Navigation

← Previous Changeset
Next Changeset →

Changeset 1960

Timestamp:

02/27/08 10:42:48 (9 months ago)

Author:

dsugar

Message:

lots of changes to support checking accesses

Files:

branches/mls/libselinuxjava-plugin/libselinuxjava/antbuild.xml (modified) (2 diffs)
branches/mls/libselinuxjava-plugin/libselinuxjava/selinuxswig.i (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/mls/libselinuxjava-plugin/libselinuxjava/antbuild.xml

r1610	r1960
23	23	</condition>
24	24
	25	<condition property="libdir" value="/usr/lib64">
	26	<and>
	27	<isset property="target_arch" />
	28	<equals arg1="x86_64" arg2="${target_arch}" />
	29	</and>
	30	</condition>
	31
	32	<condition property="libdir" value="/usr/lib">
	33	<not>
	34	<isset property="libdir" />
	35	</not>
	36	</condition>
	37
25	38	<condition property="cross_option" value="-Dfoo">
26	39	<not>
…	…
72	85	<arg value="${target_dir}/libselinuxjava.so"/>
73	86	<arg value="${target_dir}/selinuxswig_wrap.o" />
	87	<arg value="${libdir}/libsepol.a" />
74	88	<arg value="-ldl"/>
	89	<arg value="-lsepol" />
75	90	<arg value="-lselinux"/>
76	91	</exec>

branches/mls/libselinuxjava-plugin/libselinuxjava/selinuxswig.i

r1956	r1960
3	3	#include <selinux/selinux.h>
4	4	#include <string.h>
	5	#include <sepol/sepol.h>
	6	#include <sepol/policydb/services.h>
	7	#include <sepol/policydb/sidtab.h>
	8	#include <sepol/policydb/flask_types.h>
5	9	#include <sys/stat.h>
	10
	11	typedef struct sepol_av_decision sepol_decision;
6	12	%}
7	13
8
9
	14	%include "typemaps.i"
	15
	16
	17	// libselinux stuff
10	18	int is_selinux_enabled (void);
11	19	int is_selinux_mls_enabled (void);
…	…
14	22	int framework_ignore_invalid_con();
15	23
16
17		%typemap(newfree) char * "free($1);";
	24	%typemap(newfree) const char * "free($1);";
18	25	%newobject matchpathconex;
19		char matchpathconex(const char i_sName, int i_nMode);
	26	const char matchpathconex(const char i_sName, int i_nMode);
20	27
21	28
…	…
33	40	}
34	41
35		char matchpathconex(const char i_sName, int i_nMode)
	42	const char matchpathconex(const char i_sName, int i_nMode)
36	43	{
37	44	security_context_t oCon;
…	…
51	58	// These constants are pulled from sys/stat.h
52	59	%constant long S_IFDIR = S_IFDIR;
	60
	61	/*
	62	%typemap(in) (signed char *i_pData, int i_nLen) {
	63	jbyte lData = (jbyte) $input;
	64	$1 = lData;
	65	$2 = lData.length;
	66	}
	67	*/
	68	//%apply (signed char DATA, int LENGTH) { ( signed char i_pData, int i_nLen) };
	69
	70	%typemap(jni) (signed char *i_pData, int i_nLen) "jbyteArray"
	71	%typemap(jtype) (signed char *i_pData, int i_nLen) "byte[]"
	72	%typemap(jstype) (signed char *i_pData, int i_nLen) "byte[]"
	73
	74	%typemap(javain) (signed char *i_pData, int i_nLen) "$javainput"
	75
	76	%typemap(in) (signed char *i_pData, int i_nLen)
	77	{
	78	jboolean bIsCopy = JNI_FALSE;
	79
	80	//printf("Is data copy(1): %d\n", bIsCopy);
	81
	82	$1 = (*jenv)->GetByteArrayElements(jenv, $input, &bIsCopy);
	83	$2 = (*jenv)->GetArrayLength(jenv, $input);
	84
	85	//printf("Is data copy(2): %d\n", bIsCopy);
	86	}
	87
	88	%typemap(freearg) (signed char *i_pData, int i_nLen)
	89	{
	90	//TODO: do I need to release this data?? It is quite a lot of data!!
	91	// (*jenv)->ReleaseByteArrayElements(jenv, $input, $1, 0);
	92	}
	93
	94	typedef struct policy_file {} policy_file_t;
	95
	96	%extend policy_file_t
	97	{
	98	policy_file_t (signed char *i_pData, int i_nLen)
	99	// policy_file_t (ByteArrayStruct bas)
	100	{
	101	policy_file_t *result = malloc(sizeof (policy_file_t));
	102	result->type = PF_USE_MEMORY;
	103	result->data = (char *) i_pData;
	104	result->len = i_nLen;
	105
	106	return result;
	107	}
	108
	109	~policy_file_t()
	110	{
	111	free(self);
	112	}
	113
	114	void setPolicy (signed char *i_pData, int i_nLen)
	115	{
	116	self->type = PF_USE_MEMORY;
	117	self->data = (char *) i_pData;
	118	self->len = i_nLen;
	119	}
	120	};
	121
	122	// libsepol stuff -- policydb
	123
	124	typedef struct policydb {} policydb_t;
	125
	126	%extend policydb_t
	127	{
	128
	129	policydb_t(policy_file_t *i_file)
	130	{
	131	policydb_t *result = malloc (sizeof (policydb_t));
	132	policydb_init(result);
	133	policydb_read (result, i_file, 0);
	134	sepol_set_policydb(result);
	135	return result;
	136	}
	137
	138	~policydb_t()
	139	{
	140	policydb_destroy(self);
	141	free(self);
	142	}
	143
	144	};
	145
	146
	147
	148	// libsepol -- sidtab
	149
	150	typedef struct sidtab_t {} sidtab_t;
	151	%extend sidtab_t
	152	{
	153	sidtab_t ()
	154	{
	155	sidtab_t *result = malloc (sizeof (sidtab_t));
	156	sepol_sidtab_init(result);
	157	sepol_set_sidtab(result);
	158	return result;
	159	}
	160
	161	~sidtab_t ()
	162	{
	163	sepol_sidtab_destroy(self);
	164	free(self);
	165	}
	166	};
	167
	168
	169	typedef struct sepol_security_id_t {} sepol_security_id_t;
	170	%newobject sepol_security_id_t::toString;
	171
	172	%extend sepol_security_id_t
	173	{
	174	sepol_security_id_t (char *i_szContext)
	175	{
	176	sepol_security_id_t *result = malloc (sizeof (sepol_security_id_t));
	177	// int rc =
	178	sepol_context_to_sid(i_szContext, strlen(i_szContext), result);
	179	//printf ("sepol_security_id_t context %s result: %d\n", i_szContext, rc);
	180	return result;
	181	}
	182
	183	~sepol_security_id_t ()
	184	{
	185	free(self);
	186	}
	187
	188	const char *toString ()
	189	{
	190	sepol_security_context_t outContext;
	191	size_t outLen;
	192
	193	// int rc =
	194	sepol_sid_to_context(*self, &outContext, &outLen);
	195	//printf ("sepol_security_id_t to string len %ld context %s result: %d\n", outLen, outContext, rc);
	196
	197	char *result = calloc (sizeof (char), outLen + 1);
	198	strncpy (result, outContext, outLen);
	199
	200	//TODO: how do I free the resutling string?
	201	//free (&outContext);
	202
	203	return result;
	204	}
	205	};
	206
	207	typedef struct sepol_access_vector_t {
	208	//sepol_security_class_t m_class;
	209	} sepol_access_vector_t;
	210
	211	%extend sepol_access_vector_t
	212	{
	213	// sepol_security_class_t m_class;
	214
	215	sepol_access_vector_t(sepol_security_class_t i_class, const char *i_szPerm)
	216	{
	217	// m_class = i_class;
	218	sepol_access_vector_t *result = malloc(sizeof (sepol_access_vector_t));
	219	*result = string_to_av_perm(i_class, i_szPerm);
	220	return result;
	221	}
	222
	223	sepol_access_vector_t(sepol_access_vector_t *i_copy)
	224	{
	225	sepol_access_vector_t *result = malloc(sizeof (sepol_access_vector_t));
	226	result = i_copy;
	227	return result;
	228	}
	229
	230	~sepol_access_vector_t()
	231	{
	232	free(self);
	233	}
	234
	235	int isValid ()
	236	{
	237	return *self != 0;
	238	}
	239
	240	sepol_access_vector_t addPerm (sepol_access_vector_t i_addMe)
	241	{
	242	self \|= i_addMe;
	243	return self;
	244	}
	245
	246	/*
	247	const char *toString ()
	248	{
	249	return security_av_perm_to_string(m_class, *self);
	250	}
	251	*/
	252	};
	253
	254
	255	typedef struct sepol_security_class_t {} sepol_security_class_t;
	256	%extend sepol_security_class_t
	257	{
	258	sepol_security_class_t (const char *i_szClass)
	259	{
	260	sepol_security_class_t *result = malloc(sizeof (sepol_security_class_t));
	261	*result = string_to_security_class(i_szClass);
	262	return result;
	263	}
	264
	265	~sepol_security_class_t()
	266	{
	267	free(self);
	268	}
	269
	270	const char *toString ()
	271	{
	272	return security_class_to_string (*self);
	273	}
	274	};
	275
	276
	277	//int sepol_compute_av_reason(sepol_security_id_t ssid, sepol_security_id_t tsid, sepol_security_class_t tclass, sepol_access_vector_t requested,
	278
	279
	280	typedef struct sepol_decision {} sepol_decision;
	281	%extend sepol_decision
	282	{
	283	sepol_decision(sepol_security_id_t i_ssid,
	284	sepol_security_id_t i_tsid,
	285	sepol_security_class_t i_tclass,
	286	sepol_access_vector_t i_requested)
	287	{
	288	sepol_decision *result = malloc(sizeof(sepol_decision));
	289	sepol_compute_av(i_ssid, i_tsid, i_tclass, i_requested, result);
	290	return result;
	291	}
	292
	293	~sepol_decision ()
	294	{
	295	free(self);
	296	}
	297
	298	int getAllowed ()
	299	{
	300	return self->allowed;
	301	}
	302
	303	};

Download in other formats:

Unified Diff
Zip Disabled

* Generating other formats may take time.