From 785fc2e237ff973ee5d0f42fc1c335f147e8daba Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@fedoraproject.org>
Date: Sep 06 2005 20:16:22 +0000
Subject: - Update from NSA

Merged semod.conf template patch from Dan Walsh (Red Hat), but restored
    location to /usr/share/semod/semod.conf.
Fixed several bugs found by valgrind.
Fixed bug in prior patch for the semod_build_module_list leak.
Merged errno fix from Joshua Brindle (Tresys).
Merged fix for semod_build_modules_list leak on error path from Serge
    Hallyn (IBM). Bug found by Coverity.

---

diff --git a/libsemanage-rhat.patch b/libsemanage-rhat.patch
index 3ae2fad..ae996be 100644
--- a/libsemanage-rhat.patch
+++ b/libsemanage-rhat.patch
@@ -1,43 +1,121 @@
---- libsemanage-1.1.4/src/semod.conf.rhat	2005-08-30 09:24:00.000000000 -0400
-+++ libsemanage-1.1.4/src/semod.conf	2005-08-30 10:22:33.000000000 -0400
-@@ -16,10 +16,10 @@
- #  License along with this library; if not, write to the Free Software
- #  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
- 
--# Specify how libsemod will interact with the module store.  The three
-+# Specify how libsemanage will interact with the module store.  The three
- # options are:
- #
--#  "direct"     - libsemod will write directly to the store.
-+#  "direct"     - libsemanage will write directly to the store.
- #  /foo/bar     - Write by way of a policy server, whose named socket
- #                 is at /foo/bar.  The path must begin with a '/'.
- #  foo.com:4242 - Establish a TCP connection to a remote policy server
-@@ -44,7 +44,7 @@
- #args = -b $@
- #[end]
- 
--# In addition to loading a policy libsemod will validate file contexts
-+# In addition to loading a policy libsemanage will validate file contexts
- # by calling the setfiles utility.  As above, "$@" will be replaced
- # with the policy filename.  In addition "$<" will be replaced with
- # the file contexts filename.
---- libsemanage-1.1.4/src/Makefile.rhat	2005-08-30 09:24:00.000000000 -0400
-+++ libsemanage-1.1.4/src/Makefile	2005-08-30 10:23:09.000000000 -0400
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/Makefile libsemanage-1.1.6/src/Makefile
+--- nsalibsemanage/src/Makefile	2005-09-01 12:19:45.000000000 -0400
++++ libsemanage-1.1.6/src/Makefile	2005-09-06 16:15:37.000000000 -0400
 @@ -4,7 +4,7 @@
  SHLIBDIR ?= $(DESTDIR)/lib
  INCLUDEDIR ?= $(PREFIX)/include
  
--DEFAULT_SEMOD_CONF_LOCATION=$(PREFIX)/share/semod/semod.conf
-+DEFAULT_SEMOD_CONF_LOCATION=/etc/selinux/semod.conf
+-DEFAULT_SEMOD_CONF_LOCATION=/usr/share/semod/semod.conf
++DEFAULT_SEMOD_CONF_LOCATION=/usr/share/semanage/semanage.conf
  
  LEX = flex
  LFLAGS = -s
-@@ -40,7 +40,6 @@
+@@ -40,7 +40,7 @@
  install: all
  	test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
  	install -m 644 $(LIBA) $(LIBDIR)
--	install -m 644 -D semod.conf $(DEFAULT_SEMOD_CONF_LOCATION)
+-	install -m 644 -D semod.conf $(DESTDIR)/$(DEFAULT_SEMOD_CONF_LOCATION)
++	install -m 644 -D semanage.conf $(DESTDIR)/$(DEFAULT_SEMOD_CONF_LOCATION)
  
  clean: 
  	rm -f $(OBJS) $(LIBA) conf-scan.c conf-parse.c conf-parse.h
+diff --exclude-from=exclude -N -u -r nsalibsemanage/src/semanage.conf libsemanage-1.1.6/src/semanage.conf
+--- nsalibsemanage/src/semanage.conf	1969-12-31 19:00:00.000000000 -0500
++++ libsemanage-1.1.6/src/semanage.conf	2005-09-06 16:15:20.000000000 -0400
+@@ -0,0 +1,96 @@
++# Authors: Jason Tang <jtang@tresys.com>
++#
++# Copyright (C) 2004-2005 Tresys Technology, LLC
++#
++#  This library is free software; you can redistribute it and/or
++#  modify it under the terms of the GNU Lesser General Public
++#  License as published by the Free Software Foundation; either
++#  version 2.1 of the License, or (at your option) any later version.
++#
++#  This library is distributed in the hope that it will be useful,
++#  but WITHOUT ANY WARRANTY; without even the implied warranty of
++#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++#  Lesser General Public License for more details.
++#
++#  You should have received a copy of the GNU Lesser General Public
++#  License along with this library; if not, write to the Free Software
++#  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
++
++# Specify how libsemanage will interact with the module store.  The three
++# options are:
++#
++#  "direct"     - libsemanage will write directly to the store.
++#  /foo/bar     - Write by way of a policy server, whose named socket
++#                 is at /foo/bar.  The path must begin with a '/'.
++#  foo.com:4242 - Establish a TCP connection to a remote policy server
++#                 at foo.com.  If there is a colon then the remainder
++#                 is interpreted as a port number; otherwise default
++#                 to port 4242.
++module-store = direct
++
++# When generating the final linked and expanded policy, by default
++# semanageule will set the policy version to POLICYDB_VERSION_MAX, as
++# given in <sepol/policydb.h>.  Change this setting if a different
++# version is necessary.
++#policy-version = 19
++
++# After a policy has been created this library will attempt to load it
++# by calling the load_policy utility.  If there are special
++# requirements (e.g., read booleans from a certain file) then add them
++# here.  Below are the default values.  Within 'args', the special
++# sequence "$@" will be replaced with the policy filename.
++#[load_policy]
++#path = /usr/sbin/load_policy
++#args = -b $@
++#[end]
++
++# In addition to loading a policy libsemanage will validate file contexts
++# by calling the setfiles utility.  As above, "$@" will be replaced
++# with the policy filename.  In addition "$<" will be replaced with
++# the file contexts filename.
++#[setfiles]
++#path = /usr/sbin/setfiles
++#args = -q -c $@ $<
++#[end]
++
++# Each program specified within a [verify] block is run during
++# committing.  There are three types of verifies allowed: module,
++# linked, and kernel.  Multiple verifies may exist for a stage; place
++# each program within its own [verify] block.  For each stage the
++# programs are executed in the order given below.  If a program ever
++# returns a non-zero value then the entire commit is aborted.
++#
++# Module verifies are executed for each source module prior to
++# linking.  After they have been linked each link verifier is run
++# against the linked base module.  Finally, each kernel verifier is
++# run against the final expanded kernel policy.  If these verifiers
++# all exit with a return value of 0 then that kernel policy will be
++# loaded.
++#
++# 'path' gives a path the verificaton program.  'args' is any
++# free-form string that supplies command line arguments to the
++# verifier.  Within args single quotes, double quotes, and backslashes
++# are metacharacters handled similarly to bash.  Within 'args', the
++# special sequence "$@" will be replaced with a filename to the entity
++# being checked: source module for module verifiers, linked module for
++# linked, kernel policy for kernel.  The sequence "$<" will be
++# replaced with the previous filename, if applicable.  If an older
++# version does not exist "$<" expands to an empty string.
++#[verify module]
++#path = /usr/bin/some_module_verifier
++#args = -Wall -ansi -pedantic $@ $<
++#[end]
++
++#[verify module]
++#path = /another/module/verify/program
++#args = -With -some_more arguments
++#[end]
++
++#[verify linked]
++#path = /usr/local/bin/some_link_verifier
++#[end]
++
++#[verify kernel]
++#path = /usr/sbin/kernel_verifier
++#args = "some argument" "some other parameter" -k $@
++#[end]
diff --git a/libsemanage.spec b/libsemanage.spec
index fc14ab2..89c2f59 100644
--- a/libsemanage.spec
+++ b/libsemanage.spec
@@ -1,10 +1,11 @@
 Summary: SELinux binary policy manipulation library 
-Name: libsemanage-devel
+Name: libsemanage
 Version: 1.1.6
 Release: 1
 License: GPL
 Group: System Environment/Libraries
 Source: http://www.nsa.gov/selinux/archives/libsemanage-%{version}.tgz
+Patch: libsemanage-rhat.patch
 BuildRoot: %{_tmppath}/%{name}-buildroot
 
 %description
@@ -23,12 +24,18 @@ It is used by checkpolicy (the policy compiler) and similar tools, as well
 as by programs like load_policy that need to perform specific transformations
 on binary policies such as customizing policy boolean settings.
 
-%description
+%package devel
+Summary: Header files and libraries used to build policy manipulation tools
+Group: Development/Libraries
+Requires: libsemanage = %{version}
+
+%description devel
 The semanage-devel package contains the static libraries and header files
 needed for developing applications that manipulate binary policies. 
 
 %prep
-%setup -q -n libsemanage-%{version}
+%setup -q
+%patch -p1 -b .rhat
 
 %build
 make CFLAGS="%{optflags}"
@@ -39,12 +46,20 @@ mkdir -p ${RPM_BUILD_ROOT}/%{_lib}
 mkdir -p ${RPM_BUILD_ROOT}/%{_libdir} 
 mkdir -p ${RPM_BUILD_ROOT}%{_includedir} 
 make DESTDIR="${RPM_BUILD_ROOT}" LIBDIR="${RPM_BUILD_ROOT}%{_libdir}" SHLIBDIR="${RPM_BUILD_ROOT}/%{_lib}" install
-rm -rf ${RPM_BUILD_ROOT}/usr/share/semod/semod.conf
+
 %clean
 rm -rf ${RPM_BUILD_ROOT}
 
 %files
 %defattr(-,root,root)
+%config(noreplace) /usr/share/semanage/semanage.conf
+
+%post -p /sbin/ldconfig
+
+%postun -p /sbin/ldconfig
+
+%files devel
+%defattr(-,root,root)
 %{_libdir}/libsemanage.a
 %{_includedir}/semanage/*.h