diff options
| author | Joshua Brindle <method@manicmethod.com> | 2008-08-19 15:30:36 -0400 |
|---|---|---|
| committer | Joshua Brindle <method@manicmethod.com> | 2008-08-19 15:30:36 -0400 |
| commit | 13cd4c8960688af11ad23b4c946149015c80d549 (patch) | |
| tree | 61e928c962bcf6981ef4dc02dfb0b46d1c16b818 /libselinux/src | |
| download | android_external_selinux-13cd4c8960688af11ad23b4c946149015c80d549.tar.gz android_external_selinux-13cd4c8960688af11ad23b4c946149015c80d549.tar.bz2 android_external_selinux-13cd4c8960688af11ad23b4c946149015c80d549.zip | |
initial import from svn trunk revision 2950
Diffstat (limited to 'libselinux/src')
74 files changed, 22481 insertions, 0 deletions
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile new file mode 100644 index 00000000..f5fd6307 --- /dev/null +++ b/libselinux/src/Makefile @@ -0,0 +1,134 @@ +# Installation directories. +PREFIX ?= $(DESTDIR)/usr +LIBDIR ?= $(PREFIX)/lib +SHLIBDIR ?= $(DESTDIR)/lib +INCLUDEDIR ?= $(PREFIX)/include +PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]') +PYINC ?= /usr/include/$(PYLIBVER) +PYLIB ?= /usr/lib/$(PYLIBVER) +PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER) +RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")') +RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM') +RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) +RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM) + +LIBVERSION = 1 + +LIBA=libselinux.a +TARGET=libselinux.so +SWIGIF= selinuxswig_python.i +SWIGRUBYIF= selinuxswig_ruby.i +SWIGCOUT= selinuxswig_wrap.c +SWIGRUBYCOUT= selinuxswig_ruby_wrap.c +SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT)) +SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT)) +SWIGSO=_selinux.so +SWIGFILES=$(SWIGSO) selinux.py +SWIGRUBYSO=_rubyselinux.so +LIBSO=$(TARGET).$(LIBVERSION) +AUDIT2WHYSO=audit2why.so + +ifeq ($(DISABLE_AVC),y) + UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c +endif +ifeq ($(DISABLE_BOOL),y) + UNUSED_SRCS+=booleans.c +endif +ifeq ($(DISABLE_RPM),y) + UNUSED_SRCS+=rpm.c +endif + +GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) +SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c))) + +OBJS= $(patsubst %.c,%.o,$(SRCS)) +LOBJS= $(patsubst %.c,%.lo,$(SRCS)) +CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute +override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS) +RANLIB=ranlib + +ARCH := $(patsubst i%86,i386,$(shell uname -m)) +ifneq (,$(filter i386,$(ARCH))) +TLSFLAGS += -mno-tls-direct-seg-refs +endif + +SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ + +SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ + +all: $(LIBA) $(LIBSO) + +pywrap: all $(SWIGSO) $(AUDIT2WHYSO) + +rubywrap: all $(SWIGRUBYSO) + +$(LIBA): $(OBJS) + $(AR) rcs $@ $^ + $(RANLIB) $@ + +$(SWIGLOBJ): $(SWIGCOUT) + $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< + +$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT) + $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $< + +$(SWIGSO): $(SWIGLOBJ) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ + +$(SWIGRUBYSO): $(SWIGRUBYLOBJ) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@ + +$(LIBSO): $(LOBJS) + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro + ln -sf $@ $(TARGET) + +audit2why.lo: audit2why.c + $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $< + +$(AUDIT2WHYSO): audit2why.lo + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@ + +%.o: %.c policy.h + $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $< + +%.lo: %.c policy.h + $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $< + +$(SWIGCOUT): $(SWIGIF) + $(SWIG) $^ + +$(SWIGRUBYCOUT): $(SWIGRUBYIF) + $(SWIGRUBY) $^ + +swigify: $(SWIGIF) + $(SWIG) $^ + +install: all + test -d $(LIBDIR) || install -m 755 -d $(LIBDIR) + install -m 644 $(LIBA) $(LIBDIR) + test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR) + install -m 755 $(LIBSO) $(SHLIBDIR) + cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET) + +install-pywrap: pywrap + test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux + install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux + install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux + install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py + +install-rubywrap: rubywrap + test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL) + install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so + +relabel: + /sbin/restorecon $(SHLIBDIR)/$(LIBSO) + +clean: + -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ + +distclean: clean + rm -f $(GENERATED) $(SWIGFILES) + +indent: + ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch])) + diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c new file mode 100644 index 00000000..691bc677 --- /dev/null +++ b/libselinux/src/audit2why.c @@ -0,0 +1,443 @@ +#include <Python.h> +#include <unistd.h> +#include <stdlib.h> +#include <ctype.h> +#include <errno.h> +#include <getopt.h> +#include <limits.h> +#include <sepol/sepol.h> +#include <sepol/policydb.h> +#include <sepol/policydb/services.h> +#include <selinux/selinux.h> + +#define UNKNOWN -1 +#define BADSCON -2 +#define BADTCON -3 +#define BADTCLASS -4 +#define BADPERM -5 +#define BADCOMPUTE -6 +#define NOPOLICY -7 +#define ALLOW 0 +#define DONTAUDIT 1 +#define TERULE 2 +#define BOOLEAN 3 +#define CONSTRAINT 4 +#define RBAC 5 + +struct boolean_t { + char *name; + int active; +}; + +static struct boolean_t **boollist = NULL; +static int boolcnt = 0; + +struct avc_t { + sepol_handle_t *handle; + sepol_policydb_t *policydb; + sepol_security_id_t ssid; + sepol_security_id_t tsid; + sepol_security_class_t tclass; + sepol_access_vector_t av; +}; + +static struct avc_t *avc = NULL; + +static sidtab_t sidtab; + +static int load_booleans(const sepol_bool_t * boolean, + void *arg __attribute__ ((__unused__))) +{ + boollist[boolcnt] = malloc(sizeof(struct boolean_t)); + boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean)); + boollist[boolcnt]->active = sepol_bool_get_value(boolean); + boolcnt++; + return 0; +} + +static int check_booleans(struct boolean_t **bools) +{ + char errormsg[PATH_MAX]; + struct sepol_av_decision avd; + unsigned int reason; + int rc; + int i; + sepol_bool_key_t *key = NULL; + sepol_bool_t *boolean = NULL; + int fcnt = 0; + int *foundlist = calloc(boolcnt, sizeof(int)); + if (!foundlist) { + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); + return fcnt; + } + for (i = 0; i < boolcnt; i++) { + char *name = boollist[i]->name; + int active = boollist[i]->active; + rc = sepol_bool_key_create(avc->handle, name, &key); + if (rc < 0) { + PyErr_SetString( PyExc_RuntimeError, + "Could not create boolean key.\n"); + break; + } + rc = sepol_bool_query(avc->handle, + avc->policydb, + key, &boolean); + + if (rc < 0) { + snprintf(errormsg, sizeof(errormsg), + "Could not find boolean %s.\n", name); + PyErr_SetString( PyExc_RuntimeError, errormsg); + break; + } + + sepol_bool_set_value(boolean, !active); + + rc = sepol_bool_set(avc->handle, + avc->policydb, + key, boolean); + if (rc < 0) { + snprintf(errormsg, sizeof(errormsg), + "Could not set boolean data %s.\n", name); + PyErr_SetString( PyExc_RuntimeError, errormsg); + break; + } + + /* Reproduce the computation. */ + rc = sepol_compute_av_reason(avc->ssid, avc->tsid, avc->tclass, + avc->av, &avd, &reason); + if (rc < 0) { + snprintf(errormsg, sizeof(errormsg), + "Error during access vector computation, skipping..."); + PyErr_SetString( PyExc_RuntimeError, errormsg); + + sepol_bool_free(boolean); + break; + } else { + if (!reason) { + foundlist[fcnt] = i; + fcnt++; + } + sepol_bool_set_value(boolean, active); + rc = sepol_bool_set(avc->handle, + avc->policydb, key, + boolean); + if (rc < 0) { + snprintf(errormsg, sizeof(errormsg), + "Could not set boolean data %s.\n", + name); + + PyErr_SetString( PyExc_RuntimeError, errormsg); + break; + } + } + sepol_bool_free(boolean); + sepol_bool_key_free(key); + key = NULL; + boolean = NULL; + } + if (key) + sepol_bool_key_free(key); + + if (boolean) + sepol_bool_free(boolean); + + if (fcnt > 0) { + *bools = calloc(sizeof(struct boolean_t), fcnt + 1); + struct boolean_t *b = *bools; + for (i = 0; i < fcnt; i++) { + int ctr = foundlist[i]; + b[i].name = strdup(boollist[ctr]->name); + b[i].active = !boollist[ctr]->active; + } + } + free(foundlist); + return fcnt; +} + +static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args) { + PyObject *result = 0; + + if (PyArg_ParseTuple(args,(char *)":finish")) { + int i = 0; + for (i = 0; i < boolcnt; i++) { + free(boollist[i]->name); + free(boollist[i]); + } + free(boollist); + sepol_sidtab_shutdown(&sidtab); + sepol_sidtab_destroy(&sidtab); + sepol_policydb_free(avc->policydb); + sepol_handle_destroy(avc->handle); + free(avc); + avc = NULL; + boollist = NULL; + boolcnt = 0; + + /* Boilerplate to return "None" */ + Py_RETURN_NONE; + } + return result; +} + + +static int __policy_init(const char *init_path) +{ + FILE *fp; + int vers = 0; + char path[PATH_MAX]; + char errormsg[PATH_MAX]; + struct sepol_policy_file *pf = NULL; + int rc; + unsigned int cnt; + + if (init_path) { + strncpy(path, init_path, PATH_MAX); + fp = fopen(path, "r"); + if (!fp) { + snprintf(errormsg, sizeof(errormsg), + "unable to open %s: %s\n", + path, strerror(errno)); + PyErr_SetString( PyExc_ValueError, errormsg); + return 1; + } + } else { + vers = sepol_policy_kern_vers_max(); + if (vers < 0) { + snprintf(errormsg, sizeof(errormsg), + "Could not get policy version: %s\n", + strerror(errno)); + PyErr_SetString( PyExc_ValueError, errormsg); + return 1; + } + snprintf(path, PATH_MAX, "%s.%d", + selinux_binary_policy_path(), vers); + fp = fopen(path, "r"); + while (!fp && errno == ENOENT && --vers) { + snprintf(path, PATH_MAX, "%s.%d", + selinux_binary_policy_path(), vers); + fp = fopen(path, "r"); + } + if (!fp) { + snprintf(errormsg, sizeof(errormsg), + "unable to open %s.%d: %s\n", + selinux_binary_policy_path(), + security_policyvers(), strerror(errno)); + PyErr_SetString( PyExc_ValueError, errormsg); + return 1; + } + } + + avc = calloc(sizeof(struct avc_t), 1); + if (!avc) { + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); + return 1; + } + + /* Set up a policydb directly so that we can mutate it later + for testing what booleans might have allowed the access. + Otherwise, we'd just use sepol_set_policydb_from_file() here. */ + if (sepol_policy_file_create(&pf) || + sepol_policydb_create(&avc->policydb)) { + snprintf(errormsg, sizeof(errormsg), + "policydb_init failed: %s\n", strerror(errno)); + PyErr_SetString( PyExc_RuntimeError, errormsg); + fclose(fp); + return 1; + } + sepol_policy_file_set_fp(pf, fp); + if (sepol_policydb_read(avc->policydb, pf)) { + snprintf(errormsg, sizeof(errormsg), + "invalid binary policy %s\n", path); + PyErr_SetString( PyExc_ValueError, errormsg); + fclose(fp); + return 1; + } + fclose(fp); + sepol_set_policydb(&avc->policydb->p); + avc->handle = sepol_handle_create(); + + rc = sepol_bool_count(avc->handle, + avc->policydb, &cnt); + if (rc < 0) { + PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n"); + return 1; + } + + boollist = calloc(cnt, sizeof(struct boolean_t)); + if (!boollist) { + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); + return 1; + } + + sepol_bool_iterate(avc->handle, avc->policydb, + load_booleans, (void *)NULL); + + /* Initialize the sidtab for subsequent use by sepol_context_to_sid + and sepol_compute_av_reason. */ + rc = sepol_sidtab_init(&sidtab); + if (rc < 0) { + PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n"); + free(boollist); + return 1; + } + sepol_set_sidtab(&sidtab); + return 0; +} + +static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) { + int result; + char *init_path=NULL; + if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path)) + result = __policy_init(init_path); + return Py_BuildValue("i", result); +} + +#define RETURN(X) \ + PyTuple_SetItem(result, 0, Py_BuildValue("i", X)); \ + return result; + +static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) { + security_context_t scon; + security_context_t tcon; + char *tclassstr; + PyObject *listObj; + PyObject *strObj; + int numlines; + struct boolean_t *bools; + unsigned int reason; + sepol_security_id_t ssid, tsid; + sepol_security_class_t tclass; + sepol_access_vector_t perm, av; + struct sepol_av_decision avd; + int rc; + int i=0; + PyObject *result = PyTuple_New(2); + if (!result) return NULL; + Py_INCREF(Py_None); + PyTuple_SetItem(result, 1, Py_None); + + if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj)) + return NULL; + + /* get the number of lines passed to us */ + numlines = PyList_Size(listObj); + + /* should raise an error here. */ + if (numlines < 0) return NULL; /* Not a list */ + + if (!avc) { + RETURN(NOPOLICY) + } + + rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid); + if (rc < 0) { + RETURN(BADSCON) + } + rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid); + if (rc < 0) { + RETURN(BADTCON) + } + tclass = string_to_security_class(tclassstr); + if (!tclass) { + RETURN(BADTCLASS) + } + /* Convert the permission list to an AV. */ + av = 0; + + /* iterate over items of the list, grabbing strings, and parsing + for numbers */ + for (i=0; i<numlines; i++){ + char *permstr; + + /* grab the string object from the next element of the list */ + strObj = PyList_GetItem(listObj, i); /* Can't fail */ + + /* make it a string */ + permstr = PyString_AsString( strObj ); + + perm = string_to_av_perm(tclass, permstr); + if (!perm) { + RETURN(BADPERM) + } + av |= perm; + } + + /* Reproduce the computation. */ + rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason); + if (rc < 0) { + RETURN(BADCOMPUTE) + } + + if (!reason) { + RETURN(ALLOW) + } + if (reason & SEPOL_COMPUTEAV_TE) { + avc->ssid = ssid; + avc->tsid = tsid; + avc->tclass = tclass; + avc->av = av; + if (check_booleans(&bools) == 0) { + if (av & ~avd.auditdeny) { + RETURN(DONTAUDIT) + } else { + RETURN(TERULE) + } + } else { + PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN)); + struct boolean_t *b = bools; + int len=0; + while (b->name) { + len++; b++; + } + b = bools; + PyObject *outboollist = PyTuple_New(len); + len=0; + while(b->name) { + PyObject *bool = Py_BuildValue("(si)", b->name, b->active); + PyTuple_SetItem(outboollist, len++, bool); + b++; + } + free(bools); + PyTuple_SetItem(result, 1, outboollist); + return result; + } + } + + if (reason & SEPOL_COMPUTEAV_CONS) { + RETURN(CONSTRAINT); + } + + if (reason & SEPOL_COMPUTEAV_RBAC) { + RETURN(RBAC) + } + RETURN(BADCOMPUTE) +} + +static PyMethodDef audit2whyMethods[] = { + {"init", init, METH_VARARGS, + "Initialize policy database."}, + {"analyze", analyze, METH_VARARGS, + "Analyze AVC."}, + {"finish", finish, METH_VARARGS, + "Finish using policy, free memory."}, + {NULL, NULL, 0, NULL} /* Sentinel */ +}; + +PyMODINIT_FUNC +initaudit2why(void) +{ + PyObject *m = Py_InitModule("audit2why", audit2whyMethods); + PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN); + PyModule_AddIntConstant(m,"BADSCON", BADSCON); + PyModule_AddIntConstant(m,"BADTCON", BADTCON); + PyModule_AddIntConstant(m,"BADTCLASS", BADTCLASS); + PyModule_AddIntConstant(m,"BADPERM", BADPERM); + PyModule_AddIntConstant(m,"BADCOMPUTE", BADCOMPUTE); + PyModule_AddIntConstant(m,"NOPOLICY", NOPOLICY); + PyModule_AddIntConstant(m,"ALLOW", ALLOW); + PyModule_AddIntConstant(m,"DONTAUDIT", DONTAUDIT); + PyModule_AddIntConstant(m,"TERULE", TERULE); + PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN); + PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT); + PyModule_AddIntConstant(m,"RBAC", RBAC); +} diff --git a/libselinux/src/av_inherit.h b/libselinux/src/av_inherit.h new file mode 100644 index 00000000..21effa74 --- /dev/null +++ b/libselinux/src/av_inherit.h @@ -0,0 +1,38 @@ +/* This file is automatically generated. Do not edit. */ + S_(SECCLASS_DIR, file, 0x00020000UL) + S_(SECCLASS_FILE, file, 0x00020000UL) + S_(SECCLASS_LNK_FILE, file, 0x00020000UL) + S_(SECCLASS_CHR_FILE, file, 0x00020000UL) + S_(SECCLASS_BLK_FILE, file, 0x00020000UL) + S_(SECCLASS_SOCK_FILE, file, 0x00020000UL) + S_(SECCLASS_FIFO_FILE, file, 0x00020000UL) + S_(SECCLASS_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_IPC, ipc, 0x00000200UL) + S_(SECCLASS_SEM, ipc, 0x00000200UL) + S_(SECCLASS_MSGQ, ipc, 0x00000200UL) + S_(SECCLASS_SHM, ipc, 0x00000200UL) + S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL) + S_(SECCLASS_DB_DATABASE, database, 0x00000040UL) + S_(SECCLASS_DB_TABLE, database, 0x00000040UL) + S_(SECCLASS_DB_PROCEDURE, database, 0x00000040UL) + S_(SECCLASS_DB_COLUMN, database, 0x00000040UL) + S_(SECCLASS_DB_BLOB, database, 0x00000040UL) diff --git a/libselinux/src/av_perm_to_string.h b/libselinux/src/av_perm_to_string.h new file mode 100644 index 00000000..85028b37 --- /dev/null +++ b/libselinux/src/av_perm_to_string.h @@ -0,0 +1,305 @@ +/* This file is automatically generated. Do not edit. */ + S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod") + S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget") + S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name") + S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name") + S_(SECCLASS_DIR, DIR__REPARENT, "reparent") + S_(SECCLASS_DIR, DIR__SEARCH, "search") + S_(SECCLASS_DIR, DIR__RMDIR, "rmdir") + S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans") + S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint") + S_(SECCLASS_FILE, FILE__EXECMOD, "execmod") + S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans") + S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint") + S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod") + S_(SECCLASS_FD, FD__USE, "use") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect") + S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv") + S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send") + S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv") + S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send") + S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send") + S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest") + S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv") + S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send") + S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom") + S_(SECCLASS_NODE, NODE__SENDTO, "sendto") + S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv") + S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send") + S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv") + S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send") + S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv") + S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send") + S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv") + S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send") + S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress") + S_(SECCLASS_NETIF, NETIF__EGRESS, "egress") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn") + S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom") + S_(SECCLASS_PROCESS, PROCESS__FORK, "fork") + S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition") + S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld") + S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill") + S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop") + S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull") + S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal") + S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace") + S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched") + S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched") + S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession") + S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid") + S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid") + S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap") + S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap") + S_(SECCLASS_PROCESS, PROCESS__SHARE, "share") + S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr") + S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec") + S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate") + S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure") + S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh") + S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit") + S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh") + S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") + S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") + S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") + S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") + S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap") + S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate") + S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate") + S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") + S_(SECCLASS_MSG, MSG__SEND, "send") + S_(SECCLASS_MSG, MSG__RECEIVE, "receive") + S_(SECCLASS_SHM, SHM__LOCK, "lock") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member") + S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context") + S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel") + S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user") + S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce") + S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool") + S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam") + S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot") + S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod") + S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console") + S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override") + S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search") + S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner") + S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid") + S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap") + S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock") + S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time") + S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config") + S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod") + S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease") + S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write") + S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control") + S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap") + S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override") + S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin") + S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd") + S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn") + S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh") + S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok") + S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab") + S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create") + S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy") + S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw") + S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy") + S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr") + S_(SECCLASS_GC, GC__CREATE, "create") + S_(SECCLASS_GC, GC__FREE, "free") + S_(SECCLASS_GC, GC__GETATTR, "getattr") + S_(SECCLASS_GC, GC__SETATTR, "setattr") + S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild") + S_(SECCLASS_WINDOW, WINDOW__CREATE, "create") + S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy") + S_(SECCLASS_WINDOW, WINDOW__MAP, "map") + S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap") + S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack") + S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist") + S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop") + S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop") + S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr") + S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr") + S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus") + S_(SECCLASS_WINDOW, WINDOW__MOVE, "move") + S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection") + S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent") + S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife") + S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate") + S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent") + S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion") + S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent") + S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent") + S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent") + S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent") + S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest") + S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent") + S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent") + S_(SECCLASS_FONT, FONT__LOAD, "load") + S_(SECCLASS_FONT, FONT__FREE, "free") + S_(SECCLASS_FONT, FONT__GETATTR, "getattr") + S_(SECCLASS_FONT, FONT__USE, "use") + S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create") + S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free") + S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install") + S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall") + S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list") + S_(SECCLASS_COLORMAP, COLORMAP__READ, "read") + S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store") + S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr") + S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr") + S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create") + S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free") + S_(SECCLASS_PROPERTY, PROPERTY__READ, "read") + S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write") + S_(SECCLASS_CURSOR, CURSOR__CREATE, "create") + S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph") + S_(SECCLASS_CURSOR, CURSOR__FREE, "free") + S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign") + S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr") + S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill") + S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup") + S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr") + S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr") + S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus") + S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer") + S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab") + S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab") + S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab") + S_(SECCLASS_XINPUT, XINPUT__BELL, "bell") + S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion") + S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput") + S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver") + S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist") + S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist") + S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath") + S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath") + S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr") + S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab") + S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab") + S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query") + S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use") + S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec") + S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp") + S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect") + S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap") + S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec") + S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec") + S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay") + S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv") + S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read") + S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write") + S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc") + S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg") + S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd") + S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp") + S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost") + S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat") + S_(SECCLASS_NSCD, NSCD__ADMIN, "admin") + S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd") + S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp") + S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost") + S_(SECCLASS_NSCD, NSCD__GETSERV, "getserv") + S_(SECCLASS_NSCD, NSCD__SHMEMSERV, "shmemserv") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext") + S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch") + S_(SECCLASS_PACKET, PACKET__SEND, "send") + S_(SECCLASS_PACKET, PACKET__RECV, "recv") + S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto") + S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in") + S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out") + S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in") + S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out") + S_(SECCLASS_KEY, KEY__VIEW, "view") + S_(SECCLASS_KEY, KEY__READ, "read") + S_(SECCLASS_KEY, KEY__WRITE, "write") + S_(SECCLASS_KEY, KEY__SEARCH, "search") + S_(SECCLASS_KEY, KEY__LINK, "link") + S_(SECCLASS_KEY, KEY__SETATTR, "setattr") + S_(SECCLASS_KEY, KEY__CREATE, "create") + S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate") + S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains") + S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind") + S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect") + S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero") + S_(SECCLASS_DB_DATABASE, DB_DATABASE__ACCESS, "access") + S_(SECCLASS_DB_DATABASE, DB_DATABASE__INSTALL_MODULE, "install_module") + S_(SECCLASS_DB_DATABASE, DB_DATABASE__LOAD_MODULE, "load_module") + S_(SECCLASS_DB_DATABASE, DB_DATABASE__GET_PARAM, "get_param") + S_(SECCLASS_DB_DATABASE, DB_DATABASE__SET_PARAM, "set_param") + S_(SECCLASS_DB_TABLE, DB_TABLE__USE, "use") + S_(SECCLASS_DB_TABLE, DB_TABLE__SELECT, "select") + S_(SECCLASS_DB_TABLE, DB_TABLE__UPDATE, "update") + S_(SECCLASS_DB_TABLE, DB_TABLE__INSERT, "insert") + S_(SECCLASS_DB_TABLE, DB_TABLE__DELETE, "delete") + S_(SECCLASS_DB_TABLE, DB_TABLE__LOCK, "lock") + S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__EXECUTE, "execute") + S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__ENTRYPOINT, "entrypoint") + S_(SECCLASS_DB_COLUMN, DB_COLUMN__USE, "use") + S_(SECCLASS_DB_COLUMN, DB_COLUMN__SELECT, "select") + S_(SECCLASS_DB_COLUMN, DB_COLUMN__UPDATE, "update") + S_(SECCLASS_DB_COLUMN, DB_COLUMN__INSERT, "insert") + S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELFROM, "relabelfrom") + S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELTO, "relabelto") + S_(SECCLASS_DB_TUPLE, DB_TUPLE__USE, "use") + S_(SECCLASS_DB_TUPLE, DB_TUPLE__SELECT, "select") + S_(SECCLASS_DB_TUPLE, DB_TUPLE__UPDATE, "update") + S_(SECCLASS_DB_TUPLE, DB_TUPLE__INSERT, "insert") + S_(SECCLASS_DB_TUPLE, DB_TUPLE__DELETE, "delete") + S_(SECCLASS_DB_BLOB, DB_BLOB__READ, "read") + S_(SECCLASS_DB_BLOB, DB_BLOB__WRITE, "write") + S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import") + S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export") + S_(SECCLASS_PEER, PEER__RECV, "recv") diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c new file mode 100644 index 00000000..ddc367cd --- /dev/null +++ b/libselinux/src/avc.c @@ -0,0 +1,1202 @@ +/* + * Implementation of the userspace access vector cache (AVC). + * + * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> + * + * Derived from the kernel AVC implementation by + * Stephen Smalley <sds@epoch.ncsc.mil> and + * James Morris <jmorris@redhat.com>. + */ +#include <selinux/avc.h> +#include "selinux_internal.h" +#include "avc_sidtab.h" +#include "avc_internal.h" + +#define AVC_CACHE_SLOTS 512 +#define AVC_CACHE_MAXNODES 410 + +struct avc_entry { + security_id_t ssid; + security_id_t tsid; + security_class_t tclass; + struct av_decision avd; + int used; /* used recently */ +}; + +struct avc_node { + struct avc_entry ae; + struct avc_node *next; +}; + +struct avc_cache { + struct avc_node *slots[AVC_CACHE_SLOTS]; + uint32_t lru_hint; /* LRU hint for reclaim scan */ + uint32_t active_nodes; + uint32_t latest_notif; /* latest revocation notification */ +}; + +struct avc_callback_node { + int (*callback) (uint32_t event, security_id_t ssid, + security_id_t tsid, + security_class_t tclass, access_vector_t perms, + access_vector_t * out_retained); + uint32_t events; + security_id_t ssid; + security_id_t tsid; + security_class_t tclass; + access_vector_t perms; + struct avc_callback_node *next; +}; + +static void *avc_netlink_thread = NULL; +static void *avc_lock = NULL; +static void *avc_log_lock = NULL; +static struct avc_node *avc_node_freelist = NULL; +static struct avc_cache avc_cache; +static char *avc_audit_buf = NULL; +static struct avc_cache_stats cache_stats; +static struct avc_callback_node *avc_callbacks = NULL; +static struct sidtab avc_sidtab; + +static inline int avc_hash(security_id_t ssid, + security_id_t tsid, security_class_t tclass) +{ + return ((uintptr_t) ssid ^ ((uintptr_t) tsid << 2) ^ tclass) + & (AVC_CACHE_SLOTS - 1); +} + +int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid) +{ + int rc; + avc_get_lock(avc_lock); + rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid); + if (!rc) + (*sid)->refcnt++; + avc_release_lock(avc_lock); + return rc; +} + +int avc_context_to_sid(security_context_t ctx, security_id_t * sid) +{ + int ret; + security_context_t rctx; + + if (selinux_trans_to_raw_context(ctx, &rctx)) + return -1; + + ret = avc_context_to_sid_raw(rctx, sid); + + freecon(rctx); + + return ret; +} + +int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx) +{ + int rc; + *ctx = NULL; + avc_get_lock(avc_lock); + if (sid->refcnt > 0) { + *ctx = strdup(sid->ctx); /* caller must free via freecon */ + rc = *ctx ? 0 : -1; + } else { + errno = EINVAL; /* bad reference count */ + rc = -1; + } + avc_release_lock(avc_lock); + return rc; +} + +int avc_sid_to_context(security_id_t sid, security_context_t * ctx) +{ + int ret; + security_context_t rctx; + + ret = avc_sid_to_context_raw(sid, &rctx); + + if (ret == 0) { + ret = selinux_raw_to_trans_context(rctx, ctx); + freecon(rctx); + } + + return ret; +} + +int sidget(security_id_t sid) +{ + int rc; + avc_get_lock(avc_lock); + rc = sid_inc_refcnt(sid); + avc_release_lock(avc_lock); + return rc; +} + +int sidput(security_id_t sid) +{ + int rc; + if (!sid) + return 0; + avc_get_lock(avc_lock); + rc = sid_dec_refcnt(sid); + avc_release_lock(avc_lock); + return rc; +} + +int avc_get_initial_sid(const char * name, security_id_t * sid) +{ + int rc; + security_context_t con; + + rc = security_get_initial_context_raw(name, &con); + if (rc < 0) + return rc; + rc = avc_context_to_sid_raw(con, sid); + + freecon(con); + + return rc; +} + +int avc_open(struct selinux_opt *opts, unsigned nopts) +{ + avc_setenforce = 0; + + while (nopts--) + switch(opts[nopts].type) { + case AVC_OPT_SETENFORCE: + avc_setenforce = 1; + avc_enforcing = !!opts[nopts].value; + break; + } + + return avc_init("avc", NULL, NULL, NULL, NULL); +} + +int avc_init(const char *prefix, + const struct avc_memory_callback *mem_cb, + const struct avc_log_callback *log_cb, + const struct avc_thread_callback *thread_cb, + const struct avc_lock_callback *lock_cb) +{ + struct avc_node *new; + int i, rc = 0; + + if (prefix) + strncpy(avc_prefix, prefix, AVC_PREFIX_SIZE - 1); + + set_callbacks(mem_cb, log_cb, thread_cb, lock_cb); + + avc_lock = avc_alloc_lock(); + avc_log_lock = avc_alloc_lock(); + + memset(&cache_stats, 0, sizeof(cache_stats)); + + for (i = 0; i < AVC_CACHE_SLOTS; i++) + avc_cache.slots[i] = 0; + avc_cache.lru_hint = 0; + avc_cache.active_nodes = 0; + avc_cache.latest_notif = 0; + + rc = sidtab_init(&avc_sidtab); + if (rc) { + avc_log("%s: unable to initialize SID table\n", avc_prefix); + goto out; + } + + avc_audit_buf = (char *)avc_malloc(AVC_AUDIT_BUFSIZE); + if (!avc_audit_buf) { + avc_log("%s: unable to allocate audit buffer\n", avc_prefix); + rc = -1; + goto out; + } + + for (i = 0; i < AVC_CACHE_MAXNODES; i++) { + new = avc_malloc(sizeof(*new)); + if (!new) { + avc_log("%s: warning: only got %d av entries\n", + avc_prefix, i); + break; + } + memset(new, 0, sizeof(*new)); + new->next = avc_node_freelist; + avc_node_freelist = new; + } + + if (!avc_setenforce) { + rc = security_getenforce(); + if (rc < 0) { + avc_log("%s: could not determine enforcing mode\n", + avc_prefix); + goto out; + } + avc_enforcing = rc; + } + + rc = avc_netlink_open(avc_using_threads); + if (rc < 0) { + avc_log("%s: can't open netlink socket: %d (%s)\n", avc_prefix, + errno, strerror(errno)); + goto out; + } + if (avc_using_threads) { + avc_netlink_thread = avc_create_thread(&avc_netlink_loop); + avc_netlink_trouble = 0; + } + avc_running = 1; + out: + return rc; +} + +void avc_cache_stats(struct avc_cache_stats *p) +{ + memcpy(p, &cache_stats, sizeof(cache_stats)); +} + +void avc_sid_stats(void) +{ + avc_get_lock(avc_log_lock); + avc_get_lock(avc_lock); + sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE); + avc_release_lock(avc_lock); + avc_log("%s", avc_audit_buf); + avc_release_lock(avc_log_lock); +} + +void avc_av_stats(void) +{ + int i, chain_len, max_chain_len, slots_used; + struct avc_node *node; + + avc_get_lock(avc_lock); + + slots_used = 0; + max_chain_len = 0; + for (i = 0; i < AVC_CACHE_SLOTS; i++) { + node = avc_cache.slots[i]; + if (node) { + slots_used++; + chain_len = 0; + while (node) { + chain_len++; + node = node->next; + } + if (chain_len > max_chain_len) + max_chain_len = chain_len; + } + } + + avc_release_lock(avc_lock); + + avc_log("%s: %d AV entries and %d/%d buckets used, " + "longest chain length %d\n", avc_prefix, + avc_cache.active_nodes, + slots_used, AVC_CACHE_SLOTS, max_chain_len); +} + +hidden_def(avc_av_stats) + +static inline struct avc_node *avc_reclaim_node(void) +{ + struct avc_node *prev, *cur; + int try; + uint32_t hvalue; + + hvalue = avc_cache.lru_hint; + for (try = 0; try < 2; try++) { + do { + prev = NULL; + cur = avc_cache.slots[hvalue]; + while (cur) { + if (!cur->ae.used) + goto found; + + cur->ae.used = 0; + + prev = cur; + cur = cur->next; + } + hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1); + } while (hvalue != avc_cache.lru_hint); + } + + errno = ENOMEM; /* this was a panic in the kernel... */ + return NULL; + + found: + avc_cache.lru_hint = hvalue; + + if (prev == NULL) + avc_cache.slots[hvalue] = cur->next; + else + prev->next = cur->next; + + return cur; +} + +static inline struct avc_node *avc_claim_node(security_id_t ssid, + security_id_t tsid, + security_class_t tclass) +{ + struct avc_node *new; + int hvalue; + + if (!avc_node_freelist) + avc_cleanup(); + + if (avc_node_freelist) { + new = avc_node_freelist; + avc_node_freelist = avc_node_freelist->next; + avc_cache.active_nodes++; + } else { + new = avc_reclaim_node(); + if (!new) + goto out; + } + + hvalue = avc_hash(ssid, tsid, tclass); + new->ae.used = 1; + new->ae.ssid = ssid; + new->ae.tsid = tsid; + new->ae.tclass = tclass; + new->next = avc_cache.slots[hvalue]; + avc_cache.slots[hvalue] = new; + + out: + return new; +} + +static inline struct avc_node *avc_search_node(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, + int *probes) +{ + struct avc_node *cur; + int hvalue; + int tprobes = 1; + + hvalue = avc_hash(ssid, tsid, tclass); + cur = avc_cache.slots[hvalue]; + while (cur != NULL && + (ssid != cur->ae.ssid || + tclass != cur->ae.tclass || tsid != cur->ae.tsid)) { + tprobes++; + cur = cur->next; + } + + if (cur == NULL) { + /* cache miss */ + goto out; + } + + /* cache hit */ + if (probes) + *probes = tprobes; + + cur->ae.used = 1; + + out: + return cur; +} + +/** + * avc_lookup - Look up an AVC entry. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @requested: requested permissions, interpreted based on @tclass + * @aeref: AVC entry reference + * + * Look up an AVC entry that is valid for the + * @requested permissions between the SID pair + * (@ssid, @tsid), interpreting the permissions + * based on @tclass. If a valid AVC entry exists, + * then this function updates @aeref to refer to the + * entry and returns %0. Otherwise, -1 is returned. + */ +static int avc_lookup(security_id_t ssid, security_id_t tsid, + security_class_t tclass, + access_vector_t requested, struct avc_entry_ref *aeref) +{ + struct avc_node *node; + int probes, rc = 0; + + avc_cache_stats_incr(cav_lookups); + node = avc_search_node(ssid, tsid, tclass, &probes); + + if (node && ((node->ae.avd.decided & requested) == requested)) { + avc_cache_stats_incr(cav_hits); + avc_cache_stats_add(cav_probes, probes); + aeref->ae = &node->ae; + goto out; + } + + avc_cache_stats_incr(cav_misses); + rc = -1; + out: + return rc; +} + +/** + * avc_insert - Insert an AVC entry. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + * @ae: AVC entry + * @aeref: AVC entry reference + * + * Insert an AVC entry for the SID pair + * (@ssid, @tsid) and class @tclass. + * The access vectors and the sequence number are + * normally provided by the security server in + * response to a security_compute_av() call. If the + * sequence number @ae->avd.seqno is not less than the latest + * revocation notification, then the function copies + * the access vectors into a cache entry, updates + * @aeref to refer to the entry, and returns %0. + * Otherwise, this function returns -%1 with @errno set to %EAGAIN. + */ +static int avc_insert(security_id_t ssid, security_id_t tsid, + security_class_t tclass, + struct avc_entry *ae, struct avc_entry_ref *aeref) +{ + struct avc_node *node; + int rc = 0; + + if (ae->avd.seqno < avc_cache.latest_notif) { + avc_log("%s: seqno %d < latest_notif %d\n", avc_prefix, + ae->avd.seqno, avc_cache.latest_notif); + errno = EAGAIN; + rc = -1; + goto out; + } + + node = avc_claim_node(ssid, tsid, tclass); + if (!node) { + rc = -1; + goto out; + } + + node->ae.avd.allowed = ae->avd.allowed; + node->ae.avd.decided = ae->avd.decided; + node->ae.avd.auditallow = ae->avd.auditallow; + node->ae.avd.auditdeny = ae->avd.auditdeny; + node->ae.avd.seqno = ae->avd.seqno; + aeref->ae = &node->ae; + out: + return rc; +} + +/** + * avc_remove - Remove AVC and sidtab entries for SID. + * @sid: security identifier to be removed + * + * Remove all AVC entries containing @sid as source + * or target, and remove @sid from the SID table. + * Free the memory allocated for the structure corresponding + * to @sid. After this function has been called, @sid must + * not be used until another call to avc_context_to_sid() has + * been made for this SID. + */ +static void avc_remove(security_id_t sid) +{ + struct avc_node *prev, *cur, *tmp; + int i; + + for (i = 0; i < AVC_CACHE_SLOTS; i++) { + cur = avc_cache.slots[i]; + prev = NULL; + while (cur) { + if (sid == cur->ae.ssid || sid == cur->ae.tsid) { + if (prev) + prev->next = cur->next; + else + avc_cache.slots[i] = cur->next; + tmp = cur; + cur = cur->next; + tmp->ae.ssid = tmp->ae.tsid = NULL; + tmp->ae.tclass = 0; + tmp->ae.avd.allowed = tmp->ae.avd.decided = 0; + tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = + 0; + tmp->ae.used = 0; + tmp->next = avc_node_freelist; + avc_node_freelist = tmp; + avc_cache.active_nodes--; + } else { + prev = cur; + cur = cur->next; + } + } + } + sidtab_remove(&avc_sidtab, sid); +} + +void avc_cleanup(void) +{ + security_id_t sid; + + avc_get_lock(avc_lock); + + while (NULL != (sid = sidtab_claim_sid(&avc_sidtab))) + avc_remove(sid); + + avc_release_lock(avc_lock); +} + +hidden_def(avc_cleanup) + +int avc_reset(void) +{ + struct avc_callback_node *c; + int i, ret, rc = 0, errsave = 0; + struct avc_node *node, *tmp; + errno = 0; + + if (!avc_running) + return 0; + + avc_get_lock(avc_lock); + + for (i = 0; i < AVC_CACHE_SLOTS; i++) { + node = avc_cache.slots[i]; + while (node) { + tmp = node; + node = node->next; + tmp->ae.ssid = tmp->ae.tsid = NULL; + tmp->ae.tclass = 0; + tmp->ae.avd.allowed = tmp->ae.avd.decided = 0; + tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0; + tmp->ae.used = 0; + tmp->next = avc_node_freelist; + avc_node_freelist = tmp; + avc_cache.active_nodes--; + } + avc_cache.slots[i] = 0; + } + avc_cache.lru_hint = 0; + + avc_release_lock(avc_lock); + + memset(&cache_stats, 0, sizeof(cache_stats)); + + for (c = avc_callbacks; c; c = c->next) { + if (c->events & AVC_CALLBACK_RESET) { + ret = c->callback(AVC_CALLBACK_RESET, 0, 0, 0, 0, 0); + if (ret && !rc) { + rc = ret; + errsave = errno; + } + } + } + errno = errsave; + return rc; +} + +hidden_def(avc_reset) + +void avc_destroy(void) +{ + struct avc_callback_node *c; + struct avc_node *node, *tmp; + int i; + + avc_get_lock(avc_lock); + + if (avc_using_threads) + avc_stop_thread(avc_netlink_thread); + avc_netlink_close(); + + for (i = 0; i < AVC_CACHE_SLOTS; i++) { + node = avc_cache.slots[i]; + while (node) { + tmp = node; + node = node->next; + avc_free(tmp); + } + } + while (avc_node_freelist) { + tmp = avc_node_freelist; + avc_node_freelist = tmp->next; + avc_free(tmp); + } + avc_release_lock(avc_lock); + + while (avc_callbacks) { + c = avc_callbacks; + avc_callbacks = c->next; + avc_free(c); + } + sidtab_destroy(&avc_sidtab); + avc_free_lock(avc_lock); + avc_free_lock(avc_log_lock); + avc_free(avc_audit_buf); + avc_running = 0; +} + +/* ratelimit stuff put aside for now --EFW */ +#if 0 +/* + * Copied from net/core/utils.c:net_ratelimit and modified for + * use by the AVC audit facility. + */ +#define AVC_MSG_COST 5*HZ +#define AVC_MSG_BURST 10*5*HZ + +/* + * This enforces a rate limit: not more than one kernel message + * every 5secs to make a denial-of-service attack impossible. + */ +static int avc_ratelimit(void) +{ + static unsigned long toks = 10 * 5 * HZ; + static unsigned long last_msg; + static int missed, rc = 0; + unsigned long now = jiffies; + void *ratelimit_lock = avc_alloc_lock(); + + avc_get_lock(ratelimit_lock); + toks += now - last_msg; + last_msg = now; + if (toks > AVC_MSG_BURST) + toks = AVC_MSG_BURST; + if (toks >= AVC_MSG_COST) { + int lost = missed; + missed = 0; + toks -= AVC_MSG_COST; + avc_release_lock(ratelimit_lock); + if (lost) { + avc_log("%s: %d messages suppressed.\n", avc_prefix, + lost); + } + rc = 1; + goto out; + } + missed++; + avc_release_lock(ratelimit_lock); + out: + avc_free_lock(ratelimit_lock); + return rc; +} + +static inline int check_avc_ratelimit(void) +{ + if (avc_enforcing) + return avc_ratelimit(); + else { + /* If permissive, then never suppress messages. */ + return 1; + } +} +#endif /* ratelimit stuff */ + +/** + * avc_dump_av - Display an access vector in human-readable form. + * @tclass: target security class + * @av: access vector + */ +static void avc_dump_av(security_class_t tclass, access_vector_t av) +{ + const char *permstr; + access_vector_t bit = 1; + + if (av == 0) { + log_append(avc_audit_buf, " null"); + return; + } + + log_append(avc_audit_buf, " {"); + + while (av) { + if (av & bit) { + permstr = security_av_perm_to_string(tclass, bit); + if (!permstr) + break; + log_append(avc_audit_buf, " %s", permstr); + av &= ~bit; + } + bit <<= 1; + } + + if (av) + log_append(avc_audit_buf, " 0x%x", av); + log_append(avc_audit_buf, " }"); +} + +/** + * avc_dump_query - Display a SID pair and a class in human-readable form. + * @ssid: source security identifier + * @tsid: target security identifier + * @tclass: target security class + */ +static void avc_dump_query(security_id_t ssid, security_id_t tsid, + security_class_t tclass) +{ + avc_get_lock(avc_lock); + + if (ssid->refcnt > 0) + log_append(avc_audit_buf, "scontext=%s", ssid->ctx); + else + log_append(avc_audit_buf, "ssid=%p", ssid); + + if (tsid->refcnt > 0) + log_append(avc_audit_buf, " tcontext=%s", tsid->ctx); + else + log_append(avc_audit_buf, " tsid=%p", tsid); + + avc_release_lock(avc_lock); + log_append(avc_audit_buf, " tclass=%s", + security_class_to_string(tclass)); +} + +void avc_audit(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct av_decision *avd, int result, void *a) +{ + access_vector_t denied, audited; + + denied = requested & ~avd->allowed; + if (denied) { + audited = denied; + if (!(audited & avd->auditdeny)) + return; + } else if (!requested || result) { + audited = denied = requested; + } else { + audited = requested; + if (!(audited & avd->auditallow)) + return; + } +#if 0 + if (!check_avc_ratelimit()) + return; +#endif + /* prevent overlapping buffer writes */ + avc_get_lock(avc_log_lock); + snprintf(avc_audit_buf, AVC_AUDIT_BUFSIZE, + "%s: %s ", avc_prefix, (denied || !requested) ? "denied" : "granted"); + avc_dump_av(tclass, audited); + log_append(avc_audit_buf, " for "); + + /* get any extra information printed by the callback */ + avc_suppl_audit(a, tclass, avc_audit_buf + strlen(avc_audit_buf), + AVC_AUDIT_BUFSIZE - strlen(avc_audit_buf)); + + log_append(avc_audit_buf, " "); + avc_dump_query(ssid, tsid, tclass); + log_append(avc_audit_buf, "\n"); + avc_log("%s", avc_audit_buf); + + avc_release_lock(avc_log_lock); +} + +hidden_def(avc_audit) + +int avc_has_perm_noaudit(security_id_t ssid, + security_id_t tsid, + security_class_t tclass, + access_vector_t requested, + struct avc_entry_ref *aeref, struct av_decision *avd) +{ + struct avc_entry *ae; + int rc = 0; + struct avc_entry entry; + access_vector_t denied; + struct avc_entry_ref ref; + + if (!avc_using_threads) { + (void)avc_netlink_check_nb(); + } + + if (!aeref) { + avc_entry_ref_init(&ref); + aeref = &ref; + } + + avc_get_lock(avc_lock); + avc_cache_stats_incr(entry_lookups); + ae = aeref->ae; + if (ae) { + if (ae->ssid == ssid && + ae->tsid == tsid && + ae->tclass == tclass && + ((ae->avd.decided & requested) == requested)) { + avc_cache_stats_incr(entry_hits); + ae->used = 1; + } else { + avc_cache_stats_incr(entry_discards); + ae = 0; + } + } + + if (!ae) { + avc_cache_stats_incr(entry_misses); + rc = avc_lookup(ssid, tsid, tclass, requested, aeref); + if (rc) { + if ((ssid->refcnt <= 0) || (tsid->refcnt <= 0)) { + errno = EINVAL; + rc = -1; + goto out; + } + rc = security_compute_av_raw(ssid->ctx, tsid->ctx, + tclass, requested, + &entry.avd); + if (rc) + goto out; + rc = avc_insert(ssid, tsid, tclass, &entry, aeref); + if (rc) + goto out; + } + ae = aeref->ae; + } + + if (avd) + memcpy(avd, &ae->avd, sizeof(*avd)); + + denied = requested & ~(ae->avd.allowed); + + if (!requested || denied) { + if (avc_enforcing) { + errno = EACCES; + rc = -1; + } else + ae->avd.allowed |= requested; + } + + out: + avc_release_lock(avc_lock); + return rc; +} + +hidden_def(avc_has_perm_noaudit) + +int avc_has_perm(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t requested, + struct avc_entry_ref *aeref, void *auditdata) +{ + struct av_decision avd = { 0, 0, 0, 0, 0 }; + int errsave, rc; + + rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd); + errsave = errno; + avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata); + errno = errsave; + return rc; +} + +int avc_compute_create(security_id_t ssid, security_id_t tsid, + security_class_t tclass, security_id_t *newsid) +{ + int rc; + *newsid = NULL; + avc_get_lock(avc_lock); + if (ssid->refcnt > 0 && tsid->refcnt > 0) { + security_context_t ctx = NULL; + rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass, + &ctx); + if (rc) + goto out; + rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid); + if (!rc) + (*newsid)->refcnt++; + freecon(ctx); + } else { + errno = EINVAL; /* bad reference count */ + rc = -1; + } +out: + avc_release_lock(avc_lock); + return rc; +} + +int avc_compute_member(security_id_t ssid, security_id_t tsid, + security_class_t tclass, security_id_t *newsid) +{ + int rc; + *newsid = NULL; + avc_get_lock(avc_lock); + if (ssid->refcnt > 0 && tsid->refcnt > 0) { + security_context_t ctx = NULL; + rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass, + &ctx); + if (rc) + goto out; + rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid); + if (!rc) + (*newsid)->refcnt++; + freecon(ctx); + } else { + errno = EINVAL; /* bad reference count */ + rc = -1; + } +out: + avc_release_lock(avc_lock); + return rc; +} + +int avc_add_callback(int (*callback) (uint32_t event, security_id_t ssid, + security_id_t tsid, + security_class_t tclass, + access_vector_t perms, + access_vector_t * out_retained), + uint32_t events, security_id_t ssid, + security_id_t tsid, + security_class_t tclass, access_vector_t perms) +{ + struct avc_callback_node *c; + int rc = 0; + + c = avc_malloc(sizeof(*c)); + if (!c) { + rc = -1; + goto out; + } + + c->callback = callback; + c->events = events; + c->ssid = ssid; + c->tsid = tsid; + c->tclass = tclass; + c->perms = perms; + c->next = avc_callbacks; + avc_callbacks = c; + out: + return rc; +} + +static inline int avc_sidcmp(security_id_t x, security_id_t y) +{ + return (x == y || x == SECSID_WILD || y == SECSID_WILD); +} + +static inline void avc_update_node(uint32_t event, struct avc_node *node, + access_vector_t perms) +{ + switch (event) { + case AVC_CALLBACK_GRANT: + node->ae.avd.allowed |= perms; + break; + case AVC_CALLBACK_TRY_REVOKE: + case AVC_CALLBACK_REVOKE: + node->ae.avd.allowed &= ~perms; + break; + case AVC_CALLBACK_AUDITALLOW_ENABLE: + node->ae.avd.auditallow |= perms; + break; + case AVC_CALLBACK_AUDITALLOW_DISABLE: + node->ae.avd.auditallow &= ~perms; + break; + case AVC_CALLBACK_AUDITDENY_ENABLE: + node->ae.avd.auditdeny |= perms; + break; + case AVC_CALLBACK_AUDITDENY_DISABLE: + node->ae.avd.auditdeny &= ~perms; + break; + } +} + +static int avc_update_cache(uint32_t event, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms) +{ + struct avc_node *node; + int i; + + avc_get_lock(avc_lock); + + if (ssid == SECSID_WILD || tsid == SECSID_WILD) { + /* apply to all matching nodes */ + for (i = 0; i < AVC_CACHE_SLOTS; i++) { + for (node = avc_cache.slots[i]; node; node = node->next) { + if (avc_sidcmp(ssid, node->ae.ssid) && + avc_sidcmp(tsid, node->ae.tsid) && + tclass == node->ae.tclass) { + avc_update_node(event, node, perms); + } + } + } + } else { + /* apply to one node */ + node = avc_search_node(ssid, tsid, tclass, 0); + if (node) { + avc_update_node(event, node, perms); + } + } + + avc_release_lock(avc_lock); + + return 0; +} + +/* avc_control - update cache and call callbacks + * + * This should not be called directly; use the individual event + * functions instead. + */ +static int avc_control(uint32_t event, security_id_t ssid, + security_id_t tsid, security_class_t tclass, + access_vector_t perms, + uint32_t seqno, access_vector_t * out_retained) +{ + struct avc_callback_node *c; + access_vector_t tretained = 0, cretained = 0; + int ret, rc = 0, errsave = 0; + errno = 0; + + /* + * try_revoke only removes permissions from the cache + * state if they are not retained by the object manager. + * Hence, try_revoke must wait until after the callbacks have + * been invoked to update the cache state. + */ + if (event != AVC_CALLBACK_TRY_REVOKE) + avc_update_cache(event, ssid, tsid, tclass, perms); + + for (c = avc_callbacks; c; c = c->next) { + if ((c->events & event) && + avc_sidcmp(c->ssid, ssid) && + avc_sidcmp(c->tsid, tsid) && + c->tclass == tclass && (c->perms & perms)) { + cretained = 0; + ret = c->callback(event, ssid, tsid, tclass, + (c->perms & perms), &cretained); + if (ret && !rc) { + rc = ret; + errsave = errno; + } + if (!ret) + tretained |= cretained; + } + } + + if (event == AVC_CALLBACK_TRY_REVOKE) { + /* revoke any unretained permissions */ + perms &= ~tretained; + avc_update_cache(event, ssid, tsid, tclass, perms); + *out_retained = tretained; + } + + avc_get_lock(avc_lock); + if (seqno > avc_cache.latest_notif) + avc_cache.latest_notif = seqno; + avc_release_lock(avc_lock); + + errno = errsave; + return rc; +} + +/** + * avc_ss_grant - Grant previously denied permissions. + * @ssid: source security identifier or %SECSID_WILD + * @tsid: target security identifier or %SECSID_WILD + * @tclass: target security class + * @perms: permissions to grant + * @seqno: policy sequence number + */ +int avc_ss_grant(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno) +{ + return avc_control(AVC_CALLBACK_GRANT, + ssid, tsid, tclass, perms, seqno, 0); +} + +/** + * avc_ss_try_revoke - Try to revoke previously granted permissions. + * @ssid: source security identifier or %SECSID_WILD + * @tsid: target security identifier or %SECSID_WILD + * @tclass: target security class + * @perms: permissions to grant + * @seqno: policy sequence number + * @out_retained: subset of @perms that are retained + * + * Try to revoke previously granted permissions, but + * only if they are not retained as migrated permissions. + * Return the subset of permissions that are retained via @out_retained. + */ +int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid, + security_class_t tclass, + access_vector_t perms, uint32_t seqno, + access_vector_t * out_retained) +{ + return avc_control(AVC_CALLBACK_TRY_REVOKE, + ssid, tsid, tclass, perms, seqno, out_retained); +} + +/** + * avc_ss_revoke - Revoke previously granted permissions. + * @ssid: source security identifier or %SECSID_WILD + * @tsid: target security identifier or %SECSID_WILD + * @tclass: target security class + * @perms: permissions to grant + * @seqno: policy sequence number + * + * Revoke previously granted permissions, even if + * they are retained as migrated permissions. + */ +int avc_ss_revoke(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno) +{ + return avc_control(AVC_CALLBACK_REVOKE, + ssid, tsid, tclass, perms, seqno, 0); +} + +/** + * avc_ss_reset - Flush the cache and revalidate migrated permissions. + * @seqno: policy sequence number + */ +int avc_ss_reset(uint32_t seqno) +{ + int rc; + + rc = avc_reset(); + + avc_get_lock(avc_lock); + if (seqno > avc_cache.latest_notif) + avc_cache.latest_notif = seqno; + avc_release_lock(avc_lock); + + return rc; +} + +/** + * avc_ss_set_auditallow - Enable or disable auditing of granted permissions. + * @ssid: source security identifier or %SECSID_WILD + * @tsid: target security identifier or %SECSID_WILD + * @tclass: target security class + * @perms: permissions to grant + * @seqno: policy sequence number + * @enable: enable flag. + */ +int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno, uint32_t enable) +{ + if (enable) + return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE, + ssid, tsid, tclass, perms, seqno, 0); + else + return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE, + ssid, tsid, tclass, perms, seqno, 0); +} + +/** + * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions. + * @ssid: source security identifier or %SECSID_WILD + * @tsid: target security identifier or %SECSID_WILD + * @tclass: target security class + * @perms: permissions to grant + * @seqno: policy sequence number + * @enable: enable flag. + */ +int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno, uint32_t enable) +{ + if (enable) + return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE, + ssid, tsid, tclass, perms, seqno, 0); + else + return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE, + ssid, tsid, tclass, perms, seqno, 0); +} diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c new file mode 100644 index 00000000..b9e9db22 --- /dev/null +++ b/libselinux/src/avc_internal.c @@ -0,0 +1,239 @@ +/* + * Callbacks for user-supplied memory allocation, supplemental + * auditing, and locking routines. + * + * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> + * + * Netlink code derived in part from sample code by + * James Morris <jmorris@redhat.com>. + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <linux/types.h> +#include <linux/netlink.h> +#include "selinux_netlink.h" +#include "avc_internal.h" + +#ifndef NETLINK_SELINUX +#define NETLINK_SELINUX 7 +#endif + +/* callback pointers */ +void *(*avc_func_malloc) (size_t) = NULL; +void (*avc_func_free) (void *) = NULL; + +void (*avc_func_log) (const char *, ...) = NULL; +void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL; + +int avc_using_threads = 0; +void *(*avc_func_create_thread) (void (*)(void)) = NULL; +void (*avc_func_stop_thread) (void *) = NULL; + +void *(*avc_func_alloc_lock) (void) = NULL; +void (*avc_func_get_lock) (void *) = NULL; +void (*avc_func_release_lock) (void *) = NULL; +void (*avc_func_free_lock) (void *) = NULL; + +/* message prefix string and avc enforcing mode */ +char avc_prefix[AVC_PREFIX_SIZE] = "uavc"; +int avc_running = 0; +int avc_enforcing = 1; +int avc_setenforce = 0; +int avc_netlink_trouble = 0; + +/* netlink socket code */ +static int fd; + +int avc_netlink_open(int blocking) +{ + int len, rc = 0; + struct sockaddr_nl addr; + + fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_SELINUX); + if (fd < 0) { + rc = fd; + goto out; + } + + fcntl(fd, F_SETFD, FD_CLOEXEC); + if (!blocking && fcntl(fd, F_SETFL, O_NONBLOCK)) { + close(fd); + rc = -1; + goto out; + } + + len = sizeof(addr); + + memset(&addr, 0, len); + addr.nl_family = AF_NETLINK; + addr.nl_groups = SELNL_GRP_AVC; + + if (bind(fd, (struct sockaddr *)&addr, len) < 0) { + close(fd); + rc = -1; + goto out; + } + out: + return rc; +} + +void avc_netlink_close(void) +{ + close(fd); +} + +static int avc_netlink_receive(char *buf, unsigned buflen) +{ + int rc; + struct sockaddr_nl nladdr; + socklen_t nladdrlen = sizeof nladdr; + struct nlmsghdr *nlh = (struct nlmsghdr *)buf; + + rc = recvfrom(fd, buf, buflen, 0, (struct sockaddr *)&nladdr, + &nladdrlen); + if (rc < 0) + return rc; + + if (nladdrlen != sizeof nladdr) { + avc_log("%s: warning: netlink address truncated, len %d?\n", + avc_prefix, nladdrlen); + return -1; + } + + if (nladdr.nl_pid) { + avc_log("%s: warning: received spoofed netlink packet from: %d\n", + avc_prefix, nladdr.nl_pid); + return -1; + } + + if (rc == 0) { + avc_log("%s: warning: received EOF on netlink socket\n", + avc_prefix); + errno = EBADFD; + return -1; + } + + if (nlh->nlmsg_flags & MSG_TRUNC || nlh->nlmsg_len > (unsigned)rc) { + avc_log("%s: warning: incomplete netlink message\n", + avc_prefix); + return -1; + } + + return 0; +} + +static int avc_netlink_process(char *buf) +{ + int rc; + struct nlmsghdr *nlh = (struct nlmsghdr *)buf; + + switch (nlh->nlmsg_type) { + case NLMSG_ERROR:{ + struct nlmsgerr *err = NLMSG_DATA(nlh); + + /* Netlink ack */ + if (err->error == 0) + break; + + errno = -err->error; + avc_log("%s: netlink error: %d\n", avc_prefix, errno); + return -1; + } + + case SELNL_MSG_SETENFORCE:{ + struct selnl_msg_setenforce *msg = NLMSG_DATA(nlh); + avc_log("%s: received setenforce notice (enforcing=%d)\n", + avc_prefix, msg->val); + if (avc_setenforce) + break; + avc_enforcing = msg->val; + if (avc_enforcing && (rc = avc_ss_reset(0)) < 0) { + avc_log("%s: cache reset returned %d (errno %d)\n", + avc_prefix, rc, errno); + return rc; + } + break; + } + + case SELNL_MSG_POLICYLOAD:{ + struct selnl_msg_policyload *msg = NLMSG_DATA(nlh); + avc_log("%s: received policyload notice (seqno=%d)\n", + avc_prefix, msg->seqno); + rc = avc_ss_reset(msg->seqno); + if (rc < 0) { + avc_log("%s: cache reset returned %d (errno %d)\n", + avc_prefix, rc, errno); + return rc; + } + break; + } + + default: + avc_log("%s: warning: unknown netlink message %d\n", + avc_prefix, nlh->nlmsg_type); + } + return 0; +} + +int avc_netlink_check_nb(void) +{ + int rc; + char buf[1024] __attribute__ ((aligned)); + + while (1) { + errno = 0; + rc = avc_netlink_receive(buf, sizeof(buf)); + if (rc < 0) { + if (errno == EWOULDBLOCK) + return 0; + if (errno == 0 || errno == EINTR) + continue; + else { + avc_log("%s: netlink recvfrom: error %d\n", + avc_prefix, errno); + return rc; + } + } + + (void)avc_netlink_process(buf); + } + return 0; +} + +/* run routine for the netlink listening thread */ +void avc_netlink_loop(void) +{ + int rc; + char buf[1024] __attribute__ ((aligned)); + + while (1) { + errno = 0; + rc = avc_netlink_receive(buf, sizeof(buf)); + if (rc < 0) { + if (errno == 0 || errno == EINTR) + continue; + else { + avc_log("%s: netlink recvfrom: error %d\n", + avc_prefix, errno); + break; + } + } + + rc = avc_netlink_process(buf); + if (rc < 0) + break; + } + + close(fd); + avc_netlink_trouble = 1; + avc_log("%s: netlink thread: errors encountered, terminating\n", + avc_prefix); +} diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h new file mode 100644 index 00000000..cd50dc82 --- /dev/null +++ b/libselinux/src/avc_internal.h @@ -0,0 +1,196 @@ +/* + * This file describes the internal interface used by the AVC + * for calling the user-supplied memory allocation, supplemental + * auditing, and locking routine, as well as incrementing the + * statistics fields. + * + * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> + */ +#ifndef _SELINUX_AVC_INTERNAL_H_ +#define _SELINUX_AVC_INTERNAL_H_ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <selinux/avc.h> +#include "callbacks.h" +#include "dso.h" + +/* SID reference counter manipulation */ +static inline int sid_inc_refcnt(security_id_t sid) +{ + return sid->refcnt = (sid->refcnt > 0) ? sid->refcnt + 1 : 0; +} + +static inline int sid_dec_refcnt(security_id_t sid) +{ + return sid->refcnt = (sid->refcnt > 0) ? sid->refcnt - 1 : 0; +} + +/* callback pointers */ +extern void *(*avc_func_malloc) (size_t) hidden; +extern void (*avc_func_free) (void *)hidden; + +extern void (*avc_func_log) (const char *, ...)hidden; +extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden; + +extern int avc_using_threads hidden; +extern void *(*avc_func_create_thread) (void (*)(void))hidden; +extern void (*avc_func_stop_thread) (void *)hidden; + +extern void *(*avc_func_alloc_lock) (void)hidden; +extern void (*avc_func_get_lock) (void *)hidden; +extern void (*avc_func_release_lock) (void *)hidden; +extern void (*avc_func_free_lock) (void *)hidden; + +static inline void set_callbacks(const struct avc_memory_callback *mem_cb, + const struct avc_log_callback *log_cb, + const struct avc_thread_callback *thread_cb, + const struct avc_lock_callback *lock_cb) +{ + if (mem_cb) { + avc_func_malloc = mem_cb->func_malloc; + avc_func_free = mem_cb->func_free; + } + if (log_cb) { + avc_func_log = log_cb->func_log; + avc_func_audit = log_cb->func_audit; + } + if (thread_cb) { + avc_using_threads = 1; + avc_func_create_thread = thread_cb->func_create_thread; + avc_func_stop_thread = thread_cb->func_stop_thread; + } + if (lock_cb) { + avc_func_alloc_lock = lock_cb->func_alloc_lock; + avc_func_get_lock = lock_cb->func_get_lock; + avc_func_release_lock = lock_cb->func_release_lock; + avc_func_free_lock = lock_cb->func_free_lock; + } +} + +/* message prefix and enforcing mode*/ +#define AVC_PREFIX_SIZE 16 +extern char avc_prefix[AVC_PREFIX_SIZE] hidden; +extern int avc_running hidden; +extern int avc_enforcing hidden; +extern int avc_setenforce hidden; + +/* user-supplied callback interface for avc */ +static inline void *avc_malloc(size_t size) +{ + return avc_func_malloc ? avc_func_malloc(size) : malloc(size); +} + +static inline void avc_free(void *ptr) +{ + if (avc_func_free) + avc_func_free(ptr); + else + free(ptr); +} + +/* this is a macro in order to use the variadic capability. */ +#define avc_log(format...) \ + if (avc_func_log) \ + avc_func_log(format); \ + else \ + selinux_log(SELINUX_ERROR, format); + +static inline void avc_suppl_audit(void *ptr, security_class_t class, + char *buf, size_t len) +{ + if (avc_func_audit) + avc_func_audit(ptr, class, buf, len); + else + selinux_audit(ptr, class, buf, len); +} + +static inline void *avc_create_thread(void (*run) (void)) +{ + return avc_func_create_thread ? avc_func_create_thread(run) : NULL; +} + +static inline void avc_stop_thread(void *thread) +{ + if (avc_func_stop_thread) + avc_func_stop_thread(thread); +} + +static inline void *avc_alloc_lock(void) +{ + return avc_func_alloc_lock ? avc_func_alloc_lock() : NULL; +} + +static inline void avc_get_lock(void *lock) +{ + if (avc_func_get_lock) + avc_func_get_lock(lock); +} + +static inline void avc_release_lock(void *lock) +{ + if (avc_func_release_lock) + avc_func_release_lock(lock); +} + +static inline void avc_free_lock(void *lock) +{ + if (avc_func_free_lock) + avc_func_free_lock(lock); +} + +/* statistics helper routines */ +#ifdef AVC_CACHE_STATS + +#define avc_cache_stats_incr(field) \ + cache_stats.field ++; +#define avc_cache_stats_add(field, num) \ + cache_stats.field += num; + +#else + +#define avc_cache_stats_incr(field) +#define avc_cache_stats_add(field, num) + +#endif + +/* logging helper routines */ +#define AVC_AUDIT_BUFSIZE 1024 + +/* again, we need the variadic capability here */ +#define log_append(buf,format...) \ + snprintf(buf+strlen(buf), AVC_AUDIT_BUFSIZE-strlen(buf), format) + +/* internal callbacks */ +int avc_ss_grant(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno) hidden; +int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid, + security_class_t tclass, + access_vector_t perms, uint32_t seqno, + access_vector_t * out_retained) hidden; +int avc_ss_revoke(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno) hidden; +int avc_ss_reset(uint32_t seqno) hidden; +int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno, uint32_t enable) hidden; +int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid, + security_class_t tclass, access_vector_t perms, + uint32_t seqno, uint32_t enable) hidden; + +/* netlink kernel message code */ +extern int avc_netlink_trouble hidden; +int avc_netlink_open(int blocking) hidden; +int avc_netlink_check_nb(void) hidden; +void avc_netlink_loop(void) hidden; +void avc_netlink_close(void) hidden; + +hidden_proto(avc_av_stats) + hidden_proto(avc_cleanup) + hidden_proto(avc_reset) + hidden_proto(avc_audit) + hidden_proto(avc_has_perm_noaudit) +#endif /* _SELINUX_AVC_INTERNAL_H_ */ diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c new file mode 100644 index 00000000..dab5c4ea --- /dev/null +++ b/libselinux/src/avc_sidtab.c @@ -0,0 +1,192 @@ +/* + * Implementation of the userspace SID hashtable. + * + * Author : Eamon Walsh, <ewalsh@epoch.ncsc.mil> + */ +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <stdint.h> +#include <string.h> +#include "selinux_internal.h" +#include <selinux/avc.h> +#include "avc_sidtab.h" +#include "avc_internal.h" + +static inline unsigned sidtab_hash(security_context_t key) +{ + char *p, *keyp; + unsigned int size; + unsigned int val; + + val = 0; + keyp = (char *)key; + size = strlen(keyp); + for (p = keyp; (unsigned int)(p - keyp) < size; p++) + val = + (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p); + return val & (SIDTAB_SIZE - 1); +} + +int sidtab_init(struct sidtab *s) +{ + int i, rc = 0; + + s->htable = (struct sidtab_node **)avc_malloc + (sizeof(struct sidtab_node *) * SIDTAB_SIZE); + + if (!s->htable) { + rc = -1; + goto out; + } + for (i = 0; i < SIDTAB_SIZE; i++) + s->htable[i] = NULL; + s->nel = 0; + out: + return rc; +} + +int sidtab_insert(struct sidtab *s, security_context_t ctx) +{ + int hvalue, rc = 0; + struct sidtab_node *newnode; + security_context_t newctx; + + newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode)); + if (!newnode) { + rc = -1; + goto out; + } + newctx = (security_context_t) strdup(ctx); + if (!newctx) { + rc = -1; + avc_free(newnode); + goto out; + } + + hvalue = sidtab_hash(newctx); + newnode->next = s->htable[hvalue]; + newnode->sid_s.ctx = newctx; + newnode->sid_s.refcnt = 0; /* caller should increment */ + s->htable[hvalue] = newnode; + s->nel++; + out: + return rc; +} + +void sidtab_remove(struct sidtab *s, security_id_t sid) +{ + int hvalue; + struct sidtab_node *cur, *prev; + + hvalue = sidtab_hash(sid->ctx); + cur = s->htable[hvalue]; + prev = NULL; + while (cur) { + if (sid == &cur->sid_s) { + if (prev) + prev->next = cur->next; + else + s->htable[hvalue] = cur->next; + avc_free(cur); + s->nel--; + return; + } else { + prev = cur; + cur = cur->next; + } + } +} + +security_id_t sidtab_claim_sid(struct sidtab *s) +{ + int i; + struct sidtab_node *cur; + + for (i = 0; i < SIDTAB_SIZE; i++) { + cur = s->htable[i]; + while (cur) { + if (!cur->sid_s.refcnt) + return &cur->sid_s; + cur = cur->next; + } + } + return NULL; +} + +int +sidtab_context_to_sid(struct sidtab *s, + security_context_t ctx, security_id_t * sid) +{ + int hvalue, rc = 0; + struct sidtab_node *cur; + + *sid = NULL; + hvalue = sidtab_hash(ctx); + + loop: + cur = s->htable[hvalue]; + while (cur != NULL && strcmp(cur->sid_s.ctx, ctx)) + cur = cur->next; + + if (cur == NULL) { /* need to make a new entry */ + rc = sidtab_insert(s, ctx); + if (rc) + goto out; + goto loop; /* find the newly inserted node */ + } + + *sid = &cur->sid_s; + out: + return rc; +} + +void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen) +{ + int i, chain_len, slots_used, max_chain_len; + struct sidtab_node *cur; + + slots_used = 0; + max_chain_len = 0; + for (i = 0; i < SIDTAB_SIZE; i++) { + cur = h->htable[i]; + if (cur) { + slots_used++; + chain_len = 0; + while (cur) { + chain_len++; + cur = cur->next; + } + + if (chain_len > max_chain_len) + max_chain_len = chain_len; + } + } + + snprintf(buf, buflen, + "%s: %d SID entries and %d/%d buckets used, longest " + "chain length %d\n", avc_prefix, h->nel, slots_used, + SIDTAB_SIZE, max_chain_len); +} + +void sidtab_destroy(struct sidtab *s) +{ + int i; + struct sidtab_node *cur, *temp; + + if (!s) + return; + + for (i = 0; i < SIDTAB_SIZE; i++) { + cur = s->htable[i]; + while (cur != NULL) { + temp = cur; + cur = cur->next; + freecon(temp->sid_s.ctx); + avc_free(temp); + } + s->htable[i] = NULL; + } + avc_free(s->htable); + s->htable = NULL; +} diff --git a/libselinux/src/avc_sidtab.h b/libselinux/src/avc_sidtab.h new file mode 100644 index 00000000..620a3351 --- /dev/null +++ b/libselinux/src/avc_sidtab.h @@ -0,0 +1,38 @@ +/* + * A security identifier table (sidtab) is a hash table + * of security context structures indexed by SID value. + */ +#ifndef _SELINUX_AVC_SIDTAB_H_ +#define _SELINUX_AVC_SIDTAB_H_ + +#include <selinux/selinux.h> +#include <selinux/avc.h> +#include "dso.h" + +struct sidtab_node { + struct security_id sid_s; + struct sidtab_node *next; +}; + +#define SIDTAB_HASH_BITS 7 +#define SIDTAB_HASH_BUCKETS (1 << SIDTAB_HASH_BITS) +#define SIDTAB_HASH_MASK (SIDTAB_HASH_BUCKETS-1) +#define SIDTAB_SIZE SIDTAB_HASH_BUCKETS + +struct sidtab { + struct sidtab_node **htable; + unsigned nel; +}; + +int sidtab_init(struct sidtab *s) hidden; +int sidtab_insert(struct sidtab *s, security_context_t ctx) hidden; +void sidtab_remove(struct sidtab *s, security_id_t sid) hidden; +security_id_t sidtab_claim_sid(struct sidtab *s) hidden; + +int sidtab_context_to_sid(struct sidtab *s, + security_context_t ctx, security_id_t * sid) hidden; + +void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) hidden; +void sidtab_destroy(struct sidtab *s) hidden; + +#endif /* _SELINUX_AVC_SIDTAB_H_ */ diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c new file mode 100644 index 00000000..bbf83247 --- /dev/null +++ b/libselinux/src/booleans.c @@ -0,0 +1,474 @@ +/* + * Author: Karl MacMillan <kmacmillan@tresys.com> + * + * Modified: + * Dan Walsh <dwalsh@redhat.com> - Added security_load_booleans(). + */ + +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <assert.h> +#include <stdlib.h> +#include <dirent.h> +#include <string.h> +#include <stdio.h> +#include <stdio_ext.h> +#include <unistd.h> +#include <fnmatch.h> +#include <limits.h> +#include <ctype.h> +#include <errno.h> + +#include "selinux_internal.h" +#include "policy.h" + +#define SELINUX_BOOL_DIR "/booleans/" + +static int filename_select(const struct dirent *d) +{ + if (d->d_name[0] == '.' + && (d->d_name[1] == '\0' + || (d->d_name[1] == '.' && d->d_name[2] == '\0'))) + return 0; + return 1; +} + +int security_get_boolean_names(char ***names, int *len) +{ + char path[PATH_MAX]; + int i, rc; + struct dirent **namelist; + char **n; + + assert(len); + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR); + *len = scandir(path, &namelist, &filename_select, alphasort); + if (*len <= 0) { + return -1; + } + + n = (char **)malloc(sizeof(char *) * *len); + if (!n) { + rc = -1; + goto bad; + } + + for (i = 0; i < *len; i++) { + n[i] = (char *)malloc(_D_ALLOC_NAMLEN(namelist[i])); + if (!n[i]) { + rc = -1; + goto bad_freen; + } + strcpy(n[i], namelist[i]->d_name); + } + rc = 0; + *names = n; + out: + for (i = 0; i < *len; i++) { + free(namelist[i]); + } + free(namelist); + return rc; + bad_freen: + for (--i; i >= 0; --i) + free(n[i]); + free(n); + bad: + goto out; +} + +hidden_def(security_get_boolean_names) +#define STRBUF_SIZE 3 +static int get_bool_value(const char *name, char **buf) +{ + int fd, len; + char *fname = NULL; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + *buf = (char *)malloc(sizeof(char) * (STRBUF_SIZE + 1)); + if (!*buf) + goto out; + (*buf)[STRBUF_SIZE] = 0; + + len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); + fname = (char *)malloc(sizeof(char) * len); + if (!fname) + goto out; + snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name); + + fd = open(fname, O_RDONLY); + if (fd < 0) + goto out; + + len = read(fd, *buf, STRBUF_SIZE); + close(fd); + if (len != STRBUF_SIZE) + goto out; + + free(fname); + return 0; + out: + if (*buf) + free(*buf); + if (fname) + free(fname); + return -1; +} + +int security_get_boolean_pending(const char *name) +{ + char *buf; + int val; + + if (get_bool_value(name, &buf)) + return -1; + + if (atoi(&buf[1])) + val = 1; + else + val = 0; + free(buf); + return val; +} + +int security_get_boolean_active(const char *name) +{ + char *buf; + int val; + + if (get_bool_value(name, &buf)) + return -1; + + buf[1] = '\0'; + if (atoi(buf)) + val = 1; + else + val = 0; + free(buf); + return val; +} + +hidden_def(security_get_boolean_active) + +int security_set_boolean(const char *name, int value) +{ + int fd, ret, len; + char buf[2], *fname; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + if (value < 0 || value > 1) { + errno = EINVAL; + return -1; + } + + len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR); + fname = (char *)malloc(sizeof(char) * len); + if (!fname) + return -1; + snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name); + + fd = open(fname, O_WRONLY); + if (fd < 0) { + ret = -1; + goto out; + } + + if (value) + buf[0] = '1'; + else + buf[0] = '0'; + buf[1] = '\0'; + + ret = write(fd, buf, 2); + close(fd); + out: + free(fname); + if (ret > 0) + return 0; + else + return -1; +} + +hidden_def(security_set_boolean) + +int security_commit_booleans(void) +{ + int fd, ret; + char buf[2]; + char path[PATH_MAX]; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/commit_pending_bools", selinux_mnt); + fd = open(path, O_WRONLY); + if (fd < 0) + return -1; + + buf[0] = '1'; + buf[1] = '\0'; + + ret = write(fd, buf, 2); + close(fd); + + if (ret > 0) + return 0; + else + return -1; +} + +hidden_def(security_commit_booleans) + +static char *strtrim(char *dest, char *source, int size) +{ + int i = 0; + char *ptr = source; + i = 0; + while (isspace(*ptr) && i < size) { + ptr++; + i++; + } + strncpy(dest, ptr, size); + for (i = strlen(dest) - 1; i > 0; i--) { + if (!isspace(dest[i])) + break; + } + dest[i + 1] = '\0'; + return dest; +} +static int process_boolean(char *buffer, char *name, int namesize, int *val) +{ + char name1[BUFSIZ]; + char *ptr; + char *tok = strtok_r(buffer, "=", &ptr); + if (tok) { + strncpy(name1, tok, BUFSIZ - 1); + strtrim(name, name1, namesize - 1); + if (name[0] == '#') + return 0; + tok = strtok_r(NULL, "\0", &ptr); + if (tok) { + while (isspace(*tok)) + tok++; + *val = -1; + if (isdigit(tok[0])) + *val = atoi(tok); + else if (!strncasecmp(tok, "true", sizeof("true") - 1)) + *val = 1; + else if (!strncasecmp + (tok, "false", sizeof("false") - 1)) + *val = 0; + if (*val != 0 && *val != 1) { + errno = EINVAL; + return -1; + } + + } + } + return 1; +} +static int save_booleans(size_t boolcnt, SELboolean * boollist) +{ + ssize_t len; + size_t i; + char outbuf[BUFSIZ]; + char *inbuf = NULL; + + /* Open file */ + const char *bool_file = selinux_booleans_path(); + char local_bool_file[PATH_MAX]; + char tmp_bool_file[PATH_MAX]; + FILE *boolf; + int fd; + int *used = (int *)malloc(sizeof(int) * boolcnt); + if (!used) { + return -1; + } + /* zero out used field */ + for (i = 0; i < boolcnt; i++) + used[i] = 0; + + snprintf(tmp_bool_file, sizeof(tmp_bool_file), "%s.XXXXXX", bool_file); + fd = mkstemp(tmp_bool_file); + if (fd < 0) { + free(used); + return -1; + } + + snprintf(local_bool_file, sizeof(local_bool_file), "%s.local", + bool_file); + boolf = fopen(local_bool_file, "r"); + if (boolf != NULL) { + ssize_t ret; + size_t size = 0; + int val; + char boolname[BUFSIZ]; + char *buffer; + inbuf = NULL; + __fsetlocking(boolf, FSETLOCKING_BYCALLER); + while ((len = getline(&inbuf, &size, boolf)) > 0) { + buffer = strdup(inbuf); + if (!buffer) + goto close_remove_fail; + ret = + process_boolean(inbuf, boolname, sizeof(boolname), + &val); + if (ret != 1) { + ret = write(fd, buffer, len); + free(buffer); + if (ret != len) + goto close_remove_fail; + } else { + free(buffer); + for (i = 0; i < boolcnt; i++) { + if (strcmp(boollist[i].name, boolname) + == 0) { + snprintf(outbuf, sizeof(outbuf), + "%s=%d\n", boolname, + boollist[i].value); + len = strlen(outbuf); + used[i] = 1; + if (write(fd, outbuf, len) != + len) + goto close_remove_fail; + else + break; + } + } + if (i == boolcnt) { + snprintf(outbuf, sizeof(outbuf), + "%s=%d\n", boolname, val); + len = strlen(outbuf); + if (write(fd, outbuf, len) != len) + goto close_remove_fail; + } + } + free(inbuf); + inbuf = NULL; + } + fclose(boolf); + } + + for (i = 0; i < boolcnt; i++) { + if (used[i] == 0) { + snprintf(outbuf, sizeof(outbuf), "%s=%d\n", + boollist[i].name, boollist[i].value); + len = strlen(outbuf); + if (write(fd, outbuf, len) != len) { + close_remove_fail: + free(inbuf); + close(fd); + remove_fail: + unlink(tmp_bool_file); + free(used); + return -1; + } + } + + } + if (fchmod(fd, S_IRUSR | S_IWUSR) != 0) + goto close_remove_fail; + close(fd); + if (rename(tmp_bool_file, local_bool_file) != 0) + goto remove_fail; + + free(used); + return 0; +} +static void rollback(SELboolean * boollist, int end) +{ + int i; + + for (i = 0; i < end; i++) + security_set_boolean(boollist[i].name, + security_get_boolean_active(boollist[i]. + name)); +} + +int security_set_boolean_list(size_t boolcnt, SELboolean * boollist, + int permanent) +{ + + size_t i; + for (i = 0; i < boolcnt; i++) { + if (security_set_boolean(boollist[i].name, boollist[i].value)) { + rollback(boollist, i); + return -1; + } + } + + /* OK, let's do the commit */ + if (security_commit_booleans()) { + return -1; + } + + if (permanent) + return save_booleans(boolcnt, boollist); + + return 0; +} +int security_load_booleans(char *path) +{ + FILE *boolf; + char *inbuf; + char localbools[BUFSIZ]; + size_t len = 0, errors = 0; + int val; + char name[BUFSIZ]; + + boolf = fopen(path ? path : selinux_booleans_path(), "r"); + if (boolf == NULL) + goto localbool; + + __fsetlocking(boolf, FSETLOCKING_BYCALLER); + while (getline(&inbuf, &len, boolf) > 0) { + int ret = process_boolean(inbuf, name, sizeof(name), &val); + if (ret == -1) + errors++; + if (ret == 1) + if (security_set_boolean(name, val) < 0) { + errors++; + } + } + fclose(boolf); + localbool: + snprintf(localbools, sizeof(localbools), "%s.local", + (path ? path : selinux_booleans_path())); + boolf = fopen(localbools, "r"); + + if (boolf != NULL) { + int ret; + __fsetlocking(boolf, FSETLOCKING_BYCALLER); + while (getline(&inbuf, &len, boolf) > 0) { + ret = process_boolean(inbuf, name, sizeof(name), &val); + if (ret == -1) + errors++; + if (ret == 1) + if (security_set_boolean(name, val) < 0) { + errors++; + } + } + fclose(boolf); + } + if (security_commit_booleans() < 0) + return -1; + + if (errors) + errno = EINVAL; + return errors ? -1 : 0; +} diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c new file mode 100644 index 00000000..5acfd3d1 --- /dev/null +++ b/libselinux/src/callbacks.c @@ -0,0 +1,92 @@ +/* + * User-supplied callbacks and default implementations. + * Class and permission mappings. + */ + +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include <errno.h> +#include <selinux/selinux.h> +#include "callbacks.h" + +/* default implementations */ +static int __attribute__ ((format(printf, 2, 3))) +default_selinux_log(int type __attribute__((unused)), const char *fmt, ...) +{ + int rc; + va_list ap; + va_start(ap, fmt); + rc = vfprintf(stderr, fmt, ap); + va_end(ap); + return rc; +} + +static int +default_selinux_audit(void *ptr __attribute__((unused)), + security_class_t cls __attribute__((unused)), + char *buf __attribute__((unused)), + size_t len __attribute__((unused))) +{ + return 0; +} + +static int +default_selinux_validate(security_context_t *ctx) +{ + return security_check_context(*ctx); +} + +/* callback pointers */ +int __attribute__ ((format(printf, 2, 3))) +(*selinux_log)(int, const char *, ...) = + default_selinux_log; + +int +(*selinux_audit) (void *, security_class_t, char *, size_t) = + default_selinux_audit; + +int +(*selinux_validate)(security_context_t *ctx) = + default_selinux_validate; + +/* callback setting function */ +void +selinux_set_callback(int type, union selinux_callback cb) +{ + switch (type) { + case SELINUX_CB_LOG: + selinux_log = cb.func_log; + break; + case SELINUX_CB_AUDIT: + selinux_audit = cb.func_audit; + break; + case SELINUX_CB_VALIDATE: + selinux_validate = cb.func_validate; + break; + } +} + +/* callback getting function */ +union selinux_callback +selinux_get_callback(int type) +{ + union selinux_callback cb; + + switch (type) { + case SELINUX_CB_LOG: + cb.func_log = selinux_log; + break; + case SELINUX_CB_AUDIT: + cb.func_audit = selinux_audit; + break; + case SELINUX_CB_VALIDATE: + cb.func_validate = selinux_validate; + break; + default: + memset(&cb, 0, sizeof(cb)); + errno = EINVAL; + break; + } + return cb; +} diff --git a/libselinux/src/callbacks.h b/libselinux/src/callbacks.h new file mode 100644 index 00000000..068fa9df --- /dev/null +++ b/libselinux/src/callbacks.h @@ -0,0 +1,24 @@ +/* + * This file describes the callbacks passed to selinux_init() and available + * for use from the library code. They all have default implementations. + */ +#ifndef _SELINUX_CALLBACKS_H_ +#define _SELINUX_CALLBACKS_H_ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <selinux/selinux.h> +#include "dso.h" + +/* callback pointers */ +extern int __attribute__ ((format(printf, 2, 3))) +(*selinux_log) (int type, const char *, ...) hidden; + +extern int +(*selinux_audit) (void *, security_class_t, char *, size_t) hidden; + +extern int +(*selinux_validate)(security_context_t *ctx) hidden; + +#endif /* _SELINUX_CALLBACKS_H_ */ diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c new file mode 100644 index 00000000..85bbbfad --- /dev/null +++ b/libselinux/src/canonicalize_context.c @@ -0,0 +1,86 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include "selinux_internal.h" +#include "policy.h" +#include <limits.h> + +int security_canonicalize_context_raw(security_context_t con, + security_context_t * canoncon) +{ + char path[PATH_MAX]; + char *buf; + size_t size; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/context", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + size = selinux_page_size; + buf = malloc(size); + if (!buf) { + ret = -1; + goto out; + } + strncpy(buf, con, size); + + ret = write(fd, buf, strlen(buf) + 1); + if (ret < 0) + goto out2; + + memset(buf, 0, size); + ret = read(fd, buf, size - 1); + if (ret < 0 && errno == EINVAL) { + /* Fall back to the original context for kernels + that do not support the extended interface. */ + strncpy(buf, con, size); + } + + *canoncon = strdup(buf); + if (!(*canoncon)) { + ret = -1; + goto out2; + } + ret = 0; + out2: + free(buf); + out: + close(fd); + return ret; +} + +hidden_def(security_canonicalize_context_raw) + +int security_canonicalize_context(security_context_t con, + security_context_t * canoncon) +{ + int ret; + security_context_t rcon = con; + security_context_t rcanoncon; + + if (selinux_trans_to_raw_context(con, &rcon)) + return -1; + + ret = security_canonicalize_context_raw(rcon, &rcanoncon); + + freecon(rcon); + if (!ret) { + ret = selinux_raw_to_trans_context(rcanoncon, canoncon); + freecon(rcanoncon); + } + + return ret; +} + +hidden_def(security_canonicalize_context) diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c new file mode 100644 index 00000000..c1982c73 --- /dev/null +++ b/libselinux/src/checkAccess.c @@ -0,0 +1,47 @@ +#include <unistd.h> +#include <sys/types.h> +#include <stdlib.h> +#include <errno.h> +#include "selinux_internal.h" +#include <selinux/flask.h> +#include <selinux/av_permissions.h> + +int selinux_check_passwd_access(access_vector_t requested) +{ + int status = -1; + security_context_t user_context; + if (is_selinux_enabled() == 0) + return 0; + if (getprevcon_raw(&user_context) == 0) { + security_class_t passwd_class; + struct av_decision avd; + int retval; + + passwd_class = string_to_security_class("passwd"); + if (passwd_class == 0) + return 0; + + retval = security_compute_av_raw(user_context, + user_context, + passwd_class, + requested, + &avd); + + if ((retval == 0) && ((requested & avd.allowed) == requested)) { + status = 0; + } + freecon(user_context); + } + + if (status != 0 && security_getenforce() == 0) + status = 0; + + return status; +} + +hidden_def(selinux_check_passwd_access) + +int checkPasswdAccess(access_vector_t requested) +{ + return selinux_check_passwd_access(requested); +} diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c new file mode 100644 index 00000000..0e8fb864 --- /dev/null +++ b/libselinux/src/check_context.c @@ -0,0 +1,51 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <errno.h> +#include <string.h> +#include <stdio.h> +#include "selinux_internal.h" +#include "policy.h" +#include <limits.h> + +int security_check_context_raw(security_context_t con) +{ + char path[PATH_MAX]; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/context", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + ret = write(fd, con, strlen(con) + 1); + close(fd); + if (ret < 0) + return -1; + return 0; +} + +hidden_def(security_check_context_raw) + +int security_check_context(security_context_t con) +{ + int ret; + security_context_t rcon = con; + + if (selinux_trans_to_raw_context(con, &rcon)) + return -1; + + ret = security_check_context_raw(rcon); + + freecon(rcon); + + return ret; +} + +hidden_def(security_check_context) diff --git a/libselinux/src/class_to_string.h b/libselinux/src/class_to_string.h new file mode 100644 index 00000000..60327cbc --- /dev/null +++ b/libselinux/src/class_to_string.h @@ -0,0 +1,74 @@ +/* This file is automatically generated. Do not edit. */ +/* + * Security object class definitions + */ + S_("null") + S_("security") + S_("process") + S_("system") + S_("capability") + S_("filesystem") + S_("file") + S_("dir") + S_("fd") + S_("lnk_file") + S_("chr_file") + S_("blk_file") + S_("sock_file") + S_("fifo_file") + S_("socket") + S_("tcp_socket") + S_("udp_socket") + S_("rawip_socket") + S_("node") + S_("netif") + S_("netlink_socket") + S_("packet_socket") + S_("key_socket") + S_("unix_stream_socket") + S_("unix_dgram_socket") + S_("sem") + S_("msg") + S_("msgq") + S_("shm") + S_("ipc") + S_("passwd") + S_("drawable") + S_("window") + S_("gc") + S_("font") + S_("colormap") + S_("property") + S_("cursor") + S_("xclient") + S_("xinput") + S_("xserver") + S_("xextension") + S_("pax") + S_("netlink_route_socket") + S_("netlink_firewall_socket") + S_("netlink_tcpdiag_socket") + S_("netlink_nflog_socket") + S_("netlink_xfrm_socket") + S_("netlink_selinux_socket") + S_("netlink_audit_socket") + S_("netlink_ip6fw_socket") + S_("netlink_dnrt_socket") + S_("dbus") + S_("nscd") + S_("association") + S_("netlink_kobject_uevent_socket") + S_("appletalk_socket") + S_("packet") + S_("key") + S_("context") + S_("dccp_socket") + S_("memprotect") + S_("db_database") + S_("db_table") + S_("db_procedure") + S_("db_column") + S_("db_tuple") + S_("db_blob") + S_("peer") + S_("capability2") diff --git a/libselinux/src/common_perm_to_string.h b/libselinux/src/common_perm_to_string.h new file mode 100644 index 00000000..f52d1f50 --- /dev/null +++ b/libselinux/src/common_perm_to_string.h @@ -0,0 +1,67 @@ +/* This file is automatically generated. Do not edit. */ +TB_(common_file_perm_to_string) + S_("ioctl") + S_("read") + S_("write") + S_("create") + S_("getattr") + S_("setattr") + S_("lock") + S_("relabelfrom") + S_("relabelto") + S_("append") + S_("unlink") + S_("link") + S_("rename") + S_("execute") + S_("swapon") + S_("quotaon") + S_("mounton") +TE_(common_file_perm_to_string) + +TB_(common_socket_perm_to_string) + S_("ioctl") + S_("read") + S_("write") + S_("create") + S_("getattr") + S_("setattr") + S_("lock") + S_("relabelfrom") + S_("relabelto") + S_("append") + S_("bind") + S_("connect") + S_("listen") + S_("accept") + S_("getopt") + S_("setopt") + S_("shutdown") + S_("recvfrom") + S_("sendto") + S_("recv_msg") + S_("send_msg") + S_("name_bind") +TE_(common_socket_perm_to_string) + +TB_(common_ipc_perm_to_string) + S_("create") + S_("destroy") + S_("getattr") + S_("setattr") + S_("read") + S_("write") + S_("associate") + S_("unix_read") + S_("unix_write") +TE_(common_ipc_perm_to_string) + +TB_(common_database_perm_to_string) + S_("create") + S_("drop") + S_("getattr") + S_("setattr") + S_("relabelfrom") + S_("relabelto") +TE_(common_database_perm_to_string) + diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c new file mode 100644 index 00000000..45cd0db0 --- /dev/null +++ b/libselinux/src/compute_av.c @@ -0,0 +1,95 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <limits.h> +#include "selinux_internal.h" +#include "policy.h" +#include "mapping.h" + +int security_compute_av_raw(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + access_vector_t requested, struct av_decision *avd) +{ + char path[PATH_MAX]; + char *buf; + size_t len; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/access", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + len = selinux_page_size; + buf = malloc(len); + if (!buf) { + ret = -1; + goto out; + } + + snprintf(buf, len, "%s %s %hu %x", scon, tcon, + unmap_class(tclass), unmap_perm(tclass, requested)); + + ret = write(fd, buf, strlen(buf)); + if (ret < 0) + goto out2; + + memset(buf, 0, len); + ret = read(fd, buf, len - 1); + if (ret < 0) + goto out2; + + if (sscanf(buf, "%x %x %x %x %u", &avd->allowed, + &avd->decided, &avd->auditallow, &avd->auditdeny, + &avd->seqno) != 5) { + ret = -1; + goto out2; + } + + map_decision(tclass, avd); + + ret = 0; + out2: + free(buf); + out: + close(fd); + return ret; +} + +hidden_def(security_compute_av_raw) + +int security_compute_av(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + access_vector_t requested, struct av_decision *avd) +{ + int ret; + security_context_t rscon = scon; + security_context_t rtcon = tcon; + + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; + } + + ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd); + + freecon(rscon); + freecon(rtcon); + + return ret; +} + +hidden_def(security_compute_av) diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c new file mode 100644 index 00000000..1c56f0fb --- /dev/null +++ b/libselinux/src/compute_create.c @@ -0,0 +1,94 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <limits.h> +#include "selinux_internal.h" +#include "policy.h" +#include "mapping.h" + +int security_compute_create_raw(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon) +{ + char path[PATH_MAX]; + char *buf; + size_t size; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/create", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + size = selinux_page_size; + buf = malloc(size); + if (!buf) { + ret = -1; + goto out; + } + snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass)); + + ret = write(fd, buf, strlen(buf)); + if (ret < 0) + goto out2; + + memset(buf, 0, size); + ret = read(fd, buf, size - 1); + if (ret < 0) + goto out2; + + *newcon = strdup(buf); + if (!(*newcon)) { + ret = -1; + goto out2; + } + ret = 0; + out2: + free(buf); + out: + close(fd); + return ret; +} + +hidden_def(security_compute_create_raw) + +int security_compute_create(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon) +{ + int ret; + security_context_t rscon = scon; + security_context_t rtcon = tcon; + security_context_t rnewcon; + + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; + } + + ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon); + + freecon(rscon); + freecon(rtcon); + if (!ret) { + ret = selinux_raw_to_trans_context(rnewcon, newcon); + freecon(rnewcon); + } + + return ret; +} + +hidden_def(security_compute_create) diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c new file mode 100644 index 00000000..e5495e44 --- /dev/null +++ b/libselinux/src/compute_member.c @@ -0,0 +1,95 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <limits.h> +#include "selinux_internal.h" +#include "policy.h" +#include "mapping.h" + +int security_compute_member_raw(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon) +{ + char path[PATH_MAX]; + char *buf; + size_t size; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/member", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + size = selinux_page_size; + buf = malloc(size); + if (!buf) { + ret = -1; + goto out; + } + snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass)); + + ret = write(fd, buf, strlen(buf)); + if (ret < 0) + goto out2; + + memset(buf, 0, size); + ret = read(fd, buf, size - 1); + if (ret < 0) + goto out2; + + *newcon = strdup(buf); + if (!(*newcon)) { + ret = -1; + goto out2; + } + ret = 0; + out2: + free(buf); + out: + close(fd); + return ret; +} + +hidden_def(security_compute_member_raw) + +int security_compute_member(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon) +{ + int ret; + security_context_t rscon = scon; + security_context_t rtcon = tcon; + security_context_t rnewcon; + + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; + } + + ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon); + + freecon(rscon); + freecon(rtcon); + if (!ret) { + if (selinux_raw_to_trans_context(rnewcon, newcon)) { + *newcon = NULL; + ret = -1; + } + freecon(rnewcon); + } + + return ret; +} diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c new file mode 100644 index 00000000..ae9c6483 --- /dev/null +++ b/libselinux/src/compute_relabel.c @@ -0,0 +1,92 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include <limits.h> +#include "selinux_internal.h" +#include "policy.h" +#include "mapping.h" + +int security_compute_relabel_raw(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon) +{ + char path[PATH_MAX]; + char *buf; + size_t size; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/relabel", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + size = selinux_page_size; + buf = malloc(size); + if (!buf) { + ret = -1; + goto out; + } + snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass)); + + ret = write(fd, buf, strlen(buf)); + if (ret < 0) + goto out2; + + memset(buf, 0, size); + ret = read(fd, buf, size - 1); + if (ret < 0) + goto out2; + + *newcon = strdup(buf); + if (!*newcon) { + ret = -1; + goto out2; + } + ret = 0; + out2: + free(buf); + out: + close(fd); + return ret; +} + +hidden_def(security_compute_relabel_raw) + +int security_compute_relabel(security_context_t scon, + security_context_t tcon, + security_class_t tclass, + security_context_t * newcon) +{ + int ret; + security_context_t rscon = scon; + security_context_t rtcon = tcon; + security_context_t rnewcon; + + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + if (selinux_trans_to_raw_context(tcon, &rtcon)) { + freecon(rscon); + return -1; + } + + ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon); + + freecon(rscon); + freecon(rtcon); + if (!ret) { + ret = selinux_raw_to_trans_context(rnewcon, newcon); + freecon(rnewcon); + } + + return ret; +} diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c new file mode 100644 index 00000000..fa6f650a --- /dev/null +++ b/libselinux/src/compute_user.c @@ -0,0 +1,110 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include "selinux_internal.h" +#include "policy.h" +#include <limits.h> + +int security_compute_user_raw(security_context_t scon, + const char *user, security_context_t ** con) +{ + char path[PATH_MAX]; + char **ary; + char *buf, *ptr; + size_t size; + int fd, ret; + unsigned int i, nel; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/user", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + size = selinux_page_size; + buf = malloc(size); + if (!buf) { + ret = -1; + goto out; + } + snprintf(buf, size, "%s %s", scon, user); + + ret = write(fd, buf, strlen(buf)); + if (ret < 0) + goto out2; + + memset(buf, 0, size); + ret = read(fd, buf, size - 1); + if (ret < 0) + goto out2; + + if (sscanf(buf, "%u", &nel) != 1) { + ret = -1; + goto out2; + } + + ary = malloc((nel + 1) * sizeof(char *)); + if (!ary) { + ret = -1; + goto out2; + } + + ptr = buf + strlen(buf) + 1; + for (i = 0; i < nel; i++) { + ary[i] = strdup(ptr); + if (!ary[i]) { + freeconary(ary); + ret = -1; + goto out2; + } + ptr += strlen(ptr) + 1; + } + ary[nel] = NULL; + *con = ary; + ret = 0; + out2: + free(buf); + out: + close(fd); + return ret; +} + +hidden_def(security_compute_user_raw) + +int security_compute_user(security_context_t scon, + const char *user, security_context_t ** con) +{ + int ret; + security_context_t rscon = scon; + + if (selinux_trans_to_raw_context(scon, &rscon)) + return -1; + + ret = security_compute_user_raw(rscon, user, con); + + freecon(rscon); + if (!ret) { + security_context_t *ptr, tmpcon; + for (ptr = *con; *ptr; ptr++) { + if (selinux_raw_to_trans_context(*ptr, &tmpcon)) { + freeconary(*con); + *con = NULL; + return -1; + } + freecon(*ptr); + *ptr = tmpcon; + } + } + + return ret; +} + +hidden_def(security_compute_user) diff --git a/libselinux/src/context.c b/libselinux/src/context.c new file mode 100644 index 00000000..81641041 --- /dev/null +++ b/libselinux/src/context.c @@ -0,0 +1,193 @@ +#include "context_internal.h" +#include <string.h> +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> + +#define COMP_USER 0 +#define COMP_ROLE 1 +#define COMP_TYPE 2 +#define COMP_RANGE 3 + +typedef struct { + char *current_str; /* This is made up-to-date only when needed */ + char *(component[4]); +} context_private_t; + +/* + * Allocate a new context, initialized from str. There must be 3 or + * 4 colon-separated components and no whitespace in any component other + * than the MLS component. + */ +context_t context_new(const char *str) +{ + int i, count; + context_private_t *n = + (context_private_t *) malloc(sizeof(context_private_t)); + context_t result = (context_t) malloc(sizeof(context_s_t)); + const char *p, *tok; + + if (result) + result->ptr = n; + else + free(n); + if (n == 0 || result == 0) { + goto err; + } + n->current_str = n->component[0] = n->component[1] = n->component[2] = + n->component[3] = 0; + for (i = count = 0, p = str; *p; p++) { + switch (*p) { + case ':': + count++; + break; + case '\n': + case '\t': + case '\r': + goto err; /* sanity check */ + case ' ': + if (count < 3) + goto err; /* sanity check */ + } + } + /* + * Could be anywhere from 2 - 5 + * e.g user:role:type to user:role:type:sens1:cata-sens2:catb + */ + if (count < 2 || count > 5) { /* might not have a range */ + goto err; + } + + n->component[3] = 0; + for (i = 0, tok = str; *tok; i++) { + if (i < 3) + for (p = tok; *p && *p != ':'; p++) { /* empty */ + } else { + /* MLS range is one component */ + for (p = tok; *p; p++) { /* empty */ + } + } + n->component[i] = (char *)malloc(p - tok + 1); + if (n->component[i] == 0) + goto err; + strncpy(n->component[i], tok, p - tok); + n->component[i][p - tok] = '\0'; + tok = *p ? p + 1 : p; + } + return result; + err: + context_free(result); + return 0; +} + +hidden_def(context_new) + +static void conditional_free(char **v) +{ + if (*v) { + free(*v); + } + *v = 0; +} + +/* + * free all storage used by a context. Safe to call with + * null pointer. + */ +void context_free(context_t context) +{ + context_private_t *n; + int i; + if (context) { + n = context->ptr; + if (n) { + conditional_free(&n->current_str); + for (i = 0; i < 4; i++) { + conditional_free(&n->component[i]); + } + free(n); + } + free(context); + } +} + +hidden_def(context_free) + +/* + * Return a pointer to the string value of the context. + */ +char *context_str(context_t context) +{ + context_private_t *n = context->ptr; + int i; + size_t total = 0; + conditional_free(&n->current_str); + for (i = 0; i < 4; i++) { + if (n->component[i]) { + total += strlen(n->component[i]) + 1; + } + } + n->current_str = malloc(total); + if (n->current_str != 0) { + char *cp = n->current_str; + + cp = stpcpy(cp, n->component[0]); + for (i = 1; i < 4; i++) { + if (n->component[i]) { + *cp++ = ':'; + cp = stpcpy(cp, n->component[i]); + } + } + } + return n->current_str; +} + +hidden_def(context_str) + +/* Returns nonzero iff failed */ +static int set_comp(context_private_t * n, int idx, const char *str) +{ + char *t = NULL; + const char *p; + if (str) { + t = (char *)malloc(strlen(str) + 1); + if (!t) { + return 1; + } + for (p = str; *p; p++) { + if (*p == '\t' || *p == '\n' || *p == '\r' || + ((*p == ':' || *p == ' ') && idx != COMP_RANGE)) { + free(t); + errno = EINVAL; + return 1; + } + } + strcpy(t, str); + } + conditional_free(&n->component[idx]); + n->component[idx] = t; + return 0; +} + +#define def_get(name,tag) \ +const char * context_ ## name ## _get(context_t context) \ +{ \ + context_private_t *n = context->ptr; \ + return n->component[tag]; \ +} \ +hidden_def(context_ ## name ## _get) + +def_get(type, COMP_TYPE) + def_get(user, COMP_USER) + def_get(range, COMP_RANGE) + def_get(role, COMP_ROLE) +#define def_set(name,tag) \ +int context_ ## name ## _set(context_t context, const char* str) \ +{ \ + return set_comp(context->ptr,tag,str);\ +} \ +hidden_def(context_ ## name ## _set) + def_set(type, COMP_TYPE) + def_set(role, COMP_ROLE) + def_set(user, COMP_USER) + def_set(range, COMP_RANGE) diff --git a/libselinux/src/context_internal.h b/libselinux/src/context_internal.h new file mode 100644 index 00000000..3c71e802 --- /dev/null +++ b/libselinux/src/context_internal.h @@ -0,0 +1,14 @@ +#include <selinux/context.h> +#include "dso.h" + +hidden_proto(context_new) + hidden_proto(context_free) + hidden_proto(context_str) + hidden_proto(context_type_set) + hidden_proto(context_type_get) + hidden_proto(context_role_set) + hidden_proto(context_role_get) + hidden_proto(context_user_set) + hidden_proto(context_user_get) + hidden_proto(context_range_set) + hidden_proto(context_range_get) diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c new file mode 100644 index 00000000..dac0f5bd --- /dev/null +++ b/libselinux/src/disable.c @@ -0,0 +1,38 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <errno.h> +#include <string.h> +#include "selinux_internal.h" +#include "policy.h" +#include <stdio.h> +#include <limits.h> + +int security_disable(void) +{ + int fd, ret; + char path[PATH_MAX]; + char buf[20]; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/disable", selinux_mnt); + fd = open(path, O_WRONLY); + if (fd < 0) + return -1; + + buf[0] = '1'; + buf[1] = '\0'; + ret = write(fd, buf, strlen(buf)); + close(fd); + if (ret < 0) + return -1; + + return 0; +} + +hidden_def(security_disable) diff --git a/libselinux/src/dso.h b/libselinux/src/dso.h new file mode 100644 index 00000000..12c3d116 --- /dev/null +++ b/libselinux/src/dso.h @@ -0,0 +1,23 @@ +#ifndef _SELINUX_DSO_H +#define _SELINUX_DSO_H 1 + +#ifdef SHARED +# define hidden __attribute__ ((visibility ("hidden"))) +# define hidden_proto(fct) __hidden_proto (fct, fct##_internal) +# define __hidden_proto(fct, internal) \ + extern __typeof (fct) internal; \ + extern __typeof (fct) fct __asm (#internal) hidden; +# if defined(__alpha__) || defined(__mips__) +# define hidden_def(fct) \ + asm (".globl " #fct "\n" #fct " = " #fct "_internal"); +# else +# define hidden_def(fct) \ + asm (".globl " #fct "\n.set " #fct ", " #fct "_internal"); +#endif +#else +# define hidden +# define hidden_proto(fct) +# define hidden_def(fct) +#endif + +#endif diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c new file mode 100644 index 00000000..b3c8c477 --- /dev/null +++ b/libselinux/src/enabled.c @@ -0,0 +1,104 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include "selinux_internal.h" +#include <stdlib.h> +#include <errno.h> +#include <limits.h> +#include <stdio.h> +#include <stdio_ext.h> +#include "policy.h" + +int is_selinux_enabled(void) +{ + char *buf=NULL; + FILE *fp; + ssize_t num; + size_t len; + int enabled = 0; + security_context_t con; + + /* init_selinuxmnt() gets called before this function. We + * will assume that if a selinux file system is mounted, then + * selinux is enabled. */ + if (selinux_mnt) { + + /* Since a file system is mounted, we consider selinux + * enabled. If getcon_raw fails, selinux is still enabled. + * We only consider it disabled if no policy is loaded. */ + enabled = 1; + if (getcon_raw(&con) == 0) { + if (!strcmp(con, "kernel")) + enabled = 0; + freecon(con); + } + return enabled; + } + + /* Drop back to detecting it the long way. */ + fp = fopen("/proc/filesystems", "r"); + if (!fp) + return -1; + + __fsetlocking(fp, FSETLOCKING_BYCALLER); + while ((num = getline(&buf, &len, fp)) != -1) { + if (strstr(buf, "selinuxfs")) { + enabled = 1; + break; + } + } + + if (num < 0) + goto out; + + /* Since an selinux file system is available, we consider + * selinux enabled. If getcon_raw fails, selinux is still + * enabled. We only consider it disabled if no policy is loaded. */ + if (getcon_raw(&con) == 0) { + if (!strcmp(con, "kernel")) + enabled = 0; + freecon(con); + } + + out: + free(buf); + fclose(fp); + return enabled; +} + +hidden_def(is_selinux_enabled) + +/* + * Function: is_selinux_mls_enabled() + * Return: 1 on success + * 0 on failure + */ +int is_selinux_mls_enabled(void) +{ + char buf[20], path[PATH_MAX]; + int fd, ret, enabled = 0; + + if (!selinux_mnt) + return enabled; + + snprintf(path, sizeof path, "%s/mls", selinux_mnt); + fd = open(path, O_RDONLY); + if (fd < 0) + return enabled; + + memset(buf, 0, sizeof buf); + + do { + ret = read(fd, buf, sizeof buf - 1); + } while (ret < 0 && errno == EINTR); + close(fd); + if (ret < 0) + return enabled; + + if (!strcmp(buf, "1")) + enabled = 1; + + return enabled; +} + +hidden_def(is_selinux_mls_enabled) diff --git a/libselinux/src/fgetfilecon.c b/libselinux/src/fgetfilecon.c new file mode 100644 index 00000000..c88d515d --- /dev/null +++ b/libselinux/src/fgetfilecon.c @@ -0,0 +1,72 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/xattr.h> +#include "selinux_internal.h" +#include "policy.h" + +int fgetfilecon_raw(int fd, security_context_t * context) +{ + char *buf; + ssize_t size; + ssize_t ret; + + size = INITCONTEXTLEN + 1; + buf = malloc(size); + if (!buf) + return -1; + memset(buf, 0, size); + + ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1); + if (ret < 0 && errno == ERANGE) { + char *newbuf; + + size = fgetxattr(fd, XATTR_NAME_SELINUX, NULL, 0); + if (size < 0) + goto out; + + size++; + newbuf = realloc(buf, size); + if (!newbuf) + goto out; + + buf = newbuf; + memset(buf, 0, size); + ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1); + } + out: + if (ret == 0) { + /* Re-map empty attribute values to errors. */ + errno = EOPNOTSUPP; + ret = -1; + } + if (ret < 0) + free(buf); + else + *context = buf; + return ret; +} + +hidden_def(fgetfilecon_raw) + +int fgetfilecon(int fd, security_context_t * context) +{ + security_context_t rcontext; + int ret; + + *context = NULL; + + ret = fgetfilecon_raw(fd, &rcontext); + + if (ret > 0) { + ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); + } + + if (ret >= 0 && *context) + return strlen(*context) + 1; + + return ret; +} diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h new file mode 100644 index 00000000..bea5c409 --- /dev/null +++ b/libselinux/src/file_path_suffixes.h @@ -0,0 +1,21 @@ +/* File name suffixes. */ +S_(BINPOLICY, "/policy/policy") + S_(CONTEXTS_DIR, "/contexts") + S_(FILE_CONTEXTS, "/contexts/files/file_contexts") + S_(HOMEDIR_CONTEXTS, "/contexts/files/homedir_template") + S_(DEFAULT_CONTEXTS, "/contexts/default_contexts") + S_(USER_CONTEXTS, "/contexts/users/") + S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context") + S_(DEFAULT_TYPE, "/contexts/default_type") + S_(SECURETTY_TYPES, "/contexts/securetty_types") + S_(BOOLEANS, "/booleans") + S_(MEDIA_CONTEXTS, "/contexts/files/media") + S_(REMOVABLE_CONTEXT, "/contexts/removable_context") + S_(CUSTOMIZABLE_TYPES, "/contexts/customizable_types") + S_(USERS_DIR, "/users/") + S_(SEUSERS, "/seusers") + S_(TRANSLATIONS, "/setrans.conf") + S_(NETFILTER_CONTEXTS, "/contexts/netfilter_contexts") + S_(FILE_CONTEXTS_HOMEDIR, "/contexts/files/file_contexts.homedirs") + S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local") + S_(X_CONTEXTS, "/contexts/x_contexts") diff --git a/libselinux/src/freecon.c b/libselinux/src/freecon.c new file mode 100644 index 00000000..3ec4fe2b --- /dev/null +++ b/libselinux/src/freecon.c @@ -0,0 +1,11 @@ +#include <unistd.h> +#include "selinux_internal.h" +#include <stdlib.h> +#include <errno.h> + +void freecon(security_context_t con) +{ + free(con); +} + +hidden_def(freecon) diff --git a/libselinux/src/freeconary.c b/libselinux/src/freeconary.c new file mode 100644 index 00000000..835f5bc8 --- /dev/null +++ b/libselinux/src/freeconary.c @@ -0,0 +1,19 @@ +#include <unistd.h> +#include "selinux_internal.h" +#include <stdlib.h> +#include <errno.h> + +void freeconary(security_context_t * con) +{ + char **ptr; + + if (!con) + return; + + for (ptr = con; *ptr; ptr++) { + free(*ptr); + } + free(con); +} + +hidden_def(freeconary) diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c new file mode 100644 index 00000000..6cad4d7e --- /dev/null +++ b/libselinux/src/fsetfilecon.c @@ -0,0 +1,31 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/xattr.h> +#include "selinux_internal.h" +#include "policy.h" + +int fsetfilecon_raw(int fd, security_context_t context) +{ + return fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1, + 0); +} + +hidden_def(fsetfilecon_raw) + +int fsetfilecon(int fd, security_context_t context) +{ + int ret; + security_context_t rcontext = context; + + if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = fsetfilecon_raw(fd, rcontext); + + freecon(rcontext); + + return ret; +} diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c new file mode 100644 index 00000000..a50fca85 --- /dev/null +++ b/libselinux/src/get_context_list.c @@ -0,0 +1,541 @@ +#include <unistd.h> +#include <errno.h> +#include <stdio.h> +#include <stdio_ext.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <pwd.h> +#include "selinux_internal.h" +#include "context_internal.h" +#include "get_context_list_internal.h" + +int get_default_context_with_role(const char *user, + const char *role, + security_context_t fromcon, + security_context_t * newcon) +{ + security_context_t *conary; + char **ptr; + context_t con; + const char *role2; + int rc; + + rc = get_ordered_context_list(user, fromcon, &conary); + if (rc <= 0) + return -1; + + for (ptr = conary; *ptr; ptr++) { + con = context_new(*ptr); + if (!con) + continue; + role2 = context_role_get(con); + if (role2 && !strcmp(role, role2)) { + context_free(con); + break; + } + context_free(con); + } + + rc = -1; + if (!(*ptr)) + goto out; + *newcon = strdup(*ptr); + if (!(*newcon)) + goto out; + rc = 0; + out: + freeconary(conary); + return rc; +} + +hidden_def(get_default_context_with_role) + +int get_default_context_with_rolelevel(const char *user, + const char *role, + const char *level, + security_context_t fromcon, + security_context_t * newcon) +{ + + int rc = 0; + int freefrom = 0; + context_t con; + char *newfromcon; + if (!level) + return get_default_context_with_role(user, role, fromcon, + newcon); + + if (!fromcon) { + rc = getcon(&fromcon); + if (rc < 0) + return rc; + freefrom = 1; + } + + rc = -1; + con = context_new(fromcon); + if (!con) + goto out; + + if (context_range_set(con, level)) + goto out; + + newfromcon = context_str(con); + if (!newfromcon) + goto out; + + rc = get_default_context_with_role(user, role, newfromcon, newcon); + + out: + context_free(con); + if (freefrom) + freecon(fromcon); + return rc; + +} + +int get_default_context(const char *user, + security_context_t fromcon, security_context_t * newcon) +{ + security_context_t *conary; + int rc; + + rc = get_ordered_context_list(user, fromcon, &conary); + if (rc <= 0) + return -1; + + *newcon = strdup(conary[0]); + freeconary(conary); + if (!(*newcon)) + return -1; + return 0; +} + +static int find_partialcon(security_context_t * list, + unsigned int nreach, char *part) +{ + const char *conrole, *contype; + char *partrole, *parttype, *ptr; + context_t con; + unsigned int i; + + partrole = part; + ptr = part; + while (*ptr && !isspace(*ptr) && *ptr != ':') + ptr++; + if (*ptr != ':') + return -1; + *ptr++ = 0; + parttype = ptr; + while (*ptr && !isspace(*ptr) && *ptr != ':') + ptr++; + *ptr = 0; + + for (i = 0; i < nreach; i++) { + con = context_new(list[i]); + if (!con) + return -1; + conrole = context_role_get(con); + contype = context_type_get(con); + if (!conrole || !contype) { + context_free(con); + return -1; + } + if (!strcmp(conrole, partrole) && !strcmp(contype, parttype)) { + context_free(con); + return i; + } + context_free(con); + } + + return -1; +} + +static int get_context_order(FILE * fp, + security_context_t fromcon, + security_context_t * reachable, + unsigned int nreach, + unsigned int *ordering, unsigned int *nordered) +{ + char *start, *end = NULL; + char *line = NULL; + size_t line_len = 0; + ssize_t len; + int found = 0; + const char *fromrole, *fromtype; + char *linerole, *linetype; + unsigned int i; + context_t con; + int rc; + + errno = -EINVAL; + + /* Extract the role and type of the fromcon for matching. + User identity and MLS range can be variable. */ + con = context_new(fromcon); + if (!con) + return -1; + fromrole = context_role_get(con); + fromtype = context_type_get(con); + if (!fromrole || !fromtype) { + context_free(con); + return -1; + } + + while ((len = getline(&line, &line_len, fp)) > 0) { + if (line[len - 1] == '\n') + line[len - 1] = 0; + + /* Skip leading whitespace. */ + start = line; + while (*start && isspace(*start)) + start++; + if (!(*start)) + continue; + + /* Find the end of the (partial) fromcon in the line. */ + end = start; + while (*end && !isspace(*end)) + end++; + if (!(*end)) + continue; + + /* Check for a match. */ + linerole = start; + while (*start && !isspace(*start) && *start != ':') + start++; + if (*start != ':') + continue; + *start = 0; + linetype = ++start; + while (*start && !isspace(*start) && *start != ':') + start++; + if (!(*start)) + continue; + *start = 0; + if (!strcmp(fromrole, linerole) && !strcmp(fromtype, linetype)) { + found = 1; + break; + } + } + + if (!found) { + errno = ENOENT; + rc = -1; + goto out; + } + + start = ++end; + while (*start) { + /* Skip leading whitespace */ + while (*start && isspace(*start)) + start++; + if (!(*start)) + break; + + /* Find the end of this partial context. */ + end = start; + while (*end && !isspace(*end)) + end++; + if (*end) + *end++ = 0; + + /* Check for a match in the reachable list. */ + rc = find_partialcon(reachable, nreach, start); + if (rc < 0) { + /* No match, skip it. */ + start = end; + continue; + } + + /* If a match is found and the entry is not already ordered + (e.g. due to prior match in prior config file), then set + the ordering for it. */ + i = rc; + if (ordering[i] == nreach) + ordering[i] = (*nordered)++; + start = end; + } + + rc = 0; + + out: + context_free(con); + free(line); + return rc; +} + +static int get_failsafe_context(const char *user, security_context_t * newcon) +{ + FILE *fp; + char buf[255], *ptr; + size_t plen, nlen; + int rc; + + fp = fopen(selinux_failsafe_context_path(), "r"); + if (!fp) + return -1; + + ptr = fgets_unlocked(buf, sizeof buf, fp); + fclose(fp); + + if (!ptr) + return -1; + plen = strlen(ptr); + if (buf[plen - 1] == '\n') + buf[plen - 1] = 0; + + retry: + nlen = strlen(user) + 1 + plen + 1; + *newcon = malloc(nlen); + if (!(*newcon)) + return -1; + rc = snprintf(*newcon, nlen, "%s:%s", user, ptr); + if (rc < 0 || (size_t) rc >= nlen) { + free(*newcon); + *newcon = 0; + return -1; + } + + /* If possible, check the context to catch + errors early rather than waiting until the + caller tries to use setexeccon on the context. + But this may not always be possible, e.g. if + selinuxfs isn't mounted. */ + if (security_check_context(*newcon) && errno != ENOENT) { + free(*newcon); + *newcon = 0; + if (strcmp(user, SELINUX_DEFAULTUSER)) { + user = SELINUX_DEFAULTUSER; + goto retry; + } + return -1; + } + + return 0; +} + +struct context_order { + security_context_t con; + unsigned int order; +}; + +static int order_compare(const void *A, const void *B) +{ + const struct context_order *c1 = A, *c2 = B; + if (c1->order < c2->order) + return -1; + else if (c1->order > c2->order) + return 1; + return strcmp(c1->con, c2->con); +} + +int get_ordered_context_list_with_level(const char *user, + const char *level, + security_context_t fromcon, + security_context_t ** list) +{ + int rc; + int freefrom = 0; + context_t con; + char *newfromcon; + + if (!level) + return get_ordered_context_list(user, fromcon, list); + + if (!fromcon) { + rc = getcon(&fromcon); + if (rc < 0) + return rc; + freefrom = 1; + } + + rc = -1; + con = context_new(fromcon); + if (!con) + goto out; + + if (context_range_set(con, level)) + goto out; + + newfromcon = context_str(con); + if (!newfromcon) + goto out; + + rc = get_ordered_context_list(user, newfromcon, list); + + out: + context_free(con); + if (freefrom) + freecon(fromcon); + return rc; +} + +hidden_def(get_ordered_context_list_with_level) + +int get_default_context_with_level(const char *user, + const char *level, + security_context_t fromcon, + security_context_t * newcon) +{ + security_context_t *conary; + int rc; + + rc = get_ordered_context_list_with_level(user, level, fromcon, &conary); + if (rc <= 0) + return -1; + + *newcon = strdup(conary[0]); + freeconary(conary); + if (!(*newcon)) + return -1; + return 0; +} + +int get_ordered_context_list(const char *user, + security_context_t fromcon, + security_context_t ** list) +{ + security_context_t *reachable = NULL; + unsigned int *ordering = NULL; + struct context_order *co = NULL; + char **ptr; + int rc = 0; + unsigned int nreach = 0, nordered = 0, freefrom = 0, i; + FILE *fp; + char *fname = NULL; + size_t fname_len; + const char *user_contexts_path = selinux_user_contexts_path(); + + if (!fromcon) { + /* Get the current context and use it for the starting context */ + rc = getcon(&fromcon); + if (rc < 0) + return rc; + freefrom = 1; + } + + /* Determine the set of reachable contexts for the user. */ + rc = security_compute_user(fromcon, user, &reachable); + if (rc < 0) { + /* Retry with the default SELinux user identity. */ + user = SELINUX_DEFAULTUSER; + rc = security_compute_user(fromcon, user, &reachable); + if (rc < 0) + goto failsafe; + } + nreach = 0; + for (ptr = reachable; *ptr; ptr++) + nreach++; + if (!nreach) + goto failsafe; + + /* Initialize ordering array. */ + ordering = malloc(nreach * sizeof(unsigned int)); + if (!ordering) + goto oom_order; + for (i = 0; i < nreach; i++) + ordering[i] = nreach; + + /* Determine the ordering to apply from the optional per-user config + and from the global config. */ + fname_len = strlen(user_contexts_path) + strlen(user) + 2; + fname = malloc(fname_len); + if (!fname) + goto oom_order; + snprintf(fname, fname_len, "%s%s", user_contexts_path, user); + fp = fopen(fname, "r"); + if (fp) { + __fsetlocking(fp, FSETLOCKING_BYCALLER); + rc = get_context_order(fp, fromcon, reachable, nreach, ordering, + &nordered); + fclose(fp); + if (rc < 0 && errno != ENOENT) { + fprintf(stderr, + "%s: error in processing configuration file %s\n", + __FUNCTION__, fname); + /* Fall through, try global config */ + } + } + free(fname); + fp = fopen(selinux_default_context_path(), "r"); + if (fp) { + __fsetlocking(fp, FSETLOCKING_BYCALLER); + rc = get_context_order(fp, fromcon, reachable, nreach, ordering, + &nordered); + fclose(fp); + if (rc < 0 && errno != ENOENT) { + fprintf(stderr, + "%s: error in processing configuration file %s\n", + __FUNCTION__, selinux_default_context_path()); + /* Fall through */ + } + } + + /* Apply the ordering. */ + if (nordered) { + co = malloc(nreach * sizeof(struct context_order)); + if (!co) + goto oom_order; + for (i = 0; i < nreach; i++) { + co[i].con = reachable[i]; + co[i].order = ordering[i]; + } + qsort(co, nreach, sizeof(struct context_order), order_compare); + for (i = 0; i < nreach; i++) + reachable[i] = co[i].con; + free(co); + } + + /* Return the ordered list. + If we successfully ordered it, then only report the ordered entries + to the caller. Otherwise, fall back to the entire reachable list. */ + if (nordered && nordered < nreach) { + for (i = nordered; i < nreach; i++) + free(reachable[i]); + reachable[nordered] = NULL; + rc = nordered; + } else { + rc = nreach; + } + + out: + *list = reachable; + + free(ordering); + if (freefrom) + freecon(fromcon); + + return rc; + + failsafe: + /* Unable to determine a reachable context list, try to fall back to + the "failsafe" context to at least permit root login + for emergency recovery if possible. */ + freeconary(reachable); + reachable = malloc(2 * sizeof(security_context_t)); + if (!reachable) { + rc = -1; + goto out; + } + reachable[0] = reachable[1] = 0; + rc = get_failsafe_context(user, &reachable[0]); + if (rc < 0) { + freeconary(reachable); + reachable = NULL; + goto out; + } + rc = 1; /* one context in the list */ + goto out; + + oom_order: + /* Unable to order context list due to OOM condition. + Fall back to unordered reachable context list. */ + fprintf(stderr, "%s: out of memory, unable to order list\n", + __FUNCTION__); + rc = nreach; + goto out; +} + +hidden_def(get_ordered_context_list) diff --git a/libselinux/src/get_context_list_internal.h b/libselinux/src/get_context_list_internal.h new file mode 100644 index 00000000..c224834e --- /dev/null +++ b/libselinux/src/get_context_list_internal.h @@ -0,0 +1,6 @@ +#include <selinux/get_context_list.h> +#include "dso.h" + +hidden_proto(get_ordered_context_list) + hidden_proto(get_ordered_context_list_with_level) + hidden_proto(get_default_context_with_role) diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_type.c new file mode 100644 index 00000000..6fd1681e --- /dev/null +++ b/libselinux/src/get_default_type.c @@ -0,0 +1,65 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include "get_default_type_internal.h" + +static int find_default_type(FILE * fp, const char *role, char **type); + +int get_default_type(const char *role, char **type) +{ + FILE *fp = NULL; + + fp = fopen(selinux_default_type_path(), "r"); + if (!fp) + return -1; + + if (find_default_type(fp, role, type) < 0) { + fclose(fp); + return -1; + } + + fclose(fp); + return 0; +} + +static int find_default_type(FILE * fp, const char *role, char **type) +{ + char buf[250]; + char *ptr = "", *end, *t; + size_t len; + int found = 0; + + len = strlen(role); + while (!feof_unlocked(fp)) { + if (!fgets_unlocked(buf, sizeof buf, fp)) + return -1; + if (buf[strlen(buf) - 1]) + buf[strlen(buf) - 1] = 0; + + ptr = buf; + while (*ptr && isspace(*ptr)) + ptr++; + if (!(*ptr)) + continue; + + if (!strncmp(role, ptr, len)) { + end = ptr + len; + if (*end == ':') { + found = 1; + ptr = ++end; + break; + } + } + } + + if (!found) + return -1; + + t = malloc(strlen(buf) - len); + if (!t) + return -1; + strcpy(t, ptr); + *type = t; + return 0; +} diff --git a/libselinux/src/get_default_type_internal.h b/libselinux/src/get_default_type_internal.h new file mode 100644 index 00000000..0da3c512 --- /dev/null +++ b/libselinux/src/get_default_type_internal.h @@ -0,0 +1,4 @@ +#include <selinux/get_default_type.h> +#include "dso.h" + +hidden_proto(selinux_default_type_path) diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c new file mode 100644 index 00000000..16764354 --- /dev/null +++ b/libselinux/src/get_initial_context.c @@ -0,0 +1,72 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include <string.h> +#include "selinux_internal.h" +#include "policy.h" +#include <limits.h> + +#define SELINUX_INITCON_DIR "/initial_contexts/" + +int security_get_initial_context_raw(const char * name, security_context_t * con) +{ + char path[PATH_MAX]; + char *buf; + size_t size; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s%s%s", + selinux_mnt, SELINUX_INITCON_DIR, name); + fd = open(path, O_RDONLY); + if (fd < 0) + return -1; + + size = selinux_page_size; + buf = malloc(size); + if (!buf) { + ret = -1; + goto out; + } + memset(buf, 0, size); + ret = read(fd, buf, size - 1); + if (ret < 0) + goto out2; + + *con = strdup(buf); + if (!(*con)) { + ret = -1; + goto out2; + } + ret = 0; + out2: + free(buf); + out: + close(fd); + return ret; +} + +hidden_def(security_get_initial_context_raw) + +int security_get_initial_context(const char * name, security_context_t * con) +{ + int ret; + security_context_t rcon; + + ret = security_get_initial_context_raw(name, &rcon); + if (!ret) { + ret = selinux_raw_to_trans_context(rcon, con); + freecon(rcon); + } + + return ret; +} + +hidden_def(security_get_initial_context) diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c new file mode 100644 index 00000000..4fb516a6 --- /dev/null +++ b/libselinux/src/getenforce.c @@ -0,0 +1,40 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <errno.h> +#include <string.h> +#include "selinux_internal.h" +#include "policy.h" +#include <stdio.h> +#include <limits.h> + +int security_getenforce(void) +{ + int fd, ret, enforce = 0; + char path[PATH_MAX]; + char buf[20]; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/enforce", selinux_mnt); + fd = open(path, O_RDONLY); + if (fd < 0) + return -1; + + memset(buf, 0, sizeof buf); + ret = read(fd, buf, sizeof buf - 1); + close(fd); + if (ret < 0) + return -1; + + if (sscanf(buf, "%d", &enforce) != 1) + return -1; + + return enforce; +} + +hidden_def(security_getenforce) diff --git a/libselinux/src/getfilecon.c b/libselinux/src/getfilecon.c new file mode 100644 index 00000000..67e4463d --- /dev/null +++ b/libselinux/src/getfilecon.c @@ -0,0 +1,73 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include "selinux_internal.h" +#include <stdlib.h> +#include <errno.h> +#include <sys/xattr.h> +#include "policy.h" + +int getfilecon_raw(const char *path, security_context_t * context) +{ + char *buf; + ssize_t size; + ssize_t ret; + + size = INITCONTEXTLEN + 1; + buf = malloc(size); + if (!buf) + return -1; + memset(buf, 0, size); + + ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1); + if (ret < 0 && errno == ERANGE) { + char *newbuf; + + size = getxattr(path, XATTR_NAME_SELINUX, NULL, 0); + if (size < 0) + goto out; + + size++; + newbuf = realloc(buf, size); + if (!newbuf) + goto out; + + buf = newbuf; + memset(buf, 0, size); + ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1); + } + out: + if (ret == 0) { + /* Re-map empty attribute values to errors. */ + errno = EOPNOTSUPP; + ret = -1; + } + if (ret < 0) + free(buf); + else + *context = buf; + return ret; +} + +hidden_def(getfilecon_raw) + +int getfilecon(const char *path, security_context_t * context) +{ + int ret; + security_context_t rcontext; + + *context = NULL; + + ret = getfilecon_raw(path, &rcontext); + + if (ret > 0) { + ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); + } + if (ret >= 0 && *context) + return strlen(*context) + 1; + + return ret; +} + +hidden_def(getfilecon) diff --git a/libselinux/src/getpeercon.c b/libselinux/src/getpeercon.c new file mode 100644 index 00000000..5c01ed50 --- /dev/null +++ b/libselinux/src/getpeercon.c @@ -0,0 +1,61 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/socket.h> +#include "selinux_internal.h" +#include "policy.h" + +#ifndef SO_PEERSEC +#define SO_PEERSEC 31 +#endif + +int getpeercon_raw(int fd, security_context_t * context) +{ + char *buf; + socklen_t size; + ssize_t ret; + + size = INITCONTEXTLEN + 1; + buf = malloc(size); + if (!buf) + return -1; + memset(buf, 0, size); + + ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &size); + if (ret < 0 && errno == ERANGE) { + char *newbuf; + + newbuf = realloc(buf, size); + if (!newbuf) + goto out; + + buf = newbuf; + memset(buf, 0, size); + ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &size); + } + out: + if (ret < 0) + free(buf); + else + *context = buf; + return ret; +} + +hidden_def(getpeercon_raw) + +int getpeercon(int fd, security_context_t * context) +{ + int ret; + security_context_t rcontext; + + ret = getpeercon_raw(fd, &rcontext); + + if (!ret) { + ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); + } + + return ret; +} diff --git a/libselinux/src/init.c b/libselinux/src/init.c new file mode 100644 index 00000000..9cdbb06e --- /dev/null +++ b/libselinux/src/init.c @@ -0,0 +1,128 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <ctype.h> +#include <stdio.h> +#include <stdio_ext.h> +#include <dlfcn.h> +#include <sys/vfs.h> +#include <stdint.h> +#include <limits.h> + +#include "dso.h" +#include "policy.h" +#include "selinux_internal.h" +#include "setrans_internal.h" + +char *selinux_mnt = NULL; +int selinux_page_size = 0; +int obj_class_compat = 1; + +static void init_selinuxmnt(void) +{ + char *buf=NULL, *p; + FILE *fp; + struct statfs sfbuf; + int rc; + size_t len; + ssize_t num; + + if (selinux_mnt) + return; + + /* We check to see if the preferred mount point for selinux file + * system has a selinuxfs. */ + do { + rc = statfs(SELINUXMNT, &sfbuf); + } while (rc < 0 && errno == EINTR); + if (rc == 0) { + if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) { + selinux_mnt = strdup(SELINUXMNT); + return; + } + } + + /* At this point, the usual spot doesn't have an selinuxfs so + * we look around for it */ + fp = fopen("/proc/mounts", "r"); + if (!fp) + return; + + __fsetlocking(fp, FSETLOCKING_BYCALLER); + while ((num = getline(&buf, &len, fp)) != -1) { + char *tmp; + p = strchr(buf, ' '); + if (!p) + goto out; + p++; + tmp = strchr(p, ' '); + if (!tmp) + goto out; + if (!strncmp(tmp + 1, "selinuxfs ", 10)) { + *tmp = '\0'; + break; + } + } + + /* If we found something, dup it */ + if (num > 0) + selinux_mnt = strdup(p); + + out: + free(buf); + fclose(fp); + return; +} + +static void fini_selinuxmnt(void) +{ + free(selinux_mnt); + selinux_mnt = NULL; +} + +void set_selinuxmnt(char *mnt) +{ + selinux_mnt = strdup(mnt); +} + +hidden_def(set_selinuxmnt) + +static void init_obj_class_compat(void) +{ + char path[PATH_MAX]; + struct stat s; + + if (!selinux_mnt) + return; + + snprintf(path,PATH_MAX,"%s/class",selinux_mnt); + if (stat(path,&s) < 0) + return; + + if (S_ISDIR(s.st_mode)) + obj_class_compat = 0; +} + +static void fini_obj_class_compat(void) +{ + obj_class_compat = 1; +} + +static void init_lib(void) __attribute__ ((constructor)); +static void init_lib(void) +{ + selinux_page_size = sysconf(_SC_PAGE_SIZE); + init_selinuxmnt(); + init_obj_class_compat(); + init_context_translations(); +} + +static void fini_lib(void) __attribute__ ((destructor)); +static void fini_lib(void) +{ + fini_selinuxmnt(); + fini_obj_class_compat(); + fini_context_translations(); +} diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c new file mode 100644 index 00000000..67854050 --- /dev/null +++ b/libselinux/src/is_customizable_type.c @@ -0,0 +1,93 @@ +#include <unistd.h> +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <ctype.h> +#include <pwd.h> +#include <limits.h> +#include "selinux_internal.h" +#include "context_internal.h" + +static int get_customizable_type_list(security_context_t ** retlist) +{ + FILE *fp; + char *buf; + unsigned int ctr = 0, i; + security_context_t *list = NULL; + + fp = fopen(selinux_customizable_types_path(), "r"); + if (!fp) + return -1; + + buf = malloc(selinux_page_size); + if (!buf) { + fclose(fp); + return -1; + } + while (fgets_unlocked(buf, selinux_page_size, fp) && ctr < UINT_MAX) { + ctr++; + } + rewind(fp); + if (ctr) { + list = + (security_context_t *) calloc(sizeof(security_context_t), + ctr + 1); + if (list) { + i = 0; + while (fgets_unlocked(buf, selinux_page_size, fp) + && i < ctr) { + buf[strlen(buf) - 1] = 0; + list[i] = (security_context_t) strdup(buf); + if (!list[i]) { + unsigned int j; + for (j = 0; j < i; j++) + free(list[j]); + free(list); + list = NULL; + break; + } + i++; + } + } + } + fclose(fp); + free(buf); + if (!list) + return -1; + *retlist = list; + return 0; +} + +static security_context_t *customizable_list = NULL; + +int is_context_customizable(security_context_t scontext) +{ + int i; + const char *type; + context_t c; + + if (!customizable_list) { + if (get_customizable_type_list(&customizable_list) != 0) + return -1; + } + + c = context_new(scontext); + if (!c) + return -1; + + type = context_type_get(c); + if (!type) { + context_free(c); + return -1; + } + + for (i = 0; customizable_list[i]; i++) { + if (strcmp(customizable_list[i], type) == 0) { + context_free(c); + return 1; + } + } + context_free(c); + return 0; +} diff --git a/libselinux/src/label.c b/libselinux/src/label.c new file mode 100644 index 00000000..f7418d63 --- /dev/null +++ b/libselinux/src/label.c @@ -0,0 +1,140 @@ +/* + * Generalized labeling frontend for userspace object managers. + * + * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> + */ + +#include <sys/types.h> +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "callbacks.h" +#include "label_internal.h" + +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + +typedef int (*selabel_initfunc)(struct selabel_handle *rec, + struct selinux_opt *opts, unsigned nopts); + +static selabel_initfunc initfuncs[] = { + &selabel_file_init, + &selabel_media_init, + &selabel_x_init +}; + +/* + * Validation functions + */ + +static inline int selabel_is_validate_set(struct selinux_opt *opts, unsigned n) +{ + while (n--) + if (opts[n].type == SELABEL_OPT_VALIDATE) + return !!opts[n].value; + + return 0; +} + +int selabel_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts) +{ + int rc = 0; + + if (!rec->validating || contexts->validated) + goto out; + + rc = selinux_validate(&contexts->ctx_raw); + if (rc < 0) + goto out; + + contexts->validated = 1; +out: + return rc; +} + +/* + * Public API + */ + +struct selabel_handle *selabel_open(unsigned int backend, + struct selinux_opt *opts, unsigned nopts) +{ + struct selabel_handle *rec = NULL; + + if (backend >= ARRAY_SIZE(initfuncs)) { + errno = EINVAL; + goto out; + } + + rec = (struct selabel_handle *)malloc(sizeof(*rec)); + if (!rec) + goto out; + + memset(rec, 0, sizeof(*rec)); + rec->backend = backend; + rec->validating = selabel_is_validate_set(opts, nopts); + + if ((*initfuncs[backend])(rec, opts, nopts)) { + free(rec); + rec = NULL; + } + +out: + return rec; +} + +static struct selabel_lookup_rec * +selabel_lookup_common(struct selabel_handle *rec, int translating, + const char *key, int type) +{ + struct selabel_lookup_rec *lr = rec->func_lookup(rec, key, type); + if (!lr) + return NULL; + + if (compat_validate(rec, lr, "file_contexts", 0)) + return NULL; + + if (translating && !lr->ctx_trans && + selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans)) + return NULL; + + return lr; +} + +int selabel_lookup(struct selabel_handle *rec, security_context_t *con, + const char *key, int type) +{ + struct selabel_lookup_rec *lr; + + lr = selabel_lookup_common(rec, 1, key, type); + if (!lr) + return -1; + + *con = strdup(lr->ctx_trans); + return *con ? 0 : -1; +} + +int selabel_lookup_raw(struct selabel_handle *rec, security_context_t *con, + const char *key, int type) +{ + struct selabel_lookup_rec *lr; + + lr = selabel_lookup_common(rec, 0, key, type); + if (!lr) + return -1; + + *con = strdup(lr->ctx_raw); + return *con ? 0 : -1; +} + +void selabel_close(struct selabel_handle *rec) +{ + rec->func_close(rec); + free(rec); +} + +void selabel_stats(struct selabel_handle *rec) +{ + rec->func_stats(rec); +} diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c new file mode 100644 index 00000000..5043f09d --- /dev/null +++ b/libselinux/src/label_file.c @@ -0,0 +1,672 @@ +/* + * File contexts backend for labeling system + * + * Author : Eamon Walsh <ewalsh@tycho.nsa.gov> + * Author : Stephen Smalley <sds@tycho.nsa.gov> + * + * This library derived in part from setfiles and the setfiles.pl script + * developed by Secure Computing Corporation. + */ + +#include <fcntl.h> +#include <stdarg.h> +#include <string.h> +#include <stdio.h> +#include <stdio_ext.h> +#include <ctype.h> +#include <errno.h> +#include <limits.h> +#include <regex.h> +#include "callbacks.h" +#include "label_internal.h" + +/* + * Internals, mostly moved over from matchpathcon.c + */ + +/* A file security context specification. */ +typedef struct spec { + struct selabel_lookup_rec lr; /* holds contexts for lookup result */ + char *regex_str; /* regular expession string for diagnostics */ + char *type_str; /* type string for diagnostic messages */ + regex_t regex; /* compiled regular expression */ + char regcomp; /* regex_str has been compiled to regex */ + mode_t mode; /* mode format value */ + int matches; /* number of matching pathnames */ + int hasMetaChars; /* regular expression has meta-chars */ + int stem_id; /* indicates which stem-compression item */ +} spec_t; + +/* A regular expression stem */ +typedef struct stem { + char *buf; + int len; +} stem_t; + +/* Our stored configuration */ +struct saved_data { + /* + * The array of specifications, initially in the same order as in + * the specification file. Sorting occurs based on hasMetaChars. + */ + spec_t *spec_arr; + unsigned int nspec; + unsigned int ncomp; + + /* + * The array of regular expression stems. + */ + stem_t *stem_arr; + int num_stems; + int alloc_stems; +}; + +/* Return the length of the text that can be considered the stem, returns 0 + * if there is no identifiable stem */ +static int get_stem_from_spec(const char *const buf) +{ + const char *tmp = strchr(buf + 1, '/'); + const char *ind; + + if (!tmp) + return 0; + + for (ind = buf; ind < tmp; ind++) { + if (strchr(".^$?*+|[({", (int)*ind)) + return 0; + } + return tmp - buf; +} + +/* return the length of the text that is the stem of a file name */ +static int get_stem_from_file_name(const char *const buf) +{ + const char *tmp = strchr(buf + 1, '/'); + + if (!tmp) + return 0; + return tmp - buf; +} + +/* find the stem of a file spec, returns the index into stem_arr for a new + * or existing stem, (or -1 if there is no possible stem - IE for a file in + * the root directory or a regex that is too complex for us). */ +static int find_stem_from_spec(struct saved_data *data, const char *buf) +{ + int i, num = data->num_stems; + int stem_len = get_stem_from_spec(buf); + + if (!stem_len) + return -1; + for (i = 0; i < num; i++) { + if (stem_len == data->stem_arr[i].len + && !strncmp(buf, data->stem_arr[i].buf, stem_len)) + return i; + } + if (data->alloc_stems == num) { + stem_t *tmp_arr; + data->alloc_stems = data->alloc_stems * 2 + 16; + tmp_arr = realloc(data->stem_arr, + sizeof(stem_t) * data->alloc_stems); + if (!tmp_arr) + return -1; + data->stem_arr = tmp_arr; + } + data->stem_arr[num].len = stem_len; + data->stem_arr[num].buf = malloc(stem_len + 1); + if (!data->stem_arr[num].buf) + return -1; + memcpy(data->stem_arr[num].buf, buf, stem_len); + data->stem_arr[num].buf[stem_len] = '\0'; + data->num_stems++; + buf += stem_len; + return num; +} + +/* find the stem of a file name, returns the index into stem_arr (or -1 if + * there is no match - IE for a file in the root directory or a regex that is + * too complex for us). Makes buf point to the text AFTER the stem. */ +static int find_stem_from_file(struct saved_data *data, const char **buf) +{ + int i; + int stem_len = get_stem_from_file_name(*buf); + + if (!stem_len) + return -1; + for (i = 0; i < data->num_stems; i++) { + if (stem_len == data->stem_arr[i].len + && !strncmp(*buf, data->stem_arr[i].buf, stem_len)) { + *buf += stem_len; + return i; + } + } + return -1; +} + +/* + * Warn about duplicate specifications. + */ +static int nodups_specs(struct saved_data *data, const char *path) +{ + int rc = 0; + unsigned int ii, jj; + struct spec *curr_spec, *spec_arr = data->spec_arr; + + for (ii = 0; ii < data->nspec; ii++) { + curr_spec = &spec_arr[ii]; + for (jj = ii + 1; jj < data->nspec; jj++) { + if ((!strcmp + (spec_arr[jj].regex_str, curr_spec->regex_str)) + && (!spec_arr[jj].mode || !curr_spec->mode + || spec_arr[jj].mode == curr_spec->mode)) { + rc = -1; + errno = EINVAL; + if (strcmp + (spec_arr[jj].lr.ctx_raw, + curr_spec->lr.ctx_raw)) { + COMPAT_LOG + (SELINUX_ERROR, + "%s: Multiple different specifications for %s (%s and %s).\n", + path, curr_spec->regex_str, + spec_arr[jj].lr.ctx_raw, + curr_spec->lr.ctx_raw); + } else { + COMPAT_LOG + (SELINUX_ERROR, + "%s: Multiple same specifications for %s.\n", + path, curr_spec->regex_str); + } + } + } + } + return rc; +} + +/* Determine if the regular expression specification has any meta characters. */ +static void spec_hasMetaChars(struct spec *spec) +{ + char *c; + int len; + char *end; + + c = spec->regex_str; + len = strlen(spec->regex_str); + end = c + len; + + spec->hasMetaChars = 0; + + /* Look at each character in the RE specification string for a + * meta character. Return when any meta character reached. */ + while (c != end) { + switch (*c) { + case '.': + case '^': + case '$': + case '?': + case '*': + case '+': + case '|': + case '[': + case '(': + case '{': + spec->hasMetaChars = 1; + return; + case '\\': /* skip the next character */ + c++; + break; + default: + break; + + } + c++; + } + return; +} + +static int compile_regex(struct saved_data *data, spec_t *spec, char **errbuf) +{ + char *reg_buf, *anchored_regex, *cp; + stem_t *stem_arr = data->stem_arr; + size_t len; + int regerr; + + if (spec->regcomp) + return 0; /* already done */ + + data->ncomp++; /* how many compiled regexes required */ + + /* Skip the fixed stem. */ + reg_buf = spec->regex_str; + if (spec->stem_id >= 0) + reg_buf += stem_arr[spec->stem_id].len; + + /* Anchor the regular expression. */ + len = strlen(reg_buf); + cp = anchored_regex = malloc(len + 3); + if (!anchored_regex) + return -1; + /* Create ^...$ regexp. */ + *cp++ = '^'; + cp = mempcpy(cp, reg_buf, len); + *cp++ = '$'; + *cp = '\0'; + + /* Compile the regular expression. */ + regerr = regcomp(&spec->regex, anchored_regex, + REG_EXTENDED | REG_NOSUB); + if (regerr != 0) { + size_t errsz = 0; + errsz = regerror(regerr, &spec->regex, NULL, 0); + if (errsz && errbuf) + *errbuf = malloc(errsz); + if (errbuf && *errbuf) + (void)regerror(regerr, &spec->regex, + *errbuf, errsz); + + free(anchored_regex); + return -1; + } + free(anchored_regex); + + /* Done. */ + spec->regcomp = 1; + + return 0; +} + + +static int process_line(struct selabel_handle *rec, + const char *path, const char *prefix, + char *line_buf, int pass, unsigned lineno) +{ + int items, len; + char *buf_p, *regex, *type, *context; + struct saved_data *data = (struct saved_data *)rec->data; + spec_t *spec_arr = data->spec_arr; + unsigned int nspec = data->nspec; + + len = strlen(line_buf); + if (line_buf[len - 1] == '\n') + line_buf[len - 1] = 0; + buf_p = line_buf; + while (isspace(*buf_p)) + buf_p++; + /* Skip comment lines and empty lines. */ + if (*buf_p == '#' || *buf_p == 0) + return 0; + items = sscanf(line_buf, "%as %as %as", ®ex, &type, &context); + if (items < 2) { + COMPAT_LOG(SELINUX_WARNING, + "%s: line %d is missing fields, skipping\n", path, + lineno); + return 0; + } else if (items == 2) { + /* The type field is optional. */ + free(context); + context = type; + type = 0; + } + + len = get_stem_from_spec(regex); + if (len && prefix && strncmp(prefix, regex, len)) { + /* Stem of regex does not match requested prefix, discard. */ + free(regex); + free(type); + free(context); + return 0; + } + + if (pass == 1) { + /* On the second pass, process and store the specification in spec. */ + char *errbuf = NULL; + spec_arr[nspec].stem_id = find_stem_from_spec(data, regex); + spec_arr[nspec].regex_str = regex; + if (rec->validating && compile_regex(data, &spec_arr[nspec], &errbuf)) { + COMPAT_LOG(SELINUX_WARNING, + "%s: line %d has invalid regex %s: %s\n", + path, lineno, regex, + (errbuf ? errbuf : "out of memory")); + } + + /* Convert the type string to a mode format */ + spec_arr[nspec].type_str = type; + spec_arr[nspec].mode = 0; + if (!type) + goto skip_type; + len = strlen(type); + if (type[0] != '-' || len != 2) { + COMPAT_LOG(SELINUX_WARNING, + "%s: line %d has invalid file type %s\n", + path, lineno, type); + return 0; + } + switch (type[1]) { + case 'b': + spec_arr[nspec].mode = S_IFBLK; + break; + case 'c': + spec_arr[nspec].mode = S_IFCHR; + break; + case 'd': + spec_arr[nspec].mode = S_IFDIR; + break; + case 'p': + spec_arr[nspec].mode = S_IFIFO; + break; + case 'l': + spec_arr[nspec].mode = S_IFLNK; + break; + case 's': + spec_arr[nspec].mode = S_IFSOCK; + break; + case '-': + spec_arr[nspec].mode = S_IFREG; + break; + default: + COMPAT_LOG(SELINUX_WARNING, + "%s: line %d has invalid file type %s\n", + path, lineno, type); + return 0; + } + + skip_type: + spec_arr[nspec].lr.ctx_raw = context; + + /* Determine if specification has + * any meta characters in the RE */ + spec_hasMetaChars(&spec_arr[nspec]); + + if (strcmp(context, "<<none>>") && rec->validating) + compat_validate(rec, &spec_arr[nspec].lr, path, lineno); + } + + data->nspec = ++nspec; + if (pass == 0) { + free(regex); + if (type) + free(type); + free(context); + } + return 0; +} + +static int init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned n) +{ + struct saved_data *data = (struct saved_data *)rec->data; + const char *path = NULL; + const char *prefix = NULL; + FILE *fp; + FILE *localfp = NULL; + FILE *homedirfp = NULL; + char local_path[PATH_MAX + 1]; + char homedir_path[PATH_MAX + 1]; + char *line_buf = NULL; + size_t line_len = 0; + unsigned int lineno, pass, i, j, maxnspec; + spec_t *spec_copy = NULL; + int status = -1, baseonly = 0; + struct stat sb; + + /* Process arguments */ + while (n--) + switch(opts[n].type) { + case SELABEL_OPT_PATH: + path = opts[n].value; + break; + case SELABEL_OPT_SUBSET: + prefix = opts[n].value; + break; + case SELABEL_OPT_BASEONLY: + baseonly = !!opts[n].value; + break; + } + + /* Open the specification file. */ + if (!path) + path = selinux_file_context_path(); + if ((fp = fopen(path, "r")) == NULL) + return -1; + __fsetlocking(fp, FSETLOCKING_BYCALLER); + + if (fstat(fileno(fp), &sb) < 0) + return -1; + if (!S_ISREG(sb.st_mode)) { + errno = EINVAL; + return -1; + } + + if (!baseonly) { + snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs", + path); + homedirfp = fopen(homedir_path, "r"); + if (homedirfp != NULL) + __fsetlocking(homedirfp, FSETLOCKING_BYCALLER); + + snprintf(local_path, sizeof(local_path), "%s.local", path); + localfp = fopen(local_path, "r"); + if (localfp != NULL) + __fsetlocking(localfp, FSETLOCKING_BYCALLER); + } + + /* + * Perform two passes over the specification file. + * The first pass counts the number of specifications and + * performs simple validation of the input. At the end + * of the first pass, the spec array is allocated. + * The second pass performs detailed validation of the input + * and fills in the spec array. + */ + maxnspec = UINT_MAX / sizeof(spec_t); + for (pass = 0; pass < 2; pass++) { + lineno = 0; + data->nspec = 0; + data->ncomp = 0; + while (getline(&line_buf, &line_len, fp) > 0 + && data->nspec < maxnspec) { + if (process_line(rec, path, prefix, line_buf, + pass, ++lineno) != 0) + goto finish; + } + if (pass == 1) { + status = nodups_specs(data, path); + if (status) + goto finish; + } + lineno = 0; + if (homedirfp) + while (getline(&line_buf, &line_len, homedirfp) > 0 + && data->nspec < maxnspec) { + if (process_line + (rec, homedir_path, prefix, + line_buf, pass, ++lineno) != 0) + goto finish; + } + + lineno = 0; + if (localfp) + while (getline(&line_buf, &line_len, localfp) > 0 + && data->nspec < maxnspec) { + if (process_line + (rec, local_path, prefix, line_buf, + pass, ++lineno) != 0) + goto finish; + } + + if (pass == 0) { + if (data->nspec == 0) { + status = 0; + goto finish; + } + if (NULL == (data->spec_arr = + malloc(sizeof(spec_t) * data->nspec))) + goto finish; + memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec); + maxnspec = data->nspec; + rewind(fp); + if (homedirfp) + rewind(homedirfp); + if (localfp) + rewind(localfp); + } + } + free(line_buf); + + /* Move exact pathname specifications to the end. */ + spec_copy = malloc(sizeof(spec_t) * data->nspec); + if (!spec_copy) + goto finish; + j = 0; + for (i = 0; i < data->nspec; i++) + if (data->spec_arr[i].hasMetaChars) + memcpy(&spec_copy[j++], + &data->spec_arr[i], sizeof(spec_t)); + for (i = 0; i < data->nspec; i++) + if (!data->spec_arr[i].hasMetaChars) + memcpy(&spec_copy[j++], + &data->spec_arr[i], sizeof(spec_t)); + free(data->spec_arr); + data->spec_arr = spec_copy; + + status = 0; +finish: + fclose(fp); + if (data->spec_arr != spec_copy) + free(data->spec_arr); + if (homedirfp) + fclose(homedirfp); + if (localfp) + fclose(localfp); + return status; +} + +/* + * Backend interface routines + */ +static void close(struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + struct spec *spec; + struct stem *stem; + unsigned int i; + + for (i = 0; i < data->nspec; i++) { + spec = &data->spec_arr[i]; + free(spec->regex_str); + free(spec->type_str); + free(spec->lr.ctx_raw); + free(spec->lr.ctx_trans); + regfree(&spec->regex); + } + + for (i = 0; i < (unsigned int)data->num_stems; i++) { + stem = &data->stem_arr[i]; + free(stem->buf); + } + + if (data->spec_arr) + free(data->spec_arr); + if (data->stem_arr) + free(data->stem_arr); + + free(data); +} + +static struct selabel_lookup_rec *lookup(struct selabel_handle *rec, + const char *key, int type) +{ + struct saved_data *data = (struct saved_data *)rec->data; + spec_t *spec_arr = data->spec_arr; + int i, rc, file_stem; + mode_t mode = (mode_t)type; + const char *buf = key; + + if (!data->nspec) { + errno = ENOENT; + return NULL; + } + + file_stem = find_stem_from_file(data, &buf); + mode &= S_IFMT; + + /* + * Check for matching specifications in reverse order, so that + * the last matching specification is used. + */ + for (i = data->nspec - 1; i >= 0; i--) { + /* if the spec in question matches no stem or has the same + * stem as the file AND if the spec in question has no mode + * specified or if the mode matches the file mode then we do + * a regex check */ + if ((spec_arr[i].stem_id == -1 + || spec_arr[i].stem_id == file_stem) + && (!mode || !spec_arr[i].mode + || mode == spec_arr[i].mode)) { + if (compile_regex(data, &spec_arr[i], NULL) < 0) + return NULL; + if (spec_arr[i].stem_id == -1) + rc = regexec(&spec_arr[i].regex, key, 0, 0, 0); + else + rc = regexec(&spec_arr[i].regex, buf, 0, 0, 0); + + if (rc == 0) { + spec_arr[i].matches++; + break; + } + if (rc == REG_NOMATCH) + continue; + /* else it's an error */ + return NULL; + } + } + + if (i < 0 || strcmp(spec_arr[i].lr.ctx_raw, "<<none>>") == 0) { + /* No matching specification. */ + errno = ENOENT; + return NULL; + } + + return &spec_arr[i].lr; +} + +static void stats(struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + unsigned int i, nspec = data->nspec; + spec_t *spec_arr = data->spec_arr; + + for (i = 0; i < nspec; i++) { + if (spec_arr[i].matches == 0) { + if (spec_arr[i].type_str) { + COMPAT_LOG(SELINUX_WARNING, + "Warning! No matches for (%s, %s, %s)\n", + spec_arr[i].regex_str, + spec_arr[i].type_str, + spec_arr[i].lr.ctx_raw); + } else { + COMPAT_LOG(SELINUX_WARNING, + "Warning! No matches for (%s, %s)\n", + spec_arr[i].regex_str, + spec_arr[i].lr.ctx_raw); + } + } + } +} + +int selabel_file_init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned nopts) +{ + struct saved_data *data; + + data = (struct saved_data *)malloc(sizeof(*data)); + if (!data) + return -1; + memset(data, 0, sizeof(*data)); + + rec->data = data; + rec->func_close = &close; + rec->func_stats = &stats; + rec->func_lookup = &lookup; + + return init(rec, opts, nopts); +} diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h new file mode 100644 index 00000000..27a1f06a --- /dev/null +++ b/libselinux/src/label_internal.h @@ -0,0 +1,75 @@ +/* + * This file describes the internal interface used by the labeler + * for calling the user-supplied memory allocation, validation, + * and locking routine. + * + * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil> + */ +#ifndef _SELABEL_INTERNAL_H_ +#define _SELABEL_INTERNAL_H_ + +#include <stdlib.h> +#include <stdarg.h> +#include <selinux/selinux.h> +#include <selinux/label.h> +#include "dso.h" + +/* + * Installed backends + */ +int selabel_file_init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned nopts) hidden; +int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned nopts) hidden; +int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned nopts) hidden; + +/* + * Labeling internal structures + */ +struct selabel_lookup_rec { + security_context_t ctx_raw; + security_context_t ctx_trans; + int validated; +}; + +struct selabel_handle { + /* arguments that were passed to selabel_open */ + unsigned int backend; + int validating; + + /* labeling operations */ + struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h, + const char *key, int type); + void (*func_close) (struct selabel_handle *h); + void (*func_stats) (struct selabel_handle *h); + + /* supports backend-specific state information */ + void *data; +}; + +/* + * Validation function + */ +extern int +selabel_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts) hidden; + +/* + * Compatibility support + */ +extern int myprintf_compat; +extern void __attribute__ ((format(printf, 1, 2))) +(*myprintf) (const char *fmt,...); + +#define COMPAT_LOG(type, fmt...) if (myprintf_compat) \ + myprintf(fmt); \ + else \ + selinux_log(type, fmt); + +extern int +compat_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts, + const char *path, unsigned lineno) hidden; + +#endif /* _SELABEL_INTERNAL_H_ */ diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c new file mode 100644 index 00000000..f8986e4f --- /dev/null +++ b/libselinux/src/label_media.c @@ -0,0 +1,219 @@ +/* + * Media contexts backend for labeling system + * + * Author : Eamon Walsh <ewalsh@tycho.nsa.gov> + */ + +#include <sys/stat.h> +#include <string.h> +#include <stdio.h> +#include <stdio_ext.h> +#include <ctype.h> +#include <errno.h> +#include <limits.h> +#include "callbacks.h" +#include "label_internal.h" + +/* + * Internals + */ + +/* A context specification. */ +typedef struct spec { + struct selabel_lookup_rec lr; /* holds contexts for lookup result */ + char *key; /* key string */ + int matches; /* number of matches made during operation */ +} spec_t; + +struct saved_data { + unsigned int nspec; + spec_t *spec_arr; +}; + +static int process_line(const char *path, char *line_buf, int pass, + unsigned lineno, struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + int items; + char *buf_p; + char *key, *context; + + buf_p = line_buf; + while (isspace(*buf_p)) + buf_p++; + /* Skip comment lines and empty lines. */ + if (*buf_p == '#' || *buf_p == 0) + return 0; + items = sscanf(line_buf, "%as %as ", &key, &context); + if (items < 2) { + selinux_log(SELINUX_WARNING, + "%s: line %d is missing fields, skipping\n", path, + lineno); + if (items == 1) + free(key); + return 0; + } + + if (pass == 1) { + data->spec_arr[data->nspec].key = key; + data->spec_arr[data->nspec].lr.ctx_raw = context; + } + + data->nspec++; + if (pass == 0) { + free(key); + free(context); + } + return 0; +} + +static int init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned n) +{ + FILE *fp; + struct saved_data *data = (struct saved_data *)rec->data; + const char *path = NULL; + char *line_buf = NULL; + size_t line_len = 0; + int status = -1; + unsigned int lineno, pass, maxnspec; + struct stat sb; + + /* Process arguments */ + while (n--) + switch(opts[n].type) { + case SELABEL_OPT_PATH: + path = opts[n].value; + break; + } + + /* Open the specification file. */ + if (!path) + path = selinux_media_context_path(); + if ((fp = fopen(path, "r")) == NULL) + return -1; + __fsetlocking(fp, FSETLOCKING_BYCALLER); + + if (fstat(fileno(fp), &sb) < 0) + return -1; + if (!S_ISREG(sb.st_mode)) { + errno = EINVAL; + return -1; + } + + /* + * Perform two passes over the specification file. + * The first pass counts the number of specifications and + * performs simple validation of the input. At the end + * of the first pass, the spec array is allocated. + * The second pass performs detailed validation of the input + * and fills in the spec array. + */ + maxnspec = UINT_MAX / sizeof(spec_t); + for (pass = 0; pass < 2; pass++) { + lineno = 0; + data->nspec = 0; + while (getline(&line_buf, &line_len, fp) > 0 && + data->nspec < maxnspec) { + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } + lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { + status = 0; + goto finish; + } + data->spec_arr = malloc(sizeof(spec_t)*data->nspec); + if (data->spec_arr == NULL) + goto finish; + memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec); + maxnspec = data->nspec; + rewind(fp); + } + } + free(line_buf); + + status = 0; +finish: + fclose(fp); + return status; +} + +/* + * Backend interface routines + */ +static void close(struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + struct spec *spec, *spec_arr = data->spec_arr; + unsigned int i; + + for (i = 0; i < data->nspec; i++) { + spec = &spec_arr[i]; + free(spec->key); + free(spec->lr.ctx_raw); + free(spec->lr.ctx_trans); + } + + if (spec_arr) + free(spec_arr); + + memset(data, 0, sizeof(*data)); +} + +static struct selabel_lookup_rec *lookup(struct selabel_handle *rec, + const char *key, + int type __attribute__((unused))) +{ + struct saved_data *data = (struct saved_data *)rec->data; + spec_t *spec_arr = data->spec_arr; + unsigned int i; + + for (i = 0; i < data->nspec; i++) { + if (!strncmp(spec_arr[i].key, key, strlen(key) + 1)) + break; + if (!strncmp(spec_arr[i].key, "*", 2)) + break; + } + + if (i >= data->nspec) { + /* No matching specification. */ + errno = ENOENT; + return NULL; + } + + spec_arr[i].matches++; + return &spec_arr[i].lr; +} + +static void stats(struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + unsigned int i, total = 0; + + for (i = 0; i < data->nspec; i++) + total += data->spec_arr[i].matches; + + selinux_log(SELINUX_INFO, "%u entries, %u matches made\n", + data->nspec, total); +} + +int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned nopts) +{ + struct saved_data *data; + + data = (struct saved_data *)malloc(sizeof(*data)); + if (!data) + return -1; + memset(data, 0, sizeof(*data)); + + rec->data = data; + rec->func_close = &close; + rec->func_lookup = &lookup; + rec->func_stats = &stats; + + return init(rec, opts, nopts); +} diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c new file mode 100644 index 00000000..6a190f5a --- /dev/null +++ b/libselinux/src/label_x.c @@ -0,0 +1,246 @@ +/* + * Media contexts backend for X contexts + * + * Author : Eamon Walsh <ewalsh@tycho.nsa.gov> + */ + +#include <sys/stat.h> +#include <string.h> +#include <stdio.h> +#include <stdio_ext.h> +#include <ctype.h> +#include <errno.h> +#include <limits.h> +#include "callbacks.h" +#include "label_internal.h" + +/* + * Internals + */ + +/* A context specification. */ +typedef struct spec { + struct selabel_lookup_rec lr; /* holds contexts for lookup result */ + char *key; /* key string */ + int type; /* type of record (prop, ext, client) */ + int matches; /* number of matches made during operation */ +} spec_t; + +struct saved_data { + unsigned int nspec; + spec_t *spec_arr; +}; + +static int process_line(const char *path, char *line_buf, int pass, + unsigned lineno, struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + int items; + char *buf_p; + char *type, *key, *context; + + buf_p = line_buf; + while (isspace(*buf_p)) + buf_p++; + /* Skip comment lines and empty lines. */ + if (*buf_p == '#' || *buf_p == 0) + return 0; + items = sscanf(line_buf, "%as %as %as ", &type, &key, &context); + if (items < 3) { + selinux_log(SELINUX_WARNING, + "%s: line %d is missing fields, skipping\n", path, + lineno); + if (items > 0) + free(type); + if (items > 1) + free(key); + return 0; + } + + if (pass == 1) { + /* Convert the type string to a mode format */ + if (!strcmp(type, "property")) + data->spec_arr[data->nspec].type = SELABEL_X_PROP; + else if (!strcmp(type, "extension")) + data->spec_arr[data->nspec].type = SELABEL_X_EXT; + else if (!strcmp(type, "client")) + data->spec_arr[data->nspec].type = SELABEL_X_CLIENT; + else if (!strcmp(type, "event")) + data->spec_arr[data->nspec].type = SELABEL_X_EVENT; + else if (!strcmp(type, "selection")) + data->spec_arr[data->nspec].type = SELABEL_X_SELN; + else if (!strcmp(type, "poly_property")) + data->spec_arr[data->nspec].type = SELABEL_X_POLYPROP; + else if (!strcmp(type, "poly_selection")) + data->spec_arr[data->nspec].type = SELABEL_X_POLYSELN; + else { + selinux_log(SELINUX_WARNING, + "%s: line %d has invalid object type %s\n", + path, lineno, type); + return 0; + } + data->spec_arr[data->nspec].key = key; + data->spec_arr[data->nspec].lr.ctx_raw = context; + free(type); + } + + data->nspec++; + if (pass == 0) { + free(type); + free(key); + free(context); + } + return 0; +} + +static int init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned n) +{ + FILE *fp; + struct saved_data *data = (struct saved_data *)rec->data; + const char *path = NULL; + char *line_buf = NULL; + size_t line_len = 0; + int status = -1; + unsigned int lineno, pass, maxnspec; + struct stat sb; + + /* Process arguments */ + while (n--) + switch(opts[n].type) { + case SELABEL_OPT_PATH: + path = opts[n].value; + break; + } + + /* Open the specification file. */ + if (!path) + path = selinux_x_context_path(); + if ((fp = fopen(path, "r")) == NULL) + return -1; + __fsetlocking(fp, FSETLOCKING_BYCALLER); + + if (fstat(fileno(fp), &sb) < 0) + return -1; + if (!S_ISREG(sb.st_mode)) { + errno = EINVAL; + return -1; + } + + /* + * Perform two passes over the specification file. + * The first pass counts the number of specifications and + * performs simple validation of the input. At the end + * of the first pass, the spec array is allocated. + * The second pass performs detailed validation of the input + * and fills in the spec array. + */ + maxnspec = UINT_MAX / sizeof(spec_t); + for (pass = 0; pass < 2; pass++) { + lineno = 0; + data->nspec = 0; + while (getline(&line_buf, &line_len, fp) > 0 && + data->nspec < maxnspec) { + if (process_line(path, line_buf, pass, ++lineno, rec)) + goto finish; + } + lineno = 0; + + if (pass == 0) { + if (data->nspec == 0) { + status = 0; + goto finish; + } + data->spec_arr = malloc(sizeof(spec_t)*data->nspec); + if (data->spec_arr == NULL) + goto finish; + memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec); + maxnspec = data->nspec; + rewind(fp); + } + } + free(line_buf); + + status = 0; +finish: + fclose(fp); + return status; +} + +/* + * Backend interface routines + */ +static void close(struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + struct spec *spec, *spec_arr = data->spec_arr; + unsigned int i; + + for (i = 0; i < data->nspec; i++) { + spec = &spec_arr[i]; + free(spec->key); + free(spec->lr.ctx_raw); + free(spec->lr.ctx_trans); + } + + if (spec_arr) + free(spec_arr); + + memset(data, 0, sizeof(*data)); +} + +static struct selabel_lookup_rec *lookup(struct selabel_handle *rec, + const char *key, int type) +{ + struct saved_data *data = (struct saved_data *)rec->data; + spec_t *spec_arr = data->spec_arr; + unsigned int i; + + for (i = 0; i < data->nspec; i++) { + if (spec_arr[i].type != type) + continue; + if (!strncmp(spec_arr[i].key, "*", 2)) + break; + if (!strncmp(spec_arr[i].key, key, strlen(key) + 1)) + break; + } + + if (i >= data->nspec) { + /* No matching specification. */ + errno = ENOENT; + return NULL; + } + + spec_arr[i].matches++; + return &spec_arr[i].lr; +} + +static void stats(struct selabel_handle *rec) +{ + struct saved_data *data = (struct saved_data *)rec->data; + unsigned int i, total = 0; + + for (i = 0; i < data->nspec; i++) + total += data->spec_arr[i].matches; + + selinux_log(SELINUX_INFO, "%u entries, %u matches made\n", + data->nspec, total); +} + +int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts, + unsigned nopts) +{ + struct saved_data *data; + + data = (struct saved_data *)malloc(sizeof(*data)); + if (!data) + return -1; + memset(data, 0, sizeof(*data)); + + rec->data = data; + rec->func_close = &close; + rec->func_lookup = &lookup; + rec->func_stats = &stats; + + return init(rec, opts, nopts); +} diff --git a/libselinux/src/lgetfilecon.c b/libselinux/src/lgetfilecon.c new file mode 100644 index 00000000..a53f56ee --- /dev/null +++ b/libselinux/src/lgetfilecon.c @@ -0,0 +1,71 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/xattr.h> +#include "selinux_internal.h" +#include "policy.h" + +int lgetfilecon_raw(const char *path, security_context_t * context) +{ + char *buf; + ssize_t size; + ssize_t ret; + + size = INITCONTEXTLEN + 1; + buf = malloc(size); + if (!buf) + return -1; + memset(buf, 0, size); + + ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1); + if (ret < 0 && errno == ERANGE) { + char *newbuf; + + size = lgetxattr(path, XATTR_NAME_SELINUX, NULL, 0); + if (size < 0) + goto out; + + size++; + newbuf = realloc(buf, size); + if (!newbuf) + goto out; + + buf = newbuf; + memset(buf, 0, size); + ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1); + } + out: + if (ret == 0) { + /* Re-map empty attribute values to errors. */ + errno = EOPNOTSUPP; + ret = -1; + } + if (ret < 0) + free(buf); + else + *context = buf; + return ret; +} + +hidden_def(lgetfilecon_raw) + +int lgetfilecon(const char *path, security_context_t * context) +{ + int ret; + security_context_t rcontext; + + *context = NULL; + + ret = lgetfilecon_raw(path, &rcontext); + + if (ret > 0) { + ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); + } + + if (ret >= 0 && *context) + return strlen(*context) + 1; + return ret; +} diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c new file mode 100644 index 00000000..63f66099 --- /dev/null +++ b/libselinux/src/load_policy.c @@ -0,0 +1,431 @@ +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/mman.h> +#include <sys/mount.h> +#include <sys/utsname.h> +#include <fcntl.h> +#include <stdlib.h> +#include <stdio.h> +#include <ctype.h> +#include <string.h> +#include <errno.h> +#include "selinux_internal.h" +#include <sepol/sepol.h> +#include <sepol/policydb.h> +#include <dlfcn.h> +#include "policy.h" +#include <limits.h> + +int security_load_policy(void *data, size_t len) +{ + char path[PATH_MAX]; + int fd, ret; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/load", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + ret = write(fd, data, len); + close(fd); + if (ret < 0) + return -1; + return 0; +} + +hidden_def(security_load_policy) + +int load_setlocaldefs hidden = 1; + +#undef max +#define max(a, b) (((a) > (b)) ? (a) : (b)) + +int selinux_mkload_policy(int preservebools) +{ + int kernvers = security_policyvers(); + int maxvers = kernvers, minvers = DEFAULT_POLICY_VERSION, vers; + int setlocaldefs = load_setlocaldefs; + char path[PATH_MAX], **names; + struct stat sb; + struct utsname uts; + size_t size; + void *map, *data; + int fd, rc = -1, *values, len, i, prot; + sepol_policydb_t *policydb; + sepol_policy_file_t *pf; + int usesepol = 0; + int (*vers_max)(void) = NULL; + int (*vers_min)(void) = NULL; + int (*policy_file_create)(sepol_policy_file_t **) = NULL; + void (*policy_file_free)(sepol_policy_file_t *) = NULL; + void (*policy_file_set_mem)(sepol_policy_file_t *, char*, size_t) = NULL; + int (*policydb_create)(sepol_policydb_t **) = NULL; + void (*policydb_free)(sepol_policydb_t *) = NULL; + int (*policydb_read)(sepol_policydb_t *, sepol_policy_file_t *) = NULL; + int (*policydb_set_vers)(sepol_policydb_t *, unsigned int) = NULL; + int (*policydb_to_image)(sepol_handle_t *, sepol_policydb_t *, void **, size_t *) = NULL; + int (*genbools_array)(void *data, size_t len, char **names, int *values, int nel) = NULL; + int (*genusers)(void *data, size_t len, const char *usersdir, void **newdata, size_t * newlen) = NULL; + int (*genbools)(void *data, size_t len, char *boolpath) = NULL; + +#ifdef SHARED + char *errormsg = NULL; + void *libsepolh = NULL; + libsepolh = dlopen("libsepol.so.1", RTLD_NOW); + if (libsepolh) { + usesepol = 1; + dlerror(); +#define DLERR() if ((errormsg = dlerror())) goto dlclose; + vers_max = dlsym(libsepolh, "sepol_policy_kern_vers_max"); + DLERR(); + vers_min = dlsym(libsepolh, "sepol_policy_kern_vers_min"); + DLERR(); + + policy_file_create = dlsym(libsepolh, "sepol_policy_file_create"); + DLERR(); + policy_file_free = dlsym(libsepolh, "sepol_policy_file_free"); + DLERR(); + policy_file_set_mem = dlsym(libsepolh, "sepol_policy_file_set_mem"); + DLERR(); + policydb_create = dlsym(libsepolh, "sepol_policydb_create"); + DLERR(); + policydb_free = dlsym(libsepolh, "sepol_policydb_free"); + DLERR(); + policydb_read = dlsym(libsepolh, "sepol_policydb_read"); + DLERR(); + policydb_set_vers = dlsym(libsepolh, "sepol_policydb_set_vers"); + DLERR(); + policydb_to_image = dlsym(libsepolh, "sepol_policydb_to_image"); + DLERR(); + genbools_array = dlsym(libsepolh, "sepol_genbools_array"); + DLERR(); + genusers = dlsym(libsepolh, "sepol_genusers"); + DLERR(); + genbools = dlsym(libsepolh, "sepol_genbools"); + DLERR(); + +#undef DLERR + } +#else + usesepol = 1; + vers_max = sepol_policy_kern_vers_max; + vers_min = sepol_policy_kern_vers_min; + policy_file_create = sepol_policy_file_create; + policy_file_free = sepol_policy_file_free; + policy_file_set_mem = sepol_policy_file_set_mem; + policydb_create = sepol_policydb_create; + policydb_free = sepol_policydb_free; + policydb_read = sepol_policydb_read; + policydb_set_vers = sepol_policydb_set_vers; + policydb_to_image = sepol_policydb_to_image; + genbools_array = sepol_genbools_array; + genusers = sepol_genusers; + genbools = sepol_genbools; + +#endif + + /* + * Check whether we need to support local boolean and user definitions. + */ + if (setlocaldefs) { + if (access(selinux_booleans_path(), F_OK) == 0) + goto checkbool; + snprintf(path, sizeof path, "%s.local", selinux_booleans_path()); + if (access(path, F_OK) == 0) + goto checkbool; + snprintf(path, sizeof path, "%s/local.users", selinux_users_path()); + if (access(path, F_OK) == 0) + goto checkbool; + /* No local definition files, so disable setlocaldefs. */ + setlocaldefs = 0; + } + +checkbool: + /* + * As of Linux 2.6.22, the kernel preserves boolean + * values across a reload, so we do not need to + * preserve them in userspace. + */ + if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0) + preservebools = 0; + + if (usesepol) { + maxvers = vers_max(); + minvers = vers_min(); + if (!setlocaldefs && !preservebools) + maxvers = max(kernvers, maxvers); + } + + vers = maxvers; + search: + snprintf(path, sizeof(path), "%s.%d", + selinux_binary_policy_path(), vers); + fd = open(path, O_RDONLY); + while (fd < 0 && errno == ENOENT + && --vers >= minvers) { + /* Check prior versions to see if old policy is available */ + snprintf(path, sizeof(path), "%s.%d", + selinux_binary_policy_path(), vers); + fd = open(path, O_RDONLY); + } + if (fd < 0) { + fprintf(stderr, + "SELinux: Could not open policy file <= %s.%d: %s\n", + selinux_binary_policy_path(), maxvers, strerror(errno)); + goto dlclose; + } + + if (fstat(fd, &sb) < 0) { + fprintf(stderr, + "SELinux: Could not stat policy file %s: %s\n", + path, strerror(errno)); + goto close; + } + + prot = PROT_READ; + if (setlocaldefs || preservebools) + prot |= PROT_WRITE; + + size = sb.st_size; + data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0); + if (map == MAP_FAILED) { + fprintf(stderr, + "SELinux: Could not map policy file %s: %s\n", + path, strerror(errno)); + goto close; + } + + if (vers > kernvers && usesepol) { + /* Need to downgrade to kernel-supported version. */ + if (policy_file_create(&pf)) + goto unmap; + if (policydb_create(&policydb)) { + policy_file_free(pf); + goto unmap; + } + policy_file_set_mem(pf, data, size); + if (policydb_read(policydb, pf)) { + policy_file_free(pf); + policydb_free(policydb); + goto unmap; + } + if (policydb_set_vers(policydb, kernvers) || + policydb_to_image(NULL, policydb, &data, &size)) { + /* Downgrade failed, keep searching. */ + fprintf(stderr, + "SELinux: Could not downgrade policy file %s, searching for an older version.\n", + path); + policy_file_free(pf); + policydb_free(policydb); + munmap(map, sb.st_size); + close(fd); + vers--; + goto search; + } + policy_file_free(pf); + policydb_free(policydb); + } + + if (usesepol) { + if (setlocaldefs) { + void *olddata = data; + size_t oldsize = size; + rc = genusers(olddata, oldsize, selinux_users_path(), + &data, &size); + if (rc < 0) { + /* Fall back to the prior image if genusers failed. */ + data = olddata; + size = oldsize; + rc = 0; + } else { + if (olddata != map) + free(olddata); + } + } + +#ifndef DISABLE_BOOL + if (preservebools) { + rc = security_get_boolean_names(&names, &len); + if (!rc) { + values = malloc(sizeof(int) * len); + if (!values) + goto unmap; + for (i = 0; i < len; i++) + values[i] = + security_get_boolean_active(names[i]); + (void)genbools_array(data, size, names, values, + len); + free(values); + for (i = 0; i < len; i++) + free(names[i]); + free(names); + } + } else if (setlocaldefs) { + (void)genbools(data, size, + (char *)selinux_booleans_path()); + } +#endif + } + + + rc = security_load_policy(data, size); + + if (rc) + fprintf(stderr, + "SELinux: Could not load policy file %s: %s\n", + path, strerror(errno)); + + unmap: + if (data != map) + free(data); + munmap(map, sb.st_size); + close: + close(fd); + dlclose: +#ifdef SHARED + if (errormsg) + fprintf(stderr, "libselinux: %s\n", errormsg); + if (libsepolh) + dlclose(libsepolh); +#endif + return rc; +} + +hidden_def(selinux_mkload_policy) + +/* + * Mount point for selinuxfs. + * This definition is private to the function below. + * Everything else uses the location determined during + * libselinux startup via /proc/mounts (see init_selinuxmnt). + * We only need the hardcoded definition for the initial mount + * required for the initial policy load. + */ +int selinux_init_load_policy(int *enforce) +{ + int rc = 0, orig_enforce = 0, seconfig = -2, secmdline = -1; + FILE *cfg; + char *buf; + + /* + * Reread the selinux configuration in case it has changed. + * Example: Caller has chroot'd and is now loading policy from + * chroot'd environment. + */ + reset_selinux_config(); + + /* + * Get desired mode (disabled, permissive, enforcing) from + * /etc/selinux/config. + */ + selinux_getenforcemode(&seconfig); + + /* Check for an override of the mode via the kernel command line. */ + rc = mount("none", "/proc", "proc", 0, 0); + cfg = fopen("/proc/cmdline", "r"); + if (cfg) { + char *tmp; + buf = malloc(selinux_page_size); + if (!buf) { + fclose(cfg); + return -1; + } + if (fgets(buf, selinux_page_size, cfg) && + (tmp = strstr(buf, "enforcing="))) { + if (tmp == buf || isspace(*(tmp - 1))) { + secmdline = + atoi(tmp + sizeof("enforcing=") - 1); + } + } + fclose(cfg); + free(buf); + } +#define MNT_DETACH 2 + if (rc == 0) + umount2("/proc", MNT_DETACH); + + /* + * Determine the final desired mode. + * Command line argument takes precedence, then config file. + */ + if (secmdline >= 0) + *enforce = secmdline; + else if (seconfig >= 0) + *enforce = seconfig; + else + *enforce = 0; /* unspecified or disabled */ + + /* + * Check for the existence of SELinux via selinuxfs, and + * mount it if present for use in the calls below. + */ + if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) { + if (errno == ENODEV) { + /* + * SELinux was disabled in the kernel, either + * omitted entirely or disabled at boot via selinux=0. + * This takes precedence over any config or + * commandline enforcing setting. + */ + *enforce = 0; + } else { + /* Only emit this error if selinux was not disabled */ + fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno)); + } + + goto noload; + } + set_selinuxmnt(SELINUXMNT); + + /* + * Note: The following code depends on having selinuxfs + * already mounted and selinuxmnt set above. + */ + + if (seconfig == -1) { + /* Runtime disable of SELinux. */ + rc = security_disable(); + if (rc == 0) { + /* Successfully disabled, so umount selinuxfs too. */ + umount(SELINUXMNT); + } + /* + * If we failed to disable, SELinux will still be + * effectively permissive, because no policy is loaded. + * No need to call security_setenforce(0) here. + */ + goto noload; + } + + /* + * If necessary, change the kernel enforcing status to match + * the desired mode. + */ + orig_enforce = rc = security_getenforce(); + if (rc < 0) + goto noload; + if (orig_enforce != *enforce) { + rc = security_setenforce(*enforce); + if (rc < 0) + goto noload; + } + + /* Load the policy. */ + return selinux_mkload_policy(0); + + noload: + /* + * Only return 0 on a successful completion of policy load. + * In any other case, we want to return an error so that init + * knows not to proceed with the re-exec for the domain transition. + * Depending on the *enforce setting, init will halt (> 0) or proceed + * normally (otherwise). + */ + return -1; +} diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c new file mode 100644 index 00000000..844e5c7d --- /dev/null +++ b/libselinux/src/lsetfilecon.c @@ -0,0 +1,31 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/xattr.h> +#include "selinux_internal.h" +#include "policy.h" + +int lsetfilecon_raw(const char *path, security_context_t context) +{ + return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, + 0); +} + +hidden_def(lsetfilecon_raw) + +int lsetfilecon(const char *path, security_context_t context) +{ + int ret; + security_context_t rcontext = context; + + if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = lsetfilecon_raw(path, rcontext); + + freecon(rcontext); + + return ret; +} diff --git a/libselinux/src/mapping.c b/libselinux/src/mapping.c new file mode 100644 index 00000000..f9858ce1 --- /dev/null +++ b/libselinux/src/mapping.c @@ -0,0 +1,195 @@ +/* + * Class and permission mappings. + */ + +#include <errno.h> +#include <stdio.h> +#include <stdlib.h> +#include <stdarg.h> +#include <assert.h> +#include <selinux/selinux.h> +#include <selinux/avc.h> +#include "mapping.h" + +/* + * Class and permission mappings + */ + +struct selinux_mapping { + security_class_t value; /* real, kernel value */ + unsigned num_perms; + access_vector_t perms[sizeof(access_vector_t) * 8]; +}; + +static struct selinux_mapping *current_mapping = NULL; +static security_class_t current_mapping_size = 0; + +/* + * Mapping setting function + */ + +int +selinux_set_mapping(struct security_class_mapping *map) +{ + size_t size = sizeof(struct selinux_mapping); + security_class_t i, j; + unsigned k; + + free(current_mapping); + current_mapping = NULL; + current_mapping_size = 0; + + if (avc_reset() < 0) + goto err; + + /* Find number of classes in the input mapping */ + if (!map) { + errno = EINVAL; + goto err; + } + i = 0; + while (map[i].name) + i++; + + /* Allocate space for the class records, plus one for class zero */ + current_mapping = (struct selinux_mapping *)calloc(++i, size); + if (!current_mapping) + goto err; + + /* Store the raw class and permission values */ + j = 0; + while (map[j].name) { + struct security_class_mapping *p_in = map + (j++); + struct selinux_mapping *p_out = current_mapping + j; + + p_out->value = string_to_security_class(p_in->name); + if (!p_out->value) + goto err2; + + k = 0; + while (p_in->perms && p_in->perms[k]) { + /* An empty permission string skips ahead */ + if (!*p_in->perms[k]) { + k++; + continue; + } + p_out->perms[k] = string_to_av_perm(p_out->value, + p_in->perms[k]); + if (!p_out->perms[k]) + goto err2; + k++; + } + p_out->num_perms = k; + } + + /* Set the mapping size here so the above lookups are "raw" */ + current_mapping_size = i; + return 0; +err2: + free(current_mapping); + current_mapping = NULL; + current_mapping_size = 0; +err: + return -1; +} + +/* + * Get real, kernel values from mapped values + */ + +security_class_t +unmap_class(security_class_t tclass) +{ + if (tclass < current_mapping_size) + return current_mapping[tclass].value; + + assert(current_mapping_size == 0); + return tclass; +} + +access_vector_t +unmap_perm(security_class_t tclass, access_vector_t tperm) +{ + if (tclass < current_mapping_size) { + unsigned i; + access_vector_t kperm = 0; + + for (i=0; i<current_mapping[tclass].num_perms; i++) + if (tperm & (1<<i)) { + assert(current_mapping[tclass].perms[i]); + kperm |= current_mapping[tclass].perms[i]; + tperm &= ~(1<<i); + } + assert(tperm == 0); + return kperm; + } + + assert(current_mapping_size == 0); + return tperm; +} + +/* + * Get mapped values from real, kernel values + */ + +security_class_t +map_class(security_class_t kclass) +{ + security_class_t i; + + for (i=0; i<current_mapping_size; i++) + if (current_mapping[i].value == kclass) + return i; + + assert(current_mapping_size == 0); + return kclass; +} + +access_vector_t +map_perm(security_class_t tclass, access_vector_t kperm) +{ + if (tclass < current_mapping_size) { + unsigned i; + access_vector_t tperm = 0; + + for (i=0; i<current_mapping[tclass].num_perms; i++) + if (kperm & current_mapping[tclass].perms[i]) { + tperm |= 1<<i; + kperm &= ~current_mapping[tclass].perms[i]; + } + assert(kperm == 0); + return tperm; + } + + assert(current_mapping_size == 0); + return kperm; +} + +void +map_decision(security_class_t tclass, struct av_decision *avd) +{ + if (tclass < current_mapping_size) { + unsigned i; + access_vector_t result; + + for (i=0, result=0; i<current_mapping[tclass].num_perms; i++) + if (avd->allowed & current_mapping[tclass].perms[i]) + result |= 1<<i; + avd->allowed = result; + + for (i=0, result=0; i<current_mapping[tclass].num_perms; i++) + if (avd->decided & current_mapping[tclass].perms[i]) + result |= 1<<i; + avd->decided = result; + + for (i=0, result=0; i<current_mapping[tclass].num_perms; i++) + if (avd->auditallow & current_mapping[tclass].perms[i]) + result |= 1<<i; + avd->auditallow = result; + + for (i=0, result=0; i<current_mapping[tclass].num_perms; i++) + if (avd->auditdeny & current_mapping[tclass].perms[i]) + result |= 1<<i; + avd->auditdeny = result; + } +} diff --git a/libselinux/src/mapping.h b/libselinux/src/mapping.h new file mode 100644 index 00000000..b96756b0 --- /dev/null +++ b/libselinux/src/mapping.h @@ -0,0 +1,41 @@ +/* + * This file describes the class and permission mappings used to + * hide the kernel numbers from userspace by allowing userspace object + * managers to specify a list of classes and permissions. + */ +#ifndef _SELINUX_MAPPING_H_ +#define _SELINUX_MAPPING_H_ + +#include <selinux/selinux.h> + +/* + * Get real, kernel values from mapped values + */ + +extern security_class_t +unmap_class(security_class_t tclass); + +extern access_vector_t +unmap_perm(security_class_t tclass, access_vector_t tperm); + +/* + * Get mapped values from real, kernel values + */ + +extern security_class_t +map_class(security_class_t kclass); + +extern access_vector_t +map_perm(security_class_t tclass, access_vector_t kperm); + +extern void +map_decision(security_class_t tclass, struct av_decision *avd); + +/*mapping is not used for embedded build*/ +#ifdef DISABLE_AVC +#define unmap_perm(x,y) y +#define unmap_class(x) x +#define map_decision(x,y) +#endif + +#endif /* _SELINUX_MAPPING_H_ */ diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c new file mode 100644 index 00000000..4b40942c --- /dev/null +++ b/libselinux/src/matchmediacon.c @@ -0,0 +1,66 @@ +#include <unistd.h> +#include <fcntl.h> +#include <sys/stat.h> +#include <string.h> +#include "selinux_internal.h" +#include <stdio.h> +#include <stdlib.h> +#include <ctype.h> +#include <errno.h> +#include <limits.h> +#include <regex.h> +#include <stdarg.h> + +int matchmediacon(const char *media, security_context_t * con) +{ + const char *path = selinux_media_context_path(); + FILE *infile; + char *ptr, *ptr2 = NULL; + int found = 0; + char current_line[PATH_MAX]; + if ((infile = fopen(path, "r")) == NULL) + return -1; + while (!feof_unlocked(infile)) { + if (!fgets_unlocked(current_line, sizeof(current_line), infile)) { + return -1; + } + if (current_line[strlen(current_line) - 1]) + current_line[strlen(current_line) - 1] = 0; + /* Skip leading whitespace before the partial context. */ + ptr = current_line; + while (*ptr && isspace(*ptr)) + ptr++; + + if (!(*ptr)) + continue; + + /* Find the end of the media context. */ + ptr2 = ptr; + while (*ptr2 && !isspace(*ptr2)) + ptr2++; + if (!(*ptr2)) + continue; + + *ptr2++ = 0; + if (strcmp(media, ptr) == 0) { + found = 1; + break; + } + } + if (!found) + return -1; + + /* Skip whitespace. */ + while (*ptr2 && isspace(*ptr2)) + ptr2++; + if (!(*ptr2)) { + return -1; + } + + if (selinux_raw_to_trans_context(ptr2, con)) { + *con = NULL; + return -1; + } + + return 0; +} diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c new file mode 100644 index 00000000..381aedda --- /dev/null +++ b/libselinux/src/matchpathcon.c @@ -0,0 +1,436 @@ +#include <sys/stat.h> +#include <string.h> +#include <errno.h> +#include <stdio.h> +#include "selinux_internal.h" +#include "label_internal.h" +#include "callbacks.h" + +static __thread struct selabel_handle *hnd; + +/* + * An array for mapping integers to contexts + */ +static __thread char **con_array; +static __thread int con_array_size; +static __thread int con_array_used; + +static int add_array_elt(char *con) +{ + if (con_array_size) { + while (con_array_used >= con_array_size) { + con_array_size *= 2; + con_array = (char **)realloc(con_array, sizeof(char*) * + con_array_size); + if (!con_array) { + con_array_size = con_array_used = 0; + return -1; + } + } + } else { + con_array_size = 1000; + con_array = (char **)malloc(sizeof(char*) * con_array_size); + if (!con_array) { + con_array_size = con_array_used = 0; + return -1; + } + } + + con_array[con_array_used] = strdup(con); + if (!con_array[con_array_used]) + return -1; + return con_array_used++; +} + +static void free_array_elts(void) +{ + con_array_size = con_array_used = 0; + free(con_array); + con_array = NULL; +} + +static void +#ifdef __GNUC__ + __attribute__ ((format(printf, 1, 2))) +#endif + default_printf(const char *fmt, ...) +{ + va_list ap; + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); +} + +void +#ifdef __GNUC__ + __attribute__ ((format(printf, 1, 2))) +#endif + (*myprintf) (const char *fmt,...) = &default_printf; +int myprintf_compat = 0; + +void set_matchpathcon_printf(void (*f) (const char *fmt, ...)) +{ + myprintf = f ? f : &default_printf; + myprintf_compat = 1; +} + +static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL; + +void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c)) +{ + myinvalidcon = f; +} + +static int default_canoncon(const char *path, unsigned lineno, char **context) +{ + char *tmpcon; + if (security_canonicalize_context_raw(*context, &tmpcon) < 0) { + if (errno == ENOENT) + return 0; + if (lineno) + myprintf("%s: line %u has invalid context %s\n", path, + lineno, *context); + else + myprintf("%s: invalid context %s\n", path, *context); + return 1; + } + free(*context); + *context = tmpcon; + return 0; +} + +static int (*mycanoncon) (const char *p, unsigned l, char **c) = + NULL; + +void set_matchpathcon_canoncon(int (*f) (const char *p, unsigned l, char **c)) +{ + if (f) + mycanoncon = f; + else + mycanoncon = &default_canoncon; +} + +static __thread struct selinux_opt options[SELABEL_NOPT]; +static __thread int notrans; + +void set_matchpathcon_flags(unsigned int flags) +{ + int i; + memset(options, 0, sizeof(options)); + i = SELABEL_OPT_BASEONLY; + options[i].type = i; + options[i].value = (flags & MATCHPATHCON_BASEONLY) ? (char*)1 : NULL; + i = SELABEL_OPT_VALIDATE; + options[i].type = i; + options[i].value = (flags & MATCHPATHCON_VALIDATE) ? (char*)1 : NULL; + notrans = flags & MATCHPATHCON_NOTRANS; +} + +/* + * An association between an inode and a + * specification. + */ +typedef struct file_spec { + ino_t ino; /* inode number */ + int specind; /* index of specification in spec */ + char *file; /* full pathname for diagnostic messages about conflicts */ + struct file_spec *next; /* next association in hash bucket chain */ +} file_spec_t; + +/* + * The hash table of associations, hashed by inode number. + * Chaining is used for collisions, with elements ordered + * by inode number in each bucket. Each hash bucket has a dummy + * header. + */ +#define HASH_BITS 16 +#define HASH_BUCKETS (1 << HASH_BITS) +#define HASH_MASK (HASH_BUCKETS-1) +static file_spec_t *fl_head; + +/* + * Try to add an association between an inode and + * a specification. If there is already an association + * for the inode and it conflicts with this specification, + * then use the specification that occurs later in the + * specification array. + */ +int matchpathcon_filespec_add(ino_t ino, int specind, const char *file) +{ + file_spec_t *prevfl, *fl; + int h, ret; + struct stat sb; + + if (!fl_head) { + fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS); + if (!fl_head) + goto oom; + memset(fl_head, 0, sizeof(file_spec_t) * HASH_BUCKETS); + } + + h = (ino + (ino >> HASH_BITS)) & HASH_MASK; + for (prevfl = &fl_head[h], fl = fl_head[h].next; fl; + prevfl = fl, fl = fl->next) { + if (ino == fl->ino) { + ret = lstat(fl->file, &sb); + if (ret < 0 || sb.st_ino != ino) { + fl->specind = specind; + free(fl->file); + fl->file = malloc(strlen(file) + 1); + if (!fl->file) + goto oom; + strcpy(fl->file, file); + return fl->specind; + + } + + if (!strcmp(con_array[fl->specind], + con_array[specind])) + return fl->specind; + + myprintf + ("%s: conflicting specifications for %s and %s, using %s.\n", + __FUNCTION__, file, fl->file, + con_array[fl->specind]); + free(fl->file); + fl->file = malloc(strlen(file) + 1); + if (!fl->file) + goto oom; + strcpy(fl->file, file); + return fl->specind; + } + + if (ino > fl->ino) + break; + } + + fl = malloc(sizeof(file_spec_t)); + if (!fl) + goto oom; + fl->ino = ino; + fl->specind = specind; + fl->file = malloc(strlen(file) + 1); + if (!fl->file) + goto oom_freefl; + strcpy(fl->file, file); + fl->next = prevfl->next; + prevfl->next = fl; + return fl->specind; + oom_freefl: + free(fl); + oom: + myprintf("%s: insufficient memory for file label entry for %s\n", + __FUNCTION__, file); + return -1; +} + +/* + * Evaluate the association hash table distribution. + */ +void matchpathcon_filespec_eval(void) +{ + file_spec_t *fl; + int h, used, nel, len, longest; + + if (!fl_head) + return; + + used = 0; + longest = 0; + nel = 0; + for (h = 0; h < HASH_BUCKETS; h++) { + len = 0; + for (fl = fl_head[h].next; fl; fl = fl->next) { + len++; + } + if (len) + used++; + if (len > longest) + longest = len; + nel += len; + } + + myprintf + ("%s: hash table stats: %d elements, %d/%d buckets used, longest chain length %d\n", + __FUNCTION__, nel, used, HASH_BUCKETS, longest); +} + +/* + * Destroy the association hash table. + */ +void matchpathcon_filespec_destroy(void) +{ + file_spec_t *fl, *tmp; + int h; + + free_array_elts(); + + if (!fl_head) + return; + + for (h = 0; h < HASH_BUCKETS; h++) { + fl = fl_head[h].next; + while (fl) { + tmp = fl; + fl = fl->next; + free(tmp->file); + free(tmp); + } + fl_head[h].next = NULL; + } + free(fl_head); + fl_head = NULL; +} + +int matchpathcon_init_prefix(const char *path, const char *subset) +{ + if (!mycanoncon) + mycanoncon = default_canoncon; + + options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET; + options[SELABEL_OPT_SUBSET].value = subset; + options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH; + options[SELABEL_OPT_PATH].value = path; + + hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT); + return hnd ? 0 : -1; +} + +hidden_def(matchpathcon_init_prefix) + +int matchpathcon_init(const char *path) +{ + return matchpathcon_init_prefix(path, NULL); +} + +void matchpathcon_fini(void) +{ + if (hnd) { + selabel_close(hnd); + hnd = NULL; + } +} + +int matchpathcon(const char *name, mode_t mode, security_context_t * con) +{ + if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) + return -1; + + return notrans ? + selabel_lookup_raw(hnd, con, name, mode) : + selabel_lookup(hnd, con, name, mode); +} + +int matchpathcon_index(const char *name, mode_t mode, security_context_t * con) +{ + int i = matchpathcon(name, mode, con); + + if (i < 0) + return -1; + + return add_array_elt(*con); +} + +void matchpathcon_checkmatches(char *str __attribute__((unused))) +{ + selabel_stats(hnd); +} + +/* Compare two contexts to see if their differences are "significant", + * or whether the only difference is in the user. */ +int selinux_file_context_cmp(const security_context_t a, + const security_context_t b) +{ + char *rest_a, *rest_b; /* Rest of the context after the user */ + if (!a && !b) + return 0; + if (!a) + return -1; + if (!b) + return 1; + rest_a = strchr((char *)a, ':'); + rest_b = strchr((char *)b, ':'); + if (!rest_a && !rest_b) + return 0; + if (!rest_a) + return -1; + if (!rest_b) + return 1; + return strcmp(rest_a, rest_b); +} + +int selinux_file_context_verify(const char *path, mode_t mode) +{ + security_context_t con = NULL; + security_context_t fcontext = NULL; + int rc = 0; + + rc = lgetfilecon_raw(path, &con); + if (rc == -1) { + if (errno != ENOTSUP) + return 1; + else + return 0; + } + + if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) + return -1; + + if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) { + if (errno != ENOENT) + rc = 1; + else + rc = 0; + } else + rc = (selinux_file_context_cmp(fcontext, con) == 0); + + freecon(con); + freecon(fcontext); + return rc; +} + +int selinux_lsetfilecon_default(const char *path) +{ + struct stat st; + int rc = -1; + security_context_t scontext = NULL; + if (lstat(path, &st) != 0) + return rc; + + if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)) + return -1; + + /* If there's an error determining the context, or it has none, + return to allow default context */ + if (selabel_lookup_raw(hnd, &scontext, path, st.st_mode)) { + if (errno == ENOENT) + rc = 0; + } else { + rc = lsetfilecon_raw(path, scontext); + freecon(scontext); + } + return rc; +} + +int compat_validate(struct selabel_handle *rec, + struct selabel_lookup_rec *contexts, + const char *path, unsigned lineno) +{ + int rc; + char **ctx = &contexts->ctx_raw; + + if (myinvalidcon) + rc = myinvalidcon(path, lineno, *ctx); + else if (mycanoncon) + rc = mycanoncon(path, lineno, ctx); + else { + rc = selabel_validate(rec, contexts); + if (rc < 0) { + COMPAT_LOG(SELINUX_WARNING, + "%s: line %d has invalid context %s\n", + path, lineno, *ctx); + } + } + + return rc ? -1 : 0; +} diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h new file mode 100644 index 00000000..10e87120 --- /dev/null +++ b/libselinux/src/policy.h @@ -0,0 +1,25 @@ +#ifndef _POLICY_H_ +#define _POLICY_H_ + +/* Private definitions used internally by libselinux. */ + +/* xattr name for SELinux attributes. */ +#define XATTR_NAME_SELINUX "security.selinux" + +/* Initial length guess for getting contexts. */ +#define INITCONTEXTLEN 255 + +/* selinuxfs magic number */ +#define SELINUX_MAGIC 0xf97cff8c + +/* Preferred selinux mount location */ +#define SELINUXMNT "/selinux" + +/* selinuxfs mount point */ +extern char *selinux_mnt; + +#define FILECONTEXTS "/etc/security/selinux/file_contexts" + +#define DEFAULT_POLICY_VERSION 15 + +#endif diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c new file mode 100644 index 00000000..284a7f7f --- /dev/null +++ b/libselinux/src/policyvers.c @@ -0,0 +1,45 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <errno.h> +#include <string.h> +#include "selinux_internal.h" +#include <stdio.h> +#include "policy.h" +#include "dso.h" +#include <limits.h> + +int security_policyvers(void) +{ + int fd, ret; + char path[PATH_MAX]; + char buf[20]; + unsigned vers = DEFAULT_POLICY_VERSION; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/policyvers", selinux_mnt); + fd = open(path, O_RDONLY); + if (fd < 0) { + if (errno == ENOENT) + return vers; + else + return -1; + } + memset(buf, 0, sizeof buf); + ret = read(fd, buf, sizeof buf - 1); + close(fd); + if (ret < 0) + return -1; + + if (sscanf(buf, "%u", &vers) != 1) + return -1; + + return vers; +} + +hidden_def(security_policyvers) diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c new file mode 100644 index 00000000..8f3f4014 --- /dev/null +++ b/libselinux/src/procattr.c @@ -0,0 +1,205 @@ +#include <sys/syscall.h> +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <stdio.h> +#include <errno.h> +#include "selinux_internal.h" +#include "policy.h" + +static pid_t gettid(void) +{ + return syscall(__NR_gettid); +} + +static int getprocattrcon_raw(security_context_t * context, + pid_t pid, const char *attr) +{ + char *path, *buf; + size_t size; + int fd, rc; + ssize_t ret; + pid_t tid; + int errno_hold; + + if (pid > 0) + rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); + else { + tid = gettid(); + rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); + } + if (rc < 0) + return -1; + + fd = open(path, O_RDONLY); + free(path); + if (fd < 0) + return -1; + + size = selinux_page_size; + buf = malloc(size); + if (!buf) { + ret = -1; + goto out; + } + memset(buf, 0, size); + + do { + ret = read(fd, buf, size - 1); + } while (ret < 0 && errno == EINTR); + if (ret < 0) + goto out2; + + if (ret == 0) { + *context = NULL; + goto out2; + } + + *context = strdup(buf); + if (!(*context)) { + ret = -1; + goto out2; + } + ret = 0; + out2: + free(buf); + out: + errno_hold = errno; + close(fd); + errno = errno_hold; + return ret; +} + +static int getprocattrcon(security_context_t * context, + pid_t pid, const char *attr) +{ + int ret; + security_context_t rcontext; + + ret = getprocattrcon_raw(&rcontext, pid, attr); + + if (!ret) { + ret = selinux_raw_to_trans_context(rcontext, context); + freecon(rcontext); + } + + return ret; +} + +static int setprocattrcon_raw(security_context_t context, + pid_t pid, const char *attr) +{ + char *path; + int fd, rc; + pid_t tid; + ssize_t ret; + int errno_hold; + + if (pid > 0) + rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr); + else { + tid = gettid(); + rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr); + } + if (rc < 0) + return -1; + + fd = open(path, O_RDWR); + free(path); + if (fd < 0) + return -1; + if (context) + do { + ret = write(fd, context, strlen(context) + 1); + } while (ret < 0 && errno == EINTR); + else + do { + ret = write(fd, NULL, 0); /* clear */ + } while (ret < 0 && errno == EINTR); + errno_hold = errno; + close(fd); + errno = errno_hold; + if (ret < 0) + return -1; + else + return 0; +} + +static int setprocattrcon(security_context_t context, + pid_t pid, const char *attr) +{ + int ret; + security_context_t rcontext = context; + + if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = setprocattrcon_raw(rcontext, pid, attr); + + freecon(rcontext); + + return ret; +} + +#define getselfattr_def(fn, attr) \ + int get##fn##_raw(security_context_t *c) \ + { \ + return getprocattrcon_raw(c, 0, #attr); \ + } \ + int get##fn(security_context_t *c) \ + { \ + return getprocattrcon(c, 0, #attr); \ + } + +#define setselfattr_def(fn, attr) \ + int set##fn##_raw(security_context_t c) \ + { \ + return setprocattrcon_raw(c, 0, #attr); \ + } \ + int set##fn(security_context_t c) \ + { \ + return setprocattrcon(c, 0, #attr); \ + } + +#define all_selfattr_def(fn, attr) \ + getselfattr_def(fn, attr) \ + setselfattr_def(fn, attr) + +#define getpidattr_def(fn, attr) \ + int get##fn##_raw(pid_t pid, security_context_t *c) \ + { \ + return getprocattrcon_raw(c, pid, #attr); \ + } \ + int get##fn(pid_t pid, security_context_t *c) \ + { \ + return getprocattrcon(c, pid, #attr); \ + } + +all_selfattr_def(con, current) + getpidattr_def(pidcon, current) + getselfattr_def(prevcon, prev) + all_selfattr_def(execcon, exec) + all_selfattr_def(fscreatecon, fscreate) + all_selfattr_def(sockcreatecon, sockcreate) + all_selfattr_def(keycreatecon, keycreate) + + hidden_def(getcon_raw) + hidden_def(getcon) + hidden_def(getexeccon_raw) + hidden_def(getfilecon_raw) + hidden_def(getfilecon) + hidden_def(getfscreatecon_raw) + hidden_def(getkeycreatecon_raw) + hidden_def(getpeercon_raw) + hidden_def(getpidcon_raw) + hidden_def(getprevcon_raw) + hidden_def(getprevcon) + hidden_def(getsockcreatecon_raw) + hidden_def(setcon_raw) + hidden_def(setexeccon_raw) + hidden_def(setexeccon) + hidden_def(setfilecon_raw) + hidden_def(setfscreatecon_raw) + hidden_def(setkeycreatecon_raw) + hidden_def(setsockcreatecon_raw) diff --git a/libselinux/src/query_user_context.c b/libselinux/src/query_user_context.c new file mode 100644 index 00000000..dcfc1b0f --- /dev/null +++ b/libselinux/src/query_user_context.c @@ -0,0 +1,180 @@ +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "selinux_internal.h" +#include "context_internal.h" +#include <selinux/get_context_list.h> + +/* context_menu - given a list of contexts, presents a menu of security contexts + * to the user. Returns the number (position in the list) of + * the user selected context. + */ +static int context_menu(security_context_t * list) +{ + int i; /* array index */ + int choice = 0; /* index of the user's choice */ + char response[10]; /* string to hold the user's response */ + + printf("\n\n"); + for (i = 0; list[i]; i++) + printf("[%d] %s\n", i + 1, list[i]); + + while ((choice < 1) || (choice > i)) { + printf("Enter number of choice: "); + fflush(stdin); + if (fgets(response, sizeof(response), stdin) == NULL) + continue; + fflush(stdin); + choice = strtol(response, NULL, 10); + } + + return (choice - 1); +} + +/* query_user_context - given a list of context, allow the user to choose one. The + * default is the first context in the list. Returns 0 on + * success, -1 on failure + */ +int query_user_context(security_context_t * list, security_context_t * usercon) +{ + char response[10]; /* The user's response */ + int choice; /* The index in the list of the sid chosen by + the user */ + + if (!list[0]) + return -1; + + printf("\nYour default context is %s.\n", list[0]); + if (list[1]) { + printf("Do you want to choose a different one? [n]"); + fflush(stdin); + if (fgets(response, sizeof(response), stdin) == NULL) + return -1; + fflush(stdin); + + if ((response[0] == 'y') || (response[0] == 'Y')) { + choice = context_menu(list); + *usercon = strdup(list[choice]); + if (!(*usercon)) + return -1; + return 0; + } + + *usercon = strdup(list[0]); + if (!(*usercon)) + return -1; + } else { + *usercon = strdup(list[0]); + if (!(*usercon)) + return -1; + } + + return 0; +} + +/* get_field - given fieldstr - the "name" of a field, query the user + * and set the new value of the field + */ +static void get_field(const char *fieldstr, char *newfield, int newfieldlen) +{ + int done = 0; /* true if a non-empty field has been obtained */ + + while (!done) { /* Keep going until we get a value for the field */ + printf("\tEnter %s ", fieldstr); + fflush(stdin); + if (fgets(newfield, newfieldlen, stdin) == NULL) + continue; + fflush(stdin); + if (newfield[strlen(newfield) - 1] == '\n') + newfield[strlen(newfield) - 1] = '\0'; + + if (strlen(newfield) == 0) { + printf("You must enter a %s\n", fieldstr); + } else { + done = 1; + } + } +} + +/* manual_user_enter_context - provides a way for a user to manually enter a + * context in case the policy doesn't allow a list + * to be obtained. + * given the userid, queries the user and places the + * context chosen by the user into usercon. Returns 0 + * on success. + */ +int manual_user_enter_context(const char *user, security_context_t * newcon) +{ + char response[10]; /* Used to get yes or no answers from user */ + char role[100]; /* The role requested by the user */ + int rolelen = 100; + char type[100]; /* The type requested by the user */ + int typelen = 100; + char level[100]; /* The level requested by the user */ + int levellen = 100; + int mls_enabled = is_selinux_mls_enabled(); + + context_t new_context; /* The new context chosen by the user */ + char *user_context = NULL; /* String value of the user's context */ + int done = 0; /* true if a valid sid has been obtained */ + + /* Initialize the context. How this is done depends on whether + or not MLS is enabled */ + if (mls_enabled) + new_context = context_new("user:role:type:level"); + else + new_context = context_new("user:role:type"); + + if (!new_context) + return -1; + + while (!done) { + printf("Would you like to enter a security context? [y]"); + if (fgets(response, sizeof(response), stdin) == NULL + || (response[0] == 'n') || (response[0] == 'N')) { + context_free(new_context); + return -1; + } + + /* Allow the user to enter each field of the context individually */ + if (context_user_set(new_context, user)) { + context_free(new_context); + return -1; + } + get_field("role", role, rolelen); + if (context_role_set(new_context, role)) { + context_free(new_context); + return -1; + } + get_field("type", type, typelen); + if (context_type_set(new_context, type)) { + context_free(new_context); + return -1; + } + + if (mls_enabled) { + get_field("level", level, levellen); + if (context_range_set(new_context, level)) { + context_free(new_context); + return -1; + } + } + + /* Get the string value of the context and see if it is valid. */ + user_context = context_str(new_context); + if (!user_context) { + context_free(new_context); + return -1; + } + if (!security_check_context(user_context)) + done = 1; + else + printf("Not a valid security context\n"); + } + + *newcon = strdup(user_context); + context_free(new_context); + if (!(*newcon)) + return -1; + return 0; +} diff --git a/libselinux/src/rpm.c b/libselinux/src/rpm.c new file mode 100644 index 00000000..b89f1bb5 --- /dev/null +++ b/libselinux/src/rpm.c @@ -0,0 +1,58 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <selinux/flask.h> +#include "selinux_internal.h" +#include "context_internal.h" + +int rpm_execcon(unsigned int verified __attribute__ ((unused)), + const char *filename, char *const argv[], char *const envp[]) +{ + security_context_t mycon = NULL, fcon = NULL, newcon = NULL; + context_t con = NULL; + int rc = 0; + + if (is_selinux_enabled() < 1) + return execve(filename, argv, envp); + + rc = getcon(&mycon); + if (rc < 0) + goto out; + + rc = getfilecon(filename, &fcon); + if (rc < 0) + goto out; + + rc = security_compute_create(mycon, fcon, SECCLASS_PROCESS, &newcon); + if (rc < 0) + goto out; + + if (!strcmp(mycon, newcon)) { + /* No default transition, use rpm_script_t for now. */ + rc = -1; + con = context_new(mycon); + if (!con) + goto out; + if (context_type_set(con, "rpm_script_t")) + goto out; + freecon(newcon); + newcon = strdup(context_str(con)); + if (!newcon) + goto out; + rc = 0; + } + + rc = setexeccon(newcon); + if (rc < 0) + goto out; + out: + + if (rc >= 0 || security_getenforce() < 1) + rc = execve(filename, argv, envp); + + context_free(con); + freecon(newcon); + freecon(fcon); + freecon(mycon); + return rc < 0 ? rc : 0; +} diff --git a/libselinux/src/selinux.py b/libselinux/src/selinux.py new file mode 100644 index 00000000..3989922b --- /dev/null +++ b/libselinux/src/selinux.py @@ -0,0 +1,513 @@ +# This file was automatically generated by SWIG (http://www.swig.org). +# Version 1.3.33 +# +# Don't modify this file, modify the SWIG interface instead. +# This file is compatible with both classic and new-style classes. + +import _selinux +import new +new_instancemethod = new.instancemethod +try: + _swig_property = property +except NameError: + pass # Python < 2.2 doesn't have 'property'. +def _swig_setattr_nondynamic(self,class_type,name,value,static=1): + if (name == "thisown"): return self.this.own(value) + if (name == "this"): + if type(value).__name__ == 'PySwigObject': + self.__dict__[name] = value + return + method = class_type.__swig_setmethods__.get(name,None) + if method: return method(self,value) + if (not static) or hasattr(self,name): + self.__dict__[name] = value + else: + raise AttributeError("You cannot add attributes to %s" % self) + +def _swig_setattr(self,class_type,name,value): + return _swig_setattr_nondynamic(self,class_type,name,value,0) + +def _swig_getattr(self,class_type,name): + if (name == "thisown"): return self.this.own() + method = class_type.__swig_getmethods__.get(name,None) + if method: return method(self) + raise AttributeError,name + +def _swig_repr(self): + try: strthis = "proxy of " + self.this.__repr__() + except: strthis = "" + return "<%s.%s; %s >" % (self.__class__.__module__, self.__class__.__name__, strthis,) + +import types +try: + _object = types.ObjectType + _newclass = 1 +except AttributeError: + class _object : pass + _newclass = 0 +del types + + +is_selinux_enabled = _selinux.is_selinux_enabled +is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled +getcon = _selinux.getcon +getcon_raw = _selinux.getcon_raw +setcon = _selinux.setcon +setcon_raw = _selinux.setcon_raw +getpidcon = _selinux.getpidcon +getpidcon_raw = _selinux.getpidcon_raw +getprevcon = _selinux.getprevcon +getprevcon_raw = _selinux.getprevcon_raw +getexeccon = _selinux.getexeccon +getexeccon_raw = _selinux.getexeccon_raw +setexeccon = _selinux.setexeccon +setexeccon_raw = _selinux.setexeccon_raw +getfscreatecon = _selinux.getfscreatecon +getfscreatecon_raw = _selinux.getfscreatecon_raw +setfscreatecon = _selinux.setfscreatecon +setfscreatecon_raw = _selinux.setfscreatecon_raw +getkeycreatecon = _selinux.getkeycreatecon +getkeycreatecon_raw = _selinux.getkeycreatecon_raw +setkeycreatecon = _selinux.setkeycreatecon +setkeycreatecon_raw = _selinux.setkeycreatecon_raw +getsockcreatecon = _selinux.getsockcreatecon +getsockcreatecon_raw = _selinux.getsockcreatecon_raw +setsockcreatecon = _selinux.setsockcreatecon +setsockcreatecon_raw = _selinux.setsockcreatecon_raw +getfilecon = _selinux.getfilecon +getfilecon_raw = _selinux.getfilecon_raw +lgetfilecon = _selinux.lgetfilecon +lgetfilecon_raw = _selinux.lgetfilecon_raw +fgetfilecon = _selinux.fgetfilecon +fgetfilecon_raw = _selinux.fgetfilecon_raw +setfilecon = _selinux.setfilecon +setfilecon_raw = _selinux.setfilecon_raw +lsetfilecon = _selinux.lsetfilecon +lsetfilecon_raw = _selinux.lsetfilecon_raw +fsetfilecon = _selinux.fsetfilecon +fsetfilecon_raw = _selinux.fsetfilecon_raw +getpeercon = _selinux.getpeercon +getpeercon_raw = _selinux.getpeercon_raw +class av_decision(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, av_decision, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, av_decision, name) + __repr__ = _swig_repr + __swig_setmethods__["allowed"] = _selinux.av_decision_allowed_set + __swig_getmethods__["allowed"] = _selinux.av_decision_allowed_get + if _newclass:allowed = _swig_property(_selinux.av_decision_allowed_get, _selinux.av_decision_allowed_set) + __swig_setmethods__["decided"] = _selinux.av_decision_decided_set + __swig_getmethods__["decided"] = _selinux.av_decision_decided_get + if _newclass:decided = _swig_property(_selinux.av_decision_decided_get, _selinux.av_decision_decided_set) + __swig_setmethods__["auditallow"] = _selinux.av_decision_auditallow_set + __swig_getmethods__["auditallow"] = _selinux.av_decision_auditallow_get + if _newclass:auditallow = _swig_property(_selinux.av_decision_auditallow_get, _selinux.av_decision_auditallow_set) + __swig_setmethods__["auditdeny"] = _selinux.av_decision_auditdeny_set + __swig_getmethods__["auditdeny"] = _selinux.av_decision_auditdeny_get + if _newclass:auditdeny = _swig_property(_selinux.av_decision_auditdeny_get, _selinux.av_decision_auditdeny_set) + __swig_setmethods__["seqno"] = _selinux.av_decision_seqno_set + __swig_getmethods__["seqno"] = _selinux.av_decision_seqno_get + if _newclass:seqno = _swig_property(_selinux.av_decision_seqno_get, _selinux.av_decision_seqno_set) + def __init__(self, *args): + this = _selinux.new_av_decision(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_av_decision + __del__ = lambda self : None; +av_decision_swigregister = _selinux.av_decision_swigregister +av_decision_swigregister(av_decision) + +class selinux_opt(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, selinux_opt, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, selinux_opt, name) + __repr__ = _swig_repr + __swig_setmethods__["type"] = _selinux.selinux_opt_type_set + __swig_getmethods__["type"] = _selinux.selinux_opt_type_get + if _newclass:type = _swig_property(_selinux.selinux_opt_type_get, _selinux.selinux_opt_type_set) + __swig_setmethods__["value"] = _selinux.selinux_opt_value_set + __swig_getmethods__["value"] = _selinux.selinux_opt_value_get + if _newclass:value = _swig_property(_selinux.selinux_opt_value_get, _selinux.selinux_opt_value_set) + def __init__(self, *args): + this = _selinux.new_selinux_opt(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_selinux_opt + __del__ = lambda self : None; +selinux_opt_swigregister = _selinux.selinux_opt_swigregister +selinux_opt_swigregister(selinux_opt) + +class selinux_callback(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, selinux_callback, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, selinux_callback, name) + __repr__ = _swig_repr + __swig_setmethods__["func_log"] = _selinux.selinux_callback_func_log_set + __swig_getmethods__["func_log"] = _selinux.selinux_callback_func_log_get + if _newclass:func_log = _swig_property(_selinux.selinux_callback_func_log_get, _selinux.selinux_callback_func_log_set) + __swig_setmethods__["func_audit"] = _selinux.selinux_callback_func_audit_set + __swig_getmethods__["func_audit"] = _selinux.selinux_callback_func_audit_get + if _newclass:func_audit = _swig_property(_selinux.selinux_callback_func_audit_get, _selinux.selinux_callback_func_audit_set) + __swig_setmethods__["func_validate"] = _selinux.selinux_callback_func_validate_set + __swig_getmethods__["func_validate"] = _selinux.selinux_callback_func_validate_get + if _newclass:func_validate = _swig_property(_selinux.selinux_callback_func_validate_get, _selinux.selinux_callback_func_validate_set) + def __init__(self, *args): + this = _selinux.new_selinux_callback(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_selinux_callback + __del__ = lambda self : None; +selinux_callback_swigregister = _selinux.selinux_callback_swigregister +selinux_callback_swigregister(selinux_callback) + +SELINUX_CB_LOG = _selinux.SELINUX_CB_LOG +SELINUX_CB_AUDIT = _selinux.SELINUX_CB_AUDIT +SELINUX_CB_VALIDATE = _selinux.SELINUX_CB_VALIDATE +selinux_get_callback = _selinux.selinux_get_callback +selinux_set_callback = _selinux.selinux_set_callback +SELINUX_ERROR = _selinux.SELINUX_ERROR +SELINUX_WARNING = _selinux.SELINUX_WARNING +SELINUX_INFO = _selinux.SELINUX_INFO +SELINUX_AVC = _selinux.SELINUX_AVC +security_compute_av = _selinux.security_compute_av +security_compute_av_raw = _selinux.security_compute_av_raw +security_compute_create = _selinux.security_compute_create +security_compute_create_raw = _selinux.security_compute_create_raw +security_compute_relabel = _selinux.security_compute_relabel +security_compute_relabel_raw = _selinux.security_compute_relabel_raw +security_compute_member = _selinux.security_compute_member +security_compute_member_raw = _selinux.security_compute_member_raw +security_compute_user = _selinux.security_compute_user +security_compute_user_raw = _selinux.security_compute_user_raw +security_load_policy = _selinux.security_load_policy +security_get_initial_context = _selinux.security_get_initial_context +security_get_initial_context_raw = _selinux.security_get_initial_context_raw +selinux_mkload_policy = _selinux.selinux_mkload_policy +selinux_init_load_policy = _selinux.selinux_init_load_policy +class SELboolean(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, SELboolean, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, SELboolean, name) + __repr__ = _swig_repr + __swig_setmethods__["name"] = _selinux.SELboolean_name_set + __swig_getmethods__["name"] = _selinux.SELboolean_name_get + if _newclass:name = _swig_property(_selinux.SELboolean_name_get, _selinux.SELboolean_name_set) + __swig_setmethods__["value"] = _selinux.SELboolean_value_set + __swig_getmethods__["value"] = _selinux.SELboolean_value_get + if _newclass:value = _swig_property(_selinux.SELboolean_value_get, _selinux.SELboolean_value_set) + def __init__(self, *args): + this = _selinux.new_SELboolean(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_SELboolean + __del__ = lambda self : None; +SELboolean_swigregister = _selinux.SELboolean_swigregister +SELboolean_swigregister(SELboolean) + +security_set_boolean_list = _selinux.security_set_boolean_list +security_load_booleans = _selinux.security_load_booleans +security_check_context = _selinux.security_check_context +security_check_context_raw = _selinux.security_check_context_raw +security_canonicalize_context = _selinux.security_canonicalize_context +security_canonicalize_context_raw = _selinux.security_canonicalize_context_raw +security_getenforce = _selinux.security_getenforce +security_setenforce = _selinux.security_setenforce +security_disable = _selinux.security_disable +security_policyvers = _selinux.security_policyvers +security_get_boolean_names = _selinux.security_get_boolean_names +security_get_boolean_pending = _selinux.security_get_boolean_pending +security_get_boolean_active = _selinux.security_get_boolean_active +security_set_boolean = _selinux.security_set_boolean +security_commit_booleans = _selinux.security_commit_booleans +class security_class_mapping(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, security_class_mapping, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, security_class_mapping, name) + __repr__ = _swig_repr + __swig_setmethods__["name"] = _selinux.security_class_mapping_name_set + __swig_getmethods__["name"] = _selinux.security_class_mapping_name_get + if _newclass:name = _swig_property(_selinux.security_class_mapping_name_get, _selinux.security_class_mapping_name_set) + __swig_setmethods__["perms"] = _selinux.security_class_mapping_perms_set + __swig_getmethods__["perms"] = _selinux.security_class_mapping_perms_get + if _newclass:perms = _swig_property(_selinux.security_class_mapping_perms_get, _selinux.security_class_mapping_perms_set) + def __init__(self, *args): + this = _selinux.new_security_class_mapping(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_security_class_mapping + __del__ = lambda self : None; +security_class_mapping_swigregister = _selinux.security_class_mapping_swigregister +security_class_mapping_swigregister(security_class_mapping) + +selinux_set_mapping = _selinux.selinux_set_mapping +string_to_security_class = _selinux.string_to_security_class +security_class_to_string = _selinux.security_class_to_string +security_av_perm_to_string = _selinux.security_av_perm_to_string +string_to_av_perm = _selinux.string_to_av_perm +security_av_string = _selinux.security_av_string +print_access_vector = _selinux.print_access_vector +MATCHPATHCON_BASEONLY = _selinux.MATCHPATHCON_BASEONLY +MATCHPATHCON_NOTRANS = _selinux.MATCHPATHCON_NOTRANS +MATCHPATHCON_VALIDATE = _selinux.MATCHPATHCON_VALIDATE +set_matchpathcon_flags = _selinux.set_matchpathcon_flags +matchpathcon_init = _selinux.matchpathcon_init +matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix +matchpathcon_fini = _selinux.matchpathcon_fini +matchpathcon = _selinux.matchpathcon +matchpathcon_index = _selinux.matchpathcon_index +matchpathcon_filespec_add = _selinux.matchpathcon_filespec_add +matchpathcon_filespec_destroy = _selinux.matchpathcon_filespec_destroy +matchpathcon_filespec_eval = _selinux.matchpathcon_filespec_eval +matchpathcon_checkmatches = _selinux.matchpathcon_checkmatches +matchmediacon = _selinux.matchmediacon +selinux_getenforcemode = _selinux.selinux_getenforcemode +selinux_getpolicytype = _selinux.selinux_getpolicytype +selinux_policy_root = _selinux.selinux_policy_root +selinux_binary_policy_path = _selinux.selinux_binary_policy_path +selinux_failsafe_context_path = _selinux.selinux_failsafe_context_path +selinux_removable_context_path = _selinux.selinux_removable_context_path +selinux_default_context_path = _selinux.selinux_default_context_path +selinux_user_contexts_path = _selinux.selinux_user_contexts_path +selinux_file_context_path = _selinux.selinux_file_context_path +selinux_file_context_homedir_path = _selinux.selinux_file_context_homedir_path +selinux_file_context_local_path = _selinux.selinux_file_context_local_path +selinux_homedir_context_path = _selinux.selinux_homedir_context_path +selinux_media_context_path = _selinux.selinux_media_context_path +selinux_x_context_path = _selinux.selinux_x_context_path +selinux_contexts_path = _selinux.selinux_contexts_path +selinux_securetty_types_path = _selinux.selinux_securetty_types_path +selinux_booleans_path = _selinux.selinux_booleans_path +selinux_customizable_types_path = _selinux.selinux_customizable_types_path +selinux_users_path = _selinux.selinux_users_path +selinux_usersconf_path = _selinux.selinux_usersconf_path +selinux_translations_path = _selinux.selinux_translations_path +selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path +selinux_path = _selinux.selinux_path +selinux_check_passwd_access = _selinux.selinux_check_passwd_access +checkPasswdAccess = _selinux.checkPasswdAccess +selinux_check_securetty_context = _selinux.selinux_check_securetty_context +set_selinuxmnt = _selinux.set_selinuxmnt +rpm_execcon = _selinux.rpm_execcon +is_context_customizable = _selinux.is_context_customizable +selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context +selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context +getseuserbyname = _selinux.getseuserbyname +selinux_file_context_cmp = _selinux.selinux_file_context_cmp +selinux_file_context_verify = _selinux.selinux_file_context_verify +selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default +class security_id(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, security_id, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, security_id, name) + __repr__ = _swig_repr + __swig_setmethods__["ctx"] = _selinux.security_id_ctx_set + __swig_getmethods__["ctx"] = _selinux.security_id_ctx_get + if _newclass:ctx = _swig_property(_selinux.security_id_ctx_get, _selinux.security_id_ctx_set) + __swig_setmethods__["refcnt"] = _selinux.security_id_refcnt_set + __swig_getmethods__["refcnt"] = _selinux.security_id_refcnt_get + if _newclass:refcnt = _swig_property(_selinux.security_id_refcnt_get, _selinux.security_id_refcnt_set) + def __init__(self, *args): + this = _selinux.new_security_id(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_security_id + __del__ = lambda self : None; +security_id_swigregister = _selinux.security_id_swigregister +security_id_swigregister(security_id) + +avc_sid_to_context = _selinux.avc_sid_to_context +avc_sid_to_context_raw = _selinux.avc_sid_to_context_raw +avc_context_to_sid = _selinux.avc_context_to_sid +avc_context_to_sid_raw = _selinux.avc_context_to_sid_raw +sidget = _selinux.sidget +sidput = _selinux.sidput +avc_get_initial_sid = _selinux.avc_get_initial_sid +class avc_entry_ref(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, avc_entry_ref, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, avc_entry_ref, name) + __repr__ = _swig_repr + __swig_setmethods__["ae"] = _selinux.avc_entry_ref_ae_set + __swig_getmethods__["ae"] = _selinux.avc_entry_ref_ae_get + if _newclass:ae = _swig_property(_selinux.avc_entry_ref_ae_get, _selinux.avc_entry_ref_ae_set) + def __init__(self, *args): + this = _selinux.new_avc_entry_ref(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_avc_entry_ref + __del__ = lambda self : None; +avc_entry_ref_swigregister = _selinux.avc_entry_ref_swigregister +avc_entry_ref_swigregister(avc_entry_ref) + +class avc_memory_callback(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, avc_memory_callback, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, avc_memory_callback, name) + __repr__ = _swig_repr + __swig_setmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_set + __swig_getmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_get + if _newclass:func_malloc = _swig_property(_selinux.avc_memory_callback_func_malloc_get, _selinux.avc_memory_callback_func_malloc_set) + __swig_setmethods__["func_free"] = _selinux.avc_memory_callback_func_free_set + __swig_getmethods__["func_free"] = _selinux.avc_memory_callback_func_free_get + if _newclass:func_free = _swig_property(_selinux.avc_memory_callback_func_free_get, _selinux.avc_memory_callback_func_free_set) + def __init__(self, *args): + this = _selinux.new_avc_memory_callback(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_avc_memory_callback + __del__ = lambda self : None; +avc_memory_callback_swigregister = _selinux.avc_memory_callback_swigregister +avc_memory_callback_swigregister(avc_memory_callback) + +class avc_log_callback(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, avc_log_callback, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, avc_log_callback, name) + __repr__ = _swig_repr + __swig_setmethods__["func_log"] = _selinux.avc_log_callback_func_log_set + __swig_getmethods__["func_log"] = _selinux.avc_log_callback_func_log_get + if _newclass:func_log = _swig_property(_selinux.avc_log_callback_func_log_get, _selinux.avc_log_callback_func_log_set) + __swig_setmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_set + __swig_getmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_get + if _newclass:func_audit = _swig_property(_selinux.avc_log_callback_func_audit_get, _selinux.avc_log_callback_func_audit_set) + def __init__(self, *args): + this = _selinux.new_avc_log_callback(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_avc_log_callback + __del__ = lambda self : None; +avc_log_callback_swigregister = _selinux.avc_log_callback_swigregister +avc_log_callback_swigregister(avc_log_callback) + +class avc_thread_callback(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, avc_thread_callback, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, avc_thread_callback, name) + __repr__ = _swig_repr + __swig_setmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_set + __swig_getmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_get + if _newclass:func_create_thread = _swig_property(_selinux.avc_thread_callback_func_create_thread_get, _selinux.avc_thread_callback_func_create_thread_set) + __swig_setmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_set + __swig_getmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_get + if _newclass:func_stop_thread = _swig_property(_selinux.avc_thread_callback_func_stop_thread_get, _selinux.avc_thread_callback_func_stop_thread_set) + def __init__(self, *args): + this = _selinux.new_avc_thread_callback(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_avc_thread_callback + __del__ = lambda self : None; +avc_thread_callback_swigregister = _selinux.avc_thread_callback_swigregister +avc_thread_callback_swigregister(avc_thread_callback) + +class avc_lock_callback(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, avc_lock_callback, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, avc_lock_callback, name) + __repr__ = _swig_repr + __swig_setmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_set + __swig_getmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_get + if _newclass:func_alloc_lock = _swig_property(_selinux.avc_lock_callback_func_alloc_lock_get, _selinux.avc_lock_callback_func_alloc_lock_set) + __swig_setmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_set + __swig_getmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_get + if _newclass:func_get_lock = _swig_property(_selinux.avc_lock_callback_func_get_lock_get, _selinux.avc_lock_callback_func_get_lock_set) + __swig_setmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_set + __swig_getmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_get + if _newclass:func_release_lock = _swig_property(_selinux.avc_lock_callback_func_release_lock_get, _selinux.avc_lock_callback_func_release_lock_set) + __swig_setmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_set + __swig_getmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_get + if _newclass:func_free_lock = _swig_property(_selinux.avc_lock_callback_func_free_lock_get, _selinux.avc_lock_callback_func_free_lock_set) + def __init__(self, *args): + this = _selinux.new_avc_lock_callback(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_avc_lock_callback + __del__ = lambda self : None; +avc_lock_callback_swigregister = _selinux.avc_lock_callback_swigregister +avc_lock_callback_swigregister(avc_lock_callback) + +AVC_OPT_UNUSED = _selinux.AVC_OPT_UNUSED +AVC_OPT_SETENFORCE = _selinux.AVC_OPT_SETENFORCE +avc_init = _selinux.avc_init +avc_open = _selinux.avc_open +avc_cleanup = _selinux.avc_cleanup +avc_reset = _selinux.avc_reset +avc_destroy = _selinux.avc_destroy +avc_has_perm_noaudit = _selinux.avc_has_perm_noaudit +avc_has_perm = _selinux.avc_has_perm +avc_audit = _selinux.avc_audit +avc_compute_create = _selinux.avc_compute_create +avc_compute_member = _selinux.avc_compute_member +AVC_CALLBACK_GRANT = _selinux.AVC_CALLBACK_GRANT +AVC_CALLBACK_TRY_REVOKE = _selinux.AVC_CALLBACK_TRY_REVOKE +AVC_CALLBACK_REVOKE = _selinux.AVC_CALLBACK_REVOKE +AVC_CALLBACK_RESET = _selinux.AVC_CALLBACK_RESET +AVC_CALLBACK_AUDITALLOW_ENABLE = _selinux.AVC_CALLBACK_AUDITALLOW_ENABLE +AVC_CALLBACK_AUDITALLOW_DISABLE = _selinux.AVC_CALLBACK_AUDITALLOW_DISABLE +AVC_CALLBACK_AUDITDENY_ENABLE = _selinux.AVC_CALLBACK_AUDITDENY_ENABLE +AVC_CALLBACK_AUDITDENY_DISABLE = _selinux.AVC_CALLBACK_AUDITDENY_DISABLE +AVC_CACHE_STATS = _selinux.AVC_CACHE_STATS +class avc_cache_stats(_object): + __swig_setmethods__ = {} + __setattr__ = lambda self, name, value: _swig_setattr(self, avc_cache_stats, name, value) + __swig_getmethods__ = {} + __getattr__ = lambda self, name: _swig_getattr(self, avc_cache_stats, name) + __repr__ = _swig_repr + __swig_setmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_set + __swig_getmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_get + if _newclass:entry_lookups = _swig_property(_selinux.avc_cache_stats_entry_lookups_get, _selinux.avc_cache_stats_entry_lookups_set) + __swig_setmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_set + __swig_getmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_get + if _newclass:entry_hits = _swig_property(_selinux.avc_cache_stats_entry_hits_get, _selinux.avc_cache_stats_entry_hits_set) + __swig_setmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_set + __swig_getmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_get + if _newclass:entry_misses = _swig_property(_selinux.avc_cache_stats_entry_misses_get, _selinux.avc_cache_stats_entry_misses_set) + __swig_setmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_set + __swig_getmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_get + if _newclass:entry_discards = _swig_property(_selinux.avc_cache_stats_entry_discards_get, _selinux.avc_cache_stats_entry_discards_set) + __swig_setmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_set + __swig_getmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_get + if _newclass:cav_lookups = _swig_property(_selinux.avc_cache_stats_cav_lookups_get, _selinux.avc_cache_stats_cav_lookups_set) + __swig_setmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_set + __swig_getmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_get + if _newclass:cav_hits = _swig_property(_selinux.avc_cache_stats_cav_hits_get, _selinux.avc_cache_stats_cav_hits_set) + __swig_setmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_set + __swig_getmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_get + if _newclass:cav_probes = _swig_property(_selinux.avc_cache_stats_cav_probes_get, _selinux.avc_cache_stats_cav_probes_set) + __swig_setmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_set + __swig_getmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_get + if _newclass:cav_misses = _swig_property(_selinux.avc_cache_stats_cav_misses_get, _selinux.avc_cache_stats_cav_misses_set) + def __init__(self, *args): + this = _selinux.new_avc_cache_stats(*args) + try: self.this.append(this) + except: self.this = this + __swig_destroy__ = _selinux.delete_avc_cache_stats + __del__ = lambda self : None; +avc_cache_stats_swigregister = _selinux.avc_cache_stats_swigregister +avc_cache_stats_swigregister(avc_cache_stats) + +avc_av_stats = _selinux.avc_av_stats +avc_sid_stats = _selinux.avc_sid_stats +selinux_default_type_path = _selinux.selinux_default_type_path +get_default_type = _selinux.get_default_type +SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER +get_ordered_context_list = _selinux.get_ordered_context_list +get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level +get_default_context = _selinux.get_default_context +get_default_context_with_level = _selinux.get_default_context_with_level +get_default_context_with_role = _selinux.get_default_context_with_role +get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel +query_user_context = _selinux.query_user_context +manual_user_enter_context = _selinux.manual_user_enter_context + + diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c new file mode 100644 index 00000000..fdb5a592 --- /dev/null +++ b/libselinux/src/selinux_check_securetty_context.c @@ -0,0 +1,53 @@ +#include <unistd.h> +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <ctype.h> +#include "selinux_internal.h" +#include "context_internal.h" + +int selinux_check_securetty_context(security_context_t tty_context) +{ + char *line = NULL; + char *start, *end = NULL; + size_t line_len = 0; + ssize_t len; + int found = -1; + FILE *fp; + fp = fopen(selinux_securetty_types_path(), "r"); + if (fp) { + context_t con = context_new(tty_context); + if (con) { + const char *type = context_type_get(con); + while ((len = getline(&line, &line_len, fp)) != -1) { + + if (line[len - 1] == '\n') + line[len - 1] = 0; + + /* Skip leading whitespace. */ + start = line; + while (*start && isspace(*start)) + start++; + if (!(*start)) + continue; + + end = start; + while (*end && !isspace(*end)) + end++; + if (*end) + *end++ = 0; + if (!strcmp(type, start)) { + found = 0; + break; + } + } + free(line); + context_free(con); + } + fclose(fp); + } + + return found; +} + +hidden_def(selinux_check_securetty_context) diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c new file mode 100644 index 00000000..7dbbb473 --- /dev/null +++ b/libselinux/src/selinux_config.c @@ -0,0 +1,385 @@ +#include <stdio.h> +#include <stdio_ext.h> +#include <string.h> +#include <ctype.h> +#include <stddef.h> +#include <stdint.h> +#include <stdlib.h> +#include <limits.h> +#include <unistd.h> +#include "selinux_internal.h" +#include "get_default_type_internal.h" + +#define SELINUXDIR "/etc/selinux/" +#define SELINUXCONFIG SELINUXDIR "config" +#define SELINUXDEFAULT "targeted" +#define SELINUXTYPETAG "SELINUXTYPE=" +#define SELINUXTAG "SELINUX=" +#define SETLOCALDEFS "SETLOCALDEFS=" +#define REQUIRESEUSERS "REQUIRESEUSERS=" + +/* Indices for file paths arrays. */ +#define BINPOLICY 0 +#define CONTEXTS_DIR 1 +#define FILE_CONTEXTS 2 +#define HOMEDIR_CONTEXTS 3 +#define DEFAULT_CONTEXTS 4 +#define USER_CONTEXTS 5 +#define FAILSAFE_CONTEXT 6 +#define DEFAULT_TYPE 7 +#define BOOLEANS 8 +#define MEDIA_CONTEXTS 9 +#define REMOVABLE_CONTEXT 10 +#define CUSTOMIZABLE_TYPES 11 +#define USERS_DIR 12 +#define SEUSERS 13 +#define TRANSLATIONS 14 +#define NETFILTER_CONTEXTS 15 +#define FILE_CONTEXTS_HOMEDIR 16 +#define FILE_CONTEXTS_LOCAL 17 +#define SECURETTY_TYPES 18 +#define X_CONTEXTS 19 +#define NEL 20 + +/* New layout is relative to SELINUXDIR/policytype. */ +static char *file_paths[NEL]; +#define L1(l) L2(l) +#define L2(l)str##l +static const union file_path_suffixes_data { + struct { +#define S_(n, s) char L1(__LINE__)[sizeof(s)]; +#include "file_path_suffixes.h" +#undef S_ + }; + char str[0]; +} file_path_suffixes_data = { + { +#define S_(n, s) s, +#include "file_path_suffixes.h" +#undef S_ + } +}; +static const uint16_t file_path_suffixes_idx[NEL] = { +#define S_(n, s) [n] = offsetof(union file_path_suffixes_data, L1(__LINE__)), +#include "file_path_suffixes.h" +#undef S_ +}; + +#undef L1 +#undef L2 + +int selinux_getenforcemode(int *enforce) +{ + int ret = -1; + FILE *cfg = fopen(SELINUXCONFIG, "r"); + if (cfg) { + char *buf; + int len = sizeof(SELINUXTAG) - 1; + buf = malloc(selinux_page_size); + if (!buf) { + fclose(cfg); + return -1; + } + while (fgets_unlocked(buf, selinux_page_size, cfg)) { + if (strncmp(buf, SELINUXTAG, len)) + continue; + if (!strncasecmp + (buf + len, "enforcing", sizeof("enforcing") - 1)) { + *enforce = 1; + ret = 0; + break; + } else + if (!strncasecmp + (buf + len, "permissive", + sizeof("permissive") - 1)) { + *enforce = 0; + ret = 0; + break; + } else + if (!strncasecmp + (buf + len, "disabled", + sizeof("disabled") - 1)) { + *enforce = -1; + ret = 0; + break; + } + } + fclose(cfg); + free(buf); + } + return ret; +} + +hidden_def(selinux_getenforcemode) + +static char *selinux_policytype; + +int selinux_getpolicytype(char **type) +{ + if (!selinux_policytype) + return -1; + *type = strdup(selinux_policytype); + return *type ? 0 : -1; +} + +hidden_def(selinux_getpolicytype) + +static char *selinux_policyroot = NULL; +static char *selinux_rootpath = NULL; + +static void init_selinux_config(void) __attribute__ ((constructor)); + +static void init_selinux_config(void) +{ + int i, *intptr; + size_t line_len; + ssize_t len; + char *line_buf = NULL, *buf_p, *value, *type = NULL, *end; + FILE *fp; + + if (selinux_policyroot) + return; + + selinux_rootpath = SELINUXDIR; + fp = fopen(SELINUXCONFIG, "r"); + if (fp) { + __fsetlocking(fp, FSETLOCKING_BYCALLER); + while ((len = getline(&line_buf, &line_len, fp)) > 0) { + if (line_buf[len - 1] == '\n') + line_buf[len - 1] = 0; + buf_p = line_buf; + while (isspace(*buf_p)) + buf_p++; + if (*buf_p == '#' || *buf_p == 0) + continue; + + if (!strncasecmp(buf_p, SELINUXTYPETAG, + sizeof(SELINUXTYPETAG) - 1)) { + selinux_policytype = type = + strdup(buf_p + sizeof(SELINUXTYPETAG) - 1); + if (!type) + return; + end = type + strlen(type) - 1; + while ((end > type) && + (isspace(*end) || iscntrl(*end))) { + *end = 0; + end--; + } + continue; + } else if (!strncmp(buf_p, SETLOCALDEFS, + sizeof(SETLOCALDEFS) - 1)) { + value = buf_p + sizeof(SETLOCALDEFS) - 1; + intptr = &load_setlocaldefs; + } else if (!strncmp(buf_p, REQUIRESEUSERS, + sizeof(REQUIRESEUSERS) - 1)) { + value = buf_p + sizeof(REQUIRESEUSERS) - 1; + intptr = &require_seusers; + } else { + continue; + } + + if (isdigit(*value)) + *intptr = atoi(value); + else if (strncasecmp(value, "true", sizeof("true") - 1)) + *intptr = 1; + else if (strncasecmp + (value, "false", sizeof("false") - 1)) + *intptr = 0; + } + free(line_buf); + fclose(fp); + } + + if (!type) { + selinux_policytype = type = strdup(SELINUXDEFAULT); + if (!type) + return; + } + + if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, type) == -1) + return; + + for (i = 0; i < NEL; i++) + if (asprintf(&file_paths[i], "%s%s", + selinux_policyroot, + file_path_suffixes_data.str + + file_path_suffixes_idx[i]) + == -1) + return; +} + +static void fini_selinux_policyroot(void) __attribute__ ((destructor)); + +static void fini_selinux_policyroot(void) +{ + int i; + free(selinux_policyroot); + selinux_policyroot = NULL; + for (i = 0; i < NEL; i++) { + free(file_paths[i]); + file_paths[i] = NULL; + } + free(selinux_policytype); + selinux_policytype = NULL; +} + +void reset_selinux_config(void) +{ + fini_selinux_policyroot(); + init_selinux_config(); +} + +static const char *get_path(int idx) +{ + return file_paths[idx]; +} + +const char *selinux_default_type_path() +{ + return get_path(DEFAULT_TYPE); +} + +hidden_def(selinux_default_type_path) + +const char *selinux_policy_root() +{ + return selinux_policyroot; +} + +const char *selinux_path() +{ + return selinux_rootpath; +} + +hidden_def(selinux_path) + +const char *selinux_default_context_path() +{ + return get_path(DEFAULT_CONTEXTS); +} + +hidden_def(selinux_default_context_path) + +const char *selinux_securetty_types_path() +{ + return get_path(SECURETTY_TYPES); +} + +hidden_def(selinux_securetty_types_path) + +const char *selinux_failsafe_context_path() +{ + return get_path(FAILSAFE_CONTEXT); +} + +hidden_def(selinux_failsafe_context_path) + +const char *selinux_removable_context_path() +{ + return get_path(REMOVABLE_CONTEXT); +} + +hidden_def(selinux_removable_context_path) + +const char *selinux_binary_policy_path() +{ + return get_path(BINPOLICY); +} + +hidden_def(selinux_binary_policy_path) + +const char *selinux_file_context_path() +{ + return get_path(FILE_CONTEXTS); +} + +hidden_def(selinux_file_context_path) + +const char *selinux_homedir_context_path() +{ + return get_path(HOMEDIR_CONTEXTS); +} + +hidden_def(selinux_homedir_context_path) + +const char *selinux_media_context_path() +{ + return get_path(MEDIA_CONTEXTS); +} + +hidden_def(selinux_media_context_path) + +const char *selinux_customizable_types_path() +{ + return get_path(CUSTOMIZABLE_TYPES); +} + +hidden_def(selinux_customizable_types_path) + +const char *selinux_contexts_path() +{ + return get_path(CONTEXTS_DIR); +} + +const char *selinux_user_contexts_path() +{ + return get_path(USER_CONTEXTS); +} + +hidden_def(selinux_user_contexts_path) + +const char *selinux_booleans_path() +{ + return get_path(BOOLEANS); +} + +hidden_def(selinux_booleans_path) + +const char *selinux_users_path() +{ + return get_path(USERS_DIR); +} + +hidden_def(selinux_users_path) + +const char *selinux_usersconf_path() +{ + return get_path(SEUSERS); +} + +hidden_def(selinux_usersconf_path) + +const char *selinux_translations_path() +{ + return get_path(TRANSLATIONS); +} + +hidden_def(selinux_translations_path) + +const char *selinux_netfilter_context_path() +{ + return get_path(NETFILTER_CONTEXTS); +} + +hidden_def(selinux_netfilter_context_path) + +const char *selinux_file_context_homedir_path() +{ + return get_path(FILE_CONTEXTS_HOMEDIR); +} + +hidden_def(selinux_file_context_homedir_path) + +const char *selinux_file_context_local_path() +{ + return get_path(FILE_CONTEXTS_LOCAL); +} + +hidden_def(selinux_file_context_local_path) + +const char *selinux_x_context_path() +{ + return get_path(X_CONTEXTS); +} + +hidden_def(selinux_x_context_path) diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h new file mode 100644 index 00000000..eaf1767a --- /dev/null +++ b/libselinux/src/selinux_internal.h @@ -0,0 +1,86 @@ +#include <selinux/selinux.h> +#include "dso.h" + +hidden_proto(selinux_mkload_policy) + hidden_proto(set_selinuxmnt) + hidden_proto(security_disable) + hidden_proto(security_policyvers) + hidden_proto(security_load_policy) + hidden_proto(security_get_boolean_active) + hidden_proto(security_get_boolean_names) + hidden_proto(security_set_boolean) + hidden_proto(security_commit_booleans) + hidden_proto(security_check_context) + hidden_proto(security_check_context_raw) + hidden_proto(security_canonicalize_context) + hidden_proto(security_canonicalize_context_raw) + hidden_proto(security_compute_av) + hidden_proto(security_compute_av_raw) + hidden_proto(security_compute_user) + hidden_proto(security_compute_user_raw) + hidden_proto(security_compute_create) + hidden_proto(security_compute_create_raw) + hidden_proto(security_compute_member_raw) + hidden_proto(security_compute_relabel_raw) + hidden_proto(is_selinux_enabled) + hidden_proto(is_selinux_mls_enabled) + hidden_proto(freecon) + hidden_proto(freeconary) + hidden_proto(getprevcon) + hidden_proto(getprevcon_raw) + hidden_proto(getcon) + hidden_proto(getcon_raw) + hidden_proto(setcon_raw) + hidden_proto(getpeercon_raw) + hidden_proto(getpidcon_raw) + hidden_proto(getexeccon_raw) + hidden_proto(getfilecon) + hidden_proto(getfilecon_raw) + hidden_proto(lgetfilecon_raw) + hidden_proto(fgetfilecon_raw) + hidden_proto(setfilecon_raw) + hidden_proto(lsetfilecon_raw) + hidden_proto(fsetfilecon_raw) + hidden_proto(setexeccon) + hidden_proto(setexeccon_raw) + hidden_proto(getfscreatecon_raw) + hidden_proto(getkeycreatecon_raw) + hidden_proto(getsockcreatecon_raw) + hidden_proto(setfscreatecon_raw) + hidden_proto(setkeycreatecon_raw) + hidden_proto(setsockcreatecon_raw) + hidden_proto(security_getenforce) + hidden_proto(security_setenforce) + hidden_proto(selinux_binary_policy_path) + hidden_proto(selinux_default_context_path) + hidden_proto(selinux_securetty_types_path) + hidden_proto(selinux_failsafe_context_path) + hidden_proto(selinux_removable_context_path) + hidden_proto(selinux_file_context_path) + hidden_proto(selinux_file_context_homedir_path) + hidden_proto(selinux_file_context_local_path) + hidden_proto(selinux_netfilter_context_path) + hidden_proto(selinux_homedir_context_path) + hidden_proto(selinux_user_contexts_path) + hidden_proto(selinux_booleans_path) + hidden_proto(selinux_customizable_types_path) + hidden_proto(selinux_media_context_path) + hidden_proto(selinux_x_context_path) + hidden_proto(selinux_path) + hidden_proto(selinux_check_passwd_access) + hidden_proto(selinux_check_securetty_context) + hidden_proto(matchpathcon_init_prefix) + hidden_proto(selinux_users_path) + hidden_proto(selinux_usersconf_path); +hidden_proto(selinux_translations_path); +hidden_proto(selinux_getenforcemode); +hidden_proto(selinux_getpolicytype); +hidden_proto(selinux_raw_to_trans_context); +hidden_proto(selinux_trans_to_raw_context); +hidden_proto(security_get_initial_context); +hidden_proto(security_get_initial_context_raw); + +extern void reset_selinux_config(void) hidden; +extern int load_setlocaldefs hidden; +extern int require_seusers hidden; +extern int selinux_page_size hidden; diff --git a/libselinux/src/selinux_netlink.h b/libselinux/src/selinux_netlink.h new file mode 100644 index 00000000..88ef5517 --- /dev/null +++ b/libselinux/src/selinux_netlink.h @@ -0,0 +1,31 @@ +/* + * Netlink event notifications for SELinux. + * + * Author: James Morris <jmorris@redhat.com> + */ +#ifndef _LINUX_SELINUX_NETLINK_H +#define _LINUX_SELINUX_NETLINK_H + +/* Message types. */ +#define SELNL_MSG_BASE 0x10 +enum { + SELNL_MSG_SETENFORCE = SELNL_MSG_BASE, + SELNL_MSG_POLICYLOAD, + SELNL_MSG_MAX +}; + +/* Multicast groups */ +#define SELNL_GRP_NONE 0x00000000 +#define SELNL_GRP_AVC 0x00000001 /* AVC notifications */ +#define SELNL_GRP_ALL 0xffffffff + +/* Message structures */ +struct selnl_msg_setenforce { + int32_t val; +}; + +struct selnl_msg_policyload { + uint32_t seqno; +}; + +#endif /* _LINUX_SELINUX_NETLINK_H */ diff --git a/libselinux/src/selinuxswig.i b/libselinux/src/selinuxswig.i new file mode 100644 index 00000000..a74bf045 --- /dev/null +++ b/libselinux/src/selinuxswig.i @@ -0,0 +1,57 @@ +/* Authors: Dan Walsh + * James Athey + */ + +%module selinux +%{ + #include "selinux/selinux.h" + #include "../include/selinux/avc.h" + #include "../include/selinux/selinux.h" + #include "../include/selinux/get_default_type.h" + #include "../include/selinux/get_context_list.h" +%} +%apply int *OUTPUT { int *enforce }; +%apply int *OUTPUT { size_t * }; + +%typedef unsigned mode_t; +%typedef unsigned pid_t; + +%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) { + $1 = &temp1; + $2 = &temp2; +} + +%typemap(freearg) (char ***names, int *len) { + int i; + if (*$1) { + for (i = 0; i < *$2; i++) { + free((*$1)[i]); + } + free(*$1); + } +} + +%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) { + $1 = &temp; +} + +%typemap(freearg) (security_context_t **) { + if (*$1) freeconary(*$1); +} + +/* Ignore functions that don't make sense when wrapped */ +%ignore freecon; +%ignore freeconary; + +/* Ignore functions that take a function pointer as an argument */ +%ignore set_matchpathcon_printf; +%ignore set_matchpathcon_invalidcon; +%ignore set_matchpathcon_canoncon; + +%ignore avc_add_callback; + +%include "../include/selinux/selinux.h" +%include "../include/selinux/avc.h" +%include "../include/selinux/get_default_type.h" +%include "../include/selinux/get_context_list.h" + diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i new file mode 100644 index 00000000..3f43abf2 --- /dev/null +++ b/libselinux/src/selinuxswig_python.i @@ -0,0 +1,136 @@ +/* Author: James Athey + */ + +%module selinux +%{ + #include "selinux/selinux.h" +%} + +/* security_get_boolean_names() typemap */ +%typemap(argout) (char ***names, int *len) { + PyObject* list = PyList_New(*$2); + int i; + for (i = 0; i < *$2; i++) { + PyList_SetItem(list, i, PyString_FromString((*$1)[i])); + } + $result = SWIG_Python_AppendOutput($result, list); +} + +/* return a sid along with the result */ +%typemap(argout) (security_id_t * sid) { + if (*$1) { + %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); + } else { + Py_INCREF(Py_None); + %append_output(Py_None); + } +} + +%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { + $1 = &temp; +} + +/* Makes security_compute_user() return a Python list of contexts */ +%typemap(argout) (security_context_t **con) { + PyObject* plist; + int i, len = 0; + + if (*$1) { + while((*$1)[len]) + len++; + plist = PyList_New(len); + for (i = 0; i < len; i++) { + PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); + } + } else { + plist = PyList_New(0); + } + + $result = SWIG_Python_AppendOutput($result, plist); +} + +/* Makes functions in get_context_list.h return a Python list of contexts */ +%typemap(argout) (security_context_t **list) { + PyObject* plist; + int i; + + if (*$1) { + plist = PyList_New(result); + for (i = 0; i < result; i++) { + PyList_SetItem(plist, i, PyString_FromString((*$1)[i])); + } + } else { + plist = PyList_New(0); + } + /* Only return the Python list, don't need to return the length anymore */ + $result = plist; +} + +%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") security_context_t * ""; +%typemap(argout,noblock=1) security_context_t * { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + freecon(*$1); + } + else { + Py_INCREF(Py_None); + %append_output(Py_None); + } +} + +%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") char ** ""; +%typemap(argout,noblock=1) char ** { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + free(*$1); + } + else { + Py_INCREF(Py_None); + %append_output(Py_None); + } +} + +%typemap(in) char * const [] { + int i, size; + PyObject * s; + + if (!PySequence_Check($input)) { + PyErr_SetString(PyExc_ValueError, "Expected a sequence"); + return NULL; + } + + size = PySequence_Size($input); + + $1 = (char**) malloc(size + 1); + + for(i = 0; i < size; i++) { + if (!PyString_Check(PySequence_GetItem($input, i))) { + PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); + return NULL; + } + } + + for(i = 0; i < size; i++) { + s = PySequence_GetItem($input, i); + $1[i] = (char*) malloc(PyString_Size(s) + 1); + strcpy($1[i], PyString_AsString(s)); + } + $1[size] = NULL; +} + +%typemap(freearg,match="in") char * const [] { + int i = 0; + while($1[i]) { + free($1[i]); + i++; + } + free($1); +} + +%include "selinuxswig.i" diff --git a/libselinux/src/selinuxswig_ruby.i b/libselinux/src/selinuxswig_ruby.i new file mode 100644 index 00000000..e46826bf --- /dev/null +++ b/libselinux/src/selinuxswig_ruby.i @@ -0,0 +1,52 @@ +/* Author: Dan Walsh + Based on selinuxswig_python.i by James Athey + */ + +%module selinux +%{ + #include "selinux/selinux.h" +%} + +/* return a sid along with the result */ +%typemap(argout) (security_id_t * sid) { + if (*$1) { + %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); + } +} + +%typemap(in,numinputs=0) security_id_t *(security_id_t temp) { + $1 = &temp; +} + +%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") security_context_t * ""; +%typemap(argout,noblock=1) security_context_t * { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + freecon(*$1); + } +} + +%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { + $1 = &temp; +} +%typemap(freearg,match="in") char ** ""; +%typemap(argout,noblock=1) char ** { + if (*$1) { + %append_output(SWIG_FromCharPtr(*$1)); + free(*$1); + } +} + +%typemap(freearg,match="in") char * const [] { + int i = 0; + while($1[i]) { + free($1[i]); + i++; + } + free($1); +} + +%include "selinuxswig.i" diff --git a/libselinux/src/selinuxswig_wrap.c b/libselinux/src/selinuxswig_wrap.c new file mode 100644 index 00000000..b4cd0286 --- /dev/null +++ b/libselinux/src/selinuxswig_wrap.c @@ -0,0 +1,10991 @@ +/* ---------------------------------------------------------------------------- + * This file was automatically generated by SWIG (http://www.swig.org). + * Version 1.3.33 + * + * This file is not intended to be easily readable and contains a number of + * coding conventions designed to improve portability and efficiency. Do not make + * changes to this file unless you know what you are doing--modify the SWIG + * interface file instead. + * ----------------------------------------------------------------------------- */ + +#define SWIGPYTHON +#define SWIG_PYTHON_DIRECTOR_NO_VTABLE +/* ----------------------------------------------------------------------------- + * This section contains generic SWIG labels for method/variable + * declarations/attributes, and other compiler dependent labels. + * ----------------------------------------------------------------------------- */ + +/* template workaround for compilers that cannot correctly implement the C++ standard */ +#ifndef SWIGTEMPLATEDISAMBIGUATOR +# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560) +# define SWIGTEMPLATEDISAMBIGUATOR template +# elif defined(__HP_aCC) +/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */ +/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */ +# define SWIGTEMPLATEDISAMBIGUATOR template +# else +# define SWIGTEMPLATEDISAMBIGUATOR +# endif +#endif + +/* inline attribute */ +#ifndef SWIGINLINE +# if defined(__cplusplus) || (defined(__GNUC__) && !defined(__STRICT_ANSI__)) +# define SWIGINLINE inline +# else +# define SWIGINLINE +# endif +#endif + +/* attribute recognised by some compilers to avoid 'unused' warnings */ +#ifndef SWIGUNUSED +# if defined(__GNUC__) +# if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) +# define SWIGUNUSED __attribute__ ((__unused__)) +# else +# define SWIGUNUSED +# endif +# elif defined(__ICC) +# define SWIGUNUSED __attribute__ ((__unused__)) +# else +# define SWIGUNUSED +# endif +#endif + +#ifndef SWIGUNUSEDPARM +# ifdef __cplusplus +# define SWIGUNUSEDPARM(p) +# else +# define SWIGUNUSEDPARM(p) p SWIGUNUSED +# endif +#endif + +/* internal SWIG method */ +#ifndef SWIGINTERN +# define SWIGINTERN static SWIGUNUSED +#endif + +/* internal inline SWIG method */ +#ifndef SWIGINTERNINLINE +# define SWIGINTERNINLINE SWIGINTERN SWIGINLINE +#endif + +/* exporting methods */ +#if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4) +# ifndef GCC_HASCLASSVISIBILITY +# define GCC_HASCLASSVISIBILITY +# endif +#endif + +#ifndef SWIGEXPORT +# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__) +# if defined(STATIC_LINKED) +# define SWIGEXPORT +# else +# define SWIGEXPORT __declspec(dllexport) +# endif +# else +# if defined(__GNUC__) && defined(GCC_HASCLASSVISIBILITY) +# define SWIGEXPORT __attribute__ ((visibility("default"))) +# else +# define SWIGEXPORT +# endif +# endif +#endif + +/* calling conventions for Windows */ +#ifndef SWIGSTDCALL +# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__) +# define SWIGSTDCALL __stdcall +# else +# define SWIGSTDCALL +# endif +#endif + +/* Deal with Microsoft's attempt at deprecating C standard runtime functions */ +#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE) +# define _CRT_SECURE_NO_DEPRECATE +#endif + +/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */ +#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE) +# define _SCL_SECURE_NO_DEPRECATE +#endif + + + +/* Python.h has to appear first */ +#include <Python.h> + +/* ----------------------------------------------------------------------------- + * swigrun.swg + * + * This file contains generic CAPI SWIG runtime support for pointer + * type checking. + * ----------------------------------------------------------------------------- */ + +/* This should only be incremented when either the layout of swig_type_info changes, + or for whatever reason, the runtime changes incompatibly */ +#define SWIG_RUNTIME_VERSION "3" + +/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */ +#ifdef SWIG_TYPE_TABLE +# define SWIG_QUOTE_STRING(x) #x +# define SWIG_EXPAND_AND_QUOTE_STRING(x) SWIG_QUOTE_STRING(x) +# define SWIG_TYPE_TABLE_NAME SWIG_EXPAND_AND_QUOTE_STRING(SWIG_TYPE_TABLE) +#else +# define SWIG_TYPE_TABLE_NAME +#endif + +/* + You can use the SWIGRUNTIME and SWIGRUNTIMEINLINE macros for + creating a static or dynamic library from the swig runtime code. + In 99.9% of the cases, swig just needs to declare them as 'static'. + + But only do this if is strictly necessary, ie, if you have problems + with your compiler or so. +*/ + +#ifndef SWIGRUNTIME +# define SWIGRUNTIME SWIGINTERN +#endif + +#ifndef SWIGRUNTIMEINLINE +# define SWIGRUNTIMEINLINE SWIGRUNTIME SWIGINLINE +#endif + +/* Generic buffer size */ +#ifndef SWIG_BUFFER_SIZE +# define SWIG_BUFFER_SIZE 1024 +#endif + +/* Flags for pointer conversions */ +#define SWIG_POINTER_DISOWN 0x1 + +/* Flags for new pointer objects */ +#define SWIG_POINTER_OWN 0x1 + + +/* + Flags/methods for returning states. + + The swig conversion methods, as ConvertPtr, return and integer + that tells if the conversion was successful or not. And if not, + an error code can be returned (see swigerrors.swg for the codes). + + Use the following macros/flags to set or process the returning + states. + + In old swig versions, you usually write code as: + + if (SWIG_ConvertPtr(obj,vptr,ty.flags) != -1) { + // success code + } else { + //fail code + } + + Now you can be more explicit as: + + int res = SWIG_ConvertPtr(obj,vptr,ty.flags); + if (SWIG_IsOK(res)) { + // success code + } else { + // fail code + } + + that seems to be the same, but now you can also do + + Type *ptr; + int res = SWIG_ConvertPtr(obj,(void **)(&ptr),ty.flags); + if (SWIG_IsOK(res)) { + // success code + if (SWIG_IsNewObj(res) { + ... + delete *ptr; + } else { + ... + } + } else { + // fail code + } + + I.e., now SWIG_ConvertPtr can return new objects and you can + identify the case and take care of the deallocation. Of course that + requires also to SWIG_ConvertPtr to return new result values, as + + int SWIG_ConvertPtr(obj, ptr,...) { + if (<obj is ok>) { + if (<need new object>) { + *ptr = <ptr to new allocated object>; + return SWIG_NEWOBJ; + } else { + *ptr = <ptr to old object>; + return SWIG_OLDOBJ; + } + } else { + return SWIG_BADOBJ; + } + } + + Of course, returning the plain '0(success)/-1(fail)' still works, but you can be + more explicit by returning SWIG_BADOBJ, SWIG_ERROR or any of the + swig errors code. + + Finally, if the SWIG_CASTRANK_MODE is enabled, the result code + allows to return the 'cast rank', for example, if you have this + + int food(double) + int fooi(int); + + and you call + + food(1) // cast rank '1' (1 -> 1.0) + fooi(1) // cast rank '0' + + just use the SWIG_AddCast()/SWIG_CheckState() + + + */ +#define SWIG_OK (0) +#define SWIG_ERROR (-1) +#define SWIG_IsOK(r) (r >= 0) +#define SWIG_ArgError(r) ((r != SWIG_ERROR) ? r : SWIG_TypeError) + +/* The CastRankLimit says how many bits are used for the cast rank */ +#define SWIG_CASTRANKLIMIT (1 << 8) +/* The NewMask denotes the object was created (using new/malloc) */ +#define SWIG_NEWOBJMASK (SWIG_CASTRANKLIMIT << 1) +/* The TmpMask is for in/out typemaps that use temporal objects */ +#define SWIG_TMPOBJMASK (SWIG_NEWOBJMASK << 1) +/* Simple returning values */ +#define SWIG_BADOBJ (SWIG_ERROR) +#define SWIG_OLDOBJ (SWIG_OK) +#define SWIG_NEWOBJ (SWIG_OK | SWIG_NEWOBJMASK) +#define SWIG_TMPOBJ (SWIG_OK | SWIG_TMPOBJMASK) +/* Check, add and del mask methods */ +#define SWIG_AddNewMask(r) (SWIG_IsOK(r) ? (r | SWIG_NEWOBJMASK) : r) +#define SWIG_DelNewMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_NEWOBJMASK) : r) +#define SWIG_IsNewObj(r) (SWIG_IsOK(r) && (r & SWIG_NEWOBJMASK)) +#define SWIG_AddTmpMask(r) (SWIG_IsOK(r) ? (r | SWIG_TMPOBJMASK) : r) +#define SWIG_DelTmpMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_TMPOBJMASK) : r) +#define SWIG_IsTmpObj(r) (SWIG_IsOK(r) && (r & SWIG_TMPOBJMASK)) + + +/* Cast-Rank Mode */ +#if defined(SWIG_CASTRANK_MODE) +# ifndef SWIG_TypeRank +# define SWIG_TypeRank unsigned long +# endif +# ifndef SWIG_MAXCASTRANK /* Default cast allowed */ +# define SWIG_MAXCASTRANK (2) +# endif +# define SWIG_CASTRANKMASK ((SWIG_CASTRANKLIMIT) -1) +# define SWIG_CastRank(r) (r & SWIG_CASTRANKMASK) +SWIGINTERNINLINE int SWIG_AddCast(int r) { + return SWIG_IsOK(r) ? ((SWIG_CastRank(r) < SWIG_MAXCASTRANK) ? (r + 1) : SWIG_ERROR) : r; +} +SWIGINTERNINLINE int SWIG_CheckState(int r) { + return SWIG_IsOK(r) ? SWIG_CastRank(r) + 1 : 0; +} +#else /* no cast-rank mode */ +# define SWIG_AddCast +# define SWIG_CheckState(r) (SWIG_IsOK(r) ? 1 : 0) +#endif + + + + +#include <string.h> + +#ifdef __cplusplus +extern "C" { +#endif + +typedef void *(*swig_converter_func)(void *); +typedef struct swig_type_info *(*swig_dycast_func)(void **); + +/* Structure to store inforomation on one type */ +typedef struct swig_type_info { + const char *name; /* mangled name of this type */ + const char *str; /* human readable name of this type */ + swig_dycast_func dcast; /* dynamic cast function down a hierarchy */ + struct swig_cast_info *cast; /* linked list of types that can cast into this type */ + void *clientdata; /* language specific type data */ + int owndata; /* flag if the structure owns the clientdata */ +} swig_type_info; + +/* Structure to store a type and conversion function used for casting */ +typedef struct swig_cast_info { + swig_type_info *type; /* pointer to type that is equivalent to this type */ + swig_converter_func converter; /* function to cast the void pointers */ + struct swig_cast_info *next; /* pointer to next cast in linked list */ + struct swig_cast_info *prev; /* pointer to the previous cast */ +} swig_cast_info; + +/* Structure used to store module information + * Each module generates one structure like this, and the runtime collects + * all of these structures and stores them in a circularly linked list.*/ +typedef struct swig_module_info { + swig_type_info **types; /* Array of pointers to swig_type_info structures that are in this module */ + size_t size; /* Number of types in this module */ + struct swig_module_info *next; /* Pointer to next element in circularly linked list */ + swig_type_info **type_initial; /* Array of initially generated type structures */ + swig_cast_info **cast_initial; /* Array of initially generated casting structures */ + void *clientdata; /* Language specific module data */ +} swig_module_info; + +/* + Compare two type names skipping the space characters, therefore + "char*" == "char *" and "Class<int>" == "Class<int >", etc. + + Return 0 when the two name types are equivalent, as in + strncmp, but skipping ' '. +*/ +SWIGRUNTIME int +SWIG_TypeNameComp(const char *f1, const char *l1, + const char *f2, const char *l2) { + for (;(f1 != l1) && (f2 != l2); ++f1, ++f2) { + while ((*f1 == ' ') && (f1 != l1)) ++f1; + while ((*f2 == ' ') && (f2 != l2)) ++f2; + if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1; + } + return (int)((l1 - f1) - (l2 - f2)); +} + +/* + Check type equivalence in a name list like <name1>|<name2>|... + Return 0 if not equal, 1 if equal +*/ +SWIGRUNTIME int +SWIG_TypeEquiv(const char *nb, const char *tb) { + int equiv = 0; + const char* te = tb + strlen(tb); + const char* ne = nb; + while (!equiv && *ne) { + for (nb = ne; *ne; ++ne) { + if (*ne == '|') break; + } + equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0; + if (*ne) ++ne; + } + return equiv; +} + +/* + Check type equivalence in a name list like <name1>|<name2>|... + Return 0 if equal, -1 if nb < tb, 1 if nb > tb +*/ +SWIGRUNTIME int +SWIG_TypeCompare(const char *nb, const char *tb) { + int equiv = 0; + const char* te = tb + strlen(tb); + const char* ne = nb; + while (!equiv && *ne) { + for (nb = ne; *ne; ++ne) { + if (*ne == '|') break; + } + equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0; + if (*ne) ++ne; + } + return equiv; +} + + +/* think of this as a c++ template<> or a scheme macro */ +#define SWIG_TypeCheck_Template(comparison, ty) \ + if (ty) { \ + swig_cast_info *iter = ty->cast; \ + while (iter) { \ + if (comparison) { \ + if (iter == ty->cast) return iter; \ + /* Move iter to the top of the linked list */ \ + iter->prev->next = iter->next; \ + if (iter->next) \ + iter->next->prev = iter->prev; \ + iter->next = ty->cast; \ + iter->prev = 0; \ + if (ty->cast) ty->cast->prev = iter; \ + ty->cast = iter; \ + return iter; \ + } \ + iter = iter->next; \ + } \ + } \ + return 0 + +/* + Check the typename +*/ +SWIGRUNTIME swig_cast_info * +SWIG_TypeCheck(const char *c, swig_type_info *ty) { + SWIG_TypeCheck_Template(strcmp(iter->type->name, c) == 0, ty); +} + +/* Same as previous function, except strcmp is replaced with a pointer comparison */ +SWIGRUNTIME swig_cast_info * +SWIG_TypeCheckStruct(swig_type_info *from, swig_type_info *into) { + SWIG_TypeCheck_Template(iter->type == from, into); +} + +/* + Cast a pointer up an inheritance hierarchy +*/ +SWIGRUNTIMEINLINE void * +SWIG_TypeCast(swig_cast_info *ty, void *ptr) { + return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr); +} + +/* + Dynamic pointer casting. Down an inheritance hierarchy +*/ +SWIGRUNTIME swig_type_info * +SWIG_TypeDynamicCast(swig_type_info *ty, void **ptr) { + swig_type_info *lastty = ty; + if (!ty || !ty->dcast) return ty; + while (ty && (ty->dcast)) { + ty = (*ty->dcast)(ptr); + if (ty) lastty = ty; + } + return lastty; +} + +/* + Return the name associated with this type +*/ +SWIGRUNTIMEINLINE const char * +SWIG_TypeName(const swig_type_info *ty) { + return ty->name; +} + +/* + Return the pretty name associated with this type, + that is an unmangled type name in a form presentable to the user. +*/ +SWIGRUNTIME const char * +SWIG_TypePrettyName(const swig_type_info *type) { + /* The "str" field contains the equivalent pretty names of the + type, separated by vertical-bar characters. We choose + to print the last name, as it is often (?) the most + specific. */ + if (!type) return NULL; + if (type->str != NULL) { + const char *last_name = type->str; + const char *s; + for (s = type->str; *s; s++) + if (*s == '|') last_name = s+1; + return last_name; + } + else + return type->name; +} + +/* + Set the clientdata field for a type +*/ +SWIGRUNTIME void +SWIG_TypeClientData(swig_type_info *ti, void *clientdata) { + swig_cast_info *cast = ti->cast; + /* if (ti->clientdata == clientdata) return; */ + ti->clientdata = clientdata; + + while (cast) { + if (!cast->converter) { + swig_type_info *tc = cast->type; + if (!tc->clientdata) { + SWIG_TypeClientData(tc, clientdata); + } + } + cast = cast->next; + } +} +SWIGRUNTIME void +SWIG_TypeNewClientData(swig_type_info *ti, void *clientdata) { + SWIG_TypeClientData(ti, clientdata); + ti->owndata = 1; +} + +/* + Search for a swig_type_info structure only by mangled name + Search is a O(log #types) + + We start searching at module start, and finish searching when start == end. + Note: if start == end at the beginning of the function, we go all the way around + the circular list. +*/ +SWIGRUNTIME swig_type_info * +SWIG_MangledTypeQueryModule(swig_module_info *start, + swig_module_info *end, + const char *name) { + swig_module_info *iter = start; + do { + if (iter->size) { + register size_t l = 0; + register size_t r = iter->size - 1; + do { + /* since l+r >= 0, we can (>> 1) instead (/ 2) */ + register size_t i = (l + r) >> 1; + const char *iname = iter->types[i]->name; + if (iname) { + register int compare = strcmp(name, iname); + if (compare == 0) { + return iter->types[i]; + } else if (compare < 0) { + if (i) { + r = i - 1; + } else { + break; + } + } else if (compare > 0) { + l = i + 1; + } + } else { + break; /* should never happen */ + } + } while (l <= r); + } + iter = iter->next; + } while (iter != end); + return 0; +} + +/* + Search for a swig_type_info structure for either a mangled name or a human readable name. + It first searches the mangled names of the types, which is a O(log #types) + If a type is not found it then searches the human readable names, which is O(#types). + + We start searching at module start, and finish searching when start == end. + Note: if start == end at the beginning of the function, we go all the way around + the circular list. +*/ +SWIGRUNTIME swig_type_info * +SWIG_TypeQueryModule(swig_module_info *start, + swig_module_info *end, + const char *name) { + /* STEP 1: Search the name field using binary search */ + swig_type_info *ret = SWIG_MangledTypeQueryModule(start, end, name); + if (ret) { + return ret; + } else { + /* STEP 2: If the type hasn't been found, do a complete search + of the str field (the human readable name) */ + swig_module_info *iter = start; + do { + register size_t i = 0; + for (; i < iter->size; ++i) { + if (iter->types[i]->str && (SWIG_TypeEquiv(iter->types[i]->str, name))) + return iter->types[i]; + } + iter = iter->next; + } while (iter != end); + } + + /* neither found a match */ + return 0; +} + +/* + Pack binary data into a string +*/ +SWIGRUNTIME char * +SWIG_PackData(char *c, void *ptr, size_t sz) { + static const char hex[17] = "0123456789abcdef"; + register const unsigned char *u = (unsigned char *) ptr; + register const unsigned char *eu = u + sz; + for (; u != eu; ++u) { + register unsigned char uu = *u; + *(c++) = hex[(uu & 0xf0) >> 4]; + *(c++) = hex[uu & 0xf]; + } + return c; +} + +/* + Unpack binary data from a string +*/ +SWIGRUNTIME const char * +SWIG_UnpackData(const char *c, void *ptr, size_t sz) { + register unsigned char *u = (unsigned char *) ptr; + register const unsigned char *eu = u + sz; + for (; u != eu; ++u) { + register char d = *(c++); + register unsigned char uu; + if ((d >= '0') && (d <= '9')) + uu = ((d - '0') << 4); + else if ((d >= 'a') && (d <= 'f')) + uu = ((d - ('a'-10)) << 4); + else + return (char *) 0; + d = *(c++); + if ((d >= '0') && (d <= '9')) + uu |= (d - '0'); + else if ((d >= 'a') && (d <= 'f')) + uu |= (d - ('a'-10)); + else + return (char *) 0; + *u = uu; + } + return c; +} + +/* + Pack 'void *' into a string buffer. +*/ +SWIGRUNTIME char * +SWIG_PackVoidPtr(char *buff, void *ptr, const char *name, size_t bsz) { + char *r = buff; + if ((2*sizeof(void *) + 2) > bsz) return 0; + *(r++) = '_'; + r = SWIG_PackData(r,&ptr,sizeof(void *)); + if (strlen(name) + 1 > (bsz - (r - buff))) return 0; + strcpy(r,name); + return buff; +} + +SWIGRUNTIME const char * +SWIG_UnpackVoidPtr(const char *c, void **ptr, const char *name) { + if (*c != '_') { + if (strcmp(c,"NULL") == 0) { + *ptr = (void *) 0; + return name; + } else { + return 0; + } + } + return SWIG_UnpackData(++c,ptr,sizeof(void *)); +} + +SWIGRUNTIME char * +SWIG_PackDataName(char *buff, void *ptr, size_t sz, const char *name, size_t bsz) { + char *r = buff; + size_t lname = (name ? strlen(name) : 0); + if ((2*sz + 2 + lname) > bsz) return 0; + *(r++) = '_'; + r = SWIG_PackData(r,ptr,sz); + if (lname) { + strncpy(r,name,lname+1); + } else { + *r = 0; + } + return buff; +} + +SWIGRUNTIME const char * +SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) { + if (*c != '_') { + if (strcmp(c,"NULL") == 0) { + memset(ptr,0,sz); + return name; + } else { + return 0; + } + } + return SWIG_UnpackData(++c,ptr,sz); +} + +#ifdef __cplusplus +} +#endif + +/* Errors in SWIG */ +#define SWIG_UnknownError -1 +#define SWIG_IOError -2 +#define SWIG_RuntimeError -3 +#define SWIG_IndexError -4 +#define SWIG_TypeError -5 +#define SWIG_DivisionByZero -6 +#define SWIG_OverflowError -7 +#define SWIG_SyntaxError -8 +#define SWIG_ValueError -9 +#define SWIG_SystemError -10 +#define SWIG_AttributeError -11 +#define SWIG_MemoryError -12 +#define SWIG_NullReferenceError -13 + + + + +/* Add PyOS_snprintf for old Pythons */ +#if PY_VERSION_HEX < 0x02020000 +# if defined(_MSC_VER) || defined(__BORLANDC__) || defined(_WATCOM) +# define PyOS_snprintf _snprintf +# else +# define PyOS_snprintf snprintf +# endif +#endif + +/* A crude PyString_FromFormat implementation for old Pythons */ +#if PY_VERSION_HEX < 0x02020000 + +#ifndef SWIG_PYBUFFER_SIZE +# define SWIG_PYBUFFER_SIZE 1024 +#endif + +static PyObject * +PyString_FromFormat(const char *fmt, ...) { + va_list ap; + char buf[SWIG_PYBUFFER_SIZE * 2]; + int res; + va_start(ap, fmt); + res = vsnprintf(buf, sizeof(buf), fmt, ap); + va_end(ap); + return (res < 0 || res >= (int)sizeof(buf)) ? 0 : PyString_FromString(buf); +} +#endif + +/* Add PyObject_Del for old Pythons */ +#if PY_VERSION_HEX < 0x01060000 +# define PyObject_Del(op) PyMem_DEL((op)) +#endif +#ifndef PyObject_DEL +# define PyObject_DEL PyObject_Del +#endif + +/* A crude PyExc_StopIteration exception for old Pythons */ +#if PY_VERSION_HEX < 0x02020000 +# ifndef PyExc_StopIteration +# define PyExc_StopIteration PyExc_RuntimeError +# endif +# ifndef PyObject_GenericGetAttr +# define PyObject_GenericGetAttr 0 +# endif +#endif +/* Py_NotImplemented is defined in 2.1 and up. */ +#if PY_VERSION_HEX < 0x02010000 +# ifndef Py_NotImplemented +# define Py_NotImplemented PyExc_RuntimeError +# endif +#endif + + +/* A crude PyString_AsStringAndSize implementation for old Pythons */ +#if PY_VERSION_HEX < 0x02010000 +# ifndef PyString_AsStringAndSize +# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;} +# endif +#endif + +/* PySequence_Size for old Pythons */ +#if PY_VERSION_HEX < 0x02000000 +# ifndef PySequence_Size +# define PySequence_Size PySequence_Length +# endif +#endif + + +/* PyBool_FromLong for old Pythons */ +#if PY_VERSION_HEX < 0x02030000 +static +PyObject *PyBool_FromLong(long ok) +{ + PyObject *result = ok ? Py_True : Py_False; + Py_INCREF(result); + return result; +} +#endif + +/* Py_ssize_t for old Pythons */ +/* This code is as recommended by: */ +/* http://www.python.org/dev/peps/pep-0353/#conversion-guidelines */ +#if PY_VERSION_HEX < 0x02050000 && !defined(PY_SSIZE_T_MIN) +typedef int Py_ssize_t; +# define PY_SSIZE_T_MAX INT_MAX +# define PY_SSIZE_T_MIN INT_MIN +#endif + +/* ----------------------------------------------------------------------------- + * error manipulation + * ----------------------------------------------------------------------------- */ + +SWIGRUNTIME PyObject* +SWIG_Python_ErrorType(int code) { + PyObject* type = 0; + switch(code) { + case SWIG_MemoryError: + type = PyExc_MemoryError; + break; + case SWIG_IOError: + type = PyExc_IOError; + break; + case SWIG_RuntimeError: + type = PyExc_RuntimeError; + break; + case SWIG_IndexError: + type = PyExc_IndexError; + break; + case SWIG_TypeError: + type = PyExc_TypeError; + break; + case SWIG_DivisionByZero: + type = PyExc_ZeroDivisionError; + break; + case SWIG_OverflowError: + type = PyExc_OverflowError; + break; + case SWIG_SyntaxError: + type = PyExc_SyntaxError; + break; + case SWIG_ValueError: + type = PyExc_ValueError; + break; + case SWIG_SystemError: + type = PyExc_SystemError; + break; + case SWIG_AttributeError: + type = PyExc_AttributeError; + break; + default: + type = PyExc_RuntimeError; + } + return type; +} + + +SWIGRUNTIME void +SWIG_Python_AddErrorMsg(const char* mesg) +{ + PyObject *type = 0; + PyObject *value = 0; + PyObject *traceback = 0; + + if (PyErr_Occurred()) PyErr_Fetch(&type, &value, &traceback); + if (value) { + PyObject *old_str = PyObject_Str(value); + PyErr_Clear(); + Py_XINCREF(type); + PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg); + Py_DECREF(old_str); + Py_DECREF(value); + } else { + PyErr_Format(PyExc_RuntimeError, mesg); + } +} + + + +#if defined(SWIG_PYTHON_NO_THREADS) +# if defined(SWIG_PYTHON_THREADS) +# undef SWIG_PYTHON_THREADS +# endif +#endif +#if defined(SWIG_PYTHON_THREADS) /* Threading support is enabled */ +# if !defined(SWIG_PYTHON_USE_GIL) && !defined(SWIG_PYTHON_NO_USE_GIL) +# if (PY_VERSION_HEX >= 0x02030000) /* For 2.3 or later, use the PyGILState calls */ +# define SWIG_PYTHON_USE_GIL +# endif +# endif +# if defined(SWIG_PYTHON_USE_GIL) /* Use PyGILState threads calls */ +# ifndef SWIG_PYTHON_INITIALIZE_THREADS +# define SWIG_PYTHON_INITIALIZE_THREADS PyEval_InitThreads() +# endif +# ifdef __cplusplus /* C++ code */ + class SWIG_Python_Thread_Block { + bool status; + PyGILState_STATE state; + public: + void end() { if (status) { PyGILState_Release(state); status = false;} } + SWIG_Python_Thread_Block() : status(true), state(PyGILState_Ensure()) {} + ~SWIG_Python_Thread_Block() { end(); } + }; + class SWIG_Python_Thread_Allow { + bool status; + PyThreadState *save; + public: + void end() { if (status) { PyEval_RestoreThread(save); status = false; }} + SWIG_Python_Thread_Allow() : status(true), save(PyEval_SaveThread()) {} + ~SWIG_Python_Thread_Allow() { end(); } + }; +# define SWIG_PYTHON_THREAD_BEGIN_BLOCK SWIG_Python_Thread_Block _swig_thread_block +# define SWIG_PYTHON_THREAD_END_BLOCK _swig_thread_block.end() +# define SWIG_PYTHON_THREAD_BEGIN_ALLOW SWIG_Python_Thread_Allow _swig_thread_allow +# define SWIG_PYTHON_THREAD_END_ALLOW _swig_thread_allow.end() +# else /* C code */ +# define SWIG_PYTHON_THREAD_BEGIN_BLOCK PyGILState_STATE _swig_thread_block = PyGILState_Ensure() +# define SWIG_PYTHON_THREAD_END_BLOCK PyGILState_Release(_swig_thread_block) +# define SWIG_PYTHON_THREAD_BEGIN_ALLOW PyThreadState *_swig_thread_allow = PyEval_SaveThread() +# define SWIG_PYTHON_THREAD_END_ALLOW PyEval_RestoreThread(_swig_thread_allow) +# endif +# else /* Old thread way, not implemented, user must provide it */ +# if !defined(SWIG_PYTHON_INITIALIZE_THREADS) +# define SWIG_PYTHON_INITIALIZE_THREADS +# endif +# if !defined(SWIG_PYTHON_THREAD_BEGIN_BLOCK) +# define SWIG_PYTHON_THREAD_BEGIN_BLOCK +# endif +# if !defined(SWIG_PYTHON_THREAD_END_BLOCK) +# define SWIG_PYTHON_THREAD_END_BLOCK +# endif +# if !defined(SWIG_PYTHON_THREAD_BEGIN_ALLOW) +# define SWIG_PYTHON_THREAD_BEGIN_ALLOW +# endif +# if !defined(SWIG_PYTHON_THREAD_END_ALLOW) +# define SWIG_PYTHON_THREAD_END_ALLOW +# endif +# endif +#else /* No thread support */ +# define SWIG_PYTHON_INITIALIZE_THREADS +# define SWIG_PYTHON_THREAD_BEGIN_BLOCK +# define SWIG_PYTHON_THREAD_END_BLOCK +# define SWIG_PYTHON_THREAD_BEGIN_ALLOW +# define SWIG_PYTHON_THREAD_END_ALLOW +#endif + +/* ----------------------------------------------------------------------------- + * Python API portion that goes into the runtime + * ----------------------------------------------------------------------------- */ + +#ifdef __cplusplus +extern "C" { +#if 0 +} /* cc-mode */ +#endif +#endif + +/* ----------------------------------------------------------------------------- + * Constant declarations + * ----------------------------------------------------------------------------- */ + +/* Constant Types */ +#define SWIG_PY_POINTER 4 +#define SWIG_PY_BINARY 5 + +/* Constant information structure */ +typedef struct swig_const_info { + int type; + char *name; + long lvalue; + double dvalue; + void *pvalue; + swig_type_info **ptype; +} swig_const_info; + +#ifdef __cplusplus +#if 0 +{ /* cc-mode */ +#endif +} +#endif + + +/* ----------------------------------------------------------------------------- + * See the LICENSE file for information on copyright, usage and redistribution + * of SWIG, and the README file for authors - http://www.swig.org/release.html. + * + * pyrun.swg + * + * This file contains the runtime support for Python modules + * and includes code for managing global variables and pointer + * type checking. + * + * ----------------------------------------------------------------------------- */ + +/* Common SWIG API */ + +/* for raw pointers */ +#define SWIG_Python_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, 0) +#define SWIG_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtr(obj, pptr, type, flags) +#define SWIG_ConvertPtrAndOwn(obj,pptr,type,flags,own) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, own) +#define SWIG_NewPointerObj(ptr, type, flags) SWIG_Python_NewPointerObj(ptr, type, flags) +#define SWIG_CheckImplicit(ty) SWIG_Python_CheckImplicit(ty) +#define SWIG_AcquirePtr(ptr, src) SWIG_Python_AcquirePtr(ptr, src) +#define swig_owntype int + +/* for raw packed data */ +#define SWIG_ConvertPacked(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty) +#define SWIG_NewPackedObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type) + +/* for class or struct pointers */ +#define SWIG_ConvertInstance(obj, pptr, type, flags) SWIG_ConvertPtr(obj, pptr, type, flags) +#define SWIG_NewInstanceObj(ptr, type, flags) SWIG_NewPointerObj(ptr, type, flags) + +/* for C or C++ function pointers */ +#define SWIG_ConvertFunctionPtr(obj, pptr, type) SWIG_Python_ConvertFunctionPtr(obj, pptr, type) +#define SWIG_NewFunctionPtrObj(ptr, type) SWIG_Python_NewPointerObj(ptr, type, 0) + +/* for C++ member pointers, ie, member methods */ +#define SWIG_ConvertMember(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty) +#define SWIG_NewMemberObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type) + + +/* Runtime API */ + +#define SWIG_GetModule(clientdata) SWIG_Python_GetModule() +#define SWIG_SetModule(clientdata, pointer) SWIG_Python_SetModule(pointer) +#define SWIG_NewClientData(obj) PySwigClientData_New(obj) + +#define SWIG_SetErrorObj SWIG_Python_SetErrorObj +#define SWIG_SetErrorMsg SWIG_Python_SetErrorMsg +#define SWIG_ErrorType(code) SWIG_Python_ErrorType(code) +#define SWIG_Error(code, msg) SWIG_Python_SetErrorMsg(SWIG_ErrorType(code), msg) +#define SWIG_fail goto fail + + +/* Runtime API implementation */ + +/* Error manipulation */ + +SWIGINTERN void +SWIG_Python_SetErrorObj(PyObject *errtype, PyObject *obj) { + SWIG_PYTHON_THREAD_BEGIN_BLOCK; + PyErr_SetObject(errtype, obj); + Py_DECREF(obj); + SWIG_PYTHON_THREAD_END_BLOCK; +} + +SWIGINTERN void +SWIG_Python_SetErrorMsg(PyObject *errtype, const char *msg) { + SWIG_PYTHON_THREAD_BEGIN_BLOCK; + PyErr_SetString(errtype, (char *) msg); + SWIG_PYTHON_THREAD_END_BLOCK; +} + +#define SWIG_Python_Raise(obj, type, desc) SWIG_Python_SetErrorObj(SWIG_Python_ExceptionType(desc), obj) + +/* Set a constant value */ + +SWIGINTERN void +SWIG_Python_SetConstant(PyObject *d, const char *name, PyObject *obj) { + PyDict_SetItemString(d, (char*) name, obj); + Py_DECREF(obj); +} + +/* Append a value to the result obj */ + +SWIGINTERN PyObject* +SWIG_Python_AppendOutput(PyObject* result, PyObject* obj) { +#if !defined(SWIG_PYTHON_OUTPUT_TUPLE) + if (!result) { + result = obj; + } else if (result == Py_None) { + Py_DECREF(result); + result = obj; + } else { + if (!PyList_Check(result)) { + PyObject *o2 = result; + result = PyList_New(1); + PyList_SetItem(result, 0, o2); + } + PyList_Append(result,obj); + Py_DECREF(obj); + } + return result; +#else + PyObject* o2; + PyObject* o3; + if (!result) { + result = obj; + } else if (result == Py_None) { + Py_DECREF(result); + result = obj; + } else { + if (!PyTuple_Check(result)) { + o2 = result; + result = PyTuple_New(1); + PyTuple_SET_ITEM(result, 0, o2); + } + o3 = PyTuple_New(1); + PyTuple_SET_ITEM(o3, 0, obj); + o2 = result; + result = PySequence_Concat(o2, o3); + Py_DECREF(o2); + Py_DECREF(o3); + } + return result; +#endif +} + +/* Unpack the argument tuple */ + +SWIGINTERN int +SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs) +{ + if (!args) { + if (!min && !max) { + return 1; + } else { + PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none", + name, (min == max ? "" : "at least "), (int)min); + return 0; + } + } + if (!PyTuple_Check(args)) { + PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple"); + return 0; + } else { + register Py_ssize_t l = PyTuple_GET_SIZE(args); + if (l < min) { + PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d", + name, (min == max ? "" : "at least "), (int)min, (int)l); + return 0; + } else if (l > max) { + PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d", + name, (min == max ? "" : "at most "), (int)max, (int)l); + return 0; + } else { + register int i; + for (i = 0; i < l; ++i) { + objs[i] = PyTuple_GET_ITEM(args, i); + } + for (; l < max; ++l) { + objs[l] = 0; + } + return i + 1; + } + } +} + +/* A functor is a function object with one single object argument */ +#if PY_VERSION_HEX >= 0x02020000 +#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunctionObjArgs(functor, obj, NULL); +#else +#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunction(functor, "O", obj); +#endif + +/* + Helper for static pointer initialization for both C and C++ code, for example + static PyObject *SWIG_STATIC_POINTER(MyVar) = NewSomething(...); +*/ +#ifdef __cplusplus +#define SWIG_STATIC_POINTER(var) var +#else +#define SWIG_STATIC_POINTER(var) var = 0; if (!var) var +#endif + +/* ----------------------------------------------------------------------------- + * Pointer declarations + * ----------------------------------------------------------------------------- */ + +/* Flags for new pointer objects */ +#define SWIG_POINTER_NOSHADOW (SWIG_POINTER_OWN << 1) +#define SWIG_POINTER_NEW (SWIG_POINTER_NOSHADOW | SWIG_POINTER_OWN) + +#define SWIG_POINTER_IMPLICIT_CONV (SWIG_POINTER_DISOWN << 1) + +#ifdef __cplusplus +extern "C" { +#if 0 +} /* cc-mode */ +#endif +#endif + +/* How to access Py_None */ +#if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__) +# ifndef SWIG_PYTHON_NO_BUILD_NONE +# ifndef SWIG_PYTHON_BUILD_NONE +# define SWIG_PYTHON_BUILD_NONE +# endif +# endif +#endif + +#ifdef SWIG_PYTHON_BUILD_NONE +# ifdef Py_None +# undef Py_None +# define Py_None SWIG_Py_None() +# endif +SWIGRUNTIMEINLINE PyObject * +_SWIG_Py_None(void) +{ + PyObject *none = Py_BuildValue((char*)""); + Py_DECREF(none); + return none; +} +SWIGRUNTIME PyObject * +SWIG_Py_None(void) +{ + static PyObject *SWIG_STATIC_POINTER(none) = _SWIG_Py_None(); + return none; +} +#endif + +/* The python void return value */ + +SWIGRUNTIMEINLINE PyObject * +SWIG_Py_Void(void) +{ + PyObject *none = Py_None; + Py_INCREF(none); + return none; +} + +/* PySwigClientData */ + +typedef struct { + PyObject *klass; + PyObject *newraw; + PyObject *newargs; + PyObject *destroy; + int delargs; + int implicitconv; +} PySwigClientData; + +SWIGRUNTIMEINLINE int +SWIG_Python_CheckImplicit(swig_type_info *ty) +{ + PySwigClientData *data = (PySwigClientData *)ty->clientdata; + return data ? data->implicitconv : 0; +} + +SWIGRUNTIMEINLINE PyObject * +SWIG_Python_ExceptionType(swig_type_info *desc) { + PySwigClientData *data = desc ? (PySwigClientData *) desc->clientdata : 0; + PyObject *klass = data ? data->klass : 0; + return (klass ? klass : PyExc_RuntimeError); +} + + +SWIGRUNTIME PySwigClientData * +PySwigClientData_New(PyObject* obj) +{ + if (!obj) { + return 0; + } else { + PySwigClientData *data = (PySwigClientData *)malloc(sizeof(PySwigClientData)); + /* the klass element */ + data->klass = obj; + Py_INCREF(data->klass); + /* the newraw method and newargs arguments used to create a new raw instance */ + if (PyClass_Check(obj)) { + data->newraw = 0; + data->newargs = obj; + Py_INCREF(obj); + } else { +#if (PY_VERSION_HEX < 0x02020000) + data->newraw = 0; +#else + data->newraw = PyObject_GetAttrString(data->klass, (char *)"__new__"); +#endif + if (data->newraw) { + Py_INCREF(data->newraw); + data->newargs = PyTuple_New(1); + PyTuple_SetItem(data->newargs, 0, obj); + } else { + data->newargs = obj; + } + Py_INCREF(data->newargs); + } + /* the destroy method, aka as the C++ delete method */ + data->destroy = PyObject_GetAttrString(data->klass, (char *)"__swig_destroy__"); + if (PyErr_Occurred()) { + PyErr_Clear(); + data->destroy = 0; + } + if (data->destroy) { + int flags; + Py_INCREF(data->destroy); + flags = PyCFunction_GET_FLAGS(data->destroy); +#ifdef METH_O + data->delargs = !(flags & (METH_O)); +#else + data->delargs = 0; +#endif + } else { + data->delargs = 0; + } + data->implicitconv = 0; + return data; + } +} + +SWIGRUNTIME void +PySwigClientData_Del(PySwigClientData* data) +{ + Py_XDECREF(data->newraw); + Py_XDECREF(data->newargs); + Py_XDECREF(data->destroy); +} + +/* =============== PySwigObject =====================*/ + +typedef struct { + PyObject_HEAD + void *ptr; + swig_type_info *ty; + int own; + PyObject *next; +} PySwigObject; + +SWIGRUNTIME PyObject * +PySwigObject_long(PySwigObject *v) +{ + return PyLong_FromVoidPtr(v->ptr); +} + +SWIGRUNTIME PyObject * +PySwigObject_format(const char* fmt, PySwigObject *v) +{ + PyObject *res = NULL; + PyObject *args = PyTuple_New(1); + if (args) { + if (PyTuple_SetItem(args, 0, PySwigObject_long(v)) == 0) { + PyObject *ofmt = PyString_FromString(fmt); + if (ofmt) { + res = PyString_Format(ofmt,args); + Py_DECREF(ofmt); + } + Py_DECREF(args); + } + } + return res; +} + +SWIGRUNTIME PyObject * +PySwigObject_oct(PySwigObject *v) +{ + return PySwigObject_format("%o",v); +} + +SWIGRUNTIME PyObject * +PySwigObject_hex(PySwigObject *v) +{ + return PySwigObject_format("%x",v); +} + +SWIGRUNTIME PyObject * +#ifdef METH_NOARGS +PySwigObject_repr(PySwigObject *v) +#else +PySwigObject_repr(PySwigObject *v, PyObject *args) +#endif +{ + const char *name = SWIG_TypePrettyName(v->ty); + PyObject *hex = PySwigObject_hex(v); + PyObject *repr = PyString_FromFormat("<Swig Object of type '%s' at 0x%s>", name, PyString_AsString(hex)); + Py_DECREF(hex); + if (v->next) { +#ifdef METH_NOARGS + PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next); +#else + PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next, args); +#endif + PyString_ConcatAndDel(&repr,nrep); + } + return repr; +} + +SWIGRUNTIME int +PySwigObject_print(PySwigObject *v, FILE *fp, int SWIGUNUSEDPARM(flags)) +{ +#ifdef METH_NOARGS + PyObject *repr = PySwigObject_repr(v); +#else + PyObject *repr = PySwigObject_repr(v, NULL); +#endif + if (repr) { + fputs(PyString_AsString(repr), fp); + Py_DECREF(repr); + return 0; + } else { + return 1; + } +} + +SWIGRUNTIME PyObject * +PySwigObject_str(PySwigObject *v) +{ + char result[SWIG_BUFFER_SIZE]; + return SWIG_PackVoidPtr(result, v->ptr, v->ty->name, sizeof(result)) ? + PyString_FromString(result) : 0; +} + +SWIGRUNTIME int +PySwigObject_compare(PySwigObject *v, PySwigObject *w) +{ + void *i = v->ptr; + void *j = w->ptr; + return (i < j) ? -1 : ((i > j) ? 1 : 0); +} + +SWIGRUNTIME PyTypeObject* _PySwigObject_type(void); + +SWIGRUNTIME PyTypeObject* +PySwigObject_type(void) { + static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigObject_type(); + return type; +} + +SWIGRUNTIMEINLINE int +PySwigObject_Check(PyObject *op) { + return ((op)->ob_type == PySwigObject_type()) + || (strcmp((op)->ob_type->tp_name,"PySwigObject") == 0); +} + +SWIGRUNTIME PyObject * +PySwigObject_New(void *ptr, swig_type_info *ty, int own); + +SWIGRUNTIME void +PySwigObject_dealloc(PyObject *v) +{ + PySwigObject *sobj = (PySwigObject *) v; + PyObject *next = sobj->next; + if (sobj->own) { + swig_type_info *ty = sobj->ty; + PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0; + PyObject *destroy = data ? data->destroy : 0; + if (destroy) { + /* destroy is always a VARARGS method */ + PyObject *res; + if (data->delargs) { + /* we need to create a temporal object to carry the destroy operation */ + PyObject *tmp = PySwigObject_New(sobj->ptr, ty, 0); + res = SWIG_Python_CallFunctor(destroy, tmp); + Py_DECREF(tmp); + } else { + PyCFunction meth = PyCFunction_GET_FUNCTION(destroy); + PyObject *mself = PyCFunction_GET_SELF(destroy); + res = ((*meth)(mself, v)); + } + Py_XDECREF(res); + } else { + const char *name = SWIG_TypePrettyName(ty); +#if !defined(SWIG_PYTHON_SILENT_MEMLEAK) + printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name); +#endif + } + } + Py_XDECREF(next); + PyObject_DEL(v); +} + +SWIGRUNTIME PyObject* +PySwigObject_append(PyObject* v, PyObject* next) +{ + PySwigObject *sobj = (PySwigObject *) v; +#ifndef METH_O + PyObject *tmp = 0; + if (!PyArg_ParseTuple(next,(char *)"O:append", &tmp)) return NULL; + next = tmp; +#endif + if (!PySwigObject_Check(next)) { + return NULL; + } + sobj->next = next; + Py_INCREF(next); + return SWIG_Py_Void(); +} + +SWIGRUNTIME PyObject* +#ifdef METH_NOARGS +PySwigObject_next(PyObject* v) +#else +PySwigObject_next(PyObject* v, PyObject *SWIGUNUSEDPARM(args)) +#endif +{ + PySwigObject *sobj = (PySwigObject *) v; + if (sobj->next) { + Py_INCREF(sobj->next); + return sobj->next; + } else { + return SWIG_Py_Void(); + } +} + +SWIGINTERN PyObject* +#ifdef METH_NOARGS +PySwigObject_disown(PyObject *v) +#else +PySwigObject_disown(PyObject* v, PyObject *SWIGUNUSEDPARM(args)) +#endif +{ + PySwigObject *sobj = (PySwigObject *)v; + sobj->own = 0; + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject* +#ifdef METH_NOARGS +PySwigObject_acquire(PyObject *v) +#else +PySwigObject_acquire(PyObject* v, PyObject *SWIGUNUSEDPARM(args)) +#endif +{ + PySwigObject *sobj = (PySwigObject *)v; + sobj->own = SWIG_POINTER_OWN; + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject* +PySwigObject_own(PyObject *v, PyObject *args) +{ + PyObject *val = 0; +#if (PY_VERSION_HEX < 0x02020000) + if (!PyArg_ParseTuple(args,(char *)"|O:own",&val)) +#else + if (!PyArg_UnpackTuple(args, (char *)"own", 0, 1, &val)) +#endif + { + return NULL; + } + else + { + PySwigObject *sobj = (PySwigObject *)v; + PyObject *obj = PyBool_FromLong(sobj->own); + if (val) { +#ifdef METH_NOARGS + if (PyObject_IsTrue(val)) { + PySwigObject_acquire(v); + } else { + PySwigObject_disown(v); + } +#else + if (PyObject_IsTrue(val)) { + PySwigObject_acquire(v,args); + } else { + PySwigObject_disown(v,args); + } +#endif + } + return obj; + } +} + +#ifdef METH_O +static PyMethodDef +swigobject_methods[] = { + {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_NOARGS, (char *)"releases ownership of the pointer"}, + {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_NOARGS, (char *)"aquires ownership of the pointer"}, + {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"}, + {(char *)"append", (PyCFunction)PySwigObject_append, METH_O, (char *)"appends another 'this' object"}, + {(char *)"next", (PyCFunction)PySwigObject_next, METH_NOARGS, (char *)"returns the next 'this' object"}, + {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_NOARGS, (char *)"returns object representation"}, + {0, 0, 0, 0} +}; +#else +static PyMethodDef +swigobject_methods[] = { + {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_VARARGS, (char *)"releases ownership of the pointer"}, + {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_VARARGS, (char *)"aquires ownership of the pointer"}, + {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"}, + {(char *)"append", (PyCFunction)PySwigObject_append, METH_VARARGS, (char *)"appends another 'this' object"}, + {(char *)"next", (PyCFunction)PySwigObject_next, METH_VARARGS, (char *)"returns the next 'this' object"}, + {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_VARARGS, (char *)"returns object representation"}, + {0, 0, 0, 0} +}; +#endif + +#if PY_VERSION_HEX < 0x02020000 +SWIGINTERN PyObject * +PySwigObject_getattr(PySwigObject *sobj,char *name) +{ + return Py_FindMethod(swigobject_methods, (PyObject *)sobj, name); +} +#endif + +SWIGRUNTIME PyTypeObject* +_PySwigObject_type(void) { + static char swigobject_doc[] = "Swig object carries a C/C++ instance pointer"; + + static PyNumberMethods PySwigObject_as_number = { + (binaryfunc)0, /*nb_add*/ + (binaryfunc)0, /*nb_subtract*/ + (binaryfunc)0, /*nb_multiply*/ + (binaryfunc)0, /*nb_divide*/ + (binaryfunc)0, /*nb_remainder*/ + (binaryfunc)0, /*nb_divmod*/ + (ternaryfunc)0,/*nb_power*/ + (unaryfunc)0, /*nb_negative*/ + (unaryfunc)0, /*nb_positive*/ + (unaryfunc)0, /*nb_absolute*/ + (inquiry)0, /*nb_nonzero*/ + 0, /*nb_invert*/ + 0, /*nb_lshift*/ + 0, /*nb_rshift*/ + 0, /*nb_and*/ + 0, /*nb_xor*/ + 0, /*nb_or*/ + (coercion)0, /*nb_coerce*/ + (unaryfunc)PySwigObject_long, /*nb_int*/ + (unaryfunc)PySwigObject_long, /*nb_long*/ + (unaryfunc)0, /*nb_float*/ + (unaryfunc)PySwigObject_oct, /*nb_oct*/ + (unaryfunc)PySwigObject_hex, /*nb_hex*/ +#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */ + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */ +#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */ + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */ +#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */ + 0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */ +#endif + }; + + static PyTypeObject pyswigobject_type; + static int type_init = 0; + if (!type_init) { + const PyTypeObject tmp + = { + PyObject_HEAD_INIT(NULL) + 0, /* ob_size */ + (char *)"PySwigObject", /* tp_name */ + sizeof(PySwigObject), /* tp_basicsize */ + 0, /* tp_itemsize */ + (destructor)PySwigObject_dealloc, /* tp_dealloc */ + (printfunc)PySwigObject_print, /* tp_print */ +#if PY_VERSION_HEX < 0x02020000 + (getattrfunc)PySwigObject_getattr, /* tp_getattr */ +#else + (getattrfunc)0, /* tp_getattr */ +#endif + (setattrfunc)0, /* tp_setattr */ + (cmpfunc)PySwigObject_compare, /* tp_compare */ + (reprfunc)PySwigObject_repr, /* tp_repr */ + &PySwigObject_as_number, /* tp_as_number */ + 0, /* tp_as_sequence */ + 0, /* tp_as_mapping */ + (hashfunc)0, /* tp_hash */ + (ternaryfunc)0, /* tp_call */ + (reprfunc)PySwigObject_str, /* tp_str */ + PyObject_GenericGetAttr, /* tp_getattro */ + 0, /* tp_setattro */ + 0, /* tp_as_buffer */ + Py_TPFLAGS_DEFAULT, /* tp_flags */ + swigobject_doc, /* tp_doc */ + 0, /* tp_traverse */ + 0, /* tp_clear */ + 0, /* tp_richcompare */ + 0, /* tp_weaklistoffset */ +#if PY_VERSION_HEX >= 0x02020000 + 0, /* tp_iter */ + 0, /* tp_iternext */ + swigobject_methods, /* tp_methods */ + 0, /* tp_members */ + 0, /* tp_getset */ + 0, /* tp_base */ + 0, /* tp_dict */ + 0, /* tp_descr_get */ + 0, /* tp_descr_set */ + 0, /* tp_dictoffset */ + 0, /* tp_init */ + 0, /* tp_alloc */ + 0, /* tp_new */ + 0, /* tp_free */ + 0, /* tp_is_gc */ + 0, /* tp_bases */ + 0, /* tp_mro */ + 0, /* tp_cache */ + 0, /* tp_subclasses */ + 0, /* tp_weaklist */ +#endif +#if PY_VERSION_HEX >= 0x02030000 + 0, /* tp_del */ +#endif +#ifdef COUNT_ALLOCS + 0,0,0,0 /* tp_alloc -> tp_next */ +#endif + }; + pyswigobject_type = tmp; + pyswigobject_type.ob_type = &PyType_Type; + type_init = 1; + } + return &pyswigobject_type; +} + +SWIGRUNTIME PyObject * +PySwigObject_New(void *ptr, swig_type_info *ty, int own) +{ + PySwigObject *sobj = PyObject_NEW(PySwigObject, PySwigObject_type()); + if (sobj) { + sobj->ptr = ptr; + sobj->ty = ty; + sobj->own = own; + sobj->next = 0; + } + return (PyObject *)sobj; +} + +/* ----------------------------------------------------------------------------- + * Implements a simple Swig Packed type, and use it instead of string + * ----------------------------------------------------------------------------- */ + +typedef struct { + PyObject_HEAD + void *pack; + swig_type_info *ty; + size_t size; +} PySwigPacked; + +SWIGRUNTIME int +PySwigPacked_print(PySwigPacked *v, FILE *fp, int SWIGUNUSEDPARM(flags)) +{ + char result[SWIG_BUFFER_SIZE]; + fputs("<Swig Packed ", fp); + if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) { + fputs("at ", fp); + fputs(result, fp); + } + fputs(v->ty->name,fp); + fputs(">", fp); + return 0; +} + +SWIGRUNTIME PyObject * +PySwigPacked_repr(PySwigPacked *v) +{ + char result[SWIG_BUFFER_SIZE]; + if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) { + return PyString_FromFormat("<Swig Packed at %s%s>", result, v->ty->name); + } else { + return PyString_FromFormat("<Swig Packed %s>", v->ty->name); + } +} + +SWIGRUNTIME PyObject * +PySwigPacked_str(PySwigPacked *v) +{ + char result[SWIG_BUFFER_SIZE]; + if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))){ + return PyString_FromFormat("%s%s", result, v->ty->name); + } else { + return PyString_FromString(v->ty->name); + } +} + +SWIGRUNTIME int +PySwigPacked_compare(PySwigPacked *v, PySwigPacked *w) +{ + size_t i = v->size; + size_t j = w->size; + int s = (i < j) ? -1 : ((i > j) ? 1 : 0); + return s ? s : strncmp((char *)v->pack, (char *)w->pack, 2*v->size); +} + +SWIGRUNTIME PyTypeObject* _PySwigPacked_type(void); + +SWIGRUNTIME PyTypeObject* +PySwigPacked_type(void) { + static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigPacked_type(); + return type; +} + +SWIGRUNTIMEINLINE int +PySwigPacked_Check(PyObject *op) { + return ((op)->ob_type == _PySwigPacked_type()) + || (strcmp((op)->ob_type->tp_name,"PySwigPacked") == 0); +} + +SWIGRUNTIME void +PySwigPacked_dealloc(PyObject *v) +{ + if (PySwigPacked_Check(v)) { + PySwigPacked *sobj = (PySwigPacked *) v; + free(sobj->pack); + } + PyObject_DEL(v); +} + +SWIGRUNTIME PyTypeObject* +_PySwigPacked_type(void) { + static char swigpacked_doc[] = "Swig object carries a C/C++ instance pointer"; + static PyTypeObject pyswigpacked_type; + static int type_init = 0; + if (!type_init) { + const PyTypeObject tmp + = { + PyObject_HEAD_INIT(NULL) + 0, /* ob_size */ + (char *)"PySwigPacked", /* tp_name */ + sizeof(PySwigPacked), /* tp_basicsize */ + 0, /* tp_itemsize */ + (destructor)PySwigPacked_dealloc, /* tp_dealloc */ + (printfunc)PySwigPacked_print, /* tp_print */ + (getattrfunc)0, /* tp_getattr */ + (setattrfunc)0, /* tp_setattr */ + (cmpfunc)PySwigPacked_compare, /* tp_compare */ + (reprfunc)PySwigPacked_repr, /* tp_repr */ + 0, /* tp_as_number */ + 0, /* tp_as_sequence */ + 0, /* tp_as_mapping */ + (hashfunc)0, /* tp_hash */ + (ternaryfunc)0, /* tp_call */ + (reprfunc)PySwigPacked_str, /* tp_str */ + PyObject_GenericGetAttr, /* tp_getattro */ + 0, /* tp_setattro */ + 0, /* tp_as_buffer */ + Py_TPFLAGS_DEFAULT, /* tp_flags */ + swigpacked_doc, /* tp_doc */ + 0, /* tp_traverse */ + 0, /* tp_clear */ + 0, /* tp_richcompare */ + 0, /* tp_weaklistoffset */ +#if PY_VERSION_HEX >= 0x02020000 + 0, /* tp_iter */ + 0, /* tp_iternext */ + 0, /* tp_methods */ + 0, /* tp_members */ + 0, /* tp_getset */ + 0, /* tp_base */ + 0, /* tp_dict */ + 0, /* tp_descr_get */ + 0, /* tp_descr_set */ + 0, /* tp_dictoffset */ + 0, /* tp_init */ + 0, /* tp_alloc */ + 0, /* tp_new */ + 0, /* tp_free */ + 0, /* tp_is_gc */ + 0, /* tp_bases */ + 0, /* tp_mro */ + 0, /* tp_cache */ + 0, /* tp_subclasses */ + 0, /* tp_weaklist */ +#endif +#if PY_VERSION_HEX >= 0x02030000 + 0, /* tp_del */ +#endif +#ifdef COUNT_ALLOCS + 0,0,0,0 /* tp_alloc -> tp_next */ +#endif + }; + pyswigpacked_type = tmp; + pyswigpacked_type.ob_type = &PyType_Type; + type_init = 1; + } + return &pyswigpacked_type; +} + +SWIGRUNTIME PyObject * +PySwigPacked_New(void *ptr, size_t size, swig_type_info *ty) +{ + PySwigPacked *sobj = PyObject_NEW(PySwigPacked, PySwigPacked_type()); + if (sobj) { + void *pack = malloc(size); + if (pack) { + memcpy(pack, ptr, size); + sobj->pack = pack; + sobj->ty = ty; + sobj->size = size; + } else { + PyObject_DEL((PyObject *) sobj); + sobj = 0; + } + } + return (PyObject *) sobj; +} + +SWIGRUNTIME swig_type_info * +PySwigPacked_UnpackData(PyObject *obj, void *ptr, size_t size) +{ + if (PySwigPacked_Check(obj)) { + PySwigPacked *sobj = (PySwigPacked *)obj; + if (sobj->size != size) return 0; + memcpy(ptr, sobj->pack, size); + return sobj->ty; + } else { + return 0; + } +} + +/* ----------------------------------------------------------------------------- + * pointers/data manipulation + * ----------------------------------------------------------------------------- */ + +SWIGRUNTIMEINLINE PyObject * +_SWIG_This(void) +{ + return PyString_FromString("this"); +} + +SWIGRUNTIME PyObject * +SWIG_This(void) +{ + static PyObject *SWIG_STATIC_POINTER(swig_this) = _SWIG_This(); + return swig_this; +} + +/* #define SWIG_PYTHON_SLOW_GETSET_THIS */ + +SWIGRUNTIME PySwigObject * +SWIG_Python_GetSwigThis(PyObject *pyobj) +{ + if (PySwigObject_Check(pyobj)) { + return (PySwigObject *) pyobj; + } else { + PyObject *obj = 0; +#if (!defined(SWIG_PYTHON_SLOW_GETSET_THIS) && (PY_VERSION_HEX >= 0x02030000)) + if (PyInstance_Check(pyobj)) { + obj = _PyInstance_Lookup(pyobj, SWIG_This()); + } else { + PyObject **dictptr = _PyObject_GetDictPtr(pyobj); + if (dictptr != NULL) { + PyObject *dict = *dictptr; + obj = dict ? PyDict_GetItem(dict, SWIG_This()) : 0; + } else { +#ifdef PyWeakref_CheckProxy + if (PyWeakref_CheckProxy(pyobj)) { + PyObject *wobj = PyWeakref_GET_OBJECT(pyobj); + return wobj ? SWIG_Python_GetSwigThis(wobj) : 0; + } +#endif + obj = PyObject_GetAttr(pyobj,SWIG_This()); + if (obj) { + Py_DECREF(obj); + } else { + if (PyErr_Occurred()) PyErr_Clear(); + return 0; + } + } + } +#else + obj = PyObject_GetAttr(pyobj,SWIG_This()); + if (obj) { + Py_DECREF(obj); + } else { + if (PyErr_Occurred()) PyErr_Clear(); + return 0; + } +#endif + if (obj && !PySwigObject_Check(obj)) { + /* a PyObject is called 'this', try to get the 'real this' + PySwigObject from it */ + return SWIG_Python_GetSwigThis(obj); + } + return (PySwigObject *)obj; + } +} + +/* Acquire a pointer value */ + +SWIGRUNTIME int +SWIG_Python_AcquirePtr(PyObject *obj, int own) { + if (own) { + PySwigObject *sobj = SWIG_Python_GetSwigThis(obj); + if (sobj) { + int oldown = sobj->own; + sobj->own = own; + return oldown; + } + } + return 0; +} + +/* Convert a pointer value */ + +SWIGRUNTIME int +SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int flags, int *own) { + if (!obj) return SWIG_ERROR; + if (obj == Py_None) { + if (ptr) *ptr = 0; + return SWIG_OK; + } else { + PySwigObject *sobj = SWIG_Python_GetSwigThis(obj); + while (sobj) { + void *vptr = sobj->ptr; + if (ty) { + swig_type_info *to = sobj->ty; + if (to == ty) { + /* no type cast needed */ + if (ptr) *ptr = vptr; + break; + } else { + swig_cast_info *tc = SWIG_TypeCheck(to->name,ty); + if (!tc) { + sobj = (PySwigObject *)sobj->next; + } else { + if (ptr) *ptr = SWIG_TypeCast(tc,vptr); + break; + } + } + } else { + if (ptr) *ptr = vptr; + break; + } + } + if (sobj) { + if (own) *own = sobj->own; + if (flags & SWIG_POINTER_DISOWN) { + sobj->own = 0; + } + return SWIG_OK; + } else { + int res = SWIG_ERROR; + if (flags & SWIG_POINTER_IMPLICIT_CONV) { + PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0; + if (data && !data->implicitconv) { + PyObject *klass = data->klass; + if (klass) { + PyObject *impconv; + data->implicitconv = 1; /* avoid recursion and call 'explicit' constructors*/ + impconv = SWIG_Python_CallFunctor(klass, obj); + data->implicitconv = 0; + if (PyErr_Occurred()) { + PyErr_Clear(); + impconv = 0; + } + if (impconv) { + PySwigObject *iobj = SWIG_Python_GetSwigThis(impconv); + if (iobj) { + void *vptr; + res = SWIG_Python_ConvertPtrAndOwn((PyObject*)iobj, &vptr, ty, 0, 0); + if (SWIG_IsOK(res)) { + if (ptr) { + *ptr = vptr; + /* transfer the ownership to 'ptr' */ + iobj->own = 0; + res = SWIG_AddCast(res); + res = SWIG_AddNewMask(res); + } else { + res = SWIG_AddCast(res); + } + } + } + Py_DECREF(impconv); + } + } + } + } + return res; + } + } +} + +/* Convert a function ptr value */ + +SWIGRUNTIME int +SWIG_Python_ConvertFunctionPtr(PyObject *obj, void **ptr, swig_type_info *ty) { + if (!PyCFunction_Check(obj)) { + return SWIG_ConvertPtr(obj, ptr, ty, 0); + } else { + void *vptr = 0; + + /* here we get the method pointer for callbacks */ + const char *doc = (((PyCFunctionObject *)obj) -> m_ml -> ml_doc); + const char *desc = doc ? strstr(doc, "swig_ptr: ") : 0; + if (desc) { + desc = ty ? SWIG_UnpackVoidPtr(desc + 10, &vptr, ty->name) : 0; + if (!desc) return SWIG_ERROR; + } + if (ty) { + swig_cast_info *tc = SWIG_TypeCheck(desc,ty); + if (!tc) return SWIG_ERROR; + *ptr = SWIG_TypeCast(tc,vptr); + } else { + *ptr = vptr; + } + return SWIG_OK; + } +} + +/* Convert a packed value value */ + +SWIGRUNTIME int +SWIG_Python_ConvertPacked(PyObject *obj, void *ptr, size_t sz, swig_type_info *ty) { + swig_type_info *to = PySwigPacked_UnpackData(obj, ptr, sz); + if (!to) return SWIG_ERROR; + if (ty) { + if (to != ty) { + /* check type cast? */ + swig_cast_info *tc = SWIG_TypeCheck(to->name,ty); + if (!tc) return SWIG_ERROR; + } + } + return SWIG_OK; +} + +/* ----------------------------------------------------------------------------- + * Create a new pointer object + * ----------------------------------------------------------------------------- */ + +/* + Create a new instance object, whitout calling __init__, and set the + 'this' attribute. +*/ + +SWIGRUNTIME PyObject* +SWIG_Python_NewShadowInstance(PySwigClientData *data, PyObject *swig_this) +{ +#if (PY_VERSION_HEX >= 0x02020000) + PyObject *inst = 0; + PyObject *newraw = data->newraw; + if (newraw) { + inst = PyObject_Call(newraw, data->newargs, NULL); + if (inst) { +#if !defined(SWIG_PYTHON_SLOW_GETSET_THIS) + PyObject **dictptr = _PyObject_GetDictPtr(inst); + if (dictptr != NULL) { + PyObject *dict = *dictptr; + if (dict == NULL) { + dict = PyDict_New(); + *dictptr = dict; + PyDict_SetItem(dict, SWIG_This(), swig_this); + } + } +#else + PyObject *key = SWIG_This(); + PyObject_SetAttr(inst, key, swig_this); +#endif + } + } else { + PyObject *dict = PyDict_New(); + PyDict_SetItem(dict, SWIG_This(), swig_this); + inst = PyInstance_NewRaw(data->newargs, dict); + Py_DECREF(dict); + } + return inst; +#else +#if (PY_VERSION_HEX >= 0x02010000) + PyObject *inst; + PyObject *dict = PyDict_New(); + PyDict_SetItem(dict, SWIG_This(), swig_this); + inst = PyInstance_NewRaw(data->newargs, dict); + Py_DECREF(dict); + return (PyObject *) inst; +#else + PyInstanceObject *inst = PyObject_NEW(PyInstanceObject, &PyInstance_Type); + if (inst == NULL) { + return NULL; + } + inst->in_class = (PyClassObject *)data->newargs; + Py_INCREF(inst->in_class); + inst->in_dict = PyDict_New(); + if (inst->in_dict == NULL) { + Py_DECREF(inst); + return NULL; + } +#ifdef Py_TPFLAGS_HAVE_WEAKREFS + inst->in_weakreflist = NULL; +#endif +#ifdef Py_TPFLAGS_GC + PyObject_GC_Init(inst); +#endif + PyDict_SetItem(inst->in_dict, SWIG_This(), swig_this); + return (PyObject *) inst; +#endif +#endif +} + +SWIGRUNTIME void +SWIG_Python_SetSwigThis(PyObject *inst, PyObject *swig_this) +{ + PyObject *dict; +#if (PY_VERSION_HEX >= 0x02020000) && !defined(SWIG_PYTHON_SLOW_GETSET_THIS) + PyObject **dictptr = _PyObject_GetDictPtr(inst); + if (dictptr != NULL) { + dict = *dictptr; + if (dict == NULL) { + dict = PyDict_New(); + *dictptr = dict; + } + PyDict_SetItem(dict, SWIG_This(), swig_this); + return; + } +#endif + dict = PyObject_GetAttrString(inst, (char*)"__dict__"); + PyDict_SetItem(dict, SWIG_This(), swig_this); + Py_DECREF(dict); +} + + +SWIGINTERN PyObject * +SWIG_Python_InitShadowInstance(PyObject *args) { + PyObject *obj[2]; + if (!SWIG_Python_UnpackTuple(args,(char*)"swiginit", 2, 2, obj)) { + return NULL; + } else { + PySwigObject *sthis = SWIG_Python_GetSwigThis(obj[0]); + if (sthis) { + PySwigObject_append((PyObject*) sthis, obj[1]); + } else { + SWIG_Python_SetSwigThis(obj[0], obj[1]); + } + return SWIG_Py_Void(); + } +} + +/* Create a new pointer object */ + +SWIGRUNTIME PyObject * +SWIG_Python_NewPointerObj(void *ptr, swig_type_info *type, int flags) { + if (!ptr) { + return SWIG_Py_Void(); + } else { + int own = (flags & SWIG_POINTER_OWN) ? SWIG_POINTER_OWN : 0; + PyObject *robj = PySwigObject_New(ptr, type, own); + PySwigClientData *clientdata = type ? (PySwigClientData *)(type->clientdata) : 0; + if (clientdata && !(flags & SWIG_POINTER_NOSHADOW)) { + PyObject *inst = SWIG_Python_NewShadowInstance(clientdata, robj); + if (inst) { + Py_DECREF(robj); + robj = inst; + } + } + return robj; + } +} + +/* Create a new packed object */ + +SWIGRUNTIMEINLINE PyObject * +SWIG_Python_NewPackedObj(void *ptr, size_t sz, swig_type_info *type) { + return ptr ? PySwigPacked_New((void *) ptr, sz, type) : SWIG_Py_Void(); +} + +/* -----------------------------------------------------------------------------* + * Get type list + * -----------------------------------------------------------------------------*/ + +#ifdef SWIG_LINK_RUNTIME +void *SWIG_ReturnGlobalTypeList(void *); +#endif + +SWIGRUNTIME swig_module_info * +SWIG_Python_GetModule(void) { + static void *type_pointer = (void *)0; + /* first check if module already created */ + if (!type_pointer) { +#ifdef SWIG_LINK_RUNTIME + type_pointer = SWIG_ReturnGlobalTypeList((void *)0); +#else + type_pointer = PyCObject_Import((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION, + (char*)"type_pointer" SWIG_TYPE_TABLE_NAME); + if (PyErr_Occurred()) { + PyErr_Clear(); + type_pointer = (void *)0; + } +#endif + } + return (swig_module_info *) type_pointer; +} + +#if PY_MAJOR_VERSION < 2 +/* PyModule_AddObject function was introduced in Python 2.0. The following function + is copied out of Python/modsupport.c in python version 2.3.4 */ +SWIGINTERN int +PyModule_AddObject(PyObject *m, char *name, PyObject *o) +{ + PyObject *dict; + if (!PyModule_Check(m)) { + PyErr_SetString(PyExc_TypeError, + "PyModule_AddObject() needs module as first arg"); + return SWIG_ERROR; + } + if (!o) { + PyErr_SetString(PyExc_TypeError, + "PyModule_AddObject() needs non-NULL value"); + return SWIG_ERROR; + } + + dict = PyModule_GetDict(m); + if (dict == NULL) { + /* Internal error -- modules must have a dict! */ + PyErr_Format(PyExc_SystemError, "module '%s' has no __dict__", + PyModule_GetName(m)); + return SWIG_ERROR; + } + if (PyDict_SetItemString(dict, name, o)) + return SWIG_ERROR; + Py_DECREF(o); + return SWIG_OK; +} +#endif + +SWIGRUNTIME void +SWIG_Python_DestroyModule(void *vptr) +{ + swig_module_info *swig_module = (swig_module_info *) vptr; + swig_type_info **types = swig_module->types; + size_t i; + for (i =0; i < swig_module->size; ++i) { + swig_type_info *ty = types[i]; + if (ty->owndata) { + PySwigClientData *data = (PySwigClientData *) ty->clientdata; + if (data) PySwigClientData_Del(data); + } + } + Py_DECREF(SWIG_This()); +} + +SWIGRUNTIME void +SWIG_Python_SetModule(swig_module_info *swig_module) { + static PyMethodDef swig_empty_runtime_method_table[] = { {NULL, NULL, 0, NULL} };/* Sentinel */ + + PyObject *module = Py_InitModule((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION, + swig_empty_runtime_method_table); + PyObject *pointer = PyCObject_FromVoidPtr((void *) swig_module, SWIG_Python_DestroyModule); + if (pointer && module) { + PyModule_AddObject(module, (char*)"type_pointer" SWIG_TYPE_TABLE_NAME, pointer); + } else { + Py_XDECREF(pointer); + } +} + +/* The python cached type query */ +SWIGRUNTIME PyObject * +SWIG_Python_TypeCache(void) { + static PyObject *SWIG_STATIC_POINTER(cache) = PyDict_New(); + return cache; +} + +SWIGRUNTIME swig_type_info * +SWIG_Python_TypeQuery(const char *type) +{ + PyObject *cache = SWIG_Python_TypeCache(); + PyObject *key = PyString_FromString(type); + PyObject *obj = PyDict_GetItem(cache, key); + swig_type_info *descriptor; + if (obj) { + descriptor = (swig_type_info *) PyCObject_AsVoidPtr(obj); + } else { + swig_module_info *swig_module = SWIG_Python_GetModule(); + descriptor = SWIG_TypeQueryModule(swig_module, swig_module, type); + if (descriptor) { + obj = PyCObject_FromVoidPtr(descriptor, NULL); + PyDict_SetItem(cache, key, obj); + Py_DECREF(obj); + } + } + Py_DECREF(key); + return descriptor; +} + +/* + For backward compatibility only +*/ +#define SWIG_POINTER_EXCEPTION 0 +#define SWIG_arg_fail(arg) SWIG_Python_ArgFail(arg) +#define SWIG_MustGetPtr(p, type, argnum, flags) SWIG_Python_MustGetPtr(p, type, argnum, flags) + +SWIGRUNTIME int +SWIG_Python_AddErrMesg(const char* mesg, int infront) +{ + if (PyErr_Occurred()) { + PyObject *type = 0; + PyObject *value = 0; + PyObject *traceback = 0; + PyErr_Fetch(&type, &value, &traceback); + if (value) { + PyObject *old_str = PyObject_Str(value); + Py_XINCREF(type); + PyErr_Clear(); + if (infront) { + PyErr_Format(type, "%s %s", mesg, PyString_AsString(old_str)); + } else { + PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg); + } + Py_DECREF(old_str); + } + return 1; + } else { + return 0; + } +} + +SWIGRUNTIME int +SWIG_Python_ArgFail(int argnum) +{ + if (PyErr_Occurred()) { + /* add information about failing argument */ + char mesg[256]; + PyOS_snprintf(mesg, sizeof(mesg), "argument number %d:", argnum); + return SWIG_Python_AddErrMesg(mesg, 1); + } else { + return 0; + } +} + +SWIGRUNTIMEINLINE const char * +PySwigObject_GetDesc(PyObject *self) +{ + PySwigObject *v = (PySwigObject *)self; + swig_type_info *ty = v ? v->ty : 0; + return ty ? ty->str : (char*)""; +} + +SWIGRUNTIME void +SWIG_Python_TypeError(const char *type, PyObject *obj) +{ + if (type) { +#if defined(SWIG_COBJECT_TYPES) + if (obj && PySwigObject_Check(obj)) { + const char *otype = (const char *) PySwigObject_GetDesc(obj); + if (otype) { + PyErr_Format(PyExc_TypeError, "a '%s' is expected, 'PySwigObject(%s)' is received", + type, otype); + return; + } + } else +#endif + { + const char *otype = (obj ? obj->ob_type->tp_name : 0); + if (otype) { + PyObject *str = PyObject_Str(obj); + const char *cstr = str ? PyString_AsString(str) : 0; + if (cstr) { + PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s(%s)' is received", + type, otype, cstr); + } else { + PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s' is received", + type, otype); + } + Py_XDECREF(str); + return; + } + } + PyErr_Format(PyExc_TypeError, "a '%s' is expected", type); + } else { + PyErr_Format(PyExc_TypeError, "unexpected type is received"); + } +} + + +/* Convert a pointer value, signal an exception on a type mismatch */ +SWIGRUNTIME void * +SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) { + void *result; + if (SWIG_Python_ConvertPtr(obj, &result, ty, flags) == -1) { + PyErr_Clear(); + if (flags & SWIG_POINTER_EXCEPTION) { + SWIG_Python_TypeError(SWIG_TypePrettyName(ty), obj); + SWIG_Python_ArgFail(argnum); + } + } + return result; +} + + +#ifdef __cplusplus +#if 0 +{ /* cc-mode */ +#endif +} +#endif + + + +#define SWIG_exception_fail(code, msg) do { SWIG_Error(code, msg); SWIG_fail; } while(0) + +#define SWIG_contract_assert(expr, msg) if (!(expr)) { SWIG_Error(SWIG_RuntimeError, msg); SWIG_fail; } else + + + +/* -------- TYPES TABLE (BEGIN) -------- */ + +#define SWIGTYPE_p_SELboolean swig_types[0] +#define SWIGTYPE_p_av_decision swig_types[1] +#define SWIGTYPE_p_avc_cache_stats swig_types[2] +#define SWIGTYPE_p_avc_entry swig_types[3] +#define SWIGTYPE_p_avc_entry_ref swig_types[4] +#define SWIGTYPE_p_avc_lock_callback swig_types[5] +#define SWIGTYPE_p_avc_log_callback swig_types[6] +#define SWIGTYPE_p_avc_memory_callback swig_types[7] +#define SWIGTYPE_p_avc_thread_callback swig_types[8] +#define SWIGTYPE_p_char swig_types[9] +#define SWIGTYPE_p_f_int_p_q_const__char_v_______int swig_types[10] +#define SWIGTYPE_p_f_p_f_void__void__p_void swig_types[11] +#define SWIGTYPE_p_f_p_p_char__int swig_types[12] +#define SWIGTYPE_p_f_p_q_const__char_v_______void swig_types[13] +#define SWIGTYPE_p_f_p_void__void swig_types[14] +#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int swig_types[15] +#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void swig_types[16] +#define SWIGTYPE_p_f_size_t__p_void swig_types[17] +#define SWIGTYPE_p_f_void__p_void swig_types[18] +#define SWIGTYPE_p_ino_t swig_types[19] +#define SWIGTYPE_p_int swig_types[20] +#define SWIGTYPE_p_p_char swig_types[21] +#define SWIGTYPE_p_p_p_char swig_types[22] +#define SWIGTYPE_p_p_security_id swig_types[23] +#define SWIGTYPE_p_security_class_mapping swig_types[24] +#define SWIGTYPE_p_security_id swig_types[25] +#define SWIGTYPE_p_selinux_callback swig_types[26] +#define SWIGTYPE_p_selinux_opt swig_types[27] +#define SWIGTYPE_p_unsigned_int swig_types[28] +#define SWIGTYPE_p_unsigned_short swig_types[29] +static swig_type_info *swig_types[31]; +static swig_module_info swig_module = {swig_types, 30, 0, 0, 0, 0}; +#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name) +#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name) + +/* -------- TYPES TABLE (END) -------- */ + +#if (PY_VERSION_HEX <= 0x02000000) +# if !defined(SWIG_PYTHON_CLASSIC) +# error "This python version requires swig to be run with the '-classic' option" +# endif +#endif + +/*----------------------------------------------- + @(target):= _selinux.so + ------------------------------------------------*/ +#define SWIG_init init_selinux + +#define SWIG_name "_selinux" + +#define SWIGVERSION 0x010333 +#define SWIG_VERSION SWIGVERSION + + +#define SWIG_as_voidptr(a) (void *)((const void *)(a)) +#define SWIG_as_voidptrptr(a) ((void)SWIG_as_voidptr(*a),(void**)(a)) + + + #include "selinux/selinux.h" + + + #include "selinux/selinux.h" + #include "../include/selinux/avc.h" + #include "../include/selinux/selinux.h" + #include "../include/selinux/get_default_type.h" + #include "../include/selinux/get_context_list.h" + + + #define SWIG_From_long PyInt_FromLong + + +SWIGINTERNINLINE PyObject * +SWIG_From_int (int value) +{ + return SWIG_From_long (value); +} + + +SWIGINTERN swig_type_info* +SWIG_pchar_descriptor(void) +{ + static int init = 0; + static swig_type_info* info = 0; + if (!init) { + info = SWIG_TypeQuery("_p_char"); + init = 1; + } + return info; +} + + +SWIGINTERN int +SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc) +{ + if (PyString_Check(obj)) { + char *cstr; Py_ssize_t len; + PyString_AsStringAndSize(obj, &cstr, &len); + if (cptr) { + if (alloc) { + /* + In python the user should not be able to modify the inner + string representation. To warranty that, if you define + SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string + buffer is always returned. + + The default behavior is just to return the pointer value, + so, be careful. + */ +#if defined(SWIG_PYTHON_SAFE_CSTRINGS) + if (*alloc != SWIG_OLDOBJ) +#else + if (*alloc == SWIG_NEWOBJ) +#endif + { + *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1)); + *alloc = SWIG_NEWOBJ; + } + else { + *cptr = cstr; + *alloc = SWIG_OLDOBJ; + } + } else { + *cptr = PyString_AsString(obj); + } + } + if (psize) *psize = len + 1; + return SWIG_OK; + } else { + swig_type_info* pchar_descriptor = SWIG_pchar_descriptor(); + if (pchar_descriptor) { + void* vptr = 0; + if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) { + if (cptr) *cptr = (char *) vptr; + if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0; + if (alloc) *alloc = SWIG_OLDOBJ; + return SWIG_OK; + } + } + } + return SWIG_TypeError; +} + + + + + +#include <limits.h> +#if !defined(SWIG_NO_LLONG_MAX) +# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__) +# define LLONG_MAX __LONG_LONG_MAX__ +# define LLONG_MIN (-LLONG_MAX - 1LL) +# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL) +# endif +#endif + + +SWIGINTERN int +SWIG_AsVal_double (PyObject *obj, double *val) +{ + int res = SWIG_TypeError; + if (PyFloat_Check(obj)) { + if (val) *val = PyFloat_AsDouble(obj); + return SWIG_OK; + } else if (PyInt_Check(obj)) { + if (val) *val = PyInt_AsLong(obj); + return SWIG_OK; + } else if (PyLong_Check(obj)) { + double v = PyLong_AsDouble(obj); + if (!PyErr_Occurred()) { + if (val) *val = v; + return SWIG_OK; + } else { + PyErr_Clear(); + } + } +#ifdef SWIG_PYTHON_CAST_MODE + { + int dispatch = 0; + double d = PyFloat_AsDouble(obj); + if (!PyErr_Occurred()) { + if (val) *val = d; + return SWIG_AddCast(SWIG_OK); + } else { + PyErr_Clear(); + } + if (!dispatch) { + long v = PyLong_AsLong(obj); + if (!PyErr_Occurred()) { + if (val) *val = v; + return SWIG_AddCast(SWIG_AddCast(SWIG_OK)); + } else { + PyErr_Clear(); + } + } + } +#endif + return res; +} + + +#include <float.h> + + +#include <math.h> + + +SWIGINTERNINLINE int +SWIG_CanCastAsInteger(double *d, double min, double max) { + double x = *d; + if ((min <= x && x <= max)) { + double fx = floor(x); + double cx = ceil(x); + double rd = ((x - fx) < 0.5) ? fx : cx; /* simple rint */ + if ((errno == EDOM) || (errno == ERANGE)) { + errno = 0; + } else { + double summ, reps, diff; + if (rd < x) { + diff = x - rd; + } else if (rd > x) { + diff = rd - x; + } else { + return 1; + } + summ = rd + x; + reps = diff/summ; + if (reps < 8*DBL_EPSILON) { + *d = rd; + return 1; + } + } + } + return 0; +} + + +SWIGINTERN int +SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val) +{ + if (PyInt_Check(obj)) { + long v = PyInt_AsLong(obj); + if (v >= 0) { + if (val) *val = v; + return SWIG_OK; + } else { + return SWIG_OverflowError; + } + } else if (PyLong_Check(obj)) { + unsigned long v = PyLong_AsUnsignedLong(obj); + if (!PyErr_Occurred()) { + if (val) *val = v; + return SWIG_OK; + } else { + PyErr_Clear(); + } + } +#ifdef SWIG_PYTHON_CAST_MODE + { + int dispatch = 0; + unsigned long v = PyLong_AsUnsignedLong(obj); + if (!PyErr_Occurred()) { + if (val) *val = v; + return SWIG_AddCast(SWIG_OK); + } else { + PyErr_Clear(); + } + if (!dispatch) { + double d; + int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d)); + if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, 0, ULONG_MAX)) { + if (val) *val = (unsigned long)(d); + return res; + } + } + } +#endif + return SWIG_TypeError; +} + + +SWIGINTERN int +SWIG_AsVal_unsigned_SS_int (PyObject * obj, unsigned int *val) +{ + unsigned long v; + int res = SWIG_AsVal_unsigned_SS_long (obj, &v); + if (SWIG_IsOK(res)) { + if ((v > UINT_MAX)) { + return SWIG_OverflowError; + } else { + if (val) *val = (unsigned int)(v); + } + } + return res; +} + + +SWIGINTERN int +SWIG_AsVal_long (PyObject *obj, long* val) +{ + if (PyInt_Check(obj)) { + if (val) *val = PyInt_AsLong(obj); + return SWIG_OK; + } else if (PyLong_Check(obj)) { + long v = PyLong_AsLong(obj); + if (!PyErr_Occurred()) { + if (val) *val = v; + return SWIG_OK; + } else { + PyErr_Clear(); + } + } +#ifdef SWIG_PYTHON_CAST_MODE + { + int dispatch = 0; + long v = PyInt_AsLong(obj); + if (!PyErr_Occurred()) { + if (val) *val = v; + return SWIG_AddCast(SWIG_OK); + } else { + PyErr_Clear(); + } + if (!dispatch) { + double d; + int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d)); + if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, LONG_MIN, LONG_MAX)) { + if (val) *val = (long)(d); + return res; + } + } + } +#endif + return SWIG_TypeError; +} + + +SWIGINTERN int +SWIG_AsVal_int (PyObject * obj, int *val) +{ + long v; + int res = SWIG_AsVal_long (obj, &v); + if (SWIG_IsOK(res)) { + if ((v < INT_MIN || v > INT_MAX)) { + return SWIG_OverflowError; + } else { + if (val) *val = (int)(v); + } + } + return res; +} + + +SWIGINTERNINLINE PyObject* +SWIG_From_unsigned_SS_long (unsigned long value) +{ + return (value > LONG_MAX) ? + PyLong_FromUnsignedLong(value) : PyInt_FromLong((long)(value)); +} + + +SWIGINTERNINLINE PyObject * +SWIG_From_unsigned_SS_int (unsigned int value) +{ + return SWIG_From_unsigned_SS_long (value); +} + + +SWIGINTERNINLINE PyObject * +SWIG_FromCharPtrAndSize(const char* carray, size_t size) +{ + if (carray) { + if (size > INT_MAX) { + swig_type_info* pchar_descriptor = SWIG_pchar_descriptor(); + return pchar_descriptor ? + SWIG_NewPointerObj((char *)(carray), pchar_descriptor, 0) : SWIG_Py_Void(); + } else { + return PyString_FromStringAndSize(carray, (int)(size)); + } + } else { + return SWIG_Py_Void(); + } +} + + +SWIGINTERNINLINE PyObject * +SWIG_FromCharPtr(const char *cptr) +{ + return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0)); +} + + +SWIGINTERN int +SWIG_AsVal_unsigned_SS_short (PyObject * obj, unsigned short *val) +{ + unsigned long v; + int res = SWIG_AsVal_unsigned_SS_long (obj, &v); + if (SWIG_IsOK(res)) { + if ((v > USHRT_MAX)) { + return SWIG_OverflowError; + } else { + if (val) *val = (unsigned short)(v); + } + } + return res; +} + + +SWIGINTERNINLINE int +SWIG_AsVal_size_t (PyObject * obj, size_t *val) +{ + unsigned long v; + int res = SWIG_AsVal_unsigned_SS_long (obj, val ? &v : 0); + if (SWIG_IsOK(res) && val) *val = (size_t)(v); + return res; +} + + +SWIGINTERNINLINE PyObject * +SWIG_From_unsigned_SS_short (unsigned short value) +{ + return SWIG_From_unsigned_SS_long (value); +} + +#ifdef __cplusplus +extern "C" { +#endif +SWIGINTERN PyObject *_wrap_is_selinux_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int result; + + if (!PyArg_ParseTuple(args,(char *)":is_selinux_enabled")) SWIG_fail; + result = (int)is_selinux_enabled(); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_is_selinux_mls_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int result; + + if (!PyArg_ParseTuple(args,(char *)":is_selinux_mls_enabled")) SWIG_fail; + result = (int)is_selinux_mls_enabled(); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getcon")) SWIG_fail; + result = (int)getcon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getcon_raw")) SWIG_fail; + result = (int)getcon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setcon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setcon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setcon_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setcon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getpidcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + pid_t arg1 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + unsigned int val1 ; + int ecode1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:getpidcon",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon" "', argument " "1"" of type '" "pid_t""'"); + } + arg1 = (pid_t)(val1); + result = (int)getpidcon(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getpidcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + pid_t arg1 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + unsigned int val1 ; + int ecode1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:getpidcon_raw",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon_raw" "', argument " "1"" of type '" "pid_t""'"); + } + arg1 = (pid_t)(val1); + result = (int)getpidcon_raw(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getprevcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getprevcon")) SWIG_fail; + result = (int)getprevcon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getprevcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getprevcon_raw")) SWIG_fail; + result = (int)getprevcon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getexeccon")) SWIG_fail; + result = (int)getexeccon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getexeccon_raw")) SWIG_fail; + result = (int)getexeccon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setexeccon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setexeccon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setexeccon_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setexeccon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getfscreatecon")) SWIG_fail; + result = (int)getfscreatecon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getfscreatecon_raw")) SWIG_fail; + result = (int)getfscreatecon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setfscreatecon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setfscreatecon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getkeycreatecon")) SWIG_fail; + result = (int)getkeycreatecon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getkeycreatecon_raw")) SWIG_fail; + result = (int)getkeycreatecon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setkeycreatecon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setkeycreatecon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon")) SWIG_fail; + result = (int)getsockcreatecon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon_raw")) SWIG_fail; + result = (int)getsockcreatecon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setsockcreatecon(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)setsockcreatecon_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:getfilecon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getfilecon" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)getfilecon((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:getfilecon_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getfilecon_raw" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)getfilecon_raw((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_lgetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:lgetfilecon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lgetfilecon" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)lgetfilecon((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_lgetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:lgetfilecon_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lgetfilecon_raw" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)lgetfilecon_raw((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_fgetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int val1 ; + int ecode1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:fgetfilecon",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fgetfilecon" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + result = (int)fgetfilecon(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_fgetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int val1 ; + int ecode1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:fgetfilecon_raw",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fgetfilecon_raw" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + result = (int)fgetfilecon_raw(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:setfilecon",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfilecon" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "setfilecon" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)setfilecon((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_setfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:setfilecon_raw",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfilecon_raw" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "setfilecon_raw" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)setfilecon_raw((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_lsetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:lsetfilecon",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lsetfilecon" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "lsetfilecon" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)lsetfilecon((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_lsetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:lsetfilecon_raw",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lsetfilecon_raw" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "lsetfilecon_raw" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)lsetfilecon_raw((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_fsetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + security_context_t arg2 = (security_context_t) 0 ; + int result; + int val1 ; + int ecode1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:fsetfilecon",&obj0,&obj1)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fsetfilecon" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fsetfilecon" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)fsetfilecon(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_fsetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + security_context_t arg2 = (security_context_t) 0 ; + int result; + int val1 ; + int ecode1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:fsetfilecon_raw",&obj0,&obj1)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fsetfilecon_raw" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fsetfilecon_raw" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)fsetfilecon_raw(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getpeercon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int val1 ; + int ecode1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:getpeercon",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpeercon" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + result = (int)getpeercon(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getpeercon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int val1 ; + int ecode1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:getpeercon_raw",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpeercon_raw" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + result = (int)getpeercon_raw(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_allowed_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_allowed_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_allowed_set" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_allowed_set" "', argument " "2"" of type '" "access_vector_t""'"); + } + arg2 = (access_vector_t)(val2); + if (arg1) (arg1)->allowed = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_allowed_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:av_decision_allowed_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_allowed_get" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + result = (access_vector_t) ((arg1)->allowed); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_decided_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_decided_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_decided_set" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_decided_set" "', argument " "2"" of type '" "access_vector_t""'"); + } + arg2 = (access_vector_t)(val2); + if (arg1) (arg1)->decided = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_decided_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:av_decision_decided_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_decided_get" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + result = (access_vector_t) ((arg1)->decided); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_auditallow_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_auditallow_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditallow_set" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_auditallow_set" "', argument " "2"" of type '" "access_vector_t""'"); + } + arg2 = (access_vector_t)(val2); + if (arg1) (arg1)->auditallow = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_auditallow_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:av_decision_auditallow_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditallow_get" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + result = (access_vector_t) ((arg1)->auditallow); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_auditdeny_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_auditdeny_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditdeny_set" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_auditdeny_set" "', argument " "2"" of type '" "access_vector_t""'"); + } + arg2 = (access_vector_t)(val2); + if (arg1) (arg1)->auditdeny = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_auditdeny_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + access_vector_t result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:av_decision_auditdeny_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditdeny_get" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + result = (access_vector_t) ((arg1)->auditdeny); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_seqno_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_seqno_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_seqno_set" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_seqno_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->seqno = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_av_decision_seqno_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:av_decision_seqno_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_seqno_get" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + result = (unsigned int) ((arg1)->seqno); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_av_decision(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_av_decision")) SWIG_fail; + result = (struct av_decision *)(struct av_decision *) calloc(1, sizeof(struct av_decision)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_av_decision, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_av_decision(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct av_decision *arg1 = (struct av_decision *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_av_decision",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_av_decision" "', argument " "1"" of type '" "struct av_decision *""'"); + } + arg1 = (struct av_decision *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *av_decision_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_av_decision, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_selinux_opt_type_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct selinux_opt *arg1 = (struct selinux_opt *) 0 ; + int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_opt_type_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_type_set" "', argument " "1"" of type '" "struct selinux_opt *""'"); + } + arg1 = (struct selinux_opt *)(argp1); + ecode2 = SWIG_AsVal_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "selinux_opt_type_set" "', argument " "2"" of type '" "int""'"); + } + arg2 = (int)(val2); + if (arg1) (arg1)->type = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_opt_type_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct selinux_opt *arg1 = (struct selinux_opt *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_opt_type_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_type_get" "', argument " "1"" of type '" "struct selinux_opt *""'"); + } + arg1 = (struct selinux_opt *)(argp1); + result = (int) ((arg1)->type); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_opt_value_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct selinux_opt *arg1 = (struct selinux_opt *) 0 ; + char *arg2 = (char *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_opt_value_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_value_set" "', argument " "1"" of type '" "struct selinux_opt *""'"); + } + arg1 = (struct selinux_opt *)(argp1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_opt_value_set" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + if (arg2) { + size_t size = strlen((const char *)((const char *)(arg2))) + 1; + arg1->value = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size)); + } else { + arg1->value = 0; + } + resultobj = SWIG_Py_Void(); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_opt_value_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct selinux_opt *arg1 = (struct selinux_opt *) 0 ; + char *result = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_opt_value_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_value_get" "', argument " "1"" of type '" "struct selinux_opt *""'"); + } + arg1 = (struct selinux_opt *)(argp1); + result = (char *) ((arg1)->value); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_selinux_opt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct selinux_opt *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_selinux_opt")) SWIG_fail; + result = (struct selinux_opt *)(struct selinux_opt *) calloc(1, sizeof(struct selinux_opt)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_opt, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_selinux_opt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct selinux_opt *arg1 = (struct selinux_opt *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_selinux_opt",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_selinux_opt" "', argument " "1"" of type '" "struct selinux_opt *""'"); + } + arg1 = (struct selinux_opt *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *selinux_opt_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_selinux_opt, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_selinux_callback_func_log_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *arg1 = (union selinux_callback *) 0 ; + int (*arg2)(int,char const *,...) = (int (*)(int,char const *,...)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_log_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_log_set" "', argument " "1"" of type '" "union selinux_callback *""'"); + } + arg1 = (union selinux_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_int_p_q_const__char_v_______int); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_log_set" "', argument " "2"" of type '" "int (*)(int,char const *,...)""'"); + } + } + if (arg1) (arg1)->func_log = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_callback_func_log_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *arg1 = (union selinux_callback *) 0 ; + int (*result)(int,char const *,...) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_log_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_log_get" "', argument " "1"" of type '" "union selinux_callback *""'"); + } + arg1 = (union selinux_callback *)(argp1); + result = (int (*)(int,char const *,...)) ((arg1)->func_log); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_int_p_q_const__char_v_______int); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_callback_func_audit_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *arg1 = (union selinux_callback *) 0 ; + int (*arg2)(void *,security_class_t,char *,size_t) = (int (*)(void *,security_class_t,char *,size_t)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_audit_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_audit_set" "', argument " "1"" of type '" "union selinux_callback *""'"); + } + arg1 = (union selinux_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_audit_set" "', argument " "2"" of type '" "int (*)(void *,security_class_t,char *,size_t)""'"); + } + } + if (arg1) (arg1)->func_audit = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_callback_func_audit_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *arg1 = (union selinux_callback *) 0 ; + int (*result)(void *,security_class_t,char *,size_t) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_audit_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_audit_get" "', argument " "1"" of type '" "union selinux_callback *""'"); + } + arg1 = (union selinux_callback *)(argp1); + result = (int (*)(void *,security_class_t,char *,size_t)) ((arg1)->func_audit); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_callback_func_validate_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *arg1 = (union selinux_callback *) 0 ; + int (*arg2)(security_context_t *) = (int (*)(security_context_t *)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_validate_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_validate_set" "', argument " "1"" of type '" "union selinux_callback *""'"); + } + arg1 = (union selinux_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_p_char__int); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_validate_set" "', argument " "2"" of type '" "int (*)(security_context_t *)""'"); + } + } + if (arg1) (arg1)->func_validate = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_callback_func_validate_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *arg1 = (union selinux_callback *) 0 ; + int (*result)(security_context_t *) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_validate_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_validate_get" "', argument " "1"" of type '" "union selinux_callback *""'"); + } + arg1 = (union selinux_callback *)(argp1); + result = (int (*)(security_context_t *)) ((arg1)->func_validate); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_p_char__int); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_selinux_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_selinux_callback")) SWIG_fail; + result = (union selinux_callback *)(union selinux_callback *) calloc(1, sizeof(union selinux_callback)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_callback, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_selinux_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + union selinux_callback *arg1 = (union selinux_callback *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_selinux_callback",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_selinux_callback" "', argument " "1"" of type '" "union selinux_callback *""'"); + } + arg1 = (union selinux_callback *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *selinux_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_selinux_callback, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_selinux_get_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + union selinux_callback result; + int val1 ; + int ecode1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_get_callback",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_get_callback" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + result = selinux_get_callback(arg1); + resultobj = SWIG_NewPointerObj((union selinux_callback *)memcpy((union selinux_callback *)malloc(sizeof(union selinux_callback)),&result,sizeof(union selinux_callback)), SWIGTYPE_p_selinux_callback, SWIG_POINTER_OWN | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_set_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + union selinux_callback arg2 ; + int val1 ; + int ecode1 = 0 ; + void *argp2 ; + int res2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_set_callback",&obj0,&obj1)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_set_callback" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + { + res2 = SWIG_ConvertPtr(obj1, &argp2, SWIGTYPE_p_selinux_callback, 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_set_callback" "', argument " "2"" of type '" "union selinux_callback""'"); + } + if (!argp2) { + SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "selinux_set_callback" "', argument " "2"" of type '" "union selinux_callback""'"); + } else { + arg2 = *((union selinux_callback *)(argp2)); + } + } + selinux_set_callback(arg1,arg2); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_av(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + access_vector_t arg4 ; + struct av_decision *arg5 = (struct av_decision *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + unsigned int val4 ; + int ecode4 = 0 ; + void *argp5 = 0 ; + int res5 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + PyObject * obj4 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_av" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4); + if (!SWIG_IsOK(ecode4)) { + SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "security_compute_av" "', argument " "4"" of type '" "access_vector_t""'"); + } + arg4 = (access_vector_t)(val4); + res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res5)) { + SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "security_compute_av" "', argument " "5"" of type '" "struct av_decision *""'"); + } + arg5 = (struct av_decision *)(argp5); + result = (int)security_compute_av(arg1,arg2,arg3,arg4,arg5); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_av_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + access_vector_t arg4 ; + struct av_decision *arg5 = (struct av_decision *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + unsigned int val4 ; + int ecode4 = 0 ; + void *argp5 = 0 ; + int res5 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + PyObject * obj4 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av_raw",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_raw" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_av_raw" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4); + if (!SWIG_IsOK(ecode4)) { + SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "security_compute_av_raw" "', argument " "4"" of type '" "access_vector_t""'"); + } + arg4 = (access_vector_t)(val4); + res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res5)) { + SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "security_compute_av_raw" "', argument " "5"" of type '" "struct av_decision *""'"); + } + arg5 = (struct av_decision *)(argp5); + result = (int)security_compute_av_raw(arg1,arg2,arg3,arg4,arg5); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_create" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)security_compute_create(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_create_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create_raw",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create_raw" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_create_raw" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)security_compute_create_raw(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_relabel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_relabel" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)security_compute_relabel(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_relabel_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel_raw",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel_raw" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_relabel_raw" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)security_compute_relabel_raw(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_member(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_member" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)security_compute_member(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_member_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_class_t arg3 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member_raw",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member_raw" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_member_raw" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)security_compute_member_raw(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_user(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + char *arg2 = (char *) 0 ; + security_context_t **arg3 = (security_context_t **) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + security_context_t *temp3 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + { + arg3 = &temp3; + } + if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_user" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + result = (int)security_compute_user(arg1,(char const *)arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + { + PyObject* plist; + int i, len = 0; + + if (*arg3) { + while((*arg3)[len]) + len++; + plist = PyList_New(len); + for (i = 0; i < len; i++) { + PyList_SetItem(plist, i, PyString_FromString((*arg3)[i])); + } + } else { + plist = PyList_New(0); + } + + resultobj = SWIG_Python_AppendOutput(resultobj, plist); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + if (*arg3) freeconary(*arg3); + } + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + if (*arg3) freeconary(*arg3); + } + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_compute_user_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + char *arg2 = (char *) 0 ; + security_context_t **arg3 = (security_context_t **) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + security_context_t *temp3 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + { + arg3 = &temp3; + } + if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user_raw",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_user_raw" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + result = (int)security_compute_user_raw(arg1,(char const *)arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + { + PyObject* plist; + int i, len = 0; + + if (*arg3) { + while((*arg3)[len]) + len++; + plist = PyList_New(len); + for (i = 0; i < len; i++) { + PyList_SetItem(plist, i, PyString_FromString((*arg3)[i])); + } + } else { + plist = PyList_New(0); + } + + resultobj = SWIG_Python_AppendOutput(resultobj, plist); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + if (*arg3) freeconary(*arg3); + } + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + if (*arg3) freeconary(*arg3); + } + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_load_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + void *arg1 = (void *) 0 ; + size_t arg2 ; + int result; + int res1 ; + size_t val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:security_load_policy",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_load_policy" "', argument " "1"" of type '" "void *""'"); + } + ecode2 = SWIG_AsVal_size_t(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_load_policy" "', argument " "2"" of type '" "size_t""'"); + } + arg2 = (size_t)(val2); + result = (int)security_load_policy(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_get_initial_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:security_get_initial_context",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_initial_context" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)security_get_initial_context((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_get_initial_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:security_get_initial_context_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_initial_context_raw" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)security_get_initial_context_raw((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_mkload_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + int result; + int val1 ; + int ecode1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_mkload_policy",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_mkload_policy" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + result = (int)selinux_mkload_policy(arg1); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_init_load_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int *arg1 = (int *) 0 ; + int result; + int temp1 ; + int res1 = SWIG_TMPOBJ ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":selinux_init_load_policy")) SWIG_fail; + result = (int)selinux_init_load_policy(arg1); + resultobj = SWIG_From_int((int)(result)); + if (SWIG_IsTmpObj(res1)) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg1))); + } else { + int new_flags = SWIG_IsNewObj(res1) ? (SWIG_POINTER_OWN | 0 ) : 0 ; + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg1), SWIGTYPE_p_int, new_flags)); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_SELboolean_name_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + SELboolean *arg1 = (SELboolean *) 0 ; + char *arg2 = (char *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:SELboolean_name_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_name_set" "', argument " "1"" of type '" "SELboolean *""'"); + } + arg1 = (SELboolean *)(argp1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "SELboolean_name_set" "', argument " "2"" of type '" "char *""'"); + } + arg2 = (char *)(buf2); + if (arg1->name) free((char*)arg1->name); + if (arg2) { + size_t size = strlen((const char *)(arg2)) + 1; + arg1->name = (char *)(char *)memcpy((char *)malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); + } else { + arg1->name = 0; + } + resultobj = SWIG_Py_Void(); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_SELboolean_name_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + SELboolean *arg1 = (SELboolean *) 0 ; + char *result = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:SELboolean_name_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_name_get" "', argument " "1"" of type '" "SELboolean *""'"); + } + arg1 = (SELboolean *)(argp1); + result = (char *) ((arg1)->name); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_SELboolean_value_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + SELboolean *arg1 = (SELboolean *) 0 ; + int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:SELboolean_value_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_value_set" "', argument " "1"" of type '" "SELboolean *""'"); + } + arg1 = (SELboolean *)(argp1); + ecode2 = SWIG_AsVal_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "SELboolean_value_set" "', argument " "2"" of type '" "int""'"); + } + arg2 = (int)(val2); + if (arg1) (arg1)->value = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_SELboolean_value_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + SELboolean *arg1 = (SELboolean *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:SELboolean_value_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_value_get" "', argument " "1"" of type '" "SELboolean *""'"); + } + arg1 = (SELboolean *)(argp1); + result = (int) ((arg1)->value); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_SELboolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + SELboolean *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_SELboolean")) SWIG_fail; + result = (SELboolean *)(SELboolean *) calloc(1, sizeof(SELboolean)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_SELboolean, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_SELboolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + SELboolean *arg1 = (SELboolean *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_SELboolean",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_SELboolean" "', argument " "1"" of type '" "SELboolean *""'"); + } + arg1 = (SELboolean *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *SELboolean_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_SELboolean, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_security_set_boolean_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + size_t arg1 ; + SELboolean *arg2 = (SELboolean *) 0 ; + int arg3 ; + int result; + size_t val1 ; + int ecode1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + int val3 ; + int ecode3 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOO:security_set_boolean_list",&obj0,&obj1,&obj2)) SWIG_fail; + ecode1 = SWIG_AsVal_size_t(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_set_boolean_list" "', argument " "1"" of type '" "size_t""'"); + } + arg1 = (size_t)(val1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_SELboolean, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_set_boolean_list" "', argument " "2"" of type '" "SELboolean *""'"); + } + arg2 = (SELboolean *)(argp2); + ecode3 = SWIG_AsVal_int(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_set_boolean_list" "', argument " "3"" of type '" "int""'"); + } + arg3 = (int)(val3); + result = (int)security_set_boolean_list(arg1,arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_load_booleans(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_load_booleans",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_load_booleans" "', argument " "1"" of type '" "char *""'"); + } + arg1 = (char *)(buf1); + result = (int)security_load_booleans(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_check_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_check_context",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)security_check_context(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_check_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_check_context_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)security_check_context_raw(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_canonicalize_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)security_canonicalize_context(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_canonicalize_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)security_canonicalize_context_raw(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_getenforce(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int result; + + if (!PyArg_ParseTuple(args,(char *)":security_getenforce")) SWIG_fail; + result = (int)security_getenforce(); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_setenforce(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int arg1 ; + int result; + int val1 ; + int ecode1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_setenforce",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_setenforce" "', argument " "1"" of type '" "int""'"); + } + arg1 = (int)(val1); + result = (int)security_setenforce(arg1); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_disable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int result; + + if (!PyArg_ParseTuple(args,(char *)":security_disable")) SWIG_fail; + result = (int)security_disable(); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_policyvers(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int result; + + if (!PyArg_ParseTuple(args,(char *)":security_policyvers")) SWIG_fail; + result = (int)security_policyvers(); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_get_boolean_names(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char ***arg1 = (char ***) 0 ; + int *arg2 = (int *) 0 ; + int result; + char **temp11 ; + int temp21 ; + + { + arg1 = &temp11; + arg2 = &temp21; + } + if (!PyArg_ParseTuple(args,(char *)":security_get_boolean_names")) SWIG_fail; + result = (int)security_get_boolean_names(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + { + PyObject* list = PyList_New(*arg2); + int i; + for (i = 0; i < *arg2; i++) { + PyList_SetItem(list, i, PyString_FromString((*arg1)[i])); + } + resultobj = SWIG_Python_AppendOutput(resultobj, list); + } + { + int i; + if (*arg1) { + for (i = 0; i < *arg2; i++) { + free((*arg1)[i]); + } + free(*arg1); + } + } + return resultobj; +fail: + { + int i; + if (*arg1) { + for (i = 0; i < *arg2; i++) { + free((*arg1)[i]); + } + free(*arg1); + } + } + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_get_boolean_pending(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_get_boolean_pending",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_pending" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)security_get_boolean_pending((char const *)arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_get_boolean_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_get_boolean_active",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_active" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)security_get_boolean_active((char const *)arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_set_boolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int arg2 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:security_set_boolean",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_set_boolean" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + ecode2 = SWIG_AsVal_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_set_boolean" "', argument " "2"" of type '" "int""'"); + } + arg2 = (int)(val2); + result = (int)security_set_boolean((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_commit_booleans(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int result; + + if (!PyArg_ParseTuple(args,(char *)":security_commit_booleans")) SWIG_fail; + result = (int)security_commit_booleans(); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_class_mapping_name_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ; + char *arg2 = (char *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:security_class_mapping_name_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_name_set" "', argument " "1"" of type '" "struct security_class_mapping *""'"); + } + arg1 = (struct security_class_mapping *)(argp1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_class_mapping_name_set" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + if (arg2) { + size_t size = strlen((const char *)((const char *)(arg2))) + 1; + arg1->name = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size)); + } else { + arg1->name = 0; + } + resultobj = SWIG_Py_Void(); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_class_mapping_name_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ; + char *result = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_class_mapping_name_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_name_get" "', argument " "1"" of type '" "struct security_class_mapping *""'"); + } + arg1 = (struct security_class_mapping *)(argp1); + result = (char *) ((arg1)->name); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_class_mapping_perms_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ; + char **arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:security_class_mapping_perms_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_perms_set" "', argument " "1"" of type '" "struct security_class_mapping *""'"); + } + arg1 = (struct security_class_mapping *)(argp1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_p_char, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_class_mapping_perms_set" "', argument " "2"" of type '" "char const *[sizeof(access_vector_t)*8+1]""'"); + } + arg2 = (char **)(argp2); + { + if (arg2) { + size_t ii = 0; + for (; ii < (size_t)sizeof(access_vector_t)*8+1; ++ii) arg1->perms[ii] = arg2[ii]; + } else { + SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in variable '""perms""' of type '""char const *[sizeof(access_vector_t)*8+1]""'"); + } + } + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_class_mapping_perms_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ; + char **result = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_class_mapping_perms_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_perms_get" "', argument " "1"" of type '" "struct security_class_mapping *""'"); + } + arg1 = (struct security_class_mapping *)(argp1); + result = (char **)(char **) ((arg1)->perms); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_p_char, 0 | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_security_class_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_class_mapping *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_security_class_mapping")) SWIG_fail; + result = (struct security_class_mapping *)(struct security_class_mapping *) calloc(1, sizeof(struct security_class_mapping)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_class_mapping, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_security_class_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_security_class_mapping",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_security_class_mapping" "', argument " "1"" of type '" "struct security_class_mapping *""'"); + } + arg1 = (struct security_class_mapping *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *security_class_mapping_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_security_class_mapping, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_selinux_set_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_set_mapping",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_set_mapping" "', argument " "1"" of type '" "struct security_class_mapping *""'"); + } + arg1 = (struct security_class_mapping *)(argp1); + result = (int)selinux_set_mapping(arg1); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_string_to_security_class(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_class_t result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:string_to_security_class",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "string_to_security_class" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (security_class_t)string_to_security_class((char const *)arg1); + resultobj = SWIG_From_unsigned_SS_short((unsigned short)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_class_to_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_class_t arg1 ; + char *result = 0 ; + unsigned short val1 ; + int ecode1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_class_to_string",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_class_to_string" "', argument " "1"" of type '" "security_class_t""'"); + } + arg1 = (security_class_t)(val1); + result = (char *)security_class_to_string(arg1); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_av_perm_to_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_class_t arg1 ; + access_vector_t arg2 ; + char *result = 0 ; + unsigned short val1 ; + int ecode1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:security_av_perm_to_string",&obj0,&obj1)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_av_perm_to_string" "', argument " "1"" of type '" "security_class_t""'"); + } + arg1 = (security_class_t)(val1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_av_perm_to_string" "', argument " "2"" of type '" "access_vector_t""'"); + } + arg2 = (access_vector_t)(val2); + result = (char *)security_av_perm_to_string(arg1,arg2); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_string_to_av_perm(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_class_t arg1 ; + char *arg2 = (char *) 0 ; + access_vector_t result; + unsigned short val1 ; + int ecode1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:string_to_av_perm",&obj0,&obj1)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "string_to_av_perm" "', argument " "1"" of type '" "security_class_t""'"); + } + arg1 = (security_class_t)(val1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "string_to_av_perm" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + result = (access_vector_t)string_to_av_perm(arg1,(char const *)arg2); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_av_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_class_t arg1 ; + access_vector_t arg2 ; + char **arg3 = (char **) 0 ; + int result; + unsigned short val1 ; + int ecode1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + char *temp3 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + arg3 = &temp3; + if (!PyArg_ParseTuple(args,(char *)"OO:security_av_string",&obj0,&obj1)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_av_string" "', argument " "1"" of type '" "security_class_t""'"); + } + arg1 = (security_class_t)(val1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_av_string" "', argument " "2"" of type '" "access_vector_t""'"); + } + arg2 = (access_vector_t)(val2); + result = (int)security_av_string(arg1,arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + if (*arg3) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3)); + free(*arg3); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_print_access_vector(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_class_t arg1 ; + access_vector_t arg2 ; + unsigned short val1 ; + int ecode1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:print_access_vector",&obj0,&obj1)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "print_access_vector" "', argument " "1"" of type '" "security_class_t""'"); + } + arg1 = (security_class_t)(val1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "print_access_vector" "', argument " "2"" of type '" "access_vector_t""'"); + } + arg2 = (access_vector_t)(val2); + print_access_vector(arg1,arg2); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_set_matchpathcon_flags(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + unsigned int arg1 ; + unsigned int val1 ; + int ecode1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:set_matchpathcon_flags",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "set_matchpathcon_flags" "', argument " "1"" of type '" "unsigned int""'"); + } + arg1 = (unsigned int)(val1); + set_matchpathcon_flags(arg1); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:matchpathcon_init",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)matchpathcon_init((char const *)arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_init_prefix(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + char *arg2 = (char *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon_init_prefix",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init_prefix" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "matchpathcon_init_prefix" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + result = (int)matchpathcon_init_prefix((char const *)arg1,(char const *)arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_fini(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + + if (!PyArg_ParseTuple(args,(char *)":matchpathcon_fini")) SWIG_fail; + matchpathcon_fini(); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + mode_t arg2 ; + security_context_t *arg3 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + security_context_t temp3 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + arg3 = &temp3; + if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon" "', argument " "2"" of type '" "mode_t""'"); + } + arg2 = (mode_t)(val2); + result = (int)matchpathcon((char const *)arg1,arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + if (*arg3) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3)); + freecon(*arg3); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_index(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + mode_t arg2 ; + security_context_t *arg3 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + security_context_t temp3 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + arg3 = &temp3; + if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon_index",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_index" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon_index" "', argument " "2"" of type '" "mode_t""'"); + } + arg2 = (mode_t)(val2); + result = (int)matchpathcon_index((char const *)arg1,arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + if (*arg3) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3)); + freecon(*arg3); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_filespec_add(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + ino_t arg1 ; + int arg2 ; + char *arg3 = (char *) 0 ; + int result; + void *argp1 ; + int res1 = 0 ; + int val2 ; + int ecode2 = 0 ; + int res3 ; + char *buf3 = 0 ; + int alloc3 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOO:matchpathcon_filespec_add",&obj0,&obj1,&obj2)) SWIG_fail; + { + res1 = SWIG_ConvertPtr(obj0, &argp1, SWIGTYPE_p_ino_t, 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_filespec_add" "', argument " "1"" of type '" "ino_t""'"); + } + if (!argp1) { + SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "matchpathcon_filespec_add" "', argument " "1"" of type '" "ino_t""'"); + } else { + arg1 = *((ino_t *)(argp1)); + } + } + ecode2 = SWIG_AsVal_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon_filespec_add" "', argument " "2"" of type '" "int""'"); + } + arg2 = (int)(val2); + res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3); + if (!SWIG_IsOK(res3)) { + SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "matchpathcon_filespec_add" "', argument " "3"" of type '" "char const *""'"); + } + arg3 = (char *)(buf3); + result = (int)matchpathcon_filespec_add(arg1,arg2,(char const *)arg3); + resultobj = SWIG_From_int((int)(result)); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + return resultobj; +fail: + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_filespec_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + + if (!PyArg_ParseTuple(args,(char *)":matchpathcon_filespec_destroy")) SWIG_fail; + matchpathcon_filespec_destroy(); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_filespec_eval(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + + if (!PyArg_ParseTuple(args,(char *)":matchpathcon_filespec_eval")) SWIG_fail; + matchpathcon_filespec_eval(); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchpathcon_checkmatches(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:matchpathcon_checkmatches",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_checkmatches" "', argument " "1"" of type '" "char *""'"); + } + arg1 = (char *)(buf1); + matchpathcon_checkmatches(arg1); + resultobj = SWIG_Py_Void(); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_matchmediacon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:matchmediacon",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchmediacon" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)matchmediacon((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_getenforcemode(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int *arg1 = (int *) 0 ; + int result; + int temp1 ; + int res1 = SWIG_TMPOBJ ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":selinux_getenforcemode")) SWIG_fail; + result = (int)selinux_getenforcemode(arg1); + resultobj = SWIG_From_int((int)(result)); + if (SWIG_IsTmpObj(res1)) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg1))); + } else { + int new_flags = SWIG_IsNewObj(res1) ? (SWIG_POINTER_OWN | 0 ) : 0 ; + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg1), SWIGTYPE_p_int, new_flags)); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_getpolicytype(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char **arg1 = (char **) 0 ; + int result; + char *temp1 = 0 ; + + arg1 = &temp1; + if (!PyArg_ParseTuple(args,(char *)":selinux_getpolicytype")) SWIG_fail; + result = (int)selinux_getpolicytype(arg1); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + free(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_policy_root(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_policy_root")) SWIG_fail; + result = (char *)selinux_policy_root(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_binary_policy_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_binary_policy_path")) SWIG_fail; + result = (char *)selinux_binary_policy_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_failsafe_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_failsafe_context_path")) SWIG_fail; + result = (char *)selinux_failsafe_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_removable_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_removable_context_path")) SWIG_fail; + result = (char *)selinux_removable_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_default_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_default_context_path")) SWIG_fail; + result = (char *)selinux_default_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_user_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_user_contexts_path")) SWIG_fail; + result = (char *)selinux_user_contexts_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_file_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_path")) SWIG_fail; + result = (char *)selinux_file_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_file_context_homedir_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_homedir_path")) SWIG_fail; + result = (char *)selinux_file_context_homedir_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_file_context_local_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_local_path")) SWIG_fail; + result = (char *)selinux_file_context_local_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_homedir_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_homedir_context_path")) SWIG_fail; + result = (char *)selinux_homedir_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_media_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_media_context_path")) SWIG_fail; + result = (char *)selinux_media_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_x_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_x_context_path")) SWIG_fail; + result = (char *)selinux_x_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_contexts_path")) SWIG_fail; + result = (char *)selinux_contexts_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_securetty_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_securetty_types_path")) SWIG_fail; + result = (char *)selinux_securetty_types_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_booleans_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_booleans_path")) SWIG_fail; + result = (char *)selinux_booleans_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_customizable_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_customizable_types_path")) SWIG_fail; + result = (char *)selinux_customizable_types_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_users_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_users_path")) SWIG_fail; + result = (char *)selinux_users_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_usersconf_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_usersconf_path")) SWIG_fail; + result = (char *)selinux_usersconf_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_translations_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_translations_path")) SWIG_fail; + result = (char *)selinux_translations_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_netfilter_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_netfilter_context_path")) SWIG_fail; + result = (char *)selinux_netfilter_context_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_path")) SWIG_fail; + result = (char *)selinux_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_check_passwd_access(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + access_vector_t arg1 ; + int result; + unsigned int val1 ; + int ecode1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_passwd_access",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_check_passwd_access" "', argument " "1"" of type '" "access_vector_t""'"); + } + arg1 = (access_vector_t)(val1); + result = (int)selinux_check_passwd_access(arg1); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_checkPasswdAccess(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + access_vector_t arg1 ; + int result; + unsigned int val1 ; + int ecode1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:checkPasswdAccess",&obj0)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "checkPasswdAccess" "', argument " "1"" of type '" "access_vector_t""'"); + } + arg1 = (access_vector_t)(val1); + result = (int)checkPasswdAccess(arg1); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_check_securetty_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_securetty_context",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_check_securetty_context" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)selinux_check_securetty_context(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_set_selinuxmnt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:set_selinuxmnt",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "set_selinuxmnt" "', argument " "1"" of type '" "char *""'"); + } + arg1 = (char *)(buf1); + set_selinuxmnt(arg1); + resultobj = SWIG_Py_Void(); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_rpm_execcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + unsigned int arg1 ; + char *arg2 = (char *) 0 ; + char **arg3 ; + char **arg4 ; + int result; + unsigned int val1 ; + int ecode1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOOO:rpm_execcon",&obj0,&obj1,&obj2,&obj3)) SWIG_fail; + ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1); + if (!SWIG_IsOK(ecode1)) { + SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "rpm_execcon" "', argument " "1"" of type '" "unsigned int""'"); + } + arg1 = (unsigned int)(val1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + { + int i, size; + PyObject * s; + + if (!PySequence_Check(obj2)) { + PyErr_SetString(PyExc_ValueError, "Expected a sequence"); + return NULL; + } + + size = PySequence_Size(obj2); + + arg3 = (char**) malloc(size + 1); + + for(i = 0; i < size; i++) { + if (!PyString_Check(PySequence_GetItem(obj2, i))) { + PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); + return NULL; + } + } + + for(i = 0; i < size; i++) { + s = PySequence_GetItem(obj2, i); + arg3[i] = (char*) malloc(PyString_Size(s) + 1); + strcpy(arg3[i], PyString_AsString(s)); + } + arg3[size] = NULL; + } + { + int i, size; + PyObject * s; + + if (!PySequence_Check(obj3)) { + PyErr_SetString(PyExc_ValueError, "Expected a sequence"); + return NULL; + } + + size = PySequence_Size(obj3); + + arg4 = (char**) malloc(size + 1); + + for(i = 0; i < size; i++) { + if (!PyString_Check(PySequence_GetItem(obj3, i))) { + PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings"); + return NULL; + } + } + + for(i = 0; i < size; i++) { + s = PySequence_GetItem(obj3, i); + arg4[i] = (char*) malloc(PyString_Size(s) + 1); + strcpy(arg4[i], PyString_AsString(s)); + } + arg4[size] = NULL; + } + result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4); + resultobj = SWIG_From_int((int)(result)); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + int i = 0; + while(arg3[i]) { + free(arg3[i]); + i++; + } + free(arg3); + } + { + int i = 0; + while(arg4[i]) { + free(arg4[i]); + i++; + } + free(arg4); + } + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + int i = 0; + while(arg3[i]) { + free(arg3[i]); + i++; + } + free(arg3); + } + { + int i = 0; + while(arg4[i]) { + free(arg4[i]); + i++; + } + free(arg4); + } + return NULL; +} + + +SWIGINTERN PyObject *_wrap_is_context_customizable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:is_context_customizable",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "is_context_customizable" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)is_context_customizable(arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_trans_to_raw_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:selinux_trans_to_raw_context",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_trans_to_raw_context" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)selinux_trans_to_raw_context(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_raw_to_trans_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:selinux_raw_to_trans_context",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_to_trans_context" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)selinux_raw_to_trans_context(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_getseuserbyname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + char **arg2 = (char **) 0 ; + char **arg3 = (char **) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + char *temp2 = 0 ; + char *temp3 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + arg3 = &temp3; + if (!PyArg_ParseTuple(args,(char *)"O:getseuserbyname",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getseuserbyname" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)getseuserbyname((char const *)arg1,arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + free(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (*arg3) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3)); + free(*arg3); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_file_context_cmp(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) (security_context_t)0 ; + security_context_t arg2 = (security_context_t) (security_context_t)0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_file_context_cmp",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_file_context_cmp" "', argument " "1"" of type '" "security_context_t const""'"); + } + arg1 = (security_context_t)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_file_context_cmp" "', argument " "2"" of type '" "security_context_t const""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)selinux_file_context_cmp(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_file_context_verify(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + mode_t arg2 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:selinux_file_context_verify",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_file_context_verify" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "selinux_file_context_verify" "', argument " "2"" of type '" "mode_t""'"); + } + arg2 = (mode_t)(val2); + result = (int)selinux_file_context_verify((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_lsetfilecon_default(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:selinux_lsetfilecon_default",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_lsetfilecon_default" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)selinux_lsetfilecon_default((char const *)arg1); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_id_ctx_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_id *arg1 = (struct security_id *) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:security_id_ctx_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_set" "', argument " "1"" of type '" "struct security_id *""'"); + } + arg1 = (struct security_id *)(argp1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_id_ctx_set" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + if (arg1->ctx) free((char*)arg1->ctx); + if (arg2) { + size_t size = strlen((const char *)(arg2)) + 1; + arg1->ctx = (security_context_t)(char *)memcpy((char *)malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size)); + } else { + arg1->ctx = 0; + } + resultobj = SWIG_Py_Void(); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_id_ctx_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_id *arg1 = (struct security_id *) 0 ; + security_context_t result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_id_ctx_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_get" "', argument " "1"" of type '" "struct security_id *""'"); + } + arg1 = (struct security_id *)(argp1); + result = (security_context_t) ((arg1)->ctx); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_id_refcnt_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_id *arg1 = (struct security_id *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:security_id_refcnt_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_set" "', argument " "1"" of type '" "struct security_id *""'"); + } + arg1 = (struct security_id *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_id_refcnt_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->refcnt = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_security_id_refcnt_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_id *arg1 = (struct security_id *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:security_id_refcnt_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_get" "', argument " "1"" of type '" "struct security_id *""'"); + } + arg1 = (struct security_id *)(argp1); + result = (unsigned int) ((arg1)->refcnt); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_id *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_security_id")) SWIG_fail; + result = (struct security_id *)(struct security_id *) calloc(1, sizeof(struct security_id)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_id, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct security_id *arg1 = (struct security_id *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_security_id",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_security_id" "', argument " "1"" of type '" "struct security_id *""'"); + } + arg1 = (struct security_id *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *security_id_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_security_id, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_avc_sid_to_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + result = (int)avc_sid_to_context(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_sid_to_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context_raw",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context_raw" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + result = (int)avc_sid_to_context_raw(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_context_to_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_id_t *arg2 = (security_id_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_id_t temp2 ; + PyObject * obj0 = 0 ; + + { + arg2 = &temp2; + } + if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)avc_context_to_sid(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + { + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0)); + } else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_context_to_sid_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t arg1 = (security_context_t) 0 ; + security_id_t *arg2 = (security_id_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_id_t temp2 ; + PyObject * obj0 = 0 ; + + { + arg2 = &temp2; + } + if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid_raw",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid_raw" "', argument " "1"" of type '" "security_context_t""'"); + } + arg1 = (security_context_t)(buf1); + result = (int)avc_context_to_sid_raw(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + { + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0)); + } else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_sidget(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:sidget",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidget" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + result = (int)sidget(arg1); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_sidput(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:sidput",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidput" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + result = (int)sidput(arg1); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_get_initial_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_id_t *arg2 = (security_id_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_id_t temp2 ; + PyObject * obj0 = 0 ; + + { + arg2 = &temp2; + } + if (!PyArg_ParseTuple(args,(char *)"O:avc_get_initial_sid",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_get_initial_sid" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)avc_get_initial_sid((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + { + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0)); + } else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ; + struct avc_entry *arg2 = (struct avc_entry *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_entry_ref_ae_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_set" "', argument " "1"" of type '" "struct avc_entry_ref *""'"); + } + arg1 = (struct avc_entry_ref *)(argp1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_avc_entry, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_entry_ref_ae_set" "', argument " "2"" of type '" "struct avc_entry *""'"); + } + arg2 = (struct avc_entry *)(argp2); + if (arg1) (arg1)->ae = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ; + struct avc_entry *result = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_entry_ref_ae_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_get" "', argument " "1"" of type '" "struct avc_entry_ref *""'"); + } + arg1 = (struct avc_entry_ref *)(argp1); + result = (struct avc_entry *) ((arg1)->ae); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry, 0 | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_entry_ref *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_avc_entry_ref")) SWIG_fail; + result = (struct avc_entry_ref *)(struct avc_entry_ref *) calloc(1, sizeof(struct avc_entry_ref)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_entry_ref",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_entry_ref" "', argument " "1"" of type '" "struct avc_entry_ref *""'"); + } + arg1 = (struct avc_entry_ref *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *avc_entry_ref_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_avc_entry_ref, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ; + void *(*arg2)(size_t) = (void *(*)(size_t)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_malloc_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'"); + } + arg1 = (struct avc_memory_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_size_t__p_void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "2"" of type '" "void *(*)(size_t)""'"); + } + } + if (arg1) (arg1)->func_malloc = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ; + void *(*result)(size_t) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_malloc_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'"); + } + arg1 = (struct avc_memory_callback *)(argp1); + result = (void *(*)(size_t)) ((arg1)->func_malloc); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_size_t__p_void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ; + void (*arg2)(void *) = (void (*)(void *)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_free_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'"); + } + arg1 = (struct avc_memory_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_free_set" "', argument " "2"" of type '" "void (*)(void *)""'"); + } + } + if (arg1) (arg1)->func_free = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ; + void (*result)(void *) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_free_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'"); + } + arg1 = (struct avc_memory_callback *)(argp1); + result = (void (*)(void *)) ((arg1)->func_free); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_memory_callback *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_avc_memory_callback")) SWIG_fail; + result = (struct avc_memory_callback *)(struct avc_memory_callback *) calloc(1, sizeof(struct avc_memory_callback)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_memory_callback",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_memory_callback" "', argument " "1"" of type '" "struct avc_memory_callback *""'"); + } + arg1 = (struct avc_memory_callback *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *avc_memory_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_avc_memory_callback, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ; + void (*arg2)(char const *,...) = (void (*)(char const *,...)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_log_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_set" "', argument " "1"" of type '" "struct avc_log_callback *""'"); + } + arg1 = (struct avc_log_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__char_v_______void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_log_set" "', argument " "2"" of type '" "void (*)(char const *,...)""'"); + } + } + if (arg1) (arg1)->func_log = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ; + void (*result)(char const *,...) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_log_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_get" "', argument " "1"" of type '" "struct avc_log_callback *""'"); + } + arg1 = (struct avc_log_callback *)(argp1); + result = (void (*)(char const *,...)) ((arg1)->func_log); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_q_const__char_v_______void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ; + void (*arg2)(void *,security_class_t,char *,size_t) = (void (*)(void *,security_class_t,char *,size_t)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_audit_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_set" "', argument " "1"" of type '" "struct avc_log_callback *""'"); + } + arg1 = (struct avc_log_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_audit_set" "', argument " "2"" of type '" "void (*)(void *,security_class_t,char *,size_t)""'"); + } + } + if (arg1) (arg1)->func_audit = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ; + void (*result)(void *,security_class_t,char *,size_t) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_audit_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_get" "', argument " "1"" of type '" "struct avc_log_callback *""'"); + } + arg1 = (struct avc_log_callback *)(argp1); + result = (void (*)(void *,security_class_t,char *,size_t)) ((arg1)->func_audit); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_log_callback *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_avc_log_callback")) SWIG_fail; + result = (struct avc_log_callback *)(struct avc_log_callback *) calloc(1, sizeof(struct avc_log_callback)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_log_callback, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_log_callback",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_log_callback" "', argument " "1"" of type '" "struct avc_log_callback *""'"); + } + arg1 = (struct avc_log_callback *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *avc_log_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_avc_log_callback, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ; + void *(*arg2)(void (*)(void)) = (void *(*)(void (*)(void))) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_create_thread_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'"); + } + arg1 = (struct avc_thread_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_f_void__void__p_void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "2"" of type '" "void *(*)(void (*)(void))""'"); + } + } + if (arg1) (arg1)->func_create_thread = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ; + void *(*result)(void (*)(void)) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_create_thread_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'"); + } + arg1 = (struct avc_thread_callback *)(argp1); + result = (void *(*)(void (*)(void))) ((arg1)->func_create_thread); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_f_void__void__p_void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ; + void (*arg2)(void *) = (void (*)(void *)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_stop_thread_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'"); + } + arg1 = (struct avc_thread_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "2"" of type '" "void (*)(void *)""'"); + } + } + if (arg1) (arg1)->func_stop_thread = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ; + void (*result)(void *) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_stop_thread_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'"); + } + arg1 = (struct avc_thread_callback *)(argp1); + result = (void (*)(void *)) ((arg1)->func_stop_thread); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_thread_callback *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_avc_thread_callback")) SWIG_fail; + result = (struct avc_thread_callback *)(struct avc_thread_callback *) calloc(1, sizeof(struct avc_thread_callback)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_thread_callback",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_thread_callback" "', argument " "1"" of type '" "struct avc_thread_callback *""'"); + } + arg1 = (struct avc_thread_callback *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *avc_thread_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_avc_thread_callback, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void *(*arg2)(void) = (void *(*)(void)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_alloc_lock_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_void__p_void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "2"" of type '" "void *(*)(void)""'"); + } + } + if (arg1) (arg1)->func_alloc_lock = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void *(*result)(void) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_alloc_lock_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + result = (void *(*)(void)) ((arg1)->func_alloc_lock); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_void__p_void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void (*arg2)(void *) = (void (*)(void *)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_get_lock_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'"); + } + } + if (arg1) (arg1)->func_get_lock = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void (*result)(void *) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_get_lock_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + result = (void (*)(void *)) ((arg1)->func_get_lock); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void (*arg2)(void *) = (void (*)(void *)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_release_lock_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'"); + } + } + if (arg1) (arg1)->func_release_lock = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void (*result)(void *) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_release_lock_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + result = (void (*)(void *)) ((arg1)->func_release_lock); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void (*arg2)(void *) = (void (*)(void *)) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_free_lock_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + { + int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void); + if (!SWIG_IsOK(res)) { + SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'"); + } + } + if (arg1) (arg1)->func_free_lock = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void (*result)(void *) = 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_free_lock_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + result = (void (*)(void *)) ((arg1)->func_free_lock); + resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_avc_lock_callback")) SWIG_fail; + result = (struct avc_lock_callback *)(struct avc_lock_callback *) calloc(1, sizeof(struct avc_lock_callback)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_lock_callback",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_lock_callback" "', argument " "1"" of type '" "struct avc_lock_callback *""'"); + } + arg1 = (struct avc_lock_callback *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *avc_lock_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_avc_lock_callback, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_avc_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + struct avc_memory_callback *arg2 = (struct avc_memory_callback *) 0 ; + struct avc_log_callback *arg3 = (struct avc_log_callback *) 0 ; + struct avc_thread_callback *arg4 = (struct avc_thread_callback *) 0 ; + struct avc_lock_callback *arg5 = (struct avc_lock_callback *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + void *argp3 = 0 ; + int res3 = 0 ; + void *argp4 = 0 ; + int res4 = 0 ; + void *argp5 = 0 ; + int res5 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + PyObject * obj4 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOOOO:avc_init",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_init" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_avc_memory_callback, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_init" "', argument " "2"" of type '" "struct avc_memory_callback const *""'"); + } + arg2 = (struct avc_memory_callback *)(argp2); + res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_avc_log_callback, 0 | 0 ); + if (!SWIG_IsOK(res3)) { + SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "avc_init" "', argument " "3"" of type '" "struct avc_log_callback const *""'"); + } + arg3 = (struct avc_log_callback *)(argp3); + res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_avc_thread_callback, 0 | 0 ); + if (!SWIG_IsOK(res4)) { + SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "avc_init" "', argument " "4"" of type '" "struct avc_thread_callback const *""'"); + } + arg4 = (struct avc_thread_callback *)(argp4); + res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_lock_callback, 0 | 0 ); + if (!SWIG_IsOK(res5)) { + SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_init" "', argument " "5"" of type '" "struct avc_lock_callback const *""'"); + } + arg5 = (struct avc_lock_callback *)(argp5); + result = (int)avc_init((char const *)arg1,(struct avc_memory_callback const *)arg2,(struct avc_log_callback const *)arg3,(struct avc_thread_callback const *)arg4,(struct avc_lock_callback const *)arg5); + resultobj = SWIG_From_int((int)(result)); + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_open(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct selinux_opt *arg1 = (struct selinux_opt *) 0 ; + unsigned int arg2 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_open",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_open" "', argument " "1"" of type '" "struct selinux_opt *""'"); + } + arg1 = (struct selinux_opt *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_open" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + result = (int)avc_open(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cleanup(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + + if (!PyArg_ParseTuple(args,(char *)":avc_cleanup")) SWIG_fail; + avc_cleanup(); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_reset(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + int result; + + if (!PyArg_ParseTuple(args,(char *)":avc_reset")) SWIG_fail; + result = (int)avc_reset(); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + + if (!PyArg_ParseTuple(args,(char *)":avc_destroy")) SWIG_fail; + avc_destroy(); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_has_perm_noaudit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + security_id_t arg2 = (security_id_t) 0 ; + security_class_t arg3 ; + access_vector_t arg4 ; + struct avc_entry_ref *arg5 = (struct avc_entry_ref *) 0 ; + struct av_decision *arg6 = (struct av_decision *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + unsigned int val4 ; + int ecode4 = 0 ; + void *argp5 = 0 ; + int res5 = 0 ; + void *argp6 = 0 ; + int res6 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + PyObject * obj4 = 0 ; + PyObject * obj5 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOOOOO:avc_has_perm_noaudit",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_has_perm_noaudit" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_has_perm_noaudit" "', argument " "2"" of type '" "security_id_t""'"); + } + arg2 = (security_id_t)(argp2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_has_perm_noaudit" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4); + if (!SWIG_IsOK(ecode4)) { + SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_has_perm_noaudit" "', argument " "4"" of type '" "access_vector_t""'"); + } + arg4 = (access_vector_t)(val4); + res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_entry_ref, 0 | 0 ); + if (!SWIG_IsOK(res5)) { + SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_has_perm_noaudit" "', argument " "5"" of type '" "struct avc_entry_ref *""'"); + } + arg5 = (struct avc_entry_ref *)(argp5); + res6 = SWIG_ConvertPtr(obj5, &argp6,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res6)) { + SWIG_exception_fail(SWIG_ArgError(res6), "in method '" "avc_has_perm_noaudit" "', argument " "6"" of type '" "struct av_decision *""'"); + } + arg6 = (struct av_decision *)(argp6); + result = (int)avc_has_perm_noaudit(arg1,arg2,arg3,arg4,arg5,arg6); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_has_perm(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + security_id_t arg2 = (security_id_t) 0 ; + security_class_t arg3 ; + access_vector_t arg4 ; + struct avc_entry_ref *arg5 = (struct avc_entry_ref *) 0 ; + void *arg6 = (void *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + unsigned int val4 ; + int ecode4 = 0 ; + void *argp5 = 0 ; + int res5 = 0 ; + int res6 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + PyObject * obj4 = 0 ; + PyObject * obj5 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOOOOO:avc_has_perm",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_has_perm" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_has_perm" "', argument " "2"" of type '" "security_id_t""'"); + } + arg2 = (security_id_t)(argp2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_has_perm" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4); + if (!SWIG_IsOK(ecode4)) { + SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_has_perm" "', argument " "4"" of type '" "access_vector_t""'"); + } + arg4 = (access_vector_t)(val4); + res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_entry_ref, 0 | 0 ); + if (!SWIG_IsOK(res5)) { + SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_has_perm" "', argument " "5"" of type '" "struct avc_entry_ref *""'"); + } + arg5 = (struct avc_entry_ref *)(argp5); + res6 = SWIG_ConvertPtr(obj5,SWIG_as_voidptrptr(&arg6), 0, 0); + if (!SWIG_IsOK(res6)) { + SWIG_exception_fail(SWIG_ArgError(res6), "in method '" "avc_has_perm" "', argument " "6"" of type '" "void *""'"); + } + result = (int)avc_has_perm(arg1,arg2,arg3,arg4,arg5,arg6); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_audit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + security_id_t arg2 = (security_id_t) 0 ; + security_class_t arg3 ; + access_vector_t arg4 ; + struct av_decision *arg5 = (struct av_decision *) 0 ; + int arg6 ; + void *arg7 = (void *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + unsigned int val4 ; + int ecode4 = 0 ; + void *argp5 = 0 ; + int res5 = 0 ; + int val6 ; + int ecode6 = 0 ; + int res7 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + PyObject * obj4 = 0 ; + PyObject * obj5 = 0 ; + PyObject * obj6 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OOOOOOO:avc_audit",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5,&obj6)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_audit" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_audit" "', argument " "2"" of type '" "security_id_t""'"); + } + arg2 = (security_id_t)(argp2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_audit" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4); + if (!SWIG_IsOK(ecode4)) { + SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_audit" "', argument " "4"" of type '" "access_vector_t""'"); + } + arg4 = (access_vector_t)(val4); + res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 ); + if (!SWIG_IsOK(res5)) { + SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_audit" "', argument " "5"" of type '" "struct av_decision *""'"); + } + arg5 = (struct av_decision *)(argp5); + ecode6 = SWIG_AsVal_int(obj5, &val6); + if (!SWIG_IsOK(ecode6)) { + SWIG_exception_fail(SWIG_ArgError(ecode6), "in method '" "avc_audit" "', argument " "6"" of type '" "int""'"); + } + arg6 = (int)(val6); + res7 = SWIG_ConvertPtr(obj6,SWIG_as_voidptrptr(&arg7), 0, 0); + if (!SWIG_IsOK(res7)) { + SWIG_exception_fail(SWIG_ArgError(res7), "in method '" "avc_audit" "', argument " "7"" of type '" "void *""'"); + } + avc_audit(arg1,arg2,arg3,arg4,arg5,arg6,arg7); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_compute_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + security_id_t arg2 = (security_id_t) 0 ; + security_class_t arg3 ; + security_id_t *arg4 = (security_id_t *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_id_t temp4 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + { + arg4 = &temp4; + } + if (!PyArg_ParseTuple(args,(char *)"OOO:avc_compute_create",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_compute_create" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_compute_create" "', argument " "2"" of type '" "security_id_t""'"); + } + arg2 = (security_id_t)(argp2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_compute_create" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)avc_compute_create(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_compute_member(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_id_t arg1 = (security_id_t) 0 ; + security_id_t arg2 = (security_id_t) 0 ; + security_class_t arg3 ; + security_id_t *arg4 = (security_id_t *) 0 ; + int result; + void *argp1 = 0 ; + int res1 = 0 ; + void *argp2 = 0 ; + int res2 = 0 ; + unsigned short val3 ; + int ecode3 = 0 ; + security_id_t temp4 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + { + arg4 = &temp4; + } + if (!PyArg_ParseTuple(args,(char *)"OOO:avc_compute_member",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_compute_member" "', argument " "1"" of type '" "security_id_t""'"); + } + arg1 = (security_id_t)(argp1); + res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 ); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_compute_member" "', argument " "2"" of type '" "security_id_t""'"); + } + arg2 = (security_id_t)(argp2); + ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3); + if (!SWIG_IsOK(ecode3)) { + SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_compute_member" "', argument " "3"" of type '" "security_class_t""'"); + } + arg3 = (security_class_t)(val3); + result = (int)avc_compute_member(arg1,arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_lookups_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_lookups_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_lookups_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_lookups_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->entry_lookups = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_lookups_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_lookups_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_lookups_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->entry_lookups); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_hits_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_hits_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_hits_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_hits_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->entry_hits = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_hits_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_hits_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_hits_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->entry_hits); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_misses_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_misses_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_misses_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_misses_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->entry_misses = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_misses_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_misses_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_misses_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->entry_misses); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_discards_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_discards_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_discards_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_discards_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->entry_discards = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_discards_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_discards_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_discards_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->entry_discards); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_lookups_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_lookups_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_lookups_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_lookups_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->cav_lookups = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_lookups_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_lookups_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_lookups_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->cav_lookups); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_hits_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_hits_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_hits_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_hits_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->cav_hits = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_hits_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_hits_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_hits_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->cav_hits); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_probes_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_probes_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_probes_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_probes_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->cav_probes = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_probes_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_probes_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_probes_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->cav_probes); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_misses_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int arg2 ; + void *argp1 = 0 ; + int res1 = 0 ; + unsigned int val2 ; + int ecode2 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_misses_set",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_misses_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2); + if (!SWIG_IsOK(ecode2)) { + SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_misses_set" "', argument " "2"" of type '" "unsigned int""'"); + } + arg2 = (unsigned int)(val2); + if (arg1) (arg1)->cav_misses = arg2; + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_misses_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + unsigned int result; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_misses_get",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_misses_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + result = (unsigned int) ((arg1)->cav_misses); + resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result)); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_new_avc_cache_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":new_avc_cache_stats")) SWIG_fail; + result = (struct avc_cache_stats *)(struct avc_cache_stats *) calloc(1, sizeof(struct avc_cache_stats)); + resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_NEW | 0 ); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_delete_avc_cache_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ; + void *argp1 = 0 ; + int res1 = 0 ; + PyObject * obj0 = 0 ; + + if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_cache_stats",&obj0)) SWIG_fail; + res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_DISOWN | 0 ); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_cache_stats" "', argument " "1"" of type '" "struct avc_cache_stats *""'"); + } + arg1 = (struct avc_cache_stats *)(argp1); + free((char *) arg1); + + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *avc_cache_stats_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *obj; + if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL; + SWIG_TypeNewClientData(SWIGTYPE_p_avc_cache_stats, SWIG_NewClientData(obj)); + return SWIG_Py_Void(); +} + +SWIGINTERN PyObject *_wrap_avc_av_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + + if (!PyArg_ParseTuple(args,(char *)":avc_av_stats")) SWIG_fail; + avc_av_stats(); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_avc_sid_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + + if (!PyArg_ParseTuple(args,(char *)":avc_sid_stats")) SWIG_fail; + avc_sid_stats(); + resultobj = SWIG_Py_Void(); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_selinux_default_type_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *result = 0 ; + + if (!PyArg_ParseTuple(args,(char *)":selinux_default_type_path")) SWIG_fail; + result = (char *)selinux_default_type_path(); + resultobj = SWIG_FromCharPtr((const char *)result); + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_get_default_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + char **arg2 = (char **) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + char *temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:get_default_type",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_type" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)get_default_type((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + free(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_get_ordered_context_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_context_t **arg3 = (security_context_t **) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + security_context_t *temp3 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + { + arg3 = &temp3; + } + if (!PyArg_ParseTuple(args,(char *)"OO:get_ordered_context_list",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_ordered_context_list" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)get_ordered_context_list((char const *)arg1,arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + { + PyObject* plist; + int i; + + if (*arg3) { + plist = PyList_New(result); + for (i = 0; i < result; i++) { + PyList_SetItem(plist, i, PyString_FromString((*arg3)[i])); + } + } else { + plist = PyList_New(0); + } + /* Only return the Python list, don't need to return the length anymore */ + resultobj = plist; + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + if (*arg3) freeconary(*arg3); + } + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + { + if (*arg3) freeconary(*arg3); + } + return NULL; +} + + +SWIGINTERN PyObject *_wrap_get_ordered_context_list_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + char *arg2 = (char *) 0 ; + security_context_t arg3 = (security_context_t) 0 ; + security_context_t **arg4 = (security_context_t **) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + int res3 ; + char *buf3 = 0 ; + int alloc3 = 0 ; + security_context_t *temp4 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + { + arg4 = &temp4; + } + if (!PyArg_ParseTuple(args,(char *)"OOO:get_ordered_context_list_with_level",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list_with_level" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_ordered_context_list_with_level" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3); + if (!SWIG_IsOK(res3)) { + SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_ordered_context_list_with_level" "', argument " "3"" of type '" "security_context_t""'"); + } + arg3 = (security_context_t)(buf3); + result = (int)get_ordered_context_list_with_level((char const *)arg1,(char const *)arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + { + PyObject* plist; + int i; + + if (*arg4) { + plist = PyList_New(result); + for (i = 0; i < result; i++) { + PyList_SetItem(plist, i, PyString_FromString((*arg4)[i])); + } + } else { + plist = PyList_New(0); + } + /* Only return the Python list, don't need to return the length anymore */ + resultobj = plist; + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + { + if (*arg4) freeconary(*arg4); + } + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + { + if (*arg4) freeconary(*arg4); + } + return NULL; +} + + +SWIGINTERN PyObject *_wrap_get_default_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t arg2 = (security_context_t) 0 ; + security_context_t *arg3 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + security_context_t temp3 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + + arg3 = &temp3; + if (!PyArg_ParseTuple(args,(char *)"OO:get_default_context",&obj0,&obj1)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context" "', argument " "2"" of type '" "security_context_t""'"); + } + arg2 = (security_context_t)(buf2); + result = (int)get_default_context((char const *)arg1,arg2,arg3); + resultobj = SWIG_From_int((int)(result)); + if (*arg3) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3)); + freecon(*arg3); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_get_default_context_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + char *arg2 = (char *) 0 ; + security_context_t arg3 = (security_context_t) 0 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + int res3 ; + char *buf3 = 0 ; + int alloc3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_level",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_level" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_level" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3); + if (!SWIG_IsOK(res3)) { + SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_level" "', argument " "3"" of type '" "security_context_t""'"); + } + arg3 = (security_context_t)(buf3); + result = (int)get_default_context_with_level((char const *)arg1,(char const *)arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_get_default_context_with_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + char *arg2 = (char *) 0 ; + security_context_t arg3 = (security_context_t) 0 ; + security_context_t *arg4 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + int res3 ; + char *buf3 = 0 ; + int alloc3 = 0 ; + security_context_t temp4 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + + arg4 = &temp4; + if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_role",&obj0,&obj1,&obj2)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_role" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_role" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3); + if (!SWIG_IsOK(res3)) { + SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_role" "', argument " "3"" of type '" "security_context_t""'"); + } + arg3 = (security_context_t)(buf3); + result = (int)get_default_context_with_role((char const *)arg1,(char const *)arg2,arg3,arg4); + resultobj = SWIG_From_int((int)(result)); + if (*arg4) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4)); + freecon(*arg4); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_get_default_context_with_rolelevel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + char *arg2 = (char *) 0 ; + char *arg3 = (char *) 0 ; + security_context_t arg4 = (security_context_t) 0 ; + security_context_t *arg5 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + int res2 ; + char *buf2 = 0 ; + int alloc2 = 0 ; + int res3 ; + char *buf3 = 0 ; + int alloc3 = 0 ; + int res4 ; + char *buf4 = 0 ; + int alloc4 = 0 ; + security_context_t temp5 = 0 ; + PyObject * obj0 = 0 ; + PyObject * obj1 = 0 ; + PyObject * obj2 = 0 ; + PyObject * obj3 = 0 ; + + arg5 = &temp5; + if (!PyArg_ParseTuple(args,(char *)"OOOO:get_default_context_with_rolelevel",&obj0,&obj1,&obj2,&obj3)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_rolelevel" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2); + if (!SWIG_IsOK(res2)) { + SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_rolelevel" "', argument " "2"" of type '" "char const *""'"); + } + arg2 = (char *)(buf2); + res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3); + if (!SWIG_IsOK(res3)) { + SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_rolelevel" "', argument " "3"" of type '" "char const *""'"); + } + arg3 = (char *)(buf3); + res4 = SWIG_AsCharPtrAndSize(obj3, &buf4, NULL, &alloc4); + if (!SWIG_IsOK(res4)) { + SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "get_default_context_with_rolelevel" "', argument " "4"" of type '" "security_context_t""'"); + } + arg4 = (security_context_t)(buf4); + result = (int)get_default_context_with_rolelevel((char const *)arg1,(char const *)arg2,(char const *)arg3,arg4,arg5); + resultobj = SWIG_From_int((int)(result)); + if (*arg5) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg5)); + freecon(*arg5); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + if (alloc4 == SWIG_NEWOBJ) free((char*)buf4); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); + if (alloc3 == SWIG_NEWOBJ) free((char*)buf3); + if (alloc4 == SWIG_NEWOBJ) free((char*)buf4); + return NULL; +} + + +SWIGINTERN PyObject *_wrap_query_user_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + security_context_t *arg1 = (security_context_t *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + security_context_t temp1 = 0 ; + security_context_t temp2 = 0 ; + + arg1 = &temp1; + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)":query_user_context")) SWIG_fail; + result = (int)query_user_context(arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg1) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1)); + freecon(*arg1); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + return resultobj; +fail: + return NULL; +} + + +SWIGINTERN PyObject *_wrap_manual_user_enter_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) { + PyObject *resultobj = 0; + char *arg1 = (char *) 0 ; + security_context_t *arg2 = (security_context_t *) 0 ; + int result; + int res1 ; + char *buf1 = 0 ; + int alloc1 = 0 ; + security_context_t temp2 = 0 ; + PyObject * obj0 = 0 ; + + arg2 = &temp2; + if (!PyArg_ParseTuple(args,(char *)"O:manual_user_enter_context",&obj0)) SWIG_fail; + res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1); + if (!SWIG_IsOK(res1)) { + SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "manual_user_enter_context" "', argument " "1"" of type '" "char const *""'"); + } + arg1 = (char *)(buf1); + result = (int)manual_user_enter_context((char const *)arg1,arg2); + resultobj = SWIG_From_int((int)(result)); + if (*arg2) { + resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2)); + freecon(*arg2); + } + else { + Py_INCREF(Py_None); + resultobj = SWIG_Python_AppendOutput(resultobj, Py_None); + } + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return resultobj; +fail: + if (alloc1 == SWIG_NEWOBJ) free((char*)buf1); + return NULL; +} + + +static PyMethodDef SwigMethods[] = { + { (char *)"is_selinux_enabled", _wrap_is_selinux_enabled, METH_VARARGS, NULL}, + { (char *)"is_selinux_mls_enabled", _wrap_is_selinux_mls_enabled, METH_VARARGS, NULL}, + { (char *)"getcon", _wrap_getcon, METH_VARARGS, NULL}, + { (char *)"getcon_raw", _wrap_getcon_raw, METH_VARARGS, NULL}, + { (char *)"setcon", _wrap_setcon, METH_VARARGS, NULL}, + { (char *)"setcon_raw", _wrap_setcon_raw, METH_VARARGS, NULL}, + { (char *)"getpidcon", _wrap_getpidcon, METH_VARARGS, NULL}, + { (char *)"getpidcon_raw", _wrap_getpidcon_raw, METH_VARARGS, NULL}, + { (char *)"getprevcon", _wrap_getprevcon, METH_VARARGS, NULL}, + { (char *)"getprevcon_raw", _wrap_getprevcon_raw, METH_VARARGS, NULL}, + { (char *)"getexeccon", _wrap_getexeccon, METH_VARARGS, NULL}, + { (char *)"getexeccon_raw", _wrap_getexeccon_raw, METH_VARARGS, NULL}, + { (char *)"setexeccon", _wrap_setexeccon, METH_VARARGS, NULL}, + { (char *)"setexeccon_raw", _wrap_setexeccon_raw, METH_VARARGS, NULL}, + { (char *)"getfscreatecon", _wrap_getfscreatecon, METH_VARARGS, NULL}, + { (char *)"getfscreatecon_raw", _wrap_getfscreatecon_raw, METH_VARARGS, NULL}, + { (char *)"setfscreatecon", _wrap_setfscreatecon, METH_VARARGS, NULL}, + { (char *)"setfscreatecon_raw", _wrap_setfscreatecon_raw, METH_VARARGS, NULL}, + { (char *)"getkeycreatecon", _wrap_getkeycreatecon, METH_VARARGS, NULL}, + { (char *)"getkeycreatecon_raw", _wrap_getkeycreatecon_raw, METH_VARARGS, NULL}, + { (char *)"setkeycreatecon", _wrap_setkeycreatecon, METH_VARARGS, NULL}, + { (char *)"setkeycreatecon_raw", _wrap_setkeycreatecon_raw, METH_VARARGS, NULL}, + { (char *)"getsockcreatecon", _wrap_getsockcreatecon, METH_VARARGS, NULL}, + { (char *)"getsockcreatecon_raw", _wrap_getsockcreatecon_raw, METH_VARARGS, NULL}, + { (char *)"setsockcreatecon", _wrap_setsockcreatecon, METH_VARARGS, NULL}, + { (char *)"setsockcreatecon_raw", _wrap_setsockcreatecon_raw, METH_VARARGS, NULL}, + { (char *)"getfilecon", _wrap_getfilecon, METH_VARARGS, NULL}, + { (char *)"getfilecon_raw", _wrap_getfilecon_raw, METH_VARARGS, NULL}, + { (char *)"lgetfilecon", _wrap_lgetfilecon, METH_VARARGS, NULL}, + { (char *)"lgetfilecon_raw", _wrap_lgetfilecon_raw, METH_VARARGS, NULL}, + { (char *)"fgetfilecon", _wrap_fgetfilecon, METH_VARARGS, NULL}, + { (char *)"fgetfilecon_raw", _wrap_fgetfilecon_raw, METH_VARARGS, NULL}, + { (char *)"setfilecon", _wrap_setfilecon, METH_VARARGS, NULL}, + { (char *)"setfilecon_raw", _wrap_setfilecon_raw, METH_VARARGS, NULL}, + { (char *)"lsetfilecon", _wrap_lsetfilecon, METH_VARARGS, NULL}, + { (char *)"lsetfilecon_raw", _wrap_lsetfilecon_raw, METH_VARARGS, NULL}, + { (char *)"fsetfilecon", _wrap_fsetfilecon, METH_VARARGS, NULL}, + { (char *)"fsetfilecon_raw", _wrap_fsetfilecon_raw, METH_VARARGS, NULL}, + { (char *)"getpeercon", _wrap_getpeercon, METH_VARARGS, NULL}, + { (char *)"getpeercon_raw", _wrap_getpeercon_raw, METH_VARARGS, NULL}, + { (char *)"av_decision_allowed_set", _wrap_av_decision_allowed_set, METH_VARARGS, NULL}, + { (char *)"av_decision_allowed_get", _wrap_av_decision_allowed_get, METH_VARARGS, NULL}, + { (char *)"av_decision_decided_set", _wrap_av_decision_decided_set, METH_VARARGS, NULL}, + { (char *)"av_decision_decided_get", _wrap_av_decision_decided_get, METH_VARARGS, NULL}, + { (char *)"av_decision_auditallow_set", _wrap_av_decision_auditallow_set, METH_VARARGS, NULL}, + { (char *)"av_decision_auditallow_get", _wrap_av_decision_auditallow_get, METH_VARARGS, NULL}, + { (char *)"av_decision_auditdeny_set", _wrap_av_decision_auditdeny_set, METH_VARARGS, NULL}, + { (char *)"av_decision_auditdeny_get", _wrap_av_decision_auditdeny_get, METH_VARARGS, NULL}, + { (char *)"av_decision_seqno_set", _wrap_av_decision_seqno_set, METH_VARARGS, NULL}, + { (char *)"av_decision_seqno_get", _wrap_av_decision_seqno_get, METH_VARARGS, NULL}, + { (char *)"new_av_decision", _wrap_new_av_decision, METH_VARARGS, NULL}, + { (char *)"delete_av_decision", _wrap_delete_av_decision, METH_VARARGS, NULL}, + { (char *)"av_decision_swigregister", av_decision_swigregister, METH_VARARGS, NULL}, + { (char *)"selinux_opt_type_set", _wrap_selinux_opt_type_set, METH_VARARGS, NULL}, + { (char *)"selinux_opt_type_get", _wrap_selinux_opt_type_get, METH_VARARGS, NULL}, + { (char *)"selinux_opt_value_set", _wrap_selinux_opt_value_set, METH_VARARGS, NULL}, + { (char *)"selinux_opt_value_get", _wrap_selinux_opt_value_get, METH_VARARGS, NULL}, + { (char *)"new_selinux_opt", _wrap_new_selinux_opt, METH_VARARGS, NULL}, + { (char *)"delete_selinux_opt", _wrap_delete_selinux_opt, METH_VARARGS, NULL}, + { (char *)"selinux_opt_swigregister", selinux_opt_swigregister, METH_VARARGS, NULL}, + { (char *)"selinux_callback_func_log_set", _wrap_selinux_callback_func_log_set, METH_VARARGS, NULL}, + { (char *)"selinux_callback_func_log_get", _wrap_selinux_callback_func_log_get, METH_VARARGS, NULL}, + { (char *)"selinux_callback_func_audit_set", _wrap_selinux_callback_func_audit_set, METH_VARARGS, NULL}, + { (char *)"selinux_callback_func_audit_get", _wrap_selinux_callback_func_audit_get, METH_VARARGS, NULL}, + { (char *)"selinux_callback_func_validate_set", _wrap_selinux_callback_func_validate_set, METH_VARARGS, NULL}, + { (char *)"selinux_callback_func_validate_get", _wrap_selinux_callback_func_validate_get, METH_VARARGS, NULL}, + { (char *)"new_selinux_callback", _wrap_new_selinux_callback, METH_VARARGS, NULL}, + { (char *)"delete_selinux_callback", _wrap_delete_selinux_callback, METH_VARARGS, NULL}, + { (char *)"selinux_callback_swigregister", selinux_callback_swigregister, METH_VARARGS, NULL}, + { (char *)"selinux_get_callback", _wrap_selinux_get_callback, METH_VARARGS, NULL}, + { (char *)"selinux_set_callback", _wrap_selinux_set_callback, METH_VARARGS, NULL}, + { (char *)"security_compute_av", _wrap_security_compute_av, METH_VARARGS, NULL}, + { (char *)"security_compute_av_raw", _wrap_security_compute_av_raw, METH_VARARGS, NULL}, + { (char *)"security_compute_create", _wrap_security_compute_create, METH_VARARGS, NULL}, + { (char *)"security_compute_create_raw", _wrap_security_compute_create_raw, METH_VARARGS, NULL}, + { (char *)"security_compute_relabel", _wrap_security_compute_relabel, METH_VARARGS, NULL}, + { (char *)"security_compute_relabel_raw", _wrap_security_compute_relabel_raw, METH_VARARGS, NULL}, + { (char *)"security_compute_member", _wrap_security_compute_member, METH_VARARGS, NULL}, + { (char *)"security_compute_member_raw", _wrap_security_compute_member_raw, METH_VARARGS, NULL}, + { (char *)"security_compute_user", _wrap_security_compute_user, METH_VARARGS, NULL}, + { (char *)"security_compute_user_raw", _wrap_security_compute_user_raw, METH_VARARGS, NULL}, + { (char *)"security_load_policy", _wrap_security_load_policy, METH_VARARGS, NULL}, + { (char *)"security_get_initial_context", _wrap_security_get_initial_context, METH_VARARGS, NULL}, + { (char *)"security_get_initial_context_raw", _wrap_security_get_initial_context_raw, METH_VARARGS, NULL}, + { (char *)"selinux_mkload_policy", _wrap_selinux_mkload_policy, METH_VARARGS, NULL}, + { (char *)"selinux_init_load_policy", _wrap_selinux_init_load_policy, METH_VARARGS, NULL}, + { (char *)"SELboolean_name_set", _wrap_SELboolean_name_set, METH_VARARGS, NULL}, + { (char *)"SELboolean_name_get", _wrap_SELboolean_name_get, METH_VARARGS, NULL}, + { (char *)"SELboolean_value_set", _wrap_SELboolean_value_set, METH_VARARGS, NULL}, + { (char *)"SELboolean_value_get", _wrap_SELboolean_value_get, METH_VARARGS, NULL}, + { (char *)"new_SELboolean", _wrap_new_SELboolean, METH_VARARGS, NULL}, + { (char *)"delete_SELboolean", _wrap_delete_SELboolean, METH_VARARGS, NULL}, + { (char *)"SELboolean_swigregister", SELboolean_swigregister, METH_VARARGS, NULL}, + { (char *)"security_set_boolean_list", _wrap_security_set_boolean_list, METH_VARARGS, NULL}, + { (char *)"security_load_booleans", _wrap_security_load_booleans, METH_VARARGS, NULL}, + { (char *)"security_check_context", _wrap_security_check_context, METH_VARARGS, NULL}, + { (char *)"security_check_context_raw", _wrap_security_check_context_raw, METH_VARARGS, NULL}, + { (char *)"security_canonicalize_context", _wrap_security_canonicalize_context, METH_VARARGS, NULL}, + { (char *)"security_canonicalize_context_raw", _wrap_security_canonicalize_context_raw, METH_VARARGS, NULL}, + { (char *)"security_getenforce", _wrap_security_getenforce, METH_VARARGS, NULL}, + { (char *)"security_setenforce", _wrap_security_setenforce, METH_VARARGS, NULL}, + { (char *)"security_disable", _wrap_security_disable, METH_VARARGS, NULL}, + { (char *)"security_policyvers", _wrap_security_policyvers, METH_VARARGS, NULL}, + { (char *)"security_get_boolean_names", _wrap_security_get_boolean_names, METH_VARARGS, NULL}, + { (char *)"security_get_boolean_pending", _wrap_security_get_boolean_pending, METH_VARARGS, NULL}, + { (char *)"security_get_boolean_active", _wrap_security_get_boolean_active, METH_VARARGS, NULL}, + { (char *)"security_set_boolean", _wrap_security_set_boolean, METH_VARARGS, NULL}, + { (char *)"security_commit_booleans", _wrap_security_commit_booleans, METH_VARARGS, NULL}, + { (char *)"security_class_mapping_name_set", _wrap_security_class_mapping_name_set, METH_VARARGS, NULL}, + { (char *)"security_class_mapping_name_get", _wrap_security_class_mapping_name_get, METH_VARARGS, NULL}, + { (char *)"security_class_mapping_perms_set", _wrap_security_class_mapping_perms_set, METH_VARARGS, NULL}, + { (char *)"security_class_mapping_perms_get", _wrap_security_class_mapping_perms_get, METH_VARARGS, NULL}, + { (char *)"new_security_class_mapping", _wrap_new_security_class_mapping, METH_VARARGS, NULL}, + { (char *)"delete_security_class_mapping", _wrap_delete_security_class_mapping, METH_VARARGS, NULL}, + { (char *)"security_class_mapping_swigregister", security_class_mapping_swigregister, METH_VARARGS, NULL}, + { (char *)"selinux_set_mapping", _wrap_selinux_set_mapping, METH_VARARGS, NULL}, + { (char *)"string_to_security_class", _wrap_string_to_security_class, METH_VARARGS, NULL}, + { (char *)"security_class_to_string", _wrap_security_class_to_string, METH_VARARGS, NULL}, + { (char *)"security_av_perm_to_string", _wrap_security_av_perm_to_string, METH_VARARGS, NULL}, + { (char *)"string_to_av_perm", _wrap_string_to_av_perm, METH_VARARGS, NULL}, + { (char *)"security_av_string", _wrap_security_av_string, METH_VARARGS, NULL}, + { (char *)"print_access_vector", _wrap_print_access_vector, METH_VARARGS, NULL}, + { (char *)"set_matchpathcon_flags", _wrap_set_matchpathcon_flags, METH_VARARGS, NULL}, + { (char *)"matchpathcon_init", _wrap_matchpathcon_init, METH_VARARGS, NULL}, + { (char *)"matchpathcon_init_prefix", _wrap_matchpathcon_init_prefix, METH_VARARGS, NULL}, + { (char *)"matchpathcon_fini", _wrap_matchpathcon_fini, METH_VARARGS, NULL}, + { (char *)"matchpathcon", _wrap_matchpathcon, METH_VARARGS, NULL}, + { (char *)"matchpathcon_index", _wrap_matchpathcon_index, METH_VARARGS, NULL}, + { (char *)"matchpathcon_filespec_add", _wrap_matchpathcon_filespec_add, METH_VARARGS, NULL}, + { (char *)"matchpathcon_filespec_destroy", _wrap_matchpathcon_filespec_destroy, METH_VARARGS, NULL}, + { (char *)"matchpathcon_filespec_eval", _wrap_matchpathcon_filespec_eval, METH_VARARGS, NULL}, + { (char *)"matchpathcon_checkmatches", _wrap_matchpathcon_checkmatches, METH_VARARGS, NULL}, + { (char *)"matchmediacon", _wrap_matchmediacon, METH_VARARGS, NULL}, + { (char *)"selinux_getenforcemode", _wrap_selinux_getenforcemode, METH_VARARGS, NULL}, + { (char *)"selinux_getpolicytype", _wrap_selinux_getpolicytype, METH_VARARGS, NULL}, + { (char *)"selinux_policy_root", _wrap_selinux_policy_root, METH_VARARGS, NULL}, + { (char *)"selinux_binary_policy_path", _wrap_selinux_binary_policy_path, METH_VARARGS, NULL}, + { (char *)"selinux_failsafe_context_path", _wrap_selinux_failsafe_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_removable_context_path", _wrap_selinux_removable_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_default_context_path", _wrap_selinux_default_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_user_contexts_path", _wrap_selinux_user_contexts_path, METH_VARARGS, NULL}, + { (char *)"selinux_file_context_path", _wrap_selinux_file_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_file_context_homedir_path", _wrap_selinux_file_context_homedir_path, METH_VARARGS, NULL}, + { (char *)"selinux_file_context_local_path", _wrap_selinux_file_context_local_path, METH_VARARGS, NULL}, + { (char *)"selinux_homedir_context_path", _wrap_selinux_homedir_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_media_context_path", _wrap_selinux_media_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_x_context_path", _wrap_selinux_x_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL}, + { (char *)"selinux_securetty_types_path", _wrap_selinux_securetty_types_path, METH_VARARGS, NULL}, + { (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL}, + { (char *)"selinux_customizable_types_path", _wrap_selinux_customizable_types_path, METH_VARARGS, NULL}, + { (char *)"selinux_users_path", _wrap_selinux_users_path, METH_VARARGS, NULL}, + { (char *)"selinux_usersconf_path", _wrap_selinux_usersconf_path, METH_VARARGS, NULL}, + { (char *)"selinux_translations_path", _wrap_selinux_translations_path, METH_VARARGS, NULL}, + { (char *)"selinux_netfilter_context_path", _wrap_selinux_netfilter_context_path, METH_VARARGS, NULL}, + { (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL}, + { (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL}, + { (char *)"checkPasswdAccess", _wrap_checkPasswdAccess, METH_VARARGS, NULL}, + { (char *)"selinux_check_securetty_context", _wrap_selinux_check_securetty_context, METH_VARARGS, NULL}, + { (char *)"set_selinuxmnt", _wrap_set_selinuxmnt, METH_VARARGS, NULL}, + { (char *)"rpm_execcon", _wrap_rpm_execcon, METH_VARARGS, NULL}, + { (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL}, + { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL}, + { (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL}, + { (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL}, + { (char *)"selinux_file_context_cmp", _wrap_selinux_file_context_cmp, METH_VARARGS, NULL}, + { (char *)"selinux_file_context_verify", _wrap_selinux_file_context_verify, METH_VARARGS, NULL}, + { (char *)"selinux_lsetfilecon_default", _wrap_selinux_lsetfilecon_default, METH_VARARGS, NULL}, + { (char *)"security_id_ctx_set", _wrap_security_id_ctx_set, METH_VARARGS, NULL}, + { (char *)"security_id_ctx_get", _wrap_security_id_ctx_get, METH_VARARGS, NULL}, + { (char *)"security_id_refcnt_set", _wrap_security_id_refcnt_set, METH_VARARGS, NULL}, + { (char *)"security_id_refcnt_get", _wrap_security_id_refcnt_get, METH_VARARGS, NULL}, + { (char *)"new_security_id", _wrap_new_security_id, METH_VARARGS, NULL}, + { (char *)"delete_security_id", _wrap_delete_security_id, METH_VARARGS, NULL}, + { (char *)"security_id_swigregister", security_id_swigregister, METH_VARARGS, NULL}, + { (char *)"avc_sid_to_context", _wrap_avc_sid_to_context, METH_VARARGS, NULL}, + { (char *)"avc_sid_to_context_raw", _wrap_avc_sid_to_context_raw, METH_VARARGS, NULL}, + { (char *)"avc_context_to_sid", _wrap_avc_context_to_sid, METH_VARARGS, NULL}, + { (char *)"avc_context_to_sid_raw", _wrap_avc_context_to_sid_raw, METH_VARARGS, NULL}, + { (char *)"sidget", _wrap_sidget, METH_VARARGS, NULL}, + { (char *)"sidput", _wrap_sidput, METH_VARARGS, NULL}, + { (char *)"avc_get_initial_sid", _wrap_avc_get_initial_sid, METH_VARARGS, NULL}, + { (char *)"avc_entry_ref_ae_set", _wrap_avc_entry_ref_ae_set, METH_VARARGS, NULL}, + { (char *)"avc_entry_ref_ae_get", _wrap_avc_entry_ref_ae_get, METH_VARARGS, NULL}, + { (char *)"new_avc_entry_ref", _wrap_new_avc_entry_ref, METH_VARARGS, NULL}, + { (char *)"delete_avc_entry_ref", _wrap_delete_avc_entry_ref, METH_VARARGS, NULL}, + { (char *)"avc_entry_ref_swigregister", avc_entry_ref_swigregister, METH_VARARGS, NULL}, + { (char *)"avc_memory_callback_func_malloc_set", _wrap_avc_memory_callback_func_malloc_set, METH_VARARGS, NULL}, + { (char *)"avc_memory_callback_func_malloc_get", _wrap_avc_memory_callback_func_malloc_get, METH_VARARGS, NULL}, + { (char *)"avc_memory_callback_func_free_set", _wrap_avc_memory_callback_func_free_set, METH_VARARGS, NULL}, + { (char *)"avc_memory_callback_func_free_get", _wrap_avc_memory_callback_func_free_get, METH_VARARGS, NULL}, + { (char *)"new_avc_memory_callback", _wrap_new_avc_memory_callback, METH_VARARGS, NULL}, + { (char *)"delete_avc_memory_callback", _wrap_delete_avc_memory_callback, METH_VARARGS, NULL}, + { (char *)"avc_memory_callback_swigregister", avc_memory_callback_swigregister, METH_VARARGS, NULL}, + { (char *)"avc_log_callback_func_log_set", _wrap_avc_log_callback_func_log_set, METH_VARARGS, NULL}, + { (char *)"avc_log_callback_func_log_get", _wrap_avc_log_callback_func_log_get, METH_VARARGS, NULL}, + { (char *)"avc_log_callback_func_audit_set", _wrap_avc_log_callback_func_audit_set, METH_VARARGS, NULL}, + { (char *)"avc_log_callback_func_audit_get", _wrap_avc_log_callback_func_audit_get, METH_VARARGS, NULL}, + { (char *)"new_avc_log_callback", _wrap_new_avc_log_callback, METH_VARARGS, NULL}, + { (char *)"delete_avc_log_callback", _wrap_delete_avc_log_callback, METH_VARARGS, NULL}, + { (char *)"avc_log_callback_swigregister", avc_log_callback_swigregister, METH_VARARGS, NULL}, + { (char *)"avc_thread_callback_func_create_thread_set", _wrap_avc_thread_callback_func_create_thread_set, METH_VARARGS, NULL}, + { (char *)"avc_thread_callback_func_create_thread_get", _wrap_avc_thread_callback_func_create_thread_get, METH_VARARGS, NULL}, + { (char *)"avc_thread_callback_func_stop_thread_set", _wrap_avc_thread_callback_func_stop_thread_set, METH_VARARGS, NULL}, + { (char *)"avc_thread_callback_func_stop_thread_get", _wrap_avc_thread_callback_func_stop_thread_get, METH_VARARGS, NULL}, + { (char *)"new_avc_thread_callback", _wrap_new_avc_thread_callback, METH_VARARGS, NULL}, + { (char *)"delete_avc_thread_callback", _wrap_delete_avc_thread_callback, METH_VARARGS, NULL}, + { (char *)"avc_thread_callback_swigregister", avc_thread_callback_swigregister, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_alloc_lock_set", _wrap_avc_lock_callback_func_alloc_lock_set, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_alloc_lock_get", _wrap_avc_lock_callback_func_alloc_lock_get, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_get_lock_set", _wrap_avc_lock_callback_func_get_lock_set, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_get_lock_get", _wrap_avc_lock_callback_func_get_lock_get, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_release_lock_set", _wrap_avc_lock_callback_func_release_lock_set, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_release_lock_get", _wrap_avc_lock_callback_func_release_lock_get, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_free_lock_set", _wrap_avc_lock_callback_func_free_lock_set, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_func_free_lock_get", _wrap_avc_lock_callback_func_free_lock_get, METH_VARARGS, NULL}, + { (char *)"new_avc_lock_callback", _wrap_new_avc_lock_callback, METH_VARARGS, NULL}, + { (char *)"delete_avc_lock_callback", _wrap_delete_avc_lock_callback, METH_VARARGS, NULL}, + { (char *)"avc_lock_callback_swigregister", avc_lock_callback_swigregister, METH_VARARGS, NULL}, + { (char *)"avc_init", _wrap_avc_init, METH_VARARGS, NULL}, + { (char *)"avc_open", _wrap_avc_open, METH_VARARGS, NULL}, + { (char *)"avc_cleanup", _wrap_avc_cleanup, METH_VARARGS, NULL}, + { (char *)"avc_reset", _wrap_avc_reset, METH_VARARGS, NULL}, + { (char *)"avc_destroy", _wrap_avc_destroy, METH_VARARGS, NULL}, + { (char *)"avc_has_perm_noaudit", _wrap_avc_has_perm_noaudit, METH_VARARGS, NULL}, + { (char *)"avc_has_perm", _wrap_avc_has_perm, METH_VARARGS, NULL}, + { (char *)"avc_audit", _wrap_avc_audit, METH_VARARGS, NULL}, + { (char *)"avc_compute_create", _wrap_avc_compute_create, METH_VARARGS, NULL}, + { (char *)"avc_compute_member", _wrap_avc_compute_member, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_lookups_set", _wrap_avc_cache_stats_entry_lookups_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_lookups_get", _wrap_avc_cache_stats_entry_lookups_get, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_hits_set", _wrap_avc_cache_stats_entry_hits_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_hits_get", _wrap_avc_cache_stats_entry_hits_get, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_misses_set", _wrap_avc_cache_stats_entry_misses_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_misses_get", _wrap_avc_cache_stats_entry_misses_get, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_discards_set", _wrap_avc_cache_stats_entry_discards_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_entry_discards_get", _wrap_avc_cache_stats_entry_discards_get, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_lookups_set", _wrap_avc_cache_stats_cav_lookups_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_lookups_get", _wrap_avc_cache_stats_cav_lookups_get, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_hits_set", _wrap_avc_cache_stats_cav_hits_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_hits_get", _wrap_avc_cache_stats_cav_hits_get, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_probes_set", _wrap_avc_cache_stats_cav_probes_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_probes_get", _wrap_avc_cache_stats_cav_probes_get, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_misses_set", _wrap_avc_cache_stats_cav_misses_set, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_cav_misses_get", _wrap_avc_cache_stats_cav_misses_get, METH_VARARGS, NULL}, + { (char *)"new_avc_cache_stats", _wrap_new_avc_cache_stats, METH_VARARGS, NULL}, + { (char *)"delete_avc_cache_stats", _wrap_delete_avc_cache_stats, METH_VARARGS, NULL}, + { (char *)"avc_cache_stats_swigregister", avc_cache_stats_swigregister, METH_VARARGS, NULL}, + { (char *)"avc_av_stats", _wrap_avc_av_stats, METH_VARARGS, NULL}, + { (char *)"avc_sid_stats", _wrap_avc_sid_stats, METH_VARARGS, NULL}, + { (char *)"selinux_default_type_path", _wrap_selinux_default_type_path, METH_VARARGS, NULL}, + { (char *)"get_default_type", _wrap_get_default_type, METH_VARARGS, NULL}, + { (char *)"get_ordered_context_list", _wrap_get_ordered_context_list, METH_VARARGS, NULL}, + { (char *)"get_ordered_context_list_with_level", _wrap_get_ordered_context_list_with_level, METH_VARARGS, NULL}, + { (char *)"get_default_context", _wrap_get_default_context, METH_VARARGS, NULL}, + { (char *)"get_default_context_with_level", _wrap_get_default_context_with_level, METH_VARARGS, NULL}, + { (char *)"get_default_context_with_role", _wrap_get_default_context_with_role, METH_VARARGS, NULL}, + { (char *)"get_default_context_with_rolelevel", _wrap_get_default_context_with_rolelevel, METH_VARARGS, NULL}, + { (char *)"query_user_context", _wrap_query_user_context, METH_VARARGS, NULL}, + { (char *)"manual_user_enter_context", _wrap_manual_user_enter_context, METH_VARARGS, NULL}, + { NULL, NULL, 0, NULL } +}; + + +/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */ + +static swig_type_info _swigt__p_SELboolean = {"_p_SELboolean", "SELboolean *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_av_decision = {"_p_av_decision", "struct av_decision *|av_decision *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_avc_cache_stats = {"_p_avc_cache_stats", "struct avc_cache_stats *|avc_cache_stats *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_avc_entry = {"_p_avc_entry", "struct avc_entry *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_avc_entry_ref = {"_p_avc_entry_ref", "struct avc_entry_ref *|avc_entry_ref *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_avc_lock_callback = {"_p_avc_lock_callback", "struct avc_lock_callback *|avc_lock_callback *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_avc_log_callback = {"_p_avc_log_callback", "struct avc_log_callback *|avc_log_callback *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_avc_memory_callback = {"_p_avc_memory_callback", "struct avc_memory_callback *|avc_memory_callback *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_avc_thread_callback = {"_p_avc_thread_callback", "struct avc_thread_callback *|avc_thread_callback *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_int_p_q_const__char_v_______int = {"_p_f_int_p_q_const__char_v_______int", "int (*)(int,char const *,...)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_p_f_void__void__p_void = {"_p_f_p_f_void__void__p_void", "void *(*)(void (*)(void))", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_p_p_char__int = {"_p_f_p_p_char__int", "int (*)(char **)|int (*)(security_context_t *)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_p_q_const__char_v_______void = {"_p_f_p_q_const__char_v_______void", "void (*)(char const *,...)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_p_void__void = {"_p_f_p_void__void", "void (*)(void *)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_p_void_unsigned_short_p_char_size_t__int = {"_p_f_p_void_unsigned_short_p_char_size_t__int", "int (*)(void *,unsigned short,char *,size_t)|int (*)(void *,security_class_t,char *,size_t)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_p_void_unsigned_short_p_char_size_t__void = {"_p_f_p_void_unsigned_short_p_char_size_t__void", "void (*)(void *,unsigned short,char *,size_t)|void (*)(void *,security_class_t,char *,size_t)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_size_t__p_void = {"_p_f_size_t__p_void", "void *(*)(size_t)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_f_void__p_void = {"_p_f_void__p_void", "void *(*)(void)", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_ino_t = {"_p_ino_t", "ino_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **|security_context_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***|security_context_t **", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_p_security_id = {"_p_p_security_id", "struct security_id **|security_id_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_security_class_mapping = {"_p_security_class_mapping", "struct security_class_mapping *|security_class_mapping *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_security_id = {"_p_security_id", "security_id_t|struct security_id *|security_id *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_selinux_callback = {"_p_selinux_callback", "union selinux_callback *|selinux_callback *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_selinux_opt = {"_p_selinux_opt", "struct selinux_opt *|selinux_opt *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "unsigned int *|access_vector_t *|mode_t *|pid_t *", 0, 0, (void*)0, 0}; +static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "security_class_t *|unsigned short *", 0, 0, (void*)0, 0}; + +static swig_type_info *swig_type_initial[] = { + &_swigt__p_SELboolean, + &_swigt__p_av_decision, + &_swigt__p_avc_cache_stats, + &_swigt__p_avc_entry, + &_swigt__p_avc_entry_ref, + &_swigt__p_avc_lock_callback, + &_swigt__p_avc_log_callback, + &_swigt__p_avc_memory_callback, + &_swigt__p_avc_thread_callback, + &_swigt__p_char, + &_swigt__p_f_int_p_q_const__char_v_______int, + &_swigt__p_f_p_f_void__void__p_void, + &_swigt__p_f_p_p_char__int, + &_swigt__p_f_p_q_const__char_v_______void, + &_swigt__p_f_p_void__void, + &_swigt__p_f_p_void_unsigned_short_p_char_size_t__int, + &_swigt__p_f_p_void_unsigned_short_p_char_size_t__void, + &_swigt__p_f_size_t__p_void, + &_swigt__p_f_void__p_void, + &_swigt__p_ino_t, + &_swigt__p_int, + &_swigt__p_p_char, + &_swigt__p_p_p_char, + &_swigt__p_p_security_id, + &_swigt__p_security_class_mapping, + &_swigt__p_security_id, + &_swigt__p_selinux_callback, + &_swigt__p_selinux_opt, + &_swigt__p_unsigned_int, + &_swigt__p_unsigned_short, +}; + +static swig_cast_info _swigc__p_SELboolean[] = { {&_swigt__p_SELboolean, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_av_decision[] = { {&_swigt__p_av_decision, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_avc_cache_stats[] = { {&_swigt__p_avc_cache_stats, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_avc_entry[] = { {&_swigt__p_avc_entry, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_avc_entry_ref[] = { {&_swigt__p_avc_entry_ref, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_avc_lock_callback[] = { {&_swigt__p_avc_lock_callback, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_avc_log_callback[] = { {&_swigt__p_avc_log_callback, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_avc_memory_callback[] = { {&_swigt__p_avc_memory_callback, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_avc_thread_callback[] = { {&_swigt__p_avc_thread_callback, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_int_p_q_const__char_v_______int[] = { {&_swigt__p_f_int_p_q_const__char_v_______int, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_p_f_void__void__p_void[] = { {&_swigt__p_f_p_f_void__void__p_void, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_p_p_char__int[] = { {&_swigt__p_f_p_p_char__int, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_p_q_const__char_v_______void[] = { {&_swigt__p_f_p_q_const__char_v_______void, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_p_void__void[] = { {&_swigt__p_f_p_void__void, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_p_void_unsigned_short_p_char_size_t__int[] = { {&_swigt__p_f_p_void_unsigned_short_p_char_size_t__int, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_p_void_unsigned_short_p_char_size_t__void[] = { {&_swigt__p_f_p_void_unsigned_short_p_char_size_t__void, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_size_t__p_void[] = { {&_swigt__p_f_size_t__p_void, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_f_void__p_void[] = { {&_swigt__p_f_void__p_void, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_ino_t[] = { {&_swigt__p_ino_t, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_p_char[] = { {&_swigt__p_p_char, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_p_p_char[] = { {&_swigt__p_p_p_char, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_p_security_id[] = { {&_swigt__p_p_security_id, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_security_class_mapping[] = { {&_swigt__p_security_class_mapping, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_security_id[] = { {&_swigt__p_security_id, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_selinux_callback[] = { {&_swigt__p_selinux_callback, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_selinux_opt[] = { {&_swigt__p_selinux_opt, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}}; +static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}}; + +static swig_cast_info *swig_cast_initial[] = { + _swigc__p_SELboolean, + _swigc__p_av_decision, + _swigc__p_avc_cache_stats, + _swigc__p_avc_entry, + _swigc__p_avc_entry_ref, + _swigc__p_avc_lock_callback, + _swigc__p_avc_log_callback, + _swigc__p_avc_memory_callback, + _swigc__p_avc_thread_callback, + _swigc__p_char, + _swigc__p_f_int_p_q_const__char_v_______int, + _swigc__p_f_p_f_void__void__p_void, + _swigc__p_f_p_p_char__int, + _swigc__p_f_p_q_const__char_v_______void, + _swigc__p_f_p_void__void, + _swigc__p_f_p_void_unsigned_short_p_char_size_t__int, + _swigc__p_f_p_void_unsigned_short_p_char_size_t__void, + _swigc__p_f_size_t__p_void, + _swigc__p_f_void__p_void, + _swigc__p_ino_t, + _swigc__p_int, + _swigc__p_p_char, + _swigc__p_p_p_char, + _swigc__p_p_security_id, + _swigc__p_security_class_mapping, + _swigc__p_security_id, + _swigc__p_selinux_callback, + _swigc__p_selinux_opt, + _swigc__p_unsigned_int, + _swigc__p_unsigned_short, +}; + + +/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (END) -------- */ + +static swig_const_info swig_const_table[] = { +{0, 0, 0, 0.0, 0, 0}}; + +#ifdef __cplusplus +} +#endif +/* ----------------------------------------------------------------------------- + * Type initialization: + * This problem is tough by the requirement that no dynamic + * memory is used. Also, since swig_type_info structures store pointers to + * swig_cast_info structures and swig_cast_info structures store pointers back + * to swig_type_info structures, we need some lookup code at initialization. + * The idea is that swig generates all the structures that are needed. + * The runtime then collects these partially filled structures. + * The SWIG_InitializeModule function takes these initial arrays out of + * swig_module, and does all the lookup, filling in the swig_module.types + * array with the correct data and linking the correct swig_cast_info + * structures together. + * + * The generated swig_type_info structures are assigned staticly to an initial + * array. We just loop through that array, and handle each type individually. + * First we lookup if this type has been already loaded, and if so, use the + * loaded structure instead of the generated one. Then we have to fill in the + * cast linked list. The cast data is initially stored in something like a + * two-dimensional array. Each row corresponds to a type (there are the same + * number of rows as there are in the swig_type_initial array). Each entry in + * a column is one of the swig_cast_info structures for that type. + * The cast_initial array is actually an array of arrays, because each row has + * a variable number of columns. So to actually build the cast linked list, + * we find the array of casts associated with the type, and loop through it + * adding the casts to the list. The one last trick we need to do is making + * sure the type pointer in the swig_cast_info struct is correct. + * + * First off, we lookup the cast->type name to see if it is already loaded. + * There are three cases to handle: + * 1) If the cast->type has already been loaded AND the type we are adding + * casting info to has not been loaded (it is in this module), THEN we + * replace the cast->type pointer with the type pointer that has already + * been loaded. + * 2) If BOTH types (the one we are adding casting info to, and the + * cast->type) are loaded, THEN the cast info has already been loaded by + * the previous module so we just ignore it. + * 3) Finally, if cast->type has not already been loaded, then we add that + * swig_cast_info to the linked list (because the cast->type) pointer will + * be correct. + * ----------------------------------------------------------------------------- */ + +#ifdef __cplusplus +extern "C" { +#if 0 +} /* c-mode */ +#endif +#endif + +#if 0 +#define SWIGRUNTIME_DEBUG +#endif + + +SWIGRUNTIME void +SWIG_InitializeModule(void *clientdata) { + size_t i; + swig_module_info *module_head, *iter; + int found; + + clientdata = clientdata; + + /* check to see if the circular list has been setup, if not, set it up */ + if (swig_module.next==0) { + /* Initialize the swig_module */ + swig_module.type_initial = swig_type_initial; + swig_module.cast_initial = swig_cast_initial; + swig_module.next = &swig_module; + } + + /* Try and load any already created modules */ + module_head = SWIG_GetModule(clientdata); + if (!module_head) { + /* This is the first module loaded for this interpreter */ + /* so set the swig module into the interpreter */ + SWIG_SetModule(clientdata, &swig_module); + module_head = &swig_module; + } else { + /* the interpreter has loaded a SWIG module, but has it loaded this one? */ + found=0; + iter=module_head; + do { + if (iter==&swig_module) { + found=1; + break; + } + iter=iter->next; + } while (iter!= module_head); + + /* if the is found in the list, then all is done and we may leave */ + if (found) return; + /* otherwise we must add out module into the list */ + swig_module.next = module_head->next; + module_head->next = &swig_module; + } + + /* Now work on filling in swig_module.types */ +#ifdef SWIGRUNTIME_DEBUG + printf("SWIG_InitializeModule: size %d\n", swig_module.size); +#endif + for (i = 0; i < swig_module.size; ++i) { + swig_type_info *type = 0; + swig_type_info *ret; + swig_cast_info *cast; + +#ifdef SWIGRUNTIME_DEBUG + printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name); +#endif + + /* if there is another module already loaded */ + if (swig_module.next != &swig_module) { + type = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, swig_module.type_initial[i]->name); + } + if (type) { + /* Overwrite clientdata field */ +#ifdef SWIGRUNTIME_DEBUG + printf("SWIG_InitializeModule: found type %s\n", type->name); +#endif + if (swig_module.type_initial[i]->clientdata) { + type->clientdata = swig_module.type_initial[i]->clientdata; +#ifdef SWIGRUNTIME_DEBUG + printf("SWIG_InitializeModule: found and overwrite type %s \n", type->name); +#endif + } + } else { + type = swig_module.type_initial[i]; + } + + /* Insert casting types */ + cast = swig_module.cast_initial[i]; + while (cast->type) { + /* Don't need to add information already in the list */ + ret = 0; +#ifdef SWIGRUNTIME_DEBUG + printf("SWIG_InitializeModule: look cast %s\n", cast->type->name); +#endif + if (swig_module.next != &swig_module) { + ret = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, cast->type->name); +#ifdef SWIGRUNTIME_DEBUG + if (ret) printf("SWIG_InitializeModule: found cast %s\n", ret->name); +#endif + } + if (ret) { + if (type == swig_module.type_initial[i]) { +#ifdef SWIGRUNTIME_DEBUG + printf("SWIG_InitializeModule: skip old type %s\n", ret->name); +#endif + cast->type = ret; + ret = 0; + } else { + /* Check for casting already in the list */ + swig_cast_info *ocast = SWIG_TypeCheck(ret->name, type); +#ifdef SWIGRUNTIME_DEBUG + if (ocast) printf("SWIG_InitializeModule: skip old cast %s\n", ret->name); +#endif + if (!ocast) ret = 0; + } + } + + if (!ret) { +#ifdef SWIGRUNTIME_DEBUG + printf("SWIG_InitializeModule: adding cast %s\n", cast->type->name); +#endif + if (type->cast) { + type->cast->prev = cast; + cast->next = type->cast; + } + type->cast = cast; + } + cast++; + } + /* Set entry in modules->types array equal to the type */ + swig_module.types[i] = type; + } + swig_module.types[i] = 0; + +#ifdef SWIGRUNTIME_DEBUG + printf("**** SWIG_InitializeModule: Cast List ******\n"); + for (i = 0; i < swig_module.size; ++i) { + int j = 0; + swig_cast_info *cast = swig_module.cast_initial[i]; + printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name); + while (cast->type) { + printf("SWIG_InitializeModule: cast type %s\n", cast->type->name); + cast++; + ++j; + } + printf("---- Total casts: %d\n",j); + } + printf("**** SWIG_InitializeModule: Cast List ******\n"); +#endif +} + +/* This function will propagate the clientdata field of type to +* any new swig_type_info structures that have been added into the list +* of equivalent types. It is like calling +* SWIG_TypeClientData(type, clientdata) a second time. +*/ +SWIGRUNTIME void +SWIG_PropagateClientData(void) { + size_t i; + swig_cast_info *equiv; + static int init_run = 0; + + if (init_run) return; + init_run = 1; + + for (i = 0; i < swig_module.size; i++) { + if (swig_module.types[i]->clientdata) { + equiv = swig_module.types[i]->cast; + while (equiv) { + if (!equiv->converter) { + if (equiv->type && !equiv->type->clientdata) + SWIG_TypeClientData(equiv->type, swig_module.types[i]->clientdata); + } + equiv = equiv->next; + } + } + } +} + +#ifdef __cplusplus +#if 0 +{ + /* c-mode */ +#endif +} +#endif + + + +#ifdef __cplusplus +extern "C" { +#endif + + /* Python-specific SWIG API */ +#define SWIG_newvarlink() SWIG_Python_newvarlink() +#define SWIG_addvarlink(p, name, get_attr, set_attr) SWIG_Python_addvarlink(p, name, get_attr, set_attr) +#define SWIG_InstallConstants(d, constants) SWIG_Python_InstallConstants(d, constants) + + /* ----------------------------------------------------------------------------- + * global variable support code. + * ----------------------------------------------------------------------------- */ + + typedef struct swig_globalvar { + char *name; /* Name of global variable */ + PyObject *(*get_attr)(void); /* Return the current value */ + int (*set_attr)(PyObject *); /* Set the value */ + struct swig_globalvar *next; + } swig_globalvar; + + typedef struct swig_varlinkobject { + PyObject_HEAD + swig_globalvar *vars; + } swig_varlinkobject; + + SWIGINTERN PyObject * + swig_varlink_repr(swig_varlinkobject *SWIGUNUSEDPARM(v)) { + return PyString_FromString("<Swig global variables>"); + } + + SWIGINTERN PyObject * + swig_varlink_str(swig_varlinkobject *v) { + PyObject *str = PyString_FromString("("); + swig_globalvar *var; + for (var = v->vars; var; var=var->next) { + PyString_ConcatAndDel(&str,PyString_FromString(var->name)); + if (var->next) PyString_ConcatAndDel(&str,PyString_FromString(", ")); + } + PyString_ConcatAndDel(&str,PyString_FromString(")")); + return str; + } + + SWIGINTERN int + swig_varlink_print(swig_varlinkobject *v, FILE *fp, int SWIGUNUSEDPARM(flags)) { + PyObject *str = swig_varlink_str(v); + fprintf(fp,"Swig global variables "); + fprintf(fp,"%s\n", PyString_AsString(str)); + Py_DECREF(str); + return 0; + } + + SWIGINTERN void + swig_varlink_dealloc(swig_varlinkobject *v) { + swig_globalvar *var = v->vars; + while (var) { + swig_globalvar *n = var->next; + free(var->name); + free(var); + var = n; + } + } + + SWIGINTERN PyObject * + swig_varlink_getattr(swig_varlinkobject *v, char *n) { + PyObject *res = NULL; + swig_globalvar *var = v->vars; + while (var) { + if (strcmp(var->name,n) == 0) { + res = (*var->get_attr)(); + break; + } + var = var->next; + } + if (res == NULL && !PyErr_Occurred()) { + PyErr_SetString(PyExc_NameError,"Unknown C global variable"); + } + return res; + } + + SWIGINTERN int + swig_varlink_setattr(swig_varlinkobject *v, char *n, PyObject *p) { + int res = 1; + swig_globalvar *var = v->vars; + while (var) { + if (strcmp(var->name,n) == 0) { + res = (*var->set_attr)(p); + break; + } + var = var->next; + } + if (res == 1 && !PyErr_Occurred()) { + PyErr_SetString(PyExc_NameError,"Unknown C global variable"); + } + return res; + } + + SWIGINTERN PyTypeObject* + swig_varlink_type(void) { + static char varlink__doc__[] = "Swig var link object"; + static PyTypeObject varlink_type; + static int type_init = 0; + if (!type_init) { + const PyTypeObject tmp + = { + PyObject_HEAD_INIT(NULL) + 0, /* Number of items in variable part (ob_size) */ + (char *)"swigvarlink", /* Type name (tp_name) */ + sizeof(swig_varlinkobject), /* Basic size (tp_basicsize) */ + 0, /* Itemsize (tp_itemsize) */ + (destructor) swig_varlink_dealloc, /* Deallocator (tp_dealloc) */ + (printfunc) swig_varlink_print, /* Print (tp_print) */ + (getattrfunc) swig_varlink_getattr, /* get attr (tp_getattr) */ + (setattrfunc) swig_varlink_setattr, /* Set attr (tp_setattr) */ + 0, /* tp_compare */ + (reprfunc) swig_varlink_repr, /* tp_repr */ + 0, /* tp_as_number */ + 0, /* tp_as_sequence */ + 0, /* tp_as_mapping */ + 0, /* tp_hash */ + 0, /* tp_call */ + (reprfunc)swig_varlink_str, /* tp_str */ + 0, /* tp_getattro */ + 0, /* tp_setattro */ + 0, /* tp_as_buffer */ + 0, /* tp_flags */ + varlink__doc__, /* tp_doc */ + 0, /* tp_traverse */ + 0, /* tp_clear */ + 0, /* tp_richcompare */ + 0, /* tp_weaklistoffset */ +#if PY_VERSION_HEX >= 0x02020000 + 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, /* tp_iter -> tp_weaklist */ +#endif +#if PY_VERSION_HEX >= 0x02030000 + 0, /* tp_del */ +#endif +#ifdef COUNT_ALLOCS + 0,0,0,0 /* tp_alloc -> tp_next */ +#endif + }; + varlink_type = tmp; + varlink_type.ob_type = &PyType_Type; + type_init = 1; + } + return &varlink_type; + } + + /* Create a variable linking object for use later */ + SWIGINTERN PyObject * + SWIG_Python_newvarlink(void) { + swig_varlinkobject *result = PyObject_NEW(swig_varlinkobject, swig_varlink_type()); + if (result) { + result->vars = 0; + } + return ((PyObject*) result); + } + + SWIGINTERN void + SWIG_Python_addvarlink(PyObject *p, char *name, PyObject *(*get_attr)(void), int (*set_attr)(PyObject *p)) { + swig_varlinkobject *v = (swig_varlinkobject *) p; + swig_globalvar *gv = (swig_globalvar *) malloc(sizeof(swig_globalvar)); + if (gv) { + size_t size = strlen(name)+1; + gv->name = (char *)malloc(size); + if (gv->name) { + strncpy(gv->name,name,size); + gv->get_attr = get_attr; + gv->set_attr = set_attr; + gv->next = v->vars; + } + } + v->vars = gv; + } + + SWIGINTERN PyObject * + SWIG_globals(void) { + static PyObject *_SWIG_globals = 0; + if (!_SWIG_globals) _SWIG_globals = SWIG_newvarlink(); + return _SWIG_globals; + } + + /* ----------------------------------------------------------------------------- + * constants/methods manipulation + * ----------------------------------------------------------------------------- */ + + /* Install Constants */ + SWIGINTERN void + SWIG_Python_InstallConstants(PyObject *d, swig_const_info constants[]) { + PyObject *obj = 0; + size_t i; + for (i = 0; constants[i].type; ++i) { + switch(constants[i].type) { + case SWIG_PY_POINTER: + obj = SWIG_NewPointerObj(constants[i].pvalue, *(constants[i]).ptype,0); + break; + case SWIG_PY_BINARY: + obj = SWIG_NewPackedObj(constants[i].pvalue, constants[i].lvalue, *(constants[i].ptype)); + break; + default: + obj = 0; + break; + } + if (obj) { + PyDict_SetItemString(d, constants[i].name, obj); + Py_DECREF(obj); + } + } + } + + /* -----------------------------------------------------------------------------*/ + /* Fix SwigMethods to carry the callback ptrs when needed */ + /* -----------------------------------------------------------------------------*/ + + SWIGINTERN void + SWIG_Python_FixMethods(PyMethodDef *methods, + swig_const_info *const_table, + swig_type_info **types, + swig_type_info **types_initial) { + size_t i; + for (i = 0; methods[i].ml_name; ++i) { + const char *c = methods[i].ml_doc; + if (c && (c = strstr(c, "swig_ptr: "))) { + int j; + swig_const_info *ci = 0; + const char *name = c + 10; + for (j = 0; const_table[j].type; ++j) { + if (strncmp(const_table[j].name, name, + strlen(const_table[j].name)) == 0) { + ci = &(const_table[j]); + break; + } + } + if (ci) { + size_t shift = (ci->ptype) - types; + swig_type_info *ty = types_initial[shift]; + size_t ldoc = (c - methods[i].ml_doc); + size_t lptr = strlen(ty->name)+2*sizeof(void*)+2; + char *ndoc = (char*)malloc(ldoc + lptr + 10); + if (ndoc) { + char *buff = ndoc; + void *ptr = (ci->type == SWIG_PY_POINTER) ? ci->pvalue : 0; + if (ptr) { + strncpy(buff, methods[i].ml_doc, ldoc); + buff += ldoc; + strncpy(buff, "swig_ptr: ", 10); + buff += 10; + SWIG_PackVoidPtr(buff, ptr, ty->name, lptr); + methods[i].ml_doc = ndoc; + } + } + } + } + } + } + +#ifdef __cplusplus +} +#endif + +/* -----------------------------------------------------------------------------* + * Partial Init method + * -----------------------------------------------------------------------------*/ + +#ifdef __cplusplus +extern "C" +#endif +SWIGEXPORT void SWIG_init(void) { + PyObject *m, *d; + + /* Fix SwigMethods to carry the callback ptrs when needed */ + SWIG_Python_FixMethods(SwigMethods, swig_const_table, swig_types, swig_type_initial); + + m = Py_InitModule((char *) SWIG_name, SwigMethods); + d = PyModule_GetDict(m); + + SWIG_InitializeModule(0); + SWIG_InstallConstants(d,swig_const_table); + + + SWIG_Python_SetConstant(d, "SELINUX_CB_LOG",SWIG_From_int((int)(0))); + SWIG_Python_SetConstant(d, "SELINUX_CB_AUDIT",SWIG_From_int((int)(1))); + SWIG_Python_SetConstant(d, "SELINUX_CB_VALIDATE",SWIG_From_int((int)(2))); + SWIG_Python_SetConstant(d, "SELINUX_ERROR",SWIG_From_int((int)(0))); + SWIG_Python_SetConstant(d, "SELINUX_WARNING",SWIG_From_int((int)(1))); + SWIG_Python_SetConstant(d, "SELINUX_INFO",SWIG_From_int((int)(2))); + SWIG_Python_SetConstant(d, "SELINUX_AVC",SWIG_From_int((int)(3))); + SWIG_Python_SetConstant(d, "MATCHPATHCON_BASEONLY",SWIG_From_int((int)(1))); + SWIG_Python_SetConstant(d, "MATCHPATHCON_NOTRANS",SWIG_From_int((int)(2))); + SWIG_Python_SetConstant(d, "MATCHPATHCON_VALIDATE",SWIG_From_int((int)(4))); + SWIG_Python_SetConstant(d, "AVC_OPT_UNUSED",SWIG_From_int((int)(0))); + SWIG_Python_SetConstant(d, "AVC_OPT_SETENFORCE",SWIG_From_int((int)(1))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_GRANT",SWIG_From_int((int)(1))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_TRY_REVOKE",SWIG_From_int((int)(2))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_REVOKE",SWIG_From_int((int)(4))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_RESET",SWIG_From_int((int)(8))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITALLOW_ENABLE",SWIG_From_int((int)(16))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITALLOW_DISABLE",SWIG_From_int((int)(32))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITDENY_ENABLE",SWIG_From_int((int)(64))); + SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITDENY_DISABLE",SWIG_From_int((int)(128))); + SWIG_Python_SetConstant(d, "AVC_CACHE_STATS",SWIG_From_int((int)(1))); + SWIG_Python_SetConstant(d, "SELINUX_DEFAULTUSER",SWIG_FromCharPtr("user_u")); +} + diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c new file mode 100644 index 00000000..e5e7612f --- /dev/null +++ b/libselinux/src/setenforce.c @@ -0,0 +1,37 @@ +#include <unistd.h> +#include <sys/types.h> +#include <fcntl.h> +#include <stdlib.h> +#include <errno.h> +#include <string.h> +#include "selinux_internal.h" +#include "policy.h" +#include <stdio.h> +#include <limits.h> + +int security_setenforce(int value) +{ + int fd, ret; + char path[PATH_MAX]; + char buf[20]; + + if (!selinux_mnt) { + errno = ENOENT; + return -1; + } + + snprintf(path, sizeof path, "%s/enforce", selinux_mnt); + fd = open(path, O_RDWR); + if (fd < 0) + return -1; + + snprintf(buf, sizeof buf, "%d", value); + ret = write(fd, buf, strlen(buf)); + close(fd); + if (ret < 0) + return -1; + + return 0; +} + +hidden_def(security_setenforce) diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c new file mode 100644 index 00000000..8c633efb --- /dev/null +++ b/libselinux/src/setfilecon.c @@ -0,0 +1,31 @@ +#include <unistd.h> +#include <fcntl.h> +#include <string.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/xattr.h> +#include "selinux_internal.h" +#include "policy.h" + +int setfilecon_raw(const char *path, security_context_t context) +{ + return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1, + 0); +} + +hidden_def(setfilecon_raw) + +int setfilecon(const char *path, security_context_t context) +{ + int ret; + security_context_t rcontext = context; + + if (selinux_trans_to_raw_context(context, &rcontext)) + return -1; + + ret = setfilecon_raw(path, rcontext); + + freecon(rcontext); + + return ret; +} diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c new file mode 100644 index 00000000..a02f4076 --- /dev/null +++ b/libselinux/src/setrans_client.c @@ -0,0 +1,345 @@ +/* Author: Trusted Computer Solutions, Inc. + * + * Modified: + * Yuichi Nakamura <ynakam@hitachisoft.jp> + - Stubs are used when DISABLE_SETRANS is defined, + it is to reduce size for such as embedded devices. +*/ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/un.h> + +#include <errno.h> +#include <stdlib.h> +#include <netdb.h> +#include <fcntl.h> +#include <stdio.h> +#include <string.h> +#include <ctype.h> +#include <unistd.h> +#include "dso.h" +#include "selinux_internal.h" +#include "setrans_internal.h" + +#ifndef DISABLE_SETRANS +static int mls_enabled = -1; + +// Simple cache +static __thread security_context_t prev_t2r_trans = NULL; +static __thread security_context_t prev_t2r_raw = NULL; +static __thread security_context_t prev_r2t_trans = NULL; +static __thread security_context_t prev_r2t_raw = NULL; + +/* + * setransd_open + * + * This function opens a socket to the setransd. + * Returns: on success, a file descriptor ( >= 0 ) to the socket + * on error, a negative value + */ +static int setransd_open(void) +{ + struct sockaddr_un addr; + int fd; +#ifdef SOCK_CLOEXEC + fd = socket(PF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); + if (fd < 0 && errno == EINVAL) +#endif + { + fd = socket(PF_UNIX, SOCK_STREAM, 0); + if (fd >= 0) + fcntl(fd, F_SETFD, FD_CLOEXEC); + } + if (fd < 0) + return -1; + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, SETRANS_UNIX_SOCKET, sizeof(addr.sun_path)); + if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) { + close(fd); + return -1; + } + + return fd; +} + +/* Returns: 0 on success, <0 on failure */ +static int +send_request(int fd, uint32_t function, const char *data1, const char *data2) +{ + struct msghdr msgh; + struct iovec iov[5]; + uint32_t data1_size; + uint32_t data2_size; + ssize_t count, expected; + unsigned int i; + + if (fd < 0) + return -1; + + if (!data1) + data1 = ""; + if (!data2) + data2 = ""; + + data1_size = strlen(data1) + 1; + data2_size = strlen(data2) + 1; + + iov[0].iov_base = &function; + iov[0].iov_len = sizeof(function); + iov[1].iov_base = &data1_size; + iov[1].iov_len = sizeof(data1_size); + iov[2].iov_base = &data2_size; + iov[2].iov_len = sizeof(data2_size); + iov[3].iov_base = (char *)data1; + iov[3].iov_len = data1_size; + iov[4].iov_base = (char *)data2; + iov[4].iov_len = data2_size; + memset(&msgh, 0, sizeof(msgh)); + msgh.msg_iov = iov; + msgh.msg_iovlen = sizeof(iov) / sizeof(iov[0]); + + expected = 0; + for (i = 0; i < sizeof(iov) / sizeof(iov[0]); i++) + expected += iov[i].iov_len; + + while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0) + && (errno == EINTR)) ; + if (count < 0 || count != expected) + return -1; + + return 0; +} + +/* Returns: 0 on success, <0 on failure */ +static int +receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val) +{ + struct iovec resp_hdr[3]; + uint32_t func; + uint32_t data_size; + char *data; + struct iovec resp_data; + ssize_t count; + + if (fd < 0) + return -1; + + resp_hdr[0].iov_base = &func; + resp_hdr[0].iov_len = sizeof(func); + resp_hdr[1].iov_base = &data_size; + resp_hdr[1].iov_len = sizeof(data_size); + resp_hdr[2].iov_base = ret_val; + resp_hdr[2].iov_len = sizeof(*ret_val); + + while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ; + if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) { + return -1; + } + + if (func != function || !data_size || data_size > MAX_DATA_BUF) { + return -1; + } + + data = malloc(data_size); + if (!data) { + return -1; + } + + resp_data.iov_base = data; + resp_data.iov_len = data_size; + + while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)) ; + if (count < 0 || (uint32_t) count != data_size || + data[data_size - 1] != '\0') { + free(data); + return -1; + } + *outdata = data; + return 0; +} + +static int raw_to_trans_context(char *raw, char **transp) +{ + int ret; + int32_t ret_val; + int fd; + + *transp = NULL; + + fd = setransd_open(); + if (fd < 0) + return fd; + + ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL); + if (ret) + goto out; + + ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val); + if (ret) + goto out; + + ret = ret_val; + out: + close(fd); + return ret; +} + +static int trans_to_raw_context(char *trans, char **rawp) +{ + int ret; + int32_t ret_val; + int fd; + + *rawp = NULL; + + fd = setransd_open(); + if (fd < 0) + return fd; + ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL); + if (ret) + goto out; + + ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val); + if (ret) + goto out; + + ret = ret_val; + out: + close(fd); + return ret; +} + +hidden void fini_context_translations(void) +{ + free(prev_r2t_trans); + free(prev_r2t_raw); + free(prev_t2r_trans); + free(prev_t2r_raw); +} + +hidden int init_context_translations(void) +{ + mls_enabled = is_selinux_mls_enabled(); + return 0; +} + +int selinux_trans_to_raw_context(security_context_t trans, + security_context_t * rawp) +{ + if (!trans) { + *rawp = NULL; + return 0; + } + + if (!mls_enabled) { + *rawp = strdup(trans); + goto out; + } + + if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) { + *rawp = strdup(prev_t2r_raw); + } else { + free(prev_t2r_trans); + prev_t2r_trans = NULL; + free(prev_t2r_raw); + prev_t2r_raw = NULL; + if (trans_to_raw_context(trans, rawp)) + *rawp = strdup(trans); + if (*rawp) { + prev_t2r_trans = strdup(trans); + if (!prev_t2r_trans) + goto out; + prev_t2r_raw = strdup(*rawp); + if (!prev_t2r_raw) { + free(prev_t2r_trans); + prev_t2r_trans = NULL; + } + } + } + out: + return *rawp ? 0 : -1; +} + +hidden_def(selinux_trans_to_raw_context) + +int selinux_raw_to_trans_context(security_context_t raw, + security_context_t * transp) +{ + if (!raw) { + *transp = NULL; + return 0; + } + + if (!mls_enabled) { + *transp = strdup(raw); + goto out; + } + + if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) { + *transp = strdup(prev_r2t_trans); + } else { + free(prev_r2t_raw); + prev_r2t_raw = NULL; + free(prev_r2t_trans); + prev_r2t_trans = NULL; + if (raw_to_trans_context(raw, transp)) + *transp = strdup(raw); + if (*transp) { + prev_r2t_raw = strdup(raw); + if (!prev_r2t_raw) + goto out; + prev_r2t_trans = strdup(*transp); + if (!prev_r2t_trans) { + free(prev_r2t_raw); + prev_r2t_raw = NULL; + } + } + } + out: + return *transp ? 0 : -1; +} + +hidden_def(selinux_raw_to_trans_context) +#else /*DISABLE_SETRANS*/ + +hidden void fini_context_translations(void) +{ +} + +hidden int init_context_translations(void) +{ + return 0; +} + +int selinux_trans_to_raw_context(security_context_t trans, + security_context_t * rawp) +{ + if (!trans) { + *rawp = NULL; + return 0; + } + + *rawp = strdup(trans); + + return *rawp ? 0 : -1; +} + +hidden_def(selinux_trans_to_raw_context) + +int selinux_raw_to_trans_context(security_context_t raw, + security_context_t * transp) +{ + if (!raw) { + *transp = NULL; + return 0; + } + *transp = strdup(raw); + + return *transp ? 0 : -1; +} + +hidden_def(selinux_raw_to_trans_context) +#endif /*DISABLE_SETRANS*/ diff --git a/libselinux/src/setrans_internal.h b/libselinux/src/setrans_internal.h new file mode 100644 index 00000000..4e04b54c --- /dev/null +++ b/libselinux/src/setrans_internal.h @@ -0,0 +1,10 @@ +/* Author: Trusted Computer Solutions, Inc. */ + +#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix" + +#define RAW_TO_TRANS_CONTEXT 2 +#define TRANS_TO_RAW_CONTEXT 3 +#define MAX_DATA_BUF 8192 + +extern int init_context_translations(void); +extern void fini_context_translations(void); diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c new file mode 100644 index 00000000..d6fb29b0 --- /dev/null +++ b/libselinux/src/seusers.c @@ -0,0 +1,245 @@ +#include <unistd.h> +#include <fcntl.h> +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <stdio_ext.h> +#include <ctype.h> +#include <selinux/selinux.h> +#include <selinux/context.h> +#include "selinux_internal.h" + +/* Process line from seusers.conf and split into its fields. + Returns 0 on success, -1 on comments, and -2 on error. */ +static int process_seusers(const char *buffer, + char **luserp, + char **seuserp, char **levelp, int mls_enabled) +{ + char *newbuf = strdup(buffer); + char *luser = NULL, *seuser = NULL, *level = NULL; + char *start, *end; + int mls_found = 1; + + if (!newbuf) + goto err; + + start = newbuf; + while (isspace(*start)) + start++; + if (*start == '#' || *start == 0) { + free(newbuf); + return -1; /* Comment or empty line, skip over */ + } + end = strchr(start, ':'); + if (!end) + goto err; + *end = 0; + + luser = strdup(start); + if (!luser) + goto err; + + start = end + 1; + end = strchr(start, ':'); + if (!end) { + mls_found = 0; + + end = start; + while (*end && !isspace(*end)) + end++; + } + *end = 0; + + seuser = strdup(start); + if (!seuser) + goto err; + + if (!strcmp(seuser, "")) + goto err; + + /* Skip MLS if disabled, or missing. */ + if (!mls_enabled || !mls_found) + goto out; + + start = ++end; + while (*end && !isspace(*end)) + end++; + *end = 0; + + level = strdup(start); + if (!level) + goto err; + + if (!strcmp(level, "")) + goto err; + + out: + free(newbuf); + *luserp = luser; + *seuserp = seuser; + *levelp = level; + return 0; + err: + free(newbuf); + free(luser); + free(seuser); + free(level); + return -2; /* error */ +} + +int require_seusers hidden = 0; + +#include <pwd.h> +#include <grp.h> + +static gid_t get_default_gid(const char *name) { + struct passwd pwstorage, *pwent = NULL; + gid_t gid = -1; + /* Allocate space for the getpwnam_r buffer */ + long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX); + if (rbuflen <= 0) return -1; + char *rbuf = malloc(rbuflen); + if (rbuf == NULL) return -1; + + int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent); + if (retval == 0 && pwent) { + gid = pwent->pw_gid; + } + free(rbuf); + return gid; +} + +static int check_group(const char *group, const char *name, const gid_t gid) { + int match = 0; + int i, ng = 0; + gid_t *groups = NULL; + struct group gbuf, *grent = NULL; + + long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX); + if (rbuflen <= 0) + return 0; + char *rbuf = malloc(rbuflen); + if (rbuf == NULL) + return 0; + + if (getgrnam_r(group, &gbuf, rbuf, rbuflen, + &grent) != 0) + goto done; + + if (getgrouplist(name, gid, NULL, &ng) < 0) { + groups = (gid_t *) malloc(sizeof (gid_t) * ng); + if (!groups) goto done; + if (getgrouplist(name, gid, groups, &ng) < 0) goto done; + } + + for (i = 0; i < ng; i++) { + if (grent->gr_gid == groups[i]) { + match = 1; + goto done; + } + } + + done: + free(groups); + free(rbuf); + return match; +} + +int getseuserbyname(const char *name, char **r_seuser, char **r_level) +{ + FILE *cfg = NULL; + size_t size = 0; + char *buffer = NULL; + int rc; + unsigned long lineno = 0; + int mls_enabled = is_selinux_mls_enabled(); + + char *username = NULL; + char *seuser = NULL; + char *level = NULL; + char *groupseuser = NULL; + char *grouplevel = NULL; + char *defaultseuser = NULL; + char *defaultlevel = NULL; + + gid_t gid = get_default_gid(name); + + cfg = fopen(selinux_usersconf_path(), "r"); + if (!cfg) + goto nomatch; + + __fsetlocking(cfg, FSETLOCKING_BYCALLER); + while (getline(&buffer, &size, cfg) > 0) { + ++lineno; + rc = process_seusers(buffer, &username, &seuser, &level, + mls_enabled); + if (rc == -1) + continue; /* comment, skip */ + if (rc == -2) { + fprintf(stderr, "%s: error on line %lu, skipping...\n", + selinux_usersconf_path(), lineno); + continue; + } + + if (!strcmp(username, name)) + break; + + if (username[0] == '%' && + !groupseuser && + check_group(&username[1], name, gid)) { + groupseuser = seuser; + grouplevel = level; + } else { + if (!defaultseuser && + !strcmp(username, "__default__")) { + defaultseuser = seuser; + defaultlevel = level; + } else { + free(seuser); + free(level); + } + } + free(username); + username = NULL; + seuser = NULL; + } + + free(buffer); + fclose(cfg); + + if (seuser) { + free(username); + free(defaultseuser); + free(defaultlevel); + free(groupseuser); + free(grouplevel); + *r_seuser = seuser; + *r_level = level; + return 0; + } + + if (groupseuser) { + free(defaultseuser); + free(defaultlevel); + *r_seuser = groupseuser; + *r_level = grouplevel; + return 0; + } + + if (defaultseuser) { + *r_seuser = defaultseuser; + *r_level = defaultlevel; + return 0; + } + + nomatch: + if (require_seusers) + return -1; + + /* Fall back to the Linux username and no level. */ + *r_seuser = strdup(name); + if (!(*r_seuser)) + return -1; + *r_level = NULL; + return 0; +} diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c new file mode 100644 index 00000000..19c5bb6c --- /dev/null +++ b/libselinux/src/stringrep.c @@ -0,0 +1,576 @@ +/* + * String representation support for classes and permissions. + */ +#include <sys/stat.h> +#include <dirent.h> +#include <fcntl.h> +#include <limits.h> +#include <unistd.h> +#include <errno.h> +#include <stddef.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <stdint.h> +#include <ctype.h> +#include <selinux/flask.h> +#include <selinux/av_permissions.h> +#include "selinux_internal.h" +#include "policy.h" +#include "mapping.h" + +#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + +/* The following code looks complicated, but it really is not. What it + does is to generate two variables. The first is basically a struct + of arrays. The second is the real array of structures which would + have used string pointers. But instead it now uses an offset value + into the first structure. Strings are accessed indirectly by an + explicit addition of the string index and the base address of the + structure with the strings (all type safe). The advantage is that + there are no relocations necessary in the array with the data as it + would be the case with string pointers. This has advantages at + load time, the data section is smaller, and it is read-only. */ +#define L1(line) L2(line) +#define L2(line) str##line +static const union av_perm_to_string_data { + struct { +#define S_(c, v, s) char L1(__LINE__)[sizeof(s)]; +#include "av_perm_to_string.h" +#undef S_ + }; + char str[0]; +} av_perm_to_string_data = { + { +#define S_(c, v, s) s, +#include "av_perm_to_string.h" +#undef S_ + } +}; +static const struct av_perm_to_string { + uint16_t tclass; + uint16_t nameidx; + uint32_t value; +} av_perm_to_string[] = { +#define S_(c, v, s) { c, offsetof(union av_perm_to_string_data, L1(__LINE__)), v }, +#include "av_perm_to_string.h" +#undef S_ +}; + +#undef L1 +#undef L2 + +#define L1(line) L2(line) +#define L2(line) str##line +static const union class_to_string_data { + struct { +#define S_(s) char L1(__LINE__)[sizeof(s)]; +#include "class_to_string.h" +#undef S_ + }; + char str[0]; +} class_to_string_data = { + { +#define S_(s) s, +#include "class_to_string.h" +#undef S_ + } +}; +static const uint16_t class_to_string[] = { +#define S_(s) offsetof(union class_to_string_data, L1(__LINE__)), +#include "class_to_string.h" +#undef S_ +}; + +#undef L1 +#undef L2 + +static const union common_perm_to_string_data { + struct { +#define L1(line) L2(line) +#define L2(line) str##line +#define S_(s) char L1(__LINE__)[sizeof(s)]; +#define TB_(s) +#define TE_(s) +#include "common_perm_to_string.h" +#undef S_ +#undef L1 +#undef L2 + }; + char str[0]; +} common_perm_to_string_data = { + { +#define S_(s) s, +#include "common_perm_to_string.h" +#undef S_ +#undef TB_ +#undef TE_ + } +}; +static const union common_perm_to_string { + struct { +#define TB_(s) struct { +#define TE_(s) } s##_part; +#define S_(s) uint16_t L1(__LINE__) +#define L1(l) L2(l) +#define L2(l) field_##l; +#include "common_perm_to_string.h" +#undef TB_ +#undef TE_ +#undef S_ +#undef L1 +#undef L2 + }; + uint16_t data[0]; +} common_perm_to_string = { + { +#define TB_(s) { +#define TE_(s) }, +#define S_(s) offsetof(union common_perm_to_string_data, L1(__LINE__)), +#define L1(line) L2(line) +#define L2(line) str##line +#include "common_perm_to_string.h" +#undef TB_ +#undef TE_ +#undef S_ +#undef L1 +#undef L2 + } +}; + +static const struct av_inherit { + uint16_t tclass; + uint16_t common_pts_idx; + uint32_t common_base; +} av_inherit[] = { +#define S_(c, i, b) { c, offsetof(union common_perm_to_string, common_##i##_perm_to_string_part)/sizeof(uint16_t), b }, +#include "av_inherit.h" +#undef S_ +}; + +#define NCLASSES ARRAY_SIZE(class_to_string) +#define NVECTORS ARRAY_SIZE(av_perm_to_string) +#define MAXVECTORS 8*sizeof(access_vector_t) + +extern int obj_class_compat; + +struct discover_class_node { + char *name; + security_class_t value; + char **perms; + + struct discover_class_node *next; +}; + +static struct discover_class_node *discover_class_cache = NULL; + +static struct discover_class_node * get_class_cache_entry_name(const char *s) +{ + struct discover_class_node *node = discover_class_cache; + + for (; node != NULL && strcmp(s,node->name) != 0; node = node->next); + + return node; +} + +static struct discover_class_node * get_class_cache_entry_value(security_class_t c) +{ + struct discover_class_node *node = discover_class_cache; + + for (; node != NULL && c != node->value; node = node->next); + + return node; +} + +static struct discover_class_node * discover_class(const char *s) +{ + int fd, ret; + char path[PATH_MAX]; + char buf[20]; + DIR *dir; + struct dirent *dentry; + size_t i; + + struct discover_class_node *node; + + if (!selinux_mnt) { + errno = ENOENT; + return NULL; + } + + /* allocate a node */ + node = malloc(sizeof(struct discover_class_node)); + if (node == NULL) + return NULL; + + /* allocate array for perms */ + node->perms = calloc(NVECTORS,sizeof(char*)); + if (node->perms == NULL) + goto err1; + + /* load up the name */ + node->name = strdup(s); + if (node->name == NULL) + goto err2; + + /* load up class index */ + snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s); + fd = open(path, O_RDONLY); + if (fd < 0) + goto err3; + + memset(buf, 0, sizeof(buf)); + ret = read(fd, buf, sizeof(buf) - 1); + close(fd); + if (ret < 0) + goto err3; + + if (sscanf(buf, "%u", (unsigned int*)&node->value) != 1) + goto err3; + + /* load up permission indicies */ + snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s); + dir = opendir(path); + if (dir == NULL) + goto err3; + + dentry = readdir(dir); + while (dentry != NULL) { + unsigned int value; + struct stat m; + + snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name); + if (stat(path,&m) < 0) + goto err4; + + if (m.st_mode & S_IFDIR) { + dentry = readdir(dir); + continue; + } + + fd = open(path, O_RDONLY); + if (fd < 0) + goto err4; + + memset(buf, 0, sizeof(buf)); + ret = read(fd, buf, sizeof(buf) - 1); + close(fd); + if (ret < 0) + goto err4; + + if (sscanf(buf, "%u", &value) != 1) + goto err4; + + node->perms[value-1] = strdup(dentry->d_name); + if (node->perms[value-1] == NULL) + goto err4; + + dentry = readdir(dir); + } + closedir(dir); + + node->next = discover_class_cache; + discover_class_cache = node; + + return node; + +err4: + closedir(dir); + for (i=0; i<NVECTORS; i++) + free(node->perms[i]); +err3: + free(node->name); +err2: + free(node->perms); +err1: + free(node); + return NULL; +} + +void flush_class_cache(void) +{ + struct discover_class_node *cur = discover_class_cache, *prev = NULL; + size_t i; + + while (cur != NULL) { + free(cur->name); + + for (i=0 ; i<MAXVECTORS ; i++) + free(cur->perms[i]); + + free(cur->perms); + + prev = cur; + cur = cur->next; + + free(prev); + } + + discover_class_cache = NULL; +} + +static security_class_t string_to_security_class_compat(const char *s) +{ + unsigned int val; + + if (isdigit(s[0])) { + val = atoi(s); + if (val > 0 && val < NCLASSES) + return map_class(val); + } else { + for (val = 0; val < NCLASSES; val++) { + if (strcmp(s, (class_to_string_data.str + + class_to_string[val])) == 0) + return map_class(val); + } + } + + errno = EINVAL; + return 0; +} + +static access_vector_t string_to_av_perm_compat(security_class_t kclass, const char *s) +{ + const uint16_t *common_pts_idx = 0; + access_vector_t perm, common_base = 0; + unsigned int i; + + for (i = 0; i < ARRAY_SIZE(av_inherit); i++) { + if (av_inherit[i].tclass == kclass) { + common_pts_idx = + &common_perm_to_string.data[av_inherit[i]. + common_pts_idx]; + common_base = av_inherit[i].common_base; + break; + } + } + + i = 0; + perm = 1; + while (perm < common_base) { + if (strcmp + (s, + common_perm_to_string_data.str + common_pts_idx[i]) == 0) + return perm; + perm <<= 1; + i++; + } + + for (i = 0; i < NVECTORS; i++) { + if ((av_perm_to_string[i].tclass == kclass) && + (strcmp(s, (av_perm_to_string_data.str + + av_perm_to_string[i].nameidx)) == 0)) + return av_perm_to_string[i].value; + } + + errno = EINVAL; + return 0; +} + +static const char *security_class_to_string_compat(security_class_t tclass) +{ + if (tclass > 0 && tclass < NCLASSES) + return class_to_string_data.str + class_to_string[tclass]; + + errno = EINVAL; + return NULL; +} + +static const char *security_av_perm_to_string_compat(security_class_t tclass, + access_vector_t av) +{ + const uint16_t *common_pts_idx = 0; + access_vector_t common_base = 0; + unsigned int i; + + if (!av) + return NULL; + + for (i = 0; i < ARRAY_SIZE(av_inherit); i++) { + if (av_inherit[i].tclass == tclass) { + common_pts_idx = + &common_perm_to_string.data[av_inherit[i]. + common_pts_idx]; + common_base = av_inherit[i].common_base; + break; + } + } + + if (av < common_base) { + i = 0; + while (!(av & 1)) { + av >>= 1; + i++; + } + return common_perm_to_string_data.str + common_pts_idx[i]; + } + + for (i = 0; i < NVECTORS; i++) { + if (av_perm_to_string[i].tclass == tclass && + av_perm_to_string[i].value == av) + return av_perm_to_string_data.str + + av_perm_to_string[i].nameidx; + } + + errno = EINVAL; + return NULL; +} + +security_class_t string_to_security_class(const char *s) +{ + struct discover_class_node *node; + + if (obj_class_compat) + return string_to_security_class_compat(s); + + node = get_class_cache_entry_name(s); + if (node == NULL) { + node = discover_class(s); + + if (node == NULL) { + errno = EINVAL; + return 0; + } + } + + return map_class(node->value); +} + +access_vector_t string_to_av_perm(security_class_t tclass, const char *s) +{ + struct discover_class_node *node; + security_class_t kclass = unmap_class(tclass); + + if (obj_class_compat) + return map_perm(tclass, string_to_av_perm_compat(kclass, s)); + + node = get_class_cache_entry_value(kclass); + if (node != NULL) { + size_t i; + for (i=0; i<MAXVECTORS && node->perms[i] != NULL; i++) + if (strcmp(node->perms[i],s) == 0) + return map_perm(tclass, 1<<i); + } + + errno = EINVAL; + return 0; +} + +const char *security_class_to_string(security_class_t tclass) +{ + struct discover_class_node *node; + + tclass = unmap_class(tclass); + + if (obj_class_compat) + return security_class_to_string_compat(tclass); + + node = get_class_cache_entry_value(tclass); + if (node == NULL) + return security_class_to_string_compat(tclass); + else + return node->name; +} + +const char *security_av_perm_to_string(security_class_t tclass, + access_vector_t av) +{ + struct discover_class_node *node; + size_t i; + + av = unmap_perm(tclass, av); + tclass = unmap_class(tclass); + + if (obj_class_compat) + return security_av_perm_to_string_compat(tclass,av); + + node = get_class_cache_entry_value(tclass); + if (av && node) + for (i = 0; i<MAXVECTORS; i++) + if ((1<<i) & av) + return node->perms[i]; + + return security_av_perm_to_string_compat(tclass,av); +} + +int security_av_string(security_class_t tclass, access_vector_t av, char **res) +{ + unsigned int i = 0; + size_t len = 5; + access_vector_t tmp = av; + int rc = 0; + const char *str; + char *ptr; + + /* first pass computes the required length */ + while (tmp) { + if (tmp & 1) { + str = security_av_perm_to_string(tclass, av & (1<<i)); + if (str) + len += strlen(str) + 1; + else { + rc = -1; + errno = EINVAL; + goto out; + } + } + tmp >>= 1; + i++; + } + + *res = malloc(len); + if (!*res) { + rc = -1; + goto out; + } + + /* second pass constructs the string */ + i = 0; + tmp = av; + ptr = *res; + + if (!av) { + sprintf(ptr, "null"); + goto out; + } + + ptr += sprintf(ptr, "{ "); + while (tmp) { + if (tmp & 1) + ptr += sprintf(ptr, "%s ", security_av_perm_to_string( + tclass, av & (1<<i))); + tmp >>= 1; + i++; + } + sprintf(ptr, "}"); +out: + return rc; +} + +void print_access_vector(security_class_t tclass, access_vector_t av) +{ + const char *permstr; + access_vector_t bit = 1; + + if (av == 0) { + printf(" null"); + return; + } + + printf(" {"); + + while (av) { + if (av & bit) { + permstr = security_av_perm_to_string(tclass, bit); + if (!permstr) + break; + printf(" %s", permstr); + av &= ~bit; + } + bit <<= 1; + } + + if (av) + printf(" 0x%x", av); + printf(" }"); +} |