psss / rpms / checkpolicy

Forked from rpms/checkpolicy 5 years ago
Clone
Source Code
GIT

Files

  1.   1e7f3c93f02c559dc2ef2347194e2a5f4260c895
  2.   checkpolicy-rhat.patch
Blob Blame History Raw 
diff --git a/checkpolicy/test/Makefile b/checkpolicy/test/Makefile
index 65cf901..0731e89 100644
--- a/checkpolicy/test/Makefile
+++ b/checkpolicy/test/Makefile
@@ -6,7 +6,7 @@ BINDIR=$(PREFIX)/bin
 LIBDIR=$(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 
-CFLAGS ?= -g -Wall -O2 -pipe
+CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
 LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
diff --git a/checkpolicy/test/dismod.c b/checkpolicy/test/dismod.c
index 1674a47..6a951f6 100644
--- a/checkpolicy/test/dismod.c
+++ b/checkpolicy/test/dismod.c
@@ -115,7 +115,7 @@ static void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type,
 int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
 		     FILE * fp)
 {
-	int i, num_types;
+	unsigned int i, num_types;
 
 	if (set->flags & TYPE_STAR) {
 		fprintf(fp, " * ");
@@ -178,7 +178,7 @@ int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
 
 int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
 {
-	int i, num = 0;
+	unsigned int i, num = 0;
 
 	if (roles->flags & ROLE_STAR) {
 		fprintf(fp, " * ");
@@ -211,13 +211,7 @@ int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
 
 }
 
-/* 'what' values for this function */
-#define	RENDER_UNCONDITIONAL	0x0001	/* render all regardless of enabled state */
-#define RENDER_ENABLED		0x0002
-#define RENDER_DISABLED		0x0004
-#define RENDER_CONDITIONAL	(RENDER_ENABLED|RENDER_DISABLED)
-
-int display_avrule(avrule_t * avrule, uint32_t what, policydb_t * policy,
+int display_avrule(avrule_t * avrule, policydb_t * policy,
 		   FILE * fp)
 {
 	class_perm_node_t *cur;
@@ -299,7 +293,7 @@ int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
 {
 	type_datum_t *type;
 	FILE *fp;
-	int i, first_attrib = 1;
+	unsigned int i, first_attrib = 1;
 
 	type = (type_datum_t *) datum;
 	fp = (FILE *) data;
@@ -346,7 +340,7 @@ int display_types(policydb_t * p, FILE * fp)
 
 int display_users(policydb_t * p, FILE * fp)
 {
-	int i, j;
+	unsigned int i, j;
 	ebitmap_t *bitmap;
 	for (i = 0; i < p->p_users.nprim; i++) {
 		display_id(p, fp, SYM_USERS, i, "");
@@ -365,7 +359,7 @@ int display_users(policydb_t * p, FILE * fp)
 
 int display_bools(policydb_t * p, FILE * fp)
 {
-	int i;
+	unsigned int i;
 
 	for (i = 0; i < p->p_bools.nprim; i++) {
 		display_id(p, fp, SYM_BOOLS, i, "");
@@ -409,30 +403,11 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
 	}
 }
 
-void display_policycon(policydb_t * p, FILE * fp)
+void display_policycon(FILE * fp)
 {
-#if 0
-	int i;
-	ocontext_t *cur;
-	char *name;
-
-	for (i = 0; i < POLICYCON_NUM; i++) {
-		fprintf(fp, "%s:", symbol_labels[i]);
-		for (cur = p->policycon[i].head; cur != NULL; cur = cur->next) {
-			if (*(cur->u.name) == '\0') {
-				name = "{default}";
-			} else {
-				name = cur->u.name;
-			}
-			fprintf(fp, "\n%16s - %s:%s:%s", name,
-				p->p_user_val_to_name[cur->context[0].user - 1],
-				p->p_role_val_to_name[cur->context[0].role - 1],
-				p->p_type_val_to_name[cur->context[0].type -
-						      1]);
-		}
-		fprintf(fp, "\n");
-	}
-#endif
+	/* There was an attempt to implement this at one time.  Look through
+	 * git history to find it. */
+	fprintf(fp, "Sorry, not implemented\n");
 }
 
 void display_initial_sids(policydb_t * p, FILE * fp)
@@ -462,7 +437,7 @@ void display_initial_sids(policydb_t * p, FILE * fp)
 
 void display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp)
 {
-	int i, num = 0;
+	unsigned int i, num = 0;
 
 	for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) {
 		if (!ebitmap_get_bit(classes, i))
@@ -518,7 +493,8 @@ static void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, F
 	}
 }
 
-int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
+int role_display_callback(hashtab_key_t key __attribute__((unused)),
+			  hashtab_datum_t datum, void *data)
 {
 	role_datum_t *role;
 	FILE *fp;
@@ -538,9 +514,9 @@ int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
 static int display_scope_index(scope_index_t * indices, policydb_t * p,
 			       FILE * out_fp)
 {
-	int i;
+	unsigned int i;
 	for (i = 0; i < SYM_NUM; i++) {
-		int any_found = 0, j;
+		unsigned int any_found = 0, j;
 		fprintf(out_fp, "%s:", symbol_labels[i]);
 		for (j = ebitmap_startbit(&indices->scope[i]);
 		     j < ebitmap_length(&indices->scope[i]); j++) {
@@ -611,7 +587,7 @@ int change_bool(char *name, int state, policydb_t * p, FILE * fp)
 }
 #endif
 
-int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
+int display_avdecl(avrule_decl_t * decl, int field,
 		   policydb_t * policy, FILE * out_fp)
 {
 	fprintf(out_fp, "decl %u:%s\n", decl->decl_id,
@@ -629,7 +605,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 				avrule = cond->avtrue_list;
 				while (avrule) {
 					display_avrule(avrule,
-						       RENDER_UNCONDITIONAL,
 						       &policydb, out_fp);
 					avrule = avrule->next;
 				}
@@ -637,7 +612,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 				avrule = cond->avfalse_list;
 				while (avrule) {
 					display_avrule(avrule,
-						       RENDER_UNCONDITIONAL,
 						       &policydb, out_fp);
 					avrule = avrule->next;
 				}
@@ -651,10 +625,8 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 				fprintf(out_fp, "  <empty>\n");
 			}
 			while (avrule != NULL) {
-				if (display_avrule
-				    (avrule, what, policy, out_fp)) {
+				if (display_avrule(avrule, policy, out_fp))
 					return -1;
-				}
 				avrule = avrule->next;
 			}
 			break;
@@ -696,7 +668,7 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 	return 0;		/* should never get here */
 }
 
-int display_avblock(int field, uint32_t what, policydb_t * policy,
+int display_avblock(int field, policydb_t * policy,
 		    FILE * out_fp)
 {
 	avrule_block_t *block = policydb.global;
@@ -704,7 +676,7 @@ int display_avblock(int field, uint32_t what, policydb_t * policy,
 		fprintf(out_fp, "--- begin avrule block ---\n");
 		avrule_decl_t *decl = block->branch_list;
 		while (decl != NULL) {
-			if (display_avdecl(decl, field, what, policy, out_fp)) {
+			if (display_avdecl(decl, field, policy, out_fp)) {
 				return -1;
 			}
 			decl = decl->next;
@@ -820,7 +792,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
 	ebitmap_node_t *node;
 	const char *capname;
 	char buf[64];
-	int i;
+	unsigned int i;
 
 	fprintf(fp, "policy capabilities:\n");
 	ebitmap_for_each_bit(&p->policycaps, node, i) {
@@ -915,14 +887,12 @@ int main(int argc, char **argv)
 		case '1':
 			fprintf(out_fp, "unconditional avtab:\n");
 			display_avblock(DISPLAY_AVBLOCK_UNCOND_AVTAB,
-					RENDER_UNCONDITIONAL, &policydb,
-					out_fp);
+					&policydb, out_fp);
 			break;
 		case '2':
 			fprintf(out_fp, "conditional avtab:\n");
 			display_avblock(DISPLAY_AVBLOCK_COND_AVTAB,
-					RENDER_UNCONDITIONAL, &policydb,
-					out_fp);
+					&policydb, out_fp);
 			break;
 		case '3':
 			display_users(&policydb, out_fp);
@@ -944,28 +914,28 @@ int main(int argc, char **argv)
 			break;
 		case '7':
 			fprintf(out_fp, "role transitions:\n");
-			display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, 0,
+			display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS,
 					&policydb, out_fp);
 			break;
 		case '8':
 			fprintf(out_fp, "role allows:\n");
-			display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, 0,
+			display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW,
 					&policydb, out_fp);
 			break;
 		case '9':
-			display_policycon(&policydb, out_fp);
+			display_policycon(out_fp);
 			break;
 		case '0':
 			display_initial_sids(&policydb, out_fp);
 			break;
 		case 'a':
 			fprintf(out_fp, "avrule block requirements:\n");
-			display_avblock(DISPLAY_AVBLOCK_REQUIRES, 0,
+			display_avblock(DISPLAY_AVBLOCK_REQUIRES,
 					&policydb, out_fp);
 			break;
 		case 'b':
 			fprintf(out_fp, "avrule block declarations:\n");
-			display_avblock(DISPLAY_AVBLOCK_DECLARES, 0,
+			display_avblock(DISPLAY_AVBLOCK_DECLARES,
 					&policydb, out_fp);
 			break;
 		case 'c':
@@ -993,7 +963,7 @@ int main(int argc, char **argv)
 		case 'F':
 			fprintf(out_fp, "filename_trans rules:\n");
 			display_avblock(DISPLAY_AVBLOCK_FILENAME_TRANS,
-					0, &policydb, out_fp);
+					&policydb, out_fp);
 			break;
 		case 'l':
 			link_module(&policydb, out_fp);
diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
index 0e08965..f41acdc 100644
--- a/checkpolicy/test/dispol.c
+++ b/checkpolicy/test/dispol.c
@@ -157,7 +157,7 @@ int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what,
 
 int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
 {
-	int i;
+	unsigned int i;
 	avtab_ptr_t cur;
 	avtab_t expa;
 
@@ -184,7 +184,7 @@ int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
 
 int display_bools(policydb_t * p, FILE * fp)
 {
-	int i;
+	unsigned int i;
 
 	for (i = 0; i < p->p_bools.nprim; i++) {
 		fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
@@ -304,7 +304,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
 	ebitmap_node_t *node;
 	const char *capname;
 	char buf[64];
-	int i;
+	unsigned int i;
 
 	fprintf(fp, "policy capabilities:\n");
 	ebitmap_for_each_bit(&p->policycaps, node, i) {
@@ -329,7 +329,7 @@ static void display_id(policydb_t *p, FILE *fp, uint32_t symbol_type,
 static void display_permissive(policydb_t *p, FILE *fp)
 {
 	ebitmap_node_t *node;
-	int i;
+	unsigned int i;
 
 	fprintf(fp, "permissive sids:\n");
 	ebitmap_for_each_bit(&p->permissive_map, node, i) {
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.