113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Author: James Athey
213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */
313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%module selinux
513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%{
613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	#include "selinux/selinux.h"
713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%}
813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
909836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle%pythoncode %{
1009836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle
11f2e38b609c11388dd7c2bea1e48a2f0950023c97Nir Sofferimport shutil, os, errno, stat
1209836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle
139639f5d9a837df2d026748543c96cecbc95cb1e2Dan WalshDISABLED = -1
149639f5d9a837df2d026748543c96cecbc95cb1e2Dan WalshPERMISSIVE = 0
159639f5d9a837df2d026748543c96cecbc95cb1e2Dan WalshENFORCING = 1
169639f5d9a837df2d026748543c96cecbc95cb1e2Dan Walsh
1709836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindledef restorecon(path, recursive=False):
1809836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle    """ Restore SELinux context on a given path """
19c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris
20c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris    try:
21c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris        mode = os.lstat(path)[stat.ST_MODE]
22c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris        status, context = matchpathcon(path, mode)
23c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris    except OSError:
24c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris        path = os.path.realpath(os.path.expanduser(path))
25c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris        mode = os.lstat(path)[stat.ST_MODE]
26c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris        status, context = matchpathcon(path, mode)
27c7ed95f449882f8a3bba47ed71416f034e345042Eric Paris
2809836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle    if status == 0:
29f2e38b609c11388dd7c2bea1e48a2f0950023c97Nir Soffer        try:
30f2e38b609c11388dd7c2bea1e48a2f0950023c97Nir Soffer            status, oldcontext = lgetfilecon(path)
31f2e38b609c11388dd7c2bea1e48a2f0950023c97Nir Soffer        except OSError as e:
32f2e38b609c11388dd7c2bea1e48a2f0950023c97Nir Soffer            if e.errno != errno.ENODATA:
33f2e38b609c11388dd7c2bea1e48a2f0950023c97Nir Soffer                raise
34f2e38b609c11388dd7c2bea1e48a2f0950023c97Nir Soffer            oldcontext = None
357e81db0eb85755947619b6baa69049a7a726fa62Dan Walsh        if context != oldcontext:
367e81db0eb85755947619b6baa69049a7a726fa62Dan Walsh            lsetfilecon(path, context)
377e81db0eb85755947619b6baa69049a7a726fa62Dan Walsh
3809836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle        if recursive:
3942ac8d6dc4c999a0a9b5347f20159a6732cec253Miro Hrončok            for root, dirs, files in os.walk(path):
4042ac8d6dc4c999a0a9b5347f20159a6732cec253Miro Hrončok                for name in files + dirs:
4142ac8d6dc4c999a0a9b5347f20159a6732cec253Miro Hrončok                   restorecon(os.path.join(root, name))
4209836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle
43537721089af4466962e1520a571e4478d040edb3Steve Lawrencedef chcon(path, context, recursive=False):
44537721089af4466962e1520a571e4478d040edb3Steve Lawrence    """ Set the SELinux context on a given path """
45537721089af4466962e1520a571e4478d040edb3Steve Lawrence    lsetfilecon(path, context)
46537721089af4466962e1520a571e4478d040edb3Steve Lawrence    if recursive:
47537721089af4466962e1520a571e4478d040edb3Steve Lawrence        for root, dirs, files in os.walk(path):
48537721089af4466962e1520a571e4478d040edb3Steve Lawrence            for name in files + dirs:
49537721089af4466962e1520a571e4478d040edb3Steve Lawrence               lsetfilecon(os.path.join(root,name), context)
50537721089af4466962e1520a571e4478d040edb3Steve Lawrence
5166d07600075d53735197520e4a5bbe6796a89d25Daniel J Walshdef copytree(src, dest):
5266d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh    """ An SELinux-friendly shutil.copytree method """
5366d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh    shutil.copytree(src, dest)
5466d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh    restorecon(dest, recursive=True)
5566d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh
5666d07600075d53735197520e4a5bbe6796a89d25Daniel J Walshdef install(src, dest):
5766d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh    """ An SELinux-friendly shutil.move method """
5866d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh    shutil.move(src, dest)
5966d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh    restorecon(dest, recursive=True)
6009836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle%}
6109836bf0c1bd3cd9e1807e1b29b0faea2545baf4Joshua Brindle
6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* security_get_boolean_names() typemap */
6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(argout) (char ***names, int *len) {
6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	PyObject* list = PyList_New(*$2);
6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	int i;
6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	for (i = 0; i < *$2; i++) {
6763df0f7ef12844b9b86cc293299671da772fcf84Eric Paris		PyList_SetItem(list, i, PyBytes_FromString((*$1)[i]));
6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	$result = SWIG_Python_AppendOutput($result, list);
7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* return a sid along with the result */
7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(argout) (security_id_t * sid) {
7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	if (*$1) {
7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle                %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	} else {
7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		Py_INCREF(Py_None);
7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		%append_output(Py_None);
7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle  $1 = &temp;
8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
869639f5d9a837df2d026748543c96cecbc95cb1e2Dan Walsh%typemap(in, numinputs=0) void *(char *temp=NULL) {
879639f5d9a837df2d026748543c96cecbc95cb1e2Dan Walsh	$1 = temp;
889639f5d9a837df2d026748543c96cecbc95cb1e2Dan Walsh}
899639f5d9a837df2d026748543c96cecbc95cb1e2Dan Walsh
9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Makes security_compute_user() return a Python list of contexts */
919eb9c9327563014ad6a807814e7975424642d5b9Stephen Smalley%typemap(argout) (char ***con) {
9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	PyObject* plist;
9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	int i, len = 0;
9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	if (*$1) {
9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		while((*$1)[len])
9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle			len++;
9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		plist = PyList_New(len);
9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		for (i = 0; i < len; i++) {
10063df0f7ef12844b9b86cc293299671da772fcf84Eric Paris			PyList_SetItem(plist, i,
10163df0f7ef12844b9b86cc293299671da772fcf84Eric Paris                                       PyBytes_FromString((*$1)[i])
10263df0f7ef12844b9b86cc293299671da772fcf84Eric Paris                                       );
10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		}
10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	} else {
10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		plist = PyList_New(0);
10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	$result = SWIG_Python_AppendOutput($result, plist);
10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Makes functions in get_context_list.h return a Python list of contexts */
1129eb9c9327563014ad6a807814e7975424642d5b9Stephen Smalley%typemap(argout) (char ***list) {
11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	PyObject* plist;
11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	int i;
11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	if (*$1) {
11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		plist = PyList_New(result);
11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		for (i = 0; i < result; i++) {
11963df0f7ef12844b9b86cc293299671da772fcf84Eric Paris			PyList_SetItem(plist, i,
12063df0f7ef12844b9b86cc293299671da772fcf84Eric Paris                                       PyBytes_FromString((*$1)[i])
12163df0f7ef12844b9b86cc293299671da772fcf84Eric Paris                                       );
12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		}
12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	} else {
12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		plist = PyList_New(0);
12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	/* Only return the Python list, don't need to return the length anymore */
12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	$result = plist;
12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
1309eb9c9327563014ad6a807814e7975424642d5b9Stephen Smalley%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	$1 = &temp;
13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
1339eb9c9327563014ad6a807814e7975424642d5b9Stephen Smalley%typemap(freearg,match="in") char ** "";
1349eb9c9327563014ad6a807814e7975424642d5b9Stephen Smalley%typemap(argout,noblock=1) char ** {
13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	if (*$1) {
13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		%append_output(SWIG_FromCharPtr(*$1));
13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		freecon(*$1);
13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	else {
14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		Py_INCREF(Py_None);
14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		%append_output(Py_None);
14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	$1 = &temp;
14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(freearg,match="in") char ** "";
14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(argout,noblock=1) char ** {
15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	if (*$1) {
15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		%append_output(SWIG_FromCharPtr(*$1));
15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		free(*$1);
15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	else {
15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		Py_INCREF(Py_None);
15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		%append_output(Py_None);
15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(in) char * const [] {
16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	int i, size;
16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	PyObject * s;
16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	if (!PySequence_Check($input)) {
16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		PyErr_SetString(PyExc_ValueError, "Expected a sequence");
16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		return NULL;
16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	size = PySequence_Size($input);
17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	$1 = (char**) malloc(size + 1);
17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	for(i = 0; i < size; i++) {
17463df0f7ef12844b9b86cc293299671da772fcf84Eric Paris		if (!PyBytes_Check(PySequence_GetItem($input, i))) {
17563df0f7ef12844b9b86cc293299671da772fcf84Eric Paris			PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes");
17663df0f7ef12844b9b86cc293299671da772fcf84Eric Paris
17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle			return NULL;
17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		}
17963df0f7ef12844b9b86cc293299671da772fcf84Eric Paris
18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
18113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	for(i = 0; i < size; i++) {
18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		s = PySequence_GetItem($input, i);
18463df0f7ef12844b9b86cc293299671da772fcf84Eric Paris
18563df0f7ef12844b9b86cc293299671da772fcf84Eric Paris		$1[i] = (char*) malloc(PyBytes_Size(s) + 1);
18663df0f7ef12844b9b86cc293299671da772fcf84Eric Paris		strcpy($1[i], PyBytes_AsString(s));
18763df0f7ef12844b9b86cc293299671da772fcf84Eric Paris
18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	$1[size] = NULL;
19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%typemap(freearg,match="in") char * const [] {
19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	int i = 0;
19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	while($1[i]) {
19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		free($1[i]);
19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle		i++;
19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	}
19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle	free($1);
19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}
20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle
20166d07600075d53735197520e4a5bbe6796a89d25Daniel J Walsh%include "selinuxswig_python_exception.i"
20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%include "selinuxswig.i"
203