From 8838471798b34ce9147ab6fbee50e4f3c5ede920 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 10 2018 05:38:51 +0000
Subject: import setools-3.3.8-2.el7


---

diff --git a/SOURCES/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch b/SOURCES/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
deleted file mode 100644
index 51a1e01..0000000
--- a/SOURCES/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 852dfaa124379e84f6363c30c0ef56f00fa4b235 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 15:40:28 -0400
-Subject: [PATCH 01/11] Since-we-do-not-ship-neverallow-rules-all-always-fail
-
----
- libqpol/src/avrule_query.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
-index 749565b..76dcaa3 100644
---- a/libqpol/src/avrule_query.c
-+++ b/libqpol/src/avrule_query.c
-@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
- 
- 	if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
- 		ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
--		errno = ENOTSUP;
--		return STATUS_ERR;
-+/*		errno = ENOTSUP;
-+		return STATUS_ERR; */
-+		return STATUS_SUCCESS;
- 	}
- 
- 	db = &policy->p->p;
--- 
-1.8.5.3
-
diff --git a/SOURCES/0001-libqpol-Do-not-fail-on-neverallow-rule-query.patch b/SOURCES/0001-libqpol-Do-not-fail-on-neverallow-rule-query.patch
new file mode 100644
index 0000000..0725857
--- /dev/null
+++ b/SOURCES/0001-libqpol-Do-not-fail-on-neverallow-rule-query.patch
@@ -0,0 +1,35 @@
+From b00d11c941b689fbf3441e80b318c6a05c6657e4 Mon Sep 17 00:00:00 2001
+From: Vit Mojzis <vmojzis@redhat.com>
+Date: Thu, 19 Oct 2017 15:17:21 +0200
+Subject: [PATCH] libqpol: Do not fail on neverallow rule query
+
+Drawing upon the conclusion from:
+
+77bd0f2103e8f02f02ba75dd5fd5ceb263d4f878
+No need to take into account the policy capabilities in sesearch code,
+the lower levels in the library handle it correctly. (fixes Fedora
+bug #526460)
+---
+ libqpol/src/avrule_query.c | 6 ------
+ 1 file changed, 6 deletions(-)
+
+diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
+index 749565b..c2dd010 100644
+--- a/libqpol/src/avrule_query.c
++++ b/libqpol/src/avrule_query.c
+@@ -55,12 +55,6 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
+ 	}
+ #endif
+ 
+-	if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
+-		ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
+-		errno = ENOTSUP;
+-		return STATUS_ERR;
+-	}
+-
+ 	db = &policy->p->p;
+ 
+ 	state = calloc(1, sizeof(avtab_state_t));
+-- 
+2.9.4
+
diff --git a/SPECS/setools.spec b/SPECS/setools.spec
index b47f704..68d830b 100644
--- a/SPECS/setools.spec
+++ b/SPECS/setools.spec
@@ -4,7 +4,7 @@
 
 Name: setools
 Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 1.1%{?dist}
+Release: 2%{?dist}
 License: GPLv2
 URL: http://oss.tresys.com/projects/setools
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@@ -17,7 +17,7 @@ Source: setools-%{version}-%{gitver}.tar.bz2
 Source1: setools.pam
 Source2: apol.desktop
 Source3: seaudit.desktop
-Patch1: 0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
+Patch1: 0001-libqpol-Do-not-fail-on-neverallow-rule-query.patch 
 Patch2: 0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch
 Patch4: 0004-Apply-selinux_current_policy_path-patch.patch
 Patch5: 0005-Apply-seaudit-patch-for-progress.c.patch
@@ -37,8 +37,8 @@ Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{r
 %define autoconf_ver 2.59
 %define bwidget_ver 1.8
 %define gtk_ver 2.8
-%define sepol_ver 2.5-0
-%define selinux_ver 2.5-0
+%define sepol_ver 2.5-8
+%define selinux_ver 2.5-12
 %define sqlite_ver 3.2.0
 %define swig_ver 2.0.7-3
 %define tcltk_ver 8.4.9
@@ -291,6 +291,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %postun libs-tcl -p /sbin/ldconfig
 
 %changelog
+* Thu Oct 19 2017 Vit Mojzis <vmojzis@redhat.com> - 3.3.8-2
+- libqpol: Do not fail on neverallow rule query
+
 * Mon May 23 2016 Petr Lautrbach <plautrba@redhat.com> - 3.3.8-1.1
 - Rebase to the latest setools3 sources