From 8fcd66651a12b3d42cf1424fbe5073ac8582bdb5 Mon Sep 17 00:00:00 2001
From: Ray Strode <rstrode@fedoraproject.org>
Date: Thu, 28 Jun 2007 15:09:25 +0000
Subject: [PATCH] drop some unused patches

---
 dbus-0.61-selinux-avc-audit.patch | 236 ------------------------------
 dbus-0.92-audit-system.patch      |  37 -----
 dbus-1.0.2-selinux.patch          |  26 ----
 3 files changed, 299 deletions(-)
 delete mode 100644 dbus-0.61-selinux-avc-audit.patch
 delete mode 100644 dbus-0.92-audit-system.patch
 delete mode 100644 dbus-1.0.2-selinux.patch

diff --git a/dbus-0.61-selinux-avc-audit.patch b/dbus-0.61-selinux-avc-audit.patch
deleted file mode 100644
index 27341e4..0000000
--- a/dbus-0.61-selinux-avc-audit.patch
+++ /dev/null
@@ -1,236 +0,0 @@
---- dbus-0.61/bus/selinux.c.selinux-avc-audit	2006-02-24 14:41:15.000000000 -0500
-+++ dbus-0.61/bus/selinux.c	2006-02-24 14:41:15.000000000 -0500
-@@ -38,6 +38,9 @@
- #include <selinux/flask.h>
- #include <signal.h>
- #include <stdarg.h>
-+#ifdef HAVE_LIBAUDIT
-+#include <libaudit.h>
-+#endif /* HAVE_LIBAUDIT */
- #endif /* HAVE_SELINUX */
- 
- #define BUS_SID_FROM_SELINUX(sid)  ((BusSELinuxID*) (sid))
-@@ -100,12 +103,40 @@
-  * @param variable argument list
-  */
- #ifdef HAVE_SELINUX
-+#ifdef HAVE_LIBAUDIT
-+static int audit_fd = -1;
-+static void audit_init(void)
-+{
-+  audit_fd = audit_open();
-+  if (audit_fd < 0) {
-+    /* If kernel doesn't support audit, bail out */
-+    if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT)
-+      return;
-+    /* If user bus, bail out */
-+    if (errno == EPERM && getuid() != 0)
-+      return;
-+    _dbus_warn ("Failed opening connection to the audit subsystem");
-+  }
-+}
-+#endif /* HAVE_LIBAUDIT */
-+
- static void 
- log_callback (const char *fmt, ...) 
- {
-   va_list ap;
-   va_start(ap, fmt);
-+#ifdef HAVE_LIBAUDIT
-+  {
-+     char buf[PATH_MAX*2];
-+
-+	/* FIXME: need to change this to show real user */
-+     vsnprintf(buf, sizeof(buf), fmt, ap);
-+     audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
-+                                NULL, getuid());
-+  }
-+#else
-   vsyslog (LOG_INFO, fmt, ap);
-+#endif /* HAVE_LIBAUDIT */
-   va_end(ap);
- }
- 
-@@ -313,6 +344,10 @@
- 
-   freecon (bus_context);
-   
-+#ifdef HAVE_LIBAUDIT
-+  audit_init ();
-+#endif /* HAVE_LIBAUDIT */
-+
-   return TRUE;
- #else
-   return TRUE;
-@@ -937,6 +972,9 @@
- #endif /* DBUS_ENABLE_VERBOSE_MODE */
- 
-       avc_destroy ();
-+#ifdef HAVE_LIBAUDIT
-+      audit_close (audit_fd);
-+#endif /* HAVE_LIBAUDIT */
-     }
- #endif /* HAVE_SELINUX */
- }
---- dbus-0.61/configure.in.selinux-avc-audit	2006-02-24 11:36:29.000000000 -0500
-+++ dbus-0.61/configure.in	2006-02-24 14:55:17.000000000 -0500
-@@ -67,6 +67,7 @@
- AC_ARG_ENABLE(mono_docs, AS_HELP_STRING([--enable-mono-docs],[build mono docs]),enable_mono_docs=$enableval,enable_mono_docs=no)
- AC_ARG_ENABLE(python, AS_HELP_STRING([--enable-python],[build python bindings]),enable_python=$enableval,enable_python=auto)
- AC_ARG_ENABLE(selinux, AS_HELP_STRING([--enable-selinux],[build with SELinux support]),enable_selinux=$enableval,enable_selinux=auto)
-+AC_ARG_ENABLE(libaudit,          [  --enable-libaudit    build audit daemon support for SELinux],enable_libaudit=$enableval,enable_libaudit=auto)
- AC_ARG_ENABLE(dnotify, AS_HELP_STRING([--enable-dnotify],[build with dnotify support (linux only)]),enable_dnotify=$enableval,enable_dnotify=auto)
- 
- AC_ARG_WITH(xml, AS_HELP_STRING([--with-xml=[libxml/expat]],[XML library to use]))
-@@ -851,6 +852,27 @@
-    AC_DEFINE(DBUS_BUS_ENABLE_DNOTIFY_ON_LINUX,1,[Use dnotify on Linux])
- fi
- 
-+# libaudit detection
-+if test x$enable_libaudit = xno ; then
-+    have_libaudit=no;
-+else
-+    # See if we have audit daemon & capabilities library
-+    AC_CHECK_LIB(audit, audit_log_user_avc_message, 
-+                 have_libaudit=yes, have_libaudit=no)
-+    if test x$have_libaudit = xyes ; then
-+        AC_CHECK_LIB(cap, cap_set_proc, 
-+                 have_libaudit=yes, have_libaudit=no)
-+    fi
-+fi
-+
-+AM_CONDITIONAL(HAVE_LIBAUDIT, test x$have_libaudit = xyes)
-+
-+if test x$have_libaudit = xyes ; then
-+    SELINUX_LIBS="$SELINUX_LIBS -laudit"
-+    LIBS="-lcap $LIBS"
-+    AC_DEFINE(HAVE_LIBAUDIT,1,[audit daemon SELinux support])
-+fi
-+
- #### Set up final flags
- DBUS_CLIENT_CFLAGS=
- DBUS_CLIENT_LIBS=
---- dbus-0.61-orig/dbus/dbus-sysdeps-util-unix.c.selinux-avc-audit	2006-02-24 10:46:45.000000000 -0500
-+++ dbus-0.61/dbus/dbus-sysdeps-util-unix.c	2006-04-04 13:00:04.000000000 -0400
-@@ -42,6 +42,11 @@
- #include <sys/socket.h>
- #include <dirent.h>
- #include <sys/un.h>
-+#ifdef HAVE_LIBAUDIT
-+#include <sys/prctl.h>
-+#include <sys/capability.h>
-+#include <libaudit.h>
-+#endif /* HAVE_LIBAUDIT */
- 
- #ifndef O_BINARY
- #define O_BINARY 0
-@@ -247,6 +252,55 @@
-                         dbus_gid_t     gid,
-                         DBusError     *error)
- {
-+  int priv = FALSE;
-+  
-+#ifdef HAVE_LIBAUDIT
-+  /* have a tmp set of caps that we use to transition to the usr/grp dbus should
-+   * run as ... doesn't really help. But keeps people happy.
-+   */
-+  cap_t new_caps = NULL;
-+
-+  priv = !getuid();
-+  if (priv)
-+    {
-+      cap_value_t new_cap_list[] = { CAP_AUDIT_WRITE };
-+      cap_value_t tmp_cap_list[] = { CAP_AUDIT_WRITE, CAP_SETUID, CAP_SETGID };
-+      cap_t tmp_caps = cap_init();
-+      
-+      if (!tmp_caps || !(new_caps = cap_init()))
-+        {
-+          dbus_set_error (error, DBUS_ERROR_FAILED,
-+                          "Failed to initialize drop of capabilities\n");
-+          if (tmp_caps)
-+            cap_free(tmp_caps);
-+          return FALSE;
-+        }
-+
-+      /* assume these work... */
-+      cap_set_flag(new_caps, CAP_PERMITTED, 1, new_cap_list, CAP_SET);
-+      cap_set_flag(new_caps, CAP_EFFECTIVE, 1, new_cap_list, CAP_SET);
-+      cap_set_flag(tmp_caps, CAP_PERMITTED, 3, tmp_cap_list, CAP_SET);
-+      cap_set_flag(tmp_caps, CAP_EFFECTIVE, 3, tmp_cap_list, CAP_SET);
-+      
-+      if (prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0) == -1)
-+        {
-+          dbus_set_error (error, _dbus_error_from_errno (errno),
-+                          "Failed to set keep-capabilities: %s\n",
-+                          _dbus_strerror (errno));
-+          cap_free(tmp_caps);
-+          goto fail;
-+        }
-+      if (cap_set_proc(tmp_caps))
-+        {
-+          dbus_set_error (error, DBUS_ERROR_FAILED,
-+                          "Failed to drop capabilities\n");
-+          cap_free(tmp_caps);
-+          goto fail;
-+        }
-+      cap_free(tmp_caps);
-+    }
-+#endif /* HAVE_LIBAUDIT */
-+
-   /* setgroups() only works if we are a privileged process,
-    * so we don't return error on failure; the only possible
-    * failure is that we don't have perms to do it.
-@@ -265,7 +319,7 @@
-       dbus_set_error (error, _dbus_error_from_errno (errno),
-                       "Failed to set GID to %lu: %s", gid,
-                       _dbus_strerror (errno));
--      return FALSE;
-+      goto fail;
-     }
-   
-   if (setuid (uid) < 0)
-@@ -273,10 +327,42 @@
-       dbus_set_error (error, _dbus_error_from_errno (errno),
-                       "Failed to set UID to %lu: %s", uid,
-                       _dbus_strerror (errno));
--      return FALSE;
-+      goto fail;
-     }
-   
--  return TRUE;
-+#ifdef HAVE_LIBAUDIT
-+    if (priv)
-+      {
-+        if (cap_set_proc(new_caps))
-+          {
-+            dbus_set_error (error, DBUS_ERROR_FAILED,
-+                            "Failed to drop capabilities\n");
-+            goto fail;
-+          }
-+        cap_free(new_caps);
-+        
-+        if (prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == -1)
-+          { /* should always work, if it did above */
-+            dbus_set_error (error, _dbus_error_from_errno (errno),
-+                            "Failed to unset keep-capabilities: %s\n",
-+                            _dbus_strerror (errno));
-+            return FALSE;
-+          }
-+      }
-+#endif
-+
-+ return TRUE;
-+
-+ fail:
-+#ifdef HAVE_LIBAUDIT
-+  if (priv)
-+    {
-+      /* should always work, if it did above */
-+      prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0);
-+      cap_free(new_caps);
-+    }
-+#endif
-+  return FALSE;
- }
- 
- /** Installs a UNIX signal handler
diff --git a/dbus-0.92-audit-system.patch b/dbus-0.92-audit-system.patch
deleted file mode 100644
index c5406d5..0000000
--- a/dbus-0.92-audit-system.patch
+++ /dev/null
@@ -1,37 +0,0 @@
---- dbus-0.92/bus/selinux.c.audit_system	2006-09-07 13:13:21.000000000 -0400
-+++ dbus-0.92/bus/selinux.c	2006-09-07 13:39:46.000000000 -0400
-@@ -126,6 +126,7 @@
-   va_list ap;
-   va_start(ap, fmt);
- #ifdef HAVE_LIBAUDIT
-+  if (audit_fd >= 0)
-   {
-      char buf[PATH_MAX*2];
- 
-@@ -133,10 +134,10 @@
-      vsnprintf(buf, sizeof(buf), fmt, ap);
-      audit_log_user_avc_message(audit_fd, AUDIT_USER_AVC, buf, NULL, NULL,
-                                 NULL, getuid());
-+     return;
-   }
--#else
--  vsyslog (LOG_INFO, fmt, ap);
- #endif /* HAVE_LIBAUDIT */
-+  vsyslog (LOG_INFO, fmt, ap);
-   va_end(ap);
- }
- 
-@@ -960,9 +961,12 @@
-     {
-       sidput (bus_sid);
-       bus_sid = SECSID_WILD;
--      
-+
- #ifdef DBUS_ENABLE_VERBOSE_MODE
-+ 
-+      if (_dbus_is_verbose()) 
-       bus_avc_print_stats ();
-+ 
- #endif /* DBUS_ENABLE_VERBOSE_MODE */
- 
-       avc_destroy ();
diff --git a/dbus-1.0.2-selinux.patch b/dbus-1.0.2-selinux.patch
deleted file mode 100644
index cdf2c25..0000000
--- a/dbus-1.0.2-selinux.patch
+++ /dev/null
@@ -1,26 +0,0 @@
---- dbus-1.0.2/bus/bus.c.audit_session	2006-12-11 14:21:23.000000000 -0500
-+++ dbus-1.0.2/bus/bus.c	2007-03-30 11:53:46.000000000 -0400
-@@ -746,11 +746,6 @@
-       _dbus_string_free (&pid);
-     }
- 
--  if (!bus_selinux_full_init ())
--    {
--      _dbus_warn ("SELinux initialization failed\n");
--    }
--
-   if (!process_config_postinit (context, parser, error))
-     {
-       _DBUS_ASSERT_ERROR_IS_SET (error);
-@@ -775,6 +770,11 @@
- 	}
-     }
-   
-+  if (!bus_selinux_full_init ())
-+    {
-+      _dbus_warn ("SELinux initialization failed\n");
-+    }
-+
-   dbus_server_free_data_slot (&server_data_slot);
-   
-   return context;