From 9a89d9b63b0c1c25b25ef3aad1e7edd63bf2d56c Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Thu, 21 Apr 2016 21:27:47 -0400 Subject: [PATCH 1/7] remove LIBSELINUX dependency, deprecated functions, and remove symbol map --- libqpol/config.h | 6 -- libqpol/libqpol.map | 87 --------------------------- libqpol/policy.c | 90 ++-------------------------- libqpol/policy_extend.c | 34 ----------- libqpol/util.c | 129 ---------------------------------------- 5 files changed, 4 insertions(+), 342 deletions(-) delete mode 100644 libqpol/libqpol.map diff --git a/libqpol/config.h b/libqpol/config.h index f4f216d..71104ef 100644 --- a/libqpol/config.h +++ b/libqpol/config.h @@ -16,9 +16,6 @@ /* Define to 1 if you have the `bz2' library (-lbz2). */ #define HAVE_LIBBZ2 1 -/* Define to 1 if you have the `selinux' library (-lselinux). */ -#define HAVE_LIBSELINUX 1 - /* Define to 1 if you have the `sepol' library (-lsepol). */ #define HAVE_LIBSEPOL 1 @@ -111,9 +108,6 @@ /* libsefs version */ #define LIBSEFS_VERSION_STRING "4.0.4" -/* enable libselinux-specific code */ -#define LIBSELINUX 1 - /* link programs using shared libraries */ #define LINK_SHARED 1 diff --git a/libqpol/libqpol.map b/libqpol/libqpol.map deleted file mode 100644 index c840960..0000000 --- a/libqpol/libqpol.map +++ /dev/null @@ -1,87 +0,0 @@ -VERS_1.2 { - global: - qpol_avrule_*; - qpol_bool_*; - qpol_cat_*; - qpol_class_*; - qpol_common_*; - qpol_cond_*; - qpol_constraint_*; - qpol_context_*; - qpol_default_policy_find; - qpol_fs_use_*; - qpol_genfscon_*; - qpol_isid_*; - qpol_iterator_end; - qpol_iterator_next; - qpol_iterator_get_*; - qpol_iterator_destroy; - qpol_level_*; - qpol_mls_*; - qpol_module_*; - qpol_netifcon_*; - qpol_nodecon_*; - qpol_perm_*; - qpol_policy_append_module; - qpol_policy_build_syn_rule_table; - qpol_policy_destroy; - qpol_policy_get_*; - qpol_policy_has_capability; - qpol_policy_open_from_file; - qpol_policy_open_from_file_no_rules; - qpol_policy_open_from_memory; - qpol_policy_rebuild; - qpol_policy_reevaluate_conds; - qpol_portcon_*; - qpol_range_trans_*; - qpol_filename_trans_*; - qpol_role_*; - qpol_syn_avrule_*; - qpol_syn_terule_*; - qpol_terule_*; - qpol_type_get_alias_iter; - qpol_type_get_attr_iter; - qpol_type_get_isalias; - qpol_type_get_isattr; - qpol_type_get_name; - qpol_type_get_type_iter; - qpol_type_get_value; - qpol_type_set_*; - qpol_user_*; - qpol_validatetrans_*; - libqpol_get_version; - local: *; -}; - -VERS_1.3 { - global: - qpol_policy_open_from_file; - qpol_policy_open_from_memory; - qpol_policy_rebuild; -} VERS_1.2; - -VERS_1.4 { - global: - qpol_type_get_ispermissive; - qpol_type_get_parent_name; -} VERS_1.3; - -VERS_1.5 { - global: - qpol_policy_permissive_*; - qpol_permissive_*; - qpol_typebounds_*; - qpol_rolebounds_*; - qpol_userbounds_*; - qpol_policy_polcap_*; - qpol_polcap_*; - qpol_default_object_*; - qpol_iomemcon_*; - qpol_ioportcon_*; - qpol_pcidevicecon_*; - qpol_pirqcon_*; - qpol_devicetreecon_*; - qpol_xperm_*; - init_qpol; - PyInit__qpol; -} VERS_1.4; diff --git a/libqpol/policy.c b/libqpol/policy.c index 02a2a7a..21f1c70 100644 --- a/libqpol/policy.c +++ b/libqpol/policy.c @@ -779,15 +779,6 @@ err: struct qpol_extended_image; extern void qpol_extended_image_destroy(struct qpol_extended_image **ext); -#if LINK_SHARED == 1 -__asm__(".symver qpol_policy_open_from_file_old,qpol_policy_open_from_file@"); -__asm__(".symver qpol_policy_open_from_file_opt,qpol_policy_open_from_file@@VERS_1.3"); -__asm__(".symver qpol_policy_open_from_memory_old,qpol_policy_open_from_memory@"); -__asm__(".symver qpol_policy_open_from_memory_opt,qpol_policy_open_from_memory@VERS_1.3"); -__asm__(".symver qpol_policy_rebuild_old,qpol_policy_rebuild@"); -__asm__(".symver qpol_policy_rebuild_opt,qpol_policy_rebuild@@VERS_1.3"); -#endif - /** * @brief Internal version of qpol_policy_rebuild() version 1.3 * @@ -795,7 +786,7 @@ __asm__(".symver qpol_policy_rebuild_opt,qpol_policy_rebuild@@VERS_1.3"); * for version 1.3; this symbol name is not exported. * @see qpol_policy_rebuild() */ -int qpol_policy_rebuild_opt(qpol_policy_t * policy, const int options) +int qpol_policy_rebuild(qpol_policy_t * policy, const int options) { sepol_policydb_t *old_p = NULL; sepol_policydb_t **modules = NULL; @@ -928,39 +919,6 @@ int qpol_policy_rebuild_opt(qpol_policy_t * policy, const int options) return STATUS_ERR; } -#if LINK_SHARED == 0 -int qpol_policy_rebuild(qpol_policy_t * policy, int options) -{ - return qpol_policy_rebuild_opt(policy, options); -} -#endif - -/** - * @brief Internal version of qpol_policy_rebuild() version 1.2 or earlier - * @deprecated use the 1.3 version. - * @see qpol_policy_rebuild() - */ -int qpol_policy_rebuild_old(qpol_policy_t * policy) -{ - if (!policy) { - ERR(NULL, "%s", strerror(EINVAL)); - errno = EINVAL; - return STATUS_ERR; - } - - /* fail if not a modular policy */ - if (policy->type != QPOL_POLICY_MODULE_BINARY) { - ERR(policy, "%s", strerror(ENOTSUP)); - errno = ENOTSUP; - return STATUS_ERR; - } - - if (!policy->modified) - return STATUS_SUCCESS; - - return qpol_policy_rebuild_opt(policy, policy->options); -} - /** * @brief Internal version of qpol_policy_open_from_file() version 1.3 * @@ -968,7 +926,7 @@ int qpol_policy_rebuild_old(qpol_policy_t * policy) * for version 1.3; this symbol name is not exported. * @see qpol_policy_open_from_file() */ -int qpol_policy_open_from_file_opt(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg, const int options) +int qpol_policy_open_from_file(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg, const int options) { int error = 0, retv = -1; FILE *infile = NULL; @@ -1057,7 +1015,7 @@ int qpol_policy_open_from_file_opt(const char *path, qpol_policy_t ** policy, qp } /* *policy now owns mod */ mod = NULL; - if (qpol_policy_rebuild_opt(*policy, options)) { + if (qpol_policy_rebuild(*policy, options)) { error = errno; goto err; } @@ -1146,18 +1104,6 @@ int qpol_policy_open_from_file_opt(const char *path, qpol_policy_t ** policy, qp return -1; } -#if LINK_SHARED == 0 -int qpol_policy_open_from_file(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg, const int options) -{ - return qpol_policy_open_from_file_opt(path, policy, fn, varg, options); -} -#endif - -int qpol_policy_open_from_file_no_rules(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg) -{ - return qpol_policy_open_from_file_opt(path, policy, fn, varg, QPOL_POLICY_OPTION_NO_RULES); -} - /** * @brief Internal version of qpol_policy_open_from_memory() version 1.3 * @@ -1165,7 +1111,7 @@ int qpol_policy_open_from_file_no_rules(const char *path, qpol_policy_t ** polic * for version 1.3; this symbol name is not exported. * @see qpol_policy_open_from_memory() */ -int qpol_policy_open_from_memory_opt(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg, +int qpol_policy_open_from_memory(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg, const int options) { int error = 0; @@ -1258,34 +1204,6 @@ int qpol_policy_open_from_memory_opt(qpol_policy_t ** policy, const char *fileda } -#if LINK_SHARED == 0 -int qpol_policy_open_from_memory(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg, - const int options) -{ - return qpol_policy_open_from_memory_opt(policy, filedata, size, fn, varg, options); -} -#endif - -/** - * @brief Internal version of qpol_policy_open_from_file() version 1.2 or earlier - * @deprecated use the 1.3 version. - * @see qpol_policy_open_from_file() - */ -int qpol_policy_open_from_file_old(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg) -{ - return qpol_policy_open_from_file(path, policy, fn, varg, 0); -} - -/** - * @brief Internal version of qpol_policy_open_from_memory() version 1.2 or earlier - * @deprecated use the 1.3 version. - * @see qpol_policy_open_from_memory() - */ -int qpol_policy_open_from_memory_old(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg) -{ - return qpol_policy_open_from_memory_opt(policy, filedata, size, fn, varg, 0); -} - void qpol_policy_destroy(qpol_policy_t ** policy) { if (policy != NULL && *policy != NULL) { diff --git a/libqpol/policy_extend.c b/libqpol/policy_extend.c index d135af8..e6ef8b2 100644 --- a/libqpol/policy_extend.c +++ b/libqpol/policy_extend.c @@ -39,7 +39,6 @@ #include #include #include -#include #include #include #include @@ -446,35 +445,6 @@ static int qpol_policy_add_isid_names(qpol_policy_t * policy) return 0; } -/** - * If the given policy's version is higher than the running system's - * version, then mark it as different. In a future version of - * libqpol, accessors will return data as if the policy were really - * the new version rather than what it actually is. - */ -static int qpol_policy_match_system(qpol_policy_t * policy) -{ - int kernvers = security_policyvers(); - unsigned int currentvers = policy->p->p.policyvers; - int error; - if (kernvers < 0) { - error = errno; - ERR(policy, "%s", "Could not determine running system's policy version."); - errno = error; - return -1; - } - if (currentvers > (unsigned)kernvers) { - if (sepol_policydb_set_vers(policy->p, kernvers)) { - error = errno; - ERR(policy, "Could not downgrade policy to version %d.", kernvers); - errno = error; - return -1; - } - WARN(policy, "Policy would be downgraded from version %d to %d.", currentvers, kernvers); - } - return 0; -} - /** * Walks the conditional list and adds links for reverse look up from * a te/av rule to the conditional from which it came. @@ -1025,10 +995,6 @@ int policy_extend(qpol_policy_t * policy) error = errno; goto err; } - if ((policy->options & QPOL_POLICY_OPTION_MATCH_SYSTEM) && qpol_policy_match_system(policy)) { - error = errno; - goto err; - } if (policy->options & QPOL_POLICY_OPTION_NO_RULES) return STATUS_SUCCESS; diff --git a/libqpol/util.c b/libqpol/util.c index 7c49876..e1088e8 100644 --- a/libqpol/util.c +++ b/libqpol/util.c @@ -38,140 +38,11 @@ #include #include -#include - const char *libqpol_get_version(void) { return LIBQPOL_VERSION_STRING; } -static int search_policy_source_file(char **path) -{ - int error; - char *source_path; - if (asprintf(&source_path, "%s/src/policy/policy.conf", selinux_policy_root()) < 0) { - return -1; - } - if (access(source_path, R_OK) < 0) { - error = errno; - free(source_path); - errno = error; - return 1; - } - *path = source_path; - return 0; -} - -static int get_binpol_version(const char *policy_fname) -{ - FILE *policy_fp = NULL; - int ret_version, error; - - policy_fp = fopen(policy_fname, "r"); - if (policy_fp == NULL) { - return -1; - } - if (!qpol_is_file_binpol(policy_fp)) { - error = errno; - fclose(policy_fp); - errno = error; - return -1; - } - ret_version = qpol_binpol_version(policy_fp); - fclose(policy_fp); - return ret_version; -} - -static int search_policy_binary_file(char **path) -{ - const char *binary_path; - if ((binary_path = selinux_binary_policy_path()) == NULL) { - return -1; - } - - int expected_version = -1, latest_version = -1; -#ifdef LIBSELINUX - /* if the system has SELinux enabled, prefer the policy whose - name matches the current policy version */ - if ((expected_version = security_policyvers()) < 0) { - return -1; - } -#endif - - glob_t glob_buf; - struct stat fs; - int rt, error = 0, retval = -1; - size_t i; - char *pattern = NULL; - if (asprintf(&pattern, "%s.*", binary_path) < 0) { - return -1; - } - glob_buf.gl_offs = 1; - glob_buf.gl_pathc = 0; - rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf); - if (rt != 0 && rt != GLOB_NOMATCH) { - errno = EIO; - return -1; - } - - for (i = 0; i < glob_buf.gl_pathc; i++) { - char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs]; - if (stat(p, &fs) != 0) { - error = errno; - goto cleanup; - } - if (S_ISDIR(fs.st_mode)) - continue; - - if ((rt = get_binpol_version(p)) < 0) { - error = errno; - goto cleanup; - } - - if (rt > latest_version || rt == expected_version) { - free(*path); - if ((*path = strdup(p)) == NULL) { - error = errno; - goto cleanup; - } - if (rt == expected_version) { - break; - } - latest_version = rt; - } - } - - if (*path == NULL) { - retval = 1; - } else { - retval = 0; - } - cleanup: - free(pattern); - globfree(&glob_buf); - if (retval == -1) { - errno = error; - } - return retval; -} - -int qpol_default_policy_find(char **path) -{ - int rt; - if (path == NULL) { - errno = EINVAL; - return -1; - } - *path = NULL; - /* Try default source policy first as a source policy contains - * more useful information. */ - if ((rt = search_policy_source_file(path)) <= 0) { - return rt; - } - /* Try a binary policy */ - return search_policy_binary_file(path); -} - #include #include #include From 42fb95a9c970c6319b0a62ac184738996b958021 Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Thu, 21 Apr 2016 21:31:44 -0400 Subject: [PATCH 2/7] headers and types not present on Darwin either wrapped or added in linux_types.h --- MANIFEST.in | 1 + include/linux_types.h | 18 ++++++++++++++++++ libqpol/policy.c | 12 +++++++++--- libqpol/policy_define.c | 4 ++++ libqpol/util.c | 1 - 5 files changed, 32 insertions(+), 4 deletions(-) create mode 100644 include/linux_types.h diff --git a/MANIFEST.in b/MANIFEST.in index ea29492..8b6dbc5 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -11,3 +11,4 @@ include qhc/* include tests/*.conf include tests/*.py include tests/perm_map +include include/* diff --git a/include/linux_types.h b/include/linux_types.h new file mode 100644 index 0000000..c3c056b --- /dev/null +++ b/include/linux_types.h @@ -0,0 +1,18 @@ +#ifndef linux_types_h +#define linux_types_h + +#ifdef __linux__ +# include "linux/types.h" +#else +# include +typedef int32_t __s32; +typedef uint32_t __u32; +typedef uint8_t __u8; +typedef uint16_t __u16; +#define s6_addr32 __u6_addr32 + +#define IPPROTO_DCCP 33 +#endif + +#endif + diff --git a/libqpol/policy.c b/libqpol/policy.c index 21f1c70..bbc2dda 100644 --- a/libqpol/policy.c +++ b/libqpol/policy.c @@ -28,8 +28,6 @@ #include "qpol_internal.h" #include -#include -#include #include #include #include @@ -37,7 +35,15 @@ #include #include #include -#include + +#ifdef DARWIN +# include "linux_types.h" +# include +# include +#else +# include +# include +#endif #include #include diff --git a/libqpol/policy_define.c b/libqpol/policy_define.c index fca1ca3..1c066cf 100644 --- a/libqpol/policy_define.c +++ b/libqpol/policy_define.c @@ -57,6 +57,10 @@ #include #include "queue.h" +#ifdef DARWIN +#include "linux_types.h" +#endif + /* Required for SETools libqpol - Removed #include "checkpolicy.h"*/ #include diff --git a/libqpol/util.c b/libqpol/util.c index e1088e8..77912fa 100644 --- a/libqpol/util.c +++ b/libqpol/util.c @@ -46,7 +46,6 @@ const char *libqpol_get_version(void) #include #include #include -#include #define BZ2_MAGICSTR "BZh" #define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1) From 9fbfeb43d20dd196b1831ef63b4a4f4f087a0be4 Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Thu, 21 Apr 2016 21:33:48 -0400 Subject: [PATCH 3/7] symtab_datum is only 32 bits so casting triggers increase alignment warning, cast to void first to avoid that --- libqpol/module_compiler.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/libqpol/module_compiler.c b/libqpol/module_compiler.c index 5fb6dd1..088be02 100644 --- a/libqpol/module_compiler.c +++ b/libqpol/module_compiler.c @@ -152,7 +152,7 @@ int declare_symbol(uint32_t symbol_type, assert(s != NULL); if (symbol_type == SYM_LEVELS) { - *dest_value = ((level_datum_t *)s)->level->sens; + *dest_value = ((level_datum_t *)(void *)s)->level->sens; } else { *dest_value = s->value; } @@ -647,7 +647,7 @@ int require_symbol(uint32_t symbol_type, assert(s != NULL); if (symbol_type == SYM_LEVELS) { - *dest_value = ((level_datum_t *)s)->level->sens; + *dest_value = ((level_datum_t *)(void *)s)->level->sens; } else { *dest_value = s->value; } @@ -1074,7 +1074,7 @@ static int require_bool_tunable(int pass, int is_tunable) if (is_tunable) booldatum->flags |= COND_BOOL_FLAGS_TUNABLE; retval = - require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum, + require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) (void *) booldatum, &booldatum->s.value, &booldatum->s.value); if (retval != 0) { cond_destroy_bool(id, booldatum, NULL); @@ -1198,7 +1198,7 @@ int require_cat(int pass) } cat_datum_init(cat); - retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat, + retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) (void *)cat, &cat->s.value, &cat->s.value); if (retval != 0) { free(id); From d6996d1f09cc104aa150e8ce5c8c0becaceca662 Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Thu, 21 Apr 2016 21:34:16 -0400 Subject: [PATCH 4/7] use c99 type for uint64_t --- libqpol/xen_query.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libqpol/xen_query.c b/libqpol/xen_query.c index 0fe1572..b856fbe 100644 --- a/libqpol/xen_query.c +++ b/libqpol/xen_query.c @@ -29,6 +29,9 @@ #include "qpol_internal.h" #include "iterator_internal.h" +#define __STDC_FORMAT_MACROS +#include + /******************************* iomemcon **************************/ int qpol_policy_get_iomemcon_by_addr(const qpol_policy_t *policy, uint64_t low, uint64_t high, @@ -56,7 +59,7 @@ int qpol_policy_get_iomemcon_by_addr(const qpol_policy_t *policy, *ocon = (qpol_iomemcon_t *) tmp; if (*ocon == NULL) { - ERR(policy, "could not find iomemcon statement for %lu-%lu", + ERR(policy, "could not find iomemcon statement for %" PRIu64 "-%" PRIu64, low, high); errno = ENOENT; return STATUS_ERR; From f4c843ac241efd92920a277f2b6d8345bc0d4d41 Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Thu, 21 Apr 2016 21:35:30 -0400 Subject: [PATCH 5/7] darwin does not have dccp, set to known hardcoded value (hack) --- setools/policyrep/netcontext.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/setools/policyrep/netcontext.py b/setools/policyrep/netcontext.py index 6a70a5a..d4a5e34 100644 --- a/setools/policyrep/netcontext.py +++ b/setools/policyrep/netcontext.py @@ -19,6 +19,8 @@ from socket import IPPROTO_TCP, IPPROTO_UDP, getprotobyname from collections import namedtuple +import socket + from . import qpol from . import symbol from . import context @@ -27,7 +29,10 @@ port_range = namedtuple("port_range", ["low", "high"]) # Python does not have a constant # for the DCCP protocol. -IPPROTO_DCCP = getprotobyname("dccp") +try: + IPPROTO_DCCP = getprotobyname("dccp") +except socket.error: + IPPROTO_DCCP = 33 def netifcon_factory(policy, name): From 495a7973d8a3e55171a9cd575383835ce15d4723 Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Thu, 21 Apr 2016 21:37:30 -0400 Subject: [PATCH 6/7] Darwin define, remove libselinux and libsepol shared lib, remove libqpol map, and add local include dir --- setup.py | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/setup.py b/setup.py index 264d726..d0f268c 100644 --- a/setup.py +++ b/setup.py @@ -84,9 +84,14 @@ except KeyError: # chooses dynamic libraries over static ones, so # this assumes that the static lib is in the same directory # as the dynamic lib. - dynamic_sepol = UnixCCompiler().find_library_file(['/usr/lib64', '/usr/lib'], 'sepol') + dynamic_sepol = UnixCCompiler().find_library_file(['.', '/usr/lib64', '/usr/lib'], 'sepol') static_sepol = dynamic_sepol.replace(".so", ".a") +if sys.platform.startswith('darwin'): + macros=[('DARWIN',1)] +else: + macros=[] + ext_py_mods = [Extension('setools.policyrep._qpol', ['setools/policyrep/qpol.i', 'libqpol/avrule_query.c', @@ -126,8 +131,8 @@ ext_py_mods = [Extension('setools.policyrep._qpol', 'libqpol/policy_parse.c', 'libqpol/policy_scan.c', 'libqpol/xen_query.c'], - include_dirs=['libqpol', 'libqpol/include'], - libraries=['bz2', 'selinux', 'sepol'], + include_dirs=['libqpol', 'libqpol/include', 'include'], + libraries=['bz2'], extra_compile_args=['-Werror', '-Wextra', '-Waggregate-return', '-Wcast-align', @@ -145,12 +150,12 @@ ext_py_mods = [Extension('setools.policyrep._qpol', '-Wwrite-strings', '-Wno-missing-field-initializers', # SWIG 3.0.2 generates partially-initialized structs '-Wno-unused-parameter', # SWIG generates functions with unused parameters - '-Wno-cast-qual', # libsepol/libselinux uses const-to-nonconst casts + '-Wno-cast-qual', # libsepol uses const-to-nonconst casts '-Wno-shadow', # SWIG generates shadow variables '-fno-exceptions'], - extra_objects=[static_sepol], - extra_link_args=['-Wl,--version-script=libqpol/libqpol.map'], - swig_opts=['-Ilibqpol/include'])] + swig_opts=['-Ilibqpol/include'], + define_macros=macros, + extra_objects=[static_sepol])] setup(name='setools', version='4.0.0-beta', From ac1550cc20de6deb204f754aa830f87ecda3ad4b Mon Sep 17 00:00:00 2001 From: Joshua Brindle Date: Fri, 22 Apr 2016 09:21:30 -0400 Subject: [PATCH 7/7] remove QPOL_POLICY_OPTION_MATCH_SYSTEM defines --- libqpol/include/qpol/policy.h | 8 -------- setools/policyrep/qpol.i | 1 - 2 files changed, 9 deletions(-) diff --git a/libqpol/include/qpol/policy.h b/libqpol/include/qpol/policy.h index 9a7423b..d4047b5 100644 --- a/libqpol/include/qpol/policy.h +++ b/libqpol/include/qpol/policy.h @@ -85,14 +85,6 @@ extern "C" */ #define QPOL_POLICY_OPTION_NO_RULES 0x00000002 -/** - * When loading the policy, attempt to interpret it as the way the - * running system would. If the policy is of a version higher than - * one supported by the system, then the policy will be downgraded to - * the system's maximum value. - */ -#define QPOL_POLICY_OPTION_MATCH_SYSTEM 0x00000004 - /** * List of capabilities a policy may have. This list represents * features of policy that may differ from version to version or diff --git a/setools/policyrep/qpol.i b/setools/policyrep/qpol.i index 267250d..58e1991 100644 --- a/setools/policyrep/qpol.i +++ b/setools/policyrep/qpol.i @@ -161,7 +161,6 @@ def qpol_policy_factory(path): /* qpol_policy */ #define QPOL_POLICY_OPTION_NO_NEVERALLOWS 0x00000001 #define QPOL_POLICY_OPTION_NO_RULES 0x00000002 -#define QPOL_POLICY_OPTION_MATCH_SYSTEM 0x00000004 /* add maximum and minimum policy versions supported by the statically linked libsepol */ %constant int QPOL_POLICY_MAX_VERSION = POLICYDB_VERSION_MAX; %constant int QPOL_POLICY_MIN_VERSION = POLICYDB_VERSION_MIN;