[people/arne_f/ipfire-3.x.git] / checkpolicy / patches / checkpolicy-rhat.patch

diff --git a/policy_scan.l b/policy_scan.l
index 5ee27f8..b4b9066 100644
--- a/policy_scan.l
+++ b/policy_scan.l
@@ -222,7 +222,7 @@ POLICYCAP			{ return(POLICYCAP); }
 permissive |
 PERMISSIVE			{ return(PERMISSIVE); }
 "/"({alnum}|[_\.\-/])*	        { return(PATH); }
-\"({alnum}|[_\.\-])+\"			{ return(FILENAME); }
+\"({alnum}|[_\.\-\~])+\"			{ return(FILENAME); }
 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
 {alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
 {digit}+|0x{hexval}+            { return(NUMBER); }
diff --git a/test/Makefile b/test/Makefile
index 65cf901..0731e89 100644
--- a/test/Makefile
+++ b/test/Makefile
@@ -6,7 +6,7 @@ BINDIR=$(PREFIX)/bin
 LIBDIR=$(PREFIX)/lib
 INCLUDEDIR ?= $(PREFIX)/include
 
-CFLAGS ?= -g -Wall -O2 -pipe
+CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
 override CFLAGS += -I$(INCLUDEDIR)
 
 LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
diff --git a/test/dismod.c b/test/dismod.c
index 1674a47..6a951f6 100644
--- a/test/dismod.c
+++ b/test/dismod.c
@@ -115,7 +115,7 @@ static void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type,
 int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
 		     FILE * fp)
 {
-	int i, num_types;
+	unsigned int i, num_types;
 
 	if (set->flags & TYPE_STAR) {
 		fprintf(fp, " * ");
@@ -178,7 +178,7 @@ int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
 
 int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
 {
-	int i, num = 0;
+	unsigned int i, num = 0;
 
 	if (roles->flags & ROLE_STAR) {
 		fprintf(fp, " * ");
@@ -211,13 +211,7 @@ int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
 
 }
 
-/* 'what' values for this function */
-#define	RENDER_UNCONDITIONAL	0x0001	/* render all regardless of enabled state */
-#define RENDER_ENABLED		0x0002
-#define RENDER_DISABLED		0x0004
-#define RENDER_CONDITIONAL	(RENDER_ENABLED|RENDER_DISABLED)
-
-int display_avrule(avrule_t * avrule, uint32_t what, policydb_t * policy,
+int display_avrule(avrule_t * avrule, policydb_t * policy,
 		   FILE * fp)
 {
 	class_perm_node_t *cur;
@@ -299,7 +293,7 @@ int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
 {
 	type_datum_t *type;
 	FILE *fp;
-	int i, first_attrib = 1;
+	unsigned int i, first_attrib = 1;
 
 	type = (type_datum_t *) datum;
 	fp = (FILE *) data;
@@ -346,7 +340,7 @@ int display_types(policydb_t * p, FILE * fp)
 
 int display_users(policydb_t * p, FILE * fp)
 {
-	int i, j;
+	unsigned int i, j;
 	ebitmap_t *bitmap;
 	for (i = 0; i < p->p_users.nprim; i++) {
 		display_id(p, fp, SYM_USERS, i, "");
@@ -365,7 +359,7 @@ int display_users(policydb_t * p, FILE * fp)
 
 int display_bools(policydb_t * p, FILE * fp)
 {
-	int i;
+	unsigned int i;
 
 	for (i = 0; i < p->p_bools.nprim; i++) {
 		display_id(p, fp, SYM_BOOLS, i, "");
@@ -409,30 +403,11 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
 	}
 }
 
-void display_policycon(policydb_t * p, FILE * fp)
+void display_policycon(FILE * fp)
 {
-#if 0
-	int i;
-	ocontext_t *cur;
-	char *name;
-
-	for (i = 0; i < POLICYCON_NUM; i++) {
-		fprintf(fp, "%s:", symbol_labels[i]);
-		for (cur = p->policycon[i].head; cur != NULL; cur = cur->next) {
-			if (*(cur->u.name) == '\0') {
-				name = "{default}";
-			} else {
-				name = cur->u.name;
-			}
-			fprintf(fp, "\n%16s - %s:%s:%s", name,
-				p->p_user_val_to_name[cur->context[0].user - 1],
-				p->p_role_val_to_name[cur->context[0].role - 1],
-				p->p_type_val_to_name[cur->context[0].type -
-						      1]);
-		}
-		fprintf(fp, "\n");
-	}
-#endif
+	/* There was an attempt to implement this at one time.  Look through
+	 * git history to find it. */
+	fprintf(fp, "Sorry, not implemented\n");
 }
 
 void display_initial_sids(policydb_t * p, FILE * fp)
@@ -462,7 +437,7 @@ void display_initial_sids(policydb_t * p, FILE * fp)
 
 void display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp)
 {
-	int i, num = 0;
+	unsigned int i, num = 0;
 
 	for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) {
 		if (!ebitmap_get_bit(classes, i))
@@ -518,7 +493,8 @@ static void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, F
 	}
 }
 
-int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
+int role_display_callback(hashtab_key_t key __attribute__((unused)),
+			  hashtab_datum_t datum, void *data)
 {
 	role_datum_t *role;
 	FILE *fp;
@@ -538,9 +514,9 @@ int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
 static int display_scope_index(scope_index_t * indices, policydb_t * p,
 			       FILE * out_fp)
 {
-	int i;
+	unsigned int i;
 	for (i = 0; i < SYM_NUM; i++) {
-		int any_found = 0, j;
+		unsigned int any_found = 0, j;
 		fprintf(out_fp, "%s:", symbol_labels[i]);
 		for (j = ebitmap_startbit(&indices->scope[i]);
 		     j < ebitmap_length(&indices->scope[i]); j++) {
@@ -611,7 +587,7 @@ int change_bool(char *name, int state, policydb_t * p, FILE * fp)
 }
 #endif
 
-int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
+int display_avdecl(avrule_decl_t * decl, int field,
 		   policydb_t * policy, FILE * out_fp)
 {
 	fprintf(out_fp, "decl %u:%s\n", decl->decl_id,
@@ -629,7 +605,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 				avrule = cond->avtrue_list;
 				while (avrule) {
 					display_avrule(avrule,
-						       RENDER_UNCONDITIONAL,
 						       &policydb, out_fp);
 					avrule = avrule->next;
 				}
@@ -637,7 +612,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 				avrule = cond->avfalse_list;
 				while (avrule) {
 					display_avrule(avrule,
-						       RENDER_UNCONDITIONAL,
 						       &policydb, out_fp);
 					avrule = avrule->next;
 				}
@@ -651,10 +625,8 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 				fprintf(out_fp, "  <empty>\n");
 			}
 			while (avrule != NULL) {
-				if (display_avrule
-				    (avrule, what, policy, out_fp)) {
+				if (display_avrule(avrule, policy, out_fp))
 					return -1;
-				}
 				avrule = avrule->next;
 			}
 			break;
@@ -696,7 +668,7 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
 	return 0;		/* should never get here */
 }
 
-int display_avblock(int field, uint32_t what, policydb_t * policy,
+int display_avblock(int field, policydb_t * policy,
 		    FILE * out_fp)
 {
 	avrule_block_t *block = policydb.global;
@@ -704,7 +676,7 @@ int display_avblock(int field, uint32_t what, policydb_t * policy,
 		fprintf(out_fp, "--- begin avrule block ---\n");
 		avrule_decl_t *decl = block->branch_list;
 		while (decl != NULL) {
-			if (display_avdecl(decl, field, what, policy, out_fp)) {
+			if (display_avdecl(decl, field, policy, out_fp)) {
 				return -1;
 			}
 			decl = decl->next;
@@ -820,7 +792,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
 	ebitmap_node_t *node;
 	const char *capname;
 	char buf[64];
-	int i;
+	unsigned int i;
 
 	fprintf(fp, "policy capabilities:\n");
 	ebitmap_for_each_bit(&p->policycaps, node, i) {
@@ -915,14 +887,12 @@ int main(int argc, char **argv)
 		case '1':
 			fprintf(out_fp, "unconditional avtab:\n");
 			display_avblock(DISPLAY_AVBLOCK_UNCOND_AVTAB,
-					RENDER_UNCONDITIONAL, &policydb,
-					out_fp);
+					&policydb, out_fp);
 			break;
 		case '2':
 			fprintf(out_fp, "conditional avtab:\n");
 			display_avblock(DISPLAY_AVBLOCK_COND_AVTAB,
-					RENDER_UNCONDITIONAL, &policydb,
-					out_fp);
+					&policydb, out_fp);
 			break;
 		case '3':
 			display_users(&policydb, out_fp);
@@ -944,28 +914,28 @@ int main(int argc, char **argv)
 			break;
 		case '7':
 			fprintf(out_fp, "role transitions:\n");
-			display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, 0,
+			display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS,
 					&policydb, out_fp);
 			break;
 		case '8':
 			fprintf(out_fp, "role allows:\n");
-			display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, 0,
+			display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW,
 					&policydb, out_fp);
 			break;
 		case '9':
-			display_policycon(&policydb, out_fp);
+			display_policycon(out_fp);
 			break;
 		case '0':
 			display_initial_sids(&policydb, out_fp);
 			break;
 		case 'a':
 			fprintf(out_fp, "avrule block requirements:\n");
-			display_avblock(DISPLAY_AVBLOCK_REQUIRES, 0,
+			display_avblock(DISPLAY_AVBLOCK_REQUIRES,
 					&policydb, out_fp);
 			break;
 		case 'b':
 			fprintf(out_fp, "avrule block declarations:\n");
-			display_avblock(DISPLAY_AVBLOCK_DECLARES, 0,
+			display_avblock(DISPLAY_AVBLOCK_DECLARES,
 					&policydb, out_fp);
 			break;
 		case 'c':
@@ -993,7 +963,7 @@ int main(int argc, char **argv)
 		case 'F':
 			fprintf(out_fp, "filename_trans rules:\n");
 			display_avblock(DISPLAY_AVBLOCK_FILENAME_TRANS,
-					0, &policydb, out_fp);
+					&policydb, out_fp);
 			break;
 		case 'l':
 			link_module(&policydb, out_fp);
diff --git a/test/dispol.c b/test/dispol.c
index 0e08965..f41acdc 100644
--- a/test/dispol.c
+++ b/test/dispol.c
@@ -157,7 +157,7 @@ int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what,
 
 int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
 {
-	int i;
+	unsigned int i;
 	avtab_ptr_t cur;
 	avtab_t expa;
 
@@ -184,7 +184,7 @@ int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
 
 int display_bools(policydb_t * p, FILE * fp)
 {
-	int i;
+	unsigned int i;
 
 	for (i = 0; i < p->p_bools.nprim; i++) {
 		fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
@@ -304,7 +304,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
 	ebitmap_node_t *node;
 	const char *capname;
 	char buf[64];
-	int i;
+	unsigned int i;
 
 	fprintf(fp, "policy capabilities:\n");
 	ebitmap_for_each_bit(&p->policycaps, node, i) {
@@ -329,7 +329,7 @@ static void display_id(policydb_t *p, FILE *fp, uint32_t symbol_type,
 static void display_permissive(policydb_t *p, FILE *fp)
 {
 	ebitmap_node_t *node;
-	int i;
+	unsigned int i;
 
 	fprintf(fp, "permissive sids:\n");
 	ebitmap_for_each_bit(&p->permissive_map, node, i) {
Commit	Line	Data
fd72915b SS	1	diff --git a/policy_scan.l b/policy_scan.l
	2	index 5ee27f8..b4b9066 100644
	3	--- a/policy_scan.l
	4	+++ b/policy_scan.l
	5	@@ -222,7 +222,7 @@ POLICYCAP { return(POLICYCAP); }
	6	permissive \|
	7	PERMISSIVE { return(PERMISSIVE); }
	8	"/"({alnum}\|[_\.\-/])* { return(PATH); }
	9	-\"({alnum}\|[_\.\-])+\" { return(FILENAME); }
	10	+\"({alnum}\|[_\.\-\~])+\" { return(FILENAME); }
	11	{letter}({alnum}\|[_\-])([\.]?({alnum}\|[_\-])) { return(IDENTIFIER); }
	12	{alnum}{letter}{alnum} { return(FILESYSTEM); }
	13	{digit}+\|0x{hexval}+ { return(NUMBER); }
	14	diff --git a/test/Makefile b/test/Makefile
	15	index 65cf901..0731e89 100644
	16	--- a/test/Makefile
	17	+++ b/test/Makefile
	18	@@ -6,7 +6,7 @@ BINDIR=$(PREFIX)/bin
	19	LIBDIR=$(PREFIX)/lib
	20	INCLUDEDIR ?= $(PREFIX)/include
	21
	22	-CFLAGS ?= -g -Wall -O2 -pipe
	23	+CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
	24	override CFLAGS += -I$(INCLUDEDIR)
	25
	26	LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
	27	diff --git a/test/dismod.c b/test/dismod.c
	28	index 1674a47..6a951f6 100644
	29	--- a/test/dismod.c
	30	+++ b/test/dismod.c
	31	@@ -115,7 +115,7 @@ static void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type,
	32	int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
	33	FILE * fp)
	34	{
	35	- int i, num_types;
	36	+ unsigned int i, num_types;
	37
	38	if (set->flags & TYPE_STAR) {
	39	fprintf(fp, " * ");
	40	@@ -178,7 +178,7 @@ int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
	41
	42	int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
	43	{
	44	- int i, num = 0;
	45	+ unsigned int i, num = 0;
	46
	47	if (roles->flags & ROLE_STAR) {
	48	fprintf(fp, " * ");
	49	@@ -211,13 +211,7 @@ int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
	50
	51	}
	52
	53	-/* 'what' values for this function */
	54	-#define RENDER_UNCONDITIONAL 0x0001 /* render all regardless of enabled state */
	55	-#define RENDER_ENABLED 0x0002
	56	-#define RENDER_DISABLED 0x0004
	57	-#define RENDER_CONDITIONAL (RENDER_ENABLED\|RENDER_DISABLED)
	58	-
	59	-int display_avrule(avrule_t * avrule, uint32_t what, policydb_t * policy,
	60	+int display_avrule(avrule_t * avrule, policydb_t * policy,
	61	FILE * fp)
	62	{
	63	class_perm_node_t *cur;
	64	@@ -299,7 +293,7 @@ int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
65	{
66	type_datum_t *type;
67	FILE *fp;
68	- int i, first_attrib = 1;
69	+ unsigned int i, first_attrib = 1;
70
71	type = (type_datum_t *) datum;
72	fp = (FILE *) data;
73	@@ -346,7 +340,7 @@ int display_types(policydb_t * p, FILE * fp)
74
75	int display_users(policydb_t * p, FILE * fp)
76	{
77	- int i, j;
78	+ unsigned int i, j;
79	ebitmap_t *bitmap;
80	for (i = 0; i < p->p_users.nprim; i++) {
81	display_id(p, fp, SYM_USERS, i, "");
82	@@ -365,7 +359,7 @@ int display_users(policydb_t * p, FILE * fp)
83
84	int display_bools(policydb_t * p, FILE * fp)
85	{
86	- int i;
87	+ unsigned int i;
88
89	for (i = 0; i < p->p_bools.nprim; i++) {
90	display_id(p, fp, SYM_BOOLS, i, "");
91	@@ -409,30 +403,11 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
92	}
93	}
94
95	-void display_policycon(policydb_t * p, FILE * fp)
96	+void display_policycon(FILE * fp)
97	{
98	-#if 0
99	- int i;
100	- ocontext_t *cur;
101	- char *name;
102	-
103	- for (i = 0; i < POLICYCON_NUM; i++) {
104	- fprintf(fp, "%s:", symbol_labels[i]);
105	- for (cur = p->policycon[i].head; cur != NULL; cur = cur->next) {
106	- if (*(cur->u.name) == '\0') {
107	- name = "{default}";
108	- } else {
109	- name = cur->u.name;
110	- }
111	- fprintf(fp, "\n%16s - %s:%s:%s", name,
112	- p->p_user_val_to_name[cur->context[0].user - 1],
113	- p->p_role_val_to_name[cur->context[0].role - 1],
114	- p->p_type_val_to_name[cur->context[0].type -
115	- 1]);
116	- }
117	- fprintf(fp, "\n");
118	- }
119	-#endif
120	+ /* There was an attempt to implement this at one time. Look through
121	+ * git history to find it. */
122	+ fprintf(fp, "Sorry, not implemented\n");
123	}
124
125	void display_initial_sids(policydb_t * p, FILE * fp)
126	@@ -462,7 +437,7 @@ void display_initial_sids(policydb_t * p, FILE * fp)
127
128	void display_class_set(ebitmap_t classes, policydb_t p, FILE *fp)
129	{
130	- int i, num = 0;
131	+ unsigned int i, num = 0;
132
133	for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) {
134	if (!ebitmap_get_bit(classes, i))
135	@@ -518,7 +493,8 @@ static void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, F
136	}
137	}
138
139	-int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
140	+int role_display_callback(hashtab_key_t key __attribute__((unused)),
141	+ hashtab_datum_t datum, void *data)
142	{
143	role_datum_t *role;
144	FILE *fp;
145	@@ -538,9 +514,9 @@ int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
146	static int display_scope_index(scope_index_t * indices, policydb_t * p,
147	FILE * out_fp)
148	{
149	- int i;
150	+ unsigned int i;
151	for (i = 0; i < SYM_NUM; i++) {
152	- int any_found = 0, j;
153	+ unsigned int any_found = 0, j;
154	fprintf(out_fp, "%s:", symbol_labels[i]);
155	for (j = ebitmap_startbit(&indices->scope[i]);
156	j < ebitmap_length(&indices->scope[i]); j++) {
157	@@ -611,7 +587,7 @@ int change_bool(char name, int state, policydb_t p, FILE * fp)
158	}
159	#endif
160
161	-int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
162	+int display_avdecl(avrule_decl_t * decl, int field,
163	policydb_t * policy, FILE * out_fp)
164	{
165	fprintf(out_fp, "decl %u:%s\n", decl->decl_id,
166	@@ -629,7 +605,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
167	avrule = cond->avtrue_list;
168	while (avrule) {
169	display_avrule(avrule,
170	- RENDER_UNCONDITIONAL,
171	&policydb, out_fp);
172	avrule = avrule->next;
173	}
174	@@ -637,7 +612,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
175	avrule = cond->avfalse_list;
176	while (avrule) {
177	display_avrule(avrule,
178	- RENDER_UNCONDITIONAL,
179	&policydb, out_fp);
180	avrule = avrule->next;
181	}
182	@@ -651,10 +625,8 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
183	fprintf(out_fp, " <empty>\n");
184	}
185	while (avrule != NULL) {
186	- if (display_avrule
187	- (avrule, what, policy, out_fp)) {
188	+ if (display_avrule(avrule, policy, out_fp))
189	return -1;
190	- }
191	avrule = avrule->next;
192	}
193	break;
194	@@ -696,7 +668,7 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
195	return 0; /* should never get here */
196	}
197
198	-int display_avblock(int field, uint32_t what, policydb_t * policy,
199	+int display_avblock(int field, policydb_t * policy,
200	FILE * out_fp)
201	{
202	avrule_block_t *block = policydb.global;
203	@@ -704,7 +676,7 @@ int display_avblock(int field, uint32_t what, policydb_t * policy,
204	fprintf(out_fp, "--- begin avrule block ---\n");
205	avrule_decl_t *decl = block->branch_list;
206	while (decl != NULL) {
207	- if (display_avdecl(decl, field, what, policy, out_fp)) {
208	+ if (display_avdecl(decl, field, policy, out_fp)) {
209	return -1;
210	}
211	decl = decl->next;
212	@@ -820,7 +792,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
213	ebitmap_node_t *node;
214	const char *capname;
215	char buf[64];
216	- int i;
217	+ unsigned int i;
218
219	fprintf(fp, "policy capabilities:\n");
220	ebitmap_for_each_bit(&p->policycaps, node, i) {
221	@@ -915,14 +887,12 @@ int main(int argc, char **argv)
222	case '1':
223	fprintf(out_fp, "unconditional avtab:\n");
224	display_avblock(DISPLAY_AVBLOCK_UNCOND_AVTAB,
225	- RENDER_UNCONDITIONAL, &policydb,
226	- out_fp);
227	+ &policydb, out_fp);
228	break;
229	case '2':
230	fprintf(out_fp, "conditional avtab:\n");
231	display_avblock(DISPLAY_AVBLOCK_COND_AVTAB,
232	- RENDER_UNCONDITIONAL, &policydb,
233	- out_fp);
234	+ &policydb, out_fp);
235	break;
236	case '3':
237	display_users(&policydb, out_fp);
238	@@ -944,28 +914,28 @@ int main(int argc, char **argv)
239	break;
240	case '7':
241	fprintf(out_fp, "role transitions:\n");
242	- display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, 0,
243	+ display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS,
244	&policydb, out_fp);
245	break;
246	case '8':
247	fprintf(out_fp, "role allows:\n");
248	- display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, 0,
249	+ display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW,
250	&policydb, out_fp);
251	break;
252	case '9':
253	- display_policycon(&policydb, out_fp);
254	+ display_policycon(out_fp);
255	break;
256	case '0':
257	display_initial_sids(&policydb, out_fp);
258	break;
259	case 'a':
260	fprintf(out_fp, "avrule block requirements:\n");
261	- display_avblock(DISPLAY_AVBLOCK_REQUIRES, 0,
262	+ display_avblock(DISPLAY_AVBLOCK_REQUIRES,
263	&policydb, out_fp);
264	break;
265	case 'b':
266	fprintf(out_fp, "avrule block declarations:\n");
267	- display_avblock(DISPLAY_AVBLOCK_DECLARES, 0,
268	+ display_avblock(DISPLAY_AVBLOCK_DECLARES,
269	&policydb, out_fp);
270	break;
271	case 'c':
272	@@ -993,7 +963,7 @@ int main(int argc, char **argv)
273	case 'F':
274	fprintf(out_fp, "filename_trans rules:\n");
275	display_avblock(DISPLAY_AVBLOCK_FILENAME_TRANS,
276	- 0, &policydb, out_fp);
277	+ &policydb, out_fp);
278	break;
279	case 'l':
280	link_module(&policydb, out_fp);
281	diff --git a/test/dispol.c b/test/dispol.c
282	index 0e08965..f41acdc 100644
283	--- a/test/dispol.c
284	+++ b/test/dispol.c
285	@@ -157,7 +157,7 @@ int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what,
286
287	int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
288	{
289	- int i;
290	+ unsigned int i;
291	avtab_ptr_t cur;
292	avtab_t expa;
293
294	@@ -184,7 +184,7 @@ int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
295
296	int display_bools(policydb_t * p, FILE * fp)
297	{
298	- int i;
299	+ unsigned int i;
300
301	for (i = 0; i < p->p_bools.nprim; i++) {
302	fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
303	@@ -304,7 +304,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
304	ebitmap_node_t *node;
305	const char *capname;
306	char buf[64];
307	- int i;
308	+ unsigned int i;
309
310	fprintf(fp, "policy capabilities:\n");
311	ebitmap_for_each_bit(&p->policycaps, node, i) {
312	@@ -329,7 +329,7 @@ static void display_id(policydb_t p, FILE fp, uint32_t symbol_type,
313	static void display_permissive(policydb_t p, FILE fp)
314	{
315	ebitmap_node_t *node;
316	- int i;
317	+ unsigned int i;
318
319	fprintf(fp, "permissive sids:\n");
320	ebitmap_for_each_bit(&p->permissive_map, node, i) {