restorecond: update to 3.2

* Merge inc file into bb file.
* Drop obsolete patches:
  policycoreutils-make-O_CLOEXEC-optional.patch

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>

recipes-security/selinux/restorecond/policycoreutils-make-O_CLOEXEC-optional.patch

@@ -1,48 +0,0 @@
-From 4adc1c02e4da42f64249c05534875e732f043693 Mon Sep 17 00:00:00 2001
-From: Joe MacDonald <joe_macdonald@mentor.com>
-Date: Wed, 6 Nov 2019 23:17:50 +0800
-Subject: [PATCH] policycoreutils: make O_CLOEXEC optional
-
-Various commits in the selinux tree in the current release added
-O_CLOEXEC to open() calls in an attempt to address file descriptor leaks
-as described:
-
-  http://danwalsh.livejournal.com/53603.html
-
-However O_CLOEXEC isn't available on all platforms, so make it a
-compile-time option and generate a warning when it is not available.
-The actual impact of leaking these file descriptors is minimal, though
-it does produce curious AVC Denied messages.
-
-Upstream-Status: Inappropriate
-[O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
-
-Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
-Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
-Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
----
- user.c | 8 +++++++-
- 1 file changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/user.c b/user.c
-index 714aae7..bbf018e 100644
---- a/user.c
-+++ b/user.c
-@@ -202,7 +202,13 @@ static int local_server(void) {
- 			perror("asprintf");
- 		return -1;
- 	}
--	local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR);
-+	local_lock_fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW
-+	#ifdef O_CLOEXEC
-+		| O_CLOEXEC
-+	#else
-+		#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
-+	#endif
-+		, S_IRUSR | S_IWUSR);
- 	if (debug_mode)
- 		g_warning ("Lock file: %s", ptr);
- 
--- 
-2.7.4
-

recipes-security/selinux/restorecond_3.1.bb

@@ -1,7 +0,0 @@
-require selinux_20200710.inc
-require ${BPN}.inc
-
-LIC_FILES_CHKSUM = "file://COPYING;md5=393a5ca445f6965873eca0259a17f833"
-
-SRC_URI[md5sum] = "8daf761739a150a7a29bb491726a6cd9"
-SRC_URI[sha256sum] = "82ca45099685a45d718f11f8859963c1ba83d98e510312cbf0b7dc5664c60ad0"

recipes-security/selinux/restorecond_3.2.bb

@@ -4,12 +4,11 @@ The restorecond daemon uses inotify to watch files listed in the \
 /etc/selinux/restorecond.conf, when they are created, this daemon \
 will make sure they have the correct file context associated with \
 the policy."
-
 SECTION = "base"
 LICENSE = "GPLv2+"
+LIC_FILES_CHKSUM = "file://${S}/COPYING;md5=393a5ca445f6965873eca0259a17f833"
 
-SRC_URI += "file://policycoreutils-make-O_CLOEXEC-optional.patch \
-"
+require selinux_common.inc
 
 inherit systemd update-rc.d
 
@@ -19,6 +18,8 @@ EXTRA_OEMAKE += "SYSTEMDSYSTEMUNITDIR=${systemd_system_unitdir} \
                  SYSTEMDUSERUNITDIR=${systemd_user_unitdir} \
                 "
 
+S = "${WORKDIR}/git/restorecond"
+
 FILES_${PN} += "${datadir}/dbus-1/services/org.selinux.Restorecond.service \
                 ${systemd_user_unitdir}/* \
                "