From patchwork Fri May 12 10:13:30 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239037 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 66B5AC7EE25 for ; Fri, 12 May 2023 10:14:20 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240474AbjELKOT (ORCPT ); Fri, 12 May 2023 06:14:19 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42254 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240635AbjELKOI (ORCPT ); Fri, 12 May 2023 06:14:08 -0400 Received: from mail-ej1-x635.google.com (mail-ej1-x635.google.com [IPv6:2a00:1450:4864:20::635]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 7701AD2E6 for ; Fri, 12 May 2023 03:13:40 -0700 (PDT) Received: by mail-ej1-x635.google.com with SMTP id a640c23a62f3a-96ab81aa68dso40499266b.3 for ; Fri, 12 May 2023 03:13:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683886417; x=1686478417; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=S0vVkpkm49sC2VB7E6iZxVtCWLFA5IgMx/iKIiKw/PI=; b=ozSiGmFDqAIVLbNlFIjjCPvHIFoloGoSy5RFGcZHVBk6fRjSxh1YpBZfXMRpxTZSTA 2bMJTs5lz+G39fCEXmJHkbQV5yTytjJ+WZ6wr4LEku7wHVk90Xu0JUr30fptdl+xL5yn XxBFuBx093Kjlxzp0opTC4JayikdpH7261cTCPLDcAu4udfQw85hTG8jf5dXr3LROA7S /V5/BnmPLevBUaIHr5fQE6jk2Yd3RuRPuKHJ6+XwJF1LL28f5+XvDZLE4W22mhTMlkQl MnlCIIr2c1O5CFvDB2oqWMMs1qs4s1aWrg/e1S5nxVcSlwckTUSCOyGvEuzcMV0MHwc/ sRMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683886417; x=1686478417; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=S0vVkpkm49sC2VB7E6iZxVtCWLFA5IgMx/iKIiKw/PI=; b=JTrFqubdFHKHhRuDh2cRR+JZjsXj+Qcu4X6rBgJ56mAhrbEMZtk5CM2NSr8q5PNCiM e2zH2lNV5P9kvBnlO/S+k6BmCkKJz+Rr0vVDW5ruKpzDq3OFMjxR/l2BRM6jS+r7pesn calwtyYy2qPRLyBpcZTnY8seucihTzQq7Y0llCGQBKG1SGVxlZ+wUBRvjiqaWlGylWVw ydfAFYjykz2g8UVXeLI5ICJJ9WGEtRDPk/zfwOoMFq3x8hXkm7Gt+6tHPpixKorYlJMc OrRynwzU6uO9sQvdk7m28NxDp9+/nerESBhQ3BCmsVkiLkh0l+RcwBNgrGI1a9UYIFMd q88w== X-Gm-Message-State: AC+VfDyS4Bt4Qrd+uYD0NpeQICl83TroFQWdji+x/91j11tiaPO9ukUD YtOjHdJhWaKhz+IeHMmoKSlCM+HCXjAaKA== X-Google-Smtp-Source: ACHHUZ71KXiaMWh8CshPhoTjmQoblMGmWyf6iSqVVkAyZrhh/hjrrpyBl5hM2RXCQfJRyfQ4q+q97w== X-Received: by 2002:a17:907:7fa7:b0:94f:553:6fd6 with SMTP id qk39-20020a1709077fa700b0094f05536fd6mr25474883ejc.24.1683886417424; Fri, 12 May 2023 03:13:37 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id n5-20020a1709065da500b0096616adc0d5sm5233551ejv.104.2023.05.12.03.13.36 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:13:37 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 1/4] libsepol: drop message for uncommon error cases Date: Fri, 12 May 2023 12:13:30 +0200 Message-Id: <20230512101333.67196-1-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Match surrounding code and the message were quite generic too. --- libsepol/src/kernel_to_conf.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index c48a7114..cb7cb740 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -2886,7 +2886,6 @@ static int write_xen_pirq_rules_to_conf(FILE *out, struct policydb *pdb) for (pirq = pdb->ocontexts[1]; pirq != NULL; pirq = pirq->next) { rc = snprintf(pirq_str, 21, "%i", pirq->u.pirq); if (rc < 0 || rc >= 21) { - fprintf(stderr,"error1\n"); rc = -1; goto exit; } @@ -2894,7 +2893,6 @@ static int write_xen_pirq_rules_to_conf(FILE *out, struct policydb *pdb) ctx = context_to_str(pdb, &pirq->context[0]); if (!ctx) { rc = -1; - fprintf(stderr,"error2\n"); goto exit; } From patchwork Fri May 12 10:13:31 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239038 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8048BC77B75 for ; Fri, 12 May 2023 10:14:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240382AbjELKOX (ORCPT ); Fri, 12 May 2023 06:14:23 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42206 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240665AbjELKOL (ORCPT ); Fri, 12 May 2023 06:14:11 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 62FC911B7E for ; Fri, 12 May 2023 03:13:42 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-50bcb00a4c2so15014417a12.1 for ; Fri, 12 May 2023 03:13:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683886418; x=1686478418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=jUrXXt/hS2N8OChDMwTllJgcZkVssYXTx6WOXpbVxBQ=; b=ggWUtL9/grZueU8Z0x0Ry3LjET+e5URhp+GxZ1Uvz1Tzj0PdEK1R0/XLQAA8DhCPb1 vNic0Tm0Ws50Uam6ys/sqnzb9bAXEE9fSJeYk/rpSa1HYBQdcy6UCqiCQnILD0jhxIRJ 0GQLSYTIGDN2qLGUllzGMonvjV/WF0qdcMte8PDs5cwTERfIh0K31tyi6lSeaZQ1ne8a 7xLtD3qlGrKPSbSmnfAKpJwI/gyZ+7ehaqOJIGiWyVTpDfiXGyYn66+JxZQ1+SVNt2fY CadqiGXI9oGjF2aW44ZcOhMaqfJX51NkeNZKnTsXQJkdowgVvfNyoqKOBF6HTzXFXUOT on9w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683886418; x=1686478418; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=jUrXXt/hS2N8OChDMwTllJgcZkVssYXTx6WOXpbVxBQ=; b=jG8utWWqcRZmZWbcI3H+MlO8cIuQLL27XwylOyvDtagPI3B/7H5obF44L8jkuFPDTo P+KFIbcQbwzNPJlz9hM5ZEHIgda+9c/nz9uQkKqQzhT/ojv73bi9LRRTFW86Sydvpkeb BmshD0yyofJKzN/e+GmyEiA1XyDKvX32YwdsO0WqLx6u/vcxf5Xx6y/BLNywutczSCmB xEHWGgyYynK06RqI8+Z/ea3roRAw5g6wxYawrtAaKPGkOZRPkYBCOWuwfpW/pWCV3t0J uUveol/LcnX4Eojr6CWHChtKAV+JJ0Ncm8AC/fRLKIfAv63z5VE7G/X6b1DW9onUii7b N1hg== X-Gm-Message-State: AC+VfDyNUlWCA95Bto7105ejh2HpZjppkfE1Q2TD0JSTtqkg5frrCRuN 6p/QnGLPV3gquPySFE+uKKdImiawk3q1ZQ== X-Google-Smtp-Source: ACHHUZ6IoF4DBXXEeisWRqKkqcRfdslk1ef81mPd2fV0cB/v48f1EJhJX3DqwtAIwFPc05FquraP2Q== X-Received: by 2002:a17:907:98c:b0:955:dcc9:d101 with SMTP id bf12-20020a170907098c00b00955dcc9d101mr22403672ejc.18.1683886418372; Fri, 12 May 2023 03:13:38 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id n5-20020a1709065da500b0096616adc0d5sm5233551ejv.104.2023.05.12.03.13.37 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:13:37 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 2/4] libsepol: drop duplicate newline in sepol_log_err() calls Date: Fri, 12 May 2023 12:13:31 +0200 Message-Id: <20230512101333.67196-2-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512101333.67196-1-cgzones@googlemail.com> References: <20230512101333.67196-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org sepol_log_err() will already append a newline unconditionally. --- libsepol/src/kernel_to_cil.c | 78 ++++++++++++++++----------------- libsepol/src/kernel_to_common.c | 4 +- libsepol/src/kernel_to_conf.c | 78 ++++++++++++++++----------------- 3 files changed, 80 insertions(+), 80 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index e9cd89c2..edca4d5f 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -314,7 +314,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey, return 0; exit: - sepol_log_err("Error gathering constraint rules\n"); + sepol_log_err("Error gathering constraint rules"); return rc; } @@ -543,7 +543,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing class rules to CIL\n"); + sepol_log_err("Error writing class rules to CIL"); } return rc; @@ -616,7 +616,7 @@ exit: } strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sid rules to CIL\n"); + sepol_log_err("Error writing sid rules to CIL"); } return rc; @@ -795,7 +795,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing default rules to CIL\n"); + sepol_log_err("Error writing default rules to CIL"); } return rc; @@ -906,7 +906,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sensitivity rules to CIL\n"); + sepol_log_err("Error writing sensitivity rules to CIL"); } return rc; @@ -1010,7 +1010,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing category rules to CIL\n"); + sepol_log_err("Error writing category rules to CIL"); } return rc; @@ -1141,7 +1141,7 @@ static int write_sensitivitycategory_rules_to_cil(FILE *out, struct policydb *pd exit: if (rc != 0) { - sepol_log_err("Error writing sensitivitycategory rules to CIL\n"); + sepol_log_err("Error writing sensitivitycategory rules to CIL"); } return rc; @@ -1177,7 +1177,7 @@ static int write_mls_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing mls rules to CIL\n"); + sepol_log_err("Error writing mls rules to CIL"); } return rc; @@ -1218,7 +1218,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing polcap rules to CIL\n"); + sepol_log_err("Error writing polcap rules to CIL"); } return rc; @@ -1263,7 +1263,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattribute rules to CIL\n"); + sepol_log_err("Error writing typeattribute rules to CIL"); } return rc; @@ -1308,7 +1308,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing roleattribute rules to CIL\n"); + sepol_log_err("Error writing roleattribute rules to CIL"); } return rc; @@ -1348,7 +1348,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing boolean declarations to CIL\n"); + sepol_log_err("Error writing boolean declarations to CIL"); } return rc; @@ -1393,7 +1393,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type declarations to CIL\n"); + sepol_log_err("Error writing type declarations to CIL"); } return rc; @@ -1476,7 +1476,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type alias rules to CIL\n"); + sepol_log_err("Error writing type alias rules to CIL"); } return rc; @@ -1530,7 +1530,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type bounds rules to CIL\n"); + sepol_log_err("Error writing type bounds rules to CIL"); } return rc; @@ -1578,7 +1578,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattributeset rules to CIL\n"); + sepol_log_err("Error writing typeattributeset rules to CIL"); } return rc; @@ -1620,7 +1620,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typepermissive rules to CIL\n"); + sepol_log_err("Error writing typepermissive rules to CIL"); } return rc; @@ -1862,7 +1862,7 @@ static int write_avtab_to_cil(FILE *out, struct policydb *pdb, int indent) exit: if (rc != 0) { - sepol_log_err("Error writing avtab rules to CIL\n"); + sepol_log_err("Error writing avtab rules to CIL"); } return rc; @@ -1933,7 +1933,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing filename typetransition rules to CIL\n"); + sepol_log_err("Error writing filename typetransition rules to CIL"); } return rc; @@ -2044,7 +2044,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing range transition rules to CIL\n"); + sepol_log_err("Error writing range transition rules to CIL"); } return rc; @@ -2184,7 +2184,7 @@ exit: } if (rc != 0) { - sepol_log_err("Error writing conditional rules to CIL\n"); + sepol_log_err("Error writing conditional rules to CIL"); } return rc; @@ -2309,7 +2309,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role declarations to CIL\n"); + sepol_log_err("Error writing role declarations to CIL"); } return rc; @@ -2350,7 +2350,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role transition rules to CIL\n"); + sepol_log_err("Error writing role transition rules to CIL"); } return rc; @@ -2388,7 +2388,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role allow rules to CIL\n"); + sepol_log_err("Error writing role allow rules to CIL"); } return rc; @@ -2529,7 +2529,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing user declarations to CIL\n"); + sepol_log_err("Error writing user declarations to CIL"); } return rc; @@ -2611,7 +2611,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sidcontext rules to CIL\n"); + sepol_log_err("Error writing sidcontext rules to CIL"); } return rc; @@ -2655,7 +2655,7 @@ static int write_selinux_fsuse_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing fsuse rules to CIL\n"); + sepol_log_err("Error writing fsuse rules to CIL"); } return rc; @@ -2733,7 +2733,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing genfscon rules to CIL\n"); + sepol_log_err("Error writing genfscon rules to CIL"); } return rc; @@ -2788,7 +2788,7 @@ static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing portcon rules to CIL\n"); + sepol_log_err("Error writing portcon rules to CIL"); } return rc; @@ -2822,7 +2822,7 @@ static int write_selinux_netif_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing netifcon rules to CIL\n"); + sepol_log_err("Error writing netifcon rules to CIL"); } return rc; @@ -2862,7 +2862,7 @@ static int write_selinux_node_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to CIL\n"); + sepol_log_err("Error writing nodecon rules to CIL"); } return rc; @@ -2902,7 +2902,7 @@ static int write_selinux_node6_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to CIL\n"); + sepol_log_err("Error writing nodecon rules to CIL"); } return rc; @@ -2958,7 +2958,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ibpkeycon rules to CIL\n"); + sepol_log_err("Error writing ibpkeycon rules to CIL"); } return rc; @@ -2995,7 +2995,7 @@ static int write_selinux_ibendport_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ibendportcon rules to CIL\n"); + sepol_log_err("Error writing ibendportcon rules to CIL"); } return rc; @@ -3035,7 +3035,7 @@ static int write_xen_pirq_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pirqcon rules to CIL\n"); + sepol_log_err("Error writing pirqcon rules to CIL"); } return rc; @@ -3078,7 +3078,7 @@ static int write_xen_ioport_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ioportcon rules to CIL\n"); + sepol_log_err("Error writing ioportcon rules to CIL"); } return rc; @@ -3121,7 +3121,7 @@ static int write_xen_iomem_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing iomemcon rules to CIL\n"); + sepol_log_err("Error writing iomemcon rules to CIL"); } return rc; @@ -3156,7 +3156,7 @@ static int write_xen_pcidevice_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pcidevicecon rules to CIL\n"); + sepol_log_err("Error writing pcidevicecon rules to CIL"); } return rc; @@ -3183,7 +3183,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing devicetreecon rules to CIL\n"); + sepol_log_err("Error writing devicetreecon rules to CIL"); } return rc; diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 775703a9..8da399e2 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -627,7 +627,7 @@ static int sort_ocontext_data(struct ocontext **ocons, int (*cmp)(const void *, data = calloc(sizeof(*data), num); if (!data) { - sepol_log_err("Out of memory\n"); + sepol_log_err("Out of memory"); return -1; } @@ -718,7 +718,7 @@ int sort_ocontexts(struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error sorting ocontexts\n"); + sepol_log_err("Error sorting ocontexts"); } return rc; diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index cb7cb740..1d812b19 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -318,7 +318,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey, return 0; exit: - sepol_log_err("Error gathering constraint rules\n"); + sepol_log_err("Error gathering constraint rules"); return rc; } @@ -495,7 +495,7 @@ exit: } strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sid rules to policy.conf\n"); + sepol_log_err("Error writing sid rules to policy.conf"); } return rc; @@ -610,7 +610,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing class rules to policy.conf\n"); + sepol_log_err("Error writing class rules to policy.conf"); } return rc; @@ -771,7 +771,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing default rules to policy.conf\n"); + sepol_log_err("Error writing default rules to policy.conf"); } return rc; @@ -902,7 +902,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sensitivity rules to CIL\n"); + sepol_log_err("Error writing sensitivity rules to CIL"); } return rc; @@ -1010,7 +1010,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing category rules to policy.conf\n"); + sepol_log_err("Error writing category rules to policy.conf"); } return rc; @@ -1129,7 +1129,7 @@ static int write_level_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing level rules to policy.conf\n"); + sepol_log_err("Error writing level rules to policy.conf"); } return rc; @@ -1160,7 +1160,7 @@ static int write_mls_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing mls rules to policy.conf\n"); + sepol_log_err("Error writing mls rules to policy.conf"); } return rc; @@ -1201,7 +1201,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing polcap rules to policy.conf\n"); + sepol_log_err("Error writing polcap rules to policy.conf"); } return rc; @@ -1246,7 +1246,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattribute rules to policy.conf\n"); + sepol_log_err("Error writing typeattribute rules to policy.conf"); } return rc; @@ -1291,7 +1291,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing roleattribute rules to policy.conf\n"); + sepol_log_err("Error writing roleattribute rules to policy.conf"); } return rc; @@ -1331,7 +1331,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing boolean declarations to policy.conf\n"); + sepol_log_err("Error writing boolean declarations to policy.conf"); } return rc; @@ -1376,7 +1376,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type declarations to policy.con\n"); + sepol_log_err("Error writing type declarations to policy.conf"); } return rc; @@ -1450,7 +1450,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type alias rules to policy.conf\n"); + sepol_log_err("Error writing type alias rules to policy.conf"); } return rc; @@ -1504,7 +1504,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type bounds rules to policy.conf\n"); + sepol_log_err("Error writing type bounds rules to policy.conf"); } return rc; @@ -1631,7 +1631,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattributeset rules to policy.conf\n"); + sepol_log_err("Error writing typeattributeset rules to policy.conf"); } return rc; @@ -1673,7 +1673,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typepermissive rules to policy.conf\n"); + sepol_log_err("Error writing typepermissive rules to policy.conf"); } return rc; @@ -1838,7 +1838,7 @@ static int write_avtab_to_conf(FILE *out, struct policydb *pdb, int indent) exit: if (rc != 0) { - sepol_log_err("Error writing avtab rules to policy.conf\n"); + sepol_log_err("Error writing avtab rules to policy.conf"); } return rc; @@ -1909,7 +1909,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing filename typetransition rules to policy.conf\n"); + sepol_log_err("Error writing filename typetransition rules to policy.conf"); } return rc; @@ -2020,7 +2020,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing range transition rules to policy.conf\n"); + sepol_log_err("Error writing range transition rules to policy.conf"); } return rc; @@ -2158,7 +2158,7 @@ exit: } if (rc != 0) { - sepol_log_err("Error writing conditional rules to policy.conf\n"); + sepol_log_err("Error writing conditional rules to policy.conf"); } return rc; @@ -2240,7 +2240,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role declarations to policy.conf\n"); + sepol_log_err("Error writing role declarations to policy.conf"); } return rc; @@ -2281,7 +2281,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role transition rules to policy.conf\n"); + sepol_log_err("Error writing role transition rules to policy.conf"); } return rc; @@ -2319,7 +2319,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role allow rules to policy.conf\n"); + sepol_log_err("Error writing role allow rules to policy.conf"); } return rc; @@ -2402,7 +2402,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing user declarations to policy.conf\n"); + sepol_log_err("Error writing user declarations to policy.conf"); } return rc; @@ -2479,7 +2479,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sidcontext rules to policy.conf\n"); + sepol_log_err("Error writing sidcontext rules to policy.conf"); } return rc; @@ -2523,7 +2523,7 @@ static int write_selinux_fsuse_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing fsuse rules to policy.conf\n"); + sepol_log_err("Error writing fsuse rules to policy.conf"); } return rc; @@ -2601,7 +2601,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing genfscon rules to policy.conf\n"); + sepol_log_err("Error writing genfscon rules to policy.conf"); } return rc; @@ -2656,7 +2656,7 @@ static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing portcon rules to policy.conf\n"); + sepol_log_err("Error writing portcon rules to policy.conf"); } return rc; @@ -2690,7 +2690,7 @@ static int write_selinux_netif_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing netifcon rules to policy.conf\n"); + sepol_log_err("Error writing netifcon rules to policy.conf"); } return rc; @@ -2730,7 +2730,7 @@ static int write_selinux_node_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to policy.conf\n"); + sepol_log_err("Error writing nodecon rules to policy.conf"); } return rc; @@ -2771,7 +2771,7 @@ static int write_selinux_node6_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to policy.conf\n"); + sepol_log_err("Error writing nodecon rules to policy.conf"); } return rc; @@ -2828,7 +2828,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ibpkeycon rules to policy.conf\n"); + sepol_log_err("Error writing ibpkeycon rules to policy.conf"); } return rc; @@ -2864,7 +2864,7 @@ static int write_selinux_ibendport_rules_to_conf(FILE *out, struct policydb *pdb exit: if (rc != 0) { - sepol_log_err("Error writing ibendportcon rules to policy.conf\n"); + sepol_log_err("Error writing ibendportcon rules to policy.conf"); } return rc; @@ -2905,7 +2905,7 @@ static int write_xen_pirq_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pirqcon rules to policy.conf\n"); + sepol_log_err("Error writing pirqcon rules to policy.conf"); } return rc; @@ -2948,7 +2948,7 @@ static int write_xen_ioport_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ioportcon rules to policy.conf\n"); + sepol_log_err("Error writing ioportcon rules to policy.conf"); } return rc; @@ -2991,7 +2991,7 @@ static int write_xen_iomem_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing iomemcon rules to policy.conf\n"); + sepol_log_err("Error writing iomemcon rules to policy.conf"); } return rc; @@ -3026,7 +3026,7 @@ static int write_xen_pcidevice_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pcidevicecon rules to policy.conf\n"); + sepol_log_err("Error writing pcidevicecon rules to policy.conf"); } return rc; @@ -3053,7 +3053,7 @@ static int write_xen_devicetree_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing devicetreecon rules to policy.conf\n"); + sepol_log_err("Error writing devicetreecon rules to policy.conf"); } return rc; From patchwork Fri May 12 10:13:32 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239040 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2C070C77B7F for ; Fri, 12 May 2023 10:14:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240477AbjELKOZ (ORCPT ); Fri, 12 May 2023 06:14:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42124 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240482AbjELKOP (ORCPT ); Fri, 12 May 2023 06:14:15 -0400 Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4C9141154F for ; Fri, 12 May 2023 03:13:45 -0700 (PDT) Received: by mail-ed1-x52b.google.com with SMTP id 4fb4d7f45d1cf-50b37f3e664so17169859a12.1 for ; Fri, 12 May 2023 03:13:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683886420; x=1686478420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=J5voSbIH8pALureXv9LuTtsil0NRlYrXtNyRf5MCnd8=; b=ISmQiI3jyfpcOcacMSN1Pl3Sq0h0V8fHQHpfJcUZxQWrpYMPXgI5s5cg3HKiFD4HYW /cfOz69hpgzTIneyrjr/32ZNQI+6wbm0ogwT1uUpErKrEeQdeydS83xE+JMDJoEEAU3y 6IMktWa0SvVefVHEL1IZC+QXbIhM05O3fnt2E1vE+hkzUXicrAOYZn0dSp+zJJ585Orw oUGtIO5ZUFqCbi4wcJrDlLlttp52DyhAkZBYxwuumHwVCIIINW1+lVY+uDfbPkHxVFJf 9Mlfwr0ldt7sbQo9ZcOaRM6zOoIWGeRU3NhawV0xY1DY4KcE0YSKBBtzRJYPubDmHFeR O7yA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683886420; x=1686478420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=J5voSbIH8pALureXv9LuTtsil0NRlYrXtNyRf5MCnd8=; b=gbD6BKcY7cj8sa0OPSpuMQrt/DrYhBZ+fDk+9WBNnbDQKUE+IgRnoL3Phi2Hz00TlF d0ZTaOnFb2a6RvaUmKsCkv4Zk/zW8fSgH8y+UO8IyLdjCtJg1klL/aQxo6yxmGX8hErh KtaWoOhLRXMzOVYD/SeYryXXN200nTguZc/rHkhEQ5S/B0S+abjTOjJ7g/pEBRdmJtj5 EY3ZJh0aCuJAcqFHw21UB/Jga/dxxunmxJEJoCN5QFF4xQ2fx0NKsNL4b800d/v5QZsM ZPaWteDVO4l3pnJOqVPOmwf8P9EojSBgAI9p5fOA+XdxLUJXIfYxR+uWKZMysKsuGD6r OV3g== X-Gm-Message-State: AC+VfDxiuFzm0VRMTjsu5RDTkImuobO/9MeSSggkFwTdOcRVwe4u5Rl8 /2KEqXiRWY+DV7ywqlUwR4SdShP8tY7Plg== X-Google-Smtp-Source: ACHHUZ4XKBAhZh/YdVrZDQMtmzOUIZ/xl0HBN7TG423rxz6EADw09fI1gKT/mk0XKzvlLy8fJVouQg== X-Received: by 2002:a17:907:ea6:b0:96a:4325:2593 with SMTP id ho38-20020a1709070ea600b0096a43252593mr7045504ejc.42.1683886419143; Fri, 12 May 2023 03:13:39 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id n5-20020a1709065da500b0096616adc0d5sm5233551ejv.104.2023.05.12.03.13.38 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:13:38 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 3/4] libsepol: replace sepol_log_err() by ERR() Date: Fri, 12 May 2023 12:13:32 +0200 Message-Id: <20230512101333.67196-3-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512101333.67196-1-cgzones@googlemail.com> References: <20230512101333.67196-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the libsepol internal wrapper ERR() with a NULL handler to emit error messages. ERR() will besides adding a prefix of "libsepol" also write to stderr. One benefit is the option to suppress the messages via sepol_debug(), although marked deprecated, e.g. in fuzzers. --- libsepol/src/kernel_to_cil.c | 151 ++++++++++++++++---------------- libsepol/src/kernel_to_common.c | 34 +++---- libsepol/src/kernel_to_common.h | 2 - libsepol/src/kernel_to_conf.c | 151 ++++++++++++++++---------------- 4 files changed, 163 insertions(+), 175 deletions(-) diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c index edca4d5f..4c48d3e0 100644 --- a/libsepol/src/kernel_to_cil.c +++ b/libsepol/src/kernel_to_cil.c @@ -25,6 +25,7 @@ #include #include +#include "debug.h" #include "kernel_to_common.h" @@ -59,7 +60,7 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr) case COND_EQ: op = "eq"; num_params = 2; break; case COND_NEQ: op = "neq"; num_params = 2; break; default: - sepol_log_err("Unknown conditional operator: %i", + ERR(NULL, "Unknown conditional operator: %i", curr->expr_type); goto exit; } @@ -67,13 +68,13 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr) if (num_params == 2) { val2 = strs_stack_pop(stack); if (!val2) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); goto exit; } } val1 = strs_stack_pop(stack); if (!val1) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); free(val2); goto exit; } @@ -86,19 +87,19 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr) free(val1); } if (!new_val) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); goto exit; } rc = strs_stack_push(stack, new_val); if (rc != 0) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } } new_val = strs_stack_pop(stack); if (!new_val || !strs_stack_empty(stack)) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); goto exit; } @@ -146,7 +147,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr case CEXPR_DOMBY: op = "domby"; break; case CEXPR_INCOMP: op = "incomp"; break; default: - sepol_log_err("Unknown constraint operator: %i", curr->op); + ERR(NULL, "Unknown constraint operator: %i", curr->op); goto exit; } @@ -167,7 +168,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr case CEXPR_L1H1: attr1 ="l1"; attr2 ="h1"; break; case CEXPR_L2H2: attr1 ="l2"; attr2 ="h2"; break; default: - sepol_log_err("Unknown constraint attribute: %i", + ERR(NULL, "Unknown constraint attribute: %i", curr->attr); goto exit; } @@ -191,7 +192,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr if (!names) { names = strdup("NO_IDENTIFIER"); if (!names) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } } @@ -212,7 +213,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr case CEXPR_AND: op = "and"; num_params = 2; break; case CEXPR_OR: op = "or"; num_params = 2; break; default: - sepol_log_err("Unknown constraint expression type: %i", + ERR(NULL, "Unknown constraint expression type: %i", curr->expr_type); goto exit; } @@ -220,13 +221,13 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr if (num_params == 2) { val2 = strs_stack_pop(stack); if (!val2) { - sepol_log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); goto exit; } } val1 = strs_stack_pop(stack); if (!val1) { - sepol_log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); goto exit; } @@ -243,14 +244,14 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr } rc = strs_stack_push(stack, new_val); if (rc != 0) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } } new_val = strs_stack_pop(stack); if (!new_val || !strs_stack_empty(stack)) { - sepol_log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); goto exit; } @@ -314,7 +315,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey, return 0; exit: - sepol_log_err("Error gathering constraint rules"); + ERR(NULL, "Error gathering constraint rules"); return rc; } @@ -423,7 +424,7 @@ static int write_handle_unknown_to_cil(FILE *out, struct policydb *pdb) action = "allow"; break; default: - sepol_log_err("Unknown value for handle-unknown: %i", pdb->handle_unknown); + ERR(NULL, "Unknown value for handle-unknown: %i", pdb->handle_unknown); return -1; } @@ -508,7 +509,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) /* common */ used = calloc(pdb->p_commons.nprim, sizeof(*used)); if (!used) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -543,7 +544,7 @@ static int write_class_decl_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing class rules to CIL"); + ERR(NULL, "Error writing class rules to CIL"); } return rc; @@ -573,7 +574,7 @@ static int write_sids_to_cil(FILE *out, const char *const *sid_to_str, snprintf(unknown, 18, "%s%u", "UNKNOWN", i); sid = strdup(unknown); if (!sid) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -616,7 +617,7 @@ exit: } strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sid rules to CIL"); + ERR(NULL, "Error writing sid rules to CIL"); } return rc; @@ -633,7 +634,7 @@ static int write_sid_decl_rules_to_cil(FILE *out, struct policydb *pdb) rc = write_sids_to_cil(out, xen_sid_to_str, XEN_SID_SZ, pdb->ocontexts[0]); } else { - sepol_log_err("Unknown target platform: %i", pdb->target_platform); + ERR(NULL, "Unknown target platform: %i", pdb->target_platform); rc = -1; } @@ -652,7 +653,7 @@ static int write_default_user_to_cil(FILE *out, char *class_name, class_datum_t dft = "target"; break; default: - sepol_log_err("Unknown default role value: %i", class->default_user); + ERR(NULL, "Unknown default role value: %i", class->default_user); return -1; } sepol_printf(out, "(defaultuser %s %s)\n", class_name, dft); @@ -672,7 +673,7 @@ static int write_default_role_to_cil(FILE *out, char *class_name, class_datum_t dft = "target"; break; default: - sepol_log_err("Unknown default role value: %i", class->default_role); + ERR(NULL, "Unknown default role value: %i", class->default_role); return -1; } sepol_printf(out, "(defaultrole %s %s)\n", class_name, dft); @@ -692,7 +693,7 @@ static int write_default_type_to_cil(FILE *out, char *class_name, class_datum_t dft = "target"; break; default: - sepol_log_err("Unknown default type value: %i", class->default_type); + ERR(NULL, "Unknown default type value: %i", class->default_type); return -1; } sepol_printf(out, "(defaulttype %s %s)\n", class_name, dft); @@ -727,7 +728,7 @@ static int write_default_range_to_cil(FILE *out, char *class_name, class_datum_t dft = "glblub"; break; default: - sepol_log_err("Unknown default type value: %i", class->default_range); + ERR(NULL, "Unknown default type value: %i", class->default_range); return -1; } sepol_printf(out, "(defaultrange %s %s)\n", class_name, dft); @@ -795,7 +796,7 @@ static int write_default_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing default rules to CIL"); + ERR(NULL, "Error writing default rules to CIL"); } return rc; @@ -906,7 +907,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sensitivity rules to CIL"); + ERR(NULL, "Error writing sensitivity rules to CIL"); } return rc; @@ -1010,7 +1011,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing category rules to CIL"); + ERR(NULL, "Error writing category rules to CIL"); } return rc; @@ -1141,7 +1142,7 @@ static int write_sensitivitycategory_rules_to_cil(FILE *out, struct policydb *pd exit: if (rc != 0) { - sepol_log_err("Error writing sensitivitycategory rules to CIL"); + ERR(NULL, "Error writing sensitivitycategory rules to CIL"); } return rc; @@ -1177,7 +1178,7 @@ static int write_mls_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing mls rules to CIL"); + ERR(NULL, "Error writing mls rules to CIL"); } return rc; @@ -1199,7 +1200,7 @@ static int write_polcap_rules_to_cil(FILE *out, struct policydb *pdb) ebitmap_for_each_positive_bit(&pdb->policycaps, node, i) { name = sepol_polcap_getname(i); if (name == NULL) { - sepol_log_err("Unknown policy capability id: %i", i); + ERR(NULL, "Unknown policy capability id: %i", i); rc = -1; goto exit; } @@ -1218,7 +1219,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing polcap rules to CIL"); + ERR(NULL, "Error writing polcap rules to CIL"); } return rc; @@ -1263,7 +1264,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattribute rules to CIL"); + ERR(NULL, "Error writing typeattribute rules to CIL"); } return rc; @@ -1308,7 +1309,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing roleattribute rules to CIL"); + ERR(NULL, "Error writing roleattribute rules to CIL"); } return rc; @@ -1348,7 +1349,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing boolean declarations to CIL"); + ERR(NULL, "Error writing boolean declarations to CIL"); } return rc; @@ -1393,7 +1394,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type declarations to CIL"); + ERR(NULL, "Error writing type declarations to CIL"); } return rc; @@ -1476,7 +1477,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type alias rules to CIL"); + ERR(NULL, "Error writing type alias rules to CIL"); } return rc; @@ -1530,7 +1531,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type bounds rules to CIL"); + ERR(NULL, "Error writing type bounds rules to CIL"); } return rc; @@ -1578,7 +1579,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattributeset rules to CIL"); + ERR(NULL, "Error writing typeattributeset rules to CIL"); } return rc; @@ -1620,7 +1621,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typepermissive rules to CIL"); + ERR(NULL, "Error writing typepermissive rules to CIL"); } return rc; @@ -1739,7 +1740,7 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat flavor = "typechange"; break; default: - sepol_log_err("Unknown avtab type: %i", key->specified); + ERR(NULL, "Unknown avtab type: %i", key->specified); goto exit; } @@ -1756,7 +1757,7 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat if (key->specified & AVTAB_AV) { perms = sepol_av_to_string(pdb, key->target_class, data); if (perms == NULL) { - sepol_log_err("Failed to generate permission string"); + ERR(NULL, "Failed to generate permission string"); goto exit; } rule = create_str("(%s %s %s (%s (%s)))", 5, @@ -1764,7 +1765,7 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat } else if (key->specified & AVTAB_XPERMS) { perms = xperms_to_str(datum->xperms); if (perms == NULL) { - sepol_log_err("Failed to generate extended permission string"); + ERR(NULL, "Failed to generate extended permission string"); goto exit; } @@ -1862,7 +1863,7 @@ static int write_avtab_to_cil(FILE *out, struct policydb *pdb, int indent) exit: if (rc != 0) { - sepol_log_err("Error writing avtab rules to CIL"); + ERR(NULL, "Error writing avtab rules to CIL"); } return rc; @@ -1933,7 +1934,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing filename typetransition rules to CIL"); + ERR(NULL, "Error writing filename typetransition rules to CIL"); } return rc; @@ -2044,7 +2045,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing range transition rules to CIL"); + ERR(NULL, "Error writing range transition rules to CIL"); } return rc; @@ -2184,7 +2185,7 @@ exit: } if (rc != 0) { - sepol_log_err("Error writing conditional rules to CIL"); + ERR(NULL, "Error writing conditional rules to CIL"); } return rc; @@ -2309,7 +2310,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role declarations to CIL"); + ERR(NULL, "Error writing role declarations to CIL"); } return rc; @@ -2350,7 +2351,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role transition rules to CIL"); + ERR(NULL, "Error writing role transition rules to CIL"); } return rc; @@ -2388,7 +2389,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role allow rules to CIL"); + ERR(NULL, "Error writing role allow rules to CIL"); } return rc; @@ -2529,7 +2530,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing user declarations to CIL"); + ERR(NULL, "Error writing user declarations to CIL"); } return rc; @@ -2611,7 +2612,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sidcontext rules to CIL"); + ERR(NULL, "Error writing sidcontext rules to CIL"); } return rc; @@ -2636,7 +2637,7 @@ static int write_selinux_fsuse_rules_to_cil(FILE *out, struct policydb *pdb) case SECURITY_FS_USE_TRANS: behavior = "trans"; break; case SECURITY_FS_USE_TASK: behavior = "task"; break; default: - sepol_log_err("Unknown fsuse behavior: %i", fsuse->v.behavior); + ERR(NULL, "Unknown fsuse behavior: %i", fsuse->v.behavior); rc = -1; goto exit; } @@ -2655,7 +2656,7 @@ static int write_selinux_fsuse_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing fsuse rules to CIL"); + ERR(NULL, "Error writing fsuse rules to CIL"); } return rc; @@ -2733,7 +2734,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing genfscon rules to CIL"); + ERR(NULL, "Error writing genfscon rules to CIL"); } return rc; @@ -2756,7 +2757,7 @@ static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb) case IPPROTO_DCCP: protocol = "dccp"; break; case IPPROTO_SCTP: protocol = "sctp"; break; default: - sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); + ERR(NULL, "Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; goto exit; } @@ -2788,7 +2789,7 @@ static int write_selinux_port_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing portcon rules to CIL"); + ERR(NULL, "Error writing portcon rules to CIL"); } return rc; @@ -2822,7 +2823,7 @@ static int write_selinux_netif_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing netifcon rules to CIL"); + ERR(NULL, "Error writing netifcon rules to CIL"); } return rc; @@ -2838,13 +2839,13 @@ static int write_selinux_node_rules_to_cil(FILE *out, struct policydb *pdb) for (node = pdb->ocontexts[4]; node != NULL; node = node->next) { if (inet_ntop(AF_INET, &node->u.node.addr, addr, INET_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon address is invalid: %m"); + ERR(NULL, "Nodecon address is invalid: %m"); rc = -1; goto exit; } if (inet_ntop(AF_INET, &node->u.node.mask, mask, INET_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon mask is invalid: %m"); + ERR(NULL, "Nodecon mask is invalid: %m"); rc = -1; goto exit; } @@ -2862,7 +2863,7 @@ static int write_selinux_node_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to CIL"); + ERR(NULL, "Error writing nodecon rules to CIL"); } return rc; @@ -2878,13 +2879,13 @@ static int write_selinux_node6_rules_to_cil(FILE *out, struct policydb *pdb) for (node = pdb->ocontexts[6]; node != NULL; node = node->next) { if (inet_ntop(AF_INET6, &node->u.node6.addr, addr, INET6_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon address is invalid: %m"); + ERR(NULL, "Nodecon address is invalid: %m"); rc = -1; goto exit; } if (inet_ntop(AF_INET6, &node->u.node6.mask, mask, INET6_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon mask is invalid: %m"); + ERR(NULL, "Nodecon mask is invalid: %m"); rc = -1; goto exit; } @@ -2902,7 +2903,7 @@ static int write_selinux_node6_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to CIL"); + ERR(NULL, "Error writing nodecon rules to CIL"); } return rc; @@ -2926,7 +2927,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { - sepol_log_err("ibpkeycon subnet_prefix is invalid: %m"); + ERR(NULL, "ibpkeycon subnet_prefix is invalid: %m"); rc = -1; goto exit; } @@ -2958,7 +2959,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ibpkeycon rules to CIL"); + ERR(NULL, "Error writing ibpkeycon rules to CIL"); } return rc; @@ -2995,7 +2996,7 @@ static int write_selinux_ibendport_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ibendportcon rules to CIL"); + ERR(NULL, "Error writing ibendportcon rules to CIL"); } return rc; @@ -3035,7 +3036,7 @@ static int write_xen_pirq_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pirqcon rules to CIL"); + ERR(NULL, "Error writing pirqcon rules to CIL"); } return rc; @@ -3078,7 +3079,7 @@ static int write_xen_ioport_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ioportcon rules to CIL"); + ERR(NULL, "Error writing ioportcon rules to CIL"); } return rc; @@ -3121,7 +3122,7 @@ static int write_xen_iomem_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing iomemcon rules to CIL"); + ERR(NULL, "Error writing iomemcon rules to CIL"); } return rc; @@ -3156,7 +3157,7 @@ static int write_xen_pcidevice_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pcidevicecon rules to CIL"); + ERR(NULL, "Error writing pcidevicecon rules to CIL"); } return rc; @@ -3183,7 +3184,7 @@ static int write_xen_devicetree_rules_to_cil(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing devicetreecon rules to CIL"); + ERR(NULL, "Error writing devicetreecon rules to CIL"); } return rc; @@ -3218,13 +3219,13 @@ int sepol_kernel_policydb_to_cil(FILE *out, struct policydb *pdb) } if (pdb == NULL) { - sepol_log_err("No policy"); + ERR(NULL, "No policy"); rc = -1; goto exit; } if (pdb->policy_type != SEPOL_POLICY_KERN) { - sepol_log_err("Policy is not a kernel policy"); + ERR(NULL, "Policy is not a kernel policy"); rc = -1; goto exit; } @@ -3236,7 +3237,7 @@ int sepol_kernel_policydb_to_cil(FILE *out, struct policydb *pdb) * the type_val_to_struct and p_type_val_to_name arrays and policy rules * can refer to those gaps. */ - sepol_log_err("Writing policy versions between 20 and 23 as CIL is not supported"); + ERR(NULL, "Writing policy versions between 20 and 23 as CIL is not supported"); rc = -1; goto exit; } diff --git a/libsepol/src/kernel_to_common.c b/libsepol/src/kernel_to_common.c index 8da399e2..09c08b3d 100644 --- a/libsepol/src/kernel_to_common.c +++ b/libsepol/src/kernel_to_common.c @@ -18,27 +18,15 @@ #include #include +#include "debug.h" #include "private.h" #include "kernel_to_common.h" -void sepol_log_err(const char *fmt, ...) -{ - va_list argptr; - va_start(argptr, fmt); - if (vfprintf(stderr, fmt, argptr) < 0) { - _exit(EXIT_FAILURE); - } - va_end(argptr); - if (fprintf(stderr, "\n") < 0) { - _exit(EXIT_FAILURE); - } -} - void sepol_indent(FILE *out, int indent) { if (fprintf(out, "%*s", indent * 4, "") < 0) { - sepol_log_err("Failed to write to output"); + ERR(NULL, "Failed to write to output"); } } @@ -47,7 +35,7 @@ void sepol_printf(FILE *out, const char *fmt, ...) va_list argptr; va_start(argptr, fmt); if (vfprintf(out, fmt, argptr) < 0) { - sepol_log_err("Failed to write to output"); + ERR(NULL, "Failed to write to output"); } va_end(argptr); } @@ -73,7 +61,7 @@ static char *create_str_helper(const char *fmt, int num, va_list vargs) str = malloc(len); if (!str) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } @@ -116,13 +104,13 @@ int strs_init(struct strs **strs, size_t size) new = malloc(sizeof(struct strs)); if (!new) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); return -1; } new->list = calloc(size, sizeof(char *)); if (!new->list) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); free(new); return -1; } @@ -169,7 +157,7 @@ int strs_add(struct strs *strs, char *s) strs->size *= 2; new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); return -1; } strs->list = new; @@ -228,7 +216,7 @@ int strs_add_at_index(struct strs *strs, char *s, size_t index) } new = reallocarray(strs->list, strs->size, sizeof(char *)); if (!new) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); return -1; } strs->list = new; @@ -301,7 +289,7 @@ char *strs_to_str(const struct strs *strs) len = strs_len_items(strs) + strs->num; str = malloc(len); if (!str) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } @@ -627,7 +615,7 @@ static int sort_ocontext_data(struct ocontext **ocons, int (*cmp)(const void *, data = calloc(sizeof(*data), num); if (!data) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); return -1; } @@ -718,7 +706,7 @@ int sort_ocontexts(struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error sorting ocontexts"); + ERR(NULL, "Error sorting ocontexts"); } return rc; diff --git a/libsepol/src/kernel_to_common.h b/libsepol/src/kernel_to_common.h index 159c4289..7a3960b0 100644 --- a/libsepol/src/kernel_to_common.h +++ b/libsepol/src/kernel_to_common.h @@ -83,8 +83,6 @@ struct strs { size_t size; }; -__attribute__ ((format(printf, 1, 2))) -void sepol_log_err(const char *fmt, ...); void sepol_indent(FILE *out, int indent); __attribute__ ((format(printf, 2, 3))) void sepol_printf(FILE *out, const char *fmt, ...); diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c index 1d812b19..eb85406a 100644 --- a/libsepol/src/kernel_to_conf.c +++ b/libsepol/src/kernel_to_conf.c @@ -24,6 +24,7 @@ #include #include +#include "debug.h" #include "kernel_to_common.h" @@ -58,20 +59,20 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr) case COND_EQ: op = "=="; num_params = 2; break; case COND_NEQ: op = "!="; num_params = 2; break; default: - sepol_log_err("Unknown conditional operator: %i", curr->expr_type); + ERR(NULL, "Unknown conditional operator: %i", curr->expr_type); goto exit; } if (num_params == 2) { val2 = strs_stack_pop(stack); if (!val2) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); goto exit; } } val1 = strs_stack_pop(stack); if (!val1) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); free(val2); goto exit; } @@ -84,19 +85,19 @@ static char *cond_expr_to_str(struct policydb *pdb, struct cond_expr *expr) free(val1); } if (!new_val) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); goto exit; } rc = strs_stack_push(stack, new_val); if (rc != 0) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } } new_val = strs_stack_pop(stack); if (!new_val || !strs_stack_empty(stack)) { - sepol_log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); goto exit; } @@ -144,7 +145,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr case CEXPR_DOMBY: op = "domby"; break; case CEXPR_INCOMP: op = "incomp"; break; default: - sepol_log_err("Unknown constraint operator: %i", curr->op); + ERR(NULL, "Unknown constraint operator: %i", curr->op); goto exit; } @@ -165,7 +166,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr case CEXPR_L1H1: attr1 ="l1"; attr2 ="h1"; break; case CEXPR_L2H2: attr1 ="l2"; attr2 ="h2"; break; default: - sepol_log_err("Unknown constraint attribute: %i", curr->attr); + ERR(NULL, "Unknown constraint attribute: %i", curr->attr); goto exit; } @@ -188,7 +189,7 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr if (!names) { names = strdup("NO_IDENTIFIER"); if (!names) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } } @@ -209,20 +210,20 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr case CEXPR_AND: op = "and"; num_params = 2; break; case CEXPR_OR: op = "or"; num_params = 2; break; default: - sepol_log_err("Unknown constraint expression type: %i", curr->expr_type); + ERR(NULL, "Unknown constraint expression type: %i", curr->expr_type); goto exit; } if (num_params == 2) { val2 = strs_stack_pop(stack); if (!val2) { - sepol_log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); goto exit; } } val1 = strs_stack_pop(stack); if (!val1) { - sepol_log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); goto exit; } @@ -239,14 +240,14 @@ static char *constraint_expr_to_str(struct policydb *pdb, struct constraint_expr } rc = strs_stack_push(stack, new_val); if (rc != 0) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } } new_val = strs_stack_pop(stack); if (!new_val || !strs_stack_empty(stack)) { - sepol_log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); goto exit; } @@ -318,7 +319,7 @@ static int class_constraint_rules_to_strs(struct policydb *pdb, char *classkey, return 0; exit: - sepol_log_err("Error gathering constraint rules"); + ERR(NULL, "Error gathering constraint rules"); return rc; } @@ -425,7 +426,7 @@ static int write_handle_unknown_to_conf(FILE *out, struct policydb *pdb) action = "allow"; break; default: - sepol_log_err("Unknown value for handle-unknown: %i", pdb->handle_unknown); + ERR(NULL, "Unknown value for handle-unknown: %i", pdb->handle_unknown); return -1; } @@ -495,7 +496,7 @@ exit: } strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sid rules to policy.conf"); + ERR(NULL, "Error writing sid rules to policy.conf"); } return rc; @@ -512,7 +513,7 @@ static int write_sid_decl_rules_to_conf(FILE *out, struct policydb *pdb) rc = write_sids_to_conf(out, xen_sid_to_str, XEN_SID_SZ, pdb->ocontexts[0]); } else { - sepol_log_err("Unknown target platform: %i", pdb->target_platform); + ERR(NULL, "Unknown target platform: %i", pdb->target_platform); rc = -1; } @@ -556,7 +557,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) /* common */ used = calloc(pdb->p_commons.nprim, sizeof(*used)); if (!used) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -610,7 +611,7 @@ static int write_class_and_common_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing class rules to policy.conf"); + ERR(NULL, "Error writing class rules to policy.conf"); } return rc; @@ -628,7 +629,7 @@ static int write_default_user_to_conf(FILE *out, char *class_name, class_datum_t dft = "target"; break; default: - sepol_log_err("Unknown default role value: %i", class->default_user); + ERR(NULL, "Unknown default role value: %i", class->default_user); return -1; } sepol_printf(out, "default_user { %s } %s;\n", class_name, dft); @@ -648,7 +649,7 @@ static int write_default_role_to_conf(FILE *out, char *class_name, class_datum_t dft = "target"; break; default: - sepol_log_err("Unknown default role value: %i", class->default_role); + ERR(NULL, "Unknown default role value: %i", class->default_role); return -1; } sepol_printf(out, "default_role { %s } %s;\n", class_name, dft); @@ -668,7 +669,7 @@ static int write_default_type_to_conf(FILE *out, char *class_name, class_datum_t dft = "target"; break; default: - sepol_log_err("Unknown default type value: %i", class->default_type); + ERR(NULL, "Unknown default type value: %i", class->default_type); return -1; } sepol_printf(out, "default_type { %s } %s;\n", class_name, dft); @@ -703,7 +704,7 @@ static int write_default_range_to_conf(FILE *out, char *class_name, class_datum_ dft = "glblub"; break; default: - sepol_log_err("Unknown default type value: %i", class->default_range); + ERR(NULL, "Unknown default type value: %i", class->default_range); return -1; } sepol_printf(out, "default_range { %s } %s;\n", class_name, dft); @@ -771,7 +772,7 @@ static int write_default_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing default rules to policy.conf"); + ERR(NULL, "Error writing default rules to policy.conf"); } return rc; @@ -902,7 +903,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sensitivity rules to CIL"); + ERR(NULL, "Error writing sensitivity rules to CIL"); } return rc; @@ -1010,7 +1011,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing category rules to policy.conf"); + ERR(NULL, "Error writing category rules to policy.conf"); } return rc; @@ -1129,7 +1130,7 @@ static int write_level_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing level rules to policy.conf"); + ERR(NULL, "Error writing level rules to policy.conf"); } return rc; @@ -1160,7 +1161,7 @@ static int write_mls_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing mls rules to policy.conf"); + ERR(NULL, "Error writing mls rules to policy.conf"); } return rc; @@ -1182,7 +1183,7 @@ static int write_polcap_rules_to_conf(FILE *out, struct policydb *pdb) ebitmap_for_each_positive_bit(&pdb->policycaps, node, i) { name = sepol_polcap_getname(i); if (name == NULL) { - sepol_log_err("Unknown policy capability id: %i", i); + ERR(NULL, "Unknown policy capability id: %i", i); rc = -1; goto exit; } @@ -1201,7 +1202,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing polcap rules to policy.conf"); + ERR(NULL, "Error writing polcap rules to policy.conf"); } return rc; @@ -1246,7 +1247,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattribute rules to policy.conf"); + ERR(NULL, "Error writing typeattribute rules to policy.conf"); } return rc; @@ -1291,7 +1292,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing roleattribute rules to policy.conf"); + ERR(NULL, "Error writing roleattribute rules to policy.conf"); } return rc; @@ -1331,7 +1332,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing boolean declarations to policy.conf"); + ERR(NULL, "Error writing boolean declarations to policy.conf"); } return rc; @@ -1376,7 +1377,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type declarations to policy.conf"); + ERR(NULL, "Error writing type declarations to policy.conf"); } return rc; @@ -1450,7 +1451,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type alias rules to policy.conf"); + ERR(NULL, "Error writing type alias rules to policy.conf"); } return rc; @@ -1504,7 +1505,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing type bounds rules to policy.conf"); + ERR(NULL, "Error writing type bounds rules to policy.conf"); } return rc; @@ -1526,7 +1527,7 @@ static char *attr_strs_to_str(struct strs *strs) len = strs_len_items(strs) + 2*strs->num - 1; str = malloc(len); if (!str) { - sepol_log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } @@ -1631,7 +1632,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typeattributeset rules to policy.conf"); + ERR(NULL, "Error writing typeattributeset rules to policy.conf"); } return rc; @@ -1673,7 +1674,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing typepermissive rules to policy.conf"); + ERR(NULL, "Error writing typepermissive rules to policy.conf"); } return rc; @@ -1716,7 +1717,7 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat flavor = "type_change"; break; default: - sepol_log_err("Unknown avtab type: %i", key->specified); + ERR(NULL, "Unknown avtab type: %i", key->specified); goto exit; } @@ -1733,7 +1734,7 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat if (key->specified & AVTAB_AV) { perms = sepol_av_to_string(pdb, key->target_class, data); if (perms == NULL) { - sepol_log_err("Failed to generate permission string"); + ERR(NULL, "Failed to generate permission string"); goto exit; } rule = create_str("%s %s %s:%s { %s };", 5, @@ -1741,7 +1742,7 @@ static char *avtab_node_to_str(struct policydb *pdb, avtab_key_t *key, avtab_dat } else if (key->specified & AVTAB_XPERMS) { perms = sepol_extended_perms_to_string(datum->xperms); if (perms == NULL) { - sepol_log_err("Failed to generate extended permission string"); + ERR(NULL, "Failed to generate extended permission string"); goto exit; } @@ -1838,7 +1839,7 @@ static int write_avtab_to_conf(FILE *out, struct policydb *pdb, int indent) exit: if (rc != 0) { - sepol_log_err("Error writing avtab rules to policy.conf"); + ERR(NULL, "Error writing avtab rules to policy.conf"); } return rc; @@ -1909,7 +1910,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing filename typetransition rules to policy.conf"); + ERR(NULL, "Error writing filename typetransition rules to policy.conf"); } return rc; @@ -2020,7 +2021,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing range transition rules to policy.conf"); + ERR(NULL, "Error writing range transition rules to policy.conf"); } return rc; @@ -2158,7 +2159,7 @@ exit: } if (rc != 0) { - sepol_log_err("Error writing conditional rules to policy.conf"); + ERR(NULL, "Error writing conditional rules to policy.conf"); } return rc; @@ -2240,7 +2241,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role declarations to policy.conf"); + ERR(NULL, "Error writing role declarations to policy.conf"); } return rc; @@ -2281,7 +2282,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role transition rules to policy.conf"); + ERR(NULL, "Error writing role transition rules to policy.conf"); } return rc; @@ -2319,7 +2320,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing role allow rules to policy.conf"); + ERR(NULL, "Error writing role allow rules to policy.conf"); } return rc; @@ -2402,7 +2403,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing user declarations to policy.conf"); + ERR(NULL, "Error writing user declarations to policy.conf"); } return rc; @@ -2479,7 +2480,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing sidcontext rules to policy.conf"); + ERR(NULL, "Error writing sidcontext rules to policy.conf"); } return rc; @@ -2504,7 +2505,7 @@ static int write_selinux_fsuse_rules_to_conf(FILE *out, struct policydb *pdb) case SECURITY_FS_USE_TRANS: behavior = "trans"; break; case SECURITY_FS_USE_TASK: behavior = "task"; break; default: - sepol_log_err("Unknown fsuse behavior: %i", fsuse->v.behavior); + ERR(NULL, "Unknown fsuse behavior: %i", fsuse->v.behavior); rc = -1; goto exit; } @@ -2523,7 +2524,7 @@ static int write_selinux_fsuse_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing fsuse rules to policy.conf"); + ERR(NULL, "Error writing fsuse rules to policy.conf"); } return rc; @@ -2601,7 +2602,7 @@ exit: strs_destroy(&strs); if (rc != 0) { - sepol_log_err("Error writing genfscon rules to policy.conf"); + ERR(NULL, "Error writing genfscon rules to policy.conf"); } return rc; @@ -2624,7 +2625,7 @@ static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb) case IPPROTO_DCCP: protocol = "dccp"; break; case IPPROTO_SCTP: protocol = "sctp"; break; default: - sepol_log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); + ERR(NULL, "Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; goto exit; } @@ -2656,7 +2657,7 @@ static int write_selinux_port_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing portcon rules to policy.conf"); + ERR(NULL, "Error writing portcon rules to policy.conf"); } return rc; @@ -2690,7 +2691,7 @@ static int write_selinux_netif_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing netifcon rules to policy.conf"); + ERR(NULL, "Error writing netifcon rules to policy.conf"); } return rc; @@ -2706,13 +2707,13 @@ static int write_selinux_node_rules_to_conf(FILE *out, struct policydb *pdb) for (node = pdb->ocontexts[4]; node != NULL; node = node->next) { if (inet_ntop(AF_INET, &node->u.node.addr, addr, INET_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon address is invalid: %m"); + ERR(NULL, "Nodecon address is invalid: %m"); rc = -1; goto exit; } if (inet_ntop(AF_INET, &node->u.node.mask, mask, INET_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon mask is invalid: %m"); + ERR(NULL, "Nodecon mask is invalid: %m"); rc = -1; goto exit; } @@ -2730,7 +2731,7 @@ static int write_selinux_node_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to policy.conf"); + ERR(NULL, "Error writing nodecon rules to policy.conf"); } return rc; @@ -2747,13 +2748,13 @@ static int write_selinux_node6_rules_to_conf(FILE *out, struct policydb *pdb) for (node6 = pdb->ocontexts[6]; node6 != NULL; node6 = node6->next) { if (inet_ntop(AF_INET6, &node6->u.node6.addr, addr, INET6_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon address is invalid: %m"); + ERR(NULL, "Nodecon address is invalid: %m"); rc = -1; goto exit; } if (inet_ntop(AF_INET6, &node6->u.node6.mask, mask, INET6_ADDRSTRLEN) == NULL) { - sepol_log_err("Nodecon mask is invalid: %m"); + ERR(NULL, "Nodecon mask is invalid: %m"); rc = -1; goto exit; } @@ -2771,7 +2772,7 @@ static int write_selinux_node6_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing nodecon rules to policy.conf"); + ERR(NULL, "Error writing nodecon rules to policy.conf"); } return rc; @@ -2795,7 +2796,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { - sepol_log_err("ibpkeycon address is invalid: %m"); + ERR(NULL, "ibpkeycon address is invalid: %m"); rc = -1; goto exit; } @@ -2828,7 +2829,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ibpkeycon rules to policy.conf"); + ERR(NULL, "Error writing ibpkeycon rules to policy.conf"); } return rc; @@ -2864,7 +2865,7 @@ static int write_selinux_ibendport_rules_to_conf(FILE *out, struct policydb *pdb exit: if (rc != 0) { - sepol_log_err("Error writing ibendportcon rules to policy.conf"); + ERR(NULL, "Error writing ibendportcon rules to policy.conf"); } return rc; @@ -2905,7 +2906,7 @@ static int write_xen_pirq_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pirqcon rules to policy.conf"); + ERR(NULL, "Error writing pirqcon rules to policy.conf"); } return rc; @@ -2948,7 +2949,7 @@ static int write_xen_ioport_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing ioportcon rules to policy.conf"); + ERR(NULL, "Error writing ioportcon rules to policy.conf"); } return rc; @@ -2991,7 +2992,7 @@ static int write_xen_iomem_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing iomemcon rules to policy.conf"); + ERR(NULL, "Error writing iomemcon rules to policy.conf"); } return rc; @@ -3026,7 +3027,7 @@ static int write_xen_pcidevice_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing pcidevicecon rules to policy.conf"); + ERR(NULL, "Error writing pcidevicecon rules to policy.conf"); } return rc; @@ -3053,7 +3054,7 @@ static int write_xen_devicetree_rules_to_conf(FILE *out, struct policydb *pdb) exit: if (rc != 0) { - sepol_log_err("Error writing devicetreecon rules to policy.conf"); + ERR(NULL, "Error writing devicetreecon rules to policy.conf"); } return rc; @@ -3088,13 +3089,13 @@ int sepol_kernel_policydb_to_conf(FILE *out, struct policydb *pdb) } if (pdb == NULL) { - sepol_log_err("No policy"); + ERR(NULL, "No policy"); rc = -1; goto exit; } if (pdb->policy_type != SEPOL_POLICY_KERN) { - sepol_log_err("Policy is not a kernel policy"); + ERR(NULL, "Policy is not a kernel policy"); rc = -1; goto exit; } @@ -3106,7 +3107,7 @@ int sepol_kernel_policydb_to_conf(FILE *out, struct policydb *pdb) * the type_val_to_struct and p_type_val_to_name arrays and policy rules * can refer to those gaps. */ - sepol_log_err("Writing policy versions between 20 and 23 as a policy.conf is not supported"); + ERR(NULL, "Writing policy versions between 20 and 23 as a policy.conf is not supported"); rc = -1; goto exit; } From patchwork Fri May 12 10:13:33 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Christian_G=C3=B6ttsche?= X-Patchwork-Id: 13239039 X-Patchwork-Delegate: plautrba@redhat.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8C563C7EE25 for ; Fri, 12 May 2023 10:14:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S240444AbjELKOY (ORCPT ); Fri, 12 May 2023 06:14:24 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:42220 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240477AbjELKOO (ORCPT ); Fri, 12 May 2023 06:14:14 -0400 Received: from mail-ej1-x636.google.com (mail-ej1-x636.google.com [IPv6:2a00:1450:4864:20::636]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 964CE11DA4 for ; Fri, 12 May 2023 03:13:45 -0700 (PDT) Received: by mail-ej1-x636.google.com with SMTP id a640c23a62f3a-96649b412easo1098300766b.0 for ; Fri, 12 May 2023 03:13:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20221208; t=1683886420; x=1686478420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc:subject:date:message-id :reply-to; bh=VtohkzG8UYMeDGtKnxcHrPhViaaWM3UllrZjRqxJk8U=; b=Qls1WQFh+vyf25/nplh1Dh/d6IomomIa5pZvRkkjQVDOTzSKZD/9rkTmsZsHPhZCpZ nR2IjqNcTtWEn/d3wiXSuy+SHelLhiS7GreOM8ZWq03kotqNQbdBqKbjA9l8U0E2FmVG dh9X+XIvoH1vK3CFQftDHFvWs1v8nU7OVvas23uI8f6Fgt3LNVO3azubKzv3d4ZXDiQz P5M2WibaszhMVy6JhiyL1xGxAPhAa9Ak+QzbWqdIP01yAqizdKqr+nIN5SQ9h9b9X1dU b1NvoIxK150AghsZE+6ted/j4NofhkIQFv1/+tf5R+ccQnbrjMhSkuMfXP+uoRy99Tgh 4T2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683886420; x=1686478420; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=VtohkzG8UYMeDGtKnxcHrPhViaaWM3UllrZjRqxJk8U=; b=K9T096J7UHMLoxoE/53zzLkh7lRP27t7W2tNg+MdtSdCrfzEPIzXKJj+iPP44K8J30 8rmVM2HuNg2ZbWN8O7y2rsgh52SDX4EXYkaAdPfVYRhZOAcO1L5XdMDfo1OMIh3eBets pV9ncJRThG230Ny3GhXgAuqnViG8KrCmjzYTI3XGeFc/gKPNiF11kZlB+xhDt/hsLTWm Onlj+ppa66WI1gS/iuVlyRCU4KJb/2JtquOq3TP5QCAKLs16UQ+Z/NXwkSLJUPGgRa1R Z6Tn9vQijX9W0wxa0AV1E2d1UrewKmLjHhzLloR87AvCAGVjL8e7NYDjYk00qK3IiEVS QyRA== X-Gm-Message-State: AC+VfDy8CUmFdRPiPLc9dnksezWxkwkv9aUBWw3xnBE1yAlZe9F5xd+u MIHnrlSjipfGlSG3A6KSKof/UxjzFzw3Hw== X-Google-Smtp-Source: ACHHUZ7nv5K7ECLLOvdzDMOFCbFLIF5tzYcmqpXQBX7vUIOnh4po3uihcRiWMsMPseAt7EDQrBC7nA== X-Received: by 2002:a17:907:7207:b0:96a:937c:5608 with SMTP id dr7-20020a170907720700b0096a937c5608mr2219018ejc.53.1683886419990; Fri, 12 May 2023 03:13:39 -0700 (PDT) Received: from debianHome.localdomain (dynamic-095-116-181-041.95.116.pool.telefonica.de. [95.116.181.41]) by smtp.gmail.com with ESMTPSA id n5-20020a1709065da500b0096616adc0d5sm5233551ejv.104.2023.05.12.03.13.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 12 May 2023 03:13:39 -0700 (PDT) From: =?utf-8?q?Christian_G=C3=B6ttsche?= To: selinux@vger.kernel.org Subject: [PATCH 4/4] libsepol: replace log_err() by ERR() Date: Fri, 12 May 2023 12:13:33 +0200 Message-Id: <20230512101333.67196-4-cgzones@googlemail.com> X-Mailer: git-send-email 2.40.1 In-Reply-To: <20230512101333.67196-1-cgzones@googlemail.com> References: <20230512101333.67196-1-cgzones@googlemail.com> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Use the libsepol internal wrapper ERR() with a NULL handler to emit error messages. ERR() will besides adding a prefix of "libsepol" also write to stderr. One benefit is the option to suppress the messages via sepol_debug(), although marked deprecated, e.g. in fuzzers. --- libsepol/src/module_to_cil.c | 173 ++++++++++++++++------------------- 1 file changed, 80 insertions(+), 93 deletions(-) diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c index e7bc6ee6..1a490089 100644 --- a/libsepol/src/module_to_cil.c +++ b/libsepol/src/module_to_cil.c @@ -52,6 +52,7 @@ #include #include +#include "debug.h" #include "kernel_to_common.h" #include "private.h" #include "module_internal.h" @@ -71,24 +72,10 @@ static FILE *out_file; #define TYPEATTR_INFIX "_typeattr_" /* Also in libsepol/cil/src/cil_post.c */ #define ROLEATTR_INFIX "_roleattr_" -__attribute__ ((format(printf, 1, 2))) -static void log_err(const char *fmt, ...) -{ - va_list argptr; - va_start(argptr, fmt); - if (vfprintf(stderr, fmt, argptr) < 0) { - _exit(EXIT_FAILURE); - } - va_end(argptr); - if (fprintf(stderr, "\n") < 0) { - _exit(EXIT_FAILURE); - } -} - static void cil_indent(int indent) { if (fprintf(out_file, "%*s", indent * 4, "") < 0) { - log_err("Failed to write to output"); + ERR(NULL, "Failed to write to output"); _exit(EXIT_FAILURE); } } @@ -98,7 +85,7 @@ static void cil_printf(const char *fmt, ...) { va_list argptr; va_start(argptr, fmt); if (vfprintf(out_file, fmt, argptr) < 0) { - log_err("Failed to write to output"); + ERR(NULL, "Failed to write to output"); _exit(EXIT_FAILURE); } va_end(argptr); @@ -111,12 +98,12 @@ static void cil_println(int indent, const char *fmt, ...) cil_indent(indent); va_start(argptr, fmt); if (vfprintf(out_file, fmt, argptr) < 0) { - log_err("Failed to write to output"); + ERR(NULL, "Failed to write to output"); _exit(EXIT_FAILURE); } va_end(argptr); if (fprintf(out_file, "\n") < 0) { - log_err("Failed to write to output"); + ERR(NULL, "Failed to write to output"); _exit(EXIT_FAILURE); } } @@ -142,7 +129,7 @@ static int get_line(char **start, char *end, char **line) *line = malloc(len+1); if (*line == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -593,7 +580,7 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const rule = "typechange"; break; default: - log_err("Unknown avrule type: %i", type); + ERR(NULL, "Unknown avrule type: %i", type); rc = -1; goto exit; } @@ -602,7 +589,7 @@ static int avrule_to_cil(int indent, struct policydb *pdb, uint32_t type, const if (type & AVRULE_AV) { perms = sepol_av_to_string(pdb, classperm->tclass, classperm->data); if (perms == NULL) { - log_err("Failed to generate permission string"); + ERR(NULL, "Failed to generate permission string"); rc = -1; goto exit; } @@ -702,7 +689,7 @@ static int avrulex_to_cil(int indent, struct policydb *pdb, uint32_t type, const rule = "neverallowx"; break; default: - log_err("Unknown avrule xperm type: %i", type); + ERR(NULL, "Unknown avrule xperm type: %i", type); rc = -1; goto exit; } @@ -762,13 +749,13 @@ static char *get_new_attr_name(struct policydb *pdb, int is_type) len = strlen(pdb->name) + strlen(infix) + num_digits(num_attrs) + 1; attr_name = malloc(len); if (!attr_name) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } rlen = snprintf(attr_name, len, "%s%s%i", pdb->name, infix, num_attrs); if (rlen < 0 || rlen >= len) { - log_err("Failed to generate attribute name"); + ERR(NULL, "Failed to generate attribute name"); free(attr_name); attr_name = NULL; goto exit; @@ -785,7 +772,7 @@ static int cil_add_attr_to_list(struct list *attr_list, char *attr_name, int is_ attr_list_node = calloc(1, sizeof(*attr_list_node)); if (attr_list_node == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -975,7 +962,7 @@ static int set_to_names(struct policydb *pdb, int is_type, void *set, struct lis *names = malloc(sizeof(char *)); if (!*names) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -997,7 +984,7 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n num = 0; ebitmap_for_each_positive_bit(map, node, i) { if (num >= UINT32_MAX / sizeof(*name_arr)) { - log_err("Overflow"); + ERR(NULL, "Overflow"); rc = -1; goto exit; } @@ -1012,7 +999,7 @@ static int ebitmap_to_names(struct ebitmap *map, char **vals_to_names, char ***n name_arr = calloc(num, sizeof(*name_arr)); if (name_arr == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -1139,25 +1126,25 @@ static int name_list_to_string(char **names, unsigned int num_names, char **stri for (i = 0; i < num_names; i++) { if (__builtin_add_overflow(len, strlen(names[i]), &len)) { - log_err("Overflow"); + ERR(NULL, "Overflow"); return -1; } } // add spaces + null terminator if (__builtin_add_overflow(len, (size_t)num_names, &len)) { - log_err("Overflow"); + ERR(NULL, "Overflow"); return -1; } if (!len) { - log_err("Empty list"); + ERR(NULL, "Empty list"); return -1; } str = malloc(len); if (str == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -1266,7 +1253,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr * rc = stack_init(&stack); if (rc != 0) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } @@ -1277,13 +1264,13 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr * len = strlen(val1) + 2 + 1; new_val = malloc(len); if (new_val == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } rlen = snprintf(new_val, len, "(%s)", val1); if (rlen < 0 || rlen >= len) { - log_err("Failed to generate conditional expression"); + ERR(NULL, "Failed to generate conditional expression"); rc = -1; goto exit; } @@ -1306,7 +1293,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr * val1 = stack_pop(stack); val2 = strdup(""); if (val2 == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -1318,7 +1305,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr * } if (val1 == NULL || val2 == NULL) { - log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); rc = -1; goto exit; } @@ -1331,14 +1318,14 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr * len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1; new_val = malloc(len); if (new_val == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } rlen = snprintf(new_val, len, "(%s %s%s%s)", op, val1, sep, val2); if (rlen < 0 || rlen >= len) { - log_err("Failed to generate conditional expression"); + ERR(NULL, "Failed to generate conditional expression"); rc = -1; goto exit; } @@ -1351,7 +1338,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr * rc = stack_push(stack, new_val); if (rc != 0) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } new_val = NULL; @@ -1365,7 +1352,7 @@ static int cond_expr_to_cil(int indent, struct policydb *pdb, struct cond_expr * val1 = stack_pop(stack); if (val1 == NULL || stack_peek(stack) != NULL) { - log_err("Invalid conditional expression"); + ERR(NULL, "Invalid conditional expression"); rc = -1; goto exit; } @@ -1739,7 +1726,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp case CEXPR_DOMBY: op = "domby"; break; case CEXPR_INCOMP: op = "incomp"; break; default: - log_err("Unknown constraint operator type: %i", expr->op); + ERR(NULL, "Unknown constraint operator type: %i", expr->op); rc = -1; goto exit; } @@ -1761,7 +1748,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp case CEXPR_L1H1: attr1 = "l1"; attr2 = "h1"; break; case CEXPR_L2H2: attr1 = "l2"; attr2 = "h2"; break; default: - log_err("Unknown expression attribute type: %i", expr->attr); + ERR(NULL, "Unknown expression attribute type: %i", expr->attr); rc = -1; goto exit; } @@ -1771,13 +1758,13 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp len = strlen(op) + strlen(attr1) + strlen(attr2) + 2 + 2 + 1; new_val = malloc(len); if (new_val == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } rlen = snprintf(new_val, len, "(%s %s %s)", op, attr1, attr2); if (rlen < 0 || rlen >= len) { - log_err("Failed to generate constraint expression"); + ERR(NULL, "Failed to generate constraint expression"); rc = -1; goto exit; } @@ -1819,7 +1806,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp } new_val = malloc(len); if (new_val == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -1829,7 +1816,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp rlen = snprintf(new_val, len, "(%s %s %s)", op, attr1, names); } if (rlen < 0 || rlen >= len) { - log_err("Failed to generate constraint expression"); + ERR(NULL, "Failed to generate constraint expression"); rc = -1; goto exit; } @@ -1844,7 +1831,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp case CEXPR_AND: op = "and"; break; case CEXPR_OR: op = "or"; break; default: - log_err("Unknown constraint expression type: %i", expr->expr_type); + ERR(NULL, "Unknown constraint expression type: %i", expr->expr_type); rc = -1; goto exit; } @@ -1855,7 +1842,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp val1 = stack_pop(stack); val2 = strdup(""); if (val2 == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -1867,7 +1854,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp } if (val1 == NULL || val2 == NULL) { - log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); rc = -1; goto exit; } @@ -1880,14 +1867,14 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1; new_val = malloc(len); if (new_val == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } rlen = snprintf(new_val, len, "(%s %s%s%s)", op, val1, sep, val2); if (rlen < 0 || rlen >= len) { - log_err("Failed to generate constraint expression"); + ERR(NULL, "Failed to generate constraint expression"); rc = -1; goto exit; } @@ -1900,7 +1887,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp rc = stack_push(stack, new_val); if (rc != 0) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); goto exit; } @@ -1909,7 +1896,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp new_val = stack_pop(stack); if (new_val == NULL || stack_peek(stack) != NULL) { - log_err("Invalid constraint expression"); + ERR(NULL, "Invalid constraint expression"); rc = -1; goto exit; } @@ -2012,7 +1999,7 @@ static int class_to_cil(int indent, struct policydb *pdb, struct avrule_block *U case DEFAULT_SOURCE: dflt = "source"; break; case DEFAULT_TARGET: dflt = "target"; break; default: - log_err("Unknown default user value: %i", class->default_user); + ERR(NULL, "Unknown default user value: %i", class->default_user); rc = -1; goto exit; } @@ -2024,7 +2011,7 @@ static int class_to_cil(int indent, struct policydb *pdb, struct avrule_block *U case DEFAULT_SOURCE: dflt = "source"; break; case DEFAULT_TARGET: dflt = "target"; break; default: - log_err("Unknown default role value: %i", class->default_role); + ERR(NULL, "Unknown default role value: %i", class->default_role); rc = -1; goto exit; } @@ -2036,7 +2023,7 @@ static int class_to_cil(int indent, struct policydb *pdb, struct avrule_block *U case DEFAULT_SOURCE: dflt = "source"; break; case DEFAULT_TARGET: dflt = "target"; break; default: - log_err("Unknown default type value: %i", class->default_type); + ERR(NULL, "Unknown default type value: %i", class->default_type); rc = -1; goto exit; } @@ -2053,7 +2040,7 @@ static int class_to_cil(int indent, struct policydb *pdb, struct avrule_block *U case DEFAULT_TARGET_LOW_HIGH: dflt = "target low-high"; break; case DEFAULT_GLBLUB: dflt = "glblub"; break; default: - log_err("Unknown default range value: %i", class->default_range); + ERR(NULL, "Unknown default range value: %i", class->default_range); rc = -1; goto exit; } @@ -2168,7 +2155,7 @@ static int role_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN } if (ebitmap_cardinality(&role->dominates) > 1) { - log_err("Warning: role 'dominance' statement unsupported in CIL. Dropping from output."); + ERR(NULL, "Warning: role 'dominance' statement unsupported in CIL. Dropping from output."); } ts = &role->types; @@ -2218,7 +2205,7 @@ static int role_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN break; default: - log_err("Unknown role type: %i", role->flavor); + ERR(NULL, "Unknown role type: %i", role->flavor); rc = -1; goto exit; } @@ -2297,7 +2284,7 @@ static int type_to_cil(int indent, struct policydb *pdb, struct avrule_block *UN case TYPE_ALIAS: break; default: - log_err("Unknown flavor (%i) of type %s", type->flavor, key); + ERR(NULL, "Unknown flavor (%i) of type %s", type->flavor, key); rc = -1; goto exit; } @@ -2477,7 +2464,7 @@ static int polcaps_to_cil(struct policydb *pdb) ebitmap_for_each_positive_bit(map, node, i) { name = sepol_polcap_getname(i); if (name == NULL) { - log_err("Unknown policy capability id: %i", i); + ERR(NULL, "Unknown policy capability id: %i", i); rc = -1; goto exit; } @@ -2564,13 +2551,13 @@ static int ocontext_isid_to_cil(struct policydb *pdb, const char *const *sid_to_ // ocontext) for sidorder statement item = malloc(sizeof(*item)); if (item == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } item->sid_key = strdup(sid); if (!item->sid_key) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -2616,7 +2603,7 @@ exit: static int ocontext_selinux_fs_to_cil(struct policydb *UNUSED(pdb), struct ocontext *fss) { if (fss != NULL) { - log_err("Warning: 'fscon' statement unsupported in CIL. Dropping from output."); + ERR(NULL, "Warning: 'fscon' statement unsupported in CIL. Dropping from output."); } return 0; @@ -2638,7 +2625,7 @@ static int ocontext_selinux_port_to_cil(struct policydb *pdb, struct ocontext *p case IPPROTO_DCCP: protocol = "dccp"; break; case IPPROTO_SCTP: protocol = "sctp"; break; default: - log_err("Unknown portcon protocol: %i", portcon->u.port.protocol); + ERR(NULL, "Unknown portcon protocol: %i", portcon->u.port.protocol); rc = -1; goto exit; } @@ -2680,7 +2667,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb, if (inet_ntop(AF_INET6, &subnet_prefix.s6_addr, subnet_prefix_str, INET6_ADDRSTRLEN) == NULL) { - log_err("ibpkeycon subnet_prefix is invalid: %m"); + ERR(NULL, "ibpkeycon subnet_prefix is invalid: %m"); rc = -1; goto exit; } @@ -2725,13 +2712,13 @@ static int ocontext_selinux_node_to_cil(struct policydb *pdb, struct ocontext *n for (node = nodes; node != NULL; node = node->next) { if (inet_ntop(AF_INET, &node->u.node.addr, addr, INET_ADDRSTRLEN) == NULL) { - log_err("Nodecon address is invalid: %m"); + ERR(NULL, "Nodecon address is invalid: %m"); rc = -1; goto exit; } if (inet_ntop(AF_INET, &node->u.node.mask, mask, INET_ADDRSTRLEN) == NULL) { - log_err("Nodecon mask is invalid: %m"); + ERR(NULL, "Nodecon mask is invalid: %m"); rc = -1; goto exit; } @@ -2757,13 +2744,13 @@ static int ocontext_selinux_node6_to_cil(struct policydb *pdb, struct ocontext * for (node = nodes; node != NULL; node = node->next) { if (inet_ntop(AF_INET6, &node->u.node6.addr, addr, INET6_ADDRSTRLEN) == NULL) { - log_err("Nodecon address is invalid: %m"); + ERR(NULL, "Nodecon address is invalid: %m"); rc = -1; goto exit; } if (inet_ntop(AF_INET6, &node->u.node6.mask, mask, INET6_ADDRSTRLEN) == NULL) { - log_err("Nodecon mask is invalid: %m"); + ERR(NULL, "Nodecon mask is invalid: %m"); rc = -1; goto exit; } @@ -2807,7 +2794,7 @@ static int ocontext_selinux_fsuse_to_cil(struct policydb *pdb, struct ocontext * case SECURITY_FS_USE_TRANS: behavior = "trans"; break; case SECURITY_FS_USE_TASK: behavior = "task"; break; default: - log_err("Unknown fsuse behavior: %i", fsuse->v.behavior); + ERR(NULL, "Unknown fsuse behavior: %i", fsuse->v.behavior); rc = -1; goto exit; } @@ -2950,7 +2937,7 @@ static int ocontexts_to_cil(struct policydb *pdb) ocon_funcs = ocon_xen_funcs; break; default: - log_err("Unknown target platform: %i", pdb->target_platform); + ERR(NULL, "Unknown target platform: %i", pdb->target_platform); rc = -1; goto exit; } @@ -3022,7 +3009,7 @@ static int level_string_to_cil(char *levelstr) matched = tokenize(levelstr, ':', 2, &sens, &cats); if (matched < 1 || matched > 2) { - log_err("Invalid level: %s", levelstr); + ERR(NULL, "Invalid level: %s", levelstr); rc = -1; goto exit; } @@ -3087,7 +3074,7 @@ static int context_string_to_cil(char *contextstr) matched = tokenize(contextstr, ':', 4, &user, &role, &type, &level); if (matched < 3 || matched > 4) { - log_err("Invalid context: %s", contextstr); + ERR(NULL, "Invalid context: %s", contextstr); rc = -1; goto exit; } @@ -3148,7 +3135,7 @@ static int seusers_to_cil(struct sepol_module_package *mod_pkg) matched = tokenize(tmp, ':', 3, &user, &seuser, &level); if (matched < 2 || matched > 3) { - log_err("Invalid seuser line: %s", line); + ERR(NULL, "Invalid seuser line: %s", line); rc = -1; goto exit; } @@ -3197,7 +3184,7 @@ static int netfilter_contexts_to_cil(struct sepol_module_package *mod_pkg) size_t netcons_len = sepol_module_package_get_netfilter_contexts_len(mod_pkg); if (netcons_len > 0) { - log_err("Warning: netfilter_contexts are unsupported in CIL. Dropping from output."); + ERR(NULL, "Warning: netfilter_contexts are unsupported in CIL. Dropping from output."); } return 0; @@ -3239,7 +3226,7 @@ static int user_extra_to_cil(struct sepol_module_package *mod_pkg) matched = tokenize(tmp, ' ', 4, &user_str, &user, &prefix_str, &prefix); if (matched != 4) { rc = -1; - log_err("Invalid user extra line: %s", line); + ERR(NULL, "Invalid user extra line: %s", line); goto exit; } @@ -3247,7 +3234,7 @@ static int user_extra_to_cil(struct sepol_module_package *mod_pkg) eol = prefix + prefix_len - 1; if (*eol != ';' || strcmp(user_str, "user") || strcmp(prefix_str, "prefix")) { rc = -1; - log_err("Invalid user extra line: %s", line); + ERR(NULL, "Invalid user extra line: %s", line); goto exit; } *eol = '\0'; @@ -3309,7 +3296,7 @@ static int file_contexts_to_cil(struct sepol_module_package *mod_pkg) matched = tokenize(tmp, ' ', 3, ®ex, &mode, &context); if (matched < 2 || matched > 3) { rc = -1; - log_err("Invalid file context line: %s", line); + ERR(NULL, "Invalid file context line: %s", line); goto exit; } @@ -3336,7 +3323,7 @@ static int file_contexts_to_cil(struct sepol_module_package *mod_pkg) cilmode = "symlink"; } else { rc = -1; - log_err("Invalid mode in file context line: %s", line); + ERR(NULL, "Invalid mode in file context line: %s", line); goto exit; } @@ -3734,7 +3721,7 @@ static int module_block_to_cil(struct policydb *pdb, struct avrule_block *block, } if (decl->next != NULL) { - log_err("Warning: 'else' blocks in optional statements are unsupported in CIL. Dropping from output."); + ERR(NULL, "Warning: 'else' blocks in optional statements are unsupported in CIL. Dropping from output."); } if (block->flags & AVRULE_OPTIONAL) { @@ -3775,7 +3762,7 @@ static int global_block_to_cil(struct policydb *pdb, struct avrule_block *block, } if (decl->next != NULL) { - log_err("Warning: 'else' not allowed in global block. Dropping from output."); + ERR(NULL, "Warning: 'else' not allowed in global block. Dropping from output."); } stack_push(stack, decl); @@ -3912,7 +3899,7 @@ static int handle_unknown_to_cil(struct policydb *pdb) hu = "allow"; break; default: - log_err("Unknown value for handle-unknown: %i", pdb->handle_unknown); + ERR(NULL, "Unknown value for handle-unknown: %i", pdb->handle_unknown); rc = -1; goto exit; } @@ -3981,7 +3968,7 @@ static int fix_module_name(struct policydb *pdb) if (pdb->policy_type == POLICY_BASE) { pdb->name = strdup("base"); if (pdb->name == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -4015,7 +4002,7 @@ int sepol_module_policydb_to_cil(FILE *fp, struct policydb *pdb, int linked) if (pdb->policy_type != SEPOL_POLICY_BASE && pdb->policy_type != SEPOL_POLICY_MOD) { - log_err("Policy package is not a base or module"); + ERR(NULL, "Policy package is not a base or module"); rc = -1; goto exit; } @@ -4121,7 +4108,7 @@ int sepol_module_package_to_cil(FILE *fp, struct sepol_module_package *mod_pkg) pdb = sepol_module_package_get_policy(mod_pkg); if (pdb == NULL) { - log_err("Failed to get policydb"); + ERR(NULL, "Failed to get policydb"); rc = -1; goto exit; } @@ -4167,7 +4154,7 @@ static int fp_to_buffer(FILE *fp, char **data, size_t *data_len) d = malloc(max_len); if (d == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -4178,7 +4165,7 @@ static int fp_to_buffer(FILE *fp, char **data, size_t *data_len) max_len *= 2; d_tmp = realloc(d, max_len); if (d_tmp == NULL) { - log_err("Out of memory"); + ERR(NULL, "Out of memory"); rc = -1; goto exit; } @@ -4187,7 +4174,7 @@ static int fp_to_buffer(FILE *fp, char **data, size_t *data_len) } if (ferror(fp) != 0) { - log_err("Failed to read pp file"); + ERR(NULL, "Failed to read pp file"); rc = -1; goto exit; } @@ -4214,7 +4201,7 @@ int sepol_ppfile_to_module_package(FILE *fp, struct sepol_module_package **mod_p rc = sepol_policy_file_create(&pf); if (rc != 0) { - log_err("Failed to create policy file"); + ERR(NULL, "Failed to create policy file"); goto exit; } @@ -4240,13 +4227,13 @@ int sepol_ppfile_to_module_package(FILE *fp, struct sepol_module_package **mod_p rc = sepol_module_package_create(&pkg); if (rc != 0) { - log_err("Failed to create module package"); + ERR(NULL, "Failed to create module package"); goto exit; } rc = sepol_module_package_read(pkg, pf, 0); if (rc != 0) { - log_err("Failed to read policy package"); + ERR(NULL, "Failed to read policy package"); goto exit; }