Do not use deprecated flask.h and av_permissions.h

2020-07-30 13:36:03 +08:00 · 2020-07-30 13:36:03 +08:00 · aa257637e0
commit aa257637e0
parent 7162748dcf
2 changed files with 64 additions and 1 deletions
--- a/Do-not-use-deprecated-flask.h-and-av_permissions.patch
+++ b/Do-not-use-deprecated-flask.h-and-av_permissions.patch
@ -0,0 +1,58 @@
+From 1efff28faef83a620fd7f6eaac3fe64ee6691a33 Mon Sep 17 00:00:00 2001
+From: Jiri Kucera <jkucera@redhat.com>
+Date: Apr 10 2020 09:18:42 +0000
+Subject: Merge #7 `Do not use deprecated flask.h and av_permissions.h`
+
+
+---
+
+diff --git a/userhelper.c b/userhelper.c
+index 4177c89..f2afde7 100644
+--- a/userhelper.c
+++ b/userhelper.c
+@@ -48,8 +48,6 @@
+ 
+ #ifdef WITH_SELINUX
+ #include <selinux/selinux.h>
+-#include <selinux/flask.h>
+-#include <selinux/av_permissions.h>
+ #endif
+ 
+ #include "shvar.h"
+@@ -111,7 +109,7 @@ static int checkAccess(unsigned int selaccess) {
+     struct av_decision avd;
+     int retval = security_compute_av(user_context,
+ 				     user_context,
+-				     SECCLASS_PASSWD,
+				     string_to_security_class("passwd"),
+ 				     selaccess,
+ 				     &avd);
+ 	  
+@@ -2267,7 +2265,8 @@ main(int argc, char **argv)
+ 	const char *new_home_phone;
+ 	const char *new_shell;
+ #ifdef WITH_SELINUX
+-	unsigned perm;
+	security_class_t class;
+	access_vector_t perm;
+ #endif
+ 
+ 	/* State variable we pass around. */
+@@ -2426,12 +2425,13 @@ main(int argc, char **argv)
+ 			user_name = g_strdup(argv[optind]);
+ 
+ #ifdef WITH_SELINUX
+			class = string_to_security_class("passwd");
+ 			if (c_flag) 
+-			  perm = PASSWD__PASSWD;
+			  perm = string_to_av_perm(class, "passwd");
+ 			else if (s_flag)
+-			  perm = PASSWD__CHSH;
+			  perm = string_to_av_perm(class, "chsh");
+ 			else
+-			  perm = PASSWD__CHFN;
+			  perm = string_to_av_perm(class, "chfn");
+ 
+ 			if (is_selinux_enabled() > 0 &&
+ 			    checkAccess(perm)!= 0) {
+
--- a/usermode.spec
+++ b/usermode.spec
@ -1,12 +1,14 @@
 Name:          usermode
 Version:       1.113
-Release:       1
+Release:       2
 Summary:       Tools for certain user account management tasks
 License:       GPLv2+
 URL:           https://pagure.io/usermode/
 Source:        https://releases.pagure.org/usermode/usermode-%{version}.tar.xz
 Source1:       config-util

+Patch0:        Do-not-use-deprecated-flask.h-and-av_permissions.patch
+
 Requires:      pam passwd util-linux
 BuildRequires: desktop-file-utils gettext intltool perl-XML-Parser util-linux
 BuildRequires: glib2-devel gtk2-devel libblkid-devel libSM-devel libselinux-devel libuser-devel
@ -70,6 +72,9 @@ done
 %{_mandir}/man8/*

 %changelog
+* Thu Jul 30 2020 shenyangyang <shenyangyang4@huawei.com> - 1.113-2
+- Do not use deprecated flask.h and av_permissions
+
 * Fri Jul 24 2020 Hugel <gengqihu1@huawei.com> - 1.113-1
 - Update to 1.113