Deprecate use of flask.h and av_permissions.h.

Also remove all internal uses by libselinux.
This requires deleting the old class/perm string lookup tables
and compatibility code for kernels that predate the /sys/fs/selinux/class
tree, i.e. Linux < 2.6.23.

This also fixes a longstanding bug in the stringrep code; it was allocating
NVECTORS (number of vectors in the legacy av_perm_to_string table, i.e.
the total number of legacy permissions) entries in the per-class perms array
rather than MAXVECTORS (the maximum number of permissions in any
access vector).  Ho hum.  I already fixed this in Android but forgot it
here.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>

1 files changed, 1 insertions, 2 deletions

diff --git a/libselinux/utils/selinuxexeccon.c b/libselinux/utils/selinuxexeccon.c
index 4ac7e86f..e0212e44 100644
--- a/libselinux/utils/selinuxexeccon.c
+++ b/libselinux/utils/selinuxexeccon.c
@@ -6,7 +6,6 @@
 #include <errno.h>
 #include <string.h>
 #include <ctype.h>
-#include <selinux/flask.h>
 #include <selinux/selinux.h>
 
 static void usage(const char *name, const char *detail, int rc)
@@ -22,7 +21,7 @@ static char * get_selinux_proc_context(const char *command, char * execcon) {
 
 	int ret = getfilecon(command, &fcon);
 	if (ret < 0) goto err;
-	ret = security_compute_create(execcon, fcon, SECCLASS_PROCESS, &newcon);
+	ret = security_compute_create(execcon, fcon, string_to_security_class("process"), &newcon);
 	if (ret < 0) goto err;
 
 err: