diff --git a/.gitignore b/.gitignore
index 01ea9af..9e78a0d 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/setools-3.3.7.tar.bz2
+SOURCES/setools-3.3.8-f1e5b20.tar.bz2
diff --git a/.setools.metadata b/.setools.metadata
index af47a1e..4ed9316 100644
--- a/.setools.metadata
+++ b/.setools.metadata
@@ -1 +1 @@
-5117f4ffb7eb34dcb08760fae89c6d5a5d3bfd3b SOURCES/setools-3.3.7.tar.bz2
+4b9c3d82dc45170a05d5ebbdb171d81c2f2a87f5 SOURCES/setools-3.3.8-f1e5b20.tar.bz2
diff --git a/SOURCES/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch b/SOURCES/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
new file mode 100644
index 0000000..51a1e01
--- /dev/null
+++ b/SOURCES/0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
@@ -0,0 +1,28 @@
+From 852dfaa124379e84f6363c30c0ef56f00fa4b235 Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Tue, 20 Sep 2011 15:40:28 -0400
+Subject: [PATCH 01/11] Since-we-do-not-ship-neverallow-rules-all-always-fail
+
+---
+ libqpol/src/avrule_query.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
+index 749565b..76dcaa3 100644
+--- a/libqpol/src/avrule_query.c
++++ b/libqpol/src/avrule_query.c
+@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
+
+ if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
+ ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
+- errno = ENOTSUP;
+- return STATUS_ERR;
++/* errno = ENOTSUP;
++ return STATUS_ERR; */
++ return STATUS_SUCCESS;
+ }
+
+ db = &policy->p->p;
+--
+1.8.5.3
+
diff --git a/SOURCES/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/SOURCES/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch
new file mode 100644
index 0000000..882a127
--- /dev/null
+++ b/SOURCES/0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch
@@ -0,0 +1,34 @@
+From 0332c009bd0581ab9a75a4ea80af92bb2d6b8b1f Mon Sep 17 00:00:00 2001
+From: Dan Walsh <dwalsh@redhat.com>
+Date: Tue, 20 Sep 2011 15:46:38 -0400
+Subject: [PATCH 02/11] Fix sepol calls to work with latest libsepol
+
+---
+ configure.ac | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 577ce48..2a5b55b 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -521,7 +521,7 @@ else
+ [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+- return role_set_expand(NULL, NULL, NULL, NULL);
++ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
+ }])],
+ sepol_new_user_role_mapping="yes",
+ sepol_new_user_role_mapping="no")
+@@ -578,7 +578,7 @@ if test ${sepol_check_boolmap} = "yes"; then
+ [AC_LANG_SOURCE([
+ #include <sepol/policydb/expand.h>
+ int main () {
+- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
++ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
+ }])],
+ AC_MSG_RESULT([yes]),
+ AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
+--
+1.8.5.3
+
diff --git a/SOURCES/0002-setools-should-exit-with-an-error-status-if-it-gets-.patch b/SOURCES/0002-setools-should-exit-with-an-error-status-if-it-gets-.patch
deleted file mode 100644
index 62a8050..0000000
--- a/SOURCES/0002-setools-should-exit-with-an-error-status-if-it-gets-.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From 667fe9187c203ffcba855e821dff11c8f71ef000 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 15:39:51 -0400
-Subject: [PATCH 2/6] setools-should-exit-with-an-error-status-if-it-gets-an
- error
-
----
- secmds/seinfo.c | 51 +++++++++++++++++++++++++++------------------------
- 1 files changed, 27 insertions(+), 24 deletions(-)
-
-diff --git a/secmds/seinfo.c b/secmds/seinfo.c
-index fdf23e9..3088f88 100644
---- a/secmds/seinfo.c
-+++ b/secmds/seinfo.c
-@@ -827,7 +827,7 @@ static int print_sens(FILE * fp, const char *name, int expand, const apol_policy
- */
- static int print_cats(FILE * fp, const char *name, int expand, const apol_policy_t * policydb)
- {
-- int retval = 0;
-+ int retval = -1;
- apol_cat_query_t *query = NULL;
- apol_vector_t *v = NULL;
- const qpol_cat_t *cat_datum = NULL;
-@@ -911,9 +911,10 @@ static int print_fsuse(FILE * fp, const char *type, const apol_policy_t * policy
- fprintf(fp, " %s\n", tmp);
- free(tmp);
- }
-- if (type && !apol_vector_get_size(v))
-+ if (type && !apol_vector_get_size(v)) {
- ERR(policydb, "No fs_use statement for filesystem of type %s.", type);
--
-+ goto cleanup;
-+ }
- retval = 0;
- cleanup:
- apol_fs_use_query_destroy(&query);
-@@ -949,7 +950,6 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
- ERR(policydb, "%s", strerror(ENOMEM));
- goto cleanup;
- }
--
- if (apol_genfscon_query_set_filesystem(policydb, query, type))
- goto cleanup;
- if (apol_genfscon_get_by_query(policydb, query, &v))
-@@ -967,8 +967,10 @@ static int print_genfscon(FILE * fp, const char *type, const apol_policy_t * pol
- free(tmp);
- }
-
-- if (type && !apol_vector_get_size(v))
-+ if (type && !apol_vector_get_size(v)) {
- ERR(policydb, "No genfscon statement for filesystem of type %s.", type);
-+ goto cleanup;
-+ }
-
- retval = 0;
- cleanup:
-@@ -1646,6 +1648,7 @@ cleanup: // close and destroy iterators etc.
-
- int main(int argc, char **argv)
- {
-+ int rc = 0;
- int classes, types, attribs, roles, users, all, expand, stats, rt, optc, isids, bools, sens, cats, fsuse, genfs, netif,
- node, port, permissives, polcaps, constrain, linebreaks;
- apol_policy_t *policydb = NULL;
-@@ -1851,46 +1854,46 @@ int main(int argc, char **argv)
-
- /* display requested info */
- if (stats || all)
-- print_stats(stdout, policydb);
-+ rc = print_stats(stdout, policydb);
- if (classes || all)
-- print_classes(stdout, class_name, expand, policydb);
-+ rc = print_classes(stdout, class_name, expand, policydb);
- if (types || all)
-- print_types(stdout, type_name, expand, policydb);
-+ rc = print_types(stdout, type_name, expand, policydb);
- if (attribs || all)
-- print_attribs(stdout, attrib_name, expand, policydb);
-+ rc = print_attribs(stdout, attrib_name, expand, policydb);
- if (roles || all)
-- print_roles(stdout, role_name, expand, policydb);
-+ rc = print_roles(stdout, role_name, expand, policydb);
- if (users || all)
-- print_users(stdout, user_name, expand, policydb);
-+ rc = print_users(stdout, user_name, expand, policydb);
- if (bools || all)
-- print_booleans(stdout, bool_name, expand, policydb);
-+ rc = print_booleans(stdout, bool_name, expand, policydb);
- if (sens || all)
-- print_sens(stdout, sens_name, expand, policydb);
-+ rc = print_sens(stdout, sens_name, expand, policydb);
- if (cats || all)
-- print_cats(stdout, cat_name, expand, policydb);
-+ rc = print_cats(stdout, cat_name, expand, policydb);
- if (fsuse || all)
-- print_fsuse(stdout, fsuse_type, policydb);
-+ rc = print_fsuse(stdout, fsuse_type, policydb);
- if (genfs || all)
-- print_genfscon(stdout, genfs_type, policydb);
-+ rc = print_genfscon(stdout, genfs_type, policydb);
- if (netif || all)
-- print_netifcon(stdout, netif_name, policydb);
-+ rc = print_netifcon(stdout, netif_name, policydb);
- if (node || all)
-- print_nodecon(stdout, node_addr, policydb);
-+ rc = print_nodecon(stdout, node_addr, policydb);
- if (port || all)
-- print_portcon(stdout, port_num, protocol, policydb);
-+ rc = print_portcon(stdout, port_num, protocol, policydb);
- if (isids || all)
-- print_isids(stdout, isid_name, expand, policydb);
-+ rc = print_isids(stdout, isid_name, expand, policydb);
- if (permissives || all)
-- print_permissives(stdout, permissive_name, expand, policydb);
-+ rc = print_permissives(stdout, permissive_name, expand, policydb);
- if (polcaps || all)
-- print_polcaps(stdout, polcap_name, expand, policydb);
-+ rc = print_polcaps(stdout, polcap_name, expand, policydb);
- if (constrain || all)
-- print_constraints(stdout, expand, policydb, linebreaks);
-+ rc = print_constraints(stdout, expand, policydb, linebreaks);
-
- apol_policy_destroy(&policydb);
- apol_policy_path_destroy(&pol_path);
- free(policy_file);
-- exit(0);
-+ exit(rc);
- }
-
- /**
---
-1.7.6.2
-
diff --git a/SOURCES/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch b/SOURCES/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
deleted file mode 100644
index ae30696..0000000
--- a/SOURCES/0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-From 252b7c8bf311d615164a20f4f402767e5859d972 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 15:40:28 -0400
-Subject: [PATCH 3/6] Since-we-do-not-ship-neverallow-rules-all-always-fail
-
----
- libqpol/src/avrule_query.c | 5 +++--
- 1 files changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/libqpol/src/avrule_query.c b/libqpol/src/avrule_query.c
-index 749565b..76dcaa3 100644
---- a/libqpol/src/avrule_query.c
-+++ b/libqpol/src/avrule_query.c
-@@ -57,8 +57,9 @@ int qpol_policy_get_avrule_iter(const qpol_policy_t * policy, uint32_t rule_type
-
- if ((rule_type_mask & QPOL_RULE_NEVERALLOW) && !qpol_policy_has_capability(policy, QPOL_CAP_NEVERALLOW)) {
- ERR(policy, "%s", "Cannot get avrules: Neverallow rules requested but not available");
-- errno = ENOTSUP;
-- return STATUS_ERR;
-+/* errno = ENOTSUP;
-+ return STATUS_ERR; */
-+ return STATUS_SUCCESS;
- }
-
- db = &policy->p->p;
---
-1.7.6.2
-
diff --git a/SOURCES/0004-Apply-selinux_current_policy_path-patch.patch b/SOURCES/0004-Apply-selinux_current_policy_path-patch.patch
new file mode 100644
index 0000000..14cdbb6
--- /dev/null
+++ b/SOURCES/0004-Apply-selinux_current_policy_path-patch.patch
@@ -0,0 +1,97 @@
+From 85a12d481d664120865b46cd1c4c325307179471 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 11 Apr 2014 10:53:54 +0200
+Subject: [PATCH 04/11] Apply selinux_current_policy_path patch
+
+---
+ libqpol/src/util.c | 73 ++++--------------------------------------------------
+ 1 file changed, 5 insertions(+), 68 deletions(-)
+
+diff --git a/libqpol/src/util.c b/libqpol/src/util.c
+index 7c49876..8f74b2b 100644
+--- a/libqpol/src/util.c
++++ b/libqpol/src/util.c
+@@ -84,75 +84,12 @@ static int get_binpol_version(const char *policy_fname)
+
+ static int search_policy_binary_file(char **path)
+ {
+- const char *binary_path;
+- if ((binary_path = selinux_binary_policy_path()) == NULL) {
+- return -1;
+- }
+-
+- int expected_version = -1, latest_version = -1;
+-#ifdef LIBSELINUX
+- /* if the system has SELinux enabled, prefer the policy whose
+- name matches the current policy version */
+- if ((expected_version = security_policyvers()) < 0) {
+- return -1;
+- }
+-#endif
+-
+- glob_t glob_buf;
+- struct stat fs;
+- int rt, error = 0, retval = -1;
+- size_t i;
+- char *pattern = NULL;
+- if (asprintf(&pattern, "%s.*", binary_path) < 0) {
+- return -1;
+- }
+- glob_buf.gl_offs = 1;
+- glob_buf.gl_pathc = 0;
+- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
+- if (rt != 0 && rt != GLOB_NOMATCH) {
+- errno = EIO;
+- return -1;
+- }
+-
+- for (i = 0; i < glob_buf.gl_pathc; i++) {
+- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
+- if (stat(p, &fs) != 0) {
+- error = errno;
+- goto cleanup;
+- }
+- if (S_ISDIR(fs.st_mode))
+- continue;
+-
+- if ((rt = get_binpol_version(p)) < 0) {
+- error = errno;
+- goto cleanup;
+- }
+-
+- if (rt > latest_version || rt == expected_version) {
+- free(*path);
+- if ((*path = strdup(p)) == NULL) {
+- error = errno;
+- goto cleanup;
+- }
+- if (rt == expected_version) {
+- break;
+- }
+- latest_version = rt;
+- }
+- }
+-
+- if (*path == NULL) {
+- retval = 1;
+- } else {
+- retval = 0;
+- }
+- cleanup:
+- free(pattern);
+- globfree(&glob_buf);
+- if (retval == -1) {
+- errno = error;
++ const char *binary_path = selinux_current_policy_path();
++ if (binary_path) {
++ *path = strdup(binary_path);
++ if (*path) return 0;
+ }
+- return retval;
++ return -1;
+ }
+
+ int qpol_default_policy_find(char **path)
+--
+1.8.5.3
+
diff --git a/SOURCES/0004-Fix-man-pages-and-getoptions.patch b/SOURCES/0004-Fix-man-pages-and-getoptions.patch
deleted file mode 100644
index c06270e..0000000
--- a/SOURCES/0004-Fix-man-pages-and-getoptions.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From b3c8ef5822dbf3e3272fc29627ddac7e20e936d5 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 15:41:12 -0400
-Subject: [PATCH 4/6] Fix-man-pages-and-getoptions
-
----
- man/replcon.1 | 2 ++
- man/seinfo.1 | 6 +++++-
- seaudit/seaudit-report.c | 2 +-
- sediff/sediff.c | 2 +-
- 4 files changed, 9 insertions(+), 3 deletions(-)
-
-diff --git a/man/replcon.1 b/man/replcon.1
-index 8aca08a..478dc51 100644
---- a/man/replcon.1
-+++ b/man/replcon.1
-@@ -44,6 +44,8 @@ Search for files which include PATH.
- .IP "-c CLASS, --class=CLASS"
- Search only files of object class CLASS.
- .SH OPTIONS
-+.IP "-R, --regex"
-+Enable regular expressions
- .IP "-v, --verbose"
- Display context info during replacement.
- .IP "-h, --help"
-diff --git a/man/seinfo.1 b/man/seinfo.1
-index 8612119..6bc17db 100644
---- a/man/seinfo.1
-+++ b/man/seinfo.1
-@@ -76,6 +76,10 @@ There is no expanded information for this component.
- .IP "--nodecon[=ADDR]"
- Print a list of node contexts or, if ADDR is provided, print the statement for the node with address ADDR.
- There is no expanded information for this component.
-+.IP "--polcap"
-+Print policy capabilities.
-+.IP "--permissive"
-+Print permissive types.
- .IP "--portcon[=PORT]"
- Print a list of port contexts or, if PORT is provided, print the statement for port PORT.
- There is no expanded information for this component.
-@@ -93,7 +97,7 @@ These details include the types assigned to an attribute or role and the permiss
- This option is not available for all component types; see the description of each component for the details this option will provide.
- .IP "--stats"
- Print policy statistics including policy type and version information and counts of all components and rules.
--.IP "-l"
-+.IP "-l, --line-breaks"
- Print line breaks when displaying constraint statements.
- .IP "-h, --help"
- Print help information and exit.
-diff --git a/seaudit/seaudit-report.c b/seaudit/seaudit-report.c
-index af3c6fb..d436c18 100644
---- a/seaudit/seaudit-report.c
-+++ b/seaudit/seaudit-report.c
-@@ -100,7 +100,7 @@ static void seaudit_report_info_usage(const char *program_name, int brief)
- printf(" -s, --stdin read log data from standard input\n");
- printf(" -m, --malformed include malformed log messages\n");
- printf(" -o FILE, --output=FILE output to FILE\n");
-- printf(" --config=FILE read configuration from FILE\n");
-+ printf(" -c FILE, --config=FILE read configuration from FILE\n");
- printf(" --html set output format to HTML\n");
- printf(" --stylesheet=FILE HTML style sheet for formatting HTML report\n");
- printf(" (ignored if --html is not given)\n");
-diff --git a/sediff/sediff.c b/sediff/sediff.c
-index 6022775..341c650 100644
---- a/sediff/sediff.c
-+++ b/sediff/sediff.c
-@@ -420,7 +420,7 @@ int main(int argc, char **argv)
- poldiff_t *diff = NULL;
- size_t total = 0;
-
-- while ((optc = getopt_long(argc, argv, "ctarubANDLMCRqhV", longopts, NULL)) != -1) {
-+ while ((optc = getopt_long(argc, argv, "ctarubAqhV", longopts, NULL)) != -1) {
- switch (optc) {
- case 0:
- break;
---
-1.7.6.2
-
diff --git a/SOURCES/0005-Apply-seaudit-patch-for-progress.c.patch b/SOURCES/0005-Apply-seaudit-patch-for-progress.c.patch
new file mode 100644
index 0000000..29e5a0c
--- /dev/null
+++ b/SOURCES/0005-Apply-seaudit-patch-for-progress.c.patch
@@ -0,0 +1,24 @@
+From ba8e76cd514e8ce92a48931963e97fe79589a71a Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 11 Apr 2014 11:12:37 +0200
+Subject: [PATCH 05/11] Apply seaudit patch for progress.c
+
+---
+ libqpol/swig/java/Makefile.am | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/libqpol/swig/java/Makefile.am b/libqpol/swig/java/Makefile.am
+index a25eacb..533b55a 100644
+--- a/libqpol/swig/java/Makefile.am
++++ b/libqpol/swig/java/Makefile.am
+@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \
+ qpol_type_t.java \
+ qpol_user_t.java \
+ qpol_validatetrans_t.java \
+- SWIGTYPE_p_int.java \
+ SWIGTYPE_p_unsigned_int.java \
+ SWIGTYPE_p_void.java
+
+--
+1.8.5.3
+
diff --git a/SOURCES/0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch b/SOURCES/0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch
deleted file mode 100644
index 01f545d..0000000
--- a/SOURCES/0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 2b58d92add64b53b16cbb438e7b69e85d046afd1 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 15:46:38 -0400
-Subject: [PATCH 5/6] Fix sepol calls to work with latest libsepol
-
----
- configure.ac | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index e837e03..3c11e23 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -505,7 +505,7 @@ AC_COMPILE_IFELSE(
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return role_set_expand(NULL, NULL, NULL, NULL);
-+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
- }])],
- sepol_new_user_role_mapping="yes",
- sepol_new_user_role_mapping="no")
-@@ -541,7 +541,7 @@ if test ${sepol_check_boolmap} = "yes"; then
- [AC_LANG_SOURCE([
- #include <sepol/policydb/expand.h>
- int main () {
-- return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0);
-+ return expand_module_avrules(NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0);
- }])],
- AC_MSG_RESULT([yes]),
- AC_MSG_ERROR([this version of libsepol is incompatible with SETools]))
---
-1.7.6.2
-
diff --git a/SOURCES/0006-Add-support-for-boolean-subs.patch b/SOURCES/0006-Add-support-for-boolean-subs.patch
new file mode 100644
index 0000000..a495755
--- /dev/null
+++ b/SOURCES/0006-Add-support-for-boolean-subs.patch
@@ -0,0 +1,39 @@
+From 61d3d40e791a4ac392930f11785e4057f67a5b09 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 11 Apr 2014 11:14:50 +0200
+Subject: [PATCH 06/11] Add support for boolean subs
+
+---
+ secmds/seinfo.c | 2 +-
+ secmds/sesearch.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/secmds/seinfo.c b/secmds/seinfo.c
+index a970890..54b2a6a 100644
+--- a/secmds/seinfo.c
++++ b/secmds/seinfo.c
+@@ -1720,7 +1720,7 @@ int main(int argc, char **argv)
+ case 'b': /* conditional booleans */
+ bools = 1;
+ if (optarg != 0)
+- bool_name = optarg;
++ bool_name = selinux_boolean_sub(optarg);
+ break;
+ case OPT_INITIALSID:
+ isids = 1;
+diff --git a/secmds/sesearch.c b/secmds/sesearch.c
+index 387d526..e1436a7 100644
+--- a/secmds/sesearch.c
++++ b/secmds/sesearch.c
+@@ -1067,7 +1067,7 @@ int main(int argc, char **argv)
+ printf("Missing boolean for -b (--bool)\n");
+ exit(1);
+ }
+- cmd_opts.bool_name = strdup(optarg);
++ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg));
+ if (!cmd_opts.bool_name) {
+ fprintf(stderr, "%s\n", strerror(errno));
+ exit(1);
+--
+1.8.5.3
+
diff --git a/SOURCES/0006-Changes-to-support-named-file_trans-rules.patch b/SOURCES/0006-Changes-to-support-named-file_trans-rules.patch
deleted file mode 100644
index 3cd7127..0000000
--- a/SOURCES/0006-Changes-to-support-named-file_trans-rules.patch
+++ /dev/null
@@ -1,1505 +0,0 @@
-From 287f507657e162bc09b5c186bbd580901fbc942a Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 15:47:28 -0400
-Subject: [PATCH 6/6] Changes to support named file_trans rules
-
----
- libapol/include/apol/ftrule-query.h | 198 +++++++++++++++++++
- libapol/include/apol/policy-query.h | 1 +
- libapol/src/Makefile.am | 1 +
- libapol/src/ftrule-query.c | 363 +++++++++++++++++++++++++++++++++++
- libapol/src/libapol.map | 1 +
- libqpol/include/qpol/ftrule_query.h | 116 +++++++++++
- libqpol/include/qpol/policy.h | 1 +
- libqpol/src/Makefile.am | 1 +
- libqpol/src/ftrule_query.c | 277 ++++++++++++++++++++++++++
- libqpol/src/libqpol.map | 1 +
- libqpol/src/module_compiler.c | 12 ++
- libqpol/src/policy_define.c | 186 ++++++++++++++++++-
- libqpol/src/policy_parse.y | 13 +-
- libqpol/src/policy_scan.l | 1 +
- secmds/sesearch.c | 101 ++++++++++
- 15 files changed, 1270 insertions(+), 3 deletions(-)
- create mode 100644 libapol/include/apol/ftrule-query.h
- create mode 100644 libapol/src/ftrule-query.c
- create mode 100644 libqpol/include/qpol/ftrule_query.h
- create mode 100644 libqpol/src/ftrule_query.c
-
-diff --git a/libapol/include/apol/ftrule-query.h b/libapol/include/apol/ftrule-query.h
-new file mode 100644
-index 0000000..119c52f
---- /dev/null
-+++ b/libapol/include/apol/ftrule-query.h
-@@ -0,0 +1,198 @@
-+/**
-+ * @file
-+ *
-+ * Routines to query filename_transition rules of a
-+ * policy.
-+ *
-+ * @author Jeremy A. Mowery jmowery@tresys.com
-+ * @author Jason Tang jtang@tresys.com
-+ *
-+ * Copyright (C) 2006-2007 Tresys Technology, LLC
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-+ */
-+
-+#ifndef APOL_FILENAMERULE_QUERY_H
-+#define APOL_FILENAMERULE_QUERY_H
-+
-+#ifdef __cplusplus
-+extern "C"
-+{
-+#endif
-+
-+#include "policy.h"
-+#include "vector.h"
-+#include <qpol/policy.h>
-+
-+ typedef struct apol_filename_trans_query apol_filename_trans_query_t;
-+
-+
-+/******************** filename_transition queries ********************/
-+
-+/**
-+ * Execute a query against all filename_transition rules within the
-+ * policy.
-+ *
-+ * @param p Policy within which to look up filename_transition rules.
-+ * @param r Structure containing parameters for query. If this is
-+ * NULL then return all filename_transition rules.
-+ * @param v Reference to a vector of qpol_filename_trans_t. The vector
-+ * will be allocated by this function. The caller must call
-+ * apol_vector_destroy() afterwards. This will be set to NULL upon no
-+ * results or upon error.
-+ *
-+ * @return 0 on success (including none found), negative on error.
-+ */
-+ extern int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * r, apol_vector_t ** v);
-+
-+/**
-+ * Allocate and return a new filename trans query structure. All fields
-+ * are initialized, such that running this blank query results in
-+ * returning all filename_transitions within the policy. The caller must
-+ * call apol_filename_trans_query_destroy() upon the return value
-+ * afterwards.
-+ *
-+ * @return An initialized filename trans query structure, or NULL upon
-+ * error.
-+ */
-+ extern apol_filename_trans_query_t *apol_filename_trans_query_create(void);
-+
-+/**
-+ * Deallocate all memory associated with the referenced filename trans
-+ * query, and then set it to NULL. This function does nothing if the
-+ * query is already NULL.
-+ *
-+ * @param r Reference to a filename trans query structure to destroy.
-+ */
-+ extern void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** r);
-+
-+/**
-+ * Set a filename_trans query to return rules whose source symbol matches
-+ * symbol. Symbol may be a type or attribute; if it is an alias then
-+ * the query will convert it to its primary prior to searching. If
-+ * is_indirect is non-zero then the search will be done indirectly.
-+ * If the symbol is a type, then the query matches rules with one of
-+ * the type's attributes. If the symbol is an attribute, then it
-+ * matches rule with any of the attribute's types.
-+ *
-+ * @param p Policy handler, to report errors.
-+ * @param t TE rule query to set.
-+ * @param symbol Limit query to rules with this symbol as their
-+ * source, or NULL to unset this field.
-+ * @param is_indirect If non-zero, perform indirect matching.
-+ *
-+ * @return 0 on success, negative on error.
-+ */
-+ extern int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *symbol,
-+ int is_indirect);
-+
-+/**
-+ * Set a filename trans query to return rules with a particular target
-+ * symbol. Symbol may be a type or attribute; if it is an alias then
-+ * the query will convert it to its primary prior to searching. If
-+ * is_indirect is non-zero then the search will be done indirectly.
-+ * If the symbol is a type, then the query matches rules with one of
-+ * the type's attributes. If the symbol is an attribute, then it
-+ * matches rule with any of the attribute's types.
-+ *
-+ * @param p Policy handler, to report errors.
-+ * @param r Role trans query to set.
-+ * @param symbol Limit query to rules with this type or attribute as
-+ * their target, or NULL to unset this field.
-+ * @param is_indirect If non-zero, perform indirect matching.
-+ *
-+ * @return 0 on success, negative on error.
-+ */
-+ extern int apol_filename_trans_query_set_target(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *symbol,
-+ int is_indirect);
-+
-+/**
-+ * Set a filename trans query to return rules with a particular default
-+ * filename. This field is ignored if
-+ * apol_filename_trans_query_set_source_any() is set to non-zero.
-+ *
-+ * @param p Policy handler, to report errors.
-+ * @param r Role trans query to set.
-+ * @param filename Limit query to rules with this filename as their default, or
-+ * NULL to unset this field.
-+ *
-+ * @return 0 on success, negative on error.
-+ */
-+ extern int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * r, const char *filename);
-+
-+/**
-+ * Set at filename_trans query to return rules with this object (non-common)
-+ * class. If more than one class are appended to the query, the
-+ * rule's class must be one of those appended. (I.e., the rule's
-+ * class must be a member of the query's classes.) Pass a NULL to
-+ * clear all classes. Note that this performs straight string
-+ * comparison, ignoring the regex flag.
-+
-+ *
-+ * @param p Policy handler, to report errors.
-+ * @param t TE rule query to set.
-+ * @param obj_class Name of object class to add to search set.
-+ *
-+ * @return 0 on success, negative on error.
-+ */
-+ extern int apol_filename_trans_query_append_class(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *obj_class);
-+
-+/**
-+ * Set a filename trans query to treat the source filename as any. That is,
-+ * use the same symbol for either source or default of a
-+ * filename_transition rule. This flag does nothing if the source filename is
-+ * not set. Note that a filename_transition's target is a type, so thus
-+ * this flag does not affect its searching.
-+ *
-+ * @param p Policy handler, to report errors.
-+ * @param r Role trans query to set.
-+ * @param is_any Non-zero to use source symbol for source or default
-+ * field, 0 to keep source as only source.
-+ *
-+ * @return Always 0.
-+ */
-+ extern int apol_filename_trans_query_set_source_any(const apol_policy_t * p, apol_filename_trans_query_t * r, int is_any);
-+
-+/**
-+ * Set a filename trans query to use regular expression searching for
-+ * source, target, and default fields. Strings will be treated as
-+ * regexes instead of literals. For the target type, matching will
-+ * occur against the type name or any of its aliases.
-+ *
-+ * @param p Policy handler, to report errors.
-+ * @param r Role trans query to set.
-+ * @param is_regex Non-zero to enable regex searching, 0 to disable.
-+ *
-+ * @return Always 0.
-+ */
-+ extern int apol_filename_trans_query_set_regex(const apol_policy_t * p, apol_filename_trans_query_t * r, int is_regex);
-+
-+/**
-+ * Render a filename_transition rule to a string.
-+ *
-+ * @param policy Policy handler, to report errors.
-+ * @param rule The rule to render.
-+ *
-+ * @return A newly malloc()'d string representation of the rule, or NULL on
-+ * failure; if the call fails, errno will be set. The caller is responsible
-+ * for calling free() on the returned string.
-+ */
-+ extern char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filename_trans_t * rule);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif
-diff --git a/libapol/include/apol/policy-query.h b/libapol/include/apol/policy-query.h
-index 315f70e..665e4cb 100644
---- a/libapol/include/apol/policy-query.h
-+++ b/libapol/include/apol/policy-query.h
-@@ -71,6 +71,7 @@ extern "C"
- #include "terule-query.h"
- #include "condrule-query.h"
- #include "rbacrule-query.h"
-+#include "ftrule-query.h"
- #include "range_trans-query.h"
- #include "constraint-query.h"
-
-diff --git a/libapol/src/Makefile.am b/libapol/src/Makefile.am
-index 3fa4f06..baaa4f6 100644
---- a/libapol/src/Makefile.am
-+++ b/libapol/src/Makefile.am
-@@ -40,6 +40,7 @@ libapol_a_SOURCES = \
- render.c \
- role-query.c \
- terule-query.c \
-+ ftrule-query.c \
- type-query.c \
- types-relation-analysis.c \
- user-query.c \
-diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
-new file mode 100644
-index 0000000..dc248de
---- /dev/null
-+++ b/libapol/src/ftrule-query.c
-@@ -0,0 +1,363 @@
-+/**
-+ * @file
-+ *
-+ * Provides a way for setools to make queries about type enforcement
-+ * filename_transs within a policy. The caller obtains a query object, fills in
-+ * its parameters, and then runs the query; it obtains a vector of
-+ * results. Searches are conjunctive -- all fields of the search
-+ * query must match for a datum to be added to the results query.
-+ *
-+ * @author Jeremy A. Mowery jmowery@tresys.com
-+ * @author Jason Tang jtang@tresys.com
-+ *
-+ * Copyright (C) 2006-2007 Tresys Technology, LLC
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-+ */
-+
-+#include "policy-query-internal.h"
-+
-+#include <errno.h>
-+#include <string.h>
-+
-+struct apol_filename_trans_query
-+{
-+ char *source, *target, *default_type, *name;
-+ apol_vector_t *classes;
-+ unsigned int flags;
-+};
-+
-+
-+/******************** filename_transition queries ********************/
-+
-+int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
-+{
-+ apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
-+ int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
-+ char *bool_name = NULL;
-+ *v = NULL;
-+ unsigned int flags = 0;
-+ qpol_iterator_t *iter = NULL, *type_iter = NULL;
-+
-+ if (t != NULL) {
-+ flags = t->flags;
-+ is_regex = t->flags & APOL_QUERY_REGEX;
-+ if (t->source != NULL &&
-+ (source_list =
-+ apol_query_create_candidate_type_list(p, t->source, is_regex,
-+ t->flags & APOL_QUERY_SOURCE_INDIRECT,
-+ ((t->flags & (APOL_QUERY_SOURCE_TYPE | APOL_QUERY_SOURCE_ATTRIBUTE)) /
-+ APOL_QUERY_SOURCE_TYPE))) == NULL) {
-+ goto cleanup;
-+ }
-+
-+ if ((t->flags & APOL_QUERY_SOURCE_AS_ANY) && t->source != NULL) {
-+ default_list = target_list = source_list;
-+ source_as_any = 1;
-+ } else {
-+ if (t->target != NULL &&
-+ (target_list =
-+ apol_query_create_candidate_type_list(p, t->target, is_regex,
-+ t->flags & APOL_QUERY_TARGET_INDIRECT,
-+ ((t->
-+ flags & (APOL_QUERY_TARGET_TYPE | APOL_QUERY_TARGET_ATTRIBUTE))
-+ / APOL_QUERY_TARGET_TYPE))) == NULL) {
-+ goto cleanup;
-+ }
-+ if (t->default_type != NULL &&
-+ (default_list =
-+ apol_query_create_candidate_type_list(p, t->default_type, is_regex, 0,
-+ APOL_QUERY_SYMBOL_IS_TYPE)) == NULL) {
-+ goto cleanup;
-+ }
-+ }
-+ if (t->classes != NULL &&
-+ apol_vector_get_size(t->classes) > 0 &&
-+ (class_list = apol_query_create_candidate_class_list(p, t->classes)) == NULL) {
-+ goto cleanup;
-+ }
-+ }
-+
-+ if (qpol_policy_get_filename_trans_iter(p->p, &iter) < 0) {
-+ return -1;
-+ }
-+
-+ if ((*v = apol_vector_create(NULL)) == NULL) {
-+ ERR(p, "%s", strerror(errno));
-+ goto cleanup;
-+ }
-+
-+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
-+ qpol_filename_trans_t *filename_trans;
-+ if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
-+ goto cleanup;
-+ }
-+ int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
-+ size_t i;
-+
-+ if (source_list == NULL) {
-+ match_source = 1;
-+ } else {
-+ const qpol_type_t *source_type;
-+ if (qpol_filename_trans_get_source_type(p->p, filename_trans, &source_type) < 0) {
-+ goto cleanup;
-+ }
-+ if (apol_vector_get_index(source_list, source_type, NULL, NULL, &i) == 0) {
-+ match_source = 1;
-+ }
-+ }
-+
-+ /* if source did not match, but treating source symbol
-+ * as any field, then delay rejecting this filename_trans until
-+ * the target and default have been checked */
-+ if (!source_as_any && !match_source) {
-+ continue;
-+ }
-+
-+ if (target_list == NULL || (source_as_any && match_source)) {
-+ match_target = 1;
-+ } else {
-+ const qpol_type_t *target_type;
-+ if (qpol_filename_trans_get_target_type(p->p, filename_trans, &target_type) < 0) {
-+ goto cleanup;
-+ }
-+ if (apol_vector_get_index(target_list, target_type, NULL, NULL, &i) == 0) {
-+ match_target = 1;
-+ }
-+ }
-+
-+ if (!source_as_any && !match_target) {
-+ continue;
-+ }
-+
-+ if (default_list == NULL || (source_as_any && match_source) || (source_as_any && match_target)) {
-+ match_default = 1;
-+ } else {
-+ const qpol_type_t *default_type;
-+ if (qpol_filename_trans_get_default_type(p->p, filename_trans, &default_type) < 0) {
-+ goto cleanup;
-+ }
-+ if (apol_vector_get_index(default_list, default_type, NULL, NULL, &i) == 0) {
-+ match_default = 1;
-+ }
-+ }
-+
-+ if (!source_as_any && !match_default) {
-+ continue;
-+ }
-+ /* at least one thing must match if source_as_any was given */
-+ if (source_as_any && (!match_source && !match_target && !match_default)) {
-+ continue;
-+ }
-+
-+ if (class_list != NULL) {
-+ const qpol_class_t *obj_class;
-+ if (qpol_filename_trans_get_object_class(p->p, filename_trans, &obj_class) < 0) {
-+ goto cleanup;
-+ }
-+ if (apol_vector_get_index(class_list, obj_class, NULL, NULL, &i) < 0) {
-+ continue;
-+ }
-+ }
-+
-+ if (apol_vector_append(*v, filename_trans)) {
-+ ERR(p, "%s", strerror(ENOMEM));
-+ goto cleanup;
-+ }
-+ }
-+
-+ retval = 0;
-+ cleanup:
-+ if (retval != 0) {
-+ apol_vector_destroy(v);
-+ }
-+ apol_vector_destroy(&source_list);
-+ if (!source_as_any) {
-+ apol_vector_destroy(&target_list);
-+ apol_vector_destroy(&default_list);
-+ }
-+ apol_vector_destroy(&class_list);
-+ return retval;
-+}
-+
-+apol_filename_trans_query_t *apol_filename_trans_query_create(void)
-+{
-+ apol_filename_trans_query_t *t = calloc(1, sizeof(apol_filename_trans_query_t));
-+ if (t != NULL) {
-+ t->flags =
-+ (APOL_QUERY_SOURCE_TYPE | APOL_QUERY_SOURCE_ATTRIBUTE | APOL_QUERY_TARGET_TYPE |
-+ APOL_QUERY_TARGET_ATTRIBUTE);
-+ }
-+ return t;
-+}
-+
-+void apol_filename_trans_query_destroy(apol_filename_trans_query_t ** r)
-+{
-+ if (r != NULL && *r != NULL) {
-+ free((*r)->source);
-+ free((*r)->target);
-+ free((*r)->default_type);
-+ free((*r)->name);
-+ free(*r);
-+ *r = NULL;
-+ }
-+}
-+
-+int apol_filename_trans_query_set_source(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename, int is_indirect)
-+{
-+ apol_query_set_flag(p, &t->flags, is_indirect, APOL_QUERY_TARGET_INDIRECT);
-+ return apol_query_set(p, &t->source, NULL, filename);
-+}
-+
-+int apol_filename_trans_query_set_target(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *type, int is_indirect)
-+{
-+ apol_query_set_flag(p, &t->flags, is_indirect, APOL_QUERY_TARGET_INDIRECT);
-+ return apol_query_set(p, &t->target, NULL, type);
-+}
-+
-+int apol_filename_trans_query_set_default(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *symbol)
-+{
-+ return apol_query_set(p, &t->default_type, NULL, symbol);
-+}
-+
-+int apol_filename_trans_query_append_class(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *obj_class)
-+{
-+ char *s = NULL;
-+ if (obj_class == NULL) {
-+ apol_vector_destroy(&t->classes);
-+ } else if ((s = strdup(obj_class)) == NULL || (t->classes == NULL && (t->classes = apol_vector_create(free)) == NULL)
-+ || apol_vector_append(t->classes, s) < 0) {
-+ ERR(p, "%s", strerror(errno));
-+ free(s);
-+ return -1;
-+ }
-+ return 0;
-+}
-+
-+int apol_filename_trans_query_set_name(const apol_policy_t * p, apol_filename_trans_query_t * t, const char *filename)
-+{
-+ return apol_query_set(p, &t->name, NULL, filename);
-+}
-+
-+int apol_filename_trans_query_set_source_any(const apol_policy_t * p, apol_filename_trans_query_t * t, int is_any)
-+{
-+ return apol_query_set_flag(p, &t->flags, is_any, APOL_QUERY_SOURCE_AS_ANY);
-+}
-+
-+int apol_filename_trans_query_set_regex(const apol_policy_t * p, apol_filename_trans_query_t * t, int is_regex)
-+{
-+ return apol_query_set_regex(p, &t->flags, is_regex);
-+}
-+
-+char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filename_trans_t * filename_trans)
-+{
-+ char *tmp = NULL;
-+ const char *tmp_name = NULL;
-+ const char *filename_trans_type_str;
-+ int error = 0;
-+ size_t tmp_sz = 0;
-+ uint32_t filename_trans_type = 0;
-+ const qpol_type_t *type = NULL;
-+ const qpol_class_t *obj_class = NULL;
-+
-+ if (!policy || !filename_trans) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ /* source type */
-+ if (qpol_filename_trans_get_source_type(policy->p, filename_trans, &type)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (qpol_type_get_name(policy->p, type, &tmp_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
-+ error = errno;
-+ ERR(policy, "%s", strerror(error));
-+ goto err;
-+ }
-+
-+ /* target type */
-+ if (qpol_filename_trans_get_target_type(policy->p, filename_trans, &type)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (qpol_type_get_name(policy->p, type, &tmp_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (apol_str_appendf(&tmp, &tmp_sz, "%s : ", tmp_name)) {
-+ error = errno;
-+ ERR(policy, "%s", strerror(error));
-+ goto err;
-+ }
-+
-+ /* object class */
-+ if (qpol_filename_trans_get_object_class(policy->p, filename_trans, &obj_class)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (qpol_class_get_name(policy->p, obj_class, &tmp_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (apol_str_appendf(&tmp, &tmp_sz, "%s ", tmp_name)) {
-+ error = errno;
-+ ERR(policy, "%s", strerror(error));
-+ goto err;
-+ }
-+
-+ /* default type */
-+ if (qpol_filename_trans_get_default_type(policy->p, filename_trans, &type)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (qpol_type_get_name(policy->p, type, &tmp_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ if (apol_str_appendf(&tmp, &tmp_sz, "%s", tmp_name)) {
-+ error = errno;
-+ ERR(policy, "%s", strerror(error));
-+ goto err;
-+ }
-+
-+ if (qpol_filename_trans_get_filename(policy->p, filename_trans, &tmp_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+
-+ if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
-+ error = errno;
-+ ERR(policy, "%s", strerror(error));
-+ goto err;
-+ }
-+
-+ if (apol_str_appendf(&tmp, &tmp_sz, ";")) {
-+ error = errno;
-+ ERR(policy, "%s", strerror(error));
-+ goto err;
-+ }
-+ return tmp;
-+
-+ err:
-+ free(tmp);
-+ errno = error;
-+ return NULL;
-+}
-diff --git a/libapol/src/libapol.map b/libapol/src/libapol.map
-index 4894374..7657a2d 100644
---- a/libapol/src/libapol.map
-+++ b/libapol/src/libapol.map
-@@ -34,6 +34,7 @@ VERS_4.0{
- apol_protocol_to_str;
- apol_qpol_context_render;
- apol_range_trans_*;
-+ apol_filename_trans_*;
- apol_relabel_*;
- apol_role_*;
- apol_role_allow_*;
-diff --git a/libqpol/include/qpol/ftrule_query.h b/libqpol/include/qpol/ftrule_query.h
-new file mode 100644
-index 0000000..1f533a4
---- /dev/null
-+++ b/libqpol/include/qpol/ftrule_query.h
-@@ -0,0 +1,116 @@
-+/**
-+ * @file
-+ * Defines public interface for iterating over FTRULE rules.
-+ *
-+ * @author Kevin Carr kcarr@tresys.com
-+ * @author Jeremy A. Mowery jmowery@tresys.com
-+ * @author Jason Tang jtang@tresys.com
-+ *
-+ * Copyright (C) 2006-2007 Tresys Technology, LLC
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-+ */
-+
-+#ifndef QPOL_FTRULERULE_QUERY
-+#define QPOL_FTRULERULE_QUERY
-+
-+#ifdef __cplusplus
-+extern "C"
-+{
-+#endif
-+
-+#include <qpol/policy.h>
-+#include <qpol/iterator.h>
-+
-+ typedef struct qpol_filename_trans qpol_filename_trans_t;
-+
-+/**
-+ * Get an iterator over all filename transition rules in the policy.
-+ * @param policy Policy from which to create the iterator.
-+ * @param iter Iterator over items of type qpol_filename_trans_t returned.
-+ * The caller is responsible for calling qpol_iterator_destroy()
-+ * to free memory used by this iterator.
-+ * It is important to note that this iterator is only valid as long as
-+ * the policy is unmodifed.
-+ * @returm 0 on success and < 0 on failure; if the call fails,
-+ * errno will be set and *iter will be NULL.
-+ */
-+ extern int qpol_policy_get_filename_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter);
-+
-+/**
-+ * Get the source type from a filename transition rule.
-+ * @param policy The policy from which the rule comes.
-+ * @param rule The rule from which to get the source type.
-+ * @param source Pointer in which to store the source type.
-+ * The caller should not free this pointer.
-+ * @return 0 on success and < 0 on failure; if the call fails,
-+ * errno will be set and *source will be NULL.
-+ */
-+ extern int qpol_filename_trans_get_source_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
-+ const qpol_type_t ** source);
-+
-+/**
-+ * Get the target type from a filename transition rule.
-+ * @param policy The policy from which the rule comes.
-+ * @param rule The rule from which to get the target type.
-+ * @param target Pointer in which to store the target type.
-+ * The caller should not free this pointer.
-+ * @return 0 on success and < 0 on failure; if the call fails,
-+ * errno will be set and *target will be NULL.
-+ */
-+ extern int qpol_filename_trans_get_target_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
-+ const qpol_type_t ** target);
-+
-+/**
-+ * Get the default type from a type rule.
-+ * @param policy Policy from which the rule comes.
-+ * @param rule The rule from which to get the default type.
-+ * @param dflt Pointer in which to store the default type.
-+ * The caller should not free this pointer.
-+ * @returm 0 on success and < 0 on failure; if the call fails,
-+ * errno will be set and *dflt will be NULL.
-+ */
-+ extern int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
-+ const qpol_type_t ** dflt);
-+
-+/**
-+ * Get the object class from a type rule.
-+ * @param policy Policy from which the rule comes.
-+ * @param rule The rule from which to get the object class.
-+ * @param obj_class Pointer in which to store the object class.
-+ * The caller should not free this pointer.
-+ * @returm 0 on success and < 0 on failure; if the call fails,
-+ * errno will be set and *obj_class will be NULL.
-+ */
-+ extern int qpol_filename_trans_get_object_class(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
-+ const qpol_class_t ** obj_class);
-+
-+/**
-+ * Get the transition filename type from a type rule.
-+ * @param policy Policy from which the rule comes.
-+ * @param rule The rule from which to get the transition filename.
-+ * @param target Pointer in which to store the transition filename.
-+ * The caller should not free this pointer.
-+ * @returm 0 on success and < 0 on failure; if the call fails,
-+ * errno will be set and *target will be NULL.
-+ */
-+ extern int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
-+ const char ** name);
-+
-+#ifdef __cplusplus
-+}
-+#endif
-+
-+#endif /* QPOL_FTRULERULE_QUERY */
-diff --git a/libqpol/include/qpol/policy.h b/libqpol/include/qpol/policy.h
-index ae4ea08..bf85718 100644
---- a/libqpol/include/qpol/policy.h
-+++ b/libqpol/include/qpol/policy.h
-@@ -55,6 +55,7 @@ extern "C"
- #include <qpol/polcap_query.h>
- #include <qpol/portcon_query.h>
- #include <qpol/rbacrule_query.h>
-+#include <qpol/ftrule_query.h>
- #include <qpol/role_query.h>
- #include <qpol/syn_rule_query.h>
- #include <qpol/terule_query.h>
-diff --git a/libqpol/src/Makefile.am b/libqpol/src/Makefile.am
-index 34d87a6..0889a61 100644
---- a/libqpol/src/Makefile.am
-+++ b/libqpol/src/Makefile.am
-@@ -48,6 +48,7 @@ libqpol_a_SOURCES = \
- syn_rule_internal.h \
- syn_rule_query.c \
- terule_query.c \
-+ ftrule_query.c \
- type_query.c \
- user_query.c \
- util.c \
-diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
-new file mode 100644
-index 0000000..d6db848
---- /dev/null
-+++ b/libqpol/src/ftrule_query.c
-@@ -0,0 +1,277 @@
-+/**
-+ * @file
-+ * Defines public interface for iterating over RBAC rules.
-+ *
-+ * @author Jeremy A. Mowery jmowery@tresys.com
-+ * @author Jason Tang jtang@tresys.com
-+ *
-+ * Copyright (C) 2006-2007 Tresys Technology, LLC
-+ *
-+ * This library is free software; you can redistribute it and/or
-+ * modify it under the terms of the GNU Lesser General Public
-+ * License as published by the Free Software Foundation; either
-+ * version 2.1 of the License, or (at your option) any later version.
-+ *
-+ * This library is distributed in the hope that it will be useful,
-+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-+ * Lesser General Public License for more details.
-+ *
-+ * You should have received a copy of the GNU Lesser General Public
-+ * License along with this library; if not, write to the Free Software
-+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
-+ */
-+
-+#include <qpol/iterator.h>
-+#include <qpol/policy.h>
-+#include <qpol/ftrule_query.h>
-+#include <stdlib.h>
-+#include "iterator_internal.h"
-+#include "qpol_internal.h"
-+#include <sepol/policydb/policydb.h>
-+
-+typedef struct filename_trans_state
-+{
-+ filename_trans_t *head;
-+ filename_trans_t *cur;
-+} filename_trans_state_t;
-+
-+static int filename_trans_state_end(const qpol_iterator_t * iter)
-+{
-+ filename_trans_state_t *fts = NULL;
-+
-+ if (!iter || !(fts = qpol_iterator_state(iter))) {
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ return fts->cur ? 0 : 1;
-+}
-+
-+static void *filename_trans_state_get_cur(const qpol_iterator_t * iter)
-+{
-+ filename_trans_state_t *fts = NULL;
-+ const policydb_t *db = NULL;
-+
-+ if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter)) || filename_trans_state_end(iter)) {
-+ errno = EINVAL;
-+ return NULL;
-+ }
-+
-+ return fts->cur;
-+}
-+
-+static int filename_trans_state_next(qpol_iterator_t * iter)
-+{
-+ filename_trans_state_t *fts = NULL;
-+ const policydb_t *db = NULL;
-+
-+ if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter))) {
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ if (filename_trans_state_end(iter)) {
-+ errno = ERANGE;
-+ return STATUS_ERR;
-+ }
-+
-+ fts->cur = fts->cur->next;
-+
-+ return STATUS_SUCCESS;
-+}
-+
-+static size_t filename_trans_state_size(const qpol_iterator_t * iter)
-+{
-+ filename_trans_state_t *fts = NULL;
-+ const policydb_t *db = NULL;
-+ filename_trans_t *tmp = NULL;
-+ size_t count = 0;
-+
-+ if (!iter || !(fts = qpol_iterator_state(iter)) || !(db = qpol_iterator_policy(iter))) {
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ for (tmp = fts->head; tmp; tmp = tmp->next)
-+ count++;
-+
-+ return count;
-+}
-+
-+int qpol_policy_get_filename_trans_iter(const qpol_policy_t * policy, qpol_iterator_t ** iter)
-+{
-+ policydb_t *db = NULL;
-+ filename_trans_state_t *fts = NULL;
-+ int error = 0;
-+
-+ if (iter)
-+ *iter = NULL;
-+
-+ if (!policy || !iter) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ db = &policy->p->p;
-+
-+ fts = calloc(1, sizeof(filename_trans_state_t));
-+ if (!fts) {
-+ /* errno set by calloc */
-+ ERR(policy, "%s", strerror(errno));
-+ return STATUS_ERR;
-+ }
-+ fts->head = fts->cur = db->filename_trans;
-+
-+ if (qpol_iterator_create
-+ (policy, (void *)fts, filename_trans_state_get_cur, filename_trans_state_next, filename_trans_state_end, filename_trans_state_size,
-+ free, iter)) {
-+ error = errno;
-+ free(fts);
-+ errno = error;
-+ return STATUS_ERR;
-+ }
-+
-+ return STATUS_SUCCESS;
-+}
-+
-+int qpol_filename_trans_get_source_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** source)
-+{
-+ policydb_t *db = NULL;
-+ filename_trans_t *ft = NULL;
-+
-+ if (source) {
-+ *source = NULL;
-+ }
-+
-+ if (!policy || !rule || !source) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ db = &policy->p->p;
-+ ft = (filename_trans_t *) rule;
-+
-+ *source = (qpol_type_t *) db->type_val_to_struct[ft->stype - 1];
-+
-+ return STATUS_SUCCESS;
-+}
-+
-+int qpol_filename_trans_get_target_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** target)
-+{
-+ policydb_t *db = NULL;
-+ filename_trans_t *ft = NULL;
-+
-+ if (target) {
-+ *target = NULL;
-+ }
-+
-+ if (!policy || !rule || !target) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ db = &policy->p->p;
-+ ft = (filename_trans_t *) rule;
-+
-+ *target = (qpol_type_t *) db->type_val_to_struct[ft->ttype - 1];
-+
-+ return STATUS_SUCCESS;
-+}
-+
-+int qpol_filename_trans_get_object_class(const qpol_policy_t * policy, const qpol_filename_trans_t * rule,
-+ const qpol_class_t ** obj_class)
-+{
-+ policydb_t *db = NULL;
-+ filename_trans_t *ft = NULL;
-+
-+ if (obj_class) {
-+ *obj_class = NULL;
-+ }
-+
-+ if (!policy || !rule || !obj_class) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ db = &policy->p->p;
-+ ft = (filename_trans_t *) rule;
-+
-+ *obj_class = (qpol_class_t *) db->class_val_to_struct[ft->tclass - 1];
-+
-+ return STATUS_SUCCESS;
-+}
-+
-+int qpol_filename_trans_get_trans_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** output_type)
-+{
-+ policydb_t *db = NULL;
-+ filename_trans_t *ft = NULL;
-+
-+ if (output_type) {
-+ *output_type = NULL;
-+ }
-+
-+ if (!policy || !rule || !output_type) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ db = &policy->p->p;
-+ ft = (filename_trans_t *) rule;
-+
-+ *output_type = (qpol_type_t *) db->type_val_to_struct[ft->otype - 1];
-+
-+ return STATUS_SUCCESS;
-+}
-+
-+int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const qpol_type_t ** dflt)
-+{
-+ policydb_t *db = NULL;
-+ filename_trans_t *ft = NULL;
-+
-+ if (dflt) {
-+ *dflt = NULL;
-+ }
-+
-+ if (!policy || !rule || !dflt) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ db = &policy->p->p;
-+ ft = (filename_trans_t *) rule;
-+
-+ *dflt = (qpol_type_t *) db->type_val_to_struct[ft->otype - 1];
-+
-+ return STATUS_SUCCESS;
-+}
-+
-+int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
-+{
-+ policydb_t *db = NULL;
-+ filename_trans_t *ft = NULL;
-+
-+ if (name) {
-+ *name = NULL;
-+ }
-+
-+ if (!policy || !rule || !name) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return STATUS_ERR;
-+ }
-+
-+ db = &policy->p->p;
-+ ft = (filename_trans_t *) rule;
-+
-+ *name = ft->name;
-+
-+ return STATUS_SUCCESS;
-+}
-+
-diff --git a/libqpol/src/libqpol.map b/libqpol/src/libqpol.map
-index dd293bc..6973cca 100644
---- a/libqpol/src/libqpol.map
-+++ b/libqpol/src/libqpol.map
-@@ -34,6 +34,7 @@ VERS_1.2 {
- qpol_policy_reevaluate_conds;
- qpol_portcon_*;
- qpol_range_trans_*;
-+ qpol_filename_trans_*;
- qpol_role_*;
- qpol_syn_avrule_*;
- qpol_syn_terule_*;
-diff --git a/libqpol/src/module_compiler.c b/libqpol/src/module_compiler.c
-index dc19798..b06e285 100644
---- a/libqpol/src/module_compiler.c
-+++ b/libqpol/src/module_compiler.c
-@@ -1247,6 +1247,18 @@ void append_role_allow(role_allow_rule_t * role_allow_rules)
- }
-
- /* this doesn't actually append, but really prepends it */
-+void append_filename_trans(filename_trans_rule_t * filename_trans_rules)
-+{
-+ avrule_decl_t *decl = stack_top->decl;
-+
-+ /* filename transitions are not allowed within conditionals */
-+ assert(stack_top->type == 1);
-+
-+ filename_trans_rules->next = decl->filename_trans_rules;
-+ decl->filename_trans_rules = filename_trans_rules;
-+}
-+
-+/* this doesn't actually append, but really prepends it */
- void append_range_trans(range_trans_rule_t * range_tr_rules)
- {
- avrule_decl_t *decl = stack_top->decl;
-diff --git a/libqpol/src/policy_define.c b/libqpol/src/policy_define.c
-index c94f7aa..0f3a45a 100644
---- a/libqpol/src/policy_define.c
-+++ b/libqpol/src/policy_define.c
-@@ -2133,7 +2133,7 @@ int define_role_trans(void)
-
- /* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
- #ifdef HAVE_SEPOL_USER_ROLE_MAPPING
-- if (role_set_expand(&roles, &e_roles, policydbp, NULL))
-+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
- #else
- if (role_set_expand(&roles, &e_roles, policydbp))
- #endif
-@@ -2226,6 +2226,190 @@ int define_role_allow(void)
- return 0;
- }
-
-+avrule_t *define_cond_filename_trans(void)
-+{
-+ yyerror("type transitions with a filename not allowed inside "
-+ "conditionals\n");
-+ return COND_ERR;
-+}
-+
-+int define_filename_trans(void)
-+{
-+ char *id, *name = NULL;
-+ type_set_t stypes, ttypes;
-+ ebitmap_t e_stypes, e_ttypes;
-+ ebitmap_t e_tclasses;
-+ ebitmap_node_t *snode, *tnode, *cnode;
-+ filename_trans_t *ft;
-+ filename_trans_rule_t *ftr;
-+ class_datum_t *cladatum;
-+ type_datum_t *typdatum;
-+ uint32_t otype;
-+ unsigned int c, s, t;
-+ int add;
-+
-+ if (pass == 1) {
-+ /* stype */
-+ while ((id = queue_remove(id_queue)))
-+ free(id);
-+ /* ttype */
-+ while ((id = queue_remove(id_queue)))
-+ free(id);
-+ /* tclass */
-+ while ((id = queue_remove(id_queue)))
-+ free(id);
-+ /* otype */
-+ id = queue_remove(id_queue);
-+ free(id);
-+ /* name */
-+ id = queue_remove(id_queue);
-+ free(id);
-+ return 0;
-+ }
-+
-+
-+ add = 1;
-+ type_set_init(&stypes);
-+ while ((id = queue_remove(id_queue))) {
-+ if (set_types(&stypes, id, &add, 0))
-+ goto bad;
-+ }
-+
-+ add =1;
-+ type_set_init(&ttypes);
-+ while ((id = queue_remove(id_queue))) {
-+ if (set_types(&ttypes, id, &add, 0))
-+ goto bad;
-+ }
-+
-+ ebitmap_init(&e_tclasses);
-+ while ((id = queue_remove(id_queue))) {
-+ if (!is_id_in_scope(SYM_CLASSES, id)) {
-+ yyerror2("class %s is not within scope", id);
-+ free(id);
-+ goto bad;
-+ }
-+ cladatum = hashtab_search(policydbp->p_classes.table, id);
-+ if (!cladatum) {
-+ yyerror2("unknown class %s", id);
-+ goto bad;
-+ }
-+ if (ebitmap_set_bit(&e_tclasses, cladatum->s.value - 1, TRUE)) {
-+ yyerror("Out of memory");
-+ goto bad;
-+ }
-+ free(id);
-+ }
-+
-+ id = (char *)queue_remove(id_queue);
-+ if (!id) {
-+ yyerror("no otype in transition definition?");
-+ goto bad;
-+ }
-+ if (!is_id_in_scope(SYM_TYPES, id)) {
-+ yyerror2("type %s is not within scope", id);
-+ free(id);
-+ goto bad;
-+ }
-+ typdatum = hashtab_search(policydbp->p_types.table, id);
-+ if (!typdatum) {
-+ yyerror2("unknown type %s used in transition definition", id);
-+ goto bad;
-+ }
-+ free(id);
-+ otype = typdatum->s.value;
-+
-+ name = queue_remove(id_queue);
-+ if (!name) {
-+ yyerror("no pathname specified in filename_trans definition?");
-+ goto bad;
-+ }
-+
-+ /* We expand the class set into seperate rules. We expand the types
-+ * just to make sure there are not duplicates. They will get turned
-+ * into seperate rules later */
-+ ebitmap_init(&e_stypes);
-+ if (type_set_expand(&stypes, &e_stypes, policydbp, 1))
-+ goto bad;
-+
-+ ebitmap_init(&e_ttypes);
-+ if (type_set_expand(&ttypes, &e_ttypes, policydbp, 1))
-+ goto bad;
-+
-+ ebitmap_for_each_bit(&e_tclasses, cnode, c) {
-+ if (!ebitmap_node_get_bit(cnode, c))
-+ continue;
-+ ebitmap_for_each_bit(&e_stypes, snode, s) {
-+ if (!ebitmap_node_get_bit(snode, s))
-+ continue;
-+ ebitmap_for_each_bit(&e_ttypes, tnode, t) {
-+ if (!ebitmap_node_get_bit(tnode, t))
-+ continue;
-+
-+ for (ft = policydbp->filename_trans; ft; ft = ft->next) {
-+ if (ft->stype == (s + 1) &&
-+ ft->ttype == (t + 1) &&
-+ ft->tclass == (c + 1) &&
-+ !strcmp(ft->name, name)) {
-+ yyerror2("duplicate filename transition for: filename_trans %s %s %s:%s",
-+ name,
-+ policydbp->p_type_val_to_name[s],
-+ policydbp->p_type_val_to_name[t],
-+ policydbp->p_class_val_to_name[c]);
-+ goto bad;
-+ }
-+ }
-+
-+ ft = malloc(sizeof(*ft));
-+ if (!ft) {
-+ yyerror("out of memory");
-+ goto bad;
-+ }
-+ memset(ft, 0, sizeof(*ft));
-+
-+ ft->next = policydbp->filename_trans;
-+ policydbp->filename_trans = ft;
-+
-+ ft->name = strdup(name);
-+ if (!ft->name) {
-+ yyerror("out of memory");
-+ goto bad;
-+ }
-+ ft->stype = s + 1;
-+ ft->ttype = t + 1;
-+ ft->tclass = c + 1;
-+ ft->otype = otype;
-+ }
-+ }
-+
-+ /* Now add the real rule since we didn't find any duplicates */
-+ ftr = malloc(sizeof(*ftr));
-+ if (!ftr) {
-+ yyerror("out of memory");
-+ goto bad;
-+ }
-+ filename_trans_rule_init(ftr);
-+ append_filename_trans(ftr);
-+
-+ ftr->name = strdup(name);
-+ ftr->stypes = stypes;
-+ ftr->ttypes = ttypes;
-+ ftr->tclass = c + 1;
-+ ftr->otype = otype;
-+ }
-+
-+ free(name);
-+ ebitmap_destroy(&e_stypes);
-+ ebitmap_destroy(&e_ttypes);
-+ ebitmap_destroy(&e_tclasses);
-+
-+ return 0;
-+
-+bad:
-+ free(name);
-+ return -1;
-+}
-+
- static constraint_expr_t *constraint_expr_clone(constraint_expr_t * expr)
- {
- constraint_expr_t *h = NULL, *l = NULL, *e, *newe;
-diff --git a/libqpol/src/policy_parse.y b/libqpol/src/policy_parse.y
-index 84f4114..dc16c6f 100644
---- a/libqpol/src/policy_parse.y
-+++ b/libqpol/src/policy_parse.y
-@@ -98,6 +98,7 @@ extern char *qpol_src_inputlim;/* end of data */
- %type <require_func> require_decl_def
-
- %token PATH
-+%token FILENAME
- %token CLONE
- %token COMMON
- %token CLASS
-@@ -360,7 +361,10 @@ cond_rule_def : cond_transition_def
- | require_block
- { $$ = NULL; }
- ;
--cond_transition_def : TYPE_TRANSITION names names ':' names identifier ';'
-+cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
-+ { $$ = define_cond_filename_trans() ;
-+ if ($$ == COND_ERR) return -1;}
-+ | TYPE_TRANSITION names names ':' names identifier ';'
- { $$ = define_cond_compute_type(AVRULE_TRANSITION) ;
- if ($$ == COND_ERR) return -1;}
- | TYPE_MEMBER names names ':' names identifier ';'
-@@ -395,7 +399,9 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
- { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
- if ($$ == COND_ERR) return -1; }
- ;
--transition_def : TYPE_TRANSITION names names ':' names identifier ';'
-+transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
-+ {if (define_filename_trans()) return -1; }
-+ | TYPE_TRANSITION names names ':' names identifier ';'
- {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
- | TYPE_MEMBER names names ':' names identifier ';'
- {if (define_compute_type(AVRULE_MEMBER)) return -1;}
-@@ -752,6 +758,9 @@ identifier : IDENTIFIER
- path : PATH
- { if (insert_id(yytext,0)) return -1; }
- ;
-+filename : FILENAME
-+ { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
-+ ;
- number : NUMBER
- { $$ = strtoul(yytext,NULL,0); }
- ;
-diff --git a/libqpol/src/policy_scan.l b/libqpol/src/policy_scan.l
-index 75485f3..30203cd 100644
---- a/libqpol/src/policy_scan.l
-+++ b/libqpol/src/policy_scan.l
-@@ -235,6 +235,7 @@ POLICYCAP { return(POLICYCAP); }
- permissive |
- PERMISSIVE { return(PERMISSIVE); }
- "/"({alnum}|[_\.\-/])* { return(PATH); }
-+\"({alnum}|[_\.\-])+\" { return(FILENAME); }
- {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
- {digit}+|0x{hexval}+ { return(NUMBER); }
- {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
-diff --git a/secmds/sesearch.c b/secmds/sesearch.c
-index ec0315f..e44b3bc 100644
---- a/secmds/sesearch.c
-+++ b/secmds/sesearch.c
-@@ -575,6 +575,95 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
- free(expr);
- }
-
-+static int perform_ft_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
-+{
-+ apol_filename_trans_query_t *ftq = NULL;
-+ int error = 0;
-+
-+ if (!policy || !opt || !v) {
-+ ERR(policy, "%s", strerror(EINVAL));
-+ errno = EINVAL;
-+ return -1;
-+ }
-+
-+ if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
-+ *v = NULL;
-+ return 0; /* no search to do */
-+ }
-+
-+ ftq = apol_filename_trans_query_create();
-+ if (!ftq) {
-+ ERR(policy, "%s", strerror(ENOMEM));
-+ errno = ENOMEM;
-+ return -1;
-+ }
-+
-+ apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
-+ if (opt->src_name) {
-+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ }
-+ if (opt->tgt_name) {
-+ if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
-+ error = errno;
-+ goto err;
-+ }
-+ }
-+
-+ if (apol_filename_trans_get_by_query(policy, ftq, v)) {
-+ error = errno;
-+ goto err;
-+ }
-+
-+ apol_filename_trans_query_destroy(&ftq);
-+ return 0;
-+
-+ err:
-+ apol_vector_destroy(v);
-+ apol_filename_trans_query_destroy(&ftq);
-+ ERR(policy, "%s", strerror(error));
-+ errno = error;
-+ return -1;
-+}
-+
-+static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
-+{
-+ qpol_policy_t *q = apol_policy_get_qpol(policy);
-+ size_t i, num_rules = 0;
-+ const qpol_filename_trans_t *rule = NULL;
-+ char *tmp = NULL, *rule_str = NULL, *expr = NULL;
-+ char enable_char = ' ', branch_char = ' ';
-+ qpol_iterator_t *iter = NULL;
-+ const qpol_cond_t *cond = NULL;
-+ uint32_t enabled = 0, list = 0;
-+
-+ if (!(num_rules = apol_vector_get_size(v)))
-+ goto cleanup;
-+
-+ fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
-+
-+ for (i = 0; i < num_rules; i++) {
-+ enable_char = branch_char = ' ';
-+ if (!(rule = apol_vector_get_element(v, i)))
-+ goto cleanup;
-+
-+ if (!(rule_str = apol_filename_trans_render(policy, rule)))
-+ goto cleanup;
-+ fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
-+ free(rule_str);
-+ rule_str = NULL;
-+ free(expr);
-+ expr = NULL;
-+ }
-+
-+ cleanup:
-+ free(tmp);
-+ free(rule_str);
-+ free(expr);
-+}
-+
- static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
- {
- apol_role_allow_query_t *raq = NULL;
-@@ -1128,6 +1217,18 @@ int main(int argc, char **argv)
- print_te_results(policy, &cmd_opts, v);
- fprintf(stdout, "\n");
- }
-+
-+ if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
-+ apol_vector_destroy(&v);
-+ if (perform_ft_query(policy, &cmd_opts, &v)) {
-+ rt = 1;
-+ goto cleanup;
-+ }
-+
-+ print_ft_results(policy, &cmd_opts, v);
-+ fprintf(stdout, "\n");
-+ }
-+
- apol_vector_destroy(&v);
- if (perform_ra_query(policy, &cmd_opts, &v)) {
- rt = 1;
---
-1.7.6.2
-
-diff -up setools-3.3.7/libapol/include/apol/Makefile.am.filenametrans setools-3.3.7/libapol/include/apol/Makefile.am
---- setools-3.3.7/libapol/include/apol/Makefile.am.filenametrans 2009-07-14 14:03:27.000000000 -0400
-+++ setools-3.3.7/libapol/include/apol/Makefile.am 2011-10-26 16:24:59.948130442 -0400
-@@ -27,6 +27,7 @@ apol_HEADERS = \
- relabel-analysis.h \
- render.h \
- role-query.h \
-+ ftrule-query.h \
- terule-query.h \
- type-query.h \
- types-relation-analysis.h \
-diff -up setools-3.3.7/libqpol/include/qpol/Makefile.am.filenametrans setools-3.3.7/libqpol/include/qpol/Makefile.am
---- setools-3.3.7/libqpol/include/qpol/Makefile.am.filenametrans 2011-10-26 16:22:28.723523155 -0400
-+++ setools-3.3.7/libqpol/include/qpol/Makefile.am 2011-10-26 16:22:41.283493767 -0400
-@@ -25,6 +25,7 @@ qpol_HEADERS = \
- role_query.h \
- syn_rule_query.h \
- terule_query.h \
-+ ftrule_query.h \
- type_query.h \
- user_query.h \
- util.h
diff --git a/SOURCES/0007-Remove-unused-variables.patch b/SOURCES/0007-Remove-unused-variables.patch
deleted file mode 100644
index dfa532c..0000000
--- a/SOURCES/0007-Remove-unused-variables.patch
+++ /dev/null
@@ -1,277 +0,0 @@
-From e30036e358b8f1c3f56048b467e8646fa3bfffb6 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Tue, 20 Sep 2011 16:40:26 -0400
-Subject: [PATCH 7/7] Remove unused variables
-
----
- libapol/src/ftrule-query.c | 11 ++----
- libqpol/src/ftrule_query.c | 2 -
- secmds/sesearch.c | 86 +++++++++++++++++++++++++++++++++-----------
- 3 files changed, 68 insertions(+), 31 deletions(-)
-
-diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
-index dc248de..9c7a23b 100644
---- a/libapol/src/ftrule-query.c
-+++ b/libapol/src/ftrule-query.c
-@@ -45,14 +45,11 @@ struct apol_filename_trans_query
- int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filename_trans_query_t * t, apol_vector_t ** v)
- {
- apol_vector_t *source_list = NULL, *target_list = NULL, *class_list = NULL, *default_list = NULL;
-- int retval = -1, source_as_any = 0, is_regex = 0, append_filename_trans;
-- char *bool_name = NULL;
-+ int retval = -1, source_as_any = 0, is_regex = 0;
- *v = NULL;
-- unsigned int flags = 0;
-- qpol_iterator_t *iter = NULL, *type_iter = NULL;
-+ qpol_iterator_t *iter = NULL;
-
- if (t != NULL) {
-- flags = t->flags;
- is_regex = t->flags & APOL_QUERY_REGEX;
- if (t->source != NULL &&
- (source_list =
-@@ -104,7 +101,7 @@ int apol_filename_trans_get_by_query(const apol_policy_t * p, const apol_filenam
- if (qpol_iterator_get_item(iter, (void **)&filename_trans) < 0) {
- goto cleanup;
- }
-- int match_source = 0, match_target = 0, match_default = 0, match_bool = 0;
-+ int match_source = 0, match_target = 0, match_default = 0;
- size_t i;
-
- if (source_list == NULL) {
-@@ -265,10 +262,8 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
- {
- char *tmp = NULL;
- const char *tmp_name = NULL;
-- const char *filename_trans_type_str;
- int error = 0;
- size_t tmp_sz = 0;
-- uint32_t filename_trans_type = 0;
- const qpol_type_t *type = NULL;
- const qpol_class_t *obj_class = NULL;
-
-diff --git a/libqpol/src/ftrule_query.c b/libqpol/src/ftrule_query.c
-index d6db848..3148d30 100644
---- a/libqpol/src/ftrule_query.c
-+++ b/libqpol/src/ftrule_query.c
-@@ -254,7 +254,6 @@ int qpol_filename_trans_get_default_type(const qpol_policy_t * policy, const qpo
-
- int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_filename_trans_t * rule, const char ** name)
- {
-- policydb_t *db = NULL;
- filename_trans_t *ft = NULL;
-
- if (name) {
-@@ -267,7 +266,6 @@ int qpol_filename_trans_get_filename(const qpol_policy_t * policy, const qpol_fi
- return STATUS_ERR;
- }
-
-- db = &policy->p->p;
- ft = (filename_trans_t *) rule;
-
- *name = ft->name;
-diff --git a/secmds/sesearch.c b/secmds/sesearch.c
-index e44b3bc..319ffe7 100644
---- a/secmds/sesearch.c
-+++ b/secmds/sesearch.c
-@@ -72,6 +72,7 @@ static struct option const longopts[] = {
-
- {"source", required_argument, NULL, 's'},
- {"target", required_argument, NULL, 't'},
-+ {"default", required_argument, NULL, 'D'},
- {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
- {"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
- {"class", required_argument, NULL, 'c'},
-@@ -92,6 +93,7 @@ typedef struct options
- {
- char *src_name;
- char *tgt_name;
-+ char *default_name;
- char *src_role_name;
- char *tgt_role_name;
- char *class_name;
-@@ -293,7 +295,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
- tmp = apol_cond_expr_render(policy, cond);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -356,7 +359,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
- qpol_iterator_destroy(&iter);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = (list ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -488,7 +492,8 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
- tmp = apol_cond_expr_render(policy, cond);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -553,7 +558,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
- qpol_iterator_destroy(&iter);
- enable_char = (enabled ? 'E' : 'D');
- branch_char = (list ? 'T' : 'F');
-- asprintf(&expr, "[ %s ]", tmp);
-+ if (asprintf(&expr, "[ %s ]", tmp) < 0)
-+ goto cleanup;
- free(tmp);
- tmp = NULL;
- if (!expr)
-@@ -586,7 +592,7 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
- return -1;
- }
-
-- if (!opt->type == QPOL_RULE_TYPE_TRANS && !opt->all) {
-+ if (!opt->type && !opt->all) {
- *v = NULL;
- return 0; /* no search to do */
- }
-@@ -600,17 +606,44 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
-
- apol_filename_trans_query_set_regex(policy, ftq, opt->useregex);
- if (opt->src_name) {
-- if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name)) {
-+ if (apol_filename_trans_query_set_source(policy, ftq, opt->src_name, opt->indirect)) {
- error = errno;
- goto err;
- }
- }
-+
- if (opt->tgt_name) {
- if (apol_filename_trans_query_set_target(policy, ftq, opt->tgt_name, opt->indirect)) {
- error = errno;
- goto err;
- }
- }
-+ if (opt->default_name) {
-+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ }
-+
-+ if (opt->class_name) {
-+ if (opt->class_vector == NULL) {
-+ if (apol_filename_trans_query_append_class(policy, ftq, opt->class_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ } else {
-+ for (size_t i = 0; i < apol_vector_get_size(opt->class_vector); ++i) {
-+ char *class_name;
-+ class_name = apol_vector_get_element(opt->class_vector, i);
-+ if (!class_name)
-+ continue;
-+ if (apol_filename_trans_query_append_class(policy, ftq, class_name)) {
-+ error = errno;
-+ goto err;
-+ }
-+ }
-+ }
-+ }
-
- if (apol_filename_trans_get_by_query(policy, ftq, v)) {
- error = errno;
-@@ -630,37 +663,36 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
-
- static void print_ft_results(const apol_policy_t * policy, const options_t * opt, const apol_vector_t * v)
- {
-- qpol_policy_t *q = apol_policy_get_qpol(policy);
-- size_t i, num_rules = 0;
-- const qpol_filename_trans_t *rule = NULL;
-- char *tmp = NULL, *rule_str = NULL, *expr = NULL;
-+ size_t i, num_filename_trans = 0;
-+ const qpol_filename_trans_t *filename_trans = NULL;
-+ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
- char enable_char = ' ', branch_char = ' ';
- qpol_iterator_t *iter = NULL;
- const qpol_cond_t *cond = NULL;
- uint32_t enabled = 0, list = 0;
-
-- if (!(num_rules = apol_vector_get_size(v)))
-+ if (!(num_filename_trans = apol_vector_get_size(v)))
- goto cleanup;
-
-- fprintf(stdout, "Found %zd named file transition rules:\n", num_rules);
-+ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
-
-- for (i = 0; i < num_rules; i++) {
-+ for (i = 0; i < num_filename_trans; i++) {
- enable_char = branch_char = ' ';
-- if (!(rule = apol_vector_get_element(v, i)))
-+ if (!(filename_trans = apol_vector_get_element(v, i)))
- goto cleanup;
-
-- if (!(rule_str = apol_filename_trans_render(policy, rule)))
-+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
- goto cleanup;
-- fprintf(stdout, "%s %s\n", rule_str, expr ? expr : "");
-- free(rule_str);
-- rule_str = NULL;
-+ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
-+ free(filename_trans_str);
-+ filename_trans_str = NULL;
- free(expr);
- expr = NULL;
- }
-
- cleanup:
- free(tmp);
-- free(rule_str);
-+ free(filename_trans_str);
- free(expr);
- }
-
-@@ -930,7 +962,7 @@ int main(int argc, char **argv)
-
- memset(&cmd_opts, 0, sizeof(cmd_opts));
- cmd_opts.indirect = true;
-- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dRnSChV", longopts, NULL)) != -1) {
-+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
- switch (optc) {
- case 0:
- break;
-@@ -946,6 +978,18 @@ int main(int argc, char **argv)
- exit(1);
- }
- break;
-+ case 'D': /* source */
-+ if (optarg == 0) {
-+ usage(argv[0], 1);
-+ printf("Missing source default type for -D (--default)\n");
-+ exit(1);
-+ }
-+ cmd_opts.default_name = strdup(optarg);
-+ if (!cmd_opts.default_name) {
-+
-+ exit(1);
-+ }
-+ break;
- case 't': /* target */
- if (optarg == 0) {
- usage(argv[0], 1);
-@@ -1218,7 +1262,7 @@ int main(int argc, char **argv)
- fprintf(stdout, "\n");
- }
-
-- if (cmd_opts.all || cmd_opts.type == QPOL_RULE_TYPE_TRANS) {
-+ if (cmd_opts.all || cmd_opts.type) {
- apol_vector_destroy(&v);
- if (perform_ft_query(policy, &cmd_opts, &v)) {
- rt = 1;
---
-1.7.6.2
-
diff --git a/SOURCES/0007-Setools-noship.patch b/SOURCES/0007-Setools-noship.patch
new file mode 100644
index 0000000..eacd508
--- /dev/null
+++ b/SOURCES/0007-Setools-noship.patch
@@ -0,0 +1,207 @@
+From a39d0831d654292fb2a1f7b9ee18ecc9239f610f Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 11 Apr 2014 18:38:34 +0200
+Subject: [PATCH 07/11] Setools noship
+
+---
+ Makefile.am | 26 +++-----------------------
+ configure.ac | 2 +-
+ man/Makefile.am | 15 +++------------
+ seaudit/Makefile.am | 31 +++----------------------------
+ secmds/Makefile.am | 14 +-------------
+ sediff/Makefile.am | 32 ++------------------------------
+ 6 files changed, 13 insertions(+), 107 deletions(-)
+
+diff --git a/Makefile.am b/Makefile.am
+index 176c8ea..4cac386 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -78,9 +70,9 @@ install-logwatch:
+ $(MAKE) -C $(top_srcdir)/seaudit install-logwatch
+
+ .PHONY: libqpol libapol libpoldiff libsefs libseaudit \
+- apol secmds seaudit sediff sediffx sechecker \
++ apol secmds seaudit sediff sechecker\
+ install-logwatch help \
+- seinfo sesearch indexcon findcon replcon searchcon \
++ seinfo sesearch findcon \
+ packages
+
+ seinfo: libqpol libapol
+diff --git a/configure.ac b/configure.ac
+index 2a5b55b..5b1da5e 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; then
+ fi
+ AC_PROG_CXX
+ AC_LANG([C])
+-AC_PROG_LIBTOOL
++AC_PROG_RANLIB
+ AC_PROG_LN_S
+ AC_PROG_LEX
+ AC_PROG_YACC
+diff --git a/man/Makefile.am b/man/Makefile.am
+index 0fafccb..f88e00a 100644
+--- a/man/Makefile.am
++++ b/man/Makefile.am
+@@ -1,19 +1,10 @@
+ if BUILD_GUI
+ MAYBEMANS = apol.1 \
+- seaudit.8 seaudit-report.8 \
+- sediffx.1
++ seaudit.8
+ endif
+
+ EXTRA_DIST=$(man_MANS) apol.1 \
+- seaudit.8 seaudit-report.8.in \
+- sediffx.1
++ seaudit.8
+
+-man_MANS = findcon.1 indexcon.1 replcon.1 \
+- sechecker.1 \
+- sediff.1 \
++man_MANS = findcon.1 sediff.1 sechecker.1 \
+ seinfo.1 sesearch.1 $(MAYBEMANS)
+-
+-seaudit-report.8: seaudit-report.8.in Makefile
+- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
+-
+-CLEANFILES = seaudit-report.8
+diff --git a/seaudit/Makefile.am b/seaudit/Makefile.am
+index 1987c99..3fa4413 100644
+--- a/seaudit/Makefile.am
++++ b/seaudit/Makefile.am
+@@ -1,5 +1,4 @@
+ setoolsdir = @setoolsdir@
+-bin_PROGRAMS = seaudit-report
+ sbin_PROGRAMS = seaudit
+
+ AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
+@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
+ dist_setools_DATA = \
+ seaudit.glade \
+ seaudit_help.txt \
+- seaudit-report.conf \
+- seaudit-report.css \
+ seaudit.png seaudit-small.png
+
+ nodist_setools_DATA = \
+- dot_seaudit \
+- seaudit-report-service
++ dot_seaudit
+
+ seaudit_SOURCES = \
+ filter_view.c filter_view.h \
+@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \
+ dot_seaudit: dot_seaudit.in Makefile
+ sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
+
+-seaudit_report_SOURCES = seaudit-report.c
+-seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \
+- $(top_builddir)/libapol/src/libapol.so \
+- $(top_builddir)/libqpol/src/libqpol.so
+-
+ logwatch = $(DESTDIR)/etc/logwatch
+ LOGWATCH_GROUP = $(logwatch)/conf/logfiles
+ LOGWATCH_SERVICE = $(logwatch)/conf/services
+ LOGWATCH_FILTER = $(logwatch)/scripts/services
+
+-dist_noinst_DATA = dot_seaudit.in \
+- seaudit-report-group.conf \
+- seaudit-report-service.conf \
+- seaudit-report-service.in
+-
+-seaudit-report-service: seaudit-report-service.in Makefile
+- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@
+-
+-install-logwatch: $(dist_noinst_DATA) seaudit-report-service
+- mkdir -p -- $(LOGWATCH_GROUP)
+- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP)
+- mkdir -p -- $(LOGWATCH_SERVICE)
+- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE)
+- mkdir -p -- $(LOGWATCH_FILTER)
+- install -m 755 seaudit-report-service $(LOGWATCH_FILTER)
++dist_noinst_DATA = dot_seaudit.in
+
+ $(top_builddir)/libapol/src/libapol.so:
+ $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@)
+@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so:
+ $(top_builddir)/libsefs/src/libsefs.so:
+ $(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@)
+
+-.PHONY: install-logwatch
+-
+-CLEANFILES = dot_seaudit seaudit-report-service
++CLEANFILES = dot_seaudit
+diff --git a/secmds/Makefile.am b/secmds/Makefile.am
+index ddc88b1..7fa4364 100644
+--- a/secmds/Makefile.am
++++ b/secmds/Makefile.am
+@@ -1,6 +1,6 @@
+ # various setools command line tools
+
+-bin_PROGRAMS = seinfo sesearch findcon replcon indexcon
++bin_PROGRAMS = seinfo sesearch findcon
+
+ # These are for indexcon so that it is usable on machines without setools
+ STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3
+diff --git a/sediff/Makefile.am b/sediff/Makefile.am
+index 3f53cd3..2d9ce84 100644
+--- a/sediff/Makefile.am
++++ b/sediff/Makefile.am
+@@ -1,13 +1,6 @@
+ setoolsdir = @setoolsdir@
+
+-dist_setools_DATA = sediff_help.txt sediffx.glade \
+- sediffx.png sediffx-small.png
+-
+-if BUILD_GUI
+- MAYBE_SEDIFFX = sediffx
+-endif
+-
+-bin_PROGRAMS = sediff $(MAYBE_SEDIFFX)
++bin_PROGRAMS = sediff
+
+ AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
+ @QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@
+@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS@ @PROFILELDFLAGS@
+
+ LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
+
+-sediff_CFLAGS = $(AM_CFLAGS)
+-sediffx_CFLAGS = $(AM_CFLAGS) \
+- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@
+-
+-# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks
+-sediffx_LDFLAGS = $(AM_LDFLAGS) \
+- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \
+- -rdynamic
++sediff_CFLAGS = $(AM_CFLAGS)
+
+ DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \
+ $(top_builddir)/libapol/src/libapol.so \
+@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \
+
+ sediff_SOURCES = sediff.c
+
+-sediffx_SOURCES = \
+- find_dialog.c find_dialog.h \
+- open_policies_dialog.c open_policies_dialog.h \
+- policy_view.c policy_view.h \
+- progress.c progress.h \
+- remap_types_dialog.c remap_types_dialog.h \
+- result_item.c result_item.h \
+- result_item_render.c result_item_render.h \
+- results.c results.h \
+- select_diff_dialog.c select_diff_dialog.h \
+- toplevel.c toplevel.h \
+- utilgui.c utilgui.h \
+- sediffx.c sediffx.h
+-
+ $(top_builddir)/libpoldiff/src/libpoldiff.so:
+ $(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@)
+
+--
+1.8.5.3
+
diff --git a/SOURCES/0008-Add-alias-support-to-seinfo-t.patch b/SOURCES/0008-Add-alias-support-to-seinfo-t.patch
new file mode 100644
index 0000000..32d901a
--- /dev/null
+++ b/SOURCES/0008-Add-alias-support-to-seinfo-t.patch
@@ -0,0 +1,92 @@
+From 1136e61a9839ad3b60eb2da4d624413c02545c7d Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 11 Apr 2014 18:42:27 +0200
+Subject: [PATCH 08/11] Add alias support to seinfo -t
+
+---
+ secmds/seinfo.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 48 insertions(+)
+
+diff --git a/secmds/seinfo.c b/secmds/seinfo.c
+index 54b2a6a..1878c49 100644
+--- a/secmds/seinfo.c
++++ b/secmds/seinfo.c
+@@ -46,6 +46,7 @@
+ #include <string.h>
+ #include <assert.h>
+ #include <getopt.h>
++#include <selinux/selinux.h>
+
+ #define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
+
+@@ -54,6 +55,7 @@
+
+ static char *policy_file = NULL;
+
++static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb);
+ static int print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
+ static int print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
+ static int print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand);
+@@ -514,6 +516,7 @@ static int print_types(FILE * fp, const char *name, int expand, const apol_polic
+ goto cleanup;
+ if (print_type_attrs(fp, type_datum, policydb, expand))
+ goto cleanup;
++ print_type_aliases(fp, type_datum, policydb);
+ } else {
+ if (qpol_policy_get_type_iter(q, &iter))
+ goto cleanup;
+@@ -1912,6 +1915,51 @@ int main(int argc, char **argv)
+ }
+
+ /**
++ * Prints the alias of a type.
++ *
++ * @param fp Reference to a file to which to print type information
++ * @param type_datum Reference to sepol type_datum
++ * @param policydb Reference to a policy
++ * attributes
++ */
++static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb)
++{
++ qpol_iterator_t *iter = NULL;
++ size_t alias_size;
++ unsigned char isattr, isalias;
++ const char *type_name = NULL;
++ const char *alias_name;
++ qpol_policy_t *q = apol_policy_get_qpol(policydb);
++
++ if (qpol_type_get_name(q, type_datum, &type_name))
++ goto cleanup;
++ if (qpol_type_get_isattr(q, type_datum, &isattr))
++ goto cleanup;
++ if (qpol_type_get_isalias(q, type_datum, &isalias))
++ goto cleanup;
++
++ if (isalias) {
++ fprintf(fp, " TypeName %s\n", type_name);
++ }
++ if (qpol_type_get_alias_iter(q, type_datum, &iter))
++ goto cleanup;
++ if (qpol_iterator_get_size(iter, &alias_size))
++ goto cleanup;
++ if (alias_size > 0) {
++ fprintf(fp, " Aliases\n");
++ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
++ if (qpol_iterator_get_item(iter, (void **)&alias_name))
++ goto cleanup;
++ fprintf(fp, " %s\n", alias_name);
++ }
++ }
++
++ cleanup:
++ qpol_iterator_destroy(&iter);
++ return;
++}
++
++/**
+ * Prints a textual representation of a type, and possibly
+ * all of that type's attributes.
+ *
+--
+1.8.5.3
+
diff --git a/SOURCES/0008-Fix-output-to-match-policy-lines.patch b/SOURCES/0008-Fix-output-to-match-policy-lines.patch
deleted file mode 100644
index 47c258e..0000000
--- a/SOURCES/0008-Fix-output-to-match-policy-lines.patch
+++ /dev/null
@@ -1,34 +0,0 @@
-From 2f89d9acc12c0a7b50a94e4247b015242ce712c9 Mon Sep 17 00:00:00 2001
-From: Dan Walsh <dwalsh@redhat.com>
-Date: Wed, 21 Sep 2011 15:15:02 -0400
-Subject: [PATCH 8/8] Fix output to match policy lines
-
----
- libapol/src/ftrule-query.c | 4 ++--
- 1 files changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/libapol/src/ftrule-query.c b/libapol/src/ftrule-query.c
-index 9c7a23b..1d5f5c8 100644
---- a/libapol/src/ftrule-query.c
-+++ b/libapol/src/ftrule-query.c
-@@ -282,7 +282,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
- error = errno;
- goto err;
- }
-- if (apol_str_appendf(&tmp, &tmp_sz, "transition_type %s ", tmp_name)) {
-+ if (apol_str_appendf(&tmp, &tmp_sz, "type_transition %s ", tmp_name)) {
- error = errno;
- ERR(policy, "%s", strerror(error));
- goto err;
-@@ -338,7 +338,7 @@ char *apol_filename_trans_render(const apol_policy_t * policy, const qpol_filena
- goto err;
- }
-
-- if (apol_str_appendf(&tmp, &tmp_sz, " %s", tmp_name)) {
-+ if (apol_str_appendf(&tmp, &tmp_sz, " \"%s\"", tmp_name)) {
- error = errno;
- ERR(policy, "%s", strerror(error));
- goto err;
---
-1.7.6.2
-
diff --git a/SOURCES/0009-Fix-help-message-on-sesearch-D.patch b/SOURCES/0009-Fix-help-message-on-sesearch-D.patch
new file mode 100644
index 0000000..e90eba4
--- /dev/null
+++ b/SOURCES/0009-Fix-help-message-on-sesearch-D.patch
@@ -0,0 +1,258 @@
+From bbe9f57845101d07eef31a772946437b3245c7d5 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 11 Apr 2014 18:46:24 +0200
+Subject: [PATCH 09/11] Fix help message on sesearch -D
+
+---
+ man/sesearch.1 | 2 +-
+ secmds/sesearch.c | 77 +++++++++++++++++--------------------------------------
+ 2 files changed, 25 insertions(+), 54 deletions(-)
+
+diff --git a/man/sesearch.1 b/man/sesearch.1
+index 573aedd..dc119eb 100644
+--- a/man/sesearch.1
++++ b/man/sesearch.1
+@@ -43,7 +43,7 @@ Search for allow rules.
+ Search for neverallow rules.
+ .IP "--auditallow"
+ Search for auditallow rules.
+-.IP "--dontaudit"
++.IP "-D, --dontaudit"
+ Search for dontaudit rules.
+ .IP "-T, --type"
+ Search for type_transition, type_member, and type_change rules.
+diff --git a/secmds/sesearch.c b/secmds/sesearch.c
+index e1436a7..f53d670 100644
+--- a/secmds/sesearch.c
++++ b/secmds/sesearch.c
+@@ -24,6 +24,7 @@
+ */
+
+ #include <config.h>
++#include <selinux/selinux.h>
+
+ /* libapol */
+ #include <apol/policy.h>
+@@ -61,9 +62,8 @@ enum opt_values
+ static struct option const longopts[] = {
+ {"allow", no_argument, NULL, 'A'},
+ {"neverallow", no_argument, NULL, RULE_NEVERALLOW},
+- {"audit", no_argument, NULL, RULE_AUDIT},
+ {"auditallow", no_argument, NULL, RULE_AUDITALLOW},
+- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT},
++ {"dontaudit", no_argument, NULL, 'D'},
+ {"type", no_argument, NULL, 'T'},
+ {"role_allow", no_argument, NULL, RULE_ROLE_ALLOW},
+ {"role_trans", no_argument, NULL, RULE_ROLE_TRANS},
+@@ -72,7 +72,6 @@ static struct option const longopts[] = {
+
+ {"source", required_argument, NULL, 's'},
+ {"target", required_argument, NULL, 't'},
+- {"default", required_argument, NULL, 'D'},
+ {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
+ {"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
+ {"class", required_argument, NULL, 'c'},
+@@ -129,7 +128,7 @@ void usage(const char *program_name, int brief)
+ printf(" -A, --allow allow rules\n");
+ printf(" --neverallow neverallow rules\n");
+ printf(" --auditallow auditallow rules\n");
+- printf(" --dontaudit dontaudit rules\n");
++ printf(" -D, --dontaudit dontaudit rules\n");
+ printf(" -T, --type type_trans, type_member, and type_change\n");
+ printf(" --role_allow role allow rules\n");
+ printf(" --role_trans role_transition rules\n");
+@@ -138,7 +137,6 @@ void usage(const char *program_name, int brief)
+ printf("EXPRESSIONS:\n");
+ printf(" -s NAME, --source=NAME rules with type/attribute NAME as source\n");
+ printf(" -t NAME, --target=NAME rules with type/attribute NAME as target\n");
+- printf(" -D NAME, --default=NAME rules with type NAME as default\n");
+ printf(" --role_source=NAME rules with role NAME as source\n");
+ printf(" --role_target=NAME rules with role NAME as target\n");
+ printf(" -c NAME, --class=NAME rules with class NAME as the object class\n");
+@@ -296,10 +294,8 @@ static void print_syn_av_results(const apol_policy_t * policy, const options_t *
+ tmp = apol_cond_expr_render(policy, cond);
+ enable_char = (enabled ? 'E' : 'D');
+ branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
+- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
+- expr = NULL;
++ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
+- }
+ free(tmp);
+ tmp = NULL;
+ if (!expr)
+@@ -362,10 +358,8 @@ static void print_av_results(const apol_policy_t * policy, const options_t * opt
+ qpol_iterator_destroy(&iter);
+ enable_char = (enabled ? 'E' : 'D');
+ branch_char = (list ? 'T' : 'F');
+- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
+- expr = NULL;
++ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
+- }
+ free(tmp);
+ tmp = NULL;
+ if (!expr)
+@@ -421,8 +415,6 @@ static int perform_te_query(const apol_policy_t * policy, const options_t * opt,
+ apol_terule_query_set_target(policy, teq, opt->tgt_name, opt->indirect);
+ if (opt->bool_name)
+ apol_terule_query_set_bool(policy, teq, opt->bool_name);
+- if (opt->default_name)
+- apol_terule_query_set_default(policy, teq, opt->default_name);
+ if (opt->class_name) {
+ if (opt->class_vector == NULL) {
+ if (apol_terule_query_append_class(policy, teq, opt->class_name)) {
+@@ -499,14 +491,12 @@ static void print_syn_te_results(const apol_policy_t * policy, const options_t *
+ tmp = apol_cond_expr_render(policy, cond);
+ enable_char = (enabled ? 'E' : 'D');
+ branch_char = ((is_true && enabled) || (!is_true && !enabled) ? 'T' : 'F');
+- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
+- expr = NULL;
++ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
+- }
+ free(tmp);
+ tmp = NULL;
+ if (!expr)
+- goto cleanup;
++ break;
+ }
+ }
+ if (!(rule_str = apol_syn_terule_render(policy, rule)))
+@@ -567,10 +557,8 @@ static void print_te_results(const apol_policy_t * policy, const options_t * opt
+ qpol_iterator_destroy(&iter);
+ enable_char = (enabled ? 'E' : 'D');
+ branch_char = (list ? 'T' : 'F');
+- if (asprintf(&expr, "[ %s ]", tmp) < 0) {
+- expr = NULL;
++ if (asprintf(&expr, "[ %s ]", tmp) < 0)
+ goto cleanup;
+- }
+ free(tmp);
+ tmp = NULL;
+ if (!expr)
+@@ -629,7 +617,6 @@ static int perform_ft_query(const apol_policy_t * policy, const options_t * opt,
+ goto err;
+ }
+ }
+-
+ if (opt->default_name) {
+ if (apol_filename_trans_query_set_default(policy, ftq, opt->default_name)) {
+ error = errno;
+@@ -677,13 +664,12 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt
+ {
+ size_t i, num_filename_trans = 0;
+ const qpol_filename_trans_t *filename_trans = NULL;
+- char *filename_trans_str = NULL;
+- qpol_iterator_t *iter = NULL;
++ char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
+
+ if (!(num_filename_trans = apol_vector_get_size(v)))
+ goto cleanup;
+
+- fprintf(stdout, "Found %zd named file transition rules:\n", num_filename_trans);
++ fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
+
+ for (i = 0; i < num_filename_trans; i++) {
+ if (!(filename_trans = apol_vector_get_element(v, i)))
+@@ -691,13 +677,17 @@ static void print_ft_results(const apol_policy_t * policy, const options_t * opt
+
+ if (!(filename_trans_str = apol_filename_trans_render(policy, filename_trans)))
+ goto cleanup;
+- fprintf(stdout, "%s\n", filename_trans_str);
++ fprintf(stdout, "%s %s\n", filename_trans_str, expr ? expr : "");
+ free(filename_trans_str);
+ filename_trans_str = NULL;
++ free(expr);
++ expr = NULL;
+ }
+
+ cleanup:
++ free(tmp);
+ free(filename_trans_str);
++ free(expr);
+ }
+
+ static int perform_ra_query(const apol_policy_t * policy, const options_t * opt, apol_vector_t ** v)
+@@ -814,13 +804,6 @@ static int perform_rt_query(const apol_policy_t * policy, const options_t * opt,
+ }
+ }
+
+- if (opt->default_name) {
+- if (apol_role_trans_query_set_default(policy, rtq, opt->default_name)) {
+- error = errno;
+- goto err;
+- }
+- }
+-
+ if (apol_role_trans_get_by_query(policy, rtq, v)) {
+ error = errno;
+ goto err;
+@@ -973,7 +956,7 @@ int main(int argc, char **argv)
+
+ memset(&cmd_opts, 0, sizeof(cmd_opts));
+ cmd_opts.indirect = true;
+- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
++ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) {
+ switch (optc) {
+ case 0:
+ break;
+@@ -1001,18 +984,6 @@ int main(int argc, char **argv)
+ exit(1);
+ }
+ break;
+- case 'D': /* default */
+- if (optarg == 0) {
+- usage(argv[0], 1);
+- printf("Missing default type for -D (--default)\n");
+- exit(1);
+- }
+- cmd_opts.default_name = strdup(optarg);
+- if (!cmd_opts.default_name) {
+-
+- exit(1);
+- }
+- break;
+ case EXPR_ROLE_SOURCE:
+ if (optarg == 0) {
+ usage(argv[0], 1);
+@@ -1093,7 +1064,7 @@ int main(int argc, char **argv)
+ case RULE_AUDITALLOW:
+ cmd_opts.auditallow = true;
+ break;
+- case RULE_DONTAUDIT:
++ case 'D':
+ cmd_opts.dontaudit = true;
+ break;
+ case 'T': /* type */
+@@ -1273,12 +1244,13 @@ int main(int argc, char **argv)
+ fprintf(stdout, "\n");
+ }
+
+- apol_vector_destroy(&v);
+- if (perform_ft_query(policy, &cmd_opts, &v)) {
+- rt = 1;
+- goto cleanup;
+- }
+- if (v) {
++ if (cmd_opts.all || cmd_opts.type) {
++ apol_vector_destroy(&v);
++ if (perform_ft_query(policy, &cmd_opts, &v)) {
++ rt = 1;
++ goto cleanup;
++ }
++
+ print_ft_results(policy, &cmd_opts, v);
+ fprintf(stdout, "\n");
+ }
+@@ -1317,7 +1289,6 @@ int main(int argc, char **argv)
+ apol_policy_path_destroy(&pol_path);
+ free(cmd_opts.src_name);
+ free(cmd_opts.tgt_name);
+- free(cmd_opts.default_name);
+ free(cmd_opts.class_name);
+ free(cmd_opts.permlist);
+ free(cmd_opts.bool_name);
+--
+1.8.5.3
+
diff --git a/SOURCES/0009-Fix-swig-coding-style-for-structures.patch b/SOURCES/0009-Fix-swig-coding-style-for-structures.patch
deleted file mode 100644
index f05cd4a..0000000
--- a/SOURCES/0009-Fix-swig-coding-style-for-structures.patch
+++ /dev/null
@@ -1,583 +0,0 @@
-#diff -Nur old_setools/libqpol/swig/qpol.i setools-3.3.7/libqpol/swig/qpol.i
-diff -Nur setools-3.3.7/libqpol/swig/qpol.i.current setools-3.3.7/libqpol/swig/qpol.i
---- old_setools/libqpol/swig/qpol.i 2010-04-30 18:23:28.000000000 +0200
-+++ setools-3.3.7/libqpol/swig/qpol.i 2012-07-03 19:20:45.383016553 +0200
-@@ -228,7 +228,7 @@
- #define QPOL_MODULE_OTHER 2
- typedef struct qpol_module {} qpol_module_t;
- %extend qpol_module_t {
-- qpol_module_t(const char *path) {
-+ qpol_module(const char *path) {
- qpol_module_t *m;
- BEGIN_EXCEPTION
- if (qpol_module_create_from_file(path, &m)) {
-@@ -239,7 +239,7 @@
- fail:
- return NULL;
- };
-- ~qpol_module_t() {
-+ ~qpol_module() {
- qpol_module_destroy(&self);
- };
- const char *get_path() {
-@@ -330,7 +330,7 @@
- } qpol_capability_e;
-
- %extend qpol_policy_t {
-- qpol_policy_t(const char *path, const int options) {
-+ qpol_policy(const char *path, const int options) {
- qpol_policy_t *p;
- BEGIN_EXCEPTION
- if (qpol_policy_open_from_file(path, &p, qpol_swig_message_callback, qpol_swig_message_callback_arg, options) < 0) {
-@@ -341,7 +341,7 @@
- fail:
- return NULL;
- }
-- ~qpol_policy_t() {
-+ ~qpol_policy() {
- qpol_policy_destroy(&self);
- };
- void reevaluate_conds() {
-@@ -687,14 +687,14 @@
- typedef struct qpol_iterator {} qpol_iterator_t;
- %extend qpol_iterator_t {
- /* user never directly creates, but SWIG expects a constructor */
-- qpol_iterator_t() {
-+ qpol_iterator() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_TypeError, "User may not create iterators difectly");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_iterator_t() {
-+ ~qpol_iterator() {
- qpol_iterator_destroy(&self);
- };
- void *get_item() {
-@@ -736,7 +736,7 @@
- /* qpol type */
- typedef struct qpol_type {} qpol_type_t;
- %extend qpol_type_t {
-- qpol_type_t(qpol_policy_t *p, const char *name) {
-+ qpol_type(qpol_policy_t *p, const char *name) {
- BEGIN_EXCEPTION
- const qpol_type_t *t;
- if (qpol_policy_get_type_by_name(p, name, &t)) {
-@@ -747,7 +747,7 @@
- fail:
- return NULL;
- };
-- ~qpol_type_t() {
-+ ~qpol_type() {
- /* no op */
- return;
- };
-@@ -851,7 +851,7 @@
- /* qpol role */
- typedef struct qpol_role {} qpol_role_t;
- %extend qpol_role_t {
-- qpol_role_t(qpol_policy_t *p, const char *name) {
-+ qpol_role(qpol_policy_t *p, const char *name) {
- const qpol_role_t *r;
- BEGIN_EXCEPTION
- if (qpol_policy_get_role_by_name(p, name, &r)) {
-@@ -862,7 +862,7 @@
- fail:
- return NULL;
- };
-- ~qpol_role_t() {
-+ ~qpol_role() {
- /* no op */
- return;
- };
-@@ -919,7 +919,7 @@
- /* qpol level */
- typedef struct qpol_level {} qpol_level_t;
- %extend qpol_level_t {
-- qpol_level_t(qpol_policy_t *p, const char *name) {
-+ qpol_level(qpol_policy_t *p, const char *name) {
- const qpol_level_t *l;
- BEGIN_EXCEPTION
- if (qpol_policy_get_level_by_name(p, name, &l)) {
-@@ -930,7 +930,7 @@
- fail:
- return NULL;
- };
-- ~qpol_level_t() {
-+ ~qpol_level() {
- /* no op */
- return;
- };
-@@ -997,7 +997,7 @@
- /* qpol cat */
- typedef struct qpol_cat {} qpol_cat_t;
- %extend qpol_cat_t {
-- qpol_cat_t(qpol_policy_t *p, const char *name) {
-+ qpol_cat(qpol_policy_t *p, const char *name) {
- const qpol_cat_t *c;
- BEGIN_EXCEPTION
- if (qpol_policy_get_cat_by_name(p, name, &c)) {
-@@ -1008,7 +1008,7 @@
- fail:
- return NULL;
- };
-- ~qpol_cat_t() {
-+ ~qpol_cat() {
- /* no op */
- return;
- };
-@@ -1064,14 +1064,14 @@
- /* qpol mls range */
- typedef struct qpol_mls_range {} qpol_mls_range_t;
- %extend qpol_mls_range_t {
-- qpol_mls_range_t() {
-+ qpol_mls_range() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_range_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- }
-- ~qpol_mls_range_t() {
-+ ~qpol_mls_range() {
- /* no op */
- return;
- };
-@@ -1105,14 +1105,14 @@
- /* qpol mls level */
- typedef struct qpol_mls_level {} qpol_mls_level_t;
- %extend qpol_mls_level_t {
-- qpol_mls_level_t() {
-+ qpol_mls_level() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_mls_level_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- }
-- ~qpol_mls_level_t() {
-+ ~qpol_mls_level() {
- /* no op */
- return;
- };
-@@ -1147,7 +1147,7 @@
- /* qpol user */
- typedef struct qpol_user {} qpol_user_t;
- %extend qpol_user_t {
-- qpol_user_t(qpol_policy_t *p, const char *name) {
-+ qpol_user(qpol_policy_t *p, const char *name) {
- const qpol_user_t *u;
- BEGIN_EXCEPTION
- if (qpol_policy_get_user_by_name(p, name, &u)) {
-@@ -1158,7 +1158,7 @@
- fail:
- return NULL;
- };
-- ~qpol_user_t() {
-+ ~qpol_user() {
- /* no op */
- return;
- };
-@@ -1223,7 +1223,7 @@
- /* qpol bool */
- typedef struct qpol_bool {} qpol_bool_t;
- %extend qpol_bool_t {
-- qpol_bool_t(qpol_policy_t *p, const char *name) {
-+ qpol_bool(qpol_policy_t *p, const char *name) {
- qpol_bool_t *b;
- BEGIN_EXCEPTION
- if (qpol_policy_get_bool_by_name(p, name, &b)) {
-@@ -1233,7 +1233,7 @@
- fail:
- return b;
- };
-- ~qpol_bool_t() {
-+ ~qpol_bool() {
- /* no op */
- return;
- };
-@@ -1295,14 +1295,14 @@
- /* qpol context */
- typedef struct qpol_context {} qpol_context_t;
- %extend qpol_context_t {
-- qpol_context_t() {
-+ qpol_context() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_context_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_context_t() {
-+ ~qpol_context() {
- /* no op */
- return;
- };
-@@ -1356,7 +1356,7 @@
- /* qpol class */
- typedef struct qpol_class {} qpol_class_t;
- %extend qpol_class_t {
-- qpol_class_t(qpol_policy_t *p, const char *name) {
-+ qpol_class(qpol_policy_t *p, const char *name) {
- const qpol_class_t *c;
- BEGIN_EXCEPTION
- if (qpol_policy_get_class_by_name(p, name, &c)) {
-@@ -1366,7 +1366,7 @@
- fail:
- return (qpol_class_t*)c;
- };
-- ~qpol_class_t() {
-+ ~qpol_class() {
- /* no op */
- return;
- };
-@@ -1443,7 +1443,7 @@
- /* qpol common */
- typedef struct qpol_common {} qpol_common_t;
- %extend qpol_common_t {
-- qpol_common_t(qpol_policy_t *p, const char *name) {
-+ qpol_common(qpol_policy_t *p, const char *name) {
- const qpol_common_t *c;
- BEGIN_EXCEPTION
- if (qpol_policy_get_common_by_name(p, name, &c)) {
-@@ -1453,7 +1453,7 @@
- fail:
- return (qpol_common_t*)c;
- };
-- ~qpol_common_t() {
-+ ~qpol_common() {
- /* no op */
- return;
- };
-@@ -1515,7 +1515,7 @@
- #define QPOL_FS_USE_PSID 6U
- #endif
- typedef struct qpol_fs_use {} qpol_fs_use_t;
--%extend qpol_fs_use_t {
-+%extend qpol_fs_use {
- qpol_fs_use_t(qpol_policy_t *p, const char *name) {
- const qpol_fs_use_t *f;
- BEGIN_EXCEPTION
-@@ -1526,7 +1526,7 @@
- fail:
- return (qpol_fs_use_t*)f;
- };
-- ~qpol_fs_use_t() {
-+ ~qpol_fs_use() {
- /* no op */
- return;
- };
-@@ -1594,7 +1594,7 @@
- #endif
- typedef struct qpol_genfscon {} qpol_genfscon_t;
- %extend qpol_genfscon_t {
-- qpol_genfscon_t(qpol_policy_t *p, const char *name, const char *path) {
-+ qpol_genfscon(qpol_policy_t *p, const char *name, const char *path) {
- qpol_genfscon_t *g;
- BEGIN_EXCEPTION
- if (qpol_policy_get_genfscon_by_name(p, name, path, &g)) {
-@@ -1604,7 +1604,7 @@
- fail:
- return g;
- };
-- ~qpol_genfscon_t() {
-+ ~qpol_genfscon() {
- free(self);
- };
- const char *get_name(qpol_policy_t *p) {
-@@ -1656,7 +1656,7 @@
-
- /* qpol isid */
- typedef struct qpol_isid {} qpol_isid_t;
--%extend qpol_isid_t {
-+%extend qpol_isid {
- qpol_isid_t(qpol_policy_t *p, const char *name) {
- const qpol_isid_t *i;
- BEGIN_EXCEPTION
-@@ -1667,7 +1667,7 @@
- fail:
- return (qpol_isid_t*)i;
- };
-- ~qpol_isid_t() {
-+ ~qpol_isid() {
- /* no op */
- return;
- };
-@@ -1701,7 +1701,7 @@
- /* qpol netifcon */
- typedef struct qpol_netifcon {} qpol_netifcon_t;
- %extend qpol_netifcon_t {
-- qpol_netifcon_t(qpol_policy_t *p, const char *name) {
-+ qpol_netifcon(qpol_policy_t *p, const char *name) {
- const qpol_netifcon_t *n;
- BEGIN_EXCEPTION
- if (qpol_policy_get_netifcon_by_name(p, name, &n)) {
-@@ -1711,7 +1711,7 @@
- fail:
- return (qpol_netifcon_t*)n;
- };
-- ~qpol_netifcon_t() {
-+ ~qpol_netifcon() {
- /* no op */
- return;
- };
-@@ -1757,7 +1757,7 @@
- #define QPOL_IPV6 1
- typedef struct qpol_nodecon {} qpol_nodecon_t;
- %extend qpol_nodecon_t {
-- qpol_nodecon_t(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
-+ qpol_nodecon(qpol_policy_t *p, int addr[4], int mask[4], int protocol) {
- uint32_t a[4], m[4];
- qpol_nodecon_t *n;
- BEGIN_EXCEPTION
-@@ -1772,7 +1772,7 @@
- fail:
- return n;
- }
-- ~qpol_nodecon_t() {
-+ ~qpol_nodecon() {
- free(self);
- };
- uint32_t *get_addr(qpol_policy_t *p) {
-@@ -1830,7 +1830,7 @@
- #define IPPROTO_UDP 17
- typedef struct qpol_portcon {} qpol_portcon_t;
- %extend qpol_portcon_t {
-- qpol_portcon_t(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
-+ qpol_portcon(qpol_policy_t *p, uint16_t low, uint16_t high, uint8_t protocol) {
- const qpol_portcon_t *qp;
- BEGIN_EXCEPTION
- if (qpol_policy_get_portcon_by_port(p, low, high, protocol, &qp)) {
-@@ -1840,7 +1840,7 @@
- fail:
- return (qpol_portcon_t*)qp;
- };
-- ~qpol_portcon_t() {
-+ ~qpol_portcon() {
- /* no op */
- return;
- };
-@@ -1893,7 +1893,7 @@
-
- /* qpol constraint */
- typedef struct qpol_constraint {} qpol_constraint_t;
--%extend qpol_constraint_t {
-+%extend qpol_constraint {
- qpol_constraint_t() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_t objects");
-@@ -1901,7 +1901,7 @@
- fail:
- return NULL;
- };
-- ~qpol_constraint_t() {
-+ ~qpol_constraint() {
- free(self);
- };
- const qpol_class_t *get_class(qpol_policy_t *p) {
-@@ -1945,7 +1945,7 @@
-
- /* qpol validatetrans */
- typedef struct qpol_validatetrans {} qpol_validatetrans_t;
--%extend qpol_validatetrans_t {
-+%extend qpol_validatetrans {
- qpol_validatetrans_t() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_validatetrans_t objects");
-@@ -1953,7 +1953,7 @@
- fail:
- return NULL;
- };
-- ~qpol_validatetrans_t() {
-+ ~qpol_validatetrans() {
- free(self);
- };
- const qpol_class_t *get_class(qpol_policy_t *p) {
-@@ -2011,14 +2011,14 @@
- #define QPOL_CEXPR_OP_INCOMP 5
- typedef struct qpol_constraint_expr_node {} qpol_constraint_expr_node_t;
- %extend qpol_constraint_expr_node_t {
-- qpol_constraint_expr_node_t() {
-+ qpol_constraint_expr_node() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_constraint_expr_node_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_constraint_expr_node_t() {
-+ ~qpol_constraint_expr_node() {
- /* no op */
- return;
- };
-@@ -2073,14 +2073,14 @@
- /* qpol role allow */
- typedef struct qpol_role_allow {} qpol_role_allow_t;
- %extend qpol_role_allow_t {
-- qpol_role_allow_t() {
-+ qpol_role_allow() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_allow_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_role_allow_t() {
-+ ~qpol_role_allow() {
- /* no op */
- return;
- };
-@@ -2114,14 +2114,14 @@
- /* qpol role trans */
- typedef struct qpol_role_trans {} qpol_role_trans_t;
- %extend qpol_role_trans_t {
-- qpol_role_trans_t() {
-+ qpol_role_trans() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_role_trans_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_role_trans_t() {
-+ ~qpol_role_trans() {
- /* no op */
- return;
- };
-@@ -2165,14 +2165,14 @@
- /* qpol range trans */
- typedef struct qpol_range_trans {} qpol_range_trans_t;
- %extend qpol_range_trans_t {
-- qpol_range_trans_t() {
-+ qpol_range_trans() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_range_trans_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_range_trans_t() {
-+ ~qpol_range_trans() {
- /* no op */
- return;
- };
-@@ -2228,14 +2228,14 @@
- #define QPOL_RULE_DONTAUDIT 4
- typedef struct qpol_avrule {} qpol_avrule_t;
- %extend qpol_avrule_t {
-- qpol_avrule_t() {
-+ qpol_avrule() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_avrule_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_avrule_t() {
-+ ~qpol_avrule() {
- /* no op */
- return;
- };
-@@ -2348,14 +2348,14 @@
- #define QPOL_RULE_TYPE_MEMBER 32
- typedef struct qpol_terule {} qpol_terule_t;
- %extend qpol_terule_t {
-- qpol_terule_t() {
-+ qpol_terule() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_terule_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_terule_t() {
-+ ~qpol_terule() {
- /* no op */
- return;
- };
-@@ -2464,14 +2464,14 @@
- /* qpol conditional */
- typedef struct qpol_cond {} qpol_cond_t;
- %extend qpol_cond_t {
-- qpol_cond_t() {
-+ qpol_cond() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_cond_t() {
-+ ~qpol_cond() {
- /* no op */
- return;
- };
-@@ -2557,14 +2557,14 @@
- #define QPOL_COND_EXPR_NEQ 7 /* bool != bool */
- typedef struct qpol_cond_expr_node {} qpol_cond_expr_node_t;
- %extend qpol_cond_expr_node_t {
-- qpol_cond_expr_node_t() {
-+ qpol_cond_expr_node() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_cond_expr_node_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_cond_expr_node_t() {
-+ ~qpol_cond_expr_node() {
- /* no op */
- return;
- };
-@@ -2602,14 +2602,14 @@
- /* qpol type set */
- typedef struct qpol_type_set {} qpol_type_set_t;
- %extend qpol_type_set_t {
-- qpol_type_set_t() {
-+ qpol_type_set() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_type_set_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_type_set_t() {
-+ ~qpol_type_set() {
- /* no op */
- return;
- };
-@@ -2665,14 +2665,14 @@
- /* qpol syn av rule */
- typedef struct qpol_syn_avrule {} qpol_syn_avrule_t;
- %extend qpol_syn_avrule_t {
-- qpol_syn_avrule_t() {
-+ qpol_syn_avrule() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_avrule_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_syn_avrule_t() {
-+ ~qpol_syn_avrule() {
- /* no op */
- return;
- };
-@@ -2778,14 +2778,14 @@
- /* qpol syn te rule */
- typedef struct qpol_syn_terule {} qpol_syn_terule_t;
- %extend qpol_syn_terule_t {
-- qpol_syn_terule_t() {
-+ qpol_syn_terule() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create qpol_syn_terule_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~qpol_syn_terule_t() {
-+ ~qpol_syn_terule() {
- /* no op */
- return;
- };
diff --git a/SOURCES/0010-selinux_current_policy_path.patch b/SOURCES/0010-selinux_current_policy_path.patch
deleted file mode 100644
index e9cc81d..0000000
--- a/SOURCES/0010-selinux_current_policy_path.patch
+++ /dev/null
@@ -1,84 +0,0 @@
-diff -up setools-3.3.7/libqpol/src/util.c.current setools-3.3.7/libqpol/src/util.c
---- setools-3.3.7/libqpol/src/util.c.current 2010-04-23 12:22:08.000000000 -0400
-+++ setools-3.3.7/libqpol/src/util.c 2012-02-16 12:01:33.030434514 -0500
-@@ -84,75 +84,12 @@ static int get_binpol_version(const char
-
- static int search_policy_binary_file(char **path)
- {
-- const char *binary_path;
-- if ((binary_path = selinux_binary_policy_path()) == NULL) {
-- return -1;
-+ const char *binary_path = selinux_current_policy_path();
-+ if (binary_path) {
-+ *path = strdup(binary_path);
-+ if (*path) return 0;
- }
--
-- int expected_version = -1, latest_version = -1;
--#ifdef LIBSELINUX
-- /* if the system has SELinux enabled, prefer the policy whose
-- name matches the current policy version */
-- if ((expected_version = security_policyvers()) < 0) {
-- return -1;
-- }
--#endif
--
-- glob_t glob_buf;
-- struct stat fs;
-- int rt, error = 0, retval = -1;
-- size_t i;
-- char *pattern = NULL;
-- if (asprintf(&pattern, "%s.*", binary_path) < 0) {
-- return -1;
-- }
-- glob_buf.gl_offs = 1;
-- glob_buf.gl_pathc = 0;
-- rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
-- if (rt != 0 && rt != GLOB_NOMATCH) {
-- errno = EIO;
-- return -1;
-- }
--
-- for (i = 0; i < glob_buf.gl_pathc; i++) {
-- char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
-- if (stat(p, &fs) != 0) {
-- error = errno;
-- goto cleanup;
-- }
-- if (S_ISDIR(fs.st_mode))
-- continue;
--
-- if ((rt = get_binpol_version(p)) < 0) {
-- error = errno;
-- goto cleanup;
-- }
--
-- if (rt > latest_version || rt == expected_version) {
-- free(*path);
-- if ((*path = strdup(p)) == NULL) {
-- error = errno;
-- goto cleanup;
-- }
-- if (rt == expected_version) {
-- break;
-- }
-- latest_version = rt;
-- }
-- }
--
-- if (*path == NULL) {
-- retval = 1;
-- } else {
-- retval = 0;
-- }
-- cleanup:
-- free(pattern);
-- globfree(&glob_buf);
-- if (retval == -1) {
-- errno = error;
-- }
-- return retval;
-+ return -1;
- }
-
- int qpol_default_policy_find(char **path)
diff --git a/SOURCES/0011-Fix-Wformat-security-issues.patch b/SOURCES/0011-Fix-Wformat-security-issues.patch
new file mode 100644
index 0000000..5288ed7
--- /dev/null
+++ b/SOURCES/0011-Fix-Wformat-security-issues.patch
@@ -0,0 +1,154 @@
+From 32ede3cc817ee4f6806877a34a6c84ed50c31df7 Mon Sep 17 00:00:00 2001
+From: Miroslav Grepl <mgrepl@redhat.com>
+Date: Fri, 11 Apr 2014 18:49:33 +0200
+Subject: [PATCH 11/11] Fix -Wformat-security issues
+
+---
+ libseaudit/src/bool_message.c | 4 ++--
+ libseaudit/src/filter.c | 2 +-
+ libseaudit/src/model.c | 2 +-
+ seaudit/progress.c | 4 ++--
+ seaudit/toplevel.c | 2 +-
+ seaudit/utilgui.c | 2 +-
+ sediff/progress.c | 4 ++--
+ sediff/toplevel.c | 2 +-
+ sediff/utilgui.c | 2 +-
+ 9 files changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/libseaudit/src/bool_message.c b/libseaudit/src/bool_message.c
+index f105cf0..d5b1e33 100644
+--- a/libseaudit/src/bool_message.c
++++ b/libseaudit/src/bool_message.c
+@@ -101,7 +101,7 @@ char *bool_message_to_string(const seaudit_message_t * msg, const char *date)
+ return NULL;
+ }
+ if ((misc_string = bool_message_to_misc_string(boolm)) == NULL ||
+- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) {
++ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_append(&s, &len, close_brace) < 0) {
+ free(misc_string);
+ return NULL;
+ }
+@@ -128,7 +128,7 @@ char *bool_message_to_string_html(const seaudit_message_t * msg, const char *dat
+ return NULL;
+ }
+ if ((misc_string = bool_message_to_misc_string(boolm)) == NULL ||
+- apol_str_appendf(&s, &len, misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s<br>", s, close_brace) < 0) {
++ apol_str_appendf(&s, &len, "%s", misc_string) < 0 || apol_str_appendf(&s, &len, "%s%s<br>", s, close_brace) < 0) {
+ free(misc_string);
+ return NULL;
+ }
+diff --git a/libseaudit/src/filter.c b/libseaudit/src/filter.c
+index 298a309..c710ce4 100644
+--- a/libseaudit/src/filter.c
++++ b/libseaudit/src/filter.c
+@@ -1108,7 +1108,7 @@ int seaudit_filter_save_to_file(const seaudit_filter_t * filter, const char *fil
+ if ((file = fopen(filename, "w")) == NULL) {
+ return -1;
+ }
+- fprintf(file, XML_VER);
++ fprintf(file, "%s", XML_VER);
+ fprintf(file, "<view xmlns=\"http://oss.tresys.com/projects/setools/seaudit-%s/\">\n", FILTER_FILE_FORMAT_VERSION);
+ filter_append_to_file(filter, file, 1);
+ fprintf(file, "</view>\n");
+diff --git a/libseaudit/src/model.c b/libseaudit/src/model.c
+index 1bc4a23..4a130cb 100644
+--- a/libseaudit/src/model.c
++++ b/libseaudit/src/model.c
+@@ -514,7 +514,7 @@ int seaudit_model_save_to_file(const seaudit_model_t * model, const char *filena
+ if ((file = fopen(filename, "w")) == NULL) {
+ return -1;
+ }
+- fprintf(file, XML_VER);
++ fprintf(file, "%s", XML_VER);
+ fprintf(file, "<view xmlns=\"http://oss.tresys.com/projects/setools/seaudit-%s/\" name=\"%s\" match=\"%s\" show=\"%s\">\n",
+ FILTER_FILE_FORMAT_VERSION, model->name,
+ model->match == SEAUDIT_FILTER_MATCH_ALL ? "all" : "any",
+diff --git a/seaudit/progress.c b/seaudit/progress.c
+index 2e0abeb..f092858 100644
+--- a/seaudit/progress.c
++++ b/seaudit/progress.c
+@@ -114,10 +114,10 @@ int progress_wait(progress_t * progress)
+ }
+ g_mutex_unlock(progress->mutex);
+ if (progress->done < 0) {
+- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label);
++ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label);
+ return progress->done;
+ } else if (progress->done > 1) {
+- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label);
++ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label);
+ return progress->done - 1;
+ } else {
+ progress->done = 0;
+diff --git a/seaudit/toplevel.c b/seaudit/toplevel.c
+index d901a99..27938d5 100644
+--- a/seaudit/toplevel.c
++++ b/seaudit/toplevel.c
+@@ -902,7 +902,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch
+ ERR(NULL, "%s", strerror(errno));
+ return;
+ }
+- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
++ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
+ free(msg);
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+diff --git a/seaudit/utilgui.c b/seaudit/utilgui.c
+index 22028e1..78a1a08 100644
+--- a/seaudit/utilgui.c
++++ b/seaudit/utilgui.c
+@@ -30,7 +30,7 @@
+ void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg)
+ {
+ GtkWidget *dialog;
+- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
++ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+ }
+diff --git a/sediff/progress.c b/sediff/progress.c
+index efaa120..312789e 100644
+--- a/sediff/progress.c
++++ b/sediff/progress.c
+@@ -115,10 +115,10 @@ int progress_wait(progress_t * progress)
+ }
+ g_mutex_unlock(progress->mutex);
+ if (progress->done < 0) {
+- toplevel_ERR(progress->top, GTK_LABEL(progress->label2)->label);
++ toplevel_ERR(progress->top, "%s", GTK_LABEL(progress->label2)->label);
+ return progress->done;
+ } else if (progress->done > 1) {
+- toplevel_WARN(progress->top, GTK_LABEL(progress->label2)->label);
++ toplevel_WARN(progress->top, "%s", GTK_LABEL(progress->label2)->label);
+ return progress->done - 1;
+ } else {
+ progress->done = 0;
+diff --git a/sediff/toplevel.c b/sediff/toplevel.c
+index db6d1f5..aabd039 100644
+--- a/sediff/toplevel.c
++++ b/sediff/toplevel.c
+@@ -453,7 +453,7 @@ static void toplevel_message(toplevel_t * top, GtkMessageType msg_type, const ch
+ ERR(NULL, "%s", strerror(errno));
+ return;
+ }
+- dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
++ dialog = gtk_message_dialog_new(top->w, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
+ free(msg);
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+diff --git a/sediff/utilgui.c b/sediff/utilgui.c
+index 04e1e05..9e183ba 100644
+--- a/sediff/utilgui.c
++++ b/sediff/utilgui.c
+@@ -31,7 +31,7 @@
+ void util_message(GtkWindow * parent, GtkMessageType msg_type, const char *msg)
+ {
+ GtkWidget *dialog;
+- dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, msg);
++ dialog = gtk_message_dialog_new(parent, GTK_DIALOG_DESTROY_WITH_PARENT, msg_type, GTK_BUTTONS_CLOSE, "%s", msg);
+ gtk_dialog_run(GTK_DIALOG(dialog));
+ gtk_widget_destroy(dialog);
+ }
+--
+1.8.5.3
+
diff --git a/SOURCES/0011-setools-noship.patch b/SOURCES/0011-setools-noship.patch
deleted file mode 100644
index daedc2c..0000000
--- a/SOURCES/0011-setools-noship.patch
+++ /dev/null
@@ -1,220 +0,0 @@
-diff -up setools-3.3.7/Makefile.am.noship setools-3.3.7/Makefile.am
---- setools-3.3.7/Makefile.am.noship 2008-02-22 14:06:28.000000000 -0500
-+++ setools-3.3.7/Makefile.am 2013-11-27 09:30:01.467627063 -0500
-@@ -78,9 +78,9 @@ install-logwatch:
- $(MAKE) -C $(top_srcdir)/seaudit install-logwatch
-
- .PHONY: libqpol libapol libpoldiff libsefs libseaudit \
-- apol secmds seaudit sediff sediffx sechecker \
-+ apol secmds seaudit sediff sechecker\
- install-logwatch help \
-- seinfo sesearch indexcon findcon replcon searchcon \
-+ seinfo sesearch findcon \
- packages
-
- seinfo: libqpol libapol
-diff -up setools-3.3.7/configure.ac.noship setools-3.3.7/configure.ac
---- setools-3.3.7/configure.ac.noship 2013-11-27 09:27:14.279196042 -0500
-+++ setools-3.3.7/configure.ac 2013-11-27 09:27:14.309196384 -0500
-@@ -63,7 +63,7 @@ if test ${ac_cv_prog_cc_c99} = "no"; the
- fi
- AC_PROG_CXX
- AC_LANG([C])
--AC_PROG_LIBTOOL
-+AC_PROG_RANLIB
- AC_PROG_LN_S
- AC_PROG_LEX
- AC_PROG_YACC
-@@ -194,7 +194,7 @@ AC_ARG_ENABLE(swig-java,
- enable_jswig="$enableval")
- if test "x${enable_jswig}" = xyes; then
- if test ${do_swigify} = no; then
-- AC_PROG_SWIG(1.3.28)
-+ AC_PROG_SWIG(2.0.0)
- fi
- AC_JAVA_OPTIONS
- if test "x$JAVAPREFIX" = x; then
-@@ -222,7 +222,7 @@ AC_ARG_ENABLE(swig-python,
- enable_pyswig="$enableval")
- if test "x${enable_pyswig}" = xyes; then
- if test ${do_swigify} = no; then
-- AC_PROG_SWIG(1.3.28)
-+ AC_PROG_SWIG(2.0.0)
- fi
- AM_PATH_PYTHON(2.3)
- SWIG_PYTHON
-@@ -230,7 +230,7 @@ if test "x${enable_pyswig}" = xyes; then
- do_swigify=yes
- fi
- if test ${do_swigify} = "yes"; then
-- AC_PROG_SWIG(1.3.28)
-+ AC_PROG_SWIG(2.0.0)
- fi
- build_apol=yes
- AC_ARG_ENABLE(swig-tcl,
-@@ -239,7 +239,7 @@ AC_ARG_ENABLE(swig-tcl,
- enable_tclswig="$enableval", enable_tclswig="yes")
- if test "x${enable_tclswig}" = xyes; then
- if test ${do_swigify} = no; then
-- AC_PROG_SWIG(1.3.28)
-+ AC_PROG_SWIG(2.0.0)
- fi
- TEA_INIT(3.5)
- TEA_PATH_TCLCONFIG
-diff -up setools-3.3.7/man/Makefile.am.noship setools-3.3.7/man/Makefile.am
---- setools-3.3.7/man/Makefile.am.noship 2007-08-02 17:16:33.000000000 -0400
-+++ setools-3.3.7/man/Makefile.am 2013-11-27 09:27:14.306196350 -0500
-@@ -1,19 +1,10 @@
- if BUILD_GUI
- MAYBEMANS = apol.1 \
-- seaudit.8 seaudit-report.8 \
-- sediffx.1
-+ seaudit.8
- endif
-
- EXTRA_DIST=$(man_MANS) apol.1 \
-- seaudit.8 seaudit-report.8.in \
-- sediffx.1
-+ seaudit.8
-
--man_MANS = findcon.1 indexcon.1 replcon.1 \
-- sechecker.1 \
-- sediff.1 \
-+man_MANS = findcon.1 sediff.1 sechecker.1 \
- seinfo.1 sesearch.1 $(MAYBEMANS)
--
--seaudit-report.8: seaudit-report.8.in Makefile
-- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
--
--CLEANFILES = seaudit-report.8
-diff -up setools-3.3.7/seaudit/Makefile.am.noship setools-3.3.7/seaudit/Makefile.am
---- setools-3.3.7/seaudit/Makefile.am.noship 2008-02-22 14:06:28.000000000 -0500
-+++ setools-3.3.7/seaudit/Makefile.am 2013-11-27 09:27:14.306196350 -0500
-@@ -1,5 +1,4 @@
- setoolsdir = @setoolsdir@
--bin_PROGRAMS = seaudit-report
- sbin_PROGRAMS = seaudit
-
- AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
-@@ -20,13 +19,10 @@ LDADD = @SELINUX_LIB_FLAG@ @SEAUDIT_LIB_
- dist_setools_DATA = \
- seaudit.glade \
- seaudit_help.txt \
-- seaudit-report.conf \
-- seaudit-report.css \
- seaudit.png seaudit-small.png
-
- nodist_setools_DATA = \
-- dot_seaudit \
-- seaudit-report-service
-+ dot_seaudit
-
- seaudit_SOURCES = \
- filter_view.c filter_view.h \
-@@ -50,31 +46,12 @@ seaudit_DEPENDENCIES = $(top_builddir)/l
- dot_seaudit: dot_seaudit.in Makefile
- sed -e 's|\@setoolsdir\@|$(setoolsdir)|g' $< > $@
-
--seaudit_report_SOURCES = seaudit-report.c
--seaudit_report_DEPENDENCIES = $(top_builddir)/libseaudit/src/libseaudit.so \
-- $(top_builddir)/libapol/src/libapol.so \
-- $(top_builddir)/libqpol/src/libqpol.so
--
- logwatch = $(DESTDIR)/etc/logwatch
- LOGWATCH_GROUP = $(logwatch)/conf/logfiles
- LOGWATCH_SERVICE = $(logwatch)/conf/services
- LOGWATCH_FILTER = $(logwatch)/scripts/services
-
--dist_noinst_DATA = dot_seaudit.in \
-- seaudit-report-group.conf \
-- seaudit-report-service.conf \
-- seaudit-report-service.in
--
--seaudit-report-service: seaudit-report-service.in Makefile
-- sed -e 's|\@bindir\@|$(bindir)|g' $< > $@
--
--install-logwatch: $(dist_noinst_DATA) seaudit-report-service
-- mkdir -p -- $(LOGWATCH_GROUP)
-- install -m 644 seaudit-report-group.conf $(LOGWATCH_GROUP)
-- mkdir -p -- $(LOGWATCH_SERVICE)
-- install -m 644 seaudit-report-service.conf $(LOGWATCH_SERVICE)
-- mkdir -p -- $(LOGWATCH_FILTER)
-- install -m 755 seaudit-report-service $(LOGWATCH_FILTER)
-+dist_noinst_DATA = dot_seaudit.in
-
- $(top_builddir)/libapol/src/libapol.so:
- $(MAKE) -C $(top_builddir)/libapol/src $(notdir $@)
-@@ -85,6 +62,4 @@ $(top_builddir)/libqpol/src/libqpol.so:
- $(top_builddir)/libsefs/src/libsefs.so:
- $(MAKE) -C $(top_builddir)/libsefs/src $(notdir $@)
-
--.PHONY: install-logwatch
--
--CLEANFILES = dot_seaudit seaudit-report-service
-+CLEANFILES = dot_seaudit
-diff -up setools-3.3.7/secmds/Makefile.am.noship setools-3.3.7/secmds/Makefile.am
---- setools-3.3.7/secmds/Makefile.am.noship 2007-08-02 17:16:33.000000000 -0400
-+++ setools-3.3.7/secmds/Makefile.am 2013-11-27 09:27:14.307196361 -0500
-@@ -1,6 +1,6 @@
- # various setools command line tools
-
--bin_PROGRAMS = seinfo sesearch findcon replcon indexcon
-+bin_PROGRAMS = seinfo sesearch findcon
-
- # These are for indexcon so that it is usable on machines without setools
- STATICLIBS = ../libsefs/src/libsefs.a ../libapol/src/libapol.a ../libqpol/src/libqpol.a -lsqlite3
-diff -up setools-3.3.7/sediff/Makefile.am.noship setools-3.3.7/sediff/Makefile.am
---- setools-3.3.7/sediff/Makefile.am.noship 2007-04-25 15:20:20.000000000 -0400
-+++ setools-3.3.7/sediff/Makefile.am 2013-11-27 09:27:14.307196361 -0500
-@@ -1,13 +1,6 @@
- setoolsdir = @setoolsdir@
-
--dist_setools_DATA = sediff_help.txt sediffx.glade \
-- sediffx.png sediffx-small.png
--
--if BUILD_GUI
-- MAYBE_SEDIFFX = sediffx
--endif
--
--bin_PROGRAMS = sediff $(MAYBE_SEDIFFX)
-+bin_PROGRAMS = sediff
-
- AM_CFLAGS = @DEBUGCFLAGS@ @WARNCFLAGS@ @PROFILECFLAGS@ @SELINUX_CFLAGS@ \
- @QPOL_CFLAGS@ @APOL_CFLAGS@ @POLDIFF_CFLAGS@
-@@ -15,14 +8,7 @@ AM_LDFLAGS = @DEBUGLDFLAGS@ @WARNLDFLAGS
-
- LDADD = @SELINUX_LIB_FLAG@ @POLDIFF_LIB_FLAG@ @APOL_LIB_FLAG@ @QPOL_LIB_FLAG@
-
--sediff_CFLAGS = $(AM_CFLAGS)
--sediffx_CFLAGS = $(AM_CFLAGS) \
-- @GTK_CFLAGS@ @PIXBUF_CFLAGS@ @GLADE_CFLAGS@ @GTHREAD_CFLAGS@
--
--# need the -rdynamic flag below - glade uses dlopen() upon sediffx callbacks
--sediffx_LDFLAGS = $(AM_LDFLAGS) \
-- @GTK_LIBS@ @PIXBUF_LIBS@ @GLADE_LIBS@ @GTHREAD_LIBS@ @XML_LIBS@ \
-- -rdynamic
-+sediff_CFLAGS = $(AM_CFLAGS)
-
- DEPENDENCIES = $(top_builddir)/libpoldiff/src/libpoldiff.so \
- $(top_builddir)/libapol/src/libapol.so \
-@@ -30,20 +16,6 @@ DEPENDENCIES = $(top_builddir)/libpoldif
-
- sediff_SOURCES = sediff.c
-
--sediffx_SOURCES = \
-- find_dialog.c find_dialog.h \
-- open_policies_dialog.c open_policies_dialog.h \
-- policy_view.c policy_view.h \
-- progress.c progress.h \
-- remap_types_dialog.c remap_types_dialog.h \
-- result_item.c result_item.h \
-- result_item_render.c result_item_render.h \
-- results.c results.h \
-- select_diff_dialog.c select_diff_dialog.h \
-- toplevel.c toplevel.h \
-- utilgui.c utilgui.h \
-- sediffx.c sediffx.h
--
- $(top_builddir)/libpoldiff/src/libpoldiff.so:
- $(MAKE) -C $(top_builddir)/libpoldiff/src $(notdir $@)
-
diff --git a/SOURCES/0012-seaudit.patch b/SOURCES/0012-seaudit.patch
deleted file mode 100644
index 78da66e..0000000
--- a/SOURCES/0012-seaudit.patch
+++ /dev/null
@@ -1,28 +0,0 @@
-diff -up setools-3.3.7/libqpol/swig/java/Makefile.am.seaudit setools-3.3.7/libqpol/swig/java/Makefile.am
---- setools-3.3.7/libqpol/swig/java/Makefile.am.seaudit 2010-05-03 12:37:54.000000000 -0400
-+++ setools-3.3.7/libqpol/swig/java/Makefile.am 2012-09-28 10:15:56.408912525 -0400
-@@ -48,7 +48,6 @@ BUILT_SOURCES = qpol_wrap.c \
- qpol_type_t.java \
- qpol_user_t.java \
- qpol_validatetrans_t.java \
-- SWIGTYPE_p_int.java \
- SWIGTYPE_p_unsigned_int.java \
- SWIGTYPE_p_void.java
-
-diff -up setools-3.3.7/seaudit/progress.c.seaudit setools-3.3.7/seaudit/progress.c
---- setools-3.3.7/seaudit/progress.c.seaudit 2007-08-02 17:16:33.000000000 -0400
-+++ setools-3.3.7/seaudit/progress.c 2012-09-28 10:15:56.407912521 -0400
-@@ -99,10 +99,11 @@ void progress_hide(progress_t * progress
-
- int progress_wait(progress_t * progress)
- {
-- GTimeVal wait_time = { 0, 50000 };
-+ gint64 end_time;
- g_mutex_lock(progress->mutex);
- while (!progress->done) {
-- g_cond_timed_wait(progress->cond, progress->mutex, &wait_time);
-+ end_time = g_get_monotonic_time () + 50000; // need to be set before each wait
-+ g_cond_wait_until(progress->cond, progress->mutex,end_time);
- if (progress->s != NULL) {
- gtk_label_set_text(GTK_LABEL(progress->label2), progress->s);
- free(progress->s);
diff --git a/SOURCES/0013-libqpol-Skip-types-when-building-type-attribute-map.patch b/SOURCES/0013-libqpol-Skip-types-when-building-type-attribute-map.patch
new file mode 100644
index 0000000..efdd8a9
--- /dev/null
+++ b/SOURCES/0013-libqpol-Skip-types-when-building-type-attribute-map.patch
@@ -0,0 +1,29 @@
+From f7b31b7e28a4f89bcfcd0d139cfca78777a4333e Mon Sep 17 00:00:00 2001
+From: Chris PeBenito <cpebenito@tresys.com>
+Date: Thu, 4 Feb 2016 14:06:49 -0500
+Subject: [PATCH] libqpol: Skip types when building type attribute map.
+
+Fix originally from Richard Haines.
+
+Closes #94.
+---
+ libqpol/src/policy_extend.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/libqpol/src/policy_extend.c b/libqpol/src/policy_extend.c
+index 1417271..416bddb 100644
+--- a/libqpol/src/policy_extend.c
++++ b/libqpol/src/policy_extend.c
+@@ -201,6 +201,9 @@ static int qpol_policy_build_attrs_from_map(qpol_policy_t * policy)
+ memset(&buff, 0, 10 * sizeof(char));
+
+ for (i = 0; i < db->p_types.nprim; i++) {
++ /* skip types */
++ if (db->type_val_to_struct[i]->flavor == TYPE_TYPE)
++ continue;
+ count = 0;
+ ebitmap_for_each_bit(&db->attr_type_map[i], node, bit) {
+ if (ebitmap_node_get_bit(node, bit))
+--
+2.5.0
+
diff --git a/SOURCES/0013-swig.patch b/SOURCES/0013-swig.patch
deleted file mode 100644
index 56bbd40..0000000
--- a/SOURCES/0013-swig.patch
+++ /dev/null
@@ -1,956 +0,0 @@
-@@ -, +, @@
----
- libapol/swig/apol.i | 218 ++++++++++++++++++++++++++--------------------------
- 1 file changed, 109 insertions(+), 109 deletions(-)
---- a/libapol/swig/apol.i
-+++ a/libapol/swig/apol.i
-@@ -256,7 +256,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
- }
- %}
- %extend apol_ip_t {
-- apol_ip_t(const char *str) {
-+ apol_ip(const char *str) {
- apol_ip_t *ip = NULL;
- BEGIN_EXCEPTION
- ip = calloc(1, sizeof(*ip));
-@@ -274,7 +274,7 @@ uint8_t apol_str_to_protocol(const char *protocol_str);
- fail:
- return ip;
- };
-- ~apol_ip_t() {
-+ ~apol_ip() {
- free(self);
- };
- int get_protocol() {
-@@ -303,16 +303,16 @@ char *apol_file_find_path(const char *file_name);
- %}
- typedef struct apol_vector {} apol_vector_t;
- %extend apol_vector_t {
-- apol_vector_t() {
-+ apol_vector() {
- return apol_vector_create(NULL);
- };
-- apol_vector_t(qpol_iterator_t *iter) {
-+ apol_vector(qpol_iterator_t *iter) {
- return apol_vector_create_from_iter(iter, NULL);
- };
-- apol_vector_t(apol_vector_t *v) {
-+ apol_vector(apol_vector_t *v) {
- return apol_vector_create_from_vector(v, NULL, NULL, NULL);
- };
-- apol_vector_t(apol_vector_t *a, apol_vector_t *b) {
-+ apol_vector(apol_vector_t *a, apol_vector_t *b) {
- return apol_vector_create_from_intersection(a, b, NULL, NULL);
- };
- size_t get_size() {
-@@ -324,7 +324,7 @@ typedef struct apol_vector {} apol_vector_t;
- void *get_element(size_t i) {
- return apol_vector_get_element(self, i);
- };
-- ~apol_vector_t() {
-+ ~apol_vector() {
- apol_vector_destroy(&self);
- };
- void append(void *x) {
-@@ -379,13 +379,13 @@ typedef struct apol_vector {} apol_vector_t;
- %}
- typedef struct apol_string_vector {} apol_string_vector_t;
- %extend apol_string_vector_t {
-- apol_string_vector_t() {
-+ apol_string_vector() {
- return (apol_string_vector_t*)apol_vector_create(free);
- };
-- apol_string_vector_t(apol_string_vector_t *v) {
-+ apol_string_vector(apol_string_vector_t *v) {
- return (apol_string_vector_t*)apol_vector_create_from_vector((apol_vector_t*)v, apol_str_strdup, NULL, free);
- };
-- apol_string_vector_t(apol_string_vector_t *a, apol_string_vector_t *b) {
-+ apol_string_vector(apol_string_vector_t *a, apol_string_vector_t *b) {
- return (apol_string_vector_t*)apol_vector_create_from_intersection((apol_vector_t*)a, (apol_vector_t*)b, apol_str_strcmp, NULL);
- };
- size_t get_size() {
-@@ -397,7 +397,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
- char *get_element(size_t i) {
- return (char*)apol_vector_get_element((apol_vector_t*)self, i);
- };
-- ~apol_string_vector_t() {
-+ ~apol_string_vector() {
- apol_vector_destroy((apol_vector_t**)&self);
- };
- size_t get_index(char *str) {
-@@ -462,7 +462,7 @@ typedef struct apol_string_vector {} apol_string_vector_t;
- } apol_policy_path_type_e;
- typedef struct apol_policy_path {} apol_policy_path_t;
- %extend apol_policy_path_t {
-- apol_policy_path_t(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
-+ apol_policy_path(apol_policy_path_type_e type, char * primary, apol_string_vector_t *modules = NULL) {
- apol_policy_path_t *p;
- BEGIN_EXCEPTION
- if ((p = apol_policy_path_create(type, primary, (apol_vector_t*)modules)) == NULL) {
-@@ -472,7 +472,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
- fail:
- return p;
- };
-- apol_policy_path_t(char *path) {
-+ apol_policy_path(char *path) {
- apol_policy_path_t *p;
- BEGIN_EXCEPTION
- if ((p = apol_policy_path_create_from_file(path)) == NULL) {
-@@ -482,7 +482,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
- fail:
- return p;
- };
-- apol_policy_path_t(char *str, int unused) {
-+ apol_policy_path(char *str, int unused) {
- apol_policy_path_t *p;
- BEGIN_EXCEPTION
- if ((p = apol_policy_path_create_from_string(str)) == NULL) {
-@@ -492,7 +492,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
- fail:
- return p;
- };
-- apol_policy_path_t(apol_policy_path_t *in) {
-+ apol_policy_path(apol_policy_path_t *in) {
- apol_policy_path_t *p;
- BEGIN_EXCEPTION
- if ((p = apol_policy_path_create_from_policy_path(in)) == NULL) {
-@@ -502,7 +502,7 @@ typedef struct apol_policy_path {} apol_policy_path_t;
- fail:
- return p;
- };
-- ~apol_policy_path_t() {
-+ ~apol_policy_path() {
- apol_policy_path_destroy(&self);
- };
- apol_policy_path_type_e get_type() {
-@@ -549,7 +549,7 @@ typedef struct apol_policy {} apol_policy_t;
- #define APOL_PERMMAP_BOTH (APOL_PERMMAP_READ | APOL_PERMMAP_WRITE)
- #define APOL_PERMMAP_NONE 0x10
- %extend apol_policy_t {
-- apol_policy_t(apol_policy_path_t *path, int options = 0) {
-+ apol_policy(apol_policy_path_t *path, int options = 0) {
- apol_policy_t *p;
- BEGIN_EXCEPTION
- p = apol_policy_create_from_policy_path(path, options, apol_swig_message_callback, apol_swig_message_callback_arg);
-@@ -564,7 +564,7 @@ typedef struct apol_policy {} apol_policy_t;
- fail:
- return p;
- };
-- ~apol_policy_t() {
-+ ~apol_policy() {
- apol_policy_destroy(&self);
- };
- int get_policy_type() {
-@@ -652,7 +652,7 @@ typedef struct apol_policy {} apol_policy_t;
- /* apol type query */
- typedef struct apol_type_query {} apol_type_query_t;
- %extend apol_type_query_t {
-- apol_type_query_t() {
-+ apol_type_query() {
- apol_type_query_t *tq;
- BEGIN_EXCEPTION
- tq = apol_type_query_create();
-@@ -663,7 +663,7 @@ typedef struct apol_type_query {} apol_type_query_t;
- fail:
- return tq;
- };
-- ~apol_type_query_t() {
-+ ~apol_type_query() {
- apol_type_query_destroy(&self);
- };
- %newobject run(apol_policy_t *);
-@@ -694,7 +694,7 @@ typedef struct apol_type_query {} apol_type_query_t;
- /* apol attribute query */
- typedef struct apol_attr_query {} apol_attr_query_t;
- %extend apol_attr_query_t {
-- apol_attr_query_t() {
-+ apol_attr_query() {
- apol_attr_query_t *aq;
- BEGIN_EXCEPTION
- aq = apol_attr_query_create();
-@@ -705,7 +705,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
- fail:
- return aq;
- };
-- ~apol_attr_query_t() {
-+ ~apol_attr_query() {
- apol_attr_query_destroy(&self);
- };
- %newobject run(apol_policy_t *);
-@@ -736,7 +736,7 @@ typedef struct apol_attr_query {} apol_attr_query_t;
- /* apol role query */
- typedef struct apol_role_query {} apol_role_query_t;
- %extend apol_role_query_t {
-- apol_role_query_t() {
-+ apol_role_query() {
- apol_role_query_t *rq;
- BEGIN_EXCEPTION
- rq = apol_role_query_create();
-@@ -747,7 +747,7 @@ typedef struct apol_role_query {} apol_role_query_t;
- fail:
- return rq;
- };
-- ~apol_role_query_t() {
-+ ~apol_role_query() {
- apol_role_query_destroy(&self);
- };
- %newobject run(apol_policy_t *);
-@@ -788,7 +788,7 @@ int apol_role_has_type(apol_policy_t * p, qpol_role_t * r, qpol_type_t * t);
- /* apol class query */
- typedef struct apol_class_query {} apol_class_query_t;
- %extend apol_class_query_t {
-- apol_class_query_t() {
-+ apol_class_query() {
- apol_class_query_t *cq;
- BEGIN_EXCEPTION
- cq = apol_class_query_create();
-@@ -799,7 +799,7 @@ typedef struct apol_class_query {} apol_class_query_t;
- fail:
- return cq;
- };
-- ~apol_class_query_t() {
-+ ~apol_class_query() {
- apol_class_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -839,7 +839,7 @@ typedef struct apol_class_query {} apol_class_query_t;
- /* apol common query */
- typedef struct apol_common_query {} apol_common_query_t;
- %extend apol_common_query_t {
-- apol_common_query_t() {
-+ apol_common_query() {
- apol_common_query_t *cq;
- BEGIN_EXCEPTION
- cq = apol_common_query_create();
-@@ -850,7 +850,7 @@ typedef struct apol_common_query {} apol_common_query_t;
- fail:
- return cq;
- };
-- ~apol_common_query_t() {
-+ ~apol_common_query() {
- apol_common_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -881,7 +881,7 @@ typedef struct apol_common_query {} apol_common_query_t;
- /* apol perm query */
- typedef struct apol_perm_query {} apol_perm_query_t;
- %extend apol_perm_query_t {
-- apol_perm_query_t() {
-+ apol_perm_query() {
- apol_perm_query_t *pq;
- BEGIN_EXCEPTION
- pq = apol_perm_query_create();
-@@ -892,7 +892,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
- fail:
- return pq;
- };
-- ~apol_perm_query_t() {
-+ ~apol_perm_query() {
- apol_perm_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -923,7 +923,7 @@ typedef struct apol_perm_query {} apol_perm_query_t;
- /* apol bool query */
- typedef struct apol_bool_query {} apol_bool_query_t;
- %extend apol_bool_query_t {
-- apol_bool_query_t() {
-+ apol_bool_query() {
- apol_bool_query_t *bq;
- BEGIN_EXCEPTION
- bq = apol_bool_query_create();
-@@ -934,7 +934,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
- fail:
- return bq;
- };
-- ~apol_bool_query_t() {
-+ ~apol_bool_query() {
- apol_bool_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -965,7 +965,7 @@ typedef struct apol_bool_query {} apol_bool_query_t;
- /* apol mls level */
- typedef struct apol_mls_level {} apol_mls_level_t;
- %extend apol_mls_level_t {
-- apol_mls_level_t() {
-+ apol_mls_level() {
- apol_mls_level_t *aml;
- BEGIN_EXCEPTION
- aml = apol_mls_level_create();
-@@ -976,7 +976,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
- fail:
- return aml;
- };
-- apol_mls_level_t(apol_mls_level_t *in) {
-+ apol_mls_level(apol_mls_level_t *in) {
- apol_mls_level_t *aml;
- BEGIN_EXCEPTION
- aml = apol_mls_level_create_from_mls_level(in);
-@@ -987,7 +987,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
- fail:
- return aml;
- };
-- apol_mls_level_t(apol_policy_t *p, const char *str) {
-+ apol_mls_level(apol_policy_t *p, const char *str) {
- apol_mls_level_t *aml;
- BEGIN_EXCEPTION
- aml = apol_mls_level_create_from_string(p, str);
-@@ -998,7 +998,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
- fail:
- return aml;
- };
-- apol_mls_level_t(const char *str) {
-+ apol_mls_level(const char *str) {
- apol_mls_level_t *aml;
- BEGIN_EXCEPTION
- aml = apol_mls_level_create_from_literal(str);
-@@ -1009,7 +1009,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
- fail:
- return aml;
- };
-- apol_mls_level_t(apol_policy_t *p, qpol_mls_level_t *qml) {
-+ apol_mls_level(apol_policy_t *p, qpol_mls_level_t *qml) {
- apol_mls_level_t *aml;
- BEGIN_EXCEPTION
- aml = apol_mls_level_create_from_qpol_mls_level(p, qml);
-@@ -1020,7 +1020,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
- fail:
- return aml;
- };
-- apol_mls_level_t(apol_policy_t *p, qpol_level_t *ql) {
-+ apol_mls_level(apol_policy_t *p, qpol_level_t *ql) {
- apol_mls_level_t *aml;
- BEGIN_EXCEPTION
- aml = apol_mls_level_create_from_qpol_level_datum(p, ql);
-@@ -1031,7 +1031,7 @@ typedef struct apol_mls_level {} apol_mls_level_t;
- fail:
- return aml;
- };
-- ~apol_mls_level_t() {
-+ ~apol_mls_level() {
- apol_mls_level_destroy(&self);
- };
- void set_sens(apol_policy_t *p, char *sens) {
-@@ -1128,7 +1128,7 @@ int apol_mls_cats_compare(apol_policy_t * p, const char *cat1, const char *cat2)
- #endif
- typedef struct apol_mls_range {} apol_mls_range_t;
- %extend apol_mls_range_t {
-- apol_mls_range_t() {
-+ apol_mls_range() {
- apol_mls_range_t *amr;
- BEGIN_EXCEPTION
- amr = apol_mls_range_create();
-@@ -1139,7 +1139,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
- fail:
- return amr;
- };
-- apol_mls_range_t(apol_mls_range_t *in) {
-+ apol_mls_range(apol_mls_range_t *in) {
- apol_mls_range_t *amr;
- BEGIN_EXCEPTION
- amr = apol_mls_range_create_from_mls_range(in);
-@@ -1150,7 +1150,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
- fail:
- return amr;
- };
-- apol_mls_range_t(apol_policy_t *p, const char *s) {
-+ apol_mls_range(apol_policy_t *p, const char *s) {
- apol_mls_range_t *amr;
- BEGIN_EXCEPTION
- amr = apol_mls_range_create_from_string(p, s);
-@@ -1161,7 +1161,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
- fail:
- return amr;
- };
-- apol_mls_range_t(const char *s) {
-+ apol_mls_range(const char *s) {
- apol_mls_range_t *amr;
- BEGIN_EXCEPTION
- amr = apol_mls_range_create_from_literal(s);
-@@ -1172,7 +1172,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
- fail:
- return amr;
- };
-- apol_mls_range_t(apol_policy_t *p, qpol_mls_range_t *in) {
-+ apol_mls_range(apol_policy_t *p, qpol_mls_range_t *in) {
- apol_mls_range_t *amr;
- BEGIN_EXCEPTION
- amr = apol_mls_range_create_from_qpol_mls_range(p, in);
-@@ -1183,7 +1183,7 @@ typedef struct apol_mls_range {} apol_mls_range_t;
- fail:
- return amr;
- };
-- ~apol_mls_range_t() {
-+ ~apol_mls_range() {
- apol_mls_range_destroy(&self);
- };
- void set_low(apol_policy_t *p, apol_mls_level_t *lvl) {
-@@ -1278,7 +1278,7 @@ int apol_mls_range_contain_subrange(apol_policy_t * p, const apol_mls_range_t *
- /* apol level query */
- typedef struct apol_level_query {} apol_level_query_t;
- %extend apol_level_query_t {
-- apol_level_query_t() {
-+ apol_level_query() {
- apol_level_query_t * alq;
- BEGIN_EXCEPTION
- alq = apol_level_query_create();
-@@ -1289,7 +1289,7 @@ typedef struct apol_level_query {} apol_level_query_t;
- fail:
- return alq;
- };
-- ~apol_level_query_t() {
-+ ~apol_level_query() {
- apol_level_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1329,7 +1329,7 @@ typedef struct apol_level_query {} apol_level_query_t;
- /* apol cat query */
- typedef struct apol_cat_query {} apol_cat_query_t;
- %extend apol_cat_query_t {
-- apol_cat_query_t() {
-+ apol_cat_query() {
- apol_cat_query_t * acq;
- BEGIN_EXCEPTION
- acq = apol_cat_query_create();
-@@ -1340,7 +1340,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
- fail:
- return acq;
- };
-- ~apol_cat_query_t() {
-+ ~apol_cat_query() {
- apol_cat_query_destroy(&self);
- };
- %newobject run(apol_policy_t *);
-@@ -1379,7 +1379,7 @@ typedef struct apol_cat_query {} apol_cat_query_t;
- #endif
- typedef struct apol_user_query {} apol_user_query_t;
- %extend apol_user_query_t {
-- apol_user_query_t() {
-+ apol_user_query() {
- apol_user_query_t *auq;
- BEGIN_EXCEPTION
- auq = apol_user_query_create();
-@@ -1390,7 +1390,7 @@ typedef struct apol_user_query {} apol_user_query_t;
- fail:
- return auq;
- };
-- ~apol_user_query_t() {
-+ ~apol_user_query() {
- apol_user_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1448,7 +1448,7 @@ typedef struct apol_user_query {} apol_user_query_t;
- /* apol context */
- typedef struct apol_context {} apol_context_t;
- %extend apol_context_t {
-- apol_context_t() {
-+ apol_context() {
- apol_context_t *ctx;
- BEGIN_EXCEPTION
- ctx = apol_context_create();
-@@ -1459,7 +1459,7 @@ typedef struct apol_context {} apol_context_t;
- fail:
- return ctx;
- };
-- apol_context_t(apol_policy_t *p, qpol_context_t *in) {
-+ apol_context(apol_policy_t *p, qpol_context_t *in) {
- apol_context_t *ctx;
- BEGIN_EXCEPTION
- ctx = apol_context_create_from_qpol_context(p, in);
-@@ -1470,7 +1470,7 @@ typedef struct apol_context {} apol_context_t;
- fail:
- return ctx;
- };
-- apol_context_t(const char *str) {
-+ apol_context(const char *str) {
- apol_context_t *ctx;
- BEGIN_EXCEPTION
- ctx = apol_context_create_from_literal(str);
-@@ -1481,7 +1481,7 @@ typedef struct apol_context {} apol_context_t;
- fail:
- return ctx;
- };
-- ~apol_context_t() {
-+ ~apol_context() {
- apol_context_destroy(&self);
- };
- void set_user(apol_policy_t *p, char *name) {
-@@ -1583,7 +1583,7 @@ int apol_context_compare(apol_policy_t * p, apol_context_t * target, apol_contex
- /* apol constraint query */
- typedef struct apol_constraint_query {} apol_constraint_query_t;
- %extend apol_constraint_query_t {
-- apol_constraint_query_t() {
-+ apol_constraint_query() {
- apol_constraint_query_t *acq;
- BEGIN_EXCEPTION
- acq = apol_constraint_query_create();
-@@ -1594,7 +1594,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
- fail:
- return acq;
- };
-- ~apol_constraint_query_t() {
-+ ~apol_constraint_query() {
- apol_constraint_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1634,7 +1634,7 @@ typedef struct apol_constraint_query {} apol_constraint_query_t;
- /* apol validatetrans query */
- typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
- %extend apol_validatetrans_query_t {
-- apol_validatetrans_query_t() {
-+ apol_validatetrans_query() {
- apol_validatetrans_query_t *avq;
- BEGIN_EXCEPTION
- avq = apol_validatetrans_query_create();
-@@ -1645,7 +1645,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
- fail:
- return avq;
- };
-- ~apol_validatetrans_query_t() {
-+ ~apol_validatetrans_query() {
- apol_validatetrans_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1684,7 +1684,7 @@ typedef struct apol_validatetrans_query {} apol_validatetrans_query_t;
- #endif
- typedef struct apol_genfscon_query {} apol_genfscon_query_t;
- %extend apol_genfscon_query_t {
-- apol_genfscon_query_t() {
-+ apol_genfscon_query() {
- apol_genfscon_query_t *agq;
- BEGIN_EXCEPTION
- agq = apol_genfscon_query_create();
-@@ -1695,7 +1695,7 @@ typedef struct apol_genfscon_query {} apol_genfscon_query_t;
- fail:
- return agq;
- };
-- ~apol_genfscon_query_t() {
-+ ~apol_genfscon_query() {
- apol_genfscon_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1746,7 +1746,7 @@ char *apol_genfscon_render(apol_policy_t * p, qpol_genfscon_t * genfscon);
- /* apol fs_use query */
- typedef struct apol_fs_use_query {} apol_fs_use_query_t;
- %extend apol_fs_use_query_t {
-- apol_fs_use_query_t() {
-+ apol_fs_use_query() {
- apol_fs_use_query_t *afq;
- BEGIN_EXCEPTION
- afq = apol_fs_use_query_create();
-@@ -1757,7 +1757,7 @@ typedef struct apol_fs_use_query {} apol_fs_use_query_t;
- fail:
- return afq;
- };
-- ~apol_fs_use_query_t() {
-+ ~apol_fs_use_query() {
- apol_fs_use_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1799,7 +1799,7 @@ char *apol_fs_use_render(apol_policy_t * p, qpol_fs_use_t * fsuse);
- /* apol initial sid query */
- typedef struct apol_isid_query {} apol_isid_query_t;
- %extend apol_isid_query_t {
-- apol_isid_query_t() {
-+ apol_isid_query() {
- apol_isid_query_t *aiq;
- BEGIN_EXCEPTION
- aiq = apol_isid_query_create();
-@@ -1810,7 +1810,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
- fail:
- return aiq;
- };
-- ~apol_isid_query_t() {
-+ ~apol_isid_query() {
- apol_isid_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1841,7 +1841,7 @@ typedef struct apol_isid_query {} apol_isid_query_t;
- /* apol portcon query */
- typedef struct apol_portcon_query {} apol_portcon_query_t;
- %extend apol_portcon_query_t {
-- apol_portcon_query_t() {
-+ apol_portcon_query() {
- apol_portcon_query_t *apq;
- BEGIN_EXCEPTION
- apq = apol_portcon_query_create();
-@@ -1852,7 +1852,7 @@ typedef struct apol_portcon_query {} apol_portcon_query_t;
- fail:
- return apq;
- };
-- ~apol_portcon_query_t() {
-+ ~apol_portcon_query() {
- apol_portcon_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1885,7 +1885,7 @@ char *apol_portcon_render(apol_policy_t * p, qpol_portcon_t * portcon);
- /* apol netifcon query */
- typedef struct apol_netifcon_query {} apol_netifcon_query_t;
- %extend apol_netifcon_query_t {
-- apol_netifcon_query_t() {
-+ apol_netifcon_query() {
- apol_netifcon_query_t *anq;
- BEGIN_EXCEPTION
- anq = apol_netifcon_query_create();
-@@ -1896,7 +1896,7 @@ typedef struct apol_netifcon_query {} apol_netifcon_query_t;
- fail:
- return anq;
- };
-- ~apol_netifcon_query_t() {
-+ ~apol_netifcon_query() {
- apol_netifcon_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -1932,7 +1932,7 @@ char *apol_netifcon_render(apol_policy_t * p, qpol_netifcon_t * netifcon);
- /* apol nodecon query */
- typedef struct apol_nodecon_query {} apol_nodecon_query_t;
- %extend apol_nodecon_query_t {
-- apol_nodecon_query_t() {
-+ apol_nodecon_query() {
- apol_nodecon_query_t *anq;
- BEGIN_EXCEPTION
- anq = apol_nodecon_query_create();
-@@ -1943,7 +1943,7 @@ typedef struct apol_nodecon_query {} apol_nodecon_query_t;
- fail:
- return anq;
- };
-- ~apol_nodecon_query_t() {
-+ ~apol_nodecon_query() {
- apol_nodecon_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2012,7 +2012,7 @@ char *apol_nodecon_render(apol_policy_t * p, qpol_nodecon_t * nodecon);
- /* apol avrule query */
- typedef struct apol_avrule_query {} apol_avrule_query_t;
- %extend apol_avrule_query_t {
-- apol_avrule_query_t() {
-+ apol_avrule_query() {
- apol_avrule_query_t *avq;
- BEGIN_EXCEPTION
- avq = apol_avrule_query_create();
-@@ -2023,7 +2023,7 @@ typedef struct apol_avrule_query {} apol_avrule_query_t;
- fail:
- return avq;
- };
-- ~apol_avrule_query_t() {
-+ ~apol_avrule_query() {
- apol_avrule_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2163,7 +2163,7 @@ char *apol_syn_avrule_render(apol_policy_t * policy, qpol_syn_avrule_t * rule);
- /* apol terule query */
- typedef struct apol_terule_query {} apol_terule_query_t;
- %extend apol_terule_query_t {
-- apol_terule_query_t() {
-+ apol_terule_query() {
- apol_terule_query_t *atq;
- BEGIN_EXCEPTION
- atq = apol_terule_query_create();
-@@ -2174,7 +2174,7 @@ typedef struct apol_terule_query {} apol_terule_query_t;
- fail:
- return atq;
- };
-- ~apol_terule_query_t() {
-+ ~apol_terule_query() {
- apol_terule_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2287,7 +2287,7 @@ apol_vector_t *apol_terule_list_to_syn_terules(apol_policy_t * p, apol_vector_t
- /* apol cond rule query */
- typedef struct apol_cond_query {} apol_cond_query_t;
- %extend apol_cond_query_t {
-- apol_cond_query_t() {
-+ apol_cond_query() {
- apol_cond_query_t *acq;
- BEGIN_EXCEPTION
- acq = apol_cond_query_create();
-@@ -2298,7 +2298,7 @@ typedef struct apol_cond_query {} apol_cond_query_t;
- fail:
- return acq;
- };
-- ~apol_cond_query_t() {
-+ ~apol_cond_query() {
- apol_cond_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2331,7 +2331,7 @@ char *apol_cond_expr_render(apol_policy_t * p, qpol_cond_t * cond);
- /* apol role allow query */
- typedef struct apol_role_allow_query {} apol_role_allow_query_t;
- %extend apol_role_allow_query_t {
-- apol_role_allow_query_t() {
-+ apol_role_allow_query() {
- apol_role_allow_query_t *arq;
- BEGIN_EXCEPTION
- arq = apol_role_allow_query_create();
-@@ -2342,7 +2342,7 @@ typedef struct apol_role_allow_query {} apol_role_allow_query_t;
- fail:
- return arq;
- };
-- ~apol_role_allow_query_t() {
-+ ~apol_role_allow_query() {
- apol_role_allow_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2387,7 +2387,7 @@ char *apol_role_allow_render(apol_policy_t * policy, qpol_role_allow_t * rule);
- /* apol role transition rule query */
- typedef struct apol_role_trans_query {} apol_role_trans_query_t;
- %extend apol_role_trans_query_t {
-- apol_role_trans_query_t() {
-+ apol_role_trans_query() {
- apol_role_trans_query_t *arq;
- BEGIN_EXCEPTION
- arq = apol_role_trans_query_create();
-@@ -2398,7 +2398,7 @@ typedef struct apol_role_trans_query {} apol_role_trans_query_t;
- fail:
- return arq;
- };
-- ~apol_role_trans_query_t() {
-+ ~apol_role_trans_query() {
- apol_role_trans_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2452,7 +2452,7 @@ char *apol_role_trans_render(apol_policy_t * policy, qpol_role_trans_t * rule);
- /* apol range transition rule query */
- typedef struct apol_range_trans_query {} apol_range_trans_query_t;
- %extend apol_range_trans_query_t {
-- apol_range_trans_query_t() {
-+ apol_range_trans_query() {
- apol_range_trans_query_t *arq;
- BEGIN_EXCEPTION
- arq = apol_range_trans_query_create();
-@@ -2463,7 +2463,7 @@ typedef struct apol_range_trans_query {} apol_range_trans_query_t;
- fail:
- return arq;
- };
-- ~apol_range_trans_query_t() {
-+ ~apol_range_trans_query() {
- apol_range_trans_query_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2531,7 +2531,7 @@ char *apol_range_trans_render(apol_policy_t * policy, qpol_range_trans_t * rule)
- #define APOL_DOMAIN_TRANS_SEARCH_BOTH (APOL_DOMAIN_TRANS_SEARCH_VALID|APOL_DOMAIN_TRANS_SEARCH_INVALID)
- typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
- %extend apol_domain_trans_analysis_t {
-- apol_domain_trans_analysis_t() {
-+ apol_domain_trans_analysis() {
- apol_domain_trans_analysis_t *dta;
- BEGIN_EXCEPTION
- dta = apol_domain_trans_analysis_create();
-@@ -2542,7 +2542,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
- fail:
- return dta;
- };
-- ~apol_domain_trans_analysis_t() {
-+ ~apol_domain_trans_analysis() {
- apol_domain_trans_analysis_destroy(&self);
- };
- void set_direction(apol_policy_t *p, int direction) {
-@@ -2622,7 +2622,7 @@ typedef struct apol_domain_trans_analysis {} apol_domain_trans_analysis_t;
- };
- typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
- %extend apol_domain_trans_result_t {
-- apol_domain_trans_result_t(apol_domain_trans_result_t *in) {
-+ apol_domain_trans_result(apol_domain_trans_result_t *in) {
- apol_domain_trans_result_t *dtr;
- BEGIN_EXCEPTION
- dtr = apol_domain_trans_result_create_from_domain_trans_result(in);
-@@ -2633,7 +2633,7 @@ typedef struct apol_domain_trans_result {} apol_domain_trans_result_t;
- fail:
- return dtr;
- };
-- ~apol_domain_trans_result_t() {
-+ ~apol_domain_trans_result() {
- apol_domain_trans_result_destroy(&self);
- };
- const qpol_type_t *get_start_type() {
-@@ -2705,14 +2705,14 @@ int apol_domain_trans_table_verify_trans(apol_policy_t * policy, qpol_type_t * s
- %}
- typedef struct apol_infoflow {} apol_infoflow_t;
- %extend apol_infoflow_t {
-- apol_infoflow_t() {
-+ apol_infoflow() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_infoflow_t() {
-+ ~apol_infoflow() {
- apol_infoflow_destroy(&self);
- };
- %newobject extract_graph();
-@@ -2730,7 +2730,7 @@ typedef struct apol_infoflow {} apol_infoflow_t;
- };
- typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
- %extend apol_infoflow_analysis_t {
-- apol_infoflow_analysis_t() {
-+ apol_infoflow_analysis() {
- apol_infoflow_analysis_t *aia;
- BEGIN_EXCEPTION
- aia = apol_infoflow_analysis_create();
-@@ -2741,7 +2741,7 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
- fail:
- return aia;
- };
-- ~apol_infoflow_analysis_t() {
-+ ~apol_infoflow_analysis() {
- apol_infoflow_analysis_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -2823,14 +2823,14 @@ typedef struct apol_infoflow_analysis {} apol_infoflow_analysis_t;
- };
- typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
- %extend apol_infoflow_graph_t {
-- apol_infoflow_graph_t() {
-+ apol_infoflow_graph() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_graph_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_infoflow_graph_t() {
-+ ~apol_infoflow_graph() {
- apol_infoflow_graph_destroy(&self);
- };
- %newobject do_more(apol_policy_t*, char*);
-@@ -2867,14 +2867,14 @@ typedef struct apol_infoflow_graph {} apol_infoflow_graph_t;
- };
- typedef struct apol_infoflow_result {} apol_infoflow_result_t;
- %extend apol_infoflow_result_t {
-- apol_infoflow_result_t() {
-+ apol_infoflow_result() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_result_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_infoflow_result_t() {
-+ ~apol_infoflow_result() {
- /* no op - vector will destroy */
- return;
- };
-@@ -2901,14 +2901,14 @@ typedef struct apol_infoflow_result {} apol_infoflow_result_t;
- %}
- typedef struct apol_infoflow_step {} apol_infoflow_step_t;
- %extend apol_infoflow_step_t {
-- apol_infoflow_step_t() {
-+ apol_infoflow_step() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_infoflow_step_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_infoflow_step_t() {
-+ ~apol_infoflow_step() {
- /* no op */
- return;
- };
-@@ -2938,7 +2938,7 @@ typedef struct apol_infoflow_step {} apol_infoflow_step_t;
- #define APOL_RELABEL_DIR_SUBJECT 0x04
- typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
- %extend apol_relabel_analysis_t {
-- apol_relabel_analysis_t() {
-+ apol_relabel_analysis() {
- apol_relabel_analysis_t *ara;
- BEGIN_EXCEPTION
- ara = apol_relabel_analysis_create();
-@@ -2949,7 +2949,7 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
- fail:
- return ara;
- };
-- ~apol_relabel_analysis_t() {
-+ ~apol_relabel_analysis() {
- apol_relabel_analysis_destroy(&self);
- };
- %newobject run(apol_policy_t*);
-@@ -3011,14 +3011,14 @@ typedef struct apol_relabel_analysis {} apol_relabel_analysis_t;
- };
- typedef struct apol_relabel_result {} apol_relabel_result_t;
- %extend apol_relabel_result_t {
-- apol_relabel_result_t() {
-+ apol_relabel_result() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_relabel_result_t() {
-+ ~apol_relabel_result() {
- /* no op - vector will destroy */
- return;
- };
-@@ -3042,14 +3042,14 @@ typedef struct apol_relabel_result {} apol_relabel_result_t;
- %}
- typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
- %extend apol_relabel_result_pair_t {
-- apol_relabel_result_pair_t() {
-+ apol_relabel_result_pair() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_relabel_result_pair_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_relabel_result_pair_t() {
-+ ~apol_relabel_result_pair() {
- /* no op - owned and free()'d by apol_relabel_result_t */
- return;
- };
-@@ -3084,7 +3084,7 @@ typedef struct apol_relabel_result_pair {} apol_relabel_result_pair_t;
- #define APOL_TYPES_RELATION_TRANS_FLOW_BA 0x8000
- typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
- %extend apol_types_relation_analysis_t {
-- apol_types_relation_analysis_t() {
-+ apol_types_relation_analysis() {
- apol_types_relation_analysis_t *atr;
- BEGIN_EXCEPTION
- atr = apol_types_relation_analysis_create();
-@@ -3095,7 +3095,7 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
- fail:
- return atr;
- };
-- ~apol_types_relation_analysis_t() {
-+ ~apol_types_relation_analysis() {
- apol_types_relation_analysis_destroy(&self);
- }
- %newobject run(apol_policy_t*);
-@@ -3139,14 +3139,14 @@ typedef struct apol_types_relation_analysis {} apol_types_relation_analysis_t;
- };
- typedef struct apol_types_relation_result {} apol_types_relation_result_t;
- %extend apol_types_relation_result_t {
-- apol_types_relation_result_t() {
-+ apol_types_relation_result() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_result_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_types_relation_result_t() {
-+ ~apol_types_relation_result() {
- apol_types_relation_result_destroy(&self);
- };
- const apol_vector_t *get_attributes() {
-@@ -3194,14 +3194,14 @@ typedef struct apol_types_relation_result {} apol_types_relation_result_t;
- };
- typedef struct apol_types_relation_access {} apol_types_relation_access_t;
- %extend apol_types_relation_access_t {
-- apol_types_relation_access_t() {
-+ apol_types_relation_access() {
- BEGIN_EXCEPTION
- SWIG_exception(SWIG_RuntimeError, "Cannot directly create apol_types_relation_access_t objects");
- END_EXCEPTION
- fail:
- return NULL;
- };
-- ~apol_types_relation_access_t() {
-+ ~apol_types_relation_access() {
- /* no op - vector will destroy */
- return;
- };
---
-
diff --git a/SOURCES/0014-boolsub.patch b/SOURCES/0014-boolsub.patch
deleted file mode 100644
index 2890628..0000000
--- a/SOURCES/0014-boolsub.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-diff -up ./setools-3.3.7/secmds/seinfo.c~ ./setools-3.3.7/secmds/seinfo.c
---- ./setools-3.3.7/secmds/seinfo.c~ 2013-03-14 15:26:31.467121596 -0400
-+++ ./setools-3.3.7/secmds/seinfo.c 2013-03-14 15:35:20.154650517 -0400
-@@ -1705,7 +1705,7 @@ int main(int argc, char **argv)
- case 'b': /* conditional booleans */
- bools = 1;
- if (optarg != 0)
-- bool_name = optarg;
-+ bool_name = selinux_boolean_sub(optarg);
- break;
- case OPT_INITIALSID:
- isids = 1;
-diff -up ./setools-3.3.7/secmds/sesearch.c~ ./setools-3.3.7/secmds/sesearch.c
---- ./setools-3.3.7/secmds/sesearch.c~ 2013-03-14 15:26:31.539121944 -0400
-+++ ./setools-3.3.7/secmds/sesearch.c 2013-03-14 15:34:36.615445562 -0400
-@@ -1056,7 +1056,7 @@ int main(int argc, char **argv)
- printf("Missing boolean for -b (--bool)\n");
- exit(1);
- }
-- cmd_opts.bool_name = strdup(optarg);
-+ cmd_opts.bool_name = strdup(selinux_boolean_sub(optarg));
- if (!cmd_opts.bool_name) {
- fprintf(stderr, "%s\n", strerror(errno));
- exit(1);
diff --git a/SOURCES/0015-aliases.patch b/SOURCES/0015-aliases.patch
deleted file mode 100644
index 355aff3..0000000
--- a/SOURCES/0015-aliases.patch
+++ /dev/null
@@ -1,82 +0,0 @@
-diff -up setools-3.3.7/libapol/src/policy-query.c~ setools-3.3.7/libapol/src/policy-query.c
-diff -up setools-3.3.7/libqpol/include/qpol/type_query.h~ setools-3.3.7/libqpol/include/qpol/type_query.h
-diff -up setools-3.3.7/libqpol/tests/iterators-tests.c~ setools-3.3.7/libqpol/tests/iterators-tests.c
-diff -up setools-3.3.7/secmds/seinfo.c~ setools-3.3.7/secmds/seinfo.c
---- setools-3.3.7/secmds/seinfo.c~ 2013-03-25 11:30:23.161633059 -0400
-+++ setools-3.3.7/secmds/seinfo.c 2013-03-28 13:08:07.281751011 -0400
-@@ -46,6 +46,7 @@
- #include <string.h>
- #include <assert.h>
- #include <getopt.h>
-+#include <selinux/selinux.h>
-
- #define COPYRIGHT_INFO "Copyright (C) 2003-2007 Tresys Technology, LLC"
-
-@@ -54,6 +55,7 @@
-
- static char *policy_file = NULL;
-
-+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb);
- static void print_type_attrs(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
- static void print_attr_types(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb, const int expand);
- static void print_user_roles(FILE * fp, const qpol_user_t * user_datum, const apol_policy_t * policydb, const int expand);
-@@ -511,6 +513,7 @@ static int print_types(FILE * fp, const
- if (qpol_policy_get_type_by_name(q, name, &type_datum))
- goto cleanup;
- print_type_attrs(fp, type_datum, policydb, expand);
-+ print_type_aliases(fp, type_datum, policydb);
- } else {
- if (qpol_policy_get_type_iter(q, &iter))
- goto cleanup;
-@@ -1897,6 +1900,51 @@ int main(int argc, char **argv)
- }
-
- /**
-+ * Prints the alias of a type.
-+ *
-+ * @param fp Reference to a file to which to print type information
-+ * @param type_datum Reference to sepol type_datum
-+ * @param policydb Reference to a policy
-+ * attributes
-+ */
-+static void print_type_aliases(FILE * fp, const qpol_type_t * type_datum, const apol_policy_t * policydb)
-+{
-+ qpol_iterator_t *iter = NULL;
-+ size_t alias_size;
-+ unsigned char isattr, isalias;
-+ const char *type_name = NULL;
-+ const char *alias_name;
-+ qpol_policy_t *q = apol_policy_get_qpol(policydb);
-+
-+ if (qpol_type_get_name(q, type_datum, &type_name))
-+ goto cleanup;
-+ if (qpol_type_get_isattr(q, type_datum, &isattr))
-+ goto cleanup;
-+ if (qpol_type_get_isalias(q, type_datum, &isalias))
-+ goto cleanup;
-+
-+ if (isalias) {
-+ fprintf(fp, " TypeName %s\n", type_name);
-+ }
-+ if (qpol_type_get_alias_iter(q, type_datum, &iter))
-+ goto cleanup;
-+ if (qpol_iterator_get_size(iter, &alias_size))
-+ goto cleanup;
-+ if (alias_size > 0) {
-+ fprintf(fp, " Aliases\n");
-+ for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
-+ if (qpol_iterator_get_item(iter, (void **)&alias_name))
-+ goto cleanup;
-+ fprintf(fp, " %s\n", alias_name);
-+ }
-+ }
-+
-+ cleanup:
-+ qpol_iterator_destroy(&iter);
-+ return;
-+}
-+
-+/**
- * Prints a textual representation of a type, and possibly
- * all of that type's attributes.
- *
diff --git a/SOURCES/0016-cmdline.patch b/SOURCES/0016-cmdline.patch
deleted file mode 100644
index 82b4825..0000000
--- a/SOURCES/0016-cmdline.patch
+++ /dev/null
@@ -1,107 +0,0 @@
-diff -up setools-3.3.7/man/sesearch.1.cmdline setools-3.3.7/man/sesearch.1
---- setools-3.3.7/man/sesearch.1.cmdline 2008-02-22 14:06:28.000000000 -0500
-+++ setools-3.3.7/man/sesearch.1 2013-07-19 06:46:21.314068667 -0400
-@@ -43,7 +43,7 @@ Search for allow rules.
- Search for neverallow rules.
- .IP "--auditallow"
- Search for auditallow rules.
--.IP "--dontaudit"
-+.IP "-D, --dontaudit"
- Search for dontaudit rules.
- .IP "-T, --type"
- Search for type_transition, type_member, and type_change rules.
-diff -up setools-3.3.7/secmds/sesearch.c.cmdline setools-3.3.7/secmds/sesearch.c
---- setools-3.3.7/secmds/sesearch.c.cmdline 2013-07-19 06:46:21.291068510 -0400
-+++ setools-3.3.7/secmds/sesearch.c 2013-07-19 06:48:12.962830868 -0400
-@@ -24,6 +24,7 @@
- */
-
- #include <config.h>
-+#include <selinux/selinux.h>
-
- /* libapol */
- #include <apol/policy.h>
-@@ -61,9 +62,8 @@ enum opt_values
- static struct option const longopts[] = {
- {"allow", no_argument, NULL, 'A'},
- {"neverallow", no_argument, NULL, RULE_NEVERALLOW},
-- {"audit", no_argument, NULL, RULE_AUDIT},
- {"auditallow", no_argument, NULL, RULE_AUDITALLOW},
-- {"dontaudit", no_argument, NULL, RULE_DONTAUDIT},
-+ {"dontaudit", no_argument, NULL, 'D'},
- {"type", no_argument, NULL, 'T'},
- {"role_allow", no_argument, NULL, RULE_ROLE_ALLOW},
- {"role_trans", no_argument, NULL, RULE_ROLE_TRANS},
-@@ -72,7 +72,6 @@ static struct option const longopts[] =
-
- {"source", required_argument, NULL, 's'},
- {"target", required_argument, NULL, 't'},
-- {"default", required_argument, NULL, 'D'},
- {"role_source", required_argument, NULL, EXPR_ROLE_SOURCE},
- {"role_target", required_argument, NULL, EXPR_ROLE_TARGET},
- {"class", required_argument, NULL, 'c'},
-@@ -129,7 +128,7 @@ void usage(const char *program_name, int
- printf(" -A, --allow allow rules\n");
- printf(" --neverallow neverallow rules\n");
- printf(" --auditallow auditallow rules\n");
-- printf(" --dontaudit dontaudit rules\n");
-+ printf(" -D, --dontaudit dontaudit rules\n");
- printf(" -T, --type type_trans, type_member, and type_change\n");
- printf(" --role_allow role allow rules\n");
- printf(" --role_trans role_transition rules\n");
-@@ -666,10 +665,6 @@ static void print_ft_results(const apol_
- size_t i, num_filename_trans = 0;
- const qpol_filename_trans_t *filename_trans = NULL;
- char *tmp = NULL, *filename_trans_str = NULL, *expr = NULL;
-- char enable_char = ' ', branch_char = ' ';
-- qpol_iterator_t *iter = NULL;
-- const qpol_cond_t *cond = NULL;
-- uint32_t enabled = 0, list = 0;
-
- if (!(num_filename_trans = apol_vector_get_size(v)))
- goto cleanup;
-@@ -677,7 +672,6 @@ static void print_ft_results(const apol_
- fprintf(stdout, "Found %zd named file transition filename_trans:\n", num_filename_trans);
-
- for (i = 0; i < num_filename_trans; i++) {
-- enable_char = branch_char = ' ';
- if (!(filename_trans = apol_vector_get_element(v, i)))
- goto cleanup;
-
-@@ -962,7 +956,7 @@ int main(int argc, char **argv)
-
- memset(&cmd_opts, 0, sizeof(cmd_opts));
- cmd_opts.indirect = true;
-- while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dD:RnSChV", longopts, NULL)) != -1) {
-+ while ((optc = getopt_long(argc, argv, "ATs:t:c:p:b:dDRnSChV", longopts, NULL)) != -1) {
- switch (optc) {
- case 0:
- break;
-@@ -978,18 +972,6 @@ int main(int argc, char **argv)
- exit(1);
- }
- break;
-- case 'D': /* source */
-- if (optarg == 0) {
-- usage(argv[0], 1);
-- printf("Missing source default type for -D (--default)\n");
-- exit(1);
-- }
-- cmd_opts.default_name = strdup(optarg);
-- if (!cmd_opts.default_name) {
--
-- exit(1);
-- }
-- break;
- case 't': /* target */
- if (optarg == 0) {
- usage(argv[0], 1);
-@@ -1082,7 +1064,7 @@ int main(int argc, char **argv)
- case RULE_AUDITALLOW:
- cmd_opts.auditallow = true;
- break;
-- case RULE_DONTAUDIT:
-+ case 'D':
- cmd_opts.dontaudit = true;
- break;
- case 'T': /* type */
diff --git a/SPECS/setools.spec b/SPECS/setools.spec
index 3b7c58a..b47f704 100644
--- a/SPECS/setools.spec
+++ b/SPECS/setools.spec
@@ -1,31 +1,33 @@
-%define setools_maj_ver 3.3
-%define setools_min_ver 7
+%global setools_maj_ver 3.3
+%global setools_min_ver 8
+%global gitver f1e5b20
Name: setools
Version: %{setools_maj_ver}.%{setools_min_ver}
-Release: 46%{?dist}
+Release: 1.1%{?dist}
License: GPLv2
URL: http://oss.tresys.com/projects/setools
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
-Source: http://oss.tresys.com/projects/setools/chrome/site/dists/setools-%{version}/setools-%{version}.tar.bz2
+# Source: http://oss.tresys.com/projects/setools/chrome/site/dists/setools-%{version}/setools-%{version}.tar.bz2
+# git clone https://github.com/TresysTechnology/setools3.git
+# cd setools3
+# gitrev=`git rev-parse --verify --short HEAD`
+# git archive --format=tar --prefix=setools-3.3.8/ HEAD | bzip2 > setools-3.3.8-$gitrev.tar.bz2
+Source: setools-%{version}-%{gitver}.tar.bz2
Source1: setools.pam
Source2: apol.desktop
Source3: seaudit.desktop
-Patch2: 0002-setools-should-exit-with-an-error-status-if-it-gets-.patch
-Patch3: 0003-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
-Patch4: 0004-Fix-man-pages-and-getoptions.patch
-Patch5: 0005-Fix-sepol-calls-to-work-with-latest-libsepol.patch
-Patch6: 0006-Changes-to-support-named-file_trans-rules.patch
-Patch7: 0007-Remove-unused-variables.patch
-Patch8: 0008-Fix-output-to-match-policy-lines.patch
-Patch9: 0009-Fix-swig-coding-style-for-structures.patch
-Patch10: 0010-selinux_current_policy_path.patch
-Patch11: 0011-setools-noship.patch
-Patch12: 0012-seaudit.patch
-Patch13: 0013-swig.patch
-Patch14: 0014-boolsub.patch
-Patch15: 0015-aliases.patch
-Patch16: 0016-cmdline.patch
+Patch1: 0001-Since-we-do-not-ship-neverallow-rules-all-always-fai.patch
+Patch2: 0002-Fix-sepol-calls-to-work-with-latest-libsepol.patch
+Patch4: 0004-Apply-selinux_current_policy_path-patch.patch
+Patch5: 0005-Apply-seaudit-patch-for-progress.c.patch
+Patch6: 0006-Add-support-for-boolean-subs.patch
+Patch7: 0007-Setools-noship.patch
+Patch8: 0008-Add-alias-support-to-seinfo-t.patch
+Patch9: 0009-Fix-help-message-on-sesearch-D.patch
+Patch11: 0011-Fix-Wformat-security-issues.patch
+# Patch12: 0012-Fix-configure.ac-to-use-SWIG-3.0.0.patch
+Patch13: 0013-libqpol-Skip-types-when-building-type-attribute-map.patch
Summary: Policy analysis tools for SELinux
Group: System Environment/Base
@@ -35,8 +37,8 @@ Requires: setools-libs = %{version}-%{release} setools-libs-tcl = %{version}-%{r
%define autoconf_ver 2.59
%define bwidget_ver 1.8
%define gtk_ver 2.8
-%define sepol_ver 2.1.8-5
-%define selinux_ver 2.1.12-10
+%define sepol_ver 2.5-0
+%define selinux_ver 2.5-0
%define sqlite_ver 3.2.0
%define swig_ver 2.0.7-3
%define tcltk_ver 8.4.9
@@ -153,21 +155,18 @@ This package includes the following graphical tools:
%prep
%setup -q
-%patch2 -p 1 -b .exitstatus
-%patch3 -p 1 -b .neverallow
-%patch4 -p 1 -b .manpage
-%patch5 -p 1 -b .libsepol
-%patch6 -p 1 -b .filenametrans
-%patch7 -p 1 -b .unused
-%patch8 -p 1 -b .fixoutput
-%patch9 -p 1 -b .fixswig
-%patch10 -p 1 -b .current
-%patch12 -p 1 -b .seaudit
-%patch13 -p 1 -b .swig
-%patch14 -p 2 -b .boolsub
-%patch15 -p 1 -b .aliases
-%patch16 -p 1 -b .cmdline
-%patch11 -p 1 -b .noship
+%patch1 -p 1 -b .neverallow
+%patch2 -p 1 -b .libsepol
+%patch4 -p 1 -b .current_policy
+%patch5 -p 1 -b .seaudit
+%patch6 -p 1 -b .boolean-subs
+%patch7 -p 1 -b .noship
+%patch8 -p 1 -b .seinfo-t
+%patch9 -p 1 -b .sesearch-D
+%patch11 -p 1 -b .Wformat-security
+# %patch12 -p 1 -b .version
+%patch13 -p 1 -b .libqpol
+
%ifarch sparc sparcv9 sparc64 s390 s390x
for file in `find . -name Makefile.am`; do
sed -i -e 's:-fpic:-fPIC:' $file;
@@ -215,7 +214,9 @@ rm -rf ${RPM_BUILD_ROOT}
%files libs
%defattr(-,root,root,-)
-%doc AUTHORS ChangeLog COPYING COPYING.GPL COPYING.LGPL KNOWN-BUGS NEWS README
+%{!?_licensedir:%global license %%doc}
+%license COPYING COPYING.GPL COPYING.LGPL
+%doc AUTHORS ChangeLog KNOWN-BUGS NEWS README
%{_libdir}/libqpol.so.*
%{_libdir}/libapol.so.*
%{_libdir}/libpoldiff.so.*
@@ -290,6 +291,9 @@ rm -rf ${RPM_BUILD_ROOT}
%postun libs-tcl -p /sbin/ldconfig
%changelog
+* Mon May 23 2016 Petr Lautrbach <plautrba@redhat.com> - 3.3.8-1.1
+- Rebase to the latest setools3 sources
+
* Tue Mar 18 2014 Dan Walsh <dwalsh@redhat.com> - 3.3.7-46
- Move apol_tcl to setools-lib package
Resolves: #1076429