mcstrans: add package 2.7 (20170804)

Move policycoreutils/mcstrans to mcstrans:

* Move and rebase patches:
  - mcstrans-de-bashify.patch
  - 0001-mcstrans-fix-the-init-script.patch

* Remove useless patch:
  - enable-mcstrans.patch

* Cleanup policycoreutils_2.7.bb and policycoreutils.inc.

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>

Update policycoreutils_git.bb

Signed-off-by: Mark Hatle <mark.hatle@windriver.com>

recipes-security/selinux/mcstrans.inc

@@ -0,0 +1,49 @@
+SUMMARY = "Daemon to translate SELinux MCS/MLS sensitivity labels"
+DESCRIPTION = "\
+mcstrans provides an translation daemon to translate SELinux categories \
+from internal representations to user defined representation."
+
+SECTION = "base"
+LICENSE = "GPLv2+"
+
+SRC_URI += "file://mcstrans-de-bashify.patch \
+            file://0001-mcstrans-fix-the-init-script.patch \
+"
+
+inherit systemd update-rc.d
+
+DEPENDS += "libsepol libselinux libcap"
+
+EXTRA_OEMAKE += "SYSTEMDDIR=${D}${systemd_unitdir}"
+do_install_append() {
+    install -d ${D}${sbindir}
+    install -m 755 utils/untranscon ${D}${sbindir}/
+    install -m 755 utils/transcon ${D}${sbindir}/
+
+    if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -d ${D}${sysconfdir}/tmpfiles.d
+        echo "d ${localstatedir}/run/setrans - - - -" \
+            > ${D}${sysconfdir}/tmpfiles.d/setrans.conf
+    else
+        install -d ${D}${sysconfdir}/default/volatiles
+        echo "d root root 0755 /var/run/setrans none" \
+            >${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
+    fi
+    install -d ${D}${datadir}/mcstrans
+    cp -r share/* ${D}${datadir}/mcstrans/.
+}
+
+SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
+INITSCRIPT_PACKAGES = "mcstrans"
+INITSCRIPT_NAME_mcstrans = "mcstrans"
+INITSCRIPT_PARAMS_mcstrans = "defaults"
+
+pkg_postinst_mcstrans () {
+    if [ -z "$D" ]; then
+        if command -v systemd-tmpfiles >/dev/null; then
+            systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
+        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+            ${sysconfdir}/init.d/populate-volatile.sh update
+        fi
+    fi
+}

recipes-security/selinux/mcstrans/0001-mcstrans-fix-the-init-script.patch

@@ -5,14 +5,15 @@ Upstream-Status: Inappropriate [embedded specific]
 replace daemon with start-stop-daemon, due to not daemon functions
 
 Signed-off-by: Roy Li <rongqing.li@windriver.com>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
 ---
- mcstrans/src/mcstrans.init | 2 +-
+ src/mcstrans.init | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/mcstrans/src/mcstrans.init b/mcstrans/src/mcstrans.init
+diff --git a/src/mcstrans.init b/src/mcstrans.init
 index 2804ec0..c660290 100644
---- a/mcstrans/src/mcstrans.init
-+++ b/mcstrans/src/mcstrans.init
+--- a/src/mcstrans.init
++++ b/src/mcstrans.init
 @@ -51,7 +51,7 @@ start(){
  	fi
  

recipes-security/selinux/mcstrans/mcstrans-de-bashify.patch

@@ -0,0 +1,26 @@
+commit 54875dcb50f5e40fc86d6fe98dde244bfe4751af
+Author: Joe MacDonald <joe_macdonald@mentor.com>
+Date:   Fri Aug 7 15:16:45 2015 -0400
+
+    mcstrans: remove dependency on bash in initscript
+
+    There were no apparent bashisms in mcstrans.init, so remove the dependency
+    on bash.
+
+    Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
+
+Upstream-Status: Pending
+
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ src/mcstrans.init |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/src/mcstrans.init
++++ b/src/mcstrans.init
+@@ -1,4 +1,4 @@
+-#!/bin/bash
++#!/bin/sh
+ #
+ # mcstransd        This starts and stops mcstransd
+ #

recipes-security/selinux/mcstrans_2.7.bb

@@ -0,0 +1,7 @@
+include selinux_20170804.inc
+include ${BPN}.inc
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
+
+SRC_URI[md5sum] = "edba0f72fdf7fdd1ad0a2c6d102e8cfa"
+SRC_URI[sha256sum] = "cdca003282d160b50ad695ab5b013c05ca21387a419b2f89288534184d16e1e2"

recipes-security/selinux/policycoreutils.inc

@@ -10,7 +10,6 @@ LICENSE = "GPLv2+"
 SRC_URI += "${@bb.utils.contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
             file://policycoreutils-fixfiles-de-bashify.patch \
             file://policycoreutils-sandbox-de-bashify.patch \
-            file://mcstrans-de-bashify.patch \
            "
 
 PAM_SRC_URI = "file://pam.d/newrole \
@@ -21,9 +20,7 @@ DEPENDS += "libsepol libselinux libsemanage libcap gettext-native"
 EXTRA_DEPENDS = "libcap-ng libcgroup setools"
 DEPENDS += "${@['', '${EXTRA_DEPENDS}']['${PN}' != '${BPN}-native']}"
 
-inherit selinux systemd pythonnative update-rc.d
-
-PROVIDES += "mcstrans"
+inherit selinux pythonnative
 
 DEPENDS += "${@target_selinux(d, 'libpam audit')}"
 
@@ -144,31 +141,8 @@ PACKAGES =+ "\
 	${PN}-sestatus \
 	${PN}-setfiles \
 	${PN}-setsebool \
-	mcstrans \
-	mcstrans-doc \
 	system-config-selinux \
 "
-PKGV_mcstrans = "0.3.2"
-PKGV_mcstrans-doc = "0.3.2"
-SUMMARY_mcstrans = "Daemon to translate SELinux MCS/MLS sensitivity labels"
-DESCRIPTION_mcstrans = "\
-        Security-enhanced Linux is a feature of the Linux kernel and a number \
-        of utilities with enhanced security functionality designed to add \
-        mandatory access controls to Linux.  The Security-enhanced Linux \
-        kernel contains new architectural components originally developed to \
-        improve the security of the Flask operating system. These \
-        architectural components provide general support for the enforcement \
-        of many kinds of mandatory access control policies, including those \
-        based on the concepts of Type Enforcement®, Role-based Access \
-        Control, and Multi-level Security. \
-         \
-        mcstrans provides an translation daemon to translate SELinux categories \
-        from internal representations to user defined representation. \
-        "
-SUMMARY_mcstrans-doc = "${SUMMARY_mcstrans} man pages and examples"
-DESCRIPTION_mcstrans-doc = "${DESCRIPTION_mcstrans} \
-        This package contains man pages and examples. \
-        "
 FILES_${PN}-audit2allow = "\
 	${bindir}/audit2allow \
 	${bindir}/audit2why \
@@ -240,22 +214,6 @@ FILES_${PN}-setsebool += "\
 	${sbindir}/setsebool \
 	${datadir}/bash-completion/completions/setsebool \
 "
-FILES_mcstrans = "\
-	${base_sbindir}/mcstransd \
-	${sbindir}/untranscon \
-	${sbindir}/transcon \
-	${sysconfdir}/init.d/mcstrans \
-	${systemd_unitdir}/system/mcstrans.service \
-	${sysconfdir}/default/volatiles/volatiles.80_mcstrans \
-	${sysconfdir}/tmpfiles.d/setrans.conf \
-"
-
-FILES_mcstrans-doc = "\
-    /usr/share/man/man8/mcstransd.8 \
-    /usr/share/man/man8/mcs.8 \
-    /usr/share/man/man8/setrans.conf.8 \
-    ${datadir}/mcstrans \
-"
 
 FILES_system-config-selinux = " \
     ${bindir}/sepolgen \
@@ -304,23 +262,6 @@ do_install_prepend() {
 	export SEMODULE_PATH=${sbindir} SYSTEMDDIR=${D}/${systemd_unitdir}
 }
 
-do_install_append_class-target() {
-	install -m 755 mcstrans/utils/untranscon ${D}${sbindir}/
-	install -m 755 mcstrans/utils/transcon ${D}${sbindir}/
-
-	if ${@bb.utils.contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
-		install -d ${D}${sysconfdir}/tmpfiles.d
-		echo "d ${localstatedir}/run/setrans - - - -" \
-		    > ${D}${sysconfdir}/tmpfiles.d/setrans.conf
-	else
-		install -d ${D}${sysconfdir}/default/volatiles
-		echo "d root root 0755 /var/run/setrans none" \
-			>${D}${sysconfdir}/default/volatiles/volatiles.80_mcstrans
-	fi
-	install -d ${D}${datadir}/mcstrans
-	cp -r mcstrans/share/* ${D}${datadir}/mcstrans/.
-}
-
 do_install_virtclass-native() {
 	for PCU_CMD in ${PCU_NATIVE_CMDS} ; do
 	     oe_runmake -C $PCU_CMD install \
@@ -342,18 +283,3 @@ do_install_append_class-target() {
 	#   $ semanage permissive [OPTS]
 	install -d ${D}${localstatedir}/lib/selinux
 }
-
-SYSTEMD_SERVICE_mcstrans = "mcstrans.service"
-INITSCRIPT_PACKAGES = "mcstrans"
-INITSCRIPT_NAME_mcstrans = "mcstrans"
-INITSCRIPT_PARAMS_mcstrans = "defaults"
-
-pkg_postinst_mcstrans () {
-    if [ -z "$D" ]; then
-        if command -v systemd-tmpfiles >/dev/null; then
-            systemd-tmpfiles --create ${sysconfdir}/tmpfiles.d/setrans.conf
-        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
-            ${sysconfdir}/init.d/populate-volatile.sh update
-        fi
-    fi
-}

recipes-security/selinux/policycoreutils/enable-mcstrans.patch

@@ -1,17 +0,0 @@
-Add the "mcstrans" subdir so it gets built too.
-
-Upstream-Status: Inappropriate [embedded specific]
-
-Signed-off-by: Roy Li <rongqing.li@windriver.com>
-diff --git a/Makefile b/Makefile
-index 83ebd45..3ae784f 100644
---- a/Makefile
-+++ b/Makefile
-@@ -1,5 +1,7 @@
- SUBDIRS = sepolicy setfiles semanage load_policy newrole run_init sandbox secon audit2allow sestatus semodule_package semodule semodule_link semodule_expand semodule_deps sepolgen-ifgen setsebool scripts po man gui
- 
-+SUBDIRS += mcstrans
-+
- INOTIFYH = $(shell ls /usr/include/sys/inotify.h 2>/dev/null)
- 
- ifeq (${INOTIFYH}, /usr/include/sys/inotify.h)

recipes-security/selinux/policycoreutils/mcstrans-de-bashify.patch

@@ -1,12 +0,0 @@
----
- mcstrans/src/mcstrans.init |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
---- a/mcstrans/src/mcstrans.init
-+++ b/mcstrans/src/mcstrans.init
-@@ -1,4 +1,4 @@
--#!/bin/bash
-+#!/bin/sh
- #
- # mcstransd        This starts and stops mcstransd
- #

recipes-security/selinux/policycoreutils_2.7.bb

@@ -12,6 +12,4 @@ SRC_URI += "\
 	file://policycoreutils-loadpolicy-symlink.patch \
 	file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
 	file://policycoreutils-fix-TypeError-for-seobject.py.patch \
-	file://0001-mcstrans-fix-the-init-script.patch \
-	file://enable-mcstrans.patch \
 	"

recipes-security/selinux/policycoreutils_git.bb

@@ -11,6 +11,4 @@ SRC_URI += "\
 	file://policycoreutils-loadpolicy-symlink.patch \
 	file://policycoreutils-process-ValueError-for-sepolicy-seobject.patch \
 	file://policycoreutils-fix-TypeError-for-seobject.py.patch \
-	file://0001-mcstrans-fix-the-init-script.patch \
-	file://enable-mcstrans.patch \
 	"