Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
libselinux: remove flask.h and av_permissions.h
The flask.h and av_permissions.h header files were deprecated and all selinux userspace references to them were removed in commit 76913d8 ("Deprecate use of flask.h and av_permissions.h.") back in 2014 and included in the 20150202 / 2.4 release. All userspace object managers should have been updated to use the dynamic class/perm mapping support since that time. Remove these headers finally to ensure that no users remain and that no future uses are ever introduced. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Petr Lautrbach <plautrba@redhat.com>
- Loading branch information
1 parent
5bbe32a
commit 89674c2
89674c2There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Quickly looking in debian archive, I still see some users of these files:
https://codesearch.debian.net/search?q=selinux%2Fav_permissions.h&literal=1
https://codesearch.debian.net/search?q=selinux%2Fflask.h&literal=1&page=1
89674c2There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
They've been ignoring build-time #warnings for ~5 years. They'll just have to update to follow the instructions that have been in those warnings all of those years, also now included in the updated man pages for security_compute_* and avc_has_perm*(), to use string_to_security_class(), string_to_av_perm(), or just use selinux_check_access() instead.
89674c2There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should note this prominently in the release notes for the next selinux userspace release (3.1).