1*2d543d20SAndroid Build Coastguard Worker /* Author: James Athey 2*2d543d20SAndroid Build Coastguard Worker */ 3*2d543d20SAndroid Build Coastguard Worker 4*2d543d20SAndroid Build Coastguard Worker /* Never build rpm_execcon interface */ 5*2d543d20SAndroid Build Coastguard Worker #ifndef DISABLE_RPM 6*2d543d20SAndroid Build Coastguard Worker #define DISABLE_RPM 7*2d543d20SAndroid Build Coastguard Worker #endif 8*2d543d20SAndroid Build Coastguard Worker 9*2d543d20SAndroid Build Coastguard Worker %module selinux 10*2d543d20SAndroid Build Coastguard Worker %{ 11*2d543d20SAndroid Build Coastguard Worker #include "selinux/selinux.h" 12*2d543d20SAndroid Build Coastguard Worker %} 13*2d543d20SAndroid Build Coastguard Worker 14*2d543d20SAndroid Build Coastguard Worker %pythoncode %{ 15*2d543d20SAndroid Build Coastguard Worker 16*2d543d20SAndroid Build Coastguard Worker import shutil 17*2d543d20SAndroid Build Coastguard Worker import os 18*2d543d20SAndroid Build Coastguard Worker 19*2d543d20SAndroid Build Coastguard Worker DISABLED = -1 20*2d543d20SAndroid Build Coastguard Worker PERMISSIVE = 0 21*2d543d20SAndroid Build Coastguard Worker ENFORCING = 1 22*2d543d20SAndroid Build Coastguard Worker 23*2d543d20SAndroid Build Coastguard Worker def restorecon(path, recursive=False, verbose=False, force=False, nthreads=1): 24*2d543d20SAndroid Build Coastguard Worker """ Restore SELinux context on a given path 25*2d543d20SAndroid Build Coastguard Worker 26*2d543d20SAndroid Build Coastguard Worker Arguments: 27*2d543d20SAndroid Build Coastguard Worker path -- The pathname for the file or directory to be relabeled. 28*2d543d20SAndroid Build Coastguard Worker 29*2d543d20SAndroid Build Coastguard Worker Keyword arguments: 30*2d543d20SAndroid Build Coastguard Worker recursive -- Change files and directories file labels recursively (default False) 31*2d543d20SAndroid Build Coastguard Worker verbose -- Show changes in file labels (default False) 32*2d543d20SAndroid Build Coastguard Worker force -- Force reset of context to match file_context for customizable files, 33*2d543d20SAndroid Build Coastguard Worker and the default file context, changing the user, role, range portion as well 34*2d543d20SAndroid Build Coastguard Worker as the type (default False) 35*2d543d20SAndroid Build Coastguard Worker nthreads -- The number of threads to use during relabeling, or 0 to use as many 36*2d543d20SAndroid Build Coastguard Worker threads as there are online CPU cores (default 1) 37*2d543d20SAndroid Build Coastguard Worker """ 38*2d543d20SAndroid Build Coastguard Worker 39*2d543d20SAndroid Build Coastguard Worker restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH 40*2d543d20SAndroid Build Coastguard Worker if recursive: 41*2d543d20SAndroid Build Coastguard Worker restorecon_flags |= SELINUX_RESTORECON_RECURSE 42*2d543d20SAndroid Build Coastguard Worker if verbose: 43*2d543d20SAndroid Build Coastguard Worker restorecon_flags |= SELINUX_RESTORECON_VERBOSE 44*2d543d20SAndroid Build Coastguard Worker if force: 45*2d543d20SAndroid Build Coastguard Worker restorecon_flags |= SELINUX_RESTORECON_SET_SPECFILE_CTX 46*2d543d20SAndroid Build Coastguard Worker selinux_restorecon_parallel(os.path.expanduser(path), restorecon_flags, nthreads) 47*2d543d20SAndroid Build Coastguard Worker 48*2d543d20SAndroid Build Coastguard Worker def chcon(path, context, recursive=False): 49*2d543d20SAndroid Build Coastguard Worker """ Set the SELinux context on a given path """ 50*2d543d20SAndroid Build Coastguard Worker lsetfilecon(path, context) 51*2d543d20SAndroid Build Coastguard Worker if recursive: 52*2d543d20SAndroid Build Coastguard Worker for root, dirs, files in os.walk(path): 53*2d543d20SAndroid Build Coastguard Worker for name in files + dirs: 54*2d543d20SAndroid Build Coastguard Worker lsetfilecon(os.path.join(root, name), context) 55*2d543d20SAndroid Build Coastguard Worker 56*2d543d20SAndroid Build Coastguard Worker def copytree(src, dest): 57*2d543d20SAndroid Build Coastguard Worker """ An SELinux-friendly shutil.copytree method """ 58*2d543d20SAndroid Build Coastguard Worker shutil.copytree(src, dest) 59*2d543d20SAndroid Build Coastguard Worker restorecon(dest, recursive=True) 60*2d543d20SAndroid Build Coastguard Worker 61*2d543d20SAndroid Build Coastguard Worker def install(src, dest): 62*2d543d20SAndroid Build Coastguard Worker """ An SELinux-friendly shutil.move method """ 63*2d543d20SAndroid Build Coastguard Worker shutil.move(src, dest) 64*2d543d20SAndroid Build Coastguard Worker restorecon(dest, recursive=True) 65*2d543d20SAndroid Build Coastguard Worker %} 66*2d543d20SAndroid Build Coastguard Worker 67*2d543d20SAndroid Build Coastguard Worker /* security_get_boolean_names() typemap */ 68*2d543d20SAndroid Build Coastguard Worker %typemap(argout) (char ***names, int *len) { 69*2d543d20SAndroid Build Coastguard Worker PyObject* list = PyList_New(*$2); 70*2d543d20SAndroid Build Coastguard Worker int i; 71*2d543d20SAndroid Build Coastguard Worker for (i = 0; i < *$2; i++) { 72*2d543d20SAndroid Build Coastguard Worker PyList_SetItem(list, i, PyString_FromString((*$1)[i])); 73*2d543d20SAndroid Build Coastguard Worker } 74*2d543d20SAndroid Build Coastguard Worker $result = SWIG_AppendOutput($result, list); 75*2d543d20SAndroid Build Coastguard Worker } 76*2d543d20SAndroid Build Coastguard Worker 77*2d543d20SAndroid Build Coastguard Worker /* return a sid along with the result */ 78*2d543d20SAndroid Build Coastguard Worker %typemap(argout) (security_id_t * sid) { 79*2d543d20SAndroid Build Coastguard Worker if (*$1) { 80*2d543d20SAndroid Build Coastguard Worker %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); 81*2d543d20SAndroid Build Coastguard Worker } else { 82*2d543d20SAndroid Build Coastguard Worker Py_INCREF(Py_None); 83*2d543d20SAndroid Build Coastguard Worker %append_output(Py_None); 84*2d543d20SAndroid Build Coastguard Worker } 85*2d543d20SAndroid Build Coastguard Worker } 86*2d543d20SAndroid Build Coastguard Worker 87*2d543d20SAndroid Build Coastguard Worker %typemap(in,numinputs=0) security_id_t *(security_id_t temp) { 88*2d543d20SAndroid Build Coastguard Worker $1 = &temp; 89*2d543d20SAndroid Build Coastguard Worker } 90*2d543d20SAndroid Build Coastguard Worker 91*2d543d20SAndroid Build Coastguard Worker %typemap(in, numinputs=0) void *(char *temp=NULL) { 92*2d543d20SAndroid Build Coastguard Worker $1 = temp; 93*2d543d20SAndroid Build Coastguard Worker } 94*2d543d20SAndroid Build Coastguard Worker 95*2d543d20SAndroid Build Coastguard Worker /* Makes security_compute_user() return a Python list of contexts */ 96*2d543d20SAndroid Build Coastguard Worker %typemap(argout) (char ***con) { 97*2d543d20SAndroid Build Coastguard Worker PyObject* plist; 98*2d543d20SAndroid Build Coastguard Worker int i, len = 0; 99*2d543d20SAndroid Build Coastguard Worker 100*2d543d20SAndroid Build Coastguard Worker if (*$1) { 101*2d543d20SAndroid Build Coastguard Worker while((*$1)[len]) 102*2d543d20SAndroid Build Coastguard Worker len++; 103*2d543d20SAndroid Build Coastguard Worker plist = PyList_New(len); 104*2d543d20SAndroid Build Coastguard Worker for (i = 0; i < len; i++) { 105*2d543d20SAndroid Build Coastguard Worker PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); 106*2d543d20SAndroid Build Coastguard Worker } 107*2d543d20SAndroid Build Coastguard Worker } else { 108*2d543d20SAndroid Build Coastguard Worker plist = PyList_New(0); 109*2d543d20SAndroid Build Coastguard Worker } 110*2d543d20SAndroid Build Coastguard Worker 111*2d543d20SAndroid Build Coastguard Worker $result = SWIG_AppendOutput($result, plist); 112*2d543d20SAndroid Build Coastguard Worker } 113*2d543d20SAndroid Build Coastguard Worker 114*2d543d20SAndroid Build Coastguard Worker /* Makes functions in get_context_list.h return a Python list of contexts */ 115*2d543d20SAndroid Build Coastguard Worker %typemap(argout) (char ***list) { 116*2d543d20SAndroid Build Coastguard Worker PyObject* plist; 117*2d543d20SAndroid Build Coastguard Worker int i; 118*2d543d20SAndroid Build Coastguard Worker 119*2d543d20SAndroid Build Coastguard Worker if (*$1) { 120*2d543d20SAndroid Build Coastguard Worker plist = PyList_New(result); 121*2d543d20SAndroid Build Coastguard Worker for (i = 0; i < result; i++) { 122*2d543d20SAndroid Build Coastguard Worker PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); 123*2d543d20SAndroid Build Coastguard Worker } 124*2d543d20SAndroid Build Coastguard Worker } else { 125*2d543d20SAndroid Build Coastguard Worker plist = PyList_New(0); 126*2d543d20SAndroid Build Coastguard Worker } 127*2d543d20SAndroid Build Coastguard Worker /* Only return the Python list, don't need to return the length anymore */ 128*2d543d20SAndroid Build Coastguard Worker $result = plist; 129*2d543d20SAndroid Build Coastguard Worker } 130*2d543d20SAndroid Build Coastguard Worker 131*2d543d20SAndroid Build Coastguard Worker %typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { 132*2d543d20SAndroid Build Coastguard Worker $1 = &temp; 133*2d543d20SAndroid Build Coastguard Worker } 134*2d543d20SAndroid Build Coastguard Worker %typemap(freearg,match="in") char ** ""; 135*2d543d20SAndroid Build Coastguard Worker %typemap(argout,noblock=1) char ** { 136*2d543d20SAndroid Build Coastguard Worker if (*$1) { 137*2d543d20SAndroid Build Coastguard Worker %append_output(SWIG_FromCharPtr(*$1)); 138*2d543d20SAndroid Build Coastguard Worker freecon(*$1); 139*2d543d20SAndroid Build Coastguard Worker } 140*2d543d20SAndroid Build Coastguard Worker else { 141*2d543d20SAndroid Build Coastguard Worker Py_INCREF(Py_None); 142*2d543d20SAndroid Build Coastguard Worker %append_output(Py_None); 143*2d543d20SAndroid Build Coastguard Worker } 144*2d543d20SAndroid Build Coastguard Worker } 145*2d543d20SAndroid Build Coastguard Worker 146*2d543d20SAndroid Build Coastguard Worker %typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { 147*2d543d20SAndroid Build Coastguard Worker $1 = &temp; 148*2d543d20SAndroid Build Coastguard Worker } 149*2d543d20SAndroid Build Coastguard Worker %typemap(freearg,match="in") char ** ""; 150*2d543d20SAndroid Build Coastguard Worker %typemap(argout,noblock=1) char ** { 151*2d543d20SAndroid Build Coastguard Worker if (*$1) { 152*2d543d20SAndroid Build Coastguard Worker %append_output(SWIG_FromCharPtr(*$1)); 153*2d543d20SAndroid Build Coastguard Worker free(*$1); 154*2d543d20SAndroid Build Coastguard Worker } 155*2d543d20SAndroid Build Coastguard Worker else { 156*2d543d20SAndroid Build Coastguard Worker Py_INCREF(Py_None); 157*2d543d20SAndroid Build Coastguard Worker %append_output(Py_None); 158*2d543d20SAndroid Build Coastguard Worker } 159*2d543d20SAndroid Build Coastguard Worker } 160*2d543d20SAndroid Build Coastguard Worker 161*2d543d20SAndroid Build Coastguard Worker %include "selinuxswig_python_exception.i" 162*2d543d20SAndroid Build Coastguard Worker %include "selinuxswig.i" 163