| Message ID | 20201009130052.52409-2-plautrba@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2,1/6] libsepol: Get rid of the old and duplicated symbols | expand |
On Fri, Oct 9, 2020 at 9:47 AM Petr Lautrbach <plautrba@redhat.com> wrote: > > Versioned duplicate symbols cause problems for LTO. These symbols were > introduced during the CIL integration several releases ago and were only > consumed by other SELinux userspace components. > > Fixes: https://github.com/SELinuxProject/selinux/issues/245 > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/cil/src/cil.c | 84 ------------------------------------ > libsepol/src/libsepol.map.in | 5 --- > 2 files changed, 89 deletions(-) > > diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c > index a3c6a2934c72..95bdb5e5854c 100644 > --- a/libsepol/cil/src/cil.c > +++ b/libsepol/cil/src/cil.c > @@ -51,27 +51,6 @@ > #include "cil_policy.h" > #include "cil_strpool.h" > > -#if !defined(SHARED) || defined(ANDROID) || defined(__APPLE__) > - #define DISABLE_SYMVER 1 > -#endif > - > -#ifndef DISABLE_SYMVER > -asm(".symver cil_build_policydb_pdb, cil_build_policydb@LIBSEPOL_1.0"); > -asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); > - > -asm(".symver cil_compile_pdb, cil_compile@LIBSEPOL_1.0"); > -asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1"); > - > -asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string@LIBSEPOL_1.0"); > -asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1"); > - > -asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string@LIBSEPOL_1.0"); > -asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1"); > - > -asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string@LIBSEPOL_1.0"); > -asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1"); > -#endif > - > int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { > {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, > {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, > @@ -549,11 +528,7 @@ exit: > return rc; > } > > -#ifdef DISABLE_SYMVER > int cil_compile(struct cil_db *db) > -#else > -int cil_compile_nopdb(struct cil_db *db) > -#endif > { > int rc = SEPOL_ERR; > > @@ -597,33 +572,7 @@ exit: > return rc; > } > > -#ifndef DISABLE_SYMVER > -int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) > -{ > - return cil_compile_nopdb(db); > -} > - > -int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db) > -{ > - int rc; > - > - cil_log(CIL_INFO, "Building policy binary\n"); > - rc = cil_binary_create_allocated_pdb(db, sepol_db); > - if (rc != SEPOL_OK) { > - cil_log(CIL_ERR, "Failed to generate binary\n"); > - goto exit; > - } > - > -exit: > - return rc; > -} > -#endif > - > -#ifdef DISABLE_SYMVER > int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) > -#else > -int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) > -#endif > { > int rc; > > @@ -1371,11 +1320,7 @@ const char * cil_node_to_string(struct cil_tree_node *node) > return "<unknown>"; > } > > -#ifdef DISABLE_SYMVER > int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) > -#else > -int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) > -#endif > { > int rc = SEPOL_ERR; > size_t str_len = 0; > @@ -1420,13 +1365,6 @@ exit: > > } > > -#ifndef DISABLE_SYMVER > -int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) > -{ > - return cil_userprefixes_to_string_nopdb(db, out, size); > -} > -#endif > - > static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap) > { > int rc = SEPOL_ERR; > @@ -1614,11 +1552,7 @@ static int __cil_level_to_string(struct cil_level *lvl, char *out) > return str_tmp - out; > } > > -#ifdef DISABLE_SYMVER > int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) > -#else > -int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) > -#endif > { > size_t str_len = 0; > int buf_pos = 0; > @@ -1675,18 +1609,7 @@ int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size > return SEPOL_OK; > } > > -#ifndef DISABLE_SYMVER > -int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) > -{ > - return cil_selinuxusers_to_string_nopdb(db, out, size); > -} > -#endif > - > -#ifdef DISABLE_SYMVER > int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) > -#else > -int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) > -#endif > { > uint32_t i = 0; > int buf_pos = 0; > @@ -1804,13 +1727,6 @@ int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) > return SEPOL_OK; > } > > -#ifndef DISABLE_SYMVER > -int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) > -{ > - return cil_filecons_to_string_nopdb(db, out, size); > -} > -#endif > - > void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit) > { > db->disable_dontaudit = disable_dontaudit; > diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in > index f08c2a861693..98da9789b71b 100644 > --- a/libsepol/src/libsepol.map.in > +++ b/libsepol/src/libsepol.map.in > @@ -1,19 +1,14 @@ > LIBSEPOL_1.0 { > global: > cil_add_file; > - cil_build_policydb; > - cil_compile; > cil_db_destroy; > cil_db_init; > - cil_filecons_to_string; > - cil_selinuxusers_to_string; > cil_set_disable_dontaudit; > cil_set_disable_neverallow; > cil_set_handle_unknown; > cil_set_log_handler; > cil_set_log_level; > cil_set_preserve_tunables; > - cil_userprefixes_to_string; > expand_module_avrules; > sepol_bool_clone; > sepol_bool_compare; > -- > 2.28.0 >
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c index a3c6a2934c72..95bdb5e5854c 100644 --- a/libsepol/cil/src/cil.c +++ b/libsepol/cil/src/cil.c @@ -51,27 +51,6 @@ #include "cil_policy.h" #include "cil_strpool.h" -#if !defined(SHARED) || defined(ANDROID) || defined(__APPLE__) - #define DISABLE_SYMVER 1 -#endif - -#ifndef DISABLE_SYMVER -asm(".symver cil_build_policydb_pdb, cil_build_policydb@LIBSEPOL_1.0"); -asm(".symver cil_build_policydb_create_pdb, cil_build_policydb@@LIBSEPOL_1.1"); - -asm(".symver cil_compile_pdb, cil_compile@LIBSEPOL_1.0"); -asm(".symver cil_compile_nopdb, cil_compile@@LIBSEPOL_1.1"); - -asm(".symver cil_userprefixes_to_string_pdb, cil_userprefixes_to_string@LIBSEPOL_1.0"); -asm(".symver cil_userprefixes_to_string_nopdb, cil_userprefixes_to_string@@LIBSEPOL_1.1"); - -asm(".symver cil_selinuxusers_to_string_pdb, cil_selinuxusers_to_string@LIBSEPOL_1.0"); -asm(".symver cil_selinuxusers_to_string_nopdb, cil_selinuxusers_to_string@@LIBSEPOL_1.1"); - -asm(".symver cil_filecons_to_string_pdb, cil_filecons_to_string@LIBSEPOL_1.0"); -asm(".symver cil_filecons_to_string_nopdb, cil_filecons_to_string@@LIBSEPOL_1.1"); -#endif - int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = { {64, 64, 64, 1 << 13, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, {64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64, 64}, @@ -549,11 +528,7 @@ exit: return rc; } -#ifdef DISABLE_SYMVER int cil_compile(struct cil_db *db) -#else -int cil_compile_nopdb(struct cil_db *db) -#endif { int rc = SEPOL_ERR; @@ -597,33 +572,7 @@ exit: return rc; } -#ifndef DISABLE_SYMVER -int cil_compile_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db) -{ - return cil_compile_nopdb(db); -} - -int cil_build_policydb_pdb(cil_db_t *db, sepol_policydb_t *sepol_db) -{ - int rc; - - cil_log(CIL_INFO, "Building policy binary\n"); - rc = cil_binary_create_allocated_pdb(db, sepol_db); - if (rc != SEPOL_OK) { - cil_log(CIL_ERR, "Failed to generate binary\n"); - goto exit; - } - -exit: - return rc; -} -#endif - -#ifdef DISABLE_SYMVER int cil_build_policydb(cil_db_t *db, sepol_policydb_t **sepol_db) -#else -int cil_build_policydb_create_pdb(cil_db_t *db, sepol_policydb_t **sepol_db) -#endif { int rc; @@ -1371,11 +1320,7 @@ const char * cil_node_to_string(struct cil_tree_node *node) return "<unknown>"; } -#ifdef DISABLE_SYMVER int cil_userprefixes_to_string(struct cil_db *db, char **out, size_t *size) -#else -int cil_userprefixes_to_string_nopdb(struct cil_db *db, char **out, size_t *size) -#endif { int rc = SEPOL_ERR; size_t str_len = 0; @@ -1420,13 +1365,6 @@ exit: } -#ifndef DISABLE_SYMVER -int cil_userprefixes_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) -{ - return cil_userprefixes_to_string_nopdb(db, out, size); -} -#endif - static int cil_cats_to_ebitmap(struct cil_cats *cats, struct ebitmap* cats_ebitmap) { int rc = SEPOL_ERR; @@ -1614,11 +1552,7 @@ static int __cil_level_to_string(struct cil_level *lvl, char *out) return str_tmp - out; } -#ifdef DISABLE_SYMVER int cil_selinuxusers_to_string(struct cil_db *db, char **out, size_t *size) -#else -int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size) -#endif { size_t str_len = 0; int buf_pos = 0; @@ -1675,18 +1609,7 @@ int cil_selinuxusers_to_string_nopdb(struct cil_db *db, char **out, size_t *size return SEPOL_OK; } -#ifndef DISABLE_SYMVER -int cil_selinuxusers_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) -{ - return cil_selinuxusers_to_string_nopdb(db, out, size); -} -#endif - -#ifdef DISABLE_SYMVER int cil_filecons_to_string(struct cil_db *db, char **out, size_t *size) -#else -int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) -#endif { uint32_t i = 0; int buf_pos = 0; @@ -1804,13 +1727,6 @@ int cil_filecons_to_string_nopdb(struct cil_db *db, char **out, size_t *size) return SEPOL_OK; } -#ifndef DISABLE_SYMVER -int cil_filecons_to_string_pdb(struct cil_db *db, __attribute__((unused)) sepol_policydb_t *sepol_db, char **out, size_t *size) -{ - return cil_filecons_to_string_nopdb(db, out, size); -} -#endif - void cil_set_disable_dontaudit(struct cil_db *db, int disable_dontaudit) { db->disable_dontaudit = disable_dontaudit; diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in index f08c2a861693..98da9789b71b 100644 --- a/libsepol/src/libsepol.map.in +++ b/libsepol/src/libsepol.map.in @@ -1,19 +1,14 @@ LIBSEPOL_1.0 { global: cil_add_file; - cil_build_policydb; - cil_compile; cil_db_destroy; cil_db_init; - cil_filecons_to_string; - cil_selinuxusers_to_string; cil_set_disable_dontaudit; cil_set_disable_neverallow; cil_set_handle_unknown; cil_set_log_handler; cil_set_log_level; cil_set_preserve_tunables; - cil_userprefixes_to_string; expand_module_avrules; sepol_bool_clone; sepol_bool_compare;
Versioned duplicate symbols cause problems for LTO. These symbols were introduced during the CIL integration several releases ago and were only consumed by other SELinux userspace components. Fixes: https://github.com/SELinuxProject/selinux/issues/245 Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- libsepol/cil/src/cil.c | 84 ------------------------------------ libsepol/src/libsepol.map.in | 5 --- 2 files changed, 89 deletions(-)