From 029d48694cc611589a37d53d095f98352676be93 Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Jun 21 2007 15:34:10 +0000 Subject: - Upgrade to upstream Labeling and callback interface patches from Eamon Walsh. --- diff --git a/.cvsignore b/.cvsignore index 28d9a21..ef6fce3 100644 --- a/.cvsignore +++ b/.cvsignore @@ -121,3 +121,4 @@ libselinux-2.0.14.tgz libselinux-2.0.16.tgz libselinux-2.0.18.tgz libselinux-2.0.21.tgz +libselinux-2.0.22.tgz diff --git a/libselinux.spec b/libselinux.spec index 14629a8..95601a5 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -106,6 +106,7 @@ exit 0 %{_sbindir}/selinuxenabled %{_sbindir}/setenforce %{_sbindir}/togglesebool +%{_mandir}/man5/* %{_mandir}/man8/* /var/run/setrans diff --git a/libselinux_swig_with_raw.patch b/libselinux_swig_with_raw.patch new file mode 100644 index 0000000..2b6a4e8 --- /dev/null +++ b/libselinux_swig_with_raw.patch @@ -0,0 +1,343 @@ +Index: libselinux/src/selinuxswig.i +=================================================================== +--- libselinux/src/selinuxswig.i (revision 2476) ++++ libselinux/src/selinuxswig.i (working copy) +@@ -1,7 +1,9 @@ +-/* Author: Dan Walsh ++/* Authors: Dan Walsh ++ * James Athey + * + * Copyright (C) 2004-2005 Red Hat +- * ++ * Copyright (C) 2007 Tresys Technology, LLC ++ * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either +@@ -17,170 +19,47 @@ + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +- + %module selinux + %{ + #include "selinux/selinux.h" +- #include "selinux/get_context_list.h" + %} +-%apply int *OUTPUT { int * }; ++%apply int *OUTPUT { int *enforce }; + %apply int *OUTPUT { size_t * }; + +-%typemap(in, numinputs=0) security_context_t *(security_context_t temp=NULL) { +- $1 = &temp; +-} +-%typemap(argout) security_context_t * (char *temp=NULL) { +- if (*$1) +- temp = *$1; +- else +- temp = ""; +- $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp)); +-} ++%typedef unsigned mode_t; + +-%typemap(in) security_context_t { +- $1 = (security_context_t)PyString_AsString($input); ++%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) { ++ $1 = &temp1; ++ $2 = &temp2; + } + +-%typedef unsigned mode_t; +- +-%include "../include/selinux/get_context_list.h" +- +-extern int is_selinux_enabled(void); +-extern int is_selinux_mls_enabled(void); +-extern void freecon(security_context_t con); +-extern void freeconary(security_context_t * con); +-extern int getcon(security_context_t *con); +-extern int setcon(security_context_t con); +-extern int getpidcon(int pid, security_context_t *con); +-extern int getprevcon(security_context_t *con); +-extern int getexeccon(security_context_t *con); +-extern int setexeccon(security_context_t con); +-extern int getfscreatecon(security_context_t *con); +-extern int setfscreatecon(security_context_t context); +-extern int getkeycreatecon(security_context_t *con); +-extern int setkeycreatecon(security_context_t context); +-extern int getsockcreatecon(security_context_t *con); +-extern int setsockcreatecon(security_context_t context); +-extern int getfilecon(const char *path, security_context_t *con); +-extern int lgetfilecon(const char *path, security_context_t *con); +-extern int fgetfilecon(int fd, security_context_t *con); +-extern int setfilecon(const char *path, security_context_t con); +-extern int lsetfilecon(const char *path, security_context_t con); +-extern int fsetfilecon(int fd, security_context_t con); +-extern int getpeercon(int fd, security_context_t *con); +-extern int selinux_mkload_policy(int preservebools); +-extern int selinux_init_load_policy(int *enforce); +-extern int security_set_boolean_list(size_t boolcnt, +- SELboolean *boollist, +- int permanent); +-extern int security_load_booleans(char *path); +-extern int security_check_context(security_context_t con); +-extern int security_canonicalize_context(security_context_t con, +- security_context_t *canoncon); +-extern int security_getenforce(void); +-extern int security_setenforce(int value); +-extern int security_policyvers(void); +-extern int security_get_boolean_names(char ***names, int *len); +-extern int security_get_boolean_pending(const char *name); +-extern int security_get_boolean_active(const char *name); +-extern int security_set_boolean(const char *name, int value); +-extern int security_commit_booleans(void); +- +-/* Set flags controlling operation of matchpathcon_init or matchpathcon. */ +-#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ +-#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ +-extern void set_matchpathcon_flags(unsigned int flags); +-extern int matchpathcon_init(const char *path); +-extern int matchpathcon(const char *path, +- mode_t mode, +- security_context_t *con); +- +-extern int matchpathcon_init_prefix(const char *path, +- const char *prefix); +-extern void matchpathcon_fini(void); +- +- +-extern int matchmediacon(const char *media, +- security_context_t *con); +- +-extern int selinux_getenforcemode(int *enforce); +-extern const char *selinux_policy_root(void); +-extern const char *selinux_binary_policy_path(void); +-extern const char *selinux_failsafe_context_path(void); +-extern const char *selinux_removable_context_path(void); +-extern const char *selinux_default_context_path(void); +-extern const char *selinux_user_contexts_path(void); +-extern const char *selinux_file_context_path(void); +-extern const char *selinux_file_context_homedir_path(void); +-extern const char *selinux_file_context_local_path(void); +-extern const char *selinux_homedir_context_path(void); +-extern const char *selinux_media_context_path(void); +-extern const char *selinux_contexts_path(void); +-extern const char *selinux_securetty_types_path(void); +-extern const char *selinux_booleans_path(void); +-extern const char *selinux_customizable_types_path(void); +-extern const char *selinux_users_path(void); +-extern const char *selinux_usersconf_path(void); +-extern const char *selinux_translations_path(void); +-extern const char *selinux_netfilter_context_path(void); +-extern const char *selinux_path(void); +-#extern int selinux_check_passwd_access(access_vector_t requested); +-#extern int checkPasswdAccess(access_vector_t requested); +- +-extern int selinux_check_securetty_context(security_context_t tty_context); +-void set_selinuxmnt(char *mnt); +- +-#ifdef SWIGpython +-// This tells SWIG to treat char ** as a special case +-%typemap(in) char ** { +- /* Check if is a list */ +- if (PyList_Check($input)) { +- int size = PyList_Size($input); +- int i = 0; +- $1 = (char **) malloc((size+1)*sizeof(char *)); +- if ($1 == NULL) { +- PyErr_SetString(PyExc_MemoryError,"Out of memory"); +- return NULL; +- } +- for (i = 0; i < size; i++) { +- PyObject *o = PyList_GetItem($input,i); +- if (PyString_Check(o)) +- $1[i] = PyString_AsString(PyList_GetItem($input,i)); +- else { +- PyErr_SetString(PyExc_TypeError,"list must contain strings"); +- free($1); +- return NULL; +- } +- } +- $1[i] = 0; +- } else { +- PyErr_SetString(PyExc_TypeError,"not a list"); +- return NULL; +- } ++%typemap(freearg) (char ***names, int *len) { ++ int i; ++ if (*$1) { ++ for (i = 0; i < *$2; i++) { ++ free((*$1)[i]); ++ } ++ free(*$1); ++ } + } +-#endif + +-extern int rpm_execcon(unsigned int verified, +- const char *filename, +- char **, char **); +- +-extern int is_context_customizable (security_context_t scontext); +- +-extern int selinux_trans_to_raw_context(char *trans, +- security_context_t *rawp); +-extern int selinux_raw_to_trans_context(char *raw, +- security_context_t *transp); +- +-%typemap(in, numinputs=0) char **(char *temp=NULL) { ++%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) { + $1 = &temp; + } + +-%typemap(argout) char ** { +- $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1)); ++%typemap(freearg) (security_context_t **) { ++ if (*$1) freeconary(*$1); + } +-extern int selinux_getpolicytype(char **enforce); +-extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); + +-int selinux_file_context_cmp(const security_context_t a, const security_context_t b); +-int selinux_file_context_verify(const char *path, mode_t mode); +-int selinux_lsetfilecon_default(const char *path); ++/* Ignore functions that don't make sense when wrapped */ ++%ignore freecon; ++%ignore freeconary; ++ ++/* Ignore functions that take a function pointer as an argument */ ++%ignore set_matchpathcon_printf; ++%ignore set_matchpathcon_invalidcon; ++%ignore set_matchpathcon_canoncon; ++ ++%include "../include/selinux/selinux.h" ++%include "../include/selinux/get_default_type.h" ++%include "../include/selinux/get_context_list.h" +Index: libselinux/src/selinuxswig_python.i +=================================================================== +--- libselinux/src/selinuxswig_python.i (revision 0) ++++ libselinux/src/selinuxswig_python.i (revision 0) +@@ -0,0 +1,101 @@ ++/* Author: James Athey ++ * ++ * Copyright (C) 2007 Tresys Technology, LLC ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++%module selinux ++%{ ++ #include "selinux/selinux.h" ++%} ++ ++/* security_get_boolean_names() typemap */ ++%typemap(argout) (char ***names, int *len) { ++ PyObject* list = PyList_New(*$2); ++ int i; ++ for (i = 0; i < *$2; i++) { ++ PyList_SetItem(list, i, PyString_FromString((*$1)[i])); ++ } ++ $result = SWIG_Python_AppendOutput($result, list); ++} ++ ++/* Makes security_compute_user() return a Python list of contexts */ ++%typemap(argout) (security_context_t **con) { ++ PyObject* plist; ++ int i, len = 0; ++ ++ if (*$1) { ++ while((*$1)[len]) ++ len++; ++ plist = PyList_New(len); ++ for (i = 0; i < len; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ ++ $result = SWIG_Python_AppendOutput($result, plist); ++} ++ ++/* Makes functions in get_context_list.h return a Python list of contexts */ ++%typemap(argout) (security_context_t **list) { ++ PyObject* plist; ++ int i; ++ ++ if (*$1) { ++ plist = PyList_New(result); ++ for (i = 0; i < result; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ /* Only return the Python list, don't need to return the length anymore */ ++ $result = plist; ++} ++ ++%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") security_context_t * ""; ++%typemap(argout,noblock=1) security_context_t * { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ freecon(*$1); ++ } ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++} ++ ++%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") char ** ""; ++%typemap(argout,noblock=1) char ** { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ free(*$1); ++ } ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++} ++ ++%include "selinuxswig.i" +--- libselinux-2.0.21/src/fsetfilecon.c~ 2007-06-11 14:39:07.000000000 -0400 ++++ libselinux-2.0.21/src/fsetfilecon.c 2007-06-19 14:52:40.000000000 -0400 +@@ -13,7 +13,7 @@ int fsetfilecon_raw(int fd, security_con + 0); + } + +-hidden_def(setfilecon_raw) ++hidden_def(fsetfilecon_raw) + + int fsetfilecon(int fd, security_context_t context) + { +--- libselinux-2.0.21/src/Makefile~ 2007-06-11 14:39:07.000000000 -0400 ++++ libselinux-2.0.21/src/Makefile 2007-06-19 15:49:43.000000000 -0400 +@@ -12,7 +12,7 @@ LIBVERSION = 1 + + LIBA=libselinux.a + TARGET=libselinux.so +-SWIGIF= selinuxswig.i ++SWIGIF= selinuxswig_python.i + SWIGCOUT= selinuxswig_wrap.c + SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) + SWIGSO=_selinux.so diff --git a/sources b/sources index b4fc788..0a2154e 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -eeccbf88555fc935c592d86086b9edbd libselinux-2.0.21.tgz +dfc0f36fecae27d5fbe71aeb6350039d libselinux-2.0.22.tgz