mirror of
https://github.com/SELinuxProject/selinux
synced 2025-04-28 21:58:00 +00:00
The Python wrapper of rpm_execcon() has several flaws:
* An invalid call like selinux.rpm_execcon() triggers a segmentation
fault.
* The size of the buffer which is allocated to copy argv and envp is
too small to hold all the values.
* This allocated memory is leaked if one argument of rpm_execon() is not
a sequence of bytes.
The Ruby wrapper has no such flaws but can not be used as it is because
it misses some glue code to convert argv and envp arguments to char
*const [] values (even though the destructor is present!).
As it is not possible to remove rpm_execcon() without changing
libselinux soname (it would be an ABI break) like b67fefd991
("libselinux: set DISABLE_RPM default to y.") tried to do, disable this
interface locally in the SWIG wrappers.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
163 lines
3.7 KiB
OpenEdge ABL
163 lines
3.7 KiB
OpenEdge ABL
/* Author: James Athey
|
|
*/
|
|
|
|
/* Never build rpm_execcon interface */
|
|
#ifndef DISABLE_RPM
|
|
#define DISABLE_RPM
|
|
#endif
|
|
|
|
%module selinux
|
|
%{
|
|
#include "selinux/selinux.h"
|
|
%}
|
|
|
|
%pythoncode %{
|
|
|
|
import shutil, os, errno, stat
|
|
|
|
DISABLED = -1
|
|
PERMISSIVE = 0
|
|
ENFORCING = 1
|
|
|
|
def restorecon(path, recursive=False):
|
|
""" Restore SELinux context on a given path """
|
|
|
|
try:
|
|
mode = os.lstat(path)[stat.ST_MODE]
|
|
status, context = matchpathcon(path, mode)
|
|
except OSError:
|
|
path = os.path.realpath(os.path.expanduser(path))
|
|
mode = os.lstat(path)[stat.ST_MODE]
|
|
status, context = matchpathcon(path, mode)
|
|
|
|
if status == 0:
|
|
try:
|
|
status, oldcontext = lgetfilecon(path)
|
|
except OSError as e:
|
|
if e.errno != errno.ENODATA:
|
|
raise
|
|
oldcontext = None
|
|
if context != oldcontext:
|
|
lsetfilecon(path, context)
|
|
|
|
if recursive:
|
|
for root, dirs, files in os.walk(path):
|
|
for name in files + dirs:
|
|
restorecon(os.path.join(root, name))
|
|
|
|
def chcon(path, context, recursive=False):
|
|
""" Set the SELinux context on a given path """
|
|
lsetfilecon(path, context)
|
|
if recursive:
|
|
for root, dirs, files in os.walk(path):
|
|
for name in files + dirs:
|
|
lsetfilecon(os.path.join(root,name), context)
|
|
|
|
def copytree(src, dest):
|
|
""" An SELinux-friendly shutil.copytree method """
|
|
shutil.copytree(src, dest)
|
|
restorecon(dest, recursive=True)
|
|
|
|
def install(src, dest):
|
|
""" An SELinux-friendly shutil.move method """
|
|
shutil.move(src, dest)
|
|
restorecon(dest, recursive=True)
|
|
%}
|
|
|
|
/* security_get_boolean_names() typemap */
|
|
%typemap(argout) (char ***names, int *len) {
|
|
PyObject* list = PyList_New(*$2);
|
|
int i;
|
|
for (i = 0; i < *$2; i++) {
|
|
PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
|
|
}
|
|
$result = SWIG_Python_AppendOutput($result, list);
|
|
}
|
|
|
|
/* return a sid along with the result */
|
|
%typemap(argout) (security_id_t * sid) {
|
|
if (*$1) {
|
|
%append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
|
|
} else {
|
|
Py_INCREF(Py_None);
|
|
%append_output(Py_None);
|
|
}
|
|
}
|
|
|
|
%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
|
|
$1 = &temp;
|
|
}
|
|
|
|
%typemap(in, numinputs=0) void *(char *temp=NULL) {
|
|
$1 = temp;
|
|
}
|
|
|
|
/* Makes security_compute_user() return a Python list of contexts */
|
|
%typemap(argout) (char ***con) {
|
|
PyObject* plist;
|
|
int i, len = 0;
|
|
|
|
if (*$1) {
|
|
while((*$1)[len])
|
|
len++;
|
|
plist = PyList_New(len);
|
|
for (i = 0; i < len; i++) {
|
|
PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
|
|
}
|
|
} else {
|
|
plist = PyList_New(0);
|
|
}
|
|
|
|
$result = SWIG_Python_AppendOutput($result, plist);
|
|
}
|
|
|
|
/* Makes functions in get_context_list.h return a Python list of contexts */
|
|
%typemap(argout) (char ***list) {
|
|
PyObject* plist;
|
|
int i;
|
|
|
|
if (*$1) {
|
|
plist = PyList_New(result);
|
|
for (i = 0; i < result; i++) {
|
|
PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
|
|
}
|
|
} else {
|
|
plist = PyList_New(0);
|
|
}
|
|
/* Only return the Python list, don't need to return the length anymore */
|
|
$result = plist;
|
|
}
|
|
|
|
%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
|
|
$1 = &temp;
|
|
}
|
|
%typemap(freearg,match="in") char ** "";
|
|
%typemap(argout,noblock=1) char ** {
|
|
if (*$1) {
|
|
%append_output(SWIG_FromCharPtr(*$1));
|
|
freecon(*$1);
|
|
}
|
|
else {
|
|
Py_INCREF(Py_None);
|
|
%append_output(Py_None);
|
|
}
|
|
}
|
|
|
|
%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
|
|
$1 = &temp;
|
|
}
|
|
%typemap(freearg,match="in") char ** "";
|
|
%typemap(argout,noblock=1) char ** {
|
|
if (*$1) {
|
|
%append_output(SWIG_FromCharPtr(*$1));
|
|
free(*$1);
|
|
}
|
|
else {
|
|
Py_INCREF(Py_None);
|
|
%append_output(Py_None);
|
|
}
|
|
}
|
|
|
|
%include "selinuxswig_python_exception.i"
|
|
%include "selinuxswig.i"
|