[PATCH 1/3] policycoreutils: sepolicy: rename policy global variable

[PATCH 1/3] policycoreutils: sepolicy: rename policy global variable

[Nicolas Iooss]

Variable policy is both a global variable and a parameter to some
functions in policycoreutils/sepolicy/search.c.  This makes the building
fail when using -Wshadow -Werror compilation flags.

Fix this by renaming the global variable global_policy.  This does not
change the API of the Python module.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 policycoreutils/sepolicy/info.c   | 20 ++++++++++----------
 policycoreutils/sepolicy/policy.c | 10 +++++-----
 policycoreutils/sepolicy/policy.h |  2 +-
 policycoreutils/sepolicy/search.c | 26 +++++++++++++-------------
 4 files changed, 29 insertions(+), 29 deletions(-)

diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
index 17f5732f2d5c..bbb6844d0b5a 100644
--- a/policycoreutils/sepolicy/info.c
+++ b/policycoreutils/sepolicy/info.c
@@ -1318,31 +1318,31 @@ PyObject* info( int type, const char *name)
 	switch(type) {
 	/* display requested info */
 	case TYPE:
-		output = get_types(name, policy);
+		output = get_types(name, global_policy);
 		break;
 	case ATTRIBUTE:
-		output = get_attribs(name, policy);
+		output = get_attribs(name, global_policy);
 		break;
 	case ROLE:
-		output = get_roles(name, policy);
+		output = get_roles(name, global_policy);
 		break;
 	case USER:
-		output = get_users(name, policy);
+		output = get_users(name, global_policy);
 		break;
 	case CLASS:
-		output = get_classes(name, policy);
+		output = get_classes(name, global_policy);
 		break;
 	case BOOLEAN:
-		output = get_booleans(name, policy);
+		output = get_booleans(name, global_policy);
 		break;
 	case PORT:
-		output = get_ports(name, policy);
+		output = get_ports(name, global_policy);
 		break;
 	case SENS:
-		output = get_sens(name, policy);
+		output = get_sens(name, global_policy);
 		break;
 	case CATS:
-		output = get_cats(name, policy);
+		output = get_cats(name, global_policy);
 		break;
 	default:
 		errno = EINVAL;
@@ -1357,7 +1357,7 @@ PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
     int type;
     const char *name;
     
-    if (!policy) {
+    if (!global_policy) {
 	    PyErr_SetString(PyExc_RuntimeError,"Policy not loaded");
 	    return NULL;
     }
diff --git a/policycoreutils/sepolicy/policy.c b/policycoreutils/sepolicy/policy.c
index 2a9e1c7cc7a8..b7e3536f7314 100644
--- a/policycoreutils/sepolicy/policy.c
+++ b/policycoreutils/sepolicy/policy.c
@@ -33,7 +33,7 @@
 #endif
 
 #include "policy.h"
-apol_policy_t *policy = NULL;
+apol_policy_t *global_policy = NULL;
 
 /* other */
 #include <errno.h>
@@ -53,8 +53,8 @@ PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){
     if (!PyArg_ParseTuple(args, "z", &policy_file))
 	    return NULL;
 
-    if (policy) 
-	    apol_policy_destroy(&policy);
+    if (global_policy)
+	    apol_policy_destroy(&global_policy);
 
     int policy_load_options = 0;
 	    
@@ -66,9 +66,9 @@ PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){
     }
     apol_vector_destroy(&mod_paths);
     
-    policy = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
+    global_policy = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
     apol_policy_path_destroy(&pol_path);
-    if (!policy) {
+    if (!global_policy) {
 	    PyErr_SetString(PyExc_RuntimeError,strerror(errno));
 	    return NULL;
     }
diff --git a/policycoreutils/sepolicy/policy.h b/policycoreutils/sepolicy/policy.h
index d59452a81485..ffac497dccd0 100644
--- a/policycoreutils/sepolicy/policy.h
+++ b/policycoreutils/sepolicy/policy.h
@@ -1,5 +1,5 @@
 #include <apol/policy.h>
-extern apol_policy_t *policy;
+extern apol_policy_t *global_policy;
 extern PyObject *wrap_info(PyObject *self, PyObject *args);
 extern void init_info (PyObject *m);
 extern PyObject *wrap_search(PyObject *self, PyObject *args);
diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
index d9a5aec60c89..d608006d4469 100644
--- a/policycoreutils/sepolicy/search.c
+++ b/policycoreutils/sepolicy/search.c
@@ -914,23 +914,23 @@ PyObject* search(bool allow,
 		cmd_opts.perm_vector = apol_vector_create(free);
 		cmd_opts.permlist = strdup(permlist);
 	}
-	if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
-		if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) {
+	if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) {
+		if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(global_policy))) {
 			PyErr_SetString(PyExc_RuntimeError,"Query failed");
 			goto cleanup;
 		}
 	}
 
 	/* if syntactic rules are not available always do semantic search */
-	if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
+	if (!qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) {
 		cmd_opts.semantic = 1;
 	}
 
 	/* supress line numbers if doing semantic search or not available */
-	if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) {
+	if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_LINE_NUMBERS)) {
 		cmd_opts.lineno = 0;
 	}
-	if (perform_av_query(policy, &cmd_opts, &v)) {
+	if (perform_av_query(global_policy, &cmd_opts, &v)) {
 		goto cleanup;
 	}
 	output = PyList_New(0);
@@ -938,36 +938,36 @@ PyObject* search(bool allow,
 		goto cleanup;
 
 	if (v) {
-		get_av_results(policy, v, output);
+		get_av_results(global_policy, v, output);
 	}
 
 	apol_vector_destroy(&v);
-	if (perform_te_query(policy, &cmd_opts, &v)) {
+	if (perform_te_query(global_policy, &cmd_opts, &v)) {
 		goto cleanup;
 	}
 	if (v) {
-		get_te_results(policy, v, output);
+		get_te_results(global_policy, v, output);
 	}
 
 	if (cmd_opts.all || cmd_opts.type) {
 		apol_vector_destroy(&v);
-		if (perform_ft_query(policy, &cmd_opts, &v)) {
+		if (perform_ft_query(global_policy, &cmd_opts, &v)) {
 			goto cleanup;
 		}
 
 		if (v) {
-			get_ft_results(policy, v, output);
+			get_ft_results(global_policy, v, output);
 		}
 	}
 
 	if (cmd_opts.all || cmd_opts.role_allow) {
 		apol_vector_destroy(&v);
-		if (perform_ra_query(policy, &cmd_opts, &v)) {
+		if (perform_ra_query(global_policy, &cmd_opts, &v)) {
 			goto cleanup;
 		}
 
 		if (v) {
-			get_ra_results(policy, v, output);
+			get_ra_results(global_policy, v, output);
 		}
 	}
 
@@ -1016,7 +1016,7 @@ PyObject *wrap_search(PyObject *UNUSED(self), PyObject *args){
     int transition = Dict_ContainsInt(dict, "transition");
     int role_allow = Dict_ContainsInt(dict, "role_allow");
 
-    if (!policy) {
+    if (!global_policy) {
 	    PyErr_SetString(PyExc_RuntimeError,"Policy not loaded");
 	    return NULL;
     }
-- 
2.7.0

[PATCH 2/3] policycoreutils: sepolicy: do not overwrite CFLAGS

[Nicolas Iooss]

sepolicy Makefile overwrites CFLAGS value, which prevents compiling its
Python module with custom compilation flags.  Modify it to append flags
to CFLAGS instead, like other policycoreutils programs do.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 policycoreutils/sepolicy/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/policycoreutils/sepolicy/Makefile b/policycoreutils/sepolicy/Makefile
index 45edb0c2a499..099a8a057fe1 100644
--- a/policycoreutils/sepolicy/Makefile
+++ b/policycoreutils/sepolicy/Makefile
@@ -11,7 +11,7 @@ MANDIR ?= $(PREFIX)/share/man
 LOCALEDIR ?= /usr/share/locale
 BASHCOMPLETIONDIR ?= $(DESTDIR)/usr/share/bash-completion/completions
 SHAREDIR ?= $(PREFIX)/share/sandbox
-override CFLAGS = -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
+override CFLAGS += -I$(PREFIX)/include -DPACKAGE="policycoreutils" -Wall -Werror -Wextra -W  -DSHARED -shared
 
 BASHCOMPLETIONS=sepolicy-bash-completion.sh
 
-- 
2.7.0

[PATCH 3/3] libsemanage: tests: do not overwrite CFLAGS and LDFLAGS

[Nicolas Iooss]

libsemanage/tests/Makefile currently overwrites CFLAGS and LDFLAGS
contents.  This makes building with custom flags (e.g. with address
sanitizer) harder.  Append flags to these variables instead.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsemanage/tests/Makefile | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 59067acc6ab4..fec96ffd282b 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -11,9 +11,9 @@ LIBS = ../src/libsemanage.a ../../libselinux/src/libselinux.a ../../libsepol/src
 
 EXECUTABLE = libsemanage-tests
 CC = gcc
-CFLAGS = -c -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
+CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
 INCLUDE = -I$(TESTSRC) -I$(TESTSRC)/../include
-LDFLAGS = -lcunit -lustr -lbz2 -laudit
+LDFLAGS += -lcunit -lustr -lbz2 -laudit
 OBJECTS = $(SOURCES:.c=.o) 
 
 all: $(EXECUTABLE) 
@@ -22,7 +22,7 @@ $(EXECUTABLE): $(OBJECTS)
 	$(CC) $(OBJECTS) $(LIBS) $(LDFLAGS) -o $@
 
 %.o: %.c
-	$(CC) $(CFLAGS) $(INCLUDE) $*.c -o $*.o
+	$(CC) $(CFLAGS) $(INCLUDE) -c $*.c -o $*.o
 
 clean distclean: 
 	rm -rf $(OBJECTS) $(EXECUTABLE)
-- 
2.7.0

Re: [PATCH 1/3] policycoreutils: sepolicy: rename policy global variable

[Steve Lawrence]

On 02/05/2016 03:55 PM, Nicolas Iooss wrote:
> Variable policy is both a global variable and a parameter to some
> functions in policycoreutils/sepolicy/search.c.  This makes the building
> fail when using -Wshadow -Werror compilation flags.
> 
> Fix this by renaming the global variable global_policy.  This does not
> change the API of the Python module.
> 
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Patchset applied, with a small change in 2/3 to split CFLAGS in two, one
with the warning flags, and one with the necessary additional CFLAGS.
This matches the style of other makefiles.


Thanks!

> ---
>  policycoreutils/sepolicy/info.c   | 20 ++++++++++----------
>  policycoreutils/sepolicy/policy.c | 10 +++++-----
>  policycoreutils/sepolicy/policy.h |  2 +-
>  policycoreutils/sepolicy/search.c | 26 +++++++++++++-------------
>  4 files changed, 29 insertions(+), 29 deletions(-)
> 
> diff --git a/policycoreutils/sepolicy/info.c b/policycoreutils/sepolicy/info.c
> index 17f5732f2d5c..bbb6844d0b5a 100644
> --- a/policycoreutils/sepolicy/info.c
> +++ b/policycoreutils/sepolicy/info.c
> @@ -1318,31 +1318,31 @@ PyObject* info( int type, const char *name)
>  	switch(type) {
>  	/* display requested info */
>  	case TYPE:
> -		output = get_types(name, policy);
> +		output = get_types(name, global_policy);
>  		break;
>  	case ATTRIBUTE:
> -		output = get_attribs(name, policy);
> +		output = get_attribs(name, global_policy);
>  		break;
>  	case ROLE:
> -		output = get_roles(name, policy);
> +		output = get_roles(name, global_policy);
>  		break;
>  	case USER:
> -		output = get_users(name, policy);
> +		output = get_users(name, global_policy);
>  		break;
>  	case CLASS:
> -		output = get_classes(name, policy);
> +		output = get_classes(name, global_policy);
>  		break;
>  	case BOOLEAN:
> -		output = get_booleans(name, policy);
> +		output = get_booleans(name, global_policy);
>  		break;
>  	case PORT:
> -		output = get_ports(name, policy);
> +		output = get_ports(name, global_policy);
>  		break;
>  	case SENS:
> -		output = get_sens(name, policy);
> +		output = get_sens(name, global_policy);
>  		break;
>  	case CATS:
> -		output = get_cats(name, policy);
> +		output = get_cats(name, global_policy);
>  		break;
>  	default:
>  		errno = EINVAL;
> @@ -1357,7 +1357,7 @@ PyObject *wrap_info(PyObject *UNUSED(self), PyObject *args){
>      int type;
>      const char *name;
>      
> -    if (!policy) {
> +    if (!global_policy) {
>  	    PyErr_SetString(PyExc_RuntimeError,"Policy not loaded");
>  	    return NULL;
>      }
> diff --git a/policycoreutils/sepolicy/policy.c b/policycoreutils/sepolicy/policy.c
> index 2a9e1c7cc7a8..b7e3536f7314 100644
> --- a/policycoreutils/sepolicy/policy.c
> +++ b/policycoreutils/sepolicy/policy.c
> @@ -33,7 +33,7 @@
>  #endif
>  
>  #include "policy.h"
> -apol_policy_t *policy = NULL;
> +apol_policy_t *global_policy = NULL;
>  
>  /* other */
>  #include <errno.h>
> @@ -53,8 +53,8 @@ PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){
>      if (!PyArg_ParseTuple(args, "z", &policy_file))
>  	    return NULL;
>  
> -    if (policy) 
> -	    apol_policy_destroy(&policy);
> +    if (global_policy)
> +	    apol_policy_destroy(&global_policy);
>  
>      int policy_load_options = 0;
>  	    
> @@ -66,9 +66,9 @@ PyObject *wrap_policy(PyObject *UNUSED(self), PyObject *args){
>      }
>      apol_vector_destroy(&mod_paths);
>      
> -    policy = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
> +    global_policy = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
>      apol_policy_path_destroy(&pol_path);
> -    if (!policy) {
> +    if (!global_policy) {
>  	    PyErr_SetString(PyExc_RuntimeError,strerror(errno));
>  	    return NULL;
>      }
> diff --git a/policycoreutils/sepolicy/policy.h b/policycoreutils/sepolicy/policy.h
> index d59452a81485..ffac497dccd0 100644
> --- a/policycoreutils/sepolicy/policy.h
> +++ b/policycoreutils/sepolicy/policy.h
> @@ -1,5 +1,5 @@
>  #include <apol/policy.h>
> -extern apol_policy_t *policy;
> +extern apol_policy_t *global_policy;
>  extern PyObject *wrap_info(PyObject *self, PyObject *args);
>  extern void init_info (PyObject *m);
>  extern PyObject *wrap_search(PyObject *self, PyObject *args);
> diff --git a/policycoreutils/sepolicy/search.c b/policycoreutils/sepolicy/search.c
> index d9a5aec60c89..d608006d4469 100644
> --- a/policycoreutils/sepolicy/search.c
> +++ b/policycoreutils/sepolicy/search.c
> @@ -914,23 +914,23 @@ PyObject* search(bool allow,
>  		cmd_opts.perm_vector = apol_vector_create(free);
>  		cmd_opts.permlist = strdup(permlist);
>  	}
> -	if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
> -		if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) {
> +	if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) {
> +		if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(global_policy))) {
>  			PyErr_SetString(PyExc_RuntimeError,"Query failed");
>  			goto cleanup;
>  		}
>  	}
>  
>  	/* if syntactic rules are not available always do semantic search */
> -	if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
> +	if (!qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_SYN_RULES)) {
>  		cmd_opts.semantic = 1;
>  	}
>  
>  	/* supress line numbers if doing semantic search or not available */
> -	if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) {
> +	if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(global_policy), QPOL_CAP_LINE_NUMBERS)) {
>  		cmd_opts.lineno = 0;
>  	}
> -	if (perform_av_query(policy, &cmd_opts, &v)) {
> +	if (perform_av_query(global_policy, &cmd_opts, &v)) {
>  		goto cleanup;
>  	}
>  	output = PyList_New(0);
> @@ -938,36 +938,36 @@ PyObject* search(bool allow,
>  		goto cleanup;
>  
>  	if (v) {
> -		get_av_results(policy, v, output);
> +		get_av_results(global_policy, v, output);
>  	}
>  
>  	apol_vector_destroy(&v);
> -	if (perform_te_query(policy, &cmd_opts, &v)) {
> +	if (perform_te_query(global_policy, &cmd_opts, &v)) {
>  		goto cleanup;
>  	}
>  	if (v) {
> -		get_te_results(policy, v, output);
> +		get_te_results(global_policy, v, output);
>  	}
>  
>  	if (cmd_opts.all || cmd_opts.type) {
>  		apol_vector_destroy(&v);
> -		if (perform_ft_query(policy, &cmd_opts, &v)) {
> +		if (perform_ft_query(global_policy, &cmd_opts, &v)) {
>  			goto cleanup;
>  		}
>  
>  		if (v) {
> -			get_ft_results(policy, v, output);
> +			get_ft_results(global_policy, v, output);
>  		}
>  	}
>  
>  	if (cmd_opts.all || cmd_opts.role_allow) {
>  		apol_vector_destroy(&v);
> -		if (perform_ra_query(policy, &cmd_opts, &v)) {
> +		if (perform_ra_query(global_policy, &cmd_opts, &v)) {
>  			goto cleanup;
>  		}
>  
>  		if (v) {
> -			get_ra_results(policy, v, output);
> +			get_ra_results(global_policy, v, output);
>  		}
>  	}
>  
> @@ -1016,7 +1016,7 @@ PyObject *wrap_search(PyObject *UNUSED(self), PyObject *args){
>      int transition = Dict_ContainsInt(dict, "transition");
>      int role_allow = Dict_ContainsInt(dict, "role_allow");
>  
> -    if (!policy) {
> +    if (!global_policy) {
>  	    PyErr_SetString(PyExc_RuntimeError,"Policy not loaded");
>  	    return NULL;
>      }
>