]>
Commit | Line | Data |
---|---|---|
fd72915b SS |
1 | diff --git a/policy_scan.l b/policy_scan.l |
2 | index 5ee27f8..b4b9066 100644 | |
3 | --- a/policy_scan.l | |
4 | +++ b/policy_scan.l | |
5 | @@ -222,7 +222,7 @@ POLICYCAP { return(POLICYCAP); } | |
6 | permissive | | |
7 | PERMISSIVE { return(PERMISSIVE); } | |
8 | "/"({alnum}|[_\.\-/])* { return(PATH); } | |
9 | -\"({alnum}|[_\.\-])+\" { return(FILENAME); } | |
10 | +\"({alnum}|[_\.\-\~])+\" { return(FILENAME); } | |
11 | {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } | |
12 | {alnum}*{letter}{alnum}* { return(FILESYSTEM); } | |
13 | {digit}+|0x{hexval}+ { return(NUMBER); } | |
14 | diff --git a/test/Makefile b/test/Makefile | |
15 | index 65cf901..0731e89 100644 | |
16 | --- a/test/Makefile | |
17 | +++ b/test/Makefile | |
18 | @@ -6,7 +6,7 @@ BINDIR=$(PREFIX)/bin | |
19 | LIBDIR=$(PREFIX)/lib | |
20 | INCLUDEDIR ?= $(PREFIX)/include | |
21 | ||
22 | -CFLAGS ?= -g -Wall -O2 -pipe | |
23 | +CFLAGS ?= -g -Wall -W -Werror -O2 -pipe | |
24 | override CFLAGS += -I$(INCLUDEDIR) | |
25 | ||
26 | LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR) | |
27 | diff --git a/test/dismod.c b/test/dismod.c | |
28 | index 1674a47..6a951f6 100644 | |
29 | --- a/test/dismod.c | |
30 | +++ b/test/dismod.c | |
31 | @@ -115,7 +115,7 @@ static void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type, | |
32 | int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy, | |
33 | FILE * fp) | |
34 | { | |
35 | - int i, num_types; | |
36 | + unsigned int i, num_types; | |
37 | ||
38 | if (set->flags & TYPE_STAR) { | |
39 | fprintf(fp, " * "); | |
40 | @@ -178,7 +178,7 @@ int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy, | |
41 | ||
42 | int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp) | |
43 | { | |
44 | - int i, num = 0; | |
45 | + unsigned int i, num = 0; | |
46 | ||
47 | if (roles->flags & ROLE_STAR) { | |
48 | fprintf(fp, " * "); | |
49 | @@ -211,13 +211,7 @@ int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp) | |
50 | ||
51 | } | |
52 | ||
53 | -/* 'what' values for this function */ | |
54 | -#define RENDER_UNCONDITIONAL 0x0001 /* render all regardless of enabled state */ | |
55 | -#define RENDER_ENABLED 0x0002 | |
56 | -#define RENDER_DISABLED 0x0004 | |
57 | -#define RENDER_CONDITIONAL (RENDER_ENABLED|RENDER_DISABLED) | |
58 | - | |
59 | -int display_avrule(avrule_t * avrule, uint32_t what, policydb_t * policy, | |
60 | +int display_avrule(avrule_t * avrule, policydb_t * policy, | |
61 | FILE * fp) | |
62 | { | |
63 | class_perm_node_t *cur; | |
64 | @@ -299,7 +293,7 @@ int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) | |
65 | { | |
66 | type_datum_t *type; | |
67 | FILE *fp; | |
68 | - int i, first_attrib = 1; | |
69 | + unsigned int i, first_attrib = 1; | |
70 | ||
71 | type = (type_datum_t *) datum; | |
72 | fp = (FILE *) data; | |
73 | @@ -346,7 +340,7 @@ int display_types(policydb_t * p, FILE * fp) | |
74 | ||
75 | int display_users(policydb_t * p, FILE * fp) | |
76 | { | |
77 | - int i, j; | |
78 | + unsigned int i, j; | |
79 | ebitmap_t *bitmap; | |
80 | for (i = 0; i < p->p_users.nprim; i++) { | |
81 | display_id(p, fp, SYM_USERS, i, ""); | |
82 | @@ -365,7 +359,7 @@ int display_users(policydb_t * p, FILE * fp) | |
83 | ||
84 | int display_bools(policydb_t * p, FILE * fp) | |
85 | { | |
86 | - int i; | |
87 | + unsigned int i; | |
88 | ||
89 | for (i = 0; i < p->p_bools.nprim; i++) { | |
90 | display_id(p, fp, SYM_BOOLS, i, ""); | |
91 | @@ -409,30 +403,11 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp) | |
92 | } | |
93 | } | |
94 | ||
95 | -void display_policycon(policydb_t * p, FILE * fp) | |
96 | +void display_policycon(FILE * fp) | |
97 | { | |
98 | -#if 0 | |
99 | - int i; | |
100 | - ocontext_t *cur; | |
101 | - char *name; | |
102 | - | |
103 | - for (i = 0; i < POLICYCON_NUM; i++) { | |
104 | - fprintf(fp, "%s:", symbol_labels[i]); | |
105 | - for (cur = p->policycon[i].head; cur != NULL; cur = cur->next) { | |
106 | - if (*(cur->u.name) == '\0') { | |
107 | - name = "{default}"; | |
108 | - } else { | |
109 | - name = cur->u.name; | |
110 | - } | |
111 | - fprintf(fp, "\n%16s - %s:%s:%s", name, | |
112 | - p->p_user_val_to_name[cur->context[0].user - 1], | |
113 | - p->p_role_val_to_name[cur->context[0].role - 1], | |
114 | - p->p_type_val_to_name[cur->context[0].type - | |
115 | - 1]); | |
116 | - } | |
117 | - fprintf(fp, "\n"); | |
118 | - } | |
119 | -#endif | |
120 | + /* There was an attempt to implement this at one time. Look through | |
121 | + * git history to find it. */ | |
122 | + fprintf(fp, "Sorry, not implemented\n"); | |
123 | } | |
124 | ||
125 | void display_initial_sids(policydb_t * p, FILE * fp) | |
126 | @@ -462,7 +437,7 @@ void display_initial_sids(policydb_t * p, FILE * fp) | |
127 | ||
128 | void display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp) | |
129 | { | |
130 | - int i, num = 0; | |
131 | + unsigned int i, num = 0; | |
132 | ||
133 | for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) { | |
134 | if (!ebitmap_get_bit(classes, i)) | |
135 | @@ -518,7 +493,8 @@ static void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, F | |
136 | } | |
137 | } | |
138 | ||
139 | -int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) | |
140 | +int role_display_callback(hashtab_key_t key __attribute__((unused)), | |
141 | + hashtab_datum_t datum, void *data) | |
142 | { | |
143 | role_datum_t *role; | |
144 | FILE *fp; | |
145 | @@ -538,9 +514,9 @@ int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data) | |
146 | static int display_scope_index(scope_index_t * indices, policydb_t * p, | |
147 | FILE * out_fp) | |
148 | { | |
149 | - int i; | |
150 | + unsigned int i; | |
151 | for (i = 0; i < SYM_NUM; i++) { | |
152 | - int any_found = 0, j; | |
153 | + unsigned int any_found = 0, j; | |
154 | fprintf(out_fp, "%s:", symbol_labels[i]); | |
155 | for (j = ebitmap_startbit(&indices->scope[i]); | |
156 | j < ebitmap_length(&indices->scope[i]); j++) { | |
157 | @@ -611,7 +587,7 @@ int change_bool(char *name, int state, policydb_t * p, FILE * fp) | |
158 | } | |
159 | #endif | |
160 | ||
161 | -int display_avdecl(avrule_decl_t * decl, int field, uint32_t what, | |
162 | +int display_avdecl(avrule_decl_t * decl, int field, | |
163 | policydb_t * policy, FILE * out_fp) | |
164 | { | |
165 | fprintf(out_fp, "decl %u:%s\n", decl->decl_id, | |
166 | @@ -629,7 +605,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what, | |
167 | avrule = cond->avtrue_list; | |
168 | while (avrule) { | |
169 | display_avrule(avrule, | |
170 | - RENDER_UNCONDITIONAL, | |
171 | &policydb, out_fp); | |
172 | avrule = avrule->next; | |
173 | } | |
174 | @@ -637,7 +612,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what, | |
175 | avrule = cond->avfalse_list; | |
176 | while (avrule) { | |
177 | display_avrule(avrule, | |
178 | - RENDER_UNCONDITIONAL, | |
179 | &policydb, out_fp); | |
180 | avrule = avrule->next; | |
181 | } | |
182 | @@ -651,10 +625,8 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what, | |
183 | fprintf(out_fp, " <empty>\n"); | |
184 | } | |
185 | while (avrule != NULL) { | |
186 | - if (display_avrule | |
187 | - (avrule, what, policy, out_fp)) { | |
188 | + if (display_avrule(avrule, policy, out_fp)) | |
189 | return -1; | |
190 | - } | |
191 | avrule = avrule->next; | |
192 | } | |
193 | break; | |
194 | @@ -696,7 +668,7 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what, | |
195 | return 0; /* should never get here */ | |
196 | } | |
197 | ||
198 | -int display_avblock(int field, uint32_t what, policydb_t * policy, | |
199 | +int display_avblock(int field, policydb_t * policy, | |
200 | FILE * out_fp) | |
201 | { | |
202 | avrule_block_t *block = policydb.global; | |
203 | @@ -704,7 +676,7 @@ int display_avblock(int field, uint32_t what, policydb_t * policy, | |
204 | fprintf(out_fp, "--- begin avrule block ---\n"); | |
205 | avrule_decl_t *decl = block->branch_list; | |
206 | while (decl != NULL) { | |
207 | - if (display_avdecl(decl, field, what, policy, out_fp)) { | |
208 | + if (display_avdecl(decl, field, policy, out_fp)) { | |
209 | return -1; | |
210 | } | |
211 | decl = decl->next; | |
212 | @@ -820,7 +792,7 @@ static void display_policycaps(policydb_t * p, FILE * fp) | |
213 | ebitmap_node_t *node; | |
214 | const char *capname; | |
215 | char buf[64]; | |
216 | - int i; | |
217 | + unsigned int i; | |
218 | ||
219 | fprintf(fp, "policy capabilities:\n"); | |
220 | ebitmap_for_each_bit(&p->policycaps, node, i) { | |
221 | @@ -915,14 +887,12 @@ int main(int argc, char **argv) | |
222 | case '1': | |
223 | fprintf(out_fp, "unconditional avtab:\n"); | |
224 | display_avblock(DISPLAY_AVBLOCK_UNCOND_AVTAB, | |
225 | - RENDER_UNCONDITIONAL, &policydb, | |
226 | - out_fp); | |
227 | + &policydb, out_fp); | |
228 | break; | |
229 | case '2': | |
230 | fprintf(out_fp, "conditional avtab:\n"); | |
231 | display_avblock(DISPLAY_AVBLOCK_COND_AVTAB, | |
232 | - RENDER_UNCONDITIONAL, &policydb, | |
233 | - out_fp); | |
234 | + &policydb, out_fp); | |
235 | break; | |
236 | case '3': | |
237 | display_users(&policydb, out_fp); | |
238 | @@ -944,28 +914,28 @@ int main(int argc, char **argv) | |
239 | break; | |
240 | case '7': | |
241 | fprintf(out_fp, "role transitions:\n"); | |
242 | - display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, 0, | |
243 | + display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, | |
244 | &policydb, out_fp); | |
245 | break; | |
246 | case '8': | |
247 | fprintf(out_fp, "role allows:\n"); | |
248 | - display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, 0, | |
249 | + display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, | |
250 | &policydb, out_fp); | |
251 | break; | |
252 | case '9': | |
253 | - display_policycon(&policydb, out_fp); | |
254 | + display_policycon(out_fp); | |
255 | break; | |
256 | case '0': | |
257 | display_initial_sids(&policydb, out_fp); | |
258 | break; | |
259 | case 'a': | |
260 | fprintf(out_fp, "avrule block requirements:\n"); | |
261 | - display_avblock(DISPLAY_AVBLOCK_REQUIRES, 0, | |
262 | + display_avblock(DISPLAY_AVBLOCK_REQUIRES, | |
263 | &policydb, out_fp); | |
264 | break; | |
265 | case 'b': | |
266 | fprintf(out_fp, "avrule block declarations:\n"); | |
267 | - display_avblock(DISPLAY_AVBLOCK_DECLARES, 0, | |
268 | + display_avblock(DISPLAY_AVBLOCK_DECLARES, | |
269 | &policydb, out_fp); | |
270 | break; | |
271 | case 'c': | |
272 | @@ -993,7 +963,7 @@ int main(int argc, char **argv) | |
273 | case 'F': | |
274 | fprintf(out_fp, "filename_trans rules:\n"); | |
275 | display_avblock(DISPLAY_AVBLOCK_FILENAME_TRANS, | |
276 | - 0, &policydb, out_fp); | |
277 | + &policydb, out_fp); | |
278 | break; | |
279 | case 'l': | |
280 | link_module(&policydb, out_fp); | |
281 | diff --git a/test/dispol.c b/test/dispol.c | |
282 | index 0e08965..f41acdc 100644 | |
283 | --- a/test/dispol.c | |
284 | +++ b/test/dispol.c | |
285 | @@ -157,7 +157,7 @@ int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what, | |
286 | ||
287 | int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp) | |
288 | { | |
289 | - int i; | |
290 | + unsigned int i; | |
291 | avtab_ptr_t cur; | |
292 | avtab_t expa; | |
293 | ||
294 | @@ -184,7 +184,7 @@ int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp) | |
295 | ||
296 | int display_bools(policydb_t * p, FILE * fp) | |
297 | { | |
298 | - int i; | |
299 | + unsigned int i; | |
300 | ||
301 | for (i = 0; i < p->p_bools.nprim; i++) { | |
302 | fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i], | |
303 | @@ -304,7 +304,7 @@ static void display_policycaps(policydb_t * p, FILE * fp) | |
304 | ebitmap_node_t *node; | |
305 | const char *capname; | |
306 | char buf[64]; | |
307 | - int i; | |
308 | + unsigned int i; | |
309 | ||
310 | fprintf(fp, "policy capabilities:\n"); | |
311 | ebitmap_for_each_bit(&p->policycaps, node, i) { | |
312 | @@ -329,7 +329,7 @@ static void display_id(policydb_t *p, FILE *fp, uint32_t symbol_type, | |
313 | static void display_permissive(policydb_t *p, FILE *fp) | |
314 | { | |
315 | ebitmap_node_t *node; | |
316 | - int i; | |
317 | + unsigned int i; | |
318 | ||
319 | fprintf(fp, "permissive sids:\n"); | |
320 | ebitmap_for_each_bit(&p->permissive_map, node, i) { |