* [PATCH] libsepol/cil: Fix copying of declarations
@ 2025-06-30 18:52 James Carter
2025-07-03 14:35 ` James Carter
0 siblings, 1 reply; 2+ messages in thread
From: James Carter @ 2025-06-30 18:52 UTC (permalink / raw)
To: selinux; +Cc: James Carter
Commit 117e4c651e909a418e792efd7abfb90a131973de "libsepol: Allow
multiple policycap statements" has exposed problems in the copying
of declarations.
If a policycap statement is copied into a block (or other namespace)
that already has that policycap statement, then instead of creating
a new policycap struct, a pointer to the old one is returned. Later
in __cil_copy_node_helper() when cil_add_decl_to_symtab() is called,
SEPOL_EEXIST is returned and the original datum is destroyed. This
obviously causes problems later when there is an attempt to access
the orginal datum.
This problem is not just with policycap statements. A pointer to
the original datum should never be returned when copying a
declaration. For a simple declaration, a new struct should always
be created and passed to cil_add_decl_to_symtab(). It will handle
duplicate declarations properly. Either returning an error if
they are not allowed, or updating the right data structures if
they are. Also, since cil_add_decl_to_symtab() will report errors,
there is no need to check for a duplicate declaration before
calling it. For a more complex declaration which requires copying
other data as well as creating the datum, then it makes sense to
check for a duplcate declaration before doing that copy. This
applies to classpermisisons, permissionxs, catsets, levels,
levelranges, contexts, and ipaddrs.
When copying simple declarations, create a new declaration and
allow cil_add_decl_to_symtab() to handle the rest. For more
complex declarations, check for a duplicate declaration before
copying the data.
Reported-by: oss-fuzz (issues 427262638, 427271310, 427814464,
428057580, and 428041877)
Signed-off-by: James Carter <jwcart2@gmail.com>
---
libsepol/cil/src/cil_copy_ast.c | 252 +++++++++-----------------------
1 file changed, 66 insertions(+), 186 deletions(-)
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index 2911523e..172d92ff 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -170,38 +170,22 @@ int cil_copy_blockinherit(__attribute__((unused)) struct cil_db *db, void *data,
return SEPOL_OK;
}
-static int cil_copy_policycap(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+static int cil_copy_policycap(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_policycap *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
-
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_policycap *new;
- cil_policycap_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ struct cil_policycap *new;
+
+ cil_policycap_init(&new);
+ *copy = new;
return SEPOL_OK;
}
-int cil_copy_perm(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_perm(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_perm *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_perm *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_perm *new;
- cil_perm_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_perm_init(&new);
+ *copy = new;
return SEPOL_OK;
}
@@ -260,23 +244,11 @@ int cil_copy_classmapping(__attribute__((unused)) struct cil_db *db, void *data,
return SEPOL_OK;
}
-int cil_copy_class(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_class(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_class *orig = data;
- struct cil_class *new = NULL;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
-
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_class: class cannot be redefined\n");
- return SEPOL_ERR;
- }
+ struct cil_class *new;
cil_class_init(&new);
-
- new->common = NULL;
-
*copy = new;
return SEPOL_OK;
@@ -285,22 +257,20 @@ int cil_copy_class(__attribute__((unused)) struct cil_db *db, void *data, void *
int cil_copy_classpermission(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
{
struct cil_classpermission *orig = data;
- struct cil_classpermission *new = NULL;
+ struct cil_classpermission *new;
char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_symtab_datum *datum;
if (key != NULL) {
cil_symtab_get_datum(symtab, key, &datum);
if (datum != NULL) {
- cil_log(CIL_INFO, "classpermission cannot be redefined\n");
+ cil_log(CIL_ERR, "Named classpermission cannot be redefined\n");
return SEPOL_ERR;
}
}
cil_classpermission_init(&new);
-
cil_copy_classperms_list(orig->classperms, &new->classperms);
-
*copy = new;
return SEPOL_OK;
@@ -340,20 +310,12 @@ int cil_copy_classcommon(__attribute__((unused)) struct cil_db *db, void *data,
return SEPOL_OK;
}
-int cil_copy_sid(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_sid(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_sid *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_sid *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_sid *new;
- cil_sid_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_sid_init(&new);
+ *copy = new;
return SEPOL_OK;
}
@@ -377,38 +339,22 @@ int cil_copy_sidcontext(struct cil_db *db, void *data, void **copy, __attribute_
return SEPOL_OK;
}
-int cil_copy_user(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_user(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_user *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_user *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_user *new;
- cil_user_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_user_init(&new);
+ *copy = new;
return SEPOL_OK;
}
-int cil_copy_userattribute(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_userattribute(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_userattribute *orig = data;
- struct cil_userattribute *new = NULL;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_userattribute *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- cil_userattribute_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_userattribute_init(&new);
+ *copy = new;
return SEPOL_OK;
}
@@ -501,20 +447,12 @@ int cil_copy_userprefix(__attribute__((unused)) struct cil_db *db, void *data, v
return SEPOL_OK;
}
-int cil_copy_role(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_role(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_role *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_role *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_role *new;
- cil_role_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_role_init(&new);
+ *copy = new;
return SEPOL_OK;
}
@@ -534,20 +472,12 @@ int cil_copy_roletype(__attribute__((unused)) struct cil_db *db, void *data, voi
return SEPOL_OK;
}
-int cil_copy_roleattribute(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_roleattribute(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_roleattribute *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_roleattribute *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_roleattribute *new;
- cil_roleattribute_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_roleattribute_init(&new);
+ *copy = new;
return SEPOL_OK;
}
@@ -671,21 +601,11 @@ static int cil_copy_expandtypeattribute(__attribute__((unused)) struct cil_db *d
return SEPOL_OK;
}
-static int cil_copy_alias(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+static int cil_copy_alias(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_alias *orig = data;
- struct cil_alias *new = NULL;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
-
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_alias: alias cannot be redefined\n");
- return SEPOL_ERR;
- }
+ struct cil_alias *new;
cil_alias_init(&new);
-
*copy = new;
return SEPOL_OK;
@@ -768,18 +688,10 @@ int cil_copy_rangetransition(struct cil_db *db, void *data, void **copy, __attri
return SEPOL_OK;
}
-int cil_copy_bool(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_bool(__attribute__((unused)) struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
struct cil_bool *orig = data;
- struct cil_bool *new = NULL;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
-
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_bool: boolean cannot be redefined\n");
- return SEPOL_ERR;
- }
+ struct cil_bool *new;
cil_bool_init(&new);
new->value = orig->value;
@@ -788,18 +700,10 @@ int cil_copy_bool(__attribute__((unused)) struct cil_db *db, void *data, void **
return SEPOL_OK;
}
-static int cil_copy_tunable(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+static int cil_copy_tunable(__attribute__((unused)) struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
struct cil_tunable *orig = data;
- struct cil_tunable *new = NULL;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
-
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_tunable: tunable cannot be redefined\n");
- return SEPOL_ERR;
- }
+ struct cil_tunable *new;
cil_tunable_init(&new);
new->value = orig->value;
@@ -846,20 +750,18 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
static int cil_copy_permissionx(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
{
struct cil_permissionx *orig = data;
- struct cil_permissionx *new = NULL;
+ struct cil_permissionx *new;
char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
-
+ struct cil_symtab_datum *datum;
cil_symtab_get_datum(symtab, key, &datum);
if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_permissionx: permissionx cannot be redefined\n");
+ cil_log(CIL_ERR, "Permissionx cannot be redefined\n");
return SEPOL_ERR;
}
cil_permissionx_init(&new);
cil_copy_fill_permissionx(db, orig, new);
-
*copy = new;
return SEPOL_OK;
@@ -899,38 +801,22 @@ int cil_copy_type_rule(__attribute__((unused)) struct cil_db *db, void *data, vo
return SEPOL_OK;
}
-int cil_copy_sens(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_sens(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_sens *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_sens *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_sens *new;
- cil_sens_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_sens_init(&new);
+ *copy = new;
return SEPOL_OK;
}
-int cil_copy_cat(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
+int cil_copy_cat(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
{
- struct cil_cat *orig = data;
- char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_cat *new;
- cil_symtab_get_datum(symtab, key, &datum);
- if (datum == NULL) {
- struct cil_cat *new;
- cil_cat_init(&new);
- *copy = new;
- } else {
- *copy = datum;
- }
+ cil_cat_init(&new);
+ *copy = new;
return SEPOL_OK;
}
@@ -945,20 +831,18 @@ static void cil_copy_cats(struct cil_db *db, struct cil_cats *orig, struct cil_c
int cil_copy_catset(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
{
struct cil_catset *orig = data;
- struct cil_catset *new = NULL;
+ struct cil_catset *new;
char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_symtab_datum *datum;
cil_symtab_get_datum(symtab, key, &datum);
if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_catset: categoryset cannot be redefined\n");
+ cil_log(CIL_ERR, "Category set cannot be redefined\n");
return SEPOL_ERR;
}
cil_catset_init(&new);
-
cil_copy_cats(db, orig->cats, &new->cats);
-
*copy = new;
return SEPOL_OK;
@@ -994,20 +878,19 @@ void cil_copy_fill_level(struct cil_db *db, struct cil_level *orig, struct cil_l
int cil_copy_level(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
{
struct cil_level *orig = data;
- struct cil_level *new = NULL;
+ struct cil_level *new;
char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_symtab_datum *datum;
if (key != NULL) {
cil_symtab_get_datum(symtab, key, &datum);
if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_level: level cannot be redefined\n");
+ cil_log(CIL_ERR, "Named level cannot be redefined\n");
return SEPOL_ERR;
}
}
cil_copy_fill_level(db, orig, &new);
-
*copy = new;
return SEPOL_OK;
@@ -1031,21 +914,20 @@ void cil_copy_fill_levelrange(struct cil_db *db, struct cil_levelrange *data, st
int cil_copy_levelrange(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
{
struct cil_levelrange *orig = data;
- struct cil_levelrange *new = NULL;
+ struct cil_levelrange *new;
char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_symtab_datum *datum;
if (key != NULL) {
cil_symtab_get_datum(symtab, key, &datum);
if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_levelrange: levelrange cannot be redefined\n");
+ cil_log(CIL_ERR, "Named levelrange cannot be redefined\n");
return SEPOL_ERR;
}
}
cil_levelrange_init(&new);
cil_copy_fill_levelrange(db, orig, new);
-
*copy = new;
return SEPOL_OK;
@@ -1068,21 +950,20 @@ void cil_copy_fill_context(struct cil_db *db, struct cil_context *data, struct c
int cil_copy_context(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
{
struct cil_context *orig = data;
- struct cil_context *new = NULL;
+ struct cil_context *new;
char *key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_symtab_datum *datum;
if (key != NULL) {
cil_symtab_get_datum(symtab, key, &datum);
if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_context: context cannot be redefined\n");
+ cil_log(CIL_ERR, "Named context cannot be redefined\n");
return SEPOL_ERR;
}
}
cil_context_init(&new);
cil_copy_fill_context(db, orig, new);
-
*copy = new;
return SEPOL_OK;
@@ -1542,19 +1423,18 @@ void cil_copy_fill_ipaddr(struct cil_ipaddr *data, struct cil_ipaddr *new)
int cil_copy_ipaddr(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
{
struct cil_ipaddr *orig = data;
- struct cil_ipaddr *new = NULL;
+ struct cil_ipaddr *new;
char * key = orig->datum.name;
- struct cil_symtab_datum *datum = NULL;
+ struct cil_symtab_datum *datum;
cil_symtab_get_datum(symtab, key, &datum);
if (datum != NULL) {
- cil_log(CIL_INFO, "cil_copy_ipaddr: ipaddress cannot be redefined\n");
+ cil_log(CIL_ERR, "Named IP address cannot be redefined\n");
return SEPOL_ERR;
}
cil_ipaddr_init(&new);
cil_copy_fill_ipaddr(orig, new);
-
*copy = new;
return SEPOL_OK;
--
2.49.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] libsepol/cil: Fix copying of declarations
2025-06-30 18:52 [PATCH] libsepol/cil: Fix copying of declarations James Carter
@ 2025-07-03 14:35 ` James Carter
0 siblings, 0 replies; 2+ messages in thread
From: James Carter @ 2025-07-03 14:35 UTC (permalink / raw)
To: selinux
On Mon, Jun 30, 2025 at 2:52 PM James Carter <jwcart2@gmail.com> wrote:
>
> Commit 117e4c651e909a418e792efd7abfb90a131973de "libsepol: Allow
> multiple policycap statements" has exposed problems in the copying
> of declarations.
>
> If a policycap statement is copied into a block (or other namespace)
> that already has that policycap statement, then instead of creating
> a new policycap struct, a pointer to the old one is returned. Later
> in __cil_copy_node_helper() when cil_add_decl_to_symtab() is called,
> SEPOL_EEXIST is returned and the original datum is destroyed. This
> obviously causes problems later when there is an attempt to access
> the orginal datum.
>
> This problem is not just with policycap statements. A pointer to
> the original datum should never be returned when copying a
> declaration. For a simple declaration, a new struct should always
> be created and passed to cil_add_decl_to_symtab(). It will handle
> duplicate declarations properly. Either returning an error if
> they are not allowed, or updating the right data structures if
> they are. Also, since cil_add_decl_to_symtab() will report errors,
> there is no need to check for a duplicate declaration before
> calling it. For a more complex declaration which requires copying
> other data as well as creating the datum, then it makes sense to
> check for a duplcate declaration before doing that copy. This
> applies to classpermisisons, permissionxs, catsets, levels,
> levelranges, contexts, and ipaddrs.
>
> When copying simple declarations, create a new declaration and
> allow cil_add_decl_to_symtab() to handle the rest. For more
> complex declarations, check for a duplicate declaration before
> copying the data.
>
> Reported-by: oss-fuzz (issues 427262638, 427271310, 427814464,
> 428057580, and 428041877)
> Signed-off-by: James Carter <jwcart2@gmail.com>
Seeing no objection, I have merged this.
Jim
> ---
> libsepol/cil/src/cil_copy_ast.c | 252 +++++++++-----------------------
> 1 file changed, 66 insertions(+), 186 deletions(-)
>
> diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
> index 2911523e..172d92ff 100644
> --- a/libsepol/cil/src/cil_copy_ast.c
> +++ b/libsepol/cil/src/cil_copy_ast.c
> @@ -170,38 +170,22 @@ int cil_copy_blockinherit(__attribute__((unused)) struct cil_db *db, void *data,
> return SEPOL_OK;
> }
>
> -static int cil_copy_policycap(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +static int cil_copy_policycap(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_policycap *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> -
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_policycap *new;
> - cil_policycap_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + struct cil_policycap *new;
> +
> + cil_policycap_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
>
> -int cil_copy_perm(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_perm(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_perm *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_perm *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_perm *new;
> - cil_perm_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_perm_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
> @@ -260,23 +244,11 @@ int cil_copy_classmapping(__attribute__((unused)) struct cil_db *db, void *data,
> return SEPOL_OK;
> }
>
> -int cil_copy_class(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_class(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_class *orig = data;
> - struct cil_class *new = NULL;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> -
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_class: class cannot be redefined\n");
> - return SEPOL_ERR;
> - }
> + struct cil_class *new;
>
> cil_class_init(&new);
> -
> - new->common = NULL;
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -285,22 +257,20 @@ int cil_copy_class(__attribute__((unused)) struct cil_db *db, void *data, void *
> int cil_copy_classpermission(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> {
> struct cil_classpermission *orig = data;
> - struct cil_classpermission *new = NULL;
> + struct cil_classpermission *new;
> char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_symtab_datum *datum;
>
> if (key != NULL) {
> cil_symtab_get_datum(symtab, key, &datum);
> if (datum != NULL) {
> - cil_log(CIL_INFO, "classpermission cannot be redefined\n");
> + cil_log(CIL_ERR, "Named classpermission cannot be redefined\n");
> return SEPOL_ERR;
> }
> }
>
> cil_classpermission_init(&new);
> -
> cil_copy_classperms_list(orig->classperms, &new->classperms);
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -340,20 +310,12 @@ int cil_copy_classcommon(__attribute__((unused)) struct cil_db *db, void *data,
> return SEPOL_OK;
> }
>
> -int cil_copy_sid(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_sid(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_sid *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_sid *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_sid *new;
> - cil_sid_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_sid_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
> @@ -377,38 +339,22 @@ int cil_copy_sidcontext(struct cil_db *db, void *data, void **copy, __attribute_
> return SEPOL_OK;
> }
>
> -int cil_copy_user(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_user(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_user *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_user *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_user *new;
> - cil_user_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_user_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
>
> -int cil_copy_userattribute(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_userattribute(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_userattribute *orig = data;
> - struct cil_userattribute *new = NULL;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_userattribute *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - cil_userattribute_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_userattribute_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
> @@ -501,20 +447,12 @@ int cil_copy_userprefix(__attribute__((unused)) struct cil_db *db, void *data, v
> return SEPOL_OK;
> }
>
> -int cil_copy_role(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_role(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_role *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_role *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_role *new;
> - cil_role_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_role_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
> @@ -534,20 +472,12 @@ int cil_copy_roletype(__attribute__((unused)) struct cil_db *db, void *data, voi
> return SEPOL_OK;
> }
>
> -int cil_copy_roleattribute(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_roleattribute(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_roleattribute *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_roleattribute *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_roleattribute *new;
> - cil_roleattribute_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_roleattribute_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
> @@ -671,21 +601,11 @@ static int cil_copy_expandtypeattribute(__attribute__((unused)) struct cil_db *d
> return SEPOL_OK;
> }
>
> -static int cil_copy_alias(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +static int cil_copy_alias(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_alias *orig = data;
> - struct cil_alias *new = NULL;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> -
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_alias: alias cannot be redefined\n");
> - return SEPOL_ERR;
> - }
> + struct cil_alias *new;
>
> cil_alias_init(&new);
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -768,18 +688,10 @@ int cil_copy_rangetransition(struct cil_db *db, void *data, void **copy, __attri
> return SEPOL_OK;
> }
>
> -int cil_copy_bool(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_bool(__attribute__((unused)) struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> struct cil_bool *orig = data;
> - struct cil_bool *new = NULL;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> -
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_bool: boolean cannot be redefined\n");
> - return SEPOL_ERR;
> - }
> + struct cil_bool *new;
>
> cil_bool_init(&new);
> new->value = orig->value;
> @@ -788,18 +700,10 @@ int cil_copy_bool(__attribute__((unused)) struct cil_db *db, void *data, void **
> return SEPOL_OK;
> }
>
> -static int cil_copy_tunable(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +static int cil_copy_tunable(__attribute__((unused)) struct cil_db *db, void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> struct cil_tunable *orig = data;
> - struct cil_tunable *new = NULL;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> -
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_tunable: tunable cannot be redefined\n");
> - return SEPOL_ERR;
> - }
> + struct cil_tunable *new;
>
> cil_tunable_init(&new);
> new->value = orig->value;
> @@ -846,20 +750,18 @@ int cil_copy_avrule(struct cil_db *db, void *data, void **copy, __attribute__((u
> static int cil_copy_permissionx(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> {
> struct cil_permissionx *orig = data;
> - struct cil_permissionx *new = NULL;
> + struct cil_permissionx *new;
> char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> -
> + struct cil_symtab_datum *datum;
>
> cil_symtab_get_datum(symtab, key, &datum);
> if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_permissionx: permissionx cannot be redefined\n");
> + cil_log(CIL_ERR, "Permissionx cannot be redefined\n");
> return SEPOL_ERR;
> }
>
> cil_permissionx_init(&new);
> cil_copy_fill_permissionx(db, orig, new);
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -899,38 +801,22 @@ int cil_copy_type_rule(__attribute__((unused)) struct cil_db *db, void *data, vo
> return SEPOL_OK;
> }
>
> -int cil_copy_sens(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_sens(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_sens *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_sens *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_sens *new;
> - cil_sens_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_sens_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
>
> -int cil_copy_cat(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> +int cil_copy_cat(__attribute__((unused)) struct cil_db *db, __attribute__((unused)) void *data, void **copy, __attribute__((unused)) symtab_t *symtab)
> {
> - struct cil_cat *orig = data;
> - char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_cat *new;
>
> - cil_symtab_get_datum(symtab, key, &datum);
> - if (datum == NULL) {
> - struct cil_cat *new;
> - cil_cat_init(&new);
> - *copy = new;
> - } else {
> - *copy = datum;
> - }
> + cil_cat_init(&new);
> + *copy = new;
>
> return SEPOL_OK;
> }
> @@ -945,20 +831,18 @@ static void cil_copy_cats(struct cil_db *db, struct cil_cats *orig, struct cil_c
> int cil_copy_catset(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> {
> struct cil_catset *orig = data;
> - struct cil_catset *new = NULL;
> + struct cil_catset *new;
> char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_symtab_datum *datum;
>
> cil_symtab_get_datum(symtab, key, &datum);
> if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_catset: categoryset cannot be redefined\n");
> + cil_log(CIL_ERR, "Category set cannot be redefined\n");
> return SEPOL_ERR;
> }
>
> cil_catset_init(&new);
> -
> cil_copy_cats(db, orig->cats, &new->cats);
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -994,20 +878,19 @@ void cil_copy_fill_level(struct cil_db *db, struct cil_level *orig, struct cil_l
> int cil_copy_level(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> {
> struct cil_level *orig = data;
> - struct cil_level *new = NULL;
> + struct cil_level *new;
> char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_symtab_datum *datum;
>
> if (key != NULL) {
> cil_symtab_get_datum(symtab, key, &datum);
> if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_level: level cannot be redefined\n");
> + cil_log(CIL_ERR, "Named level cannot be redefined\n");
> return SEPOL_ERR;
> }
> }
>
> cil_copy_fill_level(db, orig, &new);
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -1031,21 +914,20 @@ void cil_copy_fill_levelrange(struct cil_db *db, struct cil_levelrange *data, st
> int cil_copy_levelrange(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> {
> struct cil_levelrange *orig = data;
> - struct cil_levelrange *new = NULL;
> + struct cil_levelrange *new;
> char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_symtab_datum *datum;
>
> if (key != NULL) {
> cil_symtab_get_datum(symtab, key, &datum);
> if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_levelrange: levelrange cannot be redefined\n");
> + cil_log(CIL_ERR, "Named levelrange cannot be redefined\n");
> return SEPOL_ERR;
> }
> }
>
> cil_levelrange_init(&new);
> cil_copy_fill_levelrange(db, orig, new);
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -1068,21 +950,20 @@ void cil_copy_fill_context(struct cil_db *db, struct cil_context *data, struct c
> int cil_copy_context(struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> {
> struct cil_context *orig = data;
> - struct cil_context *new = NULL;
> + struct cil_context *new;
> char *key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_symtab_datum *datum;
>
> if (key != NULL) {
> cil_symtab_get_datum(symtab, key, &datum);
> if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_context: context cannot be redefined\n");
> + cil_log(CIL_ERR, "Named context cannot be redefined\n");
> return SEPOL_ERR;
> }
> }
>
> cil_context_init(&new);
> cil_copy_fill_context(db, orig, new);
> -
> *copy = new;
>
> return SEPOL_OK;
> @@ -1542,19 +1423,18 @@ void cil_copy_fill_ipaddr(struct cil_ipaddr *data, struct cil_ipaddr *new)
> int cil_copy_ipaddr(__attribute__((unused)) struct cil_db *db, void *data, void **copy, symtab_t *symtab)
> {
> struct cil_ipaddr *orig = data;
> - struct cil_ipaddr *new = NULL;
> + struct cil_ipaddr *new;
> char * key = orig->datum.name;
> - struct cil_symtab_datum *datum = NULL;
> + struct cil_symtab_datum *datum;
>
> cil_symtab_get_datum(symtab, key, &datum);
> if (datum != NULL) {
> - cil_log(CIL_INFO, "cil_copy_ipaddr: ipaddress cannot be redefined\n");
> + cil_log(CIL_ERR, "Named IP address cannot be redefined\n");
> return SEPOL_ERR;
> }
>
> cil_ipaddr_init(&new);
> cil_copy_fill_ipaddr(orig, new);
> -
> *copy = new;
>
> return SEPOL_OK;
> --
> 2.49.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2025-07-03 14:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-06-30 18:52 [PATCH] libsepol/cil: Fix copying of declarations James Carter
2025-07-03 14:35 ` James Carter
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).