Hi all, Per the following commit in upstream SELinux, security_context_t has been marked as deprecated, generating complains with -Wdeprecated-declarations: https://github.com/SELinuxProject/selinux/commit/7a124ca2758136f49cc38efc26fb1a2d385ecfd9
This can be seen with Debian GID when building contrib/selinux/, as it we have libselinux 3.1 there. Per the upstream repo, security_context_t maps to char * in include/selinux/selinux.h, so we can get rid easily of the warnings with the attached that replaces the references to security_context_t. Funnily, our code already mixes both definitions, see for example sepgsql_set_client_label, so this clarifies things. Any thoughts? -- Michael
diff --git a/contrib/sepgsql/label.c b/contrib/sepgsql/label.c
index 32e405530b..b00b91df5a 100644
--- a/contrib/sepgsql/label.c
+++ b/contrib/sepgsql/label.c
@@ -120,7 +120,7 @@ sepgsql_set_client_label(const char *new_label)
tcontext = client_label_peer;
else
{
- if (security_check_context_raw((security_context_t) new_label) < 0)
+ if (security_check_context_raw(new_label) < 0)
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("SELinux: invalid security label: \"%s\"",
@@ -453,9 +453,9 @@ sepgsql_get_label(Oid classId, Oid objectId, int32 subId)
object.objectSubId = subId;
label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG);
- if (!label || security_check_context_raw((security_context_t) label))
+ if (!label || security_check_context_raw(label))
{
- security_context_t unlabeled;
+ char *unlabeled;
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
ereport(ERROR,
@@ -487,7 +487,7 @@ sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel)
* context of selinux.
*/
if (seclabel &&
- security_check_context_raw((security_context_t) seclabel) < 0)
+ security_check_context_raw(seclabel) < 0)
ereport(ERROR,
(errcode(ERRCODE_INVALID_NAME),
errmsg("SELinux: invalid security label: \"%s\"", seclabel)));
@@ -725,7 +725,7 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId)
char *objname;
int objtype = 1234;
ObjectAddress object;
- security_context_t context;
+ char *context;
/*
* The way to determine object name depends on object classes. So, any
diff --git a/contrib/sepgsql/selinux.c b/contrib/sepgsql/selinux.c
index 9fdc810f2e..2695e88f23 100644
--- a/contrib/sepgsql/selinux.c
+++ b/contrib/sepgsql/selinux.c
@@ -768,8 +768,8 @@ sepgsql_compute_avd(const char *scontext,
* Ask SELinux what is allowed set of permissions on a pair of the
* security contexts and the given object class.
*/
- if (security_compute_av_flags_raw((security_context_t) scontext,
- (security_context_t) tcontext,
+ if (security_compute_av_flags_raw(scontext,
+ tcontext,
tclass_ex, 0, &avd_ex) < 0)
ereport(ERROR,
(errcode(ERRCODE_INTERNAL_ERROR),
@@ -838,7 +838,7 @@ sepgsql_compute_create(const char *scontext,
uint16 tclass,
const char *objname)
{
- security_context_t ncontext;
+ char *ncontext;
security_class_t tclass_ex;
const char *tclass_name;
char *result;
@@ -853,8 +853,8 @@ sepgsql_compute_create(const char *scontext,
* Ask SELinux what is the default context for the given object class on a
* pair of security contexts
*/
- if (security_compute_create_name_raw((security_context_t) scontext,
- (security_context_t) tcontext,
+ if (security_compute_create_name_raw(scontext,
+ tcontext,
tclass_ex,
objname,
&ncontext) < 0)
diff --git a/contrib/sepgsql/uavc.c b/contrib/sepgsql/uavc.c
index 639a52c556..97189b7c46 100644
--- a/contrib/sepgsql/uavc.c
+++ b/contrib/sepgsql/uavc.c
@@ -171,7 +171,7 @@ sepgsql_avc_unlabeled(void)
{
if (!avc_unlabeled)
{
- security_context_t unlabeled;
+ char *unlabeled;
if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0)
ereport(ERROR,
@@ -216,7 +216,7 @@ sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass)
* policy is reloaded, validation status shall be kept, so we also cache
* whether the supplied security context was valid, or not.
*/
- if (security_check_context_raw((security_context_t) tcontext) != 0)
+ if (security_check_context_raw(tcontext) != 0)
ucontext = sepgsql_avc_unlabeled();
/*
signature.asc
Description: PGP signature
