Update to latest release
diff --git a/patches/platform_external_selinux/0001-libsepol-cil-Add-ability-to-redeclare-types-attribut.patch b/patches/platform_external_selinux/0001-libsepol-cil-Add-ability-to-redeclare-types-attribut.patch
index d38aec2..d25a8da 100644
--- a/patches/platform_external_selinux/0001-libsepol-cil-Add-ability-to-redeclare-types-attribut.patch
+++ b/patches/platform_external_selinux/0001-libsepol-cil-Add-ability-to-redeclare-types-attribut.patch
@@ -25,7 +25,7 @@
6 files changed, 57 insertions(+), 8 deletions(-)
diff --git a/libsepol/cil/include/cil/cil.h b/libsepol/cil/include/cil/cil.h
-index 4507892c..4df646a0 100644
+index 4507892..4df646a 100644
--- a/libsepol/cil/include/cil/cil.h
+++ b/libsepol/cil/include/cil/cil.h
@@ -46,6 +46,7 @@ extern int cil_userprefixes_to_string(cil_db_t *db, char **out, size_t *size);
@@ -37,7 +37,7 @@
extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables);
extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown);
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
-index 9b9ccc36..e8bbbfdf 100644
+index 9b9ccc3..e8bbbfd 100644
--- a/libsepol/cil/src/cil.c
+++ b/libsepol/cil/src/cil.c
@@ -1675,6 +1675,11 @@ void cil_set_mls(struct cil_db *db, int mls)
@@ -53,7 +53,7 @@
{
db->target_platform = target_platform;
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
-index 36cc6735..9a10e7ab 100644
+index 36cc673..9a10e7a 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -82,10 +82,33 @@ exit:
@@ -125,7 +125,7 @@
}
diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h
-index aee3f00c..abfacd8d 100644
+index aee3f00..abfacd8 100644
--- a/libsepol/cil/src/cil_internal.h
+++ b/libsepol/cil/src/cil_internal.h
@@ -312,6 +312,7 @@ struct cil_db {
@@ -137,7 +137,7 @@
int policy_version;
};
diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in
-index 40426408..edd98d5a 100644
+index 4042640..edd98d5 100644
--- a/libsepol/src/libsepol.map.in
+++ b/libsepol/src/libsepol.map.in
@@ -47,6 +47,7 @@ LIBSEPOL_1.1 {
@@ -149,7 +149,7 @@
sepol_ppfile_to_module_package;
sepol_module_package_to_cil;
diff --git a/secilc/secilc.c b/secilc/secilc.c
-index f2232e72..0be6975b 100644
+index f2232e7..0be6975 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -63,6 +63,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog)
@@ -204,5 +204,5 @@
cil_set_preserve_tunables(db, preserve_tunables);
if (handle_unknown != -1) {
--
-2.15.1
+2.7.4
diff --git a/patches/platform_external_selinux/0002-libsepol-cil-Keep-type-attribute-declarations-when-a.patch b/patches/platform_external_selinux/0002-libsepol-cil-Keep-type-attribute-declarations-when-a.patch
index f88b855..77dc2cf 100644
--- a/patches/platform_external_selinux/0002-libsepol-cil-Keep-type-attribute-declarations-when-a.patch
+++ b/patches/platform_external_selinux/0002-libsepol-cil-Keep-type-attribute-declarations-when-a.patch
@@ -24,7 +24,7 @@
2 files changed, 10 insertions(+), 9 deletions(-)
diff --git a/libsepol/cil/include/cil/android.h b/libsepol/cil/include/cil/android.h
-index 082d7fd2..5aceda62 100644
+index 082d7fd..5aceda6 100644
--- a/libsepol/cil/include/cil/android.h
+++ b/libsepol/cil/include/cil/android.h
@@ -21,6 +21,8 @@ int cil_android_attrib_mapping(struct cil_db **mdb, struct cil_db *srcdb, const
@@ -37,7 +37,7 @@
* srcdb - initialized and parsed cil_db reference to source public policy
* from which to extract attributizable elements.
diff --git a/libsepol/cil/src/android.c b/libsepol/cil/src/android.c
-index 1d80046b..53df4187 100644
+index 1d80046..53df418 100644
--- a/libsepol/cil/src/android.c
+++ b/libsepol/cil/src/android.c
@@ -200,23 +200,27 @@ static char *__cil_attrib_get_versname(char *old, const char *vers)
@@ -85,5 +85,5 @@
return SEPOL_OK;
--
-2.15.1
+2.7.4
diff --git a/patches/platform_external_selinux/0003-libsepol-cil-Create-new-keep-field-for-type-attribut.patch b/patches/platform_external_selinux/0003-libsepol-cil-Create-new-keep-field-for-type-attribut.patch
index 86f94f1..875fef9 100644
--- a/patches/platform_external_selinux/0003-libsepol-cil-Create-new-keep-field-for-type-attribut.patch
+++ b/patches/platform_external_selinux/0003-libsepol-cil-Create-new-keep-field-for-type-attribut.patch
@@ -32,7 +32,7 @@
6 files changed, 9 insertions(+), 6 deletions(-)
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
-index e8bbbfdf..a5a3e263 100644
+index e8bbbfd..a5a3e26 100644
--- a/libsepol/cil/src/cil.c
+++ b/libsepol/cil/src/cil.c
@@ -2038,6 +2038,7 @@ void cil_typeattribute_init(struct cil_typeattribute **attr)
@@ -44,7 +44,7 @@
void cil_typeattributeset_init(struct cil_typeattributeset **attrset)
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
-index e1481a43..1818ffa9 100644
+index e1481a4..1818ffa 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -567,7 +567,7 @@ int cil_typeattribute_to_policydb(policydb_t *pdb, struct cil_typeattribute *cil
@@ -84,7 +84,7 @@
}
}
diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h
-index abfacd8d..942b28f0 100644
+index abfacd8..942b28f 100644
--- a/libsepol/cil/src/cil_internal.h
+++ b/libsepol/cil/src/cil_internal.h
@@ -527,6 +527,7 @@ struct cil_typeattribute {
@@ -96,7 +96,7 @@
struct cil_typeattributeset {
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
-index 77179e63..3e511330 100644
+index 77179e6..3e51133 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -1085,7 +1085,7 @@ static void cil_typeattributes_to_policy(FILE *out, struct cil_list *types, stru
@@ -109,7 +109,7 @@
if (ebitmap_get_bit(attribute->types, type->value)) {
if (first) {
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
-index 1941fab3..a30de0e1 100644
+index 1941fab..a30de0e 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -1250,7 +1250,7 @@ static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finis
@@ -122,7 +122,7 @@
}
case CIL_ROLEATTRIBUTE: {
diff --git a/libsepol/cil/src/cil_reset_ast.c b/libsepol/cil/src/cil_reset_ast.c
-index 676e156e..142179ee 100644
+index 676e156..142179e 100644
--- a/libsepol/cil/src/cil_reset_ast.c
+++ b/libsepol/cil/src/cil_reset_ast.c
@@ -186,6 +186,7 @@ static void cil_reset_typeattr(struct cil_typeattribute *attr)
@@ -134,5 +134,5 @@
static void cil_reset_typeattributeset(struct cil_typeattributeset *tas)
--
-2.15.1
+2.7.4
diff --git a/patches/platform_external_selinux/0004-Enable-multipl_decls-by-default.-This-is-needed-beca.patch b/patches/platform_external_selinux/0004-Enable-multipl_decls-by-default.-This-is-needed-beca.patch
index edf02fa..ab6521f 100644
--- a/patches/platform_external_selinux/0004-Enable-multipl_decls-by-default.-This-is-needed-beca.patch
+++ b/patches/platform_external_selinux/0004-Enable-multipl_decls-by-default.-This-is-needed-beca.patch
@@ -10,7 +10,7 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/secilc/secilc.c b/secilc/secilc.c
-index 0be6975b..e30572e5 100644
+index 0be6975..e30572e 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -90,7 +90,7 @@ int main(int argc, char *argv[])
@@ -23,5 +23,5 @@
int preserve_tunables = 0;
int handle_unknown = -1;
--
-2.15.1
+2.7.4
diff --git a/patches/platform_external_selinux/0005-Delete-identical-genfscon-s.patch b/patches/platform_external_selinux/0005-Delete-identical-genfscon-s.patch
deleted file mode 100644
index bf664e1..0000000
--- a/patches/platform_external_selinux/0005-Delete-identical-genfscon-s.patch
+++ /dev/null
@@ -1,42 +0,0 @@
-From c334f823d0eccac2656ceceb707367680cca32f2 Mon Sep 17 00:00:00 2001
-From: Pierre-Hugues Husson <phh@phh.me>
-Date: Sat, 3 Mar 2018 19:02:29 +0100
-Subject: [PATCH 5/5] Delete identical genfscon-s
-
-Change-Id: I9775187b9da3568390ab66ebd59cb774b1283ad1
----
- libsepol/cil/src/cil_post.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
-index a30de0e1..605847d1 100644
---- a/libsepol/cil/src/cil_post.c
-+++ b/libsepol/cil/src/cil_post.c
-@@ -53,6 +53,16 @@
- static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db);
- static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db);
-
-+static int compact(void* array, int count, int len, int (*compar)(const void *, const void *)) {
-+ char *a = (char*)array;
-+ int j = 0;
-+ for(int i=1; i<count; i++) {
-+ if(compar(a+i*len, a+j*len) != 0) j++;
-+ if(i != j) memcpy(a+j*len, a+i*len, len);
-+ }
-+ return j;
-+}
-+
- static int cil_verify_is_list(struct cil_list *list, enum cil_flavor flavor)
- {
- struct cil_list_item *curr;
-@@ -1977,6 +1987,7 @@ static int cil_post_db(struct cil_db *db)
-
- qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare);
- qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare);
-+ db->genfscon->count = compact(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare);
- qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare);
- qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare);
- qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare);
---
-2.15.1
-
diff --git a/patches/platform_external_selinux/0005-libsepol-cil-Improve-processing-of-context-rules.patch b/patches/platform_external_selinux/0005-libsepol-cil-Improve-processing-of-context-rules.patch
new file mode 100644
index 0000000..c5241e0
--- /dev/null
+++ b/patches/platform_external_selinux/0005-libsepol-cil-Improve-processing-of-context-rules.patch
@@ -0,0 +1,377 @@
+From 9b009c3354946ec04c60b87d344ed2abbe63c4ba Mon Sep 17 00:00:00 2001
+From: James Carter <jwcart2@tycho.nsa.gov>
+Date: Thu, 29 Mar 2018 16:06:49 -0400
+Subject: [PATCH 5/5] libsepol/cil: Improve processing of context rules
+
+Improve the processing of netifcon, genfscon, ibpkeycon, ibendportcon,
+portcon, nodecon, fsuse, filecon, iomemcon, ioportcon, pcidevicecon,
+and devicetreecon rules.
+
+If the multiple-decls option is not used then report errors if duplicate
+context rules are found. If it is used then remove duplicate context rules
+and report errors when two rules are identical except for the context.
+
+This also changes the ordering of portcon and filecon rules. The protocol
+of portcon rules will be compared if the port numbers are the same and the
+path strings of filecon rules will be compared if the number of meta
+characters, the stem length, string length and file types are the same.
+
+Based on an initial patch by Pierre-Hugues Husson (phh@phh.me)
+
+Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
+---
+ libsepol/cil/src/cil_post.c | 303 ++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 292 insertions(+), 11 deletions(-)
+
+diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
+index a30de0e..3799350 100644
+--- a/libsepol/cil/src/cil_post.c
++++ b/libsepol/cil/src/cil_post.c
+@@ -53,6 +53,83 @@
+ static int __cil_expr_to_bitmap(struct cil_list *expr, ebitmap_t *out, int max, struct cil_db *db);
+ static int __cil_expr_list_to_bitmap(struct cil_list *expr_list, ebitmap_t *out, int max, struct cil_db *db);
+
++static int cats_compare(struct cil_cats *a, struct cil_cats *b)
++{
++ struct cil_list_item *i, *j;
++ int rc;
++
++ if (a == b) return 0;
++ if (!a) return -1;
++ if (!b) return 1;
++
++ /* Expects cat expression to have been evaluated */
++ cil_list_for_each(i, a->datum_expr) {
++ cil_list_for_each(j, b->datum_expr) {
++ rc = strcmp(DATUM(i->data)->fqn, DATUM(j->data)->fqn);
++ if (!rc) return rc;
++ }
++ }
++ return 0;
++}
++
++static int level_compare(struct cil_level *a, struct cil_level *b)
++{
++ int rc;
++
++ if (a == b) return 0;
++ if (!a) return -1;
++ if (!b) return 1;
++
++ if (a->sens != b->sens) {
++ rc = strcmp(DATUM(a->sens)->fqn, DATUM(b->sens)->fqn);
++ if (rc != 0) return rc;
++ }
++ if (a->cats != b->cats) {
++ return cats_compare(a->cats, b->cats);
++ }
++ return 0;
++}
++
++static int range_compare(struct cil_levelrange *a, struct cil_levelrange *b)
++{
++ int rc;
++
++ if (a == b) return 0;
++ if (!a) return -1;
++ if (!b) return 1;
++
++ if (a->low != b->low) {
++ rc = level_compare(a->low, b->low);
++ if (rc != 0) return rc;
++ }
++ if (a->high != b->high) {
++ return level_compare(a->high, b->high);
++ }
++ return 0;
++}
++
++static int context_compare(struct cil_context *a, struct cil_context *b)
++{
++ int rc;
++
++ if (a->user != b->user) {
++ rc = strcmp(DATUM(a->user)->fqn, DATUM(b->user)->fqn);
++ if (rc != 0) return rc;
++ }
++ if (a->role != b->role) {
++ rc = strcmp(DATUM(a->role)->fqn, DATUM(b->role)->fqn);
++ if (rc != 0) return rc;
++ }
++ if (a->type != b->type) {
++ rc = strcmp(DATUM(a->type)->fqn, DATUM(b->type)->fqn);
++ if (rc != 0) return rc;
++ }
++ if (a->range != b->range) {
++ return range_compare(a->range, b->range);
++ }
++ return 0;
++}
++
+ static int cil_verify_is_list(struct cil_list *list, enum cil_flavor flavor)
+ {
+ struct cil_list_item *curr;
+@@ -144,6 +221,8 @@ int cil_post_filecon_compare(const void *a, const void *b)
+ rc = -1;
+ } else if (b_filecon->type < a_filecon->type) {
+ rc = 1;
++ } else {
++ rc = strcmp(a_filecon->path_str, b_filecon->path_str);
+ }
+
+ free(a_path);
+@@ -167,6 +246,10 @@ int cil_post_portcon_compare(const void *a, const void *b)
+ rc = -1;
+ } else if (bportcon->port_low < aportcon->port_low) {
+ rc = 1;
++ } else if (aportcon->proto < bportcon->proto) {
++ rc = -1;
++ } else if (aportcon->proto > bportcon->proto) {
++ rc = 1;
+ }
+ }
+
+@@ -327,6 +410,88 @@ int cil_post_fsuse_compare(const void *a, const void *b)
+ return rc;
+ }
+
++int cil_post_filecon_context_compare(const void *a, const void *b)
++{
++ struct cil_filecon *a_filecon = *(struct cil_filecon**)a;
++ struct cil_filecon *b_filecon = *(struct cil_filecon**)b;
++ return context_compare(a_filecon->context, b_filecon->context);
++}
++
++int cil_post_portcon_context_compare(const void *a, const void *b)
++{
++ struct cil_portcon *a_portcon = *(struct cil_portcon**)a;
++ struct cil_portcon *b_portcon = *(struct cil_portcon**)b;
++ return context_compare(a_portcon->context, b_portcon->context);
++}
++
++int cil_post_genfscon_context_compare(const void *a, const void *b)
++{
++ struct cil_genfscon *a_genfscon = *(struct cil_genfscon**)a;
++ struct cil_genfscon *b_genfscon = *(struct cil_genfscon**)b;
++ return context_compare(a_genfscon->context, b_genfscon->context);
++}
++
++int cil_post_netifcon_context_compare(const void *a, const void *b)
++{
++ int rc;
++ struct cil_netifcon *a_netifcon = *(struct cil_netifcon**)a;
++ struct cil_netifcon *b_netifcon = *(struct cil_netifcon**)b;
++ rc = context_compare(a_netifcon->if_context, b_netifcon->if_context);
++ if (rc != 0) {
++ return rc;
++ }
++ return context_compare(a_netifcon->packet_context, b_netifcon->packet_context);
++}
++
++int cil_post_nodecon_context_compare(const void *a, const void *b)
++{
++ struct cil_nodecon *a_nodecon = *(struct cil_nodecon **)a;
++ struct cil_nodecon *b_nodecon = *(struct cil_nodecon **)b;
++ return context_compare(a_nodecon->context, b_nodecon->context);
++}
++
++int cil_post_pirqcon_context_compare(const void *a, const void *b)
++{
++ struct cil_pirqcon *a_pirqcon = *(struct cil_pirqcon**)a;
++ struct cil_pirqcon *b_pirqcon = *(struct cil_pirqcon**)b;
++ return context_compare(a_pirqcon->context, b_pirqcon->context);
++}
++
++int cil_post_iomemcon_context_compare(const void *a, const void *b)
++{
++ struct cil_iomemcon *a_iomemcon = *(struct cil_iomemcon**)a;
++ struct cil_iomemcon *b_iomemcon = *(struct cil_iomemcon**)b;
++ return context_compare(a_iomemcon->context, b_iomemcon->context);
++}
++
++int cil_post_ioportcon_context_compare(const void *a, const void *b)
++{
++ struct cil_ioportcon *a_ioportcon = *(struct cil_ioportcon**)a;
++ struct cil_ioportcon *b_ioportcon = *(struct cil_ioportcon**)b;
++ return context_compare(a_ioportcon->context, b_ioportcon->context);
++}
++
++int cil_post_pcidevicecon_context_compare(const void *a, const void *b)
++{
++ struct cil_pcidevicecon *a_pcidevicecon = *(struct cil_pcidevicecon**)a;
++ struct cil_pcidevicecon *b_pcidevicecon = *(struct cil_pcidevicecon**)b;
++ return context_compare(a_pcidevicecon->context, b_pcidevicecon->context);
++}
++
++int cil_post_devicetreecon_context_compare(const void *a, const void *b)
++{
++ struct cil_devicetreecon *a_devicetreecon = *(struct cil_devicetreecon**)a;
++ struct cil_devicetreecon *b_devicetreecon = *(struct cil_devicetreecon**)b;
++ return context_compare(a_devicetreecon->context, b_devicetreecon->context);
++}
++
++int cil_post_fsuse_context_compare(const void *a, const void *b)
++{
++ struct cil_fsuse *a_fsuse = *(struct cil_fsuse**)a;
++ struct cil_fsuse *b_fsuse = *(struct cil_fsuse**)b;
++ return context_compare(a_fsuse->context, b_fsuse->context);
++}
++
+ static int __cil_post_db_count_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args)
+ {
+ struct cil_db *db = extra_args;
+@@ -1929,6 +2094,74 @@ exit:
+ return rc;
+ }
+
++static int __cil_post_report_conflict(struct cil_tree_node *node, uint32_t *finished, void *extra_args)
++{
++ struct cil_list_item *li = extra_args;
++
++ if (node->flavor == CIL_BLOCK) {
++ struct cil_block *blk = node->data;
++ if (blk->is_abstract == CIL_TRUE) {
++ *finished = CIL_TREE_SKIP_HEAD;
++ }
++ } else if (node->flavor == CIL_MACRO) {
++ *finished = CIL_TREE_SKIP_HEAD;
++ } else if (node->flavor == li->flavor) {
++ if (node->data == li->data) {
++ char *path = cil_tree_get_cil_path(node);
++ cil_log(CIL_WARN, " at %s:%d\n", path, node->line);
++ }
++ }
++ return SEPOL_OK;
++}
++
++static int __cil_post_process_context_rules(struct cil_sort *sort, int (*compar)(const void *, const void *), int (*concompar)(const void *, const void *), struct cil_db *db, enum cil_flavor flavor, const char *flavor_str)
++{
++ uint32_t count = sort->count;
++ uint32_t i, j = 0, removed = 0;
++ int rc = SEPOL_OK;
++
++ if (count < 2) {
++ return SEPOL_OK;
++ }
++
++ qsort(sort->array, sort->count, sizeof(sort->array), compar);
++
++ for (i=1; i<count; i++) {
++ if (compar(&sort->array[i], &sort->array[j]) != 0) {
++ j++;
++ } else {
++ removed++;
++ if (!db->multiple_decls ||
++ concompar(&sort->array[i], &sort->array[j]) != 0) {
++ struct cil_list_item li;
++ int rc2;
++ cil_log(CIL_WARN, "Found conflicting %s rules\n",
++ flavor_str);
++ rc = SEPOL_ERR;
++ li.flavor = flavor;
++ li.data = sort->array[i];
++ rc2 = cil_tree_walk(db->ast->root,
++ __cil_post_report_conflict,
++ NULL, NULL, &li);
++ if (rc2 != SEPOL_OK) goto exit;
++ li.data = sort->array[j];
++ rc2 = cil_tree_walk(db->ast->root,
++ __cil_post_report_conflict,
++ NULL, NULL, &li);
++ if (rc2 != SEPOL_OK) goto exit;
++ }
++ }
++ if (i != j) {
++ sort->array[j] = sort->array[i];
++ }
++ }
++
++ sort->count = count - removed;
++
++exit:
++ return rc;
++}
++
+ static int cil_post_db(struct cil_db *db)
+ {
+ int rc = SEPOL_ERR;
+@@ -1975,17 +2208,65 @@ static int cil_post_db(struct cil_db *db)
+ goto exit;
+ }
+
+- qsort(db->netifcon->array, db->netifcon->count, sizeof(db->netifcon->array), cil_post_netifcon_compare);
+- qsort(db->genfscon->array, db->genfscon->count, sizeof(db->genfscon->array), cil_post_genfscon_compare);
+- qsort(db->portcon->array, db->portcon->count, sizeof(db->portcon->array), cil_post_portcon_compare);
+- qsort(db->nodecon->array, db->nodecon->count, sizeof(db->nodecon->array), cil_post_nodecon_compare);
+- qsort(db->fsuse->array, db->fsuse->count, sizeof(db->fsuse->array), cil_post_fsuse_compare);
+- qsort(db->filecon->array, db->filecon->count, sizeof(db->filecon->array), cil_post_filecon_compare);
+- qsort(db->pirqcon->array, db->pirqcon->count, sizeof(db->pirqcon->array), cil_post_pirqcon_compare);
+- qsort(db->iomemcon->array, db->iomemcon->count, sizeof(db->iomemcon->array), cil_post_iomemcon_compare);
+- qsort(db->ioportcon->array, db->ioportcon->count, sizeof(db->ioportcon->array), cil_post_ioportcon_compare);
+- qsort(db->pcidevicecon->array, db->pcidevicecon->count, sizeof(db->pcidevicecon->array), cil_post_pcidevicecon_compare);
+- qsort(db->devicetreecon->array, db->devicetreecon->count, sizeof(db->devicetreecon->array), cil_post_devicetreecon_compare);
++ rc = __cil_post_process_context_rules(db->netifcon, cil_post_netifcon_compare, cil_post_netifcon_context_compare, db, CIL_NETIFCON, CIL_KEY_NETIFCON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing netifcon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->genfscon, cil_post_genfscon_compare, cil_post_genfscon_context_compare, db, CIL_GENFSCON, CIL_KEY_GENFSCON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing genfscon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->portcon, cil_post_portcon_compare, cil_post_portcon_context_compare, db, CIL_PORTCON, CIL_KEY_PORTCON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing portcon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->nodecon, cil_post_nodecon_compare, cil_post_nodecon_context_compare, db, CIL_NODECON, CIL_KEY_NODECON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing nodecon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->fsuse, cil_post_fsuse_compare, cil_post_fsuse_context_compare, db, CIL_FSUSE, CIL_KEY_FSUSE);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing fsuse rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->filecon, cil_post_filecon_compare, cil_post_filecon_context_compare, db, CIL_FILECON, CIL_KEY_FILECON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing filecon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->iomemcon, cil_post_iomemcon_compare, cil_post_iomemcon_context_compare, db, CIL_IOMEMCON, CIL_KEY_IOMEMCON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing iomemcon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->ioportcon, cil_post_ioportcon_compare, cil_post_ioportcon_context_compare, db, CIL_IOPORTCON, CIL_KEY_IOPORTCON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing ioportcon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->pcidevicecon, cil_post_pcidevicecon_compare, cil_post_pcidevicecon_context_compare, db, CIL_PCIDEVICECON, CIL_KEY_PCIDEVICECON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing pcidevicecon rules\n");
++ goto exit;
++ }
++
++ rc = __cil_post_process_context_rules(db->devicetreecon, cil_post_devicetreecon_compare, cil_post_devicetreecon_context_compare, db, CIL_DEVICETREECON, CIL_KEY_DEVICETREECON);
++ if (rc != SEPOL_OK) {
++ cil_log(CIL_ERR, "Problems processing devicetreecon rules\n");
++ goto exit;
++ }
+
+ exit:
+ return rc;
+--
+2.7.4
+