setools: Add version 3.3.7.

16 files changed, 5181 insertions, 0 deletions

diff --git a/recipes-security/setools/setools/setools-Add-seinfo-and-sesearch-python-bindings.patch b/recipes-security/setools/setools/setools-Add-seinfo-and-sesearch-python-bindings.patch
new file mode 100644
index 0000000..5a37c64
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Add-seinfo-and-sesearch-python-bindings.patch
@@ -0,0 +1,2775 @@
+From 41602f02ffa15d55f6ec8d6cc22ca9c945bfad1f Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 10:44:44 +0800
+Subject: [PATCH 1/7] setools: Add seinfo and sesearch python bindings.
+
+Integrated from Fedora:
+https://community.dev.fedoraproject.org/packages/setools/sources/patches/
+---
+ Makefile.am                |    2 +-
+ configure.ac               |   14 +-
+ python/Makefile.am         |    1 +
+ python/Makefile.in         |  716 +++++++++++++++++++++++++++++++++++++++++
+ python/setools/Makefile.am |   36 ++
+ python/setools/Makefile.in |  550 +++++++++++++++++++++++++++++++
+ python/setools/__init__.py |   50 +++
+ python/setools/seinfo.c    |  769 ++++++++++++++++++++++++++++++++++++++++++++
+ python/setools/sesearch.c  |  478 +++++++++++++++++++++++++++
+ python/setools/setup.py    |   25 ++
+ 10 files changed, 2635 insertions(+), 6 deletions(-)
+ create mode 100644 python/Makefile.am
+ create mode 100644 python/Makefile.in
+ create mode 100644 python/setools/Makefile.am
+ create mode 100644 python/setools/Makefile.in
+ create mode 100644 python/setools/__init__.py
+ create mode 100644 python/setools/seinfo.c
+ create mode 100644 python/setools/sesearch.c
+ create mode 100644 python/setools/setup.py
+
+diff --git a/Makefile.am b/Makefile.am
+index 5dc1b5d..176c8ea 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -10,7 +10,7 @@ if BUILD_GUI
+ endif
+ # sediffx is also built conditionally, from sediffx/Makefile.am
+ 
+-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI)
++SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
+ 
+ #old indent opts
+ #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
+diff --git a/configure.ac b/configure.ac
+index b885981..e837e03 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
+               enable_jswig="$enableval")
+ if test "x${enable_jswig}" = xyes; then
+    if test ${do_swigify} = no; then
+-      AC_PROG_SWIG(1.3.28)
++      AC_PROG_SWIG(2.0.0)
+    fi
+    AC_JAVA_OPTIONS
+    if test "x$JAVAPREFIX" = x; then
+@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then
+    do_swigify_java=yes
+    do_swigify=yes
+ fi
++
++AM_PATH_PYTHON(2.7)
++
+ AC_ARG_ENABLE(swig-python,
+               AC_HELP_STRING([--enable-swig-python],
+                              [build SWIG interfaces for Python]),
+               enable_pyswig="$enableval")
+ if test "x${enable_pyswig}" = xyes; then
+    if test ${do_swigify} = no; then
+-      AC_PROG_SWIG(1.3.28)
++      AC_PROG_SWIG(2.0.0)
+    fi
+-   AM_PATH_PYTHON(2.3)
+    SWIG_PYTHON
+    do_swigify_python=yes
+    do_swigify=yes
+ fi
+ if test ${do_swigify} = "yes"; then
+-   AC_PROG_SWIG(1.3.28)
++   AC_PROG_SWIG(2.0.0)
+ fi
+ build_apol=yes
+ AC_ARG_ENABLE(swig-tcl,
+@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl,
+               enable_tclswig="$enableval", enable_tclswig="yes")
+ if test "x${enable_tclswig}" = xyes; then
+    if test ${do_swigify} = no; then
+-      AC_PROG_SWIG(1.3.28)
++      AC_PROG_SWIG(2.0.0)
+    fi
+    TEA_INIT(3.5)
+    TEA_PATH_TCLCONFIG
+@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \
+                  sediff/Makefile \
+                  man/Makefile \
+                  debian/Makefile \
++                python/Makefile \
++                python/setools/Makefile \
+                  packages/Makefile packages/rpm/Makefile \
+                  packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc])
+ 
+diff --git a/python/Makefile.am b/python/Makefile.am
+new file mode 100644
+index 0000000..a1510c8
+--- /dev/null
++++ b/python/Makefile.am
+@@ -0,0 +1 @@
++SUBDIRS = setools
+diff --git a/python/Makefile.in b/python/Makefile.in
+new file mode 100644
+index 0000000..48c87ab
+--- /dev/null
++++ b/python/Makefile.in
+@@ -0,0 +1,716 @@
++# Makefile.in generated by automake 1.11.1 from Makefile.am.
++# @configure_input@
++
++# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
++# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
++# Inc.
++# This Makefile.in is free software; the Free Software Foundation
++# gives unlimited permission to copy and/or distribute it,
++# with or without modifications, as long as this notice is preserved.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
++# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
++# PARTICULAR PURPOSE.
++
++@SET_MAKE@
++VPATH = @srcdir@
++pkgdatadir = $(datadir)/@PACKAGE@
++pkgincludedir = $(includedir)/@PACKAGE@
++pkglibdir = $(libdir)/@PACKAGE@
++pkglibexecdir = $(libexecdir)/@PACKAGE@
++am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
++install_sh_DATA = $(install_sh) -c -m 644
++install_sh_PROGRAM = $(install_sh) -c
++install_sh_SCRIPT = $(install_sh) -c
++INSTALL_HEADER = $(INSTALL_DATA)
++transform = $(program_transform_name)
++NORMAL_INSTALL = :
++PRE_INSTALL = :
++POST_INSTALL = :
++NORMAL_UNINSTALL = :
++PRE_UNINSTALL = :
++POST_UNINSTALL = :
++build_triplet = @build@
++host_triplet = @host@
++subdir = python
++DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
++ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
++am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \
++       $(top_srcdir)/m4/ac_java_options.m4 \
++       $(top_srcdir)/m4/ac_pkg_swig.m4 \
++       $(top_srcdir)/m4/ac_prog_jar.m4 \
++       $(top_srcdir)/m4/ac_prog_java.m4 \
++       $(top_srcdir)/m4/ac_prog_java_works.m4 \
++       $(top_srcdir)/m4/ac_prog_javac.m4 \
++       $(top_srcdir)/m4/ac_prog_javac_works.m4 \
++       $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \
++       $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
++       $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
++       $(top_srcdir)/m4/lt~obsolete.m4 \
++       $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \
++       $(top_srcdir)/configure.ac
++am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
++       $(ACLOCAL_M4)
++mkinstalldirs = $(install_sh) -d
++CONFIG_HEADER = $(top_builddir)/config.h
++CONFIG_CLEAN_FILES =
++CONFIG_CLEAN_VPATH_FILES =
++SOURCES =
++DIST_SOURCES =
++RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \
++       html-recursive info-recursive install-data-recursive \
++       install-dvi-recursive install-exec-recursive \
++       install-html-recursive install-info-recursive \
++       install-pdf-recursive install-ps-recursive install-recursive \
++       installcheck-recursive installdirs-recursive pdf-recursive \
++       ps-recursive uninstall-recursive
++RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive        \
++  distclean-recursive maintainer-clean-recursive
++AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \
++       $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \
++       distdir
++ETAGS = etags
++CTAGS = ctags
++DIST_SUBDIRS = $(SUBDIRS)
++DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
++am__relativize = \
++  dir0=`pwd`; \
++  sed_first='s,^\([^/]*\)/.*$$,\1,'; \
++  sed_rest='s,^[^/]*/*,,'; \
++  sed_last='s,^.*/\([^/]*\)$$,\1,'; \
++  sed_butlast='s,/*[^/]*$$,,'; \
++  while test -n "$$dir1"; do \
++    first=`echo "$$dir1" | sed -e "$$sed_first"`; \
++    if test "$$first" != "."; then \
++      if test "$$first" = ".."; then \
++        dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
++        dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
++      else \
++        first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
++        if test "$$first2" = "$$first"; then \
++          dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
++        else \
++          dir2="../$$dir2"; \
++        fi; \
++        dir0="$$dir0"/"$$first"; \
++      fi; \
++    fi; \
++    dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
++  done; \
++  reldir="$$dir2"
++ACLOCAL = @ACLOCAL@
++AMTAR = @AMTAR@
++APOL_CFLAGS = @APOL_CFLAGS@
++APOL_LIB_FLAG = @APOL_LIB_FLAG@
++AR = @AR@
++AUTOCONF = @AUTOCONF@
++AUTOHEADER = @AUTOHEADER@
++AUTOMAKE = @AUTOMAKE@
++AWK = @AWK@
++BWIDGET_DESTDIR = @BWIDGET_DESTDIR@
++CC = @CC@
++CCDEPMODE = @CCDEPMODE@
++CFLAGS = @CFLAGS@
++CPP = @CPP@
++CPPFLAGS = @CPPFLAGS@
++CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@
++CXX = @CXX@
++CXXCPP = @CXXCPP@
++CXXDEPMODE = @CXXDEPMODE@
++CXXFLAGS = @CXXFLAGS@
++CYGPATH = @CYGPATH@
++CYGPATH_W = @CYGPATH_W@
++DEBUGCFLAGS = @DEBUGCFLAGS@
++DEBUGCXXFLAGS = @DEBUGCXXFLAGS@
++DEBUGJFLAGS = @DEBUGJFLAGS@
++DEBUGLDFLAGS = @DEBUGLDFLAGS@
++DEFS = @DEFS@
++DEPDIR = @DEPDIR@
++DSYMUTIL = @DSYMUTIL@
++DUMPBIN = @DUMPBIN@
++ECHO_C = @ECHO_C@
++ECHO_N = @ECHO_N@
++ECHO_T = @ECHO_T@
++EGREP = @EGREP@
++EXEEXT = @EXEEXT@
++FGREP = @FGREP@
++GLADE_CFLAGS = @GLADE_CFLAGS@
++GLADE_LIBS = @GLADE_LIBS@
++GREP = @GREP@
++GTHREAD_CFLAGS = @GTHREAD_CFLAGS@
++GTHREAD_LIBS = @GTHREAD_LIBS@
++GTK_CFLAGS = @GTK_CFLAGS@
++GTK_LIBS = @GTK_LIBS@
++INSTALL = @INSTALL@
++INSTALL_DATA = @INSTALL_DATA@
++INSTALL_PROGRAM = @INSTALL_PROGRAM@
++INSTALL_SCRIPT = @INSTALL_SCRIPT@
++INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
++JAR = @JAR@
++JAVA = @JAVA@
++JAVAC = @JAVAC@
++JAVACFLAGS = @JAVACFLAGS@
++JAVAFLAGS = @JAVAFLAGS@
++JAVAPREFIX = @JAVAPREFIX@
++LD = @LD@
++LDFLAGS = @LDFLAGS@
++LEX = @LEX@
++LEXLIB = @LEXLIB@
++LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
++LIBOBJS = @LIBOBJS@
++LIBS = @LIBS@
++LIBTOOL = @LIBTOOL@
++LIPO = @LIPO@
++LN_S = @LN_S@
++LTLIBOBJS = @LTLIBOBJS@
++MAKEINFO = @MAKEINFO@
++MKDIR_P = @MKDIR_P@
++NM = @NM@
++NMEDIT = @NMEDIT@
++OBJDUMP = @OBJDUMP@
++OBJEXT = @OBJEXT@
++OTOOL = @OTOOL@
++OTOOL64 = @OTOOL64@
++PACKAGE = @PACKAGE@
++PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
++PACKAGE_NAME = @PACKAGE_NAME@
++PACKAGE_STRING = @PACKAGE_STRING@
++PACKAGE_TARNAME = @PACKAGE_TARNAME@
++PACKAGE_URL = @PACKAGE_URL@
++PACKAGE_VERSION = @PACKAGE_VERSION@
++PATH_SEPARATOR = @PATH_SEPARATOR@
++PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
++PIXBUF_LIBS = @PIXBUF_LIBS@
++PKG_CFLAGS = @PKG_CFLAGS@
++PKG_HEADERS = @PKG_HEADERS@
++PKG_INCLUDES = @PKG_INCLUDES@
++PKG_LIBS = @PKG_LIBS@
++PKG_LIB_FILE = @PKG_LIB_FILE@
++PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@
++PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@
++PKG_STUB_SOURCES = @PKG_STUB_SOURCES@
++PKG_TCL_SOURCES = @PKG_TCL_SOURCES@
++POLDIFF_CFLAGS = @POLDIFF_CFLAGS@
++POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@
++PROFILECFLAGS = @PROFILECFLAGS@
++PROFILELDFLAGS = @PROFILELDFLAGS@
++PYTHON = @PYTHON@
++PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
++PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
++PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
++PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
++PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
++PYTHON_PLATFORM = @PYTHON_PLATFORM@
++PYTHON_PREFIX = @PYTHON_PREFIX@
++PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
++PYTHON_VERSION = @PYTHON_VERSION@
++QPOL_CFLAGS = @QPOL_CFLAGS@
++QPOL_LIB_FLAG = @QPOL_LIB_FLAG@
++RANLIB = @RANLIB@
++SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@
++SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@
++SED = @SED@
++SEFS_CFLAGS = @SEFS_CFLAGS@
++SEFS_LIB_FLAG = @SEFS_LIB_FLAG@
++SELINUX_CFLAGS = @SELINUX_CFLAGS@
++SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@
++SET_MAKE = @SET_MAKE@
++SHELL = @SHELL@
++SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
++SQLITE3_LIBS = @SQLITE3_LIBS@
++STRIP = @STRIP@
++SWIG = @SWIG@
++SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@
++SWIG_JAVA_OPT = @SWIG_JAVA_OPT@
++SWIG_LIB = @SWIG_LIB@
++SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@
++SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@
++SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@
++SWIG_TCL_OPT = @SWIG_TCL_OPT@
++TCLSH_PROG = @TCLSH_PROG@
++TCL_AUTOPATH = @TCL_AUTOPATH@
++TCL_BIN_DIR = @TCL_BIN_DIR@
++TCL_DEFS = @TCL_DEFS@
++TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@
++TCL_INCLUDES = @TCL_INCLUDES@
++TCL_LD_FLAGS = @TCL_LD_FLAGS@
++TCL_LIBS = @TCL_LIBS@
++TCL_LIB_FILE = @TCL_LIB_FILE@
++TCL_LIB_FLAG = @TCL_LIB_FLAG@
++TCL_LIB_SPEC = @TCL_LIB_SPEC@
++TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@
++TCL_SRC_DIR = @TCL_SRC_DIR@
++TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@
++TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@
++TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@
++TCL_VERSION = @TCL_VERSION@
++TK_BIN_DIR = @TK_BIN_DIR@
++TK_INCLUDES = @TK_INCLUDES@
++TK_LIBS = @TK_LIBS@
++TK_LIB_FILE = @TK_LIB_FILE@
++TK_LIB_FLAG = @TK_LIB_FLAG@
++TK_LIB_SPEC = @TK_LIB_SPEC@
++TK_SRC_DIR = @TK_SRC_DIR@
++TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@
++TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@
++TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@
++TK_VERSION = @TK_VERSION@
++TK_XINCLUDES = @TK_XINCLUDES@
++VERSION = @VERSION@
++WARNCFLAGS = @WARNCFLAGS@
++WARNCXXFLAGS = @WARNCXXFLAGS@
++WARNJFLAGS = @WARNJFLAGS@
++WARNLDFLAGS = @WARNLDFLAGS@
++WISH_PROG = @WISH_PROG@
++XMKMF = @XMKMF@
++XML_CFLAGS = @XML_CFLAGS@
++XML_LIBS = @XML_LIBS@
++YACC = @YACC@
++YFLAGS = @YFLAGS@
++abs_builddir = @abs_builddir@
++abs_srcdir = @abs_srcdir@
++abs_top_builddir = @abs_top_builddir@
++abs_top_srcdir = @abs_top_srcdir@
++ac_ct_CC = @ac_ct_CC@
++ac_ct_CXX = @ac_ct_CXX@
++ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
++am__include = @am__include@
++am__leading_dot = @am__leading_dot@
++am__quote = @am__quote@
++am__tar = @am__tar@
++am__untar = @am__untar@
++bindir = @bindir@
++build = @build@
++build_alias = @build_alias@
++build_cpu = @build_cpu@
++build_os = @build_os@
++build_vendor = @build_vendor@
++builddir = @builddir@
++datadir = @datadir@
++datarootdir = @datarootdir@
++docdir = @docdir@
++dvidir = @dvidir@
++exec_prefix = @exec_prefix@
++has_pkg_config = @has_pkg_config@
++host = @host@
++host_alias = @host_alias@
++host_cpu = @host_cpu@
++host_os = @host_os@
++host_vendor = @host_vendor@
++htmldir = @htmldir@
++includedir = @includedir@
++infodir = @infodir@
++install_sh = @install_sh@
++javadir = @javadir@
++libapol_jswig_soname = @libapol_jswig_soname@
++libapol_pyswig_soname = @libapol_pyswig_soname@
++libapol_soname = @libapol_soname@
++libapol_soversion = @libapol_soversion@
++libapol_tswig_soname = @libapol_tswig_soname@
++libapol_version = @libapol_version@
++libdir = @libdir@
++libexecdir = @libexecdir@
++libpoldiff_jswig_soname = @libpoldiff_jswig_soname@
++libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@
++libpoldiff_soname = @libpoldiff_soname@
++libpoldiff_soversion = @libpoldiff_soversion@
++libpoldiff_tswig_soname = @libpoldiff_tswig_soname@
++libpoldiff_version = @libpoldiff_version@
++libqpol_jswig_soname = @libqpol_jswig_soname@
++libqpol_pyswig_soname = @libqpol_pyswig_soname@
++libqpol_soname = @libqpol_soname@
++libqpol_soversion = @libqpol_soversion@
++libqpol_tswig_soname = @libqpol_tswig_soname@
++libqpol_version = @libqpol_version@
++libseaudit_jswig_soname = @libseaudit_jswig_soname@
++libseaudit_pyswig_soname = @libseaudit_pyswig_soname@
++libseaudit_soname = @libseaudit_soname@
++libseaudit_soversion = @libseaudit_soversion@
++libseaudit_tswig_soname = @libseaudit_tswig_soname@
++libseaudit_version = @libseaudit_version@
++libsefs_jswig_soname = @libsefs_jswig_soname@
++libsefs_pyswig_soname = @libsefs_pyswig_soname@
++libsefs_soname = @libsefs_soname@
++libsefs_soversion = @libsefs_soversion@
++libsefs_tswig_soname = @libsefs_tswig_soname@
++libsefs_version = @libsefs_version@
++localedir = @localedir@
++localstatedir = @localstatedir@
++lt_ECHO = @lt_ECHO@
++mandir = @mandir@
++mkdir_p = @mkdir_p@
++oldincludedir = @oldincludedir@
++pdfdir = @pdfdir@
++pkgpyexecdir = @pkgpyexecdir@
++pkgpythondir = @pkgpythondir@
++prefix = @prefix@
++profile_install_dir = @profile_install_dir@
++program_transform_name = @program_transform_name@
++psdir = @psdir@
++pyexecdir = @pyexecdir@
++pythondir = @pythondir@
++sbindir = @sbindir@
++selinux_default_policy = @selinux_default_policy@
++selinux_policy_dir = @selinux_policy_dir@
++sepol_srcdir = @sepol_srcdir@
++setoolsdir = @setoolsdir@
++sharedstatedir = @sharedstatedir@
++srcdir = @srcdir@
++sysconfdir = @sysconfdir@
++target_alias = @target_alias@
++top_build_prefix = @top_build_prefix@
++top_builddir = @top_builddir@
++top_srcdir = @top_srcdir@
++uudecode = @uudecode@
++SUBDIRS = setools
++all: all-recursive
++
++.SUFFIXES:
++$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
++       @for dep in $?; do \
++         case '$(am__configure_deps)' in \
++           *$$dep*) \
++             ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
++               && { if test -f $@; then exit 0; else break; fi; }; \
++             exit 1;; \
++         esac; \
++       done; \
++       echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \
++       $(am__cd) $(top_srcdir) && \
++         $(AUTOMAKE) --gnu python/Makefile
++.PRECIOUS: Makefile
++Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
++       @case '$?' in \
++         *config.status*) \
++           cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
++         *) \
++           echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
++           cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
++       esac;
++
++$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
++       cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++
++$(top_srcdir)/configure:  $(am__configure_deps)
++       cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
++       cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++$(am__aclocal_m4_deps):
++
++mostlyclean-libtool:
++       -rm -f *.lo
++
++clean-libtool:
++       -rm -rf .libs _libs
++
++# This directory's subdirectories are mostly independent; you can cd
++# into them and run `make' without going through this Makefile.
++# To change the values of `make' variables: instead of editing Makefiles,
++# (1) if the variable is set in `config.status', edit `config.status'
++#     (which will cause the Makefiles to be regenerated when you run `make');
++# (2) otherwise, pass the desired values on the `make' command line.
++$(RECURSIVE_TARGETS):
++       @fail= failcom='exit 1'; \
++       for f in x $$MAKEFLAGS; do \
++         case $$f in \
++           *=* | --[!k]*);; \
++           *k*) failcom='fail=yes';; \
++         esac; \
++       done; \
++       dot_seen=no; \
++       target=`echo $@ | sed s/-recursive//`; \
++       list='$(SUBDIRS)'; for subdir in $$list; do \
++         echo "Making $$target in $$subdir"; \
++         if test "$$subdir" = "."; then \
++           dot_seen=yes; \
++           local_target="$$target-am"; \
++         else \
++           local_target="$$target"; \
++         fi; \
++         ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
++         || eval $$failcom; \
++       done; \
++       if test "$$dot_seen" = "no"; then \
++         $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
++       fi; test -z "$$fail"
++
++$(RECURSIVE_CLEAN_TARGETS):
++       @fail= failcom='exit 1'; \
++       for f in x $$MAKEFLAGS; do \
++         case $$f in \
++           *=* | --[!k]*);; \
++           *k*) failcom='fail=yes';; \
++         esac; \
++       done; \
++       dot_seen=no; \
++       case "$@" in \
++         distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
++         *) list='$(SUBDIRS)' ;; \
++       esac; \
++       rev=''; for subdir in $$list; do \
++         if test "$$subdir" = "."; then :; else \
++           rev="$$subdir $$rev"; \
++         fi; \
++       done; \
++       rev="$$rev ."; \
++       target=`echo $@ | sed s/-recursive//`; \
++       for subdir in $$rev; do \
++         echo "Making $$target in $$subdir"; \
++         if test "$$subdir" = "."; then \
++           local_target="$$target-am"; \
++         else \
++           local_target="$$target"; \
++         fi; \
++         ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
++         || eval $$failcom; \
++       done && test -z "$$fail"
++tags-recursive:
++       list='$(SUBDIRS)'; for subdir in $$list; do \
++         test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \
++       done
++ctags-recursive:
++       list='$(SUBDIRS)'; for subdir in $$list; do \
++         test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \
++       done
++
++ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES)
++       list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \
++       unique=`for i in $$list; do \
++           if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
++         done | \
++         $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
++             END { if (nonempty) { for (i in files) print i; }; }'`; \
++       mkid -fID $$unique
++tags: TAGS
++
++TAGS: tags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
++               $(TAGS_FILES) $(LISP)
++       set x; \
++       here=`pwd`; \
++       if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
++         include_option=--etags-include; \
++         empty_fix=.; \
++       else \
++         include_option=--include; \
++         empty_fix=; \
++       fi; \
++       list='$(SUBDIRS)'; for subdir in $$list; do \
++         if test "$$subdir" = .; then :; else \
++           test ! -f $$subdir/TAGS || \
++             set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
++         fi; \
++       done; \
++       list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
++       unique=`for i in $$list; do \
++           if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
++         done | \
++         $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
++             END { if (nonempty) { for (i in files) print i; }; }'`; \
++       shift; \
++       if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
++         test -n "$$unique" || unique=$$empty_fix; \
++         if test $$# -gt 0; then \
++           $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
++             "$$@" $$unique; \
++         else \
++           $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
++             $$unique; \
++         fi; \
++       fi
++ctags: CTAGS
++CTAGS: ctags-recursive $(HEADERS) $(SOURCES)  $(TAGS_DEPENDENCIES) \
++               $(TAGS_FILES) $(LISP)
++       list='$(SOURCES) $(HEADERS)  $(LISP) $(TAGS_FILES)'; \
++       unique=`for i in $$list; do \
++           if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
++         done | \
++         $(AWK) '{ files[$$0] = 1; nonempty = 1; } \
++             END { if (nonempty) { for (i in files) print i; }; }'`; \
++       test -z "$(CTAGS_ARGS)$$unique" \
++         || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
++            $$unique
++
++GTAGS:
++       here=`$(am__cd) $(top_builddir) && pwd` \
++         && $(am__cd) $(top_srcdir) \
++         && gtags -i $(GTAGS_ARGS) "$$here"
++
++distclean-tags:
++       -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
++
++distdir: $(DISTFILES)
++       @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
++       topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
++       list='$(DISTFILES)'; \
++         dist_files=`for file in $$list; do echo $$file; done | \
++         sed -e "s|^$$srcdirstrip/||;t" \
++             -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
++       case $$dist_files in \
++         */*) $(MKDIR_P) `echo "$$dist_files" | \
++                          sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
++                          sort -u` ;; \
++       esac; \
++       for file in $$dist_files; do \
++         if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
++         if test -d $$d/$$file; then \
++           dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
++           if test -d "$(distdir)/$$file"; then \
++             find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
++           fi; \
++           if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
++             cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
++             find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
++           fi; \
++           cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
++         else \
++           test -f "$(distdir)/$$file" \
++           || cp -p $$d/$$file "$(distdir)/$$file" \
++           || exit 1; \
++         fi; \
++       done
++       @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
++         if test "$$subdir" = .; then :; else \
++           test -d "$(distdir)/$$subdir" \
++           || $(MKDIR_P) "$(distdir)/$$subdir" \
++           || exit 1; \
++         fi; \
++       done
++       @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
++         if test "$$subdir" = .; then :; else \
++           dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
++           $(am__relativize); \
++           new_distdir=$$reldir; \
++           dir1=$$subdir; dir2="$(top_distdir)"; \
++           $(am__relativize); \
++           new_top_distdir=$$reldir; \
++           echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
++           echo "     am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
++           ($(am__cd) $$subdir && \
++             $(MAKE) $(AM_MAKEFLAGS) \
++               top_distdir="$$new_top_distdir" \
++               distdir="$$new_distdir" \
++               am__remove_distdir=: \
++               am__skip_length_check=: \
++               am__skip_mode_fix=: \
++               distdir) \
++             || exit 1; \
++         fi; \
++       done
++check-am: all-am
++check: check-recursive
++all-am: Makefile
++installdirs: installdirs-recursive
++installdirs-am:
++install: install-recursive
++install-exec: install-exec-recursive
++install-data: install-data-recursive
++uninstall: uninstall-recursive
++
++install-am: all-am
++       @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
++
++installcheck: installcheck-recursive
++install-strip:
++       $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
++         install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
++         `test -z '$(STRIP)' || \
++           echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
++mostlyclean-generic:
++
++clean-generic:
++
++distclean-generic:
++       -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
++       -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
++
++maintainer-clean-generic:
++       @echo "This command is intended for maintainers to use"
++       @echo "it deletes files that may require special tools to rebuild."
++clean: clean-recursive
++
++clean-am: clean-generic clean-libtool mostlyclean-am
++
++distclean: distclean-recursive
++       -rm -f Makefile
++distclean-am: clean-am distclean-generic distclean-tags
++
++dvi: dvi-recursive
++
++dvi-am:
++
++html: html-recursive
++
++html-am:
++
++info: info-recursive
++
++info-am:
++
++install-data-am:
++
++install-dvi: install-dvi-recursive
++
++install-dvi-am:
++
++install-exec-am:
++
++install-html: install-html-recursive
++
++install-html-am:
++
++install-info: install-info-recursive
++
++install-info-am:
++
++install-man:
++
++install-pdf: install-pdf-recursive
++
++install-pdf-am:
++
++install-ps: install-ps-recursive
++
++install-ps-am:
++
++installcheck-am:
++
++maintainer-clean: maintainer-clean-recursive
++       -rm -f Makefile
++maintainer-clean-am: distclean-am maintainer-clean-generic
++
++mostlyclean: mostlyclean-recursive
++
++mostlyclean-am: mostlyclean-generic mostlyclean-libtool
++
++pdf: pdf-recursive
++
++pdf-am:
++
++ps: ps-recursive
++
++ps-am:
++
++uninstall-am:
++
++.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \
++       install-am install-strip tags-recursive
++
++.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \
++       all all-am check check-am clean clean-generic clean-libtool \
++       ctags ctags-recursive distclean distclean-generic \
++       distclean-libtool distclean-tags distdir dvi dvi-am html \
++       html-am info info-am install install-am install-data \
++       install-data-am install-dvi install-dvi-am install-exec \
++       install-exec-am install-html install-html-am install-info \
++       install-info-am install-man install-pdf install-pdf-am \
++       install-ps install-ps-am install-strip installcheck \
++       installcheck-am installdirs installdirs-am maintainer-clean \
++       maintainer-clean-generic mostlyclean mostlyclean-generic \
++       mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \
++       uninstall uninstall-am
++
++
++# Tell versions [3.59,3.63) of GNU make to not export all variables.
++# Otherwise a system limit (for SysV at least) may be exceeded.
++.NOEXPORT:
+diff --git a/python/setools/Makefile.am b/python/setools/Makefile.am
+new file mode 100644
+index 0000000..c4635fb
+--- /dev/null
++++ b/python/setools/Makefile.am
+@@ -0,0 +1,36 @@
++EXTRA_DIST =                           \
++       sesearch.c                      \
++       seinfo.c                        \
++       __init__.py                     \
++       setup.py                        \
++       $(NULL)
++
++AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
++       @QPOL_CFLAGS@ @APOL_CFLAGS@
++AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
++       @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEFS_CFLAGS@
++AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@
++
++LDADD = @SELINUX_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
++DEPENDENCIES = $(top_builddir)/libapol/src/libapol.so $(top_builddir)/libqpol/src/libqpol.so
++all-am: python-build
++
++seinfo_SOURCES = seinfo.c
++
++sesearch_SOURCES = sesearch.c
++
++python-build: sesearch.c seinfo.c
++       @mkdir -p setools
++       @cp __init__.py setools
++       LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
++
++install-exec-hook:
++       $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++
++uninstall-hook: 
++       $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++
++clean-local:
++       $(PYTHON) setup.py clean -a 
++       rm -f *~
++
+diff --git a/python/setools/Makefile.in b/python/setools/Makefile.in
+new file mode 100644
+index 0000000..704ffc7
+--- /dev/null
++++ b/python/setools/Makefile.in
+@@ -0,0 +1,550 @@
++# Makefile.in generated by automake 1.11.1 from Makefile.am.
++# @configure_input@
++
++# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002,
++# 2003, 2004, 2005, 2006, 2007, 2008, 2009  Free Software Foundation,
++# Inc.
++# This Makefile.in is free software; the Free Software Foundation
++# gives unlimited permission to copy and/or distribute it,
++# with or without modifications, as long as this notice is preserved.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
++# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
++# PARTICULAR PURPOSE.
++
++@SET_MAKE@
++VPATH = @srcdir@
++pkgdatadir = $(datadir)/@PACKAGE@
++pkgincludedir = $(includedir)/@PACKAGE@
++pkglibdir = $(libdir)/@PACKAGE@
++pkglibexecdir = $(libexecdir)/@PACKAGE@
++am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
++install_sh_DATA = $(install_sh) -c -m 644
++install_sh_PROGRAM = $(install_sh) -c
++install_sh_SCRIPT = $(install_sh) -c
++INSTALL_HEADER = $(INSTALL_DATA)
++transform = $(program_transform_name)
++NORMAL_INSTALL = :
++PRE_INSTALL = :
++POST_INSTALL = :
++NORMAL_UNINSTALL = :
++PRE_UNINSTALL = :
++POST_UNINSTALL = :
++build_triplet = @build@
++host_triplet = @host@
++subdir = python/setools
++DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in
++ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
++am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \
++       $(top_srcdir)/m4/ac_java_options.m4 \
++       $(top_srcdir)/m4/ac_pkg_swig.m4 \
++       $(top_srcdir)/m4/ac_prog_jar.m4 \
++       $(top_srcdir)/m4/ac_prog_java.m4 \
++       $(top_srcdir)/m4/ac_prog_java_works.m4 \
++       $(top_srcdir)/m4/ac_prog_javac.m4 \
++       $(top_srcdir)/m4/ac_prog_javac_works.m4 \
++       $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \
++       $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
++       $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
++       $(top_srcdir)/m4/lt~obsolete.m4 \
++       $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \
++       $(top_srcdir)/configure.ac
++am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
++       $(ACLOCAL_M4)
++mkinstalldirs = $(install_sh) -d
++CONFIG_HEADER = $(top_builddir)/config.h
++CONFIG_CLEAN_FILES =
++CONFIG_CLEAN_VPATH_FILES =
++SOURCES =
++DIST_SOURCES =
++DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
++ACLOCAL = @ACLOCAL@
++AMTAR = @AMTAR@
++APOL_CFLAGS = @APOL_CFLAGS@
++APOL_LIB_FLAG = @APOL_LIB_FLAG@
++AR = @AR@
++AUTOCONF = @AUTOCONF@
++AUTOHEADER = @AUTOHEADER@
++AUTOMAKE = @AUTOMAKE@
++AWK = @AWK@
++BWIDGET_DESTDIR = @BWIDGET_DESTDIR@
++CC = @CC@
++CCDEPMODE = @CCDEPMODE@
++CFLAGS = @CFLAGS@
++CPP = @CPP@
++CPPFLAGS = @CPPFLAGS@
++CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@
++CXX = @CXX@
++CXXCPP = @CXXCPP@
++CXXDEPMODE = @CXXDEPMODE@
++CXXFLAGS = @CXXFLAGS@
++CYGPATH = @CYGPATH@
++CYGPATH_W = @CYGPATH_W@
++DEBUGCFLAGS = @DEBUGCFLAGS@
++DEBUGCXXFLAGS = @DEBUGCXXFLAGS@
++DEBUGJFLAGS = @DEBUGJFLAGS@
++DEBUGLDFLAGS = @DEBUGLDFLAGS@
++DEFS = @DEFS@
++DEPDIR = @DEPDIR@
++DSYMUTIL = @DSYMUTIL@
++DUMPBIN = @DUMPBIN@
++ECHO_C = @ECHO_C@
++ECHO_N = @ECHO_N@
++ECHO_T = @ECHO_T@
++EGREP = @EGREP@
++EXEEXT = @EXEEXT@
++FGREP = @FGREP@
++GLADE_CFLAGS = @GLADE_CFLAGS@
++GLADE_LIBS = @GLADE_LIBS@
++GREP = @GREP@
++GTHREAD_CFLAGS = @GTHREAD_CFLAGS@
++GTHREAD_LIBS = @GTHREAD_LIBS@
++GTK_CFLAGS = @GTK_CFLAGS@
++GTK_LIBS = @GTK_LIBS@
++INSTALL = @INSTALL@
++INSTALL_DATA = @INSTALL_DATA@
++INSTALL_PROGRAM = @INSTALL_PROGRAM@
++INSTALL_SCRIPT = @INSTALL_SCRIPT@
++INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
++JAR = @JAR@
++JAVA = @JAVA@
++JAVAC = @JAVAC@
++JAVACFLAGS = @JAVACFLAGS@
++JAVAFLAGS = @JAVAFLAGS@
++JAVAPREFIX = @JAVAPREFIX@
++LD = @LD@
++LDFLAGS = @LDFLAGS@
++LEX = @LEX@
++LEXLIB = @LEXLIB@
++LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@
++LIBOBJS = @LIBOBJS@
++LIBS = @LIBS@
++LIBTOOL = @LIBTOOL@
++LIPO = @LIPO@
++LN_S = @LN_S@
++LTLIBOBJS = @LTLIBOBJS@
++MAKEINFO = @MAKEINFO@
++MKDIR_P = @MKDIR_P@
++NM = @NM@
++NMEDIT = @NMEDIT@
++OBJDUMP = @OBJDUMP@
++OBJEXT = @OBJEXT@
++OTOOL = @OTOOL@
++OTOOL64 = @OTOOL64@
++PACKAGE = @PACKAGE@
++PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
++PACKAGE_NAME = @PACKAGE_NAME@
++PACKAGE_STRING = @PACKAGE_STRING@
++PACKAGE_TARNAME = @PACKAGE_TARNAME@
++PACKAGE_URL = @PACKAGE_URL@
++PACKAGE_VERSION = @PACKAGE_VERSION@
++PATH_SEPARATOR = @PATH_SEPARATOR@
++PIXBUF_CFLAGS = @PIXBUF_CFLAGS@
++PIXBUF_LIBS = @PIXBUF_LIBS@
++PKG_CFLAGS = @PKG_CFLAGS@
++PKG_HEADERS = @PKG_HEADERS@
++PKG_INCLUDES = @PKG_INCLUDES@
++PKG_LIBS = @PKG_LIBS@
++PKG_LIB_FILE = @PKG_LIB_FILE@
++PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@
++PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@
++PKG_STUB_SOURCES = @PKG_STUB_SOURCES@
++PKG_TCL_SOURCES = @PKG_TCL_SOURCES@
++POLDIFF_CFLAGS = @POLDIFF_CFLAGS@
++POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@
++PROFILECFLAGS = @PROFILECFLAGS@
++PROFILELDFLAGS = @PROFILELDFLAGS@
++PYTHON = @PYTHON@
++PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@
++PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@
++PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@
++PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@
++PYTHON_LDFLAGS = @PYTHON_LDFLAGS@
++PYTHON_PLATFORM = @PYTHON_PLATFORM@
++PYTHON_PREFIX = @PYTHON_PREFIX@
++PYTHON_SITE_PKG = @PYTHON_SITE_PKG@
++PYTHON_VERSION = @PYTHON_VERSION@
++QPOL_CFLAGS = @QPOL_CFLAGS@
++QPOL_LIB_FLAG = @QPOL_LIB_FLAG@
++RANLIB = @RANLIB@
++SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@
++SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@
++SED = @SED@
++SEFS_CFLAGS = @SEFS_CFLAGS@
++SEFS_LIB_FLAG = @SEFS_LIB_FLAG@
++SELINUX_CFLAGS = @SELINUX_CFLAGS@
++SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@
++SET_MAKE = @SET_MAKE@
++SHELL = @SHELL@
++SQLITE3_CFLAGS = @SQLITE3_CFLAGS@
++SQLITE3_LIBS = @SQLITE3_LIBS@
++STRIP = @STRIP@
++SWIG = @SWIG@
++SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@
++SWIG_JAVA_OPT = @SWIG_JAVA_OPT@
++SWIG_LIB = @SWIG_LIB@
++SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@
++SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@
++SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@
++SWIG_TCL_OPT = @SWIG_TCL_OPT@
++TCLSH_PROG = @TCLSH_PROG@
++TCL_AUTOPATH = @TCL_AUTOPATH@
++TCL_BIN_DIR = @TCL_BIN_DIR@
++TCL_DEFS = @TCL_DEFS@
++TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@
++TCL_INCLUDES = @TCL_INCLUDES@
++TCL_LD_FLAGS = @TCL_LD_FLAGS@
++TCL_LIBS = @TCL_LIBS@
++TCL_LIB_FILE = @TCL_LIB_FILE@
++TCL_LIB_FLAG = @TCL_LIB_FLAG@
++TCL_LIB_SPEC = @TCL_LIB_SPEC@
++TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@
++TCL_SRC_DIR = @TCL_SRC_DIR@
++TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@
++TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@
++TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@
++TCL_VERSION = @TCL_VERSION@
++TK_BIN_DIR = @TK_BIN_DIR@
++TK_INCLUDES = @TK_INCLUDES@
++TK_LIBS = @TK_LIBS@
++TK_LIB_FILE = @TK_LIB_FILE@
++TK_LIB_FLAG = @TK_LIB_FLAG@
++TK_LIB_SPEC = @TK_LIB_SPEC@
++TK_SRC_DIR = @TK_SRC_DIR@
++TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@
++TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@
++TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@
++TK_VERSION = @TK_VERSION@
++TK_XINCLUDES = @TK_XINCLUDES@
++VERSION = @VERSION@
++WARNCFLAGS = @WARNCFLAGS@
++WARNCXXFLAGS = @WARNCXXFLAGS@
++WARNJFLAGS = @WARNJFLAGS@
++WARNLDFLAGS = @WARNLDFLAGS@
++WISH_PROG = @WISH_PROG@
++XMKMF = @XMKMF@
++XML_CFLAGS = @XML_CFLAGS@
++XML_LIBS = @XML_LIBS@
++YACC = @YACC@
++YFLAGS = @YFLAGS@
++abs_builddir = @abs_builddir@
++abs_srcdir = @abs_srcdir@
++abs_top_builddir = @abs_top_builddir@
++abs_top_srcdir = @abs_top_srcdir@
++ac_ct_CC = @ac_ct_CC@
++ac_ct_CXX = @ac_ct_CXX@
++ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
++am__include = @am__include@
++am__leading_dot = @am__leading_dot@
++am__quote = @am__quote@
++am__tar = @am__tar@
++am__untar = @am__untar@
++bindir = @bindir@
++build = @build@
++build_alias = @build_alias@
++build_cpu = @build_cpu@
++build_os = @build_os@
++build_vendor = @build_vendor@
++builddir = @builddir@
++datadir = @datadir@
++datarootdir = @datarootdir@
++docdir = @docdir@
++dvidir = @dvidir@
++exec_prefix = @exec_prefix@
++has_pkg_config = @has_pkg_config@
++host = @host@
++host_alias = @host_alias@
++host_cpu = @host_cpu@
++host_os = @host_os@
++host_vendor = @host_vendor@
++htmldir = @htmldir@
++includedir = @includedir@
++infodir = @infodir@
++install_sh = @install_sh@
++javadir = @javadir@
++libapol_jswig_soname = @libapol_jswig_soname@
++libapol_pyswig_soname = @libapol_pyswig_soname@
++libapol_soname = @libapol_soname@
++libapol_soversion = @libapol_soversion@
++libapol_tswig_soname = @libapol_tswig_soname@
++libapol_version = @libapol_version@
++libdir = @libdir@
++libexecdir = @libexecdir@
++libpoldiff_jswig_soname = @libpoldiff_jswig_soname@
++libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@
++libpoldiff_soname = @libpoldiff_soname@
++libpoldiff_soversion = @libpoldiff_soversion@
++libpoldiff_tswig_soname = @libpoldiff_tswig_soname@
++libpoldiff_version = @libpoldiff_version@
++libqpol_jswig_soname = @libqpol_jswig_soname@
++libqpol_pyswig_soname = @libqpol_pyswig_soname@
++libqpol_soname = @libqpol_soname@
++libqpol_soversion = @libqpol_soversion@
++libqpol_tswig_soname = @libqpol_tswig_soname@
++libqpol_version = @libqpol_version@
++libseaudit_jswig_soname = @libseaudit_jswig_soname@
++libseaudit_pyswig_soname = @libseaudit_pyswig_soname@
++libseaudit_soname = @libseaudit_soname@
++libseaudit_soversion = @libseaudit_soversion@
++libseaudit_tswig_soname = @libseaudit_tswig_soname@
++libseaudit_version = @libseaudit_version@
++libsefs_jswig_soname = @libsefs_jswig_soname@
++libsefs_pyswig_soname = @libsefs_pyswig_soname@
++libsefs_soname = @libsefs_soname@
++libsefs_soversion = @libsefs_soversion@
++libsefs_tswig_soname = @libsefs_tswig_soname@
++libsefs_version = @libsefs_version@
++localedir = @localedir@
++localstatedir = @localstatedir@
++lt_ECHO = @lt_ECHO@
++mandir = @mandir@
++mkdir_p = @mkdir_p@
++oldincludedir = @oldincludedir@
++pdfdir = @pdfdir@
++pkgpyexecdir = @pkgpyexecdir@
++pkgpythondir = @pkgpythondir@
++prefix = @prefix@
++profile_install_dir = @profile_install_dir@
++program_transform_name = @program_transform_name@
++psdir = @psdir@
++pyexecdir = @pyexecdir@
++pythondir = @pythondir@
++sbindir = @sbindir@
++selinux_default_policy = @selinux_default_policy@
++selinux_policy_dir = @selinux_policy_dir@
++sepol_srcdir = @sepol_srcdir@
++setoolsdir = @setoolsdir@
++sharedstatedir = @sharedstatedir@
++srcdir = @srcdir@
++sysconfdir = @sysconfdir@
++target_alias = @target_alias@
++top_build_prefix = @top_build_prefix@
++top_builddir = @top_builddir@
++top_srcdir = @top_srcdir@
++uudecode = @uudecode@
++EXTRA_DIST = \
++       sesearch.c                      \
++       seinfo.c                        \
++       __init__.py                     \
++       setup.py                        \
++       $(NULL)
++
++AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
++       @QPOL_CFLAGS@ @APOL_CFLAGS@
++
++AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
++       @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEFS_CFLAGS@
++
++AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@
++LDADD = @SELINUX_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
++DEPENDENCIES = $(top_builddir)/libapol/src/libapol.so $(top_builddir)/libqpol/src/libqpol.so
++seinfo_SOURCES = seinfo.c
++sesearch_SOURCES = sesearch.c
++all: all-am
++
++.SUFFIXES:
++$(srcdir)/Makefile.in:  $(srcdir)/Makefile.am  $(am__configure_deps)
++       @for dep in $?; do \
++         case '$(am__configure_deps)' in \
++           *$$dep*) \
++             ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
++               && { if test -f $@; then exit 0; else break; fi; }; \
++             exit 1;; \
++         esac; \
++       done; \
++       echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/setools/Makefile'; \
++       $(am__cd) $(top_srcdir) && \
++         $(AUTOMAKE) --gnu python/setools/Makefile
++.PRECIOUS: Makefile
++Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
++       @case '$?' in \
++         *config.status*) \
++           cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
++         *) \
++           echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
++           cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
++       esac;
++
++$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
++       cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++
++$(top_srcdir)/configure:  $(am__configure_deps)
++       cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++$(ACLOCAL_M4):  $(am__aclocal_m4_deps)
++       cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
++$(am__aclocal_m4_deps):
++
++mostlyclean-libtool:
++       -rm -f *.lo
++
++clean-libtool:
++       -rm -rf .libs _libs
++tags: TAGS
++TAGS:
++
++ctags: CTAGS
++CTAGS:
++
++
++distdir: $(DISTFILES)
++       @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
++       topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
++       list='$(DISTFILES)'; \
++         dist_files=`for file in $$list; do echo $$file; done | \
++         sed -e "s|^$$srcdirstrip/||;t" \
++             -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
++       case $$dist_files in \
++         */*) $(MKDIR_P) `echo "$$dist_files" | \
++                          sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
++                          sort -u` ;; \
++       esac; \
++       for file in $$dist_files; do \
++         if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
++         if test -d $$d/$$file; then \
++           dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
++           if test -d "$(distdir)/$$file"; then \
++             find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
++           fi; \
++           if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
++             cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
++             find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
++           fi; \
++           cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
++         else \
++           test -f "$(distdir)/$$file" \
++           || cp -p $$d/$$file "$(distdir)/$$file" \
++           || exit 1; \
++         fi; \
++       done
++check-am: all-am
++check: check-am
++all-am: Makefile
++installdirs:
++install: install-am
++install-exec: install-exec-am
++install-data: install-data-am
++uninstall: uninstall-am
++
++install-am: all-am
++       @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
++
++installcheck: installcheck-am
++install-strip:
++       $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
++         install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
++         `test -z '$(STRIP)' || \
++           echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install
++mostlyclean-generic:
++
++clean-generic:
++
++distclean-generic:
++       -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
++       -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
++
++maintainer-clean-generic:
++       @echo "This command is intended for maintainers to use"
++       @echo "it deletes files that may require special tools to rebuild."
++clean: clean-am
++
++clean-am: clean-generic clean-libtool clean-local mostlyclean-am
++
++distclean: distclean-am
++       -rm -f Makefile
++distclean-am: clean-am distclean-generic
++
++dvi: dvi-am
++
++dvi-am:
++
++html: html-am
++
++html-am:
++
++info: info-am
++
++info-am:
++
++install-data-am:
++
++install-dvi: install-dvi-am
++
++install-dvi-am:
++
++install-exec-am:
++       @$(NORMAL_INSTALL)
++       $(MAKE) $(AM_MAKEFLAGS) install-exec-hook
++install-html: install-html-am
++
++install-html-am:
++
++install-info: install-info-am
++
++install-info-am:
++
++install-man:
++
++install-pdf: install-pdf-am
++
++install-pdf-am:
++
++install-ps: install-ps-am
++
++install-ps-am:
++
++installcheck-am:
++
++maintainer-clean: maintainer-clean-am
++       -rm -f Makefile
++maintainer-clean-am: distclean-am maintainer-clean-generic
++
++mostlyclean: mostlyclean-am
++
++mostlyclean-am: mostlyclean-generic mostlyclean-libtool
++
++pdf: pdf-am
++
++pdf-am:
++
++ps: ps-am
++
++ps-am:
++
++uninstall-am:
++       @$(NORMAL_INSTALL)
++       $(MAKE) $(AM_MAKEFLAGS) uninstall-hook
++.MAKE: install-am install-exec-am install-strip uninstall-am
++
++.PHONY: all all-am check check-am clean clean-generic clean-libtool \
++       clean-local distclean distclean-generic distclean-libtool \
++       distdir dvi dvi-am html html-am info info-am install \
++       install-am install-data install-data-am install-dvi \
++       install-dvi-am install-exec install-exec-am install-exec-hook \
++       install-html install-html-am install-info install-info-am \
++       install-man install-pdf install-pdf-am install-ps \
++       install-ps-am install-strip installcheck installcheck-am \
++       installdirs maintainer-clean maintainer-clean-generic \
++       mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
++       ps ps-am uninstall uninstall-am uninstall-hook
++
++all-am: python-build
++
++python-build: sesearch.c seinfo.c
++       @mkdir -p setools
++       @cp __init__.py setools
++       LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
++
++install-exec-hook:
++       $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++
++uninstall-hook: 
++       $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++
++clean-local:
++       $(PYTHON) setup.py clean -a 
++       rm -f *~
++
++# Tell versions [3.59,3.63) of GNU make to not export all variables.
++# Otherwise a system limit (for SysV at least) may be exceeded.
++.NOEXPORT:
+diff --git a/python/setools/__init__.py b/python/setools/__init__.py
+new file mode 100644
+index 0000000..6f075c4
+--- /dev/null
++++ b/python/setools/__init__.py
+@@ -0,0 +1,50 @@
++#!/usr/bin/env python
++
++# Author: Thomas Liu <tliu@redhat.com>
++
++import _sesearch
++import _seinfo
++import types
++
++TYPE = _seinfo.TYPE
++ROLE = _seinfo.ROLE
++ATTRIBUTE = _seinfo.ATTRIBUTE
++PORT = _seinfo.PORT
++USER = _seinfo.USER
++
++ALLOW = 'allow'
++AUDITALLOW = 'auditallow'
++NEVERALLOW = 'neverallow'
++DONTAUDIT = 'dontaudit'
++SCONTEXT = 'scontext'
++TCONTEXT = 'tcontext'
++PERMS = 'permlist'
++CLASS = 'class'
++
++def sesearch(types, info):
++    valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT]
++    for type in types:
++        if type not in valid_types:
++            raise ValueError("Type has to be in %s" % valid_types)
++        info[type] = True
++
++    perms = []
++    if PERMS in info:
++        perms = info[PERMS]
++        info[PERMS] = ",".join(info[PERMS])
++     
++    
++    dict_list = _sesearch.sesearch(info)
++    if dict_list and len(perms) != 0:
++        dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list)
++    return dict_list
++
++def dict_has_perms(dict, perms):
++    for perm in perms:
++        if perm not in dict[PERMS]:
++            return False
++    return True
++
++def seinfo(setype, name=None):
++    dict_list = _seinfo.seinfo(setype, name)
++    return dict_list
+diff --git a/python/setools/seinfo.c b/python/setools/seinfo.c
+new file mode 100644
+index 0000000..211930a
+--- /dev/null
++++ b/python/setools/seinfo.c
+@@ -0,0 +1,769 @@
++/**
++ *  @file
++ *  Command line tool to search TE rules.
++ *
++ *  @author Frank Mayer  mayerf@tresys.com
++ *  @author Jeremy A. Mowery jmowery@tresys.com
++ *  @author Paul Rosenfeld  prosenfeld@tresys.com
++ *  @author Thomas Liu  <tliu@redhat.com>
++ *  @author Dan Walsh  <dwalsh@redhat.com>
++ *
++ *  Copyright (C) 2003-2008 Tresys Technology, LLC
++ *
++ *  This program is free software; you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation; either version 2 of the License, or
++ *  (at your option) any later version.
++ *
++ *  This program is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with this program; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ */
++
++/**
++ * This is a modified version of seinfo to be used as part of a library for
++ * Python bindings.
++ */
++
++#include "Python.h"
++
++/* libapol */
++#include <apol/policy.h>
++#include <apol/policy-query.h>
++#include <apol/render.h>
++#include <apol/util.h>
++#include <apol/vector.h>
++
++/* libqpol */
++#include <qpol/policy.h>
++#include <qpol/util.h>
++
++/* other */
++#include <errno.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <string.h>
++#include <assert.h>
++
++#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
++static char *policy_file = NULL;
++
++enum input
++{
++       TYPE, ATTRIBUTE, ROLE, USER, PORT,
++};
++
++/**
++ * Gets a textual representation of an attribute, and 
++ * all of that attribute's types.
++ *
++ * @param type_datum Reference to sepol type_datum
++ * @param policydb Reference to a policy
++ */
++static PyObject* get_attr(const qpol_type_t * type_datum, const apol_policy_t * policydb)
++{
++       int retval = -1;
++       PyObject *dict = PyDict_New(); 
++       const qpol_type_t *attr_datum = NULL;
++       qpol_iterator_t *iter = NULL;
++       const char *attr_name = NULL, *type_name = NULL;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++       unsigned char isattr;
++
++       if (qpol_type_get_name(q, type_datum, &attr_name))
++               goto cleanup;
++       PyObject *obj = PyString_FromString(attr_name);
++       PyDict_SetItemString(dict, "name", obj);
++       Py_DECREF(obj);
++
++       /* get an iterator over all types this attribute has */
++       if (qpol_type_get_isattr(q, type_datum, &isattr))
++               goto cleanup;
++       if (isattr) {          /* sanity check */
++               if (qpol_type_get_type_iter(q, type_datum, &iter))
++                       goto cleanup;
++               PyObject *list = PyList_New(0);
++               for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++                       if (qpol_iterator_get_item(iter, (void **)&attr_datum))
++                               goto cleanup;
++                       if (qpol_type_get_name(q, attr_datum, &type_name))
++                               goto cleanup;
++                       PyObject *obj = PyString_FromString(type_name);
++                       PyList_Append(list, obj);
++                       Py_DECREF(obj);
++               }
++               qpol_iterator_destroy(&iter);
++               PyDict_SetItemString(dict, "types", list);
++               Py_DECREF(list);
++       } else                 /* this should never happen */
++               goto cleanup;
++       
++       retval = 0;
++cleanup:
++       qpol_iterator_destroy(&iter);
++       if (retval) {
++               Py_DECREF(dict);
++               return NULL;
++       }
++       return dict;
++}
++
++/**
++ * Gets statistics regarding a policy's attributes.
++ * If this function is given a name, it will attempt to
++ * get statistics about a particular attribute; otherwise
++ * the function gets statistics about all of the policy's
++ * attributes.
++ *
++ * @param name Reference to an attribute's name; if NULL,
++ * all object classes will be considered
++ * @param policydb Reference to a policy
++ *
++ * @return 0 on success, < 0 on error.
++ */
++static PyObject* get_attribs(const char *name, const apol_policy_t * policydb)
++{
++       int retval = -1;
++       PyObject *list = PyList_New(0);
++       apol_attr_query_t *attr_query = NULL;
++       apol_vector_t *v = NULL;
++       const qpol_type_t *type_datum = NULL;
++       size_t n_attrs, i;
++
++       /* we are only getting information about 1 attribute */
++       if (name != NULL) {
++               attr_query = apol_attr_query_create();
++               if (!attr_query)
++                       goto cleanup;
++               if (apol_attr_query_set_attr(policydb, attr_query, name))
++                       goto cleanup;
++               if (apol_attr_get_by_query(policydb, attr_query, &v))
++                       goto cleanup;
++               apol_attr_query_destroy(&attr_query);
++               if (apol_vector_get_size(v) == 0) {
++                       apol_vector_destroy(&v);
++                       errno = EINVAL;
++                       goto cleanup;
++               }
++
++               type_datum = apol_vector_get_element(v, (size_t) 0);
++               PyObject *obj = get_attr(type_datum, policydb);
++               PyList_Append(list, obj);
++               Py_DECREF(obj);
++       } else {
++               attr_query = apol_attr_query_create();
++               if (!attr_query)
++                       goto cleanup;
++               if (apol_attr_get_by_query(policydb, attr_query, &v))
++                       goto cleanup;
++               apol_attr_query_destroy(&attr_query);
++               n_attrs = apol_vector_get_size(v);
++
++               for (i = 0; i < n_attrs; i++) {
++                       /* get qpol_type_t* item from vector */
++                       type_datum = (qpol_type_t *) apol_vector_get_element(v, (size_t) i);
++                       if (!type_datum)
++                               goto cleanup;
++                       PyObject *obj = get_attr(type_datum, policydb);
++                       PyList_Append(list, obj);
++                       Py_DECREF(obj);
++               }
++       }
++       apol_vector_destroy(&v);
++
++       retval = 0;
++      cleanup:
++       apol_attr_query_destroy(&attr_query);
++       apol_vector_destroy(&v);
++       if (retval) {
++               Py_DECREF(list);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       return list;
++}
++
++/**
++ * Get a textual representation of a type, and
++ * all of that type's attributes.
++ *
++ * @param type_datum Reference to sepol type_datum
++ * @param policydb Reference to a policy
++ */
++static PyObject* get_type_attrs(const qpol_type_t * type_datum, const apol_policy_t * policydb)
++{
++       qpol_iterator_t *iter = NULL;
++       const char *attr_name = NULL;
++       const qpol_type_t *attr_datum = NULL;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++
++       if (qpol_type_get_attr_iter(q, type_datum, &iter))
++               goto cleanup;
++       PyObject *list = PyList_New(0);
++       for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++               if (qpol_iterator_get_item(iter, (void **)&attr_datum))
++                       goto cleanup;
++               if (qpol_type_get_name(q, attr_datum, &attr_name))
++                       goto cleanup;
++               PyObject *obj = PyString_FromString(attr_name);
++               PyList_Append(list, obj);
++               Py_DECREF(obj);
++       }
++
++      cleanup:
++       qpol_iterator_destroy(&iter);
++       return list;
++}
++
++static PyObject* get_type( const qpol_type_t * type_datum, const apol_policy_t * policydb) {
++
++       PyObject *dict = PyDict_New(); 
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++       const char *type_name = NULL;
++
++       unsigned char isalias, ispermissive, isattr;
++
++       if (qpol_type_get_name(q, type_datum, &type_name))
++               goto cleanup;
++       if (qpol_type_get_isalias(q, type_datum, &isalias))
++               goto cleanup;
++       if (qpol_type_get_isattr(q, type_datum, &isattr))
++               goto cleanup;
++       if (qpol_type_get_ispermissive(q, type_datum, &ispermissive))
++               goto cleanup;
++
++       PyObject *obj = PyString_FromString(type_name);
++       PyDict_SetItemString(dict, "name", obj);
++       Py_DECREF(obj);
++       obj = PyBool_FromLong(ispermissive);
++       PyDict_SetItemString(dict, "permissive", obj);
++       Py_DECREF(obj);
++       if (!isattr && !isalias) {
++               obj = get_type_attrs(type_datum, policydb);
++               PyDict_SetItemString(dict, "attributes", obj);
++               Py_DECREF(obj);
++       }
++       return dict;
++cleanup:
++       Py_DECREF(dict);
++       return NULL;
++}
++
++/**
++ * Gets a textual representation of a user, and
++ * all of that user's roles.
++ *
++ * @param type_datum Reference to sepol type_datum
++ * @param policydb Reference to a policy
++ * roles
++ */
++static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb)
++{
++       PyObject *dict = NULL;
++       const qpol_role_t *role_datum = NULL;
++       qpol_iterator_t *iter = NULL;
++       const qpol_mls_range_t *range = NULL;
++       const qpol_mls_level_t *dflt_level = NULL;
++       apol_mls_level_t *ap_lvl = NULL;
++       apol_mls_range_t *ap_range = NULL;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++       char *tmp;
++       const char *user_name, *role_name;
++
++       if (qpol_user_get_name(q, user_datum, &user_name))
++               goto cleanup;
++
++       dict = PyDict_New(); 
++       PyObject *obj = PyString_FromString(user_name);
++       PyDict_SetItemString(dict, "name", obj);
++       Py_DECREF(obj);
++
++       if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) {
++               if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level))
++                       goto cleanup;
++               ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level);
++               tmp = apol_mls_level_render(policydb, ap_lvl);
++               if (!tmp)
++                       goto cleanup;
++               obj = PyString_FromString(tmp);
++               PyDict_SetItemString(dict, "level", obj);
++               Py_DECREF(obj);
++               free(tmp);
++               /* print default range */
++               if (qpol_user_get_range(q, user_datum, &range))
++                       goto cleanup;
++               ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range);
++               tmp = apol_mls_range_render(policydb, ap_range);
++               if (!tmp)
++                       goto cleanup;
++               obj = PyString_FromString(tmp);
++               PyDict_SetItemString(dict, "range", obj);
++               Py_DECREF(obj);
++               free(tmp);
++       }
++       
++       if (qpol_user_get_role_iter(q, user_datum, &iter))
++               goto cleanup;
++       PyObject *list = PyList_New(0);
++       for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++               if (qpol_iterator_get_item(iter, (void **)&role_datum)) {
++                       Py_DECREF(list);
++                       goto cleanup;
++               }
++               if (qpol_role_get_name(q, role_datum, &role_name)) {
++                       Py_DECREF(list);
++                       goto cleanup;
++               }
++               PyObject *obj = PyString_FromString(role_name);
++               PyList_Append(list, obj);
++               Py_DECREF(obj);
++       }
++       PyDict_SetItemString(dict, "roles", list);
++       Py_DECREF(list);
++
++cleanup:
++       qpol_iterator_destroy(&iter);
++       apol_mls_level_destroy(&ap_lvl);
++       apol_mls_range_destroy(&ap_range);
++       return dict;
++}
++
++/**
++ * Gets statistics regarding a policy's users.
++ * If this function is given a name, it will attempt to
++ * get statistics about a particular user; otherwise
++ * the function gets statistics about all of the policy's
++ * users.
++ *
++ * @param name Reference to a user's name; if NULL,
++ * all users will be considered
++ * @param policydb Reference to a policy
++ *
++ * @return 0 on success, < 0 on error.
++ */
++static PyObject*  get_users(const char *name, const apol_policy_t * policydb)
++{
++       int retval = -1;
++       PyObject *list = PyList_New(0);
++       qpol_iterator_t *iter = NULL;
++       const qpol_user_t *user_datum = NULL;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++
++       if (name != NULL) {
++               if (qpol_policy_get_user_by_name(q, name, &user_datum)) {
++                       errno = EINVAL;
++                       goto cleanup;
++               }
++               PyObject *obj = get_user(user_datum, policydb);
++               PyList_Append(list, obj);
++               Py_DECREF(obj);
++       } else {
++               if (qpol_policy_get_user_iter(q, &iter))
++                       goto cleanup;
++
++               for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++                       if (qpol_iterator_get_item(iter, (void **)&user_datum))
++                               goto cleanup;
++                       PyObject *obj = get_user(user_datum, policydb);
++                       PyList_Append(list, obj);
++                       Py_DECREF(obj);
++               }
++               qpol_iterator_destroy(&iter);
++       }
++
++       retval = 0;
++      cleanup:
++       qpol_iterator_destroy(&iter);
++       if (retval) {
++               Py_DECREF(list);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       return list;
++}
++
++/**
++ * get a textual representation of a role, and 
++ * all of that role's types.
++ *
++ * @param type_datum Reference to sepol type_datum
++ * @param policydb Reference to a policy
++ * types
++ */
++static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb)
++{
++       int retval = -1;
++       PyObject *dict = PyDict_New();
++       const char *role_name = NULL, *type_name = NULL;
++       const qpol_role_t *dom_datum = NULL;
++       const qpol_type_t *type_datum = NULL;
++       qpol_iterator_t *iter = NULL;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++       size_t n_dom = 0, n_types = 0;
++
++       if (qpol_role_get_name(q, role_datum, &role_name))
++               goto cleanup;
++
++       PyObject *obj = PyString_FromString(role_name);
++       PyDict_SetItemString(dict, "name", obj);
++       Py_DECREF(obj);
++
++       if (qpol_role_get_dominate_iter(q, role_datum, &iter))
++               goto cleanup;
++       if (qpol_iterator_get_size(iter, &n_dom))
++               goto cleanup;
++       if ((int)n_dom > 0) {
++               PyObject *list = PyList_New(0);
++               for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++                       if (qpol_iterator_get_item(iter, (void **)&dom_datum))
++                               goto cleanup;
++                       if (qpol_role_get_name(q, dom_datum, &role_name))
++                               goto cleanup;
++                       PyObject *obj = PyString_FromString(role_name);
++                       PyList_Append(list, obj);
++                       Py_DECREF(obj);
++               }
++               PyDict_SetItemString(dict, "dominate", list);
++               Py_DECREF(list);
++       }
++       qpol_iterator_destroy(&iter);
++       
++       if (qpol_role_get_type_iter(q, role_datum, &iter))
++               goto cleanup;
++       if (qpol_iterator_get_size(iter, &n_types))
++               goto cleanup;
++       if ((int)n_types > 0) {
++               PyObject *list = PyList_New(0);
++               /* print types */
++               for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++                       if (qpol_iterator_get_item(iter, (void **)&type_datum))
++                               goto cleanup;
++                       if (qpol_type_get_name(q, type_datum, &type_name))
++                               goto cleanup;
++                       PyObject *obj = PyString_FromString(type_name);
++                       PyList_Append(list, obj);
++                       Py_DECREF(obj);
++               }
++               PyDict_SetItemString(dict, "types", list);
++               Py_DECREF(list);
++       }
++
++       retval = 0;
++cleanup:
++       qpol_iterator_destroy(&iter);
++       if (retval) {
++               Py_DECREF(dict);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       return dict;
++}
++
++/**
++ * Get statistics regarding a policy's ports.
++ * If this function is given a name, it will attempt to
++ * get statistics about a particular port; otherwise
++ * the function get statistics about all of the policy's ports.
++ *
++ * @param name Reference to an port's name; if NULL,
++ * all ports will be considered
++ * @param policydb Reference to a policy
++ *
++ * @return 0 on success, < 0 on error.
++ */
++static PyObject*  get_ports(const char *num, const apol_policy_t * policydb)
++{
++       PyObject *list = PyList_New(0);
++       int retval = -1;
++       const qpol_portcon_t *portcon = NULL;
++       qpol_iterator_t *iter = NULL;
++       uint16_t low_port, high_port;
++       uint8_t ocon_proto;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++       const qpol_context_t *ctxt = NULL;
++       const char *proto_str;
++       PyObject *dict;
++       const char *type = NULL;
++       const apol_mls_range_t *range = NULL;
++       char *range_str = NULL;
++       PyObject *obj = NULL;
++       apol_context_t *c = NULL;
++
++       if (qpol_policy_get_portcon_iter(q, &iter))
++               goto cleanup;
++
++       for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++               if (qpol_iterator_get_item(iter, (void **)&portcon))
++                       goto cleanup;
++               if (qpol_portcon_get_low_port(q, portcon, &low_port))
++                       goto cleanup;
++               if (qpol_portcon_get_high_port(q, portcon, &high_port))
++                       goto cleanup;
++               if (qpol_portcon_get_protocol(q, portcon, &ocon_proto))
++                       goto cleanup;
++               if (num) {
++                       if (atoi(num) < low_port || atoi(num) > high_port)
++                               continue;
++               }
++
++               if ((ocon_proto != IPPROTO_TCP) &&
++                   (ocon_proto != IPPROTO_UDP)) 
++                       goto cleanup;
++
++               if (qpol_portcon_get_context(q, portcon, &ctxt)) {
++                       PyErr_SetString(PyExc_RuntimeError, "Could not get for port context.");
++                       goto cleanup;
++               }
++
++               if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) {
++                       PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port");
++                       goto cleanup;
++               }
++
++               if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) {
++                       goto cleanup;
++               }
++               
++               if((type = apol_context_get_type(c)) == NULL) {
++                       apol_context_destroy(&c);
++                       goto cleanup;
++               }
++                       
++               dict = PyDict_New(); 
++               obj = PyString_FromString(type);
++               PyDict_SetItemString(dict, "type", obj);
++               Py_DECREF(obj);
++
++               if((range = apol_context_get_range(c)) == NULL) {
++                       goto cleanup;
++               }
++                       
++               range_str = apol_mls_range_render(policydb, range);
++               if (range_str == NULL) {
++                       goto cleanup;
++               }
++               obj = PyString_FromString(range_str);
++               PyDict_SetItemString(dict, "range", obj);
++               Py_DECREF(obj);
++
++               obj = PyString_FromString(proto_str);
++               PyDict_SetItemString(dict, "protocol", obj);
++               Py_DECREF(obj);
++
++               obj = PyInt_FromLong(high_port);
++               PyDict_SetItemString(dict, "high", obj);
++               Py_DECREF(obj);
++
++               obj = PyInt_FromLong(low_port);
++               PyDict_SetItemString(dict, "low", obj);
++               Py_DECREF(obj);
++
++               PyList_Append(list, dict);
++               Py_DECREF(dict);
++       }
++       retval = 0;
++      cleanup:
++       free(range_str);
++       apol_context_destroy(&c);
++       qpol_iterator_destroy(&iter);
++
++       if (retval) {
++               Py_DECREF(list);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       return list;
++}
++
++/**
++ * Get statistics regarding a policy's roles.
++ * If this function is given a name, it will attempt to
++ * get statistics about a particular role; otherwise
++ * the function get statistics about all of the policy's roles.
++ *
++ * @param name Reference to an role's name; if NULL,
++ * all roles will be considered
++ * @param policydb Reference to a policy
++ *
++ * @return 0 on success, < 0 on error.
++ */
++static PyObject*  get_roles(const char *name, const apol_policy_t * policydb)
++{
++       int retval = -1;
++       PyObject *list = PyList_New(0);
++       const qpol_role_t *role_datum = NULL;
++       qpol_iterator_t *iter = NULL;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++
++       if (name != NULL) {
++               if (qpol_policy_get_role_by_name(q, name, &role_datum)) {
++                       errno = EINVAL;
++                       goto cleanup;
++               }
++               PyObject *obj = get_role(role_datum, policydb);
++               PyList_Append(list, obj);
++               Py_DECREF(obj);
++       } else {
++               if (qpol_policy_get_role_iter(q, &iter))
++                       goto cleanup;
++
++               for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++                       if (qpol_iterator_get_item(iter, (void **)&role_datum))
++                               goto cleanup;
++                       PyObject *obj = get_role(role_datum, policydb);
++                       PyList_Append(list, obj);
++                       Py_DECREF(obj);
++               }
++               qpol_iterator_destroy(&iter);
++       }
++
++       retval = 0;
++      cleanup:
++       qpol_iterator_destroy(&iter);
++       if (retval) {
++               Py_DECREF(list);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       return list;
++}
++
++/**
++ * Get statistics regarding a policy's types.
++ * If this function is given a name, it will attempt to
++ * print statistics about a particular type; otherwise
++ * the function prints statistics about all of the policy's types.
++ *
++ * @param name Reference to a type's name; if NULL,
++ * all object classes will be considered
++ * @param policydb Reference to a policy
++ *
++ * @return 0 on success, < 0 on error.
++ */
++static PyObject* get_types(const char *name, const apol_policy_t * policydb)
++{
++       int retval = -1;
++       PyObject *list = PyList_New(0);
++       const qpol_type_t *type_datum = NULL;
++       qpol_iterator_t *iter = NULL;
++       qpol_policy_t *q = apol_policy_get_qpol(policydb);
++
++       /* if name was provided, only print that name */
++       if (name != NULL) {
++               if (qpol_policy_get_type_by_name(q, name, &type_datum)) {
++                       errno = EINVAL;
++                       goto cleanup;
++               }
++               PyObject *obj = get_type(type_datum, policydb);
++               PyList_Append(list, obj);
++               Py_DECREF(obj);
++       } else {
++               if (qpol_policy_get_type_iter(q, &iter))
++                       goto cleanup;
++               /* Print all type names */
++               for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++                       if (qpol_iterator_get_item(iter, (void **)&type_datum))
++                               goto cleanup;
++                       PyObject *obj = get_type(type_datum, policydb);
++                       PyList_Append(list, obj);
++                       Py_DECREF(obj);
++               }
++       }
++       retval = 0;
++cleanup:
++       qpol_iterator_destroy(&iter);
++       if (retval) {
++               Py_DECREF(list);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       return list;
++}
++
++PyObject* seinfo(int type, const char *name)
++{
++       int rt = -1;
++
++       apol_policy_t *policydb = NULL;
++       apol_policy_path_t *pol_path = NULL;
++       apol_vector_t *mod_paths = NULL;
++       apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
++       PyObject* output = NULL;
++
++       rt = qpol_default_policy_find(&policy_file);
++       if (rt != 0) {
++               PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
++               return NULL;
++       }
++
++       pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
++       if (!pol_path) {
++               free(policy_file);
++               apol_vector_destroy(&mod_paths);
++               PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
++               return NULL;
++       }
++       apol_vector_destroy(&mod_paths);
++
++       int policy_load_options = 0;
++       policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
++       policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL);
++       if (!policydb) {
++               free(policy_file);
++               apol_policy_path_destroy(&pol_path);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       free(policy_file);
++
++       /* display requested info */
++       if (type == TYPE)
++               output = get_types(name, policydb);
++
++       if (type == ATTRIBUTE)
++               output = get_attribs(name, policydb);
++
++       if (type == ROLE)
++               output = get_roles(name, policydb);
++
++       if (type == USER)
++               output = get_users(name, policydb);
++
++       if (type == PORT)
++               output = get_ports(name, policydb);
++
++       apol_policy_destroy(&policydb);
++       apol_policy_path_destroy(&pol_path);
++       return output;
++}
++
++PyObject *wrap_seinfo(PyObject *self, PyObject *args){
++    unsigned int type;
++    char *name;
++    
++    if (!PyArg_ParseTuple(args, "iz", &type, &name))
++        return NULL;
++
++    return Py_BuildValue("O",seinfo(type, name));
++
++}
++
++static PyMethodDef methods[] = {
++    {"seinfo", (PyCFunction) wrap_seinfo, METH_VARARGS},
++    {NULL, NULL, 0, NULL}
++};
++
++void init_seinfo(){
++    PyObject *m;
++    m = Py_InitModule("_seinfo", methods);
++    PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE);
++    PyModule_AddIntConstant(m, "PORT", PORT);
++    PyModule_AddIntConstant(m, "ROLE", ROLE);
++    PyModule_AddIntConstant(m, "TYPE", TYPE);
++    PyModule_AddIntConstant(m, "USER", USER);
++}
+diff --git a/python/setools/sesearch.c b/python/setools/sesearch.c
+new file mode 100644
+index 0000000..faaf8b7
+--- /dev/null
++++ b/python/setools/sesearch.c
+@@ -0,0 +1,478 @@
++// Author: Thomas Liu <tliu@redhat.com>
++
++/**
++ *  @file
++ *  Command line tool to search TE rules.
++ *
++ *  @author Frank Mayer  mayerf@tresys.com
++ *  @author Jeremy A. Mowery jmowery@tresys.com
++ *  @author Paul Rosenfeld  prosenfeld@tresys.com
++ *  @author Thomas Liu  <tliu@redhat.com>
++ *
++ *  Copyright (C) 2003-2008 Tresys Technology, LLC
++ *
++ *  This program is free software; you can redistribute it and/or modify
++ *  it under the terms of the GNU General Public License as published by
++ *  the Free Software Foundation; either version 2 of the License, or
++ *  (at your option) any later version.
++ *
++ *  This program is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ *  GNU General Public License for more details.
++ *
++ *  You should have received a copy of the GNU General Public License
++ *  along with this program; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ */
++
++/**
++ * This is a modified version of sesearch to be used as part of a library for
++ * Python bindings.
++ */
++
++#include "Python.h"
++
++/* libapol */
++#include <apol/policy.h>
++#include <apol/policy-query.h>
++#include <apol/render.h>
++#include <apol/util.h>
++#include <apol/vector.h>
++
++/* libqpol*/
++#include <qpol/policy.h>
++#include <qpol/policy_extend.h>
++#include <qpol/syn_rule_query.h>
++#include <qpol/util.h>
++
++/* other */
++#include <errno.h>
++#include <stdlib.h>
++#include <stdio.h>
++#include <assert.h>
++#include <getopt.h>
++#include <string.h>
++#include <stdbool.h>
++
++#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
++static char *policy_file = NULL;
++
++enum opt_values
++{
++       RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT,
++       RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL,
++       EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET
++};
++
++;
++
++typedef struct options
++{
++       char *src_name;
++       char *tgt_name;
++       char *src_role_name;
++       char *tgt_role_name;
++       char *class_name;
++       char *permlist;
++       char *bool_name;
++       apol_vector_t *class_vector;
++       bool all;
++       bool lineno;
++       bool semantic;
++       bool indirect;
++       bool allow;
++       bool nallow;
++       bool auditallow;
++       bool dontaudit;
++       bool type;
++       bool rtrans;
++       bool role_allow;
++       bool role_trans;
++       bool useregex;
++       bool show_cond;
++       apol_vector_t *perm_vector;
++} options_t;
++
++static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
++{
++       apol_avrule_query_t *avq = NULL;
++       unsigned int rules = 0;
++       int error = 0;
++       char *tmp = NULL, *tok = NULL, *s = NULL;
++
++       if (!policy || !opt || !v) {
++               PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL));
++               errno = EINVAL;
++               return -1;
++       }
++
++       if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) {
++               *v = NULL;
++               return 0;              /* no search to do */
++       }
++
++       avq = apol_avrule_query_create();
++       if (!avq) {
++               PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
++               errno = ENOMEM;
++               return -1;
++       }
++
++       if (opt->allow || opt->all)
++               rules |= QPOL_RULE_ALLOW;
++       if ((opt->nallow || opt->all) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_NEVERALLOW))
++               rules |= QPOL_RULE_NEVERALLOW;
++       if (opt->auditallow || opt->all)
++               rules |= QPOL_RULE_AUDITALLOW;
++       if (opt->dontaudit || opt->all)
++               rules |= QPOL_RULE_DONTAUDIT;
++       apol_avrule_query_set_rules(policy, avq, rules);
++       apol_avrule_query_set_regex(policy, avq, opt->useregex);
++       if (opt->src_name)
++               apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect);
++       if (opt->tgt_name)
++               apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect);
++       if (opt->bool_name)
++               apol_avrule_query_set_bool(policy, avq, opt->bool_name);
++       if (opt->class_name) {
++               if (opt->class_vector == NULL) {
++                       if (apol_avrule_query_append_class(policy, avq, opt->class_name)) {
++                               error = errno;
++                               goto err;
++                       }
++               } else {
++                       size_t i;
++            for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
++                               char *class_name;
++                               class_name = apol_vector_get_element(opt->class_vector, i);
++                               if (!class_name)
++                                       continue;
++                               if (apol_avrule_query_append_class(policy, avq, class_name)) {
++                                       error = errno;
++                                       goto err;
++                               }
++                       }
++               }
++       }
++
++       if (opt->permlist) {
++               tmp = strdup(opt->permlist);
++               for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) {
++                       if (apol_avrule_query_append_perm(policy, avq, tok)) {
++                               error = errno;
++                               goto err;
++                       }
++                       if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) {
++                               error = errno;
++                               goto err;
++                       }
++                       s = NULL;
++               }
++               free(tmp);
++       }
++
++       if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
++               if (apol_syn_avrule_get_by_query(policy, avq, v)) {
++                       error = errno;
++                       goto err;
++               }
++       } else {
++               if (apol_avrule_get_by_query(policy, avq, v)) {
++                       error = errno;
++                       goto err;
++               }
++       }
++
++       apol_avrule_query_destroy(&avq);
++       return 0;
++
++      err:
++       apol_vector_destroy(v);
++       apol_avrule_query_destroy(&avq);
++       free(tmp);
++       free(s);
++       PyErr_SetString(PyExc_RuntimeError,strerror(error));
++       errno = error;
++       return -1;
++}
++
++
++
++static PyObject* get_av_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
++{
++       int retval = -1;
++       PyObject *list = PyList_New(0);
++       qpol_policy_t *q = apol_policy_get_qpol(policy);
++       size_t i, num_rules = 0;
++       const qpol_avrule_t *rule = NULL;
++       char *tmp = NULL, *rule_str = NULL, *expr = NULL;
++       char enable_char = ' ', branch_char = ' ';
++       qpol_iterator_t *iter = NULL;
++       uint32_t enabled = 0;
++
++       if (!policy || !v)
++               return NULL;
++
++       if (!(num_rules = apol_vector_get_size(v)))
++               return NULL;
++
++       for (i = 0; i < num_rules; i++) {
++               enable_char = branch_char = ' ';
++               if (!(rule = apol_vector_get_element(v, i)))
++                       goto cleanup;
++               
++               if (qpol_avrule_get_is_enabled(q, rule, &enabled))
++                       goto cleanup;
++               if (!enabled)
++                       continue;
++        
++               const qpol_type_t *type;
++               const char *tmp_name;
++               uint32_t rule_type = 0;
++               
++               const qpol_class_t *obj_class = NULL;
++               
++               PyObject *dict = PyDict_New(); 
++               
++               qpol_avrule_get_rule_type(q, rule, &rule_type);
++               tmp_name = apol_rule_type_to_str(rule_type);
++               PyObject *obj = PyString_FromString(tmp_name);
++               PyDict_SetItemString(dict, "type", obj);
++               Py_DECREF(obj);
++               // source
++               qpol_avrule_get_source_type(q, rule, &type);
++               qpol_type_get_name(q, type, &tmp_name);
++               obj = PyString_FromString(tmp_name);
++               PyDict_SetItemString(dict, "scontext", obj);
++               Py_DECREF(obj);
++               
++               qpol_avrule_get_target_type(q, rule, &type);
++               qpol_type_get_name(q, type, &tmp_name);
++               obj = PyString_FromString(tmp_name);
++               PyDict_SetItemString(dict, "tcontext", obj);
++               Py_DECREF(obj);
++               
++               qpol_avrule_get_object_class(q, rule, &obj_class);
++               qpol_type_get_name(q, type, &tmp_name);
++               obj = PyString_FromString(tmp_name);
++               PyDict_SetItemString(dict, "class", obj);
++               Py_DECREF(obj);
++               qpol_avrule_get_perm_iter(q, rule, &iter);
++               PyObject *permlist = PyList_New(0);
++               for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++                       const char *perm_name = NULL;
++                       qpol_iterator_get_item(iter, (void **)&perm_name);
++                       obj = PyString_FromString(perm_name);
++                       PyList_Append(permlist, obj);
++                       Py_DECREF(obj);
++               }
++               PyDict_SetItemString(dict, "permlist", permlist);
++               Py_DECREF(permlist);
++               PyList_Append(list, dict); 
++               Py_DECREF(dict);
++               
++               free(rule_str);
++               rule_str = NULL;
++               free(expr);
++               expr = NULL;
++       }
++       retval = 0;
++      cleanup:
++       free(tmp);
++       free(rule_str);
++       free(expr);
++       if (retval) {
++               Py_DECREF(list);
++               return NULL;
++       }
++       return list;
++}
++
++
++PyObject* sesearch(bool allow,
++             bool neverallow, 
++             bool auditallow,
++             bool dontaudit,
++             const char *src_name,
++             const char *tgt_name,
++             const char *class_name,
++             const char *permlist
++             )
++{
++       options_t cmd_opts;
++       int rt = -1;
++       PyObject *output = NULL;
++       
++       apol_policy_t *policy = NULL;
++       apol_vector_t *v = NULL;
++       apol_policy_path_t *pol_path = NULL;
++       apol_vector_t *mod_paths = NULL;
++       apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC;
++       
++       memset(&cmd_opts, 0, sizeof(cmd_opts));
++       cmd_opts.indirect = true;
++       cmd_opts.allow = allow;
++       cmd_opts.nallow = neverallow;
++       cmd_opts.auditallow = auditallow;
++       cmd_opts.dontaudit = dontaudit;
++       if (src_name)
++               cmd_opts.src_name = strdup(src_name);
++       if (tgt_name)
++               cmd_opts.tgt_name = strdup(tgt_name);
++       if (class_name)
++               cmd_opts.class_name = strdup(class_name);
++       if (permlist){
++               cmd_opts.perm_vector = apol_vector_create(free);
++               cmd_opts.permlist = strdup(permlist);
++       }
++       int pol_opt = 0;
++       if (!(cmd_opts.nallow || cmd_opts.all))
++               pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS;
++       
++    
++       rt = qpol_default_policy_find(&policy_file);
++       if (rt) {
++               PyErr_SetString(PyExc_RuntimeError,"No default policy found.");
++               return NULL;
++       }
++       pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM;
++       
++       if (apol_file_is_policy_path_list(policy_file) > 0) {
++               pol_path = apol_policy_path_create_from_file(policy_file);
++               if (!pol_path) {
++                       free(policy_file);
++                       PyErr_SetString(PyExc_RuntimeError,"invalid policy list");
++                       return NULL;
++               }
++       }
++
++       if (!pol_path)
++               pol_path = apol_policy_path_create(path_type, policy_file, mod_paths);
++       if (!pol_path) {
++               free(policy_file);
++               PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM));
++               return NULL;
++       }
++       free(policy_file);
++       apol_vector_destroy(&mod_paths);
++       
++       policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL);
++       if (!policy) {
++               apol_policy_path_destroy(&pol_path);
++               PyErr_SetString(PyExc_RuntimeError,strerror(errno));
++               return NULL;
++       }
++       /* handle regex for class name */
++       if (cmd_opts.useregex && cmd_opts.class_name != NULL) {
++               cmd_opts.class_vector = apol_vector_create(NULL);
++               apol_vector_t *qpol_matching_classes = NULL;
++               apol_class_query_t *regex_match_query = apol_class_query_create();
++               apol_class_query_set_regex(policy, regex_match_query, 1);
++               apol_class_query_set_class(policy, regex_match_query, cmd_opts.class_name);
++               if (apol_class_get_by_query(policy, regex_match_query, &qpol_matching_classes)) {
++                       apol_class_query_destroy(&regex_match_query);
++                       PyErr_SetString(PyExc_RuntimeError,"Query failed");
++                       goto cleanup;
++               }
++               const qpol_class_t *class = NULL;
++               size_t i;
++               for (i = 0; i < apol_vector_get_size(qpol_matching_classes); ++i) {
++                       const char *class_name;
++                       class = apol_vector_get_element(qpol_matching_classes, i);
++                       if (!class)
++                               break;
++                       qpol_class_get_name(apol_policy_get_qpol(policy), class, &class_name);
++                       apol_vector_append(cmd_opts.class_vector, (void *)class_name);
++               }
++               if (!apol_vector_get_size(qpol_matching_classes)) {
++                       apol_vector_destroy(&qpol_matching_classes);
++                       apol_class_query_destroy(&regex_match_query);
++                       PyErr_SetString(PyExc_RuntimeError,"No classes match expression");
++                       goto cleanup;
++               }
++               apol_vector_destroy(&qpol_matching_classes);
++               apol_class_query_destroy(&regex_match_query);
++       }
++
++       if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
++               if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) {
++                       apol_policy_destroy(&policy);
++                       PyErr_SetString(PyExc_RuntimeError,"Query failed");
++                       goto cleanup;
++               }
++       }
++
++       /* if syntactic rules are not available always do semantic search */
++       if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) {
++               cmd_opts.semantic = 1;
++       }
++
++       /* supress line numbers if doing semantic search or not available */
++       if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) {
++               cmd_opts.lineno = 0;
++       }
++       if (perform_av_query(policy, &cmd_opts, &v)) {
++               goto cleanup;
++       }
++       if (v) {
++               output =  get_av_results(policy, &cmd_opts, v);
++       }
++       apol_vector_destroy(&v);
++      cleanup:
++       apol_policy_destroy(&policy);
++       apol_policy_path_destroy(&pol_path);
++       free(cmd_opts.src_name);
++       free(cmd_opts.tgt_name);
++       free(cmd_opts.class_name);
++       free(cmd_opts.permlist);
++       free(cmd_opts.bool_name);
++       free(cmd_opts.src_role_name);
++       free(cmd_opts.tgt_role_name);
++       apol_vector_destroy(&cmd_opts.perm_vector);
++       apol_vector_destroy(&cmd_opts.class_vector);
++
++       if (output) return output;
++       return Py_None;
++}
++static int Dict_ContainsInt(PyObject *dict, const char *key){
++    PyObject *item = PyDict_GetItemString(dict, key);
++    if (item)
++        return PyInt_AsLong(item);
++    return false;
++}
++
++static const char *Dict_ContainsString(PyObject *dict, const char *key){
++    PyObject *item = PyDict_GetItemString(dict, key);
++    if (item)
++        return PyString_AsString(item);
++    return NULL;
++}
++
++PyObject *wrap_sesearch(PyObject *self, PyObject *args){
++    PyObject *dict;
++    if (!PyArg_ParseTuple(args, "O", &dict))
++        return NULL;
++    int allow = Dict_ContainsInt(dict, "allow");
++    int neverallow = Dict_ContainsInt(dict, "neverallow");
++    int auditallow = Dict_ContainsInt(dict, "auditallow");
++    int dontaudit = Dict_ContainsInt(dict, "dontaudit"); 
++   
++    const char *src_name = Dict_ContainsString(dict, "scontext");
++    const char *tgt_name = Dict_ContainsString(dict, "tcontext");
++    const char *class_name = Dict_ContainsString(dict, "class");
++    const char *permlist = Dict_ContainsString(dict, "permlist");
++    
++    return Py_BuildValue("O",sesearch(allow, neverallow, auditallow, dontaudit, src_name, tgt_name, class_name, permlist));
++
++}
++
++static PyMethodDef methods[] = {
++    {"sesearch", (PyCFunction) wrap_sesearch, METH_VARARGS},
++    {NULL, NULL, 0, NULL}
++};
++
++void init_sesearch(){
++    PyObject *m;
++    m = Py_InitModule("_sesearch", methods);
++}
+diff --git a/python/setools/setup.py b/python/setools/setup.py
+new file mode 100644
+index 0000000..053b885
+--- /dev/null
++++ b/python/setools/setup.py
+@@ -0,0 +1,25 @@
++#!/usr/bin/env python
++
++# Author: Thomas Liu <tliu@redhat.com>
++import os
++from distutils.core import setup, Extension
++LIBS=["apol", "qpol"]
++
++try:
++    inc=os.getenv("INCLUDES").split(" ")    
++    INCLUDES=map(lambda x: x[2:], inc)
++    LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
++except:
++    INCLUDES=""
++    LIBDIRS=""
++
++extension_sesearch = Extension("setools._sesearch", [ "sesearch.c"])
++extension_sesearch.include_dirs=INCLUDES
++extension_sesearch.libraries=LIBS
++extension_sesearch.library_dirs=LIBDIRS
++extension_seinfo = Extension("setools._seinfo", [ "seinfo.c"])
++extension_seinfo.include_dirs=INCLUDES
++extension_seinfo.libraries=LIBS
++extension_seinfo.library_dirs=LIBDIRS
++
++setup(name = "setools", version="1.0", description="Python setools bindings", author="Thomas Liu", author_email="tliu@redhat.com", ext_modules=[extension_sesearch, extension_seinfo], packages=["setools"])
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Changes-to-support-named-file_trans-rules.patch b/recipes-security/setools/setools/setools-Changes-to-support-named-file_trans-rules.patch
new file mode 100644
index 0000000..d44ae21
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Changes-to-support-named-file_trans-rules.patch
@@ -0,0 +1,1511 @@
+From e0f74aa934140ccc6f5a51aa2df6fd19f0c0ee08 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 11:00:19 +0800
+Subject: [PATCH 5/7] setools: Changes to support named file_trans rules
+
+Integrated from Fedora:
+https://community.dev.fedoraproject.org/packages/setools/sources/patches/
+---
+ libapol/include/apol/Makefile.am    |    1 +
+ libapol/include/apol/ftrule-query.h |  198 +++++++++++++++++++
+ libapol/include/apol/policy-query.h |    1 +
+ libapol/src/Makefile.am             |    1 +
+ libapol/src/ftrule-query.c          |  363 +++++++++++++++++++++++++++++++++++
+ libapol/src/libapol.map             |    1 +
+ libqpol/include/qpol/Makefile.am    |    1 +
+ libqpol/include/qpol/ftrule_query.h |  116 +++++++++++
+ libqpol/include/qpol/policy.h       |    1 +
+ libqpol/src/Makefile.am             |    1 +
+ libqpol/src/ftrule_query.c          |  277 ++++++++++++++++++++++++++
+ libqpol/src/libqpol.map             |    1 +
+ libqpol/src/module_compiler.c       |   12 ++
+ libqpol/src/policy_define.c         |  186 ++++++++++++++++++-
+ libqpol/src/policy_parse.y          |   13 +-
+ libqpol/src/policy_scan.l           |    1 +
+ secmds/sesearch.c                   |  101 ++++++++++
+ 17 files changed, 1272 insertions(+), 3 deletions(-)
+ create mode 100644 libapol/include/apol/ftrule-query.h
+ create mode 100644 libapol/src/ftrule-query.c
+ create mode 100644 libqpol/include/qpol/ftrule_query.h
+ create mode 100644 libqpol/src/ftrule_query.c
+
+diff --git a/libapol/include/apol/Makefile.am b/libapol/include/apol/Makefile.am
+index 0883c10..e398ff2 100644
+--- a/libapol/include/apol/Makefile.am
++++ b/libapol/include/apol/Makefile.am
+@@ -27,6 +27,7 @@ apol_HEADERS = \
+        relabel-analysis.h \
+        render.h \
+        role-query.h \
++       ftrule-query.h \
+        terule-query.h \
+        type-query.h \
+        types-relation-analysis.h \
+diff --git a/libapol/include/apol/ftrule-query.h b/libapol/include/apol/ftrule-query.h
+new file mode 100644
+index 0000000..119c52f
+--- /dev/null
++++ b/libapol/include/apol/ftrule-query.h
+@@ -0,0 +1,198 @@
++/**
++ * @file
++ *
++ * Routines to query filename_transition rules of a
++ * policy.  
++ *
++ * @author Jeremy A. Mowery jmowery@tresys.com
++ * @author Jason Tang  jtang@tresys.com
++ *
++ * Copyright (C) 2006-2007 Tresys Technology, LLC
++ *
++ *  This library is free software; you can redistribute it and/or
++ *  modify it under the terms of the GNU Lesser General Public
++ *  License as published by the Free Software Foundation; either
++ *  version 2.1 of the License, or (at your option) any later version.
++ *
++ *  This library is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ *  Lesser General Public License for more details.
++ *
++ *  You should have received a copy of the GNU Lesser General Public
++ *  License along with this library; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ */
++
++#ifndef APOL_FILENAMERULE_QUERY_H
++#define APOL_FILENAMERULE_QUERY_H
++
++#ifdef __cplusplus
++extern "C"
++{
++#endif
++
++#include "policy.h"
++#include "vector.h"
++#include <qpol/policy.h>
++
++       typedef struct apol_filename_trans_query apol_filename_trans_query_t;
++
++
++/******************** filename_transition queries ********************/
++
++/**
++ * Execute a query against all filename_transition rules within the
++ * policy.
++ *
++ * @param p Policy within which to look up filename_transition rules.
++ * @param r Structure containing parameters for query. If this is
++ * NULL then return all filename_transition rules.
++ * @param v Reference to a vector of qpol_filename_trans_t.  The vector
++ * will be allocated by this function.  The caller must call
++ * apol_vector_destroy() afterwards.  This will be set to NULL upon no
++ * results or upon error.
++ *
++ * @return 0 on success (including none found), negative on error.
++ */
++       extern int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * r, apol_vector_t ** v);
++
++/**
++ * Allocate and return a new filename trans query structure.  All fields
++ * are initialized, such that running this blank query results in
++ * returning all filename_transitions within the policy.  The caller must
++ * call apol_filename_trans_query_destroy() upon the return value
++ * afterwards.
++ *
++ * @return An initialized filename trans query structure, or NULL upon
++ * error.
++ */
++       extern apol_filename_trans_query_t *apol_filename_trans_query_create(void);
++
++/**
++ * Deallocate all memory associated with the referenced filename trans
++ * query, and then set it to NULL.  This function does nothing if the
++ * query is already NULL.
++ *
++ * @param r Reference to a filename trans query structure to destroy.
++ */
++       extern void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** r);
++
++/**
++ * Set a filename_trans query to return rules whose source symbol matches
++ * symbol.  Symbol may be a type or attribute; if it is an alias then
++ * the query will convert it to its primary prior to searching.  If
++ * is_indirect is non-zero then the search will be done indirectly.
++ * If the symbol is a type, then the query matches rules with one of
++ * the type's attributes.  If the symbol is an attribute, then it
++ * matches rule with any of the attribute's types.
++ *
++ * @param p Policy handler, to report errors.
++ * @param t TE rule query to set.
++ * @param symbol Limit query to rules with this symbol as their
++ * source, or NULL to unset this field.
++ * @param is_indirect If non-zero, perform indirect matching.
++ *
++ * @return 0 on success, negative on error.
++ */
++       extern int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *symbol,
++                                               int is_indirect);
++
++/**
++ * Set a filename trans query to return rules with a particular target
++ * symbol.  Symbol may be a type or attribute; if it is an alias then
++ * the query will convert it to its primary prior to searching.  If
++ * is_indirect is non-zero then the search will be done indirectly.
++ * If the symbol is a type, then the query matches rules with one of
++ * the type's attributes.  If the symbol is an attribute, then it
++ * matches rule with any of the attribute's types.
++ *
++ * @param p Policy handler, to report errors.
++ * @param r Role trans query to set.
++ * @param symbol Limit query to rules with this type or attribute as
++ * their target, or NULL to unset this field.
++ * @param is_indirect If non-zero, perform indirect matching.
++ *
++ * @return 0 on success, negative on error.
++ */
++       extern int apol_filename_trans_query_set_target(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *symbol,
++                                                   int is_indirect);
++
++/**
++ * Set a filename trans query to return rules with a particular default
++ * filename.  This field is ignored if
++ * apol_filename_trans_query_set_source_any() is set to non-zero.
++ *
++ * @param p Policy handler, to report errors.
++ * @param r Role trans query to set.
++ * @param filename Limit query to rules with this filename as their default, or
++ * NULL to unset this field.
++ *
++ * @return 0 on success, negative on error.
++ */
++       extern int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *filename);
++
++/**
++ * Set at filename_trans query to return rules with this object (non-common)
++ * class.  If more than one class are appended to the query, the
++ * rule's class must be one of those appended.  (I.e., the rule's
++ * class must be a member of the query's classes.)  Pass a NULL to
++ * clear all classes.  Note that this performs straight string
++ * comparison, ignoring the regex flag.
++
++ *
++ * @param p Policy handler, to report errors.
++ * @param t TE rule query to set.
++ * @param obj_class Name of object class to add to search set.
++ *
++ * @return 0 on success, negative on error.
++ */
++       extern int apol_filename_trans_query_append_class(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *obj_class);
++
++/**
++ * Set a filename trans query to treat the source filename as any.  That is,
++ * use the same symbol for either source or default of a
++ * filename_transition rule.  This flag does nothing if the source filename is
++ * not set.  Note that a filename_transition's target is a type, so thus
++ * this flag does not affect its searching.
++ *
++ * @param p Policy handler, to report errors.
++ * @param r Role trans query to set.
++ * @param is_any Non-zero to use source symbol for source or default
++ * field, 0 to keep source as only source.
++ *
++ * @return Always 0.
++ */
++       extern int apol_filename_trans_query_set_source_any(const apol_policy_t * p, apol_filename_trans_query_t * r, int is_any);
++
++/**
++ * Set a filename trans query to use regular expression searching for
++ * source, target, and default fields.  Strings will be treated as
++ * regexes instead of literals.  For the target type, matching will
++ * occur against the type name or any of its aliases.
++ *
++ * @param p Policy handler, to report errors.
++ * @param r Role trans query to set.
++ * @param is_regex Non-zero to enable regex searching, 0 to disable.
++ *
++ * @return Always 0.
++ */
++       extern int apol_filename_trans_query_set_regex(const apol_policy_t * p, apol_filename_trans_query_t * r, int is_regex);
++
++/**
++ *  Render a filename_transition rule to a string.
++ *
++ *  @param policy Policy handler, to report errors.
++ *  @param rule The rule to render.
++ *
++ *  @return A newly malloc()'d string representation of the rule, or NULL on
++ *  failure; if the call fails, errno will be set. The caller is responsible
++ *  for calling free() on the returned string.
++ */
++       extern char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filename_trans_t * rule);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif
+diff --git a/libapol/include/apol/policy-query.h b/libapol/include/apol/policy-query.h
+index 315f70e..665e4cb 100644
+--- a/libapol/include/apol/policy-query.h
++++ b/libapol/include/apol/policy-query.h
+@@ -71,6 +71,7 @@ extern "C"
+ #include "terule-query.h"
+ #include "condrule-query.h"
+ #include "rbacrule-query.h"
++#include "ftrule-query.h"
+ #include "range_trans-query.h"
+ #include "constraint-query.h"
+ 
+diff --git a/libapol/src/Makefile.am b/libapol/src/Makefile.am
+index 3fa4f06..baaa4f6 100644
+--- a/libapol/src/Makefile.am
++++ b/libapol/src/Makefile.am
+@@ -40,6 +40,7 @@ libapol_a_SOURCES = \
+        render.c \
+        role-query.c \
+        terule-query.c \
++       ftrule-query.c \
+        type-query.c \
+        types-relation-analysis.c \
+        user-query.c \
+diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
+new file mode 100644
+index 0000000..dc248de
+--- /dev/null
++++ b/libapol/src/ftrule-query.c
+@@ -0,0 +1,363 @@
++/**
++ * @file
++ *
++ * Provides a way for setools to make queries about type enforcement
++ * filename_transs within a policy.  The caller obtains a query object, fills in
++ * its parameters, and then runs the query; it obtains a vector of
++ * results.  Searches are conjunctive -- all fields of the search
++ * query must match for a datum to be added to the results query.
++ *
++ * @author Jeremy A. Mowery jmowery@tresys.com
++ * @author Jason Tang  jtang@tresys.com
++ *
++ * Copyright (C) 2006-2007 Tresys Technology, LLC
++ *
++ *  This library is free software; you can redistribute it and/or
++ *  modify it under the terms of the GNU Lesser General Public
++ *  License as published by the Free Software Foundation; either
++ *  version 2.1 of the License, or (at your option) any later version.
++ *
++ *  This library is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ *  Lesser General Public License for more details.
++ *
++ *  You should have received a copy of the GNU Lesser General Public
++ *  License along with this library; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ */
++
++#include "policy-query-internal.h"
++
++#include <errno.h>
++#include <string.h>
++
++struct apol_filename_trans_query
++{
++       char *source, *target, *default_type, *name;
++       apol_vector_t *classes;
++       unsigned int flags;
++};
++
++
++/******************** filename_transition queries ********************/
++
++int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
++{
++       apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
++       int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
++       char *bool_name = NULL;
++       *v = NULL;
++       unsigned int flags = 0;
++       qpol_iterator_t *iter = NULL, *type_iter = NULL;
++
++       if (t != NULL) {
++               flags = t->flags;
++               is_regex = t->flags & APOL_QUERY_REGEX;
++               if (t->source != NULL &&
++                   (source_list =
++                    apol_query_create_candidate_type_list(p, t->source, is_regex,
++                                                          t->flags & APOL_QUERY_SOURCE_INDIRECT,
++                                                          ((t->flags & (APOL_QUERY_SOURCE_TYPE | APOL_QUERY_SOURCE_ATTRIBUTE)) /
++                                                           APOL_QUERY_SOURCE_TYPE))) == NULL) {
++                       goto cleanup;
++               }
++
++               if ((t->flags & APOL_QUERY_SOURCE_AS_ANY) && t->source != NULL) {
++                       default_list = target_list = source_list;
++                       source_as_any = 1;
++               } else {
++                       if (t->target != NULL &&
++                           (target_list =
++                            apol_query_create_candidate_type_list(p, t->target, is_regex,
++                                                                  t->flags & APOL_QUERY_TARGET_INDIRECT,
++                                                                  ((t->
++                                                                    flags & (APOL_QUERY_TARGET_TYPE | APOL_QUERY_TARGET_ATTRIBUTE))
++                                                                   / APOL_QUERY_TARGET_TYPE))) == NULL) {
++                               goto cleanup;
++                       }
++                       if (t->default_type != NULL &&
++                           (default_list =
++                            apol_query_create_candidate_type_list(p, t->default_type, is_regex, 0,
++                                                                  APOL_QUERY_SYMBOL_IS_TYPE)) == NULL) {
++                               goto cleanup;
++                       }
++               }
++               if (t->classes != NULL &&
++                   apol_vector_get_size(t->classes) > 0 &&
++                   (class_list = apol_query_create_candidate_class_list(p, t->classes)) == NULL) {
++                       goto cleanup;
++               }
++       }
++
++       if (qpol_policy_get_filename_trans_iter(p->p, &iter) < 0) {
++               return -1;
++       }
++
++       if ((*v = apol_vector_create(NULL)) == NULL) {
++               ERR(p, "%s", strerror(errno));
++               goto cleanup;
++       }
++
++       for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++               qpol_filename_trans_t *filename_trans;
++               if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
++                       goto cleanup;
++               }
++               int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
++               size_t i;
++
++               if (source_list == NULL) {
++                       match_source = 1;
++               } else {
++                       const qpol_type_t *source_type;
++                       if (qpol_filename_trans_get_source_type(p->p, filename_trans, &source_type) < 0) {
++                               goto cleanup;
++                       }
++                       if (apol_vector_get_index(source_list, source_type, NULL, NULL, &i) == 0) {
++                               match_source = 1;
++                       }
++               }
++
++               /* if source did not match, but treating source symbol
++                * as any field, then delay rejecting this filename_trans until
++                * the target and default have been checked */
++               if (!source_as_any && !match_source) {
++                       continue;
++               }
++
++               if (target_list == NULL || (source_as_any && match_source)) {
++                       match_target = 1;
++               } else {
++                       const qpol_type_t *target_type;
++                       if (qpol_filename_trans_get_target_type(p->p, filename_trans, &target_type) < 0) {
++                               goto cleanup;
++                       }
++                       if (apol_vector_get_index(target_list, target_type, NULL, NULL, &i) == 0) {
++                               match_target = 1;
++                       }
++               }
++
++               if (!source_as_any && !match_target) {
++                       continue;
++               }
++
++               if (default_list == NULL || (source_as_any && match_source) || (source_as_any && match_target)) {
++                       match_default = 1;
++               } else {
++                       const qpol_type_t *default_type;
++                       if (qpol_filename_trans_get_default_type(p->p, filename_trans, &default_type) < 0) {
++                               goto cleanup;
++                       }
++                       if (apol_vector_get_index(default_list, default_type, NULL, NULL, &i) == 0) {
++                               match_default = 1;
++                       }
++               }
++
++               if (!source_as_any && !match_default) {
++                       continue;
++               }
++               /* at least one thing must match if source_as_any was given */
++               if (source_as_any && (!match_source && !match_target && !match_default)) {
++                       continue;
++               }
++
++               if (class_list != NULL) {
++                       const qpol_class_t *obj_class;
++                       if (qpol_filename_trans_get_object_class(p->p, filename_trans, &obj_class) < 0) {
++                               goto cleanup;
++                       }
++                       if (apol_vector_get_index(class_list, obj_class, NULL, NULL, &i) < 0) {
++                               continue;
++                       }
++               }
++
++               if (apol_vector_append(*v, filename_trans)) {
++                       ERR(p, "%s", strerror(ENOMEM));
++                       goto cleanup;
++               }
++       }
++
++       retval = 0;
++      cleanup:
++       if (retval != 0) {
++               apol_vector_destroy(v);
++       }
++       apol_vector_destroy(&source_list);
++       if (!source_as_any) {
++               apol_vector_destroy(&target_list);
++               apol_vector_destroy(&default_list);
++       }
++       apol_vector_destroy(&class_list);
++       return retval;
++}
++
++apol_filename_trans_query_t *apol_filename_trans_query_create(void)
++{
++       apol_filename_trans_query_t *t = calloc(1, sizeof(apol_filename_trans_query_t));
++       if (t != NULL) {
++               t->flags =
++                       (APOL_QUERY_SOURCE_TYPE | APOL_QUERY_SOURCE_ATTRIBUTE | APOL_QUERY_TARGET_TYPE |
++                        APOL_QUERY_TARGET_ATTRIBUTE);
++       }
++       return t;
++}
++
++void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** r)
++{
++       if (r != NULL && *r != NULL) {
++               free((*r)->source);
++               free((*r)->target);
++               free((*r)->default_type);
++               free((*r)->name);
++               free(*r);
++               *r = NULL;
++       }
++}
++
++int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename, int is_indirect)
++{
++       apol_query_set_flag(p, &t->flags, is_indirect, APOL_QUERY_TARGET_INDIRECT);
++       return apol_query_set(p, &t->source, NULL, filename);
++}
++
++int apol_filename_trans_query_set_target(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *type, int is_indirect)
++{
++       apol_query_set_flag(p, &t->flags, is_indirect, APOL_QUERY_TARGET_INDIRECT);
++       return apol_query_set(p, &t->target, NULL, type);
++}
++
++int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *symbol)
++{
++       return apol_query_set(p, &t->default_type, NULL, symbol);
++}
++
++int apol_filename_trans_query_append_class(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *obj_class)
++{
++       char *s = NULL;
++       if (obj_class == NULL) {
++               apol_vector_destroy(&t->classes);
++       } else if ((s = strdup(obj_class)) == NULL || (t->classes == NULL && (t->classes = apol_vector_create(free)) == NULL)
++                  || apol_vector_append(t->classes, s) < 0) {
++               ERR(p, "%s", strerror(errno));
++               free(s);
++               return -1;
++       }
++       return 0;
++}
++
++int apol_filename_trans_query_set_name(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename)
++{
++       return apol_query_set(p, &t->name, NULL, filename);
++}
++
++int apol_filename_trans_query_set_source_any(const apol_policy_t * p, apol_filename_trans_query_t * t, int is_any)
++{
++       return apol_query_set_flag(p, &t->flags, is_any, APOL_QUERY_SOURCE_AS_ANY);
++}
++
++int apol_filename_trans_query_set_regex(const apol_policy_t * p, apol_filename_trans_query_t * t, int is_regex)
++{
++       return apol_query_set_regex(p, &t->flags, is_regex);
++}
++
++char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filename_trans_t * filename_trans)
++{
++       char *tmp = NULL;
++       const char *tmp_name = NULL;
++       const char *filename_trans_type_str;
++       int error = 0;
++       size_t tmp_sz = 0;
++       uint32_t filename_trans_type = 0;
++       const qpol_type_t *type = NULL;
++       const qpol_class_t *obj_class = NULL;
++
++       if (!policy || !filename_trans) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return NULL;
++       }
++
++       /* source type */
++       if (qpol_filename_trans_get_source_type(policy->p, filename_trans, &type)) {
++               error = errno;
++               goto err;
++       }
++       if (qpol_type_get_name(policy->p, type, &tmp_name)) {
++               error = errno;
++               goto err;
++       }
++       if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
++               error = errno;
++               ERR(policy, "%s", strerror(error));
++               goto err;
++       }
++
++       /* target type */
++       if (qpol_filename_trans_get_target_type(policy->p, filename_trans, &type)) {
++               error = errno;
++               goto err;
++       }
++       if (qpol_type_get_name(policy->p, type, &tmp_name)) {
++               error = errno;
++               goto err;
++       }
++       if (apol_str_appendf(&tmp, &tmp_sz, "%s : ", tmp_name)) {
++               error = errno;
++               ERR(policy, "%s", strerror(error));
++               goto err;
++       }
++
++       /* object class */
++       if (qpol_filename_trans_get_object_class(policy->p, filename_trans, &obj_class)) {
++               error = errno;
++               goto err;
++       }
++       if (qpol_class_get_name(policy->p, obj_class, &tmp_name)) {
++               error = errno;
++               goto err;
++       }
++       if (apol_str_appendf(&tmp, &tmp_sz, "%s ", tmp_name)) {
++               error = errno;
++               ERR(policy, "%s", strerror(error));
++               goto err;
++       }
++
++       /* default type */
++       if (qpol_filename_trans_get_default_type(policy->p, filename_trans, &type)) {
++               error = errno;
++               goto err;
++       }
++       if (qpol_type_get_name(policy->p, type, &tmp_name)) {
++               error = errno;
++               goto err;
++       }
++       if (apol_str_appendf(&tmp, &tmp_sz, "%s", tmp_name)) {
++               error = errno;
++               ERR(policy, "%s", strerror(error));
++               goto err;
++       }
++
++       if (qpol_filename_trans_get_filename(policy->p, filename_trans, &tmp_name)) {
++               error = errno;
++               goto err;
++       }
++
++       if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
++               error = errno;
++               ERR(policy, "%s", strerror(error));
++               goto err;
++       }
++
++       if (apol_str_appendf(&tmp, &tmp_sz, ";")) {
++               error = errno;
++               ERR(policy, "%s", strerror(error));
++               goto err;
++       }
++       return tmp;
++
++      err:
++       free(tmp);
++       errno = error;
++       return NULL;
++}
+diff --git a/libapol/src/libapol.map b/libapol/src/libapol.map
+index 4894374..7657a2d 100644
+--- a/libapol/src/libapol.map
++++ b/libapol/src/libapol.map
+@@ -34,6 +34,7 @@ VERS_4.0{
+                apol_protocol_to_str;
+                apol_qpol_context_render;
+                apol_range_trans_*;
++               apol_filename_trans_*;
+                apol_relabel_*;
+                apol_role_*;
+                apol_role_allow_*;
+diff --git a/libqpol/include/qpol/Makefile.am b/libqpol/include/qpol/Makefile.am
+index b55acb7..9b570e1 100644
+--- a/libqpol/include/qpol/Makefile.am
++++ b/libqpol/include/qpol/Makefile.am
+@@ -25,6 +25,7 @@ qpol_HEADERS = \
+        role_query.h \
+        syn_rule_query.h \
+        terule_query.h \
++       ftrule_query.h \
+        type_query.h \
+        user_query.h \
+        util.h
+diff --git a/libqpol/include/qpol/ftrule_query.h b/libqpol/include/qpol/ftrule_query.h
+new file mode 100644
+index 0000000..1f533a4
+--- /dev/null
++++ b/libqpol/include/qpol/ftrule_query.h
+@@ -0,0 +1,116 @@
++/**
++ *  @file
++ *  Defines public interface for iterating over FTRULE rules.
++ *
++ *  @author Kevin Carr kcarr@tresys.com
++ *  @author Jeremy A. Mowery jmowery@tresys.com
++ *  @author Jason Tang jtang@tresys.com
++ *
++ *  Copyright (C) 2006-2007 Tresys Technology, LLC
++ *
++ *  This library is free software; you can redistribute it and/or
++ *  modify it under the terms of the GNU Lesser General Public
++ *  License as published by the Free Software Foundation; either
++ *  version 2.1 of the License, or (at your option) any later version.
++ *
++ *  This library is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ *  Lesser General Public License for more details.
++ *
++ *  You should have received a copy of the GNU Lesser General Public
++ *  License along with this library; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ */
++
++#ifndef QPOL_FTRULERULE_QUERY
++#define QPOL_FTRULERULE_QUERY
++
++#ifdef __cplusplus
++extern "C"
++{
++#endif
++
++#include <qpol/policy.h>
++#include <qpol/iterator.h>
++
++       typedef struct qpol_filename_trans qpol_filename_trans_t;
++
++/**
++ *  Get an iterator over all filename transition rules in the policy.
++ *  @param policy Policy from which to create the iterator.
++ *  @param iter Iterator over items of type qpol_filename_trans_t returned.
++ *  The caller is responsible for calling qpol_iterator_destroy()
++ *  to free memory used by this iterator.
++ *  It is important to note that this iterator is only valid as long as
++ *  the policy is unmodifed.
++ *  @returm 0 on success and < 0 on failure; if the call fails,
++ *  errno will be set and *iter will be NULL.
++ */
++       extern int qpol_policy_get_filename_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter);
++
++/**
++ *  Get the source type from a filename transition rule.
++ *  @param policy The policy from which the rule comes.
++ *  @param rule The rule from which to get the source type.
++ *  @param source Pointer in which to store the source type.
++ *  The caller should not free this pointer.
++ *  @return 0 on success and < 0 on failure; if the call fails,
++ *  errno will be set and *source will be NULL.
++ */
++       extern int qpol_filename_trans_get_source_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
++                                                  const qpol_type_t ** source);
++
++/**
++ *  Get the target type from a filename transition rule.
++ *  @param policy The policy from which the rule comes.
++ *  @param rule The rule from which to get the target type.
++ *  @param target Pointer in which to store the target type.
++ *  The caller should not free this pointer.
++ *  @return 0 on success and < 0 on failure; if the call fails,
++ *  errno will be set and *target will be NULL.
++ */
++       extern int qpol_filename_trans_get_target_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
++                                                  const qpol_type_t ** target);
++
++/**
++ *  Get the default type from a type rule.
++ *  @param policy Policy from which the rule comes.
++ *  @param rule The rule from which to get the default type.
++ *  @param dflt Pointer in which to store the default type.
++ *  The caller should not free this pointer.
++ *  @returm 0 on success and < 0 on failure; if the call fails,
++ *  errno will be set and *dflt will be NULL.
++ */
++       extern int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
++                                               const qpol_type_t ** dflt);
++
++/**
++ *  Get the object class from a type rule.
++ *  @param policy Policy from which the rule comes.
++ *  @param rule The rule from which to get the object class.
++ *  @param obj_class Pointer in which to store the object class.
++ *  The caller should not free this pointer.
++ *  @returm 0 on success and < 0 on failure; if the call fails,
++ *  errno will be set and *obj_class will be NULL.
++ */
++       extern int qpol_filename_trans_get_object_class(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
++                                               const qpol_class_t ** obj_class);
++
++/**
++ *  Get the transition filename type from a type rule.
++ *  @param policy Policy from which the rule comes.
++ *  @param rule The rule from which to get the transition filename.
++ *  @param target Pointer in which to store the transition filename.
++ *  The caller should not free this pointer.
++ *  @returm 0 on success and < 0 on failure; if the call fails,
++ *  errno will be set and *target will be NULL.
++ */
++       extern int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
++                                                      const char ** name);
++
++#ifdef __cplusplus
++}
++#endif
++
++#endif                                /* QPOL_FTRULERULE_QUERY */
+diff --git a/libqpol/include/qpol/policy.h b/libqpol/include/qpol/policy.h
+index ae4ea08..bf85718 100644
+--- a/libqpol/include/qpol/policy.h
++++ b/libqpol/include/qpol/policy.h
+@@ -55,6 +55,7 @@ extern "C"
+ #include <qpol/polcap_query.h>
+ #include <qpol/portcon_query.h>
+ #include <qpol/rbacrule_query.h>
++#include <qpol/ftrule_query.h>
+ #include <qpol/role_query.h>
+ #include <qpol/syn_rule_query.h>
+ #include <qpol/terule_query.h>
+diff --git a/libqpol/src/Makefile.am b/libqpol/src/Makefile.am
+index 34d87a6..0889a61 100644
+--- a/libqpol/src/Makefile.am
++++ b/libqpol/src/Makefile.am
+@@ -48,6 +48,7 @@ libqpol_a_SOURCES = \
+        syn_rule_internal.h \
+        syn_rule_query.c \
+        terule_query.c \
++       ftrule_query.c \
+        type_query.c \
+        user_query.c \
+        util.c \
+diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
+new file mode 100644
+index 0000000..d6db848
+--- /dev/null
++++ b/libqpol/src/ftrule_query.c
+@@ -0,0 +1,277 @@
++/**
++ *  @file
++ *  Defines public interface for iterating over RBAC rules.
++ *
++ *  @author Jeremy A. Mowery jmowery@tresys.com
++ *  @author Jason Tang jtang@tresys.com
++ *
++ *  Copyright (C) 2006-2007 Tresys Technology, LLC
++ *
++ *  This library is free software; you can redistribute it and/or
++ *  modify it under the terms of the GNU Lesser General Public
++ *  License as published by the Free Software Foundation; either
++ *  version 2.1 of the License, or (at your option) any later version.
++ *
++ *  This library is distributed in the hope that it will be useful,
++ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
++ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ *  Lesser General Public License for more details.
++ *
++ *  You should have received a copy of the GNU Lesser General Public
++ *  License along with this library; if not, write to the Free Software
++ *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++ */
++
++#include <qpol/iterator.h>
++#include <qpol/policy.h>
++#include <qpol/ftrule_query.h>
++#include <stdlib.h>
++#include "iterator_internal.h"
++#include "qpol_internal.h"
++#include <sepol/policydb/policydb.h>
++
++typedef struct filename_trans_state
++{
++       filename_trans_t *head;
++       filename_trans_t *cur;
++} filename_trans_state_t;
++
++static int filename_trans_state_end(const qpol_iterator_t * iter)
++{
++       filename_trans_state_t *fts = NULL;
++
++       if (!iter || !(fts = qpol_iterator_state(iter))) {
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       return fts->cur ? 0 : 1;
++}
++
++static void *filename_trans_state_get_cur(const qpol_iterator_t * iter)
++{
++       filename_trans_state_t *fts = NULL;
++       const policydb_t *db = NULL;
++
++       if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter)) || filename_trans_state_end(iter)) {
++               errno = EINVAL;
++               return NULL;
++       }
++
++       return fts->cur;
++}
++
++static int filename_trans_state_next(qpol_iterator_t * iter)
++{
++       filename_trans_state_t *fts = NULL;
++       const policydb_t *db = NULL;
++
++       if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter))) {
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       if (filename_trans_state_end(iter)) {
++               errno = ERANGE;
++               return STATUS_ERR;
++       }
++
++       fts->cur = fts->cur->next;
++
++       return STATUS_SUCCESS;
++}
++
++static size_t filename_trans_state_size(const qpol_iterator_t * iter)
++{
++       filename_trans_state_t *fts = NULL;
++       const policydb_t *db = NULL;
++       filename_trans_t *tmp = NULL;
++       size_t count = 0;
++
++       if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter))) {
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       for (tmp = fts->head; tmp; tmp = tmp->next)
++               count++;
++
++       return count;
++}
++
++int qpol_policy_get_filename_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter)
++{
++       policydb_t *db = NULL;
++       filename_trans_state_t *fts = NULL;
++       int error = 0;
++
++       if (iter)
++               *iter = NULL;
++
++       if (!policy || !iter) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       db = &policy->p->p;
++
++       fts = calloc(1, sizeof(filename_trans_state_t));
++       if (!fts) {
++               /* errno set by calloc */
++               ERR(policy, "%s", strerror(errno));
++               return STATUS_ERR;
++       }
++       fts->head = fts->cur = db->filename_trans;
++
++       if (qpol_iterator_create
++           (policy, (void *)fts, filename_trans_state_get_cur, filename_trans_state_next, filename_trans_state_end, filename_trans_state_size,
++            free, iter)) {
++               error = errno;
++               free(fts);
++               errno = error;
++               return STATUS_ERR;
++       }
++
++       return STATUS_SUCCESS;
++}
++
++int qpol_filename_trans_get_source_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** source)
++{
++       policydb_t *db = NULL;
++       filename_trans_t *ft = NULL;
++
++       if (source) {
++               *source = NULL;
++       }
++
++       if (!policy || !rule || !source) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       db = &policy->p->p;
++       ft = (filename_trans_t *) rule;
++
++       *source = (qpol_type_t *) db->type_val_to_struct[ft->stype - 1];
++
++       return STATUS_SUCCESS;
++}
++
++int qpol_filename_trans_get_target_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** target)
++{
++       policydb_t *db = NULL;
++       filename_trans_t *ft = NULL;
++
++       if (target) {
++               *target = NULL;
++       }
++
++       if (!policy || !rule || !target) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       db = &policy->p->p;
++       ft = (filename_trans_t *) rule;
++
++       *target = (qpol_type_t *) db->type_val_to_struct[ft->ttype - 1];
++
++       return STATUS_SUCCESS;
++}
++
++int qpol_filename_trans_get_object_class(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
++                                               const qpol_class_t ** obj_class)
++{
++       policydb_t *db = NULL;
++       filename_trans_t *ft = NULL;
++
++       if (obj_class) {
++               *obj_class = NULL;
++       }
++
++       if (!policy || !rule || !obj_class) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       db = &policy->p->p;
++       ft = (filename_trans_t *) rule;
++
++       *obj_class = (qpol_class_t *) db->class_val_to_struct[ft->tclass - 1];
++
++       return STATUS_SUCCESS;
++}
++
++int qpol_filename_trans_get_trans_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** output_type)
++{
++       policydb_t *db = NULL;
++       filename_trans_t *ft = NULL;
++
++       if (output_type) {
++               *output_type = NULL;
++       }
++
++       if (!policy || !rule || !output_type) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       db = &policy->p->p;
++       ft = (filename_trans_t *) rule;
++
++       *output_type = (qpol_type_t *) db->type_val_to_struct[ft->otype - 1];
++
++       return STATUS_SUCCESS;
++}
++
++int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** dflt)
++{
++       policydb_t *db = NULL;
++       filename_trans_t *ft = NULL;
++
++       if (dflt) {
++               *dflt = NULL;
++       }
++
++       if (!policy || !rule || !dflt) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       db = &policy->p->p;
++       ft = (filename_trans_t *) rule;
++
++       *dflt = (qpol_type_t *) db->type_val_to_struct[ft->otype - 1];
++
++       return STATUS_SUCCESS;
++}
++
++int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
++{
++       policydb_t *db = NULL;
++       filename_trans_t *ft = NULL;
++
++       if (name) {
++               *name = NULL;
++       }
++
++       if (!policy || !rule || !name) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return STATUS_ERR;
++       }
++
++       db = &policy->p->p;
++       ft = (filename_trans_t *) rule;
++
++       *name = ft->name;
++
++       return STATUS_SUCCESS;
++}
++
+diff --git a/libqpol/src/libqpol.map b/libqpol/src/libqpol.map
+index dd293bc..6973cca 100644
+--- a/libqpol/src/libqpol.map
++++ b/libqpol/src/libqpol.map
+@@ -34,6 +34,7 @@ VERS_1.2 {
+                qpol_policy_reevaluate_conds;
+                qpol_portcon_*;
+                qpol_range_trans_*;
++               qpol_filename_trans_*;
+                qpol_role_*;
+                qpol_syn_avrule_*;
+                qpol_syn_terule_*;
+diff --git a/libqpol/src/module_compiler.c b/libqpol/src/module_compiler.c
+index dc19798..b06e285 100644
+--- a/libqpol/src/module_compiler.c
++++ b/libqpol/src/module_compiler.c
+@@ -1247,6 +1247,18 @@ void append_role_allow(role_allow_rule_t * role_allow_rules)
+ }
+ 
+ /* this doesn't actually append, but really prepends it */
++void append_filename_trans(filename_trans_rule_t * filename_trans_rules)
++{
++       avrule_decl_t *decl = stack_top->decl;
++
++       /* filename transitions are not allowed within conditionals */
++       assert(stack_top->type == 1);
++
++       filename_trans_rules->next = decl->filename_trans_rules;
++       decl->filename_trans_rules = filename_trans_rules;
++}
++
++/* this doesn't actually append, but really prepends it */
+ void append_range_trans(range_trans_rule_t * range_tr_rules)
+ {
+        avrule_decl_t *decl = stack_top->decl;
+diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
+index c94f7aa..0f3a45a 100644
+--- a/libqpol/src/policy_define.c
++++ b/libqpol/src/policy_define.c
+@@ -2133,7 +2133,7 @@ int define_role_trans(void)
+ 
+        /* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
+ #ifdef HAVE_SEPOL_USER_ROLE_MAPPING
+-       if (role_set_expand(&roles, &e_roles, policydbp, NULL))
++       if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
+ #else
+        if (role_set_expand(&roles, &e_roles, policydbp))
+ #endif
+@@ -2226,6 +2226,190 @@ int define_role_allow(void)
+        return 0;
+ }
+ 
++avrule_t *define_cond_filename_trans(void)
++{
++       yyerror("type transitions with a filename not allowed inside "
++               "conditionals\n");
++       return COND_ERR;
++}
++
++int define_filename_trans(void)
++{
++       char *id, *name = NULL;
++       type_set_t stypes, ttypes;
++       ebitmap_t e_stypes, e_ttypes;
++       ebitmap_t e_tclasses;
++       ebitmap_node_t *snode, *tnode, *cnode;
++       filename_trans_t *ft;
++       filename_trans_rule_t *ftr;
++       class_datum_t *cladatum;
++       type_datum_t *typdatum;
++       uint32_t otype;
++       unsigned int c, s, t;
++       int add;
++
++       if (pass == 1) {
++               /* stype */
++               while ((id = queue_remove(id_queue)))
++                       free(id);
++               /* ttype */
++               while ((id = queue_remove(id_queue)))
++                       free(id);
++               /* tclass */
++               while ((id = queue_remove(id_queue)))
++                       free(id);
++               /* otype */
++               id = queue_remove(id_queue);
++               free(id);
++               /* name */
++               id = queue_remove(id_queue);
++               free(id);
++               return 0;
++       }
++
++
++       add = 1;
++       type_set_init(&stypes);
++       while ((id = queue_remove(id_queue))) {
++               if (set_types(&stypes, id, &add, 0))
++                       goto bad;
++       }
++
++       add =1;
++       type_set_init(&ttypes);
++       while ((id = queue_remove(id_queue))) {
++               if (set_types(&ttypes, id, &add, 0))
++                       goto bad;
++       }
++
++       ebitmap_init(&e_tclasses);
++       while ((id = queue_remove(id_queue))) {
++               if (!is_id_in_scope(SYM_CLASSES, id)) {
++                       yyerror2("class %s is not within scope", id);
++                       free(id);
++                       goto bad;
++               }
++               cladatum = hashtab_search(policydbp->p_classes.table, id);
++               if (!cladatum) {
++                       yyerror2("unknown class %s", id);
++                       goto bad;
++               }
++               if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) {
++                       yyerror("Out of memory");
++                       goto bad;
++               }
++               free(id);
++       }
++
++       id = (char *)queue_remove(id_queue);
++       if (!id) {
++               yyerror("no otype in transition definition?");
++               goto bad;
++       }
++       if (!is_id_in_scope(SYM_TYPES, id)) {
++               yyerror2("type %s is not within scope", id);
++               free(id);
++               goto bad;
++       }
++       typdatum = hashtab_search(policydbp->p_types.table, id);
++       if (!typdatum) {
++               yyerror2("unknown type %s used in transition definition", id);
++               goto bad;
++       }
++       free(id);
++       otype = typdatum->s.value;
++
++       name = queue_remove(id_queue);
++       if (!name) {
++               yyerror("no pathname specified in filename_trans definition?");
++               goto bad;
++       }
++
++       /* We expand the class set into seperate rules.  We expand the types
++        * just to make sure there are not duplicates.  They will get turned
++        * into seperate rules later */
++       ebitmap_init(&e_stypes);
++       if (type_set_expand(&stypes, &e_stypes, policydbp, 1))
++               goto bad;
++
++       ebitmap_init(&e_ttypes);
++       if (type_set_expand(&ttypes, &e_ttypes, policydbp, 1))
++               goto bad;
++
++       ebitmap_for_each_bit(&e_tclasses, cnode, c) {
++               if (!ebitmap_node_get_bit(cnode, c))
++                       continue;
++               ebitmap_for_each_bit(&e_stypes, snode, s) {
++                       if (!ebitmap_node_get_bit(snode, s))
++                               continue;
++                       ebitmap_for_each_bit(&e_ttypes, tnode, t) {
++                               if (!ebitmap_node_get_bit(tnode, t))
++                                       continue;
++       
++                               for (ft = policydbp->filename_trans; ft; ft = ft->next) {
++                                       if (ft->stype == (s + 1) &&
++                                           ft->ttype == (t + 1) &&
++                                           ft->tclass == (c + 1) &&
++                                           !strcmp(ft->name, name)) {
++                                               yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
++                                                        name, 
++                                                        policydbp->p_type_val_to_name[s],
++                                                        policydbp->p_type_val_to_name[t],
++                                                        policydbp->p_class_val_to_name[c]);
++                                               goto bad;
++                                       }
++                               }
++       
++                               ft = malloc(sizeof(*ft));
++                               if (!ft) {
++                                       yyerror("out of memory");
++                                       goto bad;
++                               }
++                               memset(ft, 0, sizeof(*ft));
++       
++                               ft->next = policydbp->filename_trans;
++                               policydbp->filename_trans = ft;
++       
++                               ft->name = strdup(name);
++                               if (!ft->name) {
++                                       yyerror("out of memory");
++                                       goto bad;
++                               }
++                               ft->stype = s + 1;
++                               ft->ttype = t + 1;
++                               ft->tclass = c + 1;
++                               ft->otype = otype;
++                       }
++               }
++       
++               /* Now add the real rule since we didn't find any duplicates */
++               ftr = malloc(sizeof(*ftr));
++               if (!ftr) {
++                       yyerror("out of memory");
++                       goto bad;
++               }
++               filename_trans_rule_init(ftr);
++               append_filename_trans(ftr);
++
++               ftr->name = strdup(name);
++               ftr->stypes = stypes;
++               ftr->ttypes = ttypes;
++               ftr->tclass = c + 1;
++               ftr->otype = otype;
++       }
++
++       free(name);
++       ebitmap_destroy(&e_stypes);
++       ebitmap_destroy(&e_ttypes);
++       ebitmap_destroy(&e_tclasses);
++
++       return 0;
++
++bad:
++       free(name);
++       return -1;
++}
++
+ static constraint_expr_t *constraint_expr_clone(constraint_expr_t * expr)
+ {
+        constraint_expr_t *h = NULL, *l = NULL, *e, *newe;
+diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y
+index 84f4114..dc16c6f 100644
+--- a/libqpol/src/policy_parse.y
++++ b/libqpol/src/policy_parse.y
+@@ -98,6 +98,7 @@ extern char *qpol_src_inputlim;/* end of data */
+ %type <require_func> require_decl_def
+ 
+ %token PATH
++%token FILENAME
+ %token CLONE
+ %token COMMON
+ %token CLASS
+@@ -360,7 +361,10 @@ cond_rule_def           : cond_transition_def
+                        | require_block
+                        { $$ = NULL; }
+                         ;
+-cond_transition_def    : TYPE_TRANSITION names names ':' names identifier ';'
++cond_transition_def    : TYPE_TRANSITION names names ':' names identifier filename ';'
++                        { $$ = define_cond_filename_trans() ;
++                          if ($$ == COND_ERR) return -1;}
++                        | TYPE_TRANSITION names names ':' names identifier ';'
+                         { $$ = define_cond_compute_type(AVRULE_TRANSITION) ;
+                           if ($$ == COND_ERR) return -1;}
+                         | TYPE_MEMBER names names ':' names identifier ';'
+@@ -395,7 +399,9 @@ cond_dontaudit_def  : DONTAUDIT names names ':' names names ';'
+                        { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
+                           if ($$ == COND_ERR) return -1; }
+                        ;
+-transition_def         : TYPE_TRANSITION names names ':' names identifier ';'
++transition_def         : TYPE_TRANSITION  names names ':' names identifier filename ';'
++                       {if (define_filename_trans()) return -1; }
++                       | TYPE_TRANSITION names names ':' names identifier ';'
+                         {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
+                         | TYPE_MEMBER names names ':' names identifier ';'
+                         {if (define_compute_type(AVRULE_MEMBER)) return -1;}
+@@ -752,6 +758,9 @@ identifier          : IDENTIFIER
+ path                   : PATH
+                        { if (insert_id(yytext,0)) return -1; }
+                        ;
++filename               : FILENAME
++                       { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
++                       ;
+ number                 : NUMBER 
+                        { $$ = strtoul(yytext,NULL,0); }
+                        ;
+diff --git a/libqpol/src/policy_scan.l b/libqpol/src/policy_scan.l
+index 75485f3..30203cd 100644
+--- a/libqpol/src/policy_scan.l
++++ b/libqpol/src/policy_scan.l
+@@ -235,6 +235,7 @@ POLICYCAP                   { return(POLICYCAP); }
+ permissive |
+ PERMISSIVE                     { return(PERMISSIVE); }
+ "/"({alnum}|[_\.\-/])*         { return(PATH); }
++\"({alnum}|[_\.\-])+\"                 { return(FILENAME); }
+ {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*        { return(IDENTIFIER); }
+ {digit}+|0x{hexval}+            { return(NUMBER); }
+ {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
+diff --git a/secmds/sesearch.c b/secmds/sesearch.c
+index ec0315f..e44b3bc 100644
+--- a/secmds/sesearch.c
++++ b/secmds/sesearch.c
+@@ -575,6 +575,95 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
+        free(expr);
+ }
+ 
++static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
++{
++       apol_filename_trans_query_t *ftq = NULL;
++       int error = 0;
++
++       if (!policy || !opt || !v) {
++               ERR(policy, "%s", strerror(EINVAL));
++               errno = EINVAL;
++               return -1;
++       }
++
++       if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
++               *v = NULL;
++               return 0;              /* no search to do */
++       }
++
++       ftq = apol_filename_trans_query_create();
++       if (!ftq) {
++               ERR(policy, "%s", strerror(ENOMEM));
++               errno = ENOMEM;
++               return -1;
++       }
++
++       apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
++       if (opt->src_name) {
++               if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
++                       error = errno;
++                       goto err;
++               }
++       }
++       if (opt->tgt_name) {
++               if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
++                       error = errno;
++                       goto err;
++               }
++       }
++
++       if (apol_filename_trans_get_by_query(policy, ftq, v)) {
++               error = errno;
++               goto err;
++       }
++
++       apol_filename_trans_query_destroy(&ftq);
++       return 0;
++
++      err:
++       apol_vector_destroy(v);
++       apol_filename_trans_query_destroy(&ftq);
++       ERR(policy, "%s", strerror(error));
++       errno = error;
++       return -1;
++}
++
++static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
++{
++       qpol_policy_t *q = apol_policy_get_qpol(policy);
++       size_t i, num_rules = 0;
++       const qpol_filename_trans_t *rule = NULL;
++       char *tmp = NULL, *rule_str = NULL, *expr = NULL;
++       char enable_char = ' ', branch_char = ' ';
++       qpol_iterator_t *iter = NULL;
++       const qpol_cond_t *cond = NULL;
++       uint32_t enabled = 0, list = 0;
++
++       if (!(num_rules = apol_vector_get_size(v)))
++               goto cleanup;
++
++       fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
++
++       for (i = 0; i < num_rules; i++) {
++               enable_char = branch_char = ' ';
++               if (!(rule = apol_vector_get_element(v, i)))
++                       goto cleanup;
++
++               if (!(rule_str = apol_filename_trans_render(policy, rule)))
++                       goto cleanup;
++               fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
++               free(rule_str);
++               rule_str = NULL;
++               free(expr);
++               expr = NULL;
++       }
++
++      cleanup:
++       free(tmp);
++       free(rule_str);
++       free(expr);
++}
++
+ static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
+ {
+        apol_role_allow_query_t *raq = NULL;
+@@ -1128,6 +1217,18 @@ int main(int argc, char **argv)
+                        print_te_results(policy, &cmd_opts, v);
+                fprintf(stdout, "\n");
+        }
++
++       if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
++               apol_vector_destroy(&v);
++               if (perform_ft_query(policy, &cmd_opts, &v)) {
++                       rt = 1;
++                       goto cleanup;
++               }
++
++               print_ft_results(policy, &cmd_opts, v);
++               fprintf(stdout, "\n");
++       }
++
+        apol_vector_destroy(&v);
+        if (perform_ra_query(policy, &cmd_opts, &v)) {
+                rt = 1;
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Don-t-build-python-bindings-if-disabled.patch b/recipes-security/setools/setools/setools-Don-t-build-python-bindings-if-disabled.patch
new file mode 100644
index 0000000..9a93d86
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Don-t-build-python-bindings-if-disabled.patch
@@ -0,0 +1,29 @@
+From 5bf63cd7d9c2af5648b705784a5990414de64a3b Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 18:13:00 +0800
+Subject: [PATCH] setools: Don't build python bindings if disabled.
+
+---
+ Makefile.am |    6 +++++-
+ 1 files changed, 5 insertions(+), 1 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 176c8ea..d33c65c 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -10,7 +10,11 @@ if BUILD_GUI
+ endif
+ # sediffx is also built conditionally, from sediffx/Makefile.am
+ 
+-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python
++if DO_SWIGIFY_PYTHON
++  MAYBE_PY = python
++endif
++
++SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) $(MAYBE_PY)
+ 
+ #old indent opts
+ #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch b/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
new file mode 100644
index 0000000..ed841e8
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
@@ -0,0 +1,25 @@
+From 7515aa80e7ead8d3016ea161e5d0eb9c59399278 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 14:36:19 +0800
+Subject: [PATCH] setools: Don't check selinux policies if disabled.
+
+---
+ configure.ac |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index e1db271..899e5e9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -390,7 +390,7 @@ if test "x${enable_selinux_check}" = "xyes"; then
+       use_selinux=yes
+   fi
+ else
+-      use_selinux=yes
++      use_selinux=no
+ fi
+ 
+ AC_CACHE_SAVE
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch b/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
new file mode 100644
index 0000000..455da1e
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
@@ -0,0 +1,80 @@
+From ecaccf49ee95fe2c3a57a0d2184aaec98a967172 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 10:53:36 +0800
+Subject: [PATCH 3/7] setools: Fix man pages and getoptions
+
+Integrated from Fedora:
+https://community.dev.fedoraproject.org/packages/setools/sources/patches/
+---
+ man/replcon.1            |    2 ++
+ man/seinfo.1             |    6 +++++-
+ seaudit/seaudit-report.c |    2 +-
+ sediff/sediff.c          |    2 +-
+ 4 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/man/replcon.1 b/man/replcon.1
+index 8aca08a..478dc51 100644
+--- a/man/replcon.1
++++ b/man/replcon.1
+@@ -44,6 +44,8 @@ Search for files which include PATH.
+ .IP "-c CLASS, --class=CLASS"
+ Search only files of object class CLASS.
+ .SH OPTIONS
++.IP "-R, --regex"
++Enable regular expressions
+ .IP "-v, --verbose"
+ Display context info during replacement.
+ .IP "-h, --help"
+diff --git a/man/seinfo.1 b/man/seinfo.1
+index 8612119..6bc17db 100644
+--- a/man/seinfo.1
++++ b/man/seinfo.1
+@@ -76,6 +76,10 @@ There is no expanded information for this component.
+ .IP "--nodecon[=ADDR]"
+ Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
+ There is no expanded information for this component.
++.IP "--polcap"
++Print policy capabilities.
++.IP "--permissive"
++Print permissive types.
+ .IP "--portcon[=PORT]"
+ Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
+ There is no expanded information for this component.
+@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss
+ This option is not available for all component types; see the description of each component for the details this option will provide.
+ .IP "--stats"
+ Print policy statistics including policy type and version information and counts of all components and rules.
+-.IP "-l"
++.IP "-l, --line-breaks"
+ Print line breaks when displaying constraint statements.
+ .IP "-h, --help"
+ Print help information and exit.
+diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c
+index af3c6fb..d436c18 100644
+--- a/seaudit/seaudit-report.c
++++ b/seaudit/seaudit-report.c
+@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief)
+        printf("  -s, --stdin              read log data from standard input\n");
+        printf("  -m, --malformed          include malformed log messages\n");
+        printf("  -o FILE, --output=FILE   output to FILE\n");
+-       printf("  --config=FILE            read configuration from FILE\n");
++       printf("  -c FILE, --config=FILE   read configuration from FILE\n");
+        printf("  --html                   set output format to HTML\n");
+        printf("  --stylesheet=FILE        HTML style sheet for formatting HTML report\n");
+        printf("                           (ignored if --html is not given)\n");
+diff --git a/sediff/sediff.c b/sediff/sediff.c
+index 6022775..341c650 100644
+--- a/sediff/sediff.c
++++ b/sediff/sediff.c
+@@ -420,7 +420,7 @@ int main(int argc, char **argv)
+        poldiff_t *diff = NULL;
+        size_t total = 0;
+ 
+-       while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
++       while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
+                switch (optc) {
+                case 0:
+                        break;
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch b/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
new file mode 100644
index 0000000..c397aa6
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
@@ -0,0 +1,36 @@
+From 81f2221ab707ca8d5e204b0f9be61d537888e439 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 11:03:00 +0800
+Subject: [PATCH 7/7] setools: Fix output to match policy lines
+
+Integrated from Fedora:
+https://community.dev.fedoraproject.org/packages/setools/sources/patches/
+---
+ libapol/src/ftrule-query.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
+index 9c7a23b..1d5f5c8 100644
+--- a/libapol/src/ftrule-query.c
++++ b/libapol/src/ftrule-query.c
+@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
+                error = errno;
+                goto err;
+        }
+-       if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
++       if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) {
+                error = errno;
+                ERR(policy, "%s", strerror(error));
+                goto err;
+@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
+                goto err;
+        }
+ 
+-       if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
++       if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) {
+                error = errno;
+                ERR(policy, "%s", strerror(error));
+                goto err;
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch b/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
new file mode 100644
index 0000000..c4d062a
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
@@ -0,0 +1,33 @@
+From 7d386c429202b393aa4ca281a11b5e1f2259b109 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 15:43:41 +0800
+Subject: [PATCH] setools: Fix python/setools/Makefile.am for cross.
+
+---
+ python/setools/Makefile.am |    6 +++---
+ 1 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/python/setools/Makefile.am b/python/setools/Makefile.am
+index c4635fb..80aa385 100644
+--- a/python/setools/Makefile.am
++++ b/python/setools/Makefile.am
+@@ -22,13 +22,13 @@ sesearch_SOURCES = sesearch.c
+ python-build: sesearch.c seinfo.c
+        @mkdir -p setools
+        @cp __init__.py setools
+-       LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
++       CC="${CC}" LDSHARED="$(CC) -shared" LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG) $(PYTHON_LDFLAGS)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS) $(PYTHON_CPPFLAGS)" ${PYTHON} setup.py build 
+ 
+ install-exec-hook:
+-       $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++       $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)`
+ 
+ uninstall-hook: 
+-       $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
++       $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)`
+ 
+ clean-local:
+        $(PYTHON) setup.py clean -a 
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
new file mode 100644
index 0000000..8519ab2
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
@@ -0,0 +1,36 @@
+From 16d3a0b41273be4289f70d1d63fb983721bb60c0 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 10:54:55 +0800
+Subject: [PATCH 4/7] setools: Fix sepol calls to work with latest libsepol
+
+Integrated from Fedora:
+https://community.dev.fedoraproject.org/packages/setools/sources/patches/
+---
+ configure.ac |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index e837e03..3c11e23 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
+                   [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+-  return role_set_expand(NULL, NULL, NULL, NULL);
++  return role_set_expand(NULL, NULL, NULL, NULL, NULL);
+ }])],
+                   sepol_new_user_role_mapping="yes",
+                   sepol_new_user_role_mapping="no")
+@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
+                          [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+-  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
++  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
+ }])],
+                          AC_MSG_RESULT([yes]),
+                          AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch b/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
new file mode 100644
index 0000000..7b6e539
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
@@ -0,0 +1,25 @@
+From 5f574dc0fb68fe07c5b611ca34c01b8484735aab Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 14:47:44 +0800
+Subject: [PATCH] setools: Fix "test" bug for unary operator.
+
+configure: line 22969: test: =: unary operator expected
+---
+ configure.ac |    1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 899e5e9..6854c69 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -233,6 +233,7 @@ if test ${do_swigify} = "yes"; then
+    AC_PROG_SWIG(2.0.0)
+ fi
+ build_apol=yes
++do_swigify_tcl=no
+ AC_ARG_ENABLE(swig-tcl,
+               AC_HELP_STRING([--enable-swig-tcl],
+                              [build SWIG interfaces for Tcl (default)]),
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-Remove-unused-variables.patch b/recipes-security/setools/setools/setools-Remove-unused-variables.patch
new file mode 100644
index 0000000..f991819
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Remove-unused-variables.patch
@@ -0,0 +1,279 @@
+From d8a4502fae7118796558e523a6dc0a6a5f9adec9 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 11:02:10 +0800
+Subject: [PATCH 6/7] setools: Remove unused variables
+
+Integrated from Fedora:
+https://community.dev.fedoraproject.org/packages/setools/sources/patches/
+---
+ libapol/src/ftrule-query.c |   11 ++----
+ libqpol/src/ftrule_query.c |    2 -
+ secmds/sesearch.c          |   86 +++++++++++++++++++++++++++++++++-----------
+ 3 files changed, 68 insertions(+), 31 deletions(-)
+
+diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
+index dc248de..9c7a23b 100644
+--- a/libapol/src/ftrule-query.c
++++ b/libapol/src/ftrule-query.c
+@@ -45,14 +45,11 @@ struct apol_filename_trans_query
+ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
+ {
+        apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
+-       int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
+-       char *bool_name = NULL;
++       int retval = -1, source_as_any = 0, is_regex = 0;
+        *v = NULL;
+-       unsigned int flags = 0;
+-       qpol_iterator_t *iter = NULL, *type_iter = NULL;
++       qpol_iterator_t *iter = NULL;
+ 
+        if (t != NULL) {
+-               flags = t->flags;
+                is_regex = t->flags & APOL_QUERY_REGEX;
+                if (t->source != NULL &&
+                    (source_list =
+@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam
+                if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
+                        goto cleanup;
+                }
+-               int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
++               int match_source = 0, match_target = 0, match_default = 0;
+                size_t i;
+ 
+                if (source_list == NULL) {
+@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
+ {
+        char *tmp = NULL;
+        const char *tmp_name = NULL;
+-       const char *filename_trans_type_str;
+        int error = 0;
+        size_t tmp_sz = 0;
+-       uint32_t filename_trans_type = 0;
+        const qpol_type_t *type = NULL;
+        const qpol_class_t *obj_class = NULL;
+ 
+diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
+index d6db848..3148d30 100644
+--- a/libqpol/src/ftrule_query.c
++++ b/libqpol/src/ftrule_query.c
+@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo
+ 
+ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
+ {
+-       policydb_t *db = NULL;
+        filename_trans_t *ft = NULL;
+ 
+        if (name) {
+@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi
+                return STATUS_ERR;
+        }
+ 
+-       db = &policy->p->p;
+        ft = (filename_trans_t *) rule;
+ 
+        *name = ft->name;
+diff --git a/secmds/sesearch.c b/secmds/sesearch.c
+index e44b3bc..319ffe7 100644
+--- a/secmds/sesearch.c
++++ b/secmds/sesearch.c
+@@ -72,6 +72,7 @@ static struct option const longopts[] = {
+ 
+        {"source", required_argument, NULL, 's'},
+        {"target", required_argument, NULL, 't'},
++       {"default", required_argument, NULL, 'D'},
+        {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
+        {"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
+        {"class", required_argument, NULL, 'c'},
+@@ -92,6 +93,7 @@ typedef struct options
+ {
+        char *src_name;
+        char *tgt_name;
++       char *default_name;
+        char *src_role_name;
+        char *tgt_role_name;
+        char *class_name;
+@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
+                                tmp = apol_cond_expr_render(policy, cond);
+                                enable_char = (enabled ? 'E' : 'D');
+                                branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
+-                               asprintf(&expr, "[ %s ]", tmp);
++                               if (asprintf(&expr, "[ %s ]", tmp) < 0)
++                                       goto cleanup;
+                                free(tmp);
+                                tmp = NULL;
+                                if (!expr)
+@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
+                                qpol_iterator_destroy(&iter);
+                                enable_char = (enabled ? 'E' : 'D');
+                                branch_char = (list ? 'T' : 'F');
+-                               asprintf(&expr, "[ %s ]", tmp);
++                               if (asprintf(&expr, "[ %s ]", tmp) < 0)
++                                       goto cleanup;
+                                free(tmp);
+                                tmp = NULL;
+                                if (!expr)
+@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
+                                tmp = apol_cond_expr_render(policy, cond);
+                                enable_char = (enabled ? 'E' : 'D');
+                                branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
+-                               asprintf(&expr, "[ %s ]", tmp);
++                               if (asprintf(&expr, "[ %s ]", tmp) < 0)
++                                       goto cleanup;
+                                free(tmp);
+                                tmp = NULL;
+                                if (!expr)
+@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
+                                qpol_iterator_destroy(&iter);
+                                enable_char = (enabled ? 'E' : 'D');
+                                branch_char = (list ? 'T' : 'F');
+-                               asprintf(&expr, "[ %s ]", tmp);
++                               if (asprintf(&expr, "[ %s ]", tmp) < 0)
++                                       goto cleanup;
+                                free(tmp);
+                                tmp = NULL;
+                                if (!expr)
+@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
+                return -1;
+        }
+ 
+-       if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
++       if (!opt->type && !opt->all) {
+                *v = NULL;
+                return 0;              /* no search to do */
+        }
+@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
+ 
+        apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
+        if (opt->src_name) {
+-               if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
++               if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
+                        error = errno;
+                        goto err;
+                }
+        }
++
+        if (opt->tgt_name) {
+                if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
+                        error = errno;
+                        goto err;
+                }
+        }
++       if (opt->default_name) {
++               if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
++                       error = errno;
++                       goto err;
++               }
++       }
++
++       if (opt->class_name) {
++               if (opt->class_vector == NULL) {
++                       if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
++                               error = errno;
++                               goto err;
++                       }
++               } else {
++                       for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
++                               char *class_name;
++                               class_name = apol_vector_get_element(opt->class_vector, i);
++                               if (!class_name)
++                                       continue;
++                               if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
++                                       error = errno;
++                                       goto err;
++                               }
++                       }
++               }
++       }
+ 
+        if (apol_filename_trans_get_by_query(policy, ftq, v)) {
+                error = errno;
+@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
+ 
+ static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
+ {
+-       qpol_policy_t *q = apol_policy_get_qpol(policy);
+-       size_t i, num_rules = 0;
+-       const qpol_filename_trans_t *rule = NULL;
+-       char *tmp = NULL, *rule_str = NULL, *expr = NULL;
++       size_t i, num_filename_trans = 0;
++       const qpol_filename_trans_t *filename_trans = NULL;
++       char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
+        char enable_char = ' ', branch_char = ' ';
+        qpol_iterator_t *iter = NULL;
+        const qpol_cond_t *cond = NULL;
+        uint32_t enabled = 0, list = 0;
+ 
+-       if (!(num_rules = apol_vector_get_size(v)))
++       if (!(num_filename_trans = apol_vector_get_size(v)))
+                goto cleanup;
+ 
+-       fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
++       fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
+ 
+-       for (i = 0; i < num_rules; i++) {
++       for (i = 0; i < num_filename_trans; i++) {
+                enable_char = branch_char = ' ';
+-               if (!(rule = apol_vector_get_element(v, i)))
++               if (!(filename_trans = apol_vector_get_element(v, i)))
+                        goto cleanup;
+ 
+-               if (!(rule_str = apol_filename_trans_render(policy, rule)))
++               if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
+                        goto cleanup;
+-               fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
+-               free(rule_str);
+-               rule_str = NULL;
++               fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
++               free(filename_trans_str);
++               filename_trans_str = NULL;
+                free(expr);
+                expr = NULL;
+        }
+ 
+       cleanup:
+        free(tmp);
+-       free(rule_str);
++       free(filename_trans_str);
+        free(expr);
+ }
+ 
+@@ -930,7 +962,7 @@ int main(int argc, char **argv)
+ 
+        memset(&cmd_opts, 0, sizeof(cmd_opts));
+        cmd_opts.indirect = true;
+-       while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
++       while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
+                switch (optc) {
+                case 0:
+                        break;
+@@ -946,6 +978,18 @@ int main(int argc, char **argv)
+                                exit(1);
+                        }
+                        break;
++               case 'D':              /* source */
++                       if (optarg == 0) {
++                               usage(argv[0], 1);
++                               printf("Missing source default type for -D (--default)\n");
++                               exit(1);
++                       }
++                       cmd_opts.default_name = strdup(optarg);
++                       if (!cmd_opts.default_name) {
++               
++                               exit(1);
++                       }
++                       break;
+                case 't':              /* target */
+                        if (optarg == 0) {
+                                usage(argv[0], 1);
+@@ -1218,7 +1262,7 @@ int main(int argc, char **argv)
+                fprintf(stdout, "\n");
+        }
+ 
+-       if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
++       if (cmd_opts.all || cmd_opts.type) {
+                apol_vector_destroy(&v);
+                if (perform_ft_query(policy, &cmd_opts, &v)) {
+                        rt = 1;
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools-configure-ac.patch b/recipes-security/setools/setools/setools-configure-ac.patch
new file mode 100644
index 0000000..5b8e440
--- /dev/null
+++ b/recipes-security/setools/setools/setools-configure-ac.patch
@@ -0,0 +1,107 @@
+---
+ configure.ac |   37 ++++++++++++++-----------------------
+ 1 file changed, 14 insertions(+), 23 deletions(-)
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -216,9 +216,6 @@
+    do_swigify_java=yes
+    do_swigify=yes
+ fi
+-
+-AM_PATH_PYTHON(2.7)
+-
+ AC_ARG_ENABLE(swig-python,
+               AC_HELP_STRING([--enable-swig-python],
+                              [build SWIG interfaces for Python]),
+@@ -227,6 +224,7 @@
+    if test ${do_swigify} = no; then
+       AC_PROG_SWIG(2.0.0)
+    fi
++   AM_PATH_PYTHON(2.7)
+    SWIG_PYTHON
+    do_swigify_python=yes
+    do_swigify=yes
+@@ -411,32 +409,19 @@
+             selinux_devel="/usr")
+ sepol_devel_incdir="${sepol_devel}/include"
+ selinux_devel_incdir="${selinux_devel}/include"
+-dnl if /lib64 exists then use that directory, otherwise revert to just /lib
+-for dir in lib64 lib ; do
+-  sepol_devel_libdir="${sepol_devel}/${dir}"
+-  if test -f ${sepol_devel_libdir}/libsepol.so ; then
+-    break
+-  fi
+-done
+-for dir in lib64 lib ; do
+-  selinux_devel_libdir="${selinux_devel}/${dir}"
+-  if test -f ${selinux_devel_libdir}/libselinux.so ; then
+-    break
+-  fi
+-done
++dnl We pass in sepol_devel of usr/lib{32/64}/.., dirname strips the ..
++sepol_devel_libdir=`dirname ${sepol_devel}`
++selinux_devel_libdir=`dirname ${selinux_devel}`
+ AC_MSG_CHECKING([for sepol/sepol.h])
+ selinux_save_CFLAGS="${CFLAGS}"
+ selinux_save_CPPFLAGS="${CPPFLAGS}"
+ CFLAGS="${CFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}"
+ CPPFLAGS="${CPPFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}"
+ AC_CHECK_HEADER([sepol/sepol.h], , AC_MSG_ERROR([could not find sepol headers at $sepol_devel_incdir - make sure libsepol-devel is installed]))
+-AC_CHECK_LIB([sepol], [sepol_policydb_read], ,
+-             AC_MSG_ERROR([could not find libsepol at $sepol_devel_libdir]))
++LIBS="-lsepol $LIBS"
+ AC_CHECK_HEADER([selinux/selinux.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed]))
+ AC_CHECK_HEADER([selinux/context.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed]))
+-AC_CHECK_LIB([selinux], [selinux_policy_root], ,
+-AC_MSG_ERROR([could not find libselinux at $selinux_devel_libdir]),
+-             -lsepol)
++LIBS="-lselinux $LIBS"
+ SELINUX_LIB_FLAG="-L${sepol_devel_libdir} -L${selinux_devel_libdir}"
+ CFLAGS="${selinux_save_CFLAGS}"
+ CPPFLAGS="${selinux_save_CPPFLAGS}"
+@@ -448,8 +433,6 @@
+               sepol_srcdir="")
+ if test "x${sepol_srcdir}" = "x"; then
+    sepol_srcdir=${sepol_devel_libdir}
+-   AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
+-      AC_MSG_ERROR([make sure libsepol-static is installed]))
+ else
+    AC_MSG_CHECKING([for compatible sepol source tree])
+    sepol_version=${sepol_srcdir}/VERSION
+@@ -556,6 +539,7 @@
+                sepol_new_errcodes="yes",
+                 sepol_new_errcodes="no")
+ 
++if test x"${ac_cv_policydb_version_max}" = x ; then
+ AC_RUN_IFELSE(
+    [AC_LANG_SOURCE([
+ #include <sepol/policydb/policydb.h>
+@@ -571,6 +555,9 @@
+ }])],
+     sepol_policy_version_max=`cat conftest.data`,
+     AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
++else
++    sepol_policy_version_max=${ac_cv_policydb_version_max}
++fi
+ AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
+ CFLAGS="${sepol_save_CFLAGS}"
+ CPPFLAGS="${sepol_save_CPPFLAGS}"
+@@ -578,6 +565,7 @@
+ if test ${use_selinux} = "yes"; then
+ dnl Locate selinux policy root directory
+     AC_MSG_CHECKING([for selinux policy root])
++    if test x"${ac_cv_selinux_policy_root}" = x ; then
+     changequote(<<<,>>>)dnl
+     cat > ./conftest.c <<EOF
+ #include <stdlib.h>
+@@ -596,6 +584,9 @@
+     CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
+     gcc ${CFLAGS} -o conftest conftest.c >&5
+     selinux_policy_dir=`./conftest`
++    else
++        selinux_policy_dir=${ac_cv_selinux_policy_root}
++    fi
+     AC_MSG_RESULT(${selinux_policy_dir})
+     CFLAGS="${selinux_save_CFLAGS}"
+ fi
diff --git a/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
new file mode 100644
index 0000000..84ac3dc
--- /dev/null
+++ b/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
@@ -0,0 +1,33 @@
+From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Tue, 20 Sep 2011 15:46:38 -0400
+Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol
+
+---
+ configure.ac |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index e837e03..3c11e23 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
+                   [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+-  return role_set_expand(NULL, NULL, NULL, NULL);
++  return role_set_expand(NULL, NULL, NULL, NULL, NULL);
+ }])],
+                   sepol_new_user_role_mapping="yes",
+                   sepol_new_user_role_mapping="no")
+@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
+                          [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+-  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
++  return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
+ }])],
+                          AC_MSG_RESULT([yes]),
+                          AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
+-- 
+1.7.6.2
diff --git a/recipes-security/setools/setools/setools-cross-ar.patch b/recipes-security/setools/setools/setools-cross-ar.patch
new file mode 100644
index 0000000..eba24c2
--- /dev/null
+++ b/recipes-security/setools/setools/setools-cross-ar.patch
@@ -0,0 +1,17 @@
+Use the specified $(AR), not "ar", for cross-compiling.
+
+---
+ libqpol/src/Makefile.am |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/libqpol/src/Makefile.am
++++ b/libqpol/src/Makefile.am
+@@ -64,7 +64,7 @@
+        mkdir -p $@
+        rm -f $@/*
+        cp $< $@
+-       (cd $@; ar x libsepol.a)
++       (cd $@; $(AR) x libsepol.a)
+ 
+ $(qpolso_DATA): $(tmp_sepol) $(libqpol_so_OBJS) libqpol.map
+        $(CC) -shared -o $@ $(libqpol_so_OBJS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(LIBQPOL_SONAME),--version-script=$(srcdir)/libqpol.map,-z,defs -Wl,--whole-archive $(sepol_srcdir)/libsepol.a -Wl,--no-whole-archive @SELINUX_LIB_FLAG@ -lselinux -lsepol -lbz2
diff --git a/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch b/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
new file mode 100644
index 0000000..a9cec6e
--- /dev/null
+++ b/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
@@ -0,0 +1,134 @@
+From 65ff2020dd1119cf45ad4eb74e63b21fb8f63389 Mon Sep 17 00:00:00 2001
+From: Xin Ouyang <Xin.Ouyang@windriver.com>
+Date: Wed, 7 Mar 2012 10:48:07 +0800
+Subject: [PATCH 2/7] setools: seinfo should exit with correct errno.
+
+Integrated from Fedora:
+https://community.dev.fedoraproject.org/packages/setools/sources/patches/
+---
+ secmds/seinfo.c |   51 +++++++++++++++++++++++++++------------------------
+ 1 files changed, 27 insertions(+), 24 deletions(-)
+
+diff --git a/secmds/seinfo.c b/secmds/seinfo.c
+index fdf23e9..3088f88 100644
+--- a/secmds/seinfo.c
++++ b/secmds/seinfo.c
+@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy
+  */
+ static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
+ {
+-       int retval = 0;
++       int retval = -1;
+        apol_cat_query_t *query = NULL;
+        apol_vector_t *v = NULL;
+        const qpol_cat_t *cat_datum = NULL;
+@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy
+                fprintf(fp, "   %s\n", tmp);
+                free(tmp);
+        }
+-       if (type && !apol_vector_get_size(v))
++       if (type && !apol_vector_get_size(v)) {
+                ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
+-
++               goto cleanup;
++       }
+        retval = 0;
+       cleanup:
+        apol_fs_use_query_destroy(&query);
+@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
+                ERR(policydb, "%s", strerror(ENOMEM));
+                goto cleanup;
+        }
+-
+        if (apol_genfscon_query_set_filesystem(policydb, query, type))
+                goto cleanup;
+        if (apol_genfscon_get_by_query(policydb, query, &v))
+@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
+                free(tmp);
+        }
+ 
+-       if (type && !apol_vector_get_size(v))
++       if (type && !apol_vector_get_size(v)) {
+                ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
++               goto cleanup;
++       }
+ 
+        retval = 0;
+       cleanup:
+@@ -1646,6 +1648,7 @@ cleanup:  // close and destroy iterators etc.
+ 
+ int main(int argc, char **argv)
+ {
++       int rc = 0;
+        int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
+                node, port, permissives, polcaps, constrain, linebreaks;
+        apol_policy_t *policydb = NULL;
+@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
+ 
+        /* display requested info */
+        if (stats || all)
+-               print_stats(stdout, policydb);
++               rc = print_stats(stdout, policydb);
+        if (classes || all)
+-               print_classes(stdout, class_name, expand, policydb);
++               rc = print_classes(stdout, class_name, expand, policydb);
+        if (types || all)
+-               print_types(stdout, type_name, expand, policydb);
++               rc = print_types(stdout, type_name, expand, policydb);
+        if (attribs || all)
+-               print_attribs(stdout, attrib_name, expand, policydb);
++               rc = print_attribs(stdout, attrib_name, expand, policydb);
+        if (roles || all)
+-               print_roles(stdout, role_name, expand, policydb);
++               rc = print_roles(stdout, role_name, expand, policydb);
+        if (users || all)
+-               print_users(stdout, user_name, expand, policydb);
++               rc = print_users(stdout, user_name, expand, policydb);
+        if (bools || all)
+-               print_booleans(stdout, bool_name, expand, policydb);
++               rc = print_booleans(stdout, bool_name, expand, policydb);
+        if (sens || all)
+-               print_sens(stdout, sens_name, expand, policydb);
++               rc = print_sens(stdout, sens_name, expand, policydb);
+        if (cats || all)
+-               print_cats(stdout, cat_name, expand, policydb);
++               rc = print_cats(stdout, cat_name, expand, policydb);
+        if (fsuse || all)
+-               print_fsuse(stdout, fsuse_type, policydb);
++               rc = print_fsuse(stdout, fsuse_type, policydb);
+        if (genfs || all)
+-               print_genfscon(stdout, genfs_type, policydb);
++               rc = print_genfscon(stdout, genfs_type, policydb);
+        if (netif || all)
+-               print_netifcon(stdout, netif_name, policydb);
++               rc = print_netifcon(stdout, netif_name, policydb);
+        if (node || all)
+-               print_nodecon(stdout, node_addr, policydb);
++               rc = print_nodecon(stdout, node_addr, policydb);
+        if (port || all)
+-               print_portcon(stdout, port_num, protocol, policydb);
++               rc = print_portcon(stdout, port_num, protocol, policydb);
+        if (isids || all)
+-               print_isids(stdout, isid_name, expand, policydb);
++               rc = print_isids(stdout, isid_name, expand, policydb);
+        if (permissives || all)
+-               print_permissives(stdout, permissive_name, expand, policydb);
++               rc = print_permissives(stdout, permissive_name, expand, policydb);
+        if (polcaps || all)
+-               print_polcaps(stdout, polcap_name, expand, policydb);
++               rc = print_polcaps(stdout, polcap_name, expand, policydb);
+        if (constrain || all)
+-               print_constraints(stdout, expand, policydb, linebreaks);
++               rc = print_constraints(stdout, expand, policydb, linebreaks);
+ 
+        apol_policy_destroy(&policydb);
+        apol_policy_path_destroy(&pol_path);
+        free(policy_file);
+-       exit(0);
++       exit(rc);
+ }
+ 
+ /**
+-- 
+1.7.5.4
+
diff --git a/recipes-security/setools/setools/setools.pam b/recipes-security/setools/setools/setools.pam
new file mode 100644
index 0000000..c7d67e3
--- /dev/null
+++ b/recipes-security/setools/setools/setools.pam
@@ -0,0 +1,4 @@
+#%PAM-1.0
+auth            include         config-util
+account         include         config-util
+session         include         config-util
diff --git a/recipes-security/setools/setools_3.3.7.bb b/recipes-security/setools/setools_3.3.7.bb
new file mode 100644
index 0000000..49cdd88
--- /dev/null
+++ b/recipes-security/setools/setools_3.3.7.bb
@@ -0,0 +1,57 @@
+SUMMARY = "Policy analysis tools for SELinux"
+DESCRIPTION = "\
+SETools is a collection of graphical tools, command-line tools, and \
+libraries designed to facilitate SELinux policy analysis. \
+\n\
+This meta-package depends upon the main packages necessary to run \
+SETools."
+SECTION = "base"
+LICENSE = "GPLv2 & LGPLv2.1"
+PR = "r0"
+
+SRC_URI = "http://oss.tresys.com/projects/setools/chrome/site/dists/setools-${PV}/setools-${PV}.tar.bz2;"
+SRC_URI[md5sum] = "0377d7a06028825434cd7b41a80865a5"
+SRC_URI[sha256sum] = "2bfa0918746bdcc910b16b26a51109a4ffd07404c306141ada584cb36e3c895a"
+
+SRC_URI += "file://setools-Add-seinfo-and-sesearch-python-bindings.patch"
+SRC_URI += "file://setools-seinfo-should-exit-with-correct-errno.patch"
+SRC_URI += "file://setools-Fix-man-pages-and-getoptions.patch"
+SRC_URI += "file://setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch"
+SRC_URI += "file://setools-Changes-to-support-named-file_trans-rules.patch"
+SRC_URI += "file://setools-Remove-unused-variables.patch"
+SRC_URI += "file://setools-Fix-output-to-match-policy-lines.patch"
+
+SRC_URI += "file://setools-Don-t-check-selinux-policies-if-disabled.patch"
+SRC_URI += "file://setools-configure-ac.patch"
+SRC_URI += "file://setools-cross-ar.patch"
+
+SRC_URI += "file://setools-Fix-test-bug-for-unary-operator.patch"
+SRC_URI += "file://setools-Fix-python-setools-Makefile.am-for-cross.patch"
+SRC_URI += "file://setools-Don-t-build-python-bindings-if-disabled.patch"
+
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=26035c503c68ae1098177934ac0cc795 \
+                    file://${S}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe \
+                    file://${S}/COPYING.LGPL;md5=fbc093901857fcd118f065f900982c24"
+
+DEPENDS += "python python-native libsepol libselinux refpolicy"
+
+inherit autotools
+
+do_configure() {
+        autoreconf --force --install 
+        export ac_cv_policydb_version_max=26
+        export PYTHON=python
+        export PYLIBVER='python${PYTHON_BASEVERSION}'
+        export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
+        export PYTHON_LDFLAGS="-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}"
+        export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
+        oe_runconf --disable-bwidget-check --disable-selinux-check \
+                --disable-swig-python --disable-swig-java --disable-swig-tcl \
+                --disable-profiling --disable-gui --with-tk=no --with-tcl=no \
+                --with-sepol-devel=${STAGING_LIBDIR}/.. \
+                --with-selinux-devel=${STAGING_LIBDIR}/.. 
+}
+
+do_install_append() {
+        rm -f ${D}/${libdir}/*.a
+}