diff --git a/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch b/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch deleted file mode 100644 index 51a1e01..0000000 --- a/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 852dfaa124379e84f6363c30c0ef56f00fa4b235 Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 15:40:28 -0400 -Subject: [PATCH 01/11] Since-we-do-not-ship-neverallow-rules-all-always-fail - ---- - libqpol/src/avrule_query.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c -index 749565b..76dcaa3 100644 ---- a/libqpol/src/avrule_query.c -+++ b/libqpol/src/avrule_query.c -@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type - - if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { - ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); -- errno = ENOTSUP; -- return STATUS_ERR; -+/* errno = ENOTSUP; -+ return STATUS_ERR; */ -+ return STATUS_SUCCESS; - } - - db = &policy->p->p; --- -1.8.5.3 - diff --git a/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch deleted file mode 100644 index 882a127..0000000 --- a/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 0332c009bd0581ab9a75a4ea80af92bb2d6b8b1f Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 15:46:38 -0400 -Subject: [PATCH 02/11] Fix sepol calls to work with latest libsepol - ---- - configure.ac | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 577ce48..2a5b55b 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -521,7 +521,7 @@ else - [AC_LANG_SOURCE([ - #include - int main () { -- return role_set_expand(NULL, NULL, NULL, NULL); -+ return role_set_expand(NULL, NULL, NULL, NULL, NULL); - }])], - sepol_new_user_role_mapping="yes", - sepol_new_user_role_mapping="no") -@@ -578,7 +578,7 @@ if test ${sepol_check_boolmap} = "yes"; then - [AC_LANG_SOURCE([ - #include - int main () { -- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0); -+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0); - }])], - AC_MSG_RESULT([yes]), - AC_MSG_ERROR([this version of libsepol is incompatible with SETools])) --- -1.8.5.3 - diff --git a/0002-setools-should-exit-with-an-error-status-if-it-gets-.patch b/0002-setools-should-exit-with-an-error-status-if-it-gets-.patch deleted file mode 100644 index 62a8050..0000000 --- a/0002-setools-should-exit-with-an-error-status-if-it-gets-.patch +++ /dev/null @@ -1,133 +0,0 @@ -From 667fe9187c203ffcba855e821dff11c8f71ef000 Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 15:39:51 -0400 -Subject: [PATCH 2/6] setools-should-exit-with-an-error-status-if-it-gets-an - error - ---- - secmds/seinfo.c | 51 +++++++++++++++++++++++++++------------------------ - 1 files changed, 27 insertions(+), 24 deletions(-) - -diff --git a/secmds/seinfo.c b/secmds/seinfo.c -index fdf23e9..3088f88 100644 ---- a/secmds/seinfo.c -+++ b/secmds/seinfo.c -@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy - */ - static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb) - { -- int retval = 0; -+ int retval = -1; - apol_cat_query_t *query = NULL; - apol_vector_t *v = NULL; - const qpol_cat_t *cat_datum = NULL; -@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy - fprintf(fp, " %s\n", tmp); - free(tmp); - } -- if (type && !apol_vector_get_size(v)) -+ if (type && !apol_vector_get_size(v)) { - ERR(policydb, "No fs_use statement for filesystem of type %s.", type); -- -+ goto cleanup; -+ } - retval = 0; - cleanup: - apol_fs_use_query_destroy(&query); -@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol - ERR(policydb, "%s", strerror(ENOMEM)); - goto cleanup; - } -- - if (apol_genfscon_query_set_filesystem(policydb, query, type)) - goto cleanup; - if (apol_genfscon_get_by_query(policydb, query, &v)) -@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol - free(tmp); - } - -- if (type && !apol_vector_get_size(v)) -+ if (type && !apol_vector_get_size(v)) { - ERR(policydb, "No genfscon statement for filesystem of type %s.", type); -+ goto cleanup; -+ } - - retval = 0; - cleanup: -@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators etc. - - int main(int argc, char **argv) - { -+ int rc = 0; - int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif, - node, port, permissives, polcaps, constrain, linebreaks; - apol_policy_t *policydb = NULL; -@@ -1851,46 +1854,46 @@ int main(int argc, char **argv) - - /* display requested info */ - if (stats || all) -- print_stats(stdout, policydb); -+ rc = print_stats(stdout, policydb); - if (classes || all) -- print_classes(stdout, class_name, expand, policydb); -+ rc = print_classes(stdout, class_name, expand, policydb); - if (types || all) -- print_types(stdout, type_name, expand, policydb); -+ rc = print_types(stdout, type_name, expand, policydb); - if (attribs || all) -- print_attribs(stdout, attrib_name, expand, policydb); -+ rc = print_attribs(stdout, attrib_name, expand, policydb); - if (roles || all) -- print_roles(stdout, role_name, expand, policydb); -+ rc = print_roles(stdout, role_name, expand, policydb); - if (users || all) -- print_users(stdout, user_name, expand, policydb); -+ rc = print_users(stdout, user_name, expand, policydb); - if (bools || all) -- print_booleans(stdout, bool_name, expand, policydb); -+ rc = print_booleans(stdout, bool_name, expand, policydb); - if (sens || all) -- print_sens(stdout, sens_name, expand, policydb); -+ rc = print_sens(stdout, sens_name, expand, policydb); - if (cats || all) -- print_cats(stdout, cat_name, expand, policydb); -+ rc = print_cats(stdout, cat_name, expand, policydb); - if (fsuse || all) -- print_fsuse(stdout, fsuse_type, policydb); -+ rc = print_fsuse(stdout, fsuse_type, policydb); - if (genfs || all) -- print_genfscon(stdout, genfs_type, policydb); -+ rc = print_genfscon(stdout, genfs_type, policydb); - if (netif || all) -- print_netifcon(stdout, netif_name, policydb); -+ rc = print_netifcon(stdout, netif_name, policydb); - if (node || all) -- print_nodecon(stdout, node_addr, policydb); -+ rc = print_nodecon(stdout, node_addr, policydb); - if (port || all) -- print_portcon(stdout, port_num, protocol, policydb); -+ rc = print_portcon(stdout, port_num, protocol, policydb); - if (isids || all) -- print_isids(stdout, isid_name, expand, policydb); -+ rc = print_isids(stdout, isid_name, expand, policydb); - if (permissives || all) -- print_permissives(stdout, permissive_name, expand, policydb); -+ rc = print_permissives(stdout, permissive_name, expand, policydb); - if (polcaps || all) -- print_polcaps(stdout, polcap_name, expand, policydb); -+ rc = print_polcaps(stdout, polcap_name, expand, policydb); - if (constrain || all) -- print_constraints(stdout, expand, policydb, linebreaks); -+ rc = print_constraints(stdout, expand, policydb, linebreaks); - - apol_policy_destroy(&policydb); - apol_policy_path_destroy(&pol_path); - free(policy_file); -- exit(0); -+ exit(rc); - } - - /** --- -1.7.6.2 - diff --git a/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch b/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch deleted file mode 100644 index ae30696..0000000 --- a/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch +++ /dev/null @@ -1,28 +0,0 @@ -From 252b7c8bf311d615164a20f4f402767e5859d972 Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 15:40:28 -0400 -Subject: [PATCH 3/6] Since-we-do-not-ship-neverallow-rules-all-always-fail - ---- - libqpol/src/avrule_query.c | 5 +++-- - 1 files changed, 3 insertions(+), 2 deletions(-) - -diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c -index 749565b..76dcaa3 100644 ---- a/libqpol/src/avrule_query.c -+++ b/libqpol/src/avrule_query.c -@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type - - if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { - ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); -- errno = ENOTSUP; -- return STATUS_ERR; -+/* errno = ENOTSUP; -+ return STATUS_ERR; */ -+ return STATUS_SUCCESS; - } - - db = &policy->p->p; --- -1.7.6.2 - diff --git a/0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch b/0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch deleted file mode 100644 index e0bc2f3..0000000 --- a/0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch +++ /dev/null @@ -1,596 +0,0 @@ -From 295cc6c22440038c1b633602c0f1b38ded57e1a0 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 10:47:32 +0200 -Subject: [PATCH 03/11] mgrepl patch to Fix swig coding style for structures - related to SWIG changes - ---- - libqpol/swig/qpol.i | 132 ++++++++++++++++++++++++++-------------------------- - 1 file changed, 66 insertions(+), 66 deletions(-) - -diff --git a/libqpol/swig/qpol.i b/libqpol/swig/qpol.i -index 45a2403..0f937d1 100644 ---- a/libqpol/swig/qpol.i -+++ b/libqpol/swig/qpol.i -@@ -228,7 +228,7 @@ SWIGEXPORT int Tqpol_Init(Tcl_Interp *interp) { - #define QPOL_MODULE_OTHER 2 - typedef struct qpol_module {} qpol_module_t; - %extend qpol_module_t { -- qpol_module_t(const char *path) { -+ qpol_module(const char *path) { - qpol_module_t *m; - BEGIN_EXCEPTION - if (qpol_module_create_from_file(path, &m)) { -@@ -239,7 +239,7 @@ typedef struct qpol_module {} qpol_module_t; - fail: - return NULL; - }; -- ~qpol_module_t() { -+ ~qpol_module() { - qpol_module_destroy(&self); - }; - const char *get_path() { -@@ -330,7 +330,7 @@ typedef enum qpol_capability - } qpol_capability_e; - - %extend qpol_policy_t { -- qpol_policy_t(const char *path, const int options) { -+ qpol_policy(const char *path, const int options) { - qpol_policy_t *p; - BEGIN_EXCEPTION - if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) { -@@ -341,7 +341,7 @@ typedef enum qpol_capability - fail: - return NULL; - } -- ~qpol_policy_t() { -+ ~qpol_policy() { - qpol_policy_destroy(&self); - }; - void reevaluate_conds() { -@@ -687,14 +687,14 @@ typedef enum qpol_capability - typedef struct qpol_iterator {} qpol_iterator_t; - %extend qpol_iterator_t { - /* user never directly creates, but SWIG expects a constructor */ -- qpol_iterator_t() { -+ qpol_iterator() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_TypeError, "User may not create iterators difectly"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_iterator_t() { -+ ~qpol_iterator() { - qpol_iterator_destroy(&self); - }; - void *get_item() { -@@ -736,7 +736,7 @@ typedef struct qpol_iterator {} qpol_iterator_t; - /* qpol type */ - typedef struct qpol_type {} qpol_type_t; - %extend qpol_type_t { -- qpol_type_t(qpol_policy_t *p, const char *name) { -+ qpol_type(qpol_policy_t *p, const char *name) { - BEGIN_EXCEPTION - const qpol_type_t *t; - if (qpol_policy_get_type_by_name(p, name, &t)) { -@@ -747,7 +747,7 @@ typedef struct qpol_type {} qpol_type_t; - fail: - return NULL; - }; -- ~qpol_type_t() { -+ ~qpol_type() { - /* no op */ - return; - }; -@@ -851,7 +851,7 @@ typedef struct qpol_type {} qpol_type_t; - /* qpol role */ - typedef struct qpol_role {} qpol_role_t; - %extend qpol_role_t { -- qpol_role_t(qpol_policy_t *p, const char *name) { -+ qpol_role(qpol_policy_t *p, const char *name) { - const qpol_role_t *r; - BEGIN_EXCEPTION - if (qpol_policy_get_role_by_name(p, name, &r)) { -@@ -862,7 +862,7 @@ typedef struct qpol_role {} qpol_role_t; - fail: - return NULL; - }; -- ~qpol_role_t() { -+ ~qpol_role() { - /* no op */ - return; - }; -@@ -919,7 +919,7 @@ typedef struct qpol_role {} qpol_role_t; - /* qpol level */ - typedef struct qpol_level {} qpol_level_t; - %extend qpol_level_t { -- qpol_level_t(qpol_policy_t *p, const char *name) { -+ qpol_level(qpol_policy_t *p, const char *name) { - const qpol_level_t *l; - BEGIN_EXCEPTION - if (qpol_policy_get_level_by_name(p, name, &l)) { -@@ -930,7 +930,7 @@ typedef struct qpol_level {} qpol_level_t; - fail: - return NULL; - }; -- ~qpol_level_t() { -+ ~qpol_level() { - /* no op */ - return; - }; -@@ -997,7 +997,7 @@ typedef struct qpol_level {} qpol_level_t; - /* qpol cat */ - typedef struct qpol_cat {} qpol_cat_t; - %extend qpol_cat_t { -- qpol_cat_t(qpol_policy_t *p, const char *name) { -+ qpol_cat(qpol_policy_t *p, const char *name) { - const qpol_cat_t *c; - BEGIN_EXCEPTION - if (qpol_policy_get_cat_by_name(p, name, &c)) { -@@ -1008,7 +1008,7 @@ typedef struct qpol_cat {} qpol_cat_t; - fail: - return NULL; - }; -- ~qpol_cat_t() { -+ ~qpol_cat() { - /* no op */ - return; - }; -@@ -1064,14 +1064,14 @@ typedef struct qpol_cat {} qpol_cat_t; - /* qpol mls range */ - typedef struct qpol_mls_range {} qpol_mls_range_t; - %extend qpol_mls_range_t { -- qpol_mls_range_t() { -+ qpol_mls_range() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects"); - END_EXCEPTION - fail: - return NULL; - } -- ~qpol_mls_range_t() { -+ ~qpol_mls_range() { - /* no op */ - return; - }; -@@ -1105,14 +1105,14 @@ typedef struct qpol_mls_range {} qpol_mls_range_t; - /* qpol mls level */ - typedef struct qpol_mls_level {} qpol_mls_level_t; - %extend qpol_mls_level_t { -- qpol_mls_level_t() { -+ qpol_mls_level() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects"); - END_EXCEPTION - fail: - return NULL; - } -- ~qpol_mls_level_t() { -+ ~qpol_mls_level() { - /* no op */ - return; - }; -@@ -1147,7 +1147,7 @@ typedef struct qpol_mls_level {} qpol_mls_level_t; - /* qpol user */ - typedef struct qpol_user {} qpol_user_t; - %extend qpol_user_t { -- qpol_user_t(qpol_policy_t *p, const char *name) { -+ qpol_user(qpol_policy_t *p, const char *name) { - const qpol_user_t *u; - BEGIN_EXCEPTION - if (qpol_policy_get_user_by_name(p, name, &u)) { -@@ -1158,7 +1158,7 @@ typedef struct qpol_user {} qpol_user_t; - fail: - return NULL; - }; -- ~qpol_user_t() { -+ ~qpol_user() { - /* no op */ - return; - }; -@@ -1223,7 +1223,7 @@ typedef struct qpol_user {} qpol_user_t; - /* qpol bool */ - typedef struct qpol_bool {} qpol_bool_t; - %extend qpol_bool_t { -- qpol_bool_t(qpol_policy_t *p, const char *name) { -+ qpol_bool(qpol_policy_t *p, const char *name) { - qpol_bool_t *b; - BEGIN_EXCEPTION - if (qpol_policy_get_bool_by_name(p, name, &b)) { -@@ -1233,7 +1233,7 @@ typedef struct qpol_bool {} qpol_bool_t; - fail: - return b; - }; -- ~qpol_bool_t() { -+ ~qpol_bool() { - /* no op */ - return; - }; -@@ -1295,14 +1295,14 @@ typedef struct qpol_bool {} qpol_bool_t; - /* qpol context */ - typedef struct qpol_context {} qpol_context_t; - %extend qpol_context_t { -- qpol_context_t() { -+ qpol_context() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_context_t() { -+ ~qpol_context() { - /* no op */ - return; - }; -@@ -1356,7 +1356,7 @@ typedef struct qpol_context {} qpol_context_t; - /* qpol class */ - typedef struct qpol_class {} qpol_class_t; - %extend qpol_class_t { -- qpol_class_t(qpol_policy_t *p, const char *name) { -+ qpol_class(qpol_policy_t *p, const char *name) { - const qpol_class_t *c; - BEGIN_EXCEPTION - if (qpol_policy_get_class_by_name(p, name, &c)) { -@@ -1366,7 +1366,7 @@ typedef struct qpol_class {} qpol_class_t; - fail: - return (qpol_class_t*)c; - }; -- ~qpol_class_t() { -+ ~qpol_class() { - /* no op */ - return; - }; -@@ -1443,7 +1443,7 @@ typedef struct qpol_class {} qpol_class_t; - /* qpol common */ - typedef struct qpol_common {} qpol_common_t; - %extend qpol_common_t { -- qpol_common_t(qpol_policy_t *p, const char *name) { -+ qpol_common(qpol_policy_t *p, const char *name) { - const qpol_common_t *c; - BEGIN_EXCEPTION - if (qpol_policy_get_common_by_name(p, name, &c)) { -@@ -1453,7 +1453,7 @@ typedef struct qpol_common {} qpol_common_t; - fail: - return (qpol_common_t*)c; - }; -- ~qpol_common_t() { -+ ~qpol_common() { - /* no op */ - return; - }; -@@ -1515,7 +1515,7 @@ typedef struct qpol_common {} qpol_common_t; - #define QPOL_FS_USE_PSID 6U - #endif - typedef struct qpol_fs_use {} qpol_fs_use_t; --%extend qpol_fs_use_t { -+%extend qpol_fs_use { - qpol_fs_use_t(qpol_policy_t *p, const char *name) { - const qpol_fs_use_t *f; - BEGIN_EXCEPTION -@@ -1526,7 +1526,7 @@ typedef struct qpol_fs_use {} qpol_fs_use_t; - fail: - return (qpol_fs_use_t*)f; - }; -- ~qpol_fs_use_t() { -+ ~qpol_fs_use() { - /* no op */ - return; - }; -@@ -1594,7 +1594,7 @@ typedef struct qpol_fs_use {} qpol_fs_use_t; - #endif - typedef struct qpol_genfscon {} qpol_genfscon_t; - %extend qpol_genfscon_t { -- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) { -+ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) { - qpol_genfscon_t *g; - BEGIN_EXCEPTION - if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) { -@@ -1604,7 +1604,7 @@ typedef struct qpol_genfscon {} qpol_genfscon_t; - fail: - return g; - }; -- ~qpol_genfscon_t() { -+ ~qpol_genfscon() { - free(self); - }; - const char *get_name(qpol_policy_t *p) { -@@ -1656,7 +1656,7 @@ typedef struct qpol_genfscon {} qpol_genfscon_t; - - /* qpol isid */ - typedef struct qpol_isid {} qpol_isid_t; --%extend qpol_isid_t { -+%extend qpol_isid { - qpol_isid_t(qpol_policy_t *p, const char *name) { - const qpol_isid_t *i; - BEGIN_EXCEPTION -@@ -1667,7 +1667,7 @@ typedef struct qpol_isid {} qpol_isid_t; - fail: - return (qpol_isid_t*)i; - }; -- ~qpol_isid_t() { -+ ~qpol_isid() { - /* no op */ - return; - }; -@@ -1701,7 +1701,7 @@ typedef struct qpol_isid {} qpol_isid_t; - /* qpol netifcon */ - typedef struct qpol_netifcon {} qpol_netifcon_t; - %extend qpol_netifcon_t { -- qpol_netifcon_t(qpol_policy_t *p, const char *name) { -+ qpol_netifcon(qpol_policy_t *p, const char *name) { - const qpol_netifcon_t *n; - BEGIN_EXCEPTION - if (qpol_policy_get_netifcon_by_name(p, name, &n)) { -@@ -1711,7 +1711,7 @@ typedef struct qpol_netifcon {} qpol_netifcon_t; - fail: - return (qpol_netifcon_t*)n; - }; -- ~qpol_netifcon_t() { -+ ~qpol_netifcon() { - /* no op */ - return; - }; -@@ -1757,7 +1757,7 @@ typedef struct qpol_netifcon {} qpol_netifcon_t; - #define QPOL_IPV6 1 - typedef struct qpol_nodecon {} qpol_nodecon_t; - %extend qpol_nodecon_t { -- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) { -+ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) { - uint32_t a[4], m[4]; - qpol_nodecon_t *n; - BEGIN_EXCEPTION -@@ -1772,7 +1772,7 @@ typedef struct qpol_nodecon {} qpol_nodecon_t; - fail: - return n; - } -- ~qpol_nodecon_t() { -+ ~qpol_nodecon() { - free(self); - }; - uint32_t *get_addr(qpol_policy_t *p) { -@@ -1830,7 +1830,7 @@ typedef struct qpol_nodecon {} qpol_nodecon_t; - #define IPPROTO_UDP 17 - typedef struct qpol_portcon {} qpol_portcon_t; - %extend qpol_portcon_t { -- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { -+ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { - const qpol_portcon_t *qp; - BEGIN_EXCEPTION - if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) { -@@ -1840,7 +1840,7 @@ typedef struct qpol_portcon {} qpol_portcon_t; - fail: - return (qpol_portcon_t*)qp; - }; -- ~qpol_portcon_t() { -+ ~qpol_portcon() { - /* no op */ - return; - }; -@@ -1893,7 +1893,7 @@ typedef struct qpol_portcon {} qpol_portcon_t; - - /* qpol constraint */ - typedef struct qpol_constraint {} qpol_constraint_t; --%extend qpol_constraint_t { -+%extend qpol_constraint { - qpol_constraint_t() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects"); -@@ -1901,7 +1901,7 @@ typedef struct qpol_constraint {} qpol_constraint_t; - fail: - return NULL; - }; -- ~qpol_constraint_t() { -+ ~qpol_constraint() { - free(self); - }; - const qpol_class_t *get_class(qpol_policy_t *p) { -@@ -1945,7 +1945,7 @@ typedef struct qpol_constraint {} qpol_constraint_t; - - /* qpol validatetrans */ - typedef struct qpol_validatetrans {} qpol_validatetrans_t; --%extend qpol_validatetrans_t { -+%extend qpol_validatetrans { - qpol_validatetrans_t() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects"); -@@ -1953,7 +1953,7 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t; - fail: - return NULL; - }; -- ~qpol_validatetrans_t() { -+ ~qpol_validatetrans() { - free(self); - }; - const qpol_class_t *get_class(qpol_policy_t *p) { -@@ -2011,14 +2011,14 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t; - #define QPOL_CEXPR_OP_INCOMP 5 - typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t; - %extend qpol_constraint_expr_node_t { -- qpol_constraint_expr_node_t() { -+ qpol_constraint_expr_node() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_constraint_expr_node_t() { -+ ~qpol_constraint_expr_node() { - /* no op */ - return; - }; -@@ -2073,14 +2073,14 @@ typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t; - /* qpol role allow */ - typedef struct qpol_role_allow {} qpol_role_allow_t; - %extend qpol_role_allow_t { -- qpol_role_allow_t() { -+ qpol_role_allow() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_role_allow_t() { -+ ~qpol_role_allow() { - /* no op */ - return; - }; -@@ -2114,14 +2114,14 @@ typedef struct qpol_role_allow {} qpol_role_allow_t; - /* qpol role trans */ - typedef struct qpol_role_trans {} qpol_role_trans_t; - %extend qpol_role_trans_t { -- qpol_role_trans_t() { -+ qpol_role_trans() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_role_trans_t() { -+ ~qpol_role_trans() { - /* no op */ - return; - }; -@@ -2165,14 +2165,14 @@ typedef struct qpol_role_trans {} qpol_role_trans_t; - /* qpol range trans */ - typedef struct qpol_range_trans {} qpol_range_trans_t; - %extend qpol_range_trans_t { -- qpol_range_trans_t() { -+ qpol_range_trans() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_range_trans_t() { -+ ~qpol_range_trans() { - /* no op */ - return; - }; -@@ -2228,14 +2228,14 @@ typedef struct qpol_range_trans {} qpol_range_trans_t; - #define QPOL_RULE_DONTAUDIT 4 - typedef struct qpol_avrule {} qpol_avrule_t; - %extend qpol_avrule_t { -- qpol_avrule_t() { -+ qpol_avrule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_avrule_t() { -+ ~qpol_avrule() { - /* no op */ - return; - }; -@@ -2348,14 +2348,14 @@ typedef struct qpol_avrule {} qpol_avrule_t; - #define QPOL_RULE_TYPE_MEMBER 32 - typedef struct qpol_terule {} qpol_terule_t; - %extend qpol_terule_t { -- qpol_terule_t() { -+ qpol_terule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_terule_t() { -+ ~qpol_terule() { - /* no op */ - return; - }; -@@ -2464,14 +2464,14 @@ typedef struct qpol_terule {} qpol_terule_t; - /* qpol conditional */ - typedef struct qpol_cond {} qpol_cond_t; - %extend qpol_cond_t { -- qpol_cond_t() { -+ qpol_cond() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_cond_t() { -+ ~qpol_cond() { - /* no op */ - return; - }; -@@ -2557,14 +2557,14 @@ typedef struct qpol_cond {} qpol_cond_t; - #define QPOL_COND_EXPR_NEQ 7 /* bool != bool */ - typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t; - %extend qpol_cond_expr_node_t { -- qpol_cond_expr_node_t() { -+ qpol_cond_expr_node() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_cond_expr_node_t() { -+ ~qpol_cond_expr_node() { - /* no op */ - return; - }; -@@ -2602,14 +2602,14 @@ typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t; - /* qpol type set */ - typedef struct qpol_type_set {} qpol_type_set_t; - %extend qpol_type_set_t { -- qpol_type_set_t() { -+ qpol_type_set() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_type_set_t() { -+ ~qpol_type_set() { - /* no op */ - return; - }; -@@ -2665,14 +2665,14 @@ typedef struct qpol_type_set {} qpol_type_set_t; - /* qpol syn av rule */ - typedef struct qpol_syn_avrule {} qpol_syn_avrule_t; - %extend qpol_syn_avrule_t { -- qpol_syn_avrule_t() { -+ qpol_syn_avrule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_syn_avrule_t() { -+ ~qpol_syn_avrule() { - /* no op */ - return; - }; -@@ -2778,14 +2778,14 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t; - /* qpol syn te rule */ - typedef struct qpol_syn_terule {} qpol_syn_terule_t; - %extend qpol_syn_terule_t { -- qpol_syn_terule_t() { -+ qpol_syn_terule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_syn_terule_t() { -+ ~qpol_syn_terule() { - /* no op */ - return; - }; --- -1.8.5.3 - diff --git a/0004-Apply-selinux_current_policy_path-patch.patch b/0004-Apply-selinux_current_policy_path-patch.patch deleted file mode 100644 index 14cdbb6..0000000 --- a/0004-Apply-selinux_current_policy_path-patch.patch +++ /dev/null @@ -1,97 +0,0 @@ -From 85a12d481d664120865b46cd1c4c325307179471 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 10:53:54 +0200 -Subject: [PATCH 04/11] Apply selinux_current_policy_path patch - ---- - libqpol/src/util.c | 73 ++++-------------------------------------------------- - 1 file changed, 5 insertions(+), 68 deletions(-) - -diff --git a/libqpol/src/util.c b/libqpol/src/util.c -index 7c49876..8f74b2b 100644 ---- a/libqpol/src/util.c -+++ b/libqpol/src/util.c -@@ -84,75 +84,12 @@ static int get_binpol_version(const char *policy_fname) - - static int search_policy_binary_file(char **path) - { -- const char *binary_path; -- if ((binary_path = selinux_binary_policy_path()) == NULL) { -- return -1; -- } -- -- int expected_version = -1, latest_version = -1; --#ifdef LIBSELINUX -- /* if the system has SELinux enabled, prefer the policy whose -- name matches the current policy version */ -- if ((expected_version = security_policyvers()) < 0) { -- return -1; -- } --#endif -- -- glob_t glob_buf; -- struct stat fs; -- int rt, error = 0, retval = -1; -- size_t i; -- char *pattern = NULL; -- if (asprintf(&pattern, "%s.*", binary_path) < 0) { -- return -1; -- } -- glob_buf.gl_offs = 1; -- glob_buf.gl_pathc = 0; -- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf); -- if (rt != 0 && rt != GLOB_NOMATCH) { -- errno = EIO; -- return -1; -- } -- -- for (i = 0; i < glob_buf.gl_pathc; i++) { -- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs]; -- if (stat(p, &fs) != 0) { -- error = errno; -- goto cleanup; -- } -- if (S_ISDIR(fs.st_mode)) -- continue; -- -- if ((rt = get_binpol_version(p)) < 0) { -- error = errno; -- goto cleanup; -- } -- -- if (rt > latest_version || rt == expected_version) { -- free(*path); -- if ((*path = strdup(p)) == NULL) { -- error = errno; -- goto cleanup; -- } -- if (rt == expected_version) { -- break; -- } -- latest_version = rt; -- } -- } -- -- if (*path == NULL) { -- retval = 1; -- } else { -- retval = 0; -- } -- cleanup: -- free(pattern); -- globfree(&glob_buf); -- if (retval == -1) { -- errno = error; -+ const char *binary_path = selinux_current_policy_path(); -+ if (binary_path) { -+ *path = strdup(binary_path); -+ if (*path) return 0; - } -- return retval; -+ return -1; - } - - int qpol_default_policy_find(char **path) --- -1.8.5.3 - diff --git a/0004-Fix-man-pages-and-getoptions.patch b/0004-Fix-man-pages-and-getoptions.patch deleted file mode 100644 index c06270e..0000000 --- a/0004-Fix-man-pages-and-getoptions.patch +++ /dev/null @@ -1,78 +0,0 @@ -From b3c8ef5822dbf3e3272fc29627ddac7e20e936d5 Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 15:41:12 -0400 -Subject: [PATCH 4/6] Fix-man-pages-and-getoptions - ---- - man/replcon.1 | 2 ++ - man/seinfo.1 | 6 +++++- - seaudit/seaudit-report.c | 2 +- - sediff/sediff.c | 2 +- - 4 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/man/replcon.1 b/man/replcon.1 -index 8aca08a..478dc51 100644 ---- a/man/replcon.1 -+++ b/man/replcon.1 -@@ -44,6 +44,8 @@ Search for files which include PATH. - .IP "-c CLASS, --class=CLASS" - Search only files of object class CLASS. - .SH OPTIONS -+.IP "-R, --regex" -+Enable regular expressions - .IP "-v, --verbose" - Display context info during replacement. - .IP "-h, --help" -diff --git a/man/seinfo.1 b/man/seinfo.1 -index 8612119..6bc17db 100644 ---- a/man/seinfo.1 -+++ b/man/seinfo.1 -@@ -76,6 +76,10 @@ There is no expanded information for this component. - .IP "--nodecon[=ADDR]" - Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR. - There is no expanded information for this component. -+.IP "--polcap" -+Print policy capabilities. -+.IP "--permissive" -+Print permissive types. - .IP "--portcon[=PORT]" - Print a list of port contexts or, if PORT is provided, print the statement for port PORT. - There is no expanded information for this component. -@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss - This option is not available for all component types; see the description of each component for the details this option will provide. - .IP "--stats" - Print policy statistics including policy type and version information and counts of all components and rules. --.IP "-l" -+.IP "-l, --line-breaks" - Print line breaks when displaying constraint statements. - .IP "-h, --help" - Print help information and exit. -diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c -index af3c6fb..d436c18 100644 ---- a/seaudit/seaudit-report.c -+++ b/seaudit/seaudit-report.c -@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief) - printf(" -s, --stdin read log data from standard input\n"); - printf(" -m, --malformed include malformed log messages\n"); - printf(" -o FILE, --output=FILE output to FILE\n"); -- printf(" --config=FILE read configuration from FILE\n"); -+ printf(" -c FILE, --config=FILE read configuration from FILE\n"); - printf(" --html set output format to HTML\n"); - printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n"); - printf(" (ignored if --html is not given)\n"); -diff --git a/sediff/sediff.c b/sediff/sediff.c -index 6022775..341c650 100644 ---- a/sediff/sediff.c -+++ b/sediff/sediff.c -@@ -420,7 +420,7 @@ int main(int argc, char **argv) - poldiff_t *diff = NULL; - size_t total = 0; - -- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) { -+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) { - switch (optc) { - case 0: - break; --- -1.7.6.2 - diff --git a/0005-Apply-seaudit-patch-for-progress.c.patch b/0005-Apply-seaudit-patch-for-progress.c.patch deleted file mode 100644 index 29e5a0c..0000000 --- a/0005-Apply-seaudit-patch-for-progress.c.patch +++ /dev/null @@ -1,24 +0,0 @@ -From ba8e76cd514e8ce92a48931963e97fe79589a71a Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 11:12:37 +0200 -Subject: [PATCH 05/11] Apply seaudit patch for progress.c - ---- - libqpol/swig/java/Makefile.am | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/libqpol/swig/java/Makefile.am b/libqpol/swig/java/Makefile.am -index a25eacb..533b55a 100644 ---- a/libqpol/swig/java/Makefile.am -+++ b/libqpol/swig/java/Makefile.am -@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \ - qpol_type_t.java \ - qpol_user_t.java \ - qpol_validatetrans_t.java \ -- SWIGTYPE_p_int.java \ - SWIGTYPE_p_unsigned_int.java \ - SWIGTYPE_p_void.java - --- -1.8.5.3 - diff --git a/0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch deleted file mode 100644 index 01f545d..0000000 --- a/0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 15:46:38 -0400 -Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol - ---- - configure.ac | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e837e03..3c11e23 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE( - [AC_LANG_SOURCE([ - #include - int main () { -- return role_set_expand(NULL, NULL, NULL, NULL); -+ return role_set_expand(NULL, NULL, NULL, NULL, NULL); - }])], - sepol_new_user_role_mapping="yes", - sepol_new_user_role_mapping="no") -@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then - [AC_LANG_SOURCE([ - #include - int main () { -- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0); -+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0); - }])], - AC_MSG_RESULT([yes]), - AC_MSG_ERROR([this version of libsepol is incompatible with SETools])) --- -1.7.6.2 - diff --git a/0006-Add-support-for-boolean-subs.patch b/0006-Add-support-for-boolean-subs.patch deleted file mode 100644 index a495755..0000000 --- a/0006-Add-support-for-boolean-subs.patch +++ /dev/null @@ -1,39 +0,0 @@ -From 61d3d40e791a4ac392930f11785e4057f67a5b09 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 11:14:50 +0200 -Subject: [PATCH 06/11] Add support for boolean subs - ---- - secmds/seinfo.c | 2 +- - secmds/sesearch.c | 2 +- - 2 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/secmds/seinfo.c b/secmds/seinfo.c -index a970890..54b2a6a 100644 ---- a/secmds/seinfo.c -+++ b/secmds/seinfo.c -@@ -1720,7 +1720,7 @@ int main(int argc, char **argv) - case 'b': /* conditional booleans */ - bools = 1; - if (optarg != 0) -- bool_name = optarg; -+ bool_name = selinux_boolean_sub(optarg); - break; - case OPT_INITIALSID: - isids = 1; -diff --git a/secmds/sesearch.c b/secmds/sesearch.c -index 387d526..e1436a7 100644 ---- a/secmds/sesearch.c -+++ b/secmds/sesearch.c -@@ -1067,7 +1067,7 @@ int main(int argc, char **argv) - printf("Missing boolean for -b (--bool)\n"); - exit(1); - } -- cmd_opts.bool_name = strdup(optarg); -+ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg)); - if (!cmd_opts.bool_name) { - fprintf(stderr, "%s\n", strerror(errno)); - exit(1); --- -1.8.5.3 - diff --git a/0006-Changes-to-support-named-file_trans-rules.patch b/0006-Changes-to-support-named-file_trans-rules.patch deleted file mode 100644 index 3cd7127..0000000 --- a/0006-Changes-to-support-named-file_trans-rules.patch +++ /dev/null @@ -1,1505 +0,0 @@ -From 287f507657e162bc09b5c186bbd580901fbc942a Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 15:47:28 -0400 -Subject: [PATCH 6/6] Changes to support named file_trans rules - ---- - libapol/include/apol/ftrule-query.h | 198 +++++++++++++++++++ - libapol/include/apol/policy-query.h | 1 + - libapol/src/Makefile.am | 1 + - libapol/src/ftrule-query.c | 363 +++++++++++++++++++++++++++++++++++ - libapol/src/libapol.map | 1 + - libqpol/include/qpol/ftrule_query.h | 116 +++++++++++ - libqpol/include/qpol/policy.h | 1 + - libqpol/src/Makefile.am | 1 + - libqpol/src/ftrule_query.c | 277 ++++++++++++++++++++++++++ - libqpol/src/libqpol.map | 1 + - libqpol/src/module_compiler.c | 12 ++ - libqpol/src/policy_define.c | 186 ++++++++++++++++++- - libqpol/src/policy_parse.y | 13 +- - libqpol/src/policy_scan.l | 1 + - secmds/sesearch.c | 101 ++++++++++ - 15 files changed, 1270 insertions(+), 3 deletions(-) - create mode 100644 libapol/include/apol/ftrule-query.h - create mode 100644 libapol/src/ftrule-query.c - create mode 100644 libqpol/include/qpol/ftrule_query.h - create mode 100644 libqpol/src/ftrule_query.c - -diff --git a/libapol/include/apol/ftrule-query.h b/libapol/include/apol/ftrule-query.h -new file mode 100644 -index 0000000..119c52f ---- /dev/null -+++ b/libapol/include/apol/ftrule-query.h -@@ -0,0 +1,198 @@ -+/** -+ * @file -+ * -+ * Routines to query filename_transition rules of a -+ * policy. -+ * -+ * @author Jeremy A. Mowery jmowery@tresys.com -+ * @author Jason Tang jtang@tresys.com -+ * -+ * Copyright (C) 2006-2007 Tresys Technology, LLC -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#ifndef APOL_FILENAMERULE_QUERY_H -+#define APOL_FILENAMERULE_QUERY_H -+ -+#ifdef __cplusplus -+extern "C" -+{ -+#endif -+ -+#include "policy.h" -+#include "vector.h" -+#include -+ -+ typedef struct apol_filename_trans_query apol_filename_trans_query_t; -+ -+ -+/******************** filename_transition queries ********************/ -+ -+/** -+ * Execute a query against all filename_transition rules within the -+ * policy. -+ * -+ * @param p Policy within which to look up filename_transition rules. -+ * @param r Structure containing parameters for query. If this is -+ * NULL then return all filename_transition rules. -+ * @param v Reference to a vector of qpol_filename_trans_t. The vector -+ * will be allocated by this function. The caller must call -+ * apol_vector_destroy() afterwards. This will be set to NULL upon no -+ * results or upon error. -+ * -+ * @return 0 on success (including none found), negative on error. -+ */ -+ extern int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * r, apol_vector_t ** v); -+ -+/** -+ * Allocate and return a new filename trans query structure. All fields -+ * are initialized, such that running this blank query results in -+ * returning all filename_transitions within the policy. The caller must -+ * call apol_filename_trans_query_destroy() upon the return value -+ * afterwards. -+ * -+ * @return An initialized filename trans query structure, or NULL upon -+ * error. -+ */ -+ extern apol_filename_trans_query_t *apol_filename_trans_query_create(void); -+ -+/** -+ * Deallocate all memory associated with the referenced filename trans -+ * query, and then set it to NULL. This function does nothing if the -+ * query is already NULL. -+ * -+ * @param r Reference to a filename trans query structure to destroy. -+ */ -+ extern void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** r); -+ -+/** -+ * Set a filename_trans query to return rules whose source symbol matches -+ * symbol. Symbol may be a type or attribute; if it is an alias then -+ * the query will convert it to its primary prior to searching. If -+ * is_indirect is non-zero then the search will be done indirectly. -+ * If the symbol is a type, then the query matches rules with one of -+ * the type's attributes. If the symbol is an attribute, then it -+ * matches rule with any of the attribute's types. -+ * -+ * @param p Policy handler, to report errors. -+ * @param t TE rule query to set. -+ * @param symbol Limit query to rules with this symbol as their -+ * source, or NULL to unset this field. -+ * @param is_indirect If non-zero, perform indirect matching. -+ * -+ * @return 0 on success, negative on error. -+ */ -+ extern int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *symbol, -+ int is_indirect); -+ -+/** -+ * Set a filename trans query to return rules with a particular target -+ * symbol. Symbol may be a type or attribute; if it is an alias then -+ * the query will convert it to its primary prior to searching. If -+ * is_indirect is non-zero then the search will be done indirectly. -+ * If the symbol is a type, then the query matches rules with one of -+ * the type's attributes. If the symbol is an attribute, then it -+ * matches rule with any of the attribute's types. -+ * -+ * @param p Policy handler, to report errors. -+ * @param r Role trans query to set. -+ * @param symbol Limit query to rules with this type or attribute as -+ * their target, or NULL to unset this field. -+ * @param is_indirect If non-zero, perform indirect matching. -+ * -+ * @return 0 on success, negative on error. -+ */ -+ extern int apol_filename_trans_query_set_target(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *symbol, -+ int is_indirect); -+ -+/** -+ * Set a filename trans query to return rules with a particular default -+ * filename. This field is ignored if -+ * apol_filename_trans_query_set_source_any() is set to non-zero. -+ * -+ * @param p Policy handler, to report errors. -+ * @param r Role trans query to set. -+ * @param filename Limit query to rules with this filename as their default, or -+ * NULL to unset this field. -+ * -+ * @return 0 on success, negative on error. -+ */ -+ extern int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *filename); -+ -+/** -+ * Set at filename_trans query to return rules with this object (non-common) -+ * class. If more than one class are appended to the query, the -+ * rule's class must be one of those appended. (I.e., the rule's -+ * class must be a member of the query's classes.) Pass a NULL to -+ * clear all classes. Note that this performs straight string -+ * comparison, ignoring the regex flag. -+ -+ * -+ * @param p Policy handler, to report errors. -+ * @param t TE rule query to set. -+ * @param obj_class Name of object class to add to search set. -+ * -+ * @return 0 on success, negative on error. -+ */ -+ extern int apol_filename_trans_query_append_class(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *obj_class); -+ -+/** -+ * Set a filename trans query to treat the source filename as any. That is, -+ * use the same symbol for either source or default of a -+ * filename_transition rule. This flag does nothing if the source filename is -+ * not set. Note that a filename_transition's target is a type, so thus -+ * this flag does not affect its searching. -+ * -+ * @param p Policy handler, to report errors. -+ * @param r Role trans query to set. -+ * @param is_any Non-zero to use source symbol for source or default -+ * field, 0 to keep source as only source. -+ * -+ * @return Always 0. -+ */ -+ extern int apol_filename_trans_query_set_source_any(const apol_policy_t * p, apol_filename_trans_query_t * r, int is_any); -+ -+/** -+ * Set a filename trans query to use regular expression searching for -+ * source, target, and default fields. Strings will be treated as -+ * regexes instead of literals. For the target type, matching will -+ * occur against the type name or any of its aliases. -+ * -+ * @param p Policy handler, to report errors. -+ * @param r Role trans query to set. -+ * @param is_regex Non-zero to enable regex searching, 0 to disable. -+ * -+ * @return Always 0. -+ */ -+ extern int apol_filename_trans_query_set_regex(const apol_policy_t * p, apol_filename_trans_query_t * r, int is_regex); -+ -+/** -+ * Render a filename_transition rule to a string. -+ * -+ * @param policy Policy handler, to report errors. -+ * @param rule The rule to render. -+ * -+ * @return A newly malloc()'d string representation of the rule, or NULL on -+ * failure; if the call fails, errno will be set. The caller is responsible -+ * for calling free() on the returned string. -+ */ -+ extern char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filename_trans_t * rule); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif -diff --git a/libapol/include/apol/policy-query.h b/libapol/include/apol/policy-query.h -index 315f70e..665e4cb 100644 ---- a/libapol/include/apol/policy-query.h -+++ b/libapol/include/apol/policy-query.h -@@ -71,6 +71,7 @@ extern "C" - #include "terule-query.h" - #include "condrule-query.h" - #include "rbacrule-query.h" -+#include "ftrule-query.h" - #include "range_trans-query.h" - #include "constraint-query.h" - -diff --git a/libapol/src/Makefile.am b/libapol/src/Makefile.am -index 3fa4f06..baaa4f6 100644 ---- a/libapol/src/Makefile.am -+++ b/libapol/src/Makefile.am -@@ -40,6 +40,7 @@ libapol_a_SOURCES = \ - render.c \ - role-query.c \ - terule-query.c \ -+ ftrule-query.c \ - type-query.c \ - types-relation-analysis.c \ - user-query.c \ -diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c -new file mode 100644 -index 0000000..dc248de ---- /dev/null -+++ b/libapol/src/ftrule-query.c -@@ -0,0 +1,363 @@ -+/** -+ * @file -+ * -+ * Provides a way for setools to make queries about type enforcement -+ * filename_transs within a policy. The caller obtains a query object, fills in -+ * its parameters, and then runs the query; it obtains a vector of -+ * results. Searches are conjunctive -- all fields of the search -+ * query must match for a datum to be added to the results query. -+ * -+ * @author Jeremy A. Mowery jmowery@tresys.com -+ * @author Jason Tang jtang@tresys.com -+ * -+ * Copyright (C) 2006-2007 Tresys Technology, LLC -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#include "policy-query-internal.h" -+ -+#include -+#include -+ -+struct apol_filename_trans_query -+{ -+ char *source, *target, *default_type, *name; -+ apol_vector_t *classes; -+ unsigned int flags; -+}; -+ -+ -+/******************** filename_transition queries ********************/ -+ -+int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v) -+{ -+ apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL; -+ int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans; -+ char *bool_name = NULL; -+ *v = NULL; -+ unsigned int flags = 0; -+ qpol_iterator_t *iter = NULL, *type_iter = NULL; -+ -+ if (t != NULL) { -+ flags = t->flags; -+ is_regex = t->flags & APOL_QUERY_REGEX; -+ if (t->source != NULL && -+ (source_list = -+ apol_query_create_candidate_type_list(p, t->source, is_regex, -+ t->flags & APOL_QUERY_SOURCE_INDIRECT, -+ ((t->flags & (APOL_QUERY_SOURCE_TYPE | APOL_QUERY_SOURCE_ATTRIBUTE)) / -+ APOL_QUERY_SOURCE_TYPE))) == NULL) { -+ goto cleanup; -+ } -+ -+ if ((t->flags & APOL_QUERY_SOURCE_AS_ANY) && t->source != NULL) { -+ default_list = target_list = source_list; -+ source_as_any = 1; -+ } else { -+ if (t->target != NULL && -+ (target_list = -+ apol_query_create_candidate_type_list(p, t->target, is_regex, -+ t->flags & APOL_QUERY_TARGET_INDIRECT, -+ ((t-> -+ flags & (APOL_QUERY_TARGET_TYPE | APOL_QUERY_TARGET_ATTRIBUTE)) -+ / APOL_QUERY_TARGET_TYPE))) == NULL) { -+ goto cleanup; -+ } -+ if (t->default_type != NULL && -+ (default_list = -+ apol_query_create_candidate_type_list(p, t->default_type, is_regex, 0, -+ APOL_QUERY_SYMBOL_IS_TYPE)) == NULL) { -+ goto cleanup; -+ } -+ } -+ if (t->classes != NULL && -+ apol_vector_get_size(t->classes) > 0 && -+ (class_list = apol_query_create_candidate_class_list(p, t->classes)) == NULL) { -+ goto cleanup; -+ } -+ } -+ -+ if (qpol_policy_get_filename_trans_iter(p->p, &iter) < 0) { -+ return -1; -+ } -+ -+ if ((*v = apol_vector_create(NULL)) == NULL) { -+ ERR(p, "%s", strerror(errno)); -+ goto cleanup; -+ } -+ -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ qpol_filename_trans_t *filename_trans; -+ if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) { -+ goto cleanup; -+ } -+ int match_source = 0, match_target = 0, match_default = 0, match_bool = 0; -+ size_t i; -+ -+ if (source_list == NULL) { -+ match_source = 1; -+ } else { -+ const qpol_type_t *source_type; -+ if (qpol_filename_trans_get_source_type(p->p, filename_trans, &source_type) < 0) { -+ goto cleanup; -+ } -+ if (apol_vector_get_index(source_list, source_type, NULL, NULL, &i) == 0) { -+ match_source = 1; -+ } -+ } -+ -+ /* if source did not match, but treating source symbol -+ * as any field, then delay rejecting this filename_trans until -+ * the target and default have been checked */ -+ if (!source_as_any && !match_source) { -+ continue; -+ } -+ -+ if (target_list == NULL || (source_as_any && match_source)) { -+ match_target = 1; -+ } else { -+ const qpol_type_t *target_type; -+ if (qpol_filename_trans_get_target_type(p->p, filename_trans, &target_type) < 0) { -+ goto cleanup; -+ } -+ if (apol_vector_get_index(target_list, target_type, NULL, NULL, &i) == 0) { -+ match_target = 1; -+ } -+ } -+ -+ if (!source_as_any && !match_target) { -+ continue; -+ } -+ -+ if (default_list == NULL || (source_as_any && match_source) || (source_as_any && match_target)) { -+ match_default = 1; -+ } else { -+ const qpol_type_t *default_type; -+ if (qpol_filename_trans_get_default_type(p->p, filename_trans, &default_type) < 0) { -+ goto cleanup; -+ } -+ if (apol_vector_get_index(default_list, default_type, NULL, NULL, &i) == 0) { -+ match_default = 1; -+ } -+ } -+ -+ if (!source_as_any && !match_default) { -+ continue; -+ } -+ /* at least one thing must match if source_as_any was given */ -+ if (source_as_any && (!match_source && !match_target && !match_default)) { -+ continue; -+ } -+ -+ if (class_list != NULL) { -+ const qpol_class_t *obj_class; -+ if (qpol_filename_trans_get_object_class(p->p, filename_trans, &obj_class) < 0) { -+ goto cleanup; -+ } -+ if (apol_vector_get_index(class_list, obj_class, NULL, NULL, &i) < 0) { -+ continue; -+ } -+ } -+ -+ if (apol_vector_append(*v, filename_trans)) { -+ ERR(p, "%s", strerror(ENOMEM)); -+ goto cleanup; -+ } -+ } -+ -+ retval = 0; -+ cleanup: -+ if (retval != 0) { -+ apol_vector_destroy(v); -+ } -+ apol_vector_destroy(&source_list); -+ if (!source_as_any) { -+ apol_vector_destroy(&target_list); -+ apol_vector_destroy(&default_list); -+ } -+ apol_vector_destroy(&class_list); -+ return retval; -+} -+ -+apol_filename_trans_query_t *apol_filename_trans_query_create(void) -+{ -+ apol_filename_trans_query_t *t = calloc(1, sizeof(apol_filename_trans_query_t)); -+ if (t != NULL) { -+ t->flags = -+ (APOL_QUERY_SOURCE_TYPE | APOL_QUERY_SOURCE_ATTRIBUTE | APOL_QUERY_TARGET_TYPE | -+ APOL_QUERY_TARGET_ATTRIBUTE); -+ } -+ return t; -+} -+ -+void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** r) -+{ -+ if (r != NULL && *r != NULL) { -+ free((*r)->source); -+ free((*r)->target); -+ free((*r)->default_type); -+ free((*r)->name); -+ free(*r); -+ *r = NULL; -+ } -+} -+ -+int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename, int is_indirect) -+{ -+ apol_query_set_flag(p, &t->flags, is_indirect, APOL_QUERY_TARGET_INDIRECT); -+ return apol_query_set(p, &t->source, NULL, filename); -+} -+ -+int apol_filename_trans_query_set_target(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *type, int is_indirect) -+{ -+ apol_query_set_flag(p, &t->flags, is_indirect, APOL_QUERY_TARGET_INDIRECT); -+ return apol_query_set(p, &t->target, NULL, type); -+} -+ -+int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *symbol) -+{ -+ return apol_query_set(p, &t->default_type, NULL, symbol); -+} -+ -+int apol_filename_trans_query_append_class(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *obj_class) -+{ -+ char *s = NULL; -+ if (obj_class == NULL) { -+ apol_vector_destroy(&t->classes); -+ } else if ((s = strdup(obj_class)) == NULL || (t->classes == NULL && (t->classes = apol_vector_create(free)) == NULL) -+ || apol_vector_append(t->classes, s) < 0) { -+ ERR(p, "%s", strerror(errno)); -+ free(s); -+ return -1; -+ } -+ return 0; -+} -+ -+int apol_filename_trans_query_set_name(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename) -+{ -+ return apol_query_set(p, &t->name, NULL, filename); -+} -+ -+int apol_filename_trans_query_set_source_any(const apol_policy_t * p, apol_filename_trans_query_t * t, int is_any) -+{ -+ return apol_query_set_flag(p, &t->flags, is_any, APOL_QUERY_SOURCE_AS_ANY); -+} -+ -+int apol_filename_trans_query_set_regex(const apol_policy_t * p, apol_filename_trans_query_t * t, int is_regex) -+{ -+ return apol_query_set_regex(p, &t->flags, is_regex); -+} -+ -+char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filename_trans_t * filename_trans) -+{ -+ char *tmp = NULL; -+ const char *tmp_name = NULL; -+ const char *filename_trans_type_str; -+ int error = 0; -+ size_t tmp_sz = 0; -+ uint32_t filename_trans_type = 0; -+ const qpol_type_t *type = NULL; -+ const qpol_class_t *obj_class = NULL; -+ -+ if (!policy || !filename_trans) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ /* source type */ -+ if (qpol_filename_trans_get_source_type(policy->p, filename_trans, &type)) { -+ error = errno; -+ goto err; -+ } -+ if (qpol_type_get_name(policy->p, type, &tmp_name)) { -+ error = errno; -+ goto err; -+ } -+ if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) { -+ error = errno; -+ ERR(policy, "%s", strerror(error)); -+ goto err; -+ } -+ -+ /* target type */ -+ if (qpol_filename_trans_get_target_type(policy->p, filename_trans, &type)) { -+ error = errno; -+ goto err; -+ } -+ if (qpol_type_get_name(policy->p, type, &tmp_name)) { -+ error = errno; -+ goto err; -+ } -+ if (apol_str_appendf(&tmp, &tmp_sz, "%s : ", tmp_name)) { -+ error = errno; -+ ERR(policy, "%s", strerror(error)); -+ goto err; -+ } -+ -+ /* object class */ -+ if (qpol_filename_trans_get_object_class(policy->p, filename_trans, &obj_class)) { -+ error = errno; -+ goto err; -+ } -+ if (qpol_class_get_name(policy->p, obj_class, &tmp_name)) { -+ error = errno; -+ goto err; -+ } -+ if (apol_str_appendf(&tmp, &tmp_sz, "%s ", tmp_name)) { -+ error = errno; -+ ERR(policy, "%s", strerror(error)); -+ goto err; -+ } -+ -+ /* default type */ -+ if (qpol_filename_trans_get_default_type(policy->p, filename_trans, &type)) { -+ error = errno; -+ goto err; -+ } -+ if (qpol_type_get_name(policy->p, type, &tmp_name)) { -+ error = errno; -+ goto err; -+ } -+ if (apol_str_appendf(&tmp, &tmp_sz, "%s", tmp_name)) { -+ error = errno; -+ ERR(policy, "%s", strerror(error)); -+ goto err; -+ } -+ -+ if (qpol_filename_trans_get_filename(policy->p, filename_trans, &tmp_name)) { -+ error = errno; -+ goto err; -+ } -+ -+ if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) { -+ error = errno; -+ ERR(policy, "%s", strerror(error)); -+ goto err; -+ } -+ -+ if (apol_str_appendf(&tmp, &tmp_sz, ";")) { -+ error = errno; -+ ERR(policy, "%s", strerror(error)); -+ goto err; -+ } -+ return tmp; -+ -+ err: -+ free(tmp); -+ errno = error; -+ return NULL; -+} -diff --git a/libapol/src/libapol.map b/libapol/src/libapol.map -index 4894374..7657a2d 100644 ---- a/libapol/src/libapol.map -+++ b/libapol/src/libapol.map -@@ -34,6 +34,7 @@ VERS_4.0{ - apol_protocol_to_str; - apol_qpol_context_render; - apol_range_trans_*; -+ apol_filename_trans_*; - apol_relabel_*; - apol_role_*; - apol_role_allow_*; -diff --git a/libqpol/include/qpol/ftrule_query.h b/libqpol/include/qpol/ftrule_query.h -new file mode 100644 -index 0000000..1f533a4 ---- /dev/null -+++ b/libqpol/include/qpol/ftrule_query.h -@@ -0,0 +1,116 @@ -+/** -+ * @file -+ * Defines public interface for iterating over FTRULE rules. -+ * -+ * @author Kevin Carr kcarr@tresys.com -+ * @author Jeremy A. Mowery jmowery@tresys.com -+ * @author Jason Tang jtang@tresys.com -+ * -+ * Copyright (C) 2006-2007 Tresys Technology, LLC -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#ifndef QPOL_FTRULERULE_QUERY -+#define QPOL_FTRULERULE_QUERY -+ -+#ifdef __cplusplus -+extern "C" -+{ -+#endif -+ -+#include -+#include -+ -+ typedef struct qpol_filename_trans qpol_filename_trans_t; -+ -+/** -+ * Get an iterator over all filename transition rules in the policy. -+ * @param policy Policy from which to create the iterator. -+ * @param iter Iterator over items of type qpol_filename_trans_t returned. -+ * The caller is responsible for calling qpol_iterator_destroy() -+ * to free memory used by this iterator. -+ * It is important to note that this iterator is only valid as long as -+ * the policy is unmodifed. -+ * @returm 0 on success and < 0 on failure; if the call fails, -+ * errno will be set and *iter will be NULL. -+ */ -+ extern int qpol_policy_get_filename_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter); -+ -+/** -+ * Get the source type from a filename transition rule. -+ * @param policy The policy from which the rule comes. -+ * @param rule The rule from which to get the source type. -+ * @param source Pointer in which to store the source type. -+ * The caller should not free this pointer. -+ * @return 0 on success and < 0 on failure; if the call fails, -+ * errno will be set and *source will be NULL. -+ */ -+ extern int qpol_filename_trans_get_source_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, -+ const qpol_type_t ** source); -+ -+/** -+ * Get the target type from a filename transition rule. -+ * @param policy The policy from which the rule comes. -+ * @param rule The rule from which to get the target type. -+ * @param target Pointer in which to store the target type. -+ * The caller should not free this pointer. -+ * @return 0 on success and < 0 on failure; if the call fails, -+ * errno will be set and *target will be NULL. -+ */ -+ extern int qpol_filename_trans_get_target_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, -+ const qpol_type_t ** target); -+ -+/** -+ * Get the default type from a type rule. -+ * @param policy Policy from which the rule comes. -+ * @param rule The rule from which to get the default type. -+ * @param dflt Pointer in which to store the default type. -+ * The caller should not free this pointer. -+ * @returm 0 on success and < 0 on failure; if the call fails, -+ * errno will be set and *dflt will be NULL. -+ */ -+ extern int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, -+ const qpol_type_t ** dflt); -+ -+/** -+ * Get the object class from a type rule. -+ * @param policy Policy from which the rule comes. -+ * @param rule The rule from which to get the object class. -+ * @param obj_class Pointer in which to store the object class. -+ * The caller should not free this pointer. -+ * @returm 0 on success and < 0 on failure; if the call fails, -+ * errno will be set and *obj_class will be NULL. -+ */ -+ extern int qpol_filename_trans_get_object_class(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, -+ const qpol_class_t ** obj_class); -+ -+/** -+ * Get the transition filename type from a type rule. -+ * @param policy Policy from which the rule comes. -+ * @param rule The rule from which to get the transition filename. -+ * @param target Pointer in which to store the transition filename. -+ * The caller should not free this pointer. -+ * @returm 0 on success and < 0 on failure; if the call fails, -+ * errno will be set and *target will be NULL. -+ */ -+ extern int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, -+ const char ** name); -+ -+#ifdef __cplusplus -+} -+#endif -+ -+#endif /* QPOL_FTRULERULE_QUERY */ -diff --git a/libqpol/include/qpol/policy.h b/libqpol/include/qpol/policy.h -index ae4ea08..bf85718 100644 ---- a/libqpol/include/qpol/policy.h -+++ b/libqpol/include/qpol/policy.h -@@ -55,6 +55,7 @@ extern "C" - #include - #include - #include -+#include - #include - #include - #include -diff --git a/libqpol/src/Makefile.am b/libqpol/src/Makefile.am -index 34d87a6..0889a61 100644 ---- a/libqpol/src/Makefile.am -+++ b/libqpol/src/Makefile.am -@@ -48,6 +48,7 @@ libqpol_a_SOURCES = \ - syn_rule_internal.h \ - syn_rule_query.c \ - terule_query.c \ -+ ftrule_query.c \ - type_query.c \ - user_query.c \ - util.c \ -diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c -new file mode 100644 -index 0000000..d6db848 ---- /dev/null -+++ b/libqpol/src/ftrule_query.c -@@ -0,0 +1,277 @@ -+/** -+ * @file -+ * Defines public interface for iterating over RBAC rules. -+ * -+ * @author Jeremy A. Mowery jmowery@tresys.com -+ * @author Jason Tang jtang@tresys.com -+ * -+ * Copyright (C) 2006-2007 Tresys Technology, LLC -+ * -+ * This library is free software; you can redistribute it and/or -+ * modify it under the terms of the GNU Lesser General Public -+ * License as published by the Free Software Foundation; either -+ * version 2.1 of the License, or (at your option) any later version. -+ * -+ * This library is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -+ * Lesser General Public License for more details. -+ * -+ * You should have received a copy of the GNU Lesser General Public -+ * License along with this library; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+#include -+#include -+#include -+#include -+#include "iterator_internal.h" -+#include "qpol_internal.h" -+#include -+ -+typedef struct filename_trans_state -+{ -+ filename_trans_t *head; -+ filename_trans_t *cur; -+} filename_trans_state_t; -+ -+static int filename_trans_state_end(const qpol_iterator_t * iter) -+{ -+ filename_trans_state_t *fts = NULL; -+ -+ if (!iter || !(fts = qpol_iterator_state(iter))) { -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ return fts->cur ? 0 : 1; -+} -+ -+static void *filename_trans_state_get_cur(const qpol_iterator_t * iter) -+{ -+ filename_trans_state_t *fts = NULL; -+ const policydb_t *db = NULL; -+ -+ if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter)) || filename_trans_state_end(iter)) { -+ errno = EINVAL; -+ return NULL; -+ } -+ -+ return fts->cur; -+} -+ -+static int filename_trans_state_next(qpol_iterator_t * iter) -+{ -+ filename_trans_state_t *fts = NULL; -+ const policydb_t *db = NULL; -+ -+ if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter))) { -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ if (filename_trans_state_end(iter)) { -+ errno = ERANGE; -+ return STATUS_ERR; -+ } -+ -+ fts->cur = fts->cur->next; -+ -+ return STATUS_SUCCESS; -+} -+ -+static size_t filename_trans_state_size(const qpol_iterator_t * iter) -+{ -+ filename_trans_state_t *fts = NULL; -+ const policydb_t *db = NULL; -+ filename_trans_t *tmp = NULL; -+ size_t count = 0; -+ -+ if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter))) { -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ for (tmp = fts->head; tmp; tmp = tmp->next) -+ count++; -+ -+ return count; -+} -+ -+int qpol_policy_get_filename_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter) -+{ -+ policydb_t *db = NULL; -+ filename_trans_state_t *fts = NULL; -+ int error = 0; -+ -+ if (iter) -+ *iter = NULL; -+ -+ if (!policy || !iter) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ db = &policy->p->p; -+ -+ fts = calloc(1, sizeof(filename_trans_state_t)); -+ if (!fts) { -+ /* errno set by calloc */ -+ ERR(policy, "%s", strerror(errno)); -+ return STATUS_ERR; -+ } -+ fts->head = fts->cur = db->filename_trans; -+ -+ if (qpol_iterator_create -+ (policy, (void *)fts, filename_trans_state_get_cur, filename_trans_state_next, filename_trans_state_end, filename_trans_state_size, -+ free, iter)) { -+ error = errno; -+ free(fts); -+ errno = error; -+ return STATUS_ERR; -+ } -+ -+ return STATUS_SUCCESS; -+} -+ -+int qpol_filename_trans_get_source_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** source) -+{ -+ policydb_t *db = NULL; -+ filename_trans_t *ft = NULL; -+ -+ if (source) { -+ *source = NULL; -+ } -+ -+ if (!policy || !rule || !source) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ db = &policy->p->p; -+ ft = (filename_trans_t *) rule; -+ -+ *source = (qpol_type_t *) db->type_val_to_struct[ft->stype - 1]; -+ -+ return STATUS_SUCCESS; -+} -+ -+int qpol_filename_trans_get_target_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** target) -+{ -+ policydb_t *db = NULL; -+ filename_trans_t *ft = NULL; -+ -+ if (target) { -+ *target = NULL; -+ } -+ -+ if (!policy || !rule || !target) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ db = &policy->p->p; -+ ft = (filename_trans_t *) rule; -+ -+ *target = (qpol_type_t *) db->type_val_to_struct[ft->ttype - 1]; -+ -+ return STATUS_SUCCESS; -+} -+ -+int qpol_filename_trans_get_object_class(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, -+ const qpol_class_t ** obj_class) -+{ -+ policydb_t *db = NULL; -+ filename_trans_t *ft = NULL; -+ -+ if (obj_class) { -+ *obj_class = NULL; -+ } -+ -+ if (!policy || !rule || !obj_class) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ db = &policy->p->p; -+ ft = (filename_trans_t *) rule; -+ -+ *obj_class = (qpol_class_t *) db->class_val_to_struct[ft->tclass - 1]; -+ -+ return STATUS_SUCCESS; -+} -+ -+int qpol_filename_trans_get_trans_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** output_type) -+{ -+ policydb_t *db = NULL; -+ filename_trans_t *ft = NULL; -+ -+ if (output_type) { -+ *output_type = NULL; -+ } -+ -+ if (!policy || !rule || !output_type) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ db = &policy->p->p; -+ ft = (filename_trans_t *) rule; -+ -+ *output_type = (qpol_type_t *) db->type_val_to_struct[ft->otype - 1]; -+ -+ return STATUS_SUCCESS; -+} -+ -+int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** dflt) -+{ -+ policydb_t *db = NULL; -+ filename_trans_t *ft = NULL; -+ -+ if (dflt) { -+ *dflt = NULL; -+ } -+ -+ if (!policy || !rule || !dflt) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ db = &policy->p->p; -+ ft = (filename_trans_t *) rule; -+ -+ *dflt = (qpol_type_t *) db->type_val_to_struct[ft->otype - 1]; -+ -+ return STATUS_SUCCESS; -+} -+ -+int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name) -+{ -+ policydb_t *db = NULL; -+ filename_trans_t *ft = NULL; -+ -+ if (name) { -+ *name = NULL; -+ } -+ -+ if (!policy || !rule || !name) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return STATUS_ERR; -+ } -+ -+ db = &policy->p->p; -+ ft = (filename_trans_t *) rule; -+ -+ *name = ft->name; -+ -+ return STATUS_SUCCESS; -+} -+ -diff --git a/libqpol/src/libqpol.map b/libqpol/src/libqpol.map -index dd293bc..6973cca 100644 ---- a/libqpol/src/libqpol.map -+++ b/libqpol/src/libqpol.map -@@ -34,6 +34,7 @@ VERS_1.2 { - qpol_policy_reevaluate_conds; - qpol_portcon_*; - qpol_range_trans_*; -+ qpol_filename_trans_*; - qpol_role_*; - qpol_syn_avrule_*; - qpol_syn_terule_*; -diff --git a/libqpol/src/module_compiler.c b/libqpol/src/module_compiler.c -index dc19798..b06e285 100644 ---- a/libqpol/src/module_compiler.c -+++ b/libqpol/src/module_compiler.c -@@ -1247,6 +1247,18 @@ void append_role_allow(role_allow_rule_t * role_allow_rules) - } - - /* this doesn't actually append, but really prepends it */ -+void append_filename_trans(filename_trans_rule_t * filename_trans_rules) -+{ -+ avrule_decl_t *decl = stack_top->decl; -+ -+ /* filename transitions are not allowed within conditionals */ -+ assert(stack_top->type == 1); -+ -+ filename_trans_rules->next = decl->filename_trans_rules; -+ decl->filename_trans_rules = filename_trans_rules; -+} -+ -+/* this doesn't actually append, but really prepends it */ - void append_range_trans(range_trans_rule_t * range_tr_rules) - { - avrule_decl_t *decl = stack_top->decl; -diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c -index c94f7aa..0f3a45a 100644 ---- a/libqpol/src/policy_define.c -+++ b/libqpol/src/policy_define.c -@@ -2133,7 +2133,7 @@ int define_role_trans(void) - - /* This ebitmap business is just to ensure that there are not conflicting role_trans rules */ - #ifdef HAVE_SEPOL_USER_ROLE_MAPPING -- if (role_set_expand(&roles, &e_roles, policydbp, NULL)) -+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL)) - #else - if (role_set_expand(&roles, &e_roles, policydbp)) - #endif -@@ -2226,6 +2226,190 @@ int define_role_allow(void) - return 0; - } - -+avrule_t *define_cond_filename_trans(void) -+{ -+ yyerror("type transitions with a filename not allowed inside " -+ "conditionals\n"); -+ return COND_ERR; -+} -+ -+int define_filename_trans(void) -+{ -+ char *id, *name = NULL; -+ type_set_t stypes, ttypes; -+ ebitmap_t e_stypes, e_ttypes; -+ ebitmap_t e_tclasses; -+ ebitmap_node_t *snode, *tnode, *cnode; -+ filename_trans_t *ft; -+ filename_trans_rule_t *ftr; -+ class_datum_t *cladatum; -+ type_datum_t *typdatum; -+ uint32_t otype; -+ unsigned int c, s, t; -+ int add; -+ -+ if (pass == 1) { -+ /* stype */ -+ while ((id = queue_remove(id_queue))) -+ free(id); -+ /* ttype */ -+ while ((id = queue_remove(id_queue))) -+ free(id); -+ /* tclass */ -+ while ((id = queue_remove(id_queue))) -+ free(id); -+ /* otype */ -+ id = queue_remove(id_queue); -+ free(id); -+ /* name */ -+ id = queue_remove(id_queue); -+ free(id); -+ return 0; -+ } -+ -+ -+ add = 1; -+ type_set_init(&stypes); -+ while ((id = queue_remove(id_queue))) { -+ if (set_types(&stypes, id, &add, 0)) -+ goto bad; -+ } -+ -+ add =1; -+ type_set_init(&ttypes); -+ while ((id = queue_remove(id_queue))) { -+ if (set_types(&ttypes, id, &add, 0)) -+ goto bad; -+ } -+ -+ ebitmap_init(&e_tclasses); -+ while ((id = queue_remove(id_queue))) { -+ if (!is_id_in_scope(SYM_CLASSES, id)) { -+ yyerror2("class %s is not within scope", id); -+ free(id); -+ goto bad; -+ } -+ cladatum = hashtab_search(policydbp->p_classes.table, id); -+ if (!cladatum) { -+ yyerror2("unknown class %s", id); -+ goto bad; -+ } -+ if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) { -+ yyerror("Out of memory"); -+ goto bad; -+ } -+ free(id); -+ } -+ -+ id = (char *)queue_remove(id_queue); -+ if (!id) { -+ yyerror("no otype in transition definition?"); -+ goto bad; -+ } -+ if (!is_id_in_scope(SYM_TYPES, id)) { -+ yyerror2("type %s is not within scope", id); -+ free(id); -+ goto bad; -+ } -+ typdatum = hashtab_search(policydbp->p_types.table, id); -+ if (!typdatum) { -+ yyerror2("unknown type %s used in transition definition", id); -+ goto bad; -+ } -+ free(id); -+ otype = typdatum->s.value; -+ -+ name = queue_remove(id_queue); -+ if (!name) { -+ yyerror("no pathname specified in filename_trans definition?"); -+ goto bad; -+ } -+ -+ /* We expand the class set into seperate rules. We expand the types -+ * just to make sure there are not duplicates. They will get turned -+ * into seperate rules later */ -+ ebitmap_init(&e_stypes); -+ if (type_set_expand(&stypes, &e_stypes, policydbp, 1)) -+ goto bad; -+ -+ ebitmap_init(&e_ttypes); -+ if (type_set_expand(&ttypes, &e_ttypes, policydbp, 1)) -+ goto bad; -+ -+ ebitmap_for_each_bit(&e_tclasses, cnode, c) { -+ if (!ebitmap_node_get_bit(cnode, c)) -+ continue; -+ ebitmap_for_each_bit(&e_stypes, snode, s) { -+ if (!ebitmap_node_get_bit(snode, s)) -+ continue; -+ ebitmap_for_each_bit(&e_ttypes, tnode, t) { -+ if (!ebitmap_node_get_bit(tnode, t)) -+ continue; -+ -+ for (ft = policydbp->filename_trans; ft; ft = ft->next) { -+ if (ft->stype == (s + 1) && -+ ft->ttype == (t + 1) && -+ ft->tclass == (c + 1) && -+ !strcmp(ft->name, name)) { -+ yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s", -+ name, -+ policydbp->p_type_val_to_name[s], -+ policydbp->p_type_val_to_name[t], -+ policydbp->p_class_val_to_name[c]); -+ goto bad; -+ } -+ } -+ -+ ft = malloc(sizeof(*ft)); -+ if (!ft) { -+ yyerror("out of memory"); -+ goto bad; -+ } -+ memset(ft, 0, sizeof(*ft)); -+ -+ ft->next = policydbp->filename_trans; -+ policydbp->filename_trans = ft; -+ -+ ft->name = strdup(name); -+ if (!ft->name) { -+ yyerror("out of memory"); -+ goto bad; -+ } -+ ft->stype = s + 1; -+ ft->ttype = t + 1; -+ ft->tclass = c + 1; -+ ft->otype = otype; -+ } -+ } -+ -+ /* Now add the real rule since we didn't find any duplicates */ -+ ftr = malloc(sizeof(*ftr)); -+ if (!ftr) { -+ yyerror("out of memory"); -+ goto bad; -+ } -+ filename_trans_rule_init(ftr); -+ append_filename_trans(ftr); -+ -+ ftr->name = strdup(name); -+ ftr->stypes = stypes; -+ ftr->ttypes = ttypes; -+ ftr->tclass = c + 1; -+ ftr->otype = otype; -+ } -+ -+ free(name); -+ ebitmap_destroy(&e_stypes); -+ ebitmap_destroy(&e_ttypes); -+ ebitmap_destroy(&e_tclasses); -+ -+ return 0; -+ -+bad: -+ free(name); -+ return -1; -+} -+ - static constraint_expr_t *constraint_expr_clone(constraint_expr_t * expr) - { - constraint_expr_t *h = NULL, *l = NULL, *e, *newe; -diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y -index 84f4114..dc16c6f 100644 ---- a/libqpol/src/policy_parse.y -+++ b/libqpol/src/policy_parse.y -@@ -98,6 +98,7 @@ extern char *qpol_src_inputlim;/* end of data */ - %type require_decl_def - - %token PATH -+%token FILENAME - %token CLONE - %token COMMON - %token CLASS -@@ -360,7 +361,10 @@ cond_rule_def : cond_transition_def - | require_block - { $$ = NULL; } - ; --cond_transition_def : TYPE_TRANSITION names names ':' names identifier ';' -+cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' -+ { $$ = define_cond_filename_trans() ; -+ if ($$ == COND_ERR) return -1;} -+ | TYPE_TRANSITION names names ':' names identifier ';' - { $$ = define_cond_compute_type(AVRULE_TRANSITION) ; - if ($$ == COND_ERR) return -1;} - | TYPE_MEMBER names names ':' names identifier ';' -@@ -395,7 +399,9 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';' - { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT); - if ($$ == COND_ERR) return -1; } - ; --transition_def : TYPE_TRANSITION names names ':' names identifier ';' -+transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' -+ {if (define_filename_trans()) return -1; } -+ | TYPE_TRANSITION names names ':' names identifier ';' - {if (define_compute_type(AVRULE_TRANSITION)) return -1;} - | TYPE_MEMBER names names ':' names identifier ';' - {if (define_compute_type(AVRULE_MEMBER)) return -1;} -@@ -752,6 +758,9 @@ identifier : IDENTIFIER - path : PATH - { if (insert_id(yytext,0)) return -1; } - ; -+filename : FILENAME -+ { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } -+ ; - number : NUMBER - { $$ = strtoul(yytext,NULL,0); } - ; -diff --git a/libqpol/src/policy_scan.l b/libqpol/src/policy_scan.l -index 75485f3..30203cd 100644 ---- a/libqpol/src/policy_scan.l -+++ b/libqpol/src/policy_scan.l -@@ -235,6 +235,7 @@ POLICYCAP { return(POLICYCAP); } - permissive | - PERMISSIVE { return(PERMISSIVE); } - "/"({alnum}|[_\.\-/])* { return(PATH); } -+\"({alnum}|[_\.\-])+\" { return(FILENAME); } - {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } - {digit}+|0x{hexval}+ { return(NUMBER); } - {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } -diff --git a/secmds/sesearch.c b/secmds/sesearch.c -index ec0315f..e44b3bc 100644 ---- a/secmds/sesearch.c -+++ b/secmds/sesearch.c -@@ -575,6 +575,95 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt - free(expr); - } - -+static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) -+{ -+ apol_filename_trans_query_t *ftq = NULL; -+ int error = 0; -+ -+ if (!policy || !opt || !v) { -+ ERR(policy, "%s", strerror(EINVAL)); -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) { -+ *v = NULL; -+ return 0; /* no search to do */ -+ } -+ -+ ftq = apol_filename_trans_query_create(); -+ if (!ftq) { -+ ERR(policy, "%s", strerror(ENOMEM)); -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ apol_filename_trans_query_set_regex(policy, ftq, opt->useregex); -+ if (opt->src_name) { -+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) { -+ error = errno; -+ goto err; -+ } -+ } -+ if (opt->tgt_name) { -+ if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) { -+ error = errno; -+ goto err; -+ } -+ } -+ -+ if (apol_filename_trans_get_by_query(policy, ftq, v)) { -+ error = errno; -+ goto err; -+ } -+ -+ apol_filename_trans_query_destroy(&ftq); -+ return 0; -+ -+ err: -+ apol_vector_destroy(v); -+ apol_filename_trans_query_destroy(&ftq); -+ ERR(policy, "%s", strerror(error)); -+ errno = error; -+ return -1; -+} -+ -+static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v) -+{ -+ qpol_policy_t *q = apol_policy_get_qpol(policy); -+ size_t i, num_rules = 0; -+ const qpol_filename_trans_t *rule = NULL; -+ char *tmp = NULL, *rule_str = NULL, *expr = NULL; -+ char enable_char = ' ', branch_char = ' '; -+ qpol_iterator_t *iter = NULL; -+ const qpol_cond_t *cond = NULL; -+ uint32_t enabled = 0, list = 0; -+ -+ if (!(num_rules = apol_vector_get_size(v))) -+ goto cleanup; -+ -+ fprintf(stdout, "Found %zd named file transition rules:\n", num_rules); -+ -+ for (i = 0; i < num_rules; i++) { -+ enable_char = branch_char = ' '; -+ if (!(rule = apol_vector_get_element(v, i))) -+ goto cleanup; -+ -+ if (!(rule_str = apol_filename_trans_render(policy, rule))) -+ goto cleanup; -+ fprintf(stdout, "%s %s\n", rule_str, expr ? expr : ""); -+ free(rule_str); -+ rule_str = NULL; -+ free(expr); -+ expr = NULL; -+ } -+ -+ cleanup: -+ free(tmp); -+ free(rule_str); -+ free(expr); -+} -+ - static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) - { - apol_role_allow_query_t *raq = NULL; -@@ -1128,6 +1217,18 @@ int main(int argc, char **argv) - print_te_results(policy, &cmd_opts, v); - fprintf(stdout, "\n"); - } -+ -+ if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) { -+ apol_vector_destroy(&v); -+ if (perform_ft_query(policy, &cmd_opts, &v)) { -+ rt = 1; -+ goto cleanup; -+ } -+ -+ print_ft_results(policy, &cmd_opts, v); -+ fprintf(stdout, "\n"); -+ } -+ - apol_vector_destroy(&v); - if (perform_ra_query(policy, &cmd_opts, &v)) { - rt = 1; --- -1.7.6.2 - -diff -up setools-3.3.7/libapol/include/apol/Makefile.am.filenametrans setools-3.3.7/libapol/include/apol/Makefile.am ---- setools-3.3.7/libapol/include/apol/Makefile.am.filenametrans 2009-07-14 14:03:27.000000000 -0400 -+++ setools-3.3.7/libapol/include/apol/Makefile.am 2011-10-26 16:24:59.948130442 -0400 -@@ -27,6 +27,7 @@ apol_HEADERS = \ - relabel-analysis.h \ - render.h \ - role-query.h \ -+ ftrule-query.h \ - terule-query.h \ - type-query.h \ - types-relation-analysis.h \ -diff -up setools-3.3.7/libqpol/include/qpol/Makefile.am.filenametrans setools-3.3.7/libqpol/include/qpol/Makefile.am ---- setools-3.3.7/libqpol/include/qpol/Makefile.am.filenametrans 2011-10-26 16:22:28.723523155 -0400 -+++ setools-3.3.7/libqpol/include/qpol/Makefile.am 2011-10-26 16:22:41.283493767 -0400 -@@ -25,6 +25,7 @@ qpol_HEADERS = \ - role_query.h \ - syn_rule_query.h \ - terule_query.h \ -+ ftrule_query.h \ - type_query.h \ - user_query.h \ - util.h diff --git a/0007-Remove-unused-variables.patch b/0007-Remove-unused-variables.patch deleted file mode 100644 index dfa532c..0000000 --- a/0007-Remove-unused-variables.patch +++ /dev/null @@ -1,277 +0,0 @@ -From e30036e358b8f1c3f56048b467e8646fa3bfffb6 Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Tue, 20 Sep 2011 16:40:26 -0400 -Subject: [PATCH 7/7] Remove unused variables - ---- - libapol/src/ftrule-query.c | 11 ++---- - libqpol/src/ftrule_query.c | 2 - - secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++----------- - 3 files changed, 68 insertions(+), 31 deletions(-) - -diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c -index dc248de..9c7a23b 100644 ---- a/libapol/src/ftrule-query.c -+++ b/libapol/src/ftrule-query.c -@@ -45,14 +45,11 @@ struct apol_filename_trans_query - int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v) - { - apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL; -- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans; -- char *bool_name = NULL; -+ int retval = -1, source_as_any = 0, is_regex = 0; - *v = NULL; -- unsigned int flags = 0; -- qpol_iterator_t *iter = NULL, *type_iter = NULL; -+ qpol_iterator_t *iter = NULL; - - if (t != NULL) { -- flags = t->flags; - is_regex = t->flags & APOL_QUERY_REGEX; - if (t->source != NULL && - (source_list = -@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam - if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) { - goto cleanup; - } -- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0; -+ int match_source = 0, match_target = 0, match_default = 0; - size_t i; - - if (source_list == NULL) { -@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena - { - char *tmp = NULL; - const char *tmp_name = NULL; -- const char *filename_trans_type_str; - int error = 0; - size_t tmp_sz = 0; -- uint32_t filename_trans_type = 0; - const qpol_type_t *type = NULL; - const qpol_class_t *obj_class = NULL; - -diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c -index d6db848..3148d30 100644 ---- a/libqpol/src/ftrule_query.c -+++ b/libqpol/src/ftrule_query.c -@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo - - int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name) - { -- policydb_t *db = NULL; - filename_trans_t *ft = NULL; - - if (name) { -@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi - return STATUS_ERR; - } - -- db = &policy->p->p; - ft = (filename_trans_t *) rule; - - *name = ft->name; -diff --git a/secmds/sesearch.c b/secmds/sesearch.c -index e44b3bc..319ffe7 100644 ---- a/secmds/sesearch.c -+++ b/secmds/sesearch.c -@@ -72,6 +72,7 @@ static struct option const longopts[] = { - - {"source", required_argument, NULL, 's'}, - {"target", required_argument, NULL, 't'}, -+ {"default", required_argument, NULL, 'D'}, - {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, - {"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, - {"class", required_argument, NULL, 'c'}, -@@ -92,6 +93,7 @@ typedef struct options - { - char *src_name; - char *tgt_name; -+ char *default_name; - char *src_role_name; - char *tgt_role_name; - char *class_name; -@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t * - tmp = apol_cond_expr_render(policy, cond); - enable_char = (enabled ? 'E' : 'D'); - branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt - qpol_iterator_destroy(&iter); - enable_char = (enabled ? 'E' : 'D'); - branch_char = (list ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t * - tmp = apol_cond_expr_render(policy, cond); - enable_char = (enabled ? 'E' : 'D'); - branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt - qpol_iterator_destroy(&iter); - enable_char = (enabled ? 'E' : 'D'); - branch_char = (list ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, - return -1; - } - -- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) { -+ if (!opt->type && !opt->all) { - *v = NULL; - return 0; /* no search to do */ - } -@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, - - apol_filename_trans_query_set_regex(policy, ftq, opt->useregex); - if (opt->src_name) { -- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) { -+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) { - error = errno; - goto err; - } - } -+ - if (opt->tgt_name) { - if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) { - error = errno; - goto err; - } - } -+ if (opt->default_name) { -+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) { -+ error = errno; -+ goto err; -+ } -+ } -+ -+ if (opt->class_name) { -+ if (opt->class_vector == NULL) { -+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) { -+ error = errno; -+ goto err; -+ } -+ } else { -+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { -+ char *class_name; -+ class_name = apol_vector_get_element(opt->class_vector, i); -+ if (!class_name) -+ continue; -+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) { -+ error = errno; -+ goto err; -+ } -+ } -+ } -+ } - - if (apol_filename_trans_get_by_query(policy, ftq, v)) { - error = errno; -@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, - - static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v) - { -- qpol_policy_t *q = apol_policy_get_qpol(policy); -- size_t i, num_rules = 0; -- const qpol_filename_trans_t *rule = NULL; -- char *tmp = NULL, *rule_str = NULL, *expr = NULL; -+ size_t i, num_filename_trans = 0; -+ const qpol_filename_trans_t *filename_trans = NULL; -+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; - char enable_char = ' ', branch_char = ' '; - qpol_iterator_t *iter = NULL; - const qpol_cond_t *cond = NULL; - uint32_t enabled = 0, list = 0; - -- if (!(num_rules = apol_vector_get_size(v))) -+ if (!(num_filename_trans = apol_vector_get_size(v))) - goto cleanup; - -- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules); -+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); - -- for (i = 0; i < num_rules; i++) { -+ for (i = 0; i < num_filename_trans; i++) { - enable_char = branch_char = ' '; -- if (!(rule = apol_vector_get_element(v, i))) -+ if (!(filename_trans = apol_vector_get_element(v, i))) - goto cleanup; - -- if (!(rule_str = apol_filename_trans_render(policy, rule))) -+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans))) - goto cleanup; -- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : ""); -- free(rule_str); -- rule_str = NULL; -+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : ""); -+ free(filename_trans_str); -+ filename_trans_str = NULL; - free(expr); - expr = NULL; - } - - cleanup: - free(tmp); -- free(rule_str); -+ free(filename_trans_str); - free(expr); - } - -@@ -930,7 +962,7 @@ int main(int argc, char **argv) - - memset(&cmd_opts, 0, sizeof(cmd_opts)); - cmd_opts.indirect = true; -- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) { -+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { - switch (optc) { - case 0: - break; -@@ -946,6 +978,18 @@ int main(int argc, char **argv) - exit(1); - } - break; -+ case 'D': /* source */ -+ if (optarg == 0) { -+ usage(argv[0], 1); -+ printf("Missing source default type for -D (--default)\n"); -+ exit(1); -+ } -+ cmd_opts.default_name = strdup(optarg); -+ if (!cmd_opts.default_name) { -+ -+ exit(1); -+ } -+ break; - case 't': /* target */ - if (optarg == 0) { - usage(argv[0], 1); -@@ -1218,7 +1262,7 @@ int main(int argc, char **argv) - fprintf(stdout, "\n"); - } - -- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) { -+ if (cmd_opts.all || cmd_opts.type) { - apol_vector_destroy(&v); - if (perform_ft_query(policy, &cmd_opts, &v)) { - rt = 1; --- -1.7.6.2 - diff --git a/0007-Setools-noship.patch b/0007-Setools-noship.patch deleted file mode 100644 index df93e5f..0000000 --- a/0007-Setools-noship.patch +++ /dev/null @@ -1,276 +0,0 @@ -From a39d0831d654292fb2a1f7b9ee18ecc9239f610f Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 18:38:34 +0200 -Subject: [PATCH 07/11] Setools noship - ---- - Makefile.am | 26 +++----------------------- - configure.ac | 2 +- - man/Makefile.am | 15 +++------------ - seaudit/Makefile.am | 31 +++---------------------------- - secmds/Makefile.am | 14 +------------- - sediff/Makefile.am | 32 ++------------------------------ - 6 files changed, 13 insertions(+), 107 deletions(-) - -diff --git a/Makefile.am b/Makefile.am -index 176c8ea..4cac386 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -10,7 +10,7 @@ if BUILD_GUI - endif - # sediffx is also built conditionally, from sediffx/Makefile.am - --SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python -+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python - - #old indent opts - #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc -@@ -49,12 +49,6 @@ seaudit: libqpol libapol libseaudit - sediff: libqpol libapol libpoldiff - $(MAKE) -C $(top_srcdir)/sediff sediff - --sediffx: libqpol libapol libpoldiff -- $(MAKE) -C $(top_srcdir)/sediff sediffx -- --sechecker: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/sechecker -- - help: - @echo "Make targets for SETools:" - @echo " all: build everything, but do not install" -@@ -65,8 +59,6 @@ help: - @echo " secmds: build command line tools" - @echo " seaudit: build audit log analysis tools" - @echo " sediff: build semantic policy diff command line tool" -- @echo " sediffx: build semantic policy diff graphical tool" -- @echo " sechecker: build policy checking tool" - @echo "" - @echo " install-logwatch: install LogWatch config files for seaudit-report" - @echo " (requires LogWatch and root privileges)" -@@ -78,9 +70,9 @@ install-logwatch: - $(MAKE) -C $(top_srcdir)/seaudit install-logwatch - - .PHONY: libqpol libapol libpoldiff libsefs libseaudit \ -- apol secmds seaudit sediff sediffx sechecker \ -+ apol secmds seaudit sediff \ - install-logwatch help \ -- seinfo sesearch indexcon findcon replcon searchcon \ -+ seinfo sesearch \ - packages - - seinfo: libqpol libapol -@@ -89,18 +81,6 @@ seinfo: libqpol libapol - sesearch: libqpol libapol - $(MAKE) -C $(top_srcdir)/secmds sesearch - --indexcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds indexcon -- --findcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds findcon -- --replcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds replcon -- --searchcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds searchcon -- - packages: - $(MAKE) -C $(top_srcdir)/packages - -diff --git a/configure.ac b/configure.ac -index 2a5b55b..5b1da5e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; then - fi - AC_PROG_CXX - AC_LANG([C]) --AC_PROG_LIBTOOL -+AC_PROG_RANLIB - AC_PROG_LN_S - AC_PROG_LEX - AC_PROG_YACC -diff --git a/man/Makefile.am b/man/Makefile.am -index 0fafccb..f88e00a 100644 ---- a/man/Makefile.am -+++ b/man/Makefile.am -@@ -1,19 +1,10 @@ - if BUILD_GUI - MAYBEMANS = apol.1 \ -- seaudit.8 seaudit-report.8 \ -- sediffx.1 -+ seaudit.8 - endif - - EXTRA_DIST=$(man_MANS) apol.1 \ -- seaudit.8 seaudit-report.8.in \ -- sediffx.1 -+ seaudit.8 - --man_MANS = findcon.1 indexcon.1 replcon.1 \ -- sechecker.1 \ -- sediff.1 \ -+man_MANS = sediff.1 \ - seinfo.1 sesearch.1 $(MAYBEMANS) -- --seaudit-report.8: seaudit-report.8.in Makefile -- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ -- --CLEANFILES = seaudit-report.8 -diff --git a/seaudit/Makefile.am b/seaudit/Makefile.am -index 1987c99..3fa4413 100644 ---- a/seaudit/Makefile.am -+++ b/seaudit/Makefile.am -@@ -1,5 +1,4 @@ - setoolsdir = @setoolsdir@ --bin_PROGRAMS = seaudit-report - sbin_PROGRAMS = seaudit - - AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ -@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ - dist_setools_DATA = \ - seaudit.glade \ - seaudit_help.txt \ -- seaudit-report.conf \ -- seaudit-report.css \ - seaudit.png seaudit-small.png - - nodist_setools_DATA = \ -- dot_seaudit \ -- seaudit-report-service -+ dot_seaudit - - seaudit_SOURCES = \ - filter_view.c filter_view.h \ -@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \ - dot_seaudit: dot_seaudit.in Makefile - sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ - --seaudit_report_SOURCES = seaudit-report.c --seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \ -- $(top_builddir)/libapol/src/libapol.so \ -- $(top_builddir)/libqpol/src/libqpol.so -- - logwatch = $(DESTDIR)/etc/logwatch - LOGWATCH_GROUP = $(logwatch)/conf/logfiles - LOGWATCH_SERVICE = $(logwatch)/conf/services - LOGWATCH_FILTER = $(logwatch)/scripts/services - --dist_noinst_DATA = dot_seaudit.in \ -- seaudit-report-group.conf \ -- seaudit-report-service.conf \ -- seaudit-report-service.in -- --seaudit-report-service: seaudit-report-service.in Makefile -- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@ -- --install-logwatch: $(dist_noinst_DATA) seaudit-report-service -- mkdir -p -- $(LOGWATCH_GROUP) -- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP) -- mkdir -p -- $(LOGWATCH_SERVICE) -- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE) -- mkdir -p -- $(LOGWATCH_FILTER) -- install -m 755 seaudit-report-service $(LOGWATCH_FILTER) -+dist_noinst_DATA = dot_seaudit.in - - $(top_builddir)/libapol/src/libapol.so: - $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) -@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so: - $(top_builddir)/libsefs/src/libsefs.so: - $(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@) - --.PHONY: install-logwatch -- --CLEANFILES = dot_seaudit seaudit-report-service -+CLEANFILES = dot_seaudit -diff --git a/secmds/Makefile.am b/secmds/Makefile.am -index ddc88b1..7fa4364 100644 ---- a/secmds/Makefile.am -+++ b/secmds/Makefile.am -@@ -1,6 +1,6 @@ - # various setools command line tools - --bin_PROGRAMS = seinfo sesearch findcon replcon indexcon -+bin_PROGRAMS = seinfo sesearch - - # These are for indexcon so that it is usable on machines without setools - STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3 -@@ -18,18 +18,6 @@ seinfo_SOURCES = seinfo.c - - sesearch_SOURCES = sesearch.c - --indexcon_SOURCES = indexcon.cc --indexcon_LDADD = @SELINUX_LIB_FLAG@ $(STATICLIBS) --indexcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so -- --findcon_SOURCES = findcon.cc --findcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) --findcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so -- --replcon_SOURCES = replcon.cc --replcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) --replcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so -- - $(top_builddir)/libapol/src/libapol.so: - $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) - -diff --git a/sediff/Makefile.am b/sediff/Makefile.am -index 3f53cd3..2d9ce84 100644 ---- a/sediff/Makefile.am -+++ b/sediff/Makefile.am -@@ -1,13 +1,6 @@ - setoolsdir = @setoolsdir@ - --dist_setools_DATA = sediff_help.txt sediffx.glade \ -- sediffx.png sediffx-small.png -- --if BUILD_GUI -- MAYBE_SEDIFFX = sediffx --endif -- --bin_PROGRAMS = sediff $(MAYBE_SEDIFFX) -+bin_PROGRAMS = sediff - - AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ - @QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@ -@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ - - LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ - --sediff_CFLAGS = $(AM_CFLAGS) --sediffx_CFLAGS = $(AM_CFLAGS) \ -- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@ -- --# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks --sediffx_LDFLAGS = $(AM_LDFLAGS) \ -- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \ -- -rdynamic -+sediff_CFLAGS = $(AM_CFLAGS) - - DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ - $(top_builddir)/libapol/src/libapol.so \ -@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ - - sediff_SOURCES = sediff.c - --sediffx_SOURCES = \ -- find_dialog.c find_dialog.h \ -- open_policies_dialog.c open_policies_dialog.h \ -- policy_view.c policy_view.h \ -- progress.c progress.h \ -- remap_types_dialog.c remap_types_dialog.h \ -- result_item.c result_item.h \ -- result_item_render.c result_item_render.h \ -- results.c results.h \ -- select_diff_dialog.c select_diff_dialog.h \ -- toplevel.c toplevel.h \ -- utilgui.c utilgui.h \ -- sediffx.c sediffx.h -- - $(top_builddir)/libpoldiff/src/libpoldiff.so: - $(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@) - --- -1.8.5.3 - diff --git a/0008-Add-alias-support-to-seinfo-t.patch b/0008-Add-alias-support-to-seinfo-t.patch deleted file mode 100644 index 32d901a..0000000 --- a/0008-Add-alias-support-to-seinfo-t.patch +++ /dev/null @@ -1,92 +0,0 @@ -From 1136e61a9839ad3b60eb2da4d624413c02545c7d Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 18:42:27 +0200 -Subject: [PATCH 08/11] Add alias support to seinfo -t - ---- - secmds/seinfo.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 48 insertions(+) - -diff --git a/secmds/seinfo.c b/secmds/seinfo.c -index 54b2a6a..1878c49 100644 ---- a/secmds/seinfo.c -+++ b/secmds/seinfo.c -@@ -46,6 +46,7 @@ - #include - #include - #include -+#include - - #define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" - -@@ -54,6 +55,7 @@ - - static char *policy_file = NULL; - -+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb); - static int print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); - static int print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); - static int print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand); -@@ -514,6 +516,7 @@ static int print_types(FILE * fp, const char *name, int expand, const apol_polic - goto cleanup; - if (print_type_attrs(fp, type_datum, policydb, expand)) - goto cleanup; -+ print_type_aliases(fp, type_datum, policydb); - } else { - if (qpol_policy_get_type_iter(q, &iter)) - goto cleanup; -@@ -1912,6 +1915,51 @@ int main(int argc, char **argv) - } - - /** -+ * Prints the alias of a type. -+ * -+ * @param fp Reference to a file to which to print type information -+ * @param type_datum Reference to sepol type_datum -+ * @param policydb Reference to a policy -+ * attributes -+ */ -+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb) -+{ -+ qpol_iterator_t *iter = NULL; -+ size_t alias_size; -+ unsigned char isattr, isalias; -+ const char *type_name = NULL; -+ const char *alias_name; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ -+ if (qpol_type_get_name(q, type_datum, &type_name)) -+ goto cleanup; -+ if (qpol_type_get_isattr(q, type_datum, &isattr)) -+ goto cleanup; -+ if (qpol_type_get_isalias(q, type_datum, &isalias)) -+ goto cleanup; -+ -+ if (isalias) { -+ fprintf(fp, " TypeName %s\n", type_name); -+ } -+ if (qpol_type_get_alias_iter(q, type_datum, &iter)) -+ goto cleanup; -+ if (qpol_iterator_get_size(iter, &alias_size)) -+ goto cleanup; -+ if (alias_size > 0) { -+ fprintf(fp, " Aliases\n"); -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&alias_name)) -+ goto cleanup; -+ fprintf(fp, " %s\n", alias_name); -+ } -+ } -+ -+ cleanup: -+ qpol_iterator_destroy(&iter); -+ return; -+} -+ -+/** - * Prints a textual representation of a type, and possibly - * all of that type's attributes. - * --- -1.8.5.3 - diff --git a/0008-Fix-output-to-match-policy-lines.patch b/0008-Fix-output-to-match-policy-lines.patch deleted file mode 100644 index 47c258e..0000000 --- a/0008-Fix-output-to-match-policy-lines.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 2f89d9acc12c0a7b50a94e4247b015242ce712c9 Mon Sep 17 00:00:00 2001 -From: Dan Walsh -Date: Wed, 21 Sep 2011 15:15:02 -0400 -Subject: [PATCH 8/8] Fix output to match policy lines - ---- - libapol/src/ftrule-query.c | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c -index 9c7a23b..1d5f5c8 100644 ---- a/libapol/src/ftrule-query.c -+++ b/libapol/src/ftrule-query.c -@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena - error = errno; - goto err; - } -- if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) { -+ if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) { - error = errno; - ERR(policy, "%s", strerror(error)); - goto err; -@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena - goto err; - } - -- if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) { -+ if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) { - error = errno; - ERR(policy, "%s", strerror(error)); - goto err; --- -1.7.6.2 - diff --git a/0009-Fix-help-message-on-sesearch-D.patch b/0009-Fix-help-message-on-sesearch-D.patch deleted file mode 100644 index e90eba4..0000000 --- a/0009-Fix-help-message-on-sesearch-D.patch +++ /dev/null @@ -1,258 +0,0 @@ -From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 18:46:24 +0200 -Subject: [PATCH 09/11] Fix help message on sesearch -D - ---- - man/sesearch.1 | 2 +- - secmds/sesearch.c | 77 +++++++++++++++++-------------------------------------- - 2 files changed, 25 insertions(+), 54 deletions(-) - -diff --git a/man/sesearch.1 b/man/sesearch.1 -index 573aedd..dc119eb 100644 ---- a/man/sesearch.1 -+++ b/man/sesearch.1 -@@ -43,7 +43,7 @@ Search for allow rules. - Search for neverallow rules. - .IP "--auditallow" - Search for auditallow rules. --.IP "--dontaudit" -+.IP "-D, --dontaudit" - Search for dontaudit rules. - .IP "-T, --type" - Search for type_transition, type_member, and type_change rules. -diff --git a/secmds/sesearch.c b/secmds/sesearch.c -index e1436a7..f53d670 100644 ---- a/secmds/sesearch.c -+++ b/secmds/sesearch.c -@@ -24,6 +24,7 @@ - */ - - #include -+#include - - /* libapol */ - #include -@@ -61,9 +62,8 @@ enum opt_values - static struct option const longopts[] = { - {"allow", no_argument, NULL, 'A'}, - {"neverallow", no_argument, NULL, RULE_NEVERALLOW}, -- {"audit", no_argument, NULL, RULE_AUDIT}, - {"auditallow", no_argument, NULL, RULE_AUDITALLOW}, -- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT}, -+ {"dontaudit", no_argument, NULL, 'D'}, - {"type", no_argument, NULL, 'T'}, - {"role_allow", no_argument, NULL, RULE_ROLE_ALLOW}, - {"role_trans", no_argument, NULL, RULE_ROLE_TRANS}, -@@ -72,7 +72,6 @@ static struct option const longopts[] = { - - {"source", required_argument, NULL, 's'}, - {"target", required_argument, NULL, 't'}, -- {"default", required_argument, NULL, 'D'}, - {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, - {"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, - {"class", required_argument, NULL, 'c'}, -@@ -129,7 +128,7 @@ void usage(const char *program_name, int brief) - printf(" -A, --allow allow rules\n"); - printf(" --neverallow neverallow rules\n"); - printf(" --auditallow auditallow rules\n"); -- printf(" --dontaudit dontaudit rules\n"); -+ printf(" -D, --dontaudit dontaudit rules\n"); - printf(" -T, --type type_trans, type_member, and type_change\n"); - printf(" --role_allow role allow rules\n"); - printf(" --role_trans role_transition rules\n"); -@@ -138,7 +137,6 @@ void usage(const char *program_name, int brief) - printf("EXPRESSIONS:\n"); - printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n"); - printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n"); -- printf(" -D NAME, --default=NAME rules with type NAME as default\n"); - printf(" --role_source=NAME rules with role NAME as source\n"); - printf(" --role_target=NAME rules with role NAME as target\n"); - printf(" -c NAME, --class=NAME rules with class NAME as the object class\n"); -@@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t * - tmp = apol_cond_expr_render(policy, cond); - enable_char = (enabled ? 'E' : 'D'); - branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); -- if (asprintf(&expr, "[ %s ]", tmp) < 0) { -- expr = NULL; -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) - goto cleanup; -- } - free(tmp); - tmp = NULL; - if (!expr) -@@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt - qpol_iterator_destroy(&iter); - enable_char = (enabled ? 'E' : 'D'); - branch_char = (list ? 'T' : 'F'); -- if (asprintf(&expr, "[ %s ]", tmp) < 0) { -- expr = NULL; -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) - goto cleanup; -- } - free(tmp); - tmp = NULL; - if (!expr) -@@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt, - apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect); - if (opt->bool_name) - apol_terule_query_set_bool(policy, teq, opt->bool_name); -- if (opt->default_name) -- apol_terule_query_set_default(policy, teq, opt->default_name); - if (opt->class_name) { - if (opt->class_vector == NULL) { - if (apol_terule_query_append_class(policy, teq, opt->class_name)) { -@@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t * - tmp = apol_cond_expr_render(policy, cond); - enable_char = (enabled ? 'E' : 'D'); - branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); -- if (asprintf(&expr, "[ %s ]", tmp) < 0) { -- expr = NULL; -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) - goto cleanup; -- } - free(tmp); - tmp = NULL; - if (!expr) -- goto cleanup; -+ break; - } - } - if (!(rule_str = apol_syn_terule_render(policy, rule))) -@@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt - qpol_iterator_destroy(&iter); - enable_char = (enabled ? 'E' : 'D'); - branch_char = (list ? 'T' : 'F'); -- if (asprintf(&expr, "[ %s ]", tmp) < 0) { -- expr = NULL; -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) - goto cleanup; -- } - free(tmp); - tmp = NULL; - if (!expr) -@@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, - goto err; - } - } -- - if (opt->default_name) { - if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) { - error = errno; -@@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt - { - size_t i, num_filename_trans = 0; - const qpol_filename_trans_t *filename_trans = NULL; -- char *filename_trans_str = NULL; -- qpol_iterator_t *iter = NULL; -+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; - - if (!(num_filename_trans = apol_vector_get_size(v))) - goto cleanup; - -- fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans); -+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); - - for (i = 0; i < num_filename_trans; i++) { - if (!(filename_trans = apol_vector_get_element(v, i))) -@@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt - - if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans))) - goto cleanup; -- fprintf(stdout, "%s\n", filename_trans_str); -+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : ""); - free(filename_trans_str); - filename_trans_str = NULL; -+ free(expr); -+ expr = NULL; - } - - cleanup: -+ free(tmp); - free(filename_trans_str); -+ free(expr); - } - - static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) -@@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt, - } - } - -- if (opt->default_name) { -- if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) { -- error = errno; -- goto err; -- } -- } -- - if (apol_role_trans_get_by_query(policy, rtq, v)) { - error = errno; - goto err; -@@ -973,7 +956,7 @@ int main(int argc, char **argv) - - memset(&cmd_opts, 0, sizeof(cmd_opts)); - cmd_opts.indirect = true; -- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { -+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) { - switch (optc) { - case 0: - break; -@@ -1001,18 +984,6 @@ int main(int argc, char **argv) - exit(1); - } - break; -- case 'D': /* default */ -- if (optarg == 0) { -- usage(argv[0], 1); -- printf("Missing default type for -D (--default)\n"); -- exit(1); -- } -- cmd_opts.default_name = strdup(optarg); -- if (!cmd_opts.default_name) { -- -- exit(1); -- } -- break; - case EXPR_ROLE_SOURCE: - if (optarg == 0) { - usage(argv[0], 1); -@@ -1093,7 +1064,7 @@ int main(int argc, char **argv) - case RULE_AUDITALLOW: - cmd_opts.auditallow = true; - break; -- case RULE_DONTAUDIT: -+ case 'D': - cmd_opts.dontaudit = true; - break; - case 'T': /* type */ -@@ -1273,12 +1244,13 @@ int main(int argc, char **argv) - fprintf(stdout, "\n"); - } - -- apol_vector_destroy(&v); -- if (perform_ft_query(policy, &cmd_opts, &v)) { -- rt = 1; -- goto cleanup; -- } -- if (v) { -+ if (cmd_opts.all || cmd_opts.type) { -+ apol_vector_destroy(&v); -+ if (perform_ft_query(policy, &cmd_opts, &v)) { -+ rt = 1; -+ goto cleanup; -+ } -+ - print_ft_results(policy, &cmd_opts, v); - fprintf(stdout, "\n"); - } -@@ -1317,7 +1289,6 @@ int main(int argc, char **argv) - apol_policy_path_destroy(&pol_path); - free(cmd_opts.src_name); - free(cmd_opts.tgt_name); -- free(cmd_opts.default_name); - free(cmd_opts.class_name); - free(cmd_opts.permlist); - free(cmd_opts.bool_name); --- -1.8.5.3 - diff --git a/0009-Fix-swig-coding-style-for-structures.patch b/0009-Fix-swig-coding-style-for-structures.patch deleted file mode 100644 index f05cd4a..0000000 --- a/0009-Fix-swig-coding-style-for-structures.patch +++ /dev/null @@ -1,583 +0,0 @@ -#diff -Nur old_setools/libqpol/swig/qpol.i setools-3.3.7/libqpol/swig/qpol.i -diff -Nur setools-3.3.7/libqpol/swig/qpol.i.current setools-3.3.7/libqpol/swig/qpol.i ---- old_setools/libqpol/swig/qpol.i 2010-04-30 18:23:28.000000000 +0200 -+++ setools-3.3.7/libqpol/swig/qpol.i 2012-07-03 19:20:45.383016553 +0200 -@@ -228,7 +228,7 @@ - #define QPOL_MODULE_OTHER 2 - typedef struct qpol_module {} qpol_module_t; - %extend qpol_module_t { -- qpol_module_t(const char *path) { -+ qpol_module(const char *path) { - qpol_module_t *m; - BEGIN_EXCEPTION - if (qpol_module_create_from_file(path, &m)) { -@@ -239,7 +239,7 @@ - fail: - return NULL; - }; -- ~qpol_module_t() { -+ ~qpol_module() { - qpol_module_destroy(&self); - }; - const char *get_path() { -@@ -330,7 +330,7 @@ - } qpol_capability_e; - - %extend qpol_policy_t { -- qpol_policy_t(const char *path, const int options) { -+ qpol_policy(const char *path, const int options) { - qpol_policy_t *p; - BEGIN_EXCEPTION - if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) { -@@ -341,7 +341,7 @@ - fail: - return NULL; - } -- ~qpol_policy_t() { -+ ~qpol_policy() { - qpol_policy_destroy(&self); - }; - void reevaluate_conds() { -@@ -687,14 +687,14 @@ - typedef struct qpol_iterator {} qpol_iterator_t; - %extend qpol_iterator_t { - /* user never directly creates, but SWIG expects a constructor */ -- qpol_iterator_t() { -+ qpol_iterator() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_TypeError, "User may not create iterators difectly"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_iterator_t() { -+ ~qpol_iterator() { - qpol_iterator_destroy(&self); - }; - void *get_item() { -@@ -736,7 +736,7 @@ - /* qpol type */ - typedef struct qpol_type {} qpol_type_t; - %extend qpol_type_t { -- qpol_type_t(qpol_policy_t *p, const char *name) { -+ qpol_type(qpol_policy_t *p, const char *name) { - BEGIN_EXCEPTION - const qpol_type_t *t; - if (qpol_policy_get_type_by_name(p, name, &t)) { -@@ -747,7 +747,7 @@ - fail: - return NULL; - }; -- ~qpol_type_t() { -+ ~qpol_type() { - /* no op */ - return; - }; -@@ -851,7 +851,7 @@ - /* qpol role */ - typedef struct qpol_role {} qpol_role_t; - %extend qpol_role_t { -- qpol_role_t(qpol_policy_t *p, const char *name) { -+ qpol_role(qpol_policy_t *p, const char *name) { - const qpol_role_t *r; - BEGIN_EXCEPTION - if (qpol_policy_get_role_by_name(p, name, &r)) { -@@ -862,7 +862,7 @@ - fail: - return NULL; - }; -- ~qpol_role_t() { -+ ~qpol_role() { - /* no op */ - return; - }; -@@ -919,7 +919,7 @@ - /* qpol level */ - typedef struct qpol_level {} qpol_level_t; - %extend qpol_level_t { -- qpol_level_t(qpol_policy_t *p, const char *name) { -+ qpol_level(qpol_policy_t *p, const char *name) { - const qpol_level_t *l; - BEGIN_EXCEPTION - if (qpol_policy_get_level_by_name(p, name, &l)) { -@@ -930,7 +930,7 @@ - fail: - return NULL; - }; -- ~qpol_level_t() { -+ ~qpol_level() { - /* no op */ - return; - }; -@@ -997,7 +997,7 @@ - /* qpol cat */ - typedef struct qpol_cat {} qpol_cat_t; - %extend qpol_cat_t { -- qpol_cat_t(qpol_policy_t *p, const char *name) { -+ qpol_cat(qpol_policy_t *p, const char *name) { - const qpol_cat_t *c; - BEGIN_EXCEPTION - if (qpol_policy_get_cat_by_name(p, name, &c)) { -@@ -1008,7 +1008,7 @@ - fail: - return NULL; - }; -- ~qpol_cat_t() { -+ ~qpol_cat() { - /* no op */ - return; - }; -@@ -1064,14 +1064,14 @@ - /* qpol mls range */ - typedef struct qpol_mls_range {} qpol_mls_range_t; - %extend qpol_mls_range_t { -- qpol_mls_range_t() { -+ qpol_mls_range() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects"); - END_EXCEPTION - fail: - return NULL; - } -- ~qpol_mls_range_t() { -+ ~qpol_mls_range() { - /* no op */ - return; - }; -@@ -1105,14 +1105,14 @@ - /* qpol mls level */ - typedef struct qpol_mls_level {} qpol_mls_level_t; - %extend qpol_mls_level_t { -- qpol_mls_level_t() { -+ qpol_mls_level() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects"); - END_EXCEPTION - fail: - return NULL; - } -- ~qpol_mls_level_t() { -+ ~qpol_mls_level() { - /* no op */ - return; - }; -@@ -1147,7 +1147,7 @@ - /* qpol user */ - typedef struct qpol_user {} qpol_user_t; - %extend qpol_user_t { -- qpol_user_t(qpol_policy_t *p, const char *name) { -+ qpol_user(qpol_policy_t *p, const char *name) { - const qpol_user_t *u; - BEGIN_EXCEPTION - if (qpol_policy_get_user_by_name(p, name, &u)) { -@@ -1158,7 +1158,7 @@ - fail: - return NULL; - }; -- ~qpol_user_t() { -+ ~qpol_user() { - /* no op */ - return; - }; -@@ -1223,7 +1223,7 @@ - /* qpol bool */ - typedef struct qpol_bool {} qpol_bool_t; - %extend qpol_bool_t { -- qpol_bool_t(qpol_policy_t *p, const char *name) { -+ qpol_bool(qpol_policy_t *p, const char *name) { - qpol_bool_t *b; - BEGIN_EXCEPTION - if (qpol_policy_get_bool_by_name(p, name, &b)) { -@@ -1233,7 +1233,7 @@ - fail: - return b; - }; -- ~qpol_bool_t() { -+ ~qpol_bool() { - /* no op */ - return; - }; -@@ -1295,14 +1295,14 @@ - /* qpol context */ - typedef struct qpol_context {} qpol_context_t; - %extend qpol_context_t { -- qpol_context_t() { -+ qpol_context() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_context_t() { -+ ~qpol_context() { - /* no op */ - return; - }; -@@ -1356,7 +1356,7 @@ - /* qpol class */ - typedef struct qpol_class {} qpol_class_t; - %extend qpol_class_t { -- qpol_class_t(qpol_policy_t *p, const char *name) { -+ qpol_class(qpol_policy_t *p, const char *name) { - const qpol_class_t *c; - BEGIN_EXCEPTION - if (qpol_policy_get_class_by_name(p, name, &c)) { -@@ -1366,7 +1366,7 @@ - fail: - return (qpol_class_t*)c; - }; -- ~qpol_class_t() { -+ ~qpol_class() { - /* no op */ - return; - }; -@@ -1443,7 +1443,7 @@ - /* qpol common */ - typedef struct qpol_common {} qpol_common_t; - %extend qpol_common_t { -- qpol_common_t(qpol_policy_t *p, const char *name) { -+ qpol_common(qpol_policy_t *p, const char *name) { - const qpol_common_t *c; - BEGIN_EXCEPTION - if (qpol_policy_get_common_by_name(p, name, &c)) { -@@ -1453,7 +1453,7 @@ - fail: - return (qpol_common_t*)c; - }; -- ~qpol_common_t() { -+ ~qpol_common() { - /* no op */ - return; - }; -@@ -1515,7 +1515,7 @@ - #define QPOL_FS_USE_PSID 6U - #endif - typedef struct qpol_fs_use {} qpol_fs_use_t; --%extend qpol_fs_use_t { -+%extend qpol_fs_use { - qpol_fs_use_t(qpol_policy_t *p, const char *name) { - const qpol_fs_use_t *f; - BEGIN_EXCEPTION -@@ -1526,7 +1526,7 @@ - fail: - return (qpol_fs_use_t*)f; - }; -- ~qpol_fs_use_t() { -+ ~qpol_fs_use() { - /* no op */ - return; - }; -@@ -1594,7 +1594,7 @@ - #endif - typedef struct qpol_genfscon {} qpol_genfscon_t; - %extend qpol_genfscon_t { -- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) { -+ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) { - qpol_genfscon_t *g; - BEGIN_EXCEPTION - if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) { -@@ -1604,7 +1604,7 @@ - fail: - return g; - }; -- ~qpol_genfscon_t() { -+ ~qpol_genfscon() { - free(self); - }; - const char *get_name(qpol_policy_t *p) { -@@ -1656,7 +1656,7 @@ - - /* qpol isid */ - typedef struct qpol_isid {} qpol_isid_t; --%extend qpol_isid_t { -+%extend qpol_isid { - qpol_isid_t(qpol_policy_t *p, const char *name) { - const qpol_isid_t *i; - BEGIN_EXCEPTION -@@ -1667,7 +1667,7 @@ - fail: - return (qpol_isid_t*)i; - }; -- ~qpol_isid_t() { -+ ~qpol_isid() { - /* no op */ - return; - }; -@@ -1701,7 +1701,7 @@ - /* qpol netifcon */ - typedef struct qpol_netifcon {} qpol_netifcon_t; - %extend qpol_netifcon_t { -- qpol_netifcon_t(qpol_policy_t *p, const char *name) { -+ qpol_netifcon(qpol_policy_t *p, const char *name) { - const qpol_netifcon_t *n; - BEGIN_EXCEPTION - if (qpol_policy_get_netifcon_by_name(p, name, &n)) { -@@ -1711,7 +1711,7 @@ - fail: - return (qpol_netifcon_t*)n; - }; -- ~qpol_netifcon_t() { -+ ~qpol_netifcon() { - /* no op */ - return; - }; -@@ -1757,7 +1757,7 @@ - #define QPOL_IPV6 1 - typedef struct qpol_nodecon {} qpol_nodecon_t; - %extend qpol_nodecon_t { -- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) { -+ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) { - uint32_t a[4], m[4]; - qpol_nodecon_t *n; - BEGIN_EXCEPTION -@@ -1772,7 +1772,7 @@ - fail: - return n; - } -- ~qpol_nodecon_t() { -+ ~qpol_nodecon() { - free(self); - }; - uint32_t *get_addr(qpol_policy_t *p) { -@@ -1830,7 +1830,7 @@ - #define IPPROTO_UDP 17 - typedef struct qpol_portcon {} qpol_portcon_t; - %extend qpol_portcon_t { -- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { -+ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { - const qpol_portcon_t *qp; - BEGIN_EXCEPTION - if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) { -@@ -1840,7 +1840,7 @@ - fail: - return (qpol_portcon_t*)qp; - }; -- ~qpol_portcon_t() { -+ ~qpol_portcon() { - /* no op */ - return; - }; -@@ -1893,7 +1893,7 @@ - - /* qpol constraint */ - typedef struct qpol_constraint {} qpol_constraint_t; --%extend qpol_constraint_t { -+%extend qpol_constraint { - qpol_constraint_t() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects"); -@@ -1901,7 +1901,7 @@ - fail: - return NULL; - }; -- ~qpol_constraint_t() { -+ ~qpol_constraint() { - free(self); - }; - const qpol_class_t *get_class(qpol_policy_t *p) { -@@ -1945,7 +1945,7 @@ - - /* qpol validatetrans */ - typedef struct qpol_validatetrans {} qpol_validatetrans_t; --%extend qpol_validatetrans_t { -+%extend qpol_validatetrans { - qpol_validatetrans_t() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects"); -@@ -1953,7 +1953,7 @@ - fail: - return NULL; - }; -- ~qpol_validatetrans_t() { -+ ~qpol_validatetrans() { - free(self); - }; - const qpol_class_t *get_class(qpol_policy_t *p) { -@@ -2011,14 +2011,14 @@ - #define QPOL_CEXPR_OP_INCOMP 5 - typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t; - %extend qpol_constraint_expr_node_t { -- qpol_constraint_expr_node_t() { -+ qpol_constraint_expr_node() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_constraint_expr_node_t() { -+ ~qpol_constraint_expr_node() { - /* no op */ - return; - }; -@@ -2073,14 +2073,14 @@ - /* qpol role allow */ - typedef struct qpol_role_allow {} qpol_role_allow_t; - %extend qpol_role_allow_t { -- qpol_role_allow_t() { -+ qpol_role_allow() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_role_allow_t() { -+ ~qpol_role_allow() { - /* no op */ - return; - }; -@@ -2114,14 +2114,14 @@ - /* qpol role trans */ - typedef struct qpol_role_trans {} qpol_role_trans_t; - %extend qpol_role_trans_t { -- qpol_role_trans_t() { -+ qpol_role_trans() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_role_trans_t() { -+ ~qpol_role_trans() { - /* no op */ - return; - }; -@@ -2165,14 +2165,14 @@ - /* qpol range trans */ - typedef struct qpol_range_trans {} qpol_range_trans_t; - %extend qpol_range_trans_t { -- qpol_range_trans_t() { -+ qpol_range_trans() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_range_trans_t() { -+ ~qpol_range_trans() { - /* no op */ - return; - }; -@@ -2228,14 +2228,14 @@ - #define QPOL_RULE_DONTAUDIT 4 - typedef struct qpol_avrule {} qpol_avrule_t; - %extend qpol_avrule_t { -- qpol_avrule_t() { -+ qpol_avrule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_avrule_t() { -+ ~qpol_avrule() { - /* no op */ - return; - }; -@@ -2348,14 +2348,14 @@ - #define QPOL_RULE_TYPE_MEMBER 32 - typedef struct qpol_terule {} qpol_terule_t; - %extend qpol_terule_t { -- qpol_terule_t() { -+ qpol_terule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_terule_t() { -+ ~qpol_terule() { - /* no op */ - return; - }; -@@ -2464,14 +2464,14 @@ - /* qpol conditional */ - typedef struct qpol_cond {} qpol_cond_t; - %extend qpol_cond_t { -- qpol_cond_t() { -+ qpol_cond() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_cond_t() { -+ ~qpol_cond() { - /* no op */ - return; - }; -@@ -2557,14 +2557,14 @@ - #define QPOL_COND_EXPR_NEQ 7 /* bool != bool */ - typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t; - %extend qpol_cond_expr_node_t { -- qpol_cond_expr_node_t() { -+ qpol_cond_expr_node() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_cond_expr_node_t() { -+ ~qpol_cond_expr_node() { - /* no op */ - return; - }; -@@ -2602,14 +2602,14 @@ - /* qpol type set */ - typedef struct qpol_type_set {} qpol_type_set_t; - %extend qpol_type_set_t { -- qpol_type_set_t() { -+ qpol_type_set() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_type_set_t() { -+ ~qpol_type_set() { - /* no op */ - return; - }; -@@ -2665,14 +2665,14 @@ - /* qpol syn av rule */ - typedef struct qpol_syn_avrule {} qpol_syn_avrule_t; - %extend qpol_syn_avrule_t { -- qpol_syn_avrule_t() { -+ qpol_syn_avrule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_syn_avrule_t() { -+ ~qpol_syn_avrule() { - /* no op */ - return; - }; -@@ -2778,14 +2778,14 @@ - /* qpol syn te rule */ - typedef struct qpol_syn_terule {} qpol_syn_terule_t; - %extend qpol_syn_terule_t { -- qpol_syn_terule_t() { -+ qpol_syn_terule() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~qpol_syn_terule_t() { -+ ~qpol_syn_terule() { - /* no op */ - return; - }; diff --git a/0010-Apply-swig-patch-to-make-apol-work-again.patch b/0010-Apply-swig-patch-to-make-apol-work-again.patch deleted file mode 100644 index 09c9512..0000000 --- a/0010-Apply-swig-patch-to-make-apol-work-again.patch +++ /dev/null @@ -1,964 +0,0 @@ -From 5d1423e1473bbbcbdd7bba8a57ed7542d1abb285 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 11:13:30 +0200 -Subject: [PATCH 10/11] Apply swig patch to make apol work again - ---- - libapol/swig/apol.i | 218 ++++++++++++++++++++++++++-------------------------- - 1 file changed, 109 insertions(+), 109 deletions(-) - -diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i -index ae1262d..2e9fc55 100644 ---- a/libapol/swig/apol.i -+++ b/libapol/swig/apol.i -@@ -256,7 +256,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str); - } - %} - %extend apol_ip_t { -- apol_ip_t(const char *str) { -+ apol_ip(const char *str) { - apol_ip_t *ip = NULL; - BEGIN_EXCEPTION - ip = calloc(1, sizeof(*ip)); -@@ -274,7 +274,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str); - fail: - return ip; - }; -- ~apol_ip_t() { -+ ~apol_ip() { - free(self); - }; - int get_protocol() { -@@ -303,16 +303,16 @@ char *apol_file_find_path(const char *file_name); - %} - typedef struct apol_vector {} apol_vector_t; - %extend apol_vector_t { -- apol_vector_t() { -+ apol_vector() { - return apol_vector_create(NULL); - }; -- apol_vector_t(qpol_iterator_t *iter) { -+ apol_vector(qpol_iterator_t *iter) { - return apol_vector_create_from_iter(iter, NULL); - }; -- apol_vector_t(apol_vector_t *v) { -+ apol_vector(apol_vector_t *v) { - return apol_vector_create_from_vector(v, NULL, NULL, NULL); - }; -- apol_vector_t(apol_vector_t *a, apol_vector_t *b) { -+ apol_vector(apol_vector_t *a, apol_vector_t *b) { - return apol_vector_create_from_intersection(a, b, NULL, NULL); - }; - size_t get_size() { -@@ -324,7 +324,7 @@ typedef struct apol_vector {} apol_vector_t; - void *get_element(size_t i) { - return apol_vector_get_element(self, i); - }; -- ~apol_vector_t() { -+ ~apol_vector() { - apol_vector_destroy(&self); - }; - void append(void *x) { -@@ -379,13 +379,13 @@ typedef struct apol_vector {} apol_vector_t; - %} - typedef struct apol_string_vector {} apol_string_vector_t; - %extend apol_string_vector_t { -- apol_string_vector_t() { -+ apol_string_vector() { - return (apol_string_vector_t*)apol_vector_create(free); - }; -- apol_string_vector_t(apol_string_vector_t *v) { -+ apol_string_vector(apol_string_vector_t *v) { - return (apol_string_vector_t*)apol_vector_create_from_vector((apol_vector_t*)v, apol_str_strdup, NULL, free); - }; -- apol_string_vector_t(apol_string_vector_t *a, apol_string_vector_t *b) { -+ apol_string_vector(apol_string_vector_t *a, apol_string_vector_t *b) { - return (apol_string_vector_t*)apol_vector_create_from_intersection((apol_vector_t*)a, (apol_vector_t*)b, apol_str_strcmp, NULL); - }; - size_t get_size() { -@@ -397,7 +397,7 @@ typedef struct apol_string_vector {} apol_string_vector_t; - char *get_element(size_t i) { - return (char*)apol_vector_get_element((apol_vector_t*)self, i); - }; -- ~apol_string_vector_t() { -+ ~apol_string_vector() { - apol_vector_destroy((apol_vector_t**)&self); - }; - size_t get_index(char *str) { -@@ -462,7 +462,7 @@ typedef struct apol_string_vector {} apol_string_vector_t; - } apol_policy_path_type_e; - typedef struct apol_policy_path {} apol_policy_path_t; - %extend apol_policy_path_t { -- apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) { -+ apol_policy_path(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create(type, primary, (apol_vector_t*)modules)) == NULL) { -@@ -472,7 +472,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- apol_policy_path_t(char *path) { -+ apol_policy_path(char *path) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create_from_file(path)) == NULL) { -@@ -482,7 +482,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- apol_policy_path_t(char *str, int unused) { -+ apol_policy_path(char *str, int unused) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create_from_string(str)) == NULL) { -@@ -492,7 +492,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- apol_policy_path_t(apol_policy_path_t *in) { -+ apol_policy_path(apol_policy_path_t *in) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create_from_policy_path(in)) == NULL) { -@@ -502,7 +502,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- ~apol_policy_path_t() { -+ ~apol_policy_path() { - apol_policy_path_destroy(&self); - }; - apol_policy_path_type_e get_type() { -@@ -549,7 +549,7 @@ typedef struct apol_policy {} apol_policy_t; - #define APOL_PERMMAP_BOTH (APOL_PERMMAP_READ | APOL_PERMMAP_WRITE) - #define APOL_PERMMAP_NONE 0x10 - %extend apol_policy_t { -- apol_policy_t(apol_policy_path_t *path, int options = 0) { -+ apol_policy(apol_policy_path_t *path, int options = 0) { - apol_policy_t *p; - BEGIN_EXCEPTION - p = apol_policy_create_from_policy_path(path, options, apol_swig_message_callback, apol_swig_message_callback_arg); -@@ -564,7 +564,7 @@ typedef struct apol_policy {} apol_policy_t; - fail: - return p; - }; -- ~apol_policy_t() { -+ ~apol_policy() { - apol_policy_destroy(&self); - }; - int get_policy_type() { -@@ -652,7 +652,7 @@ typedef struct apol_policy {} apol_policy_t; - /* apol type query */ - typedef struct apol_type_query {} apol_type_query_t; - %extend apol_type_query_t { -- apol_type_query_t() { -+ apol_type_query() { - apol_type_query_t *tq; - BEGIN_EXCEPTION - tq = apol_type_query_create(); -@@ -663,7 +663,7 @@ typedef struct apol_type_query {} apol_type_query_t; - fail: - return tq; - }; -- ~apol_type_query_t() { -+ ~apol_type_query() { - apol_type_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -694,7 +694,7 @@ typedef struct apol_type_query {} apol_type_query_t; - /* apol attribute query */ - typedef struct apol_attr_query {} apol_attr_query_t; - %extend apol_attr_query_t { -- apol_attr_query_t() { -+ apol_attr_query() { - apol_attr_query_t *aq; - BEGIN_EXCEPTION - aq = apol_attr_query_create(); -@@ -705,7 +705,7 @@ typedef struct apol_attr_query {} apol_attr_query_t; - fail: - return aq; - }; -- ~apol_attr_query_t() { -+ ~apol_attr_query() { - apol_attr_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -736,7 +736,7 @@ typedef struct apol_attr_query {} apol_attr_query_t; - /* apol role query */ - typedef struct apol_role_query {} apol_role_query_t; - %extend apol_role_query_t { -- apol_role_query_t() { -+ apol_role_query() { - apol_role_query_t *rq; - BEGIN_EXCEPTION - rq = apol_role_query_create(); -@@ -747,7 +747,7 @@ typedef struct apol_role_query {} apol_role_query_t; - fail: - return rq; - }; -- ~apol_role_query_t() { -+ ~apol_role_query() { - apol_role_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -788,7 +788,7 @@ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t); - /* apol class query */ - typedef struct apol_class_query {} apol_class_query_t; - %extend apol_class_query_t { -- apol_class_query_t() { -+ apol_class_query() { - apol_class_query_t *cq; - BEGIN_EXCEPTION - cq = apol_class_query_create(); -@@ -799,7 +799,7 @@ typedef struct apol_class_query {} apol_class_query_t; - fail: - return cq; - }; -- ~apol_class_query_t() { -+ ~apol_class_query() { - apol_class_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -839,7 +839,7 @@ typedef struct apol_class_query {} apol_class_query_t; - /* apol common query */ - typedef struct apol_common_query {} apol_common_query_t; - %extend apol_common_query_t { -- apol_common_query_t() { -+ apol_common_query() { - apol_common_query_t *cq; - BEGIN_EXCEPTION - cq = apol_common_query_create(); -@@ -850,7 +850,7 @@ typedef struct apol_common_query {} apol_common_query_t; - fail: - return cq; - }; -- ~apol_common_query_t() { -+ ~apol_common_query() { - apol_common_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -881,7 +881,7 @@ typedef struct apol_common_query {} apol_common_query_t; - /* apol perm query */ - typedef struct apol_perm_query {} apol_perm_query_t; - %extend apol_perm_query_t { -- apol_perm_query_t() { -+ apol_perm_query() { - apol_perm_query_t *pq; - BEGIN_EXCEPTION - pq = apol_perm_query_create(); -@@ -892,7 +892,7 @@ typedef struct apol_perm_query {} apol_perm_query_t; - fail: - return pq; - }; -- ~apol_perm_query_t() { -+ ~apol_perm_query() { - apol_perm_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -923,7 +923,7 @@ typedef struct apol_perm_query {} apol_perm_query_t; - /* apol bool query */ - typedef struct apol_bool_query {} apol_bool_query_t; - %extend apol_bool_query_t { -- apol_bool_query_t() { -+ apol_bool_query() { - apol_bool_query_t *bq; - BEGIN_EXCEPTION - bq = apol_bool_query_create(); -@@ -934,7 +934,7 @@ typedef struct apol_bool_query {} apol_bool_query_t; - fail: - return bq; - }; -- ~apol_bool_query_t() { -+ ~apol_bool_query() { - apol_bool_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -965,7 +965,7 @@ typedef struct apol_bool_query {} apol_bool_query_t; - /* apol mls level */ - typedef struct apol_mls_level {} apol_mls_level_t; - %extend apol_mls_level_t { -- apol_mls_level_t() { -+ apol_mls_level() { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create(); -@@ -976,7 +976,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_mls_level_t *in) { -+ apol_mls_level(apol_mls_level_t *in) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_mls_level(in); -@@ -987,7 +987,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_policy_t *p, const char *str) { -+ apol_mls_level(apol_policy_t *p, const char *str) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_string(p, str); -@@ -998,7 +998,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(const char *str) { -+ apol_mls_level(const char *str) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_literal(str); -@@ -1009,7 +1009,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_policy_t *p, qpol_mls_level_t *qml) { -+ apol_mls_level(apol_policy_t *p, qpol_mls_level_t *qml) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_qpol_mls_level(p, qml); -@@ -1020,7 +1020,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_policy_t *p, qpol_level_t *ql) { -+ apol_mls_level(apol_policy_t *p, qpol_level_t *ql) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_qpol_level_datum(p, ql); -@@ -1031,7 +1031,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- ~apol_mls_level_t() { -+ ~apol_mls_level() { - apol_mls_level_destroy(&self); - }; - void set_sens(apol_policy_t *p, char *sens) { -@@ -1128,7 +1128,7 @@ int apol_mls_cats_compare(apol_policy_t * p, const char *cat1, const char *cat2) - #endif - typedef struct apol_mls_range {} apol_mls_range_t; - %extend apol_mls_range_t { -- apol_mls_range_t() { -+ apol_mls_range() { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create(); -@@ -1139,7 +1139,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(apol_mls_range_t *in) { -+ apol_mls_range(apol_mls_range_t *in) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_mls_range(in); -@@ -1150,7 +1150,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(apol_policy_t *p, const char *s) { -+ apol_mls_range(apol_policy_t *p, const char *s) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_string(p, s); -@@ -1161,7 +1161,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(const char *s) { -+ apol_mls_range(const char *s) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_literal(s); -@@ -1172,7 +1172,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(apol_policy_t *p, qpol_mls_range_t *in) { -+ apol_mls_range(apol_policy_t *p, qpol_mls_range_t *in) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_qpol_mls_range(p, in); -@@ -1183,7 +1183,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- ~apol_mls_range_t() { -+ ~apol_mls_range() { - apol_mls_range_destroy(&self); - }; - void set_low(apol_policy_t *p, apol_mls_level_t *lvl) { -@@ -1278,7 +1278,7 @@ int apol_mls_range_contain_subrange(apol_policy_t * p, const apol_mls_range_t * - /* apol level query */ - typedef struct apol_level_query {} apol_level_query_t; - %extend apol_level_query_t { -- apol_level_query_t() { -+ apol_level_query() { - apol_level_query_t * alq; - BEGIN_EXCEPTION - alq = apol_level_query_create(); -@@ -1289,7 +1289,7 @@ typedef struct apol_level_query {} apol_level_query_t; - fail: - return alq; - }; -- ~apol_level_query_t() { -+ ~apol_level_query() { - apol_level_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1329,7 +1329,7 @@ typedef struct apol_level_query {} apol_level_query_t; - /* apol cat query */ - typedef struct apol_cat_query {} apol_cat_query_t; - %extend apol_cat_query_t { -- apol_cat_query_t() { -+ apol_cat_query() { - apol_cat_query_t * acq; - BEGIN_EXCEPTION - acq = apol_cat_query_create(); -@@ -1340,7 +1340,7 @@ typedef struct apol_cat_query {} apol_cat_query_t; - fail: - return acq; - }; -- ~apol_cat_query_t() { -+ ~apol_cat_query() { - apol_cat_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -1379,7 +1379,7 @@ typedef struct apol_cat_query {} apol_cat_query_t; - #endif - typedef struct apol_user_query {} apol_user_query_t; - %extend apol_user_query_t { -- apol_user_query_t() { -+ apol_user_query() { - apol_user_query_t *auq; - BEGIN_EXCEPTION - auq = apol_user_query_create(); -@@ -1390,7 +1390,7 @@ typedef struct apol_user_query {} apol_user_query_t; - fail: - return auq; - }; -- ~apol_user_query_t() { -+ ~apol_user_query() { - apol_user_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1448,7 +1448,7 @@ typedef struct apol_user_query {} apol_user_query_t; - /* apol context */ - typedef struct apol_context {} apol_context_t; - %extend apol_context_t { -- apol_context_t() { -+ apol_context() { - apol_context_t *ctx; - BEGIN_EXCEPTION - ctx = apol_context_create(); -@@ -1459,7 +1459,7 @@ typedef struct apol_context {} apol_context_t; - fail: - return ctx; - }; -- apol_context_t(apol_policy_t *p, qpol_context_t *in) { -+ apol_context(apol_policy_t *p, qpol_context_t *in) { - apol_context_t *ctx; - BEGIN_EXCEPTION - ctx = apol_context_create_from_qpol_context(p, in); -@@ -1470,7 +1470,7 @@ typedef struct apol_context {} apol_context_t; - fail: - return ctx; - }; -- apol_context_t(const char *str) { -+ apol_context(const char *str) { - apol_context_t *ctx; - BEGIN_EXCEPTION - ctx = apol_context_create_from_literal(str); -@@ -1481,7 +1481,7 @@ typedef struct apol_context {} apol_context_t; - fail: - return ctx; - }; -- ~apol_context_t() { -+ ~apol_context() { - apol_context_destroy(&self); - }; - void set_user(apol_policy_t *p, char *name) { -@@ -1583,7 +1583,7 @@ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_contex - /* apol constraint query */ - typedef struct apol_constraint_query {} apol_constraint_query_t; - %extend apol_constraint_query_t { -- apol_constraint_query_t() { -+ apol_constraint_query() { - apol_constraint_query_t *acq; - BEGIN_EXCEPTION - acq = apol_constraint_query_create(); -@@ -1594,7 +1594,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t; - fail: - return acq; - }; -- ~apol_constraint_query_t() { -+ ~apol_constraint_query() { - apol_constraint_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1634,7 +1634,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t; - /* apol validatetrans query */ - typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; - %extend apol_validatetrans_query_t { -- apol_validatetrans_query_t() { -+ apol_validatetrans_query() { - apol_validatetrans_query_t *avq; - BEGIN_EXCEPTION - avq = apol_validatetrans_query_create(); -@@ -1645,7 +1645,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; - fail: - return avq; - }; -- ~apol_validatetrans_query_t() { -+ ~apol_validatetrans_query() { - apol_validatetrans_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1684,7 +1684,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; - #endif - typedef struct apol_genfscon_query {} apol_genfscon_query_t; - %extend apol_genfscon_query_t { -- apol_genfscon_query_t() { -+ apol_genfscon_query() { - apol_genfscon_query_t *agq; - BEGIN_EXCEPTION - agq = apol_genfscon_query_create(); -@@ -1695,7 +1695,7 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t; - fail: - return agq; - }; -- ~apol_genfscon_query_t() { -+ ~apol_genfscon_query() { - apol_genfscon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1746,7 +1746,7 @@ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon); - /* apol fs_use query */ - typedef struct apol_fs_use_query {} apol_fs_use_query_t; - %extend apol_fs_use_query_t { -- apol_fs_use_query_t() { -+ apol_fs_use_query() { - apol_fs_use_query_t *afq; - BEGIN_EXCEPTION - afq = apol_fs_use_query_create(); -@@ -1757,7 +1757,7 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t; - fail: - return afq; - }; -- ~apol_fs_use_query_t() { -+ ~apol_fs_use_query() { - apol_fs_use_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1799,7 +1799,7 @@ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse); - /* apol initial sid query */ - typedef struct apol_isid_query {} apol_isid_query_t; - %extend apol_isid_query_t { -- apol_isid_query_t() { -+ apol_isid_query() { - apol_isid_query_t *aiq; - BEGIN_EXCEPTION - aiq = apol_isid_query_create(); -@@ -1810,7 +1810,7 @@ typedef struct apol_isid_query {} apol_isid_query_t; - fail: - return aiq; - }; -- ~apol_isid_query_t() { -+ ~apol_isid_query() { - apol_isid_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1841,7 +1841,7 @@ typedef struct apol_isid_query {} apol_isid_query_t; - /* apol portcon query */ - typedef struct apol_portcon_query {} apol_portcon_query_t; - %extend apol_portcon_query_t { -- apol_portcon_query_t() { -+ apol_portcon_query() { - apol_portcon_query_t *apq; - BEGIN_EXCEPTION - apq = apol_portcon_query_create(); -@@ -1852,7 +1852,7 @@ typedef struct apol_portcon_query {} apol_portcon_query_t; - fail: - return apq; - }; -- ~apol_portcon_query_t() { -+ ~apol_portcon_query() { - apol_portcon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1885,7 +1885,7 @@ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon); - /* apol netifcon query */ - typedef struct apol_netifcon_query {} apol_netifcon_query_t; - %extend apol_netifcon_query_t { -- apol_netifcon_query_t() { -+ apol_netifcon_query() { - apol_netifcon_query_t *anq; - BEGIN_EXCEPTION - anq = apol_netifcon_query_create(); -@@ -1896,7 +1896,7 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t; - fail: - return anq; - }; -- ~apol_netifcon_query_t() { -+ ~apol_netifcon_query() { - apol_netifcon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1932,7 +1932,7 @@ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon); - /* apol nodecon query */ - typedef struct apol_nodecon_query {} apol_nodecon_query_t; - %extend apol_nodecon_query_t { -- apol_nodecon_query_t() { -+ apol_nodecon_query() { - apol_nodecon_query_t *anq; - BEGIN_EXCEPTION - anq = apol_nodecon_query_create(); -@@ -1943,7 +1943,7 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t; - fail: - return anq; - }; -- ~apol_nodecon_query_t() { -+ ~apol_nodecon_query() { - apol_nodecon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2012,7 +2012,7 @@ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon); - /* apol avrule query */ - typedef struct apol_avrule_query {} apol_avrule_query_t; - %extend apol_avrule_query_t { -- apol_avrule_query_t() { -+ apol_avrule_query() { - apol_avrule_query_t *avq; - BEGIN_EXCEPTION - avq = apol_avrule_query_create(); -@@ -2023,7 +2023,7 @@ typedef struct apol_avrule_query {} apol_avrule_query_t; - fail: - return avq; - }; -- ~apol_avrule_query_t() { -+ ~apol_avrule_query() { - apol_avrule_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2163,7 +2163,7 @@ char *apol_syn_avrule_render(apol_policy_t * policy, qpol_syn_avrule_t * rule); - /* apol terule query */ - typedef struct apol_terule_query {} apol_terule_query_t; - %extend apol_terule_query_t { -- apol_terule_query_t() { -+ apol_terule_query() { - apol_terule_query_t *atq; - BEGIN_EXCEPTION - atq = apol_terule_query_create(); -@@ -2174,7 +2174,7 @@ typedef struct apol_terule_query {} apol_terule_query_t; - fail: - return atq; - }; -- ~apol_terule_query_t() { -+ ~apol_terule_query() { - apol_terule_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2287,7 +2287,7 @@ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t - /* apol cond rule query */ - typedef struct apol_cond_query {} apol_cond_query_t; - %extend apol_cond_query_t { -- apol_cond_query_t() { -+ apol_cond_query() { - apol_cond_query_t *acq; - BEGIN_EXCEPTION - acq = apol_cond_query_create(); -@@ -2298,7 +2298,7 @@ typedef struct apol_cond_query {} apol_cond_query_t; - fail: - return acq; - }; -- ~apol_cond_query_t() { -+ ~apol_cond_query() { - apol_cond_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2331,7 +2331,7 @@ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond); - /* apol role allow query */ - typedef struct apol_role_allow_query {} apol_role_allow_query_t; - %extend apol_role_allow_query_t { -- apol_role_allow_query_t() { -+ apol_role_allow_query() { - apol_role_allow_query_t *arq; - BEGIN_EXCEPTION - arq = apol_role_allow_query_create(); -@@ -2342,7 +2342,7 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t; - fail: - return arq; - }; -- ~apol_role_allow_query_t() { -+ ~apol_role_allow_query() { - apol_role_allow_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2387,7 +2387,7 @@ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule); - /* apol role transition rule query */ - typedef struct apol_role_trans_query {} apol_role_trans_query_t; - %extend apol_role_trans_query_t { -- apol_role_trans_query_t() { -+ apol_role_trans_query() { - apol_role_trans_query_t *arq; - BEGIN_EXCEPTION - arq = apol_role_trans_query_create(); -@@ -2398,7 +2398,7 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t; - fail: - return arq; - }; -- ~apol_role_trans_query_t() { -+ ~apol_role_trans_query() { - apol_role_trans_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2452,7 +2452,7 @@ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule); - /* apol range transition rule query */ - typedef struct apol_range_trans_query {} apol_range_trans_query_t; - %extend apol_range_trans_query_t { -- apol_range_trans_query_t() { -+ apol_range_trans_query() { - apol_range_trans_query_t *arq; - BEGIN_EXCEPTION - arq = apol_range_trans_query_create(); -@@ -2463,7 +2463,7 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t; - fail: - return arq; - }; -- ~apol_range_trans_query_t() { -+ ~apol_range_trans_query() { - apol_range_trans_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2531,7 +2531,7 @@ char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule) - #define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID) - typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; - %extend apol_domain_trans_analysis_t { -- apol_domain_trans_analysis_t() { -+ apol_domain_trans_analysis() { - apol_domain_trans_analysis_t *dta; - BEGIN_EXCEPTION - dta = apol_domain_trans_analysis_create(); -@@ -2542,7 +2542,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; - fail: - return dta; - }; -- ~apol_domain_trans_analysis_t() { -+ ~apol_domain_trans_analysis() { - apol_domain_trans_analysis_destroy(&self); - }; - void set_direction(apol_policy_t *p, int direction) { -@@ -2622,7 +2622,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; - }; - typedef struct apol_domain_trans_result {} apol_domain_trans_result_t; - %extend apol_domain_trans_result_t { -- apol_domain_trans_result_t(apol_domain_trans_result_t *in) { -+ apol_domain_trans_result(apol_domain_trans_result_t *in) { - apol_domain_trans_result_t *dtr; - BEGIN_EXCEPTION - dtr = apol_domain_trans_result_create_from_domain_trans_result(in); -@@ -2633,7 +2633,7 @@ typedef struct apol_domain_trans_result {} apol_domain_trans_result_t; - fail: - return dtr; - }; -- ~apol_domain_trans_result_t() { -+ ~apol_domain_trans_result() { - apol_domain_trans_result_destroy(&self); - }; - const qpol_type_t *get_start_type() { -@@ -2705,14 +2705,14 @@ int apol_domain_trans_table_verify_trans(apol_policy_t * policy, qpol_type_t * s - %} - typedef struct apol_infoflow {} apol_infoflow_t; - %extend apol_infoflow_t { -- apol_infoflow_t() { -+ apol_infoflow() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_t() { -+ ~apol_infoflow() { - apol_infoflow_destroy(&self); - }; - %newobject extract_graph(); -@@ -2730,7 +2730,7 @@ typedef struct apol_infoflow {} apol_infoflow_t; - }; - typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; - %extend apol_infoflow_analysis_t { -- apol_infoflow_analysis_t() { -+ apol_infoflow_analysis() { - apol_infoflow_analysis_t *aia; - BEGIN_EXCEPTION - aia = apol_infoflow_analysis_create(); -@@ -2741,7 +2741,7 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; - fail: - return aia; - }; -- ~apol_infoflow_analysis_t() { -+ ~apol_infoflow_analysis() { - apol_infoflow_analysis_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2823,14 +2823,14 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; - }; - typedef struct apol_infoflow_graph {} apol_infoflow_graph_t; - %extend apol_infoflow_graph_t { -- apol_infoflow_graph_t() { -+ apol_infoflow_graph() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_graph_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_graph_t() { -+ ~apol_infoflow_graph() { - apol_infoflow_graph_destroy(&self); - }; - %newobject do_more(apol_policy_t*, char*); -@@ -2867,14 +2867,14 @@ typedef struct apol_infoflow_graph {} apol_infoflow_graph_t; - }; - typedef struct apol_infoflow_result {} apol_infoflow_result_t; - %extend apol_infoflow_result_t { -- apol_infoflow_result_t() { -+ apol_infoflow_result() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_result_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_result_t() { -+ ~apol_infoflow_result() { - /* no op - vector will destroy */ - return; - }; -@@ -2901,14 +2901,14 @@ typedef struct apol_infoflow_result {} apol_infoflow_result_t; - %} - typedef struct apol_infoflow_step {} apol_infoflow_step_t; - %extend apol_infoflow_step_t { -- apol_infoflow_step_t() { -+ apol_infoflow_step() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_step_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_step_t() { -+ ~apol_infoflow_step() { - /* no op */ - return; - }; -@@ -2938,7 +2938,7 @@ typedef struct apol_infoflow_step {} apol_infoflow_step_t; - #define APOL_RELABEL_DIR_SUBJECT 0x04 - typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; - %extend apol_relabel_analysis_t { -- apol_relabel_analysis_t() { -+ apol_relabel_analysis() { - apol_relabel_analysis_t *ara; - BEGIN_EXCEPTION - ara = apol_relabel_analysis_create(); -@@ -2949,7 +2949,7 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; - fail: - return ara; - }; -- ~apol_relabel_analysis_t() { -+ ~apol_relabel_analysis() { - apol_relabel_analysis_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -3011,14 +3011,14 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; - }; - typedef struct apol_relabel_result {} apol_relabel_result_t; - %extend apol_relabel_result_t { -- apol_relabel_result_t() { -+ apol_relabel_result() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_relabel_result_t() { -+ ~apol_relabel_result() { - /* no op - vector will destroy */ - return; - }; -@@ -3042,14 +3042,14 @@ typedef struct apol_relabel_result {} apol_relabel_result_t; - %} - typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t; - %extend apol_relabel_result_pair_t { -- apol_relabel_result_pair_t() { -+ apol_relabel_result_pair() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_pair_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_relabel_result_pair_t() { -+ ~apol_relabel_result_pair() { - /* no op - owned and free()'d by apol_relabel_result_t */ - return; - }; -@@ -3084,7 +3084,7 @@ typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t; - #define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000 - typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; - %extend apol_types_relation_analysis_t { -- apol_types_relation_analysis_t() { -+ apol_types_relation_analysis() { - apol_types_relation_analysis_t *atr; - BEGIN_EXCEPTION - atr = apol_types_relation_analysis_create(); -@@ -3095,7 +3095,7 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; - fail: - return atr; - }; -- ~apol_types_relation_analysis_t() { -+ ~apol_types_relation_analysis() { - apol_types_relation_analysis_destroy(&self); - } - %newobject run(apol_policy_t*); -@@ -3139,14 +3139,14 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; - }; - typedef struct apol_types_relation_result {} apol_types_relation_result_t; - %extend apol_types_relation_result_t { -- apol_types_relation_result_t() { -+ apol_types_relation_result() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_result_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_types_relation_result_t() { -+ ~apol_types_relation_result() { - apol_types_relation_result_destroy(&self); - }; - const apol_vector_t *get_attributes() { -@@ -3194,14 +3194,14 @@ typedef struct apol_types_relation_result {} apol_types_relation_result_t; - }; - typedef struct apol_types_relation_access {} apol_types_relation_access_t; - %extend apol_types_relation_access_t { -- apol_types_relation_access_t() { -+ apol_types_relation_access() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_access_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_types_relation_access_t() { -+ ~apol_types_relation_access() { - /* no op - vector will destroy */ - return; - }; --- -1.8.5.3 - diff --git a/0010-selinux_current_policy_path.patch b/0010-selinux_current_policy_path.patch deleted file mode 100644 index e9cc81d..0000000 --- a/0010-selinux_current_policy_path.patch +++ /dev/null @@ -1,84 +0,0 @@ -diff -up setools-3.3.7/libqpol/src/util.c.current setools-3.3.7/libqpol/src/util.c ---- setools-3.3.7/libqpol/src/util.c.current 2010-04-23 12:22:08.000000000 -0400 -+++ setools-3.3.7/libqpol/src/util.c 2012-02-16 12:01:33.030434514 -0500 -@@ -84,75 +84,12 @@ static int get_binpol_version(const char - - static int search_policy_binary_file(char **path) - { -- const char *binary_path; -- if ((binary_path = selinux_binary_policy_path()) == NULL) { -- return -1; -+ const char *binary_path = selinux_current_policy_path(); -+ if (binary_path) { -+ *path = strdup(binary_path); -+ if (*path) return 0; - } -- -- int expected_version = -1, latest_version = -1; --#ifdef LIBSELINUX -- /* if the system has SELinux enabled, prefer the policy whose -- name matches the current policy version */ -- if ((expected_version = security_policyvers()) < 0) { -- return -1; -- } --#endif -- -- glob_t glob_buf; -- struct stat fs; -- int rt, error = 0, retval = -1; -- size_t i; -- char *pattern = NULL; -- if (asprintf(&pattern, "%s.*", binary_path) < 0) { -- return -1; -- } -- glob_buf.gl_offs = 1; -- glob_buf.gl_pathc = 0; -- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf); -- if (rt != 0 && rt != GLOB_NOMATCH) { -- errno = EIO; -- return -1; -- } -- -- for (i = 0; i < glob_buf.gl_pathc; i++) { -- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs]; -- if (stat(p, &fs) != 0) { -- error = errno; -- goto cleanup; -- } -- if (S_ISDIR(fs.st_mode)) -- continue; -- -- if ((rt = get_binpol_version(p)) < 0) { -- error = errno; -- goto cleanup; -- } -- -- if (rt > latest_version || rt == expected_version) { -- free(*path); -- if ((*path = strdup(p)) == NULL) { -- error = errno; -- goto cleanup; -- } -- if (rt == expected_version) { -- break; -- } -- latest_version = rt; -- } -- } -- -- if (*path == NULL) { -- retval = 1; -- } else { -- retval = 0; -- } -- cleanup: -- free(pattern); -- globfree(&glob_buf); -- if (retval == -1) { -- errno = error; -- } -- return retval; -+ return -1; - } - - int qpol_default_policy_find(char **path) diff --git a/0011-Fix-Wformat-security-issues.patch b/0011-Fix-Wformat-security-issues.patch deleted file mode 100644 index 5288ed7..0000000 --- a/0011-Fix-Wformat-security-issues.patch +++ /dev/null @@ -1,154 +0,0 @@ -From 32ede3cc817ee4f6806877a34a6c84ed50c31df7 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Fri, 11 Apr 2014 18:49:33 +0200 -Subject: [PATCH 11/11] Fix -Wformat-security issues - ---- - libseaudit/src/bool_message.c | 4 ++-- - libseaudit/src/filter.c | 2 +- - libseaudit/src/model.c | 2 +- - seaudit/progress.c | 4 ++-- - seaudit/toplevel.c | 2 +- - seaudit/utilgui.c | 2 +- - sediff/progress.c | 4 ++-- - sediff/toplevel.c | 2 +- - sediff/utilgui.c | 2 +- - 9 files changed, 12 insertions(+), 12 deletions(-) - -diff --git a/libseaudit/src/bool_message.c b/libseaudit/src/bool_message.c -index f105cf0..d5b1e33 100644 ---- a/libseaudit/src/bool_message.c -+++ b/libseaudit/src/bool_message.c -@@ -101,7 +101,7 @@ char *bool_message_to_string(const seaudit_message_t * msg, const char *date) - return NULL; - } - if ((misc_string = bool_message_to_misc_string(boolm)) == NULL || -- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) { -+ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) { - free(misc_string); - return NULL; - } -@@ -128,7 +128,7 @@ char *bool_message_to_string_html(const seaudit_message_t * msg, const char *dat - return NULL; - } - if ((misc_string = bool_message_to_misc_string(boolm)) == NULL || -- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s
", s, close_brace) < 0) { -+ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s
", s, close_brace) < 0) { - free(misc_string); - return NULL; - } -diff --git a/libseaudit/src/filter.c b/libseaudit/src/filter.c -index 298a309..c710ce4 100644 ---- a/libseaudit/src/filter.c -+++ b/libseaudit/src/filter.c -@@ -1108,7 +1108,7 @@ int seaudit_filter_save_to_file(const seaudit_filter_t * filter, const char *fil - if ((file = fopen(filename, "w")) == NULL) { - return -1; - } -- fprintf(file, XML_VER); -+ fprintf(file, "%s", XML_VER); - fprintf(file, "\n", FILTER_FILE_FORMAT_VERSION); - filter_append_to_file(filter, file, 1); - fprintf(file, "\n"); -diff --git a/libseaudit/src/model.c b/libseaudit/src/model.c -index 1bc4a23..4a130cb 100644 ---- a/libseaudit/src/model.c -+++ b/libseaudit/src/model.c -@@ -514,7 +514,7 @@ int seaudit_model_save_to_file(const seaudit_model_t * model, const char *filena - if ((file = fopen(filename, "w")) == NULL) { - return -1; - } -- fprintf(file, XML_VER); -+ fprintf(file, "%s", XML_VER); - fprintf(file, "\n", - FILTER_FILE_FORMAT_VERSION, model->name, - model->match == SEAUDIT_FILTER_MATCH_ALL ? "all" : "any", -diff --git a/seaudit/progress.c b/seaudit/progress.c -index 2e0abeb..f092858 100644 ---- a/seaudit/progress.c -+++ b/seaudit/progress.c -@@ -114,10 +114,10 @@ int progress_wait(progress_t * progress) - } - g_mutex_unlock(progress->mutex); - if (progress->done < 0) { -- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label); -+ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label); - return progress->done; - } else if (progress->done > 1) { -- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label); -+ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label); - return progress->done - 1; - } else { - progress->done = 0; -diff --git a/seaudit/toplevel.c b/seaudit/toplevel.c -index d901a99..27938d5 100644 ---- a/seaudit/toplevel.c -+++ b/seaudit/toplevel.c -@@ -902,7 +902,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch - ERR(NULL, "%s", strerror(errno)); - return; - } -- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); -+ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); - free(msg); - gtk_dialog_run(GTK_DIALOG(dialog)); - gtk_widget_destroy(dialog); -diff --git a/seaudit/utilgui.c b/seaudit/utilgui.c -index 22028e1..78a1a08 100644 ---- a/seaudit/utilgui.c -+++ b/seaudit/utilgui.c -@@ -30,7 +30,7 @@ - void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg) - { - GtkWidget *dialog; -- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); -+ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); - gtk_dialog_run(GTK_DIALOG(dialog)); - gtk_widget_destroy(dialog); - } -diff --git a/sediff/progress.c b/sediff/progress.c -index efaa120..312789e 100644 ---- a/sediff/progress.c -+++ b/sediff/progress.c -@@ -115,10 +115,10 @@ int progress_wait(progress_t * progress) - } - g_mutex_unlock(progress->mutex); - if (progress->done < 0) { -- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label); -+ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label); - return progress->done; - } else if (progress->done > 1) { -- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label); -+ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label); - return progress->done - 1; - } else { - progress->done = 0; -diff --git a/sediff/toplevel.c b/sediff/toplevel.c -index db6d1f5..aabd039 100644 ---- a/sediff/toplevel.c -+++ b/sediff/toplevel.c -@@ -453,7 +453,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch - ERR(NULL, "%s", strerror(errno)); - return; - } -- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); -+ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); - free(msg); - gtk_dialog_run(GTK_DIALOG(dialog)); - gtk_widget_destroy(dialog); -diff --git a/sediff/utilgui.c b/sediff/utilgui.c -index 04e1e05..9e183ba 100644 ---- a/sediff/utilgui.c -+++ b/sediff/utilgui.c -@@ -31,7 +31,7 @@ - void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg) - { - GtkWidget *dialog; -- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); -+ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); - gtk_dialog_run(GTK_DIALOG(dialog)); - gtk_widget_destroy(dialog); - } --- -1.8.5.3 - diff --git a/0011-setools-noship.patch b/0011-setools-noship.patch deleted file mode 100644 index b678d30..0000000 --- a/0011-setools-noship.patch +++ /dev/null @@ -1,255 +0,0 @@ -diff -up setools-3.3.7/Makefile.am.noship setools-3.3.7/Makefile.am ---- setools-3.3.7/Makefile.am.noship 2008-02-22 14:06:28.000000000 -0500 -+++ setools-3.3.7/Makefile.am 2013-01-30 09:18:59.775157146 -0500 -@@ -8,9 +8,8 @@ endif - if BUILD_GUI - MAYBE_GUI = seaudit - endif --# sediffx is also built conditionally, from sediffx/Makefile.am - --SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) -+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) - - #old indent opts - #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc -@@ -49,12 +48,6 @@ seaudit: libqpol libapol libseaudit - sediff: libqpol libapol libpoldiff - $(MAKE) -C $(top_srcdir)/sediff sediff - --sediffx: libqpol libapol libpoldiff -- $(MAKE) -C $(top_srcdir)/sediff sediffx -- --sechecker: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/sechecker -- - help: - @echo "Make targets for SETools:" - @echo " all: build everything, but do not install" -@@ -65,8 +58,6 @@ help: - @echo " secmds: build command line tools" - @echo " seaudit: build audit log analysis tools" - @echo " sediff: build semantic policy diff command line tool" -- @echo " sediffx: build semantic policy diff graphical tool" -- @echo " sechecker: build policy checking tool" - @echo "" - @echo " install-logwatch: install LogWatch config files for seaudit-report" - @echo " (requires LogWatch and root privileges)" -@@ -78,9 +69,9 @@ install-logwatch: - $(MAKE) -C $(top_srcdir)/seaudit install-logwatch - - .PHONY: libqpol libapol libpoldiff libsefs libseaudit \ -- apol secmds seaudit sediff sediffx sechecker \ -+ apol secmds seaudit sediff \ - install-logwatch help \ -- seinfo sesearch indexcon findcon replcon searchcon \ -+ seinfo sesearch \ - packages - - seinfo: libqpol libapol -@@ -89,18 +80,6 @@ seinfo: libqpol libapol - sesearch: libqpol libapol - $(MAKE) -C $(top_srcdir)/secmds sesearch - --indexcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds indexcon -- --findcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds findcon -- --replcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds replcon -- --searchcon: libqpol libapol libsefs -- $(MAKE) -C $(top_srcdir)/secmds searchcon -- - packages: - $(MAKE) -C $(top_srcdir)/packages - -diff -up setools-3.3.7/man/Makefile.am.noship setools-3.3.7/man/Makefile.am ---- setools-3.3.7/man/Makefile.am.noship 2007-08-02 17:16:33.000000000 -0400 -+++ setools-3.3.7/man/Makefile.am 2013-01-30 09:16:13.696871566 -0500 -@@ -1,19 +1,10 @@ - if BUILD_GUI - MAYBEMANS = apol.1 \ -- seaudit.8 seaudit-report.8 \ -- sediffx.1 -+ seaudit.8 - endif - - EXTRA_DIST=$(man_MANS) apol.1 \ -- seaudit.8 seaudit-report.8.in \ -- sediffx.1 -+ seaudit.8 - --man_MANS = findcon.1 indexcon.1 replcon.1 \ -- sechecker.1 \ -- sediff.1 \ -+man_MANS = sediff.1 \ - seinfo.1 sesearch.1 $(MAYBEMANS) -- --seaudit-report.8: seaudit-report.8.in Makefile -- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ -- --CLEANFILES = seaudit-report.8 -diff -up setools-3.3.7/seaudit/Makefile.am.noship setools-3.3.7/seaudit/Makefile.am ---- setools-3.3.7/seaudit/Makefile.am.noship 2008-02-22 14:06:28.000000000 -0500 -+++ setools-3.3.7/seaudit/Makefile.am 2013-01-30 09:16:13.697871568 -0500 -@@ -1,5 +1,4 @@ - setoolsdir = @setoolsdir@ --bin_PROGRAMS = seaudit-report - sbin_PROGRAMS = seaudit - - AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ -@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_ - dist_setools_DATA = \ - seaudit.glade \ - seaudit_help.txt \ -- seaudit-report.conf \ -- seaudit-report.css \ - seaudit.png seaudit-small.png - - nodist_setools_DATA = \ -- dot_seaudit \ -- seaudit-report-service -+ dot_seaudit - - seaudit_SOURCES = \ - filter_view.c filter_view.h \ -@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/l - dot_seaudit: dot_seaudit.in Makefile - sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ - --seaudit_report_SOURCES = seaudit-report.c --seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \ -- $(top_builddir)/libapol/src/libapol.so \ -- $(top_builddir)/libqpol/src/libqpol.so -- - logwatch = $(DESTDIR)/etc/logwatch - LOGWATCH_GROUP = $(logwatch)/conf/logfiles - LOGWATCH_SERVICE = $(logwatch)/conf/services - LOGWATCH_FILTER = $(logwatch)/scripts/services - --dist_noinst_DATA = dot_seaudit.in \ -- seaudit-report-group.conf \ -- seaudit-report-service.conf \ -- seaudit-report-service.in -- --seaudit-report-service: seaudit-report-service.in Makefile -- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@ -- --install-logwatch: $(dist_noinst_DATA) seaudit-report-service -- mkdir -p -- $(LOGWATCH_GROUP) -- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP) -- mkdir -p -- $(LOGWATCH_SERVICE) -- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE) -- mkdir -p -- $(LOGWATCH_FILTER) -- install -m 755 seaudit-report-service $(LOGWATCH_FILTER) -+dist_noinst_DATA = dot_seaudit.in - - $(top_builddir)/libapol/src/libapol.so: - $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) -@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so: - $(top_builddir)/libsefs/src/libsefs.so: - $(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@) - --.PHONY: install-logwatch -- --CLEANFILES = dot_seaudit seaudit-report-service -+CLEANFILES = dot_seaudit -diff -up setools-3.3.7/secmds/Makefile.am.noship setools-3.3.7/secmds/Makefile.am ---- setools-3.3.7/secmds/Makefile.am.noship 2007-08-02 17:16:33.000000000 -0400 -+++ setools-3.3.7/secmds/Makefile.am 2013-01-30 09:16:13.698871569 -0500 -@@ -1,6 +1,6 @@ - # various setools command line tools - --bin_PROGRAMS = seinfo sesearch findcon replcon indexcon -+bin_PROGRAMS = seinfo sesearch - - # These are for indexcon so that it is usable on machines without setools - STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3 -@@ -18,18 +18,6 @@ seinfo_SOURCES = seinfo.c - - sesearch_SOURCES = sesearch.c - --indexcon_SOURCES = indexcon.cc --indexcon_LDADD = @SELINUX_LIB_FLAG@ $(STATICLIBS) --indexcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so -- --findcon_SOURCES = findcon.cc --findcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) --findcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so -- --replcon_SOURCES = replcon.cc --replcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) --replcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so -- - $(top_builddir)/libapol/src/libapol.so: - $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) - -diff -up setools-3.3.7/sediff/Makefile.am.noship setools-3.3.7/sediff/Makefile.am ---- setools-3.3.7/sediff/Makefile.am.noship 2007-04-25 15:20:20.000000000 -0400 -+++ setools-3.3.7/sediff/Makefile.am 2013-01-30 09:16:13.698871569 -0500 -@@ -1,13 +1,6 @@ - setoolsdir = @setoolsdir@ - --dist_setools_DATA = sediff_help.txt sediffx.glade \ -- sediffx.png sediffx-small.png -- --if BUILD_GUI -- MAYBE_SEDIFFX = sediffx --endif -- --bin_PROGRAMS = sediff $(MAYBE_SEDIFFX) -+bin_PROGRAMS = sediff - - AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ - @QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@ -@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS - - LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ - --sediff_CFLAGS = $(AM_CFLAGS) --sediffx_CFLAGS = $(AM_CFLAGS) \ -- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@ -- --# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks --sediffx_LDFLAGS = $(AM_LDFLAGS) \ -- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \ -- -rdynamic -+sediff_CFLAGS = $(AM_CFLAGS) - - DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ - $(top_builddir)/libapol/src/libapol.so \ -@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldif - - sediff_SOURCES = sediff.c - --sediffx_SOURCES = \ -- find_dialog.c find_dialog.h \ -- open_policies_dialog.c open_policies_dialog.h \ -- policy_view.c policy_view.h \ -- progress.c progress.h \ -- remap_types_dialog.c remap_types_dialog.h \ -- result_item.c result_item.h \ -- result_item_render.c result_item_render.h \ -- results.c results.h \ -- select_diff_dialog.c select_diff_dialog.h \ -- toplevel.c toplevel.h \ -- utilgui.c utilgui.h \ -- sediffx.c sediffx.h -- - $(top_builddir)/libpoldiff/src/libpoldiff.so: - $(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@) - -diff -up setools-3.3.7/configure.ac~ setools-3.3.7/configure.ac ---- setools-3.3.7/configure.ac~ 2013-01-30 09:52:05.689136955 -0500 -+++ setools-3.3.7/configure.ac 2013-01-30 09:56:26.853722063 -0500 -@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; the - fi - AC_PROG_CXX - AC_LANG([C]) --AC_PROG_LIBTOOL -+AC_PROG_RANLIB - AC_PROG_LN_S - AC_PROG_LEX - AC_PROG_YACC diff --git a/0012-Fix-configure.ac-to-use-SWIG-3.0.0.patch b/0012-Fix-configure.ac-to-use-SWIG-3.0.0.patch deleted file mode 100644 index 7dd153f..0000000 --- a/0012-Fix-configure.ac-to-use-SWIG-3.0.0.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 9fbf625c8606ff4a51d3d797b002bbf698592154 Mon Sep 17 00:00:00 2001 -From: Miroslav Grepl -Date: Sun, 13 Apr 2014 20:58:14 +0200 -Subject: [PATCH] Fix configure.ac to use SWIG-3.0.0 - ---- - configure.ac | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5b1da5e..11c0e3e 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java, - enable_jswig="$enableval") - if test "x${enable_jswig}" = xyes; then - if test ${do_swigify} = no; then -- AC_PROG_SWIG(2.0.0) -+ AC_PROG_SWIG(3.0.0) - fi - AC_JAVA_OPTIONS - if test "x$JAVAPREFIX" = x; then -@@ -225,14 +225,14 @@ AC_ARG_ENABLE(swig-python, - enable_pyswig="$enableval") - if test "x${enable_pyswig}" = xyes; then - if test ${do_swigify} = no; then -- AC_PROG_SWIG(2.0.0) -+ AC_PROG_SWIG(3.0.0) - fi - SWIG_PYTHON - do_swigify_python=yes - do_swigify=yes - fi - if test ${do_swigify} = "yes"; then -- AC_PROG_SWIG(2.0.0) -+ AC_PROG_SWIG(3.0.0) - fi - build_apol=yes - AC_ARG_ENABLE(swig-tcl, -@@ -241,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl, - enable_tclswig="$enableval", enable_tclswig="yes") - if test "x${enable_tclswig}" = xyes; then - if test ${do_swigify} = no; then -- AC_PROG_SWIG(2.0.0) -+ AC_PROG_SWIG(3.0.0) - fi - TEA_INIT(3.5) - TEA_PATH_TCLCONFIG --- -1.8.5.3 - diff --git a/0012-seaudit.patch b/0012-seaudit.patch deleted file mode 100644 index 78da66e..0000000 --- a/0012-seaudit.patch +++ /dev/null @@ -1,28 +0,0 @@ -diff -up setools-3.3.7/libqpol/swig/java/Makefile.am.seaudit setools-3.3.7/libqpol/swig/java/Makefile.am ---- setools-3.3.7/libqpol/swig/java/Makefile.am.seaudit 2010-05-03 12:37:54.000000000 -0400 -+++ setools-3.3.7/libqpol/swig/java/Makefile.am 2012-09-28 10:15:56.408912525 -0400 -@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \ - qpol_type_t.java \ - qpol_user_t.java \ - qpol_validatetrans_t.java \ -- SWIGTYPE_p_int.java \ - SWIGTYPE_p_unsigned_int.java \ - SWIGTYPE_p_void.java - -diff -up setools-3.3.7/seaudit/progress.c.seaudit setools-3.3.7/seaudit/progress.c ---- setools-3.3.7/seaudit/progress.c.seaudit 2007-08-02 17:16:33.000000000 -0400 -+++ setools-3.3.7/seaudit/progress.c 2012-09-28 10:15:56.407912521 -0400 -@@ -99,10 +99,11 @@ void progress_hide(progress_t * progress - - int progress_wait(progress_t * progress) - { -- GTimeVal wait_time = { 0, 50000 }; -+ gint64 end_time; - g_mutex_lock(progress->mutex); - while (!progress->done) { -- g_cond_timed_wait(progress->cond, progress->mutex, &wait_time); -+ end_time = g_get_monotonic_time () + 50000; // need to be set before each wait -+ g_cond_wait_until(progress->cond, progress->mutex,end_time); - if (progress->s != NULL) { - gtk_label_set_text(GTK_LABEL(progress->label2), progress->s); - free(progress->s); diff --git a/0013-libqpol-Skip-types-when-building-type-attribute-map.patch b/0013-libqpol-Skip-types-when-building-type-attribute-map.patch deleted file mode 100644 index efdd8a9..0000000 --- a/0013-libqpol-Skip-types-when-building-type-attribute-map.patch +++ /dev/null @@ -1,29 +0,0 @@ -From f7b31b7e28a4f89bcfcd0d139cfca78777a4333e Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Thu, 4 Feb 2016 14:06:49 -0500 -Subject: [PATCH] libqpol: Skip types when building type attribute map. - -Fix originally from Richard Haines. - -Closes #94. ---- - libqpol/src/policy_extend.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c -index 1417271..416bddb 100644 ---- a/libqpol/src/policy_extend.c -+++ b/libqpol/src/policy_extend.c -@@ -201,6 +201,9 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy) - memset(&buff, 0, 10 * sizeof(char)); - - for (i = 0; i < db->p_types.nprim; i++) { -+ /* skip types */ -+ if (db->type_val_to_struct[i]->flavor == TYPE_TYPE) -+ continue; - count = 0; - ebitmap_for_each_bit(&db->attr_type_map[i], node, bit) { - if (ebitmap_node_get_bit(node, bit)) --- -2.5.0 - diff --git a/0013-swig.patch b/0013-swig.patch deleted file mode 100644 index 56bbd40..0000000 --- a/0013-swig.patch +++ /dev/null @@ -1,956 +0,0 @@ -@@ -, +, @@ ---- - libapol/swig/apol.i | 218 ++++++++++++++++++++++++++-------------------------- - 1 file changed, 109 insertions(+), 109 deletions(-) ---- a/libapol/swig/apol.i -+++ a/libapol/swig/apol.i -@@ -256,7 +256,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str); - } - %} - %extend apol_ip_t { -- apol_ip_t(const char *str) { -+ apol_ip(const char *str) { - apol_ip_t *ip = NULL; - BEGIN_EXCEPTION - ip = calloc(1, sizeof(*ip)); -@@ -274,7 +274,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str); - fail: - return ip; - }; -- ~apol_ip_t() { -+ ~apol_ip() { - free(self); - }; - int get_protocol() { -@@ -303,16 +303,16 @@ char *apol_file_find_path(const char *file_name); - %} - typedef struct apol_vector {} apol_vector_t; - %extend apol_vector_t { -- apol_vector_t() { -+ apol_vector() { - return apol_vector_create(NULL); - }; -- apol_vector_t(qpol_iterator_t *iter) { -+ apol_vector(qpol_iterator_t *iter) { - return apol_vector_create_from_iter(iter, NULL); - }; -- apol_vector_t(apol_vector_t *v) { -+ apol_vector(apol_vector_t *v) { - return apol_vector_create_from_vector(v, NULL, NULL, NULL); - }; -- apol_vector_t(apol_vector_t *a, apol_vector_t *b) { -+ apol_vector(apol_vector_t *a, apol_vector_t *b) { - return apol_vector_create_from_intersection(a, b, NULL, NULL); - }; - size_t get_size() { -@@ -324,7 +324,7 @@ typedef struct apol_vector {} apol_vector_t; - void *get_element(size_t i) { - return apol_vector_get_element(self, i); - }; -- ~apol_vector_t() { -+ ~apol_vector() { - apol_vector_destroy(&self); - }; - void append(void *x) { -@@ -379,13 +379,13 @@ typedef struct apol_vector {} apol_vector_t; - %} - typedef struct apol_string_vector {} apol_string_vector_t; - %extend apol_string_vector_t { -- apol_string_vector_t() { -+ apol_string_vector() { - return (apol_string_vector_t*)apol_vector_create(free); - }; -- apol_string_vector_t(apol_string_vector_t *v) { -+ apol_string_vector(apol_string_vector_t *v) { - return (apol_string_vector_t*)apol_vector_create_from_vector((apol_vector_t*)v, apol_str_strdup, NULL, free); - }; -- apol_string_vector_t(apol_string_vector_t *a, apol_string_vector_t *b) { -+ apol_string_vector(apol_string_vector_t *a, apol_string_vector_t *b) { - return (apol_string_vector_t*)apol_vector_create_from_intersection((apol_vector_t*)a, (apol_vector_t*)b, apol_str_strcmp, NULL); - }; - size_t get_size() { -@@ -397,7 +397,7 @@ typedef struct apol_string_vector {} apol_string_vector_t; - char *get_element(size_t i) { - return (char*)apol_vector_get_element((apol_vector_t*)self, i); - }; -- ~apol_string_vector_t() { -+ ~apol_string_vector() { - apol_vector_destroy((apol_vector_t**)&self); - }; - size_t get_index(char *str) { -@@ -462,7 +462,7 @@ typedef struct apol_string_vector {} apol_string_vector_t; - } apol_policy_path_type_e; - typedef struct apol_policy_path {} apol_policy_path_t; - %extend apol_policy_path_t { -- apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) { -+ apol_policy_path(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create(type, primary, (apol_vector_t*)modules)) == NULL) { -@@ -472,7 +472,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- apol_policy_path_t(char *path) { -+ apol_policy_path(char *path) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create_from_file(path)) == NULL) { -@@ -482,7 +482,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- apol_policy_path_t(char *str, int unused) { -+ apol_policy_path(char *str, int unused) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create_from_string(str)) == NULL) { -@@ -492,7 +492,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- apol_policy_path_t(apol_policy_path_t *in) { -+ apol_policy_path(apol_policy_path_t *in) { - apol_policy_path_t *p; - BEGIN_EXCEPTION - if ((p = apol_policy_path_create_from_policy_path(in)) == NULL) { -@@ -502,7 +502,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; - fail: - return p; - }; -- ~apol_policy_path_t() { -+ ~apol_policy_path() { - apol_policy_path_destroy(&self); - }; - apol_policy_path_type_e get_type() { -@@ -549,7 +549,7 @@ typedef struct apol_policy {} apol_policy_t; - #define APOL_PERMMAP_BOTH (APOL_PERMMAP_READ | APOL_PERMMAP_WRITE) - #define APOL_PERMMAP_NONE 0x10 - %extend apol_policy_t { -- apol_policy_t(apol_policy_path_t *path, int options = 0) { -+ apol_policy(apol_policy_path_t *path, int options = 0) { - apol_policy_t *p; - BEGIN_EXCEPTION - p = apol_policy_create_from_policy_path(path, options, apol_swig_message_callback, apol_swig_message_callback_arg); -@@ -564,7 +564,7 @@ typedef struct apol_policy {} apol_policy_t; - fail: - return p; - }; -- ~apol_policy_t() { -+ ~apol_policy() { - apol_policy_destroy(&self); - }; - int get_policy_type() { -@@ -652,7 +652,7 @@ typedef struct apol_policy {} apol_policy_t; - /* apol type query */ - typedef struct apol_type_query {} apol_type_query_t; - %extend apol_type_query_t { -- apol_type_query_t() { -+ apol_type_query() { - apol_type_query_t *tq; - BEGIN_EXCEPTION - tq = apol_type_query_create(); -@@ -663,7 +663,7 @@ typedef struct apol_type_query {} apol_type_query_t; - fail: - return tq; - }; -- ~apol_type_query_t() { -+ ~apol_type_query() { - apol_type_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -694,7 +694,7 @@ typedef struct apol_type_query {} apol_type_query_t; - /* apol attribute query */ - typedef struct apol_attr_query {} apol_attr_query_t; - %extend apol_attr_query_t { -- apol_attr_query_t() { -+ apol_attr_query() { - apol_attr_query_t *aq; - BEGIN_EXCEPTION - aq = apol_attr_query_create(); -@@ -705,7 +705,7 @@ typedef struct apol_attr_query {} apol_attr_query_t; - fail: - return aq; - }; -- ~apol_attr_query_t() { -+ ~apol_attr_query() { - apol_attr_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -736,7 +736,7 @@ typedef struct apol_attr_query {} apol_attr_query_t; - /* apol role query */ - typedef struct apol_role_query {} apol_role_query_t; - %extend apol_role_query_t { -- apol_role_query_t() { -+ apol_role_query() { - apol_role_query_t *rq; - BEGIN_EXCEPTION - rq = apol_role_query_create(); -@@ -747,7 +747,7 @@ typedef struct apol_role_query {} apol_role_query_t; - fail: - return rq; - }; -- ~apol_role_query_t() { -+ ~apol_role_query() { - apol_role_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -788,7 +788,7 @@ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t); - /* apol class query */ - typedef struct apol_class_query {} apol_class_query_t; - %extend apol_class_query_t { -- apol_class_query_t() { -+ apol_class_query() { - apol_class_query_t *cq; - BEGIN_EXCEPTION - cq = apol_class_query_create(); -@@ -799,7 +799,7 @@ typedef struct apol_class_query {} apol_class_query_t; - fail: - return cq; - }; -- ~apol_class_query_t() { -+ ~apol_class_query() { - apol_class_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -839,7 +839,7 @@ typedef struct apol_class_query {} apol_class_query_t; - /* apol common query */ - typedef struct apol_common_query {} apol_common_query_t; - %extend apol_common_query_t { -- apol_common_query_t() { -+ apol_common_query() { - apol_common_query_t *cq; - BEGIN_EXCEPTION - cq = apol_common_query_create(); -@@ -850,7 +850,7 @@ typedef struct apol_common_query {} apol_common_query_t; - fail: - return cq; - }; -- ~apol_common_query_t() { -+ ~apol_common_query() { - apol_common_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -881,7 +881,7 @@ typedef struct apol_common_query {} apol_common_query_t; - /* apol perm query */ - typedef struct apol_perm_query {} apol_perm_query_t; - %extend apol_perm_query_t { -- apol_perm_query_t() { -+ apol_perm_query() { - apol_perm_query_t *pq; - BEGIN_EXCEPTION - pq = apol_perm_query_create(); -@@ -892,7 +892,7 @@ typedef struct apol_perm_query {} apol_perm_query_t; - fail: - return pq; - }; -- ~apol_perm_query_t() { -+ ~apol_perm_query() { - apol_perm_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -923,7 +923,7 @@ typedef struct apol_perm_query {} apol_perm_query_t; - /* apol bool query */ - typedef struct apol_bool_query {} apol_bool_query_t; - %extend apol_bool_query_t { -- apol_bool_query_t() { -+ apol_bool_query() { - apol_bool_query_t *bq; - BEGIN_EXCEPTION - bq = apol_bool_query_create(); -@@ -934,7 +934,7 @@ typedef struct apol_bool_query {} apol_bool_query_t; - fail: - return bq; - }; -- ~apol_bool_query_t() { -+ ~apol_bool_query() { - apol_bool_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -965,7 +965,7 @@ typedef struct apol_bool_query {} apol_bool_query_t; - /* apol mls level */ - typedef struct apol_mls_level {} apol_mls_level_t; - %extend apol_mls_level_t { -- apol_mls_level_t() { -+ apol_mls_level() { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create(); -@@ -976,7 +976,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_mls_level_t *in) { -+ apol_mls_level(apol_mls_level_t *in) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_mls_level(in); -@@ -987,7 +987,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_policy_t *p, const char *str) { -+ apol_mls_level(apol_policy_t *p, const char *str) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_string(p, str); -@@ -998,7 +998,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(const char *str) { -+ apol_mls_level(const char *str) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_literal(str); -@@ -1009,7 +1009,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_policy_t *p, qpol_mls_level_t *qml) { -+ apol_mls_level(apol_policy_t *p, qpol_mls_level_t *qml) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_qpol_mls_level(p, qml); -@@ -1020,7 +1020,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- apol_mls_level_t(apol_policy_t *p, qpol_level_t *ql) { -+ apol_mls_level(apol_policy_t *p, qpol_level_t *ql) { - apol_mls_level_t *aml; - BEGIN_EXCEPTION - aml = apol_mls_level_create_from_qpol_level_datum(p, ql); -@@ -1031,7 +1031,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; - fail: - return aml; - }; -- ~apol_mls_level_t() { -+ ~apol_mls_level() { - apol_mls_level_destroy(&self); - }; - void set_sens(apol_policy_t *p, char *sens) { -@@ -1128,7 +1128,7 @@ int apol_mls_cats_compare(apol_policy_t * p, const char *cat1, const char *cat2) - #endif - typedef struct apol_mls_range {} apol_mls_range_t; - %extend apol_mls_range_t { -- apol_mls_range_t() { -+ apol_mls_range() { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create(); -@@ -1139,7 +1139,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(apol_mls_range_t *in) { -+ apol_mls_range(apol_mls_range_t *in) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_mls_range(in); -@@ -1150,7 +1150,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(apol_policy_t *p, const char *s) { -+ apol_mls_range(apol_policy_t *p, const char *s) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_string(p, s); -@@ -1161,7 +1161,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(const char *s) { -+ apol_mls_range(const char *s) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_literal(s); -@@ -1172,7 +1172,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- apol_mls_range_t(apol_policy_t *p, qpol_mls_range_t *in) { -+ apol_mls_range(apol_policy_t *p, qpol_mls_range_t *in) { - apol_mls_range_t *amr; - BEGIN_EXCEPTION - amr = apol_mls_range_create_from_qpol_mls_range(p, in); -@@ -1183,7 +1183,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; - fail: - return amr; - }; -- ~apol_mls_range_t() { -+ ~apol_mls_range() { - apol_mls_range_destroy(&self); - }; - void set_low(apol_policy_t *p, apol_mls_level_t *lvl) { -@@ -1278,7 +1278,7 @@ int apol_mls_range_contain_subrange(apol_policy_t * p, const apol_mls_range_t * - /* apol level query */ - typedef struct apol_level_query {} apol_level_query_t; - %extend apol_level_query_t { -- apol_level_query_t() { -+ apol_level_query() { - apol_level_query_t * alq; - BEGIN_EXCEPTION - alq = apol_level_query_create(); -@@ -1289,7 +1289,7 @@ typedef struct apol_level_query {} apol_level_query_t; - fail: - return alq; - }; -- ~apol_level_query_t() { -+ ~apol_level_query() { - apol_level_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1329,7 +1329,7 @@ typedef struct apol_level_query {} apol_level_query_t; - /* apol cat query */ - typedef struct apol_cat_query {} apol_cat_query_t; - %extend apol_cat_query_t { -- apol_cat_query_t() { -+ apol_cat_query() { - apol_cat_query_t * acq; - BEGIN_EXCEPTION - acq = apol_cat_query_create(); -@@ -1340,7 +1340,7 @@ typedef struct apol_cat_query {} apol_cat_query_t; - fail: - return acq; - }; -- ~apol_cat_query_t() { -+ ~apol_cat_query() { - apol_cat_query_destroy(&self); - }; - %newobject run(apol_policy_t *); -@@ -1379,7 +1379,7 @@ typedef struct apol_cat_query {} apol_cat_query_t; - #endif - typedef struct apol_user_query {} apol_user_query_t; - %extend apol_user_query_t { -- apol_user_query_t() { -+ apol_user_query() { - apol_user_query_t *auq; - BEGIN_EXCEPTION - auq = apol_user_query_create(); -@@ -1390,7 +1390,7 @@ typedef struct apol_user_query {} apol_user_query_t; - fail: - return auq; - }; -- ~apol_user_query_t() { -+ ~apol_user_query() { - apol_user_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1448,7 +1448,7 @@ typedef struct apol_user_query {} apol_user_query_t; - /* apol context */ - typedef struct apol_context {} apol_context_t; - %extend apol_context_t { -- apol_context_t() { -+ apol_context() { - apol_context_t *ctx; - BEGIN_EXCEPTION - ctx = apol_context_create(); -@@ -1459,7 +1459,7 @@ typedef struct apol_context {} apol_context_t; - fail: - return ctx; - }; -- apol_context_t(apol_policy_t *p, qpol_context_t *in) { -+ apol_context(apol_policy_t *p, qpol_context_t *in) { - apol_context_t *ctx; - BEGIN_EXCEPTION - ctx = apol_context_create_from_qpol_context(p, in); -@@ -1470,7 +1470,7 @@ typedef struct apol_context {} apol_context_t; - fail: - return ctx; - }; -- apol_context_t(const char *str) { -+ apol_context(const char *str) { - apol_context_t *ctx; - BEGIN_EXCEPTION - ctx = apol_context_create_from_literal(str); -@@ -1481,7 +1481,7 @@ typedef struct apol_context {} apol_context_t; - fail: - return ctx; - }; -- ~apol_context_t() { -+ ~apol_context() { - apol_context_destroy(&self); - }; - void set_user(apol_policy_t *p, char *name) { -@@ -1583,7 +1583,7 @@ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_contex - /* apol constraint query */ - typedef struct apol_constraint_query {} apol_constraint_query_t; - %extend apol_constraint_query_t { -- apol_constraint_query_t() { -+ apol_constraint_query() { - apol_constraint_query_t *acq; - BEGIN_EXCEPTION - acq = apol_constraint_query_create(); -@@ -1594,7 +1594,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t; - fail: - return acq; - }; -- ~apol_constraint_query_t() { -+ ~apol_constraint_query() { - apol_constraint_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1634,7 +1634,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t; - /* apol validatetrans query */ - typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; - %extend apol_validatetrans_query_t { -- apol_validatetrans_query_t() { -+ apol_validatetrans_query() { - apol_validatetrans_query_t *avq; - BEGIN_EXCEPTION - avq = apol_validatetrans_query_create(); -@@ -1645,7 +1645,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; - fail: - return avq; - }; -- ~apol_validatetrans_query_t() { -+ ~apol_validatetrans_query() { - apol_validatetrans_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1684,7 +1684,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; - #endif - typedef struct apol_genfscon_query {} apol_genfscon_query_t; - %extend apol_genfscon_query_t { -- apol_genfscon_query_t() { -+ apol_genfscon_query() { - apol_genfscon_query_t *agq; - BEGIN_EXCEPTION - agq = apol_genfscon_query_create(); -@@ -1695,7 +1695,7 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t; - fail: - return agq; - }; -- ~apol_genfscon_query_t() { -+ ~apol_genfscon_query() { - apol_genfscon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1746,7 +1746,7 @@ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon); - /* apol fs_use query */ - typedef struct apol_fs_use_query {} apol_fs_use_query_t; - %extend apol_fs_use_query_t { -- apol_fs_use_query_t() { -+ apol_fs_use_query() { - apol_fs_use_query_t *afq; - BEGIN_EXCEPTION - afq = apol_fs_use_query_create(); -@@ -1757,7 +1757,7 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t; - fail: - return afq; - }; -- ~apol_fs_use_query_t() { -+ ~apol_fs_use_query() { - apol_fs_use_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1799,7 +1799,7 @@ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse); - /* apol initial sid query */ - typedef struct apol_isid_query {} apol_isid_query_t; - %extend apol_isid_query_t { -- apol_isid_query_t() { -+ apol_isid_query() { - apol_isid_query_t *aiq; - BEGIN_EXCEPTION - aiq = apol_isid_query_create(); -@@ -1810,7 +1810,7 @@ typedef struct apol_isid_query {} apol_isid_query_t; - fail: - return aiq; - }; -- ~apol_isid_query_t() { -+ ~apol_isid_query() { - apol_isid_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1841,7 +1841,7 @@ typedef struct apol_isid_query {} apol_isid_query_t; - /* apol portcon query */ - typedef struct apol_portcon_query {} apol_portcon_query_t; - %extend apol_portcon_query_t { -- apol_portcon_query_t() { -+ apol_portcon_query() { - apol_portcon_query_t *apq; - BEGIN_EXCEPTION - apq = apol_portcon_query_create(); -@@ -1852,7 +1852,7 @@ typedef struct apol_portcon_query {} apol_portcon_query_t; - fail: - return apq; - }; -- ~apol_portcon_query_t() { -+ ~apol_portcon_query() { - apol_portcon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1885,7 +1885,7 @@ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon); - /* apol netifcon query */ - typedef struct apol_netifcon_query {} apol_netifcon_query_t; - %extend apol_netifcon_query_t { -- apol_netifcon_query_t() { -+ apol_netifcon_query() { - apol_netifcon_query_t *anq; - BEGIN_EXCEPTION - anq = apol_netifcon_query_create(); -@@ -1896,7 +1896,7 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t; - fail: - return anq; - }; -- ~apol_netifcon_query_t() { -+ ~apol_netifcon_query() { - apol_netifcon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -1932,7 +1932,7 @@ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon); - /* apol nodecon query */ - typedef struct apol_nodecon_query {} apol_nodecon_query_t; - %extend apol_nodecon_query_t { -- apol_nodecon_query_t() { -+ apol_nodecon_query() { - apol_nodecon_query_t *anq; - BEGIN_EXCEPTION - anq = apol_nodecon_query_create(); -@@ -1943,7 +1943,7 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t; - fail: - return anq; - }; -- ~apol_nodecon_query_t() { -+ ~apol_nodecon_query() { - apol_nodecon_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2012,7 +2012,7 @@ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon); - /* apol avrule query */ - typedef struct apol_avrule_query {} apol_avrule_query_t; - %extend apol_avrule_query_t { -- apol_avrule_query_t() { -+ apol_avrule_query() { - apol_avrule_query_t *avq; - BEGIN_EXCEPTION - avq = apol_avrule_query_create(); -@@ -2023,7 +2023,7 @@ typedef struct apol_avrule_query {} apol_avrule_query_t; - fail: - return avq; - }; -- ~apol_avrule_query_t() { -+ ~apol_avrule_query() { - apol_avrule_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2163,7 +2163,7 @@ char *apol_syn_avrule_render(apol_policy_t * policy, qpol_syn_avrule_t * rule); - /* apol terule query */ - typedef struct apol_terule_query {} apol_terule_query_t; - %extend apol_terule_query_t { -- apol_terule_query_t() { -+ apol_terule_query() { - apol_terule_query_t *atq; - BEGIN_EXCEPTION - atq = apol_terule_query_create(); -@@ -2174,7 +2174,7 @@ typedef struct apol_terule_query {} apol_terule_query_t; - fail: - return atq; - }; -- ~apol_terule_query_t() { -+ ~apol_terule_query() { - apol_terule_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2287,7 +2287,7 @@ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t - /* apol cond rule query */ - typedef struct apol_cond_query {} apol_cond_query_t; - %extend apol_cond_query_t { -- apol_cond_query_t() { -+ apol_cond_query() { - apol_cond_query_t *acq; - BEGIN_EXCEPTION - acq = apol_cond_query_create(); -@@ -2298,7 +2298,7 @@ typedef struct apol_cond_query {} apol_cond_query_t; - fail: - return acq; - }; -- ~apol_cond_query_t() { -+ ~apol_cond_query() { - apol_cond_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2331,7 +2331,7 @@ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond); - /* apol role allow query */ - typedef struct apol_role_allow_query {} apol_role_allow_query_t; - %extend apol_role_allow_query_t { -- apol_role_allow_query_t() { -+ apol_role_allow_query() { - apol_role_allow_query_t *arq; - BEGIN_EXCEPTION - arq = apol_role_allow_query_create(); -@@ -2342,7 +2342,7 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t; - fail: - return arq; - }; -- ~apol_role_allow_query_t() { -+ ~apol_role_allow_query() { - apol_role_allow_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2387,7 +2387,7 @@ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule); - /* apol role transition rule query */ - typedef struct apol_role_trans_query {} apol_role_trans_query_t; - %extend apol_role_trans_query_t { -- apol_role_trans_query_t() { -+ apol_role_trans_query() { - apol_role_trans_query_t *arq; - BEGIN_EXCEPTION - arq = apol_role_trans_query_create(); -@@ -2398,7 +2398,7 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t; - fail: - return arq; - }; -- ~apol_role_trans_query_t() { -+ ~apol_role_trans_query() { - apol_role_trans_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2452,7 +2452,7 @@ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule); - /* apol range transition rule query */ - typedef struct apol_range_trans_query {} apol_range_trans_query_t; - %extend apol_range_trans_query_t { -- apol_range_trans_query_t() { -+ apol_range_trans_query() { - apol_range_trans_query_t *arq; - BEGIN_EXCEPTION - arq = apol_range_trans_query_create(); -@@ -2463,7 +2463,7 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t; - fail: - return arq; - }; -- ~apol_range_trans_query_t() { -+ ~apol_range_trans_query() { - apol_range_trans_query_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2531,7 +2531,7 @@ char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule) - #define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID) - typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; - %extend apol_domain_trans_analysis_t { -- apol_domain_trans_analysis_t() { -+ apol_domain_trans_analysis() { - apol_domain_trans_analysis_t *dta; - BEGIN_EXCEPTION - dta = apol_domain_trans_analysis_create(); -@@ -2542,7 +2542,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; - fail: - return dta; - }; -- ~apol_domain_trans_analysis_t() { -+ ~apol_domain_trans_analysis() { - apol_domain_trans_analysis_destroy(&self); - }; - void set_direction(apol_policy_t *p, int direction) { -@@ -2622,7 +2622,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; - }; - typedef struct apol_domain_trans_result {} apol_domain_trans_result_t; - %extend apol_domain_trans_result_t { -- apol_domain_trans_result_t(apol_domain_trans_result_t *in) { -+ apol_domain_trans_result(apol_domain_trans_result_t *in) { - apol_domain_trans_result_t *dtr; - BEGIN_EXCEPTION - dtr = apol_domain_trans_result_create_from_domain_trans_result(in); -@@ -2633,7 +2633,7 @@ typedef struct apol_domain_trans_result {} apol_domain_trans_result_t; - fail: - return dtr; - }; -- ~apol_domain_trans_result_t() { -+ ~apol_domain_trans_result() { - apol_domain_trans_result_destroy(&self); - }; - const qpol_type_t *get_start_type() { -@@ -2705,14 +2705,14 @@ int apol_domain_trans_table_verify_trans(apol_policy_t * policy, qpol_type_t * s - %} - typedef struct apol_infoflow {} apol_infoflow_t; - %extend apol_infoflow_t { -- apol_infoflow_t() { -+ apol_infoflow() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_t() { -+ ~apol_infoflow() { - apol_infoflow_destroy(&self); - }; - %newobject extract_graph(); -@@ -2730,7 +2730,7 @@ typedef struct apol_infoflow {} apol_infoflow_t; - }; - typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; - %extend apol_infoflow_analysis_t { -- apol_infoflow_analysis_t() { -+ apol_infoflow_analysis() { - apol_infoflow_analysis_t *aia; - BEGIN_EXCEPTION - aia = apol_infoflow_analysis_create(); -@@ -2741,7 +2741,7 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; - fail: - return aia; - }; -- ~apol_infoflow_analysis_t() { -+ ~apol_infoflow_analysis() { - apol_infoflow_analysis_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -2823,14 +2823,14 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; - }; - typedef struct apol_infoflow_graph {} apol_infoflow_graph_t; - %extend apol_infoflow_graph_t { -- apol_infoflow_graph_t() { -+ apol_infoflow_graph() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_graph_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_graph_t() { -+ ~apol_infoflow_graph() { - apol_infoflow_graph_destroy(&self); - }; - %newobject do_more(apol_policy_t*, char*); -@@ -2867,14 +2867,14 @@ typedef struct apol_infoflow_graph {} apol_infoflow_graph_t; - }; - typedef struct apol_infoflow_result {} apol_infoflow_result_t; - %extend apol_infoflow_result_t { -- apol_infoflow_result_t() { -+ apol_infoflow_result() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_result_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_result_t() { -+ ~apol_infoflow_result() { - /* no op - vector will destroy */ - return; - }; -@@ -2901,14 +2901,14 @@ typedef struct apol_infoflow_result {} apol_infoflow_result_t; - %} - typedef struct apol_infoflow_step {} apol_infoflow_step_t; - %extend apol_infoflow_step_t { -- apol_infoflow_step_t() { -+ apol_infoflow_step() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_step_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_infoflow_step_t() { -+ ~apol_infoflow_step() { - /* no op */ - return; - }; -@@ -2938,7 +2938,7 @@ typedef struct apol_infoflow_step {} apol_infoflow_step_t; - #define APOL_RELABEL_DIR_SUBJECT 0x04 - typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; - %extend apol_relabel_analysis_t { -- apol_relabel_analysis_t() { -+ apol_relabel_analysis() { - apol_relabel_analysis_t *ara; - BEGIN_EXCEPTION - ara = apol_relabel_analysis_create(); -@@ -2949,7 +2949,7 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; - fail: - return ara; - }; -- ~apol_relabel_analysis_t() { -+ ~apol_relabel_analysis() { - apol_relabel_analysis_destroy(&self); - }; - %newobject run(apol_policy_t*); -@@ -3011,14 +3011,14 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; - }; - typedef struct apol_relabel_result {} apol_relabel_result_t; - %extend apol_relabel_result_t { -- apol_relabel_result_t() { -+ apol_relabel_result() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_relabel_result_t() { -+ ~apol_relabel_result() { - /* no op - vector will destroy */ - return; - }; -@@ -3042,14 +3042,14 @@ typedef struct apol_relabel_result {} apol_relabel_result_t; - %} - typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t; - %extend apol_relabel_result_pair_t { -- apol_relabel_result_pair_t() { -+ apol_relabel_result_pair() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_pair_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_relabel_result_pair_t() { -+ ~apol_relabel_result_pair() { - /* no op - owned and free()'d by apol_relabel_result_t */ - return; - }; -@@ -3084,7 +3084,7 @@ typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t; - #define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000 - typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; - %extend apol_types_relation_analysis_t { -- apol_types_relation_analysis_t() { -+ apol_types_relation_analysis() { - apol_types_relation_analysis_t *atr; - BEGIN_EXCEPTION - atr = apol_types_relation_analysis_create(); -@@ -3095,7 +3095,7 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; - fail: - return atr; - }; -- ~apol_types_relation_analysis_t() { -+ ~apol_types_relation_analysis() { - apol_types_relation_analysis_destroy(&self); - } - %newobject run(apol_policy_t*); -@@ -3139,14 +3139,14 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; - }; - typedef struct apol_types_relation_result {} apol_types_relation_result_t; - %extend apol_types_relation_result_t { -- apol_types_relation_result_t() { -+ apol_types_relation_result() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_result_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_types_relation_result_t() { -+ ~apol_types_relation_result() { - apol_types_relation_result_destroy(&self); - }; - const apol_vector_t *get_attributes() { -@@ -3194,14 +3194,14 @@ typedef struct apol_types_relation_result {} apol_types_relation_result_t; - }; - typedef struct apol_types_relation_access {} apol_types_relation_access_t; - %extend apol_types_relation_access_t { -- apol_types_relation_access_t() { -+ apol_types_relation_access() { - BEGIN_EXCEPTION - SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_access_t objects"); - END_EXCEPTION - fail: - return NULL; - }; -- ~apol_types_relation_access_t() { -+ ~apol_types_relation_access() { - /* no op - vector will destroy */ - return; - }; --- - diff --git a/0014-boolsub.patch b/0014-boolsub.patch deleted file mode 100644 index 2890628..0000000 --- a/0014-boolsub.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up ./setools-3.3.7/secmds/seinfo.c~ ./setools-3.3.7/secmds/seinfo.c ---- ./setools-3.3.7/secmds/seinfo.c~ 2013-03-14 15:26:31.467121596 -0400 -+++ ./setools-3.3.7/secmds/seinfo.c 2013-03-14 15:35:20.154650517 -0400 -@@ -1705,7 +1705,7 @@ int main(int argc, char **argv) - case 'b': /* conditional booleans */ - bools = 1; - if (optarg != 0) -- bool_name = optarg; -+ bool_name = selinux_boolean_sub(optarg); - break; - case OPT_INITIALSID: - isids = 1; -diff -up ./setools-3.3.7/secmds/sesearch.c~ ./setools-3.3.7/secmds/sesearch.c ---- ./setools-3.3.7/secmds/sesearch.c~ 2013-03-14 15:26:31.539121944 -0400 -+++ ./setools-3.3.7/secmds/sesearch.c 2013-03-14 15:34:36.615445562 -0400 -@@ -1056,7 +1056,7 @@ int main(int argc, char **argv) - printf("Missing boolean for -b (--bool)\n"); - exit(1); - } -- cmd_opts.bool_name = strdup(optarg); -+ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg)); - if (!cmd_opts.bool_name) { - fprintf(stderr, "%s\n", strerror(errno)); - exit(1); diff --git a/0015-aliases.patch b/0015-aliases.patch deleted file mode 100644 index 355aff3..0000000 --- a/0015-aliases.patch +++ /dev/null @@ -1,82 +0,0 @@ -diff -up setools-3.3.7/libapol/src/policy-query.c~ setools-3.3.7/libapol/src/policy-query.c -diff -up setools-3.3.7/libqpol/include/qpol/type_query.h~ setools-3.3.7/libqpol/include/qpol/type_query.h -diff -up setools-3.3.7/libqpol/tests/iterators-tests.c~ setools-3.3.7/libqpol/tests/iterators-tests.c -diff -up setools-3.3.7/secmds/seinfo.c~ setools-3.3.7/secmds/seinfo.c ---- setools-3.3.7/secmds/seinfo.c~ 2013-03-25 11:30:23.161633059 -0400 -+++ setools-3.3.7/secmds/seinfo.c 2013-03-28 13:08:07.281751011 -0400 -@@ -46,6 +46,7 @@ - #include - #include - #include -+#include - - #define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" - -@@ -54,6 +55,7 @@ - - static char *policy_file = NULL; - -+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb); - static void print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); - static void print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); - static void print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand); -@@ -511,6 +513,7 @@ static int print_types(FILE * fp, const - if (qpol_policy_get_type_by_name(q, name, &type_datum)) - goto cleanup; - print_type_attrs(fp, type_datum, policydb, expand); -+ print_type_aliases(fp, type_datum, policydb); - } else { - if (qpol_policy_get_type_iter(q, &iter)) - goto cleanup; -@@ -1897,6 +1900,51 @@ int main(int argc, char **argv) - } - - /** -+ * Prints the alias of a type. -+ * -+ * @param fp Reference to a file to which to print type information -+ * @param type_datum Reference to sepol type_datum -+ * @param policydb Reference to a policy -+ * attributes -+ */ -+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb) -+{ -+ qpol_iterator_t *iter = NULL; -+ size_t alias_size; -+ unsigned char isattr, isalias; -+ const char *type_name = NULL; -+ const char *alias_name; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ -+ if (qpol_type_get_name(q, type_datum, &type_name)) -+ goto cleanup; -+ if (qpol_type_get_isattr(q, type_datum, &isattr)) -+ goto cleanup; -+ if (qpol_type_get_isalias(q, type_datum, &isalias)) -+ goto cleanup; -+ -+ if (isalias) { -+ fprintf(fp, " TypeName %s\n", type_name); -+ } -+ if (qpol_type_get_alias_iter(q, type_datum, &iter)) -+ goto cleanup; -+ if (qpol_iterator_get_size(iter, &alias_size)) -+ goto cleanup; -+ if (alias_size > 0) { -+ fprintf(fp, " Aliases\n"); -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&alias_name)) -+ goto cleanup; -+ fprintf(fp, " %s\n", alias_name); -+ } -+ } -+ -+ cleanup: -+ qpol_iterator_destroy(&iter); -+ return; -+} -+ -+/** - * Prints a textual representation of a type, and possibly - * all of that type's attributes. - * diff --git a/0016-cmdline.patch b/0016-cmdline.patch deleted file mode 100644 index 82b4825..0000000 --- a/0016-cmdline.patch +++ /dev/null @@ -1,107 +0,0 @@ -diff -up setools-3.3.7/man/sesearch.1.cmdline setools-3.3.7/man/sesearch.1 ---- setools-3.3.7/man/sesearch.1.cmdline 2008-02-22 14:06:28.000000000 -0500 -+++ setools-3.3.7/man/sesearch.1 2013-07-19 06:46:21.314068667 -0400 -@@ -43,7 +43,7 @@ Search for allow rules. - Search for neverallow rules. - .IP "--auditallow" - Search for auditallow rules. --.IP "--dontaudit" -+.IP "-D, --dontaudit" - Search for dontaudit rules. - .IP "-T, --type" - Search for type_transition, type_member, and type_change rules. -diff -up setools-3.3.7/secmds/sesearch.c.cmdline setools-3.3.7/secmds/sesearch.c ---- setools-3.3.7/secmds/sesearch.c.cmdline 2013-07-19 06:46:21.291068510 -0400 -+++ setools-3.3.7/secmds/sesearch.c 2013-07-19 06:48:12.962830868 -0400 -@@ -24,6 +24,7 @@ - */ - - #include -+#include - - /* libapol */ - #include -@@ -61,9 +62,8 @@ enum opt_values - static struct option const longopts[] = { - {"allow", no_argument, NULL, 'A'}, - {"neverallow", no_argument, NULL, RULE_NEVERALLOW}, -- {"audit", no_argument, NULL, RULE_AUDIT}, - {"auditallow", no_argument, NULL, RULE_AUDITALLOW}, -- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT}, -+ {"dontaudit", no_argument, NULL, 'D'}, - {"type", no_argument, NULL, 'T'}, - {"role_allow", no_argument, NULL, RULE_ROLE_ALLOW}, - {"role_trans", no_argument, NULL, RULE_ROLE_TRANS}, -@@ -72,7 +72,6 @@ static struct option const longopts[] = - - {"source", required_argument, NULL, 's'}, - {"target", required_argument, NULL, 't'}, -- {"default", required_argument, NULL, 'D'}, - {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, - {"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, - {"class", required_argument, NULL, 'c'}, -@@ -129,7 +128,7 @@ void usage(const char *program_name, int - printf(" -A, --allow allow rules\n"); - printf(" --neverallow neverallow rules\n"); - printf(" --auditallow auditallow rules\n"); -- printf(" --dontaudit dontaudit rules\n"); -+ printf(" -D, --dontaudit dontaudit rules\n"); - printf(" -T, --type type_trans, type_member, and type_change\n"); - printf(" --role_allow role allow rules\n"); - printf(" --role_trans role_transition rules\n"); -@@ -666,10 +665,6 @@ static void print_ft_results(const apol_ - size_t i, num_filename_trans = 0; - const qpol_filename_trans_t *filename_trans = NULL; - char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; -- char enable_char = ' ', branch_char = ' '; -- qpol_iterator_t *iter = NULL; -- const qpol_cond_t *cond = NULL; -- uint32_t enabled = 0, list = 0; - - if (!(num_filename_trans = apol_vector_get_size(v))) - goto cleanup; -@@ -677,7 +672,6 @@ static void print_ft_results(const apol_ - fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); - - for (i = 0; i < num_filename_trans; i++) { -- enable_char = branch_char = ' '; - if (!(filename_trans = apol_vector_get_element(v, i))) - goto cleanup; - -@@ -962,7 +956,7 @@ int main(int argc, char **argv) - - memset(&cmd_opts, 0, sizeof(cmd_opts)); - cmd_opts.indirect = true; -- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { -+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) { - switch (optc) { - case 0: - break; -@@ -978,18 +972,6 @@ int main(int argc, char **argv) - exit(1); - } - break; -- case 'D': /* source */ -- if (optarg == 0) { -- usage(argv[0], 1); -- printf("Missing source default type for -D (--default)\n"); -- exit(1); -- } -- cmd_opts.default_name = strdup(optarg); -- if (!cmd_opts.default_name) { -- -- exit(1); -- } -- break; - case 't': /* target */ - if (optarg == 0) { - usage(argv[0], 1); -@@ -1082,7 +1064,7 @@ int main(int argc, char **argv) - case RULE_AUDITALLOW: - cmd_opts.auditallow = true; - break; -- case RULE_DONTAUDIT: -+ case 'D': - cmd_opts.dontaudit = true; - break; - case 'T': /* type */ diff --git a/0017-update-to-libsepool-2.4-parser.patch b/0017-update-to-libsepool-2.4-parser.patch deleted file mode 100644 index bfd807a..0000000 --- a/0017-update-to-libsepool-2.4-parser.patch +++ /dev/null @@ -1,101 +0,0 @@ -From 0e41755e0364df7666f286a3b6f8d663933c3149 Mon Sep 17 00:00:00 2001 -From: Chris PeBenito -Date: Wed, 4 Feb 2015 14:34:47 -0500 -Subject: [PATCH] Update to libsepol 2.4 parser. - -There was a struct change internally. Now setools requires libsepol 2.4. ---- - README | 4 ++-- - libqpol/src/policy_define.c | 4 ++-- - libqpol/src/policy_extend.c | 4 ++-- - libqpol/src/syn_rule_query.c | 6 +++--- - 4 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/README b/README -index 04b159b..c08d786 100644 ---- a/README -+++ b/README -@@ -71,8 +71,8 @@ compilation: - bison - pkg-config 0.23 or greater - libselinux 2.0.87 or greater -- libsepol 2.0.38 or greater -- libsepol-static 2.0.38 or greater -+ libsepol 2.4 or greater -+ libsepol-static 2.4 or greater - libxml2 - sqlite 3.6.20 or greater - -diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c -index fad6b60..231962f 100644 ---- a/libqpol/src/policy_define.c -+++ b/libqpol/src/policy_define.c -@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule) - return -1; - } - class_perm_node_init(perm); -- perm->class = i + 1; -+ perm->tclass = i + 1; - perm->data = datum->s.value; - perm->next = avrule->perms; - avrule->perms = perm; -@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule) - goto out; - } - class_perm_node_init(cur_perms); -- cur_perms->class = i + 1; -+ cur_perms->tclass = i + 1; - if (!perms) - perms = cur_perms; - if (tail) -diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c -index 5325a87..1417271 100644 ---- a/libqpol/src/policy_extend.c -+++ b/libqpol/src/policy_extend.c -@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_ - for (class_node = rule->perms; class_node; class_node = class_node->next) { - key.rule_type = rule->specified; - key.source_val = key.target_val = i + 1; -- key.class_val = class_node->class; -+ key.class_val = class_node->tclass; - key.cond = cond; - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule)) - goto err; -@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_ - key.rule_type = rule->specified; - key.source_val = i + 1; - key.target_val = j + 1; -- key.class_val = class_node->class; -+ key.class_val = class_node->tclass; - key.cond = cond; - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule)) - goto err; -diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c -index 3e63204..d7578f1 100644 ---- a/libqpol/src/syn_rule_query.c -+++ b/libqpol/src/syn_rule_query.c -@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter) - return NULL; - } - -- return db->class_val_to_struct[srcs->cur->class - 1]; -+ return db->class_val_to_struct[srcs->cur->tclass - 1]; - } - - static int syn_rule_class_state_next(qpol_iterator_t * iter) -@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a - } - - for (node = internal_rule->perms; node; node = node->next) { -- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) { -+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) { - if (!(node->data & (1 << i))) - continue; -- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i)); -+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i)); - if (tmp) { - tmp++; /* remove prepended space */ - for (cur = 0; cur < perm_list_sz; cur++) --- -1.8.3.1 - diff --git a/setools-exitstatus.patch b/setools-exitstatus.patch deleted file mode 100644 index 3500aca..0000000 --- a/setools-exitstatus.patch +++ /dev/null @@ -1,119 +0,0 @@ -diff -up setools-3.3.7/secmds/seinfo.c.exitstatus setools-3.3.7/secmds/seinfo.c ---- setools-3.3.7/secmds/seinfo.c.exitstatus 2010-05-03 12:39:02.000000000 -0400 -+++ setools-3.3.7/secmds/seinfo.c 2010-11-05 09:54:39.000000000 -0400 -@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const c - */ - static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb) - { -- int retval = 0; -+ int retval = -1; - apol_cat_query_t *query = NULL; - apol_vector_t *v = NULL; - const qpol_cat_t *cat_datum = NULL; -@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const - fprintf(fp, " %s\n", tmp); - free(tmp); - } -- if (type && !apol_vector_get_size(v)) -+ if (type && !apol_vector_get_size(v)) { - ERR(policydb, "No fs_use statement for filesystem of type %s.", type); -- -+ goto cleanup; -+ } - retval = 0; - cleanup: - apol_fs_use_query_destroy(&query); -@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, con - ERR(policydb, "%s", strerror(ENOMEM)); - goto cleanup; - } -- - if (apol_genfscon_query_set_filesystem(policydb, query, type)) - goto cleanup; - if (apol_genfscon_get_by_query(policydb, query, &v)) -@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, con - free(tmp); - } - -- if (type && !apol_vector_get_size(v)) -+ if (type && !apol_vector_get_size(v)) { - ERR(policydb, "No genfscon statement for filesystem of type %s.", type); -+ goto cleanup; -+ } - - retval = 0; - cleanup: -@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators - - int main(int argc, char **argv) - { -+ int rc = 0; - int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif, - node, port, permissives, polcaps, constrain, linebreaks; - apol_policy_t *policydb = NULL; -@@ -1851,46 +1854,46 @@ int main(int argc, char **argv) - - /* display requested info */ - if (stats || all) -- print_stats(stdout, policydb); -+ rc = print_stats(stdout, policydb); - if (classes || all) -- print_classes(stdout, class_name, expand, policydb); -+ rc = print_classes(stdout, class_name, expand, policydb); - if (types || all) -- print_types(stdout, type_name, expand, policydb); -+ rc = print_types(stdout, type_name, expand, policydb); - if (attribs || all) -- print_attribs(stdout, attrib_name, expand, policydb); -+ rc = print_attribs(stdout, attrib_name, expand, policydb); - if (roles || all) -- print_roles(stdout, role_name, expand, policydb); -+ rc = print_roles(stdout, role_name, expand, policydb); - if (users || all) -- print_users(stdout, user_name, expand, policydb); -+ rc = print_users(stdout, user_name, expand, policydb); - if (bools || all) -- print_booleans(stdout, bool_name, expand, policydb); -+ rc = print_booleans(stdout, bool_name, expand, policydb); - if (sens || all) -- print_sens(stdout, sens_name, expand, policydb); -+ rc = print_sens(stdout, sens_name, expand, policydb); - if (cats || all) -- print_cats(stdout, cat_name, expand, policydb); -+ rc = print_cats(stdout, cat_name, expand, policydb); - if (fsuse || all) -- print_fsuse(stdout, fsuse_type, policydb); -+ rc = print_fsuse(stdout, fsuse_type, policydb); - if (genfs || all) -- print_genfscon(stdout, genfs_type, policydb); -+ rc = print_genfscon(stdout, genfs_type, policydb); - if (netif || all) -- print_netifcon(stdout, netif_name, policydb); -+ rc = print_netifcon(stdout, netif_name, policydb); - if (node || all) -- print_nodecon(stdout, node_addr, policydb); -+ rc = print_nodecon(stdout, node_addr, policydb); - if (port || all) -- print_portcon(stdout, port_num, protocol, policydb); -+ rc = print_portcon(stdout, port_num, protocol, policydb); - if (isids || all) -- print_isids(stdout, isid_name, expand, policydb); -+ rc = print_isids(stdout, isid_name, expand, policydb); - if (permissives || all) -- print_permissives(stdout, permissive_name, expand, policydb); -+ rc = print_permissives(stdout, permissive_name, expand, policydb); - if (polcaps || all) -- print_polcaps(stdout, polcap_name, expand, policydb); -+ rc = print_polcaps(stdout, polcap_name, expand, policydb); - if (constrain || all) -- print_constraints(stdout, expand, policydb, linebreaks); -+ rc = print_constraints(stdout, expand, policydb, linebreaks); - - apol_policy_destroy(&policydb); - apol_policy_path_destroy(&pol_path); - free(policy_file); -- exit(0); -+ exit(rc); - } - - /** diff --git a/setools-neverallow.patch b/setools-neverallow.patch deleted file mode 100644 index e84cc3b..0000000 --- a/setools-neverallow.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up setools-3.3.7/libqpol/src/avrule_query.c~ setools-3.3.7/libqpol/src/avrule_query.c ---- setools-3.3.7/libqpol/src/avrule_query.c~ 2010-04-23 12:22:08.000000000 -0400 -+++ setools-3.3.7/libqpol/src/avrule_query.c 2011-01-06 10:42:50.000000000 -0500 -@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qp - - if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { - ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); -- errno = ENOTSUP; -- return STATUS_ERR; -+/* errno = ENOTSUP; -+ return STATUS_ERR; */ -+ return STATUS_SUCCESS; - } - - db = &policy->p->p; diff --git a/setools-python.patch b/setools-python.patch deleted file mode 100644 index 6d13af6..0000000 --- a/setools-python.patch +++ /dev/null @@ -1,2747 +0,0 @@ -diff -up setools-3.3.7/configure.ac.python setools-3.3.7/configure.ac ---- setools-3.3.7/configure.ac.python 2010-04-30 10:25:48.000000000 -0400 -+++ setools-3.3.7/configure.ac 2010-07-30 15:02:10.000000000 -0400 -@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java, - enable_jswig="$enableval") - if test "x${enable_jswig}" = xyes; then - if test ${do_swigify} = no; then -- AC_PROG_SWIG(1.3.28) -+ AC_PROG_SWIG(2.0.0) - fi - AC_JAVA_OPTIONS - if test "x$JAVAPREFIX" = x; then -@@ -216,21 +216,23 @@ if test "x${enable_jswig}" = xyes; then - do_swigify_java=yes - do_swigify=yes - fi -+ -+AM_PATH_PYTHON(2.7) -+ - AC_ARG_ENABLE(swig-python, - AC_HELP_STRING([--enable-swig-python], - [build SWIG interfaces for Python]), - enable_pyswig="$enableval") - if test "x${enable_pyswig}" = xyes; then - if test ${do_swigify} = no; then -- AC_PROG_SWIG(1.3.28) -+ AC_PROG_SWIG(2.0.0) - fi -- AM_PATH_PYTHON(2.3) - SWIG_PYTHON - do_swigify_python=yes - do_swigify=yes - fi - if test ${do_swigify} = "yes"; then -- AC_PROG_SWIG(1.3.28) -+ AC_PROG_SWIG(2.0.0) - fi - build_apol=yes - AC_ARG_ENABLE(swig-tcl, -@@ -239,7 +241,7 @@ AC_ARG_ENABLE(swig-tcl, - enable_tclswig="$enableval", enable_tclswig="yes") - if test "x${enable_tclswig}" = xyes; then - if test ${do_swigify} = no; then -- AC_PROG_SWIG(1.3.28) -+ AC_PROG_SWIG(2.0.0) - fi - TEA_INIT(3.5) - TEA_PATH_TCLCONFIG -@@ -888,6 +890,8 @@ AC_CONFIG_FILES([Makefile VERSION \ - sediff/Makefile \ - man/Makefile \ - debian/Makefile \ -+ python/Makefile \ -+ python/setools/Makefile \ - packages/Makefile packages/rpm/Makefile \ - packages/libqpol.pc packages/libapol.pc packages/libpoldiff.pc packages/libseaudit.pc packages/libsefs.pc]) - -diff -up setools-3.3.7/Makefile.am.python setools-3.3.7/Makefile.am ---- setools-3.3.7/Makefile.am.python 2008-02-22 14:06:28.000000000 -0500 -+++ setools-3.3.7/Makefile.am 2010-07-30 15:02:10.000000000 -0400 -@@ -10,7 +10,7 @@ if BUILD_GUI - endif - # sediffx is also built conditionally, from sediffx/Makefile.am - --SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) -+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python - - #old indent opts - #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc -diff -up setools-3.3.7/Makefile.in.python setools-3.3.7/Makefile.in ---- setools-3.3.7/Makefile.in.python 2010-05-12 10:01:09.000000000 -0400 -+++ setools-3.3.7/Makefile.in 2010-07-30 15:02:47.000000000 -0400 -@@ -79,7 +79,7 @@ AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGE - ETAGS = etags - CTAGS = ctags - DIST_SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds \ -- sechecker sediff man packages debian apol seaudit -+ sechecker sediff man packages debian apol seaudit python - DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) - distdir = $(PACKAGE)-$(VERSION) - top_distdir = $(distdir) -@@ -385,7 +385,7 @@ AUTOMAKE_OPTIONS = dist-bzip2 - @BUILD_APOL_TRUE@MAYBE_APOL = apol - @BUILD_GUI_TRUE@MAYBE_GUI = seaudit - # sediffx is also built conditionally, from sediffx/Makefile.am --SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) -+SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python - - #old indent opts - #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc -diff -up setools-3.3.7/python/Makefile.am.python setools-3.3.7/python/Makefile.am ---- setools-3.3.7/python/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/Makefile.am 2010-07-30 15:02:10.000000000 -0400 -@@ -0,0 +1 @@ -+SUBDIRS = setools -diff -up setools-3.3.7/python/Makefile.in.python setools-3.3.7/python/Makefile.in ---- setools-3.3.7/python/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/Makefile.in 2010-07-30 15:02:46.000000000 -0400 -@@ -0,0 +1,716 @@ -+# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# @configure_input@ -+ -+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -+# Inc. -+# This Makefile.in is free software; the Free Software Foundation -+# gives unlimited permission to copy and/or distribute it, -+# with or without modifications, as long as this notice is preserved. -+ -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -+# PARTICULAR PURPOSE. -+ -+@SET_MAKE@ -+VPATH = @srcdir@ -+pkgdatadir = $(datadir)/@PACKAGE@ -+pkgincludedir = $(includedir)/@PACKAGE@ -+pkglibdir = $(libdir)/@PACKAGE@ -+pkglibexecdir = $(libexecdir)/@PACKAGE@ -+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -+install_sh_DATA = $(install_sh) -c -m 644 -+install_sh_PROGRAM = $(install_sh) -c -+install_sh_SCRIPT = $(install_sh) -c -+INSTALL_HEADER = $(INSTALL_DATA) -+transform = $(program_transform_name) -+NORMAL_INSTALL = : -+PRE_INSTALL = : -+POST_INSTALL = : -+NORMAL_UNINSTALL = : -+PRE_UNINSTALL = : -+POST_UNINSTALL = : -+build_triplet = @build@ -+host_triplet = @host@ -+subdir = python -+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -+am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \ -+ $(top_srcdir)/m4/ac_java_options.m4 \ -+ $(top_srcdir)/m4/ac_pkg_swig.m4 \ -+ $(top_srcdir)/m4/ac_prog_jar.m4 \ -+ $(top_srcdir)/m4/ac_prog_java.m4 \ -+ $(top_srcdir)/m4/ac_prog_java_works.m4 \ -+ $(top_srcdir)/m4/ac_prog_javac.m4 \ -+ $(top_srcdir)/m4/ac_prog_javac_works.m4 \ -+ $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \ -+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ -+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ -+ $(top_srcdir)/m4/lt~obsolete.m4 \ -+ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \ -+ $(top_srcdir)/configure.ac -+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ -+ $(ACLOCAL_M4) -+mkinstalldirs = $(install_sh) -d -+CONFIG_HEADER = $(top_builddir)/config.h -+CONFIG_CLEAN_FILES = -+CONFIG_CLEAN_VPATH_FILES = -+SOURCES = -+DIST_SOURCES = -+RECURSIVE_TARGETS = all-recursive check-recursive dvi-recursive \ -+ html-recursive info-recursive install-data-recursive \ -+ install-dvi-recursive install-exec-recursive \ -+ install-html-recursive install-info-recursive \ -+ install-pdf-recursive install-ps-recursive install-recursive \ -+ installcheck-recursive installdirs-recursive pdf-recursive \ -+ ps-recursive uninstall-recursive -+RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ -+ distclean-recursive maintainer-clean-recursive -+AM_RECURSIVE_TARGETS = $(RECURSIVE_TARGETS:-recursive=) \ -+ $(RECURSIVE_CLEAN_TARGETS:-recursive=) tags TAGS ctags CTAGS \ -+ distdir -+ETAGS = etags -+CTAGS = ctags -+DIST_SUBDIRS = $(SUBDIRS) -+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -+am__relativize = \ -+ dir0=`pwd`; \ -+ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ -+ sed_rest='s,^[^/]*/*,,'; \ -+ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ -+ sed_butlast='s,/*[^/]*$$,,'; \ -+ while test -n "$$dir1"; do \ -+ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ -+ if test "$$first" != "."; then \ -+ if test "$$first" = ".."; then \ -+ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ -+ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ -+ else \ -+ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ -+ if test "$$first2" = "$$first"; then \ -+ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ -+ else \ -+ dir2="../$$dir2"; \ -+ fi; \ -+ dir0="$$dir0"/"$$first"; \ -+ fi; \ -+ fi; \ -+ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ -+ done; \ -+ reldir="$$dir2" -+ACLOCAL = @ACLOCAL@ -+AMTAR = @AMTAR@ -+APOL_CFLAGS = @APOL_CFLAGS@ -+APOL_LIB_FLAG = @APOL_LIB_FLAG@ -+AR = @AR@ -+AUTOCONF = @AUTOCONF@ -+AUTOHEADER = @AUTOHEADER@ -+AUTOMAKE = @AUTOMAKE@ -+AWK = @AWK@ -+BWIDGET_DESTDIR = @BWIDGET_DESTDIR@ -+CC = @CC@ -+CCDEPMODE = @CCDEPMODE@ -+CFLAGS = @CFLAGS@ -+CPP = @CPP@ -+CPPFLAGS = @CPPFLAGS@ -+CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@ -+CXX = @CXX@ -+CXXCPP = @CXXCPP@ -+CXXDEPMODE = @CXXDEPMODE@ -+CXXFLAGS = @CXXFLAGS@ -+CYGPATH = @CYGPATH@ -+CYGPATH_W = @CYGPATH_W@ -+DEBUGCFLAGS = @DEBUGCFLAGS@ -+DEBUGCXXFLAGS = @DEBUGCXXFLAGS@ -+DEBUGJFLAGS = @DEBUGJFLAGS@ -+DEBUGLDFLAGS = @DEBUGLDFLAGS@ -+DEFS = @DEFS@ -+DEPDIR = @DEPDIR@ -+DSYMUTIL = @DSYMUTIL@ -+DUMPBIN = @DUMPBIN@ -+ECHO_C = @ECHO_C@ -+ECHO_N = @ECHO_N@ -+ECHO_T = @ECHO_T@ -+EGREP = @EGREP@ -+EXEEXT = @EXEEXT@ -+FGREP = @FGREP@ -+GLADE_CFLAGS = @GLADE_CFLAGS@ -+GLADE_LIBS = @GLADE_LIBS@ -+GREP = @GREP@ -+GTHREAD_CFLAGS = @GTHREAD_CFLAGS@ -+GTHREAD_LIBS = @GTHREAD_LIBS@ -+GTK_CFLAGS = @GTK_CFLAGS@ -+GTK_LIBS = @GTK_LIBS@ -+INSTALL = @INSTALL@ -+INSTALL_DATA = @INSTALL_DATA@ -+INSTALL_PROGRAM = @INSTALL_PROGRAM@ -+INSTALL_SCRIPT = @INSTALL_SCRIPT@ -+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -+JAR = @JAR@ -+JAVA = @JAVA@ -+JAVAC = @JAVAC@ -+JAVACFLAGS = @JAVACFLAGS@ -+JAVAFLAGS = @JAVAFLAGS@ -+JAVAPREFIX = @JAVAPREFIX@ -+LD = @LD@ -+LDFLAGS = @LDFLAGS@ -+LEX = @LEX@ -+LEXLIB = @LEXLIB@ -+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -+LIBOBJS = @LIBOBJS@ -+LIBS = @LIBS@ -+LIBTOOL = @LIBTOOL@ -+LIPO = @LIPO@ -+LN_S = @LN_S@ -+LTLIBOBJS = @LTLIBOBJS@ -+MAKEINFO = @MAKEINFO@ -+MKDIR_P = @MKDIR_P@ -+NM = @NM@ -+NMEDIT = @NMEDIT@ -+OBJDUMP = @OBJDUMP@ -+OBJEXT = @OBJEXT@ -+OTOOL = @OTOOL@ -+OTOOL64 = @OTOOL64@ -+PACKAGE = @PACKAGE@ -+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -+PACKAGE_NAME = @PACKAGE_NAME@ -+PACKAGE_STRING = @PACKAGE_STRING@ -+PACKAGE_TARNAME = @PACKAGE_TARNAME@ -+PACKAGE_URL = @PACKAGE_URL@ -+PACKAGE_VERSION = @PACKAGE_VERSION@ -+PATH_SEPARATOR = @PATH_SEPARATOR@ -+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@ -+PIXBUF_LIBS = @PIXBUF_LIBS@ -+PKG_CFLAGS = @PKG_CFLAGS@ -+PKG_HEADERS = @PKG_HEADERS@ -+PKG_INCLUDES = @PKG_INCLUDES@ -+PKG_LIBS = @PKG_LIBS@ -+PKG_LIB_FILE = @PKG_LIB_FILE@ -+PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@ -+PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@ -+PKG_STUB_SOURCES = @PKG_STUB_SOURCES@ -+PKG_TCL_SOURCES = @PKG_TCL_SOURCES@ -+POLDIFF_CFLAGS = @POLDIFF_CFLAGS@ -+POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@ -+PROFILECFLAGS = @PROFILECFLAGS@ -+PROFILELDFLAGS = @PROFILELDFLAGS@ -+PYTHON = @PYTHON@ -+PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ -+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -+PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@ -+PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@ -+PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ -+PYTHON_PLATFORM = @PYTHON_PLATFORM@ -+PYTHON_PREFIX = @PYTHON_PREFIX@ -+PYTHON_SITE_PKG = @PYTHON_SITE_PKG@ -+PYTHON_VERSION = @PYTHON_VERSION@ -+QPOL_CFLAGS = @QPOL_CFLAGS@ -+QPOL_LIB_FLAG = @QPOL_LIB_FLAG@ -+RANLIB = @RANLIB@ -+SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@ -+SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@ -+SED = @SED@ -+SEFS_CFLAGS = @SEFS_CFLAGS@ -+SEFS_LIB_FLAG = @SEFS_LIB_FLAG@ -+SELINUX_CFLAGS = @SELINUX_CFLAGS@ -+SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@ -+SET_MAKE = @SET_MAKE@ -+SHELL = @SHELL@ -+SQLITE3_CFLAGS = @SQLITE3_CFLAGS@ -+SQLITE3_LIBS = @SQLITE3_LIBS@ -+STRIP = @STRIP@ -+SWIG = @SWIG@ -+SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@ -+SWIG_JAVA_OPT = @SWIG_JAVA_OPT@ -+SWIG_LIB = @SWIG_LIB@ -+SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@ -+SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@ -+SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@ -+SWIG_TCL_OPT = @SWIG_TCL_OPT@ -+TCLSH_PROG = @TCLSH_PROG@ -+TCL_AUTOPATH = @TCL_AUTOPATH@ -+TCL_BIN_DIR = @TCL_BIN_DIR@ -+TCL_DEFS = @TCL_DEFS@ -+TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@ -+TCL_INCLUDES = @TCL_INCLUDES@ -+TCL_LD_FLAGS = @TCL_LD_FLAGS@ -+TCL_LIBS = @TCL_LIBS@ -+TCL_LIB_FILE = @TCL_LIB_FILE@ -+TCL_LIB_FLAG = @TCL_LIB_FLAG@ -+TCL_LIB_SPEC = @TCL_LIB_SPEC@ -+TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@ -+TCL_SRC_DIR = @TCL_SRC_DIR@ -+TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@ -+TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@ -+TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@ -+TCL_VERSION = @TCL_VERSION@ -+TK_BIN_DIR = @TK_BIN_DIR@ -+TK_INCLUDES = @TK_INCLUDES@ -+TK_LIBS = @TK_LIBS@ -+TK_LIB_FILE = @TK_LIB_FILE@ -+TK_LIB_FLAG = @TK_LIB_FLAG@ -+TK_LIB_SPEC = @TK_LIB_SPEC@ -+TK_SRC_DIR = @TK_SRC_DIR@ -+TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@ -+TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@ -+TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@ -+TK_VERSION = @TK_VERSION@ -+TK_XINCLUDES = @TK_XINCLUDES@ -+VERSION = @VERSION@ -+WARNCFLAGS = @WARNCFLAGS@ -+WARNCXXFLAGS = @WARNCXXFLAGS@ -+WARNJFLAGS = @WARNJFLAGS@ -+WARNLDFLAGS = @WARNLDFLAGS@ -+WISH_PROG = @WISH_PROG@ -+XMKMF = @XMKMF@ -+XML_CFLAGS = @XML_CFLAGS@ -+XML_LIBS = @XML_LIBS@ -+YACC = @YACC@ -+YFLAGS = @YFLAGS@ -+abs_builddir = @abs_builddir@ -+abs_srcdir = @abs_srcdir@ -+abs_top_builddir = @abs_top_builddir@ -+abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_CC = @ac_ct_CC@ -+ac_ct_CXX = @ac_ct_CXX@ -+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -+am__include = @am__include@ -+am__leading_dot = @am__leading_dot@ -+am__quote = @am__quote@ -+am__tar = @am__tar@ -+am__untar = @am__untar@ -+bindir = @bindir@ -+build = @build@ -+build_alias = @build_alias@ -+build_cpu = @build_cpu@ -+build_os = @build_os@ -+build_vendor = @build_vendor@ -+builddir = @builddir@ -+datadir = @datadir@ -+datarootdir = @datarootdir@ -+docdir = @docdir@ -+dvidir = @dvidir@ -+exec_prefix = @exec_prefix@ -+has_pkg_config = @has_pkg_config@ -+host = @host@ -+host_alias = @host_alias@ -+host_cpu = @host_cpu@ -+host_os = @host_os@ -+host_vendor = @host_vendor@ -+htmldir = @htmldir@ -+includedir = @includedir@ -+infodir = @infodir@ -+install_sh = @install_sh@ -+javadir = @javadir@ -+libapol_jswig_soname = @libapol_jswig_soname@ -+libapol_pyswig_soname = @libapol_pyswig_soname@ -+libapol_soname = @libapol_soname@ -+libapol_soversion = @libapol_soversion@ -+libapol_tswig_soname = @libapol_tswig_soname@ -+libapol_version = @libapol_version@ -+libdir = @libdir@ -+libexecdir = @libexecdir@ -+libpoldiff_jswig_soname = @libpoldiff_jswig_soname@ -+libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@ -+libpoldiff_soname = @libpoldiff_soname@ -+libpoldiff_soversion = @libpoldiff_soversion@ -+libpoldiff_tswig_soname = @libpoldiff_tswig_soname@ -+libpoldiff_version = @libpoldiff_version@ -+libqpol_jswig_soname = @libqpol_jswig_soname@ -+libqpol_pyswig_soname = @libqpol_pyswig_soname@ -+libqpol_soname = @libqpol_soname@ -+libqpol_soversion = @libqpol_soversion@ -+libqpol_tswig_soname = @libqpol_tswig_soname@ -+libqpol_version = @libqpol_version@ -+libseaudit_jswig_soname = @libseaudit_jswig_soname@ -+libseaudit_pyswig_soname = @libseaudit_pyswig_soname@ -+libseaudit_soname = @libseaudit_soname@ -+libseaudit_soversion = @libseaudit_soversion@ -+libseaudit_tswig_soname = @libseaudit_tswig_soname@ -+libseaudit_version = @libseaudit_version@ -+libsefs_jswig_soname = @libsefs_jswig_soname@ -+libsefs_pyswig_soname = @libsefs_pyswig_soname@ -+libsefs_soname = @libsefs_soname@ -+libsefs_soversion = @libsefs_soversion@ -+libsefs_tswig_soname = @libsefs_tswig_soname@ -+libsefs_version = @libsefs_version@ -+localedir = @localedir@ -+localstatedir = @localstatedir@ -+lt_ECHO = @lt_ECHO@ -+mandir = @mandir@ -+mkdir_p = @mkdir_p@ -+oldincludedir = @oldincludedir@ -+pdfdir = @pdfdir@ -+pkgpyexecdir = @pkgpyexecdir@ -+pkgpythondir = @pkgpythondir@ -+prefix = @prefix@ -+profile_install_dir = @profile_install_dir@ -+program_transform_name = @program_transform_name@ -+psdir = @psdir@ -+pyexecdir = @pyexecdir@ -+pythondir = @pythondir@ -+sbindir = @sbindir@ -+selinux_default_policy = @selinux_default_policy@ -+selinux_policy_dir = @selinux_policy_dir@ -+sepol_srcdir = @sepol_srcdir@ -+setoolsdir = @setoolsdir@ -+sharedstatedir = @sharedstatedir@ -+srcdir = @srcdir@ -+sysconfdir = @sysconfdir@ -+target_alias = @target_alias@ -+top_build_prefix = @top_build_prefix@ -+top_builddir = @top_builddir@ -+top_srcdir = @top_srcdir@ -+uudecode = @uudecode@ -+SUBDIRS = setools -+all: all-recursive -+ -+.SUFFIXES: -+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) -+ @for dep in $?; do \ -+ case '$(am__configure_deps)' in \ -+ *$$dep*) \ -+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ -+ && { if test -f $@; then exit 0; else break; fi; }; \ -+ exit 1;; \ -+ esac; \ -+ done; \ -+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/Makefile'; \ -+ $(am__cd) $(top_srcdir) && \ -+ $(AUTOMAKE) --gnu python/Makefile -+.PRECIOUS: Makefile -+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status -+ @case '$?' in \ -+ *config.status*) \ -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ -+ *) \ -+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ -+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ -+ esac; -+ -+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -+ -+$(top_srcdir)/configure: $(am__configure_deps) -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -+$(ACLOCAL_M4): $(am__aclocal_m4_deps) -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -+$(am__aclocal_m4_deps): -+ -+mostlyclean-libtool: -+ -rm -f *.lo -+ -+clean-libtool: -+ -rm -rf .libs _libs -+ -+# This directory's subdirectories are mostly independent; you can cd -+# into them and run `make' without going through this Makefile. -+# To change the values of `make' variables: instead of editing Makefiles, -+# (1) if the variable is set in `config.status', edit `config.status' -+# (which will cause the Makefiles to be regenerated when you run `make'); -+# (2) otherwise, pass the desired values on the `make' command line. -+$(RECURSIVE_TARGETS): -+ @fail= failcom='exit 1'; \ -+ for f in x $$MAKEFLAGS; do \ -+ case $$f in \ -+ *=* | --[!k]*);; \ -+ *k*) failcom='fail=yes';; \ -+ esac; \ -+ done; \ -+ dot_seen=no; \ -+ target=`echo $@ | sed s/-recursive//`; \ -+ list='$(SUBDIRS)'; for subdir in $$list; do \ -+ echo "Making $$target in $$subdir"; \ -+ if test "$$subdir" = "."; then \ -+ dot_seen=yes; \ -+ local_target="$$target-am"; \ -+ else \ -+ local_target="$$target"; \ -+ fi; \ -+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ -+ || eval $$failcom; \ -+ done; \ -+ if test "$$dot_seen" = "no"; then \ -+ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ -+ fi; test -z "$$fail" -+ -+$(RECURSIVE_CLEAN_TARGETS): -+ @fail= failcom='exit 1'; \ -+ for f in x $$MAKEFLAGS; do \ -+ case $$f in \ -+ *=* | --[!k]*);; \ -+ *k*) failcom='fail=yes';; \ -+ esac; \ -+ done; \ -+ dot_seen=no; \ -+ case "$@" in \ -+ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ -+ *) list='$(SUBDIRS)' ;; \ -+ esac; \ -+ rev=''; for subdir in $$list; do \ -+ if test "$$subdir" = "."; then :; else \ -+ rev="$$subdir $$rev"; \ -+ fi; \ -+ done; \ -+ rev="$$rev ."; \ -+ target=`echo $@ | sed s/-recursive//`; \ -+ for subdir in $$rev; do \ -+ echo "Making $$target in $$subdir"; \ -+ if test "$$subdir" = "."; then \ -+ local_target="$$target-am"; \ -+ else \ -+ local_target="$$target"; \ -+ fi; \ -+ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ -+ || eval $$failcom; \ -+ done && test -z "$$fail" -+tags-recursive: -+ list='$(SUBDIRS)'; for subdir in $$list; do \ -+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) tags); \ -+ done -+ctags-recursive: -+ list='$(SUBDIRS)'; for subdir in $$list; do \ -+ test "$$subdir" = . || ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) ctags); \ -+ done -+ -+ID: $(HEADERS) $(SOURCES) $(LISP) $(TAGS_FILES) -+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | \ -+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ mkid -fID $$unique -+tags: TAGS -+ -+TAGS: tags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -+ $(TAGS_FILES) $(LISP) -+ set x; \ -+ here=`pwd`; \ -+ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ -+ include_option=--etags-include; \ -+ empty_fix=.; \ -+ else \ -+ include_option=--include; \ -+ empty_fix=; \ -+ fi; \ -+ list='$(SUBDIRS)'; for subdir in $$list; do \ -+ if test "$$subdir" = .; then :; else \ -+ test ! -f $$subdir/TAGS || \ -+ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ -+ fi; \ -+ done; \ -+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | \ -+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ shift; \ -+ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ -+ test -n "$$unique" || unique=$$empty_fix; \ -+ if test $$# -gt 0; then \ -+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ -+ "$$@" $$unique; \ -+ else \ -+ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ -+ $$unique; \ -+ fi; \ -+ fi -+ctags: CTAGS -+CTAGS: ctags-recursive $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ -+ $(TAGS_FILES) $(LISP) -+ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ -+ unique=`for i in $$list; do \ -+ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ -+ done | \ -+ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ -+ END { if (nonempty) { for (i in files) print i; }; }'`; \ -+ test -z "$(CTAGS_ARGS)$$unique" \ -+ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ -+ $$unique -+ -+GTAGS: -+ here=`$(am__cd) $(top_builddir) && pwd` \ -+ && $(am__cd) $(top_srcdir) \ -+ && gtags -i $(GTAGS_ARGS) "$$here" -+ -+distclean-tags: -+ -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags -+ -+distdir: $(DISTFILES) -+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ -+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ -+ list='$(DISTFILES)'; \ -+ dist_files=`for file in $$list; do echo $$file; done | \ -+ sed -e "s|^$$srcdirstrip/||;t" \ -+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ -+ case $$dist_files in \ -+ */*) $(MKDIR_P) `echo "$$dist_files" | \ -+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ -+ sort -u` ;; \ -+ esac; \ -+ for file in $$dist_files; do \ -+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ -+ if test -d $$d/$$file; then \ -+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ -+ if test -d "$(distdir)/$$file"; then \ -+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ -+ fi; \ -+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ -+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ -+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ -+ fi; \ -+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ -+ else \ -+ test -f "$(distdir)/$$file" \ -+ || cp -p $$d/$$file "$(distdir)/$$file" \ -+ || exit 1; \ -+ fi; \ -+ done -+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ -+ if test "$$subdir" = .; then :; else \ -+ test -d "$(distdir)/$$subdir" \ -+ || $(MKDIR_P) "$(distdir)/$$subdir" \ -+ || exit 1; \ -+ fi; \ -+ done -+ @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ -+ if test "$$subdir" = .; then :; else \ -+ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ -+ $(am__relativize); \ -+ new_distdir=$$reldir; \ -+ dir1=$$subdir; dir2="$(top_distdir)"; \ -+ $(am__relativize); \ -+ new_top_distdir=$$reldir; \ -+ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ -+ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ -+ ($(am__cd) $$subdir && \ -+ $(MAKE) $(AM_MAKEFLAGS) \ -+ top_distdir="$$new_top_distdir" \ -+ distdir="$$new_distdir" \ -+ am__remove_distdir=: \ -+ am__skip_length_check=: \ -+ am__skip_mode_fix=: \ -+ distdir) \ -+ || exit 1; \ -+ fi; \ -+ done -+check-am: all-am -+check: check-recursive -+all-am: Makefile -+installdirs: installdirs-recursive -+installdirs-am: -+install: install-recursive -+install-exec: install-exec-recursive -+install-data: install-data-recursive -+uninstall: uninstall-recursive -+ -+install-am: all-am -+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -+ -+installcheck: installcheck-recursive -+install-strip: -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ `test -z '$(STRIP)' || \ -+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+mostlyclean-generic: -+ -+clean-generic: -+ -+distclean-generic: -+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -+ -+maintainer-clean-generic: -+ @echo "This command is intended for maintainers to use" -+ @echo "it deletes files that may require special tools to rebuild." -+clean: clean-recursive -+ -+clean-am: clean-generic clean-libtool mostlyclean-am -+ -+distclean: distclean-recursive -+ -rm -f Makefile -+distclean-am: clean-am distclean-generic distclean-tags -+ -+dvi: dvi-recursive -+ -+dvi-am: -+ -+html: html-recursive -+ -+html-am: -+ -+info: info-recursive -+ -+info-am: -+ -+install-data-am: -+ -+install-dvi: install-dvi-recursive -+ -+install-dvi-am: -+ -+install-exec-am: -+ -+install-html: install-html-recursive -+ -+install-html-am: -+ -+install-info: install-info-recursive -+ -+install-info-am: -+ -+install-man: -+ -+install-pdf: install-pdf-recursive -+ -+install-pdf-am: -+ -+install-ps: install-ps-recursive -+ -+install-ps-am: -+ -+installcheck-am: -+ -+maintainer-clean: maintainer-clean-recursive -+ -rm -f Makefile -+maintainer-clean-am: distclean-am maintainer-clean-generic -+ -+mostlyclean: mostlyclean-recursive -+ -+mostlyclean-am: mostlyclean-generic mostlyclean-libtool -+ -+pdf: pdf-recursive -+ -+pdf-am: -+ -+ps: ps-recursive -+ -+ps-am: -+ -+uninstall-am: -+ -+.MAKE: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) ctags-recursive \ -+ install-am install-strip tags-recursive -+ -+.PHONY: $(RECURSIVE_CLEAN_TARGETS) $(RECURSIVE_TARGETS) CTAGS GTAGS \ -+ all all-am check check-am clean clean-generic clean-libtool \ -+ ctags ctags-recursive distclean distclean-generic \ -+ distclean-libtool distclean-tags distdir dvi dvi-am html \ -+ html-am info info-am install install-am install-data \ -+ install-data-am install-dvi install-dvi-am install-exec \ -+ install-exec-am install-html install-html-am install-info \ -+ install-info-am install-man install-pdf install-pdf-am \ -+ install-ps install-ps-am install-strip installcheck \ -+ installcheck-am installdirs installdirs-am maintainer-clean \ -+ maintainer-clean-generic mostlyclean mostlyclean-generic \ -+ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-recursive \ -+ uninstall uninstall-am -+ -+ -+# Tell versions [3.59,3.63) of GNU make to not export all variables. -+# Otherwise a system limit (for SysV at least) may be exceeded. -+.NOEXPORT: -diff -up setools-3.3.7/python/setools/__init__.py.python setools-3.3.7/python/setools/__init__.py ---- setools-3.3.7/python/setools/__init__.py.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/setools/__init__.py 2010-10-14 14:31:06.000000000 -0400 -@@ -0,0 +1,50 @@ -+#!/usr/bin/env python -+ -+# Author: Thomas Liu -+ -+import _sesearch -+import _seinfo -+import types -+ -+TYPE = _seinfo.TYPE -+ROLE = _seinfo.ROLE -+ATTRIBUTE = _seinfo.ATTRIBUTE -+PORT = _seinfo.PORT -+USER = _seinfo.USER -+ -+ALLOW = 'allow' -+AUDITALLOW = 'auditallow' -+NEVERALLOW = 'neverallow' -+DONTAUDIT = 'dontaudit' -+SCONTEXT = 'scontext' -+TCONTEXT = 'tcontext' -+PERMS = 'permlist' -+CLASS = 'class' -+ -+def sesearch(types, info): -+ valid_types = [ALLOW, AUDITALLOW, NEVERALLOW, DONTAUDIT] -+ for type in types: -+ if type not in valid_types: -+ raise ValueError("Type has to be in %s" % valid_types) -+ info[type] = True -+ -+ perms = [] -+ if PERMS in info: -+ perms = info[PERMS] -+ info[PERMS] = ",".join(info[PERMS]) -+ -+ -+ dict_list = _sesearch.sesearch(info) -+ if dict_list and len(perms) != 0: -+ dict_list = filter(lambda x: dict_has_perms(x, perms), dict_list) -+ return dict_list -+ -+def dict_has_perms(dict, perms): -+ for perm in perms: -+ if perm not in dict[PERMS]: -+ return False -+ return True -+ -+def seinfo(setype, name=None): -+ dict_list = _seinfo.seinfo(setype, name) -+ return dict_list -diff -up setools-3.3.7/python/setools/Makefile.am.python setools-3.3.7/python/setools/Makefile.am ---- setools-3.3.7/python/setools/Makefile.am.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/setools/Makefile.am 2010-07-30 15:02:10.000000000 -0400 -@@ -0,0 +1,36 @@ -+EXTRA_DIST = \ -+ sesearch.c \ -+ seinfo.c \ -+ __init__.py \ -+ setup.py \ -+ $(NULL) -+ -+AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ -+ @QPOL_CFLAGS@ @APOL_CFLAGS@ -+AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ -+ @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEFS_CFLAGS@ -+AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ -+ -+LDADD = @SELINUX_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ -+DEPENDENCIES = $(top_builddir)/libapol/src/libapol.so $(top_builddir)/libqpol/src/libqpol.so -+all-am: python-build -+ -+seinfo_SOURCES = seinfo.c -+ -+sesearch_SOURCES = sesearch.c -+ -+python-build: sesearch.c seinfo.c -+ @mkdir -p setools -+ @cp __init__.py setools -+ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build -+ -+install-exec-hook: -+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -+ -+uninstall-hook: -+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -+ -+clean-local: -+ $(PYTHON) setup.py clean -a -+ rm -f *~ -+ -diff -up setools-3.3.7/python/setools/Makefile.in.python setools-3.3.7/python/setools/Makefile.in ---- setools-3.3.7/python/setools/Makefile.in.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/setools/Makefile.in 2010-07-30 15:02:46.000000000 -0400 -@@ -0,0 +1,550 @@ -+# Makefile.in generated by automake 1.11.1 from Makefile.am. -+# @configure_input@ -+ -+# Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -+# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, -+# Inc. -+# This Makefile.in is free software; the Free Software Foundation -+# gives unlimited permission to copy and/or distribute it, -+# with or without modifications, as long as this notice is preserved. -+ -+# This program is distributed in the hope that it will be useful, -+# but WITHOUT ANY WARRANTY, to the extent permitted by law; without -+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A -+# PARTICULAR PURPOSE. -+ -+@SET_MAKE@ -+VPATH = @srcdir@ -+pkgdatadir = $(datadir)/@PACKAGE@ -+pkgincludedir = $(includedir)/@PACKAGE@ -+pkglibdir = $(libdir)/@PACKAGE@ -+pkglibexecdir = $(libexecdir)/@PACKAGE@ -+am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd -+install_sh_DATA = $(install_sh) -c -m 644 -+install_sh_PROGRAM = $(install_sh) -c -+install_sh_SCRIPT = $(install_sh) -c -+INSTALL_HEADER = $(INSTALL_DATA) -+transform = $(program_transform_name) -+NORMAL_INSTALL = : -+PRE_INSTALL = : -+POST_INSTALL = : -+NORMAL_UNINSTALL = : -+PRE_UNINSTALL = : -+POST_UNINSTALL = : -+build_triplet = @build@ -+host_triplet = @host@ -+subdir = python/setools -+DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in -+ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -+am__aclocal_m4_deps = $(top_srcdir)/m4/ac_check_classpath.m4 \ -+ $(top_srcdir)/m4/ac_java_options.m4 \ -+ $(top_srcdir)/m4/ac_pkg_swig.m4 \ -+ $(top_srcdir)/m4/ac_prog_jar.m4 \ -+ $(top_srcdir)/m4/ac_prog_java.m4 \ -+ $(top_srcdir)/m4/ac_prog_java_works.m4 \ -+ $(top_srcdir)/m4/ac_prog_javac.m4 \ -+ $(top_srcdir)/m4/ac_prog_javac_works.m4 \ -+ $(top_srcdir)/m4/ac_python_devel.m4 $(top_srcdir)/m4/c.m4 \ -+ $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ -+ $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ -+ $(top_srcdir)/m4/lt~obsolete.m4 \ -+ $(top_srcdir)/m4/swig_python.m4 $(top_srcdir)/m4/tcl.m4 \ -+ $(top_srcdir)/configure.ac -+am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ -+ $(ACLOCAL_M4) -+mkinstalldirs = $(install_sh) -d -+CONFIG_HEADER = $(top_builddir)/config.h -+CONFIG_CLEAN_FILES = -+CONFIG_CLEAN_VPATH_FILES = -+SOURCES = -+DIST_SOURCES = -+DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) -+ACLOCAL = @ACLOCAL@ -+AMTAR = @AMTAR@ -+APOL_CFLAGS = @APOL_CFLAGS@ -+APOL_LIB_FLAG = @APOL_LIB_FLAG@ -+AR = @AR@ -+AUTOCONF = @AUTOCONF@ -+AUTOHEADER = @AUTOHEADER@ -+AUTOMAKE = @AUTOMAKE@ -+AWK = @AWK@ -+BWIDGET_DESTDIR = @BWIDGET_DESTDIR@ -+CC = @CC@ -+CCDEPMODE = @CCDEPMODE@ -+CFLAGS = @CFLAGS@ -+CPP = @CPP@ -+CPPFLAGS = @CPPFLAGS@ -+CUNIT_LIB_FLAG = @CUNIT_LIB_FLAG@ -+CXX = @CXX@ -+CXXCPP = @CXXCPP@ -+CXXDEPMODE = @CXXDEPMODE@ -+CXXFLAGS = @CXXFLAGS@ -+CYGPATH = @CYGPATH@ -+CYGPATH_W = @CYGPATH_W@ -+DEBUGCFLAGS = @DEBUGCFLAGS@ -+DEBUGCXXFLAGS = @DEBUGCXXFLAGS@ -+DEBUGJFLAGS = @DEBUGJFLAGS@ -+DEBUGLDFLAGS = @DEBUGLDFLAGS@ -+DEFS = @DEFS@ -+DEPDIR = @DEPDIR@ -+DSYMUTIL = @DSYMUTIL@ -+DUMPBIN = @DUMPBIN@ -+ECHO_C = @ECHO_C@ -+ECHO_N = @ECHO_N@ -+ECHO_T = @ECHO_T@ -+EGREP = @EGREP@ -+EXEEXT = @EXEEXT@ -+FGREP = @FGREP@ -+GLADE_CFLAGS = @GLADE_CFLAGS@ -+GLADE_LIBS = @GLADE_LIBS@ -+GREP = @GREP@ -+GTHREAD_CFLAGS = @GTHREAD_CFLAGS@ -+GTHREAD_LIBS = @GTHREAD_LIBS@ -+GTK_CFLAGS = @GTK_CFLAGS@ -+GTK_LIBS = @GTK_LIBS@ -+INSTALL = @INSTALL@ -+INSTALL_DATA = @INSTALL_DATA@ -+INSTALL_PROGRAM = @INSTALL_PROGRAM@ -+INSTALL_SCRIPT = @INSTALL_SCRIPT@ -+INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -+JAR = @JAR@ -+JAVA = @JAVA@ -+JAVAC = @JAVAC@ -+JAVACFLAGS = @JAVACFLAGS@ -+JAVAFLAGS = @JAVAFLAGS@ -+JAVAPREFIX = @JAVAPREFIX@ -+LD = @LD@ -+LDFLAGS = @LDFLAGS@ -+LEX = @LEX@ -+LEXLIB = @LEXLIB@ -+LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -+LIBOBJS = @LIBOBJS@ -+LIBS = @LIBS@ -+LIBTOOL = @LIBTOOL@ -+LIPO = @LIPO@ -+LN_S = @LN_S@ -+LTLIBOBJS = @LTLIBOBJS@ -+MAKEINFO = @MAKEINFO@ -+MKDIR_P = @MKDIR_P@ -+NM = @NM@ -+NMEDIT = @NMEDIT@ -+OBJDUMP = @OBJDUMP@ -+OBJEXT = @OBJEXT@ -+OTOOL = @OTOOL@ -+OTOOL64 = @OTOOL64@ -+PACKAGE = @PACKAGE@ -+PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ -+PACKAGE_NAME = @PACKAGE_NAME@ -+PACKAGE_STRING = @PACKAGE_STRING@ -+PACKAGE_TARNAME = @PACKAGE_TARNAME@ -+PACKAGE_URL = @PACKAGE_URL@ -+PACKAGE_VERSION = @PACKAGE_VERSION@ -+PATH_SEPARATOR = @PATH_SEPARATOR@ -+PIXBUF_CFLAGS = @PIXBUF_CFLAGS@ -+PIXBUF_LIBS = @PIXBUF_LIBS@ -+PKG_CFLAGS = @PKG_CFLAGS@ -+PKG_HEADERS = @PKG_HEADERS@ -+PKG_INCLUDES = @PKG_INCLUDES@ -+PKG_LIBS = @PKG_LIBS@ -+PKG_LIB_FILE = @PKG_LIB_FILE@ -+PKG_STUB_LIB_FILE = @PKG_STUB_LIB_FILE@ -+PKG_STUB_OBJECTS = @PKG_STUB_OBJECTS@ -+PKG_STUB_SOURCES = @PKG_STUB_SOURCES@ -+PKG_TCL_SOURCES = @PKG_TCL_SOURCES@ -+POLDIFF_CFLAGS = @POLDIFF_CFLAGS@ -+POLDIFF_LIB_FLAG = @POLDIFF_LIB_FLAG@ -+PROFILECFLAGS = @PROFILECFLAGS@ -+PROFILELDFLAGS = @PROFILELDFLAGS@ -+PYTHON = @PYTHON@ -+PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ -+PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ -+PYTHON_EXTRA_LDFLAGS = @PYTHON_EXTRA_LDFLAGS@ -+PYTHON_EXTRA_LIBS = @PYTHON_EXTRA_LIBS@ -+PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ -+PYTHON_PLATFORM = @PYTHON_PLATFORM@ -+PYTHON_PREFIX = @PYTHON_PREFIX@ -+PYTHON_SITE_PKG = @PYTHON_SITE_PKG@ -+PYTHON_VERSION = @PYTHON_VERSION@ -+QPOL_CFLAGS = @QPOL_CFLAGS@ -+QPOL_LIB_FLAG = @QPOL_LIB_FLAG@ -+RANLIB = @RANLIB@ -+SEAUDIT_CFLAGS = @SEAUDIT_CFLAGS@ -+SEAUDIT_LIB_FLAG = @SEAUDIT_LIB_FLAG@ -+SED = @SED@ -+SEFS_CFLAGS = @SEFS_CFLAGS@ -+SEFS_LIB_FLAG = @SEFS_LIB_FLAG@ -+SELINUX_CFLAGS = @SELINUX_CFLAGS@ -+SELINUX_LIB_FLAG = @SELINUX_LIB_FLAG@ -+SET_MAKE = @SET_MAKE@ -+SHELL = @SHELL@ -+SQLITE3_CFLAGS = @SQLITE3_CFLAGS@ -+SQLITE3_LIBS = @SQLITE3_LIBS@ -+STRIP = @STRIP@ -+SWIG = @SWIG@ -+SWIG_JAVA_CFLAGS = @SWIG_JAVA_CFLAGS@ -+SWIG_JAVA_OPT = @SWIG_JAVA_OPT@ -+SWIG_LIB = @SWIG_LIB@ -+SWIG_PYTHON_CPPFLAGS = @SWIG_PYTHON_CPPFLAGS@ -+SWIG_PYTHON_OPT = @SWIG_PYTHON_OPT@ -+SWIG_TCL_CFLAGS = @SWIG_TCL_CFLAGS@ -+SWIG_TCL_OPT = @SWIG_TCL_OPT@ -+TCLSH_PROG = @TCLSH_PROG@ -+TCL_AUTOPATH = @TCL_AUTOPATH@ -+TCL_BIN_DIR = @TCL_BIN_DIR@ -+TCL_DEFS = @TCL_DEFS@ -+TCL_EXTRA_CFLAGS = @TCL_EXTRA_CFLAGS@ -+TCL_INCLUDES = @TCL_INCLUDES@ -+TCL_LD_FLAGS = @TCL_LD_FLAGS@ -+TCL_LIBS = @TCL_LIBS@ -+TCL_LIB_FILE = @TCL_LIB_FILE@ -+TCL_LIB_FLAG = @TCL_LIB_FLAG@ -+TCL_LIB_SPEC = @TCL_LIB_SPEC@ -+TCL_SHLIB_LD_LIBS = @TCL_SHLIB_LD_LIBS@ -+TCL_SRC_DIR = @TCL_SRC_DIR@ -+TCL_STUB_LIB_FILE = @TCL_STUB_LIB_FILE@ -+TCL_STUB_LIB_FLAG = @TCL_STUB_LIB_FLAG@ -+TCL_STUB_LIB_SPEC = @TCL_STUB_LIB_SPEC@ -+TCL_VERSION = @TCL_VERSION@ -+TK_BIN_DIR = @TK_BIN_DIR@ -+TK_INCLUDES = @TK_INCLUDES@ -+TK_LIBS = @TK_LIBS@ -+TK_LIB_FILE = @TK_LIB_FILE@ -+TK_LIB_FLAG = @TK_LIB_FLAG@ -+TK_LIB_SPEC = @TK_LIB_SPEC@ -+TK_SRC_DIR = @TK_SRC_DIR@ -+TK_STUB_LIB_FILE = @TK_STUB_LIB_FILE@ -+TK_STUB_LIB_FLAG = @TK_STUB_LIB_FLAG@ -+TK_STUB_LIB_SPEC = @TK_STUB_LIB_SPEC@ -+TK_VERSION = @TK_VERSION@ -+TK_XINCLUDES = @TK_XINCLUDES@ -+VERSION = @VERSION@ -+WARNCFLAGS = @WARNCFLAGS@ -+WARNCXXFLAGS = @WARNCXXFLAGS@ -+WARNJFLAGS = @WARNJFLAGS@ -+WARNLDFLAGS = @WARNLDFLAGS@ -+WISH_PROG = @WISH_PROG@ -+XMKMF = @XMKMF@ -+XML_CFLAGS = @XML_CFLAGS@ -+XML_LIBS = @XML_LIBS@ -+YACC = @YACC@ -+YFLAGS = @YFLAGS@ -+abs_builddir = @abs_builddir@ -+abs_srcdir = @abs_srcdir@ -+abs_top_builddir = @abs_top_builddir@ -+abs_top_srcdir = @abs_top_srcdir@ -+ac_ct_CC = @ac_ct_CC@ -+ac_ct_CXX = @ac_ct_CXX@ -+ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ -+am__include = @am__include@ -+am__leading_dot = @am__leading_dot@ -+am__quote = @am__quote@ -+am__tar = @am__tar@ -+am__untar = @am__untar@ -+bindir = @bindir@ -+build = @build@ -+build_alias = @build_alias@ -+build_cpu = @build_cpu@ -+build_os = @build_os@ -+build_vendor = @build_vendor@ -+builddir = @builddir@ -+datadir = @datadir@ -+datarootdir = @datarootdir@ -+docdir = @docdir@ -+dvidir = @dvidir@ -+exec_prefix = @exec_prefix@ -+has_pkg_config = @has_pkg_config@ -+host = @host@ -+host_alias = @host_alias@ -+host_cpu = @host_cpu@ -+host_os = @host_os@ -+host_vendor = @host_vendor@ -+htmldir = @htmldir@ -+includedir = @includedir@ -+infodir = @infodir@ -+install_sh = @install_sh@ -+javadir = @javadir@ -+libapol_jswig_soname = @libapol_jswig_soname@ -+libapol_pyswig_soname = @libapol_pyswig_soname@ -+libapol_soname = @libapol_soname@ -+libapol_soversion = @libapol_soversion@ -+libapol_tswig_soname = @libapol_tswig_soname@ -+libapol_version = @libapol_version@ -+libdir = @libdir@ -+libexecdir = @libexecdir@ -+libpoldiff_jswig_soname = @libpoldiff_jswig_soname@ -+libpoldiff_pyswig_soname = @libpoldiff_pyswig_soname@ -+libpoldiff_soname = @libpoldiff_soname@ -+libpoldiff_soversion = @libpoldiff_soversion@ -+libpoldiff_tswig_soname = @libpoldiff_tswig_soname@ -+libpoldiff_version = @libpoldiff_version@ -+libqpol_jswig_soname = @libqpol_jswig_soname@ -+libqpol_pyswig_soname = @libqpol_pyswig_soname@ -+libqpol_soname = @libqpol_soname@ -+libqpol_soversion = @libqpol_soversion@ -+libqpol_tswig_soname = @libqpol_tswig_soname@ -+libqpol_version = @libqpol_version@ -+libseaudit_jswig_soname = @libseaudit_jswig_soname@ -+libseaudit_pyswig_soname = @libseaudit_pyswig_soname@ -+libseaudit_soname = @libseaudit_soname@ -+libseaudit_soversion = @libseaudit_soversion@ -+libseaudit_tswig_soname = @libseaudit_tswig_soname@ -+libseaudit_version = @libseaudit_version@ -+libsefs_jswig_soname = @libsefs_jswig_soname@ -+libsefs_pyswig_soname = @libsefs_pyswig_soname@ -+libsefs_soname = @libsefs_soname@ -+libsefs_soversion = @libsefs_soversion@ -+libsefs_tswig_soname = @libsefs_tswig_soname@ -+libsefs_version = @libsefs_version@ -+localedir = @localedir@ -+localstatedir = @localstatedir@ -+lt_ECHO = @lt_ECHO@ -+mandir = @mandir@ -+mkdir_p = @mkdir_p@ -+oldincludedir = @oldincludedir@ -+pdfdir = @pdfdir@ -+pkgpyexecdir = @pkgpyexecdir@ -+pkgpythondir = @pkgpythondir@ -+prefix = @prefix@ -+profile_install_dir = @profile_install_dir@ -+program_transform_name = @program_transform_name@ -+psdir = @psdir@ -+pyexecdir = @pyexecdir@ -+pythondir = @pythondir@ -+sbindir = @sbindir@ -+selinux_default_policy = @selinux_default_policy@ -+selinux_policy_dir = @selinux_policy_dir@ -+sepol_srcdir = @sepol_srcdir@ -+setoolsdir = @setoolsdir@ -+sharedstatedir = @sharedstatedir@ -+srcdir = @srcdir@ -+sysconfdir = @sysconfdir@ -+target_alias = @target_alias@ -+top_build_prefix = @top_build_prefix@ -+top_builddir = @top_builddir@ -+top_srcdir = @top_srcdir@ -+uudecode = @uudecode@ -+EXTRA_DIST = \ -+ sesearch.c \ -+ seinfo.c \ -+ __init__.py \ -+ setup.py \ -+ $(NULL) -+ -+AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ -+ @QPOL_CFLAGS@ @APOL_CFLAGS@ -+ -+AM_CXXFLAGS = @DEBUGCXXFLAGS@ @WARNCXXFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ -+ @QPOL_CFLAGS@ @APOL_CFLAGS@ @SEFS_CFLAGS@ -+ -+AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ -+LDADD = @SELINUX_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ -+DEPENDENCIES = $(top_builddir)/libapol/src/libapol.so $(top_builddir)/libqpol/src/libqpol.so -+seinfo_SOURCES = seinfo.c -+sesearch_SOURCES = sesearch.c -+all: all-am -+ -+.SUFFIXES: -+$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) -+ @for dep in $?; do \ -+ case '$(am__configure_deps)' in \ -+ *$$dep*) \ -+ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ -+ && { if test -f $@; then exit 0; else break; fi; }; \ -+ exit 1;; \ -+ esac; \ -+ done; \ -+ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu python/setools/Makefile'; \ -+ $(am__cd) $(top_srcdir) && \ -+ $(AUTOMAKE) --gnu python/setools/Makefile -+.PRECIOUS: Makefile -+Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status -+ @case '$?' in \ -+ *config.status*) \ -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ -+ *) \ -+ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ -+ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ -+ esac; -+ -+$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -+ -+$(top_srcdir)/configure: $(am__configure_deps) -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -+$(ACLOCAL_M4): $(am__aclocal_m4_deps) -+ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh -+$(am__aclocal_m4_deps): -+ -+mostlyclean-libtool: -+ -rm -f *.lo -+ -+clean-libtool: -+ -rm -rf .libs _libs -+tags: TAGS -+TAGS: -+ -+ctags: CTAGS -+CTAGS: -+ -+ -+distdir: $(DISTFILES) -+ @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ -+ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ -+ list='$(DISTFILES)'; \ -+ dist_files=`for file in $$list; do echo $$file; done | \ -+ sed -e "s|^$$srcdirstrip/||;t" \ -+ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ -+ case $$dist_files in \ -+ */*) $(MKDIR_P) `echo "$$dist_files" | \ -+ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ -+ sort -u` ;; \ -+ esac; \ -+ for file in $$dist_files; do \ -+ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ -+ if test -d $$d/$$file; then \ -+ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ -+ if test -d "$(distdir)/$$file"; then \ -+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ -+ fi; \ -+ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ -+ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ -+ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ -+ fi; \ -+ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ -+ else \ -+ test -f "$(distdir)/$$file" \ -+ || cp -p $$d/$$file "$(distdir)/$$file" \ -+ || exit 1; \ -+ fi; \ -+ done -+check-am: all-am -+check: check-am -+all-am: Makefile -+installdirs: -+install: install-am -+install-exec: install-exec-am -+install-data: install-data-am -+uninstall: uninstall-am -+ -+install-am: all-am -+ @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -+ -+installcheck: installcheck-am -+install-strip: -+ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ -+ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ -+ `test -z '$(STRIP)' || \ -+ echo "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'"` install -+mostlyclean-generic: -+ -+clean-generic: -+ -+distclean-generic: -+ -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -+ -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) -+ -+maintainer-clean-generic: -+ @echo "This command is intended for maintainers to use" -+ @echo "it deletes files that may require special tools to rebuild." -+clean: clean-am -+ -+clean-am: clean-generic clean-libtool clean-local mostlyclean-am -+ -+distclean: distclean-am -+ -rm -f Makefile -+distclean-am: clean-am distclean-generic -+ -+dvi: dvi-am -+ -+dvi-am: -+ -+html: html-am -+ -+html-am: -+ -+info: info-am -+ -+info-am: -+ -+install-data-am: -+ -+install-dvi: install-dvi-am -+ -+install-dvi-am: -+ -+install-exec-am: -+ @$(NORMAL_INSTALL) -+ $(MAKE) $(AM_MAKEFLAGS) install-exec-hook -+install-html: install-html-am -+ -+install-html-am: -+ -+install-info: install-info-am -+ -+install-info-am: -+ -+install-man: -+ -+install-pdf: install-pdf-am -+ -+install-pdf-am: -+ -+install-ps: install-ps-am -+ -+install-ps-am: -+ -+installcheck-am: -+ -+maintainer-clean: maintainer-clean-am -+ -rm -f Makefile -+maintainer-clean-am: distclean-am maintainer-clean-generic -+ -+mostlyclean: mostlyclean-am -+ -+mostlyclean-am: mostlyclean-generic mostlyclean-libtool -+ -+pdf: pdf-am -+ -+pdf-am: -+ -+ps: ps-am -+ -+ps-am: -+ -+uninstall-am: -+ @$(NORMAL_INSTALL) -+ $(MAKE) $(AM_MAKEFLAGS) uninstall-hook -+.MAKE: install-am install-exec-am install-strip uninstall-am -+ -+.PHONY: all all-am check check-am clean clean-generic clean-libtool \ -+ clean-local distclean distclean-generic distclean-libtool \ -+ distdir dvi dvi-am html html-am info info-am install \ -+ install-am install-data install-data-am install-dvi \ -+ install-dvi-am install-exec install-exec-am install-exec-hook \ -+ install-html install-html-am install-info install-info-am \ -+ install-man install-pdf install-pdf-am install-ps \ -+ install-ps-am install-strip installcheck installcheck-am \ -+ installdirs maintainer-clean maintainer-clean-generic \ -+ mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ -+ ps ps-am uninstall uninstall-am uninstall-hook -+ -+all-am: python-build -+ -+python-build: sesearch.c seinfo.c -+ @mkdir -p setools -+ @cp __init__.py setools -+ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build -+ -+install-exec-hook: -+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -+ -+uninstall-hook: -+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -+ -+clean-local: -+ $(PYTHON) setup.py clean -a -+ rm -f *~ -+ -+# Tell versions [3.59,3.63) of GNU make to not export all variables. -+# Otherwise a system limit (for SysV at least) may be exceeded. -+.NOEXPORT: -diff -up setools-3.3.7/python/setools/seinfo.c.python setools-3.3.7/python/setools/seinfo.c ---- setools-3.3.7/python/setools/seinfo.c.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/setools/seinfo.c 2010-08-03 18:07:17.000000000 -0400 -@@ -0,0 +1,769 @@ -+/** -+ * @file -+ * Command line tool to search TE rules. -+ * -+ * @author Frank Mayer mayerf@tresys.com -+ * @author Jeremy A. Mowery jmowery@tresys.com -+ * @author Paul Rosenfeld prosenfeld@tresys.com -+ * @author Thomas Liu -+ * @author Dan Walsh -+ * -+ * Copyright (C) 2003-2008 Tresys Technology, LLC -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+/** -+ * This is a modified version of seinfo to be used as part of a library for -+ * Python bindings. -+ */ -+ -+#include "Python.h" -+ -+/* libapol */ -+#include -+#include -+#include -+#include -+#include -+ -+/* libqpol */ -+#include -+#include -+ -+/* other */ -+#include -+#include -+#include -+#include -+#include -+ -+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" -+static char *policy_file = NULL; -+ -+enum input -+{ -+ TYPE, ATTRIBUTE, ROLE, USER, PORT, -+}; -+ -+/** -+ * Gets a textual representation of an attribute, and -+ * all of that attribute's types. -+ * -+ * @param type_datum Reference to sepol type_datum -+ * @param policydb Reference to a policy -+ */ -+static PyObject* get_attr(const qpol_type_t * type_datum, const apol_policy_t * policydb) -+{ -+ int retval = -1; -+ PyObject *dict = PyDict_New(); -+ const qpol_type_t *attr_datum = NULL; -+ qpol_iterator_t *iter = NULL; -+ const char *attr_name = NULL, *type_name = NULL; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ unsigned char isattr; -+ -+ if (qpol_type_get_name(q, type_datum, &attr_name)) -+ goto cleanup; -+ PyObject *obj = PyString_FromString(attr_name); -+ PyDict_SetItemString(dict, "name", obj); -+ Py_DECREF(obj); -+ -+ /* get an iterator over all types this attribute has */ -+ if (qpol_type_get_isattr(q, type_datum, &isattr)) -+ goto cleanup; -+ if (isattr) { /* sanity check */ -+ if (qpol_type_get_type_iter(q, type_datum, &iter)) -+ goto cleanup; -+ PyObject *list = PyList_New(0); -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&attr_datum)) -+ goto cleanup; -+ if (qpol_type_get_name(q, attr_datum, &type_name)) -+ goto cleanup; -+ PyObject *obj = PyString_FromString(type_name); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ qpol_iterator_destroy(&iter); -+ PyDict_SetItemString(dict, "types", list); -+ Py_DECREF(list); -+ } else /* this should never happen */ -+ goto cleanup; -+ -+ retval = 0; -+cleanup: -+ qpol_iterator_destroy(&iter); -+ if (retval) { -+ Py_DECREF(dict); -+ return NULL; -+ } -+ return dict; -+} -+ -+/** -+ * Gets statistics regarding a policy's attributes. -+ * If this function is given a name, it will attempt to -+ * get statistics about a particular attribute; otherwise -+ * the function gets statistics about all of the policy's -+ * attributes. -+ * -+ * @param name Reference to an attribute's name; if NULL, -+ * all object classes will be considered -+ * @param policydb Reference to a policy -+ * -+ * @return 0 on success, < 0 on error. -+ */ -+static PyObject* get_attribs(const char *name, const apol_policy_t * policydb) -+{ -+ int retval = -1; -+ PyObject *list = PyList_New(0); -+ apol_attr_query_t *attr_query = NULL; -+ apol_vector_t *v = NULL; -+ const qpol_type_t *type_datum = NULL; -+ size_t n_attrs, i; -+ -+ /* we are only getting information about 1 attribute */ -+ if (name != NULL) { -+ attr_query = apol_attr_query_create(); -+ if (!attr_query) -+ goto cleanup; -+ if (apol_attr_query_set_attr(policydb, attr_query, name)) -+ goto cleanup; -+ if (apol_attr_get_by_query(policydb, attr_query, &v)) -+ goto cleanup; -+ apol_attr_query_destroy(&attr_query); -+ if (apol_vector_get_size(v) == 0) { -+ apol_vector_destroy(&v); -+ errno = EINVAL; -+ goto cleanup; -+ } -+ -+ type_datum = apol_vector_get_element(v, (size_t) 0); -+ PyObject *obj = get_attr(type_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } else { -+ attr_query = apol_attr_query_create(); -+ if (!attr_query) -+ goto cleanup; -+ if (apol_attr_get_by_query(policydb, attr_query, &v)) -+ goto cleanup; -+ apol_attr_query_destroy(&attr_query); -+ n_attrs = apol_vector_get_size(v); -+ -+ for (i = 0; i < n_attrs; i++) { -+ /* get qpol_type_t* item from vector */ -+ type_datum = (qpol_type_t *) apol_vector_get_element(v, (size_t) i); -+ if (!type_datum) -+ goto cleanup; -+ PyObject *obj = get_attr(type_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ } -+ apol_vector_destroy(&v); -+ -+ retval = 0; -+ cleanup: -+ apol_attr_query_destroy(&attr_query); -+ apol_vector_destroy(&v); -+ if (retval) { -+ Py_DECREF(list); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ return list; -+} -+ -+/** -+ * Get a textual representation of a type, and -+ * all of that type's attributes. -+ * -+ * @param type_datum Reference to sepol type_datum -+ * @param policydb Reference to a policy -+ */ -+static PyObject* get_type_attrs(const qpol_type_t * type_datum, const apol_policy_t * policydb) -+{ -+ qpol_iterator_t *iter = NULL; -+ const char *attr_name = NULL; -+ const qpol_type_t *attr_datum = NULL; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ -+ if (qpol_type_get_attr_iter(q, type_datum, &iter)) -+ goto cleanup; -+ PyObject *list = PyList_New(0); -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&attr_datum)) -+ goto cleanup; -+ if (qpol_type_get_name(q, attr_datum, &attr_name)) -+ goto cleanup; -+ PyObject *obj = PyString_FromString(attr_name); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ -+ cleanup: -+ qpol_iterator_destroy(&iter); -+ return list; -+} -+ -+static PyObject* get_type( const qpol_type_t * type_datum, const apol_policy_t * policydb) { -+ -+ PyObject *dict = PyDict_New(); -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ const char *type_name = NULL; -+ -+ unsigned char isalias, ispermissive, isattr; -+ -+ if (qpol_type_get_name(q, type_datum, &type_name)) -+ goto cleanup; -+ if (qpol_type_get_isalias(q, type_datum, &isalias)) -+ goto cleanup; -+ if (qpol_type_get_isattr(q, type_datum, &isattr)) -+ goto cleanup; -+ if (qpol_type_get_ispermissive(q, type_datum, &ispermissive)) -+ goto cleanup; -+ -+ PyObject *obj = PyString_FromString(type_name); -+ PyDict_SetItemString(dict, "name", obj); -+ Py_DECREF(obj); -+ obj = PyBool_FromLong(ispermissive); -+ PyDict_SetItemString(dict, "permissive", obj); -+ Py_DECREF(obj); -+ if (!isattr && !isalias) { -+ obj = get_type_attrs(type_datum, policydb); -+ PyDict_SetItemString(dict, "attributes", obj); -+ Py_DECREF(obj); -+ } -+ return dict; -+cleanup: -+ Py_DECREF(dict); -+ return NULL; -+} -+ -+/** -+ * Gets a textual representation of a user, and -+ * all of that user's roles. -+ * -+ * @param type_datum Reference to sepol type_datum -+ * @param policydb Reference to a policy -+ * roles -+ */ -+static PyObject* get_user(const qpol_user_t * user_datum, const apol_policy_t * policydb) -+{ -+ PyObject *dict = NULL; -+ const qpol_role_t *role_datum = NULL; -+ qpol_iterator_t *iter = NULL; -+ const qpol_mls_range_t *range = NULL; -+ const qpol_mls_level_t *dflt_level = NULL; -+ apol_mls_level_t *ap_lvl = NULL; -+ apol_mls_range_t *ap_range = NULL; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ char *tmp; -+ const char *user_name, *role_name; -+ -+ if (qpol_user_get_name(q, user_datum, &user_name)) -+ goto cleanup; -+ -+ dict = PyDict_New(); -+ PyObject *obj = PyString_FromString(user_name); -+ PyDict_SetItemString(dict, "name", obj); -+ Py_DECREF(obj); -+ -+ if (qpol_policy_has_capability(q, QPOL_CAP_MLS)) { -+ if (qpol_user_get_dfltlevel(q, user_datum, &dflt_level)) -+ goto cleanup; -+ ap_lvl = apol_mls_level_create_from_qpol_mls_level(policydb, dflt_level); -+ tmp = apol_mls_level_render(policydb, ap_lvl); -+ if (!tmp) -+ goto cleanup; -+ obj = PyString_FromString(tmp); -+ PyDict_SetItemString(dict, "level", obj); -+ Py_DECREF(obj); -+ free(tmp); -+ /* print default range */ -+ if (qpol_user_get_range(q, user_datum, &range)) -+ goto cleanup; -+ ap_range = apol_mls_range_create_from_qpol_mls_range(policydb, range); -+ tmp = apol_mls_range_render(policydb, ap_range); -+ if (!tmp) -+ goto cleanup; -+ obj = PyString_FromString(tmp); -+ PyDict_SetItemString(dict, "range", obj); -+ Py_DECREF(obj); -+ free(tmp); -+ } -+ -+ if (qpol_user_get_role_iter(q, user_datum, &iter)) -+ goto cleanup; -+ PyObject *list = PyList_New(0); -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&role_datum)) { -+ Py_DECREF(list); -+ goto cleanup; -+ } -+ if (qpol_role_get_name(q, role_datum, &role_name)) { -+ Py_DECREF(list); -+ goto cleanup; -+ } -+ PyObject *obj = PyString_FromString(role_name); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ PyDict_SetItemString(dict, "roles", list); -+ Py_DECREF(list); -+ -+cleanup: -+ qpol_iterator_destroy(&iter); -+ apol_mls_level_destroy(&ap_lvl); -+ apol_mls_range_destroy(&ap_range); -+ return dict; -+} -+ -+/** -+ * Gets statistics regarding a policy's users. -+ * If this function is given a name, it will attempt to -+ * get statistics about a particular user; otherwise -+ * the function gets statistics about all of the policy's -+ * users. -+ * -+ * @param name Reference to a user's name; if NULL, -+ * all users will be considered -+ * @param policydb Reference to a policy -+ * -+ * @return 0 on success, < 0 on error. -+ */ -+static PyObject* get_users(const char *name, const apol_policy_t * policydb) -+{ -+ int retval = -1; -+ PyObject *list = PyList_New(0); -+ qpol_iterator_t *iter = NULL; -+ const qpol_user_t *user_datum = NULL; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ -+ if (name != NULL) { -+ if (qpol_policy_get_user_by_name(q, name, &user_datum)) { -+ errno = EINVAL; -+ goto cleanup; -+ } -+ PyObject *obj = get_user(user_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } else { -+ if (qpol_policy_get_user_iter(q, &iter)) -+ goto cleanup; -+ -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&user_datum)) -+ goto cleanup; -+ PyObject *obj = get_user(user_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ qpol_iterator_destroy(&iter); -+ } -+ -+ retval = 0; -+ cleanup: -+ qpol_iterator_destroy(&iter); -+ if (retval) { -+ Py_DECREF(list); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ return list; -+} -+ -+/** -+ * get a textual representation of a role, and -+ * all of that role's types. -+ * -+ * @param type_datum Reference to sepol type_datum -+ * @param policydb Reference to a policy -+ * types -+ */ -+static PyObject* get_role(const qpol_role_t * role_datum, const apol_policy_t * policydb) -+{ -+ int retval = -1; -+ PyObject *dict = PyDict_New(); -+ const char *role_name = NULL, *type_name = NULL; -+ const qpol_role_t *dom_datum = NULL; -+ const qpol_type_t *type_datum = NULL; -+ qpol_iterator_t *iter = NULL; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ size_t n_dom = 0, n_types = 0; -+ -+ if (qpol_role_get_name(q, role_datum, &role_name)) -+ goto cleanup; -+ -+ PyObject *obj = PyString_FromString(role_name); -+ PyDict_SetItemString(dict, "name", obj); -+ Py_DECREF(obj); -+ -+ if (qpol_role_get_dominate_iter(q, role_datum, &iter)) -+ goto cleanup; -+ if (qpol_iterator_get_size(iter, &n_dom)) -+ goto cleanup; -+ if ((int)n_dom > 0) { -+ PyObject *list = PyList_New(0); -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&dom_datum)) -+ goto cleanup; -+ if (qpol_role_get_name(q, dom_datum, &role_name)) -+ goto cleanup; -+ PyObject *obj = PyString_FromString(role_name); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ PyDict_SetItemString(dict, "dominate", list); -+ Py_DECREF(list); -+ } -+ qpol_iterator_destroy(&iter); -+ -+ if (qpol_role_get_type_iter(q, role_datum, &iter)) -+ goto cleanup; -+ if (qpol_iterator_get_size(iter, &n_types)) -+ goto cleanup; -+ if ((int)n_types > 0) { -+ PyObject *list = PyList_New(0); -+ /* print types */ -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&type_datum)) -+ goto cleanup; -+ if (qpol_type_get_name(q, type_datum, &type_name)) -+ goto cleanup; -+ PyObject *obj = PyString_FromString(type_name); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ PyDict_SetItemString(dict, "types", list); -+ Py_DECREF(list); -+ } -+ -+ retval = 0; -+cleanup: -+ qpol_iterator_destroy(&iter); -+ if (retval) { -+ Py_DECREF(dict); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ return dict; -+} -+ -+/** -+ * Get statistics regarding a policy's ports. -+ * If this function is given a name, it will attempt to -+ * get statistics about a particular port; otherwise -+ * the function get statistics about all of the policy's ports. -+ * -+ * @param name Reference to an port's name; if NULL, -+ * all ports will be considered -+ * @param policydb Reference to a policy -+ * -+ * @return 0 on success, < 0 on error. -+ */ -+static PyObject* get_ports(const char *num, const apol_policy_t * policydb) -+{ -+ PyObject *list = PyList_New(0); -+ int retval = -1; -+ const qpol_portcon_t *portcon = NULL; -+ qpol_iterator_t *iter = NULL; -+ uint16_t low_port, high_port; -+ uint8_t ocon_proto; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ const qpol_context_t *ctxt = NULL; -+ const char *proto_str; -+ PyObject *dict; -+ const char *type = NULL; -+ const apol_mls_range_t *range = NULL; -+ char *range_str = NULL; -+ PyObject *obj = NULL; -+ apol_context_t *c = NULL; -+ -+ if (qpol_policy_get_portcon_iter(q, &iter)) -+ goto cleanup; -+ -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&portcon)) -+ goto cleanup; -+ if (qpol_portcon_get_low_port(q, portcon, &low_port)) -+ goto cleanup; -+ if (qpol_portcon_get_high_port(q, portcon, &high_port)) -+ goto cleanup; -+ if (qpol_portcon_get_protocol(q, portcon, &ocon_proto)) -+ goto cleanup; -+ if (num) { -+ if (atoi(num) < low_port || atoi(num) > high_port) -+ continue; -+ } -+ -+ if ((ocon_proto != IPPROTO_TCP) && -+ (ocon_proto != IPPROTO_UDP)) -+ goto cleanup; -+ -+ if (qpol_portcon_get_context(q, portcon, &ctxt)) { -+ PyErr_SetString(PyExc_RuntimeError, "Could not get for port context."); -+ goto cleanup; -+ } -+ -+ if ((proto_str = apol_protocol_to_str(ocon_proto)) == NULL) { -+ PyErr_SetString(PyExc_RuntimeError, "Invalid protocol for port"); -+ goto cleanup; -+ } -+ -+ if ((c = apol_context_create_from_qpol_context(policydb, ctxt)) == NULL) { -+ goto cleanup; -+ } -+ -+ if((type = apol_context_get_type(c)) == NULL) { -+ apol_context_destroy(&c); -+ goto cleanup; -+ } -+ -+ dict = PyDict_New(); -+ obj = PyString_FromString(type); -+ PyDict_SetItemString(dict, "type", obj); -+ Py_DECREF(obj); -+ -+ if((range = apol_context_get_range(c)) == NULL) { -+ goto cleanup; -+ } -+ -+ range_str = apol_mls_range_render(policydb, range); -+ if (range_str == NULL) { -+ goto cleanup; -+ } -+ obj = PyString_FromString(range_str); -+ PyDict_SetItemString(dict, "range", obj); -+ Py_DECREF(obj); -+ -+ obj = PyString_FromString(proto_str); -+ PyDict_SetItemString(dict, "protocol", obj); -+ Py_DECREF(obj); -+ -+ obj = PyInt_FromLong(high_port); -+ PyDict_SetItemString(dict, "high", obj); -+ Py_DECREF(obj); -+ -+ obj = PyInt_FromLong(low_port); -+ PyDict_SetItemString(dict, "low", obj); -+ Py_DECREF(obj); -+ -+ PyList_Append(list, dict); -+ Py_DECREF(dict); -+ } -+ retval = 0; -+ cleanup: -+ free(range_str); -+ apol_context_destroy(&c); -+ qpol_iterator_destroy(&iter); -+ -+ if (retval) { -+ Py_DECREF(list); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ return list; -+} -+ -+/** -+ * Get statistics regarding a policy's roles. -+ * If this function is given a name, it will attempt to -+ * get statistics about a particular role; otherwise -+ * the function get statistics about all of the policy's roles. -+ * -+ * @param name Reference to an role's name; if NULL, -+ * all roles will be considered -+ * @param policydb Reference to a policy -+ * -+ * @return 0 on success, < 0 on error. -+ */ -+static PyObject* get_roles(const char *name, const apol_policy_t * policydb) -+{ -+ int retval = -1; -+ PyObject *list = PyList_New(0); -+ const qpol_role_t *role_datum = NULL; -+ qpol_iterator_t *iter = NULL; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ -+ if (name != NULL) { -+ if (qpol_policy_get_role_by_name(q, name, &role_datum)) { -+ errno = EINVAL; -+ goto cleanup; -+ } -+ PyObject *obj = get_role(role_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } else { -+ if (qpol_policy_get_role_iter(q, &iter)) -+ goto cleanup; -+ -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&role_datum)) -+ goto cleanup; -+ PyObject *obj = get_role(role_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ qpol_iterator_destroy(&iter); -+ } -+ -+ retval = 0; -+ cleanup: -+ qpol_iterator_destroy(&iter); -+ if (retval) { -+ Py_DECREF(list); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ return list; -+} -+ -+/** -+ * Get statistics regarding a policy's types. -+ * If this function is given a name, it will attempt to -+ * print statistics about a particular type; otherwise -+ * the function prints statistics about all of the policy's types. -+ * -+ * @param name Reference to a type's name; if NULL, -+ * all object classes will be considered -+ * @param policydb Reference to a policy -+ * -+ * @return 0 on success, < 0 on error. -+ */ -+static PyObject* get_types(const char *name, const apol_policy_t * policydb) -+{ -+ int retval = -1; -+ PyObject *list = PyList_New(0); -+ const qpol_type_t *type_datum = NULL; -+ qpol_iterator_t *iter = NULL; -+ qpol_policy_t *q = apol_policy_get_qpol(policydb); -+ -+ /* if name was provided, only print that name */ -+ if (name != NULL) { -+ if (qpol_policy_get_type_by_name(q, name, &type_datum)) { -+ errno = EINVAL; -+ goto cleanup; -+ } -+ PyObject *obj = get_type(type_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } else { -+ if (qpol_policy_get_type_iter(q, &iter)) -+ goto cleanup; -+ /* Print all type names */ -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ if (qpol_iterator_get_item(iter, (void **)&type_datum)) -+ goto cleanup; -+ PyObject *obj = get_type(type_datum, policydb); -+ PyList_Append(list, obj); -+ Py_DECREF(obj); -+ } -+ } -+ retval = 0; -+cleanup: -+ qpol_iterator_destroy(&iter); -+ if (retval) { -+ Py_DECREF(list); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ return list; -+} -+ -+PyObject* seinfo(int type, const char *name) -+{ -+ int rt = -1; -+ -+ apol_policy_t *policydb = NULL; -+ apol_policy_path_t *pol_path = NULL; -+ apol_vector_t *mod_paths = NULL; -+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; -+ PyObject* output = NULL; -+ -+ rt = qpol_default_policy_find(&policy_file); -+ if (rt != 0) { -+ PyErr_SetString(PyExc_RuntimeError,"No default policy found."); -+ return NULL; -+ } -+ -+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); -+ if (!pol_path) { -+ free(policy_file); -+ apol_vector_destroy(&mod_paths); -+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); -+ return NULL; -+ } -+ apol_vector_destroy(&mod_paths); -+ -+ int policy_load_options = 0; -+ policy_load_options |= QPOL_POLICY_OPTION_MATCH_SYSTEM; -+ policydb = apol_policy_create_from_policy_path(pol_path, policy_load_options, NULL, NULL); -+ if (!policydb) { -+ free(policy_file); -+ apol_policy_path_destroy(&pol_path); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ free(policy_file); -+ -+ /* display requested info */ -+ if (type == TYPE) -+ output = get_types(name, policydb); -+ -+ if (type == ATTRIBUTE) -+ output = get_attribs(name, policydb); -+ -+ if (type == ROLE) -+ output = get_roles(name, policydb); -+ -+ if (type == USER) -+ output = get_users(name, policydb); -+ -+ if (type == PORT) -+ output = get_ports(name, policydb); -+ -+ apol_policy_destroy(&policydb); -+ apol_policy_path_destroy(&pol_path); -+ return output; -+} -+ -+PyObject *wrap_seinfo(PyObject *self, PyObject *args){ -+ unsigned int type; -+ char *name; -+ -+ if (!PyArg_ParseTuple(args, "iz", &type, &name)) -+ return NULL; -+ -+ return Py_BuildValue("O",seinfo(type, name)); -+ -+} -+ -+static PyMethodDef methods[] = { -+ {"seinfo", (PyCFunction) wrap_seinfo, METH_VARARGS}, -+ {NULL, NULL, 0, NULL} -+}; -+ -+void init_seinfo(){ -+ PyObject *m; -+ m = Py_InitModule("_seinfo", methods); -+ PyModule_AddIntConstant(m, "ATTRIBUTE", ATTRIBUTE); -+ PyModule_AddIntConstant(m, "PORT", PORT); -+ PyModule_AddIntConstant(m, "ROLE", ROLE); -+ PyModule_AddIntConstant(m, "TYPE", TYPE); -+ PyModule_AddIntConstant(m, "USER", USER); -+} -diff -up setools-3.3.7/python/setools/sesearch.c.python setools-3.3.7/python/setools/sesearch.c ---- setools-3.3.7/python/setools/sesearch.c.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/setools/sesearch.c 2010-10-14 14:34:47.000000000 -0400 -@@ -0,0 +1,478 @@ -+// Author: Thomas Liu -+ -+/** -+ * @file -+ * Command line tool to search TE rules. -+ * -+ * @author Frank Mayer mayerf@tresys.com -+ * @author Jeremy A. Mowery jmowery@tresys.com -+ * @author Paul Rosenfeld prosenfeld@tresys.com -+ * @author Thomas Liu -+ * -+ * Copyright (C) 2003-2008 Tresys Technology, LLC -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 2 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, write to the Free Software -+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA -+ */ -+ -+/** -+ * This is a modified version of sesearch to be used as part of a library for -+ * Python bindings. -+ */ -+ -+#include "Python.h" -+ -+/* libapol */ -+#include -+#include -+#include -+#include -+#include -+ -+/* libqpol*/ -+#include -+#include -+#include -+#include -+ -+/* other */ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" -+static char *policy_file = NULL; -+ -+enum opt_values -+{ -+ RULE_NEVERALLOW = 256, RULE_AUDIT, RULE_AUDITALLOW, RULE_DONTAUDIT, -+ RULE_ROLE_ALLOW, RULE_ROLE_TRANS, RULE_RANGE_TRANS, RULE_ALL, -+ EXPR_ROLE_SOURCE, EXPR_ROLE_TARGET -+}; -+ -+; -+ -+typedef struct options -+{ -+ char *src_name; -+ char *tgt_name; -+ char *src_role_name; -+ char *tgt_role_name; -+ char *class_name; -+ char *permlist; -+ char *bool_name; -+ apol_vector_t *class_vector; -+ bool all; -+ bool lineno; -+ bool semantic; -+ bool indirect; -+ bool allow; -+ bool nallow; -+ bool auditallow; -+ bool dontaudit; -+ bool type; -+ bool rtrans; -+ bool role_allow; -+ bool role_trans; -+ bool useregex; -+ bool show_cond; -+ apol_vector_t *perm_vector; -+} options_t; -+ -+static int perform_av_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) -+{ -+ apol_avrule_query_t *avq = NULL; -+ unsigned int rules = 0; -+ int error = 0; -+ char *tmp = NULL, *tok = NULL, *s = NULL; -+ -+ if (!policy || !opt || !v) { -+ PyErr_SetString(PyExc_RuntimeError,strerror(EINVAL)); -+ errno = EINVAL; -+ return -1; -+ } -+ -+ if (!opt->all && !opt->allow && !opt->nallow && !opt->auditallow && !opt->dontaudit) { -+ *v = NULL; -+ return 0; /* no search to do */ -+ } -+ -+ avq = apol_avrule_query_create(); -+ if (!avq) { -+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); -+ errno = ENOMEM; -+ return -1; -+ } -+ -+ if (opt->allow || opt->all) -+ rules |= QPOL_RULE_ALLOW; -+ if ((opt->nallow || opt->all) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_NEVERALLOW)) -+ rules |= QPOL_RULE_NEVERALLOW; -+ if (opt->auditallow || opt->all) -+ rules |= QPOL_RULE_AUDITALLOW; -+ if (opt->dontaudit || opt->all) -+ rules |= QPOL_RULE_DONTAUDIT; -+ apol_avrule_query_set_rules(policy, avq, rules); -+ apol_avrule_query_set_regex(policy, avq, opt->useregex); -+ if (opt->src_name) -+ apol_avrule_query_set_source(policy, avq, opt->src_name, opt->indirect); -+ if (opt->tgt_name) -+ apol_avrule_query_set_target(policy, avq, opt->tgt_name, opt->indirect); -+ if (opt->bool_name) -+ apol_avrule_query_set_bool(policy, avq, opt->bool_name); -+ if (opt->class_name) { -+ if (opt->class_vector == NULL) { -+ if (apol_avrule_query_append_class(policy, avq, opt->class_name)) { -+ error = errno; -+ goto err; -+ } -+ } else { -+ size_t i; -+ for (i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { -+ char *class_name; -+ class_name = apol_vector_get_element(opt->class_vector, i); -+ if (!class_name) -+ continue; -+ if (apol_avrule_query_append_class(policy, avq, class_name)) { -+ error = errno; -+ goto err; -+ } -+ } -+ } -+ } -+ -+ if (opt->permlist) { -+ tmp = strdup(opt->permlist); -+ for (tok = strtok(tmp, ","); tok; tok = strtok(NULL, ",")) { -+ if (apol_avrule_query_append_perm(policy, avq, tok)) { -+ error = errno; -+ goto err; -+ } -+ if ((s = strdup(tok)) == NULL || apol_vector_append(opt->perm_vector, s) < 0) { -+ error = errno; -+ goto err; -+ } -+ s = NULL; -+ } -+ free(tmp); -+ } -+ -+ if (!(opt->semantic) && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { -+ if (apol_syn_avrule_get_by_query(policy, avq, v)) { -+ error = errno; -+ goto err; -+ } -+ } else { -+ if (apol_avrule_get_by_query(policy, avq, v)) { -+ error = errno; -+ goto err; -+ } -+ } -+ -+ apol_avrule_query_destroy(&avq); -+ return 0; -+ -+ err: -+ apol_vector_destroy(v); -+ apol_avrule_query_destroy(&avq); -+ free(tmp); -+ free(s); -+ PyErr_SetString(PyExc_RuntimeError,strerror(error)); -+ errno = error; -+ return -1; -+} -+ -+ -+ -+static PyObject* get_av_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v) -+{ -+ int retval = -1; -+ PyObject *list = PyList_New(0); -+ qpol_policy_t *q = apol_policy_get_qpol(policy); -+ size_t i, num_rules = 0; -+ const qpol_avrule_t *rule = NULL; -+ char *tmp = NULL, *rule_str = NULL, *expr = NULL; -+ char enable_char = ' ', branch_char = ' '; -+ qpol_iterator_t *iter = NULL; -+ uint32_t enabled = 0; -+ -+ if (!policy || !v) -+ return NULL; -+ -+ if (!(num_rules = apol_vector_get_size(v))) -+ return NULL; -+ -+ for (i = 0; i < num_rules; i++) { -+ enable_char = branch_char = ' '; -+ if (!(rule = apol_vector_get_element(v, i))) -+ goto cleanup; -+ -+ if (qpol_avrule_get_is_enabled(q, rule, &enabled)) -+ goto cleanup; -+ if (!enabled) -+ continue; -+ -+ const qpol_type_t *type; -+ const char *tmp_name; -+ uint32_t rule_type = 0; -+ -+ const qpol_class_t *obj_class = NULL; -+ -+ PyObject *dict = PyDict_New(); -+ -+ qpol_avrule_get_rule_type(q, rule, &rule_type); -+ tmp_name = apol_rule_type_to_str(rule_type); -+ PyObject *obj = PyString_FromString(tmp_name); -+ PyDict_SetItemString(dict, "type", obj); -+ Py_DECREF(obj); -+ // source -+ qpol_avrule_get_source_type(q, rule, &type); -+ qpol_type_get_name(q, type, &tmp_name); -+ obj = PyString_FromString(tmp_name); -+ PyDict_SetItemString(dict, "scontext", obj); -+ Py_DECREF(obj); -+ -+ qpol_avrule_get_target_type(q, rule, &type); -+ qpol_type_get_name(q, type, &tmp_name); -+ obj = PyString_FromString(tmp_name); -+ PyDict_SetItemString(dict, "tcontext", obj); -+ Py_DECREF(obj); -+ -+ qpol_avrule_get_object_class(q, rule, &obj_class); -+ qpol_type_get_name(q, type, &tmp_name); -+ obj = PyString_FromString(tmp_name); -+ PyDict_SetItemString(dict, "class", obj); -+ Py_DECREF(obj); -+ qpol_avrule_get_perm_iter(q, rule, &iter); -+ PyObject *permlist = PyList_New(0); -+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { -+ const char *perm_name = NULL; -+ qpol_iterator_get_item(iter, (void **)&perm_name); -+ obj = PyString_FromString(perm_name); -+ PyList_Append(permlist, obj); -+ Py_DECREF(obj); -+ } -+ PyDict_SetItemString(dict, "permlist", permlist); -+ Py_DECREF(permlist); -+ PyList_Append(list, dict); -+ Py_DECREF(dict); -+ -+ free(rule_str); -+ rule_str = NULL; -+ free(expr); -+ expr = NULL; -+ } -+ retval = 0; -+ cleanup: -+ free(tmp); -+ free(rule_str); -+ free(expr); -+ if (retval) { -+ Py_DECREF(list); -+ return NULL; -+ } -+ return list; -+} -+ -+ -+PyObject* sesearch(bool allow, -+ bool neverallow, -+ bool auditallow, -+ bool dontaudit, -+ const char *src_name, -+ const char *tgt_name, -+ const char *class_name, -+ const char *permlist -+ ) -+{ -+ options_t cmd_opts; -+ int rt = -1; -+ PyObject *output = NULL; -+ -+ apol_policy_t *policy = NULL; -+ apol_vector_t *v = NULL; -+ apol_policy_path_t *pol_path = NULL; -+ apol_vector_t *mod_paths = NULL; -+ apol_policy_path_type_e path_type = APOL_POLICY_PATH_TYPE_MONOLITHIC; -+ -+ memset(&cmd_opts, 0, sizeof(cmd_opts)); -+ cmd_opts.indirect = true; -+ cmd_opts.allow = allow; -+ cmd_opts.nallow = neverallow; -+ cmd_opts.auditallow = auditallow; -+ cmd_opts.dontaudit = dontaudit; -+ if (src_name) -+ cmd_opts.src_name = strdup(src_name); -+ if (tgt_name) -+ cmd_opts.tgt_name = strdup(tgt_name); -+ if (class_name) -+ cmd_opts.class_name = strdup(class_name); -+ if (permlist){ -+ cmd_opts.perm_vector = apol_vector_create(free); -+ cmd_opts.permlist = strdup(permlist); -+ } -+ int pol_opt = 0; -+ if (!(cmd_opts.nallow || cmd_opts.all)) -+ pol_opt |= QPOL_POLICY_OPTION_NO_NEVERALLOWS; -+ -+ -+ rt = qpol_default_policy_find(&policy_file); -+ if (rt) { -+ PyErr_SetString(PyExc_RuntimeError,"No default policy found."); -+ return NULL; -+ } -+ pol_opt |= QPOL_POLICY_OPTION_MATCH_SYSTEM; -+ -+ if (apol_file_is_policy_path_list(policy_file) > 0) { -+ pol_path = apol_policy_path_create_from_file(policy_file); -+ if (!pol_path) { -+ free(policy_file); -+ PyErr_SetString(PyExc_RuntimeError,"invalid policy list"); -+ return NULL; -+ } -+ } -+ -+ if (!pol_path) -+ pol_path = apol_policy_path_create(path_type, policy_file, mod_paths); -+ if (!pol_path) { -+ free(policy_file); -+ PyErr_SetString(PyExc_RuntimeError,strerror(ENOMEM)); -+ return NULL; -+ } -+ free(policy_file); -+ apol_vector_destroy(&mod_paths); -+ -+ policy = apol_policy_create_from_policy_path(pol_path, pol_opt, NULL, NULL); -+ if (!policy) { -+ apol_policy_path_destroy(&pol_path); -+ PyErr_SetString(PyExc_RuntimeError,strerror(errno)); -+ return NULL; -+ } -+ /* handle regex for class name */ -+ if (cmd_opts.useregex && cmd_opts.class_name != NULL) { -+ cmd_opts.class_vector = apol_vector_create(NULL); -+ apol_vector_t *qpol_matching_classes = NULL; -+ apol_class_query_t *regex_match_query = apol_class_query_create(); -+ apol_class_query_set_regex(policy, regex_match_query, 1); -+ apol_class_query_set_class(policy, regex_match_query, cmd_opts.class_name); -+ if (apol_class_get_by_query(policy, regex_match_query, &qpol_matching_classes)) { -+ apol_class_query_destroy(®ex_match_query); -+ PyErr_SetString(PyExc_RuntimeError,"Query failed"); -+ goto cleanup; -+ } -+ const qpol_class_t *class = NULL; -+ size_t i; -+ for (i = 0; i < apol_vector_get_size(qpol_matching_classes); ++i) { -+ const char *class_name; -+ class = apol_vector_get_element(qpol_matching_classes, i); -+ if (!class) -+ break; -+ qpol_class_get_name(apol_policy_get_qpol(policy), class, &class_name); -+ apol_vector_append(cmd_opts.class_vector, (void *)class_name); -+ } -+ if (!apol_vector_get_size(qpol_matching_classes)) { -+ apol_vector_destroy(&qpol_matching_classes); -+ apol_class_query_destroy(®ex_match_query); -+ PyErr_SetString(PyExc_RuntimeError,"No classes match expression"); -+ goto cleanup; -+ } -+ apol_vector_destroy(&qpol_matching_classes); -+ apol_class_query_destroy(®ex_match_query); -+ } -+ -+ if (!cmd_opts.semantic && qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { -+ if (qpol_policy_build_syn_rule_table(apol_policy_get_qpol(policy))) { -+ apol_policy_destroy(&policy); -+ PyErr_SetString(PyExc_RuntimeError,"Query failed"); -+ goto cleanup; -+ } -+ } -+ -+ /* if syntactic rules are not available always do semantic search */ -+ if (!qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_SYN_RULES)) { -+ cmd_opts.semantic = 1; -+ } -+ -+ /* supress line numbers if doing semantic search or not available */ -+ if (cmd_opts.semantic || !qpol_policy_has_capability(apol_policy_get_qpol(policy), QPOL_CAP_LINE_NUMBERS)) { -+ cmd_opts.lineno = 0; -+ } -+ if (perform_av_query(policy, &cmd_opts, &v)) { -+ goto cleanup; -+ } -+ if (v) { -+ output = get_av_results(policy, &cmd_opts, v); -+ } -+ apol_vector_destroy(&v); -+ cleanup: -+ apol_policy_destroy(&policy); -+ apol_policy_path_destroy(&pol_path); -+ free(cmd_opts.src_name); -+ free(cmd_opts.tgt_name); -+ free(cmd_opts.class_name); -+ free(cmd_opts.permlist); -+ free(cmd_opts.bool_name); -+ free(cmd_opts.src_role_name); -+ free(cmd_opts.tgt_role_name); -+ apol_vector_destroy(&cmd_opts.perm_vector); -+ apol_vector_destroy(&cmd_opts.class_vector); -+ -+ if (output) return output; -+ return Py_None; -+} -+static int Dict_ContainsInt(PyObject *dict, const char *key){ -+ PyObject *item = PyDict_GetItemString(dict, key); -+ if (item) -+ return PyInt_AsLong(item); -+ return false; -+} -+ -+static const char *Dict_ContainsString(PyObject *dict, const char *key){ -+ PyObject *item = PyDict_GetItemString(dict, key); -+ if (item) -+ return PyString_AsString(item); -+ return NULL; -+} -+ -+PyObject *wrap_sesearch(PyObject *self, PyObject *args){ -+ PyObject *dict; -+ if (!PyArg_ParseTuple(args, "O", &dict)) -+ return NULL; -+ int allow = Dict_ContainsInt(dict, "allow"); -+ int neverallow = Dict_ContainsInt(dict, "neverallow"); -+ int auditallow = Dict_ContainsInt(dict, "auditallow"); -+ int dontaudit = Dict_ContainsInt(dict, "dontaudit"); -+ -+ const char *src_name = Dict_ContainsString(dict, "scontext"); -+ const char *tgt_name = Dict_ContainsString(dict, "tcontext"); -+ const char *class_name = Dict_ContainsString(dict, "class"); -+ const char *permlist = Dict_ContainsString(dict, "permlist"); -+ -+ return Py_BuildValue("O",sesearch(allow, neverallow, auditallow, dontaudit, src_name, tgt_name, class_name, permlist)); -+ -+} -+ -+static PyMethodDef methods[] = { -+ {"sesearch", (PyCFunction) wrap_sesearch, METH_VARARGS}, -+ {NULL, NULL, 0, NULL} -+}; -+ -+void init_sesearch(){ -+ PyObject *m; -+ m = Py_InitModule("_sesearch", methods); -+} -diff -up setools-3.3.7/python/setools/setup.py.python setools-3.3.7/python/setools/setup.py ---- setools-3.3.7/python/setools/setup.py.python 2010-07-30 15:02:10.000000000 -0400 -+++ setools-3.3.7/python/setools/setup.py 2010-07-30 15:02:10.000000000 -0400 -@@ -0,0 +1,25 @@ -+#!/usr/bin/env python -+ -+# Author: Thomas Liu -+import os -+from distutils.core import setup, Extension -+LIBS=["apol", "qpol"] -+ -+try: -+ inc=os.getenv("INCLUDES").split(" ") -+ INCLUDES=map(lambda x: x[2:], inc) -+ LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) -+except: -+ INCLUDES="" -+ LIBDIRS="" -+ -+extension_sesearch = Extension("setools._sesearch", [ "sesearch.c"]) -+extension_sesearch.include_dirs=INCLUDES -+extension_sesearch.libraries=LIBS -+extension_sesearch.library_dirs=LIBDIRS -+extension_seinfo = Extension("setools._seinfo", [ "seinfo.c"]) -+extension_seinfo.include_dirs=INCLUDES -+extension_seinfo.libraries=LIBS -+extension_seinfo.library_dirs=LIBDIRS -+ -+setup(name = "setools", version="1.0", description="Python setools bindings", author="Thomas Liu", author_email="tliu@redhat.com", ext_modules=[extension_sesearch, extension_seinfo], packages=["setools"])