Update to upstream

* Add support for lxc_contexts_path * utils: add service to getdefaultcon * libsemanage: do not set soname needlessly * libsemanage: remove PYTHONLIBDIR and ruby equivalent * boolean name equivalency * getsebool: support boolean name substitution * Add man page for new selinux_boolean_sub function. * expose selinux_boolean_sub * matchpathcon: add -m option to force file type check * utils: avcstat: clear sa_mask set * seusers: Check for strchr failure * booleans: initialize pointer to silence coveriety * stop messages when SELinux disabled * label_file: use PCRE instead of glibc regex functions * label_file: remove all typedefs * label_file: move definitions to include file * label_file: do string to mode_t conversion in a helper function * label_file: move error reporting back into caller * label_file: move stem/spec handling to header * label_file: drop useless ncomp field from label_file data * label_file: move spec_hasMetaChars to header * label_file: fix potential read past buffer in spec_hasMetaChars * label_file: move regex sorting to the header * label_file: add accessors for the pcre extra data * label_file: only run regex files one time * label_file: new process_file function * label_file: break up find_stem_from_spec * label_file: struct reorg * label_file: only run array once when sorting * Ensure that we only close the selinux netlink socket once. * improve the file_contexts.5 manual page
2012-09-14 05:59:45 -04:00 · 2012-09-14 05:59:45 -04:00 · 01a1f705b5
commit 01a1f705b5
parent 4eed7a5379
7 changed files with 735 additions and 1533 deletions
--- a/.gitignore
+++ b/.gitignore
@ -193,3 +193,4 @@ libselinux-2.0.96.tgz
 /libselinux-2.1.9.tgz
 /libselinux-2.1.10.tgz
 /libselinux-2.1.11.tgz
 /libselinux-2.1.12.tgz
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
--- a/libselinux-tlssegneg.patch
+++ b/libselinux-tlssegneg.patch
@ -1,23 +0,0 @@
 --- libselinux-1.30.19/src/Makefile.notls	2006-08-01 14:16:38.000000000 -0400
 +++ libselinux-1.30.19/src/Makefile	2006-08-01 14:37:15.000000000 -0400
@@ -24,6 +24,11 @@
 override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
 RANLIB=ranlib
 +ARCH := $(patsubst i%86,i386,$(shell uname -m))
 +ifneq (,$(filter i386,$(ARCH)))
 +TLSFLAGS += -mno-tls-direct-seg-refs
 +endif
 +
 SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
 all: $(LIBA) $(LIBSO) 
@@ -45,7 +50,7 @@
 	ln -sf $@ $(TARGET) 
 %.o:  %.c policy.h
 -	$(CC) $(CFLAGS) -c -o $@ $<
 +	$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
 %.lo:  %.c policy.h
 	$(CC) $(CFLAGS) -fpic -DSHARED -c -o $@ $<
--- a/libselinux-xaccel.patch
+++ b/libselinux-xaccel.patch
@ -1,236 +0,0 @@
 diff -up libselinux-2.0.77/include/selinux/avc.h.pre.create.cache libselinux-2.0.77/include/selinux/avc.h
 --- libselinux-2.0.77/include/selinux/avc.h.pre.create.cache	2009-01-27 14:47:32.000000000 -0500
 +++ libselinux-2.0.77/include/selinux/avc.h	2009-03-02 14:52:40.859167987 -0500
@@ -353,6 +353,7 @@ int avc_compute_member(security_id_t ssi
 #define AVC_CALLBACK_AUDITALLOW_DISABLE	32
 #define AVC_CALLBACK_AUDITDENY_ENABLE	64
 #define AVC_CALLBACK_AUDITDENY_DISABLE	128
 +#define AVC_CALLBACK_ADD_CREATE		256
 /**
  * avc_add_callback - Register a callback for security events.
 diff -up libselinux-2.0.77/src/avc.c.pre.create.cache libselinux-2.0.77/src/avc.c
 --- libselinux-2.0.77/src/avc.c.pre.create.cache	2009-01-27 14:47:32.000000000 -0500
 +++ libselinux-2.0.77/src/avc.c	2009-03-02 15:57:54.764288907 -0500
@@ -20,6 +20,8 @@ struct avc_entry {
 	security_id_t tsid;
 	security_class_t tclass;
 	struct av_decision avd;
 +	security_id_t	create_sid;
 +	unsigned	create_decided	:1;
 	int used;		/* used recently */
 };
@@ -58,6 +60,11 @@ static struct avc_cache_stats cache_stat
 static struct avc_callback_node *avc_callbacks = NULL;
 static struct sidtab avc_sidtab;
 +/* forward declaration */
 +static int avc_update_cache(uint32_t event, security_id_t ssid,
 +			    security_id_t tsid, security_class_t tclass,
 +			    access_vector_t perms, security_id_t create_sid);
 +
 static inline int avc_hash(security_id_t ssid,
 			   security_id_t tsid, security_class_t tclass)
 {
@@ -340,6 +347,16 @@ static inline struct avc_node *avc_recla
 	return cur;
 }
 +static inline void avc_clear_avc_entry(struct avc_entry *ae)
 +{
 +	ae->ssid = ae->tsid = ae->create_sid = NULL;
 +	ae->tclass = 0;
 +	ae->create_decided = 0;
 +	ae->avd.allowed = ae->avd.decided = 0;
 +	ae->avd.auditallow = ae->avd.auditdeny = 0;
 +	ae->used = 0;
 +}
 +
 static inline struct avc_node *avc_claim_node(security_id_t ssid,
 					      security_id_t tsid,
 					      security_class_t tclass)
@@ -361,6 +378,7 @@ static inline struct avc_node *avc_claim
 	}
 	hvalue = avc_hash(ssid, tsid, tclass);
 +	avc_clear_avc_entry(&new->ae);
 	new->ae.used = 1;
 	new->ae.ssid = ssid;
 	new->ae.tsid = tsid;
@@ -498,8 +516,8 @@ static int avc_insert(security_id_t ssid
  * avc_remove - Remove AVC and sidtab entries for SID.
  * @sid: security identifier to be removed
  *
 - * Remove all AVC entries containing @sid as source
 - * or target, and remove @sid from the SID table.
 + * Remove all AVC entries containing @sid as source, target, or
 + * create_sid, and remove @sid from the SID table.
  * Free the memory allocated for the structure corresponding
  * to @sid.  After this function has been called, @sid must
  * not be used until another call to avc_context_to_sid() has
@@ -514,19 +532,15 @@ static void avc_remove(security_id_t sid
 		cur = avc_cache.slots[i];
 		prev = NULL;
 		while (cur) {
 -			if (sid == cur->ae.ssid || sid == cur->ae.tsid) {
 +			if (sid == cur->ae.ssid || sid == cur->ae.tsid ||
 +			    (cur->ae.create_decided && sid == cur->ae.create_sid)) {
 				if (prev)
 					prev->next = cur->next;
 				else
 					avc_cache.slots[i] = cur->next;
 				tmp = cur;
 				cur = cur->next;
 -				tmp->ae.ssid = tmp->ae.tsid = NULL;
 -				tmp->ae.tclass = 0;
 -				tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
 -				tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny =
 -				    0;
 -				tmp->ae.used = 0;
 +				avc_clear_avc_entry(&tmp->ae);
 				tmp->next = avc_node_freelist;
 				avc_node_freelist = tmp;
 				avc_cache.active_nodes--;
@@ -570,11 +584,7 @@ int avc_reset(void)
 		while (node) {
 			tmp = node;
 			node = node->next;
 -			tmp->ae.ssid = tmp->ae.tsid = NULL;
 -			tmp->ae.tclass = 0;
 -			tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
 -			tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
 -			tmp->ae.used = 0;
 +			avc_clear_avc_entry(&tmp->ae);
 			tmp->next = avc_node_freelist;
 			avc_node_freelist = tmp;
 			avc_cache.active_nodes--;
@@ -896,24 +906,52 @@ int avc_compute_create(security_id_t ssi
 		       security_class_t tclass, security_id_t *newsid)
 {
 	int rc;
 +	struct avc_entry_ref aeref;
 +	security_context_t ctx = NULL;
 +
 	*newsid = NULL;
 +
 +	avc_entry_ref_init(&aeref);
 +retry:
 	avc_get_lock(avc_lock);
 -	if (ssid->refcnt > 0 && tsid->refcnt > 0) {
 -		security_context_t ctx = NULL;
 -		rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
 -						 &ctx);
 -		if (rc)
 -			goto out;
 -		rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
 -		if (!rc)
 -			(*newsid)->refcnt++;
 -		freecon(ctx);
 -	} else {
 +	if (ssid->refcnt <= 0 || tsid->refcnt <= 0) {
 		errno = EINVAL;	/* bad reference count */
 		rc = -1;
 +		goto out;
 +	}
 +
 +	rc = avc_lookup(ssid, tsid, tclass, 0, &aeref);
 +	if (!rc) {
 +		/* we found something in the avc */
 +		if (aeref.ae->create_decided) {
 +			*newsid = aeref.ae->create_sid;
 +			goto out;
 +		} else {
 +			goto compute;
 +		}
 	}
 +	/* there is nothing in the avd for this tuple, so, lets get something */
 +	avc_release_lock(avc_lock);
 +	avc_has_perm_noaudit(ssid, tsid, tclass, 0, &aeref, NULL);
 +	goto retry;
 +
 +compute:
 +	rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
 +					 &ctx);
 +	if (rc)
 +		goto out;
 +	rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
 +	if (rc)
 +		goto out;
 +
 +	avc_update_cache(AVC_CALLBACK_ADD_CREATE, ssid, tsid, tclass, 0,
 +			 *newsid);
 +
 out:
 +	if (*newsid)
 +		(*newsid)->refcnt++;
 	avc_release_lock(avc_lock);
 +	freecon(ctx);
 	return rc;
 }
@@ -978,7 +1016,8 @@ static inline int avc_sidcmp(security_id
 }
 static inline void avc_update_node(uint32_t event, struct avc_node *node,
 -				   access_vector_t perms)
 +				   access_vector_t perms,
 +				   security_id_t create_sid)
 {
 	switch (event) {
 	case AVC_CALLBACK_GRANT:
@@ -1000,12 +1039,16 @@ static inline void avc_update_node(uint3
 	case AVC_CALLBACK_AUDITDENY_DISABLE:
 		node->ae.avd.auditdeny &= ~perms;
 		break;
 +	case AVC_CALLBACK_ADD_CREATE:
 +		node->ae.create_sid = create_sid;
 +		node->ae.create_decided = 1;
 +		break;
 	}
 }
 static int avc_update_cache(uint32_t event, security_id_t ssid,
 			    security_id_t tsid, security_class_t tclass,
 -			    access_vector_t perms)
 +			    access_vector_t perms, security_id_t create_sid)
 {
 	struct avc_node *node;
 	int i;
@@ -1019,7 +1062,7 @@ static int avc_update_cache(uint32_t eve
 				if (avc_sidcmp(ssid, node->ae.ssid) &&
 				    avc_sidcmp(tsid, node->ae.tsid) &&
 				    tclass == node->ae.tclass) {
 -					avc_update_node(event, node, perms);
 +					avc_update_node(event, node, perms, create_sid);
 				}
 			}
 		}
@@ -1027,7 +1070,7 @@ static int avc_update_cache(uint32_t eve
 		/* apply to one node */
 		node = avc_search_node(ssid, tsid, tclass, 0);
 		if (node) {
 -			avc_update_node(event, node, perms);
 +			avc_update_node(event, node, perms, create_sid);
 		}
 	}
@@ -1058,7 +1101,7 @@ static int avc_control(uint32_t event, s
 	 * been invoked to update the cache state.
 	 */
 	if (event != AVC_CALLBACK_TRY_REVOKE)
 -		avc_update_cache(event, ssid, tsid, tclass, perms);
 +		avc_update_cache(event, ssid, tsid, tclass, perms, NULL);
 	for (c = avc_callbacks; c; c = c->next) {
 		if ((c->events & event) &&
@@ -1080,7 +1123,7 @@ static int avc_control(uint32_t event, s
 	if (event == AVC_CALLBACK_TRY_REVOKE) {
 		/* revoke any unretained permissions */
 		perms &= ~tretained;
 -		avc_update_cache(event, ssid, tsid, tclass, perms);
 +		avc_update_cache(event, ssid, tsid, tclass, perms, NULL);
 		*out_retained = tretained;
 	}
--- a/libselinux.spec
+++ b/libselinux.spec
@ -2,13 +2,13 @@
 %define ruby_inc %(pkg-config --cflags ruby-1.9)
 %define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
-%define libsepolver 2.1.5-1
+%define libsepolver 2.1.8-1
 %{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
 Summary: SELinux library and simple utilities
 Name: libselinux
-Version: 2.1.11
+Version: 2.1.12
-Release: 4%{?dist}
+Release: 1%{?dist}
 License: Public Domain
 Group: System Environment/Libraries
 Source: %{name}-%{version}.tgz
@ -185,6 +185,7 @@ rm -rf %{buildroot}
 %{_libdir}/libselinux.so.*
 /var/run/setrans
 %{_sbindir}/matchpathcon
 %{_sbindir}/sefcontext_compile
 /usr/lib/tmpfiles.d/libselinux.conf
 %files utils
@ -233,6 +234,40 @@ rm -rf %{buildroot}
 %{ruby_sitearch}/selinux.so
 %changelog
 * Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
 - Update to upstream 
 	* Add support for lxc_contexts_path
 	* utils: add service to getdefaultcon
 	* libsemanage: do not set soname needlessly
 	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
 	* boolean name equivalency
 	* getsebool: support boolean name substitution
 	* Add man page for new selinux_boolean_sub function.
 	* expose selinux_boolean_sub
 	* matchpathcon: add -m option to force file type check
 	* utils: avcstat: clear sa_mask set
 	* seusers: Check for strchr failure
 	* booleans: initialize pointer to silence coveriety
 	* stop messages when SELinux disabled
 	* label_file: use PCRE instead of glibc regex functions
 	* label_file: remove all typedefs
 	* label_file: move definitions to include file
 	* label_file: do string to mode_t conversion in a helper function
 	* label_file: move error reporting back into caller
 	* label_file: move stem/spec handling to header
 	* label_file: drop useless ncomp field from label_file data
 	* label_file: move spec_hasMetaChars to header
 	* label_file: fix potential read past buffer in spec_hasMetaChars
 	* label_file: move regex sorting to the header
 	* label_file: add accessors for the pcre extra data
 	* label_file: only run regex files one time
 	* label_file: new process_file function
 	* label_file: break up find_stem_from_spec
 	* label_file: struct reorg
 	* label_file: only run array once when sorting
 	* Ensure that we only close the selinux netlink socket once.
 	* improve the file_contexts.5 manual page
 * Tue Jul 31 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-4
 - Ensure that we only close the selinux netlink socket once.
 - Taken from our Android libselinux tree. From Stephen Smalley
--- a/libselinux_swig_with_raw.patch
+++ b/libselinux_swig_with_raw.patch
@ -1,343 +0,0 @@
 Index: libselinux/src/selinuxswig.i
 ===================================================================
 --- libselinux/src/selinuxswig.i	(revision 2476)
 +++ libselinux/src/selinuxswig.i	(working copy)
@@ -1,7 +1,9 @@
 -/* Author: Dan Walsh
 +/* Authors: Dan Walsh
 + *          James Athey
  *
  * Copyright (C) 2004-2005 Red Hat
 - * 
 + * Copyright (C) 2007 Tresys Technology, LLC
 + *
  *  This library is free software; you can redistribute it and/or
  *  modify it under the terms of the GNU Lesser General Public
  *  License as published by the Free Software Foundation; either
@@ -17,170 +19,47 @@
  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
  */
 -
 %module selinux
 %{
 	#include "selinux/selinux.h"
 -	#include "selinux/get_context_list.h"
 %}
 -%apply int *OUTPUT { int * };
 +%apply int *OUTPUT { int *enforce };
 %apply int *OUTPUT { size_t * };
 -%typemap(in, numinputs=0) security_context_t *(security_context_t temp=NULL) {
 -	$1 = &temp;
 -}
 -%typemap(argout) security_context_t * (char *temp=NULL) {
 -	if (*$1)
 -		temp = *$1;
 -	else
 -		temp = "";
 -	$result = SWIG_Python_AppendOutput($result, PyString_FromString(temp));
 -}
 +%typedef unsigned mode_t;
 -%typemap(in) security_context_t {
 -	$1 = (security_context_t)PyString_AsString($input);
 +%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
 +	$1 = &temp1;
 +	$2 = &temp2;
 }
 -%typedef unsigned mode_t;
 -
 -%include "../include/selinux/get_context_list.h"
 -
 -extern int is_selinux_enabled(void);
 -extern int is_selinux_mls_enabled(void);
 -extern void freecon(security_context_t con);
 -extern void freeconary(security_context_t * con);
 -extern int getcon(security_context_t *con);
 -extern int setcon(security_context_t con);
 -extern int getpidcon(int pid, security_context_t *con);
 -extern int getprevcon(security_context_t *con);
 -extern int getexeccon(security_context_t *con);
 -extern int setexeccon(security_context_t con);
 -extern int getfscreatecon(security_context_t *con);
 -extern int setfscreatecon(security_context_t context);
 -extern int getkeycreatecon(security_context_t *con);
 -extern int setkeycreatecon(security_context_t context);
 -extern int getsockcreatecon(security_context_t *con);
 -extern int setsockcreatecon(security_context_t context);
 -extern int getfilecon(const char *path, security_context_t *con);
 -extern int lgetfilecon(const char *path, security_context_t *con);
 -extern int fgetfilecon(int fd, security_context_t *con);
 -extern int setfilecon(const char *path, security_context_t con);
 -extern int lsetfilecon(const char *path, security_context_t con);
 -extern int fsetfilecon(int fd, security_context_t con);
 -extern int getpeercon(int fd, security_context_t *con);
 -extern int selinux_mkload_policy(int preservebools);
 -extern int selinux_init_load_policy(int *enforce);
 -extern int security_set_boolean_list(size_t boolcnt, 
 -				     SELboolean *boollist, 
 -				     int permanent);
 -extern int security_load_booleans(char *path);
 -extern int security_check_context(security_context_t con);
 -extern int security_canonicalize_context(security_context_t con,
 -					 security_context_t *canoncon);
 -extern int security_getenforce(void);
 -extern int security_setenforce(int value);
 -extern int security_policyvers(void);
 -extern int security_get_boolean_names(char ***names, int *len);
 -extern int security_get_boolean_pending(const char *name);
 -extern int security_get_boolean_active(const char *name);
 -extern int security_set_boolean(const char *name, int value);
 -extern int security_commit_booleans(void);
 -
 -/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
 -#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
 -#define MATCHPATHCON_NOTRANS  2 /* Do not perform any context translation. */
 -extern void set_matchpathcon_flags(unsigned int flags);
 -extern int matchpathcon_init(const char *path);
 -extern int matchpathcon(const char *path,
 -			mode_t mode,
 -			security_context_t *con);
 -
 -extern int matchpathcon_init_prefix(const char *path,
 -				    const char *prefix);
 -extern void matchpathcon_fini(void);
 -
 -
 -extern int matchmediacon(const char *media,
 -		 security_context_t *con);
 -
 -extern int selinux_getenforcemode(int *enforce);
 -extern const char *selinux_policy_root(void);
 -extern const char *selinux_binary_policy_path(void);
 -extern const char *selinux_failsafe_context_path(void);
 -extern const char *selinux_removable_context_path(void);
 -extern const char *selinux_default_context_path(void);
 -extern const char *selinux_user_contexts_path(void);
 -extern const char *selinux_file_context_path(void);
 -extern const char *selinux_file_context_homedir_path(void);
 -extern const char *selinux_file_context_local_path(void);
 -extern const char *selinux_homedir_context_path(void);
 -extern const char *selinux_media_context_path(void);
 -extern const char *selinux_contexts_path(void);
 -extern const char *selinux_securetty_types_path(void);
 -extern const char *selinux_booleans_path(void);
 -extern const char *selinux_customizable_types_path(void);
 -extern const char *selinux_users_path(void);
 -extern const char *selinux_usersconf_path(void);
 -extern const char *selinux_translations_path(void);
 -extern const char *selinux_netfilter_context_path(void);
 -extern const char *selinux_path(void);
 -#extern int selinux_check_passwd_access(access_vector_t requested);
 -#extern int checkPasswdAccess(access_vector_t requested);
 -
 -extern int selinux_check_securetty_context(security_context_t tty_context);
 -void set_selinuxmnt(char *mnt);
 -
 -#ifdef SWIGpython
 -// This tells SWIG to treat char ** as a special case
 -%typemap(in) char ** {
 -  /* Check if is a list */
 -  if (PyList_Check($input)) {
 -    int size = PyList_Size($input);
 -    int i = 0;
 -    $1 = (char **) malloc((size+1)*sizeof(char *));
 -    if ($1 == NULL) {
 -	PyErr_SetString(PyExc_MemoryError,"Out of memory");
 -	return NULL;
 -    }
 -    for (i = 0; i < size; i++) {
 -      PyObject *o = PyList_GetItem($input,i);
 -      if (PyString_Check(o))
 -	$1[i] = PyString_AsString(PyList_GetItem($input,i));
 -      else {
 -	PyErr_SetString(PyExc_TypeError,"list must contain strings");
 -	free($1);
 -	return NULL;
 -      }
 -    }
 -    $1[i] = 0;
 -  } else {
 -    PyErr_SetString(PyExc_TypeError,"not a list");
 -    return NULL;
 -  }
 +%typemap(freearg) (char ***names, int *len) {
 +	int i;
 +	if (*$1) {
 +		for (i = 0; i < *$2; i++) {
 +			free((*$1)[i]);
 +		}
 +		free(*$1);
 +	}
 }
 -#endif
 -extern int rpm_execcon(unsigned int verified, 
 -		       const char *filename, 
 -		       char **, char **);
 -
 -extern int is_context_customizable (security_context_t scontext);
 -
 -extern int selinux_trans_to_raw_context(char *trans, 
 -					security_context_t *rawp);
 -extern int selinux_raw_to_trans_context(char *raw, 
 -					security_context_t *transp);
 -
 -%typemap(in, numinputs=0) char **(char *temp=NULL) {
 +%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) {
 	$1 = &temp;
 }
 -%typemap(argout) char ** {
 -	$result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1));
 +%typemap(freearg) (security_context_t **) {
 +	if (*$1) freeconary(*$1);
 }
 -extern int selinux_getpolicytype(char **enforce);
 -extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
 -int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
 -int selinux_file_context_verify(const char *path, mode_t mode);
 -int selinux_lsetfilecon_default(const char *path);
 +/* Ignore functions that don't make sense when wrapped */
 +%ignore freecon;
 +%ignore freeconary;
 +
 +/* Ignore functions that take a function pointer as an argument */
 +%ignore set_matchpathcon_printf;
 +%ignore set_matchpathcon_invalidcon;
 +%ignore set_matchpathcon_canoncon;
 +
 +%include "../include/selinux/selinux.h"
 +%include "../include/selinux/get_default_type.h"
 +%include "../include/selinux/get_context_list.h"
 Index: libselinux/src/selinuxswig_python.i
 ===================================================================
 --- libselinux/src/selinuxswig_python.i	(revision 0)
 +++ libselinux/src/selinuxswig_python.i	(revision 0)
@@ -0,0 +1,101 @@
 +/* Author: James Athey
 + *
 + * Copyright (C) 2007 Tresys Technology, LLC
 + *
 + *  This library is free software; you can redistribute it and/or
 + *  modify it under the terms of the GNU Lesser General Public
 + *  License as published by the Free Software Foundation; either
 + *  version 2.1 of the License, or (at your option) any later version.
 + *
 + *  This library is distributed in the hope that it will be useful,
 + *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 + *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 + *  Lesser General Public License for more details.
 + *
 + *  You should have received a copy of the GNU Lesser General Public
 + *  License along with this library; if not, write to the Free Software
 + *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 + */
 +
 +%module selinux
 +%{
 +	#include "selinux/selinux.h"
 +%}
 +
 +/* security_get_boolean_names() typemap */
 +%typemap(argout) (char ***names, int *len) {
 +	PyObject* list = PyList_New(*$2);
 +	int i;
 +	for (i = 0; i < *$2; i++) {
 +		PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
 +	}
 +	$result = SWIG_Python_AppendOutput($result, list);
 +}
 +
 +/* Makes security_compute_user() return a Python list of contexts */
 +%typemap(argout) (security_context_t **con) {
 +	PyObject* plist;
 +	int i, len = 0;
 +	
 +	if (*$1) {
 +		while((*$1)[len])
 +			len++;
 +		plist = PyList_New(len);
 +		for (i = 0; i < len; i++) {
 +			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
 +		}
 +	} else {
 +		plist = PyList_New(0);
 +	}
 +
 +	$result = SWIG_Python_AppendOutput($result, plist);
 +}
 +
 +/* Makes functions in get_context_list.h return a Python list of contexts */
 +%typemap(argout) (security_context_t **list) {
 +	PyObject* plist;
 +	int i;
 +	
 +	if (*$1) {
 +		plist = PyList_New(result);
 +		for (i = 0; i < result; i++) {
 +			PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
 +		}
 +	} else {
 +		plist = PyList_New(0);
 +	}
 +	/* Only return the Python list, don't need to return the length anymore */
 +	$result = plist;
 +}
 +
 +%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
 +	$1 = &temp;
 +}
 +%typemap(freearg,match="in") security_context_t * "";
 +%typemap(argout,noblock=1) security_context_t * {
 +	if (*$1) {
 +		%append_output(SWIG_FromCharPtr(*$1));
 +		freecon(*$1);
 +	}
 +	else {
 +		Py_INCREF(Py_None);
 +		%append_output(Py_None);
 +	}
 +}
 +
 +%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
 +	$1 = &temp;
 +}
 +%typemap(freearg,match="in") char ** "";
 +%typemap(argout,noblock=1) char ** {
 +	if (*$1) {
 +		%append_output(SWIG_FromCharPtr(*$1));
 +		free(*$1);
 +	}
 +	else {
 +		Py_INCREF(Py_None);
 +		%append_output(Py_None);
 +	}
 +}
 +
 +%include "selinuxswig.i"
 --- libselinux-2.0.21/src/fsetfilecon.c~	2007-06-11 14:39:07.000000000 -0400
 +++ libselinux-2.0.21/src/fsetfilecon.c	2007-06-19 14:52:40.000000000 -0400
@@ -13,7 +13,7 @@ int fsetfilecon_raw(int fd, security_con
 			 0);
 }
 -hidden_def(setfilecon_raw)
 +hidden_def(fsetfilecon_raw)
 int fsetfilecon(int fd, security_context_t context)
 {
 --- libselinux-2.0.21/src/Makefile~	2007-06-11 14:39:07.000000000 -0400
 +++ libselinux-2.0.21/src/Makefile	2007-06-19 15:49:43.000000000 -0400
@@ -12,7 +12,7 @@ LIBVERSION = 1
 LIBA=libselinux.a 
 TARGET=libselinux.so
 -SWIGIF= selinuxswig.i
 +SWIGIF= selinuxswig_python.i
 SWIGCOUT= selinuxswig_wrap.c
 SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) 
 SWIGSO=_selinux.so
--- a/2
+++ b/2
@ -1 +1 @@
-34ba81b68ddf832a0a4272fe889050dc  libselinux-2.1.11.tgz
+71a3a6ade9be8b31567fa9437e00698d  libselinux-2.1.12.tgz
`@ -1 +1 @@`
	`34ba81b68ddf832a0a4272fe889050dc libselinux-2.1.11.tgz`	`71a3a6ade9be8b31567fa9437e00698d libselinux-2.1.12.tgz`