]> git.ipfire.org Git - people/arne_f/ipfire-3.x.git/blob - checkpolicy/patches/checkpolicy-rhat.patch
projects / people / arne_f / ipfire-3.x.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
checkpolicy: New package.
[people/arne_f/ipfire-3.x.git] / checkpolicy / patches / checkpolicy-rhat.patch
1 diff --git a/policy_scan.l b/policy_scan.l
2 index 5ee27f8..b4b9066 100644
3 --- a/policy_scan.l
4 +++ b/policy_scan.l
5 @@ -222,7 +222,7 @@ POLICYCAP { return(POLICYCAP); }
6 permissive |
7 PERMISSIVE { return(PERMISSIVE); }
8 "/"({alnum}|[_\.\-/])* { return(PATH); }
9 -\"({alnum}|[_\.\-])+\" { return(FILENAME); }
10 +\"({alnum}|[_\.\-\~])+\" { return(FILENAME); }
11 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
12 {alnum}*{letter}{alnum}* { return(FILESYSTEM); }
13 {digit}+|0x{hexval}+ { return(NUMBER); }
14 diff --git a/test/Makefile b/test/Makefile
15 index 65cf901..0731e89 100644
16 --- a/test/Makefile
17 +++ b/test/Makefile
18 @@ -6,7 +6,7 @@ BINDIR=$(PREFIX)/bin
19 LIBDIR=$(PREFIX)/lib
20 INCLUDEDIR ?= $(PREFIX)/include
21
22 -CFLAGS ?= -g -Wall -O2 -pipe
23 +CFLAGS ?= -g -Wall -W -Werror -O2 -pipe
24 override CFLAGS += -I$(INCLUDEDIR)
25
26 LDLIBS=-lfl -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR)
27 diff --git a/test/dismod.c b/test/dismod.c
28 index 1674a47..6a951f6 100644
29 --- a/test/dismod.c
30 +++ b/test/dismod.c
31 @@ -115,7 +115,7 @@ static void display_id(policydb_t * p, FILE * fp, uint32_t symbol_type,
32 int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
33 FILE * fp)
34 {
35 - int i, num_types;
36 + unsigned int i, num_types;
37
38 if (set->flags & TYPE_STAR) {
39 fprintf(fp, " * ");
40 @@ -178,7 +178,7 @@ int display_type_set(type_set_t * set, uint32_t flags, policydb_t * policy,
41
42 int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
43 {
44 - int i, num = 0;
45 + unsigned int i, num = 0;
46
47 if (roles->flags & ROLE_STAR) {
48 fprintf(fp, " * ");
49 @@ -211,13 +211,7 @@ int display_mod_role_set(role_set_t * roles, policydb_t * p, FILE * fp)
50
51 }
52
53 -/* 'what' values for this function */
54 -#define RENDER_UNCONDITIONAL 0x0001 /* render all regardless of enabled state */
55 -#define RENDER_ENABLED 0x0002
56 -#define RENDER_DISABLED 0x0004
57 -#define RENDER_CONDITIONAL (RENDER_ENABLED|RENDER_DISABLED)
58 -
59 -int display_avrule(avrule_t * avrule, uint32_t what, policydb_t * policy,
60 +int display_avrule(avrule_t * avrule, policydb_t * policy,
61 FILE * fp)
62 {
63 class_perm_node_t *cur;
64 @@ -299,7 +293,7 @@ int display_type_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
65 {
66 type_datum_t *type;
67 FILE *fp;
68 - int i, first_attrib = 1;
69 + unsigned int i, first_attrib = 1;
70
71 type = (type_datum_t *) datum;
72 fp = (FILE *) data;
73 @@ -346,7 +340,7 @@ int display_types(policydb_t * p, FILE * fp)
74
75 int display_users(policydb_t * p, FILE * fp)
76 {
77 - int i, j;
78 + unsigned int i, j;
79 ebitmap_t *bitmap;
80 for (i = 0; i < p->p_users.nprim; i++) {
81 display_id(p, fp, SYM_USERS, i, "");
82 @@ -365,7 +359,7 @@ int display_users(policydb_t * p, FILE * fp)
83
84 int display_bools(policydb_t * p, FILE * fp)
85 {
86 - int i;
87 + unsigned int i;
88
89 for (i = 0; i < p->p_bools.nprim; i++) {
90 display_id(p, fp, SYM_BOOLS, i, "");
91 @@ -409,30 +403,11 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
92 }
93 }
94
95 -void display_policycon(policydb_t * p, FILE * fp)
96 +void display_policycon(FILE * fp)
97 {
98 -#if 0
99 - int i;
100 - ocontext_t *cur;
101 - char *name;
102 -
103 - for (i = 0; i < POLICYCON_NUM; i++) {
104 - fprintf(fp, "%s:", symbol_labels[i]);
105 - for (cur = p->policycon[i].head; cur != NULL; cur = cur->next) {
106 - if (*(cur->u.name) == '\0') {
107 - name = "{default}";
108 - } else {
109 - name = cur->u.name;
110 - }
111 - fprintf(fp, "\n%16s - %s:%s:%s", name,
112 - p->p_user_val_to_name[cur->context[0].user - 1],
113 - p->p_role_val_to_name[cur->context[0].role - 1],
114 - p->p_type_val_to_name[cur->context[0].type -
115 - 1]);
116 - }
117 - fprintf(fp, "\n");
118 - }
119 -#endif
120 + /* There was an attempt to implement this at one time. Look through
121 + * git history to find it. */
122 + fprintf(fp, "Sorry, not implemented\n");
123 }
124
125 void display_initial_sids(policydb_t * p, FILE * fp)
126 @@ -462,7 +437,7 @@ void display_initial_sids(policydb_t * p, FILE * fp)
127
128 void display_class_set(ebitmap_t *classes, policydb_t *p, FILE *fp)
129 {
130 - int i, num = 0;
131 + unsigned int i, num = 0;
132
133 for (i = ebitmap_startbit(classes); i < ebitmap_length(classes); i++) {
134 if (!ebitmap_get_bit(classes, i))
135 @@ -518,7 +493,8 @@ static void display_filename_trans(filename_trans_rule_t * tr, policydb_t * p, F
136 }
137 }
138
139 -int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
140 +int role_display_callback(hashtab_key_t key __attribute__((unused)),
141 + hashtab_datum_t datum, void *data)
142 {
143 role_datum_t *role;
144 FILE *fp;
145 @@ -538,9 +514,9 @@ int role_display_callback(hashtab_key_t key, hashtab_datum_t datum, void *data)
146 static int display_scope_index(scope_index_t * indices, policydb_t * p,
147 FILE * out_fp)
148 {
149 - int i;
150 + unsigned int i;
151 for (i = 0; i < SYM_NUM; i++) {
152 - int any_found = 0, j;
153 + unsigned int any_found = 0, j;
154 fprintf(out_fp, "%s:", symbol_labels[i]);
155 for (j = ebitmap_startbit(&indices->scope[i]);
156 j < ebitmap_length(&indices->scope[i]); j++) {
157 @@ -611,7 +587,7 @@ int change_bool(char *name, int state, policydb_t * p, FILE * fp)
158 }
159 #endif
160
161 -int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
162 +int display_avdecl(avrule_decl_t * decl, int field,
163 policydb_t * policy, FILE * out_fp)
164 {
165 fprintf(out_fp, "decl %u:%s\n", decl->decl_id,
166 @@ -629,7 +605,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
167 avrule = cond->avtrue_list;
168 while (avrule) {
169 display_avrule(avrule,
170 - RENDER_UNCONDITIONAL,
171 &policydb, out_fp);
172 avrule = avrule->next;
173 }
174 @@ -637,7 +612,6 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
175 avrule = cond->avfalse_list;
176 while (avrule) {
177 display_avrule(avrule,
178 - RENDER_UNCONDITIONAL,
179 &policydb, out_fp);
180 avrule = avrule->next;
181 }
182 @@ -651,10 +625,8 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
183 fprintf(out_fp, " <empty>\n");
184 }
185 while (avrule != NULL) {
186 - if (display_avrule
187 - (avrule, what, policy, out_fp)) {
188 + if (display_avrule(avrule, policy, out_fp))
189 return -1;
190 - }
191 avrule = avrule->next;
192 }
193 break;
194 @@ -696,7 +668,7 @@ int display_avdecl(avrule_decl_t * decl, int field, uint32_t what,
195 return 0; /* should never get here */
196 }
197
198 -int display_avblock(int field, uint32_t what, policydb_t * policy,
199 +int display_avblock(int field, policydb_t * policy,
200 FILE * out_fp)
201 {
202 avrule_block_t *block = policydb.global;
203 @@ -704,7 +676,7 @@ int display_avblock(int field, uint32_t what, policydb_t * policy,
204 fprintf(out_fp, "--- begin avrule block ---\n");
205 avrule_decl_t *decl = block->branch_list;
206 while (decl != NULL) {
207 - if (display_avdecl(decl, field, what, policy, out_fp)) {
208 + if (display_avdecl(decl, field, policy, out_fp)) {
209 return -1;
210 }
211 decl = decl->next;
212 @@ -820,7 +792,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
213 ebitmap_node_t *node;
214 const char *capname;
215 char buf[64];
216 - int i;
217 + unsigned int i;
218
219 fprintf(fp, "policy capabilities:\n");
220 ebitmap_for_each_bit(&p->policycaps, node, i) {
221 @@ -915,14 +887,12 @@ int main(int argc, char **argv)
222 case '1':
223 fprintf(out_fp, "unconditional avtab:\n");
224 display_avblock(DISPLAY_AVBLOCK_UNCOND_AVTAB,
225 - RENDER_UNCONDITIONAL, &policydb,
226 - out_fp);
227 + &policydb, out_fp);
228 break;
229 case '2':
230 fprintf(out_fp, "conditional avtab:\n");
231 display_avblock(DISPLAY_AVBLOCK_COND_AVTAB,
232 - RENDER_UNCONDITIONAL, &policydb,
233 - out_fp);
234 + &policydb, out_fp);
235 break;
236 case '3':
237 display_users(&policydb, out_fp);
238 @@ -944,28 +914,28 @@ int main(int argc, char **argv)
239 break;
240 case '7':
241 fprintf(out_fp, "role transitions:\n");
242 - display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS, 0,
243 + display_avblock(DISPLAY_AVBLOCK_ROLE_TRANS,
244 &policydb, out_fp);
245 break;
246 case '8':
247 fprintf(out_fp, "role allows:\n");
248 - display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW, 0,
249 + display_avblock(DISPLAY_AVBLOCK_ROLE_ALLOW,
250 &policydb, out_fp);
251 break;
252 case '9':
253 - display_policycon(&policydb, out_fp);
254 + display_policycon(out_fp);
255 break;
256 case '0':
257 display_initial_sids(&policydb, out_fp);
258 break;
259 case 'a':
260 fprintf(out_fp, "avrule block requirements:\n");
261 - display_avblock(DISPLAY_AVBLOCK_REQUIRES, 0,
262 + display_avblock(DISPLAY_AVBLOCK_REQUIRES,
263 &policydb, out_fp);
264 break;
265 case 'b':
266 fprintf(out_fp, "avrule block declarations:\n");
267 - display_avblock(DISPLAY_AVBLOCK_DECLARES, 0,
268 + display_avblock(DISPLAY_AVBLOCK_DECLARES,
269 &policydb, out_fp);
270 break;
271 case 'c':
272 @@ -993,7 +963,7 @@ int main(int argc, char **argv)
273 case 'F':
274 fprintf(out_fp, "filename_trans rules:\n");
275 display_avblock(DISPLAY_AVBLOCK_FILENAME_TRANS,
276 - 0, &policydb, out_fp);
277 + &policydb, out_fp);
278 break;
279 case 'l':
280 link_module(&policydb, out_fp);
281 diff --git a/test/dispol.c b/test/dispol.c
282 index 0e08965..f41acdc 100644
283 --- a/test/dispol.c
284 +++ b/test/dispol.c
285 @@ -157,7 +157,7 @@ int render_av_rule(avtab_key_t * key, avtab_datum_t * datum, uint32_t what,
286
287 int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
288 {
289 - int i;
290 + unsigned int i;
291 avtab_ptr_t cur;
292 avtab_t expa;
293
294 @@ -184,7 +184,7 @@ int display_avtab(avtab_t * a, uint32_t what, policydb_t * p, FILE * fp)
295
296 int display_bools(policydb_t * p, FILE * fp)
297 {
298 - int i;
299 + unsigned int i;
300
301 for (i = 0; i < p->p_bools.nprim; i++) {
302 fprintf(fp, "%s : %d\n", p->p_bool_val_to_name[i],
303 @@ -304,7 +304,7 @@ static void display_policycaps(policydb_t * p, FILE * fp)
304 ebitmap_node_t *node;
305 const char *capname;
306 char buf[64];
307 - int i;
308 + unsigned int i;
309
310 fprintf(fp, "policy capabilities:\n");
311 ebitmap_for_each_bit(&p->policycaps, node, i) {
312 @@ -329,7 +329,7 @@ static void display_id(policydb_t *p, FILE *fp, uint32_t symbol_type,
313 static void display_permissive(policydb_t *p, FILE *fp)
314 {
315 ebitmap_node_t *node;
316 - int i;
317 + unsigned int i;
318
319 fprintf(fp, "permissive sids:\n");
320 ebitmap_for_each_bit(&p->permissive_map, node, i) {
Arne's tree of IPFire 3.x.