From patchwork Tue Mar 10 21:08:52 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 11430263 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id B064B17D5 for ; Tue, 10 Mar 2020 21:09:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 6A64921655 for ; Tue, 10 Mar 2020 21:09:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="aPis040D" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727124AbgCJVJH (ORCPT ); Tue, 10 Mar 2020 17:09:07 -0400 Received: from mail-pj1-f68.google.com ([209.85.216.68]:53423 "EHLO mail-pj1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726268AbgCJVJG (ORCPT ); Tue, 10 Mar 2020 17:09:06 -0400 Received: by mail-pj1-f68.google.com with SMTP id l36so947361pjb.3 for ; Tue, 10 Mar 2020 14:09:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=G75SlpHibtwPr3yoi/YuwDE5zYxTi+niBrg4Or3OTnY=; b=aPis040DQSo2zhOeSB59RgjH10krFUVt+ibQ9oGM41XTVTBTtsCGHQDaouhEk/UUYK +/CCx5GI+QwNNDva0WUqoMZI11m8AfNiRvxAxiWWi17C71qSx1BMyDx9g8jMT6eNoWWV EYZRSKqz/Yr+ATDe2dkPzXC3mCejdFz1xwHkysmOU6VPbgKBkUBLiXsKkDfLaPpNJ/+g HkuGoVCXxJEPNJ9g2yK6jFaRJXh7807CaQFKLvEvNylnadlDSrS7mwDW9F2DO17y2B22 09s34t59VuKjUSDPlEDXlhDO3UIKT2aRmxIn7/JZmHHjpof0/RSvngXca6rEyE9+Zajv Rgqw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=G75SlpHibtwPr3yoi/YuwDE5zYxTi+niBrg4Or3OTnY=; b=s7XUjoxvhi7Rmk9zB3WS4tGL2eHWL7Esww91tEWdYJkGCmEJ1yoXNs5uMpJIrNFuF+ g+NtM3o83PX4NIq0LJLPXVt375sRorGMy3Q4PX6CyE7AMTqxnLkku+v3UOmF7xdnk55P y6oi+aGJwGETxqSVk/WjL1wBZIgC0Hpu0qLaKULTLAjnBDcW308kVMMHdzPcw9LzpN44 adgGG8aRdGT2X0LFNNe/34v2RRtgeKgAmY5g8aqgo6dFFrZSddM3MaXHoOOFqKLYtVi7 qsfiuHP2MGiXZGKdemU0sX3+bPYrvqXU81eeC9B1iXHWTNibcWxgRwBuq+8MDDeDNn2J H6dQ== X-Gm-Message-State: ANhLgQ2gQRJMb0b/CAY2yZAhGhoRFZ9p+uGhv+HXPgogILJUYcKe2x1N foNoJCIrRPLHOr7aAUWTYU6x6Np2ceI= X-Google-Smtp-Source: ADFU+vudSs8pcQ+Xdr7yoWwNYfxphwuXjUvnLUMVkzgTJz2L9o1gCRqNAPKJMJg2XVQ3H0gjfM54bw== X-Received: by 2002:a17:90a:36c7:: with SMTP id t65mr3444281pjb.182.1583874543255; Tue, 10 Mar 2020 14:09:03 -0700 (PDT) Received: from localhost.localdomain ([192.55.54.42]) by smtp.gmail.com with ESMTPSA id s11sm19378807pfh.7.2020.03.10.14.09.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2020 14:09:02 -0700 (PDT) From: bill.c.roberts@gmail.com X-Google-Original-From: william.c.roberts@intel.com To: nicolas.iooss@m4x.org, selinux@vger.kernel.org Cc: bill.c.roberts@gmail.com, drepper@redhat.com, omosnace@redhat.com, plautrba@redhat.com, stephen.smalley.work@gmail.com, william.c.roberts@intel.com Subject: [PATCH v2 1/3] libsepol/dso: drop hidden_proto and hidden_def Date: Tue, 10 Mar 2020 16:08:52 -0500 Message-Id: <20200310210854.466-2-william.c.roberts@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200310210854.466-1-william.c.roberts@intel.com> References: <20200309152539.8581-1-william.c.roberts@intel.com> <20200310210854.466-1-william.c.roberts@intel.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: William Roberts libsepol already has a linker script controlling it's exports, so this patch has a net 0 affect, with the exception that internal callers of external routines, which there could be 0 of, could potentially call a non-libsepol routine depending on library load order. NOTE A FEW SYMBOLS ARE EXPORTED THAT NORMALLY WOULDN'T BE - sepol_context_to_sid - sepol_ibendport_sid - sepol_ibpkey_sid - sepol_msg_default_handler - sepol_node_sid - sepol_port_sid A subsequent map update will follow. This list was generated by generating an old export map (from master): nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map Then creating a new one for this library after this patch is applied: nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map And diffing them: diff old.map new.map Signed-off-by: William Roberts --- libsepol/src/boolean_internal.h | 9 ----- libsepol/src/boolean_record.c | 8 ----- libsepol/src/context_internal.h | 13 -------- libsepol/src/context_record.c | 12 ------- libsepol/src/debug.c | 5 +-- libsepol/src/debug.h | 6 +--- libsepol/src/dso.h | 27 --------------- libsepol/src/ibendport_internal.h | 11 ------- libsepol/src/ibendport_record.c | 10 ------ libsepol/src/ibpkey_internal.h | 14 -------- libsepol/src/ibpkey_record.c | 13 -------- libsepol/src/iface_internal.h | 11 ------- libsepol/src/iface_record.c | 10 ------ libsepol/src/module.c | 2 -- libsepol/src/module_internal.h | 3 -- libsepol/src/node_internal.h | 19 ----------- libsepol/src/node_record.c | 18 ---------- libsepol/src/policydb_internal.h | 3 -- libsepol/src/policydb_public.c | 2 -- libsepol/src/port_internal.h | 13 -------- libsepol/src/port_record.c | 12 ------- libsepol/src/private.h | 7 ++-- libsepol/src/services.c | 55 +++++++++++++++---------------- libsepol/src/user_internal.h | 13 -------- libsepol/src/user_record.c | 12 ------- libsepol/src/util.c | 3 +- 26 files changed, 33 insertions(+), 278 deletions(-) delete mode 100644 libsepol/src/dso.h diff --git a/libsepol/src/boolean_internal.h b/libsepol/src/boolean_internal.h index aad7adecb314..1c1e6a39ce09 100644 --- a/libsepol/src/boolean_internal.h +++ b/libsepol/src/boolean_internal.h @@ -3,14 +3,5 @@ #include #include -#include "dso.h" -hidden_proto(sepol_bool_key_create) - hidden_proto(sepol_bool_key_unpack) - hidden_proto(sepol_bool_get_name) - hidden_proto(sepol_bool_set_name) - hidden_proto(sepol_bool_get_value) - hidden_proto(sepol_bool_set_value) - hidden_proto(sepol_bool_create) - hidden_proto(sepol_bool_free) #endif diff --git a/libsepol/src/boolean_record.c b/libsepol/src/boolean_record.c index a194704e851a..6cbf627a5f02 100644 --- a/libsepol/src/boolean_record.c +++ b/libsepol/src/boolean_record.c @@ -41,7 +41,6 @@ int sepol_bool_key_create(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_bool_key_create) void sepol_bool_key_unpack(const sepol_bool_key_t * key, const char **name) { @@ -49,7 +48,6 @@ void sepol_bool_key_unpack(const sepol_bool_key_t * key, const char **name) *name = key->name; } -hidden_def(sepol_bool_key_unpack) int sepol_bool_key_extract(sepol_handle_t * handle, const sepol_bool_t * boolean, @@ -94,7 +92,6 @@ const char *sepol_bool_get_name(const sepol_bool_t * boolean) return boolean->name; } -hidden_def(sepol_bool_get_name) int sepol_bool_set_name(sepol_handle_t * handle, sepol_bool_t * boolean, const char *name) @@ -110,7 +107,6 @@ int sepol_bool_set_name(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_bool_set_name) /* Value */ int sepol_bool_get_value(const sepol_bool_t * boolean) @@ -119,7 +115,6 @@ int sepol_bool_get_value(const sepol_bool_t * boolean) return boolean->value; } -hidden_def(sepol_bool_get_value) void sepol_bool_set_value(sepol_bool_t * boolean, int value) { @@ -127,7 +122,6 @@ void sepol_bool_set_value(sepol_bool_t * boolean, int value) boolean->value = value; } -hidden_def(sepol_bool_set_value) /* Create */ int sepol_bool_create(sepol_handle_t * handle, sepol_bool_t ** bool_ptr) @@ -148,7 +142,6 @@ int sepol_bool_create(sepol_handle_t * handle, sepol_bool_t ** bool_ptr) return STATUS_SUCCESS; } -hidden_def(sepol_bool_create) /* Deep copy clone */ int sepol_bool_clone(sepol_handle_t * handle, @@ -185,4 +178,3 @@ void sepol_bool_free(sepol_bool_t * boolean) free(boolean); } -hidden_def(sepol_bool_free) diff --git a/libsepol/src/context_internal.h b/libsepol/src/context_internal.h index 7987c1cef22d..3cae28cc1c67 100644 --- a/libsepol/src/context_internal.h +++ b/libsepol/src/context_internal.h @@ -2,18 +2,5 @@ #define _SEPOL_CONTEXT_INTERNAL_H_ #include -#include "dso.h" -hidden_proto(sepol_context_clone) - hidden_proto(sepol_context_create) - hidden_proto(sepol_context_free) - hidden_proto(sepol_context_from_string) - hidden_proto(sepol_context_get_mls) - hidden_proto(sepol_context_get_role) - hidden_proto(sepol_context_get_type) - hidden_proto(sepol_context_get_user) - hidden_proto(sepol_context_set_mls) - hidden_proto(sepol_context_set_role) - hidden_proto(sepol_context_set_type) - hidden_proto(sepol_context_set_user) #endif diff --git a/libsepol/src/context_record.c b/libsepol/src/context_record.c index 0a8bbf6db407..317a42133884 100644 --- a/libsepol/src/context_record.c +++ b/libsepol/src/context_record.c @@ -29,7 +29,6 @@ const char *sepol_context_get_user(const sepol_context_t * con) return con->user; } -hidden_def(sepol_context_get_user) int sepol_context_set_user(sepol_handle_t * handle, sepol_context_t * con, const char *user) @@ -47,7 +46,6 @@ int sepol_context_set_user(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_context_set_user) /* Role */ const char *sepol_context_get_role(const sepol_context_t * con) @@ -56,7 +54,6 @@ const char *sepol_context_get_role(const sepol_context_t * con) return con->role; } -hidden_def(sepol_context_get_role) int sepol_context_set_role(sepol_handle_t * handle, sepol_context_t * con, const char *role) @@ -73,7 +70,6 @@ int sepol_context_set_role(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_context_set_role) /* Type */ const char *sepol_context_get_type(const sepol_context_t * con) @@ -82,7 +78,6 @@ const char *sepol_context_get_type(const sepol_context_t * con) return con->type; } -hidden_def(sepol_context_get_type) int sepol_context_set_type(sepol_handle_t * handle, sepol_context_t * con, const char *type) @@ -99,7 +94,6 @@ int sepol_context_set_type(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_context_set_type) /* MLS */ const char *sepol_context_get_mls(const sepol_context_t * con) @@ -108,7 +102,6 @@ const char *sepol_context_get_mls(const sepol_context_t * con) return con->mls; } -hidden_def(sepol_context_get_mls) int sepol_context_set_mls(sepol_handle_t * handle, sepol_context_t * con, const char *mls) @@ -125,7 +118,6 @@ int sepol_context_set_mls(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_context_set_mls) /* Create */ int sepol_context_create(sepol_handle_t * handle, sepol_context_t ** con_ptr) @@ -147,7 +139,6 @@ int sepol_context_create(sepol_handle_t * handle, sepol_context_t ** con_ptr) return STATUS_SUCCESS; } -hidden_def(sepol_context_create) /* Deep copy clone */ int sepol_context_clone(sepol_handle_t * handle, @@ -188,7 +179,6 @@ int sepol_context_clone(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_context_clone) /* Destroy */ void sepol_context_free(sepol_context_t * con) @@ -204,7 +194,6 @@ void sepol_context_free(sepol_context_t * con) free(con); } -hidden_def(sepol_context_free) int sepol_context_from_string(sepol_handle_t * handle, const char *str, sepol_context_t ** con) @@ -278,7 +267,6 @@ int sepol_context_from_string(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_context_from_string) static inline int safe_sum(size_t *sum, const size_t augends[], const size_t cnt) { diff --git a/libsepol/src/debug.c b/libsepol/src/debug.c index db57090fafd0..0458e3538884 100644 --- a/libsepol/src/debug.c +++ b/libsepol/src/debug.c @@ -23,25 +23,22 @@ int sepol_msg_get_level(sepol_handle_t * handle) return handle->msg_level; } -hidden_def(sepol_msg_get_level) const char *sepol_msg_get_channel(sepol_handle_t * handle) { return handle->msg_channel; } -hidden_def(sepol_msg_get_channel) const char *sepol_msg_get_fname(sepol_handle_t * handle) { return handle->msg_fname; } -hidden_def(sepol_msg_get_fname) #ifdef __GNUC__ __attribute__ ((format(printf, 3, 4))) #endif -void hidden sepol_msg_default_handler(void *varg __attribute__ ((unused)), +void sepol_msg_default_handler(void *varg __attribute__ ((unused)), sepol_handle_t * handle, const char *fmt, ...) { diff --git a/libsepol/src/debug.h b/libsepol/src/debug.h index 56b397b58310..0b3965d8c500 100644 --- a/libsepol/src/debug.h +++ b/libsepol/src/debug.h @@ -21,7 +21,6 @@ #include #include -#include "dso.h" #include "handle.h" #define STATUS_SUCCESS 0 @@ -62,13 +61,10 @@ #ifdef __GNUC__ __attribute__ ((format(printf, 3, 4))) #endif -extern void hidden sepol_msg_default_handler(void *varg, +extern void sepol_msg_default_handler(void *varg, sepol_handle_t * msg, const char *fmt, ...); extern struct sepol_handle sepol_compat_handle; -hidden_proto(sepol_msg_get_channel) - hidden_proto(sepol_msg_get_fname) - hidden_proto(sepol_msg_get_level) #endif diff --git a/libsepol/src/dso.h b/libsepol/src/dso.h deleted file mode 100644 index a06e3496cc06..000000000000 --- a/libsepol/src/dso.h +++ /dev/null @@ -1,27 +0,0 @@ -#ifndef _SEPOL_DSO_H -#define _SEPOL_DSO_H 1 - -#if !defined(SHARED) || defined(ANDROID) - #define DISABLE_SYMVER 1 -#endif - -#ifdef SHARED -# define hidden __attribute__ ((visibility ("hidden"))) -# define hidden_proto(fct) __hidden_proto (fct, fct##_internal) -# define __hidden_proto(fct, internal) \ - extern __typeof (fct) internal; \ - extern __typeof (fct) fct __asm (#internal) hidden; -# if defined(__alpha__) || defined(__mips__) -# define hidden_def(fct) \ - asm (".globl " #fct "\n" #fct " = " #fct "_internal"); -# else -# define hidden_def(fct) \ - asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); -#endif -#else -# define hidden -# define hidden_proto(fct) -# define hidden_def(fct) -#endif - -#endif diff --git a/libsepol/src/ibendport_internal.h b/libsepol/src/ibendport_internal.h index ed8f9b4dd3d3..8bfb499e5c1b 100644 --- a/libsepol/src/ibendport_internal.h +++ b/libsepol/src/ibendport_internal.h @@ -3,16 +3,5 @@ #include #include -#include "dso.h" -hidden_proto(sepol_ibendport_create) -hidden_proto(sepol_ibendport_free) -hidden_proto(sepol_ibendport_get_con) -hidden_proto(sepol_ibendport_get_port) -hidden_proto(sepol_ibendport_key_create) -hidden_proto(sepol_ibendport_key_unpack) -hidden_proto(sepol_ibendport_set_con) -hidden_proto(sepol_ibendport_set_port) -hidden_proto(sepol_ibendport_get_ibdev_name) -hidden_proto(sepol_ibendport_set_ibdev_name) #endif diff --git a/libsepol/src/ibendport_record.c b/libsepol/src/ibendport_record.c index bc56f090d3a4..adf671615e5c 100644 --- a/libsepol/src/ibendport_record.c +++ b/libsepol/src/ibendport_record.c @@ -78,7 +78,6 @@ err: return STATUS_ERR; } -hidden_def(sepol_ibendport_key_create) void sepol_ibendport_key_unpack(const sepol_ibendport_key_t *key, const char **ibdev_name, int *port) @@ -87,7 +86,6 @@ void sepol_ibendport_key_unpack(const sepol_ibendport_key_t *key, *port = key->port; } -hidden_def(sepol_ibendport_key_unpack) int sepol_ibendport_key_extract(sepol_handle_t *handle, const sepol_ibendport_t *ibendport, @@ -152,14 +150,12 @@ int sepol_ibendport_get_port(const sepol_ibendport_t *ibendport) return ibendport->port; } -hidden_def(sepol_ibendport_get_port) void sepol_ibendport_set_port(sepol_ibendport_t *ibendport, int port) { ibendport->port = port; } -hidden_def(sepol_ibendport_set_port) int sepol_ibendport_get_ibdev_name(sepol_handle_t *handle, const sepol_ibendport_t *ibendport, @@ -180,7 +176,6 @@ err: return STATUS_ERR; } -hidden_def(sepol_ibendport_get_ibdev_name) int sepol_ibendport_set_ibdev_name(sepol_handle_t *handle, sepol_ibendport_t *ibendport, @@ -202,7 +197,6 @@ err: return STATUS_ERR; } -hidden_def(sepol_ibendport_set_ibdev_name) /* Create */ int sepol_ibendport_create(sepol_handle_t *handle, sepol_ibendport_t **ibendport) @@ -222,7 +216,6 @@ int sepol_ibendport_create(sepol_handle_t *handle, sepol_ibendport_t **ibendport return STATUS_SUCCESS; } -hidden_def(sepol_ibendport_create) /* Deep copy clone */ int sepol_ibendport_clone(sepol_handle_t *handle, @@ -267,7 +260,6 @@ void sepol_ibendport_free(sepol_ibendport_t *ibendport) free(ibendport); } -hidden_def(sepol_ibendport_free) /* Context */ sepol_context_t *sepol_ibendport_get_con(const sepol_ibendport_t *ibendport) @@ -275,7 +267,6 @@ sepol_context_t *sepol_ibendport_get_con(const sepol_ibendport_t *ibendport) return ibendport->con; } -hidden_def(sepol_ibendport_get_con) int sepol_ibendport_set_con(sepol_handle_t *handle, sepol_ibendport_t *ibendport, sepol_context_t *con) @@ -292,4 +283,3 @@ int sepol_ibendport_set_con(sepol_handle_t *handle, return STATUS_SUCCESS; } -hidden_def(sepol_ibendport_set_con) diff --git a/libsepol/src/ibpkey_internal.h b/libsepol/src/ibpkey_internal.h index addf80a8bf7d..b875f942f8d1 100644 --- a/libsepol/src/ibpkey_internal.h +++ b/libsepol/src/ibpkey_internal.h @@ -3,19 +3,5 @@ #include #include -#include "dso.h" -hidden_proto(sepol_ibpkey_create) -hidden_proto(sepol_ibpkey_free) -hidden_proto(sepol_ibpkey_get_con) -hidden_proto(sepol_ibpkey_get_high) -hidden_proto(sepol_ibpkey_get_low) -hidden_proto(sepol_ibpkey_key_create) -hidden_proto(sepol_ibpkey_key_unpack) -hidden_proto(sepol_ibpkey_set_con) -hidden_proto(sepol_ibpkey_set_range) -hidden_proto(sepol_ibpkey_get_subnet_prefix) -hidden_proto(sepol_ibpkey_get_subnet_prefix_bytes) -hidden_proto(sepol_ibpkey_set_subnet_prefix) -hidden_proto(sepol_ibpkey_set_subnet_prefix_bytes) #endif diff --git a/libsepol/src/ibpkey_record.c b/libsepol/src/ibpkey_record.c index badf2b3b6338..6f7aa65602d1 100644 --- a/libsepol/src/ibpkey_record.c +++ b/libsepol/src/ibpkey_record.c @@ -128,7 +128,6 @@ err: return STATUS_ERR; } -hidden_def(sepol_ibpkey_key_create) void sepol_ibpkey_key_unpack(const sepol_ibpkey_key_t *key, uint64_t *subnet_prefix, int *low, int *high) @@ -138,7 +137,6 @@ void sepol_ibpkey_key_unpack(const sepol_ibpkey_key_t *key, *high = key->high; } -hidden_def(sepol_ibpkey_key_unpack) int sepol_ibpkey_key_extract(sepol_handle_t *handle, const sepol_ibpkey_t *ibpkey, @@ -213,14 +211,12 @@ int sepol_ibpkey_get_low(const sepol_ibpkey_t *ibpkey) return ibpkey->low; } -hidden_def(sepol_ibpkey_get_low) int sepol_ibpkey_get_high(const sepol_ibpkey_t *ibpkey) { return ibpkey->high; } -hidden_def(sepol_ibpkey_get_high) void sepol_ibpkey_set_pkey(sepol_ibpkey_t *ibpkey, int pkey_num) { @@ -234,7 +230,6 @@ void sepol_ibpkey_set_range(sepol_ibpkey_t *ibpkey, int low, int high) ibpkey->high = high; } -hidden_def(sepol_ibpkey_set_range) int sepol_ibpkey_get_subnet_prefix(sepol_handle_t *handle, const sepol_ibpkey_t *ibpkey, @@ -257,7 +252,6 @@ err: return STATUS_ERR; } -hidden_def(sepol_ibpkey_get_subnet_prefix) /* Subnet prefix */ uint64_t sepol_ibpkey_get_subnet_prefix_bytes(const sepol_ibpkey_t *ibpkey) @@ -265,7 +259,6 @@ uint64_t sepol_ibpkey_get_subnet_prefix_bytes(const sepol_ibpkey_t *ibpkey) return ibpkey->subnet_prefix; } -hidden_def(sepol_ibpkey_get_subnet_prefix_bytes) int sepol_ibpkey_set_subnet_prefix(sepol_handle_t *handle, sepol_ibpkey_t *ibpkey, @@ -284,7 +277,6 @@ err: return STATUS_ERR; } -hidden_def(sepol_ibpkey_set_subnet_prefix) void sepol_ibpkey_set_subnet_prefix_bytes(sepol_ibpkey_t *ibpkey, uint64_t subnet_prefix) @@ -292,7 +284,6 @@ void sepol_ibpkey_set_subnet_prefix_bytes(sepol_ibpkey_t *ibpkey, ibpkey->subnet_prefix = subnet_prefix; } -hidden_def(sepol_ibpkey_set_subnet_prefix_bytes) /* Create */ int sepol_ibpkey_create(sepol_handle_t *handle, sepol_ibpkey_t **ibpkey) @@ -313,7 +304,6 @@ int sepol_ibpkey_create(sepol_handle_t *handle, sepol_ibpkey_t **ibpkey) return STATUS_SUCCESS; } -hidden_def(sepol_ibpkey_create) /* Deep copy clone */ int sepol_ibpkey_clone(sepol_handle_t *handle, @@ -351,7 +341,6 @@ void sepol_ibpkey_free(sepol_ibpkey_t *ibpkey) free(ibpkey); } -hidden_def(sepol_ibpkey_free) /* Context */ sepol_context_t *sepol_ibpkey_get_con(const sepol_ibpkey_t *ibpkey) @@ -359,7 +348,6 @@ sepol_context_t *sepol_ibpkey_get_con(const sepol_ibpkey_t *ibpkey) return ibpkey->con; } -hidden_def(sepol_ibpkey_get_con) int sepol_ibpkey_set_con(sepol_handle_t *handle, sepol_ibpkey_t *ibpkey, sepol_context_t *con) @@ -376,4 +364,3 @@ int sepol_ibpkey_set_con(sepol_handle_t *handle, return STATUS_SUCCESS; } -hidden_def(sepol_ibpkey_set_con) diff --git a/libsepol/src/iface_internal.h b/libsepol/src/iface_internal.h index 5b78d9bd93ff..82fb60cb2c85 100644 --- a/libsepol/src/iface_internal.h +++ b/libsepol/src/iface_internal.h @@ -3,16 +3,5 @@ #include #include -#include "dso.h" -hidden_proto(sepol_iface_create) - hidden_proto(sepol_iface_free) - hidden_proto(sepol_iface_get_ifcon) - hidden_proto(sepol_iface_get_msgcon) - hidden_proto(sepol_iface_get_name) - hidden_proto(sepol_iface_key_create) - hidden_proto(sepol_iface_key_unpack) - hidden_proto(sepol_iface_set_ifcon) - hidden_proto(sepol_iface_set_msgcon) - hidden_proto(sepol_iface_set_name) #endif diff --git a/libsepol/src/iface_record.c b/libsepol/src/iface_record.c index 6d568355468d..e77569898900 100644 --- a/libsepol/src/iface_record.c +++ b/libsepol/src/iface_record.c @@ -47,7 +47,6 @@ int sepol_iface_key_create(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_iface_key_create) void sepol_iface_key_unpack(const sepol_iface_key_t * key, const char **name) { @@ -55,7 +54,6 @@ void sepol_iface_key_unpack(const sepol_iface_key_t * key, const char **name) *name = key->name; } -hidden_def(sepol_iface_key_unpack) int sepol_iface_key_extract(sepol_handle_t * handle, const sepol_iface_t * iface, @@ -114,7 +112,6 @@ int sepol_iface_create(sepol_handle_t * handle, sepol_iface_t ** iface) return STATUS_SUCCESS; } -hidden_def(sepol_iface_create) /* Name */ const char *sepol_iface_get_name(const sepol_iface_t * iface) @@ -123,7 +120,6 @@ const char *sepol_iface_get_name(const sepol_iface_t * iface) return iface->name; } -hidden_def(sepol_iface_get_name) int sepol_iface_set_name(sepol_handle_t * handle, sepol_iface_t * iface, const char *name) @@ -139,7 +135,6 @@ int sepol_iface_set_name(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_iface_set_name) /* Interface Context */ sepol_context_t *sepol_iface_get_ifcon(const sepol_iface_t * iface) @@ -148,7 +143,6 @@ sepol_context_t *sepol_iface_get_ifcon(const sepol_iface_t * iface) return iface->netif_con; } -hidden_def(sepol_iface_get_ifcon) int sepol_iface_set_ifcon(sepol_handle_t * handle, sepol_iface_t * iface, sepol_context_t * con) @@ -166,7 +160,6 @@ int sepol_iface_set_ifcon(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_iface_set_ifcon) /* Message Context */ sepol_context_t *sepol_iface_get_msgcon(const sepol_iface_t * iface) @@ -175,7 +168,6 @@ sepol_context_t *sepol_iface_get_msgcon(const sepol_iface_t * iface) return iface->netmsg_con; } -hidden_def(sepol_iface_get_msgcon) int sepol_iface_set_msgcon(sepol_handle_t * handle, sepol_iface_t * iface, sepol_context_t * con) @@ -192,7 +184,6 @@ int sepol_iface_set_msgcon(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_iface_set_msgcon) /* Deep copy clone */ int sepol_iface_clone(sepol_handle_t * handle, @@ -238,4 +229,3 @@ void sepol_iface_free(sepol_iface_t * iface) free(iface); } -hidden_def(sepol_iface_free) diff --git a/libsepol/src/module.c b/libsepol/src/module.c index 3b8a0a59ca68..836da308f8d3 100644 --- a/libsepol/src/module.c +++ b/libsepol/src/module.c @@ -132,7 +132,6 @@ int sepol_module_package_create(sepol_module_package_t ** p) return rc; } -hidden_def(sepol_module_package_create) /* Deallocates all memory associated with a module package, including * the pointer itself. Does nothing if p is NULL. @@ -150,7 +149,6 @@ void sepol_module_package_free(sepol_module_package_t * p) free(p); } -hidden_def(sepol_module_package_free) char *sepol_module_package_get_file_contexts(sepol_module_package_t * p) { diff --git a/libsepol/src/module_internal.h b/libsepol/src/module_internal.h index cdd5ec65cfff..ac1be36a2f72 100644 --- a/libsepol/src/module_internal.h +++ b/libsepol/src/module_internal.h @@ -1,5 +1,2 @@ #include -#include "dso.h" -hidden_proto(sepol_module_package_create) - hidden_proto(sepol_module_package_free) diff --git a/libsepol/src/node_internal.h b/libsepol/src/node_internal.h index 802cda97c181..6d3c250543ae 100644 --- a/libsepol/src/node_internal.h +++ b/libsepol/src/node_internal.h @@ -3,24 +3,5 @@ #include #include -#include "dso.h" -hidden_proto(sepol_node_create) - hidden_proto(sepol_node_key_free) - hidden_proto(sepol_node_free) - hidden_proto(sepol_node_get_con) - hidden_proto(sepol_node_get_addr) - hidden_proto(sepol_node_get_addr_bytes) - hidden_proto(sepol_node_get_mask) - hidden_proto(sepol_node_get_mask_bytes) - hidden_proto(sepol_node_get_proto) - hidden_proto(sepol_node_get_proto_str) - hidden_proto(sepol_node_key_create) - hidden_proto(sepol_node_key_unpack) - hidden_proto(sepol_node_set_con) - hidden_proto(sepol_node_set_addr) - hidden_proto(sepol_node_set_addr_bytes) - hidden_proto(sepol_node_set_mask) - hidden_proto(sepol_node_set_mask_bytes) - hidden_proto(sepol_node_set_proto) #endif diff --git a/libsepol/src/node_record.c b/libsepol/src/node_record.c index f3e78ff3c788..9ef429da8768 100644 --- a/libsepol/src/node_record.c +++ b/libsepol/src/node_record.c @@ -259,7 +259,6 @@ int sepol_node_key_create(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_node_key_create) void sepol_node_key_unpack(const sepol_node_key_t * key, const char **addr, const char **mask, int *proto) @@ -270,7 +269,6 @@ void sepol_node_key_unpack(const sepol_node_key_t * key, *proto = key->proto; } -hidden_def(sepol_node_key_unpack) int sepol_node_key_extract(sepol_handle_t * handle, const sepol_node_t * node, @@ -314,7 +312,6 @@ void sepol_node_key_free(sepol_node_key_t * key) free(key); } -hidden_def(sepol_node_key_free) int sepol_node_compare(const sepol_node_t * node, const sepol_node_key_t * key) { @@ -375,7 +372,6 @@ int sepol_node_get_addr(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_node_get_addr) int sepol_node_get_addr_bytes(sepol_handle_t * handle, const sepol_node_t * node, @@ -394,7 +390,6 @@ int sepol_node_get_addr_bytes(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_node_get_addr_bytes) int sepol_node_set_addr(sepol_handle_t * handle, sepol_node_t * node, int proto, const char *addr) @@ -420,7 +415,6 @@ int sepol_node_set_addr(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_node_set_addr) int sepol_node_set_addr_bytes(sepol_handle_t * handle, sepol_node_t * node, @@ -440,7 +434,6 @@ int sepol_node_set_addr_bytes(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_node_set_addr_bytes) /* Mask */ int sepol_node_get_mask(sepol_handle_t * handle, @@ -464,7 +457,6 @@ int sepol_node_get_mask(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_node_get_mask) int sepol_node_get_mask_bytes(sepol_handle_t * handle, const sepol_node_t * node, @@ -483,7 +475,6 @@ int sepol_node_get_mask_bytes(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_node_get_mask_bytes) int sepol_node_set_mask(sepol_handle_t * handle, sepol_node_t * node, int proto, const char *mask) @@ -509,7 +500,6 @@ int sepol_node_set_mask(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_node_set_mask) int sepol_node_set_mask_bytes(sepol_handle_t * handle, sepol_node_t * node, @@ -528,7 +518,6 @@ int sepol_node_set_mask_bytes(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_node_set_mask_bytes) /* Protocol */ int sepol_node_get_proto(const sepol_node_t * node) @@ -537,7 +526,6 @@ int sepol_node_get_proto(const sepol_node_t * node) return node->proto; } -hidden_def(sepol_node_get_proto) void sepol_node_set_proto(sepol_node_t * node, int proto) { @@ -545,7 +533,6 @@ void sepol_node_set_proto(sepol_node_t * node, int proto) node->proto = proto; } -hidden_def(sepol_node_set_proto) const char *sepol_node_get_proto_str(int proto) { @@ -560,7 +547,6 @@ const char *sepol_node_get_proto_str(int proto) } } -hidden_def(sepol_node_get_proto_str) /* Create */ int sepol_node_create(sepol_handle_t * handle, sepol_node_t ** node) @@ -584,7 +570,6 @@ int sepol_node_create(sepol_handle_t * handle, sepol_node_t ** node) return STATUS_SUCCESS; } -hidden_def(sepol_node_create) /* Deep copy clone */ int sepol_node_clone(sepol_handle_t * handle, @@ -637,7 +622,6 @@ void sepol_node_free(sepol_node_t * node) free(node); } -hidden_def(sepol_node_free) /* Context */ sepol_context_t *sepol_node_get_con(const sepol_node_t * node) @@ -646,7 +630,6 @@ sepol_context_t *sepol_node_get_con(const sepol_node_t * node) return node->con; } -hidden_def(sepol_node_get_con) int sepol_node_set_con(sepol_handle_t * handle, sepol_node_t * node, sepol_context_t * con) @@ -664,4 +647,3 @@ int sepol_node_set_con(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_node_set_con) diff --git a/libsepol/src/policydb_internal.h b/libsepol/src/policydb_internal.h index f7bcdfa3df31..06ba5c8be144 100644 --- a/libsepol/src/policydb_internal.h +++ b/libsepol/src/policydb_internal.h @@ -2,9 +2,6 @@ #define _SEPOL_POLICYDB_INTERNAL_H_ #include -#include "dso.h" -hidden_proto(sepol_policydb_create) - hidden_proto(sepol_policydb_free) extern const char *policydb_target_strings[]; #endif diff --git a/libsepol/src/policydb_public.c b/libsepol/src/policydb_public.c index 747a43ff0a5c..e5def7078eb0 100644 --- a/libsepol/src/policydb_public.c +++ b/libsepol/src/policydb_public.c @@ -73,7 +73,6 @@ int sepol_policydb_create(sepol_policydb_t ** sp) return 0; } -hidden_def(sepol_policydb_create) void sepol_policydb_free(sepol_policydb_t * p) { @@ -83,7 +82,6 @@ void sepol_policydb_free(sepol_policydb_t * p) free(p); } -hidden_def(sepol_policydb_free) int sepol_policy_kern_vers_min(void) { diff --git a/libsepol/src/port_internal.h b/libsepol/src/port_internal.h index ffb5f65ad20b..80cf5c25366d 100644 --- a/libsepol/src/port_internal.h +++ b/libsepol/src/port_internal.h @@ -3,18 +3,5 @@ #include #include -#include "dso.h" -hidden_proto(sepol_port_create) - hidden_proto(sepol_port_free) - hidden_proto(sepol_port_get_con) - hidden_proto(sepol_port_get_high) - hidden_proto(sepol_port_get_low) - hidden_proto(sepol_port_get_proto) - hidden_proto(sepol_port_get_proto_str) - hidden_proto(sepol_port_key_create) - hidden_proto(sepol_port_key_unpack) - hidden_proto(sepol_port_set_con) - hidden_proto(sepol_port_set_proto) - hidden_proto(sepol_port_set_range) #endif diff --git a/libsepol/src/port_record.c b/libsepol/src/port_record.c index 15fb198fb359..7054dbc2e1b4 100644 --- a/libsepol/src/port_record.c +++ b/libsepol/src/port_record.c @@ -46,7 +46,6 @@ int sepol_port_key_create(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_port_key_create) void sepol_port_key_unpack(const sepol_port_key_t * key, int *low, int *high, int *proto) @@ -57,7 +56,6 @@ void sepol_port_key_unpack(const sepol_port_key_t * key, *proto = key->proto; } -hidden_def(sepol_port_key_unpack) int sepol_port_key_extract(sepol_handle_t * handle, const sepol_port_t * port, @@ -141,7 +139,6 @@ int sepol_port_get_low(const sepol_port_t * port) return port->low; } -hidden_def(sepol_port_get_low) int sepol_port_get_high(const sepol_port_t * port) { @@ -149,7 +146,6 @@ int sepol_port_get_high(const sepol_port_t * port) return port->high; } -hidden_def(sepol_port_get_high) void sepol_port_set_port(sepol_port_t * port, int port_num) { @@ -165,7 +161,6 @@ void sepol_port_set_range(sepol_port_t * port, int low, int high) port->high = high; } -hidden_def(sepol_port_set_range) /* Protocol */ int sepol_port_get_proto(const sepol_port_t * port) @@ -174,7 +169,6 @@ int sepol_port_get_proto(const sepol_port_t * port) return port->proto; } -hidden_def(sepol_port_get_proto) const char *sepol_port_get_proto_str(int proto) { @@ -193,7 +187,6 @@ const char *sepol_port_get_proto_str(int proto) } } -hidden_def(sepol_port_get_proto_str) void sepol_port_set_proto(sepol_port_t * port, int proto) { @@ -201,7 +194,6 @@ void sepol_port_set_proto(sepol_port_t * port, int proto) port->proto = proto; } -hidden_def(sepol_port_set_proto) /* Create */ int sepol_port_create(sepol_handle_t * handle, sepol_port_t ** port) @@ -223,7 +215,6 @@ int sepol_port_create(sepol_handle_t * handle, sepol_port_t ** port) return STATUS_SUCCESS; } -hidden_def(sepol_port_create) /* Deep copy clone */ int sepol_port_clone(sepol_handle_t * handle, @@ -262,7 +253,6 @@ void sepol_port_free(sepol_port_t * port) free(port); } -hidden_def(sepol_port_free) /* Context */ sepol_context_t *sepol_port_get_con(const sepol_port_t * port) @@ -271,7 +261,6 @@ sepol_context_t *sepol_port_get_con(const sepol_port_t * port) return port->con; } -hidden_def(sepol_port_get_con) int sepol_port_set_con(sepol_handle_t * handle, sepol_port_t * port, sepol_context_t * con) @@ -289,4 +278,3 @@ int sepol_port_set_con(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_port_set_con) diff --git a/libsepol/src/private.h b/libsepol/src/private.h index b884c23b91fe..f5b5277f183a 100644 --- a/libsepol/src/private.h +++ b/libsepol/src/private.h @@ -14,7 +14,6 @@ #endif #include -#include #ifdef __APPLE__ #define __BYTE_ORDER BYTE_ORDER @@ -62,7 +61,7 @@ extern struct policydb_compat_info *policydb_lookup_compat(unsigned int version, unsigned int target_platform); /* Reading from a policy "file". */ -extern int next_entry(void *buf, struct policy_file *fp, size_t bytes) hidden; +extern int next_entry(void *buf, struct policy_file *fp, size_t bytes); extern size_t put_entry(const void *ptr, size_t size, size_t n, - struct policy_file *fp) hidden; -extern int str_read(char **strp, struct policy_file *fp, size_t len) hidden; + struct policy_file *fp); +extern int str_read(char **strp, struct policy_file *fp, size_t len); diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 3758436f8e34..51314dabb574 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -66,7 +66,6 @@ #include "private.h" #include "context.h" #include "av_permissions.h" -#include "dso.h" #include "mls.h" #define BUG() do { ERR(NULL, "Badness at %s:%d", __FILE__, __LINE__); } while (0) @@ -121,13 +120,13 @@ static char *pop(void) } /* End Stack services */ -int hidden sepol_set_sidtab(sidtab_t * s) +int sepol_set_sidtab(sidtab_t * s) { sidtab = s; return 0; } -int hidden sepol_set_policydb(policydb_t * p) +int sepol_set_policydb(policydb_t * p) { policydb = p; return 0; @@ -1013,7 +1012,7 @@ static int context_struct_compute_av(context_struct_t * scontext, return 0; } -int hidden sepol_validate_transition(sepol_security_id_t oldsid, +int sepol_validate_transition(sepol_security_id_t oldsid, sepol_security_id_t newsid, sepol_security_id_t tasksid, sepol_security_class_t tclass) @@ -1064,7 +1063,7 @@ int hidden sepol_validate_transition(sepol_security_id_t oldsid, * sepol_validate_transition_reason_buffer - the reason buffer is realloc'd * in the constraint_expr_eval_reason() function. */ -int hidden sepol_validate_transition_reason_buffer(sepol_security_id_t oldsid, +int sepol_validate_transition_reason_buffer(sepol_security_id_t oldsid, sepol_security_id_t newsid, sepol_security_id_t tasksid, sepol_security_class_t tclass, @@ -1122,7 +1121,7 @@ int hidden sepol_validate_transition_reason_buffer(sepol_security_id_t oldsid, return 0; } -int hidden sepol_compute_av_reason(sepol_security_id_t ssid, +int sepol_compute_av_reason(sepol_security_id_t ssid, sepol_security_id_t tsid, sepol_security_class_t tclass, sepol_access_vector_t requested, @@ -1156,7 +1155,7 @@ int hidden sepol_compute_av_reason(sepol_security_id_t ssid, * REASON_BUF_SIZE. If the buffer size is exceeded, then it is realloc'd * in the constraint_expr_eval_reason() function. */ -int hidden sepol_compute_av_reason_buffer(sepol_security_id_t ssid, +int sepol_compute_av_reason_buffer(sepol_security_id_t ssid, sepol_security_id_t tsid, sepol_security_class_t tclass, sepol_access_vector_t requested, @@ -1198,7 +1197,7 @@ out: return rc; } -int hidden sepol_compute_av(sepol_security_id_t ssid, +int sepol_compute_av(sepol_security_id_t ssid, sepol_security_id_t tsid, sepol_security_class_t tclass, sepol_access_vector_t requested, @@ -1213,7 +1212,7 @@ int hidden sepol_compute_av(sepol_security_id_t ssid, * Return a class ID associated with the class string specified by * class_name. */ -int hidden sepol_string_to_security_class(const char *class_name, +int sepol_string_to_security_class(const char *class_name, sepol_security_class_t *tclass) { class_datum_t *tclass_datum; @@ -1232,7 +1231,7 @@ int hidden sepol_string_to_security_class(const char *class_name, * Return access vector bit associated with the class ID and permission * string. */ -int hidden sepol_string_to_av_perm(sepol_security_class_t tclass, +int sepol_string_to_av_perm(sepol_security_class_t tclass, const char *perm_name, sepol_access_vector_t *av) { @@ -1277,7 +1276,7 @@ out: * to point to this string and set `*scontext_len' to * the length of the string. */ -int hidden sepol_sid_to_context(sepol_security_id_t sid, +int sepol_sid_to_context(sepol_security_id_t sid, sepol_security_context_t * scontext, size_t * scontext_len) { @@ -1300,7 +1299,7 @@ int hidden sepol_sid_to_context(sepol_security_id_t sid, * Return a SID associated with the security context that * has the string representation specified by `scontext'. */ -int hidden sepol_context_to_sid(const sepol_security_context_t scontext, +int sepol_context_to_sid(const sepol_security_context_t scontext, size_t scontext_len, sepol_security_id_t * sid) { @@ -1480,7 +1479,7 @@ static int sepol_compute_sid(sepol_security_id_t ssid, * Compute a SID to use for labeling a new object in the * class `tclass' based on a SID pair. */ -int hidden sepol_transition_sid(sepol_security_id_t ssid, +int sepol_transition_sid(sepol_security_id_t ssid, sepol_security_id_t tsid, sepol_security_class_t tclass, sepol_security_id_t * out_sid) @@ -1493,7 +1492,7 @@ int hidden sepol_transition_sid(sepol_security_id_t ssid, * polyinstantiated object of class `tclass' based on * a SID pair. */ -int hidden sepol_member_sid(sepol_security_id_t ssid, +int sepol_member_sid(sepol_security_id_t ssid, sepol_security_id_t tsid, sepol_security_class_t tclass, sepol_security_id_t * out_sid) @@ -1505,7 +1504,7 @@ int hidden sepol_member_sid(sepol_security_id_t ssid, * Compute a SID to use for relabeling an object in the * class `tclass' based on a SID pair. */ -int hidden sepol_change_sid(sepol_security_id_t ssid, +int sepol_change_sid(sepol_security_id_t ssid, sepol_security_id_t tsid, sepol_security_class_t tclass, sepol_security_id_t * out_sid) @@ -1691,7 +1690,7 @@ static int convert_context(sepol_security_id_t key __attribute__ ((unused)), } /* Reading from a policy "file". */ -int hidden next_entry(void *buf, struct policy_file *fp, size_t bytes) +int next_entry(void *buf, struct policy_file *fp, size_t bytes) { size_t nread; @@ -1718,7 +1717,7 @@ int hidden next_entry(void *buf, struct policy_file *fp, size_t bytes) return 0; } -size_t hidden put_entry(const void *ptr, size_t size, size_t n, +size_t put_entry(const void *ptr, size_t size, size_t n, struct policy_file *fp) { size_t bytes = size * n; @@ -1753,7 +1752,7 @@ size_t hidden put_entry(const void *ptr, size_t size, size_t n, * 0 - Success * -1 - Failure with errno set */ -int hidden str_read(char **strp, struct policy_file *fp, size_t len) +int str_read(char **strp, struct policy_file *fp, size_t len) { int rc; char *str; @@ -1796,7 +1795,7 @@ int hidden str_read(char **strp, struct policy_file *fp, size_t len) * * Reset the access vector cache. */ -int hidden sepol_load_policy(void *data, size_t len) +int sepol_load_policy(void *data, size_t len) { policydb_t oldpolicydb, newpolicydb; sidtab_t oldsidtab, newsidtab; @@ -1869,7 +1868,7 @@ int hidden sepol_load_policy(void *data, size_t len) * the file system and the `file_sid' SID is returned * for all files within that file system. */ -int hidden sepol_fs_sid(char *name, +int sepol_fs_sid(char *name, sepol_security_id_t * fs_sid, sepol_security_id_t * file_sid) { @@ -1911,7 +1910,7 @@ int hidden sepol_fs_sid(char *name, * Return the SID of the ibpkey specified by * `subnet prefix', and `pkey number'. */ -int hidden sepol_ibpkey_sid(uint64_t subnet_prefix, +int sepol_ibpkey_sid(uint64_t subnet_prefix, uint16_t pkey, sepol_security_id_t *out_sid) { ocontext_t *c; @@ -1947,7 +1946,7 @@ out: * Return the SID of the subnet management interface specified by * `device name', and `port'. */ -int hidden sepol_ibendport_sid(char *dev_name, +int sepol_ibendport_sid(char *dev_name, uint8_t port, sepol_security_id_t *out_sid) { @@ -1984,7 +1983,7 @@ out: * Return the SID of the port specified by * `domain', `type', `protocol', and `port'. */ -int hidden sepol_port_sid(uint16_t domain __attribute__ ((unused)), +int sepol_port_sid(uint16_t domain __attribute__ ((unused)), uint16_t type __attribute__ ((unused)), uint8_t protocol, uint16_t port, sepol_security_id_t * out_sid) @@ -2024,7 +2023,7 @@ int hidden sepol_port_sid(uint16_t domain __attribute__ ((unused)), * the default SID for messages received on the * interface. */ -int hidden sepol_netif_sid(char *name, +int sepol_netif_sid(char *name, sepol_security_id_t * if_sid, sepol_security_id_t * msg_sid) { @@ -2082,7 +2081,7 @@ static int match_ipv6_addrmask(uint32_t * input, uint32_t * addr, * in bytes and `domain' is the communications domain or * address family in which the address should be interpreted. */ -int hidden sepol_node_sid(uint16_t domain, +int sepol_node_sid(uint16_t domain, void *addrp, size_t addrlen, sepol_security_id_t * out_sid) { @@ -2155,7 +2154,7 @@ int hidden sepol_node_sid(uint16_t domain, */ #define SIDS_NEL 25 -int hidden sepol_get_user_sids(sepol_security_id_t fromsid, +int sepol_get_user_sids(sepol_security_id_t fromsid, char *username, sepol_security_id_t ** sids, uint32_t * nel) { @@ -2250,7 +2249,7 @@ int hidden sepol_get_user_sids(sepol_security_id_t fromsid, * that cannot support a persistent label mapping or use another * fixed labeling behavior like transition SIDs or task SIDs. */ -int hidden sepol_genfs_sid(const char *fstype, +int sepol_genfs_sid(const char *fstype, const char *path, sepol_security_class_t sclass, sepol_security_id_t * sid) @@ -2297,7 +2296,7 @@ int hidden sepol_genfs_sid(const char *fstype, return rc; } -int hidden sepol_fs_use(const char *fstype, +int sepol_fs_use(const char *fstype, unsigned int *behavior, sepol_security_id_t * sid) { int rc = 0; diff --git a/libsepol/src/user_internal.h b/libsepol/src/user_internal.h index 7523b7d54076..f5b22b023034 100644 --- a/libsepol/src/user_internal.h +++ b/libsepol/src/user_internal.h @@ -3,18 +3,5 @@ #include #include -#include "dso.h" -hidden_proto(sepol_user_add_role) - hidden_proto(sepol_user_create) - hidden_proto(sepol_user_free) - hidden_proto(sepol_user_get_mlslevel) - hidden_proto(sepol_user_get_mlsrange) - hidden_proto(sepol_user_get_roles) - hidden_proto(sepol_user_has_role) - hidden_proto(sepol_user_key_create) - hidden_proto(sepol_user_key_unpack) - hidden_proto(sepol_user_set_mlslevel) - hidden_proto(sepol_user_set_mlsrange) - hidden_proto(sepol_user_set_name) #endif diff --git a/libsepol/src/user_record.c b/libsepol/src/user_record.c index fa95f2d1b227..ac5200604091 100644 --- a/libsepol/src/user_record.c +++ b/libsepol/src/user_record.c @@ -51,7 +51,6 @@ int sepol_user_key_create(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_user_key_create) void sepol_user_key_unpack(const sepol_user_key_t * key, const char **name) { @@ -59,7 +58,6 @@ void sepol_user_key_unpack(const sepol_user_key_t * key, const char **name) *name = key->name; } -hidden_def(sepol_user_key_unpack) int sepol_user_key_extract(sepol_handle_t * handle, const sepol_user_t * user, @@ -115,7 +113,6 @@ int sepol_user_set_name(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_user_set_name) /* MLS */ const char *sepol_user_get_mlslevel(const sepol_user_t * user) @@ -124,7 +121,6 @@ const char *sepol_user_get_mlslevel(const sepol_user_t * user) return user->mls_level; } -hidden_def(sepol_user_get_mlslevel) int sepol_user_set_mlslevel(sepol_handle_t * handle, sepol_user_t * user, const char *mls_level) @@ -141,7 +137,6 @@ int sepol_user_set_mlslevel(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_user_set_mlslevel) const char *sepol_user_get_mlsrange(const sepol_user_t * user) { @@ -149,7 +144,6 @@ const char *sepol_user_get_mlsrange(const sepol_user_t * user) return user->mls_range; } -hidden_def(sepol_user_get_mlsrange) int sepol_user_set_mlsrange(sepol_handle_t * handle, sepol_user_t * user, const char *mls_range) @@ -166,7 +160,6 @@ int sepol_user_set_mlsrange(sepol_handle_t * handle, return STATUS_SUCCESS; } -hidden_def(sepol_user_set_mlsrange) /* Roles */ int sepol_user_get_num_roles(const sepol_user_t * user) @@ -207,7 +200,6 @@ int sepol_user_add_role(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_user_add_role) int sepol_user_has_role(const sepol_user_t * user, const char *role) { @@ -220,7 +212,6 @@ int sepol_user_has_role(const sepol_user_t * user, const char *role) return 0; } -hidden_def(sepol_user_has_role) int sepol_user_set_roles(sepol_handle_t * handle, sepol_user_t * user, @@ -292,7 +283,6 @@ int sepol_user_get_roles(sepol_handle_t * handle, return STATUS_ERR; } -hidden_def(sepol_user_get_roles) void sepol_user_del_role(sepol_user_t * user, const char *role) { @@ -330,7 +320,6 @@ int sepol_user_create(sepol_handle_t * handle, sepol_user_t ** user_ptr) return STATUS_SUCCESS; } -hidden_def(sepol_user_create) /* Deep copy clone */ int sepol_user_clone(sepol_handle_t * handle, @@ -386,4 +375,3 @@ void sepol_user_free(sepol_user_t * user) free(user); } -hidden_def(sepol_user_free) diff --git a/libsepol/src/util.c b/libsepol/src/util.c index a4008882b94b..d51750af3fa1 100644 --- a/libsepol/src/util.c +++ b/libsepol/src/util.c @@ -27,7 +27,6 @@ #include #include #include -#include struct val_to_name { unsigned int val; @@ -250,7 +249,7 @@ static inline int tokenize_str(char delim, char **str, char **ptr, size_t *len) * contain the remaining content of line_buf. If the delimiter is any whitespace * character, then all whitespace will be squashed. */ -int hidden tokenize(char *line_buf, char delim, int num_args, ...) +int tokenize(char *line_buf, char delim, int num_args, ...) { char **arg, *buf_p; int rc, items; From patchwork Tue Mar 10 21:08:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 11430261 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3B19D924 for ; Tue, 10 Mar 2020 21:09:07 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1A61821655 for ; Tue, 10 Mar 2020 21:09:07 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="HRN3Ob6N" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727528AbgCJVJG (ORCPT ); Tue, 10 Mar 2020 17:09:06 -0400 Received: from mail-pl1-f193.google.com ([209.85.214.193]:47061 "EHLO mail-pl1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727124AbgCJVJG (ORCPT ); Tue, 10 Mar 2020 17:09:06 -0400 Received: by mail-pl1-f193.google.com with SMTP id w12so1913pll.13 for ; Tue, 10 Mar 2020 14:09:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=w1BLOn/WwCUI6P/iUbnLwRBlX0rkCjebBOdJ2mFB1p8=; b=HRN3Ob6NbOopfsDlnQRFEGf91Pf4AYN27OaiOo191vUsdYEC8/VZ/m3JjEeBTfq3Ky O4Ro7qTNgXWQQcEPAG2ZArrHoMj+8gAttB8rsqQNPVYth+vHQssHRHtqnX7CT5ElYwl8 KP1Y6+H2s0wFaNNbrtYayJBDR7zouOC9bnhi2VQZzNjpq9AVwNJcJSIaYaGdXi0uWcgD 0W5iMYUXYSvsYckmi08IQmVySIsqCP2+y1P5+yTtPLatGuU16dwGSf8azyVLwwTThR+4 iMEnoIv5KRPTGpjpThn5k/U1T3MbTb6XnAvM3f3rALkPi2LanPtSbTiblkFMz6OOvsJ7 aYRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=w1BLOn/WwCUI6P/iUbnLwRBlX0rkCjebBOdJ2mFB1p8=; b=cJPDJAX6Afd/ILqgNWKRzySyqR6Z5OuL8xLtbFdtvpBwTX3kMaVE2RxedzPoZ7TxZs oHhne/NTCcOtCQvsQOz/hehMr/9QyfqWIOv7BNLM0QwyRpyu7LLmV86fRqAH/rGBNtu+ 0aVD7uIRfAgyyqzWToEPXjErJX4OTCyn9QHXlnK2g+Jgx5640vFqSvCURwcICvIik6tY HlMRhJvmf+6JpS5EFSwlR4BPxmkFs5dcV0WQr14dvPJa7q1QpM2sYH8ns0ykon5erkQd ITiFJanHL+vp14AMS7EiE0qNb990jYijoTuRpw9Fwpbf/3AEtPqZP8PKA1G4p9NmHIPX 2UWg== X-Gm-Message-State: ANhLgQ2PTvwNpGyYQzSr/2dYUbU4Q9rt3cIjQDPRCW2nriauR0oVKLU9 QmyHT8ftKNvkO/+bJ0kmi2Y= X-Google-Smtp-Source: ADFU+vvpReba+SrOHFV8IDiL9DR5MPYNAF1Wj+ZdoxMNj9Hk3sknlVnOgnPtKh7S1SLzOSe+3brKmQ== X-Received: by 2002:a17:902:8549:: with SMTP id d9mr22035273plo.153.1583874545721; Tue, 10 Mar 2020 14:09:05 -0700 (PDT) Received: from localhost.localdomain ([192.55.54.42]) by smtp.gmail.com with ESMTPSA id s11sm19378807pfh.7.2020.03.10.14.09.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2020 14:09:05 -0700 (PDT) From: bill.c.roberts@gmail.com X-Google-Original-From: william.c.roberts@intel.com To: nicolas.iooss@m4x.org, selinux@vger.kernel.org Cc: bill.c.roberts@gmail.com, drepper@redhat.com, omosnace@redhat.com, plautrba@redhat.com, stephen.smalley.work@gmail.com, william.c.roberts@intel.com Subject: [PATCH v2 2/3] libsepol/Makefile: add -fno-semantic-interposition Date: Tue, 10 Mar 2020 16:08:53 -0500 Message-Id: <20200310210854.466-3-william.c.roberts@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200310210854.466-1-william.c.roberts@intel.com> References: <20200309152539.8581-1-william.c.roberts@intel.com> <20200310210854.466-1-william.c.roberts@intel.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: William Roberts Add -fno-semantic-interposition to CFLAGS. This will restore the DSO infrastructures protections to insure internal callers of exported symbols call into libselinux and not something loading first in the library list. Clang has this enabled by default. Signed-off-by: William Roberts --- libsepol/src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsepol/src/Makefile b/libsepol/src/Makefile index ccb702338446..8d466f56ed0e 100644 --- a/libsepol/src/Makefile +++ b/libsepol/src/Makefile @@ -19,7 +19,7 @@ LIBMAP=libsepol.map LIBSO=$(TARGET).$(LIBVERSION) OBJS= $(patsubst %.c,%.o,$(sort $(wildcard *.c))) LOBJS= $(patsubst %.c,%.lo,$(sort $(wildcard *.c))) -CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute -O2 +CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-format-attribute -O2 -fno-semantic-interposition override CFLAGS += -I. -I../include -D_GNU_SOURCE From patchwork Tue Mar 10 21:08:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: William Roberts X-Patchwork-Id: 11430265 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 60B5714B7 for ; Tue, 10 Mar 2020 21:09:17 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2D45E21655 for ; Tue, 10 Mar 2020 21:09:17 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="jZ9tKajW" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727647AbgCJVJK (ORCPT ); Tue, 10 Mar 2020 17:09:10 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:40075 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727591AbgCJVJK (ORCPT ); Tue, 10 Mar 2020 17:09:10 -0400 Received: by mail-pf1-f194.google.com with SMTP id l184so42267pfl.7 for ; Tue, 10 Mar 2020 14:09:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=fhzx7LABj10WHNDCd5+l58vTXwAnQjLzYJ4ZXRcsBuI=; b=jZ9tKajWH9SS0NmVGB/glKxchrP4z/hJatVDBYfTfvC0ddkEQm9j5uOgPxFNF9JMlu bbNcAKqZ7OyQfezgg7Kkw8HQGTBUr8b/OffoRfHzFnBougw6a1aqXzn2MircYPrf0wKQ XGvgD8Ji8syX/i7Per9CnIYiRPcF+c5ZJtLQhDDKP5hn4SCGpOe2ZQX3poIHruv2Dvw4 SzDltqh2ssnMAIjJhgPveIUXzti1G+ctyxlnO4IROwCaKnV097Y2r+N12/3uTobuROae e8QfsO68DDfY3ZhiXzG1s3x8ICBfRAxr7CWxRbFzgpocNMEFXnlQkqGU0QHIDRRVT4Zc gYrA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=fhzx7LABj10WHNDCd5+l58vTXwAnQjLzYJ4ZXRcsBuI=; b=bgMJ++BHk6mkggUaYrpAUyLTqAtx9iM+IpgW6g4oEyFzd6fZ2c+w107+ul6pAY1egx 6o4mgXycRw1dc9yXdv2PimBwUJDsr6zYvqkoeDJ5VD/jQgq2wi3LyAHcgWlKtH3Fgua8 czl3CYetY8ETY3eWuLTZrs62ZjGPa8GlfDEEH5XGJcGQSeMJZDh5wJM8ZBFV6xbdCiAt g31z+gl5JOtrOBzY7xOj4Ou0XB0rPJZ/SdJbUaxCFTEhfHc/xu2G0bRxzkEkn9j+ptNB +9WVY7zhKz4Cb1/L94eBOWya9/7scHRVfDM0vLTOkMBzpRyr8nvSKTILXXKIhZoPF2z6 /6CQ== X-Gm-Message-State: ANhLgQ0myZ85WE6kXWgaRtLVDava+EMajLXSjZ8RssPqNSCcE1OKA0nb 2Nkz9kWllZDo6w2FQ+EBnfg= X-Google-Smtp-Source: ADFU+vtas43NAgd3taGEvrYWqxJdRDQevLUvAdc1dV90k0vx2lF+RKEIKmCS+C94vac6crJhFnaj4g== X-Received: by 2002:a63:b508:: with SMTP id y8mr23000859pge.225.1583874548158; Tue, 10 Mar 2020 14:09:08 -0700 (PDT) Received: from localhost.localdomain ([192.55.54.42]) by smtp.gmail.com with ESMTPSA id s11sm19378807pfh.7.2020.03.10.14.09.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 10 Mar 2020 14:09:07 -0700 (PDT) From: bill.c.roberts@gmail.com X-Google-Original-From: william.c.roberts@intel.com To: nicolas.iooss@m4x.org, selinux@vger.kernel.org Cc: bill.c.roberts@gmail.com, drepper@redhat.com, omosnace@redhat.com, plautrba@redhat.com, stephen.smalley.work@gmail.com, william.c.roberts@intel.com Subject: [PATCH v2 3/3] lbespol: remove wild cards in mapfile Date: Tue, 10 Mar 2020 16:08:54 -0500 Message-Id: <20200310210854.466-4-william.c.roberts@intel.com> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20200310210854.466-1-william.c.roberts@intel.com> References: <20200309152539.8581-1-william.c.roberts@intel.com> <20200310210854.466-1-william.c.roberts@intel.com> Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org From: William Roberts With the old hidden_def and hidden_proto DSO infrastructure removed, correctness of the map file becomes paramount, as it is what filters out public API. Because of this, the wild cards should not be used, as it lets some functions through that should not be made public API. Thus remove the wild cards, and sort the list. Additionally, verify that nothing changed in external symbols as well: This was checked by generating an old export map (from master): nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map Then creating a new one for this library after this patch is applied: nm --defined-only -g ./src/libsepol.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map And diffing them: Acked-by: Stephen Smalley diff old.map new.map Signed-off-by: William Roberts --- libsepol/src/libsepol.map.in | 275 +++++++++++++++++++++++++++++++---- 1 file changed, 245 insertions(+), 30 deletions(-) diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in index f4946a79cae7..f08c2a861693 100644 --- a/libsepol/src/libsepol.map.in +++ b/libsepol/src/libsepol.map.in @@ -1,39 +1,254 @@ LIBSEPOL_1.0 { - global: - expand_module_avrules; - sepol_module_package_*; sepol_link_modules; sepol_expand_module; sepol_link_packages; - sepol_bool_*; sepol_genbools*; - sepol_context_*; sepol_mls_*; sepol_check_context; - sepol_iface_*; - sepol_port_*; - sepol_ibpkey_*; - sepol_ibendport_*; - sepol_node_*; - sepol_user_*; sepol_genusers; sepol_set_delusers; - sepol_msg_*; sepol_debug; - sepol_handle_*; - sepol_policydb_*; sepol_set_policydb_from_file; - sepol_policy_kern_*; - sepol_policy_file_*; - sepol_get_disable_dontaudit; - sepol_set_disable_dontaudit; - sepol_set_expand_consume_base; - sepol_get_preserve_tunables; sepol_set_preserve_tunables; + global: + cil_add_file; + cil_build_policydb; + cil_compile; + cil_db_destroy; cil_db_init; + cil_filecons_to_string; + cil_selinuxusers_to_string; cil_set_disable_dontaudit; cil_set_disable_neverallow; - cil_set_preserve_tunables; cil_set_handle_unknown; - cil_db_destroy; - cil_add_file; - cil_compile; - cil_build_policydb; - cil_userprefixes_to_string; - cil_selinuxusers_to_string; - cil_filecons_to_string; - cil_set_log_level; cil_set_log_handler; - cil_set_malloc_error_handler; + cil_set_log_level; + cil_set_preserve_tunables; + cil_userprefixes_to_string; + expand_module_avrules; + sepol_bool_clone; + sepol_bool_compare; + sepol_bool_compare2; + sepol_bool_count; + sepol_bool_create; + sepol_bool_exists; + sepol_bool_free; + sepol_bool_get_name; + sepol_bool_get_value; + sepol_bool_iterate; + sepol_bool_key_create; + sepol_bool_key_extract; + sepol_bool_key_free; + sepol_bool_key_unpack; + sepol_bool_query; + sepol_bool_set; + sepol_bool_set_name; + sepol_bool_set_value; + sepol_check_context; + sepol_context_check; + sepol_context_clone; + sepol_context_create; + sepol_context_free; + sepol_context_from_string; + sepol_context_get_mls; + sepol_context_get_role; + sepol_context_get_type; + sepol_context_get_user; + sepol_context_set_mls; + sepol_context_set_role; + sepol_context_set_type; + sepol_context_set_user; + sepol_context_to_string; + sepol_debug; + sepol_expand_module; + sepol_genbools; + sepol_genbools_array; + sepol_genusers; + sepol_get_disable_dontaudit; + sepol_get_preserve_tunables; + sepol_handle_create; + sepol_handle_destroy; + sepol_ibendport_alloc_ibdev_name; + sepol_ibendport_clone; + sepol_ibendport_compare; + sepol_ibendport_compare2; + sepol_ibendport_count; + sepol_ibendport_create; + sepol_ibendport_exists; + sepol_ibendport_free; + sepol_ibendport_get_con; + sepol_ibendport_get_ibdev_name; + sepol_ibendport_get_port; + sepol_ibendport_iterate; + sepol_ibendport_key_create; + sepol_ibendport_key_extract; + sepol_ibendport_key_free; + sepol_ibendport_key_unpack; + sepol_ibendport_modify; + sepol_ibendport_query; + sepol_ibendport_set_con; + sepol_ibendport_set_ibdev_name; + sepol_ibendport_set_port; + sepol_ibpkey_clone; + sepol_ibpkey_compare; + sepol_ibpkey_compare2; + sepol_ibpkey_count; + sepol_ibpkey_create; + sepol_ibpkey_exists; + sepol_ibpkey_free; + sepol_ibpkey_get_con; + sepol_ibpkey_get_high; + sepol_ibpkey_get_low; + sepol_ibpkey_get_subnet_prefix; + sepol_ibpkey_get_subnet_prefix_bytes; + sepol_ibpkey_iterate; + sepol_ibpkey_key_create; + sepol_ibpkey_key_extract; + sepol_ibpkey_key_free; + sepol_ibpkey_key_unpack; + sepol_ibpkey_modify; + sepol_ibpkey_query; + sepol_ibpkey_set_con; + sepol_ibpkey_set_pkey; + sepol_ibpkey_set_range; + sepol_ibpkey_set_subnet_prefix; + sepol_ibpkey_set_subnet_prefix_bytes; + sepol_iface_clone; + sepol_iface_compare; + sepol_iface_compare2; + sepol_iface_count; + sepol_iface_create; + sepol_iface_exists; + sepol_iface_free; + sepol_iface_get_ifcon; + sepol_iface_get_msgcon; + sepol_iface_get_name; + sepol_iface_iterate; + sepol_iface_key_create; + sepol_iface_key_extract; + sepol_iface_key_free; + sepol_iface_key_unpack; + sepol_iface_modify; + sepol_iface_query; + sepol_iface_set_ifcon; + sepol_iface_set_msgcon; + sepol_iface_set_name; + sepol_link_modules; + sepol_link_packages; + sepol_mls_check; + sepol_mls_contains; + sepol_module_package_create; + sepol_module_package_free; + sepol_module_package_get_file_contexts; + sepol_module_package_get_file_contexts_len; + sepol_module_package_get_netfilter_contexts; + sepol_module_package_get_netfilter_contexts_len; + sepol_module_package_get_policy; + sepol_module_package_get_seusers; + sepol_module_package_get_seusers_len; + sepol_module_package_get_user_extra; + sepol_module_package_get_user_extra_len; + sepol_module_package_info; + sepol_module_package_read; + sepol_module_package_set_file_contexts; + sepol_module_package_set_netfilter_contexts; + sepol_module_package_set_seusers; + sepol_module_package_set_user_extra; + sepol_module_package_write; + sepol_msg_get_channel; + sepol_msg_get_fname; + sepol_msg_get_level; + sepol_msg_set_callback; + sepol_node_clone; + sepol_node_compare; + sepol_node_compare2; + sepol_node_count; + sepol_node_create; + sepol_node_exists; + sepol_node_free; + sepol_node_get_addr; + sepol_node_get_addr_bytes; + sepol_node_get_con; + sepol_node_get_mask; + sepol_node_get_mask_bytes; + sepol_node_get_proto; + sepol_node_get_proto_str; + sepol_node_iterate; + sepol_node_key_create; + sepol_node_key_extract; + sepol_node_key_free; + sepol_node_key_unpack; + sepol_node_modify; + sepol_node_query; + sepol_node_set_addr; + sepol_node_set_addr_bytes; + sepol_node_set_con; + sepol_node_set_mask; + sepol_node_set_mask_bytes; + sepol_node_set_proto; + sepol_policydb_compat_net; + sepol_policydb_create; + sepol_policydb_free; + sepol_policydb_from_image; + sepol_policydb_mls_enabled; + sepol_policydb_read; + sepol_policydb_set_handle_unknown; + sepol_policydb_set_target_platform; + sepol_policydb_set_typevers; + sepol_policydb_set_vers; + sepol_policydb_to_image; + sepol_policydb_write; + sepol_policy_file_create; + sepol_policy_file_free; + sepol_policy_file_get_len; + sepol_policy_file_set_fp; + sepol_policy_file_set_handle; + sepol_policy_file_set_mem; + sepol_policy_kern_vers_max; + sepol_policy_kern_vers_min; + sepol_port_clone; + sepol_port_compare; + sepol_port_compare2; + sepol_port_count; + sepol_port_create; + sepol_port_exists; + sepol_port_free; + sepol_port_get_con; + sepol_port_get_high; + sepol_port_get_low; + sepol_port_get_proto; + sepol_port_get_proto_str; + sepol_port_iterate; + sepol_port_key_create; + sepol_port_key_extract; + sepol_port_key_free; + sepol_port_key_unpack; + sepol_port_modify; + sepol_port_query; + sepol_port_set_con; + sepol_port_set_port; + sepol_port_set_proto; + sepol_port_set_range; + sepol_set_delusers; + sepol_set_disable_dontaudit; + sepol_set_expand_consume_base; + sepol_set_policydb_from_file; + sepol_set_preserve_tunables; + sepol_user_add_role; + sepol_user_clone; + sepol_user_compare; + sepol_user_compare2; + sepol_user_count; + sepol_user_create; + sepol_user_del_role; + sepol_user_exists; + sepol_user_free; + sepol_user_get_mlslevel; + sepol_user_get_mlsrange; + sepol_user_get_name; + sepol_user_get_num_roles; + sepol_user_get_roles; + sepol_user_has_role; + sepol_user_iterate; + sepol_user_key_create; + sepol_user_key_extract; + sepol_user_key_free; + sepol_user_key_unpack; + sepol_user_modify; + sepol_user_query; + sepol_user_set_mlslevel; + sepol_user_set_mlsrange; + sepol_user_set_name; + sepol_user_set_roles; local: *; };