diff --git a/.github/workflows/CI-unixish.yml b/.github/workflows/CI-unixish.yml
index 6161f7019f8..4e2e90bbb39 100644
--- a/.github/workflows/CI-unixish.yml
+++ b/.github/workflows/CI-unixish.yml
@@ -359,7 +359,7 @@ jobs:
- name: Install missing software on ubuntu 22.04 (cfg)
if: matrix.os == 'ubuntu-22.04'
run: |
- sudo apt-get install libcairo2-dev libcurl4-openssl-dev liblua5.3-dev libssl-dev libsqlite3-dev libcppunit-dev libsigc++-2.0-dev libgtk-3-dev libboost-all-dev libwxgtk3.0-gtk3-dev xmlstarlet qtbase5-dev
+ sudo apt-get install libcairo2-dev libcurl4-openssl-dev liblua5.3-dev libssl-dev libsqlite3-dev libcppunit-dev libsigc++-2.0-dev libgtk-3-dev libboost-all-dev libselinux-dev libwxgtk3.0-gtk3-dev xmlstarlet qtbase5-dev
# coreutils contains "nproc"
- name: Install missing software on macos
diff --git a/cfg/selinux.cfg b/cfg/selinux.cfg
new file mode 100644
index 00000000000..e2d7ac34dc3
--- /dev/null
+++ b/cfg/selinux.cfg
@@ -0,0 +1,3621 @@
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ get_default_type
+ free
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ 0:5
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ selabel_open
+ selabel_close
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ selabel_lookup
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ selabel_lookup_raw
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ selabel_get_digests_all_partial_matches
+ free
+
+
+ selabel_get_digests_all_partial_matches
+ free
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ selabel_lookup_best_match
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ selabel_lookup_best_match_raw
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ context_new
+ context_free
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get_ordered_context_list
+ freeconary
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get_ordered_context_list_with_level
+ freeconary
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get_default_context
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get_default_context_with_level
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get_default_context_with_role
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ get_default_context_with_rolelevel
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ query_user_context
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ manual_user_enter_context
+ freecon
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ avc_sid_to_context
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ avc_sid_to_context
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+ 0,1
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+ 0,1
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getcon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getcon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getprevcon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getprevcon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getexeccon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getexeccon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ getpidcon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ getpidcon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ getpidprevcon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ getpidprevcon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getfscreatecon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getfscreatecon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getkeycreatecon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getkeycreatecon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getsockcreatecon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+ getsockcreatecon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ 0:
+
+
+
+
+
+
+ getpeercon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+ 0:
+
+
+
+
+
+
+ getpeercon_raw
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ getfilecon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ getfilecon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ lgetfilecon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ lgetfilecon_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+ 0:
+
+
+
+
+
+
+ fgetfilecon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+ 0:
+
+
+
+
+
+
+ fgetfilecon_raw
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+ 0:
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+ 0:
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ 0:4
+
+
+
+
+
+ false
+
+
+
+
+ 0:4
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_create
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_create_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_create_name
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_create_name_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_relabel
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_relabel
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_member
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_member_raw
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_user
+ freeconary
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_compute_user_raw
+ freeconary
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ security_get_initial_context
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ security_get_initial_context_raw
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ 0,1
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 0
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ security_get_boolean_names
+ free
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+ 0,1
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ security_canonicalize_context
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ security_canonicalize_context
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+ 0,1
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+ Disabling SELinux at runtime is deprecated and may not be supported on modern Linux kernels.
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ security_av_string
+ free
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+ 0:7
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ matchpathcon
+ freecon
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ matchpathcon_index
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ matchmediacon
+ freecon
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+ selinux_boolean_sub
+ free
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ selinux_getpolicytype
+ free
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ selinux_raw_context_to_color
+ free
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ selinux_trans_to_raw_context
+ free
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+ selinux_raw_to_trans_context
+ free
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ getseuserbyname
+ free
+
+
+ getseuserbyname
+ free
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ getseuser
+ free
+
+
+ getseuser
+ free
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+
+
+
+
+
+
+
+
+
+
+ false
+
+ This function is not thread safe. Be very sure that no other threads are calling into libselinux when this is called.
+
+
diff --git a/test/CMakeLists.txt b/test/CMakeLists.txt
index 845921daf17..3c4b83048b9 100644
--- a/test/CMakeLists.txt
+++ b/test/CMakeLists.txt
@@ -155,6 +155,7 @@ if (BUILD_TESTS)
add_cfg(posix.c)
add_cfg(python.c)
add_cfg(qt.cpp)
+ add_cfg(selinux.c)
add_cfg(sqlite3.c)
add_cfg(std.c)
add_cfg(std.cpp)
diff --git a/test/cfg/runtests.sh b/test/cfg/runtests.sh
index 64a18cd5bd6..1a1a307a513 100755
--- a/test/cfg/runtests.sh
+++ b/test/cfg/runtests.sh
@@ -454,6 +454,11 @@ function emscripten_fn {
true
}
+# selinux.c
+function selinux_fn {
+ true
+}
+
function check_file {
f=$(basename "$1")
lib="${f%%.*}"
@@ -538,6 +543,10 @@ function check_file {
qt_fn
"${CPPCHECK}" "${CPPCHECK_OPT[@]}" --library="$lib" "${DIR}""$f"
;;
+ selinux.c)
+ selinux_fn
+ "${CPPCHECK}" "${CPPCHECK_OPT[@]}" --library="$lib" "${DIR}""$f"
+ ;;
sqlite3.c)
sqlite3_fn
"${CPPCHECK}" "${CPPCHECK_OPT[@]}" --library="$lib" "${DIR}""$f"
diff --git a/test/cfg/selinux.c b/test/cfg/selinux.c
new file mode 100644
index 00000000000..15b48a36a4d
--- /dev/null
+++ b/test/cfg/selinux.c
@@ -0,0 +1,300 @@
+
+// Test library configuration for selinux.cfg
+//
+// Usage:
+// $ cppcheck --check-library --library=selinux --enable=style,information --inconclusive --error-exitcode=1 --disable=missingInclude --inline-suppr test/cfg/selinux.c
+// =>
+// No warnings about bad library configuration, unmatched suppressions, etc. exitcode=0
+//
+
+#include
+
+#include
+#include
+#include
+#include
+#include
+#include
+
+void restorecon(void)
+{
+ // cppcheck-suppress [ignoredReturnValue, nullPointer, invalidFunctionArgBool]
+ selinux_restorecon(NULL, true);
+
+ selinux_restorecon_set_sehandle(NULL);
+
+ // cppcheck-suppress ignoredReturnValue
+ selinux_restorecon_default_handle();
+
+ // cppcheck-suppress [ignoredReturnValue, nullPointer]
+ selinux_restorecon_set_alt_rootpath(NULL);
+
+ // cppcheck-suppress nullPointer
+ selinux_restorecon_set_exclude_list(NULL);
+
+ // cppcheck-suppress ignoredReturnValue
+ selinux_restorecon_get_skipped_errors();
+
+ struct dir_xattr **arg3;
+ // cppcheck-suppress [ignoredReturnValue, nullPointer, invalidFunctionArgBool, uninitvar]
+ selinux_restorecon_xattr(NULL, true, &arg3);
+}
+
+void get_default_type_fail(void)
+{
+ // cppcheck-suppress ignoredReturnValue
+ selinux_default_type_path();
+
+ char *type1;
+ // FIXME: report ignoredReturnValue
+ // cppcheck-suppress [nullPointer]
+ get_default_type(NULL, &type1);
+
+ char **type2;
+ // FIXME: report ignoredReturnValue
+ // cppcheck-suppress [uninitvar]
+ get_default_type("object_r", type2);
+
+ // cppcheck-suppress memleak
+}
+
+void get_default_type_success(void)
+{
+ char *type = NULL;
+ int err = get_default_type("object_r", &type);
+ if (err != 0)
+ return;
+ free(type);
+}
+
+void selabel_fail1(void)
+{
+ // cppcheck-suppress [unreadVariable, constVariablePointer]
+ struct selabel_handle *hnd = selabel_open(SELABEL_CTX_FILE, NULL, 1);
+
+ // cppcheck-suppress resourceLeak
+}
+
+void selabel_fail2(void)
+{
+ struct selabel_handle *hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+
+ char *ctx;
+ selabel_lookup(hnd, &ctx, "/", 0);
+
+ selabel_close(hnd);
+
+ // cppcheck-suppress memleak
+}
+
+void selabel_success(void)
+{
+ struct selabel_handle *hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+
+ char *ctx;
+ selabel_lookup(hnd, &ctx, "/", 0);
+
+ freecon(ctx);
+
+ (void)selabel_cmp(hnd, hnd);
+
+ selabel_stats(hnd);
+
+ selabel_close(hnd);
+}
+
+void context_fail1(void)
+{
+ // cppcheck-suppress [unreadVariable, nullPointer]
+ context_t con = context_new(NULL);
+
+ // cppcheck-suppress memleak
+}
+
+void context_fail2(void)
+{
+ // cppcheck-suppress unreadVariable
+ context_t con = context_new("kernel");
+
+ // cppcheck-suppress memleak
+}
+
+void context_success(void)
+{
+ context_t con = context_new("system_u:system_r:kernel_t:s0");
+
+ printf("%s: %s %s %s %s\n", context_str(con),
+ context_type_get(con), context_range_get(con),
+ context_role_get(con), context_user_get(con));
+
+ (void)context_type_set(con, "init_t");
+
+ context_free(con);
+}
+
+void get_ordered_context_list_fail1(void)
+{
+ char **ret;
+ // cppcheck-suppress nullPointer
+ get_ordered_context_list(NULL, NULL, &ret);
+
+ // cppcheck-suppress memleak
+}
+
+void get_ordered_context_list_fail2(void)
+{
+ char **ret;
+ get_ordered_context_list("root", NULL, &ret);
+
+ // cppcheck-suppress mismatchAllocDealloc
+ freecon((void*)ret);
+}
+
+void get_ordered_context_list_success1(void)
+{
+ char **ret;
+ get_ordered_context_list("root", NULL, &ret);
+ freeconary(ret);
+}
+
+void get_default_context_with_rolelevel_fail1(void)
+{
+ char *ctx;
+ // cppcheck-suppress nullPointer
+ get_default_context_with_rolelevel("root", NULL, "s0", "system_u:system_r:init_t:s0", &ctx);
+
+ // cppcheck-suppress memleak
+}
+
+void get_default_context_with_rolelevel_fail2(void)
+{
+ char *ctx;
+ get_default_context_with_rolelevel("root", "sysadm_r", NULL, NULL, &ctx);
+
+ // cppcheck-suppress mismatchAllocDealloc
+ freeconary((void*)ctx);
+}
+
+void get_default_context_with_rolelevel_success1(void)
+{
+ char *ctx;
+ get_default_context_with_rolelevel("root", "sysadm_r", NULL, NULL, &ctx);
+ freecon(ctx);
+}
+
+void selinux_status_fail1(void)
+{
+ // cppcheck-suppress [invalidFunctionArg, ignoredReturnValue]
+ selinux_status_open(-1);
+ // TODO: report leak
+}
+
+void selinux_status_success1(void)
+{
+ (void)selinux_status_open(0);
+ (void)selinux_status_updated();
+ selinux_status_close();
+}
+
+void realpath_not_final_fail1(void)
+{
+ char buf[64];
+ // cppcheck-suppress bufferAccessOutOfBounds
+ (void)realpath_not_final("/root", buf);
+}
+
+void realpath_not_final_success1(void)
+{
+#define PATH_MAX 4096
+ char buf[PATH_MAX + 1];
+ // cppcheck-suppress ignoredReturnValue
+ realpath_not_final("/root", buf);
+}
+
+void selinux_getpolicytype_fail1(void)
+{
+ // cppcheck-suppress nullPointer
+ selinux_getpolicytype(NULL);
+}
+
+void selinux_getpolicytype_fail2(void)
+{
+ char *type;
+ (void)selinux_getpolicytype(&type);
+
+ // cppcheck-suppress memleak
+}
+
+void selinux_check_access_fail1(void)
+{
+ const char *msg = "Hello World!";
+ // cppcheck-suppress [ignoredReturnValue, nullPointer]
+ selinux_check_access("foo", "bar", NULL, "baz", msg);
+}
+
+void selinux_check_access_success1(void)
+{
+ (void)selinux_check_access("kernel", "init", "file", "write", NULL);
+}
+
+void selinux_trans_to_raw_context_fail1(void)
+{
+ // FIXME: report ignoredReturnValue
+ // cppcheck-suppress nullPointer
+ selinux_trans_to_raw_context("kernel", NULL);
+}
+
+void selinux_trans_to_raw_context_fail2(void)
+{
+ char *ctx;
+ // FIXME: report ignoredReturnValue
+ selinux_trans_to_raw_context("kernel", &ctx);
+
+ // cppcheck-suppress memleak
+}
+
+void selinux_trans_to_raw_context_success1(void)
+{
+ char *ctx;
+ (void)selinux_trans_to_raw_context("kernel", &ctx);
+ free(ctx);
+}
+
+void getseuserbyname_fail1(void)
+{
+ char *seuser, *level;
+ // cppcheck-suppress nullPointer
+ getseuserbyname(NULL, &seuser, &level);
+ free(seuser);
+
+ // cppcheck-suppress memleak
+}
+
+void getseuserbyname_fail2(void)
+{
+ char *seuser, *level;
+ getseuserbyname("root", &seuser, &level);
+ free(level);
+
+ // FIXME: report memleak
+}
+
+void getseuserbyname_success1(void)
+{
+ char *seuser, *level;
+ getseuserbyname("root", &seuser, &level);
+ free(seuser);
+ free(level);
+}
+
+void danger1(void)
+{
+ // cppcheck-suppress selinux_reset_configCalled
+ selinux_reset_config();
+}
+
+void danger2(void)
+{
+ // cppcheck-suppress [security_disableCalled, ignoredReturnValue]
+ security_disable();
+}
diff --git a/tools/donate_cpu_lib.py b/tools/donate_cpu_lib.py
index d721914476e..37951c549e8 100644
--- a/tools/donate_cpu_lib.py
+++ b/tools/donate_cpu_lib.py
@@ -16,7 +16,7 @@
# Version scheme (MAJOR.MINOR.PATCH) should orientate on "Semantic Versioning" https://semver.org/
# Every change in this script should result in increasing the version number accordingly (exceptions may be cosmetic
# changes)
-CLIENT_VERSION = "1.3.60"
+CLIENT_VERSION = "1.3.61"
# Timeout for analysis with Cppcheck in seconds
CPPCHECK_TIMEOUT = 30 * 60
@@ -706,6 +706,7 @@ def __init__(self):
'qt': ['', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', '', ''],
+ #'selinux': ['', '"sqlite3.h"'],
'tinyxml2': ['