Get rid of security_context_t and fix const declarations.

In attempting to enable building various part of Android with -Wall -Werror,
we found that the const security_context_t declarations in libselinux
are incorrect; const char * was intended, but const security_context_t
translates to char * const and triggers warnings on passing
const char * from the caller.   Easiest fix is to replace them all with
const char *.  And while we are at it, just get rid of all usage of
security_context_t itself as it adds no value - there is no true
encapsulation of the security context strings and callers already
directly use string functions on them.  typedef left to permit
building legacy users until such a time as all are updated.

This is a port of Change-Id I2f9df7bb9f575f76024c3e5f5b660345da2931a7
from Android, augmented to deal with all of the other code in upstream
libselinux and updating the man pages too.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: Eric Paris <eparis@redhat.com>

1 files changed, 2 insertions, 2 deletions

diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
index aaebb949..4d70ebe7 100644
--- a/libselinux/src/checkAccess.c
+++ b/libselinux/src/checkAccess.c
@@ -15,7 +15,7 @@ static void avc_init_once(void)
 	avc_open(NULL, 0);
 }
 
-int selinux_check_access(const security_context_t scon, const security_context_t tcon, const char *class, const char *perm, void *aux) {
+int selinux_check_access(const char *scon, const char *tcon, const char *class, const char *perm, void *aux) {
 	int rc;
 	security_id_t scon_id;
 	security_id_t tcon_id;
@@ -59,7 +59,7 @@ int selinux_check_access(const security_context_t scon, const security_context_t
 int selinux_check_passwd_access(access_vector_t requested)
 {
 	int status = -1;
-	security_context_t user_context;
+	char *user_context;
 	if (is_selinux_enabled() == 0)
 		return 0;
 	if (getprevcon_raw(&user_context) == 0) {