re-add Erics patch for filename transitions

Update to upstream
	* Add new class field in role_transition by Harry Ciao.

libsepol-rhat.patch

@@ -276,7 +276,7 @@ index e33db0f..23dbb1b 100644
  				  &dest_decl->range_tr_rules, module, state))
  		return -1;
 diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
-index bbf3c88..d7be9fc 100644
+index bbf3c88..096b556 100644
 --- a/libsepol/src/policydb.c
 +++ b/libsepol/src/policydb.c
 @@ -143,6 +143,13 @@ static struct policydb_compat_info policydb_compat[] = {
@@ -434,7 +434,29 @@ index bbf3c88..d7be9fc 100644
  static int ocontext_read_xen(struct policydb_compat_info *info,
  	policydb_t *p, struct policy_file *fp)
  {
-@@ -3007,6 +3113,62 @@ static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
+@@ -2927,7 +3033,8 @@ int avrule_read_list(policydb_t * p, avrule_t ** avrules,
+ 	return 0;
+ }
+ 
+-static int role_trans_rule_read(role_trans_rule_t ** r, struct policy_file *fp)
++static int role_trans_rule_read(policydb_t *p, role_trans_rule_t ** r,
++				struct policy_file *fp)
+ {
+ 	uint32_t buf[1], nel;
+ 	unsigned int i;
+@@ -2958,8 +3065,9 @@ static int role_trans_rule_read(role_trans_rule_t ** r, struct policy_file *fp)
+ 		if (type_set_read(&tr->types, fp))
+ 			return -1;
+ 
+-		if (ebitmap_read(&tr->classes, fp))
+-			return -1;
++		if (p->policyvers >= MOD_POLICYDB_VERSION_ROLETRANS)
++			if (ebitmap_read(&tr->classes, fp))
++				return -1;
+ 
+ 		rc = next_entry(buf, fp, sizeof(uint32_t));
+ 		if (rc < 0)
+@@ -3007,6 +3115,62 @@ static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
  	return 0;
  }
  
@@ -497,7 +519,12 @@ index bbf3c88..d7be9fc 100644
  static int range_trans_rule_read(range_trans_rule_t ** r,
  				 struct policy_file *fp)
  {
-@@ -3100,6 +3262,11 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
+@@ -3096,10 +3260,15 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
+ 	decl->enabled = le32_to_cpu(buf[1]);
+ 	if (cond_read_list(p, &decl->cond_list, fp) == -1 ||
+ 	    avrule_read_list(p, &decl->avrules, fp) == -1 ||
+-	    role_trans_rule_read(&decl->role_tr_rules, fp) == -1 ||
++	    role_trans_rule_read(p, &decl->role_tr_rules, fp) == -1 ||
  	    role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
  		return -1;
  	}
@@ -509,7 +536,7 @@ index bbf3c88..d7be9fc 100644
  	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
  	    range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
  		return -1;
-@@ -3491,6 +3658,9 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
+@@ -3491,6 +3660,9 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
  			goto bad;
  		if (role_allow_read(&p->role_allow, fp))
  			goto bad;
@@ -520,7 +547,7 @@ index bbf3c88..d7be9fc 100644
  		/* first read the AV rule blocks, then the scope tables */
  		avrule_block_destroy(p->global);
 diff --git a/libsepol/src/write.c b/libsepol/src/write.c
-index f9d59b6..c4f5035 100644
+index f9d59b6..9b70e3c 100644
 --- a/libsepol/src/write.c
 +++ b/libsepol/src/write.c
 @@ -528,6 +528,42 @@ static int role_allow_write(role_allow_t * r, struct policy_file *fp)
@@ -566,7 +593,29 @@ index f9d59b6..c4f5035 100644
  static int role_set_write(role_set_t * x, struct policy_file *fp)
  {
  	size_t items;
-@@ -1496,6 +1532,47 @@ static int role_allow_rule_write(role_allow_rule_t * r, struct policy_file *fp)
+@@ -1446,7 +1482,8 @@ static int avrule_write_list(avrule_t * avrules, struct policy_file *fp)
+ 	return POLICYDB_SUCCESS;
+ }
+ 
+-static int role_trans_rule_write(role_trans_rule_t * t, struct policy_file *fp)
++static int role_trans_rule_write(policydb_t *p, role_trans_rule_t * t,
++				 struct policy_file *fp)
+ {
+ 	int nel = 0;
+ 	size_t items;
+@@ -1464,8 +1501,9 @@ static int role_trans_rule_write(role_trans_rule_t * t, struct policy_file *fp)
+ 			return POLICYDB_ERROR;
+ 		if (type_set_write(&tr->types, fp))
+ 			return POLICYDB_ERROR;
+-		if (ebitmap_write(&tr->classes, fp))
+-			return POLICYDB_ERROR;
++		if (p->policyvers >= MOD_POLICYDB_VERSION_FILENAME_TRANS)
++			if (ebitmap_write(&tr->classes, fp))
++				return POLICYDB_ERROR;
+ 		buf[0] = cpu_to_le32(tr->new_role);
+ 		items = put_entry(buf, sizeof(uint32_t), 1, fp);
+ 		if (items != 1)
+@@ -1496,6 +1534,47 @@ static int role_allow_rule_write(role_allow_rule_t * r, struct policy_file *fp)
  	return POLICYDB_SUCCESS;
  }
  
@@ -614,7 +663,12 @@ index f9d59b6..c4f5035 100644
  static int range_trans_rule_write(range_trans_rule_t * t,
  				  struct policy_file *fp)
  {
-@@ -1563,6 +1640,11 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
+@@ -1559,10 +1638,15 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
+ 	}
+ 	if (cond_write_list(p, decl->cond_list, fp) == -1 ||
+ 	    avrule_write_list(decl->avrules, fp) == -1 ||
+-	    role_trans_rule_write(decl->role_tr_rules, fp) == -1 ||
++	    role_trans_rule_write(p, decl->role_tr_rules, fp) == -1 ||
  	    role_allow_rule_write(decl->role_allow_rules, fp) == -1) {
  		return POLICYDB_ERROR;
  	}
@@ -626,7 +680,7 @@ index f9d59b6..c4f5035 100644
  	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
  	    range_trans_rule_write(decl->range_tr_rules, fp) == -1) {
  		return POLICYDB_ERROR;
-@@ -1839,6 +1921,9 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
+@@ -1839,6 +1923,9 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
  			return POLICYDB_ERROR;
  		if (role_allow_write(p->role_allow, fp))
  			return POLICYDB_ERROR;