checkpolicy: Cleanup error messages

Add the new function print_error_msg() to print an error message
based on the local error number and symbol_type. Remove the
duplicate switch statements used throughout module_complier.c
to display error messages.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
This commit is contained in:
James Carter 2017-01-31 13:47:17 -05:00
parent a141c0d19f
commit a7a0678999

View File

@ -51,6 +51,34 @@ static scope_stack_t *stack_top = NULL;
static avrule_block_t *last_block;
static uint32_t next_decl_id = 1;
static const char * const flavor_str[SYM_NUM] = {
[SYM_COMMONS] = "common",
[SYM_CLASSES] = "class",
[SYM_ROLES] = "role",
[SYM_TYPES] = "type",
[SYM_USERS] = "user",
[SYM_BOOLS] = "bool",
[SYM_LEVELS] = "level",
[SYM_CATS] = "cat"
};
void print_error_msg(int ret, uint32_t symbol_type)
{
switch (ret) {
case -3:
yyerror("Out of memory!");
break;
case -2:
yyerror2("Duplicate declaration of %s", flavor_str[symbol_type]);
break;
case -1:
yyerror2("Could not declare %s here", flavor_str[symbol_type]);
break;
default:
yyerror("Unknown error");
}
}
int define_policy(int pass, int module_header_given)
{
char *id;
@ -246,23 +274,10 @@ static int create_role(uint32_t scope, unsigned char isattr, role_datum_t **role
*role = datum;
*key = id;
} else {
print_error_msg(ret, SYM_ROLES);
free(id);
role_datum_destroy(datum);
free(datum);
switch (ret) {
case -3:
yyerror("Out of memory!");
break;
case -2:
yyerror("duplicate declaration of role");
break;
case -1:
yyerror("could not declare role here");
break;
default:
abort(); /* should never get here */
}
}
return ret;
@ -385,23 +400,10 @@ static int create_type(uint32_t scope, unsigned char isattr, type_datum_t **type
*type = hashtab_search(policydbp->symtab[SYM_TYPES].table, id);
free(id);
} else {
print_error_msg(ret, SYM_TYPES);
free(id);
type_datum_destroy(datum);
free(datum);
switch (ret) {
case -3:
yyerror("Out of memory!");
break;
case -2:
yyerror2("duplicate declaration of type/attribute");
break;
case -1:
yyerror("could not declare type/attribute here");
break;
default:
abort(); /* should never get here */
}
}
return ret;
@ -499,23 +501,10 @@ static int create_user(uint32_t scope, user_datum_t **user, char **key)
*user = datum;
*key = id;
} else {
print_error_msg(ret, SYM_USERS);
free(id);
user_datum_destroy(datum);
free(datum);
switch (ret) {
case -3:
yyerror("Out of memory!");
break;
case -2:
yyerror("duplicate declaration of user");
break;
case -1:
yyerror("could not declare user here");
break;
default:
abort(); /* should never get here */
}
}
return ret;
@ -842,50 +831,29 @@ int require_class(int pass)
if ((datum = calloc(1, sizeof(*datum))) == NULL ||
symtab_init(&datum->permissions, PERM_SYMTAB_SIZE)) {
yyerror("Out of memory!");
goto cleanup;
return -1;
}
ret =
require_symbol(SYM_CLASSES, class_id, datum, &datum->s.value,
&datum->s.value);
switch (ret) {
case -3:{
if (ret < 0) {
print_error_msg(ret, SYM_CLASSES);
free(class_id);
class_datum_destroy(datum);
return -1;
}
if (ret == 0) {
/* a new class was added; reindex everything */
if (policydb_index_classes(policydbp)) {
yyerror("Out of memory!");
free(class_id);
class_datum_destroy(datum);
goto cleanup;
}
case -2:{
yyerror("duplicate declaration of class");
free(class_id);
class_datum_destroy(datum);
goto cleanup;
}
case -1:{
yyerror("could not require class here");
free(class_id);
class_datum_destroy(datum);
goto cleanup;
}
case 0:{
/* a new class was added; reindex everything */
if (policydb_index_classes(policydbp)) {
yyerror("Out of memory!");
goto cleanup;
}
break;
}
case 1:{
class_datum_destroy(datum);
datum =
hashtab_search(policydbp->p_classes.table,
class_id);
assert(datum); /* the class datum should have existed */
free(class_id);
break;
}
default:{
abort(); /* should never get here */
return -1;
}
} else {
class_datum_destroy(datum);
datum = hashtab_search(policydbp->p_classes.table, class_id);
assert(datum); /* the class datum should have existed */
free(class_id);
}
/* now add each of the permissions to this class's requirements */
@ -908,13 +876,13 @@ int require_class(int pass)
("Base policy - require of permission %s without prior declaration.",
perm_id);
free(perm_id);
goto cleanup;
return -1;
}
allocated = 1;
if ((perm = malloc(sizeof(*perm))) == NULL) {
yyerror("Out of memory!");
free(perm_id);
goto cleanup;
return -1;
}
memset(perm, 0, sizeof(*perm));
ret =
@ -924,14 +892,14 @@ int require_class(int pass)
yyerror("Out of memory!");
free(perm_id);
free(perm);
goto cleanup;
return -1;
}
perm->s.value = datum->permissions.nprim + 1;
}
if (add_perm_to_class(perm->s.value, datum->s.value) == -1) {
yyerror("Out of memory!");
goto cleanup;
return -1;
}
/* Update number of primitives if we allocated one. */
@ -939,8 +907,6 @@ int require_class(int pass)
datum->permissions.nprim++;
}
return 0;
cleanup:
return -1;
}
static int require_role_or_attribute(int pass, unsigned char isattr)
@ -1065,30 +1031,13 @@ static int require_bool_tunable(int pass, int is_tunable)
&booldatum->s.value, &booldatum->s.value);
if (retval != 0) {
cond_destroy_bool(id, booldatum, NULL);
}
switch (retval) {
case -3:{
yyerror("Out of memory!");
if (retval < 0) {
print_error_msg(retval, SYM_BOOLS);
return -1;
}
case -2:{
yyerror("duplicate declaration of boolean");
return -1;
}
case -1:{
yyerror("could not require boolean here");
return -1;
}
case 0:{
return 0;
}
case 1:{
return 0; /* boolean already required */
}
default:{
abort(); /* should never get here */
}
}
return 0;
}
int require_bool(int pass)
@ -1138,30 +1087,13 @@ int require_sens(int pass)
free(level->level);
level_datum_destroy(level);
free(level);
}
switch (retval) {
case -3:{
yyerror("Out of memory!");
if (retval < 0) {
print_error_msg(retval, SYM_LEVELS);
return -1;
}
case -2:{
yyerror("duplicate declaration of sensitivity");
return -1;
}
case -1:{
yyerror("could not require sensitivity here");
return -1;
}
case 0:{
return 0;
}
case 1:{
return 0; /* sensitivity already required */
}
default:{
abort(); /* should never get here */
}
}
return 0;
}
int require_cat(int pass)
@ -1191,30 +1123,13 @@ int require_cat(int pass)
free(id);
cat_datum_destroy(cat);
free(cat);
}
switch (retval) {
case -3:{
yyerror("Out of memory!");
if (retval < 0) {
print_error_msg(retval, SYM_CATS);
return -1;
}
case -2:{
yyerror("duplicate declaration of category");
return -1;
}
case -1:{
yyerror("could not require category here");
return -1;
}
case 0:{
return 0;
}
case 1:{
return 0; /* category already required */
}
default:{
abort(); /* should never get here */
}
}
return 0;
}
static int is_scope_in_stack(scope_datum_t * scope, scope_stack_t * stack)