rpms
/
libselinux
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update to upstream 

* Add support for lxc_contexts_path
	* utils: add service to getdefaultcon
	* libsemanage: do not set soname needlessly
	* libsemanage: remove PYTHONLIBDIR and ruby equivalent
	* boolean name equivalency
	* getsebool: support boolean name substitution
	* Add man page for new selinux_boolean_sub function.
	* expose selinux_boolean_sub
	* matchpathcon: add -m option to force file type check
	* utils: avcstat: clear sa_mask set
	* seusers: Check for strchr failure
	* booleans: initialize pointer to silence coveriety
	* stop messages when SELinux disabled
	* label_file: use PCRE instead of glibc regex functions
	* label_file: remove all typedefs
	* label_file: move definitions to include file
	* label_file: do string to mode_t conversion in a helper function
	* label_file: move error reporting back into caller
	* label_file: move stem/spec handling to header
	* label_file: drop useless ncomp field from label_file data
	* label_file: move spec_hasMetaChars to header
	* label_file: fix potential read past buffer in spec_hasMetaChars
	* label_file: move regex sorting to the header
	* label_file: add accessors for the pcre extra data
	* label_file: only run regex files one time
	* label_file: new process_file function
	* label_file: break up find_stem_from_spec
	* label_file: struct reorg
	* label_file: only run array once when sorting
	* Ensure that we only close the selinux netlink socket once.
	* improve the file_contexts.5 manual page
This commit is contained in:
rhatdan 2012-09-14 05:59:45 -04:00
parent 4eed7a5379
commit 01a1f705b5
7 changed files with 735 additions and 1533 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -193,3 +193,4 @@ libselinux-2.0.96.tgz
/libselinux-2.1.9.tgz
/libselinux-2.1.10.tgz
/libselinux-2.1.11.tgz
/libselinux-2.1.12.tgz

1622
libselinux-rhat.patch
View File

File diff suppressed because it is too large Load Diff

23
libselinux-tlssegneg.patch
View File

@ -1,23 +0,0 @@
--- libselinux-1.30.19/src/Makefile.notls 2006-08-01 14:16:38.000000000 -0400
+++ libselinux-1.30.19/src/Makefile 2006-08-01 14:37:15.000000000 -0400
@@ -24,6 +24,11 @@
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64
RANLIB=ranlib
+ARCH := $(patsubst i%86,i386,$(shell uname -m))
+ifneq (,$(filter i386,$(ARCH)))
+TLSFLAGS += -mno-tls-direct-seg-refs
+endif
+
SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
all: $(LIBA) $(LIBSO)
@@ -45,7 +50,7 @@
ln -sf $@ $(TARGET)
%.o: %.c policy.h
- $(CC) $(CFLAGS) -c -o $@ $<
+ $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
%.lo: %.c policy.h
$(CC) $(CFLAGS) -fpic -DSHARED -c -o $@ $<

236
libselinux-xaccel.patch
View File

@ -1,236 +0,0 @@
diff -up libselinux-2.0.77/include/selinux/avc.h.pre.create.cache libselinux-2.0.77/include/selinux/avc.h
--- libselinux-2.0.77/include/selinux/avc.h.pre.create.cache 2009-01-27 14:47:32.000000000 -0500
+++ libselinux-2.0.77/include/selinux/avc.h 2009-03-02 14:52:40.859167987 -0500
@@ -353,6 +353,7 @@ int avc_compute_member(security_id_t ssi
#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
#define AVC_CALLBACK_AUDITDENY_ENABLE 64
#define AVC_CALLBACK_AUDITDENY_DISABLE 128
+#define AVC_CALLBACK_ADD_CREATE 256
/**
* avc_add_callback - Register a callback for security events.
diff -up libselinux-2.0.77/src/avc.c.pre.create.cache libselinux-2.0.77/src/avc.c
--- libselinux-2.0.77/src/avc.c.pre.create.cache 2009-01-27 14:47:32.000000000 -0500
+++ libselinux-2.0.77/src/avc.c 2009-03-02 15:57:54.764288907 -0500
@@ -20,6 +20,8 @@ struct avc_entry {
security_id_t tsid;
security_class_t tclass;
struct av_decision avd;
+ security_id_t create_sid;
+ unsigned create_decided :1;
int used; /* used recently */
};
@@ -58,6 +60,11 @@ static struct avc_cache_stats cache_stat
static struct avc_callback_node *avc_callbacks = NULL;
static struct sidtab avc_sidtab;
+/* forward declaration */
+static int avc_update_cache(uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms, security_id_t create_sid);
+
static inline int avc_hash(security_id_t ssid,
security_id_t tsid, security_class_t tclass)
{
@@ -340,6 +347,16 @@ static inline struct avc_node *avc_recla
return cur;
}
+static inline void avc_clear_avc_entry(struct avc_entry *ae)
+{
+ ae->ssid = ae->tsid = ae->create_sid = NULL;
+ ae->tclass = 0;
+ ae->create_decided = 0;
+ ae->avd.allowed = ae->avd.decided = 0;
+ ae->avd.auditallow = ae->avd.auditdeny = 0;
+ ae->used = 0;
+}
+
static inline struct avc_node *avc_claim_node(security_id_t ssid,
security_id_t tsid,
security_class_t tclass)
@@ -361,6 +378,7 @@ static inline struct avc_node *avc_claim
}
hvalue = avc_hash(ssid, tsid, tclass);
+ avc_clear_avc_entry(&new->ae);
new->ae.used = 1;
new->ae.ssid = ssid;
new->ae.tsid = tsid;
@@ -498,8 +516,8 @@ static int avc_insert(security_id_t ssid
* avc_remove - Remove AVC and sidtab entries for SID.
* @sid: security identifier to be removed
*
- * Remove all AVC entries containing @sid as source
- * or target, and remove @sid from the SID table.
+ * Remove all AVC entries containing @sid as source, target, or
+ * create_sid, and remove @sid from the SID table.
* Free the memory allocated for the structure corresponding
* to @sid. After this function has been called, @sid must
* not be used until another call to avc_context_to_sid() has
@@ -514,19 +532,15 @@ static void avc_remove(security_id_t sid
cur = avc_cache.slots[i];
prev = NULL;
while (cur) {
- if (sid == cur->ae.ssid || sid == cur->ae.tsid) {
+ if (sid == cur->ae.ssid || sid == cur->ae.tsid ||
+ (cur->ae.create_decided && sid == cur->ae.create_sid)) {
if (prev)
prev->next = cur->next;
else
avc_cache.slots[i] = cur->next;
tmp = cur;
cur = cur->next;
- tmp->ae.ssid = tmp->ae.tsid = NULL;
- tmp->ae.tclass = 0;
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny =
- 0;
- tmp->ae.used = 0;
+ avc_clear_avc_entry(&tmp->ae);
tmp->next = avc_node_freelist;
avc_node_freelist = tmp;
avc_cache.active_nodes--;
@@ -570,11 +584,7 @@ int avc_reset(void)
while (node) {
tmp = node;
node = node->next;
- tmp->ae.ssid = tmp->ae.tsid = NULL;
- tmp->ae.tclass = 0;
- tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
- tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
- tmp->ae.used = 0;
+ avc_clear_avc_entry(&tmp->ae);
tmp->next = avc_node_freelist;
avc_node_freelist = tmp;
avc_cache.active_nodes--;
@@ -896,24 +906,52 @@ int avc_compute_create(security_id_t ssi
security_class_t tclass, security_id_t *newsid)
{
int rc;
+ struct avc_entry_ref aeref;
+ security_context_t ctx = NULL;
+
*newsid = NULL;
+
+ avc_entry_ref_init(&aeref);
+retry:
avc_get_lock(avc_lock);
- if (ssid->refcnt > 0 && tsid->refcnt > 0) {
- security_context_t ctx = NULL;
- rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
- &ctx);
- if (rc)
- goto out;
- rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
- if (!rc)
- (*newsid)->refcnt++;
- freecon(ctx);
- } else {
+ if (ssid->refcnt <= 0 || tsid->refcnt <= 0) {
errno = EINVAL; /* bad reference count */
rc = -1;
+ goto out;
+ }
+
+ rc = avc_lookup(ssid, tsid, tclass, 0, &aeref);
+ if (!rc) {
+ /* we found something in the avc */
+ if (aeref.ae->create_decided) {
+ *newsid = aeref.ae->create_sid;
+ goto out;
+ } else {
+ goto compute;
+ }
}
+ /* there is nothing in the avd for this tuple, so, lets get something */
+ avc_release_lock(avc_lock);
+ avc_has_perm_noaudit(ssid, tsid, tclass, 0, &aeref, NULL);
+ goto retry;
+
+compute:
+ rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
+ &ctx);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
+ if (rc)
+ goto out;
+
+ avc_update_cache(AVC_CALLBACK_ADD_CREATE, ssid, tsid, tclass, 0,
+ *newsid);
+
out:
+ if (*newsid)
+ (*newsid)->refcnt++;
avc_release_lock(avc_lock);
+ freecon(ctx);
return rc;
}
@@ -978,7 +1016,8 @@ static inline int avc_sidcmp(security_id
}
static inline void avc_update_node(uint32_t event, struct avc_node *node,
- access_vector_t perms)
+ access_vector_t perms,
+ security_id_t create_sid)
{
switch (event) {
case AVC_CALLBACK_GRANT:
@@ -1000,12 +1039,16 @@ static inline void avc_update_node(uint3
case AVC_CALLBACK_AUDITDENY_DISABLE:
node->ae.avd.auditdeny &= ~perms;
break;
+ case AVC_CALLBACK_ADD_CREATE:
+ node->ae.create_sid = create_sid;
+ node->ae.create_decided = 1;
+ break;
}
}
static int avc_update_cache(uint32_t event, security_id_t ssid,
security_id_t tsid, security_class_t tclass,
- access_vector_t perms)
+ access_vector_t perms, security_id_t create_sid)
{
struct avc_node *node;
int i;
@@ -1019,7 +1062,7 @@ static int avc_update_cache(uint32_t eve
if (avc_sidcmp(ssid, node->ae.ssid) &&
avc_sidcmp(tsid, node->ae.tsid) &&
tclass == node->ae.tclass) {
- avc_update_node(event, node, perms);
+ avc_update_node(event, node, perms, create_sid);
}
}
}
@@ -1027,7 +1070,7 @@ static int avc_update_cache(uint32_t eve
/* apply to one node */
node = avc_search_node(ssid, tsid, tclass, 0);
if (node) {
- avc_update_node(event, node, perms);
+ avc_update_node(event, node, perms, create_sid);
}
}
@@ -1058,7 +1101,7 @@ static int avc_control(uint32_t event, s
* been invoked to update the cache state.
*/
if (event != AVC_CALLBACK_TRY_REVOKE)
- avc_update_cache(event, ssid, tsid, tclass, perms);
+ avc_update_cache(event, ssid, tsid, tclass, perms, NULL);
for (c = avc_callbacks; c; c = c->next) {
if ((c->events & event) &&
@@ -1080,7 +1123,7 @@ static int avc_control(uint32_t event, s
if (event == AVC_CALLBACK_TRY_REVOKE) {
/* revoke any unretained permissions */
perms &= ~tretained;
- avc_update_cache(event, ssid, tsid, tclass, perms);
+ avc_update_cache(event, ssid, tsid, tclass, perms, NULL);
*out_retained = tretained;
}

41
libselinux.spec
View File

@ -2,13 +2,13 @@
%define ruby_inc %(pkg-config --cflags ruby-1.9)
%define ruby_sitearch %(ruby -rrbconfig -e "puts RbConfig::CONFIG['vendorarchdir']")
%define libsepolver 2.1.5-1
%define libsepolver 2.1.8-1
%{!?python_sitearch: %define python_sitearch %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib(1)")}
Summary: SELinux library and simple utilities
Name: libselinux
Version: 2.1.11
Release: 4%{?dist}
Version: 2.1.12
Release: 1%{?dist}
License: Public Domain
Group: System Environment/Libraries
Source: %{name}-%{version}.tgz
@ -185,6 +185,7 @@ rm -rf %{buildroot}
%{_libdir}/libselinux.so.*
/var/run/setrans
%{_sbindir}/matchpathcon
%{_sbindir}/sefcontext_compile
/usr/lib/tmpfiles.d/libselinux.conf
%files utils
@ -233,6 +234,40 @@ rm -rf %{buildroot}
%{ruby_sitearch}/selinux.so
%changelog
* Thu Sep 13 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.12-1
- Update to upstream
* Add support for lxc_contexts_path
* utils: add service to getdefaultcon
* libsemanage: do not set soname needlessly
* libsemanage: remove PYTHONLIBDIR and ruby equivalent
* boolean name equivalency
* getsebool: support boolean name substitution
* Add man page for new selinux_boolean_sub function.
* expose selinux_boolean_sub
* matchpathcon: add -m option to force file type check
* utils: avcstat: clear sa_mask set
* seusers: Check for strchr failure
* booleans: initialize pointer to silence coveriety
* stop messages when SELinux disabled
* label_file: use PCRE instead of glibc regex functions
* label_file: remove all typedefs
* label_file: move definitions to include file
* label_file: do string to mode_t conversion in a helper function
* label_file: move error reporting back into caller
* label_file: move stem/spec handling to header
* label_file: drop useless ncomp field from label_file data
* label_file: move spec_hasMetaChars to header
* label_file: fix potential read past buffer in spec_hasMetaChars
* label_file: move regex sorting to the header
* label_file: add accessors for the pcre extra data
* label_file: only run regex files one time
* label_file: new process_file function
* label_file: break up find_stem_from_spec
* label_file: struct reorg
* label_file: only run array once when sorting
* Ensure that we only close the selinux netlink socket once.
* improve the file_contexts.5 manual page
* Tue Jul 31 2012 Dan Walsh <dwalsh@redhat.com> - 2.1.11-4
- Ensure that we only close the selinux netlink socket once.
- Taken from our Android libselinux tree. From Stephen Smalley

343
libselinux_swig_with_raw.patch
View File

@ -1,343 +0,0 @@
Index: libselinux/src/selinuxswig.i
===================================================================
--- libselinux/src/selinuxswig.i (revision 2476)
+++ libselinux/src/selinuxswig.i (working copy)
@@ -1,7 +1,9 @@
-/* Author: Dan Walsh
+/* Authors: Dan Walsh
+ * James Athey
*
* Copyright (C) 2004-2005 Red Hat
- *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
@@ -17,170 +19,47 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
-
%module selinux
%{
#include "selinux/selinux.h"
- #include "selinux/get_context_list.h"
%}
-%apply int *OUTPUT { int * };
+%apply int *OUTPUT { int *enforce };
%apply int *OUTPUT { size_t * };
-%typemap(in, numinputs=0) security_context_t *(security_context_t temp=NULL) {
- $1 = &temp;
-}
-%typemap(argout) security_context_t * (char *temp=NULL) {
- if (*$1)
- temp = *$1;
- else
- temp = "";
- $result = SWIG_Python_AppendOutput($result, PyString_FromString(temp));
-}
+%typedef unsigned mode_t;
-%typemap(in) security_context_t {
- $1 = (security_context_t)PyString_AsString($input);
+%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
+ $1 = &temp1;
+ $2 = &temp2;
}
-%typedef unsigned mode_t;
-
-%include "../include/selinux/get_context_list.h"
-
-extern int is_selinux_enabled(void);
-extern int is_selinux_mls_enabled(void);
-extern void freecon(security_context_t con);
-extern void freeconary(security_context_t * con);
-extern int getcon(security_context_t *con);
-extern int setcon(security_context_t con);
-extern int getpidcon(int pid, security_context_t *con);
-extern int getprevcon(security_context_t *con);
-extern int getexeccon(security_context_t *con);
-extern int setexeccon(security_context_t con);
-extern int getfscreatecon(security_context_t *con);
-extern int setfscreatecon(security_context_t context);
-extern int getkeycreatecon(security_context_t *con);
-extern int setkeycreatecon(security_context_t context);
-extern int getsockcreatecon(security_context_t *con);
-extern int setsockcreatecon(security_context_t context);
-extern int getfilecon(const char *path, security_context_t *con);
-extern int lgetfilecon(const char *path, security_context_t *con);
-extern int fgetfilecon(int fd, security_context_t *con);
-extern int setfilecon(const char *path, security_context_t con);
-extern int lsetfilecon(const char *path, security_context_t con);
-extern int fsetfilecon(int fd, security_context_t con);
-extern int getpeercon(int fd, security_context_t *con);
-extern int selinux_mkload_policy(int preservebools);
-extern int selinux_init_load_policy(int *enforce);
-extern int security_set_boolean_list(size_t boolcnt,
- SELboolean *boollist,
- int permanent);
-extern int security_load_booleans(char *path);
-extern int security_check_context(security_context_t con);
-extern int security_canonicalize_context(security_context_t con,
- security_context_t *canoncon);
-extern int security_getenforce(void);
-extern int security_setenforce(int value);
-extern int security_policyvers(void);
-extern int security_get_boolean_names(char ***names, int *len);
-extern int security_get_boolean_pending(const char *name);
-extern int security_get_boolean_active(const char *name);
-extern int security_set_boolean(const char *name, int value);
-extern int security_commit_booleans(void);
-
-/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
-#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
-#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
-extern void set_matchpathcon_flags(unsigned int flags);
-extern int matchpathcon_init(const char *path);
-extern int matchpathcon(const char *path,
- mode_t mode,
- security_context_t *con);
-
-extern int matchpathcon_init_prefix(const char *path,
- const char *prefix);
-extern void matchpathcon_fini(void);
-
-
-extern int matchmediacon(const char *media,
- security_context_t *con);
-
-extern int selinux_getenforcemode(int *enforce);
-extern const char *selinux_policy_root(void);
-extern const char *selinux_binary_policy_path(void);
-extern const char *selinux_failsafe_context_path(void);
-extern const char *selinux_removable_context_path(void);
-extern const char *selinux_default_context_path(void);
-extern const char *selinux_user_contexts_path(void);
-extern const char *selinux_file_context_path(void);
-extern const char *selinux_file_context_homedir_path(void);
-extern const char *selinux_file_context_local_path(void);
-extern const char *selinux_homedir_context_path(void);
-extern const char *selinux_media_context_path(void);
-extern const char *selinux_contexts_path(void);
-extern const char *selinux_securetty_types_path(void);
-extern const char *selinux_booleans_path(void);
-extern const char *selinux_customizable_types_path(void);
-extern const char *selinux_users_path(void);
-extern const char *selinux_usersconf_path(void);
-extern const char *selinux_translations_path(void);
-extern const char *selinux_netfilter_context_path(void);
-extern const char *selinux_path(void);
-#extern int selinux_check_passwd_access(access_vector_t requested);
-#extern int checkPasswdAccess(access_vector_t requested);
-
-extern int selinux_check_securetty_context(security_context_t tty_context);
-void set_selinuxmnt(char *mnt);
-
-#ifdef SWIGpython
-// This tells SWIG to treat char ** as a special case
-%typemap(in) char ** {
- /* Check if is a list */
- if (PyList_Check($input)) {
- int size = PyList_Size($input);
- int i = 0;
- $1 = (char **) malloc((size+1)*sizeof(char *));
- if ($1 == NULL) {
- PyErr_SetString(PyExc_MemoryError,"Out of memory");
- return NULL;
- }
- for (i = 0; i < size; i++) {
- PyObject *o = PyList_GetItem($input,i);
- if (PyString_Check(o))
- $1[i] = PyString_AsString(PyList_GetItem($input,i));
- else {
- PyErr_SetString(PyExc_TypeError,"list must contain strings");
- free($1);
- return NULL;
- }
- }
- $1[i] = 0;
- } else {
- PyErr_SetString(PyExc_TypeError,"not a list");
- return NULL;
- }
+%typemap(freearg) (char ***names, int *len) {
+ int i;
+ if (*$1) {
+ for (i = 0; i < *$2; i++) {
+ free((*$1)[i]);
+ }
+ free(*$1);
+ }
}
-#endif
-extern int rpm_execcon(unsigned int verified,
- const char *filename,
- char **, char **);
-
-extern int is_context_customizable (security_context_t scontext);
-
-extern int selinux_trans_to_raw_context(char *trans,
- security_context_t *rawp);
-extern int selinux_raw_to_trans_context(char *raw,
- security_context_t *transp);
-
-%typemap(in, numinputs=0) char **(char *temp=NULL) {
+%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) {
$1 = &temp;
}
-%typemap(argout) char ** {
- $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1));
+%typemap(freearg) (security_context_t **) {
+ if (*$1) freeconary(*$1);
}
-extern int selinux_getpolicytype(char **enforce);
-extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
-int selinux_file_context_cmp(const security_context_t a, const security_context_t b);
-int selinux_file_context_verify(const char *path, mode_t mode);
-int selinux_lsetfilecon_default(const char *path);
+/* Ignore functions that don't make sense when wrapped */
+%ignore freecon;
+%ignore freeconary;
+
+/* Ignore functions that take a function pointer as an argument */
+%ignore set_matchpathcon_printf;
+%ignore set_matchpathcon_invalidcon;
+%ignore set_matchpathcon_canoncon;
+
+%include "../include/selinux/selinux.h"
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/get_context_list.h"
Index: libselinux/src/selinuxswig_python.i
===================================================================
--- libselinux/src/selinuxswig_python.i (revision 0)
+++ libselinux/src/selinuxswig_python.i (revision 0)
@@ -0,0 +1,101 @@
+/* Author: James Athey
+ *
+ * Copyright (C) 2007 Tresys Technology, LLC
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+%}
+
+/* security_get_boolean_names() typemap */
+%typemap(argout) (char ***names, int *len) {
+ PyObject* list = PyList_New(*$2);
+ int i;
+ for (i = 0; i < *$2; i++) {
+ PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
+ }
+ $result = SWIG_Python_AppendOutput($result, list);
+}
+
+/* Makes security_compute_user() return a Python list of contexts */
+%typemap(argout) (security_context_t **con) {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*$1) {
+ while((*$1)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ $result = SWIG_Python_AppendOutput($result, plist);
+}
+
+/* Makes functions in get_context_list.h return a Python list of contexts */
+%typemap(argout) (security_context_t **list) {
+ PyObject* plist;
+ int i;
+
+ if (*$1) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ $result = plist;
+}
+
+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") security_context_t * "";
+%typemap(argout,noblock=1) security_context_t * {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") char ** "";
+%typemap(argout,noblock=1) char ** {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ free(*$1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%include "selinuxswig.i"
--- libselinux-2.0.21/src/fsetfilecon.c~ 2007-06-11 14:39:07.000000000 -0400
+++ libselinux-2.0.21/src/fsetfilecon.c 2007-06-19 14:52:40.000000000 -0400
@@ -13,7 +13,7 @@ int fsetfilecon_raw(int fd, security_con
0);
}
-hidden_def(setfilecon_raw)
+hidden_def(fsetfilecon_raw)
int fsetfilecon(int fd, security_context_t context)
{
--- libselinux-2.0.21/src/Makefile~ 2007-06-11 14:39:07.000000000 -0400
+++ libselinux-2.0.21/src/Makefile 2007-06-19 15:49:43.000000000 -0400
@@ -12,7 +12,7 @@ LIBVERSION = 1
LIBA=libselinux.a
TARGET=libselinux.so
-SWIGIF= selinuxswig.i
+SWIGIF= selinuxswig_python.i
SWIGCOUT= selinuxswig_wrap.c
SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
SWIGSO=_selinux.so

2
sources
View File

@ -1 +1 @@
34ba81b68ddf832a0a4272fe889050dc libselinux-2.1.11.tgz
71a3a6ade9be8b31567fa9437e00698d libselinux-2.1.12.tgz