re-add Erics patch for filename transitions

Update to upstream * Add new class field in role_transition by Harry Ciao.
2011-04-12 10:36:13 -04:00 · 2011-04-12 10:36:13 -04:00 · 53af5b6865
parent a3a7288b5c
commit 53af5b6865
2 changed files with 64 additions and 62 deletions
--- a/libsepol-rhat.patch
+++ b/libsepol-rhat.patch
@ -1,7 +1,8 @@
-diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.42/include/sepol/policydb/policydb.h
+diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
--- libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis	2010-12-21 16:41:58.000000000 -0500
+index 94b8609..7b23a16 100644
-+++ libsepol-2.0.42/include/sepol/policydb/policydb.h	2011-03-23 14:11:28.432820275 -0400
+--- a/libsepol/include/sepol/policydb/policydb.h
-@@ -135,6 +135,16 @@ typedef struct role_allow {
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -136,6 +136,16 @@ typedef struct role_allow {
 	struct role_allow *next;
 } role_allow_t;
@ -18,7 +19,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
 /* Type attributes */
 typedef struct type_datum {
 	symtab_datum_t s;
-@@ -245,6 +255,15 @@ typedef struct role_allow_rule {
+@@ -247,6 +257,15 @@ typedef struct role_allow_rule {
 	struct role_allow_rule *next;
 } role_allow_rule_t;
@ -34,7 +35,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
 typedef struct range_trans_rule {
 	type_set_t stypes;
 	type_set_t ttypes;
-@@ -374,6 +393,9 @@ typedef struct avrule_decl {
+@@ -376,6 +395,9 @@ typedef struct avrule_decl {
 	scope_index_t required;	/* symbols needed to activate this block */
 	scope_index_t declared;	/* symbols declared within this block */
@ -44,7 +45,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
 	/* for additive statements (type attribute, roles, and users) */
 	symtab_t symtab[SYM_NUM];
-@@ -484,6 +506,9 @@ typedef struct policydb {
+@@ -486,6 +508,9 @@ typedef struct policydb {
 	/* role transitions */
 	role_trans_t *role_tr;
@ -54,7 +55,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
 	/* role allows */
 	role_allow_t *role_allow;
-@@ -562,6 +587,8 @@ extern void avrule_destroy(avrule_t * x)
+@@ -564,6 +589,8 @@ extern void avrule_destroy(avrule_t * x);
 extern void avrule_list_destroy(avrule_t * x);
 extern void role_trans_rule_init(role_trans_rule_t * x);
 extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
@ -63,35 +64,36 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
 extern void role_datum_init(role_datum_t * x);
 extern void role_datum_destroy(role_datum_t * x);
-@@ -630,10 +657,11 @@ extern int policydb_set_target_platform(
+@@ -633,10 +660,11 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
 #define POLICYDB_VERSION_POLCAP		22
 #define POLICYDB_VERSION_PERMISSIVE	23
 #define POLICYDB_VERSION_BOUNDARY	24
-+#define POLICYDB_VERSION_FILENAME_TRANS	25
+ #define POLICYDB_VERSION_ROLETRANS	26
 +#define POLICYDB_VERSION_FILENAME_TRANS	27
 /* Range of policy versions we understand*/
 #define POLICYDB_VERSION_MIN	POLICYDB_VERSION_BASE
-#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_BOUNDARY
+-#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_ROLETRANS
 +#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_FILENAME_TRANS
 /* Module versions and specific changes*/
 #define MOD_POLICYDB_VERSION_BASE		4
-@@ -645,9 +673,10 @@ extern int policydb_set_target_platform(
+@@ -649,9 +677,10 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
 #define MOD_POLICYDB_VERSION_PERMISSIVE		8
 #define MOD_POLICYDB_VERSION_BOUNDARY		9
 #define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS	10
-+#define MOD_POLICYDB_VERSION_FILENAME_TRANS	11
+ #define MOD_POLICYDB_VERSION_ROLETRANS		12
 +#define MOD_POLICYDB_VERSION_FILENAME_TRANS	13
 #define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_BOUNDARY_ALIAS
+-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_ROLETRANS
 +#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_FILENAME_TRANS
 #define POLICYDB_CONFIG_MLS    1
-diff -up libsepol-2.0.42/src/avrule_block.c.eparis libsepol-2.0.42/src/avrule_block.c
+diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
--- libsepol-2.0.42/src/avrule_block.c.eparis	2010-12-21 16:41:58.000000000 -0500
+index 8d1f8f6..16c89f3 100644
-+++ libsepol-2.0.42/src/avrule_block.c	2011-03-23 12:15:48.241980087 -0400
+--- a/libsepol/src/avrule_block.c
-@@ -98,6 +98,7 @@ void avrule_decl_destroy(avrule_decl_t *
+++ b/libsepol/src/avrule_block.c
@@ -98,6 +98,7 @@ void avrule_decl_destroy(avrule_decl_t * x)
 	cond_list_destroy(x->cond_list);
 	avrule_list_destroy(x->avrules);
 	role_trans_rule_list_destroy(x->role_tr_rules);
@ -99,10 +101,11 @@ diff -up libsepol-2.0.42/src/avrule_block.c.eparis libsepol-2.0.42/src/avrule_bl
 	role_allow_rule_list_destroy(x->role_allow_rules);
 	range_trans_rule_list_destroy(x->range_tr_rules);
 	scope_index_destroy(&x->required);
-diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
+diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
--- libsepol-2.0.42/src/expand.c.eparis	2010-12-21 16:41:58.000000000 -0500
+index 8539f88..b1af365 100644
-+++ libsepol-2.0.42/src/expand.c	2011-03-23 12:15:48.242980223 -0400
+--- a/libsepol/src/expand.c
-@@ -1231,6 +1231,101 @@ static int copy_role_trans(expand_state_
+++ b/libsepol/src/expand.c
@@ -1237,6 +1237,101 @@ static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
 	return 0;
 }
@ -204,7 +207,7 @@ diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
 static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass,
 			      mls_semantic_range_t * trange,
 			      expand_state_t * state)
-@@ -2374,6 +2469,9 @@ static int copy_and_expand_avrule_block(
+@@ -2380,6 +2475,9 @@ static int copy_and_expand_avrule_block(expand_state_t * state)
 			goto cleanup;
 		}
@ -214,10 +217,11 @@ diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
 		/* expand the range transition rules */
 		if (expand_range_trans(state, decl->range_tr_rules))
 			goto cleanup;
-diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
+diff --git a/libsepol/src/link.c b/libsepol/src/link.c
--- libsepol-2.0.42/src/link.c.eparis	2010-12-21 16:41:58.000000000 -0500
+index e33db0f..23dbb1b 100644
-+++ libsepol-2.0.42/src/link.c	2011-03-23 12:15:48.243980361 -0400
+--- a/libsepol/src/link.c
-@@ -1326,6 +1326,50 @@ static int copy_role_allow_list(role_all
+++ b/libsepol/src/link.c
@@ -1340,6 +1340,50 @@ static int copy_role_allow_list(role_allow_rule_t * list,
 	return -1;
 }
@ -268,7 +272,7 @@ diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
 static int copy_range_trans_list(range_trans_rule_t * rules,
 				 range_trans_rule_t ** dst,
 				 policy_module_t * mod, link_state_t * state)
-@@ -1568,6 +1612,11 @@ static int copy_avrule_decl(link_state_t
+@@ -1582,6 +1626,11 @@ static int copy_avrule_decl(link_state_t * state, policy_module_t * module,
 		return -1;
 	}
@ -280,10 +284,11 @@ diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
 	if (copy_range_trans_list(src_decl->range_tr_rules,
 				  &dest_decl->range_tr_rules, module, state))
 		return -1;
-diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
+diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
--- libsepol-2.0.42/src/policydb.c.eparis	2010-12-21 16:41:58.000000000 -0500
+index bbf3c88..d7be9fc 100644
-+++ libsepol-2.0.42/src/policydb.c	2011-03-23 12:15:48.244980498 -0400
+--- a/libsepol/src/policydb.c
-@@ -136,6 +136,13 @@ static struct policydb_compat_info polic
+++ b/libsepol/src/policydb.c
@@ -143,6 +143,13 @@ static struct policydb_compat_info policydb_compat[] = {
 	 .ocon_num = OCON_NODE6 + 1,
 	 .target_platform = SEPOL_TARGET_SELINUX,
 	},
@ -297,7 +302,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 	{
 	 .type = POLICY_BASE,
 	 .version = MOD_POLICYDB_VERSION_BASE,
-@@ -186,6 +193,13 @@ static struct policydb_compat_info polic
+@@ -200,6 +207,13 @@ static struct policydb_compat_info policydb_compat[] = {
 	 .target_platform = SEPOL_TARGET_SELINUX,
 	},
 	{
@ -311,7 +316,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 	 .type = POLICY_MOD,
 	 .version = MOD_POLICYDB_VERSION_BASE,
 	 .sym_num = SYM_NUM,
-@@ -234,6 +248,13 @@ static struct policydb_compat_info polic
+@@ -255,6 +269,13 @@ static struct policydb_compat_info policydb_compat[] = {
 	 .ocon_num = 0,
 	 .target_platform = SEPOL_TARGET_SELINUX,
 	},
@ -325,7 +330,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 };
 #if 0
-@@ -433,6 +454,33 @@ void role_trans_rule_list_destroy(role_t
+@@ -456,6 +477,33 @@ void role_trans_rule_list_destroy(role_trans_rule_t * x)
 	}
 }
@ -359,7 +364,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 void role_allow_rule_init(role_allow_rule_t * x)
 {
 	memset(x, 0, sizeof(role_allow_rule_t));
-@@ -1112,6 +1160,7 @@ void policydb_destroy(policydb_t * p)
+@@ -1135,6 +1183,7 @@ void policydb_destroy(policydb_t * p)
 	role_allow_t *ra, *lra = NULL;
 	role_trans_t *tr, *ltr = NULL;
 	range_trans_t *rt, *lrt = NULL;
@ -367,7 +372,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 	if (!p)
 		return;
-@@ -1177,6 +1226,14 @@ void policydb_destroy(policydb_t * p)
+@@ -1200,6 +1249,14 @@ void policydb_destroy(policydb_t * p)
 	if (ltr)
 		free(ltr);
@ -382,7 +387,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 	for (ra = p->role_allow; ra; ra = ra->next) {
 		if (lra)
 			free(lra);
-@@ -2168,6 +2225,55 @@ int role_allow_read(role_allow_t ** r, s
+@@ -2201,6 +2258,55 @@ int role_allow_read(role_allow_t ** r, struct policy_file *fp)
 	return 0;
 }
@ -438,7 +443,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 static int ocontext_read_xen(struct policydb_compat_info *info,
 	policydb_t *p, struct policy_file *fp)
 {
-@@ -2971,6 +3077,62 @@ static int role_allow_rule_read(role_all
+@@ -3007,6 +3113,62 @@ static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
 	return 0;
 }
@ -501,7 +506,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 static int range_trans_rule_read(range_trans_rule_t ** r,
 				 struct policy_file *fp)
 {
-@@ -3064,6 +3226,11 @@ static int avrule_decl_read(policydb_t *
+@@ -3100,6 +3262,11 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
 	    role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
 		return -1;
 	}
@ -513,7 +518,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
 	    range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
 		return -1;
-@@ -3455,6 +3622,9 @@ int policydb_read(policydb_t * p, struct
+@@ -3491,6 +3658,9 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
 			goto bad;
 		if (role_allow_read(&p->role_allow, fp))
 			goto bad;
@ -523,10 +528,11 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
 	} else {
 		/* first read the AV rule blocks, then the scope tables */
 		avrule_block_destroy(p->global);
-diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
+diff --git a/libsepol/src/write.c b/libsepol/src/write.c
--- libsepol-2.0.42/src/write.c.eparis	2010-12-21 16:41:58.000000000 -0500
+index f9d59b6..c4f5035 100644
-+++ libsepol-2.0.42/src/write.c	2011-03-23 12:15:48.245980639 -0400
+--- a/libsepol/src/write.c
-@@ -510,6 +510,42 @@ static int role_allow_write(role_allow_t
+++ b/libsepol/src/write.c
@@ -528,6 +528,42 @@ static int role_allow_write(role_allow_t * r, struct policy_file *fp)
 	return POLICYDB_SUCCESS;
 }
@ -569,7 +575,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
 static int role_set_write(role_set_t * x, struct policy_file *fp)
 {
 	size_t items;
-@@ -1476,6 +1512,47 @@ static int role_allow_rule_write(role_al
+@@ -1496,6 +1532,47 @@ static int role_allow_rule_write(role_allow_rule_t * r, struct policy_file *fp)
 	return POLICYDB_SUCCESS;
 }
@ -617,7 +623,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
 static int range_trans_rule_write(range_trans_rule_t * t,
 				  struct policy_file *fp)
 {
-@@ -1543,6 +1620,11 @@ static int avrule_decl_write(avrule_decl
+@@ -1563,6 +1640,11 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
 	    role_allow_rule_write(decl->role_allow_rules, fp) == -1) {
 		return POLICYDB_ERROR;
 	}
@ -629,7 +635,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
 	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
 	    range_trans_rule_write(decl->range_tr_rules, fp) == -1) {
 		return POLICYDB_ERROR;
-@@ -1819,6 +1901,9 @@ int policydb_write(policydb_t * p, struc
+@@ -1839,6 +1921,9 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
 			return POLICYDB_ERROR;
 		if (role_allow_write(p->role_allow, fp))
 			return POLICYDB_ERROR;
@ -639,6 +645,3 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
 	} else {
 		if (avrule_block_write(p->global, num_syms, p, fp) == -1) {
 			return POLICYDB_ERROR;
--- a/libsepol.spec
+++ b/libsepol.spec
@ -1,10 +1,11 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsepol
 Version: 2.0.43
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
 Patch: libsepol-rhat.patch	
 URL: http://www.selinuxproject.org
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -45,6 +46,7 @@ needed for developing applications that manipulate binary policies.
 %prep
 %setup -q
 %patch -p2 -b .rhat
 # sparc64 is an -fPIC arch, so we need to fix it here
 %ifarch sparc64
 sed -i 's/fpic/fPIC/g' src/Makefile
@ -97,14 +99,12 @@ exit 0
 /%{_lib}/libsepol.so.1
 %changelog
 * Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-2
 - re-add Erics patch for filename transitions
 * Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
-	* Give correct names to mount points in load_policy by Dan Walsh.
+-Update to upstream
-	* Make sure selinux state is reported correctly if selinux is disabled or
+	* Add new class field in role_transition by Harry Ciao.
 	fails to load by Dan Walsh.
 	* Fix crash if selinux_key_create was never called by Dan Walsh.
 	* Add new file_context.subs_dist for distro specific filecon substitutions
 	by Dan Walsh.
 	* Update man pages for selinux_color_* functions by Richard Haines.
 * Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
 - Apply Eparis Patch
@ -115,7 +115,6 @@ the number of rules grows to an significant size I will likely choose to
 store these in a hash, both in libsepol and in the kernel.  But as long
 as the number of such rules stays small, this should be good.
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.42-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild