(PUP-7126) Replace matchpathcon_fini with selinux_close

This commit replaces mathpathcon_fini with selinux_close when closing
the SELinux handle since resources are released back to the system when
the handle is closed with selabel_close, so mathpathcon_fini is no
longer necessary.

Co-authored-by: William Bradford Clark <wclark@redhat.com>

lib/puppet/provider/file/posix.rb

@@ -12,8 +12,6 @@
   require 'etc'
   require_relative '../../../puppet/util/selinux'
 
-  def self.post_resource_eval
-    Selinux.matchpathcon_fini if Puppet::Util::SELinux.selinux_support?
   class << self
 
     # @return [non-NULL handle value] A handle for selinux
@@ -27,6 +25,9 @@ def pre_resource_eval
                         end
     end
 
+    def post_resource_eval
+      Selinux.selinux_close(@selinux_handle) if @selinux_handle
+    end
   end
 
   def uid2name(id)

spec/unit/transaction_spec.rb

@@ -770,14 +770,16 @@ def post_resource_eval
       transaction.evaluate
     end
 
-    it "should call Selinux.matchpathcon_fini in case Selinux is enabled ", :if => Puppet.features.posix? do
-      selinux = double('selinux', is_selinux_enabled: true, matchpathcon_fini: nil)
+    it "should call Selinux.selinux_close in case Selinux is enabled ", :if => Puppet.features.posix? do
+      selinux = double('selinux', is_selinux_enabled: true, selinux_close: nil)
       stub_const('Selinux', selinux)
 
       resource = Puppet::Type.type(:file).new(:path => make_absolute("/tmp/foo"))
       transaction = transaction_with_resource(resource)
 
-      expect(Selinux).to receive(:matchpathcon_fini)
+      handle = double('selinux_handle')
+      allow(selinux).to receive(:selabel_open).and_return(handle)
+      expect(Selinux).to receive(:selinux_close).with(handle)
       expect(Puppet::Util::SELinux).to receive(:selinux_support?).and_return(true)
 
       transaction.evaluate