/* Author: James Athey */ %module selinux %{ #include "selinux/selinux.h" %} %pythoncode %{ import shutil, os, errno, stat DISABLED = -1 PERMISSIVE = 0 ENFORCING = 1 def restorecon(path, recursive=False): """ Restore SELinux context on a given path """ try: mode = os.lstat(path)[stat.ST_MODE] status, context = matchpathcon(path, mode) except OSError: path = os.path.realpath(os.path.expanduser(path)) mode = os.lstat(path)[stat.ST_MODE] status, context = matchpathcon(path, mode) if status == 0: try: status, oldcontext = lgetfilecon(path) except OSError as e: if e.errno != errno.ENODATA: raise oldcontext = None if context != oldcontext: lsetfilecon(path, context) if recursive: for root, dirs, files in os.walk(path): for name in files + dirs: restorecon(os.path.join(root, name)) def chcon(path, context, recursive=False): """ Set the SELinux context on a given path """ lsetfilecon(path, context) if recursive: for root, dirs, files in os.walk(path): for name in files + dirs: lsetfilecon(os.path.join(root,name), context) def copytree(src, dest): """ An SELinux-friendly shutil.copytree method """ shutil.copytree(src, dest) restorecon(dest, recursive=True) def install(src, dest): """ An SELinux-friendly shutil.move method """ shutil.move(src, dest) restorecon(dest, recursive=True) %} /* security_get_boolean_names() typemap */ %typemap(argout) (char ***names, int *len) { PyObject* list = PyList_New(*$2); int i; for (i = 0; i < *$2; i++) { PyList_SetItem(list, i, PyBytes_FromString((*$1)[i])); } $result = SWIG_Python_AppendOutput($result, list); } /* return a sid along with the result */ %typemap(argout) (security_id_t * sid) { if (*$1) { %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0)); } else { Py_INCREF(Py_None); %append_output(Py_None); } } %typemap(in,numinputs=0) security_id_t *(security_id_t temp) { $1 = &temp; } %typemap(in, numinputs=0) void *(char *temp=NULL) { $1 = temp; } /* Makes security_compute_user() return a Python list of contexts */ %typemap(argout) (char ***con) { PyObject* plist; int i, len = 0; if (*$1) { while((*$1)[len]) len++; plist = PyList_New(len); for (i = 0; i < len; i++) { PyList_SetItem(plist, i, PyBytes_FromString((*$1)[i]) ); } } else { plist = PyList_New(0); } $result = SWIG_Python_AppendOutput($result, plist); } /* Makes functions in get_context_list.h return a Python list of contexts */ %typemap(argout) (char ***list) { PyObject* plist; int i; if (*$1) { plist = PyList_New(result); for (i = 0; i < result; i++) { PyList_SetItem(plist, i, PyBytes_FromString((*$1)[i]) ); } } else { plist = PyList_New(0); } /* Only return the Python list, don't need to return the length anymore */ $result = plist; } %typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { $1 = &temp; } %typemap(freearg,match="in") char ** ""; %typemap(argout,noblock=1) char ** { if (*$1) { %append_output(SWIG_FromCharPtr(*$1)); freecon(*$1); } else { Py_INCREF(Py_None); %append_output(Py_None); } } %typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) { $1 = &temp; } %typemap(freearg,match="in") char ** ""; %typemap(argout,noblock=1) char ** { if (*$1) { %append_output(SWIG_FromCharPtr(*$1)); free(*$1); } else { Py_INCREF(Py_None); %append_output(Py_None); } } %typemap(in) char * const [] { int i, size; PyObject * s; if (!PySequence_Check($input)) { PyErr_SetString(PyExc_ValueError, "Expected a sequence"); return NULL; } size = PySequence_Size($input); $1 = (char**) malloc(size + 1); for(i = 0; i < size; i++) { if (!PyBytes_Check(PySequence_GetItem($input, i))) { PyErr_SetString(PyExc_ValueError, "Sequence must contain only bytes"); return NULL; } } for(i = 0; i < size; i++) { s = PySequence_GetItem($input, i); $1[i] = (char*) malloc(PyBytes_Size(s) + 1); strcpy($1[i], PyBytes_AsString(s)); } $1[size] = NULL; } %typemap(freearg,match="in") char * const [] { int i = 0; while($1[i]) { free($1[i]); i++; } free($1); } %include "selinuxswig_python_exception.i" %include "selinuxswig.i"