This patch fixes the exception handling in libselinux-python bindings

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Wed, 12 Aug 2009 14:34:28 -0400

What do you think of this one.  Removed excess swig cruft, 

You need to run 

make swigify to generate those changes.

--- nsalibselinux/include/selinux/selinux.h	2009-07-07 15:32:32.000000000 -0400
+++ libselinux-2.0.85/include/selinux/selinux.h	2009-08-12 13:36:34.000000000 -0400
@@ -346,7 +347,7 @@
 	const char *perms[sizeof(access_vector_t) * 8 + 1];
 };
 
-int selinux_set_mapping(struct security_class_mapping *map);
+extern int selinux_set_mapping(struct security_class_mapping *map);
 
 /* Common helpers */
 
@@ -556,17 +557,17 @@
 		     char **r_seuser, char **r_level);
 
 /* Compare two file contexts, return 0 if equivalent. */
-int selinux_file_context_cmp(const security_context_t a,
+extern int selinux_file_context_cmp(const security_context_t a,
 			     const security_context_t b);
 
 /* 
  * Verify the context of the file 'path' against policy.
  * Return 0 if correct. 
  */
-int selinux_file_context_verify(const char *path, mode_t mode);
+extern int selinux_file_context_verify(const char *path, mode_t mode);
 
 /* This function sets the file context on to the system defaults returns 0 on success */
-int selinux_lsetfilecon_default(const char *path);
+extern int selinux_lsetfilecon_default(const char *path);
 
 #ifdef __cplusplus
 }
--- nsalibselinux/src/exception.sh	1969-12-31 19:00:00.000000000 -0500
+++ libselinux-2.0.85/src/exception.sh	2009-08-12 13:44:21.000000000 -0400
@@ -0,0 +1,21 @@
+function except() {
+case $1 in
+    selinux_file_context_cmp) # ignore
+    ;;
+    *)
+echo "
+%exception $1 {
+  \$action 
+  if (result < 0) {
+     PyErr_SetFromErrno(PyExc_OSError);
+     return NULL;
+  }
+}
+"
+;;
+esac
+}
+echo '#include "../include/selinux/selinux.h"' > temp.c
+gcc -c temp.c -aux-info temp.aux 
+for i in `awk '/..\/include\/selinux\/selinux.h.*extern int/ { print $6 }' temp.aux`; do except $i ; done 
+rm -f temp.c temp.aux temp.o
--- nsalibselinux/src/Makefile	2009-07-14 11:16:03.000000000 -0400
+++ libselinux-2.0.85/src/Makefile	2009-08-12 12:08:08.000000000 -0400
@@ -82,6 +82,9 @@
 	$(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
 	ln -sf $@ $(TARGET) 
 
+selinuxswig_exception.i: ../include/selinux/selinux.h
+	sh exception.sh > $@ 
+
 audit2why.lo: audit2why.c
 	$(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
 
@@ -100,8 +103,8 @@
 $(SWIGRUBYCOUT): $(SWIGRUBYIF)
 	$(SWIGRUBY) $^
 
-swigify: $(SWIGIF)
-	$(SWIG) $^
+swigify: $(SWIGIF) selinuxswig_exception.i
+	$(SWIG) $<
 
 install: all 
 	test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
@@ -124,7 +127,7 @@
 	/sbin/restorecon $(SHLIBDIR)/$(LIBSO)
 
 clean: 
-	-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
+	-rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~ selinuxswig_exception.i
 
 distclean: clean
 	rm -f $(GENERATED) $(SWIGFILES)
--- nsalibselinux/src/selinuxswig.i	2009-03-12 08:48:48.000000000 -0400
+++ libselinux-2.0.85/src/selinuxswig.i	2009-07-31 08:29:59.000000000 -0400
@@ -4,11 +4,14 @@
 
 %module selinux
 %{
-	#include "selinux/selinux.h"
 	#include "../include/selinux/avc.h"
-	#include "../include/selinux/selinux.h"
-	#include "../include/selinux/get_default_type.h"
+	#include "../include/selinux/av_permissions.h"
+	#include "../include/selinux/context.h"
+	#include "../include/selinux/flask.h"
 	#include "../include/selinux/get_context_list.h"
+	#include "../include/selinux/get_default_type.h"
+	#include "../include/selinux/label.h"
+	#include "../include/selinux/selinux.h"
 %}
 %apply int *OUTPUT { int *enforce };
 %apply int *OUTPUT { size_t * };
@@ -55,8 +58,11 @@
 %ignore avc_netlink_release_fd;
 %ignore avc_netlink_check_nb;
 
-%include "../include/selinux/selinux.h"
 %include "../include/selinux/avc.h"
-%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/av_permissions.h"
+%include "../include/selinux/context.h"
+%include "../include/selinux/flask.h"
 %include "../include/selinux/get_context_list.h"
-
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/label.h"
+%include "../include/selinux/selinux.h"
--- nsalibselinux/src/selinuxswig_python.i	2009-03-06 14:41:45.000000000 -0500
+++ libselinux-2.0.85/src/selinuxswig_python.i	2009-07-31 08:29:59.000000000 -0400
@@ -21,6 +21,15 @@
                              map(restorecon, [os.path.join(dirname, fname)
                                               for fname in fnames]), None)
 
+def copytree(src, dest):
+    """ An SELinux-friendly shutil.copytree method """
+    shutil.copytree(src, dest)
+    restorecon(dest, recursive=True)
+
+def install(src, dest):
+    """ An SELinux-friendly shutil.move method """
+    shutil.move(src, dest)
+    restorecon(dest, recursive=True)
 %}
 
 /* security_get_boolean_names() typemap */
@@ -150,4 +159,5 @@
 	free($1);
 }
 
+%include "selinuxswig_exception.i"
 %include "selinuxswig.i"




