Deprecate use of flask.h and av_permissions.h.

Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 1 insertions, 2 deletions

diff --git a/libselinux/src/setexecfilecon.c b/libselinux/src/setexecfilecon.c
index e574de10..e72ba0d9 100644
--- a/libselinux/src/setexecfilecon.c
+++ b/libselinux/src/setexecfilecon.c
@@ -1,7 +1,6 @@
 #include <unistd.h>
 #include <fcntl.h>
 #include <string.h>
-#include <selinux/flask.h>
 #include "selinux_internal.h"
 #include "context_internal.h"
 
@@ -22,7 +21,7 @@ int setexecfilecon(const char *filename, const char *fallback_type)
 	if (rc < 0)
 		goto out;
 
-	rc = security_compute_create(mycon, fcon, SECCLASS_PROCESS, &newcon);
+	rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &newcon);
 	if (rc < 0)
 		goto out;