checkpolicy: drop global policyvers variable

Drop the global variable policyvers. The variable is only used within checkpolicy.c and checkmodule.c, but never in any shared code. Since the variable declaration is the only content of checkpolicy.h drop it. Also set the policy version before calls to read_source_policy(), so the parser can access the requested version for checks this way. Signed-off-by: Christian Göttsche <[email protected]> Acked-by: James Carter <[email protected]>
SELinuxProject · May 1, 2024 · 82d9913 · 82d9913
1 parent 505d1b4
commit 82d9913
Show file tree

Hide file tree

Showing 6 changed files with 9 additions and 19 deletions.
diff --git a/checkpolicy/checkmodule.c b/checkpolicy/checkmodule.c
@@ -31,7 +31,6 @@
 #include <sepol/policydb/sidtab.h>
 
 #include "queue.h"
-#include "checkpolicy.h"
 #include "parse_util.h"
 
 static sidtab_t sidtab;
@@ -43,9 +42,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN;
 static const char *txtfile = "policy.conf";
 static const char *binfile = "policy";
 
-static unsigned int policy_type = POLICY_BASE;
-unsigned int policyvers = MOD_POLICYDB_VERSION_MAX;
-
 static int read_binary_policy(policydb_t * p, const char *file, const char *progname)
 {
  int fd;
@@ -107,7 +103,7 @@ static int read_binary_policy(policydb_t * p, const char *file, const char *prog
  return 0;
 }
 
-static int write_binary_policy(policydb_t * p, FILE *outfp)
+static int write_binary_policy(policydb_t * p, FILE *outfp, unsigned int policy_type, unsigned int policyvers)
 {
  struct policy_file pf;
 
@@ -150,6 +146,8 @@ int main(int argc, char **argv)
 {
  const char *file = txtfile, *outfile = NULL;
  unsigned int binary = 0, cil = 0, disable_neverallow = 0;
+ unsigned int policy_type = POLICY_BASE;
+ unsigned int policyvers = MOD_POLICYDB_VERSION_MAX;
  int ch;
  int show_version = 0;
  policydb_t modpolicydb;
@@ -279,6 +277,7 @@ int main(int argc, char **argv)
  modpolicydb.policy_type = policy_type;
  modpolicydb.mls = mlspol;
  modpolicydb.handle_unknown = handle_unknown;
+ modpolicydb.policyvers = policyvers;
 
  if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {
  exit(1);
@@ -343,7 +342,7 @@ int main(int argc, char **argv)
  }
 
  if (!cil) {
- if (write_binary_policy(&modpolicydb, outfp) != 0) {
+ if (write_binary_policy(&modpolicydb, outfp, policy_type, policyvers) != 0) {
  fprintf(stderr, "%s: error writing %s\n", argv[0], outfile);
  exit(1);
  }

diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
@@ -89,7 +89,6 @@
 #include <sepol/policydb/link.h>
 
 #include "queue.h"
-#include "checkpolicy.h"
 #include "parse_util.h"
 
 static policydb_t policydb;
@@ -103,8 +102,6 @@ static int handle_unknown = SEPOL_DENY_UNKNOWN;
 static const char *txtfile = "policy.conf";
 static const char *binfile = "policy";
 
-unsigned int policyvers = 0;
-
 static __attribute__((__noreturn__)) void usage(const char *progname)
 {
  printf
@@ -395,6 +392,7 @@ int main(int argc, char **argv)
  unsigned int binary = 0, debug = 0, sort = 0, cil = 0, conf = 0, optimize = 0, disable_neverallow = 0;
  struct val_to_name v;
  int ret, ch, fd, target = SEPOL_TARGET_SELINUX;
+ unsigned int policyvers = 0;
  unsigned int nel, uret;
  struct stat sb;
  void *map;
@@ -613,6 +611,7 @@ int main(int argc, char **argv)
  /* Let sepol know if we are dealing with MLS support */
  parse_policy.mls = mlspol;
  parse_policy.handle_unknown = handle_unknown;
+ parse_policy.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
 
  policydbp = &parse_policy;
 
@@ -637,11 +636,10 @@ int main(int argc, char **argv)
  fprintf(stderr, "Error while expanding policy\n");
  exit(1);
  }
+ policydb.policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
  policydb_destroy(policydbp);
  policydbp = &policydb;
  }
-
- policydbp->policyvers = policyvers ? policyvers : POLICYDB_VERSION_MAX;
  }
 
  if (policydb_load_isids(&policydb, &sidtab))

diff --git a/checkpolicy/checkpolicy.h b/checkpolicy/checkpolicy.h
diff --git a/checkpolicy/fuzz/checkpolicy-fuzzer.c b/checkpolicy/fuzz/checkpolicy-fuzzer.c
@@ -200,6 +200,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
  parsepolicydb.policy_type = POLICY_BASE;
  parsepolicydb.mls = mls;
  parsepolicydb.handle_unknown = DENY_UNKNOWN;
+ parsepolicydb.policyvers = policyvers;
  policydb_set_target_platform(&parsepolicydb, platform);
 
  if (read_source_policy(&parsepolicydb, data, size))

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
@@ -55,7 +55,6 @@
 #include <sepol/policydb/hierarchy.h>
 #include <sepol/policydb/polcaps.h>
 #include "queue.h"
-#include "checkpolicy.h"
 #include "module_compiler.h"
 #include "policy_define.h"
 

diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
@@ -49,7 +49,6 @@
 #include <sepol/policydb/hierarchy.h>
 #include <sepol/policydb/polcaps.h>
 #include "queue.h"
-#include "checkpolicy.h"
 #include "module_compiler.h"
 #include "policy_define.h"