SETools 4.2.2 release

Changes since 4.2.1:
- Remove source policy references from man pages, as loading source policies
  is no longer supported.
- Fix a performance regression in alias loading after alias dereferencing
  fixes in 4.2.1

.gitignore

@@ -8,7 +8,3 @@ setools-3.3.8-f1e5b20.tar.bz2
 /4.2.0.tar.gz
 /4.2.1.tar.gz
 /4.2.2.tar.gz
-/4.3.0.tar.gz
-/05e90ee.tar.gz
-/16c0696.tar.gz
-/4.4.0.tar.gz

0001-Make-seinfo-output-predictable.patch

@@ -1,90 +0,0 @@
-From 8ed316d6bfb65e5e9b57f3761ea8490022ab3a05 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Thu, 18 Nov 2021 13:59:08 +0100
-Subject: [PATCH] Make seinfo output predictable
-
-There are few places where frozenset is used. Given that frozenset is an unordered
-collection the output generated from this is unpredictable.
-
-The following command outputs are fixed using sorted() on frozensets:
-
-    seinfo --constrain
-    seinfo --common
-    seinfo -c -x
-    seinfo -r -x
-    seinfo -u -x
-
-Fixes: https://github.com/SELinuxProject/setools/issues/65
-
-Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
----
- setools/policyrep/constraint.pxi | 2 +-
- setools/policyrep/objclass.pxi   | 4 ++--
- setools/policyrep/role.pxi       | 2 +-
- setools/policyrep/user.pxi       | 2 +-
- 4 files changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/setools/policyrep/constraint.pxi b/setools/policyrep/constraint.pxi
-index 01c63d87425b..0b4c5b9bcf6a 100644
---- a/setools/policyrep/constraint.pxi
-+++ b/setools/policyrep/constraint.pxi
-@@ -72,7 +72,7 @@ cdef class Constraint(BaseConstraint):
- 
-     def statement(self):
-         if len(self.perms) > 1:
--            perms = "{{ {0} }}".format(' '.join(self.perms))
-+            perms = "{{ {0} }}".format(' '.join(sorted(self.perms)))
-         else:
-             # convert to list since sets cannot be indexed
-             perms = list(self.perms)[0]
-diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi
-index b7ec7b7de5c3..8ed2be5a9bed 100644
---- a/setools/policyrep/objclass.pxi
-+++ b/setools/policyrep/objclass.pxi
-@@ -75,7 +75,7 @@ cdef class Common(PolicySymbol):
-         return other in self.perms
- 
-     def statement(self):
--        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(self.perms))
-+        return "common {0}\n{{\n\t{1}\n}}".format(self, '\n\t'.join(sorted(self.perms)))
- 
- 
- cdef class ObjClass(PolicySymbol):
-@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol):
- 
-         # a class that inherits may not have additional permissions
-         if len(self.perms) > 0:
--            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms))
-+            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms)))
- 
-         return stmt
- 
-diff --git a/setools/policyrep/role.pxi b/setools/policyrep/role.pxi
-index 9a0dd39f27d9..3af8a3f72a1f 100644
---- a/setools/policyrep/role.pxi
-+++ b/setools/policyrep/role.pxi
-@@ -58,7 +58,7 @@ cdef class Role(PolicySymbol):
-         if count == 1:
-             stmt += " types {0}".format(types[0])
-         else:
--            stmt += " types {{ {0} }}".format(' '.join(types))
-+            stmt += " types {{ {0} }}".format(' '.join(sorted(types)))
- 
-         stmt += ";"
-         return stmt
-diff --git a/setools/policyrep/user.pxi b/setools/policyrep/user.pxi
-index 9c82aa92eb72..e37af2939820 100644
---- a/setools/policyrep/user.pxi
-+++ b/setools/policyrep/user.pxi
-@@ -81,7 +81,7 @@ cdef class User(PolicySymbol):
-         if count == 1:
-             stmt += roles[0]
-         else:
--            stmt += "{{ {0} }}".format(' '.join(roles))
-+            stmt += "{{ {0} }}".format(' '.join(sorted(roles)))
- 
-         if self._level:
-             stmt += " level {0.mls_level} range {0.mls_range};".format(self)
--- 
-2.33.1
-

0001-SELinuxPolicy-Create-a-map-of-aliases-on-policy-load.patch

@@ -0,0 +1,479 @@
+From 2fad2d1b1df43ea0d85e25e2ebad88ad02997d7c Mon Sep 17 00:00:00 2001
+From: Chris PeBenito <pebenito@ieee.org>
+Date: Mon, 29 Apr 2019 07:57:16 -0400
+Subject: [PATCH 1/3] SELinuxPolicy: Create a map of aliases on policy load.
+
+Addresses a performance regression after the alias fixes in #17.
+
+Closes #20
+---
+ setools/policyrep/mls.pxi           | 138 +---------------------------
+ setools/policyrep/selinuxpolicy.pxi | 107 +++++++++++++++++----
+ setools/policyrep/typeattr.pxi      |  70 +-------------
+ 3 files changed, 95 insertions(+), 220 deletions(-)
+
+diff --git a/setools/policyrep/mls.pxi b/setools/policyrep/mls.pxi
+index c40d032..30464b7 100644
+--- a/setools/policyrep/mls.pxi
++++ b/setools/policyrep/mls.pxi
+@@ -1,5 +1,5 @@
+ # Copyright 2014-2016, Tresys Technology, LLC
+-# Copyright 2017-2018, Chris PeBenito <pebenito@ieee.org>
++# Copyright 2017-2019, Chris PeBenito <pebenito@ieee.org>
+ #
+ # This file is part of SETools.
+ #
+@@ -65,6 +65,7 @@ cdef class Category(PolicySymbol):
+             c.key = <uintptr_t>symbol
+             c.name = policy.category_value_to_name(symbol.s.value - 1)
+             c._value = symbol.s.value
++            c._aliases = policy.category_alias_map[symbol.s.value]
+             _cat_cache[policy][<uintptr_t>symbol] = c
+             return c
+ 
+@@ -75,14 +76,8 @@ cdef class Category(PolicySymbol):
+         # Comparison based on their index instead of their names.
+         return self._value < other._value
+ 
+-    cdef inline void _load_aliases(self):
+-        """Helper method to load aliases."""
+-        if self._aliases is None:
+-            self._aliases = list(self.policy.category_aliases(self))
+-
+     def aliases(self):
+         """Generator that yields all aliases for this category."""
+-        self._load_aliases()
+         return iter(self._aliases)
+ 
+     def statement(self):
+@@ -90,7 +85,6 @@ cdef class Category(PolicySymbol):
+             str stmt
+             size_t count
+ 
+-        self._load_aliases()
+         count = len(self._aliases)
+ 
+         stmt = "category {0}".format(self.name)
+@@ -127,6 +121,7 @@ cdef class Sensitivity(PolicySymbol):
+             s.key = <uintptr_t>symbol
+             s.name = policy.level_value_to_name(symbol.level.sens - 1)
+             s._value = symbol.level.sens
++            s._aliases = policy.sensitivity_alias_map[symbol.level.sens]
+             return s
+ 
+     def __hash__(self):
+@@ -144,14 +139,8 @@ cdef class Sensitivity(PolicySymbol):
+     def __lt__(self, other):
+         return self._value < other._value
+ 
+-    cdef inline void _load_aliases(self):
+-        """Helper method to load aliases."""
+-        if self._aliases is None:
+-            self._aliases = list(self.policy.sensitivity_aliases(self))
+-
+     def aliases(self):
+         """Generator that yields all aliases for this sensitivity."""
+-        self._load_aliases()
+         return iter(self._aliases)
+ 
+     def level_decl(self):
+@@ -167,7 +156,6 @@ cdef class Sensitivity(PolicySymbol):
+             str stmt
+             size_t count
+ 
+-        self._load_aliases()
+         count = len(self._aliases)
+ 
+         stmt = "sensitivity {0}".format(self.name)
+@@ -540,66 +528,6 @@ cdef class CategoryHashtabIterator(HashtabIterator):
+             datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
+ 
+ 
+-cdef class CategoryAliasHashtabIterator(HashtabIterator):
+-
+-    """Iterate over category aliases in the policy."""
+-
+-    cdef uint32_t primary
+-
+-    @staticmethod
+-    cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Category primary):
+-        """Factory function for creating category alias iterators."""
+-        i = CategoryAliasHashtabIterator()
+-        i.policy = policy
+-        i.table = table
+-        i.primary = primary._value
+-        i.reset()
+-        return i
+-
+-    def __next__(self):
+-        super().__next__()
+-        datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        while datum != NULL and (not datum.isalias or datum.s.value != self.primary):
+-            super().__next__()
+-            datum = <sepol.cat_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        return intern(self.curr.key)
+-
+-    def __len__(self):
+-        cdef sepol.cat_datum_t *datum
+-        cdef sepol.hashtab_node_t *node
+-        cdef uint32_t bucket = 0
+-        cdef size_t count = 0
+-
+-        while bucket < self.table[0].size:
+-            node = self.table[0].htable[bucket]
+-            while node != NULL:
+-                datum = <sepol.cat_datum_t *>node.datum if node else NULL
+-                if datum != NULL and self.primary == datum.s.value and datum.isalias:
+-                    count += 1
+-
+-                node = node.next
+-
+-            bucket += 1
+-
+-        return count
+-
+-    def reset(self):
+-        super().reset()
+-
+-        cdef sepol.cat_datum_t *datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
+-
+-        # advance over any attributes or aliases
+-        while datum != NULL and (not datum.isalias and self.primary != datum.s.value):
+-            self._next_node()
+-
+-            if self.node == NULL or self.bucket >= self.table[0].size:
+-                break
+-
+-            datum = <sepol.cat_datum_t *> self.node.datum if self.node else NULL
+-
+-
+ cdef class SensitivityHashtabIterator(HashtabIterator):
+ 
+     """Iterate over sensitivity in the policy."""
+@@ -657,66 +585,6 @@ cdef class SensitivityHashtabIterator(HashtabIterator):
+             datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
+ 
+ 
+-cdef class SensitivityAliasHashtabIterator(HashtabIterator):
+-
+-    """Iterate over sensitivity aliases in the policy."""
+-
+-    cdef uint32_t primary
+-
+-    @staticmethod
+-    cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Sensitivity primary):
+-        """Factory function for creating Sensitivity alias iterators."""
+-        i = SensitivityAliasHashtabIterator()
+-        i.policy = policy
+-        i.table = table
+-        i.primary = primary._value
+-        i.reset()
+-        return i
+-
+-    def __next__(self):
+-        super().__next__()
+-        datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        while datum != NULL and (not datum.isalias or datum.level.sens != self.primary):
+-            super().__next__()
+-            datum = <sepol.level_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        return intern(self.curr.key)
+-
+-    def __len__(self):
+-        cdef sepol.level_datum_t *datum
+-        cdef sepol.hashtab_node_t *node
+-        cdef uint32_t bucket = 0
+-        cdef size_t count = 0
+-
+-        while bucket < self.table[0].size:
+-            node = self.table[0].htable[bucket]
+-            while node != NULL:
+-                datum = <sepol.level_datum_t *>node.datum if node else NULL
+-                if datum != NULL and self.primary == datum.level.sens and datum.isalias:
+-                    count += 1
+-
+-                node = node.next
+-
+-            bucket += 1
+-
+-        return count
+-
+-    def reset(self):
+-        super().reset()
+-
+-        cdef sepol.level_datum_t *datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
+-
+-        # advance over any attributes or aliases
+-        while datum != NULL and (not datum.isalias and self.primary != datum.level.sens):
+-            self._next_node()
+-
+-            if self.node == NULL or self.bucket >= self.table[0].size:
+-                break
+-
+-            datum = <sepol.level_datum_t *> self.node.datum if self.node else NULL
+-
+-
+ cdef class LevelDeclHashtabIterator(HashtabIterator):
+ 
+     """Iterate over level declarations in the policy."""
+diff --git a/setools/policyrep/selinuxpolicy.pxi b/setools/policyrep/selinuxpolicy.pxi
+index 1a3eb5c..1541549 100644
+--- a/setools/policyrep/selinuxpolicy.pxi
++++ b/setools/policyrep/selinuxpolicy.pxi
+@@ -46,6 +46,9 @@ cdef class SELinuxPolicy:
+         object log
+         object constraint_counts
+         object terule_counts
++        dict type_alias_map
++        dict category_alias_map
++        dict sensitivity_alias_map
+         object __weakref__
+ 
+         # Public attributes:
+@@ -598,12 +601,6 @@ cdef class SELinuxPolicy:
+         """Return the category datum for the specified category value."""
+         return self.cat_val_to_struct[value]
+ 
+-    cdef inline category_aliases(self, Category primary):
+-        """Return an interator for the aliases for the specified category."""
+-        return CategoryAliasHashtabIterator.factory(self,
+-                                                    &self.handle.p.symtab[sepol.SYM_CATS].table,
+-                                                    primary)
+-
+     cdef inline str category_value_to_name(self, size_t value):
+         """Return the name of the category by its value."""
+         return intern(self.handle.p.sym_val_to_name[sepol.SYM_CATS][value])
+@@ -636,17 +633,6 @@ cdef class SELinuxPolicy:
+         """Return the name of the role by its value."""
+         return intern(self.handle.p.sym_val_to_name[sepol.SYM_ROLES][value])
+ 
+-    cdef inline sensitivity_aliases(self, Sensitivity primary):
+-        """Return an interator for the aliases for the specified sensitivity."""
+-        return SensitivityAliasHashtabIterator.factory(self,
+-            &self.handle.p.symtab[sepol.SYM_LEVELS].table, primary)
+-
+-    cdef inline type_aliases(self, Type primary):
+-        """Return an iterator for the aliases for the specified type."""
+-        return TypeAliasHashtabIterator.factory(self,
+-                                                &self.handle.p.symtab[sepol.SYM_TYPES].table,
+-                                                primary)
+-
+     cdef inline sepol.type_datum_t* type_value_to_datum(self, size_t value):
+         """Return the type datum for the specified type value."""
+         return self.handle.p.type_val_to_struct[value]
+@@ -725,6 +711,15 @@ cdef class SELinuxPolicy:
+         if self.mls:
+             self._create_mls_val_to_struct()
+ 
++        #
++        # Create value to alias mappings
++        #
++        self._load_type_aliases()
++
++        if self.mls:
++            self._load_sensitivity_aliases()
++            self._load_category_aliases()
++
+         self.log.info("Successfully opened SELinux policy \"{0}\"".format(filename))
+         self.path = filename
+ 
+@@ -846,6 +841,84 @@ cdef class SELinuxPolicy:
+ 
+             bucket += 1
+ 
++    cdef _load_category_aliases(self):
++        """Build map of aliases to categories"""
++        cdef:
++            sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_CATS].table
++            sepol.cat_datum_t *datum
++            sepol.hashtab_node_t *node
++            uint32_t bucket = 0
++            list entry
++
++        self.category_alias_map = dict()
++
++        while bucket < table[0].size:
++            node = table[0].htable[bucket]
++            while node != NULL:
++                datum = <sepol.cat_datum_t *>node.datum if node else NULL
++                if datum == NULL:
++                    continue
++
++                entry = self.category_alias_map.setdefault(datum.s.value, list())
++                if datum.isalias:
++                    entry.append(intern(node.key))
++
++                node = node.next
++
++            bucket += 1
++
++    cdef _load_sensitivity_aliases(self):
++        """Build map of aliases to sensitivities"""
++        cdef:
++            sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_LEVELS].table
++            sepol.level_datum_t *datum
++            sepol.hashtab_node_t *node
++            uint32_t bucket = 0
++            list entry
++
++        self.sensitivity_alias_map = dict()
++
++        while bucket < table[0].size:
++            node = table[0].htable[bucket]
++            while node != NULL:
++                datum = <sepol.level_datum_t *>node.datum if node else NULL
++                if datum == NULL:
++                    continue
++
++                entry = self.sensitivity_alias_map.setdefault(datum.level.sens, list())
++                if datum.isalias:
++                    entry.append(intern(node.key))
++
++                node = node.next
++
++            bucket += 1
++
++    cdef _load_type_aliases(self):
++        """Build map of aliases to types"""
++        cdef:
++            sepol.hashtab_t *table = &self.handle.p.symtab[sepol.SYM_TYPES].table
++            sepol.type_datum_t *datum
++            sepol.hashtab_node_t *node
++            uint32_t bucket = 0
++            list entry
++
++        self.type_alias_map = dict()
++
++        while bucket < table[0].size:
++            node = table[0].htable[bucket]
++            while node != NULL:
++                datum = <sepol.type_datum_t *>node.datum if node else NULL
++                if datum == NULL:
++                    continue
++
++                entry = self.type_alias_map.setdefault(datum.s.value, list())
++                if type_is_alias(datum):
++                    entry.append(intern(node.key))
++
++                node = node.next
++
++            bucket += 1
++
+     cdef _rebuild_attrs_from_map(self):
+         """
+         Rebuilds data for the attributes and inserts them into the policydb.
+diff --git a/setools/policyrep/typeattr.pxi b/setools/policyrep/typeattr.pxi
+index d989ca9..1d8901e 100644
+--- a/setools/policyrep/typeattr.pxi
++++ b/setools/policyrep/typeattr.pxi
+@@ -1,5 +1,5 @@
+ # Copyright 2014, Tresys Technology, LLC
+-# Copyright 2017-2018, Chris PeBenito <pebenito@ieee.org>
++# Copyright 2017-2019, Chris PeBenito <pebenito@ieee.org>
+ #
+ # This file is part of SETools.
+ #
+@@ -86,13 +86,9 @@ cdef class Type(BaseType):
+             t.value = symbol.s.value
+             t.name = policy.type_value_to_name(symbol.s.value - 1)
+             t.ispermissive = <bint>symbol.flags & sepol.TYPE_FLAGS_PERMISSIVE
++            t._aliases = policy.type_alias_map[symbol.s.value]
+             return t
+ 
+-    cdef inline void _load_aliases(self):
+-        """Helper method to load aliases."""
+-        if self._aliases is None:
+-            self._aliases = list(self.policy.type_aliases(self))
+-
+     cdef inline void _load_attributes(self):
+         """Helper method to load attributes."""
+         cdef sepol.type_datum_t *symbol = <sepol.type_datum_t *>self.key
+@@ -110,7 +106,6 @@ cdef class Type(BaseType):
+ 
+     def aliases(self):
+         """Generator that yields all aliases for this type."""
+-        self._load_aliases()
+         return iter(self._aliases)
+ 
+     def statement(self):
+@@ -119,7 +114,6 @@ cdef class Type(BaseType):
+             str stmt
+ 
+         self._load_attributes()
+-        self._load_aliases()
+         count = len(self._aliases)
+ 
+         stmt = "type {0}".format(self.name)
+@@ -297,66 +291,6 @@ cdef class TypeAttributeHashtabIterator(HashtabIterator):
+             self._next_node()
+ 
+ 
+-cdef class TypeAliasHashtabIterator(HashtabIterator):
+-
+-    """Iterate over type aliases in the policy."""
+-
+-    cdef uint32_t primary
+-
+-    @staticmethod
+-    cdef factory(SELinuxPolicy policy, sepol.hashtab_t *table, Type primary):
+-        """Factory function for creating type alias iterators."""
+-        i = TypeAliasHashtabIterator()
+-        i.policy = policy
+-        i.table = table
+-        i.primary = primary.value
+-        i.reset()
+-        return i
+-
+-    def __next__(self):
+-        super().__next__()
+-        datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        while datum != NULL and (not type_is_alias(datum) or datum.s.value != self.primary):
+-            super().__next__()
+-            datum = <sepol.type_datum_t *> self.curr.datum if self.curr else NULL
+-
+-        return intern(self.curr.key)
+-
+-    def __len__(self):
+-        cdef sepol.type_datum_t *datum
+-        cdef sepol.hashtab_node_t *node
+-        cdef uint32_t bucket = 0
+-        cdef size_t count = 0
+-
+-        while bucket < self.table[0].size:
+-            node = self.table[0].htable[bucket]
+-            while node != NULL:
+-                datum = <sepol.type_datum_t *>node.datum if node else NULL
+-                if datum != NULL and self.primary == datum.s.value and type_is_alias(datum):
+-                    count += 1
+-
+-                node = node.next
+-
+-            bucket += 1
+-
+-        return count
+-
+-    def reset(self):
+-        super().reset()
+-
+-        cdef sepol.type_datum_t *datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL
+-
+-        # advance over any attributes or aliases
+-        while datum != NULL and (not type_is_alias(datum) and self.primary != datum.s.value):
+-            self._next_node()
+-
+-            if self.node == NULL or self.bucket >= self.table[0].size:
+-                break
+-
+-            datum = <sepol.type_datum_t *> self.node.datum if self.node else NULL
+-
+-
+ #
+ # Ebitmap Iterator Classes
+ #
+-- 
+2.17.2
+

1001-Do-not-use-Werror-during-build.patch

@@ -0,0 +1,49 @@
+From 4b3dc6b38abbd32cda557d5ef9ea1383ac5fdcf2 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 23 Feb 2017 08:17:07 +0100
+Subject: [PATCH 2/3] Do not use -Werror during build
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There are new warnings when setools are built with gcc 7 therefore we
+want to suppress -Werror for now
+
+Fixes:
+libqpol/policy_extend.c: In function ‘policy_extend’:
+libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
+    snprintf(buff, 9, "@ttr%04zd", i + 1);
+                           ^~~~~
+libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
+    snprintf(buff, 9, "@ttr%04zd", i + 1);
+                      ^~~~~~~~~~~
+In file included from /usr/include/stdio.h:939:0,
+                 from /usr/include/sepol/policydb/policydb.h:53,
+                 from libqpol/policy_extend.c:29:
+/usr/include/bits/stdio2.h:64:10: note: ‘__builtin___snprintf_chk’ output between 9 and 15 bytes into a destination of size 9
+   return __builtin___snprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1,
+          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+        __bos (__s), __fmt, __va_arg_pack ());
+        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+cc1: all warnings being treated as errors
+error: command 'gcc' failed with exit status 1
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index c94daf1..a7442ac 100644
+--- a/setup.py
++++ b/setup.py
+@@ -105,7 +105,7 @@ ext_py_mods = [Extension('setools.policyrep', ['setools/policyrep.pyx'],
+                          libraries=['selinux', 'sepol'],
+                          library_dirs=lib_dirs,
+                          define_macros=macros,
+-                         extra_compile_args=['-Werror', '-Wextra',
++                         extra_compile_args=['-Wextra',
+                                              '-Waggregate-return',
+                                              '-Wfloat-equal',
+                                              '-Wformat', '-Wformat=2',
+-- 
+2.17.2
+

1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch

@@ -1,7 +1,7 @@
-From e47d19f4985098ca316eea4a383510d419ec6055 Mon Sep 17 00:00:00 2001
+From b960869bcbcb58f2ce9af598484f209935c096b0 Mon Sep 17 00:00:00 2001
 From: Vit Mojzis <vmojzis@redhat.com>
 Date: Fri, 26 Apr 2019 15:27:25 +0200
-Subject: [PATCH 1/2] Do not export/use setools.InfoFlowAnalysis and
+Subject: [PATCH 3/3] Do not export/use setools.InfoFlowAnalysis and
  setools.DomainTransitionAnalysis
 
 dta and infoflow modules require networkx which brings lot of dependencies.
@@ -12,32 +12,29 @@ Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
 setools.dta.DomainTransitionAnalysis and let the package containing
 sedta and seinfoflow to require python3-networkx
 ---
- sedta                       | 5 +++--
+ sedta                       | 4 ++--
  seinfoflow                  | 4 ++--
  setools/__init__.py         | 4 ----
  setoolsgui/apol/dta.py      | 2 +-
  setoolsgui/apol/infoflow.py | 2 +-
  tests/dta.py                | 2 +-
  tests/infoflow.py           | 2 +-
- 7 files changed, 9 insertions(+), 12 deletions(-)
+ 7 files changed, 8 insertions(+), 12 deletions(-)
 
 diff --git a/sedta b/sedta
-index 57070098fe10..51890ea8ea73 100755
+index 60861ca..41e38a2 100755
 --- a/sedta
 +++ b/sedta
-@@ -23,9 +23,10 @@ import logging
+@@ -22,7 +22,7 @@ import argparse
+ import logging
  import signal
  
- import setools
+-import setools
 +import setools.dta
  
  
--def print_transition(trans: setools.DomainTransition) -> None:
-+def print_transition(trans: setools.dta.DomainTransition) -> None:
-     if trans.transition:
-         print("Domain transition rule(s):")
-         for t in trans.transition:
-@@ -114,7 +115,7 @@ else:
+ def print_transition(trans):
+@@ -114,7 +114,7 @@ else:
  
  try:
      p = setools.SELinuxPolicy(args.policy)
@@ -47,7 +44,7 @@ index 57070098fe10..51890ea8ea73 100755
      if args.shortest_path or args.all_paths:
          if args.shortest_path:
 diff --git a/seinfoflow b/seinfoflow
-index 0ddcfdc7c1fb..8321718b2640 100755
+index 97b14ba..e7f965d 100755
 --- a/seinfoflow
 +++ b/seinfoflow
 @@ -17,7 +17,7 @@
@@ -59,37 +56,37 @@ index 0ddcfdc7c1fb..8321718b2640 100755
  import argparse
  import sys
  import logging
-@@ -102,7 +102,7 @@ elif args.booleans is not None:
+@@ -81,7 +81,7 @@ else:
  try:
      p = setools.SELinuxPolicy(args.policy)
      m = setools.PermissionMap(args.map)
--    g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
-+    g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude,
-                                  booleans=booleans)
+-    g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
++    g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
  
      if args.shortest_path or args.all_paths:
+         if args.shortest_path:
 diff --git a/setools/__init__.py b/setools/__init__.py
-index d72d343e7e79..642485b9018d 100644
+index 7b70f5e..5a5f7fe 100644
 --- a/setools/__init__.py
 +++ b/setools/__init__.py
-@@ -91,12 +91,8 @@ from .pcideviceconquery import PcideviceconQuery
+@@ -73,12 +73,8 @@ from .pcideviceconquery import PcideviceconQuery
  from .devicetreeconquery import DevicetreeconQuery
  
  # Information Flow Analysis
 -from .infoflow import InfoFlowAnalysis
- from .permmap import PermissionMap, RuleWeight, Mapping
+ from .permmap import PermissionMap
  
 -# Domain Transition Analysis
--from .dta import DomainTransitionAnalysis, DomainEntrypoint, DomainTransition
+-from .dta import DomainTransitionAnalysis
 -
  # Policy difference
  from .diff import PolicyDifference
  
 diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
-index 62dbf04d9a5e..0ea000e790f0 100644
+index 4608b9d..2cde44c 100644
 --- a/setoolsgui/apol/dta.py
 +++ b/setoolsgui/apol/dta.py
-@@ -24,7 +24,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
  from PyQt5.QtGui import QPalette, QTextCursor
  from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
      QTreeWidgetItem
@@ -97,9 +94,9 @@ index 62dbf04d9a5e..0ea000e790f0 100644
 +from setools.dta import DomainTransitionAnalysis
  
  from ..logtosignal import LogHandlerToSignal
- from .analysistab import AnalysisSection, AnalysisTab
+ from .analysistab import AnalysisTab
 diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
-index 28009aa2329c..92d350bf727c 100644
+index 7bca299..7fee277 100644
 --- a/setoolsgui/apol/infoflow.py
 +++ b/setoolsgui/apol/infoflow.py
 @@ -26,7 +26,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
@@ -112,7 +109,7 @@ index 28009aa2329c..92d350bf727c 100644
  
  from ..logtosignal import LogHandlerToSignal
 diff --git a/tests/dta.py b/tests/dta.py
-index a0cc9381469c..177e6fb0b961 100644
+index a0cc938..177e6fb 100644
 --- a/tests/dta.py
 +++ b/tests/dta.py
 @@ -18,7 +18,7 @@
@@ -125,7 +122,7 @@ index a0cc9381469c..177e6fb0b961 100644
  from setools.exception import InvalidType
  from setools.policyrep import Type
 diff --git a/tests/infoflow.py b/tests/infoflow.py
-index aa0e44a7e4f8..fca2848aeca5 100644
+index aa0e44a..fca2848 100644
 --- a/tests/infoflow.py
 +++ b/tests/infoflow.py
 @@ -18,7 +18,7 @@
@@ -138,5 +135,5 @@ index aa0e44a7e4f8..fca2848aeca5 100644
  from setools.exception import InvalidType
  from setools.permmap import PermissionMap
 -- 
-2.30.0
+2.17.2
 

1003-Require-networkx-on-package-level.patch

@@ -1,24 +0,0 @@
-From 7b73bdeda54b9c944774452bfa3b3c1f2733b3f0 Mon Sep 17 00:00:00 2001
-From: Petr Lautrbach <plautrba@redhat.com>
-Date: Thu, 2 Apr 2020 16:06:14 +0200
-Subject: [PATCH 2/2] Require networkx on package level
-
-It allows us to ship python3-setools without dependency on python3-networkx
----
- setup.py | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/setup.py b/setup.py
-index c593b786cc61..0551811e3fd1 100644
---- a/setup.py
-+++ b/setup.py
-@@ -163,5 +163,5 @@ setup(name='setools',
-       # setup also requires libsepol and libselinux
-       # C libraries and headers to compile.
-       setup_requires=['setuptools', 'Cython>=0.27'],
--      install_requires=['setuptools', 'networkx>=2.0']
-+      install_requires=['setuptools']
-       )
--- 
-2.30.0
-

gating.yaml

@@ -1,16 +0,0 @@
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_testing
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
-
---- !Policy
-product_versions:
-  - fedora-*
-decision_context: bodhi_update_push_stable
-subject_type: koji_build
-rules:
-  - !PassingTestCaseRule {test_case_name: fedora-ci.koji-build.tier0.functional}
-

rpminspect.yaml

@@ -1,3 +0,0 @@
-emptyrpm:
-    expected_empty:
-        - setools

setools.spec

@@ -1,22 +1,26 @@
-%global sepol_ver 3.4-1
-%global selinux_ver 3.4-1
+# % global setools_pre_ver rc
+# % global gitver f1e5b20
+
+%global sepol_ver 2.9-1
+%global selinux_ver 2.9-1
+
 
 Name:           setools
-Version:        4.4.0
-Release:        9%{?dist}
+Version:        4.2.2
+Release:        1%{?setools_pre_ver:.%{setools_pre_ver}}%{?dist}
 Summary:        Policy analysis tools for SELinux
 
 License:        GPLv2
 URL:            https://github.com/SELinuxProject/setools/wiki
-Source0:        https://github.com/SELinuxProject/setools/archive/%{version}.tar.gz
+Source0:        https://github.com/SELinuxProject/setools/archive/%{version}%{?setools_pre_ver:-%{setools_pre_ver}}.tar.gz
 Source1:        setools.pam
 Source2:        apol.desktop
-Patch0001:      0001-Make-seinfo-output-predictable.patch
+Patch1001:      1001-Do-not-use-Werror-during-build.patch
 Patch1002:      1002-Do-not-export-use-setools.InfoFlowAnalysis-and-setoo.patch
-Patch1003:      1003-Require-networkx-on-package-level.patch
+
 Obsoletes:      setools < 4.0.0, setools-devel < 4.0.0
 BuildRequires:  flex,  bison
-BuildRequires:  glibc-devel, gcc, git-core
+BuildRequires:  glibc-devel, gcc, git
 BuildRequires:  libsepol-devel >= %{sepol_ver}, libsepol-static >= %{sepol_ver}
 BuildRequires:  qt5-qtbase-devel
 BuildRequires:  swig
@@ -25,9 +29,8 @@ BuildRequires:  python3-devel
 BuildRequires:  python3-setuptools
 BuildRequires:  libselinux-devel
 
-Requires:       %{name}-console = %{version}-%{release}
-Requires:       %{name}-console-analyses = %{version}-%{release}
-Requires:       %{name}-gui = %{version}-%{release}
+# BuildArch:      
+Requires:       python3-%{name} = %{version}-%{release}
 
 %description
 SETools is a collection of graphical tools, command-line tools, and
@@ -70,7 +73,11 @@ This package includes the following console tools:
 %package     -n python3-setools
 Summary:     Policy analysis tools for SELinux  
 Obsoletes:   setools-libs < 4.0.0
-%{?python_provide:%python_provide python3-setools}
+Recommends:  libselinux-python3
+# Remove before F30
+Provides: %{name}-python3 = %{version}-%{release}
+Provides: %{name}-python3%{?_isa} = %{version}-%{release}
+Obsoletes: %{name}-python3 < %{version}-%{release}
 Requires:    python3-setuptools
 
 %description -n python3-setools
@@ -90,15 +97,17 @@ Python modules designed to facilitate SELinux policy analysis.
 
 
 %prep
-%autosetup -p 1 -S git -n setools-%{version}
+%autosetup -p 1 -S git -n setools-%{version}%{?setools_pre_ver:-%{setools_pre_ver}}
 
 
 %build
-%py3_build
+# Remove CFLAGS=... for noarch packages (unneeded)
+%set_build_flags
+%{__python3} setup.py build
 
 
 %install
-%py3_install
+%{__python3} setup.py install --root %{buildroot}
 
 %check
 %if %{?_with_check:1}%{!?_with_check:0}
@@ -109,25 +118,18 @@ Python modules designed to facilitate SELinux policy analysis.
 %files
 
 %files console
-%{_bindir}/sechecker
 %{_bindir}/sediff
 %{_bindir}/seinfo
 %{_bindir}/sesearch
-%{_mandir}/man1/sechecker*
 %{_mandir}/man1/sediff*
 %{_mandir}/man1/seinfo*
 %{_mandir}/man1/sesearch*
-%{_mandir}/ru/man1/sediff*
-%{_mandir}/ru/man1/seinfo*
-%{_mandir}/ru/man1/sesearch*
 
 %files console-analyses
 %{_bindir}/sedta
 %{_bindir}/seinfoflow
 %{_mandir}/man1/sedta*
 %{_mandir}/man1/seinfoflow*
-%{_mandir}/ru/man1/sedta*
-%{_mandir}/ru/man1/seinfoflow*
 
 %files -n python3-setools
 %license COPYING COPYING.GPL COPYING.LGPL
@@ -138,91 +140,8 @@ Python modules designed to facilitate SELinux policy analysis.
 %{_bindir}/apol
 %{python3_sitearch}/setoolsgui
 %{_mandir}/man1/apol*
-%{_mandir}/ru/man1/apol*
 
 %changelog
-* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 4.4.0-8
-- Rebuilt for Python 3.11
-
-* Mon Jun 13 2022 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-7
-- Update required userspace versions to 3.4
-- Drop unnecessary Recommends
-
-* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.4.0-6
-- Rebuilt for Python 3.11
-
-* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Fri Nov 19 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-4
-- Make seinfo output predictable
-  https://github.com/SELinuxProject/setools/issues/65
-
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 4.4.0-2
-- Rebuilt for Python 3.10
-
-* Mon Mar  8 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-1
-- SETools 4.4.0 release
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.0-0.3.20210121git16c0696
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Thu Jan 21 2021 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20210121git16c0696
-- Rebuild with SELinux userspace 3.2-rc1
-- Update to 16c0696
-
-* Thu Dec 10 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.2.20201102git05e90ee
-- Fix imports in /usr/bin/sedta
-
-* Tue Nov  3 2020 Petr Lautrbach <plautrba@redhat.com> - 4.4.0-0.1.20201102git05e90ee
-- Update to 05e90ee
-- Add /usr/bin/sechecker
-- Adapt to new libsepol filename transition structures
-- Rebuild with libsepol.so.2
-
-* Sat Aug 01 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-5
-- Second attempt - Rebuilt for
-  https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.0-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Thu Jul 16 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-3
-- rebuild with SELinux userspace 3.1 release
-
-* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 4.3.0-2
-- Rebuilt for Python 3.9
-
-* Thu Apr  2 2020 Petr Lautrbach <plautrba@redhat.com> - 4.3.0-1
-- SETools 4.3.0 release
-- Revised sediff method for TE rules. This drastically reduced memory and run time.
-- Added infiniband context support to seinfo, sediff, and apol.
-- Added apol configuration for location of Qt assistant.
-- Fixed sediff issue where properties header would display when not requested.
-- Fixed sediff issue with type_transition file name comparison.
-- Fixed permission map socket sendto information flow direction.
-- Added methods to TypeAttribute class to make it a complete Python collection.
-- Genfscon now will look up classes rather than using fixed values which
-    were dropped from libsepol.
-
-* Mon Mar 23 2020 Petr Lautrbach <plautrba@redhat.com> - 4.2.2-5
-- setools requires -console, -console-analyses and -gui packages (#1794314)
-
-* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.2-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-3
-- Rebuilt for Python 3.8.0rc1 (#1748018)
-
-* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 4.2.2-2
-- Rebuilt for Python 3.8
-
 * Mon Jul 08 2019 Vit Mojzis <vmojzis@redhat.com> - 4.2.2-1}
 - SETools 4.2.2 release
 
@@ -245,15 +164,11 @@ Python modules designed to facilitate SELinux policy analysis.
 - Require userspace release 2.8
 - setools-gui requires python3-setools
 - Add Requires for python[23]-setuptools - no longer required (just recommended) by python[23] (#1623371)
+
+* Thu Aug 09 2018 Vit Mojzis <vmojzis@redhat.com> - 4.2.0-0.1.beta
+- New upstream release
 - Drop python2 subpackage (4.2.0 no longer supports python2)
 
-* Wed Aug 29 2018 Vit Mojzis <vmojzis@redhat.com> - 4.1.1-13
-- Add Requires for python[23]-setuptools - no longer required (just recommended)
-  by python[23] (#1623371)
-
-* Wed Aug 22 2018 Petr Lautrbach <plautrba@redhat.com> - 4.1.1-12.1
-- Fix SCTP patch - https://github.com/SELinuxProject/setools/issues/9
-
 * Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
 

sources

@@ -1 +1,2 @@
-SHA512 (4.4.0.tar.gz) = 4033ce54213e47e3afd1bdb03b99b0ee3d977f085310d746b34dcfcfe48ac3a562ae0aa2f730d629a298b56dbf295ad219669d13f82578521866b465f8c976e8
+SHA512 (4.2.1.tar.gz) = 7d00295fe7ff16e96e15266807f8e0a67cc2978f9051cd85afb9ee71ca7fad16ccf7421a4a163bb793950bc20a44f3cbb8409b4e0642d0f96cf7a3df7bc59c31
+SHA512 (4.2.2.tar.gz) = 5044b04d0895ffe31557b3b71bb277ab49710a6066485c8f204ce7858abab259f973000f1fcfde0149ed4e33a50103984939dcc68ce322d70e9e927e81d4f798

tests/Regression/The-setools-package-doesn-t-install-any-tools/Makefile

@@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
-#   Description: Make sure setools requires setools-console and setools-gui
-#   Author: Vit Mojzis <vmojzis@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2020 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/setools/Regression/The-setools-package-doesn-t-install-any-tools
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Vit Mojzis <vmojzis@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Make sure setools requires setools-console and setools-gui" >> $(METADATA)
-	@echo "Type:            Regression" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          setools" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2+" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Bug:             1820078" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5 -RHEL6 -RHEL7" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/Regression/The-setools-package-doesn-t-install-any-tools/runtest.sh

@@ -1,54 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/setools/Regression/bz1820078-The-setools-package-doesn-t-install-any-tools
-#   Description: Make sure setools requires setools-console and setools-gui
-#   Author: Vit Mojzis <vmojzis@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2020 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="setools"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlRun "dnf -y remove ${PACKAGE} ${PACKAGE}-gui ${PACKAGE}-console"
-        OUTPUT_FILE=`mktemp`
-    rlPhaseEnd
-
-    rlPhaseStartTest "bz#1820078"
-        rlRun "dnf -y install ${PACKAGE}" 0
-        rlAssertRpm "${PACKAGE}-gui"
-        rlAssertRpm "${PACKAGE}-console"
-        # make sure that setools-* packages do not require setools
-        rlRun "rpm -q --whatrequires ${PACKAGE} >& ${OUTPUT_FILE}" 0,1
-        rlRun "grep -i \"${PACKAGE}-\" ${OUTPUT_FILE}" 1
-        if [ $? -ne 1 ]; then rlRun "cat \"${OUTPUT_FILE}\""; fi
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rm -f ${OUTPUT_FILE}
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd

tests/Sanity/sedta/Makefile

@@ -1,63 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of /CoreOS/setools/Sanity/sedta
-#   Description: Does sedta work as expected? Does it support all features?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2019 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=/CoreOS/setools/Sanity/sedta
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE testpolicy.cil
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Milos Malik <mmalik@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Does sedta work as expected? Does it support all features?" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        1h" >> $(METADATA)
-	@echo "RunFor:          setools" >> $(METADATA)
-	@echo "Requires:        policycoreutils setools-console-analyses" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2+" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHEL6 -RHEL7 -RHELClient5 -RHELServer5" >> $(METADATA)
-
-	rhts-lint $(METADATA)
-

tests/Sanity/sedta/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of /CoreOS/setools/Sanity/sedta
-Description: Does sedta work as expected? Does it support all features?
-Author: Milos Malik <mmalik@redhat.com>

tests/Sanity/sedta/runtest.sh

@@ -1,88 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of /CoreOS/setools/Sanity/sedta
-#   Description: Does sedta work as expected? Does it support all features?
-#   Author: Milos Malik <mmalik@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2019 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="setools"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm ${PACKAGE}-console-analyses
-        OUTPUT_FILE=`mktemp`
-        rlRun "semodule -i testpolicy.cil"
-        rlRun "semodule -l | grep testpolicy"
-    rlPhaseEnd
-
-    rlPhaseStartTest "invalid values"
-        rlRun "sedta -s unknown_t >& ${OUTPUT_FILE}" 1
-        rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
-        rlRun "sedta -s apmd_t -t unknown_t -S >& ${OUTPUT_FILE}" 1
-        rlRun "grep -i 'not a valid type' ${OUTPUT_FILE}"
-        rlRun "sedta -s unknown_t -p /etc/selinux/unknown/policy/policy.31 >& ${OUTPUT_FILE}" 1
-        rlRun "grep -i 'no such file or directory' ${OUTPUT_FILE}"
-        rlRun "sedta -s apmd_t -t var_lib_t -A -1 >& ${OUTPUT_FILE}" 1
-        rlRun "grep -i 'must be positive' ${OUTPUT_FILE}"
-        rlRun "sedta -s xyz_t >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^0.*transition.*found' ${OUTPUT_FILE}"
-    rlPhaseEnd
-
-    rlPhaseStartTest "valid values"
-        # transitivity
-        rlRun "sedta -s first_t -t second_t -S >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
-        rlRun "sedta -s second_t -t third_t -S >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
-        rlRun "sedta -s first_t -t third_t -S >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
-        # reflexivity
-        rlRun "sedta -s first_t -t first_t -S >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
-        rlRun "sedta -s second_t -t second_t -S >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
-        rlRun "sedta -s third_t -t third_t -S >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^1 domain transition path.*found' ${OUTPUT_FILE}"
-        # path is longer than limit
-        rlRun "sedta -s first_t -t third_t -A 1 >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
-        # non-existent relation
-        rlRun "sedta -s first_t -t third_t -S -r >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
-        # non-existent relation
-        rlRun "sedta -s third_t -t first_t -S >& ${OUTPUT_FILE}"
-        rlRun "grep -i '^0 domain transition path.*found' ${OUTPUT_FILE}"
-    rlPhaseEnd
-
-    rlPhaseStartCleanup
-        rlRun "semodule -r testpolicy"
-        rlRun "semodule -l | grep testpolicy" 1
-        rm -f ${OUTPUT_FILE}
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd
-

tests/Sanity/sedta/testpolicy.cil

@@ -1,21 +0,0 @@
-( type xyz_t )
-
-( type first_t )
-( type first_exec_t )
-( type second_t )
-( type second_exec_t )
-( type third_t )
-( type third_exec_t )
-
-( typetransition first_t second_exec_t process second_t )
-( typetransition second_t third_exec_t process third_t )
-
-( allow first_t second_exec_t ( file ( getattr open read execute )))
-( allow first_t second_t ( process ( transition )))
-( allow second_t third_exec_t ( file ( getattr open read execute )))
-( allow second_t third_t ( process ( transition )))
-
-( allow first_t first_exec_t ( file ( entrypoint )))
-( allow second_t second_exec_t ( file ( entrypoint )))
-( allow third_t third_exec_t ( file ( entrypoint )))
-

tests/Sanity/seinfo-consistent-output/Makefile

@@ -1,64 +0,0 @@
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Makefile of Sanity/seinfo-consistent-output
-#   Description: Check whether different 2 or more runs of same seinfo commands produce same output
-#   Author: Petr Lautrbach <plautrba@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2021 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-export TEST=Sanity/seinfo-consistent-output
-export TESTVERSION=1.0
-
-BUILT_FILES=
-
-FILES=$(METADATA) runtest.sh Makefile PURPOSE
-
-.PHONY: all install download clean
-
-run: $(FILES) build
-	./runtest.sh
-
-build: $(BUILT_FILES)
-	test -x runtest.sh || chmod a+x runtest.sh
-
-clean:
-	rm -f *~ $(BUILT_FILES)
-
-
-include /usr/share/rhts/lib/rhts-make.include
-
-$(METADATA): Makefile
-	@echo "Owner:           Petr Lautrbach <plautrba@redhat.com>" > $(METADATA)
-	@echo "Name:            $(TEST)" >> $(METADATA)
-	@echo "TestVersion:     $(TESTVERSION)" >> $(METADATA)
-	@echo "Path:            $(TEST_DIR)" >> $(METADATA)
-	@echo "Description:     Check whether different 2 or more runs of same seinfo commands produce same output" >> $(METADATA)
-	@echo "Type:            Sanity" >> $(METADATA)
-	@echo "TestTime:        5m" >> $(METADATA)
-	@echo "RunFor:          setools" >> $(METADATA)
-	@echo "Requires:        setools-console" >> $(METADATA)
-	@echo "Priority:        Normal" >> $(METADATA)
-	@echo "License:         GPLv2+" >> $(METADATA)
-	@echo "Confidential:    no" >> $(METADATA)
-	@echo "Destructive:     no" >> $(METADATA)
-	@echo "Bug:             2019962" >> $(METADATA)
-	@echo "Releases:        -RHEL4 -RHELClient5 -RHELServer5" >> $(METADATA)
-
-	rhts-lint $(METADATA)

tests/Sanity/seinfo-consistent-output/PURPOSE

@@ -1,3 +0,0 @@
-PURPOSE of Sanity/seinfo-consistent-output
-Description: Check whether different 2 or more runs of same seinfo commands produce same output
-Author: Petr Lautrbach <plautrba@redhat.com>

tests/Sanity/seinfo-consistent-output/runtest.sh

@@ -1,64 +0,0 @@
-#!/bin/bash
-# vim: dict+=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   runtest.sh of Sanity/seinfo-consistent-output
-#   Description: Check whether different 2 or more runs of same seinfo commands produce same output
-#   Author: Petr Lautrbach <plautrba@redhat.com>
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-#
-#   Copyright (c) 2021 Red Hat, Inc.
-#
-#   This program is free software: you can redistribute it and/or
-#   modify it under the terms of the GNU General Public License as
-#   published by the Free Software Foundation, either version 2 of
-#   the License, or (at your option) any later version.
-#
-#   This program is distributed in the hope that it will be
-#   useful, but WITHOUT ANY WARRANTY; without even the implied
-#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
-#   PURPOSE.  See the GNU General Public License for more details.
-#
-#   You should have received a copy of the GNU General Public License
-#   along with this program. If not, see http://www.gnu.org/licenses/.
-#
-# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-# Include Beaker environment
-. /usr/bin/rhts-environment.sh || exit 1
-. /usr/share/beakerlib/beakerlib.sh || exit 1
-
-PACKAGE="setools-console"
-
-rlJournalStart
-    rlPhaseStartSetup
-        rlAssertRpm $PACKAGE
-        rlRun "TmpDir=\$(mktemp -d)" 0 "Creating tmp directory"
-        rlRun "pushd $TmpDir"
-    rlPhaseEnd
-
-    commands=(
-        "seinfo --all -x"
-        "seinfo --constrain"
-        "seinfo --common"
-        "seinfo -c -x"
-        "seinfo -r -x"
-        "seinfo -u -x"
-    )
-
-    for c in "${commands[@]}"; do
-
-        rlPhaseStartTest "$c"
-            rlRun "$c > 1.out"
-            rlRun "$c > 2.out"
-            rlRun "cmp 1.out 2.out" 0
-        rlPhaseEnd
-    done
-
-    rlPhaseStartCleanup
-        rlRun "popd"
-        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
-    rlPhaseEnd
-rlJournalPrintText
-rlJournalEnd

tests/tests.yml

@@ -1,22 +0,0 @@
----
-# Test to run in classic context
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    repositories:
-    - repo: "https://src.fedoraproject.org/tests/selinux.git"
-      dest: "selinux"
-      fmf_filter: "tier: 1 | component: policycoreutils | component: checkpolicy"
-
-# Test to run in classic context
-- hosts: localhost
-  roles:
-  - role: standard-test-beakerlib
-    tags:
-    - classic
-    tests:
-      - Sanity/sedta
-      - Regression/The-setools-package-doesn-t-install-any-tools
-      - Sanity/seinfo-consistent-output