Version is a compile-time setting. The policy can also be downgraded
or may not use newer policy version features.
Set source policies to maximum supported policy version supported by
libsepol.
Updated libqpol services to use the latest checkpolicy 2.4 source
files to support Xen and extended permissions (allowxperm etc.).
TODO: Add support for querying the xperm values.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
The policy parser does not set errno, so the libqpol code assumes the
errors from parser code are always invalid syntax, rather than something
else like out of memory. This may not always be the case, but any other
kind of error is unlikely (and likely catastrophic)
Literal strings are located in read-only memory and should be "const
char*". "gcc -Wwrite-strings" warns when using non-const literal
strings with messages like:
libqpol/policy_parse.y: In function 'yyparse':
libqpol/policy_parse.y:381:21: warning: passing argument 1 of
'insert_id' discards 'const' qualifier from pointer target type
{ if (insert_id("T",0)) return -1; }
^
Fix these warnings by using "const char*" instead of "char*" for some
function parameters.
This makes gcc report other warnings about hashtab_search (from
libsepol). This function incorrectly defines its second parameter as
"char *const key" instead of "const char* key" (this fact is hidden
behind hashtab_key_t typedef).
"gcc -Wwrite-strings" reported warnings when using hashtab_search (from
libsepol) with string literals as its second parameter is a non-constant
string.
Indeed /usr/include/sepol/policydb/hashtab.h contains:
typedef char *hashtab_key_t;
/* ... */
extern hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t k);
This means the second parameter is "char *const k", not "const char *k".
As a consequence:
* Casting to "const hashtab_key_t" leads to misunderstanding the code.
* "const char*" variables need to be explicitly casted to "char*" or
"hashtab_key_t" before calling hashtab_search.
* When using "gcc -Wwrite-strings", literal strings need to be casted to
"char*" or "hashtab_key_t" before calling hashtab_search.
* "gcc -Wcast-qual" reports an awful amount of warnings due to
const-to-nonconst pointer casts.
Add missing casts to hashtab_key_t to help finding real bugs in
setools/libqpol with gcc flags.
The declaration of fstat was missing. "gcc -Wall" reported:
libqpol/policy.c: In function 'qpol_policy_open_from_file_opt':
libqpol/policy.c:1060:3: warning: implicit declaration of function
'fstat' [-Wimplicit-function-declaration]
if (fstat(fd, &sb) < 0) {
^
"gcc -Wformat" needs printing functions to be marked with a format
attribute to be able to work. Add this attribute to some functions in
libqpol, found with "gcc -Werror=missing-format-attribute"
gcc documentation about format attribute:
https://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
