[PATCH 3/3] libsepol: enclose macro parameters and replacement lists in parentheses

Christian Göttsche <cgzones@xxxxxxxxxxxxxx> · Wed, 13 Jul 2022 15:43:43 +0200

Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
 libsepol/include/sepol/errcodes.h          | 13 ++++++-------
 libsepol/include/sepol/policydb/policydb.h | 10 +++++-----
 libsepol/src/kernel_to_cil.c               |  2 +-
 libsepol/src/module_to_cil.c               |  2 +-
 libsepol/src/util.c                        |  2 +-
 5 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/libsepol/include/sepol/errcodes.h b/libsepol/include/sepol/errcodes.h
index 6e9ff316..e5fe71e3 100644
--- a/libsepol/include/sepol/errcodes.h
+++ b/libsepol/include/sepol/errcodes.h
@@ -16,15 +16,14 @@ extern "C" {
  * codes that don't map to system error codes should be defined
  * outside of the range of system error codes.
  */
-#define SEPOL_ERR            -1
-#define SEPOL_ENOTSUP        -2  /* feature not supported in module language */
-#define SEPOL_EREQ           -3  /* requirements not met */
+#define SEPOL_ERR            (-1)
+#define SEPOL_ENOTSUP        (-2)  /* feature not supported in module language */
+#define SEPOL_EREQ           (-3)  /* requirements not met */
 
 /* Error codes that map to system error codes */
-#define SEPOL_ENOMEM         -ENOMEM
-#define SEPOL_ERANGE         -ERANGE
-#define SEPOL_EEXIST         -EEXIST
-#define SEPOL_ENOENT         -ENOENT
+#define SEPOL_ENOMEM         (-ENOMEM)
+#define SEPOL_EEXIST         (-EEXIST)
+#define SEPOL_ENOENT         (-ENOENT)
 
 #ifdef __cplusplus
 }
diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
index de0068a6..ef1a014a 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -251,9 +251,9 @@ typedef struct class_perm_node {
 	struct class_perm_node *next;
 } class_perm_node_t;
 
-#define xperm_test(x, p) (UINT32_C(1) & (p[x >> 5] >> (x & 0x1f)))
-#define xperm_set(x, p) (p[x >> 5] |= (UINT32_C(1) << (x & 0x1f)))
-#define xperm_clear(x, p) (p[x >> 5] &= ~(UINT32_C(1) << (x & 0x1f)))
+#define xperm_test(x, p) (UINT32_C(1) & ((p)[(x) >> 5] >> ((x) & 0x1f)))
+#define xperm_set(x, p) ((p)[(x) >> 5] |= (UINT32_C(1) << ((x) & 0x1f)))
+#define xperm_clear(x, p) ((p)[(x) >> 5] &= ~(UINT32_C(1) << ((x) & 0x1f)))
 #define EXTENDED_PERMS_LEN 8
 
 typedef struct av_extended_perms {
@@ -795,9 +795,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
 
 #define policydb_has_boundary_feature(p)			\
 	(((p)->policy_type == POLICY_KERN			\
-	  && p->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
+	  && (p)->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
 	 ((p)->policy_type != POLICY_KERN			\
-	  && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
+	  && (p)->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
 
 /* the config flags related to unknown classes/perms are bits 2 and 3 */
 #define DENY_UNKNOWN	SEPOL_DENY_UNKNOWN
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 9128ac55..5a1336a3 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -1626,7 +1626,7 @@ exit:
 	return rc;
 }
 
-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
 
 static char *xperms_to_str(avtab_extended_perms_t *xperms)
 {
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index b35bf055..b900290a 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -624,7 +624,7 @@ exit:
 	return rc;
 }
 
-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
 
 static int xperms_to_cil(const av_extended_perms_t *xperms)
 {
diff --git a/libsepol/src/util.c b/libsepol/src/util.c
index 1cd1308d..0a2edc85 100644
--- a/libsepol/src/util.c
+++ b/libsepol/src/util.c
@@ -124,7 +124,7 @@ char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
 	return avbuf;
 }
 
-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
+#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
 
 char *sepol_extended_perms_to_string(avtab_extended_perms_t *xperms)
 {
-- 
2.36.1







