diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/setrans.h libselinux-1.30.3/include/selinux/setrans.h --- nsalibselinux/include/selinux/setrans.h 1969-12-31 19:00:00.000000000 -0500 +++ libselinux-1.30.3/include/selinux/setrans.h 2006-05-03 09:25:00.000000000 -0400 @@ -0,0 +1,32 @@ +/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ + +#ifndef _SETRANS_H +#define _SETRANS_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* This must be called once, prior to calling any other + translation function. + Returns nonzero if translations cannot be performed, + or 0 otherwise. */ +int init_context_translations(void); + +/* Perform context translation. + Caller must free the resulting context. + Returns nonzero if error or 0 otherwise. */ +int translate_context(const char *, char **); +int untranslate_context(const char *, char **); + +#ifdef __cplusplus +} +#endif + +#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix" + +#define SETRANS_INIT 1 +#define RAW_TO_TRANS_CONTEXT 2 +#define TRANS_TO_RAW_CONTEXT 3 + +#endif /* _SETRANS_H */ diff --exclude-from=exclude -N -u -r nsalibselinux/src/canonicalize_context.c libselinux-1.30.3/src/canonicalize_context.c --- nsalibselinux/src/canonicalize_context.c 2005-11-08 09:34:17.000000000 -0500 +++ libselinux-1.30.3/src/canonicalize_context.c 2006-05-03 11:00:33.000000000 -0400 @@ -5,7 +5,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" #include @@ -23,7 +22,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -64,22 +63,16 @@ security_context_t rcon = con; security_context_t rcanoncon; - if (context_translations && trans_to_raw_context(con, &rcon)) + + if (selinux_trans_to_raw_context(con, &rcon)) return -1; ret = security_canonicalize_context_raw(rcon, &rcanoncon); - if (context_translations) { - freecon(rcon); - if (!ret) { - if (raw_to_trans_context(rcanoncon, canoncon)) { - *canoncon = NULL; - ret = -1; - } - freecon(rcanoncon); - } - } else if (!ret) { - *canoncon = rcanoncon; + freecon(rcon); + if (!ret) { + ret = selinux_raw_to_trans_context(rcanoncon, canoncon); + freecon(rcanoncon); } return ret; diff --exclude-from=exclude -N -u -r nsalibselinux/src/check_context.c libselinux-1.30.3/src/check_context.c --- nsalibselinux/src/check_context.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/check_context.c 2006-05-03 10:59:57.000000000 -0400 @@ -32,13 +32,12 @@ int ret; security_context_t rcon = con; - if (context_translations && trans_to_raw_context(con, &rcon)) + if (selinux_trans_to_raw_context(con, &rcon)) return -1; ret = security_check_context_raw(rcon); - if (context_translations) - freecon(rcon); + freecon(rcon); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_av.c libselinux-1.30.3/src/compute_av.c --- nsalibselinux/src/compute_av.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/compute_av.c 2006-05-03 11:00:48.000000000 -0400 @@ -5,7 +5,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" #include @@ -26,7 +25,7 @@ if (fd < 0) return -1; - len = PAGE_SIZE; + len = selinux_page_size; buf = malloc(len); if (!buf) { ret = -1; @@ -70,21 +69,17 @@ security_context_t rscon = scon; security_context_t rtcon = tcon; - if (context_translations) { - if (trans_to_raw_context(scon, &rscon)) - return -1; - if (trans_to_raw_context(tcon, &rtcon)) { - freecon(rscon); - return -1; - } + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; } ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd); - if (context_translations) { - freecon(rscon); - freecon(rtcon); - } + freecon(rscon); + freecon(rtcon); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_create.c libselinux-1.30.3/src/compute_create.c --- nsalibselinux/src/compute_create.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/compute_create.c 2006-05-03 11:04:26.000000000 -0400 @@ -5,7 +5,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" #include @@ -25,7 +24,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -66,29 +65,21 @@ security_context_t rtcon = tcon; security_context_t rnewcon; - if (context_translations) { - if (trans_to_raw_context(scon, &rscon)) - return -1; - if (trans_to_raw_context(tcon, &rtcon)) { - freecon(rscon); - return -1; - } + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; } ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon); - if (context_translations) { - freecon(rscon); - freecon(rtcon); - if (!ret) { - if (raw_to_trans_context(rnewcon, newcon)) { - *newcon = NULL; - ret = -1; - } - freecon(rnewcon); - } - } else if (!ret) - *newcon = rnewcon; + freecon(rscon); + freecon(rtcon); + if (!ret) { + ret = selinux_raw_to_trans_context(rnewcon, newcon); + freecon(rnewcon); + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_member.c libselinux-1.30.3/src/compute_member.c --- nsalibselinux/src/compute_member.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/compute_member.c 2006-05-03 11:01:44.000000000 -0400 @@ -5,7 +5,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" #include @@ -25,7 +24,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -66,29 +65,24 @@ security_context_t rtcon = tcon; security_context_t rnewcon; - if (context_translations) { - if (trans_to_raw_context(scon, &rscon)) - return -1; - if (trans_to_raw_context(tcon, &rtcon)) { - freecon(rscon); - return -1; - } + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; } ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon); - if (context_translations) { - freecon(rscon); - freecon(rtcon); - if (!ret) { - if (raw_to_trans_context(rnewcon, newcon)) { - *newcon = NULL; - ret = -1; - } - freecon(rnewcon); + freecon(rscon); + freecon(rtcon); + if (!ret) { + if (selinux_raw_to_trans_context(rnewcon, newcon)) { + *newcon = NULL; + ret = -1; } - } else if (!ret) - *newcon = rnewcon; + freecon(rnewcon); + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_relabel.c libselinux-1.30.3/src/compute_relabel.c --- nsalibselinux/src/compute_relabel.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/compute_relabel.c 2006-05-03 11:04:30.000000000 -0400 @@ -5,7 +5,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" #include @@ -25,7 +24,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -66,29 +65,21 @@ security_context_t rtcon = tcon; security_context_t rnewcon; - if (context_translations) { - if (trans_to_raw_context(scon, &rscon)) - return -1; - if (trans_to_raw_context(tcon, &rtcon)) { - freecon(rscon); - return -1; - } + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; } ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon); - if (context_translations) { - freecon(rscon); - freecon(rtcon); - if (!ret) { - if (raw_to_trans_context(rnewcon, newcon)) { - *newcon = NULL; - ret = -1; - } - freecon(rnewcon); - } - } else if (!ret) - *newcon = rnewcon; + freecon(rscon); + freecon(rtcon); + if (!ret) { + ret=selinux_raw_to_trans_context(rnewcon, newcon); + freecon(rnewcon); + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/compute_user.c libselinux-1.30.3/src/compute_user.c --- nsalibselinux/src/compute_user.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/compute_user.c 2006-05-03 11:02:16.000000000 -0400 @@ -5,7 +5,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" #include @@ -26,7 +25,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -82,24 +81,22 @@ int ret; security_context_t rscon = scon; - if (context_translations && trans_to_raw_context(scon, &rscon)) + if (selinux_trans_to_raw_context(scon, &rscon)) return -1; ret = security_compute_user_raw(rscon, user, con); - if (context_translations) { - freecon(rscon); - if (!ret) { - security_context_t *ptr, tmpcon; - for (ptr = *con; *ptr; ptr++) { - if (raw_to_trans_context(*ptr, &tmpcon)) { - freeconary(*con); - *con = NULL; - return -1; - } - freecon(*ptr); - *ptr = tmpcon; + freecon(rscon); + if (!ret) { + security_context_t *ptr, tmpcon; + for (ptr = *con; *ptr; ptr++) { + if (selinux_raw_to_trans_context(*ptr, &tmpcon)) { + freeconary(*con); + *con = NULL; + return -1; } + freecon(*ptr); + *ptr = tmpcon; } } diff --exclude-from=exclude -N -u -r nsalibselinux/src/enabled.c libselinux-1.30.3/src/enabled.c --- nsalibselinux/src/enabled.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/enabled.c 2006-05-02 14:48:35.000000000 -0400 @@ -5,7 +5,6 @@ #include #include #include -#include #include #include "policy.h" @@ -22,7 +21,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { enabled = -1; diff --exclude-from=exclude -N -u -r nsalibselinux/src/fgetfilecon.c libselinux-1.30.3/src/fgetfilecon.c --- nsalibselinux/src/fgetfilecon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/fgetfilecon.c 2006-05-03 10:55:46.000000000 -0400 @@ -52,14 +52,10 @@ ret = fgetfilecon_raw(fd, &rcontext); - if (context_translations && ret > 0) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (ret > 0) { + ret=selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (ret > 0) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/fsetfilecon.c libselinux-1.30.3/src/fsetfilecon.c --- nsalibselinux/src/fsetfilecon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/fsetfilecon.c 2006-05-03 11:02:20.000000000 -0400 @@ -18,13 +18,12 @@ int ret; security_context_t rcontext = context; - if (context_translations && trans_to_raw_context(context, &rcontext)) + if (selinux_trans_to_raw_context(context, &rcontext)) return -1; ret = fsetfilecon_raw(fd, rcontext); - if (context_translations) - freecon(rcontext); + freecon(rcontext); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getcon.c libselinux-1.30.3/src/getcon.c --- nsalibselinux/src/getcon.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/getcon.c 2006-05-03 11:02:25.000000000 -0400 @@ -4,7 +4,6 @@ #include "selinux_internal.h" #include #include -#include #include "policy.h" int getcon_raw(security_context_t *context) @@ -18,7 +17,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -51,14 +50,13 @@ ret = getcon_raw(&rcontext); - if (context_translations && !ret) { - if (raw_to_trans_context(rcontext, context)) { + if (!ret) { + if (selinux_raw_to_trans_context(rcontext, context)) { *context = NULL; ret = -1; } freecon(rcontext); - } else if (!ret) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getexeccon.c libselinux-1.30.3/src/getexeccon.c --- nsalibselinux/src/getexeccon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/getexeccon.c 2006-05-03 11:04:35.000000000 -0400 @@ -3,7 +3,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" @@ -18,7 +17,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -56,14 +55,10 @@ ret = getexeccon_raw(&rcontext); - if (context_translations && !ret) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (!ret) { + ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (!ret) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfilecon.c libselinux-1.30.3/src/getfilecon.c --- nsalibselinux/src/getfilecon.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/getfilecon.c 2006-05-03 10:54:32.000000000 -0400 @@ -52,14 +52,10 @@ ret = getfilecon_raw(path, &rcontext); - if (context_translations && ret > 0) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (ret > 0) { + ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (ret > 0) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getfscreatecon.c libselinux-1.30.3/src/getfscreatecon.c --- nsalibselinux/src/getfscreatecon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/getfscreatecon.c 2006-05-03 11:04:45.000000000 -0400 @@ -3,7 +3,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" @@ -18,7 +17,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -56,14 +55,10 @@ ret = getfscreatecon_raw(&rcontext); - if (context_translations && !ret) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (!ret) { + ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (!ret) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpeercon.c libselinux-1.30.3/src/getpeercon.c --- nsalibselinux/src/getpeercon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/getpeercon.c 2006-05-03 11:03:09.000000000 -0400 @@ -51,14 +51,10 @@ ret = getpeercon_raw(fd, &rcontext); - if (context_translations && !ret) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (!ret) { + ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (!ret) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getpidcon.c libselinux-1.30.3/src/getpidcon.c --- nsalibselinux/src/getpidcon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/getpidcon.c 2006-05-03 11:03:33.000000000 -0400 @@ -4,7 +4,6 @@ #include #include #include -#include #include "selinux_internal.h" #include "policy.h" @@ -22,7 +21,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -55,14 +54,10 @@ ret = getpidcon_raw(pid, &rcontext); - if (context_translations && !ret) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (!ret) { + ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (!ret) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/getprevcon.c libselinux-1.30.3/src/getprevcon.c --- nsalibselinux/src/getprevcon.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/getprevcon.c 2006-05-03 11:03:45.000000000 -0400 @@ -4,7 +4,6 @@ #include "selinux_internal.h" #include #include -#include #include "policy.h" int getprevcon_raw(security_context_t *context) @@ -18,7 +17,7 @@ if (fd < 0) return -1; - size = PAGE_SIZE; + size = selinux_page_size; buf = malloc(size); if (!buf) { ret = -1; @@ -51,14 +50,10 @@ ret = getprevcon_raw(&rcontext); - if (context_translations && !ret) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (!ret) { + ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (!ret) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/init.c libselinux-1.30.3/src/init.c --- nsalibselinux/src/init.c 2005-12-14 14:16:46.000000000 -0500 +++ libselinux-1.30.3/src/init.c 2006-05-03 10:30:57.000000000 -0400 @@ -4,15 +4,16 @@ #include #include #include -#include #include #include +#include #include "dso.h" #include "policy.h" #include "selinux_internal.h" char *selinux_mnt = NULL; +int selinux_page_size=0; static void init_selinuxmnt(void) { @@ -27,11 +28,12 @@ if (!fp) return; - size = PAGE_SIZE; + size = selinux_page_size; + buf = malloc(size); if (!buf) goto out; - + memset(buf, 0, size); while(( bufp = fgets_unlocked(buf, size, fp))) @@ -75,65 +77,15 @@ } hidden_def(set_selinuxmnt) -int context_translations hidden; -void *translation_lib_handle hidden; - -/* from libsetrans.c */ -extern int hidden (*lib_trans_to_raw_context)(char *trans, char **rawp); -extern int hidden (*lib_raw_to_trans_context)(char *raw, char **transp); - - static void init_translations(void) { -#ifdef SHARED - int (*lib_trans_init)(void) = NULL; - - translation_lib_handle = dlopen("libsetrans.so.0", RTLD_NOW); - if (!translation_lib_handle) - return; - - dlerror(); - - lib_trans_init = dlsym(translation_lib_handle, - "init_context_translations"); - if (dlerror() || lib_trans_init()) - return; - - lib_raw_to_trans_context = dlsym(translation_lib_handle, - "translate_context"); - if (dlerror()) - return; - - lib_trans_to_raw_context = dlsym(translation_lib_handle, - "untranslate_context"); - if (dlerror()) - return; - - context_translations = 1; -#endif -} - -static void fini_translations(void) -{ -#ifdef SHARED - context_translations = 0; - if (translation_lib_handle) { - int (*lib_trans_finish)(void) = NULL; - - lib_trans_finish = dlsym(translation_lib_handle, - "finish_context_translations"); - if (! dlerror()) - lib_trans_finish(); - - dlclose(translation_lib_handle); - translation_lib_handle = NULL; - } -#endif + init_context_translations(); } static void init_lib(void) __attribute__ ((constructor)); static void init_lib(void) { + selinux_page_size = sysconf(_SC_PAGE_SIZE); init_selinuxmnt(); init_translations(); } @@ -141,6 +93,5 @@ static void fini_lib(void) __attribute__ ((destructor)); static void fini_lib(void) { - fini_translations(); fini_selinuxmnt(); } diff --exclude-from=exclude -N -u -r nsalibselinux/src/lgetfilecon.c libselinux-1.30.3/src/lgetfilecon.c --- nsalibselinux/src/lgetfilecon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/lgetfilecon.c 2006-05-03 10:55:25.000000000 -0400 @@ -52,14 +52,10 @@ ret = lgetfilecon_raw(path, &rcontext); - if (context_translations && ret > 0) { - if (raw_to_trans_context(rcontext, context)) { - *context = NULL; - ret = -1; - } + if (ret > 0) { + ret = selinux_raw_to_trans_context(rcontext, context); freecon(rcontext); - } else if (ret > 0) - *context = rcontext; + } return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/lsetfilecon.c libselinux-1.30.3/src/lsetfilecon.c --- nsalibselinux/src/lsetfilecon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/lsetfilecon.c 2006-05-03 11:03:50.000000000 -0400 @@ -18,13 +18,12 @@ int ret; security_context_t rcontext = context; - if (context_translations && trans_to_raw_context(context, &rcontext)) + if (selinux_trans_to_raw_context(context, &rcontext)) return -1; ret = lsetfilecon_raw(path, rcontext); - if (context_translations) - freecon(rcontext); + freecon(rcontext); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchmediacon.c libselinux-1.30.3/src/matchmediacon.c --- nsalibselinux/src/matchmediacon.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/matchmediacon.c 2006-05-03 11:03:54.000000000 -0400 @@ -59,13 +59,10 @@ return -1; } - if (context_translations) { - if (raw_to_trans_context(ptr2, con)) { - *con = NULL; - return -1; - } - } else - *con = strdup(ptr2); + if (selinux_raw_to_trans_context(ptr2, con)) { + *con = NULL; + return -1; + } return 0; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-1.30.3/src/matchpathcon.c --- nsalibselinux/src/matchpathcon.c 2006-04-14 07:21:23.000000000 -0400 +++ libselinux-1.30.3/src/matchpathcon.c 2006-05-03 11:04:01.000000000 -0400 @@ -591,19 +591,14 @@ if (myflags & MATCHPATHCON_NOTRANS) goto skip_trans; - if (context_translations) { - if (raw_to_trans_context(context, &tmpcon)) { - myprintf("%s: line %u has invalid " - "context %s\n", - path, lineno, context); - return 0; - } - free(context); - context = tmpcon; - } else { - if (STRIP_LEVEL(&context, mls_enabled)) - return -1; + if (selinux_raw_to_trans_context(context, &tmpcon)) { + myprintf("%s: line %u has invalid " + "context %s\n", + path, lineno, context); + return 0; } + free(context); + context = tmpcon; skip_trans: if (myflags & MATCHPATHCON_VALIDATE) { diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.3/src/selinux_internal.h --- nsalibselinux/src/selinux_internal.h 2005-12-01 10:10:32.000000000 -0500 +++ libselinux-1.30.3/src/selinux_internal.h 2006-05-03 10:56:53.000000000 -0400 @@ -65,9 +65,6 @@ hidden_proto(selinux_translations_path); hidden_proto(selinux_getenforcemode); -extern int context_translations hidden; -extern int hidden trans_to_raw_context(char *trans, char **rawp); -extern int hidden raw_to_trans_context(char *raw, char **transp); - extern int load_setlocaldefs hidden; extern int require_seusers hidden; +extern int selinux_page_size hidden; diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-1.30.3/src/selinuxswig.i --- nsalibselinux/src/selinuxswig.i 2006-04-14 07:21:23.000000000 -0400 +++ libselinux-1.30.3/src/selinuxswig.i 2006-05-02 13:08:05.000000000 -0400 @@ -28,9 +28,18 @@ %typemap(in, numinputs=0) security_context_t *(security_context_t temp) { $1 = &temp; } -%typemap(argout) security_context_t * { - $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1)); +%typemap(argout) security_context_t * (char *temp) { + if (*$1) + temp = *$1; + else + temp = ""; + $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp)); +} + +%typemap(in) security_context_t { + $1 = (security_context_t)PyString_AsString($input); } + %typedef unsigned mode_t; extern int is_selinux_enabled(void); diff --exclude-from=exclude -N -u -r nsalibselinux/src/setcon.c libselinux-1.30.3/src/setcon.c --- nsalibselinux/src/setcon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/setcon.c 2006-05-03 11:04:05.000000000 -0400 @@ -32,13 +32,12 @@ int ret; security_context_t rcontext = context; - if (context_translations && trans_to_raw_context(context, &rcontext)) + if (selinux_trans_to_raw_context(context, &rcontext)) return -1; ret = setcon_raw(rcontext); - if (context_translations) - freecon(rcontext); + freecon(rcontext); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/setexeccon.c libselinux-1.30.3/src/setexeccon.c --- nsalibselinux/src/setexeccon.c 2005-08-23 13:34:34.000000000 -0400 +++ libselinux-1.30.3/src/setexeccon.c 2006-05-03 11:04:09.000000000 -0400 @@ -28,13 +28,12 @@ int ret; security_context_t rcontext = context; - if (context_translations && trans_to_raw_context(context, &rcontext)) + if (selinux_trans_to_raw_context(context, &rcontext)) return -1; ret = setexeccon_raw(rcontext); - if (context_translations) - freecon(rcontext); + freecon(rcontext); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfilecon.c libselinux-1.30.3/src/setfilecon.c --- nsalibselinux/src/setfilecon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/setfilecon.c 2006-05-03 11:04:13.000000000 -0400 @@ -18,13 +18,12 @@ int ret; security_context_t rcontext = context; - if (context_translations && trans_to_raw_context(context, &rcontext)) + if (selinux_trans_to_raw_context(context, &rcontext)) return -1; ret = setfilecon_raw(path, rcontext); - if (context_translations) - freecon(rcontext); + freecon(rcontext); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/setfscreatecon.c libselinux-1.30.3/src/setfscreatecon.c --- nsalibselinux/src/setfscreatecon.c 2005-08-25 11:32:02.000000000 -0400 +++ libselinux-1.30.3/src/setfscreatecon.c 2006-05-03 11:04:17.000000000 -0400 @@ -28,13 +28,12 @@ int ret; security_context_t rcontext = context; - if (context_translations && trans_to_raw_context(context, &rcontext)) + if (selinux_trans_to_raw_context(context, &rcontext)) return -1; ret = setfscreatecon_raw(rcontext); - if (context_translations) - freecon(rcontext); + freecon(rcontext); return ret; } diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_client.c libselinux-1.30.3/src/setrans_client.c --- nsalibselinux/src/setrans_client.c 1969-12-31 19:00:00.000000000 -0500 +++ libselinux-1.30.3/src/setrans_client.c 2006-05-03 10:56:24.000000000 -0400 @@ -0,0 +1,246 @@ +/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ + +#include +#include +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include "selinux/setrans.h" +#include "dso.h" + + +/* + * setransd_open + * + * This function opens a socket to the setransd. + * Returns: on success, a file descriptor ( >= 0 ) to the socket + * on error, a negative value + */ +static int +setransd_open(void) +{ + struct sockaddr_un addr; + int fd; + + fd = socket(PF_UNIX, SOCK_STREAM, 0); + if (fd < 0) { + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + strcpy(addr.sun_path, SETRANS_UNIX_SOCKET); + if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { + close(fd); + return -1; + } + + return fd; +} + +/* Returns: 0 on success, <0 on failure */ +static int +send_request(int fd, uint32_t function, const char *data1, const char *data2) +{ + struct iovec req_hdr[4]; + uint32_t data1_size; + uint32_t data2_size; + struct iovec req_data[2]; + ssize_t count; + + if (fd < 0) + return -1; + + if (!data1) + data1 = ""; + if (!data2) + data2 = ""; + + data1_size = strlen(data1) + 1; + data2_size = strlen(data2) + 1; + + req_hdr[0].iov_base = &function; + req_hdr[0].iov_len = sizeof(function); + req_hdr[1].iov_base = &data1_size; + req_hdr[1].iov_len = sizeof(data1_size); + req_hdr[2].iov_base = &data2_size; + req_hdr[2].iov_len = sizeof(data2_size); + + while (((count = writev(fd, req_hdr, 3)) < 0) && (errno == EINTR)); + if (count != (sizeof(function) + sizeof(data1_size) + + sizeof(data2_size) )) { + return -1; + } + + req_data[0].iov_base = (char *)data1; + req_data[0].iov_len = data1_size; + req_data[1].iov_base = (char *)data2; + req_data[1].iov_len = data2_size; + + while (((count = writev(fd, req_data, 2)) < 0) && (errno == EINTR)); + if (count < 0 || (uint32_t)count != (data1_size + data2_size)) { + return -1; + } + + return 0; +} + +/* Returns: 0 on success, <0 on failure */ +static int +receive_response(int fd, uint32_t function, char **outdata, int32_t *ret_val) +{ + struct iovec resp_hdr[3]; + uint32_t func; + uint32_t data_size; + char *data; + struct iovec resp_data; + ssize_t count; + + if (fd < 0) + return -1; + + resp_hdr[0].iov_base = &func; + resp_hdr[0].iov_len = sizeof(func); + resp_hdr[1].iov_base = &data_size; + resp_hdr[1].iov_len = sizeof(data_size); + resp_hdr[2].iov_base = ret_val; + resp_hdr[2].iov_len = sizeof(*ret_val); + + while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)); + if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) { + return -1; + } + + if (func != function || !data_size) { + return -1; + } + + data = malloc(data_size); + if (!data) { + return -1; + } + + resp_data.iov_base = data; + resp_data.iov_len = data_size; + + while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)); + if (count < 0 || (uint32_t)count != data_size || data[data_size - 1] != '\0') { + free(data); + return -1; + } + + *outdata = data; + return 0; +} + +static int raw_to_trans_context(char *raw, char **transp) +{ + int ret; + int32_t ret_val; + int fd; + + *transp = NULL; + + fd = setransd_open(); + if (fd < 0) + return fd; + + ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL); + if (ret) + goto out; + + ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val); + if (ret) + goto out; + + ret = ret_val; +out: + close(fd); + return ret; +} + +static int trans_to_raw_context(char *trans, char **rawp) +{ + int ret; + int32_t ret_val; + int fd; + + *rawp = NULL; + + fd = setransd_open(); + if (fd < 0) + return fd; + ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL); + if (ret) + goto out; + + ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val); + if (ret) + goto out; + + ret = ret_val; +out: + close(fd); + return ret_val; +} + + +int +init_context_translations(void) +{ + int ret, fd; + int32_t ret_val; + char *out = NULL; + + fd = setransd_open(); + if (fd < 0) + return fd; + + ret = send_request(fd, SETRANS_INIT, NULL, NULL); + if (ret) + goto out; + + ret = receive_response(fd, SETRANS_INIT, &out, &ret_val); + free(out); + if (!ret) + ret = ret_val; +out: + close(fd); + return ret; +} + + +int selinux_trans_to_raw_context(security_context_t trans, + security_context_t *rawp) +{ + if (!trans) { + *rawp = NULL; + return 0; + } + + if (trans_to_raw_context(trans, rawp)) + *rawp = strdup(trans); + return *rawp ? 0 : -1; +} + +int selinux_raw_to_trans_context(security_context_t raw, + security_context_t *transp) +{ + if (!raw) { + *transp = NULL; + return 0; + } + + if (raw_to_trans_context(raw, transp)) + *transp = strdup(raw); + + return *transp ? 0 : -1; +} diff --exclude-from=exclude -N -u -r nsalibselinux/src/setrans_internal.h libselinux-1.30.3/src/setrans_internal.h --- nsalibselinux/src/setrans_internal.h 1969-12-31 19:00:00.000000000 -0500 +++ libselinux-1.30.3/src/setrans_internal.h 2006-05-03 09:18:19.000000000 -0400 @@ -0,0 +1,8 @@ +/* Copyright (c) 2006 Trusted Computer Solutions, Inc. */ + +#define SETRANS_UNIX_SOCKET "/var/.setrans-unix" + +#define SETRANS_INIT 1 +#define RAW_TO_TRANS_CONTEXT 2 +#define TRANS_TO_RAW_CONTEXT 3 + diff --exclude-from=exclude -N -u -r nsalibselinux/src/trans.c libselinux-1.30.3/src/trans.c --- nsalibselinux/src/trans.c 2005-08-31 12:33:10.000000000 -0400 +++ libselinux-1.30.3/src/trans.c 1969-12-31 19:00:00.000000000 -0500 @@ -1,59 +0,0 @@ -#include "selinux_internal.h" -#include - -int (*lib_trans_to_raw_context)(char *trans, char **rawp) hidden; -int (*lib_raw_to_trans_context)(char *raw, char **transp) hidden; - -int hidden trans_to_raw_context(char *trans, char **rawp) -{ - *rawp = NULL; - if (!trans) - return 0; - - if (trans && lib_trans_to_raw_context(trans, rawp)) - *rawp = strdup(trans); - - return *rawp ? 0 : -1; -} - -int selinux_trans_to_raw_context(security_context_t trans, - security_context_t *rawp) -{ - if (context_translations) - return trans_to_raw_context(trans, rawp); - - if (!trans) { - *rawp = NULL; - return 0; - } - - *rawp = strdup(trans); - return *rawp ? 0 : -1; -} - -int hidden raw_to_trans_context(char *raw, char **transp) -{ - *transp = NULL; - if (!raw) - return 0; - - if (raw && lib_raw_to_trans_context(raw, transp)) - *transp = strdup(raw); - - return *transp ? 0 : -1; -} - -int selinux_raw_to_trans_context(security_context_t raw, - security_context_t *transp) -{ - if (context_translations) - return raw_to_trans_context(raw, transp); - - if (!raw) { - *transp = NULL; - return 0; - } - - *transp = strdup(raw); - return *transp ? 0 : -1; -}