libsepol: use logging framework in conditional.c

Use the internal logging framework instead of directly writing to stdout as it might be undesired to do so within a library. Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2021-12-09 17:48:58 +01:00 · 2021-12-09 17:48:58 +01:00 · 5c178f9f55
commit 5c178f9f55
parent 5139433056
1 changed files with 11 additions and 19 deletions
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@ -25,6 +25,7 @@
 #include <sepol/policydb/conditional.h>
 #include "private.h"
 #include "debug.h"
 /* move all type rules to top of t/f lists to help kernel on evaluation */
 static void cond_optimize(cond_av_list_t ** l)
@ -314,8 +315,7 @@ static int evaluate_cond_node(policydb_t * p, cond_node_t * node)
 	if (new_state != node->cur_state) {
 		node->cur_state = new_state;
 		if (new_state == -1)
-			printf
+			WARN(NULL, "expression result was undefined - disabling all rules.\n");
 			    ("expression result was undefined - disabling all rules.\n");
 		/* turn the rules on or off */
 		for (cur = node->true_list; cur != NULL; cur = cur->next) {
 			if (new_state <= 0) {
@ -368,8 +368,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
 		if (ne) {
 			ne->next = NULL;
 		} else {	/* ne should never be NULL */
-			printf
+			ERR(NULL, "Found expr with no bools and only a ! - this should never happen.\n");
 			    ("Found expr with no bools and only a ! - this should never happen.\n");
 			return -1;
 		}
 		/* swap the true and false lists */
@ -421,8 +420,7 @@ int cond_normalize_expr(policydb_t * p, cond_node_t * cn)
 			}
 			k = cond_evaluate_expr(p, cn->expr);
 			if (k == -1) {
-				printf
+				ERR(NULL, "While testing expression, expression result "
 				    ("While testing expression, expression result "
 				     "was undefined - this should never happen.\n");
 				return -1;
 			}
@ -635,8 +633,7 @@ static int cond_insertf(avtab_t * a
 	 */
 	if (k->specified & AVTAB_TYPE) {
 		if (avtab_search(&p->te_avtab, k)) {
-			printf
+			WARN(NULL, "security: type rule already exists outside of a conditional.");
 			    ("security: type rule already exists outside of a conditional.");
 			goto err;
 		}
 		/*
@ -652,8 +649,7 @@ static int cond_insertf(avtab_t * a
 			if (node_ptr) {
 				if (avtab_search_node_next
 				    (node_ptr, k->specified)) {
-					printf
+					ERR(NULL, "security: too many conflicting type rules.");
 					    ("security: too many conflicting type rules.");
 					goto err;
 				}
 				found = 0;
@ -664,15 +660,13 @@ static int cond_insertf(avtab_t * a
 					}
 				}
 				if (!found) {
-					printf
+					ERR(NULL, "security: conflicting type rules.\n");
 					    ("security: conflicting type rules.\n");
 					goto err;
 				}
 			}
 		} else {
 			if (avtab_search(&p->te_cond_avtab, k)) {
-				printf
+				ERR(NULL, "security: conflicting type rules when adding type rule for true.\n");
 				    ("security: conflicting type rules when adding type rule for true.\n");
 				goto err;
 			}
 		}
@ -680,7 +674,7 @@ static int cond_insertf(avtab_t * a
 	node_ptr = avtab_insert_nonunique(&p->te_cond_avtab, k, d);
 	if (!node_ptr) {
-		printf("security: could not insert rule.");
+		ERR(NULL, "security: could not insert rule.");
 		goto err;
 	}
 	node_ptr->parse_context = (void *)1;
@ -742,14 +736,12 @@ static int cond_read_av_list(policydb_t * p, void *fp,
 static int expr_isvalid(policydb_t * p, cond_expr_t * expr)
 {
 	if (expr->expr_type <= 0 || expr->expr_type > COND_LAST) {
-		printf
+		WARN(NULL, "security: conditional expressions uses unknown operator.\n");
 		    ("security: conditional expressions uses unknown operator.\n");
 		return 0;
 	}
 	if (expr->bool > p->p_bools.nprim) {
-		printf
+		WARN(NULL, "security: conditional expressions uses unknown bool.\n");
 		    ("security: conditional expressions uses unknown bool.\n");
 		return 0;
 	}
 	return 1;