1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
Index: trunk/ChangeLog
===================================================================
--- trunk/ChangeLog (revision 4945)
+++ trunk/ChangeLog (revision 4951)
@@ -1,2 +1,4 @@
+ * Fix compile errors on new parameter in libsepol role_set_expand().
+
2010-05-07 Spencer Shimko <sshimko@tresys.com>
Index: trunk/libqpol/src/policy_define.c
===================================================================
--- trunk/libqpol/src/policy_define.c (revision 4933)
+++ trunk/libqpol/src/policy_define.c (revision 4951)
@@ -2133,5 +2133,7 @@
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
-#ifdef HAVE_SEPOL_USER_ROLE_MAPPING
+#ifdef HAVE_SEPOL_ROLE_ATTRS
+ if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
+#elif HAVE_SEPOL_USER_ROLE_MAPPING
if (role_set_expand(&roles, &e_roles, policydbp, NULL))
#else
Index: trunk/configure.ac
===================================================================
--- trunk/configure.ac (revision 4937)
+++ trunk/configure.ac (revision 4951)
@@ -498,7 +498,23 @@
CPPFLAGS="${CPPFLAGS} ${SELINUX_CFLAGS}"
-dnl check for user and role mapping, added in libsepol version 2.0.29
-AC_MSG_CHECKING([for user and role mappings])
+dnl check for role attribute, added in libsepol 2.0.46
+AC_MSG_CHECKING([for libsepol role_set_expand() role attribute support])
AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([
+#include <sepol/policydb/expand.h>
+int main () {
+ return role_set_expand(NULL, NULL, NULL, NULL, NULL);
+}])],
+ sepol_role_attrs="yes",
+ sepol_role_attrs="no")
+AC_MSG_RESULT([${sepol_role_attrs}])
+
+if test ${sepol_role_attrs} == "yes"; then
+ sepol_new_user_role_mapping="yes"
+ sepol_role_set_expand_base="yes"
+else
+ dnl check for user and role mapping, added in libsepol version 2.0.29
+ AC_MSG_CHECKING([for libsepol role_set_expand() user and role mappings])
+ AC_COMPILE_IFELSE(
[AC_LANG_SOURCE([
#include <sepol/policydb/expand.h>
@@ -508,5 +524,26 @@
sepol_new_user_role_mapping="yes",
sepol_new_user_role_mapping="no")
-AC_MSG_RESULT([${sepol_new_user_role_mapping}])
+ AC_MSG_RESULT([${sepol_new_user_role_mapping}])
+
+ if test ${sepol_new_user_role_mapping} == "no"; then
+ dnl if this is not the original role_set_expand(), this libsepol is too new
+ AC_MSG_CHECKING([for libsepol role_set_expand() original version])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_SOURCE([
+#include <sepol/policydb/expand.h>
+int main () {
+ return role_set_expand(NULL, NULL, NULL);
+}])],
+ sepol_role_set_expand_base="yes",
+ sepol_role_set_expand_base="no")
+ AC_MSG_RESULT([${sepol_role_set_expand_base}])
+
+ if test ${sepol_role_set_expand_base} == "no"; then
+ AC_MSG_ERROR([this version of libsepol is incompatible with SETools])
+ fi
+ else
+ sepol_role_set_expand_base="yes"
+ fi
+fi
dnl check for permissive types, added in libsepol version 2.0.26
@@ -820,4 +857,7 @@
AC_DEFINE(HAVE_SEPOL_USER_ROLE_MAPPING, 1, [if users and roles are mapped during policy expansion])
fi
+if test ${sepol_role_attrs} == "yes"; then
+ AC_DEFINE(HAVE_SEPOL_ROLE_ATTRS, 1, [if role attributes are supported])
+fi
if test ${use_shared} == "yes"; then
|
