From d0a54fbf966d2b0870dafc7038c593fc94a6c3ca Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Oct 16 2018 10:11:18 +0000
Subject: policycoreutils-2.8-11


- sepolicy: Fix get_real_type_name to handle query failure properly
- sepolicy: search() for dontaudit rules as well

---

diff --git a/policycoreutils.spec b/policycoreutils.spec
index 8bf5645..6fd3af7 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -12,7 +12,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 2.8
-Release: 10%{?dist}
+Release: 11%{?dist}
 License: GPLv2
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/policycoreutils-2.8.tar.gz
@@ -37,7 +37,7 @@ Source22: gui-po.tgz
 Source23: sandbox-po.tgz
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
-# HEAD https://github.com/fedora-selinux/selinux/commit/db1433d3b785eadb4eecf5c82430d57c92855a35
+# HEAD https://github.com/fedora-selinux/selinux/commit/f63677145675024f6a1dbdab595c0be1403bd592
 # $ for i in policycoreutils selinux-python selinux-gui selinux-sandbox selinux-dbus semodule-utils restorecond; do
 #   VERSION=2.8 ./make-fedora-selinux-patch.sh $i
 # done
@@ -531,6 +531,10 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Tue Oct 16 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-11
+- sepolicy: Fix get_real_type_name to handle query failure properly
+- sepolicy: search() for dontaudit rules as well
+
 * Tue Oct  2 2018 Petr Lautrbach <plautrba@redhat.com> - 2.8-10
 - semanage: "semanage user" does not use -s, fix documentation
 - semanage: add a missing space in ibendport help
diff --git a/selinux-python-fedora.patch b/selinux-python-fedora.patch
index 8211514..ecabd7d 100644
--- a/selinux-python-fedora.patch
+++ b/selinux-python-fedora.patch
@@ -1540,7 +1540,7 @@ index 141f64e..6287502 100755
              newval.append(v)
          setattr(namespace, self.dest, values)
 diff --git selinux-python-2.8/sepolicy/sepolicy/__init__.py selinux-python-2.8/sepolicy/sepolicy/__init__.py
-index 89346ab..e338af1 100644
+index 89346ab..c4f03f4 100644
 --- selinux-python-2.8/sepolicy/sepolicy/__init__.py
 +++ selinux-python-2.8/sepolicy/sepolicy/__init__.py
 @@ -15,7 +15,7 @@ import os
@@ -1625,7 +1625,16 @@ index 89346ab..e338af1 100644
          pass
  
      return d
-@@ -437,6 +447,15 @@ def get_file_types(setype):
+@@ -334,6 +344,8 @@ def search(types, seinfo=None):
+         tertypes.append(NEVERALLOW)
+     if AUDITALLOW in types:
+         tertypes.append(AUDITALLOW)
++    if DONTAUDIT in types:
++        tertypes.append(DONTAUDIT)
+ 
+     if len(tertypes) > 0:
+         q = setools.TERuleQuery(_pol,
+@@ -437,6 +449,14 @@ def get_file_types(setype):
      return mpaths
  
  
@@ -1634,14 +1643,13 @@ index 89346ab..e338af1 100644
 +def get_real_type_name(name):
 +    try:
 +        return next(info(TYPE, name))["name"]
-+    except RuntimeError:
++    except (RuntimeError, StopIteration):
 +        return None
 +
-+
  def get_writable_files(setype):
      file_types = get_all_file_types()
      all_writes = []
-@@ -1051,7 +1070,7 @@ def gen_short_name(setype):
+@@ -1051,7 +1071,7 @@ def gen_short_name(setype):
          domainname = setype[:-2]
      else:
          domainname = setype
@@ -1650,7 +1658,7 @@ index 89346ab..e338af1 100644
          raise ValueError("domain %s_t does not exist" % domainname)
      if domainname[-1] == 'd':
          short_name = domainname[:-1] + "_"
-@@ -1160,27 +1179,14 @@ def boolean_desc(boolean):
+@@ -1160,27 +1180,14 @@ def boolean_desc(boolean):
  
  
  def get_os_version():