From bc0a935c8c7aa8bd3e8f90cec16a5a66f1761504 Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Sep 13 2005 16:48:16 +0000
Subject: - Eliminate forth param from mls context when mls is not enabled.


---

diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch
index aa25ffa..8fba2d7 100644
--- a/libselinux-rhat.patch
+++ b/libselinux-rhat.patch
@@ -1,22 +1,22 @@
-diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.25.7/include/selinux/selinux.h
+diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.26/include/selinux/selinux.h
 --- nsalibselinux/include/selinux/selinux.h	2005-09-01 11:17:40.000000000 -0400
-+++ libselinux-1.25.7/include/selinux/selinux.h	2005-09-12 11:33:32.000000000 -0400
++++ libselinux-1.26/include/selinux/selinux.h	2005-09-12 17:05:36.000000000 -0400
 @@ -304,6 +304,12 @@
  extern int selinux_getenforcemode(int *enforce);
  
  /*
-+  selinux_gettype reads the /etc/selinux/config file and determines 
++  selinux_getpolicytype reads the /etc/selinux/config file and determines 
 +  whether the policy tyep for this machine, type must be freed.
 + */
-+extern void selinux_gettype(char **type);
++extern void selinux_getpolicytype(char **type);
 +
 +/*
    selinux_policy_root reads the /etc/selinux/config file and returns 
    the directory path under which the compiled policy file and context 
    configuration files exist.
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.7/src/init.c
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.26/src/init.c
 --- nsalibselinux/src/init.c	2005-09-01 13:21:11.000000000 -0400
-+++ libselinux-1.25.7/src/init.c	2005-09-12 11:36:33.000000000 -0400
++++ libselinux-1.26/src/init.c	2005-09-12 17:13:20.000000000 -0400
 @@ -8,6 +8,7 @@
  #include <asm/page.h>
  #include <stdio.h>
@@ -34,25 +34,108 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.25.7/
  	int (*lib_trans_init)(void) = NULL;
 -
 -	translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW);
-+	selinux_gettype(&type);
++	selinux_getpolicytype(&type);
 +	if (!type) return;
-+	snprintf(path, PATH_MAX-1, "/lib/selinux/lib%s.so.0", type);
++	snprintf(path, PATH_MAX-1, "/$LIB/selinux/%s/libsetrans.so.0", type);
 +	free(type);
 +	translation_lib_handle = dlopen(path, RTLD_NOW);
  	if (!translation_lib_handle)
  		return;
  
-diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.25.7/src/selinux_config.c
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.26/src/matchpathcon.c
+--- nsalibselinux/src/matchpathcon.c	2005-08-24 09:07:11.000000000 -0400
++++ libselinux-1.26/src/matchpathcon.c	2005-09-12 17:05:37.000000000 -0400
+@@ -25,6 +25,20 @@
+ 	va_end(ap);
+ }
+ 
++#define STRIP_LEVEL(CON) \
++		if (! mls_enabled) { \
++			int i=0; \
++			int ctr=0; \
++			while (CON[i]) { \
++				if (CON[i] == ':') ctr++; \
++				if (ctr==3) { \
++				  CON[i]=0; \
++				  break; \
++				} \
++				i++; \
++			} \
++		} 
++
+ static void (*myprintf)(const char *fmt, ...) = &default_printf;
+ 
+ void set_matchpathcon_printf(void (*f)(const char *fmt, ...))
+@@ -415,7 +429,7 @@
+ 	}
+ 	return;
+ }
+-static int process_line( const char *path, char *line_buf, int pass, unsigned lineno) {
++static int process_line( const char *path, char *line_buf, int pass, unsigned lineno, int mls_enabled) {
+ 	int items, len, regerr;
+ 	char *buf_p;
+ 	char *regex, *type, *context;
+@@ -438,6 +452,7 @@
+ 	} else if (items == 2) {
+ 		/* The type field is optional. */
+ 		free(context);
++		STRIP_LEVEL(type)
+ 		context = type;
+ 		type = 0;
+ 	}
+@@ -510,7 +525,7 @@
+ 		}
+ 		
+ 	skip_type:
+-		
++		STRIP_LEVEL(context)
+ 		spec_arr[nspec].context = context;
+ 		
+ 		if (strcmp(context, "<<none>>")) {
+@@ -557,6 +572,7 @@
+ 	unsigned int lineno, pass, i, j, maxnspec;
+ 	spec_t *spec_copy=NULL;
+ 	int status=-1;
++	int mls_enabled=is_selinux_mls_enabled();
+ 
+ 	/* Open the specification file. */
+ 	if (!path)
+@@ -590,20 +606,20 @@
+ 		lineno = 0;
+ 		nspec = 0;
+ 		while (getline(&line_buf, &line_len, fp) > 0 && nspec < maxnspec) {
+-			if (process_line(path, line_buf, pass, ++lineno) != 0)
++			if (process_line(path, line_buf, pass, ++lineno, mls_enabled) != 0)
+ 				goto finish;
+ 		}
+ 		lineno = 0;
+ 		if (homedirfp) 
+ 			while (getline(&line_buf, &line_len, homedirfp) > 0 && nspec < maxnspec) {
+-				if (process_line(homedir_path, line_buf, pass, ++lineno) != 0)
++				if (process_line(homedir_path, line_buf, pass, ++lineno, mls_enabled) != 0)
+ 					goto finish;
+ 			}
+ 
+ 		lineno = 0;
+ 		if (localfp) 
+ 			while (getline(&line_buf, &line_len, localfp) > 0 && nspec < maxnspec) {
+-				if (process_line(local_path, line_buf, pass, ++lineno) != 0)
++				if (process_line(local_path, line_buf, pass, ++lineno, mls_enabled) != 0)
+ 					goto finish;
+ 			}
+ 
+diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.26/src/selinux_config.c
 --- nsalibselinux/src/selinux_config.c	2005-03-17 14:56:21.000000000 -0500
-+++ libselinux-1.25.7/src/selinux_config.c	2005-09-12 11:35:35.000000000 -0400
-@@ -85,6 +85,28 @@
++++ libselinux-1.26/src/selinux_config.c	2005-09-13 12:46:22.682193000 -0400
+@@ -85,6 +85,29 @@
  
  static int use_compat_file_path;
  
-+void selinux_gettype(char **rtype) {
++void selinux_getpolicytype(char **rtype) {
 +	char *type=SELINUXDEFAULT;
 +	char buf[4097];
-+	int len, i;
++	int i=0;
++	int len=sizeof(SELINUXTYPETAG)-1;
 +	FILE *cfg = fopen(SELINUXCONFIG,"r");
 +	if (cfg) {
 +		while (fgets_unlocked(buf, 4096, cfg)) {
@@ -74,15 +157,16 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
  int selinux_getenforcemode(int *enforce) {
    int ret=-1;
    FILE *cfg = fopen(SELINUXCONFIG,"r");
-@@ -122,38 +144,24 @@
+@@ -122,38 +145,24 @@
  
  static void init_selinux_policyroot(void)
  {
 -  char *type=SELINUXDEFAULT;
-+  char *type=NULL;
-   int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
+-  int i=0, len=sizeof(SELINUXTYPETAG)-1, len2;
 -  char buf[4097];
 -  FILE *cfg;
++  char *type=NULL;
++  int i=0, len, len2;
    if (selinux_policyroot) return;
    if (access(SELINUXDIR, F_OK) != 0) {
  	  selinux_policyroot = SECURITYDIR;
@@ -105,7 +189,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselin
 -    type[i]=0;
 -    i--;
 -  }
-+  selinux_gettype(&type);
++  selinux_getpolicytype(&type);
 +  if (!type) return;
    len=sizeof(SELINUXDIR) + strlen(type);
    selinux_policyroot=malloc(len);
diff --git a/libselinux.spec b/libselinux.spec
index a463450..e907d4b 100644
--- a/libselinux.spec
+++ b/libselinux.spec
@@ -1,11 +1,11 @@
 Summary: SELinux library and simple utilities
 Name: libselinux
 Version: 1.26
-Release: 1
+Release: 2
 License: Public domain (uncopyrighted)
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
-Prereq: libsetrans >= 0.1.4-2
+Prereq: libsetrans >= 0.1.4-3
 Patch: libselinux-rhat.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -86,6 +86,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_mandir}/man8/*
 
 %changelog
+* Mon Sep 12 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
+- Eliminate forth param from mls context when mls is not enabled.
+
 * Tue Sep 6 2005 Dan Walsh <dwalsh@redhat.com> 1.25.7-1
 - Update from NSA
 	* Merged modified form of patch to avoid dlopen/dlclose by