* [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const
@ 2021-09-28 15:46 Christian Göttsche
2021-09-28 15:46 ` [PATCH 2/9] libsepol: use correct cast Christian Göttsche
` (8 more replies)
0 siblings, 9 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
Mark pointers to nodes of const ebitmaps also const. C does not enforce
a transitive const-ness, but it clarifies the intent and improves
maintainability.
Follow-up of 390ec54d278a
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/ebitmap.c | 16 +++++++++-------
1 file changed, 9 insertions(+), 7 deletions(-)
diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c
index 4e9acdf8..1de3816a 100644
--- a/libsepol/src/ebitmap.c
+++ b/libsepol/src/ebitmap.c
@@ -17,7 +17,8 @@
int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2)
{
- ebitmap_node_t *n1, *n2, *new, *prev;
+ const ebitmap_node_t *n1, *n2;
+ ebitmap_node_t *new, *prev;
ebitmap_init(dst);
@@ -154,7 +155,7 @@ int ebitmap_hamming_distance(const ebitmap_t * e1, const ebitmap_t * e2)
int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
{
- ebitmap_node_t *n1, *n2;
+ const ebitmap_node_t *n1, *n2;
if (e1->highbit != e2->highbit)
return 0;
@@ -175,7 +176,8 @@ int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
{
- ebitmap_node_t *n, *new, *prev;
+ const ebitmap_node_t *n;
+ ebitmap_node_t *new, *prev;
ebitmap_init(dst);
n = src->node;
@@ -204,7 +206,7 @@ int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
{
- ebitmap_node_t *n1, *n2;
+ const ebitmap_node_t *n1, *n2;
if (e1->highbit < e2->highbit)
return 0;
@@ -231,8 +233,8 @@ int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
int ebitmap_match_any(const ebitmap_t *e1, const ebitmap_t *e2)
{
- ebitmap_node_t *n1 = e1->node;
- ebitmap_node_t *n2 = e2->node;
+ const ebitmap_node_t *n1 = e1->node;
+ const ebitmap_node_t *n2 = e2->node;
while (n1 && n2) {
if (n1->startbit < n2->startbit) {
@@ -253,7 +255,7 @@ int ebitmap_match_any(const ebitmap_t *e1, const ebitmap_t *e2)
int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit)
{
- ebitmap_node_t *n;
+ const ebitmap_node_t *n;
if (e->highbit < bit)
return 0;
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 2/9] libsepol: use correct cast
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-28 15:46 ` [PATCH 3/9] libsepol: resolve GCC warning about null-dereference Christian Göttsche
` (7 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
The function hashtab_insert takes the type hashtab_datum_t (alias void*)
as third argument. Do not cast to hashtab_datum_t* alias void**. The
casts could be dropped, as explicit casting to void* is unnecessary, but
to fit the overall style of this file keep the casts.
expand.c:246:41: error: cast from 'perm_datum_t *' (aka 'struct perm_datum *') to 'hashtab_datum_t *' (aka 'void **') increases required alignment from 4 to 8 [-Werror,-Wcast-align]
ret = hashtab_insert(s->table, new_id, (hashtab_datum_t *) new_perm);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/expand.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index aac5b35f..a6a466f7 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -243,7 +243,7 @@ static int perm_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
new_perm->s.value = perm->s.value;
s->nprim++;
- ret = hashtab_insert(s->table, new_id, (hashtab_datum_t *) new_perm);
+ ret = hashtab_insert(s->table, new_id, (hashtab_datum_t) new_perm);
if (ret) {
free(new_id);
free(new_perm);
@@ -294,7 +294,7 @@ static int common_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
ret =
hashtab_insert(state->out->p_commons.table, new_id,
- (hashtab_datum_t *) new_common);
+ (hashtab_datum_t) new_common);
if (ret) {
ERR(state->handle, "hashtab overflow");
free(new_common);
@@ -492,7 +492,7 @@ static int class_copy_callback(hashtab_key_t key, hashtab_datum_t datum,
ret =
hashtab_insert(state->out->p_classes.table, new_id,
- (hashtab_datum_t *) new_class);
+ (hashtab_datum_t) new_class);
if (ret) {
ERR(state->handle, "hashtab overflow");
free(new_class);
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 3/9] libsepol: resolve GCC warning about null-dereference
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
2021-09-28 15:46 ` [PATCH 2/9] libsepol: use correct cast Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-28 15:46 ` [PATCH 4/9] libsepol/cil: silence clang void-pointer-to-enum-cast warning Christian Göttsche
` (6 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
GCC reports a NULL dereference of the return value of stack_peek(). This
function explicitly returns NULL in case of 'stack->pos == -1'.
Error out on NULL returned.
module_to_cil.c: In function ‘block_to_cil’:
module_to_cil.c:3357:55: error: potential null pointer dereference [-Werror=null-dereference]
3357 | struct list *alias_list = typealias_lists[decl->decl_id];
| ~~~~^~~~~~~~~
There are more occurrences of unconditionally dereferencing the return
value of stack_peek(), but the callers should ensure a valid stack, so
just silence this single warning.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/src/module_to_cil.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 3c8ba10a..16e4004e 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -3354,9 +3354,14 @@ static int typealiases_to_cil(int indent, struct policydb *pdb, struct avrule_bl
char *type_name;
struct list_node *curr;
struct avrule_decl *decl = stack_peek(decl_stack);
- struct list *alias_list = typealias_lists[decl->decl_id];
+ struct list *alias_list;
int rc = -1;
+ if (decl == NULL) {
+ return -1;
+ }
+
+ alias_list = typealias_lists[decl->decl_id];
if (alias_list == NULL) {
return 0;
}
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 4/9] libsepol/cil: silence clang void-pointer-to-enum-cast warning
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
2021-09-28 15:46 ` [PATCH 2/9] libsepol: use correct cast Christian Göttsche
2021-09-28 15:46 ` [PATCH 3/9] libsepol: resolve GCC warning about null-dereference Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-28 15:46 ` [PATCH 5/9] checkpolicy: policy_define: cleanup declarations Christian Göttsche
` (5 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
Add an intermediate cast to uintptr_t to silence the clang specific
warning about casting a void pointer to an enum.
../cil/src/cil_verify.c:1749:28: error: cast to smaller integer type 'enum cil_flavor' from 'void *' [-Werror,-Wvoid-pointer-to-enum-cast]
enum cil_flavor op = (enum cil_flavor)i->data;
^~~~~~~~~~~~~~~~~~~~~~~~
Similar to 32f8ed3d6b0b.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libsepol/cil/src/cil_verify.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
index dc29ea66..d994d717 100644
--- a/libsepol/cil/src/cil_verify.c
+++ b/libsepol/cil/src/cil_verify.c
@@ -1746,7 +1746,7 @@ static int __cil_verify_classperms(struct cil_list *classperms,
goto exit;
}
} else {
- enum cil_flavor op = (enum cil_flavor)i->data;
+ enum cil_flavor op = (enum cil_flavor)(uintptr_t)i->data;
if (op == CIL_ALL) {
struct cil_class *mc = cp->class;
struct cil_list *perm_list;
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 5/9] checkpolicy: policy_define: cleanup declarations
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
` (2 preceding siblings ...)
2021-09-28 15:46 ` [PATCH 4/9] libsepol/cil: silence clang void-pointer-to-enum-cast warning Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-28 15:46 ` [PATCH 6/9] checkpolicy: print reason of fopen failure Christian Göttsche
` (4 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
The variable curfile is nowhere used.
Static functions do not need to be forward declared if not used before
their definition.
The error buffer errormsg can be a simple scoped variable. Also
vsnprintf(3) always NUL-terminates the buffer, so the whole length can
be passed.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/policy_define.c | 10 ++--------
1 file changed, 2 insertions(+), 8 deletions(-)
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 185d5704..cda3337b 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -67,7 +67,6 @@ extern void yyerror2(const char *fmt, ...);
policydb_t *policydbp;
queue_t id_queue = 0;
unsigned int pass;
-char *curfile = 0;
int mlspol = 0;
extern unsigned long policydb_lineno;
@@ -78,12 +77,6 @@ extern char source_file[PATH_MAX];
extern int yywarn(const char *msg);
extern int yyerror(const char *msg);
-#define ERRORMSG_LEN 255
-static char errormsg[ERRORMSG_LEN + 1] = {0};
-
-static int id_has_dot(const char *id);
-static int parse_security_context(context_struct_t *c);
-
/* initialize all of the state variables for the scanner/parser */
void init_parser(int pass_number)
{
@@ -95,9 +88,10 @@ void init_parser(int pass_number)
void yyerror2(const char *fmt, ...)
{
+ char errormsg[256];
va_list ap;
va_start(ap, fmt);
- vsnprintf(errormsg, ERRORMSG_LEN, fmt, ap);
+ vsnprintf(errormsg, sizeof(errormsg), fmt, ap);
yyerror(errormsg);
va_end(ap);
}
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 6/9] checkpolicy: print reason of fopen failure
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
` (3 preceding siblings ...)
2021-09-28 15:46 ` [PATCH 5/9] checkpolicy: policy_define: cleanup declarations Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-28 15:46 ` [PATCH 7/9] checkpolicy: update documentation Christian Göttsche
` (3 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
Print the reason why opening a source policy file failed, e.g:
checkpolicy: unable to open policy.conf: No such file or directory
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/parse_util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/checkpolicy/parse_util.c b/checkpolicy/parse_util.c
index 1795e93c..8c1f393c 100644
--- a/checkpolicy/parse_util.c
+++ b/checkpolicy/parse_util.c
@@ -36,7 +36,7 @@ int read_source_policy(policydb_t * p, const char *file, const char *progname)
{
yyin = fopen(file, "r");
if (!yyin) {
- fprintf(stderr, "%s: unable to open %s\n", progname, file);
+ fprintf(stderr, "%s: unable to open %s: %s\n", progname, file, strerror(errno));
return -1;
}
set_source_file(file);
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 7/9] checkpolicy: update documentation
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
` (4 preceding siblings ...)
2021-09-28 15:46 ` [PATCH 6/9] checkpolicy: print reason of fopen failure Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-28 15:46 ` [PATCH 8/9] checkpolicy: drop incorrect cast Christian Göttsche
` (2 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
Add missing command-line arguments to synopsis and highlight mentions of
other tools in man pages.
Add missing space between arguments in help message.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/checkmodule.8 | 11 +++++++----
checkpolicy/checkpolicy.8 | 8 +++++---
checkpolicy/checkpolicy.c | 2 +-
3 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8
index c4b1592b..1061a6f2 100644
--- a/checkpolicy/checkmodule.8
+++ b/checkpolicy/checkmodule.8
@@ -3,7 +3,7 @@
checkmodule \- SELinux policy module compiler
.SH SYNOPSIS
.B checkmodule
-.I "[\-h] [\-b] [\-C] [\-m] [\-M] [\-U handle_unknown ] [\-V] [\-o output_file] [input_file]"
+.I "[\-h] [\-b] [\-c policy_version] [\-C] [\-E] [\-m] [\-M] [\-U handle_unknown] [\-V] [\-o output_file] [input_file]"
.SH "DESCRIPTION"
This manual page describes the
.BR checkmodule
@@ -15,9 +15,12 @@ into a binary representation. It can generate either a base policy
module (default) or a non-base policy module (\-m option); typically,
you would build a non-base policy module to add to an existing module
store that already has a base module provided by the base policy. Use
-semodule_package to combine this module with its optional file
-contexts to create a policy package, and then use semodule to install
-the module package into the module store and load the resulting policy.
+.B semodule_package(8)
+to combine this module with its optional file
+contexts to create a policy package, and then use
+.B semodule(8)
+to install the module package into the module store and load the resulting
+policy.
.SH OPTIONS
.TP
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index f4e6fb24..2984c238 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -3,7 +3,7 @@
checkpolicy \- SELinux policy compiler
.SH SYNOPSIS
.B checkpolicy
-.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
+.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-O] [\-E] [\-V] [input_file]"
.br
.SH "DESCRIPTION"
This manual page describes the
@@ -13,8 +13,10 @@ command.
.B checkpolicy
is a program that checks and compiles a SELinux security policy configuration
into a binary representation that can be loaded into the kernel. If no
-input file name is specified, checkpolicy will attempt to read from
-policy.conf or policy, depending on whether the \-b flag is specified.
+input file name is specified,
+.B checkpolicy
+will attempt to read from policy.conf or policy, depending on whether the \-b
+flag is specified.
.SH OPTIONS
.TP
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 9459486b..6740c6d4 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -109,7 +109,7 @@ static __attribute__((__noreturn__)) void usage(const char *progname)
{
printf
("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
- "[-c policyvers (%d-%d)] [-o output_file|-] [-S] [-O]"
+ "[-c policyvers (%d-%d)] [-o output_file|-] [-S] [-O] "
"[-t target_platform (selinux,xen)] [-E] [-V] [input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 8/9] checkpolicy: drop incorrect cast
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
` (5 preceding siblings ...)
2021-09-28 15:46 ` [PATCH 7/9] checkpolicy: update documentation Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-28 15:46 ` [PATCH 9/9] checkpolicy: delay down-cast to avoid align warning Christian Göttsche
2021-09-30 19:40 ` [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const James Carter
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
The function require_symbol takes the type hashtab_datum_t (alias void*)
as third argument. Do not cast to hashtab_datum_t* alias void**. Since
explicit casting to void* is unnecessary, drop the casts.
module_compiler.c:1002:36: warning: cast from 'cond_bool_datum_t *' (aka 'struct cond_bool_datum *') to 'hashtab_datum_t *' (aka 'void **') increases required alignment from 4 to 8 [-Wcast-align]
require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum,
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
module_compiler.c:1092:40: warning: cast from 'cat_datum_t *' (aka 'struct cat_datum *') to 'hashtab_datum_t *' (aka 'void **') increases required alignment from 4 to 8 [-Wcast-align]
retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat,
^~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/module_compiler.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c
index e8f15f4e..a1cf9fc4 100644
--- a/checkpolicy/module_compiler.c
+++ b/checkpolicy/module_compiler.c
@@ -999,7 +999,7 @@ static int require_bool_tunable(int pass, int is_tunable)
if (is_tunable)
booldatum->flags |= COND_BOOL_FLAGS_TUNABLE;
retval =
- require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum,
+ require_symbol(SYM_BOOLS, id, booldatum,
&booldatum->s.value, &booldatum->s.value);
if (retval != 0) {
cond_destroy_bool(id, booldatum, NULL);
@@ -1051,7 +1051,7 @@ int require_sens(int pass)
return -1;
}
mls_level_init(level->level);
- retval = require_symbol(SYM_LEVELS, id, (hashtab_datum_t *) level,
+ retval = require_symbol(SYM_LEVELS, id, level,
&level->level->sens, &level->level->sens);
if (retval != 0) {
free(id);
@@ -1089,7 +1089,7 @@ int require_cat(int pass)
}
cat_datum_init(cat);
- retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat,
+ retval = require_symbol(SYM_CATS, id, cat,
&cat->s.value, &cat->s.value);
if (retval != 0) {
free(id);
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* [PATCH 9/9] checkpolicy: delay down-cast to avoid align warning
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
` (6 preceding siblings ...)
2021-09-28 15:46 ` [PATCH 8/9] checkpolicy: drop incorrect cast Christian Göttsche
@ 2021-09-28 15:46 ` Christian Göttsche
2021-09-30 19:40 ` [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const James Carter
8 siblings, 0 replies; 11+ messages in thread
From: Christian Göttsche @ 2021-09-28 15:46 UTC (permalink / raw)
To: selinux
Delay the down-cast from hashtab_datum_t, alias void*, to the actual
type once its kind has been determined.
module_compiler.c:174:19: warning: cast from 'symtab_datum_t *' (aka 'struct symtab_datum *') to 'level_datum_t *' (aka 'struct level_datum *') increases required alignment from 4 to 8 [-Wcast-align]
*dest_value = ((level_datum_t *)s)->level->sens;
^~~~~~~~~~~~~~~~~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
checkpolicy/module_compiler.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c
index a1cf9fc4..5f5b0b19 100644
--- a/checkpolicy/module_compiler.c
+++ b/checkpolicy/module_compiler.c
@@ -165,7 +165,7 @@ static int create_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_
decl->decl_id, dest_value);
if (ret == 1 && dest_value) {
- symtab_datum_t *s =
+ hashtab_datum_t s =
hashtab_search(policydbp->symtab[symbol_type].table,
key);
assert(s != NULL);
@@ -173,7 +173,7 @@ static int create_symbol(uint32_t symbol_type, hashtab_key_t key, hashtab_datum_
if (symbol_type == SYM_LEVELS) {
*dest_value = ((level_datum_t *)s)->level->sens;
} else {
- *dest_value = s->value;
+ *dest_value = ((symtab_datum_t *)s)->value;
}
} else if (ret == -2) {
return -2;
--
2.33.0
^ permalink raw reply related [flat|nested] 11+ messages in thread
* Re: [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
` (7 preceding siblings ...)
2021-09-28 15:46 ` [PATCH 9/9] checkpolicy: delay down-cast to avoid align warning Christian Göttsche
@ 2021-09-30 19:40 ` James Carter
2021-10-04 13:36 ` James Carter
8 siblings, 1 reply; 11+ messages in thread
From: James Carter @ 2021-09-30 19:40 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Tue, Sep 28, 2021 at 11:47 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Mark pointers to nodes of const ebitmaps also const. C does not enforce
> a transitive const-ness, but it clarifies the intent and improves
> maintainability.
>
> Follow-up of 390ec54d278a
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
For all 9 patches:
Acked-by: James Carter <jwcart2@gmail.com>
> ---
> libsepol/src/ebitmap.c | 16 +++++++++-------
> 1 file changed, 9 insertions(+), 7 deletions(-)
>
> diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c
> index 4e9acdf8..1de3816a 100644
> --- a/libsepol/src/ebitmap.c
> +++ b/libsepol/src/ebitmap.c
> @@ -17,7 +17,8 @@
>
> int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2)
> {
> - ebitmap_node_t *n1, *n2, *new, *prev;
> + const ebitmap_node_t *n1, *n2;
> + ebitmap_node_t *new, *prev;
>
> ebitmap_init(dst);
>
> @@ -154,7 +155,7 @@ int ebitmap_hamming_distance(const ebitmap_t * e1, const ebitmap_t * e2)
>
> int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
> {
> - ebitmap_node_t *n1, *n2;
> + const ebitmap_node_t *n1, *n2;
>
> if (e1->highbit != e2->highbit)
> return 0;
> @@ -175,7 +176,8 @@ int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
>
> int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
> {
> - ebitmap_node_t *n, *new, *prev;
> + const ebitmap_node_t *n;
> + ebitmap_node_t *new, *prev;
>
> ebitmap_init(dst);
> n = src->node;
> @@ -204,7 +206,7 @@ int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
>
> int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
> {
> - ebitmap_node_t *n1, *n2;
> + const ebitmap_node_t *n1, *n2;
>
> if (e1->highbit < e2->highbit)
> return 0;
> @@ -231,8 +233,8 @@ int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
>
> int ebitmap_match_any(const ebitmap_t *e1, const ebitmap_t *e2)
> {
> - ebitmap_node_t *n1 = e1->node;
> - ebitmap_node_t *n2 = e2->node;
> + const ebitmap_node_t *n1 = e1->node;
> + const ebitmap_node_t *n2 = e2->node;
>
> while (n1 && n2) {
> if (n1->startbit < n2->startbit) {
> @@ -253,7 +255,7 @@ int ebitmap_match_any(const ebitmap_t *e1, const ebitmap_t *e2)
>
> int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit)
> {
> - ebitmap_node_t *n;
> + const ebitmap_node_t *n;
>
> if (e->highbit < bit)
> return 0;
> --
> 2.33.0
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const
2021-09-30 19:40 ` [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const James Carter
@ 2021-10-04 13:36 ` James Carter
0 siblings, 0 replies; 11+ messages in thread
From: James Carter @ 2021-10-04 13:36 UTC (permalink / raw)
To: Christian Göttsche; +Cc: SElinux list
On Thu, Sep 30, 2021 at 3:40 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Tue, Sep 28, 2021 at 11:47 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Mark pointers to nodes of const ebitmaps also const. C does not enforce
> > a transitive const-ness, but it clarifies the intent and improves
> > maintainability.
> >
> > Follow-up of 390ec54d278a
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For all 9 patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>
All nine patches have been merged.
Thanks,
Jim
> > ---
> > libsepol/src/ebitmap.c | 16 +++++++++-------
> > 1 file changed, 9 insertions(+), 7 deletions(-)
> >
> > diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c
> > index 4e9acdf8..1de3816a 100644
> > --- a/libsepol/src/ebitmap.c
> > +++ b/libsepol/src/ebitmap.c
> > @@ -17,7 +17,8 @@
> >
> > int ebitmap_or(ebitmap_t * dst, const ebitmap_t * e1, const ebitmap_t * e2)
> > {
> > - ebitmap_node_t *n1, *n2, *new, *prev;
> > + const ebitmap_node_t *n1, *n2;
> > + ebitmap_node_t *new, *prev;
> >
> > ebitmap_init(dst);
> >
> > @@ -154,7 +155,7 @@ int ebitmap_hamming_distance(const ebitmap_t * e1, const ebitmap_t * e2)
> >
> > int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
> > {
> > - ebitmap_node_t *n1, *n2;
> > + const ebitmap_node_t *n1, *n2;
> >
> > if (e1->highbit != e2->highbit)
> > return 0;
> > @@ -175,7 +176,8 @@ int ebitmap_cmp(const ebitmap_t * e1, const ebitmap_t * e2)
> >
> > int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
> > {
> > - ebitmap_node_t *n, *new, *prev;
> > + const ebitmap_node_t *n;
> > + ebitmap_node_t *new, *prev;
> >
> > ebitmap_init(dst);
> > n = src->node;
> > @@ -204,7 +206,7 @@ int ebitmap_cpy(ebitmap_t * dst, const ebitmap_t * src)
> >
> > int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
> > {
> > - ebitmap_node_t *n1, *n2;
> > + const ebitmap_node_t *n1, *n2;
> >
> > if (e1->highbit < e2->highbit)
> > return 0;
> > @@ -231,8 +233,8 @@ int ebitmap_contains(const ebitmap_t * e1, const ebitmap_t * e2)
> >
> > int ebitmap_match_any(const ebitmap_t *e1, const ebitmap_t *e2)
> > {
> > - ebitmap_node_t *n1 = e1->node;
> > - ebitmap_node_t *n2 = e2->node;
> > + const ebitmap_node_t *n1 = e1->node;
> > + const ebitmap_node_t *n2 = e2->node;
> >
> > while (n1 && n2) {
> > if (n1->startbit < n2->startbit) {
> > @@ -253,7 +255,7 @@ int ebitmap_match_any(const ebitmap_t *e1, const ebitmap_t *e2)
> >
> > int ebitmap_get_bit(const ebitmap_t * e, unsigned int bit)
> > {
> > - ebitmap_node_t *n;
> > + const ebitmap_node_t *n;
> >
> > if (e->highbit < bit)
> > return 0;
> > --
> > 2.33.0
> >
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2021-10-04 13:52 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-09-28 15:46 [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const Christian Göttsche
2021-09-28 15:46 ` [PATCH 2/9] libsepol: use correct cast Christian Göttsche
2021-09-28 15:46 ` [PATCH 3/9] libsepol: resolve GCC warning about null-dereference Christian Göttsche
2021-09-28 15:46 ` [PATCH 4/9] libsepol/cil: silence clang void-pointer-to-enum-cast warning Christian Göttsche
2021-09-28 15:46 ` [PATCH 5/9] checkpolicy: policy_define: cleanup declarations Christian Göttsche
2021-09-28 15:46 ` [PATCH 6/9] checkpolicy: print reason of fopen failure Christian Göttsche
2021-09-28 15:46 ` [PATCH 7/9] checkpolicy: update documentation Christian Göttsche
2021-09-28 15:46 ` [PATCH 8/9] checkpolicy: drop incorrect cast Christian Göttsche
2021-09-28 15:46 ` [PATCH 9/9] checkpolicy: delay down-cast to avoid align warning Christian Göttsche
2021-09-30 19:40 ` [PATCH 1/9] libsepol: ebitmap: mark nodes of const ebitmaps const James Carter
2021-10-04 13:36 ` James Carter
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.