diff mbox series

[v2,1/6] libsepol: rename struct member

Message ID 20230420153556.32115-1-cgzones@googlemail.com (mailing list archive)
State Accepted
Commit 61f213850047
Delegated to: Petr Lautrbach
Headers show
Series [v2,1/6] libsepol: rename struct member | expand

Commit Message

Christian Göttsche April 20, 2023, 3:35 p.m. UTC
Avoid using the identifier `bool` to improve support with future C
standards.  C23 is about to make `bool` a predefined macro (see N2654).

Since the type `cond_expr_t` is part of the public API it will break
client applications.  A quick search of the code in Debian shows only
usages in checkpolicy and setools.

Define a new macro signaling the renaming to simplify support of client
applications for new and older versions of libsepol.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
v2:
   update version identifier in header to 3.6
---
 libsepol/cil/src/cil_binary.c                 |  6 +++---
 libsepol/include/sepol/policydb/conditional.h |  4 +++-
 libsepol/src/conditional.c                    | 14 +++++++-------
 libsepol/src/expand.c                         |  6 +++---
 libsepol/src/kernel_to_cil.c                  |  2 +-
 libsepol/src/kernel_to_conf.c                 |  2 +-
 libsepol/src/link.c                           |  6 +++---
 libsepol/src/module_to_cil.c                  |  2 +-
 libsepol/src/policydb_validate.c              |  2 +-
 libsepol/src/write.c                          |  2 +-
 libsepol/tests/debug.c                        |  2 +-
 libsepol/tests/test-linker-cond-map.c         |  2 +-
 12 files changed, 26 insertions(+), 24 deletions(-)

Comments

Stephen Smalley April 21, 2023, 3:16 p.m. UTC | #1
On Thu, Apr 20, 2023 at 11:41 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Avoid using the identifier `bool` to improve support with future C
> standards.  C23 is about to make `bool` a predefined macro (see N2654).
>
> Since the type `cond_expr_t` is part of the public API it will break
> client applications.  A quick search of the code in Debian shows only
> usages in checkpolicy and setools.

NB Header files under the sepol/policydb subdirectory are not part of
the libsepol shared library API/ABI and thus changes there are not
considered to be API/ABI changes. They should only affect users of the
static libsepol and there is no warranty for them.

>
> Define a new macro signaling the renaming to simplify support of client
> applications for new and older versions of libsepol.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> ---
> v2:
>    update version identifier in header to 3.6
> ---
>  libsepol/cil/src/cil_binary.c                 |  6 +++---
>  libsepol/include/sepol/policydb/conditional.h |  4 +++-
>  libsepol/src/conditional.c                    | 14 +++++++-------
>  libsepol/src/expand.c                         |  6 +++---
>  libsepol/src/kernel_to_cil.c                  |  2 +-
>  libsepol/src/kernel_to_conf.c                 |  2 +-
>  libsepol/src/link.c                           |  6 +++---
>  libsepol/src/module_to_cil.c                  |  2 +-
>  libsepol/src/policydb_validate.c              |  2 +-
>  libsepol/src/write.c                          |  2 +-
>  libsepol/tests/debug.c                        |  2 +-
>  libsepol/tests/test-linker-cond-map.c         |  2 +-
>  12 files changed, 26 insertions(+), 24 deletions(-)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 40615db2..ef7f4d70 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -2123,7 +2123,7 @@ static int __cil_cond_item_to_sepol_expr(policydb_t *pdb, struct cil_list_item *
>                 *head = cil_malloc(sizeof(cond_expr_t));
>                 (*head)->next = NULL;
>                 (*head)->expr_type = COND_BOOL;
> -               (*head)->bool = sepol_bool->s.value;
> +               (*head)->boolean = sepol_bool->s.value;
>                 *tail = *head;
>         } else if (item->flavor == CIL_LIST) {
>                 struct cil_list *l = item->data;
> @@ -2159,7 +2159,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
>                 enum cil_flavor cil_op = (enum cil_flavor)(uintptr_t)item->data;
>
>                 op = cil_malloc(sizeof(*op));
> -               op->bool = 0;
> +               op->boolean = 0;
>                 op->next = NULL;
>
>                 switch (cil_op) {
> @@ -2226,7 +2226,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
>                                 goto exit;
>                         }
>                         op = cil_malloc(sizeof(*op));
> -                       op->bool = 0;
> +                       op->boolean = 0;
>                         op->next = NULL;
>                         op->expr_type = COND_OR;
>                         t1->next = h2;
> diff --git a/libsepol/include/sepol/policydb/conditional.h b/libsepol/include/sepol/policydb/conditional.h
> index 49c0d766..5318ea19 100644
> --- a/libsepol/include/sepol/policydb/conditional.h
> +++ b/libsepol/include/sepol/policydb/conditional.h
> @@ -54,7 +54,9 @@ typedef struct cond_expr {
>  #define COND_NEQ       7       /* bool != bool */
>  #define COND_LAST      COND_NEQ
>         uint32_t expr_type;
> -       uint32_t bool;
> +       /* The member `boolean` was renamed from `bool` in version 3.6 */
> +#define COND_EXPR_T_RENAME_BOOL_BOOLEAN
> +       uint32_t boolean;
>         struct cond_expr *next;
>  } cond_expr_t;
>
> diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
> index a620451d..24380ea0 100644
> --- a/libsepol/src/conditional.c
> +++ b/libsepol/src/conditional.c
> @@ -125,7 +125,7 @@ int cond_expr_equal(cond_node_t * a, cond_node_t * b)
>                 if (cur_a->expr_type != cur_b->expr_type)
>                         return 0;
>                 if (cur_a->expr_type == COND_BOOL) {
> -                       if (cur_a->bool != cur_b->bool)
> +                       if (cur_a->boolean != cur_b->boolean)
>                                 return 0;
>                 }
>                 cur_a = cur_a->next;
> @@ -223,7 +223,7 @@ int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr)
>                         if (sp == (COND_EXPR_MAXDEPTH - 1))
>                                 return -1;
>                         sp++;
> -                       s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
> +                       s[sp] = p->bool_val_to_struct[cur->boolean - 1]->state;
>                         break;
>                 case COND_NOT:
>                         if (sp < 0)
> @@ -279,7 +279,7 @@ cond_expr_t *cond_copy_expr(cond_expr_t * expr)
>                 memset(new_expr, 0, sizeof(cond_expr_t));
>
>                 new_expr->expr_type = cur->expr_type;
> -               new_expr->bool = cur->bool;
> +               new_expr->boolean = cur->boolean;
>
>                 if (!head)
>                         head = new_expr;
> @@ -388,10 +388,10 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
>                 switch (e->expr_type) {
>                 case COND_BOOL:
>                         /* see if we've already seen this bool */
> -                       if (!bool_present(e->bool, cn->bool_ids, cn->nbools)) {
> +                       if (!bool_present(e->boolean, cn->bool_ids, cn->nbools)) {
>                                 /* count em all but only record up to COND_MAX_BOOLS */
>                                 if (cn->nbools < COND_MAX_BOOLS)
> -                                       cn->bool_ids[cn->nbools++] = e->bool;
> +                                       cn->bool_ids[cn->nbools++] = e->boolean;
>                                 else
>                                         cn->nbools++;
>                         }
> @@ -737,7 +737,7 @@ static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
>                 return 0;
>         }
>
> -       if (expr->bool > p->p_bools.nprim) {
> +       if (expr->boolean > p->p_bools.nprim) {
>                 WARN(NULL, "security: conditional expressions uses unknown bool.");
>                 return 0;
>         }
> @@ -775,7 +775,7 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
>                 memset(expr, 0, sizeof(cond_expr_t));
>
>                 expr->expr_type = le32_to_cpu(buf[0]);
> -               expr->bool = le32_to_cpu(buf[1]);
> +               expr->boolean = le32_to_cpu(buf[1]);
>
>                 if (!expr_isvalid(p, expr)) {
>                         free(expr);
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index 8d19850e..1337c32f 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -2025,8 +2025,8 @@ static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
>
>         cur = cn->expr;
>         while (cur) {
> -               if (cur->bool)
> -                       cur->bool = state->boolmap[cur->bool - 1];
> +               if (cur->boolean)
> +                       cur->boolean = state->boolmap[cur->boolean - 1];
>                 cur = cur->next;
>         }
>
> @@ -2899,7 +2899,7 @@ static void discard_tunables(sepol_handle_t *sh, policydb_t *pol)
>                              cur_expr = cur_expr->next) {
>                                 if (cur_expr->expr_type != COND_BOOL)
>                                         continue;
> -                               booldatum = pol->bool_val_to_struct[cur_expr->bool - 1];
> +                               booldatum = pol->bool_val_to_struct[cur_expr->boolean - 1];
>                                 if (booldatum->flags & COND_BOOL_FLAGS_TUNABLE)
>                                         tmp[tunables++] = booldatum;
>                                 else
> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> index ad4121d5..e9cd89c2 100644
> --- a/libsepol/src/kernel_to_cil.c
> +++ b/libsepol/src/kernel_to_cil.c
> @@ -43,7 +43,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
>
>         for (curr = expr; curr != NULL; curr = curr->next) {
>                 if (curr->expr_type == COND_BOOL) {
> -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
>                         new_val = create_str("%s", 1, val1);
>                 } else {
>                         const char *op;
> diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> index 73b72b5d..c48a7114 100644
> --- a/libsepol/src/kernel_to_conf.c
> +++ b/libsepol/src/kernel_to_conf.c
> @@ -42,7 +42,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
>
>         for (curr = expr; curr != NULL; curr = curr->next) {
>                 if (curr->expr_type == COND_BOOL) {
> -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
>                         new_val = create_str("%s", 1, val1);
>                 } else {
>                         const char *op;
> diff --git a/libsepol/src/link.c b/libsepol/src/link.c
> index cbe4cea4..3b7742bc 100644
> --- a/libsepol/src/link.c
> +++ b/libsepol/src/link.c
> @@ -1524,9 +1524,9 @@ static int copy_cond_list(cond_node_t * list, cond_node_t ** dst,
>                         /* expression nodes don't have a bool value of 0 - don't map them */
>                         if (cur_expr->expr_type != COND_BOOL)
>                                 continue;
> -                       assert(module->map[SYM_BOOLS][cur_expr->bool - 1] != 0);
> -                       cur_expr->bool =
> -                           module->map[SYM_BOOLS][cur_expr->bool - 1];
> +                       assert(module->map[SYM_BOOLS][cur_expr->boolean - 1] != 0);
> +                       cur_expr->boolean =
> +                           module->map[SYM_BOOLS][cur_expr->boolean - 1];
>                 }
>                 new_node->nbools = cur->nbools;
>                 /* FIXME should COND_MAX_BOOLS be used here? */
> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> index 2b24d33e..e7bc6ee6 100644
> --- a/libsepol/src/module_to_cil.c
> +++ b/libsepol/src/module_to_cil.c
> @@ -1272,7 +1272,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
>
>         for (curr = cond_expr; curr != NULL; curr = curr->next) {
>                 if (curr->expr_type == COND_BOOL) {
> -                       val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> +                       val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
>                         // length of boolean + 2 parens + null terminator
>                         len = strlen(val1) + 2 + 1;
>                         new_val = malloc(len);
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index 9a9ec40b..301aa200 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -974,7 +974,7 @@ static int validate_cond_expr(sepol_handle_t *handle, const struct cond_expr *ex
>         for (; expr; expr = expr->next) {
>                 switch(expr->expr_type) {
>                 case COND_BOOL:
> -                       if (validate_value(expr->bool, boolean))
> +                       if (validate_value(expr->boolean, boolean))
>                                 goto bad;
>                         if (depth == (COND_EXPR_MAXDEPTH - 1))
>                                 goto bad;
> diff --git a/libsepol/src/write.c b/libsepol/src/write.c
> index a9fdf93a..024fe628 100644
> --- a/libsepol/src/write.c
> +++ b/libsepol/src/write.c
> @@ -834,7 +834,7 @@ static int cond_write_node(policydb_t * p,
>         for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
>                 items = 0;
>                 buf[items++] = cpu_to_le32(cur_expr->expr_type);
> -               buf[items++] = cpu_to_le32(cur_expr->bool);
> +               buf[items++] = cpu_to_le32(cur_expr->boolean);
>                 items2 = put_entry(buf, sizeof(uint32_t), items, fp);
>                 if (items2 != items)
>                         return POLICYDB_ERROR;
> diff --git a/libsepol/tests/debug.c b/libsepol/tests/debug.c
> index 90aa6e0a..8494dd25 100644
> --- a/libsepol/tests/debug.c
> +++ b/libsepol/tests/debug.c
> @@ -41,7 +41,7 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
>         for (cur = exp; cur != NULL; cur = cur->next) {
>                 switch (cur->expr_type) {
>                 case COND_BOOL:
> -                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->bool - 1]);
> +                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->boolean - 1]);
>                         break;
>                 case COND_NOT:
>                         fprintf(fp, "! ");
> diff --git a/libsepol/tests/test-linker-cond-map.c b/libsepol/tests/test-linker-cond-map.c
> index 694a7346..6ea0e4c2 100644
> --- a/libsepol/tests/test-linker-cond-map.c
> +++ b/libsepol/tests/test-linker-cond-map.c
> @@ -70,7 +70,7 @@ static void test_cond_expr_mapping(policydb_t * p, avrule_decl_t * d, test_cond_
>
>                 CU_ASSERT(expr->expr_type == bools[i].expr_type);
>                 if (bools[i].bool) {
> -                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->bool - 1], bools[i].bool) == 0);
> +                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->boolean - 1], bools[i].bool) == 0);
>                 }
>                 expr = expr->next;
>         }
> --
> 2.40.0
>
James Carter April 24, 2023, 4:38 p.m. UTC | #2
On Fri, Apr 21, 2023 at 11:27 AM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Thu, Apr 20, 2023 at 11:41 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Avoid using the identifier `bool` to improve support with future C
> > standards.  C23 is about to make `bool` a predefined macro (see N2654).
> >
> > Since the type `cond_expr_t` is part of the public API it will break
> > client applications.  A quick search of the code in Debian shows only
> > usages in checkpolicy and setools.
>
> NB Header files under the sepol/policydb subdirectory are not part of
> the libsepol shared library API/ABI and thus changes there are not
> considered to be API/ABI changes. They should only affect users of the
> static libsepol and there is no warranty for them.
>

So should that paragraph be removed or should it say something like:
"While header files under the sepol/policydb subdirectory are not part
of the libsepol shared library API/ABI, these changes will break
setools."?

Jim

> >
> > Define a new macro signaling the renaming to simplify support of client
> > applications for new and older versions of libsepol.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
> > ---
> > v2:
> >    update version identifier in header to 3.6
> > ---
> >  libsepol/cil/src/cil_binary.c                 |  6 +++---
> >  libsepol/include/sepol/policydb/conditional.h |  4 +++-
> >  libsepol/src/conditional.c                    | 14 +++++++-------
> >  libsepol/src/expand.c                         |  6 +++---
> >  libsepol/src/kernel_to_cil.c                  |  2 +-
> >  libsepol/src/kernel_to_conf.c                 |  2 +-
> >  libsepol/src/link.c                           |  6 +++---
> >  libsepol/src/module_to_cil.c                  |  2 +-
> >  libsepol/src/policydb_validate.c              |  2 +-
> >  libsepol/src/write.c                          |  2 +-
> >  libsepol/tests/debug.c                        |  2 +-
> >  libsepol/tests/test-linker-cond-map.c         |  2 +-
> >  12 files changed, 26 insertions(+), 24 deletions(-)
> >
> > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> > index 40615db2..ef7f4d70 100644
> > --- a/libsepol/cil/src/cil_binary.c
> > +++ b/libsepol/cil/src/cil_binary.c
> > @@ -2123,7 +2123,7 @@ static int __cil_cond_item_to_sepol_expr(policydb_t *pdb, struct cil_list_item *
> >                 *head = cil_malloc(sizeof(cond_expr_t));
> >                 (*head)->next = NULL;
> >                 (*head)->expr_type = COND_BOOL;
> > -               (*head)->bool = sepol_bool->s.value;
> > +               (*head)->boolean = sepol_bool->s.value;
> >                 *tail = *head;
> >         } else if (item->flavor == CIL_LIST) {
> >                 struct cil_list *l = item->data;
> > @@ -2159,7 +2159,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
> >                 enum cil_flavor cil_op = (enum cil_flavor)(uintptr_t)item->data;
> >
> >                 op = cil_malloc(sizeof(*op));
> > -               op->bool = 0;
> > +               op->boolean = 0;
> >                 op->next = NULL;
> >
> >                 switch (cil_op) {
> > @@ -2226,7 +2226,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
> >                                 goto exit;
> >                         }
> >                         op = cil_malloc(sizeof(*op));
> > -                       op->bool = 0;
> > +                       op->boolean = 0;
> >                         op->next = NULL;
> >                         op->expr_type = COND_OR;
> >                         t1->next = h2;
> > diff --git a/libsepol/include/sepol/policydb/conditional.h b/libsepol/include/sepol/policydb/conditional.h
> > index 49c0d766..5318ea19 100644
> > --- a/libsepol/include/sepol/policydb/conditional.h
> > +++ b/libsepol/include/sepol/policydb/conditional.h
> > @@ -54,7 +54,9 @@ typedef struct cond_expr {
> >  #define COND_NEQ       7       /* bool != bool */
> >  #define COND_LAST      COND_NEQ
> >         uint32_t expr_type;
> > -       uint32_t bool;
> > +       /* The member `boolean` was renamed from `bool` in version 3.6 */
> > +#define COND_EXPR_T_RENAME_BOOL_BOOLEAN
> > +       uint32_t boolean;
> >         struct cond_expr *next;
> >  } cond_expr_t;
> >
> > diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
> > index a620451d..24380ea0 100644
> > --- a/libsepol/src/conditional.c
> > +++ b/libsepol/src/conditional.c
> > @@ -125,7 +125,7 @@ int cond_expr_equal(cond_node_t * a, cond_node_t * b)
> >                 if (cur_a->expr_type != cur_b->expr_type)
> >                         return 0;
> >                 if (cur_a->expr_type == COND_BOOL) {
> > -                       if (cur_a->bool != cur_b->bool)
> > +                       if (cur_a->boolean != cur_b->boolean)
> >                                 return 0;
> >                 }
> >                 cur_a = cur_a->next;
> > @@ -223,7 +223,7 @@ int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr)
> >                         if (sp == (COND_EXPR_MAXDEPTH - 1))
> >                                 return -1;
> >                         sp++;
> > -                       s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
> > +                       s[sp] = p->bool_val_to_struct[cur->boolean - 1]->state;
> >                         break;
> >                 case COND_NOT:
> >                         if (sp < 0)
> > @@ -279,7 +279,7 @@ cond_expr_t *cond_copy_expr(cond_expr_t * expr)
> >                 memset(new_expr, 0, sizeof(cond_expr_t));
> >
> >                 new_expr->expr_type = cur->expr_type;
> > -               new_expr->bool = cur->bool;
> > +               new_expr->boolean = cur->boolean;
> >
> >                 if (!head)
> >                         head = new_expr;
> > @@ -388,10 +388,10 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
> >                 switch (e->expr_type) {
> >                 case COND_BOOL:
> >                         /* see if we've already seen this bool */
> > -                       if (!bool_present(e->bool, cn->bool_ids, cn->nbools)) {
> > +                       if (!bool_present(e->boolean, cn->bool_ids, cn->nbools)) {
> >                                 /* count em all but only record up to COND_MAX_BOOLS */
> >                                 if (cn->nbools < COND_MAX_BOOLS)
> > -                                       cn->bool_ids[cn->nbools++] = e->bool;
> > +                                       cn->bool_ids[cn->nbools++] = e->boolean;
> >                                 else
> >                                         cn->nbools++;
> >                         }
> > @@ -737,7 +737,7 @@ static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
> >                 return 0;
> >         }
> >
> > -       if (expr->bool > p->p_bools.nprim) {
> > +       if (expr->boolean > p->p_bools.nprim) {
> >                 WARN(NULL, "security: conditional expressions uses unknown bool.");
> >                 return 0;
> >         }
> > @@ -775,7 +775,7 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
> >                 memset(expr, 0, sizeof(cond_expr_t));
> >
> >                 expr->expr_type = le32_to_cpu(buf[0]);
> > -               expr->bool = le32_to_cpu(buf[1]);
> > +               expr->boolean = le32_to_cpu(buf[1]);
> >
> >                 if (!expr_isvalid(p, expr)) {
> >                         free(expr);
> > diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> > index 8d19850e..1337c32f 100644
> > --- a/libsepol/src/expand.c
> > +++ b/libsepol/src/expand.c
> > @@ -2025,8 +2025,8 @@ static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
> >
> >         cur = cn->expr;
> >         while (cur) {
> > -               if (cur->bool)
> > -                       cur->bool = state->boolmap[cur->bool - 1];
> > +               if (cur->boolean)
> > +                       cur->boolean = state->boolmap[cur->boolean - 1];
> >                 cur = cur->next;
> >         }
> >
> > @@ -2899,7 +2899,7 @@ static void discard_tunables(sepol_handle_t *sh, policydb_t *pol)
> >                              cur_expr = cur_expr->next) {
> >                                 if (cur_expr->expr_type != COND_BOOL)
> >                                         continue;
> > -                               booldatum = pol->bool_val_to_struct[cur_expr->bool - 1];
> > +                               booldatum = pol->bool_val_to_struct[cur_expr->boolean - 1];
> >                                 if (booldatum->flags & COND_BOOL_FLAGS_TUNABLE)
> >                                         tmp[tunables++] = booldatum;
> >                                 else
> > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> > index ad4121d5..e9cd89c2 100644
> > --- a/libsepol/src/kernel_to_cil.c
> > +++ b/libsepol/src/kernel_to_cil.c
> > @@ -43,7 +43,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
> >
> >         for (curr = expr; curr != NULL; curr = curr->next) {
> >                 if (curr->expr_type == COND_BOOL) {
> > -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> > +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
> >                         new_val = create_str("%s", 1, val1);
> >                 } else {
> >                         const char *op;
> > diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> > index 73b72b5d..c48a7114 100644
> > --- a/libsepol/src/kernel_to_conf.c
> > +++ b/libsepol/src/kernel_to_conf.c
> > @@ -42,7 +42,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
> >
> >         for (curr = expr; curr != NULL; curr = curr->next) {
> >                 if (curr->expr_type == COND_BOOL) {
> > -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> > +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
> >                         new_val = create_str("%s", 1, val1);
> >                 } else {
> >                         const char *op;
> > diff --git a/libsepol/src/link.c b/libsepol/src/link.c
> > index cbe4cea4..3b7742bc 100644
> > --- a/libsepol/src/link.c
> > +++ b/libsepol/src/link.c
> > @@ -1524,9 +1524,9 @@ static int copy_cond_list(cond_node_t * list, cond_node_t ** dst,
> >                         /* expression nodes don't have a bool value of 0 - don't map them */
> >                         if (cur_expr->expr_type != COND_BOOL)
> >                                 continue;
> > -                       assert(module->map[SYM_BOOLS][cur_expr->bool - 1] != 0);
> > -                       cur_expr->bool =
> > -                           module->map[SYM_BOOLS][cur_expr->bool - 1];
> > +                       assert(module->map[SYM_BOOLS][cur_expr->boolean - 1] != 0);
> > +                       cur_expr->boolean =
> > +                           module->map[SYM_BOOLS][cur_expr->boolean - 1];
> >                 }
> >                 new_node->nbools = cur->nbools;
> >                 /* FIXME should COND_MAX_BOOLS be used here? */
> > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> > index 2b24d33e..e7bc6ee6 100644
> > --- a/libsepol/src/module_to_cil.c
> > +++ b/libsepol/src/module_to_cil.c
> > @@ -1272,7 +1272,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
> >
> >         for (curr = cond_expr; curr != NULL; curr = curr->next) {
> >                 if (curr->expr_type == COND_BOOL) {
> > -                       val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> > +                       val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
> >                         // length of boolean + 2 parens + null terminator
> >                         len = strlen(val1) + 2 + 1;
> >                         new_val = malloc(len);
> > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> > index 9a9ec40b..301aa200 100644
> > --- a/libsepol/src/policydb_validate.c
> > +++ b/libsepol/src/policydb_validate.c
> > @@ -974,7 +974,7 @@ static int validate_cond_expr(sepol_handle_t *handle, const struct cond_expr *ex
> >         for (; expr; expr = expr->next) {
> >                 switch(expr->expr_type) {
> >                 case COND_BOOL:
> > -                       if (validate_value(expr->bool, boolean))
> > +                       if (validate_value(expr->boolean, boolean))
> >                                 goto bad;
> >                         if (depth == (COND_EXPR_MAXDEPTH - 1))
> >                                 goto bad;
> > diff --git a/libsepol/src/write.c b/libsepol/src/write.c
> > index a9fdf93a..024fe628 100644
> > --- a/libsepol/src/write.c
> > +++ b/libsepol/src/write.c
> > @@ -834,7 +834,7 @@ static int cond_write_node(policydb_t * p,
> >         for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
> >                 items = 0;
> >                 buf[items++] = cpu_to_le32(cur_expr->expr_type);
> > -               buf[items++] = cpu_to_le32(cur_expr->bool);
> > +               buf[items++] = cpu_to_le32(cur_expr->boolean);
> >                 items2 = put_entry(buf, sizeof(uint32_t), items, fp);
> >                 if (items2 != items)
> >                         return POLICYDB_ERROR;
> > diff --git a/libsepol/tests/debug.c b/libsepol/tests/debug.c
> > index 90aa6e0a..8494dd25 100644
> > --- a/libsepol/tests/debug.c
> > +++ b/libsepol/tests/debug.c
> > @@ -41,7 +41,7 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
> >         for (cur = exp; cur != NULL; cur = cur->next) {
> >                 switch (cur->expr_type) {
> >                 case COND_BOOL:
> > -                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->bool - 1]);
> > +                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->boolean - 1]);
> >                         break;
> >                 case COND_NOT:
> >                         fprintf(fp, "! ");
> > diff --git a/libsepol/tests/test-linker-cond-map.c b/libsepol/tests/test-linker-cond-map.c
> > index 694a7346..6ea0e4c2 100644
> > --- a/libsepol/tests/test-linker-cond-map.c
> > +++ b/libsepol/tests/test-linker-cond-map.c
> > @@ -70,7 +70,7 @@ static void test_cond_expr_mapping(policydb_t * p, avrule_decl_t * d, test_cond_
> >
> >                 CU_ASSERT(expr->expr_type == bools[i].expr_type);
> >                 if (bools[i].bool) {
> > -                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->bool - 1], bools[i].bool) == 0);
> > +                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->boolean - 1], bools[i].bool) == 0);
> >                 }
> >                 expr = expr->next;
> >         }
> > --
> > 2.40.0
> >
James Carter April 24, 2023, 4:40 p.m. UTC | #3
On Thu, Apr 20, 2023 at 11:41 AM Christian Göttsche
<cgzones@googlemail.com> wrote:
>
> Avoid using the identifier `bool` to improve support with future C
> standards.  C23 is about to make `bool` a predefined macro (see N2654).
>
> Since the type `cond_expr_t` is part of the public API it will break
> client applications.  A quick search of the code in Debian shows only
> usages in checkpolicy and setools.
>
> Define a new macro signaling the renaming to simplify support of client
> applications for new and older versions of libsepol.
>
> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>

The code looks fine. I can fix the commit message for patch 1 when I merge it.

Acked-by: James Carter <jwcart2@gmail.com>

> ---
> v2:
>    update version identifier in header to 3.6
> ---
>  libsepol/cil/src/cil_binary.c                 |  6 +++---
>  libsepol/include/sepol/policydb/conditional.h |  4 +++-
>  libsepol/src/conditional.c                    | 14 +++++++-------
>  libsepol/src/expand.c                         |  6 +++---
>  libsepol/src/kernel_to_cil.c                  |  2 +-
>  libsepol/src/kernel_to_conf.c                 |  2 +-
>  libsepol/src/link.c                           |  6 +++---
>  libsepol/src/module_to_cil.c                  |  2 +-
>  libsepol/src/policydb_validate.c              |  2 +-
>  libsepol/src/write.c                          |  2 +-
>  libsepol/tests/debug.c                        |  2 +-
>  libsepol/tests/test-linker-cond-map.c         |  2 +-
>  12 files changed, 26 insertions(+), 24 deletions(-)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 40615db2..ef7f4d70 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -2123,7 +2123,7 @@ static int __cil_cond_item_to_sepol_expr(policydb_t *pdb, struct cil_list_item *
>                 *head = cil_malloc(sizeof(cond_expr_t));
>                 (*head)->next = NULL;
>                 (*head)->expr_type = COND_BOOL;
> -               (*head)->bool = sepol_bool->s.value;
> +               (*head)->boolean = sepol_bool->s.value;
>                 *tail = *head;
>         } else if (item->flavor == CIL_LIST) {
>                 struct cil_list *l = item->data;
> @@ -2159,7 +2159,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
>                 enum cil_flavor cil_op = (enum cil_flavor)(uintptr_t)item->data;
>
>                 op = cil_malloc(sizeof(*op));
> -               op->bool = 0;
> +               op->boolean = 0;
>                 op->next = NULL;
>
>                 switch (cil_op) {
> @@ -2226,7 +2226,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
>                                 goto exit;
>                         }
>                         op = cil_malloc(sizeof(*op));
> -                       op->bool = 0;
> +                       op->boolean = 0;
>                         op->next = NULL;
>                         op->expr_type = COND_OR;
>                         t1->next = h2;
> diff --git a/libsepol/include/sepol/policydb/conditional.h b/libsepol/include/sepol/policydb/conditional.h
> index 49c0d766..5318ea19 100644
> --- a/libsepol/include/sepol/policydb/conditional.h
> +++ b/libsepol/include/sepol/policydb/conditional.h
> @@ -54,7 +54,9 @@ typedef struct cond_expr {
>  #define COND_NEQ       7       /* bool != bool */
>  #define COND_LAST      COND_NEQ
>         uint32_t expr_type;
> -       uint32_t bool;
> +       /* The member `boolean` was renamed from `bool` in version 3.6 */
> +#define COND_EXPR_T_RENAME_BOOL_BOOLEAN
> +       uint32_t boolean;
>         struct cond_expr *next;
>  } cond_expr_t;
>
> diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
> index a620451d..24380ea0 100644
> --- a/libsepol/src/conditional.c
> +++ b/libsepol/src/conditional.c
> @@ -125,7 +125,7 @@ int cond_expr_equal(cond_node_t * a, cond_node_t * b)
>                 if (cur_a->expr_type != cur_b->expr_type)
>                         return 0;
>                 if (cur_a->expr_type == COND_BOOL) {
> -                       if (cur_a->bool != cur_b->bool)
> +                       if (cur_a->boolean != cur_b->boolean)
>                                 return 0;
>                 }
>                 cur_a = cur_a->next;
> @@ -223,7 +223,7 @@ int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr)
>                         if (sp == (COND_EXPR_MAXDEPTH - 1))
>                                 return -1;
>                         sp++;
> -                       s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
> +                       s[sp] = p->bool_val_to_struct[cur->boolean - 1]->state;
>                         break;
>                 case COND_NOT:
>                         if (sp < 0)
> @@ -279,7 +279,7 @@ cond_expr_t *cond_copy_expr(cond_expr_t * expr)
>                 memset(new_expr, 0, sizeof(cond_expr_t));
>
>                 new_expr->expr_type = cur->expr_type;
> -               new_expr->bool = cur->bool;
> +               new_expr->boolean = cur->boolean;
>
>                 if (!head)
>                         head = new_expr;
> @@ -388,10 +388,10 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
>                 switch (e->expr_type) {
>                 case COND_BOOL:
>                         /* see if we've already seen this bool */
> -                       if (!bool_present(e->bool, cn->bool_ids, cn->nbools)) {
> +                       if (!bool_present(e->boolean, cn->bool_ids, cn->nbools)) {
>                                 /* count em all but only record up to COND_MAX_BOOLS */
>                                 if (cn->nbools < COND_MAX_BOOLS)
> -                                       cn->bool_ids[cn->nbools++] = e->bool;
> +                                       cn->bool_ids[cn->nbools++] = e->boolean;
>                                 else
>                                         cn->nbools++;
>                         }
> @@ -737,7 +737,7 @@ static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
>                 return 0;
>         }
>
> -       if (expr->bool > p->p_bools.nprim) {
> +       if (expr->boolean > p->p_bools.nprim) {
>                 WARN(NULL, "security: conditional expressions uses unknown bool.");
>                 return 0;
>         }
> @@ -775,7 +775,7 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
>                 memset(expr, 0, sizeof(cond_expr_t));
>
>                 expr->expr_type = le32_to_cpu(buf[0]);
> -               expr->bool = le32_to_cpu(buf[1]);
> +               expr->boolean = le32_to_cpu(buf[1]);
>
>                 if (!expr_isvalid(p, expr)) {
>                         free(expr);
> diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> index 8d19850e..1337c32f 100644
> --- a/libsepol/src/expand.c
> +++ b/libsepol/src/expand.c
> @@ -2025,8 +2025,8 @@ static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
>
>         cur = cn->expr;
>         while (cur) {
> -               if (cur->bool)
> -                       cur->bool = state->boolmap[cur->bool - 1];
> +               if (cur->boolean)
> +                       cur->boolean = state->boolmap[cur->boolean - 1];
>                 cur = cur->next;
>         }
>
> @@ -2899,7 +2899,7 @@ static void discard_tunables(sepol_handle_t *sh, policydb_t *pol)
>                              cur_expr = cur_expr->next) {
>                                 if (cur_expr->expr_type != COND_BOOL)
>                                         continue;
> -                               booldatum = pol->bool_val_to_struct[cur_expr->bool - 1];
> +                               booldatum = pol->bool_val_to_struct[cur_expr->boolean - 1];
>                                 if (booldatum->flags & COND_BOOL_FLAGS_TUNABLE)
>                                         tmp[tunables++] = booldatum;
>                                 else
> diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> index ad4121d5..e9cd89c2 100644
> --- a/libsepol/src/kernel_to_cil.c
> +++ b/libsepol/src/kernel_to_cil.c
> @@ -43,7 +43,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
>
>         for (curr = expr; curr != NULL; curr = curr->next) {
>                 if (curr->expr_type == COND_BOOL) {
> -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
>                         new_val = create_str("%s", 1, val1);
>                 } else {
>                         const char *op;
> diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> index 73b72b5d..c48a7114 100644
> --- a/libsepol/src/kernel_to_conf.c
> +++ b/libsepol/src/kernel_to_conf.c
> @@ -42,7 +42,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
>
>         for (curr = expr; curr != NULL; curr = curr->next) {
>                 if (curr->expr_type == COND_BOOL) {
> -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
>                         new_val = create_str("%s", 1, val1);
>                 } else {
>                         const char *op;
> diff --git a/libsepol/src/link.c b/libsepol/src/link.c
> index cbe4cea4..3b7742bc 100644
> --- a/libsepol/src/link.c
> +++ b/libsepol/src/link.c
> @@ -1524,9 +1524,9 @@ static int copy_cond_list(cond_node_t * list, cond_node_t ** dst,
>                         /* expression nodes don't have a bool value of 0 - don't map them */
>                         if (cur_expr->expr_type != COND_BOOL)
>                                 continue;
> -                       assert(module->map[SYM_BOOLS][cur_expr->bool - 1] != 0);
> -                       cur_expr->bool =
> -                           module->map[SYM_BOOLS][cur_expr->bool - 1];
> +                       assert(module->map[SYM_BOOLS][cur_expr->boolean - 1] != 0);
> +                       cur_expr->boolean =
> +                           module->map[SYM_BOOLS][cur_expr->boolean - 1];
>                 }
>                 new_node->nbools = cur->nbools;
>                 /* FIXME should COND_MAX_BOOLS be used here? */
> diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> index 2b24d33e..e7bc6ee6 100644
> --- a/libsepol/src/module_to_cil.c
> +++ b/libsepol/src/module_to_cil.c
> @@ -1272,7 +1272,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
>
>         for (curr = cond_expr; curr != NULL; curr = curr->next) {
>                 if (curr->expr_type == COND_BOOL) {
> -                       val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> +                       val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
>                         // length of boolean + 2 parens + null terminator
>                         len = strlen(val1) + 2 + 1;
>                         new_val = malloc(len);
> diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> index 9a9ec40b..301aa200 100644
> --- a/libsepol/src/policydb_validate.c
> +++ b/libsepol/src/policydb_validate.c
> @@ -974,7 +974,7 @@ static int validate_cond_expr(sepol_handle_t *handle, const struct cond_expr *ex
>         for (; expr; expr = expr->next) {
>                 switch(expr->expr_type) {
>                 case COND_BOOL:
> -                       if (validate_value(expr->bool, boolean))
> +                       if (validate_value(expr->boolean, boolean))
>                                 goto bad;
>                         if (depth == (COND_EXPR_MAXDEPTH - 1))
>                                 goto bad;
> diff --git a/libsepol/src/write.c b/libsepol/src/write.c
> index a9fdf93a..024fe628 100644
> --- a/libsepol/src/write.c
> +++ b/libsepol/src/write.c
> @@ -834,7 +834,7 @@ static int cond_write_node(policydb_t * p,
>         for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
>                 items = 0;
>                 buf[items++] = cpu_to_le32(cur_expr->expr_type);
> -               buf[items++] = cpu_to_le32(cur_expr->bool);
> +               buf[items++] = cpu_to_le32(cur_expr->boolean);
>                 items2 = put_entry(buf, sizeof(uint32_t), items, fp);
>                 if (items2 != items)
>                         return POLICYDB_ERROR;
> diff --git a/libsepol/tests/debug.c b/libsepol/tests/debug.c
> index 90aa6e0a..8494dd25 100644
> --- a/libsepol/tests/debug.c
> +++ b/libsepol/tests/debug.c
> @@ -41,7 +41,7 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
>         for (cur = exp; cur != NULL; cur = cur->next) {
>                 switch (cur->expr_type) {
>                 case COND_BOOL:
> -                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->bool - 1]);
> +                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->boolean - 1]);
>                         break;
>                 case COND_NOT:
>                         fprintf(fp, "! ");
> diff --git a/libsepol/tests/test-linker-cond-map.c b/libsepol/tests/test-linker-cond-map.c
> index 694a7346..6ea0e4c2 100644
> --- a/libsepol/tests/test-linker-cond-map.c
> +++ b/libsepol/tests/test-linker-cond-map.c
> @@ -70,7 +70,7 @@ static void test_cond_expr_mapping(policydb_t * p, avrule_decl_t * d, test_cond_
>
>                 CU_ASSERT(expr->expr_type == bools[i].expr_type);
>                 if (bools[i].bool) {
> -                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->bool - 1], bools[i].bool) == 0);
> +                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->boolean - 1], bools[i].bool) == 0);
>                 }
>                 expr = expr->next;
>         }
> --
> 2.40.0
>
Stephen Smalley April 24, 2023, 4:57 p.m. UTC | #4
On Mon, Apr 24, 2023 at 12:38 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Fri, Apr 21, 2023 at 11:27 AM Stephen Smalley
> <stephen.smalley.work@gmail.com> wrote:
> >
> > On Thu, Apr 20, 2023 at 11:41 AM Christian Göttsche
> > <cgzones@googlemail.com> wrote:
> > >
> > > Avoid using the identifier `bool` to improve support with future C
> > > standards.  C23 is about to make `bool` a predefined macro (see N2654).
> > >
> > > Since the type `cond_expr_t` is part of the public API it will break
> > > client applications.  A quick search of the code in Debian shows only
> > > usages in checkpolicy and setools.
> >
> > NB Header files under the sepol/policydb subdirectory are not part of
> > the libsepol shared library API/ABI and thus changes there are not
> > considered to be API/ABI changes. They should only affect users of the
> > static libsepol and there is no warranty for them.
> >
>
> So should that paragraph be removed or should it say something like:
> "While header files under the sepol/policydb subdirectory are not part
> of the libsepol shared library API/ABI, these changes will break
> setools."?

Is setools using the shared libsepol or the static one?

Also wondering if we have violated the original intent here - I see
that #include's of sepol/policydb/policydb.h have crept into public
API headers in include/sepol/*.h. That was never supposed to happen.
They were only supposed to use the encapsulated sepol/policydb.h that
doesn't expose the internals.

Do we have users of the shared library that are now tied to the
policydb data structures?
James Carter April 24, 2023, 5:09 p.m. UTC | #5
On Mon, Apr 24, 2023 at 12:57 PM Stephen Smalley
<stephen.smalley.work@gmail.com> wrote:
>
> On Mon, Apr 24, 2023 at 12:38 PM James Carter <jwcart2@gmail.com> wrote:
> >
> > On Fri, Apr 21, 2023 at 11:27 AM Stephen Smalley
> > <stephen.smalley.work@gmail.com> wrote:
> > >
> > > On Thu, Apr 20, 2023 at 11:41 AM Christian Göttsche
> > > <cgzones@googlemail.com> wrote:
> > > >
> > > > Avoid using the identifier `bool` to improve support with future C
> > > > standards.  C23 is about to make `bool` a predefined macro (see N2654).
> > > >
> > > > Since the type `cond_expr_t` is part of the public API it will break
> > > > client applications.  A quick search of the code in Debian shows only
> > > > usages in checkpolicy and setools.
> > >
> > > NB Header files under the sepol/policydb subdirectory are not part of
> > > the libsepol shared library API/ABI and thus changes there are not
> > > considered to be API/ABI changes. They should only affect users of the
> > > static libsepol and there is no warranty for them.
> > >
> >
> > So should that paragraph be removed or should it say something like:
> > "While header files under the sepol/policydb subdirectory are not part
> > of the libsepol shared library API/ABI, these changes will break
> > setools."?
>
> Is setools using the shared libsepol or the static one?
>

It is python. I know the policyrep part includes sepol/policydb/conditional.h
Jim

> Also wondering if we have violated the original intent here - I see
> that #include's of sepol/policydb/policydb.h have crept into public
> API headers in include/sepol/*.h. That was never supposed to happen.
> They were only supposed to use the encapsulated sepol/policydb.h that
> doesn't expose the internals.
>
> Do we have users of the shared library that are now tied to the
> policydb data structures?

setools was the only thing (that I know of) that broke when we changed
how the filename transitions were stored in the policy.

Jim
James Carter May 3, 2023, 4:22 p.m. UTC | #6
On Mon, Apr 24, 2023 at 12:40 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Thu, Apr 20, 2023 at 11:41 AM Christian Göttsche
> <cgzones@googlemail.com> wrote:
> >
> > Avoid using the identifier `bool` to improve support with future C
> > standards.  C23 is about to make `bool` a predefined macro (see N2654).
> >
> > Since the type `cond_expr_t` is part of the public API it will break
> > client applications.  A quick search of the code in Debian shows only
> > usages in checkpolicy and setools.
> >
> > Define a new macro signaling the renaming to simplify support of client
> > applications for new and older versions of libsepol.
> >
> > Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
>
> The code looks fine. I can fix the commit message for patch 1 when I merge it.
>
> Acked-by: James Carter <jwcart2@gmail.com>
>

These six patches have been merged.
Thanks,
Jim

> > ---
> > v2:
> >    update version identifier in header to 3.6
> > ---
> >  libsepol/cil/src/cil_binary.c                 |  6 +++---
> >  libsepol/include/sepol/policydb/conditional.h |  4 +++-
> >  libsepol/src/conditional.c                    | 14 +++++++-------
> >  libsepol/src/expand.c                         |  6 +++---
> >  libsepol/src/kernel_to_cil.c                  |  2 +-
> >  libsepol/src/kernel_to_conf.c                 |  2 +-
> >  libsepol/src/link.c                           |  6 +++---
> >  libsepol/src/module_to_cil.c                  |  2 +-
> >  libsepol/src/policydb_validate.c              |  2 +-
> >  libsepol/src/write.c                          |  2 +-
> >  libsepol/tests/debug.c                        |  2 +-
> >  libsepol/tests/test-linker-cond-map.c         |  2 +-
> >  12 files changed, 26 insertions(+), 24 deletions(-)
> >
> > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> > index 40615db2..ef7f4d70 100644
> > --- a/libsepol/cil/src/cil_binary.c
> > +++ b/libsepol/cil/src/cil_binary.c
> > @@ -2123,7 +2123,7 @@ static int __cil_cond_item_to_sepol_expr(policydb_t *pdb, struct cil_list_item *
> >                 *head = cil_malloc(sizeof(cond_expr_t));
> >                 (*head)->next = NULL;
> >                 (*head)->expr_type = COND_BOOL;
> > -               (*head)->bool = sepol_bool->s.value;
> > +               (*head)->boolean = sepol_bool->s.value;
> >                 *tail = *head;
> >         } else if (item->flavor == CIL_LIST) {
> >                 struct cil_list *l = item->data;
> > @@ -2159,7 +2159,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
> >                 enum cil_flavor cil_op = (enum cil_flavor)(uintptr_t)item->data;
> >
> >                 op = cil_malloc(sizeof(*op));
> > -               op->bool = 0;
> > +               op->boolean = 0;
> >                 op->next = NULL;
> >
> >                 switch (cil_op) {
> > @@ -2226,7 +2226,7 @@ static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
> >                                 goto exit;
> >                         }
> >                         op = cil_malloc(sizeof(*op));
> > -                       op->bool = 0;
> > +                       op->boolean = 0;
> >                         op->next = NULL;
> >                         op->expr_type = COND_OR;
> >                         t1->next = h2;
> > diff --git a/libsepol/include/sepol/policydb/conditional.h b/libsepol/include/sepol/policydb/conditional.h
> > index 49c0d766..5318ea19 100644
> > --- a/libsepol/include/sepol/policydb/conditional.h
> > +++ b/libsepol/include/sepol/policydb/conditional.h
> > @@ -54,7 +54,9 @@ typedef struct cond_expr {
> >  #define COND_NEQ       7       /* bool != bool */
> >  #define COND_LAST      COND_NEQ
> >         uint32_t expr_type;
> > -       uint32_t bool;
> > +       /* The member `boolean` was renamed from `bool` in version 3.6 */
> > +#define COND_EXPR_T_RENAME_BOOL_BOOLEAN
> > +       uint32_t boolean;
> >         struct cond_expr *next;
> >  } cond_expr_t;
> >
> > diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
> > index a620451d..24380ea0 100644
> > --- a/libsepol/src/conditional.c
> > +++ b/libsepol/src/conditional.c
> > @@ -125,7 +125,7 @@ int cond_expr_equal(cond_node_t * a, cond_node_t * b)
> >                 if (cur_a->expr_type != cur_b->expr_type)
> >                         return 0;
> >                 if (cur_a->expr_type == COND_BOOL) {
> > -                       if (cur_a->bool != cur_b->bool)
> > +                       if (cur_a->boolean != cur_b->boolean)
> >                                 return 0;
> >                 }
> >                 cur_a = cur_a->next;
> > @@ -223,7 +223,7 @@ int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr)
> >                         if (sp == (COND_EXPR_MAXDEPTH - 1))
> >                                 return -1;
> >                         sp++;
> > -                       s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
> > +                       s[sp] = p->bool_val_to_struct[cur->boolean - 1]->state;
> >                         break;
> >                 case COND_NOT:
> >                         if (sp < 0)
> > @@ -279,7 +279,7 @@ cond_expr_t *cond_copy_expr(cond_expr_t * expr)
> >                 memset(new_expr, 0, sizeof(cond_expr_t));
> >
> >                 new_expr->expr_type = cur->expr_type;
> > -               new_expr->bool = cur->bool;
> > +               new_expr->boolean = cur->boolean;
> >
> >                 if (!head)
> >                         head = new_expr;
> > @@ -388,10 +388,10 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
> >                 switch (e->expr_type) {
> >                 case COND_BOOL:
> >                         /* see if we've already seen this bool */
> > -                       if (!bool_present(e->bool, cn->bool_ids, cn->nbools)) {
> > +                       if (!bool_present(e->boolean, cn->bool_ids, cn->nbools)) {
> >                                 /* count em all but only record up to COND_MAX_BOOLS */
> >                                 if (cn->nbools < COND_MAX_BOOLS)
> > -                                       cn->bool_ids[cn->nbools++] = e->bool;
> > +                                       cn->bool_ids[cn->nbools++] = e->boolean;
> >                                 else
> >                                         cn->nbools++;
> >                         }
> > @@ -737,7 +737,7 @@ static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
> >                 return 0;
> >         }
> >
> > -       if (expr->bool > p->p_bools.nprim) {
> > +       if (expr->boolean > p->p_bools.nprim) {
> >                 WARN(NULL, "security: conditional expressions uses unknown bool.");
> >                 return 0;
> >         }
> > @@ -775,7 +775,7 @@ static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
> >                 memset(expr, 0, sizeof(cond_expr_t));
> >
> >                 expr->expr_type = le32_to_cpu(buf[0]);
> > -               expr->bool = le32_to_cpu(buf[1]);
> > +               expr->boolean = le32_to_cpu(buf[1]);
> >
> >                 if (!expr_isvalid(p, expr)) {
> >                         free(expr);
> > diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
> > index 8d19850e..1337c32f 100644
> > --- a/libsepol/src/expand.c
> > +++ b/libsepol/src/expand.c
> > @@ -2025,8 +2025,8 @@ static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
> >
> >         cur = cn->expr;
> >         while (cur) {
> > -               if (cur->bool)
> > -                       cur->bool = state->boolmap[cur->bool - 1];
> > +               if (cur->boolean)
> > +                       cur->boolean = state->boolmap[cur->boolean - 1];
> >                 cur = cur->next;
> >         }
> >
> > @@ -2899,7 +2899,7 @@ static void discard_tunables(sepol_handle_t *sh, policydb_t *pol)
> >                              cur_expr = cur_expr->next) {
> >                                 if (cur_expr->expr_type != COND_BOOL)
> >                                         continue;
> > -                               booldatum = pol->bool_val_to_struct[cur_expr->bool - 1];
> > +                               booldatum = pol->bool_val_to_struct[cur_expr->boolean - 1];
> >                                 if (booldatum->flags & COND_BOOL_FLAGS_TUNABLE)
> >                                         tmp[tunables++] = booldatum;
> >                                 else
> > diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
> > index ad4121d5..e9cd89c2 100644
> > --- a/libsepol/src/kernel_to_cil.c
> > +++ b/libsepol/src/kernel_to_cil.c
> > @@ -43,7 +43,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
> >
> >         for (curr = expr; curr != NULL; curr = curr->next) {
> >                 if (curr->expr_type == COND_BOOL) {
> > -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> > +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
> >                         new_val = create_str("%s", 1, val1);
> >                 } else {
> >                         const char *op;
> > diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
> > index 73b72b5d..c48a7114 100644
> > --- a/libsepol/src/kernel_to_conf.c
> > +++ b/libsepol/src/kernel_to_conf.c
> > @@ -42,7 +42,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
> >
> >         for (curr = expr; curr != NULL; curr = curr->next) {
> >                 if (curr->expr_type == COND_BOOL) {
> > -                       char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> > +                       char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
> >                         new_val = create_str("%s", 1, val1);
> >                 } else {
> >                         const char *op;
> > diff --git a/libsepol/src/link.c b/libsepol/src/link.c
> > index cbe4cea4..3b7742bc 100644
> > --- a/libsepol/src/link.c
> > +++ b/libsepol/src/link.c
> > @@ -1524,9 +1524,9 @@ static int copy_cond_list(cond_node_t * list, cond_node_t ** dst,
> >                         /* expression nodes don't have a bool value of 0 - don't map them */
> >                         if (cur_expr->expr_type != COND_BOOL)
> >                                 continue;
> > -                       assert(module->map[SYM_BOOLS][cur_expr->bool - 1] != 0);
> > -                       cur_expr->bool =
> > -                           module->map[SYM_BOOLS][cur_expr->bool - 1];
> > +                       assert(module->map[SYM_BOOLS][cur_expr->boolean - 1] != 0);
> > +                       cur_expr->boolean =
> > +                           module->map[SYM_BOOLS][cur_expr->boolean - 1];
> >                 }
> >                 new_node->nbools = cur->nbools;
> >                 /* FIXME should COND_MAX_BOOLS be used here? */
> > diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
> > index 2b24d33e..e7bc6ee6 100644
> > --- a/libsepol/src/module_to_cil.c
> > +++ b/libsepol/src/module_to_cil.c
> > @@ -1272,7 +1272,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
> >
> >         for (curr = cond_expr; curr != NULL; curr = curr->next) {
> >                 if (curr->expr_type == COND_BOOL) {
> > -                       val1 = pdb->p_bool_val_to_name[curr->bool - 1];
> > +                       val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
> >                         // length of boolean + 2 parens + null terminator
> >                         len = strlen(val1) + 2 + 1;
> >                         new_val = malloc(len);
> > diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
> > index 9a9ec40b..301aa200 100644
> > --- a/libsepol/src/policydb_validate.c
> > +++ b/libsepol/src/policydb_validate.c
> > @@ -974,7 +974,7 @@ static int validate_cond_expr(sepol_handle_t *handle, const struct cond_expr *ex
> >         for (; expr; expr = expr->next) {
> >                 switch(expr->expr_type) {
> >                 case COND_BOOL:
> > -                       if (validate_value(expr->bool, boolean))
> > +                       if (validate_value(expr->boolean, boolean))
> >                                 goto bad;
> >                         if (depth == (COND_EXPR_MAXDEPTH - 1))
> >                                 goto bad;
> > diff --git a/libsepol/src/write.c b/libsepol/src/write.c
> > index a9fdf93a..024fe628 100644
> > --- a/libsepol/src/write.c
> > +++ b/libsepol/src/write.c
> > @@ -834,7 +834,7 @@ static int cond_write_node(policydb_t * p,
> >         for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
> >                 items = 0;
> >                 buf[items++] = cpu_to_le32(cur_expr->expr_type);
> > -               buf[items++] = cpu_to_le32(cur_expr->bool);
> > +               buf[items++] = cpu_to_le32(cur_expr->boolean);
> >                 items2 = put_entry(buf, sizeof(uint32_t), items, fp);
> >                 if (items2 != items)
> >                         return POLICYDB_ERROR;
> > diff --git a/libsepol/tests/debug.c b/libsepol/tests/debug.c
> > index 90aa6e0a..8494dd25 100644
> > --- a/libsepol/tests/debug.c
> > +++ b/libsepol/tests/debug.c
> > @@ -41,7 +41,7 @@ void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
> >         for (cur = exp; cur != NULL; cur = cur->next) {
> >                 switch (cur->expr_type) {
> >                 case COND_BOOL:
> > -                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->bool - 1]);
> > +                       fprintf(fp, "%s ", p->p_bool_val_to_name[cur->boolean - 1]);
> >                         break;
> >                 case COND_NOT:
> >                         fprintf(fp, "! ");
> > diff --git a/libsepol/tests/test-linker-cond-map.c b/libsepol/tests/test-linker-cond-map.c
> > index 694a7346..6ea0e4c2 100644
> > --- a/libsepol/tests/test-linker-cond-map.c
> > +++ b/libsepol/tests/test-linker-cond-map.c
> > @@ -70,7 +70,7 @@ static void test_cond_expr_mapping(policydb_t * p, avrule_decl_t * d, test_cond_
> >
> >                 CU_ASSERT(expr->expr_type == bools[i].expr_type);
> >                 if (bools[i].bool) {
> > -                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->bool - 1], bools[i].bool) == 0);
> > +                       CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->boolean - 1], bools[i].bool) == 0);
> >                 }
> >                 expr = expr->next;
> >         }
> > --
> > 2.40.0
> >
diff mbox series

Patch

diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 40615db2..ef7f4d70 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -2123,7 +2123,7 @@  static int __cil_cond_item_to_sepol_expr(policydb_t *pdb, struct cil_list_item *
 		*head = cil_malloc(sizeof(cond_expr_t));
 		(*head)->next = NULL;
 		(*head)->expr_type = COND_BOOL;
-		(*head)->bool = sepol_bool->s.value;
+		(*head)->boolean = sepol_bool->s.value;
 		*tail = *head;
 	} else if (item->flavor == CIL_LIST) {
 		struct cil_list *l = item->data;
@@ -2159,7 +2159,7 @@  static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
 		enum cil_flavor cil_op = (enum cil_flavor)(uintptr_t)item->data;
 
 		op = cil_malloc(sizeof(*op));
-		op->bool = 0;
+		op->boolean = 0;
 		op->next = NULL;
 
 		switch (cil_op) {
@@ -2226,7 +2226,7 @@  static int __cil_cond_expr_to_sepol_expr_helper(policydb_t *pdb, struct cil_list
 				goto exit;
 			}
 			op = cil_malloc(sizeof(*op));
-			op->bool = 0;
+			op->boolean = 0;
 			op->next = NULL;
 			op->expr_type = COND_OR;
 			t1->next = h2;
diff --git a/libsepol/include/sepol/policydb/conditional.h b/libsepol/include/sepol/policydb/conditional.h
index 49c0d766..5318ea19 100644
--- a/libsepol/include/sepol/policydb/conditional.h
+++ b/libsepol/include/sepol/policydb/conditional.h
@@ -54,7 +54,9 @@  typedef struct cond_expr {
 #define COND_NEQ	7	/* bool != bool */
 #define COND_LAST	COND_NEQ
 	uint32_t expr_type;
-	uint32_t bool;
+	/* The member `boolean` was renamed from `bool` in version 3.6 */
+#define COND_EXPR_T_RENAME_BOOL_BOOLEAN
+	uint32_t boolean;
 	struct cond_expr *next;
 } cond_expr_t;
 
diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
index a620451d..24380ea0 100644
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@@ -125,7 +125,7 @@  int cond_expr_equal(cond_node_t * a, cond_node_t * b)
 		if (cur_a->expr_type != cur_b->expr_type)
 			return 0;
 		if (cur_a->expr_type == COND_BOOL) {
-			if (cur_a->bool != cur_b->bool)
+			if (cur_a->boolean != cur_b->boolean)
 				return 0;
 		}
 		cur_a = cur_a->next;
@@ -223,7 +223,7 @@  int cond_evaluate_expr(policydb_t * p, cond_expr_t * expr)
 			if (sp == (COND_EXPR_MAXDEPTH - 1))
 				return -1;
 			sp++;
-			s[sp] = p->bool_val_to_struct[cur->bool - 1]->state;
+			s[sp] = p->bool_val_to_struct[cur->boolean - 1]->state;
 			break;
 		case COND_NOT:
 			if (sp < 0)
@@ -279,7 +279,7 @@  cond_expr_t *cond_copy_expr(cond_expr_t * expr)
 		memset(new_expr, 0, sizeof(cond_expr_t));
 
 		new_expr->expr_type = cur->expr_type;
-		new_expr->bool = cur->bool;
+		new_expr->boolean = cur->boolean;
 
 		if (!head)
 			head = new_expr;
@@ -388,10 +388,10 @@  int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
 		switch (e->expr_type) {
 		case COND_BOOL:
 			/* see if we've already seen this bool */
-			if (!bool_present(e->bool, cn->bool_ids, cn->nbools)) {
+			if (!bool_present(e->boolean, cn->bool_ids, cn->nbools)) {
 				/* count em all but only record up to COND_MAX_BOOLS */
 				if (cn->nbools < COND_MAX_BOOLS)
-					cn->bool_ids[cn->nbools++] = e->bool;
+					cn->bool_ids[cn->nbools++] = e->boolean;
 				else
 					cn->nbools++;
 			}
@@ -737,7 +737,7 @@  static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
 		return 0;
 	}
 
-	if (expr->bool > p->p_bools.nprim) {
+	if (expr->boolean > p->p_bools.nprim) {
 		WARN(NULL, "security: conditional expressions uses unknown bool.");
 		return 0;
 	}
@@ -775,7 +775,7 @@  static int cond_read_node(policydb_t * p, cond_node_t * node, void *fp)
 		memset(expr, 0, sizeof(cond_expr_t));
 
 		expr->expr_type = le32_to_cpu(buf[0]);
-		expr->bool = le32_to_cpu(buf[1]);
+		expr->boolean = le32_to_cpu(buf[1]);
 
 		if (!expr_isvalid(p, expr)) {
 			free(expr);
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
index 8d19850e..1337c32f 100644
--- a/libsepol/src/expand.c
+++ b/libsepol/src/expand.c
@@ -2025,8 +2025,8 @@  static int cond_node_map_bools(expand_state_t * state, cond_node_t * cn)
 
 	cur = cn->expr;
 	while (cur) {
-		if (cur->bool)
-			cur->bool = state->boolmap[cur->bool - 1];
+		if (cur->boolean)
+			cur->boolean = state->boolmap[cur->boolean - 1];
 		cur = cur->next;
 	}
 
@@ -2899,7 +2899,7 @@  static void discard_tunables(sepol_handle_t *sh, policydb_t *pol)
 			     cur_expr = cur_expr->next) {
 				if (cur_expr->expr_type != COND_BOOL)
 					continue;
-				booldatum = pol->bool_val_to_struct[cur_expr->bool - 1];
+				booldatum = pol->bool_val_to_struct[cur_expr->boolean - 1];
 				if (booldatum->flags & COND_BOOL_FLAGS_TUNABLE)
 					tmp[tunables++] = booldatum;
 				else
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index ad4121d5..e9cd89c2 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -43,7 +43,7 @@  static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
 
 	for (curr = expr; curr != NULL; curr = curr->next) {
 		if (curr->expr_type == COND_BOOL) {
-			char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
+			char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
 			new_val = create_str("%s", 1, val1);
 		} else {
 			const char *op;
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 73b72b5d..c48a7114 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -42,7 +42,7 @@  static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr)
 
 	for (curr = expr; curr != NULL; curr = curr->next) {
 		if (curr->expr_type == COND_BOOL) {
-			char *val1 = pdb->p_bool_val_to_name[curr->bool - 1];
+			char *val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
 			new_val = create_str("%s", 1, val1);
 		} else {
 			const char *op;
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
index cbe4cea4..3b7742bc 100644
--- a/libsepol/src/link.c
+++ b/libsepol/src/link.c
@@ -1524,9 +1524,9 @@  static int copy_cond_list(cond_node_t * list, cond_node_t ** dst,
 			/* expression nodes don't have a bool value of 0 - don't map them */
 			if (cur_expr->expr_type != COND_BOOL)
 				continue;
-			assert(module->map[SYM_BOOLS][cur_expr->bool - 1] != 0);
-			cur_expr->bool =
-			    module->map[SYM_BOOLS][cur_expr->bool - 1];
+			assert(module->map[SYM_BOOLS][cur_expr->boolean - 1] != 0);
+			cur_expr->boolean =
+			    module->map[SYM_BOOLS][cur_expr->boolean - 1];
 		}
 		new_node->nbools = cur->nbools;
 		/* FIXME should COND_MAX_BOOLS be used here? */
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 2b24d33e..e7bc6ee6 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -1272,7 +1272,7 @@  static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr *
 
 	for (curr = cond_expr; curr != NULL; curr = curr->next) {
 		if (curr->expr_type == COND_BOOL) {
-			val1 = pdb->p_bool_val_to_name[curr->bool - 1];
+			val1 = pdb->p_bool_val_to_name[curr->boolean - 1];
 			// length of boolean + 2 parens + null terminator
 			len = strlen(val1) + 2 + 1;
 			new_val = malloc(len);
diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c
index 9a9ec40b..301aa200 100644
--- a/libsepol/src/policydb_validate.c
+++ b/libsepol/src/policydb_validate.c
@@ -974,7 +974,7 @@  static int validate_cond_expr(sepol_handle_t *handle, const struct cond_expr *ex
 	for (; expr; expr = expr->next) {
 		switch(expr->expr_type) {
 		case COND_BOOL:
-			if (validate_value(expr->bool, boolean))
+			if (validate_value(expr->boolean, boolean))
 				goto bad;
 			if (depth == (COND_EXPR_MAXDEPTH - 1))
 				goto bad;
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index a9fdf93a..024fe628 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -834,7 +834,7 @@  static int cond_write_node(policydb_t * p,
 	for (cur_expr = node->expr; cur_expr != NULL; cur_expr = cur_expr->next) {
 		items = 0;
 		buf[items++] = cpu_to_le32(cur_expr->expr_type);
-		buf[items++] = cpu_to_le32(cur_expr->bool);
+		buf[items++] = cpu_to_le32(cur_expr->boolean);
 		items2 = put_entry(buf, sizeof(uint32_t), items, fp);
 		if (items2 != items)
 			return POLICYDB_ERROR;
diff --git a/libsepol/tests/debug.c b/libsepol/tests/debug.c
index 90aa6e0a..8494dd25 100644
--- a/libsepol/tests/debug.c
+++ b/libsepol/tests/debug.c
@@ -41,7 +41,7 @@  void display_expr(policydb_t * p, cond_expr_t * exp, FILE * fp)
 	for (cur = exp; cur != NULL; cur = cur->next) {
 		switch (cur->expr_type) {
 		case COND_BOOL:
-			fprintf(fp, "%s ", p->p_bool_val_to_name[cur->bool - 1]);
+			fprintf(fp, "%s ", p->p_bool_val_to_name[cur->boolean - 1]);
 			break;
 		case COND_NOT:
 			fprintf(fp, "! ");
diff --git a/libsepol/tests/test-linker-cond-map.c b/libsepol/tests/test-linker-cond-map.c
index 694a7346..6ea0e4c2 100644
--- a/libsepol/tests/test-linker-cond-map.c
+++ b/libsepol/tests/test-linker-cond-map.c
@@ -70,7 +70,7 @@  static void test_cond_expr_mapping(policydb_t * p, avrule_decl_t * d, test_cond_
 
 		CU_ASSERT(expr->expr_type == bools[i].expr_type);
 		if (bools[i].bool) {
-			CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->bool - 1], bools[i].bool) == 0);
+			CU_ASSERT(strcmp(p->sym_val_to_name[SYM_BOOLS][expr->boolean - 1], bools[i].bool) == 0);
 		}
 		expr = expr->next;
 	}