This patch fixes the exception handling in libselinux-python bindings

On 09/16/2009 03:35 PM, Joshua Brindle wrote: > > > Joshua Brindle wrote: >> >> >> Daniel J Walsh wrote: >>> What do you think of this one. Removed excess swig cruft, >>> >>> You need to run >>> >>> make swigify to generate those changes. >>> >> >> Ok, looking at this now. I don't completely get how it works. I'm trying >> to reproduce what you are doing by hand but nothing comes out of gcc: >> >> [root@localhost src]# echo '#include "../include/selinux/selinux.h"' > >> temp.c >> [root@localhost src]# gcc -c temp.c -aux-info temp.aux >> [root@localhost src]# ls temp.* >> temp.c temp.o >> >> >> What is the purpose of the aux-info thing, and why doesn't it work on my >> F11 machine? >> >> also, I'm not sure if the best place for selinuxswig_exception.i is >> swigify or pywrap. In the swigify case it shouldn't be in the clean >> target because if you check out the repo and do make clean; make pywrap >> you'll get an error. (I can make these fixes, I'm just trying to figure >> out how it all works first). >> > > Oh, one more thing, should this be python specific? (E.g, should it be > named selinuxswig_python_exception.i ?) Changed name to selinux_python_exception.i WOrks for me on F11 and F12 dwalsh@localhost$ echo '#include "../include/selinux/selinux.h"' > temp.c dwalsh@localhost$ gcc -c temp.c -aux-info temp.aux dwalsh@localhost$ ls temp.* temp.aux temp.c temp.o cat temp.aux /* compiled from: . */ /* /usr/include/sys/select.h:109:NC */ extern int select (int, fd_set *, fd_set *, fd_set *, struct timeval *); /* /usr/include/sys/select.h:121:NC */ extern int pselect (int, fd_set *, fd_set *, fd_set *, const struct timespec *, const __sigset_t *); /* /usr/include/sys/sysmacros.h:31:NC */ extern unsigned int gnu_dev_major (long long unsigned int); /* /usr/include/sys/sysmacros.h:34:NC */ extern unsigned int gnu_dev_minor (long long unsigned int); /* /usr/include/sys/sysmacros.h:37:NC */ extern long long unsigned int gnu_dev_makedev (unsigned int, unsigned int); /* ../include/selinux/selinux.h:12:NC */ extern int is_selinux_enabled (void); /* ../include/selinux/selinux.h:14:NC */ extern int is_selinux_mls_enabled (void); /* ../include/selinux/selinux.h:19:NC */ extern void freecon (security_context_t); /* ../include/selinux/selinux.h:22:NC */ extern void freeconary (security_context_t *); ... commit 38d98bd958f42ea18c9376e624d733795665ee22 Author: Dan Walsh <dwalsh@redhat.com> Date: Wed Sep 16 16:51:14 2009 -0400 Add exception code
2009-09-16 16:58:12 -04:00 · 2009-09-16 16:58:12 -04:00 · 66d0760007
parent 6e7e247f6c
commit 66d0760007
5 changed files with 53 additions and 13 deletions
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@ -346,7 +346,7 @@ struct security_class_mapping {
 	const char *perms[sizeof(access_vector_t) * 8 + 1];
 };

-int selinux_set_mapping(struct security_class_mapping *map);
+extern int selinux_set_mapping(struct security_class_mapping *map);

 /* Common helpers */

@ -556,17 +556,17 @@ extern int getseuser(const char *username, const char *service,
 		     char **r_seuser, char **r_level);

 /* Compare two file contexts, return 0 if equivalent. */
-int selinux_file_context_cmp(const security_context_t a,
+extern int selinux_file_context_cmp(const security_context_t a,
 			     const security_context_t b);

 /* 
 * Verify the context of the file 'path' against policy.
 * Return 0 if correct. 
 */
-int selinux_file_context_verify(const char *path, mode_t mode);
+extern int selinux_file_context_verify(const char *path, mode_t mode);

 /* This function sets the file context on to the system defaults returns 0 on success */
-int selinux_lsetfilecon_default(const char *path);
+extern int selinux_lsetfilecon_default(const char *path);

 #ifdef __cplusplus
 }
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@ -82,6 +82,9 @@ $(LIBSO): $(LOBJS)
 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
 	ln -sf $@ $(TARGET) 

+selinuxswig_python_exception.i: ../include/selinux/selinux.h
+	sh exception.sh > $@ 
+
 audit2why.lo: audit2why.c
 	$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<

@ -100,8 +103,8 @@ $(SWIGCOUT): $(SWIGIF)
 $(SWIGRUBYCOUT): $(SWIGRUBYIF)
 	$(SWIGRUBY) $^

-swigify: $(SWIGIF)
-	$(SWIG) $^
+swigify: $(SWIGIF) selinuxswig_python_exception.i
+	$(SWIG) $<

 install: all 
 	test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
@ -124,7 +127,7 @@ relabel:
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)

 clean: 
-	-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
+	-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ selinuxswig_python_exception.i

 distclean: clean
 	rm -f $(GENERATED) $(SWIGFILES)
--- a/libselinux/src/exception.sh
+++ b/libselinux/src/exception.sh
@ -0,0 +1,21 @@
+function except() {
+case $1 in
+    selinux_file_context_cmp) # ignore
+    ;;
+    *)
+echo "
+%exception $1 {
+  \$action 
+  if (result < 0) {
+     PyErr_SetFromErrno(PyExc_OSError);
+     return NULL;
+  }
+}
+"
+;;
+esac
+}
+echo '#include "../include/selinux/selinux.h"' > temp.c
+gcc -c temp.c -aux-info temp.aux 
+for i in `awk '/..\/include\/selinux\/selinux.h.*extern int/ { print $6 }' temp.aux`; do except $i ; done 
+rm -f temp.c temp.aux temp.o
--- a/libselinux/src/selinuxswig.i
+++ b/libselinux/src/selinuxswig.i
@ -4,11 +4,14 @@

 %module selinux
 %{
-	#include "selinux/selinux.h"
 	#include "../include/selinux/avc.h"
-	#include "../include/selinux/selinux.h"
-	#include "../include/selinux/get_default_type.h"
+	#include "../include/selinux/av_permissions.h"
+	#include "../include/selinux/context.h"
+	#include "../include/selinux/flask.h"
 	#include "../include/selinux/get_context_list.h"
+	#include "../include/selinux/get_default_type.h"
+	#include "../include/selinux/label.h"
+	#include "../include/selinux/selinux.h"
 %}
 %apply int *OUTPUT { int *enforce };
 %apply int *OUTPUT { size_t * };
@ -55,8 +58,11 @@
 %ignore avc_netlink_release_fd;
 %ignore avc_netlink_check_nb;

-%include "../include/selinux/selinux.h"
 %include "../include/selinux/avc.h"
-%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/av_permissions.h"
+%include "../include/selinux/context.h"
+%include "../include/selinux/flask.h"
 %include "../include/selinux/get_context_list.h"
-
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/label.h"
+%include "../include/selinux/selinux.h"
--- a/libselinux/src/selinuxswig_python.i
+++ b/libselinux/src/selinuxswig_python.i
@ -21,6 +21,15 @@ def restorecon(path, recursive=False):
                             map(restorecon, [os.path.join(dirname, fname)
                                              for fname in fnames]), None)

+def copytree(src, dest):
+    """ An SELinux-friendly shutil.copytree method """
+    shutil.copytree(src, dest)
+    restorecon(dest, recursive=True)
+
+def install(src, dest):
+    """ An SELinux-friendly shutil.move method """
+    shutil.move(src, dest)
+    restorecon(dest, recursive=True)
 %}

 /* security_get_boolean_names() typemap */
@ -150,4 +159,5 @@ def restorecon(path, recursive=False):
 	free($1);
 }

+%include "selinuxswig_python_exception.i"
 %include "selinuxswig.i"