Re: [PATCH 15/15] checkpolicy: misc policy_define.c cleanup

[James Carter <jwcart2@xxxxxxxxx>]

On Mon, Jan 22, 2024 at 9:02 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> Sync function parameter names.
>
> Drop superfluous return value.
>
>   The function avrule_merge_ioctls() has no failure conditions and
>   always returns 0.
>
> Drop duplicate include.
>
> Use native type for ranges.
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Acked-by: James Carter <jwcart2@xxxxxxxxx>

> ---
>  checkpolicy/policy_define.c | 27 ++++++++++++---------------
>  checkpolicy/policy_define.h |  2 +-
>  2 files changed, 13 insertions(+), 16 deletions(-)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index cd49cae3..79d67a78 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -44,7 +44,6 @@
>  #define IPPROTO_SCTP 132
>  #endif
>  #include <arpa/inet.h>
> -#include <stdlib.h>
>  #include <limits.h>
>  #include <inttypes.h>
>  #include <ctype.h>
> @@ -1096,7 +1095,7 @@ int define_level(void)
>
>         while ((id = queue_remove(id_queue))) {
>                 cat_datum_t *cdatum;
> -               int range_start, range_end, i;
> +               uint32_t range_start, range_end, i;
>
>                 if (id_has_dot(id)) {
>                         char *id_start = id;
> @@ -1932,7 +1931,7 @@ error:
>         return -1;
>  }
>
> -static int avrule_merge_ioctls(struct av_ioctl_range_list **rangehead)
> +static void avrule_merge_ioctls(struct av_ioctl_range_list **rangehead)
>  {
>         struct av_ioctl_range_list *r, *tmp;
>         r = *rangehead;
> @@ -1949,7 +1948,6 @@ static int avrule_merge_ioctls(struct av_ioctl_range_list **rangehead)
>                 }
>                 r = r->next;
>         }
> -       return 0;
>  }
>
>  static int avrule_read_ioctls(struct av_ioctl_range_list **rangehead)
> @@ -2070,8 +2068,7 @@ static int avrule_ioctl_ranges(struct av_ioctl_range_list **rangelist)
>         /* sort and merge the input ioctls */
>         if (avrule_sort_ioctls(&rangehead))
>                 return -1;
> -       if (avrule_merge_ioctls(&rangehead))
> -               return -1;
> +       avrule_merge_ioctls(&rangehead);
>         /* flip ranges if these are omitted */
>         if (omit) {
>                 if (avrule_omit_ioctls(&rangehead))
> @@ -3854,7 +3851,7 @@ uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2)
>         return 0;
>  }
>
> -int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
> +int define_conditional(cond_expr_t * expr, avrule_t * t_list, avrule_t * f_list)
>  {
>         cond_expr_t *e;
>         int depth, booleans, tunables;
> @@ -3866,15 +3863,15 @@ int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
>                 yyerror("illegal conditional expression");
>                 return -1;
>         }
> -       if (!t) {
> -               if (!f) {
> +       if (!t_list) {
> +               if (!f_list) {
>                         /* empty is fine, destroy expression and return */
>                         cond_expr_destroy(expr);
>                         return 0;
>                 }
>                 /* Invert */
> -               t = f;
> -               f = 0;
> +               t_list = f_list;
> +               f_list = NULL;
>                 expr = define_cond_expr(COND_NOT, expr, 0);
>                 if (!expr) {
>                         yyerror("unable to invert conditional expression");
> @@ -3940,8 +3937,8 @@ int define_conditional(cond_expr_t * expr, avrule_t * t, avrule_t * f)
>         /*  use tmp conditional node to partially build new node */
>         memset(&cn, 0, sizeof(cn));
>         cn.expr = expr;
> -       cn.avtrue_list = t;
> -       cn.avfalse_list = f;
> +       cn.avtrue_list = t_list;
> +       cn.avfalse_list = f_list;
>
>         /* normalize/precompute expression */
>         if (cond_normalize_expr(policydbp, &cn) < 0) {
> @@ -4117,7 +4114,7 @@ static int set_user_roles(role_set_t * set, char *id)
>  static int parse_categories(char *id, level_datum_t * levdatum, ebitmap_t * cats)
>  {
>         cat_datum_t *cdatum;
> -       int range_start, range_end, i;
> +       uint32_t range_start, range_end, i;
>
>         if (id_has_dot(id)) {
>                 char *id_start = id;
> @@ -5527,7 +5524,7 @@ static int define_genfs_context_helper(char *fstype, int has_type)
>         class_datum_t *cladatum;
>         char *type = NULL;
>         const char *sclass;
> -       int len, len2;
> +       size_t len, len2;
>
>         if (policydbp->target_platform != SEPOL_TARGET_SELINUX) {
>                 yyerror("genfs not supported for target");
> diff --git a/checkpolicy/policy_define.h b/checkpolicy/policy_define.h
> index 075b048d..bcbfe4f3 100644
> --- a/checkpolicy/policy_define.h
> +++ b/checkpolicy/policy_define.h
> @@ -13,7 +13,7 @@
>  #define FALSE 0
>
>  avrule_t *define_cond_compute_type(int which);
> -avrule_t *define_cond_pol_list(avrule_t *avlist, avrule_t *stmt);
> +avrule_t *define_cond_pol_list(avrule_t *avlist, avrule_t *sl);
>  avrule_t *define_cond_te_avtab(int which);
>  avrule_t *define_cond_filename_trans(void);
>  cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void* arg2);
> --
> 2.43.0
>
>