diff --git a/libselinux-filecon.patch b/libselinux-filecon.patch new file mode 100644 index 0000000..25ad52c --- /dev/null +++ b/libselinux-filecon.patch @@ -0,0 +1,69 @@ +--- libselinux-2.0.14/src/fgetfilecon.c 2007-04-24 10:36:20.000000000 -0400 ++++ libselinux-2.0.14.new/src/fgetfilecon.c 2007-09-13 09:06:28.000000000 -0400 +@@ -37,6 +37,11 @@ + ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1); + } + out: ++ if (ret == 0) { ++ /* Re-map empty attribute values to errors. */ ++ errno = EOPNOTSUPP; ++ ret = -1; ++ } + if (ret < 0) + free(buf); + else +@@ -51,6 +56,8 @@ + security_context_t rcontext; + int ret; + ++ *context = NULL; ++ + ret = fgetfilecon_raw(fd, &rcontext); + + if (ret > 0) { +--- libselinux-2.0.14/src/getfilecon.c 2007-04-24 10:36:21.000000000 -0400 ++++ libselinux-2.0.14.new/src/getfilecon.c 2007-09-13 09:06:13.000000000 -0400 +@@ -37,6 +37,11 @@ + ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1); + } + out: ++ if (ret == 0) { ++ /* Re-map empty attribute values to errors. */ ++ errno = EOPNOTSUPP; ++ ret = -1; ++ } + if (ret < 0) + free(buf); + else +@@ -51,6 +56,8 @@ + int ret; + security_context_t rcontext; + ++ *context = NULL; ++ + ret = getfilecon_raw(path, &rcontext); + + if (ret > 0) { +--- libselinux-2.0.14/src/lgetfilecon.c 2007-04-24 10:36:20.000000000 -0400 ++++ libselinux-2.0.14.new/src/lgetfilecon.c 2007-09-13 09:06:23.000000000 -0400 +@@ -37,6 +37,11 @@ + ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1); + } + out: ++ if (ret == 0) { ++ /* Re-map empty attribute values to errors. */ ++ errno = EOPNOTSUPP; ++ ret = -1; ++ } + if (ret < 0) + free(buf); + else +@@ -51,6 +56,8 @@ + int ret; + security_context_t rcontext; + ++ *context = NULL; ++ + ret = lgetfilecon_raw(path, &rcontext); + + if (ret > 0) { diff --git a/libselinux-swig.patch b/libselinux-swig.patch new file mode 100644 index 0000000..bba19fc --- /dev/null +++ b/libselinux-swig.patch @@ -0,0 +1,399 @@ +--- libselinux-2.0.14/src/selinuxswig.i 2007-09-13 09:13:49.000000000 -0400 ++++ libselinux-2.0.14.new/src/selinuxswig.i 2007-09-13 09:07:20.000000000 -0400 +@@ -1,7 +1,9 @@ +-/* Author: Dan Walsh ++/* Authors: Dan Walsh ++ * James Athey + * + * Copyright (C) 2004-2005 Red Hat +- * ++ * Copyright (C) 2007 Tresys Technology, LLC ++ * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either +@@ -17,207 +19,47 @@ + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + */ + +- + %module selinux + %{ + #include "selinux/selinux.h" +- #include "selinux/get_context_list.h" + %} +-%apply int *OUTPUT { int * }; ++%apply int *OUTPUT { int *enforce }; + %apply int *OUTPUT { size_t * }; + +-%typemap(in, numinputs=0) security_context_t *(security_context_t temp=NULL) { +- $1 = &temp; +-} +-%typemap(argout) security_context_t * (char *temp=NULL) { +- if (*$1) +- temp = *$1; +- else +- temp = ""; +- $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp)); +-} +- +-%typemap(in) security_context_t { +- $1 = (security_context_t)PyString_AsString($input); +-} +- + %typedef unsigned mode_t; + +-%include "../include/selinux/get_context_list.h" +- +-extern int is_selinux_enabled(void); +-extern int is_selinux_mls_enabled(void); +-extern void freecon(security_context_t con); +-extern void freeconary(security_context_t * con); +-extern int getcon(security_context_t *con); +-extern int setcon(security_context_t con); +-extern int getpidcon(int pid, security_context_t *con); +-extern int getprevcon(security_context_t *con); +-extern int getexeccon(security_context_t *con); +-extern int setexeccon(security_context_t con); +-extern int getfscreatecon(security_context_t *con); +-extern int setfscreatecon(security_context_t context); +-extern int getkeycreatecon(security_context_t *con); +-extern int setkeycreatecon(security_context_t context); +-extern int getsockcreatecon(security_context_t *con); +-extern int setsockcreatecon(security_context_t context); +-extern int getfilecon(const char *path, security_context_t *con); +-extern int lgetfilecon(const char *path, security_context_t *con); +-extern int fgetfilecon(int fd, security_context_t *con); +-extern int setfilecon(const char *path, security_context_t con); +-extern int lsetfilecon(const char *path, security_context_t con); +-extern int fsetfilecon(int fd, security_context_t con); +-extern int getpeercon(int fd, security_context_t *con); +-extern int selinux_mkload_policy(int preservebools); +-extern int selinux_init_load_policy(int *enforce); +-extern int security_set_boolean_list(size_t boolcnt, +- SELboolean *boollist, +- int permanent); +-extern int security_load_booleans(char *path); +-extern int security_check_context(security_context_t con); +-extern int security_canonicalize_context(security_context_t con, +- security_context_t *canoncon); +-extern int security_getenforce(void); +-extern int security_setenforce(int value); +-extern int security_policyvers(void); +-extern int security_get_boolean_names(char ***names, int *len); +-extern int security_get_boolean_pending(const char *name); +-extern int security_get_boolean_active(const char *name); +-extern int security_set_boolean(const char *name, int value); +-extern int security_commit_booleans(void); +- +-/* Set flags controlling operation of matchpathcon_init or matchpathcon. */ +-#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */ +-#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */ +-extern void set_matchpathcon_flags(unsigned int flags); +-extern int matchpathcon_init(const char *path); +-extern int matchpathcon(const char *path, +- mode_t mode, +- security_context_t *con); +- +-extern int matchpathcon_init_prefix(const char *path, +- const char *prefix); +-extern void matchpathcon_fini(void); +- +- +-extern int matchmediacon(const char *media, +- security_context_t *con); +- +-extern int selinux_getenforcemode(int *enforce); +-extern const char *selinux_policy_root(void); +-extern const char *selinux_binary_policy_path(void); +-extern const char *selinux_failsafe_context_path(void); +-extern const char *selinux_removable_context_path(void); +-extern const char *selinux_default_context_path(void); +-extern const char *selinux_user_contexts_path(void); +-extern const char *selinux_file_context_path(void); +-extern const char *selinux_file_context_homedir_path(void); +-extern const char *selinux_file_context_local_path(void); +-extern const char *selinux_homedir_context_path(void); +-extern const char *selinux_media_context_path(void); +-extern const char *selinux_contexts_path(void); +-extern const char *selinux_securetty_types_path(void); +-extern const char *selinux_booleans_path(void); +-extern const char *selinux_customizable_types_path(void); +-extern const char *selinux_users_path(void); +-extern const char *selinux_usersconf_path(void); +-extern const char *selinux_translations_path(void); +-extern const char *selinux_netfilter_context_path(void); +-extern const char *selinux_path(void); +-#extern int selinux_check_passwd_access(access_vector_t requested); +-#extern int checkPasswdAccess(access_vector_t requested); +- +-extern int selinux_check_securetty_context(security_context_t tty_context); +-void set_selinuxmnt(char *mnt); +- +-#ifdef SWIGpython +-// This tells SWIG to treat char ** as a special case +-%typemap(in) char ** { +- /* Check if is a list */ +- if (PyList_Check($input)) { +- int size = PyList_Size($input); +- int i = 0; +- $1 = (char **) malloc((size+1)*sizeof(char *)); +- if ($1 == NULL) { +- PyErr_SetString(PyExc_MemoryError,"Out of memory"); +- return NULL; +- } +- for (i = 0; i < size; i++) { +- PyObject *o = PyList_GetItem($input,i); +- if (PyString_Check(o)) +- $1[i] = PyString_AsString(PyList_GetItem($input,i)); +- else { +- PyErr_SetString(PyExc_TypeError,"list must contain strings"); +- free($1); +- return NULL; +- } +- } +- $1[i] = 0; +- } else { +- PyErr_SetString(PyExc_TypeError,"not a list"); +- return NULL; +- } ++%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) { ++ $1 = &temp1; ++ $2 = &temp2; + } +-#endif + +-%typemap(in) char * const [] { +- int i, size; +- PyObject * s; +- +- if (!PySequence_Check($input)) { +- PyErr_SetString(PyExc_ValueError, "Expected a sequence"); +- return NULL; +- } +- +- size = PySequence_Size($input); +- +- $1 = (char**) malloc(size + 1); +- +- for(i = 0; i < size; i++) { +- if (!PyString_Check(PySequence_GetItem($input, i))) { +- PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); +- return NULL; ++%typemap(freearg) (char ***names, int *len) { ++ int i; ++ if (*$1) { ++ for (i = 0; i < *$2; i++) { ++ free((*$1)[i]); + } ++ free(*$1); + } +- +- for(i = 0; i < size; i++) { +- s = PySequence_GetItem($input, i); +- $1[i] = (char*) malloc(PyString_Size(s) + 1); +- strcpy($1[i], PyString_AsString(s)); +- } +- $1[size] = NULL; +-} +- +-%typemap(freearg,match="in") char * const [] { +- int i = 0; +- while($1[i]) { +- free($1[i]); +- i++; +- } +- free($1); + } + +-extern int rpm_execcon(unsigned int verified, +- const char *filename, +- char *const argv[], char *const envp[]); +- +-extern int is_context_customizable (security_context_t scontext); +- +-extern int selinux_trans_to_raw_context(char *trans, +- security_context_t *rawp); +-extern int selinux_raw_to_trans_context(char *raw, +- security_context_t *transp); +- +-%typemap(in, numinputs=0) char **(char *temp=NULL) { ++%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) { + $1 = &temp; + } + +-%typemap(argout) char ** { +- $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1)); ++%typemap(freearg) (security_context_t **) { ++ if (*$1) freeconary(*$1); + } +-extern int selinux_getpolicytype(char **enforce); +-extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); + +-int selinux_file_context_cmp(const security_context_t a, const security_context_t b); +-int selinux_file_context_verify(const char *path, mode_t mode); +-int selinux_lsetfilecon_default(const char *path); ++/* Ignore functions that don't make sense when wrapped */ ++%ignore freecon; ++%ignore freeconary; ++ ++/* Ignore functions that take a function pointer as an argument */ ++%ignore set_matchpathcon_printf; ++%ignore set_matchpathcon_invalidcon; ++%ignore set_matchpathcon_canoncon; ++ ++%include "../include/selinux/selinux.h" ++%include "../include/selinux/get_default_type.h" ++%include "../include/selinux/get_context_list.h" +--- libselinux-2.0.14/src/selinuxswig_python.i 1969-12-31 19:00:00.000000000 -0500 ++++ libselinux-2.0.14.new/src/selinuxswig_python.i 2007-09-13 09:07:28.000000000 -0400 +@@ -0,0 +1,138 @@ ++/* Author: James Athey ++ * ++ * Copyright (C) 2007 Tresys Technology, LLC ++ * ++ * This library is free software; you can redistribute it and/or ++ * modify it under the terms of the GNU Lesser General Public ++ * License as published by the Free Software Foundation; either ++ * version 2.1 of the License, or (at your option) any later version. ++ * ++ * This library is distributed in the hope that it will be useful, ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ * Lesser General Public License for more details. ++ * ++ * You should have received a copy of the GNU Lesser General Public ++ * License along with this library; if not, write to the Free Software ++ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA ++ */ ++ ++%module selinux ++%{ ++ #include "selinux/selinux.h" ++%} ++ ++/* security_get_boolean_names() typemap */ ++%typemap(argout) (char ***names, int *len) { ++ PyObject* list = PyList_New(*$2); ++ int i; ++ for (i = 0; i < *$2; i++) { ++ PyList_SetItem(list, i, PyString_FromString((*$1)[i])); ++ } ++ $result = SWIG_Python_AppendOutput($result, list); ++} ++ ++/* Makes security_compute_user() return a Python list of contexts */ ++%typemap(argout) (security_context_t **con) { ++ PyObject* plist; ++ int i, len = 0; ++ ++ if (*$1) { ++ while((*$1)[len]) ++ len++; ++ plist = PyList_New(len); ++ for (i = 0; i < len; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ ++ $result = SWIG_Python_AppendOutput($result, plist); ++} ++ ++/* Makes functions in get_context_list.h return a Python list of contexts */ ++%typemap(argout) (security_context_t **list) { ++ PyObject* plist; ++ int i; ++ ++ if (*$1) { ++ plist = PyList_New(result); ++ for (i = 0; i < result; i++) { ++ PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); ++ } ++ } else { ++ plist = PyList_New(0); ++ } ++ /* Only return the Python list, don't need to return the length anymore */ ++ $result = plist; ++} ++ ++%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") security_context_t * ""; ++%typemap(argout,noblock=1) security_context_t * { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ freecon(*$1); ++ } ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++} ++ ++%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { ++ $1 = &temp; ++} ++%typemap(freearg,match="in") char ** ""; ++%typemap(argout,noblock=1) char ** { ++ if (*$1) { ++ %append_output(SWIG_FromCharPtr(*$1)); ++ free(*$1); ++ } ++ else { ++ Py_INCREF(Py_None); ++ %append_output(Py_None); ++ } ++} ++ ++%typemap(in) char * const [] { ++ int i, size; ++ PyObject * s; ++ ++ if (!PySequence_Check($input)) { ++ PyErr_SetString(PyExc_ValueError, "Expected a sequence"); ++ return NULL; ++ } ++ ++ size = PySequence_Size($input); ++ ++ $1 = (char**) malloc(size + 1); ++ ++ for(i = 0; i < size; i++) { ++ if (!PyString_Check(PySequence_GetItem($input, i))) { ++ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); ++ return NULL; ++ } ++ } ++ ++ for(i = 0; i < size; i++) { ++ s = PySequence_GetItem($input, i); ++ $1[i] = (char*) malloc(PyString_Size(s) + 1); ++ strcpy($1[i], PyString_AsString(s)); ++ } ++ $1[size] = NULL; ++} ++ ++%typemap(freearg,match="in") char * const [] { ++ int i = 0; ++ while($1[i]) { ++ free($1[i]); ++ i++; ++ } ++ free($1); ++} ++ ++%include "selinuxswig.i" +--- libselinux-2.0.14/Makefile 2007-09-13 09:13:49.000000000 -0400 ++++ libselinux-2.0.14.new/Makefile 2007-09-13 09:08:20.000000000 -0400 +@@ -2,7 +2,7 @@ + $(MAKE) -C src + $(MAKE) -C utils + +-swigify: ++swigify: all + $(MAKE) -C src swigify + + pywrap: diff --git a/libselinux.spec b/libselinux.spec index 9f21102..ae3ef94 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,11 +2,13 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 2.0.14 -Release: 6%{?dist} +Release: 7%{?dist} License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz Patch: libselinux-rhat.patch +Patch1: libselinux-swig.patch +Patch2: libselinux-filecon.patch BuildRequires: libsepol-devel >= %{libsepolver} swig Requires: libsepol >= %{libsepolver} setransd @@ -50,6 +52,8 @@ needed for developing SELinux applications. %prep %setup -q %patch -p1 -b .rhat +%patch1 -p1 -b .swig +%patch2 -p1 -b .filecon %build make clean @@ -122,6 +126,10 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Thu Sep 13 2007 Dan Walsh - 2.0.14-7 +- Update swig bindings +- Fix getfilecon return codes + * Thu Sep 6 2007 Dan Walsh - 2.0.14-6 - fix swig binding for rpm_execcon