rpms
/
libselinux
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Add audit2why python bindings

This commit is contained in:
Daniel J Walsh 2008-01-10 19:01:20 +00:00
parent d189708d7a
commit 831e63b413
2 changed files with 561 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

617
libselinux-rhat.patch
View File

@ -1,6 +1,6 @@
diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permissions.h libselinux-2.0.46/include/selinux/av_permissions.h
--- nsalibselinux/include/selinux/av_permissions.h 2007-11-15 15:52:46.000000000 -0500
+++ libselinux-2.0.46/include/selinux/av_permissions.h 2008-01-03 15:23:31.000000000 -0500
+++ libselinux-2.0.46/include/selinux/av_permissions.h 2008-01-10 13:25:57.000000000 -0500
@@ -900,6 +900,8 @@
#define PACKET__SEND 0x00000001UL
#define PACKET__RECV 0x00000002UL
@ -10,10 +10,515 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/av_permission
#define KEY__VIEW 0x00000001UL
#define KEY__READ 0x00000002UL
#define KEY__WRITE 0x00000004UL
diff --exclude-from=exclude -N -u -r nsalibselinux/src/audit2why.c libselinux-2.0.46/src/audit2why.c
--- nsalibselinux/src/audit2why.c 1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.46/src/audit2why.c 2008-01-10 13:31:17.000000000 -0500
@@ -0,0 +1,462 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <sepol/sepol.h>
+#include <sepol/policydb/services.h>
+#include <Python.h>
+#include <selinux/selinux.h>
+
+#define UNKNOWN -1
+#define BADSCON -2
+#define BADTCON -3
+#define BADTCLASS -4
+#define BADPERM -5
+#define BADCOMPUTE -6
+#define NOPOLICY -7
+#define ALLOW 0
+#define DONTAUDIT 1
+#define TERULE 2
+#define BOOLEAN 3
+#define CONSTRAINT 4
+#define RBAC 5
+
+struct boolean_t {
+ char *name;
+ int active;
+};
+
+static struct boolean_t **boollist = NULL;
+static int boolcnt = 0;
+
+struct avc_t {
+ sepol_handle_t *handle;
+ policydb_t policydb;
+ sepol_security_id_t ssid;
+ sepol_security_id_t tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t av;
+};
+
+static struct avc_t *avc = NULL;
+
+static sidtab_t sidtab;
+
+static int load_booleans(const sepol_bool_t * boolean,
+ void *arg __attribute__ ((__unused__)))
+{
+ boollist[boolcnt] =
+ (struct boolean_t *)malloc(sizeof(struct boolean_t));
+ boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean));
+ boollist[boolcnt]->active = sepol_bool_get_value(boolean);
+ boolcnt++;
+ return 0;
+}
+
+static int check_booleans(struct avc_t *avc, struct boolean_t ***bools)
+{
+ char errormsg[PATH_MAX];
+ struct sepol_av_decision avd;
+ unsigned int reason;
+ int rc;
+ int i;
+ sepol_bool_key_t *key = NULL;
+ sepol_bool_t *boolean = NULL;
+ int fcnt = 0;
+ int *foundlist = calloc(boolcnt, sizeof(int));
+ if (!foundlist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return fcnt;
+ }
+ for (i = 0; i < boolcnt; i++) {
+ char *name = boollist[i]->name;
+ int active = boollist[i]->active;
+ rc = sepol_bool_key_create(avc->handle, name, &key);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError,
+ "Could not create boolean key.\n");
+ break;
+ }
+ rc = sepol_bool_query(avc->handle,
+ (sepol_policydb_t *) & avc->policydb,
+ key, &boolean);
+
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not find boolean %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ sepol_bool_set_value(boolean, !active);
+
+ rc = sepol_bool_set(avc->handle,
+ (sepol_policydb_t *) & avc->policydb,
+ key, boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(avc->ssid, avc->tsid, avc->tclass,
+ avc->av, &avd, &reason);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Error during access vector computation, skipping...");
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+
+ sepol_bool_free(boolean);
+ break;
+ } else {
+ if (!reason) {
+ foundlist[fcnt] = i;
+ fcnt++;
+ }
+ sepol_bool_set_value((sepol_bool_t *) boolean, active);
+ rc = sepol_bool_set(avc->handle,
+ (sepol_policydb_t *) & avc->
+ policydb, key,
+ (sepol_bool_t *) boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n",
+ name);
+
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+ }
+ sepol_bool_free(boolean);
+ sepol_bool_key_free(key);
+ key = NULL;
+ boolean = NULL;
+ }
+ if (key)
+ sepol_bool_key_free(key);
+
+ if (boolean)
+ sepol_bool_free(boolean);
+
+ if (fcnt > 0) {
+ *bools = (struct boolean_t **)
+ calloc(sizeof(struct boolean_t), fcnt + 1);
+ struct boolean_t *b = (struct boolean_t *) *bools;
+ for (i = 0; i < fcnt; i++) {
+ int ctr = foundlist[i];
+ b[i].name = strdup(boollist[ctr]->name);
+ b[i].active = !boollist[ctr]->active;
+ }
+ }
+ free(foundlist);
+ return fcnt;
+}
+
+static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args) {
+ PyObject *result = 0;
+
+ if (PyArg_ParseTuple(args,(char *)":finish")) {
+ int i = 0;
+ for (i = 0; i < boolcnt; i++) {
+ free(boollist[i]->name);
+ free(boollist[i]);
+ }
+ free(boollist);
+ sepol_sidtab_shutdown(&sidtab);
+ sepol_sidtab_destroy(&sidtab);
+ policydb_destroy(&avc->policydb);
+ sepol_handle_destroy(avc->handle);
+ free(avc);
+ avc = NULL;
+ boollist = NULL;
+ boolcnt = 0;
+
+ /* Boilerplate to return "None" */
+ Py_RETURN_NONE;
+ }
+ return result;
+}
+
+
+static int __policy_init(const char *init_path)
+{
+ FILE *fp;
+ int vers = 0;
+ char path[PATH_MAX];
+ char errormsg[PATH_MAX];
+ struct policy_file pf;
+ int rc;
+ unsigned int cnt;
+
+ if (init_path) {
+ strncpy(path, init_path, PATH_MAX);
+ fp = fopen(path, "r");
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s: %s\n",
+ path, strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 0; // trigger exception
+ }
+ } else {
+ vers = security_policyvers();
+ if (vers < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not get policy version: %s\n",
+ strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ while (!fp && errno == ENOENT && --vers) {
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ }
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s.%d: %s\n",
+ selinux_binary_policy_path(),
+ security_policyvers(), strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ }
+
+ avc = calloc(sizeof(struct avc_t), 1);
+ if (!avc) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ /* Set up a policydb directly so that we can mutate it later
+ for booleans and user settings. Otherwise we would just use
+ sepol_set_policydb_from_file() here. */
+ pf.fp = fp;
+ pf.type = PF_USE_STDIO;
+ if (policydb_init(&avc->policydb)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "policydb_init failed: %s\n", strerror(errno));
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ if (policydb_read(&avc->policydb, &pf, 0)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "invalid binary policy %s\n", path);
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ fclose(fp);
+ sepol_set_policydb(&avc->policydb);
+ if (!init_path) {
+ /* If they didn't specify a full path of a binary policy file,
+ then also try loading any boolean settings and user
+ definitions from the active locations. Otherwise,
+ they can use genpolbools and genpolusers to build a
+ binary policy file that includes any desired settings
+ and then apply audit2why -p to the resulting file.
+ Errors are non-fatal as such settings are optional. */
+ sepol_debug(0);
+ (void)sepol_genbools_policydb(&avc->policydb,
+ selinux_booleans_path());
+ (void)sepol_genusers_policydb(&avc->policydb,
+ selinux_users_path());
+ }
+ avc->handle = sepol_handle_create();
+
+ rc = sepol_bool_count(avc->handle,
+ (sepol_policydb_t *) & avc->policydb, &cnt);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
+ return 1;
+ }
+
+ boollist = calloc(cnt, sizeof(struct boolean_t));
+ if (!boollist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ sepol_bool_iterate(avc->handle,
+ (const sepol_policydb_t *)&avc->policydb,
+ load_booleans, (void *)NULL);
+
+ /* Initialize the sidtab for subsequent use by sepol_context_to_sid
+ and sepol_compute_av_reason. */
+ rc = sepol_sidtab_init(&sidtab);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n");
+ free(boollist);
+ return 1;
+ }
+ sepol_set_sidtab(&sidtab);
+ return 0;
+}
+
+static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
+ int result;
+ char *init_path=NULL;
+ if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
+ result = __policy_init(init_path);
+ return Py_BuildValue("i", result);
+}
+
+#define RETURN(X) \
+ PyList_SetItem(result, 0, Py_BuildValue("i", X)); \
+ return result;
+
+static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) {
+ security_context_t scon;
+ security_context_t tcon;
+ char *tclassstr;
+ PyObject *listObj;
+ PyObject *strObj;
+ int numlines;
+ struct boolean_t **bools;
+ unsigned int reason;
+ sepol_security_id_t ssid, tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t perm, av;
+ struct sepol_av_decision avd;
+ int rc;
+ int i=0;
+ PyObject *result = PyList_New(2);
+ if (!result) return NULL;
+ Py_INCREF(Py_None);
+ PyList_SetItem(result, 1, Py_None);
+
+ if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))
+ return NULL;
+
+ /* get the number of lines passed to us */
+ numlines = PyList_Size(listObj);
+
+ /* should raise an error here. */
+ if (numlines < 0) return NULL; /* Not a list */
+
+ if (!avc) {
+ RETURN(NOPOLICY)
+ }
+
+ rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
+ if (rc < 0) {
+ RETURN(BADSCON)
+ }
+ rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
+ if (rc < 0) {
+ RETURN(BADTCON)
+ }
+ tclass = string_to_security_class(tclassstr);
+ if (!tclass) {
+ RETURN(BADTCLASS)
+ }
+ /* Convert the permission list to an AV. */
+ av = 0;
+
+ /* iterate over items of the list, grabbing strings, and parsing
+ for numbers */
+ for (i=0; i<numlines; i++){
+ char *permstr;
+
+ /* grab the string object from the next element of the list */
+ strObj = PyList_GetItem(listObj, i); /* Can't fail */
+
+ /* make it a string */
+ permstr = PyString_AsString( strObj );
+
+ perm = string_to_av_perm(tclass, permstr);
+ if (!perm) {
+ RETURN(BADPERM)
+ }
+ av |= perm;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason);
+ if (rc < 0) {
+ RETURN(BADCOMPUTE)
+ }
+
+ if (!reason) {
+ RETURN(ALLOW)
+ }
+ if (reason & SEPOL_COMPUTEAV_TE) {
+ avc->ssid = ssid;
+ avc->tsid = tsid;
+ avc->tclass = tclass;
+ avc->av = av;
+ if (check_booleans(avc, &bools) == 0) {
+ if (av & ~avd.auditdeny) {
+ RETURN(DONTAUDIT)
+ } else {
+ RETURN(TERULE)
+ }
+ } else {
+ PyList_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
+ struct boolean_t *b=(struct boolean_t *) bools;
+ int len=0;
+ while (b->name) {
+ len++; b++;
+ }
+ b = (struct boolean_t *) bools;
+ PyObject *boollist = PyList_New(len);
+ len=0;
+ while(b->name) {
+ PyObject *bool = PyList_New(2);
+ PyList_SetItem(bool, 0, PyString_FromString(b->name));
+ PyList_SetItem(bool, 1, Py_BuildValue("i", b->active));
+ PyList_SetItem(boollist, len++, bool);
+ b++;
+ }
+ free(bools);
+ PyList_SetItem(result, 1, boollist);
+ return result;
+ }
+ }
+
+ if (reason & SEPOL_COMPUTEAV_CONS) {
+ RETURN(CONSTRAINT);
+ }
+
+ if (reason & SEPOL_COMPUTEAV_RBAC) {
+ RETURN(RBAC)
+ }
+ RETURN(BADCOMPUTE)
+}
+
+static PyMethodDef audit2whyMethods[] = {
+ {"init", init, METH_VARARGS,
+ "Initialize policy database."},
+ {"analyze", analyze, METH_VARARGS,
+ "Analyze AVC."},
+ {"finish", finish, METH_VARARGS,
+ "Finish using policy, free memory."},
+ {NULL, NULL, 0, NULL} /* Sentinel */
+};
+
+PyMODINIT_FUNC
+initaudit2why(void)
+{
+ PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
+ PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
+ PyModule_AddIntConstant(m,"BADSCON", BADSCON);
+ PyModule_AddIntConstant(m,"BADTCON", BADTCON);
+ PyModule_AddIntConstant(m,"BADTCLASS", BADTCLASS);
+ PyModule_AddIntConstant(m,"BADPERM", BADPERM);
+ PyModule_AddIntConstant(m,"BADCOMPUTE", BADCOMPUTE);
+ PyModule_AddIntConstant(m,"NOPOLICY", NOPOLICY);
+ PyModule_AddIntConstant(m,"ALLOW", ALLOW);
+ PyModule_AddIntConstant(m,"DONTAUDIT", DONTAUDIT);
+ PyModule_AddIntConstant(m,"TERULE", TERULE);
+ PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
+ PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
+ PyModule_AddIntConstant(m,"RBAC", RBAC);
+}
diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.46/src/Makefile
--- nsalibselinux/src/Makefile 2007-09-26 19:37:45.000000000 -0400
+++ libselinux-2.0.46/src/Makefile 2008-01-05 08:19:27.000000000 -0500
@@ -77,14 +77,14 @@
+++ libselinux-2.0.46/src/Makefile 2008-01-10 13:25:57.000000000 -0500
@@ -18,6 +18,7 @@
SWIGSO=_selinux.so
SWIGFILES=$(SWIGSO) selinux.py
LIBSO=$(TARGET).$(LIBVERSION)
+AUDIT2WHYSO=audit2why.so
ifeq ($(DISABLE_AVC),y)
UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
@@ -28,7 +29,7 @@
ifeq ($(DISABLE_RPM),y)
UNUSED_SRCS+=rpm.c
endif
-SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out $(SWIGCOUT),$(wildcard *.c)))
+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(SWIGCOUT),$(wildcard *.c)))
OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS))
@@ -47,7 +48,7 @@
all: $(LIBA) $(LIBSO)
-pywrap: all $(SWIGSO)
+pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
$(LIBA): $(OBJS)
$(AR) rcs $@ $^
@@ -63,6 +64,12 @@
$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
ln -sf $@ $(TARGET)
+audit2why.lo: audit2why.c
+ $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(AUDIT2WHYSO): audit2why.lo
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
@@ -77,20 +84,21 @@
install: all
test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
@ -23,16 +528,25 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/Makefile libselinux-2.0.4
cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
install-pywrap: pywrap
test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
- test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages
- install -m 755 $(SWIGFILES) $(PYTHONLIBDIR)/site-packages
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages
+ install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages
+ test -d $(PYTHONLIBDIR)/site-packages || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init_.py
relabel:
/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
clean:
- -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET)
+ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
distclean: clean
rm -f $(SWIGCOUT) $(SWIGFILES)
diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux-2.0.46/src/matchpathcon.c
--- nsalibselinux/src/matchpathcon.c 2007-09-28 09:48:58.000000000 -0400
+++ libselinux-2.0.46/src/matchpathcon.c 2008-01-03 15:23:32.000000000 -0500
+++ libselinux-2.0.46/src/matchpathcon.c 2008-01-10 13:25:57.000000000 -0500
@@ -2,6 +2,7 @@
#include <string.h>
#include <errno.h>
@ -52,7 +566,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/matchpathcon.c libselinux
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0.46/src/selinux.py
--- nsalibselinux/src/selinux.py 2007-10-05 13:09:54.000000000 -0400
+++ libselinux-2.0.46/src/selinux.py 2008-01-08 05:00:39.000000000 -0500
+++ libselinux-2.0.46/src/selinux.py 2008-01-10 13:26:25.000000000 -0500
@@ -1,5 +1,5 @@
# This file was automatically generated by SWIG (http://www.swig.org).
-# Version 1.3.31
@ -60,21 +574,29 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-2.0
#
# Don't modify this file, modify the SWIG interface instead.
# This file is compatible with both classic and new-style classes.
Binary files nsalibselinux/src/selinux.pyc and libselinux-2.0.46/src/selinux.pyc differ
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-2.0.46/src/selinuxswig.i
--- nsalibselinux/src/selinuxswig.i 2007-10-01 09:54:35.000000000 -0400
+++ libselinux-2.0.46/src/selinuxswig.i 2008-01-08 05:00:22.000000000 -0500
@@ -10,6 +10,7 @@
+++ libselinux-2.0.46/src/selinuxswig.i 2008-01-10 13:25:57.000000000 -0500
@@ -5,11 +5,16 @@
%module selinux
%{
#include "selinux/selinux.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
%}
%apply int *OUTPUT { int *enforce };
%apply int *OUTPUT { size_t * };
%typedef unsigned mode_t;
+%typedef unsigned pid_t;
+%typedef char * security_contextx_t;
%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
$1 = &temp1;
diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-2.0.46/src/selinuxswig_wrap.c
--- nsalibselinux/src/selinuxswig_wrap.c 2007-10-05 13:09:54.000000000 -0400
+++ libselinux-2.0.46/src/selinuxswig_wrap.c 2008-01-08 05:00:39.000000000 -0500
+++ libselinux-2.0.46/src/selinuxswig_wrap.c 2008-01-10 13:26:25.000000000 -0500
@@ -1,6 +1,6 @@
/* ----------------------------------------------------------------------------
* This file was automatically generated by SWIG (http://www.swig.org).
@ -208,7 +730,17 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
#define SWIG_VERSION SWIGVERSION
@@ -2577,14 +2584,12 @@
@@ -2496,6 +2503,9 @@
#include "selinux/selinux.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
#define SWIG_From_long PyInt_FromLong
@@ -2577,14 +2587,12 @@
#include <limits.h>
@ -229,7 +761,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
#endif
@@ -2669,13 +2674,18 @@
@@ -2669,13 +2677,18 @@
SWIGINTERN int
@ -252,7 +784,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_OK;
@@ -2686,7 +2696,7 @@
@@ -2686,7 +2699,7 @@
#ifdef SWIG_PYTHON_CAST_MODE
{
int dispatch = 0;
@ -261,7 +793,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_AddCast(SWIG_OK);
@@ -2696,8 +2706,8 @@
@@ -2696,8 +2709,8 @@
if (!dispatch) {
double d;
int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
@ -272,7 +804,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
return res;
}
}
@@ -2708,15 +2718,15 @@
@@ -2708,15 +2721,15 @@
SWIGINTERN int
@ -293,7 +825,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
}
}
return res;
@@ -2724,18 +2734,13 @@
@@ -2724,18 +2737,13 @@
SWIGINTERN int
@ -316,7 +848,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_OK;
@@ -2746,7 +2751,7 @@
@@ -2746,7 +2754,7 @@
#ifdef SWIG_PYTHON_CAST_MODE
{
int dispatch = 0;
@ -325,7 +857,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
if (!PyErr_Occurred()) {
if (val) *val = v;
return SWIG_AddCast(SWIG_OK);
@@ -2756,8 +2761,8 @@
@@ -2756,8 +2764,8 @@
if (!dispatch) {
double d;
int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
@ -336,7 +868,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
return res;
}
}
@@ -2768,15 +2773,15 @@
@@ -2768,15 +2776,15 @@
SWIGINTERN int
@ -357,7 +889,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
}
}
return res;
@@ -2986,24 +2991,18 @@
@@ -2986,24 +2994,18 @@
pid_t arg1 ;
security_context_t *arg2 = (security_context_t *) 0 ;
int result;
@ -389,7 +921,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
result = (int)getpidcon(arg1,arg2);
resultobj = SWIG_From_int((int)(result));
if (*arg2) {
@@ -3025,24 +3024,18 @@
@@ -3025,24 +3027,18 @@
pid_t arg1 ;
security_context_t *arg2 = (security_context_t *) 0 ;
int result;
@ -421,7 +953,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
result = (int)getpidcon_raw(arg1,arg2);
resultobj = SWIG_From_int((int)(result));
if (*arg2) {
@@ -8149,7 +8142,7 @@
@@ -8149,7 +8145,7 @@
/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
static swig_type_info _swigt__p_SELboolean = {"_p_SELboolean", "SELboolean *", 0, 0, (void*)0, 0};
@ -430,7 +962,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_int_p_q_const__char_v_______int = {"_p_f_int_p_q_const__char_v_______int", "int (*)(int,char const *,...)", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_f_p_p_char__int = {"_p_f_p_p_char__int", "int (*)(char **)|int (*)(security_context_t *)", 0, 0, (void*)0, 0};
@@ -8158,12 +8151,11 @@
@@ -8158,12 +8154,11 @@
static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **|security_context_t *", 0, 0, (void*)0, 0};
static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***|security_context_t **", 0, 0, (void*)0, 0};
@ -448,7 +980,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
static swig_type_info *swig_type_initial[] = {
&_swigt__p_SELboolean,
@@ -8176,7 +8168,6 @@
@@ -8176,7 +8171,6 @@
&_swigt__p_int,
&_swigt__p_p_char,
&_swigt__p_p_p_char,
@ -456,7 +988,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
&_swigt__p_security_class_mapping,
&_swigt__p_selinux_callback,
&_swigt__p_selinux_opt,
@@ -8194,7 +8185,6 @@
@@ -8194,7 +8188,6 @@
static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_p_char[] = { {&_swigt__p_p_char, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_p_p_char[] = { {&_swigt__p_p_p_char, 0, 0, 0},{0, 0, 0, 0}};
@ -464,7 +996,7 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
static swig_cast_info _swigc__p_security_class_mapping[] = { {&_swigt__p_security_class_mapping, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_selinux_callback[] = { {&_swigt__p_selinux_callback, 0, 0, 0},{0, 0, 0, 0}};
static swig_cast_info _swigc__p_selinux_opt[] = { {&_swigt__p_selinux_opt, 0, 0, 0},{0, 0, 0, 0}};
@@ -8212,7 +8202,6 @@
@@ -8212,7 +8205,6 @@
_swigc__p_int,
_swigc__p_p_char,
_swigc__p_p_p_char,
@ -472,32 +1004,3 @@ diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libsel
_swigc__p_security_class_mapping,
_swigc__p_selinux_callback,
_swigc__p_selinux_opt,
diff --exclude-from=exclude -N -u -r nsalibselinux/utils/matchpathcon.c libselinux-2.0.46/utils/matchpathcon.c
--- nsalibselinux/utils/matchpathcon.c 2007-07-16 14:20:45.000000000 -0400
+++ libselinux-2.0.46/utils/matchpathcon.c 2008-01-03 15:23:32.000000000 -0500
@@ -17,10 +17,24 @@
exit(1);
}
+static void
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 1, 2)))
+#endif
+ myprintf(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+}
+
int printmatchpathcon(char *path, int header, int mode)
{
char *buf;
- int rc = matchpathcon(path, mode, &buf);
+ int rc;
+ set_matchpathcon_printf(myprintf);
+ rc = matchpathcon(path, mode, &buf);
if (rc < 0) {
fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
strerror(errno));

3
libselinux.spec
View File

@ -9,7 +9,7 @@ Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
Patch: libselinux-rhat.patch
URL: http://www.nsa.gov/selinux
BuildRequires: libsepol-devel >= %{libsepolver} swig
BuildRequires: python-devel libsepol-devel >= %{libsepolver} swig
Requires: libsepol >= %{libsepolver}
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -32,7 +32,6 @@ decisions. Required for any applications that use the SELinux API.
Summary: SELinux python bindings for libselinux
Group: Development/Libraries
Requires: libselinux = %{version}-%{release}
BuildRequires: python-devel libsepol-devel >= %{libsepolver}
%description python
The libselinux-python package contains the python bindings for developing