libselinux/libselinux-rhat.patch

diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/setrans.h libselinux-1.30.3/include/selinux/setrans.h
--- nsalibselinux/include/selinux/setrans.h	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.30.3/include/selinux/setrans.h	2006-05-03 09:25:00.000000000 -0400
@@ -0,0 +1,32 @@
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+
+#ifndef _SETRANS_H
+#define _SETRANS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* This must be called once, prior to calling any other 
+   translation function.
+   Returns nonzero if translations cannot be performed, 
+   or 0 otherwise. */
+int init_context_translations(void);
+
+/* Perform context translation.
+   Caller must free the resulting context.
+   Returns nonzero if error or 0 otherwise. */
+int translate_context(const char *, char **);
+int untranslate_context(const char *, char **);
+
+#ifdef __cplusplus
+}
+#endif
+
+#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
+
+#define SETRANS_INIT		1
+#define RAW_TO_TRANS_CONTEXT		2
+#define TRANS_TO_RAW_CONTEXT		3
+
+#endif /* _SETRANS_H */
diff --exclude-from=exclude -N -u -r nsalibselinux/src/canonicalize_context.c libselinux-1.30.3/src/canonicalize_context.c
--- nsalibselinux/src/canonicalize_context.c	2005-11-08 09:34:17.000000000 -0500
+++ libselinux-1.30.3/src/canonicalize_context.c	2006-05-03 11:00:33.000000000 -0400
@@ -5,7 +5,6 @@
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
@@ -23,7 +22,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -64,22 +63,16 @@
 	security_context_t rcon = con;
 	security_context_t rcanoncon;
 
-	if (context_translations && trans_to_raw_context(con, &rcon))
+
+	if (selinux_trans_to_raw_context(con, &rcon))
 		return -1;
 
  	ret = security_canonicalize_context_raw(rcon, &rcanoncon);
 
-	if (context_translations) {
-		freecon(rcon);
-		if (!ret) {
-			if (raw_to_trans_context(rcanoncon, canoncon)) {
-				*canoncon = NULL;
-				ret = -1;
-			}
-			freecon(rcanoncon);
-		}
-	} else if (!ret) {
-		*canoncon = rcanoncon;
+	freecon(rcon);
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
+		freecon(rcanoncon);
 	}
 
 	return ret;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/check_context.c libselinux-1.30.3/src/check_context.c
--- nsalibselinux/src/check_context.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/check_context.c	2006-05-03 10:59:57.000000000 -0400
@@ -32,13 +32,12 @@
 	int ret;
 	security_context_t rcon = con;
 
-	if (context_translations && trans_to_raw_context(con, &rcon))
+	if (selinux_trans_to_raw_context(con, &rcon))
 		return -1;
 
  	ret = security_check_context_raw(rcon);
 
-	if (context_translations)
-		freecon(rcon);
+	freecon(rcon);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1.30.3/src/compute_av.c
--- nsalibselinux/src/compute_av.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/compute_av.c	2006-05-03 11:00:48.000000000 -0400
@@ -5,7 +5,6 @@
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
@@ -26,7 +25,7 @@
 	if (fd < 0) 
 		return -1;
 
-	len = PAGE_SIZE;
+	len = selinux_page_size;
 	buf = malloc(len);
 	if (!buf) {
 		ret = -1;
@@ -70,21 +69,17 @@
 	security_context_t rscon = scon;
 	security_context_t rtcon = tcon;
 
-	if (context_translations) {
-		if (trans_to_raw_context(scon, &rscon))
-			return -1;
-		if (trans_to_raw_context(tcon, &rtcon)) {
-			freecon(rscon);
-			return -1;
-		}
+	if (selinux_trans_to_raw_context(scon, &rscon))
+		return -1;
+	if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+		freecon(rscon);
+		return -1;
 	}
 
  	ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
 
-	if (context_translations) {
-		freecon(rscon);
-		freecon(rtcon);
-	}
+	freecon(rscon);
+	freecon(rtcon);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselinux-1.30.3/src/compute_create.c
--- nsalibselinux/src/compute_create.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/compute_create.c	2006-05-03 11:04:26.000000000 -0400
@@ -5,7 +5,6 @@
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
@@ -25,7 +24,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -66,29 +65,21 @@
 	security_context_t rtcon = tcon;
 	security_context_t rnewcon;
 
-	if (context_translations) {
-		if (trans_to_raw_context(scon, &rscon))
-			return -1;
-		if (trans_to_raw_context(tcon, &rtcon)) {
-			freecon(rscon);
-			return -1;
-		}
+	if (selinux_trans_to_raw_context(scon, &rscon))
+		return -1;
+	if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+		freecon(rscon);
+		return -1;
 	}
 
  	ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon);
 
-	if (context_translations) {
-		freecon(rscon);
-		freecon(rtcon);
-		if (!ret) {
-			if (raw_to_trans_context(rnewcon, newcon)) {
-				*newcon = NULL;
-				ret = -1;
-			}
-			freecon(rnewcon);
-		}
-	} else if (!ret)
-		*newcon = rnewcon;
+	freecon(rscon);
+	freecon(rtcon);
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rnewcon, newcon);
+		freecon(rnewcon);
+	}
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselinux-1.30.3/src/compute_member.c
--- nsalibselinux/src/compute_member.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/compute_member.c	2006-05-03 11:01:44.000000000 -0400
@@ -5,7 +5,6 @@
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
@@ -25,7 +24,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -66,29 +65,24 @@
 	security_context_t rtcon = tcon;
 	security_context_t rnewcon;
 
-	if (context_translations) {
-		if (trans_to_raw_context(scon, &rscon))
-			return -1;
-		if (trans_to_raw_context(tcon, &rtcon)) {
-			freecon(rscon);
-			return -1;
-		}
+	if (selinux_trans_to_raw_context(scon, &rscon))
+		return -1;
+	if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+		freecon(rscon);
+		return -1;
 	}
 
  	ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
 
-	if (context_translations) {
-		freecon(rscon);
-		freecon(rtcon);
-		if (!ret) {
-			if (raw_to_trans_context(rnewcon, newcon)) {
-				*newcon = NULL;
-				ret = -1;
-			}
-			freecon(rnewcon);
+	freecon(rscon);
+	freecon(rtcon);
+	if (!ret) {
+		if (selinux_raw_to_trans_context(rnewcon, newcon)) {
+			*newcon = NULL;
+			ret = -1;
 		}
-	} else if (!ret)
-		*newcon = rnewcon;
+		freecon(rnewcon);
+	}
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.30.3/src/compute_relabel.c
--- nsalibselinux/src/compute_relabel.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/compute_relabel.c	2006-05-03 11:04:30.000000000 -0400
@@ -5,7 +5,6 @@
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
@@ -25,7 +24,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -66,29 +65,21 @@
 	security_context_t rtcon = tcon;
 	security_context_t rnewcon;
 
-	if (context_translations) {
-		if (trans_to_raw_context(scon, &rscon))
-			return -1;
-		if (trans_to_raw_context(tcon, &rtcon)) {
-			freecon(rscon);
-			return -1;
-		}
+	if (selinux_trans_to_raw_context(scon, &rscon))
+		return -1;
+	if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+		freecon(rscon);
+		return -1;
 	}
 
  	ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon);
 
-	if (context_translations) {
-		freecon(rscon);
-		freecon(rtcon);
-		if (!ret) {
-			if (raw_to_trans_context(rnewcon, newcon)) {
-				*newcon = NULL;
-				ret = -1;
-			}
-			freecon(rnewcon);
-		}
-	} else if (!ret)
-		*newcon = rnewcon;
+	freecon(rscon);
+	freecon(rtcon);
+	if (!ret) {
+		ret=selinux_raw_to_trans_context(rnewcon, newcon);
+		freecon(rnewcon);
+	}
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.30.3/src/compute_user.c
--- nsalibselinux/src/compute_user.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/compute_user.c	2006-05-03 11:02:16.000000000 -0400
@@ -5,7 +5,6 @@
 #include <stdio.h>
 #include <errno.h>
 #include <string.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 #include <limits.h>
@@ -26,7 +25,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -82,24 +81,22 @@
 	int ret;
 	security_context_t rscon = scon;
 
-	if (context_translations && trans_to_raw_context(scon, &rscon))
+	if (selinux_trans_to_raw_context(scon, &rscon))
 		return -1;
 
  	ret = security_compute_user_raw(rscon, user, con);
 
-	if (context_translations) {
-		freecon(rscon);
-		if (!ret) {
-			security_context_t *ptr, tmpcon;
-			for (ptr = *con; *ptr; ptr++) {
-				if (raw_to_trans_context(*ptr, &tmpcon)) {
-					freeconary(*con);
-					*con = NULL;
-					return -1;
-				}
-				freecon(*ptr);
-				*ptr = tmpcon;
+	freecon(rscon);
+	if (!ret) {
+		security_context_t *ptr, tmpcon;
+		for (ptr = *con; *ptr; ptr++) {
+			if (selinux_raw_to_trans_context(*ptr, &tmpcon)) {
+				freeconary(*con);
+				*con = NULL;
+				return -1;
 			}
+			freecon(*ptr);
+			*ptr = tmpcon;
 		}
 	}
 
diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.30.3/src/enabled.c
--- nsalibselinux/src/enabled.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/enabled.c	2006-05-02 14:48:35.000000000 -0400
@@ -5,7 +5,6 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <limits.h>
-#include <asm/page.h>
 #include <stdio.h>
 #include "policy.h"
 
@@ -22,7 +21,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		enabled = -1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.3/src/fgetfilecon.c
--- nsalibselinux/src/fgetfilecon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/fgetfilecon.c	2006-05-03 10:55:46.000000000 -0400
@@ -52,14 +52,10 @@
 
  	ret = fgetfilecon_raw(fd, &rcontext);
 
-	if (context_translations && ret > 0) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (ret > 0) {
+		ret=selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (ret > 0)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/fsetfilecon.c libselinux-1.30.3/src/fsetfilecon.c
--- nsalibselinux/src/fsetfilecon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/fsetfilecon.c	2006-05-03 11:02:20.000000000 -0400
@@ -18,13 +18,12 @@
 	int ret;
 	security_context_t rcontext = context;
 
-	if (context_translations && trans_to_raw_context(context, &rcontext))
+	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
 
  	ret = fsetfilecon_raw(fd, rcontext);
 
-	if (context_translations)
-		freecon(rcontext);
+	freecon(rcontext);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.30.3/src/getcon.c
--- nsalibselinux/src/getcon.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/getcon.c	2006-05-03 11:02:25.000000000 -0400
@@ -4,7 +4,6 @@
 #include "selinux_internal.h"
 #include <stdlib.h>
 #include <errno.h>
-#include <asm/page.h>
 #include "policy.h"
 
 int getcon_raw(security_context_t *context)
@@ -18,7 +17,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -51,14 +50,13 @@
 
  	ret = getcon_raw(&rcontext);
 
-	if (context_translations && !ret) {
-		if (raw_to_trans_context(rcontext, context)) {
+	if (!ret) {
+		if (selinux_raw_to_trans_context(rcontext, context)) {
 			*context = NULL;
 			ret = -1;
 		}
 		freecon(rcontext);
-	} else if (!ret)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.30.3/src/getexeccon.c
--- nsalibselinux/src/getexeccon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getexeccon.c	2006-05-03 11:04:35.000000000 -0400
@@ -3,7 +3,6 @@
 #include <string.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 
@@ -18,7 +17,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -56,14 +55,10 @@
 
  	ret = getexeccon_raw(&rcontext);
 
-	if (context_translations && !ret) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (!ret)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.3/src/getfilecon.c
--- nsalibselinux/src/getfilecon.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/getfilecon.c	2006-05-03 10:54:32.000000000 -0400
@@ -52,14 +52,10 @@
 
  	ret = getfilecon_raw(path, &rcontext);
 
-	if (context_translations && ret > 0) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (ret > 0) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (ret > 0)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.30.3/src/getfscreatecon.c
--- nsalibselinux/src/getfscreatecon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getfscreatecon.c	2006-05-03 11:04:45.000000000 -0400
@@ -3,7 +3,6 @@
 #include <string.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 
@@ -18,7 +17,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -56,14 +55,10 @@
 
  	ret = getfscreatecon_raw(&rcontext);
 
-	if (context_translations && !ret) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (!ret)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.30.3/src/getpeercon.c
--- nsalibselinux/src/getpeercon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getpeercon.c	2006-05-03 11:03:09.000000000 -0400
@@ -51,14 +51,10 @@
 
  	ret = getpeercon_raw(fd, &rcontext);
 
-	if (context_translations && !ret) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (!ret)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.30.3/src/getpidcon.c
--- nsalibselinux/src/getpidcon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/getpidcon.c	2006-05-03 11:03:33.000000000 -0400
@@ -4,7 +4,6 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <errno.h>
-#include <asm/page.h>
 #include "selinux_internal.h"
 #include "policy.h"
 
@@ -22,7 +21,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -55,14 +54,10 @@
 
  	ret = getpidcon_raw(pid, &rcontext);
 
-	if (context_translations && !ret) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (!ret)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.30.3/src/getprevcon.c
--- nsalibselinux/src/getprevcon.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/getprevcon.c	2006-05-03 11:03:45.000000000 -0400
@@ -4,7 +4,6 @@
 #include "selinux_internal.h"
 #include <stdlib.h>
 #include <errno.h>
-#include <asm/page.h>
 #include "policy.h"
 
 int getprevcon_raw(security_context_t *context)
@@ -18,7 +17,7 @@
 	if (fd < 0)
 		return -1;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
 	buf = malloc(size);
 	if (!buf) {
 		ret = -1;
@@ -51,14 +50,10 @@
 
  	ret = getprevcon_raw(&rcontext);
 
-	if (context_translations && !ret) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (!ret) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (!ret)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/src/init.c
--- nsalibselinux/src/init.c	2005-12-14 14:16:46.000000000 -0500
+++ libselinux-1.30.3/src/init.c	2006-05-03 10:30:57.000000000 -0400
@@ -4,15 +4,16 @@
 #include <stdlib.h>
 #include <errno.h>
 #include <ctype.h>
-#include <asm/page.h>
 #include <stdio.h>
 #include <dlfcn.h>
+#include <unistd.h>
 
 #include "dso.h"
 #include "policy.h"
 #include "selinux_internal.h"
 
 char *selinux_mnt = NULL;
+int selinux_page_size=0;
 
 static void init_selinuxmnt(void)
 {
@@ -27,11 +28,12 @@
 	if (!fp)
 		return;
 
-	size = PAGE_SIZE;
+	size = selinux_page_size;
+
 	buf = malloc(size);
 	if (!buf)
 		goto out;
-		
+
 	memset(buf, 0, size);
 
 	while(( bufp = fgets_unlocked(buf, size, fp)))
@@ -75,65 +77,15 @@
 }
 hidden_def(set_selinuxmnt)
  
-int context_translations hidden;
-void *translation_lib_handle hidden;
-
-/* from libsetrans.c */
-extern int hidden (*lib_trans_to_raw_context)(char *trans, char **rawp);
-extern int hidden (*lib_raw_to_trans_context)(char *raw, char **transp);
-
-
 static void init_translations(void)
 {
-#ifdef SHARED
-	int (*lib_trans_init)(void) = NULL;
-
-	translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
-	if (!translation_lib_handle)
-		return;
-
-	dlerror();
-
-	lib_trans_init = dlsym(translation_lib_handle,
-	                       "init_context_translations");
-	if (dlerror() || lib_trans_init())
-		return;
-
-	lib_raw_to_trans_context = dlsym(translation_lib_handle,
-	                                 "translate_context");
-	if (dlerror())
-		return;
-
-	lib_trans_to_raw_context = dlsym(translation_lib_handle,
-	                                 "untranslate_context");
-	if (dlerror())
-		return;
-
-	context_translations = 1;
-#endif
-}
-
-static void fini_translations(void)
-{
-#ifdef SHARED
-	context_translations = 0;
-	if (translation_lib_handle) {
-		int (*lib_trans_finish)(void) = NULL;
-
-		lib_trans_finish = dlsym(translation_lib_handle,
-					 "finish_context_translations");
-		if (! dlerror()) 
-			lib_trans_finish();
-		
-		dlclose(translation_lib_handle);
-		translation_lib_handle = NULL;
-	}
-#endif
+	init_context_translations();
 }
 
 static void init_lib(void) __attribute__ ((constructor));
 static void init_lib(void)
 {
+	selinux_page_size = sysconf(_SC_PAGE_SIZE);
 	init_selinuxmnt();
 	init_translations();
 }
@@ -141,6 +93,5 @@
 static void fini_lib(void) __attribute__ ((destructor));
 static void fini_lib(void)
 {
-	fini_translations();
 	fini_selinuxmnt();
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.3/src/lgetfilecon.c
--- nsalibselinux/src/lgetfilecon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/lgetfilecon.c	2006-05-03 10:55:25.000000000 -0400
@@ -52,14 +52,10 @@
 
  	ret = lgetfilecon_raw(path, &rcontext);
 
-	if (context_translations && ret > 0) {
-		if (raw_to_trans_context(rcontext, context)) {
-			*context = NULL;
-			ret = -1;
-		}
+	if (ret > 0) {
+		ret = selinux_raw_to_trans_context(rcontext, context);
 		freecon(rcontext);
-	} else if (ret > 0)
-		*context = rcontext;
+	} 
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.30.3/src/lsetfilecon.c
--- nsalibselinux/src/lsetfilecon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/lsetfilecon.c	2006-05-03 11:03:50.000000000 -0400
@@ -18,13 +18,12 @@
 	int ret;
 	security_context_t rcontext = context;
 
-	if (context_translations && trans_to_raw_context(context, &rcontext))
+	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
 
  	ret = lsetfilecon_raw(path, rcontext);
 
-	if (context_translations)
-		freecon(rcontext);
+	freecon(rcontext);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.30.3/src/matchmediacon.c
--- nsalibselinux/src/matchmediacon.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/matchmediacon.c	2006-05-03 11:03:54.000000000 -0400
@@ -59,13 +59,10 @@
 		return -1;
 	}
 
-	if (context_translations) {
-		if (raw_to_trans_context(ptr2, con)) {
-			*con = NULL;
-			return -1;
-		}
-	} else
-		*con = strdup(ptr2);
+	if (selinux_raw_to_trans_context(ptr2, con)) {
+		*con = NULL;
+		return -1;
+	}
 
 	return 0;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.3/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c	2006-04-14 07:21:23.000000000 -0400
+++ libselinux-1.30.3/src/matchpathcon.c	2006-05-03 11:04:01.000000000 -0400
@@ -591,19 +591,14 @@
 			if (myflags & MATCHPATHCON_NOTRANS)
 				goto skip_trans;
 
-			if (context_translations) {
-				if (raw_to_trans_context(context, &tmpcon)) {
-					myprintf("%s: line %u has invalid "
-					         "context %s\n",
-					         path, lineno, context);
-					return 0;
-				}
-				free(context);
-				context = tmpcon;
-			} else {
-				if (STRIP_LEVEL(&context, mls_enabled))
-					return -1;
+			if (selinux_raw_to_trans_context(context, &tmpcon)) {
+				myprintf("%s: line %u has invalid "
+					 "context %s\n",
+					 path, lineno, context);
+				return 0;
 			}
+			free(context);
+			context = tmpcon;
 
 skip_trans:
 			if (myflags & MATCHPATHCON_VALIDATE) {
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.3/src/selinux_internal.h
--- nsalibselinux/src/selinux_internal.h	2005-12-01 10:10:32.000000000 -0500
+++ libselinux-1.30.3/src/selinux_internal.h	2006-05-03 10:56:53.000000000 -0400
@@ -65,9 +65,6 @@
 hidden_proto(selinux_translations_path);
 hidden_proto(selinux_getenforcemode);
 
-extern int context_translations hidden;
-extern int hidden trans_to_raw_context(char *trans, char **rawp);
-extern int hidden raw_to_trans_context(char *raw, char **transp);
-
 extern int load_setlocaldefs hidden;
 extern int require_seusers hidden;
+extern int selinux_page_size hidden;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-1.30.3/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i	2006-04-14 07:21:23.000000000 -0400
+++ libselinux-1.30.3/src/selinuxswig.i	2006-05-02 13:08:05.000000000 -0400
@@ -28,9 +28,18 @@
 %typemap(in, numinputs=0) security_context_t *(security_context_t temp) {
 	$1 = &temp;
 }
-%typemap(argout) security_context_t * {
-	$result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1));
+%typemap(argout) security_context_t * (char *temp) {
+	if (*$1)
+		temp = *$1;
+	else
+		temp = "";
+	$result = SWIG_Python_AppendOutput($result, PyString_FromString(temp));
+}
+
+%typemap(in) security_context_t {
+	$1 = (security_context_t)PyString_AsString($input);
 }
+
 %typedef unsigned mode_t;
 
 extern int is_selinux_enabled(void);
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setcon.c libselinux-1.30.3/src/setcon.c
--- nsalibselinux/src/setcon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/setcon.c	2006-05-03 11:04:05.000000000 -0400
@@ -32,13 +32,12 @@
 	int ret;
 	security_context_t rcontext = context;
 
-	if (context_translations && trans_to_raw_context(context, &rcontext))
+	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
 
  	ret = setcon_raw(rcontext);
 
-	if (context_translations)
-		freecon(rcontext);
+	freecon(rcontext);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setexeccon.c libselinux-1.30.3/src/setexeccon.c
--- nsalibselinux/src/setexeccon.c	2005-08-23 13:34:34.000000000 -0400
+++ libselinux-1.30.3/src/setexeccon.c	2006-05-03 11:04:09.000000000 -0400
@@ -28,13 +28,12 @@
 	int ret;
 	security_context_t rcontext = context;
 
-	if (context_translations && trans_to_raw_context(context, &rcontext))
+	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
 
  	ret = setexeccon_raw(rcontext);
 
-	if (context_translations)
-		freecon(rcontext);
+	freecon(rcontext);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.30.3/src/setfilecon.c
--- nsalibselinux/src/setfilecon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/setfilecon.c	2006-05-03 11:04:13.000000000 -0400
@@ -18,13 +18,12 @@
 	int ret;
 	security_context_t rcontext = context;
 
-	if (context_translations && trans_to_raw_context(context, &rcontext))
+	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
 
  	ret = setfilecon_raw(path, rcontext);
 
-	if (context_translations)
-		freecon(rcontext);
+	freecon(rcontext);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfscreatecon.c libselinux-1.30.3/src/setfscreatecon.c
--- nsalibselinux/src/setfscreatecon.c	2005-08-25 11:32:02.000000000 -0400
+++ libselinux-1.30.3/src/setfscreatecon.c	2006-05-03 11:04:17.000000000 -0400
@@ -28,13 +28,12 @@
 	int ret;
 	security_context_t rcontext = context;
 
-	if (context_translations && trans_to_raw_context(context, &rcontext))
+	if (selinux_trans_to_raw_context(context, &rcontext))
 		return -1;
 
  	ret = setfscreatecon_raw(rcontext);
 
-	if (context_translations)
-		freecon(rcontext);
+	freecon(rcontext);
 
 	return ret;
 }
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.3/src/setrans_client.c
--- nsalibselinux/src/setrans_client.c	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.30.3/src/setrans_client.c	2006-05-03 10:56:24.000000000 -0400
@@ -0,0 +1,246 @@
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <netdb.h>
+
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include <selinux/selinux.h>
+#include "selinux/setrans.h"
+#include "dso.h"
+
+
+/*
+ * setransd_open
+ *
+ * This function opens a socket to the setransd.
+ * Returns:  on success, a file descriptor ( >= 0 ) to the socket
+ *           on error, a negative value
+ */
+static int
+setransd_open(void)
+{
+	struct sockaddr_un addr;
+	int fd;
+
+	fd = socket(PF_UNIX, SOCK_STREAM, 0);
+	if (fd < 0)	{
+		return -1;
+	}
+
+	memset(&addr, 0, sizeof(addr));
+	addr.sun_family = AF_UNIX;
+	strcpy(addr.sun_path, SETRANS_UNIX_SOCKET);
+	if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+		close(fd);
+		return -1;
+	}
+
+	return fd;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+send_request(int fd, uint32_t function, const char *data1, const char *data2)
+{
+	struct iovec req_hdr[4];
+	uint32_t data1_size;
+	uint32_t data2_size;
+	struct iovec req_data[2];
+	ssize_t count;
+
+	if (fd < 0)
+		return -1;
+
+	if (!data1)
+		data1 = "";
+	if (!data2)
+		data2 = "";
+
+	data1_size = strlen(data1) + 1;
+	data2_size = strlen(data2) + 1;
+
+	req_hdr[0].iov_base = &function;
+	req_hdr[0].iov_len = sizeof(function);
+	req_hdr[1].iov_base = &data1_size;
+	req_hdr[1].iov_len = sizeof(data1_size);
+	req_hdr[2].iov_base = &data2_size;
+	req_hdr[2].iov_len = sizeof(data2_size);
+
+	while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR));
+	if (count != (sizeof(function) + sizeof(data1_size) +
+	              sizeof(data2_size) )) {
+		return -1;
+	}
+
+	req_data[0].iov_base = (char *)data1;
+	req_data[0].iov_len = data1_size;
+	req_data[1].iov_base = (char *)data2;
+	req_data[1].iov_len = data2_size;
+
+	while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR));
+	if (count < 0 || (uint32_t)count != (data1_size + data2_size)) {
+		return -1;
+	}
+
+	return 0;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+receive_response(int fd, uint32_t function, char **outdata, int32_t *ret_val)
+{
+	struct iovec resp_hdr[3];
+	uint32_t func;
+	uint32_t data_size;
+	char *data;
+	struct iovec resp_data;
+	ssize_t count;
+
+	if (fd < 0)
+		return -1;
+
+	resp_hdr[0].iov_base = &func;
+	resp_hdr[0].iov_len = sizeof(func);
+	resp_hdr[1].iov_base = &data_size;
+	resp_hdr[1].iov_len = sizeof(data_size);
+	resp_hdr[2].iov_base = ret_val;
+	resp_hdr[2].iov_len = sizeof(*ret_val);
+
+	while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR));
+	if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) {
+		return -1;
+	}
+
+	if (func != function || !data_size) {
+		return -1;
+	}
+
+	data = malloc(data_size);
+	if (!data) {
+		return -1; 
+	}
+
+	resp_data.iov_base = data;
+	resp_data.iov_len = data_size;
+
+	while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR));
+	if (count < 0 || (uint32_t)count != data_size || data[data_size - 1] != '\0') {
+		free(data);
+		return -1;
+	}
+
+	*outdata = data;
+	return 0;
+}
+
+static int raw_to_trans_context(char *raw, char **transp) 
+{
+	int ret;
+	int32_t ret_val;
+	int fd;
+
+	*transp = NULL;
+
+	fd = setransd_open();
+	if (fd < 0)
+                return fd;
+
+	ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL);
+	if (ret)
+		goto out;
+
+	ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val);
+	if (ret)
+		goto out;
+
+	ret = ret_val;
+out:
+	close(fd);
+	return ret;
+}
+
+static int trans_to_raw_context(char *trans, char **rawp)
+{
+	int ret;
+	int32_t ret_val;
+	int fd;
+
+	*rawp = NULL;
+
+	fd = setransd_open();
+	if (fd < 0)
+                return fd;
+	ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL);
+	if (ret)
+		goto out;
+
+	ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val);
+	if (ret)
+		goto out;
+
+	ret = ret_val;
+out:
+	close(fd);
+	return ret_val;
+}
+
+
+int
+init_context_translations(void)
+{
+	int ret, fd;
+	int32_t ret_val;
+	char *out = NULL;
+
+	fd = setransd_open();
+	if (fd < 0)
+		return fd;
+
+	ret = send_request(fd, SETRANS_INIT, NULL, NULL);
+	if (ret)
+		goto out;
+
+	ret = receive_response(fd, SETRANS_INIT, &out, &ret_val);
+	free(out);
+	if (!ret)
+		ret = ret_val;
+out:
+	close(fd);
+	return ret;
+}
+
+
+int selinux_trans_to_raw_context(security_context_t trans, 
+				 security_context_t *rawp)
+{
+	if (!trans) {
+		*rawp = NULL;
+		return 0;
+	}
+
+	if (trans_to_raw_context(trans, rawp))
+		*rawp = strdup(trans);
+	return *rawp ? 0 : -1;
+}
+
+int selinux_raw_to_trans_context(security_context_t raw, 
+				 security_context_t *transp)
+{
+	if (!raw) {
+		*transp = NULL;
+		return 0;
+	}
+
+	if (raw_to_trans_context(raw, transp)) 
+		*transp = strdup(raw);
+
+	return *transp ? 0 : -1;
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.3/src/setrans_internal.h
--- nsalibselinux/src/setrans_internal.h	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-1.30.3/src/setrans_internal.h	2006-05-03 09:18:19.000000000 -0400
@@ -0,0 +1,8 @@
+/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */
+
+#define SETRANS_UNIX_SOCKET "/var/.setrans-unix"
+
+#define SETRANS_INIT		1
+#define RAW_TO_TRANS_CONTEXT		2
+#define TRANS_TO_RAW_CONTEXT		3
+
diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.30.3/src/trans.c
--- nsalibselinux/src/trans.c	2005-08-31 12:33:10.000000000 -0400
+++ libselinux-1.30.3/src/trans.c	1969-12-31 19:00:00.000000000 -0500
@@ -1,59 +0,0 @@
-#include "selinux_internal.h"
-#include <string.h>
-
-int (*lib_trans_to_raw_context)(char *trans, char **rawp) hidden;
-int (*lib_raw_to_trans_context)(char *raw, char **transp) hidden;
-
-int hidden trans_to_raw_context(char *trans, char **rawp)
-{
-	*rawp = NULL;
-	if (!trans)
-		return 0;
-
-	if (trans && lib_trans_to_raw_context(trans, rawp))
-		*rawp = strdup(trans);
-
-	return *rawp ? 0 : -1;
-}
-
-int selinux_trans_to_raw_context(security_context_t trans, 
-				 security_context_t *rawp)
-{
-	if (context_translations)
-		return trans_to_raw_context(trans, rawp);
-
-	if (!trans) {
-		*rawp = NULL;
-		return 0;
-	}
-
-	*rawp = strdup(trans);
-	return *rawp ? 0 : -1;
-}
-
-int hidden raw_to_trans_context(char *raw, char **transp) 
-{
-	*transp = NULL;
-	if (!raw)
-		return 0;
-
-	if (raw && lib_raw_to_trans_context(raw, transp))
-		*transp = strdup(raw);
-
-	return *transp ? 0 : -1;
-}
-
-int selinux_raw_to_trans_context(security_context_t raw, 
-				 security_context_t *transp)
-{
-	if (context_translations)
-		return raw_to_trans_context(raw, transp);
-
-	if (!raw) {
-		*transp = NULL;
-		return 0;
-	}
-
-	*transp = strdup(raw);
-	return *transp ? 0 : -1;
-}