From ee8c867b33ec69e40c4a58e08ec4e8aa764d3c66 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Jan 24 2014 16:10:54 +0000
Subject: Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go


- Add Int_to_mcs function to generate MCS labels from integers.

---

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index 2f74652..933a820 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -10,14 +10,14 @@ index fd4f0b1..51469bc 100644
  DISABLE_SETRANS ?= n
 diff --git a/libselinux/golang/Makefile b/libselinux/golang/Makefile
 new file mode 100644
-index 0000000..e0be66f
+index 0000000..ad3e481
 --- /dev/null
 +++ b/libselinux/golang/Makefile
 @@ -0,0 +1,17 @@
 +# Installation directories.
 +PREFIX ?= $(DESTDIR)/usr
-+GODIR ?= $(PREFIX)/share/gocode/src/selinux
-+
++LIBDIR ?= $(DESTDIR)/usr/lib
++GODIR ?= $(LIBDIR)/golang/src/pkg/github.com/selinux
 +all:
 +
 +install: 
@@ -33,10 +33,10 @@ index 0000000..e0be66f
 +relabel:
 diff --git a/libselinux/golang/selinux.go b/libselinux/golang/selinux.go
 new file mode 100644
-index 0000000..018c955
+index 0000000..9e7fdb3
 --- /dev/null
 +++ b/libselinux/golang/selinux.go
-@@ -0,0 +1,282 @@
+@@ -0,0 +1,302 @@
 +package selinux
 +
 +/*
@@ -183,6 +183,24 @@ index 0000000..018c955
 +	return mcs_list[mcs] 
 +}
 +
++func Int_to_mcs(id int, catRange uint32) string {
++        if ((id < 1) || (id >523776)) {
++          return "";
++        }
++
++	SETSIZE := int(catRange);
++	TIER := SETSIZE;
++
++	ORD := id;
++	for ;ORD > TIER; {
++		ORD = ORD - TIER;
++		TIER -= 1;
++	}
++	TIER = SETSIZE - TIER;
++	ORD = ORD + TIER;
++	return fmt.Sprintf("s0:c%d,c%d", TIER, ORD);
++}
++
 +func uniq_mcs(catRange uint32) string {
 +	var n uint32
 +	var c1,c2 uint32
@@ -264,7 +282,7 @@ index 0000000..018c955
 +	}
 +exit:
 +	var scon Context
-+	mcs := uniq_mcs(1024)
++	mcs := Int_to_mcs(os.Getpid(), 1024)
 +	scon = New_context(process_label)
 +	scon.Set_level(mcs)
 +	process_label = scon.Get()
@@ -314,10 +332,12 @@ index 0000000..018c955
 +	} else {
 +		fmt.Println("Disabled")
 +	}
-+	fmt.Println(Selinux_getenforce())
-+	fmt.Println(Selinux_getenforcemode())
++	fmt.Println("getenforce ", Selinux_getenforce())
++	fmt.Println("getenforcemode ", Selinux_getenforcemode())
 +	flabel,_ = Matchpathcon("/home/dwalsh/.emacs", 0)
 +	fmt.Println(flabel)
++	pid := os.Getpid()
++	fmt.Printf("PID:%d MCS:%s\n", pid, Int_to_mcs(pid, 1023))
 +}
 diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
 index 02dd829..6dfdb46 100644
@@ -332,6 +352,134 @@ index 02dd829..6dfdb46 100644
  	ln -sf $@ $(TARGET) 
  
  $(LIBPC): $(LIBPC).in ../VERSION
+diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
+index 0b696bb..506e236 100644
+--- a/libselinux/src/avc_sidtab.c
++++ b/libselinux/src/avc_sidtab.c
+@@ -81,6 +81,11 @@ sidtab_context_to_sid(struct sidtab *s,
+ 	int hvalue, rc = 0;
+ 	struct sidtab_node *cur;
+ 
++	if (! ctx) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	*sid = NULL;
+ 	hvalue = sidtab_hash(ctx);
+ 
+diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
+index 176c45a..6075025 100644
+--- a/libselinux/src/canonicalize_context.c
++++ b/libselinux/src/canonicalize_context.c
+@@ -17,6 +17,11 @@ int security_canonicalize_context_raw(const security_context_t con,
+ 	size_t size;
+ 	int fd, ret;
+ 
++	if (! con) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	if (!selinux_mnt) {
+ 		errno = ENOENT;
+ 		return -1;
+diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c
+index 33ab5e3..1277bdd 100644
+--- a/libselinux/src/check_context.c
++++ b/libselinux/src/check_context.c
+@@ -14,6 +14,11 @@ int security_check_context_raw(const security_context_t con)
+ 	char path[PATH_MAX];
+ 	int fd, ret;
+ 
++	if (! con) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	if (!selinux_mnt) {
+ 		errno = ENOENT;
+ 		return -1;
+diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
+index 5962c0b..61ea454 100644
+--- a/libselinux/src/compute_av.c
++++ b/libselinux/src/compute_av.c
+@@ -26,6 +26,11 @@ int security_compute_av_flags_raw(const security_context_t scon,
+ 		return -1;
+ 	}
+ 
++	if ((! scon) || (! tcon)) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	snprintf(path, sizeof path, "%s/access", selinux_mnt);
+ 	fd = open(path, O_RDWR);
+ 	if (fd < 0)
+diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
+index 3c05be3..34a1ccd 100644
+--- a/libselinux/src/compute_create.c
++++ b/libselinux/src/compute_create.c
+@@ -64,6 +64,11 @@ int security_compute_create_name_raw(const security_context_t scon,
+ 		return -1;
+ 	}
+ 
++	if ((! scon) || (! tcon)) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	snprintf(path, sizeof path, "%s/create", selinux_mnt);
+ 	fd = open(path, O_RDWR);
+ 	if (fd < 0)
+diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
+index dad0a77..7850986 100644
+--- a/libselinux/src/compute_member.c
++++ b/libselinux/src/compute_member.c
+@@ -25,6 +25,11 @@ int security_compute_member_raw(const security_context_t scon,
+ 		return -1;
+ 	}
+ 
++	if ((! scon) || (! tcon)) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	snprintf(path, sizeof path, "%s/member", selinux_mnt);
+ 	fd = open(path, O_RDWR);
+ 	if (fd < 0)
+diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
+index 656f00a..2560e78 100644
+--- a/libselinux/src/compute_relabel.c
++++ b/libselinux/src/compute_relabel.c
+@@ -25,6 +25,11 @@ int security_compute_relabel_raw(const security_context_t scon,
+ 		return -1;
+ 	}
+ 
++	if ((! scon) || (! tcon)) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
+ 	fd = open(path, O_RDWR);
+ 	if (fd < 0)
+diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
+index 3b39ddd..af20735 100644
+--- a/libselinux/src/compute_user.c
++++ b/libselinux/src/compute_user.c
+@@ -24,6 +24,11 @@ int security_compute_user_raw(const security_context_t scon,
+ 		return -1;
+ 	}
+ 
++	if (! scon) {
++		errno=EINVAL;
++		return -1;
++	}
++
+ 	snprintf(path, sizeof path, "%s/user", selinux_mnt);
+ 	fd = open(path, O_RDWR);
+ 	if (fd < 0)
 diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
 index 9963f7a..37f9d74 100644
 --- a/libselinux/src/fsetfilecon.c
@@ -352,7 +500,7 @@ index 9963f7a..37f9d74 100644
  		security_context_t ccontext = NULL;
  		int err = errno;
 diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
-index e419f1a..fdeca93 100644
+index e419f1a..275672d 100644
 --- a/libselinux/src/load_policy.c
 +++ b/libselinux/src/load_policy.c
 @@ -16,6 +16,82 @@
diff --git a/libselinux.spec b/libselinux.spec
index d2fe0b0..a161bba 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -10,7 +10,7 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 2.2.2
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@@ -213,9 +213,9 @@ rm -rf %{buildroot}
 %defattr(-,root,root,-)
 %{_libdir}/libselinux.so
 %{_libdir}/pkgconfig/libselinux.pc
+%dir %{_libdir}/golang/src/pkg/github.com/selinux
+%{_libdir}/golang/src/pkg/github.com/selinux/selinux.go
 %dir %{_includedir}/selinux
-%dir %{_datadir}/gocode/src/selinux
-%{_datadir}/gocode/src/selinux/selinux.go
 %{_includedir}/selinux/*
 %{_mandir}/man3/*
 
@@ -243,6 +243,10 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 
 %changelog
+* Fri Jan 24 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-3
+- Move selinux.go to /usr/lib64/golang/src/pkg/github.com/selinux/selinux.go
+- Add Int_to_mcs function to generate MCS labels from integers.
+
 * Tue Jan 14 2014 Dan Walsh <dwalsh@redhat.com>  - 2.2.2-2
 - Add ghost flag for /var/run/setrans