>From d0823793490b9dae0578df2cd75c6a7e077ab6c2 Mon Sep 17 00:00:00 2001
From: Bernhard Voelker <mail@bernhard-voelker.de>
Date: Thu, 19 Nov 2020 22:40:21 +0100
Subject: [PATCH] selinux-h: add label stubs

* lib/se-label.c: Add file.
* lib/se-label.in.h: Likewise.
* m4/selinux-label-h.m4: Likewise.
* modules/selinux-h (Files): Reference the above new files.
(configure.ac): Call gl_HEADERS_SELINUX_LABEL_H.
(Makefile.am): Add se-label.in.h and se-label.c.
(selinux/label.h): Generate from se-label.in.h if necessary.
* lib/se-selinux.in.h (struct selinux_opt): Define.
* lib/selinux-at.h: Include <selinux/label.h> as well.
---
 ChangeLog             | 12 ++++++++
 lib/se-label.c        |  3 ++
 lib/se-label.in.h     | 65 +++++++++++++++++++++++++++++++++++++++++++
 lib/se-selinux.in.h   |  6 ++++
 lib/selinux-at.h      |  1 +
 m4/selinux-label-h.m4 | 22 +++++++++++++++
 modules/selinux-h     | 24 +++++++++++++++-
 7 files changed, 132 insertions(+), 1 deletion(-)
 create mode 100644 lib/se-label.c
 create mode 100644 lib/se-label.in.h
 create mode 100644 m4/selinux-label-h.m4

diff --git a/ChangeLog b/ChangeLog
index 52524da54..c45a32485 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,15 @@
+2020-11-19  Bernhard Voelker  <mail@bernhard-voelker.de>
+
+	selinux-h: add label stubs
+	* lib/se-label.c: Add file.
+	* lib/se-label.in.h: Likewise.
+	* m4/selinux-label-h.m4: Likewise.
+	* modules/selinux-h (Files): Reference the above new files.
+	(configure.ac): Call gl_HEADERS_SELINUX_LABEL_H.
+	(Makefile.am): Add se-label.in.h and se-label.c.
+	(selinux/label.h): Generate from se-label.in.h if necessary.
+	* lib/selinux-at.h: Include <selinux/label.h> as well.
+
 2020-11-19  Siddhesh Poyarekar  <siddhesh@gotplt.org>
 
 	vcs-to-changelog: Expect spaces in file names
diff --git a/lib/se-label.c b/lib/se-label.c
new file mode 100644
index 000000000..16d706fd8
--- /dev/null
+++ b/lib/se-label.c
@@ -0,0 +1,3 @@
+#include <config.h>
+#define SE_LABEL_INLINE _GL_EXTERN_INLINE
+#include <selinux/label.h>
diff --git a/lib/se-label.in.h b/lib/se-label.in.h
new file mode 100644
index 000000000..af45e6e6e
--- /dev/null
+++ b/lib/se-label.in.h
@@ -0,0 +1,65 @@
+/* SELinux-related headers.
+   Copyright (C) 2020 Free Software Foundation, Inc.
+
+   This program is free software: you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
+
+/* Written by Bernhard Voelker, 2020.  */
+
+#ifndef SELINUX_LABEL_H
+# define SELINUX_LABEL_H
+
+# include <errno.h>
+# include <selinux/selinux.h>  /* for struct selinux_opt */
+
+#ifndef _GL_INLINE_HEADER_BEGIN
+ #error "Please include config.h first."
+#endif
+_GL_INLINE_HEADER_BEGIN
+#ifndef SE_LABEL_INLINE
+# define SE_LABEL_INLINE _GL_INLINE
+#endif
+
+/* The definition of _GL_UNUSED_PARAMETER is copied here.  */
+
+/* Available backend: file contexts */
+#define SELABEL_CTX_FILE 0
+
+/* Total number of SELABEL_OPT options */
+#define SELABEL_NOPT 6
+
+/*
+ * Opaque type used for all label handles.
+ */
+struct selabel_handle;
+
+SE_LABEL_INLINE struct selabel_handle *
+selabel_open (unsigned int backend _GL_UNUSED_PARAMETER,
+              const struct selinux_opt *opts _GL_UNUSED_PARAMETER,
+              unsigned nopts _GL_UNUSED_PARAMETER)
+  { errno = ENOTSUP; return 0; }
+
+SE_LABEL_INLINE void
+selabel_close (struct selabel_handle *handle _GL_UNUSED_PARAMETER)
+  { errno = ENOTSUP; return; }
+
+SE_LABEL_INLINE int
+selabel_lookup (struct selabel_handle *handle _GL_UNUSED_PARAMETER,
+                char **con _GL_UNUSED_PARAMETER,
+                const char *key_GL_UNUSED_PARAMETER,
+                int type_GL_UNUSED_PARAMETER)
+  { errno = ENOTSUP; return -1; }
+
+_GL_INLINE_HEADER_END
+
+#endif
diff --git a/lib/se-selinux.in.h b/lib/se-selinux.in.h
index 022596bb8..323ae17db 100644
--- a/lib/se-selinux.in.h
+++ b/lib/se-selinux.in.h
@@ -42,6 +42,12 @@ _GL_INLINE_HEADER_BEGIN
 
 #  if !GNULIB_defined_security_types
 
+/* Structure for passing options, used by AVC and label subsystems */
+struct selinux_opt {
+  int type;
+  const char *value;
+};
+
 typedef unsigned short security_class_t;
 #   define is_selinux_enabled() 0
 
diff --git a/lib/selinux-at.h b/lib/selinux-at.h
index 50537f80f..d8fe305f4 100644
--- a/lib/selinux-at.h
+++ b/lib/selinux-at.h
@@ -16,6 +16,7 @@
 
 #include <selinux/selinux.h>
 #include <selinux/context.h>
+#include <selinux/label.h>
 
 /* These are the dir-fd-relative variants of the functions without the
    "at" suffix.  For example, getfileconat (AT_FDCWD, file, &c) is usually
diff --git a/m4/selinux-label-h.m4 b/m4/selinux-label-h.m4
new file mode 100644
index 000000000..52925e767
--- /dev/null
+++ b/m4/selinux-label-h.m4
@@ -0,0 +1,22 @@
+# serial 1   -*- Autoconf -*-
+# Copyright (C) 2020 Free Software Foundation, Inc.
+# This file is free software; the Free Software Foundation
+# gives unlimited permission to copy and/or distribute it,
+# with or without modifications, as long as this notice is preserved.
+
+# From Bernhard Voelker
+# Provide <selinux/label.h>, if necessary.
+
+AC_DEFUN([gl_HEADERS_SELINUX_LABEL_H],
+[
+  AC_REQUIRE([gl_LIBSELINUX])
+  if test "$with_selinux" != no; then
+    AC_CHECK_HEADERS([selinux/label.h],
+                     [SELINUX_LABEL_H=],
+                     [SELINUX_LABEL_H=selinux/label.h])
+  else
+    SELINUX_LABEL_H=selinux/label.h
+  fi
+  AC_SUBST([SELINUX_LABEL_H])
+  AM_CONDITIONAL([GL_GENERATE_SELINUX_LABEL_H], [test -n "$SELINUX_LABEL_H"])
+])
diff --git a/modules/selinux-h b/modules/selinux-h
index e074e673f..674767715 100644
--- a/modules/selinux-h
+++ b/modules/selinux-h
@@ -4,10 +4,13 @@ SELinux-related headers for systems that lack them.
 Files:
 lib/getfilecon.c
 lib/se-context.in.h
+lib/se-label.in.h
 lib/se-selinux.in.h
 lib/se-context.c
+lib/se-label.c
 lib/se-selinux.c
 m4/selinux-context-h.m4
+m4/selinux-label-h.m4
 m4/selinux-selinux-h.m4
 
 Depends-on:
@@ -18,12 +21,13 @@ snippet/unused-parameter
 configure.ac:
 gl_HEADERS_SELINUX_SELINUX_H
 gl_HEADERS_SELINUX_CONTEXT_H
+gl_HEADERS_SELINUX_LABEL_H
 if test "$with_selinux" != no && test "$ac_cv_header_selinux_selinux_h" = yes; then
   AC_LIBOBJ([getfilecon])
 fi
 
 Makefile.am:
-lib_SOURCES += se-context.in.h se-selinux.in.h se-context.c se-selinux.c
+lib_SOURCES += se-context.in.h se-label.in.h se-selinux.in.h se-context.c se-label.c se-selinux.c
 
 BUILT_SOURCES += selinux/selinux.h
 selinux/selinux.h: se-selinux.in.h $(top_builddir)/config.status $(UNUSED_PARAMETER_H)
@@ -58,11 +62,29 @@ selinux/context.h: $(top_builddir)/config.status
 	rm -f $@
 endif
 MOSTLYCLEANFILES += selinux/context.h selinux/context.h-t
+
+BUILT_SOURCES += $(SELINUX_LABEL_H)
+if GL_GENERATE_SELINUX_LABEL_H
+selinux/label.h: se-label.in.h $(top_builddir)/config.status $(UNUSED_PARAMETER_H)
+	$(AM_V_at)$(MKDIR_P) selinux
+	$(AM_V_GEN)rm -f $@-t $@ && \
+	{ echo '/* DO NOT EDIT! GENERATED AUTOMATICALLY! */' && \
+	  sed -e '/definition of _GL_UNUSED_PARAMETER/r $(UNUSED_PARAMETER_H)' \
+	      < $(srcdir)/se-label.in.h; \
+	} > $@-t && \
+	chmod a-x $@-t && \
+	mv $@-t $@
+else
+selinux/label.h: $(top_builddir)/config.status
+	rm -f $@
+endif
+MOSTLYCLEANFILES += selinux/label.h selinux/label.h-t
 MOSTLYCLEANDIRS += selinux
 
 Include:
 <selinux/selinux.h>
 <selinux/context.h>
+<selinux/label.h>
 
 Link:
 $(LIB_SELINUX)
-- 
2.29.2