From: Wenzong Fan <wenzong....@windriver.com> SETools v4 is a rewrite of SETools in Python, details refer to: https://github.com/TresysTechnology/setools/wiki/Changes-Since-SETools-v3
Changes for upreving: * removed setools_3.3.8.bb and all useless patch * add patches to fix cross-compiling issues: - setools4-fixes-for-cross-compiling.patch - setools4-fix-cross-compiling-errors-for-powerpc-mips.patch Signed-off-by: Wenzong Fan <wenzong....@windriver.com> --- ...-Don-t-check-selinux-policies-if-disabled.patch | 25 -- .../setools-Fix-man-pages-and-getoptions.patch | 80 ------ .../setools-Fix-output-to-match-policy-lines.patch | 36 --- ...-Fix-python-setools-Makefile.am-for-cross.patch | 33 --- ...-sepol-calls-to-work-with-latest-libsepol.patch | 36 --- .../setools-Fix-test-bug-for-unary-operator.patch | 25 -- .../setools/setools-Remove-unused-variables.patch | 279 --------------------- ...s-Update-for-2015-02-02-Userspace-release.patch | 114 --------- .../setools/setools/setools-configure-ac.patch | 107 -------- .../setools-configure-with-latest-libsepol.patch | 33 --- .../setools/setools/setools-cross-ar.patch | 17 -- .../setools-neverallow-rules-all-always-fail.patch | 31 --- ...ols-seinfo-should-exit-with-correct-errno.patch | 134 ---------- recipes-security/setools/setools/setools.pam | 4 - ...x-cross-compiling-errors-for-powerpc-mips.patch | 35 +++ .../setools4-fixes-for-cross-compiling.patch | 40 +++ .../setools/{setools_3.3.8.bb => setools_4.1.1.bb} | 100 ++------ 17 files changed, 91 insertions(+), 1038 deletions(-) delete mode 100644 recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch delete mode 100644 recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch delete mode 100644 recipes-security/setools/setools/setools-Remove-unused-variables.patch delete mode 100644 recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch delete mode 100644 recipes-security/setools/setools/setools-configure-ac.patch delete mode 100644 recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch delete mode 100644 recipes-security/setools/setools/setools-cross-ar.patch delete mode 100644 recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch delete mode 100644 recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch delete mode 100644 recipes-security/setools/setools/setools.pam create mode 100644 recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch create mode 100644 recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch rename recipes-security/setools/{setools_3.3.8.bb => setools_4.1.1.bb} (11%) diff --git a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch b/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch deleted file mode 100644 index ed841e8..0000000 --- a/recipes-security/setools/setools/setools-Don-t-check-selinux-policies-if-disabled.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 7515aa80e7ead8d3016ea161e5d0eb9c59399278 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 14:36:19 +0800 -Subject: [meta-selinux][PATCH] setools: Don't check selinux policies if disabled. - ---- - configure.ac | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e1db271..899e5e9 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -390,7 +390,7 @@ if test "x${enable_selinux_check}" = "xyes"; then - use_selinux=yes - fi - else -- use_selinux=yes -+ use_selinux=no - fi - - AC_CACHE_SAVE --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch b/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch deleted file mode 100644 index 455da1e..0000000 --- a/recipes-security/setools/setools/setools-Fix-man-pages-and-getoptions.patch +++ /dev/null @@ -1,80 +0,0 @@ -From ecaccf49ee95fe2c3a57a0d2184aaec98a967172 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 10:53:36 +0800 -Subject: [meta-selinux][PATCH 3/7] setools: Fix man pages and getoptions - -Integrated from Fedora: -https://community.dev.fedoraproject.org/packages/setools/sources/patches/ ---- - man/replcon.1 | 2 ++ - man/seinfo.1 | 6 +++++- - seaudit/seaudit-report.c | 2 +- - sediff/sediff.c | 2 +- - 4 files changed, 9 insertions(+), 3 deletions(-) - -diff --git a/man/replcon.1 b/man/replcon.1 -index 8aca08a..478dc51 100644 ---- a/man/replcon.1 -+++ b/man/replcon.1 -@@ -44,6 +44,8 @@ Search for files which include PATH. - .IP "-c CLASS, --class=CLASS" - Search only files of object class CLASS. - .SH OPTIONS -+.IP "-R, --regex" -+Enable regular expressions - .IP "-v, --verbose" - Display context info during replacement. - .IP "-h, --help" -diff --git a/man/seinfo.1 b/man/seinfo.1 -index 8612119..6bc17db 100644 ---- a/man/seinfo.1 -+++ b/man/seinfo.1 -@@ -76,6 +76,10 @@ There is no expanded information for this component. - .IP "--nodecon[=ADDR]" - Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR. - There is no expanded information for this component. -+.IP "--polcap" -+Print policy capabilities. -+.IP "--permissive" -+Print permissive types. - .IP "--portcon[=PORT]" - Print a list of port contexts or, if PORT is provided, print the statement for port PORT. - There is no expanded information for this component. -@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss - This option is not available for all component types; see the description of each component for the details this option will provide. - .IP "--stats" - Print policy statistics including policy type and version information and counts of all components and rules. --.IP "-l" -+.IP "-l, --line-breaks" - Print line breaks when displaying constraint statements. - .IP "-h, --help" - Print help information and exit. -diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c -index af3c6fb..d436c18 100644 ---- a/seaudit/seaudit-report.c -+++ b/seaudit/seaudit-report.c -@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief) - printf(" -s, --stdin read log data from standard input\n"); - printf(" -m, --malformed include malformed log messages\n"); - printf(" -o FILE, --output=FILE output to FILE\n"); -- printf(" --config=FILE read configuration from FILE\n"); -+ printf(" -c FILE, --config=FILE read configuration from FILE\n"); - printf(" --html set output format to HTML\n"); - printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n"); - printf(" (ignored if --html is not given)\n"); -diff --git a/sediff/sediff.c b/sediff/sediff.c -index 6022775..341c650 100644 ---- a/sediff/sediff.c -+++ b/sediff/sediff.c -@@ -420,7 +420,7 @@ int main(int argc, char **argv) - poldiff_t *diff = NULL; - size_t total = 0; - -- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) { -+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) { - switch (optc) { - case 0: - break; --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch b/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch deleted file mode 100644 index c397aa6..0000000 --- a/recipes-security/setools/setools/setools-Fix-output-to-match-policy-lines.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 81f2221ab707ca8d5e204b0f9be61d537888e439 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 11:03:00 +0800 -Subject: [meta-selinux][PATCH 7/7] setools: Fix output to match policy lines - -Integrated from Fedora: -https://community.dev.fedoraproject.org/packages/setools/sources/patches/ ---- - libapol/src/ftrule-query.c | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c -index 9c7a23b..1d5f5c8 100644 ---- a/libapol/src/ftrule-query.c -+++ b/libapol/src/ftrule-query.c -@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena - error = errno; - goto err; - } -- if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) { -+ if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) { - error = errno; - ERR(policy, "%s", strerror(error)); - goto err; -@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena - goto err; - } - -- if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) { -+ if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) { - error = errno; - ERR(policy, "%s", strerror(error)); - goto err; --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch b/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch deleted file mode 100644 index c4d062a..0000000 --- a/recipes-security/setools/setools/setools-Fix-python-setools-Makefile.am-for-cross.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 7d386c429202b393aa4ca281a11b5e1f2259b109 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 15:43:41 +0800 -Subject: [meta-selinux][PATCH] setools: Fix python/setools/Makefile.am for cross. - ---- - python/setools/Makefile.am | 6 +++--- - 1 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/python/setools/Makefile.am b/python/setools/Makefile.am -index c4635fb..80aa385 100644 ---- a/python/setools/Makefile.am -+++ b/python/setools/Makefile.am -@@ -22,13 +22,13 @@ sesearch_SOURCES = sesearch.c - python-build: sesearch.c seinfo.c - @mkdir -p setools - @cp __init__.py setools -- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build -+ CC="${CC}" LDSHARED="$(CC) -shared" LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG) $(PYTHON_LDFLAGS)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS) $(PYTHON_CPPFLAGS)" ${PYTHON} setup.py build - - install-exec-hook: -- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)` - - uninstall-hook: -- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` -+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR) --install-lib=$(PYTHON_SITE_PKG)` - - clean-local: - $(PYTHON) setup.py clean -a --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch deleted file mode 100644 index 8519ab2..0000000 --- a/recipes-security/setools/setools/setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 16d3a0b41273be4289f70d1d63fb983721bb60c0 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 10:54:55 +0800 -Subject: [meta-selinux][PATCH 4/7] setools: Fix sepol calls to work with latest libsepol - -Integrated from Fedora: -https://community.dev.fedoraproject.org/packages/setools/sources/patches/ ---- - configure.ac | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e837e03..3c11e23 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE( - [AC_LANG_SOURCE([ - #include <sepol/policydb/expand.h> - int main () { -- return role_set_expand(NULL, NULL, NULL, NULL); -+ return role_set_expand(NULL, NULL, NULL, NULL, NULL); - }])], - sepol_new_user_role_mapping="yes", - sepol_new_user_role_mapping="no") -@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then - [AC_LANG_SOURCE([ - #include <sepol/policydb/expand.h> - int main () { -- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0); -+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0); - }])], - AC_MSG_RESULT([yes]), - AC_MSG_ERROR([this version of libsepol is incompatible with SETools])) --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch b/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch deleted file mode 100644 index 7b6e539..0000000 --- a/recipes-security/setools/setools/setools-Fix-test-bug-for-unary-operator.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 5f574dc0fb68fe07c5b611ca34c01b8484735aab Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 14:47:44 +0800 -Subject: [meta-selinux][PATCH] setools: Fix "test" bug for unary operator. - -configure: line 22969: test: =: unary operator expected ---- - configure.ac | 1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 899e5e9..6854c69 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -233,6 +233,7 @@ if test ${do_swigify} = "yes"; then - AC_PROG_SWIG(2.0.0) - fi - build_apol=yes -+do_swigify_tcl=no - AC_ARG_ENABLE(swig-tcl, - AC_HELP_STRING([--enable-swig-tcl], - [build SWIG interfaces for Tcl (default)]), --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Remove-unused-variables.patch b/recipes-security/setools/setools/setools-Remove-unused-variables.patch deleted file mode 100644 index f991819..0000000 --- a/recipes-security/setools/setools/setools-Remove-unused-variables.patch +++ /dev/null @@ -1,279 +0,0 @@ -From d8a4502fae7118796558e523a6dc0a6a5f9adec9 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 11:02:10 +0800 -Subject: [meta-selinux][PATCH 6/7] setools: Remove unused variables - -Integrated from Fedora: -https://community.dev.fedoraproject.org/packages/setools/sources/patches/ ---- - libapol/src/ftrule-query.c | 11 ++---- - libqpol/src/ftrule_query.c | 2 - - secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++----------- - 3 files changed, 68 insertions(+), 31 deletions(-) - -diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c -index dc248de..9c7a23b 100644 ---- a/libapol/src/ftrule-query.c -+++ b/libapol/src/ftrule-query.c -@@ -45,14 +45,11 @@ struct apol_filename_trans_query - int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v) - { - apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL; -- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans; -- char *bool_name = NULL; -+ int retval = -1, source_as_any = 0, is_regex = 0; - *v = NULL; -- unsigned int flags = 0; -- qpol_iterator_t *iter = NULL, *type_iter = NULL; -+ qpol_iterator_t *iter = NULL; - - if (t != NULL) { -- flags = t->flags; - is_regex = t->flags & APOL_QUERY_REGEX; - if (t->source != NULL && - (source_list = -@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam - if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) { - goto cleanup; - } -- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0; -+ int match_source = 0, match_target = 0, match_default = 0; - size_t i; - - if (source_list == NULL) { -@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena - { - char *tmp = NULL; - const char *tmp_name = NULL; -- const char *filename_trans_type_str; - int error = 0; - size_t tmp_sz = 0; -- uint32_t filename_trans_type = 0; - const qpol_type_t *type = NULL; - const qpol_class_t *obj_class = NULL; - -diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c -index d6db848..3148d30 100644 ---- a/libqpol/src/ftrule_query.c -+++ b/libqpol/src/ftrule_query.c -@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo - - int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name) - { -- policydb_t *db = NULL; - filename_trans_t *ft = NULL; - - if (name) { -@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi - return STATUS_ERR; - } - -- db = &policy->p->p; - ft = (filename_trans_t *) rule; - - *name = ft->name; -diff --git a/secmds/sesearch.c b/secmds/sesearch.c -index e44b3bc..319ffe7 100644 ---- a/secmds/sesearch.c -+++ b/secmds/sesearch.c -@@ -72,6 +72,7 @@ static struct option const longopts[] = { - - {"source", required_argument, NULL, 's'}, - {"target", required_argument, NULL, 't'}, -+ {"default", required_argument, NULL, 'D'}, - {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, - {"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, - {"class", required_argument, NULL, 'c'}, -@@ -92,6 +93,7 @@ typedef struct options - { - char *src_name; - char *tgt_name; -+ char *default_name; - char *src_role_name; - char *tgt_role_name; - char *class_name; -@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t * - tmp = apol_cond_expr_render(policy, cond); - enable_char = (enabled ? 'E' : 'D'); - branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt - qpol_iterator_destroy(&iter); - enable_char = (enabled ? 'E' : 'D'); - branch_char = (list ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t * - tmp = apol_cond_expr_render(policy, cond); - enable_char = (enabled ? 'E' : 'D'); - branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt - qpol_iterator_destroy(&iter); - enable_char = (enabled ? 'E' : 'D'); - branch_char = (list ? 'T' : 'F'); -- asprintf(&expr, "[ %s ]", tmp); -+ if (asprintf(&expr, "[ %s ]", tmp) < 0) -+ goto cleanup; - free(tmp); - tmp = NULL; - if (!expr) -@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, - return -1; - } - -- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) { -+ if (!opt->type && !opt->all) { - *v = NULL; - return 0; /* no search to do */ - } -@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, - - apol_filename_trans_query_set_regex(policy, ftq, opt->useregex); - if (opt->src_name) { -- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) { -+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) { - error = errno; - goto err; - } - } -+ - if (opt->tgt_name) { - if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) { - error = errno; - goto err; - } - } -+ if (opt->default_name) { -+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) { -+ error = errno; -+ goto err; -+ } -+ } -+ -+ if (opt->class_name) { -+ if (opt->class_vector == NULL) { -+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) { -+ error = errno; -+ goto err; -+ } -+ } else { -+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) { -+ char *class_name; -+ class_name = apol_vector_get_element(opt->class_vector, i); -+ if (!class_name) -+ continue; -+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) { -+ error = errno; -+ goto err; -+ } -+ } -+ } -+ } - - if (apol_filename_trans_get_by_query(policy, ftq, v)) { - error = errno; -@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, - - static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v) - { -- qpol_policy_t *q = apol_policy_get_qpol(policy); -- size_t i, num_rules = 0; -- const qpol_filename_trans_t *rule = NULL; -- char *tmp = NULL, *rule_str = NULL, *expr = NULL; -+ size_t i, num_filename_trans = 0; -+ const qpol_filename_trans_t *filename_trans = NULL; -+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; - char enable_char = ' ', branch_char = ' '; - qpol_iterator_t *iter = NULL; - const qpol_cond_t *cond = NULL; - uint32_t enabled = 0, list = 0; - -- if (!(num_rules = apol_vector_get_size(v))) -+ if (!(num_filename_trans = apol_vector_get_size(v))) - goto cleanup; - -- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules); -+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); - -- for (i = 0; i < num_rules; i++) { -+ for (i = 0; i < num_filename_trans; i++) { - enable_char = branch_char = ' '; -- if (!(rule = apol_vector_get_element(v, i))) -+ if (!(filename_trans = apol_vector_get_element(v, i))) - goto cleanup; - -- if (!(rule_str = apol_filename_trans_render(policy, rule))) -+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans))) - goto cleanup; -- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : ""); -- free(rule_str); -- rule_str = NULL; -+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : ""); -+ free(filename_trans_str); -+ filename_trans_str = NULL; - free(expr); - expr = NULL; - } - - cleanup: - free(tmp); -- free(rule_str); -+ free(filename_trans_str); - free(expr); - } - -@@ -930,7 +962,7 @@ int main(int argc, char **argv) - - memset(&cmd_opts, 0, sizeof(cmd_opts)); - cmd_opts.indirect = true; -- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) { -+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { - switch (optc) { - case 0: - break; -@@ -946,6 +978,18 @@ int main(int argc, char **argv) - exit(1); - } - break; -+ case 'D': /* source */ -+ if (optarg == 0) { -+ usage(argv[0], 1); -+ printf("Missing source default type for -D (--default)\n"); -+ exit(1); -+ } -+ cmd_opts.default_name = strdup(optarg); -+ if (!cmd_opts.default_name) { -+ -+ exit(1); -+ } -+ break; - case 't': /* target */ - if (optarg == 0) { - usage(argv[0], 1); -@@ -1218,7 +1262,7 @@ int main(int argc, char **argv) - fprintf(stdout, "\n"); - } - -- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) { -+ if (cmd_opts.all || cmd_opts.type) { - apol_vector_destroy(&v); - if (perform_ft_query(policy, &cmd_opts, &v)) { - rt = 1; --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch b/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch deleted file mode 100644 index c8fc3f5..0000000 --- a/recipes-security/setools/setools/setools-Update-for-2015-02-02-Userspace-release.patch +++ /dev/null @@ -1,114 +0,0 @@ -From f1e5b208d507171968ca4d2eeefd7980f1004a3c Mon Sep 17 00:00:00 2001 -From: Chris PeBenito <cpeben...@tresys.com> -Date: Thu, 12 Feb 2015 08:55:12 -0500 -Subject: [meta-selinux][PATCH] Update for 2015-02-02 Userspace release (2.4) - -SETools now requires libsepol 2.4 and libselinux 2.4. ---- - configure.ac | 6 +++--- - libqpol/src/policy_define.c | 4 ++-- - libqpol/src/policy_extend.c | 4 ++-- - libqpol/src/syn_rule_query.c | 6 +++--- - secmds/replcon.cc | 2 +- - 5 files changed, 11 insertions(+), 11 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 80395e6..ae20da7 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -25,9 +25,9 @@ libseaudit_version=4.5 - setoolsdir='${prefix}/share/setools-3.3' - javadir='${prefix}/share/java' - --version_min_sepol_major=1 --version_min_sepol_minor=12 --version_min_sepol_patch=27 -+version_min_sepol_major=2 -+version_min_sepol_minor=4 -+version_min_sepol_patch=0 - - dnl *** end of tunable values *** - -diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c -index 229779c..15f70ba 100644 ---- a/libqpol/src/policy_define.c -+++ b/libqpol/src/policy_define.c -@@ -1661,7 +1661,7 @@ int define_compute_type_helper(int which, avrule_t ** rule) - goto bad; - } - class_perm_node_init(perm); -- perm->class = i + 1; -+ perm->tclass = i + 1; - perm->data = datum->s.value; - perm->next = avrule->perms; - avrule->perms = perm; -@@ -1901,7 +1901,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule) - goto out; - } - class_perm_node_init(cur_perms); -- cur_perms->class = i + 1; -+ cur_perms->tclass = i + 1; - if (!perms) - perms = cur_perms; - if (tail) -diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c -index 5325a87..1417271 100644 ---- a/libqpol/src/policy_extend.c -+++ b/libqpol/src/policy_extend.c -@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_ - for (class_node = rule->perms; class_node; class_node = class_node->next) { - key.rule_type = rule->specified; - key.source_val = key.target_val = i + 1; -- key.class_val = class_node->class; -+ key.class_val = class_node->tclass; - key.cond = cond; - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule)) - goto err; -@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_ - key.rule_type = rule->specified; - key.source_val = i + 1; - key.target_val = j + 1; -- key.class_val = class_node->class; -+ key.class_val = class_node->tclass; - key.cond = cond; - if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule)) - goto err; -diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c -index 3e63204..d7578f1 100644 ---- a/libqpol/src/syn_rule_query.c -+++ b/libqpol/src/syn_rule_query.c -@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter) - return NULL; - } - -- return db->class_val_to_struct[srcs->cur->class - 1]; -+ return db->class_val_to_struct[srcs->cur->tclass - 1]; - } - - static int syn_rule_class_state_next(qpol_iterator_t * iter) -@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a - } - - for (node = internal_rule->perms; node; node = node->next) { -- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) { -+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) { - if (!(node->data & (1 << i))) - continue; -- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i)); -+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i)); - if (tmp) { - tmp++; /* remove prepended space */ - for (cur = 0; cur < perm_list_sz; cur++) -diff --git a/secmds/replcon.cc b/secmds/replcon.cc -index 34f7c1a..307c39f 100644 ---- a/secmds/replcon.cc -+++ b/secmds/replcon.cc -@@ -60,7 +60,7 @@ static struct option const longopts[] = { - {NULL, 0, NULL, 0} - }; - --extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak)); -+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak)); - - /** - * As that setools must work with older libselinux versions that may diff --git a/recipes-security/setools/setools/setools-configure-ac.patch b/recipes-security/setools/setools/setools-configure-ac.patch deleted file mode 100644 index 5b8e440..0000000 --- a/recipes-security/setools/setools/setools-configure-ac.patch +++ /dev/null @@ -1,107 +0,0 @@ ---- - configure.ac | 37 ++++++++++++++----------------------- - 1 file changed, 14 insertions(+), 23 deletions(-) - ---- a/configure.ac -+++ b/configure.ac -@@ -216,9 +216,6 @@ - do_swigify_java=yes - do_swigify=yes - fi -- --AM_PATH_PYTHON(2.7) -- - AC_ARG_ENABLE(swig-python, - AC_HELP_STRING([--enable-swig-python], - [build SWIG interfaces for Python]), -@@ -227,6 +224,7 @@ - if test ${do_swigify} = no; then - AC_PROG_SWIG(2.0.0) - fi -+ AM_PATH_PYTHON(2.7) - SWIG_PYTHON - do_swigify_python=yes - do_swigify=yes -@@ -411,32 +409,19 @@ - selinux_devel="/usr") - sepol_devel_incdir="${sepol_devel}/include" - selinux_devel_incdir="${selinux_devel}/include" --dnl if /lib64 exists then use that directory, otherwise revert to just /lib --for dir in lib64 lib ; do -- sepol_devel_libdir="${sepol_devel}/${dir}" -- if test -f ${sepol_devel_libdir}/libsepol.so ; then -- break -- fi --done --for dir in lib64 lib ; do -- selinux_devel_libdir="${selinux_devel}/${dir}" -- if test -f ${selinux_devel_libdir}/libselinux.so ; then -- break -- fi --done -+dnl We pass in sepol_devel of usr/lib{32/64}/.., dirname strips the .. -+sepol_devel_libdir=`dirname ${sepol_devel}` -+selinux_devel_libdir=`dirname ${selinux_devel}` - AC_MSG_CHECKING([for sepol/sepol.h]) - selinux_save_CFLAGS="${CFLAGS}" - selinux_save_CPPFLAGS="${CPPFLAGS}" - CFLAGS="${CFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}" - CPPFLAGS="${CPPFLAGS} -I${sepol_devel_incdir} -I${selinux_devel_incdir}" - AC_CHECK_HEADER([sepol/sepol.h], , AC_MSG_ERROR([could not find sepol headers at $sepol_devel_incdir - make sure libsepol-devel is installed])) --AC_CHECK_LIB([sepol], [sepol_policydb_read], , -- AC_MSG_ERROR([could not find libsepol at $sepol_devel_libdir])) -+LIBS="-lsepol $LIBS" - AC_CHECK_HEADER([selinux/selinux.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed])) - AC_CHECK_HEADER([selinux/context.h], , AC_MSG_ERROR([could not find selinux headers at $selinux_devel_incdir - make sure libselinux-devel is installed])) --AC_CHECK_LIB([selinux], [selinux_policy_root], , --AC_MSG_ERROR([could not find libselinux at $selinux_devel_libdir]), -- -lsepol) -+LIBS="-lselinux $LIBS" - SELINUX_LIB_FLAG="-L${sepol_devel_libdir} -L${selinux_devel_libdir}" - CFLAGS="${selinux_save_CFLAGS}" - CPPFLAGS="${selinux_save_CPPFLAGS}" -@@ -448,8 +433,6 @@ - sepol_srcdir="") - if test "x${sepol_srcdir}" = "x"; then - sepol_srcdir=${sepol_devel_libdir} -- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],, -- AC_MSG_ERROR([make sure libsepol-static is installed])) - else - AC_MSG_CHECKING([for compatible sepol source tree]) - sepol_version=${sepol_srcdir}/VERSION -@@ -556,6 +539,7 @@ - sepol_new_errcodes="yes", - sepol_new_errcodes="no") - -+if test x"${ac_cv_policydb_version_max}" = x ; then - AC_RUN_IFELSE( - [AC_LANG_SOURCE([ - #include <sepol/policydb/policydb.h> -@@ -571,6 +555,9 @@ - }])], - sepol_policy_version_max=`cat conftest.data`, - AC_MSG_FAILURE([could not determine maximum libsepol policy version])) -+else -+ sepol_policy_version_max=${ac_cv_policydb_version_max} -+fi - AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol]) - CFLAGS="${sepol_save_CFLAGS}" - CPPFLAGS="${sepol_save_CPPFLAGS}" -@@ -578,6 +565,7 @@ - if test ${use_selinux} = "yes"; then - dnl Locate selinux policy root directory - AC_MSG_CHECKING([for selinux policy root]) -+ if test x"${ac_cv_selinux_policy_root}" = x ; then - changequote(<<<,>>>)dnl - cat > ./conftest.c <<EOF - #include <stdlib.h> -@@ -596,6 +584,9 @@ - CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}" - gcc ${CFLAGS} -o conftest conftest.c >&5 - selinux_policy_dir=`./conftest` -+ else -+ selinux_policy_dir=${ac_cv_selinux_policy_root} -+ fi - AC_MSG_RESULT(${selinux_policy_dir}) - CFLAGS="${selinux_save_CFLAGS}" - fi diff --git a/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch b/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch deleted file mode 100644 index 84ac3dc..0000000 --- a/recipes-security/setools/setools/setools-configure-with-latest-libsepol.patch +++ /dev/null @@ -1,33 +0,0 @@ -From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001 -From: Dan Walsh <dwa...@redhat.com> -Date: Tue, 20 Sep 2011 15:46:38 -0400 -Subject: [meta-selinux][PATCH 5/6] Fix sepol calls to work with latest libsepol - ---- - configure.ac | 4 ++-- - 1 files changed, 2 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index e837e03..3c11e23 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE( - [AC_LANG_SOURCE([ - #include <sepol/policydb/expand.h> - int main () { -- return role_set_expand(NULL, NULL, NULL, NULL); -+ return role_set_expand(NULL, NULL, NULL, NULL, NULL); - }])], - sepol_new_user_role_mapping="yes", - sepol_new_user_role_mapping="no") -@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then - [AC_LANG_SOURCE([ - #include <sepol/policydb/expand.h> - int main () { -- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0); -+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0); - }])], - AC_MSG_RESULT([yes]), - AC_MSG_ERROR([this version of libsepol is incompatible with SETools])) --- -1.7.6.2 diff --git a/recipes-security/setools/setools/setools-cross-ar.patch b/recipes-security/setools/setools/setools-cross-ar.patch deleted file mode 100644 index eba24c2..0000000 --- a/recipes-security/setools/setools/setools-cross-ar.patch +++ /dev/null @@ -1,17 +0,0 @@ -Use the specified $(AR), not "ar", for cross-compiling. - ---- - libqpol/src/Makefile.am | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/libqpol/src/Makefile.am -+++ b/libqpol/src/Makefile.am -@@ -64,7 +64,7 @@ - mkdir -p $@ - rm -f $@/* - cp $< $@ -- (cd $@; ar x libsepol.a) -+ (cd $@; $(AR) x libsepol.a) - - $(qpolso_DATA): $(tmp_sepol) $(libqpol_so_OBJS) libqpol.map - $(CC) -shared -o $@ $(libqpol_so_OBJS) $(AM_LDFLAGS) $(LDFLAGS) -Wl,-soname,$(LIBQPOL_SONAME),--version-script=$(srcdir)/libqpol.map,-z,defs -Wl,--whole-archive $(sepol_srcdir)/libsepol.a -Wl,--no-whole-archive @SELINUX_LIB_FLAG@ -lselinux -lsepol -lbz2 diff --git a/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch b/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch deleted file mode 100644 index a165dae..0000000 --- a/recipes-security/setools/setools/setools-neverallow-rules-all-always-fail.patch +++ /dev/null @@ -1,31 +0,0 @@ -From 4360fae5a6fbee9c8866573fe5a8af2fdae4944d Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Fri, 9 Mar 2012 10:18:35 +0800 -Subject: [meta-selinux][PATCH] setools: neverallow rules all always fail. - -Since we do not ship neverallow rules all always fail. -ERROR: Cannot get avrules: Neverallow rules requested but not available -ERROR: Operation not supported ---- - libqpol/src/avrule_query.c | 3 +++ - 1 files changed, 3 insertions(+), 0 deletions(-) - -diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c -index 749565b..e7d42fc 100644 ---- a/libqpol/src/avrule_query.c -+++ b/libqpol/src/avrule_query.c -@@ -57,8 +57,11 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type - - if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { - ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); -+ /* - errno = ENOTSUP; - return STATUS_ERR; -+ */ -+ return STATUS_SUCCESS; - } - - db = &policy->p->p; --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch b/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch deleted file mode 100644 index a9cec6e..0000000 --- a/recipes-security/setools/setools/setools-seinfo-should-exit-with-correct-errno.patch +++ /dev/null @@ -1,134 +0,0 @@ -From 65ff2020dd1119cf45ad4eb74e63b21fb8f63389 Mon Sep 17 00:00:00 2001 -From: Xin Ouyang <xin.ouy...@windriver.com> -Date: Wed, 7 Mar 2012 10:48:07 +0800 -Subject: [meta-selinux][PATCH 2/7] setools: seinfo should exit with correct errno. - -Integrated from Fedora: -https://community.dev.fedoraproject.org/packages/setools/sources/patches/ ---- - secmds/seinfo.c | 51 +++++++++++++++++++++++++++------------------------ - 1 files changed, 27 insertions(+), 24 deletions(-) - -diff --git a/secmds/seinfo.c b/secmds/seinfo.c -index fdf23e9..3088f88 100644 ---- a/secmds/seinfo.c -+++ b/secmds/seinfo.c -@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy - */ - static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb) - { -- int retval = 0; -+ int retval = -1; - apol_cat_query_t *query = NULL; - apol_vector_t *v = NULL; - const qpol_cat_t *cat_datum = NULL; -@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy - fprintf(fp, " %s\n", tmp); - free(tmp); - } -- if (type && !apol_vector_get_size(v)) -+ if (type && !apol_vector_get_size(v)) { - ERR(policydb, "No fs_use statement for filesystem of type %s.", type); -- -+ goto cleanup; -+ } - retval = 0; - cleanup: - apol_fs_use_query_destroy(&query); -@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol - ERR(policydb, "%s", strerror(ENOMEM)); - goto cleanup; - } -- - if (apol_genfscon_query_set_filesystem(policydb, query, type)) - goto cleanup; - if (apol_genfscon_get_by_query(policydb, query, &v)) -@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol - free(tmp); - } - -- if (type && !apol_vector_get_size(v)) -+ if (type && !apol_vector_get_size(v)) { - ERR(policydb, "No genfscon statement for filesystem of type %s.", type); -+ goto cleanup; -+ } - - retval = 0; - cleanup: -@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators etc. - - int main(int argc, char **argv) - { -+ int rc = 0; - int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif, - node, port, permissives, polcaps, constrain, linebreaks; - apol_policy_t *policydb = NULL; -@@ -1851,46 +1854,46 @@ int main(int argc, char **argv) - - /* display requested info */ - if (stats || all) -- print_stats(stdout, policydb); -+ rc = print_stats(stdout, policydb); - if (classes || all) -- print_classes(stdout, class_name, expand, policydb); -+ rc = print_classes(stdout, class_name, expand, policydb); - if (types || all) -- print_types(stdout, type_name, expand, policydb); -+ rc = print_types(stdout, type_name, expand, policydb); - if (attribs || all) -- print_attribs(stdout, attrib_name, expand, policydb); -+ rc = print_attribs(stdout, attrib_name, expand, policydb); - if (roles || all) -- print_roles(stdout, role_name, expand, policydb); -+ rc = print_roles(stdout, role_name, expand, policydb); - if (users || all) -- print_users(stdout, user_name, expand, policydb); -+ rc = print_users(stdout, user_name, expand, policydb); - if (bools || all) -- print_booleans(stdout, bool_name, expand, policydb); -+ rc = print_booleans(stdout, bool_name, expand, policydb); - if (sens || all) -- print_sens(stdout, sens_name, expand, policydb); -+ rc = print_sens(stdout, sens_name, expand, policydb); - if (cats || all) -- print_cats(stdout, cat_name, expand, policydb); -+ rc = print_cats(stdout, cat_name, expand, policydb); - if (fsuse || all) -- print_fsuse(stdout, fsuse_type, policydb); -+ rc = print_fsuse(stdout, fsuse_type, policydb); - if (genfs || all) -- print_genfscon(stdout, genfs_type, policydb); -+ rc = print_genfscon(stdout, genfs_type, policydb); - if (netif || all) -- print_netifcon(stdout, netif_name, policydb); -+ rc = print_netifcon(stdout, netif_name, policydb); - if (node || all) -- print_nodecon(stdout, node_addr, policydb); -+ rc = print_nodecon(stdout, node_addr, policydb); - if (port || all) -- print_portcon(stdout, port_num, protocol, policydb); -+ rc = print_portcon(stdout, port_num, protocol, policydb); - if (isids || all) -- print_isids(stdout, isid_name, expand, policydb); -+ rc = print_isids(stdout, isid_name, expand, policydb); - if (permissives || all) -- print_permissives(stdout, permissive_name, expand, policydb); -+ rc = print_permissives(stdout, permissive_name, expand, policydb); - if (polcaps || all) -- print_polcaps(stdout, polcap_name, expand, policydb); -+ rc = print_polcaps(stdout, polcap_name, expand, policydb); - if (constrain || all) -- print_constraints(stdout, expand, policydb, linebreaks); -+ rc = print_constraints(stdout, expand, policydb, linebreaks); - - apol_policy_destroy(&policydb); - apol_policy_path_destroy(&pol_path); - free(policy_file); -- exit(0); -+ exit(rc); - } - - /** --- -1.7.5.4 - diff --git a/recipes-security/setools/setools/setools.pam b/recipes-security/setools/setools/setools.pam deleted file mode 100644 index c7d67e3..0000000 --- a/recipes-security/setools/setools/setools.pam +++ /dev/null @@ -1,4 +0,0 @@ -#%PAM-1.0 -auth include config-util -account include config-util -session include config-util diff --git a/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch new file mode 100644 index 0000000..88b8c8c --- /dev/null +++ b/recipes-security/setools/setools/setools4-fix-cross-compiling-errors-for-powerpc-mips.patch @@ -0,0 +1,35 @@ +From dc86d880ae0d66233679112a2bf0115c39df68f1 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan <wenzong....@windriver.com> +Date: Fri, 17 Feb 2017 08:57:35 +0000 +Subject: [meta-selinux][PATCH] setools4: fix cross-compiling errors for powerpc, mips + +Fix build errors: +| libqpol/policy.c: In function 'qpol_binpol_version': +| libqpol/policy.c:95:24: error: implicit declaration of function 'bswap_32' [-Werror=implicit-function-declaration] +| #define le32_to_cpu(x) bswap_32(x) + +Upstream-Status: Pending + +Signed-off-by: Wenzong Fan <wenzong....@windriver.com> +--- + libqpol/policy.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/libqpol/policy.c b/libqpol/policy.c +index ae3acb5..b5b87f9 100644 +--- a/libqpol/policy.c ++++ b/libqpol/policy.c +@@ -45,6 +45,10 @@ + # include <asm/types.h> + #endif + ++#if defined(_ARCH_PPC) || defined(mips) ++#include <byteswap.h> ++#endif ++ + #include <sepol/debug.h> + #include <sepol/handle.h> + #include <sepol/policydb/flask_types.h> +-- +2.11.0 + diff --git a/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch new file mode 100644 index 0000000..18bb055 --- /dev/null +++ b/recipes-security/setools/setools/setools4-fixes-for-cross-compiling.patch @@ -0,0 +1,40 @@ +From a104374147b398838edc04e937c92e762ea3f5d9 Mon Sep 17 00:00:00 2001 +From: Wenzong Fan <wenzong....@windriver.com> +Date: Tue, 14 Feb 2017 06:32:35 +0000 +Subject: [meta-selinux][PATCH] setools4: fixes for cross compiling + +* search libsepol from $STAGING_LIBDIR +* fix manual install path as '/usr/share/man/man1' + +Upstream-Status: Inappropriate [embedded specific] + +Signed-off-by: Wenzong Fan <wenzong....@windriver.com> +--- + setup.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/setup.py b/setup.py +index 2ca44c9..300ff70 100644 +--- a/setup.py ++++ b/setup.py +@@ -77,7 +77,7 @@ class BuildExtCommand(build_ext): + build_ext.run(self) + + +-base_lib_dirs = ['.', '/usr/lib64', '/usr/lib', '/usr/local/lib'] ++base_lib_dirs = [os.environ["STAGING_LIBDIR"]] + include_dirs = ['libqpol', 'libqpol/include'] + + try: +@@ -182,7 +182,7 @@ setup(name='setools', + 'build_qhc': QtHelpCommand}, + packages=['setools', 'setools.diff', 'setools.policyrep', 'setoolsgui', 'setoolsgui.apol'], + scripts=['apol', 'sediff', 'seinfo', 'seinfoflow', 'sesearch', 'sedta'], +- data_files=[(join(sys.prefix, 'share/man/man1'), glob.glob("man/*.1"))], ++ data_files=[('/usr/share/man/man1', glob.glob("man/*.1"))], + package_data={'': ['*.ui', '*.qhc', '*.qch'], 'setools': ['perm_map']}, + ext_modules=ext_py_mods, + test_suite='tests', +-- +2.13.0 + diff --git a/recipes-security/setools/setools_3.3.8.bb b/recipes-security/setools/setools_4.1.1.bb similarity index 11% rename from recipes-security/setools/setools_3.3.8.bb rename to recipes-security/setools/setools_4.1.1.bb index 99296ca..0bbc52b 100644 --- a/recipes-security/setools/setools_3.3.8.bb +++ b/recipes-security/setools/setools_4.1.1.bb @@ -8,96 +8,28 @@ SETools." SECTION = "base" LICENSE = "GPLv2 & LGPLv2.1" -SRC_URI = "https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-${PV}/setools-${PV}.tar.bz2" -SRC_URI[md5sum] = "d68d0d4e4da0f01da0f208782ff04b91" -SRC_URI[sha256sum] = "44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999" +SRC_URI = "https://github.com/TresysTechnology/setools/archive/${PV}.tar.gz;downloadfilename=setools-${PV}.tar.gz \ + file://setools4-fixes-for-cross-compiling.patch \ + file://setools4-fix-cross-compiling-errors-for-powerpc-mips.patch \ +" -SRC_URI += "file://setools-neverallow-rules-all-always-fail.patch" -SRC_URI += "file://setools-Fix-sepol-calls-to-work-with-latest-libsepol.patch" +SRC_URI[md5sum] = "54cf5c0ca2aa4ef7c6ac153981af34cd" +SRC_URI[sha256sum] = "46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610" -SRC_URI += "file://setools-Don-t-check-selinux-policies-if-disabled.patch" -SRC_URI += "file://setools-configure-ac.patch" -SRC_URI += "file://setools-cross-ar.patch" +LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=83a5eb6974c11f30785e90d0eeccf40c \ + file://${S}/COPYING.GPL;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ + file://${S}/COPYING.LGPL;md5=4fbd65380cdd255951079008b364516c" -SRC_URI += "file://setools-Fix-test-bug-for-unary-operator.patch" -SRC_URI += "file://setools-Fix-python-setools-Makefile.am-for-cross.patch" - -SRC_URI += "file://setools-Update-for-2015-02-02-Userspace-release.patch" - -LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=26035c503c68ae1098177934ac0cc795 \ - file://${S}/COPYING.GPL;md5=751419260aa954499f7abaabaa882bbe \ - file://${S}/COPYING.LGPL;md5=fbc093901857fcd118f065f900982c24" - -CFLAGS_append = " -fPIC" -CXXFLAGS_append = " -fPIC" - -DEPENDS += "bison-native flex-native python libsepol libselinux libxml2" - -PACKAGE_BEFORE_PN += "${PN}-libs" +DEPENDS += "bison-native flex-native swig-native python libsepol" +# TODO: depends on meta-python, disable the RDEPENDS for now: +# RDEPENDS_${PN} += "python-networkx python-enum34 python-decorator python-setuptools" RPROVIDES_${PN} += "${PN}-console" -FILES_${PN}-dbg += "\ - ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/.debug \ - " - -FILES_${PN}-libs = "\ - ${libdir}/libqpol.so.* \ - ${libdir}/libapol.so.* \ - ${libdir}/libpoldiff.so.* \ - ${libdir}/libsefs.so.* \ - ${libdir}/libseaudit.so.* \ - ${libdir}/python${PYTHON_BASEVERSION}/site-packages/*.egg-info \ - ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/*.so* \ - ${libdir}/python${PYTHON_BASEVERSION}/site-packages/setools/*.py* \ - " - -FILES_${PN} += "\ - ${bindir}/seinfo \ - ${bindir}/sesearch \ - ${bindir}/indexcon \ - ${bindir}/findcon \ - ${bindir}/replcon \ - ${bindir}/sechecker \ - ${bindir}/sediff \ - ${datadir}/setools-3.3/sechecker-profiles \ - ${datadir}/setools-3.3/sechecker_help.txt \ - ${datadir}/setools-3.3/sediff_help.txt \ - ${datadir}/setools-3.3/sediffx* \ - ${mandir}/man1/findcon.1.gz \ - ${mandir}/man1/indexcon.1.gz \ - ${mandir}/man1/replcon.1.gz \ - ${mandir}/man1/sechecker.1.gz \ - ${mandir}/man1/sediff.1.gz \ - ${mandir}/man1/seinfo.1.gz \ - ${mandir}/man1/sesearch.1.gz \ - " - -inherit autotools pythonnative - -# need to export these variables for python-config to work -export BUILD_SYS -export HOST_SYS -export STAGING_INCDIR -export STAGING_LIBDIR - -EXTRA_OECONF = "-disable-bwidget-check --disable-selinux-check \ - --disable-swig-python --disable-swig-java --disable-swig-tcl \ - --disable-profiling --disable-gui --with-tk=no --with-tcl=no \ - --with-sepol-devel=${STAGING_LIBDIR}/.. \ - --with-selinux-devel=${STAGING_LIBDIR}/.." - -do_configure_prepend() { - export ac_cv_policydb_version_max=26 - export PYTHON=python - export PYLIBVER='python${PYTHON_BASEVERSION}' - export PYTHON_CPPFLAGS="-I${STAGING_INCDIR}/${PYLIBVER}" - export PYTHON_LDFLAGS="${STAGING_LIBDIR}/lib${PYLIBVER}.so" - export PYTHON_SITE_PKG="${libdir}/${PYLIBVER}/site-packages" -} +inherit setuptools do_install_append() { - rm -f ${D}/${libdir}/*.a + # Need PyQt5 support, disable gui tools + rm -f ${D}${bindir}/apol + rm -rf ${D}${libdir}/${PYTHON_DIR}/site-packages/setoolsgui } - -BBCLASSEXTEND = "native" -- 2.13.0 -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto