dist-git conversion

- Fix getfilecon return codes

Makefile

@@ -1,6 +0,0 @@
-# Makefile for source rpm: libselinux
-# $Id$
-NAME := libselinux
-SPECFILE = $(firstword $(wildcard *.spec))
-
-include ../common/Makefile.common

libselinux-filecon.patch

@@ -0,0 +1,69 @@
+--- libselinux-2.0.14/src/fgetfilecon.c	2007-04-24 10:36:20.000000000 -0400
++++ libselinux-2.0.14.new/src/fgetfilecon.c	2007-09-13 09:06:28.000000000 -0400
+@@ -37,6 +37,11 @@
+ 		ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
+ 	}
+       out:
++	if (ret == 0) {
++		/* Re-map empty attribute values to errors. */
++		errno = EOPNOTSUPP;
++		ret = -1;
++	}
+ 	if (ret < 0)
+ 		free(buf);
+ 	else
+@@ -51,6 +56,8 @@
+ 	security_context_t rcontext;
+ 	int ret;
+ 
++	*context = NULL;
++
+ 	ret = fgetfilecon_raw(fd, &rcontext);
+ 
+ 	if (ret > 0) {
+--- libselinux-2.0.14/src/getfilecon.c	2007-04-24 10:36:21.000000000 -0400
++++ libselinux-2.0.14.new/src/getfilecon.c	2007-09-13 09:06:13.000000000 -0400
+@@ -37,6 +37,11 @@
+ 		ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ 	}
+       out:
++	if (ret == 0) {
++		/* Re-map empty attribute values to errors. */
++		errno = EOPNOTSUPP;
++		ret = -1;
++	}
+ 	if (ret < 0)
+ 		free(buf);
+ 	else
+@@ -51,6 +56,8 @@
+ 	int ret;
+ 	security_context_t rcontext;
+ 
++	*context = NULL;
++
+ 	ret = getfilecon_raw(path, &rcontext);
+ 
+ 	if (ret > 0) {
+--- libselinux-2.0.14/src/lgetfilecon.c	2007-04-24 10:36:20.000000000 -0400
++++ libselinux-2.0.14.new/src/lgetfilecon.c	2007-09-13 09:06:23.000000000 -0400
+@@ -37,6 +37,11 @@
+ 		ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ 	}
+       out:
++	if (ret == 0) {
++		/* Re-map empty attribute values to errors. */
++		errno = EOPNOTSUPP;
++		ret = -1;
++	}
+ 	if (ret < 0)
+ 		free(buf);
+ 	else
+@@ -51,6 +56,8 @@
+ 	int ret;
+ 	security_context_t rcontext;
+ 
++	*context = NULL;
++
+ 	ret = lgetfilecon_raw(path, &rcontext);
+ 
+ 	if (ret > 0) {

libselinux-swig.patch

@@ -0,0 +1,426 @@
+diff -up libselinux-2.0.14/src/fsetfilecon.c.swig libselinux-2.0.14/src/fsetfilecon.c
+--- libselinux-2.0.14/src/fsetfilecon.c.swig	2007-09-25 17:34:07.000000000 -0400
++++ libselinux-2.0.14/src/fsetfilecon.c	2007-09-25 17:35:17.000000000 -0400
+@@ -13,7 +13,7 @@ int fsetfilecon_raw(int fd, security_con
+ 			 0);
+ }
+ 
+-hidden_def(setfilecon_raw)
++hidden_def(fsetfilecon_raw)
+ 
+ int fsetfilecon(int fd, security_context_t context)
+ {
+diff -up libselinux-2.0.14/src/selinuxswig.i.swig libselinux-2.0.14/src/selinuxswig.i
+--- libselinux-2.0.14/src/selinuxswig.i.swig	2007-09-13 09:17:31.000000000 -0400
++++ libselinux-2.0.14/src/selinuxswig.i	2007-09-13 09:17:31.000000000 -0400
+@@ -1,7 +1,9 @@
+-/* Author: Dan Walsh
++/* Authors: Dan Walsh
++ *          James Athey
+  *
+  * Copyright (C) 2004-2005 Red Hat
+- * 
++ * Copyright (C) 2007 Tresys Technology, LLC
++ *
+  *  This library is free software; you can redistribute it and/or
+  *  modify it under the terms of the GNU Lesser General Public
+  *  License as published by the Free Software Foundation; either
+@@ -17,207 +19,47 @@
+  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+  */
+ 
+-
+ %module selinux
+ %{
+ 	#include "selinux/selinux.h"
+-	#include "selinux/get_context_list.h"
+ %}
+-%apply int *OUTPUT { int * };
++%apply int *OUTPUT { int *enforce };
+ %apply int *OUTPUT { size_t * };
+ 
+-%typemap(in, numinputs=0) security_context_t *(security_context_t temp=NULL) {
+-	$1 = &temp;
+-}
+-%typemap(argout) security_context_t * (char *temp=NULL) {
+-	if (*$1)
+-		temp = *$1;
+-	else
+-		temp = "";
+-	$result = SWIG_Python_AppendOutput($result, PyString_FromString(temp));
+-}
+-
+-%typemap(in) security_context_t {
+-	$1 = (security_context_t)PyString_AsString($input);
+-}
+-
+ %typedef unsigned mode_t;
+ 
+-%include "../include/selinux/get_context_list.h"
+-
+-extern int is_selinux_enabled(void);
+-extern int is_selinux_mls_enabled(void);
+-extern void freecon(security_context_t con);
+-extern void freeconary(security_context_t * con);
+-extern int getcon(security_context_t *con);
+-extern int setcon(security_context_t con);
+-extern int getpidcon(int pid, security_context_t *con);
+-extern int getprevcon(security_context_t *con);
+-extern int getexeccon(security_context_t *con);
+-extern int setexeccon(security_context_t con);
+-extern int getfscreatecon(security_context_t *con);
+-extern int setfscreatecon(security_context_t context);
+-extern int getkeycreatecon(security_context_t *con);
+-extern int setkeycreatecon(security_context_t context);
+-extern int getsockcreatecon(security_context_t *con);
+-extern int setsockcreatecon(security_context_t context);
+-extern int getfilecon(const char *path, security_context_t *con);
+-extern int lgetfilecon(const char *path, security_context_t *con);
+-extern int fgetfilecon(int fd, security_context_t *con);
+-extern int setfilecon(const char *path, security_context_t con);
+-extern int lsetfilecon(const char *path, security_context_t con);
+-extern int fsetfilecon(int fd, security_context_t con);
+-extern int getpeercon(int fd, security_context_t *con);
+-extern int selinux_mkload_policy(int preservebools);
+-extern int selinux_init_load_policy(int *enforce);
+-extern int security_set_boolean_list(size_t boolcnt, 
+-				     SELboolean *boollist, 
+-				     int permanent);
+-extern int security_load_booleans(char *path);
+-extern int security_check_context(security_context_t con);
+-extern int security_canonicalize_context(security_context_t con,
+-					 security_context_t *canoncon);
+-extern int security_getenforce(void);
+-extern int security_setenforce(int value);
+-extern int security_policyvers(void);
+-extern int security_get_boolean_names(char ***names, int *len);
+-extern int security_get_boolean_pending(const char *name);
+-extern int security_get_boolean_active(const char *name);
+-extern int security_set_boolean(const char *name, int value);
+-extern int security_commit_booleans(void);
+-
+-/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
+-#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
+-#define MATCHPATHCON_NOTRANS  2 /* Do not perform any context translation. */
+-extern void set_matchpathcon_flags(unsigned int flags);
+-extern int matchpathcon_init(const char *path);
+-extern int matchpathcon(const char *path,
+-			mode_t mode,
+-			security_context_t *con);
+-
+-extern int matchpathcon_init_prefix(const char *path,
+-				    const char *prefix);
+-extern void matchpathcon_fini(void);
+-
+-
+-extern int matchmediacon(const char *media,
+-		 security_context_t *con);
+-
+-extern int selinux_getenforcemode(int *enforce);
+-extern const char *selinux_policy_root(void);
+-extern const char *selinux_binary_policy_path(void);
+-extern const char *selinux_failsafe_context_path(void);
+-extern const char *selinux_removable_context_path(void);
+-extern const char *selinux_default_context_path(void);
+-extern const char *selinux_user_contexts_path(void);
+-extern const char *selinux_file_context_path(void);
+-extern const char *selinux_file_context_homedir_path(void);
+-extern const char *selinux_file_context_local_path(void);
+-extern const char *selinux_homedir_context_path(void);
+-extern const char *selinux_media_context_path(void);
+-extern const char *selinux_contexts_path(void);
+-extern const char *selinux_securetty_types_path(void);
+-extern const char *selinux_booleans_path(void);
+-extern const char *selinux_customizable_types_path(void);
+-extern const char *selinux_users_path(void);
+-extern const char *selinux_usersconf_path(void);
+-extern const char *selinux_translations_path(void);
+-extern const char *selinux_netfilter_context_path(void);
+-extern const char *selinux_path(void);
+-#extern int selinux_check_passwd_access(access_vector_t requested);
+-#extern int checkPasswdAccess(access_vector_t requested);
+-
+-extern int selinux_check_securetty_context(security_context_t tty_context);
+-void set_selinuxmnt(char *mnt);
+-
+-#ifdef SWIGpython
+-// This tells SWIG to treat char ** as a special case
+-%typemap(in) char ** {
+-  /* Check if is a list */
+-  if (PyList_Check($input)) {
+-    int size = PyList_Size($input);
+-    int i = 0;
+-    $1 = (char **) malloc((size+1)*sizeof(char *));
+-    if ($1 == NULL) {
+-	PyErr_SetString(PyExc_MemoryError,"Out of memory");
+-	return NULL;
+-    }
+-    for (i = 0; i < size; i++) {
+-      PyObject *o = PyList_GetItem($input,i);
+-      if (PyString_Check(o))
+-	$1[i] = PyString_AsString(PyList_GetItem($input,i));
+-      else {
+-	PyErr_SetString(PyExc_TypeError,"list must contain strings");
+-	free($1);
+-	return NULL;
+-      }
+-    }
+-    $1[i] = 0;
+-  } else {
+-    PyErr_SetString(PyExc_TypeError,"not a list");
+-    return NULL;
+-  }
++%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
++	$1 = &temp1;
++	$2 = &temp2;
+ }
+-#endif
+ 
+-%typemap(in) char * const [] {
+-	int i, size;
+-	PyObject * s;
+-
+-	if (!PySequence_Check($input)) {
+-		PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+-		return NULL;
+-	}
+-
+-	size = PySequence_Size($input);
+-	
+-	$1 = (char**) malloc(size + 1);
+-
+-	for(i = 0; i < size; i++) {
+-		if (!PyString_Check(PySequence_GetItem($input, i))) {
+-			PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+-			return NULL;
++%typemap(freearg) (char ***names, int *len) {
++	int i;
++	if (*$1) {
++		for (i = 0; i < *$2; i++) {
++			free((*$1)[i]);
+ 		}
++		free(*$1);
+ 	}
+-		
+-	for(i = 0; i < size; i++) {
+-		s = PySequence_GetItem($input, i);
+-		$1[i] = (char*) malloc(PyString_Size(s) + 1);
+-		strcpy($1[i], PyString_AsString(s));
+-	}
+-	$1[size] = NULL;
+-}
+-
+-%typemap(freearg,match="in") char * const [] {
+-	int i = 0;
+-	while($1[i]) {
+-		free($1[i]);
+-		i++;
+-	}
+-	free($1);
+ }
+ 
+-extern int rpm_execcon(unsigned int verified,
+-		       const char *filename,
+-		       char *const argv[], char *const envp[]);
+-
+-extern int is_context_customizable (security_context_t scontext);
+-
+-extern int selinux_trans_to_raw_context(char *trans, 
+-					security_context_t *rawp);
+-extern int selinux_raw_to_trans_context(char *raw, 
+-					security_context_t *transp);
+-
+-%typemap(in, numinputs=0) char **(char *temp=NULL) {
++%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) {
+ 	$1 = &temp;
+ }
+ 
+-%typemap(argout) char ** {
+-	$result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1));
++%typemap(freearg) (security_context_t **) {
++	if (*$1) freeconary(*$1);
+ }
+-extern int selinux_getpolicytype(char **enforce);
+-extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+ 
+-int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
+-int selinux_file_context_verify(const char *path, mode_t mode);
+-int selinux_lsetfilecon_default(const char *path);
++/* Ignore functions that don't make sense when wrapped */
++%ignore freecon;
++%ignore freeconary;
++
++/* Ignore functions that take a function pointer as an argument */
++%ignore set_matchpathcon_printf;
++%ignore set_matchpathcon_invalidcon;
++%ignore set_matchpathcon_canoncon;
++
++%include "../include/selinux/selinux.h"
++%include "../include/selinux/get_default_type.h"
++%include "../include/selinux/get_context_list.h"
+diff -up /dev/null libselinux-2.0.14/src/selinuxswig_python.i
+--- /dev/null	2007-09-21 05:53:11.538007738 -0400
++++ libselinux-2.0.14/src/selinuxswig_python.i	2007-09-13 09:17:31.000000000 -0400
+@@ -0,0 +1,138 @@
++/* Author: James Athey
++ *
++ * Copyright (C) 2007 Tresys Technology, LLC
++ *
++ *  This library is free software; you can redistribute it and/or
++ *  modify it under the terms of the GNU Lesser General Public
++ *  License as published by the Free Software Foundation; either
++ *  version 2.1 of the License, or (at your option) any later version.
++ *
++ *  This library is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ *  Lesser General Public License for more details.
++ *
++ *  You should have received a copy of the GNU Lesser General Public
++ *  License along with this library; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ */
++
++%module selinux
++%{
++	#include "selinux/selinux.h"
++%}
++
++/* security_get_boolean_names() typemap */
++%typemap(argout) (char ***names, int *len) {
++	PyObject* list = PyList_New(*$2);
++	int i;
++	for (i = 0; i < *$2; i++) {
++		PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
++	}
++	$result = SWIG_Python_AppendOutput($result, list);
++}
++
++/* Makes security_compute_user() return a Python list of contexts */
++%typemap(argout) (security_context_t **con) {
++	PyObject* plist;
++	int i, len = 0;
++	
++	if (*$1) {
++		while((*$1)[len])
++			len++;
++		plist = PyList_New(len);
++		for (i = 0; i < len; i++) {
++			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
++		}
++	} else {
++		plist = PyList_New(0);
++	}
++
++	$result = SWIG_Python_AppendOutput($result, plist);
++}
++
++/* Makes functions in get_context_list.h return a Python list of contexts */
++%typemap(argout) (security_context_t **list) {
++	PyObject* plist;
++	int i;
++	
++	if (*$1) {
++		plist = PyList_New(result);
++		for (i = 0; i < result; i++) {
++			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
++		}
++	} else {
++		plist = PyList_New(0);
++	}
++	/* Only return the Python list, don't need to return the length anymore */
++	$result = plist;
++}
++
++%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
++	$1 = &temp;
++}
++%typemap(freearg,match="in") security_context_t * "";
++%typemap(argout,noblock=1) security_context_t * {
++	if (*$1) {
++		%append_output(SWIG_FromCharPtr(*$1));
++		freecon(*$1);
++	}
++	else {
++		Py_INCREF(Py_None);
++		%append_output(Py_None);
++	}
++}
++
++%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
++	$1 = &temp;
++}
++%typemap(freearg,match="in") char ** "";
++%typemap(argout,noblock=1) char ** {
++	if (*$1) {
++		%append_output(SWIG_FromCharPtr(*$1));
++		free(*$1);
++	}
++	else {
++		Py_INCREF(Py_None);
++		%append_output(Py_None);
++	}
++}
++
++%typemap(in) char * const [] {
++	int i, size;
++	PyObject * s;
++
++	if (!PySequence_Check($input)) {
++		PyErr_SetString(PyExc_ValueError, "Expected a sequence");
++		return NULL;
++	}
++
++	size = PySequence_Size($input);
++	
++	$1 = (char**) malloc(size + 1);
++
++	for(i = 0; i < size; i++) {
++		if (!PyString_Check(PySequence_GetItem($input, i))) {
++			PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
++			return NULL;
++		}
++	}
++		
++	for(i = 0; i < size; i++) {
++		s = PySequence_GetItem($input, i);
++		$1[i] = (char*) malloc(PyString_Size(s) + 1);
++		strcpy($1[i], PyString_AsString(s));
++	}
++	$1[size] = NULL;
++}
++
++%typemap(freearg,match="in") char * const [] {
++	int i = 0;
++	while($1[i]) {
++		free($1[i]);
++		i++;
++	}
++	free($1);
++}
++
++%include "selinuxswig.i"
+diff -up libselinux-2.0.14/src/Makefile.swig libselinux-2.0.14/src/Makefile
+--- libselinux-2.0.14/src/Makefile.swig	2007-09-27 10:33:38.000000000 -0400
++++ libselinux-2.0.14/src/Makefile	2007-09-27 10:30:26.000000000 -0400
+@@ -12,7 +12,7 @@ LIBVERSION = 1
+ 
+ LIBA=libselinux.a 
+ TARGET=libselinux.so
+-SWIGIF= selinuxswig.i
++SWIGIF= selinuxswig_python.i
+ SWIGCOUT= selinuxswig_wrap.c
+ SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) 
+ SWIGSO=_selinux.so
+diff -up libselinux-2.0.14/Makefile.swig libselinux-2.0.14/Makefile
+--- libselinux-2.0.14/Makefile.swig	2007-09-13 09:17:31.000000000 -0400
++++ libselinux-2.0.14/Makefile	2007-09-13 09:17:31.000000000 -0400
+@@ -2,7 +2,7 @@ all: 
+ 	$(MAKE) -C src 
+ 	$(MAKE) -C utils
+ 
+-swigify: 
++swigify: all
+ 	$(MAKE) -C src swigify
+ 
+ pywrap: 

libselinux.spec

@@ -1,12 +1,14 @@
-%define libsepolver 2.0.1-1
+	%define libsepolver 2.0.1-1
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.0.14
-Release: 1%{?dist}
+Release: 11%{?dist}
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
 Patch: libselinux-rhat.patch
+Patch1: libselinux-swig.patch
+Patch2: libselinux-filecon.patch
 
 BuildRequires: libsepol-devel >= %{libsepolver} swig
 Requires: libsepol >= %{libsepolver} setransd
@@ -50,9 +52,12 @@ needed for developing SELinux applications.
 %prep
 %setup -q
 %patch -p1 -b .rhat
+%patch1 -p1 -b .swig
+%patch2 -p1 -b .filecon
 
 %build
 make clean
+make CFLAGS="-g %{optflags}" swigify
 make CFLAGS="-g %{optflags}" all pywrap
 
 %install
@@ -97,7 +102,6 @@ exit 0
 %files
 %defattr(-,root,root,0755)
 /%{_lib}/libselinux.so.*
-%{_libdir}/libselinux.so
 %{_sbindir}/avcstat
 %{_sbindir}/getenforce
 %{_sbindir}/getsebool
@@ -111,6 +115,7 @@ exit 0
 %files devel
 %defattr(-,root,root)
 %{_libdir}/libselinux.a
+%{_libdir}/libselinux.so
 %dir %{_includedir}/selinux
 %{_includedir}/selinux/*
 %{_mandir}/man3/*
@@ -121,6 +126,39 @@ exit 0
 %{_libdir}/python*/site-packages/selinux.py*
 
 %changelog
+* Thu Nov 15 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-11
+- Move libselinux.so back to devel package; procps fixed
+
+* Thu Sep 27 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-10
+- Move libselinux.so back to base package; procps broken
+
+* Thu Sep 27 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-9
+- Fix swig bindings
+
+* Tue Sep 25 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-8
+- Fix swig use of fsetfilecon_raw
+
+* Thu Sep 13 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-7
+- Update swig bindings
+- Fix getfilecon return codes
+
+* Thu Sep 6 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-6
+- fix swig binding for rpm_execcon
+
+* Fri Aug 10 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-5
+- Move libselinux.so to devel package
+
+* Wed Jul 11 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-4
+- Second try to add nscd permissions
+
+* Wed Jul 11 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-3
+- Fix man pages
+- Add new nscd permissions
+
+* Tue Apr 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-2
+- Update swig on each build
+- Fix segfault on x86 platforms
+
 * Tue Apr 24 2007 Dan Walsh <dwalsh@redhat.com> - 2.0.14-1
 - Upgrade to upstream
 	* Merged build fix for avc_internal.c from Joshua Brindle.