4 files changed, 174 insertions, 20 deletions

diff --git a/sec-policy/selinux-base-policy/ChangeLog b/sec-policy/selinux-base-policy/ChangeLog
index 5406339b846b..0021aee25a79 100644
--- a/sec-policy/selinux-base-policy/ChangeLog
+++ b/sec-policy/selinux-base-policy/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sec-policy/selinux-base-policy
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.167 2014/12/21 14:20:23 swift Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/ChangeLog,v 1.168 2015/01/29 09:52:10 perfinion Exp $
+
+*selinux-base-policy-2.20141203-r3 (29 Jan 2015)
+
+  29 Jan 2015; Jason Zaman <perfinion@gentoo.org>
+  +selinux-base-policy-2.20141203-r3.ebuild,
+  selinux-base-policy-2.20141203-r2.ebuild:
+  Release of 2.20141203-r3, stable 2.20141203-r2
 
   21 Dec 2014; Sven Vermeulen <swift@gentoo.org>
   -selinux-base-policy-2.20140311-r1.ebuild,
diff --git a/sec-policy/selinux-base-policy/Manifest b/sec-policy/selinux-base-policy/Manifest
index 2013701cabed..178ef5bf8932 100644
--- a/sec-policy/selinux-base-policy/Manifest
+++ b/sec-policy/selinux-base-policy/Manifest
@@ -8,30 +8,34 @@ DIST patchbundle-selinux-base-policy-2.20140311-r6.tar.bz2 281043 SHA256 7fbfb51
 DIST patchbundle-selinux-base-policy-2.20140311-r7.tar.bz2 285346 SHA256 8e216867cc5ec2c513ae81d04e637021b4eda9bbd0fafab0c7f61f087776c33c SHA512 01d30c38dba876136d61452a890adbbe0301fb990b65b0a15086f1c8f14df4f96faf57bee8fd1328147458e5a7e96f972792c26ef971924c0fc74cf644d4b644 WHIRLPOOL ec03df417b73d52a19809a2e7417b05b11880517e4bc5093725a8172177943f3fa526eb32222f41c3aed5ec5ba3d57fb5af2ed19a32af1c37529864d30afd68b
 DIST patchbundle-selinux-base-policy-2.20141203-r1.tar.bz2 264038 SHA256 0fb0ff62bf3abc2294db83d35d22220c5d86384e38332e4458fb38f88ce1538c SHA512 a9ac284c999b15f9f825761a5d59968337cac5990250d9ce46fc79a870ed14534f61b0d454866ea9296d134adb3e38634b02c0e9d70f69a657da4c11b6aeee38 WHIRLPOOL 389d5fd4feecc74c9a231c98a9bf497491e3e5c19a54f5b8ef68d050d95aeca7e6dd0853655212989b7239271be51cf2c4c3e19ac3db54cec229d802df95cbb5
 DIST patchbundle-selinux-base-policy-2.20141203-r2.tar.bz2 268395 SHA256 60f5fbb2402f12b4c4aca89b134ee0dd4c88a1812208d765b601b23e025f7cfe SHA512 0a6d7a61ae259f6b4b9210c0b509a2b25581674b0d07e0fa8f2eff151f1e8bf084cae7a8928ede6e4358da661290940b8390a2cb6f5c6ababc021de4f6b445b9 WHIRLPOOL 6341b3c04aa547256f3128826fffe777c4ac2d7f6f916d6e7a7f2e976b18a903786116743a26f43602c707310662c445564ffdaa173b2c2cd9e48f4173c367a1
+DIST patchbundle-selinux-base-policy-2.20141203-r3.tar.bz2 269940 SHA256 c1d507c21b02ab510e8fbe1eeb799ad1e9604ad611759c13df6c15ddc9480ed8 SHA512 694a1cf95d4fe5c686e6e8ddae56f591d85fd334f896352b11b2bf24b2e95be8eaf32d6aee9a3410c25e613efa6fe18e485cfe836a2a6dadb5f01c8118b42a45 WHIRLPOOL 8061b6e5dd5f1d0602b66fdf31f2c3c02de02bad73f213ad24d0be8d62a7dc4b8d35cb0780b4a1ee76ecded737d9eed3e41f6d51c24d885d3cac63591930ce96
 DIST refpolicy-2.20140311.tar.bz2 664416 SHA256 f69437db95548c78a5dec44c236397146b144153149009ea554d2e536e5436f7 SHA512 50bacee82ed41ac8b8007ecc33bf51d22303cc2ddd27cfb72cb5520dab5f8e255186e34b89cec492c7a2d4220b200814bdede9b46c19f987a3d3d65a1c9b749a WHIRLPOOL e07480beba6ab1f02ad36b7d0c50c4a71cb39a8ec78bf8d1dc3c82bb9dd1d69d9169d7c937165ea15f60ce1147f256d46644f944107a3a8a800d5bad70d4c255
 DIST refpolicy-2.20141203.tar.bz2 680243 SHA256 f438209c430d8a2d4ddcbe4bdd3edb46f6af7dc4913637af0b73c635e40c1522 SHA512 682e4280c5799e4c12ec7594afc1389f67be35055748d2e0dbdc3419159a16c96d4946ca6178daee8370515951f8653b2e452efe8c962b8d7f9bc192f0b15a0c WHIRLPOOL 74bca232534e7af9051bb1ab9f77c1ff6c425781cf4561f781d6e9a40cc5ca0d9add540249ea5493e8782a9372aea296ead6c165c6c440ae1509eb319d151ee5
 EBUILD selinux-base-policy-2.20140311-r5.ebuild 4087 SHA256 c3d07b6465aac57899df606a431d819ea3da797ba63d8828a1eacfe1405ef5f9 SHA512 784a2ccc00997c76294a2eeef5f20d7371badc1b1d66d5d3b76d079b678edebc5dcb60e85f8ad00d930b769fdc10bf83a1d5c5906f989d5e8cedfc44a029be13 WHIRLPOOL 4e4837a87b6449d7d2416396f54228ec6ba05cc2d04db7acc90950e238bc782f967ce6a48f366d72a0bdb47e2145530f3842d254d0a815b314220a1b3d9ff733
 EBUILD selinux-base-policy-2.20140311-r6.ebuild 4087 SHA256 18d35c3497344c8f24ea7c27e31f87ab92bc790620cdb3aba2ef4773404cdcc1 SHA512 234b8b45248adfef459fcd612601cdd457f89435c8b196e4d2ce069e096e6035c6834aff72d83146ec96f1fc5e80c75bee293685513f65685c29180bc73e1584 WHIRLPOOL f4bbee02bc351d98668e5f42a91042728fe9dddbca9667eedac660152acb273897d52dd708093c8169adabfd40e142f36d3e25efffe44eaa3cab0fa0a4b709b3
 EBUILD selinux-base-policy-2.20140311-r7.ebuild 4430 SHA256 be769aeb3f111f6cf88ef611c189927b8fde8485dd7075881572e97e5ce84137 SHA512 4743c21b371e4c9e023d4850c506853470b9b4c63d7aee5a8491d0fdcbb3441e72f02c5267d24cfd46b8d1ec4d5bab6534d6f74bdcc7d8b31e7f48b121e8510e WHIRLPOOL fcd63b709eac2541a23d576b7992941a453e091df6b36a21a094c4f9d919869e2d40a2f5ca4e9b2e24ba8bb4ea29407b359929e2c60f58d02e4212be07437ee0
 EBUILD selinux-base-policy-2.20141203-r1.ebuild 4527 SHA256 a65a36dff32835cda3ddae1e0bd9a32b9fea6955de5c63b19735cc8f8746fede SHA512 d6193e4a17f541c9ca9e1845c14625fcc0eba785513abca797ead351221ef94d36389e8fd54974f5d3ef91c4bb4c0c577b72f0038a4de66e88fdd1c293973507 WHIRLPOOL 1a24e8ac692d9fdc1b4c128df7e4f1d99c1755e4897fac0a235498d4fe9cca09c197392846953eb11744c25ab51978aad263e23466ba869105c4096e0a0c214c
-EBUILD selinux-base-policy-2.20141203-r2.ebuild 4397 SHA256 51c008eb84a14af3cdf53c3ae5818d44a0102adbb2325967d90c70e8cf7e5834 SHA512 4c15d4f0e0cfc56b55e686fe73e9f59cb4eb12c4fa4ea4f81d92bf6a70891401a22602a1d783bbc8af92acb45bb4b40b5187b415cf16123f71c7ae08bfb6621e WHIRLPOOL 0f48eca68a71cdd794a74e51adc87b8f1ce2624aa67823169a85487db3ddf7a7dfaf9e6c50907c509320bed5bc30e72b7046efe821ab1ae158db7e781aa60bb1
+EBUILD selinux-base-policy-2.20141203-r2.ebuild 4399 SHA256 98795e1375a03729b95a2caf39d3412c49d88a0ea5ccc7134eb5d9de74c498af SHA512 75a86ba90f4fb0e8ee6b79f1df832bc20bbbd985da72b09fa1ee36ee81744d5252dcb61cc40024763e4cfd9719452226c64ebc965349ffba30ba99fb7871f660 WHIRLPOOL ce25ea8bba0ec9a967fddaebf7e93277d83dabc70d3933566d535996816122c9eb8610b74839fa74d2fb01618ea5fd57c3d443cbbc00f13170d3148c0cfd24de
+EBUILD selinux-base-policy-2.20141203-r3.ebuild 4401 SHA256 a80901fc5af879861a2a40490e4aa6b7d47ae3475cf655f99bbf9100a5d4776d SHA512 538f11b742fca6998460390c55623bd702edb350d6f809c2d3950ba0d1162fd69b507baf90da08bd292e206182b69ca19c247fc481a4d0b41eef710282a4597b WHIRLPOOL 7efc2b59608e6fc74ce0594a4ce3b8e80222cf3ba5c2c40f63f4d1be737e09c5126e1a2d04776323e9f29439ab7a5243861aad15ada68847d08ab6f74d905506
 EBUILD selinux-base-policy-9999.ebuild 4393 SHA256 794fc8c764fc67ca44c0fd750c14f50dceed9715a13c2bebba6f892a5517dbce SHA512 af04aeead7e5047fd5926fce82c7c27b32a9ba1fa471f2dd11114dc9a4ca759cd535a5ae59e2138e8508bd71a1c0828ee1ff80ba381dc0913c145b7f8abc502c WHIRLPOOL c50e3d664c80ce7a0978a7b3bb4efd55b981b7d874a84859c15d90f0f1eeaac8d3781946a42fe1d9d54c7032df23916f29c904b570c3340e857239d6bd11b8b7
-MISC ChangeLog 35615 SHA256 575d731b9303ecffd590fa145aec70acc6a260dd9f0c5601580467cd20279732 SHA512 64ec5ea43d9aa57507cf37094c9a53d9c22c321a53223395d73df78be3b2de94412aa3092fcafaa0744f91a8a7521e5ed1adf0c76bf6e0bfc66419a069cbbd77 WHIRLPOOL ff3713a16ecdf11fb3d34497502aad4edfbbfa916809e7b3b6dd6d323ac23ea9db0081adf062f3c759cf533098a437a2563a32e74e235d69718bcf00fabb2184
+MISC ChangeLog 35858 SHA256 3e0ad4e62476d66754eb911443e3733773f7ee603a3149a71ea196cc33968bd5 SHA512 2ec3c265c7dd6a4961f21ec6d64e05a2571c6bb39b3eb6984d114630d4362fc5a771e2add4a3adb84621546ef3a7c47688ef56ab48687720d35cbce44663617a WHIRLPOOL d6b55c905bb02012eb4e4d9a2e83d60833fffe1e5ee7be67273f3e503c18ea415882891ea99d00c11f7abe96d873396a83c339ad140f93b77d854584c052721a
 MISC metadata.xml 448 SHA256 4babd5e53785136aa79ee0737a89af1fc49c4fc144aba0f6163d6f85215f57e2 SHA512 7e747c9dbae3eaee62a284824a68039961264540e0633e617aaabaeef2e83f4623863d29ee26c2e4738ac706d3824914f530f8e2b990ac7f06aa8f6e4cae9964 WHIRLPOOL 733957f76ca89c6fdd08060a368048276247994db56cf8325e69b896a07dc5e576ca124f3190079b169ec078a2e69156d4b12e6c6cc94328248705779f357bc4
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0
 
-iQIcBAEBCAAGBQJUltdFAAoJEC7dUkA7aK9HHTwP/A+GyRNJ6YJh8rbWOouTEDpj
-gTi/XEvGp341+Uib8NiRal7Sc4tqz9GpUyIu7uNQnSZKoKEoehQMCBAVaXZjKWGA
-OrIbecuSWxZJzV+Pz2RpoBP/f2d8dWeqMwTYQWhSGurWcUiyHyUzCLlJhovxHhyJ
-C2kkvIjTjf04+bSabbio9caSz629FNChhR7/34s5PcsoSB03O6KIXXDch8uxJuff
-t/KR04NehaCY0ZDjLXT6vU6xO0xDSEWgS1cDT7KHk1OmRFLv3v5G4/m/5FCRcLNl
-0UVEYKqfY0DZ2UDM6nuw0UswstTmf99cVx4LBgAHSdG1uMH3G14S0h8Ij8ujy9Zt
-CtHL441YMsrTAjLXOyIY/+ttsqU0DHtk/OuXa28kR32ngEl6d/H32Pm5FPLAtZfe
-arEXF4JX0pGu+YNAMZ7GyusRHXUqvjSuiaZ+3NDAW4T8ZFFXG8n2U5SXYMzohQMa
-AYUjEnUI1NQydRN3342oGre6A7ziBLadCV67xXqnVc+FUd7DbGXoWFWBm1bb2Jyw
-uPZKJVJWlYWrtcsmDoYOWs7KvzIpW4NYFWADGSvfwEidUy36eiaexuLTyXp962CF
-HEWutloqWNQkQj2cUHudJBVRMqbwU4AezMFa5/kTiWS0WsbqEgQKID1it/LNIXL9
-anWyBvuMZQkJnFJ+otIP
-=Ik8x
+iQJ8BAEBCABmBQJUygMYXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFMTYyREVBRDFDQ0REMTEzRjA0QjNENDky
+QkJFRDlDQjFBNjhFRjU1AAoJECu+2csaaO9VKvUP/33ij00gifM1sqoXemAx9MhF
+rQYOip11V6uIcSjNDvIVolRVyF8oM3E9AbScmHNnyu02GLp+iqRlaTgiY0lD/15W
+Y5uemvboi6Hy1T2TOW3Ax0+qpj6nJduwpzQIDnbYqcjKEZFkzq6aZYEeGi5djOlE
+Kka0yEbrleBj1/FD14MTbU1C46tB6jcA9b/KEKcM9s75STs7AuhhagPZUKO4FXtS
+yIiNZoK4i8uPkNtlS88Z+2S8r0gtjEAFTpZTmbW6Ep+rky7dTd2Huilcn2e7nrU1
+MOskP6z+ezAhVUZXjQ1uinZDejf7j59LgZu/045Ukeu41r2zIEo7qD/n89JBZh9N
+ebtEU6d7P8SSo7uR4MxU4S40EGxXJG+5mYuMIOZzSgxeICcqaM/YjE9LxuEOt4Ti
+xM/VkCmJoSEJ+athPVBWeb8n7ioYCb6I6NTPHVBPaFPNMZG/o36fnmt57FTF1+8p
+aNge3OfBmfS2/8RnZyPiheVhz7ejrAmwV23NhJIx2KlPxmnEuZNX9+aXm/SR+3SJ
+CLgyyjSsWaammPoSEvg5MqwkqtBrRDRjthMzYGYtYWWxa+sBS6WOa0LhoLnDTwc7
+xnpnyTvlvxWpTkLFwqtrZg6ic3BEUhYoKKCWksF6BxTc4MMGkByWrk5oy/KLmD5n
+R9i+s9F78/CR3VPQUauC
+=qEfY
 -----END PGP SIGNATURE-----
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r2.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r2.ebuild
index 72c6d6b99086..fe888b49d6da 100644
--- a/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r2.ebuild
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r2.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r2.ebuild,v 1.1 2014/12/21 13:56:07 swift Exp $
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r2.ebuild,v 1.2 2015/01/29 09:52:10 perfinion Exp $
 EAPI="5"
 
 inherit eutils
@@ -16,7 +16,7 @@ if [[ ${PV} == 9999* ]]; then
 else
 	SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
 			http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
-	KEYWORDS="~amd64 ~x86"
+	KEYWORDS="amd64 x86"
 fi
 
 HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
diff --git a/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r3.ebuild b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r3.ebuild
new file mode 100644
index 000000000000..78004a21ace0
--- /dev/null
+++ b/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r3.ebuild
@@ -0,0 +1,143 @@
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sec-policy/selinux-base-policy/selinux-base-policy-2.20141203-r3.ebuild,v 1.1 2015/01/29 09:52:10 perfinion Exp $
+EAPI="5"
+
+inherit eutils
+
+if [[ ${PV} == 9999* ]]; then
+	EGIT_REPO_URI="${SELINUX_GIT_REPO:-git://git.overlays.gentoo.org/proj/hardened-refpolicy.git https://git.overlays.gentoo.org/gitroot/proj/hardened-refpolicy.git}"
+	EGIT_BRANCH="${SELINUX_GIT_BRANCH:-master}"
+	EGIT_SOURCEDIR="${WORKDIR}/refpolicy"
+
+	inherit git-2
+
+	KEYWORDS=""
+else
+	SRC_URI="https://raw.githubusercontent.com/wiki/TresysTechnology/refpolicy/files/refpolicy-${PV}.tar.bz2
+			http://dev.gentoo.org/~swift/patches/${PN}/patchbundle-${PN}-${PVR}.tar.bz2"
+	KEYWORDS="~amd64 ~x86"
+fi
+
+HOMEPAGE="http://www.gentoo.org/proj/en/hardened/selinux/"
+DESCRIPTION="SELinux policy for core modules"
+
+IUSE="+unconfined"
+
+RDEPEND="=sec-policy/selinux-base-${PVR}"
+PDEPEND="unconfined? ( sec-policy/selinux-unconfined )"
+DEPEND=""
+
+MODS="application authlogin bootloader clock consoletype cron dmesg fstools getty hostname hotplug init iptables libraries locallogin logging lvm miscfiles modutils mount mta netutils nscd portage raid rsync selinuxutil setrans ssh staff storage su sysadm sysnetwork tmpfiles udev userdomain usermanage unprivuser xdg"
+LICENSE="GPL-2"
+SLOT="0"
+S="${WORKDIR}/"
+
+# Code entirely copied from selinux-eclass (cannot inherit due to dependency on
+# itself), when reworked reinclude it. Only postinstall (where -b base.pp is
+# added) needs to remain then.
+
+pkg_pretend() {
+	for i in ${POLICY_TYPES}; do
+		if [[ "${i}" == "targeted" ]] && ! use unconfined; then
+			die "If you use POLICY_TYPES=targeted, then USE=unconfined is mandatory."
+		fi
+	done
+}
+
+src_prepare() {
+	local modfiles
+
+	if [[ ${PV} != 9999* ]]; then
+		# Patch the source with the base patchbundle
+		cd "${S}"
+		EPATCH_MULTI_MSG="Applying SELinux policy updates ... " \
+		EPATCH_SUFFIX="patch" \
+		EPATCH_SOURCE="${WORKDIR}" \
+		EPATCH_FORCE="yes" \
+		epatch
+	fi
+
+	# Apply the additional patches refered to by the module ebuild.
+	# But first some magic to differentiate between bash arrays and strings
+	if [[ "$(declare -p POLICY_PATCH 2>/dev/null 2>&1)" == "declare -a"* ]];
+	then
+		cd "${S}/refpolicy/policy/modules"
+		for POLPATCH in "${POLICY_PATCH[@]}";
+		do
+			epatch "${POLPATCH}"
+		done
+	else
+		if [[ -n ${POLICY_PATCH} ]];
+		then
+			cd "${S}/refpolicy/policy/modules"
+			for POLPATCH in ${POLICY_PATCH};
+			do
+				epatch "${POLPATCH}"
+			done
+		fi
+	fi
+
+	# Calling user patches
+	epatch_user
+
+	# Collect only those files needed for this particular module
+	for i in ${MODS}; do
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.te) $modfiles"
+		modfiles="$(find ${S}/refpolicy/policy/modules -iname $i.fc) $modfiles"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		mkdir "${S}"/${i} || die "Failed to create directory ${S}/${i}"
+		cp "${S}"/refpolicy/doc/Makefile.example "${S}"/${i}/Makefile \
+			|| die "Failed to copy Makefile.example to ${S}/${i}/Makefile"
+
+		cp ${modfiles} "${S}"/${i} \
+			|| die "Failed to copy the module files to ${S}/${i}"
+	done
+}
+
+src_compile() {
+	for i in ${POLICY_TYPES}; do
+		emake NAME=$i -C "${S}"/${i} || die "${i} compile failed"
+	done
+}
+
+src_install() {
+	local BASEDIR="/usr/share/selinux"
+
+	for i in ${POLICY_TYPES}; do
+		for j in ${MODS}; do
+			einfo "Installing ${i} ${j} policy package"
+			insinto ${BASEDIR}/${i}
+			doins "${S}"/${i}/${j}.pp || die "Failed to add ${j}.pp to ${i}"
+		done
+	done
+}
+
+pkg_postinst() {
+	# Override the command from the eclass, we need to load in base as well here
+	local COMMAND
+	for i in ${MODS}; do
+		COMMAND="-i ${i}.pp ${COMMAND}"
+	done
+
+	for i in ${POLICY_TYPES}; do
+		einfo "Inserting the following modules, with base, into the $i module store: ${MODS}"
+
+		cd /usr/share/selinux/${i} || die "Could not enter /usr/share/selinux/${i}"
+
+		semodule -s ${i} -b base.pp ${COMMAND} || die "Failed to load in base and modules ${MODS} in the $i policy store"
+	done
+
+	# Relabel depending packages
+	local PKGSET="";
+	if [ -x /usr/bin/qdepends ] ; then
+		PKGSET=$(/usr/bin/qdepends -Cq -r -Q ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+	elif [ -x /usr/bin/equery ] ; then
+		PKGSET=$(/usr/bin/equery -Cq depends ${CATEGORY}/${PN} | grep -v 'sec-policy/selinux-');
+	fi
+	if [ -n "${PKGSET}" ] ; then
+		rlpkg ${PKGSET};
+	fi
+}