431c38e2 100644
> > --- a/libsepol/src/services.c
> > +++ b/libsepol/src/services.c
> > @@ -59,6 +59,7 @@
> >  #include <sepol/policydb/services.h>
> >  #include <sepol/policydb/conditional.h>
> >  #include <sepol/policydb/util.h>
> > +#include <sepol/sepol.h>
> >
> >  #include "debug.h"
> >  #include "private.h"
> > --
> > 2.30.0
> >