re-add Erics patch for filename transitions

Update to upstream
	* Add new class field in role_transition by Harry Ciao.

libsepol-rhat.patch

@@ -1,7 +1,8 @@
-diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.42/include/sepol/policydb/policydb.h
---- libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis	2010-12-21 16:41:58.000000000 -0500
-+++ libsepol-2.0.42/include/sepol/policydb/policydb.h	2011-03-23 14:11:28.432820275 -0400
-@@ -135,6 +135,16 @@ typedef struct role_allow {
+diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
+index 94b8609..7b23a16 100644
+--- a/libsepol/include/sepol/policydb/policydb.h
++++ b/libsepol/include/sepol/policydb/policydb.h
+@@ -136,6 +136,16 @@ typedef struct role_allow {
  	struct role_allow *next;
  } role_allow_t;
  
@@ -18,7 +19,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
  /* Type attributes */
  typedef struct type_datum {
  	symtab_datum_t s;
-@@ -245,6 +255,15 @@ typedef struct role_allow_rule {
+@@ -247,6 +257,15 @@ typedef struct role_allow_rule {
  	struct role_allow_rule *next;
  } role_allow_rule_t;
  
@@ -34,7 +35,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
  typedef struct range_trans_rule {
  	type_set_t stypes;
  	type_set_t ttypes;
-@@ -374,6 +393,9 @@ typedef struct avrule_decl {
+@@ -376,6 +395,9 @@ typedef struct avrule_decl {
  	scope_index_t required;	/* symbols needed to activate this block */
  	scope_index_t declared;	/* symbols declared within this block */
  
@@ -44,7 +45,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
  	/* for additive statements (type attribute, roles, and users) */
  	symtab_t symtab[SYM_NUM];
  
-@@ -484,6 +506,9 @@ typedef struct policydb {
+@@ -486,6 +508,9 @@ typedef struct policydb {
  	/* role transitions */
  	role_trans_t *role_tr;
  
@@ -54,7 +55,7 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
  	/* role allows */
  	role_allow_t *role_allow;
  
-@@ -562,6 +587,8 @@ extern void avrule_destroy(avrule_t * x)
+@@ -564,6 +589,8 @@ extern void avrule_destroy(avrule_t * x);
  extern void avrule_list_destroy(avrule_t * x);
  extern void role_trans_rule_init(role_trans_rule_t * x);
  extern void role_trans_rule_list_destroy(role_trans_rule_t * x);
@@ -63,35 +64,36 @@ diff -up libsepol-2.0.42/include/sepol/policydb/policydb.h.eparis libsepol-2.0.4
  
  extern void role_datum_init(role_datum_t * x);
  extern void role_datum_destroy(role_datum_t * x);
-@@ -630,10 +657,11 @@ extern int policydb_set_target_platform(
- #define POLICYDB_VERSION_POLCAP		22
+@@ -633,10 +660,11 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
  #define POLICYDB_VERSION_PERMISSIVE	23
  #define POLICYDB_VERSION_BOUNDARY	24
-+#define POLICYDB_VERSION_FILENAME_TRANS	25
+ #define POLICYDB_VERSION_ROLETRANS	26
++#define POLICYDB_VERSION_FILENAME_TRANS	27
  
  /* Range of policy versions we understand*/
  #define POLICYDB_VERSION_MIN	POLICYDB_VERSION_BASE
--#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_BOUNDARY
+-#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_ROLETRANS
 +#define POLICYDB_VERSION_MAX	POLICYDB_VERSION_FILENAME_TRANS
  
  /* Module versions and specific changes*/
  #define MOD_POLICYDB_VERSION_BASE		4
-@@ -645,9 +673,10 @@ extern int policydb_set_target_platform(
- #define MOD_POLICYDB_VERSION_PERMISSIVE		8
+@@ -649,9 +677,10 @@ extern int policydb_set_target_platform(policydb_t *p, int platform);
  #define MOD_POLICYDB_VERSION_BOUNDARY		9
  #define MOD_POLICYDB_VERSION_BOUNDARY_ALIAS	10
-+#define MOD_POLICYDB_VERSION_FILENAME_TRANS	11
+ #define MOD_POLICYDB_VERSION_ROLETRANS		12
++#define MOD_POLICYDB_VERSION_FILENAME_TRANS	13
  
  #define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
--#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_BOUNDARY_ALIAS
+-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_ROLETRANS
 +#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_FILENAME_TRANS
  
  #define POLICYDB_CONFIG_MLS    1
  
-diff -up libsepol-2.0.42/src/avrule_block.c.eparis libsepol-2.0.42/src/avrule_block.c
---- libsepol-2.0.42/src/avrule_block.c.eparis	2010-12-21 16:41:58.000000000 -0500
-+++ libsepol-2.0.42/src/avrule_block.c	2011-03-23 12:15:48.241980087 -0400
-@@ -98,6 +98,7 @@ void avrule_decl_destroy(avrule_decl_t *
+diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
+index 8d1f8f6..16c89f3 100644
+--- a/libsepol/src/avrule_block.c
++++ b/libsepol/src/avrule_block.c
+@@ -98,6 +98,7 @@ void avrule_decl_destroy(avrule_decl_t * x)
  	cond_list_destroy(x->cond_list);
  	avrule_list_destroy(x->avrules);
  	role_trans_rule_list_destroy(x->role_tr_rules);
@@ -99,10 +101,11 @@ diff -up libsepol-2.0.42/src/avrule_block.c.eparis libsepol-2.0.42/src/avrule_bl
  	role_allow_rule_list_destroy(x->role_allow_rules);
  	range_trans_rule_list_destroy(x->range_tr_rules);
  	scope_index_destroy(&x->required);
-diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
---- libsepol-2.0.42/src/expand.c.eparis	2010-12-21 16:41:58.000000000 -0500
-+++ libsepol-2.0.42/src/expand.c	2011-03-23 12:15:48.242980223 -0400
-@@ -1231,6 +1231,101 @@ static int copy_role_trans(expand_state_
+diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c
+index 8539f88..b1af365 100644
+--- a/libsepol/src/expand.c
++++ b/libsepol/src/expand.c
+@@ -1237,6 +1237,101 @@ static int copy_role_trans(expand_state_t * state, role_trans_rule_t * rules)
  	return 0;
  }
  
@@ -204,7 +207,7 @@ diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
  static int exp_rangetr_helper(uint32_t stype, uint32_t ttype, uint32_t tclass,
  			      mls_semantic_range_t * trange,
  			      expand_state_t * state)
-@@ -2374,6 +2469,9 @@ static int copy_and_expand_avrule_block(
+@@ -2380,6 +2475,9 @@ static int copy_and_expand_avrule_block(expand_state_t * state)
  			goto cleanup;
  		}
  
@@ -214,10 +217,11 @@ diff -up libsepol-2.0.42/src/expand.c.eparis libsepol-2.0.42/src/expand.c
  		/* expand the range transition rules */
  		if (expand_range_trans(state, decl->range_tr_rules))
  			goto cleanup;
-diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
---- libsepol-2.0.42/src/link.c.eparis	2010-12-21 16:41:58.000000000 -0500
-+++ libsepol-2.0.42/src/link.c	2011-03-23 12:15:48.243980361 -0400
-@@ -1326,6 +1326,50 @@ static int copy_role_allow_list(role_all
+diff --git a/libsepol/src/link.c b/libsepol/src/link.c
+index e33db0f..23dbb1b 100644
+--- a/libsepol/src/link.c
++++ b/libsepol/src/link.c
+@@ -1340,6 +1340,50 @@ static int copy_role_allow_list(role_allow_rule_t * list,
  	return -1;
  }
  
@@ -268,7 +272,7 @@ diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
  static int copy_range_trans_list(range_trans_rule_t * rules,
  				 range_trans_rule_t ** dst,
  				 policy_module_t * mod, link_state_t * state)
-@@ -1568,6 +1612,11 @@ static int copy_avrule_decl(link_state_t
+@@ -1582,6 +1626,11 @@ static int copy_avrule_decl(link_state_t * state, policy_module_t * module,
  		return -1;
  	}
  
@@ -280,10 +284,11 @@ diff -up libsepol-2.0.42/src/link.c.eparis libsepol-2.0.42/src/link.c
  	if (copy_range_trans_list(src_decl->range_tr_rules,
  				  &dest_decl->range_tr_rules, module, state))
  		return -1;
-diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
---- libsepol-2.0.42/src/policydb.c.eparis	2010-12-21 16:41:58.000000000 -0500
-+++ libsepol-2.0.42/src/policydb.c	2011-03-23 12:15:48.244980498 -0400
-@@ -136,6 +136,13 @@ static struct policydb_compat_info polic
+diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
+index bbf3c88..d7be9fc 100644
+--- a/libsepol/src/policydb.c
++++ b/libsepol/src/policydb.c
+@@ -143,6 +143,13 @@ static struct policydb_compat_info policydb_compat[] = {
  	 .ocon_num = OCON_NODE6 + 1,
  	 .target_platform = SEPOL_TARGET_SELINUX,
  	},
@@ -297,7 +302,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  	{
  	 .type = POLICY_BASE,
  	 .version = MOD_POLICYDB_VERSION_BASE,
-@@ -186,6 +193,13 @@ static struct policydb_compat_info polic
+@@ -200,6 +207,13 @@ static struct policydb_compat_info policydb_compat[] = {
  	 .target_platform = SEPOL_TARGET_SELINUX,
  	},
  	{
@@ -311,7 +316,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  	 .type = POLICY_MOD,
  	 .version = MOD_POLICYDB_VERSION_BASE,
  	 .sym_num = SYM_NUM,
-@@ -234,6 +248,13 @@ static struct policydb_compat_info polic
+@@ -255,6 +269,13 @@ static struct policydb_compat_info policydb_compat[] = {
  	 .ocon_num = 0,
  	 .target_platform = SEPOL_TARGET_SELINUX,
  	},
@@ -325,7 +330,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  };
  
  #if 0
-@@ -433,6 +454,33 @@ void role_trans_rule_list_destroy(role_t
+@@ -456,6 +477,33 @@ void role_trans_rule_list_destroy(role_trans_rule_t * x)
  	}
  }
  
@@ -359,7 +364,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  void role_allow_rule_init(role_allow_rule_t * x)
  {
  	memset(x, 0, sizeof(role_allow_rule_t));
-@@ -1112,6 +1160,7 @@ void policydb_destroy(policydb_t * p)
+@@ -1135,6 +1183,7 @@ void policydb_destroy(policydb_t * p)
  	role_allow_t *ra, *lra = NULL;
  	role_trans_t *tr, *ltr = NULL;
  	range_trans_t *rt, *lrt = NULL;
@@ -367,7 +372,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  
  	if (!p)
  		return;
-@@ -1177,6 +1226,14 @@ void policydb_destroy(policydb_t * p)
+@@ -1200,6 +1249,14 @@ void policydb_destroy(policydb_t * p)
  	if (ltr)
  		free(ltr);
  
@@ -382,7 +387,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  	for (ra = p->role_allow; ra; ra = ra->next) {
  		if (lra)
  			free(lra);
-@@ -2168,6 +2225,55 @@ int role_allow_read(role_allow_t ** r, s
+@@ -2201,6 +2258,55 @@ int role_allow_read(role_allow_t ** r, struct policy_file *fp)
  	return 0;
  }
  
@@ -438,7 +443,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  static int ocontext_read_xen(struct policydb_compat_info *info,
  	policydb_t *p, struct policy_file *fp)
  {
-@@ -2971,6 +3077,62 @@ static int role_allow_rule_read(role_all
+@@ -3007,6 +3113,62 @@ static int role_allow_rule_read(role_allow_rule_t ** r, struct policy_file *fp)
  	return 0;
  }
  
@@ -501,7 +506,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  static int range_trans_rule_read(range_trans_rule_t ** r,
  				 struct policy_file *fp)
  {
-@@ -3064,6 +3226,11 @@ static int avrule_decl_read(policydb_t *
+@@ -3100,6 +3262,11 @@ static int avrule_decl_read(policydb_t * p, avrule_decl_t * decl,
  	    role_allow_rule_read(&decl->role_allow_rules, fp) == -1) {
  		return -1;
  	}
@@ -513,7 +518,7 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
  	    range_trans_rule_read(&decl->range_tr_rules, fp) == -1) {
  		return -1;
-@@ -3455,6 +3622,9 @@ int policydb_read(policydb_t * p, struct
+@@ -3491,6 +3658,9 @@ int policydb_read(policydb_t * p, struct policy_file *fp, unsigned verbose)
  			goto bad;
  		if (role_allow_read(&p->role_allow, fp))
  			goto bad;
@@ -523,10 +528,11 @@ diff -up libsepol-2.0.42/src/policydb.c.eparis libsepol-2.0.42/src/policydb.c
  	} else {
  		/* first read the AV rule blocks, then the scope tables */
  		avrule_block_destroy(p->global);
-diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
---- libsepol-2.0.42/src/write.c.eparis	2010-12-21 16:41:58.000000000 -0500
-+++ libsepol-2.0.42/src/write.c	2011-03-23 12:15:48.245980639 -0400
-@@ -510,6 +510,42 @@ static int role_allow_write(role_allow_t
+diff --git a/libsepol/src/write.c b/libsepol/src/write.c
+index f9d59b6..c4f5035 100644
+--- a/libsepol/src/write.c
++++ b/libsepol/src/write.c
+@@ -528,6 +528,42 @@ static int role_allow_write(role_allow_t * r, struct policy_file *fp)
  	return POLICYDB_SUCCESS;
  }
  
@@ -569,7 +575,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
  static int role_set_write(role_set_t * x, struct policy_file *fp)
  {
  	size_t items;
-@@ -1476,6 +1512,47 @@ static int role_allow_rule_write(role_al
+@@ -1496,6 +1532,47 @@ static int role_allow_rule_write(role_allow_rule_t * r, struct policy_file *fp)
  	return POLICYDB_SUCCESS;
  }
  
@@ -617,7 +623,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
  static int range_trans_rule_write(range_trans_rule_t * t,
  				  struct policy_file *fp)
  {
-@@ -1543,6 +1620,11 @@ static int avrule_decl_write(avrule_decl
+@@ -1563,6 +1640,11 @@ static int avrule_decl_write(avrule_decl_t * decl, int num_scope_syms,
  	    role_allow_rule_write(decl->role_allow_rules, fp) == -1) {
  		return POLICYDB_ERROR;
  	}
@@ -629,7 +635,7 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
  	if (p->policyvers >= MOD_POLICYDB_VERSION_RANGETRANS &&
  	    range_trans_rule_write(decl->range_tr_rules, fp) == -1) {
  		return POLICYDB_ERROR;
-@@ -1819,6 +1901,9 @@ int policydb_write(policydb_t * p, struc
+@@ -1839,6 +1921,9 @@ int policydb_write(policydb_t * p, struct policy_file *fp)
  			return POLICYDB_ERROR;
  		if (role_allow_write(p->role_allow, fp))
  			return POLICYDB_ERROR;
@@ -639,6 +645,3 @@ diff -up libsepol-2.0.42/src/write.c.eparis libsepol-2.0.42/src/write.c
  	} else {
  		if (avrule_block_write(p->global, num_syms, p, fp) == -1) {
  			return POLICYDB_ERROR;
-
-
-

libsepol.spec

@@ -1,10 +1,11 @@
 Summary: SELinux binary policy manipulation library 
 Name: libsepol
 Version: 2.0.43
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: LGPLv2+
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsepol-%{version}.tgz
+Patch: libsepol-rhat.patch	
 URL: http://www.selinuxproject.org
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -45,6 +46,7 @@ needed for developing applications that manipulate binary policies.
 
 %prep
 %setup -q
+%patch -p2 -b .rhat
 # sparc64 is an -fPIC arch, so we need to fix it here
 %ifarch sparc64
 sed -i 's/fpic/fPIC/g' src/Makefile
@@ -97,14 +99,12 @@ exit 0
 /%{_lib}/libsepol.so.1
 
 %changelog
+* Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-2
+- re-add Erics patch for filename transitions
+	
 * Tue Apr 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.43-1
-	* Give correct names to mount points in load_policy by Dan Walsh.
-	* Make sure selinux state is reported correctly if selinux is disabled or
-	fails to load by Dan Walsh.
-	* Fix crash if selinux_key_create was never called by Dan Walsh.
-	* Add new file_context.subs_dist for distro specific filecon substitutions
-	by Dan Walsh.
-	* Update man pages for selinux_color_* functions by Richard Haines.
+-Update to upstream
+	* Add new class field in role_transition by Harry Ciao.
 
 * Tue Mar 29 2011 Dan Walsh <dwalsh@redhat.com> 2.0.42-3
 - Apply Eparis Patch
@@ -115,7 +115,6 @@ the number of rules grows to an significant size I will likely choose to
 store these in a hash, both in libsepol and in the kernel.  But as long
 as the number of such rules stays small, this should be good.
 
-
 * Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.0.42-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild