Menu
▾
▴
selinux-commits — Commits to the subversion repo
You can subscribe to this list here.
| 2006 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
(24) |
Sep
(38) |
Oct
(29) |
Nov
(40) |
Dec
(4) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2007 |
Jan
(88) |
Feb
(66) |
Mar
(44) |
Apr
(104) |
May
(35) |
Jun
(34) |
Jul
(12) |
Aug
(42) |
Sep
(84) |
Oct
(34) |
Nov
(30) |
Dec
(22) |
| 2008 |
Jan
(60) |
Feb
(54) |
Mar
(32) |
Apr
(14) |
May
(16) |
Jun
(26) |
Jul
(22) |
Aug
(12) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: <ssm...@us...> - 2008-07-18 14:01:12
|
Revision: 2925
http://selinux.svn.sourceforge.net/selinux/?rev=2925&view=rev
Author: ssmalley
Date: 2008-07-18 14:01:08 +0000 (Fri, 18 Jul 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Patch for libselinux man page submitted by Karel Zack
Date: Sun, 29 Jun 2008 08:33:30 -0400
Submitted in bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=452868
Modified Paths:
--------------
trunk/libselinux/man/man3/freecon.3
Modified: trunk/libselinux/man/man3/freecon.3
===================================================================
--- trunk/libselinux/man/man3/freecon.3 2008-07-07 17:04:48 UTC (rev 2924)
+++ trunk/libselinux/man/man3/freecon.3 2008-07-18 14:01:08 UTC (rev 2925)
@@ -15,6 +15,11 @@
.B freeconary
frees the memory allocated for a context array.
+If
+.I con
+is NULL, no operation is performed.
+
+
.SH "SEE ALSO"
.BR selinux "(8)"
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-07 17:04:50
|
Revision: 2924
http://selinux.svn.sourceforge.net/selinux/?rev=2924&view=rev
Author: madmethod
Date: 2008-07-07 10:04:48 -0700 (Mon, 07 Jul 2008)
Log Message:
-----------
updated libsepol to version 2.0.32
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-07-07 17:03:20 UTC (rev 2923)
+++ trunk/libsepol/ChangeLog 2008-07-07 17:04:48 UTC (rev 2924)
@@ -1,3 +1,6 @@
+2.0.32 2008-07-07
+ * Allow require then declare in the source policy from Joshua Brindle.
+
2.0.31 2008-06-13
* Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-07-07 17:03:20 UTC (rev 2923)
+++ trunk/libsepol/VERSION 2008-07-07 17:04:48 UTC (rev 2924)
@@ -1 +1 @@
-2.0.31
+2.0.32
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-07 17:03:25
|
Revision: 2923
http://selinux.svn.sourceforge.net/selinux/?rev=2923&view=rev
Author: madmethod
Date: 2008-07-07 10:03:20 -0700 (Mon, 07 Jul 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: Trying to get XAce policy straightened out but our tool chain is too broken to handle it.
Date: Thu, 03 Jul 2008 12:12:57 -0400
On Thu, 2008-07-03 at 11:18 -0400, Joshua Brindle wrote:
> Joshua Brindle wrote:
> > Stephen Smalley wrote:
> >> On Wed, 2008-06-25 at 14:28 -0400, Eamon Walsh wrote:
> >>> Christopher J. PeBenito wrote:
> >>>> On Mon, 2008-06-23 at 07:17 -0400, Daniel J Walsh wrote:
> >>>>
> >>>>> Stephen Smalley wrote:
> >>>>>
> >>>>>> On Thu, 2008-06-05 at 11:11 -0400, Daniel J Walsh wrote:
> >>>>>>
> >>>>
> >>>>>>> The problem I have is the compiler is too stupid to understand the
> >>>>>>> differences between a gen_requires block defining the required types and
> >>>>>>> the actual type definition.
> >>>>>>>
> >>>>>>> So I end up in a catch 22 where the compiler tells me I need to require
> >>>>>>> $1_rootwindow_t, but if I gen_require type $1_rootwindow_t, it tells me
> >>>>>>> I have a duplicate definition.
> >>>>>>>
> >>>>>>> So if you have a derived type in a gen_requires block the compiler can
> >>>>>>> not handle it.
> >>>>>>>
> >>>>>> I'm a little unclear as to why this is required (why do you need to
> >>>>>> require and declare the same symbol again?). However, is there some
> >>>>>> reason we can't just automatically promote a require to a declaration
> >>>>>> upon encountering the latter? Seems like we've talked about this
> >>>>>> before. Not sure whether that should happen within libsepol
> >>>>>> symtab_insert() or in the callers, e.g. declare_type().
> >>>>>>
> >>>>>>
> >>>>> I don't know, All I know is the compiler complains if it is there and
> >>>>> if it is not there. Catch 22. I end up going to great lengths to hack
> >>>>> around compiler errors...
> >>>>>
> >>>> We add requires to templates, so that if they're used outside xserver,
> >>>> the caller gets the appropriate require. But then we also use the
> >>>> template inside xserver for code reuse, which is where the problem
> >>>> creeps up. There are a couple other examples of this in refpolicy, but
> >>>> I was able to work around them by reordering statements. It sounds like
> >>>> Dan's situation may not be something that can be easily worked around
> >>>> without some restructuring
> >>> I opened a ticket in the refpolicy Trac for this:
> >>> http://oss.tresys.com/projects/refpolicy/ticket/43
> >> Ok - although I was thinking that this would be fixed by changing
> >> checkpolicy/libsepol to promote requires to decls upon encountering a
> >> decl. Joshua?
> >>
> >
> > I believe this fixes it but I'm still testing for corner cases and such. The require and declare still have to be in the same scope, eg:
> >
> > optional {
> > require {
> > type foo;
> > }
> > type bar;
> > }
> >
> > require {
> > type bar;
> > }
> >
> > does not work but the standard use case of:
> >
> > require {
> > type foo;
> > }
> >
> > type foo;
> >
> > does work.
> >
>
> I've done some more testing and think this patch is correct, if noone
> has objections I'll merge it in later today.
Acked-by: Stephen Smalley <sd...@ty...>
Merge at will.
Modified Paths:
--------------
trunk/libsepol/src/policydb.c
Modified: trunk/libsepol/src/policydb.c
===================================================================
--- trunk/libsepol/src/policydb.c 2008-07-02 19:53:39 UTC (rev 2922)
+++ trunk/libsepol/src/policydb.c 2008-07-07 17:03:20 UTC (rev 2923)
@@ -1215,21 +1215,13 @@
/* FIX ME - the failures after the hashtab_insert will leave
* the policy in a inconsistent state. */
rc = hashtab_insert(pol->symtab[sym].table, key, datum);
- if (rc == 0) {
+ if (rc == SEPOL_OK) {
/* if no value is passed in the symbol is not primary
* (i.e. aliases) */
if (value)
*value = ++pol->symtab[sym].nprim;
- } else if (rc == SEPOL_EEXIST && scope == SCOPE_REQ) {
+ } else if (rc == SEPOL_EEXIST) {
retval = 1; /* symbol not added -- need to free() later */
- } else if (rc == SEPOL_EEXIST && scope == SCOPE_DECL) {
- if (sym == SYM_ROLES || sym == SYM_USERS) {
- /* allow multiple declarations for these two */
- retval = 1;
- } else {
- /* duplicate declarations not allowed for all else */
- return -2;
- }
} else {
return rc;
}
@@ -1256,21 +1248,15 @@
free(scope_datum);
return rc;
}
- } else if (scope_datum->scope == SCOPE_DECL) {
+ } else if (scope_datum->scope == SCOPE_DECL && scope == SCOPE_DECL) {
/* disallow multiple declarations for non-roles/users */
if (sym != SYM_ROLES && sym != SYM_USERS) {
return -2;
}
} else if (scope_datum->scope == SCOPE_REQ && scope == SCOPE_DECL) {
- /* appending to required symbol only allowed for roles/users */
- if (sym == SYM_ROLES || sym == SYM_USERS) {
- scope_datum->scope = SCOPE_DECL;
- } else {
- return -2;
- }
-
+ scope_datum->scope = SCOPE_DECL;
} else if (scope_datum->scope != scope) {
- /* scope does not match */
+ /* This only happens in DECL then REQUIRE case, which is handled by caller */
return -2;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-02 19:53:40
|
Revision: 2922
http://selinux.svn.sourceforge.net/selinux/?rev=2922&view=rev
Author: madmethod
Date: 2008-07-02 12:53:39 -0700 (Wed, 02 Jul 2008)
Log Message:
-----------
revision bump
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-07-02 19:52:51 UTC (rev 2921)
+++ trunk/policycoreutils/ChangeLog 2008-07-02 19:53:39 UTC (rev 2922)
@@ -1,3 +1,6 @@
+2.0.52 2008-07-02
+ * Add permissive domain capability to semanage from Dan Walsh.
+
2.0.51 2008-06-28
* Add onboot option to fixfiles from Dan Walsh.
* Change restorecon.init to not run on boot by default from Dan Walsh.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-07-02 19:52:51 UTC (rev 2921)
+++ trunk/policycoreutils/VERSION 2008-07-02 19:53:39 UTC (rev 2922)
@@ -1 +1 @@
-2.0.51
+2.0.52
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-02 19:52:53
|
Revision: 2921
http://selinux.svn.sourceforge.net/selinux/?rev=2921&view=rev
Author: madmethod
Date: 2008-07-02 12:52:51 -0700 (Wed, 02 Jul 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: Re: This patch adds permissive to semanage
Date: Wed, 02 Jul 2008 15:25:23 -0400
> >>>>>>>>> Gives users the ability to set a domain as permissive
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>>>> semanage permissive -a http_t
> >>>>>>>>>
> >>>>>>>>> It created a policy module named permissive_httpd_t.pp with the
> >>>>>>>>> permissive call.
> >>>>>>>>>
> >>>>>>>> So, a really quick glance brings up a couple issues. First you have '-n', '--noheading' which aren't documented in the man page or elsewhere. Second (and more importantly) why are you executing semodule like that? libsemanage is the library that manages modules, and also the library used by semanage for everything else.
> >>>>>>>>
> >>>>>>>> I would prefer a more 'pure' approach where we keep a list of
> >>>>>>>> permissive types and inject them into the kernel policy after linking
> >>>>>>>> (like libsemanage does with users, ports, nodes, etc) but I understand
> >>>>>>>> that adding a whole new set of databases and interfaces is both
> >>>>>>>> annoying and time consuming so I'm fine with it working on modules,
> >>>>>>>> I'd just like to see it using libsemanage interfaces instead of
> >>>>>>>> calling semodule.
> >>>>>>> Why do you see direct use of the libsemanage interfaces as preferable to
> >>>>>>> invoking semodule (aside from performance, and this isn't really
> >>>>>>> performance critical)?
> >>>>>>>
> >>>>>>> I'm unclear on the tradeoff being made there, as composing small
> >>>>>>> programs together to perform more complex operation is the Unix (tm)
> >>>>>>> way ;)
> >>>>>>>
> >>>>>>> The advantage of just invoking semodule is that semodule is already a
> >>>>>>> well-tested program that performs that function well, does proper error
> >>>>>>> checking and handling of the various libsemanage calls, etc. And if we
> >>>>>>> later fix a bug or introduce new functionality there, we only have to do
> >>>>>>> it once vs. in multiple places.
> >>>>>>>
> >>>>>>> And the semanage permissive code already has to invoke a helper program
> >>>>>>> to compile the policy module from source to binary, at least today, so
> >>>>>>> it isn't much different to invoke semodule to install the binary module.
> >>>>>>>
> >>>>>>> Then there is the issue of being able to run the semodule stage of
> >>>>>>> processing in a separate domain, although at present semanage and
> >>>>>>> semodule operate in the same domain so it makes no difference at
> >>>>>>> present.
> >>>>>>>
> >>>>>> Maybe its just personal preference but I see using library interfaces
> >>>>>> as much more clean than invoking semodule and grepping. semanage
> >>>>>> already uses the library interfaces for everything else so this would
> >>>>>> be the one case where it doesn't. He already fixed it up to use the
> >>>>>> interfaces so its moot at this point.
> >>>>> Well, it doesn't have to be moot - we can always take the first
> >>>>> implementation if we think it best. But I'm not fundamentally opposed
> >>>>> to the latter approach, just wanted to explore the rationale. One thing
> >>>>> I would note however is that I see lack of complete error return
> >>>>> checking in the new code that would have been properly checked by
> >>>>> semodule...
> >>>>>
> >>>> I'll fix the error checking in the second patch if you are fine with it otherwise. I just think the library is there for a reason, if we didn't want client programs using it we should have just built it into the application code. Feel free to veto me here if my rationale is weak (as it likely is).
> >>>>
> >>>> Maybe deep down inside I'm just not a unix programmer ;)
> >>> Ok, that's fine with me.
> >>>
> >>> Maybe my own bias is just against python code compared to good olde C
> >>> programs!
> >>>
> >> Updated patch, unrelated things removed and error checking paths fixed up.
> >>
> >> -----
> >
> >> Index: policycoreutils/semanage/seobject.py
> >> ===================================================================
> >> --- policycoreutils/semanage/seobject.py (revision 2917)
> >> +++ policycoreutils/semanage/seobject.py (working copy)
> >> @@ -246,7 +248,108 @@
> > <snip>
> >> + def add(self, type):
> >> + name = "permissive_%s" % type
> >> + dirname = "/var/lib/selinux"
> >> + os.chdir(dirname)
> >
> > Not new to the updated patch, but this can fail.
> >
>
> *sigh* I updated the libsemanage error paths anyway. AFAIK the os
> functions will throw if they fail and since nothing is done inside the
> store until the transaction has started there isn't any state to clean
> up so I'm not sure how important it is to do checks here. If you look
> at sepolgen you'll see the same kinds of things (open being called and
> no check for error condition, etc).
Ok, fine. Then I guess you just need to fix the man page nit.
Acked-By: Joshua Brindle <me...@ma...>
Revision Links:
--------------
http://selinux.svn.sourceforge.net/selinux/?rev=2917&view=rev
Modified Paths:
--------------
trunk/policycoreutils/semanage/semanage
trunk/policycoreutils/semanage/semanage.8
trunk/policycoreutils/semanage/seobject.py
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2008-07-02 14:35:42 UTC (rev 2920)
+++ trunk/policycoreutils/semanage/semanage 2008-07-02 19:52:51 UTC (rev 2921)
@@ -52,6 +52,7 @@
semanage fcontext -{a|d|m} [-frst] file_spec
semanage translation -{a|d|m} [-T] level
semanage boolean -{d|m} boolean
+semanage permissive -{d|a} type
Primary Options:
@@ -114,6 +115,8 @@
valid_option["translation"] += valid_everyone + [ '-T', '--trans' ]
valid_option["boolean"] = []
valid_option["boolean"] += valid_everyone + [ '--on', "--off", "-1", "-0" ]
+ valid_option["permissive"] = []
+ valid_option["permissive"] += [ '-a', '--add', '-d', '--delete', '-l', '--list', '-h', '--help', '-n', '--noheading', '-D', '--deleteall' ]
return valid_option
#
@@ -268,6 +271,9 @@
if object == "translation":
OBJECT = seobject.setransRecords()
+ if object == "permissive":
+ OBJECT = seobject.permissiveRecords(store)
+
if list:
OBJECT.list(heading, locallist)
sys.exit(0);
@@ -304,6 +310,9 @@
if object == "fcontext":
OBJECT.add(target, setype, ftype, serange, seuser)
+ if object == "permissive":
+ OBJECT.add(target)
+
sys.exit(0);
if modify:
Modified: trunk/policycoreutils/semanage/semanage.8
===================================================================
--- trunk/policycoreutils/semanage/semanage.8 2008-07-02 14:35:42 UTC (rev 2920)
+++ trunk/policycoreutils/semanage/semanage.8 2008-07-02 19:52:51 UTC (rev 2921)
@@ -17,6 +17,8 @@
.br
.B semanage fcontext \-{a|d|m} [\-frst] file_spec
.br
+.B semanage permissive \-{a|d} type
+.br
.B semanage translation \-{a|d|m} [\-T] level
.P
@@ -101,10 +103,11 @@
$ semanage fcontext -a -t httpd_sys_content_t "/web(/.*)?"
# Allow Apache to listen on port 81
$ semanage port -a -t http_port_t -p tcp 81
+# Change apache to a permissive domain
+$ semanage permissive -a httpd_t
.fi
.SH "AUTHOR"
This man page was written by Daniel Walsh <dw...@re...> and
Russell Coker <rc...@re...>.
Examples by Thomas Bleher <Tho...@gm...>.
-
Modified: trunk/policycoreutils/semanage/seobject.py
===================================================================
--- trunk/policycoreutils/semanage/seobject.py 2008-07-02 14:35:42 UTC (rev 2920)
+++ trunk/policycoreutils/semanage/seobject.py 2008-07-02 19:52:51 UTC (rev 2921)
@@ -1,5 +1,5 @@
#! /usr/bin/python -E
-# Copyright (C) 2005, 2006, 2007 Red Hat
+# Copyright (C) 2005, 2006, 2007, 2008 Red Hat
# see file 'COPYING' for use and warranty information
#
# semanage is a tool for managing SELinux configuration files
@@ -24,7 +24,9 @@
import pwd, string, selinux, tempfile, os, re, sys
from semanage import *;
PROGNAME="policycoreutils"
+import sepolgen.module as module
+import commands
import gettext
gettext.bindtextdomain(PROGNAME, "/usr/share/locale")
gettext.textdomain(PROGNAME)
@@ -246,7 +248,108 @@
os.close(fd)
os.rename(newfilename, self.filename)
os.system("/sbin/service mcstrans reload > /dev/null")
-
+
+class permissiveRecords:
+ def __init__(self, store):
+ self.store = store
+ self.sh = semanage_handle_create()
+ if not self.sh:
+ raise ValueError(_("Could not create semanage handle"))
+
+ if store != "":
+ semanage_select_store(self.sh, store, SEMANAGE_CON_DIRECT);
+
+ self.semanaged = semanage_is_managed(self.sh)
+
+ if not self.semanaged:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
+
+ rc = semanage_access_check(self.sh)
+ if rc < SEMANAGE_CAN_READ:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("Cannot read policy store."))
+
+ rc = semanage_connect(self.sh)
+ if rc < 0:
+ semanage_handle_destroy(self.sh)
+ raise ValueError(_("Could not establish semanage connection"))
+
+ def get_all(self):
+ l = []
+ (rc, mlist, number) = semanage_module_list(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not list SELinux modules"))
+
+ for i in range(number):
+ mod = semanage_module_list_nth(mlist, i)
+ name = semanage_module_get_name(mod)
+ if name and name.startswith("permissive_"):
+ l.append(name.split("permissive_")[1])
+ return l
+
+ def list(self,heading = 1, locallist = 0):
+ if heading:
+ print "\n%-25s\n" % (_("Permissive Types"))
+ for t in self.get_all():
+ print t
+
+
+ def add(self, type):
+ name = "permissive_%s" % type
+ dirname = "/var/lib/selinux"
+ os.chdir(dirname)
+ filename = "%s.te" % name
+ modtxt = """
+module %s 1.0;
+
+require {
+ type %s;
+}
+
+permissive %s;
+""" % (name, type, type)
+ fd = open(filename,'w')
+ fd.write(modtxt)
+ fd.close()
+ mc = module.ModuleCompiler()
+ mc.create_module_package(filename, 1)
+ fd = open("permissive_%s.pp" % type)
+ data = fd.read()
+ fd.close()
+
+ rc = semanage_module_install(self.sh, data, len(data));
+ if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (module installation failed)") % name)
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not set permissive domain %s (commit failed)") % name)
+ for root, dirs, files in os.walk("tmp", topdown=False):
+ for name in files:
+ os.remove(os.path.join(root, name))
+ for name in dirs:
+ os.rmdir(os.path.join(root, name))
+
+ if rc != 0:
+ raise ValueError(out)
+
+
+ def delete(self, name):
+ for n in name.split():
+ rc = semanage_module_remove(self.sh, "permissive_%s" % n)
+ if rc < 0:
+ raise ValueError(_("Could not remove permissive domain %s (remove failed)") % name)
+ rc = semanage_commit(self.sh)
+ if rc < 0:
+ raise ValueError(_("Could not remove permissive domain %s (commit failed)") % name)
+
+
+ def deleteall(self):
+ l = self.get_all()
+ if len(l) > 0:
+ all = " ".join(l)
+ self.delete(all)
+
class semanageRecords:
def __init__(self, store):
self.sh = semanage_handle_create()
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-02 14:35:44
|
Revision: 2920
http://selinux.svn.sourceforge.net/selinux/?rev=2920&view=rev
Author: madmethod
Date: 2008-07-02 07:35:42 -0700 (Wed, 02 Jul 2008)
Log Message:
-----------
aesthetic change in semodule usage message
Modified Paths:
--------------
trunk/policycoreutils/semanage/semanage
Modified: trunk/policycoreutils/semanage/semanage
===================================================================
--- trunk/policycoreutils/semanage/semanage 2008-07-01 00:30:14 UTC (rev 2919)
+++ trunk/policycoreutils/semanage/semanage 2008-07-02 14:35:42 UTC (rev 2920)
@@ -43,49 +43,51 @@
if __name__ == '__main__':
def usage(message = ""):
- print _('\
-semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n] \n\
-semanage login -{a|d|m} [-sr] login_name\n\
-semanage user -{a|d|m} [-LrRP] selinux_name\n\
-semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range\n\
-semanage interface -{a|d|m} [-tr] interface_spec\n\
-semanage fcontext -{a|d|m} [-frst] file_spec\n\
-semanage translation -{a|d|m} [-T] level\n\n\
-semanage boolean -{d|m} boolean\n\n\
-\
-Primary Options:\n\
-\
- -a, --add Add a OBJECT record NAME\n\
- -d, --delete Delete a OBJECT record NAME\n\
- -m, --modify Modify a OBJECT record NAME\n\
- -l, --list List the OBJECTS\n\n\
- -C, --locallist List OBJECTS local customizations\n\n\
- -D, --deleteall Remove all OBJECTS local customizations\n\
-\
- -h, --help Display this message\n\
- -n, --noheading Do not print heading when listing OBJECTS\n\
- -S, --store Select and alternate SELinux store to manage\n\n\
-Object-specific Options (see above):\n\
- -f, --ftype File Type of OBJECT \n\
- "" (all files) \n\
- -- (regular file) \n\
- -d (directory) \n\
- -c (character device) \n\
- -b (block device) \n\
- -s (socket) \n\
- -l (symbolic link) \n\
- -p (named pipe) \n\n\
-\
- -p, --proto Port protocol (tcp or udp)\n\
- -P, --prefix Prefix for home directory labeling\n\
- -L, --level Default SELinux Level (MLS/MCS Systems only)\n\
- -R, --roles SELinux Roles (ex: "sysadm_r staff_r")\n\
- -T, --trans SELinux Level Translation (MLS/MCS Systems only)\n\n\
-\
- -s, --seuser SELinux User Name\n\
- -t, --type SELinux Type for the object\n\
- -r, --range MLS/MCS Security Range (MLS/MCS Systems only)\n\
-')
+ print _("""
+semanage {boolean|login|user|port|interface|fcontext|translation} -{l|D} [-n]
+semanage login -{a|d|m} [-sr] login_name
+semanage user -{a|d|m} [-LrRP] selinux_name
+semanage port -{a|d|m} [-tr] [ -p proto ] port | port_range
+semanage interface -{a|d|m} [-tr] interface_spec
+semanage fcontext -{a|d|m} [-frst] file_spec
+semanage translation -{a|d|m} [-T] level
+semanage boolean -{d|m} boolean
+
+Primary Options:
+
+ -a, --add Add a OBJECT record NAME
+ -d, --delete Delete a OBJECT record NAME
+ -m, --modify Modify a OBJECT record NAME
+ -l, --list List the OBJECTS
+ -C, --locallist List OBJECTS local customizations
+ -D, --deleteall Remove all OBJECTS local customizations
+
+ -h, --help Display this message
+ -n, --noheading Do not print heading when listing OBJECTS
+ -S, --store Select and alternate SELinux store to manage
+
+Object-specific Options (see above):
+
+ -f, --ftype File Type of OBJECT
+ "" (all files)
+ -- (regular file)
+ -d (directory)
+ -c (character device)
+ -b (block device)
+ -s (socket)
+ -l (symbolic link)
+ -p (named pipe)
+
+ -p, --proto Port protocol (tcp or udp)
+ -P, --prefix Prefix for home directory labeling
+ -L, --level Default SELinux Level (MLS/MCS Systems only)
+ -R, --roles SELinux Roles (ex: "sysadm_r staff_r")
+ -T, --trans SELinux Level Translation (MLS/MCS Systems only)
+
+ -s, --seuser SELinux User Name
+ -t, --type SELinux Type for the object
+ -r, --range MLS/MCS Security Range (MLS/MCS Systems only)
+""")
print message
sys.exit(1)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-01 00:30:15
|
Revision: 2919
http://selinux.svn.sourceforge.net/selinux/?rev=2919&view=rev
Author: madmethod
Date: 2008-06-30 17:30:14 -0700 (Mon, 30 Jun 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: restorecond should not be started by default
Date: Mon, 30 Jun 2008 11:59:06 -0400
Fedora is trying to eliminate most daemons that get started by default.
They want the admin to select whether the daemon should start.
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/restorecond/restorecond.init
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-07-01 00:26:26 UTC (rev 2918)
+++ trunk/policycoreutils/ChangeLog 2008-07-01 00:30:14 UTC (rev 2919)
@@ -1,5 +1,6 @@
2.0.51 2008-06-28
* Add onboot option to fixfiles from Dan Walsh.
+ * Change restorecon.init to not run on boot by default from Dan Walsh.
2.0.50 2008-06-30
* Fix audit2allow generation of role-type rules from Karl MacMillan.
Modified: trunk/policycoreutils/restorecond/restorecond.init
===================================================================
--- trunk/policycoreutils/restorecond/restorecond.init 2008-07-01 00:26:26 UTC (rev 2918)
+++ trunk/policycoreutils/restorecond/restorecond.init 2008-07-01 00:30:14 UTC (rev 2919)
@@ -2,7 +2,7 @@
#
# restorecond: Daemon used to maintain path file context
#
-# chkconfig: 2345 12 87
+# chkconfig: - 12 87
# description: restorecond uses inotify to look for creation of new files \
# listed in the /etc/selinux/restorecond.conf file, and restores the \
# correct security context.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-01 00:26:27
|
Revision: 2918
http://selinux.svn.sourceforge.net/selinux/?rev=2918&view=rev
Author: madmethod
Date: 2008-06-30 17:26:26 -0700 (Mon, 30 Jun 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.50
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-07-01 00:24:02 UTC (rev 2917)
+++ trunk/policycoreutils/ChangeLog 2008-07-01 00:26:26 UTC (rev 2918)
@@ -1,3 +1,6 @@
+2.0.51 2008-06-28
+ * Add onboot option to fixfiles from Dan Walsh.
+
2.0.50 2008-06-30
* Fix audit2allow generation of role-type rules from Karl MacMillan.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-07-01 00:24:02 UTC (rev 2917)
+++ trunk/policycoreutils/VERSION 2008-07-01 00:26:26 UTC (rev 2918)
@@ -1 +1 @@
-2.0.50
+2.0.51
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-07-01 00:24:06
|
Revision: 2917
http://selinux.svn.sourceforge.net/selinux/?rev=2917&view=rev
Author: madmethod
Date: 2008-06-30 17:24:02 -0700 (Mon, 30 Jun 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: fixfiles patch
Date: Mon, 30 Jun 2008 12:05:30 -0400
This patch adds a function onboot
which creates the /.autorelabel file
It also removes tmp files that map directly to a user. This fixes the
problem where a user login gets created with the wrong context in /tmp
and then can not login, even after a relabel.
Acked-By: Joshua Brindle <me...@ma...>
Modified Paths:
--------------
trunk/policycoreutils/scripts/fixfiles
trunk/policycoreutils/scripts/fixfiles.8
Modified: trunk/policycoreutils/scripts/fixfiles
===================================================================
--- trunk/policycoreutils/scripts/fixfiles 2008-06-30 13:14:43 UTC (rev 2916)
+++ trunk/policycoreutils/scripts/fixfiles 2008-07-01 00:24:02 UTC (rev 2917)
@@ -138,6 +138,9 @@
fi
LogReadOnly
${SETFILES} -q ${OUTFILES} ${SYSLOGFLAG} ${FORCEFLAG} $* ${FC} ${FILESYSTEMSRW} 2>&1 >> $LOGFILE
+rm -rf /tmp/gconfd-* /tmp/pulse-* /tmp/orbit-*
+find /tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
+find /var/tmp -context "*:file_t*" -exec chcon -t tmp_t {} \;
exit $?
}
@@ -180,6 +183,10 @@
check) restore -n -v;;
verify) restore -n -o -;;
relabel) relabel;;
+ onboot)
+ touch /.autorelabel
+ echo "System will relabel on next boot"
+ ;;
*)
usage
exit 1
@@ -189,6 +196,7 @@
echo $"Usage: $0 [-l logfile ] [-o outputfile ] { check | restore|[-F] relabel } [[dir] ... ] "
echo or
echo $"Usage: $0 -R rpmpackage[,rpmpackage...] -C PREVIOUS_FILECONTEXT [-l logfile ] [-o outputfile ] { check | restore }"
+ echo $"Usage: $0 onboot"
}
if [ $# = 0 ]; then
Modified: trunk/policycoreutils/scripts/fixfiles.8
===================================================================
--- trunk/policycoreutils/scripts/fixfiles.8 2008-06-30 13:14:43 UTC (rev 2916)
+++ trunk/policycoreutils/scripts/fixfiles.8 2008-07-01 00:24:02 UTC (rev 2917)
@@ -7,6 +7,8 @@
.B fixfiles [-F] [-l logfile ] [-o outputfile ] { check | restore|[-f] relabel | verify } [[dir/file] ... ]
+.B fixfiles onboot
+
.SH "DESCRIPTION"
This manual page describes the
.BR fixfiles
@@ -20,6 +22,9 @@
as you expect. By default it will relabel all mounted ext2, ext3, xfs and
jfs file systems as long as they do not have a security context mount
option. You can use the -R flag to use rpmpackages as an alternative.
+.P
+.B fixfiles onboot
+will setup the machine to relabel on the next reboot.
.SH "OPTIONS"
.TP
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-30 13:14:44
|
Revision: 2916
http://selinux.svn.sourceforge.net/selinux/?rev=2916&view=rev
Author: ssmalley
Date: 2008-06-30 06:14:43 -0700 (Mon, 30 Jun 2008)
Log Message:
-----------
updated sepolgen to version 1.0.12
Modified Paths:
--------------
trunk/sepolgen/ChangeLog
trunk/sepolgen/VERSION
Modified: trunk/sepolgen/ChangeLog
===================================================================
--- trunk/sepolgen/ChangeLog 2008-06-30 13:14:06 UTC (rev 2915)
+++ trunk/sepolgen/ChangeLog 2008-06-30 13:14:43 UTC (rev 2916)
@@ -1,3 +1,6 @@
+1.0.12 2008-06-30
+ * Fix generation of role-type and role allow rules from Karl MacMillan.
+
1.0.11 2008-01-23
* Merged sepolgen fixes from Dan Walsh.
Modified: trunk/sepolgen/VERSION
===================================================================
--- trunk/sepolgen/VERSION 2008-06-30 13:14:06 UTC (rev 2915)
+++ trunk/sepolgen/VERSION 2008-06-30 13:14:43 UTC (rev 2916)
@@ -1 +1 @@
-1.0.11
+1.0.12
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-30 13:14:09
|
Revision: 2915
http://selinux.svn.sourceforge.net/selinux/?rev=2915&view=rev
Author: ssmalley
Date: 2008-06-30 06:14:06 -0700 (Mon, 30 Jun 2008)
Log Message:
-----------
updated policycoreutils to version 2.0.50
Modified Paths:
--------------
trunk/policycoreutils/ChangeLog
trunk/policycoreutils/VERSION
Modified: trunk/policycoreutils/ChangeLog
===================================================================
--- trunk/policycoreutils/ChangeLog 2008-06-30 13:12:55 UTC (rev 2914)
+++ trunk/policycoreutils/ChangeLog 2008-06-30 13:14:06 UTC (rev 2915)
@@ -1,3 +1,6 @@
+2.0.50 2008-06-30
+ * Fix audit2allow generation of role-type rules from Karl MacMillan.
+
2.0.49 2008-05-16
* Remove security_check_context calls for prefix validation from semanage.
Modified: trunk/policycoreutils/VERSION
===================================================================
--- trunk/policycoreutils/VERSION 2008-06-30 13:12:55 UTC (rev 2914)
+++ trunk/policycoreutils/VERSION 2008-06-30 13:14:06 UTC (rev 2915)
@@ -1 +1 @@
-2.0.49
+2.0.50
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-30 13:12:59
|
Revision: 2914
http://selinux.svn.sourceforge.net/selinux/?rev=2914&view=rev
Author: ssmalley
Date: 2008-06-30 06:12:55 -0700 (Mon, 30 Jun 2008)
Log Message:
-----------
Author: Karl MacMillan
Email: kma...@me...
Subject: sepolgen: fix role-type associations and role allow rules
Date: Mon, 23 Jun 2008 14:54:11 -0400
Stephen Smalley wrote:
> On Thu, 2008-06-19 at 11:42 -0400, Joshua Brindle wrote:
>
>> This was written by Karl but he is currently unable to send patches
>>
>
> Also need to fix it to extract the right type (the new type from the
> transition, not the tcontext type) from the error message.
> Use audit2allow -r < avc with the attached avc to test.
>
> Correct output is:
> require {
> type updpwd_t;
> role unconfined_r;
> }
>
> role unconfined_r types updpwd_t;
>
>
Updated patch attached.
Karl
Modified Paths:
--------------
trunk/policycoreutils/audit2allow/audit2allow
trunk/sepolgen/src/sepolgen/access.py
trunk/sepolgen/src/sepolgen/audit.py
trunk/sepolgen/src/sepolgen/output.py
trunk/sepolgen/src/sepolgen/policygen.py
trunk/sepolgen/src/sepolgen/refpolicy.py
Modified: trunk/policycoreutils/audit2allow/audit2allow
===================================================================
--- trunk/policycoreutils/audit2allow/audit2allow 2008-06-14 00:06:59 UTC (rev 2913)
+++ trunk/policycoreutils/audit2allow/audit2allow 2008-06-30 13:12:55 UTC (rev 2914)
@@ -152,12 +152,13 @@
def __process_input(self):
if self.__options.type:
- avcfilter = audit.TypeFilter(self.__options.type)
+ avcfilter = audit.AVCTypeFilter(self.__options.type)
self.__avs = self.__parser.to_access(avcfilter)
- self.__selinux_errs = self.__parser.to_role(avcfilter)
+ csfilter = audit.ComputeSidTypeFilter(self.__options.type)
+ self.__role_types = self.__parser.to_role(csfilter)
else:
self.__avs = self.__parser.to_access()
- self.__selinux_errs = self.__parser.to_role()
+ self.__role_types = self.__parser.to_role()
def __load_interface_info(self):
# Load interface info file
@@ -310,6 +311,7 @@
# Generate the policy
g.add_access(self.__avs)
+ g.add_role_types(self.__role_types)
# Output
writer = output.ModuleWriter()
@@ -328,12 +330,6 @@
fd = sys.stdout
writer.write(g.get_module(), fd)
- if len(self.__selinux_errs) > 0:
- fd.write("\n=========== ROLES ===============\n")
-
- for role in self.__selinux_errs:
- fd.write(role.output())
-
def main(self):
try:
self.__parse_options()
Modified: trunk/sepolgen/src/sepolgen/access.py
===================================================================
--- trunk/sepolgen/src/sepolgen/access.py 2008-06-14 00:06:59 UTC (rev 2913)
+++ trunk/sepolgen/src/sepolgen/access.py 2008-06-30 13:12:55 UTC (rev 2914)
@@ -295,3 +295,32 @@
perms[av.obj_class] = s
s.update(av.perms)
return perms
+
+class RoleTypeSet:
+ """A non-overlapping set of role type statements.
+
+ This clas allows the incremental addition of role type statements and
+ maintains a non-overlapping list of statements.
+ """
+ def __init__(self):
+ """Initialize an access vector set."""
+ self.role_types = {}
+
+ def __iter__(self):
+ """Iterate over all of the unique role allows statements in the set."""
+ for role_type in self.role_types.values():
+ yield role_type
+
+ def __len__(self):
+ """Return the unique number of role allow statements."""
+ return len(self.roles)
+
+ def add(self, role, type):
+ if self.role_types.has_key(role):
+ role_type = self.role_types[role]
+ else:
+ role_type = refpolicy.RoleType()
+ role_type.role = role
+ self.role_types[role] = role_type
+
+ role_type.types.add(type)
Modified: trunk/sepolgen/src/sepolgen/audit.py
===================================================================
--- trunk/sepolgen/src/sepolgen/audit.py 2008-06-14 00:06:59 UTC (rev 2913)
+++ trunk/sepolgen/src/sepolgen/audit.py 2008-06-30 13:12:55 UTC (rev 2914)
@@ -235,20 +235,21 @@
"""
def __init__(self, message):
AuditMessage.__init__(self, message)
- self.type = ""
- self.role = ""
+ self.invalid_context = refpolicy.SecurityContext()
+ self.scontext = refpolicy.SecurityContext()
+ self.tcontext = refpolicy.SecurityContext()
+ self.tclass = ""
def from_split_string(self, recs):
AuditMessage.from_split_string(self, recs)
- dict={}
- for i in recs:
- t = i.split('=')
- if len(t) < 2:
- continue
- dict[t[0]]=t[1]
+ if len(recs) < 10:
+ raise ValueError("Split string does not represent a valid compute sid message")
+
try:
- self.role = refpolicy.SecurityContext(dict["scontext"]).role
- self.type = refpolicy.SecurityContext(dict["tcontext"]).type
+ self.invalid_context = refpolicy.SecurityContext(recs[5])
+ self.scontext = refpolicy.SecurityContext(recs[7].split("=")[1])
+ self.tcontext = refpolicy.SecurityContext(recs[8].split("=")[1])
+ self.tclass = recs[9].split("=")[1]
except:
raise ValueError("Split string does not represent a valid compute sid message")
def output(self):
@@ -405,7 +406,7 @@
self.__post_process()
def to_role(self, role_filter=None):
- """Return list of SELINUX_ERR messages matching the specified filter
+ """Return RoleAllowSet statements matching the specified filter
Filter out types that match the filer, or all roles
@@ -416,13 +417,12 @@
Access vector set representing the denied access in the
audit logs parsed by this object.
"""
- roles = []
- if role_filter:
- for selinux_err in self.compute_sid_msgs:
- if role_filter.filter(selinux_err):
- roles.append(selinux_err)
- return roles
- return self.compute_sid_msgs
+ role_types = access.RoleTypeSet()
+ for cs in self.compute_sid_msgs:
+ if not role_filter or role_filter.filter(cs):
+ role_types.add(cs.invalid_context.role, cs.invalid_context.type)
+
+ return role_types
def to_access(self, avc_filter=None, only_denials=True):
"""Convert the audit logs access into a an access vector set.
@@ -454,7 +454,7 @@
avc.accesses, avc)
return av_set
-class TypeFilter:
+class AVCTypeFilter:
def __init__(self, regex):
self.regex = re.compile(regex)
@@ -465,4 +465,17 @@
return True
return False
+class ComputeSidTypeFilter:
+ def __init__(self, regex):
+ self.regex = re.compile(regex)
+ def filter(self, avc):
+ if self.regex.match(avc.invalid_context.type):
+ return True
+ if self.regex.match(avc.scontext.type):
+ return True
+ if self.regex.match(avc.tcontext.type):
+ return True
+ return False
+
+
Modified: trunk/sepolgen/src/sepolgen/output.py
===================================================================
--- trunk/sepolgen/src/sepolgen/output.py 2008-06-14 00:06:59 UTC (rev 2913)
+++ trunk/sepolgen/src/sepolgen/output.py 2008-06-30 13:12:55 UTC (rev 2914)
@@ -101,6 +101,8 @@
else:
return id_set_cmp(a.src_types, [b.args[0]])
+def role_type_cmp(a, b):
+ return cmp(a.role, b.role)
def sort_filter(module):
"""Sort and group the output for readability.
@@ -146,6 +148,18 @@
c.extend(sep_rules)
+
+ ras = []
+ ras.extend(node.role_types())
+ ras.sort(role_type_cmp)
+ if len(ras):
+ comment = refpolicy.Comment()
+ comment.lines.append("============= ROLES ==============")
+ c.append(comment)
+
+
+ c.extend(ras)
+
# Everything else
for child in node.children:
if child not in c:
Modified: trunk/sepolgen/src/sepolgen/policygen.py
===================================================================
--- trunk/sepolgen/src/sepolgen/policygen.py 2008-06-14 00:06:59 UTC (rev 2913)
+++ trunk/sepolgen/src/sepolgen/policygen.py 2008-06-30 13:12:55 UTC (rev 2914)
@@ -167,7 +167,14 @@
if self.gen_requires:
gen_requires(self.module)
+ def add_role_types(self, role_type_set):
+ for role_type in role_type_set:
+ self.module.children.append(role_type)
+ # Generate the requires
+ if self.gen_requires:
+ gen_requires(self.module)
+
def explain_access(av, ml=None, verbosity=SHORT_EXPLANATION):
"""Explain why a policy statement was generated.
@@ -334,8 +341,12 @@
# can actually figure those out.
r.types.add(arg)
+ for role_type in node.role_types():
+ r.roles.add(role_type.role)
+ r.types.update(role_type.types)
+
r.types.discard("self")
-
+
node.children.insert(0, r)
# FUTURE - this is untested on modules with any sort of
Modified: trunk/sepolgen/src/sepolgen/refpolicy.py
===================================================================
--- trunk/sepolgen/src/sepolgen/refpolicy.py 2008-06-14 00:06:59 UTC (rev 2913)
+++ trunk/sepolgen/src/sepolgen/refpolicy.py 2008-06-30 13:12:55 UTC (rev 2914)
@@ -122,6 +122,12 @@
def roles(self):
return itertools.ifilter(lambda x: isinstance(x, Role), walktree(self))
+ def role_allows(self):
+ return itertools.ifilter(lambda x: isinstance(x, RoleAllow), walktree(self))
+
+ def role_types(self):
+ return itertools.ifilter(lambda x: isinstance(x, RoleType), walktree(self))
+
def __str__(self):
if self.comment:
return str(self.comment) + "\n" + self.to_string()
@@ -494,6 +500,15 @@
return "allow %s %s;" % (self.src_roles.to_comma_str(),
self.tgt_roles.to_comma_str())
+class RoleType(Leaf):
+ def __init__(self, parent=None):
+ Leaf.__init__(self, parent)
+ self.role = ""
+ self.types = IdSet()
+
+ def to_string(self):
+ return "role %s types %s;" % (self.role, self.types.to_comma_str())
+
class ModuleDeclaration(Leaf):
def __init__(self, parent=None):
Leaf.__init__(self, parent)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-06-14 00:07:02
|
Revision: 2913
http://selinux.svn.sourceforge.net/selinux/?rev=2913&view=rev
Author: ewalsh
Date: 2008-06-13 17:06:59 -0700 (Fri, 13 Jun 2008)
Log Message:
-----------
updated libselinux to version 2.0.67
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-06-14 00:06:23 UTC (rev 2912)
+++ trunk/libselinux/ChangeLog 2008-06-14 00:06:59 UTC (rev 2913)
@@ -1,3 +1,6 @@
+2.0.67 2008-06-13
+ * New and revised AVC, label, and mapping man pages from Eamon Walsh.
+
2.0.66 2008-06-11
* Add swig python bindings for avc interfaces from Dan Walsh.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-06-14 00:06:23 UTC (rev 2912)
+++ trunk/libselinux/VERSION 2008-06-14 00:06:59 UTC (rev 2913)
@@ -1 +1 @@
-2.0.66
+2.0.67
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ew...@us...> - 2008-06-14 00:06:43
|
Revision: 2912
http://selinux.svn.sourceforge.net/selinux/?rev=2912&view=rev
Author: ewalsh
Date: 2008-06-13 17:06:23 -0700 (Fri, 13 Jun 2008)
Log Message:
-----------
New and updated man pages for AVC, mapping, label.
Includes avc_open() call, deprecated avc_init(), selinux_set_mapping(),
and new options to the selabel X backend.
Revised per comments.
Signed-off-by: Eamon Walsh <ew...@ty...>
Acked-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libselinux/man/man3/avc_cleanup.3
trunk/libselinux/man/man3/avc_destroy.3
trunk/libselinux/man/man3/avc_init.3
trunk/libselinux/man/man3/avc_reset.3
trunk/libselinux/man/man5/selabel_x.5
Added Paths:
-----------
trunk/libselinux/man/man3/avc_open.3
trunk/libselinux/man/man3/selinux_set_mapping.3
Modified: trunk/libselinux/man/man3/avc_cleanup.3
===================================================================
--- trunk/libselinux/man/man3/avc_cleanup.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_cleanup.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -1 +1 @@
-.so man3/avc_init.3
+.so man3/avc_open.3
Modified: trunk/libselinux/man/man3/avc_destroy.3
===================================================================
--- trunk/libselinux/man/man3/avc_destroy.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_destroy.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -1 +1 @@
-.so man3/avc_init.3
+.so man3/avc_open.3
Modified: trunk/libselinux/man/man3/avc_init.3
===================================================================
--- trunk/libselinux/man/man3/avc_init.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_init.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -3,7 +3,7 @@
.\" Author: Eamon Walsh (ew...@ty...) 2004
.TH "avc_init" "3" "27 May 2004" "" "SELinux API documentation"
.SH "NAME"
-avc_init, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
+avc_init - legacy userspace SELinux AVC setup.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
@@ -18,34 +18,19 @@
.BI "const struct avc_thread_callback *" thread_callbacks ,
.BI "const struct avc_lock_callback *" lock_callbacks ");"
-.in
-.sp
-.BI "void avc_destroy(void);"
-.sp
-.BI "int avc_reset(void);"
-.sp
-.BI "void avc_cleanup(void);"
.SH "DESCRIPTION"
.B avc_init
+is deprecated; please use
+.BR avc_open (3)
+in conjunction with
+.BR selinux_set_callback (3)
+in all new code.
+
+.B avc_init
initializes the userspace AVC and must be called before any other AVC operation can be performed. A non-NULL
.I msgprefix
-will be prepended to all audit messages produced by the userspace AVC. The default is `uavc'. The remaining arguments, if non-NULL, specify callbacks to be used by the userspace AVC. See
-.B CALLBACKS
-below.
+will be prepended to all audit messages produced by the userspace AVC. The default is `uavc'. The remaining arguments, if non-NULL, specify callbacks to be used by the userspace AVC.
-.B avc_destroy
-destroys the userspace AVC, freeing all internal memory structures. After this call has been made,
-.B avc_init
-must be called again before any AVC operations can be performed.
-
-.B avc_reset
-flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see
-.B NETLINK NOTIFICATION
-below.
-
-.B avc_cleanup
-forces the userspace AVC to search for and free all unused SID's and any access decision entries that refer to them. Normally, the userspace AVC lazily reclaims unused SID's.
-
.SH "CALLBACKS"
The userspace AVC can be directed how to perform memory allocation, logging, thread creation, and locking via callback functions passed to
.BR avc_init .
@@ -204,10 +189,7 @@
Eamon Walsh <ew...@ty...>
.SH "SEE ALSO"
-.BR avc_has_perm (3),
-.BR avc_context_to_sid (3),
-.BR avc_cache_stats (3),
-.BR avc_add_callback (3),
-.BR security_compute_av (3)
+.BR avc_open (3),
+.BR selinux_set_callback (3),
.BR selinux (8)
Added: trunk/libselinux/man/man3/avc_open.3
===================================================================
--- trunk/libselinux/man/man3/avc_open.3 (rev 0)
+++ trunk/libselinux/man/man3/avc_open.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -0,0 +1,70 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2008
+.TH "avc_open" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+avc_open, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_open(struct selinux_opt *" options ", unsigned " nopt ");"
+.sp
+.BI "void avc_destroy(void);"
+.sp
+.BI "int avc_reset(void);"
+.sp
+.BI "void avc_cleanup(void);"
+.SH "DESCRIPTION"
+.B avc_open
+initializes the userspace AVC and must be called before any other AVC operation can be performed.
+
+.B avc_destroy
+destroys the userspace AVC, freeing all internal memory structures. After this call has been made,
+.B avc_open
+must be called again before any AVC operations can be performed.
+
+.B avc_reset
+flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see
+.B NETLINK NOTIFICATION
+below.
+
+.B avc_cleanup
+forces the userspace AVC to search for and free all unused SID's and any access decision entries that refer to them. Normally, the userspace AVC lazily reclaims unused SID's.
+
+.SH "OPTIONS"
+The userspace AVC obeys callbacks set via
+.BR selinux_set_callback (3),
+in particular the logging and audit callbacks.
+
+The options which may be passed to
+.B avc_open
+include the following:
+
+.TP
+.B AVC_OPT_SETENFORCE
+This option forces the userspace AVC into enforcing mode if the option value is non-NULL; permissive mode otherwise. The system enforcing mode will be ignored.
+
+.SH "NETLINK NOTIFICATION"
+Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification via netlink. Two message types are currently implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively. The userspace AVC listens for these messages and takes the appropriate action, modifying the behavior of
+.BR avc_has_perm (3)
+to reflect the current enforcing mode and flushing the cache on receipt of a policy load notification. Audit messages are produced when netlink notifications are processed.
+
+.SH "RETURN VALUE"
+Functions with a return value return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR selinux (8),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR selinux_set_callback (3),
+.BR security_compute_av (3)
+
Modified: trunk/libselinux/man/man3/avc_reset.3
===================================================================
--- trunk/libselinux/man/man3/avc_reset.3 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man3/avc_reset.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -1 +1 @@
-.so man3/avc_init.3
+.so man3/avc_open.3
Added: trunk/libselinux/man/man3/selinux_set_mapping.3
===================================================================
--- trunk/libselinux/man/man3/selinux_set_mapping.3 (rev 0)
+++ trunk/libselinux/man/man3/selinux_set_mapping.3 2008-06-14 00:06:23 UTC (rev 2912)
@@ -0,0 +1,87 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ew...@ty...) 2008
+.TH "selinux_set_mapping" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+selinux_set_mapping \- establish dynamic object class and permission mapping.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.nf
+struct security_class_mapping {
+ const char *name;
+ const char *perms[];
+};
+.fi
+.sp
+.BI "int selinux_set_mapping(struct security_class_mapping *" map ");"
+
+.SH "DESCRIPTION"
+.B selinux_set_mapping
+establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system policy. Use of this function is highly preferred over the generated constants in the libselinux header files, as this method allows the policy's class and permission values to change over time.
+
+After the mapping is established, all libselinux functions that operate on class and permission values take the user-provided numbers, which are determined as follows:
+
+The
+.I map
+argument consists of an array of
+.B security_class_mapping
+structures, which must be terminated by a structure having a NULL name field. Except for this last structure, the
+.I name
+field should refer to the string name of an object class, and the corresponding
+.I perms
+field should refer to an array of permission bit names terminated by a NULL string.
+
+The object classes named in the mapping and the bit indexes of each set of permission bits named in the mapping are numbered in order starting from 1. These numbers are the values that should be passed to subsequent libselinux calls.
+
+.SH "RETURN VALUE"
+Zero is returned on success. On error, -1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+One of the class or permission names requested in the mapping is not present in the loaded policy.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "EXAMPLE"
+.RS
+.ta 4n 10n
+.nf
+struct security_class_mapping map[] = {
+ { "file", { "create", "unlink", "read", "write", NULL } },
+ { "socket", { "bind", NULL } },
+ { "process", { "signal", NULL } },
+ { NULL }
+};
+
+if (selinux_set_mapping(map) < 0)
+ exit(1);
+.fi
+.ta
+.RE
+
+In this example, after the call has succeeded, classes
+.BR file ,
+.BR socket ,
+and
+.B process
+will be identified by 1, 2 and 3, respectively. Permissions
+.IR create ,
+.IR unlink ,
+.IR read ,
+and
+.I write
+(for the
+.B file
+class) will be identified by 1, 2, 4, and 8 respectively. Classes and permissions not listed in the mapping cannot be used.
+
+.SH "AUTHOR"
+Eamon Walsh <ew...@ty...>
+
+.SH "SEE ALSO"
+.BR avc_open (8),
+.BR selinux (8)
Modified: trunk/libselinux/man/man5/selabel_x.5
===================================================================
--- trunk/libselinux/man/man5/selabel_x.5 2008-06-13 18:38:34 UTC (rev 2911)
+++ trunk/libselinux/man/man5/selabel_x.5 2008-06-14 00:06:23 UTC (rev 2912)
@@ -27,15 +27,39 @@
.I object_name
argument specifies the name of a window property, such as "WM_NAME".
.TP
+.B SELABEL_X_SELN
+The
+.I object_name
+argument specifies the name of a selection, such as "PRIMARY".
+.TP
.B SELABEL_X_EXT
The
.I object_name
argument specifies the name of a protocol extension, such as "RENDER".
.TP
+.B SELABEL_X_EVENT
+The
+.I object_name
+argument specifies the name of an event type, such as "X11:ButtonPress".
+.TP
.B SELABEL_X_CLIENT
The
.I object_name
argument is ignored and should be set to NULL. The default context for labeling remote X clients is returned.
+.TP
+.B SELABEL_X_POLYPROP
+Like
+.BR SELABEL_X_PROP ,
+but checks if the property was marked as being polyinstantiated. See
+.B NOTES
+below.
+.TP
+.B SELABEL_X_POLYSELN
+Like
+.BR SELABEL_X_SELN ,
+but checks if the selection was marked as being polyinstantiated. See
+.B NOTES
+below.
.SH "OPTIONS"
In addition to the global options described in
@@ -46,6 +70,9 @@
.B SELABEL_OPT_PATH
A non-null value for this option specifies a path to a file that will be opened in lieu of the standard X contexts file.
+.SH "NOTES"
+Properties and selections are marked as either polyinstantiated or not. For these name types, the "POLY" option searches only the names marked as being polyinstantiated, while the other option searches only the names marked as not being polyinstantiated. Users of the interface should check both mappings, optionally taking action based on the result (e.g. polyinstantiating the object).
+
.SH "SEE ALSO"
.BR selabel_open (3),
.BR selabel_lookup (3),
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-06-13 18:38:36
|
Revision: 2911
http://selinux.svn.sourceforge.net/selinux/?rev=2911&view=rev
Author: madmethod
Date: 2008-06-13 11:38:34 -0700 (Fri, 13 Jun 2008)
Log Message:
-----------
Author: Joshua Brindle
Email: me...@ma...
Subject: libsepol write.c has shadowed var
Date: Fri, 13 Jun 2008 13:44:24 -0400
Stephen Smalley wrote:
> On Fri, 2008-06-13 at 11:43 -0400, Joshua Brindle wrote:
>> This patch addresses a shadowed var that prevents libsepol from being built with DEBUG=1
>>
>> Signed-off-by: Joshua Brindle <me...@ma...>
>>
>> ---
>>
>> Index: libsepol/src/write.c
>> ===================================================================
>> --- libsepol/src/write.c (revision 2908)
>> +++ libsepol/src/write.c (working copy)
>> @@ -1625,10 +1625,10 @@
>> if (p->policyvers < POLICYDB_VERSION_PERMISSIVE &&
>> p->policy_type == POLICY_KERN) {
>> ebitmap_node_t *tnode;
>> - unsigned int i;
>> + unsigned int j;
>>
>> - ebitmap_for_each_bit(&p->permissive_map, tnode, i) {
>> - if (ebitmap_node_get_bit(tnode, i)) {
>> + ebitmap_for_each_bit(&p->permissive_map, tnode, j) {
>> + if (ebitmap_node_get_bit(tnode, j)) {
>> WARN(fp->handle, "Warning! Policy version %d cannot "
>> "support permissive types, but some were defined",
>> p->policyvers);
>
> Any particular reason we can't just use the local var from the outer
> scope?
>
good point, I didn't really look at how i was being used. This uses i from the outer scope and adds -Wshadow to library and checkpolicy makefiles.
Acked-by: Stephen Smalley <sd...@ty...>
Revision Links:
--------------
http://selinux.svn.sourceforge.net/selinux/?rev=2908&view=rev
Modified Paths:
--------------
trunk/checkpolicy/Makefile
trunk/libselinux/src/Makefile
trunk/libsemanage/src/Makefile
trunk/libsepol/src/Makefile
trunk/libsepol/src/write.c
Modified: trunk/checkpolicy/Makefile
===================================================================
--- trunk/checkpolicy/Makefile 2008-06-13 14:14:57 UTC (rev 2910)
+++ trunk/checkpolicy/Makefile 2008-06-13 18:38:34 UTC (rev 2911)
@@ -10,7 +10,7 @@
YACC = bison -y
-CFLAGS ?= -g -Wall -Werror -O2 -pipe -fno-strict-aliasing
+CFLAGS ?= -g -Wall -Werror -Wshadow -O2 -pipe -fno-strict-aliasing
override CFLAGS += -I. -I${INCLUDEDIR}
Modified: trunk/libselinux/src/Makefile
===================================================================
--- trunk/libselinux/src/Makefile 2008-06-13 14:14:57 UTC (rev 2910)
+++ trunk/libselinux/src/Makefile 2008-06-13 18:38:34 UTC (rev 2911)
@@ -33,7 +33,7 @@
OBJS= $(patsubst %.c,%.o,$(SRCS))
LOBJS= $(patsubst %.c,%.lo,$(SRCS))
-CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
RANLIB=ranlib
Modified: trunk/libsemanage/src/Makefile
===================================================================
--- trunk/libsemanage/src/Makefile 2008-06-13 14:14:57 UTC (rev 2910)
+++ trunk/libsemanage/src/Makefile 2008-06-13 18:38:34 UTC (rev 2911)
@@ -31,7 +31,7 @@
LIBSO=$(TARGET).$(LIBVERSION)
OBJS= $(patsubst %.c,%.o,$(filter-out $(SWIGCOUT),$(wildcard *.c))) conf-scan.o conf-parse.o
LOBJS= $(patsubst %.c,%.lo,$(filter-out $(SWIGCOUT),$(wildcard *.c))) conf-scan.lo conf-parse.lo
-CFLAGS ?= -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
+CFLAGS ?= -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE
Modified: trunk/libsepol/src/Makefile
===================================================================
--- trunk/libsepol/src/Makefile 2008-06-13 14:14:57 UTC (rev 2910)
+++ trunk/libsepol/src/Makefile 2008-06-13 18:38:34 UTC (rev 2911)
@@ -10,7 +10,7 @@
LIBSO=$(TARGET).$(LIBVERSION)
OBJS= $(patsubst %.c,%.o,$(wildcard *.c))
LOBJS= $(patsubst %.c,%.lo,$(wildcard *.c))
-CFLAGS ?= -Werror -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute
+CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
override CFLAGS += -I. -I../include -D_GNU_SOURCE
all: $(LIBA) $(LIBSO)
Modified: trunk/libsepol/src/write.c
===================================================================
--- trunk/libsepol/src/write.c 2008-06-13 14:14:57 UTC (rev 2910)
+++ trunk/libsepol/src/write.c 2008-06-13 18:38:34 UTC (rev 2911)
@@ -1625,7 +1625,6 @@
if (p->policyvers < POLICYDB_VERSION_PERMISSIVE &&
p->policy_type == POLICY_KERN) {
ebitmap_node_t *tnode;
- unsigned int i;
ebitmap_for_each_bit(&p->permissive_map, tnode, i) {
if (ebitmap_node_get_bit(tnode, i)) {
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-13 14:14:59
|
Revision: 2910
http://selinux.svn.sourceforge.net/selinux/?rev=2910&view=rev
Author: ssmalley
Date: 2008-06-13 07:14:57 -0700 (Fri, 13 Jun 2008)
Log Message:
-----------
updated libsepol to version 2.0.31
Modified Paths:
--------------
trunk/libsepol/ChangeLog
trunk/libsepol/VERSION
Modified: trunk/libsepol/ChangeLog
===================================================================
--- trunk/libsepol/ChangeLog 2008-06-13 14:13:46 UTC (rev 2909)
+++ trunk/libsepol/ChangeLog 2008-06-13 14:14:57 UTC (rev 2910)
@@ -1,3 +1,6 @@
+2.0.31 2008-06-13
+ * Fix mls_semantic_level_expand() to handle a user require w/o MLS information from Stephen Smalley.
+
2.0.30 2008-06-06
* Fix endianness bug in the handling of network node addresses from Stephen Smalley.
Only affects big endian platforms.
Modified: trunk/libsepol/VERSION
===================================================================
--- trunk/libsepol/VERSION 2008-06-13 14:13:46 UTC (rev 2909)
+++ trunk/libsepol/VERSION 2008-06-13 14:14:57 UTC (rev 2910)
@@ -1 +1 @@
-2.0.30
+2.0.31
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-13 14:13:49
|
Revision: 2909
http://selinux.svn.sourceforge.net/selinux/?rev=2909&view=rev
Author: ssmalley
Date: 2008-06-13 07:13:46 -0700 (Fri, 13 Jun 2008)
Log Message:
-----------
Author: Stephen Smalley
Email: sd...@ty...
Subject: libsepol segfault when module requires a user not in base
Date: Fri, 13 Jun 2008 10:11:06 -0400
On Thu, 2008-06-12 at 17:21 -0400, Eric Paris wrote:
> checkpolicy-2.0.16-2.fc10.x86_64
> libsepol-2.0.30-1.fc10.x86_64
>
> Program terminated with signal 11, Segmentation fault.
> [New process 6347]
> #0 0x000000000041a155 in mls_semantic_level_expand ()
> (gdb) bt
> #0 0x000000000041a155 in mls_semantic_level_expand ()
> #1 0x000000000041a3f9 in mls_semantic_range_expand ()
> #2 0x000000000040dd0d in policydb_user_cache ()
> #3 0x000000000040417e in hashtab_map ()
> #4 0x000000000040d829 in policydb_index_others ()
> #5 0x00000000004082e1 in link_modules ()
> #6 0x00000000004036a7 in main (argc=<value optimized out>, argv=0x7fffe894e178) at dismod.c:761
> (gdb) quit
>
> base.conf:
> **********
> class class1
> sid sid1
> class class1
> {
> perm1
> perm2
> }
> sensitivity s0;
> dominance { s0 }
> category c0; category c1; category c2; category c3;
> category c4; category c5; category c6; category c7;
> category c8; category c9; category c10; category c11;
> category c12; category c13; category c14; category c15;
> category c16; category c17; category c18; category c19;
> category c20; category c21; category c22; category c23;
> level s0:c0.c23;
> mlsconstrain class1 { perm1 perm2 }
> ( h1 dom h2 );
> attribute attr1;
> type type1_t;
> type type2_t;
> role role1_r types { type1_t type2_t };
> role role2_r types { type1_t type2_t };
> allow type1_t type2_t: class1 { perm1 };
> allow role1_r role2_r;
> bool bool1 true;
> user user1_u roles { role1_r } level s0 range s0 - s0:c0.c23;
> sid sid1 user1_u:role1_r:type1_t:s0
> fs_use_xattr ext2 user1_u:role1_r:type1_t:s0;
> genfscon proc / user1_u:role1_r:type1_t:s0
> nodecon ::1 FFFF:FFFF:FFFF:FFFF:: user1_u:role1_r:type1_t:s0
>
> badmodule.te:
> *************
> module badmodule 1.0.0;
> require {
> user baduser_u;
> type type2_t;
> type type1_t;
> class class1 perm1;
> }
>
> allow type1_t type2_t : class1 perm1;
>
> ************
> checkmodule -M -o base.mod base.conf
> checkmodule -M -m -o badmodule.mod badmodule.te
> sedismod base.mod
> #l
> #badmodule.mod
>
> ***BOOM***
Interestingly doesn't occur on F9 for me, so likely a side effect of the
user/role remapping support leading to earlier indexing/caching.
Seems like the same issue as we had with mls_level_convert() in link.
Patch below restores the correct behavior.
Signed-off-by: Stephen Smalley <sd...@ty...>
Modified Paths:
--------------
trunk/libsepol/src/expand.c
Modified: trunk/libsepol/src/expand.c
===================================================================
--- trunk/libsepol/src/expand.c 2008-06-11 18:10:07 UTC (rev 2908)
+++ trunk/libsepol/src/expand.c 2008-06-13 14:13:46 UTC (rev 2909)
@@ -656,6 +656,10 @@
if (!p->mls)
return 0;
+ /* Required not declared. */
+ if (!sl->sens)
+ return 0;
+
l->sens = sl->sens;
levdatum = (level_datum_t *) hashtab_search(p->p_levels.table,
p->p_sens_val_to_name[l->
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-11 18:10:09
|
Revision: 2908
http://selinux.svn.sourceforge.net/selinux/?rev=2908&view=rev
Author: ssmalley
Date: 2008-06-11 11:10:07 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
updated libselinux to version 2.0.66
Modified Paths:
--------------
trunk/libselinux/ChangeLog
trunk/libselinux/VERSION
Modified: trunk/libselinux/ChangeLog
===================================================================
--- trunk/libselinux/ChangeLog 2008-06-11 18:09:03 UTC (rev 2907)
+++ trunk/libselinux/ChangeLog 2008-06-11 18:10:07 UTC (rev 2908)
@@ -1,3 +1,6 @@
+2.0.66 2008-06-11
+ * Add swig python bindings for avc interfaces from Dan Walsh.
+
2.0.65 2008-05-27
* Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
* Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
Modified: trunk/libselinux/VERSION
===================================================================
--- trunk/libselinux/VERSION 2008-06-11 18:09:03 UTC (rev 2907)
+++ trunk/libselinux/VERSION 2008-06-11 18:10:07 UTC (rev 2908)
@@ -1 +1 @@
-2.0.65
+2.0.66
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-11 18:09:13
|
Revision: 2907
http://selinux.svn.sourceforge.net/selinux/?rev=2907&view=rev
Author: ssmalley
Date: 2008-06-11 11:09:03 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
make pywrap
Modified Paths:
--------------
trunk/libselinux/src/selinux.py
trunk/libselinux/src/selinuxswig_wrap.c
Modified: trunk/libselinux/src/selinux.py
===================================================================
--- trunk/libselinux/src/selinux.py 2008-06-11 18:07:30 UTC (rev 2906)
+++ trunk/libselinux/src/selinux.py 2008-06-11 18:09:03 UTC (rev 2907)
@@ -300,6 +300,204 @@
selinux_file_context_cmp = _selinux.selinux_file_context_cmp
selinux_file_context_verify = _selinux.selinux_file_context_verify
selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
+class security_id(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, security_id, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, security_id, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["ctx"] = _selinux.security_id_ctx_set
+ __swig_getmethods__["ctx"] = _selinux.security_id_ctx_get
+ if _newclass:ctx = _swig_property(_selinux.security_id_ctx_get, _selinux.security_id_ctx_set)
+ __swig_setmethods__["refcnt"] = _selinux.security_id_refcnt_set
+ __swig_getmethods__["refcnt"] = _selinux.security_id_refcnt_get
+ if _newclass:refcnt = _swig_property(_selinux.security_id_refcnt_get, _selinux.security_id_refcnt_set)
+ def __init__(self, *args):
+ this = _selinux.new_security_id(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_security_id
+ __del__ = lambda self : None;
+security_id_swigregister = _selinux.security_id_swigregister
+security_id_swigregister(security_id)
+
+avc_sid_to_context = _selinux.avc_sid_to_context
+avc_sid_to_context_raw = _selinux.avc_sid_to_context_raw
+avc_context_to_sid = _selinux.avc_context_to_sid
+avc_context_to_sid_raw = _selinux.avc_context_to_sid_raw
+sidget = _selinux.sidget
+sidput = _selinux.sidput
+avc_get_initial_sid = _selinux.avc_get_initial_sid
+class avc_entry_ref(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_entry_ref, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_entry_ref, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["ae"] = _selinux.avc_entry_ref_ae_set
+ __swig_getmethods__["ae"] = _selinux.avc_entry_ref_ae_get
+ if _newclass:ae = _swig_property(_selinux.avc_entry_ref_ae_get, _selinux.avc_entry_ref_ae_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_entry_ref(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_entry_ref
+ __del__ = lambda self : None;
+avc_entry_ref_swigregister = _selinux.avc_entry_ref_swigregister
+avc_entry_ref_swigregister(avc_entry_ref)
+
+class avc_memory_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_memory_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_memory_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_set
+ __swig_getmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_get
+ if _newclass:func_malloc = _swig_property(_selinux.avc_memory_callback_func_malloc_get, _selinux.avc_memory_callback_func_malloc_set)
+ __swig_setmethods__["func_free"] = _selinux.avc_memory_callback_func_free_set
+ __swig_getmethods__["func_free"] = _selinux.avc_memory_callback_func_free_get
+ if _newclass:func_free = _swig_property(_selinux.avc_memory_callback_func_free_get, _selinux.avc_memory_callback_func_free_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_memory_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_memory_callback
+ __del__ = lambda self : None;
+avc_memory_callback_swigregister = _selinux.avc_memory_callback_swigregister
+avc_memory_callback_swigregister(avc_memory_callback)
+
+class avc_log_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_log_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_log_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_log"] = _selinux.avc_log_callback_func_log_set
+ __swig_getmethods__["func_log"] = _selinux.avc_log_callback_func_log_get
+ if _newclass:func_log = _swig_property(_selinux.avc_log_callback_func_log_get, _selinux.avc_log_callback_func_log_set)
+ __swig_setmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_set
+ __swig_getmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_get
+ if _newclass:func_audit = _swig_property(_selinux.avc_log_callback_func_audit_get, _selinux.avc_log_callback_func_audit_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_log_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_log_callback
+ __del__ = lambda self : None;
+avc_log_callback_swigregister = _selinux.avc_log_callback_swigregister
+avc_log_callback_swigregister(avc_log_callback)
+
+class avc_thread_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_thread_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_thread_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_set
+ __swig_getmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_get
+ if _newclass:func_create_thread = _swig_property(_selinux.avc_thread_callback_func_create_thread_get, _selinux.avc_thread_callback_func_create_thread_set)
+ __swig_setmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_set
+ __swig_getmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_get
+ if _newclass:func_stop_thread = _swig_property(_selinux.avc_thread_callback_func_stop_thread_get, _selinux.avc_thread_callback_func_stop_thread_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_thread_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_thread_callback
+ __del__ = lambda self : None;
+avc_thread_callback_swigregister = _selinux.avc_thread_callback_swigregister
+avc_thread_callback_swigregister(avc_thread_callback)
+
+class avc_lock_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_lock_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_lock_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_set
+ __swig_getmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_get
+ if _newclass:func_alloc_lock = _swig_property(_selinux.avc_lock_callback_func_alloc_lock_get, _selinux.avc_lock_callback_func_alloc_lock_set)
+ __swig_setmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_set
+ __swig_getmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_get
+ if _newclass:func_get_lock = _swig_property(_selinux.avc_lock_callback_func_get_lock_get, _selinux.avc_lock_callback_func_get_lock_set)
+ __swig_setmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_set
+ __swig_getmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_get
+ if _newclass:func_release_lock = _swig_property(_selinux.avc_lock_callback_func_release_lock_get, _selinux.avc_lock_callback_func_release_lock_set)
+ __swig_setmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_set
+ __swig_getmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_get
+ if _newclass:func_free_lock = _swig_property(_selinux.avc_lock_callback_func_free_lock_get, _selinux.avc_lock_callback_func_free_lock_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_lock_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_lock_callback
+ __del__ = lambda self : None;
+avc_lock_callback_swigregister = _selinux.avc_lock_callback_swigregister
+avc_lock_callback_swigregister(avc_lock_callback)
+
+AVC_OPT_UNUSED = _selinux.AVC_OPT_UNUSED
+AVC_OPT_SETENFORCE = _selinux.AVC_OPT_SETENFORCE
+avc_init = _selinux.avc_init
+avc_open = _selinux.avc_open
+avc_cleanup = _selinux.avc_cleanup
+avc_reset = _selinux.avc_reset
+avc_destroy = _selinux.avc_destroy
+avc_has_perm_noaudit = _selinux.avc_has_perm_noaudit
+avc_has_perm = _selinux.avc_has_perm
+avc_audit = _selinux.avc_audit
+avc_compute_create = _selinux.avc_compute_create
+avc_compute_member = _selinux.avc_compute_member
+AVC_CALLBACK_GRANT = _selinux.AVC_CALLBACK_GRANT
+AVC_CALLBACK_TRY_REVOKE = _selinux.AVC_CALLBACK_TRY_REVOKE
+AVC_CALLBACK_REVOKE = _selinux.AVC_CALLBACK_REVOKE
+AVC_CALLBACK_RESET = _selinux.AVC_CALLBACK_RESET
+AVC_CALLBACK_AUDITALLOW_ENABLE = _selinux.AVC_CALLBACK_AUDITALLOW_ENABLE
+AVC_CALLBACK_AUDITALLOW_DISABLE = _selinux.AVC_CALLBACK_AUDITALLOW_DISABLE
+AVC_CALLBACK_AUDITDENY_ENABLE = _selinux.AVC_CALLBACK_AUDITDENY_ENABLE
+AVC_CALLBACK_AUDITDENY_DISABLE = _selinux.AVC_CALLBACK_AUDITDENY_DISABLE
+AVC_CACHE_STATS = _selinux.AVC_CACHE_STATS
+class avc_cache_stats(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_cache_stats, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_cache_stats, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_set
+ __swig_getmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_get
+ if _newclass:entry_lookups = _swig_property(_selinux.avc_cache_stats_entry_lookups_get, _selinux.avc_cache_stats_entry_lookups_set)
+ __swig_setmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_set
+ __swig_getmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_get
+ if _newclass:entry_hits = _swig_property(_selinux.avc_cache_stats_entry_hits_get, _selinux.avc_cache_stats_entry_hits_set)
+ __swig_setmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_set
+ __swig_getmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_get
+ if _newclass:entry_misses = _swig_property(_selinux.avc_cache_stats_entry_misses_get, _selinux.avc_cache_stats_entry_misses_set)
+ __swig_setmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_set
+ __swig_getmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_get
+ if _newclass:entry_discards = _swig_property(_selinux.avc_cache_stats_entry_discards_get, _selinux.avc_cache_stats_entry_discards_set)
+ __swig_setmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_set
+ __swig_getmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_get
+ if _newclass:cav_lookups = _swig_property(_selinux.avc_cache_stats_cav_lookups_get, _selinux.avc_cache_stats_cav_lookups_set)
+ __swig_setmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_set
+ __swig_getmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_get
+ if _newclass:cav_hits = _swig_property(_selinux.avc_cache_stats_cav_hits_get, _selinux.avc_cache_stats_cav_hits_set)
+ __swig_setmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_set
+ __swig_getmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_get
+ if _newclass:cav_probes = _swig_property(_selinux.avc_cache_stats_cav_probes_get, _selinux.avc_cache_stats_cav_probes_set)
+ __swig_setmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_set
+ __swig_getmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_get
+ if _newclass:cav_misses = _swig_property(_selinux.avc_cache_stats_cav_misses_get, _selinux.avc_cache_stats_cav_misses_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_cache_stats(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_cache_stats
+ __del__ = lambda self : None;
+avc_cache_stats_swigregister = _selinux.avc_cache_stats_swigregister
+avc_cache_stats_swigregister(avc_cache_stats)
+
+avc_av_stats = _selinux.avc_av_stats
+avc_sid_stats = _selinux.avc_sid_stats
selinux_default_type_path = _selinux.selinux_default_type_path
get_default_type = _selinux.get_default_type
SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
Modified: trunk/libselinux/src/selinuxswig_wrap.c
===================================================================
--- trunk/libselinux/src/selinuxswig_wrap.c 2008-06-11 18:07:30 UTC (rev 2906)
+++ trunk/libselinux/src/selinuxswig_wrap.c 2008-06-11 18:09:03 UTC (rev 2907)
@@ -2458,21 +2458,36 @@
#define SWIGTYPE_p_SELboolean swig_types[0]
#define SWIGTYPE_p_av_decision swig_types[1]
-#define SWIGTYPE_p_char swig_types[2]
-#define SWIGTYPE_p_f_int_p_q_const__char_v_______int swig_types[3]
-#define SWIGTYPE_p_f_p_p_char__int swig_types[4]
-#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int swig_types[5]
-#define SWIGTYPE_p_ino_t swig_types[6]
-#define SWIGTYPE_p_int swig_types[7]
-#define SWIGTYPE_p_p_char swig_types[8]
-#define SWIGTYPE_p_p_p_char swig_types[9]
-#define SWIGTYPE_p_security_class_mapping swig_types[10]
-#define SWIGTYPE_p_selinux_callback swig_types[11]
-#define SWIGTYPE_p_selinux_opt swig_types[12]
-#define SWIGTYPE_p_unsigned_int swig_types[13]
-#define SWIGTYPE_p_unsigned_short swig_types[14]
-static swig_type_info *swig_types[16];
-static swig_module_info swig_module = {swig_types, 15, 0, 0, 0, 0};
+#define SWIGTYPE_p_avc_cache_stats swig_types[2]
+#define SWIGTYPE_p_avc_entry swig_types[3]
+#define SWIGTYPE_p_avc_entry_ref swig_types[4]
+#define SWIGTYPE_p_avc_lock_callback swig_types[5]
+#define SWIGTYPE_p_avc_log_callback swig_types[6]
+#define SWIGTYPE_p_avc_memory_callback swig_types[7]
+#define SWIGTYPE_p_avc_thread_callback swig_types[8]
+#define SWIGTYPE_p_char swig_types[9]
+#define SWIGTYPE_p_f_int_p_q_const__char_v_______int swig_types[10]
+#define SWIGTYPE_p_f_p_f_void__void__p_void swig_types[11]
+#define SWIGTYPE_p_f_p_p_char__int swig_types[12]
+#define SWIGTYPE_p_f_p_q_const__char_v_______void swig_types[13]
+#define SWIGTYPE_p_f_p_void__void swig_types[14]
+#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int swig_types[15]
+#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void swig_types[16]
+#define SWIGTYPE_p_f_size_t__p_void swig_types[17]
+#define SWIGTYPE_p_f_void__p_void swig_types[18]
+#define SWIGTYPE_p_ino_t swig_types[19]
+#define SWIGTYPE_p_int swig_types[20]
+#define SWIGTYPE_p_p_char swig_types[21]
+#define SWIGTYPE_p_p_p_char swig_types[22]
+#define SWIGTYPE_p_p_security_id swig_types[23]
+#define SWIGTYPE_p_security_class_mapping swig_types[24]
+#define SWIGTYPE_p_security_id swig_types[25]
+#define SWIGTYPE_p_selinux_callback swig_types[26]
+#define SWIGTYPE_p_selinux_opt swig_types[27]
+#define SWIGTYPE_p_unsigned_int swig_types[28]
+#define SWIGTYPE_p_unsigned_short swig_types[29]
+static swig_type_info *swig_types[31];
+static swig_module_info swig_module = {swig_types, 30, 0, 0, 0, 0};
#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
@@ -2503,6 +2518,7 @@
#include "selinux/selinux.h"
+ #include "../include/selinux/avc.h"
#include "../include/selinux/selinux.h"
#include "../include/selinux/get_default_type.h"
#include "../include/selinux/get_context_list.h"
@@ -7461,6 +7477,2083 @@
}
+SWIGINTERN PyObject *_wrap_security_id_ctx_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_id_ctx_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_set" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_id_ctx_set" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ if (arg1->ctx) free((char*)arg1->ctx);
+ if (arg2) {
+ size_t size = strlen((const char *)(arg2)) + 1;
+ arg1->ctx = (security_context_t)(char *)memcpy((char *)malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
+ } else {
+ arg1->ctx = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_ctx_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ security_context_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_id_ctx_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_get" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ result = (security_context_t) ((arg1)->ctx);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_refcnt_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_id_refcnt_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_set" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_id_refcnt_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->refcnt = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_refcnt_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_id_refcnt_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_get" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ result = (unsigned int) ((arg1)->refcnt);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_security_id")) SWIG_fail;
+ result = (struct security_id *)(struct security_id *) calloc(1, sizeof(struct security_id));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_id, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_security_id",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_security_id" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *security_id_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_security_id, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_sid_to_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)avc_sid_to_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_sid_to_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context_raw" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)avc_sid_to_context_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_context_to_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)avc_context_to_sid(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_context_to_sid_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)avc_context_to_sid_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_sidget(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:sidget",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidget" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)sidget(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_sidput(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:sidput",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidput" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)sidput(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_get_initial_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_get_initial_sid",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_get_initial_sid" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)avc_get_initial_sid((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ struct avc_entry *arg2 = (struct avc_entry *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_entry_ref_ae_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_set" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_avc_entry, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_entry_ref_ae_set" "', argument " "2"" of type '" "struct avc_entry *""'");
+ }
+ arg2 = (struct avc_entry *)(argp2);
+ if (arg1) (arg1)->ae = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ struct avc_entry *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_entry_ref_ae_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_get" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ result = (struct avc_entry *) ((arg1)->ae);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_entry_ref")) SWIG_fail;
+ result = (struct avc_entry_ref *)(struct avc_entry_ref *) calloc(1, sizeof(struct avc_entry_ref));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_entry_ref",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_entry_ref" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_entry_ref_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_entry_ref, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *(*arg2)(size_t) = (void *(*)(size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_malloc_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_size_t__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "2"" of type '" "void *(*)(size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_malloc = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *(*result)(size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_malloc_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ result = (void *(*)(size_t)) ((arg1)->func_malloc);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_size_t__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_free_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_free_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_free = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_free_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_free);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_memory_callback")) SWIG_fail;
+ result = (struct avc_memory_callback *)(struct avc_memory_callback *) calloc(1, sizeof(struct avc_memory_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_memory_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_memory_callback" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_memory_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_memory_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*arg2)(char const *,...) = (void (*)(char const *,...)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_log_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_set" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__char_v_______void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_log_set" "', argument " "2"" of type '" "void (*)(char const *,...)""'");
+ }
+ }
+ if (arg1) (arg1)->func_log = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*result)(char const *,...) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_log_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_get" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ result = (void (*)(char const *,...)) ((arg1)->func_log);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_q_const__char_v_______void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*arg2)(void *,security_class_t,char *,size_t) = (void (*)(void *,security_class_t,char *,size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_audit_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_set" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_audit_set" "', argument " "2"" of type '" "void (*)(void *,security_class_t,char *,size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_audit = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*result)(void *,security_class_t,char *,size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_audit_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_get" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ result = (void (*)(void *,security_class_t,char *,size_t)) ((arg1)->func_audit);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_log_callback")) SWIG_fail;
+ result = (struct avc_log_callback *)(struct avc_log_callback *) calloc(1, sizeof(struct avc_log_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_log_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_log_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_log_callback" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_log_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_log_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *(*arg2)(void (*)(void)) = (void *(*)(void (*)(void))) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_create_thread_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_f_void__void__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "2"" of type '" "void *(*)(void (*)(void))""'");
+ }
+ }
+ if (arg1) (arg1)->func_create_thread = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *(*result)(void (*)(void)) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_create_thread_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ result = (void *(*)(void (*)(void))) ((arg1)->func_create_thread);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_f_void__void__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_stop_thread_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_stop_thread = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_stop_thread_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_stop_thread);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_thread_callback")) SWIG_fail;
+ result = (struct avc_thread_callback *)(struct avc_thread_callback *) calloc(1, sizeof(struct avc_thread_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_thread_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_thread_callback" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_thread_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_thread_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *(*arg2)(void) = (void *(*)(void)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_alloc_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_void__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "2"" of type '" "void *(*)(void)""'");
+ }
+ }
+ if (arg1) (arg1)->func_alloc_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *(*result)(void) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_alloc_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void *(*)(void)) ((arg1)->func_alloc_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_void__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_get_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_get_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_get_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_get_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_release_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_release_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_release_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_release_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_free_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_free_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_free_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_free_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_lock_callback")) SWIG_fail;
+ result = (struct avc_lock_callback *)(struct avc_lock_callback *) calloc(1, sizeof(struct avc_lock_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_lock_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ ...
[truncated message content] |
|
From: <ssm...@us...> - 2008-06-11 18:07:34
|
Revision: 2906
http://selinux.svn.sourceforge.net/selinux/?rev=2906&view=rev
Author: ssmalley
Date: 2008-06-11 11:07:30 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
Author: Daniel J Walsh
Email: dw...@re...
Subject: libselinux patch to add interfaces in avc.h to python bindings
Date: Wed, 11 Jun 2008 12:43:20 -0400
Modified Paths:
--------------
trunk/libselinux/src/selinuxswig.i
trunk/libselinux/src/selinuxswig_python.i
Modified: trunk/libselinux/src/selinuxswig.i
===================================================================
--- trunk/libselinux/src/selinuxswig.i 2008-06-11 12:09:31 UTC (rev 2905)
+++ trunk/libselinux/src/selinuxswig.i 2008-06-11 18:07:30 UTC (rev 2906)
@@ -5,6 +5,7 @@
%module selinux
%{
#include "selinux/selinux.h"
+ #include "../include/selinux/avc.h"
#include "../include/selinux/selinux.h"
#include "../include/selinux/get_default_type.h"
#include "../include/selinux/get_context_list.h"
@@ -47,6 +48,10 @@
%ignore set_matchpathcon_invalidcon;
%ignore set_matchpathcon_canoncon;
+%ignore avc_add_callback;
+
%include "../include/selinux/selinux.h"
+%include "../include/selinux/avc.h"
%include "../include/selinux/get_default_type.h"
%include "../include/selinux/get_context_list.h"
+
Modified: trunk/libselinux/src/selinuxswig_python.i
===================================================================
--- trunk/libselinux/src/selinuxswig_python.i 2008-06-11 12:09:31 UTC (rev 2905)
+++ trunk/libselinux/src/selinuxswig_python.i 2008-06-11 18:07:30 UTC (rev 2906)
@@ -16,6 +16,20 @@
$result = SWIG_Python_AppendOutput($result, list);
}
+/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) {
+ if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ } else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp;
+}
+
/* Makes security_compute_user() return a Python list of contexts */
%typemap(argout) (security_context_t **con) {
PyObject* plist;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-11 12:09:34
|
Revision: 2905
http://selinux.svn.sourceforge.net/selinux/?rev=2905&view=rev
Author: ssmalley
Date: 2008-06-11 05:09:31 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
20080611
Added Paths:
-----------
tags/stable/20080611/
Copied: tags/stable/20080611 (from rev 2904, branches/stable/1_0)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-11 12:09:34
|
Revision: 2904
http://selinux.svn.sourceforge.net/selinux/?rev=2904&view=rev
Author: ssmalley
Date: 2008-06-11 05:09:27 -0700 (Wed, 11 Jun 2008)
Log Message:
-----------
20080611
Added Paths:
-----------
tags/devel/20080611/
Copied: tags/devel/20080611 (from rev 2903, trunk)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-10 13:09:53
|
Revision: 2903
http://selinux.svn.sourceforge.net/selinux/?rev=2903&view=rev
Author: ssmalley
Date: 2008-06-10 06:09:47 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
updated checkpolicy to version 1.34.7
Modified Paths:
--------------
branches/stable/1_0/checkpolicy/ChangeLog
branches/stable/1_0/checkpolicy/VERSION
Modified: branches/stable/1_0/checkpolicy/ChangeLog
===================================================================
--- branches/stable/1_0/checkpolicy/ChangeLog 2008-06-10 13:08:56 UTC (rev 2902)
+++ branches/stable/1_0/checkpolicy/ChangeLog 2008-06-10 13:09:47 UTC (rev 2903)
@@ -1,6 +1,8 @@
+1.34.7 2008-06-10
+ * Merged r2886 from trunk: user and role mapping support from Joshua Brindle.
+
1.34.6 2008-06-06
* Merged r2665 and r2878 from trunk: make ipv4 address parsing like ipv6 from James Carter.
- In combination with the libsepol fix, this fixes network node address handling by checkpolicy on big endian platforms.
1.34.5 2008-03-04
* Merged r2831 from trunk: fix uninitialized use of handle in struct policy_file from Todd Miller.
Modified: branches/stable/1_0/checkpolicy/VERSION
===================================================================
--- branches/stable/1_0/checkpolicy/VERSION 2008-06-10 13:08:56 UTC (rev 2902)
+++ branches/stable/1_0/checkpolicy/VERSION 2008-06-10 13:09:47 UTC (rev 2903)
@@ -1 +1 @@
-1.34.6
+1.34.7
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-10 13:08:58
|
Revision: 2902
http://selinux.svn.sourceforge.net/selinux/?rev=2902&view=rev
Author: ssmalley
Date: 2008-06-10 06:08:56 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
updated libsepol to version 1.16.14
Modified Paths:
--------------
branches/stable/1_0/libsepol/ChangeLog
branches/stable/1_0/libsepol/VERSION
Modified: branches/stable/1_0/libsepol/ChangeLog
===================================================================
--- branches/stable/1_0/libsepol/ChangeLog 2008-06-10 13:06:52 UTC (rev 2901)
+++ branches/stable/1_0/libsepol/ChangeLog 2008-06-10 13:08:56 UTC (rev 2902)
@@ -1,3 +1,6 @@
+1.16.14 2008-06-10
+ * Merge r2886 from trunk: merge user and role mapping support from Joshua Brindle.
+
1.16.13 2008-06-06
* Fix endianness bug in the handling of network node addresses from Stephen Smalley.
Only affects big endian platforms.
Modified: branches/stable/1_0/libsepol/VERSION
===================================================================
--- branches/stable/1_0/libsepol/VERSION 2008-06-10 13:06:52 UTC (rev 2901)
+++ branches/stable/1_0/libsepol/VERSION 2008-06-10 13:08:56 UTC (rev 2902)
@@ -1 +1 @@
-1.16.13
+1.16.14
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <ssm...@us...> - 2008-06-10 13:07:03
|
Revision: 2901
http://selinux.svn.sourceforge.net/selinux/?rev=2901&view=rev
Author: ssmalley
Date: 2008-06-10 06:06:52 -0700 (Tue, 10 Jun 2008)
Log Message:
-----------
applied r2886:2887 from trunk
Modified Paths:
--------------
branches/stable/1_0/libsepol/src/expand.c
Modified: branches/stable/1_0/libsepol/src/expand.c
===================================================================
--- branches/stable/1_0/libsepol/src/expand.c 2008-06-10 13:05:20 UTC (rev 2900)
+++ branches/stable/1_0/libsepol/src/expand.c 2008-06-10 13:06:52 UTC (rev 2901)
@@ -527,9 +527,6 @@
role_datum_t *role = (role_datum_t *) datum;
expand_state_t *state = (expand_state_t *) data;
- if (!(&role->dominates.node))
- return 0;
-
if (map_ebitmap(&role->dominates, &mapped_roles, state->rolemap))
return -1;
@@ -602,11 +599,6 @@
}
}
- if (!(&new_role->dominates.node)) {
- ebitmap_init(&new_role->dominates);
- }
-
-
/* The dominates bitmap is going to be wrong for the moment,
* we'll come back later and remap them, after we are sure all
* the roles have been added */
@@ -625,10 +617,6 @@
return -1;
}
- if (!(&new_role->types.types.node)) {
- ebitmap_init(&new_role->types.types);
- }
-
if (ebitmap_union(&new_role->types.types, &tmp_union_types)) {
ERR(state->handle, "Out of memory!");
ebitmap_destroy(&tmp_union_types);
@@ -803,10 +791,6 @@
return -1;
}
- if (!(&new_user->roles.roles.node)) {
- ebitmap_init(&new_user->roles.roles);
- }
-
if (ebitmap_union(&new_user->roles.roles, &tmp_union)) {
ERR(state->handle, "Out of memory!");
ebitmap_destroy(&tmp_union);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
