Get rid of security_context_t and fix const declarations.

In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller.   Easiest fix is to replace them all with
const char *.  And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them.  typedef left to permit
building legacy users until such a time as all are updated.

This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>

libselinux/include/selinux/avc.h

@@ -19,7 +19,7 @@ extern "C" {
  * SID format and operations
  */
 struct security_id {
-	security_context_t ctx;
+	char * ctx;
 	unsigned int refcnt;
 };
 typedef struct security_id *security_id_t;
@@ -37,8 +37,8 @@ typedef struct security_id *security_id_t;
  * failure, with @errno set to %ENOMEM if insufficient memory was
  * available to make the copy, or %EINVAL if the input SID is invalid.
  */
-int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
-int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
+int avc_sid_to_context(security_id_t sid, char ** ctx);
+int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
 
 /**
  * avc_context_to_sid - get SID for context.
@@ -51,8 +51,8 @@ int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
  * to the SID structure into the memory referenced by @sid, 
  * returning %0 on success or -%1 on error with @errno set.  
  */
-int avc_context_to_sid(const security_context_t ctx, security_id_t * sid);
-int avc_context_to_sid_raw(const security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid(const char * ctx, security_id_t * sid);
+int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
 
 /**
  * sidget - increment SID reference counter.

libselinux/include/selinux/get_context_list.h

@@ -17,15 +17,15 @@ extern "C" {
    If 'fromcon' is NULL, defaults to current context.
    Caller must free via freeconary. */
 	extern int get_ordered_context_list(const char *user,
-					    security_context_t fromcon,
-					    security_context_t ** list);
+					    char * fromcon,
+					    char *** list);
 
 /* As above, but use the provided MLS level rather than the
    default level for the user. */
 	int get_ordered_context_list_with_level(const char *user,
 						const char *level,
-						security_context_t fromcon,
-						security_context_t ** list);
+						char * fromcon,
+						char *** list);
 
 /* Get the default security context for a user session for 'user'
    spawned by 'fromcon' and set *newcon to refer to it.  The context
@@ -35,46 +35,46 @@ extern "C" {
    Returns 0 on success or -1 otherwise.
    Caller must free via freecon. */
 	extern int get_default_context(const char *user,
-				       security_context_t fromcon,
-				       security_context_t * newcon);
+				       char * fromcon,
+				       char ** newcon);
 
 /* As above, but use the provided MLS level rather than the
    default level for the user. */
 	int get_default_context_with_level(const char *user,
 					   const char *level,
-					   security_context_t fromcon,
-					   security_context_t * newcon);
+					   char * fromcon,
+					   char ** newcon);
 
 /* Same as get_default_context, but only return a context
    that has the specified role.  If no reachable context exists
    for the user with that role, then return -1. */
 	int get_default_context_with_role(const char *user,
 					  const char *role,
-					  security_context_t fromcon,
-					  security_context_t * newcon);
+					  char * fromcon,
+					  char ** newcon);
 
 /* Same as get_default_context, but only return a context
    that has the specified role and level.  If no reachable context exists
    for the user with that role, then return -1. */
 	int get_default_context_with_rolelevel(const char *user,
 					       const char *level,
 					       const char *role,
-					       security_context_t fromcon,
-					       security_context_t * newcon);
+					       char * fromcon,
+					       char ** newcon);
 
 /* Given a list of authorized security contexts for the user, 
    query the user to select one and set *newcon to refer to it.
    Caller must free via freecon.
    Returns 0 on sucess or -1 otherwise. */
-	extern int query_user_context(security_context_t * list,
-				      security_context_t * newcon);
+	extern int query_user_context(char ** list,
+				      char ** newcon);
 
 /* Allow the user to manually enter a context as a fallback
    if a list of authorized contexts could not be obtained. 
    Caller must free via freecon.
    Returns 0 on success or -1 otherwise. */
 	extern int manual_user_enter_context(const char *user,
-					     security_context_t * newcon);
+					     char ** newcon);
 
 #ifdef __cplusplus
 }

libselinux/include/selinux/label.h

@@ -92,9 +92,9 @@ void selabel_close(struct selabel_handle *handle);
  * The result is returned in the memory pointed to by @con and must be freed
  * by the user with freecon().
  */
-int selabel_lookup(struct selabel_handle *handle, security_context_t *con,
+int selabel_lookup(struct selabel_handle *handle, char **con,
 		   const char *key, int type);
-int selabel_lookup_raw(struct selabel_handle *handle, security_context_t *con,
+int selabel_lookup_raw(struct selabel_handle *handle, char **con,
 		       const char *key, int type);
 
 /**