libsemanage: uprev to 2.9 (20190315)

* Switch to python3

* Drop patches:
  libsemanage-fix-path-nologin.patch
  0001-src-Makefile-fix-includedir-in-libselinux.pc.patch

* Rebase patches

* Update policy version to 31

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>

10 files changed, 70 insertions, 128 deletions

diff --git a/recipes-security/selinux/libsemanage.inc b/recipes-security/selinux/libsemanage.inc
index be0a5f1..9dc1095 100644
--- a/recipes-security/selinux/libsemanage.inc
+++ b/recipes-security/selinux/libsemanage.inc
@@ -6,41 +6,39 @@ on binary policies such as customizing policy boolean settings."
 SECTION = "base"
 LICENSE = "LGPLv2.1+"
 
-inherit lib_package python-dir
+inherit lib_package python3-dir
 
-DEPENDS += "libsepol libselinux bzip2 python bison-native flex-native swig-native"
-DEPENDS_append_class-target += "audit"
+DEPENDS += "libsepol libselinux bzip2 python3 bison-native flex-native swig-native"
+DEPENDS_append_class-target = " audit"
 
 PACKAGES =+ "${PN}-python"
 
 # For /usr/libexec/selinux/semanage_migrate_store
-RDEPENDS_${PN}-python += "python"
+RDEPENDS_${PN}-python += "python3-core"
 
 FILES_${PN}-python = "${libdir}/python${PYTHON_BASEVERSION}/site-packages/* \
                       ${libexecdir}/selinux/semanage_migrate_store"
 FILES_${PN}-dbg += "${libdir}/python${PYTHON_BASEVERSION}/site-packages/.debug/*"
 
+FILES_${PN} += "${libexecdir}"
+
 EXTRA_OEMAKE_class-native += "DISABLE_AUDIT=y"
 
 do_compile_append() {
     oe_runmake pywrap \
-            INCLUDEDIR='${STAGING_INCDIR}' \
-            LIBDIR='${STAGING_LIBDIR}' \
-            PYLIBVER='python${PYTHON_BASEVERSION}' \
-            PYINC='-I${STAGING_INCDIR}/$(PYLIBVER)' \
-            PYLIB='-L${STAGING_LIBDIR}/$(PYLIBVER) -l$(PYLIBVER)' \
-            PYTHONLIBDIR='${PYLIB}'
+            PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+            PYINC='-I${STAGING_INCDIR}/${PYLIBVER}' \
+            PYLIBS='-L${STAGING_LIBDIR}/${PYLIBVER} -l${PYLIBVER}'
 }
 
 do_install_append() {
     oe_runmake install-pywrap swigify \
             PYCEXT='.so' \
-            PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages' \
-            PYLIBVER='python${PYTHON_BASEVERSION}' \
-            PYLIBDIR='${D}/${libdir}/$(PYLIBVER)'
+            PYLIBVER='python${PYTHON_BASEVERSION}${PYTHON_ABI}' \
+            PYTHONLIBDIR='${D}${libdir}/python${PYTHON_BASEVERSION}/site-packages'
 
     # Update "policy-version" for semanage.conf
-    sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 30/' \
+    sed -i 's/^#\s*\(policy-version\s*=\).*$/\1 31/' \
         ${D}/etc/selinux/semanage.conf
 }
 
diff --git a/recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch b/recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
deleted file mode 100644
index 73613d3..0000000
--- a/recipes-security/selinux/libsemanage/0001-src-Makefile-fix-includedir-in-libselinux.pc.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From e773c0952b06370d81e9b113f9b0b3388e323e52 Mon Sep 17 00:00:00 2001
-From: Robert Yang <liezhi.yang@windriver.com>
-Date: Thu, 18 Feb 2016 02:39:16 +0000
-Subject: [PATCH] src/Makefile: fix includedir in libselinux.pc
-
-Upstream-Status: Pending
-
-Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- src/Makefile | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/Makefile b/src/Makefile
-index dea751e..4af4568 100644
---- a/src/Makefile
-+++ b/src/Makefile
-@@ -93,6 +93,7 @@ $(LIBSO): $(LOBJS)
- 
- $(LIBPC): $(LIBPC).in ../VERSION
-        sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
-+       sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:${libdir}:; s:@includedir@:${prefix}/include:' < $< > $@
- 
- semanageswig_python_exception.i: ../include/semanage/semanage.h
-        bash -e exception.sh > $@ || (rm -f $@ ; false)
--- 
-2.7.4
-
diff --git a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
index e3c2f82..0b1f3d8 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-Fix-execve-segfaults-on-Ubuntu.patch
@@ -1,4 +1,4 @@
-From c87bef28e768e2f6bc8612a768ebf9099d156576 Mon Sep 17 00:00:00 2001
+From 01a37b94a1f5605a395e8b45ee9ec653ce716c06 Mon Sep 17 00:00:00 2001
 From: Xin Ouyang <Xin.Ouyang@windriver.com>
 Date: Mon, 26 Mar 2012 15:15:16 +0800
 Subject: [PATCH] libsemanage: Fix execve segfaults on Ubuntu.
@@ -9,15 +9,18 @@ Such as "make load" while building refpolicy.
 
 http://oss.tresys.com/pipermail/refpolicy/2011-December/004859.html
 
+Upstream-Status: Pending
+
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
 ---
  src/semanage_store.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/semanage_store.c b/src/semanage_store.c
-index 6158d08..1923f0f 100644
+index 58dded6..1a94545 100644
 --- a/src/semanage_store.c
 +++ b/src/semanage_store.c
-@@ -1405,7 +1405,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
+@@ -1441,7 +1441,7 @@ static int semanage_exec_prog(semanage_handle_t * sh,
         if (forkval == 0) {
                 /* child process.  file descriptors will be closed
                  * because they were set as close-on-exec. */
@@ -26,3 +29,6 @@ index 6158d08..1923f0f 100644
                 _exit(EXIT_FAILURE);    /* if execve() failed */
         }
  
+-- 
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
index 205bc97..6ea9c29 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-allow-to-disable-audit-support.patch
@@ -1,4 +1,4 @@
-From 8981b979e36afe2d8384b63c3f48fa8854d1983a Mon Sep 17 00:00:00 2001
+From 50f8f9f090425d23ecab2bedc949bc65bc4d58dc Mon Sep 17 00:00:00 2001
 From: Wenzong Fan <wenzong.fan@windriver.com>
 Date: Mon, 20 Jan 2014 03:53:48 -0500
 Subject: [PATCH] libsemanage: allow to disable audit support
@@ -6,7 +6,6 @@ Subject: [PATCH] libsemanage: allow to disable audit support
 Upstream-Status: Pending
 
 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
 ---
  src/Makefile        | 10 +++++++++-
  src/seusers_local.c | 13 +++++++++++++
@@ -14,10 +13,10 @@ Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
  3 files changed, 31 insertions(+), 2 deletions(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index d457208..e8831ab 100644
+index 8240c3a..1485d23 100644
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -29,6 +29,14 @@ ifeq ($(DEBUG),1)
+@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
         export LDFLAGS = -g
  endif
  
@@ -32,7 +31,7 @@ index d457208..e8831ab 100644
  LEX = flex
  LFLAGS = -s
  YACC = bison
-@@ -91,7 +99,7 @@ $(LIBA): $(OBJS)
+@@ -88,7 +96,7 @@ $(LIBA): $(OBJS)
         $(RANLIB) $@
  
  $(LIBSO): $(LOBJS)
@@ -42,7 +41,7 @@ index d457208..e8831ab 100644
  
  $(LIBPC): $(LIBPC).in ../VERSION
 diff --git a/src/seusers_local.c b/src/seusers_local.c
-index 42c3a8b..9ee31e2 100644
+index a79e2d3..ce76dee 100644
 --- a/src/seusers_local.c
 +++ b/src/seusers_local.c
 @@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
@@ -57,7 +56,7 @@ index 42c3a8b..9ee31e2 100644
  #include <errno.h>
  #include "user_internal.h"
  #include "seuser_internal.h"
-@@ -51,6 +55,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
+@@ -55,6 +59,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
         return roles;
  }
  
@@ -65,7 +64,7 @@ index 42c3a8b..9ee31e2 100644
  static int semanage_seuser_audit(semanage_handle_t * handle,
                           const semanage_seuser_t * seuser,
                           const semanage_seuser_t * previous,
-@@ -114,6 +119,7 @@ err:
+@@ -119,6 +124,7 @@ err:
         free(proles);
         return rc;
  }
@@ -73,7 +72,7 @@ index 42c3a8b..9ee31e2 100644
  
  int semanage_seuser_modify_local(semanage_handle_t * handle,
                                  const semanage_seuser_key_t * key,
-@@ -158,8 +164,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
+@@ -163,8 +169,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
         (void) semanage_seuser_query(handle, key, &previous);
         handle->msg_callback = callback;
         rc = dbase_modify(handle, dconfig, key, new);
@@ -85,7 +84,7 @@ index 42c3a8b..9ee31e2 100644
  err:
         if (previous)
                 semanage_seuser_free(previous);
-@@ -175,8 +184,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
+@@ -180,8 +189,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
         dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
         rc = dbase_del(handle, dconfig, key);
         semanage_seuser_query(handle, key, &seuser);
@@ -99,10 +98,10 @@ index 42c3a8b..9ee31e2 100644
                 semanage_seuser_free(seuser);
         return rc;
 diff --git a/tests/Makefile b/tests/Makefile
-index 2ef8d30..50d582a 100644
+index 324766a..5732ec7 100644
 --- a/tests/Makefile
 +++ b/tests/Makefile
-@@ -6,10 +6,18 @@ SOURCES = $(sort $(wildcard *.c))
+@@ -3,10 +3,18 @@ SOURCES = $(sort $(wildcard *.c))
  
  ###########################################################################
  
@@ -122,3 +121,6 @@ index 2ef8d30..50d582a 100644
  
  OBJECTS = $(SOURCES:.c=.o) 
  
+-- 
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch b/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
index 8b15a80..0c77c7a 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-define-FD_CLOEXEC-as-necessary.patch
@@ -1,4 +1,4 @@
-From 0e97e4d19627f78bf04445cd51902ccf4f7cf239 Mon Sep 17 00:00:00 2001
+From 81f2e8b62ad2298a197c4b16e7182a133c1e116f Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe.macdonald@windriver.com>
 Date: Tue, 15 Oct 2013 10:17:38 -0400
 Subject: [PATCH] libsemanage: define FD_CLOEXEC as necessary
@@ -10,15 +10,14 @@ asm-generic/fcntl.h on more modern platforms.
 Uptream-Status: Inappropriate
 
 Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
-
 ---
- libsemanage/src/semanage_store.c | 5 +++++
+ src/semanage_store.c | 5 +++++
  1 file changed, 5 insertions(+)
 
-diff --git a/libsemanage/src/semanage_store.c b/libsemanage/src/semanage_store.c
-index 1923f0f..f7a8760 100644
---- a/libsemanage/src/semanage_store.c
-+++ b/libsemanage/src/semanage_store.c
+diff --git a/src/semanage_store.c b/src/semanage_store.c
+index 1a94545..b586a8f 100644
+--- a/src/semanage_store.c
++++ b/src/semanage_store.c
 @@ -66,6 +66,11 @@ typedef struct dbase_policydb dbase_t;
  
  #define TRUE 1
@@ -31,3 +30,6 @@ index 1923f0f..f7a8760 100644
  enum semanage_file_defs {
         SEMANAGE_ROOT,
         SEMANAGE_TRANS_LOCK,
+-- 
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
index ea7ba20..d1e5720 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-disable-expand-check-on-policy-load.patch
@@ -1,4 +1,4 @@
-From 4376342a5382df384cb387e2a63eaf0bddb51d26 Mon Sep 17 00:00:00 2001
+From 35196d58cd37fec89fcf95e3d43b41de7008f0be Mon Sep 17 00:00:00 2001
 From: Joe MacDonald <joe@deserted.net>
 Date: Wed, 7 May 2014 11:36:27 -0400
 Subject: [PATCH] libsemanage: disable expand-check on policy load
@@ -12,7 +12,6 @@ Upstream-Status: Denied [upstream developers want to preserve the default
                  checking: http://marc.info/?l=selinux&m=121794804217721&w=2]
 
 Signed-off-by: Joe MacDonald <joe@deserted.net>
-
 ---
  src/semanage.conf | 4 ++++
  1 file changed, 4 insertions(+)
@@ -29,3 +28,6 @@ index dc8d46b..254f156 100644
 +# Don't check the entire policy hierarchy when inserting / expanding a policy
 +# module.  This results in a significant speed-up in policy loading.
 +expand-check=0
+-- 
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch b/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
index cf88150..de71e27 100644
--- a/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
+++ b/recipes-security/selinux/libsemanage/libsemanage-drop-Wno-unused-but-set-variable.patch
@@ -1,21 +1,20 @@
-From 3f65789f172003c499f24f00d73a42867fccd277 Mon Sep 17 00:00:00 2001
+From 90a2459d1683e53f4a896b977e6b396db562c903 Mon Sep 17 00:00:00 2001
 From: Randy MacLeod <Randy.MacLeod@windriver.com>
 Date: Tue, 30 Apr 2013 23:15:57 -0400
 Subject: [PATCH] libselinux: drop flag: -Wno-unused-but-set-variable
 
-Upstream status: inappropriate (older compilers only).
+Upstream-Status: Inappropriate (older compilers only).
 
 Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
-
 ---
  src/Makefile | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/src/Makefile b/src/Makefile
-index fdb178f..d457208 100644
+index e029f09..8240c3a 100644
 --- a/src/Makefile
 +++ b/src/Makefile
-@@ -58,7 +58,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
+@@ -55,7 +55,7 @@ OBJS= $(patsubst %.c,%.o,$(SRCS)) conf-scan.o conf-parse.o
  LOBJS= $(patsubst %.c,%.lo,$(SRCS)) conf-scan.lo conf-parse.lo
  CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
  
@@ -24,3 +23,6 @@ index fdb178f..d457208 100644
                 -Wno-unused-parameter
  
  override CFLAGS += -I../include -D_GNU_SOURCE
+-- 
+2.7.4
+
diff --git a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch b/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
deleted file mode 100644
index 43c5382..0000000
--- a/recipes-security/selinux/libsemanage/libsemanage-fix-path-nologin.patch
+++ /dev/null
@@ -1,39 +0,0 @@
-From 1f8164e044f2f727b08c28a69bea19cbf49b071b Mon Sep 17 00:00:00 2001
-From: Xin Ouyang <Xin.Ouyang@windriver.com>
-Date: Fri, 8 Feb 2013 15:16:07 +0800
-Subject: [PATCH] libsemange: fix incorrect path for nologin
-
-shadow package of oe-core and Debian has installed nologin into
-/usr/sbin, so fix this path.
-
-Upstream-Status: Inappropriate [configuration]
-
-Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-
----
- src/genhomedircon.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/genhomedircon.c b/src/genhomedircon.c
-index b9a74b7..d574ee2 100644
---- a/src/genhomedircon.c
-+++ b/src/genhomedircon.c
-@@ -60,7 +60,7 @@
- 
- /* other paths */
- #define PATH_SHELLS_FILE "/etc/shells"
--#define PATH_NOLOGIN_SHELL "/sbin/nologin"
-+#define PATH_NOLOGIN_SHELL "/usr/sbin/nologin"
- 
- /* comments written to context file */
- #define COMMENT_FILE_CONTEXT_HEADER "#\n#\n# " \
-@@ -395,7 +395,7 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
- 
-                        /* NOTE: old genhomedircon printed a warning on match */
-                        if (hand.matched) {
--                               WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
-+                               WARN(s->h_semanage, "%s homedir %s or its parent directory conflicts with a file context already specified in the policy.  This usually indicates an incorrectly defined system account.  If it is a system account please make sure its uid is less than %u or greater than %u or its login shell is /usr/sbin/nologin.", pwbuf->pw_name, pwbuf->pw_dir, minuid, maxuid);
-                        } else {
-                                if (semanage_list_push(&homedir_list, path))
-                                        goto fail;
diff --git a/recipes-security/selinux/libsemanage_2.8.bb b/recipes-security/selinux/libsemanage_2.8.bb
deleted file mode 100644
index 38942e3..0000000
--- a/recipes-security/selinux/libsemanage_2.8.bb
+++ /dev/null
@@ -1,18 +0,0 @@
-include selinux_20180524.inc
-include ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
-
-SRC_URI[md5sum] = "62ed7bb2ede677a735f2750751677a4f"
-SRC_URI[sha256sum] = "1c0de8d2c51e5460926c21e371105c84a39087dfd8f8e9f0cc1d017e4cbea8e2"
-
-SRC_URI += "\
-        file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
-        file://libsemanage-fix-path-nologin.patch \
-        file://libsemanage-drop-Wno-unused-but-set-variable.patch \
-        file://libsemanage-define-FD_CLOEXEC-as-necessary.patch;striplevel=2 \
-        file://libsemanage-allow-to-disable-audit-support.patch \
-        file://libsemanage-disable-expand-check-on-policy-load.patch \
-        file://0001-src-Makefile-fix-includedir-in-libselinux.pc.patch \
-        "
-FILES_${PN} += "/usr/libexec"
diff --git a/recipes-security/selinux/libsemanage_2.9.bb b/recipes-security/selinux/libsemanage_2.9.bb
new file mode 100644
index 0000000..83320a1
--- /dev/null
+++ b/recipes-security/selinux/libsemanage_2.9.bb
@@ -0,0 +1,15 @@
+require selinux_20190315.inc
+require ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
+
+SRC_URI[md5sum] = "25f086ff66175a0ca0e7b34dbe8586b7"
+SRC_URI[sha256sum] = "2576349d344492e73b468059767268dec1dabd8c35f3c7222c3ec2448737bc1c"
+
+SRC_URI += "\
+        file://libsemanage-Fix-execve-segfaults-on-Ubuntu.patch \
+        file://libsemanage-drop-Wno-unused-but-set-variable.patch \
+        file://libsemanage-define-FD_CLOEXEC-as-necessary.patch \
+        file://libsemanage-allow-to-disable-audit-support.patch \
+        file://libsemanage-disable-expand-check-on-policy-load.patch \
+        "