Cleanup

src/check_hooks.c

@@ -261,7 +261,7 @@ void display_check_issue_counts(const struct checks *ck)
 	qsort((void *) node_arr, num_nodes, sizeof(struct check_node *), comp_check_nodes);
 
 	unsigned int issue_count = 0;
-	char *old_issue_name = NULL;
+	const char *old_issue_name = NULL;
 	for (unsigned int i=0; i < num_nodes; i++) {
 		if (old_issue_name && 0 != strcmp(old_issue_name, node_arr[i]->check_id)) {
 			// New issue.  Print the old info

src/maps.c

@@ -419,12 +419,7 @@ int is_role_if(const char *if_name)
 	}
 }
 
-#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
-__attribute__((no_sanitize("unsigned-integer-overflow")))
-#if (__clang_major__ >= 12)
-__attribute__((no_sanitize("unsigned-shift-base")))
-#endif
-#endif
+no_sanitize_unsigned_integer_
 void mark_used_if(const char *if_name)
 {
 	struct if_hash_elem *used_if;
@@ -443,12 +438,7 @@ void mark_used_if(const char *if_name)
 	}
 }
 
-#if defined(__clang__) && defined(__clang_major__) && (__clang_major__ >= 4)
-__attribute__((no_sanitize("unsigned-integer-overflow")))
-#if (__clang_major__ >= 12)
-__attribute__((no_sanitize("unsigned-shift-base")))
-#endif
-#endif
+no_sanitize_unsigned_integer_
 int is_used_if(const char *if_name)
 {
 	struct if_hash_elem *used_if;

src/ordering.c

@@ -93,7 +93,7 @@ void calculate_longest_increasing_subsequence(const struct policy_node *head,
 		int low = 1;
 		int high = longest_seq;
 		while (low <= high) {
-			int mid = (low + high + 1) / 2; // Ceiling
+			int mid = low + (high - low + 1) / 2; // Ceiling
 			if (comp_func(ordering, nodes[nodes[mid-1].end_of_seq].node, nodes[index].node) >= 0) {
 				low = mid + 1;
 			} else {

src/parse_fc.c

@@ -166,7 +166,7 @@ struct sel_context *parse_context(char *context_str)
 	struct sel_context *context = xmalloc(sizeof(struct sel_context));
 	memset(context, 0, sizeof(struct sel_context));
 	// User
-	char *pos = strtok(context_str, ":");
+	const char *pos = strtok(context_str, ":");
 
 	if (pos == NULL) {
 		goto cleanup;

src/parse_functions.c

@@ -104,7 +104,7 @@ enum selint_error insert_declaration(struct policy_node **cur,
 			// If the name starts with $ we're probably doing something like associating
 			// a role with types in interfaces
 
-			char *mn = get_current_module_name();
+			const char *mn = get_current_module_name();
 
 			if (!mn) {
 				return SELINT_NO_MOD_NAME;
@@ -155,7 +155,7 @@ enum selint_error insert_aliases(struct policy_node **cur,
 			insert_decl_into_template_map(temp_name, flavor,
 			                              alias->string);
 		} else {
-			char *mn = get_current_module_name();
+			const char *mn = get_current_module_name();
 			if (!mn) {
 				free_string_list(aliases);
 				return SELINT_NO_MOD_NAME;
@@ -382,7 +382,7 @@ enum selint_error insert_role_transition(struct policy_node **cur,
                                          struct string_list *sources,
                                          struct string_list *targets,
                                          struct string_list *object_classes,
-                                         char *default_role,
+                                         const char *default_role,
                                          unsigned int lineno)
 {
 	struct role_transition_data *rt_data =
@@ -803,9 +803,6 @@ static enum node_flavor attr_to_node_flavor(enum attr_flavor flavor)
 static enum selint_error insert_attribute(struct policy_node **cur, enum attr_flavor flavor, const char *type, struct string_list *attrs, unsigned int lineno)
 {
 	struct attribute_data *data = xcalloc(1, sizeof(struct attribute_data));
-	if (!data) {
-		return SELINT_OUT_OF_MEM;
-	}
 	union node_data nd;
 	nd.at_data = data;
 

src/parse_functions.h

@@ -216,7 +216,7 @@ enum selint_error insert_role_transition(struct policy_node **cur,
                                          struct string_list *sources,
                                          struct string_list *targets,
                                          struct string_list *object_classes,
-                                         char *default_role,
+                                         const char *default_role,
                                          unsigned int lineno);
 
 enum selint_error insert_interface_call(struct policy_node **cur, const char *if_name,

src/startup.c

@@ -45,7 +45,7 @@ enum selint_error load_access_vectors_kernel(const char *av_path)
 
 	FTS *ftsp = fts_open(paths, FTS_PHYSICAL, NULL);
 
-	FTSENT *file = fts_read(ftsp);
+	const FTSENT *file = fts_read(ftsp);
 
 	while (file) {
 
@@ -219,14 +219,14 @@ enum selint_error load_modules_source(const char *modules_conf_path)
 			fclose(fd);
 			return SELINT_PARSE_ERROR;
 		}
-		char *mod_name = strip_space(pos);
+		const char *mod_name = strip_space(pos);
 		pos = strtok(NULL, "=");
 		if (!pos) {
 			free(line);
 			fclose(fd);
 			return SELINT_PARSE_ERROR;
 		}
-		char *status = strip_space(pos);
+		const char *status = strip_space(pos);
 		insert_into_mods_map(mod_name, status);
 		if (strtok(NULL, "=")) {
 			free(line);
@@ -296,7 +296,7 @@ enum selint_error load_devel_headers(struct policy_file_list *context_files)
 
 	FTS *ftsp = fts_open(paths, FTS_PHYSICAL | FTS_NOSTAT, NULL);
 
-	FTSENT *file = fts_read(ftsp);
+	const FTSENT *file = fts_read(ftsp);
 	while (file) {
 		const char *suffix = (file->fts_pathlen > 3) ? (file->fts_path + file->fts_pathlen - 3) : NULL;
 		if (suffix && !strcmp(suffix, ".if")) {

src/te_checks.c

@@ -197,7 +197,7 @@ struct check_result *check_no_self(__attribute__((unused)) const struct check_da
 	if (node->flavor != NODE_AV_RULE && node->flavor != NODE_XAV_RULE) {
 		return alloc_internal_error("Bad node type given to check C-007");
 	}
-	struct av_rule_data *av_data = node->data.av_data;
+	const struct av_rule_data *av_data = node->data.av_data;
 
 	if (av_data->sources->next ||
 	    av_data->targets->next ||

src/tree.c

@@ -32,10 +32,6 @@ enum selint_error insert_policy_node_child(struct policy_node *parent,
 	}
 
 	struct policy_node *to_insert = xmalloc(sizeof(struct policy_node));
-	if (!to_insert) {
-		return SELINT_OUT_OF_MEM;
-	}
-
 	to_insert->parent = parent;
 	to_insert->next = NULL;
 	to_insert->first_child = NULL;
@@ -73,9 +69,6 @@ enum selint_error insert_policy_node_next(struct policy_node *prev,
 	}
 
 	struct policy_node *to_insert = xmalloc(sizeof(struct policy_node));
-	if (!to_insert) {
-		return SELINT_OUT_OF_MEM;
-	}
 
 	prev->next = to_insert;
 
@@ -101,7 +94,7 @@ int is_template_call(const struct policy_node *node)
 		return 0;
 	}
 
-	char *call_name = node->data.ic_data->name;
+	const char *call_name = node->data.ic_data->name;
 
 	if (look_up_in_template_map(call_name)) {
 		return 1;
@@ -149,14 +142,14 @@ struct name_list *get_names_in_node(const struct policy_node *node)
 
 	struct name_list *ret = NULL;
 	struct name_list *cur = NULL;
-	struct av_rule_data *av_data;
-	struct type_transition_data *tt_data;
-	struct role_transition_data *rt_data;
-	struct declaration_data *d_data;
-	struct if_call_data *ifc_data;
-	struct role_allow_data *ra_data;
-	struct role_types_data *rtyp_data;
-	struct attribute_data *at_data;
+	const struct av_rule_data *av_data;
+	const struct type_transition_data *tt_data;
+	const struct role_transition_data *rt_data;
+	const struct declaration_data *d_data;
+	const struct if_call_data *ifc_data;
+	const struct role_allow_data *ra_data;
+	const struct role_types_data *rtyp_data;
+	const struct attribute_data *at_data;
 
 	switch (node->flavor) {
 	case NODE_AV_RULE: