From c5016e12276621bf46fbe9d9798b0d8735e55189 Mon Sep 17 00:00:00 2001
From: Ryan Lee <ryan.lee@canonical.com>
Date: Wed, 12 Feb 2025 12:46:15 -0800
Subject: [PATCH 1/3] libapparmor: use long as the intermediate pid_t
 conversion type

The previous code using intmax_t failed to build on armhf because
intmax_t was long long int instead of long int on that platform.
As to shrinking down to a long: not only does SWIG lack a
SWIG_AsVal_intmax_t, but aalogparse also assumes PIDs fit in a long
by storing them as unsigned longs in aa_log_record. Thus, we can
assume that sizeof(pid_t) <= sizeof(long) right now and deal with
the big headache that a change to pid_t would cause if it becomes
larger than a long in the future.

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
---
 libraries/libapparmor/swig/SWIG/libapparmor.i | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index 029fafdd7..1e9252d76 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -315,10 +315,16 @@ extern int aa_stack_onexec(const char *profile);
  * We can't use "typedef int pid_t" because we still support systems
  * with 16-bit PIDs and SWIG can't find sys/types.h
  *
- * Capture the passed-in value as an intmax_t because pid_t is guaranteed
- * to be a signed integer
+ * Capture the passed-in value as a long because pid_t is guaranteed
+ * to be a signed integer and because the aalogparse struct uses
+ * (unsigned) longs to store pid values. While intmax_t would be more
+ * technically correct, if sizeof(pid_t) > sizeof(long) then aalogparse
+ * itself would also need fixing.
  */
-%typemap(in,noblock=1,fragment="SWIG_AsVal_long") pid_t (int conv_pid, intmax_t pid_large) {
+%typemap(in,noblock=1,fragment="SWIG_AsVal_long") pid_t (int conv_pid, long pid_large) {
+%#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
+  static_assert(sizeof(pid_t) <= sizeof(long));
+%#endif
   conv_pid = SWIG_AsVal_long($input, &pid_large);
   if (!SWIG_IsOK(conv_pid)) {
     %argument_fail(conv_pid, "pid_t", $symname, $argnum);
@@ -328,7 +334,7 @@ extern int aa_stack_onexec(const char *profile);
    * Technically this is implementation-defined behaviour but we should be fine
    */
   $1 = (pid_t) pid_large;
-  if ((intmax_t) $1 != pid_large) {
+  if ((long) $1 != pid_large) {
     SWIG_exception_fail(SWIG_OverflowError, "pid_t is too large");
   }
 }

From 87b60e4e94229e20510e4c0d9b8f2d45b0973660 Mon Sep 17 00:00:00 2001
From: Ryan Lee <ryan.lee@canonical.com>
Date: Wed, 12 Feb 2025 14:43:43 -0800
Subject: [PATCH 2/3] libapparmor: swig: specify message for static_assert
 usages

The message being optional is apparently a C23 thing that was available as an extension on the systems I tested on previously

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
---
 libraries/libapparmor/swig/SWIG/libapparmor.i | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index 1e9252d76..f31e2f60b 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -258,7 +258,7 @@ extern int aa_is_enabled(void);
  * allocation uninitialized (0) != SWIG_NEWOBJ
  */
 %#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
-  static_assert(SWIG_NEWOBJ != 0);
+  static_assert(SWIG_NEWOBJ != 0, "SWIG_NEWOBJ is 0");
 %#endif
   if ($1 != NULL && alloc_tracking$argnum != NULL) {
     for (Py_ssize_t i=0; i<seq_len$argnum; i++) {
@@ -323,7 +323,8 @@ extern int aa_stack_onexec(const char *profile);
  */
 %typemap(in,noblock=1,fragment="SWIG_AsVal_long") pid_t (int conv_pid, long pid_large) {
 %#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
-  static_assert(sizeof(pid_t) <= sizeof(long));
+  static_assert(sizeof(pid_t) <= sizeof(long),
+    "pid_t type is too large to be stored in a long");
 %#endif
   conv_pid = SWIG_AsVal_long($input, &pid_large);
   if (!SWIG_IsOK(conv_pid)) {

From af883bb70672e468edcdb92ad05d8be7e16137c9 Mon Sep 17 00:00:00 2001
From: Ryan Lee <ryan.lee@canonical.com>
Date: Wed, 12 Feb 2025 14:53:34 -0800
Subject: [PATCH 3/3] libapparmor: swig: remove instance of label followed by
 declaration

Signed-off-by: Ryan Lee <ryan.lee@canonical.com>
---
 libraries/libapparmor/swig/SWIG/libapparmor.i | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/libraries/libapparmor/swig/SWIG/libapparmor.i b/libraries/libapparmor/swig/SWIG/libapparmor.i
index f31e2f60b..9c01b182b 100644
--- a/libraries/libapparmor/swig/SWIG/libapparmor.i
+++ b/libraries/libapparmor/swig/SWIG/libapparmor.i
@@ -258,7 +258,13 @@ extern int aa_is_enabled(void);
  * allocation uninitialized (0) != SWIG_NEWOBJ
  */
 %#if defined(__STDC_VERSION__) && __STDC_VERSION__ >= 201112L
-  static_assert(SWIG_NEWOBJ != 0, "SWIG_NEWOBJ is 0");
+  /* 
+   * Some older versions of SWIG place this right after a goto label
+   * This would then be a label followed by a declaration, a C23 extension (!)
+   * To ensure this works for older SWIG versions and older compilers,
+   * make this a block element with curly braces.
+   */
+  {static_assert(SWIG_NEWOBJ != 0, "SWIG_NEWOBJ is 0");}
 %#endif
   if ($1 != NULL && alloc_tracking$argnum != NULL) {
     for (Py_ssize_t i=0; i<seq_len$argnum; i++) {