On Fri, Jun 21, 2019 at 6:10 PM Richard Haines
<richard_c_haines@xxxxxxxxxxxxxx> wrote:
>
> Remove legacy local boolean and user code, and to preserve API/ABI
> compatibility the following functions int values should be set to '0'
> as they are no longer used:
> selinux_mkload_policy(int preservebools)
> security_set_boolean_list(.... int permanent)
> and the following are now no-op and return '-1':
> security_load_booleans()
> sepol_genusers()
> sepol_set_delusers()
> sepol_genbools()
> sepol_genbools_array()
> and these still return their paths for compatibility, however they are
> marked as deprecated:
> selinux_booleans_path()
> selinux_users_path()
>
> These have been removed as they are local functions only:
> sepol_genusers_policydb()
> sepol_genbools_policydb()
>
> Also "SETLOCALDEFS" removed from SELinux config file and code.
>
> Signed-off-by: Richard Haines <richard_c_haines@xxxxxxxxxxxxxx>
[...]
> diff --git a/libsepol/src/deprecated_funcs.c b/libsepol/src/deprecated_funcs.c
> new file mode 100644
> index 00000000..08121c2c
> --- /dev/null
> +++ b/libsepol/src/deprecated_funcs.c
> @@ -0,0 +1,50 @@
> +#include <stdio.h>
> +#include "debug.h"
> +
> +/*
> + * Need to keep these stubs for the libsepol interfaces exported in
> + * libsepol.map.in, as they are part of the shared library ABI.
> + */
> +
> +static const char *msg = "Deprecated interface";
> +
> +/*
> + * These two functions are deprecated and referenced in:
> + * include/libsepol/users.h
> + */
> +int sepol_genusers(void *data __attribute((unused)),
> + size_t len __attribute((unused)),
> + const char *usersdir __attribute((unused)),
> + void **newdata __attribute((unused)),
> + size_t *newlen __attribute((unused)))
> +{
> + WARN(NULL, msg);
> + return -1;
> +}
> +
> +void sepol_set_delusers(int on __attribute((unused)))
> +{
> + WARN(NULL, msg);
> +}
> +
> +/*
> + * These two functions are deprecated and referenced in:
> + * include/libsepol/booleans.h
> + */
> +int sepol_genbools(void *data __attribute((unused)),
> + size_t len __attribute((unused)),
> + const char *booleans __attribute((unused)))
> +{
> + WARN(NULL, msg);
> + return -1;
> +}
> +
> +int sepol_genbools_array(void *data __attribute((unused)),
> + size_t len __attribute((unused)),
> + char **names __attribute((unused)),
> + int *values __attribute((unused)),
> + int nel __attribute((unused)))
> +{
> + WARN(NULL, msg);
> + return -1;
> +}
Hello,
While testing these patches, I encountered an build error with the WARN:
deprecated_funcs.c:21:2: error: format not a string literal and no
format arguments [-Werror=format-security]
WARN(NULL, msg);
^
gcc and clang do not seems to be smart enough to use the fact that
"msg" is a constant literal string. Could you please fix this, for
example by repeating the message directly in the functions, or by
defining a macro instead of a constant variable, or by using
WARN(NULL, "%s", msg)?
Thanks,
Nicolas
