From b105446e69e5c9274d2d8ef8df35fdc61cb700ac Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Wed, 13 Jan 2021 14:58:43 +0100
Subject: [PATCH] mkswap: remove deprecated SELinux matchpathcon()

Signed-off-by: Karel Zak <kzak@redhat.com>
---
 disk-utils/Makemodule.am |  3 +++
 disk-utils/mkswap.c      |  8 ++++++--
 include/selinux-utils.h  |  1 +
 lib/selinux-utils.c      | 30 ++++++++++++++++++++++++++++++
 4 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/disk-utils/Makemodule.am b/disk-utils/Makemodule.am
index b39aff804e..58f42ea23e 100644
--- a/disk-utils/Makemodule.am
+++ b/disk-utils/Makemodule.am
@@ -66,6 +66,9 @@ mkswap_LDADD += libblkid.la
 endif
 if HAVE_SELINUX
 mkswap_LDADD += -lselinux
+mkswap_SOURCES += \
+	lib/selinux-utils.c \
+	include/selinux-utils.h
 endif
 endif # BUILD_MKSWAP
 
diff --git a/disk-utils/mkswap.c b/disk-utils/mkswap.c
index 2391b3e508..add732a930 100644
--- a/disk-utils/mkswap.c
+++ b/disk-utils/mkswap.c
@@ -23,6 +23,7 @@
 #ifdef HAVE_LIBSELINUX
 # include <selinux/selinux.h>
 # include <selinux/context.h>
+# include "selinux-utils.h"
 #endif
 #ifdef HAVE_LINUX_FIEMAP_H
 # include <linux/fs.h>
@@ -636,8 +637,11 @@ int main(int argc, char **argv)
 				err(EXIT_FAILURE,
 					_("%s: unable to obtain selinux file label"),
 					ctl.devname);
-			if (matchpathcon(ctl.devname, ctl.devstat.st_mode, &oldcontext))
-				errx(EXIT_FAILURE, _("unable to matchpathcon()"));
+			if (ul_selinux_get_default_context(ctl.devname,
+						ctl.devstat.st_mode, &oldcontext))
+				errx(EXIT_FAILURE,
+					_("%s: unable to obtain default selinux file label"),
+					ctl.devname);
 		}
 		if (!(newcontext = context_new(oldcontext)))
 			errx(EXIT_FAILURE, _("unable to create new selinux context"));
diff --git a/include/selinux-utils.h b/include/selinux-utils.h
index 20054f6a52..82c27c8f53 100644
--- a/include/selinux-utils.h
+++ b/include/selinux-utils.h
@@ -3,5 +3,6 @@
 
 extern int ul_setfscreatecon_from_file(char *orig_file);
 extern int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cxt);
+extern int ul_selinux_get_default_context(const char *path, int st_mode, char **cxt);
 
 #endif
diff --git a/lib/selinux-utils.c b/lib/selinux-utils.c
index bd14d489ac..79425b1cfb 100644
--- a/lib/selinux-utils.c
+++ b/lib/selinux-utils.c
@@ -1,8 +1,16 @@
+/*
+ * No copyright is claimed.  This code is in the public domain; do with
+ * it what you wish.
+ *
+ * Written by Karel Zak <kzak@redhat.com> [January 2021]
+ */
 #include <selinux/context.h>
 #include <selinux/selinux.h>
+#include <selinux/label.h>
 #include <stdio.h>
 #include <string.h>
 #include <sys/types.h>
+#include <errno.h>
 
 #include "selinux-utils.h"
 
@@ -46,3 +54,25 @@ int ul_selinux_has_access(const char *classstr, const char *perm, char **user_cx
 	return rc == 0 ? 1 : 0;
 }
 
+/* return 0 on success, 0 on error; @cxt returns the default context for @path
+ * and @st_mode (stat())
+ */
+int ul_selinux_get_default_context(const char *path, int st_mode, char **cxt)
+{
+	struct selabel_handle *hnd;
+	struct selinux_opt options[SELABEL_NOPT] = {};
+	int rc = 0;
+
+	*cxt = NULL;
+
+	hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT);
+	if (!hnd)
+		return -errno;
+
+	if (selabel_lookup(hnd, cxt, path, st_mode) != 0)
+		rc = -errno
+			;
+	selabel_close(hnd);
+
+	return rc;
+}
-- 
2.47.2