The update to libselinux 3.1 brought a lot of new warnings
when building GNU findutils, e.g.:
../gl/lib/selinux-at.h:34:1: warning: ‘security_context_t’ is deprecated
[-Wdeprecated-declarations]
34 | int getfileconat (int dir_fd, char const *file, security_context_t
*con);
| ^~~
../gl/lib/selinux-at.h:39:1: warning: ‘security_context_t’ is deprecated
[-Wdeprecated-declarations]
39 | int lgetfileconat (int dir_fd, char const *file, security_context_t
*con);
| ^~~
../gl/lib/selinux-at.h:45:1: warning: ‘security_context_t’ is deprecated
[-Wdeprecated-declarations]
45 | int setfileconat (int dir_fd, char const *file, security_context_t
con);
| ^~~
../gl/lib/selinux-at.h:52:1: warning: ‘security_context_t’ is deprecated
[-Wdeprecated-declarations]
52 | int lsetfileconat (int dir_fd, char const *file, security_context_t
con);
| ^~~
Upstream SELinux had changed from 'security_context_t' to 'char *' internally
already in 2014 [1],
and now finally deprecated the typedef [2].
[1] https://github.com/SELinuxProject/selinux/commit/9eb9c93275
[2] https://github.com/SELinuxProject/selinux/commit/7a124ca275
The attached patch changes all occurrences of 'security_context_t' to 'char *'.
Have a nice day,
Berny
>From 687fb693bebd4197f363b60d67263d7ead7cdd08 Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <bernhard.voel...@camline.com>
Date: Tue, 20 Oct 2020 00:53:41 +0200
Subject: [PATCH] selinux-at, selinux-h: port to SELinux 3.1
The new release finally deprecated the typedef 'security_context_t',
see <https://github.com/SELinuxProject/selinux/commit/7a124ca275>.
Use the simpler 'char *' instead.
* lib/getfilecon.c (getfilecon): Adjust type of context parameter.
(lgetfilecon): Likewise.
(fgetfilecon): Likewise.
(map_to_failure): Likewise.
(rpl_getfilecon): Likewise.
(rpl_lgetfilecon): Likewise.
(rpl_fgetfilecon): Likewise.
* lib/se-selinux.in.h (security_context_t): Remove typedef.
(getcon): Adjust type of context parameter.
(freecon): Likewise.
(getfscreatecon): Likewise.
(setfscreatecon): Likewise.
(matchpathcon): Likewise.
(getfilecon): Likewise.
(lgetfilecon): Likewise.
(fgetfilecon): Likewise.
(setfilecon): Likewise.
(lsetfilecon): Likewise.
(fsetfilecon): Likewise.
(security_check_context): Likewise.
(security_check_context_raw): Likewise.
(setexeccon): Likewise.
(security_compute_create): Likewise.
* lib/selinux-at.c (getfileconat): Likewise.
(lgetfileconat): Likewise.
(setfileconat): Likewise.
(lsetfileconat): Likewise.
* lib/selinux-at.h: Likewise.
---
ChangeLog | 35 +++++++++++++++++++++++++++++++++++
lib/getfilecon.c | 14 +++++++-------
lib/se-selinux.in.h | 35 +++++++++++++++++------------------
lib/selinux-at.c | 8 ++++----
lib/selinux-at.h | 8 ++++----
5 files changed, 67 insertions(+), 33 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 4903d51e9..57d24801c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,38 @@
+2020-10-20 Bernhard Voelker <m...@bernhard-voelker.de>
+
+ selinux-at, selinux-h: port to SELinux 3.1
+ The new release finally deprecated the typedef 'security_context_t',
+ see <https://github.com/SELinuxProject/selinux/commit/7a124ca275>.
+ Use the simpler 'char *' instead.
+ * lib/getfilecon.c (getfilecon): Adjust type of context parameter.
+ (lgetfilecon): Likewise.
+ (fgetfilecon): Likewise.
+ (map_to_failure): Likewise.
+ (rpl_getfilecon): Likewise.
+ (rpl_lgetfilecon): Likewise.
+ (rpl_fgetfilecon): Likewise.
+ * lib/se-selinux.in.h (security_context_t): Remove typedef.
+ (getcon): Adjust type of context parameter.
+ (freecon): Likewise.
+ (getfscreatecon): Likewise.
+ (setfscreatecon): Likewise.
+ (matchpathcon): Likewise.
+ (getfilecon): Likewise.
+ (lgetfilecon): Likewise.
+ (fgetfilecon): Likewise.
+ (setfilecon): Likewise.
+ (lsetfilecon): Likewise.
+ (fsetfilecon): Likewise.
+ (security_check_context): Likewise.
+ (security_check_context_raw): Likewise.
+ (setexeccon): Likewise.
+ (security_compute_create): Likewise.
+ * lib/selinux-at.c (getfileconat): Likewise.
+ (lgetfileconat): Likewise.
+ (setfileconat): Likewise.
+ (lsetfileconat): Likewise.
+ * lib/selinux-at.h: Likewise.
+
2020-10-18 Bruno Haible <br...@clisp.org>
ssfmalloc: Add tests.
diff --git a/lib/getfilecon.c b/lib/getfilecon.c
index a35a001b1..3f4689138 100644
--- a/lib/getfilecon.c
+++ b/lib/getfilecon.c
@@ -33,9 +33,9 @@
#undef getfilecon
#undef lgetfilecon
#undef fgetfilecon
-int getfilecon (char const *file, security_context_t *con);
-int lgetfilecon (char const *file, security_context_t *con);
-int fgetfilecon (int fd, security_context_t *con);
+int getfilecon (char const *file, char **con);
+int lgetfilecon (char const *file, char **con);
+int fgetfilecon (int fd, char **con);
/* getfilecon, lgetfilecon, and fgetfilecon can all misbehave, be it
via an old version of libselinux where these would return 0 and set the
@@ -46,7 +46,7 @@ int fgetfilecon (int fd, security_context_t *con);
set errno to ENOTSUP in the first case, and ENODATA in the latter. */
static int
-map_to_failure (int ret, security_context_t *con)
+map_to_failure (int ret, char **con)
{
if (ret == 0)
{
@@ -66,21 +66,21 @@ map_to_failure (int ret, security_context_t *con)
}
int
-rpl_getfilecon (char const *file, security_context_t *con)
+rpl_getfilecon (char const *file, char **con)
{
int ret = getfilecon (file, con);
return map_to_failure (ret, con);
}
int
-rpl_lgetfilecon (char const *file, security_context_t *con)
+rpl_lgetfilecon (char const *file, char **con)
{
int ret = lgetfilecon (file, con);
return map_to_failure (ret, con);
}
int
-rpl_fgetfilecon (int fd, security_context_t *con)
+rpl_fgetfilecon (int fd, char**con)
{
int ret = fgetfilecon (fd, con);
return map_to_failure (ret, con);
diff --git a/lib/se-selinux.in.h b/lib/se-selinux.in.h
index 05a766c10..022596bb8 100644
--- a/lib/se-selinux.in.h
+++ b/lib/se-selinux.in.h
@@ -43,64 +43,63 @@ _GL_INLINE_HEADER_BEGIN
# if !GNULIB_defined_security_types
typedef unsigned short security_class_t;
-typedef char *security_context_t;
# define is_selinux_enabled() 0
SE_SELINUX_INLINE int
-getcon (security_context_t *con _GL_UNUSED_PARAMETER)
+getcon (char **con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE void
-freecon (security_context_t con _GL_UNUSED_PARAMETER) {}
+freecon (char *con _GL_UNUSED_PARAMETER) {}
SE_SELINUX_INLINE int
-getfscreatecon (security_context_t *con _GL_UNUSED_PARAMETER)
+getfscreatecon (char **con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
-setfscreatecon (security_context_t con _GL_UNUSED_PARAMETER)
+setfscreatecon (char *con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
matchpathcon (char const *file _GL_UNUSED_PARAMETER,
mode_t m _GL_UNUSED_PARAMETER,
- security_context_t *con _GL_UNUSED_PARAMETER)
+ char **con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
getfilecon (char const *file _GL_UNUSED_PARAMETER,
- security_context_t *con _GL_UNUSED_PARAMETER)
+ char **con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
lgetfilecon (char const *file _GL_UNUSED_PARAMETER,
- security_context_t *con _GL_UNUSED_PARAMETER)
+ char **con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
-fgetfilecon (int fd, security_context_t *con _GL_UNUSED_PARAMETER)
+fgetfilecon (int fd, char **con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
setfilecon (char const *file _GL_UNUSED_PARAMETER,
- security_context_t con _GL_UNUSED_PARAMETER)
+ char *con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
lsetfilecon (char const *file _GL_UNUSED_PARAMETER,
- security_context_t con _GL_UNUSED_PARAMETER)
+ char *con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
fsetfilecon (int fd _GL_UNUSED_PARAMETER,
- security_context_t con _GL_UNUSED_PARAMETER)
+ char *con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
-security_check_context (security_context_t con _GL_UNUSED_PARAMETER)
+security_check_context (char *con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
-security_check_context_raw (security_context_t con _GL_UNUSED_PARAMETER)
+security_check_context_raw (char *con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
-setexeccon (security_context_t con _GL_UNUSED_PARAMETER)
+setexeccon (char *con _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE int
-security_compute_create (security_context_t scon _GL_UNUSED_PARAMETER,
- security_context_t tcon _GL_UNUSED_PARAMETER,
+security_compute_create (char *scon _GL_UNUSED_PARAMETER,
+ char *tcon _GL_UNUSED_PARAMETER,
security_class_t tclass _GL_UNUSED_PARAMETER,
- security_context_t *newcon _GL_UNUSED_PARAMETER)
+ char **newcon _GL_UNUSED_PARAMETER)
{ errno = ENOTSUP; return -1; }
SE_SELINUX_INLINE security_class_t
string_to_security_class (char const *name)
diff --git a/lib/selinux-at.c b/lib/selinux-at.c
index 77ac3378e..105a9f9d5 100644
--- a/lib/selinux-at.c
+++ b/lib/selinux-at.c
@@ -32,7 +32,7 @@
#define AT_FUNC_NAME getfileconat
#define AT_FUNC_F1 getfilecon
-#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con
+#define AT_FUNC_POST_FILE_PARAM_DECLS , char **con
#define AT_FUNC_POST_FILE_ARGS , con
#include "at-func.c"
#undef AT_FUNC_NAME
@@ -42,7 +42,7 @@
#define AT_FUNC_NAME lgetfileconat
#define AT_FUNC_F1 lgetfilecon
-#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t *con
+#define AT_FUNC_POST_FILE_PARAM_DECLS , char **con
#define AT_FUNC_POST_FILE_ARGS , con
#include "at-func.c"
#undef AT_FUNC_NAME
@@ -52,7 +52,7 @@
#define AT_FUNC_NAME setfileconat
#define AT_FUNC_F1 setfilecon
-#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con
+#define AT_FUNC_POST_FILE_PARAM_DECLS , char *con
#define AT_FUNC_POST_FILE_ARGS , con
#include "at-func.c"
#undef AT_FUNC_NAME
@@ -62,7 +62,7 @@
#define AT_FUNC_NAME lsetfileconat
#define AT_FUNC_F1 lsetfilecon
-#define AT_FUNC_POST_FILE_PARAM_DECLS , security_context_t con
+#define AT_FUNC_POST_FILE_PARAM_DECLS , char *con
#define AT_FUNC_POST_FILE_ARGS , con
#include "at-func.c"
#undef AT_FUNC_NAME
diff --git a/lib/selinux-at.h b/lib/selinux-at.h
index fa975ef8d..50537f80f 100644
--- a/lib/selinux-at.h
+++ b/lib/selinux-at.h
@@ -31,22 +31,22 @@
must be freed with freecon. Upon error, set *CON to NULL, set errno
and return -1.
[*] with flags=0 here, with flags=AT_SYMLINK_NOFOLLOW for lgetfileconat */
-int getfileconat (int dir_fd, char const *file, security_context_t *con);
+int getfileconat (int dir_fd, char const *file, char **con);
/* dir-fd-relative lgetfilecon. This function is just like getfileconat,
except when DIR_FD and FILE specify a symlink: lgetfileconat operates on
the symlink, while getfileconat operates on the referent of the symlink. */
-int lgetfileconat (int dir_fd, char const *file, security_context_t *con);
+int lgetfileconat (int dir_fd, char const *file, char **con);
/* dir-fd-relative setfilecon. Set the SELinux security context of
the file specified by DIR_FD and FILE to CON. DIR_FD and FILE are
interpreted as for fstatat[*]. Upon success, return 0.
Otherwise, return -1 and set errno. */
-int setfileconat (int dir_fd, char const *file, security_context_t con);
+int setfileconat (int dir_fd, char const *file, char *con);
/* dir-fd-relative lsetfilecon. This function is just like setfileconat,
except that rather than dereferencing a symlink, this function affects it. */
/* dir-fd-relative lsetfilecon. This function is just like setfileconat,
except when DIR_FD and FILE specify a symlink: lsetfileconat operates on
the symlink, while setfileconat operates on the referent of the symlink. */
-int lsetfileconat (int dir_fd, char const *file, security_context_t con);
+int lsetfileconat (int dir_fd, char const *file, char *con);
--
2.28.0
