From f9343ddbdd359fa7e4f48047e452ac14e76cee0f Mon Sep 17 00:00:00 2001
From: cvsdist <cvsdist@fedoraproject.org>
Date: Sep 09 2004 07:42:46 +0000
Subject: auto-import changelog data from libselinux-1.13-1.src.rpm

Mon May 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
- add man patch
Fri May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
- Update with latest from NSA

---

diff --git a/.cvsignore b/.cvsignore
index 0235283..652bee1 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-libselinux-1.11.4.tgz
+libselinux-1.13.tgz
diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
new file mode 100644
index 0000000..444a18a
--- /dev/null
+++ b/libselinux-rhat.patch
@@ -0,0 +1,323 @@
+--- /dev/null	2004-02-23 16:02:56.000000000 -0500
++++ libselinux-1.13/src/selinux_config.c	2004-05-26 15:03:15.506622384 -0400
+@@ -0,0 +1,119 @@
++#include <stdio.h>
++#include <string.h>
++#include <ctype.h>
++#include <stdlib.h>
++#include <limits.h>
++
++#define SELINUXDIR "/etc/selinux/"
++#define SELINUXDEFAULT "targeted"
++#define SELINUXTYPETAG "SELINUXTYPE="
++#define SELINUXTAG "SELINUX="
++
++static char *file_context=NULL;
++static char *default_type=NULL;
++static char *default_policy=NULL;
++static char *default_context=NULL;
++static char *failsafe_context=NULL;
++
++int selinux_getenforcemode(int *enforce) {
++  int ret=-1;
++  FILE *cfg = fopen("/etc/sysconfig/selinux","r");
++  char buf[4097];
++  int len=sizeof(SELINUXTAG)-1;
++  if (cfg) {
++    while (fgets(buf, 4096, cfg)) {
++      if (strncmp(buf,SELINUXTAG,len))
++	continue;
++      if (!strncmp(buf+len,"enforcing",sizeof("enforcing")-1)) {
++	*enforce = 1;
++	ret=0;
++	break;
++      } else if (!strncmp(buf+len,"permissive",sizeof("permissive")-1)) {
++	*enforce = 0;
++	ret=0;
++	break;
++      } else if (!strncmp(buf+len,"disabled",sizeof("disabled")-1)) {
++	*enforce = -1;
++	ret=0;
++	break;
++      }
++    }
++    fclose(cfg);
++  }
++  return ret;
++}
++
++static char *selinux_policyroot = NULL;
++
++static void init_selinux_policyroot(void) __attribute__ ((constructor));
++
++static void init_selinux_policyroot(void)
++{
++  char *type=SELINUXDEFAULT;
++  int i=0, len=sizeof(SELINUXTYPETAG)-1;
++  char buf[4097];
++  FILE *cfg;
++  if (selinux_policyroot) return;
++  cfg = fopen("/etc/sysconfig/selinux","r");
++  if (cfg) {
++    while (fgets(buf, 4096, cfg)) {
++      if (strncmp(buf,SELINUXTYPETAG,len))
++	continue;
++      type=buf+len;
++    }
++    fclose(cfg);
++  }
++  i=strlen(type)-1;
++  while ((i>=0) && 
++	 (isspace(type[i]) || iscntrl(type[i]))) {
++    type[i]=0;
++    i--;
++  }
++  len=sizeof(SELINUXDIR) + strlen(type);
++  selinux_policyroot=malloc(len);
++  snprintf(selinux_policyroot,len, "%s%s", SELINUXDIR, type);
++}
++
++char *selinux_default_type_path() {
++  if (!default_type) {
++    default_type=malloc(PATH_MAX);
++    snprintf(default_type, PATH_MAX, "%s/contexts/default_type", selinux_policyroot);
++  }
++  return default_type;
++}
++
++char *selinux_policy_root() {
++  return selinux_policyroot;
++}
++
++char *selinux_default_context_path() {
++  if (!default_context) {
++    default_context=malloc(PATH_MAX);
++    snprintf(default_context, PATH_MAX, "%s/contexts/default_contexts", selinux_policyroot);
++  }
++  return default_context;
++}
++
++char *selinux_failsafe_context_path() {
++  if (!failsafe_context) {
++    failsafe_context=malloc(PATH_MAX);
++    snprintf(failsafe_context, PATH_MAX, "%s/contexts/failsafe_contexts", selinux_policyroot);
++  }
++  return failsafe_context;
++}
++
++char *selinux_binary_policy_path() {
++  if (!default_policy) {
++    default_policy=malloc(PATH_MAX);
++    snprintf(default_policy, PATH_MAX, "%s/policy/policy", selinux_policyroot);
++  }
++  return default_policy;
++}
++
++char *selinux_file_context_path() {
++  if (!file_context) {
++    file_context=malloc(PATH_MAX);
++    snprintf(file_context, PATH_MAX-1, "%s/contexts/file_contexts", selinux_policyroot);
++  }
++  return file_context;
++}
+--- libselinux-1.13/src/matchpathcon.c.rhat	2004-05-25 08:52:21.000000000 -0400
++++ libselinux-1.13/src/matchpathcon.c	2004-05-26 14:36:00.588167768 -0400
+@@ -196,7 +196,7 @@
+ 	spec_t *spec_copy;
+ 
+ 	/* Open the specification file. */
+-	if ((fp = fopen(FILECONTEXTS, "r")) == NULL)
++	if ((fp = fopen(selinux_file_context_path(), "r")) == NULL)
+ 		return -1;
+ 
+ 	/* 
+--- libselinux-1.13/src/get_context_list.c.rhat	2004-05-25 08:52:21.000000000 -0400
++++ libselinux-1.13/src/get_context_list.c	2004-05-26 14:36:00.591167312 -0400
+@@ -255,7 +255,7 @@
+     }
+     else if (which == SYSTEMPRIORITY)
+     {
+-        config_file = fopen (_DEFCONTEXT_PATH, "r");
++        config_file = fopen (selinux_default_context_path(), "r");
+     }
+     else
+     {
+@@ -390,7 +390,7 @@
+ 	size_t plen, nlen;
+ 	int rc;
+ 
+-	fp = fopen(_FAILSAFECONTEXT_PATH, "r");
++	fp = fopen(selinux_failsafe_context_path(), "r");
+ 	if (!fp)
+ 		return -1;
+ 
+--- libselinux-1.13/src/get_default_type.c.rhat	2004-05-25 08:52:21.000000000 -0400
++++ libselinux-1.13/src/get_default_type.c	2004-05-26 14:36:00.593167008 -0400
+@@ -10,7 +10,7 @@
+ {
+   FILE* fp=NULL;
+     
+-  fp = fopen (_DEFTYPE_PATH, "r");
++  fp = fopen (selinux_default_type_path(), "r");
+   if (!fp)
+ 	  return -1;
+ 
+--- libselinux-1.13/include/selinux/get_default_type.h.rhat	2004-05-25 08:52:21.000000000 -0400
++++ libselinux-1.13/include/selinux/get_default_type.h	2004-05-26 14:37:35.995663624 -0400
+@@ -5,7 +5,7 @@
+ #ifndef _SELINUX_GET_DEFAULT_TYPE_H_
+ #define _SELINUX_GET_DEFAULT_TYPE_H_
+ 
+-#define _DEFTYPE_PATH "/etc/security/default_type"
++char *selinux_default_type_path();
+ 
+ /* Get the default type (domain) for 'role' and set 'type' to refer to it.
+    Caller must free via free().
+--- libselinux-1.13/include/selinux/selinux.h.rhat	2004-05-25 08:52:21.000000000 -0400
++++ libselinux-1.13/include/selinux/selinux.h	2004-05-26 15:06:05.799733896 -0400
+@@ -72,12 +72,6 @@
+ 
+ /* Wrappers for the selinuxfs (policy) API. */
+ 
+-/* Mount point for selinuxfs. */
+-#define SELINUXMNT "/selinux/"
+-
+-/* Default pathname for policy configuration, without version number. */
+-#define SELINUXPOLICY "/etc/security/selinux/policy"
+-
+ typedef unsigned int access_vector_t;
+ typedef unsigned short security_class_t;
+ 
+@@ -168,4 +162,22 @@
+ 		 mode_t mode,
+ 		 security_context_t *con);
+ 
++/*
++  selinux_getenforcemode reads the /etc/sysconfig/selinux file and determines 
++  whether the machine should be started in enforcing (1), permissive (0) or 
++  disabled (-1) mode.
++ */
++int selinux_getenforcemode(int *enforce);
++
++/*
++  selinux_policy_root is set within the init_selinux_policyroot constructor 
++  which reads the /etc/sysconfig/selinux file and determines 
++  where the compiled policy file and contexts files exist.
++ */
++char *selinux_policy_root();
++char *selinux_binary_policy_path();
++char *selinux_failsafe_context_path();
++char *selinux_default_context_path();
++char *selinux_file_context_path();
++
+ #endif
+--- libselinux-1.13/include/selinux/get_context_list.h.rhat	2004-05-25 08:52:21.000000000 -0400
++++ libselinux-1.13/include/selinux/get_context_list.h	2004-05-26 14:36:00.595166704 -0400
+@@ -3,8 +3,6 @@
+ 
+ #include <selinux/selinux.h>
+ 
+-#define _DEFCONTEXT_PATH "/etc/security/default_contexts"
+-#define _FAILSAFECONTEXT_PATH "/etc/security/failsafe_context"
+ #define SELINUX_DEFAULTUSER "user_u"
+ 
+ /* Get an ordered list of authorized security contexts for a user session
+--- /dev/null	2004-02-23 16:02:56.000000000 -0500
++++ libselinux-1.13/man/man3/selinux_policyroot.3	2004-05-26 14:36:00.596166552 -0400
+@@ -0,0 +1,17 @@
++.TH "selinux_policyroot" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
++.SH "NAME"
++selinux_policyroot \- return the path of the SELinux policy files for this machine.
++.SH "SYNOPSIS"
++.B #include <selinux/selinux.h>
++.sp
++.B char *selinux_policyroot();
++.br
++
++.SH "DESCRIPTION"
++.B selinux_policyroot
++Reads the contents of the /etc/sysconfig/selinux file to determine which policy files should be used for this machine.
++.SH "RETURN VALUE"
++On success, returns a directory path containing the SELinux policy files.
++On failure, NULL is returned.
++
++
+--- /dev/null	2004-02-23 16:02:56.000000000 -0500
++++ libselinux-1.13/man/man3/selinux_getenforcemode.3	2004-05-26 14:36:00.597166400 -0400
+@@ -0,0 +1,22 @@
++.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SE Linux API documentation"
++.SH "NAME"
++selinux_getenforcemode \- get the enforcing state of SE Linux
++.SH "SYNOPSIS"
++.B #include <selinux/selinux.h>
++.sp
++.B int selinux_getenforcemode(int *enforce);
++.br
++
++.SH "DESCRIPTION"
++.B selinux_getenforcemode
++Reads the contents of the /etc/sysconfig/selinux file to determine how the 
++system was setup to run SELinux.
++.br
++Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
++Sets the value of enforce to 0 if SELinux should be run in permissive mode.
++Sets the value of enforce to -1 if SELinux should be disabled.
++.SH "RETURN VALUE"
++On success, zero is returned.
++On failure, -1 is returned.
++
++
+--- /dev/null	2004-02-23 16:02:56.000000000 -0500
++++ libselinux-1.13/utils/getenforcemode.c	2004-05-26 14:36:00.598166248 -0400
+@@ -0,0 +1,31 @@
++#include <unistd.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <selinux/selinux.h>
++
++int main(int argc __attribute__ ((unused)), char **argv) 
++{
++	int ret;
++	int enforce;
++	ret = selinux_getenforcemode(&enforce);
++	if (ret) {
++		fprintf(stderr, "%s:  selinux_getenforcemode() failed\n", argv[0]);
++		exit(2);
++	}
++
++	switch(enforce) {
++	case 1:
++	  printf("Enforcing\n");
++	  break;
++
++	case 0:
++	  printf("Permissive\n");
++	  break;
++
++	case -1:
++	  printf("Disabled\n");
++	  break;
++
++	}
++	exit(0);
++}
+--- /dev/null	2004-02-23 16:02:56.000000000 -0500
++++ libselinux-1.13/utils/selinuxconfig.c	2004-05-26 15:05:07.827547008 -0400
+@@ -0,0 +1,17 @@
++#include <unistd.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <selinux/selinux.h>
++#include <selinux/get_default_type.h>
++
++int main(int argc __attribute__ ((unused)), char **argv) 
++{
++	printf("policypath=\"%s\"\n", selinux_policy_root());
++	printf("default_type_path=\"%s\"\n", selinux_default_type_path());
++	printf("default_context_path=\"%s\"\n", selinux_default_context_path());
++	printf("default_failsafe_context_path=\"%s\"\n", selinux_failsafe_context_path());
++	printf("binary_policy_path=\"%s\"\n", selinux_binary_policy_path());
++	printf("file_contexts_path=\"%s\"\n", selinux_file_context_path());
++	exit(0);
++
++}
diff --git a/libselinux.spec b/libselinux.spec
index df053d2..9b9a462 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -1,6 +1,6 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 1.11.4
+Version: 1.13
 Release: 1
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
@@ -8,7 +8,7 @@ Source: http://www.nsa.gov/selinux/archives/libselinux-%{version}.tgz
 Prefix: %{_prefix}
 BuildRoot: %{_tmppath}/%{name}-buildroot
 Provides: libselinux.so
-
+Patch1: libselinux-rhat.patch
 
 %description
 Security-enhanced Linux is a patch of the Linux® kernel and a number
@@ -36,6 +36,7 @@ needed for developing SELinux applications.
 
 %prep
 %setup -q
+%patch1 -p1 -b .rhat
 
 %build
 make 
@@ -70,6 +71,12 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man8/*
 
 %changelog
+* Mon May 17 2004 Dan Walsh <dwalsh@redhat.com> 1.12-2
+- add man patch
+
+* Thu May 14 2004 Dan Walsh <dwalsh@redhat.com> 1.12-1
+- Update with latest from NSA
+
 * Wed May 5 2004 Dan Walsh <dwalsh@redhat.com> 1.11.4-1
 - Update with latest from NSA
 
diff --git a/sources b/sources
index 1670ea4..ae14879 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-4b35676f6c8f8fa4e40742ac2f370c6f  libselinux-1.11.4.tgz
+3ad90bbd46814325ee76b691b677804d  libselinux-1.13.tgz