[PATCH 1/3] libsepol: break circular include

[PATCH 1/3] libsepol: break circular include

[Christian Göttsche]

Since `struct type_set` is forward declared including
policydb/policydb.h is not necessary and creates a circular include.

Also drop the unnecessary forward declaration of `struct policydb`.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/include/sepol/policydb/constraint.h | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/libsepol/include/sepol/policydb/constraint.h b/libsepol/include/sepol/policydb/constraint.h
index b91fc4e9..82335e21 100644
--- a/libsepol/include/sepol/policydb/constraint.h
+++ b/libsepol/include/sepol/policydb/constraint.h
@@ -18,7 +18,6 @@
 #ifndef _SEPOL_POLICYDB_CONSTRAINT_H_
 #define _SEPOL_POLICYDB_CONSTRAINT_H_
 
-#include <sepol/policydb/policydb.h>
 #include <sepol/policydb/ebitmap.h>
 #include <sepol/policydb/flask_types.h>
 
@@ -70,8 +69,6 @@ typedef struct constraint_node {
 	struct constraint_node *next;	/* next constraint */
 } constraint_node_t;
 
-struct policydb;
-
 extern int constraint_expr_init(constraint_expr_t * expr);
 extern void constraint_expr_destroy(constraint_expr_t * expr);
 
-- 
2.36.1

[PATCH 2/3] libsepol: include necessary headers in headers

[Christian Göttsche]

Include policydb header file required for typedef policydb_t.

This is for example helpful when working with an IDE, which needs to
resolve those symbols.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/include/sepol/policydb/util.h | 2 ++
 libsepol/src/mls.h                     | 1 +
 2 files changed, 3 insertions(+)

diff --git a/libsepol/include/sepol/policydb/util.h b/libsepol/include/sepol/policydb/util.h
index ee236a25..db8da213 100644
--- a/libsepol/include/sepol/policydb/util.h
+++ b/libsepol/include/sepol/policydb/util.h
@@ -23,6 +23,8 @@
 #ifndef __SEPOL_UTIL_H__
 #define __SEPOL_UTIL_H__
 
+#include <sepol/policydb/policydb.h>
+
 #ifdef __cplusplus
 extern "C" {
 #endif
diff --git a/libsepol/src/mls.h b/libsepol/src/mls.h
index eb4a1cb8..befd12c5 100644
--- a/libsepol/src/mls.h
+++ b/libsepol/src/mls.h
@@ -25,6 +25,7 @@
 
 #include "policydb_internal.h"
 #include <sepol/policydb/context.h>
+#include <sepol/policydb/policydb.h>
 #include "handle.h"
 
 extern int mls_from_string(sepol_handle_t * handle,
-- 
2.36.1

[PATCH 3/3] libsepol: enclose macro parameters and replacement lists in parentheses

[Christian Göttsche]

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/include/sepol/errcodes.h          | 13 ++++++-------
 libsepol/include/sepol/policydb/policydb.h | 10 +++++-----
 libsepol/src/kernel_to_cil.c               |  2 +-
 libsepol/src/module_to_cil.c               |  2 +-
 libsepol/src/util.c                        |  2 +-
 5 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/libsepol/include/sepol/errcodes.h b/libsepol/include/sepol/errcodes.h
index 6e9ff316..e5fe71e3 100644
--- a/libsepol/include/sepol/errcodes.h
+++ b/libsepol/include/sepol/errcodes.h
@@ -16,15 +16,14 @@ extern "C" {
  * codes that don't map to system error codes should be defined
  * outside of the range of system error codes.
  */
-#define SEPOL_ERR            -1
-#define SEPOL_ENOTSUP        -2  /* feature not supported in module language */
-#define SEPOL_EREQ           -3  /* requirements not met */
+#define SEPOL_ERR            (-1)
+#define SEPOL_ENOTSUP        (-2)  /* feature not supported in module language */
+#define SEPOL_EREQ           (-3)  /* requirements not met */
 
 /* Error codes that map to system error codes */
-#define SEPOL_ENOMEM         -ENOMEM
-#define SEPOL_ERANGE         -ERANGE
-#define SEPOL_EEXIST         -EEXIST
-#define SEPOL_ENOENT         -ENOENT
+#define SEPOL_ENOMEM         (-ENOMEM)
+#define SEPOL_EEXIST         (-EEXIST)
+#define SEPOL_ENOENT         (-ENOENT)
 
 #ifdef __cplusplus
 }
diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
index de0068a6..ef1a014a 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -251,9 +251,9 @@ typedef struct class_perm_node {
 	struct class_perm_node *next;
 } class_perm_node_t;
 
-#define xperm_test(x, p) (UINT32_C(1) & (p[x >> 5] >> (x & 0x1f)))
-#define xperm_set(x, p) (p[x >> 5] |= (UINT32_C(1) << (x & 0x1f)))
-#define xperm_clear(x, p) (p[x >> 5] &= ~(UINT32_C(1) << (x & 0x1f)))
+#define xperm_test(x, p) (UINT32_C(1) & ((p)[(x) >> 5] >> ((x) & 0x1f)))
+#define xperm_set(x, p) ((p)[(x) >> 5] |= (UINT32_C(1) << ((x) & 0x1f)))
+#define xperm_clear(x, p) ((p)[(x) >> 5] &= ~(UINT32_C(1) << ((x) & 0x1f)))
 #define EXTENDED_PERMS_LEN 8
 
 typedef struct av_extended_perms {
@@ -795,9 +795,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
 
 #define policydb_has_boundary_feature(p)			\
 	(((p)->policy_type == POLICY_KERN			\
-	  && p->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
+	  && (p)->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
 	 ((p)->policy_type != POLICY_KERN			\
-	  && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
+	  && (p)->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
 
 /* the config flags related to unknown classes/perms are bits 2 and 3 */
 #define DENY_UNKNOWN	SEPOL_DENY_UNKNOWN
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 9128ac55..5a1336a3 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -1626,7 +1626,7 @@ exit:
 	return rc;
 }
 
-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
 
 static char *xperms_to_str(avtab_extended_perms_t *xperms)
 {
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index b35bf055..b900290a 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -624,7 +624,7 @@ exit:
 	return rc;
 }
 
-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
 
 static int xperms_to_cil(const av_extended_perms_t *xperms)
 {
diff --git a/libsepol/src/util.c b/libsepol/src/util.c
index 1cd1308d..0a2edc85 100644
--- a/libsepol/src/util.c
+++ b/libsepol/src/util.c
@@ -124,7 +124,7 @@ char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
 	return avbuf;
 }
 
-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
 
 char *sepol_extended_perms_to_string(avtab_extended_perms_t *xperms)
 {
-- 
2.36.1

Re: [PATCH 1/3] libsepol: break circular include

[James Carter]

On Wed, Jul 13, 2022 at 9:50 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Since `struct type_set` is forward declared including
> policydb/policydb.h is not necessary and creates a circular include.
>
> Also drop the unnecessary forward declaration of `struct policydb`.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

For these three patches:
Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/include/sepol/policydb/constraint.h | 3 ---
>  1 file changed, 3 deletions(-)
>
> diff --git a/libsepol/include/sepol/policydb/constraint.h b/libsepol/include/sepol/policydb/constraint.h
> index b91fc4e9..82335e21 100644
> --- a/libsepol/include/sepol/policydb/constraint.h
> +++ b/libsepol/include/sepol/policydb/constraint.h
> @@ -18,7 +18,6 @@
>  #ifndef _SEPOL_POLICYDB_CONSTRAINT_H_
>  #define _SEPOL_POLICYDB_CONSTRAINT_H_
>
> -#include <sepol/policydb/policydb.h>
>  #include <sepol/policydb/ebitmap.h>
>  #include <sepol/policydb/flask_types.h>
>
> @@ -70,8 +69,6 @@ typedef struct constraint_node {
>         struct constraint_node *next;   /* next constraint */
>  } constraint_node_t;
>
> -struct policydb;
> -
>  extern int constraint_expr_init(constraint_expr_t * expr);
>  extern void constraint_expr_destroy(constraint_expr_t * expr);
>
> --
> 2.36.1
>

Re: [PATCH 1/3] libsepol: break circular include

[James Carter]

On Tue, Jul 19, 2022 at 12:29 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Wed, Jul 13, 2022 at 9:50 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Since `struct type_set` is forward declared including
> > policydb/policydb.h is not necessary and creates a circular include.
> >
> > Also drop the unnecessary forward declaration of `struct policydb`.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> For these three patches:
> Acked-by: James Carter <jwcart2@gmail.com>
>

These three patches have been merged.
Thanks,
Jim

> > ---
> >  libsepol/include/sepol/policydb/constraint.h | 3 ---
> >  1 file changed, 3 deletions(-)
> >
> > diff --git a/libsepol/include/sepol/policydb/constraint.h b/libsepol/include/sepol/policydb/constraint.h
> > index b91fc4e9..82335e21 100644
> > --- a/libsepol/include/sepol/policydb/constraint.h
> > +++ b/libsepol/include/sepol/policydb/constraint.h
> > @@ -18,7 +18,6 @@
> >  #ifndef _SEPOL_POLICYDB_CONSTRAINT_H_
> >  #define _SEPOL_POLICYDB_CONSTRAINT_H_
> >
> > -#include <sepol/policydb/policydb.h>
> >  #include <sepol/policydb/ebitmap.h>
> >  #include <sepol/policydb/flask_types.h>
> >
> > @@ -70,8 +69,6 @@ typedef struct constraint_node {
> >         struct constraint_node *next;   /* next constraint */
> >  } constraint_node_t;
> >
> > -struct policydb;
> > -
> >  extern int constraint_expr_init(constraint_expr_t * expr);
> >  extern void constraint_expr_destroy(constraint_expr_t * expr);
> >
> > --
> > 2.36.1
> >