From 5704167428a3eec37c4d5e92035a83ac62f0f654 Mon Sep 17 00:00:00 2001
From: zyppe <210hcl@gmail.com>
Date: Thu, 29 Feb 2024 14:37:18 +0800
Subject: [PATCH] Initialize for libsepol
---
.gitignore | 1 +
.libsepol.metadata | 1 +
baselibs.conf | 1 +
libsepol.changes | 221 +++++++++++++++++++++++++++++++++++++++++++++
libsepol.spec | 111 +++++++++++++++++++++++
5 files changed, 335 insertions(+)
create mode 100644 .gitignore
create mode 100644 .libsepol.metadata
create mode 100644 baselibs.conf
create mode 100644 libsepol.changes
create mode 100644 libsepol.spec
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..1283409
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+libsepol-3.1.tar.gz
diff --git a/.libsepol.metadata b/.libsepol.metadata
new file mode 100644
index 0000000..9d52c78
--- /dev/null
+++ b/.libsepol.metadata
@@ -0,0 +1 @@
+4346745f7dba991a82b64d2f3615d0398e8e5aa98d15740f0ee920819caf507f libsepol-3.1.tar.gz
diff --git a/baselibs.conf b/baselibs.conf
new file mode 100644
index 0000000..26a5865
--- /dev/null
+++ b/baselibs.conf
@@ -0,0 +1 @@
+libsepol1
diff --git a/libsepol.changes b/libsepol.changes
new file mode 100644
index 0000000..9ab2891
--- /dev/null
+++ b/libsepol.changes
@@ -0,0 +1,221 @@
+* Tue Jul 14 2020 jsegitz@suse.com
+- Update to version 3.1
+ * Add support for new polcap genfs_seclabel_symlinks
+ * Initialize the multiple_decls field of the cil db
+ * Return error when identifier declared as both type and attribute
+ * Write CIL default MLS rules on separate lines
+ * Sort portcon rules consistently
+ * Remove leftovers of cil_mem_error_handler
+ * Drop remove_cil_mem_error_handler.patch, is included
+* Mon Apr 27 2020 mliska@suse.cz
+- Enable -fcommon in order to fix boo#1160874.
+* Tue Mar 3 2020 jsegitz@suse.de
+- Update to version 3.0
+ * cil: Allow validatetrans rules to be resolved
+ * cil: Report disabling an optional block only at high verbose levels
+ * cil: do not dereference perm_value_to_cil when it has not been allocated
+ * cil: fix mlsconstrain segfault
+ * Further improve binary policy optimization
+ * Make an unknown permission an error in CIL
+ * Remove cil_mem_error_handler() function pointer
+ * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
+ * Add a function to optimize kernel policy
+ * Add ebitmap_for_each_set_bit macro
+ Dropped fnocommon.patch as it's included upstream
+* Thu Jan 30 2020 jsegitz@suse.de
+- Add fnocommon.patch to prevent build failures on gcc10 and
+ remove_cil_mem_error_handler.patch to prevent build failures due to
+ leftovers from the removal of cil_mem_error_handler (bsc#1160874)
+* Thu Jun 20 2019 mliska@suse.cz
+- Disable LTO due to symbol versioning (boo#1138813).
+* Wed Mar 20 2019 jsegitz@suse.com
+- Update to version 2.9
+ * Add two new Xen initial SIDs
+ * Check that initial sid indexes are within the valid range
+ * Create policydb_sort_ocontexts()
+ * Eliminate initial sid string definitions in module_to_cil.c
+ * Rename kernel_to_common.c stack functions
+ * add missing ibendport port validity check
+ * destroy the copied va_list
+ * do not call malloc with 0 byte
+ * do not leak memory if list_prepend fails
+ * do not use uninitialized value for low_value
+ * fix endianity in ibpkey range checks
+ * ibpkeys.c: fix printf format string specifiers for subnet_prefix
+ * mark permissive types when loading a binary policy
+* Thu Nov 8 2018 jengelh@inai.de
+- Use more %%make_install.
+* Thu Nov 8 2018 jsegitz@suse.com
+- Adjusted source urls (bsc#1115052)
+* Wed Oct 17 2018 jsegitz@suse.com
+- Update to version 2.8 (bsc#1111732)
+ For changes please see
+ https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20180524/RELEASE-20180524.txt
+* Wed May 16 2018 mcepl@suse.com
+- Rebase to 2.7
+ For changes please see
+ https://raw.githubusercontent.com/wiki/SELinuxProject/selinux/files/releases/20170804/RELEASE-20170804.txt
+* Fri Nov 24 2017 jsegitz@suse.com
+- Update to version 2.6. Notable changes:
+ * Add support for converting extended permissions to CIL
+ * Create user and role caches when building binary policy
+ * Check for too many permissions in classes and commons in CIL
+ * Fix xperm mapping between avrule and avtab
+ * Produce more meaningful error messages for conflicting type rules in CIL
+ * Change which attributes CIL keeps in the binary policy
+ * Warn instead of fail if permission is not resolved
+ * Ignore object_r when adding userrole mappings to policydb
+ * Correctly detect unknown classes in sepol_string_to_security_class
+ * Fix neverallowxperm checking on attributes
+ * Only apply bounds checking to source types in rules
+ * Fix CIL and not add an attribute as a type in the attr_type_map
+ * Fix extended permissions neverallow checking
+ * Fix CIL neverallow and bounds checking
+ * Add support for portcon dccp protocol
+* Fri Jul 15 2016 jengelh@inai.de
+- Update RPM groups, trim description and combine filelist entries.
+* Thu Jul 14 2016 mpluskal@suse.com
+- Cleanup spec file with spec-cleaner
+- Make spec file a bit more easy
+- Ship new supbackage (-tools)
+* Thu Jul 14 2016 jsegitz@novell.com
+- Without bug number no submit to SLE 12 SP2 is possible, so to make
+ sle-changelog-checker happy: bsc#988977
+* Thu Jul 14 2016 jsegitz@novell.com
+- Adjusted source link
+* Tue Jul 5 2016 i@marguerite.su
+- update version 2.5
+ * Fix unused variable annotations
+ * Fix uninitialized variable in CIL
+ * Validate extended avrules and permissionxs in CIL
+ * Add support in CIL for neverallowx
+ * Fully expand neverallowxperm rules
+ * Add support for unordered classes to CIL
+ * Add neverallow support for ioctl extended permissions
+ * Improve CIL block and macro call recursion detection
+ * Fix CIL uninitialized false positive in cil_binary
+ * Provide error in CIL if classperms are empty
+ * Add userattribute{set} functionality to CIL
+ * fix CIL blockinherit copying segfault and add macro restrictions
+ * fix CIL NULL pointer dereference when copying classpermission/set
+ * Add CIL support for ioctl whitelists
+ * Fix memory leak when destroying avtab
+ * Replace sscanf in module_to_cil
+ * Improve CIL resolution error messages
+ * Fix policydb_read for policy versions < 24
+ * Added CIL bounds checking and refactored CIL Neverallow checking
+ * Refactored libsepol Neverallow and bounds (hierarchy) checking
+ * Treat types like an attribute in the attr_type_map
+ * Add new ebitmap function named ebitmap_match_any()
+ * switch operations to extended perms
+ * Write auditadm_r and secadm_r roles to base module when writing CIL
+ * Fix module to CIL to only associate declared roleattributes with in-scope types
+ * Don't allow categories/sensitivities inside blocks in CIL
+ * Replace fmemopen() with internal function in libsepol
+ * Verify users prior to evaluating users in cil
+ * Binary modules do not support ioctl rules
+ * Add support for ioctl command whitelisting
+ * Don't use symbol versioning for static object files
+ * Add sepol_module_policydb_to_cil(), sepol_module_package_to_cil(),
+ and sepol_ppfile_to_module_package()
+ * Move secilc out of libsepol
+ * fix building Xen policy with devicetreecon, and add devicetreecon
+ CIL documentation
+ * bool_copy_callback set state on creation
+ * Add device tree ocontext nodes to Xen policy
+ * Widen Xen IOMEM context entries
+ * Fix error path in mls_semantic_level_expand()
+ * Update to latest CIL, includes new name resolution and fixes ordering
+ issues with blockinherit statements, and bug fixes
+- changes in 2.4
+ * Remove assumption that SHLIBDIR is ../../ relative to LIBDIR
+ * Fix bugs found by hardened gcc flags
+ * Build CIL into libsepol. libsepol can be built without CIL by setting the
+ DISABLE_CIL flag to 'y'
+ * Add an API function to set target_platform
+ * Report all neverallow violations
+ * Improve check_assertions performance
+ * Allow libsepol C++ static library on device
+* Fri May 16 2014 vcizek@suse.com
+- update to 2.3
+ * Improve error message for name-based transition conflicts.
+ * Revert libsepol: filename_trans: use some better sorting to compare and merge.
+ * Report source file and line information for neverallow failures.
+ * Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
+ * Add sepol_validate_transition_reason_buffer function from Richard Haines.
+- dropped libsepol-2.1.4-role_fix_callback.patch (upstream)
+* Thu Oct 31 2013 p.drouand@gmail.com
+- Update to version 2.2
+ * Allow constraint denial cause to be determined
+ - Add kernel policy version 29.
+ - Add modular policy version 17.
+ - Add sepol_compute_av_reason_buffer(), sepol_string_to_security
+ _class(), sepol_string_to_av_perm().
+ * Support overriding Makefile RANLIB
+ * Fix man pages
+- Remove libsepol-rhat.patch; merged on upstream
+* Thu Jun 27 2013 vcizek@suse.com
+- change the source url to the official 2.1.9 release tarball
+* Sat Jun 22 2013 crrodriguez@opensuse.org
+- Build with LFS_CFLAGS for 32 bit archs
+* Fri Apr 5 2013 vcizek@suse.com
+- remove a debugging artifact in spec
+* Thu Apr 4 2013 vcizek@suse.com
+- fixed source url
+* Wed Feb 13 2013 vcizek@suse.com
+- update to 2.1.9
+ * filename_trans: use some better sorting to compare and merge
+ * coverity fixes
+ * implement default type policy syntax
+ * Fix memory leak issues found by Klocwork
+- added libsepol-rhat.patch
+* Mon Jan 7 2013 jengelh@inai.de
+- Remove obsolete defines/sections
+* Mon Dec 10 2012 p.drouand@gmail.com
+- Update to 2.1.8 version:
+ * fix neverallow checking on attributes
+ * Move context_copy() after switch block in ocontext_copy_*().
+ * check for missing initial SID labeling statement.
+ * Add always_check_network policy capability
+ * role_fix_callback skips out-of-scope roles during expansion.
+* Thu Oct 25 2012 vcizek@suse.com
+- skip roles which are out of scope when expanding attributes
+- needed for building selinux-policy
+* Wed Jul 25 2012 meissner@suse.com
+- updated to 2.1.4
+ - lots of updates
+* Wed Oct 5 2011 uli@suse.com
+- cross-build fix: use %%__cc macro
+* Mon Jun 28 2010 jengelh@medozas.de
+- use %%_smp_mflags
+* Sat Apr 24 2010 coolo@novell.com
+- buildrequire pkg-config to fix provides
+* Thu Feb 25 2010 prusnak@suse.cz
+- updated to 2.0.41
+ * changes too numerous to list
+* Sun Dec 13 2009 jengelh@medozas.de
+- add baselibs.conf as a source
+* Wed Nov 11 2009 crrodriguez@opensuse.org
+- libsepol-devel Requires glibc-devel
+* Fri Jun 19 2009 prusnak@suse.cz
+- put static library in libsepol-devel-static
+* Wed May 27 2009 prusnak@suse.cz
+- updated to 2.0.36
+ * fix alias field in module format, caused by boundary format
+ change from Caleb Case
+ * fix boolean state smashing from Joshua Brindle
+* Mon Dec 1 2008 prusnak@suse.cz
+- updated to 2.0.34
+ * add bounds support
+ * fix invalid aliases bug
+* Wed Oct 22 2008 mrueckert@suse.de
+- fix debug_packages_requires define
+* Tue Sep 23 2008 prusnak@suse.cz
+- require only version, not release [bnc#429053]
+* Fri Aug 22 2008 prusnak@suse.cz
+- added baselibs.conf file
+* Fri Aug 1 2008 ro@suse.de
+- fix requires for debuginfo package
+* Tue Jul 15 2008 prusnak@suse.cz
+- initial version 2.0.32
+ * based on Fedora package by Dan Walsh <dwalsh@redhat.com>
diff --git a/libsepol.spec b/libsepol.spec
new file mode 100644
index 0000000..ef864ea
--- /dev/null
+++ b/libsepol.spec
@@ -0,0 +1,111 @@
+#
+# spec file for package libsepol
+#
+# Copyright (c) 2022-2023 ZhuningOS
+#
+
+
+Name: libsepol
+Version: 3.1
+Release: 150400.1.70
+Summary: SELinux binary policy manipulation library
+License: LGPL-2.1-or-later
+Group: Development/Libraries/C and C++
+URL: https://github.com/SELinuxProject/selinux/wiki/Releases
+Source: https://github.com/SELinuxProject/selinux/releases/download/20200710/%{name}-%{version}.tar.gz
+Source2: baselibs.conf
+BuildRequires: flex
+BuildRequires: pkgconfig
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+
+%description
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+%package utils
+Summary: SELinux binary policy manipulation tools
+Group: System/Base
+
+%description utils
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+%package -n libsepol1
+Summary: SELinux binary policy manipulation library
+Group: System/Libraries
+
+%description -n libsepol1
+libsepol provides an API for the manipulation of SELinux binary
+policies. It is used by checkpolicy (the policy compiler) and similar
+tools, as well as by programs like load_policy that need to perform
+specific transformations on binary policies such as customizing
+policy boolean settings.
+
+(Security-enhanced Linux is a feature of the kernel and some
+utilities that implement mandatory access control policies, such as
+Type Enforcement, Role-based Access Control and Multi-Level
+Security.)
+
+%package devel
+Summary: Development files for SELinux's binary policy manipulation library
+Group: Development/Libraries/C and C++
+Requires: glibc-devel
+Requires: libsepol1 = %{version}
+
+%description devel
+The libsepol-devel package contains the libraries and header files
+needed for developing applications that manipulate binary SELinux
+policies.
+
+%package devel-static
+Summary: Static archives for SELinux's binary policy manipulation library
+Group: Development/Libraries/C and C++
+Requires: libsepol-devel = %{version}
+
+%description devel-static
+The libsepol-devel-static package contains the static libraries
+needed for developing applications that manipulate binary SELinux
+policies.
+
+%prep
+%setup -q
+
+%build
+%define _lto_cflags %{nil}
+export CFLAGS="%{optflags} -fcommon"
+make %{?_smp_mflags}
+
+%install
+%make_install LIBDIR="%{_libdir}" SHLIBDIR="/%{_lib}"
+
+%post -n libsepol1 -p /sbin/ldconfig
+%postun -n libsepol1 -p /sbin/ldconfig
+
+%files utils
+%defattr(-,root,root)
+%{_bindir}/chkcon
+%{_mandir}/man8/*.8%{ext_man}
+%{_mandir}/ru/man8/*.8%{ext_man}
+
+%files -n libsepol1
+%defattr(-,root,root)
+/%{_lib}/libsepol.so.*
+
+%files devel
+%defattr(-,root,root)
+%{_libdir}/libsepol.so
+%{_mandir}/man3/*.3%{ext_man}
+%{_includedir}/sepol/
+%{_libdir}/pkgconfig/libsepol.pc
+
+%files devel-static
+%defattr(-,root,root)
+%{_libdir}/libsepol.a
+
+%changelog