diff --git a/SOURCES/libsemanage-rhel.patch b/SOURCES/libsemanage-rhel.patch
index e3c69dc..5ae063c 100644
--- a/SOURCES/libsemanage-rhel.patch
+++ b/SOURCES/libsemanage-rhel.patch
@@ -16,6 +16,19 @@ index 9b4d5b7..10fc784 100644
2.5 2016-02-23
* Do not overwrite CFLAGS in test Makefile, from Nicolas Iooss.
* Fix uninitialized variable in direct_commit and direct_api, from Nicolas Iooss.
+diff --git libsemanage-2.5/include/semanage/fcontexts_policy.h libsemanage-2.5/include/semanage/fcontexts_policy.h
+index a50db2b..199a1e1 100644
+--- libsemanage-2.5/include/semanage/fcontexts_policy.h
++++ libsemanage-2.5/include/semanage/fcontexts_policy.h
+@@ -26,4 +26,8 @@ extern int semanage_fcontext_list(semanage_handle_t * handle,
+ semanage_fcontext_t *** records,
+ unsigned int *count);
+
++extern int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
++ semanage_fcontext_t *** records,
++ unsigned int *count);
++
+ #endif
diff --git libsemanage-2.5/include/semanage/handle.h libsemanage-2.5/include/semanage/handle.h
index 6cad529..c816590 100644
--- libsemanage-2.5/include/semanage/handle.h
@@ -29,6 +42,304 @@ index 6cad529..c816590 100644
int semanage_access_check(semanage_handle_t * sh);
/* returns 0 if not connected, 1 if connected */
+diff --git libsemanage-2.5/include/semanage/ibendport_record.h libsemanage-2.5/include/semanage/ibendport_record.h
+new file mode 100644
+index 0000000..153eea0
+--- /dev/null
++++ libsemanage-2.5/include/semanage/ibendport_record.h
+@@ -0,0 +1,62 @@
++/*Copyright (C) 2005 Red Hat, Inc. */
++
++#ifndef _SEMANAGE_IBENDPORT_RECORD_H_
++#define _SEMANAGE_IBENDPORT_RECORD_H_
++
++#include <semanage/context_record.h>
++#include <semanage/handle.h>
++#include <stddef.h>
++
++#ifndef _SEMANAGE_IBENDPORT_DEFINED_
++struct semanage_ibendport;
++struct semanage_ibendport_key;
++typedef struct semanage_ibendport semanage_ibendport_t;
++typedef struct semanage_ibendport_key semanage_ibendport_key_t;
++#define _SEMANAGE_IBENDPORT_DEFINED_
++#endif
++
++extern int semanage_ibendport_compare(const semanage_ibendport_t *ibendport,
++ const semanage_ibendport_key_t *key);
++
++extern int semanage_ibendport_compare2(const semanage_ibendport_t *ibendport,
++ const semanage_ibendport_t *ibendport2);
++
++extern int semanage_ibendport_key_create(semanage_handle_t *handle,
++ const char *ibdev_name,
++ int port,
++ semanage_ibendport_key_t **key_ptr);
++
++extern int semanage_ibendport_key_extract(semanage_handle_t *handle,
++ const semanage_ibendport_t *ibendport,
++ semanage_ibendport_key_t **key_ptr);
++
++extern void semanage_ibendport_key_free(semanage_ibendport_key_t *key);
++
++extern int semanage_ibendport_get_ibdev_name(semanage_handle_t *handle,
++ const semanage_ibendport_t *ibendport,
++ char **ibdev_name_ptr);
++
++extern int semanage_ibendport_set_ibdev_name(semanage_handle_t *handle,
++ semanage_ibendport_t *ibendport,
++ const char *ibdev_name);
++
++extern int semanage_ibendport_get_port(const semanage_ibendport_t *ibendport);
++
++extern void semanage_ibendport_set_port(semanage_ibendport_t *ibendport, int port);
++
++extern semanage_context_t *semanage_ibendport_get_con(const semanage_ibendport_t *ibendport);
++
++extern int semanage_ibendport_set_con(semanage_handle_t *handle,
++ semanage_ibendport_t *ibendport,
++ semanage_context_t *con);
++
++extern int semanage_ibendport_create(semanage_handle_t *handle,
++ semanage_ibendport_t **ibendport_ptr);
++
++extern int semanage_ibendport_clone(semanage_handle_t *handle,
++ const semanage_ibendport_t *ibendport,
++ semanage_ibendport_t **ibendport_ptr);
++
++extern void semanage_ibendport_free(semanage_ibendport_t *ibendport);
++
++#endif
+diff --git libsemanage-2.5/include/semanage/ibendports_local.h libsemanage-2.5/include/semanage/ibendports_local.h
+new file mode 100644
+index 0000000..641dd35
+--- /dev/null
++++ libsemanage-2.5/include/semanage/ibendports_local.h
+@@ -0,0 +1,36 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc */
++
++#ifndef _SEMANAGE_IBENDPORTS_LOCAL_H_
++#define _SEMANAGE_IBENDPORTS_LOCAL_H_
++
++#include <semanage/ibendport_record.h>
++#include <semanage/handle.h>
++
++extern int semanage_ibendport_modify_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ const semanage_ibendport_t *data);
++
++extern int semanage_ibendport_del_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key);
++
++extern int semanage_ibendport_query_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ semanage_ibendport_t **response);
++
++extern int semanage_ibendport_exists_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ int *response);
++
++extern int semanage_ibendport_count_local(semanage_handle_t *handle,
++ unsigned int *response);
++
++extern int semanage_ibendport_iterate_local(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibendport_t *record,
++ void *varg),
++ void *handler_arg);
++
++extern int semanage_ibendport_list_local(semanage_handle_t *handle,
++ semanage_ibendport_t ***records,
++ unsigned int *count);
++
++#endif
+diff --git libsemanage-2.5/include/semanage/ibendports_policy.h libsemanage-2.5/include/semanage/ibendports_policy.h
+new file mode 100644
+index 0000000..3fc1976
+--- /dev/null
++++ libsemanage-2.5/include/semanage/ibendports_policy.h
+@@ -0,0 +1,28 @@
++/* Copyright (C) 2017 Mellanox Techonologies Inc */
++
++#ifndef _SEMANAGE_IBENDPORTS_POLICY_H_
++#define _SEMANAGE_IBENDPORTS_POLICY_H_
++
++#include <semanage/handle.h>
++#include <semanage/ibendport_record.h>
++
++extern int semanage_ibendport_query(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ semanage_ibendport_t **response);
++
++extern int semanage_ibendport_exists(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key, int *response);
++
++extern int semanage_ibendport_count(semanage_handle_t *handle,
++ unsigned int *response);
++
++extern int semanage_ibendport_iterate(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibendport_t *record,
++ void *varg),
++ void *handler_arg);
++
++extern int semanage_ibendport_list(semanage_handle_t *handle,
++ semanage_ibendport_t ***records,
++ unsigned int *count);
++
++#endif
+diff --git libsemanage-2.5/include/semanage/ibpkey_record.h libsemanage-2.5/include/semanage/ibpkey_record.h
+new file mode 100644
+index 0000000..9da7dc5
+--- /dev/null
++++ libsemanage-2.5/include/semanage/ibpkey_record.h
+@@ -0,0 +1,72 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc */
++
++#ifndef _SEMANAGE_IBPKEY_RECORD_H_
++#define _SEMANAGE_IBPKEY_RECORD_H_
++
++#include <semanage/context_record.h>
++#include <semanage/handle.h>
++#include <stddef.h>
++#include <stdint.h>
++
++#ifndef _SEMANAGE_IBPKEY_DEFINED_
++struct semanage_ibpkey;
++struct semanage_ibpkey_key;
++typedef struct semanage_ibpkey semanage_ibpkey_t;
++typedef struct semanage_ibpkey_key semanage_ibpkey_key_t;
++#define _SEMANAGE_IBPKEY_DEFINED_
++#endif
++
++extern int semanage_ibpkey_compare(const semanage_ibpkey_t *ibpkey,
++ const semanage_ibpkey_key_t *key);
++
++extern int semanage_ibpkey_compare2(const semanage_ibpkey_t *ibpkey,
++ const semanage_ibpkey_t *ibpkey2);
++
++extern int semanage_ibpkey_key_create(semanage_handle_t *handle,
++ const char *subnet_prefix,
++ int low, int high,
++ semanage_ibpkey_key_t **key_ptr);
++
++extern int semanage_ibpkey_key_extract(semanage_handle_t *handle,
++ const semanage_ibpkey_t *ibpkey,
++ semanage_ibpkey_key_t **key_ptr);
++
++extern void semanage_ibpkey_key_free(semanage_ibpkey_key_t *key);
++
++extern int semanage_ibpkey_get_subnet_prefix(semanage_handle_t *handle,
++ const semanage_ibpkey_t *ibpkey,
++ char **subnet_prefix_ptr);
++
++extern uint64_t semanage_ibpkey_get_subnet_prefix_bytes(const semanage_ibpkey_t *ibpkey);
++
++extern int semanage_ibpkey_set_subnet_prefix(semanage_handle_t *handle,
++ semanage_ibpkey_t *ibpkey,
++ const char *subnet_prefix);
++
++extern void semanage_ibpkey_set_subnet_prefix_bytes(semanage_ibpkey_t *ibpkey,
++ uint64_t subnet_prefix);
++
++extern int semanage_ibpkey_get_low(const semanage_ibpkey_t *ibpkey);
++
++extern int semanage_ibpkey_get_high(const semanage_ibpkey_t *ibpkey);
++
++extern void semanage_ibpkey_set_pkey(semanage_ibpkey_t *ibpkey, int pkey_num);
++
++extern void semanage_ibpkey_set_range(semanage_ibpkey_t *ibpkey, int low, int high);
++
++extern semanage_context_t *semanage_ibpkey_get_con(const semanage_ibpkey_t *ibpkey);
++
++extern int semanage_ibpkey_set_con(semanage_handle_t *handle,
++ semanage_ibpkey_t *ibpkey,
++ semanage_context_t *con);
++
++extern int semanage_ibpkey_create(semanage_handle_t *handle,
++ semanage_ibpkey_t **ibpkey_ptr);
++
++extern int semanage_ibpkey_clone(semanage_handle_t *handle,
++ const semanage_ibpkey_t *ibpkey,
++ semanage_ibpkey_t **ibpkey_ptr);
++
++extern void semanage_ibpkey_free(semanage_ibpkey_t *ibpkey);
++
++#endif
+diff --git libsemanage-2.5/include/semanage/ibpkeys_local.h libsemanage-2.5/include/semanage/ibpkeys_local.h
+new file mode 100644
+index 0000000..079a642
+--- /dev/null
++++ libsemanage-2.5/include/semanage/ibpkeys_local.h
+@@ -0,0 +1,36 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc */
++
++#ifndef _SEMANAGE_IBPKEYS_LOCAL_H_
++#define _SEMANAGE_IBPKEYS_LOCAL_H_
++
++#include <semanage/ibpkey_record.h>
++#include <semanage/handle.h>
++
++extern int semanage_ibpkey_modify_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ const semanage_ibpkey_t *data);
++
++extern int semanage_ibpkey_del_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key);
++
++extern int semanage_ibpkey_query_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ semanage_ibpkey_t **response);
++
++extern int semanage_ibpkey_exists_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ int *response);
++
++extern int semanage_ibpkey_count_local(semanage_handle_t *handle,
++ unsigned int *response);
++
++extern int semanage_ibpkey_iterate_local(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibpkey_t *
++ record, void *varg),
++ void *handler_arg);
++
++extern int semanage_ibpkey_list_local(semanage_handle_t *handle,
++ semanage_ibpkey_t ***records,
++ unsigned int *count);
++
++#endif
+diff --git libsemanage-2.5/include/semanage/ibpkeys_policy.h libsemanage-2.5/include/semanage/ibpkeys_policy.h
+new file mode 100644
+index 0000000..c287ac0
+--- /dev/null
++++ libsemanage-2.5/include/semanage/ibpkeys_policy.h
+@@ -0,0 +1,28 @@
++/* Copyright (C) 2017 Mellanox Technolgies Inc. */
++
++#ifndef _SEMANAGE_IBPKEYS_POLICY_H_
++#define _SEMANAGE_IBPKEYS_POLICY_H_
++
++#include <semanage/handle.h>
++#include <semanage/ibpkey_record.h>
++
++extern int semanage_ibpkey_query(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ semanage_ibpkey_t **response);
++
++extern int semanage_ibpkey_exists(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key, int *response);
++
++extern int semanage_ibpkey_count(semanage_handle_t *handle,
++ unsigned int *response);
++
++extern int semanage_ibpkey_iterate(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibpkey_t *record,
++ void *varg),
++ void *handler_arg);
++
++extern int semanage_ibpkey_list(semanage_handle_t *handle,
++ semanage_ibpkey_t ***records,
++ unsigned int *count);
++
++#endif
diff --git libsemanage-2.5/include/semanage/modules.h libsemanage-2.5/include/semanage/modules.h
index 4b93e54..50940e2 100644
--- libsemanage-2.5/include/semanage/modules.h
@@ -80,6 +391,30 @@ index 4b93e54..50940e2 100644
/* Set @lang_ext in @modinfo.
*
* Returns 0 on success and -1 on error.
+diff --git libsemanage-2.5/include/semanage/semanage.h libsemanage-2.5/include/semanage/semanage.h
+index f417ce4..0489014 100644
+--- libsemanage-2.5/include/semanage/semanage.h
++++ libsemanage-2.5/include/semanage/semanage.h
+@@ -33,6 +33,8 @@
+ #include <semanage/context_record.h>
+ #include <semanage/iface_record.h>
+ #include <semanage/port_record.h>
++#include <semanage/ibpkey_record.h>
++#include <semanage/ibendport_record.h>
+ #include <semanage/node_record.h>
+
+ /* Dbase */
+@@ -47,6 +49,10 @@
+ #include <semanage/seusers_policy.h>
+ #include <semanage/ports_local.h>
+ #include <semanage/ports_policy.h>
++#include <semanage/ibpkeys_local.h>
++#include <semanage/ibendports_local.h>
++#include <semanage/ibendports_policy.h>
++#include <semanage/ibpkeys_policy.h>
+ #include <semanage/interfaces_local.h>
+ #include <semanage/interfaces_policy.h>
+ #include <semanage/nodes_local.h>
diff --git libsemanage-2.5/man/man5/semanage.conf.5 libsemanage-2.5/man/man5/semanage.conf.5
index 8f8de55..1009d97 100644
--- libsemanage-2.5/man/man5/semanage.conf.5
@@ -163,11 +498,41 @@ index e460379..6a4a164 100644
int (*cache) (struct semanage_handle * handle, dbase_t * dbase);
/* Forgets all changes that haven't been written
+diff --git libsemanage-2.5/src/database_file.c libsemanage-2.5/src/database_file.c
+index a21b3ee..a51269e 100644
+--- libsemanage-2.5/src/database_file.c
++++ libsemanage-2.5/src/database_file.c
+@@ -119,13 +119,16 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
+ cache_entry_t *ptr;
+ const char *fname = NULL;
+ FILE *str = NULL;
++ mode_t mask;
+
+ if (!dbase_llist_is_modified(&dbase->llist))
+ return STATUS_SUCCESS;
+
+ fname = dbase->path[handle->is_in_transaction];
+
++ mask = umask(0077);
+ str = fopen(fname, "w");
++ umask(mask);
+ if (!str) {
+ ERR(handle, "could not open %s for writing: %s",
+ fname, strerror(errno));
diff --git libsemanage-2.5/src/direct_api.c libsemanage-2.5/src/direct_api.c
-index 2187b65..1efe141 100644
+index 2187b65..fea6572 100644
--- libsemanage-2.5/src/direct_api.c
+++ libsemanage-2.5/src/direct_api.c
-@@ -146,9 +146,6 @@ int semanage_direct_connect(semanage_handle_t * sh)
+@@ -40,6 +40,8 @@
+ #include "user_internal.h"
+ #include "seuser_internal.h"
+ #include "port_internal.h"
++#include "ibpkey_internal.h"
++#include "ibendport_internal.h"
+ #include "iface_internal.h"
+ #include "boolean_internal.h"
+ #include "fcontext_internal.h"
+@@ -146,9 +148,6 @@ int semanage_direct_connect(semanage_handle_t * sh)
if (semanage_create_store(sh, 1))
goto err;
@@ -177,7 +542,56 @@ index 2187b65..1efe141 100644
sh->u.direct.translock_file_fd = -1;
sh->u.direct.activelock_file_fd = -1;
-@@ -275,7 +272,9 @@ int semanage_direct_connect(semanage_handle_t * sh)
+@@ -208,6 +207,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ semanage_fcontext_dbase_local(sh)) < 0)
+ goto err;
+
++ if (fcontext_file_dbase_init(sh,
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_FC_HOMEDIRS),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
++ semanage_fcontext_dbase_homedirs(sh)) < 0)
++ goto err;
++
+ if (seuser_file_dbase_init(sh,
+ semanage_path(SEMANAGE_ACTIVE,
+ SEMANAGE_SEUSERS_LOCAL),
+@@ -224,6 +229,22 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ semanage_node_dbase_local(sh)) < 0)
+ goto err;
+
++ if (ibpkey_file_dbase_init(sh,
++ semanage_path(SEMANAGE_ACTIVE,
++ SEMANAGE_IBPKEYS_LOCAL),
++ semanage_path(SEMANAGE_TMP,
++ SEMANAGE_IBPKEYS_LOCAL),
++ semanage_ibpkey_dbase_local(sh)) < 0)
++ goto err;
++
++ if (ibendport_file_dbase_init(sh,
++ semanage_path(SEMANAGE_ACTIVE,
++ SEMANAGE_IBENDPORTS_LOCAL),
++ semanage_path(SEMANAGE_TMP,
++ SEMANAGE_IBENDPORTS_LOCAL),
++ semanage_ibendport_dbase_local(sh)) < 0)
++ goto err;
++
+ /* Object databases: local modifications + policy */
+ if (user_base_policydb_dbase_init(sh,
+ semanage_user_base_dbase_policy(sh)) <
+@@ -248,6 +269,12 @@ int semanage_direct_connect(semanage_handle_t * sh)
+ if (port_policydb_dbase_init(sh, semanage_port_dbase_policy(sh)) < 0)
+ goto err;
+
++ if (ibpkey_policydb_dbase_init(sh, semanage_ibpkey_dbase_policy(sh)) < 0)
++ goto err;
++
++ if (ibendport_policydb_dbase_init(sh, semanage_ibendport_dbase_policy(sh)) < 0)
++ goto err;
++
+ if (iface_policydb_dbase_init(sh, semanage_iface_dbase_policy(sh)) < 0)
+ goto err;
+
+@@ -275,7 +302,9 @@ int semanage_direct_connect(semanage_handle_t * sh)
/* set the disable dontaudit value */
path = semanage_path(SEMANAGE_ACTIVE, SEMANAGE_DISABLE_DONTAUDIT);
@@ -188,7 +602,29 @@ index 2187b65..1efe141 100644
sepol_set_disable_dontaudit(sh->sepolh, 1);
else
sepol_set_disable_dontaudit(sh->sepolh, 0);
-@@ -345,10 +344,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
+@@ -320,9 +349,12 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
+ user_extra_file_dbase_release(semanage_user_extra_dbase_local(sh));
+ user_join_dbase_release(semanage_user_dbase_local(sh));
+ port_file_dbase_release(semanage_port_dbase_local(sh));
++ ibpkey_file_dbase_release(semanage_ibpkey_dbase_local(sh));
++ ibendport_file_dbase_release(semanage_ibendport_dbase_local(sh));
+ iface_file_dbase_release(semanage_iface_dbase_local(sh));
+ bool_file_dbase_release(semanage_bool_dbase_local(sh));
+ fcontext_file_dbase_release(semanage_fcontext_dbase_local(sh));
++ fcontext_file_dbase_release(semanage_fcontext_dbase_homedirs(sh));
+ seuser_file_dbase_release(semanage_seuser_dbase_local(sh));
+ node_file_dbase_release(semanage_node_dbase_local(sh));
+
+@@ -331,6 +363,8 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
+ user_extra_file_dbase_release(semanage_user_extra_dbase_policy(sh));
+ user_join_dbase_release(semanage_user_dbase_policy(sh));
+ port_policydb_dbase_release(semanage_port_dbase_policy(sh));
++ ibpkey_policydb_dbase_release(semanage_ibpkey_dbase_policy(sh));
++ ibendport_policydb_dbase_release(semanage_ibendport_dbase_policy(sh));
+ iface_policydb_dbase_release(semanage_iface_dbase_policy(sh));
+ bool_policydb_dbase_release(semanage_bool_dbase_policy(sh));
+ fcontext_file_dbase_release(semanage_fcontext_dbase_policy(sh));
+@@ -345,10 +379,6 @@ static int semanage_direct_disconnect(semanage_handle_t * sh)
static int semanage_direct_begintrans(semanage_handle_t * sh)
{
@@ -199,7 +635,7 @@ index 2187b65..1efe141 100644
if (semanage_get_trans_lock(sh) < 0) {
return -1;
}
-@@ -363,6 +358,35 @@ static int semanage_direct_begintrans(semanage_handle_t * sh)
+@@ -363,6 +393,35 @@ static int semanage_direct_begintrans(semanage_handle_t * sh)
/********************* utility functions *********************/
@@ -235,7 +671,7 @@ index 2187b65..1efe141 100644
#include <stdlib.h>
#include <bzlib.h>
#include <string.h>
-@@ -588,13 +612,33 @@ static int semanage_direct_update_user_extra(semanage_handle_t * sh, cil_db_t *c
+@@ -588,13 +647,33 @@ static int semanage_direct_update_user_extra(semanage_handle_t * sh, cil_db_t *c
}
if (size > 0) {
@@ -271,7 +707,7 @@ index 2187b65..1efe141 100644
pusers_extra->dtable->drop_cache(pusers_extra->dbase);
-@@ -623,11 +667,33 @@ static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb
+@@ -623,11 +702,33 @@ static int semanage_direct_update_seuser(semanage_handle_t * sh, cil_db_t *cildb
}
if (size > 0) {
@@ -306,7 +742,7 @@ index 2187b65..1efe141 100644
pseusers->dtable->drop_cache(pseusers->dbase);
} else {
-@@ -1037,8 +1103,9 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh,
+@@ -1037,8 +1138,9 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh,
goto cleanup;
}
@@ -317,7 +753,7 @@ index 2187b65..1efe141 100644
continue;
}
-@@ -1066,21 +1133,18 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+@@ -1066,23 +1168,26 @@ static int semanage_direct_commit(semanage_handle_t * sh)
size_t fc_buffer_len = 0;
const char *ofilename = NULL;
const char *path;
@@ -327,14 +763,17 @@ index 2187b65..1efe141 100644
sepol_policydb_t *out = NULL;
struct cil_db *cildb = NULL;
semanage_module_info_t *modinfos = NULL;
++ mode_t mask = umask(0077);
- /* Declare some variables */
- int modified = 0, fcontexts_modified, ports_modified,
- seusers_modified, users_extra_modified, dontaudit_modified,
- preserve_tunables_modified, bools_modified = 0,
+- disable_dontaudit, preserve_tunables;
+ int do_rebuild, do_write_kernel, do_install;
+ int fcontexts_modified, ports_modified, seusers_modified,
- disable_dontaudit, preserve_tunables;
++ disable_dontaudit, preserve_tunables, ibpkeys_modified,
++ ibendports_modified;
dbase_config_t *users = semanage_user_dbase_local(sh);
dbase_config_t *users_base = semanage_user_base_dbase_local(sh);
dbase_config_t *pusers_base = semanage_user_base_dbase_policy(sh);
@@ -342,8 +781,14 @@ index 2187b65..1efe141 100644
+ dbase_config_t *pusers_extra = semanage_user_extra_dbase_policy(sh);
dbase_config_t *ports = semanage_port_dbase_local(sh);
dbase_config_t *pports = semanage_port_dbase_policy(sh);
++ dbase_config_t *ibpkeys = semanage_ibpkey_dbase_local(sh);
++ dbase_config_t *pibpkeys = semanage_ibpkey_dbase_policy(sh);
++ dbase_config_t *ibendports = semanage_ibendport_dbase_local(sh);
++ dbase_config_t *pibendports = semanage_ibendport_dbase_policy(sh);
dbase_config_t *bools = semanage_bool_dbase_local(sh);
-@@ -1092,13 +1156,23 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ dbase_config_t *pbools = semanage_bool_dbase_policy(sh);
+ dbase_config_t *ifaces = semanage_iface_dbase_local(sh);
+@@ -1092,13 +1197,25 @@ static int semanage_direct_commit(semanage_handle_t * sh)
dbase_config_t *fcontexts = semanage_fcontext_dbase_local(sh);
dbase_config_t *pfcontexts = semanage_fcontext_dbase_policy(sh);
dbase_config_t *seusers = semanage_seuser_dbase_local(sh);
@@ -351,6 +796,8 @@ index 2187b65..1efe141 100644
+
+ /* Modified flags that we need to use more than once. */
+ ports_modified = ports->dtable->is_modified(ports->dbase);
++ ibpkeys_modified = ibpkeys->dtable->is_modified(ibpkeys->dbase);
++ ibendports_modified = ibendports->dtable->is_modified(ibendports->dbase);
+ seusers_modified = seusers->dtable->is_modified(seusers->dbase);
+ fcontexts_modified = fcontexts->dtable->is_modified(fcontexts->dbase);
+
@@ -370,7 +817,7 @@ index 2187b65..1efe141 100644
if (sepol_get_disable_dontaudit(sh->sepolh) == 1) {
FILE *touch;
touch = fopen(path, "w");
-@@ -1120,10 +1194,10 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+@@ -1120,10 +1237,10 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* Create or remove the preserve_tunables flag file. */
path = semanage_path(SEMANAGE_TMP, SEMANAGE_PRESERVE_TUNABLES);
@@ -384,7 +831,7 @@ index 2187b65..1efe141 100644
if (sepol_get_preserve_tunables(sh->sepolh) == 1) {
FILE *touch;
touch = fopen(path, "w");
-@@ -1151,54 +1225,75 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+@@ -1151,54 +1268,76 @@ static int semanage_direct_commit(semanage_handle_t * sh)
goto cleanup;
}
@@ -449,18 +896,18 @@ index 2187b65..1efe141 100644
+ if (stat(path, &sb) != 0) {
+ do_rebuild = 1;
+ goto rebuild;
++ }
++
++ path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED);
++ if (stat(path, &sb) != 0) {
++ do_rebuild = 1;
++ goto rebuild;
}
- }
- missing |= missing_policy_kern;
- missing |= missing_fc;
- missing |= missing_seusers;
-+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_SEUSERS_LINKED);
-+ if (stat(path, &sb) != 0) {
-+ do_rebuild = 1;
-+ goto rebuild;
-+ }
-+
+ path = semanage_path(SEMANAGE_TMP, SEMANAGE_USERS_EXTRA_LINKED);
+ if (stat(path, &sb) != 0) {
+ do_rebuild = 1;
@@ -481,7 +928,8 @@ index 2187b65..1efe141 100644
+ * that live under /etc/selinux (kernel policy, seusers, file contexts)
+ * will be modified.
+ */
-+ do_write_kernel = do_rebuild | ports_modified |
++ do_write_kernel = do_rebuild | ports_modified | ibpkeys_modified |
++ ibendports_modified |
+ bools->dtable->is_modified(bools->dbase) |
+ ifaces->dtable->is_modified(ifaces->dbase) |
+ nodes->dtable->is_modified(nodes->dbase) |
@@ -496,7 +944,7 @@ index 2187b65..1efe141 100644
/* =================== Module expansion =============== */
retval = semanage_get_active_modules(sh, &modinfos, &num_modinfos);
-@@ -1287,43 +1382,72 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+@@ -1287,43 +1426,74 @@ static int semanage_direct_commit(semanage_handle_t * sh)
goto cleanup;
cil_db_destroy(&cildb);
@@ -558,6 +1006,8 @@ index 2187b65..1efe141 100644
+ /* Attach our databases to the policydb we just created or loaded. */
+ dbase_policydb_attach((dbase_policydb_t *) pusers_base->dbase, out);
+ dbase_policydb_attach((dbase_policydb_t *) pports->dbase, out);
++ dbase_policydb_attach((dbase_policydb_t *) pibpkeys->dbase, out);
++ dbase_policydb_attach((dbase_policydb_t *) pibendports->dbase, out);
+ dbase_policydb_attach((dbase_policydb_t *) pifaces->dbase, out);
+ dbase_policydb_attach((dbase_policydb_t *) pbools->dbase, out);
+ dbase_policydb_attach((dbase_policydb_t *) pnodes->dbase, out);
@@ -589,7 +1039,7 @@ index 2187b65..1efe141 100644
}
/* ======= Post-process: Validate non-policydb components ===== */
-@@ -1332,21 +1456,21 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+@@ -1332,26 +1502,39 @@ static int semanage_direct_commit(semanage_handle_t * sh)
* Note: those are still cached, even though they've been
* merged into the main file_contexts. We won't check the
* large file_contexts - checked at compile time */
@@ -614,7 +1064,25 @@ index 2187b65..1efe141 100644
retval = semanage_port_validate_local(sh);
if (retval < 0)
goto cleanup;
-@@ -1367,33 +1491,27 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ }
+
++ /* Validate local ibpkeys for overlap */
++ if (do_rebuild || ibpkeys_modified) {
++ retval = semanage_ibpkey_validate_local(sh);
++ if (retval < 0)
++ goto cleanup;
++ }
++
++ /* Validate local ibendports */
++ if (do_rebuild || ibendports_modified) {
++ retval = semanage_ibendport_validate_local(sh);
++ if (retval < 0)
++ goto cleanup;
++ }
+ /* ================== Write non-policydb components ========= */
+
+ /* Commit changes to components */
+@@ -1367,43 +1550,46 @@ static int semanage_direct_commit(semanage_handle_t * sh)
}
path = semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_LOCAL);
@@ -663,7 +1131,31 @@ index 2187b65..1efe141 100644
}
/* run genhomedircon if its enabled, this should be the last operation
-@@ -1415,9 +1533,8 @@ static int semanage_direct_commit(semanage_handle_t * sh)
+ * which requires the out policydb */
+ if (!sh->conf->disable_genhomedircon) {
+- if (out && (retval =
+- semanage_genhomedircon(sh, out, sh->conf->usepasswd, sh->conf->ignoredirs)) != 0) {
+- ERR(sh, "semanage_genhomedircon returned error code %d.",
+- retval);
+- goto cleanup;
++ if (out){
++ if ((retval = semanage_genhomedircon(sh, out, sh->conf->usepasswd,
++ sh->conf->ignoredirs)) != 0) {
++ ERR(sh, "semanage_genhomedircon returned error code %d.", retval);
++ goto cleanup;
++ }
++ /* file_contexts.homedirs was created in SEMANAGE_TMP store */
++ retval = semanage_copy_file(
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS),
++ semanage_final_path(SEMANAGE_FINAL_TMP, SEMANAGE_FC_HOMEDIRS),
++ sh->conf->file_mode);
++ if (retval < 0) {
++ goto cleanup;
++ }
+ }
+ } else {
+ WARN(sh, "WARNING: genhomedircon is disabled. \
+@@ -1415,9 +1601,8 @@ static int semanage_direct_commit(semanage_handle_t * sh)
sepol_policydb_free(out);
out = NULL;
@@ -674,7 +1166,7 @@ index 2187b65..1efe141 100644
cleanup:
for (i = 0; i < num_modinfos; i++) {
-@@ -1429,14 +1546,12 @@ cleanup:
+@@ -1429,14 +1614,14 @@ cleanup:
free(mod_filenames[i]);
}
@@ -689,13 +1181,24 @@ index 2187b65..1efe141 100644
+ /* Detach from policydb, so it can be freed */
+ dbase_policydb_detach((dbase_policydb_t *) pusers_base->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pports->dbase);
++ dbase_policydb_detach((dbase_policydb_t *) pibpkeys->dbase);
++ dbase_policydb_detach((dbase_policydb_t *) pibendports->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pifaces->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pnodes->dbase);
+ dbase_policydb_detach((dbase_policydb_t *) pbools->dbase);
free(mod_filenames);
sepol_policydb_free(out);
-@@ -1600,7 +1715,8 @@ static int semanage_direct_extract(semanage_handle_t * sh,
+@@ -1452,6 +1637,8 @@ cleanup:
+ semanage_remove_directory(semanage_final_path
+ (SEMANAGE_FINAL_TMP,
+ SEMANAGE_FINAL_TOPLEVEL));
++ umask(mask);
++
+ return retval;
+ }
+
+@@ -1600,7 +1787,8 @@ static int semanage_direct_extract(semanage_handle_t * sh,
goto cleanup;
}
@@ -705,7 +1208,7 @@ index 2187b65..1efe141 100644
ERR(sh, "Module does not exist: %s", module_path);
rc = -1;
goto cleanup;
-@@ -1630,7 +1746,7 @@ static int semanage_direct_extract(semanage_handle_t * sh,
+@@ -1630,7 +1818,7 @@ static int semanage_direct_extract(semanage_handle_t * sh,
goto cleanup;
}
@@ -714,7 +1217,25 @@ index 2187b65..1efe141 100644
rc = semanage_compile_module(sh, _modinfo);
if (rc < 0) {
goto cleanup;
-@@ -1931,7 +2047,7 @@ int semanage_direct_mls_enabled(semanage_handle_t * sh)
+@@ -1802,6 +1990,7 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
+ const char *path = NULL;
+ FILE *fp = NULL;
+ semanage_module_info_t *modinfo = NULL;
++ mode_t mask;
+
+ /* check transaction */
+ if (!sh->is_in_transaction) {
+@@ -1862,7 +2051,9 @@ static int semanage_direct_set_enabled(semanage_handle_t *sh,
+
+ switch (enabled) {
+ case 0: /* disable the module */
++ mask = umask(0077);
+ fp = fopen(fn, "w");
++ umask(mask);
+
+ if (fp == NULL) {
+ ERR(sh,
+@@ -1931,7 +2122,7 @@ int semanage_direct_mls_enabled(semanage_handle_t * sh)
if (retval < 0)
goto cleanup;
@@ -723,7 +1244,7 @@ index 2187b65..1efe141 100644
if (retval < 0)
goto cleanup;
-@@ -2075,6 +2191,31 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
+@@ -2075,6 +2266,31 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
free(tmp);
tmp = NULL;
@@ -755,7 +1276,15 @@ index 2187b65..1efe141 100644
if (fclose(fp) != 0) {
ERR(sh,
"Unable to close %s module lang ext file.",
-@@ -2613,7 +2754,8 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
+@@ -2516,6 +2732,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
+ int type;
+
+ char path[PATH_MAX];
++ mode_t mask = umask(0077);
+
+ semanage_module_info_t *higher_info = NULL;
+ semanage_module_key_t higher_key;
+@@ -2613,7 +2830,8 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
goto cleanup;
}
@@ -765,6 +1294,14 @@ index 2187b65..1efe141 100644
ret = unlink(path);
if (ret != 0) {
ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno));
+@@ -2627,6 +2845,7 @@ cleanup:
+ semanage_module_key_destroy(sh, &higher_key);
+ semanage_module_info_destroy(sh, higher_info);
+ free(higher_info);
++ umask(mask);
+
+ return status;
+ }
diff --git libsemanage-2.5/src/exception.sh libsemanage-2.5/src/exception.sh
index 94619d2..d18959c 100644
--- libsemanage-2.5/src/exception.sh
@@ -777,8 +1314,24 @@ index 94619d2..d18959c 100644
+${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/semanage/semanage.h
for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done
rm -f -- temp.aux -.o
+diff --git libsemanage-2.5/src/fcontexts_policy.c libsemanage-2.5/src/fcontexts_policy.c
+index 0b063b1..98490ab 100644
+--- libsemanage-2.5/src/fcontexts_policy.c
++++ libsemanage-2.5/src/fcontexts_policy.c
+@@ -51,3 +51,11 @@ int semanage_fcontext_list(semanage_handle_t * handle,
+ dbase_config_t *dconfig = semanage_fcontext_dbase_policy(handle);
+ return dbase_list(handle, dconfig, records, count);
+ }
++
++int semanage_fcontext_list_homedirs(semanage_handle_t * handle,
++ semanage_fcontext_t *** records, unsigned int *count)
++{
++
++ dbase_config_t *dconfig = semanage_fcontext_dbase_homedirs(handle);
++ return dbase_list(handle, dconfig, records, count);
++}
diff --git libsemanage-2.5/src/genhomedircon.c libsemanage-2.5/src/genhomedircon.c
-index 1a9e87e..32d8d5f 100644
+index 1a9e87e..d32c147 100644
--- libsemanage-2.5/src/genhomedircon.c
+++ libsemanage-2.5/src/genhomedircon.c
@@ -48,6 +48,8 @@
@@ -790,7 +1343,7 @@ index 1a9e87e..32d8d5f 100644
/* paths used in get_home_dirs() */
#define PATH_ETC_USERADD "/etc/default/useradd"
-@@ -73,37 +75,45 @@
+@@ -73,36 +75,44 @@
which are searched for and replaced */
#define TEMPLATE_HOME_ROOT "HOME_ROOT"
#define TEMPLATE_HOME_DIR "HOME_DIR"
@@ -837,7 +1390,7 @@ index 1a9e87e..32d8d5f 100644
struct user_entry *next;
} genhomedircon_user_entry_t;
- typedef struct {
++typedef struct {
+ const char *fcfilepath;
+ int usepasswd;
+ const char *homedir_template_path;
@@ -846,10 +1399,9 @@ index 1a9e87e..32d8d5f 100644
+ sepol_policydb_t *policydb;
+} genhomedircon_settings_t;
+
-+typedef struct {
+ typedef struct {
const char *search_for;
const char *replace_with;
- } replacement_pair_t;
@@ -461,11 +471,29 @@ static int HOME_DIR_PRED(const char *string)
return semanage_is_prefix(string, TEMPLATE_HOME_DIR);
}
@@ -1602,20 +2154,25 @@ index 1a9e87e..32d8d5f 100644
semanage_list_destroy(&user_context_tpl);
semanage_list_destroy(&homedir_context_tpl);
semanage_list_destroy(&homeroot_context_tpl);
-@@ -1068,10 +1282,20 @@ int semanage_genhomedircon(semanage_handle_t * sh,
- s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
- SEMANAGE_FC_HOMEDIRS);
-
-- s.fallback_user = strdup(FALLBACK_USER);
-- s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
-- s.fallback_user_level = strdup(FALLBACK_USER_LEVEL);
-- if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) {
+@@ -1065,13 +1279,23 @@ int semanage_genhomedircon(semanage_handle_t * sh,
+
+ s.homedir_template_path =
+ semanage_path(SEMANAGE_TMP, SEMANAGE_HOMEDIR_TMPL);
+- s.fcfilepath = semanage_final_path(SEMANAGE_FINAL_TMP,
+- SEMANAGE_FC_HOMEDIRS);
++ s.fcfilepath =
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_FC_HOMEDIRS);
++
+ s.fallback = calloc(1, sizeof(genhomedircon_user_entry_t));
+ if (s.fallback == NULL) {
+ retval = STATUS_ERR;
+ goto done;
+ }
-+
+
+- s.fallback_user = strdup(FALLBACK_USER);
+- s.fallback_user_prefix = strdup(FALLBACK_USER_PREFIX);
+- s.fallback_user_level = strdup(FALLBACK_USER_LEVEL);
+- if (s.fallback_user == NULL || s.fallback_user_prefix == NULL || s.fallback_user_level == NULL) {
+ s.fallback->name = strdup(FALLBACK_NAME);
+ s.fallback->sename = strdup(FALLBACK_SENAME);
+ s.fallback->prefix = strdup(FALLBACK_PREFIX);
@@ -1638,104 +2195,1607 @@ index 1a9e87e..32d8d5f 100644
ignore_free();
return retval;
-diff --git libsemanage-2.5/src/libsemanage.map libsemanage-2.5/src/libsemanage.map
-index 34b553d..41841e1 100644
---- libsemanage-2.5/src/libsemanage.map
-+++ libsemanage-2.5/src/libsemanage.map
-@@ -40,10 +40,12 @@ LIBSEMANAGE_1.1 {
- semanage_module_info_destroy;
- semanage_module_info_get_priority;
- semanage_module_info_get_name;
-+ semanage_module_info_get_version;
- semanage_module_info_get_lang_ext;
- semanage_module_info_get_enabled;
- semanage_module_info_set_priority;
- semanage_module_info_set_name;
-+ semanage_module_info_set_version;
- semanage_module_info_set_lang_ext;
- semanage_module_info_set_enabled;
- semanage_module_key_create;
-diff --git libsemanage-2.5/src/module_internal.h libsemanage-2.5/src/module_internal.h
-index c99f6c2..d62091a 100644
---- libsemanage-2.5/src/module_internal.h
-+++ libsemanage-2.5/src/module_internal.h
-@@ -11,10 +11,12 @@ hidden_proto(semanage_module_get_name)
- hidden_proto(semanage_module_info_destroy)
- hidden_proto(semanage_module_info_get_priority)
- hidden_proto(semanage_module_info_get_name)
-+ hidden_proto(semanage_module_info_get_version)
- hidden_proto(semanage_module_info_get_lang_ext)
- hidden_proto(semanage_module_info_get_enabled)
- hidden_proto(semanage_module_info_set_priority)
- hidden_proto(semanage_module_info_set_name)
-+ hidden_proto(semanage_module_info_set_version)
- hidden_proto(semanage_module_info_set_lang_ext)
- hidden_proto(semanage_module_info_set_enabled)
- hidden_proto(semanage_module_key_create)
-diff --git libsemanage-2.5/src/modules.c libsemanage-2.5/src/modules.c
-index 90c5e49..85285a1 100644
---- libsemanage-2.5/src/modules.c
-+++ libsemanage-2.5/src/modules.c
-@@ -291,6 +291,7 @@ int semanage_module_info_destroy(semanage_handle_t *sh,
- }
-
- free(modinfo->name);
-+ free(modinfo->module_version);
- free(modinfo->lang_ext);
-
- return semanage_module_info_init(sh, modinfo);
-@@ -306,6 +307,7 @@ int semanage_module_info_init(semanage_handle_t *sh,
-
- modinfo->priority = 0;
- modinfo->name = NULL;
-+ modinfo->module_version = NULL;
- modinfo->lang_ext = NULL;
- modinfo->enabled = -1;
-
-@@ -341,6 +343,14 @@ int semanage_module_info_clone(semanage_handle_t *sh,
- goto cleanup;
- }
-
-+ if (source->module_version != NULL) {
-+ ret = semanage_module_info_set_version(sh, target, source->module_version);
-+ if (ret != 0) {
-+ status = -1;
-+ goto cleanup;
-+ }
-+ }
-+
- ret = semanage_module_info_set_lang_ext(sh, target, source->lang_ext);
- if (ret != 0) {
- status = -1;
-@@ -388,6 +398,21 @@ int semanage_module_info_get_name(semanage_handle_t *sh,
+diff --git libsemanage-2.5/src/handle.h libsemanage-2.5/src/handle.h
+index 64175c4..1780ac8 100644
+--- libsemanage-2.5/src/handle.h
++++ libsemanage-2.5/src/handle.h
+@@ -79,7 +79,7 @@ struct semanage_handle {
+ struct semanage_policy_table *funcs;
+
+ /* Object databases */
+-#define DBASE_COUNT 19
++#define DBASE_COUNT 24
+
+ /* Local modifications */
+ #define DBASE_LOCAL_USERS_BASE 0
+@@ -91,20 +91,25 @@ struct semanage_handle {
+ #define DBASE_LOCAL_FCONTEXTS 6
+ #define DBASE_LOCAL_SEUSERS 7
+ #define DBASE_LOCAL_NODES 8
++#define DBASE_LOCAL_IBPKEYS 9
++#define DBASE_LOCAL_IBENDPORTS 10
+
+ /* Policy + Local modifications */
+-#define DBASE_POLICY_USERS_BASE 9
+-#define DBASE_POLICY_USERS_EXTRA 10
+-#define DBASE_POLICY_USERS 11
+-#define DBASE_POLICY_PORTS 12
+-#define DBASE_POLICY_INTERFACES 13
+-#define DBASE_POLICY_BOOLEANS 14
+-#define DBASE_POLICY_FCONTEXTS 15
+-#define DBASE_POLICY_SEUSERS 16
+-#define DBASE_POLICY_NODES 17
++#define DBASE_POLICY_USERS_BASE 11
++#define DBASE_POLICY_USERS_EXTRA 12
++#define DBASE_POLICY_USERS 13
++#define DBASE_POLICY_PORTS 14
++#define DBASE_POLICY_INTERFACES 15
++#define DBASE_POLICY_BOOLEANS 16
++#define DBASE_POLICY_FCONTEXTS 17
++#define DBASE_POLICY_FCONTEXTS_H 18
++#define DBASE_POLICY_SEUSERS 19
++#define DBASE_POLICY_NODES 20
++#define DBASE_POLICY_IBPKEYS 21
++#define DBASE_POLICY_IBENDPORTS 22
+
+ /* Active kernel policy */
+-#define DBASE_ACTIVE_BOOLEANS 18
++#define DBASE_ACTIVE_BOOLEANS 23
+ dbase_config_t dbase[DBASE_COUNT];
+ };
- hidden_def(semanage_module_info_get_name)
+@@ -133,6 +138,18 @@ static inline
+ return &handle->dbase[DBASE_LOCAL_PORTS];
+ }
-+int semanage_module_info_get_version(semanage_handle_t *sh,
-+ semanage_module_info_t *modinfo,
-+ const char **version)
++static inline
++ dbase_config_t * semanage_ibpkey_dbase_local(semanage_handle_t * handle)
+{
-+ assert(sh);
-+ assert(modinfo);
-+ assert(version);
++ return &handle->dbase[DBASE_LOCAL_IBPKEYS];
++}
+
-+ *version = modinfo->module_version;
++static inline
++ dbase_config_t * semanage_ibendport_dbase_local(semanage_handle_t * handle)
++{
++ return &handle->dbase[DBASE_LOCAL_IBENDPORTS];
++}
+
-+ return 0;
+ static inline
+ dbase_config_t * semanage_iface_dbase_local(semanage_handle_t * handle)
+ {
+@@ -189,6 +206,18 @@ static inline
+ return &handle->dbase[DBASE_POLICY_PORTS];
+ }
+
++static inline
++ dbase_config_t * semanage_ibpkey_dbase_policy(semanage_handle_t * handle)
++{
++ return &handle->dbase[DBASE_POLICY_IBPKEYS];
+}
+
-+hidden_def(semanage_module_info_get_version)
++static inline
++ dbase_config_t * semanage_ibendport_dbase_policy(semanage_handle_t * handle)
++{
++ return &handle->dbase[DBASE_POLICY_IBENDPORTS];
++}
+
- int semanage_module_info_get_lang_ext(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- const char **lang_ext)
-@@ -470,6 +495,37 @@ int semanage_module_info_set_name(semanage_handle_t *sh,
-
- hidden_def(semanage_module_info_set_name)
+ static inline
+ dbase_config_t * semanage_iface_dbase_policy(semanage_handle_t * handle)
+ {
+@@ -207,6 +236,12 @@ static inline
+ return &handle->dbase[DBASE_POLICY_FCONTEXTS];
+ }
-+int semanage_module_info_set_version(semanage_handle_t *sh,
-+ semanage_module_info_t *modinfo,
-+ const char *version)
++static inline
++ dbase_config_t * semanage_fcontext_dbase_homedirs(semanage_handle_t * handle)
++{
++ return &handle->dbase[DBASE_POLICY_FCONTEXTS_H];
++}
++
+ static inline
+ dbase_config_t * semanage_seuser_dbase_policy(semanage_handle_t * handle)
+ {
+diff --git libsemanage-2.5/src/ibendport_internal.h libsemanage-2.5/src/ibendport_internal.h
+new file mode 100644
+index 0000000..970fbdb
+--- /dev/null
++++ libsemanage-2.5/src/ibendport_internal.h
+@@ -0,0 +1,48 @@
++#ifndef _SEMANAGE_IBENDPORT_INTERNAL_H_
++#define _SEMANAGE_IBENDPORT_INTERNAL_H_
++
++#include <semanage/ibendport_record.h>
++#include <semanage/ibendports_local.h>
++#include <semanage/ibendports_policy.h>
++#include "database.h"
++#include "handle.h"
++#include "dso.h"
++
++hidden_proto(semanage_ibendport_create)
++hidden_proto(semanage_ibendport_compare)
++hidden_proto(semanage_ibendport_compare2)
++hidden_proto(semanage_ibendport_clone)
++hidden_proto(semanage_ibendport_free)
++hidden_proto(semanage_ibendport_key_extract)
++hidden_proto(semanage_ibendport_key_free)
++hidden_proto(semanage_ibendport_get_port)
++hidden_proto(semanage_ibendport_set_port)
++hidden_proto(semanage_ibendport_get_con)
++hidden_proto(semanage_ibendport_set_con)
++hidden_proto(semanage_ibendport_list_local)
++hidden_proto(semanage_ibendport_get_ibdev_name)
++hidden_proto(semanage_ibendport_set_ibdev_name)
++
++/* IBENDPORT RECORD: method table */
++extern record_table_t SEMANAGE_IBENDPORT_RTABLE;
++
++extern int ibendport_file_dbase_init(semanage_handle_t *handle,
++ const char *path_ro,
++ const char *path_rw,
++ dbase_config_t *dconfig);
++
++extern void ibendport_file_dbase_release(dbase_config_t *dconfig);
++
++extern int ibendport_policydb_dbase_init(semanage_handle_t *handle,
++ dbase_config_t *dconfig);
++
++extern void ibendport_policydb_dbase_release(dbase_config_t *dconfig);
++
++extern int hidden semanage_ibendport_validate_local(semanage_handle_t *handle);
++
++/* ==== Internal (to ibendports) API === */
++
++hidden int semanage_ibendport_compare2_qsort(const semanage_ibendport_t **ibendport,
++ const semanage_ibendport_t **ibendport2);
++
++#endif
+diff --git libsemanage-2.5/src/ibendport_record.c libsemanage-2.5/src/ibendport_record.c
+new file mode 100644
+index 0000000..955067e
+--- /dev/null
++++ libsemanage-2.5/src/ibendport_record.c
+@@ -0,0 +1,154 @@
++/*Copyright (C) 2005 Red Hat, Inc. */
++
++/*Object: semanage_ibendport_t (Infiniband Pkey)
++ *Object: semanage_ibendport_key_t (Infiniband Pkey Key)
++ *Implements: record_t (Database Record)
++ *Implements: record_key_t (Database Record Key)
++ */
++
++#include <sepol/context_record.h>
++#include <sepol/ibendport_record.h>
++
++typedef sepol_context_t semanage_context_t;
++typedef sepol_ibendport_t semanage_ibendport_t;
++typedef sepol_ibendport_key_t semanage_ibendport_key_t;
++#define _SEMANAGE_IBENDPORT_DEFINED_
++#define _SEMANAGE_CONTEXT_DEFINED_
++
++typedef semanage_ibendport_t record_t;
++typedef semanage_ibendport_key_t record_key_t;
++#define DBASE_RECORD_DEFINED
++
++#include "ibendport_internal.h"
++#include "handle.h"
++#include "database.h"
++
++int semanage_ibendport_compare(const semanage_ibendport_t *ibendport,
++ const semanage_ibendport_key_t *key)
++{
++ return sepol_ibendport_compare(ibendport, key);
++}
++
++hidden_def(semanage_ibendport_compare)
++
++int semanage_ibendport_compare2(const semanage_ibendport_t *ibendport,
++ const semanage_ibendport_t *ibendport2)
++{
++ return sepol_ibendport_compare2(ibendport, ibendport2);
++}
++
++hidden_def(semanage_ibendport_compare2)
++
++hidden int semanage_ibendport_compare2_qsort(const semanage_ibendport_t **ibendport,
++ const semanage_ibendport_t **ibendport2)
++{
++ return sepol_ibendport_compare2(*ibendport, *ibendport2);
++}
++
++int semanage_ibendport_key_create(semanage_handle_t *handle,
++ const char *ibdev_name,
++ int port,
++ semanage_ibendport_key_t **key_ptr)
++{
++ return sepol_ibendport_key_create(handle->sepolh, ibdev_name, port, key_ptr);
++}
++
++int semanage_ibendport_key_extract(semanage_handle_t *handle,
++ const semanage_ibendport_t *ibendport,
++ semanage_ibendport_key_t **key_ptr)
++{
++ return sepol_ibendport_key_extract(handle->sepolh, ibendport, key_ptr);
++}
++
++hidden_def(semanage_ibendport_key_extract)
++
++void semanage_ibendport_key_free(semanage_ibendport_key_t *key)
++{
++ sepol_ibendport_key_free(key);
++}
++
++hidden_def(semanage_ibendport_key_free)
++
++int semanage_ibendport_get_ibdev_name(semanage_handle_t *handle,
++ const semanage_ibendport_t *ibendport,
++ char **ibdev_name_ptr)
++{
++ return sepol_ibendport_get_ibdev_name(handle->sepolh, ibendport, ibdev_name_ptr);
++}
++
++hidden_def(semanage_ibendport_get_ibdev_name)
++
++int semanage_ibendport_set_ibdev_name(semanage_handle_t *handle,
++ semanage_ibendport_t *ibendport,
++ const char *ibdev_name)
++{
++ return sepol_ibendport_set_ibdev_name(handle->sepolh, ibendport, ibdev_name);
++}
++
++hidden_def(semanage_ibendport_set_ibdev_name)
++
++int semanage_ibendport_get_port(const semanage_ibendport_t *ibendport)
++{
++ return sepol_ibendport_get_port(ibendport);
++}
++
++hidden_def(semanage_ibendport_get_port)
++
++void semanage_ibendport_set_port(semanage_ibendport_t *ibendport, int port)
++{
++ sepol_ibendport_set_port(ibendport, port);
++}
++
++hidden_def(semanage_ibendport_set_port)
++
++semanage_context_t *semanage_ibendport_get_con(const semanage_ibendport_t *ibendport)
++{
++ return sepol_ibendport_get_con(ibendport);
++}
++
++hidden_def(semanage_ibendport_get_con)
++
++int semanage_ibendport_set_con(semanage_handle_t *handle,
++ semanage_ibendport_t *ibendport,
++ semanage_context_t *con)
++{
++ return sepol_ibendport_set_con(handle->sepolh, ibendport, con);
++}
++
++hidden_def(semanage_ibendport_set_con)
++
++int semanage_ibendport_create(semanage_handle_t *handle,
++ semanage_ibendport_t **ibendport_ptr)
++{
++ return sepol_ibendport_create(handle->sepolh, ibendport_ptr);
++}
++
++hidden_def(semanage_ibendport_create)
++
++int semanage_ibendport_clone(semanage_handle_t *handle,
++ const semanage_ibendport_t *ibendport,
++ semanage_ibendport_t **ibendport_ptr)
++{
++ return sepol_ibendport_clone(handle->sepolh, ibendport, ibendport_ptr);
++}
++
++hidden_def(semanage_ibendport_clone)
++
++void semanage_ibendport_free(semanage_ibendport_t *ibendport)
++{
++ sepol_ibendport_free(ibendport);
++}
++
++hidden_def(semanage_ibendport_free)
++
++/*key base functions */
++record_table_t SEMANAGE_IBENDPORT_RTABLE = {
++ .create = semanage_ibendport_create,
++ .key_extract = semanage_ibendport_key_extract,
++ .key_free = semanage_ibendport_key_free,
++ .clone = semanage_ibendport_clone,
++ .compare = semanage_ibendport_compare,
++ .compare2 = semanage_ibendport_compare2,
++ .compare2_qsort = semanage_ibendport_compare2_qsort,
++ .free = semanage_ibendport_free,
++};
+diff --git libsemanage-2.5/src/ibendports_file.c libsemanage-2.5/src/ibendports_file.c
+new file mode 100644
+index 0000000..402c7a5
+--- /dev/null
++++ libsemanage-2.5/src/ibendports_file.c
+@@ -0,0 +1,157 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc. */
++
++struct semanage_ibendport;
++struct semanage_ibendport_key;
++typedef struct semanage_ibendport record_t;
++typedef struct semanage_ibendport_key record_key_t;
++#define DBASE_RECORD_DEFINED
++
++struct dbase_file;
++typedef struct dbase_file dbase_t;
++#define DBASE_DEFINED
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <strings.h>
++#include <semanage/handle.h>
++#include "ibendport_internal.h"
++#include "context_internal.h"
++#include "database_file.h"
++#include "parse_utils.h"
++#include "debug.h"
++
++static int ibendport_print(semanage_handle_t *handle,
++ semanage_ibendport_t *ibendport,
++ FILE *str)
++{
++ char *con_str = NULL;
++ char *ibdev_name_str = NULL;
++ int port = semanage_ibendport_get_port(ibendport);
++
++ if (semanage_ibendport_get_ibdev_name(handle, ibendport, &ibdev_name_str) != 0)
++ goto err;
++
++ semanage_context_t *con = semanage_ibendport_get_con(ibendport);
++
++ if (fprintf(str, "ibendportcon %s ", ibdev_name_str) < 0)
++ goto err;
++
++ if (fprintf(str, "%d ", port) < 0)
++ goto err;
++
++ if (semanage_context_to_string(handle, con, &con_str) < 0)
++ goto err;
++ if (fprintf(str, "%s\n", con_str) < 0)
++ goto err;
++
++ free(ibdev_name_str);
++ free(con_str);
++ return STATUS_SUCCESS;
++
++err:
++ ERR(handle, "could not print ibendport (%s) %u to stream",
++ ibdev_name_str, port);
++ free(ibdev_name_str);
++ free(con_str);
++ return STATUS_ERR;
++}
++
++static int ibendport_parse(semanage_handle_t *handle,
++ parse_info_t *info,
++ semanage_ibendport_t *ibendport)
++{
++ int port;
++ char *str = NULL;
++ semanage_context_t *con = NULL;
++
++ if (parse_skip_space(handle, info) < 0)
++ goto err;
++ if (!info->ptr)
++ goto last;
++
++ /* Header */
++ if (parse_assert_str(handle, info, "ibendportcon") < 0)
++ goto err;
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++
++ /* IB Device Name */
++ if (parse_fetch_string(handle, info, &str, ' ') < 0)
++ goto err;
++ if (semanage_ibendport_set_ibdev_name(handle, ibendport, str) < 0)
++ goto err;
++ free(str);
++ str = NULL;
++
++ /* Port */
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++ if (parse_fetch_int(handle, info, &port, ' ') < 0)
++ goto err;
++ semanage_ibendport_set_port(ibendport, port);
++
++ /* context */
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++ if (parse_fetch_string(handle, info, &str, ' ') < 0)
++ goto err;
++ if (semanage_context_from_string(handle, str, &con) < 0) {
++ ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
++ str, info->filename, info->lineno, info->orig_line);
++ goto err;
++ }
++ if (!con) {
++ ERR(handle, "<<none>> context is not valid for ibendport (%s: %u):\n%s",
++ info->filename, info->lineno, info->orig_line);
++ goto err;
++ }
++ free(str);
++ str = NULL;
++
++ if (semanage_ibendport_set_con(handle, ibendport, con) < 0)
++ goto err;
++
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++
++ semanage_context_free(con);
++ return STATUS_SUCCESS;
++
++last:
++ parse_dispose_line(info);
++ return STATUS_NODATA;
++
++err:
++ ERR(handle, "could not parse ibendport record");
++ free(str);
++ semanage_context_free(con);
++ parse_dispose_line(info);
++ return STATUS_ERR;
++}
++
++/* IBENDPORT RECORD: FILE extension: method table */
++record_file_table_t SEMANAGE_IBENDPORT_FILE_RTABLE = {
++ .parse = ibendport_parse,
++ .print = ibendport_print,
++};
++
++int ibendport_file_dbase_init(semanage_handle_t *handle,
++ const char *path_ro,
++ const char *path_rw,
++ dbase_config_t *dconfig)
++{
++ if (dbase_file_init(handle,
++ path_ro,
++ path_rw,
++ &SEMANAGE_IBENDPORT_RTABLE,
++ &SEMANAGE_IBENDPORT_FILE_RTABLE, &dconfig->dbase) < 0)
++ return STATUS_ERR;
++
++ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
++ return STATUS_SUCCESS;
++}
++
++void ibendport_file_dbase_release(dbase_config_t *dconfig)
++{
++ dbase_file_release(dconfig->dbase);
++}
+diff --git libsemanage-2.5/src/ibendports_local.c libsemanage-2.5/src/ibendports_local.c
+new file mode 100644
+index 0000000..8b5567d
+--- /dev/null
++++ libsemanage-2.5/src/ibendports_local.c
+@@ -0,0 +1,153 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc */
++
++struct semanage_ibendport;
++struct semanage_ibendport_key;
++typedef struct semanage_ibendport_key record_key_t;
++typedef struct semanage_ibendport record_t;
++#define DBASE_RECORD_DEFINED
++
++#include <stdlib.h>
++#include <string.h>
++#include <sepol/policydb.h>
++#include "ibendport_internal.h"
++#include "debug.h"
++#include "handle.h"
++#include "database.h"
++
++int semanage_ibendport_modify_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ const semanage_ibendport_t *data)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_local(handle);
++
++ return dbase_modify(handle, dconfig, key, data);
++}
++
++int semanage_ibendport_del_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_local(handle);
++
++ return dbase_del(handle, dconfig, key);
++}
++
++int semanage_ibendport_query_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ semanage_ibendport_t **response)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_local(handle);
++
++ return dbase_query(handle, dconfig, key, response);
++}
++
++int semanage_ibendport_exists_local(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ int *response)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_local(handle);
++
++ return dbase_exists(handle, dconfig, key, response);
++}
++
++int semanage_ibendport_count_local(semanage_handle_t *handle,
++ unsigned int *response)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_local(handle);
++
++ return dbase_count(handle, dconfig, response);
++}
++
++int semanage_ibendport_iterate_local(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibendport_t *record,
++ void *varg), void *handler_arg)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_local(handle);
++ return dbase_iterate(handle, dconfig, handler, handler_arg);
++}
++
++int semanage_ibendport_list_local(semanage_handle_t *handle,
++ semanage_ibendport_t ***records,
++ unsigned int *count)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_local(handle);
++
++ return dbase_list(handle, dconfig, records, count);
++}
++
++hidden_def(semanage_ibendport_list_local)
++
++int hidden semanage_ibendport_validate_local(semanage_handle_t *handle)
++{
++ semanage_ibendport_t **ibendports = NULL;
++ unsigned int nibendports = 0;
++ unsigned int i = 0, j = 0;
++ char *ibdev_name;
++ char *ibdev_name2;
++ int port;
++ int port2;
++
++ /* List and sort the ibendports */
++ if (semanage_ibendport_list_local(handle, &ibendports, &nibendports) < 0)
++ goto err;
++
++ qsort(ibendports, nibendports, sizeof(semanage_ibendport_t *),
++ (int (*)(const void *, const void *))
++ &semanage_ibendport_compare2_qsort);
++
++ /* Test each ibendport */
++ while (i < nibendports) {
++ int stop = 0;
++
++ if (STATUS_SUCCESS !=
++ semanage_ibendport_get_ibdev_name(handle,
++ ibendports[i],
++ &ibdev_name)) {
++ ERR(handle, "Couldn't get IB device name");
++ goto err;
++ }
++
++ port = semanage_ibendport_get_port(ibendports[i]);
++
++ /* Find the first ibendport with matching
++ * ibdev_name to compare against
++ */
++ do {
++ if (j == nibendports - 1)
++ goto next;
++ j++;
++ if (STATUS_SUCCESS !=
++ semanage_ibendport_get_ibdev_name(handle,
++ ibendports[j],
++ &ibdev_name2)) {
++ ERR(handle, "Couldn't get IB device name.");
++ goto err;
++ }
++ port2 = semanage_ibendport_get_port(ibendports[j]);
++
++ stop = !strcmp(ibdev_name, ibdev_name2);
++ } while (!stop);
++
++ if (port == port2) {
++ ERR(handle, "ibendport %s/%u already exists.",
++ ibdev_name2, port2);
++ goto invalid;
++ }
++next:
++ i++;
++ j = i;
++ }
++
++ for (i = 0; i < nibendports; i++)
++ semanage_ibendport_free(ibendports[i]);
++ free(ibendports);
++ return STATUS_SUCCESS;
++
++err:
++ ERR(handle, "could not complete ibendports validity check");
++
++invalid:
++ for (i = 0; i < nibendports; i++)
++ semanage_ibendport_free(ibendports[i]);
++ free(ibendports);
++ return STATUS_ERR;
++}
+diff --git libsemanage-2.5/src/ibendports_policy.c libsemanage-2.5/src/ibendports_policy.c
+new file mode 100644
+index 0000000..1347b67
+--- /dev/null
++++ libsemanage-2.5/src/ibendports_policy.c
+@@ -0,0 +1,55 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc */
++
++struct semanage_ibendport;
++struct semanage_ibendport_key;
++typedef struct semanage_ibendport_key record_key_t;
++typedef struct semanage_ibendport record_t;
++#define DBASE_RECORD_DEFINED
++
++#include "ibendport_internal.h"
++#include "handle.h"
++#include "database.h"
++
++int semanage_ibendport_query(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ semanage_ibendport_t **response)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_policy(handle);
++
++ return dbase_query(handle, dconfig, key, response);
++}
++
++int semanage_ibendport_exists(semanage_handle_t *handle,
++ const semanage_ibendport_key_t *key,
++ int *response)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_policy(handle);
++
++ return dbase_exists(handle, dconfig, key, response);
++}
++
++int semanage_ibendport_count(semanage_handle_t *handle,
++ unsigned int *response)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_policy(handle);
++
++ return dbase_count(handle, dconfig, response);
++}
++
++int semanage_ibendport_iterate(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibendport_t *record,
++ void *varg), void *handler_arg)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_policy(handle);
++
++ return dbase_iterate(handle, dconfig, handler, handler_arg);
++}
++
++int semanage_ibendport_list(semanage_handle_t *handle,
++ semanage_ibendport_t ***records,
++ unsigned int *count)
++{
++ dbase_config_t *dconfig = semanage_ibendport_dbase_policy(handle);
++
++ return dbase_list(handle, dconfig, records, count);
++}
+diff --git libsemanage-2.5/src/ibendports_policydb.c libsemanage-2.5/src/ibendports_policydb.c
+new file mode 100644
+index 0000000..1029810
+--- /dev/null
++++ libsemanage-2.5/src/ibendports_policydb.c
+@@ -0,0 +1,62 @@
++/*
++ * Copyright (C) 2017 Mellanox Technologies Inc
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ */
++
++struct semanage_ibendport;
++struct semanage_ibendport_key;
++typedef struct semanage_ibendport record_t;
++typedef struct semanage_ibendport_key record_key_t;
++#define DBASE_RECORD_DEFINED
++
++struct dbase_policydb;
++typedef struct dbase_policydb dbase_t;
++#define DBASE_DEFINED
++
++#include <sepol/ibendports.h>
++#include <semanage/handle.h>
++#include "ibendport_internal.h"
++#include "debug.h"
++#include "database_policydb.h"
++#include "semanage_store.h"
++
++/* IBENDPORT RECORD (SEPOL): POLICYDB extension : method table */
++record_policydb_table_t SEMANAGE_IBENDPORT_POLICYDB_RTABLE = {
++ .add = NULL,
++ .modify = (record_policydb_table_modify_t)sepol_ibendport_modify,
++ .set = NULL,
++ .query = (record_policydb_table_query_t)sepol_ibendport_query,
++ .count = (record_policydb_table_count_t)sepol_ibendport_count,
++ .exists = (record_policydb_table_exists_t)sepol_ibendport_exists,
++ .iterate = (record_policydb_table_iterate_t)sepol_ibendport_iterate,
++};
++
++int ibendport_policydb_dbase_init(semanage_handle_t *handle,
++ dbase_config_t *dconfig)
++{
++ if (dbase_policydb_init(handle,
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
++ &SEMANAGE_IBENDPORT_RTABLE,
++ &SEMANAGE_IBENDPORT_POLICYDB_RTABLE,
++ &dconfig->dbase) < 0)
++ return STATUS_ERR;
++
++ dconfig->dtable = &SEMANAGE_POLICYDB_DTABLE;
++
++ return STATUS_SUCCESS;
++}
++
++void ibendport_policydb_dbase_release(dbase_config_t *dconfig)
++{
++ dbase_policydb_release(dconfig->dbase);
++}
+diff --git libsemanage-2.5/src/ibpkey_internal.h libsemanage-2.5/src/ibpkey_internal.h
+new file mode 100644
+index 0000000..9465bb8
+--- /dev/null
++++ libsemanage-2.5/src/ibpkey_internal.h
+@@ -0,0 +1,52 @@
++#ifndef _SEMANAGE_IBPKEY_INTERNAL_H_
++#define _SEMANAGE_IBPKEY_INTERNAL_H_
++
++#include <semanage/ibpkey_record.h>
++#include <semanage/ibpkeys_local.h>
++#include <semanage/ibpkeys_policy.h>
++#include "database.h"
++#include "handle.h"
++#include "dso.h"
++
++hidden_proto(semanage_ibpkey_create)
++hidden_proto(semanage_ibpkey_compare)
++hidden_proto(semanage_ibpkey_compare2)
++hidden_proto(semanage_ibpkey_clone)
++hidden_proto(semanage_ibpkey_free)
++hidden_proto(semanage_ibpkey_key_extract)
++hidden_proto(semanage_ibpkey_key_free)
++hidden_proto(semanage_ibpkey_get_high)
++hidden_proto(semanage_ibpkey_get_low)
++hidden_proto(semanage_ibpkey_set_pkey)
++hidden_proto(semanage_ibpkey_set_range)
++hidden_proto(semanage_ibpkey_get_con)
++hidden_proto(semanage_ibpkey_set_con)
++hidden_proto(semanage_ibpkey_list_local)
++hidden_proto(semanage_ibpkey_get_subnet_prefix)
++hidden_proto(semanage_ibpkey_get_subnet_prefix_bytes)
++hidden_proto(semanage_ibpkey_set_subnet_prefix)
++hidden_proto(semanage_ibpkey_set_subnet_prefix_bytes)
++
++/* PKEY RECORD: method table */
++extern record_table_t SEMANAGE_IBPKEY_RTABLE;
++
++extern int ibpkey_file_dbase_init(semanage_handle_t *handle,
++ const char *path_ro,
++ const char *path_rw,
++ dbase_config_t *dconfig);
++
++extern void ibpkey_file_dbase_release(dbase_config_t *dconfig);
++
++extern int ibpkey_policydb_dbase_init(semanage_handle_t *handle,
++ dbase_config_t *dconfig);
++
++extern void ibpkey_policydb_dbase_release(dbase_config_t *dconfig);
++
++extern int hidden semanage_ibpkey_validate_local(semanage_handle_t *handle);
++
++/* ==== Internal (to ibpkeys) API === */
++
++hidden int semanage_ibpkey_compare2_qsort(const semanage_ibpkey_t **ibpkey,
++ const semanage_ibpkey_t **ibpkey2);
++
++#endif
+diff --git libsemanage-2.5/src/ibpkey_record.c libsemanage-2.5/src/ibpkey_record.c
+new file mode 100644
+index 0000000..ca5bc76
+--- /dev/null
++++ libsemanage-2.5/src/ibpkey_record.c
+@@ -0,0 +1,182 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc. */
++
++/* Object: semanage_ibpkey_t (Infiniband Pkey)
++ * Object: semanage_ibpkey_key_t (Infiniband Pkey Key)
++ * Implements: record_t (Database Record)
++ * Implements: record_key_t (Database Record Key)
++ */
++
++#include <sepol/context_record.h>
++#include <sepol/ibpkey_record.h>
++
++typedef sepol_context_t semanage_context_t;
++typedef sepol_ibpkey_t semanage_ibpkey_t;
++typedef sepol_ibpkey_key_t semanage_ibpkey_key_t;
++#define _SEMANAGE_IBPKEY_DEFINED_
++#define _SEMANAGE_CONTEXT_DEFINED_
++
++typedef semanage_ibpkey_t record_t;
++typedef semanage_ibpkey_key_t record_key_t;
++#define DBASE_RECORD_DEFINED
++
++#include "ibpkey_internal.h"
++#include "handle.h"
++#include "database.h"
++
++int semanage_ibpkey_compare(const semanage_ibpkey_t *ibpkey,
++ const semanage_ibpkey_key_t *key)
++{
++ return sepol_ibpkey_compare(ibpkey, key);
++}
++
++hidden_def(semanage_ibpkey_compare)
++
++int semanage_ibpkey_compare2(const semanage_ibpkey_t *ibpkey,
++ const semanage_ibpkey_t *ibpkey2)
++{
++ return sepol_ibpkey_compare2(ibpkey, ibpkey2);
++}
++
++hidden_def(semanage_ibpkey_compare2)
++
++hidden int semanage_ibpkey_compare2_qsort(const semanage_ibpkey_t **ibpkey,
++ const semanage_ibpkey_t **ibpkey2)
++{
++ return sepol_ibpkey_compare2(*ibpkey, *ibpkey2);
++}
++
++int semanage_ibpkey_key_create(semanage_handle_t *handle,
++ const char *subnet_prefix,
++ int low, int high,
++ semanage_ibpkey_key_t **key_ptr)
++{
++ return sepol_ibpkey_key_create(handle->sepolh, subnet_prefix, low, high, key_ptr);
++}
++
++int semanage_ibpkey_key_extract(semanage_handle_t *handle,
++ const semanage_ibpkey_t *ibpkey,
++ semanage_ibpkey_key_t **key_ptr)
++{
++ return sepol_ibpkey_key_extract(handle->sepolh, ibpkey, key_ptr);
++}
++
++hidden_def(semanage_ibpkey_key_extract)
++
++void semanage_ibpkey_key_free(semanage_ibpkey_key_t *key)
++{
++ sepol_ibpkey_key_free(key);
++}
++
++hidden_def(semanage_ibpkey_key_free)
++
++int semanage_ibpkey_get_subnet_prefix(semanage_handle_t *handle,
++ const semanage_ibpkey_t *ibpkey,
++ char **subnet_prefix_ptr)
++{
++ return sepol_ibpkey_get_subnet_prefix(handle->sepolh, ibpkey, subnet_prefix_ptr);
++}
++
++hidden_def(semanage_ibpkey_get_subnet_prefix)
++
++uint64_t semanage_ibpkey_get_subnet_prefix_bytes(const semanage_ibpkey_t *ibpkey)
++{
++ return sepol_ibpkey_get_subnet_prefix_bytes(ibpkey);
++}
++
++hidden_def(semanage_ibpkey_get_subnet_prefix_bytes)
++
++int semanage_ibpkey_set_subnet_prefix(semanage_handle_t *handle,
++ semanage_ibpkey_t *ibpkey,
++ const char *subnet_prefix)
++{
++ return sepol_ibpkey_set_subnet_prefix(handle->sepolh, ibpkey, subnet_prefix);
++}
++
++hidden_def(semanage_ibpkey_set_subnet_prefix)
++
++void semanage_ibpkey_set_subnet_prefix_bytes(semanage_ibpkey_t *ibpkey,
++ uint64_t subnet_prefix)
++{
++ return sepol_ibpkey_set_subnet_prefix_bytes(ibpkey, subnet_prefix);
++}
++
++hidden_def(semanage_ibpkey_set_subnet_prefix_bytes)
++
++int semanage_ibpkey_get_low(const semanage_ibpkey_t *ibpkey)
++{
++ return sepol_ibpkey_get_low(ibpkey);
++}
++
++hidden_def(semanage_ibpkey_get_low)
++
++int semanage_ibpkey_get_high(const semanage_ibpkey_t *ibpkey)
++{
++ return sepol_ibpkey_get_high(ibpkey);
++}
++
++hidden_def(semanage_ibpkey_get_high)
++
++void semanage_ibpkey_set_pkey(semanage_ibpkey_t *ibpkey, int ibpkey_num)
++{
++ sepol_ibpkey_set_pkey(ibpkey, ibpkey_num);
++}
++
++hidden_def(semanage_ibpkey_set_pkey)
++
++void semanage_ibpkey_set_range(semanage_ibpkey_t *ibpkey, int low, int high)
++{
++ sepol_ibpkey_set_range(ibpkey, low, high);
++}
++
++hidden_def(semanage_ibpkey_set_range)
++
++semanage_context_t *semanage_ibpkey_get_con(const semanage_ibpkey_t *ibpkey)
++{
++ return sepol_ibpkey_get_con(ibpkey);
++}
++
++hidden_def(semanage_ibpkey_get_con)
++
++int semanage_ibpkey_set_con(semanage_handle_t *handle,
++ semanage_ibpkey_t *ibpkey, semanage_context_t *con)
++{
++ return sepol_ibpkey_set_con(handle->sepolh, ibpkey, con);
++}
++
++hidden_def(semanage_ibpkey_set_con)
++
++int semanage_ibpkey_create(semanage_handle_t *handle,
++ semanage_ibpkey_t **ibpkey_ptr)
++{
++ return sepol_ibpkey_create(handle->sepolh, ibpkey_ptr);
++}
++
++hidden_def(semanage_ibpkey_create)
++
++int semanage_ibpkey_clone(semanage_handle_t *handle,
++ const semanage_ibpkey_t *ibpkey,
++ semanage_ibpkey_t **ibpkey_ptr)
++{
++ return sepol_ibpkey_clone(handle->sepolh, ibpkey, ibpkey_ptr);
++}
++
++hidden_def(semanage_ibpkey_clone)
++
++void semanage_ibpkey_free(semanage_ibpkey_t *ibpkey)
++{
++ sepol_ibpkey_free(ibpkey);
++}
++
++hidden_def(semanage_ibpkey_free)
++
++/* key base functions */
++record_table_t SEMANAGE_IBPKEY_RTABLE = {
++ .create = semanage_ibpkey_create,
++ .key_extract = semanage_ibpkey_key_extract,
++ .key_free = semanage_ibpkey_key_free,
++ .clone = semanage_ibpkey_clone,
++ .compare = semanage_ibpkey_compare,
++ .compare2 = semanage_ibpkey_compare2,
++ .compare2_qsort = semanage_ibpkey_compare2_qsort,
++ .free = semanage_ibpkey_free,
++};
+diff --git libsemanage-2.5/src/ibpkeys_file.c libsemanage-2.5/src/ibpkeys_file.c
+new file mode 100644
+index 0000000..ceaea7a
+--- /dev/null
++++ libsemanage-2.5/src/ibpkeys_file.c
+@@ -0,0 +1,181 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc. */
++
++struct semanage_ibpkey;
++struct semanage_ibpkey_key;
++typedef struct semanage_ibpkey record_t;
++typedef struct semanage_ibpkey_key record_key_t;
++#define DBASE_RECORD_DEFINED
++
++struct dbase_file;
++typedef struct dbase_file dbase_t;
++#define DBASE_DEFINED
++
++#include <stdlib.h>
++#include <stdio.h>
++#include <strings.h>
++#include <semanage/handle.h>
++#include "ibpkey_internal.h"
++#include "context_internal.h"
++#include "database_file.h"
++#include "parse_utils.h"
++#include "debug.h"
++
++static int ibpkey_print(semanage_handle_t *handle,
++ semanage_ibpkey_t *ibpkey, FILE *str)
++{
++ char *con_str = NULL;
++ char *subnet_prefix_str = NULL;
++
++ int low = semanage_ibpkey_get_low(ibpkey);
++ int high = semanage_ibpkey_get_high(ibpkey);
++
++ if (semanage_ibpkey_get_subnet_prefix(handle, ibpkey, &subnet_prefix_str) != 0)
++ goto err;
++
++ semanage_context_t *con = semanage_ibpkey_get_con(ibpkey);
++
++ if (fprintf(str, "ibpkeycon %s ", subnet_prefix_str) < 0)
++ goto err;
++
++ if (low == high) {
++ if (fprintf(str, "%d ", low) < 0)
++ goto err;
++ } else {
++ if (fprintf(str, "%d - %d ", low, high) < 0)
++ goto err;
++ }
++
++ if (semanage_context_to_string(handle, con, &con_str) < 0)
++ goto err;
++ if (fprintf(str, "%s\n", con_str) < 0)
++ goto err;
++
++ free(subnet_prefix_str);
++ free(con_str);
++ return STATUS_SUCCESS;
++
++err:
++ ERR(handle, "could not print ibpkey range (%s) %u - %u to stream",
++ subnet_prefix_str, low, high);
++ free(subnet_prefix_str);
++ free(con_str);
++ return STATUS_ERR;
++}
++
++static int ibpkey_parse(semanage_handle_t *handle,
++ parse_info_t *info, semanage_ibpkey_t *ibpkey)
++{
++ int low, high;
++ char *str = NULL;
++ semanage_context_t *con = NULL;
++
++ if (parse_skip_space(handle, info) < 0)
++ goto err;
++ if (!info->ptr)
++ goto last;
++
++ /* Header */
++ if (parse_assert_str(handle, info, "ibpkeycon") < 0)
++ goto err;
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++
++ /* Subnet Prefix */
++ if (parse_fetch_string(handle, info, &str, ' ') < 0)
++ goto err;
++ if (semanage_ibpkey_set_subnet_prefix(handle, ibpkey, str) < 0)
++ goto err;
++ free(str);
++ str = NULL;
++
++ /* Range/Pkey */
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++ if (parse_fetch_int(handle, info, &low, '-') < 0)
++ goto err;
++
++ /* If range (-) does not follow immediately, require a space
++ * In other words, the space here is optional, but only
++ * in the ranged case, not in the single ibpkey case,
++ * so do a custom test
++ */
++ if (*info->ptr && *info->ptr != '-') {
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++ }
++
++ if (parse_optional_ch(info, '-') != STATUS_NODATA) {
++ if (parse_skip_space(handle, info) < 0)
++ goto err;
++ if (parse_fetch_int(handle, info, &high, ' ') < 0)
++ goto err;
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++ semanage_ibpkey_set_range(ibpkey, low, high);
++ } else {
++ semanage_ibpkey_set_pkey(ibpkey, low);
++ }
++ /* Pkey context */
++ if (parse_fetch_string(handle, info, &str, ' ') < 0)
++ goto err;
++ if (semanage_context_from_string(handle, str, &con) < 0) {
++ ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
++ str, info->filename, info->lineno, info->orig_line);
++ goto err;
++ }
++ if (!con) {
++ ERR(handle, "<<none>> context is not valid for ibpkeys (%s: %u):\n%s",
++ info->filename,
++ info->lineno, info->orig_line);
++ goto err;
++ }
++ free(str);
++ str = NULL;
++
++ if (semanage_ibpkey_set_con(handle, ibpkey, con) < 0)
++ goto err;
++
++ if (parse_assert_space(handle, info) < 0)
++ goto err;
++
++ semanage_context_free(con);
++ return STATUS_SUCCESS;
++
++last:
++ parse_dispose_line(info);
++ return STATUS_NODATA;
++
++err:
++ ERR(handle, "could not parse ibpkey record");
++ free(str);
++ semanage_context_free(con);
++ parse_dispose_line(info);
++ return STATUS_ERR;
++}
++
++/* IBPKEY RECORD: FILE extension: method table */
++record_file_table_t SEMANAGE_IBPKEY_FILE_RTABLE = {
++ .parse = ibpkey_parse,
++ .print = ibpkey_print,
++};
++
++int ibpkey_file_dbase_init(semanage_handle_t *handle,
++ const char *path_ro,
++ const char *path_rw,
++ dbase_config_t *dconfig)
++{
++ if (dbase_file_init(handle,
++ path_ro,
++ path_rw,
++ &SEMANAGE_IBPKEY_RTABLE,
++ &SEMANAGE_IBPKEY_FILE_RTABLE, &dconfig->dbase) < 0)
++ return STATUS_ERR;
++
++ dconfig->dtable = &SEMANAGE_FILE_DTABLE;
++ return STATUS_SUCCESS;
++}
++
++void ibpkey_file_dbase_release(dbase_config_t *dconfig)
++{
++ dbase_file_release(dconfig->dbase);
++}
+diff --git libsemanage-2.5/src/ibpkeys_local.c libsemanage-2.5/src/ibpkeys_local.c
+new file mode 100644
+index 0000000..e194ee0
+--- /dev/null
++++ libsemanage-2.5/src/ibpkeys_local.c
+@@ -0,0 +1,164 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc. */
++
++struct semanage_ibpkey;
++struct semanage_ibpkey_key;
++typedef struct semanage_ibpkey_key record_key_t;
++typedef struct semanage_ibpkey record_t;
++#define DBASE_RECORD_DEFINED
++
++#include <stdlib.h>
++#include <string.h>
++#include <netinet/in.h>
++#include "ibpkey_internal.h"
++#include "debug.h"
++#include "handle.h"
++#include "database.h"
++
++int semanage_ibpkey_modify_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ const semanage_ibpkey_t *data)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_local(handle);
++
++ return dbase_modify(handle, dconfig, key, data);
++}
++
++int semanage_ibpkey_del_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_local(handle);
++
++ return dbase_del(handle, dconfig, key);
++}
++
++int semanage_ibpkey_query_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ semanage_ibpkey_t **response)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_local(handle);
++
++ return dbase_query(handle, dconfig, key, response);
++}
++
++int semanage_ibpkey_exists_local(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ int *response)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_local(handle);
++
++ return dbase_exists(handle, dconfig, key, response);
++}
++
++int semanage_ibpkey_count_local(semanage_handle_t *handle,
++ unsigned int *response)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_local(handle);
++
++ return dbase_count(handle, dconfig, response);
++}
++
++int semanage_ibpkey_iterate_local(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibpkey_t *record,
++ void *varg), void *handler_arg)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_local(handle);
++
++ return dbase_iterate(handle, dconfig, handler, handler_arg);
++}
++
++int semanage_ibpkey_list_local(semanage_handle_t *handle,
++ semanage_ibpkey_t ***records, unsigned int *count)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_local(handle);
++
++ return dbase_list(handle, dconfig, records, count);
++}
++
++hidden_def(semanage_ibpkey_list_local)
++
++int hidden semanage_ibpkey_validate_local(semanage_handle_t *handle)
++{
++ semanage_ibpkey_t **ibpkeys = NULL;
++ unsigned int nibpkeys = 0;
++ unsigned int i = 0, j = 0;
++ uint64_t subnet_prefix;
++ uint64_t subnet_prefix2;
++ char *subnet_prefix_str;
++ char *subnet_prefix_str2;
++ int low, high;
++ int low2, high2;
++
++ /* List and sort the ibpkeys */
++ if (semanage_ibpkey_list_local(handle, &ibpkeys, &nibpkeys) < 0)
++ goto err;
++
++ qsort(ibpkeys, nibpkeys, sizeof(semanage_ibpkey_t *),
++ (int (*)(const void *, const void *))
++ &semanage_ibpkey_compare2_qsort);
++
++ /* Test each ibpkey for overlap */
++ while (i < nibpkeys) {
++ if (STATUS_SUCCESS != semanage_ibpkey_get_subnet_prefix(handle,
++ ibpkeys[i],
++ &subnet_prefix_str)) {
++ ERR(handle, "Couldn't get subnet prefix string");
++ goto err;
++ }
++
++ subnet_prefix = semanage_ibpkey_get_subnet_prefix_bytes(ibpkeys[i]);
++ low = semanage_ibpkey_get_low(ibpkeys[i]);
++ high = semanage_ibpkey_get_high(ibpkeys[i]);
++
++ /* Find the first ibpkey with matching
++ * subnet_prefix to compare against
++ */
++ do {
++ if (j == nibpkeys - 1)
++ goto next;
++ j++;
++
++ if (STATUS_SUCCESS !=
++ semanage_ibpkey_get_subnet_prefix(handle,
++ ibpkeys[j],
++ &subnet_prefix_str2)) {
++ ERR(handle, "Couldn't get subnet prefix string");
++ goto err;
++ }
++ subnet_prefix2 = semanage_ibpkey_get_subnet_prefix_bytes(ibpkeys[j]);
++ low2 = semanage_ibpkey_get_low(ibpkeys[j]);
++ high2 = semanage_ibpkey_get_high(ibpkeys[j]);
++ } while (subnet_prefix != subnet_prefix2);
++
++ /* Overlap detected */
++ if (low2 <= high) {
++ ERR(handle, "ibpkey overlap between ranges "
++ "(%s) %u - %u <--> (%s) %u - %u.",
++ subnet_prefix_str, low, high,
++ subnet_prefix_str2, low2, high2);
++ goto invalid;
++ }
++
++ /* If closest ibpkey of matching subnet prefix doesn't overlap
++ * with test ibpkey, neither do the rest of them, because that's
++ * how the sort function works on ibpkeys - lower bound
++ * ibpkeys come first
++ */
++next:
++ i++;
++ j = i;
++ }
++
++ for (i = 0; i < nibpkeys; i++)
++ semanage_ibpkey_free(ibpkeys[i]);
++ free(ibpkeys);
++ return STATUS_SUCCESS;
++
++err:
++ ERR(handle, "could not complete ibpkeys validity check");
++
++invalid:
++ for (i = 0; i < nibpkeys; i++)
++ semanage_ibpkey_free(ibpkeys[i]);
++ free(ibpkeys);
++ return STATUS_ERR;
++}
+diff --git libsemanage-2.5/src/ibpkeys_policy.c libsemanage-2.5/src/ibpkeys_policy.c
+new file mode 100644
+index 0000000..0956230
+--- /dev/null
++++ libsemanage-2.5/src/ibpkeys_policy.c
+@@ -0,0 +1,52 @@
++/* Copyright (C) 2017 Mellanox Technologies Inc. */
++
++struct semanage_ibpkey;
++struct semanage_ibpkey_key;
++typedef struct semanage_ibpkey_key record_key_t;
++typedef struct semanage_ibpkey record_t;
++#define DBASE_RECORD_DEFINED
++
++#include "ibpkey_internal.h"
++#include "handle.h"
++#include "database.h"
++
++int semanage_ibpkey_query(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key,
++ semanage_ibpkey_t **response)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_policy(handle);
++
++ return dbase_query(handle, dconfig, key, response);
++}
++
++int semanage_ibpkey_exists(semanage_handle_t *handle,
++ const semanage_ibpkey_key_t *key, int *response)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_policy(handle);
++
++ return dbase_exists(handle, dconfig, key, response);
++}
++
++int semanage_ibpkey_count(semanage_handle_t *handle, unsigned int *response)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_policy(handle);
++
++ return dbase_count(handle, dconfig, response);
++}
++
++int semanage_ibpkey_iterate(semanage_handle_t *handle,
++ int (*handler)(const semanage_ibpkey_t *record,
++ void *varg), void *handler_arg)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_policy(handle);
++
++ return dbase_iterate(handle, dconfig, handler, handler_arg);
++}
++
++int semanage_ibpkey_list(semanage_handle_t *handle,
++ semanage_ibpkey_t ***records, unsigned int *count)
++{
++ dbase_config_t *dconfig = semanage_ibpkey_dbase_policy(handle);
++
++ return dbase_list(handle, dconfig, records, count);
++}
+diff --git libsemanage-2.5/src/ibpkeys_policydb.c libsemanage-2.5/src/ibpkeys_policydb.c
+new file mode 100644
+index 0000000..8d73cf6
+--- /dev/null
++++ libsemanage-2.5/src/ibpkeys_policydb.c
+@@ -0,0 +1,62 @@
++/*
++ * Copyright (C) 2017 Mellanox Technologies Inc
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ */
++
++struct semanage_ibpkey;
++struct semanage_ibpkey_key;
++typedef struct semanage_ibpkey record_t;
++typedef struct semanage_ibpkey_key record_key_t;
++#define DBASE_RECORD_DEFINED
++
++struct dbase_policydb;
++typedef struct dbase_policydb dbase_t;
++#define DBASE_DEFINED
++
++#include <sepol/ibpkeys.h>
++#include <semanage/handle.h>
++#include "ibpkey_internal.h"
++#include "debug.h"
++#include "database_policydb.h"
++#include "semanage_store.h"
++
++/* PKEY RECORD (SEPOL): POLICYDB extension : method table */
++record_policydb_table_t SEMANAGE_IBPKEY_POLICYDB_RTABLE = {
++ .add = NULL,
++ .modify = (record_policydb_table_modify_t)sepol_ibpkey_modify,
++ .set = NULL,
++ .query = (record_policydb_table_query_t)sepol_ibpkey_query,
++ .count = (record_policydb_table_count_t)sepol_ibpkey_count,
++ .exists = (record_policydb_table_exists_t)sepol_ibpkey_exists,
++ .iterate = (record_policydb_table_iterate_t)sepol_ibpkey_iterate,
++};
++
++int ibpkey_policydb_dbase_init(semanage_handle_t *handle,
++ dbase_config_t *dconfig)
++{
++ if (dbase_policydb_init(handle,
++ semanage_path(SEMANAGE_ACTIVE, SEMANAGE_STORE_KERNEL),
++ semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL),
++ &SEMANAGE_IBPKEY_RTABLE,
++ &SEMANAGE_IBPKEY_POLICYDB_RTABLE,
++ &dconfig->dbase) < 0)
++ return STATUS_ERR;
++
++ dconfig->dtable = &SEMANAGE_POLICYDB_DTABLE;
++
++ return STATUS_SUCCESS;
++}
++
++void ibpkey_policydb_dbase_release(dbase_config_t *dconfig)
++{
++ dbase_policydb_release(dconfig->dbase);
++}
+diff --git libsemanage-2.5/src/libsemanage.map libsemanage-2.5/src/libsemanage.map
+index 34b553d..ce5b34f 100644
+--- libsemanage-2.5/src/libsemanage.map
++++ libsemanage-2.5/src/libsemanage.map
+@@ -18,6 +18,8 @@ LIBSEMANAGE_1.0 {
+ semanage_root;
+ semanage_user_*; semanage_bool_*; semanage_seuser_*;
+ semanage_iface_*; semanage_port_*; semanage_context_*;
++ semanage_ibpkey_*;
++ semanage_ibendport_*;
+ semanage_node_*;
+ semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
+ semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit;
+@@ -40,10 +42,12 @@ LIBSEMANAGE_1.1 {
+ semanage_module_info_destroy;
+ semanage_module_info_get_priority;
+ semanage_module_info_get_name;
++ semanage_module_info_get_version;
+ semanage_module_info_get_lang_ext;
+ semanage_module_info_get_enabled;
+ semanage_module_info_set_priority;
+ semanage_module_info_set_name;
++ semanage_module_info_set_version;
+ semanage_module_info_set_lang_ext;
+ semanage_module_info_set_enabled;
+ semanage_module_key_create;
+diff --git libsemanage-2.5/src/module_internal.h libsemanage-2.5/src/module_internal.h
+index c99f6c2..d62091a 100644
+--- libsemanage-2.5/src/module_internal.h
++++ libsemanage-2.5/src/module_internal.h
+@@ -11,10 +11,12 @@ hidden_proto(semanage_module_get_name)
+ hidden_proto(semanage_module_info_destroy)
+ hidden_proto(semanage_module_info_get_priority)
+ hidden_proto(semanage_module_info_get_name)
++ hidden_proto(semanage_module_info_get_version)
+ hidden_proto(semanage_module_info_get_lang_ext)
+ hidden_proto(semanage_module_info_get_enabled)
+ hidden_proto(semanage_module_info_set_priority)
+ hidden_proto(semanage_module_info_set_name)
++ hidden_proto(semanage_module_info_set_version)
+ hidden_proto(semanage_module_info_set_lang_ext)
+ hidden_proto(semanage_module_info_set_enabled)
+ hidden_proto(semanage_module_key_create)
+diff --git libsemanage-2.5/src/modules.c libsemanage-2.5/src/modules.c
+index 90c5e49..85285a1 100644
+--- libsemanage-2.5/src/modules.c
++++ libsemanage-2.5/src/modules.c
+@@ -291,6 +291,7 @@ int semanage_module_info_destroy(semanage_handle_t *sh,
+ }
+
+ free(modinfo->name);
++ free(modinfo->module_version);
+ free(modinfo->lang_ext);
+
+ return semanage_module_info_init(sh, modinfo);
+@@ -306,6 +307,7 @@ int semanage_module_info_init(semanage_handle_t *sh,
+
+ modinfo->priority = 0;
+ modinfo->name = NULL;
++ modinfo->module_version = NULL;
+ modinfo->lang_ext = NULL;
+ modinfo->enabled = -1;
+
+@@ -341,6 +343,14 @@ int semanage_module_info_clone(semanage_handle_t *sh,
+ goto cleanup;
+ }
+
++ if (source->module_version != NULL) {
++ ret = semanage_module_info_set_version(sh, target, source->module_version);
++ if (ret != 0) {
++ status = -1;
++ goto cleanup;
++ }
++ }
++
+ ret = semanage_module_info_set_lang_ext(sh, target, source->lang_ext);
+ if (ret != 0) {
+ status = -1;
+@@ -388,6 +398,21 @@ int semanage_module_info_get_name(semanage_handle_t *sh,
+
+ hidden_def(semanage_module_info_get_name)
+
++int semanage_module_info_get_version(semanage_handle_t *sh,
++ semanage_module_info_t *modinfo,
++ const char **version)
++{
++ assert(sh);
++ assert(modinfo);
++ assert(version);
++
++ *version = modinfo->module_version;
++
++ return 0;
++}
++
++hidden_def(semanage_module_info_get_version)
++
+ int semanage_module_info_get_lang_ext(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ const char **lang_ext)
+@@ -470,6 +495,37 @@ int semanage_module_info_set_name(semanage_handle_t *sh,
+
+ hidden_def(semanage_module_info_set_name)
+
++int semanage_module_info_set_version(semanage_handle_t *sh,
++ semanage_module_info_t *modinfo,
++ const char *version)
+{
+ assert(sh);
+ assert(modinfo);
@@ -1829,11 +3889,43 @@ index 8a5c01f..ee3d51d 100644
int enabled; /* module enabled/disabled status */
};
+diff --git libsemanage-2.5/src/policy_components.c libsemanage-2.5/src/policy_components.c
+index d31bd48..896ac51 100644
+--- libsemanage-2.5/src/policy_components.c
++++ libsemanage-2.5/src/policy_components.c
+@@ -137,12 +137,17 @@ int semanage_base_merge_components(semanage_handle_t * handle)
+
+ {semanage_node_dbase_local(handle),
+ semanage_node_dbase_policy(handle), MODE_MODIFY | MODE_SORT},
++
++ {semanage_ibpkey_dbase_local(handle),
++ semanage_ibpkey_dbase_policy(handle), MODE_MODIFY},
++
++ {semanage_ibendport_dbase_local(handle),
++ semanage_ibendport_dbase_policy(handle), MODE_MODIFY},
+ };
+ const unsigned int CCOUNT = sizeof(components) / sizeof(components[0]);
+
+ /* Merge components into policy (and validate) */
+ for (i = 0; i < CCOUNT; i++) {
+-
+ record_t **records = NULL;
+ unsigned int nrecords = 0;
+
+@@ -218,6 +223,8 @@ int semanage_commit_components(semanage_handle_t * handle)
+ semanage_seuser_dbase_policy(handle),
+ semanage_bool_dbase_active(handle),
+ semanage_node_dbase_local(handle),
++ semanage_ibpkey_dbase_local(handle),
++ semanage_ibendport_dbase_local(handle),
+ };
+ const int CCOUNT = sizeof(components) / sizeof(components[0]);
+
diff --git libsemanage-2.5/src/semanage_store.c libsemanage-2.5/src/semanage_store.c
-index fa0876f..4b87d67 100644
+index fa0876f..c13b763 100644
--- libsemanage-2.5/src/semanage_store.c
+++ libsemanage-2.5/src/semanage_store.c
-@@ -95,7 +95,7 @@ static const char *semanage_store_paths[SEMANAGE_NUM_STORES] = {
+@@ -95,23 +95,28 @@ static const char *semanage_store_paths[SEMANAGE_NUM_STORES] = {
static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
"",
"/modules",
@@ -1842,7 +3934,10 @@ index fa0876f..4b87d67 100644
"/homedir_template",
"/file_contexts.template",
"/commit_num",
-@@ -104,8 +104,10 @@ static const char *semanage_sandbox_paths[SEMANAGE_STORE_NUM_PATHS] = {
++ "/pkeys.local",
++ "/ibendports.local",
+ "/ports.local",
+ "/interfaces.local",
"/nodes.local",
"/booleans.local",
"/seusers.local",
@@ -1853,7 +3948,14 @@ index fa0876f..4b87d67 100644
"/users_extra",
"/disable_dontaudit",
"/preserve_tunables",
-@@ -292,6 +294,13 @@ static int semanage_init_final_suffix(semanage_handle_t *sh)
+ "/modules/disabled",
+ "/policy.kern",
+ "/file_contexts.local",
++ "/file_contexts.homedirs",
+ "/file_contexts",
+ "/seusers"
+ };
+@@ -292,6 +297,13 @@ static int semanage_init_final_suffix(semanage_handle_t *sh)
goto cleanup;
}
@@ -1867,7 +3969,7 @@ index fa0876f..4b87d67 100644
semanage_final_suffix[SEMANAGE_FC_HOMEDIRS] =
strdup(selinux_file_context_homedir_path() + offset);
if (semanage_final_suffix[SEMANAGE_FC_HOMEDIRS] == NULL) {
-@@ -300,6 +309,13 @@ static int semanage_init_final_suffix(semanage_handle_t *sh)
+@@ -300,6 +312,13 @@ static int semanage_init_final_suffix(semanage_handle_t *sh)
goto cleanup;
}
@@ -1881,7 +3983,7 @@ index fa0876f..4b87d67 100644
semanage_final_suffix[SEMANAGE_FC_LOCAL] =
strdup(selinux_file_context_local_path() + offset);
if (semanage_final_suffix[SEMANAGE_FC_LOCAL] == NULL) {
-@@ -308,6 +324,13 @@ static int semanage_init_final_suffix(semanage_handle_t *sh)
+@@ -308,6 +327,13 @@ static int semanage_init_final_suffix(semanage_handle_t *sh)
goto cleanup;
}
@@ -1895,7 +3997,7 @@ index fa0876f..4b87d67 100644
semanage_final_suffix[SEMANAGE_NC] =
strdup(selinux_netfilter_context_path() + offset);
if (semanage_final_suffix[SEMANAGE_NC] == NULL) {
-@@ -512,7 +535,6 @@ char *semanage_conf_path(void)
+@@ -512,7 +538,6 @@ char *semanage_conf_path(void)
int semanage_create_store(semanage_handle_t * sh, int create)
{
struct stat sb;
@@ -1903,7 +4005,7 @@ index fa0876f..4b87d67 100644
const char *path = semanage_files[SEMANAGE_ROOT];
int fd;
-@@ -531,9 +553,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -531,9 +556,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
@@ -1915,7 +4017,7 @@ index fa0876f..4b87d67 100644
path);
return -1;
}
-@@ -554,9 +576,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -554,9 +579,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
@@ -1927,7 +4029,7 @@ index fa0876f..4b87d67 100644
path);
return -1;
}
-@@ -577,9 +599,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -577,9 +602,9 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
@@ -1939,7 +4041,7 @@ index fa0876f..4b87d67 100644
path);
return -1;
}
-@@ -598,8 +620,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
+@@ -598,8 +623,8 @@ int semanage_create_store(semanage_handle_t * sh, int create)
return -1;
}
} else {
@@ -1950,7 +4052,7 @@ index fa0876f..4b87d67 100644
return -1;
}
}
-@@ -1137,7 +1159,7 @@ cleanup:
+@@ -1137,7 +1162,7 @@ cleanup:
free(all_modinfos);
if (status != 0) {
@@ -1959,7 +4061,7 @@ index fa0876f..4b87d67 100644
semanage_module_info_destroy(sh, &(*modinfo)[i]);
}
free(*modinfo);
-@@ -1491,6 +1513,45 @@ static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
+@@ -1491,6 +1516,45 @@ static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
return 0;
}
@@ -2005,7 +4107,7 @@ index fa0876f..4b87d67 100644
/* Load the contexts of the final tmp into the final selinux directory.
* Return 0 on success, -3 on error.
*/
-@@ -1566,35 +1627,6 @@ static int semanage_install_final_tmp(semanage_handle_t * sh)
+@@ -1566,35 +1630,6 @@ static int semanage_install_final_tmp(semanage_handle_t * sh)
}
skip_reload:
@@ -2041,7 +4143,7 @@ index fa0876f..4b87d67 100644
status = 0;
cleanup:
return status;
-@@ -1737,6 +1769,9 @@ int semanage_install_sandbox(semanage_handle_t * sh)
+@@ -1737,6 +1772,9 @@ int semanage_install_sandbox(semanage_handle_t * sh)
goto cleanup;
}
@@ -2051,7 +4153,7 @@ index fa0876f..4b87d67 100644
if ((commit_num = semanage_commit_sandbox(sh)) < 0) {
retval = commit_num;
goto cleanup;
-@@ -2003,9 +2038,10 @@ int semanage_load_files(semanage_handle_t * sh, cil_db_t *cildb, char **filename
+@@ -2003,9 +2041,10 @@ int semanage_load_files(semanage_handle_t * sh, cil_db_t *cildb, char **filename
*/
/**
@@ -2064,7 +4166,7 @@ index fa0876f..4b87d67 100644
{
int retval = STATUS_ERR;
-@@ -2014,7 +2050,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
+@@ -2014,7 +2053,7 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
FILE *infile = NULL;
if ((kernel_filename =
@@ -2073,7 +4175,7 @@ index fa0876f..4b87d67 100644
goto cleanup;
}
if ((infile = fopen(kernel_filename, "r")) == NULL) {
-@@ -2044,9 +2080,10 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
+@@ -2044,18 +2083,20 @@ int semanage_read_policydb(semanage_handle_t * sh, sepol_policydb_t * in)
return retval;
}
/**
@@ -2086,8 +4188,10 @@ index fa0876f..4b87d67 100644
{
int retval = STATUS_ERR;
-@@ -2055,7 +2092,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
+ const char *kernel_filename = NULL;
+ struct sepol_policy_file *pf = NULL;
FILE *outfile = NULL;
++ mode_t mask = umask(0077);
if ((kernel_filename =
- semanage_path(SEMANAGE_TMP, SEMANAGE_STORE_KERNEL)) == NULL) {
@@ -2095,11 +4199,26 @@ index fa0876f..4b87d67 100644
goto cleanup;
}
if ((outfile = fopen(kernel_filename, "wb")) == NULL) {
+@@ -2081,6 +2122,7 @@ int semanage_write_policydb(semanage_handle_t * sh, sepol_policydb_t * out)
+ if (outfile != NULL) {
+ fclose(outfile);
+ }
++ umask(mask);
+ sepol_policy_file_free(pf);
+ return retval;
+ }
diff --git libsemanage-2.5/src/semanage_store.h libsemanage-2.5/src/semanage_store.h
-index acb6e3f..0b96fbe 100644
+index acb6e3f..34bf852 100644
--- libsemanage-2.5/src/semanage_store.h
+++ libsemanage-2.5/src/semanage_store.h
-@@ -49,8 +49,10 @@ enum semanage_sandbox_defs {
+@@ -44,19 +44,24 @@ enum semanage_sandbox_defs {
+ SEMANAGE_HOMEDIR_TMPL,
+ SEMANAGE_FC_TMPL,
+ SEMANAGE_COMMIT_NUM_FILE,
++ SEMANAGE_IBPKEYS_LOCAL,
++ SEMANAGE_IBENDPORTS_LOCAL,
+ SEMANAGE_PORTS_LOCAL,
+ SEMANAGE_INTERFACES_LOCAL,
SEMANAGE_NODES_LOCAL,
SEMANAGE_BOOLEANS_LOCAL,
SEMANAGE_SEUSERS_LOCAL,
@@ -2110,7 +4229,14 @@ index acb6e3f..0b96fbe 100644
SEMANAGE_USERS_EXTRA,
SEMANAGE_DISABLE_DONTAUDIT,
SEMANAGE_PRESERVE_TUNABLES,
-@@ -71,8 +73,11 @@ enum semanage_final_defs {
+ SEMANAGE_MODULES_DISABLED,
+ SEMANAGE_STORE_KERNEL,
+ SEMANAGE_STORE_FC_LOCAL,
++ SEMANAGE_STORE_FC_HOMEDIRS,
+ SEMANAGE_STORE_FC,
+ SEMANAGE_STORE_SEUSERS,
+ SEMANAGE_STORE_NUM_PATHS
+@@ -71,8 +76,11 @@ enum semanage_final_defs {
enum semanage_final_path_defs {
SEMANAGE_FINAL_TOPLEVEL,
SEMANAGE_FC,
@@ -2122,7 +4248,7 @@ index acb6e3f..0b96fbe 100644
SEMANAGE_KERNEL,
SEMANAGE_NC,
SEMANAGE_SEUSERS,
-@@ -126,10 +131,12 @@ int semanage_load_files(semanage_handle_t * sh,
+@@ -126,10 +134,12 @@ int semanage_load_files(semanage_handle_t * sh,
cil_db_t *cildb, char **filenames, int num_modules);
int semanage_read_policydb(semanage_handle_t * sh,
@@ -2137,6 +4263,120 @@ index acb6e3f..0b96fbe 100644
int semanage_install_sandbox(semanage_handle_t * sh);
+diff --git libsemanage-2.5/src/semanageswig.i libsemanage-2.5/src/semanageswig.i
+index 583b7d8..ebf39cf 100644
+--- libsemanage-2.5/src/semanageswig.i
++++ libsemanage-2.5/src/semanageswig.i
+@@ -39,6 +39,12 @@
+ %include "../include/semanage/port_record.h"
+ %include "../include/semanage/ports_local.h"
+ %include "../include/semanage/ports_policy.h"
++%include "../include/semanage/ibpkey_record.h"
++%include "../include/semanage/ibpkeys_local.h"
++%include "../include/semanage/ibpkeys_policy.h"
++%include "../include/semanage/ibendport_record.h"
++%include "../include/semanage/ibendports_local.h"
++%include "../include/semanage/ibendports_policy.h"
+ %include "../include/semanage/fcontext_record.h"
+ %include "../include/semanage/fcontexts_local.h"
+ %include "../include/semanage/fcontexts_policy.h"
+diff --git libsemanage-2.5/src/semanageswig_python.i libsemanage-2.5/src/semanageswig_python.i
+index 1346b2e..8604b8a 100644
+--- libsemanage-2.5/src/semanageswig_python.i
++++ libsemanage-2.5/src/semanageswig_python.i
+@@ -437,6 +437,92 @@
+ $1 = &temp;
+ }
+
++/** ibpkey typemaps **/
++
++/* the wrapper will setup this parameter for passing... the resulting python functions
++ will not take the semanage_ibpkey_t *** parameter */
++%typemap(in, numinputs=0) semanage_ibpkey_t ***(semanage_ibpkey_t **temp=NULL) {
++ $1 = &temp;
++}
++
++%typemap(argout) (
++ semanage_handle_t* handle,
++ semanage_ibpkey_t*** records,
++ unsigned int* count) {
++
++ if ($result) {
++ int value;
++ SWIG_AsVal_int($result, &value);
++ if (value >= 0) {
++ PyObject* plist = NULL;
++ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_ibpkey,
++ (void (*) (void*)) &semanage_ibpkey_free, &plist) < 0)
++ $result = SWIG_From_int(STATUS_ERR);
++ else
++ $result = SWIG_Python_AppendOutput($result, plist);
++ }
++ }
++}
++
++%typemap(in, numinputs=0) semanage_ibpkey_t **(semanage_ibpkey_t *temp=NULL) {
++ $1 = &temp;
++}
++
++%typemap(argout) semanage_ibpkey_t ** {
++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
++}
++
++%typemap(argout) semanage_ibpkey_key_t ** {
++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
++}
++
++%typemap(in, numinputs=0) semanage_ibpkey_key_t **(semanage_ibpkey_key_t *temp=NULL) {
++ $1 = &temp;
++}
++
++/** ibendport typemaps **/
++
++/* the wrapper will setup this parameter for passing... the resulting python functions
++ will not take the semanage_ibendport_t *** parameter */
++%typemap(in, numinputs=0) semanage_ibendport_t ***(semanage_ibendport_t **temp=NULL) {
++ $1 = &temp;
++}
++
++%typemap(argout) (
++ semanage_handle_t* handle,
++ semanage_ibendport_t*** records,
++ unsigned int* count) {
++
++ if ($result) {
++ int value;
++ SWIG_AsVal_int($result, &value);
++ if (value >= 0) {
++ PyObject* plist = NULL;
++ if (semanage_array2plist($1, (void**) *$2, *$3, SWIGTYPE_p_semanage_ibendport,
++ (void (*) (void*)) &semanage_ibendport_free, &plist) < 0)
++ $result = SWIG_From_int(STATUS_ERR);
++ else
++ $result = SWIG_Python_AppendOutput($result, plist);
++ }
++ }
++}
++
++%typemap(in, numinputs=0) semanage_ibendport_t **(semanage_ibendport_t *temp=NULL) {
++ $1 = &temp;
++}
++
++%typemap(argout) semanage_ibendport_t ** {
++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
++}
++
++%typemap(argout) semanage_ibendport_key_t ** {
++ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(*$1, $*1_descriptor, 0));
++}
++
++%typemap(in, numinputs=0) semanage_ibendport_key_t **(semanage_ibendport_key_t *temp=NULL) {
++ $1 = &temp;
++}
++
+ /** node typemaps **/
+
+ /* the wrapper will setup this parameter for passing... the resulting python functions
diff --git libsemanage-2.5/tests/.gitignore libsemanage-2.5/tests/.gitignore
new file mode 100644
index 0000000..f07111d
@@ -2145,7 +4385,7 @@ index 0000000..f07111d
@@ -0,0 +1 @@
+libsemanage-tests
diff --git libsemanage-2.5/utils/semanage_migrate_store libsemanage-2.5/utils/semanage_migrate_store
-index 0ebd285..7965980 100755
+index 0ebd285..fe6b5a9 100755
--- libsemanage-2.5/utils/semanage_migrate_store
+++ libsemanage-2.5/utils/semanage_migrate_store
@@ -218,7 +218,7 @@ if __name__ == "__main__":
@@ -2166,3 +4406,14 @@ index 0ebd285..7965980 100755
ROOT = options.root
if ROOT is None:
+@@ -253,7 +253,9 @@ if __name__ == "__main__":
+ "preserve_tunables",
+ "policy.kern",
+ "file_contexts",
+- "homedir_template"]
++ "homedir_template",
++ "pkeys.local",
++ "ibendports.local"]
+
+
+ create_dir(newroot_path(), 0o755)
diff --git a/SPECS/libsemanage.spec b/SPECS/libsemanage.spec
index 601d6ef..eb09964 100644
--- a/SPECS/libsemanage.spec
+++ b/SPECS/libsemanage.spec
@@ -1,17 +1,17 @@
%global with_python3 0
%{!?python_sitearch: %global python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print (get_python_lib(1))")}
-%define libsepolver 2.5-3
-%define libselinuxver 2.5-6
+%define libsepolver 2.5-8
+%define libselinuxver 2.5-12
Summary: SELinux binary policy manipulation library
Name: libsemanage
Version: 2.5
-Release: 8%{?dist}
+Release: 11%{?dist}
License: LGPLv2+
Group: System Environment/Libraries
Source: https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20160223/libsemanage-2.5.tar.gz
-# HEAD acbfeb5f48dec866485b0fe72be6860ec8526809
+# HEAD 5a336c116e3808e21a2334671fffed73348111c9
Patch1: libsemanage-rhel.patch
URL: https://github.com/SELinuxProject/selinux/wiki
Source1: semanage.conf
@@ -26,6 +26,8 @@ BuildRequires: python3 python3-devel
%endif # if with_python3
Requires: bzip2-libs audit-libs
+Requires: libselinux >= %{libselinuxver}
+Requires: libsepol >= %{libsepolver}
Conflicts: selinux-policy-base < 3.13.1-66
%description
@@ -191,6 +193,18 @@ rm -rf ${RPM_BUILD_ROOT}
%endif # if with_python3
%changelog
+* Tue Feb 27 2018 Vit Mojzis <vmojzis@redhat.com> - 2.5-11
+- Add dependencies on libselinux and libsemanage (#1548020)
+
+* Wed Nov 29 2017 Petr Lautrbach <plautrba@redhat.com> - 2.5-10
+- Use umask(0077) for fopen() write operations (#1512639, #1512014)
+
+* Wed Oct 18 2017 Vit Mojzis <vmojzis@redhat.com> - 2.5-9
+- Update semanage to allow runtime labeling of Infiniband Pkeys (#1466274)
+- Update semanage to allow runtime labeling of ibendports (#1466274)
+- Keep copy of file_contexts.homedirs in policy store (#1409813)
+- Add support for listing fcontext.homedirs file (#1409813)
+
* Wed May 03 2017 Petr Lautrbach <plautrba@redhat.com> - 2.5-8
- Save linked policy, skip re-link when possible
- Replace access(,F_OK) checks to make setuid programs work (#1186431)