From 55487515e7dbfca9cec15c435ac4071d72c774ec Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Tue, 27 Feb 2024 14:01:48 +0800
Subject: [PATCH] backport upstream patch

---
 backport-hashtab-update.patch                 |   7 +-
 ...-macro-parameters-and-replacement-li.patch | 116 ++++++++++++++++++
 libsepol.spec                                 |   6 +-
 3 files changed, 126 insertions(+), 3 deletions(-)
 create mode 100644 backport-libsepol-enclose-macro-parameters-and-replacement-li.patch

diff --git a/backport-hashtab-update.patch b/backport-hashtab-update.patch
index 6031182..ac7dfe2 100644
--- a/backport-hashtab-update.patch
+++ b/backport-hashtab-update.patch
@@ -21,7 +21,7 @@ Acked-by: James Carter <jwcart2@gmail.com>
  2 files changed, 8 insertions(+), 8 deletions(-)
 
 diff --git a/libsepol/include/sepol/policydb/hashtab.h b/libsepol/include/sepol/policydb/hashtab.h
-index 060e8c9c5..3fcd1fdce 100644
+index 060e8c9c..3fcd1fdc 100644
 --- a/libsepol/include/sepol/policydb/hashtab.h
 +++ b/libsepol/include/sepol/policydb/hashtab.h
 @@ -108,7 +108,7 @@ extern int hashtab_map(hashtab_t h,
@@ -34,7 +34,7 @@ index 060e8c9c5..3fcd1fdce 100644
  #ifdef __cplusplus
  }
 diff --git a/libsepol/src/hashtab.c b/libsepol/src/hashtab.c
-index 4a827fd31..b1a9bdc2f 100644
+index 4a827fd3..b1a9bdc2 100644
 --- a/libsepol/src/hashtab.c
 +++ b/libsepol/src/hashtab.c
 @@ -103,10 +103,10 @@ static void hashtab_check_resize(hashtab_t h)
@@ -89,3 +89,6 @@ index 4a827fd31..b1a9bdc2f 100644
 +	    ("%s:  %d entries and %zu/%d buckets used, longest chain length %zu\n",
  	     tag, h->nel, slots_used, h->size, max_chain_len);
  }
+-- 
+2.33.0
+
diff --git a/backport-libsepol-enclose-macro-parameters-and-replacement-li.patch b/backport-libsepol-enclose-macro-parameters-and-replacement-li.patch
new file mode 100644
index 0000000..1163fd3
--- /dev/null
+++ b/backport-libsepol-enclose-macro-parameters-and-replacement-li.patch
@@ -0,0 +1,116 @@
+From 65b3f695be306ad8f525d4db2befd55336bd0a09 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
+Date: Wed, 13 Jul 2022 15:43:43 +0200
+Subject: [PATCH] libsepol: enclose macro parameters and replacement lists in
+ parentheses
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
+Acked-by: James Carter <jwcart2@gmail.com>
+---
+ libsepol/include/sepol/errcodes.h          | 13 ++++++-------
+ libsepol/include/sepol/policydb/policydb.h | 10 +++++-----
+ libsepol/src/kernel_to_cil.c               |  2 +-
+ libsepol/src/module_to_cil.c               |  2 +-
+ libsepol/src/util.c                        |  2 +-
+ 5 files changed, 14 insertions(+), 15 deletions(-)
+
+diff --git a/libsepol/include/sepol/errcodes.h b/libsepol/include/sepol/errcodes.h
+index 6e9ff316..e5fe71e3 100644
+--- a/libsepol/include/sepol/errcodes.h
++++ b/libsepol/include/sepol/errcodes.h
+@@ -16,15 +16,14 @@ extern "C" {
+  * codes that don't map to system error codes should be defined
+  * outside of the range of system error codes.
+  */
+-#define SEPOL_ERR            -1
+-#define SEPOL_ENOTSUP        -2  /* feature not supported in module language */
+-#define SEPOL_EREQ           -3  /* requirements not met */
++#define SEPOL_ERR            (-1)
++#define SEPOL_ENOTSUP        (-2)  /* feature not supported in module language */
++#define SEPOL_EREQ           (-3)  /* requirements not met */
+ 
+ /* Error codes that map to system error codes */
+-#define SEPOL_ENOMEM         -ENOMEM
+-#define SEPOL_ERANGE         -ERANGE
+-#define SEPOL_EEXIST         -EEXIST
+-#define SEPOL_ENOENT         -ENOENT
++#define SEPOL_ENOMEM         (-ENOMEM)
++#define SEPOL_EEXIST         (-EEXIST)
++#define SEPOL_ENOENT         (-ENOENT)
+ 
+ #ifdef __cplusplus
+ }
+diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
+index de0068a6..ef1a014a 100644
+--- a/libsepol/include/sepol/policydb/policydb.h
++++ b/libsepol/include/sepol/policydb/policydb.h
+@@ -251,9 +251,9 @@ typedef struct class_perm_node {
+ 	struct class_perm_node *next;
+ } class_perm_node_t;
+ 
+-#define xperm_test(x, p) (UINT32_C(1) & (p[x >> 5] >> (x & 0x1f)))
+-#define xperm_set(x, p) (p[x >> 5] |= (UINT32_C(1) << (x & 0x1f)))
+-#define xperm_clear(x, p) (p[x >> 5] &= ~(UINT32_C(1) << (x & 0x1f)))
++#define xperm_test(x, p) (UINT32_C(1) & ((p)[(x) >> 5] >> ((x) & 0x1f)))
++#define xperm_set(x, p) ((p)[(x) >> 5] |= (UINT32_C(1) << ((x) & 0x1f)))
++#define xperm_clear(x, p) ((p)[(x) >> 5] &= ~(UINT32_C(1) << ((x) & 0x1f)))
+ #define EXTENDED_PERMS_LEN 8
+ 
+ typedef struct av_extended_perms {
+@@ -795,9 +795,9 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
+ 
+ #define policydb_has_boundary_feature(p)			\
+ 	(((p)->policy_type == POLICY_KERN			\
+-	  && p->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
++	  && (p)->policyvers >= POLICYDB_VERSION_BOUNDARY) ||	\
+ 	 ((p)->policy_type != POLICY_KERN			\
+-	  && p->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
++	  && (p)->policyvers >= MOD_POLICYDB_VERSION_BOUNDARY))
+ 
+ /* the config flags related to unknown classes/perms are bits 2 and 3 */
+ #define DENY_UNKNOWN	SEPOL_DENY_UNKNOWN
+diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
+index 9128ac55..5a1336a3 100644
+--- a/libsepol/src/kernel_to_cil.c
++++ b/libsepol/src/kernel_to_cil.c
+@@ -1626,7 +1626,7 @@ exit:
+ 	return rc;
+ }
+ 
+-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
+ 
+ static char *xperms_to_str(avtab_extended_perms_t *xperms)
+ {
+diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
+index b35bf055..b900290a 100644
+--- a/libsepol/src/module_to_cil.c
++++ b/libsepol/src/module_to_cil.c
+@@ -624,7 +624,7 @@ exit:
+ 	return rc;
+ }
+ 
+-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
+ 
+ static int xperms_to_cil(const av_extended_perms_t *xperms)
+ {
+diff --git a/libsepol/src/util.c b/libsepol/src/util.c
+index 1cd1308d..0a2edc85 100644
+--- a/libsepol/src/util.c
++++ b/libsepol/src/util.c
+@@ -124,7 +124,7 @@ char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
+ 	return avbuf;
+ }
+ 
+-#define next_bit_in_range(i, p) ((i + 1 < sizeof(p)*8) && xperm_test((i + 1), p))
++#define next_bit_in_range(i, p) (((i) + 1 < sizeof(p)*8) && xperm_test(((i) + 1), p))
+ 
+ char *sepol_extended_perms_to_string(avtab_extended_perms_t *xperms)
+ {
+-- 
+2.33.0
+
diff --git a/libsepol.spec b/libsepol.spec
index ca4030f..45ef89a 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -1,6 +1,6 @@
 Name:           libsepol
 Version:        3.3
-Release:        6
+Release:        7
 Summary:        SELinux binary policy manipulation library
 License:        LGPLv2+
 URL:            https://github.com/SELinuxProject/selinux/wiki/Releases
@@ -23,6 +23,7 @@ Patch0014:      backport-libsepol-validate-check-low-category-is-not-bigger-than
 Patch0015:      backport-libsepol-use-mallocarray-wrapper-to-avoid-overflows.patch
 Patch0016:      backport-libsepol-use-reallocarray-wrapper-to-avoid-overflows.patch
 Patch0017:      backport-libsepol-fix-reallocarray-imports.patch
+Patch0018:      backport-libsepol-enclose-macro-parameters-and-replacement-li.patch
 
 BuildRequires:  gcc flex
 
@@ -82,6 +83,9 @@ make DESTDIR="%{buildroot}" LIBDIR="%{_libdir}" SHLIBDIR="%{_libdir}" install
 %{_mandir}/man3/*
 
 %changelog
+* Tue Feb 27 2024 jinlun <jinlun@huawei.com> - 3.3-7
+- backport upstream patch
+
 * Tue Feb 22 2024 jinlun <jinlun@huawei.com> - 3.3-6
 - backport upstream patch
 
-- 
Gitee