Fix the following build warning:
policydb.c: In function ‘get_symtab_destroy_func’:
policydb.c:1581:9: error: cast between incompatible function types from ‘int (*)(char *, void *, void *)’ to ‘void (*)(char *, void *, void *)’ [-Werror=cast-function-type]
return (hashtab_destroy_func_t) destroy_f[sym_num];
^

It turns out that this function and type are long unused in libsepol
and are not exported APIs for the shared library, so just remove them.

Signed-off-by: Stephen Smalley <***@tycho.nsa.gov>
---
libsepol/include/sepol/policydb/policydb.h | 3 ---
libsepol/src/policydb.c | 8 --------
2 files changed, 11 deletions(-)

diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
index f8626ef4..271a82c9 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -646,9 +646,6 @@ extern int policydb_context_isvalid(const policydb_t * p,

extern void symtabs_destroy(symtab_t * symtab);
extern int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p);
-typedef void (*hashtab_destroy_func_t) (hashtab_key_t k, hashtab_datum_t d,
- void *args);
-extern hashtab_destroy_func_t get_symtab_destroy_func(int sym_num);

extern void class_perm_node_init(class_perm_node_t * x);
extern void type_set_init(type_set_t * x);
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index c7521235..dfedfafe 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -1573,14 +1573,6 @@ int scope_destroy(hashtab_key_t key, hashtab_datum_t datum, void *p
return 0;
}

-hashtab_destroy_func_t get_symtab_destroy_func(int sym_num)
-{
- if (sym_num < 0 || sym_num >= SYM_NUM) {
- return NULL;
- }
- return (hashtab_destroy_func_t) destroy_f[sym_num];
-}
-
/*
* Load the initial SIDs specified in a policy database
* structure into a SID table.

Fix the following warning in save_booleans(). We could likely drop
the function altogether, either ignoring or returning EINVAL if
a non-zero permanent argument is passed to security_set_boolean_list(),
since setting persistent booleans is now handled via libsemanage. This
code and the corresponding security_load_booleans() code is legacy from
RHEL4 days and could be removed although we would need to keep the ABI
for compatibility.

booleans.c: In function ‘save_booleans’:
booleans.c:441:13: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 8191 [-Werror=format-truncation=]
"%s=%d\n", boolname,
^~
booleans.c:440:7: note: ‘snprintf’ output between 4 and 8205 bytes into a destination of size 8192
snprintf(outbuf, sizeof(outbuf),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%s=%d\n", boolname,
~~~~~~~~~~~~~~~~~~~~
boollist[i].value);
~~~~~~~~~~~~~~~~~~
booleans.c:454:12: error: ‘%d’ directive output may be truncated writing between 1 and 11 bytes into a region of size between 0 and 8191 [-Werror=format-truncation=]
"%s=%d\n", boolname, val);
^~
booleans.c:453:6: note: ‘snprintf’ output between 4 and 8205 bytes into a destination of size 8192
snprintf(outbuf, sizeof(outbuf),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"%s=%d\n", boolname, val);
~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <***@tycho.nsa.gov>
---
libselinux/src/booleans.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
index 1da55bfd..b3ea3623 100644
--- a/libselinux/src/booleans.c
+++ b/libselinux/src/booleans.c
@@ -416,7 +416,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist)
ssize_t ret;
size_t size = 0;
int val;
- char boolname[BUFSIZ];
+ char boolname[BUFSIZ-3];
char *buffer;
inbuf = NULL;
__fsetlocking(boolf, FSETLOCKING_BYCALLER);
@@ -450,6 +450,7 @@ static int save_booleans(size_t boolcnt, SELboolean * boollist)
}
}
if (i == boolcnt) {
+ val = !!val;
snprintf(outbuf, sizeof(outbuf),
"%s=%d\n", boolname, val);
len = strlen(outbuf);
@@ -505,6 +506,7 @@ int security_set_boolean_list(size_t boolcnt, SELboolean * boollist,

size_t i;
for (i = 0; i < boolcnt; i++) {
+ boollist[i].value = !!boollist[i].value;
if (security_set_boolean(boollist[i].name, boollist[i].value)) {
rollback(boollist, i);
return -1;

Fix the following build warning.

avcstat.c: In function ‘main’:
avcstat.c:113:4: error: ‘strncpy’ specified bound 4096 equals destination size [-Werror=stringop-truncation]
strncpy(avcstatfile, optarg, sizeof avcstatfile);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <***@tycho.nsa.gov>
---
libselinux/utils/avcstat.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c
index 5ff582b8..884a10bf 100644
--- a/libselinux/utils/avcstat.c
+++ b/libselinux/utils/avcstat.c
@@ -110,7 +110,8 @@ int main(int argc, char **argv)
cumulative = 1;
break;
case 'f':
- strncpy(avcstatfile, optarg, sizeof avcstatfile);
+ strncpy(avcstatfile, optarg, sizeof(avcstatfile) - 1);
+ avcstatfile[sizeof(avcstatfile)-1] = '\0';
break;
case 'h':
case '-':

Fix the following build warnings.

audit2why.c: In function ‘__policy_init’:
audit2why.c:207:22: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4081 [-Wformat-truncation=]
"unable to open %s: %s\n",
^~
path, strerror(errno));
~~~~
audit2why.c:206:4: note: ‘snprintf’ output 20 or more bytes (assuming 4115) into a destination of size 4096
snprintf(errormsg, sizeof(errormsg),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"unable to open %s: %s\n",
~~~~~~~~~~~~~~~~~~~~~~~~~~~
path, strerror(errno));
~~~~~~~~~~~~~~~~~~~~~~
audit2why.c:253:28: warning: ‘%s’ directive output may be truncated writing up to 4095 bytes into a region of size 4074 [-Wformat-truncation=]
"invalid binary policy %s\n", path);
^~ ~~~~
audit2why.c:252:3: note: ‘snprintf’ output between 24 and 4119 bytes into a destination of size 4096
snprintf(errormsg, sizeof(errormsg),
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"invalid binary policy %s\n", path);
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Stephen Smalley <***@tycho.nsa.gov>
---
libselinux/src/audit2why.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
index 857383ac..0331fdfd 100644
--- a/libselinux/src/audit2why.c
+++ b/libselinux/src/audit2why.c
@@ -193,7 +193,7 @@ static int __policy_init(const char *init_path)
{
FILE *fp;
char path[PATH_MAX];
- char errormsg[PATH_MAX];
+ char errormsg[PATH_MAX+1024+20];
struct sepol_policy_file *pf = NULL;
int rc;
unsigned int cnt;