Merge pull request #131 from jbrindle/master

MacOS support
2025-04-10 11:31:25 +00:00 · 2016-04-22 13:08:24 -04:00 · 2016-04-22 13:08:24 -04:00 · ee4584ddc8
commit ee4584ddc8
parent 61613cf3f4 ac1550cc20
14 changed files with 62 additions and 368 deletions
--- a/MANIFEST.in
+++ b/MANIFEST.in
@ -11,3 +11,4 @@ include qhc/*
 include tests/*.conf
 include tests/*.py
 include tests/perm_map
 include include/*
--- a/include/linux_types.h
+++ b/include/linux_types.h
@ -0,0 +1,18 @@
 #ifndef linux_types_h
 #define linux_types_h
 #ifdef __linux__
 # include "linux/types.h"
 #else
 # include <stdint.h>
 typedef int32_t __s32;
 typedef uint32_t __u32;
 typedef uint8_t __u8;
 typedef uint16_t __u16;
 #define s6_addr32	__u6_addr32
 #define IPPROTO_DCCP 33
 #endif
 #endif
--- a/libqpol/config.h
+++ b/libqpol/config.h
@ -16,9 +16,6 @@
 /* Define to 1 if you have the `bz2' library (-lbz2). */
 #define HAVE_LIBBZ2 1
 /* Define to 1 if you have the `selinux' library (-lselinux). */
 #define HAVE_LIBSELINUX 1
 /* Define to 1 if you have the `sepol' library (-lsepol). */
 #define HAVE_LIBSEPOL 1
@ -111,9 +108,6 @@
 /* libsefs version */
 #define LIBSEFS_VERSION_STRING "4.0.4"
 /* enable libselinux-specific code */
 #define LIBSELINUX 1
 /* link programs using shared libraries */
 #define LINK_SHARED 1
--- a/libqpol/include/qpol/policy.h
+++ b/libqpol/include/qpol/policy.h
@ -85,14 +85,6 @@ extern "C"
 */
 #define QPOL_POLICY_OPTION_NO_RULES       0x00000002
 /**
 *  When loading the policy, attempt to interpret it as the way the
 *  running system would.  If the policy is of a version higher than
 *  one supported by the system, then the policy will be downgraded to
 *  the system's maximum value.
 */
 #define QPOL_POLICY_OPTION_MATCH_SYSTEM   0x00000004
 /**
 *  List of capabilities a policy may have. This list represents
 *  features of policy that may differ from version to version or
--- a/libqpol/libqpol.map
+++ b/libqpol/libqpol.map
@ -1,87 +0,0 @@
 VERS_1.2 {
 	global:
 		qpol_avrule_*;
 		qpol_bool_*;
 		qpol_cat_*;
 		qpol_class_*;
 		qpol_common_*;
 		qpol_cond_*;
 		qpol_constraint_*;
 		qpol_context_*;
 		qpol_default_policy_find;
 		qpol_fs_use_*;
 		qpol_genfscon_*;
 		qpol_isid_*;
 		qpol_iterator_end;
 		qpol_iterator_next;
 		qpol_iterator_get_*;
 		qpol_iterator_destroy;
 		qpol_level_*;
 		qpol_mls_*;
 		qpol_module_*;
 		qpol_netifcon_*;
 		qpol_nodecon_*;
 		qpol_perm_*;
 		qpol_policy_append_module;
 		qpol_policy_build_syn_rule_table;
 		qpol_policy_destroy;
 		qpol_policy_get_*;
 		qpol_policy_has_capability;
 		qpol_policy_open_from_file;
 		qpol_policy_open_from_file_no_rules;
 		qpol_policy_open_from_memory;
 		qpol_policy_rebuild;
 		qpol_policy_reevaluate_conds;
 		qpol_portcon_*;
 		qpol_range_trans_*;
 		qpol_filename_trans_*;
 		qpol_role_*;
 		qpol_syn_avrule_*;
 		qpol_syn_terule_*;
 		qpol_terule_*;
 		qpol_type_get_alias_iter;
 		qpol_type_get_attr_iter;
 		qpol_type_get_isalias;
 		qpol_type_get_isattr;
 		qpol_type_get_name;
 		qpol_type_get_type_iter;
 		qpol_type_get_value;
 		qpol_type_set_*;
 		qpol_user_*;
 		qpol_validatetrans_*;
 		libqpol_get_version;
 	local: *;
 };
 VERS_1.3 {
 	global:
 		qpol_policy_open_from_file;
 		qpol_policy_open_from_memory;
 		qpol_policy_rebuild;
 } VERS_1.2;
 VERS_1.4 {
 	global:
 		qpol_type_get_ispermissive;
 		qpol_type_get_parent_name;
 } VERS_1.3;
 VERS_1.5 {
 	global:
 		qpol_policy_permissive_*;
 		qpol_permissive_*;
 		qpol_typebounds_*;
 		qpol_rolebounds_*;
 		qpol_userbounds_*;
 		qpol_policy_polcap_*;
 		qpol_polcap_*;
 		qpol_default_object_*;
 		qpol_iomemcon_*;
 		qpol_ioportcon_*;
 		qpol_pcidevicecon_*;
 		qpol_pirqcon_*;
 		qpol_devicetreecon_*;
 		qpol_xperm_*;
 		init_qpol;
 		PyInit__qpol;
 } VERS_1.4;
--- a/libqpol/module_compiler.c
+++ b/libqpol/module_compiler.c
@ -152,7 +152,7 @@ int declare_symbol(uint32_t symbol_type,
 		assert(s != NULL);
 		if (symbol_type == SYM_LEVELS) {
-			*dest_value = ((level_datum_t *)s)->level->sens;
+			*dest_value = ((level_datum_t *)(void *)s)->level->sens;
 		} else {
 			*dest_value = s->value;
 		}
@ -647,7 +647,7 @@ int require_symbol(uint32_t symbol_type,
 		assert(s != NULL);
 		if (symbol_type == SYM_LEVELS) {
-			*dest_value = ((level_datum_t *)s)->level->sens;
+			*dest_value = ((level_datum_t *)(void *)s)->level->sens;
 		} else {
 			*dest_value = s->value;
 		}
@ -1074,7 +1074,7 @@ static int require_bool_tunable(int pass, int is_tunable)
 	if (is_tunable)
 		booldatum->flags |= COND_BOOL_FLAGS_TUNABLE;
 	retval =
-	    require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum,
+	    require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) (void *) booldatum,
 			   &booldatum->s.value, &booldatum->s.value);
 	if (retval != 0) {
 		cond_destroy_bool(id, booldatum, NULL);
@ -1198,7 +1198,7 @@ int require_cat(int pass)
 	}
 	cat_datum_init(cat);
-	retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) cat,
+	retval = require_symbol(SYM_CATS, id, (hashtab_datum_t *) (void *)cat,
 				&cat->s.value, &cat->s.value);
 	if (retval != 0) {
 		free(id);
--- a/libqpol/policy.c
+++ b/libqpol/policy.c
@ -28,8 +28,6 @@
 #include "qpol_internal.h"
 #include <assert.h>
 #include <byteswap.h>
 #include <endian.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <limits.h>
@ -37,7 +35,15 @@
 #include <stdlib.h>
 #include <sys/mman.h>
 #include <sys/stat.h>
-#include <asm/types.h>
+
 #ifdef DARWIN
 # include "linux_types.h"
 # include <machine/endian.h>
 # include <sys/types.h>
 #else
 # include <endian.h>
 # include <asm/types.h>
 #endif
 #include <sepol/debug.h>
 #include <sepol/handle.h>
@ -779,15 +785,6 @@ err:
 struct qpol_extended_image;
 extern void qpol_extended_image_destroy(struct qpol_extended_image **ext);
 #if LINK_SHARED == 1
 __asm__(".symver qpol_policy_open_from_file_old,qpol_policy_open_from_file@");
 __asm__(".symver qpol_policy_open_from_file_opt,qpol_policy_open_from_file@@VERS_1.3");
 __asm__(".symver qpol_policy_open_from_memory_old,qpol_policy_open_from_memory@");
 __asm__(".symver qpol_policy_open_from_memory_opt,qpol_policy_open_from_memory@VERS_1.3");
 __asm__(".symver qpol_policy_rebuild_old,qpol_policy_rebuild@");
 __asm__(".symver qpol_policy_rebuild_opt,qpol_policy_rebuild@@VERS_1.3");
 #endif
 /**
 * @brief Internal version of qpol_policy_rebuild() version 1.3
 *
@ -795,7 +792,7 @@ __asm__(".symver qpol_policy_rebuild_opt,qpol_policy_rebuild@@VERS_1.3");
 * for version 1.3; this symbol name is not exported.
 * @see qpol_policy_rebuild()
 */
-int qpol_policy_rebuild_opt(qpol_policy_t * policy, const int options)
+int qpol_policy_rebuild(qpol_policy_t * policy, const int options)
 {
 	sepol_policydb_t *old_p = NULL;
 	sepol_policydb_t **modules = NULL;
@ -928,39 +925,6 @@ int qpol_policy_rebuild_opt(qpol_policy_t * policy, const int options)
 	return STATUS_ERR;
 }
 #if LINK_SHARED == 0
 int qpol_policy_rebuild(qpol_policy_t * policy, int options)
 {
 	return qpol_policy_rebuild_opt(policy, options);
 }
 #endif
 /**
 * @brief Internal version of qpol_policy_rebuild() version 1.2 or earlier
 * @deprecated use the 1.3 version.
 * @see qpol_policy_rebuild()
 */
 int qpol_policy_rebuild_old(qpol_policy_t * policy)
 {
 	if (!policy) {
 		ERR(NULL, "%s", strerror(EINVAL));
 		errno = EINVAL;
 		return STATUS_ERR;
 	}
 	/* fail if not a modular policy */
 	if (policy->type != QPOL_POLICY_MODULE_BINARY) {
 		ERR(policy, "%s", strerror(ENOTSUP));
 		errno = ENOTSUP;
 		return STATUS_ERR;
 	}
 	if (!policy->modified)
 		return STATUS_SUCCESS;
 	return qpol_policy_rebuild_opt(policy, policy->options);
 }
 /**
 * @brief Internal version of qpol_policy_open_from_file() version 1.3
 *
@ -968,7 +932,7 @@ int qpol_policy_rebuild_old(qpol_policy_t * policy)
 * for version 1.3; this symbol name is not exported.
 * @see qpol_policy_open_from_file()
 */
-int qpol_policy_open_from_file_opt(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg, const int options)
+int qpol_policy_open_from_file(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg, const int options)
 {
 	int error = 0, retv = -1;
 	FILE *infile = NULL;
@ -1057,7 +1021,7 @@ int qpol_policy_open_from_file_opt(const char *path, qpol_policy_t ** policy, qp
 		}
 		/* *policy now owns mod */
 		mod = NULL;
-		if (qpol_policy_rebuild_opt(*policy, options)) {
+		if (qpol_policy_rebuild(*policy, options)) {
 			error = errno;
 			goto err;
 		}
@ -1146,18 +1110,6 @@ int qpol_policy_open_from_file_opt(const char *path, qpol_policy_t ** policy, qp
 	return -1;
 }
 #if LINK_SHARED == 0
 int qpol_policy_open_from_file(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg, const int options)
 {
 	return qpol_policy_open_from_file_opt(path, policy, fn, varg, options);
 }
 #endif
 int qpol_policy_open_from_file_no_rules(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg)
 {
 	return qpol_policy_open_from_file_opt(path, policy, fn, varg, QPOL_POLICY_OPTION_NO_RULES);
 }
 /**
 * @brief Internal version of qpol_policy_open_from_memory() version 1.3
 *
@ -1165,7 +1117,7 @@ int qpol_policy_open_from_file_no_rules(const char *path, qpol_policy_t ** polic
 * for version 1.3; this symbol name is not exported.
 * @see qpol_policy_open_from_memory()
 */
-int qpol_policy_open_from_memory_opt(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg,
+int qpol_policy_open_from_memory(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg,
 				     const int options)
 {
 	int error = 0;
@ -1258,34 +1210,6 @@ int qpol_policy_open_from_memory_opt(qpol_policy_t ** policy, const char *fileda
 }
 #if LINK_SHARED == 0
 int qpol_policy_open_from_memory(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg,
 				 const int options)
 {
 	return qpol_policy_open_from_memory_opt(policy, filedata, size, fn, varg, options);
 }
 #endif
 /**
 * @brief Internal version of qpol_policy_open_from_file() version 1.2 or earlier
 * @deprecated use the 1.3 version.
 * @see qpol_policy_open_from_file()
 */
 int qpol_policy_open_from_file_old(const char *path, qpol_policy_t ** policy, qpol_callback_fn_t fn, void *varg)
 {
 	return qpol_policy_open_from_file(path, policy, fn, varg, 0);
 }
 /**
 * @brief Internal version of qpol_policy_open_from_memory() version 1.2 or earlier
 * @deprecated use the 1.3 version.
 * @see qpol_policy_open_from_memory()
 */
 int qpol_policy_open_from_memory_old(qpol_policy_t ** policy, const char *filedata, size_t size, qpol_callback_fn_t fn, void *varg)
 {
 	return qpol_policy_open_from_memory_opt(policy, filedata, size, fn, varg, 0);
 }
 void qpol_policy_destroy(qpol_policy_t ** policy)
 {
 	if (policy != NULL && *policy != NULL) {
--- a/libqpol/policy_define.c
+++ b/libqpol/policy_define.c
@ -57,6 +57,10 @@
 #include <sepol/policydb/polcaps.h>
 #include "queue.h"
 #ifdef DARWIN
 #include "linux_types.h"
 #endif
 /* Required for SETools libqpol - Removed #include "checkpolicy.h"*/
 #include <qpol/policy.h>
--- a/libqpol/policy_extend.c
+++ b/libqpol/policy_extend.c
@ -39,7 +39,6 @@
 #include <qpol/policy.h>
 #include <qpol/policy_extend.h>
 #include <qpol/iterator.h>
 #include <selinux/selinux.h>
 #include <errno.h>
 #include <assert.h>
 #include <stdio.h>
@ -446,35 +445,6 @@ static int qpol_policy_add_isid_names(qpol_policy_t * policy)
 	return 0;
 }
 /**
 *  If the given policy's version is higher than the running system's
 *  version, then mark it as different.  In a future version of
 *  libqpol, accessors will return data as if the policy were really
 *  the new version rather than what it actually is.
 */
 static int qpol_policy_match_system(qpol_policy_t * policy)
 {
 	int kernvers = security_policyvers();
 	unsigned int currentvers = policy->p->p.policyvers;
 	int error;
 	if (kernvers < 0) {
 		error = errno;
 		ERR(policy, "%s", "Could not determine running system's policy version.");
 		errno = error;
 		return -1;
 	}
 	if (currentvers > (unsigned)kernvers) {
 		if (sepol_policydb_set_vers(policy->p, kernvers)) {
 			error = errno;
 			ERR(policy, "Could not downgrade policy to version %d.", kernvers);
 			errno = error;
 			return -1;
 		}
 		WARN(policy, "Policy would be downgraded from version %d to %d.", currentvers, kernvers);
 	}
 	return 0;
 }
 /**
 *  Walks the conditional list and adds links for reverse look up from
 *  a te/av rule to the conditional from which it came.
@ -1025,10 +995,6 @@ int policy_extend(qpol_policy_t * policy)
 		error = errno;
 		goto err;
 	}
 	if ((policy->options & QPOL_POLICY_OPTION_MATCH_SYSTEM) && qpol_policy_match_system(policy)) {
 		error = errno;
 		goto err;
 	}
 	if (policy->options & QPOL_POLICY_OPTION_NO_RULES)
 		return STATUS_SUCCESS;
--- a/libqpol/util.c
+++ b/libqpol/util.c
@ -38,144 +38,14 @@
 #include <sys/stat.h>
 #include <sys/types.h>
 #include <selinux/selinux.h>
 const char *libqpol_get_version(void)
 {
 	return LIBQPOL_VERSION_STRING;
 }
 static int search_policy_source_file(char **path)
 {
 	int error;
 	char *source_path;
 	if (asprintf(&source_path, "%s/src/policy/policy.conf", selinux_policy_root()) < 0) {
 		return -1;
 	}
 	if (access(source_path, R_OK) < 0) {
 		error = errno;
 		free(source_path);
 		errno = error;
 		return 1;
 	}
 	*path = source_path;
 	return 0;
 }
 static int get_binpol_version(const char *policy_fname)
 {
 	FILE *policy_fp = NULL;
 	int ret_version, error;
 	policy_fp = fopen(policy_fname, "r");
 	if (policy_fp == NULL) {
 		return -1;
 	}
 	if (!qpol_is_file_binpol(policy_fp)) {
 		error = errno;
 		fclose(policy_fp);
 		errno = error;
 		return -1;
 	}
 	ret_version = qpol_binpol_version(policy_fp);
 	fclose(policy_fp);
 	return ret_version;
 }
 static int search_policy_binary_file(char **path)
 {
 	const char *binary_path;
 	if ((binary_path = selinux_binary_policy_path()) == NULL) {
 		return -1;
 	}
 	int expected_version = -1, latest_version = -1;
 #ifdef LIBSELINUX
 	/* if the system has SELinux enabled, prefer the policy whose
 	   name matches the current policy version */
 	if ((expected_version = security_policyvers()) < 0) {
 		return -1;
 	}
 #endif
 	glob_t glob_buf;
 	struct stat fs;
 	int rt, error = 0, retval = -1;
 	size_t i;
 	char *pattern = NULL;
 	if (asprintf(&pattern, "%s.*", binary_path) < 0) {
 		return -1;
 	}
 	glob_buf.gl_offs = 1;
 	glob_buf.gl_pathc = 0;
 	rt = glob(pattern, GLOB_DOOFFS, NULL, &glob_buf);
 	if (rt != 0 && rt != GLOB_NOMATCH) {
 		errno = EIO;
 		return -1;
 	}
 	for (i = 0; i < glob_buf.gl_pathc; i++) {
 		char *p = glob_buf.gl_pathv[i + glob_buf.gl_offs];
 		if (stat(p, &fs) != 0) {
 			error = errno;
 			goto cleanup;
 		}
 		if (S_ISDIR(fs.st_mode))
 			continue;
 		if ((rt = get_binpol_version(p)) < 0) {
 			error = errno;
 			goto cleanup;
 		}
 		if (rt > latest_version || rt == expected_version) {
 			free(*path);
 			if ((*path = strdup(p)) == NULL) {
 				error = errno;
 				goto cleanup;
 			}
 			if (rt == expected_version) {
 				break;
 			}
 			latest_version = rt;
 		}
 	}
 	if (*path == NULL) {
 		retval = 1;
 	} else {
 		retval = 0;
 	}
      cleanup:
 	free(pattern);
 	globfree(&glob_buf);
 	if (retval == -1) {
 		errno = error;
 	}
 	return retval;
 }
 int qpol_default_policy_find(char **path)
 {
 	int rt;
 	if (path == NULL) {
 		errno = EINVAL;
 		return -1;
 	}
 	*path = NULL;
 	/* Try default source policy first as a source policy contains
 	 * more useful information. */
 	if ((rt = search_policy_source_file(path)) <= 0) {
 		return rt;
 	}
 	/* Try a binary policy */
 	return search_policy_binary_file(path);
 }
 #include <stdlib.h>
 #include <bzlib.h>
 #include <string.h>
 #include <sys/sendfile.h>
 #define BZ2_MAGICSTR "BZh"
 #define BZ2_MAGICLEN (sizeof(BZ2_MAGICSTR)-1)
--- a/libqpol/xen_query.c
+++ b/libqpol/xen_query.c
@ -29,6 +29,9 @@
 #include "qpol_internal.h"
 #include "iterator_internal.h"
 #define __STDC_FORMAT_MACROS
 #include <inttypes.h>
 /******************************* iomemcon **************************/
 int qpol_policy_get_iomemcon_by_addr(const qpol_policy_t *policy,
 				    uint64_t low, uint64_t high,
@ -56,7 +59,7 @@ int qpol_policy_get_iomemcon_by_addr(const qpol_policy_t *policy,
 	*ocon = (qpol_iomemcon_t *) tmp;
 	if (*ocon == NULL) {
-		ERR(policy, "could not find iomemcon statement for %lu-%lu",
+		ERR(policy, "could not find iomemcon statement for %" PRIu64 "-%" PRIu64,
 								    low, high);
 		errno = ENOENT;
 		return STATUS_ERR;
--- a/setools/policyrep/netcontext.py
+++ b/setools/policyrep/netcontext.py
@ -19,6 +19,8 @@
 from socket import IPPROTO_TCP, IPPROTO_UDP, getprotobyname
 from collections import namedtuple
 import socket
 from . import qpol
 from . import symbol
 from . import context
@ -27,7 +29,10 @@ port_range = namedtuple("port_range", ["low", "high"])
 # Python does not have a constant
 # for the DCCP protocol.
-IPPROTO_DCCP = getprotobyname("dccp")
+try:
    IPPROTO_DCCP = getprotobyname("dccp")
 except socket.error:
    IPPROTO_DCCP = 33
 def netifcon_factory(policy, name):
--- a/setools/policyrep/qpol.i
+++ b/setools/policyrep/qpol.i
@ -161,7 +161,6 @@ def qpol_policy_factory(path):
 /* qpol_policy */
 #define QPOL_POLICY_OPTION_NO_NEVERALLOWS 0x00000001
 #define QPOL_POLICY_OPTION_NO_RULES       0x00000002
 #define QPOL_POLICY_OPTION_MATCH_SYSTEM   0x00000004
 /* add maximum and minimum policy versions supported by the statically linked libsepol */
 %constant int QPOL_POLICY_MAX_VERSION = POLICYDB_VERSION_MAX;
 %constant int QPOL_POLICY_MIN_VERSION = POLICYDB_VERSION_MIN;
--- a/setup.py
+++ b/setup.py
@ -84,9 +84,14 @@ except KeyError:
    # chooses dynamic libraries over static ones, so
    # this assumes that the static lib is in the same directory
    # as the dynamic lib.
-    dynamic_sepol = UnixCCompiler().find_library_file(['/usr/lib64', '/usr/lib'], 'sepol')
+    dynamic_sepol = UnixCCompiler().find_library_file(['.', '/usr/lib64', '/usr/lib'], 'sepol')
    static_sepol = dynamic_sepol.replace(".so", ".a")
 if sys.platform.startswith('darwin'):
    macros=[('DARWIN',1)]
 else:
    macros=[]
 ext_py_mods = [Extension('setools.policyrep._qpol',
                         ['setools/policyrep/qpol.i',
                          'libqpol/avrule_query.c',
@ -126,8 +131,8 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
                          'libqpol/policy_parse.c',
                          'libqpol/policy_scan.c',
                          'libqpol/xen_query.c'],
-                         include_dirs=['libqpol', 'libqpol/include'],
+                         include_dirs=['libqpol', 'libqpol/include', 'include'],
-                         libraries=['bz2', 'selinux', 'sepol'],
+                         libraries=['bz2'],
                         extra_compile_args=['-Werror', '-Wextra',
                                             '-Waggregate-return',
                                             '-Wcast-align',
@ -145,12 +150,12 @@ ext_py_mods = [Extension('setools.policyrep._qpol',
                                             '-Wwrite-strings',
                                             '-Wno-missing-field-initializers', # SWIG 3.0.2 generates partially-initialized structs
                                             '-Wno-unused-parameter', # SWIG generates functions with unused parameters
-                                             '-Wno-cast-qual', # libsepol/libselinux uses const-to-nonconst casts
+                                             '-Wno-cast-qual', # libsepol uses const-to-nonconst casts
                                             '-Wno-shadow', # SWIG generates shadow variables
                                             '-fno-exceptions'],
-                         extra_objects=[static_sepol],
+                         swig_opts=['-Ilibqpol/include'],
-                         extra_link_args=['-Wl,--version-script=libqpol/libqpol.map'],
+                         define_macros=macros,
-                         swig_opts=['-Ilibqpol/include'])]
+                         extra_objects=[static_sepol])]
 setup(name='setools',
      version='4.0.0-beta',