From c54847bdaa9eb4b28873cac4c3c7d65328f16f2d Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Dec 01 2016 19:57:07 +0000
Subject: policycoreutils-2.5-19


- seobject: Handle python error returns correctly
- policycoreutils/sepolicy/gui: fix current selinux state radiobutton
- policycoreutils: semodule_package: do not fail with an empty fc file

---

diff --git a/policycoreutils-fedora.patch b/policycoreutils-fedora.patch
index d25a449..54fd00a 100644
--- a/policycoreutils-fedora.patch
+++ b/policycoreutils-fedora.patch
@@ -628596,7 +628596,7 @@ index 0fad36c..75b782f 100644
  while the semanage user command deals with the mapping from SELinux
  user identities to authorized role sets.  In most cases, only the
 diff --git policycoreutils-2.5/semanage/seobject.py policycoreutils-2.5/semanage/seobject.py
-index 3b0b108..bca247b 100644
+index 3b0b108..90481b1 100644
 --- policycoreutils-2.5/semanage/seobject.py
 +++ policycoreutils-2.5/semanage/seobject.py
 @@ -23,14 +23,12 @@
@@ -628870,7 +628870,22 @@ index 3b0b108..bca247b 100644
  
          self.validate(target)
  
-@@ -1913,7 +1971,7 @@ class fcontextRecords(semanageRecords):
+@@ -1904,16 +1962,18 @@ class fcontextRecords(semanageRecords):
+             if not exists:
+                 raise ValueError(_("File context for %s is not defined") % target)
+ 
+-        (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
+-        if rc < 0:
+-            (rc, fcontext) = semanage_fcontext_query(self.sh, k)
+-            if rc < 0:
++        try:
++            (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
++        except OSError:
++            try:
++                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
++            except OSError:
+                 raise ValueError(_("Could not query file context for %s") % target)
+ 
          if setype != "<<none>>":
              con = semanage_fcontext_get_con(fcontext)
  
@@ -628879,7 +628894,7 @@ index 3b0b108..bca247b 100644
                  con = self.createcon(target)
  
              if (is_mls_enabled == 1) and (serange != ""):
-@@ -1939,6 +1997,11 @@ class fcontextRecords(semanageRecords):
+@@ -1939,6 +1999,11 @@ class fcontextRecords(semanageRecords):
          semanage_fcontext_key_free(k)
          semanage_fcontext_free(fcontext)
  
@@ -628891,7 +628906,7 @@ index 3b0b108..bca247b 100644
      def modify(self, target, setype, ftype, serange, seuser):
          self.begin()
          self.__modify(target, setype, ftype, serange, seuser)
-@@ -1964,6 +2027,8 @@ class fcontextRecords(semanageRecords):
+@@ -1964,6 +2029,8 @@ class fcontextRecords(semanageRecords):
                  raise ValueError(_("Could not delete the file context %s") % target)
              semanage_fcontext_key_free(k)
  
@@ -628900,7 +628915,7 @@ index 3b0b108..bca247b 100644
          self.equiv = {}
          self.equal_ind = True
          self.commit()
-@@ -1972,6 +2037,9 @@ class fcontextRecords(semanageRecords):
+@@ -1972,6 +2039,9 @@ class fcontextRecords(semanageRecords):
          if target in self.equiv.keys():
              self.equiv.pop(target)
              self.equal_ind = True
@@ -628910,7 +628925,7 @@ index 3b0b108..bca247b 100644
              return
  
          (rc, k) = semanage_fcontext_key_create(self.sh, target, file_types[ftype])
-@@ -1996,6 +2064,8 @@ class fcontextRecords(semanageRecords):
+@@ -1996,6 +2066,8 @@ class fcontextRecords(semanageRecords):
  
          semanage_fcontext_key_free(k)
  
@@ -628919,7 +628934,7 @@ index 3b0b108..bca247b 100644
      def delete(self, target, ftype):
          self.begin()
          self.__delete(target, ftype)
-@@ -2091,7 +2161,7 @@ class booleanRecords(semanageRecords):
+@@ -2091,7 +2163,7 @@ class booleanRecords(semanageRecords):
              self.current_booleans = []
              ptype = None
  
@@ -628930,10 +628945,10 @@ index 3b0b108..bca247b 100644
              self.modify_local = False
 diff --git policycoreutils-2.5/semanage/seobject/__init__.py policycoreutils-2.5/semanage/seobject/__init__.py
 new file mode 100644
-index 0000000..d364434
+index 0000000..6ca9e7b
 --- /dev/null
 +++ policycoreutils-2.5/semanage/seobject/__init__.py
-@@ -0,0 +1,2405 @@
+@@ -0,0 +1,2407 @@
 +#! /usr/bin/python3 -Es
 +# Copyright (C) 2005-2013 Red Hat
 +# see file 'COPYING' for use and warranty information
@@ -630968,10 +630983,12 @@ index 0000000..d364434
 +                       if not exists:
 +                              raise ValueError(_("File context for %s is not defined") % target)
 +
-+                (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
-+                if rc < 0:
-+                       (rc, fcontext) = semanage_fcontext_query(self.sh, k)
-+                       if rc < 0:
++                try:
++                       (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
++                except OSError:
++                       try:
++                              (rc, fcontext) = semanage_fcontext_query(self.sh, k)
++                       except OSError:
 +                              raise ValueError(_("Could not query file context for %s") % target)
 +
 +                if setype != "<<none>>":
@@ -631460,6 +631477,21 @@ index bcfaa2b..ce048bc 100644
  			    NULL)) != -1) {
  		switch (i) {
  		case 'b':
+diff --git policycoreutils-2.5/semodule_package/semodule_package.c policycoreutils-2.5/semodule_package/semodule_package.c
+index d2a5fd0..e472054 100644
+--- policycoreutils-2.5/semodule_package/semodule_package.c
++++ policycoreutils-2.5/semodule_package/semodule_package.c
+@@ -72,6 +72,10 @@ static int file_to_data(const char *path, char **data, size_t * len)
+ 			path, strerror(errno));
+ 		goto err;
+ 	}
++	if (!sb.st_size) {
++		*len = 0;
++		return 0;
++	}
+ 
+ 	*data = mmap(NULL, sb.st_size, PROT_READ, MAP_PRIVATE, fd, 0);
+ 	if (*data == MAP_FAILED) {
 diff --git policycoreutils-2.5/sepolicy/common.h policycoreutils-2.5/sepolicy/common.h
 index dc3ce6a..3b93845 100644
 --- policycoreutils-2.5/sepolicy/common.h
@@ -633241,7 +633273,7 @@ index a92783a..8b3b131 100644
              out += "%s # %s\n" % (self.write_sh(out_dir), _("Setup Script"))
          return out
 diff --git policycoreutils-2.5/sepolicy/sepolicy/gui.py policycoreutils-2.5/sepolicy/sepolicy/gui.py
-index 313b77f..a26bf51 100644
+index 313b77f..70355d2 100644
 --- policycoreutils-2.5/sepolicy/sepolicy/gui.py
 +++ policycoreutils-2.5/sepolicy/sepolicy/gui.py
 @@ -1,4 +1,4 @@
@@ -633748,7 +633780,7 @@ index 313b77f..a26bf51 100644
          if label.get_text() == ADVANCED_SEARCH_LABEL[1]:
              label.set_text(ADVANCED_SEARCH_LABEL[0])
              self.close_popup()
-@@ -2581,25 +2553,6 @@ class SELinuxGui():
+@@ -2581,35 +2553,23 @@ class SELinuxGui():
              label.set_text(ADVANCED_SEARCH_LABEL[1])
              self.show_popup(self.advanced_search_window)
  
@@ -633774,8 +633806,11 @@ index 313b77f..a26bf51 100644
      def set_enforce_text(self, value):
          if value:
              self.status_bar.push(self.context_id, _("System Status: Enforcing"))
-@@ -2608,8 +2561,14 @@ class SELinuxGui():
-         self.current_status_permissive.set_active(True)
++            self.current_status_enforcing.set_active(True)
+         else:
+             self.status_bar.push(self.context_id, _("System Status: Permissive"))
+-        self.current_status_permissive.set_active(True)
++            self.current_status_permissive.set_active(True)
  
      def set_enforce(self, button):
 -        self.dbus.setenforce(button.get_active())
@@ -633791,7 +633826,7 @@ index 313b77f..a26bf51 100644
  
      def on_browse_select(self, *args):
          filename = self.file_dialog.get_filename()
-@@ -2669,16 +2628,22 @@ class SELinuxGui():
+@@ -2669,16 +2629,22 @@ class SELinuxGui():
              self.system_policy_type_combobox.set_active(self.typeHistory)
              return None
  
@@ -633818,7 +633853,7 @@ index 313b77f..a26bf51 100644
  
      def import_config_show(self, *args):
          self.file_dialog.set_action(Gtk.FileChooserAction.OPEN)
-@@ -2735,7 +2700,7 @@ class SELinuxGui():
+@@ -2735,7 +2701,7 @@ class SELinuxGui():
              return
          try:
              self.dbus.relabel_on_boot(active)
@@ -633827,7 +633862,7 @@ index 313b77f..a26bf51 100644
              self.error(e)
  
      def closewindow(self, window, *args):
-@@ -2821,10 +2786,13 @@ class SELinuxGui():
+@@ -2821,10 +2787,13 @@ class SELinuxGui():
          if not self.finish_init:
              return
          self.wait_mouse()
diff --git a/policycoreutils.spec b/policycoreutils.spec
index 9a2bd0f..3a04db9 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -9,7 +9,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.5
-Release: 18%{?dist}
+Release: 19%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # https://github.com/SELinuxProject/selinux/wiki/Releases
@@ -27,7 +27,7 @@ Source9: selinux-autorelabel-generator.sh
 # download https://raw.githubusercontent.com/fedora-selinux/scripts/master/selinux/make-fedora-selinux-patch.sh
 # run:
 # $ VERSION=2.5 ./make-fedora-selinux-patch.sh policycoreutils
-# HEAD https://github.com/fedora-selinux/selinux/commit/be955a4daf0598dbce8881c5dbab23b0cb1a6322
+# HEAD https://github.com/fedora-selinux/selinux/commit/223fc83c6e68cead9b3d8d4e5ca7e95a580952e7
 Patch:	 policycoreutils-fedora.patch
 # $ VERSION=1.2.3 ./make-fedora-selinux-patch.sh sepolgen
 Patch1:  sepolgen-fedora.patch
@@ -436,6 +436,11 @@ The policycoreutils-restorecond package contains the restorecond service.
 %systemd_postun_with_restart restorecond.service
 
 %changelog
+* Thu Dec 01 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-19
+- seobject: Handle python error returns correctly
+- policycoreutils/sepolicy/gui: fix current selinux state radiobutton
+- policycoreutils: semodule_package: do not fail with an empty fc file
+
 * Tue Nov 22 2016 Petr Lautrbach <plautrba@redhat.com> - 2.5-18
 - Update translations
 - Fix fcontextPage editing features (#1344842)