diff --git a/contrib/sepgsql/label.c b/contrib/sepgsql/label.c index cbb9249be7..f8ff9fbac9 100644 --- a/contrib/sepgsql/label.c +++ b/contrib/sepgsql/label.c @@ -130,7 +130,7 @@ sepgsql_set_client_label(const char *new_label) tcontext = client_label_peer; else { - if (security_check_context_raw((security_context_t) new_label) < 0) + if (security_check_context_raw(new_label) < 0) ereport(ERROR, (errcode(ERRCODE_INVALID_NAME), errmsg("SELinux: invalid security label: \"%s\"", @@ -470,9 +470,9 @@ sepgsql_get_label(Oid classId, Oid objectId, int32 subId) object.objectSubId = subId; label = GetSecurityLabel(&object, SEPGSQL_LABEL_TAG); - if (!label || security_check_context_raw((security_context_t) label)) + if (!label || security_check_context_raw(label)) { - security_context_t unlabeled; + char *unlabeled; if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0) ereport(ERROR, @@ -507,7 +507,7 @@ sepgsql_object_relabel(const ObjectAddress *object, const char *seclabel) * context of selinux. */ if (seclabel && - security_check_context_raw((security_context_t) seclabel) < 0) + security_check_context_raw(seclabel) < 0) ereport(ERROR, (errcode(ERRCODE_INVALID_NAME), errmsg("SELinux: invalid security label: \"%s\"", seclabel))); @@ -749,7 +749,7 @@ exec_object_restorecon(struct selabel_handle *sehnd, Oid catalogId) char *objname; int objtype = 1234; ObjectAddress object; - security_context_t context; + char *context; /* * The way to determine object name depends on object classes. So, any diff --git a/contrib/sepgsql/selinux.c b/contrib/sepgsql/selinux.c index bf89e83dd6..c773a75ed4 100644 --- a/contrib/sepgsql/selinux.c +++ b/contrib/sepgsql/selinux.c @@ -767,8 +767,8 @@ sepgsql_compute_avd(const char *scontext, * Ask SELinux what is allowed set of permissions on a pair of the * security contexts and the given object class. */ - if (security_compute_av_flags_raw((security_context_t) scontext, - (security_context_t) tcontext, + if (security_compute_av_flags_raw(scontext, + tcontext, tclass_ex, 0, &avd_ex) < 0) ereport(ERROR, (errcode(ERRCODE_INTERNAL_ERROR), @@ -839,7 +839,7 @@ sepgsql_compute_create(const char *scontext, uint16 tclass, const char *objname) { - security_context_t ncontext; + char *ncontext; security_class_t tclass_ex; const char *tclass_name; char *result; @@ -854,8 +854,8 @@ sepgsql_compute_create(const char *scontext, * Ask SELinux what is the default context for the given object class on a * pair of security contexts */ - if (security_compute_create_name_raw((security_context_t) scontext, - (security_context_t) tcontext, + if (security_compute_create_name_raw(scontext, + tcontext, tclass_ex, objname, &ncontext) < 0) diff --git a/contrib/sepgsql/uavc.c b/contrib/sepgsql/uavc.c index f0915918db..7f60910518 100644 --- a/contrib/sepgsql/uavc.c +++ b/contrib/sepgsql/uavc.c @@ -177,7 +177,7 @@ sepgsql_avc_unlabeled(void) { if (!avc_unlabeled) { - security_context_t unlabeled; + char *unlabeled; if (security_get_initial_context_raw("unlabeled", &unlabeled) < 0) ereport(ERROR, @@ -225,7 +225,7 @@ sepgsql_avc_compute(const char *scontext, const char *tcontext, uint16 tclass) * policy is reloaded, validation status shall be kept, so we also cache * whether the supplied security context was valid, or not. */ - if (security_check_context_raw((security_context_t) tcontext) != 0) + if (security_check_context_raw(tcontext) != 0) ucontext = sepgsql_avc_unlabeled(); /*