Commit a34059b1 authored by John Johansen's avatar John Johansen Committed by Tyler Hicks

Convert the parser to C++

This conversion is nothing more than what is required to get it to
compile. Further improvements will come as the code is refactored.

Unfortunately due to C++ not supporting designated initializers, the auto
generation of af names needed to be reworked, and "netlink" and "unix"
domain socket keywords leaked in. Since these where going to be added in
separate patches I have not bothered to do the extra work to replace them
with a temporary place holder.
Signed-off-by: default avatarJohn Johansen <john.johansen@canonical.com>
[tyhicks: merged with dbus changes and memory leak fixes]
Signed-off-by: Tyler Hicks's avatarTyler Hicks <tyhicks@canonical.com>
Acked-by: default avatarSeth Arnold <seth.arnold@canonical.com>
Acked-by: Steve Beattie's avatarSteve Beattie <steve@nxnw.org>
parent b0a14888
......@@ -193,12 +193,12 @@ list_capabilities: /usr/include/linux/capability.h
# to mediate. We use PF_ here since that is what is required in
# bits/socket.h, but we will rewrite these as AF_.
FILTER_FAMILIES=PF_UNSPEC PF_UNIX PF_LOCAL PF_NETLINK
FILTER_FAMILIES=PF_UNIX
__FILTER=$(shell echo $(strip $(FILTER_FAMILIES)) | sed -e 's/ /\\\|/g')
# emits the AF names in a "AF_NAME NUMBER," pattern
AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e '/$(__FILTER)/d' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
AF_NAMES=$(shell echo "\#include <sys/socket.h>" | cpp -dM | LC_ALL=C sed -n -e '/$(__FILTER)/d' -e 's/PF_LOCAL/PF_UNIX/' -e 's/^\#define[ \t]\+PF_\([A-Z0-9_]\+\)[ \t]\+\([0-9]\+\).*$$/AF_\1 \2,/p' | sort -n -k2)
.PHONY: list_af_names
list_af_names:
......
......@@ -40,11 +40,11 @@ LEXFLAGS = -B -v
WARNINGS = -Wall
EXTRA_WARNINGS = -Wsign-compare -Wmissing-field-initializers -Wformat-security -Wunused-parameter
CXX_WARNINGS = ${WARNINGS} $(shell for warning in ${EXTRA_WARNINGS} ; do \
if ${CC} $${warning} -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then \
if ${CXX} $${warning} -S -o /dev/null -xc /dev/null >/dev/null 2>&1; then \
echo "$${warning}"; \
fi ; \
done)
CPP_WARNINGS = -Wstrict-prototypes -Wnested-externs
CPP_WARNINGS =
ifndef CFLAGS
CFLAGS = -g -O2 -pipe
......@@ -163,52 +163,52 @@ parser_lex.c: parser_lex.l parser_yacc.h parser.h
$(LEX) ${LEXFLAGS} -o$@ $<
parser_lex.o: parser_lex.c parser.h parser_yacc.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_misc.o: parser_misc.c parser.h parser_yacc.h af_names.h cap_names.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_yacc.o: parser_yacc.c parser_yacc.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_main.o: parser_main.c parser.h parser_version.h libapparmor_re/apparmor_re.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_interface.o: parser_interface.c parser.h libapparmor_re/apparmor_re.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_include.o: parser_include.c parser.h parser_include.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_merge.o: parser_merge.c parser.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_regex.o: parser_regex.c parser.h libapparmor_re/apparmor_re.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_symtab.o: parser_symtab.c parser.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_variable.o: parser_variable.c parser.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_policy.o: parser_policy.c parser.h parser_yacc.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_alias.o: parser_alias.c parser.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_common.o: parser_common.c parser.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
mount.o: mount.c mount.h parser.h immunix.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
lib.o: lib.c lib.h parser.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
dbus.o: dbus.c dbus.h parser.h immunix.h
$(CC) $(EXTRA_CFLAGS) -c -o $@ $<
$(CXX) $(EXTRA_CFLAGS) -c -o $@ $<
parser_version.h: Makefile
@echo \#define PARSER_VERSION \"$(VERSION)\" > .ver
......@@ -228,7 +228,7 @@ cap_names.h: /usr/include/linux/capability.h
echo "$(CAPABILITIES)" | LC_ALL=C sed -n -e "s/[ \\t]\\?CAP_\\([A-Z0-9_]\\+\\)/\{\"\\L\\1\", \\UCAP_\\1\},\\n/pg" > $@
tst_%: parser_%.c parser.h $(filter-out parser_%.o, ${TEST_OBJECTS})
$(CC) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS)
$(CXX) $(TEST_CFLAGS) -o $@ $< $(filter-out $(<:.c=.o), ${TEST_OBJECTS}) $(TEST_LDFLAGS)
.SILENT: check
.PHONY: check
......
......@@ -70,11 +70,13 @@ int dirat_for_each(DIR *dir, const char *name, void *data,
}
if (dir && (!name || *name != '/')) {
dirent = malloc(offsetof(struct dirent, d_name) +
fpathconf(dirfd(dir), _PC_NAME_MAX) + 1);
dirent = (struct dirent *)
malloc(offsetof(struct dirent, d_name) +
fpathconf(dirfd(dir), _PC_NAME_MAX) + 1);
} else {
dirent = malloc(offsetof(struct dirent, d_name) +
pathconf(name, _PC_NAME_MAX) + 1);
dirent = (struct dirent *)
malloc(offsetof(struct dirent, d_name) +
pathconf(name, _PC_NAME_MAX) + 1);
}
if (!dirent) {
PDEBUG("could not alloc dirent");
......
......@@ -39,7 +39,7 @@ struct aare_ruleset {
Node *root;
};
extern "C" aare_ruleset_t *aare_new_ruleset(int reverse)
aare_ruleset_t *aare_new_ruleset(int reverse)
{
aare_ruleset_t *container = (aare_ruleset_t *) malloc(sizeof(aare_ruleset_t));
if (!container)
......@@ -51,7 +51,7 @@ extern "C" aare_ruleset_t *aare_new_ruleset(int reverse)
return container;
}
extern "C" void aare_delete_ruleset(aare_ruleset_t *rules)
void aare_delete_ruleset(aare_ruleset_t *rules)
{
if (rules) {
if (rules->root)
......@@ -62,7 +62,7 @@ extern "C" void aare_delete_ruleset(aare_ruleset_t *rules)
aare_reset_matchflags();
}
extern "C" int aare_add_rule(aare_ruleset_t *rules, char *rule, int deny,
int aare_add_rule(aare_ruleset_t *rules, char *rule, int deny,
uint32_t perms, uint32_t audit, dfaflags_t flags)
{
return aare_add_rule_vec(rules, deny, perms, audit, 1, &rule, flags);
......@@ -76,7 +76,7 @@ DenyMatchFlag *deny_flags[FLAGS_WIDTH][MATCH_FLAGS_SIZE];
MatchFlag *exec_match_flags[FLAGS_WIDTH][EXEC_MATCH_FLAGS_SIZE]; /* mods + unsafe + ix + pux * u::o */
ExactMatchFlag *exact_match_flags[FLAGS_WIDTH][EXEC_MATCH_FLAGS_SIZE]; /* mods + unsafe + ix + pux *u::o */
extern "C" void aare_reset_matchflags(void)
void aare_reset_matchflags(void)
{
uint32_t i, j;
#define RESET_FLAGS(group, size) { \
......@@ -94,7 +94,7 @@ extern "C" void aare_reset_matchflags(void)
#undef RESET_FLAGS
}
extern "C" int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
uint32_t perms, uint32_t audit,
int count, char **rulev, dfaflags_t flags)
{
......@@ -243,7 +243,7 @@ extern "C" int aare_add_rule_vec(aare_ruleset_t *rules, int deny,
* returns: buffer contain dfa tables, @size set to the size of the tables
* else NULL on failure
*/
extern "C" void *aare_create_dfa(aare_ruleset_t *rules, size_t *size,
void *aare_create_dfa(aare_ruleset_t *rules, size_t *size,
dfaflags_t flags)
{
char *buffer = NULL;
......
......@@ -19,36 +19,37 @@
#ifndef APPARMOR_RE_H
#define APPARMOR_RE_H
typedef enum dfaflags {
DFA_CONTROL_EQUIV = 1 << 0,
DFA_CONTROL_TREE_NORMAL = 1 << 1,
DFA_CONTROL_TREE_SIMPLE = 1 << 2,
DFA_CONTROL_TREE_LEFT = 1 << 3,
DFA_CONTROL_MINIMIZE = 1 << 4,
DFA_CONTROL_MINIMIZE_HASH_TRANS = 1 << 5,
DFA_CONTROL_FILTER_DENY = 1 << 6,
DFA_CONTROL_REMOVE_UNREACHABLE = 1 << 7,
DFA_CONTROL_TRANS_HIGH = 1 << 8,
typedef int dfaflags_t;
DFA_DUMP_MIN_PARTS = 1 << 13,
DFA_DUMP_UNIQ_PERMS = 1 << 14,
DFA_DUMP_MIN_UNIQ_PERMS = 1 << 15,
DFA_DUMP_TREE_STATS = 1 << 16,
DFA_DUMP_TREE = 1 << 17,
DFA_DUMP_SIMPLE_TREE = 1 << 18,
DFA_DUMP_PROGRESS = 1 << 19,
DFA_DUMP_STATS = 1 << 20,
DFA_DUMP_STATES = 1 << 21,
DFA_DUMP_GRAPH = 1 << 22,
DFA_DUMP_TRANS_PROGRESS = 1 << 23,
DFA_DUMP_TRANS_STATS = 1 << 24,
DFA_DUMP_TRANS_TABLE = 1 << 25,
DFA_DUMP_EQUIV = 1 << 26,
DFA_DUMP_EQUIV_STATS = 1 << 27,
DFA_DUMP_MINIMIZE = 1 << 28,
DFA_DUMP_UNREACHABLE = 1 << 29,
DFA_DUMP_RULE_EXPR = 1 << 30,
DFA_DUMP_NODE_TO_DFA = 1 << 31,
} dfaflags_t;
#define DFA_CONTROL_EQUIV (1 << 0)
#define DFA_CONTROL_TREE_NORMAL (1 << 1)
#define DFA_CONTROL_TREE_SIMPLE (1 << 2)
#define DFA_CONTROL_TREE_LEFT (1 << 3)
#define DFA_CONTROL_MINIMIZE (1 << 4)
#define DFA_CONTROL_MINIMIZE_HASH_TRANS (1 << 5)
#define DFA_CONTROL_FILTER_DENY (1 << 6)
#define DFA_CONTROL_REMOVE_UNREACHABLE (1 << 7)
#define DFA_CONTROL_TRANS_HIGH (1 << 8)
#define DFA_DUMP_MIN_PARTS (1 << 13)
#define DFA_DUMP_UNIQ_PERMS (1 << 14)
#define DFA_DUMP_MIN_UNIQ_PERMS (1 << 15)
#define DFA_DUMP_TREE_STATS (1 << 16)
#define DFA_DUMP_TREE (1 << 17)
#define DFA_DUMP_SIMPLE_TREE (1 << 18)
#define DFA_DUMP_PROGRESS (1 << 19)
#define DFA_DUMP_STATS (1 << 20)
#define DFA_DUMP_STATES (1 << 21)
#define DFA_DUMP_GRAPH (1 << 22)
#define DFA_DUMP_TRANS_PROGRESS (1 << 23)
#define DFA_DUMP_TRANS_STATS (1 << 24)
#define DFA_DUMP_TRANS_TABLE (1 << 25)
#define DFA_DUMP_EQUIV (1 << 26)
#define DFA_DUMP_EQUIV_STATS (1 << 27)
#define DFA_DUMP_MINIMIZE (1 << 28)
#define DFA_DUMP_UNREACHABLE (1 << 29)
#define DFA_DUMP_RULE_EXPR (1 << 30)
#define DFA_DUMP_NODE_TO_DFA (1 << 31)
#endif /* APPARMOR_RE_H */
......@@ -220,7 +220,7 @@
#include "mount.h"
struct mnt_keyword_table {
char *keyword;
const char *keyword;
unsigned int set;
unsigned int clear;
};
......@@ -272,8 +272,8 @@ static struct mnt_keyword_table mnt_opts_table[] = {
{"iversion", MS_IVERSION, 0},
{"noiversion", 0, MS_IVERSION},
{"strictatime", MS_STRICTATIME, 0},
{"user", 0, MS_NOUSER},
{"nouser", MS_NOUSER, 0},
{"user", 0, (unsigned int) MS_NOUSER},
{"nouser", (unsigned int) MS_NOUSER, 0},
{NULL, 0, 0}
};
......
......@@ -22,12 +22,18 @@
#ifndef __AA_PARSER_H
#define __AA_PARSER_H
#include <string.h>
#include <netinet/in.h>
#include <sys/resource.h>
#include "immunix.h"
#include "libapparmor_re/apparmor_re.h"
#include "libapparmor_re/aare_rules.h"
using namespace std;
#include <set>
struct mnt_ent;
/* Global variable to pass token to lexer. Will be replaced by parameter
......@@ -52,7 +58,7 @@ struct flagval {
struct named_transition {
int present;
char *namespace;
char *ns;
char *name;
};
......@@ -75,7 +81,7 @@ struct cond_entry {
};
struct cod_entry {
char *namespace;
char *ns;
char *name;
char *link_name;
char *nt_name;
......@@ -115,7 +121,7 @@ struct alt_name {
};
struct codomain {
char *namespace;
char *ns;
char *name; /* codomain name */
char *attachment;
struct alt_name *altnames;
......@@ -287,7 +293,7 @@ extern dfaflags_t dfaflags;
extern char *progname;
extern char *subdomainbase;
extern char *profilename;
extern char *profile_namespace;
extern char *profile_ns;
extern char *current_filename;
extern FILE *ofile;
extern int read_implies_exec;
......@@ -342,8 +348,7 @@ extern int get_rlimit(const char *name);
extern char *process_var(const char *var);
extern int parse_mode(const char *mode);
extern int parse_dbus_mode(const char *str_mode, int *mode, int fail);
extern struct cod_entry *new_entry(char *namespace, char *id, int mode,
char *link_id);
extern struct cod_entry *new_entry(char *ns, char *id, int mode, char *link_id);
extern struct aa_network_entry *new_network_ent(unsigned int family,
unsigned int type,
unsigned int protocol);
......
......@@ -50,7 +50,7 @@ int new_alias(const char *from, const char *to)
{
struct alias_rule *alias, **result;
alias = calloc(1, sizeof(struct alias_rule));
alias = (struct alias_rule *) calloc(1, sizeof(struct alias_rule));
if (!alias) {
PERROR("Failed to allocate memory: %s\n", strerror(errno));
goto fail;
......@@ -95,14 +95,14 @@ fail:
static char *do_alias(struct alias_rule *alias, const char *target)
{
int len = strlen(target) - strlen(alias->from) + strlen(alias->to);
char *new = malloc(len + 1);
if (!new) {
char *n = (char *) malloc(len + 1);
if (!n) {
PERROR("Failed to allocate memory: %s\n", strerror(errno));
return NULL;
}
sprintf(new, "%s%s", alias->to, target + strlen(alias->from));
sprintf(n, "%s%s", alias->to, target + strlen(alias->from));
/*fprintf(stderr, "replaced alias: from: %s, to: %s, name: %s\n %s\n", alias->from, alias->to, target, new);*/
return new;
return n;
}
static struct codomain *target_cod;
......@@ -123,22 +123,22 @@ static void process_entries(const void *nodep, VISIT value, int __unused level)
entry->alias_ignore)
continue;
if (entry->name && strncmp((*t)->from, entry->name, len) == 0) {
char *new = do_alias(*t, entry->name);
if (!new)
char *n = do_alias(*t, entry->name);
if (!n)
return;
dup = copy_cod_entry(entry);
free(dup->name);
dup->name = new;
dup->name = n;
}
if (entry->link_name &&
strncmp((*t)->from, entry->link_name, len) == 0) {
char *new = do_alias(*t, entry->link_name);
if (!new)
char *n = do_alias(*t, entry->link_name);
if (!n)
return;
if (!dup)
dup = copy_cod_entry(entry);
free(dup->link_name);
dup->link_name = new;
dup->link_name = n;
}
if (dup) {
dup->alias_ignore = 1;
......@@ -152,7 +152,6 @@ static void process_entries(const void *nodep, VISIT value, int __unused level)
}
}
static struct codomain *target_cod;
static void process_name(const void *nodep, VISIT value, int __unused level)
{
struct alias_rule **t = (struct alias_rule **) nodep;
......@@ -172,14 +171,14 @@ static void process_name(const void *nodep, VISIT value, int __unused level)
if (name && strncmp((*t)->from, name, len) == 0) {
struct alt_name *alt;
char *new = do_alias(*t, name);
if (!new)
char *n = do_alias(*t, name);
if (!n)
return;
/* aliases create alternate names */
alt = calloc(1, sizeof(struct alt_name));
alt = (struct alt_name *) calloc(1, sizeof(struct alt_name));
if (!alt)
return;
alt->name = new;
alt->name = n;
alt->next = cod->altnames;
cod->altnames = alt;
}
......
......@@ -34,11 +34,11 @@ int names_only = 0;
int current_lineno = 1;
int option = OPTION_ADD;
dfaflags_t dfaflags = DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS;
dfaflags_t dfaflags = (dfaflags_t)(DFA_CONTROL_TREE_NORMAL | DFA_CONTROL_TREE_SIMPLE | DFA_CONTROL_MINIMIZE | DFA_CONTROL_MINIMIZE_HASH_TRANS);
char *subdomainbase = NULL;
char *progname = __FILE__;
char *profile_namespace = NULL;
char *profile_ns = NULL;
char *profilename = NULL;
char *current_filename = NULL;
......
......@@ -291,7 +291,7 @@ void push_include_stack(char *filename)
{
struct include_stack_t *include = NULL;
include = malloc(sizeof(*include));
include = (struct include_stack_t *) malloc(sizeof(*include));
if (!include) {
perror("malloc of included file stack tracker");
/* failures in this area are non-fatal */
......
......@@ -214,7 +214,7 @@ struct __sdserialize {
sd_serialize *alloc_sd_serial(void)
{
sd_serialize *p = calloc(1, sizeof(sd_serialize));
sd_serialize *p = (sd_serialize *) calloc(1, sizeof(sd_serialize));
if (!p)
return NULL;
p->buffer = malloc(BUFFERINC);
......@@ -255,7 +255,7 @@ static inline void sd_inc(sd_serialize *p, int size)
inline long sd_serial_size(sd_serialize *p)
{
return (p->pos - p->buffer);
return (long) (p->pos) - (long) (p->buffer);
}
/* routines for writing data to the serialization buffer */
......@@ -265,14 +265,14 @@ inline int sd_prepare_write(sd_serialize *p, enum sd_code code, size_t size)
if (p->pos + SD_CODE_SIZE + size > p->extent) {
long pos;
/* try and reallocate the buffer */
void *buffer = malloc(p->extent - p->buffer + (BUFFERINC * num));
memcpy(buffer, p->buffer, p->extent - p->buffer);
void *buffer = malloc((long)(p->extent) - (long)(p->buffer) + (BUFFERINC * num));
memcpy(buffer, p->buffer, (long)(p->extent) - (long)(p->buffer));
pos = p->pos - p->buffer;
pos = (long)(p->pos) - (long)(p->buffer);
if (buffer == NULL || errno == ENOMEM)
return 0;
p->extent = buffer + (p->extent - p->buffer) + (BUFFERINC * num);
p->extent = buffer + ((long)(p->extent) - (long)(p->buffer)) + (BUFFERINC * num);
free(p->buffer);
p->buffer = buffer;
p->pos = buffer + pos;
......@@ -367,7 +367,7 @@ inline int sd_write_aligned_blob(sd_serialize *p, void *b, int buf_size,
u32 tmp;
if (!sd_write_name(p, name))
return 0;
pad = align64((p->pos + 5) - p->buffer) - ((p->pos + 5) - p->buffer);
pad = align64(((long)(p->pos + 5) - (long)(p->buffer)) - ((long)(p->pos + 5) - (long)(p->buffer)));
if (!sd_prepare_write(p, SD_BLOB, 4 + buf_size + pad))
return 0;
tmp = cpu_to_le32(buf_size + pad);
......@@ -555,7 +555,7 @@ int sd_serialize_profile(sd_serialize *p, struct codomain *profile,
assert(profile->parent);
int res;
char *name = malloc(3 + strlen(profile->name) +
char *name = (char *) malloc(3 + strlen(profile->name) +
strlen(profile->parent->name));
if (!name)
return 0;
......@@ -687,11 +687,11 @@ int sd_serialize_top_profile(sd_serialize *p, struct codomain *profile)
if (!sd_write32(p, version))
return 0;
if (profile_namespace) {
if (!sd_write_string(p, profile_namespace, "namespace"))
if (profile_ns) {
if (!sd_write_string(p, profile_ns, "namespace"))
return 0;
} else if (profile->namespace) {
if (!sd_write_string(p, profile->namespace, "namespace"))
} else if (profile->ns) {
if (!sd_write_string(p, profile->ns, "namespace"))
return 0;
}
......@@ -751,15 +751,15 @@ int sd_serialize_codomain(int option, struct codomain *cod)
char *name, *ns = NULL;
int len = 0;
if (profile_namespace) {
len += strlen(profile_namespace) + 2;
ns = profile_namespace;
} else if (cod->namespace) {
len += strlen(cod->namespace) + 2;
ns = cod->namespace;
if (profile_ns) {
len += strlen(profile_ns) + 2;
ns = profile_ns;
} else if (cod->ns) {
len += strlen(cod->ns) + 2;
ns = cod->ns;
}
if (cod->parent) {
name = malloc(strlen(cod->name) + 3 +
name = (char *) malloc(strlen(cod->name) + 3 +
strlen(cod->parent->name) + len);
if (!name) {
PERROR(_("Memory Allocation Error: Unable to remove ^%s\n"), cod->name);
......@@ -773,7 +773,7 @@ int sd_serialize_codomain(int option, struct codomain *cod)
sprintf(name, "%s//%s", cod->parent->name,
cod->name);
} else if (ns) {
name = malloc(len + strlen(cod->name) + 1);
name = (char *) malloc(len + strlen(cod->name) + 1);
if (!name) {
PERROR(_("Memory Allocation Error: Unable to remove %s:%s."), ns, cod->name);
error = -errno;
......@@ -809,7 +809,7 @@ int sd_serialize_codomain(int option, struct codomain *cod)
goto exit;
}
size = work_area->pos - work_area->buffer;
size = (long) (work_area->pos) - (long)(work_area->buffer);
if (kernel_load || option == OPTION_STDOUT || option == OPTION_OFILE) {
wsize = write(fd, work_area->buffer, size);
if (wsize < 0) {
......
......@@ -104,10 +104,10 @@ do { \
#define YY_NO_INPUT
#define STATE_TABLE_ENT(X) [(X)] = #X
static const char *const state_names[];
/* static char *const state_names[]; */
struct ignored_suffix_t {
char * text;
const char * text;
int len;
int silent;
};
......@@ -136,7 +136,7 @@ static int is_blacklisted(const char *name, const char *path)
/* skip blacklisted suffixes */
for (suffix = ignored_suffixes; suffix->text; suffix++) {
char *found;
if ( (found = strstr(name, suffix->text)) &&
if ( (found = strstr((char *) name, suffix->text)) &&
found - name + suffix->len == name_len ) {
if (!suffix->silent)
PERROR("Ignoring: '%s'\n", path);
......@@ -637,15 +637,16 @@ static const char *const state_names[] = {
STATE_TABLE_ENT(SUB_ID),
STATE_TABLE_ENT(SUB_VALUE),
STATE_TABLE_ENT(EXTCOND_MODE),
STATE_TABLE_ENT(LIST_COND_VAL),
STATE_TABLE_ENT(LIST_COND_PAREN_VAL),
STATE_TABLE_ENT(LIST_COND_MODE),
STATE_TABLE_ENT(EXTCONDLIST_MODE),
STATE_TABLE_ENT(NETWORK_MODE),
STATE_TABLE_ENT(LIST_VAL_MODE),
STATE_TABLE_ENT(LIST_COND_MODE),
STATE_TABLE_ENT(LIST_COND_VAL),
STATE_TABLE_ENT(LIST_COND_PAREN_VAL),
STATE_TABLE_ENT(ASSIGN_MODE),
STATE_TABLE_ENT(RLIMIT_MODE),
STATE_TABLE_ENT(MOUNT_MODE),
STATE_TABLE_ENT(DBUS_MODE),
STATE_TABLE_ENT(CHANGE_PROFILE_MODE),
STATE_TABLE_ENT(INCLUDE),
};
......@@ -64,7 +64,6 @@
const char *parser_title = "AppArmor parser";
const char *parser_copyright = "Copyright (C) 1999-2008 Novell Inc.\nCopyright 2009-2012 Canonical Ltd.";
char *progname;
int opt_force_complain = 0;
int binary_input = 0;
int dump_vars = 0;
......@@ -520,7 +519,7 @@ static int process_arg(int c, char *optarg)
conf_quiet = 0;
break;
case 'n':
profile_namespace = strdup(optarg);
profile_ns = strdup(optarg);
break;
case 'X':
read_implies_exec = 1;
......@@ -793,7 +792,7 @@ static void get_match_string(void) {
/* if we have a features directory default to */
perms_create = 1;
flags_string = malloc(FLAGS_STRING_SIZE);
flags_string = (char *) malloc(FLAGS_STRING_SIZE);
handle_features_dir(FLAGS_FILE, &flags_string, FLAGS_STRING_SIZE, flags_string);
if (strstr(flags_string, "network"))
kernel_supports_network = 1;
......@@ -808,7 +807,7 @@ static void get_match_string(void) {
if (!ms)
goto out;
match_string = malloc(1000);
match_string = (char *) malloc(1000);
if (!match_string) {
goto out;
}
......@@ -845,7 +844,7 @@ static void get_flags_string(char **flags, char *flags_file) {
if (!f)
return;
*flags = malloc(FLAGS_STRING_SIZE);
*flags = (char *) malloc(FLAGS_STRING_SIZE);
if (!*flags)
goto fail;
......@@ -892,7 +891,7 @@ int process_binary(int option, char *profilename)
do {
if (asize - size == 0) {
buffer = realloc(buffer, chunksize);
buffer = (char *) realloc(buffer, chunksize);
asize = chunksize;
chunksize <<= 1;
if (!buffer) {
......@@ -1049,7 +1048,7 @@ int process_profile(int option, char *profilename)
* TODO: Add support for embedded namespace defines if they aren't
* removed from the language.
*/
if (profile_namespace)
if (profile_ns)
skip_cache = 1;
/* Do secondary test to see if cached binary profile is good,
......
......@@ -35,12 +35,12 @@ static int file_comp(const void *c1, const void *c2)
int res = 0;
//PERROR("strcmp %s %s\n", (*e1)->name, (*e2)->name);
if ((*e1)->namespace) {
if ((*e2)->namespace)
res = strcmp((*e1)->namespace, (*e2)->namespace);
if ((*e1)->ns) {
if ((*e2)->ns)
res = strcmp((*e1)->ns, (*e2)->ns);
else
return 1;
} else if ((*e2)->namespace) {
} else if ((*e2)->ns) {
return -1;
}
if (res)
......@@ -86,7 +86,7 @@ static int process_file_entries(struct codomain *cod)
if (count < 2)
return 1;
table = malloc(sizeof(struct cod_entry *) * (count + 1));
table = (struct cod_entry **) malloc(sizeof(struct cod_entry *) * (count + 1));
if (!table) {
PERROR(_("Couldn't merge entries. Out of Memory\n"));
return 0;
......
......@@ -51,7 +51,7 @@
#define NPDEBUG(fmt, args...) /* Do nothing */
struct keyword_table {
char *keyword;
const char *keyword;
int token;
};
......@@ -169,11 +169,11 @@ int get_rlimit(const char *name)
}
struct network_tuple {
char *family_name;
const char *family_name;
unsigned int family;
char *type_name;
const char *type_name;
unsigned int type;
char *protocol_name;
const char *protocol_name;
unsigned int protocol;
};
......@@ -334,7 +334,7 @@ struct aa_network_entry *new_network_ent(unsigned int family,
unsigned int protocol)
{
struct aa_network_entry *new_entry;
new_entry = calloc(1, sizeof(struct aa_network_entry));
new_entry = (struct aa_network_entry *) calloc(1, sizeof(struct aa_network_entry));
if (new_entry) {
new_entry->family = family;
new_entry->type = type;
......@@ -562,13 +562,13 @@ static int parse_sub_mode(const char *str_mode, const char *mode_desc __unused)
p = str_mode;
while (*p) {
char this = *p;
char thisc = *p;
char next = *(p + 1);
char lower;
int tmode = 0;
reeval:
switch (this) {
switch (thisc) {
case COD_READ_CHAR