setools: Add patch to support 2.4 toolstack.

Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
author: Philip Tricca <flihp@twobit.us> 2015-09-11 22:18:25 -0700
committer: Joe MacDonald <joe_macdonald@mentor.com> 2015-09-17 15:18:43 -0400
commit: e09eaef7a9acb552a4a5e1f90117154ae06b6fda (patch)
tree: 9b5a3d1478d5d8fc119f501dd5d0b4d396fa447b
parent: 100a1c0efc9fa1b0f7c9e536a3105865c62def7d (diff)
download: meta-selinux-e09eaef7a9acb552a4a5e1f90117154ae06b6fda.tar.gz
3 files changed, 115 insertions, 35 deletions
diff --git a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch b/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
new file mode 100644
index 0000000..c8fc3f5
--- /dev/null
+++ b/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
@@ -0,0 +1,114 @@
+From f1e5b208d507171968ca4d2eeefd7980f1004a3c Mon Sep 17 00:00:00 2001
+From: Chris PeBenito <cpebenito@tresys.com>
+Date: Thu, 12 Feb 2015 08:55:12 -0500
+Subject: [PATCH] Update for 2015-02-02 Userspace release (2.4)
+SETools now requires libsepol 2.4 and libselinux 2.4.
+---
+ configure.ac                 | 6 +++---
+ libqpol/src/policy_define.c  | 4 ++--
+ libqpol/src/policy_extend.c  | 4 ++--
+ libqpol/src/syn_rule_query.c | 6 +++---
+ secmds/replcon.cc            | 2 +-
+ 5 files changed, 11 insertions(+), 11 deletions(-)
+diff --git a/configure.ac b/configure.ac
+index 80395e6..ae20da7 100644
+--- a/configure.ac
+++ b/configure.ac
+@@ -25,9 +25,9 @@ libseaudit_version=4.5
+ setoolsdir='${prefix}/share/setools-3.3'
+ javadir='${prefix}/share/java'
+ 
+-version_min_sepol_major=1
+-version_min_sepol_minor=12
+-version_min_sepol_patch=27
+version_min_sepol_major=2
+version_min_sepol_minor=4
+version_min_sepol_patch=0
+ 
+ dnl *** end of tunable values ***
+ 
+diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
+index 229779c..15f70ba 100644
+--- a/libqpol/src/policy_define.c
+++ b/libqpol/src/policy_define.c
+@@ -1661,7 +1661,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
+                                goto bad;
+                        }
+                        class_perm_node_init(perm);
+-                       perm->class = i + 1;
+                       perm->tclass = i + 1;
+                        perm->data = datum->s.value;
+                        perm->next = avrule->perms;
+                        avrule->perms = perm;
+@@ -1901,7 +1901,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
+                        goto out;
+                }
+                class_perm_node_init(cur_perms);
+-               cur_perms->class = i + 1;
+               cur_perms->tclass = i + 1;
+                if (!perms)
+                        perms = cur_perms;
+                if (tail)
+diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
+index 5325a87..1417271 100644
+--- a/libqpol/src/policy_extend.c
+++ b/libqpol/src/policy_extend.c
+@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
+                        for (class_node = rule->perms; class_node; class_node = class_node->next) {
+                                key.rule_type = rule->specified;
+                                key.source_val = key.target_val = i + 1;
+-                               key.class_val = class_node->class;
+                               key.class_val = class_node->tclass;
+                                key.cond = cond;
+                                if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
+                                        goto err;
+@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
+                                key.rule_type = rule->specified;
+                                key.source_val = i + 1;
+                                key.target_val = j + 1;
+-                               key.class_val = class_node->class;
+                               key.class_val = class_node->tclass;
+                                key.cond = cond;
+                                if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
+                                        goto err;
+diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
+index 3e63204..d7578f1 100644
+--- a/libqpol/src/syn_rule_query.c
+++ b/libqpol/src/syn_rule_query.c
+@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
+                return NULL;
+        }
+ 
+-       return db->class_val_to_struct[srcs->cur->class - 1];
+       return db->class_val_to_struct[srcs->cur->tclass - 1];
+ }
+ 
+ static int syn_rule_class_state_next(qpol_iterator_t * iter)
+@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
+        }
+ 
+        for (node = internal_rule->perms; node; node = node->next) {
+-               for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
+               for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
+                        if (!(node->data & (1 << i)))
+                                continue;
+-                       tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
+                       tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
+                        if (tmp) {
+                                tmp++; /* remove prepended space */
+                                for (cur = 0; cur < perm_list_sz; cur++)
+diff --git a/secmds/replcon.cc b/secmds/replcon.cc
+index 34f7c1a..307c39f 100644
+--- a/secmds/replcon.cc
+++ b/secmds/replcon.cc
+@@ -60,7 +60,7 @@ static struct option const longopts[] = {
+        {NULL, 0, NULL, 0}
+ };
+ 
+-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
+ 
+ /**
+  * As that setools must work with older libselinux versions that may
diff --git a/recipes-security/setools/setools/setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch b/recipes-security/setools/setools/setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch
deleted file mode 100644
index c9bacbd..0000000
--- a/recipes-security/setools/setools/setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 74680dfb3df4c0c5b0e4bcf41717a9ea16fd8680 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Mon, 29 Sep 2014 14:19:48 -0400
-Subject: [PATCH] replcon: correct invalid prototype for lsetfilecon_raw
-Port debian patch from:
-        git://anonscm.debian.org/selinux/setools.git
-        commit a3ab84b35efd9c42641d53ec2236ad01f7411df7
-Upstream-Status: Denied [ the setools3 tree is in stasis and the focus is
-                          only on setools4 now ]
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
---
- secmds/replcon.cc | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/secmds/replcon.cc b/secmds/replcon.cc
-index 34f7c1a..307c39f 100644
--- a/secmds/replcon.cc
-+++ b/secmds/replcon.cc
-@@ -60,7 +60,7 @@ static struct option const longopts[] = {
-        {NULL, 0, NULL, 0}
- };
- 
-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
-+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
- 
- /**
-  * As that setools must work with older libselinux versions that may
-- 
-1.9.1
diff --git a/recipes-security/setools/setools_3.3.8.bb b/recipes-security/setools/setools_3.3.8.bb
index 24c10b8..99296ca 100644
--- a/recipes-security/setools/setools_3.3.8.bb
+++ b/recipes-security/setools/setools_3.3.8.bb
@@ -22,7 +22,7 @@ SRC_URI += "file://setools-cross-ar.patch"
 SRC_URI += "file://setools-Fix-test-bug-for-unary-operator.patch"
 SRC_URI += "file://setools-Fix-python-setools-Makefile.am-for-cross.patch"
-SRC_URI += "file://setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch"
+SRC_URI += "file://setools-Update-for-2015-02-02-Userspace-release.patch"
 LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=26035c503c68ae1098177934ac0cc795 \
                    file://${S}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe \
author	Philip Tricca <flihp@twobit.us>	2015-09-11 22:18:25 -0700
committer	Joe MacDonald <joe_macdonald@mentor.com>	2015-09-17 15:18:43 -0400
commit	e09eaef7a9acb552a4a5e1f90117154ae06b6fda (patch)
tree	9b5a3d1478d5d8fc119f501dd5d0b4d396fa447b
parent	100a1c0efc9fa1b0f7c9e536a3105865c62def7d (diff)
download	meta-selinux-e09eaef7a9acb552a4a5e1f90117154ae06b6fda.tar.gz

diff --git a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch b/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch new file mode 100644 index 0000000..c8fc3f5 --- /dev/null +++ b/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
@@ -0,0 +1,114 @@
		1	From f1e5b208d507171968ca4d2eeefd7980f1004a3c Mon Sep 17 00:00:00 2001
		2	From: Chris PeBenito <cpebenito@tresys.com>
		3	Date: Thu, 12 Feb 2015 08:55:12 -0500
		4	Subject: [PATCH] Update for 2015-02-02 Userspace release (2.4)
		5
		6	SETools now requires libsepol 2.4 and libselinux 2.4.
		7	---
		8	configure.ac \| 6 +++---
		9	libqpol/src/policy_define.c \| 4 ++--
		10	libqpol/src/policy_extend.c \| 4 ++--
		11	libqpol/src/syn_rule_query.c \| 6 +++---
		12	secmds/replcon.cc \| 2 +-
		13	5 files changed, 11 insertions(+), 11 deletions(-)
		14
		15	diff --git a/configure.ac b/configure.ac
		16	index 80395e6..ae20da7 100644
		17	--- a/configure.ac
		18	+++ b/configure.ac
		19	@@ -25,9 +25,9 @@ libseaudit_version=4.5
		20	setoolsdir='${prefix}/share/setools-3.3'
		21	javadir='${prefix}/share/java'
		22
		23	-version_min_sepol_major=1
		24	-version_min_sepol_minor=12
		25	-version_min_sepol_patch=27
		26	+version_min_sepol_major=2
		27	+version_min_sepol_minor=4
		28	+version_min_sepol_patch=0
		29
		30	dnl * end of tunable values *
		31
		32	diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
		33	index 229779c..15f70ba 100644
		34	--- a/libqpol/src/policy_define.c
		35	+++ b/libqpol/src/policy_define.c
		36	@@ -1661,7 +1661,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
		37	goto bad;
		38	}
		39	class_perm_node_init(perm);
		40	- perm->class = i + 1;
		41	+ perm->tclass = i + 1;
		42	perm->data = datum->s.value;
		43	perm->next = avrule->perms;
		44	avrule->perms = perm;
		45	@@ -1901,7 +1901,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
		46	goto out;
		47	}
		48	class_perm_node_init(cur_perms);
		49	- cur_perms->class = i + 1;
		50	+ cur_perms->tclass = i + 1;
		51	if (!perms)
		52	perms = cur_perms;
		53	if (tail)
		54	diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
		55	index 5325a87..1417271 100644
		56	--- a/libqpol/src/policy_extend.c
		57	+++ b/libqpol/src/policy_extend.c
		58	@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
		59	for (class_node = rule->perms; class_node; class_node = class_node->next) {
		60	key.rule_type = rule->specified;
		61	key.source_val = key.target_val = i + 1;
		62	- key.class_val = class_node->class;
		63	+ key.class_val = class_node->tclass;
		64	key.cond = cond;
		65	if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
		66	goto err;
		67	@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
		68	key.rule_type = rule->specified;
		69	key.source_val = i + 1;
		70	key.target_val = j + 1;
		71	- key.class_val = class_node->class;
		72	+ key.class_val = class_node->tclass;
		73	key.cond = cond;
		74	if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
		75	goto err;
		76	diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
		77	index 3e63204..d7578f1 100644
		78	--- a/libqpol/src/syn_rule_query.c
		79	+++ b/libqpol/src/syn_rule_query.c
		80	@@ -67,7 +67,7 @@ static void syn_rule_class_state_get_cur(const qpol_iterator_t iter)
		81	return NULL;
		82	}
		83
		84	- return db->class_val_to_struct[srcs->cur->class - 1];
		85	+ return db->class_val_to_struct[srcs->cur->tclass - 1];
		86	}
		87
		88	static int syn_rule_class_state_next(qpol_iterator_t * iter)
		89	@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
		90	}
		91
		92	for (node = internal_rule->perms; node; node = node->next) {
		93	- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
		94	+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
		95	if (!(node->data & (1 << i)))
		96	continue;
		97	- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
		98	+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
		99	if (tmp) {
		100	tmp++; /* remove prepended space */
		101	for (cur = 0; cur < perm_list_sz; cur++)
		102	diff --git a/secmds/replcon.cc b/secmds/replcon.cc
		103	index 34f7c1a..307c39f 100644
		104	--- a/secmds/replcon.cc
		105	+++ b/secmds/replcon.cc
		106	@@ -60,7 +60,7 @@ static struct option const longopts[] = {
		107	{NULL, 0, NULL, 0}
		108	};
		109
		110	-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
		111	+extern int lsetfilecon_raw(const char , const char ) __attribute__ ((weak));
		112
		113	/**
		114	* As that setools must work with older libselinux versions that may


diff --git a/recipes-security/setools/setools/setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch b/recipes-security/setools/setools/setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch deleted file mode 100644 index c9bacbd..0000000 --- a/recipes-security/setools/setools/setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch +++ /dev/null
@@ -1,34 +0,0 @@
1	From 74680dfb3df4c0c5b0e4bcf41717a9ea16fd8680 Mon Sep 17 00:00:00 2001
2	From: Joe MacDonald <joe_macdonald@mentor.com>
3	Date: Mon, 29 Sep 2014 14:19:48 -0400
4	Subject: [PATCH] replcon: correct invalid prototype for lsetfilecon_raw
5
6	Port debian patch from:
7
8	git://anonscm.debian.org/selinux/setools.git
9	commit a3ab84b35efd9c42641d53ec2236ad01f7411df7
10
11	Upstream-Status: Denied [ the setools3 tree is in stasis and the focus is
12	only on setools4 now ]
13
14	Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
15	---
16	secmds/replcon.cc \| 2 +-
17	1 file changed, 1 insertion(+), 1 deletion(-)
18
19	diff --git a/secmds/replcon.cc b/secmds/replcon.cc
20	index 34f7c1a..307c39f 100644
21	--- a/secmds/replcon.cc
22	+++ b/secmds/replcon.cc
23	@@ -60,7 +60,7 @@ static struct option const longopts[] = {
24	{NULL, 0, NULL, 0}
25	};
26
27	-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
28	+extern int lsetfilecon_raw(const char , const char ) __attribute__ ((weak));
29
30	/**
31	* As that setools must work with older libselinux versions that may
32	--
33	1.9.1
34


diff --git a/recipes-security/setools/setools_3.3.8.bb b/recipes-security/setools/setools_3.3.8.bb index 24c10b8..99296ca 100644 --- a/recipes-security/setools/setools_3.3.8.bb +++ b/recipes-security/setools/setools_3.3.8.bb
@@ -22,7 +22,7 @@ SRC_URI += "file://setools-cross-ar.patch"
22	SRC_URI += "file://setools-Fix-test-bug-for-unary-operator.patch"	22	SRC_URI += "file://setools-Fix-test-bug-for-unary-operator.patch"
23	SRC_URI += "file://setools-Fix-python-setools-Makefile.am-for-cross.patch"	23	SRC_URI += "file://setools-Fix-python-setools-Makefile.am-for-cross.patch"
24		24
25	SRC_URI += "file://setools-replcon-correct-invalid-prototype-for-lsetfilecon_ra.patch"	25	SRC_URI += "file://setools-Update-for-2015-02-02-Userspace-release.patch"
26		26
27	LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=26035c503c68ae1098177934ac0cc795 \	27	LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=26035c503c68ae1098177934ac0cc795 \
28	file://${S}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe \	28	file://${S}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe \