summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWenzong Fan <wenzong.fan@windriver.com>2017-09-04 22:59:56 -0700
committerMark Hatle <mark.hatle@windriver.com>2017-09-14 08:28:09 -0500
commitfdf76122b6a55fed7cffc578300279cc723ac90e (patch)
treec1ba7a444f82610467f9f9caa1dce3afd27f07d2
parentfe8bc0740bf65af08b7ba2213a03d7c37364516a (diff)
downloadmeta-selinux-fdf76122b6a55fed7cffc578300279cc723ac90e.tar.gz
setools: uprev to 4.1.1
SETools v4 is a rewrite of SETools in Python, details refer to: https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3 Changes for upreving: * removed setools_3.3.8.bb and all useless patch * add patches to fix cross-compiling issues: - setools4-fixes-for-cross-compiling.patch - setools4-fix-cross-compiling-errors-for-powerpc-mips.patch Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Per discussion w/ Wenzong, added meta-python as a dependency and enabled the RDEPENDS within the new setools_4.1.1.bb Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Diffstat
-rw-r--r--conf/layer.conf1
-rw-r--r--recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch25
-rw-r--r--recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch80
-rw-r--r--recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch36
-rw-r--r--recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch33
-rw-r--r--recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch36
-rw-r--r--recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch25
-rw-r--r--recipes-security/setools/setools/setools-Remove-unused-variables.patch279
-rw-r--r--recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch114
-rw-r--r--recipes-security/setools/setools/setools-configure-ac.patch107
-rw-r--r--recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch33
-rw-r--r--recipes-security/setools/setools/setools-cross-ar.patch17
-rw-r--r--recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch31
-rw-r--r--recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch134
-rw-r--r--recipes-security/setools/setools/setools.pam4
-rw-r--r--recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch35
-rw-r--r--recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch40
-rw-r--r--recipes-security/setools/setools_3.3.8.bb103
-rw-r--r--recipes-security/setools/setools_4.1.1.bb35
19 files changed, 111 insertions, 1057 deletions
diff --git a/conf/layer.conf b/conf/layer.conf
index 39ae7bf..b13633a 100644
--- a/conf/layer.conf
+++ b/conf/layer.conf
@@ -20,4 +20,5 @@ LAYERVERSION_selinux = "1"
20 20
21LAYERDEPENDS_selinux = " \ 21LAYERDEPENDS_selinux = " \
22 core \ 22 core \
23 meta-python \
23" 24"
diff --git a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch b/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
deleted file mode 100644
index ed841e8..0000000
--- a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch
+++ /dev/null
@@ -1,25 +0,0 @@
1From 7515aa80e7ead8d3016ea161e5d0eb9c59399278 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 14:36:19 +0800
4Subject: [PATCH] setools: Don't check selinux policies if disabled.
5
6---
7 configure.ac | 2 +-
8 1 files changed, 1 insertions(+), 1 deletions(-)
9
10diff --git a/configure.ac b/configure.ac
11index e1db271..899e5e9 100644
12--- a/configure.ac
13+++ b/configure.ac
14@@ -390,7 +390,7 @@ if test "x${enable_selinux_check}" = "xyes"; then
15 use_selinux=yes
16 fi
17 else
18- use_selinux=yes
19+ use_selinux=no
20 fi
21
22 AC_CACHE_SAVE
23--
241.7.5.4
25
diff --git a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch b/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
deleted file mode 100644
index 455da1e..0000000
--- a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch
+++ /dev/null
@@ -1,80 +0,0 @@
1From ecaccf49ee95fe2c3a57a0d2184aaec98a967172 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 10:53:36 +0800
4Subject: [PATCH 3/7] setools: Fix man pages and getoptions
5
6Integrated from Fedora:
7https://community.dev.fedoraproject.org/packages/setools/sources/patches/
8---
9 man/replcon.1 | 2 ++
10 man/seinfo.1 | 6 +++++-
11 seaudit/seaudit-report.c | 2 +-
12 sediff/sediff.c | 2 +-
13 4 files changed, 9 insertions(+), 3 deletions(-)
14
15diff --git a/man/replcon.1 b/man/replcon.1
16index 8aca08a..478dc51 100644
17--- a/man/replcon.1
18+++ b/man/replcon.1
19@@ -44,6 +44,8 @@ Search for files which include PATH.
20 .IP "-c CLASS, --class=CLASS"
21 Search only files of object class CLASS.
22 .SH OPTIONS
23+.IP "-R, --regex"
24+Enable regular expressions
25 .IP "-v, --verbose"
26 Display context info during replacement.
27 .IP "-h, --help"
28diff --git a/man/seinfo.1 b/man/seinfo.1
29index 8612119..6bc17db 100644
30--- a/man/seinfo.1
31+++ b/man/seinfo.1
32@@ -76,6 +76,10 @@ There is no expanded information for this component.
33 .IP "--nodecon[=ADDR]"
34 Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
35 There is no expanded information for this component.
36+.IP "--polcap"
37+Print policy capabilities.
38+.IP "--permissive"
39+Print permissive types.
40 .IP "--portcon[=PORT]"
41 Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
42 There is no expanded information for this component.
43@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss
44 This option is not available for all component types; see the description of each component for the details this option will provide.
45 .IP "--stats"
46 Print policy statistics including policy type and version information and counts of all components and rules.
47-.IP "-l"
48+.IP "-l, --line-breaks"
49 Print line breaks when displaying constraint statements.
50 .IP "-h, --help"
51 Print help information and exit.
52diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c
53index af3c6fb..d436c18 100644
54--- a/seaudit/seaudit-report.c
55+++ b/seaudit/seaudit-report.c
56@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief)
57 printf(" -s, --stdin read log data from standard input\n");
58 printf(" -m, --malformed include malformed log messages\n");
59 printf(" -o FILE, --output=FILE output to FILE\n");
60- printf(" --config=FILE read configuration from FILE\n");
61+ printf(" -c FILE, --config=FILE read configuration from FILE\n");
62 printf(" --html set output format to HTML\n");
63 printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n");
64 printf(" (ignored if --html is not given)\n");
65diff --git a/sediff/sediff.c b/sediff/sediff.c
66index 6022775..341c650 100644
67--- a/sediff/sediff.c
68+++ b/sediff/sediff.c
69@@ -420,7 +420,7 @@ int main(int argc, char **argv)
70 poldiff_t *diff = NULL;
71 size_t total = 0;
72
73- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
74+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
75 switch (optc) {
76 case 0:
77 break;
78--
791.7.5.4
80
diff --git a/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch b/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
deleted file mode 100644
index c397aa6..0000000
--- a/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From 81f2221ab707ca8d5e204b0f9be61d537888e439 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 11:03:00 +0800
4Subject: [PATCH 7/7] setools: Fix output to match policy lines
5
6Integrated from Fedora:
7https://community.dev.fedoraproject.org/packages/setools/sources/patches/
8---
9 libapol/src/ftrule-query.c | 4 ++--
10 1 files changed, 2 insertions(+), 2 deletions(-)
11
12diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
13index 9c7a23b..1d5f5c8 100644
14--- a/libapol/src/ftrule-query.c
15+++ b/libapol/src/ftrule-query.c
16@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
17 error = errno;
18 goto err;
19 }
20- if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
21+ if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) {
22 error = errno;
23 ERR(policy, "%s", strerror(error));
24 goto err;
25@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
26 goto err;
27 }
28
29- if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
30+ if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) {
31 error = errno;
32 ERR(policy, "%s", strerror(error));
33 goto err;
34--
351.7.5.4
36
diff --git a/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch b/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
deleted file mode 100644
index c4d062a..0000000
--- a/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From 7d386c429202b393aa4ca281a11b5e1f2259b109 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 15:43:41 +0800
4Subject: [PATCH] setools: Fix python/setools/Makefile.am for cross.
5
6---
7 python/setools/Makefile.am | 6 +++---
8 1 files changed, 3 insertions(+), 3 deletions(-)
9
10diff --git a/python/setools/Makefile.am b/python/setools/Makefile.am
11index c4635fb..80aa385 100644
12--- a/python/setools/Makefile.am
13+++ b/python/setools/Makefile.am
14@@ -22,13 +22,13 @@ sesearch_SOURCES = sesearch.c
15 python-build: sesearch.c seinfo.c
16 @mkdir -p setools
17 @cp __init__.py setools
18- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
19+ CC="${CC}" LDSHARED="$(CC) -shared" LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG) $(PYTHON_LDFLAGS)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS) $(PYTHON_CPPFLAGS)" ${PYTHON} setup.py build
20
21 install-exec-hook:
22- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
23+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)`
24
25 uninstall-hook:
26- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
27+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)`
28
29 clean-local:
30 $(PYTHON) setup.py clean -a
31--
321.7.5.4
33
diff --git a/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
deleted file mode 100644
index 8519ab2..0000000
--- a/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch
+++ /dev/null
@@ -1,36 +0,0 @@
1From 16d3a0b41273be4289f70d1d63fb983721bb60c0 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 10:54:55 +0800
4Subject: [PATCH 4/7] setools: Fix sepol calls to work with latest libsepol
5
6Integrated from Fedora:
7https://community.dev.fedoraproject.org/packages/setools/sources/patches/
8---
9 configure.ac | 4 ++--
10 1 files changed, 2 insertions(+), 2 deletions(-)
11
12diff --git a/configure.ac b/configure.ac
13index e837e03..3c11e23 100644
14--- a/configure.ac
15+++ b/configure.ac
16@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
17 [AC_LANG_SOURCE([
18 #include <sepol/policydb/expand.h>
19 int main () {
20- return role_set_expand(NULL, NULL, NULL, NULL);
21+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
22 }])],
23 sepol_new_user_role_mapping="yes",
24 sepol_new_user_role_mapping="no")
25@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
26 [AC_LANG_SOURCE([
27 #include <sepol/policydb/expand.h>
28 int main () {
29- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
30+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
31 }])],
32 AC_MSG_RESULT([yes]),
33 AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
34--
351.7.5.4
36
diff --git a/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch b/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
deleted file mode 100644
index 7b6e539..0000000
--- a/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch
+++ /dev/null
@@ -1,25 +0,0 @@
1From 5f574dc0fb68fe07c5b611ca34c01b8484735aab Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 14:47:44 +0800
4Subject: [PATCH] setools: Fix "test" bug for unary operator.
5
6configure: line 22969: test: =: unary operator expected
7---
8 configure.ac | 1 +
9 1 files changed, 1 insertions(+), 0 deletions(-)
10
11diff --git a/configure.ac b/configure.ac
12index 899e5e9..6854c69 100644
13--- a/configure.ac
14+++ b/configure.ac
15@@ -233,6 +233,7 @@ if test ${do_swigify} = "yes"; then
16 AC_PROG_SWIG(2.0.0)
17 fi
18 build_apol=yes
19+do_swigify_tcl=no
20 AC_ARG_ENABLE(swig-tcl,
21 AC_HELP_STRING([--enable-swig-tcl],
22 [build SWIG interfaces for Tcl (default)]),
23--
241.7.5.4
25
diff --git a/recipes-security/setools/setools/setools-Remove-unused-variables.patch b/recipes-security/setools/setools/setools-Remove-unused-variables.patch
deleted file mode 100644
index f991819..0000000
--- a/recipes-security/setools/setools/setools-Remove-unused-variables.patch
+++ /dev/null
@@ -1,279 +0,0 @@
1From d8a4502fae7118796558e523a6dc0a6a5f9adec9 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 11:02:10 +0800
4Subject: [PATCH 6/7] setools: Remove unused variables
5
6Integrated from Fedora:
7https://community.dev.fedoraproject.org/packages/setools/sources/patches/
8---
9 libapol/src/ftrule-query.c | 11 ++----
10 libqpol/src/ftrule_query.c | 2 -
11 secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++-----------
12 3 files changed, 68 insertions(+), 31 deletions(-)
13
14diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
15index dc248de..9c7a23b 100644
16--- a/libapol/src/ftrule-query.c
17+++ b/libapol/src/ftrule-query.c
18@@ -45,14 +45,11 @@ struct apol_filename_trans_query
19 int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
20 {
21 apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
22- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
23- char *bool_name = NULL;
24+ int retval = -1, source_as_any = 0, is_regex = 0;
25 *v = NULL;
26- unsigned int flags = 0;
27- qpol_iterator_t *iter = NULL, *type_iter = NULL;
28+ qpol_iterator_t *iter = NULL;
29
30 if (t != NULL) {
31- flags = t->flags;
32 is_regex = t->flags & APOL_QUERY_REGEX;
33 if (t->source != NULL &&
34 (source_list =
35@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam
36 if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
37 goto cleanup;
38 }
39- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
40+ int match_source = 0, match_target = 0, match_default = 0;
41 size_t i;
42
43 if (source_list == NULL) {
44@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
45 {
46 char *tmp = NULL;
47 const char *tmp_name = NULL;
48- const char *filename_trans_type_str;
49 int error = 0;
50 size_t tmp_sz = 0;
51- uint32_t filename_trans_type = 0;
52 const qpol_type_t *type = NULL;
53 const qpol_class_t *obj_class = NULL;
54
55diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
56index d6db848..3148d30 100644
57--- a/libqpol/src/ftrule_query.c
58+++ b/libqpol/src/ftrule_query.c
59@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo
60
61 int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
62 {
63- policydb_t *db = NULL;
64 filename_trans_t *ft = NULL;
65
66 if (name) {
67@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi
68 return STATUS_ERR;
69 }
70
71- db = &policy->p->p;
72 ft = (filename_trans_t *) rule;
73
74 *name = ft->name;
75diff --git a/secmds/sesearch.c b/secmds/sesearch.c
76index e44b3bc..319ffe7 100644
77--- a/secmds/sesearch.c
78+++ b/secmds/sesearch.c
79@@ -72,6 +72,7 @@ static struct option const longopts[] = {
80
81 {"source", required_argument, NULL, 's'},
82 {"target", required_argument, NULL, 't'},
83+ {"default", required_argument, NULL, 'D'},
84 {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
85 {"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
86 {"class", required_argument, NULL, 'c'},
87@@ -92,6 +93,7 @@ typedef struct options
88 {
89 char *src_name;
90 char *tgt_name;
91+ char *default_name;
92 char *src_role_name;
93 char *tgt_role_name;
94 char *class_name;
95@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
96 tmp = apol_cond_expr_render(policy, cond);
97 enable_char = (enabled ? 'E' : 'D');
98 branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
99- asprintf(&expr, "[ %s ]", tmp);
100+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
101+ goto cleanup;
102 free(tmp);
103 tmp = NULL;
104 if (!expr)
105@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
106 qpol_iterator_destroy(&iter);
107 enable_char = (enabled ? 'E' : 'D');
108 branch_char = (list ? 'T' : 'F');
109- asprintf(&expr, "[ %s ]", tmp);
110+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
111+ goto cleanup;
112 free(tmp);
113 tmp = NULL;
114 if (!expr)
115@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
116 tmp = apol_cond_expr_render(policy, cond);
117 enable_char = (enabled ? 'E' : 'D');
118 branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
119- asprintf(&expr, "[ %s ]", tmp);
120+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
121+ goto cleanup;
122 free(tmp);
123 tmp = NULL;
124 if (!expr)
125@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
126 qpol_iterator_destroy(&iter);
127 enable_char = (enabled ? 'E' : 'D');
128 branch_char = (list ? 'T' : 'F');
129- asprintf(&expr, "[ %s ]", tmp);
130+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
131+ goto cleanup;
132 free(tmp);
133 tmp = NULL;
134 if (!expr)
135@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
136 return -1;
137 }
138
139- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
140+ if (!opt->type && !opt->all) {
141 *v = NULL;
142 return 0; /* no search to do */
143 }
144@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
145
146 apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
147 if (opt->src_name) {
148- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
149+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
150 error = errno;
151 goto err;
152 }
153 }
154+
155 if (opt->tgt_name) {
156 if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
157 error = errno;
158 goto err;
159 }
160 }
161+ if (opt->default_name) {
162+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
163+ error = errno;
164+ goto err;
165+ }
166+ }
167+
168+ if (opt->class_name) {
169+ if (opt->class_vector == NULL) {
170+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
171+ error = errno;
172+ goto err;
173+ }
174+ } else {
175+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
176+ char *class_name;
177+ class_name = apol_vector_get_element(opt->class_vector, i);
178+ if (!class_name)
179+ continue;
180+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
181+ error = errno;
182+ goto err;
183+ }
184+ }
185+ }
186+ }
187
188 if (apol_filename_trans_get_by_query(policy, ftq, v)) {
189 error = errno;
190@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
191
192 static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
193 {
194- qpol_policy_t *q = apol_policy_get_qpol(policy);
195- size_t i, num_rules = 0;
196- const qpol_filename_trans_t *rule = NULL;
197- char *tmp = NULL, *rule_str = NULL, *expr = NULL;
198+ size_t i, num_filename_trans = 0;
199+ const qpol_filename_trans_t *filename_trans = NULL;
200+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
201 char enable_char = ' ', branch_char = ' ';
202 qpol_iterator_t *iter = NULL;
203 const qpol_cond_t *cond = NULL;
204 uint32_t enabled = 0, list = 0;
205
206- if (!(num_rules = apol_vector_get_size(v)))
207+ if (!(num_filename_trans = apol_vector_get_size(v)))
208 goto cleanup;
209
210- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
211+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
212
213- for (i = 0; i < num_rules; i++) {
214+ for (i = 0; i < num_filename_trans; i++) {
215 enable_char = branch_char = ' ';
216- if (!(rule = apol_vector_get_element(v, i)))
217+ if (!(filename_trans = apol_vector_get_element(v, i)))
218 goto cleanup;
219
220- if (!(rule_str = apol_filename_trans_render(policy, rule)))
221+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
222 goto cleanup;
223- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
224- free(rule_str);
225- rule_str = NULL;
226+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
227+ free(filename_trans_str);
228+ filename_trans_str = NULL;
229 free(expr);
230 expr = NULL;
231 }
232
233 cleanup:
234 free(tmp);
235- free(rule_str);
236+ free(filename_trans_str);
237 free(expr);
238 }
239
240@@ -930,7 +962,7 @@ int main(int argc, char **argv)
241
242 memset(&cmd_opts, 0, sizeof(cmd_opts));
243 cmd_opts.indirect = true;
244- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
245+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
246 switch (optc) {
247 case 0:
248 break;
249@@ -946,6 +978,18 @@ int main(int argc, char **argv)
250 exit(1);
251 }
252 break;
253+ case 'D': /* source */
254+ if (optarg == 0) {
255+ usage(argv[0], 1);
256+ printf("Missing source default type for -D (--default)\n");
257+ exit(1);
258+ }
259+ cmd_opts.default_name = strdup(optarg);
260+ if (!cmd_opts.default_name) {
261+
262+ exit(1);
263+ }
264+ break;
265 case 't': /* target */
266 if (optarg == 0) {
267 usage(argv[0], 1);
268@@ -1218,7 +1262,7 @@ int main(int argc, char **argv)
269 fprintf(stdout, "\n");
270 }
271
272- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
273+ if (cmd_opts.all || cmd_opts.type) {
274 apol_vector_destroy(&v);
275 if (perform_ft_query(policy, &cmd_opts, &v)) {
276 rt = 1;
277--
2781.7.5.4
279
diff --git a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch b/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
deleted file mode 100644
index c8fc3f5..0000000
--- a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch
+++ /dev/null
@@ -1,114 +0,0 @@
1From f1e5b208d507171968ca4d2eeefd7980f1004a3c Mon Sep 17 00:00:00 2001
2From: Chris PeBenito <cpebenito@tresys.com>
3Date: Thu, 12 Feb 2015 08:55:12 -0500
4Subject: [PATCH] Update for 2015-02-02 Userspace release (2.4)
5
6SETools now requires libsepol 2.4 and libselinux 2.4.
7---
8 configure.ac | 6 +++---
9 libqpol/src/policy_define.c | 4 ++--
10 libqpol/src/policy_extend.c | 4 ++--
11 libqpol/src/syn_rule_query.c | 6 +++---
12 secmds/replcon.cc | 2 +-
13 5 files changed, 11 insertions(+), 11 deletions(-)
14
15diff --git a/configure.ac b/configure.ac
16index 80395e6..ae20da7 100644
17--- a/configure.ac
18+++ b/configure.ac
19@@ -25,9 +25,9 @@ libseaudit_version=4.5
20 setoolsdir='${prefix}/share/setools-3.3'
21 javadir='${prefix}/share/java'
22
23-version_min_sepol_major=1
24-version_min_sepol_minor=12
25-version_min_sepol_patch=27
26+version_min_sepol_major=2
27+version_min_sepol_minor=4
28+version_min_sepol_patch=0
29
30 dnl *** end of tunable values ***
31
32diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
33index 229779c..15f70ba 100644
34--- a/libqpol/src/policy_define.c
35+++ b/libqpol/src/policy_define.c
36@@ -1661,7 +1661,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
37 goto bad;
38 }
39 class_perm_node_init(perm);
40- perm->class = i + 1;
41+ perm->tclass = i + 1;
42 perm->data = datum->s.value;
43 perm->next = avrule->perms;
44 avrule->perms = perm;
45@@ -1901,7 +1901,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
46 goto out;
47 }
48 class_perm_node_init(cur_perms);
49- cur_perms->class = i + 1;
50+ cur_perms->tclass = i + 1;
51 if (!perms)
52 perms = cur_perms;
53 if (tail)
54diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
55index 5325a87..1417271 100644
56--- a/libqpol/src/policy_extend.c
57+++ b/libqpol/src/policy_extend.c
58@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
59 for (class_node = rule->perms; class_node; class_node = class_node->next) {
60 key.rule_type = rule->specified;
61 key.source_val = key.target_val = i + 1;
62- key.class_val = class_node->class;
63+ key.class_val = class_node->tclass;
64 key.cond = cond;
65 if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
66 goto err;
67@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
68 key.rule_type = rule->specified;
69 key.source_val = i + 1;
70 key.target_val = j + 1;
71- key.class_val = class_node->class;
72+ key.class_val = class_node->tclass;
73 key.cond = cond;
74 if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
75 goto err;
76diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
77index 3e63204..d7578f1 100644
78--- a/libqpol/src/syn_rule_query.c
79+++ b/libqpol/src/syn_rule_query.c
80@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
81 return NULL;
82 }
83
84- return db->class_val_to_struct[srcs->cur->class - 1];
85+ return db->class_val_to_struct[srcs->cur->tclass - 1];
86 }
87
88 static int syn_rule_class_state_next(qpol_iterator_t * iter)
89@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
90 }
91
92 for (node = internal_rule->perms; node; node = node->next) {
93- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
94+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
95 if (!(node->data & (1 << i)))
96 continue;
97- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
98+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
99 if (tmp) {
100 tmp++; /* remove prepended space */
101 for (cur = 0; cur < perm_list_sz; cur++)
102diff --git a/secmds/replcon.cc b/secmds/replcon.cc
103index 34f7c1a..307c39f 100644
104--- a/secmds/replcon.cc
105+++ b/secmds/replcon.cc
106@@ -60,7 +60,7 @@ static struct option const longopts[] = {
107 {NULL, 0, NULL, 0}
108 };
109
110-extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
111+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
112
113 /**
114 * As that setools must work with older libselinux versions that may
diff --git a/recipes-security/setools/setools/setools-configure-ac.patch b/recipes-security/setools/setools/setools-configure-ac.patch
deleted file mode 100644
index 5b8e440..0000000
--- a/recipes-security/setools/setools/setools-configure-ac.patch
+++ /dev/null
@@ -1,107 +0,0 @@
1---
2 configure.ac | 37 ++++++++++++++-----------------------
3 1 file changed, 14 insertions(+), 23 deletions(-)
4
5--- a/configure.ac
6+++ b/configure.ac
7@@ -216,9 +216,6 @@
8 do_swigify_java=yes
9 do_swigify=yes
10 fi
11-
12-AM_PATH_PYTHON(2.7)
13-
14 AC_ARG_ENABLE(swig-python,
15 AC_HELP_STRING([--enable-swig-python],
16 [build SWIG interfaces for Python]),
17@@ -227,6 +224,7 @@
18 if test ${do_swigify} = no; then
19 AC_PROG_SWIG(2.0.0)
20 fi
21+ AM_PATH_PYTHON(2.7)
22 SWIG_PYTHON
23 do_swigify_python=yes
24 do_swigify=yes
25@@ -411,32 +409,19 @@
26 selinux_devel="/usr")
27 sepol_devel_incdir="${sepol_devel}/include"
28 selinux_devel_incdir="${selinux_devel}/include"
29-dnl if /lib64 exists then use that directory, otherwise revert to just /lib
30-for dir in lib64 lib ; do
31- sepol_devel_libdir="${sepol_devel}/${dir}"
32- if test -f ${sepol_devel_libdir}/libsepol.so ; then
33- break
34- fi
35-done
36-for dir in lib64 lib ; do
37- selinux_devel_libdir="${selinux_devel}/${dir}"
38- if test -f ${selinux_devel_libdir}/libselinux.so ; then
39- break
40- fi
41-done
42+dnl We pass in sepol_devel of usr/lib{32/64}/.., dirname strips the ..
43+sepol_devel_libdir=`dirname ${sepol_devel}`
44+selinux_devel_libdir=`dirname ${selinux_devel}`
45 AC_MSG_CHECKING([for sepol/sepol.h])
46 selinux_save_CFLAGS="${CFLAGS}"
47 selinux_save_CPPFLAGS="${CPPFLAGS}"
48 CFLAGS="${CFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}"
49 CPPFLAGS="${CPPFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}"
50 AC_CHECK_HEADER([sepol/sepol.h], , AC_MSG_ERROR([could not find sepol headers at $sepol_devel_incdir - make sure libsepol-devel is installed]))
51-AC_CHECK_LIB([sepol], [sepol_policydb_read], ,
52- AC_MSG_ERROR([could not find libsepol at $sepol_devel_libdir]))
53+LIBS="-lsepol $LIBS"
54 AC_CHECK_HEADER([selinux/selinux.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed]))
55 AC_CHECK_HEADER([selinux/context.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed]))
56-AC_CHECK_LIB([selinux], [selinux_policy_root], ,
57-AC_MSG_ERROR([could not find libselinux at $selinux_devel_libdir]),
58- -lsepol)
59+LIBS="-lselinux $LIBS"
60 SELINUX_LIB_FLAG="-L${sepol_devel_libdir} -L${selinux_devel_libdir}"
61 CFLAGS="${selinux_save_CFLAGS}"
62 CPPFLAGS="${selinux_save_CPPFLAGS}"
63@@ -448,8 +433,6 @@
64 sepol_srcdir="")
65 if test "x${sepol_srcdir}" = "x"; then
66 sepol_srcdir=${sepol_devel_libdir}
67- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
68- AC_MSG_ERROR([make sure libsepol-static is installed]))
69 else
70 AC_MSG_CHECKING([for compatible sepol source tree])
71 sepol_version=${sepol_srcdir}/VERSION
72@@ -556,6 +539,7 @@
73 sepol_new_errcodes="yes",
74 sepol_new_errcodes="no")
75
76+if test x"${ac_cv_policydb_version_max}" = x ; then
77 AC_RUN_IFELSE(
78 [AC_LANG_SOURCE([
79 #include <sepol/policydb/policydb.h>
80@@ -571,6 +555,9 @@
81 }])],
82 sepol_policy_version_max=`cat conftest.data`,
83 AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
84+else
85+ sepol_policy_version_max=${ac_cv_policydb_version_max}
86+fi
87 AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
88 CFLAGS="${sepol_save_CFLAGS}"
89 CPPFLAGS="${sepol_save_CPPFLAGS}"
90@@ -578,6 +565,7 @@
91 if test ${use_selinux} = "yes"; then
92 dnl Locate selinux policy root directory
93 AC_MSG_CHECKING([for selinux policy root])
94+ if test x"${ac_cv_selinux_policy_root}" = x ; then
95 changequote(<<<,>>>)dnl
96 cat > ./conftest.c <<EOF
97 #include <stdlib.h>
98@@ -596,6 +584,9 @@
99 CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
100 gcc ${CFLAGS} -o conftest conftest.c >&5
101 selinux_policy_dir=`./conftest`
102+ else
103+ selinux_policy_dir=${ac_cv_selinux_policy_root}
104+ fi
105 AC_MSG_RESULT(${selinux_policy_dir})
106 CFLAGS="${selinux_save_CFLAGS}"
107 fi
diff --git a/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
deleted file mode 100644
index 84ac3dc..0000000
--- a/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch
+++ /dev/null
@@ -1,33 +0,0 @@
1From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001
2From: Dan Walsh <dwalsh@redhat.com>
3Date: Tue, 20 Sep 2011 15:46:38 -0400
4Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol
5
6---
7 configure.ac | 4 ++--
8 1 files changed, 2 insertions(+), 2 deletions(-)
9
10diff --git a/configure.ac b/configure.ac
11index e837e03..3c11e23 100644
12--- a/configure.ac
13+++ b/configure.ac
14@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
15 [AC_LANG_SOURCE([
16 #include <sepol/policydb/expand.h>
17 int main () {
18- return role_set_expand(NULL, NULL, NULL, NULL);
19+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
20 }])],
21 sepol_new_user_role_mapping="yes",
22 sepol_new_user_role_mapping="no")
23@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
24 [AC_LANG_SOURCE([
25 #include <sepol/policydb/expand.h>
26 int main () {
27- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
28+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
29 }])],
30 AC_MSG_RESULT([yes]),
31 AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
32--
331.7.6.2
diff --git a/recipes-security/setools/setools/setools-cross-ar.patch b/recipes-security/setools/setools/setools-cross-ar.patch
deleted file mode 100644
index eba24c2..0000000
--- a/recipes-security/setools/setools/setools-cross-ar.patch
+++ /dev/null
@@ -1,17 +0,0 @@
1Use the specified $(AR), not "ar", for cross-compiling.
2
3---
4 libqpol/src/Makefile.am | 2 +-
5 1 file changed, 1 insertion(+), 1 deletion(-)
6
7--- a/libqpol/src/Makefile.am
8+++ b/libqpol/src/Makefile.am
9@@ -64,7 +64,7 @@
10 mkdir -p $@
11 rm -f $@/*
12 cp $< $@
13- (cd $@; ar x libsepol.a)
14+ (cd $@; $(AR) x libsepol.a)
15
16 $(qpolso_DATA): $(tmp_sepol) $(libqpol_so_OBJS) libqpol.map
17 $(CC) -shared -o $@ $(libqpol_so_OBJS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(LIBQPOL_SONAME),--version-script=$(srcdir)/libqpol.map,-z,defs -Wl,--whole-archive $(sepol_srcdir)/libsepol.a -Wl,--no-whole-archive @SELINUX_LIB_FLAG@ -lselinux -lsepol -lbz2
diff --git a/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch b/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch
deleted file mode 100644
index a165dae..0000000
--- a/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch
+++ /dev/null
@@ -1,31 +0,0 @@
1From 4360fae5a6fbee9c8866573fe5a8af2fdae4944d Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Fri, 9 Mar 2012 10:18:35 +0800
4Subject: [PATCH] setools: neverallow rules all always fail.
5
6Since we do not ship neverallow rules all always fail.
7ERROR: Cannot get avrules: Neverallow rules requested but not available
8ERROR: Operation not supported
9---
10 libqpol/src/avrule_query.c | 3 +++
11 1 files changed, 3 insertions(+), 0 deletions(-)
12
13diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
14index 749565b..e7d42fc 100644
15--- a/libqpol/src/avrule_query.c
16+++ b/libqpol/src/avrule_query.c
17@@ -57,8 +57,11 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
18
19 if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
20 ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
21+ /*
22 errno = ENOTSUP;
23 return STATUS_ERR;
24+ */
25+ return STATUS_SUCCESS;
26 }
27
28 db = &policy->p->p;
29--
301.7.5.4
31
diff --git a/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch b/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
deleted file mode 100644
index a9cec6e..0000000
--- a/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch
+++ /dev/null
@@ -1,134 +0,0 @@
1From 65ff2020dd1119cf45ad4eb74e63b21fb8f63389 Mon Sep 17 00:00:00 2001
2From: Xin Ouyang <Xin.Ouyang@windriver.com>
3Date: Wed, 7 Mar 2012 10:48:07 +0800
4Subject: [PATCH 2/7] setools: seinfo should exit with correct errno.
5
6Integrated from Fedora:
7https://community.dev.fedoraproject.org/packages/setools/sources/patches/
8---
9 secmds/seinfo.c | 51 +++++++++++++++++++++++++++------------------------
10 1 files changed, 27 insertions(+), 24 deletions(-)
11
12diff --git a/secmds/seinfo.c b/secmds/seinfo.c
13index fdf23e9..3088f88 100644
14--- a/secmds/seinfo.c
15+++ b/secmds/seinfo.c
16@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy
17 */
18 static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
19 {
20- int retval = 0;
21+ int retval = -1;
22 apol_cat_query_t *query = NULL;
23 apol_vector_t *v = NULL;
24 const qpol_cat_t *cat_datum = NULL;
25@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy
26 fprintf(fp, " %s\n", tmp);
27 free(tmp);
28 }
29- if (type && !apol_vector_get_size(v))
30+ if (type && !apol_vector_get_size(v)) {
31 ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
32-
33+ goto cleanup;
34+ }
35 retval = 0;
36 cleanup:
37 apol_fs_use_query_destroy(&query);
38@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
39 ERR(policydb, "%s", strerror(ENOMEM));
40 goto cleanup;
41 }
42-
43 if (apol_genfscon_query_set_filesystem(policydb, query, type))
44 goto cleanup;
45 if (apol_genfscon_get_by_query(policydb, query, &v))
46@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
47 free(tmp);
48 }
49
50- if (type && !apol_vector_get_size(v))
51+ if (type && !apol_vector_get_size(v)) {
52 ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
53+ goto cleanup;
54+ }
55
56 retval = 0;
57 cleanup:
58@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators etc.
59
60 int main(int argc, char **argv)
61 {
62+ int rc = 0;
63 int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
64 node, port, permissives, polcaps, constrain, linebreaks;
65 apol_policy_t *policydb = NULL;
66@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
67
68 /* display requested info */
69 if (stats || all)
70- print_stats(stdout, policydb);
71+ rc = print_stats(stdout, policydb);
72 if (classes || all)
73- print_classes(stdout, class_name, expand, policydb);
74+ rc = print_classes(stdout, class_name, expand, policydb);
75 if (types || all)
76- print_types(stdout, type_name, expand, policydb);
77+ rc = print_types(stdout, type_name, expand, policydb);
78 if (attribs || all)
79- print_attribs(stdout, attrib_name, expand, policydb);
80+ rc = print_attribs(stdout, attrib_name, expand, policydb);
81 if (roles || all)
82- print_roles(stdout, role_name, expand, policydb);
83+ rc = print_roles(stdout, role_name, expand, policydb);
84 if (users || all)
85- print_users(stdout, user_name, expand, policydb);
86+ rc = print_users(stdout, user_name, expand, policydb);
87 if (bools || all)
88- print_booleans(stdout, bool_name, expand, policydb);
89+ rc = print_booleans(stdout, bool_name, expand, policydb);
90 if (sens || all)
91- print_sens(stdout, sens_name, expand, policydb);
92+ rc = print_sens(stdout, sens_name, expand, policydb);
93 if (cats || all)
94- print_cats(stdout, cat_name, expand, policydb);
95+ rc = print_cats(stdout, cat_name, expand, policydb);
96 if (fsuse || all)
97- print_fsuse(stdout, fsuse_type, policydb);
98+ rc = print_fsuse(stdout, fsuse_type, policydb);
99 if (genfs || all)
100- print_genfscon(stdout, genfs_type, policydb);
101+ rc = print_genfscon(stdout, genfs_type, policydb);
102 if (netif || all)
103- print_netifcon(stdout, netif_name, policydb);
104+ rc = print_netifcon(stdout, netif_name, policydb);
105 if (node || all)
106- print_nodecon(stdout, node_addr, policydb);
107+ rc = print_nodecon(stdout, node_addr, policydb);
108 if (port || all)
109- print_portcon(stdout, port_num, protocol, policydb);
110+ rc = print_portcon(stdout, port_num, protocol, policydb);
111 if (isids || all)
112- print_isids(stdout, isid_name, expand, policydb);
113+ rc = print_isids(stdout, isid_name, expand, policydb);
114 if (permissives || all)
115- print_permissives(stdout, permissive_name, expand, policydb);
116+ rc = print_permissives(stdout, permissive_name, expand, policydb);
117 if (polcaps || all)
118- print_polcaps(stdout, polcap_name, expand, policydb);
119+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
120 if (constrain || all)
121- print_constraints(stdout, expand, policydb, linebreaks);
122+ rc = print_constraints(stdout, expand, policydb, linebreaks);
123
124 apol_policy_destroy(&policydb);
125 apol_policy_path_destroy(&pol_path);
126 free(policy_file);
127- exit(0);
128+ exit(rc);
129 }
130
131 /**
132--
1331.7.5.4
134
diff --git a/recipes-security/setools/setools/setools.pam b/recipes-security/setools/setools/setools.pam
deleted file mode 100644
index c7d67e3..0000000
--- a/recipes-security/setools/setools/setools.pam
+++ /dev/null
@@ -1,4 +0,0 @@
1#%PAM-1.0
2auth include config-util
3account include config-util
4session include config-util
diff --git a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
new file mode 100644
index 0000000..9a6b818
--- /dev/null
+++ b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch
@@ -0,0 +1,35 @@
1From dc86d880ae0d66233679112a2bf0115c39df68f1 Mon Sep 17 00:00:00 2001
2From: Wenzong Fan <wenzong.fan@windriver.com>
3Date: Fri, 17 Feb 2017 08:57:35 +0000
4Subject: [meta-selinux][PATCH] setools4: fix cross-compiling errors for powerpc, mips
5
6Fix build errors:
7| libqpol/policy.c: In function 'qpol_binpol_version':
8| libqpol/policy.c:95:24: error: implicit declaration of function 'bswap_32' [-Werror=implicit-function-declaration]
9| #define le32_to_cpu(x) bswap_32(x)
10
11Upstream-Status: Pending
12
13Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
14---
15 libqpol/policy.c | 4 ++++
16 1 file changed, 4 insertions(+)
17
18diff --git a/libqpol/policy.c b/libqpol/policy.c
19index ae3acb5..b5b87f9 100644
20--- a/libqpol/policy.c
21+++ b/libqpol/policy.c
22@@ -45,6 +45,10 @@
23 # include <asm/types.h>
24 #endif
25
26+#if defined(_ARCH_PPC) || defined(mips)
27+#include <byteswap.h>
28+#endif
29+
30 #include <sepol/debug.h>
31 #include <sepol/handle.h>
32 #include <sepol/policydb/flask_types.h>
33--
342.11.0
35
diff --git a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
new file mode 100644
index 0000000..5c43c49
--- /dev/null
+++ b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch
@@ -0,0 +1,40 @@
1From a104374147b398838edc04e937c92e762ea3f5d9 Mon Sep 17 00:00:00 2001
2From: Wenzong Fan <wenzong.fan@windriver.com>
3Date: Tue, 14 Feb 2017 06:32:35 +0000
4Subject: [meta-selinux][PATCH] setools4: fixes for cross compiling
5
6* search libsepol from $STAGING_LIBDIR
7* fix manual install path as '/usr/share/man/man1'
8
9Upstream-Status: Inappropriate [embedded specific]
10
11Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
12---
13 setup.py | 4 ++--
14 1 file changed, 2 insertions(+), 2 deletions(-)
15
16diff --git a/setup.py b/setup.py
17index 2ca44c9..300ff70 100644
18--- a/setup.py
19+++ b/setup.py
20@@ -77,7 +77,7 @@ class BuildExtCommand(build_ext):
21 build_ext.run(self)
22
23
24-base_lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib']
25+base_lib_dirs = [os.environ["STAGING_LIBDIR"]]
26 include_dirs = ['libqpol', 'libqpol/include']
27
28 try:
29@@ -182,7 +182,7 @@ setup(name='setools',
30 'build_qhc': QtHelpCommand},
31 packages=['setools', 'setools.diff', 'setools.policyrep', 'setoolsgui', 'setoolsgui.apol'],
32 scripts=['apol', 'sediff', 'seinfo', 'seinfoflow', 'sesearch', 'sedta'],
33- data_files=[(join(sys.prefix, 'share/man/man1'), glob.glob("man/*.1"))],
34+ data_files=[('/usr/share/man/man1', glob.glob("man/*.1"))],
35 package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools': ['perm_map']},
36 ext_modules=ext_py_mods,
37 test_suite='tests',
38--
392.13.0
40
diff --git a/recipes-security/setools/setools_3.3.8.bb b/recipes-security/setools/setools_3.3.8.bb
deleted file mode 100644
index 99296ca..0000000
--- a/recipes-security/setools/setools_3.3.8.bb
+++ /dev/null
@@ -1,103 +0,0 @@
1SUMMARY = "Policy analysis tools for SELinux"
2DESCRIPTION = "\
3SETools is a collection of graphical tools, command-line tools, and \
4libraries designed to facilitate SELinux policy analysis. \
5\n\
6This meta-package depends upon the main packages necessary to run \
7SETools."
8SECTION = "base"
9LICENSE = "GPLv2 & LGPLv2.1"
10
11SRC_URI = "https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-${PV}/setools-${PV}.tar.bz2"
12SRC_URI[md5sum] = "d68d0d4e4da0f01da0f208782ff04b91"
13SRC_URI[sha256sum] = "44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999"
14
15SRC_URI += "file://setools-neverallow-rules-all-always-fail.patch"
16SRC_URI += "file://setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch"
17
18SRC_URI += "file://setools-Don-t-check-selinux-policies-if-disabled.patch"
19SRC_URI += "file://setools-configure-ac.patch"
20SRC_URI += "file://setools-cross-ar.patch"
21
22SRC_URI += "file://setools-Fix-test-bug-for-unary-operator.patch"
23SRC_URI += "file://setools-Fix-python-setools-Makefile.am-for-cross.patch"
24
25SRC_URI += "file://setools-Update-for-2015-02-02-Userspace-release.patch"
26
27LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=26035c503c68ae1098177934ac0cc795 \
28 file://${S}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe \
29 file://${S}/COPYING.LGPL;md5=fbc093901857fcd118f065f900982c24"
30
31CFLAGS_append = " -fPIC"
32CXXFLAGS_append = " -fPIC"
33
34DEPENDS += "bison-native flex-native python libsepol libselinux libxml2"
35
36PACKAGE_BEFORE_PN += "${PN}-libs"
37
38RPROVIDES_${PN} += "${PN}-console"
39
40FILES_${PN}-dbg += "\
41 ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/.debug \
42 "
43
44FILES_${PN}-libs = "\
45 ${libdir}/libqpol.so.* \
46 ${libdir}/libapol.so.* \
47 ${libdir}/libpoldiff.so.* \
48 ${libdir}/libsefs.so.* \
49 ${libdir}/libseaudit.so.* \
50 ${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.egg-info \
51 ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/*.so* \
52 ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/*.py* \
53 "
54
55FILES_${PN} += "\
56 ${bindir}/seinfo \
57 ${bindir}/sesearch \
58 ${bindir}/indexcon \
59 ${bindir}/findcon \
60 ${bindir}/replcon \
61 ${bindir}/sechecker \
62 ${bindir}/sediff \
63 ${datadir}/setools-3.3/sechecker-profiles \
64 ${datadir}/setools-3.3/sechecker_help.txt \
65 ${datadir}/setools-3.3/sediff_help.txt \
66 ${datadir}/setools-3.3/sediffx* \
67 ${mandir}/man1/findcon.1.gz \
68 ${mandir}/man1/indexcon.1.gz \
69 ${mandir}/man1/replcon.1.gz \
70 ${mandir}/man1/sechecker.1.gz \
71 ${mandir}/man1/sediff.1.gz \
72 ${mandir}/man1/seinfo.1.gz \
73 ${mandir}/man1/sesearch.1.gz \
74 "
75
76inherit autotools pythonnative
77
78# need to export these variables for python-config to work
79export BUILD_SYS
80export HOST_SYS
81export STAGING_INCDIR
82export STAGING_LIBDIR
83
84EXTRA_OECONF = "-disable-bwidget-check --disable-selinux-check \
85 --disable-swig-python --disable-swig-java --disable-swig-tcl \
86 --disable-profiling --disable-gui --with-tk=no --with-tcl=no \
87 --with-sepol-devel=${STAGING_LIBDIR}/.. \
88 --with-selinux-devel=${STAGING_LIBDIR}/.."
89
90do_configure_prepend() {
91 export ac_cv_policydb_version_max=26
92 export PYTHON=python
93 export PYLIBVER='python${PYTHON_BASEVERSION}'
94 export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}"
95 export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so"
96 export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages"
97}
98
99do_install_append() {
100 rm -f ${D}/${libdir}/*.a
101}
102
103BBCLASSEXTEND = "native"
diff --git a/recipes-security/setools/setools_4.1.1.bb b/recipes-security/setools/setools_4.1.1.bb
new file mode 100644
index 0000000..1f78bab
--- /dev/null
+++ b/recipes-security/setools/setools_4.1.1.bb
@@ -0,0 +1,35 @@
1SUMMARY = "Policy analysis tools for SELinux"
2DESCRIPTION = "\
3SETools is a collection of graphical tools, command-line tools, and \
4libraries designed to facilitate SELinux policy analysis. \
5\n\
6This meta-package depends upon the main packages necessary to run \
7SETools."
8SECTION = "base"
9LICENSE = "GPLv2 & LGPLv2.1"
10
11SRC_URI = "https://github.com/TresysTechnology/setools/archive/${PV}.tar.gz;downloadfilename=setools-${PV}.tar.gz \
12 file://setools4-fixes-for-cross-compiling.patch \
13 file://setools4-fix-cross-compiling-errors-for-powerpc-mips.patch \
14"
15
16SRC_URI[md5sum] = "54cf5c0ca2aa4ef7c6ac153981af34cd"
17SRC_URI[sha256sum] = "46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610"
18
19LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \
20 file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
21 file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c"
22
23DEPENDS += "bison-native flex-native swig-native python libsepol"
24
25RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator python-setuptools"
26
27RPROVIDES_${PN} += "${PN}-console"
28
29inherit setuptools
30
31do_install_append() {
32 # Need PyQt5 support, disable gui tools
33 rm -f ${D}${bindir}/apol
34 rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui
35}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-26 05:39:39 +0000