From 45d8a085662f7689c0b6978cf2e33845f6095000 Mon Sep 17 00:00:00 2001
From: Laszlo Szekeres <inbox@lszekeres.com>
Date: Fri, 4 Mar 2016 20:33:06 -0500
Subject: Fix SELinux signatures in runtime

The SELinux function signatures have changed between version 2.2 and
2.3. In particular, the type of the "security context" parameter was
changed from char * to const char *, with the following patch:
SELinuxProject/selinux@9eb9c9327563014ad6a807814e7975424642d5b9.

Recent Linux distributions (e.g. Ubuntu 15.10) ship with the updated
version of libselinux. This change makes the SELinux runtime compatible
with the newer versions of the library by replacing security_context_t
with its original char * definition and defining it as const only if the
installed library does so. Whether the system uses const char * types is
detected with the configure script.

Fixes klee/klee#303.
---
 autoconf/configure.ac | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

(limited to 'autoconf')

diff --git a/autoconf/configure.ac b/autoconf/configure.ac
index bb391329..01c2c809 100644
--- a/autoconf/configure.ac
+++ b/autoconf/configure.ac
@@ -534,12 +534,31 @@ if test "x${have_cap}" = xno; then
 capability checking support for klee-replay.])
 fi
 
-AC_LANG_POP([C])
-
 AC_CHECK_HEADERS([selinux/selinux.h],
         AC_SUBST(HAVE_SELINUX, 1),
         AC_SUBST(HAVE_SELINUX, 0))
 
+if test "$HAVE_SELINUX" = "1"; then
+   # Test what function signature we need to use for SELinux. The signatures
+   # have changed between 2.2 and 2.3. In particular, the type of the "security
+   # context" parameter was changed from char * to const char *, with this
+   # patch: [PATCH] Get rid of security_context_t and fix const declarations.
+   # [http://www.spinics.net/lists/selinux/msg14827.html]
+   AC_CACHE_CHECK([for selinux security context type constness],
+                  [klee_cv_sel_ctx_const],
+   [AC_COMPILE_IFELSE(
+     [AC_LANG_PROGRAM([[
+#include <selinux/selinux.h>
+int setcon(char *context);]])],
+     [klee_cv_sel_ctx_const=''],
+     [klee_cv_sel_ctx_const='const'])])
+   AC_DEFINE_UNQUOTED([KLEE_SELINUX_CTX_CONST], [$klee_cv_sel_ctx_const],
+     [Define to empty or 'const' depending on how SELinux qualifies its
+      security context parameters.])
+fi
+
+AC_LANG_POP([C])
+
 dnl **************************************************************************
 dnl Test for features
 dnl **************************************************************************
-- 
cgit 1.4.1