Index: libselinux/src/selinuxswig.i =================================================================== --- libselinux/src/selinuxswig.i (revision 2476) +++ libselinux/src/selinuxswig.i (working copy) @@ -1,7 +1,9 @@ -/* Author: Dan Walsh +/* Authors: Dan Walsh + * James Athey * * Copyright (C) 2004-2005 Red Hat - * + * Copyright (C) 2007 Tresys Technology, LLC + * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public * License as published by the Free Software Foundation; either @@ -17,170 +19,47 @@ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA */ - %module selinux %{ #include "selinux/selinux.h" - #include "selinux/get_context_list.h" %} -%apply int *OUTPUT { int * }; +%apply int *OUTPUT { int *enforce }; %apply int *OUTPUT { size_t * }; -%typemap(in, numinputs=0) security_context_t *(security_context_t temp=NULL) { - $1 = &temp; -} -%typemap(argout) security_context_t * (char *temp=NULL) { - if (*$1) - temp = *$1; - else - temp = ""; - $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp)); -} +%typedef unsigned mode_t; -%typemap(in) security_context_t { - $1 = (security_context_t)PyString_AsString($input); +%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) { + $1 = &temp1; + $2 = &temp2; } -%typedef unsigned mode_t; - -%include "../include/selinux/get_context_list.h" - -extern int is_selinux_enabled(void); -extern int is_selinux_mls_enabled(void); -extern void freecon(security_context_t con); -extern void freeconary(security_context_t * con); -extern int getcon(security_context_t *con); -extern int setcon(security_context_t con); -extern int getpidcon(int pid, security_context_t *con); -extern int getprevcon(security_context_t *con); -extern int getexeccon(security_context_t *con); -extern int setexeccon(security_context_t con); -extern int getfscreatecon(security_context_t *con); -extern int setfscreatecon(security_context_t context); -extern int getkeycreatecon(security_context_t *con); -extern int setkeycreatecon(security_context_t context); -extern int getsockcreatecon(security_context_t *con); -extern int setsockcreatecon(security_context_t context); -extern int getfilecon(const char *path, security_context_t *con); -extern int lgetfilecon(const char *path, security_context_t *con); -extern int fgetfilecon(int fd, security_context_t *con); -extern int setfilecon(const char *path, security_context_t con); -extern int lsetfilecon(const char *path, security_context_t con); -extern int fsetfilecon(int fd, security_context_t con); -extern int getpeercon(int fd, security_context_t *con); -extern int selinux_mkload_policy(int preservebools); -extern int selinux_init_load_policy(int *enforce); -extern int security_set_boolean_list(size_t boolcnt, - SELboolean *boollist, - int permanent); -extern int security_load_booleans(char *path); -extern int security_check_context(security_context_t con); -extern int security_canonicalize_context(security_context_t con, - security_context_t *canoncon); -extern int security_getenforce(void); -extern int security_setenforce(int value); -extern int security_policyvers(void); -extern int security_get_boolean_names(char ***names, int *len); -extern int security_get_boolean_pending(const char *name); -extern int security_get_boolean_active(const char *name); -extern int security_set_boolean(const char *name, int value); -extern int security_commit_booleans(void); - -/* Set flags controlling operation of matchpathcon_init or matchpathcon. */ -#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ -#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ -extern void set_matchpathcon_flags(unsigned int flags); -extern int matchpathcon_init(const char *path); -extern int matchpathcon(const char *path, - mode_t mode, - security_context_t *con); - -extern int matchpathcon_init_prefix(const char *path, - const char *prefix); -extern void matchpathcon_fini(void); - - -extern int matchmediacon(const char *media, - security_context_t *con); - -extern int selinux_getenforcemode(int *enforce); -extern const char *selinux_policy_root(void); -extern const char *selinux_binary_policy_path(void); -extern const char *selinux_failsafe_context_path(void); -extern const char *selinux_removable_context_path(void); -extern const char *selinux_default_context_path(void); -extern const char *selinux_user_contexts_path(void); -extern const char *selinux_file_context_path(void); -extern const char *selinux_file_context_homedir_path(void); -extern const char *selinux_file_context_local_path(void); -extern const char *selinux_homedir_context_path(void); -extern const char *selinux_media_context_path(void); -extern const char *selinux_contexts_path(void); -extern const char *selinux_securetty_types_path(void); -extern const char *selinux_booleans_path(void); -extern const char *selinux_customizable_types_path(void); -extern const char *selinux_users_path(void); -extern const char *selinux_usersconf_path(void); -extern const char *selinux_translations_path(void); -extern const char *selinux_netfilter_context_path(void); -extern const char *selinux_path(void); -#extern int selinux_check_passwd_access(access_vector_t requested); -#extern int checkPasswdAccess(access_vector_t requested); - -extern int selinux_check_securetty_context(security_context_t tty_context); -void set_selinuxmnt(char *mnt); - -#ifdef SWIGpython -// This tells SWIG to treat char ** as a special case -%typemap(in) char ** { - /* Check if is a list */ - if (PyList_Check($input)) { - int size = PyList_Size($input); - int i = 0; - $1 = (char **) malloc((size+1)*sizeof(char *)); - if ($1 == NULL) { - PyErr_SetString(PyExc_MemoryError,"Out of memory"); - return NULL; - } - for (i = 0; i < size; i++) { - PyObject *o = PyList_GetItem($input,i); - if (PyString_Check(o)) - $1[i] = PyString_AsString(PyList_GetItem($input,i)); - else { - PyErr_SetString(PyExc_TypeError,"list must contain strings"); - free($1); - return NULL; - } - } - $1[i] = 0; - } else { - PyErr_SetString(PyExc_TypeError,"not a list"); - return NULL; - } +%typemap(freearg) (char ***names, int *len) { + int i; + if (*$1) { + for (i = 0; i < *$2; i++) { + free((*$1)[i]); + } + free(*$1); + } } -#endif -extern int rpm_execcon(unsigned int verified, - const char *filename, - char **, char **); - -extern int is_context_customizable (security_context_t scontext); - -extern int selinux_trans_to_raw_context(char *trans, - security_context_t *rawp); -extern int selinux_raw_to_trans_context(char *raw, - security_context_t *transp); - -%typemap(in, numinputs=0) char **(char *temp=NULL) { +%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) { $1 = &temp; } -%typemap(argout) char ** { - $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1)); +%typemap(freearg) (security_context_t **) { + if (*$1) freeconary(*$1); } -extern int selinux_getpolicytype(char **enforce); -extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); -int selinux_file_context_cmp(const security_context_t a, const security_context_t b); -int selinux_file_context_verify(const char *path, mode_t mode); -int selinux_lsetfilecon_default(const char *path); +/* Ignore functions that don't make sense when wrapped */ +%ignore freecon; +%ignore freeconary; + +/* Ignore functions that take a function pointer as an argument */ +%ignore set_matchpathcon_printf; +%ignore set_matchpathcon_invalidcon; +%ignore set_matchpathcon_canoncon; + +%include "../include/selinux/selinux.h" +%include "../include/selinux/get_default_type.h" +%include "../include/selinux/get_context_list.h" Index: libselinux/src/selinuxswig_python.i =================================================================== --- libselinux/src/selinuxswig_python.i (revision 0) +++ libselinux/src/selinuxswig_python.i (revision 0) @@ -0,0 +1,101 @@ +/* Author: James Athey + * + * Copyright (C) 2007 Tresys Technology, LLC + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + * + * This library is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this library; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +%module selinux +%{ + #include "selinux/selinux.h" +%} + +/* security_get_boolean_names() typemap */ +%typemap(argout) (char ***names, int *len) { + PyObject* list = PyList_New(*$2); + int i; + for (i = 0; i < *$2; i++) { + PyList_SetItem(list, i, PyString_FromString((*$1)[i])); + } + $result = SWIG_Python_AppendOutput($result, list); +} + +/* Makes security_compute_user() return a Python list of contexts */ +%typemap(argout) (security_context_t **con) { + PyObject* plist; + int i, len = 0; + + if (*$1) { + while((*$1)[len]) + len++; + plist = PyList_New(len); + for (i = 0; i < len; i++) { + PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); + } + } else { + plist = PyList_New(0); + } + + $result = SWIG_Python_AppendOutput($result, plist); +} + +/* Makes functions in get_context_list.h return a Python list of contexts */ +%typemap(argout) (security_context_t **list) { + PyObject* plist; + int i; + + if (*$1) { + plist = PyList_New(result); + for (i = 0; i < result; i++) { + PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); + } + } else { + plist = PyList_New(0); + } + /* Only return the Python list, don't need to return the length anymore */ + $result = plist; +} + +%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") security_context_t * ""; +%typemap(argout,noblock=1) security_context_t * { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + freecon(*$1); + } + else { + Py_INCREF(Py_None); + %append_output(Py_None); + } +} + +%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") char ** ""; +%typemap(argout,noblock=1) char ** { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + free(*$1); + } + else { + Py_INCREF(Py_None); + %append_output(Py_None); + } +} + +%include "selinuxswig.i" --- libselinux-2.0.21/src/fsetfilecon.c~ 2007-06-11 14:39:07.000000000 -0400 +++ libselinux-2.0.21/src/fsetfilecon.c 2007-06-19 14:52:40.000000000 -0400 @@ -13,7 +13,7 @@ int fsetfilecon_raw(int fd, security_con 0); } -hidden_def(setfilecon_raw) +hidden_def(fsetfilecon_raw) int fsetfilecon(int fd, security_context_t context) { --- libselinux-2.0.21/src/Makefile~ 2007-06-11 14:39:07.000000000 -0400 +++ libselinux-2.0.21/src/Makefile 2007-06-19 15:49:43.000000000 -0400 @@ -12,7 +12,7 @@ LIBVERSION = 1 LIBA=libselinux.a TARGET=libselinux.so -SWIGIF= selinuxswig.i +SWIGIF= selinuxswig_python.i SWIGCOUT= selinuxswig_wrap.c SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) SWIGSO=_selinux.so