On Sun, Jul 21, 2013 at 10:32:49PM -0700, John Johansen wrote: > This conversion is nothing more than what is required to get it to > compile. Further improvements will come as the code is refactored. > > Unfortunately due to C++ not supporting designated initializers, the auto > generation of af names needed to be reworked, and "netlink" and "unix" > domain socket keywords leaked in. Since these where going to be added in > separate patches I have not bothered to do the extra work to replace them > with a temporary place holder. > > Signed-off-by: John Johansen <john.johan...@canonical.com>
Acked-by: Seth Arnold <seth.arn...@canonical.com> with a few whitespace-only changes suggested inline. > --- > common/Make.rules | 4 +- > parser/Makefile | 36 +++++----- > parser/lib.c | 10 +-- > parser/libapparmor_re/aare_rules.cc | 12 ++-- > parser/libapparmor_re/apparmor_re.h | 61 ++++++++--------- > parser/mount.c | 6 +- > parser/parser.h | 10 +-- > parser/parser_alias.c | 31 +++++---- > parser/parser_common.c | 4 +- > parser/parser_include.c | 2 +- > parser/parser_interface.c | 42 ++++++------ > parser/parser_lex.l | 6 +- > parser/parser_main.c | 13 ++-- > parser/parser_merge.c | 10 +-- > parser/parser_misc.c | 82 ++++++++++++---------- > parser/parser_policy.c | 30 ++++----- > parser/parser_regex.c | 8 +-- > parser/parser_symtab.c | 86 > ++++++++++++------------ > parser/parser_variable.c | 24 +++---- > parser/parser_yacc.y | 48 ++++++------- > parser/tst/simple_tests/network/network_bad_5.sd | 7 -- > parser/tst/simple_tests/network/network_bad_6.sd | 7 -- > parser/tst/simple_tests/network/network_ok_5.sd | 7 ++ > parser/tst/simple_tests/network/network_ok_6.sd | 7 ++ > 24 files changed, 281 insertions(+), 272 deletions(-) > delete mode 100644 parser/tst/simple_tests/network/network_bad_5.sd > delete mode 100644 parser/tst/simple_tests/network/network_bad_6.sd > create mode 100644 parser/tst/simple_tests/network/network_ok_5.sd > create mode 100644 parser/tst/simple_tests/network/network_ok_6.sd > > diff --git a/common/Make.rules b/common/Make.rules > index 52a45d5..3f6031e 100644 > --- a/common/Make.rules > +++ b/common/Make.rules > @@ -193,12 +193,12 @@ list_capabilities: /usr/include/linux/capability.h > # to mediate. We use PF_ here since that is what is required in > # bits/socket.h, but we will rewrite these as AF_. > > -FILTER_FAMILIES=PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK > +FILTER_FAMILIES=PF_UNIX > > __FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g') > > # emits the AF names in a "AF_NAME NUMBER," pattern > -AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n > -e '/$(__FILTER)/d' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[ > \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2) > +AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n > -e '/$(__FILTER)/d' -e 's/PF_LOCAL/PF_UNIX/' -e 's/^\#define[ > \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2) > > .PHONY: list_af_names > list_af_names: > diff --git a/parser/Makefile b/parser/Makefile > index f859f0e..3c205f1 100644 > --- a/parser/Makefile > +++ b/parser/Makefile > @@ -40,11 +40,11 @@ LEXFLAGS = -B -v > WARNINGS = -Wall > EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers > -Wformat-security -Wunused-parameter > CXX_WARNINGS = ${WARNINGS} $(shell for warning in ${EXTRA_WARNINGS} ; do \ > - if ${CC} $${warning} -S -o /dev/null -xc /dev/null > >/dev/null 2>&1; then \ > + if ${CXX} $${warning} -S -o /dev/null -xc /dev/null > >/dev/null 2>&1; then \ > echo "$${warning}"; \ > fi ; \ > done) > -CPP_WARNINGS = -Wstrict-prototypes -Wnested-externs > +CPP_WARNINGS = > ifndef CFLAGS > CFLAGS = -g -O2 -pipe > > @@ -163,49 +163,49 @@ parser_lex.c: parser_lex.l parser_yacc.h parser.h > $(LEX) ${LEXFLAGS} -o$@ $< > > parser_lex.o: parser_lex.c parser.h parser_yacc.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_misc.o: parser_misc.c parser.h parser_yacc.h af_names.h cap_names.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_yacc.o: parser_yacc.c parser_yacc.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_main.o: parser_main.c parser.h parser_version.h > libapparmor_re/apparmor_re.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_interface.o: parser_interface.c parser.h libapparmor_re/apparmor_re.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_include.o: parser_include.c parser.h parser_include.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_merge.o: parser_merge.c parser.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_regex.o: parser_regex.c parser.h libapparmor_re/apparmor_re.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_symtab.o: parser_symtab.c parser.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_variable.o: parser_variable.c parser.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_policy.o: parser_policy.c parser.h parser_yacc.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_alias.o: parser_alias.c parser.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_common.o: parser_common.c parser.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > mount.o: mount.c mount.h parser.h immunix.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > lib.o: lib.c lib.h parser.h > - $(CC) $(EXTRA_CFLAGS) -c -o $@ $< > + $(CXX) $(EXTRA_CFLAGS) -c -o $@ $< > > parser_version.h: Makefile > @echo \#define PARSER_VERSION \"$(VERSION)\" > .ver > @@ -225,7 +225,7 @@ cap_names.h: /usr/include/linux/capability.h > echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[ > \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@ > > tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS}) > - $(CC) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) > $(TEST_LDFLAGS) > + $(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), > ${TEST_OBJECTS}) $(TEST_LDFLAGS) > > .SILENT: check > .PHONY: check > diff --git a/parser/lib.c b/parser/lib.c > index c4a917b..6f6f110 100644 > --- a/parser/lib.c > +++ b/parser/lib.c > @@ -70,11 +70,13 @@ int dirat_for_each(DIR *dir, const char *name, void *data, > } > > if (dir && (!name || *name != '/')) { > - dirent = malloc(offsetof(struct dirent, d_name) + > - fpathconf(dirfd(dir), _PC_NAME_MAX) + 1); > + dirent = (struct dirent *) > + malloc(offsetof(struct dirent, d_name) + > + fpathconf(dirfd(dir), _PC_NAME_MAX) + 1); > } else { > - dirent = malloc(offsetof(struct dirent, d_name) + > - pathconf(name, _PC_NAME_MAX) + 1); > + dirent = (struct dirent *) > + malloc(offsetof(struct dirent, d_name) + > + pathconf(name, _PC_NAME_MAX) + 1); > } > if (!dirent) { > PDEBUG("could not alloc dirent"); > diff --git a/parser/libapparmor_re/aare_rules.cc > b/parser/libapparmor_re/aare_rules.cc > index d40591d..a752096 100644 > --- a/parser/libapparmor_re/aare_rules.cc > +++ b/parser/libapparmor_re/aare_rules.cc > @@ -39,7 +39,7 @@ struct aare_ruleset { > Node *root; > }; > > -extern "C" aare_ruleset_t *aare_new_ruleset(int reverse) > +aare_ruleset_t *aare_new_ruleset(int reverse) > { > aare_ruleset_t *container = (aare_ruleset_t *) > malloc(sizeof(aare_ruleset_t)); > if (!container) > @@ -51,7 +51,7 @@ extern "C" aare_ruleset_t *aare_new_ruleset(int reverse) > return container; > } > > -extern "C" void aare_delete_ruleset(aare_ruleset_t *rules) > +void aare_delete_ruleset(aare_ruleset_t *rules) > { > if (rules) { > if (rules->root) > @@ -62,7 +62,7 @@ extern "C" void aare_delete_ruleset(aare_ruleset_t *rules) > aare_reset_matchflags(); > } > > -extern "C" int aare_add_rule(aare_ruleset_t *rules, char *rule, int deny, > +int aare_add_rule(aare_ruleset_t *rules, char *rule, int deny, > uint32_t perms, uint32_t audit, dfaflags_t flags) > { > return aare_add_rule_vec(rules, deny, perms, audit, 1, &rule, flags); > @@ -76,7 +76,7 @@ DenyMatchFlag *deny_flags[FLAGS_WIDTH][MATCH_FLAGS_SIZE]; > MatchFlag *exec_match_flags[FLAGS_WIDTH][EXEC_MATCH_FLAGS_SIZE]; /* mods > + unsafe + ix + pux * u::o */ > ExactMatchFlag *exact_match_flags[FLAGS_WIDTH][EXEC_MATCH_FLAGS_SIZE]; > /* mods + unsafe + ix + pux *u::o */ > > -extern "C" void aare_reset_matchflags(void) > +void aare_reset_matchflags(void) > { > uint32_t i, j; > #define RESET_FLAGS(group, size) { \ > @@ -94,7 +94,7 @@ extern "C" void aare_reset_matchflags(void) > #undef RESET_FLAGS > } > > -extern "C" int aare_add_rule_vec(aare_ruleset_t *rules, int deny, > +int aare_add_rule_vec(aare_ruleset_t *rules, int deny, > uint32_t perms, uint32_t audit, > int count, char **rulev, dfaflags_t flags) > { > @@ -243,7 +243,7 @@ extern "C" int aare_add_rule_vec(aare_ruleset_t *rules, > int deny, > * returns: buffer contain dfa tables, @size set to the size of the tables > * else NULL on failure > */ > -extern "C" void *aare_create_dfa(aare_ruleset_t *rules, size_t *size, > +void *aare_create_dfa(aare_ruleset_t *rules, size_t *size, > dfaflags_t flags) > { > char *buffer = NULL; > diff --git a/parser/libapparmor_re/apparmor_re.h > b/parser/libapparmor_re/apparmor_re.h > index 186899c..420d9ce 100644 > --- a/parser/libapparmor_re/apparmor_re.h > +++ b/parser/libapparmor_re/apparmor_re.h > @@ -19,36 +19,37 @@ > #ifndef APPARMOR_RE_H > #define APPARMOR_RE_H > > -typedef enum dfaflags { > - DFA_CONTROL_EQUIV = 1 << 0, > - DFA_CONTROL_TREE_NORMAL = 1 << 1, > - DFA_CONTROL_TREE_SIMPLE = 1 << 2, > - DFA_CONTROL_TREE_LEFT = 1 << 3, > - DFA_CONTROL_MINIMIZE = 1 << 4, > - DFA_CONTROL_MINIMIZE_HASH_TRANS = 1 << 5, > - DFA_CONTROL_FILTER_DENY = 1 << 6, > - DFA_CONTROL_REMOVE_UNREACHABLE = 1 << 7, > - DFA_CONTROL_TRANS_HIGH = 1 << 8, > +typedef int dfaflags_t; > > - DFA_DUMP_MIN_PARTS = 1 << 13, > - DFA_DUMP_UNIQ_PERMS = 1 << 14, > - DFA_DUMP_MIN_UNIQ_PERMS = 1 << 15, > - DFA_DUMP_TREE_STATS = 1 << 16, > - DFA_DUMP_TREE = 1 << 17, > - DFA_DUMP_SIMPLE_TREE = 1 << 18, > - DFA_DUMP_PROGRESS = 1 << 19, > - DFA_DUMP_STATS = 1 << 20, > - DFA_DUMP_STATES = 1 << 21, > - DFA_DUMP_GRAPH = 1 << 22, > - DFA_DUMP_TRANS_PROGRESS = 1 << 23, > - DFA_DUMP_TRANS_STATS = 1 << 24, > - DFA_DUMP_TRANS_TABLE = 1 << 25, > - DFA_DUMP_EQUIV = 1 << 26, > - DFA_DUMP_EQUIV_STATS = 1 << 27, > - DFA_DUMP_MINIMIZE = 1 << 28, > - DFA_DUMP_UNREACHABLE = 1 << 29, > - DFA_DUMP_RULE_EXPR = 1 << 30, > - DFA_DUMP_NODE_TO_DFA = 1 << 31, > -} dfaflags_t; > + > +#define DFA_CONTROL_EQUIV (1 << 0) > +#define DFA_CONTROL_TREE_NORMAL (1 << 1) > +#define DFA_CONTROL_TREE_SIMPLE (1 << 2) > +#define DFA_CONTROL_TREE_LEFT (1 << 3) > +#define DFA_CONTROL_MINIMIZE (1 << 4) > +#define DFA_CONTROL_MINIMIZE_HASH_TRANS (1 << 5) > +#define DFA_CONTROL_FILTER_DENY (1 << 6) > +#define DFA_CONTROL_REMOVE_UNREACHABLE (1 << 7) > +#define DFA_CONTROL_TRANS_HIGH (1 << 8) > + > +#define DFA_DUMP_MIN_PARTS (1 << 13) > +#define DFA_DUMP_UNIQ_PERMS (1 << 14) > +#define DFA_DUMP_MIN_UNIQ_PERMS (1 << 15) > +#define DFA_DUMP_TREE_STATS (1 << 16) > +#define DFA_DUMP_TREE (1 << 17) > +#define DFA_DUMP_SIMPLE_TREE (1 << 18) > +#define DFA_DUMP_PROGRESS (1 << 19) > +#define DFA_DUMP_STATS (1 << 20) > +#define DFA_DUMP_STATES (1 << 21) > +#define DFA_DUMP_GRAPH (1 << 22) > +#define DFA_DUMP_TRANS_PROGRESS (1 << 23) > +#define DFA_DUMP_TRANS_STATS (1 << 24) > +#define DFA_DUMP_TRANS_TABLE (1 << 25) > +#define DFA_DUMP_EQUIV (1 << 26) > +#define DFA_DUMP_EQUIV_STATS (1 << 27) > +#define DFA_DUMP_MINIMIZE (1 << 28) > +#define DFA_DUMP_UNREACHABLE (1 << 29) > +#define DFA_DUMP_RULE_EXPR (1 << 30) > +#define DFA_DUMP_NODE_TO_DFA (1 << 31) > > #endif /* APPARMOR_RE_H */ > diff --git a/parser/mount.c b/parser/mount.c > index d446d29..21d8576 100644 > --- a/parser/mount.c > +++ b/parser/mount.c > @@ -220,7 +220,7 @@ > #include "mount.h" > > struct mnt_keyword_table { > - char *keyword; > + const char *keyword; > unsigned int set; > unsigned int clear; > }; > @@ -272,8 +272,8 @@ static struct mnt_keyword_table mnt_opts_table[] = { > {"iversion", MS_IVERSION, 0}, > {"noiversion", 0, MS_IVERSION}, > {"strictatime", MS_STRICTATIME, 0}, > - {"user", 0, MS_NOUSER}, > - {"nouser", MS_NOUSER, 0}, > + {"user", 0, (unsigned int) MS_NOUSER}, > + {"nouser", (unsigned int) MS_NOUSER, 0}, > > {NULL, 0, 0} > }; > diff --git a/parser/parser.h b/parser/parser.h > index 3b4ac63..733e629 100644 > --- a/parser/parser.h > +++ b/parser/parser.h > @@ -52,7 +52,7 @@ struct flagval { > > struct named_transition { > int present; > - char *namespace; > + char *ns; > char *name; > }; > > @@ -75,7 +75,7 @@ struct cond_entry { > }; > > struct cod_entry { > - char *namespace; > + char *ns; > char *name; > char *link_name; > char *nt_name; > @@ -115,7 +115,7 @@ struct alt_name { > }; > > struct codomain { > - char *namespace; > + char *ns; > char *name; /* codomain name */ > char *attachment; > struct alt_name *altnames; > @@ -279,7 +279,7 @@ extern dfaflags_t dfaflags; > extern char *progname; > extern char *subdomainbase; > extern char *profilename; > -extern char *profile_namespace; > +extern char *profile_ns; > extern char *current_filename; > extern FILE *ofile; > extern int read_implies_exec; > @@ -330,7 +330,7 @@ extern int name_to_capability(const char *keyword); > extern int get_rlimit(const char *name); > extern char *process_var(const char *var); > extern int parse_mode(const char *mode); > -extern struct cod_entry *new_entry(char *namespace, char *id, int mode, > +extern struct cod_entry *new_entry(char *ns, char *id, int mode, > char *link_id); > extern struct aa_network_entry *new_network_ent(unsigned int family, > unsigned int type, > diff --git a/parser/parser_alias.c b/parser/parser_alias.c > index 00a4ced..aee882e 100644 > --- a/parser/parser_alias.c > +++ b/parser/parser_alias.c > @@ -50,7 +50,7 @@ int new_alias(const char *from, const char *to) > { > struct alias_rule *alias, **result; > > - alias = calloc(1, sizeof(struct alias_rule)); > + alias = (struct alias_rule *) calloc(1, sizeof(struct alias_rule)); > if (!alias) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > goto fail; > @@ -95,14 +95,14 @@ fail: > static char *do_alias(struct alias_rule *alias, const char *target) > { > int len = strlen(target) - strlen(alias->from) + strlen(alias->to); > - char *new = malloc(len + 1); > - if (!new) { > + char *n = (char *) malloc(len + 1); > + if (!n) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > return NULL; > } > - sprintf(new, "%s%s", alias->to, target + strlen(alias->from)); > + sprintf(n, "%s%s", alias->to, target + strlen(alias->from)); > /*fprintf(stderr, "replaced alias: from: %s, to: %s, name: %s\n %s\n", > alias->from, alias->to, target, new);*/ > - return new; > + return n; > } > > static struct codomain *target_cod; > @@ -123,22 +123,22 @@ static void process_entries(const void *nodep, VISIT > value, int __unused level) > entry->alias_ignore) > continue; > if (entry->name && strncmp((*t)->from, entry->name, len) == 0) { > - char *new = do_alias(*t, entry->name); > - if (!new) > + char *n = do_alias(*t, entry->name); > + if (!n) > return; > dup = copy_cod_entry(entry); > free(dup->name); > - dup->name = new; > + dup->name = n; > } > if (entry->link_name && > strncmp((*t)->from, entry->link_name, len) == 0) { > - char *new = do_alias(*t, entry->link_name); > - if (!new) > + char *n = do_alias(*t, entry->link_name); > + if (!n) > return; > if (!dup) > dup = copy_cod_entry(entry); > free(dup->link_name); > - dup->link_name = new; > + dup->link_name = n; > } > if (dup) { > dup->alias_ignore = 1; > @@ -152,7 +152,6 @@ static void process_entries(const void *nodep, VISIT > value, int __unused level) > } > } > > -static struct codomain *target_cod; > static void process_name(const void *nodep, VISIT value, int __unused level) > { > struct alias_rule **t = (struct alias_rule **) nodep; > @@ -172,14 +171,14 @@ static void process_name(const void *nodep, VISIT > value, int __unused level) > > if (name && strncmp((*t)->from, name, len) == 0) { > struct alt_name *alt; > - char *new = do_alias(*t, name); > - if (!new) > + char *n = do_alias(*t, name); > + if (!n) > return; > /* aliases create alternate names */ > - alt = calloc(1, sizeof(struct alt_name)); > + alt = (struct alt_name *) calloc(1, sizeof(struct alt_name)); > if (!alt) > return; > - alt->name = new; > + alt->name = n; > alt->next = cod->altnames; > cod->altnames = alt; > } > diff --git a/parser/parser_common.c b/parser/parser_common.c > index bf4dd41..e8b20f0 100644 > --- a/parser/parser_common.c > +++ b/parser/parser_common.c > @@ -34,11 +34,11 @@ int names_only = 0; > int current_lineno = 1; > int option = OPTION_ADD; > > -dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | > DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS; > +dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | > DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | > DFA_CONTROL_MINIMIZE_HASH_TRANS); > > char *subdomainbase = NULL; > char *progname = __FILE__; > -char *profile_namespace = NULL; > +char *profile_ns = NULL; > char *profilename = NULL; > char *current_filename = NULL; > > diff --git a/parser/parser_include.c b/parser/parser_include.c > index f143353..697fad3 100644 > --- a/parser/parser_include.c > +++ b/parser/parser_include.c > @@ -291,7 +291,7 @@ void push_include_stack(char *filename) > { > struct include_stack_t *include = NULL; > > - include = malloc(sizeof(*include)); > + include = (struct include_stack_t *) malloc(sizeof(*include)); > if (!include) { > perror("malloc of included file stack tracker"); > /* failures in this area are non-fatal */ > diff --git a/parser/parser_interface.c b/parser/parser_interface.c > index 5c2b486..77f3d2e 100644 > --- a/parser/parser_interface.c > +++ b/parser/parser_interface.c > @@ -214,7 +214,7 @@ struct __sdserialize { > > sd_serialize *alloc_sd_serial(void) > { > - sd_serialize *p = calloc(1, sizeof(sd_serialize)); > + sd_serialize *p = (sd_serialize *) calloc(1, sizeof(sd_serialize)); > if (!p) > return NULL; > p->buffer = malloc(BUFFERINC); > @@ -255,7 +255,7 @@ static inline void sd_inc(sd_serialize *p, int size) > > inline long sd_serial_size(sd_serialize *p) > { > - return (p->pos - p->buffer); > + return (long) (p->pos) - (long) (p->buffer); > } > > /* routines for writing data to the serialization buffer */ > @@ -265,14 +265,14 @@ inline int sd_prepare_write(sd_serialize *p, enum > sd_code code, size_t size) > if (p->pos + SD_CODE_SIZE + size > p->extent) { > long pos; > /* try and reallocate the buffer */ > - void *buffer = malloc(p->extent - p->buffer + (BUFFERINC * > num)); > - memcpy(buffer, p->buffer, p->extent - p->buffer); > + void *buffer = malloc((long)(p->extent) - (long)(p->buffer) + > (BUFFERINC * num)); > + memcpy(buffer, p->buffer, (long)(p->extent) - > (long)(p->buffer)); > > - pos = p->pos - p->buffer; > + pos = (long)(p->pos) - (long)(p->buffer); > if (buffer == NULL || errno == ENOMEM) > return 0; > > - p->extent = buffer + (p->extent - p->buffer) + (BUFFERINC * > num); > + p->extent = buffer + ((long)(p->extent) - (long)(p->buffer)) + > (BUFFERINC * num); > free(p->buffer); > p->buffer = buffer; > p->pos = buffer + pos; > @@ -367,7 +367,7 @@ inline int sd_write_aligned_blob(sd_serialize *p, void > *b, int buf_size, > u32 tmp; > if (!sd_write_name(p, name)) > return 0; > - pad = align64((p->pos + 5) - p->buffer) - ((p->pos + 5) - p->buffer); > + pad = align64(((long)(p->pos + 5) - (long)(p->buffer)) - ((long)(p->pos > + 5) - (long)(p->buffer))); > if (!sd_prepare_write(p, SD_BLOB, 4 + buf_size + pad)) > return 0; > tmp = cpu_to_le32(buf_size + pad); > @@ -555,7 +555,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain > *profile, > assert(profile->parent); > int res; > > - char *name = malloc(3 + strlen(profile->name) + > + char *name = (char *) malloc(3 + strlen(profile->name) + > strlen(profile->parent->name)); > if (!name) > return 0; > @@ -696,11 +696,11 @@ int sd_serialize_top_profile(sd_serialize *p, struct > codomain *profile) > if (!sd_write32(p, version)) > return 0; > > - if (profile_namespace) { > - if (!sd_write_string(p, profile_namespace, "namespace")) > + if (profile_ns) { > + if (!sd_write_string(p, profile_ns, "namespace")) > return 0; > - } else if (profile->namespace) { > - if (!sd_write_string(p, profile->namespace, "namespace")) > + } else if (profile->ns) { > + if (!sd_write_string(p, profile->ns, "namespace")) > return 0; > } > > @@ -760,15 +760,15 @@ int sd_serialize_codomain(int option, struct codomain > *cod) > char *name, *ns = NULL; > int len = 0; > > - if (profile_namespace) { > - len += strlen(profile_namespace) + 2; > - ns = profile_namespace; > - } else if (cod->namespace) { > - len += strlen(cod->namespace) + 2; > - ns = cod->namespace; > + if (profile_ns) { > + len += strlen(profile_ns) + 2; > + ns = profile_ns; > + } else if (cod->ns) { > + len += strlen(cod->ns) + 2; > + ns = cod->ns; > } > if (cod->parent) { > - name = malloc(strlen(cod->name) + 3 + > + name = (char *) malloc(strlen(cod->name) + 3 + > strlen(cod->parent->name) + len); > if (!name) { > PERROR(_("Memory Allocation Error: Unable to > remove ^%s\n"), cod->name); > @@ -782,7 +782,7 @@ int sd_serialize_codomain(int option, struct codomain > *cod) > sprintf(name, "%s//%s", cod->parent->name, > cod->name); > } else if (ns) { > - name = malloc(len + strlen(cod->name) + 1); > + name = (char *) malloc(len + strlen(cod->name) + 1); > if (!name) { > PERROR(_("Memory Allocation Error: Unable to > remove %s:%s."), ns, cod->name); > error = -errno; > @@ -818,7 +818,7 @@ int sd_serialize_codomain(int option, struct codomain > *cod) > goto exit; > } > > - size = work_area->pos - work_area->buffer; > + size = (long) (work_area->pos) - (long)(work_area->buffer); > if (kernel_load || option == OPTION_STDOUT || option == > OPTION_OFILE) { > wsize = write(fd, work_area->buffer, size); > if (wsize < 0) { > diff --git a/parser/parser_lex.l b/parser/parser_lex.l > index 1b14625..6150141 100644 > --- a/parser/parser_lex.l > +++ b/parser/parser_lex.l > @@ -91,10 +91,10 @@ do { \ > #define YY_NO_INPUT > > #define STATE_TABLE_ENT(X) [(X)] = #X > -static const char *const state_names[]; > +/* static char *const state_names[]; */ > > struct ignored_suffix_t { > - char * text; > + const char * text; > int len; > int silent; > }; > @@ -123,7 +123,7 @@ static int is_blacklisted(const char *name, const char > *path) > /* skip blacklisted suffixes */ > for (suffix = ignored_suffixes; suffix->text; suffix++) { > char *found; > - if ( (found = strstr(name, suffix->text)) && > + if ( (found = strstr((char *) name, suffix->text)) && > found - name + suffix->len == name_len ) { > if (!suffix->silent) > PERROR("Ignoring: '%s'\n", path); > diff --git a/parser/parser_main.c b/parser/parser_main.c > index afbe78c..0069b2c 100644 > --- a/parser/parser_main.c > +++ b/parser/parser_main.c > @@ -64,7 +64,6 @@ > const char *parser_title = "AppArmor parser"; > const char *parser_copyright = "Copyright (C) 1999-2008 Novell > Inc.\nCopyright 2009-2012 Canonical Ltd."; > > -char *progname; > int opt_force_complain = 0; > int binary_input = 0; > int dump_vars = 0; > @@ -520,7 +519,7 @@ static int process_arg(int c, char *optarg) > conf_quiet = 0; > break; > case 'n': > - profile_namespace = strdup(optarg); > + profile_ns = strdup(optarg); > break; > case 'X': > read_implies_exec = 1; > @@ -793,7 +792,7 @@ static void get_match_string(void) { > /* if we have a features directory default to */ > perms_create = 1; > > - flags_string = malloc(FLAGS_STRING_SIZE); > + flags_string = (char *) malloc(FLAGS_STRING_SIZE); > handle_features_dir(FLAGS_FILE, &flags_string, > FLAGS_STRING_SIZE, flags_string); > if (strstr(flags_string, "network")) > kernel_supports_network = 1; > @@ -808,7 +807,7 @@ static void get_match_string(void) { > if (!ms) > goto out; > > - match_string = malloc(1000); > + match_string = (char *) malloc(1000); > if (!match_string) { > goto out; > } > @@ -845,7 +844,7 @@ static void get_flags_string(char **flags, char > *flags_file) { > if (!f) > return; > > - *flags = malloc(FLAGS_STRING_SIZE); > + *flags = (char *) malloc(FLAGS_STRING_SIZE); > if (!*flags) > goto fail; > > @@ -892,7 +891,7 @@ int process_binary(int option, char *profilename) > > do { > if (asize - size == 0) { > - buffer = realloc(buffer, chunksize); > + buffer = (char *) realloc(buffer, chunksize); Incorrect indent.. > asize = chunksize; > chunksize <<= 1; > if (!buffer) { > @@ -1049,7 +1048,7 @@ int process_profile(int option, char *profilename) > * TODO: Add support for embedded namespace defines if they aren't > * removed from the language. > */ > - if (profile_namespace) > + if (profile_ns) > skip_cache = 1; > > /* Do secondary test to see if cached binary profile is good, > diff --git a/parser/parser_merge.c b/parser/parser_merge.c > index cc95a7b..3b0baea 100644 > --- a/parser/parser_merge.c > +++ b/parser/parser_merge.c > @@ -35,12 +35,12 @@ static int file_comp(const void *c1, const void *c2) > int res = 0; > > //PERROR("strcmp %s %s\n", (*e1)->name, (*e2)->name); > - if ((*e1)->namespace) { > - if ((*e2)->namespace) > - res = strcmp((*e1)->namespace, (*e2)->namespace); > + if ((*e1)->ns) { > + if ((*e2)->ns) > + res = strcmp((*e1)->ns, (*e2)->ns); > else > return 1; > - } else if ((*e2)->namespace) { > + } else if ((*e2)->ns) { > return -1; > } > if (res) > @@ -87,7 +87,7 @@ static int process_file_entries(struct codomain *cod) > if (count < 2) > return 1; > > - table = malloc(sizeof(struct cod_entry *) * (count + 1)); > + table = (struct cod_entry **) malloc(sizeof(struct cod_entry *) * > (count + 1)); > if (!table) { > PERROR(_("Couldn't merge entries. Out of Memory\n")); > return 0; > diff --git a/parser/parser_misc.c b/parser/parser_misc.c > index 8f52e6c..51a0768 100644 > --- a/parser/parser_misc.c > +++ b/parser/parser_misc.c > @@ -50,7 +50,7 @@ > #define NPDEBUG(fmt, args...) /* Do nothing */ > > struct keyword_table { > - char *keyword; > + const char *keyword; > int token; > }; > > @@ -160,11 +160,11 @@ int get_rlimit(const char *name) > } > > struct network_tuple { > - char *family_name; > + const char *family_name; > unsigned int family; > - char *type_name; > + const char *type_name; > unsigned int type; > - char *protocol_name; > + const char *protocol_name; > unsigned int protocol; > }; > > @@ -325,7 +325,7 @@ struct aa_network_entry *new_network_ent(unsigned int > family, > unsigned int protocol) > { > struct aa_network_entry *new_entry; > - new_entry = calloc(1, sizeof(struct aa_network_entry)); > + new_entry = (struct aa_network_entry *) calloc(1, sizeof(struct > aa_network_entry)); > if (new_entry) { > new_entry->family = family; > new_entry->type = type; > @@ -553,13 +553,13 @@ static int parse_sub_mode(const char *str_mode, const > char *mode_desc __unused) > > p = str_mode; > while (*p) { > - char this = *p; > + char thisc = *p; > char next = *(p + 1); > char lower; > int tmode = 0; > > reeval: > - switch (this) { > + switch (thisc) { > case COD_READ_CHAR: > if (read_implies_exec) { > PDEBUG("Parsing mode: found %s READ imply X\n", > mode_desc); > @@ -617,7 +617,7 @@ reeval: > PDEBUG("Parsing mode: found UNCONFINED\n"); > if (IS_DIFF_QUAL(mode, tmode)) { > yyerror(_("Exec qualifier '%c' invalid, > conflicting qualifier already specified"), > - this); > + thisc); > } else { > if (next != tolower(next)) > warn_uppercase(); > @@ -633,7 +633,7 @@ reeval: > /* fall through */ > case COD_PROFILE_CHAR: > case COD_LOCAL_CHAR: > - if (tolower(this) == COD_UNSAFE_PROFILE_CHAR) > + if (tolower(thisc) == COD_UNSAFE_PROFILE_CHAR) > tmode |= AA_EXEC_PROFILE | AA_MAY_EXEC; > else > { > @@ -643,7 +643,7 @@ reeval: > if (tolower(next) == COD_INHERIT_CHAR) { > tmode |= AA_EXEC_INHERIT; > if (IS_DIFF_QUAL(mode, tmode)) { > - yyerror(_("Exec qualifier '%c%c' > invalid, conflicting qualifier already specified"), this, next); > + yyerror(_("Exec qualifier '%c%c' > invalid, conflicting qualifier already specified"), thisc, next); > } else { > mode |= tmode; > p += 2; /* skip x */ > @@ -651,13 +651,13 @@ reeval: > } else if (tolower(next) == COD_UNSAFE_UNCONFINED_CHAR) > { > tmode |= AA_EXEC_PUX; > if (IS_DIFF_QUAL(mode, tmode)) { > - yyerror(_("Exec qualifier '%c%c' > invalid, conflicting qualifier already specified"), this, next); > + yyerror(_("Exec qualifier '%c%c' > invalid, conflicting qualifier already specified"), thisc, next); > } else { > mode |= tmode; > p += 2; /* skip x */ > } > } else if (IS_DIFF_QUAL(mode, tmode)) { > - yyerror(_("Exec qualifier '%c' invalid, > conflicting qualifier already specified"), this); > + yyerror(_("Exec qualifier '%c' invalid, > conflicting qualifier already specified"), thisc); > > } else { > if (next != tolower(next)) > @@ -674,7 +674,7 @@ reeval: > break; > > case COD_EXEC_CHAR: > - /* this is valid for deny rules, and named transitions > + /* thisc is valid for deny rules, and named transitions > * but invalid for regular x transitions > * sort it out later. > */ > @@ -684,7 +684,7 @@ reeval: > /* error cases */ > > default: > - lower = tolower(this); > + lower = tolower(thisc); > switch (lower) { > case COD_READ_CHAR: > case COD_WRITE_CHAR: > @@ -693,14 +693,14 @@ reeval: > case COD_INHERIT_CHAR: > case COD_MMAP_CHAR: > case COD_EXEC_CHAR: > - PDEBUG("Parsing mode: found invalid upper case > char %c\n", this); > + PDEBUG("Parsing mode: found invalid upper case > char %c\n", thisc); > warn_uppercase(); > - this = lower; > + thisc = lower; > goto reeval; > break; > default: > yyerror(_("Internal: unexpected mode character > '%c' in input"), > - this); > + thisc); > break; > } > break; > @@ -725,7 +725,7 @@ int parse_mode(const char *str_mode) > return mode; > } > > -struct cod_entry *new_entry(char *namespace, char *id, int mode, char > *link_id) > +struct cod_entry *new_entry(char *ns, char *id, int mode, char *link_id) > { > struct cod_entry *entry = NULL; > > @@ -733,7 +733,7 @@ struct cod_entry *new_entry(char *namespace, char *id, > int mode, char *link_id) > if (!entry) > return NULL; > > - entry->namespace = namespace; > + entry->ns = ns; > entry->name = id; > entry->link_name = link_id; > entry->mode = mode; > @@ -757,7 +757,7 @@ struct cod_entry *copy_cod_entry(struct cod_entry *orig) > if (!entry) > return NULL; > > - entry->namespace = orig->namespace ? strdup(orig->namespace) : NULL; > + entry->ns = orig->ns ? strdup(orig->ns) : NULL; > entry->name = strdup(orig->name); > entry->link_name = orig->link_name ? strdup(orig->link_name) : NULL; > entry->mode = orig->mode; > @@ -779,8 +779,8 @@ void free_cod_entries(struct cod_entry *list) > return; > if (list->next) > free_cod_entries(list->next); > - if (list->namespace) > - free(list->namespace); > + if (list->ns) > + free(list->ns); > if (list->name) > free(list->name); > if (list->link_name) > @@ -845,8 +845,8 @@ void debug_cod_entries(struct cod_entry *list) > else > printf("\tName:\tNULL\n"); > > - if (item->namespace) > - printf("\tNamespace:\t(%s)\n", item->namespace); > + if (item->ns) > + printf("\tNs:\t(%s)\n", item->ns); > > if (AA_LINK_BITS & item->mode) > printf("\tlink:\t(%s)\n", item->link_name ? > item->link_name : "/**"); > @@ -943,23 +943,31 @@ void debug_capabilities(struct codomain *cod) > __debug_capabilities(cod->quiet_caps, "Quiet Caps"); > } > > +/* Bleah C++ doesn't have non-trivial designated initializers so we just > + * have to make sure these are in order. This means we are more brittle > + * but there isn't much we can do. > + */ > const char *sock_types[] = { > - [0] = "none", > - [SOCK_STREAM] = "stream", > - [SOCK_DGRAM] = "dgram", > - [SOCK_RAW] = "raw", > - [SOCK_RDM] = "rdm", > - [SOCK_SEQPACKET] = "seqpacket", > - [SOCK_PACKET] = "packet", > + "none", /* 0 */ > + "stream", /* 1 [SOCK_STREAM] */ > + "dgram", /* 2 [SOCK_DGRAM] */ > + "raw", /* 3 [SOCK_RAW] */ > + "rdm", /* 4 [SOCK_RDM] */ > + "seqpacket", /* 5 [SOCK_SEQPACKET] */ > + "dccp", /* 6 [SOCK_DCCP] */ > + "invalid", /* 7 */ > + "invalid", /* 8 */ > + "invalid", /* 9 */ > + "packet", /* 10 [SOCK_PACKET] */ > /* > * See comment above > - [SOCK_DCCP] = "dccp", > */ > }; > #define ALL_TYPES 0x43e > > +/* another case of C++ not supporting non-trivial designated initializers */ > #undef AA_GEN_NET_ENT > -#define AA_GEN_NET_ENT(name, AF) [AF] = name, > +#define AA_GEN_NET_ENT(name, AF) name, /* [AF] = name, */ > > static const char *network_families[] = { > #include "af_names.h" > @@ -1038,8 +1046,8 @@ void debug_network(struct codomain *cod) > > void debug_cod_list(struct codomain *cod) > { > - if (cod->namespace) > - printf("Namespace:\t\t%s\n", cod->namespace); > + if (cod->ns) > + printf("Ns:\t\t%s\n", cod->ns); > > if (cod->name) > printf("Name:\t\t%s\n", cod->name); > @@ -1064,7 +1072,7 @@ void debug_cod_list(struct codomain *cod) > > struct value_list *new_value_list(char *value) > { > - struct value_list *val = calloc(1, sizeof(struct value_list)); > + struct value_list *val = (struct value_list *) calloc(1, sizeof(struct > value_list)); Incorrect indent.. > if (val) > val->value = value; > return val; > @@ -1130,7 +1138,7 @@ void print_value_list(struct value_list *list) > > struct cond_entry *new_cond_entry(char *name, int eq, struct value_list > *list) > { > - struct cond_entry *ent = calloc(1, sizeof(struct cond_entry)); > + struct cond_entry *ent = (struct cond_entry *) calloc(1, sizeof(struct > cond_entry)); Incorrect indent.. > if (ent) { > ent->name = name; > ent->vals = list; > diff --git a/parser/parser_policy.c b/parser/parser_policy.c > index 77d4a19..3536d21 100644 > --- a/parser/parser_policy.c > +++ b/parser/parser_policy.c > @@ -48,12 +48,12 @@ static int codomain_compare(const void *a, const void *b) > struct codomain *B = (struct codomain *) b; > > int res = 0; > - if (A->namespace) { > - if (B->namespace) > - res = strcmp(A->namespace, B->namespace); > + if (A->ns) { > + if (B->ns) > + res = strcmp(A->ns, B->ns); > else > res = -1; > - } else if (B->namespace) > + } else if (B->ns) > res = 1; > if (res) > return res; > @@ -118,7 +118,7 @@ static int add_named_transition(struct codomain *cod, > struct cod_entry *entry) > char *name = NULL; > > /* check to see if it is a local transition */ > - if (!entry->namespace) { > + if (!entry->ns) { > char *sub = strstr(entry->nt_name, "//"); > /* does the subprofile name match the rule */ > > @@ -137,7 +137,7 @@ static int add_named_transition(struct codomain *cod, > struct cod_entry *entry) > return AA_EXEC_LOCAL >> 10; > } > /* specified as cix so profile name is implicit */ > - name = malloc(strlen(cod->name) + strlen(entry->nt_name) > + name = (char *) malloc(strlen(cod->name) + > strlen(entry->nt_name) > + 3); > if (!name) { > PERROR("Memory allocation error\n"); > @@ -148,16 +148,16 @@ static int add_named_transition(struct codomain *cod, > struct cod_entry *entry) > entry->nt_name = name; > } > } > - if (entry->namespace) { > - name = malloc(strlen(entry->namespace) + strlen(entry->nt_name) > + 3); > + if (entry->ns) { > + name = (char *) malloc(strlen(entry->ns) + strlen(entry->nt_name) + > 3); > if (!name) { > PERROR("Memory allocation error\n"); > exit(1); > } > - sprintf(name, ":%s:%s", entry->namespace, entry->nt_name); > - free(entry->namespace); > + sprintf(name, ":%s:%s", entry->ns, entry->nt_name); > + free(entry->ns); > free(entry->nt_name); > - entry->namespace = NULL; > + entry->ns = NULL; > entry->nt_name = NULL; > } else { > name = entry->nt_name; > @@ -191,7 +191,7 @@ void post_process_file_entries(struct codomain *cod) > mode |= SHIFT_MODE(n << 10, AA_OTHER_SHIFT); > entry->mode = ((entry->mode & ~AA_ALL_EXEC_MODIFIERS) | > (mode & AA_ALL_EXEC_MODIFIERS)); > - entry->namespace = NULL; > + entry->ns = NULL; > entry->nt_name = NULL; > } > /* FIXME: currently change_profile also implies onexec */ > @@ -450,7 +450,7 @@ static void __add_hat_rules_parent(const void *nodep, > const VISIT value, > */ > if ((flag_changehat_version == FLAG_CHANGEHAT_1_4) && > (*t)->parent) { > - char *buffer = malloc(strlen((*t)->name) + 1); > + char *buffer = (char *) malloc(strlen((*t)->name) + 1); > if (!buffer) { > PERROR("Memory allocation error\n"); > exit(1); > @@ -826,8 +826,8 @@ void free_policy(struct codomain *cod) > free(cod->name); > if (cod->attachment) > free(cod->attachment); > - if (cod->namespace) > - free(cod->namespace); > + if (cod->ns) > + free(cod->ns); > if (cod->network_allowed) > free(cod->network_allowed); > if (cod->audit_network) > diff --git a/parser/parser_regex.c b/parser/parser_regex.c > index 4bc0691..ce9d7a3 100644 > --- a/parser/parser_regex.c > +++ b/parser/parser_regex.c > @@ -517,9 +517,9 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, > struct cod_entry *entry) > /* allow change_profile for all execs */ > vec[0] = "/[^\\x00]*"; > > - if (entry->namespace) { > + if (entry->ns) { > int pos; > - ptype = convert_aaregex_to_pcre(entry->namespace, 0, > lbuf, PATH_MAX + 8, &pos); > + ptype = convert_aaregex_to_pcre(entry->ns, 0, lbuf, > PATH_MAX + 8, &pos); > vec[index++] = lbuf; > } > vec[index++] = tbuf; > @@ -535,9 +535,9 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, > struct cod_entry *entry) > } > if (entry->mode & (AA_USER_PTRACE | AA_OTHER_PTRACE)) { > int mode = entry->mode & (AA_USER_PTRACE | AA_OTHER_PTRACE); > - if (entry->namespace) { > + if (entry->ns) { > char *vec[2]; > - vec[0] = entry->namespace; > + vec[0] = entry->ns; > vec[1] = entry->name; > if (!aare_add_rule_vec(dfarules, 0, mode, 0, 2, vec, > dfaflags)) > return FALSE; > diff --git a/parser/parser_symtab.c b/parser/parser_symtab.c > index 6deb328..322551e 100644 > --- a/parser/parser_symtab.c > +++ b/parser/parser_symtab.c > @@ -46,51 +46,51 @@ static int __expand_variable(struct symtab *symbol); > > static struct symtab *new_symtab_entry(const char *name) > { > - struct symtab *new = calloc(1, sizeof(*new)); > + struct symtab *n = (struct symtab *) calloc(1, sizeof(*n)); > > - if (!new) { > + if (!n) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > return NULL; > } > > - new->var_name = strndup(name, PATH_MAX); > - if (!new->var_name) { > + n->var_name = strndup(name, PATH_MAX); > + if (!n->var_name) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > - free(new); > + free(n); > return NULL; > } > > - return new; > + return n; > } > > static struct set_value *new_set_value(const char *val) > { > - struct set_value *new = calloc(1, sizeof(*new)); > + struct set_value *n = (struct set_value *) calloc(1, sizeof(*n)); > > - if (!new) { > + if (!n) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > return NULL; > } > > - new->val = strndup(val, PATH_MAX); > - if (!new->val) { > + n->val = strndup(val, PATH_MAX); > + if (!n->val) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > - free(new); > + free(n); > return NULL; > } > > - return new; > + return n; > } > > static void free_values(struct set_value *val) > { > - struct set_value *this = val, *tmp; > + struct set_value *i = val, *tmp; > > - while (this) { > - if (this->val) > - free(this->val); > - tmp = this; > - this = this->next; > + while (i) { > + if (i->val) > + free(i->val); > + tmp = i; > + i = i->next; > free(tmp); > } > } > @@ -153,26 +153,26 @@ out: > > int add_boolean_var(const char *var, int value) > { > - struct symtab *new, **result; > + struct symtab *n, **result; > int rc = 0; > > - new = new_symtab_entry(var); > - if (!new) { > + n = new_symtab_entry(var); > + if (!n) { > rc = ENOMEM; > goto err; > } > > - new->type = sd_boolean; > - new->boolean = value; > + n->type = sd_boolean; > + n->boolean = value; > > - result = (struct symtab **) tsearch(new, &my_symtab, (comparison_fn_t) > &compare_symtabs); > + result = (struct symtab **) tsearch(n, &my_symtab, (comparison_fn_t) > &compare_symtabs); > if (!result) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > rc = errno; > goto err; > } > > - if (*result != new) { > + if (*result != n) { > /* already existing variable */ > PERROR("'%s' is already defined\n", var); > rc = 1; > @@ -182,7 +182,7 @@ int add_boolean_var(const char *var, int value) > return 0; > > err: > - free_symtab(new); > + free_symtab(n); > return rc; > }; > > @@ -213,26 +213,26 @@ out: > */ > int new_set_var(const char *var, const char *value) > { > - struct symtab *new, **result; > + struct symtab *n, **result; > int rc = 0; > > - new = new_symtab_entry(var); > - if (!new) { > + n = new_symtab_entry(var); > + if (!n) { > rc = ENOMEM; > goto err; > } > > - new->type = sd_set; > - add_to_set(&(new->values), value); > + n->type = sd_set; > + add_to_set(&(n->values), value); > > - result = (struct symtab **) tsearch(new, &my_symtab, (comparison_fn_t) > &compare_symtabs); > + result = (struct symtab **) tsearch(n, &my_symtab, (comparison_fn_t) > &compare_symtabs); > if (!result) { > PERROR("Failed to allocate memory: %s\n", strerror(errno)); > rc = errno; > goto err; > } > > - if (*result != new) { > + if (*result != n) { > /* already existing variable */ > PERROR("'%s' is already defined\n", var); > rc = 1; > @@ -242,7 +242,7 @@ int new_set_var(const char *var, const char *value) > return 0; > > err: > - free_symtab(new); > + free_symtab(n); > return rc; > } > > @@ -382,15 +382,15 @@ static int __expand_variable(struct symtab *symbol) > while (work_list) { > struct symtab *ref; > struct set_value *ref_item; > - struct set_value *this_value = work_list; > + struct set_value *t_value = work_list; > int rc; > > work_list = work_list->next; > > - split = split_out_var(this_value->val); > + split = split_out_var(t_value->val); > if (!split) { > /* fully expanded */ > - add_to_set(&expanded, this_value->val); > + add_to_set(&expanded, t_value->val); > goto next; > } > > @@ -436,8 +436,8 @@ static int __expand_variable(struct symtab *symbol) > } > > next: > - this_value->next = NULL; > - free_values(this_value); > + t_value->next = NULL; > + free_values(t_value); > free_var_string(split); > } > } > @@ -469,10 +469,10 @@ void expand_variables(void) > > static inline void dump_set_values(struct set_value *value) > { > - struct set_value *this = value; > - while (this) { > - printf(" \"%s\"", this->val); > - this = this->next; > + struct set_value *t = value; > + while (t) { > + printf(" \"%s\"", t->val); > + t = t->next; > } > } > > diff --git a/parser/parser_variable.c b/parser/parser_variable.c > index 48f2fe7..c17123a 100644 > --- a/parser/parser_variable.c > +++ b/parser/parser_variable.c > @@ -53,29 +53,29 @@ static inline char *get_var_end(char *var) > static struct var_string *split_string(char *string, char *var_begin, > char *var_end) > { > - struct var_string *new = calloc(1, sizeof(struct var_string)); > + struct var_string *n = (struct var_string *) calloc(1, sizeof(struct > var_string)); > unsigned int offset = strlen("@{"); > - if (!new) { > + if (!n) { > PERROR("Memory allocation error\n"); > return NULL; > } > > if (var_begin != string) { > - new->prefix = strndup(string, var_begin - string); > + n->prefix = strndup(string, var_begin - string); > } > > - new->var = strndup(var_begin + offset, var_end - (var_begin + offset)); > + n->var = strndup(var_begin + offset, var_end - (var_begin + offset)); > > if (strlen(var_end + 1) != 0) { > - new->suffix = strdup(var_end + 1); > + n->suffix = strdup(var_end + 1); > } > > - return new; > + return n; > } > > struct var_string *split_out_var(char *string) > { > - struct var_string *new = NULL; > + struct var_string *n = NULL; > char *sptr; > BOOL bEscape = 0; /* flag to indicate escape */ > > @@ -84,7 +84,7 @@ struct var_string *split_out_var(char *string) > > sptr = string; > > - while (!new && *sptr) { > + while (!n && *sptr) { > switch (*sptr) { > case '\\': > if (bEscape) { > @@ -105,7 +105,7 @@ struct var_string *split_out_var(char *string) > PERROR("Empty variable name found!\n"); > exit(1); > } > - new = split_string(string, sptr, eptr); > + n = split_string(string, sptr, eptr); > } > break; > default: > @@ -115,7 +115,7 @@ struct var_string *split_out_var(char *string) > sptr++; > } > > - return new; > + return n; > } > > void free_var_string(struct var_string *var) > @@ -190,7 +190,7 @@ static int expand_entry_variables(char **name, void > *entry, > > int clone_and_chain_cod(void *v) > { > - struct cod_entry *entry = v; > + struct cod_entry *entry = (struct cod_entry *) v; > struct cod_entry *dup = copy_cod_entry(entry); > if (!dup) > return 0; > @@ -202,7 +202,7 @@ int clone_and_chain_cod(void *v) > > int clone_and_chain_mnt(void *v) > { > - struct mnt_entry *entry = v; > + struct mnt_entry *entry = (struct mnt_entry *) v; > > struct mnt_entry *dup = dup_mnt_entry(entry); > if (!dup) > diff --git a/parser/parser_yacc.y b/parser/parser_yacc.y > index c249b01..4939d4f 100644 > --- a/parser/parser_yacc.y > +++ b/parser/parser_yacc.y > @@ -67,7 +67,7 @@ > > int parser_token = 0; > > -struct cod_entry *do_file_rule(char *namespace, char *id, int mode, > +struct cod_entry *do_file_rule(char *ns, char *id, int mode, > char *link_id, char *nt); > struct mnt_entry *do_mnt_rule(struct cond_entry *src_conds, char *src, > struct cond_entry *dst_conds, char *dst, > @@ -213,7 +213,7 @@ void add_local_entry(struct codomain *cod); > %type <boolean> opt_profile_flag > %type <boolean> opt_flags > %type <boolean> opt_deny > -%type <id> opt_namespace > +%type <id> opt_ns > %type <id> opt_id > %type <prefix> opt_prefix > %type <transition> opt_named_transition > @@ -237,7 +237,7 @@ opt_profile_flag: { /* nothing */ $$ = 0; } > | TOK_PROFILE { $$ = 1; } > | hat_start { $$ = 2; } > > -opt_namespace: { /* nothing */ $$ = NULL; } > +opt_ns: { /* nothing */ $$ = NULL; } > | TOK_COLON TOK_ID TOK_COLON { $$ = $2; } > > opt_id: { /* nothing */ $$ = NULL; } > @@ -273,7 +273,7 @@ profile_base: TOK_ID opt_id flags TOK_OPEN rules TOK_CLOSE > > }; > > -profile: opt_profile_flag opt_namespace profile_base > +profile: opt_profile_flag opt_ns profile_base > { > struct codomain *cod = $3; > if ($2) > @@ -284,7 +284,7 @@ profile: opt_profile_flag opt_namespace profile_base > if ($3->name[0] != '/' && !($1 || $2)) > yyerror(_("Profile names must begin with a '/', > namespace or keyword 'profile' or 'hat'.")); > > - cod->namespace = $2; > + cod->ns = $2; > if ($1 == 2) > cod->flags.hat = 1; > $$ = cod; > @@ -595,13 +595,13 @@ rules: rules opt_prefix network_rule > if (!$3) > yyerror(_("Assert: `network_rule' return invalid > protocol.")); > if (!$1->network_allowed) { > - $1->network_allowed = calloc(get_af_max(), > + $1->network_allowed = (unsigned int *) calloc(get_af_max(), Incorrect indent.. > sizeof(unsigned int)); > - $1->audit_network = calloc(get_af_max(), > + $1->audit_network = (unsigned int *)calloc(get_af_max(), > sizeof(unsigned int)); > - $1->deny_network = calloc(get_af_max(), > + $1->deny_network = (unsigned int *)calloc(get_af_max(), > sizeof(unsigned int)); > - $1->quiet_network = calloc(get_af_max(), > + $1->quiet_network = (unsigned int *)calloc(get_af_max(), > sizeof(unsigned int)); > if (!$1->network_allowed || !$1->audit_network || > !$1->deny_network || !$1->quiet_network) > @@ -877,19 +877,19 @@ id_or_var: TOK_SET_VAR { $$ = $1; }; > opt_named_transition: > { /* nothing */ > $$.present = 0; > - $$.namespace = NULL; > + $$.ns = NULL; > $$.name = NULL; > } > | TOK_ARROW id_or_var > { > $$.present = 1; > - $$.namespace = NULL; > + $$.ns = NULL; > $$.name = $2; > } > | TOK_ARROW TOK_COLON id_or_var TOK_COLON id_or_var > { > $$.present = 1; > - $$.namespace = $3; > + $$.ns = $3; > $$.name = $5; > }; > > @@ -906,7 +906,7 @@ opt_file: { /* nothing */ $$ = 0; } > > frule: id_or_var file_mode opt_named_transition TOK_END_OF_RULE > { > - $$ = do_file_rule($3.namespace, $1, $2, NULL, $3.name); > + $$ = do_file_rule($3.ns, $1, $2, NULL, $3.name); > }; > > frule: file_mode opt_subset_flag id_or_var opt_named_transition > TOK_END_OF_RULE > @@ -915,14 +915,14 @@ frule: file_mode opt_subset_flag id_or_var > opt_named_transition TOK_END_OF_RULE > yyerror(_("subset can only be used with link rules.")); > if ($4.present && ($1 & AA_LINK_BITS) && ($1 & AA_EXEC_BITS)) > yyerror(_("link and exec perms conflict on a file rule > using ->")); > - if ($4.present && $4.namespace && ($1 & AA_LINK_BITS)) > + if ($4.present && $4.ns && ($1 & AA_LINK_BITS)) > yyerror(_("link perms are not allowed on a named > profile transition.\n")); > if (($1 & AA_LINK_BITS)) { > $$ = do_file_rule(NULL, $3, $1, $4.name, NULL); > $$->subset = $2; > > } else { > - $$ = do_file_rule($4.namespace, $3, $1, NULL, $4.name); > + $$ = do_file_rule($4.ns, $3, $1, NULL, $4.name); > } > }; > > @@ -1094,15 +1094,15 @@ mnt_rule: TOK_UMOUNT opt_conds opt_id TOK_END_OF_RULE > mnt_rule: TOK_PIVOTROOT opt_conds opt_id opt_named_transition TOK_END_OF_RULE > { > char *name = NULL; > - if ($4.present && $4.namespace) { > - name = malloc(strlen($4.namespace) + > - strlen($4.name) + 3); > + if ($4.present && $4.ns) { > + name = (char *) malloc(strlen($4.ns) + > + strlen($4.name) + 3); > if (!name) { > PERROR("Memory allocation error\n"); > exit(1); > } > - sprintf(name, ":%s:%s", $4.namespace, $4.name); > - free($4.namespace); > + sprintf(name, ":%s:%s", $4.ns, $4.name); > + free($4.ns); > free($4.name); > } else if ($4.present) > name = $4.name; > @@ -1206,12 +1206,12 @@ void yyerror(const char *msg, ...) > exit(1); > } > > -struct cod_entry *do_file_rule(char *namespace, char *id, int mode, > +struct cod_entry *do_file_rule(char *ns, char *id, int mode, > char *link_id, char *nt) > { > struct cod_entry *entry; > PDEBUG("Matched: tok_id (%s) tok_mode (0x%x)\n", id, mode); > - entry = new_entry(namespace, id, mode, link_id); > + entry = new_entry(ns, id, mode, link_id); > if (!entry) > yyerror(_("Memory allocation error.")); > entry->nt_name = nt; > @@ -1227,7 +1227,7 @@ void add_local_entry(struct codomain *cod) > /* ugh this has to be called after the hat is attached to its parent */ > if (cod->local_mode) { > struct cod_entry *entry; > - char *trans = malloc(strlen(cod->parent->name) + > + char *trans = (char *) malloc(strlen(cod->parent->name) + > strlen(cod->name) + 3); > char *name = strdup(cod->name); > if (!trans) > @@ -1244,7 +1244,7 @@ void add_local_entry(struct codomain *cod) > } > } > > -static char *mnt_cond_msg[] = {"", > +static const char *mnt_cond_msg[] = {"", > " not allowed as source conditional", > " not allowed as target conditional", > "", > diff --git a/parser/tst/simple_tests/network/network_bad_5.sd > b/parser/tst/simple_tests/network/network_bad_5.sd > deleted file mode 100644 > index a3ca627..0000000 > --- a/parser/tst/simple_tests/network/network_bad_5.sd > +++ /dev/null > @@ -1,7 +0,0 @@ > -# > -#=DESCRIPTION basic network tests > -#=EXRESULT FAIL > -# > -/usr/bin/foo { > - network unix, > -} > diff --git a/parser/tst/simple_tests/network/network_bad_6.sd > b/parser/tst/simple_tests/network/network_bad_6.sd > deleted file mode 100644 > index 5483d8d..0000000 > --- a/parser/tst/simple_tests/network/network_bad_6.sd > +++ /dev/null > @@ -1,7 +0,0 @@ > -# > -#=DESCRIPTION basic network tests > -#=EXRESULT FAIL > -# > -/usr/bin/foo { > - network netlink, > -} > diff --git a/parser/tst/simple_tests/network/network_ok_5.sd > b/parser/tst/simple_tests/network/network_ok_5.sd > new file mode 100644 > index 0000000..12a0fd5 > --- /dev/null > +++ b/parser/tst/simple_tests/network/network_ok_5.sd > @@ -0,0 +1,7 @@ > +# > +#=DESCRIPTION basic network tests > +#=EXRESULT PASS > +# > +/usr/bin/foo { > + network unix, > +} > diff --git a/parser/tst/simple_tests/network/network_ok_6.sd > b/parser/tst/simple_tests/network/network_ok_6.sd > new file mode 100644 > index 0000000..42ea6cc > --- /dev/null > +++ b/parser/tst/simple_tests/network/network_ok_6.sd > @@ -0,0 +1,7 @@ > +# > +#=DESCRIPTION basic network tests > +#=EXRESULT PASS > +# > +/usr/bin/foo { > + network netlink, > +} > -- > 1.8.1.2 C++ sure feels old and busted after reading through this patch. I hope the end result is worth it... Thanks
signature.asc
Description: Digital signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor