From owner-trustedbsd-cvs@FreeBSD.ORG Wed Oct 11 17:44:40 2006 Return-Path: X-Original-To: trustedbsd-cvs@freebsd.org Delivered-To: trustedbsd-cvs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9259116A403 for ; Wed, 11 Oct 2006 17:44:40 +0000 (UTC) (envelope-from owner-perforce@freebsd.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8547943D67 for ; Wed, 11 Oct 2006 17:44:32 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by cyrus.watson.org (Postfix) with ESMTP id 95EFD46D6E for ; Wed, 11 Oct 2006 13:44:31 -0400 (EDT) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 8996753BA2; Wed, 11 Oct 2006 17:35:06 +0000 (GMT) (envelope-from owner-perforce@freebsd.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 82FEF16A4EB; Wed, 11 Oct 2006 17:35:06 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3057116A4CA for ; Wed, 11 Oct 2006 17:35:06 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id E8C2A43E49 for ; Wed, 11 Oct 2006 17:27:33 +0000 (GMT) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id k9BHRXrG090798 for ; Wed, 11 Oct 2006 17:27:33 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id k9BHRXdB090795 for perforce@freebsd.org; Wed, 11 Oct 2006 17:27:33 GMT (envelope-from millert@freebsd.org) Date: Wed, 11 Oct 2006 17:27:33 GMT Message-Id: <200610111727.k9BHRXdB090795@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 107692 for review X-BeenThere: trustedbsd-cvs@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD CVS and Perforce commit message list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 11 Oct 2006 17:44:40 -0000 http://perforce.freebsd.org/chv.cgi?CH=107692 Change 107692 by millert@millert_macbook on 2006/10/11 17:27:12 Add support for SELinux library python wrappers. Note that since selinuxswig_wrap.c and selinux.py require SWIG to generate, and they change rarely, we just check in the generated files. Emable building of audit2allow. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#6 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux.py#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig.i#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig_wrap.c#4 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/Makefile#3 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/Makefile#6 (text+ko) ==== @@ -26,15 +26,54 @@ RANLIB = ranlib INSTALL = install +LIBDIR = /usr/lib/ +PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]') +PYINC ?= /usr/include/$(PYLIBVER) +PYLIB ?= /usr/lib/$(PYLIBVER) +#PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) +PYTHONLIBDIR ?= /System/Library/Frameworks/Python.framework/Versions/2.3/lib/python2.3/ + +SWIGIF= selinuxswig.i +SWIGCOUT= selinuxswig_wrap.c +SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) +SWIGSO=_selinux.so +SWIGFILES=$(SWIGSO) selinux.py +SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ + +GENERATED=$(SWIGCOUT) + + + all: lib$(LIB).a -install: all +pywrap: all $(SWIGSO) + +$(SWIGLOBJ): $(SWIGCOUT) + $(CC) $(CFLAGS) -I$(PYINC) -fPIC -dynamiclib -DSHARED -c -o $@ $< + +$(SWIGSO): $(SWIGLOBJ) + $(CC) $(LDFLAGS) -dynamiclib -o $@ $< -L. -lselinux -L../../../../darwin/libmac/ -lmac -L../../libsecompat -lsecompat -L../../libsepol/src -lsepol -L$(LIBDIR) -Wl,-flat_namespace -Wl,-undefined -Wl,suppress + +$(SWIGCOUT): $(SWIGIF) + $(SWIG) $^ + +swigify: $(SWIGIF) + $(SWIG) $^ + + +install: all install-pywrap $(INSTALL) -o $(LIBOWN) -g $(LIBGRP) -m 0644 lib$(LIB).a \ $(DESTDIR)/usr/lib $(RANLIB) $(DESTDIR)/usr/lib/lib$(LIB).a +install-pywrap: pywrap + test -d $(DESTDIR)/$(PYTHONLIBDIR)/site-packages || install -m 755 -d $(DESTDIR)/$(PYTHONLIBDIR)/site-packages + install -m 755 $(SWIGFILES) $(DESTDIR)/$(PYTHONLIBDIR)/site-packages + + + clean: - rm -f lib$(LIB).a $(OBJS) + rm -f lib$(LIB).a $(OBJS) $(SWIGLOBJ) $(SWIGSO) lib$(LIB).a:: $(OBJS) rm -f lib$(LIB).a ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinux.py#4 (text+ko) ==== @@ -49,13 +49,6 @@ getpidcon = _selinux.getpidcon getprevcon = _selinux.getprevcon getexeccon = _selinux.getexeccon -setexeccon = _selinux.setexeccon -getfscreatecon = _selinux.getfscreatecon -setfscreatecon = _selinux.setfscreatecon -getkeycreatecon = _selinux.getkeycreatecon -setkeycreatecon = _selinux.setkeycreatecon -getsockcreatecon = _selinux.getsockcreatecon -setsockcreatecon = _selinux.setsockcreatecon getfilecon = _selinux.getfilecon lgetfilecon = _selinux.lgetfilecon fgetfilecon = _selinux.fgetfilecon @@ -105,11 +98,9 @@ selinux_path = _selinux.selinux_path selinux_check_passwd_access = _selinux.selinux_check_passwd_access checkPasswdAccess = _selinux.checkPasswdAccess -rpm_execcon = _selinux.rpm_execcon is_context_customizable = _selinux.is_context_customizable selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context -selinux_getpolicytype = _selinux.selinux_getpolicytype getseuserbyname = _selinux.getseuserbyname ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig.i#4 (text+ko) ==== @@ -49,13 +49,6 @@ extern int getpidcon(int pid, security_context_t *con); extern int getprevcon(security_context_t *con); extern int getexeccon(security_context_t *con); -extern int setexeccon(security_context_t con); -extern int getfscreatecon(security_context_t *con); -extern int setfscreatecon(security_context_t context); -extern int getkeycreatecon(security_context_t *con); -extern int setkeycreatecon(security_context_t context); -extern int getsockcreatecon(security_context_t *con); -extern int setsockcreatecon(security_context_t context); extern int getfilecon(const char *path, security_context_t *con); extern int lgetfilecon(const char *path, security_context_t *con); extern int fgetfilecon(int fd, security_context_t *con); @@ -115,10 +108,6 @@ extern const char *selinux_path(void); extern int selinux_check_passwd_access(access_vector_t requested); extern int checkPasswdAccess(access_vector_t requested); -extern int rpm_execcon(unsigned int verified, - const char *filename, - char *const argv[], char *const envp[]); - extern int is_context_customizable (security_context_t scontext); extern int selinux_trans_to_raw_context(char *trans, @@ -133,5 +122,5 @@ %typemap(argout) char ** { $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1)); } -extern int selinux_getpolicytype(char **enforce); +/*extern int selinux_getpolicytype(char **enforce);*/ extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/libselinux/src/selinuxswig_wrap.c#4 (text+ko) ==== @@ -2958,156 +2958,6 @@ } -SWIGINTERN PyObject *_wrap_setexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - security_context_t arg1 ; - int result; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:setexeccon",&obj0)) SWIG_fail; - { - arg1 = (security_context_t)PyString_AsString(obj0); - } - result = (int)setexeccon(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_getfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - security_context_t *arg1 = (security_context_t *) 0 ; - int result; - security_context_t temp1 ; - char *temp10 ; - - { - arg1 = &temp1; - } - if (!PyArg_ParseTuple(args,(char *)":getfscreatecon")) SWIG_fail; - result = (int)getfscreatecon(arg1); - resultobj = SWIG_From_int((int)(result)); - { - if (*arg1) - temp10 = *arg1; - else - temp10 = ""; - resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp10)); - } - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_setfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - security_context_t arg1 ; - int result; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon",&obj0)) SWIG_fail; - { - arg1 = (security_context_t)PyString_AsString(obj0); - } - result = (int)setfscreatecon(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_getkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - security_context_t *arg1 = (security_context_t *) 0 ; - int result; - security_context_t temp1 ; - char *temp10 ; - - { - arg1 = &temp1; - } - if (!PyArg_ParseTuple(args,(char *)":getkeycreatecon")) SWIG_fail; - result = (int)getkeycreatecon(arg1); - resultobj = SWIG_From_int((int)(result)); - { - if (*arg1) - temp10 = *arg1; - else - temp10 = ""; - resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp10)); - } - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_setkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - security_context_t arg1 ; - int result; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon",&obj0)) SWIG_fail; - { - arg1 = (security_context_t)PyString_AsString(obj0); - } - result = (int)setkeycreatecon(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_getsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - security_context_t *arg1 = (security_context_t *) 0 ; - int result; - security_context_t temp1 ; - char *temp10 ; - - { - arg1 = &temp1; - } - if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon")) SWIG_fail; - result = (int)getsockcreatecon(arg1); - resultobj = SWIG_From_int((int)(result)); - { - if (*arg1) - temp10 = *arg1; - else - temp10 = ""; - resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(temp10)); - } - return resultobj; -fail: - return NULL; -} - - -SWIGINTERN PyObject *_wrap_setsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - security_context_t arg1 ; - int result; - PyObject * obj0 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon",&obj0)) SWIG_fail; - { - arg1 = (security_context_t)PyString_AsString(obj0); - } - result = (int)setsockcreatecon(arg1); - resultobj = SWIG_From_int((int)(result)); - return resultobj; -fail: - return NULL; -} - - SWIGINTERN PyObject *_wrap_getfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; char *arg1 = (char *) 0 ; @@ -4134,58 +3984,6 @@ } -SWIGINTERN PyObject *_wrap_rpm_execcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - unsigned int arg1 ; - char *arg2 = (char *) 0 ; - char **arg3 ; - char **arg4 ; - int result; - unsigned int val1 ; - int ecode1 = 0 ; - int res2 ; - char *buf2 = 0 ; - int alloc2 = 0 ; - void *argp3 = 0 ; - int res3 = 0 ; - void *argp4 = 0 ; - int res4 = 0 ; - PyObject * obj0 = 0 ; - PyObject * obj1 = 0 ; - PyObject * obj2 = 0 ; - PyObject * obj3 = 0 ; - - if (!PyArg_ParseTuple(args,(char *)"OOOO:rpm_execcon",&obj0,&obj1,&obj2,&obj3)) SWIG_fail; - ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1); - if (!SWIG_IsOK(ecode1)) { - SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "rpm_execcon" "', argument " "1"" of type '" "unsigned int""'"); - } - arg1 = (unsigned int)(val1); - res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); - if (!SWIG_IsOK(res2)) { - SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'"); - } - arg2 = buf2; - res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_char, 0 | 0 ); - if (!SWIG_IsOK(res3)) { - SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "rpm_execcon" "', argument " "3"" of type '" "char *const []""'"); - } - arg3 = (char **)(argp3); - res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_char, 0 | 0 ); - if (!SWIG_IsOK(res4)) { - SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "rpm_execcon" "', argument " "4"" of type '" "char *const []""'"); - } - arg4 = (char **)(argp4); - result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4); - resultobj = SWIG_From_int((int)(result)); - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return resultobj; -fail: - if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); - return NULL; -} - - SWIGINTERN PyObject *_wrap_is_context_customizable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; security_context_t arg1 ; @@ -4280,27 +4078,6 @@ } -SWIGINTERN PyObject *_wrap_selinux_getpolicytype(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { - PyObject *resultobj = 0; - char **arg1 = (char **) 0 ; - int result; - char *temp1 ; - - { - arg1 = &temp1; - } - if (!PyArg_ParseTuple(args,(char *)":selinux_getpolicytype")) SWIG_fail; - result = (int)selinux_getpolicytype(arg1); - resultobj = SWIG_From_int((int)(result)); - { - resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(*arg1)); - } - return resultobj; -fail: - return NULL; -} - - SWIGINTERN PyObject *_wrap_getseuserbyname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { PyObject *resultobj = 0; char *arg1 = (char *) 0 ; @@ -4350,13 +4127,6 @@ { (char *)"getpidcon", _wrap_getpidcon, METH_VARARGS, NULL}, { (char *)"getprevcon", _wrap_getprevcon, METH_VARARGS, NULL}, { (char *)"getexeccon", _wrap_getexeccon, METH_VARARGS, NULL}, - { (char *)"setexeccon", _wrap_setexeccon, METH_VARARGS, NULL}, - { (char *)"getfscreatecon", _wrap_getfscreatecon, METH_VARARGS, NULL}, - { (char *)"setfscreatecon", _wrap_setfscreatecon, METH_VARARGS, NULL}, - { (char *)"getkeycreatecon", _wrap_getkeycreatecon, METH_VARARGS, NULL}, - { (char *)"setkeycreatecon", _wrap_setkeycreatecon, METH_VARARGS, NULL}, - { (char *)"getsockcreatecon", _wrap_getsockcreatecon, METH_VARARGS, NULL}, - { (char *)"setsockcreatecon", _wrap_setsockcreatecon, METH_VARARGS, NULL}, { (char *)"getfilecon", _wrap_getfilecon, METH_VARARGS, NULL}, { (char *)"lgetfilecon", _wrap_lgetfilecon, METH_VARARGS, NULL}, { (char *)"fgetfilecon", _wrap_fgetfilecon, METH_VARARGS, NULL}, @@ -4404,11 +4174,9 @@ { (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL}, { (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL}, { (char *)"checkPasswdAccess", _wrap_checkPasswdAccess, METH_VARARGS, NULL}, - { (char *)"rpm_execcon", _wrap_rpm_execcon, METH_VARARGS, NULL}, { (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL}, { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL}, { (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL}, - { (char *)"selinux_getpolicytype", _wrap_selinux_getpolicytype, METH_VARARGS, NULL}, { (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL}, { NULL, NULL, 0, NULL } }; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/Makefile#3 (text+ko) ==== @@ -1,4 +1,4 @@ -SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po +SUBDIRS=setfiles semanage load_policy newrole run_init restorecon restorecond secon audit2allow audit2why scripts sestatus semodule_package semodule semodule_link semodule_expand semodule_deps setsebool po audit2allow all install relabel clean: @for subdir in $(SUBDIRS); do \ ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/policycoreutils/audit2allow/Makefile#3 (text+ko) ==== @@ -1,11 +1,13 @@ +include ../../../../Makeconfig + # Installation directories. -PREFIX ?= ${DESTDIR}/usr -BINDIR ?= $(PREFIX)/bin -LIBDIR ?= $(PREFIX)/lib -MANDIR ?= $(PREFIX)/share/man +PREFIX = $(DESTDIR)/usr +BINDIR = $(PREFIX)/bin +LIBDIR = $(PREFIX)/lib +MANDIR = $(PREFIX)/share/man LOCALEDIR ?= /usr/share/locale -PYLIBVER ?= python2.4 -PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) +PYLIBVER ?= python2.3 +PYTHONLIBDIR ?= $(DESTDIR)/System/Library/Frameworks/Python.framework/Versions/2.3/lib/$(PYLIBVER) TARGETS=audit2allow