From 253cdcd5ea578a35416decb2994c827338bde220 Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@redhat.com>
Date: Sep 19 2011 10:43:53 +0000
Subject: Update to upstream

	* Separate tunable from boolean during compile.

---

diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index ce29809..e69de29 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -1,149 +0,0 @@
-diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c
-index 1c1d1d5..81ccb00 100644
---- a/checkpolicy/module_compiler.c
-+++ b/checkpolicy/module_compiler.c
-@@ -1045,7 +1045,7 @@ int require_user(int pass)
- 	}
- }
- 
--int require_bool(int pass)
-+static int require_bool_tunable(int pass, int is_tunable)
- {
- 	char *id = queue_remove(id_queue);
- 	cond_bool_datum_t *booldatum = NULL;
-@@ -1063,6 +1063,8 @@ int require_bool(int pass)
- 		yyerror("Out of memory!");
- 		return -1;
- 	}
-+	if (is_tunable)
-+		booldatum->flags |= COND_BOOL_FLAGS_TUNABLE;
- 	retval =
- 	    require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum,
- 			   &booldatum->s.value, &booldatum->s.value);
-@@ -1094,6 +1096,16 @@ int require_bool(int pass)
- 	}
- }
- 
-+int require_bool(int pass)
-+{
-+	return require_bool_tunable(pass, 0);
-+}
-+
-+int require_tunable(int pass)
-+{
-+	return require_bool_tunable(pass, 1);
-+}
-+
- int require_sens(int pass)
- {
- 	char *id = queue_remove(id_queue);
-@@ -1328,6 +1340,8 @@ void append_cond_list(cond_list_t * cond)
- 		     tmp = tmp->next) ;
- 		tmp->next = cond->avfalse_list;
- 	}
-+
-+	old_cond->flags |= (cond->flags & COND_NODE_FLAGS_TUNABLE);
- }
- 
- void append_avrule(avrule_t * avrule)
-diff --git a/checkpolicy/module_compiler.h b/checkpolicy/module_compiler.h
-index 45a21cd..72c2d9b 100644
---- a/checkpolicy/module_compiler.h
-+++ b/checkpolicy/module_compiler.h
-@@ -58,6 +58,7 @@ int require_attribute(int pass);
- int require_attribute_role(int pass);
- int require_user(int pass);
- int require_bool(int pass);
-+int require_tunable(int pass);
- int require_sens(int pass);
- int require_cat(int pass);
- 
-diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
-index ded27f7..1bf669c 100644
---- a/checkpolicy/policy_define.c
-+++ b/checkpolicy/policy_define.c
-@@ -1494,7 +1494,7 @@ avrule_t *define_cond_compute_type(int which)
- 	return avrule;
- }
- 
--int define_bool(void)
-+int define_bool_tunable(int is_tunable)
- {
- 	char *id, *bool_value;
- 	cond_bool_datum_t *datum;
-@@ -1524,6 +1524,8 @@ int define_bool(void)
- 		return -1;
- 	}
- 	memset(datum, 0, sizeof(cond_bool_datum_t));
-+	if (is_tunable)
-+		datum->flags |= COND_BOOL_FLAGS_TUNABLE;
- 	ret = declare_symbol(SYM_BOOLS, id, datum, &value, &value);
- 	switch (ret) {
- 	case -3:{
-diff --git a/checkpolicy/policy_define.h b/checkpolicy/policy_define.h
-index fc8cd4d..92a9be7 100644
---- a/checkpolicy/policy_define.h
-+++ b/checkpolicy/policy_define.h
-@@ -21,7 +21,7 @@ cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void* arg2);
- int define_attrib(void);
- int define_attrib_role(void);
- int define_av_perms(int inherits);
--int define_bool(void);
-+int define_bool_tunable(int is_tunable);
- int define_category(void);
- int define_class(void);
- int define_common_perms(void);
-diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
-index 0a17bdc..49ac15f 100644
---- a/checkpolicy/policy_parse.y
-+++ b/checkpolicy/policy_parse.y
-@@ -101,6 +101,7 @@ typedef int (* require_func_t)();
- %token ALIAS
- %token ATTRIBUTE
- %token BOOL
-+%token TUNABLE
- %token IF
- %token ELSE
- %token TYPE_TRANSITION
-@@ -269,6 +270,7 @@ te_decl			: attribute_def
-                         | typeattribute_def
-                         | typebounds_def
-                         | bool_def
-+			| tunable_def
-                         | transition_def
-                         | range_trans_def
-                         | te_avtab_def
-@@ -295,8 +297,11 @@ opt_attr_list           : ',' id_comma_list
- 			| 
- 			;
- bool_def                : BOOL identifier bool_val ';'
--                        {if (define_bool()) return -1;}
-+                        { if (define_bool_tunable(0)) return -1; }
-                         ;
-+tunable_def		: TUNABLE identifier bool_val ';'
-+			{ if (define_bool_tunable(1)) return -1; }
-+			;
- bool_val                : CTRUE
-  			{ if (insert_id("T",0)) return -1; }
-                         | CFALSE
-@@ -820,6 +825,7 @@ require_decl_def        : ROLE        { $$ = require_role; }
-                         | ATTRIBUTE_ROLE   { $$ = require_attribute_role; }
-                         | USER        { $$ = require_user; }
-                         | BOOL        { $$ = require_bool; }
-+			| TUNABLE     { $$ = require_tunable; }
-                         | SENSITIVITY { $$ = require_sens; }
-                         | CATEGORY    { $$ = require_cat; }
-                         ;
-diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
-index ed27bbe..a61e0db 100644
---- a/checkpolicy/policy_scan.l
-+++ b/checkpolicy/policy_scan.l
-@@ -92,6 +92,8 @@ TYPE |
- type				{ return(TYPE); }
- BOOL |
- bool                            { return(BOOL); }
-+TUNABLE |
-+tunable				{ return(TUNABLE); }
- IF |
- if				{ return(IF); }
- ELSE |
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 062263f..bfbb1b0 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -1,7 +1,7 @@
 %define libsepolver 2.1.2-1
 Summary: SELinux policy compiler
 Name: checkpolicy
-Version: 2.1.4
+Version: 2.1.5
 Release: 1%{?dist}
 License: GPLv2
 Group: Development/System
@@ -53,6 +53,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
+* Mon Sep 19 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.5-0
+-Update to upstream
+	* Separate tunable from boolean during compile.
+
 * Tue Aug 30 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.4-0
 -Update to upstream
 	* checkpolicy: fix spacing in output message