diff --git a/checkpolicy-defaulttype.patch b/checkpolicy-defaulttype.patch new file mode 100644 index 0000000..371e652 --- /dev/null +++ b/checkpolicy-defaulttype.patch @@ -0,0 +1,101 @@ +diff -ur checkpolicy-2.1.12/policy_define.c checkpolicy-2.1.11/policy_define.c +--- checkpolicy-2.1.12/policy_define.c 2013-02-07 12:21:10.000000000 -0500 ++++ checkpolicy-2.1.11/policy_define.c 2012-09-13 12:29:01.000000000 -0400 +@@ -415,38 +415,6 @@ + return 0; + } + +-int define_default_type(int which) +-{ +- char *id; +- class_datum_t *cladatum; +- +- if (pass == 1) { +- while ((id = queue_remove(id_queue))) +- free(id); +- return 0; +- } +- +- while ((id = queue_remove(id_queue))) { +- if (!is_id_in_scope(SYM_CLASSES, id)) { +- yyerror2("class %s is not within scope", id); +- return -1; +- } +- cladatum = hashtab_search(policydbp->p_classes.table, id); +- if (!cladatum) { +- yyerror2("unknown class %s", id); +- return -1; +- } +- if (cladatum->default_type && cladatum->default_type != which) { +- yyerror2("conflicting default type information for class %s", id); +- return -1; +- } +- cladatum->default_type = which; +- free(id); +- } +- +- return 0; +-} +- + int define_default_range(int which) + { + char *id; +diff -ur checkpolicy-2.1.12/policy_define.h checkpolicy-2.1.11/policy_define.h +--- checkpolicy-2.1.12/policy_define.h 2013-02-07 12:21:10.000000000 -0500 ++++ checkpolicy-2.1.11/policy_define.h 2012-09-13 12:29:01.000000000 -0400 +@@ -26,7 +26,6 @@ + int define_class(void); + int define_default_user(int which); + int define_default_role(int which); +-int define_default_type(int which); + int define_default_range(int which); + int define_common_perms(void); + int define_compute_type(int which); +diff -ur checkpolicy-2.1.12/policy_parse.y checkpolicy-2.1.11/policy_parse.y +--- checkpolicy-2.1.12/policy_parse.y 2013-02-07 12:21:10.000000000 -0500 ++++ checkpolicy-2.1.11/policy_parse.y 2012-09-13 12:29:01.000000000 -0400 +@@ -143,7 +143,7 @@ + %token POLICYCAP + %token PERMISSIVE + %token FILESYSTEM +-%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE ++%token DEFAULT_USER DEFAULT_ROLE DEFAULT_RANGE + %token LOW_HIGH LOW HIGH + + %left OR +@@ -202,11 +202,9 @@ + ; + default_rules : default_user_def + | default_role_def +- | default_type_def + | default_range_def + | default_rules default_user_def + | default_rules default_role_def +- | default_rules default_type_def + | default_rules default_range_def + ; + default_user_def : DEFAULT_USER names SOURCE ';' +@@ -219,11 +217,6 @@ + | DEFAULT_ROLE names TARGET ';' + {if (define_default_role(DEFAULT_TARGET)) return -1; } + ; +-default_type_def : DEFAULT_TYPE names SOURCE ';' +- {if (define_default_type(DEFAULT_SOURCE)) return -1; } +- | DEFAULT_TYPE names TARGET ';' +- {if (define_default_type(DEFAULT_TARGET)) return -1; } +- ; + default_range_def : DEFAULT_RANGE names SOURCE LOW ';' + {if (define_default_range(DEFAULT_SOURCE_LOW)) return -1; } + | DEFAULT_RANGE names SOURCE HIGH ';' +diff -ur checkpolicy-2.1.12/policy_scan.l checkpolicy-2.1.11/policy_scan.l +--- checkpolicy-2.1.12/policy_scan.l 2013-03-12 13:35:28.740044379 -0400 ++++ checkpolicy-2.1.11/policy_scan.l 2012-09-13 12:29:01.000000000 -0400 +@@ -229,8 +229,6 @@ + DEFAULT_USER { return(DEFAULT_USER); } + default_role | + DEFAULT_ROLE { return(DEFAULT_ROLE); } +-default_type | +-DEFAULT_TYPE { return(DEFAULT_TYPE); } + default_range | + DEFAULT_RANGE { return(DEFAULT_RANGE); } + low-high | diff --git a/checkpolicy.spec b/checkpolicy.spec index 64fd94d..22dfbae 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -8,6 +8,7 @@ License: GPLv2 Group: Development/System Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Patch: checkpolicy-rhat.patch +Patch1: checkpolicy-defaulttype.patch BuildRoot: %{_tmppath}/%{name}-buildroot BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel >= %{libselinuxver} @@ -29,6 +30,7 @@ Only required for building policies. %prep %setup -q %patch -p2 -b .rhat +%patch1 -p1 -b .defaulttype %build make clean