From 01964798fa5984de06c3b51645a7ca0650922d8c Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 15 Oct 2019 15:30:32 +0200
Subject: [PATCH] SELinux userspace 3.0-rc1 release candidate

---
 .gitignore                                    |  1 +
 ...ort-disabling-an-optional-block-only.patch | 43 +++++++++++++++++++
 libsepol.spec                                 | 23 ++++++----
 sources                                       |  2 +-
 4 files changed, 59 insertions(+), 10 deletions(-)
 create mode 100644 0001-libsepol-cil-Report-disabling-an-optional-block-only.patch

diff --git a/.gitignore b/.gitignore
index 73dc65c..ff10dff 100644
--- a/.gitignore
+++ b/.gitignore
@@ -174,3 +174,4 @@ libsepol-2.0.41.tgz
 /libsepol-2.9-rc1.tar.gz
 /libsepol-2.9-rc2.tar.gz
 /libsepol-2.9.tar.gz
+/libsepol-3.0-rc1.tar.gz
diff --git a/0001-libsepol-cil-Report-disabling-an-optional-block-only.patch b/0001-libsepol-cil-Report-disabling-an-optional-block-only.patch
new file mode 100644
index 0000000..4ddd2f7
--- /dev/null
+++ b/0001-libsepol-cil-Report-disabling-an-optional-block-only.patch
@@ -0,0 +1,43 @@
+From c7527bdb608b3d2f2283047bcc6faeecd1ebfaf4 Mon Sep 17 00:00:00 2001
+From: James Carter <jwcart2@tycho.nsa.gov>
+Date: Fri, 1 Nov 2019 09:50:53 -0400
+Subject: [PATCH] libsepol/cil: Report disabling an optional block only at high
+ verbose levels
+
+Since failing to resolve a statement in an optional block is normal,
+only display messages about the statement failing to resolve and the
+optional block being disabled at the highest verbosity level.
+
+These messages are now only at log level CIL_INFO instead of CIL_WARN.
+
+Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
+---
+ libsepol/cil/src/cil_resolve_ast.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
+index 70a60bdfa024..875758609494 100644
+--- a/libsepol/cil/src/cil_resolve_ast.c
++++ b/libsepol/cil/src/cil_resolve_ast.c
+@@ -3761,14 +3761,16 @@ int __cil_resolve_ast_node_helper(struct cil_tree_node *node, uint32_t *finished
+ 		enum cil_log_level lvl = CIL_ERR;
+ 
+ 		if (optstack != NULL) {
+-			lvl = CIL_WARN;
++			lvl = CIL_INFO;
+ 
+ 			struct cil_optional *opt = (struct cil_optional *)optstack->data;
+ 			struct cil_tree_node *opt_node = opt->datum.nodes->head->data;
+-			cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
+ 			/* disable an optional if something failed to resolve */
+ 			opt->enabled = CIL_FALSE;
++			cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
++			cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
+ 			rc = SEPOL_OK;
++			goto exit;
+ 		}
+ 
+ 		cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
+-- 
+2.23.0
+
diff --git a/libsepol.spec b/libsepol.spec
index 3cb2e61..cd8f054 100644
--- a/libsepol.spec
+++ b/libsepol.spec
@@ -1,15 +1,17 @@
 Summary: SELinux binary policy manipulation library
 Name: libsepol
-Version: 2.9
-Release: 2%{?dist}
+Version: 3.0
+Release: 0.rc.1%{?dist}
 License: LGPLv2+
-Source0: https://github.com/SELinuxProject/selinux/releases/download/20190315/libsepol-2.9.tar.gz
-# download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
-# run:
-# $ VERSION=2.9 ./make-fedora-selinux-patch.sh libsepol
-# HEAD https://github.com/fedora-selinux/selinux/commit/431f72836d6c02450725cf6ffb1c7223b9fa6acc
-# Patch1: libsepol-fedora.patch
+Source0: https://github.com/SELinuxProject/selinux/releases/download/20191031/libsepol-3.0-rc1.tar.gz
 URL: https://github.com/SELinuxProject/selinux/wiki
+# $ git clone https://github.com/fedora-selinux/selinux.git
+# $ cd selinux
+# $ git format-patch libsepol-3.0-rc1 -- libsepol
+# $ i=1; for j in 00*patch; do printf "Patch%04d: %s\n" $i $j; i=$((i+1));done
+# Patch list start
+Patch0001: 0001-libsepol-cil-Report-disabling-an-optional-block-only.patch
+# Patch list end
 BuildRequires: gcc
 BuildRequires: flex
 
@@ -46,7 +48,7 @@ The libsepol-static package contains the static libraries and header files
 needed for developing applications that manipulate binary policies. 
 
 %prep
-%autosetup -p 1 -n libsepol-%{version}
+%autosetup -p 1 -n libsepol-%{version}-rc1
 
 # sparc64 is an -fPIC arch, so we need to fix it here
 %ifarch sparc64
@@ -95,6 +97,9 @@ exit 0
 %{_libdir}/libsepol.so.1
 
 %changelog
+* Mon Nov 11 2019 Petr Lautrbach <plautrba@redhat.com> - 3.0-0.rc.1
+- SELinux userspace 3.0-rc1 release
+
 * Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.9-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
 
diff --git a/sources b/sources
index 22b50c8..d52d424 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (libsepol-2.9.tar.gz) = 415af623c2b2898d98828c9bf0b12cf05d05790d2b412cad291f0759a8c3feacf1bd88c2ba6f2f1bca8f9f71e1627e9d5b1b69d60e7ef96fdd52df8a3d57d3e9
+SHA512 (libsepol-3.0-rc1.tar.gz) = 7cd57732b59a8e869a33583651b26cd741e08a02b3afd5b3e6f92fbd529f9b1b1e45477d8001cee5a6f1a53503d4ce40f0d143c3c19648e1d3dce1539e2dd8b2