mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-12 00:55:03 +00:00
120681c1a3
Several static analyzers (clang's one, Facebook Infer, etc.) warn about NULL pointer dereferences after a call to CU_ASSERT_PTR_NOT_NULL_FATAL() in the test code written using CUnit framework. This is because this CUnit macro is too complex for them to understand that the pointer cannot be NULL: it is translated to a call to CU_assertImplementation() with an argument as TRUE in order to mean that the call is fatal if the asserted condition failed (cf. http://cunit.sourceforge.net/doxdocs/group__Framework.html). A possible solution could consist in replacing the CU_ASSERT_..._FATAL() calls by assert() ones, as most static analyzers know about assert(). Nevertheless this seems to go against CUnit's API. An alternative solution consists in overriding CU_ASSERT_..._FATAL() macros in order to expand to assert() after a call to the matching CU_ASSERT_...() non-fatal macro. This appears to work fine and to remove many false-positive warnings from various static analyzers. As this substitution should only occur when using static analyzer, put it under #ifdef __CHECKER__, which is the macro used by sparse when analyzing the Linux kernel. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
75 lines
2.3 KiB
C
75 lines
2.3 KiB
C
/*
|
|
* Authors: Chad Sellers <csellers@tresys.com>
|
|
* Joshua Brindle <jbrindle@tresys.com>
|
|
* Chris PeBenito <cpebenito@tresys.com>
|
|
*
|
|
* Copyright (C) 2006 Tresys Technology, LLC
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|
*/
|
|
|
|
#include "test-expander-users.h"
|
|
#include "helpers.h"
|
|
|
|
#include <sepol/policydb/policydb.h>
|
|
#include <CUnit/Basic.h>
|
|
#include <stdlib.h>
|
|
|
|
extern policydb_t user_expanded;
|
|
|
|
static void check_user_roles(policydb_t * p, const char *user_name, const char **role_names, int num_roles)
|
|
{
|
|
user_datum_t *user;
|
|
ebitmap_node_t *tnode;
|
|
unsigned int i;
|
|
int j;
|
|
unsigned char *found; /* array of booleans of roles found */
|
|
int extra = 0; /* number of extra roles found */
|
|
|
|
user = (user_datum_t *) hashtab_search(p->p_users.table, user_name);
|
|
if (!user) {
|
|
printf("%s not found\n", user_name);
|
|
CU_FAIL("user not found");
|
|
return;
|
|
}
|
|
found = calloc(num_roles, sizeof(unsigned char));
|
|
CU_ASSERT_FATAL(found != NULL);
|
|
ebitmap_for_each_positive_bit(&user->roles.roles, tnode, i) {
|
|
extra++;
|
|
for (j = 0; j < num_roles; j++) {
|
|
if (strcmp(role_names[j], p->p_role_val_to_name[i]) == 0) {
|
|
extra--;
|
|
found[j] += 1;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
for (j = 0; j < num_roles; j++) {
|
|
if (found[j] != 1) {
|
|
printf("role %s associated with user %s %d times\n", role_names[j], user_name, found[j]);
|
|
CU_FAIL("user mapping failure\n");
|
|
}
|
|
}
|
|
free(found);
|
|
CU_ASSERT_EQUAL(extra, 0);
|
|
}
|
|
|
|
void test_expander_user_mapping(void)
|
|
{
|
|
const char *roles1[] = { "user_check_1_1_r", "user_check_1_2_r" };
|
|
|
|
check_user_roles(&user_expanded, "user_check_1", roles1, 2);
|
|
}
|