3 files changed, 600 insertions, 0 deletions
diff --git a/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch b/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
new file mode 100644
index 0000000..46c56a4
--- /dev/null
+++ b/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
@@ -0,0 +1,530 @@
+From a96e8c59ecac84096d870b42701a504791a8cc8c Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Thu, 23 Jan 2020 13:57:13 +0100
+Subject: [PATCH] libsepol: fix CIL_KEY_* build errors with -fno-common
+GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
+global variables to be defined only once in cil.c and declared in the
+header file correctly with the 'extern' keyword, so that other units
+including the file don't generate duplicate definitions.
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/a96e8c59ecac84096d870b42701a504791a8cc8c]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cil/src/cil.c          | 162 ++++++++++++++++
+ cil/src/cil_internal.h | 322 ++++++++++++++++----------------
+ 2 files changed, 323 insertions(+), 161 deletions(-)
+diff --git a/cil/src/cil.c b/cil/src/cil.c
+index de729cf8..d222ad3a 100644
+--- a/cil/src/cil.c
+++ b/cil/src/cil.c
+@@ -77,6 +77,168 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
+        {1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
+ };
+ 
+char *CIL_KEY_CONS_T1;
+char *CIL_KEY_CONS_T2;
+char *CIL_KEY_CONS_T3;
+char *CIL_KEY_CONS_R1;
+char *CIL_KEY_CONS_R2;
+char *CIL_KEY_CONS_R3;
+char *CIL_KEY_CONS_U1;
+char *CIL_KEY_CONS_U2;
+char *CIL_KEY_CONS_U3;
+char *CIL_KEY_CONS_L1;
+char *CIL_KEY_CONS_L2;
+char *CIL_KEY_CONS_H1;
+char *CIL_KEY_CONS_H2;
+char *CIL_KEY_AND;
+char *CIL_KEY_OR;
+char *CIL_KEY_NOT;
+char *CIL_KEY_EQ;
+char *CIL_KEY_NEQ;
+char *CIL_KEY_CONS_DOM;
+char *CIL_KEY_CONS_DOMBY;
+char *CIL_KEY_CONS_INCOMP;
+char *CIL_KEY_CONDTRUE;
+char *CIL_KEY_CONDFALSE;
+char *CIL_KEY_SELF;
+char *CIL_KEY_OBJECT_R;
+char *CIL_KEY_STAR;
+char *CIL_KEY_TCP;
+char *CIL_KEY_UDP;
+char *CIL_KEY_DCCP;
+char *CIL_KEY_SCTP;
+char *CIL_KEY_AUDITALLOW;
+char *CIL_KEY_TUNABLEIF;
+char *CIL_KEY_ALLOW;
+char *CIL_KEY_DONTAUDIT;
+char *CIL_KEY_TYPETRANSITION;
+char *CIL_KEY_TYPECHANGE;
+char *CIL_KEY_CALL;
+char *CIL_KEY_TUNABLE;
+char *CIL_KEY_XOR;
+char *CIL_KEY_ALL;
+char *CIL_KEY_RANGE;
+char *CIL_KEY_GLOB;
+char *CIL_KEY_FILE;
+char *CIL_KEY_DIR;
+char *CIL_KEY_CHAR;
+char *CIL_KEY_BLOCK;
+char *CIL_KEY_SOCKET;
+char *CIL_KEY_PIPE;
+char *CIL_KEY_SYMLINK;
+char *CIL_KEY_ANY;
+char *CIL_KEY_XATTR;
+char *CIL_KEY_TASK;
+char *CIL_KEY_TRANS;
+char *CIL_KEY_TYPE;
+char *CIL_KEY_ROLE;
+char *CIL_KEY_USER;
+char *CIL_KEY_USERATTRIBUTE;
+char *CIL_KEY_USERATTRIBUTESET;
+char *CIL_KEY_SENSITIVITY;
+char *CIL_KEY_CATEGORY;
+char *CIL_KEY_CATSET;
+char *CIL_KEY_LEVEL;
+char *CIL_KEY_LEVELRANGE;
+char *CIL_KEY_CLASS;
+char *CIL_KEY_IPADDR;
+char *CIL_KEY_MAP_CLASS;
+char *CIL_KEY_CLASSPERMISSION;
+char *CIL_KEY_BOOL;
+char *CIL_KEY_STRING;
+char *CIL_KEY_NAME;
+char *CIL_KEY_SOURCE;
+char *CIL_KEY_TARGET;
+char *CIL_KEY_LOW;
+char *CIL_KEY_HIGH;
+char *CIL_KEY_LOW_HIGH;
+char *CIL_KEY_GLBLUB;
+char *CIL_KEY_HANDLEUNKNOWN;
+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+char *CIL_KEY_HANDLEUNKNOWN_DENY;
+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+char *CIL_KEY_MACRO;
+char *CIL_KEY_IN;
+char *CIL_KEY_MLS;
+char *CIL_KEY_DEFAULTRANGE;
+char *CIL_KEY_BLOCKINHERIT;
+char *CIL_KEY_BLOCKABSTRACT;
+char *CIL_KEY_CLASSORDER;
+char *CIL_KEY_CLASSMAPPING;
+char *CIL_KEY_CLASSPERMISSIONSET;
+char *CIL_KEY_COMMON;
+char *CIL_KEY_CLASSCOMMON;
+char *CIL_KEY_SID;
+char *CIL_KEY_SIDCONTEXT;
+char *CIL_KEY_SIDORDER;
+char *CIL_KEY_USERLEVEL;
+char *CIL_KEY_USERRANGE;
+char *CIL_KEY_USERBOUNDS;
+char *CIL_KEY_USERPREFIX;
+char *CIL_KEY_SELINUXUSER;
+char *CIL_KEY_SELINUXUSERDEFAULT;
+char *CIL_KEY_TYPEATTRIBUTE;
+char *CIL_KEY_TYPEATTRIBUTESET;
+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+char *CIL_KEY_TYPEALIAS;
+char *CIL_KEY_TYPEALIASACTUAL;
+char *CIL_KEY_TYPEBOUNDS;
+char *CIL_KEY_TYPEPERMISSIVE;
+char *CIL_KEY_RANGETRANSITION;
+char *CIL_KEY_USERROLE;
+char *CIL_KEY_ROLETYPE;
+char *CIL_KEY_ROLETRANSITION;
+char *CIL_KEY_ROLEALLOW;
+char *CIL_KEY_ROLEATTRIBUTE;
+char *CIL_KEY_ROLEATTRIBUTESET;
+char *CIL_KEY_ROLEBOUNDS;
+char *CIL_KEY_BOOLEANIF;
+char *CIL_KEY_NEVERALLOW;
+char *CIL_KEY_TYPEMEMBER;
+char *CIL_KEY_SENSALIAS;
+char *CIL_KEY_SENSALIASACTUAL;
+char *CIL_KEY_CATALIAS;
+char *CIL_KEY_CATALIASACTUAL;
+char *CIL_KEY_CATORDER;
+char *CIL_KEY_SENSITIVITYORDER;
+char *CIL_KEY_SENSCAT;
+char *CIL_KEY_CONSTRAIN;
+char *CIL_KEY_MLSCONSTRAIN;
+char *CIL_KEY_VALIDATETRANS;
+char *CIL_KEY_MLSVALIDATETRANS;
+char *CIL_KEY_CONTEXT;
+char *CIL_KEY_FILECON;
+char *CIL_KEY_IBPKEYCON;
+char *CIL_KEY_IBENDPORTCON;
+char *CIL_KEY_PORTCON;
+char *CIL_KEY_NODECON;
+char *CIL_KEY_GENFSCON;
+char *CIL_KEY_NETIFCON;
+char *CIL_KEY_PIRQCON;
+char *CIL_KEY_IOMEMCON;
+char *CIL_KEY_IOPORTCON;
+char *CIL_KEY_PCIDEVICECON;
+char *CIL_KEY_DEVICETREECON;
+char *CIL_KEY_FSUSE;
+char *CIL_KEY_POLICYCAP;
+char *CIL_KEY_OPTIONAL;
+char *CIL_KEY_DEFAULTUSER;
+char *CIL_KEY_DEFAULTROLE;
+char *CIL_KEY_DEFAULTTYPE;
+char *CIL_KEY_ROOT;
+char *CIL_KEY_NODE;
+char *CIL_KEY_PERM;
+char *CIL_KEY_ALLOWX;
+char *CIL_KEY_AUDITALLOWX;
+char *CIL_KEY_DONTAUDITX;
+char *CIL_KEY_NEVERALLOWX;
+char *CIL_KEY_PERMISSIONX;
+char *CIL_KEY_IOCTL;
+char *CIL_KEY_UNORDERED;
+char *CIL_KEY_SRC_INFO;
+char *CIL_KEY_SRC_CIL;
+char *CIL_KEY_SRC_HLL;
+
+ static void cil_init_keys(void)
+ {
+        /* Initialize CIL Keys into strpool */
+diff --git a/cil/src/cil_internal.h b/cil/src/cil_internal.h
+index 30fab649..9bdcbdd0 100644
+--- a/cil/src/cil_internal.h
+++ b/cil/src/cil_internal.h
+@@ -74,167 +74,167 @@ enum cil_pass {
+ /*
+        Keywords
+ */
+-char *CIL_KEY_CONS_T1;
+-char *CIL_KEY_CONS_T2;
+-char *CIL_KEY_CONS_T3;
+-char *CIL_KEY_CONS_R1;
+-char *CIL_KEY_CONS_R2;
+-char *CIL_KEY_CONS_R3;
+-char *CIL_KEY_CONS_U1;
+-char *CIL_KEY_CONS_U2;
+-char *CIL_KEY_CONS_U3;
+-char *CIL_KEY_CONS_L1;
+-char *CIL_KEY_CONS_L2;
+-char *CIL_KEY_CONS_H1;
+-char *CIL_KEY_CONS_H2;
+-char *CIL_KEY_AND;
+-char *CIL_KEY_OR;
+-char *CIL_KEY_NOT;
+-char *CIL_KEY_EQ;
+-char *CIL_KEY_NEQ;
+-char *CIL_KEY_CONS_DOM;
+-char *CIL_KEY_CONS_DOMBY;
+-char *CIL_KEY_CONS_INCOMP;
+-char *CIL_KEY_CONDTRUE;
+-char *CIL_KEY_CONDFALSE;
+-char *CIL_KEY_SELF;
+-char *CIL_KEY_OBJECT_R;
+-char *CIL_KEY_STAR;
+-char *CIL_KEY_TCP;
+-char *CIL_KEY_UDP;
+-char *CIL_KEY_DCCP;
+-char *CIL_KEY_SCTP;
+-char *CIL_KEY_AUDITALLOW;
+-char *CIL_KEY_TUNABLEIF;
+-char *CIL_KEY_ALLOW;
+-char *CIL_KEY_DONTAUDIT;
+-char *CIL_KEY_TYPETRANSITION;
+-char *CIL_KEY_TYPECHANGE;
+-char *CIL_KEY_CALL;
+-char *CIL_KEY_TUNABLE;
+-char *CIL_KEY_XOR;
+-char *CIL_KEY_ALL;
+-char *CIL_KEY_RANGE;
+-char *CIL_KEY_GLOB;
+-char *CIL_KEY_FILE;
+-char *CIL_KEY_DIR;
+-char *CIL_KEY_CHAR;
+-char *CIL_KEY_BLOCK;
+-char *CIL_KEY_SOCKET;
+-char *CIL_KEY_PIPE;
+-char *CIL_KEY_SYMLINK;
+-char *CIL_KEY_ANY;
+-char *CIL_KEY_XATTR;
+-char *CIL_KEY_TASK;
+-char *CIL_KEY_TRANS;
+-char *CIL_KEY_TYPE;
+-char *CIL_KEY_ROLE;
+-char *CIL_KEY_USER;
+-char *CIL_KEY_USERATTRIBUTE;
+-char *CIL_KEY_USERATTRIBUTESET;
+-char *CIL_KEY_SENSITIVITY;
+-char *CIL_KEY_CATEGORY;
+-char *CIL_KEY_CATSET;
+-char *CIL_KEY_LEVEL;
+-char *CIL_KEY_LEVELRANGE;
+-char *CIL_KEY_CLASS;
+-char *CIL_KEY_IPADDR;
+-char *CIL_KEY_MAP_CLASS;
+-char *CIL_KEY_CLASSPERMISSION;
+-char *CIL_KEY_BOOL;
+-char *CIL_KEY_STRING;
+-char *CIL_KEY_NAME;
+-char *CIL_KEY_SOURCE;
+-char *CIL_KEY_TARGET;
+-char *CIL_KEY_LOW;
+-char *CIL_KEY_HIGH;
+-char *CIL_KEY_LOW_HIGH;
+-char *CIL_KEY_GLBLUB;
+-char *CIL_KEY_HANDLEUNKNOWN;
+-char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+-char *CIL_KEY_HANDLEUNKNOWN_DENY;
+-char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+-char *CIL_KEY_MACRO;
+-char *CIL_KEY_IN;
+-char *CIL_KEY_MLS;
+-char *CIL_KEY_DEFAULTRANGE;
+-char *CIL_KEY_BLOCKINHERIT;
+-char *CIL_KEY_BLOCKABSTRACT;
+-char *CIL_KEY_CLASSORDER;
+-char *CIL_KEY_CLASSMAPPING;
+-char *CIL_KEY_CLASSPERMISSIONSET;
+-char *CIL_KEY_COMMON;
+-char *CIL_KEY_CLASSCOMMON;
+-char *CIL_KEY_SID;
+-char *CIL_KEY_SIDCONTEXT;
+-char *CIL_KEY_SIDORDER;
+-char *CIL_KEY_USERLEVEL;
+-char *CIL_KEY_USERRANGE;
+-char *CIL_KEY_USERBOUNDS;
+-char *CIL_KEY_USERPREFIX;
+-char *CIL_KEY_SELINUXUSER;
+-char *CIL_KEY_SELINUXUSERDEFAULT;
+-char *CIL_KEY_TYPEATTRIBUTE;
+-char *CIL_KEY_TYPEATTRIBUTESET;
+-char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+-char *CIL_KEY_TYPEALIAS;
+-char *CIL_KEY_TYPEALIASACTUAL;
+-char *CIL_KEY_TYPEBOUNDS;
+-char *CIL_KEY_TYPEPERMISSIVE;
+-char *CIL_KEY_RANGETRANSITION;
+-char *CIL_KEY_USERROLE;
+-char *CIL_KEY_ROLETYPE;
+-char *CIL_KEY_ROLETRANSITION;
+-char *CIL_KEY_ROLEALLOW;
+-char *CIL_KEY_ROLEATTRIBUTE;
+-char *CIL_KEY_ROLEATTRIBUTESET;
+-char *CIL_KEY_ROLEBOUNDS;
+-char *CIL_KEY_BOOLEANIF;
+-char *CIL_KEY_NEVERALLOW;
+-char *CIL_KEY_TYPEMEMBER;
+-char *CIL_KEY_SENSALIAS;
+-char *CIL_KEY_SENSALIASACTUAL;
+-char *CIL_KEY_CATALIAS;
+-char *CIL_KEY_CATALIASACTUAL;
+-char *CIL_KEY_CATORDER;
+-char *CIL_KEY_SENSITIVITYORDER;
+-char *CIL_KEY_SENSCAT;
+-char *CIL_KEY_CONSTRAIN;
+-char *CIL_KEY_MLSCONSTRAIN;
+-char *CIL_KEY_VALIDATETRANS;
+-char *CIL_KEY_MLSVALIDATETRANS;
+-char *CIL_KEY_CONTEXT;
+-char *CIL_KEY_FILECON;
+-char *CIL_KEY_IBPKEYCON;
+-char *CIL_KEY_IBENDPORTCON;
+-char *CIL_KEY_PORTCON;
+-char *CIL_KEY_NODECON;
+-char *CIL_KEY_GENFSCON;
+-char *CIL_KEY_NETIFCON;
+-char *CIL_KEY_PIRQCON;
+-char *CIL_KEY_IOMEMCON;
+-char *CIL_KEY_IOPORTCON;
+-char *CIL_KEY_PCIDEVICECON;
+-char *CIL_KEY_DEVICETREECON;
+-char *CIL_KEY_FSUSE;
+-char *CIL_KEY_POLICYCAP;
+-char *CIL_KEY_OPTIONAL;
+-char *CIL_KEY_DEFAULTUSER;
+-char *CIL_KEY_DEFAULTROLE;
+-char *CIL_KEY_DEFAULTTYPE;
+-char *CIL_KEY_ROOT;
+-char *CIL_KEY_NODE;
+-char *CIL_KEY_PERM;
+-char *CIL_KEY_ALLOWX;
+-char *CIL_KEY_AUDITALLOWX;
+-char *CIL_KEY_DONTAUDITX;
+-char *CIL_KEY_NEVERALLOWX;
+-char *CIL_KEY_PERMISSIONX;
+-char *CIL_KEY_IOCTL;
+-char *CIL_KEY_UNORDERED;
+-char *CIL_KEY_SRC_INFO;
+-char *CIL_KEY_SRC_CIL;
+-char *CIL_KEY_SRC_HLL;
+extern char *CIL_KEY_CONS_T1;
+extern char *CIL_KEY_CONS_T2;
+extern char *CIL_KEY_CONS_T3;
+extern char *CIL_KEY_CONS_R1;
+extern char *CIL_KEY_CONS_R2;
+extern char *CIL_KEY_CONS_R3;
+extern char *CIL_KEY_CONS_U1;
+extern char *CIL_KEY_CONS_U2;
+extern char *CIL_KEY_CONS_U3;
+extern char *CIL_KEY_CONS_L1;
+extern char *CIL_KEY_CONS_L2;
+extern char *CIL_KEY_CONS_H1;
+extern char *CIL_KEY_CONS_H2;
+extern char *CIL_KEY_AND;
+extern char *CIL_KEY_OR;
+extern char *CIL_KEY_NOT;
+extern char *CIL_KEY_EQ;
+extern char *CIL_KEY_NEQ;
+extern char *CIL_KEY_CONS_DOM;
+extern char *CIL_KEY_CONS_DOMBY;
+extern char *CIL_KEY_CONS_INCOMP;
+extern char *CIL_KEY_CONDTRUE;
+extern char *CIL_KEY_CONDFALSE;
+extern char *CIL_KEY_SELF;
+extern char *CIL_KEY_OBJECT_R;
+extern char *CIL_KEY_STAR;
+extern char *CIL_KEY_TCP;
+extern char *CIL_KEY_UDP;
+extern char *CIL_KEY_DCCP;
+extern char *CIL_KEY_SCTP;
+extern char *CIL_KEY_AUDITALLOW;
+extern char *CIL_KEY_TUNABLEIF;
+extern char *CIL_KEY_ALLOW;
+extern char *CIL_KEY_DONTAUDIT;
+extern char *CIL_KEY_TYPETRANSITION;
+extern char *CIL_KEY_TYPECHANGE;
+extern char *CIL_KEY_CALL;
+extern char *CIL_KEY_TUNABLE;
+extern char *CIL_KEY_XOR;
+extern char *CIL_KEY_ALL;
+extern char *CIL_KEY_RANGE;
+extern char *CIL_KEY_GLOB;
+extern char *CIL_KEY_FILE;
+extern char *CIL_KEY_DIR;
+extern char *CIL_KEY_CHAR;
+extern char *CIL_KEY_BLOCK;
+extern char *CIL_KEY_SOCKET;
+extern char *CIL_KEY_PIPE;
+extern char *CIL_KEY_SYMLINK;
+extern char *CIL_KEY_ANY;
+extern char *CIL_KEY_XATTR;
+extern char *CIL_KEY_TASK;
+extern char *CIL_KEY_TRANS;
+extern char *CIL_KEY_TYPE;
+extern char *CIL_KEY_ROLE;
+extern char *CIL_KEY_USER;
+extern char *CIL_KEY_USERATTRIBUTE;
+extern char *CIL_KEY_USERATTRIBUTESET;
+extern char *CIL_KEY_SENSITIVITY;
+extern char *CIL_KEY_CATEGORY;
+extern char *CIL_KEY_CATSET;
+extern char *CIL_KEY_LEVEL;
+extern char *CIL_KEY_LEVELRANGE;
+extern char *CIL_KEY_CLASS;
+extern char *CIL_KEY_IPADDR;
+extern char *CIL_KEY_MAP_CLASS;
+extern char *CIL_KEY_CLASSPERMISSION;
+extern char *CIL_KEY_BOOL;
+extern char *CIL_KEY_STRING;
+extern char *CIL_KEY_NAME;
+extern char *CIL_KEY_SOURCE;
+extern char *CIL_KEY_TARGET;
+extern char *CIL_KEY_LOW;
+extern char *CIL_KEY_HIGH;
+extern char *CIL_KEY_LOW_HIGH;
+extern char *CIL_KEY_GLBLUB;
+extern char *CIL_KEY_HANDLEUNKNOWN;
+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+extern char *CIL_KEY_MACRO;
+extern char *CIL_KEY_IN;
+extern char *CIL_KEY_MLS;
+extern char *CIL_KEY_DEFAULTRANGE;
+extern char *CIL_KEY_BLOCKINHERIT;
+extern char *CIL_KEY_BLOCKABSTRACT;
+extern char *CIL_KEY_CLASSORDER;
+extern char *CIL_KEY_CLASSMAPPING;
+extern char *CIL_KEY_CLASSPERMISSIONSET;
+extern char *CIL_KEY_COMMON;
+extern char *CIL_KEY_CLASSCOMMON;
+extern char *CIL_KEY_SID;
+extern char *CIL_KEY_SIDCONTEXT;
+extern char *CIL_KEY_SIDORDER;
+extern char *CIL_KEY_USERLEVEL;
+extern char *CIL_KEY_USERRANGE;
+extern char *CIL_KEY_USERBOUNDS;
+extern char *CIL_KEY_USERPREFIX;
+extern char *CIL_KEY_SELINUXUSER;
+extern char *CIL_KEY_SELINUXUSERDEFAULT;
+extern char *CIL_KEY_TYPEATTRIBUTE;
+extern char *CIL_KEY_TYPEATTRIBUTESET;
+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+extern char *CIL_KEY_TYPEALIAS;
+extern char *CIL_KEY_TYPEALIASACTUAL;
+extern char *CIL_KEY_TYPEBOUNDS;
+extern char *CIL_KEY_TYPEPERMISSIVE;
+extern char *CIL_KEY_RANGETRANSITION;
+extern char *CIL_KEY_USERROLE;
+extern char *CIL_KEY_ROLETYPE;
+extern char *CIL_KEY_ROLETRANSITION;
+extern char *CIL_KEY_ROLEALLOW;
+extern char *CIL_KEY_ROLEATTRIBUTE;
+extern char *CIL_KEY_ROLEATTRIBUTESET;
+extern char *CIL_KEY_ROLEBOUNDS;
+extern char *CIL_KEY_BOOLEANIF;
+extern char *CIL_KEY_NEVERALLOW;
+extern char *CIL_KEY_TYPEMEMBER;
+extern char *CIL_KEY_SENSALIAS;
+extern char *CIL_KEY_SENSALIASACTUAL;
+extern char *CIL_KEY_CATALIAS;
+extern char *CIL_KEY_CATALIASACTUAL;
+extern char *CIL_KEY_CATORDER;
+extern char *CIL_KEY_SENSITIVITYORDER;
+extern char *CIL_KEY_SENSCAT;
+extern char *CIL_KEY_CONSTRAIN;
+extern char *CIL_KEY_MLSCONSTRAIN;
+extern char *CIL_KEY_VALIDATETRANS;
+extern char *CIL_KEY_MLSVALIDATETRANS;
+extern char *CIL_KEY_CONTEXT;
+extern char *CIL_KEY_FILECON;
+extern char *CIL_KEY_IBPKEYCON;
+extern char *CIL_KEY_IBENDPORTCON;
+extern char *CIL_KEY_PORTCON;
+extern char *CIL_KEY_NODECON;
+extern char *CIL_KEY_GENFSCON;
+extern char *CIL_KEY_NETIFCON;
+extern char *CIL_KEY_PIRQCON;
+extern char *CIL_KEY_IOMEMCON;
+extern char *CIL_KEY_IOPORTCON;
+extern char *CIL_KEY_PCIDEVICECON;
+extern char *CIL_KEY_DEVICETREECON;
+extern char *CIL_KEY_FSUSE;
+extern char *CIL_KEY_POLICYCAP;
+extern char *CIL_KEY_OPTIONAL;
+extern char *CIL_KEY_DEFAULTUSER;
+extern char *CIL_KEY_DEFAULTROLE;
+extern char *CIL_KEY_DEFAULTTYPE;
+extern char *CIL_KEY_ROOT;
+extern char *CIL_KEY_NODE;
+extern char *CIL_KEY_PERM;
+extern char *CIL_KEY_ALLOWX;
+extern char *CIL_KEY_AUDITALLOWX;
+extern char *CIL_KEY_DONTAUDITX;
+extern char *CIL_KEY_NEVERALLOWX;
+extern char *CIL_KEY_PERMISSIONX;
+extern char *CIL_KEY_IOCTL;
+extern char *CIL_KEY_UNORDERED;
+extern char *CIL_KEY_SRC_INFO;
+extern char *CIL_KEY_SRC_CIL;
+extern char *CIL_KEY_SRC_HLL;
+ 
+ /*
+        Symbol Table Array Indices
+-- 
+2.17.1
diff --git a/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch b/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
new file mode 100644
index 0000000..674fddd
--- /dev/null
+++ b/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
@@ -0,0 +1,65 @@
+From 3d32fc24d6aff360a538c63dad08ca5c957551b0 Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Thu, 23 Jan 2020 13:57:14 +0100
+Subject: [PATCH] libsepol: remove leftovers of cil_mem_error_handler
+Commit 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function
+pointer") replaced cil_mem_error_handler usage with inline contents of
+the default handler. However, it left over the header declaration and
+two callers. Convert these as well and remove the header declaration.
+This also fixes a build failure with -fno-common.
+Fixes: 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function pointer")
+Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
+Upstream-Status: Backport
+[https://github.com/SELinuxProject/selinux/commit/3d32fc24d6aff360a538c63dad08ca5c957551b0]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ cil/src/cil_mem.h     | 1 -
+ cil/src/cil_strpool.c | 8 ++++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+diff --git a/cil/src/cil_mem.h b/cil/src/cil_mem.h
+index 902ce131..794f02a3 100644
+--- a/cil/src/cil_mem.h
+++ b/cil/src/cil_mem.h
+@@ -36,7 +36,6 @@ void *cil_calloc(size_t num_elements, size_t element_size);
+ void *cil_realloc(void *ptr, size_t size);
+ char *cil_strdup(const char *str);
+ int cil_asprintf(char **strp, const char *fmt, ...);
+-void (*cil_mem_error_handler)(void);
+ 
+ #endif /* CIL_MEM_H_ */
+ 
+diff --git a/cil/src/cil_strpool.c b/cil/src/cil_strpool.c
+index 97d4c4b9..2598bbf3 100644
+--- a/cil/src/cil_strpool.c
+++ b/cil/src/cil_strpool.c
+@@ -80,8 +80,8 @@ char *cil_strpool_add(const char *str)
+                int rc = hashtab_insert(cil_strpool_tab, (hashtab_key_t)strpool_ref->str, strpool_ref);
+                if (rc != SEPOL_OK) {
+                        pthread_mutex_unlock(&cil_strpool_mutex);
+-                       (*cil_mem_error_handler)();
+-                       pthread_mutex_lock(&cil_strpool_mutex);
+                       cil_log(CIL_ERR, "Failed to allocate memory\n");
+                       exit(1);
+                }
+        }
+ 
+@@ -104,8 +104,8 @@ void cil_strpool_init(void)
+                cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
+                if (cil_strpool_tab == NULL) {
+                        pthread_mutex_unlock(&cil_strpool_mutex);
+-                       (*cil_mem_error_handler)();
+-                       return;
+                       cil_log(CIL_ERR, "Failed to allocate memory\n");
+                       exit(1);
+                }
+        }
+        cil_strpool_readers++;
+-- 
+2.17.1
diff --git a/recipes-security/selinux/libsepol_3.0.bb b/recipes-security/selinux/libsepol_3.0.bb
index 6c85256..58559d7 100644
--- a/recipes-security/selinux/libsepol_3.0.bb
+++ b/recipes-security/selinux/libsepol_3.0.bb
@@ -5,3 +5,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
 SRC_URI[md5sum] = "22ddb9994910cb9cfff5cb9663cb7ae7"
 SRC_URI[sha256sum] = "5b7ae1881909f1048b06f7a0c364c5c8a86ec12e0ec76e740fe9595a6033eb79"
+SRC_URI += "\
+        file://0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch \
+        file://0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch \
+        "

diff --git a/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch b/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch new file mode 100644 index 0000000..46c56a4 --- /dev/null +++ b/recipes-security/selinux/libsepol/0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch
@@ -0,0 +1,530 @@
		1	From a96e8c59ecac84096d870b42701a504791a8cc8c Mon Sep 17 00:00:00 2001
		2	From: Ondrej Mosnacek <omosnace@redhat.com>
		3	Date: Thu, 23 Jan 2020 13:57:13 +0100
		4	Subject: [PATCH] libsepol: fix CIL_KEY_* build errors with -fno-common
		5
		6	GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
		7	global variables to be defined only once in cil.c and declared in the
		8	header file correctly with the 'extern' keyword, so that other units
		9	including the file don't generate duplicate definitions.
		10
		11	Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
		12
		13	Upstream-Status: Backport
		14	[https://github.com/SELinuxProject/selinux/commit/a96e8c59ecac84096d870b42701a504791a8cc8c]
		15
		16	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		17	---
		18	cil/src/cil.c \| 162 ++++++++++++++++
		19	cil/src/cil_internal.h \| 322 ++++++++++++++++----------------
		20	2 files changed, 323 insertions(+), 161 deletions(-)
		21
		22	diff --git a/cil/src/cil.c b/cil/src/cil.c
		23	index de729cf8..d222ad3a 100644
		24	--- a/cil/src/cil.c
		25	+++ b/cil/src/cil.c
		26	@@ -77,6 +77,168 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL_SYM_NUM] = {
		27	{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
		28	};
		29
		30	+char *CIL_KEY_CONS_T1;
		31	+char *CIL_KEY_CONS_T2;
		32	+char *CIL_KEY_CONS_T3;
		33	+char *CIL_KEY_CONS_R1;
		34	+char *CIL_KEY_CONS_R2;
		35	+char *CIL_KEY_CONS_R3;
		36	+char *CIL_KEY_CONS_U1;
		37	+char *CIL_KEY_CONS_U2;
		38	+char *CIL_KEY_CONS_U3;
		39	+char *CIL_KEY_CONS_L1;
		40	+char *CIL_KEY_CONS_L2;
		41	+char *CIL_KEY_CONS_H1;
		42	+char *CIL_KEY_CONS_H2;
		43	+char *CIL_KEY_AND;
		44	+char *CIL_KEY_OR;
		45	+char *CIL_KEY_NOT;
		46	+char *CIL_KEY_EQ;
		47	+char *CIL_KEY_NEQ;
		48	+char *CIL_KEY_CONS_DOM;
		49	+char *CIL_KEY_CONS_DOMBY;
		50	+char *CIL_KEY_CONS_INCOMP;
		51	+char *CIL_KEY_CONDTRUE;
		52	+char *CIL_KEY_CONDFALSE;
		53	+char *CIL_KEY_SELF;
		54	+char *CIL_KEY_OBJECT_R;
		55	+char *CIL_KEY_STAR;
		56	+char *CIL_KEY_TCP;
		57	+char *CIL_KEY_UDP;
		58	+char *CIL_KEY_DCCP;
		59	+char *CIL_KEY_SCTP;
		60	+char *CIL_KEY_AUDITALLOW;
		61	+char *CIL_KEY_TUNABLEIF;
		62	+char *CIL_KEY_ALLOW;
		63	+char *CIL_KEY_DONTAUDIT;
		64	+char *CIL_KEY_TYPETRANSITION;
		65	+char *CIL_KEY_TYPECHANGE;
		66	+char *CIL_KEY_CALL;
		67	+char *CIL_KEY_TUNABLE;
		68	+char *CIL_KEY_XOR;
		69	+char *CIL_KEY_ALL;
		70	+char *CIL_KEY_RANGE;
		71	+char *CIL_KEY_GLOB;
		72	+char *CIL_KEY_FILE;
		73	+char *CIL_KEY_DIR;
		74	+char *CIL_KEY_CHAR;
		75	+char *CIL_KEY_BLOCK;
		76	+char *CIL_KEY_SOCKET;
		77	+char *CIL_KEY_PIPE;
		78	+char *CIL_KEY_SYMLINK;
		79	+char *CIL_KEY_ANY;
		80	+char *CIL_KEY_XATTR;
		81	+char *CIL_KEY_TASK;
		82	+char *CIL_KEY_TRANS;
		83	+char *CIL_KEY_TYPE;
		84	+char *CIL_KEY_ROLE;
		85	+char *CIL_KEY_USER;
		86	+char *CIL_KEY_USERATTRIBUTE;
		87	+char *CIL_KEY_USERATTRIBUTESET;
		88	+char *CIL_KEY_SENSITIVITY;
		89	+char *CIL_KEY_CATEGORY;
		90	+char *CIL_KEY_CATSET;
		91	+char *CIL_KEY_LEVEL;
		92	+char *CIL_KEY_LEVELRANGE;
		93	+char *CIL_KEY_CLASS;
		94	+char *CIL_KEY_IPADDR;
		95	+char *CIL_KEY_MAP_CLASS;
		96	+char *CIL_KEY_CLASSPERMISSION;
		97	+char *CIL_KEY_BOOL;
		98	+char *CIL_KEY_STRING;
		99	+char *CIL_KEY_NAME;
		100	+char *CIL_KEY_SOURCE;
		101	+char *CIL_KEY_TARGET;
		102	+char *CIL_KEY_LOW;
		103	+char *CIL_KEY_HIGH;
		104	+char *CIL_KEY_LOW_HIGH;
		105	+char *CIL_KEY_GLBLUB;
		106	+char *CIL_KEY_HANDLEUNKNOWN;
		107	+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
		108	+char *CIL_KEY_HANDLEUNKNOWN_DENY;
		109	+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
		110	+char *CIL_KEY_MACRO;
		111	+char *CIL_KEY_IN;
		112	+char *CIL_KEY_MLS;
		113	+char *CIL_KEY_DEFAULTRANGE;
		114	+char *CIL_KEY_BLOCKINHERIT;
		115	+char *CIL_KEY_BLOCKABSTRACT;
		116	+char *CIL_KEY_CLASSORDER;
		117	+char *CIL_KEY_CLASSMAPPING;
		118	+char *CIL_KEY_CLASSPERMISSIONSET;
		119	+char *CIL_KEY_COMMON;
		120	+char *CIL_KEY_CLASSCOMMON;
		121	+char *CIL_KEY_SID;
		122	+char *CIL_KEY_SIDCONTEXT;
		123	+char *CIL_KEY_SIDORDER;
		124	+char *CIL_KEY_USERLEVEL;
		125	+char *CIL_KEY_USERRANGE;
		126	+char *CIL_KEY_USERBOUNDS;
		127	+char *CIL_KEY_USERPREFIX;
		128	+char *CIL_KEY_SELINUXUSER;
		129	+char *CIL_KEY_SELINUXUSERDEFAULT;
		130	+char *CIL_KEY_TYPEATTRIBUTE;
		131	+char *CIL_KEY_TYPEATTRIBUTESET;
		132	+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
		133	+char *CIL_KEY_TYPEALIAS;
		134	+char *CIL_KEY_TYPEALIASACTUAL;
		135	+char *CIL_KEY_TYPEBOUNDS;
		136	+char *CIL_KEY_TYPEPERMISSIVE;
		137	+char *CIL_KEY_RANGETRANSITION;
		138	+char *CIL_KEY_USERROLE;
		139	+char *CIL_KEY_ROLETYPE;
		140	+char *CIL_KEY_ROLETRANSITION;
		141	+char *CIL_KEY_ROLEALLOW;
		142	+char *CIL_KEY_ROLEATTRIBUTE;
		143	+char *CIL_KEY_ROLEATTRIBUTESET;
		144	+char *CIL_KEY_ROLEBOUNDS;
		145	+char *CIL_KEY_BOOLEANIF;
		146	+char *CIL_KEY_NEVERALLOW;
		147	+char *CIL_KEY_TYPEMEMBER;
		148	+char *CIL_KEY_SENSALIAS;
		149	+char *CIL_KEY_SENSALIASACTUAL;
		150	+char *CIL_KEY_CATALIAS;
		151	+char *CIL_KEY_CATALIASACTUAL;
		152	+char *CIL_KEY_CATORDER;
		153	+char *CIL_KEY_SENSITIVITYORDER;
		154	+char *CIL_KEY_SENSCAT;
		155	+char *CIL_KEY_CONSTRAIN;
		156	+char *CIL_KEY_MLSCONSTRAIN;
		157	+char *CIL_KEY_VALIDATETRANS;
		158	+char *CIL_KEY_MLSVALIDATETRANS;
		159	+char *CIL_KEY_CONTEXT;
		160	+char *CIL_KEY_FILECON;
		161	+char *CIL_KEY_IBPKEYCON;
		162	+char *CIL_KEY_IBENDPORTCON;
		163	+char *CIL_KEY_PORTCON;
		164	+char *CIL_KEY_NODECON;
		165	+char *CIL_KEY_GENFSCON;
		166	+char *CIL_KEY_NETIFCON;
		167	+char *CIL_KEY_PIRQCON;
		168	+char *CIL_KEY_IOMEMCON;
		169	+char *CIL_KEY_IOPORTCON;
		170	+char *CIL_KEY_PCIDEVICECON;
		171	+char *CIL_KEY_DEVICETREECON;
		172	+char *CIL_KEY_FSUSE;
		173	+char *CIL_KEY_POLICYCAP;
		174	+char *CIL_KEY_OPTIONAL;
		175	+char *CIL_KEY_DEFAULTUSER;
		176	+char *CIL_KEY_DEFAULTROLE;
		177	+char *CIL_KEY_DEFAULTTYPE;
		178	+char *CIL_KEY_ROOT;
		179	+char *CIL_KEY_NODE;
		180	+char *CIL_KEY_PERM;
		181	+char *CIL_KEY_ALLOWX;
		182	+char *CIL_KEY_AUDITALLOWX;
		183	+char *CIL_KEY_DONTAUDITX;
		184	+char *CIL_KEY_NEVERALLOWX;
		185	+char *CIL_KEY_PERMISSIONX;
		186	+char *CIL_KEY_IOCTL;
		187	+char *CIL_KEY_UNORDERED;
		188	+char *CIL_KEY_SRC_INFO;
		189	+char *CIL_KEY_SRC_CIL;
		190	+char *CIL_KEY_SRC_HLL;
		191	+
		192	static void cil_init_keys(void)
		193	{
		194	/* Initialize CIL Keys into strpool */
		195	diff --git a/cil/src/cil_internal.h b/cil/src/cil_internal.h
		196	index 30fab649..9bdcbdd0 100644
		197	--- a/cil/src/cil_internal.h
		198	+++ b/cil/src/cil_internal.h
		199	@@ -74,167 +74,167 @@ enum cil_pass {
		200	/*
		201	Keywords
		202	*/
		203	-char *CIL_KEY_CONS_T1;
		204	-char *CIL_KEY_CONS_T2;
		205	-char *CIL_KEY_CONS_T3;
		206	-char *CIL_KEY_CONS_R1;
		207	-char *CIL_KEY_CONS_R2;
		208	-char *CIL_KEY_CONS_R3;
		209	-char *CIL_KEY_CONS_U1;
		210	-char *CIL_KEY_CONS_U2;
		211	-char *CIL_KEY_CONS_U3;
		212	-char *CIL_KEY_CONS_L1;
		213	-char *CIL_KEY_CONS_L2;
		214	-char *CIL_KEY_CONS_H1;
		215	-char *CIL_KEY_CONS_H2;
		216	-char *CIL_KEY_AND;
		217	-char *CIL_KEY_OR;
		218	-char *CIL_KEY_NOT;
		219	-char *CIL_KEY_EQ;
		220	-char *CIL_KEY_NEQ;
		221	-char *CIL_KEY_CONS_DOM;
		222	-char *CIL_KEY_CONS_DOMBY;
		223	-char *CIL_KEY_CONS_INCOMP;
		224	-char *CIL_KEY_CONDTRUE;
		225	-char *CIL_KEY_CONDFALSE;
		226	-char *CIL_KEY_SELF;
		227	-char *CIL_KEY_OBJECT_R;
		228	-char *CIL_KEY_STAR;
		229	-char *CIL_KEY_TCP;
		230	-char *CIL_KEY_UDP;
		231	-char *CIL_KEY_DCCP;
		232	-char *CIL_KEY_SCTP;
		233	-char *CIL_KEY_AUDITALLOW;
		234	-char *CIL_KEY_TUNABLEIF;
		235	-char *CIL_KEY_ALLOW;
		236	-char *CIL_KEY_DONTAUDIT;
		237	-char *CIL_KEY_TYPETRANSITION;
		238	-char *CIL_KEY_TYPECHANGE;
		239	-char *CIL_KEY_CALL;
		240	-char *CIL_KEY_TUNABLE;
		241	-char *CIL_KEY_XOR;
		242	-char *CIL_KEY_ALL;
		243	-char *CIL_KEY_RANGE;
		244	-char *CIL_KEY_GLOB;
		245	-char *CIL_KEY_FILE;
		246	-char *CIL_KEY_DIR;
		247	-char *CIL_KEY_CHAR;
		248	-char *CIL_KEY_BLOCK;
		249	-char *CIL_KEY_SOCKET;
		250	-char *CIL_KEY_PIPE;
		251	-char *CIL_KEY_SYMLINK;
		252	-char *CIL_KEY_ANY;
		253	-char *CIL_KEY_XATTR;
		254	-char *CIL_KEY_TASK;
		255	-char *CIL_KEY_TRANS;
		256	-char *CIL_KEY_TYPE;
		257	-char *CIL_KEY_ROLE;
		258	-char *CIL_KEY_USER;
		259	-char *CIL_KEY_USERATTRIBUTE;
		260	-char *CIL_KEY_USERATTRIBUTESET;
		261	-char *CIL_KEY_SENSITIVITY;
		262	-char *CIL_KEY_CATEGORY;
		263	-char *CIL_KEY_CATSET;
		264	-char *CIL_KEY_LEVEL;
		265	-char *CIL_KEY_LEVELRANGE;
		266	-char *CIL_KEY_CLASS;
		267	-char *CIL_KEY_IPADDR;
		268	-char *CIL_KEY_MAP_CLASS;
		269	-char *CIL_KEY_CLASSPERMISSION;
		270	-char *CIL_KEY_BOOL;
		271	-char *CIL_KEY_STRING;
		272	-char *CIL_KEY_NAME;
		273	-char *CIL_KEY_SOURCE;
		274	-char *CIL_KEY_TARGET;
		275	-char *CIL_KEY_LOW;
		276	-char *CIL_KEY_HIGH;
		277	-char *CIL_KEY_LOW_HIGH;
		278	-char *CIL_KEY_GLBLUB;
		279	-char *CIL_KEY_HANDLEUNKNOWN;
		280	-char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
		281	-char *CIL_KEY_HANDLEUNKNOWN_DENY;
		282	-char *CIL_KEY_HANDLEUNKNOWN_REJECT;
		283	-char *CIL_KEY_MACRO;
		284	-char *CIL_KEY_IN;
		285	-char *CIL_KEY_MLS;
		286	-char *CIL_KEY_DEFAULTRANGE;
		287	-char *CIL_KEY_BLOCKINHERIT;
		288	-char *CIL_KEY_BLOCKABSTRACT;
		289	-char *CIL_KEY_CLASSORDER;
		290	-char *CIL_KEY_CLASSMAPPING;
		291	-char *CIL_KEY_CLASSPERMISSIONSET;
		292	-char *CIL_KEY_COMMON;
		293	-char *CIL_KEY_CLASSCOMMON;
		294	-char *CIL_KEY_SID;
		295	-char *CIL_KEY_SIDCONTEXT;
		296	-char *CIL_KEY_SIDORDER;
		297	-char *CIL_KEY_USERLEVEL;
		298	-char *CIL_KEY_USERRANGE;
		299	-char *CIL_KEY_USERBOUNDS;
		300	-char *CIL_KEY_USERPREFIX;
		301	-char *CIL_KEY_SELINUXUSER;
		302	-char *CIL_KEY_SELINUXUSERDEFAULT;
		303	-char *CIL_KEY_TYPEATTRIBUTE;
		304	-char *CIL_KEY_TYPEATTRIBUTESET;
		305	-char *CIL_KEY_EXPANDTYPEATTRIBUTE;
		306	-char *CIL_KEY_TYPEALIAS;
		307	-char *CIL_KEY_TYPEALIASACTUAL;
		308	-char *CIL_KEY_TYPEBOUNDS;
		309	-char *CIL_KEY_TYPEPERMISSIVE;
		310	-char *CIL_KEY_RANGETRANSITION;
		311	-char *CIL_KEY_USERROLE;
		312	-char *CIL_KEY_ROLETYPE;
		313	-char *CIL_KEY_ROLETRANSITION;
		314	-char *CIL_KEY_ROLEALLOW;
		315	-char *CIL_KEY_ROLEATTRIBUTE;
		316	-char *CIL_KEY_ROLEATTRIBUTESET;
		317	-char *CIL_KEY_ROLEBOUNDS;
		318	-char *CIL_KEY_BOOLEANIF;
		319	-char *CIL_KEY_NEVERALLOW;
		320	-char *CIL_KEY_TYPEMEMBER;
		321	-char *CIL_KEY_SENSALIAS;
		322	-char *CIL_KEY_SENSALIASACTUAL;
		323	-char *CIL_KEY_CATALIAS;
		324	-char *CIL_KEY_CATALIASACTUAL;
		325	-char *CIL_KEY_CATORDER;
		326	-char *CIL_KEY_SENSITIVITYORDER;
		327	-char *CIL_KEY_SENSCAT;
		328	-char *CIL_KEY_CONSTRAIN;
		329	-char *CIL_KEY_MLSCONSTRAIN;
		330	-char *CIL_KEY_VALIDATETRANS;
		331	-char *CIL_KEY_MLSVALIDATETRANS;
		332	-char *CIL_KEY_CONTEXT;
		333	-char *CIL_KEY_FILECON;
		334	-char *CIL_KEY_IBPKEYCON;
		335	-char *CIL_KEY_IBENDPORTCON;
		336	-char *CIL_KEY_PORTCON;
		337	-char *CIL_KEY_NODECON;
		338	-char *CIL_KEY_GENFSCON;
		339	-char *CIL_KEY_NETIFCON;
		340	-char *CIL_KEY_PIRQCON;
		341	-char *CIL_KEY_IOMEMCON;
		342	-char *CIL_KEY_IOPORTCON;
		343	-char *CIL_KEY_PCIDEVICECON;
		344	-char *CIL_KEY_DEVICETREECON;
		345	-char *CIL_KEY_FSUSE;
		346	-char *CIL_KEY_POLICYCAP;
		347	-char *CIL_KEY_OPTIONAL;
		348	-char *CIL_KEY_DEFAULTUSER;
		349	-char *CIL_KEY_DEFAULTROLE;
		350	-char *CIL_KEY_DEFAULTTYPE;
		351	-char *CIL_KEY_ROOT;
		352	-char *CIL_KEY_NODE;
		353	-char *CIL_KEY_PERM;
		354	-char *CIL_KEY_ALLOWX;
		355	-char *CIL_KEY_AUDITALLOWX;
		356	-char *CIL_KEY_DONTAUDITX;
		357	-char *CIL_KEY_NEVERALLOWX;
		358	-char *CIL_KEY_PERMISSIONX;
		359	-char *CIL_KEY_IOCTL;
		360	-char *CIL_KEY_UNORDERED;
		361	-char *CIL_KEY_SRC_INFO;
		362	-char *CIL_KEY_SRC_CIL;
		363	-char *CIL_KEY_SRC_HLL;
		364	+extern char *CIL_KEY_CONS_T1;
		365	+extern char *CIL_KEY_CONS_T2;
		366	+extern char *CIL_KEY_CONS_T3;
		367	+extern char *CIL_KEY_CONS_R1;
		368	+extern char *CIL_KEY_CONS_R2;
		369	+extern char *CIL_KEY_CONS_R3;
		370	+extern char *CIL_KEY_CONS_U1;
		371	+extern char *CIL_KEY_CONS_U2;
		372	+extern char *CIL_KEY_CONS_U3;
		373	+extern char *CIL_KEY_CONS_L1;
		374	+extern char *CIL_KEY_CONS_L2;
		375	+extern char *CIL_KEY_CONS_H1;
		376	+extern char *CIL_KEY_CONS_H2;
		377	+extern char *CIL_KEY_AND;
		378	+extern char *CIL_KEY_OR;
		379	+extern char *CIL_KEY_NOT;
		380	+extern char *CIL_KEY_EQ;
		381	+extern char *CIL_KEY_NEQ;
		382	+extern char *CIL_KEY_CONS_DOM;
		383	+extern char *CIL_KEY_CONS_DOMBY;
		384	+extern char *CIL_KEY_CONS_INCOMP;
		385	+extern char *CIL_KEY_CONDTRUE;
		386	+extern char *CIL_KEY_CONDFALSE;
		387	+extern char *CIL_KEY_SELF;
		388	+extern char *CIL_KEY_OBJECT_R;
		389	+extern char *CIL_KEY_STAR;
		390	+extern char *CIL_KEY_TCP;
		391	+extern char *CIL_KEY_UDP;
		392	+extern char *CIL_KEY_DCCP;
		393	+extern char *CIL_KEY_SCTP;
		394	+extern char *CIL_KEY_AUDITALLOW;
		395	+extern char *CIL_KEY_TUNABLEIF;
		396	+extern char *CIL_KEY_ALLOW;
		397	+extern char *CIL_KEY_DONTAUDIT;
		398	+extern char *CIL_KEY_TYPETRANSITION;
		399	+extern char *CIL_KEY_TYPECHANGE;
		400	+extern char *CIL_KEY_CALL;
		401	+extern char *CIL_KEY_TUNABLE;
		402	+extern char *CIL_KEY_XOR;
		403	+extern char *CIL_KEY_ALL;
		404	+extern char *CIL_KEY_RANGE;
		405	+extern char *CIL_KEY_GLOB;
		406	+extern char *CIL_KEY_FILE;
		407	+extern char *CIL_KEY_DIR;
		408	+extern char *CIL_KEY_CHAR;
		409	+extern char *CIL_KEY_BLOCK;
		410	+extern char *CIL_KEY_SOCKET;
		411	+extern char *CIL_KEY_PIPE;
		412	+extern char *CIL_KEY_SYMLINK;
		413	+extern char *CIL_KEY_ANY;
		414	+extern char *CIL_KEY_XATTR;
		415	+extern char *CIL_KEY_TASK;
		416	+extern char *CIL_KEY_TRANS;
		417	+extern char *CIL_KEY_TYPE;
		418	+extern char *CIL_KEY_ROLE;
		419	+extern char *CIL_KEY_USER;
		420	+extern char *CIL_KEY_USERATTRIBUTE;
		421	+extern char *CIL_KEY_USERATTRIBUTESET;
		422	+extern char *CIL_KEY_SENSITIVITY;
		423	+extern char *CIL_KEY_CATEGORY;
		424	+extern char *CIL_KEY_CATSET;
		425	+extern char *CIL_KEY_LEVEL;
		426	+extern char *CIL_KEY_LEVELRANGE;
		427	+extern char *CIL_KEY_CLASS;
		428	+extern char *CIL_KEY_IPADDR;
		429	+extern char *CIL_KEY_MAP_CLASS;
		430	+extern char *CIL_KEY_CLASSPERMISSION;
		431	+extern char *CIL_KEY_BOOL;
		432	+extern char *CIL_KEY_STRING;
		433	+extern char *CIL_KEY_NAME;
		434	+extern char *CIL_KEY_SOURCE;
		435	+extern char *CIL_KEY_TARGET;
		436	+extern char *CIL_KEY_LOW;
		437	+extern char *CIL_KEY_HIGH;
		438	+extern char *CIL_KEY_LOW_HIGH;
		439	+extern char *CIL_KEY_GLBLUB;
		440	+extern char *CIL_KEY_HANDLEUNKNOWN;
		441	+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
		442	+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
		443	+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
		444	+extern char *CIL_KEY_MACRO;
		445	+extern char *CIL_KEY_IN;
		446	+extern char *CIL_KEY_MLS;
		447	+extern char *CIL_KEY_DEFAULTRANGE;
		448	+extern char *CIL_KEY_BLOCKINHERIT;
		449	+extern char *CIL_KEY_BLOCKABSTRACT;
		450	+extern char *CIL_KEY_CLASSORDER;
		451	+extern char *CIL_KEY_CLASSMAPPING;
		452	+extern char *CIL_KEY_CLASSPERMISSIONSET;
		453	+extern char *CIL_KEY_COMMON;
		454	+extern char *CIL_KEY_CLASSCOMMON;
		455	+extern char *CIL_KEY_SID;
		456	+extern char *CIL_KEY_SIDCONTEXT;
		457	+extern char *CIL_KEY_SIDORDER;
		458	+extern char *CIL_KEY_USERLEVEL;
		459	+extern char *CIL_KEY_USERRANGE;
		460	+extern char *CIL_KEY_USERBOUNDS;
		461	+extern char *CIL_KEY_USERPREFIX;
		462	+extern char *CIL_KEY_SELINUXUSER;
		463	+extern char *CIL_KEY_SELINUXUSERDEFAULT;
		464	+extern char *CIL_KEY_TYPEATTRIBUTE;
		465	+extern char *CIL_KEY_TYPEATTRIBUTESET;
		466	+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
		467	+extern char *CIL_KEY_TYPEALIAS;
		468	+extern char *CIL_KEY_TYPEALIASACTUAL;
		469	+extern char *CIL_KEY_TYPEBOUNDS;
		470	+extern char *CIL_KEY_TYPEPERMISSIVE;
		471	+extern char *CIL_KEY_RANGETRANSITION;
		472	+extern char *CIL_KEY_USERROLE;
		473	+extern char *CIL_KEY_ROLETYPE;
		474	+extern char *CIL_KEY_ROLETRANSITION;
		475	+extern char *CIL_KEY_ROLEALLOW;
		476	+extern char *CIL_KEY_ROLEATTRIBUTE;
		477	+extern char *CIL_KEY_ROLEATTRIBUTESET;
		478	+extern char *CIL_KEY_ROLEBOUNDS;
		479	+extern char *CIL_KEY_BOOLEANIF;
		480	+extern char *CIL_KEY_NEVERALLOW;
		481	+extern char *CIL_KEY_TYPEMEMBER;
		482	+extern char *CIL_KEY_SENSALIAS;
		483	+extern char *CIL_KEY_SENSALIASACTUAL;
		484	+extern char *CIL_KEY_CATALIAS;
		485	+extern char *CIL_KEY_CATALIASACTUAL;
		486	+extern char *CIL_KEY_CATORDER;
		487	+extern char *CIL_KEY_SENSITIVITYORDER;
		488	+extern char *CIL_KEY_SENSCAT;
		489	+extern char *CIL_KEY_CONSTRAIN;
		490	+extern char *CIL_KEY_MLSCONSTRAIN;
		491	+extern char *CIL_KEY_VALIDATETRANS;
		492	+extern char *CIL_KEY_MLSVALIDATETRANS;
		493	+extern char *CIL_KEY_CONTEXT;
		494	+extern char *CIL_KEY_FILECON;
		495	+extern char *CIL_KEY_IBPKEYCON;
		496	+extern char *CIL_KEY_IBENDPORTCON;
		497	+extern char *CIL_KEY_PORTCON;
		498	+extern char *CIL_KEY_NODECON;
		499	+extern char *CIL_KEY_GENFSCON;
		500	+extern char *CIL_KEY_NETIFCON;
		501	+extern char *CIL_KEY_PIRQCON;
		502	+extern char *CIL_KEY_IOMEMCON;
		503	+extern char *CIL_KEY_IOPORTCON;
		504	+extern char *CIL_KEY_PCIDEVICECON;
		505	+extern char *CIL_KEY_DEVICETREECON;
		506	+extern char *CIL_KEY_FSUSE;
		507	+extern char *CIL_KEY_POLICYCAP;
		508	+extern char *CIL_KEY_OPTIONAL;
		509	+extern char *CIL_KEY_DEFAULTUSER;
		510	+extern char *CIL_KEY_DEFAULTROLE;
		511	+extern char *CIL_KEY_DEFAULTTYPE;
		512	+extern char *CIL_KEY_ROOT;
		513	+extern char *CIL_KEY_NODE;
		514	+extern char *CIL_KEY_PERM;
		515	+extern char *CIL_KEY_ALLOWX;
		516	+extern char *CIL_KEY_AUDITALLOWX;
		517	+extern char *CIL_KEY_DONTAUDITX;
		518	+extern char *CIL_KEY_NEVERALLOWX;
		519	+extern char *CIL_KEY_PERMISSIONX;
		520	+extern char *CIL_KEY_IOCTL;
		521	+extern char *CIL_KEY_UNORDERED;
		522	+extern char *CIL_KEY_SRC_INFO;
		523	+extern char *CIL_KEY_SRC_CIL;
		524	+extern char *CIL_KEY_SRC_HLL;
		525
		526	/*
		527	Symbol Table Array Indices
		528	--
		529	2.17.1
		530


diff --git a/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch b/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch new file mode 100644 index 0000000..674fddd --- /dev/null +++ b/recipes-security/selinux/libsepol/0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch
@@ -0,0 +1,65 @@
		1	From 3d32fc24d6aff360a538c63dad08ca5c957551b0 Mon Sep 17 00:00:00 2001
		2	From: Ondrej Mosnacek <omosnace@redhat.com>
		3	Date: Thu, 23 Jan 2020 13:57:14 +0100
		4	Subject: [PATCH] libsepol: remove leftovers of cil_mem_error_handler
		5
		6	Commit 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function
		7	pointer") replaced cil_mem_error_handler usage with inline contents of
		8	the default handler. However, it left over the header declaration and
		9	two callers. Convert these as well and remove the header declaration.
		10
		11	This also fixes a build failure with -fno-common.
		12
		13	Fixes: 4459d635b8f1 ("libsepol: Remove cil_mem_error_handler() function pointer")
		14	Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
		15
		16	Upstream-Status: Backport
		17	[https://github.com/SELinuxProject/selinux/commit/3d32fc24d6aff360a538c63dad08ca5c957551b0]
		18
		19	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		20	---
		21	cil/src/cil_mem.h \| 1 -
		22	cil/src/cil_strpool.c \| 8 ++++----
		23	2 files changed, 4 insertions(+), 5 deletions(-)
		24
		25	diff --git a/cil/src/cil_mem.h b/cil/src/cil_mem.h
		26	index 902ce131..794f02a3 100644
		27	--- a/cil/src/cil_mem.h
		28	+++ b/cil/src/cil_mem.h
		29	@@ -36,7 +36,6 @@ void *cil_calloc(size_t num_elements, size_t element_size);
		30	void cil_realloc(void ptr, size_t size);
		31	char cil_strdup(const char str);
		32	int cil_asprintf(char *strp, const char fmt, ...);
		33	-void (*cil_mem_error_handler)(void);
		34
		35	#endif /* CIL_MEM_H_ */
		36
		37	diff --git a/cil/src/cil_strpool.c b/cil/src/cil_strpool.c
		38	index 97d4c4b9..2598bbf3 100644
		39	--- a/cil/src/cil_strpool.c
		40	+++ b/cil/src/cil_strpool.c
		41	@@ -80,8 +80,8 @@ char cil_strpool_add(const char str)
		42	int rc = hashtab_insert(cil_strpool_tab, (hashtab_key_t)strpool_ref->str, strpool_ref);
		43	if (rc != SEPOL_OK) {
		44	pthread_mutex_unlock(&cil_strpool_mutex);
		45	- (*cil_mem_error_handler)();
		46	- pthread_mutex_lock(&cil_strpool_mutex);
		47	+ cil_log(CIL_ERR, "Failed to allocate memory\n");
		48	+ exit(1);
		49	}
		50	}
		51
		52	@@ -104,8 +104,8 @@ void cil_strpool_init(void)
		53	cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
		54	if (cil_strpool_tab == NULL) {
		55	pthread_mutex_unlock(&cil_strpool_mutex);
		56	- (*cil_mem_error_handler)();
		57	- return;
		58	+ cil_log(CIL_ERR, "Failed to allocate memory\n");
		59	+ exit(1);
		60	}
		61	}
		62	cil_strpool_readers++;
		63	--
		64	2.17.1
		65


diff --git a/recipes-security/selinux/libsepol_3.0.bb b/recipes-security/selinux/libsepol_3.0.bb index 6c85256..58559d7 100644 --- a/recipes-security/selinux/libsepol_3.0.bb +++ b/recipes-security/selinux/libsepol_3.0.bb
@@ -5,3 +5,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=a6f89e2100d9b6cdffcea4f398e37343"
5		5
6	SRC_URI[md5sum] = "22ddb9994910cb9cfff5cb9663cb7ae7"	6	SRC_URI[md5sum] = "22ddb9994910cb9cfff5cb9663cb7ae7"
7	SRC_URI[sha256sum] = "5b7ae1881909f1048b06f7a0c364c5c8a86ec12e0ec76e740fe9595a6033eb79"	7	SRC_URI[sha256sum] = "5b7ae1881909f1048b06f7a0c364c5c8a86ec12e0ec76e740fe9595a6033eb79"
		8
		9	SRC_URI += "\
		10	file://0001-libsepol-fix-CIL_KEY_-build-errors-with-fno-common.patch \
		11	file://0001-libsepol-remove-leftovers-of-cil_mem_error_handler.patch \
		12	"