SETools 4.2.2 release

Changes since 4.2.1:
- Remove source policy references from man pages, as loading source policies
  is no longer supported.
- Fix a performance regression in alias loading after alias dereferencing
  fixes in 4.2.1

.gitignore

@@ -3,3 +3,8 @@ setools-3.3.8.tar.bz2
 setools-3.3.8-f1e5b20.tar.bz2
 /4.1.0.tar.gz
 /4.1.1.tar.gz
+/4.2.0-beta.tar.gz
+/4.2.0-rc.tar.gz
+/4.2.0.tar.gz
+/4.2.1.tar.gz
+/4.2.2.tar.gz

0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch

@@ -0,0 +1,479 @@
+From 2fad2d1b1df43ea0d85e25e2ebad88ad02997d7c Mon Sep 17 00:00:00 2001
+From: Chris PeBenito <pebenito@ieee.org>
+Date: Mon, 29 Apr 2019 07:57:16 -0400
+Subject: [PATCH 1/3] SELinuxPolicy: Create a map of aliases on policy load.
+
+Addresses a performance regression after the alias fixes in #17.
+
+Closes #20
+---
+ setools/policyrep/mls.pxi           | 138 +---------------------------
+ setools/policyrep/selinuxpolicy.pxi | 107 +++++++++++++++++----
+ setools/policyrep/typeattr.pxi      |  70 +-------------
+ 3 files changed, 95 insertions(+), 220 deletions(-)
+
+diff --git a/setools/policyrep/mls.pxi b/setools/policyrep/mls.pxi
+index c40d032..30464b7 100644
+--- a/setools/policyrep/mls.pxi
++++ b/setools/policyrep/mls.pxi
+@@ -1,5 +1,5 @@
+ # Copyright 2014-2016, Tresys Technology, LLC
+-# Copyright 2017-2018, Chris PeBenito <pebenito@ieee.org>
++# Copyright 2017-2019, Chris PeBenito <pebenito@ieee.org>
+ #
+ # This file is part of SETools.
+ #
+@@ -65,6 +65,7 @@ cdef class Category(PolicySymbol):
+             c.key = <uintptr_t>symbol
+             c.name = policy.category_value_to_name(symbol.s.value - 1)
+             c._value = symbol.s.value
++            c._aliases = policy.category_alias_map[symbol.s.value]
+             _cat_cache[policy][<uintptr_t>symbol] = c
+             return c
+ 
+@@ -75,14 +76,8 @@ cdef class Category(PolicySymbol):
+         # Comparison based on their index instead of their names.
+         return self._value < other._value
+ 
+-    cdef inline void _load_aliases(self):
+-        """Helper method to load aliases."""
+-        if self._aliases is None:
+-            self._aliases = list(self.policy.category_aliases(self))
+-
+     def aliases(self):
+         """Generator that yields all aliases for this category."""
+-        self._load_aliases()
+         return iter(self._aliases)
+ 
+     def statement(self):
+@@ -90,7 +85,6 @@ cdef class Category(PolicySymbol):
+             str stmt
+             size_t count
+ 
+-        self._load_aliases()
+         count = len(self._aliases)
+ 
+         stmt = "category {0}".format(self.name)
+@@ -127,6 +121,7 @@ cdef class Sensitivity(PolicySymbol):
+             s.key = <uintptr_t>symbol
+             s.name = policy.level_value_to_name(symbol.level.sens - 1)
+             s._value = symbol.level.sens
++            s._aliases = policy.sensitivity_alias_map[symbol.level.sens]
+             return s
+ 
+     def __hash__(self):
+@@ -144,14 +139,8 @@ cdef class Sensitivity(PolicySymbol):
+     def __lt__(self, other):
+         return self._value < other._value
+ 
+-    cdef inline void _load_aliases(self):
+-        """Helper method to load aliases."""
+-        if self._aliases is None:
+-            self._aliases = list(self.policy.sensitivity_aliases(self))
+-
+     def aliases(self):
+         """Generator that yields all aliases for this sensitivity."""
+-        self._load_aliases()
+         return iter(self._aliases)
+ 
+     def level_decl(self):
+@@ -167,7 +156,6 @@ cdef class Sensitivity(PolicySymbol):
+             str stmt
+             size_t count
+ 
+-        self._load_aliases()
+         count = len(self._aliases)
+ 
+         stmt = "sensitivity {0}".format(self.name)
+@@ -540,66 +528,6 @@ cdef class CategoryHashtabIterator(HashtabIterator):
+             datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
+ 
+ 
+-cdef class CategoryAliasHashtabIterator(HashtabIterator):
+-
+-    """Iterate over category aliases in the policy."""
+-
+-    cdef uint32_t primary
+-
+-    @staticmethod
+-    cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Category primary):
+-        """Factory function for creating category alias iterators."""
+-        i = CategoryAliasHashtabIterator()
+-        i.policy = policy
+-        i.table = table
+-        i.primary = primary._value
+-        i.reset()
+-        return i
+-
+-    def __next__(self):
+-        super().__next__()
+-        datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        while datum != NULL and (not datum.isalias or datum.s.value != self.primary):
+-            super().__next__()
+-            datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        return intern(self.curr.key)
+-
+-    def __len__(self):
+-        cdef sepol.cat_datum_t *datum
+-        cdef sepol.hashtab_node_t *node
+-        cdef uint32_t bucket = 0
+-        cdef size_t count = 0
+-
+-        while bucket < self.table[0].size:
+-            node = self.table[0].htable[bucket]
+-            while node != NULL:
+-                datum = <sepol.cat_datum_t *>node.datum if node else NULL
+-                if datum != NULL and self.primary == datum.s.value and datum.isalias:
+-                    count += 1
+-
+-                node = node.next
+-
+-            bucket += 1
+-
+-        return count
+-
+-    def reset(self):
+-        super().reset()
+-
+-        cdef sepol.cat_datum_t *datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
+-
+-        # advance over any attributes or aliases
+-        while datum != NULL and (not datum.isalias and self.primary != datum.s.value):
+-            self._next_node()
+-
+-            if self.node == NULL or self.bucket >= self.table[0].size:
+-                break
+-
+-            datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
+-
+-
+ cdef class SensitivityHashtabIterator(HashtabIterator):
+ 
+     """Iterate over sensitivity in the policy."""
+@@ -657,66 +585,6 @@ cdef class SensitivityHashtabIterator(HashtabIterator):
+             datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
+ 
+ 
+-cdef class SensitivityAliasHashtabIterator(HashtabIterator):
+-
+-    """Iterate over sensitivity aliases in the policy."""
+-
+-    cdef uint32_t primary
+-
+-    @staticmethod
+-    cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Sensitivity primary):
+-        """Factory function for creating Sensitivity alias iterators."""
+-        i = SensitivityAliasHashtabIterator()
+-        i.policy = policy
+-        i.table = table
+-        i.primary = primary._value
+-        i.reset()
+-        return i
+-
+-    def __next__(self):
+-        super().__next__()
+-        datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        while datum != NULL and (not datum.isalias or datum.level.sens != self.primary):
+-            super().__next__()
+-            datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        return intern(self.curr.key)
+-
+-    def __len__(self):
+-        cdef sepol.level_datum_t *datum
+-        cdef sepol.hashtab_node_t *node
+-        cdef uint32_t bucket = 0
+-        cdef size_t count = 0
+-
+-        while bucket < self.table[0].size:
+-            node = self.table[0].htable[bucket]
+-            while node != NULL:
+-                datum = <sepol.level_datum_t *>node.datum if node else NULL
+-                if datum != NULL and self.primary == datum.level.sens and datum.isalias:
+-                    count += 1
+-
+-                node = node.next
+-
+-            bucket += 1
+-
+-        return count
+-
+-    def reset(self):
+-        super().reset()
+-
+-        cdef sepol.level_datum_t *datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
+-
+-        # advance over any attributes or aliases
+-        while datum != NULL and (not datum.isalias and self.primary != datum.level.sens):
+-            self._next_node()
+-
+-            if self.node == NULL or self.bucket >= self.table[0].size:
+-                break
+-
+-            datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
+-
+-
+ cdef class LevelDeclHashtabIterator(HashtabIterator):
+ 
+     """Iterate over level declarations in the policy."""
+diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi
+index 1a3eb5c..1541549 100644
+--- a/setools/policyrep/selinuxpolicy.pxi
++++ b/setools/policyrep/selinuxpolicy.pxi
+@@ -46,6 +46,9 @@ cdef class SELinuxPolicy:
+         object log
+         object constraint_counts
+         object terule_counts
++        dict type_alias_map
++        dict category_alias_map
++        dict sensitivity_alias_map
+         object __weakref__
+ 
+         # Public attributes:
+@@ -598,12 +601,6 @@ cdef class SELinuxPolicy:
+         """Return the category datum for the specified category value."""
+         return self.cat_val_to_struct[value]
+ 
+-    cdef inline category_aliases(self, Category primary):
+-        """Return an interator for the aliases for the specified category."""
+-        return CategoryAliasHashtabIterator.factory(self,
+-                                                    &self.handle.p.symtab[sepol.SYM_CATS].table,
+-                                                    primary)
+-
+     cdef inline str category_value_to_name(self, size_t value):
+         """Return the name of the category by its value."""
+         return intern(self.handle.p.sym_val_to_name[sepol.SYM_CATS][value])
+@@ -636,17 +633,6 @@ cdef class SELinuxPolicy:
+         """Return the name of the role by its value."""
+         return intern(self.handle.p.sym_val_to_name[sepol.SYM_ROLES][value])
+ 
+-    cdef inline sensitivity_aliases(self, Sensitivity primary):
+-        """Return an interator for the aliases for the specified sensitivity."""
+-        return SensitivityAliasHashtabIterator.factory(self,
+-            &self.handle.p.symtab[sepol.SYM_LEVELS].table, primary)
+-
+-    cdef inline type_aliases(self, Type primary):
+-        """Return an iterator for the aliases for the specified type."""
+-        return TypeAliasHashtabIterator.factory(self,
+-                                                &self.handle.p.symtab[sepol.SYM_TYPES].table,
+-                                                primary)
+-
+     cdef inline sepol.type_datum_t* type_value_to_datum(self, size_t value):
+         """Return the type datum for the specified type value."""
+         return self.handle.p.type_val_to_struct[value]
+@@ -725,6 +711,15 @@ cdef class SELinuxPolicy:
+         if self.mls:
+             self._create_mls_val_to_struct()
+ 
++        #
++        # Create value to alias mappings
++        #
++        self._load_type_aliases()
++
++        if self.mls:
++            self._load_sensitivity_aliases()
++            self._load_category_aliases()
++
+         self.log.info("Successfully opened SELinux policy \"{0}\"".format(filename))
+         self.path = filename
+ 
+@@ -846,6 +841,84 @@ cdef class SELinuxPolicy:
+ 
+             bucket += 1
+ 
++    cdef _load_category_aliases(self):
++        """Build map of aliases to categories"""
++        cdef:
++            sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_CATS].table
++            sepol.cat_datum_t *datum
++            sepol.hashtab_node_t *node
++            uint32_t bucket = 0
++            list entry
++
++        self.category_alias_map = dict()
++
++        while bucket < table[0].size:
++            node = table[0].htable[bucket]
++            while node != NULL:
++                datum = <sepol.cat_datum_t *>node.datum if node else NULL
++                if datum == NULL:
++                    continue
++
++                entry = self.category_alias_map.setdefault(datum.s.value, list())
++                if datum.isalias:
++                    entry.append(intern(node.key))
++
++                node = node.next
++
++            bucket += 1
++
++    cdef _load_sensitivity_aliases(self):
++        """Build map of aliases to sensitivities"""
++        cdef:
++            sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_LEVELS].table
++            sepol.level_datum_t *datum
++            sepol.hashtab_node_t *node
++            uint32_t bucket = 0
++            list entry
++
++        self.sensitivity_alias_map = dict()
++
++        while bucket < table[0].size:
++            node = table[0].htable[bucket]
++            while node != NULL:
++                datum = <sepol.level_datum_t *>node.datum if node else NULL
++                if datum == NULL:
++                    continue
++
++                entry = self.sensitivity_alias_map.setdefault(datum.level.sens, list())
++                if datum.isalias:
++                    entry.append(intern(node.key))
++
++                node = node.next
++
++            bucket += 1
++
++    cdef _load_type_aliases(self):
++        """Build map of aliases to types"""
++        cdef:
++            sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_TYPES].table
++            sepol.type_datum_t *datum
++            sepol.hashtab_node_t *node
++            uint32_t bucket = 0
++            list entry
++
++        self.type_alias_map = dict()
++
++        while bucket < table[0].size:
++            node = table[0].htable[bucket]
++            while node != NULL:
++                datum = <sepol.type_datum_t *>node.datum if node else NULL
++                if datum == NULL:
++                    continue
++
++                entry = self.type_alias_map.setdefault(datum.s.value, list())
++                if type_is_alias(datum):
++                    entry.append(intern(node.key))
++
++                node = node.next
++
++            bucket += 1
++
+     cdef _rebuild_attrs_from_map(self):
+         """
+         Rebuilds data for the attributes and inserts them into the policydb.
+diff --git a/setools/policyrep/typeattr.pxi b/setools/policyrep/typeattr.pxi
+index d989ca9..1d8901e 100644
+--- a/setools/policyrep/typeattr.pxi
++++ b/setools/policyrep/typeattr.pxi
+@@ -1,5 +1,5 @@
+ # Copyright 2014, Tresys Technology, LLC
+-# Copyright 2017-2018, Chris PeBenito <pebenito@ieee.org>
++# Copyright 2017-2019, Chris PeBenito <pebenito@ieee.org>
+ #
+ # This file is part of SETools.
+ #
+@@ -86,13 +86,9 @@ cdef class Type(BaseType):
+             t.value = symbol.s.value
+             t.name = policy.type_value_to_name(symbol.s.value - 1)
+             t.ispermissive = <bint>symbol.flags & sepol.TYPE_FLAGS_PERMISSIVE
++            t._aliases = policy.type_alias_map[symbol.s.value]
+             return t
+ 
+-    cdef inline void _load_aliases(self):
+-        """Helper method to load aliases."""
+-        if self._aliases is None:
+-            self._aliases = list(self.policy.type_aliases(self))
+-
+     cdef inline void _load_attributes(self):
+         """Helper method to load attributes."""
+         cdef sepol.type_datum_t *symbol = <sepol.type_datum_t *>self.key
+@@ -110,7 +106,6 @@ cdef class Type(BaseType):
+ 
+     def aliases(self):
+         """Generator that yields all aliases for this type."""
+-        self._load_aliases()
+         return iter(self._aliases)
+ 
+     def statement(self):
+@@ -119,7 +114,6 @@ cdef class Type(BaseType):
+             str stmt
+ 
+         self._load_attributes()
+-        self._load_aliases()
+         count = len(self._aliases)
+ 
+         stmt = "type {0}".format(self.name)
+@@ -297,66 +291,6 @@ cdef class TypeAttributeHashtabIterator(HashtabIterator):
+             self._next_node()
+ 
+ 
+-cdef class TypeAliasHashtabIterator(HashtabIterator):
+-
+-    """Iterate over type aliases in the policy."""
+-
+-    cdef uint32_t primary
+-
+-    @staticmethod
+-    cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Type primary):
+-        """Factory function for creating type alias iterators."""
+-        i = TypeAliasHashtabIterator()
+-        i.policy = policy
+-        i.table = table
+-        i.primary = primary.value
+-        i.reset()
+-        return i
+-
+-    def __next__(self):
+-        super().__next__()
+-        datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        while datum != NULL and (not type_is_alias(datum) or datum.s.value != self.primary):
+-            super().__next__()
+-            datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        return intern(self.curr.key)
+-
+-    def __len__(self):
+-        cdef sepol.type_datum_t *datum
+-        cdef sepol.hashtab_node_t *node
+-        cdef uint32_t bucket = 0
+-        cdef size_t count = 0
+-
+-        while bucket < self.table[0].size:
+-            node = self.table[0].htable[bucket]
+-            while node != NULL:
+-                datum = <sepol.type_datum_t *>node.datum if node else NULL
+-                if datum != NULL and self.primary == datum.s.value and type_is_alias(datum):
+-                    count += 1
+-
+-                node = node.next
+-
+-            bucket += 1
+-
+-        return count
+-
+-    def reset(self):
+-        super().reset()
+-
+-        cdef sepol.type_datum_t *datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL
+-
+-        # advance over any attributes or aliases
+-        while datum != NULL and (not type_is_alias(datum) and self.primary != datum.s.value):
+-            self._next_node()
+-
+-            if self.node == NULL or self.bucket >= self.table[0].size:
+-                break
+-
+-            datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL
+-
+-
+ #
+ # Ebitmap Iterator Classes
+ #
+-- 
+2.17.2
+

0003-bswap_-macros-are-defined-in-byteswap.h.patch

@@ -1,26 +0,0 @@
-From 2ac588919dd96d3d624e6ec20c67d1d91386e879 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Thu, 10 Aug 2017 08:23:47 +0200
-Subject: [PATCH] bswap_* macros are defined in byteswap.h
-
-Fixes ImportError on s390x:
-/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
----
- libqpol/policy.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/libqpol/policy.c b/libqpol/policy.c
-index ae3acb5..e412be0 100644
---- a/libqpol/policy.c
-+++ b/libqpol/policy.c
-@@ -28,6 +28,7 @@
- 
- #include "qpol_internal.h"
- #include <assert.h>
-+#include <byteswap.h>
- #include <errno.h>
- #include <fcntl.h>
- #include <limits.h>
--- 
-2.13.3
-

0004-Add-support-for-SCTP-protocol.patch

@@ -1,131 +0,0 @@
-From 3ef6369a22691e8e11cbf63f37b114941b3577a1 Mon Sep 17 00:00:00 2001
-From: Vit Mojzis <vmojzis@redhat.com>
-Date: Mon, 16 Apr 2018 20:46:20 +0200
-Subject: [PATCH] Add support for SCTP protocol
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1568333
-
-Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
----
- libqpol/include/qpol/linux_types.h |  1 +
- libqpol/policy_define.c            |  5 +++++
- setools/perm_map                   | 30 ++++++++++++++++++++++++++++++
- setools/policyrep/netcontext.py    |  5 +++++
- 4 files changed, 41 insertions(+)
-
-diff --git a/libqpol/include/qpol/linux_types.h b/libqpol/include/qpol/linux_types.h
-index c3c056b..0985162 100644
---- a/libqpol/include/qpol/linux_types.h
-+++ b/libqpol/include/qpol/linux_types.h
-@@ -12,6 +12,7 @@ typedef uint16_t __u16;
- #define s6_addr32	__u6_addr32
- 
- #define IPPROTO_DCCP 33
-+#define IPPROTO_SCTP 132
- #endif
- 
- #endif
-diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c
-index dcc69fc..1e623a3 100644
---- a/libqpol/policy_define.c
-+++ b/libqpol/policy_define.c
-@@ -44,6 +44,9 @@
- #ifndef IPPROTO_DCCP
- #define IPPROTO_DCCP 33
- #endif
-+#ifndef IPPROTO_SCTP
-+#define IPPROTO_SCTP 132
-+#endif
- #include <arpa/inet.h>
- #include <stdlib.h>
- #include <limits.h>
-@@ -4933,6 +4936,8 @@ int define_port_context(unsigned int low, unsigned int high)
- 		protocol = IPPROTO_UDP;
- 	} else if ((strcmp(id, "dccp") == 0) || (strcmp(id, "DCCP") == 0)) {
- 		protocol = IPPROTO_DCCP;
-+	} else if ((strcmp(id, "sctp") == 0) || (strcmp(id, "SCTP") == 0)) {
-+		protocol = IPPROTO_SCTP;
- 	} else {
- 		yyerror2("unrecognized protocol %s", id);
- 		goto bad;
-diff --git a/setools/perm_map b/setools/perm_map
-index 0a9f91c..25fae09 100644
---- a/setools/perm_map
-+++ b/setools/perm_map
-@@ -385,6 +385,8 @@ class node 11
-             udp_send         w        10
-            dccp_recv         r        10
-            dccp_send         w        10
-+           sctp_recv         r        10
-+           sctp_send         w        10
-         enforce_dest         n         1
-               sendto         w        10
-             recvfrom         r        10
-@@ -699,6 +701,32 @@ class dccp_socket 24
-            relabelto         w        10
-               listen         r         1
- 
-+class sctp_socket 24
-+           node_bind         n         1
-+        name_connect         w        10
-+              append         w        10
-+                bind         w         1
-+             connect         w         1
-+              create         w         1
-+               write         w        10
-+         relabelfrom         r        10
-+               ioctl         n         1
-+           name_bind         n         1
-+              sendto         w        10
-+            recv_msg         r        10
-+            send_msg         w        10
-+             getattr         r         7
-+             setattr         w         7
-+              accept         r         1
-+              getopt         r         1
-+                read         r        10
-+              setopt         w         1
-+            shutdown         w         1
-+            recvfrom         r        10
-+                lock         n         1
-+           relabelto         w        10
-+              listen         r         1
-+
- class netlink_firewall_socket 24
-          nlmsg_write         w        10
-           nlmsg_read         r        10
-@@ -984,6 +1012,8 @@ class netif 10
-             udp_send         w        10
-            dccp_recv         r        10
-            dccp_send         w        10
-+           sctp_recv         r        10
-+           sctp_send         w        10
- 
- class packet_socket 22
-               append         w        10
-diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py
-index c7076d2..2d890f3 100644
---- a/setools/policyrep/netcontext.py
-+++ b/setools/policyrep/netcontext.py
-@@ -38,6 +38,10 @@ try:
-     IPPROTO_DCCP = getprotobyname("dccp")
- except socket.error:
-     IPPROTO_DCCP = 33
-+try:
-+    IPPROTO_SCTP = getprotobyname("sctp")
-+except socket.error:
-+    IPPROTO_SCTP = 132
- 
- 
- def netifcon_factory(policy, name):
-@@ -196,6 +200,7 @@ class PortconProtocol(int, PolicyEnum):
-     tcp = IPPROTO_TCP
-     udp = IPPROTO_UDP
-     dccp = IPPROTO_DCCP
-+    sctp = IPPROTO_SCTP
- 
- 
- class Portcon(NetContext):
--- 
-2.14.3
-

1001-Do-not-use-Werror-during-build.patch

@@ -1,7 +1,7 @@
-From 617c3ae83c1c72ead627a57e1529724c62df807f Mon Sep 17 00:00:00 2001
+From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001
 From: rpm-build <rpm-build>
 Date: Thu, 23 Feb 2017 08:17:07 +0100
-Subject: [PATCH 1/2] Do not use -Werror during build
+Subject: [PATCH 2/3] Do not use -Werror during build
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
@@ -32,18 +32,18 @@ error: command 'gcc' failed with exit status 1
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/setup.py b/setup.py
-index 2ca44c9..9319bf6 100644
+index c94daf1..a7442ac 100644
 --- a/setup.py
 +++ b/setup.py
-@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
+@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
-                           'libqpol/policy_scan.c',
+                          libraries=['selinux', 'sepol'],
-                           'libqpol/xen_query.c'],
+                          library_dirs=lib_dirs,
-                          include_dirs=include_dirs,
+                          define_macros=macros,
 -                         extra_compile_args=['-Werror', '-Wextra',
 +                         extra_compile_args=['-Wextra',
                                               '-Waggregate-return',
                                               '-Wfloat-equal',
                                               '-Wformat', '-Wformat=2',
 -- 
-2.9.3
+2.17.2
 

1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch

@@ -1,7 +1,7 @@
-From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
+From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
+From: Vit Mojzis <vmojzis@redhat.com>
-Date: Thu, 23 Feb 2017 08:17:07 +0100
+Date: Fri, 26 Apr 2019 15:27:25 +0200
-Subject: [PATCH 2/2] Do not export/use setools.InfoFlowAnalysis and
+Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and
  setools.DomainTransitionAnalysis
 
 dta and infoflow modules require networkx which brings lot of dependencies.
@@ -12,28 +12,29 @@ Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
 setools.dta.DomainTransitionAnalysis and let the package containing
 sedta and seinfoflow to require python3-networkx
 ---
- sedta                       | 3 ++-
+ sedta                       | 4 ++--
- seinfoflow                  | 3 ++-
+ seinfoflow                  | 4 ++--
- setools/__init__.py         | 4 ++--
+ setools/__init__.py         | 4 ----
  setoolsgui/apol/dta.py      | 2 +-
  setoolsgui/apol/infoflow.py | 2 +-
- tests/dta.py                | 3 ++-
+ tests/dta.py                | 2 +-
- tests/infoflow.py           | 3 ++-
+ tests/infoflow.py           | 2 +-
- 7 files changed, 12 insertions(+), 8 deletions(-)
+ 7 files changed, 8 insertions(+), 12 deletions(-)
 
 diff --git a/sedta b/sedta
-index 1c76ebb..255ad49 100755
+index 60861ca..41e38a2 100755
 --- a/sedta
 +++ b/sedta
-@@ -23,6 +23,7 @@ import argparse
+@@ -22,7 +22,7 @@ import argparse
  import logging
+ import signal
  
- import setools
+-import setools
 +import setools.dta
  
  
  def print_transition(trans):
-@@ -111,7 +112,7 @@ else:
+@@ -114,7 +114,7 @@ else:
  
  try:
      p = setools.SELinuxPolicy(args.policy)
@@ -43,18 +44,19 @@ index 1c76ebb..255ad49 100755
      if args.shortest_path or args.all_paths:
          if args.shortest_path:
 diff --git a/seinfoflow b/seinfoflow
-index b287921..d53bdef 100755
+index 97b14ba..e7f965d 100755
 --- a/seinfoflow
 +++ b/seinfoflow
-@@ -19,6 +19,7 @@
+@@ -17,7 +17,7 @@
+ # along with SETools.  If not, see <http://www.gnu.org/licenses/>.
+ #
  
- from __future__ import print_function
+-import setools
- import setools
 +import setools.infoflow
  import argparse
  import sys
  import logging
-@@ -79,7 +80,7 @@ else:
+@@ -81,7 +81,7 @@ else:
  try:
      p = setools.SELinuxPolicy(args.policy)
      m = setools.PermissionMap(args.map)
@@ -64,77 +66,74 @@ index b287921..d53bdef 100755
      if args.shortest_path or args.all_paths:
          if args.shortest_path:
 diff --git a/setools/__init__.py b/setools/__init__.py
-index a84c846..a53c5a7 100644
+index 7b70f5e..5a5f7fe 100644
 --- a/setools/__init__.py
 +++ b/setools/__init__.py
-@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
+@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery
  from .devicetreeconquery import DevicetreeconQuery
  
  # Information Flow Analysis
 -from .infoflow import InfoFlowAnalysis
-+# from .infoflow import InfoFlowAnalysis
  from .permmap import PermissionMap
  
- # Domain Transition Analysis
+-# Domain Transition Analysis
 -from .dta import DomainTransitionAnalysis
-+# from .dta import DomainTransitionAnalysis
+-
- 
  # Policy difference
  from .diff import PolicyDifference
+ 
 diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
-index 0aaf13f..5b1ea20 100644
+index 4608b9d..2cde44c 100644
 --- a/setoolsgui/apol/dta.py
 +++ b/setoolsgui/apol/dta.py
 @@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
  from PyQt5.QtGui import QPalette, QTextCursor
  from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
-                             QTreeWidgetItem
+     QTreeWidgetItem
 -from setools import DomainTransitionAnalysis
 +from setools.dta import DomainTransitionAnalysis
  
  from ..logtosignal import LogHandlerToSignal
  from .analysistab import AnalysisTab
 diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
-index 1ae16de..fdf8f7b 100644
+index 7bca299..7fee277 100644
 --- a/setoolsgui/apol/infoflow.py
 +++ b/setoolsgui/apol/infoflow.py
-@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+@@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
  from PyQt5.QtGui import QPalette, QTextCursor
  from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
-                             QTreeWidgetItem
+     QTreeWidgetItem
 -from setools import InfoFlowAnalysis
 +from setools.infoflow import InfoFlowAnalysis
  from setools.exception import UnmappedClass, UnmappedPermission
  
  from ..logtosignal import LogHandlerToSignal
 diff --git a/tests/dta.py b/tests/dta.py
-index 32b9271..2bdd052 100644
+index a0cc938..177e6fb 100644
 --- a/tests/dta.py
 +++ b/tests/dta.py
-@@ -17,7 +17,8 @@
+@@ -18,7 +18,7 @@
- #
+ import os
  import unittest
  
--from setools import SELinuxPolicy, DomainTransitionAnalysis
+-from setools import DomainTransitionAnalysis
-+from setools import SELinuxPolicy
 +from setools.dta import DomainTransitionAnalysis
  from setools import TERuletype as TERT
- from setools.policyrep.exception import InvalidType
+ from setools.exception import InvalidType
- from setools.policyrep.typeattr import Type
+ from setools.policyrep import Type
 diff --git a/tests/infoflow.py b/tests/infoflow.py
-index 7751dda..a21c683 100644
+index aa0e44a..fca2848 100644
 --- a/tests/infoflow.py
 +++ b/tests/infoflow.py
-@@ -17,7 +17,8 @@
+@@ -18,7 +18,7 @@
- #
+ import os
  import unittest
  
--from setools import SELinuxPolicy, InfoFlowAnalysis
+-from setools import InfoFlowAnalysis
-+from setools import SELinuxPolicy
 +from setools.infoflow import InfoFlowAnalysis
  from setools import TERuletype as TERT
+ from setools.exception import InvalidType
  from setools.permmap import PermissionMap
- from setools.policyrep.exception import InvalidType
 -- 
-2.9.3
+2.17.2
 

setools.spec

@@ -1,28 +1,22 @@
-# sitelib for noarch packages, sitearch for others (remove the unneeded one)
+# % global setools_pre_ver rc
-%{!?__python2: %global __python2 %__python}
-%{!?python2_sitelib: %global python2_sitelib %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
-%{!?python2_sitearch: %global python2_sitearch %(%{__python2} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib(1))")}
-
-# % global setools_pre_ver beta.1.8e09d95
 # % global gitver f1e5b20
 
-%global sepol_ver 2.7-1
+%global sepol_ver 2.9-1
-%global selinux_ver 2.7-1
+%global selinux_ver 2.9-1
+
 
 Name:           setools
-Version:        4.1.1
+Version:        4.2.2
-Release:        11%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
+Release:        1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
 Summary:        Policy analysis tools for SELinux
 
 License:        GPLv2
-URL:            https://github.com/TresysTechnology/setools/wiki
+URL:            https://github.com/SELinuxProject/setools/wiki
-Source0:        https://github.com/TresysTechnology/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
+Source0:        https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
 Source1:        setools.pam
 Source2:        apol.desktop
-Patch1:         0001-Do-not-use-Werror-during-build.patch
+Patch1001:      1001-Do-not-use-Werror-during-build.patch
-Patch2:         0002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
+Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
-Patch3:         0003-bswap_-macros-are-defined-in-byteswap.h.patch
-Patch4:         0004-Add-support-for-SCTP-protocol.patch
 
 Obsoletes:      setools < 4.0.0, setools-devel < 4.0.0
 BuildRequires:  flex,  bison
@@ -30,10 +24,10 @@ BuildRequires:  glibc-devel, gcc, git
 BuildRequires:  libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
 BuildRequires:  qt5-qtbase-devel
 BuildRequires:  swig
-BuildRequires:  python2-devel
+BuildRequires:  python3-Cython
-BuildRequires:  python2-setuptools
 BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
+BuildRequires:  libselinux-devel
 
 # BuildArch:      
 Requires:       python3-%{name} = %{version}-%{release}
@@ -76,29 +70,15 @@ This package includes the following console tools:
   seinfoflow   Perform information flow analyses.
 
 
-%package     -n python2-setools
-Summary:     Policy analysis tools for SELinux  
-Recommends:  python2-libselinux
-%{?python_provide:%python_provide python2-setools}
-# Remove before F30
-Provides: %{name}-python = %{version}-%{release}
-Provides: %{name}-python%{?_isa} = %{version}-%{release}
-Obsoletes: %{name}-python < %{version}-%{release}
-Requires:    python2-enum34
-
-%description -n python2-setools
-SETools is a collection of graphical tools, command-line tools, and
-Python 2 modules designed to facilitate SELinux policy analysis.
-
 %package     -n python3-setools
 Summary:     Policy analysis tools for SELinux  
 Obsoletes:   setools-libs < 4.0.0
 Recommends:  libselinux-python3
-%{?python_provide:%python_provide python2-setools}
 # Remove before F30
 Provides: %{name}-python3 = %{version}-%{release}
 Provides: %{name}-python3%{?_isa} = %{version}-%{release}
 Obsoletes: %{name}-python3 < %{version}-%{release}
+Requires:    python3-setuptools
 
 %description -n python3-setools
 SETools is a collection of graphical tools, command-line tools, and
@@ -107,6 +87,7 @@ Python 3 modules designed to facilitate SELinux policy analysis.
 
 %package     gui
 Summary:     Policy analysis graphical tools for SELinux
+Requires:    python3-setools = %{version}-%{release}
 Requires:    python3-qt5
 Requires:    python3-networkx
 
@@ -116,37 +97,21 @@ Python modules designed to facilitate SELinux policy analysis.
 
 
 %prep
-%autosetup -p 1 -S git
+%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
-
-cp -a ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}} ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
 
 
 %build
 # Remove CFLAGS=... for noarch packages (unneeded)
-CFLAGS="%{optflags}" %{__python3} setup.py build
+%set_build_flags
-
+%{__python3} setup.py build
-pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
-# Remove CFLAGS=... for noarch packages (unneeded)
-CFLAGS="%{optflags}" %{__python2} setup.py build
-popd
 
 
 %install
-rm -rf %{buildroot}
-pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
-%{__python2} setup.py install --root %{buildroot}
-popd
-
-rm -rf %{buildroot}%{_bindir}
 %{__python3} setup.py install --root %{buildroot}
 
 %check
 %if %{?_with_check:1}%{!?_with_check:0}
 %{__python3} setup.py test
-
-pushd ../setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}-python2
-%{__python2} setup.py test
-popd
 %endif
 
 
@@ -166,10 +131,6 @@ popd
 %{_mandir}/man1/sedta*
 %{_mandir}/man1/seinfoflow*
 
-%files -n python2-setools
-%license COPYING COPYING.GPL COPYING.LGPL
-%{python2_sitearch}/*
-
 %files -n python3-setools
 %license COPYING COPYING.GPL COPYING.LGPL
 %{python3_sitearch}/setools
@@ -181,6 +142,33 @@ popd
 %{_mandir}/man1/apol*
 
 %changelog
+* Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1}
+- SETools 4.2.2 release
+
+* Mon May 13 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-3
+- Use %set_build_flags instead of %optflags
+
+* Mon May 06 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.1-2
+- SELinuxPolicy: Create a map of aliases on policy load (#1672631)
+
+* Tue Mar 26 2019 Petr Lautrbach <plautrba@redhat.com> - 4.2.1-1
+- SETools 4.2.1 release (#1581761, #1595582)
+
+* Wed Nov 14 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-1
+- Update source to SETools 4.2.0 release
+
+* Mon Oct 01 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.3.rc
+- Update upstream source to 4.2.0-rc
+
+* Wed Sep 19 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.2.beta
+- Require userspace release 2.8
+- setools-gui requires python3-setools
+- Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
+
+* Thu Aug 09 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.1.beta
+- New upstream release
+- Drop python2 subpackage (4.2.0 no longer supports python2)
+
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 

sources

@@ -1 +1,2 @@
-SHA512 (4.1.1.tar.gz) = 2e55a3b07e2f94d7c84054f31d266567b9acc708fe2b0e16ac3ea24e8301c712bcf564ff915a6135a1a6ba6822682bb3a6530dae20161a832fb7048364acbd04
+SHA512 (4.2.1.tar.gz) = 7d00295fe7ff16e96e15266807f8e0a67cc2978f9051cd85afb9ee71ca7fad16ccf7421a4a163bb793950bc20a44f3cbb8409b4e0642d0f96cf7a3df7bc59c31
+SHA512 (4.2.2.tar.gz) = 5044b04d0895ffe31557b3b71bb277ab49710a6066485c8f204ce7858abab259f973000f1fcfde0149ed4e33a50103984939dcc68ce322d70e9e927e81d4f798