From 8389437edae1b3db125df23fd9a2e80e50dc444a Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 9 Jun 2006 19:43:52 +0000 Subject: [PATCH] - Add selinux_getpolicytype() --- libselinux-rhat.patch | 273 ++++++++++++++++++------------------------ libselinux.spec | 7 +- 2 files changed, 122 insertions(+), 158 deletions(-) diff --git a/libselinux-rhat.patch b/libselinux-rhat.patch index 16f78df..0d66055 100644 --- a/libselinux-rhat.patch +++ b/libselinux-rhat.patch @@ -1,169 +1,128 @@ -diff -Nurp libselinux-1.29.7.orig/src/canonicalize_context.c libselinux-1.29.7/src/canonicalize_context.c ---- libselinux-1.29.7.orig/src/canonicalize_context.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/canonicalize_context.c 2006-05-31 20:42:47.000000000 +0800 -@@ -18,6 +18,9 @@ int security_canonicalize_context_raw(se - size_t size; - int fd, ret; +diff --exclude-from=exclude -N -u -r nsalibselinux/include/selinux/selinux.h libselinux-1.30.12/include/selinux/selinux.h +--- nsalibselinux/include/selinux/selinux.h 2006-05-18 12:11:17.000000000 -0400 ++++ libselinux-1.30.12/include/selinux/selinux.h 2006-06-09 15:29:18.000000000 -0400 +@@ -361,6 +361,13 @@ + extern int selinux_getenforcemode(int *enforce); -+ if (!selinux_mnt) -+ return -1; + /* ++ selinux_getpolicytype reads the /etc/selinux/config file and determines ++ what the default policy for the machine is. Calling application must ++ free policytype. ++ */ ++extern int selinux_getpolicytype(char **policytype); + - snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/check_context.c libselinux-1.29.7/src/check_context.c ---- libselinux-1.29.7.orig/src/check_context.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/check_context.c 2006-05-31 20:43:24.000000000 +0800 -@@ -14,6 +14,9 @@ int security_check_context_raw(security_ - char path[PATH_MAX]; - int fd, ret; ++/* + selinux_policy_root reads the /etc/selinux/config file and returns + the directory path under which the compiled policy file and context + configuration files exist. +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_config.c libselinux-1.30.12/src/selinux_config.c +--- nsalibselinux/src/selinux_config.c 2006-05-23 06:19:32.000000000 -0400 ++++ libselinux-1.30.12/src/selinux_config.c 2006-06-09 15:42:35.000000000 -0400 +@@ -124,6 +124,37 @@ + } + hidden_def(selinux_getenforcemode) -+ if (!selinux_mnt) -+ return -1; ++int selinux_getpolicytype(char **intype) { ++ int ret=-1; ++ char *type=NULL; ++ char *end=NULL; ++ FILE *cfg = fopen(SELINUXCONFIG,"r"); ++ char buf[4097]; ++ int len=sizeof(SELINUXTYPETAG)-1; ++ if (!cfg) { ++ cfg = fopen(SECURITYCONFIG,"r"); ++ } ++ if (cfg) { ++ while (fgets_unlocked(buf, 4096, cfg)) { ++ if (strncmp(buf,SELINUXTYPETAG,len)) ++ continue; ++ type = strdupa(buf+sizeof(SELINUXTYPETAG)-1); ++ end = type + strlen(type)-1; ++ while ((end > type) && ++ (isspace(*end) || iscntrl(*end))) { ++ *end = 0; ++ end--; ++ } ++ *intype=type; ++ ret=0; ++ break; ++ } ++ fclose(cfg); ++ } ++ return ret; ++} ++hidden_def(selinux_getpolicytype) + - snprintf(path, sizeof path, "%s/context", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/compute_av.c libselinux-1.29.7/src/compute_av.c ---- libselinux-1.29.7.orig/src/compute_av.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/compute_av.c 2006-05-31 20:44:00.000000000 +0800 -@@ -21,6 +21,9 @@ int security_compute_av_raw(security_con - size_t len; - int fd, ret; + static char *selinux_policyroot = NULL; + static char *selinux_rootpath = NULL; -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/access", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/compute_create.c libselinux-1.29.7/src/compute_create.c ---- libselinux-1.29.7.orig/src/compute_create.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/compute_create.c 2006-05-31 20:44:53.000000000 +0800 -@@ -20,6 +20,9 @@ int security_compute_create_raw(security - size_t size; - int fd, ret; +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux_internal.h libselinux-1.30.12/src/selinux_internal.h +--- nsalibselinux/src/selinux_internal.h 2006-05-23 06:19:32.000000000 -0400 ++++ libselinux-1.30.12/src/selinux_internal.h 2006-06-09 15:29:18.000000000 -0400 +@@ -64,6 +64,7 @@ + hidden_proto(selinux_usersconf_path); + hidden_proto(selinux_translations_path); + hidden_proto(selinux_getenforcemode); ++hidden_proto(selinux_getpolicytype); + hidden_proto(selinux_raw_to_trans_context); + hidden_proto(selinux_trans_to_raw_context); -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/create", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/compute_member.c libselinux-1.29.7/src/compute_member.c ---- libselinux-1.29.7.orig/src/compute_member.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/compute_member.c 2006-05-31 20:45:36.000000000 +0800 -@@ -20,6 +20,9 @@ int security_compute_member_raw(security - size_t size; - int fd, ret; +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinux.py libselinux-1.30.12/src/selinux.py +--- nsalibselinux/src/selinux.py 2006-05-15 09:43:24.000000000 -0400 ++++ libselinux-1.30.12/src/selinux.py 2006-06-09 15:29:18.000000000 -0400 +@@ -102,6 +102,7 @@ + is_context_customizable = _selinux.is_context_customizable + selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context + selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context ++selinux_getpolicytype = _selinux.selinux_getpolicytype + getseuserbyname = _selinux.getseuserbyname -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/member", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/compute_relabel.c libselinux-1.29.7/src/compute_relabel.c ---- libselinux-1.29.7.orig/src/compute_relabel.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/compute_relabel.c 2006-05-31 20:46:04.000000000 +0800 -@@ -20,6 +20,9 @@ int security_compute_relabel_raw(securit - size_t size; - int fd, ret; -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/relabel", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/compute_user.c libselinux-1.29.7/src/compute_user.c ---- libselinux-1.29.7.orig/src/compute_user.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/compute_user.c 2006-05-31 20:46:32.000000000 +0800 -@@ -21,6 +21,9 @@ int security_compute_user_raw(security_c - int fd, ret; - unsigned int i, nel; +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig.i libselinux-1.30.12/src/selinuxswig.i +--- nsalibselinux/src/selinuxswig.i 2006-05-15 09:43:24.000000000 -0400 ++++ libselinux-1.30.12/src/selinuxswig.i 2006-06-09 15:29:18.000000000 -0400 +@@ -126,4 +126,5 @@ + %typemap(argout) char ** { + $result = SWIG_Python_AppendOutput($result, PyString_FromString(*$1)); + } ++extern int selinux_getpolicytype(char **enforce); + extern int getseuserbyname(const char *linuxuser, char **seuser, char **level); +diff --exclude-from=exclude -N -u -r nsalibselinux/src/selinuxswig_wrap.c libselinux-1.30.12/src/selinuxswig_wrap.c +--- nsalibselinux/src/selinuxswig_wrap.c 2006-05-15 09:43:24.000000000 -0400 ++++ libselinux-1.30.12/src/selinuxswig_wrap.c 2006-06-09 15:29:18.000000000 -0400 +@@ -4153,6 +4153,27 @@ + } -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/user", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/disable.c libselinux-1.29.7/src/disable.c ---- libselinux-1.29.7.orig/src/disable.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/disable.c 2006-05-31 20:47:27.000000000 +0800 -@@ -15,6 +15,9 @@ int security_disable(void) - char path[PATH_MAX]; - char buf[20]; -+ if (!selinux_mnt) -+ return -1; ++SWIGINTERN PyObject *_wrap_selinux_getpolicytype(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { ++ PyObject *resultobj = 0; ++ char **arg1 = (char **) 0 ; ++ int result; ++ char *temp1 ; ++ ++ { ++ arg1 = &temp1; ++ } ++ if (!PyArg_ParseTuple(args,(char *)":selinux_getpolicytype")) SWIG_fail; ++ result = (int)selinux_getpolicytype(arg1); ++ resultobj = SWIG_From_int((int)(result)); ++ { ++ resultobj = SWIG_Python_AppendOutput(resultobj, PyString_FromString(*arg1)); ++ } ++ return resultobj; ++fail: ++ return NULL; ++} + - snprintf(path, sizeof path, "%s/disable", selinux_mnt); - fd = open(path, O_WRONLY); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/enabled.c libselinux-1.29.7/src/enabled.c ---- libselinux-1.29.7.orig/src/enabled.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/enabled.c 2006-05-31 20:48:30.000000000 +0800 -@@ -65,6 +65,9 @@ int is_selinux_mls_enabled(void) - char buf[20], path[PATH_MAX]; - int fd, ret, enabled = 0; - -+ if (!selinux_mnt) -+ return enabled; + - snprintf(path, sizeof path, "%s/mls", selinux_mnt); - fd = open(path, O_RDONLY); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/getenforce.c libselinux-1.29.7/src/getenforce.c ---- libselinux-1.29.7.orig/src/getenforce.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/getenforce.c 2006-05-31 20:48:56.000000000 +0800 -@@ -15,6 +15,9 @@ int security_getenforce(void) - char path[PATH_MAX]; - char buf[20]; - -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDONLY); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/load_policy.c libselinux-1.29.7/src/load_policy.c ---- libselinux-1.29.7.orig/src/load_policy.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/load_policy.c 2006-05-31 20:49:33.000000000 +0800 -@@ -20,6 +20,9 @@ int security_load_policy(void *data, siz - char path[PATH_MAX]; - int fd, ret; - -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/load", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) -diff -Nurp libselinux-1.29.7.orig/src/policyvers.c libselinux-1.29.7/src/policyvers.c ---- libselinux-1.29.7.orig/src/policyvers.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/policyvers.c 2006-05-31 20:50:22.000000000 +0800 -@@ -19,6 +19,9 @@ int security_policyvers(void) - char buf[20]; - unsigned vers = DEFAULT_POLICY_VERSION; - -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); - fd = open(path, O_RDONLY); - if (fd < 0) { -diff -Nurp libselinux-1.29.7.orig/src/setenforce.c libselinux-1.29.7/src/setenforce.c ---- libselinux-1.29.7.orig/src/setenforce.c 2006-01-20 23:37:52.000000000 +0800 -+++ libselinux-1.29.7/src/setenforce.c 2006-05-31 20:50:51.000000000 +0800 -@@ -15,6 +15,9 @@ int security_setenforce(int value) - char path[PATH_MAX]; - char buf[20]; - -+ if (!selinux_mnt) -+ return -1; -+ - snprintf(path, sizeof path, "%s/enforce", selinux_mnt); - fd = open(path, O_RDWR); - if (fd < 0) + SWIGINTERN PyObject *_wrap_getseuserbyname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; +@@ -4253,6 +4274,7 @@ + { (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL}, + { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL}, + { (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL}, ++ { (char *)"selinux_getpolicytype", _wrap_selinux_getpolicytype, METH_VARARGS, NULL}, + { (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL}, + { NULL, NULL, 0, NULL } + }; diff --git a/libselinux.spec b/libselinux.spec index 8e90320..99db334 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -2,10 +2,11 @@ Summary: SELinux library and simple utilities Name: libselinux Version: 1.30.12 -Release: 1 +Release: 2 License: Public domain (uncopyrighted) Group: System Environment/Libraries Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz +Patch: libselinux-rhat.patch BuildRequires: libsepol-devel >= %{libsepolver} swig Requires: libsepol >= %{libsepolver} setransd @@ -47,6 +48,7 @@ needed for developing SELinux applications. %prep %setup -q +%patch -p1 -b .rhat %build make clean @@ -115,6 +117,9 @@ exit 0 %{_libdir}/python*/site-packages/selinux.py* %changelog +* Thu Jun 8 2006 Dan Walsh 1.30.12-2 +- Add selinux_getpolicytype() + * Thu Jun 1 2006 Dan Walsh 1.30.12-1 - Upgrade to latest from NSA * Merged !selinux_mnt checks from Ian Kent.