diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.26/include/selinux/selinux.h

--- nsalibselinux/include/selinux/selinux.h	2005-09-01 11:17:40.000000000 -0400

+++ libselinux-1.26/include/selinux/selinux.h	2005-09-12 17:05:36.000000000 -0400

@@ -304,6 +304,12 @@

 extern int selinux_getenforcemode(int *enforce);

 /*

+  selinux_getpolicytype reads the /etc/selinux/config file and determines 

+  whether the policy tyep for this machine, type must be freed.

+ */

+extern void selinux_getpolicytype(char **type);

+

+/*

   selinux_policy_root reads the /etc/selinux/config file and returns 

   the directory path under which the compiled policy file and context 

   configuration files exist.

diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.26/src/init.c

--- nsalibselinux/src/init.c	2005-09-01 13:21:11.000000000 -0400

+++ libselinux-1.26/src/init.c	2005-09-12 17:13:20.000000000 -0400

@@ -8,6 +8,7 @@

 #include <asm/page.h>

 #include <stdio.h>

 #include <dlfcn.h>

+#include <limits.h>

 #include "dso.h"

 #include "policy.h"

@@ -85,9 +86,14 @@

 static void init_translations(void)

 {

 #ifdef SHARED

+	char *path[PATH_MAX];

+	char *type=NULL;

 	int (*lib_trans_init)(void) = NULL;

-

-	translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);

+	selinux_getpolicytype(&type);

+	if (!type) return;

+	snprintf(path, PATH_MAX-1, "/$LIB/selinux/%s/libsetrans.so.0", type);

+	free(type);

+	translation_lib_handle = dlopen(path, RTLD_NOW);

 	if (!translation_lib_handle)

 		return;

diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.26/src/matchpathcon.c

--- nsalibselinux/src/matchpathcon.c	2005-08-24 09:07:11.000000000 -0400

+++ libselinux-1.26/src/matchpathcon.c	2005-09-12 17:05:37.000000000 -0400

@@ -25,6 +25,20 @@

 	va_end(ap);

 }

+#define STRIP_LEVEL(CON) \

+		if (! mls_enabled) { \

+			int i=0; \

+			int ctr=0; \

+			while (CON[i]) { \

+				if (CON[i] == ':') ctr++; \

+				if (ctr==3) { \

+				  CON[i]=0; \

+				  break; \

+				} \

+				i++; \

+			} \

+		} 

+

 static void (*myprintf)(const char *fmt, ...) = &default_printf;

 void set_matchpathcon_printf(void (*f)(const char *fmt, ...))

@@ -415,7 +429,7 @@

 	}

 	return;

 }

-static int process_line( const char *path, char *line_buf, int pass, unsigned lineno) {

+static int process_line( const char *path, char *line_buf, int pass, unsigned lineno, int mls_enabled) {

 	int items, len, regerr;

 	char *buf_p;

 	char *regex, *type, *context;

@@ -438,6 +452,7 @@

 	} else if (items == 2) {

 		/* The type field is optional. */

 		free(context);

+		STRIP_LEVEL(type)

 		context = type;

 		type = 0;

 	}

@@ -510,7 +525,7 @@

 		}

 	skip_type:

-		

+		STRIP_LEVEL(context)

 		spec_arr[nspec].context = context;

 		if (strcmp(context, "<<none>>")) {

@@ -557,6 +572,7 @@

 	unsigned int lineno, pass, i, j, maxnspec;

 	spec_t *spec_copy=NULL;

 	int status=-1;

+	int mls_enabled=is_selinux_mls_enabled();

 	/* Open the specification file. */

 	if (!path)

@@ -590,20 +606,20 @@

 		lineno = 0;

 		nspec = 0;

 		while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {

-			if (process_line(path, line_buf, pass, ++lineno) != 0)

+			if (process_line(path, line_buf, pass, ++lineno, mls_enabled) != 0)

 				goto finish;

 		}

 		lineno = 0;

 		if (homedirfp) 

 			while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {

-				if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)

+				if (process_line(homedir_path, line_buf, pass, ++lineno, mls_enabled) != 0)

 					goto finish;

 			}

 		lineno = 0;

 		if (localfp) 

 			while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {

-				if (process_line(local_path, line_buf, pass, ++lineno) != 0)

+				if (process_line(local_path, line_buf, pass, ++lineno, mls_enabled) != 0)

 					goto finish;

 			}

diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.26/src/selinux_config.c

--- nsalibselinux/src/selinux_config.c	2005-03-17 14:56:21.000000000 -0500

+++ libselinux-1.26/src/selinux_config.c	2005-09-13 12:46:22.682193000 -0400

@@ -85,6 +85,29 @@

 static int use_compat_file_path;

+void selinux_getpolicytype(char **rtype) {

+	char *type=SELINUXDEFAULT;

+	char buf[4097];

+	int i=0;

+	int len=sizeof(SELINUXTYPETAG)-1;

+	FILE *cfg = fopen(SELINUXCONFIG,"r");

+	if (cfg) {

+		while (fgets_unlocked(buf, 4096, cfg)) {

+			if (strncmp(buf,SELINUXTYPETAG,len)==0) {

+				type=buf+len;

+				break;

+			}

+		}

+		fclose(cfg);

+	}

+	i=strlen(type)-1;

+	while ((i>=0) && 

+	       (isspace(type[i]) || iscntrl(type[i]))) {

+		type[i]=0;

+		i--;

+	}

+	*rtype=strdup(type);

+}

 int selinux_getenforcemode(int *enforce) {

   int ret=-1;

   FILE *cfg = fopen(SELINUXCONFIG,"r");

@@ -122,38 +145,24 @@

 static void init_selinux_policyroot(void)

 {

-  char *type=SELINUXDEFAULT;

-  int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;

-  char buf[4097];

-  FILE *cfg;

+  char *type=NULL;

+  int i=0, len, len2;

   if (selinux_policyroot) return;

   if (access(SELINUXDIR, F_OK) != 0) {

 	  selinux_policyroot = SECURITYDIR;

 	  use_compat_file_path = 1;

 	  return;

   }

-  cfg = fopen(SELINUXCONFIG,"r");

-  if (cfg) {

-    while (fgets_unlocked(buf, 4096, cfg)) {

-      if (strncmp(buf,SELINUXTYPETAG,len)==0) {

-	type=buf+len;

-	break;

-      }

-    }

-    fclose(cfg);

-  }

-  i=strlen(type)-1;

-  while ((i>=0) && 

-	 (isspace(type[i]) || iscntrl(type[i]))) {

-    type[i]=0;

-    i--;

-  }

+  selinux_getpolicytype(&type);

+  if (!type) return;

   len=sizeof(SELINUXDIR) + strlen(type);

   selinux_policyroot=malloc(len);

-  if (!selinux_policyroot)

+  if (!selinux_policyroot) {

+	  free(type);

 	  return;

+  }

   snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);

-  

+  free(type);

   for (i = 0; i < NEL; i++) {

 	  len2 = len + strlen(file_path_suffixes_data.str

 			      + file_path_suffixes_idx[i])+1;