From 3fc08f8908571195dfaac7d3179504873f37b4c0 Mon Sep 17 00:00:00 2001
From: William Roberts <william.c.roberts@intel.com>
Date: Mon, 23 Mar 2020 11:52:33 -0500
Subject: [PATCH] libsemanage: update linker script

With the old hidden_def and hidden_proto DSO infrastructure removed,
correctness of the map file becomes paramount, as it is what filters out
public API. Because of this, the wild cards should not be used, as it
lets some functions through that should not be made public API. Thus
remove the wild cards, and sort the list.

Additionally, verify that nothing changed in external symbols as well:

This was checked by generating an old export map (from master):
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > old.map

Then creating a new one for this library after this patch is applied:
nm --defined-only -g ./src/libsemanage.so | cut -d' ' -f 3-3 | grep -v '^_' > new.map

And diffing them:
diff old.map new.map

Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: William Roberts <william.c.roberts@intel.com>
---
 libsemanage/src/libsemanage.map | 372 +++++++++++++++++++++++++++++---
 1 file changed, 345 insertions(+), 27 deletions(-)

diff --git a/libsemanage/src/libsemanage.map b/libsemanage/src/libsemanage.map
index 020366967..e1861ccbe 100644
--- a/libsemanage/src/libsemanage.map
+++ b/libsemanage/src/libsemanage.map
@@ -1,31 +1,349 @@
 LIBSEMANAGE_1.0 {
-  global: semanage_handle_create; semanage_handle_destroy; 
-          semanage_is_managed; semanage_connect; semanage_disconnect; 
-	  semanage_msg_*;
-          semanage_begin_transaction; semanage_commit;
-	  semanage_module_install; semanage_module_install_file;
-	  semanage_module_upgrade; semanage_module_upgrade_file;
-	  semanage_module_install_base; semanage_module_install_base_file;
-	  semanage_module_enable;
-	  semanage_module_disable;
-	  semanage_module_remove;
-	  semanage_module_list; semanage_module_info_datum_destroy;
-	  semanage_module_list_nth; semanage_module_get_name;
-	  semanage_module_get_version; semanage_select_store;
-	  semanage_module_get_enabled;
-	  semanage_reload_policy; semanage_set_reload; semanage_set_rebuild;
-	  semanage_set_root;
-	  semanage_root;
-	  semanage_user_*; semanage_bool_*; semanage_seuser_*;
-	  semanage_iface_*; semanage_port_*; semanage_context_*;
-	  semanage_ibpkey_*;
-	  semanage_ibendport_*;
-	  semanage_node_*;
-	  semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
-	  semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit;
-	  semanage_mls_enabled;
-	  semanage_set_check_contexts;
-	  semanage_get_preserve_tunables; semanage_set_preserve_tunables;
+  global:
+    semanage_access_check;
+    semanage_begin_transaction;
+    semanage_bool_clone;
+    semanage_bool_compare;
+    semanage_bool_compare2;
+    semanage_bool_count;
+    semanage_bool_count_active;
+    semanage_bool_count_local;
+    semanage_bool_create;
+    semanage_bool_del_local;
+    semanage_bool_exists;
+    semanage_bool_exists_active;
+    semanage_bool_exists_local;
+    semanage_bool_free;
+    semanage_bool_get_name;
+    semanage_bool_get_value;
+    semanage_bool_iterate;
+    semanage_bool_iterate_active;
+    semanage_bool_iterate_local;
+    semanage_bool_key_create;
+    semanage_bool_key_extract;
+    semanage_bool_key_free;
+    semanage_bool_list;
+    semanage_bool_list_active;
+    semanage_bool_list_local;
+    semanage_bool_modify_local;
+    semanage_bool_query;
+    semanage_bool_query_active;
+    semanage_bool_query_local;
+    semanage_bool_set_active;
+    semanage_bool_set_name;
+    semanage_bool_set_value;
+    semanage_commit;
+    semanage_connect;
+    semanage_context_clone;
+    semanage_context_create;
+    semanage_context_free;
+    semanage_context_from_string;
+    semanage_context_get_mls;
+    semanage_context_get_role;
+    semanage_context_get_type;
+    semanage_context_get_user;
+    semanage_context_set_mls;
+    semanage_context_set_role;
+    semanage_context_set_type;
+    semanage_context_set_user;
+    semanage_context_to_string;
+    semanage_disconnect;
+    semanage_fcontext_clone;
+    semanage_fcontext_compare;
+    semanage_fcontext_compare2;
+    semanage_fcontext_count;
+    semanage_fcontext_count_local;
+    semanage_fcontext_create;
+    semanage_fcontext_del_local;
+    semanage_fcontext_exists;
+    semanage_fcontext_exists_local;
+    semanage_fcontext_free;
+    semanage_fcontext_get_con;
+    semanage_fcontext_get_expr;
+    semanage_fcontext_get_type;
+    semanage_fcontext_get_type_str;
+    semanage_fcontext_iterate;
+    semanage_fcontext_iterate_local;
+    semanage_fcontext_key_create;
+    semanage_fcontext_key_extract;
+    semanage_fcontext_key_free;
+    semanage_fcontext_list;
+    semanage_fcontext_list_homedirs;
+    semanage_fcontext_list_local;
+    semanage_fcontext_modify_local;
+    semanage_fcontext_query;
+    semanage_fcontext_query_local;
+    semanage_fcontext_set_con;
+    semanage_fcontext_set_expr;
+    semanage_fcontext_set_type;
+    semanage_get_default_priority;
+    semanage_get_disable_dontaudit;
+    semanage_get_hll_compiler_path;
+    semanage_get_ignore_module_cache;
+    semanage_get_preserve_tunables;
+    semanage_handle_create;
+    semanage_handle_destroy;
+    semanage_ibendport_clone;
+    semanage_ibendport_compare;
+    semanage_ibendport_compare2;
+    semanage_ibendport_count;
+    semanage_ibendport_count_local;
+    semanage_ibendport_create;
+    semanage_ibendport_del_local;
+    semanage_ibendport_exists;
+    semanage_ibendport_exists_local;
+    semanage_ibendport_free;
+    semanage_ibendport_get_con;
+    semanage_ibendport_get_ibdev_name;
+    semanage_ibendport_get_port;
+    semanage_ibendport_iterate;
+    semanage_ibendport_iterate_local;
+    semanage_ibendport_key_create;
+    semanage_ibendport_key_extract;
+    semanage_ibendport_key_free;
+    semanage_ibendport_list;
+    semanage_ibendport_list_local;
+    semanage_ibendport_modify_local;
+    semanage_ibendport_query;
+    semanage_ibendport_query_local;
+    semanage_ibendport_set_con;
+    semanage_ibendport_set_ibdev_name;
+    semanage_ibendport_set_port;
+    semanage_ibpkey_clone;
+    semanage_ibpkey_compare;
+    semanage_ibpkey_compare2;
+    semanage_ibpkey_count;
+    semanage_ibpkey_count_local;
+    semanage_ibpkey_create;
+    semanage_ibpkey_del_local;
+    semanage_ibpkey_exists;
+    semanage_ibpkey_exists_local;
+    semanage_ibpkey_free;
+    semanage_ibpkey_get_con;
+    semanage_ibpkey_get_high;
+    semanage_ibpkey_get_low;
+    semanage_ibpkey_get_subnet_prefix;
+    semanage_ibpkey_get_subnet_prefix_bytes;
+    semanage_ibpkey_iterate;
+    semanage_ibpkey_iterate_local;
+    semanage_ibpkey_key_create;
+    semanage_ibpkey_key_extract;
+    semanage_ibpkey_key_free;
+    semanage_ibpkey_list;
+    semanage_ibpkey_list_local;
+    semanage_ibpkey_modify_local;
+    semanage_ibpkey_query;
+    semanage_ibpkey_query_local;
+    semanage_ibpkey_set_con;
+    semanage_ibpkey_set_pkey;
+    semanage_ibpkey_set_range;
+    semanage_ibpkey_set_subnet_prefix;
+    semanage_ibpkey_set_subnet_prefix_bytes;
+    semanage_iface_clone;
+    semanage_iface_compare;
+    semanage_iface_compare2;
+    semanage_iface_count;
+    semanage_iface_count_local;
+    semanage_iface_create;
+    semanage_iface_del_local;
+    semanage_iface_exists;
+    semanage_iface_exists_local;
+    semanage_iface_free;
+    semanage_iface_get_ifcon;
+    semanage_iface_get_msgcon;
+    semanage_iface_get_name;
+    semanage_iface_iterate;
+    semanage_iface_iterate_local;
+    semanage_iface_key_create;
+    semanage_iface_key_extract;
+    semanage_iface_key_free;
+    semanage_iface_list;
+    semanage_iface_list_local;
+    semanage_iface_modify_local;
+    semanage_iface_query;
+    semanage_iface_query_local;
+    semanage_iface_set_ifcon;
+    semanage_iface_set_msgcon;
+    semanage_iface_set_name;
+    semanage_is_connected;
+    semanage_is_managed;
+    semanage_mls_enabled;
+    semanage_module_disable;
+    semanage_module_enable;
+    semanage_module_extract;
+    semanage_module_get_enabled;
+    semanage_module_get_module_info;
+    semanage_module_get_name;
+    semanage_module_get_version;
+    semanage_module_info_create;
+    semanage_module_info_datum_destroy;
+    semanage_module_info_destroy;
+    semanage_module_info_get_enabled;
+    semanage_module_info_get_lang_ext;
+    semanage_module_info_get_name;
+    semanage_module_info_get_priority;
+    semanage_module_info_set_enabled;
+    semanage_module_info_set_lang_ext;
+    semanage_module_info_set_name;
+    semanage_module_info_set_priority;
+    semanage_module_install;
+    semanage_module_install_base;
+    semanage_module_install_base_file;
+    semanage_module_install_file;
+    semanage_module_install_info;
+    semanage_module_key_create;
+    semanage_module_key_destroy;
+    semanage_module_key_get_name;
+    semanage_module_key_get_priority;
+    semanage_module_key_set_name;
+    semanage_module_key_set_priority;
+    semanage_module_list;
+    semanage_module_list_all;
+    semanage_module_list_nth;
+    semanage_module_remove;
+    semanage_module_remove_key;
+    semanage_module_set_enabled;
+    semanage_module_upgrade;
+    semanage_module_upgrade_file;
+    semanage_msg_get_channel;
+    semanage_msg_get_fname;
+    semanage_msg_get_level;
+    semanage_msg_set_callback;
+    semanage_node_clone;
+    semanage_node_compare;
+    semanage_node_compare2;
+    semanage_node_count;
+    semanage_node_count_local;
+    semanage_node_create;
+    semanage_node_del_local;
+    semanage_node_exists;
+    semanage_node_exists_local;
+    semanage_node_free;
+    semanage_node_get_addr;
+    semanage_node_get_addr_bytes;
+    semanage_node_get_con;
+    semanage_node_get_mask;
+    semanage_node_get_mask_bytes;
+    semanage_node_get_proto;
+    semanage_node_get_proto_str;
+    semanage_node_iterate;
+    semanage_node_iterate_local;
+    semanage_node_key_create;
+    semanage_node_key_extract;
+    semanage_node_key_free;
+    semanage_node_list;
+    semanage_node_list_local;
+    semanage_node_modify_local;
+    semanage_node_query;
+    semanage_node_query_local;
+    semanage_node_set_addr;
+    semanage_node_set_addr_bytes;
+    semanage_node_set_con;
+    semanage_node_set_mask;
+    semanage_node_set_mask_bytes;
+    semanage_node_set_proto;
+    semanage_port_clone;
+    semanage_port_compare;
+    semanage_port_compare2;
+    semanage_port_count;
+    semanage_port_count_local;
+    semanage_port_create;
+    semanage_port_del_local;
+    semanage_port_exists;
+    semanage_port_exists_local;
+    semanage_port_free;
+    semanage_port_get_con;
+    semanage_port_get_high;
+    semanage_port_get_low;
+    semanage_port_get_proto;
+    semanage_port_get_proto_str;
+    semanage_port_iterate;
+    semanage_port_iterate_local;
+    semanage_port_key_create;
+    semanage_port_key_extract;
+    semanage_port_key_free;
+    semanage_port_list;
+    semanage_port_list_local;
+    semanage_port_modify_local;
+    semanage_port_query;
+    semanage_port_query_local;
+    semanage_port_set_con;
+    semanage_port_set_port;
+    semanage_port_set_proto;
+    semanage_port_set_range;
+    semanage_reload_policy;
+    semanage_root;
+    semanage_select_store;
+    semanage_set_check_contexts;
+    semanage_set_create_store;
+    semanage_set_default_priority;
+    semanage_set_disable_dontaudit;
+    semanage_set_ignore_module_cache;
+    semanage_set_preserve_tunables;
+    semanage_set_rebuild;
+    semanage_set_reload;
+    semanage_set_root;
+    semanage_set_store_root;
+    semanage_seuser_clone;
+    semanage_seuser_compare;
+    semanage_seuser_compare2;
+    semanage_seuser_count;
+    semanage_seuser_count_local;
+    semanage_seuser_create;
+    semanage_seuser_del_local;
+    semanage_seuser_exists;
+    semanage_seuser_exists_local;
+    semanage_seuser_free;
+    semanage_seuser_get_mlsrange;
+    semanage_seuser_get_name;
+    semanage_seuser_get_sename;
+    semanage_seuser_iterate;
+    semanage_seuser_iterate_local;
+    semanage_seuser_key_create;
+    semanage_seuser_key_extract;
+    semanage_seuser_key_free;
+    semanage_seuser_list;
+    semanage_seuser_list_local;
+    semanage_seuser_modify_local;
+    semanage_seuser_query;
+    semanage_seuser_query_local;
+    semanage_seuser_set_mlsrange;
+    semanage_seuser_set_name;
+    semanage_seuser_set_sename;
+    semanage_user_add_role;
+    semanage_user_clone;
+    semanage_user_compare;
+    semanage_user_compare2;
+    semanage_user_count;
+    semanage_user_count_local;
+    semanage_user_create;
+    semanage_user_del_local;
+    semanage_user_del_role;
+    semanage_user_exists;
+    semanage_user_exists_local;
+    semanage_user_free;
+    semanage_user_get_mlslevel;
+    semanage_user_get_mlsrange;
+    semanage_user_get_name;
+    semanage_user_get_num_roles;
+    semanage_user_get_prefix;
+    semanage_user_get_roles;
+    semanage_user_has_role;
+    semanage_user_iterate;
+    semanage_user_iterate_local;
+    semanage_user_key_create;
+    semanage_user_key_extract;
+    semanage_user_key_free;
+    semanage_user_list;
+    semanage_user_list_local;
+    semanage_user_modify_local;
+    semanage_user_query;
+    semanage_user_query_local;
+    semanage_user_set_mlslevel;
+    semanage_user_set_mlsrange;
+    semanage_user_set_name;
+    semanage_user_set_prefix;
+    semanage_user_set_roles;
   local: *;
 };