Updated libqpol services to use the latest checkpolicy 2.4 source
files to support Xen and extended permissions (allowxperm etc.).
TODO: Add support for querying the xperm values.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
Literal strings are located in read-only memory and should be "const
char*". "gcc -Wwrite-strings" warns when using non-const literal
strings with messages like:
libqpol/policy_parse.y: In function 'yyparse':
libqpol/policy_parse.y:381:21: warning: passing argument 1 of
'insert_id' discards 'const' qualifier from pointer target type
{ if (insert_id("T",0)) return -1; }
^
Fix these warnings by using "const char*" instead of "char*" for some
function parameters.
This makes gcc report other warnings about hashtab_search (from
libsepol). This function incorrectly defines its second parameter as
"char *const key" instead of "const char* key" (this fact is hidden
behind hashtab_key_t typedef).
"gcc -Wwrite-strings" reported warnings when using hashtab_search (from
libsepol) with string literals as its second parameter is a non-constant
string.
Indeed /usr/include/sepol/policydb/hashtab.h contains:
typedef char *hashtab_key_t;
/* ... */
extern hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t k);
This means the second parameter is "char *const k", not "const char *k".
As a consequence:
* Casting to "const hashtab_key_t" leads to misunderstanding the code.
* "const char*" variables need to be explicitly casted to "char*" or
"hashtab_key_t" before calling hashtab_search.
* When using "gcc -Wwrite-strings", literal strings need to be casted to
"char*" or "hashtab_key_t" before calling hashtab_search.
* "gcc -Wcast-qual" reports an awful amount of warnings due to
const-to-nonconst pointer casts.
Add missing casts to hashtab_key_t to help finding real bugs in
setools/libqpol with gcc flags.
"python setup.py build" compiles libqpol with -DNDEBUG, which disables
the effect of assert(0). abort() is not affected by NDEBUG, so use it
instead.
This fixes gcc warnings like this:
libqpol/module_compiler.c: In function 'declare_role':
libqpol/module_compiler.c:314:1: warning: control reaches end of
non-void function [-Wreturn-type]
* Add printf format specifier for yyerror2 to be able to use
"gcc -Wformat-security"
* Constify message string to avoid gcc warnings about casting string
literals to non-const char*.
