libselinux: add missing glue code to grab errno in Python bindings

The Python bindings for libselinux expose functions such as
avc_has_perm(), get_ordered_context_list(), etc. When these functions
encounter an error, they set errno accordingly and return a negative
value. In order to get the value of errno from Python code, it needs to
be "forwarded" in a way. This is achieved by glue code in
selinuxswig_python_exception.i, which implement raising an OSError
exception from the value of errno.

selinuxswig_python_exception.i was only generating glue code from
functions declared in selinux.h and not in other headers. Add other
headers.

selinuxswig_python_exception.i is generated by "bash exception.sh". Mark
the fact that exception.sh is a Bash script by adding a shebang. This
makes "shellcheck" not warn about the Bash array which is used to list
header files.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Acked-by: William Roberts <william.c.roberts@intel.com>
This commit is contained in:
Nicolas Iooss 2020-04-12 10:09:59 +02:00 committed by William Roberts
parent 21f50e94b9
commit 0bcaba30d7
2 changed files with 412 additions and 2 deletions

View File

@ -1,3 +1,5 @@
#!/bin/bash
function except() {
case $1 in
selinux_file_context_cmp) # ignore
@ -15,10 +17,22 @@ echo "
;;
esac
}
if ! ${CC:-gcc} -x c -c -I../include -o temp.o - -aux-info temp.aux < ../include/selinux/selinux.h
# Make sure that selinux.h is included first in order not to depend on the order
# in which "#include <selinux/selinux.h>" appears in other files.
FILE_LIST=(
../include/selinux/selinux.h
../include/selinux/avc.h
../include/selinux/context.h
../include/selinux/get_context_list.h
../include/selinux/get_default_type.h
../include/selinux/label.h
../include/selinux/restorecon.h
)
if ! cat "${FILE_LIST[@]}" | ${CC:-gcc} -x c -c -I../include -o temp.o - -aux-info temp.aux
then
# clang does not support -aux-info so fall back to gcc
gcc -x c -c -I../include -o temp.o - -aux-info temp.aux < ../include/selinux/selinux.h
cat "${FILE_LIST[@]}" | gcc -x c -c -I../include -o temp.o - -aux-info temp.aux
fi
for i in `awk '/<stdin>.*extern int/ { print $6 }' temp.aux`; do except $i ; done
rm -f -- temp.aux temp.o

View File

@ -952,3 +952,399 @@
}
}
%exception avc_sid_to_context {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_sid_to_context_raw {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_context_to_sid {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_context_to_sid_raw {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception sidget {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception sidput {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_get_initial_sid {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_init {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_open {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_reset {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_has_perm_noaudit {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_has_perm {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_compute_create {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_compute_member {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_add_callback {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_netlink_open {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_netlink_acquire_fd {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception avc_netlink_check_nb {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_status_open {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_status_updated {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_status_getenforce {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_status_policyload {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_status_deny_unknown {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception context_type_set {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception context_range_set {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception context_role_set {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception context_user_set {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception get_ordered_context_list {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception get_ordered_context_list_with_level {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception get_default_context {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception get_default_context_with_level {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception get_default_context_with_role {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception get_default_context_with_rolelevel {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception query_user_context {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception manual_user_enter_context {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception get_default_type {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selabel_lookup {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selabel_lookup_raw {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selabel_lookup_best_match {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selabel_lookup_best_match_raw {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selabel_digest {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_restorecon {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_restorecon_set_alt_rootpath {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}
%exception selinux_restorecon_xattr {
$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
}
}