diff --git a/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch b/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch new file mode 100644 index 0000000..51a1e01 --- /dev/null +++ b/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch @@ -0,0 +1,28 @@ +From 852dfaa124379e84f6363c30c0ef56f00fa4b235 Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Tue, 20 Sep 2011 15:40:28 -0400 +Subject: [PATCH 01/11] Since-we-do-not-ship-neverallow-rules-all-always-fail + +--- + libqpol/src/avrule_query.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c +index 749565b..76dcaa3 100644 +--- a/libqpol/src/avrule_query.c ++++ b/libqpol/src/avrule_query.c +@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type + + if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) { + ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available"); +- errno = ENOTSUP; +- return STATUS_ERR; ++/* errno = ENOTSUP; ++ return STATUS_ERR; */ ++ return STATUS_SUCCESS; + } + + db = &policy->p->p; +-- +1.8.5.3 + diff --git a/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch new file mode 100644 index 0000000..882a127 --- /dev/null +++ b/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch @@ -0,0 +1,34 @@ +From 0332c009bd0581ab9a75a4ea80af92bb2d6b8b1f Mon Sep 17 00:00:00 2001 +From: Dan Walsh +Date: Tue, 20 Sep 2011 15:46:38 -0400 +Subject: [PATCH 02/11] Fix sepol calls to work with latest libsepol + +--- + configure.ac | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 577ce48..2a5b55b 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -521,7 +521,7 @@ else + [AC_LANG_SOURCE([ + #include + int main () { +- return role_set_expand(NULL, NULL, NULL, NULL); ++ return role_set_expand(NULL, NULL, NULL, NULL, NULL); + }])], + sepol_new_user_role_mapping="yes", + sepol_new_user_role_mapping="no") +@@ -578,7 +578,7 @@ if test ${sepol_check_boolmap} = "yes"; then + [AC_LANG_SOURCE([ + #include + int main () { +- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0); ++ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0); + }])], + AC_MSG_RESULT([yes]), + AC_MSG_ERROR([this version of libsepol is incompatible with SETools])) +-- +1.8.5.3 + diff --git a/0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch b/0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch new file mode 100644 index 0000000..e0bc2f3 --- /dev/null +++ b/0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch @@ -0,0 +1,596 @@ +From 295cc6c22440038c1b633602c0f1b38ded57e1a0 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 10:47:32 +0200 +Subject: [PATCH 03/11] mgrepl patch to Fix swig coding style for structures + related to SWIG changes + +--- + libqpol/swig/qpol.i | 132 ++++++++++++++++++++++++++-------------------------- + 1 file changed, 66 insertions(+), 66 deletions(-) + +diff --git a/libqpol/swig/qpol.i b/libqpol/swig/qpol.i +index 45a2403..0f937d1 100644 +--- a/libqpol/swig/qpol.i ++++ b/libqpol/swig/qpol.i +@@ -228,7 +228,7 @@ SWIGEXPORT int Tqpol_Init(Tcl_Interp *interp) { + #define QPOL_MODULE_OTHER 2 + typedef struct qpol_module {} qpol_module_t; + %extend qpol_module_t { +- qpol_module_t(const char *path) { ++ qpol_module(const char *path) { + qpol_module_t *m; + BEGIN_EXCEPTION + if (qpol_module_create_from_file(path, &m)) { +@@ -239,7 +239,7 @@ typedef struct qpol_module {} qpol_module_t; + fail: + return NULL; + }; +- ~qpol_module_t() { ++ ~qpol_module() { + qpol_module_destroy(&self); + }; + const char *get_path() { +@@ -330,7 +330,7 @@ typedef enum qpol_capability + } qpol_capability_e; + + %extend qpol_policy_t { +- qpol_policy_t(const char *path, const int options) { ++ qpol_policy(const char *path, const int options) { + qpol_policy_t *p; + BEGIN_EXCEPTION + if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) { +@@ -341,7 +341,7 @@ typedef enum qpol_capability + fail: + return NULL; + } +- ~qpol_policy_t() { ++ ~qpol_policy() { + qpol_policy_destroy(&self); + }; + void reevaluate_conds() { +@@ -687,14 +687,14 @@ typedef enum qpol_capability + typedef struct qpol_iterator {} qpol_iterator_t; + %extend qpol_iterator_t { + /* user never directly creates, but SWIG expects a constructor */ +- qpol_iterator_t() { ++ qpol_iterator() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_TypeError, "User may not create iterators difectly"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_iterator_t() { ++ ~qpol_iterator() { + qpol_iterator_destroy(&self); + }; + void *get_item() { +@@ -736,7 +736,7 @@ typedef struct qpol_iterator {} qpol_iterator_t; + /* qpol type */ + typedef struct qpol_type {} qpol_type_t; + %extend qpol_type_t { +- qpol_type_t(qpol_policy_t *p, const char *name) { ++ qpol_type(qpol_policy_t *p, const char *name) { + BEGIN_EXCEPTION + const qpol_type_t *t; + if (qpol_policy_get_type_by_name(p, name, &t)) { +@@ -747,7 +747,7 @@ typedef struct qpol_type {} qpol_type_t; + fail: + return NULL; + }; +- ~qpol_type_t() { ++ ~qpol_type() { + /* no op */ + return; + }; +@@ -851,7 +851,7 @@ typedef struct qpol_type {} qpol_type_t; + /* qpol role */ + typedef struct qpol_role {} qpol_role_t; + %extend qpol_role_t { +- qpol_role_t(qpol_policy_t *p, const char *name) { ++ qpol_role(qpol_policy_t *p, const char *name) { + const qpol_role_t *r; + BEGIN_EXCEPTION + if (qpol_policy_get_role_by_name(p, name, &r)) { +@@ -862,7 +862,7 @@ typedef struct qpol_role {} qpol_role_t; + fail: + return NULL; + }; +- ~qpol_role_t() { ++ ~qpol_role() { + /* no op */ + return; + }; +@@ -919,7 +919,7 @@ typedef struct qpol_role {} qpol_role_t; + /* qpol level */ + typedef struct qpol_level {} qpol_level_t; + %extend qpol_level_t { +- qpol_level_t(qpol_policy_t *p, const char *name) { ++ qpol_level(qpol_policy_t *p, const char *name) { + const qpol_level_t *l; + BEGIN_EXCEPTION + if (qpol_policy_get_level_by_name(p, name, &l)) { +@@ -930,7 +930,7 @@ typedef struct qpol_level {} qpol_level_t; + fail: + return NULL; + }; +- ~qpol_level_t() { ++ ~qpol_level() { + /* no op */ + return; + }; +@@ -997,7 +997,7 @@ typedef struct qpol_level {} qpol_level_t; + /* qpol cat */ + typedef struct qpol_cat {} qpol_cat_t; + %extend qpol_cat_t { +- qpol_cat_t(qpol_policy_t *p, const char *name) { ++ qpol_cat(qpol_policy_t *p, const char *name) { + const qpol_cat_t *c; + BEGIN_EXCEPTION + if (qpol_policy_get_cat_by_name(p, name, &c)) { +@@ -1008,7 +1008,7 @@ typedef struct qpol_cat {} qpol_cat_t; + fail: + return NULL; + }; +- ~qpol_cat_t() { ++ ~qpol_cat() { + /* no op */ + return; + }; +@@ -1064,14 +1064,14 @@ typedef struct qpol_cat {} qpol_cat_t; + /* qpol mls range */ + typedef struct qpol_mls_range {} qpol_mls_range_t; + %extend qpol_mls_range_t { +- qpol_mls_range_t() { ++ qpol_mls_range() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects"); + END_EXCEPTION + fail: + return NULL; + } +- ~qpol_mls_range_t() { ++ ~qpol_mls_range() { + /* no op */ + return; + }; +@@ -1105,14 +1105,14 @@ typedef struct qpol_mls_range {} qpol_mls_range_t; + /* qpol mls level */ + typedef struct qpol_mls_level {} qpol_mls_level_t; + %extend qpol_mls_level_t { +- qpol_mls_level_t() { ++ qpol_mls_level() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects"); + END_EXCEPTION + fail: + return NULL; + } +- ~qpol_mls_level_t() { ++ ~qpol_mls_level() { + /* no op */ + return; + }; +@@ -1147,7 +1147,7 @@ typedef struct qpol_mls_level {} qpol_mls_level_t; + /* qpol user */ + typedef struct qpol_user {} qpol_user_t; + %extend qpol_user_t { +- qpol_user_t(qpol_policy_t *p, const char *name) { ++ qpol_user(qpol_policy_t *p, const char *name) { + const qpol_user_t *u; + BEGIN_EXCEPTION + if (qpol_policy_get_user_by_name(p, name, &u)) { +@@ -1158,7 +1158,7 @@ typedef struct qpol_user {} qpol_user_t; + fail: + return NULL; + }; +- ~qpol_user_t() { ++ ~qpol_user() { + /* no op */ + return; + }; +@@ -1223,7 +1223,7 @@ typedef struct qpol_user {} qpol_user_t; + /* qpol bool */ + typedef struct qpol_bool {} qpol_bool_t; + %extend qpol_bool_t { +- qpol_bool_t(qpol_policy_t *p, const char *name) { ++ qpol_bool(qpol_policy_t *p, const char *name) { + qpol_bool_t *b; + BEGIN_EXCEPTION + if (qpol_policy_get_bool_by_name(p, name, &b)) { +@@ -1233,7 +1233,7 @@ typedef struct qpol_bool {} qpol_bool_t; + fail: + return b; + }; +- ~qpol_bool_t() { ++ ~qpol_bool() { + /* no op */ + return; + }; +@@ -1295,14 +1295,14 @@ typedef struct qpol_bool {} qpol_bool_t; + /* qpol context */ + typedef struct qpol_context {} qpol_context_t; + %extend qpol_context_t { +- qpol_context_t() { ++ qpol_context() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_context_t() { ++ ~qpol_context() { + /* no op */ + return; + }; +@@ -1356,7 +1356,7 @@ typedef struct qpol_context {} qpol_context_t; + /* qpol class */ + typedef struct qpol_class {} qpol_class_t; + %extend qpol_class_t { +- qpol_class_t(qpol_policy_t *p, const char *name) { ++ qpol_class(qpol_policy_t *p, const char *name) { + const qpol_class_t *c; + BEGIN_EXCEPTION + if (qpol_policy_get_class_by_name(p, name, &c)) { +@@ -1366,7 +1366,7 @@ typedef struct qpol_class {} qpol_class_t; + fail: + return (qpol_class_t*)c; + }; +- ~qpol_class_t() { ++ ~qpol_class() { + /* no op */ + return; + }; +@@ -1443,7 +1443,7 @@ typedef struct qpol_class {} qpol_class_t; + /* qpol common */ + typedef struct qpol_common {} qpol_common_t; + %extend qpol_common_t { +- qpol_common_t(qpol_policy_t *p, const char *name) { ++ qpol_common(qpol_policy_t *p, const char *name) { + const qpol_common_t *c; + BEGIN_EXCEPTION + if (qpol_policy_get_common_by_name(p, name, &c)) { +@@ -1453,7 +1453,7 @@ typedef struct qpol_common {} qpol_common_t; + fail: + return (qpol_common_t*)c; + }; +- ~qpol_common_t() { ++ ~qpol_common() { + /* no op */ + return; + }; +@@ -1515,7 +1515,7 @@ typedef struct qpol_common {} qpol_common_t; + #define QPOL_FS_USE_PSID 6U + #endif + typedef struct qpol_fs_use {} qpol_fs_use_t; +-%extend qpol_fs_use_t { ++%extend qpol_fs_use { + qpol_fs_use_t(qpol_policy_t *p, const char *name) { + const qpol_fs_use_t *f; + BEGIN_EXCEPTION +@@ -1526,7 +1526,7 @@ typedef struct qpol_fs_use {} qpol_fs_use_t; + fail: + return (qpol_fs_use_t*)f; + }; +- ~qpol_fs_use_t() { ++ ~qpol_fs_use() { + /* no op */ + return; + }; +@@ -1594,7 +1594,7 @@ typedef struct qpol_fs_use {} qpol_fs_use_t; + #endif + typedef struct qpol_genfscon {} qpol_genfscon_t; + %extend qpol_genfscon_t { +- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) { ++ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) { + qpol_genfscon_t *g; + BEGIN_EXCEPTION + if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) { +@@ -1604,7 +1604,7 @@ typedef struct qpol_genfscon {} qpol_genfscon_t; + fail: + return g; + }; +- ~qpol_genfscon_t() { ++ ~qpol_genfscon() { + free(self); + }; + const char *get_name(qpol_policy_t *p) { +@@ -1656,7 +1656,7 @@ typedef struct qpol_genfscon {} qpol_genfscon_t; + + /* qpol isid */ + typedef struct qpol_isid {} qpol_isid_t; +-%extend qpol_isid_t { ++%extend qpol_isid { + qpol_isid_t(qpol_policy_t *p, const char *name) { + const qpol_isid_t *i; + BEGIN_EXCEPTION +@@ -1667,7 +1667,7 @@ typedef struct qpol_isid {} qpol_isid_t; + fail: + return (qpol_isid_t*)i; + }; +- ~qpol_isid_t() { ++ ~qpol_isid() { + /* no op */ + return; + }; +@@ -1701,7 +1701,7 @@ typedef struct qpol_isid {} qpol_isid_t; + /* qpol netifcon */ + typedef struct qpol_netifcon {} qpol_netifcon_t; + %extend qpol_netifcon_t { +- qpol_netifcon_t(qpol_policy_t *p, const char *name) { ++ qpol_netifcon(qpol_policy_t *p, const char *name) { + const qpol_netifcon_t *n; + BEGIN_EXCEPTION + if (qpol_policy_get_netifcon_by_name(p, name, &n)) { +@@ -1711,7 +1711,7 @@ typedef struct qpol_netifcon {} qpol_netifcon_t; + fail: + return (qpol_netifcon_t*)n; + }; +- ~qpol_netifcon_t() { ++ ~qpol_netifcon() { + /* no op */ + return; + }; +@@ -1757,7 +1757,7 @@ typedef struct qpol_netifcon {} qpol_netifcon_t; + #define QPOL_IPV6 1 + typedef struct qpol_nodecon {} qpol_nodecon_t; + %extend qpol_nodecon_t { +- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) { ++ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) { + uint32_t a[4], m[4]; + qpol_nodecon_t *n; + BEGIN_EXCEPTION +@@ -1772,7 +1772,7 @@ typedef struct qpol_nodecon {} qpol_nodecon_t; + fail: + return n; + } +- ~qpol_nodecon_t() { ++ ~qpol_nodecon() { + free(self); + }; + uint32_t *get_addr(qpol_policy_t *p) { +@@ -1830,7 +1830,7 @@ typedef struct qpol_nodecon {} qpol_nodecon_t; + #define IPPROTO_UDP 17 + typedef struct qpol_portcon {} qpol_portcon_t; + %extend qpol_portcon_t { +- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { ++ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) { + const qpol_portcon_t *qp; + BEGIN_EXCEPTION + if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) { +@@ -1840,7 +1840,7 @@ typedef struct qpol_portcon {} qpol_portcon_t; + fail: + return (qpol_portcon_t*)qp; + }; +- ~qpol_portcon_t() { ++ ~qpol_portcon() { + /* no op */ + return; + }; +@@ -1893,7 +1893,7 @@ typedef struct qpol_portcon {} qpol_portcon_t; + + /* qpol constraint */ + typedef struct qpol_constraint {} qpol_constraint_t; +-%extend qpol_constraint_t { ++%extend qpol_constraint { + qpol_constraint_t() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects"); +@@ -1901,7 +1901,7 @@ typedef struct qpol_constraint {} qpol_constraint_t; + fail: + return NULL; + }; +- ~qpol_constraint_t() { ++ ~qpol_constraint() { + free(self); + }; + const qpol_class_t *get_class(qpol_policy_t *p) { +@@ -1945,7 +1945,7 @@ typedef struct qpol_constraint {} qpol_constraint_t; + + /* qpol validatetrans */ + typedef struct qpol_validatetrans {} qpol_validatetrans_t; +-%extend qpol_validatetrans_t { ++%extend qpol_validatetrans { + qpol_validatetrans_t() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects"); +@@ -1953,7 +1953,7 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t; + fail: + return NULL; + }; +- ~qpol_validatetrans_t() { ++ ~qpol_validatetrans() { + free(self); + }; + const qpol_class_t *get_class(qpol_policy_t *p) { +@@ -2011,14 +2011,14 @@ typedef struct qpol_validatetrans {} qpol_validatetrans_t; + #define QPOL_CEXPR_OP_INCOMP 5 + typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t; + %extend qpol_constraint_expr_node_t { +- qpol_constraint_expr_node_t() { ++ qpol_constraint_expr_node() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_constraint_expr_node_t() { ++ ~qpol_constraint_expr_node() { + /* no op */ + return; + }; +@@ -2073,14 +2073,14 @@ typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t; + /* qpol role allow */ + typedef struct qpol_role_allow {} qpol_role_allow_t; + %extend qpol_role_allow_t { +- qpol_role_allow_t() { ++ qpol_role_allow() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_role_allow_t() { ++ ~qpol_role_allow() { + /* no op */ + return; + }; +@@ -2114,14 +2114,14 @@ typedef struct qpol_role_allow {} qpol_role_allow_t; + /* qpol role trans */ + typedef struct qpol_role_trans {} qpol_role_trans_t; + %extend qpol_role_trans_t { +- qpol_role_trans_t() { ++ qpol_role_trans() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_role_trans_t() { ++ ~qpol_role_trans() { + /* no op */ + return; + }; +@@ -2165,14 +2165,14 @@ typedef struct qpol_role_trans {} qpol_role_trans_t; + /* qpol range trans */ + typedef struct qpol_range_trans {} qpol_range_trans_t; + %extend qpol_range_trans_t { +- qpol_range_trans_t() { ++ qpol_range_trans() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_range_trans_t() { ++ ~qpol_range_trans() { + /* no op */ + return; + }; +@@ -2228,14 +2228,14 @@ typedef struct qpol_range_trans {} qpol_range_trans_t; + #define QPOL_RULE_DONTAUDIT 4 + typedef struct qpol_avrule {} qpol_avrule_t; + %extend qpol_avrule_t { +- qpol_avrule_t() { ++ qpol_avrule() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_avrule_t() { ++ ~qpol_avrule() { + /* no op */ + return; + }; +@@ -2348,14 +2348,14 @@ typedef struct qpol_avrule {} qpol_avrule_t; + #define QPOL_RULE_TYPE_MEMBER 32 + typedef struct qpol_terule {} qpol_terule_t; + %extend qpol_terule_t { +- qpol_terule_t() { ++ qpol_terule() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_terule_t() { ++ ~qpol_terule() { + /* no op */ + return; + }; +@@ -2464,14 +2464,14 @@ typedef struct qpol_terule {} qpol_terule_t; + /* qpol conditional */ + typedef struct qpol_cond {} qpol_cond_t; + %extend qpol_cond_t { +- qpol_cond_t() { ++ qpol_cond() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_cond_t() { ++ ~qpol_cond() { + /* no op */ + return; + }; +@@ -2557,14 +2557,14 @@ typedef struct qpol_cond {} qpol_cond_t; + #define QPOL_COND_EXPR_NEQ 7 /* bool != bool */ + typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t; + %extend qpol_cond_expr_node_t { +- qpol_cond_expr_node_t() { ++ qpol_cond_expr_node() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_cond_expr_node_t() { ++ ~qpol_cond_expr_node() { + /* no op */ + return; + }; +@@ -2602,14 +2602,14 @@ typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t; + /* qpol type set */ + typedef struct qpol_type_set {} qpol_type_set_t; + %extend qpol_type_set_t { +- qpol_type_set_t() { ++ qpol_type_set() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_type_set_t() { ++ ~qpol_type_set() { + /* no op */ + return; + }; +@@ -2665,14 +2665,14 @@ typedef struct qpol_type_set {} qpol_type_set_t; + /* qpol syn av rule */ + typedef struct qpol_syn_avrule {} qpol_syn_avrule_t; + %extend qpol_syn_avrule_t { +- qpol_syn_avrule_t() { ++ qpol_syn_avrule() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_syn_avrule_t() { ++ ~qpol_syn_avrule() { + /* no op */ + return; + }; +@@ -2778,14 +2778,14 @@ typedef struct qpol_syn_avrule {} qpol_syn_avrule_t; + /* qpol syn te rule */ + typedef struct qpol_syn_terule {} qpol_syn_terule_t; + %extend qpol_syn_terule_t { +- qpol_syn_terule_t() { ++ qpol_syn_terule() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~qpol_syn_terule_t() { ++ ~qpol_syn_terule() { + /* no op */ + return; + }; +-- +1.8.5.3 + diff --git a/0004-Apply-selinux_current_policy_path-patch.patch b/0004-Apply-selinux_current_policy_path-patch.patch new file mode 100644 index 0000000..14cdbb6 --- /dev/null +++ b/0004-Apply-selinux_current_policy_path-patch.patch @@ -0,0 +1,97 @@ +From 85a12d481d664120865b46cd1c4c325307179471 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 10:53:54 +0200 +Subject: [PATCH 04/11] Apply selinux_current_policy_path patch + +--- + libqpol/src/util.c | 73 ++++-------------------------------------------------- + 1 file changed, 5 insertions(+), 68 deletions(-) + +diff --git a/libqpol/src/util.c b/libqpol/src/util.c +index 7c49876..8f74b2b 100644 +--- a/libqpol/src/util.c ++++ b/libqpol/src/util.c +@@ -84,75 +84,12 @@ static int get_binpol_version(const char *policy_fname) + + static int search_policy_binary_file(char **path) + { +- const char *binary_path; +- if ((binary_path = selinux_binary_policy_path()) == NULL) { +- return -1; +- } +- +- int expected_version = -1, latest_version = -1; +-#ifdef LIBSELINUX +- /* if the system has SELinux enabled, prefer the policy whose +- name matches the current policy version */ +- if ((expected_version = security_policyvers()) < 0) { +- return -1; +- } +-#endif +- +- glob_t glob_buf; +- struct stat fs; +- int rt, error = 0, retval = -1; +- size_t i; +- char *pattern = NULL; +- if (asprintf(&pattern, "%s.*", binary_path) < 0) { +- return -1; +- } +- glob_buf.gl_offs = 1; +- glob_buf.gl_pathc = 0; +- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf); +- if (rt != 0 && rt != GLOB_NOMATCH) { +- errno = EIO; +- return -1; +- } +- +- for (i = 0; i < glob_buf.gl_pathc; i++) { +- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs]; +- if (stat(p, &fs) != 0) { +- error = errno; +- goto cleanup; +- } +- if (S_ISDIR(fs.st_mode)) +- continue; +- +- if ((rt = get_binpol_version(p)) < 0) { +- error = errno; +- goto cleanup; +- } +- +- if (rt > latest_version || rt == expected_version) { +- free(*path); +- if ((*path = strdup(p)) == NULL) { +- error = errno; +- goto cleanup; +- } +- if (rt == expected_version) { +- break; +- } +- latest_version = rt; +- } +- } +- +- if (*path == NULL) { +- retval = 1; +- } else { +- retval = 0; +- } +- cleanup: +- free(pattern); +- globfree(&glob_buf); +- if (retval == -1) { +- errno = error; ++ const char *binary_path = selinux_current_policy_path(); ++ if (binary_path) { ++ *path = strdup(binary_path); ++ if (*path) return 0; + } +- return retval; ++ return -1; + } + + int qpol_default_policy_find(char **path) +-- +1.8.5.3 + diff --git a/0005-Apply-seaudit-patch-for-progress.c.patch b/0005-Apply-seaudit-patch-for-progress.c.patch new file mode 100644 index 0000000..29e5a0c --- /dev/null +++ b/0005-Apply-seaudit-patch-for-progress.c.patch @@ -0,0 +1,24 @@ +From ba8e76cd514e8ce92a48931963e97fe79589a71a Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 11:12:37 +0200 +Subject: [PATCH 05/11] Apply seaudit patch for progress.c + +--- + libqpol/swig/java/Makefile.am | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/libqpol/swig/java/Makefile.am b/libqpol/swig/java/Makefile.am +index a25eacb..533b55a 100644 +--- a/libqpol/swig/java/Makefile.am ++++ b/libqpol/swig/java/Makefile.am +@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \ + qpol_type_t.java \ + qpol_user_t.java \ + qpol_validatetrans_t.java \ +- SWIGTYPE_p_int.java \ + SWIGTYPE_p_unsigned_int.java \ + SWIGTYPE_p_void.java + +-- +1.8.5.3 + diff --git a/0006-Add-support-for-boolean-subs.patch b/0006-Add-support-for-boolean-subs.patch new file mode 100644 index 0000000..a495755 --- /dev/null +++ b/0006-Add-support-for-boolean-subs.patch @@ -0,0 +1,39 @@ +From 61d3d40e791a4ac392930f11785e4057f67a5b09 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 11:14:50 +0200 +Subject: [PATCH 06/11] Add support for boolean subs + +--- + secmds/seinfo.c | 2 +- + secmds/sesearch.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/secmds/seinfo.c b/secmds/seinfo.c +index a970890..54b2a6a 100644 +--- a/secmds/seinfo.c ++++ b/secmds/seinfo.c +@@ -1720,7 +1720,7 @@ int main(int argc, char **argv) + case 'b': /* conditional booleans */ + bools = 1; + if (optarg != 0) +- bool_name = optarg; ++ bool_name = selinux_boolean_sub(optarg); + break; + case OPT_INITIALSID: + isids = 1; +diff --git a/secmds/sesearch.c b/secmds/sesearch.c +index 387d526..e1436a7 100644 +--- a/secmds/sesearch.c ++++ b/secmds/sesearch.c +@@ -1067,7 +1067,7 @@ int main(int argc, char **argv) + printf("Missing boolean for -b (--bool)\n"); + exit(1); + } +- cmd_opts.bool_name = strdup(optarg); ++ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg)); + if (!cmd_opts.bool_name) { + fprintf(stderr, "%s\n", strerror(errno)); + exit(1); +-- +1.8.5.3 + diff --git a/0007-Setools-noship.patch b/0007-Setools-noship.patch new file mode 100644 index 0000000..df93e5f --- /dev/null +++ b/0007-Setools-noship.patch @@ -0,0 +1,276 @@ +From a39d0831d654292fb2a1f7b9ee18ecc9239f610f Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 18:38:34 +0200 +Subject: [PATCH 07/11] Setools noship + +--- + Makefile.am | 26 +++----------------------- + configure.ac | 2 +- + man/Makefile.am | 15 +++------------ + seaudit/Makefile.am | 31 +++---------------------------- + secmds/Makefile.am | 14 +------------- + sediff/Makefile.am | 32 ++------------------------------ + 6 files changed, 13 insertions(+), 107 deletions(-) + +diff --git a/Makefile.am b/Makefile.am +index 176c8ea..4cac386 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -10,7 +10,7 @@ if BUILD_GUI + endif + # sediffx is also built conditionally, from sediffx/Makefile.am + +-SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sechecker sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python ++SUBDIRS = libqpol libapol libsefs libpoldiff libseaudit secmds sediff man packages debian $(MAYBE_APOL) $(MAYBE_GUI) python + + #old indent opts + #INDENT_OPTS = -npro -nbad -bap -sob -ss -l132 -di1 -nbc -br -nbbb -c40 -cd40 -ncdb -ce -cli0 -cp40 -ncs -d0 -nfc1 -nfca -i8 -ts8 -ci8 -lp -ip0 -npcs -npsl -sc +@@ -49,12 +49,6 @@ seaudit: libqpol libapol libseaudit + sediff: libqpol libapol libpoldiff + $(MAKE) -C $(top_srcdir)/sediff sediff + +-sediffx: libqpol libapol libpoldiff +- $(MAKE) -C $(top_srcdir)/sediff sediffx +- +-sechecker: libqpol libapol libsefs +- $(MAKE) -C $(top_srcdir)/sechecker +- + help: + @echo "Make targets for SETools:" + @echo " all: build everything, but do not install" +@@ -65,8 +59,6 @@ help: + @echo " secmds: build command line tools" + @echo " seaudit: build audit log analysis tools" + @echo " sediff: build semantic policy diff command line tool" +- @echo " sediffx: build semantic policy diff graphical tool" +- @echo " sechecker: build policy checking tool" + @echo "" + @echo " install-logwatch: install LogWatch config files for seaudit-report" + @echo " (requires LogWatch and root privileges)" +@@ -78,9 +70,9 @@ install-logwatch: + $(MAKE) -C $(top_srcdir)/seaudit install-logwatch + + .PHONY: libqpol libapol libpoldiff libsefs libseaudit \ +- apol secmds seaudit sediff sediffx sechecker \ ++ apol secmds seaudit sediff \ + install-logwatch help \ +- seinfo sesearch indexcon findcon replcon searchcon \ ++ seinfo sesearch \ + packages + + seinfo: libqpol libapol +@@ -89,18 +81,6 @@ seinfo: libqpol libapol + sesearch: libqpol libapol + $(MAKE) -C $(top_srcdir)/secmds sesearch + +-indexcon: libqpol libapol libsefs +- $(MAKE) -C $(top_srcdir)/secmds indexcon +- +-findcon: libqpol libapol libsefs +- $(MAKE) -C $(top_srcdir)/secmds findcon +- +-replcon: libqpol libapol libsefs +- $(MAKE) -C $(top_srcdir)/secmds replcon +- +-searchcon: libqpol libapol libsefs +- $(MAKE) -C $(top_srcdir)/secmds searchcon +- + packages: + $(MAKE) -C $(top_srcdir)/packages + +diff --git a/configure.ac b/configure.ac +index 2a5b55b..5b1da5e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; then + fi + AC_PROG_CXX + AC_LANG([C]) +-AC_PROG_LIBTOOL ++AC_PROG_RANLIB + AC_PROG_LN_S + AC_PROG_LEX + AC_PROG_YACC +diff --git a/man/Makefile.am b/man/Makefile.am +index 0fafccb..f88e00a 100644 +--- a/man/Makefile.am ++++ b/man/Makefile.am +@@ -1,19 +1,10 @@ + if BUILD_GUI + MAYBEMANS = apol.1 \ +- seaudit.8 seaudit-report.8 \ +- sediffx.1 ++ seaudit.8 + endif + + EXTRA_DIST=$(man_MANS) apol.1 \ +- seaudit.8 seaudit-report.8.in \ +- sediffx.1 ++ seaudit.8 + +-man_MANS = findcon.1 indexcon.1 replcon.1 \ +- sechecker.1 \ +- sediff.1 \ ++man_MANS = sediff.1 \ + seinfo.1 sesearch.1 $(MAYBEMANS) +- +-seaudit-report.8: seaudit-report.8.in Makefile +- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ +- +-CLEANFILES = seaudit-report.8 +diff --git a/seaudit/Makefile.am b/seaudit/Makefile.am +index 1987c99..3fa4413 100644 +--- a/seaudit/Makefile.am ++++ b/seaudit/Makefile.am +@@ -1,5 +1,4 @@ + setoolsdir = @setoolsdir@ +-bin_PROGRAMS = seaudit-report + sbin_PROGRAMS = seaudit + + AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ +@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ + dist_setools_DATA = \ + seaudit.glade \ + seaudit_help.txt \ +- seaudit-report.conf \ +- seaudit-report.css \ + seaudit.png seaudit-small.png + + nodist_setools_DATA = \ +- dot_seaudit \ +- seaudit-report-service ++ dot_seaudit + + seaudit_SOURCES = \ + filter_view.c filter_view.h \ +@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \ + dot_seaudit: dot_seaudit.in Makefile + sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@ + +-seaudit_report_SOURCES = seaudit-report.c +-seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \ +- $(top_builddir)/libapol/src/libapol.so \ +- $(top_builddir)/libqpol/src/libqpol.so +- + logwatch = $(DESTDIR)/etc/logwatch + LOGWATCH_GROUP = $(logwatch)/conf/logfiles + LOGWATCH_SERVICE = $(logwatch)/conf/services + LOGWATCH_FILTER = $(logwatch)/scripts/services + +-dist_noinst_DATA = dot_seaudit.in \ +- seaudit-report-group.conf \ +- seaudit-report-service.conf \ +- seaudit-report-service.in +- +-seaudit-report-service: seaudit-report-service.in Makefile +- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@ +- +-install-logwatch: $(dist_noinst_DATA) seaudit-report-service +- mkdir -p -- $(LOGWATCH_GROUP) +- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP) +- mkdir -p -- $(LOGWATCH_SERVICE) +- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE) +- mkdir -p -- $(LOGWATCH_FILTER) +- install -m 755 seaudit-report-service $(LOGWATCH_FILTER) ++dist_noinst_DATA = dot_seaudit.in + + $(top_builddir)/libapol/src/libapol.so: + $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) +@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so: + $(top_builddir)/libsefs/src/libsefs.so: + $(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@) + +-.PHONY: install-logwatch +- +-CLEANFILES = dot_seaudit seaudit-report-service ++CLEANFILES = dot_seaudit +diff --git a/secmds/Makefile.am b/secmds/Makefile.am +index ddc88b1..7fa4364 100644 +--- a/secmds/Makefile.am ++++ b/secmds/Makefile.am +@@ -1,6 +1,6 @@ + # various setools command line tools + +-bin_PROGRAMS = seinfo sesearch findcon replcon indexcon ++bin_PROGRAMS = seinfo sesearch + + # These are for indexcon so that it is usable on machines without setools + STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3 +@@ -18,18 +18,6 @@ seinfo_SOURCES = seinfo.c + + sesearch_SOURCES = sesearch.c + +-indexcon_SOURCES = indexcon.cc +-indexcon_LDADD = @SELINUX_LIB_FLAG@ $(STATICLIBS) +-indexcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so +- +-findcon_SOURCES = findcon.cc +-findcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) +-findcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so +- +-replcon_SOURCES = replcon.cc +-replcon_LDADD = @SEFS_LIB_FLAG@ $(LDADD) +-replcon_DEPENDENCIES = $(DEPENDENCIES) $(top_builddir)/libsefs/src/libsefs.so +- + $(top_builddir)/libapol/src/libapol.so: + $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@) + +diff --git a/sediff/Makefile.am b/sediff/Makefile.am +index 3f53cd3..2d9ce84 100644 +--- a/sediff/Makefile.am ++++ b/sediff/Makefile.am +@@ -1,13 +1,6 @@ + setoolsdir = @setoolsdir@ + +-dist_setools_DATA = sediff_help.txt sediffx.glade \ +- sediffx.png sediffx-small.png +- +-if BUILD_GUI +- MAYBE_SEDIFFX = sediffx +-endif +- +-bin_PROGRAMS = sediff $(MAYBE_SEDIFFX) ++bin_PROGRAMS = sediff + + AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \ + @QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@ +@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@ + + LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@ + +-sediff_CFLAGS = $(AM_CFLAGS) +-sediffx_CFLAGS = $(AM_CFLAGS) \ +- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@ +- +-# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks +-sediffx_LDFLAGS = $(AM_LDFLAGS) \ +- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \ +- -rdynamic ++sediff_CFLAGS = $(AM_CFLAGS) + + DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ + $(top_builddir)/libapol/src/libapol.so \ +@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \ + + sediff_SOURCES = sediff.c + +-sediffx_SOURCES = \ +- find_dialog.c find_dialog.h \ +- open_policies_dialog.c open_policies_dialog.h \ +- policy_view.c policy_view.h \ +- progress.c progress.h \ +- remap_types_dialog.c remap_types_dialog.h \ +- result_item.c result_item.h \ +- result_item_render.c result_item_render.h \ +- results.c results.h \ +- select_diff_dialog.c select_diff_dialog.h \ +- toplevel.c toplevel.h \ +- utilgui.c utilgui.h \ +- sediffx.c sediffx.h +- + $(top_builddir)/libpoldiff/src/libpoldiff.so: + $(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@) + +-- +1.8.5.3 + diff --git a/0008-Add-alias-support-to-seinfo-t.patch b/0008-Add-alias-support-to-seinfo-t.patch new file mode 100644 index 0000000..32d901a --- /dev/null +++ b/0008-Add-alias-support-to-seinfo-t.patch @@ -0,0 +1,92 @@ +From 1136e61a9839ad3b60eb2da4d624413c02545c7d Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 18:42:27 +0200 +Subject: [PATCH 08/11] Add alias support to seinfo -t + +--- + secmds/seinfo.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 48 insertions(+) + +diff --git a/secmds/seinfo.c b/secmds/seinfo.c +index 54b2a6a..1878c49 100644 +--- a/secmds/seinfo.c ++++ b/secmds/seinfo.c +@@ -46,6 +46,7 @@ + #include + #include + #include ++#include + + #define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC" + +@@ -54,6 +55,7 @@ + + static char *policy_file = NULL; + ++static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb); + static int print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); + static int print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand); + static int print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand); +@@ -514,6 +516,7 @@ static int print_types(FILE * fp, const char *name, int expand, const apol_polic + goto cleanup; + if (print_type_attrs(fp, type_datum, policydb, expand)) + goto cleanup; ++ print_type_aliases(fp, type_datum, policydb); + } else { + if (qpol_policy_get_type_iter(q, &iter)) + goto cleanup; +@@ -1912,6 +1915,51 @@ int main(int argc, char **argv) + } + + /** ++ * Prints the alias of a type. ++ * ++ * @param fp Reference to a file to which to print type information ++ * @param type_datum Reference to sepol type_datum ++ * @param policydb Reference to a policy ++ * attributes ++ */ ++static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb) ++{ ++ qpol_iterator_t *iter = NULL; ++ size_t alias_size; ++ unsigned char isattr, isalias; ++ const char *type_name = NULL; ++ const char *alias_name; ++ qpol_policy_t *q = apol_policy_get_qpol(policydb); ++ ++ if (qpol_type_get_name(q, type_datum, &type_name)) ++ goto cleanup; ++ if (qpol_type_get_isattr(q, type_datum, &isattr)) ++ goto cleanup; ++ if (qpol_type_get_isalias(q, type_datum, &isalias)) ++ goto cleanup; ++ ++ if (isalias) { ++ fprintf(fp, " TypeName %s\n", type_name); ++ } ++ if (qpol_type_get_alias_iter(q, type_datum, &iter)) ++ goto cleanup; ++ if (qpol_iterator_get_size(iter, &alias_size)) ++ goto cleanup; ++ if (alias_size > 0) { ++ fprintf(fp, " Aliases\n"); ++ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) { ++ if (qpol_iterator_get_item(iter, (void **)&alias_name)) ++ goto cleanup; ++ fprintf(fp, " %s\n", alias_name); ++ } ++ } ++ ++ cleanup: ++ qpol_iterator_destroy(&iter); ++ return; ++} ++ ++/** + * Prints a textual representation of a type, and possibly + * all of that type's attributes. + * +-- +1.8.5.3 + diff --git a/0009-Fix-help-message-on-sesearch-D.patch b/0009-Fix-help-message-on-sesearch-D.patch new file mode 100644 index 0000000..e90eba4 --- /dev/null +++ b/0009-Fix-help-message-on-sesearch-D.patch @@ -0,0 +1,258 @@ +From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 18:46:24 +0200 +Subject: [PATCH 09/11] Fix help message on sesearch -D + +--- + man/sesearch.1 | 2 +- + secmds/sesearch.c | 77 +++++++++++++++++-------------------------------------- + 2 files changed, 25 insertions(+), 54 deletions(-) + +diff --git a/man/sesearch.1 b/man/sesearch.1 +index 573aedd..dc119eb 100644 +--- a/man/sesearch.1 ++++ b/man/sesearch.1 +@@ -43,7 +43,7 @@ Search for allow rules. + Search for neverallow rules. + .IP "--auditallow" + Search for auditallow rules. +-.IP "--dontaudit" ++.IP "-D, --dontaudit" + Search for dontaudit rules. + .IP "-T, --type" + Search for type_transition, type_member, and type_change rules. +diff --git a/secmds/sesearch.c b/secmds/sesearch.c +index e1436a7..f53d670 100644 +--- a/secmds/sesearch.c ++++ b/secmds/sesearch.c +@@ -24,6 +24,7 @@ + */ + + #include ++#include + + /* libapol */ + #include +@@ -61,9 +62,8 @@ enum opt_values + static struct option const longopts[] = { + {"allow", no_argument, NULL, 'A'}, + {"neverallow", no_argument, NULL, RULE_NEVERALLOW}, +- {"audit", no_argument, NULL, RULE_AUDIT}, + {"auditallow", no_argument, NULL, RULE_AUDITALLOW}, +- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT}, ++ {"dontaudit", no_argument, NULL, 'D'}, + {"type", no_argument, NULL, 'T'}, + {"role_allow", no_argument, NULL, RULE_ROLE_ALLOW}, + {"role_trans", no_argument, NULL, RULE_ROLE_TRANS}, +@@ -72,7 +72,6 @@ static struct option const longopts[] = { + + {"source", required_argument, NULL, 's'}, + {"target", required_argument, NULL, 't'}, +- {"default", required_argument, NULL, 'D'}, + {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE}, + {"role_target", required_argument, NULL, EXPR_ROLE_TARGET}, + {"class", required_argument, NULL, 'c'}, +@@ -129,7 +128,7 @@ void usage(const char *program_name, int brief) + printf(" -A, --allow allow rules\n"); + printf(" --neverallow neverallow rules\n"); + printf(" --auditallow auditallow rules\n"); +- printf(" --dontaudit dontaudit rules\n"); ++ printf(" -D, --dontaudit dontaudit rules\n"); + printf(" -T, --type type_trans, type_member, and type_change\n"); + printf(" --role_allow role allow rules\n"); + printf(" --role_trans role_transition rules\n"); +@@ -138,7 +137,6 @@ void usage(const char *program_name, int brief) + printf("EXPRESSIONS:\n"); + printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n"); + printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n"); +- printf(" -D NAME, --default=NAME rules with type NAME as default\n"); + printf(" --role_source=NAME rules with role NAME as source\n"); + printf(" --role_target=NAME rules with role NAME as target\n"); + printf(" -c NAME, --class=NAME rules with class NAME as the object class\n"); +@@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t * + tmp = apol_cond_expr_render(policy, cond); + enable_char = (enabled ? 'E' : 'D'); + branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); +- if (asprintf(&expr, "[ %s ]", tmp) < 0) { +- expr = NULL; ++ if (asprintf(&expr, "[ %s ]", tmp) < 0) + goto cleanup; +- } + free(tmp); + tmp = NULL; + if (!expr) +@@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt + qpol_iterator_destroy(&iter); + enable_char = (enabled ? 'E' : 'D'); + branch_char = (list ? 'T' : 'F'); +- if (asprintf(&expr, "[ %s ]", tmp) < 0) { +- expr = NULL; ++ if (asprintf(&expr, "[ %s ]", tmp) < 0) + goto cleanup; +- } + free(tmp); + tmp = NULL; + if (!expr) +@@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt, + apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect); + if (opt->bool_name) + apol_terule_query_set_bool(policy, teq, opt->bool_name); +- if (opt->default_name) +- apol_terule_query_set_default(policy, teq, opt->default_name); + if (opt->class_name) { + if (opt->class_vector == NULL) { + if (apol_terule_query_append_class(policy, teq, opt->class_name)) { +@@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t * + tmp = apol_cond_expr_render(policy, cond); + enable_char = (enabled ? 'E' : 'D'); + branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F'); +- if (asprintf(&expr, "[ %s ]", tmp) < 0) { +- expr = NULL; ++ if (asprintf(&expr, "[ %s ]", tmp) < 0) + goto cleanup; +- } + free(tmp); + tmp = NULL; + if (!expr) +- goto cleanup; ++ break; + } + } + if (!(rule_str = apol_syn_terule_render(policy, rule))) +@@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt + qpol_iterator_destroy(&iter); + enable_char = (enabled ? 'E' : 'D'); + branch_char = (list ? 'T' : 'F'); +- if (asprintf(&expr, "[ %s ]", tmp) < 0) { +- expr = NULL; ++ if (asprintf(&expr, "[ %s ]", tmp) < 0) + goto cleanup; +- } + free(tmp); + tmp = NULL; + if (!expr) +@@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, + goto err; + } + } +- + if (opt->default_name) { + if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) { + error = errno; +@@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt + { + size_t i, num_filename_trans = 0; + const qpol_filename_trans_t *filename_trans = NULL; +- char *filename_trans_str = NULL; +- qpol_iterator_t *iter = NULL; ++ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL; + + if (!(num_filename_trans = apol_vector_get_size(v))) + goto cleanup; + +- fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans); ++ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans); + + for (i = 0; i < num_filename_trans; i++) { + if (!(filename_trans = apol_vector_get_element(v, i))) +@@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt + + if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans))) + goto cleanup; +- fprintf(stdout, "%s\n", filename_trans_str); ++ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : ""); + free(filename_trans_str); + filename_trans_str = NULL; ++ free(expr); ++ expr = NULL; + } + + cleanup: ++ free(tmp); + free(filename_trans_str); ++ free(expr); + } + + static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v) +@@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt, + } + } + +- if (opt->default_name) { +- if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) { +- error = errno; +- goto err; +- } +- } +- + if (apol_role_trans_get_by_query(policy, rtq, v)) { + error = errno; + goto err; +@@ -973,7 +956,7 @@ int main(int argc, char **argv) + + memset(&cmd_opts, 0, sizeof(cmd_opts)); + cmd_opts.indirect = true; +- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) { ++ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) { + switch (optc) { + case 0: + break; +@@ -1001,18 +984,6 @@ int main(int argc, char **argv) + exit(1); + } + break; +- case 'D': /* default */ +- if (optarg == 0) { +- usage(argv[0], 1); +- printf("Missing default type for -D (--default)\n"); +- exit(1); +- } +- cmd_opts.default_name = strdup(optarg); +- if (!cmd_opts.default_name) { +- +- exit(1); +- } +- break; + case EXPR_ROLE_SOURCE: + if (optarg == 0) { + usage(argv[0], 1); +@@ -1093,7 +1064,7 @@ int main(int argc, char **argv) + case RULE_AUDITALLOW: + cmd_opts.auditallow = true; + break; +- case RULE_DONTAUDIT: ++ case 'D': + cmd_opts.dontaudit = true; + break; + case 'T': /* type */ +@@ -1273,12 +1244,13 @@ int main(int argc, char **argv) + fprintf(stdout, "\n"); + } + +- apol_vector_destroy(&v); +- if (perform_ft_query(policy, &cmd_opts, &v)) { +- rt = 1; +- goto cleanup; +- } +- if (v) { ++ if (cmd_opts.all || cmd_opts.type) { ++ apol_vector_destroy(&v); ++ if (perform_ft_query(policy, &cmd_opts, &v)) { ++ rt = 1; ++ goto cleanup; ++ } ++ + print_ft_results(policy, &cmd_opts, v); + fprintf(stdout, "\n"); + } +@@ -1317,7 +1289,6 @@ int main(int argc, char **argv) + apol_policy_path_destroy(&pol_path); + free(cmd_opts.src_name); + free(cmd_opts.tgt_name); +- free(cmd_opts.default_name); + free(cmd_opts.class_name); + free(cmd_opts.permlist); + free(cmd_opts.bool_name); +-- +1.8.5.3 + diff --git a/0010-Apply-swig-patch-to-make-apol-work-again.patch b/0010-Apply-swig-patch-to-make-apol-work-again.patch new file mode 100644 index 0000000..09c9512 --- /dev/null +++ b/0010-Apply-swig-patch-to-make-apol-work-again.patch @@ -0,0 +1,964 @@ +From 5d1423e1473bbbcbdd7bba8a57ed7542d1abb285 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 11:13:30 +0200 +Subject: [PATCH 10/11] Apply swig patch to make apol work again + +--- + libapol/swig/apol.i | 218 ++++++++++++++++++++++++++-------------------------- + 1 file changed, 109 insertions(+), 109 deletions(-) + +diff --git a/libapol/swig/apol.i b/libapol/swig/apol.i +index ae1262d..2e9fc55 100644 +--- a/libapol/swig/apol.i ++++ b/libapol/swig/apol.i +@@ -256,7 +256,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str); + } + %} + %extend apol_ip_t { +- apol_ip_t(const char *str) { ++ apol_ip(const char *str) { + apol_ip_t *ip = NULL; + BEGIN_EXCEPTION + ip = calloc(1, sizeof(*ip)); +@@ -274,7 +274,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str); + fail: + return ip; + }; +- ~apol_ip_t() { ++ ~apol_ip() { + free(self); + }; + int get_protocol() { +@@ -303,16 +303,16 @@ char *apol_file_find_path(const char *file_name); + %} + typedef struct apol_vector {} apol_vector_t; + %extend apol_vector_t { +- apol_vector_t() { ++ apol_vector() { + return apol_vector_create(NULL); + }; +- apol_vector_t(qpol_iterator_t *iter) { ++ apol_vector(qpol_iterator_t *iter) { + return apol_vector_create_from_iter(iter, NULL); + }; +- apol_vector_t(apol_vector_t *v) { ++ apol_vector(apol_vector_t *v) { + return apol_vector_create_from_vector(v, NULL, NULL, NULL); + }; +- apol_vector_t(apol_vector_t *a, apol_vector_t *b) { ++ apol_vector(apol_vector_t *a, apol_vector_t *b) { + return apol_vector_create_from_intersection(a, b, NULL, NULL); + }; + size_t get_size() { +@@ -324,7 +324,7 @@ typedef struct apol_vector {} apol_vector_t; + void *get_element(size_t i) { + return apol_vector_get_element(self, i); + }; +- ~apol_vector_t() { ++ ~apol_vector() { + apol_vector_destroy(&self); + }; + void append(void *x) { +@@ -379,13 +379,13 @@ typedef struct apol_vector {} apol_vector_t; + %} + typedef struct apol_string_vector {} apol_string_vector_t; + %extend apol_string_vector_t { +- apol_string_vector_t() { ++ apol_string_vector() { + return (apol_string_vector_t*)apol_vector_create(free); + }; +- apol_string_vector_t(apol_string_vector_t *v) { ++ apol_string_vector(apol_string_vector_t *v) { + return (apol_string_vector_t*)apol_vector_create_from_vector((apol_vector_t*)v, apol_str_strdup, NULL, free); + }; +- apol_string_vector_t(apol_string_vector_t *a, apol_string_vector_t *b) { ++ apol_string_vector(apol_string_vector_t *a, apol_string_vector_t *b) { + return (apol_string_vector_t*)apol_vector_create_from_intersection((apol_vector_t*)a, (apol_vector_t*)b, apol_str_strcmp, NULL); + }; + size_t get_size() { +@@ -397,7 +397,7 @@ typedef struct apol_string_vector {} apol_string_vector_t; + char *get_element(size_t i) { + return (char*)apol_vector_get_element((apol_vector_t*)self, i); + }; +- ~apol_string_vector_t() { ++ ~apol_string_vector() { + apol_vector_destroy((apol_vector_t**)&self); + }; + size_t get_index(char *str) { +@@ -462,7 +462,7 @@ typedef struct apol_string_vector {} apol_string_vector_t; + } apol_policy_path_type_e; + typedef struct apol_policy_path {} apol_policy_path_t; + %extend apol_policy_path_t { +- apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) { ++ apol_policy_path(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) { + apol_policy_path_t *p; + BEGIN_EXCEPTION + if ((p = apol_policy_path_create(type, primary, (apol_vector_t*)modules)) == NULL) { +@@ -472,7 +472,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; + fail: + return p; + }; +- apol_policy_path_t(char *path) { ++ apol_policy_path(char *path) { + apol_policy_path_t *p; + BEGIN_EXCEPTION + if ((p = apol_policy_path_create_from_file(path)) == NULL) { +@@ -482,7 +482,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; + fail: + return p; + }; +- apol_policy_path_t(char *str, int unused) { ++ apol_policy_path(char *str, int unused) { + apol_policy_path_t *p; + BEGIN_EXCEPTION + if ((p = apol_policy_path_create_from_string(str)) == NULL) { +@@ -492,7 +492,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; + fail: + return p; + }; +- apol_policy_path_t(apol_policy_path_t *in) { ++ apol_policy_path(apol_policy_path_t *in) { + apol_policy_path_t *p; + BEGIN_EXCEPTION + if ((p = apol_policy_path_create_from_policy_path(in)) == NULL) { +@@ -502,7 +502,7 @@ typedef struct apol_policy_path {} apol_policy_path_t; + fail: + return p; + }; +- ~apol_policy_path_t() { ++ ~apol_policy_path() { + apol_policy_path_destroy(&self); + }; + apol_policy_path_type_e get_type() { +@@ -549,7 +549,7 @@ typedef struct apol_policy {} apol_policy_t; + #define APOL_PERMMAP_BOTH (APOL_PERMMAP_READ | APOL_PERMMAP_WRITE) + #define APOL_PERMMAP_NONE 0x10 + %extend apol_policy_t { +- apol_policy_t(apol_policy_path_t *path, int options = 0) { ++ apol_policy(apol_policy_path_t *path, int options = 0) { + apol_policy_t *p; + BEGIN_EXCEPTION + p = apol_policy_create_from_policy_path(path, options, apol_swig_message_callback, apol_swig_message_callback_arg); +@@ -564,7 +564,7 @@ typedef struct apol_policy {} apol_policy_t; + fail: + return p; + }; +- ~apol_policy_t() { ++ ~apol_policy() { + apol_policy_destroy(&self); + }; + int get_policy_type() { +@@ -652,7 +652,7 @@ typedef struct apol_policy {} apol_policy_t; + /* apol type query */ + typedef struct apol_type_query {} apol_type_query_t; + %extend apol_type_query_t { +- apol_type_query_t() { ++ apol_type_query() { + apol_type_query_t *tq; + BEGIN_EXCEPTION + tq = apol_type_query_create(); +@@ -663,7 +663,7 @@ typedef struct apol_type_query {} apol_type_query_t; + fail: + return tq; + }; +- ~apol_type_query_t() { ++ ~apol_type_query() { + apol_type_query_destroy(&self); + }; + %newobject run(apol_policy_t *); +@@ -694,7 +694,7 @@ typedef struct apol_type_query {} apol_type_query_t; + /* apol attribute query */ + typedef struct apol_attr_query {} apol_attr_query_t; + %extend apol_attr_query_t { +- apol_attr_query_t() { ++ apol_attr_query() { + apol_attr_query_t *aq; + BEGIN_EXCEPTION + aq = apol_attr_query_create(); +@@ -705,7 +705,7 @@ typedef struct apol_attr_query {} apol_attr_query_t; + fail: + return aq; + }; +- ~apol_attr_query_t() { ++ ~apol_attr_query() { + apol_attr_query_destroy(&self); + }; + %newobject run(apol_policy_t *); +@@ -736,7 +736,7 @@ typedef struct apol_attr_query {} apol_attr_query_t; + /* apol role query */ + typedef struct apol_role_query {} apol_role_query_t; + %extend apol_role_query_t { +- apol_role_query_t() { ++ apol_role_query() { + apol_role_query_t *rq; + BEGIN_EXCEPTION + rq = apol_role_query_create(); +@@ -747,7 +747,7 @@ typedef struct apol_role_query {} apol_role_query_t; + fail: + return rq; + }; +- ~apol_role_query_t() { ++ ~apol_role_query() { + apol_role_query_destroy(&self); + }; + %newobject run(apol_policy_t *); +@@ -788,7 +788,7 @@ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t); + /* apol class query */ + typedef struct apol_class_query {} apol_class_query_t; + %extend apol_class_query_t { +- apol_class_query_t() { ++ apol_class_query() { + apol_class_query_t *cq; + BEGIN_EXCEPTION + cq = apol_class_query_create(); +@@ -799,7 +799,7 @@ typedef struct apol_class_query {} apol_class_query_t; + fail: + return cq; + }; +- ~apol_class_query_t() { ++ ~apol_class_query() { + apol_class_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -839,7 +839,7 @@ typedef struct apol_class_query {} apol_class_query_t; + /* apol common query */ + typedef struct apol_common_query {} apol_common_query_t; + %extend apol_common_query_t { +- apol_common_query_t() { ++ apol_common_query() { + apol_common_query_t *cq; + BEGIN_EXCEPTION + cq = apol_common_query_create(); +@@ -850,7 +850,7 @@ typedef struct apol_common_query {} apol_common_query_t; + fail: + return cq; + }; +- ~apol_common_query_t() { ++ ~apol_common_query() { + apol_common_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -881,7 +881,7 @@ typedef struct apol_common_query {} apol_common_query_t; + /* apol perm query */ + typedef struct apol_perm_query {} apol_perm_query_t; + %extend apol_perm_query_t { +- apol_perm_query_t() { ++ apol_perm_query() { + apol_perm_query_t *pq; + BEGIN_EXCEPTION + pq = apol_perm_query_create(); +@@ -892,7 +892,7 @@ typedef struct apol_perm_query {} apol_perm_query_t; + fail: + return pq; + }; +- ~apol_perm_query_t() { ++ ~apol_perm_query() { + apol_perm_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -923,7 +923,7 @@ typedef struct apol_perm_query {} apol_perm_query_t; + /* apol bool query */ + typedef struct apol_bool_query {} apol_bool_query_t; + %extend apol_bool_query_t { +- apol_bool_query_t() { ++ apol_bool_query() { + apol_bool_query_t *bq; + BEGIN_EXCEPTION + bq = apol_bool_query_create(); +@@ -934,7 +934,7 @@ typedef struct apol_bool_query {} apol_bool_query_t; + fail: + return bq; + }; +- ~apol_bool_query_t() { ++ ~apol_bool_query() { + apol_bool_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -965,7 +965,7 @@ typedef struct apol_bool_query {} apol_bool_query_t; + /* apol mls level */ + typedef struct apol_mls_level {} apol_mls_level_t; + %extend apol_mls_level_t { +- apol_mls_level_t() { ++ apol_mls_level() { + apol_mls_level_t *aml; + BEGIN_EXCEPTION + aml = apol_mls_level_create(); +@@ -976,7 +976,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; + fail: + return aml; + }; +- apol_mls_level_t(apol_mls_level_t *in) { ++ apol_mls_level(apol_mls_level_t *in) { + apol_mls_level_t *aml; + BEGIN_EXCEPTION + aml = apol_mls_level_create_from_mls_level(in); +@@ -987,7 +987,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; + fail: + return aml; + }; +- apol_mls_level_t(apol_policy_t *p, const char *str) { ++ apol_mls_level(apol_policy_t *p, const char *str) { + apol_mls_level_t *aml; + BEGIN_EXCEPTION + aml = apol_mls_level_create_from_string(p, str); +@@ -998,7 +998,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; + fail: + return aml; + }; +- apol_mls_level_t(const char *str) { ++ apol_mls_level(const char *str) { + apol_mls_level_t *aml; + BEGIN_EXCEPTION + aml = apol_mls_level_create_from_literal(str); +@@ -1009,7 +1009,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; + fail: + return aml; + }; +- apol_mls_level_t(apol_policy_t *p, qpol_mls_level_t *qml) { ++ apol_mls_level(apol_policy_t *p, qpol_mls_level_t *qml) { + apol_mls_level_t *aml; + BEGIN_EXCEPTION + aml = apol_mls_level_create_from_qpol_mls_level(p, qml); +@@ -1020,7 +1020,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; + fail: + return aml; + }; +- apol_mls_level_t(apol_policy_t *p, qpol_level_t *ql) { ++ apol_mls_level(apol_policy_t *p, qpol_level_t *ql) { + apol_mls_level_t *aml; + BEGIN_EXCEPTION + aml = apol_mls_level_create_from_qpol_level_datum(p, ql); +@@ -1031,7 +1031,7 @@ typedef struct apol_mls_level {} apol_mls_level_t; + fail: + return aml; + }; +- ~apol_mls_level_t() { ++ ~apol_mls_level() { + apol_mls_level_destroy(&self); + }; + void set_sens(apol_policy_t *p, char *sens) { +@@ -1128,7 +1128,7 @@ int apol_mls_cats_compare(apol_policy_t * p, const char *cat1, const char *cat2) + #endif + typedef struct apol_mls_range {} apol_mls_range_t; + %extend apol_mls_range_t { +- apol_mls_range_t() { ++ apol_mls_range() { + apol_mls_range_t *amr; + BEGIN_EXCEPTION + amr = apol_mls_range_create(); +@@ -1139,7 +1139,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; + fail: + return amr; + }; +- apol_mls_range_t(apol_mls_range_t *in) { ++ apol_mls_range(apol_mls_range_t *in) { + apol_mls_range_t *amr; + BEGIN_EXCEPTION + amr = apol_mls_range_create_from_mls_range(in); +@@ -1150,7 +1150,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; + fail: + return amr; + }; +- apol_mls_range_t(apol_policy_t *p, const char *s) { ++ apol_mls_range(apol_policy_t *p, const char *s) { + apol_mls_range_t *amr; + BEGIN_EXCEPTION + amr = apol_mls_range_create_from_string(p, s); +@@ -1161,7 +1161,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; + fail: + return amr; + }; +- apol_mls_range_t(const char *s) { ++ apol_mls_range(const char *s) { + apol_mls_range_t *amr; + BEGIN_EXCEPTION + amr = apol_mls_range_create_from_literal(s); +@@ -1172,7 +1172,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; + fail: + return amr; + }; +- apol_mls_range_t(apol_policy_t *p, qpol_mls_range_t *in) { ++ apol_mls_range(apol_policy_t *p, qpol_mls_range_t *in) { + apol_mls_range_t *amr; + BEGIN_EXCEPTION + amr = apol_mls_range_create_from_qpol_mls_range(p, in); +@@ -1183,7 +1183,7 @@ typedef struct apol_mls_range {} apol_mls_range_t; + fail: + return amr; + }; +- ~apol_mls_range_t() { ++ ~apol_mls_range() { + apol_mls_range_destroy(&self); + }; + void set_low(apol_policy_t *p, apol_mls_level_t *lvl) { +@@ -1278,7 +1278,7 @@ int apol_mls_range_contain_subrange(apol_policy_t * p, const apol_mls_range_t * + /* apol level query */ + typedef struct apol_level_query {} apol_level_query_t; + %extend apol_level_query_t { +- apol_level_query_t() { ++ apol_level_query() { + apol_level_query_t * alq; + BEGIN_EXCEPTION + alq = apol_level_query_create(); +@@ -1289,7 +1289,7 @@ typedef struct apol_level_query {} apol_level_query_t; + fail: + return alq; + }; +- ~apol_level_query_t() { ++ ~apol_level_query() { + apol_level_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1329,7 +1329,7 @@ typedef struct apol_level_query {} apol_level_query_t; + /* apol cat query */ + typedef struct apol_cat_query {} apol_cat_query_t; + %extend apol_cat_query_t { +- apol_cat_query_t() { ++ apol_cat_query() { + apol_cat_query_t * acq; + BEGIN_EXCEPTION + acq = apol_cat_query_create(); +@@ -1340,7 +1340,7 @@ typedef struct apol_cat_query {} apol_cat_query_t; + fail: + return acq; + }; +- ~apol_cat_query_t() { ++ ~apol_cat_query() { + apol_cat_query_destroy(&self); + }; + %newobject run(apol_policy_t *); +@@ -1379,7 +1379,7 @@ typedef struct apol_cat_query {} apol_cat_query_t; + #endif + typedef struct apol_user_query {} apol_user_query_t; + %extend apol_user_query_t { +- apol_user_query_t() { ++ apol_user_query() { + apol_user_query_t *auq; + BEGIN_EXCEPTION + auq = apol_user_query_create(); +@@ -1390,7 +1390,7 @@ typedef struct apol_user_query {} apol_user_query_t; + fail: + return auq; + }; +- ~apol_user_query_t() { ++ ~apol_user_query() { + apol_user_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1448,7 +1448,7 @@ typedef struct apol_user_query {} apol_user_query_t; + /* apol context */ + typedef struct apol_context {} apol_context_t; + %extend apol_context_t { +- apol_context_t() { ++ apol_context() { + apol_context_t *ctx; + BEGIN_EXCEPTION + ctx = apol_context_create(); +@@ -1459,7 +1459,7 @@ typedef struct apol_context {} apol_context_t; + fail: + return ctx; + }; +- apol_context_t(apol_policy_t *p, qpol_context_t *in) { ++ apol_context(apol_policy_t *p, qpol_context_t *in) { + apol_context_t *ctx; + BEGIN_EXCEPTION + ctx = apol_context_create_from_qpol_context(p, in); +@@ -1470,7 +1470,7 @@ typedef struct apol_context {} apol_context_t; + fail: + return ctx; + }; +- apol_context_t(const char *str) { ++ apol_context(const char *str) { + apol_context_t *ctx; + BEGIN_EXCEPTION + ctx = apol_context_create_from_literal(str); +@@ -1481,7 +1481,7 @@ typedef struct apol_context {} apol_context_t; + fail: + return ctx; + }; +- ~apol_context_t() { ++ ~apol_context() { + apol_context_destroy(&self); + }; + void set_user(apol_policy_t *p, char *name) { +@@ -1583,7 +1583,7 @@ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_contex + /* apol constraint query */ + typedef struct apol_constraint_query {} apol_constraint_query_t; + %extend apol_constraint_query_t { +- apol_constraint_query_t() { ++ apol_constraint_query() { + apol_constraint_query_t *acq; + BEGIN_EXCEPTION + acq = apol_constraint_query_create(); +@@ -1594,7 +1594,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t; + fail: + return acq; + }; +- ~apol_constraint_query_t() { ++ ~apol_constraint_query() { + apol_constraint_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1634,7 +1634,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t; + /* apol validatetrans query */ + typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; + %extend apol_validatetrans_query_t { +- apol_validatetrans_query_t() { ++ apol_validatetrans_query() { + apol_validatetrans_query_t *avq; + BEGIN_EXCEPTION + avq = apol_validatetrans_query_create(); +@@ -1645,7 +1645,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; + fail: + return avq; + }; +- ~apol_validatetrans_query_t() { ++ ~apol_validatetrans_query() { + apol_validatetrans_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1684,7 +1684,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t; + #endif + typedef struct apol_genfscon_query {} apol_genfscon_query_t; + %extend apol_genfscon_query_t { +- apol_genfscon_query_t() { ++ apol_genfscon_query() { + apol_genfscon_query_t *agq; + BEGIN_EXCEPTION + agq = apol_genfscon_query_create(); +@@ -1695,7 +1695,7 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t; + fail: + return agq; + }; +- ~apol_genfscon_query_t() { ++ ~apol_genfscon_query() { + apol_genfscon_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1746,7 +1746,7 @@ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon); + /* apol fs_use query */ + typedef struct apol_fs_use_query {} apol_fs_use_query_t; + %extend apol_fs_use_query_t { +- apol_fs_use_query_t() { ++ apol_fs_use_query() { + apol_fs_use_query_t *afq; + BEGIN_EXCEPTION + afq = apol_fs_use_query_create(); +@@ -1757,7 +1757,7 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t; + fail: + return afq; + }; +- ~apol_fs_use_query_t() { ++ ~apol_fs_use_query() { + apol_fs_use_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1799,7 +1799,7 @@ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse); + /* apol initial sid query */ + typedef struct apol_isid_query {} apol_isid_query_t; + %extend apol_isid_query_t { +- apol_isid_query_t() { ++ apol_isid_query() { + apol_isid_query_t *aiq; + BEGIN_EXCEPTION + aiq = apol_isid_query_create(); +@@ -1810,7 +1810,7 @@ typedef struct apol_isid_query {} apol_isid_query_t; + fail: + return aiq; + }; +- ~apol_isid_query_t() { ++ ~apol_isid_query() { + apol_isid_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1841,7 +1841,7 @@ typedef struct apol_isid_query {} apol_isid_query_t; + /* apol portcon query */ + typedef struct apol_portcon_query {} apol_portcon_query_t; + %extend apol_portcon_query_t { +- apol_portcon_query_t() { ++ apol_portcon_query() { + apol_portcon_query_t *apq; + BEGIN_EXCEPTION + apq = apol_portcon_query_create(); +@@ -1852,7 +1852,7 @@ typedef struct apol_portcon_query {} apol_portcon_query_t; + fail: + return apq; + }; +- ~apol_portcon_query_t() { ++ ~apol_portcon_query() { + apol_portcon_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1885,7 +1885,7 @@ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon); + /* apol netifcon query */ + typedef struct apol_netifcon_query {} apol_netifcon_query_t; + %extend apol_netifcon_query_t { +- apol_netifcon_query_t() { ++ apol_netifcon_query() { + apol_netifcon_query_t *anq; + BEGIN_EXCEPTION + anq = apol_netifcon_query_create(); +@@ -1896,7 +1896,7 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t; + fail: + return anq; + }; +- ~apol_netifcon_query_t() { ++ ~apol_netifcon_query() { + apol_netifcon_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -1932,7 +1932,7 @@ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon); + /* apol nodecon query */ + typedef struct apol_nodecon_query {} apol_nodecon_query_t; + %extend apol_nodecon_query_t { +- apol_nodecon_query_t() { ++ apol_nodecon_query() { + apol_nodecon_query_t *anq; + BEGIN_EXCEPTION + anq = apol_nodecon_query_create(); +@@ -1943,7 +1943,7 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t; + fail: + return anq; + }; +- ~apol_nodecon_query_t() { ++ ~apol_nodecon_query() { + apol_nodecon_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2012,7 +2012,7 @@ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon); + /* apol avrule query */ + typedef struct apol_avrule_query {} apol_avrule_query_t; + %extend apol_avrule_query_t { +- apol_avrule_query_t() { ++ apol_avrule_query() { + apol_avrule_query_t *avq; + BEGIN_EXCEPTION + avq = apol_avrule_query_create(); +@@ -2023,7 +2023,7 @@ typedef struct apol_avrule_query {} apol_avrule_query_t; + fail: + return avq; + }; +- ~apol_avrule_query_t() { ++ ~apol_avrule_query() { + apol_avrule_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2163,7 +2163,7 @@ char *apol_syn_avrule_render(apol_policy_t * policy, qpol_syn_avrule_t * rule); + /* apol terule query */ + typedef struct apol_terule_query {} apol_terule_query_t; + %extend apol_terule_query_t { +- apol_terule_query_t() { ++ apol_terule_query() { + apol_terule_query_t *atq; + BEGIN_EXCEPTION + atq = apol_terule_query_create(); +@@ -2174,7 +2174,7 @@ typedef struct apol_terule_query {} apol_terule_query_t; + fail: + return atq; + }; +- ~apol_terule_query_t() { ++ ~apol_terule_query() { + apol_terule_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2287,7 +2287,7 @@ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t + /* apol cond rule query */ + typedef struct apol_cond_query {} apol_cond_query_t; + %extend apol_cond_query_t { +- apol_cond_query_t() { ++ apol_cond_query() { + apol_cond_query_t *acq; + BEGIN_EXCEPTION + acq = apol_cond_query_create(); +@@ -2298,7 +2298,7 @@ typedef struct apol_cond_query {} apol_cond_query_t; + fail: + return acq; + }; +- ~apol_cond_query_t() { ++ ~apol_cond_query() { + apol_cond_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2331,7 +2331,7 @@ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond); + /* apol role allow query */ + typedef struct apol_role_allow_query {} apol_role_allow_query_t; + %extend apol_role_allow_query_t { +- apol_role_allow_query_t() { ++ apol_role_allow_query() { + apol_role_allow_query_t *arq; + BEGIN_EXCEPTION + arq = apol_role_allow_query_create(); +@@ -2342,7 +2342,7 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t; + fail: + return arq; + }; +- ~apol_role_allow_query_t() { ++ ~apol_role_allow_query() { + apol_role_allow_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2387,7 +2387,7 @@ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule); + /* apol role transition rule query */ + typedef struct apol_role_trans_query {} apol_role_trans_query_t; + %extend apol_role_trans_query_t { +- apol_role_trans_query_t() { ++ apol_role_trans_query() { + apol_role_trans_query_t *arq; + BEGIN_EXCEPTION + arq = apol_role_trans_query_create(); +@@ -2398,7 +2398,7 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t; + fail: + return arq; + }; +- ~apol_role_trans_query_t() { ++ ~apol_role_trans_query() { + apol_role_trans_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2452,7 +2452,7 @@ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule); + /* apol range transition rule query */ + typedef struct apol_range_trans_query {} apol_range_trans_query_t; + %extend apol_range_trans_query_t { +- apol_range_trans_query_t() { ++ apol_range_trans_query() { + apol_range_trans_query_t *arq; + BEGIN_EXCEPTION + arq = apol_range_trans_query_create(); +@@ -2463,7 +2463,7 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t; + fail: + return arq; + }; +- ~apol_range_trans_query_t() { ++ ~apol_range_trans_query() { + apol_range_trans_query_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2531,7 +2531,7 @@ char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule) + #define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID) + typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; + %extend apol_domain_trans_analysis_t { +- apol_domain_trans_analysis_t() { ++ apol_domain_trans_analysis() { + apol_domain_trans_analysis_t *dta; + BEGIN_EXCEPTION + dta = apol_domain_trans_analysis_create(); +@@ -2542,7 +2542,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; + fail: + return dta; + }; +- ~apol_domain_trans_analysis_t() { ++ ~apol_domain_trans_analysis() { + apol_domain_trans_analysis_destroy(&self); + }; + void set_direction(apol_policy_t *p, int direction) { +@@ -2622,7 +2622,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t; + }; + typedef struct apol_domain_trans_result {} apol_domain_trans_result_t; + %extend apol_domain_trans_result_t { +- apol_domain_trans_result_t(apol_domain_trans_result_t *in) { ++ apol_domain_trans_result(apol_domain_trans_result_t *in) { + apol_domain_trans_result_t *dtr; + BEGIN_EXCEPTION + dtr = apol_domain_trans_result_create_from_domain_trans_result(in); +@@ -2633,7 +2633,7 @@ typedef struct apol_domain_trans_result {} apol_domain_trans_result_t; + fail: + return dtr; + }; +- ~apol_domain_trans_result_t() { ++ ~apol_domain_trans_result() { + apol_domain_trans_result_destroy(&self); + }; + const qpol_type_t *get_start_type() { +@@ -2705,14 +2705,14 @@ int apol_domain_trans_table_verify_trans(apol_policy_t * policy, qpol_type_t * s + %} + typedef struct apol_infoflow {} apol_infoflow_t; + %extend apol_infoflow_t { +- apol_infoflow_t() { ++ apol_infoflow() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_infoflow_t() { ++ ~apol_infoflow() { + apol_infoflow_destroy(&self); + }; + %newobject extract_graph(); +@@ -2730,7 +2730,7 @@ typedef struct apol_infoflow {} apol_infoflow_t; + }; + typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; + %extend apol_infoflow_analysis_t { +- apol_infoflow_analysis_t() { ++ apol_infoflow_analysis() { + apol_infoflow_analysis_t *aia; + BEGIN_EXCEPTION + aia = apol_infoflow_analysis_create(); +@@ -2741,7 +2741,7 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; + fail: + return aia; + }; +- ~apol_infoflow_analysis_t() { ++ ~apol_infoflow_analysis() { + apol_infoflow_analysis_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -2823,14 +2823,14 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t; + }; + typedef struct apol_infoflow_graph {} apol_infoflow_graph_t; + %extend apol_infoflow_graph_t { +- apol_infoflow_graph_t() { ++ apol_infoflow_graph() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_graph_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_infoflow_graph_t() { ++ ~apol_infoflow_graph() { + apol_infoflow_graph_destroy(&self); + }; + %newobject do_more(apol_policy_t*, char*); +@@ -2867,14 +2867,14 @@ typedef struct apol_infoflow_graph {} apol_infoflow_graph_t; + }; + typedef struct apol_infoflow_result {} apol_infoflow_result_t; + %extend apol_infoflow_result_t { +- apol_infoflow_result_t() { ++ apol_infoflow_result() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_result_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_infoflow_result_t() { ++ ~apol_infoflow_result() { + /* no op - vector will destroy */ + return; + }; +@@ -2901,14 +2901,14 @@ typedef struct apol_infoflow_result {} apol_infoflow_result_t; + %} + typedef struct apol_infoflow_step {} apol_infoflow_step_t; + %extend apol_infoflow_step_t { +- apol_infoflow_step_t() { ++ apol_infoflow_step() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_step_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_infoflow_step_t() { ++ ~apol_infoflow_step() { + /* no op */ + return; + }; +@@ -2938,7 +2938,7 @@ typedef struct apol_infoflow_step {} apol_infoflow_step_t; + #define APOL_RELABEL_DIR_SUBJECT 0x04 + typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; + %extend apol_relabel_analysis_t { +- apol_relabel_analysis_t() { ++ apol_relabel_analysis() { + apol_relabel_analysis_t *ara; + BEGIN_EXCEPTION + ara = apol_relabel_analysis_create(); +@@ -2949,7 +2949,7 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; + fail: + return ara; + }; +- ~apol_relabel_analysis_t() { ++ ~apol_relabel_analysis() { + apol_relabel_analysis_destroy(&self); + }; + %newobject run(apol_policy_t*); +@@ -3011,14 +3011,14 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t; + }; + typedef struct apol_relabel_result {} apol_relabel_result_t; + %extend apol_relabel_result_t { +- apol_relabel_result_t() { ++ apol_relabel_result() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_relabel_result_t() { ++ ~apol_relabel_result() { + /* no op - vector will destroy */ + return; + }; +@@ -3042,14 +3042,14 @@ typedef struct apol_relabel_result {} apol_relabel_result_t; + %} + typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t; + %extend apol_relabel_result_pair_t { +- apol_relabel_result_pair_t() { ++ apol_relabel_result_pair() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_pair_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_relabel_result_pair_t() { ++ ~apol_relabel_result_pair() { + /* no op - owned and free()'d by apol_relabel_result_t */ + return; + }; +@@ -3084,7 +3084,7 @@ typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t; + #define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000 + typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; + %extend apol_types_relation_analysis_t { +- apol_types_relation_analysis_t() { ++ apol_types_relation_analysis() { + apol_types_relation_analysis_t *atr; + BEGIN_EXCEPTION + atr = apol_types_relation_analysis_create(); +@@ -3095,7 +3095,7 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; + fail: + return atr; + }; +- ~apol_types_relation_analysis_t() { ++ ~apol_types_relation_analysis() { + apol_types_relation_analysis_destroy(&self); + } + %newobject run(apol_policy_t*); +@@ -3139,14 +3139,14 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t; + }; + typedef struct apol_types_relation_result {} apol_types_relation_result_t; + %extend apol_types_relation_result_t { +- apol_types_relation_result_t() { ++ apol_types_relation_result() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_result_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_types_relation_result_t() { ++ ~apol_types_relation_result() { + apol_types_relation_result_destroy(&self); + }; + const apol_vector_t *get_attributes() { +@@ -3194,14 +3194,14 @@ typedef struct apol_types_relation_result {} apol_types_relation_result_t; + }; + typedef struct apol_types_relation_access {} apol_types_relation_access_t; + %extend apol_types_relation_access_t { +- apol_types_relation_access_t() { ++ apol_types_relation_access() { + BEGIN_EXCEPTION + SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_access_t objects"); + END_EXCEPTION + fail: + return NULL; + }; +- ~apol_types_relation_access_t() { ++ ~apol_types_relation_access() { + /* no op - vector will destroy */ + return; + }; +-- +1.8.5.3 + diff --git a/0011-Fix-Wformat-security-issues.patch b/0011-Fix-Wformat-security-issues.patch new file mode 100644 index 0000000..5288ed7 --- /dev/null +++ b/0011-Fix-Wformat-security-issues.patch @@ -0,0 +1,154 @@ +From 32ede3cc817ee4f6806877a34a6c84ed50c31df7 Mon Sep 17 00:00:00 2001 +From: Miroslav Grepl +Date: Fri, 11 Apr 2014 18:49:33 +0200 +Subject: [PATCH 11/11] Fix -Wformat-security issues + +--- + libseaudit/src/bool_message.c | 4 ++-- + libseaudit/src/filter.c | 2 +- + libseaudit/src/model.c | 2 +- + seaudit/progress.c | 4 ++-- + seaudit/toplevel.c | 2 +- + seaudit/utilgui.c | 2 +- + sediff/progress.c | 4 ++-- + sediff/toplevel.c | 2 +- + sediff/utilgui.c | 2 +- + 9 files changed, 12 insertions(+), 12 deletions(-) + +diff --git a/libseaudit/src/bool_message.c b/libseaudit/src/bool_message.c +index f105cf0..d5b1e33 100644 +--- a/libseaudit/src/bool_message.c ++++ b/libseaudit/src/bool_message.c +@@ -101,7 +101,7 @@ char *bool_message_to_string(const seaudit_message_t * msg, const char *date) + return NULL; + } + if ((misc_string = bool_message_to_misc_string(boolm)) == NULL || +- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) { ++ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) { + free(misc_string); + return NULL; + } +@@ -128,7 +128,7 @@ char *bool_message_to_string_html(const seaudit_message_t * msg, const char *dat + return NULL; + } + if ((misc_string = bool_message_to_misc_string(boolm)) == NULL || +- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s
", s, close_brace) < 0) { ++ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s
", s, close_brace) < 0) { + free(misc_string); + return NULL; + } +diff --git a/libseaudit/src/filter.c b/libseaudit/src/filter.c +index 298a309..c710ce4 100644 +--- a/libseaudit/src/filter.c ++++ b/libseaudit/src/filter.c +@@ -1108,7 +1108,7 @@ int seaudit_filter_save_to_file(const seaudit_filter_t * filter, const char *fil + if ((file = fopen(filename, "w")) == NULL) { + return -1; + } +- fprintf(file, XML_VER); ++ fprintf(file, "%s", XML_VER); + fprintf(file, "\n", FILTER_FILE_FORMAT_VERSION); + filter_append_to_file(filter, file, 1); + fprintf(file, "\n"); +diff --git a/libseaudit/src/model.c b/libseaudit/src/model.c +index 1bc4a23..4a130cb 100644 +--- a/libseaudit/src/model.c ++++ b/libseaudit/src/model.c +@@ -514,7 +514,7 @@ int seaudit_model_save_to_file(const seaudit_model_t * model, const char *filena + if ((file = fopen(filename, "w")) == NULL) { + return -1; + } +- fprintf(file, XML_VER); ++ fprintf(file, "%s", XML_VER); + fprintf(file, "\n", + FILTER_FILE_FORMAT_VERSION, model->name, + model->match == SEAUDIT_FILTER_MATCH_ALL ? "all" : "any", +diff --git a/seaudit/progress.c b/seaudit/progress.c +index 2e0abeb..f092858 100644 +--- a/seaudit/progress.c ++++ b/seaudit/progress.c +@@ -114,10 +114,10 @@ int progress_wait(progress_t * progress) + } + g_mutex_unlock(progress->mutex); + if (progress->done < 0) { +- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label); ++ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label); + return progress->done; + } else if (progress->done > 1) { +- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label); ++ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label); + return progress->done - 1; + } else { + progress->done = 0; +diff --git a/seaudit/toplevel.c b/seaudit/toplevel.c +index d901a99..27938d5 100644 +--- a/seaudit/toplevel.c ++++ b/seaudit/toplevel.c +@@ -902,7 +902,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch + ERR(NULL, "%s", strerror(errno)); + return; + } +- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); ++ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); + free(msg); + gtk_dialog_run(GTK_DIALOG(dialog)); + gtk_widget_destroy(dialog); +diff --git a/seaudit/utilgui.c b/seaudit/utilgui.c +index 22028e1..78a1a08 100644 +--- a/seaudit/utilgui.c ++++ b/seaudit/utilgui.c +@@ -30,7 +30,7 @@ + void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg) + { + GtkWidget *dialog; +- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); ++ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); + gtk_dialog_run(GTK_DIALOG(dialog)); + gtk_widget_destroy(dialog); + } +diff --git a/sediff/progress.c b/sediff/progress.c +index efaa120..312789e 100644 +--- a/sediff/progress.c ++++ b/sediff/progress.c +@@ -115,10 +115,10 @@ int progress_wait(progress_t * progress) + } + g_mutex_unlock(progress->mutex); + if (progress->done < 0) { +- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label); ++ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label); + return progress->done; + } else if (progress->done > 1) { +- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label); ++ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label); + return progress->done - 1; + } else { + progress->done = 0; +diff --git a/sediff/toplevel.c b/sediff/toplevel.c +index db6d1f5..aabd039 100644 +--- a/sediff/toplevel.c ++++ b/sediff/toplevel.c +@@ -453,7 +453,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch + ERR(NULL, "%s", strerror(errno)); + return; + } +- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); ++ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); + free(msg); + gtk_dialog_run(GTK_DIALOG(dialog)); + gtk_widget_destroy(dialog); +diff --git a/sediff/utilgui.c b/sediff/utilgui.c +index 04e1e05..9e183ba 100644 +--- a/sediff/utilgui.c ++++ b/sediff/utilgui.c +@@ -31,7 +31,7 @@ + void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg) + { + GtkWidget *dialog; +- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg); ++ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg); + gtk_dialog_run(GTK_DIALOG(dialog)); + gtk_widget_destroy(dialog); + } +-- +1.8.5.3 + diff --git a/setools.spec b/setools.spec index 8c80967..2cf0e82 100644 --- a/setools.spec +++ b/setools.spec @@ -1,9 +1,9 @@ %define setools_maj_ver 3.3 -%define setools_min_ver 7 +%define setools_min_ver 8 Name: setools Version: %{setools_maj_ver}.%{setools_min_ver} -Release: 41%{?dist} +Release: 1%{?dist} License: GPLv2 URL: http://oss.tresys.com/projects/setools BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -11,21 +11,17 @@ Source: http://oss.tresys.com/projects/setools/chrome/site/dists/setools-%{versi Source1: setools.pam Source2: apol.desktop Source3: seaudit.desktop -Patch2: 0002-setools-should-exit-with-an-error-status-if-it-gets-.patch -Patch3: 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch -Patch4: 0004-Fix-man-pages-and-getoptions.patch -Patch5: 0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch -Patch6: 0006-Changes-to-support-named-file_trans-rules.patch -Patch7: 0007-Remove-unused-variables.patch -Patch8: 0008-Fix-output-to-match-policy-lines.patch -Patch9: 0009-Fix-swig-coding-style-for-structures.patch -Patch10: 0010-selinux_current_policy_path.patch -Patch11: 0011-setools-noship.patch -Patch12: 0012-seaudit.patch -Patch13: 0013-swig.patch -Patch14: 0014-boolsub.patch -Patch15: 0015-aliases.patch -Patch16: 0016-cmdline.patch +Patch1: 0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch +Patch2: 0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch +Patch3: 0003-mgrepl-patch-to-Fix-swig-coding-style-for-structures.patch +Patch4: 0004-Apply-selinux_current_policy_path-patch.patch +Patch5: 0005-Apply-seaudit-patch-for-progress.c.patch +Patch6: 0006-Add-support-for-boolean-subs.patch +Patch7: 0007-Setools-noship.patch +Patch8: 0008-Add-alias-support-to-seinfo-t.patch +Patch9: 0009-Fix-help-message-on-sesearch-D.patch +Patch10: 0010-Apply-swig-patch-to-make-apol-work-again.patch +Patch11: 0011-Fix-Wformat-security-issues.patch Summary: Policy analysis tools for SELinux Group: System Environment/Base @@ -153,21 +149,17 @@ This package includes the following graphical tools: %prep %setup -q -%patch2 -p 1 -b .exitstatus -%patch3 -p 1 -b .neverallow -%patch4 -p 1 -b .manpage -%patch5 -p 1 -b .libsepol -%patch6 -p 1 -b .filenametrans -%patch7 -p 1 -b .unused -%patch8 -p 1 -b .fixoutput -%patch9 -p 1 -b .fixswig -%patch10 -p 1 -b .current -%patch11 -p 1 -b .noship -%patch12 -p 1 -b .seaudit -%patch13 -p 1 -b .swig -%patch14 -p 2 -b .boolsub -%patch15 -p 1 -b .aliases -%patch16 -p 1 -b .cmdline +%patch1 -p 1 -b .neverallow +%patch2 -p 1 -b .libsepol +%patch3 -p 1 -b .swig +%patch4 -p 1 -b .current_policy +%patch5 -p 1 -b .seaudit +%patch6 -p 1 -b .boolean-subs +%patch7 -p 1 -b .noship +%patch8 -p 1 -b .seinfo-t +%patch9 -p 1 -b .sesearch-D +%patch10 -p 1 -b .wig-patch +%patch11 -p 1 -b .Wformat-security %ifarch sparc sparcv9 sparc64 s390 s390x for file in `find . -name Makefile.am`; do sed -i -e 's:-fpic:-fPIC:' $file; @@ -284,6 +276,9 @@ rm -rf ${RPM_BUILD_ROOT} %postun libs-tcl -p /sbin/ldconfig %changelog +* Fri Apr 11 2013 Miroslav Grepl - 3.3.8-1 +- Update to upstream + * Mon Sep 16 2013 Dan Walsh - 3.3.7-41 - Cleanup Destop files.