diff --git a/libsepol/cil/include/cil/cil.h b/libsepol/cil/include/cil/cil.h index 00047a48..902ca3e8 100644 --- a/libsepol/cil/include/cil/cil.h +++ b/libsepol/cil/include/cil/cil.h @@ -58,6 +58,10 @@ enum cil_log_level { }; extern void cil_set_log_level(enum cil_log_level lvl); extern void cil_set_log_handler(void (*handler)(int lvl, char *msg)); + +#ifdef __GNUC__ +__attribute__ ((format(printf, 2, 3))) +#endif extern void cil_log(enum cil_log_level lvl, const char *msg, ...); extern void cil_set_malloc_error_handler(void (*handler)(void)); diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index b8ba6dc5..9e88e45b 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -1326,7 +1326,7 @@ int cil_filecons_to_string(struct cil_db *db, sepol_policydb_t *sepol_db, char * for (i = 0; i < filecons->count; i++) { struct cil_filecon *filecon = filecons->array[i]; struct cil_context *ctx = filecon->context; - char *str_type = NULL; + const char *str_type = NULL; buf_pos = sprintf(str_tmp, "%s", filecon->path_str); str_tmp += buf_pos; diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c index 945b0a8b..3a38559b 100644 --- a/libsepol/cil/src/cil_build_ast.c +++ b/libsepol/cil/src/cil_build_ast.c @@ -2271,7 +2271,7 @@ static int __cil_fill_expr(struct cil_tree_node *current, enum cil_flavor flavor if (current->cl_head == NULL) { enum cil_flavor op = __cil_get_expr_operator_flavor(current->data); if (op != CIL_NONE) { - cil_log(CIL_ERR,"Operator (%s) not in an expression\n", current->data); + cil_log(CIL_ERR, "Operator (%s) not in an expression\n", (char*)current->data); goto exit; } cil_list_append(expr, CIL_STRING, current->data); @@ -2378,7 +2378,7 @@ static int __cil_fill_constraint_leaf_expr(struct cil_tree_node *current, enum c leaf_expr_flavor = CIL_LEVEL; break; default: - cil_log(CIL_ERR,"Invalid left operand (%s)\n",current->next->data); + cil_log(CIL_ERR, "Invalid left operand (%s)\n", (char*)current->next->data); goto exit; } @@ -2705,7 +2705,7 @@ int cil_gen_condblock(struct cil_db *db, struct cil_tree_node *parse_current, st exit: cil_log(CIL_ERR, "Bad %s condition declaration at line %d of %s\n", - parse_current->data, parse_current->line, parse_current->path); + (char*)parse_current->data, parse_current->line, parse_current->path); cil_destroy_condblock(cb); return rc; } @@ -2765,7 +2765,8 @@ int cil_gen_alias(struct cil_db *db, struct cil_tree_node *parse_current, struct return SEPOL_OK; exit: - cil_log(CIL_ERR, "Bad %s declaration at line %d of %s\n", parse_current->data, parse_current->line, parse_current->path); + cil_log(CIL_ERR, "Bad %s declaration at line %d of %s\n", + (char*)parse_current->data, parse_current->line, parse_current->path); cil_destroy_alias(alias); cil_clear_node(ast_node); return rc; diff --git a/libsepol/cil/src/cil_log.h b/libsepol/cil/src/cil_log.h index 46646c5b..9c2ff2e8 100644 --- a/libsepol/cil/src/cil_log.h +++ b/libsepol/cil/src/cil_log.h @@ -34,8 +34,6 @@ #define MAX_LOG_SIZE 512 - - -void cil_log(enum cil_log_level lvl, const char *msg, ...); +__attribute__ ((format(printf, 2, 3))) void cil_log(enum cil_log_level lvl, const char *msg, ...); #endif // CIL_LOG_H_ diff --git a/libsepol/cil/src/cil_mem.c b/libsepol/cil/src/cil_mem.c index 06d9e108..e19bc358 100644 --- a/libsepol/cil/src/cil_mem.c +++ b/libsepol/cil/src/cil_mem.c @@ -83,7 +83,7 @@ void *cil_realloc(void *ptr, size_t size) } -char *cil_strdup(char *str) +char *cil_strdup(const char *str) { char *mem = NULL; diff --git a/libsepol/cil/src/cil_mem.h b/libsepol/cil/src/cil_mem.h index bf4b1ab2..3e4263c1 100644 --- a/libsepol/cil/src/cil_mem.h +++ b/libsepol/cil/src/cil_mem.h @@ -34,7 +34,7 @@ void *cil_malloc(size_t size); void *cil_calloc(size_t num_elements, size_t element_size); void *cil_realloc(void *ptr, size_t size); -char *cil_strdup(char *str); +char *cil_strdup(const char *str); void (*cil_mem_error_handler)(void); #endif /* CIL_MEM_H_ */ diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c index 9b131ee5..d19accbf 100644 --- a/libsepol/cil/src/cil_policy.c +++ b/libsepol/cil/src/cil_policy.c @@ -542,7 +542,7 @@ void cil_constrain_to_policy(FILE **file_arr, __attribute__((unused)) uint32_t f cil_constrain_to_policy_helper(file_arr, kind, cons->classperms, cons->datum_expr); } -void cil_avrule_to_policy_helper(FILE **file_arr, uint32_t file_index, char *kind, char *src, char *tgt, struct cil_list *classperms) +void cil_avrule_to_policy_helper(FILE **file_arr, uint32_t file_index, const char *kind, const char *src, const char *tgt, struct cil_list *classperms) { struct cil_list_item *i; @@ -573,9 +573,9 @@ void cil_avrule_to_policy_helper(FILE **file_arr, uint32_t file_index, char *kin int cil_avrule_to_policy(FILE **file_arr, uint32_t file_index, struct cil_avrule *rule) { - char *kind_str = NULL; - char *src_str = DATUM(rule->src)->name; - char *tgt_str = DATUM(rule->tgt)->name; + const char *kind_str = NULL; + const char *src_str = DATUM(rule->src)->name; + const char *tgt_str = DATUM(rule->tgt)->name; switch (rule->rule_kind) { @@ -974,7 +974,7 @@ int cil_name_to_policy(FILE **file_arr, struct cil_tree_node *current) fprintf(file_arr[TYPEATTRTYPES], "role %s;\n", ((struct cil_symtab_datum*)current->data)->name); break; case CIL_BOOL: { - char *boolean = ((struct cil_bool*)current->data)->value ? "true" : "false"; + const char *boolean = ((struct cil_bool*)current->data)->value ? "true" : "false"; fprintf(file_arr[TYPEATTRTYPES], "bool %s %s;\n", ((struct cil_symtab_datum*)current->data)->name, boolean); break; } diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c index 5576ff67..aafbd948 100644 --- a/libsepol/cil/src/cil_reset_ast.c +++ b/libsepol/cil/src/cil_reset_ast.c @@ -27,7 +27,7 @@ static void cil_reset_class(struct cil_class *class) /* during a re-resolve, we need to reset the common, so a classcommon * statement isn't seen as a duplicate */ class->num_perms -= common->num_perms; - class->common = NULL; + class->common = NULL; /* Must make this NULL or there will be an error when re-resolving */ } class->ordered = CIL_FALSE; } @@ -43,19 +43,9 @@ static inline void cil_reset_classperms(struct cil_classperms *cp) return; } - cp->class = NULL; cil_list_destroy(&cp->perms, CIL_FALSE); } -static inline void cil_reset_classperms_set(struct cil_classperms_set *cp_set) -{ - if (cp_set == NULL) { - return; - } - - cp_set->set = NULL; -} - static inline void cil_reset_classperms_list(struct cil_list *cp_list) { struct cil_list_item *curr; @@ -65,10 +55,8 @@ static inline void cil_reset_classperms_list(struct cil_list *cp_list) } cil_list_for_each(curr, cp_list) { - if (curr->flavor == CIL_CLASSPERMS) { /* KERNEL or MAP */ + if (curr->flavor == CIL_CLASSPERMS) { /* KERNEL or MAP, but not SET */ cil_reset_classperms(curr->data); - } else { /* SET */ - cil_reset_classperms_set(curr->data); } } } @@ -98,14 +86,16 @@ static void cil_reset_user(struct cil_user *user) { /* reset the bounds to NULL during a re-resolve */ user->bounds = NULL; + user->dftlevel = NULL; + user->range = NULL; cil_list_destroy(&user->roles, CIL_FALSE); - cil_reset_level(user->dftlevel); - cil_reset_levelrange(user->range); } static void cil_reset_selinuxuser(struct cil_selinuxuser *selinuxuser) { - cil_reset_levelrange(selinuxuser->range); + if (selinuxuser->range_str == NULL) { + cil_reset_levelrange(selinuxuser->range); + } } static void cil_reset_role(struct cil_role *role) @@ -174,7 +164,9 @@ static void cil_reset_avrule(struct cil_avrule *rule) static void cil_reset_rangetransition(struct cil_rangetransition *rangetrans) { - cil_reset_levelrange(rangetrans->range); + if (rangetrans->range_str == NULL) { + cil_reset_levelrange(rangetrans->range); + } } static void cil_reset_sens(struct cil_sens *sens) @@ -211,77 +203,120 @@ static void cil_reset_catset(struct cil_catset *catset) static inline void cil_reset_level(struct cil_level *level) { - level->sens = NULL; cil_reset_cats(level->cats); } static inline void cil_reset_levelrange(struct cil_levelrange *levelrange) { - cil_reset_level(levelrange->low); - cil_reset_level(levelrange->high); + if (levelrange->low_str == NULL) { + cil_reset_level(levelrange->low); + } + + if (levelrange->high_str == NULL) { + cil_reset_level(levelrange->high); + } +} + +static inline void cil_reset_userlevel(struct cil_userlevel *userlevel) +{ + if (userlevel->level_str == NULL) { + cil_reset_level(userlevel->level); + } +} + +static inline void cil_reset_userrange(struct cil_userrange *userrange) +{ + if (userrange->range_str == NULL) { + cil_reset_levelrange(userrange->range); + } } static inline void cil_reset_context(struct cil_context *context) { - cil_reset_levelrange(context->range); + if (context->range_str == NULL) { + cil_reset_levelrange(context->range); + } } static void cil_reset_sidcontext(struct cil_sidcontext *sidcontext) { - cil_reset_context(sidcontext->context); + if (sidcontext->context_str == NULL) { + cil_reset_context(sidcontext->context); + } } static void cil_reset_filecon(struct cil_filecon *filecon) { - if (filecon->context != NULL) { + if (filecon->context_str == NULL && filecon->context != NULL) { cil_reset_context(filecon->context); } } static void cil_reset_portcon(struct cil_portcon *portcon) { - cil_reset_context(portcon->context); + if (portcon->context_str == NULL) { + cil_reset_context(portcon->context); + } } static void cil_reset_nodecon(struct cil_nodecon *nodecon) { - cil_reset_context(nodecon->context); + if (nodecon->context_str == NULL) { + cil_reset_context(nodecon->context); + } } static void cil_reset_genfscon(struct cil_genfscon *genfscon) { - cil_reset_context(genfscon->context); + if (genfscon->context_str == NULL) { + cil_reset_context(genfscon->context); + } } static void cil_reset_netifcon(struct cil_netifcon *netifcon) { - cil_reset_context(netifcon->if_context); - cil_reset_context(netifcon->packet_context); + if (netifcon->if_context_str == NULL) { + cil_reset_context(netifcon->if_context); + } + + if (netifcon->packet_context_str == NULL) { + cil_reset_context(netifcon->packet_context); + } } static void cil_reset_pirqcon(struct cil_pirqcon *pirqcon) { - cil_reset_context(pirqcon->context); + if (pirqcon->context_str == NULL) { + cil_reset_context(pirqcon->context); + } } static void cil_reset_iomemcon(struct cil_iomemcon *iomemcon) { - cil_reset_context(iomemcon->context); + if (iomemcon->context_str == NULL) { + cil_reset_context(iomemcon->context); + } } static void cil_reset_ioportcon(struct cil_ioportcon *ioportcon) { - cil_reset_context(ioportcon->context); + if (ioportcon->context_str == NULL) { + cil_reset_context(ioportcon->context); + } } static void cil_reset_pcidevicecon(struct cil_pcidevicecon *pcidevicecon) { - cil_reset_context(pcidevicecon->context); + if (pcidevicecon->context_str == NULL) { + cil_reset_context(pcidevicecon->context); + } } static void cil_reset_fsuse(struct cil_fsuse *fsuse) { - cil_reset_context(fsuse->context); + if (fsuse->context_str == NULL) { + cil_reset_context(fsuse->context); + } } static void cil_reset_sid(struct cil_sid *sid) @@ -341,6 +376,12 @@ int __cil_reset_node(struct cil_tree_node *node, __attribute__((unused)) uint32 case CIL_CATALIAS: cil_reset_alias(node->data); break; + case CIL_USERRANGE: + cil_reset_userrange(node->data); + break; + case CIL_USERLEVEL: + cil_reset_userlevel(node->data); + break; case CIL_USER: cil_reset_user(node->data); break; diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c index 3b79e90f..a36b2380 100644 --- a/libsepol/cil/src/cil_resolve_ast.c +++ b/libsepol/cil/src/cil_resolve_ast.c @@ -128,7 +128,7 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, } } if (rc != SEPOL_OK) { - cil_log(CIL_ERR, "Failed to resolve permission %s\n", curr->data); + cil_log(CIL_ERR, "Failed to resolve permission %s\n", (char*)curr->data); goto exit; } cil_list_append(*perm_datums, CIL_DATUM, perm_datum); @@ -2210,7 +2210,7 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil if (user->bounds != NULL) { struct cil_tree_node *node = user->bounds->datum.nodes->head->data; - cil_log(CIL_ERR, "User %s already bound by parent at line %n of %s\n", bounds->child_str, node->line, node->path); + cil_log(CIL_ERR, "User %s already bound by parent at line %u of %s\n", bounds->child_str, node->line, node->path); rc = SEPOL_ERR; goto exit; } @@ -2223,7 +2223,7 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil if (role->bounds != NULL) { struct cil_tree_node *node = role->bounds->datum.nodes->head->data; - cil_log(CIL_ERR, "Role %s already bound by parent at line %n of %s\n", bounds->child_str, node->line, node->path); + cil_log(CIL_ERR, "Role %s already bound by parent at line %u of %s\n", bounds->child_str, node->line, node->path); rc = SEPOL_ERR; goto exit; } @@ -2237,8 +2237,8 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil if (type->bounds != NULL) { node = ((struct cil_symtab_datum *)type->bounds)->nodes->head->data; - cil_log(CIL_ERR, "Type %s already bound by parent at line %n of %s\n", bounds->child_str, node->line, node->path); - cil_log(CIL_ERR, "Now being bound to parent %s at line %n of %s\n", bounds->parent_str, current->line, current->path); + cil_log(CIL_ERR, "Type %s already bound by parent at line %u of %s\n", bounds->child_str, node->line, node->path); + cil_log(CIL_ERR, "Now being bound to parent %s at line %u of %s\n", bounds->parent_str, current->line, current->path); rc = SEPOL_ERR; goto exit; } @@ -2267,7 +2267,7 @@ int cil_resolve_bounds(struct cil_tree_node *current, void *extra_args, enum cil return SEPOL_OK; exit: - cil_log(CIL_ERR, "Bad bounds statement at line %n of %s\n", current->line, current->path); + cil_log(CIL_ERR, "Bad bounds statement at line %u of %s\n", current->line, current->path); return rc; } diff --git a/libsepol/cil/src/cil_strpool.c b/libsepol/cil/src/cil_strpool.c index 65af77d8..ad2a334f 100644 --- a/libsepol/cil/src/cil_strpool.c +++ b/libsepol/cil/src/cil_strpool.c @@ -64,7 +64,7 @@ static int cil_strpool_compare(hashtab_t h __attribute__ ((unused)), hashtab_key return strcmp(keyp1, keyp2); } -char *cil_strpool_add(char *str) +char *cil_strpool_add(const char *str) { struct cil_strpool_entry *strpool_ref = NULL; diff --git a/libsepol/cil/src/cil_strpool.h b/libsepol/cil/src/cil_strpool.h index 0c3f1c54..a61a2d95 100644 --- a/libsepol/cil/src/cil_strpool.h +++ b/libsepol/cil/src/cil_strpool.h @@ -32,7 +32,7 @@ #include -char *cil_strpool_add(char *str); +char *cil_strpool_add(const char *str); void cil_strpool_init(void); void cil_strpool_destroy(void); #endif /* CIL_STRPOOL_H_ */ diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c index 995496c5..a1576e76 100644 --- a/libsepol/cil/src/cil_verify.c +++ b/libsepol/cil/src/cil_verify.c @@ -166,13 +166,13 @@ int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, en case CIL_EQ: case CIL_NEQ: if (expr_flavor != CIL_BOOL && expr_flavor != CIL_TUNABLE ) { - cil_log(CIL_ERR,"Invalid operator (%s) for set expression\n", current->data); + cil_log(CIL_ERR,"Invalid operator (%s) for set expression\n", (char*)current->data); goto exit; } break; case CIL_ALL: if (expr_flavor == CIL_BOOL || expr_flavor == CIL_TUNABLE) { - cil_log(CIL_ERR,"Invalid operator (%s) for boolean or tunable expression\n", current->data); + cil_log(CIL_ERR,"Invalid operator (%s) for boolean or tunable expression\n", (char*)current->data); goto exit; } syntax[1] = CIL_SYN_END; @@ -180,7 +180,7 @@ int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, en break; case CIL_RANGE: if (expr_flavor != CIL_CAT) { - cil_log(CIL_ERR,"Operator (%s) only valid for catset expression\n", current->data); + cil_log(CIL_ERR,"Operator (%s) only valid for catset expression\n", (char*)current->data); goto exit; } syntax[1] = CIL_SYN_STRING; @@ -192,7 +192,7 @@ int cil_verify_expr_syntax(struct cil_tree_node *current, enum cil_flavor op, en syntax_len = 2; break; default: - cil_log(CIL_ERR,"Unexpected value (%s) for expression operator\n", current->data); + cil_log(CIL_ERR,"Unexpected value (%s) for expression operator\n", (char*)current->data); goto exit; } @@ -298,7 +298,7 @@ int cil_verify_constraint_expr_syntax(struct cil_tree_node *current, enum cil_fl syntax[2] = CIL_SYN_STRING; break; default: - cil_log(CIL_ERR,"Invalid operator (%s) for constraint expression\n",current->data); + cil_log(CIL_ERR, "Invalid operator (%s) for constraint expression\n", (char*)current->data); goto exit; }