mirror of
https://github.com/topjohnwu/selinux.git
synced 2025-02-18 18:30:41 +00:00
libsepol: use string literals as format strings
Use string literals as format strings so that compilers can validate the
count and types of the inherent arguments.
kernel_to_cil.c: In function ‘class_constraint_rules_to_strs’:
kernel_to_cil.c:301:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
301 | rc = strs_create_and_add(strs, format_str, 3, classkey, perms+1, expr);
| ^~
kernel_to_cil.c: In function ‘class_validatetrans_rules_to_strs’:
kernel_to_cil.c:341:17: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
341 | rc = strs_create_and_add(strs, format_str, 2, classkey, expr);
| ^~
kernel_to_cil.c: In function ‘cats_ebitmap_to_str’:
kernel_to_cil.c:1068:40: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1068 | val_to_name[start], val_to_name[i]);
| ^~~~~~~~~~~
kernel_to_conf.c: In function ‘class_constraint_rules_to_strs’:
kernel_to_conf.c:301:42: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
301 | flavor, classkey, perms+1, expr);
| ^~~~~~
kernel_to_conf.c: In function ‘cats_ebitmap_to_str’:
kernel_to_conf.c:1059:40: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1059 | val_to_name[start], sep, val_to_name[i]);
| ^~~~~~~~~~~
kernel_to_conf.c:1062:25: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1062 | len = snprintf(p, remaining, fmt, val_to_name[start]);
| ^~~
module_to_cil.c: In function ‘cond_expr_to_cil’:
module_to_cil.c:1340:25: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1340 | rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
| ^~~~
module_to_cil.c: In function ‘constraint_expr_to_string’:
module_to_cil.c:1881:25: error: format not a string literal, argument types not checked [-Werror=format-nonliteral]
1881 | rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
| ^~~~
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche
James Carter
parent
cc671d6a5e
commit
c42dcf58de
@ -278,7 +278,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
|
||||
char *expr = NULL;
|
||||
int is_mls;
|
||||
char *perms;
|
||||
const char *format_str;
|
||||
const char *key_word;
|
||||
struct strs *strs;
|
||||
|
||||
for (curr = constraint_rules; curr != NULL; curr = curr->next) {
|
||||
@ -291,14 +291,14 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
|
||||
perms = sepol_av_to_string(pdb, class->s.value, curr->permissions);
|
||||
|
||||
if (is_mls) {
|
||||
format_str = "(mlsconstrain (%s (%s)) %s)";
|
||||
key_word = "mlsconstrain";
|
||||
strs = mls_list;
|
||||
} else {
|
||||
format_str = "(constrain (%s (%s)) %s)";
|
||||
key_word = "constrain";
|
||||
strs = non_mls_list;
|
||||
}
|
||||
|
||||
rc = strs_create_and_add(strs, format_str, 3, classkey, perms+1, expr);
|
||||
rc = strs_create_and_add(strs, "(%s (%s (%s)) %s)", 4, key_word, classkey, perms+1, expr);
|
||||
free(expr);
|
||||
if (rc != 0) {
|
||||
goto exit;
|
||||
@ -319,7 +319,7 @@ static int class_validatetrans_rules_to_strs(struct policydb *pdb, char *classke
|
||||
struct constraint_node *curr;
|
||||
char *expr = NULL;
|
||||
int is_mls;
|
||||
const char *format_str;
|
||||
const char *key_word;
|
||||
struct strs *strs;
|
||||
int rc = 0;
|
||||
|
||||
@ -331,14 +331,14 @@ static int class_validatetrans_rules_to_strs(struct policydb *pdb, char *classke
|
||||
}
|
||||
|
||||
if (is_mls) {
|
||||
format_str = "(mlsvalidatetrans %s %s)";
|
||||
key_word = "mlsvalidatetrans";
|
||||
strs = mls_list;
|
||||
} else {
|
||||
format_str = "(validatetrans %s %s)";
|
||||
key_word = "validatetrans";
|
||||
strs = non_mls_list;
|
||||
}
|
||||
|
||||
rc = strs_create_and_add(strs, format_str, 2, classkey, expr);
|
||||
rc = strs_create_and_add(strs, "(%s %s %s)", 3, key_word, classkey, expr);
|
||||
free(expr);
|
||||
if (rc != 0) {
|
||||
goto exit;
|
||||
@ -1035,7 +1035,6 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
|
||||
struct ebitmap_node *node;
|
||||
uint32_t i, start, range;
|
||||
char *catsbuf = NULL, *p;
|
||||
const char *fmt;
|
||||
int len, remaining;
|
||||
|
||||
remaining = (int)cats_ebitmap_len(cats, val_to_name);
|
||||
@ -1063,9 +1062,15 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
|
||||
continue;
|
||||
|
||||
if (range > 1) {
|
||||
fmt = (range == 2) ? "%s %s " : "(range %s %s) ";
|
||||
len = snprintf(p, remaining, fmt,
|
||||
val_to_name[start], val_to_name[i]);
|
||||
if (range == 2) {
|
||||
len = snprintf(p, remaining, "%s %s ",
|
||||
val_to_name[start],
|
||||
val_to_name[i]);
|
||||
} else {
|
||||
len = snprintf(p, remaining, "(range %s %s) ",
|
||||
val_to_name[start],
|
||||
val_to_name[i]);
|
||||
}
|
||||
} else {
|
||||
len = snprintf(p, remaining, "%s ", val_to_name[start]);
|
||||
}
|
||||
|
||||
@ -271,7 +271,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
|
||||
{
|
||||
struct constraint_node *curr;
|
||||
struct strs *strs;
|
||||
const char *format_str, *flavor;
|
||||
const char *flavor, *perm_prefix, *perm_suffix;
|
||||
char *perms, *expr;
|
||||
int is_mls;
|
||||
int rc = 0;
|
||||
@ -285,9 +285,11 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
|
||||
|
||||
perms = sepol_av_to_string(pdb, class->s.value, curr->permissions);
|
||||
if (strchr(perms, ' ')) {
|
||||
format_str = "%s %s { %s } %s;";
|
||||
perm_prefix = "{ ";
|
||||
perm_suffix = " }";
|
||||
} else {
|
||||
format_str = "%s %s %s %s";
|
||||
perm_prefix = "";
|
||||
perm_suffix = "";
|
||||
}
|
||||
if (is_mls) {
|
||||
flavor = "mlsconstrain";
|
||||
@ -297,8 +299,10 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey,
|
||||
strs = non_mls_list;
|
||||
}
|
||||
|
||||
rc = strs_create_and_add(strs, format_str, 4,
|
||||
flavor, classkey, perms+1, expr);
|
||||
rc = strs_create_and_add(strs, "%s %s %s%s%s %s;", 6,
|
||||
flavor, classkey,
|
||||
perm_prefix, perms+1, perm_suffix,
|
||||
expr);
|
||||
free(expr);
|
||||
if (rc != 0) {
|
||||
goto exit;
|
||||
@ -1026,7 +1030,6 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
|
||||
struct ebitmap_node *node;
|
||||
uint32_t i, start, range, first;
|
||||
char *catsbuf = NULL, *p;
|
||||
const char *fmt;
|
||||
char sep;
|
||||
int len, remaining;
|
||||
|
||||
@ -1054,12 +1057,12 @@ static char *cats_ebitmap_to_str(struct ebitmap *cats, char **val_to_name)
|
||||
|
||||
if (range > 1) {
|
||||
sep = (range == 2) ? ',' : '.';
|
||||
fmt = first ? "%s%c%s" : ",%s%c%s";
|
||||
len = snprintf(p, remaining, fmt,
|
||||
len = snprintf(p, remaining, "%s%s%c%s",
|
||||
first ? "" : ",",
|
||||
val_to_name[start], sep, val_to_name[i]);
|
||||
} else {
|
||||
fmt = first ? "%s" : ",%s";
|
||||
len = snprintf(p, remaining, fmt, val_to_name[start]);
|
||||
len = snprintf(p, remaining, "%s%s", first ? "" : ",",
|
||||
val_to_name[start]);
|
||||
|
||||
}
|
||||
if (len < 0 || len >= remaining) {
|
||||
|
||||
@ -1259,7 +1259,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
|
||||
char *val2 = NULL;
|
||||
unsigned int num_params;
|
||||
const char *op;
|
||||
const char *fmt_str;
|
||||
const char *sep;
|
||||
const char *type;
|
||||
|
||||
rc = stack_init(&stack);
|
||||
@ -1308,11 +1308,11 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
|
||||
rc = -1;
|
||||
goto exit;
|
||||
}
|
||||
fmt_str = "(%s %s)";
|
||||
sep = "";
|
||||
} else {
|
||||
val2 = stack_pop(stack);
|
||||
val1 = stack_pop(stack);
|
||||
fmt_str = "(%s %s %s)";
|
||||
sep = " ";
|
||||
}
|
||||
|
||||
if (val1 == NULL || val2 == NULL) {
|
||||
@ -1334,10 +1334,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// although we always supply val2 and there isn't always a 2nd
|
||||
// value, it should only be used when there are actually two values
|
||||
// in the format strings
|
||||
rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
|
||||
rlen = snprintf(new_val, len, "(%s %s%s%s)", op, val1, sep, val2);
|
||||
if (rlen < 0 || rlen >= len) {
|
||||
log_err("Failed to generate conditional expression");
|
||||
rc = -1;
|
||||
@ -1711,7 +1708,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
|
||||
char *val2 = NULL;
|
||||
uint32_t num_params;
|
||||
const char *op;
|
||||
const char *fmt_str;
|
||||
const char *sep;
|
||||
const char *attr1;
|
||||
const char *attr2;
|
||||
char *names = NULL;
|
||||
@ -1849,11 +1846,11 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
|
||||
rc = -1;
|
||||
goto exit;
|
||||
}
|
||||
fmt_str = "(%s %s)";
|
||||
sep = "";
|
||||
} else {
|
||||
val2 = stack_pop(stack);
|
||||
val1 = stack_pop(stack);
|
||||
fmt_str = "(%s %s %s)";
|
||||
sep = " ";
|
||||
}
|
||||
|
||||
if (val1 == NULL || val2 == NULL) {
|
||||
@ -1875,10 +1872,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
|
||||
goto exit;
|
||||
}
|
||||
|
||||
// although we always supply val2 and there isn't always a 2nd
|
||||
// value, it should only be used when there are actually two values
|
||||
// in the format strings
|
||||
rlen = snprintf(new_val, len, fmt_str, op, val1, val2);
|
||||
rlen = snprintf(new_val, len, "(%s %s%s%s)", op, val1, sep, val2);
|
||||
if (rlen < 0 || rlen >= len) {
|
||||
log_err("Failed to generate constraint expression");
|
||||
rc = -1;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user