-Add support for static-only build
+From 2140db697c7f1da2a0a3f7bbcb14c1a0dade84e5 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:28:12 -0400
+Subject: [PATCH] Add support for static-only build
Instead of unconditionally building shared libraries, this patch
improves the libsepol build system with a "STATIC" variable, which
does not have support for shared libraries.
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-Index: b/src/Makefile
-===================================================================
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ src/Makefile | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
diff --git a/src/Makefile b/src/Makefile
-index db6c2ba..0006285 100644
+index 819d261..040921d 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -30,8 +30,12 @@ LOBJS += $(sort $(patsubst %.c,%.lo,$(wildcard $(CILDIR)/src/*.c) $(CIL_GENERATE
- override CFLAGS += -I$(CILDIR)/include
+@@ -40,7 +40,12 @@ LDFLAGS += -undefined dynamic_lookup
+ LN=gln
endif
+-all: $(LIBA) $(LIBSO) $(LIBPC)
+ALL_TARGETS = $(LIBA) $(LIBPC)
+ifeq ($(STATIC),)
+ALL_TARGETS += $(LIBSO)
+endif
-
--all: $(LIBA) $(LIBSO) $(LIBPC)
++
+all: $(ALL_TARGETS)
-
+
$(LIBA): $(OBJS)
-@@ -66,11 +70,13 @@
+@@ -82,11 +87,13 @@ endif
install: all
test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
install -m 644 $(LIBA) $(LIBDIR)
+ifeq ($(STATIC),)
+ test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
+ install -m 755 $(LIBSO) $(SHLIBDIR)
- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+endif
relabel:
/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+--
+2.13.6
+
-Makefile: revert libsepol: use ln --relative to create .so symlinks
+From 16b2b0e21e10727065042a1baabd1a887757c65c Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Mon, 9 Oct 2017 16:29:36 -0400
+Subject: [PATCH] Makefile: revert libsepol: use ln --relative to create .so symlinks
This reverts 71393a181d63c9baae5fe8dcaeb9411d1f253998
For the sake of Buildroot, revert the upstream patch.
Signed-off-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
+---
+ src/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
-diff -durN a/src/Makefile b/src/Makefile
+diff --git a/src/Makefile b/src/Makefile
+index 040921d..e811c9e 100644
--- a/src/Makefile
+++ b/src/Makefile
-@@ -77,7 +77,7 @@
+@@ -92,7 +92,7 @@ install: all
ifeq ($(STATIC),)
test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
install -m 755 $(LIBSO) $(SHLIBDIR)
-- ln -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+- $(LN) -sf --relative $(SHLIBDIR)/$(LIBSO) $(LIBDIR)/$(TARGET)
+ cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
endif
relabel:
+--
+2.13.6
+
-# From https://github.com/SELinuxProject/selinux/wiki/Releases
-sha256 d856d6506054f52abeaa3543ea2f2344595a3dc05d0d873ed7f724f7a16b1874 libsepol-2.6.tar.gz
+# From: https://github.com/SELinuxProject/selinux/wiki/Releases
+sha256 d69d3bd8ec901a3bd5adf2be2fb47fb1a685ed73066ab482e7e505371a48f9e7 libsepol-2.7.tar.gz
#
################################################################################
-LIBSEPOL_VERSION = 2.6
-LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20161014
+LIBSEPOL_VERSION = 2.7
+LIBSEPOL_SITE = https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804
LIBSEPOL_LICENSE = LGPL-2.1+
LIBSEPOL_LICENSE_FILES = COPYING
+++ /dev/null
-Correct build issues to enable cross compiling. These changes require the
-package to be auto reconfigured.
-
-These updates were not upsteamed as the 3.3.x version has stablized and they
-were only taking bug fixes. Also the 4.0 preview has completely reworked
-the build infrastructure which will require this to be revisited.
-
-Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
-
-diff -urN a/configure.ac b/configure.ac
---- a/configure.ac 2013-01-16 10:36:24.000000000 -0600
-+++ b/configure.ac 2013-07-12 08:22:10.380255248 -0500
-@@ -448,8 +448,9 @@
- sepol_srcdir="")
- if test "x${sepol_srcdir}" = "x"; then
- sepol_srcdir=${sepol_devel_libdir}
-- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
-- AC_MSG_ERROR([make sure libsepol-static is installed]))
-+ if test ! -f ${sepol_srcdir}/libsepol.a; then
-+ AC_MSG_ERROR([could not find precompiled libsepol.a])
-+ fi
- else
- AC_MSG_CHECKING([for compatible sepol source tree])
- sepol_version=${sepol_srcdir}/VERSION
-@@ -484,8 +485,9 @@
- AC_CHECK_HEADER([sepol/policydb/policydb.h], , AC_MSG_ERROR([could not find sepol source tree]))
- CFLAGS="${sepol_src_save_CFLAGS}"
- CPPFLAGS="${sepol_src_save_CPPFLAGS}"
-- AC_CHECK_FILE([${sepol_srcdir}/libsepol.a],,
-- AC_MSG_ERROR([could not find precompiled libsepol.a]))
-+ if test ! -f ${sepol_srcdir}/libsepol.a; then
-+ AC_MSG_ERROR([could not find precompiled libsepol.a])
-+ fi
- sepol_devel_incdir="${sepol_srcdir}/../include"
- fi
- SELINUX_CFLAGS="-I${sepol_devel_incdir} -I${selinux_devel_incdir}"
-@@ -578,12 +580,13 @@
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
-+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
- }])],
- AC_MSG_RESULT([yes]),
- AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
- fi
- sepol_new_expand_boolmap="yes"
-+ sepol_new_user_role_mapping="yes"
- else
- sepol_new_expand_boolmap="no"
- fi
-@@ -607,7 +610,8 @@
- exit(EXIT_FAILURE);
- }])],
- sepol_policy_version_max=`cat conftest.data`,
-- AC_MSG_FAILURE([could not determine maximum libsepol policy version]))
-+ AC_MSG_FAILURE([could not determine maximum libsepol policy version]),
-+ sepol_policy_version_max="26")
- AC_DEFINE_UNQUOTED(SEPOL_POLICY_VERSION_MAX, ${sepol_policy_version_max}, [maximum policy version supported by libsepol])
- CFLAGS="${sepol_save_CFLAGS}"
- CPPFLAGS="${sepol_save_CPPFLAGS}"
-@@ -631,7 +635,7 @@
- changequote([,])dnl
- selinux_save_CFLAGS="${CFLAGS}"
- CFLAGS="${SELINUX_CFLAGS} ${SELINUX_LIB_FLAG} -lselinux -lsepol ${CFLAGS}"
-- gcc ${CFLAGS} -o conftest conftest.c >&5
-+ ${CC} ${CFLAGS} -o conftest conftest.c >&5
- selinux_policy_dir=`./conftest`
- AC_MSG_RESULT(${selinux_policy_dir})
- CFLAGS="${selinux_save_CFLAGS}"
-diff -urN a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
---- a/libqpol/src/policy_define.c 2013-01-16 10:36:24.000000000 -0600
-+++ b/libqpol/src/policy_define.c 2013-07-12 08:22:10.380255248 -0500
-@@ -2135,7 +2135,7 @@
- #ifdef HAVE_SEPOL_ROLE_ATTRS
- if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
- #elif HAVE_SEPOL_USER_ROLE_MAPPING
-- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
-+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
- #else
- if (role_set_expand(&roles, &e_roles, policydbp))
- #endif
-diff -urN a/m4/ac_python_devel.m4 b/m4/ac_python_devel.m4
---- a/m4/ac_python_devel.m4 2013-01-16 10:36:22.000000000 -0600
-+++ b/m4/ac_python_devel.m4 2013-07-12 08:22:10.380255248 -0500
-@@ -234,7 +234,7 @@
- AC_MSG_CHECKING([consistency of all components of python development environment])
- AC_LANG_PUSH([C])
- # save current global flags
-- LIBS="$ac_save_LIBS $PYTHON_LDFLAGS"
-+ LIBS="$ac_save_LIBS $PYTHON_EXTRA_LIBS $PYTHON_LDFLAGS"
- CPPFLAGS="$ac_save_CPPFLAGS $PYTHON_CPPFLAGS"
- AC_TRY_LINK([
- #include <Python.h>
-diff -urN a/python/setools/Makefile.am b/python/setools/Makefile.am
---- a/python/setools/Makefile.am 2013-01-16 10:36:22.000000000 -0600
-+++ b/python/setools/Makefile.am 2013-07-12 08:22:19.200251011 -0500
-@@ -22,13 +22,13 @@
- python-build: sesearch.c seinfo.c
- @mkdir -p setools
- @cp __init__.py setools
-- LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" INCLUDES="$(QPOL_CFLAGS) $(APOL_CFLAGS)" $(PYTHON) setup.py build
-+ LIBS="$(QPOL_LIB_FLAG) $(APOL_LIB_FLAG)" LIBDIRS="$(PYTHON_LDFLAGS)" INCLUDES="$(PYTHON_CPPFLAGS) $(QPOL_CFLAGS) $(APOL_CFLAGS)" CC="$(CC)" CFLAGS="$(CFLAGS)" LDSHARED="$(CC) -shared" LDFLAGS="$(LDFLAGS)" $(PYTHON) setup.py build_ext
-
- install-exec-hook:
-- $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py install `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
-
- uninstall-hook:
-- $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
-+ $(PYTHON) setup.py uninstall `test -n "$(DESTDIR)" && echo --prefix=$(DESTDIR)/usr`
-
- clean-local:
- $(PYTHON) setup.py clean -a
---- a/python/setools/setup.py 2013-01-16 10:36:22.000000000 -0600
-+++ b/python/setools/setup.py 2013-09-04 09:17:48.452916991 -0500
-@@ -8,7 +8,7 @@
- try:
- inc=os.getenv("INCLUDES").split(" ")
- INCLUDES=map(lambda x: x[2:], inc)
-- LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split())
-+ LIBDIRS=map(lambda x: "/".join(x.split("/")[:-1]), os.getenv("LIBS").split()) + map(lambda x: x[2:], os.getenv("LIBDIRS").split())
- except:
- INCLUDES=""
- LIBDIRS=""
--- /dev/null
+From b2fe84bfd00117d4897f1f2e8f83d3410eb188b8 Mon Sep 17 00:00:00 2001
+From: Adam Duskett <Adamduskett@outlook.com>
+Date: Thu, 12 Oct 2017 22:04:58 -0400
+Subject: [PATCH] remove werror flag from setup
+
+Compilers older than gcc6 will generate uninitialized variable warnings which
+will cause compiling to fail.
+
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ setup.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/setup.py b/setup.py
+index 2ca44c9..9319bf6 100644
+--- a/setup.py
++++ b/setup.py
+@@ -146,7 +146,7 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
+ 'libqpol/policy_scan.c',
+ 'libqpol/xen_query.c'],
+ include_dirs=include_dirs,
+- extra_compile_args=['-Werror', '-Wextra',
++ extra_compile_args=['-Wextra',
+ '-Waggregate-return',
+ '-Wfloat-equal',
+ '-Wformat', '-Wformat=2',
+--
+2.13.6
+
--- /dev/null
+From 2512c3ba608077db3a5e0286b976fadc8a04a5c4 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 23 Feb 2017 08:17:07 +0100
+Subject: [PATCH] Do not export/use setools.InfoFlowAnalysis and
+ setools.DomainTransitionAnalysis
+
+dta and infoflow modules require networkx which brings lot of dependencies.
+These dependencies are not necessary for setools module itself as it's
+used in policycoreutils.
+
+Therefore it's better to use setools.infoflow.InfoFlowAnalysis and
+setools.dta.DomainTransitionAnalysis and let the package containing
+sedta and seinfoflow to require python3-networkx
+
+Signed-off-by: Adam Duskett <Adamduskett@outlook.com>
+---
+ sedta | 3 ++-
+ seinfoflow | 3 ++-
+ setools/__init__.py | 4 ++--
+ setoolsgui/apol/dta.py | 2 +-
+ setoolsgui/apol/infoflow.py | 2 +-
+ tests/dta.py | 3 ++-
+ tests/infoflow.py | 3 ++-
+ 7 files changed, 12 insertions(+), 8 deletions(-)
+
+diff --git a/sedta b/sedta
+index 1c76ebb..255ad49 100755
+--- a/sedta
++++ b/sedta
+@@ -23,6 +23,7 @@ import argparse
+ import logging
+
+ import setools
++import setools.dta
+
+
+ def print_transition(trans):
+@@ -111,7 +112,7 @@ else:
+
+ try:
+ p = setools.SELinuxPolicy(args.policy)
+- g = setools.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
++ g = setools.dta.DomainTransitionAnalysis(p, reverse=args.reverse, exclude=args.exclude)
+
+ if args.shortest_path or args.all_paths:
+ if args.shortest_path:
+diff --git a/seinfoflow b/seinfoflow
+index b287921..d53bdef 100755
+--- a/seinfoflow
++++ b/seinfoflow
+@@ -19,6 +19,7 @@
+
+ from __future__ import print_function
+ import setools
++import setools.infoflow
+ import argparse
+ import sys
+ import logging
+@@ -79,7 +80,7 @@ else:
+ try:
+ p = setools.SELinuxPolicy(args.policy)
+ m = setools.PermissionMap(args.map)
+- g = setools.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
++ g = setools.infoflow.InfoFlowAnalysis(p, m, min_weight=args.min_weight, exclude=args.exclude)
+
+ if args.shortest_path or args.all_paths:
+ if args.shortest_path:
+diff --git a/setools/__init__.py b/setools/__init__.py
+index a84c846..a53c5a7 100644
+--- a/setools/__init__.py
++++ b/setools/__init__.py
+@@ -74,11 +74,11 @@ from .pcideviceconquery import PcideviceconQuery
+ from .devicetreeconquery import DevicetreeconQuery
+
+ # Information Flow Analysis
+-from .infoflow import InfoFlowAnalysis
++# from .infoflow import InfoFlowAnalysis
+ from .permmap import PermissionMap
+
+ # Domain Transition Analysis
+-from .dta import DomainTransitionAnalysis
++# from .dta import DomainTransitionAnalysis
+
+ # Policy difference
+ from .diff import PolicyDifference
+diff --git a/setoolsgui/apol/dta.py b/setoolsgui/apol/dta.py
+index 0aaf13f..5b1ea20 100644
+--- a/setoolsgui/apol/dta.py
++++ b/setoolsgui/apol/dta.py
+@@ -23,7 +23,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+ QTreeWidgetItem
+-from setools import DomainTransitionAnalysis
++from setools.dta import DomainTransitionAnalysis
+
+ from ..logtosignal import LogHandlerToSignal
+ from .analysistab import AnalysisTab
+diff --git a/setoolsgui/apol/infoflow.py b/setoolsgui/apol/infoflow.py
+index 1ae16de..fdf8f7b 100644
+--- a/setoolsgui/apol/infoflow.py
++++ b/setoolsgui/apol/infoflow.py
+@@ -25,7 +25,7 @@ from PyQt5.QtCore import pyqtSignal, Qt, QStringListModel, QThread
+ from PyQt5.QtGui import QPalette, QTextCursor
+ from PyQt5.QtWidgets import QCompleter, QHeaderView, QMessageBox, QProgressDialog, \
+ QTreeWidgetItem
+-from setools import InfoFlowAnalysis
++from setools.infoflow import InfoFlowAnalysis
+ from setools.exception import UnmappedClass, UnmappedPermission
+
+ from ..logtosignal import LogHandlerToSignal
+diff --git a/tests/dta.py b/tests/dta.py
+index 32b9271..2bdd052 100644
+--- a/tests/dta.py
++++ b/tests/dta.py
+@@ -17,7 +17,8 @@
+ #
+ import unittest
+
+-from setools import SELinuxPolicy, DomainTransitionAnalysis
++from setools import SELinuxPolicy
++from setools.dta import DomainTransitionAnalysis
+ from setools import TERuletype as TERT
+ from setools.policyrep.exception import InvalidType
+ from setools.policyrep.typeattr import Type
+diff --git a/tests/infoflow.py b/tests/infoflow.py
+index 7751dda..a21c683 100644
+--- a/tests/infoflow.py
++++ b/tests/infoflow.py
+@@ -17,7 +17,8 @@
+ #
+ import unittest
+
+-from setools import SELinuxPolicy, InfoFlowAnalysis
++from setools import SELinuxPolicy
++from setools.infoflow import InfoFlowAnalysis
+ from setools import TERuletype as TERT
+ from setools.permmap import PermissionMap
+ from setools.policyrep.exception import InvalidType
+--
+2.9.3
+
+++ /dev/null
-Correct a build issue that occurs when python is not found
-in the path. This check should only be done if swig-python
-option is selected.
-
-Signed-off-by Clayton Shotwell <clshotwe@rockwellcollins.com>
-
---- a/configure.ac 2015-05-15 12:28:07.566060349 -0500
-+++ b/configure.ac 2015-05-28 15:07:25.357072800 -0500
-@@ -217,8 +217,6 @@
- do_swigify=yes
- fi
-
--AM_PATH_PYTHON(2.7)
--
- AC_ARG_ENABLE(swig-python,
- AC_HELP_STRING([--enable-swig-python],
- [build SWIG interfaces for Python]),
-@@ -227,6 +225,7 @@
- if test ${do_swigify} = no; then
- AC_PROG_SWIG(2.0.0)
- fi
-+ AM_PATH_PYTHON(2.7)
- SWIG_PYTHON
- do_swigify_python=yes
- do_swigify=yes
+++ /dev/null
-setools: Add patch to support 2.4 toolstack.
-Signed-off-by: Philip Tricca <flihp@twobit.us>
-Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
-URL: https://github.com/flihp/meta-selinux/commit/e09eaef7a9acb552a4a5e1f90117154ae06b6fda
-
-Signed-off-by: Adam Duskett <Aduskett@gmail.com>
-
-diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
-index fad6b60..231962f 100644
---- a/libqpol/src/policy_define.c
-+++ b/libqpol/src/policy_define.c
-@@ -1449,7 +1449,7 @@ int define_compute_type_helper(int which, avrule_t ** rule)
- return -1;
- }
- class_perm_node_init(perm);
-- perm->class = i + 1;
-+ perm->tclass = i + 1;
- perm->data = datum->s.value;
- perm->next = avrule->perms;
- avrule->perms = perm;
-@@ -1699,7 +1699,7 @@ int define_te_avtab_helper(int which, avrule_t ** rule)
- goto out;
- }
- class_perm_node_init(cur_perms);
-- cur_perms->class = i + 1;
-+ cur_perms->tclass = i + 1;
- if (!perms)
- perms = cur_perms;
- if (tail)
-diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
-index 5325a87..1417271 100644
---- a/libqpol/src/policy_extend.c
-+++ b/libqpol/src/policy_extend.c
-@@ -843,7 +843,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- for (class_node = rule->perms; class_node; class_node = class_node->next) {
- key.rule_type = rule->specified;
- key.source_val = key.target_val = i + 1;
-- key.class_val = class_node->class;
-+ key.class_val = class_node->tclass;
- key.cond = cond;
- if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- goto err;
-@@ -856,7 +856,7 @@ static int qpol_syn_rule_table_insert_sepol_avrule(qpol_policy_t * policy, qpol_
- key.rule_type = rule->specified;
- key.source_val = i + 1;
- key.target_val = j + 1;
-- key.class_val = class_node->class;
-+ key.class_val = class_node->tclass;
- key.cond = cond;
- if (qpol_syn_rule_table_insert_entry(policy, table, &key, new_rule))
- goto err;
-diff --git a/libqpol/src/syn_rule_query.c b/libqpol/src/syn_rule_query.c
-index 3e63204..d7578f1 100644
---- a/libqpol/src/syn_rule_query.c
-+++ b/libqpol/src/syn_rule_query.c
-@@ -67,7 +67,7 @@ static void *syn_rule_class_state_get_cur(const qpol_iterator_t * iter)
- return NULL;
- }
-
-- return db->class_val_to_struct[srcs->cur->class - 1];
-+ return db->class_val_to_struct[srcs->cur->tclass - 1];
- }
-
- static int syn_rule_class_state_next(qpol_iterator_t * iter)
-@@ -465,10 +465,10 @@ int qpol_syn_avrule_get_perm_iter(const qpol_policy_t * policy, const qpol_syn_a
- }
-
- for (node = internal_rule->perms; node; node = node->next) {
-- for (i = 0; i < db->class_val_to_struct[node->class - 1]->permissions.nprim; i++) {
-+ for (i = 0; i < db->class_val_to_struct[node->tclass - 1]->permissions.nprim; i++) {
- if (!(node->data & (1 << i)))
- continue;
-- tmp = sepol_av_to_string(db, node->class, (sepol_access_vector_t) (1 << i));
-+ tmp = sepol_av_to_string(db, node->tclass, (sepol_access_vector_t) (1 << i));
- if (tmp) {
- tmp++; /* remove prepended space */
- for (cur = 0; cur < perm_list_sz; cur++)
-diff --git a/secmds/replcon.cc b/secmds/replcon.cc
-index 34f7c1a..307c39f 100644
---- a/secmds/replcon.cc
-+++ b/secmds/replcon.cc
-@@ -60,7 +60,7 @@ static struct option const longopts[] = {
- {NULL, 0, NULL, 0}
- };
-
--extern int lsetfilecon_raw(const char *, security_context_t) __attribute__ ((weak));
-+extern int lsetfilecon_raw(const char *, const char *) __attribute__ ((weak));
-
- /**
- * As that setools must work with older libselinux versions that may
config BR2_PACKAGE_SETOOLS
bool "setools"
- depends on BR2_TOOLCHAIN_HAS_THREADS
+ depends on !BR2_arc # arc: libselinux not available
depends on !BR2_STATIC_LIBS
- depends on BR2_INSTALL_LIBSTDCPP
+ depends on BR2_TOOLCHAIN_HAS_THREADS
depends on BR2_USE_WCHAR
depends on BR2_TOOLCHAIN_USES_GLIBC # libselinux
- # bfin: infamous _ symbol prefix issue
- # nios2: triggers some toolchain issue "No symbol version
- # section for versioned symbol"
- # arc: libselinux not available
- depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
+ depends on BR2_USE_MMU
+ select BR2_PACKAGE_PYTHON3 if !BR2_PACKAGE_PYTHON
+ select BR2_PACKAGE_PYTHON_ENUM34 if !BR2_PACKAGE_PYTHON3
+ select BR2_PACKAGE_PYTHON_SETUPTOOLS
select BR2_PACKAGE_LIBSELINUX
- select BR2_PACKAGE_SQLITE
- select BR2_PACKAGE_LIBXML2
- select BR2_PACKAGE_BZIP2
help
SETools is an open source project designed to facilitate
SELinux policy analysis. The primary tools are:
- * apol - analyze a SELinux policy.
- * seaudit - analyze audit messages from SELinux.
- * seaudit-report - generate highly-customized audit log
- reports.
- * sechecker - command line tool for performing modular
- checks on an SELinux policy.
+ * apol - analyze a SELinux policy. (requires python-qt5)
* sediff - semantic policy difference tool for SELinux.
- * secmds - command-line tools to analyze and search SELinux
- policy.
+ * sedta - Perform domain transition analyses
+ * sesearch - Search rules (allow, type_transition, etc.)
- https://github.com/TresysTechnology/setools3/wiki
+ https://github.com/TresysTechnology/setools
comment "setools needs a glibc toolchain w/ threads, C++, wchar, dynamic library"
- depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS \
- || !BR2_USE_WCHAR || !BR2_INSTALL_LIBSTDCPP \
- || !BR2_TOOLCHAIN_USES_GLIBC
- depends on !BR2_nios2 && !BR2_bfin && !BR2_arc
+ depends on BR2_USE_MMU && !BR2_arc
+ depends on !BR2_TOOLCHAIN_HAS_THREADS || BR2_STATIC_LIBS || \
+ !BR2_USE_WCHAR || !BR2_TOOLCHAIN_USES_GLIBC || \
+ !BR2_INSTALL_LIBSTDCPP
# From https://github.com/TresysTechnology/setools3/wiki/Download
-md5 d68d0d4e4da0f01da0f208782ff04b91 setools-3.3.8.tar.bz2
+md5 d68d0d4e4da0f01da0f208782ff04b91 setools-4.1.1.tar.bz2
# Locally computed
-sha256 44387ecc9a231ec536a937783440cd8960a72c51f14bffc1604b7525e341e999 setools-3.3.8.tar.bz2
+sha256 46a927ea2b163cbe1d35cc35da43e45853e13720c7e02d4cf75a498783c19610 setools-4.1.1.tar.gz
+sha256 2f7547e10f76a382c24c053595f38a5cc6dda9347f508f254ca490e0046a9624 COPYING
+sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING.GPL
+sha256 dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551 COPYING.LGPL
#
################################################################################
-SETOOLS_VERSION = 3.3.8
-SETOOLS_SOURCE = setools-$(SETOOLS_VERSION).tar.bz2
-SETOOLS_SITE = https://raw.githubusercontent.com/wiki/TresysTechnology/setools3/files/dists/setools-$(SETOOLS_VERSION)
-SETOOLS_DEPENDENCIES = libselinux libsepol sqlite libxml2 bzip2 host-bison host-flex
+SETOOLS_VERSION = 4.1.1
+SETOOLS_SITE = $(call github,TresysTechnology,setools,$(SETOOLS_VERSION))
+SETOOLS_DEPENDENCIES = libselinux libsepol python-setuptools host-bison host-flex host-swig
SETOOLS_INSTALL_STAGING = YES
SETOOLS_LICENSE = GPL-2.0+, LGPL-2.1+
SETOOLS_LICENSE_FILES = COPYING COPYING.GPL COPYING.LGPL
+SETOOLS_SETUP_TYPE = setuptools
+HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol
-# configure.ac is patched by the cross compile patch,
-# so autoreconf is necessary
-SETOOLS_AUTORECONF = YES
-
-# Notes: Need "disable-selinux-check" so the configure does not check to see
-# if host has selinux enabled.
-# No python support as only the libraries and commandline tools are
-# installed on target
-SETOOLS_CONF_OPTS = \
- --disable-debug \
- --disable-gui \
- --disable-bwidget-check \
- --disable-selinux-check \
- --disable-swig-java \
- --disable-swig-python \
- --disable-swig-tcl \
- --with-sepol-devel="$(STAGING_DIR)/usr" \
- --with-selinux-devel="$(STAGING_DIR)/usr"
-
-ifeq ($(BR2_sparc64):$(BR2_STATIC_LIBS),y:)
-SETOOLS_CONF_ENV += CFLAGS="$(TARGET_CFLAGS) -fPIC"
-endif
-
-HOST_SETOOLS_DEPENDENCIES = host-libselinux host-libsepol host-sqlite \
- host-libxml2 host-bzip2 host-bison
ifeq ($(BR2_PACKAGE_PYTHON3),y)
-HOST_SETOOLS_PYTHON_VERSION=$(PYTHON3_VERSION_MAJOR)
-HOST_SETOOLS_DEPENDENCIES += host-python3
-HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON3_VERSION)
+SETOOLS_PYLIBVER = python$(PYTHON3_VERSION_MAJOR)
else
-HOST_SETOOLS_PYTHON_VERSION=$(PYTHON_VERSION_MAJOR)
-HOST_SETOOLS_DEPENDENCIES += host-python
-HOST_SETOOLS_CONF_ENV += am_cv_python_version=$(PYTHON_VERSION)
+SETOOLS_PYLIBVER = python$(PYTHON_VERSION_MAJOR)
+SETOOLS_DEPENDENCIES += python-enum34
endif
-HOST_SETOOLS_PYTHON_SITE_PACKAGES = $(HOST_DIR)/lib/python$(HOST_SETOOLS_PYTHON_VERSION)/site-packages
-HOST_SETOOLS_PYTHON_INCLUDES = $(HOST_DIR)/include/python$(HOST_SETOOLS_PYTHON_VERSION)
-HOST_SETOOLS_PYTHON_LIB = -lpython$(HOST_SETOOLS_PYTHON_VERSION)
+define SETOOLS_FIX_SETUP
+ # By default, setup.py will look for libsepol.a in the host machines
+ # /usr/lib directory. This needs to be changed to the staging directory.
+ $(SED) "s@base_lib_dirs =.*@base_lib_dirs = ['$(STAGING_DIR)/lib']@g" \
+ $(@D)/setup.py
+endef
+SETOOLS_POST_PATCH_HOOKS += SETOOLS_FIX_SETUP
-# Notes: Need "disable-selinux-check" so the configure does not check to see
-# if host has selinux enabled.
-# Host builds with python support to enable tools for offline target
-# policy analysis
-HOST_SETOOLS_CONF_OPTS = \
- --disable-debug \
- --disable-gui \
- --disable-bwidget-check \
- --disable-selinux-check \
- --disable-swig-java \
- --disable-swig-python \
- --disable-swig-tcl \
- --with-sepol-devel="$(HOST_DIR)" \
- --with-selinux-devel="$(HOST_DIR)" \
- PYTHON_LDFLAGS="-L$(HOST_DIR)/lib/" \
- PYTHON_CPPFLAGS="-I$(HOST_SETOOLS_PYTHON_INCLUDES)" \
- PYTHON_SITE_PKG="$(HOST_SETOOLS_PYTHON_SITE_PACKAGES)" \
- PYTHON_EXTRA_LIBS="-lpthread -ldl -lutil $(HOST_SETOOLS_PYTHON_LIB)"
+define HOST_SETOOLS_FIX_SETUP
+ # By default, setup.py will look for libsepol.a in the host machines
+ # /usr/lib directory. This needs to be changed to the host directory.
+ $(SED) "s@base_lib_dirs =.*@base_lib_dirs = ['$(HOST_DIR)/lib']@g" \
+ $(@D)/setup.py
+endef
+HOST_SETOOLS_POST_PATCH_HOOKS += HOST_SETOOLS_FIX_SETUP
+
+# sedta and seinfoflow depend on python-networkx. This package is not
+# available in buildroot.
+define SETOOLS_REMOVE_BROKEN_SCRIPTS
+ $(RM) $(TARGET_DIR)/usr/bin/sedta
+ $(RM) $(TARGET_DIR)/usr/bin/seinfoflow
+endef
+SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_BROKEN_SCRIPTS
+
+# apol requires pyqt5. However, the setools installation
+# process will install apol even if pyqt5 is missing.
+# Remove these scripts from the target it pyqt5 is not selected.
+ifeq ($(BR2_PACKAGE_PYTHON_PYQT5),)
+define SETOOLS_REMOVE_QT_SCRIPTS
+ $(RM) $(TARGET_DIR)/usr/bin/apol
+ $(RM) -r $(TARGET_DIR)/lib/$(SETOOLS_PYLIBVER)/site-packages/setoolsgui/
+endef
+SETOOLS_POST_INSTALL_TARGET_HOOKS += SETOOLS_REMOVE_QT_SCRIPTS
+endif
-HOST_SETOOLS_CONF_ENV += \
- am_cv_pathless_PYTHON=python \
- ac_cv_path_PYTHON=$(HOST_DIR)/bin/python \
- am_cv_python_platform=linux2 \
- am_cv_python_version=$(HOST_SETOOLS_PYTHON_VERSION) \
- am_cv_python_pythondir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
- am_cv_python_pyexecdir=$(HOST_SETOOLS_PYTHON_SITE_PACKAGES) \
- am_cv_python_includes=-I$(HOST_SETOOLS_PYTHON_INCLUDES)
+# sedta and seinfoflow depend on python-networkx. This package is not
+# available in buildroot. pyqt5 is not a host-package, remove apol
+# from the host directory as well.
+define HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
+ $(RM) $(HOST_DIR)/bin/sedta
+ $(RM) $(HOST_DIR)/bin/seinfoflow
+ $(RM) $(HOST_DIR)/bin/apol
+endef
+HOST_SETOOLS_POST_INSTALL_HOOKS += HOST_SETOOLS_REMOVE_BROKEN_SCRIPTS
-$(eval $(autotools-package))
-$(eval $(host-autotools-package))
+$(eval $(python-package))
+$(eval $(host-python-package))
projects / buildroot.git / commitdiff