initial import from svn trunk revision 2950
diff --git a/libselinux/ChangeLog b/libselinux/ChangeLog
new file mode 100644
index 0000000..eeb8704
--- /dev/null
+++ b/libselinux/ChangeLog
@@ -0,0 +1,827 @@
+2.0.71 2008-08-05
+ * Add group support to seusers using %groupname syntax from Dan Walsh.
+ * Mark setrans socket close-on-exec from Stephen Smalley.
+ * Only apply nodups checking to base file contexts from Stephen Smalley.
+
+2.0.70 2008-07-30
+ * Merge ruby bindings from Dan Walsh.
+
+2.0.69 2008-07-29
+ * Handle duplicate file context regexes as a fatal error from Stephen Smalley.
+ This prevents adding them via semanage.
+
+2.0.68 2008-07-18
+ * Fix audit2why shadowed variables from Stephen Smalley.
+ * Note that freecon NULL is legal in man page from Karel Zak.
+
+2.0.67 2008-06-13
+ * New and revised AVC, label, and mapping man pages from Eamon Walsh.
+
+2.0.66 2008-06-11
+ * Add swig python bindings for avc interfaces from Dan Walsh.
+
+2.0.65 2008-05-27
+ * Fix selinux_file_context_verify() and selinux_lsetfilecon_default() to call matchpathcon_init_prefix if not already initialized.
+ * Add -q qualifier for -V option of matchpathcon and change it to indicate whether verification succeeded or failed via exit status.
+
+2.0.64 2008-04-21
+ * Fixed selinux_set_callback man page.
+
+2.0.63 2008-04-18
+ * Try loading the max of the kernel-supported version and the libsepol-supported version when no manipulation of the binary policy is needed from Stephen Smalley.
+
+2.0.62 2008-04-18
+ * Fix memory leaks in matchpathcon from Eamon Walsh.
+
+2.0.61 2008-03-31
+ * Man page typo fix from Jim Meyering.
+
+2.0.60 2008-03-20
+ * Changed selinux_init_load_policy() to not warn about a failed mount of selinuxfs if selinux was disabled in the kernel.
+
+2.0.59 2008-02-29
+ * Merged new X label "poly_selection" namespace from Eamon Walsh.
+
+2.0.58 2008-02-28
+ * Merged reset_selinux_config() for load policy from Dan Walsh.
+
+2.0.57 2008-02-25
+ * Merged avc_has_perm() errno fix from Eamon Walsh.
+
+2.0.56 2008-02-21
+ * Regenerated Flask headers from refpolicy flask definitions.
+
+2.0.55 2008-02-08
+ * Merged compute_member AVC function and manpages from Eamon Walsh.
+
+2.0.54 2008-02-08
+ * Provide more error reporting on load policy failures from Stephen Smalley.
+
+2.0.53 2008-02-07
+ * Merged new X label "poly_prop" namespace from Eamon Walsh.
+
+2.0.52 2008-02-06
+ * Disable setlocaldefs if no local boolean or users files are present from Stephen Smalley.
+
+2.0.51 2008-02-05
+ * Skip userspace preservebools processing for Linux >= 2.6.22 from Stephen Smalley.
+
+2.0.50 2008-01-28
+ * Merged fix for audit2why from Dan Walsh.
+
+2.0.49 2008-01-23
+ * Merged audit2why python binding from Dan Walsh.
+
+2.0.48 2008-01-23
+ * Merged updated swig bindings from Dan Walsh, including typemap for pid_t.
+
+2.0.47 2007-12-21
+ * Fix for the avc: granted null message bug from Stephen Smalley.
+
+2.0.46 2007-12-07
+ * matchpathcon(8) man page update from Dan Walsh.
+
+2.0.45 2007-11-20
+ * dlopen libsepol.so.1 rather than libsepol.so from Stephen Smalley.
+
+2.0.44 2007-11-20
+ * Based on a suggestion from Ulrich Drepper, defer regex compilation until we have a stem match, by Stephen Smalley.
+ A further optimization would be to defer regex compilation until we have a complete match of the constant prefix of the regex - TBD.
+
+2.0.43 2007-11-15
+ * Regenerated Flask headers from policy.
+
+2.0.42 2007-11-08
+ * AVC enforcing mode override patch from Eamon Walsh.
+
+2.0.41 2007-11-06
+ * Aligned attributes in AVC netlink code from Eamon Walsh.
+
+2.0.40 2007-11-01
+ * Merged refactored AVC netlink code from Eamon Walsh.
+
+2.0.39 2007-10-19
+ * Merged new X label namespaces from Eamon Walsh.
+
+2.0.38 2007-10-15
+ * Bux fix and minor refactoring in string representation code.
+
+2.0.37 2007-10-05
+ * Merged selinux_get_callback, avc_open, empty string mapping from Eamon Walsh.
+
+2.0.36 2007-09-27
+ * Fix segfault resulting from missing file_contexts file.
+
+2.0.35 2007-09-24
+ * Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
+ * Pass CFLAGS when using gcc for linking from Dennis Gilmore.
+
+2.0.34 2007-09-18
+ * Fix selabel option flag setting for 64-bit from Stephen Smalley.
+
+2.0.33 2007-09-12
+ * Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
+ * Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
+
+2.0.32 2007-09-10
+ * Fix swig binding for rpm_execcon from James Athey.
+
+2.0.31 2007-08-23
+ * Fix file_contexts.homedirs path from Todd Miller.
+
+2.0.30 2007-08-06
+ * Fix segfault resulting from uninitialized print-callback pointer.
+
+2.0.29 2007-08-02
+ * Added x_contexts path function patch from Eamon Walsh.
+
+2.0.28 2007-08-01
+ * Fix build for EMBEDDED=y from Yuichi Nakamura.
+
+2.0.27 2007-07-25
+ * Fix markup problems in selinux man pages from Dan Walsh.
+
+2.0.26 2007-07-23
+ * Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
+ * Added swigify to top-level Makefile from Dan Walsh.
+
+2.0.25 2007-07-23
+ * Fix for string_to_security_class segfault on x86_64 from Stephen
+ Smalley.
+
+2.0.24 2007-09-07
+ * Fix for getfilecon() for zero-length contexts from Stephen Smalley.
+
+2.0.23 2007-06-22
+ * Refactored SWIG bindings from James Athey.
+
+2.0.22 2007-06-20
+ * Labeling and callback interface patches from Eamon Walsh.
+
+2.0.21 2007-06-11
+ * Class and permission mapping support patches from Eamon Walsh.
+
+2.0.20 2007-06-07
+ * Object class discovery support patches from Chris PeBenito.
+
+2.0.19 2007-06-05
+ * Refactoring and errno support in string representation code.
+
+2.0.18 2007-05-31
+ * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
+ This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.
+
+2.0.17 2007-05-31
+ * Updated Lindent script and reindented two header files.
+
+2.0.16 2007-05-09
+ * Merged additional swig python bindings from Dan Walsh.
+
+2.0.15 2007-04-27
+ * Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
+
+2.0.14 2007-04-24
+ * Merged build fix for avc_internal.c from Joshua Brindle.
+
+2.0.13 2007-04-12
+ * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.
+
+2.0.12 2007-04-09
+ * Merged support for getting initial contexts from James Carter.
+
+2.0.11 2007-04-05
+ * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh.
+
+
+2.0.10 2007-04-05
+ * Merged sidput(NULL) patch from Eamon Walsh.
+
+2.0.9 2007-03-30
+ * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh.
+
+2.0.8 2007-03-20
+ * Merged fix for avc.h #include's from Eamon Walsh.
+
+2.0.7 2007-03-12
+ * Merged patch to drop support for CACHETRANS=0 config option from Steve Grubb.
+
+2.0.6 2007-03-12
+ * Merged patch to drop support for old /etc/sysconfig/selinux and
+ /etc/security policy file layout from Steve Grubb.
+
+2.0.5 2007-02-27
+ * Merged init_selinuxmnt() and is_selinux_enabled() improvements from Steve Grubb.
+
+2.0.4 2007-02-23
+ * Removed sending of setrans init message.
+
+2.0.3 2007-02-22
+ * Merged matchpathcon memory leak fix from Steve Grubb.
+
+2.0.2 2007-02-21
+ * Merged more swig initializers from Dan Walsh.
+
+2.0.1 2007-02-20
+ * Merged patch from Todd Miller to convert int types over to C99 style.
+
+2.0.0 2007-02-01
+ * Merged patch from Todd Miller to remove sscanf in matchpathcon.c because
+ of the use of the non-standard format %as. (original patch changed
+ for style).
+ * Merged patch from Todd Miller to fix memory leak in matchpathcon.c.
+
+1.34.1 2007-01-26
+ * Merged python binding fixes from Dan Walsh.
+
+1.34.0 2007-01-18
+ * Updated version for stable branch.
+
+1.33.6 2007-01-17
+ * Merged man page updates to make "apropos selinux" work from Dan Walsh.
+
+1.33.5 2007-01-16
+ * Merged getdefaultcon utility from Dan Walsh.
+
+1.33.4 2007-01-11
+ * Merged selinux_check_securetty_context() and support from Dan Walsh.
+
+1.33.3 2007-01-04
+ * Merged patch for matchpathcon utility to use file mode information
+ when available from Dan Walsh.
+
+1.33.2 2006-11-27
+ * Merged patch to compile with -fPIC instead of -fpic from
+ Manoj Srivastava to prevent hitting the global offset table
+ limit. Patch changed to include libsepol and libsemanage in
+ addition to libselinux.
+
+1.33.1 2006-10-19
+ * Merged updated flask definitions from Darrel Goeddel.
+ This adds the context security class, and also adds
+ the string definitions for setsockcreate and polmatch.
+
+1.32 2006-10-17
+ * Updated version for release.
+
+1.30.30 2006-10-05
+ * Merged patch from Darrel Goeddel to always use untranslated
+ contexts in the userspace AVC.
+
+1.30.29 2006-09-29
+ * Merged av_permissions.h update from Steve Grubb,
+ adding setsockcreate and polmatch definitions.
+
+1.30.28 2006-09-13
+ * Merged patch from Steve Smalley to fix SIGPIPE in setrans_client
+ * Merged c++ class identifier fix from Joe Nall.
+
+1.30.27 2006-08-24
+ * Merged patch to not log avc stats upon a reset from Steve Grubb.
+ * Applied patch to revert compat_net setting upon policy load.
+
+1.30.26 2006-08-11
+ * Merged file context homedir and local path functions from
+ Chris PeBenito.
+
+1.30.25 2006-08-11
+ * Rework functions that access /proc/pid/attr to access the
+ per-thread nodes, and unify the code to simplify maintenance.
+
+1.30.24 2006-08-10
+ * Merged return value fix for *getfilecon() from Dan Walsh.
+
+1.30.23 2006-08-10
+ * Merged sockcreate interfaces from Eric Paris.
+
+1.30.22 2006-08-03
+ * Merged no-tls-direct-seg-refs patch from Jeremy Katz.
+
+1.30.21 2006-08-03
+ * Merged netfilter_contexts support patch from Chris PeBenito.
+
+1.30.20 2006-08-01
+ * Merged context_*_set errno patch from Jim Meyering.
+
+1.30.19 2006-06-29
+ * Lindent.
+
+1.30.18 2006-06-27
+ * Merged {get,set}procattrcon patch set from Eric Paris.
+ * Merged re-base of keycreate patch originally by Michael LeMay from Eric Paris.
+
+1.30.17 2006-06-27
+ * Regenerated Flask headers from refpolicy.
+
+1.30.16 2006-06-26
+ * Merged patch from Dan Walsh with:
+ - Added selinux_file_context_{cmp,verify}.
+ - Added selinux_lsetfilecon_default.
+ - Delay translation of contexts in matchpathcon.
+
+1.30.15 2006-06-16
+ * Merged patch from Dan Walsh with:
+ * Added selinux_getpolicytype() function.
+ * Modified setrans code to skip processing if !mls_enabled.
+
+1.30.14 2006-06-16
+ * Set errno in the !selinux_mnt case.
+
+1.30.13 2006-06-02
+ * Allocate large buffers from the heap, not on stack.
+ Affects is_context_customizable, selinux_init_load_policy,
+ and selinux_getenforcemode.
+
+1.30.12 2006-06-02
+ * Merged !selinux_mnt checks from Ian Kent.
+
+1.30.11 2006-05-24
+ * Merged matchmediacon and trans_to_raw_context fixes from
+ Serge Hallyn.
+
+1.30.10 2006-05-22
+ * Merged simple setrans client cache from Dan Walsh.
+ Merged avcstat patch from Russell Coker.
+
+1.30.9 2006-05-22
+ * Modified selinux_mkload_policy() to also set /selinux/compat_net
+ appropriately for the loaded policy.
+
+1.30.8 2006-05-17
+ * Added matchpathcon_fini() function to free memory allocated by
+ matchpathcon_init().
+
+1.30.7 2006-05-16
+ * Merged setrans client cleanup patch from Steve Grubb.
+
+1.30.6 2006-05-08
+ * Merged getfscreatecon man page fix from Dan Walsh.
+ * Updated booleans(8) man page to drop references to the old
+ booleans file and to note that setsebool can be used to set
+ the boot-time defaults via -P.
+
+1.30.5 2006-05-05
+ * Merged fix warnings patch from Karl MacMillan.
+
+1.30.4 2006-05-05
+ * Merged setrans client support from Dan Walsh.
+ This removes use of libsetrans.
+ * Merged patch to eliminate use of PAGE_SIZE constant from Dan Walsh.
+ * Merged swig typemap fixes from Glauber de Oliveira Costa.
+
+1.30.3 2006-04-12
+ * Added distclean target to Makefile.
+ * Regenerated swig files.
+
+1.30.2 2006-04-11
+ * Changed matchpathcon_init to verify that the spec file is
+ a regular file.
+ * Merged python binding t_output_helper removal patch from Dan Walsh.
+
+1.30.1 2006-03-20
+ * Merged Makefile PYLIBVER definition patch from Dan Walsh.
+
+1.30 2006-03-14
+ * Updated version for release.
+
+1.29.8 2006-02-27
+ * Altered rpm_execcon fallback logic for permissive mode to also
+ handle case where /selinux/enforce is not available.
+
+1.29.7 2006-01-20
+ * Merged install-pywrap Makefile patch from Joshua Brindle.
+
+1.29.6 2006-01-18
+ * Merged pywrap Makefile patch from Dan Walsh.
+
+1.29.5 2006-01-11
+ * Added getseuser test program.
+
+1.29.4 2006-01-06
+ * Added format attribute to myprintf in matchpathcon.c and
+ removed obsoleted rootlen variable in init_selinux_config().
+
+1.29.3 2006-01-04
+ * Merged several fixes and improvements from Ulrich Drepper
+ (Red Hat), including:
+ - corrected use of getline
+ - further calls to __fsetlocking for local files
+ - use of strdupa and asprintf
+ - proper handling of dirent in booleans code
+ - use of -z relro
+ - several other optimizations
+ * Merged getpidcon python wrapper from Dan Walsh (Red Hat).
+
+1.29.2 2005-12-14
+ * Merged call to finish_context_translations from Dan Walsh.
+ This eliminates a memory leak from failing to release memory
+ allocated by libsetrans.
+
+1.29.1 2005-12-08
+ * Merged patch for swig interfaces from Dan Walsh.
+
+1.28 2005-12-07
+ * Updated version for release.
+
+1.27.28 2005-12-01
+ * Added MATCHPATHCON_VALIDATE flag for set_matchpathcon_flags() and
+ modified matchpathcon implementation to make context validation/
+ canonicalization optional at matchpathcon_init time, deferring it
+ to a successful matchpathcon by default unless the new flag is set
+ by the caller.
+
+1.27.27 2005-12-01
+ * Added matchpathcon_init_prefix() interface, and
+ reworked matchpathcon implementation to support selective
+ loading of file contexts entries based on prefix matching
+ between the pathname regex stems and the specified path
+ prefix (stem must be a prefix of the specified path prefix).
+
+1.27.26 2005-11-29
+ * Merged getsebool patch from Dan Walsh.
+
+1.27.25 2005-11-29
+ * Added -f file_contexts option to matchpathcon util.
+ Fixed warning message in matchpathcon_init().
+
+1.27.24 2005-11-29
+ * Merged Makefile python definitions patch from Dan Walsh.
+
+1.27.23 2005-11-28
+ * Merged swigify patch from Dan Walsh.
+
+1.27.22 2005-11-15
+ * Merged make failure in rpm_execcon non-fatal in permissive mode
+ patch from Ivan Gyurdiev.
+
+1.27.21 2005-11-08
+ * Added MATCHPATHCON_NOTRANS flag for set_matchpathcon_flags()
+ and modified matchpathcon_init() to skip context translation
+ if it is set by the caller.
+
+1.27.20 2005-11-07
+ * Added security_canonicalize_context() interface and
+ set_matchpathcon_canoncon() interface for obtaining
+ canonical contexts. Changed matchpathcon internals
+ to obtain canonical contexts by default. Provided
+ fallback for kernels that lack extended selinuxfs context
+ interface.
+
+1.27.19 2005-11-04
+ * Merged seusers parser changes from Ivan Gyurdiev.
+ * Merged setsebool to libsemanage patch from Ivan Gyurdiev.
+ * Changed seusers parser to reject empty fields.
+
+1.27.18 2005-11-03
+ * Merged seusers empty level handling patch from Jonathan Kim (TCS).
+
+1.27.17 2005-10-27
+ * Changed default entry for seusers to use __default__ to avoid
+ ambiguity with users named "default".
+
+1.27.16 2005-10-27
+ * Fixed init_selinux_config() handling of missing /etc/selinux/config
+ or missing SELINUXTYPE= definition.
+ * Merged selinux_translations_path() patch from Dan Walsh.
+
+1.27.15 2005-10-25
+ * Added hidden_proto/def for get_default_context_with_role.
+
+1.27.14 2005-10-25
+ * Merged selinux_path() and selinux_homedir_context_path()
+ functions from Joshua Brindle.
+
+1.27.13 2005-10-19
+ * Merged fixes for make DESTDIR= builds from Joshua Brindle.
+
+1.27.12 2005-10-18
+ * Merged get_default_context_with_rolelevel and man pages from
+ Dan Walsh (Red Hat).
+
+1.27.11 2005-10-18
+ * Updated call to sepol_policydb_to_image for sepol changes.
+
+1.27.10 2005-10-17
+ * Changed getseuserbyname to ignore empty lines and to handle
+ no matching entry in the same manner as no seusers file.
+
+1.27.9 2005-10-13
+ * Changed selinux_mkload_policy to try downgrading the
+ latest policy version available to the kernel-supported version.
+
+1.27.8 2005-10-11
+ * Changed selinux_mkload_policy to fall back to the maximum
+ policy version supported by libsepol if the kernel policy version
+ falls outside of the supported range.
+
+1.27.7 2005-10-06
+ * Changed getseuserbyname to fall back to the Linux username and
+ NULL level if seusers config file doesn't exist unless
+ REQUIRESEUSERS=1 is set in /etc/selinux/config.
+ * Moved seusers.conf under $SELINUXTYPE and renamed to seusers.
+
+1.27.6 2005-10-06
+ * Added selinux_init_load_policy() function as an even higher level
+ interface for the initial policy load by /sbin/init. This obsoletes
+ the load_policy() function in the sysvinit-selinux.patch.
+
+1.27.5 2005-10-06
+ * Added selinux_mkload_policy() function as a higher level interface
+ for loading policy than the security_load_policy() interface.
+
+1.27.4 2005-10-05
+ * Merged fix for matchpathcon (regcomp error checking) from Johan
+ Fischer. Also added use of regerror to obtain the error string
+ for inclusion in the error message.
+
+1.27.3 2005-10-03
+ * Changed getseuserbyname to not require (and ignore if present)
+ the MLS level in seusers.conf if MLS is disabled, setting *level
+ to NULL in this case.
+
+1.27.2 2005-09-30
+ * Merged getseuserbyname patch from Dan Walsh.
+
+1.27.1 2005-09-19
+ * Merged STRIP_LEVEL patch for matchpathcon from Dan Walsh.
+ This allows file_contexts with MLS fields to be processed on
+ non-MLS-enabled systems with policies that are otherwise
+ identical (e.g. same type definitions).
+ * Merged get_ordered_context_list_with_level() function from
+ Dan Walsh, and added get_default_context_with_level().
+ This allows MLS level selection for users other than the
+ default level.
+
+1.26 2005-09-06
+ * Updated version for release.
+
+1.25.7 2005-09-01
+ * Merged modified form of patch to avoid dlopen/dlclose by
+ the static libselinux from Dan Walsh. Users of the static libselinux
+ will not have any context translation by default.
+
+1.25.6 2005-08-31
+ * Added public functions to export context translation to
+ users of libselinux (selinux_trans_to_raw_context,
+ selinux_raw_to_trans_context).
+
+1.25.5 2005-08-26
+ * Remove special definition for context_range_set; use
+ common code.
+
+1.25.4 2005-08-25
+ * Hid translation-related symbols entirely and ensured that
+ raw functions have hidden definitions for internal use.
+ * Allowed setting NULL via context_set* functions.
+ * Allowed whitespace in MLS component of context.
+ * Changed rpm_execcon to use translated functions to workaround
+ lack of MLS level on upgraded systems.
+
+1.25.3 2005-08-23
+ * Merged context translation patch, originally by TCS,
+ with modifications by Dan Walsh (Red Hat).
+
+1.25.2 2005-08-11
+ * Merged several fixes for error handling paths in the
+ AVC sidtab, matchpathcon, booleans, context, and get_context_list
+ code from Serge Hallyn (IBM). Bugs found by Coverity.
+
+1.25.1 2005-08-10
+ * Removed setupns; migrated to pam.
+ * Merged patches to rename checkPasswdAccess() from Joshua Brindle.
+ Original symbol is temporarily retained for compatibility until
+ all callers are updated.
+
+1.24 2005-06-20
+ * Updated version for release.
+
+1.23.12 2005-06-13
+ * Merged security_setupns() from Chad Sellers.
+
+1.23.11 2005-05-19
+ * Merged avcstat and selinux man page from Dan Walsh.
+ * Changed security_load_booleans to process booleans.local
+ even if booleans file doesn't exist.
+
+1.23.10 2005-04-29
+ * Merged set_selinuxmnt patch from Bill Nottingham (Red Hat).
+
+1.23.9 2005-04-26
+ * Rewrote get_ordered_context_list and helpers, including
+ changing logic to allow variable MLS fields.
+
+1.23.8 2005-04-25
+ * Merged matchpathcon and man page patch from Dan Walsh.
+
+1.23.7 2005-04-12
+ * Changed boolean functions to return -1 with errno ENOENT
+ rather than assert on a NULL selinux_mnt (i.e. selinuxfs not
+ mounted).
+
+1.23.6 2005-04-08
+ * Fixed bug in matchpathcon_filespec_destroy.
+
+1.23.5 2005-04-05
+ * Fixed bug in rpm_execcon error handling path.
+
+1.23.4 2005-04-04
+ * Merged fix for set_matchpathcon* functions from Andreas Steinmetz.
+ * Merged fix for getconlist utility from Andreas Steinmetz.
+
+1.23.3 2005-03-29
+ * Merged security_set_boolean_list patch from Dan Walsh.
+ This introduces booleans.local support for setsebool.
+
+1.23.2 2005-03-17
+ * Merged destructors patch from Tomas Mraz.
+
+1.23.1 2005-03-16
+ * Added set_matchpathcon_flags() function for setting flags
+ controlling operation of matchpathcon. MATCHPATHCON_BASEONLY
+ means only process the base file_contexts file, not
+ file_contexts.homedirs or file_contexts.local, and is for use by
+ setfiles -c.
+ * Updated matchpathcon.3 man page.
+
+1.22 2005-03-09
+ * Updated version for release.
+
+1.21.13 2005-03-08
+ * Fixed bug in matchpathcon_filespec_add() - failure to clear fl_head.
+
+1.21.12 2005-03-01
+ * Changed matchpathcon_common to ignore any non-format bits in the mode.
+
+1.21.11 2005-02-22
+ * Merged several fixes from Ulrich Drepper.
+
+1.21.10 2005-02-17
+ * Merged matchpathcon patch for file_contexts.homedir from Dan Walsh.
+ * Added selinux_users_path() for path to directory containing
+ system.users and local.users.
+
+1.21.9 2005-02-09
+ * Changed relabel Makefile target to use restorecon.
+
+1.21.8 2005-02-07
+ * Regenerated av_permissions.h.
+
+1.21.7 2005-02-01
+ * Modified avc_dump_av to explicitly check for any permissions that
+ cannot be mapped to string names and display them as a hex value.
+
+1.21.6 2005-01-31
+ * Regenerated av_permissions.h.
+
+1.21.5 2005-01-28
+ * Generalized matchpathcon internals, exported more interfaces,
+ and moved additional code from setfiles into libselinux so that
+ setfiles can directly use matchpathcon.
+
+1.21.4 2005-01-27
+ * Prevent overflow of spec array in matchpathcon.
+
+1.21.3 2005-01-26
+ * Fixed several uses of internal functions to avoid relocations.
+ * Changed rpm_execcon to check is_selinux_enabled() and fallback to
+ a regular execve if not enabled (or unable to determine due to a lack
+ of /proc, e.g. chroot'd environment).
+
+
+1.21.2 2005-01-24
+ * Merged minor fix for avcstat from Dan Walsh.
+
+1.21.1 2005-01-19
+ * Merged patch from Dan Walsh, including:
+ - new is_context_customizable function
+ - changed matchpathcon to also use file_contexts.local if present
+ - man page cleanups
+
+1.20 2005-01-04
+ * Changed matchpathcon to return -1 with errno ENOENT for
+ <<none>> entries, and also for an empty file_contexts configuration.
+ * Removed some trivial utils that were not useful or redundant.
+ * Changed BINDIR default to /usr/sbin to match change in Fedora.
+ * Added security_compute_member.
+ * Added man page for setcon.
+ * Merged more man pages from Dan Walsh.
+ * Merged avcstat from James Morris.
+ * Merged build fix for mips from Manoj Srivastava.
+ * Merged C++ support from John Ramsdell of MITRE.
+ * Merged setcon() function from Darrel Goeddel of TCS.
+ * Merged setsebool/togglesebool enhancement from Steve Grubb.
+ * Merged cleanup patches from Steve Grubb.
+
+1.18 2004-11-01
+ * Merged cleanup patches from Steve Grubb.
+ * Added rpm_execcon.
+ * Merged setenforce and removable context patch from Dan Walsh.
+ * Merged build fix for alpha from Ulrich Drepper.
+ * Removed copyright/license from selinux_netlink.h - definitions only.
+ * Merged matchmediacon from Dan Walsh.
+ * Regenerated headers for new nscd permissions.
+ * Added get_default_context_with_role.
+ * Added set_matchpathcon_printf.
+ * Reworked av_inherit.h to allow easier re-use by kernel.
+ * Changed avc_has_perm_noaudit to not fail on netlink errors.
+ * Changed avc netlink code to check pid based on patch by Steve Grubb.
+ * Merged second optimization patch from Ulrich Drepper.
+ * Changed matchpathcon to skip invalid file_contexts entries.
+ * Made string tables private to libselinux.
+ * Merged strcat->stpcpy patch from Ulrich Drepper.
+ * Merged matchpathcon man page from Dan Walsh.
+ * Merged patch to eliminate PLTs for local syms from Ulrich Drepper.
+ * Autobind netlink socket.
+ * Dropped compatibility code from security_compute_user.
+ * Merged fix for context_range_set from Chad Hanson.
+ * Merged allocation failure checking patch from Chad Hanson.
+ * Merged avc netlink error message patch from Colin Walters.
+
+1.16 2004-08-19
+ * Regenerated headers for nscd class.
+ * Merged man pages from Dan Walsh.
+ * Merged context_new bug fix for MLS ranges from Chad Hanson.
+ * Merged toggle_bool from Chris PeBenito, renamed to togglesebool.
+ * Renamed change_bool and show_bools to setsebool and getsebool.
+ * Merged security_load_booleans() function from Dan Walsh.
+ * Added selinux_booleans_path() function.
+ * Changed avc_init function prototype to use const.
+ * Regenerated headers for crontab permission.
+ * Added checkAccess from Dan Walsh.
+ * Merged getenforce patch from Dan Walsh.
+ * Regenerated headers for dbus classes.
+
+1.14 2004-06-16
+ * Regenerated headers for fine-grained netlink classes.
+ * Merged selinux_config bug fix from Dan Walsh.
+ * Added userspace AVC man pages.
+ * Added man links for API calls to existing man pages documenting them.
+ * Replaced $HOME/.default_contexts support with /etc/selinux/contexts/users/$USER support.
+ * Merged patch to determine config file paths at runtime to support
+ reorganized layout.
+ * Regenerated flask headers with stable ordering.
+ * Merged patch for man pages from Russell Coker.
+
+1.12 2004-05-10
+ * Updated flask files to include new SE-X security classes.
+ * Added security_disable function for runtime disable of SELinux prior
+ to initial policy load (for /sbin/init).
+ * Changed get_ordered_context_list to omit any reachable contexts
+ that are not explicitly listed in default_contexts, unless there
+ are no matches.
+ * Merged man pages from Russell Coker and Dan Walsh.
+ * Merged memory leak fixes from Dan Walsh.
+ * Merged policyvers errno patch from Chris PeBenito.
+
+1.10 2004-04-05
+ * Merged getenforce patch from Dan Walsh.
+ * Fixed init_selinuxmnt to correctly handle use of "selinuxfs" as
+ the device specification, i.e. mount selinuxfs /selinux -t selinuxfs.
+ Based on a patch by Russell Coker.
+ * Merged matchpathcon buffer size fix from Dan Walsh.
+
+1.8 2004-03-09
+ * Merged is_selinux_mls_enabled() from Chad Hanson of TCS.
+ * Added matchpathcon function.
+ * Updated userspace AVC to handle netlink selinux notifications.
+
+1.6 2004-02-18
+ * Merged conditional policy extensions from Tresys Technology.
+ * Added userspace avc and SID table implementation.
+ * Fixed type on size in getpeercon per Thorsten Kukuk's advice.
+ * Fixed use of getpwnam_r per Thorsten Kukuk's advice.
+ * Changed to use getpwnam_r rather than getpwnam internally to
+ avoid clobbering any existing pwd struct obtained by the caller.
+ * Added getpeercon function to encapsulate getsockopt SO_PEERSEC
+ and handle allocation ala getfilecon.
+ * Changed is_selinux_enabled to return -1 on errors.
+ * Changed to discover selinuxfs mount point via /proc/mounts
+ so that the mount point can be changed without rebuilding.
+
+1.4 2003-12-01
+ * Merged another cleanup patch from Bastian Blank and Joerg Hoh.
+ * Regenerate headers for new permissions.
+ * Merged static lib build patch from Bastian Blank and Joerg Hoh.
+ * Export SELINUXMNT definition, add SELINUXPOLICY definition.
+ * Add functions to provide access to enforce and policyvers.
+ * Changed is_selinux_enabled to check /proc/filesystems for selinuxfs.
+ * Fixed type for 'size' in *getfilecon.
+ * Dropped -lattr and changed #include's to <sys/xattr.h>
+ * Merged patch to move shared library to /lib from Dan Walsh.
+ * Changed get_ordered_context_list to support a failsafe context.
+ * Added selinuxenabled utility.
+ * Merged const patch from Thorsten Kukuk.
+
+1.2 2003-09-30
+ * Change is_selinux_enabled to fail if policy isn't loaded.
+ * Changed Makefiles to allow non-root rpm builds.
+ * Added -lattr for libselinux.so to ensure proper binding.
+
+1.1 2003-08-13
+ * Ensure that context strings are padded with a null byte
+ in case the kernel didn't include one.
+ * Regenerate headers, update helpers.c for code cleanup.
+ * Pass soname flag to linker (Colin Walters).
+ * Fixes for various items: add const as appropriate, handle missed OOM condition, clean up compile warnings (Colin Walters).
+
+1.0 2003-07-11
+ * Initial public release.
diff --git a/libselinux/LICENSE b/libselinux/LICENSE
new file mode 100644
index 0000000..d386268
--- /dev/null
+++ b/libselinux/LICENSE
@@ -0,0 +1,21 @@
+This library (libselinux) is public domain software, i.e. not copyrighted.
+
+Warranty Exclusion
+------------------
+You agree that this software is a
+non-commercially developed program that may contain "bugs" (as that
+term is used in the industry) and that it may not function as intended.
+The software is licensed "as is". NSA makes no, and hereby expressly
+disclaims all, warranties, express, implied, statutory, or otherwise
+with respect to the software, including noninfringement and the implied
+warranties of merchantability and fitness for a particular purpose.
+
+Limitation of Liability
+-----------------------
+In no event will NSA be liable for any damages, including loss of data,
+lost profits, cost of cover, or other special, incidental,
+consequential, direct or indirect damages arising from the software or
+the use thereof, however caused and on any theory of liability. This
+limitation will apply even if NSA has been advised of the possibility
+of such damage. You acknowledge that this is a reasonable allocation of
+risk.
diff --git a/libselinux/Makefile b/libselinux/Makefile
new file mode 100644
index 0000000..9feaf94
--- /dev/null
+++ b/libselinux/Makefile
@@ -0,0 +1,59 @@
+DISABLE_AVC ?= n
+DISABLE_SETRANS ?= n
+DISABLE_RPM ?= n
+DISABLE_BOOL ?= n
+ifeq ($(EMBEDDED),y)
+ override DISABLE_AVC=y
+ override DISABLE_SETRANS=y
+ override DISABLE_RPM=y
+ override DISABLE_BOOL=y
+endif
+ifeq ($(DISABLE_AVC),y)
+ EMFLAGS+= -DDISABLE_AVC
+endif
+ifeq ($(DISABLE_BOOL),y)
+ EMFLAGS+= -DDISABLE_BOOL
+endif
+ifeq ($(DISABLE_SETRANS),y)
+ EMFLAGS+= -DDISABLE_SETRANS
+endif
+export DISABLE_AVC DISABLE_SETRANS DISABLE_RPM DISABLE_BOOL EMFLAGS
+
+all:
+ $(MAKE) -C src
+ $(MAKE) -C utils
+
+swigify: all
+ $(MAKE) -C src swigify
+
+pywrap:
+ $(MAKE) -C src pywrap
+
+rubywrap:
+ $(MAKE) -C src rubywrap
+
+install:
+ $(MAKE) -C include install
+ $(MAKE) -C src install
+ $(MAKE) -C utils install
+ $(MAKE) -C man install
+
+install-pywrap:
+ $(MAKE) -C src install-pywrap
+
+install-rubywrap:
+ $(MAKE) -C src install-rubywrap
+
+relabel:
+ $(MAKE) -C src relabel
+
+clean distclean:
+ $(MAKE) -C src $@
+ $(MAKE) -C utils clean
+
+indent:
+ $(MAKE) -C src $@
+ $(MAKE) -C utils $@
+ $(MAKE) -C include $@
+
+test:
diff --git a/libselinux/VERSION b/libselinux/VERSION
new file mode 100644
index 0000000..701cfaf
--- /dev/null
+++ b/libselinux/VERSION
@@ -0,0 +1 @@
+2.0.71
diff --git a/libselinux/include/Makefile b/libselinux/include/Makefile
new file mode 100644
index 0000000..e19bef8
--- /dev/null
+++ b/libselinux/include/Makefile
@@ -0,0 +1,11 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+INCDIR ?= $(PREFIX)/include/selinux
+
+install:
+ test -d $(INCDIR) || install -m 755 -d $(INCDIR)
+ install -m 644 $(wildcard selinux/*.h) $(INCDIR)
+
+indent:
+ ../../scripts/Lindent $(wildcard selinux/*.h)
+
diff --git a/libselinux/include/selinux/av_permissions.h b/libselinux/include/selinux/av_permissions.h
new file mode 100644
index 0000000..e0a78de
--- /dev/null
+++ b/libselinux/include/selinux/av_permissions.h
@@ -0,0 +1,1006 @@
+/* This file is automatically generated. Do not edit. */
+#define COMMON_FILE__IOCTL 0x00000001UL
+#define COMMON_FILE__READ 0x00000002UL
+#define COMMON_FILE__WRITE 0x00000004UL
+#define COMMON_FILE__CREATE 0x00000008UL
+#define COMMON_FILE__GETATTR 0x00000010UL
+#define COMMON_FILE__SETATTR 0x00000020UL
+#define COMMON_FILE__LOCK 0x00000040UL
+#define COMMON_FILE__RELABELFROM 0x00000080UL
+#define COMMON_FILE__RELABELTO 0x00000100UL
+#define COMMON_FILE__APPEND 0x00000200UL
+#define COMMON_FILE__UNLINK 0x00000400UL
+#define COMMON_FILE__LINK 0x00000800UL
+#define COMMON_FILE__RENAME 0x00001000UL
+#define COMMON_FILE__EXECUTE 0x00002000UL
+#define COMMON_FILE__SWAPON 0x00004000UL
+#define COMMON_FILE__QUOTAON 0x00008000UL
+#define COMMON_FILE__MOUNTON 0x00010000UL
+#define COMMON_SOCKET__IOCTL 0x00000001UL
+#define COMMON_SOCKET__READ 0x00000002UL
+#define COMMON_SOCKET__WRITE 0x00000004UL
+#define COMMON_SOCKET__CREATE 0x00000008UL
+#define COMMON_SOCKET__GETATTR 0x00000010UL
+#define COMMON_SOCKET__SETATTR 0x00000020UL
+#define COMMON_SOCKET__LOCK 0x00000040UL
+#define COMMON_SOCKET__RELABELFROM 0x00000080UL
+#define COMMON_SOCKET__RELABELTO 0x00000100UL
+#define COMMON_SOCKET__APPEND 0x00000200UL
+#define COMMON_SOCKET__BIND 0x00000400UL
+#define COMMON_SOCKET__CONNECT 0x00000800UL
+#define COMMON_SOCKET__LISTEN 0x00001000UL
+#define COMMON_SOCKET__ACCEPT 0x00002000UL
+#define COMMON_SOCKET__GETOPT 0x00004000UL
+#define COMMON_SOCKET__SETOPT 0x00008000UL
+#define COMMON_SOCKET__SHUTDOWN 0x00010000UL
+#define COMMON_SOCKET__RECVFROM 0x00020000UL
+#define COMMON_SOCKET__SENDTO 0x00040000UL
+#define COMMON_SOCKET__RECV_MSG 0x00080000UL
+#define COMMON_SOCKET__SEND_MSG 0x00100000UL
+#define COMMON_SOCKET__NAME_BIND 0x00200000UL
+#define COMMON_IPC__CREATE 0x00000001UL
+#define COMMON_IPC__DESTROY 0x00000002UL
+#define COMMON_IPC__GETATTR 0x00000004UL
+#define COMMON_IPC__SETATTR 0x00000008UL
+#define COMMON_IPC__READ 0x00000010UL
+#define COMMON_IPC__WRITE 0x00000020UL
+#define COMMON_IPC__ASSOCIATE 0x00000040UL
+#define COMMON_IPC__UNIX_READ 0x00000080UL
+#define COMMON_IPC__UNIX_WRITE 0x00000100UL
+#define COMMON_DATABASE__CREATE 0x00000001UL
+#define COMMON_DATABASE__DROP 0x00000002UL
+#define COMMON_DATABASE__GETATTR 0x00000004UL
+#define COMMON_DATABASE__SETATTR 0x00000008UL
+#define COMMON_DATABASE__RELABELFROM 0x00000010UL
+#define COMMON_DATABASE__RELABELTO 0x00000020UL
+#define FILESYSTEM__MOUNT 0x00000001UL
+#define FILESYSTEM__REMOUNT 0x00000002UL
+#define FILESYSTEM__UNMOUNT 0x00000004UL
+#define FILESYSTEM__GETATTR 0x00000008UL
+#define FILESYSTEM__RELABELFROM 0x00000010UL
+#define FILESYSTEM__RELABELTO 0x00000020UL
+#define FILESYSTEM__TRANSITION 0x00000040UL
+#define FILESYSTEM__ASSOCIATE 0x00000080UL
+#define FILESYSTEM__QUOTAMOD 0x00000100UL
+#define FILESYSTEM__QUOTAGET 0x00000200UL
+#define DIR__IOCTL 0x00000001UL
+#define DIR__READ 0x00000002UL
+#define DIR__WRITE 0x00000004UL
+#define DIR__CREATE 0x00000008UL
+#define DIR__GETATTR 0x00000010UL
+#define DIR__SETATTR 0x00000020UL
+#define DIR__LOCK 0x00000040UL
+#define DIR__RELABELFROM 0x00000080UL
+#define DIR__RELABELTO 0x00000100UL
+#define DIR__APPEND 0x00000200UL
+#define DIR__UNLINK 0x00000400UL
+#define DIR__LINK 0x00000800UL
+#define DIR__RENAME 0x00001000UL
+#define DIR__EXECUTE 0x00002000UL
+#define DIR__SWAPON 0x00004000UL
+#define DIR__QUOTAON 0x00008000UL
+#define DIR__MOUNTON 0x00010000UL
+#define DIR__ADD_NAME 0x00020000UL
+#define DIR__REMOVE_NAME 0x00040000UL
+#define DIR__REPARENT 0x00080000UL
+#define DIR__SEARCH 0x00100000UL
+#define DIR__RMDIR 0x00200000UL
+#define FILE__IOCTL 0x00000001UL
+#define FILE__READ 0x00000002UL
+#define FILE__WRITE 0x00000004UL
+#define FILE__CREATE 0x00000008UL
+#define FILE__GETATTR 0x00000010UL
+#define FILE__SETATTR 0x00000020UL
+#define FILE__LOCK 0x00000040UL
+#define FILE__RELABELFROM 0x00000080UL
+#define FILE__RELABELTO 0x00000100UL
+#define FILE__APPEND 0x00000200UL
+#define FILE__UNLINK 0x00000400UL
+#define FILE__LINK 0x00000800UL
+#define FILE__RENAME 0x00001000UL
+#define FILE__EXECUTE 0x00002000UL
+#define FILE__SWAPON 0x00004000UL
+#define FILE__QUOTAON 0x00008000UL
+#define FILE__MOUNTON 0x00010000UL
+#define FILE__EXECUTE_NO_TRANS 0x00020000UL
+#define FILE__ENTRYPOINT 0x00040000UL
+#define FILE__EXECMOD 0x00080000UL
+#define LNK_FILE__IOCTL 0x00000001UL
+#define LNK_FILE__READ 0x00000002UL
+#define LNK_FILE__WRITE 0x00000004UL
+#define LNK_FILE__CREATE 0x00000008UL
+#define LNK_FILE__GETATTR 0x00000010UL
+#define LNK_FILE__SETATTR 0x00000020UL
+#define LNK_FILE__LOCK 0x00000040UL
+#define LNK_FILE__RELABELFROM 0x00000080UL
+#define LNK_FILE__RELABELTO 0x00000100UL
+#define LNK_FILE__APPEND 0x00000200UL
+#define LNK_FILE__UNLINK 0x00000400UL
+#define LNK_FILE__LINK 0x00000800UL
+#define LNK_FILE__RENAME 0x00001000UL
+#define LNK_FILE__EXECUTE 0x00002000UL
+#define LNK_FILE__SWAPON 0x00004000UL
+#define LNK_FILE__QUOTAON 0x00008000UL
+#define LNK_FILE__MOUNTON 0x00010000UL
+#define CHR_FILE__IOCTL 0x00000001UL
+#define CHR_FILE__READ 0x00000002UL
+#define CHR_FILE__WRITE 0x00000004UL
+#define CHR_FILE__CREATE 0x00000008UL
+#define CHR_FILE__GETATTR 0x00000010UL
+#define CHR_FILE__SETATTR 0x00000020UL
+#define CHR_FILE__LOCK 0x00000040UL
+#define CHR_FILE__RELABELFROM 0x00000080UL
+#define CHR_FILE__RELABELTO 0x00000100UL
+#define CHR_FILE__APPEND 0x00000200UL
+#define CHR_FILE__UNLINK 0x00000400UL
+#define CHR_FILE__LINK 0x00000800UL
+#define CHR_FILE__RENAME 0x00001000UL
+#define CHR_FILE__EXECUTE 0x00002000UL
+#define CHR_FILE__SWAPON 0x00004000UL
+#define CHR_FILE__QUOTAON 0x00008000UL
+#define CHR_FILE__MOUNTON 0x00010000UL
+#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
+#define CHR_FILE__ENTRYPOINT 0x00040000UL
+#define CHR_FILE__EXECMOD 0x00080000UL
+#define BLK_FILE__IOCTL 0x00000001UL
+#define BLK_FILE__READ 0x00000002UL
+#define BLK_FILE__WRITE 0x00000004UL
+#define BLK_FILE__CREATE 0x00000008UL
+#define BLK_FILE__GETATTR 0x00000010UL
+#define BLK_FILE__SETATTR 0x00000020UL
+#define BLK_FILE__LOCK 0x00000040UL
+#define BLK_FILE__RELABELFROM 0x00000080UL
+#define BLK_FILE__RELABELTO 0x00000100UL
+#define BLK_FILE__APPEND 0x00000200UL
+#define BLK_FILE__UNLINK 0x00000400UL
+#define BLK_FILE__LINK 0x00000800UL
+#define BLK_FILE__RENAME 0x00001000UL
+#define BLK_FILE__EXECUTE 0x00002000UL
+#define BLK_FILE__SWAPON 0x00004000UL
+#define BLK_FILE__QUOTAON 0x00008000UL
+#define BLK_FILE__MOUNTON 0x00010000UL
+#define SOCK_FILE__IOCTL 0x00000001UL
+#define SOCK_FILE__READ 0x00000002UL
+#define SOCK_FILE__WRITE 0x00000004UL
+#define SOCK_FILE__CREATE 0x00000008UL
+#define SOCK_FILE__GETATTR 0x00000010UL
+#define SOCK_FILE__SETATTR 0x00000020UL
+#define SOCK_FILE__LOCK 0x00000040UL
+#define SOCK_FILE__RELABELFROM 0x00000080UL
+#define SOCK_FILE__RELABELTO 0x00000100UL
+#define SOCK_FILE__APPEND 0x00000200UL
+#define SOCK_FILE__UNLINK 0x00000400UL
+#define SOCK_FILE__LINK 0x00000800UL
+#define SOCK_FILE__RENAME 0x00001000UL
+#define SOCK_FILE__EXECUTE 0x00002000UL
+#define SOCK_FILE__SWAPON 0x00004000UL
+#define SOCK_FILE__QUOTAON 0x00008000UL
+#define SOCK_FILE__MOUNTON 0x00010000UL
+#define FIFO_FILE__IOCTL 0x00000001UL
+#define FIFO_FILE__READ 0x00000002UL
+#define FIFO_FILE__WRITE 0x00000004UL
+#define FIFO_FILE__CREATE 0x00000008UL
+#define FIFO_FILE__GETATTR 0x00000010UL
+#define FIFO_FILE__SETATTR 0x00000020UL
+#define FIFO_FILE__LOCK 0x00000040UL
+#define FIFO_FILE__RELABELFROM 0x00000080UL
+#define FIFO_FILE__RELABELTO 0x00000100UL
+#define FIFO_FILE__APPEND 0x00000200UL
+#define FIFO_FILE__UNLINK 0x00000400UL
+#define FIFO_FILE__LINK 0x00000800UL
+#define FIFO_FILE__RENAME 0x00001000UL
+#define FIFO_FILE__EXECUTE 0x00002000UL
+#define FIFO_FILE__SWAPON 0x00004000UL
+#define FIFO_FILE__QUOTAON 0x00008000UL
+#define FIFO_FILE__MOUNTON 0x00010000UL
+#define FD__USE 0x00000001UL
+#define SOCKET__IOCTL 0x00000001UL
+#define SOCKET__READ 0x00000002UL
+#define SOCKET__WRITE 0x00000004UL
+#define SOCKET__CREATE 0x00000008UL
+#define SOCKET__GETATTR 0x00000010UL
+#define SOCKET__SETATTR 0x00000020UL
+#define SOCKET__LOCK 0x00000040UL
+#define SOCKET__RELABELFROM 0x00000080UL
+#define SOCKET__RELABELTO 0x00000100UL
+#define SOCKET__APPEND 0x00000200UL
+#define SOCKET__BIND 0x00000400UL
+#define SOCKET__CONNECT 0x00000800UL
+#define SOCKET__LISTEN 0x00001000UL
+#define SOCKET__ACCEPT 0x00002000UL
+#define SOCKET__GETOPT 0x00004000UL
+#define SOCKET__SETOPT 0x00008000UL
+#define SOCKET__SHUTDOWN 0x00010000UL
+#define SOCKET__RECVFROM 0x00020000UL
+#define SOCKET__SENDTO 0x00040000UL
+#define SOCKET__RECV_MSG 0x00080000UL
+#define SOCKET__SEND_MSG 0x00100000UL
+#define SOCKET__NAME_BIND 0x00200000UL
+#define TCP_SOCKET__IOCTL 0x00000001UL
+#define TCP_SOCKET__READ 0x00000002UL
+#define TCP_SOCKET__WRITE 0x00000004UL
+#define TCP_SOCKET__CREATE 0x00000008UL
+#define TCP_SOCKET__GETATTR 0x00000010UL
+#define TCP_SOCKET__SETATTR 0x00000020UL
+#define TCP_SOCKET__LOCK 0x00000040UL
+#define TCP_SOCKET__RELABELFROM 0x00000080UL
+#define TCP_SOCKET__RELABELTO 0x00000100UL
+#define TCP_SOCKET__APPEND 0x00000200UL
+#define TCP_SOCKET__BIND 0x00000400UL
+#define TCP_SOCKET__CONNECT 0x00000800UL
+#define TCP_SOCKET__LISTEN 0x00001000UL
+#define TCP_SOCKET__ACCEPT 0x00002000UL
+#define TCP_SOCKET__GETOPT 0x00004000UL
+#define TCP_SOCKET__SETOPT 0x00008000UL
+#define TCP_SOCKET__SHUTDOWN 0x00010000UL
+#define TCP_SOCKET__RECVFROM 0x00020000UL
+#define TCP_SOCKET__SENDTO 0x00040000UL
+#define TCP_SOCKET__RECV_MSG 0x00080000UL
+#define TCP_SOCKET__SEND_MSG 0x00100000UL
+#define TCP_SOCKET__NAME_BIND 0x00200000UL
+#define TCP_SOCKET__CONNECTTO 0x00400000UL
+#define TCP_SOCKET__NEWCONN 0x00800000UL
+#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
+#define TCP_SOCKET__NODE_BIND 0x02000000UL
+#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
+#define UDP_SOCKET__IOCTL 0x00000001UL
+#define UDP_SOCKET__READ 0x00000002UL
+#define UDP_SOCKET__WRITE 0x00000004UL
+#define UDP_SOCKET__CREATE 0x00000008UL
+#define UDP_SOCKET__GETATTR 0x00000010UL
+#define UDP_SOCKET__SETATTR 0x00000020UL
+#define UDP_SOCKET__LOCK 0x00000040UL
+#define UDP_SOCKET__RELABELFROM 0x00000080UL
+#define UDP_SOCKET__RELABELTO 0x00000100UL
+#define UDP_SOCKET__APPEND 0x00000200UL
+#define UDP_SOCKET__BIND 0x00000400UL
+#define UDP_SOCKET__CONNECT 0x00000800UL
+#define UDP_SOCKET__LISTEN 0x00001000UL
+#define UDP_SOCKET__ACCEPT 0x00002000UL
+#define UDP_SOCKET__GETOPT 0x00004000UL
+#define UDP_SOCKET__SETOPT 0x00008000UL
+#define UDP_SOCKET__SHUTDOWN 0x00010000UL
+#define UDP_SOCKET__RECVFROM 0x00020000UL
+#define UDP_SOCKET__SENDTO 0x00040000UL
+#define UDP_SOCKET__RECV_MSG 0x00080000UL
+#define UDP_SOCKET__SEND_MSG 0x00100000UL
+#define UDP_SOCKET__NAME_BIND 0x00200000UL
+#define UDP_SOCKET__NODE_BIND 0x00400000UL
+#define RAWIP_SOCKET__IOCTL 0x00000001UL
+#define RAWIP_SOCKET__READ 0x00000002UL
+#define RAWIP_SOCKET__WRITE 0x00000004UL
+#define RAWIP_SOCKET__CREATE 0x00000008UL
+#define RAWIP_SOCKET__GETATTR 0x00000010UL
+#define RAWIP_SOCKET__SETATTR 0x00000020UL
+#define RAWIP_SOCKET__LOCK 0x00000040UL
+#define RAWIP_SOCKET__RELABELFROM 0x00000080UL
+#define RAWIP_SOCKET__RELABELTO 0x00000100UL
+#define RAWIP_SOCKET__APPEND 0x00000200UL
+#define RAWIP_SOCKET__BIND 0x00000400UL
+#define RAWIP_SOCKET__CONNECT 0x00000800UL
+#define RAWIP_SOCKET__LISTEN 0x00001000UL
+#define RAWIP_SOCKET__ACCEPT 0x00002000UL
+#define RAWIP_SOCKET__GETOPT 0x00004000UL
+#define RAWIP_SOCKET__SETOPT 0x00008000UL
+#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL
+#define RAWIP_SOCKET__RECVFROM 0x00020000UL
+#define RAWIP_SOCKET__SENDTO 0x00040000UL
+#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
+#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
+#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
+#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
+#define NODE__TCP_RECV 0x00000001UL
+#define NODE__TCP_SEND 0x00000002UL
+#define NODE__UDP_RECV 0x00000004UL
+#define NODE__UDP_SEND 0x00000008UL
+#define NODE__RAWIP_RECV 0x00000010UL
+#define NODE__RAWIP_SEND 0x00000020UL
+#define NODE__ENFORCE_DEST 0x00000040UL
+#define NODE__DCCP_RECV 0x00000080UL
+#define NODE__DCCP_SEND 0x00000100UL
+#define NODE__RECVFROM 0x00000200UL
+#define NODE__SENDTO 0x00000400UL
+#define NETIF__TCP_RECV 0x00000001UL
+#define NETIF__TCP_SEND 0x00000002UL
+#define NETIF__UDP_RECV 0x00000004UL
+#define NETIF__UDP_SEND 0x00000008UL
+#define NETIF__RAWIP_RECV 0x00000010UL
+#define NETIF__RAWIP_SEND 0x00000020UL
+#define NETIF__DCCP_RECV 0x00000040UL
+#define NETIF__DCCP_SEND 0x00000080UL
+#define NETIF__INGRESS 0x00000100UL
+#define NETIF__EGRESS 0x00000200UL
+#define NETLINK_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_SOCKET__READ 0x00000002UL
+#define NETLINK_SOCKET__WRITE 0x00000004UL
+#define NETLINK_SOCKET__CREATE 0x00000008UL
+#define NETLINK_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_SOCKET__LOCK 0x00000040UL
+#define NETLINK_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_SOCKET__APPEND 0x00000200UL
+#define NETLINK_SOCKET__BIND 0x00000400UL
+#define NETLINK_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
+#define PACKET_SOCKET__IOCTL 0x00000001UL
+#define PACKET_SOCKET__READ 0x00000002UL
+#define PACKET_SOCKET__WRITE 0x00000004UL
+#define PACKET_SOCKET__CREATE 0x00000008UL
+#define PACKET_SOCKET__GETATTR 0x00000010UL
+#define PACKET_SOCKET__SETATTR 0x00000020UL
+#define PACKET_SOCKET__LOCK 0x00000040UL
+#define PACKET_SOCKET__RELABELFROM 0x00000080UL
+#define PACKET_SOCKET__RELABELTO 0x00000100UL
+#define PACKET_SOCKET__APPEND 0x00000200UL
+#define PACKET_SOCKET__BIND 0x00000400UL
+#define PACKET_SOCKET__CONNECT 0x00000800UL
+#define PACKET_SOCKET__LISTEN 0x00001000UL
+#define PACKET_SOCKET__ACCEPT 0x00002000UL
+#define PACKET_SOCKET__GETOPT 0x00004000UL
+#define PACKET_SOCKET__SETOPT 0x00008000UL
+#define PACKET_SOCKET__SHUTDOWN 0x00010000UL
+#define PACKET_SOCKET__RECVFROM 0x00020000UL
+#define PACKET_SOCKET__SENDTO 0x00040000UL
+#define PACKET_SOCKET__RECV_MSG 0x00080000UL
+#define PACKET_SOCKET__SEND_MSG 0x00100000UL
+#define PACKET_SOCKET__NAME_BIND 0x00200000UL
+#define KEY_SOCKET__IOCTL 0x00000001UL
+#define KEY_SOCKET__READ 0x00000002UL
+#define KEY_SOCKET__WRITE 0x00000004UL
+#define KEY_SOCKET__CREATE 0x00000008UL
+#define KEY_SOCKET__GETATTR 0x00000010UL
+#define KEY_SOCKET__SETATTR 0x00000020UL
+#define KEY_SOCKET__LOCK 0x00000040UL
+#define KEY_SOCKET__RELABELFROM 0x00000080UL
+#define KEY_SOCKET__RELABELTO 0x00000100UL
+#define KEY_SOCKET__APPEND 0x00000200UL
+#define KEY_SOCKET__BIND 0x00000400UL
+#define KEY_SOCKET__CONNECT 0x00000800UL
+#define KEY_SOCKET__LISTEN 0x00001000UL
+#define KEY_SOCKET__ACCEPT 0x00002000UL
+#define KEY_SOCKET__GETOPT 0x00004000UL
+#define KEY_SOCKET__SETOPT 0x00008000UL
+#define KEY_SOCKET__SHUTDOWN 0x00010000UL
+#define KEY_SOCKET__RECVFROM 0x00020000UL
+#define KEY_SOCKET__SENDTO 0x00040000UL
+#define KEY_SOCKET__RECV_MSG 0x00080000UL
+#define KEY_SOCKET__SEND_MSG 0x00100000UL
+#define KEY_SOCKET__NAME_BIND 0x00200000UL
+#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
+#define UNIX_STREAM_SOCKET__READ 0x00000002UL
+#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
+#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL
+#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL
+#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL
+#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL
+#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL
+#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL
+#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL
+#define UNIX_STREAM_SOCKET__BIND 0x00000400UL
+#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL
+#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL
+#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL
+#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL
+#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL
+#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL
+#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL
+#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL
+#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
+#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
+#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
+#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
+#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
+#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
+#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
+#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
+#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
+#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL
+#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL
+#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL
+#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL
+#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL
+#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL
+#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL
+#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL
+#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL
+#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL
+#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL
+#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL
+#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL
+#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL
+#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL
+#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL
+#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
+#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
+#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
+#define PROCESS__FORK 0x00000001UL
+#define PROCESS__TRANSITION 0x00000002UL
+#define PROCESS__SIGCHLD 0x00000004UL
+#define PROCESS__SIGKILL 0x00000008UL
+#define PROCESS__SIGSTOP 0x00000010UL
+#define PROCESS__SIGNULL 0x00000020UL
+#define PROCESS__SIGNAL 0x00000040UL
+#define PROCESS__PTRACE 0x00000080UL
+#define PROCESS__GETSCHED 0x00000100UL
+#define PROCESS__SETSCHED 0x00000200UL
+#define PROCESS__GETSESSION 0x00000400UL
+#define PROCESS__GETPGID 0x00000800UL
+#define PROCESS__SETPGID 0x00001000UL
+#define PROCESS__GETCAP 0x00002000UL
+#define PROCESS__SETCAP 0x00004000UL
+#define PROCESS__SHARE 0x00008000UL
+#define PROCESS__GETATTR 0x00010000UL
+#define PROCESS__SETEXEC 0x00020000UL
+#define PROCESS__SETFSCREATE 0x00040000UL
+#define PROCESS__NOATSECURE 0x00080000UL
+#define PROCESS__SIGINH 0x00100000UL
+#define PROCESS__SETRLIMIT 0x00200000UL
+#define PROCESS__RLIMITINH 0x00400000UL
+#define PROCESS__DYNTRANSITION 0x00800000UL
+#define PROCESS__SETCURRENT 0x01000000UL
+#define PROCESS__EXECMEM 0x02000000UL
+#define PROCESS__EXECSTACK 0x04000000UL
+#define PROCESS__EXECHEAP 0x08000000UL
+#define PROCESS__SETKEYCREATE 0x10000000UL
+#define PROCESS__SETSOCKCREATE 0x20000000UL
+#define IPC__CREATE 0x00000001UL
+#define IPC__DESTROY 0x00000002UL
+#define IPC__GETATTR 0x00000004UL
+#define IPC__SETATTR 0x00000008UL
+#define IPC__READ 0x00000010UL
+#define IPC__WRITE 0x00000020UL
+#define IPC__ASSOCIATE 0x00000040UL
+#define IPC__UNIX_READ 0x00000080UL
+#define IPC__UNIX_WRITE 0x00000100UL
+#define SEM__CREATE 0x00000001UL
+#define SEM__DESTROY 0x00000002UL
+#define SEM__GETATTR 0x00000004UL
+#define SEM__SETATTR 0x00000008UL
+#define SEM__READ 0x00000010UL
+#define SEM__WRITE 0x00000020UL
+#define SEM__ASSOCIATE 0x00000040UL
+#define SEM__UNIX_READ 0x00000080UL
+#define SEM__UNIX_WRITE 0x00000100UL
+#define MSGQ__CREATE 0x00000001UL
+#define MSGQ__DESTROY 0x00000002UL
+#define MSGQ__GETATTR 0x00000004UL
+#define MSGQ__SETATTR 0x00000008UL
+#define MSGQ__READ 0x00000010UL
+#define MSGQ__WRITE 0x00000020UL
+#define MSGQ__ASSOCIATE 0x00000040UL
+#define MSGQ__UNIX_READ 0x00000080UL
+#define MSGQ__UNIX_WRITE 0x00000100UL
+#define MSGQ__ENQUEUE 0x00000200UL
+#define MSG__SEND 0x00000001UL
+#define MSG__RECEIVE 0x00000002UL
+#define SHM__CREATE 0x00000001UL
+#define SHM__DESTROY 0x00000002UL
+#define SHM__GETATTR 0x00000004UL
+#define SHM__SETATTR 0x00000008UL
+#define SHM__READ 0x00000010UL
+#define SHM__WRITE 0x00000020UL
+#define SHM__ASSOCIATE 0x00000040UL
+#define SHM__UNIX_READ 0x00000080UL
+#define SHM__UNIX_WRITE 0x00000100UL
+#define SHM__LOCK 0x00000200UL
+#define SECURITY__COMPUTE_AV 0x00000001UL
+#define SECURITY__COMPUTE_CREATE 0x00000002UL
+#define SECURITY__COMPUTE_MEMBER 0x00000004UL
+#define SECURITY__CHECK_CONTEXT 0x00000008UL
+#define SECURITY__LOAD_POLICY 0x00000010UL
+#define SECURITY__COMPUTE_RELABEL 0x00000020UL
+#define SECURITY__COMPUTE_USER 0x00000040UL
+#define SECURITY__SETENFORCE 0x00000080UL
+#define SECURITY__SETBOOL 0x00000100UL
+#define SECURITY__SETSECPARAM 0x00000200UL
+#define SECURITY__SETCHECKREQPROT 0x00000400UL
+#define SYSTEM__IPC_INFO 0x00000001UL
+#define SYSTEM__SYSLOG_READ 0x00000002UL
+#define SYSTEM__SYSLOG_MOD 0x00000004UL
+#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
+#define CAPABILITY__CHOWN 0x00000001UL
+#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
+#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
+#define CAPABILITY__FOWNER 0x00000008UL
+#define CAPABILITY__FSETID 0x00000010UL
+#define CAPABILITY__KILL 0x00000020UL
+#define CAPABILITY__SETGID 0x00000040UL
+#define CAPABILITY__SETUID 0x00000080UL
+#define CAPABILITY__SETPCAP 0x00000100UL
+#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL
+#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL
+#define CAPABILITY__NET_BROADCAST 0x00000800UL
+#define CAPABILITY__NET_ADMIN 0x00001000UL
+#define CAPABILITY__NET_RAW 0x00002000UL
+#define CAPABILITY__IPC_LOCK 0x00004000UL
+#define CAPABILITY__IPC_OWNER 0x00008000UL
+#define CAPABILITY__SYS_MODULE 0x00010000UL
+#define CAPABILITY__SYS_RAWIO 0x00020000UL
+#define CAPABILITY__SYS_CHROOT 0x00040000UL
+#define CAPABILITY__SYS_PTRACE 0x00080000UL
+#define CAPABILITY__SYS_PACCT 0x00100000UL
+#define CAPABILITY__SYS_ADMIN 0x00200000UL
+#define CAPABILITY__SYS_BOOT 0x00400000UL
+#define CAPABILITY__SYS_NICE 0x00800000UL
+#define CAPABILITY__SYS_RESOURCE 0x01000000UL
+#define CAPABILITY__SYS_TIME 0x02000000UL
+#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
+#define CAPABILITY__MKNOD 0x08000000UL
+#define CAPABILITY__LEASE 0x10000000UL
+#define CAPABILITY__AUDIT_WRITE 0x20000000UL
+#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
+#define CAPABILITY__SETFCAP 0x80000000UL
+#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
+#define CAPABILITY2__MAC_ADMIN 0x00000002UL
+#define PASSWD__PASSWD 0x00000001UL
+#define PASSWD__CHFN 0x00000002UL
+#define PASSWD__CHSH 0x00000004UL
+#define PASSWD__ROOTOK 0x00000008UL
+#define PASSWD__CRONTAB 0x00000010UL
+#define DRAWABLE__CREATE 0x00000001UL
+#define DRAWABLE__DESTROY 0x00000002UL
+#define DRAWABLE__DRAW 0x00000004UL
+#define DRAWABLE__COPY 0x00000008UL
+#define DRAWABLE__GETATTR 0x00000010UL
+#define GC__CREATE 0x00000001UL
+#define GC__FREE 0x00000002UL
+#define GC__GETATTR 0x00000004UL
+#define GC__SETATTR 0x00000008UL
+#define WINDOW__ADDCHILD 0x00000001UL
+#define WINDOW__CREATE 0x00000002UL
+#define WINDOW__DESTROY 0x00000004UL
+#define WINDOW__MAP 0x00000008UL
+#define WINDOW__UNMAP 0x00000010UL
+#define WINDOW__CHSTACK 0x00000020UL
+#define WINDOW__CHPROPLIST 0x00000040UL
+#define WINDOW__CHPROP 0x00000080UL
+#define WINDOW__LISTPROP 0x00000100UL
+#define WINDOW__GETATTR 0x00000200UL
+#define WINDOW__SETATTR 0x00000400UL
+#define WINDOW__SETFOCUS 0x00000800UL
+#define WINDOW__MOVE 0x00001000UL
+#define WINDOW__CHSELECTION 0x00002000UL
+#define WINDOW__CHPARENT 0x00004000UL
+#define WINDOW__CTRLLIFE 0x00008000UL
+#define WINDOW__ENUMERATE 0x00010000UL
+#define WINDOW__TRANSPARENT 0x00020000UL
+#define WINDOW__MOUSEMOTION 0x00040000UL
+#define WINDOW__CLIENTCOMEVENT 0x00080000UL
+#define WINDOW__INPUTEVENT 0x00100000UL
+#define WINDOW__DRAWEVENT 0x00200000UL
+#define WINDOW__WINDOWCHANGEEVENT 0x00400000UL
+#define WINDOW__WINDOWCHANGEREQUEST 0x00800000UL
+#define WINDOW__SERVERCHANGEEVENT 0x01000000UL
+#define WINDOW__EXTENSIONEVENT 0x02000000UL
+#define FONT__LOAD 0x00000001UL
+#define FONT__FREE 0x00000002UL
+#define FONT__GETATTR 0x00000004UL
+#define FONT__USE 0x00000008UL
+#define COLORMAP__CREATE 0x00000001UL
+#define COLORMAP__FREE 0x00000002UL
+#define COLORMAP__INSTALL 0x00000004UL
+#define COLORMAP__UNINSTALL 0x00000008UL
+#define COLORMAP__LIST 0x00000010UL
+#define COLORMAP__READ 0x00000020UL
+#define COLORMAP__STORE 0x00000040UL
+#define COLORMAP__GETATTR 0x00000080UL
+#define COLORMAP__SETATTR 0x00000100UL
+#define PROPERTY__CREATE 0x00000001UL
+#define PROPERTY__FREE 0x00000002UL
+#define PROPERTY__READ 0x00000004UL
+#define PROPERTY__WRITE 0x00000008UL
+#define CURSOR__CREATE 0x00000001UL
+#define CURSOR__CREATEGLYPH 0x00000002UL
+#define CURSOR__FREE 0x00000004UL
+#define CURSOR__ASSIGN 0x00000008UL
+#define CURSOR__SETATTR 0x00000010UL
+#define XCLIENT__KILL 0x00000001UL
+#define XINPUT__LOOKUP 0x00000001UL
+#define XINPUT__GETATTR 0x00000002UL
+#define XINPUT__SETATTR 0x00000004UL
+#define XINPUT__SETFOCUS 0x00000008UL
+#define XINPUT__WARPPOINTER 0x00000010UL
+#define XINPUT__ACTIVEGRAB 0x00000020UL
+#define XINPUT__PASSIVEGRAB 0x00000040UL
+#define XINPUT__UNGRAB 0x00000080UL
+#define XINPUT__BELL 0x00000100UL
+#define XINPUT__MOUSEMOTION 0x00000200UL
+#define XINPUT__RELABELINPUT 0x00000400UL
+#define XSERVER__SCREENSAVER 0x00000001UL
+#define XSERVER__GETHOSTLIST 0x00000002UL
+#define XSERVER__SETHOSTLIST 0x00000004UL
+#define XSERVER__GETFONTPATH 0x00000008UL
+#define XSERVER__SETFONTPATH 0x00000010UL
+#define XSERVER__GETATTR 0x00000020UL
+#define XSERVER__GRAB 0x00000040UL
+#define XSERVER__UNGRAB 0x00000080UL
+#define XEXTENSION__QUERY 0x00000001UL
+#define XEXTENSION__USE 0x00000002UL
+#define PAX__PAGEEXEC 0x00000001UL
+#define PAX__EMUTRAMP 0x00000002UL
+#define PAX__MPROTECT 0x00000004UL
+#define PAX__RANDMMAP 0x00000008UL
+#define PAX__RANDEXEC 0x00000010UL
+#define PAX__SEGMEXEC 0x00000020UL
+#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
+#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
+#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL
+#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL
+#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL
+#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL
+#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
+#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
+#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL
+#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL
+#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL
+#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL
+#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
+#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
+#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL
+#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL
+#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL
+#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL
+#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
+#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
+#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL
+#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL
+#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL
+#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL
+#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
+#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
+#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL
+#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL
+#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL
+#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL
+#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
+#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
+#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL
+#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL
+#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL
+#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL
+#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
+#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL
+#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
+#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
+#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
+#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
+#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL
+#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL
+#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL
+#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL
+#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
+#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
+#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
+#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
+#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL
+#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
+#define DBUS__ACQUIRE_SVC 0x00000001UL
+#define DBUS__SEND_MSG 0x00000002UL
+#define NSCD__GETPWD 0x00000001UL
+#define NSCD__GETGRP 0x00000002UL
+#define NSCD__GETHOST 0x00000004UL
+#define NSCD__GETSTAT 0x00000008UL
+#define NSCD__ADMIN 0x00000010UL
+#define NSCD__SHMEMPWD 0x00000020UL
+#define NSCD__SHMEMGRP 0x00000040UL
+#define NSCD__SHMEMHOST 0x00000080UL
+#define NSCD__GETSERV 0x00000100UL
+#define NSCD__SHMEMSERV 0x00000200UL
+#define ASSOCIATION__SENDTO 0x00000001UL
+#define ASSOCIATION__RECVFROM 0x00000002UL
+#define ASSOCIATION__SETCONTEXT 0x00000004UL
+#define ASSOCIATION__POLMATCH 0x00000008UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
+#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
+#define APPLETALK_SOCKET__IOCTL 0x00000001UL
+#define APPLETALK_SOCKET__READ 0x00000002UL
+#define APPLETALK_SOCKET__WRITE 0x00000004UL
+#define APPLETALK_SOCKET__CREATE 0x00000008UL
+#define APPLETALK_SOCKET__GETATTR 0x00000010UL
+#define APPLETALK_SOCKET__SETATTR 0x00000020UL
+#define APPLETALK_SOCKET__LOCK 0x00000040UL
+#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
+#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
+#define APPLETALK_SOCKET__APPEND 0x00000200UL
+#define APPLETALK_SOCKET__BIND 0x00000400UL
+#define APPLETALK_SOCKET__CONNECT 0x00000800UL
+#define APPLETALK_SOCKET__LISTEN 0x00001000UL
+#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
+#define APPLETALK_SOCKET__GETOPT 0x00004000UL
+#define APPLETALK_SOCKET__SETOPT 0x00008000UL
+#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
+#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
+#define APPLETALK_SOCKET__SENDTO 0x00040000UL
+#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
+#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
+#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
+#define PACKET__SEND 0x00000001UL
+#define PACKET__RECV 0x00000002UL
+#define PACKET__RELABELTO 0x00000004UL
+#define PACKET__FLOW_IN 0x00000008UL
+#define PACKET__FLOW_OUT 0x00000010UL
+#define PACKET__FORWARD_IN 0x00000020UL
+#define PACKET__FORWARD_OUT 0x00000040UL
+#define KEY__VIEW 0x00000001UL
+#define KEY__READ 0x00000002UL
+#define KEY__WRITE 0x00000004UL
+#define KEY__SEARCH 0x00000008UL
+#define KEY__LINK 0x00000010UL
+#define KEY__SETATTR 0x00000020UL
+#define KEY__CREATE 0x00000040UL
+#define CONTEXT__TRANSLATE 0x00000001UL
+#define CONTEXT__CONTAINS 0x00000002UL
+#define DCCP_SOCKET__IOCTL 0x00000001UL
+#define DCCP_SOCKET__READ 0x00000002UL
+#define DCCP_SOCKET__WRITE 0x00000004UL
+#define DCCP_SOCKET__CREATE 0x00000008UL
+#define DCCP_SOCKET__GETATTR 0x00000010UL
+#define DCCP_SOCKET__SETATTR 0x00000020UL
+#define DCCP_SOCKET__LOCK 0x00000040UL
+#define DCCP_SOCKET__RELABELFROM 0x00000080UL
+#define DCCP_SOCKET__RELABELTO 0x00000100UL
+#define DCCP_SOCKET__APPEND 0x00000200UL
+#define DCCP_SOCKET__BIND 0x00000400UL
+#define DCCP_SOCKET__CONNECT 0x00000800UL
+#define DCCP_SOCKET__LISTEN 0x00001000UL
+#define DCCP_SOCKET__ACCEPT 0x00002000UL
+#define DCCP_SOCKET__GETOPT 0x00004000UL
+#define DCCP_SOCKET__SETOPT 0x00008000UL
+#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
+#define DCCP_SOCKET__RECVFROM 0x00020000UL
+#define DCCP_SOCKET__SENDTO 0x00040000UL
+#define DCCP_SOCKET__RECV_MSG 0x00080000UL
+#define DCCP_SOCKET__SEND_MSG 0x00100000UL
+#define DCCP_SOCKET__NAME_BIND 0x00200000UL
+#define DCCP_SOCKET__NODE_BIND 0x00400000UL
+#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
+#define MEMPROTECT__MMAP_ZERO 0x00000001UL
+#define DB_DATABASE__CREATE 0x00000001UL
+#define DB_DATABASE__DROP 0x00000002UL
+#define DB_DATABASE__GETATTR 0x00000004UL
+#define DB_DATABASE__SETATTR 0x00000008UL
+#define DB_DATABASE__RELABELFROM 0x00000010UL
+#define DB_DATABASE__RELABELTO 0x00000020UL
+#define DB_DATABASE__ACCESS 0x00000040UL
+#define DB_DATABASE__INSTALL_MODULE 0x00000080UL
+#define DB_DATABASE__LOAD_MODULE 0x00000100UL
+#define DB_DATABASE__GET_PARAM 0x00000200UL
+#define DB_DATABASE__SET_PARAM 0x00000400UL
+#define DB_TABLE__CREATE 0x00000001UL
+#define DB_TABLE__DROP 0x00000002UL
+#define DB_TABLE__GETATTR 0x00000004UL
+#define DB_TABLE__SETATTR 0x00000008UL
+#define DB_TABLE__RELABELFROM 0x00000010UL
+#define DB_TABLE__RELABELTO 0x00000020UL
+#define DB_TABLE__USE 0x00000040UL
+#define DB_TABLE__SELECT 0x00000080UL
+#define DB_TABLE__UPDATE 0x00000100UL
+#define DB_TABLE__INSERT 0x00000200UL
+#define DB_TABLE__DELETE 0x00000400UL
+#define DB_TABLE__LOCK 0x00000800UL
+#define DB_PROCEDURE__CREATE 0x00000001UL
+#define DB_PROCEDURE__DROP 0x00000002UL
+#define DB_PROCEDURE__GETATTR 0x00000004UL
+#define DB_PROCEDURE__SETATTR 0x00000008UL
+#define DB_PROCEDURE__RELABELFROM 0x00000010UL
+#define DB_PROCEDURE__RELABELTO 0x00000020UL
+#define DB_PROCEDURE__EXECUTE 0x00000040UL
+#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL
+#define DB_COLUMN__CREATE 0x00000001UL
+#define DB_COLUMN__DROP 0x00000002UL
+#define DB_COLUMN__GETATTR 0x00000004UL
+#define DB_COLUMN__SETATTR 0x00000008UL
+#define DB_COLUMN__RELABELFROM 0x00000010UL
+#define DB_COLUMN__RELABELTO 0x00000020UL
+#define DB_COLUMN__USE 0x00000040UL
+#define DB_COLUMN__SELECT 0x00000080UL
+#define DB_COLUMN__UPDATE 0x00000100UL
+#define DB_COLUMN__INSERT 0x00000200UL
+#define DB_TUPLE__RELABELFROM 0x00000001UL
+#define DB_TUPLE__RELABELTO 0x00000002UL
+#define DB_TUPLE__USE 0x00000004UL
+#define DB_TUPLE__SELECT 0x00000008UL
+#define DB_TUPLE__UPDATE 0x00000010UL
+#define DB_TUPLE__INSERT 0x00000020UL
+#define DB_TUPLE__DELETE 0x00000040UL
+#define DB_BLOB__CREATE 0x00000001UL
+#define DB_BLOB__DROP 0x00000002UL
+#define DB_BLOB__GETATTR 0x00000004UL
+#define DB_BLOB__SETATTR 0x00000008UL
+#define DB_BLOB__RELABELFROM 0x00000010UL
+#define DB_BLOB__RELABELTO 0x00000020UL
+#define DB_BLOB__READ 0x00000040UL
+#define DB_BLOB__WRITE 0x00000080UL
+#define DB_BLOB__IMPORT 0x00000100UL
+#define DB_BLOB__EXPORT 0x00000200UL
+#define PEER__RECV 0x00000001UL
diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h
new file mode 100644
index 0000000..a31e556
--- /dev/null
+++ b/libselinux/include/selinux/avc.h
@@ -0,0 +1,433 @@
+/*
+ * Access vector cache interface for object managers.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+#ifndef _SELINUX_AVC_H_
+#define _SELINUX_AVC_H_
+
+#include <stdint.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * SID format and operations
+ */
+struct security_id {
+ security_context_t ctx;
+ unsigned int refcnt;
+};
+typedef struct security_id *security_id_t;
+
+#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
+
+/**
+ * avc_sid_to_context - get copy of context corresponding to SID.
+ * @sid: input SID
+ * @ctx: pointer to context reference
+ *
+ * Return a copy of the security context corresponding to the input
+ * @sid in the memory referenced by @ctx. The caller is expected to
+ * free the context with freecon(). Return %0 on success, -%1 on
+ * failure, with @errno set to %ENOMEM if insufficient memory was
+ * available to make the copy, or %EINVAL if the input SID is invalid.
+ */
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx);
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx);
+
+/**
+ * avc_context_to_sid - get SID for context.
+ * @ctx: input security context
+ * @sid: pointer to SID reference
+ *
+ * Look up security context @ctx in SID table, making
+ * a new entry if @ctx is not found. Increment the
+ * reference counter for the SID. Store a pointer
+ * to the SID structure into the memory referenced by @sid,
+ * returning %0 on success or -%1 on error with @errno set.
+ */
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid);
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid);
+
+/**
+ * sidget - increment SID reference counter.
+ * @sid: SID reference
+ *
+ * Increment the reference counter for @sid, indicating that
+ * @sid is in use by an (additional) object. Return the
+ * new reference count, or zero if @sid is invalid (has zero
+ * reference count). Note that avc_context_to_sid() also
+ * increments reference counts.
+ */
+int sidget(security_id_t sid);
+
+/**
+ * sidput - decrement SID reference counter.
+ * @sid: SID reference
+ *
+ * Decrement the reference counter for @sid, indicating that
+ * a reference to @sid is no longer in use. Return the
+ * new reference count. When the reference count reaches
+ * zero, the SID is invalid, and avc_context_to_sid() must
+ * be called to obtain a new SID for the security context.
+ */
+int sidput(security_id_t sid);
+
+/**
+ * avc_get_initial_sid - get SID for an initial kernel security identifier
+ * @name: input name of initial kernel security identifier
+ * @sid: pointer to a SID reference
+ *
+ * Get the context for an initial kernel security identifier specified by
+ * @name using security_get_initial_context() and then call
+ * avc_context_to_sid() to get the corresponding SID.
+ */
+int avc_get_initial_sid(const char *name, security_id_t * sid);
+
+/*
+ * AVC entry
+ */
+struct avc_entry;
+struct avc_entry_ref {
+ struct avc_entry *ae;
+};
+
+/**
+ * avc_entry_ref_init - initialize an AVC entry reference.
+ * @aeref: pointer to avc entry reference structure
+ *
+ * Use this macro to initialize an avc entry reference structure
+ * before first use. These structures are passed to avc_has_perm(),
+ * which stores cache entry references in them. They can increase
+ * performance on repeated queries.
+ */
+#define avc_entry_ref_init(aeref) ((aeref)->ae = NULL)
+
+/*
+ * User-provided callbacks for memory, auditing, and locking
+ */
+
+/* These structures are passed by reference to avc_init(). Passing
+ * a NULL reference will cause the AVC to use a default. The default
+ * memory callbacks are malloc() and free(). The default logging method
+ * is to print on stderr. If no thread callbacks are passed, a separate
+ * listening thread won't be started for kernel policy change messages.
+ * If no locking callbacks are passed, no locking will take place.
+ */
+struct avc_memory_callback {
+ /* malloc() equivalent. */
+ void *(*func_malloc) (size_t size);
+ /* free() equivalent. */
+ void (*func_free) (void *ptr);
+ /* Note that these functions should set errno on failure.
+ If not, some avc routines may return -1 without errno set. */
+};
+
+struct avc_log_callback {
+ /* log the printf-style format and arguments. */
+ void (*func_log) (const char *fmt, ...);
+ /* store a string representation of auditdata (corresponding
+ to the given security class) into msgbuf. */
+ void (*func_audit) (void *auditdata, security_class_t cls,
+ char *msgbuf, size_t msgbufsize);
+};
+
+struct avc_thread_callback {
+ /* create and start a thread, returning an opaque pointer to it;
+ the thread should run the given function. */
+ void *(*func_create_thread) (void (*run) (void));
+ /* cancel a given thread and free its resources. */
+ void (*func_stop_thread) (void *thread);
+};
+
+struct avc_lock_callback {
+ /* create a lock and return an opaque pointer to it. */
+ void *(*func_alloc_lock) (void);
+ /* obtain a given lock, blocking if necessary. */
+ void (*func_get_lock) (void *lock);
+ /* release a given lock. */
+ void (*func_release_lock) (void *lock);
+ /* destroy a given lock (free memory, etc.) */
+ void (*func_free_lock) (void *lock);
+};
+
+/*
+ * Available options
+ */
+
+/* no-op option, useful for unused slots in an array of options */
+#define AVC_OPT_UNUSED 0
+/* override kernel enforcing mode (boolean value) */
+#define AVC_OPT_SETENFORCE 1
+
+/*
+ * AVC operations
+ */
+
+/**
+ * avc_init - Initialize the AVC.
+ * @msgprefix: prefix for log messages
+ * @mem_callbacks: user-supplied memory callbacks
+ * @log_callbacks: user-supplied logging callbacks
+ * @thread_callbacks: user-supplied threading callbacks
+ * @lock_callbacks: user-supplied locking callbacks
+ *
+ * Initialize the access vector cache. Return %0 on
+ * success or -%1 with @errno set on failure.
+ * If @msgprefix is NULL, use "uavc". If any callback
+ * structure references are NULL, use default methods
+ * for those callbacks (see the definition of the callback
+ * structures above).
+ */
+int avc_init(const char *msgprefix,
+ const struct avc_memory_callback *mem_callbacks,
+ const struct avc_log_callback *log_callbacks,
+ const struct avc_thread_callback *thread_callbacks,
+ const struct avc_lock_callback *lock_callbacks);
+
+/**
+ * avc_open - Initialize the AVC.
+ * @opts: array of selabel_opt structures specifying AVC options or NULL.
+ * @nopts: number of elements in opts array or zero for no options.
+ *
+ * This function is identical to avc_init(), except the message prefix
+ * is set to "avc" and any callbacks desired should be specified via
+ * selinux_set_callback(). Available options are listed above.
+ */
+int avc_open(struct selinux_opt *opts, unsigned nopts);
+
+/**
+ * avc_cleanup - Remove unused SIDs and AVC entries.
+ *
+ * Search the SID table for SID structures with zero
+ * reference counts, and remove them along with all
+ * AVC entries that reference them. This can be used
+ * to return memory to the system.
+ */
+void avc_cleanup(void);
+
+/**
+ * avc_reset - Flush the cache and reset statistics.
+ *
+ * Remove all entries from the cache and reset all access
+ * statistics (as returned by avc_cache_stats()) to zero.
+ * The SID mapping is not affected. Return %0 on success,
+ * -%1 with @errno set on error.
+ */
+int avc_reset(void);
+
+/**
+ * avc_destroy - Free all AVC structures.
+ *
+ * Destroy all AVC structures and free all allocated
+ * memory. User-supplied locking, memory, and audit
+ * callbacks will be retained, but security-event
+ * callbacks will not. All SID's will be invalidated.
+ * User must call avc_init() if further use of AVC is desired.
+ */
+void avc_destroy(void);
+
+/**
+ * avc_has_perm_noaudit - Check permissions but perform no auditing.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions, interpreted based on @tclass
+ * @aeref: AVC entry reference
+ * @avd: access vector decisions
+ *
+ * Check the AVC to determine whether the @requested permissions are granted
+ * for the SID pair (@ssid, @tsid), interpreting the permissions
+ * based on @tclass, and call the security server on a cache miss to obtain
+ * a new decision and add it to the cache. Update @aeref to refer to an AVC
+ * entry with the resulting decisions, and return a copy of the decisions
+ * in @avd. Return %0 if all @requested permissions are granted, -%1 with
+ * @errno set to %EACCES if any permissions are denied, or to another value
+ * upon other errors. This function is typically called by avc_has_perm(),
+ * but may also be called directly to separate permission checking from
+ * auditing, e.g. in cases where a lock must be held for the check but
+ * should be released for the auditing.
+ */
+int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref, struct av_decision *avd);
+
+/**
+ * avc_has_perm - Check permissions and perform any appropriate auditing.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions, interpreted based on @tclass
+ * @aeref: AVC entry reference
+ * @auditdata: auxiliary audit data
+ *
+ * Check the AVC to determine whether the @requested permissions are granted
+ * for the SID pair (@ssid, @tsid), interpreting the permissions
+ * based on @tclass, and call the security server on a cache miss to obtain
+ * a new decision and add it to the cache. Update @aeref to refer to an AVC
+ * entry with the resulting decisions. Audit the granting or denial of
+ * permissions in accordance with the policy. Return %0 if all @requested
+ * permissions are granted, -%1 with @errno set to %EACCES if any permissions
+ * are denied or to another value upon other errors.
+ */
+int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata);
+
+/**
+ * avc_audit - Audit the granting or denial of permissions.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions
+ * @avd: access vector decisions
+ * @result: result from avc_has_perm_noaudit
+ * @auditdata: auxiliary audit data
+ *
+ * Audit the granting or denial of permissions in accordance
+ * with the policy. This function is typically called by
+ * avc_has_perm() after a permission check, but can also be
+ * called directly by callers who use avc_has_perm_noaudit()
+ * in order to separate the permission check from the auditing.
+ * For example, this separation is useful when the permission check must
+ * be performed under a lock, to allow the lock to be released
+ * before calling the auditing code.
+ */
+void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *auditdata);
+
+/**
+ * avc_compute_create - Compute SID for labeling a new object.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @newsid: pointer to SID reference
+ *
+ * Call the security server to obtain a context for labeling a
+ * new object. Look up the context in the SID table, making
+ * a new entry if not found. Increment the reference counter
+ * for the SID. Store a pointer to the SID structure into the
+ * memory referenced by @newsid, returning %0 on success or -%1 on
+ * error with @errno set.
+ */
+int avc_compute_create(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
+
+/**
+ * avc_compute_member - Compute SID for polyinstantation.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @newsid: pointer to SID reference
+ *
+ * Call the security server to obtain a context for labeling an
+ * object instance. Look up the context in the SID table, making
+ * a new entry if not found. Increment the reference counter
+ * for the SID. Store a pointer to the SID structure into the
+ * memory referenced by @newsid, returning %0 on success or -%1 on
+ * error with @errno set.
+ */
+int avc_compute_member(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
+
+/*
+ * security event callback facility
+ */
+
+/* security events */
+#define AVC_CALLBACK_GRANT 1
+#define AVC_CALLBACK_TRY_REVOKE 2
+#define AVC_CALLBACK_REVOKE 4
+#define AVC_CALLBACK_RESET 8
+#define AVC_CALLBACK_AUDITALLOW_ENABLE 16
+#define AVC_CALLBACK_AUDITALLOW_DISABLE 32
+#define AVC_CALLBACK_AUDITDENY_ENABLE 64
+#define AVC_CALLBACK_AUDITDENY_DISABLE 128
+
+/**
+ * avc_add_callback - Register a callback for security events.
+ * @callback: callback function
+ * @events: bitwise OR of desired security events
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions
+ *
+ * Register a callback function for events in the set @events
+ * related to the SID pair (@ssid, @tsid) and
+ * and the permissions @perms, interpreting
+ * @perms based on @tclass. Returns %0 on success or
+ * -%1 if insufficient memory exists to add the callback.
+ */
+int avc_add_callback(int (*callback)
+ (uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ uint32_t events, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms);
+
+/*
+ * AVC statistics
+ */
+
+/* If set, cache statistics are tracked. This may
+ * become a compile-time option in the future.
+ */
+#define AVC_CACHE_STATS 1
+
+struct avc_cache_stats {
+ unsigned entry_lookups;
+ unsigned entry_hits;
+ unsigned entry_misses;
+ unsigned entry_discards;
+ unsigned cav_lookups;
+ unsigned cav_hits;
+ unsigned cav_probes;
+ unsigned cav_misses;
+};
+
+/**
+ * avc_cache_stats - get cache access statistics.
+ * @stats: reference to statistics structure
+ *
+ * Fill the supplied structure with information about AVC
+ * activity since the last call to avc_init() or
+ * avc_reset(). See the structure definition for
+ * details.
+ */
+void avc_cache_stats(struct avc_cache_stats *stats);
+
+/**
+ * avc_av_stats - log av table statistics.
+ *
+ * Log a message with information about the size and
+ * distribution of the access vector table. The audit
+ * callback is used to print the message.
+ */
+void avc_av_stats(void);
+
+/**
+ * avc_sid_stats - log SID table statistics.
+ *
+ * Log a message with information about the size and
+ * distribution of the SID table. The audit callback
+ * is used to print the message.
+ */
+void avc_sid_stats(void);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _SELINUX_AVC_H_ */
diff --git a/libselinux/include/selinux/context.h b/libselinux/include/selinux/context.h
new file mode 100644
index 0000000..949fb1e
--- /dev/null
+++ b/libselinux/include/selinux/context.h
@@ -0,0 +1,50 @@
+#ifndef _SELINUX_CONTEXT_H_
+#define _SELINUX_CONTEXT_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Functions to deal with security contexts in user space.
+ */
+
+ typedef struct {
+ void *ptr;
+ } context_s_t;
+
+ typedef context_s_t *context_t;
+
+/* Return a new context initialized to a context string */
+
+ extern context_t context_new(const char *);
+
+/*
+ * Return a pointer to the string value of the context_t
+ * Valid until the next call to context_str or context_free
+ * for the same context_t*
+ */
+
+ extern char *context_str(context_t);
+
+/* Free the storage used by a context */
+ extern void context_free(context_t);
+
+/* Get a pointer to the string value of a context component */
+
+ extern const char *context_type_get(context_t);
+ extern const char *context_range_get(context_t);
+ extern const char *context_role_get(context_t);
+ extern const char *context_user_get(context_t);
+
+/* Set a context component. Returns nonzero if unsuccessful */
+
+ extern int context_type_set(context_t, const char *);
+ extern int context_range_set(context_t, const char *);
+ extern int context_role_set(context_t, const char *);
+ extern int context_user_set(context_t, const char *);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/libselinux/include/selinux/flask.h b/libselinux/include/selinux/flask.h
new file mode 100644
index 0000000..ac8637b
--- /dev/null
+++ b/libselinux/include/selinux/flask.h
@@ -0,0 +1,111 @@
+/* This file is automatically generated. Do not edit. */
+#ifndef _SELINUX_FLASK_H_
+#define _SELINUX_FLASK_H_
+
+/*
+ * Security object class definitions
+ */
+#define SECCLASS_SECURITY 1
+#define SECCLASS_PROCESS 2
+#define SECCLASS_SYSTEM 3
+#define SECCLASS_CAPABILITY 4
+#define SECCLASS_FILESYSTEM 5
+#define SECCLASS_FILE 6
+#define SECCLASS_DIR 7
+#define SECCLASS_FD 8
+#define SECCLASS_LNK_FILE 9
+#define SECCLASS_CHR_FILE 10
+#define SECCLASS_BLK_FILE 11
+#define SECCLASS_SOCK_FILE 12
+#define SECCLASS_FIFO_FILE 13
+#define SECCLASS_SOCKET 14
+#define SECCLASS_TCP_SOCKET 15
+#define SECCLASS_UDP_SOCKET 16
+#define SECCLASS_RAWIP_SOCKET 17
+#define SECCLASS_NODE 18
+#define SECCLASS_NETIF 19
+#define SECCLASS_NETLINK_SOCKET 20
+#define SECCLASS_PACKET_SOCKET 21
+#define SECCLASS_KEY_SOCKET 22
+#define SECCLASS_UNIX_STREAM_SOCKET 23
+#define SECCLASS_UNIX_DGRAM_SOCKET 24
+#define SECCLASS_SEM 25
+#define SECCLASS_MSG 26
+#define SECCLASS_MSGQ 27
+#define SECCLASS_SHM 28
+#define SECCLASS_IPC 29
+#define SECCLASS_PASSWD 30
+#define SECCLASS_DRAWABLE 31
+#define SECCLASS_WINDOW 32
+#define SECCLASS_GC 33
+#define SECCLASS_FONT 34
+#define SECCLASS_COLORMAP 35
+#define SECCLASS_PROPERTY 36
+#define SECCLASS_CURSOR 37
+#define SECCLASS_XCLIENT 38
+#define SECCLASS_XINPUT 39
+#define SECCLASS_XSERVER 40
+#define SECCLASS_XEXTENSION 41
+#define SECCLASS_PAX 42
+#define SECCLASS_NETLINK_ROUTE_SOCKET 43
+#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
+#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
+#define SECCLASS_NETLINK_NFLOG_SOCKET 46
+#define SECCLASS_NETLINK_XFRM_SOCKET 47
+#define SECCLASS_NETLINK_SELINUX_SOCKET 48
+#define SECCLASS_NETLINK_AUDIT_SOCKET 49
+#define SECCLASS_NETLINK_IP6FW_SOCKET 50
+#define SECCLASS_NETLINK_DNRT_SOCKET 51
+#define SECCLASS_DBUS 52
+#define SECCLASS_NSCD 53
+#define SECCLASS_ASSOCIATION 54
+#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
+#define SECCLASS_APPLETALK_SOCKET 56
+#define SECCLASS_PACKET 57
+#define SECCLASS_KEY 58
+#define SECCLASS_CONTEXT 59
+#define SECCLASS_DCCP_SOCKET 60
+#define SECCLASS_MEMPROTECT 61
+#define SECCLASS_DB_DATABASE 62
+#define SECCLASS_DB_TABLE 63
+#define SECCLASS_DB_PROCEDURE 64
+#define SECCLASS_DB_COLUMN 65
+#define SECCLASS_DB_TUPLE 66
+#define SECCLASS_DB_BLOB 67
+#define SECCLASS_PEER 68
+#define SECCLASS_CAPABILITY2 69
+
+/*
+ * Security identifier indices for initial entities
+ */
+#define SECINITSID_KERNEL 1
+#define SECINITSID_SECURITY 2
+#define SECINITSID_UNLABELED 3
+#define SECINITSID_FS 4
+#define SECINITSID_FILE 5
+#define SECINITSID_FILE_LABELS 6
+#define SECINITSID_INIT 7
+#define SECINITSID_ANY_SOCKET 8
+#define SECINITSID_PORT 9
+#define SECINITSID_NETIF 10
+#define SECINITSID_NETMSG 11
+#define SECINITSID_NODE 12
+#define SECINITSID_IGMP_PACKET 13
+#define SECINITSID_ICMP_SOCKET 14
+#define SECINITSID_TCP_SOCKET 15
+#define SECINITSID_SYSCTL_MODPROBE 16
+#define SECINITSID_SYSCTL 17
+#define SECINITSID_SYSCTL_FS 18
+#define SECINITSID_SYSCTL_KERNEL 19
+#define SECINITSID_SYSCTL_NET 20
+#define SECINITSID_SYSCTL_NET_UNIX 21
+#define SECINITSID_SYSCTL_VM 22
+#define SECINITSID_SYSCTL_DEV 23
+#define SECINITSID_KMOD 24
+#define SECINITSID_POLICY 25
+#define SECINITSID_SCMP_PACKET 26
+#define SECINITSID_DEVNULL 27
+
+#define SECINITSID_NUM 27
+
+#endif
diff --git a/libselinux/include/selinux/get_context_list.h b/libselinux/include/selinux/get_context_list.h
new file mode 100644
index 0000000..f678c18
--- /dev/null
+++ b/libselinux/include/selinux/get_context_list.h
@@ -0,0 +1,82 @@
+#ifndef _SELINUX_GET_SID_LIST_H_
+#define _SELINUX_GET_SID_LIST_H_
+
+#include <selinux/selinux.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define SELINUX_DEFAULTUSER "user_u"
+
+/* Get an ordered list of authorized security contexts for a user session
+ for 'user' spawned by 'fromcon' and set *conary to refer to the
+ NULL-terminated array of contexts. Every entry in the list will
+ be authorized by the policy, but the ordering is subject to user
+ customizable preferences. Returns number of entries in *conary.
+ If 'fromcon' is NULL, defaults to current context.
+ Caller must free via freeconary. */
+ extern int get_ordered_context_list(const char *user,
+ security_context_t fromcon,
+ security_context_t ** list);
+
+/* As above, but use the provided MLS level rather than the
+ default level for the user. */
+ int get_ordered_context_list_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t ** list);
+
+/* Get the default security context for a user session for 'user'
+ spawned by 'fromcon' and set *newcon to refer to it. The context
+ will be one of those authorized by the policy, but the selection
+ of a default is subject to user customizable preferences.
+ If 'fromcon' is NULL, defaults to current context.
+ Returns 0 on success or -1 otherwise.
+ Caller must free via freecon. */
+ extern int get_default_context(const char *user,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* As above, but use the provided MLS level rather than the
+ default level for the user. */
+ int get_default_context_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* Same as get_default_context, but only return a context
+ that has the specified role. If no reachable context exists
+ for the user with that role, then return -1. */
+ int get_default_context_with_role(const char *user,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* Same as get_default_context, but only return a context
+ that has the specified role and level. If no reachable context exists
+ for the user with that role, then return -1. */
+ int get_default_context_with_rolelevel(const char *user,
+ const char *level,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon);
+
+/* Given a list of authorized security contexts for the user,
+ query the user to select one and set *newcon to refer to it.
+ Caller must free via freecon.
+ Returns 0 on sucess or -1 otherwise. */
+ extern int query_user_context(security_context_t * list,
+ security_context_t * newcon);
+
+/* Allow the user to manually enter a context as a fallback
+ if a list of authorized contexts could not be obtained.
+ Caller must free via freecon.
+ Returns 0 on success or -1 otherwise. */
+ extern int manual_user_enter_context(const char *user,
+ security_context_t * newcon);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/libselinux/include/selinux/get_default_type.h b/libselinux/include/selinux/get_default_type.h
new file mode 100644
index 0000000..65c5dd4
--- /dev/null
+++ b/libselinux/include/selinux/get_default_type.h
@@ -0,0 +1,23 @@
+/* get_default_type.h - contains header information and function prototypes
+ * for functions to get the default type for a role
+ */
+
+#ifndef _SELINUX_GET_DEFAULT_TYPE_H_
+#define _SELINUX_GET_DEFAULT_TYPE_H_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Return path to default type file. */
+ const char *selinux_default_type_path(void);
+
+/* Get the default type (domain) for 'role' and set 'type' to refer to it.
+ Caller must free via free().
+ Return 0 on success or -1 otherwise. */
+ int get_default_type(const char *role, char **type);
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* ifndef _GET_DEFAULT_TYPE_H_ */
diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
new file mode 100644
index 0000000..82f4e13
--- /dev/null
+++ b/libselinux/include/selinux/label.h
@@ -0,0 +1,123 @@
+/*
+ * Labeling interface for userspace object managers and others.
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ */
+#ifndef _SELABEL_H_
+#define _SELABEL_H_
+
+#include <sys/types.h>
+#include <selinux/selinux.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * Opaque type used for all label handles.
+ */
+
+struct selabel_handle;
+
+/*
+ * Available backends.
+ */
+
+/* file contexts */
+#define SELABEL_CTX_FILE 0
+/* media contexts */
+#define SELABEL_CTX_MEDIA 1
+/* x contexts */
+#define SELABEL_CTX_X 2
+
+/*
+ * Available options
+ */
+
+/* no-op option, useful for unused slots in an array of options */
+#define SELABEL_OPT_UNUSED 0
+/* validate contexts before returning them (boolean value) */
+#define SELABEL_OPT_VALIDATE 1
+/* don't use local customizations to backend data (boolean value) */
+#define SELABEL_OPT_BASEONLY 2
+/* specify an alternate path to use when loading backend data */
+#define SELABEL_OPT_PATH 3
+/* select a subset of the search space as an optimization (file backend) */
+#define SELABEL_OPT_SUBSET 4
+/* total number of options */
+#define SELABEL_NOPT 5
+
+/*
+ * Label operations
+ */
+
+/**
+ * selabel_open - Create a labeling handle.
+ * @backend: one of the constants specifying a supported labeling backend.
+ * @opts: array of selabel_opt structures specifying label options or NULL.
+ * @nopts: number of elements in opts array or zero for no options.
+ *
+ * Open a labeling backend for use. The available backend identifiers are
+ * listed above. Options may be provided via the opts parameter; available
+ * options are listed above. Not all options may be supported by every
+ * backend. Return value is the created handle on success or NULL with
+ * @errno set on failure.
+ */
+struct selabel_handle *selabel_open(unsigned int backend,
+ struct selinux_opt *opts, unsigned nopts);
+
+/**
+ * selabel_close - Close a labeling handle.
+ * @handle: specifies handle to close
+ *
+ * Destroy the specified handle, closing files, freeing allocated memory,
+ * etc. The handle may not be further used after it has been closed.
+ */
+void selabel_close(struct selabel_handle *handle);
+
+/**
+ * selabel_lookup - Perform labeling lookup operation.
+ * @handle: specifies backend instance to query
+ * @con: returns the appropriate context with which to label the object
+ * @key: string input to lookup operation
+ * @type: numeric input to the lookup operation
+ *
+ * Perform a labeling lookup operation. Return %0 on success, -%1 with
+ * @errno set on failure. The key and type arguments are the inputs to the
+ * lookup operation; appropriate values are dictated by the backend in use.
+ * The result is returned in the memory pointed to by @con and must be freed
+ * by the user with freecon().
+ */
+int selabel_lookup(struct selabel_handle *handle, security_context_t *con,
+ const char *key, int type);
+int selabel_lookup_raw(struct selabel_handle *handle, security_context_t *con,
+ const char *key, int type);
+
+/**
+ * selabel_stats - log labeling operation statistics.
+ * @handle: specifies backend instance to query
+ *
+ * Log a message with information about the number of queries performed,
+ * number of unused matching entries, or other operational statistics.
+ * Message is backend-specific, some backends may not output a message.
+ */
+void selabel_stats(struct selabel_handle *handle);
+
+/*
+ * Type codes used by specific backends
+ */
+
+/* X backend */
+#define SELABEL_X_PROP 1
+#define SELABEL_X_EXT 2
+#define SELABEL_X_CLIENT 3
+#define SELABEL_X_EVENT 4
+#define SELABEL_X_SELN 5
+#define SELABEL_X_POLYPROP 6
+#define SELABEL_X_POLYSELN 7
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /* _SELABEL_H_ */
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
new file mode 100644
index 0000000..3bfc0c8
--- /dev/null
+++ b/libselinux/include/selinux/selinux.h
@@ -0,0 +1,530 @@
+#ifndef _SELINUX_H_
+#define _SELINUX_H_
+
+#include <sys/types.h>
+#include <stdarg.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
+extern int is_selinux_enabled(void);
+/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
+extern int is_selinux_mls_enabled(void);
+
+typedef char *security_context_t;
+
+/* Free the memory allocated for a context by any of the below get* calls. */
+extern void freecon(security_context_t con);
+
+/* Free the memory allocated for a context array by security_compute_user. */
+extern void freeconary(security_context_t * con);
+
+/* Wrappers for the /proc/pid/attr API. */
+
+/* Get current context, and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getcon(security_context_t * con);
+extern int getcon_raw(security_context_t * con);
+
+/* Set the current security context to con.
+ Note that use of this function requires that the entire application
+ be trusted to maintain any desired separation between the old and new
+ security contexts, unlike exec-based transitions performed via setexeccon.
+ When possible, decompose your application and use setexeccon()+execve()
+ instead. Note that the application may lose access to its open descriptors
+ as a result of a setcon() unless policy allows it to use descriptors opened
+ by the old context. */
+extern int setcon(security_context_t con);
+extern int setcon_raw(security_context_t con);
+
+/* Get context of process identified by pid, and
+ set *con to refer to it. Caller must free via freecon. */
+extern int getpidcon(pid_t pid, security_context_t * con);
+extern int getpidcon_raw(pid_t pid, security_context_t * con);
+
+/* Get previous context (prior to last exec), and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getprevcon(security_context_t * con);
+extern int getprevcon_raw(security_context_t * con);
+
+/* Get exec context, and set *con to refer to it.
+ Sets *con to NULL if no exec context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getexeccon(security_context_t * con);
+extern int getexeccon_raw(security_context_t * con);
+
+/* Set exec security context for the next execve.
+ Call with NULL if you want to reset to the default. */
+extern int setexeccon(security_context_t con);
+extern int setexeccon_raw(security_context_t con);
+
+/* Get fscreate context, and set *con to refer to it.
+ Sets *con to NULL if no fs create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getfscreatecon(security_context_t * con);
+extern int getfscreatecon_raw(security_context_t * con);
+
+/* Set the fscreate security context for subsequent file creations.
+ Call with NULL if you want to reset to the default. */
+extern int setfscreatecon(security_context_t context);
+extern int setfscreatecon_raw(security_context_t context);
+
+/* Get keycreate context, and set *con to refer to it.
+ Sets *con to NULL if no key create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getkeycreatecon(security_context_t * con);
+extern int getkeycreatecon_raw(security_context_t * con);
+
+/* Set the keycreate security context for subsequent key creations.
+ Call with NULL if you want to reset to the default. */
+extern int setkeycreatecon(security_context_t context);
+extern int setkeycreatecon_raw(security_context_t context);
+
+/* Get sockcreate context, and set *con to refer to it.
+ Sets *con to NULL if no socket create context has been set, i.e. using default.
+ If non-NULL, caller must free via freecon. */
+extern int getsockcreatecon(security_context_t * con);
+extern int getsockcreatecon_raw(security_context_t * con);
+
+/* Set the sockcreate security context for subsequent socket creations.
+ Call with NULL if you want to reset to the default. */
+extern int setsockcreatecon(security_context_t context);
+extern int setsockcreatecon_raw(security_context_t context);
+
+/* Wrappers for the xattr API. */
+
+/* Get file context, and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getfilecon(const char *path, security_context_t * con);
+extern int getfilecon_raw(const char *path, security_context_t * con);
+extern int lgetfilecon(const char *path, security_context_t * con);
+extern int lgetfilecon_raw(const char *path, security_context_t * con);
+extern int fgetfilecon(int fd, security_context_t * con);
+extern int fgetfilecon_raw(int fd, security_context_t * con);
+
+/* Set file context */
+extern int setfilecon(const char *path, security_context_t con);
+extern int setfilecon_raw(const char *path, security_context_t con);
+extern int lsetfilecon(const char *path, security_context_t con);
+extern int lsetfilecon_raw(const char *path, security_context_t con);
+extern int fsetfilecon(int fd, security_context_t con);
+extern int fsetfilecon_raw(int fd, security_context_t con);
+
+/* Wrappers for the socket API */
+
+/* Get context of peer socket, and set *con to refer to it.
+ Caller must free via freecon. */
+extern int getpeercon(int fd, security_context_t * con);
+extern int getpeercon_raw(int fd, security_context_t * con);
+
+/* Wrappers for the selinuxfs (policy) API. */
+
+typedef unsigned int access_vector_t;
+typedef unsigned short security_class_t;
+
+struct av_decision {
+ access_vector_t allowed;
+ access_vector_t decided;
+ access_vector_t auditallow;
+ access_vector_t auditdeny;
+ unsigned int seqno;
+};
+
+/* Structure for passing options, used by AVC and label subsystems */
+struct selinux_opt {
+ int type;
+ const char *value;
+};
+
+/* Callback facilities */
+union selinux_callback {
+ /* log the printf-style format and arguments,
+ with the type code indicating the type of message */
+ int
+#ifdef __GNUC__
+__attribute__ ((format(printf, 2, 3)))
+#endif
+ (*func_log) (int type, const char *fmt, ...);
+ /* store a string representation of auditdata (corresponding
+ to the given security class) into msgbuf. */
+ int (*func_audit) (void *auditdata, security_class_t cls,
+ char *msgbuf, size_t msgbufsize);
+ /* validate the supplied context, modifying if necessary */
+ int (*func_validate) (security_context_t *ctx);
+};
+
+#define SELINUX_CB_LOG 0
+#define SELINUX_CB_AUDIT 1
+#define SELINUX_CB_VALIDATE 2
+
+extern union selinux_callback selinux_get_callback(int type);
+extern void selinux_set_callback(int type, union selinux_callback cb);
+
+ /* Logging type codes, passed to the logging callback */
+#define SELINUX_ERROR 0
+#define SELINUX_WARNING 1
+#define SELINUX_INFO 2
+#define SELINUX_AVC 3
+
+/* Compute an access decision. */
+extern int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+extern int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct av_decision *avd);
+
+/* Compute a labeling decision and set *newcon to refer to it.
+ Caller must free via freecon. */
+extern int security_compute_create(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_create_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+
+/* Compute a relabeling decision and set *newcon to refer to it.
+ Caller must free via freecon. */
+extern int security_compute_relabel(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_relabel_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+
+/* Compute a polyinstantiation member decision and set *newcon to refer to it.
+ Caller must free via freecon. */
+extern int security_compute_member(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+extern int security_compute_member_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon);
+
+/* Compute the set of reachable user contexts and set *con to refer to
+ the NULL-terminated array of contexts. Caller must free via freeconary. */
+extern int security_compute_user(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
+extern int security_compute_user_raw(security_context_t scon,
+ const char *username,
+ security_context_t ** con);
+
+/* Load a policy configuration. */
+extern int security_load_policy(void *data, size_t len);
+
+/* Get the context of an initial kernel security identifier by name.
+ Caller must free via freecon */
+extern int security_get_initial_context(const char *name,
+ security_context_t * con);
+extern int security_get_initial_context_raw(const char *name,
+ security_context_t * con);
+
+/*
+ * Make a policy image and load it.
+ * This function provides a higher level interface for loading policy
+ * than security_load_policy, internally determining the right policy
+ * version, locating and opening the policy file, mapping it into memory,
+ * manipulating it as needed for current boolean settings and/or local
+ * definitions, and then calling security_load_policy to load it.
+ *
+ * 'preservebools' is a boolean flag indicating whether current
+ * policy boolean values should be preserved into the new policy (if 1)
+ * or reset to the saved policy settings (if 0). The former case is the
+ * default for policy reloads, while the latter case is an option for policy
+ * reloads but is primarily for the initial policy load.
+ */
+extern int selinux_mkload_policy(int preservebools);
+
+/*
+ * Perform the initial policy load.
+ * This function determines the desired enforcing mode, sets the
+ * the *enforce argument accordingly for the caller to use, sets the
+ * SELinux kernel enforcing status to match it, and loads the policy.
+ * It also internally handles the initial selinuxfs mount required to
+ * perform these actions.
+ *
+ * The function returns 0 if everything including the policy load succeeds.
+ * In this case, init is expected to re-exec itself in order to transition
+ * to the proper security context.
+ * Otherwise, the function returns -1, and init must check *enforce to
+ * determine how to proceed. If enforcing (*enforce > 0), then init should
+ * halt the system. Otherwise, init may proceed normally without a re-exec.
+ */
+extern int selinux_init_load_policy(int *enforce);
+
+/* Translate boolean strict to name value pair. */
+typedef struct {
+ char *name;
+ int value;
+} SELboolean;
+/* save a list of booleans in a single transaction. */
+extern int security_set_boolean_list(size_t boolcnt,
+ SELboolean * boollist, int permanent);
+
+/* Load policy boolean settings.
+ Path may be NULL, in which case the booleans are loaded from
+ the active policy boolean configuration file. */
+extern int security_load_booleans(char *path);
+
+/* Check the validity of a security context. */
+extern int security_check_context(security_context_t con);
+extern int security_check_context_raw(security_context_t con);
+
+/* Canonicalize a security context. */
+extern int security_canonicalize_context(security_context_t con,
+ security_context_t * canoncon);
+extern int security_canonicalize_context_raw(security_context_t con,
+ security_context_t * canoncon);
+
+/* Get the enforce flag value. */
+extern int security_getenforce(void);
+
+/* Set the enforce flag value. */
+extern int security_setenforce(int value);
+
+/* Disable SELinux at runtime (must be done prior to initial policy load). */
+extern int security_disable(void);
+
+/* Get the policy version number. */
+extern int security_policyvers(void);
+
+/* Get the boolean names */
+extern int security_get_boolean_names(char ***names, int *len);
+
+/* Get the pending value for the boolean */
+extern int security_get_boolean_pending(const char *name);
+
+/* Get the active value for the boolean */
+extern int security_get_boolean_active(const char *name);
+
+/* Set the pending value for the boolean */
+extern int security_set_boolean(const char *name, int value);
+
+/* Commit the pending values for the booleans */
+extern int security_commit_booleans(void);
+
+/* Userspace class mapping support */
+struct security_class_mapping {
+ const char *name;
+ const char *perms[sizeof(access_vector_t) * 8 + 1];
+};
+
+int selinux_set_mapping(struct security_class_mapping *map);
+
+/* Common helpers */
+
+/* Convert between security class values and string names */
+extern security_class_t string_to_security_class(const char *name);
+extern const char *security_class_to_string(security_class_t cls);
+
+/* Convert between individual access vector permissions and string names */
+extern const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t perm);
+extern access_vector_t string_to_av_perm(security_class_t tclass,
+ const char *name);
+
+/* Returns an access vector in a string representation. User must free the
+ * returned string via free(). */
+extern int security_av_string(security_class_t tclass,
+ access_vector_t av, char **result);
+
+/* Display an access vector in a string representation. */
+extern void print_access_vector(security_class_t tclass, access_vector_t av);
+
+/* Set the function used by matchpathcon_init when displaying
+ errors about the file_contexts configuration. If not set,
+ then this defaults to fprintf(stderr, fmt, ...). */
+extern void set_matchpathcon_printf(void (*f) (const char *fmt, ...));
+
+/* Set the function used by matchpathcon_init when checking the
+ validity of a context in the file contexts configuration. If not set,
+ then this defaults to a test based on security_check_context().
+ The function is also responsible for reporting any such error, and
+ may include the 'path' and 'lineno' in such error messages. */
+extern void set_matchpathcon_invalidcon(int (*f) (const char *path,
+ unsigned lineno,
+ char *context));
+
+/* Same as above, but also allows canonicalization of the context,
+ by changing *context to refer to the canonical form. If not set,
+ and invalidcon is also not set, then this defaults to calling
+ security_canonicalize_context(). */
+extern void set_matchpathcon_canoncon(int (*f) (const char *path,
+ unsigned lineno,
+ char **context));
+
+/* Set flags controlling operation of matchpathcon_init or matchpathcon. */
+#define MATCHPATHCON_BASEONLY 1 /* Only process the base file_contexts file. */
+#define MATCHPATHCON_NOTRANS 2 /* Do not perform any context translation. */
+#define MATCHPATHCON_VALIDATE 4 /* Validate/canonicalize contexts at init time. */
+extern void set_matchpathcon_flags(unsigned int flags);
+
+/* Load the file contexts configuration specified by 'path'
+ into memory for use by subsequent matchpathcon calls.
+ If 'path' is NULL, then load the active file contexts configuration,
+ i.e. the path returned by selinux_file_context_path().
+ Unless the MATCHPATHCON_BASEONLY flag has been set, this
+ function also checks for a 'path'.homedirs file and
+ a 'path'.local file and loads additional specifications
+ from them if present. */
+extern int matchpathcon_init(const char *path);
+
+/* Same as matchpathcon_init, but only load entries with
+ regexes that have stems that are prefixes of 'prefix'. */
+extern int matchpathcon_init_prefix(const char *path, const char *prefix);
+
+/* Free the memory allocated by matchpathcon_init. */
+extern void matchpathcon_fini(void);
+
+/* Match the specified pathname and mode against the file contexts
+ configuration and set *con to refer to the resulting context.
+ 'mode' can be 0 to disable mode matching.
+ Caller must free via freecon.
+ If matchpathcon_init has not already been called, then this function
+ will call it upon its first invocation with a NULL path. */
+extern int matchpathcon(const char *path,
+ mode_t mode, security_context_t * con);
+
+/* Same as above, but return a specification index for
+ later use in a matchpathcon_filespec_add() call - see below. */
+extern int matchpathcon_index(const char *path,
+ mode_t mode, security_context_t * con);
+
+/* Maintain an association between an inode and a specification index,
+ and check whether a conflicting specification is already associated
+ with the same inode (e.g. due to multiple hard links). If so, then
+ use the latter of the two specifications based on their order in the
+ file contexts configuration. Return the used specification index. */
+extern int matchpathcon_filespec_add(ino_t ino, int specind, const char *file);
+
+/* Destroy any inode associations that have been added, e.g. to restart
+ for a new filesystem. */
+extern void matchpathcon_filespec_destroy(void);
+
+/* Display statistics on the hash table usage for the associations. */
+extern void matchpathcon_filespec_eval(void);
+
+/* Check to see whether any specifications had no matches and report them.
+ The 'str' is used as a prefix for any warning messages. */
+extern void matchpathcon_checkmatches(char *str);
+
+/* Match the specified media and against the media contexts
+ configuration and set *con to refer to the resulting context.
+ Caller must free con via freecon. */
+extern int matchmediacon(const char *media, security_context_t * con);
+
+/*
+ selinux_getenforcemode reads the /etc/selinux/config file and determines
+ whether the machine should be started in enforcing (1), permissive (0) or
+ disabled (-1) mode.
+ */
+extern int selinux_getenforcemode(int *enforce);
+
+/*
+ selinux_getpolicytype reads the /etc/selinux/config file and determines
+ what the default policy for the machine is. Calling application must
+ free policytype.
+ */
+extern int selinux_getpolicytype(char **policytype);
+
+/*
+ selinux_policy_root reads the /etc/selinux/config file and returns
+ the directory path under which the compiled policy file and context
+ configuration files exist.
+ */
+extern const char *selinux_policy_root(void);
+
+/* These functions return the paths to specific files under the
+ policy root directory. */
+extern const char *selinux_binary_policy_path(void);
+extern const char *selinux_failsafe_context_path(void);
+extern const char *selinux_removable_context_path(void);
+extern const char *selinux_default_context_path(void);
+extern const char *selinux_user_contexts_path(void);
+extern const char *selinux_file_context_path(void);
+extern const char *selinux_file_context_homedir_path(void);
+extern const char *selinux_file_context_local_path(void);
+extern const char *selinux_homedir_context_path(void);
+extern const char *selinux_media_context_path(void);
+extern const char *selinux_x_context_path(void);
+extern const char *selinux_contexts_path(void);
+extern const char *selinux_securetty_types_path(void);
+extern const char *selinux_booleans_path(void);
+extern const char *selinux_customizable_types_path(void);
+extern const char *selinux_users_path(void);
+extern const char *selinux_usersconf_path(void);
+extern const char *selinux_translations_path(void);
+extern const char *selinux_netfilter_context_path(void);
+extern const char *selinux_path(void);
+
+/* Check a permission in the passwd class.
+ Return 0 if granted or -1 otherwise. */
+extern int selinux_check_passwd_access(access_vector_t requested);
+extern int checkPasswdAccess(access_vector_t requested);
+
+/* Check if the tty_context is defined as a securetty
+ Return 0 if secure, < 0 otherwise. */
+extern int selinux_check_securetty_context(security_context_t tty_context);
+
+/* Set the path to the selinuxfs mount point explicitly.
+ Normally, this is determined automatically during libselinux
+ initialization, but this is not always possible, e.g. for /sbin/init
+ which performs the initial mount of selinuxfs. */
+void set_selinuxmnt(char *mnt);
+
+/* Execute a helper for rpm in an appropriate security context. */
+extern int rpm_execcon(unsigned int verified,
+ const char *filename,
+ char *const argv[], char *const envp[]);
+
+/* Returns whether a file context is customizable, and should not
+ be relabeled . */
+extern int is_context_customizable(security_context_t scontext);
+
+/* Perform context translation between the human-readable format
+ ("translated") and the internal system format ("raw").
+ Caller must free the resulting context via freecon.
+ Returns -1 upon an error or 0 otherwise.
+ If passed NULL, sets the returned context to NULL and returns 0. */
+extern int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp);
+extern int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp);
+
+/* Get the SELinux username and level to use for a given Linux username.
+ These values may then be passed into the get_ordered_context_list*
+ and get_default_context* functions to obtain a context for the user.
+ Returns 0 on success or -1 otherwise.
+ Caller must free the returned strings via free. */
+extern int getseuserbyname(const char *linuxuser, char **seuser, char **level);
+
+/* Compare two file contexts, return 0 if equivalent. */
+int selinux_file_context_cmp(const security_context_t a,
+ const security_context_t b);
+
+/*
+ * Verify the context of the file 'path' against policy.
+ * Return 0 if correct.
+ */
+int selinux_file_context_verify(const char *path, mode_t mode);
+
+/* This function sets the file context on to the system defaults returns 0 on success */
+int selinux_lsetfilecon_default(const char *path);
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/libselinux/man/Makefile b/libselinux/man/Makefile
new file mode 100644
index 0000000..984b6af
--- /dev/null
+++ b/libselinux/man/Makefile
@@ -0,0 +1,13 @@
+# Installation directories.
+MAN8DIR ?= $(DESTDIR)/usr/share/man/man8
+MAN5DIR ?= $(DESTDIR)/usr/share/man/man5
+MAN3DIR ?= $(DESTDIR)/usr/share/man/man3
+
+install:
+ mkdir -p $(MAN3DIR)
+ mkdir -p $(MAN5DIR)
+ mkdir -p $(MAN8DIR)
+ install -m 644 man3/*.3 $(MAN3DIR)
+ install -m 644 man5/*.5 $(MAN5DIR)
+ install -m 644 man8/*.8 $(MAN8DIR)
+
diff --git a/libselinux/man/man3/avc_add_callback.3 b/libselinux/man/man3/avc_add_callback.3
new file mode 100644
index 0000000..9c83cac
--- /dev/null
+++ b/libselinux/man/man3/avc_add_callback.3
@@ -0,0 +1,184 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_add_callback" "3" "9 June 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_add_callback \- additional event notification for SELinux userspace object managers.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_add_callback(int (*" callback ")(uint32_t " event ,
+.in +\w'int avc_add_callback(int (*callback)('u
+.BI "security_id_t " ssid ,
+
+.BI "security_id_t " tsid ,
+
+.BI "security_class_t " tclass ,
+
+.BI "access_vector_t " perms ,
+
+.BI "access_vector_t *" out_retained "),"
+.in
+.in +\w'int avc_add_callback('u
+.BI "uint32_t " events ", security_id_t " ssid ,
+
+.BI "security_id_t " tsid ", security_class_t " tclass ,
+
+.BI "access_vector_t " perms ");"
+.in
+.SH "DESCRIPTION"
+.B avc_add_callback
+is used to register callback functions on security events. The purpose of this functionality is to allow userspace object managers to take additional action when a policy change, usually a policy reload, causes permissions to be granted or revoked.
+
+.I events
+is the
+.RI bitwise- or
+of security events on which to register the callback; see
+.B SECURITY EVENTS
+below.
+
+.IR ssid ,
+.IR tsid ,
+.IR tclass ,
+and
+.I perms
+specify the source and target SID's, target class, and specific permissions that the callback wishes to monitor. The special symbol
+.B SECSID_WILD
+may be passed as the
+.I source
+or
+.I target
+and will cause any SID to match.
+
+.I callback
+is the callback function provided by the userspace object manager. The
+.I event
+argument indicates the security event which occured; the remaining arguments are interpreted according to the event as described below. The return value of the callback should be zero on success, \-1 on error with errno set appropriately (but see
+.B RETURN VALUE
+below).
+
+.SH "SECURITY EVENTS"
+In all cases below,
+.I ssid
+and/or
+.I tsid
+may be set to
+.BR SECSID_WILD ,
+indicating that the change applies to all source and/or target SID's. Unless otherwise indicated, the
+.I out_retained
+parameter is unused.
+
+.TP
+.B AVC_CALLBACK_GRANT
+Previously denied permissions are now granted for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.I perms
+indicates the permissions to grant.
+.TP
+.B AVC_CALLBACK_TRY_REVOKE
+Previously granted permissions are now conditionally revoked for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.I perms
+indicates the permissions to revoke. The callback should set
+.I out_retained
+to the subset of
+.I perms
+which are retained as migrated permissions. Note that
+.I out_retained
+is ignored if the callback returns \-1.
+.TP
+.B AVC_CALLBACK_REVOKE
+Previously granted permissions are now unconditionally revoked for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.I perms
+indicates the permissions to revoke.
+.TP
+.B AVC_CALLBACK_RESET
+Indicates that the cache was flushed. The SID, class, and permission arguments are unused and are set to NULL.
+.TP
+.B AVC_CALLBACK_AUDITALLOW_ENABLE
+The permissions given by
+.I perms
+should now be audited when granted for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.TP
+.B AVC_CALLBACK_AUDITALLOW_DISABLE
+The permissions given by
+.I perms
+should no longer be audited when granted for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.TP
+.B AVC_CALLBACK_AUDITDENY_ENABLE
+The permissions given by
+.I perms
+should now be audited when denied for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+.TP
+.B AVC_CALLBACK_AUDITDENY_DISABLE
+The permissions given by
+.I perms
+should no longer be audited when denied for
+.IR ssid ,
+.I tsid
+with respect to
+.IR tclass .
+
+.SH "RETURN VALUE"
+On success,
+.B avc_add_callback
+returns zero. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+A return value of \-1 from a callback is interpreted as a failed policy operation. If such a return value is encountered, all remaining callbacks registered on the event are called. In threaded mode, the netlink handler thread may then terminate and cause the userspace AVC to return
+.B EINVAL
+on all further permission checks until
+.BR avc_destroy (3)
+is called. In non-threaded mode, the permission check on which the error occurred will return \-1 and the value of
+.I errno
+encountered to the caller. In both cases, a log message is produced and the kernel may be notified of the error.
+
+.SH "ERRORS"
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "NOTES"
+If the userspace AVC is running in threaded mode, callbacks registered via
+.B avc_add_callback
+may be executed in the context of the netlink handler thread. This will likely introduce synchronization issues requiring the use of locks. See
+.BR avc_init (3).
+
+Support for dynamic revocation and retained permissions is mostly unimplemented in the SELinux kernel module. The only security event that currently gets excercised is
+.BR AVC_CALLBACK_RESET .
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR security_compute_av (3)
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_audit.3 b/libselinux/man/man3/avc_audit.3
new file mode 100644
index 0000000..3caf27b
--- /dev/null
+++ b/libselinux/man/man3/avc_audit.3
@@ -0,0 +1 @@
+.so man3/avc_has_perm.3
diff --git a/libselinux/man/man3/avc_av_stats.3 b/libselinux/man/man3/avc_av_stats.3
new file mode 100644
index 0000000..6732dc1
--- /dev/null
+++ b/libselinux/man/man3/avc_av_stats.3
@@ -0,0 +1 @@
+.so man3/avc_cache_stats.3
diff --git a/libselinux/man/man3/avc_cache_stats.3 b/libselinux/man/man3/avc_cache_stats.3
new file mode 100644
index 0000000..96f2b21
--- /dev/null
+++ b/libselinux/man/man3/avc_cache_stats.3
@@ -0,0 +1,99 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_cache_stats" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_cache_stats, avc_av_stats, avc_sid_stats \- obtain userspace SELinux AVC statistics.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "void avc_av_stats(void);"
+.sp
+.BI "void avc_sid_stats(void);"
+.sp
+.BI "void avc_cache_stats(struct avc_cache_stats *" stats ");"
+.SH "DESCRIPTION"
+The userspace AVC maintains two internal hash tables, one to store security ID's and one to cache access decisions.
+
+.B avc_av_stats
+and
+.B avc_sid_stats
+produce log messages indicating the status of the access decision and SID tables, respectively. The messages contain the number of entries in the table, number of hash buckets and number of buckets used, and maximum number of entries in a single bucket.
+
+.B avc_cache_stats
+populates a structure whose fields reflect cache activity:
+
+.RS
+.ta 4n 14n
+.nf
+struct avc_cache_stats {
+ unsigned entry_lookups;
+ unsigned entry_hits;
+ unsigned entry_misses;
+ unsigned entry_discards;
+ unsigned cav_lookups;
+ unsigned cav_hits;
+ unsigned cav_probes;
+ unsigned cav_misses;
+};
+.fi
+.ta
+.RE
+
+.TP
+.I entry_lookups
+Number of queries made.
+.TP
+.I entry_hits
+Number of times a decision was found in the
+.I aeref
+argument.
+.TP
+.I entry_misses
+Number of times a decision was not found in the
+.I aeref
+argument.
+.TP
+.I entry_discards
+Number of times a decision was not found in the
+.I aeref
+argument and the
+.I aeref
+argument was non-NULL.
+.TP
+.I cav_lookups
+Number of cache lookups.
+.TP
+.I cav_hits
+Number of cache hits.
+.TP
+.I cav_misses
+Number of cache misses.
+.TP
+.I cav_probes
+Number of entries examined while searching the cache.
+
+.SH "NOTES"
+When the cache is flushed as a result of a call to
+.B avc_reset
+or a policy change notification,
+the statistics returned by
+.B avc_cache_stats
+are reset to zero. The SID table, however, is left
+unchanged.
+
+When a policy change notification is received, a call to
+.B avc_av_stats
+is made before the cache is flushed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_add_callback (3)
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_cleanup.3 b/libselinux/man/man3/avc_cleanup.3
new file mode 100644
index 0000000..ca549ae
--- /dev/null
+++ b/libselinux/man/man3/avc_cleanup.3
@@ -0,0 +1 @@
+.so man3/avc_open.3
diff --git a/libselinux/man/man3/avc_compute_create.3 b/libselinux/man/man3/avc_compute_create.3
new file mode 100644
index 0000000..f102cc9
--- /dev/null
+++ b/libselinux/man/man3/avc_compute_create.3
@@ -0,0 +1,68 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "avc_compute_create" "3" "30 Mar 2007" "" "SELinux API documentation"
+.SH "NAME"
+avc_compute_create, avc_compute_member \- obtain SELinux label for new object.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_compute_create(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_compute_create('u
+.BI "security_class_t " tclass ", security_id_t *" newsid ");"
+.sp
+.in
+.BI "int avc_compute_member(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_compute_member('u
+.BI "security_class_t " tclass ", security_id_t *" newsid ");"
+.in
+.SH "DESCRIPTION"
+.B avc_compute_create
+is used to compute a SID to use for labeling a new object in a particular class based on a SID pair. This call is identical to
+.BR security_compute_create ,
+but does not require converting from userspace SID's to contexts and back again.
+
+.B avc_compute_member
+is used to compute a SID to use for labeling a polyinstantiated object instance of a particular class based on a SID pair. This call is identical to
+.BR security_compute_member ,
+but does not require converting from userspace SID's to contexts and back again.
+
+These functions
+return a SID for the computed context in the memory referenced by
+.IR sid ,
+incrementing its reference count by 1.
+
+.SH "RETURN VALUE"
+On success, zero is returned. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+The
+.I tclass
+and/or the security contexts referenced by
+.I ssid
+and
+.I tsid
+are not recognized by the currently loaded policy, or
+.I tsid
+or
+.I ssid
+has a zero reference count and is invalid.
+
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_context_to_sid (3),
+.BR security_compute_create (3),
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_compute_member.3 b/libselinux/man/man3/avc_compute_member.3
new file mode 100644
index 0000000..28307ce
--- /dev/null
+++ b/libselinux/man/man3/avc_compute_member.3
@@ -0,0 +1 @@
+.so man3/avc_compute_create.3
diff --git a/libselinux/man/man3/avc_context_to_sid.3 b/libselinux/man/man3/avc_context_to_sid.3
new file mode 100644
index 0000000..41a486d
--- /dev/null
+++ b/libselinux/man/man3/avc_context_to_sid.3
@@ -0,0 +1,98 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_context_to_sid" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_context_to_sid(security_context_t " ctx ", security_id_t *" sid ");"
+.sp
+.BI "int avc_sid_to_context(security_id_t " sid ", security_context_t *" ctx ");"
+.sp
+.BI "int sidget(security_id_t " sid ");"
+.sp
+.BI "int sidput(security_id_t " sid ");"
+.sp
+.BI "int avc_get_initial_sid(const char *" name ", security_id_t *" sid ");"
+.sp
+.SH "DESCRIPTION"
+Security ID's (SID's) are reference-counted, opaque representations of security contexts.
+
+.B avc_context_to_sid
+returns a SID for the given
+.I context
+in the memory referenced by
+.IR sid ,
+incrementing its reference count by 1.
+
+.B avc_sid_to_context
+returns a copy of the context represented by
+.I sid
+in the memory referenced by
+.IR ctx .
+The user must free the copy with
+.BR freecon (3).
+
+.B sidget
+increments the reference count of
+.I sid
+by 1.
+
+.B sidput
+decrements the reference count of
+.I sid
+by 1. If the count ever reaches zero, the SID becomes
+invalid and must not be used any further.
+
+.B avc_get_initial_sid
+returns a SID for the kernel initial security identifier specified by
+.I name
+
+.SH "RETURN VALUE"
+.B sidget
+and
+.B sidput
+return the new reference count. A return value of zero indicates
+an invalid SID.
+
+.B avc_context_to_sid
+and
+.B avc_sid_to_context
+return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+The provided
+.I sid
+has a zero reference count and is invalid.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "NOTES"
+The expected usage pattern for these functions is that
+.B avc_context_to_sid
+will be called once to obtain a SID for a newly created object,
+.B sidget
+will be called on a SID when its object is duplicated, and
+.B sidput
+will be called on a SID when its object is destroyed. Proper reference counting is necessary to ensure that SID's and associated cache entries are reclaimed from memory when no longer needed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_has_perm (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR getcon (3),
+.BR freecon (3)
+.BR selinux (8)
diff --git a/libselinux/man/man3/avc_destroy.3 b/libselinux/man/man3/avc_destroy.3
new file mode 100644
index 0000000..ca549ae
--- /dev/null
+++ b/libselinux/man/man3/avc_destroy.3
@@ -0,0 +1 @@
+.so man3/avc_open.3
diff --git a/libselinux/man/man3/avc_entry_ref_init.3 b/libselinux/man/man3/avc_entry_ref_init.3
new file mode 100644
index 0000000..3caf27b
--- /dev/null
+++ b/libselinux/man/man3/avc_entry_ref_init.3
@@ -0,0 +1 @@
+.so man3/avc_has_perm.3
diff --git a/libselinux/man/man3/avc_get_initial_context.3 b/libselinux/man/man3/avc_get_initial_context.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/avc_get_initial_context.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/avc_has_perm.3 b/libselinux/man/man3/avc_has_perm.3
new file mode 100644
index 0000000..50f4d44
--- /dev/null
+++ b/libselinux/man/man3/avc_has_perm.3
@@ -0,0 +1,155 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_has_perm" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_has_perm, avc_has_perm_noaudit, avc_audit, avc_entry_ref_init \- obtain and audit SELinux access decisions.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "void avc_entry_ref_init(struct avc_entry_ref *" aeref ");"
+.sp
+.BI "int avc_has_perm(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_has_perm('u
+.BI "security_class_t " tclass ", access_vector_t " requested ,
+
+.BI "struct avc_entry_ref *" aeref ", void *" auditdata ");"
+.in
+.sp
+.BI "int avc_has_perm_noaudit(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'int avc_has_perm('u
+.BI "security_class_t " tclass ", access_vector_t " requested ,
+
+.BI "struct avc_entry_ref *" aeref ", struct av_decision *" avd ");"
+.in
+.sp
+.BI "void avc_audit(security_id_t " ssid ", security_id_t " tsid ,
+.in +\w'void avc_audit('u
+.BI "security_class_t " tclass ", access_vector_t " requested ,
+
+.BI "struct av_decision *" avd ", int " result ", void *" auditdata ");"
+.in
+.SH "DESCRIPTION"
+.B avc_entry_ref_init
+initializes an
+.B avc_entry_ref
+structure; see
+.B ENTRY REFERENCES
+below. This function may be implemented as a macro.
+
+.B avc_has_perm
+checks whether the
+.I requested
+permissions are granted
+for subject SID
+.IR ssid
+and target SID
+.IR tsid ,
+interpreting the permissions
+based on
+.I tclass
+and updating
+.IR aeref ,
+if non-NULL, to refer to a cache entry with the resulting decision. The granting or denial of permissions is audited in accordance with the policy. The
+.I auditdata
+parameter is for supplemental auditing; see
+.B avc_audit
+below.
+
+.B avc_has_perm_noaudit
+behaves as
+.B avc_has_perm
+without producing an audit message. The access decision is returned in
+.I avd
+and can be passed to
+.B avc_audit
+explicitly.
+
+.B avc_audit
+produces an audit message for the access query represented by
+.IR ssid ,
+.IR tsid ,
+.IR tclass ,
+and
+.IR requested ,
+with a decision represented by
+.IR avd .
+Pass the value returned by
+.B avc_has_perm_noaudit
+as
+.IR result .
+The
+.I auditdata
+parameter is passed to the user-supplied
+.B func_audit
+callback and can be used to add supplemental information to the audit message; see
+.BR avc_init (3).
+
+.SH "ENTRY REFERENCES"
+Entry references can be used to speed cache performance for repeated queries on the same subject and target. The userspace AVC will check the
+.I aeref
+argument, if supplied, before searching the cache on a permission query. After a query is performed,
+.I aeref
+will be updated to reference the cache entry for that query. A subsequent query on the same subject and target will then have the decision at hand without having to walk the cache.
+
+After declaring an
+.B avc_entry_ref
+structure, use
+.B avc_entry_ref_init
+to initialize it before passing it to
+.B avc_has_perm
+or
+.B avc_has_perm_noaudit
+for the first time.
+Using an uninitialized structure will produce undefined behavior.
+
+.SH "RETURN VALUE"
+If requested permissions are granted, zero is returned. If requested permissions are denied or an error occured, \-1 is returned and
+.I errno
+is set appropriately.
+
+In permissive mode, zero will be returned and
+.I errno
+unchanged even if permissions were denied.
+.B avc_has_perm
+will still produce an audit message in this case.
+
+.SH "ERRORS"
+.TP
+.B EACCES
+A requested permission was denied.
+.TP
+.B EINVAL
+The
+.I tclass
+and/or the security contexts referenced by
+.I ssid
+and
+.I tsid
+are not recognized by the currently loaded policy.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "NOTES"
+Internal errors encountered by the userspace AVC may cause certain values of
+.I errno
+to be returned unexpectedly. For example, netlink socket errors may produce
+.B EACCES
+or
+.BR EINVAL .
+Make sure that userspace object managers are granted appropriate access to
+netlink by the policy.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_init (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR security_compute_av (3)
+.BR selinux(8)
diff --git a/libselinux/man/man3/avc_has_perm_noaudit.3 b/libselinux/man/man3/avc_has_perm_noaudit.3
new file mode 100644
index 0000000..3caf27b
--- /dev/null
+++ b/libselinux/man/man3/avc_has_perm_noaudit.3
@@ -0,0 +1 @@
+.so man3/avc_has_perm.3
diff --git a/libselinux/man/man3/avc_init.3 b/libselinux/man/man3/avc_init.3
new file mode 100644
index 0000000..331a665
--- /dev/null
+++ b/libselinux/man/man3/avc_init.3
@@ -0,0 +1,195 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2004
+.TH "avc_init" "3" "27 May 2004" "" "SELinux API documentation"
+.SH "NAME"
+avc_init - legacy userspace SELinux AVC setup.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_init(const char *" msgprefix ,
+.in +\w'int avc_init('u
+.BI "const struct avc_memory_callback *" mem_callbacks ,
+
+.BI "const struct avc_log_callback *" log_callbacks ,
+
+.BI "const struct avc_thread_callback *" thread_callbacks ,
+
+.BI "const struct avc_lock_callback *" lock_callbacks ");"
+.SH "DESCRIPTION"
+.B avc_init
+is deprecated; please use
+.BR avc_open (3)
+in conjunction with
+.BR selinux_set_callback (3)
+in all new code.
+
+.B avc_init
+initializes the userspace AVC and must be called before any other AVC operation can be performed. A non-NULL
+.I msgprefix
+will be prepended to all audit messages produced by the userspace AVC. The default is `uavc'. The remaining arguments, if non-NULL, specify callbacks to be used by the userspace AVC.
+
+.SH "CALLBACKS"
+The userspace AVC can be directed how to perform memory allocation, logging, thread creation, and locking via callback functions passed to
+.BR avc_init .
+The purpose of this functionality is to allow the userspace AVC to be smoothly integrated into existing userspace object managers.
+
+Use an
+.B avc_memory_callback
+structure to specify alternate functions for dynamic memory allocation.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_memory_callback {
+ void *(*func_malloc)(size_t size);
+ void (*func_free)(void *ptr);
+};
+.fi
+.ta
+.RE
+
+The two fields of the structure should be pointers to functions which behave as
+.BR malloc (3)
+and
+.BR free (3),
+which are used by default.
+
+Use an
+.B avc_log_callback
+structure to specify alternate functions for logging.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_log_callback {
+ void (*func_log)(const char *fmt, ...);
+ void (*func_audit)(void *auditdata,
+ security_class_t class,
+ char *msgbuf, size_t msgbufsize);
+};
+.fi
+.ta
+.RE
+
+The
+.B func_log
+callback should accept a
+.BR printf (3)
+style format and arguments and log them as desired. The default behavior prints the message on the standard error. The
+.B func_audit
+callback should interpret the
+.I auditdata
+parameter for the given
+.IR class ,
+printing a human-readable interpretation to
+.I msgbuf
+using no more than
+.I msgbufsize
+characters. The default behavior is to ignore
+.IR auditdata .
+
+Use an
+.B avc_thread_callback
+structure to specify functions for starting and manipulating threads.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_thread_callback {
+ void *(*func_create_thread)(void (*run)(void));
+ void (*func_stop_thread)(void *thread);
+};
+.fi
+.ta
+.RE
+
+The
+.B func_create_thread
+callback should create a new thread and return a pointer which references it. The thread should execute the
+.I run
+argument, which does not return under normal conditions. The
+.B func_stop_thread
+callback should cancel the running thread referenced by
+.IR thread .
+By default, threading is not used; see
+.B NETLINK NOTIFICATION
+below.
+
+Use an
+.B avc_lock_callback
+structure to specify functions to create, obtain, and release locks for use by threads.
+
+.RS
+.ta 4n 10n 24n
+.nf
+struct avc_lock_callback {
+ void *(*func_alloc_lock)(void);
+ void (*func_get_lock)(void *lock);
+ void (*func_release_lock)(void *lock);
+ void (*func_free_lock)(void *lock);
+};
+.fi
+.ta
+.RE
+
+The
+.B func_alloc_lock
+callback should create a new lock, returning a pointer which references it. The
+.B func_get_lock
+callback should obtain
+.IR lock ,
+blocking if necessary. The
+.B func_release_lock
+callback should release
+.IR lock .
+The
+.B func_free_lock
+callback should destroy
+.IR lock ,
+freeing any resources associated with it. The default behavior is not to perform any locking. Note that undefined behavior may result if threading is used without appropriate locking.
+
+.SH "NETLINK NOTIFICATION"
+Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification via netlink. Two message types are currently implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively. The userspace AVC listens for these messages and takes the appropriate action, modifying the behavior of
+.BR avc_has_perm (3)
+to reflect the current enforcing mode and flushing the cache on receipt of a policy load notification. Audit messages are produced when netlink notifications are processed.
+
+In the default single-threaded mode, the userspace AVC checks for new netlink messages at the start of each permission query. If threading and locking callbacks are passed to
+.B avc_init
+however, a dedicated thread will be started to listen on the netlink socket. This may increase performance and will ensure that log messages are generated immediately rather than at the time of the next permission query.
+
+.SH "RETURN VALUE"
+Functions with a return value return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "NOTES"
+The
+.I msgprefix
+argument to
+.B avc_init
+currently has a length limit of 15 characters and will be truncated if necessary.
+
+If a provided
+.B func_malloc
+callback does not set
+.I errno
+appropriately on error, userspace AVC calls may exhibit the
+same behavior.
+
+If a netlink thread has been created and an error occurs on the socket (such as an access error), the thread may terminate and cause the userspace AVC to return
+.B EINVAL
+on all further permission checks until
+.B avc_destroy
+is called.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_open (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/avc_open.3 b/libselinux/man/man3/avc_open.3
new file mode 100644
index 0000000..9019085
--- /dev/null
+++ b/libselinux/man/man3/avc_open.3
@@ -0,0 +1,70 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2008
+.TH "avc_open" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+avc_open, avc_destroy, avc_reset, avc_cleanup \- userspace SELinux AVC setup and teardown.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/avc.h>
+.sp
+.BI "int avc_open(struct selinux_opt *" options ", unsigned " nopt ");"
+.sp
+.BI "void avc_destroy(void);"
+.sp
+.BI "int avc_reset(void);"
+.sp
+.BI "void avc_cleanup(void);"
+.SH "DESCRIPTION"
+.B avc_open
+initializes the userspace AVC and must be called before any other AVC operation can be performed.
+
+.B avc_destroy
+destroys the userspace AVC, freeing all internal memory structures. After this call has been made,
+.B avc_open
+must be called again before any AVC operations can be performed.
+
+.B avc_reset
+flushes the userspace AVC, causing it to forget any cached access decisions. The userspace AVC normally calls this function automatically when needed, see
+.B NETLINK NOTIFICATION
+below.
+
+.B avc_cleanup
+forces the userspace AVC to search for and free all unused SID's and any access decision entries that refer to them. Normally, the userspace AVC lazily reclaims unused SID's.
+
+.SH "OPTIONS"
+The userspace AVC obeys callbacks set via
+.BR selinux_set_callback (3),
+in particular the logging and audit callbacks.
+
+The options which may be passed to
+.B avc_open
+include the following:
+
+.TP
+.B AVC_OPT_SETENFORCE
+This option forces the userspace AVC into enforcing mode if the option value is non-NULL; permissive mode otherwise. The system enforcing mode will be ignored.
+
+.SH "NETLINK NOTIFICATION"
+Beginning with version 2.6.4, the Linux kernel supports SELinux status change notification via netlink. Two message types are currently implemented, indicating changes to the enforcing mode and to the loaded policy in the kernel, respectively. The userspace AVC listens for these messages and takes the appropriate action, modifying the behavior of
+.BR avc_has_perm (3)
+to reflect the current enforcing mode and flushing the cache on receipt of a policy load notification. Audit messages are produced when netlink notifications are processed.
+
+.SH "RETURN VALUE"
+Functions with a return value return zero on success. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selinux (8),
+.BR avc_has_perm (3),
+.BR avc_context_to_sid (3),
+.BR avc_cache_stats (3),
+.BR avc_add_callback (3),
+.BR selinux_set_callback (3),
+.BR security_compute_av (3)
+
diff --git a/libselinux/man/man3/avc_reset.3 b/libselinux/man/man3/avc_reset.3
new file mode 100644
index 0000000..ca549ae
--- /dev/null
+++ b/libselinux/man/man3/avc_reset.3
@@ -0,0 +1 @@
+.so man3/avc_open.3
diff --git a/libselinux/man/man3/avc_sid_stats.3 b/libselinux/man/man3/avc_sid_stats.3
new file mode 100644
index 0000000..6732dc1
--- /dev/null
+++ b/libselinux/man/man3/avc_sid_stats.3
@@ -0,0 +1 @@
+.so man3/avc_cache_stats.3
diff --git a/libselinux/man/man3/avc_sid_to_context.3 b/libselinux/man/man3/avc_sid_to_context.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/avc_sid_to_context.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/checkPasswdAccess.3 b/libselinux/man/man3/checkPasswdAccess.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/checkPasswdAccess.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/context_free.3 b/libselinux/man/man3/context_free.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_free.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_new.3 b/libselinux/man/man3/context_new.3
new file mode 100644
index 0000000..f36bd25
--- /dev/null
+++ b/libselinux/man/man3/context_new.3
@@ -0,0 +1,61 @@
+.TH "context_new" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+context_new, context_str, context_free, context_type_get, context_type_set, context_range_get, context_range_set,context_role_get, context_role_set, context_user_get, context_user_set \- Routines to manipulate SELinux security contexts
+
+.SH "SYNOPSIS"
+.B #include <selinux/context.h>
+
+.B "context_t context_new(const char *" context_str );
+
+.B "const char * context_str(context_t " con );
+
+.B "void context_free(context_t " con );
+
+.B "const char * context_type_get(context_t " con );
+
+.B "const char * context_range_get(context_t " con );
+
+.B "const char * context_role_get(context_t " con );
+
+.B "const char * context_user_get(context_t " con );
+
+.B "const char * context_type_set(context_t " con ", const char* " type);
+
+.B "const char * context_range_set(context_t " con ", const char* " range);
+
+.B "const char * context_role_set(context_t " con ", const char* " role );
+
+.B "const char * context_user_set(context_t " con ", const char* " user );
+
+.SH "DESCRIPTION"
+These functions allow an application to manipulate the fields of a
+security context string without requiring it to know the format of the
+string.
+
+context_new
+ Return a new context initialized to a context string
+
+context_str
+Return a pointer to the string value of the context_t
+Valid until the next call to context_str or context_free
+for the same context_t*
+
+context_free
+Free the storage used by a context
+
+context_type_get, context_range_get, context_role_get, context_user_get
+Get a pointer to the string value of a context component
+
+NOTE: Values returned by the get functions are only valid until the next call
+to a set function or context_free() for the same context_t structure.
+
+context_type_set, context_range_set, context_role_set, context_user_set
+Set a context component
+
+.SH "RETURN VALUE"
+On success, zero is returned. On failure, -1 is returned and errno is
+set appropriately.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/context_range_get.3 b/libselinux/man/man3/context_range_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_range_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_range_set.3 b/libselinux/man/man3/context_range_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_range_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_role_get.3 b/libselinux/man/man3/context_role_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_role_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_role_set.3 b/libselinux/man/man3/context_role_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_role_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_type_get.3 b/libselinux/man/man3/context_type_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_type_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_type_set.3 b/libselinux/man/man3/context_type_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_type_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_user_get.3 b/libselinux/man/man3/context_user_get.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_user_get.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/context_user_set.3 b/libselinux/man/man3/context_user_set.3
new file mode 100644
index 0000000..f4f03a6
--- /dev/null
+++ b/libselinux/man/man3/context_user_set.3
@@ -0,0 +1 @@
+.so man3/context_new.3
diff --git a/libselinux/man/man3/freecon.3 b/libselinux/man/man3/freecon.3
new file mode 100644
index 0000000..055ccc8
--- /dev/null
+++ b/libselinux/man/man3/freecon.3
@@ -0,0 +1,25 @@
+.TH "freecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+freecon, freeconary \- free memory associated with SELinux security contexts.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "void freecon(security_context_t "con );
+
+.BI "void freeconary(security_context_t *" con );
+
+.SH "DESCRIPTION"
+.B freecon
+frees the memory allocated for a security context.
+
+.B freeconary
+frees the memory allocated for a context array.
+
+If
+.I con
+is NULL, no operation is performed.
+
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/freeconary.3 b/libselinux/man/man3/freeconary.3
new file mode 100644
index 0000000..3420153
--- /dev/null
+++ b/libselinux/man/man3/freeconary.3
@@ -0,0 +1 @@
+.so man3/freecon.3
diff --git a/libselinux/man/man3/fsetfilecon.3 b/libselinux/man/man3/fsetfilecon.3
new file mode 100644
index 0000000..33c321a
--- /dev/null
+++ b/libselinux/man/man3/fsetfilecon.3
@@ -0,0 +1 @@
+.so man3/setfilecon.3
diff --git a/libselinux/man/man3/get_default_context.3 b/libselinux/man/man3/get_default_context.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_default_context_with_level.3 b/libselinux/man/man3/get_default_context_with_level.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context_with_level.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_default_context_with_role.3 b/libselinux/man/man3/get_default_context_with_role.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context_with_role.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_default_context_with_rolelevel.3 b/libselinux/man/man3/get_default_context_with_rolelevel.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_default_context_with_rolelevel.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/get_ordered_context_list.3 b/libselinux/man/man3/get_ordered_context_list.3
new file mode 100644
index 0000000..c3fa956
--- /dev/null
+++ b/libselinux/man/man3/get_ordered_context_list.3
@@ -0,0 +1,80 @@
+.TH "get_ordered_context_list" "3" "1 January 2004" "russell@coker.com.au" "SELinux"
+.SH "NAME"
+get_ordered_context_list, get_ordered_context_list_with_level, get_default_context, get_default_context_with_level, get_default_context_with_role, get_default_context_with_rolelevel, query_user_context, manual_user_enter_context, get_default_role \- determine SELinux context(s) for user sessions
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/get_context_list.h>
+.sp
+.BI "int get_ordered_context_list(const char *" user ", security_context_t "fromcon ", security_context_t **" list );
+.sp
+.BI "int get_ordered_context_list_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t **" list );
+.sp
+.BI "int get_default_context(const char *" user ", security_context_t "fromcon ", security_context_t *" newcon );
+.sp
+.BI "int get_default_context_with_level(const char *" user ", const char *" level ", security_context_t "fromcon ", security_context_t *" newcon );
+.sp
+.BI "int get_default_context_with_role(const char* " user ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
+.sp
+.BI "int get_default_context_with_rolelevel(const char* " user ", const char* " level ", const char *" role ", security_context_t " fromcon ", security_context_t *" newcon ");
+.sp
+.BI "int query_user_context(security_context_t *" list ", security_context_t *" newcon );
+.sp
+.BI "int manual_user_enter_context(const char *" user ", security_context_t *" newcon );
+.sp
+.BI "int get_default_type(const char *" role ", char **" type );
+
+.SH "DESCRIPTION"
+.B get_ordered_context_list
+invokes the
+.B security_compute_user
+function to obtain the list of contexts for the specified
+.I user
+that are reachable from the specified
+.I fromcon
+context. The function then orders the resulting list based on the global
+.B /etc/selinux/<SELINUXTYPE>/contexts/default_contexts
+file and the per-user
+.B /etc/selinux/<SELINUXTYPE>/contexts/users/<username>
+file if it exists. The
+.I fromcon
+parameter may be NULL to indicate that the current context should
+be used. The function returns the number of contexts in the
+list, or -1 upon errors. The list must be freed using the
+.B freeconary
+function.
+
+.B get_ordered_context_list_with_level
+invokes the get_ordered_context_list function and applies the specified level.
+
+.B get_default_context
+is the same as get_ordered_context_list but only returns a single context
+which has to be freed with freecon.
+
+.B get_default_context_with_level
+invokes the get_default_context function and applies the specified level.
+
+.B get_default_context_with_role
+is the same as get_default_context but only returns a context with the specified role, returning -1 if no such context is reachable for the user.
+
+.B get_default_context_with_rolelevel
+invokes the get_default_context_with_role function and applies the specified level.
+
+.B query_user_context
+takes a list of contexts, queries the user via stdin/stdout as to which context
+they want, and returns a new context as selected by the user (which has to be
+freed with freecon).
+
+.B manual_user_enter_context
+allows the user to manually enter a context as a fallback if a list of authorized contexts could not be obtained. Caller must free via freecon.
+
+.B get_default_type
+Get the default type (domain) for 'role' and set 'type' to refer to it, which has to be freed with free.
+
+.SH "RETURN VALUE"
+get_ordered_context_list and get_ordered_context_list_with_level return the number of contexts in the list upon success or -1 upon errors.
+The other functions return 0 for success or -1 for errors.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freeconary "(3), " freecon "(3), " security_compute_av "(3)", getseuserbyname"(3)"
diff --git a/libselinux/man/man3/get_ordered_context_list_with_level.3 b/libselinux/man/man3/get_ordered_context_list_with_level.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/get_ordered_context_list_with_level.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/getcon.3 b/libselinux/man/man3/getcon.3
new file mode 100644
index 0000000..2170795
--- /dev/null
+++ b/libselinux/man/man3/getcon.3
@@ -0,0 +1,62 @@
+.TH "getcon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getcon, getprevcon, getpidcon \- get SELinux security context of a process.
+
+getpeercon - get security context of a peer socket.
+
+setcon - set current security context of a process.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getcon(security_context_t *" context );
+
+.BI "int getprevcon(security_context_t *" context );
+
+.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
+
+.BI "int getpeercon(int " fd ", security_context_t *" context);
+
+.BI "int setcon(security_context_t " context);
+
+.SH "DESCRIPTION"
+.B getcon
+retrieves the context of the current process, which must be free'd with
+freecon.
+
+.B getprevcon
+same as getcon but gets the context before the last exec.
+
+.B getpidcon
+returns the process context for the specified PID.
+
+.B getpeercon
+retrieves context of peer socket, and set *context to refer to it, which must be free'd with freecon.
+
+.B setcon
+sets the current security context of the process to a new value. Note
+that use of this function requires that the entire application be
+trusted to maintain any desired separation between the old and new
+security contexts, unlike exec-based transitions performed via
+setexeccon(3). When possible, decompose your applicaiton and use
+setexeccon() and execve() instead.
+
+Since access to file descriptors is revalidated upon use by SELinux,
+the new context must be explicitly authorized in the policy to use the
+descriptors opened by the old context if that is desired. Otherwise,
+attempts by the process to use any existing descriptors (including
+stdin, stdout, and stderr) after performing the setcon() will fail.
+
+A multi-threaded application can perform a setcon() prior to creating
+any child threads, in which case all of the child threads will inherit
+the new context. However, setcon() will fail if there are any other
+threads running in the same process.
+
+If the process was being ptraced at the time of the setcon()
+operation, ptrace permission will be revalidated against the new
+context and the setcon() will fail if it is not allowed by policy.
+
+.SH "RETURN VALUE"
+On error -1 is returned. On success 0 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " setexeccon "(3)"
diff --git a/libselinux/man/man3/getexeccon.3 b/libselinux/man/man3/getexeccon.3
new file mode 100644
index 0000000..4b832a2
--- /dev/null
+++ b/libselinux/man/man3/getexeccon.3
@@ -0,0 +1,60 @@
+.TH "getexeccon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
+
+rpm_execcon \- run a helper for rpm in an appropriate security context
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getexeccon(security_context_t *" context );
+
+.BI "int setexeccon(security_context_t "context );
+
+.BI "int rpm_execcon(unsigned int " verified ", const char *" filename ", char *const " argv "[] , char *const " envp "[]);
+
+.SH "DESCRIPTION"
+.B getexeccon
+retrieves the context used for executing a new process.
+This returned context should be freed with freecon if non-NULL.
+getexeccon sets *con to NULL if no exec context has been explicitly
+set by the program (i.e. using the default policy behavior).
+
+.B setexeccon
+sets the context used for the next execve call.
+NULL can be passed to
+setexeccon to reset to the default policy behavior.
+The exec context is automatically reset after the next execve, so a
+program doesn't need to explicitly sanitize it upon startup.
+
+
+setexeccon can be applied prior to library
+functions that internally perform an execve, e.g. execl*, execv*, popen,
+in order to set an exec context for that operation.
+
+
+Note: Signal handlers that perform an execve must take care to
+save, reset, and restore the exec context to avoid unexpected behavior.
+
+
+.B rpm_execcon
+runs a helper for rpm in an appropriate security context. The
+verified parameter should contain the return code from the signature
+verification (0 == ok, 1 == notfound, 2 == verifyfail, 3 ==
+nottrusted, 4 == nokey), although this information is not yet used by
+the function. The function determines the proper security context for
+the helper based on policy, sets the exec context accordingly, and
+then executes the specified filename with the provided argument and
+environment arrays.
+
+
+.SH "RETURN VALUE"
+On error -1 is returned.
+
+On success getexeccon and setexeccon returns 0.
+rpm_execcon only returns upon errors, as it calls execve(2).
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " getcon "(3)"
+
+
diff --git a/libselinux/man/man3/getfilecon.3 b/libselinux/man/man3/getfilecon.3
new file mode 100644
index 0000000..61b216f
--- /dev/null
+++ b/libselinux/man/man3/getfilecon.3
@@ -0,0 +1,42 @@
+.TH "getfilecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getfilecon, fgetfilecon, lgetfilecon \- get SELinux security context of a file
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getfilecon(const char *" path ", security_context_t *" con );
+
+.BI "int lgetfilecon(const char *" path ", security_context_t *" con );
+
+.BI "int fgetfilecon(int "fd ", security_context_t *" con );
+.SH "DESCRIPTION"
+.B getfilecon
+retrieves the context associated with the given path in the file system, the
+length of the context is returned.
+
+.B lgetfilecon
+is identical to getfilecon, except in the case of a symbolic link, where the
+link itself is interrogated, not the file that it refers to.
+
+.B fgetfilecon
+is identical to getfilecon, only the open file pointed to by filedes (as
+returned by open(2)) is interrogated in place of path.
+
+
+The returned context should be freed with freecon if non-NULL.
+.SH "RETURN VALUE"
+On success, a positive number is returned indicating the size of the
+extended attribute value. On failure, \-1 is returned and errno is set
+appropriately.
+
+If the context does not exist, or the process has no access to
+this attribute, errno is set to ENODATA.
+
+If extended attributes are not supported by the filesystem, or are dis\-
+abled, errno is set to ENOTSUP.
+
+The errors documented for the stat(2) system call are also applicable
+here.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
diff --git a/libselinux/man/man3/getfscreatecon.3 b/libselinux/man/man3/getfscreatecon.3
new file mode 100644
index 0000000..474aa28
--- /dev/null
+++ b/libselinux/man/man3/getfscreatecon.3
@@ -0,0 +1,38 @@
+.TH "getfscreatecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+getfscreatecon, setfscreatecon \- get or set the SELinux security context used for creating a new file system object.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getfscreatecon(security_context_t *" con );
+
+.BI "int setfscreatecon(security_context_t "context );
+
+.SH "DESCRIPTION"
+.B getfscreatecon
+retrieves the context used for creating a new file system object.
+This returned context should be freed with freecon if non-NULL.
+getfscreatecon sets *con to NULL if no fscreate context has been explicitly
+set by the program (i.e. using the default policy behavior).
+
+.B setfscreatecon
+sets the context used for creating a new file system object.
+NULL can be passed to
+setfscreatecon to reset to the default policy behavior.
+The fscreate context is automatically reset after the next execve, so a
+program doesn't need to explicitly sanitize it upon startup.
+
+setfscreatecon can be applied prior to library
+functions that internally perform an file creation,
+in order to set an file context on the objects.
+
+
+Note: Signal handlers that perform an setfscreate must take care to
+save, reset, and restore the fscreate context to avoid unexpected behavior.
+.SH "RETURN VALUE"
+On error -1 is returned.
+On success 0 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " getcon "(3), " getexeccon "(3)"
diff --git a/libselinux/man/man3/getpeercon.3 b/libselinux/man/man3/getpeercon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/getpeercon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/getpidcon.3 b/libselinux/man/man3/getpidcon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/getpidcon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/getprevcon.3 b/libselinux/man/man3/getprevcon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/getprevcon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/getseuserbyname.3 b/libselinux/man/man3/getseuserbyname.3
new file mode 100644
index 0000000..1630356
--- /dev/null
+++ b/libselinux/man/man3/getseuserbyname.3
@@ -0,0 +1,28 @@
+.TH "getseuserbyname" "3" "29 September 2005" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+getseuserbyname \- get SELinux username and level for a given Linux username
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int getseuserbyname(const char *" linuxuser ", char **" selinuxuser ", char **" level ");
+.SH "DESCRIPTION"
+.B getseuserbyname
+retrieves the SELinux username and security level associated with
+a given Linux username. The SELinux username and security level can
+then be passed to other libselinux functions such as
+get_ordered_context_list_with_level and get_default_context_with_level.
+
+
+
+The returned SELinux username and level should be freed by the caller
+using free.
+.SH "RETURN VALUE"
+On success, 0 is returned.
+On failure, \-1 is returned and errno is set appropriately.
+
+The errors documented for the stat(2) system call are also applicable
+here.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/is_context_customizable.3 b/libselinux/man/man3/is_context_customizable.3
new file mode 100644
index 0000000..d230ace
--- /dev/null
+++ b/libselinux/man/man3/is_context_customizable.3
@@ -0,0 +1,25 @@
+.TH "is_context_customizable" "3" "10 January 2005" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+is_context_customizable \- check whether SELinux context type is customizable by the administrator.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int is_context_customizable(security_context_t scon);
+
+.SH "DESCRIPTION"
+.B is_context_customizable
+
+This function checks whether the type of scon is in the /etc/selinux/SELINUXTYPE/context/customizable_types file. A customizable type is a file context type that
+administrators set on files, usually to allow certain domains to share the file content. restorecon and setfiles, by default, leave these context in place.
+
+
+.SH "RETURN VALUE"
+returns 1 if security context is customizable or 0 if it is not.
+returns -1 on error
+
+.SH "FILE"
+/etc/selinux/SELINUXTYPE/context/customizable_types
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/is_selinux_enabled.3 b/libselinux/man/man3/is_selinux_enabled.3
new file mode 100644
index 0000000..025aad6
--- /dev/null
+++ b/libselinux/man/man3/is_selinux_enabled.3
@@ -0,0 +1,15 @@
+.TH "is_selinux_enabled" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+is_selinux_enabled \- check whether SELinux is enabled
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int is_selinux_enabled();
+
+.SH "DESCRIPTION"
+.B is_selinux_enabled
+returns 1 if SELinux is running or 0 if it is not. May change soon.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/lsetfilecon.3 b/libselinux/man/man3/lsetfilecon.3
new file mode 100644
index 0000000..33c321a
--- /dev/null
+++ b/libselinux/man/man3/lsetfilecon.3
@@ -0,0 +1 @@
+.so man3/setfilecon.3
diff --git a/libselinux/man/man3/manual_user_enter_context.3 b/libselinux/man/man3/manual_user_enter_context.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/manual_user_enter_context.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/matchmediacon.3 b/libselinux/man/man3/matchmediacon.3
new file mode 100644
index 0000000..1a3a561
--- /dev/null
+++ b/libselinux/man/man3/matchmediacon.3
@@ -0,0 +1,26 @@
+.TH "matchmediacon" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+matchmediacon \- get the default SELinux security context for the specified mediatype from the policy.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int matchmediacon(const char *" media ", security_context_t *" con);"
+
+
+.SH "DESCRIPTION"
+
+.B matchmediacon
+matches the specified media type with the media contexts configuration and sets the security context "con" to refer to the resulting context.
+.sp
+
+.B Note:
+ Caller must free returned security context "con" using freecon.
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise.
+
+.SH Files
+/etc/selinux/POLICYTYPE/contexts/files/media
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3)
diff --git a/libselinux/man/man3/matchpathcon.3 b/libselinux/man/man3/matchpathcon.3
new file mode 100644
index 0000000..2b1471c
--- /dev/null
+++ b/libselinux/man/man3/matchpathcon.3
@@ -0,0 +1,120 @@
+.TH "matchpathcon" "3" "16 March 2005" "sds@tycho.nsa.gov" "SELinux API documentation"
+.SH "NAME"
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int matchpathcon_init(const char *" path ");"
+
+.BI "int matchpathcon_fini(void);"
+
+.BI "int matchpathcon(const char *" path ", mode_t " mode ", security_context_t *" con);
+.sp
+
+.BI "void set_matchpathcon_printf(void (*" f ")(const char *" fmt ", ...));"
+
+.BI "void set_matchpathcon_invalidcon(int (*" f ")(const char *"path ", unsigned " lineno ", char * " context "));"
+
+.BI "void set_matchpathcon_flags(unsigned int " flags ");"
+
+.SH "DESCRIPTION"
+.B matchpathcon_init
+loads the file contexts configuration specified by
+.I path
+into memory for use by subsequent
+.B matchpathcon
+calls. If
+.I path
+is NULL, then the active file contexts configuration is loaded by default,
+i.e. the path returned by
+.B selinux_file_context_path(3).
+Unless the
+.B MATCHPATHCON_BASEONLY
+flag has been set via
+.B set_matchpathcon_flags,
+files with the same path prefix but a
+.B .homedirs
+and
+.B .local
+suffix are also looked up and loaded if present. These files provide
+dynamically generated entries for user home directories and for local
+customizations.
+
+.sp
+.B matchpathcon_fini
+frees the memory allocated by a prior call to
+.B matchpathcon_init.
+This function can be used to free and reset the internal state between multiple
+.B matchpathcon_init
+calls, or to free memory when finished using
+.B matchpathcon.
+
+.sp
+.B matchpathcon
+matches the specified pathname and mode against the file contexts
+configuration and sets the security context
+.I con
+to refer to the
+resulting context. The caller must free the returned security context
+.I con
+using freecon when finished using it.
+.I mode
+can be 0 to disable mode matching, but
+should be provided whenever possible, as it may affect the matching.
+Only the file format bits (i.e. the file type) of the
+.I mode
+are used.
+If
+.B matchpathcon_init
+has not already been called, then this function will call it upon
+its first invocation with a NULL
+.I path,
+defaulting to the active file contexts configuration.
+.sp
+
+.B set_matchpathcon_printf
+sets the function used by
+.B matchpathcon_init
+when displaying errors about the file contexts configuration. If not set,
+then this defaults to fprintf(stderr, fmt, ...). This can be set to redirect
+error reporting to a different destination.
+
+.sp
+.B set_matchpathcon_invalidcon
+sets the function used by
+.B matchpathcon_init
+when checking the validity of a context in the file contexts
+configuration. If not set, then this defaults to a test based
+on
+.B security_check_context(3),
+which checks validity against the active policy on a SELinux system.
+This can be set to instead perform checking based on a binary policy file,
+e.g. using
+.B sepol_check_context(3),
+as is done by
+.B setfiles -c.
+The function is also responsible for reporting any such error, and
+may include the
+.I path
+and
+.I lineno
+in such error messages.
+
+.sp
+.B set_matchpathcon_flags
+sets flags controlling the operation of
+.B matchpathcon_init
+or
+.B matchpathcon.
+If the
+.B MATCHPATHCON_BASEONLY
+flag is set, then only the base file contexts configuration file
+will be processed, not any dynamically generated entries or local customizations.
+
+.sp
+.SH "RETURN VALUE"
+Returns 0 on success or -1 otherwise.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " freecon "(3), " setfilecon "(3), " setfscreatecon "(3)"
diff --git a/libselinux/man/man3/query_user_context.3 b/libselinux/man/man3/query_user_context.3
new file mode 100644
index 0000000..3fbfe0e
--- /dev/null
+++ b/libselinux/man/man3/query_user_context.3
@@ -0,0 +1 @@
+.so man3/get_ordered_context_list.3
diff --git a/libselinux/man/man3/rpm_execcon.3 b/libselinux/man/man3/rpm_execcon.3
new file mode 100644
index 0000000..b2e6ab8
--- /dev/null
+++ b/libselinux/man/man3/rpm_execcon.3
@@ -0,0 +1 @@
+.so man3/getexeccon.3
diff --git a/libselinux/man/man3/security_av_perm_to_string.3 b/libselinux/man/man3/security_av_perm_to_string.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/security_av_perm_to_string.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man3/security_av_string.3 b/libselinux/man/man3/security_av_string.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/security_av_string.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man3/security_check_context.3 b/libselinux/man/man3/security_check_context.3
new file mode 100644
index 0000000..af55f06
--- /dev/null
+++ b/libselinux/man/man3/security_check_context.3
@@ -0,0 +1,16 @@
+.TH "security_check_context" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_check_context \- check the validity of a SELinux context
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int security_check_context(security_context_t "con );
+
+.SH "DESCRIPTION"
+.B security_check_context
+returns 0 if SELinux is running and the context is valid, otherwise it
+returns -1.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_class_to_string.3 b/libselinux/man/man3/security_class_to_string.3
new file mode 100644
index 0000000..41788e9
--- /dev/null
+++ b/libselinux/man/man3/security_class_to_string.3
@@ -0,0 +1,80 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "security_class_to_string" "3" "30 Mar 2007" "" "SELinux API documentation"
+.SH "NAME"
+security_class_to_string, security_av_perm_to_string, string_to_security_class, string_to_av_perm, security_av_string \- convert
+between SELinux class and permission values and string names.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/flask.h>
+.sp
+.BI "const char * security_class_to_string(security_class_t " tclass ");"
+.sp
+.BI "const char * security_av_perm_to_string(security_class_t " tclass ", access_vector_t " av ");"
+.sp
+.BI "int security_av_string(security_class_t " tclass ", access_vector_t " av ", char **" result ");"
+.sp
+.BI "security_class_t string_to_security_class(const char *" name ");"
+.sp
+.BI "access_vector_t string_to_av_perm(security_class_t " tclass ", const char *" name ");"
+
+.SH "DESCRIPTION"
+.B security_class_to_string
+returns a string name for class
+.IR tclass ,
+or NULL if the class is invalid. The returned string must not be modified or freed.
+
+.B security_av_perm_to_string
+returns a string name for the access vector bit
+.I av
+of class
+.IR tclass ,
+or NULL if either argument is invalid. The returned string must not be modified or freed.
+
+.B security_av_string
+computes a full access vector string representation using
+.I tclass
+and
+.IR av ,
+which may have multiple bits set. The string is returned in the memory pointed to by
+.IR result ,
+and should be freed by the caller using
+.BR free (3).
+
+.B string_to_security_class
+returns the class value corresponding to the string name
+.IR name ,
+or zero if no such class exists.
+
+.B string_to_av_perm
+returns the access vector bit corresponding to the string name
+.I name
+and security class
+.IR tclass ,
+or zero if no such value exists.
+
+.SH "RETURN VALUE"
+.B security_av_string
+returns returns zero on success or \-1 on error with
+.I errno
+set appropriately. All other functions return zero or NULL on error.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+A class or access vector argument is not recognized by the currently loaded policy.
+
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selinux (8),
+.BR getcon (3),
+.BR getfilecon (3)
diff --git a/libselinux/man/man3/security_commit_booleans.3 b/libselinux/man/man3/security_commit_booleans.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_commit_booleans.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3
new file mode 100644
index 0000000..885719f
--- /dev/null
+++ b/libselinux/man/man3/security_compute_av.3
@@ -0,0 +1,68 @@
+.TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_compute_av, security_compute_create, security_compute_relabel,
+security_compute_member, security_compute_user, security_get_initial_context \- query
+the SELinux policy database in the kernel.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/flask.h>
+.sp
+.BI "int security_compute_av(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", access_vector_t "requested ", struct av_decision *" avd );
+.sp
+.BI "int security_compute_create(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
+.sp
+.BI "int security_compute_relabel(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
+.sp
+.BI "int security_compute_member(security_context_t "scon ", security_context_t "tcon ", security_class_t "tclass ", security_context_t *" newcon );
+.sp
+.BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con );
+.sp
+.BI "int security_get_initial_context(const char *" name ", security_context_t
+"con );
+.sp
+.BI "int checkPasswdAccess(access_vector_t " requested );
+
+.SH "DESCRIPTION"
+.B security_compute_av
+queries whether the policy permits the source context
+.B scon
+to access the target context
+.B tcon
+via class
+.B tclass
+with the
+.B requested
+access vector. See the cron source for a usage example.
+
+.B security_compute_create
+is used to compute a context to use for labeling a new object in a particular
+class based on a SID pair.
+
+.B security_compute_relabel
+is used to compute the new context to use when relabeling an object, it is used
+in the pam_selinux.so source and the newrole source to determine the correct
+label for the tty at login time, but can be used for other things.
+
+.B security_compute_member
+is used to compute the context to use when labeling a polyinstantiated object
+instance.
+
+.B security_compute_user
+is used to determine the set of user contexts that can be reached from a
+source context. Is mainly used by
+.B get_ordered_context_list.
+
+.B security_get_initial_context
+is used to get the context of a kernel initial security identifier specified by
+.I name
+
+.B checkPasswdAccess
+This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts.
+
+.SH "RETURN VALUE"
+0 for success and on error -1 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
diff --git a/libselinux/man/man3/security_compute_create.3 b/libselinux/man/man3/security_compute_create.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_create.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_compute_member.3 b/libselinux/man/man3/security_compute_member.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_member.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_compute_relabel.3 b/libselinux/man/man3/security_compute_relabel.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_relabel.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_compute_user.3 b/libselinux/man/man3/security_compute_user.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_compute_user.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_get_boolean_active.3 b/libselinux/man/man3/security_get_boolean_active.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_get_boolean_active.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_get_boolean_names.3 b/libselinux/man/man3/security_get_boolean_names.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_get_boolean_names.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_get_boolean_pending.3 b/libselinux/man/man3/security_get_boolean_pending.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_get_boolean_pending.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_get_initial_context.3 b/libselinux/man/man3/security_get_initial_context.3
new file mode 100644
index 0000000..a60bca4
--- /dev/null
+++ b/libselinux/man/man3/security_get_initial_context.3
@@ -0,0 +1 @@
+.so man3/security_compute_av.3
diff --git a/libselinux/man/man3/security_getenforce.3 b/libselinux/man/man3/security_getenforce.3
new file mode 100644
index 0000000..5d65574
--- /dev/null
+++ b/libselinux/man/man3/security_getenforce.3
@@ -0,0 +1,23 @@
+.TH "security_getenforce" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_getenforce, security_setenforce \- get or set the enforcing state of SELinux
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int security_getenforce();
+
+.BI "int security_setenforce(int "value );
+
+.SH "DESCRIPTION"
+.B security_getenforce
+returns 0 if SELinux is running in permissive mode, 1 if it is running in
+enforcing mode, and -1 on error.
+
+.B security_setenforce
+sets SELinux to enforcing mode if the value 1 is passed in, and sets it to
+permissive mode if 0 is passed in. On success 0 is returned, on error -1 is
+returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_load_booleans.3 b/libselinux/man/man3/security_load_booleans.3
new file mode 100644
index 0000000..c7057a1
--- /dev/null
+++ b/libselinux/man/man3/security_load_booleans.3
@@ -0,0 +1,59 @@
+.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+security_load_booleans, security_set_boolean, security_commit_booleans,
+security_get_boolean_names, security_get_boolean_active,
+security_get_boolean_pending \- routines for manipulating SELinux boolean values
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+extern int security_load_booleans(char *path);
+
+extern int security_get_boolean_names(char ***names, int *len);
+
+extern int security_get_boolean_pending(const char *name);
+
+extern int security_get_boolean_active(const char *name);
+
+extern int security_set_boolean(const char *name, int value);
+
+extern int security_commit_booleans(void);
+
+
+.SH "DESCRIPTION"
+
+The SELinux policy can include conditional rules that are enabled or
+disabled based on the current values of a set of policy booleans.
+These policy booleans allow runtime modification of the security
+policy without having to load a new policy.
+
+The SELinux API allows for a transaction based update. So you can set several boolean values and the commit them all at once.
+
+security_load_booleans
+
+Load policy boolean settings. Path may be NULL, in which case the booleans are loaded from the active policy boolean configuration file.
+
+security_get_boolean_names
+
+Returns a list of boolean names, currently supported by the loaded policy.
+
+security_set_boolean
+
+Sets the pending value for boolean
+
+security_get_boolean_pending
+
+Return pending value for boolean
+
+security_get_boolean_active
+
+Return active value for boolean
+
+security_commit_booleans
+
+Commit all pending values for the booleans.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+selinux(8), getsebool(8), booleans(8), togglesebool(8)
diff --git a/libselinux/man/man3/security_load_policy.3 b/libselinux/man/man3/security_load_policy.3
new file mode 100644
index 0000000..77c3eec
--- /dev/null
+++ b/libselinux/man/man3/security_load_policy.3
@@ -0,0 +1,15 @@
+.TH "security_load_policy" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_load_policy \- load a new SELinux policy
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int security_load_policy(void *" data ", size_t "len );
+
+.SH "DESCRIPTION"
+.B security_load_policy
+loads a new policy, returns 0 for success and -1 for error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_policyvers.3 b/libselinux/man/man3/security_policyvers.3
new file mode 100644
index 0000000..9e5dfd2
--- /dev/null
+++ b/libselinux/man/man3/security_policyvers.3
@@ -0,0 +1,16 @@
+.TH "security_policyvers" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+security_policyvers \- get the version of the SELinux policy
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int security_policyvers();
+
+.SH "DESCRIPTION"
+.B security_policyvers
+returns the version of the policy (a positive integer) on success, or -1 on
+error.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/security_set_boolean.3 b/libselinux/man/man3/security_set_boolean.3
new file mode 100644
index 0000000..29731ef
--- /dev/null
+++ b/libselinux/man/man3/security_set_boolean.3
@@ -0,0 +1 @@
+.so man3/security_load_booleans.3
diff --git a/libselinux/man/man3/security_setenforce.3 b/libselinux/man/man3/security_setenforce.3
new file mode 100644
index 0000000..24bca10
--- /dev/null
+++ b/libselinux/man/man3/security_setenforce.3
@@ -0,0 +1 @@
+.so security_getenforce.3
diff --git a/libselinux/man/man3/selabel_close.3 b/libselinux/man/man3/selabel_close.3
new file mode 100644
index 0000000..468fdaf
--- /dev/null
+++ b/libselinux/man/man3/selabel_close.3
@@ -0,0 +1 @@
+.so man3/selabel_open.3
diff --git a/libselinux/man/man3/selabel_lookup.3 b/libselinux/man/man3/selabel_lookup.3
new file mode 100644
index 0000000..ab792bb
--- /dev/null
+++ b/libselinux/man/man3/selabel_lookup.3
@@ -0,0 +1,78 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_lookup" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_lookup \- obtain SELinux security context from a string label.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" key ", int " type ");"
+.in
+.sp
+.BI "int selabel_lookup_raw(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup_raw('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" key ", int " type ");"
+
+.SH "DESCRIPTION"
+.B selabel_lookup
+performs a lookup operation on the handle
+.IR hnd ,
+returning the result in the memory pointed to by
+.IR context ,
+which must be freed by the caller using
+.BR freecon (3).
+The
+.I key
+and
+.I type
+parameters are the inputs to the lookup operation and are interpreted according to the specific backend that
+.I handle
+is open on.
+
+.B selabel_lookup_raw
+behaves identically to
+.B selabel_lookup
+but does not perform context translation.
+
+.SH "RETURN VALUE"
+On success, zero is returned. On error, \-1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B ENOENT
+No context corresponding to the input
+.I key
+and
+.I type
+was found.
+.TP
+.B EINVAL
+The
+.I key
+and/or
+.I type
+inputs are invalid, or the context being returned failed validation.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_stats (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selabel_open.3 b/libselinux/man/man3/selabel_open.3
new file mode 100644
index 0000000..1af2ec0
--- /dev/null
+++ b/libselinux/man/man3/selabel_open.3
@@ -0,0 +1,98 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_open" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_open, selabel_close \- userspace SELinux labeling interface.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "struct selabel_handle *selabel_open(int " backend ,
+.in +\w'struct selabel_handle *selabel_open('u
+.BI "struct selinux_opt *" options ,
+
+.BI "unsigned " nopt ");"
+.in
+.sp
+.BI "void selabel_close(struct selabel_handle *" hnd ");"
+
+.SH "DESCRIPTION"
+.B selabel_open
+is used to initialize a labeling handle to be used for lookup operations. The
+.I backend
+argument specifies which backend is to be opened; the list of current backends appears in
+.B BACKENDS
+below.
+
+The
+.I options
+argument should be NULL or a pointer to an array of
+.B selinux_opt
+structures of length
+.IR nopt :
+
+.RS
+.ta 4n 16n 24n
+.nf
+struct selinux_opt {
+ int type;
+ const char *value;
+};
+.fi
+.ta
+.RE
+
+The available option types are described in
+.B GLOBAL OPTIONS
+below as well as in the documentation for each individual backend. The return value on success is a non-NULL value for use in subsequent label operations.
+
+.B selabel_close
+terminates use of a handle, freeing any internal resources associated with it. After this call has been made, the handle must not be used again.
+
+.SH "GLOBAL OPTIONS"
+Global options which may be passed to
+.B selabel_open
+include the following:
+
+.TP
+.B SELABEL_OPT_UNUSED
+The option with a type code of zero is a no-op. Thus an array of options may be initizalized to zero and any untouched elements will not cause an error.
+.TP
+.B SELABEL_OPT_VALIDATE
+A non-null value for this option enables context validation. By default,
+.BR security_check_context (3)
+is used; a custom validation function can be provided via
+.BR selinux_set_callback (3).
+Note that an invalid context may not be treated as an error unless it is actually encountered during a lookup operation.
+
+.SH "BACKENDS"
+
+.TP
+.B SELABEL_CTX_FILE
+File contexts backend, described in
+.BR selabel_file (3).
+.TP
+.B SELABEL_CTX_MEDIA
+Media contexts backend, described in
+.BR selabel_media (3).
+.TP
+.B SELABEL_CTX_X
+X Windows contexts backend, described in
+.BR selabel_x (3).
+
+.SH "RETURN VALUE"
+A non-NULL handle value is returned on success. On error, NULL is returned and
+.I errno
+is set appropriately.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selabel_stats.3 b/libselinux/man/man3/selabel_stats.3
new file mode 100644
index 0000000..441f422
--- /dev/null
+++ b/libselinux/man/man3/selabel_stats.3
@@ -0,0 +1,35 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_stats" "3" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_stats \- obtain SELinux labeling statistics.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "void selabel_lookup(struct selabel_handle *" hnd ");"
+
+.SH "DESCRIPTION"
+.B selabel_stats
+causes zero or more messages to be printed containing backend-specific information about number of queries performed, number of unused entries, or other operational information.
+
+The messages are printed to standard error by default; a custom logging function can be provided via
+.BR selinux_set_callback (3).
+
+.SH "RETURN VALUE"
+None.
+
+.SH "ERRORS"
+None.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selinux_set_callback (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
new file mode 100644
index 0000000..f6ceff9
--- /dev/null
+++ b/libselinux/man/man3/selinux_binary_policy_path.3
@@ -0,0 +1,70 @@
+.TH "selinux_binary_policy_path" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
+.SH "NAME"
+selinux_policy_root, selinux_binary_policy_path,
+selinux_failsafe_context_path, selinux_removable_context_path,
+selinux_default_context_path, selinux_user_contexts_path,
+selinux_file_context_path, selinux_media_context_path,
+selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration
+directories and files.
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+
+extern const char *selinux_policy_root(void);
+
+extern const char *selinux_binary_policy_path(void);
+
+extern const char *selinux_failsafe_context_path(void);
+
+extern const char *selinux_removable_context_path(void);
+
+extern const char *selinux_default_context_path(void);
+
+extern const char *selinux_user_contexts_path(void);
+
+extern const char *selinux_file_context_path(void);
+
+extern const char *selinux_media_context_path(void);
+
+extern const char *selinux_securetty_types_path(void);
+
+extern const char *selinux_contexts_path(void);
+
+extern const char *selinux_booleans_path(void);
+
+
+.SH "DESCRIPTION"
+
+These functions return the paths to the active policy configuration
+directories and files based on the settings in /etc/selinux/config.
+
+.sp
+selinux_policy_root() - top-level policy directory
+.sp
+selinux_binary_policy_path() - binary policy file loaded into kernel
+.sp
+selinux_failsafe_context_path() - failsafe context for emergency logins
+.sp
+selinux_removable_context_path() - filesystem context for removable media
+.sp
+selinux_default_context_path() - system-wide default contexts for user sessions
+.sp
+selinux_user_contexts_path() - directory containing per-user default contexts
+.sp
+selinux_file_context_path() - file contexts configuration
+.sp
+selinux_media_context_path() - file contexts for media device nodes
+.sp
+selinux_contexts_path() - directory containing all of the context configuration files
+.sp
+selinux_securetty_types_path() - defines tty types for newrole securettys
+.sp
+selinux_booleans_path() - initial policy boolean settings
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/selinux_booleans_path.3 b/libselinux/man/man3/selinux_booleans_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_booleans_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_check_securetty_context.3 b/libselinux/man/man3/selinux_check_securetty_context.3
new file mode 100644
index 0000000..65a10d3
--- /dev/null
+++ b/libselinux/man/man3/selinux_check_securetty_context.3
@@ -0,0 +1,16 @@
+.TH "selinux_check_securetty_context" "3" "1 January 2007" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+selinux_check_securetty_context \- check whether a SELinux tty security context is defined as a securetty context
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int selinux_check_securetty_context(security_context_t "tty_context );
+
+.SH "DESCRIPTION"
+.B selinux_check_securetty_context
+returns 0 if tty_context is a securetty context
+returns < 0 otherwise.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
diff --git a/libselinux/man/man3/selinux_contexts_path.3 b/libselinux/man/man3/selinux_contexts_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_contexts_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_default_context_path.3 b/libselinux/man/man3/selinux_default_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_default_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_failsafe_context_path.3 b/libselinux/man/man3/selinux_failsafe_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_failsafe_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_file_context_path.3 b/libselinux/man/man3/selinux_file_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_file_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_getenforcemode.3 b/libselinux/man/man3/selinux_getenforcemode.3
new file mode 100644
index 0000000..a6a753e
--- /dev/null
+++ b/libselinux/man/man3/selinux_getenforcemode.3
@@ -0,0 +1,25 @@
+.TH "selinux_getenforcemode" "3" "25 May 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+selinux_getenforcemode \- get the enforcing state of SELinux
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B int selinux_getenforcemode(int *enforce);
+
+
+.SH "DESCRIPTION"
+.B selinux_getenforcemode
+Reads the contents of the /etc/selinux/config file to determine how the
+system was setup to run SELinux.
+
+Sets the value of enforce to 1 if SELinux should be run in enforcing mode.
+Sets the value of enforce to 0 if SELinux should be run in permissive mode.
+Sets the value of enforce to -1 if SELinux should be disabled.
+.SH "RETURN VALUE"
+On success, zero is returned.
+On failure, -1 is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
+
diff --git a/libselinux/man/man3/selinux_media_context_path.3 b/libselinux/man/man3/selinux_media_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_media_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_policy_root.3 b/libselinux/man/man3/selinux_policy_root.3
new file mode 100644
index 0000000..7499c75
--- /dev/null
+++ b/libselinux/man/man3/selinux_policy_root.3
@@ -0,0 +1,20 @@
+.TH "selinux_policy_root" "3" "25 May 2004" "dwalsh@redhat.com" "SELinux API documentation"
+.SH "NAME"
+selinux_policy_root \- return the path of the SELinux policy files for this machine.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.B char *selinux_policy_root();
+
+
+.SH "DESCRIPTION"
+.B selinux_policy_root
+Reads the contents of the /etc/selinux/config file to determine which policy files should be used for this machine.
+.SH "RETURN VALUE"
+On success, returns a directory path containing the SELinux policy files.
+On failure, NULL is returned.
+
+.SH "SEE ALSO"
+.BR selinux "(8)"
+
+
diff --git a/libselinux/man/man3/selinux_removable_context_path.3 b/libselinux/man/man3/selinux_removable_context_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_removable_context_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_securetty_types_path.3 b/libselinux/man/man3/selinux_securetty_types_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_securetty_types_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_set_callback.3 b/libselinux/man/man3/selinux_set_callback.3
new file mode 100644
index 0000000..6d6a723
--- /dev/null
+++ b/libselinux/man/man3/selinux_set_callback.3
@@ -0,0 +1,95 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selinux_set_callback" "3" "20 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selinux_set_callback \- userspace SELinux callback facilities.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "void selinux_set_callback(int " type ", union selinux_callback " callback ");"
+
+.SH "DESCRIPTION"
+.B selinux_set_callback
+sets the callback indicated by
+.I type
+to the value of
+.IR callback ,
+which should be passed as a function pointer cast to type
+.B union
+.BR selinux_callback .
+
+All callback functions should return a negative value with
+.I errno
+set appropriately on error.
+
+The available values for
+.I type
+are:
+.TP
+.B SELINUX_CB_LOG
+.BI "int (*" func_log ") (int " type ", const char *" fmt ", ...);"
+
+This callback is used for logging and should process the
+.BR printf (3)
+style
+.I fmt
+string and arguments as appropriate. The
+.I type
+argument indicates the type of message and will be set to one of the following:
+
+.B SELINUX_ERROR
+
+.B SELINUX_WARNING
+
+.B SELINUX_INFO
+
+.B SELINUX_AVC
+
+.TP
+.B SELINUX_CB_AUDIT
+.BI "int (*" func_audit ") (void *" auditdata ", security_class_t " cls ,
+.in +\w'int (*func_audit) ('u
+.BI "char *" msgbuf ", size_t " msgbufsize ");"
+.in
+
+This callback is used for supplemental auditing in AVC messages. The
+.I auditdata
+and
+.I cls
+arguments are the values passed to
+.BR avc_has_perm (3).
+A human-readable interpretation should be printed to
+.I msgbuf
+using no more than
+.I msgbufsize
+characters.
+
+.TP
+.B SELINUX_CB_VALIDATE
+.BI "int (*" func_validate ") (security_context_t *" ctx ");"
+
+This callback is used for context validation. The callback may optionally modify the input context by setting the target of the
+.I ctx
+pointer to a new context. In this case, the old value should be freed with
+.BR freecon (3).
+The value of
+.I errno
+should be set to
+.B EINVAL
+to indicate an invalid context.
+
+.SH "RETURN VALUE"
+None.
+
+.SH "ERRORS"
+None.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR avc_init (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man3/selinux_set_mapping.3 b/libselinux/man/man3/selinux_set_mapping.3
new file mode 100644
index 0000000..7ac069a
--- /dev/null
+++ b/libselinux/man/man3/selinux_set_mapping.3
@@ -0,0 +1,87 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2008
+.TH "selinux_set_mapping" "3" "12 Jun 2008" "" "SELinux API documentation"
+.SH "NAME"
+selinux_set_mapping \- establish dynamic object class and permission mapping.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.nf
+struct security_class_mapping {
+ const char *name;
+ const char *perms[];
+};
+.fi
+.sp
+.BI "int selinux_set_mapping(struct security_class_mapping *" map ");"
+
+.SH "DESCRIPTION"
+.B selinux_set_mapping
+establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system policy. Use of this function is highly preferred over the generated constants in the libselinux header files, as this method allows the policy's class and permission values to change over time.
+
+After the mapping is established, all libselinux functions that operate on class and permission values take the user-provided numbers, which are determined as follows:
+
+The
+.I map
+argument consists of an array of
+.B security_class_mapping
+structures, which must be terminated by a structure having a NULL name field. Except for this last structure, the
+.I name
+field should refer to the string name of an object class, and the corresponding
+.I perms
+field should refer to an array of permission bit names terminated by a NULL string.
+
+The object classes named in the mapping and the bit indexes of each set of permission bits named in the mapping are numbered in order starting from 1. These numbers are the values that should be passed to subsequent libselinux calls.
+
+.SH "RETURN VALUE"
+Zero is returned on success. On error, -1 is returned and
+.I errno
+is set appropriately.
+
+.SH "ERRORS"
+.TP
+.B EINVAL
+One of the class or permission names requested in the mapping is not present in the loaded policy.
+.TP
+.B ENOMEM
+An attempt to allocate memory failed.
+
+.SH "EXAMPLE"
+.RS
+.ta 4n 10n
+.nf
+struct security_class_mapping map[] = {
+ { "file", { "create", "unlink", "read", "write", NULL } },
+ { "socket", { "bind", NULL } },
+ { "process", { "signal", NULL } },
+ { NULL }
+};
+
+if (selinux_set_mapping(map) < 0)
+ exit(1);
+.fi
+.ta
+.RE
+
+In this example, after the call has succeeded, classes
+.BR file ,
+.BR socket ,
+and
+.B process
+will be identified by 1, 2 and 3, respectively. Permissions
+.IR create ,
+.IR unlink ,
+.IR read ,
+and
+.I write
+(for the
+.B file
+class) will be identified by 1, 2, 4, and 8 respectively. Classes and permissions not listed in the mapping cannot be used.
+
+.SH "AUTHOR"
+Eamon Walsh <ewalsh@tycho.nsa.gov>
+
+.SH "SEE ALSO"
+.BR avc_open (8),
+.BR selinux (8)
diff --git a/libselinux/man/man3/selinux_user_contexts_path.3 b/libselinux/man/man3/selinux_user_contexts_path.3
new file mode 100644
index 0000000..175a611
--- /dev/null
+++ b/libselinux/man/man3/selinux_user_contexts_path.3
@@ -0,0 +1 @@
+.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/set_matchpathcon_printf.3 b/libselinux/man/man3/set_matchpathcon_printf.3
new file mode 100644
index 0000000..cd5df2e
--- /dev/null
+++ b/libselinux/man/man3/set_matchpathcon_printf.3
@@ -0,0 +1 @@
+.so man3/matchpathcon.3
diff --git a/libselinux/man/man3/setcon.3 b/libselinux/man/man3/setcon.3
new file mode 100644
index 0000000..1210b5a
--- /dev/null
+++ b/libselinux/man/man3/setcon.3
@@ -0,0 +1 @@
+.so man3/getcon.3
diff --git a/libselinux/man/man3/setexeccon.3 b/libselinux/man/man3/setexeccon.3
new file mode 100644
index 0000000..b2e6ab8
--- /dev/null
+++ b/libselinux/man/man3/setexeccon.3
@@ -0,0 +1 @@
+.so man3/getexeccon.3
diff --git a/libselinux/man/man3/setfilecon.3 b/libselinux/man/man3/setfilecon.3
new file mode 100644
index 0000000..18030cd
--- /dev/null
+++ b/libselinux/man/man3/setfilecon.3
@@ -0,0 +1,41 @@
+.TH "setfilecon" "3" "1 January 2004" "russell@coker.com.au" "SELinux API documentation"
+.SH "NAME"
+setfilecon, fsetfilecon, lsetfilecon \- set SELinux security context of a file
+
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+.sp
+.BI "int setfilecon(const char *" path ", security_context_t "con );
+
+.BI "int lsetfilecon(const char *" path ", security_context_t "con );
+
+.BI "int fsetfilecon(int "fd ", security_context_t "con );
+
+.SH "DESCRIPTION"
+.B setfilecon
+sets the security context of the file system object.
+
+.B lsetfilecon
+is identical to setfilecon, except in the case of a symbolic link, where the
+link itself has it's context set, not the file that it refers to.
+
+.B fsetfilecon
+is identical to setfilecon, only the open file pointed to by filedes (as
+returned by open(2)) has it's context set in place of path.
+
+.SH "RETURN VALUE"
+On success, zero is returned. On failure, -1 is returned and errno is
+set appropriately.
+
+If there is insufficient space remaining to store the extended
+attribute, errno is set to either ENOSPC, or EDQUOT if quota enforce-
+ment was the cause.
+
+If extended attributes are not supported by the filesystem, or are dis-
+abled, errno is set to ENOTSUP.
+
+The errors documented for the stat(2) system call are also applicable
+here.
+
+.SH "SEE ALSO"
+.BR selinux "(3), " freecon "(3), " getfilecon "(3), " setfscreatecon "(3)"
diff --git a/libselinux/man/man3/setfscreatecon.3 b/libselinux/man/man3/setfscreatecon.3
new file mode 100644
index 0000000..21aeebd
--- /dev/null
+++ b/libselinux/man/man3/setfscreatecon.3
@@ -0,0 +1 @@
+.so man3/getfscreatecon.3
diff --git a/libselinux/man/man3/sidget.3 b/libselinux/man/man3/sidget.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/sidget.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/sidput.3 b/libselinux/man/man3/sidput.3
new file mode 100644
index 0000000..d7c3e66
--- /dev/null
+++ b/libselinux/man/man3/sidput.3
@@ -0,0 +1 @@
+.so man3/avc_context_to_sid.3
diff --git a/libselinux/man/man3/string_to_av_perm.3 b/libselinux/man/man3/string_to_av_perm.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/string_to_av_perm.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man3/string_to_security_class.3 b/libselinux/man/man3/string_to_security_class.3
new file mode 100644
index 0000000..bda9daf
--- /dev/null
+++ b/libselinux/man/man3/string_to_security_class.3
@@ -0,0 +1 @@
+.so man3/security_class_to_string.3
diff --git a/libselinux/man/man5/selabel_file.5 b/libselinux/man/man5/selabel_file.5
new file mode 100644
index 0000000..6cce99e
--- /dev/null
+++ b/libselinux/man/man5/selabel_file.5
@@ -0,0 +1,48 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_file" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_file \- userspace SELinux labeling interface: file contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" path ", int " mode ");"
+
+.SH "DESCRIPTION"
+The file contexts backend maps from pathname/mode combinations into security contexts. It is used to find the appropriate context for each file when relabeling a file system.
+
+The
+.I path
+argument should be set to the full pathname of the file whose assigned context is being checked. The
+.I mode
+argument should be set to the mode bits of the file, as determined by
+.BR lstat (2).
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard file contexts file. This value is also used as the base name for determining the names of local customization files.
+.TP
+.B SELABEL_OPT_BASEONLY
+A non-null value for this option indicates that any local customizations to the file contexts mapping should be ignored.
+.TP
+.B SELABEL_OPT_SUBSET
+A non-null value for this option is interpreted as a path prefix, for example "/etc". Only file context specifications starting with the given prefix are loaded. This may increase lookup performance, however any attempt to look up a path not starting with the given prefix will fail.
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man5/selabel_media.5 b/libselinux/man/man5/selabel_media.5
new file mode 100644
index 0000000..796260f
--- /dev/null
+++ b/libselinux/man/man5/selabel_media.5
@@ -0,0 +1,37 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_media" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_media \- userspace SELinux labeling interface: media contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" device_name ", int " unused ");"
+
+.SH "DESCRIPTION"
+The media contexts backend maps from media device names such as "cdrom" or "floppy" into security contexts. It is used to find the appropriate context for establishing context mounts on these devices.
+
+The integer lookup argument is currently unused and should be set to zero.
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard media contexts file.
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man5/selabel_x.5 b/libselinux/man/man5/selabel_x.5
new file mode 100644
index 0000000..1591c09
--- /dev/null
+++ b/libselinux/man/man5/selabel_x.5
@@ -0,0 +1,81 @@
+.\" Hey Emacs! This file is -*- nroff -*- source.
+.\"
+.\" Author: Eamon Walsh (ewalsh@tycho.nsa.gov) 2007
+.TH "selabel_x" "5" "18 Jun 2007" "" "SELinux API documentation"
+.SH "NAME"
+selabel_x \- userspace SELinux labeling interface: X Window System contexts backend.
+.SH "SYNOPSIS"
+.B #include <selinux/selinux.h>
+
+.B #include <selinux/label.h>
+.sp
+.BI "int selabel_lookup(struct selabel_handle *" hnd ,
+.in +\w'int selabel_lookup('u
+.BI "security_context_t *" context ,
+
+.BI "const char *" object_name ", int " object_type ");"
+
+.SH "DESCRIPTION"
+The X contexts backend maps from X Window System object names into security contexts. It is used to find the appropriate context for X Window System objects whose significance and/or usage semantics are determined primarily by name. This backend is also used to determine the default context for labeling remotely connected X clients.
+
+The
+.I object_type
+argument should be set to one of the following values:
+.TP
+.B SELABEL_X_PROP
+The
+.I object_name
+argument specifies the name of a window property, such as "WM_NAME".
+.TP
+.B SELABEL_X_SELN
+The
+.I object_name
+argument specifies the name of a selection, such as "PRIMARY".
+.TP
+.B SELABEL_X_EXT
+The
+.I object_name
+argument specifies the name of a protocol extension, such as "RENDER".
+.TP
+.B SELABEL_X_EVENT
+The
+.I object_name
+argument specifies the name of an event type, such as "X11:ButtonPress".
+.TP
+.B SELABEL_X_CLIENT
+The
+.I object_name
+argument is ignored and should be set to NULL. The default context for labeling remote X clients is returned.
+.TP
+.B SELABEL_X_POLYPROP
+Like
+.BR SELABEL_X_PROP ,
+but checks if the property was marked as being polyinstantiated. See
+.B NOTES
+below.
+.TP
+.B SELABEL_X_POLYSELN
+Like
+.BR SELABEL_X_SELN ,
+but checks if the selection was marked as being polyinstantiated. See
+.B NOTES
+below.
+
+.SH "OPTIONS"
+In addition to the global options described in
+.BR selabel_open (3),
+this backend recognizes the following options:
+
+.TP
+.B SELABEL_OPT_PATH
+A non-null value for this option specifies a path to a file that will be opened in lieu of the standard X contexts file.
+
+.SH "NOTES"
+Properties and selections are marked as either polyinstantiated or not. For these name types, the "POLY" option searches only the names marked as being polyinstantiated, while the other option searches only the names marked as not being polyinstantiated. Users of the interface should check both mappings, optionally taking action based on the result (e.g. polyinstantiating the object).
+
+.SH "SEE ALSO"
+.BR selabel_open (3),
+.BR selabel_lookup (3),
+.BR selabel_stats (3),
+.BR selinux (8)
+
diff --git a/libselinux/man/man8/avcstat.8 b/libselinux/man/man8/avcstat.8
new file mode 100644
index 0000000..1035331
--- /dev/null
+++ b/libselinux/man/man8/avcstat.8
@@ -0,0 +1,31 @@
+.TH "avcstat" "8" "18 Nov 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+avcstat \- Display SELinux AVC statistics
+
+.SH "SYNOPSIS"
+.B avcstat
+.I [-c] [-f status_file] [interval]
+
+.SH "DESCRIPTION"
+.B avcstat
+
+Display SELinux AVC statistics. If the interval parameter is specified, the
+program will loop, displaying updated statistics every 'interval' seconds.
+Relative values are displayed by default.
+
+.SH OPTIONS
+.TP
+.B \-c
+Display the cumulative values.
+
+.TP
+.B \-f
+Specifies the location of the AVC statistics file, defaulting to '/selinux/avc/cache_stats'.
+
+.SH "SEE ALSO"
+selinux(8)
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by James Morris <jmorris@redhat.com>.
+
diff --git a/libselinux/man/man8/booleans.8 b/libselinux/man/man8/booleans.8
new file mode 100644
index 0000000..89c7654
--- /dev/null
+++ b/libselinux/man/man8/booleans.8
@@ -0,0 +1,49 @@
+.TH "booleans" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+booleans \- Policy booleans enable runtime customization of SELinux policy.
+
+.SH "DESCRIPTION"
+This manual page describes SELinux policy booleans.
+.BR
+
+The SELinux policy can include conditional rules that are enabled or
+disabled based on the current values of a set of policy booleans.
+These policy booleans allow runtime modification of the security
+policy without having to load a new policy.
+
+For example, the boolean httpd_enable_cgi allows the httpd daemon to
+run cgi scripts if it is enabled. If the administrator does not want
+to allow execution of cgi scripts, he can simply disable this boolean
+value.
+
+The policy defines a default value for each boolean, typically false.
+These default values can be overridden via local settings created via the
+.B setsebool(8)
+utility, using -P to make the setting persistent across reboots.
+The
+.B system-config-securitylevel
+tool provides a graphical interface for altering
+the settings. The
+.B load_policy(8)
+program will preserve
+current boolean settings upon a policy reload by default, or can
+optionally reset booleans to the boot-time defaults via the -b option.
+
+Boolean values can be listed by using the
+.B getsebool(8)
+utility and passing it the -a option.
+
+Boolean values can also be changed at runtime via the
+.B setsebool(8)
+utility or the
+.B togglesebool
+utility. By default, these utilities only change the
+current boolean value and do not affect the persistent settings,
+unless the -P option is used to setsebool.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The SELinux conditional policy support was developed by Tresys Technology.
+
+.SH "SEE ALSO"
+getsebool(8), setsebool(8), selinux(8), togglesebool(8)
diff --git a/libselinux/man/man8/getenforce.8 b/libselinux/man/man8/getenforce.8
new file mode 100644
index 0000000..8dc63c8
--- /dev/null
+++ b/libselinux/man/man8/getenforce.8
@@ -0,0 +1,15 @@
+.TH "getenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+getenforce \- get the current mode of SELinux
+.SH "SYNOPSIS"
+.B getenforce
+
+.SH "DESCRIPTION"
+.B getenforce
+reports whether SELinux is enforcing, permissive, or disabled.
+
+.SH AUTHOR
+Dan Walsh, <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), setenforce(8), selinuxenabled(8)
diff --git a/libselinux/man/man8/getsebool.8 b/libselinux/man/man8/getsebool.8
new file mode 100644
index 0000000..a4200ee
--- /dev/null
+++ b/libselinux/man/man8/getsebool.8
@@ -0,0 +1,35 @@
+.TH "getsebool" "8" "11 Aug 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+getsebool \- get SELinux boolean value(s)
+
+.SH "SYNOPSIS"
+.B getsebool
+.I "[-a] [boolean]"
+
+.SH "DESCRIPTION"
+.B getsebool
+reports where a particular SELinux boolean or
+all SELinux booleans are on or off
+In certain situations a boolean can be in one state with a pending
+change to the other state. getsebool will report this as a pending change.
+The pending value indicates
+the value that will be applied upon the next boolean commit.
+
+The setting of boolean values occurs in two stages; first the pending
+value is changed, then the booleans are committed, causing their
+active values to become their pending values. This allows a group of
+booleans to be changed in a single transaction, by setting all of
+their pending values as desired and then committing once.
+
+.SH OPTIONS
+.TP
+.B \-a
+Show all SELinux booleans.
+
+.SH "SEE ALSO"
+selinux(8), setsebool(8), booleans(8)
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+The program was written by Tresys Technology.
+
diff --git a/libselinux/man/man8/matchpathcon.8 b/libselinux/man/man8/matchpathcon.8
new file mode 100644
index 0000000..c1b00c0
--- /dev/null
+++ b/libselinux/man/man8/matchpathcon.8
@@ -0,0 +1,37 @@
+.TH "matchpathcon" "8" "21 April 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+matchpathcon \- get the default SELinux security context for the specified path from the file contexts configuration.
+
+.SH "SYNOPSIS"
+.B matchpathcon [-V] [-N] [-n] [-f file_contexts_file ] [-p prefix ] filepath...
+.SH "DESCRIPTION"
+.B matchpathcon
+queries the system policy and outputs the default security context associated with the filepath.
+
+Note: Identical paths can have different security contexts, depending on the file type. (regular file, directory, link file, char file ...)
+
+.B matchpathcon
+will also take the file type into consideration in determining the default security context if the file exists. If the file does not exist, no file type matching will occur.
+
+.SH OPTIONS
+.B \-n
+Do not display path.
+
+.B \-N
+Do not use translations.
+
+.B \-f file_context_file
+Use alternate file_context file
+
+.B \-p prefix
+Use prefix to speed translations
+
+.B \-V
+Verify file context on disk matches defaults
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+.BR selinux "(8), "
+.BR matchpathcon "(3), "
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
new file mode 100644
index 0000000..5caa592
--- /dev/null
+++ b/libselinux/man/man8/selinux.8
@@ -0,0 +1,82 @@
+.TH "selinux" "8" "29 Apr 2005" "dwalsh@redhat.com" "SELinux Command Line documentation"
+
+.SH "NAME"
+selinux \- NSA Security-Enhanced Linux (SELinux)
+
+.SH "DESCRIPTION"
+
+NSA Security-Enhanced Linux (SELinux) is an implementation of a
+flexible mandatory access control architecture in the Linux operating
+system. The SELinux architecture provides general support for the
+enforcement of many kinds of mandatory access control policies,
+including those based on the concepts of Type Enforcement®, Role-
+Based Access Control, and Multi-Level Security. Background
+information and technical documentation about SELinux can be found at
+http://www.nsa.gov/selinux.
+
+The
+.I /etc/selinux/config
+configuration file controls whether SELinux is
+enabled or disabled, and if enabled, whether SELinux operates in
+permissive mode or enforcing mode. The
+.B SELINUX
+variable may be set to
+any one of disabled, permissive, or enforcing to select one of these
+options. The disabled option completely disables the SELinux kernel
+and application code, leaving the system running without any SELinux
+protection. The permissive option enables the SELinux code, but
+causes it to operate in a mode where accesses that would be denied by
+policy are permitted but audited. The enforcing option enables the
+SELinux code and causes it to enforce access denials as well as
+auditing them. Permissive mode may yield a different set of denials
+than enforcing mode, both because enforcing mode will prevent an
+operation from proceeding past the first denial and because some
+application code will fall back to a less privileged mode of operation
+if denied access.
+
+The
+.I /etc/selinux/config
+configuration file also controls what policy
+is active on the system. SELinux allows for multiple policies to be
+installed on the system, but only one policy may be active at any
+given time. At present, two kinds of SELinux policy exist: targeted
+and strict. The targeted policy is designed as a policy where most
+processes operate without restrictions, and only specific services are
+placed into distinct security domains that are confined by the policy.
+For example, the user would run in a completely unconfined domain
+while the named daemon or apache daemon would run in a specific domain
+tailored to its operation. The strict policy is designed as a policy
+where all processes are partitioned into fine-grained security domains
+and confined by policy. It is anticipated in the future that other
+policies will be created (Multi-Level Security for example). You can
+define which policy you will run by setting the
+.B SELINUXTYPE
+environment variable within
+.I /etc/selinux/config.
+The corresponding
+policy configuration for each such policy must be installed in the
+/etc/selinux/SELINUXTYPE/ directories.
+
+A given SELinux policy can be customized further based on a set of
+compile-time tunable options and a set of runtime policy booleans.
+.B system-config-securitylevel
+allows customization of these booleans and tunables.
+
+Many domains that are protected by SELinux also include selinux man pages explainging how to customize their policy.
+
+.SH FILE LABELING
+
+All files, directories, devices ... have a security context/label associated with them. These context are stored in the extended attributes of the file system.
+Problems with SELinux often arise from the file system being mislabeled. This can be caused by booting the machine with a non selinux kernel. If you see an error message containing file_t, that is usually a good indicator that you have a serious problem with file system labeling.
+
+The best way to relabel the file system is to create the flag file /.autorelabel and reboot. system-config-securitylevel, also has this capability. The restorcon/fixfiles commands are also available for relabeling files.
+
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+booleans(8), setsebool(8), selinuxenabled(8), togglesebool(8), restorecon(8), setfiles(8), ftpd_selinux(8), named_selinux(8), rsync_selinux(8), httpd_selinux(8), nfs_selinux(8), samba_selinux(8), kerberos_selinux(8), nis_selinux(8), ypbind_selinux(8)
+
+
+.SH FILES
+/etc/selinux/config
diff --git a/libselinux/man/man8/selinuxenabled.8 b/libselinux/man/man8/selinuxenabled.8
new file mode 100644
index 0000000..b25431f
--- /dev/null
+++ b/libselinux/man/man8/selinuxenabled.8
@@ -0,0 +1,16 @@
+.TH "selinuxenabled" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+selinuxenabled \- tool to be used within shell scripts to determine if selinux is enabled
+.SH "SYNOPSIS"
+.B selinuxenabled
+
+.SH "DESCRIPTION"
+.B selinuxenabled
+Indicates whether SELinux is enabled or disabled. It exits with status 0
+if SELinux is enabled and 1 if it is not enabled.
+
+.SH AUTHOR
+Dan Walsh, <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), setenforce(8), getenforce(8)
diff --git a/libselinux/man/man8/setenforce.8 b/libselinux/man/man8/setenforce.8
new file mode 100644
index 0000000..8a010d6
--- /dev/null
+++ b/libselinux/man/man8/setenforce.8
@@ -0,0 +1,23 @@
+.TH "setenforce" "1" "7 April 2004" "dwalsh@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+setenforce \- modify the mode SELinux is running in.
+.SH "SYNOPSIS"
+.B setenforce [ Enforcing | Permissive | 1 | 0 ]
+
+.SH "DESCRIPTION"
+Use Enforcing or 1 to put SELinux in enforcing mode.
+Use Permissive or 0 to put SELinux in permissive mode.
+You need to modify
+.I /etc/grub.conf
+or
+.I /etc/selinux/config
+to disable SELinux.
+
+.SH AUTHOR
+Dan Walsh, <dwalsh@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), getenforce(8), selinuxenabled(8)
+
+.SH FILES
+/etc/grub.conf, /etc/selinux/config
diff --git a/libselinux/man/man8/togglesebool.8 b/libselinux/man/man8/togglesebool.8
new file mode 100644
index 0000000..ae21175
--- /dev/null
+++ b/libselinux/man/man8/togglesebool.8
@@ -0,0 +1,17 @@
+.TH "togglesebool" "1" "26 Oct 2004" "sgrubb@redhat.com" "SELinux Command Line documentation"
+.SH "NAME"
+togglesebool \- flip the current value of a SELinux boolean
+.SH "SYNOPSIS"
+.B togglesebool boolean...
+
+.SH "DESCRIPTION"
+.B togglesebool
+flips the current value of a list of booleans. If the value is currently a 1,
+then it will be changed to a 0 and vice versa. Only the "in memory" values are
+changed; the boot-time settings are unaffected.
+
+.SH AUTHOR
+This man page was written by Steve Grubb <sgrubb@redhat.com>
+
+.SH "SEE ALSO"
+selinux(8), booleans(8), getsebool(8), setsebool(8)
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
new file mode 100644
index 0000000..f5fd630
--- /dev/null
+++ b/libselinux/src/Makefile
@@ -0,0 +1,134 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+SHLIBDIR ?= $(DESTDIR)/lib
+INCLUDEDIR ?= $(PREFIX)/include
+PYLIBVER ?= $(shell python -c 'import sys;print "python%d.%d" % sys.version_info[0:2]')
+PYINC ?= /usr/include/$(PYLIBVER)
+PYLIB ?= /usr/lib/$(PYLIBVER)
+PYTHONLIBDIR ?= $(LIBDIR)/$(PYLIBVER)
+RUBYLIBVER ?= $(shell ruby -e 'print RUBY_VERSION.split(".")[0..1].join(".")')
+RUBYPLATFORM ?= $(shell ruby -e 'print RUBY_PLATFORM')
+RUBYINC ?= $(LIBDIR)/ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+RUBYINSTALL ?= $(LIBDIR)/ruby/site_ruby/$(RUBYLIBVER)/$(RUBYPLATFORM)
+
+LIBVERSION = 1
+
+LIBA=libselinux.a
+TARGET=libselinux.so
+SWIGIF= selinuxswig_python.i
+SWIGRUBYIF= selinuxswig_ruby.i
+SWIGCOUT= selinuxswig_wrap.c
+SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
+SWIGLOBJ:= $(patsubst %.c,%.lo,$(SWIGCOUT))
+SWIGRUBYLOBJ:= $(patsubst %.c,%.lo,$(SWIGRUBYCOUT))
+SWIGSO=_selinux.so
+SWIGFILES=$(SWIGSO) selinux.py
+SWIGRUBYSO=_rubyselinux.so
+LIBSO=$(TARGET).$(LIBVERSION)
+AUDIT2WHYSO=audit2why.so
+
+ifeq ($(DISABLE_AVC),y)
+ UNUSED_SRCS+=avc.c avc_internal.c avc_sidtab.c mapping.c stringrep.c checkAccess.c
+endif
+ifeq ($(DISABLE_BOOL),y)
+ UNUSED_SRCS+=booleans.c
+endif
+ifeq ($(DISABLE_RPM),y)
+ UNUSED_SRCS+=rpm.c
+endif
+
+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT)
+SRCS= $(filter-out $(UNUSED_SRCS), $(filter-out audit2why.c $(GENERATED),$(wildcard *.c)))
+
+OBJS= $(patsubst %.c,%.o,$(SRCS))
+LOBJS= $(patsubst %.c,%.lo,$(SRCS))
+CFLAGS ?= -Werror -Wall -W -Wundef -Wshadow -Wmissing-noreturn -Wmissing-format-attribute
+override CFLAGS += -I../include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 $(EMFLAGS)
+RANLIB=ranlib
+
+ARCH := $(patsubst i%86,i386,$(shell uname -m))
+ifneq (,$(filter i386,$(ARCH)))
+TLSFLAGS += -mno-tls-direct-seg-refs
+endif
+
+SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./
+
+SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./
+
+all: $(LIBA) $(LIBSO)
+
+pywrap: all $(SWIGSO) $(AUDIT2WHYSO)
+
+rubywrap: all $(SWIGRUBYSO)
+
+$(LIBA): $(OBJS)
+ $(AR) rcs $@ $^
+ $(RANLIB) $@
+
+$(SWIGLOBJ): $(SWIGCOUT)
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
+ $(CC) $(filter-out -Werror,$(CFLAGS)) -I$(RUBYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGSO): $(SWIGLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $< -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+
+$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux -L$(LIBDIR) -Wl,-soname,$@
+
+$(LIBSO): $(LOBJS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -ldl -L$(LIBDIR) -Wl,-soname,$(LIBSO),-z,defs,-z,relro
+ ln -sf $@ $(TARGET)
+
+audit2why.lo: audit2why.c
+ $(CC) $(CFLAGS) -I$(PYINC) -fPIC -DSHARED -c -o $@ $<
+
+$(AUDIT2WHYSO): audit2why.lo
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -L. -lselinux ${LIBDIR}/libsepol.a -L$(LIBDIR) -Wl,-soname,$@
+
+%.o: %.c policy.h
+ $(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
+
+%.lo: %.c policy.h
+ $(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
+
+$(SWIGCOUT): $(SWIGIF)
+ $(SWIG) $^
+
+$(SWIGRUBYCOUT): $(SWIGRUBYIF)
+ $(SWIGRUBY) $^
+
+swigify: $(SWIGIF)
+ $(SWIG) $^
+
+install: all
+ test -d $(LIBDIR) || install -m 755 -d $(LIBDIR)
+ install -m 644 $(LIBA) $(LIBDIR)
+ test -d $(SHLIBDIR) || install -m 755 -d $(SHLIBDIR)
+ install -m 755 $(LIBSO) $(SHLIBDIR)
+ cd $(LIBDIR) && ln -sf ../../`basename $(SHLIBDIR)`/$(LIBSO) $(TARGET)
+
+install-pywrap: pywrap
+ test -d $(PYTHONLIBDIR)/site-packages/selinux || install -m 755 -d $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(SWIGSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 755 $(AUDIT2WHYSO) $(PYTHONLIBDIR)/site-packages/selinux
+ install -m 644 selinux.py $(PYTHONLIBDIR)/site-packages/selinux/__init__.py
+
+install-rubywrap: rubywrap
+ test -d $(RUBYINSTALL) || install -m 755 -d $(RUBYINSTALL)
+ install -m 755 $(SWIGRUBYSO) $(RUBYINSTALL)/selinux.so
+
+relabel:
+ /sbin/restorecon $(SHLIBDIR)/$(LIBSO)
+
+clean:
+ -rm -f $(OBJS) $(LOBJS) $(LIBA) $(LIBSO) $(SWIGLOBJ) $(SWIGSO) $(TARGET) $(AUDIT2WHYSO) *.o *.lo *~
+
+distclean: clean
+ rm -f $(GENERATED) $(SWIGFILES)
+
+indent:
+ ../../scripts/Lindent $(filter-out $(GENERATED),$(wildcard *.[ch]))
+
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c
new file mode 100644
index 0000000..691bc67
--- /dev/null
+++ b/libselinux/src/audit2why.c
@@ -0,0 +1,443 @@
+#include <Python.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <getopt.h>
+#include <limits.h>
+#include <sepol/sepol.h>
+#include <sepol/policydb.h>
+#include <sepol/policydb/services.h>
+#include <selinux/selinux.h>
+
+#define UNKNOWN -1
+#define BADSCON -2
+#define BADTCON -3
+#define BADTCLASS -4
+#define BADPERM -5
+#define BADCOMPUTE -6
+#define NOPOLICY -7
+#define ALLOW 0
+#define DONTAUDIT 1
+#define TERULE 2
+#define BOOLEAN 3
+#define CONSTRAINT 4
+#define RBAC 5
+
+struct boolean_t {
+ char *name;
+ int active;
+};
+
+static struct boolean_t **boollist = NULL;
+static int boolcnt = 0;
+
+struct avc_t {
+ sepol_handle_t *handle;
+ sepol_policydb_t *policydb;
+ sepol_security_id_t ssid;
+ sepol_security_id_t tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t av;
+};
+
+static struct avc_t *avc = NULL;
+
+static sidtab_t sidtab;
+
+static int load_booleans(const sepol_bool_t * boolean,
+ void *arg __attribute__ ((__unused__)))
+{
+ boollist[boolcnt] = malloc(sizeof(struct boolean_t));
+ boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean));
+ boollist[boolcnt]->active = sepol_bool_get_value(boolean);
+ boolcnt++;
+ return 0;
+}
+
+static int check_booleans(struct boolean_t **bools)
+{
+ char errormsg[PATH_MAX];
+ struct sepol_av_decision avd;
+ unsigned int reason;
+ int rc;
+ int i;
+ sepol_bool_key_t *key = NULL;
+ sepol_bool_t *boolean = NULL;
+ int fcnt = 0;
+ int *foundlist = calloc(boolcnt, sizeof(int));
+ if (!foundlist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return fcnt;
+ }
+ for (i = 0; i < boolcnt; i++) {
+ char *name = boollist[i]->name;
+ int active = boollist[i]->active;
+ rc = sepol_bool_key_create(avc->handle, name, &key);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError,
+ "Could not create boolean key.\n");
+ break;
+ }
+ rc = sepol_bool_query(avc->handle,
+ avc->policydb,
+ key, &boolean);
+
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not find boolean %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ sepol_bool_set_value(boolean, !active);
+
+ rc = sepol_bool_set(avc->handle,
+ avc->policydb,
+ key, boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n", name);
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(avc->ssid, avc->tsid, avc->tclass,
+ avc->av, &avd, &reason);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Error during access vector computation, skipping...");
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+
+ sepol_bool_free(boolean);
+ break;
+ } else {
+ if (!reason) {
+ foundlist[fcnt] = i;
+ fcnt++;
+ }
+ sepol_bool_set_value(boolean, active);
+ rc = sepol_bool_set(avc->handle,
+ avc->policydb, key,
+ boolean);
+ if (rc < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not set boolean data %s.\n",
+ name);
+
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ break;
+ }
+ }
+ sepol_bool_free(boolean);
+ sepol_bool_key_free(key);
+ key = NULL;
+ boolean = NULL;
+ }
+ if (key)
+ sepol_bool_key_free(key);
+
+ if (boolean)
+ sepol_bool_free(boolean);
+
+ if (fcnt > 0) {
+ *bools = calloc(sizeof(struct boolean_t), fcnt + 1);
+ struct boolean_t *b = *bools;
+ for (i = 0; i < fcnt; i++) {
+ int ctr = foundlist[i];
+ b[i].name = strdup(boollist[ctr]->name);
+ b[i].active = !boollist[ctr]->active;
+ }
+ }
+ free(foundlist);
+ return fcnt;
+}
+
+static PyObject *finish(PyObject *self __attribute__((unused)), PyObject *args) {
+ PyObject *result = 0;
+
+ if (PyArg_ParseTuple(args,(char *)":finish")) {
+ int i = 0;
+ for (i = 0; i < boolcnt; i++) {
+ free(boollist[i]->name);
+ free(boollist[i]);
+ }
+ free(boollist);
+ sepol_sidtab_shutdown(&sidtab);
+ sepol_sidtab_destroy(&sidtab);
+ sepol_policydb_free(avc->policydb);
+ sepol_handle_destroy(avc->handle);
+ free(avc);
+ avc = NULL;
+ boollist = NULL;
+ boolcnt = 0;
+
+ /* Boilerplate to return "None" */
+ Py_RETURN_NONE;
+ }
+ return result;
+}
+
+
+static int __policy_init(const char *init_path)
+{
+ FILE *fp;
+ int vers = 0;
+ char path[PATH_MAX];
+ char errormsg[PATH_MAX];
+ struct sepol_policy_file *pf = NULL;
+ int rc;
+ unsigned int cnt;
+
+ if (init_path) {
+ strncpy(path, init_path, PATH_MAX);
+ fp = fopen(path, "r");
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s: %s\n",
+ path, strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ } else {
+ vers = sepol_policy_kern_vers_max();
+ if (vers < 0) {
+ snprintf(errormsg, sizeof(errormsg),
+ "Could not get policy version: %s\n",
+ strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ while (!fp && errno == ENOENT && --vers) {
+ snprintf(path, PATH_MAX, "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fp = fopen(path, "r");
+ }
+ if (!fp) {
+ snprintf(errormsg, sizeof(errormsg),
+ "unable to open %s.%d: %s\n",
+ selinux_binary_policy_path(),
+ security_policyvers(), strerror(errno));
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ return 1;
+ }
+ }
+
+ avc = calloc(sizeof(struct avc_t), 1);
+ if (!avc) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ /* Set up a policydb directly so that we can mutate it later
+ for testing what booleans might have allowed the access.
+ Otherwise, we'd just use sepol_set_policydb_from_file() here. */
+ if (sepol_policy_file_create(&pf) ||
+ sepol_policydb_create(&avc->policydb)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "policydb_init failed: %s\n", strerror(errno));
+ PyErr_SetString( PyExc_RuntimeError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ sepol_policy_file_set_fp(pf, fp);
+ if (sepol_policydb_read(avc->policydb, pf)) {
+ snprintf(errormsg, sizeof(errormsg),
+ "invalid binary policy %s\n", path);
+ PyErr_SetString( PyExc_ValueError, errormsg);
+ fclose(fp);
+ return 1;
+ }
+ fclose(fp);
+ sepol_set_policydb(&avc->policydb->p);
+ avc->handle = sepol_handle_create();
+
+ rc = sepol_bool_count(avc->handle,
+ avc->policydb, &cnt);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to get bool count\n");
+ return 1;
+ }
+
+ boollist = calloc(cnt, sizeof(struct boolean_t));
+ if (!boollist) {
+ PyErr_SetString( PyExc_MemoryError, "Out of memory\n");
+ return 1;
+ }
+
+ sepol_bool_iterate(avc->handle, avc->policydb,
+ load_booleans, (void *)NULL);
+
+ /* Initialize the sidtab for subsequent use by sepol_context_to_sid
+ and sepol_compute_av_reason. */
+ rc = sepol_sidtab_init(&sidtab);
+ if (rc < 0) {
+ PyErr_SetString( PyExc_RuntimeError, "unable to init sidtab\n");
+ free(boollist);
+ return 1;
+ }
+ sepol_set_sidtab(&sidtab);
+ return 0;
+}
+
+static PyObject *init(PyObject *self __attribute__((unused)), PyObject *args) {
+ int result;
+ char *init_path=NULL;
+ if (PyArg_ParseTuple(args,(char *)"|s:policy_init",&init_path))
+ result = __policy_init(init_path);
+ return Py_BuildValue("i", result);
+}
+
+#define RETURN(X) \
+ PyTuple_SetItem(result, 0, Py_BuildValue("i", X)); \
+ return result;
+
+static PyObject *analyze(PyObject *self __attribute__((unused)) , PyObject *args) {
+ security_context_t scon;
+ security_context_t tcon;
+ char *tclassstr;
+ PyObject *listObj;
+ PyObject *strObj;
+ int numlines;
+ struct boolean_t *bools;
+ unsigned int reason;
+ sepol_security_id_t ssid, tsid;
+ sepol_security_class_t tclass;
+ sepol_access_vector_t perm, av;
+ struct sepol_av_decision avd;
+ int rc;
+ int i=0;
+ PyObject *result = PyTuple_New(2);
+ if (!result) return NULL;
+ Py_INCREF(Py_None);
+ PyTuple_SetItem(result, 1, Py_None);
+
+ if (!PyArg_ParseTuple(args,(char *)"sssO!:audit2why",&scon,&tcon,&tclassstr,&PyList_Type, &listObj))
+ return NULL;
+
+ /* get the number of lines passed to us */
+ numlines = PyList_Size(listObj);
+
+ /* should raise an error here. */
+ if (numlines < 0) return NULL; /* Not a list */
+
+ if (!avc) {
+ RETURN(NOPOLICY)
+ }
+
+ rc = sepol_context_to_sid(scon, strlen(scon) + 1, &ssid);
+ if (rc < 0) {
+ RETURN(BADSCON)
+ }
+ rc = sepol_context_to_sid(tcon, strlen(tcon) + 1, &tsid);
+ if (rc < 0) {
+ RETURN(BADTCON)
+ }
+ tclass = string_to_security_class(tclassstr);
+ if (!tclass) {
+ RETURN(BADTCLASS)
+ }
+ /* Convert the permission list to an AV. */
+ av = 0;
+
+ /* iterate over items of the list, grabbing strings, and parsing
+ for numbers */
+ for (i=0; i<numlines; i++){
+ char *permstr;
+
+ /* grab the string object from the next element of the list */
+ strObj = PyList_GetItem(listObj, i); /* Can't fail */
+
+ /* make it a string */
+ permstr = PyString_AsString( strObj );
+
+ perm = string_to_av_perm(tclass, permstr);
+ if (!perm) {
+ RETURN(BADPERM)
+ }
+ av |= perm;
+ }
+
+ /* Reproduce the computation. */
+ rc = sepol_compute_av_reason(ssid, tsid, tclass, av, &avd, &reason);
+ if (rc < 0) {
+ RETURN(BADCOMPUTE)
+ }
+
+ if (!reason) {
+ RETURN(ALLOW)
+ }
+ if (reason & SEPOL_COMPUTEAV_TE) {
+ avc->ssid = ssid;
+ avc->tsid = tsid;
+ avc->tclass = tclass;
+ avc->av = av;
+ if (check_booleans(&bools) == 0) {
+ if (av & ~avd.auditdeny) {
+ RETURN(DONTAUDIT)
+ } else {
+ RETURN(TERULE)
+ }
+ } else {
+ PyTuple_SetItem(result, 0, Py_BuildValue("i", BOOLEAN));
+ struct boolean_t *b = bools;
+ int len=0;
+ while (b->name) {
+ len++; b++;
+ }
+ b = bools;
+ PyObject *outboollist = PyTuple_New(len);
+ len=0;
+ while(b->name) {
+ PyObject *bool = Py_BuildValue("(si)", b->name, b->active);
+ PyTuple_SetItem(outboollist, len++, bool);
+ b++;
+ }
+ free(bools);
+ PyTuple_SetItem(result, 1, outboollist);
+ return result;
+ }
+ }
+
+ if (reason & SEPOL_COMPUTEAV_CONS) {
+ RETURN(CONSTRAINT);
+ }
+
+ if (reason & SEPOL_COMPUTEAV_RBAC) {
+ RETURN(RBAC)
+ }
+ RETURN(BADCOMPUTE)
+}
+
+static PyMethodDef audit2whyMethods[] = {
+ {"init", init, METH_VARARGS,
+ "Initialize policy database."},
+ {"analyze", analyze, METH_VARARGS,
+ "Analyze AVC."},
+ {"finish", finish, METH_VARARGS,
+ "Finish using policy, free memory."},
+ {NULL, NULL, 0, NULL} /* Sentinel */
+};
+
+PyMODINIT_FUNC
+initaudit2why(void)
+{
+ PyObject *m = Py_InitModule("audit2why", audit2whyMethods);
+ PyModule_AddIntConstant(m,"UNKNOWN", UNKNOWN);
+ PyModule_AddIntConstant(m,"BADSCON", BADSCON);
+ PyModule_AddIntConstant(m,"BADTCON", BADTCON);
+ PyModule_AddIntConstant(m,"BADTCLASS", BADTCLASS);
+ PyModule_AddIntConstant(m,"BADPERM", BADPERM);
+ PyModule_AddIntConstant(m,"BADCOMPUTE", BADCOMPUTE);
+ PyModule_AddIntConstant(m,"NOPOLICY", NOPOLICY);
+ PyModule_AddIntConstant(m,"ALLOW", ALLOW);
+ PyModule_AddIntConstant(m,"DONTAUDIT", DONTAUDIT);
+ PyModule_AddIntConstant(m,"TERULE", TERULE);
+ PyModule_AddIntConstant(m,"BOOLEAN", BOOLEAN);
+ PyModule_AddIntConstant(m,"CONSTRAINT", CONSTRAINT);
+ PyModule_AddIntConstant(m,"RBAC", RBAC);
+}
diff --git a/libselinux/src/av_inherit.h b/libselinux/src/av_inherit.h
new file mode 100644
index 0000000..21effa7
--- /dev/null
+++ b/libselinux/src/av_inherit.h
@@ -0,0 +1,38 @@
+/* This file is automatically generated. Do not edit. */
+ S_(SECCLASS_DIR, file, 0x00020000UL)
+ S_(SECCLASS_FILE, file, 0x00020000UL)
+ S_(SECCLASS_LNK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_CHR_FILE, file, 0x00020000UL)
+ S_(SECCLASS_BLK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_SOCK_FILE, file, 0x00020000UL)
+ S_(SECCLASS_FIFO_FILE, file, 0x00020000UL)
+ S_(SECCLASS_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_TCP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UDP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_RAWIP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_PACKET_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_KEY_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UNIX_STREAM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_UNIX_DGRAM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_IPC, ipc, 0x00000200UL)
+ S_(SECCLASS_SEM, ipc, 0x00000200UL)
+ S_(SECCLASS_MSGQ, ipc, 0x00000200UL)
+ S_(SECCLASS_SHM, ipc, 0x00000200UL)
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_NFLOG_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_SELINUX_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_DNRT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_APPLETALK_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_DCCP_SOCKET, socket, 0x00400000UL)
+ S_(SECCLASS_DB_DATABASE, database, 0x00000040UL)
+ S_(SECCLASS_DB_TABLE, database, 0x00000040UL)
+ S_(SECCLASS_DB_PROCEDURE, database, 0x00000040UL)
+ S_(SECCLASS_DB_COLUMN, database, 0x00000040UL)
+ S_(SECCLASS_DB_BLOB, database, 0x00000040UL)
diff --git a/libselinux/src/av_perm_to_string.h b/libselinux/src/av_perm_to_string.h
new file mode 100644
index 0000000..85028b3
--- /dev/null
+++ b/libselinux/src/av_perm_to_string.h
@@ -0,0 +1,305 @@
+/* This file is automatically generated. Do not edit. */
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__MOUNT, "mount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__REMOUNT, "remount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__UNMOUNT, "unmount")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__GETATTR, "getattr")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELFROM, "relabelfrom")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__RELABELTO, "relabelto")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__TRANSITION, "transition")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__ASSOCIATE, "associate")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAMOD, "quotamod")
+ S_(SECCLASS_FILESYSTEM, FILESYSTEM__QUOTAGET, "quotaget")
+ S_(SECCLASS_DIR, DIR__ADD_NAME, "add_name")
+ S_(SECCLASS_DIR, DIR__REMOVE_NAME, "remove_name")
+ S_(SECCLASS_DIR, DIR__REPARENT, "reparent")
+ S_(SECCLASS_DIR, DIR__SEARCH, "search")
+ S_(SECCLASS_DIR, DIR__RMDIR, "rmdir")
+ S_(SECCLASS_FILE, FILE__EXECUTE_NO_TRANS, "execute_no_trans")
+ S_(SECCLASS_FILE, FILE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_FILE, FILE__EXECMOD, "execmod")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECUTE_NO_TRANS, "execute_no_trans")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_CHR_FILE, CHR_FILE__EXECMOD, "execmod")
+ S_(SECCLASS_FD, FD__USE, "use")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__CONNECTTO, "connectto")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NEWCONN, "newconn")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__ACCEPTFROM, "acceptfrom")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_TCP_SOCKET, TCP_SOCKET__NAME_CONNECT, "name_connect")
+ S_(SECCLASS_UDP_SOCKET, UDP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_RAWIP_SOCKET, RAWIP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_NODE, NODE__TCP_RECV, "tcp_recv")
+ S_(SECCLASS_NODE, NODE__TCP_SEND, "tcp_send")
+ S_(SECCLASS_NODE, NODE__UDP_RECV, "udp_recv")
+ S_(SECCLASS_NODE, NODE__UDP_SEND, "udp_send")
+ S_(SECCLASS_NODE, NODE__RAWIP_RECV, "rawip_recv")
+ S_(SECCLASS_NODE, NODE__RAWIP_SEND, "rawip_send")
+ S_(SECCLASS_NODE, NODE__ENFORCE_DEST, "enforce_dest")
+ S_(SECCLASS_NODE, NODE__DCCP_RECV, "dccp_recv")
+ S_(SECCLASS_NODE, NODE__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_NODE, NODE__RECVFROM, "recvfrom")
+ S_(SECCLASS_NODE, NODE__SENDTO, "sendto")
+ S_(SECCLASS_NETIF, NETIF__TCP_RECV, "tcp_recv")
+ S_(SECCLASS_NETIF, NETIF__TCP_SEND, "tcp_send")
+ S_(SECCLASS_NETIF, NETIF__UDP_RECV, "udp_recv")
+ S_(SECCLASS_NETIF, NETIF__UDP_SEND, "udp_send")
+ S_(SECCLASS_NETIF, NETIF__RAWIP_RECV, "rawip_recv")
+ S_(SECCLASS_NETIF, NETIF__RAWIP_SEND, "rawip_send")
+ S_(SECCLASS_NETIF, NETIF__DCCP_RECV, "dccp_recv")
+ S_(SECCLASS_NETIF, NETIF__DCCP_SEND, "dccp_send")
+ S_(SECCLASS_NETIF, NETIF__INGRESS, "ingress")
+ S_(SECCLASS_NETIF, NETIF__EGRESS, "egress")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__CONNECTTO, "connectto")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__NEWCONN, "newconn")
+ S_(SECCLASS_UNIX_STREAM_SOCKET, UNIX_STREAM_SOCKET__ACCEPTFROM, "acceptfrom")
+ S_(SECCLASS_PROCESS, PROCESS__FORK, "fork")
+ S_(SECCLASS_PROCESS, PROCESS__TRANSITION, "transition")
+ S_(SECCLASS_PROCESS, PROCESS__SIGCHLD, "sigchld")
+ S_(SECCLASS_PROCESS, PROCESS__SIGKILL, "sigkill")
+ S_(SECCLASS_PROCESS, PROCESS__SIGSTOP, "sigstop")
+ S_(SECCLASS_PROCESS, PROCESS__SIGNULL, "signull")
+ S_(SECCLASS_PROCESS, PROCESS__SIGNAL, "signal")
+ S_(SECCLASS_PROCESS, PROCESS__PTRACE, "ptrace")
+ S_(SECCLASS_PROCESS, PROCESS__GETSCHED, "getsched")
+ S_(SECCLASS_PROCESS, PROCESS__SETSCHED, "setsched")
+ S_(SECCLASS_PROCESS, PROCESS__GETSESSION, "getsession")
+ S_(SECCLASS_PROCESS, PROCESS__GETPGID, "getpgid")
+ S_(SECCLASS_PROCESS, PROCESS__SETPGID, "setpgid")
+ S_(SECCLASS_PROCESS, PROCESS__GETCAP, "getcap")
+ S_(SECCLASS_PROCESS, PROCESS__SETCAP, "setcap")
+ S_(SECCLASS_PROCESS, PROCESS__SHARE, "share")
+ S_(SECCLASS_PROCESS, PROCESS__GETATTR, "getattr")
+ S_(SECCLASS_PROCESS, PROCESS__SETEXEC, "setexec")
+ S_(SECCLASS_PROCESS, PROCESS__SETFSCREATE, "setfscreate")
+ S_(SECCLASS_PROCESS, PROCESS__NOATSECURE, "noatsecure")
+ S_(SECCLASS_PROCESS, PROCESS__SIGINH, "siginh")
+ S_(SECCLASS_PROCESS, PROCESS__SETRLIMIT, "setrlimit")
+ S_(SECCLASS_PROCESS, PROCESS__RLIMITINH, "rlimitinh")
+ S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition")
+ S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent")
+ S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem")
+ S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack")
+ S_(SECCLASS_PROCESS, PROCESS__EXECHEAP, "execheap")
+ S_(SECCLASS_PROCESS, PROCESS__SETKEYCREATE, "setkeycreate")
+ S_(SECCLASS_PROCESS, PROCESS__SETSOCKCREATE, "setsockcreate")
+ S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue")
+ S_(SECCLASS_MSG, MSG__SEND, "send")
+ S_(SECCLASS_MSG, MSG__RECEIVE, "receive")
+ S_(SECCLASS_SHM, SHM__LOCK, "lock")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_AV, "compute_av")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_CREATE, "compute_create")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_MEMBER, "compute_member")
+ S_(SECCLASS_SECURITY, SECURITY__CHECK_CONTEXT, "check_context")
+ S_(SECCLASS_SECURITY, SECURITY__LOAD_POLICY, "load_policy")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_RELABEL, "compute_relabel")
+ S_(SECCLASS_SECURITY, SECURITY__COMPUTE_USER, "compute_user")
+ S_(SECCLASS_SECURITY, SECURITY__SETENFORCE, "setenforce")
+ S_(SECCLASS_SECURITY, SECURITY__SETBOOL, "setbool")
+ S_(SECCLASS_SECURITY, SECURITY__SETSECPARAM, "setsecparam")
+ S_(SECCLASS_SECURITY, SECURITY__SETCHECKREQPROT, "setcheckreqprot")
+ S_(SECCLASS_SYSTEM, SYSTEM__IPC_INFO, "ipc_info")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_READ, "syslog_read")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_MOD, "syslog_mod")
+ S_(SECCLASS_SYSTEM, SYSTEM__SYSLOG_CONSOLE, "syslog_console")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__CHOWN, "chown")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_OVERRIDE, "dac_override")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__DAC_READ_SEARCH, "dac_read_search")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__FOWNER, "fowner")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__FSETID, "fsetid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__KILL, "kill")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETGID, "setgid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETUID, "setuid")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETPCAP, "setpcap")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__LINUX_IMMUTABLE, "linux_immutable")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BIND_SERVICE, "net_bind_service")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_BROADCAST, "net_broadcast")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_ADMIN, "net_admin")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__NET_RAW, "net_raw")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_LOCK, "ipc_lock")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__IPC_OWNER, "ipc_owner")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_MODULE, "sys_module")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RAWIO, "sys_rawio")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_CHROOT, "sys_chroot")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PTRACE, "sys_ptrace")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_PACCT, "sys_pacct")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_ADMIN, "sys_admin")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_BOOT, "sys_boot")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_NICE, "sys_nice")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_RESOURCE, "sys_resource")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TIME, "sys_time")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SYS_TTY_CONFIG, "sys_tty_config")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__MKNOD, "mknod")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__LEASE, "lease")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_WRITE, "audit_write")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__AUDIT_CONTROL, "audit_control")
+ S_(SECCLASS_CAPABILITY, CAPABILITY__SETFCAP, "setfcap")
+ S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_OVERRIDE, "mac_override")
+ S_(SECCLASS_CAPABILITY2, CAPABILITY2__MAC_ADMIN, "mac_admin")
+ S_(SECCLASS_PASSWD, PASSWD__PASSWD, "passwd")
+ S_(SECCLASS_PASSWD, PASSWD__CHFN, "chfn")
+ S_(SECCLASS_PASSWD, PASSWD__CHSH, "chsh")
+ S_(SECCLASS_PASSWD, PASSWD__ROOTOK, "rootok")
+ S_(SECCLASS_PASSWD, PASSWD__CRONTAB, "crontab")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__CREATE, "create")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__DESTROY, "destroy")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__DRAW, "draw")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__COPY, "copy")
+ S_(SECCLASS_DRAWABLE, DRAWABLE__GETATTR, "getattr")
+ S_(SECCLASS_GC, GC__CREATE, "create")
+ S_(SECCLASS_GC, GC__FREE, "free")
+ S_(SECCLASS_GC, GC__GETATTR, "getattr")
+ S_(SECCLASS_GC, GC__SETATTR, "setattr")
+ S_(SECCLASS_WINDOW, WINDOW__ADDCHILD, "addchild")
+ S_(SECCLASS_WINDOW, WINDOW__CREATE, "create")
+ S_(SECCLASS_WINDOW, WINDOW__DESTROY, "destroy")
+ S_(SECCLASS_WINDOW, WINDOW__MAP, "map")
+ S_(SECCLASS_WINDOW, WINDOW__UNMAP, "unmap")
+ S_(SECCLASS_WINDOW, WINDOW__CHSTACK, "chstack")
+ S_(SECCLASS_WINDOW, WINDOW__CHPROPLIST, "chproplist")
+ S_(SECCLASS_WINDOW, WINDOW__CHPROP, "chprop")
+ S_(SECCLASS_WINDOW, WINDOW__LISTPROP, "listprop")
+ S_(SECCLASS_WINDOW, WINDOW__GETATTR, "getattr")
+ S_(SECCLASS_WINDOW, WINDOW__SETATTR, "setattr")
+ S_(SECCLASS_WINDOW, WINDOW__SETFOCUS, "setfocus")
+ S_(SECCLASS_WINDOW, WINDOW__MOVE, "move")
+ S_(SECCLASS_WINDOW, WINDOW__CHSELECTION, "chselection")
+ S_(SECCLASS_WINDOW, WINDOW__CHPARENT, "chparent")
+ S_(SECCLASS_WINDOW, WINDOW__CTRLLIFE, "ctrllife")
+ S_(SECCLASS_WINDOW, WINDOW__ENUMERATE, "enumerate")
+ S_(SECCLASS_WINDOW, WINDOW__TRANSPARENT, "transparent")
+ S_(SECCLASS_WINDOW, WINDOW__MOUSEMOTION, "mousemotion")
+ S_(SECCLASS_WINDOW, WINDOW__CLIENTCOMEVENT, "clientcomevent")
+ S_(SECCLASS_WINDOW, WINDOW__INPUTEVENT, "inputevent")
+ S_(SECCLASS_WINDOW, WINDOW__DRAWEVENT, "drawevent")
+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEEVENT, "windowchangeevent")
+ S_(SECCLASS_WINDOW, WINDOW__WINDOWCHANGEREQUEST, "windowchangerequest")
+ S_(SECCLASS_WINDOW, WINDOW__SERVERCHANGEEVENT, "serverchangeevent")
+ S_(SECCLASS_WINDOW, WINDOW__EXTENSIONEVENT, "extensionevent")
+ S_(SECCLASS_FONT, FONT__LOAD, "load")
+ S_(SECCLASS_FONT, FONT__FREE, "free")
+ S_(SECCLASS_FONT, FONT__GETATTR, "getattr")
+ S_(SECCLASS_FONT, FONT__USE, "use")
+ S_(SECCLASS_COLORMAP, COLORMAP__CREATE, "create")
+ S_(SECCLASS_COLORMAP, COLORMAP__FREE, "free")
+ S_(SECCLASS_COLORMAP, COLORMAP__INSTALL, "install")
+ S_(SECCLASS_COLORMAP, COLORMAP__UNINSTALL, "uninstall")
+ S_(SECCLASS_COLORMAP, COLORMAP__LIST, "list")
+ S_(SECCLASS_COLORMAP, COLORMAP__READ, "read")
+ S_(SECCLASS_COLORMAP, COLORMAP__STORE, "store")
+ S_(SECCLASS_COLORMAP, COLORMAP__GETATTR, "getattr")
+ S_(SECCLASS_COLORMAP, COLORMAP__SETATTR, "setattr")
+ S_(SECCLASS_PROPERTY, PROPERTY__CREATE, "create")
+ S_(SECCLASS_PROPERTY, PROPERTY__FREE, "free")
+ S_(SECCLASS_PROPERTY, PROPERTY__READ, "read")
+ S_(SECCLASS_PROPERTY, PROPERTY__WRITE, "write")
+ S_(SECCLASS_CURSOR, CURSOR__CREATE, "create")
+ S_(SECCLASS_CURSOR, CURSOR__CREATEGLYPH, "createglyph")
+ S_(SECCLASS_CURSOR, CURSOR__FREE, "free")
+ S_(SECCLASS_CURSOR, CURSOR__ASSIGN, "assign")
+ S_(SECCLASS_CURSOR, CURSOR__SETATTR, "setattr")
+ S_(SECCLASS_XCLIENT, XCLIENT__KILL, "kill")
+ S_(SECCLASS_XINPUT, XINPUT__LOOKUP, "lookup")
+ S_(SECCLASS_XINPUT, XINPUT__GETATTR, "getattr")
+ S_(SECCLASS_XINPUT, XINPUT__SETATTR, "setattr")
+ S_(SECCLASS_XINPUT, XINPUT__SETFOCUS, "setfocus")
+ S_(SECCLASS_XINPUT, XINPUT__WARPPOINTER, "warppointer")
+ S_(SECCLASS_XINPUT, XINPUT__ACTIVEGRAB, "activegrab")
+ S_(SECCLASS_XINPUT, XINPUT__PASSIVEGRAB, "passivegrab")
+ S_(SECCLASS_XINPUT, XINPUT__UNGRAB, "ungrab")
+ S_(SECCLASS_XINPUT, XINPUT__BELL, "bell")
+ S_(SECCLASS_XINPUT, XINPUT__MOUSEMOTION, "mousemotion")
+ S_(SECCLASS_XINPUT, XINPUT__RELABELINPUT, "relabelinput")
+ S_(SECCLASS_XSERVER, XSERVER__SCREENSAVER, "screensaver")
+ S_(SECCLASS_XSERVER, XSERVER__GETHOSTLIST, "gethostlist")
+ S_(SECCLASS_XSERVER, XSERVER__SETHOSTLIST, "sethostlist")
+ S_(SECCLASS_XSERVER, XSERVER__GETFONTPATH, "getfontpath")
+ S_(SECCLASS_XSERVER, XSERVER__SETFONTPATH, "setfontpath")
+ S_(SECCLASS_XSERVER, XSERVER__GETATTR, "getattr")
+ S_(SECCLASS_XSERVER, XSERVER__GRAB, "grab")
+ S_(SECCLASS_XSERVER, XSERVER__UNGRAB, "ungrab")
+ S_(SECCLASS_XEXTENSION, XEXTENSION__QUERY, "query")
+ S_(SECCLASS_XEXTENSION, XEXTENSION__USE, "use")
+ S_(SECCLASS_PAX, PAX__PAGEEXEC, "pageexec")
+ S_(SECCLASS_PAX, PAX__EMUTRAMP, "emutramp")
+ S_(SECCLASS_PAX, PAX__MPROTECT, "mprotect")
+ S_(SECCLASS_PAX, PAX__RANDMMAP, "randmmap")
+ S_(SECCLASS_PAX, PAX__RANDEXEC, "randexec")
+ S_(SECCLASS_PAX, PAX__SEGMEXEC, "segmexec")
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_ROUTE_SOCKET, NETLINK_ROUTE_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_FIREWALL_SOCKET, NETLINK_FIREWALL_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_TCPDIAG_SOCKET, NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_XFRM_SOCKET, NETLINK_XFRM_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_RELAY, "nlmsg_relay")
+ S_(SECCLASS_NETLINK_AUDIT_SOCKET, NETLINK_AUDIT_SOCKET__NLMSG_READPRIV, "nlmsg_readpriv")
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_READ, "nlmsg_read")
+ S_(SECCLASS_NETLINK_IP6FW_SOCKET, NETLINK_IP6FW_SOCKET__NLMSG_WRITE, "nlmsg_write")
+ S_(SECCLASS_DBUS, DBUS__ACQUIRE_SVC, "acquire_svc")
+ S_(SECCLASS_DBUS, DBUS__SEND_MSG, "send_msg")
+ S_(SECCLASS_NSCD, NSCD__GETPWD, "getpwd")
+ S_(SECCLASS_NSCD, NSCD__GETGRP, "getgrp")
+ S_(SECCLASS_NSCD, NSCD__GETHOST, "gethost")
+ S_(SECCLASS_NSCD, NSCD__GETSTAT, "getstat")
+ S_(SECCLASS_NSCD, NSCD__ADMIN, "admin")
+ S_(SECCLASS_NSCD, NSCD__SHMEMPWD, "shmempwd")
+ S_(SECCLASS_NSCD, NSCD__SHMEMGRP, "shmemgrp")
+ S_(SECCLASS_NSCD, NSCD__SHMEMHOST, "shmemhost")
+ S_(SECCLASS_NSCD, NSCD__GETSERV, "getserv")
+ S_(SECCLASS_NSCD, NSCD__SHMEMSERV, "shmemserv")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SENDTO, "sendto")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__RECVFROM, "recvfrom")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__SETCONTEXT, "setcontext")
+ S_(SECCLASS_ASSOCIATION, ASSOCIATION__POLMATCH, "polmatch")
+ S_(SECCLASS_PACKET, PACKET__SEND, "send")
+ S_(SECCLASS_PACKET, PACKET__RECV, "recv")
+ S_(SECCLASS_PACKET, PACKET__RELABELTO, "relabelto")
+ S_(SECCLASS_PACKET, PACKET__FLOW_IN, "flow_in")
+ S_(SECCLASS_PACKET, PACKET__FLOW_OUT, "flow_out")
+ S_(SECCLASS_PACKET, PACKET__FORWARD_IN, "forward_in")
+ S_(SECCLASS_PACKET, PACKET__FORWARD_OUT, "forward_out")
+ S_(SECCLASS_KEY, KEY__VIEW, "view")
+ S_(SECCLASS_KEY, KEY__READ, "read")
+ S_(SECCLASS_KEY, KEY__WRITE, "write")
+ S_(SECCLASS_KEY, KEY__SEARCH, "search")
+ S_(SECCLASS_KEY, KEY__LINK, "link")
+ S_(SECCLASS_KEY, KEY__SETATTR, "setattr")
+ S_(SECCLASS_KEY, KEY__CREATE, "create")
+ S_(SECCLASS_CONTEXT, CONTEXT__TRANSLATE, "translate")
+ S_(SECCLASS_CONTEXT, CONTEXT__CONTAINS, "contains")
+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NODE_BIND, "node_bind")
+ S_(SECCLASS_DCCP_SOCKET, DCCP_SOCKET__NAME_CONNECT, "name_connect")
+ S_(SECCLASS_MEMPROTECT, MEMPROTECT__MMAP_ZERO, "mmap_zero")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__ACCESS, "access")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__INSTALL_MODULE, "install_module")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__LOAD_MODULE, "load_module")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__GET_PARAM, "get_param")
+ S_(SECCLASS_DB_DATABASE, DB_DATABASE__SET_PARAM, "set_param")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__USE, "use")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__SELECT, "select")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__UPDATE, "update")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__INSERT, "insert")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__DELETE, "delete")
+ S_(SECCLASS_DB_TABLE, DB_TABLE__LOCK, "lock")
+ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__EXECUTE, "execute")
+ S_(SECCLASS_DB_PROCEDURE, DB_PROCEDURE__ENTRYPOINT, "entrypoint")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__USE, "use")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__SELECT, "select")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__UPDATE, "update")
+ S_(SECCLASS_DB_COLUMN, DB_COLUMN__INSERT, "insert")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELFROM, "relabelfrom")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__RELABELTO, "relabelto")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__USE, "use")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__SELECT, "select")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__UPDATE, "update")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__INSERT, "insert")
+ S_(SECCLASS_DB_TUPLE, DB_TUPLE__DELETE, "delete")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__READ, "read")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__WRITE, "write")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__IMPORT, "import")
+ S_(SECCLASS_DB_BLOB, DB_BLOB__EXPORT, "export")
+ S_(SECCLASS_PEER, PEER__RECV, "recv")
diff --git a/libselinux/src/avc.c b/libselinux/src/avc.c
new file mode 100644
index 0000000..ddc367c
--- /dev/null
+++ b/libselinux/src/avc.c
@@ -0,0 +1,1202 @@
+/*
+ * Implementation of the userspace access vector cache (AVC).
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ *
+ * Derived from the kernel AVC implementation by
+ * Stephen Smalley <sds@epoch.ncsc.mil> and
+ * James Morris <jmorris@redhat.com>.
+ */
+#include <selinux/avc.h>
+#include "selinux_internal.h"
+#include "avc_sidtab.h"
+#include "avc_internal.h"
+
+#define AVC_CACHE_SLOTS 512
+#define AVC_CACHE_MAXNODES 410
+
+struct avc_entry {
+ security_id_t ssid;
+ security_id_t tsid;
+ security_class_t tclass;
+ struct av_decision avd;
+ int used; /* used recently */
+};
+
+struct avc_node {
+ struct avc_entry ae;
+ struct avc_node *next;
+};
+
+struct avc_cache {
+ struct avc_node *slots[AVC_CACHE_SLOTS];
+ uint32_t lru_hint; /* LRU hint for reclaim scan */
+ uint32_t active_nodes;
+ uint32_t latest_notif; /* latest revocation notification */
+};
+
+struct avc_callback_node {
+ int (*callback) (uint32_t event, security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ access_vector_t * out_retained);
+ uint32_t events;
+ security_id_t ssid;
+ security_id_t tsid;
+ security_class_t tclass;
+ access_vector_t perms;
+ struct avc_callback_node *next;
+};
+
+static void *avc_netlink_thread = NULL;
+static void *avc_lock = NULL;
+static void *avc_log_lock = NULL;
+static struct avc_node *avc_node_freelist = NULL;
+static struct avc_cache avc_cache;
+static char *avc_audit_buf = NULL;
+static struct avc_cache_stats cache_stats;
+static struct avc_callback_node *avc_callbacks = NULL;
+static struct sidtab avc_sidtab;
+
+static inline int avc_hash(security_id_t ssid,
+ security_id_t tsid, security_class_t tclass)
+{
+ return ((uintptr_t) ssid ^ ((uintptr_t) tsid << 2) ^ tclass)
+ & (AVC_CACHE_SLOTS - 1);
+}
+
+int avc_context_to_sid_raw(security_context_t ctx, security_id_t * sid)
+{
+ int rc;
+ avc_get_lock(avc_lock);
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, sid);
+ if (!rc)
+ (*sid)->refcnt++;
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_context_to_sid(security_context_t ctx, security_id_t * sid)
+{
+ int ret;
+ security_context_t rctx;
+
+ if (selinux_trans_to_raw_context(ctx, &rctx))
+ return -1;
+
+ ret = avc_context_to_sid_raw(rctx, sid);
+
+ freecon(rctx);
+
+ return ret;
+}
+
+int avc_sid_to_context_raw(security_id_t sid, security_context_t * ctx)
+{
+ int rc;
+ *ctx = NULL;
+ avc_get_lock(avc_lock);
+ if (sid->refcnt > 0) {
+ *ctx = strdup(sid->ctx); /* caller must free via freecon */
+ rc = *ctx ? 0 : -1;
+ } else {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ }
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_sid_to_context(security_id_t sid, security_context_t * ctx)
+{
+ int ret;
+ security_context_t rctx;
+
+ ret = avc_sid_to_context_raw(sid, &rctx);
+
+ if (ret == 0) {
+ ret = selinux_raw_to_trans_context(rctx, ctx);
+ freecon(rctx);
+ }
+
+ return ret;
+}
+
+int sidget(security_id_t sid)
+{
+ int rc;
+ avc_get_lock(avc_lock);
+ rc = sid_inc_refcnt(sid);
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int sidput(security_id_t sid)
+{
+ int rc;
+ if (!sid)
+ return 0;
+ avc_get_lock(avc_lock);
+ rc = sid_dec_refcnt(sid);
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_get_initial_sid(const char * name, security_id_t * sid)
+{
+ int rc;
+ security_context_t con;
+
+ rc = security_get_initial_context_raw(name, &con);
+ if (rc < 0)
+ return rc;
+ rc = avc_context_to_sid_raw(con, sid);
+
+ freecon(con);
+
+ return rc;
+}
+
+int avc_open(struct selinux_opt *opts, unsigned nopts)
+{
+ avc_setenforce = 0;
+
+ while (nopts--)
+ switch(opts[nopts].type) {
+ case AVC_OPT_SETENFORCE:
+ avc_setenforce = 1;
+ avc_enforcing = !!opts[nopts].value;
+ break;
+ }
+
+ return avc_init("avc", NULL, NULL, NULL, NULL);
+}
+
+int avc_init(const char *prefix,
+ const struct avc_memory_callback *mem_cb,
+ const struct avc_log_callback *log_cb,
+ const struct avc_thread_callback *thread_cb,
+ const struct avc_lock_callback *lock_cb)
+{
+ struct avc_node *new;
+ int i, rc = 0;
+
+ if (prefix)
+ strncpy(avc_prefix, prefix, AVC_PREFIX_SIZE - 1);
+
+ set_callbacks(mem_cb, log_cb, thread_cb, lock_cb);
+
+ avc_lock = avc_alloc_lock();
+ avc_log_lock = avc_alloc_lock();
+
+ memset(&cache_stats, 0, sizeof(cache_stats));
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++)
+ avc_cache.slots[i] = 0;
+ avc_cache.lru_hint = 0;
+ avc_cache.active_nodes = 0;
+ avc_cache.latest_notif = 0;
+
+ rc = sidtab_init(&avc_sidtab);
+ if (rc) {
+ avc_log("%s: unable to initialize SID table\n", avc_prefix);
+ goto out;
+ }
+
+ avc_audit_buf = (char *)avc_malloc(AVC_AUDIT_BUFSIZE);
+ if (!avc_audit_buf) {
+ avc_log("%s: unable to allocate audit buffer\n", avc_prefix);
+ rc = -1;
+ goto out;
+ }
+
+ for (i = 0; i < AVC_CACHE_MAXNODES; i++) {
+ new = avc_malloc(sizeof(*new));
+ if (!new) {
+ avc_log("%s: warning: only got %d av entries\n",
+ avc_prefix, i);
+ break;
+ }
+ memset(new, 0, sizeof(*new));
+ new->next = avc_node_freelist;
+ avc_node_freelist = new;
+ }
+
+ if (!avc_setenforce) {
+ rc = security_getenforce();
+ if (rc < 0) {
+ avc_log("%s: could not determine enforcing mode\n",
+ avc_prefix);
+ goto out;
+ }
+ avc_enforcing = rc;
+ }
+
+ rc = avc_netlink_open(avc_using_threads);
+ if (rc < 0) {
+ avc_log("%s: can't open netlink socket: %d (%s)\n", avc_prefix,
+ errno, strerror(errno));
+ goto out;
+ }
+ if (avc_using_threads) {
+ avc_netlink_thread = avc_create_thread(&avc_netlink_loop);
+ avc_netlink_trouble = 0;
+ }
+ avc_running = 1;
+ out:
+ return rc;
+}
+
+void avc_cache_stats(struct avc_cache_stats *p)
+{
+ memcpy(p, &cache_stats, sizeof(cache_stats));
+}
+
+void avc_sid_stats(void)
+{
+ avc_get_lock(avc_log_lock);
+ avc_get_lock(avc_lock);
+ sidtab_sid_stats(&avc_sidtab, avc_audit_buf, AVC_AUDIT_BUFSIZE);
+ avc_release_lock(avc_lock);
+ avc_log("%s", avc_audit_buf);
+ avc_release_lock(avc_log_lock);
+}
+
+void avc_av_stats(void)
+{
+ int i, chain_len, max_chain_len, slots_used;
+ struct avc_node *node;
+
+ avc_get_lock(avc_lock);
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ if (node) {
+ slots_used++;
+ chain_len = 0;
+ while (node) {
+ chain_len++;
+ node = node->next;
+ }
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ avc_release_lock(avc_lock);
+
+ avc_log("%s: %d AV entries and %d/%d buckets used, "
+ "longest chain length %d\n", avc_prefix,
+ avc_cache.active_nodes,
+ slots_used, AVC_CACHE_SLOTS, max_chain_len);
+}
+
+hidden_def(avc_av_stats)
+
+static inline struct avc_node *avc_reclaim_node(void)
+{
+ struct avc_node *prev, *cur;
+ int try;
+ uint32_t hvalue;
+
+ hvalue = avc_cache.lru_hint;
+ for (try = 0; try < 2; try++) {
+ do {
+ prev = NULL;
+ cur = avc_cache.slots[hvalue];
+ while (cur) {
+ if (!cur->ae.used)
+ goto found;
+
+ cur->ae.used = 0;
+
+ prev = cur;
+ cur = cur->next;
+ }
+ hvalue = (hvalue + 1) & (AVC_CACHE_SLOTS - 1);
+ } while (hvalue != avc_cache.lru_hint);
+ }
+
+ errno = ENOMEM; /* this was a panic in the kernel... */
+ return NULL;
+
+ found:
+ avc_cache.lru_hint = hvalue;
+
+ if (prev == NULL)
+ avc_cache.slots[hvalue] = cur->next;
+ else
+ prev->next = cur->next;
+
+ return cur;
+}
+
+static inline struct avc_node *avc_claim_node(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass)
+{
+ struct avc_node *new;
+ int hvalue;
+
+ if (!avc_node_freelist)
+ avc_cleanup();
+
+ if (avc_node_freelist) {
+ new = avc_node_freelist;
+ avc_node_freelist = avc_node_freelist->next;
+ avc_cache.active_nodes++;
+ } else {
+ new = avc_reclaim_node();
+ if (!new)
+ goto out;
+ }
+
+ hvalue = avc_hash(ssid, tsid, tclass);
+ new->ae.used = 1;
+ new->ae.ssid = ssid;
+ new->ae.tsid = tsid;
+ new->ae.tclass = tclass;
+ new->next = avc_cache.slots[hvalue];
+ avc_cache.slots[hvalue] = new;
+
+ out:
+ return new;
+}
+
+static inline struct avc_node *avc_search_node(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ int *probes)
+{
+ struct avc_node *cur;
+ int hvalue;
+ int tprobes = 1;
+
+ hvalue = avc_hash(ssid, tsid, tclass);
+ cur = avc_cache.slots[hvalue];
+ while (cur != NULL &&
+ (ssid != cur->ae.ssid ||
+ tclass != cur->ae.tclass || tsid != cur->ae.tsid)) {
+ tprobes++;
+ cur = cur->next;
+ }
+
+ if (cur == NULL) {
+ /* cache miss */
+ goto out;
+ }
+
+ /* cache hit */
+ if (probes)
+ *probes = tprobes;
+
+ cur->ae.used = 1;
+
+ out:
+ return cur;
+}
+
+/**
+ * avc_lookup - Look up an AVC entry.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @requested: requested permissions, interpreted based on @tclass
+ * @aeref: AVC entry reference
+ *
+ * Look up an AVC entry that is valid for the
+ * @requested permissions between the SID pair
+ * (@ssid, @tsid), interpreting the permissions
+ * based on @tclass. If a valid AVC entry exists,
+ * then this function updates @aeref to refer to the
+ * entry and returns %0. Otherwise, -1 is returned.
+ */
+static int avc_lookup(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested, struct avc_entry_ref *aeref)
+{
+ struct avc_node *node;
+ int probes, rc = 0;
+
+ avc_cache_stats_incr(cav_lookups);
+ node = avc_search_node(ssid, tsid, tclass, &probes);
+
+ if (node && ((node->ae.avd.decided & requested) == requested)) {
+ avc_cache_stats_incr(cav_hits);
+ avc_cache_stats_add(cav_probes, probes);
+ aeref->ae = &node->ae;
+ goto out;
+ }
+
+ avc_cache_stats_incr(cav_misses);
+ rc = -1;
+ out:
+ return rc;
+}
+
+/**
+ * avc_insert - Insert an AVC entry.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ * @ae: AVC entry
+ * @aeref: AVC entry reference
+ *
+ * Insert an AVC entry for the SID pair
+ * (@ssid, @tsid) and class @tclass.
+ * The access vectors and the sequence number are
+ * normally provided by the security server in
+ * response to a security_compute_av() call. If the
+ * sequence number @ae->avd.seqno is not less than the latest
+ * revocation notification, then the function copies
+ * the access vectors into a cache entry, updates
+ * @aeref to refer to the entry, and returns %0.
+ * Otherwise, this function returns -%1 with @errno set to %EAGAIN.
+ */
+static int avc_insert(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ struct avc_entry *ae, struct avc_entry_ref *aeref)
+{
+ struct avc_node *node;
+ int rc = 0;
+
+ if (ae->avd.seqno < avc_cache.latest_notif) {
+ avc_log("%s: seqno %d < latest_notif %d\n", avc_prefix,
+ ae->avd.seqno, avc_cache.latest_notif);
+ errno = EAGAIN;
+ rc = -1;
+ goto out;
+ }
+
+ node = avc_claim_node(ssid, tsid, tclass);
+ if (!node) {
+ rc = -1;
+ goto out;
+ }
+
+ node->ae.avd.allowed = ae->avd.allowed;
+ node->ae.avd.decided = ae->avd.decided;
+ node->ae.avd.auditallow = ae->avd.auditallow;
+ node->ae.avd.auditdeny = ae->avd.auditdeny;
+ node->ae.avd.seqno = ae->avd.seqno;
+ aeref->ae = &node->ae;
+ out:
+ return rc;
+}
+
+/**
+ * avc_remove - Remove AVC and sidtab entries for SID.
+ * @sid: security identifier to be removed
+ *
+ * Remove all AVC entries containing @sid as source
+ * or target, and remove @sid from the SID table.
+ * Free the memory allocated for the structure corresponding
+ * to @sid. After this function has been called, @sid must
+ * not be used until another call to avc_context_to_sid() has
+ * been made for this SID.
+ */
+static void avc_remove(security_id_t sid)
+{
+ struct avc_node *prev, *cur, *tmp;
+ int i;
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ cur = avc_cache.slots[i];
+ prev = NULL;
+ while (cur) {
+ if (sid == cur->ae.ssid || sid == cur->ae.tsid) {
+ if (prev)
+ prev->next = cur->next;
+ else
+ avc_cache.slots[i] = cur->next;
+ tmp = cur;
+ cur = cur->next;
+ tmp->ae.ssid = tmp->ae.tsid = NULL;
+ tmp->ae.tclass = 0;
+ tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
+ tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny =
+ 0;
+ tmp->ae.used = 0;
+ tmp->next = avc_node_freelist;
+ avc_node_freelist = tmp;
+ avc_cache.active_nodes--;
+ } else {
+ prev = cur;
+ cur = cur->next;
+ }
+ }
+ }
+ sidtab_remove(&avc_sidtab, sid);
+}
+
+void avc_cleanup(void)
+{
+ security_id_t sid;
+
+ avc_get_lock(avc_lock);
+
+ while (NULL != (sid = sidtab_claim_sid(&avc_sidtab)))
+ avc_remove(sid);
+
+ avc_release_lock(avc_lock);
+}
+
+hidden_def(avc_cleanup)
+
+int avc_reset(void)
+{
+ struct avc_callback_node *c;
+ int i, ret, rc = 0, errsave = 0;
+ struct avc_node *node, *tmp;
+ errno = 0;
+
+ if (!avc_running)
+ return 0;
+
+ avc_get_lock(avc_lock);
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ while (node) {
+ tmp = node;
+ node = node->next;
+ tmp->ae.ssid = tmp->ae.tsid = NULL;
+ tmp->ae.tclass = 0;
+ tmp->ae.avd.allowed = tmp->ae.avd.decided = 0;
+ tmp->ae.avd.auditallow = tmp->ae.avd.auditdeny = 0;
+ tmp->ae.used = 0;
+ tmp->next = avc_node_freelist;
+ avc_node_freelist = tmp;
+ avc_cache.active_nodes--;
+ }
+ avc_cache.slots[i] = 0;
+ }
+ avc_cache.lru_hint = 0;
+
+ avc_release_lock(avc_lock);
+
+ memset(&cache_stats, 0, sizeof(cache_stats));
+
+ for (c = avc_callbacks; c; c = c->next) {
+ if (c->events & AVC_CALLBACK_RESET) {
+ ret = c->callback(AVC_CALLBACK_RESET, 0, 0, 0, 0, 0);
+ if (ret && !rc) {
+ rc = ret;
+ errsave = errno;
+ }
+ }
+ }
+ errno = errsave;
+ return rc;
+}
+
+hidden_def(avc_reset)
+
+void avc_destroy(void)
+{
+ struct avc_callback_node *c;
+ struct avc_node *node, *tmp;
+ int i;
+
+ avc_get_lock(avc_lock);
+
+ if (avc_using_threads)
+ avc_stop_thread(avc_netlink_thread);
+ avc_netlink_close();
+
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ node = avc_cache.slots[i];
+ while (node) {
+ tmp = node;
+ node = node->next;
+ avc_free(tmp);
+ }
+ }
+ while (avc_node_freelist) {
+ tmp = avc_node_freelist;
+ avc_node_freelist = tmp->next;
+ avc_free(tmp);
+ }
+ avc_release_lock(avc_lock);
+
+ while (avc_callbacks) {
+ c = avc_callbacks;
+ avc_callbacks = c->next;
+ avc_free(c);
+ }
+ sidtab_destroy(&avc_sidtab);
+ avc_free_lock(avc_lock);
+ avc_free_lock(avc_log_lock);
+ avc_free(avc_audit_buf);
+ avc_running = 0;
+}
+
+/* ratelimit stuff put aside for now --EFW */
+#if 0
+/*
+ * Copied from net/core/utils.c:net_ratelimit and modified for
+ * use by the AVC audit facility.
+ */
+#define AVC_MSG_COST 5*HZ
+#define AVC_MSG_BURST 10*5*HZ
+
+/*
+ * This enforces a rate limit: not more than one kernel message
+ * every 5secs to make a denial-of-service attack impossible.
+ */
+static int avc_ratelimit(void)
+{
+ static unsigned long toks = 10 * 5 * HZ;
+ static unsigned long last_msg;
+ static int missed, rc = 0;
+ unsigned long now = jiffies;
+ void *ratelimit_lock = avc_alloc_lock();
+
+ avc_get_lock(ratelimit_lock);
+ toks += now - last_msg;
+ last_msg = now;
+ if (toks > AVC_MSG_BURST)
+ toks = AVC_MSG_BURST;
+ if (toks >= AVC_MSG_COST) {
+ int lost = missed;
+ missed = 0;
+ toks -= AVC_MSG_COST;
+ avc_release_lock(ratelimit_lock);
+ if (lost) {
+ avc_log("%s: %d messages suppressed.\n", avc_prefix,
+ lost);
+ }
+ rc = 1;
+ goto out;
+ }
+ missed++;
+ avc_release_lock(ratelimit_lock);
+ out:
+ avc_free_lock(ratelimit_lock);
+ return rc;
+}
+
+static inline int check_avc_ratelimit(void)
+{
+ if (avc_enforcing)
+ return avc_ratelimit();
+ else {
+ /* If permissive, then never suppress messages. */
+ return 1;
+ }
+}
+#endif /* ratelimit stuff */
+
+/**
+ * avc_dump_av - Display an access vector in human-readable form.
+ * @tclass: target security class
+ * @av: access vector
+ */
+static void avc_dump_av(security_class_t tclass, access_vector_t av)
+{
+ const char *permstr;
+ access_vector_t bit = 1;
+
+ if (av == 0) {
+ log_append(avc_audit_buf, " null");
+ return;
+ }
+
+ log_append(avc_audit_buf, " {");
+
+ while (av) {
+ if (av & bit) {
+ permstr = security_av_perm_to_string(tclass, bit);
+ if (!permstr)
+ break;
+ log_append(avc_audit_buf, " %s", permstr);
+ av &= ~bit;
+ }
+ bit <<= 1;
+ }
+
+ if (av)
+ log_append(avc_audit_buf, " 0x%x", av);
+ log_append(avc_audit_buf, " }");
+}
+
+/**
+ * avc_dump_query - Display a SID pair and a class in human-readable form.
+ * @ssid: source security identifier
+ * @tsid: target security identifier
+ * @tclass: target security class
+ */
+static void avc_dump_query(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass)
+{
+ avc_get_lock(avc_lock);
+
+ if (ssid->refcnt > 0)
+ log_append(avc_audit_buf, "scontext=%s", ssid->ctx);
+ else
+ log_append(avc_audit_buf, "ssid=%p", ssid);
+
+ if (tsid->refcnt > 0)
+ log_append(avc_audit_buf, " tcontext=%s", tsid->ctx);
+ else
+ log_append(avc_audit_buf, " tsid=%p", tsid);
+
+ avc_release_lock(avc_lock);
+ log_append(avc_audit_buf, " tclass=%s",
+ security_class_to_string(tclass));
+}
+
+void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *a)
+{
+ access_vector_t denied, audited;
+
+ denied = requested & ~avd->allowed;
+ if (denied) {
+ audited = denied;
+ if (!(audited & avd->auditdeny))
+ return;
+ } else if (!requested || result) {
+ audited = denied = requested;
+ } else {
+ audited = requested;
+ if (!(audited & avd->auditallow))
+ return;
+ }
+#if 0
+ if (!check_avc_ratelimit())
+ return;
+#endif
+ /* prevent overlapping buffer writes */
+ avc_get_lock(avc_log_lock);
+ snprintf(avc_audit_buf, AVC_AUDIT_BUFSIZE,
+ "%s: %s ", avc_prefix, (denied || !requested) ? "denied" : "granted");
+ avc_dump_av(tclass, audited);
+ log_append(avc_audit_buf, " for ");
+
+ /* get any extra information printed by the callback */
+ avc_suppl_audit(a, tclass, avc_audit_buf + strlen(avc_audit_buf),
+ AVC_AUDIT_BUFSIZE - strlen(avc_audit_buf));
+
+ log_append(avc_audit_buf, " ");
+ avc_dump_query(ssid, tsid, tclass);
+ log_append(avc_audit_buf, "\n");
+ avc_log("%s", avc_audit_buf);
+
+ avc_release_lock(avc_log_lock);
+}
+
+hidden_def(avc_audit)
+
+int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref, struct av_decision *avd)
+{
+ struct avc_entry *ae;
+ int rc = 0;
+ struct avc_entry entry;
+ access_vector_t denied;
+ struct avc_entry_ref ref;
+
+ if (!avc_using_threads) {
+ (void)avc_netlink_check_nb();
+ }
+
+ if (!aeref) {
+ avc_entry_ref_init(&ref);
+ aeref = &ref;
+ }
+
+ avc_get_lock(avc_lock);
+ avc_cache_stats_incr(entry_lookups);
+ ae = aeref->ae;
+ if (ae) {
+ if (ae->ssid == ssid &&
+ ae->tsid == tsid &&
+ ae->tclass == tclass &&
+ ((ae->avd.decided & requested) == requested)) {
+ avc_cache_stats_incr(entry_hits);
+ ae->used = 1;
+ } else {
+ avc_cache_stats_incr(entry_discards);
+ ae = 0;
+ }
+ }
+
+ if (!ae) {
+ avc_cache_stats_incr(entry_misses);
+ rc = avc_lookup(ssid, tsid, tclass, requested, aeref);
+ if (rc) {
+ if ((ssid->refcnt <= 0) || (tsid->refcnt <= 0)) {
+ errno = EINVAL;
+ rc = -1;
+ goto out;
+ }
+ rc = security_compute_av_raw(ssid->ctx, tsid->ctx,
+ tclass, requested,
+ &entry.avd);
+ if (rc)
+ goto out;
+ rc = avc_insert(ssid, tsid, tclass, &entry, aeref);
+ if (rc)
+ goto out;
+ }
+ ae = aeref->ae;
+ }
+
+ if (avd)
+ memcpy(avd, &ae->avd, sizeof(*avd));
+
+ denied = requested & ~(ae->avd.allowed);
+
+ if (!requested || denied) {
+ if (avc_enforcing) {
+ errno = EACCES;
+ rc = -1;
+ } else
+ ae->avd.allowed |= requested;
+ }
+
+ out:
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+hidden_def(avc_has_perm_noaudit)
+
+int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata)
+{
+ struct av_decision avd = { 0, 0, 0, 0, 0 };
+ int errsave, rc;
+
+ rc = avc_has_perm_noaudit(ssid, tsid, tclass, requested, aeref, &avd);
+ errsave = errno;
+ avc_audit(ssid, tsid, tclass, requested, &avd, rc, auditdata);
+ errno = errsave;
+ return rc;
+}
+
+int avc_compute_create(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, security_id_t *newsid)
+{
+ int rc;
+ *newsid = NULL;
+ avc_get_lock(avc_lock);
+ if (ssid->refcnt > 0 && tsid->refcnt > 0) {
+ security_context_t ctx = NULL;
+ rc = security_compute_create_raw(ssid->ctx, tsid->ctx, tclass,
+ &ctx);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
+ if (!rc)
+ (*newsid)->refcnt++;
+ freecon(ctx);
+ } else {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ }
+out:
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_compute_member(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, security_id_t *newsid)
+{
+ int rc;
+ *newsid = NULL;
+ avc_get_lock(avc_lock);
+ if (ssid->refcnt > 0 && tsid->refcnt > 0) {
+ security_context_t ctx = NULL;
+ rc = security_compute_member_raw(ssid->ctx, tsid->ctx, tclass,
+ &ctx);
+ if (rc)
+ goto out;
+ rc = sidtab_context_to_sid(&avc_sidtab, ctx, newsid);
+ if (!rc)
+ (*newsid)->refcnt++;
+ freecon(ctx);
+ } else {
+ errno = EINVAL; /* bad reference count */
+ rc = -1;
+ }
+out:
+ avc_release_lock(avc_lock);
+ return rc;
+}
+
+int avc_add_callback(int (*callback) (uint32_t event, security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ uint32_t events, security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, access_vector_t perms)
+{
+ struct avc_callback_node *c;
+ int rc = 0;
+
+ c = avc_malloc(sizeof(*c));
+ if (!c) {
+ rc = -1;
+ goto out;
+ }
+
+ c->callback = callback;
+ c->events = events;
+ c->ssid = ssid;
+ c->tsid = tsid;
+ c->tclass = tclass;
+ c->perms = perms;
+ c->next = avc_callbacks;
+ avc_callbacks = c;
+ out:
+ return rc;
+}
+
+static inline int avc_sidcmp(security_id_t x, security_id_t y)
+{
+ return (x == y || x == SECSID_WILD || y == SECSID_WILD);
+}
+
+static inline void avc_update_node(uint32_t event, struct avc_node *node,
+ access_vector_t perms)
+{
+ switch (event) {
+ case AVC_CALLBACK_GRANT:
+ node->ae.avd.allowed |= perms;
+ break;
+ case AVC_CALLBACK_TRY_REVOKE:
+ case AVC_CALLBACK_REVOKE:
+ node->ae.avd.allowed &= ~perms;
+ break;
+ case AVC_CALLBACK_AUDITALLOW_ENABLE:
+ node->ae.avd.auditallow |= perms;
+ break;
+ case AVC_CALLBACK_AUDITALLOW_DISABLE:
+ node->ae.avd.auditallow &= ~perms;
+ break;
+ case AVC_CALLBACK_AUDITDENY_ENABLE:
+ node->ae.avd.auditdeny |= perms;
+ break;
+ case AVC_CALLBACK_AUDITDENY_DISABLE:
+ node->ae.avd.auditdeny &= ~perms;
+ break;
+ }
+}
+
+static int avc_update_cache(uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms)
+{
+ struct avc_node *node;
+ int i;
+
+ avc_get_lock(avc_lock);
+
+ if (ssid == SECSID_WILD || tsid == SECSID_WILD) {
+ /* apply to all matching nodes */
+ for (i = 0; i < AVC_CACHE_SLOTS; i++) {
+ for (node = avc_cache.slots[i]; node; node = node->next) {
+ if (avc_sidcmp(ssid, node->ae.ssid) &&
+ avc_sidcmp(tsid, node->ae.tsid) &&
+ tclass == node->ae.tclass) {
+ avc_update_node(event, node, perms);
+ }
+ }
+ }
+ } else {
+ /* apply to one node */
+ node = avc_search_node(ssid, tsid, tclass, 0);
+ if (node) {
+ avc_update_node(event, node, perms);
+ }
+ }
+
+ avc_release_lock(avc_lock);
+
+ return 0;
+}
+
+/* avc_control - update cache and call callbacks
+ *
+ * This should not be called directly; use the individual event
+ * functions instead.
+ */
+static int avc_control(uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ uint32_t seqno, access_vector_t * out_retained)
+{
+ struct avc_callback_node *c;
+ access_vector_t tretained = 0, cretained = 0;
+ int ret, rc = 0, errsave = 0;
+ errno = 0;
+
+ /*
+ * try_revoke only removes permissions from the cache
+ * state if they are not retained by the object manager.
+ * Hence, try_revoke must wait until after the callbacks have
+ * been invoked to update the cache state.
+ */
+ if (event != AVC_CALLBACK_TRY_REVOKE)
+ avc_update_cache(event, ssid, tsid, tclass, perms);
+
+ for (c = avc_callbacks; c; c = c->next) {
+ if ((c->events & event) &&
+ avc_sidcmp(c->ssid, ssid) &&
+ avc_sidcmp(c->tsid, tsid) &&
+ c->tclass == tclass && (c->perms & perms)) {
+ cretained = 0;
+ ret = c->callback(event, ssid, tsid, tclass,
+ (c->perms & perms), &cretained);
+ if (ret && !rc) {
+ rc = ret;
+ errsave = errno;
+ }
+ if (!ret)
+ tretained |= cretained;
+ }
+ }
+
+ if (event == AVC_CALLBACK_TRY_REVOKE) {
+ /* revoke any unretained permissions */
+ perms &= ~tretained;
+ avc_update_cache(event, ssid, tsid, tclass, perms);
+ *out_retained = tretained;
+ }
+
+ avc_get_lock(avc_lock);
+ if (seqno > avc_cache.latest_notif)
+ avc_cache.latest_notif = seqno;
+ avc_release_lock(avc_lock);
+
+ errno = errsave;
+ return rc;
+}
+
+/**
+ * avc_ss_grant - Grant previously denied permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ */
+int avc_ss_grant(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno)
+{
+ return avc_control(AVC_CALLBACK_GRANT,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+/**
+ * avc_ss_try_revoke - Try to revoke previously granted permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ * @out_retained: subset of @perms that are retained
+ *
+ * Try to revoke previously granted permissions, but
+ * only if they are not retained as migrated permissions.
+ * Return the subset of permissions that are retained via @out_retained.
+ */
+int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms, uint32_t seqno,
+ access_vector_t * out_retained)
+{
+ return avc_control(AVC_CALLBACK_TRY_REVOKE,
+ ssid, tsid, tclass, perms, seqno, out_retained);
+}
+
+/**
+ * avc_ss_revoke - Revoke previously granted permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ *
+ * Revoke previously granted permissions, even if
+ * they are retained as migrated permissions.
+ */
+int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno)
+{
+ return avc_control(AVC_CALLBACK_REVOKE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+/**
+ * avc_ss_reset - Flush the cache and revalidate migrated permissions.
+ * @seqno: policy sequence number
+ */
+int avc_ss_reset(uint32_t seqno)
+{
+ int rc;
+
+ rc = avc_reset();
+
+ avc_get_lock(avc_lock);
+ if (seqno > avc_cache.latest_notif)
+ avc_cache.latest_notif = seqno;
+ avc_release_lock(avc_lock);
+
+ return rc;
+}
+
+/**
+ * avc_ss_set_auditallow - Enable or disable auditing of granted permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ * @enable: enable flag.
+ */
+int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable)
+{
+ if (enable)
+ return avc_control(AVC_CALLBACK_AUDITALLOW_ENABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+ else
+ return avc_control(AVC_CALLBACK_AUDITALLOW_DISABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
+
+/**
+ * avc_ss_set_auditdeny - Enable or disable auditing of denied permissions.
+ * @ssid: source security identifier or %SECSID_WILD
+ * @tsid: target security identifier or %SECSID_WILD
+ * @tclass: target security class
+ * @perms: permissions to grant
+ * @seqno: policy sequence number
+ * @enable: enable flag.
+ */
+int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable)
+{
+ if (enable)
+ return avc_control(AVC_CALLBACK_AUDITDENY_ENABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+ else
+ return avc_control(AVC_CALLBACK_AUDITDENY_DISABLE,
+ ssid, tsid, tclass, perms, seqno, 0);
+}
diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
new file mode 100644
index 0000000..b9e9db2
--- /dev/null
+++ b/libselinux/src/avc_internal.c
@@ -0,0 +1,239 @@
+/*
+ * Callbacks for user-supplied memory allocation, supplemental
+ * auditing, and locking routines.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ *
+ * Netlink code derived in part from sample code by
+ * James Morris <jmorris@redhat.com>.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <linux/types.h>
+#include <linux/netlink.h>
+#include "selinux_netlink.h"
+#include "avc_internal.h"
+
+#ifndef NETLINK_SELINUX
+#define NETLINK_SELINUX 7
+#endif
+
+/* callback pointers */
+void *(*avc_func_malloc) (size_t) = NULL;
+void (*avc_func_free) (void *) = NULL;
+
+void (*avc_func_log) (const char *, ...) = NULL;
+void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL;
+
+int avc_using_threads = 0;
+void *(*avc_func_create_thread) (void (*)(void)) = NULL;
+void (*avc_func_stop_thread) (void *) = NULL;
+
+void *(*avc_func_alloc_lock) (void) = NULL;
+void (*avc_func_get_lock) (void *) = NULL;
+void (*avc_func_release_lock) (void *) = NULL;
+void (*avc_func_free_lock) (void *) = NULL;
+
+/* message prefix string and avc enforcing mode */
+char avc_prefix[AVC_PREFIX_SIZE] = "uavc";
+int avc_running = 0;
+int avc_enforcing = 1;
+int avc_setenforce = 0;
+int avc_netlink_trouble = 0;
+
+/* netlink socket code */
+static int fd;
+
+int avc_netlink_open(int blocking)
+{
+ int len, rc = 0;
+ struct sockaddr_nl addr;
+
+ fd = socket(PF_NETLINK, SOCK_RAW, NETLINK_SELINUX);
+ if (fd < 0) {
+ rc = fd;
+ goto out;
+ }
+
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+ if (!blocking && fcntl(fd, F_SETFL, O_NONBLOCK)) {
+ close(fd);
+ rc = -1;
+ goto out;
+ }
+
+ len = sizeof(addr);
+
+ memset(&addr, 0, len);
+ addr.nl_family = AF_NETLINK;
+ addr.nl_groups = SELNL_GRP_AVC;
+
+ if (bind(fd, (struct sockaddr *)&addr, len) < 0) {
+ close(fd);
+ rc = -1;
+ goto out;
+ }
+ out:
+ return rc;
+}
+
+void avc_netlink_close(void)
+{
+ close(fd);
+}
+
+static int avc_netlink_receive(char *buf, unsigned buflen)
+{
+ int rc;
+ struct sockaddr_nl nladdr;
+ socklen_t nladdrlen = sizeof nladdr;
+ struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
+
+ rc = recvfrom(fd, buf, buflen, 0, (struct sockaddr *)&nladdr,
+ &nladdrlen);
+ if (rc < 0)
+ return rc;
+
+ if (nladdrlen != sizeof nladdr) {
+ avc_log("%s: warning: netlink address truncated, len %d?\n",
+ avc_prefix, nladdrlen);
+ return -1;
+ }
+
+ if (nladdr.nl_pid) {
+ avc_log("%s: warning: received spoofed netlink packet from: %d\n",
+ avc_prefix, nladdr.nl_pid);
+ return -1;
+ }
+
+ if (rc == 0) {
+ avc_log("%s: warning: received EOF on netlink socket\n",
+ avc_prefix);
+ errno = EBADFD;
+ return -1;
+ }
+
+ if (nlh->nlmsg_flags & MSG_TRUNC || nlh->nlmsg_len > (unsigned)rc) {
+ avc_log("%s: warning: incomplete netlink message\n",
+ avc_prefix);
+ return -1;
+ }
+
+ return 0;
+}
+
+static int avc_netlink_process(char *buf)
+{
+ int rc;
+ struct nlmsghdr *nlh = (struct nlmsghdr *)buf;
+
+ switch (nlh->nlmsg_type) {
+ case NLMSG_ERROR:{
+ struct nlmsgerr *err = NLMSG_DATA(nlh);
+
+ /* Netlink ack */
+ if (err->error == 0)
+ break;
+
+ errno = -err->error;
+ avc_log("%s: netlink error: %d\n", avc_prefix, errno);
+ return -1;
+ }
+
+ case SELNL_MSG_SETENFORCE:{
+ struct selnl_msg_setenforce *msg = NLMSG_DATA(nlh);
+ avc_log("%s: received setenforce notice (enforcing=%d)\n",
+ avc_prefix, msg->val);
+ if (avc_setenforce)
+ break;
+ avc_enforcing = msg->val;
+ if (avc_enforcing && (rc = avc_ss_reset(0)) < 0) {
+ avc_log("%s: cache reset returned %d (errno %d)\n",
+ avc_prefix, rc, errno);
+ return rc;
+ }
+ break;
+ }
+
+ case SELNL_MSG_POLICYLOAD:{
+ struct selnl_msg_policyload *msg = NLMSG_DATA(nlh);
+ avc_log("%s: received policyload notice (seqno=%d)\n",
+ avc_prefix, msg->seqno);
+ rc = avc_ss_reset(msg->seqno);
+ if (rc < 0) {
+ avc_log("%s: cache reset returned %d (errno %d)\n",
+ avc_prefix, rc, errno);
+ return rc;
+ }
+ break;
+ }
+
+ default:
+ avc_log("%s: warning: unknown netlink message %d\n",
+ avc_prefix, nlh->nlmsg_type);
+ }
+ return 0;
+}
+
+int avc_netlink_check_nb(void)
+{
+ int rc;
+ char buf[1024] __attribute__ ((aligned));
+
+ while (1) {
+ errno = 0;
+ rc = avc_netlink_receive(buf, sizeof(buf));
+ if (rc < 0) {
+ if (errno == EWOULDBLOCK)
+ return 0;
+ if (errno == 0 || errno == EINTR)
+ continue;
+ else {
+ avc_log("%s: netlink recvfrom: error %d\n",
+ avc_prefix, errno);
+ return rc;
+ }
+ }
+
+ (void)avc_netlink_process(buf);
+ }
+ return 0;
+}
+
+/* run routine for the netlink listening thread */
+void avc_netlink_loop(void)
+{
+ int rc;
+ char buf[1024] __attribute__ ((aligned));
+
+ while (1) {
+ errno = 0;
+ rc = avc_netlink_receive(buf, sizeof(buf));
+ if (rc < 0) {
+ if (errno == 0 || errno == EINTR)
+ continue;
+ else {
+ avc_log("%s: netlink recvfrom: error %d\n",
+ avc_prefix, errno);
+ break;
+ }
+ }
+
+ rc = avc_netlink_process(buf);
+ if (rc < 0)
+ break;
+ }
+
+ close(fd);
+ avc_netlink_trouble = 1;
+ avc_log("%s: netlink thread: errors encountered, terminating\n",
+ avc_prefix);
+}
diff --git a/libselinux/src/avc_internal.h b/libselinux/src/avc_internal.h
new file mode 100644
index 0000000..cd50dc8
--- /dev/null
+++ b/libselinux/src/avc_internal.h
@@ -0,0 +1,196 @@
+/*
+ * This file describes the internal interface used by the AVC
+ * for calling the user-supplied memory allocation, supplemental
+ * auditing, and locking routine, as well as incrementing the
+ * statistics fields.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+#ifndef _SELINUX_AVC_INTERNAL_H_
+#define _SELINUX_AVC_INTERNAL_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <selinux/avc.h>
+#include "callbacks.h"
+#include "dso.h"
+
+/* SID reference counter manipulation */
+static inline int sid_inc_refcnt(security_id_t sid)
+{
+ return sid->refcnt = (sid->refcnt > 0) ? sid->refcnt + 1 : 0;
+}
+
+static inline int sid_dec_refcnt(security_id_t sid)
+{
+ return sid->refcnt = (sid->refcnt > 0) ? sid->refcnt - 1 : 0;
+}
+
+/* callback pointers */
+extern void *(*avc_func_malloc) (size_t) hidden;
+extern void (*avc_func_free) (void *)hidden;
+
+extern void (*avc_func_log) (const char *, ...)hidden;
+extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
+
+extern int avc_using_threads hidden;
+extern void *(*avc_func_create_thread) (void (*)(void))hidden;
+extern void (*avc_func_stop_thread) (void *)hidden;
+
+extern void *(*avc_func_alloc_lock) (void)hidden;
+extern void (*avc_func_get_lock) (void *)hidden;
+extern void (*avc_func_release_lock) (void *)hidden;
+extern void (*avc_func_free_lock) (void *)hidden;
+
+static inline void set_callbacks(const struct avc_memory_callback *mem_cb,
+ const struct avc_log_callback *log_cb,
+ const struct avc_thread_callback *thread_cb,
+ const struct avc_lock_callback *lock_cb)
+{
+ if (mem_cb) {
+ avc_func_malloc = mem_cb->func_malloc;
+ avc_func_free = mem_cb->func_free;
+ }
+ if (log_cb) {
+ avc_func_log = log_cb->func_log;
+ avc_func_audit = log_cb->func_audit;
+ }
+ if (thread_cb) {
+ avc_using_threads = 1;
+ avc_func_create_thread = thread_cb->func_create_thread;
+ avc_func_stop_thread = thread_cb->func_stop_thread;
+ }
+ if (lock_cb) {
+ avc_func_alloc_lock = lock_cb->func_alloc_lock;
+ avc_func_get_lock = lock_cb->func_get_lock;
+ avc_func_release_lock = lock_cb->func_release_lock;
+ avc_func_free_lock = lock_cb->func_free_lock;
+ }
+}
+
+/* message prefix and enforcing mode*/
+#define AVC_PREFIX_SIZE 16
+extern char avc_prefix[AVC_PREFIX_SIZE] hidden;
+extern int avc_running hidden;
+extern int avc_enforcing hidden;
+extern int avc_setenforce hidden;
+
+/* user-supplied callback interface for avc */
+static inline void *avc_malloc(size_t size)
+{
+ return avc_func_malloc ? avc_func_malloc(size) : malloc(size);
+}
+
+static inline void avc_free(void *ptr)
+{
+ if (avc_func_free)
+ avc_func_free(ptr);
+ else
+ free(ptr);
+}
+
+/* this is a macro in order to use the variadic capability. */
+#define avc_log(format...) \
+ if (avc_func_log) \
+ avc_func_log(format); \
+ else \
+ selinux_log(SELINUX_ERROR, format);
+
+static inline void avc_suppl_audit(void *ptr, security_class_t class,
+ char *buf, size_t len)
+{
+ if (avc_func_audit)
+ avc_func_audit(ptr, class, buf, len);
+ else
+ selinux_audit(ptr, class, buf, len);
+}
+
+static inline void *avc_create_thread(void (*run) (void))
+{
+ return avc_func_create_thread ? avc_func_create_thread(run) : NULL;
+}
+
+static inline void avc_stop_thread(void *thread)
+{
+ if (avc_func_stop_thread)
+ avc_func_stop_thread(thread);
+}
+
+static inline void *avc_alloc_lock(void)
+{
+ return avc_func_alloc_lock ? avc_func_alloc_lock() : NULL;
+}
+
+static inline void avc_get_lock(void *lock)
+{
+ if (avc_func_get_lock)
+ avc_func_get_lock(lock);
+}
+
+static inline void avc_release_lock(void *lock)
+{
+ if (avc_func_release_lock)
+ avc_func_release_lock(lock);
+}
+
+static inline void avc_free_lock(void *lock)
+{
+ if (avc_func_free_lock)
+ avc_func_free_lock(lock);
+}
+
+/* statistics helper routines */
+#ifdef AVC_CACHE_STATS
+
+#define avc_cache_stats_incr(field) \
+ cache_stats.field ++;
+#define avc_cache_stats_add(field, num) \
+ cache_stats.field += num;
+
+#else
+
+#define avc_cache_stats_incr(field)
+#define avc_cache_stats_add(field, num)
+
+#endif
+
+/* logging helper routines */
+#define AVC_AUDIT_BUFSIZE 1024
+
+/* again, we need the variadic capability here */
+#define log_append(buf,format...) \
+ snprintf(buf+strlen(buf), AVC_AUDIT_BUFSIZE-strlen(buf), format)
+
+/* internal callbacks */
+int avc_ss_grant(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno) hidden;
+int avc_ss_try_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t perms, uint32_t seqno,
+ access_vector_t * out_retained) hidden;
+int avc_ss_revoke(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno) hidden;
+int avc_ss_reset(uint32_t seqno) hidden;
+int avc_ss_set_auditallow(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable) hidden;
+int avc_ss_set_auditdeny(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t perms,
+ uint32_t seqno, uint32_t enable) hidden;
+
+/* netlink kernel message code */
+extern int avc_netlink_trouble hidden;
+int avc_netlink_open(int blocking) hidden;
+int avc_netlink_check_nb(void) hidden;
+void avc_netlink_loop(void) hidden;
+void avc_netlink_close(void) hidden;
+
+hidden_proto(avc_av_stats)
+ hidden_proto(avc_cleanup)
+ hidden_proto(avc_reset)
+ hidden_proto(avc_audit)
+ hidden_proto(avc_has_perm_noaudit)
+#endif /* _SELINUX_AVC_INTERNAL_H_ */
diff --git a/libselinux/src/avc_sidtab.c b/libselinux/src/avc_sidtab.c
new file mode 100644
index 0000000..dab5c4e
--- /dev/null
+++ b/libselinux/src/avc_sidtab.c
@@ -0,0 +1,192 @@
+/*
+ * Implementation of the userspace SID hashtable.
+ *
+ * Author : Eamon Walsh, <ewalsh@epoch.ncsc.mil>
+ */
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <selinux/avc.h>
+#include "avc_sidtab.h"
+#include "avc_internal.h"
+
+static inline unsigned sidtab_hash(security_context_t key)
+{
+ char *p, *keyp;
+ unsigned int size;
+ unsigned int val;
+
+ val = 0;
+ keyp = (char *)key;
+ size = strlen(keyp);
+ for (p = keyp; (unsigned int)(p - keyp) < size; p++)
+ val =
+ (val << 4 | (val >> (8 * sizeof(unsigned int) - 4))) ^ (*p);
+ return val & (SIDTAB_SIZE - 1);
+}
+
+int sidtab_init(struct sidtab *s)
+{
+ int i, rc = 0;
+
+ s->htable = (struct sidtab_node **)avc_malloc
+ (sizeof(struct sidtab_node *) * SIDTAB_SIZE);
+
+ if (!s->htable) {
+ rc = -1;
+ goto out;
+ }
+ for (i = 0; i < SIDTAB_SIZE; i++)
+ s->htable[i] = NULL;
+ s->nel = 0;
+ out:
+ return rc;
+}
+
+int sidtab_insert(struct sidtab *s, security_context_t ctx)
+{
+ int hvalue, rc = 0;
+ struct sidtab_node *newnode;
+ security_context_t newctx;
+
+ newnode = (struct sidtab_node *)avc_malloc(sizeof(*newnode));
+ if (!newnode) {
+ rc = -1;
+ goto out;
+ }
+ newctx = (security_context_t) strdup(ctx);
+ if (!newctx) {
+ rc = -1;
+ avc_free(newnode);
+ goto out;
+ }
+
+ hvalue = sidtab_hash(newctx);
+ newnode->next = s->htable[hvalue];
+ newnode->sid_s.ctx = newctx;
+ newnode->sid_s.refcnt = 0; /* caller should increment */
+ s->htable[hvalue] = newnode;
+ s->nel++;
+ out:
+ return rc;
+}
+
+void sidtab_remove(struct sidtab *s, security_id_t sid)
+{
+ int hvalue;
+ struct sidtab_node *cur, *prev;
+
+ hvalue = sidtab_hash(sid->ctx);
+ cur = s->htable[hvalue];
+ prev = NULL;
+ while (cur) {
+ if (sid == &cur->sid_s) {
+ if (prev)
+ prev->next = cur->next;
+ else
+ s->htable[hvalue] = cur->next;
+ avc_free(cur);
+ s->nel--;
+ return;
+ } else {
+ prev = cur;
+ cur = cur->next;
+ }
+ }
+}
+
+security_id_t sidtab_claim_sid(struct sidtab *s)
+{
+ int i;
+ struct sidtab_node *cur;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur) {
+ if (!cur->sid_s.refcnt)
+ return &cur->sid_s;
+ cur = cur->next;
+ }
+ }
+ return NULL;
+}
+
+int
+sidtab_context_to_sid(struct sidtab *s,
+ security_context_t ctx, security_id_t * sid)
+{
+ int hvalue, rc = 0;
+ struct sidtab_node *cur;
+
+ *sid = NULL;
+ hvalue = sidtab_hash(ctx);
+
+ loop:
+ cur = s->htable[hvalue];
+ while (cur != NULL && strcmp(cur->sid_s.ctx, ctx))
+ cur = cur->next;
+
+ if (cur == NULL) { /* need to make a new entry */
+ rc = sidtab_insert(s, ctx);
+ if (rc)
+ goto out;
+ goto loop; /* find the newly inserted node */
+ }
+
+ *sid = &cur->sid_s;
+ out:
+ return rc;
+}
+
+void sidtab_sid_stats(struct sidtab *h, char *buf, int buflen)
+{
+ int i, chain_len, slots_used, max_chain_len;
+ struct sidtab_node *cur;
+
+ slots_used = 0;
+ max_chain_len = 0;
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = h->htable[i];
+ if (cur) {
+ slots_used++;
+ chain_len = 0;
+ while (cur) {
+ chain_len++;
+ cur = cur->next;
+ }
+
+ if (chain_len > max_chain_len)
+ max_chain_len = chain_len;
+ }
+ }
+
+ snprintf(buf, buflen,
+ "%s: %d SID entries and %d/%d buckets used, longest "
+ "chain length %d\n", avc_prefix, h->nel, slots_used,
+ SIDTAB_SIZE, max_chain_len);
+}
+
+void sidtab_destroy(struct sidtab *s)
+{
+ int i;
+ struct sidtab_node *cur, *temp;
+
+ if (!s)
+ return;
+
+ for (i = 0; i < SIDTAB_SIZE; i++) {
+ cur = s->htable[i];
+ while (cur != NULL) {
+ temp = cur;
+ cur = cur->next;
+ freecon(temp->sid_s.ctx);
+ avc_free(temp);
+ }
+ s->htable[i] = NULL;
+ }
+ avc_free(s->htable);
+ s->htable = NULL;
+}
diff --git a/libselinux/src/avc_sidtab.h b/libselinux/src/avc_sidtab.h
new file mode 100644
index 0000000..620a335
--- /dev/null
+++ b/libselinux/src/avc_sidtab.h
@@ -0,0 +1,38 @@
+/*
+ * A security identifier table (sidtab) is a hash table
+ * of security context structures indexed by SID value.
+ */
+#ifndef _SELINUX_AVC_SIDTAB_H_
+#define _SELINUX_AVC_SIDTAB_H_
+
+#include <selinux/selinux.h>
+#include <selinux/avc.h>
+#include "dso.h"
+
+struct sidtab_node {
+ struct security_id sid_s;
+ struct sidtab_node *next;
+};
+
+#define SIDTAB_HASH_BITS 7
+#define SIDTAB_HASH_BUCKETS (1 << SIDTAB_HASH_BITS)
+#define SIDTAB_HASH_MASK (SIDTAB_HASH_BUCKETS-1)
+#define SIDTAB_SIZE SIDTAB_HASH_BUCKETS
+
+struct sidtab {
+ struct sidtab_node **htable;
+ unsigned nel;
+};
+
+int sidtab_init(struct sidtab *s) hidden;
+int sidtab_insert(struct sidtab *s, security_context_t ctx) hidden;
+void sidtab_remove(struct sidtab *s, security_id_t sid) hidden;
+security_id_t sidtab_claim_sid(struct sidtab *s) hidden;
+
+int sidtab_context_to_sid(struct sidtab *s,
+ security_context_t ctx, security_id_t * sid) hidden;
+
+void sidtab_sid_stats(struct sidtab *s, char *buf, int buflen) hidden;
+void sidtab_destroy(struct sidtab *s) hidden;
+
+#endif /* _SELINUX_AVC_SIDTAB_H_ */
diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
new file mode 100644
index 0000000..bbf8324
--- /dev/null
+++ b/libselinux/src/booleans.c
@@ -0,0 +1,474 @@
+/*
+ * Author: Karl MacMillan <kmacmillan@tresys.com>
+ *
+ * Modified:
+ * Dan Walsh <dwalsh@redhat.com> - Added security_load_booleans().
+ */
+
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <assert.h>
+#include <stdlib.h>
+#include <dirent.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <unistd.h>
+#include <fnmatch.h>
+#include <limits.h>
+#include <ctype.h>
+#include <errno.h>
+
+#include "selinux_internal.h"
+#include "policy.h"
+
+#define SELINUX_BOOL_DIR "/booleans/"
+
+static int filename_select(const struct dirent *d)
+{
+ if (d->d_name[0] == '.'
+ && (d->d_name[1] == '\0'
+ || (d->d_name[1] == '.' && d->d_name[2] == '\0')))
+ return 0;
+ return 1;
+}
+
+int security_get_boolean_names(char ***names, int *len)
+{
+ char path[PATH_MAX];
+ int i, rc;
+ struct dirent **namelist;
+ char **n;
+
+ assert(len);
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s%s", selinux_mnt, SELINUX_BOOL_DIR);
+ *len = scandir(path, &namelist, &filename_select, alphasort);
+ if (*len <= 0) {
+ return -1;
+ }
+
+ n = (char **)malloc(sizeof(char *) * *len);
+ if (!n) {
+ rc = -1;
+ goto bad;
+ }
+
+ for (i = 0; i < *len; i++) {
+ n[i] = (char *)malloc(_D_ALLOC_NAMLEN(namelist[i]));
+ if (!n[i]) {
+ rc = -1;
+ goto bad_freen;
+ }
+ strcpy(n[i], namelist[i]->d_name);
+ }
+ rc = 0;
+ *names = n;
+ out:
+ for (i = 0; i < *len; i++) {
+ free(namelist[i]);
+ }
+ free(namelist);
+ return rc;
+ bad_freen:
+ for (--i; i >= 0; --i)
+ free(n[i]);
+ free(n);
+ bad:
+ goto out;
+}
+
+hidden_def(security_get_boolean_names)
+#define STRBUF_SIZE 3
+static int get_bool_value(const char *name, char **buf)
+{
+ int fd, len;
+ char *fname = NULL;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ *buf = (char *)malloc(sizeof(char) * (STRBUF_SIZE + 1));
+ if (!*buf)
+ goto out;
+ (*buf)[STRBUF_SIZE] = 0;
+
+ len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR);
+ fname = (char *)malloc(sizeof(char) * len);
+ if (!fname)
+ goto out;
+ snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
+
+ fd = open(fname, O_RDONLY);
+ if (fd < 0)
+ goto out;
+
+ len = read(fd, *buf, STRBUF_SIZE);
+ close(fd);
+ if (len != STRBUF_SIZE)
+ goto out;
+
+ free(fname);
+ return 0;
+ out:
+ if (*buf)
+ free(*buf);
+ if (fname)
+ free(fname);
+ return -1;
+}
+
+int security_get_boolean_pending(const char *name)
+{
+ char *buf;
+ int val;
+
+ if (get_bool_value(name, &buf))
+ return -1;
+
+ if (atoi(&buf[1]))
+ val = 1;
+ else
+ val = 0;
+ free(buf);
+ return val;
+}
+
+int security_get_boolean_active(const char *name)
+{
+ char *buf;
+ int val;
+
+ if (get_bool_value(name, &buf))
+ return -1;
+
+ buf[1] = '\0';
+ if (atoi(buf))
+ val = 1;
+ else
+ val = 0;
+ free(buf);
+ return val;
+}
+
+hidden_def(security_get_boolean_active)
+
+int security_set_boolean(const char *name, int value)
+{
+ int fd, ret, len;
+ char buf[2], *fname;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+ if (value < 0 || value > 1) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ len = strlen(name) + strlen(selinux_mnt) + sizeof(SELINUX_BOOL_DIR);
+ fname = (char *)malloc(sizeof(char) * len);
+ if (!fname)
+ return -1;
+ snprintf(fname, len, "%s%s%s", selinux_mnt, SELINUX_BOOL_DIR, name);
+
+ fd = open(fname, O_WRONLY);
+ if (fd < 0) {
+ ret = -1;
+ goto out;
+ }
+
+ if (value)
+ buf[0] = '1';
+ else
+ buf[0] = '0';
+ buf[1] = '\0';
+
+ ret = write(fd, buf, 2);
+ close(fd);
+ out:
+ free(fname);
+ if (ret > 0)
+ return 0;
+ else
+ return -1;
+}
+
+hidden_def(security_set_boolean)
+
+int security_commit_booleans(void)
+{
+ int fd, ret;
+ char buf[2];
+ char path[PATH_MAX];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/commit_pending_bools", selinux_mnt);
+ fd = open(path, O_WRONLY);
+ if (fd < 0)
+ return -1;
+
+ buf[0] = '1';
+ buf[1] = '\0';
+
+ ret = write(fd, buf, 2);
+ close(fd);
+
+ if (ret > 0)
+ return 0;
+ else
+ return -1;
+}
+
+hidden_def(security_commit_booleans)
+
+static char *strtrim(char *dest, char *source, int size)
+{
+ int i = 0;
+ char *ptr = source;
+ i = 0;
+ while (isspace(*ptr) && i < size) {
+ ptr++;
+ i++;
+ }
+ strncpy(dest, ptr, size);
+ for (i = strlen(dest) - 1; i > 0; i--) {
+ if (!isspace(dest[i]))
+ break;
+ }
+ dest[i + 1] = '\0';
+ return dest;
+}
+static int process_boolean(char *buffer, char *name, int namesize, int *val)
+{
+ char name1[BUFSIZ];
+ char *ptr;
+ char *tok = strtok_r(buffer, "=", &ptr);
+ if (tok) {
+ strncpy(name1, tok, BUFSIZ - 1);
+ strtrim(name, name1, namesize - 1);
+ if (name[0] == '#')
+ return 0;
+ tok = strtok_r(NULL, "\0", &ptr);
+ if (tok) {
+ while (isspace(*tok))
+ tok++;
+ *val = -1;
+ if (isdigit(tok[0]))
+ *val = atoi(tok);
+ else if (!strncasecmp(tok, "true", sizeof("true") - 1))
+ *val = 1;
+ else if (!strncasecmp
+ (tok, "false", sizeof("false") - 1))
+ *val = 0;
+ if (*val != 0 && *val != 1) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ }
+ }
+ return 1;
+}
+static int save_booleans(size_t boolcnt, SELboolean * boollist)
+{
+ ssize_t len;
+ size_t i;
+ char outbuf[BUFSIZ];
+ char *inbuf = NULL;
+
+ /* Open file */
+ const char *bool_file = selinux_booleans_path();
+ char local_bool_file[PATH_MAX];
+ char tmp_bool_file[PATH_MAX];
+ FILE *boolf;
+ int fd;
+ int *used = (int *)malloc(sizeof(int) * boolcnt);
+ if (!used) {
+ return -1;
+ }
+ /* zero out used field */
+ for (i = 0; i < boolcnt; i++)
+ used[i] = 0;
+
+ snprintf(tmp_bool_file, sizeof(tmp_bool_file), "%s.XXXXXX", bool_file);
+ fd = mkstemp(tmp_bool_file);
+ if (fd < 0) {
+ free(used);
+ return -1;
+ }
+
+ snprintf(local_bool_file, sizeof(local_bool_file), "%s.local",
+ bool_file);
+ boolf = fopen(local_bool_file, "r");
+ if (boolf != NULL) {
+ ssize_t ret;
+ size_t size = 0;
+ int val;
+ char boolname[BUFSIZ];
+ char *buffer;
+ inbuf = NULL;
+ __fsetlocking(boolf, FSETLOCKING_BYCALLER);
+ while ((len = getline(&inbuf, &size, boolf)) > 0) {
+ buffer = strdup(inbuf);
+ if (!buffer)
+ goto close_remove_fail;
+ ret =
+ process_boolean(inbuf, boolname, sizeof(boolname),
+ &val);
+ if (ret != 1) {
+ ret = write(fd, buffer, len);
+ free(buffer);
+ if (ret != len)
+ goto close_remove_fail;
+ } else {
+ free(buffer);
+ for (i = 0; i < boolcnt; i++) {
+ if (strcmp(boollist[i].name, boolname)
+ == 0) {
+ snprintf(outbuf, sizeof(outbuf),
+ "%s=%d\n", boolname,
+ boollist[i].value);
+ len = strlen(outbuf);
+ used[i] = 1;
+ if (write(fd, outbuf, len) !=
+ len)
+ goto close_remove_fail;
+ else
+ break;
+ }
+ }
+ if (i == boolcnt) {
+ snprintf(outbuf, sizeof(outbuf),
+ "%s=%d\n", boolname, val);
+ len = strlen(outbuf);
+ if (write(fd, outbuf, len) != len)
+ goto close_remove_fail;
+ }
+ }
+ free(inbuf);
+ inbuf = NULL;
+ }
+ fclose(boolf);
+ }
+
+ for (i = 0; i < boolcnt; i++) {
+ if (used[i] == 0) {
+ snprintf(outbuf, sizeof(outbuf), "%s=%d\n",
+ boollist[i].name, boollist[i].value);
+ len = strlen(outbuf);
+ if (write(fd, outbuf, len) != len) {
+ close_remove_fail:
+ free(inbuf);
+ close(fd);
+ remove_fail:
+ unlink(tmp_bool_file);
+ free(used);
+ return -1;
+ }
+ }
+
+ }
+ if (fchmod(fd, S_IRUSR | S_IWUSR) != 0)
+ goto close_remove_fail;
+ close(fd);
+ if (rename(tmp_bool_file, local_bool_file) != 0)
+ goto remove_fail;
+
+ free(used);
+ return 0;
+}
+static void rollback(SELboolean * boollist, int end)
+{
+ int i;
+
+ for (i = 0; i < end; i++)
+ security_set_boolean(boollist[i].name,
+ security_get_boolean_active(boollist[i].
+ name));
+}
+
+int security_set_boolean_list(size_t boolcnt, SELboolean * boollist,
+ int permanent)
+{
+
+ size_t i;
+ for (i = 0; i < boolcnt; i++) {
+ if (security_set_boolean(boollist[i].name, boollist[i].value)) {
+ rollback(boollist, i);
+ return -1;
+ }
+ }
+
+ /* OK, let's do the commit */
+ if (security_commit_booleans()) {
+ return -1;
+ }
+
+ if (permanent)
+ return save_booleans(boolcnt, boollist);
+
+ return 0;
+}
+int security_load_booleans(char *path)
+{
+ FILE *boolf;
+ char *inbuf;
+ char localbools[BUFSIZ];
+ size_t len = 0, errors = 0;
+ int val;
+ char name[BUFSIZ];
+
+ boolf = fopen(path ? path : selinux_booleans_path(), "r");
+ if (boolf == NULL)
+ goto localbool;
+
+ __fsetlocking(boolf, FSETLOCKING_BYCALLER);
+ while (getline(&inbuf, &len, boolf) > 0) {
+ int ret = process_boolean(inbuf, name, sizeof(name), &val);
+ if (ret == -1)
+ errors++;
+ if (ret == 1)
+ if (security_set_boolean(name, val) < 0) {
+ errors++;
+ }
+ }
+ fclose(boolf);
+ localbool:
+ snprintf(localbools, sizeof(localbools), "%s.local",
+ (path ? path : selinux_booleans_path()));
+ boolf = fopen(localbools, "r");
+
+ if (boolf != NULL) {
+ int ret;
+ __fsetlocking(boolf, FSETLOCKING_BYCALLER);
+ while (getline(&inbuf, &len, boolf) > 0) {
+ ret = process_boolean(inbuf, name, sizeof(name), &val);
+ if (ret == -1)
+ errors++;
+ if (ret == 1)
+ if (security_set_boolean(name, val) < 0) {
+ errors++;
+ }
+ }
+ fclose(boolf);
+ }
+ if (security_commit_booleans() < 0)
+ return -1;
+
+ if (errors)
+ errno = EINVAL;
+ return errors ? -1 : 0;
+}
diff --git a/libselinux/src/callbacks.c b/libselinux/src/callbacks.c
new file mode 100644
index 0000000..5acfd3d
--- /dev/null
+++ b/libselinux/src/callbacks.c
@@ -0,0 +1,92 @@
+/*
+ * User-supplied callbacks and default implementations.
+ * Class and permission mappings.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+#include "callbacks.h"
+
+/* default implementations */
+static int __attribute__ ((format(printf, 2, 3)))
+default_selinux_log(int type __attribute__((unused)), const char *fmt, ...)
+{
+ int rc;
+ va_list ap;
+ va_start(ap, fmt);
+ rc = vfprintf(stderr, fmt, ap);
+ va_end(ap);
+ return rc;
+}
+
+static int
+default_selinux_audit(void *ptr __attribute__((unused)),
+ security_class_t cls __attribute__((unused)),
+ char *buf __attribute__((unused)),
+ size_t len __attribute__((unused)))
+{
+ return 0;
+}
+
+static int
+default_selinux_validate(security_context_t *ctx)
+{
+ return security_check_context(*ctx);
+}
+
+/* callback pointers */
+int __attribute__ ((format(printf, 2, 3)))
+(*selinux_log)(int, const char *, ...) =
+ default_selinux_log;
+
+int
+(*selinux_audit) (void *, security_class_t, char *, size_t) =
+ default_selinux_audit;
+
+int
+(*selinux_validate)(security_context_t *ctx) =
+ default_selinux_validate;
+
+/* callback setting function */
+void
+selinux_set_callback(int type, union selinux_callback cb)
+{
+ switch (type) {
+ case SELINUX_CB_LOG:
+ selinux_log = cb.func_log;
+ break;
+ case SELINUX_CB_AUDIT:
+ selinux_audit = cb.func_audit;
+ break;
+ case SELINUX_CB_VALIDATE:
+ selinux_validate = cb.func_validate;
+ break;
+ }
+}
+
+/* callback getting function */
+union selinux_callback
+selinux_get_callback(int type)
+{
+ union selinux_callback cb;
+
+ switch (type) {
+ case SELINUX_CB_LOG:
+ cb.func_log = selinux_log;
+ break;
+ case SELINUX_CB_AUDIT:
+ cb.func_audit = selinux_audit;
+ break;
+ case SELINUX_CB_VALIDATE:
+ cb.func_validate = selinux_validate;
+ break;
+ default:
+ memset(&cb, 0, sizeof(cb));
+ errno = EINVAL;
+ break;
+ }
+ return cb;
+}
diff --git a/libselinux/src/callbacks.h b/libselinux/src/callbacks.h
new file mode 100644
index 0000000..068fa9d
--- /dev/null
+++ b/libselinux/src/callbacks.h
@@ -0,0 +1,24 @@
+/*
+ * This file describes the callbacks passed to selinux_init() and available
+ * for use from the library code. They all have default implementations.
+ */
+#ifndef _SELINUX_CALLBACKS_H_
+#define _SELINUX_CALLBACKS_H_
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <selinux/selinux.h>
+#include "dso.h"
+
+/* callback pointers */
+extern int __attribute__ ((format(printf, 2, 3)))
+(*selinux_log) (int type, const char *, ...) hidden;
+
+extern int
+(*selinux_audit) (void *, security_class_t, char *, size_t) hidden;
+
+extern int
+(*selinux_validate)(security_context_t *ctx) hidden;
+
+#endif /* _SELINUX_CALLBACKS_H_ */
diff --git a/libselinux/src/canonicalize_context.c b/libselinux/src/canonicalize_context.c
new file mode 100644
index 0000000..85bbbfa
--- /dev/null
+++ b/libselinux/src/canonicalize_context.c
@@ -0,0 +1,86 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+int security_canonicalize_context_raw(security_context_t con,
+ security_context_t * canoncon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/context", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ strncpy(buf, con, size);
+
+ ret = write(fd, buf, strlen(buf) + 1);
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0 && errno == EINVAL) {
+ /* Fall back to the original context for kernels
+ that do not support the extended interface. */
+ strncpy(buf, con, size);
+ }
+
+ *canoncon = strdup(buf);
+ if (!(*canoncon)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_canonicalize_context_raw)
+
+int security_canonicalize_context(security_context_t con,
+ security_context_t * canoncon)
+{
+ int ret;
+ security_context_t rcon = con;
+ security_context_t rcanoncon;
+
+ if (selinux_trans_to_raw_context(con, &rcon))
+ return -1;
+
+ ret = security_canonicalize_context_raw(rcon, &rcanoncon);
+
+ freecon(rcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcanoncon, canoncon);
+ freecon(rcanoncon);
+ }
+
+ return ret;
+}
+
+hidden_def(security_canonicalize_context)
diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
new file mode 100644
index 0000000..c1982c7
--- /dev/null
+++ b/libselinux/src/checkAccess.c
@@ -0,0 +1,47 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdlib.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+
+int selinux_check_passwd_access(access_vector_t requested)
+{
+ int status = -1;
+ security_context_t user_context;
+ if (is_selinux_enabled() == 0)
+ return 0;
+ if (getprevcon_raw(&user_context) == 0) {
+ security_class_t passwd_class;
+ struct av_decision avd;
+ int retval;
+
+ passwd_class = string_to_security_class("passwd");
+ if (passwd_class == 0)
+ return 0;
+
+ retval = security_compute_av_raw(user_context,
+ user_context,
+ passwd_class,
+ requested,
+ &avd);
+
+ if ((retval == 0) && ((requested & avd.allowed) == requested)) {
+ status = 0;
+ }
+ freecon(user_context);
+ }
+
+ if (status != 0 && security_getenforce() == 0)
+ status = 0;
+
+ return status;
+}
+
+hidden_def(selinux_check_passwd_access)
+
+int checkPasswdAccess(access_vector_t requested)
+{
+ return selinux_check_passwd_access(requested);
+}
diff --git a/libselinux/src/check_context.c b/libselinux/src/check_context.c
new file mode 100644
index 0000000..0e8fb86
--- /dev/null
+++ b/libselinux/src/check_context.c
@@ -0,0 +1,51 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <stdio.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+int security_check_context_raw(security_context_t con)
+{
+ char path[PATH_MAX];
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/context", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ ret = write(fd, con, strlen(con) + 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+ return 0;
+}
+
+hidden_def(security_check_context_raw)
+
+int security_check_context(security_context_t con)
+{
+ int ret;
+ security_context_t rcon = con;
+
+ if (selinux_trans_to_raw_context(con, &rcon))
+ return -1;
+
+ ret = security_check_context_raw(rcon);
+
+ freecon(rcon);
+
+ return ret;
+}
+
+hidden_def(security_check_context)
diff --git a/libselinux/src/class_to_string.h b/libselinux/src/class_to_string.h
new file mode 100644
index 0000000..60327cb
--- /dev/null
+++ b/libselinux/src/class_to_string.h
@@ -0,0 +1,74 @@
+/* This file is automatically generated. Do not edit. */
+/*
+ * Security object class definitions
+ */
+ S_("null")
+ S_("security")
+ S_("process")
+ S_("system")
+ S_("capability")
+ S_("filesystem")
+ S_("file")
+ S_("dir")
+ S_("fd")
+ S_("lnk_file")
+ S_("chr_file")
+ S_("blk_file")
+ S_("sock_file")
+ S_("fifo_file")
+ S_("socket")
+ S_("tcp_socket")
+ S_("udp_socket")
+ S_("rawip_socket")
+ S_("node")
+ S_("netif")
+ S_("netlink_socket")
+ S_("packet_socket")
+ S_("key_socket")
+ S_("unix_stream_socket")
+ S_("unix_dgram_socket")
+ S_("sem")
+ S_("msg")
+ S_("msgq")
+ S_("shm")
+ S_("ipc")
+ S_("passwd")
+ S_("drawable")
+ S_("window")
+ S_("gc")
+ S_("font")
+ S_("colormap")
+ S_("property")
+ S_("cursor")
+ S_("xclient")
+ S_("xinput")
+ S_("xserver")
+ S_("xextension")
+ S_("pax")
+ S_("netlink_route_socket")
+ S_("netlink_firewall_socket")
+ S_("netlink_tcpdiag_socket")
+ S_("netlink_nflog_socket")
+ S_("netlink_xfrm_socket")
+ S_("netlink_selinux_socket")
+ S_("netlink_audit_socket")
+ S_("netlink_ip6fw_socket")
+ S_("netlink_dnrt_socket")
+ S_("dbus")
+ S_("nscd")
+ S_("association")
+ S_("netlink_kobject_uevent_socket")
+ S_("appletalk_socket")
+ S_("packet")
+ S_("key")
+ S_("context")
+ S_("dccp_socket")
+ S_("memprotect")
+ S_("db_database")
+ S_("db_table")
+ S_("db_procedure")
+ S_("db_column")
+ S_("db_tuple")
+ S_("db_blob")
+ S_("peer")
+ S_("capability2")
diff --git a/libselinux/src/common_perm_to_string.h b/libselinux/src/common_perm_to_string.h
new file mode 100644
index 0000000..f52d1f5
--- /dev/null
+++ b/libselinux/src/common_perm_to_string.h
@@ -0,0 +1,67 @@
+/* This file is automatically generated. Do not edit. */
+TB_(common_file_perm_to_string)
+ S_("ioctl")
+ S_("read")
+ S_("write")
+ S_("create")
+ S_("getattr")
+ S_("setattr")
+ S_("lock")
+ S_("relabelfrom")
+ S_("relabelto")
+ S_("append")
+ S_("unlink")
+ S_("link")
+ S_("rename")
+ S_("execute")
+ S_("swapon")
+ S_("quotaon")
+ S_("mounton")
+TE_(common_file_perm_to_string)
+
+TB_(common_socket_perm_to_string)
+ S_("ioctl")
+ S_("read")
+ S_("write")
+ S_("create")
+ S_("getattr")
+ S_("setattr")
+ S_("lock")
+ S_("relabelfrom")
+ S_("relabelto")
+ S_("append")
+ S_("bind")
+ S_("connect")
+ S_("listen")
+ S_("accept")
+ S_("getopt")
+ S_("setopt")
+ S_("shutdown")
+ S_("recvfrom")
+ S_("sendto")
+ S_("recv_msg")
+ S_("send_msg")
+ S_("name_bind")
+TE_(common_socket_perm_to_string)
+
+TB_(common_ipc_perm_to_string)
+ S_("create")
+ S_("destroy")
+ S_("getattr")
+ S_("setattr")
+ S_("read")
+ S_("write")
+ S_("associate")
+ S_("unix_read")
+ S_("unix_write")
+TE_(common_ipc_perm_to_string)
+
+TB_(common_database_perm_to_string)
+ S_("create")
+ S_("drop")
+ S_("getattr")
+ S_("setattr")
+ S_("relabelfrom")
+ S_("relabelto")
+TE_(common_database_perm_to_string)
+
diff --git a/libselinux/src/compute_av.c b/libselinux/src/compute_av.c
new file mode 100644
index 0000000..45cd0db
--- /dev/null
+++ b/libselinux/src/compute_av.c
@@ -0,0 +1,95 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_av_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested, struct av_decision *avd)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t len;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/access", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ len = selinux_page_size;
+ buf = malloc(len);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+
+ snprintf(buf, len, "%s %s %hu %x", scon, tcon,
+ unmap_class(tclass), unmap_perm(tclass, requested));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, len);
+ ret = read(fd, buf, len - 1);
+ if (ret < 0)
+ goto out2;
+
+ if (sscanf(buf, "%x %x %x %x %u", &avd->allowed,
+ &avd->decided, &avd->auditallow, &avd->auditdeny,
+ &avd->seqno) != 5) {
+ ret = -1;
+ goto out2;
+ }
+
+ map_decision(tclass, avd);
+
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_av_raw)
+
+int security_compute_av(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ access_vector_t requested, struct av_decision *avd)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_av_raw(rscon, rtcon, tclass, requested, avd);
+
+ freecon(rscon);
+ freecon(rtcon);
+
+ return ret;
+}
+
+hidden_def(security_compute_av)
diff --git a/libselinux/src/compute_create.c b/libselinux/src/compute_create.c
new file mode 100644
index 0000000..1c56f0f
--- /dev/null
+++ b/libselinux/src/compute_create.c
@@ -0,0 +1,94 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_create_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/create", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *newcon = strdup(buf);
+ if (!(*newcon)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_create_raw)
+
+int security_compute_create(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+ security_context_t rnewcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_create_raw(rscon, rtcon, tclass, &rnewcon);
+
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rnewcon, newcon);
+ freecon(rnewcon);
+ }
+
+ return ret;
+}
+
+hidden_def(security_compute_create)
diff --git a/libselinux/src/compute_member.c b/libselinux/src/compute_member.c
new file mode 100644
index 0000000..e5495e4
--- /dev/null
+++ b/libselinux/src/compute_member.c
@@ -0,0 +1,95 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_member_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/member", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *newcon = strdup(buf);
+ if (!(*newcon)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_member_raw)
+
+int security_compute_member(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+ security_context_t rnewcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_member_raw(rscon, rtcon, tclass, &rnewcon);
+
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ if (selinux_raw_to_trans_context(rnewcon, newcon)) {
+ *newcon = NULL;
+ ret = -1;
+ }
+ freecon(rnewcon);
+ }
+
+ return ret;
+}
diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
new file mode 100644
index 0000000..ae9c648
--- /dev/null
+++ b/libselinux/src/compute_relabel.c
@@ -0,0 +1,92 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+int security_compute_relabel_raw(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s %hu", scon, tcon, unmap_class(tclass));
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *newcon = strdup(buf);
+ if (!*newcon) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_relabel_raw)
+
+int security_compute_relabel(security_context_t scon,
+ security_context_t tcon,
+ security_class_t tclass,
+ security_context_t * newcon)
+{
+ int ret;
+ security_context_t rscon = scon;
+ security_context_t rtcon = tcon;
+ security_context_t rnewcon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+ if (selinux_trans_to_raw_context(tcon, &rtcon)) {
+ freecon(rscon);
+ return -1;
+ }
+
+ ret = security_compute_relabel_raw(rscon, rtcon, tclass, &rnewcon);
+
+ freecon(rscon);
+ freecon(rtcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rnewcon, newcon);
+ freecon(rnewcon);
+ }
+
+ return ret;
+}
diff --git a/libselinux/src/compute_user.c b/libselinux/src/compute_user.c
new file mode 100644
index 0000000..fa6f650
--- /dev/null
+++ b/libselinux/src/compute_user.c
@@ -0,0 +1,110 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+int security_compute_user_raw(security_context_t scon,
+ const char *user, security_context_t ** con)
+{
+ char path[PATH_MAX];
+ char **ary;
+ char *buf, *ptr;
+ size_t size;
+ int fd, ret;
+ unsigned int i, nel;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/user", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ snprintf(buf, size, "%s %s", scon, user);
+
+ ret = write(fd, buf, strlen(buf));
+ if (ret < 0)
+ goto out2;
+
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ if (sscanf(buf, "%u", &nel) != 1) {
+ ret = -1;
+ goto out2;
+ }
+
+ ary = malloc((nel + 1) * sizeof(char *));
+ if (!ary) {
+ ret = -1;
+ goto out2;
+ }
+
+ ptr = buf + strlen(buf) + 1;
+ for (i = 0; i < nel; i++) {
+ ary[i] = strdup(ptr);
+ if (!ary[i]) {
+ freeconary(ary);
+ ret = -1;
+ goto out2;
+ }
+ ptr += strlen(ptr) + 1;
+ }
+ ary[nel] = NULL;
+ *con = ary;
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_compute_user_raw)
+
+int security_compute_user(security_context_t scon,
+ const char *user, security_context_t ** con)
+{
+ int ret;
+ security_context_t rscon = scon;
+
+ if (selinux_trans_to_raw_context(scon, &rscon))
+ return -1;
+
+ ret = security_compute_user_raw(rscon, user, con);
+
+ freecon(rscon);
+ if (!ret) {
+ security_context_t *ptr, tmpcon;
+ for (ptr = *con; *ptr; ptr++) {
+ if (selinux_raw_to_trans_context(*ptr, &tmpcon)) {
+ freeconary(*con);
+ *con = NULL;
+ return -1;
+ }
+ freecon(*ptr);
+ *ptr = tmpcon;
+ }
+ }
+
+ return ret;
+}
+
+hidden_def(security_compute_user)
diff --git a/libselinux/src/context.c b/libselinux/src/context.c
new file mode 100644
index 0000000..8164104
--- /dev/null
+++ b/libselinux/src/context.c
@@ -0,0 +1,193 @@
+#include "context_internal.h"
+#include <string.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+
+#define COMP_USER 0
+#define COMP_ROLE 1
+#define COMP_TYPE 2
+#define COMP_RANGE 3
+
+typedef struct {
+ char *current_str; /* This is made up-to-date only when needed */
+ char *(component[4]);
+} context_private_t;
+
+/*
+ * Allocate a new context, initialized from str. There must be 3 or
+ * 4 colon-separated components and no whitespace in any component other
+ * than the MLS component.
+ */
+context_t context_new(const char *str)
+{
+ int i, count;
+ context_private_t *n =
+ (context_private_t *) malloc(sizeof(context_private_t));
+ context_t result = (context_t) malloc(sizeof(context_s_t));
+ const char *p, *tok;
+
+ if (result)
+ result->ptr = n;
+ else
+ free(n);
+ if (n == 0 || result == 0) {
+ goto err;
+ }
+ n->current_str = n->component[0] = n->component[1] = n->component[2] =
+ n->component[3] = 0;
+ for (i = count = 0, p = str; *p; p++) {
+ switch (*p) {
+ case ':':
+ count++;
+ break;
+ case '\n':
+ case '\t':
+ case '\r':
+ goto err; /* sanity check */
+ case ' ':
+ if (count < 3)
+ goto err; /* sanity check */
+ }
+ }
+ /*
+ * Could be anywhere from 2 - 5
+ * e.g user:role:type to user:role:type:sens1:cata-sens2:catb
+ */
+ if (count < 2 || count > 5) { /* might not have a range */
+ goto err;
+ }
+
+ n->component[3] = 0;
+ for (i = 0, tok = str; *tok; i++) {
+ if (i < 3)
+ for (p = tok; *p && *p != ':'; p++) { /* empty */
+ } else {
+ /* MLS range is one component */
+ for (p = tok; *p; p++) { /* empty */
+ }
+ }
+ n->component[i] = (char *)malloc(p - tok + 1);
+ if (n->component[i] == 0)
+ goto err;
+ strncpy(n->component[i], tok, p - tok);
+ n->component[i][p - tok] = '\0';
+ tok = *p ? p + 1 : p;
+ }
+ return result;
+ err:
+ context_free(result);
+ return 0;
+}
+
+hidden_def(context_new)
+
+static void conditional_free(char **v)
+{
+ if (*v) {
+ free(*v);
+ }
+ *v = 0;
+}
+
+/*
+ * free all storage used by a context. Safe to call with
+ * null pointer.
+ */
+void context_free(context_t context)
+{
+ context_private_t *n;
+ int i;
+ if (context) {
+ n = context->ptr;
+ if (n) {
+ conditional_free(&n->current_str);
+ for (i = 0; i < 4; i++) {
+ conditional_free(&n->component[i]);
+ }
+ free(n);
+ }
+ free(context);
+ }
+}
+
+hidden_def(context_free)
+
+/*
+ * Return a pointer to the string value of the context.
+ */
+char *context_str(context_t context)
+{
+ context_private_t *n = context->ptr;
+ int i;
+ size_t total = 0;
+ conditional_free(&n->current_str);
+ for (i = 0; i < 4; i++) {
+ if (n->component[i]) {
+ total += strlen(n->component[i]) + 1;
+ }
+ }
+ n->current_str = malloc(total);
+ if (n->current_str != 0) {
+ char *cp = n->current_str;
+
+ cp = stpcpy(cp, n->component[0]);
+ for (i = 1; i < 4; i++) {
+ if (n->component[i]) {
+ *cp++ = ':';
+ cp = stpcpy(cp, n->component[i]);
+ }
+ }
+ }
+ return n->current_str;
+}
+
+hidden_def(context_str)
+
+/* Returns nonzero iff failed */
+static int set_comp(context_private_t * n, int idx, const char *str)
+{
+ char *t = NULL;
+ const char *p;
+ if (str) {
+ t = (char *)malloc(strlen(str) + 1);
+ if (!t) {
+ return 1;
+ }
+ for (p = str; *p; p++) {
+ if (*p == '\t' || *p == '\n' || *p == '\r' ||
+ ((*p == ':' || *p == ' ') && idx != COMP_RANGE)) {
+ free(t);
+ errno = EINVAL;
+ return 1;
+ }
+ }
+ strcpy(t, str);
+ }
+ conditional_free(&n->component[idx]);
+ n->component[idx] = t;
+ return 0;
+}
+
+#define def_get(name,tag) \
+const char * context_ ## name ## _get(context_t context) \
+{ \
+ context_private_t *n = context->ptr; \
+ return n->component[tag]; \
+} \
+hidden_def(context_ ## name ## _get)
+
+def_get(type, COMP_TYPE)
+ def_get(user, COMP_USER)
+ def_get(range, COMP_RANGE)
+ def_get(role, COMP_ROLE)
+#define def_set(name,tag) \
+int context_ ## name ## _set(context_t context, const char* str) \
+{ \
+ return set_comp(context->ptr,tag,str);\
+} \
+hidden_def(context_ ## name ## _set)
+ def_set(type, COMP_TYPE)
+ def_set(role, COMP_ROLE)
+ def_set(user, COMP_USER)
+ def_set(range, COMP_RANGE)
diff --git a/libselinux/src/context_internal.h b/libselinux/src/context_internal.h
new file mode 100644
index 0000000..3c71e80
--- /dev/null
+++ b/libselinux/src/context_internal.h
@@ -0,0 +1,14 @@
+#include <selinux/context.h>
+#include "dso.h"
+
+hidden_proto(context_new)
+ hidden_proto(context_free)
+ hidden_proto(context_str)
+ hidden_proto(context_type_set)
+ hidden_proto(context_type_get)
+ hidden_proto(context_role_set)
+ hidden_proto(context_role_get)
+ hidden_proto(context_user_set)
+ hidden_proto(context_user_get)
+ hidden_proto(context_range_set)
+ hidden_proto(context_range_get)
diff --git a/libselinux/src/disable.c b/libselinux/src/disable.c
new file mode 100644
index 0000000..dac0f5b
--- /dev/null
+++ b/libselinux/src/disable.c
@@ -0,0 +1,38 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <stdio.h>
+#include <limits.h>
+
+int security_disable(void)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/disable", selinux_mnt);
+ fd = open(path, O_WRONLY);
+ if (fd < 0)
+ return -1;
+
+ buf[0] = '1';
+ buf[1] = '\0';
+ ret = write(fd, buf, strlen(buf));
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ return 0;
+}
+
+hidden_def(security_disable)
diff --git a/libselinux/src/dso.h b/libselinux/src/dso.h
new file mode 100644
index 0000000..12c3d11
--- /dev/null
+++ b/libselinux/src/dso.h
@@ -0,0 +1,23 @@
+#ifndef _SELINUX_DSO_H
+#define _SELINUX_DSO_H 1
+
+#ifdef SHARED
+# define hidden __attribute__ ((visibility ("hidden")))
+# define hidden_proto(fct) __hidden_proto (fct, fct##_internal)
+# define __hidden_proto(fct, internal) \
+ extern __typeof (fct) internal; \
+ extern __typeof (fct) fct __asm (#internal) hidden;
+# if defined(__alpha__) || defined(__mips__)
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n" #fct " = " #fct "_internal");
+# else
+# define hidden_def(fct) \
+ asm (".globl " #fct "\n.set " #fct ", " #fct "_internal");
+#endif
+#else
+# define hidden
+# define hidden_proto(fct)
+# define hidden_def(fct)
+#endif
+
+#endif
diff --git a/libselinux/src/enabled.c b/libselinux/src/enabled.c
new file mode 100644
index 0000000..b3c8c47
--- /dev/null
+++ b/libselinux/src/enabled.c
@@ -0,0 +1,104 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include "policy.h"
+
+int is_selinux_enabled(void)
+{
+ char *buf=NULL;
+ FILE *fp;
+ ssize_t num;
+ size_t len;
+ int enabled = 0;
+ security_context_t con;
+
+ /* init_selinuxmnt() gets called before this function. We
+ * will assume that if a selinux file system is mounted, then
+ * selinux is enabled. */
+ if (selinux_mnt) {
+
+ /* Since a file system is mounted, we consider selinux
+ * enabled. If getcon_raw fails, selinux is still enabled.
+ * We only consider it disabled if no policy is loaded. */
+ enabled = 1;
+ if (getcon_raw(&con) == 0) {
+ if (!strcmp(con, "kernel"))
+ enabled = 0;
+ freecon(con);
+ }
+ return enabled;
+ }
+
+ /* Drop back to detecting it the long way. */
+ fp = fopen("/proc/filesystems", "r");
+ if (!fp)
+ return -1;
+
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ if (strstr(buf, "selinuxfs")) {
+ enabled = 1;
+ break;
+ }
+ }
+
+ if (num < 0)
+ goto out;
+
+ /* Since an selinux file system is available, we consider
+ * selinux enabled. If getcon_raw fails, selinux is still
+ * enabled. We only consider it disabled if no policy is loaded. */
+ if (getcon_raw(&con) == 0) {
+ if (!strcmp(con, "kernel"))
+ enabled = 0;
+ freecon(con);
+ }
+
+ out:
+ free(buf);
+ fclose(fp);
+ return enabled;
+}
+
+hidden_def(is_selinux_enabled)
+
+/*
+ * Function: is_selinux_mls_enabled()
+ * Return: 1 on success
+ * 0 on failure
+ */
+int is_selinux_mls_enabled(void)
+{
+ char buf[20], path[PATH_MAX];
+ int fd, ret, enabled = 0;
+
+ if (!selinux_mnt)
+ return enabled;
+
+ snprintf(path, sizeof path, "%s/mls", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return enabled;
+
+ memset(buf, 0, sizeof buf);
+
+ do {
+ ret = read(fd, buf, sizeof buf - 1);
+ } while (ret < 0 && errno == EINTR);
+ close(fd);
+ if (ret < 0)
+ return enabled;
+
+ if (!strcmp(buf, "1"))
+ enabled = 1;
+
+ return enabled;
+}
+
+hidden_def(is_selinux_mls_enabled)
diff --git a/libselinux/src/fgetfilecon.c b/libselinux/src/fgetfilecon.c
new file mode 100644
index 0000000..c88d515
--- /dev/null
+++ b/libselinux/src/fgetfilecon.c
@@ -0,0 +1,72 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int fgetfilecon_raw(int fd, security_context_t * context)
+{
+ char *buf;
+ ssize_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ size = fgetxattr(fd, XATTR_NAME_SELINUX, NULL, 0);
+ if (size < 0)
+ goto out;
+
+ size++;
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = fgetxattr(fd, XATTR_NAME_SELINUX, buf, size - 1);
+ }
+ out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(fgetfilecon_raw)
+
+int fgetfilecon(int fd, security_context_t * context)
+{
+ security_context_t rcontext;
+ int ret;
+
+ *context = NULL;
+
+ ret = fgetfilecon_raw(fd, &rcontext);
+
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
+
+ return ret;
+}
diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h
new file mode 100644
index 0000000..bea5c40
--- /dev/null
+++ b/libselinux/src/file_path_suffixes.h
@@ -0,0 +1,21 @@
+/* File name suffixes. */
+S_(BINPOLICY, "/policy/policy")
+ S_(CONTEXTS_DIR, "/contexts")
+ S_(FILE_CONTEXTS, "/contexts/files/file_contexts")
+ S_(HOMEDIR_CONTEXTS, "/contexts/files/homedir_template")
+ S_(DEFAULT_CONTEXTS, "/contexts/default_contexts")
+ S_(USER_CONTEXTS, "/contexts/users/")
+ S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
+ S_(DEFAULT_TYPE, "/contexts/default_type")
+ S_(SECURETTY_TYPES, "/contexts/securetty_types")
+ S_(BOOLEANS, "/booleans")
+ S_(MEDIA_CONTEXTS, "/contexts/files/media")
+ S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
+ S_(CUSTOMIZABLE_TYPES, "/contexts/customizable_types")
+ S_(USERS_DIR, "/users/")
+ S_(SEUSERS, "/seusers")
+ S_(TRANSLATIONS, "/setrans.conf")
+ S_(NETFILTER_CONTEXTS, "/contexts/netfilter_contexts")
+ S_(FILE_CONTEXTS_HOMEDIR, "/contexts/files/file_contexts.homedirs")
+ S_(FILE_CONTEXTS_LOCAL, "/contexts/files/file_contexts.local")
+ S_(X_CONTEXTS, "/contexts/x_contexts")
diff --git a/libselinux/src/freecon.c b/libselinux/src/freecon.c
new file mode 100644
index 0000000..3ec4fe2
--- /dev/null
+++ b/libselinux/src/freecon.c
@@ -0,0 +1,11 @@
+#include <unistd.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+
+void freecon(security_context_t con)
+{
+ free(con);
+}
+
+hidden_def(freecon)
diff --git a/libselinux/src/freeconary.c b/libselinux/src/freeconary.c
new file mode 100644
index 0000000..835f5bc
--- /dev/null
+++ b/libselinux/src/freeconary.c
@@ -0,0 +1,19 @@
+#include <unistd.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+
+void freeconary(security_context_t * con)
+{
+ char **ptr;
+
+ if (!con)
+ return;
+
+ for (ptr = con; *ptr; ptr++) {
+ free(*ptr);
+ }
+ free(con);
+}
+
+hidden_def(freeconary)
diff --git a/libselinux/src/fsetfilecon.c b/libselinux/src/fsetfilecon.c
new file mode 100644
index 0000000..6cad4d7
--- /dev/null
+++ b/libselinux/src/fsetfilecon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int fsetfilecon_raw(int fd, security_context_t context)
+{
+ return fsetxattr(fd, XATTR_NAME_SELINUX, context, strlen(context) + 1,
+ 0);
+}
+
+hidden_def(fsetfilecon_raw)
+
+int fsetfilecon(int fd, security_context_t context)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = fsetfilecon_raw(fd, rcontext);
+
+ freecon(rcontext);
+
+ return ret;
+}
diff --git a/libselinux/src/get_context_list.c b/libselinux/src/get_context_list.c
new file mode 100644
index 0000000..a50fca8
--- /dev/null
+++ b/libselinux/src/get_context_list.c
@@ -0,0 +1,541 @@
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <pwd.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+#include "get_context_list_internal.h"
+
+int get_default_context_with_role(const char *user,
+ const char *role,
+ security_context_t fromcon,
+ security_context_t * newcon)
+{
+ security_context_t *conary;
+ char **ptr;
+ context_t con;
+ const char *role2;
+ int rc;
+
+ rc = get_ordered_context_list(user, fromcon, &conary);
+ if (rc <= 0)
+ return -1;
+
+ for (ptr = conary; *ptr; ptr++) {
+ con = context_new(*ptr);
+ if (!con)
+ continue;
+ role2 = context_role_get(con);
+ if (role2 && !strcmp(role, role2)) {
+ context_free(con);
+ break;
+ }
+ context_free(con);
+ }
+
+ rc = -1;
+ if (!(*ptr))
+ goto out;
+ *newcon = strdup(*ptr);
+ if (!(*newcon))
+ goto out;
+ rc = 0;
+ out:
+ freeconary(conary);
+ return rc;
+}
+
+hidden_def(get_default_context_with_role)
+
+int get_default_context_with_rolelevel(const char *user,
+ const char *role,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t * newcon)
+{
+
+ int rc = 0;
+ int freefrom = 0;
+ context_t con;
+ char *newfromcon;
+ if (!level)
+ return get_default_context_with_role(user, role, fromcon,
+ newcon);
+
+ if (!fromcon) {
+ rc = getcon(&fromcon);
+ if (rc < 0)
+ return rc;
+ freefrom = 1;
+ }
+
+ rc = -1;
+ con = context_new(fromcon);
+ if (!con)
+ goto out;
+
+ if (context_range_set(con, level))
+ goto out;
+
+ newfromcon = context_str(con);
+ if (!newfromcon)
+ goto out;
+
+ rc = get_default_context_with_role(user, role, newfromcon, newcon);
+
+ out:
+ context_free(con);
+ if (freefrom)
+ freecon(fromcon);
+ return rc;
+
+}
+
+int get_default_context(const char *user,
+ security_context_t fromcon, security_context_t * newcon)
+{
+ security_context_t *conary;
+ int rc;
+
+ rc = get_ordered_context_list(user, fromcon, &conary);
+ if (rc <= 0)
+ return -1;
+
+ *newcon = strdup(conary[0]);
+ freeconary(conary);
+ if (!(*newcon))
+ return -1;
+ return 0;
+}
+
+static int find_partialcon(security_context_t * list,
+ unsigned int nreach, char *part)
+{
+ const char *conrole, *contype;
+ char *partrole, *parttype, *ptr;
+ context_t con;
+ unsigned int i;
+
+ partrole = part;
+ ptr = part;
+ while (*ptr && !isspace(*ptr) && *ptr != ':')
+ ptr++;
+ if (*ptr != ':')
+ return -1;
+ *ptr++ = 0;
+ parttype = ptr;
+ while (*ptr && !isspace(*ptr) && *ptr != ':')
+ ptr++;
+ *ptr = 0;
+
+ for (i = 0; i < nreach; i++) {
+ con = context_new(list[i]);
+ if (!con)
+ return -1;
+ conrole = context_role_get(con);
+ contype = context_type_get(con);
+ if (!conrole || !contype) {
+ context_free(con);
+ return -1;
+ }
+ if (!strcmp(conrole, partrole) && !strcmp(contype, parttype)) {
+ context_free(con);
+ return i;
+ }
+ context_free(con);
+ }
+
+ return -1;
+}
+
+static int get_context_order(FILE * fp,
+ security_context_t fromcon,
+ security_context_t * reachable,
+ unsigned int nreach,
+ unsigned int *ordering, unsigned int *nordered)
+{
+ char *start, *end = NULL;
+ char *line = NULL;
+ size_t line_len = 0;
+ ssize_t len;
+ int found = 0;
+ const char *fromrole, *fromtype;
+ char *linerole, *linetype;
+ unsigned int i;
+ context_t con;
+ int rc;
+
+ errno = -EINVAL;
+
+ /* Extract the role and type of the fromcon for matching.
+ User identity and MLS range can be variable. */
+ con = context_new(fromcon);
+ if (!con)
+ return -1;
+ fromrole = context_role_get(con);
+ fromtype = context_type_get(con);
+ if (!fromrole || !fromtype) {
+ context_free(con);
+ return -1;
+ }
+
+ while ((len = getline(&line, &line_len, fp)) > 0) {
+ if (line[len - 1] == '\n')
+ line[len - 1] = 0;
+
+ /* Skip leading whitespace. */
+ start = line;
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ continue;
+
+ /* Find the end of the (partial) fromcon in the line. */
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (!(*end))
+ continue;
+
+ /* Check for a match. */
+ linerole = start;
+ while (*start && !isspace(*start) && *start != ':')
+ start++;
+ if (*start != ':')
+ continue;
+ *start = 0;
+ linetype = ++start;
+ while (*start && !isspace(*start) && *start != ':')
+ start++;
+ if (!(*start))
+ continue;
+ *start = 0;
+ if (!strcmp(fromrole, linerole) && !strcmp(fromtype, linetype)) {
+ found = 1;
+ break;
+ }
+ }
+
+ if (!found) {
+ errno = ENOENT;
+ rc = -1;
+ goto out;
+ }
+
+ start = ++end;
+ while (*start) {
+ /* Skip leading whitespace */
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ break;
+
+ /* Find the end of this partial context. */
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (*end)
+ *end++ = 0;
+
+ /* Check for a match in the reachable list. */
+ rc = find_partialcon(reachable, nreach, start);
+ if (rc < 0) {
+ /* No match, skip it. */
+ start = end;
+ continue;
+ }
+
+ /* If a match is found and the entry is not already ordered
+ (e.g. due to prior match in prior config file), then set
+ the ordering for it. */
+ i = rc;
+ if (ordering[i] == nreach)
+ ordering[i] = (*nordered)++;
+ start = end;
+ }
+
+ rc = 0;
+
+ out:
+ context_free(con);
+ free(line);
+ return rc;
+}
+
+static int get_failsafe_context(const char *user, security_context_t * newcon)
+{
+ FILE *fp;
+ char buf[255], *ptr;
+ size_t plen, nlen;
+ int rc;
+
+ fp = fopen(selinux_failsafe_context_path(), "r");
+ if (!fp)
+ return -1;
+
+ ptr = fgets_unlocked(buf, sizeof buf, fp);
+ fclose(fp);
+
+ if (!ptr)
+ return -1;
+ plen = strlen(ptr);
+ if (buf[plen - 1] == '\n')
+ buf[plen - 1] = 0;
+
+ retry:
+ nlen = strlen(user) + 1 + plen + 1;
+ *newcon = malloc(nlen);
+ if (!(*newcon))
+ return -1;
+ rc = snprintf(*newcon, nlen, "%s:%s", user, ptr);
+ if (rc < 0 || (size_t) rc >= nlen) {
+ free(*newcon);
+ *newcon = 0;
+ return -1;
+ }
+
+ /* If possible, check the context to catch
+ errors early rather than waiting until the
+ caller tries to use setexeccon on the context.
+ But this may not always be possible, e.g. if
+ selinuxfs isn't mounted. */
+ if (security_check_context(*newcon) && errno != ENOENT) {
+ free(*newcon);
+ *newcon = 0;
+ if (strcmp(user, SELINUX_DEFAULTUSER)) {
+ user = SELINUX_DEFAULTUSER;
+ goto retry;
+ }
+ return -1;
+ }
+
+ return 0;
+}
+
+struct context_order {
+ security_context_t con;
+ unsigned int order;
+};
+
+static int order_compare(const void *A, const void *B)
+{
+ const struct context_order *c1 = A, *c2 = B;
+ if (c1->order < c2->order)
+ return -1;
+ else if (c1->order > c2->order)
+ return 1;
+ return strcmp(c1->con, c2->con);
+}
+
+int get_ordered_context_list_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t ** list)
+{
+ int rc;
+ int freefrom = 0;
+ context_t con;
+ char *newfromcon;
+
+ if (!level)
+ return get_ordered_context_list(user, fromcon, list);
+
+ if (!fromcon) {
+ rc = getcon(&fromcon);
+ if (rc < 0)
+ return rc;
+ freefrom = 1;
+ }
+
+ rc = -1;
+ con = context_new(fromcon);
+ if (!con)
+ goto out;
+
+ if (context_range_set(con, level))
+ goto out;
+
+ newfromcon = context_str(con);
+ if (!newfromcon)
+ goto out;
+
+ rc = get_ordered_context_list(user, newfromcon, list);
+
+ out:
+ context_free(con);
+ if (freefrom)
+ freecon(fromcon);
+ return rc;
+}
+
+hidden_def(get_ordered_context_list_with_level)
+
+int get_default_context_with_level(const char *user,
+ const char *level,
+ security_context_t fromcon,
+ security_context_t * newcon)
+{
+ security_context_t *conary;
+ int rc;
+
+ rc = get_ordered_context_list_with_level(user, level, fromcon, &conary);
+ if (rc <= 0)
+ return -1;
+
+ *newcon = strdup(conary[0]);
+ freeconary(conary);
+ if (!(*newcon))
+ return -1;
+ return 0;
+}
+
+int get_ordered_context_list(const char *user,
+ security_context_t fromcon,
+ security_context_t ** list)
+{
+ security_context_t *reachable = NULL;
+ unsigned int *ordering = NULL;
+ struct context_order *co = NULL;
+ char **ptr;
+ int rc = 0;
+ unsigned int nreach = 0, nordered = 0, freefrom = 0, i;
+ FILE *fp;
+ char *fname = NULL;
+ size_t fname_len;
+ const char *user_contexts_path = selinux_user_contexts_path();
+
+ if (!fromcon) {
+ /* Get the current context and use it for the starting context */
+ rc = getcon(&fromcon);
+ if (rc < 0)
+ return rc;
+ freefrom = 1;
+ }
+
+ /* Determine the set of reachable contexts for the user. */
+ rc = security_compute_user(fromcon, user, &reachable);
+ if (rc < 0) {
+ /* Retry with the default SELinux user identity. */
+ user = SELINUX_DEFAULTUSER;
+ rc = security_compute_user(fromcon, user, &reachable);
+ if (rc < 0)
+ goto failsafe;
+ }
+ nreach = 0;
+ for (ptr = reachable; *ptr; ptr++)
+ nreach++;
+ if (!nreach)
+ goto failsafe;
+
+ /* Initialize ordering array. */
+ ordering = malloc(nreach * sizeof(unsigned int));
+ if (!ordering)
+ goto oom_order;
+ for (i = 0; i < nreach; i++)
+ ordering[i] = nreach;
+
+ /* Determine the ordering to apply from the optional per-user config
+ and from the global config. */
+ fname_len = strlen(user_contexts_path) + strlen(user) + 2;
+ fname = malloc(fname_len);
+ if (!fname)
+ goto oom_order;
+ snprintf(fname, fname_len, "%s%s", user_contexts_path, user);
+ fp = fopen(fname, "r");
+ if (fp) {
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ rc = get_context_order(fp, fromcon, reachable, nreach, ordering,
+ &nordered);
+ fclose(fp);
+ if (rc < 0 && errno != ENOENT) {
+ fprintf(stderr,
+ "%s: error in processing configuration file %s\n",
+ __FUNCTION__, fname);
+ /* Fall through, try global config */
+ }
+ }
+ free(fname);
+ fp = fopen(selinux_default_context_path(), "r");
+ if (fp) {
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ rc = get_context_order(fp, fromcon, reachable, nreach, ordering,
+ &nordered);
+ fclose(fp);
+ if (rc < 0 && errno != ENOENT) {
+ fprintf(stderr,
+ "%s: error in processing configuration file %s\n",
+ __FUNCTION__, selinux_default_context_path());
+ /* Fall through */
+ }
+ }
+
+ /* Apply the ordering. */
+ if (nordered) {
+ co = malloc(nreach * sizeof(struct context_order));
+ if (!co)
+ goto oom_order;
+ for (i = 0; i < nreach; i++) {
+ co[i].con = reachable[i];
+ co[i].order = ordering[i];
+ }
+ qsort(co, nreach, sizeof(struct context_order), order_compare);
+ for (i = 0; i < nreach; i++)
+ reachable[i] = co[i].con;
+ free(co);
+ }
+
+ /* Return the ordered list.
+ If we successfully ordered it, then only report the ordered entries
+ to the caller. Otherwise, fall back to the entire reachable list. */
+ if (nordered && nordered < nreach) {
+ for (i = nordered; i < nreach; i++)
+ free(reachable[i]);
+ reachable[nordered] = NULL;
+ rc = nordered;
+ } else {
+ rc = nreach;
+ }
+
+ out:
+ *list = reachable;
+
+ free(ordering);
+ if (freefrom)
+ freecon(fromcon);
+
+ return rc;
+
+ failsafe:
+ /* Unable to determine a reachable context list, try to fall back to
+ the "failsafe" context to at least permit root login
+ for emergency recovery if possible. */
+ freeconary(reachable);
+ reachable = malloc(2 * sizeof(security_context_t));
+ if (!reachable) {
+ rc = -1;
+ goto out;
+ }
+ reachable[0] = reachable[1] = 0;
+ rc = get_failsafe_context(user, &reachable[0]);
+ if (rc < 0) {
+ freeconary(reachable);
+ reachable = NULL;
+ goto out;
+ }
+ rc = 1; /* one context in the list */
+ goto out;
+
+ oom_order:
+ /* Unable to order context list due to OOM condition.
+ Fall back to unordered reachable context list. */
+ fprintf(stderr, "%s: out of memory, unable to order list\n",
+ __FUNCTION__);
+ rc = nreach;
+ goto out;
+}
+
+hidden_def(get_ordered_context_list)
diff --git a/libselinux/src/get_context_list_internal.h b/libselinux/src/get_context_list_internal.h
new file mode 100644
index 0000000..c224834
--- /dev/null
+++ b/libselinux/src/get_context_list_internal.h
@@ -0,0 +1,6 @@
+#include <selinux/get_context_list.h>
+#include "dso.h"
+
+hidden_proto(get_ordered_context_list)
+ hidden_proto(get_ordered_context_list_with_level)
+ hidden_proto(get_default_context_with_role)
diff --git a/libselinux/src/get_default_type.c b/libselinux/src/get_default_type.c
new file mode 100644
index 0000000..6fd1681
--- /dev/null
+++ b/libselinux/src/get_default_type.c
@@ -0,0 +1,65 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include "get_default_type_internal.h"
+
+static int find_default_type(FILE * fp, const char *role, char **type);
+
+int get_default_type(const char *role, char **type)
+{
+ FILE *fp = NULL;
+
+ fp = fopen(selinux_default_type_path(), "r");
+ if (!fp)
+ return -1;
+
+ if (find_default_type(fp, role, type) < 0) {
+ fclose(fp);
+ return -1;
+ }
+
+ fclose(fp);
+ return 0;
+}
+
+static int find_default_type(FILE * fp, const char *role, char **type)
+{
+ char buf[250];
+ char *ptr = "", *end, *t;
+ size_t len;
+ int found = 0;
+
+ len = strlen(role);
+ while (!feof_unlocked(fp)) {
+ if (!fgets_unlocked(buf, sizeof buf, fp))
+ return -1;
+ if (buf[strlen(buf) - 1])
+ buf[strlen(buf) - 1] = 0;
+
+ ptr = buf;
+ while (*ptr && isspace(*ptr))
+ ptr++;
+ if (!(*ptr))
+ continue;
+
+ if (!strncmp(role, ptr, len)) {
+ end = ptr + len;
+ if (*end == ':') {
+ found = 1;
+ ptr = ++end;
+ break;
+ }
+ }
+ }
+
+ if (!found)
+ return -1;
+
+ t = malloc(strlen(buf) - len);
+ if (!t)
+ return -1;
+ strcpy(t, ptr);
+ *type = t;
+ return 0;
+}
diff --git a/libselinux/src/get_default_type_internal.h b/libselinux/src/get_default_type_internal.h
new file mode 100644
index 0000000..0da3c51
--- /dev/null
+++ b/libselinux/src/get_default_type_internal.h
@@ -0,0 +1,4 @@
+#include <selinux/get_default_type.h>
+#include "dso.h"
+
+hidden_proto(selinux_default_type_path)
diff --git a/libselinux/src/get_initial_context.c b/libselinux/src/get_initial_context.c
new file mode 100644
index 0000000..1676435
--- /dev/null
+++ b/libselinux/src/get_initial_context.c
@@ -0,0 +1,72 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <limits.h>
+
+#define SELINUX_INITCON_DIR "/initial_contexts/"
+
+int security_get_initial_context_raw(const char * name, security_context_t * con)
+{
+ char path[PATH_MAX];
+ char *buf;
+ size_t size;
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s%s%s",
+ selinux_mnt, SELINUX_INITCON_DIR, name);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ memset(buf, 0, size);
+ ret = read(fd, buf, size - 1);
+ if (ret < 0)
+ goto out2;
+
+ *con = strdup(buf);
+ if (!(*con)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden_def(security_get_initial_context_raw)
+
+int security_get_initial_context(const char * name, security_context_t * con)
+{
+ int ret;
+ security_context_t rcon;
+
+ ret = security_get_initial_context_raw(name, &rcon);
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcon, con);
+ freecon(rcon);
+ }
+
+ return ret;
+}
+
+hidden_def(security_get_initial_context)
diff --git a/libselinux/src/getenforce.c b/libselinux/src/getenforce.c
new file mode 100644
index 0000000..4fb516a
--- /dev/null
+++ b/libselinux/src/getenforce.c
@@ -0,0 +1,40 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <stdio.h>
+#include <limits.h>
+
+int security_getenforce(void)
+{
+ int fd, ret, enforce = 0;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ return -1;
+
+ memset(buf, 0, sizeof buf);
+ ret = read(fd, buf, sizeof buf - 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ if (sscanf(buf, "%d", &enforce) != 1)
+ return -1;
+
+ return enforce;
+}
+
+hidden_def(security_getenforce)
diff --git a/libselinux/src/getfilecon.c b/libselinux/src/getfilecon.c
new file mode 100644
index 0000000..67e4463
--- /dev/null
+++ b/libselinux/src/getfilecon.c
@@ -0,0 +1,73 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "policy.h"
+
+int getfilecon_raw(const char *path, security_context_t * context)
+{
+ char *buf;
+ ssize_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ size = getxattr(path, XATTR_NAME_SELINUX, NULL, 0);
+ if (size < 0)
+ goto out;
+
+ size++;
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = getxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ }
+ out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(getfilecon_raw)
+
+int getfilecon(const char *path, security_context_t * context)
+{
+ int ret;
+ security_context_t rcontext;
+
+ *context = NULL;
+
+ ret = getfilecon_raw(path, &rcontext);
+
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
+
+ return ret;
+}
+
+hidden_def(getfilecon)
diff --git a/libselinux/src/getpeercon.c b/libselinux/src/getpeercon.c
new file mode 100644
index 0000000..5c01ed5
--- /dev/null
+++ b/libselinux/src/getpeercon.c
@@ -0,0 +1,61 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/socket.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+#ifndef SO_PEERSEC
+#define SO_PEERSEC 31
+#endif
+
+int getpeercon_raw(int fd, security_context_t * context)
+{
+ char *buf;
+ socklen_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &size);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, buf, &size);
+ }
+ out:
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(getpeercon_raw)
+
+int getpeercon(int fd, security_context_t * context)
+{
+ int ret;
+ security_context_t rcontext;
+
+ ret = getpeercon_raw(fd, &rcontext);
+
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ return ret;
+}
diff --git a/libselinux/src/init.c b/libselinux/src/init.c
new file mode 100644
index 0000000..9cdbb06
--- /dev/null
+++ b/libselinux/src/init.c
@@ -0,0 +1,128 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <ctype.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <dlfcn.h>
+#include <sys/vfs.h>
+#include <stdint.h>
+#include <limits.h>
+
+#include "dso.h"
+#include "policy.h"
+#include "selinux_internal.h"
+#include "setrans_internal.h"
+
+char *selinux_mnt = NULL;
+int selinux_page_size = 0;
+int obj_class_compat = 1;
+
+static void init_selinuxmnt(void)
+{
+ char *buf=NULL, *p;
+ FILE *fp;
+ struct statfs sfbuf;
+ int rc;
+ size_t len;
+ ssize_t num;
+
+ if (selinux_mnt)
+ return;
+
+ /* We check to see if the preferred mount point for selinux file
+ * system has a selinuxfs. */
+ do {
+ rc = statfs(SELINUXMNT, &sfbuf);
+ } while (rc < 0 && errno == EINTR);
+ if (rc == 0) {
+ if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) {
+ selinux_mnt = strdup(SELINUXMNT);
+ return;
+ }
+ }
+
+ /* At this point, the usual spot doesn't have an selinuxfs so
+ * we look around for it */
+ fp = fopen("/proc/mounts", "r");
+ if (!fp)
+ return;
+
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while ((num = getline(&buf, &len, fp)) != -1) {
+ char *tmp;
+ p = strchr(buf, ' ');
+ if (!p)
+ goto out;
+ p++;
+ tmp = strchr(p, ' ');
+ if (!tmp)
+ goto out;
+ if (!strncmp(tmp + 1, "selinuxfs ", 10)) {
+ *tmp = '\0';
+ break;
+ }
+ }
+
+ /* If we found something, dup it */
+ if (num > 0)
+ selinux_mnt = strdup(p);
+
+ out:
+ free(buf);
+ fclose(fp);
+ return;
+}
+
+static void fini_selinuxmnt(void)
+{
+ free(selinux_mnt);
+ selinux_mnt = NULL;
+}
+
+void set_selinuxmnt(char *mnt)
+{
+ selinux_mnt = strdup(mnt);
+}
+
+hidden_def(set_selinuxmnt)
+
+static void init_obj_class_compat(void)
+{
+ char path[PATH_MAX];
+ struct stat s;
+
+ if (!selinux_mnt)
+ return;
+
+ snprintf(path,PATH_MAX,"%s/class",selinux_mnt);
+ if (stat(path,&s) < 0)
+ return;
+
+ if (S_ISDIR(s.st_mode))
+ obj_class_compat = 0;
+}
+
+static void fini_obj_class_compat(void)
+{
+ obj_class_compat = 1;
+}
+
+static void init_lib(void) __attribute__ ((constructor));
+static void init_lib(void)
+{
+ selinux_page_size = sysconf(_SC_PAGE_SIZE);
+ init_selinuxmnt();
+ init_obj_class_compat();
+ init_context_translations();
+}
+
+static void fini_lib(void) __attribute__ ((destructor));
+static void fini_lib(void)
+{
+ fini_selinuxmnt();
+ fini_obj_class_compat();
+ fini_context_translations();
+}
diff --git a/libselinux/src/is_customizable_type.c b/libselinux/src/is_customizable_type.c
new file mode 100644
index 0000000..6785405
--- /dev/null
+++ b/libselinux/src/is_customizable_type.c
@@ -0,0 +1,93 @@
+#include <unistd.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <ctype.h>
+#include <pwd.h>
+#include <limits.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+static int get_customizable_type_list(security_context_t ** retlist)
+{
+ FILE *fp;
+ char *buf;
+ unsigned int ctr = 0, i;
+ security_context_t *list = NULL;
+
+ fp = fopen(selinux_customizable_types_path(), "r");
+ if (!fp)
+ return -1;
+
+ buf = malloc(selinux_page_size);
+ if (!buf) {
+ fclose(fp);
+ return -1;
+ }
+ while (fgets_unlocked(buf, selinux_page_size, fp) && ctr < UINT_MAX) {
+ ctr++;
+ }
+ rewind(fp);
+ if (ctr) {
+ list =
+ (security_context_t *) calloc(sizeof(security_context_t),
+ ctr + 1);
+ if (list) {
+ i = 0;
+ while (fgets_unlocked(buf, selinux_page_size, fp)
+ && i < ctr) {
+ buf[strlen(buf) - 1] = 0;
+ list[i] = (security_context_t) strdup(buf);
+ if (!list[i]) {
+ unsigned int j;
+ for (j = 0; j < i; j++)
+ free(list[j]);
+ free(list);
+ list = NULL;
+ break;
+ }
+ i++;
+ }
+ }
+ }
+ fclose(fp);
+ free(buf);
+ if (!list)
+ return -1;
+ *retlist = list;
+ return 0;
+}
+
+static security_context_t *customizable_list = NULL;
+
+int is_context_customizable(security_context_t scontext)
+{
+ int i;
+ const char *type;
+ context_t c;
+
+ if (!customizable_list) {
+ if (get_customizable_type_list(&customizable_list) != 0)
+ return -1;
+ }
+
+ c = context_new(scontext);
+ if (!c)
+ return -1;
+
+ type = context_type_get(c);
+ if (!type) {
+ context_free(c);
+ return -1;
+ }
+
+ for (i = 0; customizable_list[i]; i++) {
+ if (strcmp(customizable_list[i], type) == 0) {
+ context_free(c);
+ return 1;
+ }
+ }
+ context_free(c);
+ return 0;
+}
diff --git a/libselinux/src/label.c b/libselinux/src/label.c
new file mode 100644
index 0000000..f7418d6
--- /dev/null
+++ b/libselinux/src/label.c
@@ -0,0 +1,140 @@
+/*
+ * Generalized labeling frontend for userspace object managers.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+
+#include <sys/types.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+typedef int (*selabel_initfunc)(struct selabel_handle *rec,
+ struct selinux_opt *opts, unsigned nopts);
+
+static selabel_initfunc initfuncs[] = {
+ &selabel_file_init,
+ &selabel_media_init,
+ &selabel_x_init
+};
+
+/*
+ * Validation functions
+ */
+
+static inline int selabel_is_validate_set(struct selinux_opt *opts, unsigned n)
+{
+ while (n--)
+ if (opts[n].type == SELABEL_OPT_VALIDATE)
+ return !!opts[n].value;
+
+ return 0;
+}
+
+int selabel_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts)
+{
+ int rc = 0;
+
+ if (!rec->validating || contexts->validated)
+ goto out;
+
+ rc = selinux_validate(&contexts->ctx_raw);
+ if (rc < 0)
+ goto out;
+
+ contexts->validated = 1;
+out:
+ return rc;
+}
+
+/*
+ * Public API
+ */
+
+struct selabel_handle *selabel_open(unsigned int backend,
+ struct selinux_opt *opts, unsigned nopts)
+{
+ struct selabel_handle *rec = NULL;
+
+ if (backend >= ARRAY_SIZE(initfuncs)) {
+ errno = EINVAL;
+ goto out;
+ }
+
+ rec = (struct selabel_handle *)malloc(sizeof(*rec));
+ if (!rec)
+ goto out;
+
+ memset(rec, 0, sizeof(*rec));
+ rec->backend = backend;
+ rec->validating = selabel_is_validate_set(opts, nopts);
+
+ if ((*initfuncs[backend])(rec, opts, nopts)) {
+ free(rec);
+ rec = NULL;
+ }
+
+out:
+ return rec;
+}
+
+static struct selabel_lookup_rec *
+selabel_lookup_common(struct selabel_handle *rec, int translating,
+ const char *key, int type)
+{
+ struct selabel_lookup_rec *lr = rec->func_lookup(rec, key, type);
+ if (!lr)
+ return NULL;
+
+ if (compat_validate(rec, lr, "file_contexts", 0))
+ return NULL;
+
+ if (translating && !lr->ctx_trans &&
+ selinux_raw_to_trans_context(lr->ctx_raw, &lr->ctx_trans))
+ return NULL;
+
+ return lr;
+}
+
+int selabel_lookup(struct selabel_handle *rec, security_context_t *con,
+ const char *key, int type)
+{
+ struct selabel_lookup_rec *lr;
+
+ lr = selabel_lookup_common(rec, 1, key, type);
+ if (!lr)
+ return -1;
+
+ *con = strdup(lr->ctx_trans);
+ return *con ? 0 : -1;
+}
+
+int selabel_lookup_raw(struct selabel_handle *rec, security_context_t *con,
+ const char *key, int type)
+{
+ struct selabel_lookup_rec *lr;
+
+ lr = selabel_lookup_common(rec, 0, key, type);
+ if (!lr)
+ return -1;
+
+ *con = strdup(lr->ctx_raw);
+ return *con ? 0 : -1;
+}
+
+void selabel_close(struct selabel_handle *rec)
+{
+ rec->func_close(rec);
+ free(rec);
+}
+
+void selabel_stats(struct selabel_handle *rec)
+{
+ rec->func_stats(rec);
+}
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
new file mode 100644
index 0000000..5043f09
--- /dev/null
+++ b/libselinux/src/label_file.c
@@ -0,0 +1,672 @@
+/*
+ * File contexts backend for labeling system
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ * Author : Stephen Smalley <sds@tycho.nsa.gov>
+ *
+ * This library derived in part from setfiles and the setfiles.pl script
+ * developed by Secure Computing Corporation.
+ */
+
+#include <fcntl.h>
+#include <stdarg.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <regex.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+/*
+ * Internals, mostly moved over from matchpathcon.c
+ */
+
+/* A file security context specification. */
+typedef struct spec {
+ struct selabel_lookup_rec lr; /* holds contexts for lookup result */
+ char *regex_str; /* regular expession string for diagnostics */
+ char *type_str; /* type string for diagnostic messages */
+ regex_t regex; /* compiled regular expression */
+ char regcomp; /* regex_str has been compiled to regex */
+ mode_t mode; /* mode format value */
+ int matches; /* number of matching pathnames */
+ int hasMetaChars; /* regular expression has meta-chars */
+ int stem_id; /* indicates which stem-compression item */
+} spec_t;
+
+/* A regular expression stem */
+typedef struct stem {
+ char *buf;
+ int len;
+} stem_t;
+
+/* Our stored configuration */
+struct saved_data {
+ /*
+ * The array of specifications, initially in the same order as in
+ * the specification file. Sorting occurs based on hasMetaChars.
+ */
+ spec_t *spec_arr;
+ unsigned int nspec;
+ unsigned int ncomp;
+
+ /*
+ * The array of regular expression stems.
+ */
+ stem_t *stem_arr;
+ int num_stems;
+ int alloc_stems;
+};
+
+/* Return the length of the text that can be considered the stem, returns 0
+ * if there is no identifiable stem */
+static int get_stem_from_spec(const char *const buf)
+{
+ const char *tmp = strchr(buf + 1, '/');
+ const char *ind;
+
+ if (!tmp)
+ return 0;
+
+ for (ind = buf; ind < tmp; ind++) {
+ if (strchr(".^$?*+|[({", (int)*ind))
+ return 0;
+ }
+ return tmp - buf;
+}
+
+/* return the length of the text that is the stem of a file name */
+static int get_stem_from_file_name(const char *const buf)
+{
+ const char *tmp = strchr(buf + 1, '/');
+
+ if (!tmp)
+ return 0;
+ return tmp - buf;
+}
+
+/* find the stem of a file spec, returns the index into stem_arr for a new
+ * or existing stem, (or -1 if there is no possible stem - IE for a file in
+ * the root directory or a regex that is too complex for us). */
+static int find_stem_from_spec(struct saved_data *data, const char *buf)
+{
+ int i, num = data->num_stems;
+ int stem_len = get_stem_from_spec(buf);
+
+ if (!stem_len)
+ return -1;
+ for (i = 0; i < num; i++) {
+ if (stem_len == data->stem_arr[i].len
+ && !strncmp(buf, data->stem_arr[i].buf, stem_len))
+ return i;
+ }
+ if (data->alloc_stems == num) {
+ stem_t *tmp_arr;
+ data->alloc_stems = data->alloc_stems * 2 + 16;
+ tmp_arr = realloc(data->stem_arr,
+ sizeof(stem_t) * data->alloc_stems);
+ if (!tmp_arr)
+ return -1;
+ data->stem_arr = tmp_arr;
+ }
+ data->stem_arr[num].len = stem_len;
+ data->stem_arr[num].buf = malloc(stem_len + 1);
+ if (!data->stem_arr[num].buf)
+ return -1;
+ memcpy(data->stem_arr[num].buf, buf, stem_len);
+ data->stem_arr[num].buf[stem_len] = '\0';
+ data->num_stems++;
+ buf += stem_len;
+ return num;
+}
+
+/* find the stem of a file name, returns the index into stem_arr (or -1 if
+ * there is no match - IE for a file in the root directory or a regex that is
+ * too complex for us). Makes buf point to the text AFTER the stem. */
+static int find_stem_from_file(struct saved_data *data, const char **buf)
+{
+ int i;
+ int stem_len = get_stem_from_file_name(*buf);
+
+ if (!stem_len)
+ return -1;
+ for (i = 0; i < data->num_stems; i++) {
+ if (stem_len == data->stem_arr[i].len
+ && !strncmp(*buf, data->stem_arr[i].buf, stem_len)) {
+ *buf += stem_len;
+ return i;
+ }
+ }
+ return -1;
+}
+
+/*
+ * Warn about duplicate specifications.
+ */
+static int nodups_specs(struct saved_data *data, const char *path)
+{
+ int rc = 0;
+ unsigned int ii, jj;
+ struct spec *curr_spec, *spec_arr = data->spec_arr;
+
+ for (ii = 0; ii < data->nspec; ii++) {
+ curr_spec = &spec_arr[ii];
+ for (jj = ii + 1; jj < data->nspec; jj++) {
+ if ((!strcmp
+ (spec_arr[jj].regex_str, curr_spec->regex_str))
+ && (!spec_arr[jj].mode || !curr_spec->mode
+ || spec_arr[jj].mode == curr_spec->mode)) {
+ rc = -1;
+ errno = EINVAL;
+ if (strcmp
+ (spec_arr[jj].lr.ctx_raw,
+ curr_spec->lr.ctx_raw)) {
+ COMPAT_LOG
+ (SELINUX_ERROR,
+ "%s: Multiple different specifications for %s (%s and %s).\n",
+ path, curr_spec->regex_str,
+ spec_arr[jj].lr.ctx_raw,
+ curr_spec->lr.ctx_raw);
+ } else {
+ COMPAT_LOG
+ (SELINUX_ERROR,
+ "%s: Multiple same specifications for %s.\n",
+ path, curr_spec->regex_str);
+ }
+ }
+ }
+ }
+ return rc;
+}
+
+/* Determine if the regular expression specification has any meta characters. */
+static void spec_hasMetaChars(struct spec *spec)
+{
+ char *c;
+ int len;
+ char *end;
+
+ c = spec->regex_str;
+ len = strlen(spec->regex_str);
+ end = c + len;
+
+ spec->hasMetaChars = 0;
+
+ /* Look at each character in the RE specification string for a
+ * meta character. Return when any meta character reached. */
+ while (c != end) {
+ switch (*c) {
+ case '.':
+ case '^':
+ case '$':
+ case '?':
+ case '*':
+ case '+':
+ case '|':
+ case '[':
+ case '(':
+ case '{':
+ spec->hasMetaChars = 1;
+ return;
+ case '\\': /* skip the next character */
+ c++;
+ break;
+ default:
+ break;
+
+ }
+ c++;
+ }
+ return;
+}
+
+static int compile_regex(struct saved_data *data, spec_t *spec, char **errbuf)
+{
+ char *reg_buf, *anchored_regex, *cp;
+ stem_t *stem_arr = data->stem_arr;
+ size_t len;
+ int regerr;
+
+ if (spec->regcomp)
+ return 0; /* already done */
+
+ data->ncomp++; /* how many compiled regexes required */
+
+ /* Skip the fixed stem. */
+ reg_buf = spec->regex_str;
+ if (spec->stem_id >= 0)
+ reg_buf += stem_arr[spec->stem_id].len;
+
+ /* Anchor the regular expression. */
+ len = strlen(reg_buf);
+ cp = anchored_regex = malloc(len + 3);
+ if (!anchored_regex)
+ return -1;
+ /* Create ^...$ regexp. */
+ *cp++ = '^';
+ cp = mempcpy(cp, reg_buf, len);
+ *cp++ = '$';
+ *cp = '\0';
+
+ /* Compile the regular expression. */
+ regerr = regcomp(&spec->regex, anchored_regex,
+ REG_EXTENDED | REG_NOSUB);
+ if (regerr != 0) {
+ size_t errsz = 0;
+ errsz = regerror(regerr, &spec->regex, NULL, 0);
+ if (errsz && errbuf)
+ *errbuf = malloc(errsz);
+ if (errbuf && *errbuf)
+ (void)regerror(regerr, &spec->regex,
+ *errbuf, errsz);
+
+ free(anchored_regex);
+ return -1;
+ }
+ free(anchored_regex);
+
+ /* Done. */
+ spec->regcomp = 1;
+
+ return 0;
+}
+
+
+static int process_line(struct selabel_handle *rec,
+ const char *path, const char *prefix,
+ char *line_buf, int pass, unsigned lineno)
+{
+ int items, len;
+ char *buf_p, *regex, *type, *context;
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ unsigned int nspec = data->nspec;
+
+ len = strlen(line_buf);
+ if (line_buf[len - 1] == '\n')
+ line_buf[len - 1] = 0;
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+ items = sscanf(line_buf, "%as %as %as", ®ex, &type, &context);
+ if (items < 2) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d is missing fields, skipping\n", path,
+ lineno);
+ return 0;
+ } else if (items == 2) {
+ /* The type field is optional. */
+ free(context);
+ context = type;
+ type = 0;
+ }
+
+ len = get_stem_from_spec(regex);
+ if (len && prefix && strncmp(prefix, regex, len)) {
+ /* Stem of regex does not match requested prefix, discard. */
+ free(regex);
+ free(type);
+ free(context);
+ return 0;
+ }
+
+ if (pass == 1) {
+ /* On the second pass, process and store the specification in spec. */
+ char *errbuf = NULL;
+ spec_arr[nspec].stem_id = find_stem_from_spec(data, regex);
+ spec_arr[nspec].regex_str = regex;
+ if (rec->validating && compile_regex(data, &spec_arr[nspec], &errbuf)) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid regex %s: %s\n",
+ path, lineno, regex,
+ (errbuf ? errbuf : "out of memory"));
+ }
+
+ /* Convert the type string to a mode format */
+ spec_arr[nspec].type_str = type;
+ spec_arr[nspec].mode = 0;
+ if (!type)
+ goto skip_type;
+ len = strlen(type);
+ if (type[0] != '-' || len != 2) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid file type %s\n",
+ path, lineno, type);
+ return 0;
+ }
+ switch (type[1]) {
+ case 'b':
+ spec_arr[nspec].mode = S_IFBLK;
+ break;
+ case 'c':
+ spec_arr[nspec].mode = S_IFCHR;
+ break;
+ case 'd':
+ spec_arr[nspec].mode = S_IFDIR;
+ break;
+ case 'p':
+ spec_arr[nspec].mode = S_IFIFO;
+ break;
+ case 'l':
+ spec_arr[nspec].mode = S_IFLNK;
+ break;
+ case 's':
+ spec_arr[nspec].mode = S_IFSOCK;
+ break;
+ case '-':
+ spec_arr[nspec].mode = S_IFREG;
+ break;
+ default:
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid file type %s\n",
+ path, lineno, type);
+ return 0;
+ }
+
+ skip_type:
+ spec_arr[nspec].lr.ctx_raw = context;
+
+ /* Determine if specification has
+ * any meta characters in the RE */
+ spec_hasMetaChars(&spec_arr[nspec]);
+
+ if (strcmp(context, "<<none>>") && rec->validating)
+ compat_validate(rec, &spec_arr[nspec].lr, path, lineno);
+ }
+
+ data->nspec = ++nspec;
+ if (pass == 0) {
+ free(regex);
+ if (type)
+ free(type);
+ free(context);
+ }
+ return 0;
+}
+
+static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned n)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ const char *path = NULL;
+ const char *prefix = NULL;
+ FILE *fp;
+ FILE *localfp = NULL;
+ FILE *homedirfp = NULL;
+ char local_path[PATH_MAX + 1];
+ char homedir_path[PATH_MAX + 1];
+ char *line_buf = NULL;
+ size_t line_len = 0;
+ unsigned int lineno, pass, i, j, maxnspec;
+ spec_t *spec_copy = NULL;
+ int status = -1, baseonly = 0;
+ struct stat sb;
+
+ /* Process arguments */
+ while (n--)
+ switch(opts[n].type) {
+ case SELABEL_OPT_PATH:
+ path = opts[n].value;
+ break;
+ case SELABEL_OPT_SUBSET:
+ prefix = opts[n].value;
+ break;
+ case SELABEL_OPT_BASEONLY:
+ baseonly = !!opts[n].value;
+ break;
+ }
+
+ /* Open the specification file. */
+ if (!path)
+ path = selinux_file_context_path();
+ if ((fp = fopen(path, "r")) == NULL)
+ return -1;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+
+ if (fstat(fileno(fp), &sb) < 0)
+ return -1;
+ if (!S_ISREG(sb.st_mode)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ if (!baseonly) {
+ snprintf(homedir_path, sizeof(homedir_path), "%s.homedirs",
+ path);
+ homedirfp = fopen(homedir_path, "r");
+ if (homedirfp != NULL)
+ __fsetlocking(homedirfp, FSETLOCKING_BYCALLER);
+
+ snprintf(local_path, sizeof(local_path), "%s.local", path);
+ localfp = fopen(local_path, "r");
+ if (localfp != NULL)
+ __fsetlocking(localfp, FSETLOCKING_BYCALLER);
+ }
+
+ /*
+ * Perform two passes over the specification file.
+ * The first pass counts the number of specifications and
+ * performs simple validation of the input. At the end
+ * of the first pass, the spec array is allocated.
+ * The second pass performs detailed validation of the input
+ * and fills in the spec array.
+ */
+ maxnspec = UINT_MAX / sizeof(spec_t);
+ for (pass = 0; pass < 2; pass++) {
+ lineno = 0;
+ data->nspec = 0;
+ data->ncomp = 0;
+ while (getline(&line_buf, &line_len, fp) > 0
+ && data->nspec < maxnspec) {
+ if (process_line(rec, path, prefix, line_buf,
+ pass, ++lineno) != 0)
+ goto finish;
+ }
+ if (pass == 1) {
+ status = nodups_specs(data, path);
+ if (status)
+ goto finish;
+ }
+ lineno = 0;
+ if (homedirfp)
+ while (getline(&line_buf, &line_len, homedirfp) > 0
+ && data->nspec < maxnspec) {
+ if (process_line
+ (rec, homedir_path, prefix,
+ line_buf, pass, ++lineno) != 0)
+ goto finish;
+ }
+
+ lineno = 0;
+ if (localfp)
+ while (getline(&line_buf, &line_len, localfp) > 0
+ && data->nspec < maxnspec) {
+ if (process_line
+ (rec, local_path, prefix, line_buf,
+ pass, ++lineno) != 0)
+ goto finish;
+ }
+
+ if (pass == 0) {
+ if (data->nspec == 0) {
+ status = 0;
+ goto finish;
+ }
+ if (NULL == (data->spec_arr =
+ malloc(sizeof(spec_t) * data->nspec)))
+ goto finish;
+ memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ maxnspec = data->nspec;
+ rewind(fp);
+ if (homedirfp)
+ rewind(homedirfp);
+ if (localfp)
+ rewind(localfp);
+ }
+ }
+ free(line_buf);
+
+ /* Move exact pathname specifications to the end. */
+ spec_copy = malloc(sizeof(spec_t) * data->nspec);
+ if (!spec_copy)
+ goto finish;
+ j = 0;
+ for (i = 0; i < data->nspec; i++)
+ if (data->spec_arr[i].hasMetaChars)
+ memcpy(&spec_copy[j++],
+ &data->spec_arr[i], sizeof(spec_t));
+ for (i = 0; i < data->nspec; i++)
+ if (!data->spec_arr[i].hasMetaChars)
+ memcpy(&spec_copy[j++],
+ &data->spec_arr[i], sizeof(spec_t));
+ free(data->spec_arr);
+ data->spec_arr = spec_copy;
+
+ status = 0;
+finish:
+ fclose(fp);
+ if (data->spec_arr != spec_copy)
+ free(data->spec_arr);
+ if (homedirfp)
+ fclose(homedirfp);
+ if (localfp)
+ fclose(localfp);
+ return status;
+}
+
+/*
+ * Backend interface routines
+ */
+static void close(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ struct spec *spec;
+ struct stem *stem;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ spec = &data->spec_arr[i];
+ free(spec->regex_str);
+ free(spec->type_str);
+ free(spec->lr.ctx_raw);
+ free(spec->lr.ctx_trans);
+ regfree(&spec->regex);
+ }
+
+ for (i = 0; i < (unsigned int)data->num_stems; i++) {
+ stem = &data->stem_arr[i];
+ free(stem->buf);
+ }
+
+ if (data->spec_arr)
+ free(data->spec_arr);
+ if (data->stem_arr)
+ free(data->stem_arr);
+
+ free(data);
+}
+
+static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
+ const char *key, int type)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ int i, rc, file_stem;
+ mode_t mode = (mode_t)type;
+ const char *buf = key;
+
+ if (!data->nspec) {
+ errno = ENOENT;
+ return NULL;
+ }
+
+ file_stem = find_stem_from_file(data, &buf);
+ mode &= S_IFMT;
+
+ /*
+ * Check for matching specifications in reverse order, so that
+ * the last matching specification is used.
+ */
+ for (i = data->nspec - 1; i >= 0; i--) {
+ /* if the spec in question matches no stem or has the same
+ * stem as the file AND if the spec in question has no mode
+ * specified or if the mode matches the file mode then we do
+ * a regex check */
+ if ((spec_arr[i].stem_id == -1
+ || spec_arr[i].stem_id == file_stem)
+ && (!mode || !spec_arr[i].mode
+ || mode == spec_arr[i].mode)) {
+ if (compile_regex(data, &spec_arr[i], NULL) < 0)
+ return NULL;
+ if (spec_arr[i].stem_id == -1)
+ rc = regexec(&spec_arr[i].regex, key, 0, 0, 0);
+ else
+ rc = regexec(&spec_arr[i].regex, buf, 0, 0, 0);
+
+ if (rc == 0) {
+ spec_arr[i].matches++;
+ break;
+ }
+ if (rc == REG_NOMATCH)
+ continue;
+ /* else it's an error */
+ return NULL;
+ }
+ }
+
+ if (i < 0 || strcmp(spec_arr[i].lr.ctx_raw, "<<none>>") == 0) {
+ /* No matching specification. */
+ errno = ENOENT;
+ return NULL;
+ }
+
+ return &spec_arr[i].lr;
+}
+
+static void stats(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ unsigned int i, nspec = data->nspec;
+ spec_t *spec_arr = data->spec_arr;
+
+ for (i = 0; i < nspec; i++) {
+ if (spec_arr[i].matches == 0) {
+ if (spec_arr[i].type_str) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "Warning! No matches for (%s, %s, %s)\n",
+ spec_arr[i].regex_str,
+ spec_arr[i].type_str,
+ spec_arr[i].lr.ctx_raw);
+ } else {
+ COMPAT_LOG(SELINUX_WARNING,
+ "Warning! No matches for (%s, %s)\n",
+ spec_arr[i].regex_str,
+ spec_arr[i].lr.ctx_raw);
+ }
+ }
+ }
+}
+
+int selabel_file_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts)
+{
+ struct saved_data *data;
+
+ data = (struct saved_data *)malloc(sizeof(*data));
+ if (!data)
+ return -1;
+ memset(data, 0, sizeof(*data));
+
+ rec->data = data;
+ rec->func_close = &close;
+ rec->func_stats = &stats;
+ rec->func_lookup = &lookup;
+
+ return init(rec, opts, nopts);
+}
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
new file mode 100644
index 0000000..27a1f06
--- /dev/null
+++ b/libselinux/src/label_internal.h
@@ -0,0 +1,75 @@
+/*
+ * This file describes the internal interface used by the labeler
+ * for calling the user-supplied memory allocation, validation,
+ * and locking routine.
+ *
+ * Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
+ */
+#ifndef _SELABEL_INTERNAL_H_
+#define _SELABEL_INTERNAL_H_
+
+#include <stdlib.h>
+#include <stdarg.h>
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+#include "dso.h"
+
+/*
+ * Installed backends
+ */
+int selabel_file_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts) hidden;
+int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts) hidden;
+int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts) hidden;
+
+/*
+ * Labeling internal structures
+ */
+struct selabel_lookup_rec {
+ security_context_t ctx_raw;
+ security_context_t ctx_trans;
+ int validated;
+};
+
+struct selabel_handle {
+ /* arguments that were passed to selabel_open */
+ unsigned int backend;
+ int validating;
+
+ /* labeling operations */
+ struct selabel_lookup_rec *(*func_lookup) (struct selabel_handle *h,
+ const char *key, int type);
+ void (*func_close) (struct selabel_handle *h);
+ void (*func_stats) (struct selabel_handle *h);
+
+ /* supports backend-specific state information */
+ void *data;
+};
+
+/*
+ * Validation function
+ */
+extern int
+selabel_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts) hidden;
+
+/*
+ * Compatibility support
+ */
+extern int myprintf_compat;
+extern void __attribute__ ((format(printf, 1, 2)))
+(*myprintf) (const char *fmt,...);
+
+#define COMPAT_LOG(type, fmt...) if (myprintf_compat) \
+ myprintf(fmt); \
+ else \
+ selinux_log(type, fmt);
+
+extern int
+compat_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts,
+ const char *path, unsigned lineno) hidden;
+
+#endif /* _SELABEL_INTERNAL_H_ */
diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
new file mode 100644
index 0000000..f8986e4
--- /dev/null
+++ b/libselinux/src/label_media.c
@@ -0,0 +1,219 @@
+/*
+ * Media contexts backend for labeling system
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ */
+
+#include <sys/stat.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+/*
+ * Internals
+ */
+
+/* A context specification. */
+typedef struct spec {
+ struct selabel_lookup_rec lr; /* holds contexts for lookup result */
+ char *key; /* key string */
+ int matches; /* number of matches made during operation */
+} spec_t;
+
+struct saved_data {
+ unsigned int nspec;
+ spec_t *spec_arr;
+};
+
+static int process_line(const char *path, char *line_buf, int pass,
+ unsigned lineno, struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ int items;
+ char *buf_p;
+ char *key, *context;
+
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+ items = sscanf(line_buf, "%as %as ", &key, &context);
+ if (items < 2) {
+ selinux_log(SELINUX_WARNING,
+ "%s: line %d is missing fields, skipping\n", path,
+ lineno);
+ if (items == 1)
+ free(key);
+ return 0;
+ }
+
+ if (pass == 1) {
+ data->spec_arr[data->nspec].key = key;
+ data->spec_arr[data->nspec].lr.ctx_raw = context;
+ }
+
+ data->nspec++;
+ if (pass == 0) {
+ free(key);
+ free(context);
+ }
+ return 0;
+}
+
+static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned n)
+{
+ FILE *fp;
+ struct saved_data *data = (struct saved_data *)rec->data;
+ const char *path = NULL;
+ char *line_buf = NULL;
+ size_t line_len = 0;
+ int status = -1;
+ unsigned int lineno, pass, maxnspec;
+ struct stat sb;
+
+ /* Process arguments */
+ while (n--)
+ switch(opts[n].type) {
+ case SELABEL_OPT_PATH:
+ path = opts[n].value;
+ break;
+ }
+
+ /* Open the specification file. */
+ if (!path)
+ path = selinux_media_context_path();
+ if ((fp = fopen(path, "r")) == NULL)
+ return -1;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+
+ if (fstat(fileno(fp), &sb) < 0)
+ return -1;
+ if (!S_ISREG(sb.st_mode)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /*
+ * Perform two passes over the specification file.
+ * The first pass counts the number of specifications and
+ * performs simple validation of the input. At the end
+ * of the first pass, the spec array is allocated.
+ * The second pass performs detailed validation of the input
+ * and fills in the spec array.
+ */
+ maxnspec = UINT_MAX / sizeof(spec_t);
+ for (pass = 0; pass < 2; pass++) {
+ lineno = 0;
+ data->nspec = 0;
+ while (getline(&line_buf, &line_len, fp) > 0 &&
+ data->nspec < maxnspec) {
+ if (process_line(path, line_buf, pass, ++lineno, rec))
+ goto finish;
+ }
+ lineno = 0;
+
+ if (pass == 0) {
+ if (data->nspec == 0) {
+ status = 0;
+ goto finish;
+ }
+ data->spec_arr = malloc(sizeof(spec_t)*data->nspec);
+ if (data->spec_arr == NULL)
+ goto finish;
+ memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ maxnspec = data->nspec;
+ rewind(fp);
+ }
+ }
+ free(line_buf);
+
+ status = 0;
+finish:
+ fclose(fp);
+ return status;
+}
+
+/*
+ * Backend interface routines
+ */
+static void close(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ struct spec *spec, *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ spec = &spec_arr[i];
+ free(spec->key);
+ free(spec->lr.ctx_raw);
+ free(spec->lr.ctx_trans);
+ }
+
+ if (spec_arr)
+ free(spec_arr);
+
+ memset(data, 0, sizeof(*data));
+}
+
+static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
+ const char *key,
+ int type __attribute__((unused)))
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ if (!strncmp(spec_arr[i].key, key, strlen(key) + 1))
+ break;
+ if (!strncmp(spec_arr[i].key, "*", 2))
+ break;
+ }
+
+ if (i >= data->nspec) {
+ /* No matching specification. */
+ errno = ENOENT;
+ return NULL;
+ }
+
+ spec_arr[i].matches++;
+ return &spec_arr[i].lr;
+}
+
+static void stats(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ unsigned int i, total = 0;
+
+ for (i = 0; i < data->nspec; i++)
+ total += data->spec_arr[i].matches;
+
+ selinux_log(SELINUX_INFO, "%u entries, %u matches made\n",
+ data->nspec, total);
+}
+
+int selabel_media_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts)
+{
+ struct saved_data *data;
+
+ data = (struct saved_data *)malloc(sizeof(*data));
+ if (!data)
+ return -1;
+ memset(data, 0, sizeof(*data));
+
+ rec->data = data;
+ rec->func_close = &close;
+ rec->func_lookup = &lookup;
+ rec->func_stats = &stats;
+
+ return init(rec, opts, nopts);
+}
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
new file mode 100644
index 0000000..6a190f5
--- /dev/null
+++ b/libselinux/src/label_x.c
@@ -0,0 +1,246 @@
+/*
+ * Media contexts backend for X contexts
+ *
+ * Author : Eamon Walsh <ewalsh@tycho.nsa.gov>
+ */
+
+#include <sys/stat.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include "callbacks.h"
+#include "label_internal.h"
+
+/*
+ * Internals
+ */
+
+/* A context specification. */
+typedef struct spec {
+ struct selabel_lookup_rec lr; /* holds contexts for lookup result */
+ char *key; /* key string */
+ int type; /* type of record (prop, ext, client) */
+ int matches; /* number of matches made during operation */
+} spec_t;
+
+struct saved_data {
+ unsigned int nspec;
+ spec_t *spec_arr;
+};
+
+static int process_line(const char *path, char *line_buf, int pass,
+ unsigned lineno, struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ int items;
+ char *buf_p;
+ char *type, *key, *context;
+
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ /* Skip comment lines and empty lines. */
+ if (*buf_p == '#' || *buf_p == 0)
+ return 0;
+ items = sscanf(line_buf, "%as %as %as ", &type, &key, &context);
+ if (items < 3) {
+ selinux_log(SELINUX_WARNING,
+ "%s: line %d is missing fields, skipping\n", path,
+ lineno);
+ if (items > 0)
+ free(type);
+ if (items > 1)
+ free(key);
+ return 0;
+ }
+
+ if (pass == 1) {
+ /* Convert the type string to a mode format */
+ if (!strcmp(type, "property"))
+ data->spec_arr[data->nspec].type = SELABEL_X_PROP;
+ else if (!strcmp(type, "extension"))
+ data->spec_arr[data->nspec].type = SELABEL_X_EXT;
+ else if (!strcmp(type, "client"))
+ data->spec_arr[data->nspec].type = SELABEL_X_CLIENT;
+ else if (!strcmp(type, "event"))
+ data->spec_arr[data->nspec].type = SELABEL_X_EVENT;
+ else if (!strcmp(type, "selection"))
+ data->spec_arr[data->nspec].type = SELABEL_X_SELN;
+ else if (!strcmp(type, "poly_property"))
+ data->spec_arr[data->nspec].type = SELABEL_X_POLYPROP;
+ else if (!strcmp(type, "poly_selection"))
+ data->spec_arr[data->nspec].type = SELABEL_X_POLYSELN;
+ else {
+ selinux_log(SELINUX_WARNING,
+ "%s: line %d has invalid object type %s\n",
+ path, lineno, type);
+ return 0;
+ }
+ data->spec_arr[data->nspec].key = key;
+ data->spec_arr[data->nspec].lr.ctx_raw = context;
+ free(type);
+ }
+
+ data->nspec++;
+ if (pass == 0) {
+ free(type);
+ free(key);
+ free(context);
+ }
+ return 0;
+}
+
+static int init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned n)
+{
+ FILE *fp;
+ struct saved_data *data = (struct saved_data *)rec->data;
+ const char *path = NULL;
+ char *line_buf = NULL;
+ size_t line_len = 0;
+ int status = -1;
+ unsigned int lineno, pass, maxnspec;
+ struct stat sb;
+
+ /* Process arguments */
+ while (n--)
+ switch(opts[n].type) {
+ case SELABEL_OPT_PATH:
+ path = opts[n].value;
+ break;
+ }
+
+ /* Open the specification file. */
+ if (!path)
+ path = selinux_x_context_path();
+ if ((fp = fopen(path, "r")) == NULL)
+ return -1;
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+
+ if (fstat(fileno(fp), &sb) < 0)
+ return -1;
+ if (!S_ISREG(sb.st_mode)) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ /*
+ * Perform two passes over the specification file.
+ * The first pass counts the number of specifications and
+ * performs simple validation of the input. At the end
+ * of the first pass, the spec array is allocated.
+ * The second pass performs detailed validation of the input
+ * and fills in the spec array.
+ */
+ maxnspec = UINT_MAX / sizeof(spec_t);
+ for (pass = 0; pass < 2; pass++) {
+ lineno = 0;
+ data->nspec = 0;
+ while (getline(&line_buf, &line_len, fp) > 0 &&
+ data->nspec < maxnspec) {
+ if (process_line(path, line_buf, pass, ++lineno, rec))
+ goto finish;
+ }
+ lineno = 0;
+
+ if (pass == 0) {
+ if (data->nspec == 0) {
+ status = 0;
+ goto finish;
+ }
+ data->spec_arr = malloc(sizeof(spec_t)*data->nspec);
+ if (data->spec_arr == NULL)
+ goto finish;
+ memset(data->spec_arr, 0, sizeof(spec_t)*data->nspec);
+ maxnspec = data->nspec;
+ rewind(fp);
+ }
+ }
+ free(line_buf);
+
+ status = 0;
+finish:
+ fclose(fp);
+ return status;
+}
+
+/*
+ * Backend interface routines
+ */
+static void close(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ struct spec *spec, *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ spec = &spec_arr[i];
+ free(spec->key);
+ free(spec->lr.ctx_raw);
+ free(spec->lr.ctx_trans);
+ }
+
+ if (spec_arr)
+ free(spec_arr);
+
+ memset(data, 0, sizeof(*data));
+}
+
+static struct selabel_lookup_rec *lookup(struct selabel_handle *rec,
+ const char *key, int type)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ spec_t *spec_arr = data->spec_arr;
+ unsigned int i;
+
+ for (i = 0; i < data->nspec; i++) {
+ if (spec_arr[i].type != type)
+ continue;
+ if (!strncmp(spec_arr[i].key, "*", 2))
+ break;
+ if (!strncmp(spec_arr[i].key, key, strlen(key) + 1))
+ break;
+ }
+
+ if (i >= data->nspec) {
+ /* No matching specification. */
+ errno = ENOENT;
+ return NULL;
+ }
+
+ spec_arr[i].matches++;
+ return &spec_arr[i].lr;
+}
+
+static void stats(struct selabel_handle *rec)
+{
+ struct saved_data *data = (struct saved_data *)rec->data;
+ unsigned int i, total = 0;
+
+ for (i = 0; i < data->nspec; i++)
+ total += data->spec_arr[i].matches;
+
+ selinux_log(SELINUX_INFO, "%u entries, %u matches made\n",
+ data->nspec, total);
+}
+
+int selabel_x_init(struct selabel_handle *rec, struct selinux_opt *opts,
+ unsigned nopts)
+{
+ struct saved_data *data;
+
+ data = (struct saved_data *)malloc(sizeof(*data));
+ if (!data)
+ return -1;
+ memset(data, 0, sizeof(*data));
+
+ rec->data = data;
+ rec->func_close = &close;
+ rec->func_lookup = &lookup;
+ rec->func_stats = &stats;
+
+ return init(rec, opts, nopts);
+}
diff --git a/libselinux/src/lgetfilecon.c b/libselinux/src/lgetfilecon.c
new file mode 100644
index 0000000..a53f56e
--- /dev/null
+++ b/libselinux/src/lgetfilecon.c
@@ -0,0 +1,71 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int lgetfilecon_raw(const char *path, security_context_t * context)
+{
+ char *buf;
+ ssize_t size;
+ ssize_t ret;
+
+ size = INITCONTEXTLEN + 1;
+ buf = malloc(size);
+ if (!buf)
+ return -1;
+ memset(buf, 0, size);
+
+ ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ if (ret < 0 && errno == ERANGE) {
+ char *newbuf;
+
+ size = lgetxattr(path, XATTR_NAME_SELINUX, NULL, 0);
+ if (size < 0)
+ goto out;
+
+ size++;
+ newbuf = realloc(buf, size);
+ if (!newbuf)
+ goto out;
+
+ buf = newbuf;
+ memset(buf, 0, size);
+ ret = lgetxattr(path, XATTR_NAME_SELINUX, buf, size - 1);
+ }
+ out:
+ if (ret == 0) {
+ /* Re-map empty attribute values to errors. */
+ errno = EOPNOTSUPP;
+ ret = -1;
+ }
+ if (ret < 0)
+ free(buf);
+ else
+ *context = buf;
+ return ret;
+}
+
+hidden_def(lgetfilecon_raw)
+
+int lgetfilecon(const char *path, security_context_t * context)
+{
+ int ret;
+ security_context_t rcontext;
+
+ *context = NULL;
+
+ ret = lgetfilecon_raw(path, &rcontext);
+
+ if (ret > 0) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ if (ret >= 0 && *context)
+ return strlen(*context) + 1;
+ return ret;
+}
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
new file mode 100644
index 0000000..63f6609
--- /dev/null
+++ b/libselinux/src/load_policy.c
@@ -0,0 +1,431 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/mman.h>
+#include <sys/mount.h>
+#include <sys/utsname.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <ctype.h>
+#include <string.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include <sepol/sepol.h>
+#include <sepol/policydb.h>
+#include <dlfcn.h>
+#include "policy.h"
+#include <limits.h>
+
+int security_load_policy(void *data, size_t len)
+{
+ char path[PATH_MAX];
+ int fd, ret;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/load", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ ret = write(fd, data, len);
+ close(fd);
+ if (ret < 0)
+ return -1;
+ return 0;
+}
+
+hidden_def(security_load_policy)
+
+int load_setlocaldefs hidden = 1;
+
+#undef max
+#define max(a, b) (((a) > (b)) ? (a) : (b))
+
+int selinux_mkload_policy(int preservebools)
+{
+ int kernvers = security_policyvers();
+ int maxvers = kernvers, minvers = DEFAULT_POLICY_VERSION, vers;
+ int setlocaldefs = load_setlocaldefs;
+ char path[PATH_MAX], **names;
+ struct stat sb;
+ struct utsname uts;
+ size_t size;
+ void *map, *data;
+ int fd, rc = -1, *values, len, i, prot;
+ sepol_policydb_t *policydb;
+ sepol_policy_file_t *pf;
+ int usesepol = 0;
+ int (*vers_max)(void) = NULL;
+ int (*vers_min)(void) = NULL;
+ int (*policy_file_create)(sepol_policy_file_t **) = NULL;
+ void (*policy_file_free)(sepol_policy_file_t *) = NULL;
+ void (*policy_file_set_mem)(sepol_policy_file_t *, char*, size_t) = NULL;
+ int (*policydb_create)(sepol_policydb_t **) = NULL;
+ void (*policydb_free)(sepol_policydb_t *) = NULL;
+ int (*policydb_read)(sepol_policydb_t *, sepol_policy_file_t *) = NULL;
+ int (*policydb_set_vers)(sepol_policydb_t *, unsigned int) = NULL;
+ int (*policydb_to_image)(sepol_handle_t *, sepol_policydb_t *, void **, size_t *) = NULL;
+ int (*genbools_array)(void *data, size_t len, char **names, int *values, int nel) = NULL;
+ int (*genusers)(void *data, size_t len, const char *usersdir, void **newdata, size_t * newlen) = NULL;
+ int (*genbools)(void *data, size_t len, char *boolpath) = NULL;
+
+#ifdef SHARED
+ char *errormsg = NULL;
+ void *libsepolh = NULL;
+ libsepolh = dlopen("libsepol.so.1", RTLD_NOW);
+ if (libsepolh) {
+ usesepol = 1;
+ dlerror();
+#define DLERR() if ((errormsg = dlerror())) goto dlclose;
+ vers_max = dlsym(libsepolh, "sepol_policy_kern_vers_max");
+ DLERR();
+ vers_min = dlsym(libsepolh, "sepol_policy_kern_vers_min");
+ DLERR();
+
+ policy_file_create = dlsym(libsepolh, "sepol_policy_file_create");
+ DLERR();
+ policy_file_free = dlsym(libsepolh, "sepol_policy_file_free");
+ DLERR();
+ policy_file_set_mem = dlsym(libsepolh, "sepol_policy_file_set_mem");
+ DLERR();
+ policydb_create = dlsym(libsepolh, "sepol_policydb_create");
+ DLERR();
+ policydb_free = dlsym(libsepolh, "sepol_policydb_free");
+ DLERR();
+ policydb_read = dlsym(libsepolh, "sepol_policydb_read");
+ DLERR();
+ policydb_set_vers = dlsym(libsepolh, "sepol_policydb_set_vers");
+ DLERR();
+ policydb_to_image = dlsym(libsepolh, "sepol_policydb_to_image");
+ DLERR();
+ genbools_array = dlsym(libsepolh, "sepol_genbools_array");
+ DLERR();
+ genusers = dlsym(libsepolh, "sepol_genusers");
+ DLERR();
+ genbools = dlsym(libsepolh, "sepol_genbools");
+ DLERR();
+
+#undef DLERR
+ }
+#else
+ usesepol = 1;
+ vers_max = sepol_policy_kern_vers_max;
+ vers_min = sepol_policy_kern_vers_min;
+ policy_file_create = sepol_policy_file_create;
+ policy_file_free = sepol_policy_file_free;
+ policy_file_set_mem = sepol_policy_file_set_mem;
+ policydb_create = sepol_policydb_create;
+ policydb_free = sepol_policydb_free;
+ policydb_read = sepol_policydb_read;
+ policydb_set_vers = sepol_policydb_set_vers;
+ policydb_to_image = sepol_policydb_to_image;
+ genbools_array = sepol_genbools_array;
+ genusers = sepol_genusers;
+ genbools = sepol_genbools;
+
+#endif
+
+ /*
+ * Check whether we need to support local boolean and user definitions.
+ */
+ if (setlocaldefs) {
+ if (access(selinux_booleans_path(), F_OK) == 0)
+ goto checkbool;
+ snprintf(path, sizeof path, "%s.local", selinux_booleans_path());
+ if (access(path, F_OK) == 0)
+ goto checkbool;
+ snprintf(path, sizeof path, "%s/local.users", selinux_users_path());
+ if (access(path, F_OK) == 0)
+ goto checkbool;
+ /* No local definition files, so disable setlocaldefs. */
+ setlocaldefs = 0;
+ }
+
+checkbool:
+ /*
+ * As of Linux 2.6.22, the kernel preserves boolean
+ * values across a reload, so we do not need to
+ * preserve them in userspace.
+ */
+ if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0)
+ preservebools = 0;
+
+ if (usesepol) {
+ maxvers = vers_max();
+ minvers = vers_min();
+ if (!setlocaldefs && !preservebools)
+ maxvers = max(kernvers, maxvers);
+ }
+
+ vers = maxvers;
+ search:
+ snprintf(path, sizeof(path), "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fd = open(path, O_RDONLY);
+ while (fd < 0 && errno == ENOENT
+ && --vers >= minvers) {
+ /* Check prior versions to see if old policy is available */
+ snprintf(path, sizeof(path), "%s.%d",
+ selinux_binary_policy_path(), vers);
+ fd = open(path, O_RDONLY);
+ }
+ if (fd < 0) {
+ fprintf(stderr,
+ "SELinux: Could not open policy file <= %s.%d: %s\n",
+ selinux_binary_policy_path(), maxvers, strerror(errno));
+ goto dlclose;
+ }
+
+ if (fstat(fd, &sb) < 0) {
+ fprintf(stderr,
+ "SELinux: Could not stat policy file %s: %s\n",
+ path, strerror(errno));
+ goto close;
+ }
+
+ prot = PROT_READ;
+ if (setlocaldefs || preservebools)
+ prot |= PROT_WRITE;
+
+ size = sb.st_size;
+ data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+ if (map == MAP_FAILED) {
+ fprintf(stderr,
+ "SELinux: Could not map policy file %s: %s\n",
+ path, strerror(errno));
+ goto close;
+ }
+
+ if (vers > kernvers && usesepol) {
+ /* Need to downgrade to kernel-supported version. */
+ if (policy_file_create(&pf))
+ goto unmap;
+ if (policydb_create(&policydb)) {
+ policy_file_free(pf);
+ goto unmap;
+ }
+ policy_file_set_mem(pf, data, size);
+ if (policydb_read(policydb, pf)) {
+ policy_file_free(pf);
+ policydb_free(policydb);
+ goto unmap;
+ }
+ if (policydb_set_vers(policydb, kernvers) ||
+ policydb_to_image(NULL, policydb, &data, &size)) {
+ /* Downgrade failed, keep searching. */
+ fprintf(stderr,
+ "SELinux: Could not downgrade policy file %s, searching for an older version.\n",
+ path);
+ policy_file_free(pf);
+ policydb_free(policydb);
+ munmap(map, sb.st_size);
+ close(fd);
+ vers--;
+ goto search;
+ }
+ policy_file_free(pf);
+ policydb_free(policydb);
+ }
+
+ if (usesepol) {
+ if (setlocaldefs) {
+ void *olddata = data;
+ size_t oldsize = size;
+ rc = genusers(olddata, oldsize, selinux_users_path(),
+ &data, &size);
+ if (rc < 0) {
+ /* Fall back to the prior image if genusers failed. */
+ data = olddata;
+ size = oldsize;
+ rc = 0;
+ } else {
+ if (olddata != map)
+ free(olddata);
+ }
+ }
+
+#ifndef DISABLE_BOOL
+ if (preservebools) {
+ rc = security_get_boolean_names(&names, &len);
+ if (!rc) {
+ values = malloc(sizeof(int) * len);
+ if (!values)
+ goto unmap;
+ for (i = 0; i < len; i++)
+ values[i] =
+ security_get_boolean_active(names[i]);
+ (void)genbools_array(data, size, names, values,
+ len);
+ free(values);
+ for (i = 0; i < len; i++)
+ free(names[i]);
+ free(names);
+ }
+ } else if (setlocaldefs) {
+ (void)genbools(data, size,
+ (char *)selinux_booleans_path());
+ }
+#endif
+ }
+
+
+ rc = security_load_policy(data, size);
+
+ if (rc)
+ fprintf(stderr,
+ "SELinux: Could not load policy file %s: %s\n",
+ path, strerror(errno));
+
+ unmap:
+ if (data != map)
+ free(data);
+ munmap(map, sb.st_size);
+ close:
+ close(fd);
+ dlclose:
+#ifdef SHARED
+ if (errormsg)
+ fprintf(stderr, "libselinux: %s\n", errormsg);
+ if (libsepolh)
+ dlclose(libsepolh);
+#endif
+ return rc;
+}
+
+hidden_def(selinux_mkload_policy)
+
+/*
+ * Mount point for selinuxfs.
+ * This definition is private to the function below.
+ * Everything else uses the location determined during
+ * libselinux startup via /proc/mounts (see init_selinuxmnt).
+ * We only need the hardcoded definition for the initial mount
+ * required for the initial policy load.
+ */
+int selinux_init_load_policy(int *enforce)
+{
+ int rc = 0, orig_enforce = 0, seconfig = -2, secmdline = -1;
+ FILE *cfg;
+ char *buf;
+
+ /*
+ * Reread the selinux configuration in case it has changed.
+ * Example: Caller has chroot'd and is now loading policy from
+ * chroot'd environment.
+ */
+ reset_selinux_config();
+
+ /*
+ * Get desired mode (disabled, permissive, enforcing) from
+ * /etc/selinux/config.
+ */
+ selinux_getenforcemode(&seconfig);
+
+ /* Check for an override of the mode via the kernel command line. */
+ rc = mount("none", "/proc", "proc", 0, 0);
+ cfg = fopen("/proc/cmdline", "r");
+ if (cfg) {
+ char *tmp;
+ buf = malloc(selinux_page_size);
+ if (!buf) {
+ fclose(cfg);
+ return -1;
+ }
+ if (fgets(buf, selinux_page_size, cfg) &&
+ (tmp = strstr(buf, "enforcing="))) {
+ if (tmp == buf || isspace(*(tmp - 1))) {
+ secmdline =
+ atoi(tmp + sizeof("enforcing=") - 1);
+ }
+ }
+ fclose(cfg);
+ free(buf);
+ }
+#define MNT_DETACH 2
+ if (rc == 0)
+ umount2("/proc", MNT_DETACH);
+
+ /*
+ * Determine the final desired mode.
+ * Command line argument takes precedence, then config file.
+ */
+ if (secmdline >= 0)
+ *enforce = secmdline;
+ else if (seconfig >= 0)
+ *enforce = seconfig;
+ else
+ *enforce = 0; /* unspecified or disabled */
+
+ /*
+ * Check for the existence of SELinux via selinuxfs, and
+ * mount it if present for use in the calls below.
+ */
+ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
+ if (errno == ENODEV) {
+ /*
+ * SELinux was disabled in the kernel, either
+ * omitted entirely or disabled at boot via selinux=0.
+ * This takes precedence over any config or
+ * commandline enforcing setting.
+ */
+ *enforce = 0;
+ } else {
+ /* Only emit this error if selinux was not disabled */
+ fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n", SELINUXMNT, strerror(errno));
+ }
+
+ goto noload;
+ }
+ set_selinuxmnt(SELINUXMNT);
+
+ /*
+ * Note: The following code depends on having selinuxfs
+ * already mounted and selinuxmnt set above.
+ */
+
+ if (seconfig == -1) {
+ /* Runtime disable of SELinux. */
+ rc = security_disable();
+ if (rc == 0) {
+ /* Successfully disabled, so umount selinuxfs too. */
+ umount(SELINUXMNT);
+ }
+ /*
+ * If we failed to disable, SELinux will still be
+ * effectively permissive, because no policy is loaded.
+ * No need to call security_setenforce(0) here.
+ */
+ goto noload;
+ }
+
+ /*
+ * If necessary, change the kernel enforcing status to match
+ * the desired mode.
+ */
+ orig_enforce = rc = security_getenforce();
+ if (rc < 0)
+ goto noload;
+ if (orig_enforce != *enforce) {
+ rc = security_setenforce(*enforce);
+ if (rc < 0)
+ goto noload;
+ }
+
+ /* Load the policy. */
+ return selinux_mkload_policy(0);
+
+ noload:
+ /*
+ * Only return 0 on a successful completion of policy load.
+ * In any other case, we want to return an error so that init
+ * knows not to proceed with the re-exec for the domain transition.
+ * Depending on the *enforce setting, init will halt (> 0) or proceed
+ * normally (otherwise).
+ */
+ return -1;
+}
diff --git a/libselinux/src/lsetfilecon.c b/libselinux/src/lsetfilecon.c
new file mode 100644
index 0000000..844e5c7
--- /dev/null
+++ b/libselinux/src/lsetfilecon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int lsetfilecon_raw(const char *path, security_context_t context)
+{
+ return lsetxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
+ 0);
+}
+
+hidden_def(lsetfilecon_raw)
+
+int lsetfilecon(const char *path, security_context_t context)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = lsetfilecon_raw(path, rcontext);
+
+ freecon(rcontext);
+
+ return ret;
+}
diff --git a/libselinux/src/mapping.c b/libselinux/src/mapping.c
new file mode 100644
index 0000000..f9858ce
--- /dev/null
+++ b/libselinux/src/mapping.c
@@ -0,0 +1,195 @@
+/*
+ * Class and permission mappings.
+ */
+
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <assert.h>
+#include <selinux/selinux.h>
+#include <selinux/avc.h>
+#include "mapping.h"
+
+/*
+ * Class and permission mappings
+ */
+
+struct selinux_mapping {
+ security_class_t value; /* real, kernel value */
+ unsigned num_perms;
+ access_vector_t perms[sizeof(access_vector_t) * 8];
+};
+
+static struct selinux_mapping *current_mapping = NULL;
+static security_class_t current_mapping_size = 0;
+
+/*
+ * Mapping setting function
+ */
+
+int
+selinux_set_mapping(struct security_class_mapping *map)
+{
+ size_t size = sizeof(struct selinux_mapping);
+ security_class_t i, j;
+ unsigned k;
+
+ free(current_mapping);
+ current_mapping = NULL;
+ current_mapping_size = 0;
+
+ if (avc_reset() < 0)
+ goto err;
+
+ /* Find number of classes in the input mapping */
+ if (!map) {
+ errno = EINVAL;
+ goto err;
+ }
+ i = 0;
+ while (map[i].name)
+ i++;
+
+ /* Allocate space for the class records, plus one for class zero */
+ current_mapping = (struct selinux_mapping *)calloc(++i, size);
+ if (!current_mapping)
+ goto err;
+
+ /* Store the raw class and permission values */
+ j = 0;
+ while (map[j].name) {
+ struct security_class_mapping *p_in = map + (j++);
+ struct selinux_mapping *p_out = current_mapping + j;
+
+ p_out->value = string_to_security_class(p_in->name);
+ if (!p_out->value)
+ goto err2;
+
+ k = 0;
+ while (p_in->perms && p_in->perms[k]) {
+ /* An empty permission string skips ahead */
+ if (!*p_in->perms[k]) {
+ k++;
+ continue;
+ }
+ p_out->perms[k] = string_to_av_perm(p_out->value,
+ p_in->perms[k]);
+ if (!p_out->perms[k])
+ goto err2;
+ k++;
+ }
+ p_out->num_perms = k;
+ }
+
+ /* Set the mapping size here so the above lookups are "raw" */
+ current_mapping_size = i;
+ return 0;
+err2:
+ free(current_mapping);
+ current_mapping = NULL;
+ current_mapping_size = 0;
+err:
+ return -1;
+}
+
+/*
+ * Get real, kernel values from mapped values
+ */
+
+security_class_t
+unmap_class(security_class_t tclass)
+{
+ if (tclass < current_mapping_size)
+ return current_mapping[tclass].value;
+
+ assert(current_mapping_size == 0);
+ return tclass;
+}
+
+access_vector_t
+unmap_perm(security_class_t tclass, access_vector_t tperm)
+{
+ if (tclass < current_mapping_size) {
+ unsigned i;
+ access_vector_t kperm = 0;
+
+ for (i=0; i<current_mapping[tclass].num_perms; i++)
+ if (tperm & (1<<i)) {
+ assert(current_mapping[tclass].perms[i]);
+ kperm |= current_mapping[tclass].perms[i];
+ tperm &= ~(1<<i);
+ }
+ assert(tperm == 0);
+ return kperm;
+ }
+
+ assert(current_mapping_size == 0);
+ return tperm;
+}
+
+/*
+ * Get mapped values from real, kernel values
+ */
+
+security_class_t
+map_class(security_class_t kclass)
+{
+ security_class_t i;
+
+ for (i=0; i<current_mapping_size; i++)
+ if (current_mapping[i].value == kclass)
+ return i;
+
+ assert(current_mapping_size == 0);
+ return kclass;
+}
+
+access_vector_t
+map_perm(security_class_t tclass, access_vector_t kperm)
+{
+ if (tclass < current_mapping_size) {
+ unsigned i;
+ access_vector_t tperm = 0;
+
+ for (i=0; i<current_mapping[tclass].num_perms; i++)
+ if (kperm & current_mapping[tclass].perms[i]) {
+ tperm |= 1<<i;
+ kperm &= ~current_mapping[tclass].perms[i];
+ }
+ assert(kperm == 0);
+ return tperm;
+ }
+
+ assert(current_mapping_size == 0);
+ return kperm;
+}
+
+void
+map_decision(security_class_t tclass, struct av_decision *avd)
+{
+ if (tclass < current_mapping_size) {
+ unsigned i;
+ access_vector_t result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->allowed & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->allowed = result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->decided & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->decided = result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->auditallow & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->auditallow = result;
+
+ for (i=0, result=0; i<current_mapping[tclass].num_perms; i++)
+ if (avd->auditdeny & current_mapping[tclass].perms[i])
+ result |= 1<<i;
+ avd->auditdeny = result;
+ }
+}
diff --git a/libselinux/src/mapping.h b/libselinux/src/mapping.h
new file mode 100644
index 0000000..b96756b
--- /dev/null
+++ b/libselinux/src/mapping.h
@@ -0,0 +1,41 @@
+/*
+ * This file describes the class and permission mappings used to
+ * hide the kernel numbers from userspace by allowing userspace object
+ * managers to specify a list of classes and permissions.
+ */
+#ifndef _SELINUX_MAPPING_H_
+#define _SELINUX_MAPPING_H_
+
+#include <selinux/selinux.h>
+
+/*
+ * Get real, kernel values from mapped values
+ */
+
+extern security_class_t
+unmap_class(security_class_t tclass);
+
+extern access_vector_t
+unmap_perm(security_class_t tclass, access_vector_t tperm);
+
+/*
+ * Get mapped values from real, kernel values
+ */
+
+extern security_class_t
+map_class(security_class_t kclass);
+
+extern access_vector_t
+map_perm(security_class_t tclass, access_vector_t kperm);
+
+extern void
+map_decision(security_class_t tclass, struct av_decision *avd);
+
+/*mapping is not used for embedded build*/
+#ifdef DISABLE_AVC
+#define unmap_perm(x,y) y
+#define unmap_class(x) x
+#define map_decision(x,y)
+#endif
+
+#endif /* _SELINUX_MAPPING_H_ */
diff --git a/libselinux/src/matchmediacon.c b/libselinux/src/matchmediacon.c
new file mode 100644
index 0000000..4b40942
--- /dev/null
+++ b/libselinux/src/matchmediacon.c
@@ -0,0 +1,66 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <sys/stat.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <errno.h>
+#include <limits.h>
+#include <regex.h>
+#include <stdarg.h>
+
+int matchmediacon(const char *media, security_context_t * con)
+{
+ const char *path = selinux_media_context_path();
+ FILE *infile;
+ char *ptr, *ptr2 = NULL;
+ int found = 0;
+ char current_line[PATH_MAX];
+ if ((infile = fopen(path, "r")) == NULL)
+ return -1;
+ while (!feof_unlocked(infile)) {
+ if (!fgets_unlocked(current_line, sizeof(current_line), infile)) {
+ return -1;
+ }
+ if (current_line[strlen(current_line) - 1])
+ current_line[strlen(current_line) - 1] = 0;
+ /* Skip leading whitespace before the partial context. */
+ ptr = current_line;
+ while (*ptr && isspace(*ptr))
+ ptr++;
+
+ if (!(*ptr))
+ continue;
+
+ /* Find the end of the media context. */
+ ptr2 = ptr;
+ while (*ptr2 && !isspace(*ptr2))
+ ptr2++;
+ if (!(*ptr2))
+ continue;
+
+ *ptr2++ = 0;
+ if (strcmp(media, ptr) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (!found)
+ return -1;
+
+ /* Skip whitespace. */
+ while (*ptr2 && isspace(*ptr2))
+ ptr2++;
+ if (!(*ptr2)) {
+ return -1;
+ }
+
+ if (selinux_raw_to_trans_context(ptr2, con)) {
+ *con = NULL;
+ return -1;
+ }
+
+ return 0;
+}
diff --git a/libselinux/src/matchpathcon.c b/libselinux/src/matchpathcon.c
new file mode 100644
index 0000000..381aedd
--- /dev/null
+++ b/libselinux/src/matchpathcon.c
@@ -0,0 +1,436 @@
+#include <sys/stat.h>
+#include <string.h>
+#include <errno.h>
+#include <stdio.h>
+#include "selinux_internal.h"
+#include "label_internal.h"
+#include "callbacks.h"
+
+static __thread struct selabel_handle *hnd;
+
+/*
+ * An array for mapping integers to contexts
+ */
+static __thread char **con_array;
+static __thread int con_array_size;
+static __thread int con_array_used;
+
+static int add_array_elt(char *con)
+{
+ if (con_array_size) {
+ while (con_array_used >= con_array_size) {
+ con_array_size *= 2;
+ con_array = (char **)realloc(con_array, sizeof(char*) *
+ con_array_size);
+ if (!con_array) {
+ con_array_size = con_array_used = 0;
+ return -1;
+ }
+ }
+ } else {
+ con_array_size = 1000;
+ con_array = (char **)malloc(sizeof(char*) * con_array_size);
+ if (!con_array) {
+ con_array_size = con_array_used = 0;
+ return -1;
+ }
+ }
+
+ con_array[con_array_used] = strdup(con);
+ if (!con_array[con_array_used])
+ return -1;
+ return con_array_used++;
+}
+
+static void free_array_elts(void)
+{
+ con_array_size = con_array_used = 0;
+ free(con_array);
+ con_array = NULL;
+}
+
+static void
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 1, 2)))
+#endif
+ default_printf(const char *fmt, ...)
+{
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(stderr, fmt, ap);
+ va_end(ap);
+}
+
+void
+#ifdef __GNUC__
+ __attribute__ ((format(printf, 1, 2)))
+#endif
+ (*myprintf) (const char *fmt,...) = &default_printf;
+int myprintf_compat = 0;
+
+void set_matchpathcon_printf(void (*f) (const char *fmt, ...))
+{
+ myprintf = f ? f : &default_printf;
+ myprintf_compat = 1;
+}
+
+static int (*myinvalidcon) (const char *p, unsigned l, char *c) = NULL;
+
+void set_matchpathcon_invalidcon(int (*f) (const char *p, unsigned l, char *c))
+{
+ myinvalidcon = f;
+}
+
+static int default_canoncon(const char *path, unsigned lineno, char **context)
+{
+ char *tmpcon;
+ if (security_canonicalize_context_raw(*context, &tmpcon) < 0) {
+ if (errno == ENOENT)
+ return 0;
+ if (lineno)
+ myprintf("%s: line %u has invalid context %s\n", path,
+ lineno, *context);
+ else
+ myprintf("%s: invalid context %s\n", path, *context);
+ return 1;
+ }
+ free(*context);
+ *context = tmpcon;
+ return 0;
+}
+
+static int (*mycanoncon) (const char *p, unsigned l, char **c) =
+ NULL;
+
+void set_matchpathcon_canoncon(int (*f) (const char *p, unsigned l, char **c))
+{
+ if (f)
+ mycanoncon = f;
+ else
+ mycanoncon = &default_canoncon;
+}
+
+static __thread struct selinux_opt options[SELABEL_NOPT];
+static __thread int notrans;
+
+void set_matchpathcon_flags(unsigned int flags)
+{
+ int i;
+ memset(options, 0, sizeof(options));
+ i = SELABEL_OPT_BASEONLY;
+ options[i].type = i;
+ options[i].value = (flags & MATCHPATHCON_BASEONLY) ? (char*)1 : NULL;
+ i = SELABEL_OPT_VALIDATE;
+ options[i].type = i;
+ options[i].value = (flags & MATCHPATHCON_VALIDATE) ? (char*)1 : NULL;
+ notrans = flags & MATCHPATHCON_NOTRANS;
+}
+
+/*
+ * An association between an inode and a
+ * specification.
+ */
+typedef struct file_spec {
+ ino_t ino; /* inode number */
+ int specind; /* index of specification in spec */
+ char *file; /* full pathname for diagnostic messages about conflicts */
+ struct file_spec *next; /* next association in hash bucket chain */
+} file_spec_t;
+
+/*
+ * The hash table of associations, hashed by inode number.
+ * Chaining is used for collisions, with elements ordered
+ * by inode number in each bucket. Each hash bucket has a dummy
+ * header.
+ */
+#define HASH_BITS 16
+#define HASH_BUCKETS (1 << HASH_BITS)
+#define HASH_MASK (HASH_BUCKETS-1)
+static file_spec_t *fl_head;
+
+/*
+ * Try to add an association between an inode and
+ * a specification. If there is already an association
+ * for the inode and it conflicts with this specification,
+ * then use the specification that occurs later in the
+ * specification array.
+ */
+int matchpathcon_filespec_add(ino_t ino, int specind, const char *file)
+{
+ file_spec_t *prevfl, *fl;
+ int h, ret;
+ struct stat sb;
+
+ if (!fl_head) {
+ fl_head = malloc(sizeof(file_spec_t) * HASH_BUCKETS);
+ if (!fl_head)
+ goto oom;
+ memset(fl_head, 0, sizeof(file_spec_t) * HASH_BUCKETS);
+ }
+
+ h = (ino + (ino >> HASH_BITS)) & HASH_MASK;
+ for (prevfl = &fl_head[h], fl = fl_head[h].next; fl;
+ prevfl = fl, fl = fl->next) {
+ if (ino == fl->ino) {
+ ret = lstat(fl->file, &sb);
+ if (ret < 0 || sb.st_ino != ino) {
+ fl->specind = specind;
+ free(fl->file);
+ fl->file = malloc(strlen(file) + 1);
+ if (!fl->file)
+ goto oom;
+ strcpy(fl->file, file);
+ return fl->specind;
+
+ }
+
+ if (!strcmp(con_array[fl->specind],
+ con_array[specind]))
+ return fl->specind;
+
+ myprintf
+ ("%s: conflicting specifications for %s and %s, using %s.\n",
+ __FUNCTION__, file, fl->file,
+ con_array[fl->specind]);
+ free(fl->file);
+ fl->file = malloc(strlen(file) + 1);
+ if (!fl->file)
+ goto oom;
+ strcpy(fl->file, file);
+ return fl->specind;
+ }
+
+ if (ino > fl->ino)
+ break;
+ }
+
+ fl = malloc(sizeof(file_spec_t));
+ if (!fl)
+ goto oom;
+ fl->ino = ino;
+ fl->specind = specind;
+ fl->file = malloc(strlen(file) + 1);
+ if (!fl->file)
+ goto oom_freefl;
+ strcpy(fl->file, file);
+ fl->next = prevfl->next;
+ prevfl->next = fl;
+ return fl->specind;
+ oom_freefl:
+ free(fl);
+ oom:
+ myprintf("%s: insufficient memory for file label entry for %s\n",
+ __FUNCTION__, file);
+ return -1;
+}
+
+/*
+ * Evaluate the association hash table distribution.
+ */
+void matchpathcon_filespec_eval(void)
+{
+ file_spec_t *fl;
+ int h, used, nel, len, longest;
+
+ if (!fl_head)
+ return;
+
+ used = 0;
+ longest = 0;
+ nel = 0;
+ for (h = 0; h < HASH_BUCKETS; h++) {
+ len = 0;
+ for (fl = fl_head[h].next; fl; fl = fl->next) {
+ len++;
+ }
+ if (len)
+ used++;
+ if (len > longest)
+ longest = len;
+ nel += len;
+ }
+
+ myprintf
+ ("%s: hash table stats: %d elements, %d/%d buckets used, longest chain length %d\n",
+ __FUNCTION__, nel, used, HASH_BUCKETS, longest);
+}
+
+/*
+ * Destroy the association hash table.
+ */
+void matchpathcon_filespec_destroy(void)
+{
+ file_spec_t *fl, *tmp;
+ int h;
+
+ free_array_elts();
+
+ if (!fl_head)
+ return;
+
+ for (h = 0; h < HASH_BUCKETS; h++) {
+ fl = fl_head[h].next;
+ while (fl) {
+ tmp = fl;
+ fl = fl->next;
+ free(tmp->file);
+ free(tmp);
+ }
+ fl_head[h].next = NULL;
+ }
+ free(fl_head);
+ fl_head = NULL;
+}
+
+int matchpathcon_init_prefix(const char *path, const char *subset)
+{
+ if (!mycanoncon)
+ mycanoncon = default_canoncon;
+
+ options[SELABEL_OPT_SUBSET].type = SELABEL_OPT_SUBSET;
+ options[SELABEL_OPT_SUBSET].value = subset;
+ options[SELABEL_OPT_PATH].type = SELABEL_OPT_PATH;
+ options[SELABEL_OPT_PATH].value = path;
+
+ hnd = selabel_open(SELABEL_CTX_FILE, options, SELABEL_NOPT);
+ return hnd ? 0 : -1;
+}
+
+hidden_def(matchpathcon_init_prefix)
+
+int matchpathcon_init(const char *path)
+{
+ return matchpathcon_init_prefix(path, NULL);
+}
+
+void matchpathcon_fini(void)
+{
+ if (hnd) {
+ selabel_close(hnd);
+ hnd = NULL;
+ }
+}
+
+int matchpathcon(const char *name, mode_t mode, security_context_t * con)
+{
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ return -1;
+
+ return notrans ?
+ selabel_lookup_raw(hnd, con, name, mode) :
+ selabel_lookup(hnd, con, name, mode);
+}
+
+int matchpathcon_index(const char *name, mode_t mode, security_context_t * con)
+{
+ int i = matchpathcon(name, mode, con);
+
+ if (i < 0)
+ return -1;
+
+ return add_array_elt(*con);
+}
+
+void matchpathcon_checkmatches(char *str __attribute__((unused)))
+{
+ selabel_stats(hnd);
+}
+
+/* Compare two contexts to see if their differences are "significant",
+ * or whether the only difference is in the user. */
+int selinux_file_context_cmp(const security_context_t a,
+ const security_context_t b)
+{
+ char *rest_a, *rest_b; /* Rest of the context after the user */
+ if (!a && !b)
+ return 0;
+ if (!a)
+ return -1;
+ if (!b)
+ return 1;
+ rest_a = strchr((char *)a, ':');
+ rest_b = strchr((char *)b, ':');
+ if (!rest_a && !rest_b)
+ return 0;
+ if (!rest_a)
+ return -1;
+ if (!rest_b)
+ return 1;
+ return strcmp(rest_a, rest_b);
+}
+
+int selinux_file_context_verify(const char *path, mode_t mode)
+{
+ security_context_t con = NULL;
+ security_context_t fcontext = NULL;
+ int rc = 0;
+
+ rc = lgetfilecon_raw(path, &con);
+ if (rc == -1) {
+ if (errno != ENOTSUP)
+ return 1;
+ else
+ return 0;
+ }
+
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ return -1;
+
+ if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
+ if (errno != ENOENT)
+ rc = 1;
+ else
+ rc = 0;
+ } else
+ rc = (selinux_file_context_cmp(fcontext, con) == 0);
+
+ freecon(con);
+ freecon(fcontext);
+ return rc;
+}
+
+int selinux_lsetfilecon_default(const char *path)
+{
+ struct stat st;
+ int rc = -1;
+ security_context_t scontext = NULL;
+ if (lstat(path, &st) != 0)
+ return rc;
+
+ if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
+ return -1;
+
+ /* If there's an error determining the context, or it has none,
+ return to allow default context */
+ if (selabel_lookup_raw(hnd, &scontext, path, st.st_mode)) {
+ if (errno == ENOENT)
+ rc = 0;
+ } else {
+ rc = lsetfilecon_raw(path, scontext);
+ freecon(scontext);
+ }
+ return rc;
+}
+
+int compat_validate(struct selabel_handle *rec,
+ struct selabel_lookup_rec *contexts,
+ const char *path, unsigned lineno)
+{
+ int rc;
+ char **ctx = &contexts->ctx_raw;
+
+ if (myinvalidcon)
+ rc = myinvalidcon(path, lineno, *ctx);
+ else if (mycanoncon)
+ rc = mycanoncon(path, lineno, ctx);
+ else {
+ rc = selabel_validate(rec, contexts);
+ if (rc < 0) {
+ COMPAT_LOG(SELINUX_WARNING,
+ "%s: line %d has invalid context %s\n",
+ path, lineno, *ctx);
+ }
+ }
+
+ return rc ? -1 : 0;
+}
diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h
new file mode 100644
index 0000000..10e8712
--- /dev/null
+++ b/libselinux/src/policy.h
@@ -0,0 +1,25 @@
+#ifndef _POLICY_H_
+#define _POLICY_H_
+
+/* Private definitions used internally by libselinux. */
+
+/* xattr name for SELinux attributes. */
+#define XATTR_NAME_SELINUX "security.selinux"
+
+/* Initial length guess for getting contexts. */
+#define INITCONTEXTLEN 255
+
+/* selinuxfs magic number */
+#define SELINUX_MAGIC 0xf97cff8c
+
+/* Preferred selinux mount location */
+#define SELINUXMNT "/selinux"
+
+/* selinuxfs mount point */
+extern char *selinux_mnt;
+
+#define FILECONTEXTS "/etc/security/selinux/file_contexts"
+
+#define DEFAULT_POLICY_VERSION 15
+
+#endif
diff --git a/libselinux/src/policyvers.c b/libselinux/src/policyvers.c
new file mode 100644
index 0000000..284a7f7
--- /dev/null
+++ b/libselinux/src/policyvers.c
@@ -0,0 +1,45 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include <stdio.h>
+#include "policy.h"
+#include "dso.h"
+#include <limits.h>
+
+int security_policyvers(void)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+ unsigned vers = DEFAULT_POLICY_VERSION;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/policyvers", selinux_mnt);
+ fd = open(path, O_RDONLY);
+ if (fd < 0) {
+ if (errno == ENOENT)
+ return vers;
+ else
+ return -1;
+ }
+ memset(buf, 0, sizeof buf);
+ ret = read(fd, buf, sizeof buf - 1);
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ if (sscanf(buf, "%u", &vers) != 1)
+ return -1;
+
+ return vers;
+}
+
+hidden_def(security_policyvers)
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
new file mode 100644
index 0000000..8f3f401
--- /dev/null
+++ b/libselinux/src/procattr.c
@@ -0,0 +1,205 @@
+#include <sys/syscall.h>
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <errno.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+static pid_t gettid(void)
+{
+ return syscall(__NR_gettid);
+}
+
+static int getprocattrcon_raw(security_context_t * context,
+ pid_t pid, const char *attr)
+{
+ char *path, *buf;
+ size_t size;
+ int fd, rc;
+ ssize_t ret;
+ pid_t tid;
+ int errno_hold;
+
+ if (pid > 0)
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ else {
+ tid = gettid();
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ }
+ if (rc < 0)
+ return -1;
+
+ fd = open(path, O_RDONLY);
+ free(path);
+ if (fd < 0)
+ return -1;
+
+ size = selinux_page_size;
+ buf = malloc(size);
+ if (!buf) {
+ ret = -1;
+ goto out;
+ }
+ memset(buf, 0, size);
+
+ do {
+ ret = read(fd, buf, size - 1);
+ } while (ret < 0 && errno == EINTR);
+ if (ret < 0)
+ goto out2;
+
+ if (ret == 0) {
+ *context = NULL;
+ goto out2;
+ }
+
+ *context = strdup(buf);
+ if (!(*context)) {
+ ret = -1;
+ goto out2;
+ }
+ ret = 0;
+ out2:
+ free(buf);
+ out:
+ errno_hold = errno;
+ close(fd);
+ errno = errno_hold;
+ return ret;
+}
+
+static int getprocattrcon(security_context_t * context,
+ pid_t pid, const char *attr)
+{
+ int ret;
+ security_context_t rcontext;
+
+ ret = getprocattrcon_raw(&rcontext, pid, attr);
+
+ if (!ret) {
+ ret = selinux_raw_to_trans_context(rcontext, context);
+ freecon(rcontext);
+ }
+
+ return ret;
+}
+
+static int setprocattrcon_raw(security_context_t context,
+ pid_t pid, const char *attr)
+{
+ char *path;
+ int fd, rc;
+ pid_t tid;
+ ssize_t ret;
+ int errno_hold;
+
+ if (pid > 0)
+ rc = asprintf(&path, "/proc/%d/attr/%s", pid, attr);
+ else {
+ tid = gettid();
+ rc = asprintf(&path, "/proc/self/task/%d/attr/%s", tid, attr);
+ }
+ if (rc < 0)
+ return -1;
+
+ fd = open(path, O_RDWR);
+ free(path);
+ if (fd < 0)
+ return -1;
+ if (context)
+ do {
+ ret = write(fd, context, strlen(context) + 1);
+ } while (ret < 0 && errno == EINTR);
+ else
+ do {
+ ret = write(fd, NULL, 0); /* clear */
+ } while (ret < 0 && errno == EINTR);
+ errno_hold = errno;
+ close(fd);
+ errno = errno_hold;
+ if (ret < 0)
+ return -1;
+ else
+ return 0;
+}
+
+static int setprocattrcon(security_context_t context,
+ pid_t pid, const char *attr)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = setprocattrcon_raw(rcontext, pid, attr);
+
+ freecon(rcontext);
+
+ return ret;
+}
+
+#define getselfattr_def(fn, attr) \
+ int get##fn##_raw(security_context_t *c) \
+ { \
+ return getprocattrcon_raw(c, 0, #attr); \
+ } \
+ int get##fn(security_context_t *c) \
+ { \
+ return getprocattrcon(c, 0, #attr); \
+ }
+
+#define setselfattr_def(fn, attr) \
+ int set##fn##_raw(security_context_t c) \
+ { \
+ return setprocattrcon_raw(c, 0, #attr); \
+ } \
+ int set##fn(security_context_t c) \
+ { \
+ return setprocattrcon(c, 0, #attr); \
+ }
+
+#define all_selfattr_def(fn, attr) \
+ getselfattr_def(fn, attr) \
+ setselfattr_def(fn, attr)
+
+#define getpidattr_def(fn, attr) \
+ int get##fn##_raw(pid_t pid, security_context_t *c) \
+ { \
+ return getprocattrcon_raw(c, pid, #attr); \
+ } \
+ int get##fn(pid_t pid, security_context_t *c) \
+ { \
+ return getprocattrcon(c, pid, #attr); \
+ }
+
+all_selfattr_def(con, current)
+ getpidattr_def(pidcon, current)
+ getselfattr_def(prevcon, prev)
+ all_selfattr_def(execcon, exec)
+ all_selfattr_def(fscreatecon, fscreate)
+ all_selfattr_def(sockcreatecon, sockcreate)
+ all_selfattr_def(keycreatecon, keycreate)
+
+ hidden_def(getcon_raw)
+ hidden_def(getcon)
+ hidden_def(getexeccon_raw)
+ hidden_def(getfilecon_raw)
+ hidden_def(getfilecon)
+ hidden_def(getfscreatecon_raw)
+ hidden_def(getkeycreatecon_raw)
+ hidden_def(getpeercon_raw)
+ hidden_def(getpidcon_raw)
+ hidden_def(getprevcon_raw)
+ hidden_def(getprevcon)
+ hidden_def(getsockcreatecon_raw)
+ hidden_def(setcon_raw)
+ hidden_def(setexeccon_raw)
+ hidden_def(setexeccon)
+ hidden_def(setfilecon_raw)
+ hidden_def(setfscreatecon_raw)
+ hidden_def(setkeycreatecon_raw)
+ hidden_def(setsockcreatecon_raw)
diff --git a/libselinux/src/query_user_context.c b/libselinux/src/query_user_context.c
new file mode 100644
index 0000000..dcfc1b0
--- /dev/null
+++ b/libselinux/src/query_user_context.c
@@ -0,0 +1,180 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+#include <selinux/get_context_list.h>
+
+/* context_menu - given a list of contexts, presents a menu of security contexts
+ * to the user. Returns the number (position in the list) of
+ * the user selected context.
+ */
+static int context_menu(security_context_t * list)
+{
+ int i; /* array index */
+ int choice = 0; /* index of the user's choice */
+ char response[10]; /* string to hold the user's response */
+
+ printf("\n\n");
+ for (i = 0; list[i]; i++)
+ printf("[%d] %s\n", i + 1, list[i]);
+
+ while ((choice < 1) || (choice > i)) {
+ printf("Enter number of choice: ");
+ fflush(stdin);
+ if (fgets(response, sizeof(response), stdin) == NULL)
+ continue;
+ fflush(stdin);
+ choice = strtol(response, NULL, 10);
+ }
+
+ return (choice - 1);
+}
+
+/* query_user_context - given a list of context, allow the user to choose one. The
+ * default is the first context in the list. Returns 0 on
+ * success, -1 on failure
+ */
+int query_user_context(security_context_t * list, security_context_t * usercon)
+{
+ char response[10]; /* The user's response */
+ int choice; /* The index in the list of the sid chosen by
+ the user */
+
+ if (!list[0])
+ return -1;
+
+ printf("\nYour default context is %s.\n", list[0]);
+ if (list[1]) {
+ printf("Do you want to choose a different one? [n]");
+ fflush(stdin);
+ if (fgets(response, sizeof(response), stdin) == NULL)
+ return -1;
+ fflush(stdin);
+
+ if ((response[0] == 'y') || (response[0] == 'Y')) {
+ choice = context_menu(list);
+ *usercon = strdup(list[choice]);
+ if (!(*usercon))
+ return -1;
+ return 0;
+ }
+
+ *usercon = strdup(list[0]);
+ if (!(*usercon))
+ return -1;
+ } else {
+ *usercon = strdup(list[0]);
+ if (!(*usercon))
+ return -1;
+ }
+
+ return 0;
+}
+
+/* get_field - given fieldstr - the "name" of a field, query the user
+ * and set the new value of the field
+ */
+static void get_field(const char *fieldstr, char *newfield, int newfieldlen)
+{
+ int done = 0; /* true if a non-empty field has been obtained */
+
+ while (!done) { /* Keep going until we get a value for the field */
+ printf("\tEnter %s ", fieldstr);
+ fflush(stdin);
+ if (fgets(newfield, newfieldlen, stdin) == NULL)
+ continue;
+ fflush(stdin);
+ if (newfield[strlen(newfield) - 1] == '\n')
+ newfield[strlen(newfield) - 1] = '\0';
+
+ if (strlen(newfield) == 0) {
+ printf("You must enter a %s\n", fieldstr);
+ } else {
+ done = 1;
+ }
+ }
+}
+
+/* manual_user_enter_context - provides a way for a user to manually enter a
+ * context in case the policy doesn't allow a list
+ * to be obtained.
+ * given the userid, queries the user and places the
+ * context chosen by the user into usercon. Returns 0
+ * on success.
+ */
+int manual_user_enter_context(const char *user, security_context_t * newcon)
+{
+ char response[10]; /* Used to get yes or no answers from user */
+ char role[100]; /* The role requested by the user */
+ int rolelen = 100;
+ char type[100]; /* The type requested by the user */
+ int typelen = 100;
+ char level[100]; /* The level requested by the user */
+ int levellen = 100;
+ int mls_enabled = is_selinux_mls_enabled();
+
+ context_t new_context; /* The new context chosen by the user */
+ char *user_context = NULL; /* String value of the user's context */
+ int done = 0; /* true if a valid sid has been obtained */
+
+ /* Initialize the context. How this is done depends on whether
+ or not MLS is enabled */
+ if (mls_enabled)
+ new_context = context_new("user:role:type:level");
+ else
+ new_context = context_new("user:role:type");
+
+ if (!new_context)
+ return -1;
+
+ while (!done) {
+ printf("Would you like to enter a security context? [y]");
+ if (fgets(response, sizeof(response), stdin) == NULL
+ || (response[0] == 'n') || (response[0] == 'N')) {
+ context_free(new_context);
+ return -1;
+ }
+
+ /* Allow the user to enter each field of the context individually */
+ if (context_user_set(new_context, user)) {
+ context_free(new_context);
+ return -1;
+ }
+ get_field("role", role, rolelen);
+ if (context_role_set(new_context, role)) {
+ context_free(new_context);
+ return -1;
+ }
+ get_field("type", type, typelen);
+ if (context_type_set(new_context, type)) {
+ context_free(new_context);
+ return -1;
+ }
+
+ if (mls_enabled) {
+ get_field("level", level, levellen);
+ if (context_range_set(new_context, level)) {
+ context_free(new_context);
+ return -1;
+ }
+ }
+
+ /* Get the string value of the context and see if it is valid. */
+ user_context = context_str(new_context);
+ if (!user_context) {
+ context_free(new_context);
+ return -1;
+ }
+ if (!security_check_context(user_context))
+ done = 1;
+ else
+ printf("Not a valid security context\n");
+ }
+
+ *newcon = strdup(user_context);
+ context_free(new_context);
+ if (!(*newcon))
+ return -1;
+ return 0;
+}
diff --git a/libselinux/src/rpm.c b/libselinux/src/rpm.c
new file mode 100644
index 0000000..b89f1bb
--- /dev/null
+++ b/libselinux/src/rpm.c
@@ -0,0 +1,58 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <selinux/flask.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+int rpm_execcon(unsigned int verified __attribute__ ((unused)),
+ const char *filename, char *const argv[], char *const envp[])
+{
+ security_context_t mycon = NULL, fcon = NULL, newcon = NULL;
+ context_t con = NULL;
+ int rc = 0;
+
+ if (is_selinux_enabled() < 1)
+ return execve(filename, argv, envp);
+
+ rc = getcon(&mycon);
+ if (rc < 0)
+ goto out;
+
+ rc = getfilecon(filename, &fcon);
+ if (rc < 0)
+ goto out;
+
+ rc = security_compute_create(mycon, fcon, SECCLASS_PROCESS, &newcon);
+ if (rc < 0)
+ goto out;
+
+ if (!strcmp(mycon, newcon)) {
+ /* No default transition, use rpm_script_t for now. */
+ rc = -1;
+ con = context_new(mycon);
+ if (!con)
+ goto out;
+ if (context_type_set(con, "rpm_script_t"))
+ goto out;
+ freecon(newcon);
+ newcon = strdup(context_str(con));
+ if (!newcon)
+ goto out;
+ rc = 0;
+ }
+
+ rc = setexeccon(newcon);
+ if (rc < 0)
+ goto out;
+ out:
+
+ if (rc >= 0 || security_getenforce() < 1)
+ rc = execve(filename, argv, envp);
+
+ context_free(con);
+ freecon(newcon);
+ freecon(fcon);
+ freecon(mycon);
+ return rc < 0 ? rc : 0;
+}
diff --git a/libselinux/src/selinux.py b/libselinux/src/selinux.py
new file mode 100644
index 0000000..3989922
--- /dev/null
+++ b/libselinux/src/selinux.py
@@ -0,0 +1,513 @@
+# This file was automatically generated by SWIG (http://www.swig.org).
+# Version 1.3.33
+#
+# Don't modify this file, modify the SWIG interface instead.
+# This file is compatible with both classic and new-style classes.
+
+import _selinux
+import new
+new_instancemethod = new.instancemethod
+try:
+ _swig_property = property
+except NameError:
+ pass # Python < 2.2 doesn't have 'property'.
+def _swig_setattr_nondynamic(self,class_type,name,value,static=1):
+ if (name == "thisown"): return self.this.own(value)
+ if (name == "this"):
+ if type(value).__name__ == 'PySwigObject':
+ self.__dict__[name] = value
+ return
+ method = class_type.__swig_setmethods__.get(name,None)
+ if method: return method(self,value)
+ if (not static) or hasattr(self,name):
+ self.__dict__[name] = value
+ else:
+ raise AttributeError("You cannot add attributes to %s" % self)
+
+def _swig_setattr(self,class_type,name,value):
+ return _swig_setattr_nondynamic(self,class_type,name,value,0)
+
+def _swig_getattr(self,class_type,name):
+ if (name == "thisown"): return self.this.own()
+ method = class_type.__swig_getmethods__.get(name,None)
+ if method: return method(self)
+ raise AttributeError,name
+
+def _swig_repr(self):
+ try: strthis = "proxy of " + self.this.__repr__()
+ except: strthis = ""
+ return "<%s.%s; %s >" % (self.__class__.__module__, self.__class__.__name__, strthis,)
+
+import types
+try:
+ _object = types.ObjectType
+ _newclass = 1
+except AttributeError:
+ class _object : pass
+ _newclass = 0
+del types
+
+
+is_selinux_enabled = _selinux.is_selinux_enabled
+is_selinux_mls_enabled = _selinux.is_selinux_mls_enabled
+getcon = _selinux.getcon
+getcon_raw = _selinux.getcon_raw
+setcon = _selinux.setcon
+setcon_raw = _selinux.setcon_raw
+getpidcon = _selinux.getpidcon
+getpidcon_raw = _selinux.getpidcon_raw
+getprevcon = _selinux.getprevcon
+getprevcon_raw = _selinux.getprevcon_raw
+getexeccon = _selinux.getexeccon
+getexeccon_raw = _selinux.getexeccon_raw
+setexeccon = _selinux.setexeccon
+setexeccon_raw = _selinux.setexeccon_raw
+getfscreatecon = _selinux.getfscreatecon
+getfscreatecon_raw = _selinux.getfscreatecon_raw
+setfscreatecon = _selinux.setfscreatecon
+setfscreatecon_raw = _selinux.setfscreatecon_raw
+getkeycreatecon = _selinux.getkeycreatecon
+getkeycreatecon_raw = _selinux.getkeycreatecon_raw
+setkeycreatecon = _selinux.setkeycreatecon
+setkeycreatecon_raw = _selinux.setkeycreatecon_raw
+getsockcreatecon = _selinux.getsockcreatecon
+getsockcreatecon_raw = _selinux.getsockcreatecon_raw
+setsockcreatecon = _selinux.setsockcreatecon
+setsockcreatecon_raw = _selinux.setsockcreatecon_raw
+getfilecon = _selinux.getfilecon
+getfilecon_raw = _selinux.getfilecon_raw
+lgetfilecon = _selinux.lgetfilecon
+lgetfilecon_raw = _selinux.lgetfilecon_raw
+fgetfilecon = _selinux.fgetfilecon
+fgetfilecon_raw = _selinux.fgetfilecon_raw
+setfilecon = _selinux.setfilecon
+setfilecon_raw = _selinux.setfilecon_raw
+lsetfilecon = _selinux.lsetfilecon
+lsetfilecon_raw = _selinux.lsetfilecon_raw
+fsetfilecon = _selinux.fsetfilecon
+fsetfilecon_raw = _selinux.fsetfilecon_raw
+getpeercon = _selinux.getpeercon
+getpeercon_raw = _selinux.getpeercon_raw
+class av_decision(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, av_decision, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, av_decision, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["allowed"] = _selinux.av_decision_allowed_set
+ __swig_getmethods__["allowed"] = _selinux.av_decision_allowed_get
+ if _newclass:allowed = _swig_property(_selinux.av_decision_allowed_get, _selinux.av_decision_allowed_set)
+ __swig_setmethods__["decided"] = _selinux.av_decision_decided_set
+ __swig_getmethods__["decided"] = _selinux.av_decision_decided_get
+ if _newclass:decided = _swig_property(_selinux.av_decision_decided_get, _selinux.av_decision_decided_set)
+ __swig_setmethods__["auditallow"] = _selinux.av_decision_auditallow_set
+ __swig_getmethods__["auditallow"] = _selinux.av_decision_auditallow_get
+ if _newclass:auditallow = _swig_property(_selinux.av_decision_auditallow_get, _selinux.av_decision_auditallow_set)
+ __swig_setmethods__["auditdeny"] = _selinux.av_decision_auditdeny_set
+ __swig_getmethods__["auditdeny"] = _selinux.av_decision_auditdeny_get
+ if _newclass:auditdeny = _swig_property(_selinux.av_decision_auditdeny_get, _selinux.av_decision_auditdeny_set)
+ __swig_setmethods__["seqno"] = _selinux.av_decision_seqno_set
+ __swig_getmethods__["seqno"] = _selinux.av_decision_seqno_get
+ if _newclass:seqno = _swig_property(_selinux.av_decision_seqno_get, _selinux.av_decision_seqno_set)
+ def __init__(self, *args):
+ this = _selinux.new_av_decision(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_av_decision
+ __del__ = lambda self : None;
+av_decision_swigregister = _selinux.av_decision_swigregister
+av_decision_swigregister(av_decision)
+
+class selinux_opt(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, selinux_opt, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, selinux_opt, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["type"] = _selinux.selinux_opt_type_set
+ __swig_getmethods__["type"] = _selinux.selinux_opt_type_get
+ if _newclass:type = _swig_property(_selinux.selinux_opt_type_get, _selinux.selinux_opt_type_set)
+ __swig_setmethods__["value"] = _selinux.selinux_opt_value_set
+ __swig_getmethods__["value"] = _selinux.selinux_opt_value_get
+ if _newclass:value = _swig_property(_selinux.selinux_opt_value_get, _selinux.selinux_opt_value_set)
+ def __init__(self, *args):
+ this = _selinux.new_selinux_opt(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_selinux_opt
+ __del__ = lambda self : None;
+selinux_opt_swigregister = _selinux.selinux_opt_swigregister
+selinux_opt_swigregister(selinux_opt)
+
+class selinux_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, selinux_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, selinux_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_log"] = _selinux.selinux_callback_func_log_set
+ __swig_getmethods__["func_log"] = _selinux.selinux_callback_func_log_get
+ if _newclass:func_log = _swig_property(_selinux.selinux_callback_func_log_get, _selinux.selinux_callback_func_log_set)
+ __swig_setmethods__["func_audit"] = _selinux.selinux_callback_func_audit_set
+ __swig_getmethods__["func_audit"] = _selinux.selinux_callback_func_audit_get
+ if _newclass:func_audit = _swig_property(_selinux.selinux_callback_func_audit_get, _selinux.selinux_callback_func_audit_set)
+ __swig_setmethods__["func_validate"] = _selinux.selinux_callback_func_validate_set
+ __swig_getmethods__["func_validate"] = _selinux.selinux_callback_func_validate_get
+ if _newclass:func_validate = _swig_property(_selinux.selinux_callback_func_validate_get, _selinux.selinux_callback_func_validate_set)
+ def __init__(self, *args):
+ this = _selinux.new_selinux_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_selinux_callback
+ __del__ = lambda self : None;
+selinux_callback_swigregister = _selinux.selinux_callback_swigregister
+selinux_callback_swigregister(selinux_callback)
+
+SELINUX_CB_LOG = _selinux.SELINUX_CB_LOG
+SELINUX_CB_AUDIT = _selinux.SELINUX_CB_AUDIT
+SELINUX_CB_VALIDATE = _selinux.SELINUX_CB_VALIDATE
+selinux_get_callback = _selinux.selinux_get_callback
+selinux_set_callback = _selinux.selinux_set_callback
+SELINUX_ERROR = _selinux.SELINUX_ERROR
+SELINUX_WARNING = _selinux.SELINUX_WARNING
+SELINUX_INFO = _selinux.SELINUX_INFO
+SELINUX_AVC = _selinux.SELINUX_AVC
+security_compute_av = _selinux.security_compute_av
+security_compute_av_raw = _selinux.security_compute_av_raw
+security_compute_create = _selinux.security_compute_create
+security_compute_create_raw = _selinux.security_compute_create_raw
+security_compute_relabel = _selinux.security_compute_relabel
+security_compute_relabel_raw = _selinux.security_compute_relabel_raw
+security_compute_member = _selinux.security_compute_member
+security_compute_member_raw = _selinux.security_compute_member_raw
+security_compute_user = _selinux.security_compute_user
+security_compute_user_raw = _selinux.security_compute_user_raw
+security_load_policy = _selinux.security_load_policy
+security_get_initial_context = _selinux.security_get_initial_context
+security_get_initial_context_raw = _selinux.security_get_initial_context_raw
+selinux_mkload_policy = _selinux.selinux_mkload_policy
+selinux_init_load_policy = _selinux.selinux_init_load_policy
+class SELboolean(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, SELboolean, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, SELboolean, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["name"] = _selinux.SELboolean_name_set
+ __swig_getmethods__["name"] = _selinux.SELboolean_name_get
+ if _newclass:name = _swig_property(_selinux.SELboolean_name_get, _selinux.SELboolean_name_set)
+ __swig_setmethods__["value"] = _selinux.SELboolean_value_set
+ __swig_getmethods__["value"] = _selinux.SELboolean_value_get
+ if _newclass:value = _swig_property(_selinux.SELboolean_value_get, _selinux.SELboolean_value_set)
+ def __init__(self, *args):
+ this = _selinux.new_SELboolean(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_SELboolean
+ __del__ = lambda self : None;
+SELboolean_swigregister = _selinux.SELboolean_swigregister
+SELboolean_swigregister(SELboolean)
+
+security_set_boolean_list = _selinux.security_set_boolean_list
+security_load_booleans = _selinux.security_load_booleans
+security_check_context = _selinux.security_check_context
+security_check_context_raw = _selinux.security_check_context_raw
+security_canonicalize_context = _selinux.security_canonicalize_context
+security_canonicalize_context_raw = _selinux.security_canonicalize_context_raw
+security_getenforce = _selinux.security_getenforce
+security_setenforce = _selinux.security_setenforce
+security_disable = _selinux.security_disable
+security_policyvers = _selinux.security_policyvers
+security_get_boolean_names = _selinux.security_get_boolean_names
+security_get_boolean_pending = _selinux.security_get_boolean_pending
+security_get_boolean_active = _selinux.security_get_boolean_active
+security_set_boolean = _selinux.security_set_boolean
+security_commit_booleans = _selinux.security_commit_booleans
+class security_class_mapping(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, security_class_mapping, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, security_class_mapping, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["name"] = _selinux.security_class_mapping_name_set
+ __swig_getmethods__["name"] = _selinux.security_class_mapping_name_get
+ if _newclass:name = _swig_property(_selinux.security_class_mapping_name_get, _selinux.security_class_mapping_name_set)
+ __swig_setmethods__["perms"] = _selinux.security_class_mapping_perms_set
+ __swig_getmethods__["perms"] = _selinux.security_class_mapping_perms_get
+ if _newclass:perms = _swig_property(_selinux.security_class_mapping_perms_get, _selinux.security_class_mapping_perms_set)
+ def __init__(self, *args):
+ this = _selinux.new_security_class_mapping(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_security_class_mapping
+ __del__ = lambda self : None;
+security_class_mapping_swigregister = _selinux.security_class_mapping_swigregister
+security_class_mapping_swigregister(security_class_mapping)
+
+selinux_set_mapping = _selinux.selinux_set_mapping
+string_to_security_class = _selinux.string_to_security_class
+security_class_to_string = _selinux.security_class_to_string
+security_av_perm_to_string = _selinux.security_av_perm_to_string
+string_to_av_perm = _selinux.string_to_av_perm
+security_av_string = _selinux.security_av_string
+print_access_vector = _selinux.print_access_vector
+MATCHPATHCON_BASEONLY = _selinux.MATCHPATHCON_BASEONLY
+MATCHPATHCON_NOTRANS = _selinux.MATCHPATHCON_NOTRANS
+MATCHPATHCON_VALIDATE = _selinux.MATCHPATHCON_VALIDATE
+set_matchpathcon_flags = _selinux.set_matchpathcon_flags
+matchpathcon_init = _selinux.matchpathcon_init
+matchpathcon_init_prefix = _selinux.matchpathcon_init_prefix
+matchpathcon_fini = _selinux.matchpathcon_fini
+matchpathcon = _selinux.matchpathcon
+matchpathcon_index = _selinux.matchpathcon_index
+matchpathcon_filespec_add = _selinux.matchpathcon_filespec_add
+matchpathcon_filespec_destroy = _selinux.matchpathcon_filespec_destroy
+matchpathcon_filespec_eval = _selinux.matchpathcon_filespec_eval
+matchpathcon_checkmatches = _selinux.matchpathcon_checkmatches
+matchmediacon = _selinux.matchmediacon
+selinux_getenforcemode = _selinux.selinux_getenforcemode
+selinux_getpolicytype = _selinux.selinux_getpolicytype
+selinux_policy_root = _selinux.selinux_policy_root
+selinux_binary_policy_path = _selinux.selinux_binary_policy_path
+selinux_failsafe_context_path = _selinux.selinux_failsafe_context_path
+selinux_removable_context_path = _selinux.selinux_removable_context_path
+selinux_default_context_path = _selinux.selinux_default_context_path
+selinux_user_contexts_path = _selinux.selinux_user_contexts_path
+selinux_file_context_path = _selinux.selinux_file_context_path
+selinux_file_context_homedir_path = _selinux.selinux_file_context_homedir_path
+selinux_file_context_local_path = _selinux.selinux_file_context_local_path
+selinux_homedir_context_path = _selinux.selinux_homedir_context_path
+selinux_media_context_path = _selinux.selinux_media_context_path
+selinux_x_context_path = _selinux.selinux_x_context_path
+selinux_contexts_path = _selinux.selinux_contexts_path
+selinux_securetty_types_path = _selinux.selinux_securetty_types_path
+selinux_booleans_path = _selinux.selinux_booleans_path
+selinux_customizable_types_path = _selinux.selinux_customizable_types_path
+selinux_users_path = _selinux.selinux_users_path
+selinux_usersconf_path = _selinux.selinux_usersconf_path
+selinux_translations_path = _selinux.selinux_translations_path
+selinux_netfilter_context_path = _selinux.selinux_netfilter_context_path
+selinux_path = _selinux.selinux_path
+selinux_check_passwd_access = _selinux.selinux_check_passwd_access
+checkPasswdAccess = _selinux.checkPasswdAccess
+selinux_check_securetty_context = _selinux.selinux_check_securetty_context
+set_selinuxmnt = _selinux.set_selinuxmnt
+rpm_execcon = _selinux.rpm_execcon
+is_context_customizable = _selinux.is_context_customizable
+selinux_trans_to_raw_context = _selinux.selinux_trans_to_raw_context
+selinux_raw_to_trans_context = _selinux.selinux_raw_to_trans_context
+getseuserbyname = _selinux.getseuserbyname
+selinux_file_context_cmp = _selinux.selinux_file_context_cmp
+selinux_file_context_verify = _selinux.selinux_file_context_verify
+selinux_lsetfilecon_default = _selinux.selinux_lsetfilecon_default
+class security_id(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, security_id, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, security_id, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["ctx"] = _selinux.security_id_ctx_set
+ __swig_getmethods__["ctx"] = _selinux.security_id_ctx_get
+ if _newclass:ctx = _swig_property(_selinux.security_id_ctx_get, _selinux.security_id_ctx_set)
+ __swig_setmethods__["refcnt"] = _selinux.security_id_refcnt_set
+ __swig_getmethods__["refcnt"] = _selinux.security_id_refcnt_get
+ if _newclass:refcnt = _swig_property(_selinux.security_id_refcnt_get, _selinux.security_id_refcnt_set)
+ def __init__(self, *args):
+ this = _selinux.new_security_id(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_security_id
+ __del__ = lambda self : None;
+security_id_swigregister = _selinux.security_id_swigregister
+security_id_swigregister(security_id)
+
+avc_sid_to_context = _selinux.avc_sid_to_context
+avc_sid_to_context_raw = _selinux.avc_sid_to_context_raw
+avc_context_to_sid = _selinux.avc_context_to_sid
+avc_context_to_sid_raw = _selinux.avc_context_to_sid_raw
+sidget = _selinux.sidget
+sidput = _selinux.sidput
+avc_get_initial_sid = _selinux.avc_get_initial_sid
+class avc_entry_ref(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_entry_ref, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_entry_ref, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["ae"] = _selinux.avc_entry_ref_ae_set
+ __swig_getmethods__["ae"] = _selinux.avc_entry_ref_ae_get
+ if _newclass:ae = _swig_property(_selinux.avc_entry_ref_ae_get, _selinux.avc_entry_ref_ae_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_entry_ref(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_entry_ref
+ __del__ = lambda self : None;
+avc_entry_ref_swigregister = _selinux.avc_entry_ref_swigregister
+avc_entry_ref_swigregister(avc_entry_ref)
+
+class avc_memory_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_memory_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_memory_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_set
+ __swig_getmethods__["func_malloc"] = _selinux.avc_memory_callback_func_malloc_get
+ if _newclass:func_malloc = _swig_property(_selinux.avc_memory_callback_func_malloc_get, _selinux.avc_memory_callback_func_malloc_set)
+ __swig_setmethods__["func_free"] = _selinux.avc_memory_callback_func_free_set
+ __swig_getmethods__["func_free"] = _selinux.avc_memory_callback_func_free_get
+ if _newclass:func_free = _swig_property(_selinux.avc_memory_callback_func_free_get, _selinux.avc_memory_callback_func_free_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_memory_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_memory_callback
+ __del__ = lambda self : None;
+avc_memory_callback_swigregister = _selinux.avc_memory_callback_swigregister
+avc_memory_callback_swigregister(avc_memory_callback)
+
+class avc_log_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_log_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_log_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_log"] = _selinux.avc_log_callback_func_log_set
+ __swig_getmethods__["func_log"] = _selinux.avc_log_callback_func_log_get
+ if _newclass:func_log = _swig_property(_selinux.avc_log_callback_func_log_get, _selinux.avc_log_callback_func_log_set)
+ __swig_setmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_set
+ __swig_getmethods__["func_audit"] = _selinux.avc_log_callback_func_audit_get
+ if _newclass:func_audit = _swig_property(_selinux.avc_log_callback_func_audit_get, _selinux.avc_log_callback_func_audit_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_log_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_log_callback
+ __del__ = lambda self : None;
+avc_log_callback_swigregister = _selinux.avc_log_callback_swigregister
+avc_log_callback_swigregister(avc_log_callback)
+
+class avc_thread_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_thread_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_thread_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_set
+ __swig_getmethods__["func_create_thread"] = _selinux.avc_thread_callback_func_create_thread_get
+ if _newclass:func_create_thread = _swig_property(_selinux.avc_thread_callback_func_create_thread_get, _selinux.avc_thread_callback_func_create_thread_set)
+ __swig_setmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_set
+ __swig_getmethods__["func_stop_thread"] = _selinux.avc_thread_callback_func_stop_thread_get
+ if _newclass:func_stop_thread = _swig_property(_selinux.avc_thread_callback_func_stop_thread_get, _selinux.avc_thread_callback_func_stop_thread_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_thread_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_thread_callback
+ __del__ = lambda self : None;
+avc_thread_callback_swigregister = _selinux.avc_thread_callback_swigregister
+avc_thread_callback_swigregister(avc_thread_callback)
+
+class avc_lock_callback(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_lock_callback, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_lock_callback, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_set
+ __swig_getmethods__["func_alloc_lock"] = _selinux.avc_lock_callback_func_alloc_lock_get
+ if _newclass:func_alloc_lock = _swig_property(_selinux.avc_lock_callback_func_alloc_lock_get, _selinux.avc_lock_callback_func_alloc_lock_set)
+ __swig_setmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_set
+ __swig_getmethods__["func_get_lock"] = _selinux.avc_lock_callback_func_get_lock_get
+ if _newclass:func_get_lock = _swig_property(_selinux.avc_lock_callback_func_get_lock_get, _selinux.avc_lock_callback_func_get_lock_set)
+ __swig_setmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_set
+ __swig_getmethods__["func_release_lock"] = _selinux.avc_lock_callback_func_release_lock_get
+ if _newclass:func_release_lock = _swig_property(_selinux.avc_lock_callback_func_release_lock_get, _selinux.avc_lock_callback_func_release_lock_set)
+ __swig_setmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_set
+ __swig_getmethods__["func_free_lock"] = _selinux.avc_lock_callback_func_free_lock_get
+ if _newclass:func_free_lock = _swig_property(_selinux.avc_lock_callback_func_free_lock_get, _selinux.avc_lock_callback_func_free_lock_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_lock_callback(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_lock_callback
+ __del__ = lambda self : None;
+avc_lock_callback_swigregister = _selinux.avc_lock_callback_swigregister
+avc_lock_callback_swigregister(avc_lock_callback)
+
+AVC_OPT_UNUSED = _selinux.AVC_OPT_UNUSED
+AVC_OPT_SETENFORCE = _selinux.AVC_OPT_SETENFORCE
+avc_init = _selinux.avc_init
+avc_open = _selinux.avc_open
+avc_cleanup = _selinux.avc_cleanup
+avc_reset = _selinux.avc_reset
+avc_destroy = _selinux.avc_destroy
+avc_has_perm_noaudit = _selinux.avc_has_perm_noaudit
+avc_has_perm = _selinux.avc_has_perm
+avc_audit = _selinux.avc_audit
+avc_compute_create = _selinux.avc_compute_create
+avc_compute_member = _selinux.avc_compute_member
+AVC_CALLBACK_GRANT = _selinux.AVC_CALLBACK_GRANT
+AVC_CALLBACK_TRY_REVOKE = _selinux.AVC_CALLBACK_TRY_REVOKE
+AVC_CALLBACK_REVOKE = _selinux.AVC_CALLBACK_REVOKE
+AVC_CALLBACK_RESET = _selinux.AVC_CALLBACK_RESET
+AVC_CALLBACK_AUDITALLOW_ENABLE = _selinux.AVC_CALLBACK_AUDITALLOW_ENABLE
+AVC_CALLBACK_AUDITALLOW_DISABLE = _selinux.AVC_CALLBACK_AUDITALLOW_DISABLE
+AVC_CALLBACK_AUDITDENY_ENABLE = _selinux.AVC_CALLBACK_AUDITDENY_ENABLE
+AVC_CALLBACK_AUDITDENY_DISABLE = _selinux.AVC_CALLBACK_AUDITDENY_DISABLE
+AVC_CACHE_STATS = _selinux.AVC_CACHE_STATS
+class avc_cache_stats(_object):
+ __swig_setmethods__ = {}
+ __setattr__ = lambda self, name, value: _swig_setattr(self, avc_cache_stats, name, value)
+ __swig_getmethods__ = {}
+ __getattr__ = lambda self, name: _swig_getattr(self, avc_cache_stats, name)
+ __repr__ = _swig_repr
+ __swig_setmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_set
+ __swig_getmethods__["entry_lookups"] = _selinux.avc_cache_stats_entry_lookups_get
+ if _newclass:entry_lookups = _swig_property(_selinux.avc_cache_stats_entry_lookups_get, _selinux.avc_cache_stats_entry_lookups_set)
+ __swig_setmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_set
+ __swig_getmethods__["entry_hits"] = _selinux.avc_cache_stats_entry_hits_get
+ if _newclass:entry_hits = _swig_property(_selinux.avc_cache_stats_entry_hits_get, _selinux.avc_cache_stats_entry_hits_set)
+ __swig_setmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_set
+ __swig_getmethods__["entry_misses"] = _selinux.avc_cache_stats_entry_misses_get
+ if _newclass:entry_misses = _swig_property(_selinux.avc_cache_stats_entry_misses_get, _selinux.avc_cache_stats_entry_misses_set)
+ __swig_setmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_set
+ __swig_getmethods__["entry_discards"] = _selinux.avc_cache_stats_entry_discards_get
+ if _newclass:entry_discards = _swig_property(_selinux.avc_cache_stats_entry_discards_get, _selinux.avc_cache_stats_entry_discards_set)
+ __swig_setmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_set
+ __swig_getmethods__["cav_lookups"] = _selinux.avc_cache_stats_cav_lookups_get
+ if _newclass:cav_lookups = _swig_property(_selinux.avc_cache_stats_cav_lookups_get, _selinux.avc_cache_stats_cav_lookups_set)
+ __swig_setmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_set
+ __swig_getmethods__["cav_hits"] = _selinux.avc_cache_stats_cav_hits_get
+ if _newclass:cav_hits = _swig_property(_selinux.avc_cache_stats_cav_hits_get, _selinux.avc_cache_stats_cav_hits_set)
+ __swig_setmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_set
+ __swig_getmethods__["cav_probes"] = _selinux.avc_cache_stats_cav_probes_get
+ if _newclass:cav_probes = _swig_property(_selinux.avc_cache_stats_cav_probes_get, _selinux.avc_cache_stats_cav_probes_set)
+ __swig_setmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_set
+ __swig_getmethods__["cav_misses"] = _selinux.avc_cache_stats_cav_misses_get
+ if _newclass:cav_misses = _swig_property(_selinux.avc_cache_stats_cav_misses_get, _selinux.avc_cache_stats_cav_misses_set)
+ def __init__(self, *args):
+ this = _selinux.new_avc_cache_stats(*args)
+ try: self.this.append(this)
+ except: self.this = this
+ __swig_destroy__ = _selinux.delete_avc_cache_stats
+ __del__ = lambda self : None;
+avc_cache_stats_swigregister = _selinux.avc_cache_stats_swigregister
+avc_cache_stats_swigregister(avc_cache_stats)
+
+avc_av_stats = _selinux.avc_av_stats
+avc_sid_stats = _selinux.avc_sid_stats
+selinux_default_type_path = _selinux.selinux_default_type_path
+get_default_type = _selinux.get_default_type
+SELINUX_DEFAULTUSER = _selinux.SELINUX_DEFAULTUSER
+get_ordered_context_list = _selinux.get_ordered_context_list
+get_ordered_context_list_with_level = _selinux.get_ordered_context_list_with_level
+get_default_context = _selinux.get_default_context
+get_default_context_with_level = _selinux.get_default_context_with_level
+get_default_context_with_role = _selinux.get_default_context_with_role
+get_default_context_with_rolelevel = _selinux.get_default_context_with_rolelevel
+query_user_context = _selinux.query_user_context
+manual_user_enter_context = _selinux.manual_user_enter_context
+
+
diff --git a/libselinux/src/selinux_check_securetty_context.c b/libselinux/src/selinux_check_securetty_context.c
new file mode 100644
index 0000000..fdb5a59
--- /dev/null
+++ b/libselinux/src/selinux_check_securetty_context.c
@@ -0,0 +1,53 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <ctype.h>
+#include "selinux_internal.h"
+#include "context_internal.h"
+
+int selinux_check_securetty_context(security_context_t tty_context)
+{
+ char *line = NULL;
+ char *start, *end = NULL;
+ size_t line_len = 0;
+ ssize_t len;
+ int found = -1;
+ FILE *fp;
+ fp = fopen(selinux_securetty_types_path(), "r");
+ if (fp) {
+ context_t con = context_new(tty_context);
+ if (con) {
+ const char *type = context_type_get(con);
+ while ((len = getline(&line, &line_len, fp)) != -1) {
+
+ if (line[len - 1] == '\n')
+ line[len - 1] = 0;
+
+ /* Skip leading whitespace. */
+ start = line;
+ while (*start && isspace(*start))
+ start++;
+ if (!(*start))
+ continue;
+
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ if (*end)
+ *end++ = 0;
+ if (!strcmp(type, start)) {
+ found = 0;
+ break;
+ }
+ }
+ free(line);
+ context_free(con);
+ }
+ fclose(fp);
+ }
+
+ return found;
+}
+
+hidden_def(selinux_check_securetty_context)
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
new file mode 100644
index 0000000..7dbbb47
--- /dev/null
+++ b/libselinux/src/selinux_config.c
@@ -0,0 +1,385 @@
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <string.h>
+#include <ctype.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <stdlib.h>
+#include <limits.h>
+#include <unistd.h>
+#include "selinux_internal.h"
+#include "get_default_type_internal.h"
+
+#define SELINUXDIR "/etc/selinux/"
+#define SELINUXCONFIG SELINUXDIR "config"
+#define SELINUXDEFAULT "targeted"
+#define SELINUXTYPETAG "SELINUXTYPE="
+#define SELINUXTAG "SELINUX="
+#define SETLOCALDEFS "SETLOCALDEFS="
+#define REQUIRESEUSERS "REQUIRESEUSERS="
+
+/* Indices for file paths arrays. */
+#define BINPOLICY 0
+#define CONTEXTS_DIR 1
+#define FILE_CONTEXTS 2
+#define HOMEDIR_CONTEXTS 3
+#define DEFAULT_CONTEXTS 4
+#define USER_CONTEXTS 5
+#define FAILSAFE_CONTEXT 6
+#define DEFAULT_TYPE 7
+#define BOOLEANS 8
+#define MEDIA_CONTEXTS 9
+#define REMOVABLE_CONTEXT 10
+#define CUSTOMIZABLE_TYPES 11
+#define USERS_DIR 12
+#define SEUSERS 13
+#define TRANSLATIONS 14
+#define NETFILTER_CONTEXTS 15
+#define FILE_CONTEXTS_HOMEDIR 16
+#define FILE_CONTEXTS_LOCAL 17
+#define SECURETTY_TYPES 18
+#define X_CONTEXTS 19
+#define NEL 20
+
+/* New layout is relative to SELINUXDIR/policytype. */
+static char *file_paths[NEL];
+#define L1(l) L2(l)
+#define L2(l)str##l
+static const union file_path_suffixes_data {
+ struct {
+#define S_(n, s) char L1(__LINE__)[sizeof(s)];
+#include "file_path_suffixes.h"
+#undef S_
+ };
+ char str[0];
+} file_path_suffixes_data = {
+ {
+#define S_(n, s) s,
+#include "file_path_suffixes.h"
+#undef S_
+ }
+};
+static const uint16_t file_path_suffixes_idx[NEL] = {
+#define S_(n, s) [n] = offsetof(union file_path_suffixes_data, L1(__LINE__)),
+#include "file_path_suffixes.h"
+#undef S_
+};
+
+#undef L1
+#undef L2
+
+int selinux_getenforcemode(int *enforce)
+{
+ int ret = -1;
+ FILE *cfg = fopen(SELINUXCONFIG, "r");
+ if (cfg) {
+ char *buf;
+ int len = sizeof(SELINUXTAG) - 1;
+ buf = malloc(selinux_page_size);
+ if (!buf) {
+ fclose(cfg);
+ return -1;
+ }
+ while (fgets_unlocked(buf, selinux_page_size, cfg)) {
+ if (strncmp(buf, SELINUXTAG, len))
+ continue;
+ if (!strncasecmp
+ (buf + len, "enforcing", sizeof("enforcing") - 1)) {
+ *enforce = 1;
+ ret = 0;
+ break;
+ } else
+ if (!strncasecmp
+ (buf + len, "permissive",
+ sizeof("permissive") - 1)) {
+ *enforce = 0;
+ ret = 0;
+ break;
+ } else
+ if (!strncasecmp
+ (buf + len, "disabled",
+ sizeof("disabled") - 1)) {
+ *enforce = -1;
+ ret = 0;
+ break;
+ }
+ }
+ fclose(cfg);
+ free(buf);
+ }
+ return ret;
+}
+
+hidden_def(selinux_getenforcemode)
+
+static char *selinux_policytype;
+
+int selinux_getpolicytype(char **type)
+{
+ if (!selinux_policytype)
+ return -1;
+ *type = strdup(selinux_policytype);
+ return *type ? 0 : -1;
+}
+
+hidden_def(selinux_getpolicytype)
+
+static char *selinux_policyroot = NULL;
+static char *selinux_rootpath = NULL;
+
+static void init_selinux_config(void) __attribute__ ((constructor));
+
+static void init_selinux_config(void)
+{
+ int i, *intptr;
+ size_t line_len;
+ ssize_t len;
+ char *line_buf = NULL, *buf_p, *value, *type = NULL, *end;
+ FILE *fp;
+
+ if (selinux_policyroot)
+ return;
+
+ selinux_rootpath = SELINUXDIR;
+ fp = fopen(SELINUXCONFIG, "r");
+ if (fp) {
+ __fsetlocking(fp, FSETLOCKING_BYCALLER);
+ while ((len = getline(&line_buf, &line_len, fp)) > 0) {
+ if (line_buf[len - 1] == '\n')
+ line_buf[len - 1] = 0;
+ buf_p = line_buf;
+ while (isspace(*buf_p))
+ buf_p++;
+ if (*buf_p == '#' || *buf_p == 0)
+ continue;
+
+ if (!strncasecmp(buf_p, SELINUXTYPETAG,
+ sizeof(SELINUXTYPETAG) - 1)) {
+ selinux_policytype = type =
+ strdup(buf_p + sizeof(SELINUXTYPETAG) - 1);
+ if (!type)
+ return;
+ end = type + strlen(type) - 1;
+ while ((end > type) &&
+ (isspace(*end) || iscntrl(*end))) {
+ *end = 0;
+ end--;
+ }
+ continue;
+ } else if (!strncmp(buf_p, SETLOCALDEFS,
+ sizeof(SETLOCALDEFS) - 1)) {
+ value = buf_p + sizeof(SETLOCALDEFS) - 1;
+ intptr = &load_setlocaldefs;
+ } else if (!strncmp(buf_p, REQUIRESEUSERS,
+ sizeof(REQUIRESEUSERS) - 1)) {
+ value = buf_p + sizeof(REQUIRESEUSERS) - 1;
+ intptr = &require_seusers;
+ } else {
+ continue;
+ }
+
+ if (isdigit(*value))
+ *intptr = atoi(value);
+ else if (strncasecmp(value, "true", sizeof("true") - 1))
+ *intptr = 1;
+ else if (strncasecmp
+ (value, "false", sizeof("false") - 1))
+ *intptr = 0;
+ }
+ free(line_buf);
+ fclose(fp);
+ }
+
+ if (!type) {
+ selinux_policytype = type = strdup(SELINUXDEFAULT);
+ if (!type)
+ return;
+ }
+
+ if (asprintf(&selinux_policyroot, "%s%s", SELINUXDIR, type) == -1)
+ return;
+
+ for (i = 0; i < NEL; i++)
+ if (asprintf(&file_paths[i], "%s%s",
+ selinux_policyroot,
+ file_path_suffixes_data.str +
+ file_path_suffixes_idx[i])
+ == -1)
+ return;
+}
+
+static void fini_selinux_policyroot(void) __attribute__ ((destructor));
+
+static void fini_selinux_policyroot(void)
+{
+ int i;
+ free(selinux_policyroot);
+ selinux_policyroot = NULL;
+ for (i = 0; i < NEL; i++) {
+ free(file_paths[i]);
+ file_paths[i] = NULL;
+ }
+ free(selinux_policytype);
+ selinux_policytype = NULL;
+}
+
+void reset_selinux_config(void)
+{
+ fini_selinux_policyroot();
+ init_selinux_config();
+}
+
+static const char *get_path(int idx)
+{
+ return file_paths[idx];
+}
+
+const char *selinux_default_type_path()
+{
+ return get_path(DEFAULT_TYPE);
+}
+
+hidden_def(selinux_default_type_path)
+
+const char *selinux_policy_root()
+{
+ return selinux_policyroot;
+}
+
+const char *selinux_path()
+{
+ return selinux_rootpath;
+}
+
+hidden_def(selinux_path)
+
+const char *selinux_default_context_path()
+{
+ return get_path(DEFAULT_CONTEXTS);
+}
+
+hidden_def(selinux_default_context_path)
+
+const char *selinux_securetty_types_path()
+{
+ return get_path(SECURETTY_TYPES);
+}
+
+hidden_def(selinux_securetty_types_path)
+
+const char *selinux_failsafe_context_path()
+{
+ return get_path(FAILSAFE_CONTEXT);
+}
+
+hidden_def(selinux_failsafe_context_path)
+
+const char *selinux_removable_context_path()
+{
+ return get_path(REMOVABLE_CONTEXT);
+}
+
+hidden_def(selinux_removable_context_path)
+
+const char *selinux_binary_policy_path()
+{
+ return get_path(BINPOLICY);
+}
+
+hidden_def(selinux_binary_policy_path)
+
+const char *selinux_file_context_path()
+{
+ return get_path(FILE_CONTEXTS);
+}
+
+hidden_def(selinux_file_context_path)
+
+const char *selinux_homedir_context_path()
+{
+ return get_path(HOMEDIR_CONTEXTS);
+}
+
+hidden_def(selinux_homedir_context_path)
+
+const char *selinux_media_context_path()
+{
+ return get_path(MEDIA_CONTEXTS);
+}
+
+hidden_def(selinux_media_context_path)
+
+const char *selinux_customizable_types_path()
+{
+ return get_path(CUSTOMIZABLE_TYPES);
+}
+
+hidden_def(selinux_customizable_types_path)
+
+const char *selinux_contexts_path()
+{
+ return get_path(CONTEXTS_DIR);
+}
+
+const char *selinux_user_contexts_path()
+{
+ return get_path(USER_CONTEXTS);
+}
+
+hidden_def(selinux_user_contexts_path)
+
+const char *selinux_booleans_path()
+{
+ return get_path(BOOLEANS);
+}
+
+hidden_def(selinux_booleans_path)
+
+const char *selinux_users_path()
+{
+ return get_path(USERS_DIR);
+}
+
+hidden_def(selinux_users_path)
+
+const char *selinux_usersconf_path()
+{
+ return get_path(SEUSERS);
+}
+
+hidden_def(selinux_usersconf_path)
+
+const char *selinux_translations_path()
+{
+ return get_path(TRANSLATIONS);
+}
+
+hidden_def(selinux_translations_path)
+
+const char *selinux_netfilter_context_path()
+{
+ return get_path(NETFILTER_CONTEXTS);
+}
+
+hidden_def(selinux_netfilter_context_path)
+
+const char *selinux_file_context_homedir_path()
+{
+ return get_path(FILE_CONTEXTS_HOMEDIR);
+}
+
+hidden_def(selinux_file_context_homedir_path)
+
+const char *selinux_file_context_local_path()
+{
+ return get_path(FILE_CONTEXTS_LOCAL);
+}
+
+hidden_def(selinux_file_context_local_path)
+
+const char *selinux_x_context_path()
+{
+ return get_path(X_CONTEXTS);
+}
+
+hidden_def(selinux_x_context_path)
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
new file mode 100644
index 0000000..eaf1767
--- /dev/null
+++ b/libselinux/src/selinux_internal.h
@@ -0,0 +1,86 @@
+#include <selinux/selinux.h>
+#include "dso.h"
+
+hidden_proto(selinux_mkload_policy)
+ hidden_proto(set_selinuxmnt)
+ hidden_proto(security_disable)
+ hidden_proto(security_policyvers)
+ hidden_proto(security_load_policy)
+ hidden_proto(security_get_boolean_active)
+ hidden_proto(security_get_boolean_names)
+ hidden_proto(security_set_boolean)
+ hidden_proto(security_commit_booleans)
+ hidden_proto(security_check_context)
+ hidden_proto(security_check_context_raw)
+ hidden_proto(security_canonicalize_context)
+ hidden_proto(security_canonicalize_context_raw)
+ hidden_proto(security_compute_av)
+ hidden_proto(security_compute_av_raw)
+ hidden_proto(security_compute_user)
+ hidden_proto(security_compute_user_raw)
+ hidden_proto(security_compute_create)
+ hidden_proto(security_compute_create_raw)
+ hidden_proto(security_compute_member_raw)
+ hidden_proto(security_compute_relabel_raw)
+ hidden_proto(is_selinux_enabled)
+ hidden_proto(is_selinux_mls_enabled)
+ hidden_proto(freecon)
+ hidden_proto(freeconary)
+ hidden_proto(getprevcon)
+ hidden_proto(getprevcon_raw)
+ hidden_proto(getcon)
+ hidden_proto(getcon_raw)
+ hidden_proto(setcon_raw)
+ hidden_proto(getpeercon_raw)
+ hidden_proto(getpidcon_raw)
+ hidden_proto(getexeccon_raw)
+ hidden_proto(getfilecon)
+ hidden_proto(getfilecon_raw)
+ hidden_proto(lgetfilecon_raw)
+ hidden_proto(fgetfilecon_raw)
+ hidden_proto(setfilecon_raw)
+ hidden_proto(lsetfilecon_raw)
+ hidden_proto(fsetfilecon_raw)
+ hidden_proto(setexeccon)
+ hidden_proto(setexeccon_raw)
+ hidden_proto(getfscreatecon_raw)
+ hidden_proto(getkeycreatecon_raw)
+ hidden_proto(getsockcreatecon_raw)
+ hidden_proto(setfscreatecon_raw)
+ hidden_proto(setkeycreatecon_raw)
+ hidden_proto(setsockcreatecon_raw)
+ hidden_proto(security_getenforce)
+ hidden_proto(security_setenforce)
+ hidden_proto(selinux_binary_policy_path)
+ hidden_proto(selinux_default_context_path)
+ hidden_proto(selinux_securetty_types_path)
+ hidden_proto(selinux_failsafe_context_path)
+ hidden_proto(selinux_removable_context_path)
+ hidden_proto(selinux_file_context_path)
+ hidden_proto(selinux_file_context_homedir_path)
+ hidden_proto(selinux_file_context_local_path)
+ hidden_proto(selinux_netfilter_context_path)
+ hidden_proto(selinux_homedir_context_path)
+ hidden_proto(selinux_user_contexts_path)
+ hidden_proto(selinux_booleans_path)
+ hidden_proto(selinux_customizable_types_path)
+ hidden_proto(selinux_media_context_path)
+ hidden_proto(selinux_x_context_path)
+ hidden_proto(selinux_path)
+ hidden_proto(selinux_check_passwd_access)
+ hidden_proto(selinux_check_securetty_context)
+ hidden_proto(matchpathcon_init_prefix)
+ hidden_proto(selinux_users_path)
+ hidden_proto(selinux_usersconf_path);
+hidden_proto(selinux_translations_path);
+hidden_proto(selinux_getenforcemode);
+hidden_proto(selinux_getpolicytype);
+hidden_proto(selinux_raw_to_trans_context);
+hidden_proto(selinux_trans_to_raw_context);
+hidden_proto(security_get_initial_context);
+hidden_proto(security_get_initial_context_raw);
+
+extern void reset_selinux_config(void) hidden;
+extern int load_setlocaldefs hidden;
+extern int require_seusers hidden;
+extern int selinux_page_size hidden;
diff --git a/libselinux/src/selinux_netlink.h b/libselinux/src/selinux_netlink.h
new file mode 100644
index 0000000..88ef551
--- /dev/null
+++ b/libselinux/src/selinux_netlink.h
@@ -0,0 +1,31 @@
+/*
+ * Netlink event notifications for SELinux.
+ *
+ * Author: James Morris <jmorris@redhat.com>
+ */
+#ifndef _LINUX_SELINUX_NETLINK_H
+#define _LINUX_SELINUX_NETLINK_H
+
+/* Message types. */
+#define SELNL_MSG_BASE 0x10
+enum {
+ SELNL_MSG_SETENFORCE = SELNL_MSG_BASE,
+ SELNL_MSG_POLICYLOAD,
+ SELNL_MSG_MAX
+};
+
+/* Multicast groups */
+#define SELNL_GRP_NONE 0x00000000
+#define SELNL_GRP_AVC 0x00000001 /* AVC notifications */
+#define SELNL_GRP_ALL 0xffffffff
+
+/* Message structures */
+struct selnl_msg_setenforce {
+ int32_t val;
+};
+
+struct selnl_msg_policyload {
+ uint32_t seqno;
+};
+
+#endif /* _LINUX_SELINUX_NETLINK_H */
diff --git a/libselinux/src/selinuxswig.i b/libselinux/src/selinuxswig.i
new file mode 100644
index 0000000..a74bf04
--- /dev/null
+++ b/libselinux/src/selinuxswig.i
@@ -0,0 +1,57 @@
+/* Authors: Dan Walsh
+ * James Athey
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+ #include "../include/selinux/avc.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
+%}
+%apply int *OUTPUT { int *enforce };
+%apply int *OUTPUT { size_t * };
+
+%typedef unsigned mode_t;
+%typedef unsigned pid_t;
+
+%typemap(in, numinputs=0) (char ***names, int *len) (char **temp1, int temp2) {
+ $1 = &temp1;
+ $2 = &temp2;
+}
+
+%typemap(freearg) (char ***names, int *len) {
+ int i;
+ if (*$1) {
+ for (i = 0; i < *$2; i++) {
+ free((*$1)[i]);
+ }
+ free(*$1);
+ }
+}
+
+%typemap(in, numinputs=0) (security_context_t **) (security_context_t *temp) {
+ $1 = &temp;
+}
+
+%typemap(freearg) (security_context_t **) {
+ if (*$1) freeconary(*$1);
+}
+
+/* Ignore functions that don't make sense when wrapped */
+%ignore freecon;
+%ignore freeconary;
+
+/* Ignore functions that take a function pointer as an argument */
+%ignore set_matchpathcon_printf;
+%ignore set_matchpathcon_invalidcon;
+%ignore set_matchpathcon_canoncon;
+
+%ignore avc_add_callback;
+
+%include "../include/selinux/selinux.h"
+%include "../include/selinux/avc.h"
+%include "../include/selinux/get_default_type.h"
+%include "../include/selinux/get_context_list.h"
+
diff --git a/libselinux/src/selinuxswig_python.i b/libselinux/src/selinuxswig_python.i
new file mode 100644
index 0000000..3f43abf
--- /dev/null
+++ b/libselinux/src/selinuxswig_python.i
@@ -0,0 +1,136 @@
+/* Author: James Athey
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+%}
+
+/* security_get_boolean_names() typemap */
+%typemap(argout) (char ***names, int *len) {
+ PyObject* list = PyList_New(*$2);
+ int i;
+ for (i = 0; i < *$2; i++) {
+ PyList_SetItem(list, i, PyString_FromString((*$1)[i]));
+ }
+ $result = SWIG_Python_AppendOutput($result, list);
+}
+
+/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) {
+ if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ } else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp;
+}
+
+/* Makes security_compute_user() return a Python list of contexts */
+%typemap(argout) (security_context_t **con) {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*$1) {
+ while((*$1)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ $result = SWIG_Python_AppendOutput($result, plist);
+}
+
+/* Makes functions in get_context_list.h return a Python list of contexts */
+%typemap(argout) (security_context_t **list) {
+ PyObject* plist;
+ int i;
+
+ if (*$1) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*$1)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ $result = plist;
+}
+
+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") security_context_t * "";
+%typemap(argout,noblock=1) security_context_t * {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") char ** "";
+%typemap(argout,noblock=1) char ** {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ free(*$1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ %append_output(Py_None);
+ }
+}
+
+%typemap(in) char * const [] {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check($input)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size($input);
+
+ $1 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem($input, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem($input, i);
+ $1[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy($1[i], PyString_AsString(s));
+ }
+ $1[size] = NULL;
+}
+
+%typemap(freearg,match="in") char * const [] {
+ int i = 0;
+ while($1[i]) {
+ free($1[i]);
+ i++;
+ }
+ free($1);
+}
+
+%include "selinuxswig.i"
diff --git a/libselinux/src/selinuxswig_ruby.i b/libselinux/src/selinuxswig_ruby.i
new file mode 100644
index 0000000..e46826b
--- /dev/null
+++ b/libselinux/src/selinuxswig_ruby.i
@@ -0,0 +1,52 @@
+/* Author: Dan Walsh
+ Based on selinuxswig_python.i by James Athey
+ */
+
+%module selinux
+%{
+ #include "selinux/selinux.h"
+%}
+
+/* return a sid along with the result */
+%typemap(argout) (security_id_t * sid) {
+ if (*$1) {
+ %append_output(SWIG_NewPointerObj(*$1, $descriptor(security_id_t), 0));
+ }
+}
+
+%typemap(in,numinputs=0) security_id_t *(security_id_t temp) {
+ $1 = &temp;
+}
+
+%typemap(in,noblock=1,numinputs=0) security_context_t * (security_context_t temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") security_context_t * "";
+%typemap(argout,noblock=1) security_context_t * {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ freecon(*$1);
+ }
+}
+
+%typemap(in,noblock=1,numinputs=0) char ** (char * temp = 0) {
+ $1 = &temp;
+}
+%typemap(freearg,match="in") char ** "";
+%typemap(argout,noblock=1) char ** {
+ if (*$1) {
+ %append_output(SWIG_FromCharPtr(*$1));
+ free(*$1);
+ }
+}
+
+%typemap(freearg,match="in") char * const [] {
+ int i = 0;
+ while($1[i]) {
+ free($1[i]);
+ i++;
+ }
+ free($1);
+}
+
+%include "selinuxswig.i"
diff --git a/libselinux/src/selinuxswig_wrap.c b/libselinux/src/selinuxswig_wrap.c
new file mode 100644
index 0000000..b4cd028
--- /dev/null
+++ b/libselinux/src/selinuxswig_wrap.c
@@ -0,0 +1,10991 @@
+/* ----------------------------------------------------------------------------
+ * This file was automatically generated by SWIG (http://www.swig.org).
+ * Version 1.3.33
+ *
+ * This file is not intended to be easily readable and contains a number of
+ * coding conventions designed to improve portability and efficiency. Do not make
+ * changes to this file unless you know what you are doing--modify the SWIG
+ * interface file instead.
+ * ----------------------------------------------------------------------------- */
+
+#define SWIGPYTHON
+#define SWIG_PYTHON_DIRECTOR_NO_VTABLE
+/* -----------------------------------------------------------------------------
+ * This section contains generic SWIG labels for method/variable
+ * declarations/attributes, and other compiler dependent labels.
+ * ----------------------------------------------------------------------------- */
+
+/* template workaround for compilers that cannot correctly implement the C++ standard */
+#ifndef SWIGTEMPLATEDISAMBIGUATOR
+# if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x560)
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# elif defined(__HP_aCC)
+/* Needed even with `aCC -AA' when `aCC -V' reports HP ANSI C++ B3910B A.03.55 */
+/* If we find a maximum version that requires this, the test would be __HP_aCC <= 35500 for A.03.55 */
+# define SWIGTEMPLATEDISAMBIGUATOR template
+# else
+# define SWIGTEMPLATEDISAMBIGUATOR
+# endif
+#endif
+
+/* inline attribute */
+#ifndef SWIGINLINE
+# if defined(__cplusplus) || (defined(__GNUC__) && !defined(__STRICT_ANSI__))
+# define SWIGINLINE inline
+# else
+# define SWIGINLINE
+# endif
+#endif
+
+/* attribute recognised by some compilers to avoid 'unused' warnings */
+#ifndef SWIGUNUSED
+# if defined(__GNUC__)
+# if !(defined(__cplusplus)) || (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4))
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+# elif defined(__ICC)
+# define SWIGUNUSED __attribute__ ((__unused__))
+# else
+# define SWIGUNUSED
+# endif
+#endif
+
+#ifndef SWIGUNUSEDPARM
+# ifdef __cplusplus
+# define SWIGUNUSEDPARM(p)
+# else
+# define SWIGUNUSEDPARM(p) p SWIGUNUSED
+# endif
+#endif
+
+/* internal SWIG method */
+#ifndef SWIGINTERN
+# define SWIGINTERN static SWIGUNUSED
+#endif
+
+/* internal inline SWIG method */
+#ifndef SWIGINTERNINLINE
+# define SWIGINTERNINLINE SWIGINTERN SWIGINLINE
+#endif
+
+/* exporting methods */
+#if (__GNUC__ >= 4) || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)
+# ifndef GCC_HASCLASSVISIBILITY
+# define GCC_HASCLASSVISIBILITY
+# endif
+#endif
+
+#ifndef SWIGEXPORT
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# if defined(STATIC_LINKED)
+# define SWIGEXPORT
+# else
+# define SWIGEXPORT __declspec(dllexport)
+# endif
+# else
+# if defined(__GNUC__) && defined(GCC_HASCLASSVISIBILITY)
+# define SWIGEXPORT __attribute__ ((visibility("default")))
+# else
+# define SWIGEXPORT
+# endif
+# endif
+#endif
+
+/* calling conventions for Windows */
+#ifndef SWIGSTDCALL
+# if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# define SWIGSTDCALL __stdcall
+# else
+# define SWIGSTDCALL
+# endif
+#endif
+
+/* Deal with Microsoft's attempt at deprecating C standard runtime functions */
+#if !defined(SWIG_NO_CRT_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
+# define _CRT_SECURE_NO_DEPRECATE
+#endif
+
+/* Deal with Microsoft's attempt at deprecating methods in the standard C++ library */
+#if !defined(SWIG_NO_SCL_SECURE_NO_DEPRECATE) && defined(_MSC_VER) && !defined(_SCL_SECURE_NO_DEPRECATE)
+# define _SCL_SECURE_NO_DEPRECATE
+#endif
+
+
+
+/* Python.h has to appear first */
+#include <Python.h>
+
+/* -----------------------------------------------------------------------------
+ * swigrun.swg
+ *
+ * This file contains generic CAPI SWIG runtime support for pointer
+ * type checking.
+ * ----------------------------------------------------------------------------- */
+
+/* This should only be incremented when either the layout of swig_type_info changes,
+ or for whatever reason, the runtime changes incompatibly */
+#define SWIG_RUNTIME_VERSION "3"
+
+/* define SWIG_TYPE_TABLE_NAME as "SWIG_TYPE_TABLE" */
+#ifdef SWIG_TYPE_TABLE
+# define SWIG_QUOTE_STRING(x) #x
+# define SWIG_EXPAND_AND_QUOTE_STRING(x) SWIG_QUOTE_STRING(x)
+# define SWIG_TYPE_TABLE_NAME SWIG_EXPAND_AND_QUOTE_STRING(SWIG_TYPE_TABLE)
+#else
+# define SWIG_TYPE_TABLE_NAME
+#endif
+
+/*
+ You can use the SWIGRUNTIME and SWIGRUNTIMEINLINE macros for
+ creating a static or dynamic library from the swig runtime code.
+ In 99.9% of the cases, swig just needs to declare them as 'static'.
+
+ But only do this if is strictly necessary, ie, if you have problems
+ with your compiler or so.
+*/
+
+#ifndef SWIGRUNTIME
+# define SWIGRUNTIME SWIGINTERN
+#endif
+
+#ifndef SWIGRUNTIMEINLINE
+# define SWIGRUNTIMEINLINE SWIGRUNTIME SWIGINLINE
+#endif
+
+/* Generic buffer size */
+#ifndef SWIG_BUFFER_SIZE
+# define SWIG_BUFFER_SIZE 1024
+#endif
+
+/* Flags for pointer conversions */
+#define SWIG_POINTER_DISOWN 0x1
+
+/* Flags for new pointer objects */
+#define SWIG_POINTER_OWN 0x1
+
+
+/*
+ Flags/methods for returning states.
+
+ The swig conversion methods, as ConvertPtr, return and integer
+ that tells if the conversion was successful or not. And if not,
+ an error code can be returned (see swigerrors.swg for the codes).
+
+ Use the following macros/flags to set or process the returning
+ states.
+
+ In old swig versions, you usually write code as:
+
+ if (SWIG_ConvertPtr(obj,vptr,ty.flags) != -1) {
+ // success code
+ } else {
+ //fail code
+ }
+
+ Now you can be more explicit as:
+
+ int res = SWIG_ConvertPtr(obj,vptr,ty.flags);
+ if (SWIG_IsOK(res)) {
+ // success code
+ } else {
+ // fail code
+ }
+
+ that seems to be the same, but now you can also do
+
+ Type *ptr;
+ int res = SWIG_ConvertPtr(obj,(void **)(&ptr),ty.flags);
+ if (SWIG_IsOK(res)) {
+ // success code
+ if (SWIG_IsNewObj(res) {
+ ...
+ delete *ptr;
+ } else {
+ ...
+ }
+ } else {
+ // fail code
+ }
+
+ I.e., now SWIG_ConvertPtr can return new objects and you can
+ identify the case and take care of the deallocation. Of course that
+ requires also to SWIG_ConvertPtr to return new result values, as
+
+ int SWIG_ConvertPtr(obj, ptr,...) {
+ if (<obj is ok>) {
+ if (<need new object>) {
+ *ptr = <ptr to new allocated object>;
+ return SWIG_NEWOBJ;
+ } else {
+ *ptr = <ptr to old object>;
+ return SWIG_OLDOBJ;
+ }
+ } else {
+ return SWIG_BADOBJ;
+ }
+ }
+
+ Of course, returning the plain '0(success)/-1(fail)' still works, but you can be
+ more explicit by returning SWIG_BADOBJ, SWIG_ERROR or any of the
+ swig errors code.
+
+ Finally, if the SWIG_CASTRANK_MODE is enabled, the result code
+ allows to return the 'cast rank', for example, if you have this
+
+ int food(double)
+ int fooi(int);
+
+ and you call
+
+ food(1) // cast rank '1' (1 -> 1.0)
+ fooi(1) // cast rank '0'
+
+ just use the SWIG_AddCast()/SWIG_CheckState()
+
+
+ */
+#define SWIG_OK (0)
+#define SWIG_ERROR (-1)
+#define SWIG_IsOK(r) (r >= 0)
+#define SWIG_ArgError(r) ((r != SWIG_ERROR) ? r : SWIG_TypeError)
+
+/* The CastRankLimit says how many bits are used for the cast rank */
+#define SWIG_CASTRANKLIMIT (1 << 8)
+/* The NewMask denotes the object was created (using new/malloc) */
+#define SWIG_NEWOBJMASK (SWIG_CASTRANKLIMIT << 1)
+/* The TmpMask is for in/out typemaps that use temporal objects */
+#define SWIG_TMPOBJMASK (SWIG_NEWOBJMASK << 1)
+/* Simple returning values */
+#define SWIG_BADOBJ (SWIG_ERROR)
+#define SWIG_OLDOBJ (SWIG_OK)
+#define SWIG_NEWOBJ (SWIG_OK | SWIG_NEWOBJMASK)
+#define SWIG_TMPOBJ (SWIG_OK | SWIG_TMPOBJMASK)
+/* Check, add and del mask methods */
+#define SWIG_AddNewMask(r) (SWIG_IsOK(r) ? (r | SWIG_NEWOBJMASK) : r)
+#define SWIG_DelNewMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_NEWOBJMASK) : r)
+#define SWIG_IsNewObj(r) (SWIG_IsOK(r) && (r & SWIG_NEWOBJMASK))
+#define SWIG_AddTmpMask(r) (SWIG_IsOK(r) ? (r | SWIG_TMPOBJMASK) : r)
+#define SWIG_DelTmpMask(r) (SWIG_IsOK(r) ? (r & ~SWIG_TMPOBJMASK) : r)
+#define SWIG_IsTmpObj(r) (SWIG_IsOK(r) && (r & SWIG_TMPOBJMASK))
+
+
+/* Cast-Rank Mode */
+#if defined(SWIG_CASTRANK_MODE)
+# ifndef SWIG_TypeRank
+# define SWIG_TypeRank unsigned long
+# endif
+# ifndef SWIG_MAXCASTRANK /* Default cast allowed */
+# define SWIG_MAXCASTRANK (2)
+# endif
+# define SWIG_CASTRANKMASK ((SWIG_CASTRANKLIMIT) -1)
+# define SWIG_CastRank(r) (r & SWIG_CASTRANKMASK)
+SWIGINTERNINLINE int SWIG_AddCast(int r) {
+ return SWIG_IsOK(r) ? ((SWIG_CastRank(r) < SWIG_MAXCASTRANK) ? (r + 1) : SWIG_ERROR) : r;
+}
+SWIGINTERNINLINE int SWIG_CheckState(int r) {
+ return SWIG_IsOK(r) ? SWIG_CastRank(r) + 1 : 0;
+}
+#else /* no cast-rank mode */
+# define SWIG_AddCast
+# define SWIG_CheckState(r) (SWIG_IsOK(r) ? 1 : 0)
+#endif
+
+
+
+
+#include <string.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef void *(*swig_converter_func)(void *);
+typedef struct swig_type_info *(*swig_dycast_func)(void **);
+
+/* Structure to store inforomation on one type */
+typedef struct swig_type_info {
+ const char *name; /* mangled name of this type */
+ const char *str; /* human readable name of this type */
+ swig_dycast_func dcast; /* dynamic cast function down a hierarchy */
+ struct swig_cast_info *cast; /* linked list of types that can cast into this type */
+ void *clientdata; /* language specific type data */
+ int owndata; /* flag if the structure owns the clientdata */
+} swig_type_info;
+
+/* Structure to store a type and conversion function used for casting */
+typedef struct swig_cast_info {
+ swig_type_info *type; /* pointer to type that is equivalent to this type */
+ swig_converter_func converter; /* function to cast the void pointers */
+ struct swig_cast_info *next; /* pointer to next cast in linked list */
+ struct swig_cast_info *prev; /* pointer to the previous cast */
+} swig_cast_info;
+
+/* Structure used to store module information
+ * Each module generates one structure like this, and the runtime collects
+ * all of these structures and stores them in a circularly linked list.*/
+typedef struct swig_module_info {
+ swig_type_info **types; /* Array of pointers to swig_type_info structures that are in this module */
+ size_t size; /* Number of types in this module */
+ struct swig_module_info *next; /* Pointer to next element in circularly linked list */
+ swig_type_info **type_initial; /* Array of initially generated type structures */
+ swig_cast_info **cast_initial; /* Array of initially generated casting structures */
+ void *clientdata; /* Language specific module data */
+} swig_module_info;
+
+/*
+ Compare two type names skipping the space characters, therefore
+ "char*" == "char *" and "Class<int>" == "Class<int >", etc.
+
+ Return 0 when the two name types are equivalent, as in
+ strncmp, but skipping ' '.
+*/
+SWIGRUNTIME int
+SWIG_TypeNameComp(const char *f1, const char *l1,
+ const char *f2, const char *l2) {
+ for (;(f1 != l1) && (f2 != l2); ++f1, ++f2) {
+ while ((*f1 == ' ') && (f1 != l1)) ++f1;
+ while ((*f2 == ' ') && (f2 != l2)) ++f2;
+ if (*f1 != *f2) return (*f1 > *f2) ? 1 : -1;
+ }
+ return (int)((l1 - f1) - (l2 - f2));
+}
+
+/*
+ Check type equivalence in a name list like <name1>|<name2>|...
+ Return 0 if not equal, 1 if equal
+*/
+SWIGRUNTIME int
+SWIG_TypeEquiv(const char *nb, const char *tb) {
+ int equiv = 0;
+ const char* te = tb + strlen(tb);
+ const char* ne = nb;
+ while (!equiv && *ne) {
+ for (nb = ne; *ne; ++ne) {
+ if (*ne == '|') break;
+ }
+ equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0;
+ if (*ne) ++ne;
+ }
+ return equiv;
+}
+
+/*
+ Check type equivalence in a name list like <name1>|<name2>|...
+ Return 0 if equal, -1 if nb < tb, 1 if nb > tb
+*/
+SWIGRUNTIME int
+SWIG_TypeCompare(const char *nb, const char *tb) {
+ int equiv = 0;
+ const char* te = tb + strlen(tb);
+ const char* ne = nb;
+ while (!equiv && *ne) {
+ for (nb = ne; *ne; ++ne) {
+ if (*ne == '|') break;
+ }
+ equiv = (SWIG_TypeNameComp(nb, ne, tb, te) == 0) ? 1 : 0;
+ if (*ne) ++ne;
+ }
+ return equiv;
+}
+
+
+/* think of this as a c++ template<> or a scheme macro */
+#define SWIG_TypeCheck_Template(comparison, ty) \
+ if (ty) { \
+ swig_cast_info *iter = ty->cast; \
+ while (iter) { \
+ if (comparison) { \
+ if (iter == ty->cast) return iter; \
+ /* Move iter to the top of the linked list */ \
+ iter->prev->next = iter->next; \
+ if (iter->next) \
+ iter->next->prev = iter->prev; \
+ iter->next = ty->cast; \
+ iter->prev = 0; \
+ if (ty->cast) ty->cast->prev = iter; \
+ ty->cast = iter; \
+ return iter; \
+ } \
+ iter = iter->next; \
+ } \
+ } \
+ return 0
+
+/*
+ Check the typename
+*/
+SWIGRUNTIME swig_cast_info *
+SWIG_TypeCheck(const char *c, swig_type_info *ty) {
+ SWIG_TypeCheck_Template(strcmp(iter->type->name, c) == 0, ty);
+}
+
+/* Same as previous function, except strcmp is replaced with a pointer comparison */
+SWIGRUNTIME swig_cast_info *
+SWIG_TypeCheckStruct(swig_type_info *from, swig_type_info *into) {
+ SWIG_TypeCheck_Template(iter->type == from, into);
+}
+
+/*
+ Cast a pointer up an inheritance hierarchy
+*/
+SWIGRUNTIMEINLINE void *
+SWIG_TypeCast(swig_cast_info *ty, void *ptr) {
+ return ((!ty) || (!ty->converter)) ? ptr : (*ty->converter)(ptr);
+}
+
+/*
+ Dynamic pointer casting. Down an inheritance hierarchy
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_TypeDynamicCast(swig_type_info *ty, void **ptr) {
+ swig_type_info *lastty = ty;
+ if (!ty || !ty->dcast) return ty;
+ while (ty && (ty->dcast)) {
+ ty = (*ty->dcast)(ptr);
+ if (ty) lastty = ty;
+ }
+ return lastty;
+}
+
+/*
+ Return the name associated with this type
+*/
+SWIGRUNTIMEINLINE const char *
+SWIG_TypeName(const swig_type_info *ty) {
+ return ty->name;
+}
+
+/*
+ Return the pretty name associated with this type,
+ that is an unmangled type name in a form presentable to the user.
+*/
+SWIGRUNTIME const char *
+SWIG_TypePrettyName(const swig_type_info *type) {
+ /* The "str" field contains the equivalent pretty names of the
+ type, separated by vertical-bar characters. We choose
+ to print the last name, as it is often (?) the most
+ specific. */
+ if (!type) return NULL;
+ if (type->str != NULL) {
+ const char *last_name = type->str;
+ const char *s;
+ for (s = type->str; *s; s++)
+ if (*s == '|') last_name = s+1;
+ return last_name;
+ }
+ else
+ return type->name;
+}
+
+/*
+ Set the clientdata field for a type
+*/
+SWIGRUNTIME void
+SWIG_TypeClientData(swig_type_info *ti, void *clientdata) {
+ swig_cast_info *cast = ti->cast;
+ /* if (ti->clientdata == clientdata) return; */
+ ti->clientdata = clientdata;
+
+ while (cast) {
+ if (!cast->converter) {
+ swig_type_info *tc = cast->type;
+ if (!tc->clientdata) {
+ SWIG_TypeClientData(tc, clientdata);
+ }
+ }
+ cast = cast->next;
+ }
+}
+SWIGRUNTIME void
+SWIG_TypeNewClientData(swig_type_info *ti, void *clientdata) {
+ SWIG_TypeClientData(ti, clientdata);
+ ti->owndata = 1;
+}
+
+/*
+ Search for a swig_type_info structure only by mangled name
+ Search is a O(log #types)
+
+ We start searching at module start, and finish searching when start == end.
+ Note: if start == end at the beginning of the function, we go all the way around
+ the circular list.
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_MangledTypeQueryModule(swig_module_info *start,
+ swig_module_info *end,
+ const char *name) {
+ swig_module_info *iter = start;
+ do {
+ if (iter->size) {
+ register size_t l = 0;
+ register size_t r = iter->size - 1;
+ do {
+ /* since l+r >= 0, we can (>> 1) instead (/ 2) */
+ register size_t i = (l + r) >> 1;
+ const char *iname = iter->types[i]->name;
+ if (iname) {
+ register int compare = strcmp(name, iname);
+ if (compare == 0) {
+ return iter->types[i];
+ } else if (compare < 0) {
+ if (i) {
+ r = i - 1;
+ } else {
+ break;
+ }
+ } else if (compare > 0) {
+ l = i + 1;
+ }
+ } else {
+ break; /* should never happen */
+ }
+ } while (l <= r);
+ }
+ iter = iter->next;
+ } while (iter != end);
+ return 0;
+}
+
+/*
+ Search for a swig_type_info structure for either a mangled name or a human readable name.
+ It first searches the mangled names of the types, which is a O(log #types)
+ If a type is not found it then searches the human readable names, which is O(#types).
+
+ We start searching at module start, and finish searching when start == end.
+ Note: if start == end at the beginning of the function, we go all the way around
+ the circular list.
+*/
+SWIGRUNTIME swig_type_info *
+SWIG_TypeQueryModule(swig_module_info *start,
+ swig_module_info *end,
+ const char *name) {
+ /* STEP 1: Search the name field using binary search */
+ swig_type_info *ret = SWIG_MangledTypeQueryModule(start, end, name);
+ if (ret) {
+ return ret;
+ } else {
+ /* STEP 2: If the type hasn't been found, do a complete search
+ of the str field (the human readable name) */
+ swig_module_info *iter = start;
+ do {
+ register size_t i = 0;
+ for (; i < iter->size; ++i) {
+ if (iter->types[i]->str && (SWIG_TypeEquiv(iter->types[i]->str, name)))
+ return iter->types[i];
+ }
+ iter = iter->next;
+ } while (iter != end);
+ }
+
+ /* neither found a match */
+ return 0;
+}
+
+/*
+ Pack binary data into a string
+*/
+SWIGRUNTIME char *
+SWIG_PackData(char *c, void *ptr, size_t sz) {
+ static const char hex[17] = "0123456789abcdef";
+ register const unsigned char *u = (unsigned char *) ptr;
+ register const unsigned char *eu = u + sz;
+ for (; u != eu; ++u) {
+ register unsigned char uu = *u;
+ *(c++) = hex[(uu & 0xf0) >> 4];
+ *(c++) = hex[uu & 0xf];
+ }
+ return c;
+}
+
+/*
+ Unpack binary data from a string
+*/
+SWIGRUNTIME const char *
+SWIG_UnpackData(const char *c, void *ptr, size_t sz) {
+ register unsigned char *u = (unsigned char *) ptr;
+ register const unsigned char *eu = u + sz;
+ for (; u != eu; ++u) {
+ register char d = *(c++);
+ register unsigned char uu;
+ if ((d >= '0') && (d <= '9'))
+ uu = ((d - '0') << 4);
+ else if ((d >= 'a') && (d <= 'f'))
+ uu = ((d - ('a'-10)) << 4);
+ else
+ return (char *) 0;
+ d = *(c++);
+ if ((d >= '0') && (d <= '9'))
+ uu |= (d - '0');
+ else if ((d >= 'a') && (d <= 'f'))
+ uu |= (d - ('a'-10));
+ else
+ return (char *) 0;
+ *u = uu;
+ }
+ return c;
+}
+
+/*
+ Pack 'void *' into a string buffer.
+*/
+SWIGRUNTIME char *
+SWIG_PackVoidPtr(char *buff, void *ptr, const char *name, size_t bsz) {
+ char *r = buff;
+ if ((2*sizeof(void *) + 2) > bsz) return 0;
+ *(r++) = '_';
+ r = SWIG_PackData(r,&ptr,sizeof(void *));
+ if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
+ strcpy(r,name);
+ return buff;
+}
+
+SWIGRUNTIME const char *
+SWIG_UnpackVoidPtr(const char *c, void **ptr, const char *name) {
+ if (*c != '_') {
+ if (strcmp(c,"NULL") == 0) {
+ *ptr = (void *) 0;
+ return name;
+ } else {
+ return 0;
+ }
+ }
+ return SWIG_UnpackData(++c,ptr,sizeof(void *));
+}
+
+SWIGRUNTIME char *
+SWIG_PackDataName(char *buff, void *ptr, size_t sz, const char *name, size_t bsz) {
+ char *r = buff;
+ size_t lname = (name ? strlen(name) : 0);
+ if ((2*sz + 2 + lname) > bsz) return 0;
+ *(r++) = '_';
+ r = SWIG_PackData(r,ptr,sz);
+ if (lname) {
+ strncpy(r,name,lname+1);
+ } else {
+ *r = 0;
+ }
+ return buff;
+}
+
+SWIGRUNTIME const char *
+SWIG_UnpackDataName(const char *c, void *ptr, size_t sz, const char *name) {
+ if (*c != '_') {
+ if (strcmp(c,"NULL") == 0) {
+ memset(ptr,0,sz);
+ return name;
+ } else {
+ return 0;
+ }
+ }
+ return SWIG_UnpackData(++c,ptr,sz);
+}
+
+#ifdef __cplusplus
+}
+#endif
+
+/* Errors in SWIG */
+#define SWIG_UnknownError -1
+#define SWIG_IOError -2
+#define SWIG_RuntimeError -3
+#define SWIG_IndexError -4
+#define SWIG_TypeError -5
+#define SWIG_DivisionByZero -6
+#define SWIG_OverflowError -7
+#define SWIG_SyntaxError -8
+#define SWIG_ValueError -9
+#define SWIG_SystemError -10
+#define SWIG_AttributeError -11
+#define SWIG_MemoryError -12
+#define SWIG_NullReferenceError -13
+
+
+
+
+/* Add PyOS_snprintf for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+# if defined(_MSC_VER) || defined(__BORLANDC__) || defined(_WATCOM)
+# define PyOS_snprintf _snprintf
+# else
+# define PyOS_snprintf snprintf
+# endif
+#endif
+
+/* A crude PyString_FromFormat implementation for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+
+#ifndef SWIG_PYBUFFER_SIZE
+# define SWIG_PYBUFFER_SIZE 1024
+#endif
+
+static PyObject *
+PyString_FromFormat(const char *fmt, ...) {
+ va_list ap;
+ char buf[SWIG_PYBUFFER_SIZE * 2];
+ int res;
+ va_start(ap, fmt);
+ res = vsnprintf(buf, sizeof(buf), fmt, ap);
+ va_end(ap);
+ return (res < 0 || res >= (int)sizeof(buf)) ? 0 : PyString_FromString(buf);
+}
+#endif
+
+/* Add PyObject_Del for old Pythons */
+#if PY_VERSION_HEX < 0x01060000
+# define PyObject_Del(op) PyMem_DEL((op))
+#endif
+#ifndef PyObject_DEL
+# define PyObject_DEL PyObject_Del
+#endif
+
+/* A crude PyExc_StopIteration exception for old Pythons */
+#if PY_VERSION_HEX < 0x02020000
+# ifndef PyExc_StopIteration
+# define PyExc_StopIteration PyExc_RuntimeError
+# endif
+# ifndef PyObject_GenericGetAttr
+# define PyObject_GenericGetAttr 0
+# endif
+#endif
+/* Py_NotImplemented is defined in 2.1 and up. */
+#if PY_VERSION_HEX < 0x02010000
+# ifndef Py_NotImplemented
+# define Py_NotImplemented PyExc_RuntimeError
+# endif
+#endif
+
+
+/* A crude PyString_AsStringAndSize implementation for old Pythons */
+#if PY_VERSION_HEX < 0x02010000
+# ifndef PyString_AsStringAndSize
+# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
+# endif
+#endif
+
+/* PySequence_Size for old Pythons */
+#if PY_VERSION_HEX < 0x02000000
+# ifndef PySequence_Size
+# define PySequence_Size PySequence_Length
+# endif
+#endif
+
+
+/* PyBool_FromLong for old Pythons */
+#if PY_VERSION_HEX < 0x02030000
+static
+PyObject *PyBool_FromLong(long ok)
+{
+ PyObject *result = ok ? Py_True : Py_False;
+ Py_INCREF(result);
+ return result;
+}
+#endif
+
+/* Py_ssize_t for old Pythons */
+/* This code is as recommended by: */
+/* http://www.python.org/dev/peps/pep-0353/#conversion-guidelines */
+#if PY_VERSION_HEX < 0x02050000 && !defined(PY_SSIZE_T_MIN)
+typedef int Py_ssize_t;
+# define PY_SSIZE_T_MAX INT_MAX
+# define PY_SSIZE_T_MIN INT_MIN
+#endif
+
+/* -----------------------------------------------------------------------------
+ * error manipulation
+ * ----------------------------------------------------------------------------- */
+
+SWIGRUNTIME PyObject*
+SWIG_Python_ErrorType(int code) {
+ PyObject* type = 0;
+ switch(code) {
+ case SWIG_MemoryError:
+ type = PyExc_MemoryError;
+ break;
+ case SWIG_IOError:
+ type = PyExc_IOError;
+ break;
+ case SWIG_RuntimeError:
+ type = PyExc_RuntimeError;
+ break;
+ case SWIG_IndexError:
+ type = PyExc_IndexError;
+ break;
+ case SWIG_TypeError:
+ type = PyExc_TypeError;
+ break;
+ case SWIG_DivisionByZero:
+ type = PyExc_ZeroDivisionError;
+ break;
+ case SWIG_OverflowError:
+ type = PyExc_OverflowError;
+ break;
+ case SWIG_SyntaxError:
+ type = PyExc_SyntaxError;
+ break;
+ case SWIG_ValueError:
+ type = PyExc_ValueError;
+ break;
+ case SWIG_SystemError:
+ type = PyExc_SystemError;
+ break;
+ case SWIG_AttributeError:
+ type = PyExc_AttributeError;
+ break;
+ default:
+ type = PyExc_RuntimeError;
+ }
+ return type;
+}
+
+
+SWIGRUNTIME void
+SWIG_Python_AddErrorMsg(const char* mesg)
+{
+ PyObject *type = 0;
+ PyObject *value = 0;
+ PyObject *traceback = 0;
+
+ if (PyErr_Occurred()) PyErr_Fetch(&type, &value, &traceback);
+ if (value) {
+ PyObject *old_str = PyObject_Str(value);
+ PyErr_Clear();
+ Py_XINCREF(type);
+ PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg);
+ Py_DECREF(old_str);
+ Py_DECREF(value);
+ } else {
+ PyErr_Format(PyExc_RuntimeError, mesg);
+ }
+}
+
+
+
+#if defined(SWIG_PYTHON_NO_THREADS)
+# if defined(SWIG_PYTHON_THREADS)
+# undef SWIG_PYTHON_THREADS
+# endif
+#endif
+#if defined(SWIG_PYTHON_THREADS) /* Threading support is enabled */
+# if !defined(SWIG_PYTHON_USE_GIL) && !defined(SWIG_PYTHON_NO_USE_GIL)
+# if (PY_VERSION_HEX >= 0x02030000) /* For 2.3 or later, use the PyGILState calls */
+# define SWIG_PYTHON_USE_GIL
+# endif
+# endif
+# if defined(SWIG_PYTHON_USE_GIL) /* Use PyGILState threads calls */
+# ifndef SWIG_PYTHON_INITIALIZE_THREADS
+# define SWIG_PYTHON_INITIALIZE_THREADS PyEval_InitThreads()
+# endif
+# ifdef __cplusplus /* C++ code */
+ class SWIG_Python_Thread_Block {
+ bool status;
+ PyGILState_STATE state;
+ public:
+ void end() { if (status) { PyGILState_Release(state); status = false;} }
+ SWIG_Python_Thread_Block() : status(true), state(PyGILState_Ensure()) {}
+ ~SWIG_Python_Thread_Block() { end(); }
+ };
+ class SWIG_Python_Thread_Allow {
+ bool status;
+ PyThreadState *save;
+ public:
+ void end() { if (status) { PyEval_RestoreThread(save); status = false; }}
+ SWIG_Python_Thread_Allow() : status(true), save(PyEval_SaveThread()) {}
+ ~SWIG_Python_Thread_Allow() { end(); }
+ };
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK SWIG_Python_Thread_Block _swig_thread_block
+# define SWIG_PYTHON_THREAD_END_BLOCK _swig_thread_block.end()
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW SWIG_Python_Thread_Allow _swig_thread_allow
+# define SWIG_PYTHON_THREAD_END_ALLOW _swig_thread_allow.end()
+# else /* C code */
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK PyGILState_STATE _swig_thread_block = PyGILState_Ensure()
+# define SWIG_PYTHON_THREAD_END_BLOCK PyGILState_Release(_swig_thread_block)
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW PyThreadState *_swig_thread_allow = PyEval_SaveThread()
+# define SWIG_PYTHON_THREAD_END_ALLOW PyEval_RestoreThread(_swig_thread_allow)
+# endif
+# else /* Old thread way, not implemented, user must provide it */
+# if !defined(SWIG_PYTHON_INITIALIZE_THREADS)
+# define SWIG_PYTHON_INITIALIZE_THREADS
+# endif
+# if !defined(SWIG_PYTHON_THREAD_BEGIN_BLOCK)
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK
+# endif
+# if !defined(SWIG_PYTHON_THREAD_END_BLOCK)
+# define SWIG_PYTHON_THREAD_END_BLOCK
+# endif
+# if !defined(SWIG_PYTHON_THREAD_BEGIN_ALLOW)
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW
+# endif
+# if !defined(SWIG_PYTHON_THREAD_END_ALLOW)
+# define SWIG_PYTHON_THREAD_END_ALLOW
+# endif
+# endif
+#else /* No thread support */
+# define SWIG_PYTHON_INITIALIZE_THREADS
+# define SWIG_PYTHON_THREAD_BEGIN_BLOCK
+# define SWIG_PYTHON_THREAD_END_BLOCK
+# define SWIG_PYTHON_THREAD_BEGIN_ALLOW
+# define SWIG_PYTHON_THREAD_END_ALLOW
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Python API portion that goes into the runtime
+ * ----------------------------------------------------------------------------- */
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* cc-mode */
+#endif
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Constant declarations
+ * ----------------------------------------------------------------------------- */
+
+/* Constant Types */
+#define SWIG_PY_POINTER 4
+#define SWIG_PY_BINARY 5
+
+/* Constant information structure */
+typedef struct swig_const_info {
+ int type;
+ char *name;
+ long lvalue;
+ double dvalue;
+ void *pvalue;
+ swig_type_info **ptype;
+} swig_const_info;
+
+#ifdef __cplusplus
+#if 0
+{ /* cc-mode */
+#endif
+}
+#endif
+
+
+/* -----------------------------------------------------------------------------
+ * See the LICENSE file for information on copyright, usage and redistribution
+ * of SWIG, and the README file for authors - http://www.swig.org/release.html.
+ *
+ * pyrun.swg
+ *
+ * This file contains the runtime support for Python modules
+ * and includes code for managing global variables and pointer
+ * type checking.
+ *
+ * ----------------------------------------------------------------------------- */
+
+/* Common SWIG API */
+
+/* for raw pointers */
+#define SWIG_Python_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, 0)
+#define SWIG_ConvertPtr(obj, pptr, type, flags) SWIG_Python_ConvertPtr(obj, pptr, type, flags)
+#define SWIG_ConvertPtrAndOwn(obj,pptr,type,flags,own) SWIG_Python_ConvertPtrAndOwn(obj, pptr, type, flags, own)
+#define SWIG_NewPointerObj(ptr, type, flags) SWIG_Python_NewPointerObj(ptr, type, flags)
+#define SWIG_CheckImplicit(ty) SWIG_Python_CheckImplicit(ty)
+#define SWIG_AcquirePtr(ptr, src) SWIG_Python_AcquirePtr(ptr, src)
+#define swig_owntype int
+
+/* for raw packed data */
+#define SWIG_ConvertPacked(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty)
+#define SWIG_NewPackedObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type)
+
+/* for class or struct pointers */
+#define SWIG_ConvertInstance(obj, pptr, type, flags) SWIG_ConvertPtr(obj, pptr, type, flags)
+#define SWIG_NewInstanceObj(ptr, type, flags) SWIG_NewPointerObj(ptr, type, flags)
+
+/* for C or C++ function pointers */
+#define SWIG_ConvertFunctionPtr(obj, pptr, type) SWIG_Python_ConvertFunctionPtr(obj, pptr, type)
+#define SWIG_NewFunctionPtrObj(ptr, type) SWIG_Python_NewPointerObj(ptr, type, 0)
+
+/* for C++ member pointers, ie, member methods */
+#define SWIG_ConvertMember(obj, ptr, sz, ty) SWIG_Python_ConvertPacked(obj, ptr, sz, ty)
+#define SWIG_NewMemberObj(ptr, sz, type) SWIG_Python_NewPackedObj(ptr, sz, type)
+
+
+/* Runtime API */
+
+#define SWIG_GetModule(clientdata) SWIG_Python_GetModule()
+#define SWIG_SetModule(clientdata, pointer) SWIG_Python_SetModule(pointer)
+#define SWIG_NewClientData(obj) PySwigClientData_New(obj)
+
+#define SWIG_SetErrorObj SWIG_Python_SetErrorObj
+#define SWIG_SetErrorMsg SWIG_Python_SetErrorMsg
+#define SWIG_ErrorType(code) SWIG_Python_ErrorType(code)
+#define SWIG_Error(code, msg) SWIG_Python_SetErrorMsg(SWIG_ErrorType(code), msg)
+#define SWIG_fail goto fail
+
+
+/* Runtime API implementation */
+
+/* Error manipulation */
+
+SWIGINTERN void
+SWIG_Python_SetErrorObj(PyObject *errtype, PyObject *obj) {
+ SWIG_PYTHON_THREAD_BEGIN_BLOCK;
+ PyErr_SetObject(errtype, obj);
+ Py_DECREF(obj);
+ SWIG_PYTHON_THREAD_END_BLOCK;
+}
+
+SWIGINTERN void
+SWIG_Python_SetErrorMsg(PyObject *errtype, const char *msg) {
+ SWIG_PYTHON_THREAD_BEGIN_BLOCK;
+ PyErr_SetString(errtype, (char *) msg);
+ SWIG_PYTHON_THREAD_END_BLOCK;
+}
+
+#define SWIG_Python_Raise(obj, type, desc) SWIG_Python_SetErrorObj(SWIG_Python_ExceptionType(desc), obj)
+
+/* Set a constant value */
+
+SWIGINTERN void
+SWIG_Python_SetConstant(PyObject *d, const char *name, PyObject *obj) {
+ PyDict_SetItemString(d, (char*) name, obj);
+ Py_DECREF(obj);
+}
+
+/* Append a value to the result obj */
+
+SWIGINTERN PyObject*
+SWIG_Python_AppendOutput(PyObject* result, PyObject* obj) {
+#if !defined(SWIG_PYTHON_OUTPUT_TUPLE)
+ if (!result) {
+ result = obj;
+ } else if (result == Py_None) {
+ Py_DECREF(result);
+ result = obj;
+ } else {
+ if (!PyList_Check(result)) {
+ PyObject *o2 = result;
+ result = PyList_New(1);
+ PyList_SetItem(result, 0, o2);
+ }
+ PyList_Append(result,obj);
+ Py_DECREF(obj);
+ }
+ return result;
+#else
+ PyObject* o2;
+ PyObject* o3;
+ if (!result) {
+ result = obj;
+ } else if (result == Py_None) {
+ Py_DECREF(result);
+ result = obj;
+ } else {
+ if (!PyTuple_Check(result)) {
+ o2 = result;
+ result = PyTuple_New(1);
+ PyTuple_SET_ITEM(result, 0, o2);
+ }
+ o3 = PyTuple_New(1);
+ PyTuple_SET_ITEM(o3, 0, obj);
+ o2 = result;
+ result = PySequence_Concat(o2, o3);
+ Py_DECREF(o2);
+ Py_DECREF(o3);
+ }
+ return result;
+#endif
+}
+
+/* Unpack the argument tuple */
+
+SWIGINTERN int
+SWIG_Python_UnpackTuple(PyObject *args, const char *name, Py_ssize_t min, Py_ssize_t max, PyObject **objs)
+{
+ if (!args) {
+ if (!min && !max) {
+ return 1;
+ } else {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got none",
+ name, (min == max ? "" : "at least "), (int)min);
+ return 0;
+ }
+ }
+ if (!PyTuple_Check(args)) {
+ PyErr_SetString(PyExc_SystemError, "UnpackTuple() argument list is not a tuple");
+ return 0;
+ } else {
+ register Py_ssize_t l = PyTuple_GET_SIZE(args);
+ if (l < min) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+ name, (min == max ? "" : "at least "), (int)min, (int)l);
+ return 0;
+ } else if (l > max) {
+ PyErr_Format(PyExc_TypeError, "%s expected %s%d arguments, got %d",
+ name, (min == max ? "" : "at most "), (int)max, (int)l);
+ return 0;
+ } else {
+ register int i;
+ for (i = 0; i < l; ++i) {
+ objs[i] = PyTuple_GET_ITEM(args, i);
+ }
+ for (; l < max; ++l) {
+ objs[l] = 0;
+ }
+ return i + 1;
+ }
+ }
+}
+
+/* A functor is a function object with one single object argument */
+#if PY_VERSION_HEX >= 0x02020000
+#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunctionObjArgs(functor, obj, NULL);
+#else
+#define SWIG_Python_CallFunctor(functor, obj) PyObject_CallFunction(functor, "O", obj);
+#endif
+
+/*
+ Helper for static pointer initialization for both C and C++ code, for example
+ static PyObject *SWIG_STATIC_POINTER(MyVar) = NewSomething(...);
+*/
+#ifdef __cplusplus
+#define SWIG_STATIC_POINTER(var) var
+#else
+#define SWIG_STATIC_POINTER(var) var = 0; if (!var) var
+#endif
+
+/* -----------------------------------------------------------------------------
+ * Pointer declarations
+ * ----------------------------------------------------------------------------- */
+
+/* Flags for new pointer objects */
+#define SWIG_POINTER_NOSHADOW (SWIG_POINTER_OWN << 1)
+#define SWIG_POINTER_NEW (SWIG_POINTER_NOSHADOW | SWIG_POINTER_OWN)
+
+#define SWIG_POINTER_IMPLICIT_CONV (SWIG_POINTER_DISOWN << 1)
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* cc-mode */
+#endif
+#endif
+
+/* How to access Py_None */
+#if defined(_WIN32) || defined(__WIN32__) || defined(__CYGWIN__)
+# ifndef SWIG_PYTHON_NO_BUILD_NONE
+# ifndef SWIG_PYTHON_BUILD_NONE
+# define SWIG_PYTHON_BUILD_NONE
+# endif
+# endif
+#endif
+
+#ifdef SWIG_PYTHON_BUILD_NONE
+# ifdef Py_None
+# undef Py_None
+# define Py_None SWIG_Py_None()
+# endif
+SWIGRUNTIMEINLINE PyObject *
+_SWIG_Py_None(void)
+{
+ PyObject *none = Py_BuildValue((char*)"");
+ Py_DECREF(none);
+ return none;
+}
+SWIGRUNTIME PyObject *
+SWIG_Py_None(void)
+{
+ static PyObject *SWIG_STATIC_POINTER(none) = _SWIG_Py_None();
+ return none;
+}
+#endif
+
+/* The python void return value */
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Py_Void(void)
+{
+ PyObject *none = Py_None;
+ Py_INCREF(none);
+ return none;
+}
+
+/* PySwigClientData */
+
+typedef struct {
+ PyObject *klass;
+ PyObject *newraw;
+ PyObject *newargs;
+ PyObject *destroy;
+ int delargs;
+ int implicitconv;
+} PySwigClientData;
+
+SWIGRUNTIMEINLINE int
+SWIG_Python_CheckImplicit(swig_type_info *ty)
+{
+ PySwigClientData *data = (PySwigClientData *)ty->clientdata;
+ return data ? data->implicitconv : 0;
+}
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Python_ExceptionType(swig_type_info *desc) {
+ PySwigClientData *data = desc ? (PySwigClientData *) desc->clientdata : 0;
+ PyObject *klass = data ? data->klass : 0;
+ return (klass ? klass : PyExc_RuntimeError);
+}
+
+
+SWIGRUNTIME PySwigClientData *
+PySwigClientData_New(PyObject* obj)
+{
+ if (!obj) {
+ return 0;
+ } else {
+ PySwigClientData *data = (PySwigClientData *)malloc(sizeof(PySwigClientData));
+ /* the klass element */
+ data->klass = obj;
+ Py_INCREF(data->klass);
+ /* the newraw method and newargs arguments used to create a new raw instance */
+ if (PyClass_Check(obj)) {
+ data->newraw = 0;
+ data->newargs = obj;
+ Py_INCREF(obj);
+ } else {
+#if (PY_VERSION_HEX < 0x02020000)
+ data->newraw = 0;
+#else
+ data->newraw = PyObject_GetAttrString(data->klass, (char *)"__new__");
+#endif
+ if (data->newraw) {
+ Py_INCREF(data->newraw);
+ data->newargs = PyTuple_New(1);
+ PyTuple_SetItem(data->newargs, 0, obj);
+ } else {
+ data->newargs = obj;
+ }
+ Py_INCREF(data->newargs);
+ }
+ /* the destroy method, aka as the C++ delete method */
+ data->destroy = PyObject_GetAttrString(data->klass, (char *)"__swig_destroy__");
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ data->destroy = 0;
+ }
+ if (data->destroy) {
+ int flags;
+ Py_INCREF(data->destroy);
+ flags = PyCFunction_GET_FLAGS(data->destroy);
+#ifdef METH_O
+ data->delargs = !(flags & (METH_O));
+#else
+ data->delargs = 0;
+#endif
+ } else {
+ data->delargs = 0;
+ }
+ data->implicitconv = 0;
+ return data;
+ }
+}
+
+SWIGRUNTIME void
+PySwigClientData_Del(PySwigClientData* data)
+{
+ Py_XDECREF(data->newraw);
+ Py_XDECREF(data->newargs);
+ Py_XDECREF(data->destroy);
+}
+
+/* =============== PySwigObject =====================*/
+
+typedef struct {
+ PyObject_HEAD
+ void *ptr;
+ swig_type_info *ty;
+ int own;
+ PyObject *next;
+} PySwigObject;
+
+SWIGRUNTIME PyObject *
+PySwigObject_long(PySwigObject *v)
+{
+ return PyLong_FromVoidPtr(v->ptr);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_format(const char* fmt, PySwigObject *v)
+{
+ PyObject *res = NULL;
+ PyObject *args = PyTuple_New(1);
+ if (args) {
+ if (PyTuple_SetItem(args, 0, PySwigObject_long(v)) == 0) {
+ PyObject *ofmt = PyString_FromString(fmt);
+ if (ofmt) {
+ res = PyString_Format(ofmt,args);
+ Py_DECREF(ofmt);
+ }
+ Py_DECREF(args);
+ }
+ }
+ return res;
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_oct(PySwigObject *v)
+{
+ return PySwigObject_format("%o",v);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_hex(PySwigObject *v)
+{
+ return PySwigObject_format("%x",v);
+}
+
+SWIGRUNTIME PyObject *
+#ifdef METH_NOARGS
+PySwigObject_repr(PySwigObject *v)
+#else
+PySwigObject_repr(PySwigObject *v, PyObject *args)
+#endif
+{
+ const char *name = SWIG_TypePrettyName(v->ty);
+ PyObject *hex = PySwigObject_hex(v);
+ PyObject *repr = PyString_FromFormat("<Swig Object of type '%s' at 0x%s>", name, PyString_AsString(hex));
+ Py_DECREF(hex);
+ if (v->next) {
+#ifdef METH_NOARGS
+ PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next);
+#else
+ PyObject *nrep = PySwigObject_repr((PySwigObject *)v->next, args);
+#endif
+ PyString_ConcatAndDel(&repr,nrep);
+ }
+ return repr;
+}
+
+SWIGRUNTIME int
+PySwigObject_print(PySwigObject *v, FILE *fp, int SWIGUNUSEDPARM(flags))
+{
+#ifdef METH_NOARGS
+ PyObject *repr = PySwigObject_repr(v);
+#else
+ PyObject *repr = PySwigObject_repr(v, NULL);
+#endif
+ if (repr) {
+ fputs(PyString_AsString(repr), fp);
+ Py_DECREF(repr);
+ return 0;
+ } else {
+ return 1;
+ }
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_str(PySwigObject *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ return SWIG_PackVoidPtr(result, v->ptr, v->ty->name, sizeof(result)) ?
+ PyString_FromString(result) : 0;
+}
+
+SWIGRUNTIME int
+PySwigObject_compare(PySwigObject *v, PySwigObject *w)
+{
+ void *i = v->ptr;
+ void *j = w->ptr;
+ return (i < j) ? -1 : ((i > j) ? 1 : 0);
+}
+
+SWIGRUNTIME PyTypeObject* _PySwigObject_type(void);
+
+SWIGRUNTIME PyTypeObject*
+PySwigObject_type(void) {
+ static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigObject_type();
+ return type;
+}
+
+SWIGRUNTIMEINLINE int
+PySwigObject_Check(PyObject *op) {
+ return ((op)->ob_type == PySwigObject_type())
+ || (strcmp((op)->ob_type->tp_name,"PySwigObject") == 0);
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_New(void *ptr, swig_type_info *ty, int own);
+
+SWIGRUNTIME void
+PySwigObject_dealloc(PyObject *v)
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+ PyObject *next = sobj->next;
+ if (sobj->own) {
+ swig_type_info *ty = sobj->ty;
+ PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
+ PyObject *destroy = data ? data->destroy : 0;
+ if (destroy) {
+ /* destroy is always a VARARGS method */
+ PyObject *res;
+ if (data->delargs) {
+ /* we need to create a temporal object to carry the destroy operation */
+ PyObject *tmp = PySwigObject_New(sobj->ptr, ty, 0);
+ res = SWIG_Python_CallFunctor(destroy, tmp);
+ Py_DECREF(tmp);
+ } else {
+ PyCFunction meth = PyCFunction_GET_FUNCTION(destroy);
+ PyObject *mself = PyCFunction_GET_SELF(destroy);
+ res = ((*meth)(mself, v));
+ }
+ Py_XDECREF(res);
+ } else {
+ const char *name = SWIG_TypePrettyName(ty);
+#if !defined(SWIG_PYTHON_SILENT_MEMLEAK)
+ printf("swig/python detected a memory leak of type '%s', no destructor found.\n", name);
+#endif
+ }
+ }
+ Py_XDECREF(next);
+ PyObject_DEL(v);
+}
+
+SWIGRUNTIME PyObject*
+PySwigObject_append(PyObject* v, PyObject* next)
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+#ifndef METH_O
+ PyObject *tmp = 0;
+ if (!PyArg_ParseTuple(next,(char *)"O:append", &tmp)) return NULL;
+ next = tmp;
+#endif
+ if (!PySwigObject_Check(next)) {
+ return NULL;
+ }
+ sobj->next = next;
+ Py_INCREF(next);
+ return SWIG_Py_Void();
+}
+
+SWIGRUNTIME PyObject*
+#ifdef METH_NOARGS
+PySwigObject_next(PyObject* v)
+#else
+PySwigObject_next(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *) v;
+ if (sobj->next) {
+ Py_INCREF(sobj->next);
+ return sobj->next;
+ } else {
+ return SWIG_Py_Void();
+ }
+}
+
+SWIGINTERN PyObject*
+#ifdef METH_NOARGS
+PySwigObject_disown(PyObject *v)
+#else
+PySwigObject_disown(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *)v;
+ sobj->own = 0;
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject*
+#ifdef METH_NOARGS
+PySwigObject_acquire(PyObject *v)
+#else
+PySwigObject_acquire(PyObject* v, PyObject *SWIGUNUSEDPARM(args))
+#endif
+{
+ PySwigObject *sobj = (PySwigObject *)v;
+ sobj->own = SWIG_POINTER_OWN;
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject*
+PySwigObject_own(PyObject *v, PyObject *args)
+{
+ PyObject *val = 0;
+#if (PY_VERSION_HEX < 0x02020000)
+ if (!PyArg_ParseTuple(args,(char *)"|O:own",&val))
+#else
+ if (!PyArg_UnpackTuple(args, (char *)"own", 0, 1, &val))
+#endif
+ {
+ return NULL;
+ }
+ else
+ {
+ PySwigObject *sobj = (PySwigObject *)v;
+ PyObject *obj = PyBool_FromLong(sobj->own);
+ if (val) {
+#ifdef METH_NOARGS
+ if (PyObject_IsTrue(val)) {
+ PySwigObject_acquire(v);
+ } else {
+ PySwigObject_disown(v);
+ }
+#else
+ if (PyObject_IsTrue(val)) {
+ PySwigObject_acquire(v,args);
+ } else {
+ PySwigObject_disown(v,args);
+ }
+#endif
+ }
+ return obj;
+ }
+}
+
+#ifdef METH_O
+static PyMethodDef
+swigobject_methods[] = {
+ {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_NOARGS, (char *)"releases ownership of the pointer"},
+ {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_NOARGS, (char *)"aquires ownership of the pointer"},
+ {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"},
+ {(char *)"append", (PyCFunction)PySwigObject_append, METH_O, (char *)"appends another 'this' object"},
+ {(char *)"next", (PyCFunction)PySwigObject_next, METH_NOARGS, (char *)"returns the next 'this' object"},
+ {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_NOARGS, (char *)"returns object representation"},
+ {0, 0, 0, 0}
+};
+#else
+static PyMethodDef
+swigobject_methods[] = {
+ {(char *)"disown", (PyCFunction)PySwigObject_disown, METH_VARARGS, (char *)"releases ownership of the pointer"},
+ {(char *)"acquire", (PyCFunction)PySwigObject_acquire, METH_VARARGS, (char *)"aquires ownership of the pointer"},
+ {(char *)"own", (PyCFunction)PySwigObject_own, METH_VARARGS, (char *)"returns/sets ownership of the pointer"},
+ {(char *)"append", (PyCFunction)PySwigObject_append, METH_VARARGS, (char *)"appends another 'this' object"},
+ {(char *)"next", (PyCFunction)PySwigObject_next, METH_VARARGS, (char *)"returns the next 'this' object"},
+ {(char *)"__repr__",(PyCFunction)PySwigObject_repr, METH_VARARGS, (char *)"returns object representation"},
+ {0, 0, 0, 0}
+};
+#endif
+
+#if PY_VERSION_HEX < 0x02020000
+SWIGINTERN PyObject *
+PySwigObject_getattr(PySwigObject *sobj,char *name)
+{
+ return Py_FindMethod(swigobject_methods, (PyObject *)sobj, name);
+}
+#endif
+
+SWIGRUNTIME PyTypeObject*
+_PySwigObject_type(void) {
+ static char swigobject_doc[] = "Swig object carries a C/C++ instance pointer";
+
+ static PyNumberMethods PySwigObject_as_number = {
+ (binaryfunc)0, /*nb_add*/
+ (binaryfunc)0, /*nb_subtract*/
+ (binaryfunc)0, /*nb_multiply*/
+ (binaryfunc)0, /*nb_divide*/
+ (binaryfunc)0, /*nb_remainder*/
+ (binaryfunc)0, /*nb_divmod*/
+ (ternaryfunc)0,/*nb_power*/
+ (unaryfunc)0, /*nb_negative*/
+ (unaryfunc)0, /*nb_positive*/
+ (unaryfunc)0, /*nb_absolute*/
+ (inquiry)0, /*nb_nonzero*/
+ 0, /*nb_invert*/
+ 0, /*nb_lshift*/
+ 0, /*nb_rshift*/
+ 0, /*nb_and*/
+ 0, /*nb_xor*/
+ 0, /*nb_or*/
+ (coercion)0, /*nb_coerce*/
+ (unaryfunc)PySwigObject_long, /*nb_int*/
+ (unaryfunc)PySwigObject_long, /*nb_long*/
+ (unaryfunc)0, /*nb_float*/
+ (unaryfunc)PySwigObject_oct, /*nb_oct*/
+ (unaryfunc)PySwigObject_hex, /*nb_hex*/
+#if PY_VERSION_HEX >= 0x02050000 /* 2.5.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_index */
+#elif PY_VERSION_HEX >= 0x02020000 /* 2.2.0 */
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_true_divide */
+#elif PY_VERSION_HEX >= 0x02000000 /* 2.0.0 */
+ 0,0,0,0,0,0,0,0,0,0,0 /* nb_inplace_add -> nb_inplace_or */
+#endif
+ };
+
+ static PyTypeObject pyswigobject_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* ob_size */
+ (char *)"PySwigObject", /* tp_name */
+ sizeof(PySwigObject), /* tp_basicsize */
+ 0, /* tp_itemsize */
+ (destructor)PySwigObject_dealloc, /* tp_dealloc */
+ (printfunc)PySwigObject_print, /* tp_print */
+#if PY_VERSION_HEX < 0x02020000
+ (getattrfunc)PySwigObject_getattr, /* tp_getattr */
+#else
+ (getattrfunc)0, /* tp_getattr */
+#endif
+ (setattrfunc)0, /* tp_setattr */
+ (cmpfunc)PySwigObject_compare, /* tp_compare */
+ (reprfunc)PySwigObject_repr, /* tp_repr */
+ &PySwigObject_as_number, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ (hashfunc)0, /* tp_hash */
+ (ternaryfunc)0, /* tp_call */
+ (reprfunc)PySwigObject_str, /* tp_str */
+ PyObject_GenericGetAttr, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT, /* tp_flags */
+ swigobject_doc, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+ swigobject_methods, /* tp_methods */
+ 0, /* tp_members */
+ 0, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+ 0, /* tp_init */
+ 0, /* tp_alloc */
+ 0, /* tp_new */
+ 0, /* tp_free */
+ 0, /* tp_is_gc */
+ 0, /* tp_bases */
+ 0, /* tp_mro */
+ 0, /* tp_cache */
+ 0, /* tp_subclasses */
+ 0, /* tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ pyswigobject_type = tmp;
+ pyswigobject_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &pyswigobject_type;
+}
+
+SWIGRUNTIME PyObject *
+PySwigObject_New(void *ptr, swig_type_info *ty, int own)
+{
+ PySwigObject *sobj = PyObject_NEW(PySwigObject, PySwigObject_type());
+ if (sobj) {
+ sobj->ptr = ptr;
+ sobj->ty = ty;
+ sobj->own = own;
+ sobj->next = 0;
+ }
+ return (PyObject *)sobj;
+}
+
+/* -----------------------------------------------------------------------------
+ * Implements a simple Swig Packed type, and use it instead of string
+ * ----------------------------------------------------------------------------- */
+
+typedef struct {
+ PyObject_HEAD
+ void *pack;
+ swig_type_info *ty;
+ size_t size;
+} PySwigPacked;
+
+SWIGRUNTIME int
+PySwigPacked_print(PySwigPacked *v, FILE *fp, int SWIGUNUSEDPARM(flags))
+{
+ char result[SWIG_BUFFER_SIZE];
+ fputs("<Swig Packed ", fp);
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) {
+ fputs("at ", fp);
+ fputs(result, fp);
+ }
+ fputs(v->ty->name,fp);
+ fputs(">", fp);
+ return 0;
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_repr(PySwigPacked *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))) {
+ return PyString_FromFormat("<Swig Packed at %s%s>", result, v->ty->name);
+ } else {
+ return PyString_FromFormat("<Swig Packed %s>", v->ty->name);
+ }
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_str(PySwigPacked *v)
+{
+ char result[SWIG_BUFFER_SIZE];
+ if (SWIG_PackDataName(result, v->pack, v->size, 0, sizeof(result))){
+ return PyString_FromFormat("%s%s", result, v->ty->name);
+ } else {
+ return PyString_FromString(v->ty->name);
+ }
+}
+
+SWIGRUNTIME int
+PySwigPacked_compare(PySwigPacked *v, PySwigPacked *w)
+{
+ size_t i = v->size;
+ size_t j = w->size;
+ int s = (i < j) ? -1 : ((i > j) ? 1 : 0);
+ return s ? s : strncmp((char *)v->pack, (char *)w->pack, 2*v->size);
+}
+
+SWIGRUNTIME PyTypeObject* _PySwigPacked_type(void);
+
+SWIGRUNTIME PyTypeObject*
+PySwigPacked_type(void) {
+ static PyTypeObject *SWIG_STATIC_POINTER(type) = _PySwigPacked_type();
+ return type;
+}
+
+SWIGRUNTIMEINLINE int
+PySwigPacked_Check(PyObject *op) {
+ return ((op)->ob_type == _PySwigPacked_type())
+ || (strcmp((op)->ob_type->tp_name,"PySwigPacked") == 0);
+}
+
+SWIGRUNTIME void
+PySwigPacked_dealloc(PyObject *v)
+{
+ if (PySwigPacked_Check(v)) {
+ PySwigPacked *sobj = (PySwigPacked *) v;
+ free(sobj->pack);
+ }
+ PyObject_DEL(v);
+}
+
+SWIGRUNTIME PyTypeObject*
+_PySwigPacked_type(void) {
+ static char swigpacked_doc[] = "Swig object carries a C/C++ instance pointer";
+ static PyTypeObject pyswigpacked_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* ob_size */
+ (char *)"PySwigPacked", /* tp_name */
+ sizeof(PySwigPacked), /* tp_basicsize */
+ 0, /* tp_itemsize */
+ (destructor)PySwigPacked_dealloc, /* tp_dealloc */
+ (printfunc)PySwigPacked_print, /* tp_print */
+ (getattrfunc)0, /* tp_getattr */
+ (setattrfunc)0, /* tp_setattr */
+ (cmpfunc)PySwigPacked_compare, /* tp_compare */
+ (reprfunc)PySwigPacked_repr, /* tp_repr */
+ 0, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ (hashfunc)0, /* tp_hash */
+ (ternaryfunc)0, /* tp_call */
+ (reprfunc)PySwigPacked_str, /* tp_str */
+ PyObject_GenericGetAttr, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ Py_TPFLAGS_DEFAULT, /* tp_flags */
+ swigpacked_doc, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0, /* tp_iter */
+ 0, /* tp_iternext */
+ 0, /* tp_methods */
+ 0, /* tp_members */
+ 0, /* tp_getset */
+ 0, /* tp_base */
+ 0, /* tp_dict */
+ 0, /* tp_descr_get */
+ 0, /* tp_descr_set */
+ 0, /* tp_dictoffset */
+ 0, /* tp_init */
+ 0, /* tp_alloc */
+ 0, /* tp_new */
+ 0, /* tp_free */
+ 0, /* tp_is_gc */
+ 0, /* tp_bases */
+ 0, /* tp_mro */
+ 0, /* tp_cache */
+ 0, /* tp_subclasses */
+ 0, /* tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ pyswigpacked_type = tmp;
+ pyswigpacked_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &pyswigpacked_type;
+}
+
+SWIGRUNTIME PyObject *
+PySwigPacked_New(void *ptr, size_t size, swig_type_info *ty)
+{
+ PySwigPacked *sobj = PyObject_NEW(PySwigPacked, PySwigPacked_type());
+ if (sobj) {
+ void *pack = malloc(size);
+ if (pack) {
+ memcpy(pack, ptr, size);
+ sobj->pack = pack;
+ sobj->ty = ty;
+ sobj->size = size;
+ } else {
+ PyObject_DEL((PyObject *) sobj);
+ sobj = 0;
+ }
+ }
+ return (PyObject *) sobj;
+}
+
+SWIGRUNTIME swig_type_info *
+PySwigPacked_UnpackData(PyObject *obj, void *ptr, size_t size)
+{
+ if (PySwigPacked_Check(obj)) {
+ PySwigPacked *sobj = (PySwigPacked *)obj;
+ if (sobj->size != size) return 0;
+ memcpy(ptr, sobj->pack, size);
+ return sobj->ty;
+ } else {
+ return 0;
+ }
+}
+
+/* -----------------------------------------------------------------------------
+ * pointers/data manipulation
+ * ----------------------------------------------------------------------------- */
+
+SWIGRUNTIMEINLINE PyObject *
+_SWIG_This(void)
+{
+ return PyString_FromString("this");
+}
+
+SWIGRUNTIME PyObject *
+SWIG_This(void)
+{
+ static PyObject *SWIG_STATIC_POINTER(swig_this) = _SWIG_This();
+ return swig_this;
+}
+
+/* #define SWIG_PYTHON_SLOW_GETSET_THIS */
+
+SWIGRUNTIME PySwigObject *
+SWIG_Python_GetSwigThis(PyObject *pyobj)
+{
+ if (PySwigObject_Check(pyobj)) {
+ return (PySwigObject *) pyobj;
+ } else {
+ PyObject *obj = 0;
+#if (!defined(SWIG_PYTHON_SLOW_GETSET_THIS) && (PY_VERSION_HEX >= 0x02030000))
+ if (PyInstance_Check(pyobj)) {
+ obj = _PyInstance_Lookup(pyobj, SWIG_This());
+ } else {
+ PyObject **dictptr = _PyObject_GetDictPtr(pyobj);
+ if (dictptr != NULL) {
+ PyObject *dict = *dictptr;
+ obj = dict ? PyDict_GetItem(dict, SWIG_This()) : 0;
+ } else {
+#ifdef PyWeakref_CheckProxy
+ if (PyWeakref_CheckProxy(pyobj)) {
+ PyObject *wobj = PyWeakref_GET_OBJECT(pyobj);
+ return wobj ? SWIG_Python_GetSwigThis(wobj) : 0;
+ }
+#endif
+ obj = PyObject_GetAttr(pyobj,SWIG_This());
+ if (obj) {
+ Py_DECREF(obj);
+ } else {
+ if (PyErr_Occurred()) PyErr_Clear();
+ return 0;
+ }
+ }
+ }
+#else
+ obj = PyObject_GetAttr(pyobj,SWIG_This());
+ if (obj) {
+ Py_DECREF(obj);
+ } else {
+ if (PyErr_Occurred()) PyErr_Clear();
+ return 0;
+ }
+#endif
+ if (obj && !PySwigObject_Check(obj)) {
+ /* a PyObject is called 'this', try to get the 'real this'
+ PySwigObject from it */
+ return SWIG_Python_GetSwigThis(obj);
+ }
+ return (PySwigObject *)obj;
+ }
+}
+
+/* Acquire a pointer value */
+
+SWIGRUNTIME int
+SWIG_Python_AcquirePtr(PyObject *obj, int own) {
+ if (own) {
+ PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ if (sobj) {
+ int oldown = sobj->own;
+ sobj->own = own;
+ return oldown;
+ }
+ }
+ return 0;
+}
+
+/* Convert a pointer value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertPtrAndOwn(PyObject *obj, void **ptr, swig_type_info *ty, int flags, int *own) {
+ if (!obj) return SWIG_ERROR;
+ if (obj == Py_None) {
+ if (ptr) *ptr = 0;
+ return SWIG_OK;
+ } else {
+ PySwigObject *sobj = SWIG_Python_GetSwigThis(obj);
+ while (sobj) {
+ void *vptr = sobj->ptr;
+ if (ty) {
+ swig_type_info *to = sobj->ty;
+ if (to == ty) {
+ /* no type cast needed */
+ if (ptr) *ptr = vptr;
+ break;
+ } else {
+ swig_cast_info *tc = SWIG_TypeCheck(to->name,ty);
+ if (!tc) {
+ sobj = (PySwigObject *)sobj->next;
+ } else {
+ if (ptr) *ptr = SWIG_TypeCast(tc,vptr);
+ break;
+ }
+ }
+ } else {
+ if (ptr) *ptr = vptr;
+ break;
+ }
+ }
+ if (sobj) {
+ if (own) *own = sobj->own;
+ if (flags & SWIG_POINTER_DISOWN) {
+ sobj->own = 0;
+ }
+ return SWIG_OK;
+ } else {
+ int res = SWIG_ERROR;
+ if (flags & SWIG_POINTER_IMPLICIT_CONV) {
+ PySwigClientData *data = ty ? (PySwigClientData *) ty->clientdata : 0;
+ if (data && !data->implicitconv) {
+ PyObject *klass = data->klass;
+ if (klass) {
+ PyObject *impconv;
+ data->implicitconv = 1; /* avoid recursion and call 'explicit' constructors*/
+ impconv = SWIG_Python_CallFunctor(klass, obj);
+ data->implicitconv = 0;
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ impconv = 0;
+ }
+ if (impconv) {
+ PySwigObject *iobj = SWIG_Python_GetSwigThis(impconv);
+ if (iobj) {
+ void *vptr;
+ res = SWIG_Python_ConvertPtrAndOwn((PyObject*)iobj, &vptr, ty, 0, 0);
+ if (SWIG_IsOK(res)) {
+ if (ptr) {
+ *ptr = vptr;
+ /* transfer the ownership to 'ptr' */
+ iobj->own = 0;
+ res = SWIG_AddCast(res);
+ res = SWIG_AddNewMask(res);
+ } else {
+ res = SWIG_AddCast(res);
+ }
+ }
+ }
+ Py_DECREF(impconv);
+ }
+ }
+ }
+ }
+ return res;
+ }
+ }
+}
+
+/* Convert a function ptr value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertFunctionPtr(PyObject *obj, void **ptr, swig_type_info *ty) {
+ if (!PyCFunction_Check(obj)) {
+ return SWIG_ConvertPtr(obj, ptr, ty, 0);
+ } else {
+ void *vptr = 0;
+
+ /* here we get the method pointer for callbacks */
+ const char *doc = (((PyCFunctionObject *)obj) -> m_ml -> ml_doc);
+ const char *desc = doc ? strstr(doc, "swig_ptr: ") : 0;
+ if (desc) {
+ desc = ty ? SWIG_UnpackVoidPtr(desc + 10, &vptr, ty->name) : 0;
+ if (!desc) return SWIG_ERROR;
+ }
+ if (ty) {
+ swig_cast_info *tc = SWIG_TypeCheck(desc,ty);
+ if (!tc) return SWIG_ERROR;
+ *ptr = SWIG_TypeCast(tc,vptr);
+ } else {
+ *ptr = vptr;
+ }
+ return SWIG_OK;
+ }
+}
+
+/* Convert a packed value value */
+
+SWIGRUNTIME int
+SWIG_Python_ConvertPacked(PyObject *obj, void *ptr, size_t sz, swig_type_info *ty) {
+ swig_type_info *to = PySwigPacked_UnpackData(obj, ptr, sz);
+ if (!to) return SWIG_ERROR;
+ if (ty) {
+ if (to != ty) {
+ /* check type cast? */
+ swig_cast_info *tc = SWIG_TypeCheck(to->name,ty);
+ if (!tc) return SWIG_ERROR;
+ }
+ }
+ return SWIG_OK;
+}
+
+/* -----------------------------------------------------------------------------
+ * Create a new pointer object
+ * ----------------------------------------------------------------------------- */
+
+/*
+ Create a new instance object, whitout calling __init__, and set the
+ 'this' attribute.
+*/
+
+SWIGRUNTIME PyObject*
+SWIG_Python_NewShadowInstance(PySwigClientData *data, PyObject *swig_this)
+{
+#if (PY_VERSION_HEX >= 0x02020000)
+ PyObject *inst = 0;
+ PyObject *newraw = data->newraw;
+ if (newraw) {
+ inst = PyObject_Call(newraw, data->newargs, NULL);
+ if (inst) {
+#if !defined(SWIG_PYTHON_SLOW_GETSET_THIS)
+ PyObject **dictptr = _PyObject_GetDictPtr(inst);
+ if (dictptr != NULL) {
+ PyObject *dict = *dictptr;
+ if (dict == NULL) {
+ dict = PyDict_New();
+ *dictptr = dict;
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ }
+ }
+#else
+ PyObject *key = SWIG_This();
+ PyObject_SetAttr(inst, key, swig_this);
+#endif
+ }
+ } else {
+ PyObject *dict = PyDict_New();
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ inst = PyInstance_NewRaw(data->newargs, dict);
+ Py_DECREF(dict);
+ }
+ return inst;
+#else
+#if (PY_VERSION_HEX >= 0x02010000)
+ PyObject *inst;
+ PyObject *dict = PyDict_New();
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ inst = PyInstance_NewRaw(data->newargs, dict);
+ Py_DECREF(dict);
+ return (PyObject *) inst;
+#else
+ PyInstanceObject *inst = PyObject_NEW(PyInstanceObject, &PyInstance_Type);
+ if (inst == NULL) {
+ return NULL;
+ }
+ inst->in_class = (PyClassObject *)data->newargs;
+ Py_INCREF(inst->in_class);
+ inst->in_dict = PyDict_New();
+ if (inst->in_dict == NULL) {
+ Py_DECREF(inst);
+ return NULL;
+ }
+#ifdef Py_TPFLAGS_HAVE_WEAKREFS
+ inst->in_weakreflist = NULL;
+#endif
+#ifdef Py_TPFLAGS_GC
+ PyObject_GC_Init(inst);
+#endif
+ PyDict_SetItem(inst->in_dict, SWIG_This(), swig_this);
+ return (PyObject *) inst;
+#endif
+#endif
+}
+
+SWIGRUNTIME void
+SWIG_Python_SetSwigThis(PyObject *inst, PyObject *swig_this)
+{
+ PyObject *dict;
+#if (PY_VERSION_HEX >= 0x02020000) && !defined(SWIG_PYTHON_SLOW_GETSET_THIS)
+ PyObject **dictptr = _PyObject_GetDictPtr(inst);
+ if (dictptr != NULL) {
+ dict = *dictptr;
+ if (dict == NULL) {
+ dict = PyDict_New();
+ *dictptr = dict;
+ }
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ return;
+ }
+#endif
+ dict = PyObject_GetAttrString(inst, (char*)"__dict__");
+ PyDict_SetItem(dict, SWIG_This(), swig_this);
+ Py_DECREF(dict);
+}
+
+
+SWIGINTERN PyObject *
+SWIG_Python_InitShadowInstance(PyObject *args) {
+ PyObject *obj[2];
+ if (!SWIG_Python_UnpackTuple(args,(char*)"swiginit", 2, 2, obj)) {
+ return NULL;
+ } else {
+ PySwigObject *sthis = SWIG_Python_GetSwigThis(obj[0]);
+ if (sthis) {
+ PySwigObject_append((PyObject*) sthis, obj[1]);
+ } else {
+ SWIG_Python_SetSwigThis(obj[0], obj[1]);
+ }
+ return SWIG_Py_Void();
+ }
+}
+
+/* Create a new pointer object */
+
+SWIGRUNTIME PyObject *
+SWIG_Python_NewPointerObj(void *ptr, swig_type_info *type, int flags) {
+ if (!ptr) {
+ return SWIG_Py_Void();
+ } else {
+ int own = (flags & SWIG_POINTER_OWN) ? SWIG_POINTER_OWN : 0;
+ PyObject *robj = PySwigObject_New(ptr, type, own);
+ PySwigClientData *clientdata = type ? (PySwigClientData *)(type->clientdata) : 0;
+ if (clientdata && !(flags & SWIG_POINTER_NOSHADOW)) {
+ PyObject *inst = SWIG_Python_NewShadowInstance(clientdata, robj);
+ if (inst) {
+ Py_DECREF(robj);
+ robj = inst;
+ }
+ }
+ return robj;
+ }
+}
+
+/* Create a new packed object */
+
+SWIGRUNTIMEINLINE PyObject *
+SWIG_Python_NewPackedObj(void *ptr, size_t sz, swig_type_info *type) {
+ return ptr ? PySwigPacked_New((void *) ptr, sz, type) : SWIG_Py_Void();
+}
+
+/* -----------------------------------------------------------------------------*
+ * Get type list
+ * -----------------------------------------------------------------------------*/
+
+#ifdef SWIG_LINK_RUNTIME
+void *SWIG_ReturnGlobalTypeList(void *);
+#endif
+
+SWIGRUNTIME swig_module_info *
+SWIG_Python_GetModule(void) {
+ static void *type_pointer = (void *)0;
+ /* first check if module already created */
+ if (!type_pointer) {
+#ifdef SWIG_LINK_RUNTIME
+ type_pointer = SWIG_ReturnGlobalTypeList((void *)0);
+#else
+ type_pointer = PyCObject_Import((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
+ (char*)"type_pointer" SWIG_TYPE_TABLE_NAME);
+ if (PyErr_Occurred()) {
+ PyErr_Clear();
+ type_pointer = (void *)0;
+ }
+#endif
+ }
+ return (swig_module_info *) type_pointer;
+}
+
+#if PY_MAJOR_VERSION < 2
+/* PyModule_AddObject function was introduced in Python 2.0. The following function
+ is copied out of Python/modsupport.c in python version 2.3.4 */
+SWIGINTERN int
+PyModule_AddObject(PyObject *m, char *name, PyObject *o)
+{
+ PyObject *dict;
+ if (!PyModule_Check(m)) {
+ PyErr_SetString(PyExc_TypeError,
+ "PyModule_AddObject() needs module as first arg");
+ return SWIG_ERROR;
+ }
+ if (!o) {
+ PyErr_SetString(PyExc_TypeError,
+ "PyModule_AddObject() needs non-NULL value");
+ return SWIG_ERROR;
+ }
+
+ dict = PyModule_GetDict(m);
+ if (dict == NULL) {
+ /* Internal error -- modules must have a dict! */
+ PyErr_Format(PyExc_SystemError, "module '%s' has no __dict__",
+ PyModule_GetName(m));
+ return SWIG_ERROR;
+ }
+ if (PyDict_SetItemString(dict, name, o))
+ return SWIG_ERROR;
+ Py_DECREF(o);
+ return SWIG_OK;
+}
+#endif
+
+SWIGRUNTIME void
+SWIG_Python_DestroyModule(void *vptr)
+{
+ swig_module_info *swig_module = (swig_module_info *) vptr;
+ swig_type_info **types = swig_module->types;
+ size_t i;
+ for (i =0; i < swig_module->size; ++i) {
+ swig_type_info *ty = types[i];
+ if (ty->owndata) {
+ PySwigClientData *data = (PySwigClientData *) ty->clientdata;
+ if (data) PySwigClientData_Del(data);
+ }
+ }
+ Py_DECREF(SWIG_This());
+}
+
+SWIGRUNTIME void
+SWIG_Python_SetModule(swig_module_info *swig_module) {
+ static PyMethodDef swig_empty_runtime_method_table[] = { {NULL, NULL, 0, NULL} };/* Sentinel */
+
+ PyObject *module = Py_InitModule((char*)"swig_runtime_data" SWIG_RUNTIME_VERSION,
+ swig_empty_runtime_method_table);
+ PyObject *pointer = PyCObject_FromVoidPtr((void *) swig_module, SWIG_Python_DestroyModule);
+ if (pointer && module) {
+ PyModule_AddObject(module, (char*)"type_pointer" SWIG_TYPE_TABLE_NAME, pointer);
+ } else {
+ Py_XDECREF(pointer);
+ }
+}
+
+/* The python cached type query */
+SWIGRUNTIME PyObject *
+SWIG_Python_TypeCache(void) {
+ static PyObject *SWIG_STATIC_POINTER(cache) = PyDict_New();
+ return cache;
+}
+
+SWIGRUNTIME swig_type_info *
+SWIG_Python_TypeQuery(const char *type)
+{
+ PyObject *cache = SWIG_Python_TypeCache();
+ PyObject *key = PyString_FromString(type);
+ PyObject *obj = PyDict_GetItem(cache, key);
+ swig_type_info *descriptor;
+ if (obj) {
+ descriptor = (swig_type_info *) PyCObject_AsVoidPtr(obj);
+ } else {
+ swig_module_info *swig_module = SWIG_Python_GetModule();
+ descriptor = SWIG_TypeQueryModule(swig_module, swig_module, type);
+ if (descriptor) {
+ obj = PyCObject_FromVoidPtr(descriptor, NULL);
+ PyDict_SetItem(cache, key, obj);
+ Py_DECREF(obj);
+ }
+ }
+ Py_DECREF(key);
+ return descriptor;
+}
+
+/*
+ For backward compatibility only
+*/
+#define SWIG_POINTER_EXCEPTION 0
+#define SWIG_arg_fail(arg) SWIG_Python_ArgFail(arg)
+#define SWIG_MustGetPtr(p, type, argnum, flags) SWIG_Python_MustGetPtr(p, type, argnum, flags)
+
+SWIGRUNTIME int
+SWIG_Python_AddErrMesg(const char* mesg, int infront)
+{
+ if (PyErr_Occurred()) {
+ PyObject *type = 0;
+ PyObject *value = 0;
+ PyObject *traceback = 0;
+ PyErr_Fetch(&type, &value, &traceback);
+ if (value) {
+ PyObject *old_str = PyObject_Str(value);
+ Py_XINCREF(type);
+ PyErr_Clear();
+ if (infront) {
+ PyErr_Format(type, "%s %s", mesg, PyString_AsString(old_str));
+ } else {
+ PyErr_Format(type, "%s %s", PyString_AsString(old_str), mesg);
+ }
+ Py_DECREF(old_str);
+ }
+ return 1;
+ } else {
+ return 0;
+ }
+}
+
+SWIGRUNTIME int
+SWIG_Python_ArgFail(int argnum)
+{
+ if (PyErr_Occurred()) {
+ /* add information about failing argument */
+ char mesg[256];
+ PyOS_snprintf(mesg, sizeof(mesg), "argument number %d:", argnum);
+ return SWIG_Python_AddErrMesg(mesg, 1);
+ } else {
+ return 0;
+ }
+}
+
+SWIGRUNTIMEINLINE const char *
+PySwigObject_GetDesc(PyObject *self)
+{
+ PySwigObject *v = (PySwigObject *)self;
+ swig_type_info *ty = v ? v->ty : 0;
+ return ty ? ty->str : (char*)"";
+}
+
+SWIGRUNTIME void
+SWIG_Python_TypeError(const char *type, PyObject *obj)
+{
+ if (type) {
+#if defined(SWIG_COBJECT_TYPES)
+ if (obj && PySwigObject_Check(obj)) {
+ const char *otype = (const char *) PySwigObject_GetDesc(obj);
+ if (otype) {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, 'PySwigObject(%s)' is received",
+ type, otype);
+ return;
+ }
+ } else
+#endif
+ {
+ const char *otype = (obj ? obj->ob_type->tp_name : 0);
+ if (otype) {
+ PyObject *str = PyObject_Str(obj);
+ const char *cstr = str ? PyString_AsString(str) : 0;
+ if (cstr) {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s(%s)' is received",
+ type, otype, cstr);
+ } else {
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected, '%s' is received",
+ type, otype);
+ }
+ Py_XDECREF(str);
+ return;
+ }
+ }
+ PyErr_Format(PyExc_TypeError, "a '%s' is expected", type);
+ } else {
+ PyErr_Format(PyExc_TypeError, "unexpected type is received");
+ }
+}
+
+
+/* Convert a pointer value, signal an exception on a type mismatch */
+SWIGRUNTIME void *
+SWIG_Python_MustGetPtr(PyObject *obj, swig_type_info *ty, int argnum, int flags) {
+ void *result;
+ if (SWIG_Python_ConvertPtr(obj, &result, ty, flags) == -1) {
+ PyErr_Clear();
+ if (flags & SWIG_POINTER_EXCEPTION) {
+ SWIG_Python_TypeError(SWIG_TypePrettyName(ty), obj);
+ SWIG_Python_ArgFail(argnum);
+ }
+ }
+ return result;
+}
+
+
+#ifdef __cplusplus
+#if 0
+{ /* cc-mode */
+#endif
+}
+#endif
+
+
+
+#define SWIG_exception_fail(code, msg) do { SWIG_Error(code, msg); SWIG_fail; } while(0)
+
+#define SWIG_contract_assert(expr, msg) if (!(expr)) { SWIG_Error(SWIG_RuntimeError, msg); SWIG_fail; } else
+
+
+
+/* -------- TYPES TABLE (BEGIN) -------- */
+
+#define SWIGTYPE_p_SELboolean swig_types[0]
+#define SWIGTYPE_p_av_decision swig_types[1]
+#define SWIGTYPE_p_avc_cache_stats swig_types[2]
+#define SWIGTYPE_p_avc_entry swig_types[3]
+#define SWIGTYPE_p_avc_entry_ref swig_types[4]
+#define SWIGTYPE_p_avc_lock_callback swig_types[5]
+#define SWIGTYPE_p_avc_log_callback swig_types[6]
+#define SWIGTYPE_p_avc_memory_callback swig_types[7]
+#define SWIGTYPE_p_avc_thread_callback swig_types[8]
+#define SWIGTYPE_p_char swig_types[9]
+#define SWIGTYPE_p_f_int_p_q_const__char_v_______int swig_types[10]
+#define SWIGTYPE_p_f_p_f_void__void__p_void swig_types[11]
+#define SWIGTYPE_p_f_p_p_char__int swig_types[12]
+#define SWIGTYPE_p_f_p_q_const__char_v_______void swig_types[13]
+#define SWIGTYPE_p_f_p_void__void swig_types[14]
+#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int swig_types[15]
+#define SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void swig_types[16]
+#define SWIGTYPE_p_f_size_t__p_void swig_types[17]
+#define SWIGTYPE_p_f_void__p_void swig_types[18]
+#define SWIGTYPE_p_ino_t swig_types[19]
+#define SWIGTYPE_p_int swig_types[20]
+#define SWIGTYPE_p_p_char swig_types[21]
+#define SWIGTYPE_p_p_p_char swig_types[22]
+#define SWIGTYPE_p_p_security_id swig_types[23]
+#define SWIGTYPE_p_security_class_mapping swig_types[24]
+#define SWIGTYPE_p_security_id swig_types[25]
+#define SWIGTYPE_p_selinux_callback swig_types[26]
+#define SWIGTYPE_p_selinux_opt swig_types[27]
+#define SWIGTYPE_p_unsigned_int swig_types[28]
+#define SWIGTYPE_p_unsigned_short swig_types[29]
+static swig_type_info *swig_types[31];
+static swig_module_info swig_module = {swig_types, 30, 0, 0, 0, 0};
+#define SWIG_TypeQuery(name) SWIG_TypeQueryModule(&swig_module, &swig_module, name)
+#define SWIG_MangledTypeQuery(name) SWIG_MangledTypeQueryModule(&swig_module, &swig_module, name)
+
+/* -------- TYPES TABLE (END) -------- */
+
+#if (PY_VERSION_HEX <= 0x02000000)
+# if !defined(SWIG_PYTHON_CLASSIC)
+# error "This python version requires swig to be run with the '-classic' option"
+# endif
+#endif
+
+/*-----------------------------------------------
+ @(target):= _selinux.so
+ ------------------------------------------------*/
+#define SWIG_init init_selinux
+
+#define SWIG_name "_selinux"
+
+#define SWIGVERSION 0x010333
+#define SWIG_VERSION SWIGVERSION
+
+
+#define SWIG_as_voidptr(a) (void *)((const void *)(a))
+#define SWIG_as_voidptrptr(a) ((void)SWIG_as_voidptr(*a),(void**)(a))
+
+
+ #include "selinux/selinux.h"
+
+
+ #include "selinux/selinux.h"
+ #include "../include/selinux/avc.h"
+ #include "../include/selinux/selinux.h"
+ #include "../include/selinux/get_default_type.h"
+ #include "../include/selinux/get_context_list.h"
+
+
+ #define SWIG_From_long PyInt_FromLong
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_int (int value)
+{
+ return SWIG_From_long (value);
+}
+
+
+SWIGINTERN swig_type_info*
+SWIG_pchar_descriptor(void)
+{
+ static int init = 0;
+ static swig_type_info* info = 0;
+ if (!init) {
+ info = SWIG_TypeQuery("_p_char");
+ init = 1;
+ }
+ return info;
+}
+
+
+SWIGINTERN int
+SWIG_AsCharPtrAndSize(PyObject *obj, char** cptr, size_t* psize, int *alloc)
+{
+ if (PyString_Check(obj)) {
+ char *cstr; Py_ssize_t len;
+ PyString_AsStringAndSize(obj, &cstr, &len);
+ if (cptr) {
+ if (alloc) {
+ /*
+ In python the user should not be able to modify the inner
+ string representation. To warranty that, if you define
+ SWIG_PYTHON_SAFE_CSTRINGS, a new/copy of the python string
+ buffer is always returned.
+
+ The default behavior is just to return the pointer value,
+ so, be careful.
+ */
+#if defined(SWIG_PYTHON_SAFE_CSTRINGS)
+ if (*alloc != SWIG_OLDOBJ)
+#else
+ if (*alloc == SWIG_NEWOBJ)
+#endif
+ {
+ *cptr = (char *)memcpy((char *)malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
+ *alloc = SWIG_NEWOBJ;
+ }
+ else {
+ *cptr = cstr;
+ *alloc = SWIG_OLDOBJ;
+ }
+ } else {
+ *cptr = PyString_AsString(obj);
+ }
+ }
+ if (psize) *psize = len + 1;
+ return SWIG_OK;
+ } else {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ if (pchar_descriptor) {
+ void* vptr = 0;
+ if (SWIG_ConvertPtr(obj, &vptr, pchar_descriptor, 0) == SWIG_OK) {
+ if (cptr) *cptr = (char *) vptr;
+ if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
+ if (alloc) *alloc = SWIG_OLDOBJ;
+ return SWIG_OK;
+ }
+ }
+ }
+ return SWIG_TypeError;
+}
+
+
+
+
+
+#include <limits.h>
+#if !defined(SWIG_NO_LLONG_MAX)
+# if !defined(LLONG_MAX) && defined(__GNUC__) && defined (__LONG_LONG_MAX__)
+# define LLONG_MAX __LONG_LONG_MAX__
+# define LLONG_MIN (-LLONG_MAX - 1LL)
+# define ULLONG_MAX (LLONG_MAX * 2ULL + 1ULL)
+# endif
+#endif
+
+
+SWIGINTERN int
+SWIG_AsVal_double (PyObject *obj, double *val)
+{
+ int res = SWIG_TypeError;
+ if (PyFloat_Check(obj)) {
+ if (val) *val = PyFloat_AsDouble(obj);
+ return SWIG_OK;
+ } else if (PyInt_Check(obj)) {
+ if (val) *val = PyInt_AsLong(obj);
+ return SWIG_OK;
+ } else if (PyLong_Check(obj)) {
+ double v = PyLong_AsDouble(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ double d = PyFloat_AsDouble(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = d;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ long v = PyLong_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_AddCast(SWIG_OK));
+ } else {
+ PyErr_Clear();
+ }
+ }
+ }
+#endif
+ return res;
+}
+
+
+#include <float.h>
+
+
+#include <math.h>
+
+
+SWIGINTERNINLINE int
+SWIG_CanCastAsInteger(double *d, double min, double max) {
+ double x = *d;
+ if ((min <= x && x <= max)) {
+ double fx = floor(x);
+ double cx = ceil(x);
+ double rd = ((x - fx) < 0.5) ? fx : cx; /* simple rint */
+ if ((errno == EDOM) || (errno == ERANGE)) {
+ errno = 0;
+ } else {
+ double summ, reps, diff;
+ if (rd < x) {
+ diff = x - rd;
+ } else if (rd > x) {
+ diff = rd - x;
+ } else {
+ return 1;
+ }
+ summ = rd + x;
+ reps = diff/summ;
+ if (reps < 8*DBL_EPSILON) {
+ *d = rd;
+ return 1;
+ }
+ }
+ }
+ return 0;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_long (PyObject *obj, unsigned long *val)
+{
+ if (PyInt_Check(obj)) {
+ long v = PyInt_AsLong(obj);
+ if (v >= 0) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ return SWIG_OverflowError;
+ }
+ } else if (PyLong_Check(obj)) {
+ unsigned long v = PyLong_AsUnsignedLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ unsigned long v = PyLong_AsUnsignedLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ double d;
+ int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, 0, ULONG_MAX)) {
+ if (val) *val = (unsigned long)(d);
+ return res;
+ }
+ }
+ }
+#endif
+ return SWIG_TypeError;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_int (PyObject * obj, unsigned int *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v > UINT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (unsigned int)(v);
+ }
+ }
+ return res;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_long (PyObject *obj, long* val)
+{
+ if (PyInt_Check(obj)) {
+ if (val) *val = PyInt_AsLong(obj);
+ return SWIG_OK;
+ } else if (PyLong_Check(obj)) {
+ long v = PyLong_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_OK;
+ } else {
+ PyErr_Clear();
+ }
+ }
+#ifdef SWIG_PYTHON_CAST_MODE
+ {
+ int dispatch = 0;
+ long v = PyInt_AsLong(obj);
+ if (!PyErr_Occurred()) {
+ if (val) *val = v;
+ return SWIG_AddCast(SWIG_OK);
+ } else {
+ PyErr_Clear();
+ }
+ if (!dispatch) {
+ double d;
+ int res = SWIG_AddCast(SWIG_AsVal_double (obj,&d));
+ if (SWIG_IsOK(res) && SWIG_CanCastAsInteger(&d, LONG_MIN, LONG_MAX)) {
+ if (val) *val = (long)(d);
+ return res;
+ }
+ }
+ }
+#endif
+ return SWIG_TypeError;
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_int (PyObject * obj, int *val)
+{
+ long v;
+ int res = SWIG_AsVal_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v < INT_MIN || v > INT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (int)(v);
+ }
+ }
+ return res;
+}
+
+
+SWIGINTERNINLINE PyObject*
+SWIG_From_unsigned_SS_long (unsigned long value)
+{
+ return (value > LONG_MAX) ?
+ PyLong_FromUnsignedLong(value) : PyInt_FromLong((long)(value));
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_unsigned_SS_int (unsigned int value)
+{
+ return SWIG_From_unsigned_SS_long (value);
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtrAndSize(const char* carray, size_t size)
+{
+ if (carray) {
+ if (size > INT_MAX) {
+ swig_type_info* pchar_descriptor = SWIG_pchar_descriptor();
+ return pchar_descriptor ?
+ SWIG_NewPointerObj((char *)(carray), pchar_descriptor, 0) : SWIG_Py_Void();
+ } else {
+ return PyString_FromStringAndSize(carray, (int)(size));
+ }
+ } else {
+ return SWIG_Py_Void();
+ }
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_FromCharPtr(const char *cptr)
+{
+ return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
+}
+
+
+SWIGINTERN int
+SWIG_AsVal_unsigned_SS_short (PyObject * obj, unsigned short *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, &v);
+ if (SWIG_IsOK(res)) {
+ if ((v > USHRT_MAX)) {
+ return SWIG_OverflowError;
+ } else {
+ if (val) *val = (unsigned short)(v);
+ }
+ }
+ return res;
+}
+
+
+SWIGINTERNINLINE int
+SWIG_AsVal_size_t (PyObject * obj, size_t *val)
+{
+ unsigned long v;
+ int res = SWIG_AsVal_unsigned_SS_long (obj, val ? &v : 0);
+ if (SWIG_IsOK(res) && val) *val = (size_t)(v);
+ return res;
+}
+
+
+SWIGINTERNINLINE PyObject *
+SWIG_From_unsigned_SS_short (unsigned short value)
+{
+ return SWIG_From_unsigned_SS_long (value);
+}
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+SWIGINTERN PyObject *_wrap_is_selinux_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":is_selinux_enabled")) SWIG_fail;
+ result = (int)is_selinux_enabled();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_is_selinux_mls_enabled(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":is_selinux_mls_enabled")) SWIG_fail;
+ result = (int)is_selinux_mls_enabled();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getcon")) SWIG_fail;
+ result = (int)getcon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getcon_raw")) SWIG_fail;
+ result = (int)getcon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setcon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setcon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setcon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setcon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setcon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpidcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ pid_t arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpidcon",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon" "', argument " "1"" of type '" "pid_t""'");
+ }
+ arg1 = (pid_t)(val1);
+ result = (int)getpidcon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpidcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ pid_t arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpidcon_raw",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpidcon_raw" "', argument " "1"" of type '" "pid_t""'");
+ }
+ arg1 = (pid_t)(val1);
+ result = (int)getpidcon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getprevcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getprevcon")) SWIG_fail;
+ result = (int)getprevcon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getprevcon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getprevcon_raw")) SWIG_fail;
+ result = (int)getprevcon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getexeccon")) SWIG_fail;
+ result = (int)getexeccon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getexeccon_raw")) SWIG_fail;
+ result = (int)getexeccon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setexeccon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setexeccon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setexeccon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setexeccon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setexeccon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setexeccon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setexeccon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getfscreatecon")) SWIG_fail;
+ result = (int)getfscreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getfscreatecon_raw")) SWIG_fail;
+ result = (int)getfscreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfscreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setfscreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfscreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setfscreatecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfscreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setfscreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getkeycreatecon")) SWIG_fail;
+ result = (int)getkeycreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getkeycreatecon_raw")) SWIG_fail;
+ result = (int)getkeycreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setkeycreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setkeycreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setkeycreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setkeycreatecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setkeycreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setkeycreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon")) SWIG_fail;
+ result = (int)getsockcreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":getsockcreatecon_raw")) SWIG_fail;
+ result = (int)getsockcreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setsockcreatecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setsockcreatecon(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setsockcreatecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:setsockcreatecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setsockcreatecon_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)setsockcreatecon_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getfilecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)getfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getfilecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)getfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lgetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:lgetfilecon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lgetfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)lgetfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lgetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:lgetfilecon_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lgetfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)lgetfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fgetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:fgetfilecon",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fgetfilecon" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)fgetfilecon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fgetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:fgetfilecon_raw",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fgetfilecon_raw" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)fgetfilecon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:setfilecon",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "setfilecon" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)setfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_setfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:setfilecon_raw",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "setfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "setfilecon_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)setfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lsetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:lsetfilecon",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lsetfilecon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "lsetfilecon" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)lsetfilecon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_lsetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:lsetfilecon_raw",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "lsetfilecon_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "lsetfilecon_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)lsetfilecon_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fsetfilecon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:fsetfilecon",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fsetfilecon" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fsetfilecon" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)fsetfilecon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_fsetfilecon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:fsetfilecon_raw",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "fsetfilecon_raw" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "fsetfilecon_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)fsetfilecon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpeercon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpeercon",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpeercon" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)getpeercon(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getpeercon_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:getpeercon_raw",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "getpeercon_raw" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)getpeercon_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_allowed_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_allowed_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_allowed_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_allowed_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->allowed = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_allowed_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_allowed_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_allowed_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->allowed);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_decided_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_decided_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_decided_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_decided_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->decided = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_decided_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_decided_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_decided_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->decided);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditallow_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_auditallow_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditallow_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_auditallow_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->auditallow = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditallow_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_auditallow_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditallow_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->auditallow);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditdeny_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_auditdeny_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditdeny_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_auditdeny_set" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ if (arg1) (arg1)->auditdeny = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_auditdeny_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ access_vector_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_auditdeny_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_auditdeny_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (access_vector_t) ((arg1)->auditdeny);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_seqno_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:av_decision_seqno_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_seqno_set" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "av_decision_seqno_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->seqno = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_av_decision_seqno_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:av_decision_seqno_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "av_decision_seqno_get" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ result = (unsigned int) ((arg1)->seqno);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_av_decision(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_av_decision")) SWIG_fail;
+ result = (struct av_decision *)(struct av_decision *) calloc(1, sizeof(struct av_decision));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_av_decision, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_av_decision(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct av_decision *arg1 = (struct av_decision *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_av_decision",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_av_decision, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_av_decision" "', argument " "1"" of type '" "struct av_decision *""'");
+ }
+ arg1 = (struct av_decision *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *av_decision_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_av_decision, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_opt_type_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_opt_type_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_type_set" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "selinux_opt_type_set" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ if (arg1) (arg1)->type = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_opt_type_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_opt_type_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_type_get" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ result = (int) ((arg1)->type);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_opt_value_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_opt_value_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_value_set" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_opt_value_set" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ if (arg2) {
+ size_t size = strlen((const char *)((const char *)(arg2))) + 1;
+ arg1->value = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size));
+ } else {
+ arg1->value = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_opt_value_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_opt_value_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_opt_value_get" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ result = (char *) ((arg1)->value);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_selinux_opt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_selinux_opt")) SWIG_fail;
+ result = (struct selinux_opt *)(struct selinux_opt *) calloc(1, sizeof(struct selinux_opt));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_opt, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_selinux_opt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_selinux_opt",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_selinux_opt" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *selinux_opt_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_selinux_opt, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_log_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*arg2)(int,char const *,...) = (int (*)(int,char const *,...)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_log_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_log_set" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_int_p_q_const__char_v_______int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_log_set" "', argument " "2"" of type '" "int (*)(int,char const *,...)""'");
+ }
+ }
+ if (arg1) (arg1)->func_log = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_log_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*result)(int,char const *,...) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_log_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_log_get" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ result = (int (*)(int,char const *,...)) ((arg1)->func_log);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_int_p_q_const__char_v_______int);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_audit_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*arg2)(void *,security_class_t,char *,size_t) = (int (*)(void *,security_class_t,char *,size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_audit_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_audit_set" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_audit_set" "', argument " "2"" of type '" "int (*)(void *,security_class_t,char *,size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_audit = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_audit_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*result)(void *,security_class_t,char *,size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_audit_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_audit_get" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ result = (int (*)(void *,security_class_t,char *,size_t)) ((arg1)->func_audit);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__int);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_validate_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*arg2)(security_context_t *) = (int (*)(security_context_t *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_callback_func_validate_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_validate_set" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_p_char__int);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "selinux_callback_func_validate_set" "', argument " "2"" of type '" "int (*)(security_context_t *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_validate = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_callback_func_validate_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ int (*result)(security_context_t *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_callback_func_validate_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_callback_func_validate_get" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ result = (int (*)(security_context_t *)) ((arg1)->func_validate);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_p_char__int);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_selinux_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_selinux_callback")) SWIG_fail;
+ result = (union selinux_callback *)(union selinux_callback *) calloc(1, sizeof(union selinux_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_selinux_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_selinux_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ union selinux_callback *arg1 = (union selinux_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_selinux_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_selinux_callback" "', argument " "1"" of type '" "union selinux_callback *""'");
+ }
+ arg1 = (union selinux_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *selinux_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_selinux_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_get_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ union selinux_callback result;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_get_callback",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_get_callback" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = selinux_get_callback(arg1);
+ resultobj = SWIG_NewPointerObj((union selinux_callback *)memcpy((union selinux_callback *)malloc(sizeof(union selinux_callback)),&result,sizeof(union selinux_callback)), SWIGTYPE_p_selinux_callback, SWIG_POINTER_OWN | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_set_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ union selinux_callback arg2 ;
+ int val1 ;
+ int ecode1 = 0 ;
+ void *argp2 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_set_callback",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_set_callback" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ {
+ res2 = SWIG_ConvertPtr(obj1, &argp2, SWIGTYPE_p_selinux_callback, 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_set_callback" "', argument " "2"" of type '" "union selinux_callback""'");
+ }
+ if (!argp2) {
+ SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "selinux_set_callback" "', argument " "2"" of type '" "union selinux_callback""'");
+ } else {
+ arg2 = *((union selinux_callback *)(argp2));
+ }
+ }
+ selinux_set_callback(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_av(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct av_decision *arg5 = (struct av_decision *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_av" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "security_compute_av" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "security_compute_av" "', argument " "5"" of type '" "struct av_decision *""'");
+ }
+ arg5 = (struct av_decision *)(argp5);
+ result = (int)security_compute_av(arg1,arg2,arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_av_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct av_decision *arg5 = (struct av_decision *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOO:security_compute_av_raw",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_av_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_av_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_av_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "security_compute_av_raw" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "security_compute_av_raw" "', argument " "5"" of type '" "struct av_decision *""'");
+ }
+ arg5 = (struct av_decision *)(argp5);
+ result = (int)security_compute_av_raw(arg1,arg2,arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_create" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_create(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_create_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_create_raw",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_create_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_create_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_create_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_create_raw(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_relabel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_relabel" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_relabel(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_relabel_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_relabel_raw",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_relabel_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_relabel_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_relabel_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_relabel_raw(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_member(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_member" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_member(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_member_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_class_t arg3 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_compute_member_raw",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_member_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_member_raw" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_compute_member_raw" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)security_compute_member_raw(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_user(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t **arg3 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t *temp3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_user" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)security_compute_user(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*arg3) {
+ while((*arg3)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_compute_user_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t **arg3 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t *temp3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_compute_user_raw",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_compute_user_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_compute_user_raw" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)security_compute_user_raw(arg1,(char const *)arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i, len = 0;
+
+ if (*arg3) {
+ while((*arg3)[len])
+ len++;
+ plist = PyList_New(len);
+ for (i = 0; i < len; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+
+ resultobj = SWIG_Python_AppendOutput(resultobj, plist);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_load_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ void *arg1 = (void *) 0 ;
+ size_t arg2 ;
+ int result;
+ int res1 ;
+ size_t val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_load_policy",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0,SWIG_as_voidptrptr(&arg1), 0, 0);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_load_policy" "', argument " "1"" of type '" "void *""'");
+ }
+ ecode2 = SWIG_AsVal_size_t(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_load_policy" "', argument " "2"" of type '" "size_t""'");
+ }
+ arg2 = (size_t)(val2);
+ result = (int)security_load_policy(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_initial_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_initial_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_initial_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_initial_context((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_initial_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_initial_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_initial_context_raw" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_initial_context_raw((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_mkload_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_mkload_policy",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_mkload_policy" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)selinux_mkload_policy(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_init_load_policy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int *arg1 = (int *) 0 ;
+ int result;
+ int temp1 ;
+ int res1 = SWIG_TMPOBJ ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":selinux_init_load_policy")) SWIG_fail;
+ result = (int)selinux_init_load_policy(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res1)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg1)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res1) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg1), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_name_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:SELboolean_name_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_name_set" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "SELboolean_name_set" "', argument " "2"" of type '" "char *""'");
+ }
+ arg2 = (char *)(buf2);
+ if (arg1->name) free((char*)arg1->name);
+ if (arg2) {
+ size_t size = strlen((const char *)(arg2)) + 1;
+ arg1->name = (char *)(char *)memcpy((char *)malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
+ } else {
+ arg1->name = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_name_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:SELboolean_name_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_name_get" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ result = (char *) ((arg1)->name);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_value_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:SELboolean_value_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_value_set" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "SELboolean_value_set" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ if (arg1) (arg1)->value = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_SELboolean_value_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:SELboolean_value_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "SELboolean_value_get" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ result = (int) ((arg1)->value);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_SELboolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_SELboolean")) SWIG_fail;
+ result = (SELboolean *)(SELboolean *) calloc(1, sizeof(SELboolean));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_SELboolean, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_SELboolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ SELboolean *arg1 = (SELboolean *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_SELboolean",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_SELboolean, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_SELboolean" "', argument " "1"" of type '" "SELboolean *""'");
+ }
+ arg1 = (SELboolean *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *SELboolean_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_SELboolean, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_security_set_boolean_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ size_t arg1 ;
+ SELboolean *arg2 = (SELboolean *) 0 ;
+ int arg3 ;
+ int result;
+ size_t val1 ;
+ int ecode1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ int val3 ;
+ int ecode3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:security_set_boolean_list",&obj0,&obj1,&obj2)) SWIG_fail;
+ ecode1 = SWIG_AsVal_size_t(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_set_boolean_list" "', argument " "1"" of type '" "size_t""'");
+ }
+ arg1 = (size_t)(val1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_SELboolean, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_set_boolean_list" "', argument " "2"" of type '" "SELboolean *""'");
+ }
+ arg2 = (SELboolean *)(argp2);
+ ecode3 = SWIG_AsVal_int(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "security_set_boolean_list" "', argument " "3"" of type '" "int""'");
+ }
+ arg3 = (int)(val3);
+ result = (int)security_set_boolean_list(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_load_booleans(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_load_booleans",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_load_booleans" "', argument " "1"" of type '" "char *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_load_booleans(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_check_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_check_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_check_context(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_check_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_check_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_check_context_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_check_context_raw(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_canonicalize_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_canonicalize_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_canonicalize_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:security_canonicalize_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_canonicalize_context_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)security_canonicalize_context_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_getenforce(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_getenforce")) SWIG_fail;
+ result = (int)security_getenforce();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_setenforce(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int arg1 ;
+ int result;
+ int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_setenforce",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_setenforce" "', argument " "1"" of type '" "int""'");
+ }
+ arg1 = (int)(val1);
+ result = (int)security_setenforce(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_disable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_disable")) SWIG_fail;
+ result = (int)security_disable();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_policyvers(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_policyvers")) SWIG_fail;
+ result = (int)security_policyvers();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_boolean_names(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char ***arg1 = (char ***) 0 ;
+ int *arg2 = (int *) 0 ;
+ int result;
+ char **temp11 ;
+ int temp21 ;
+
+ {
+ arg1 = &temp11;
+ arg2 = &temp21;
+ }
+ if (!PyArg_ParseTuple(args,(char *)":security_get_boolean_names")) SWIG_fail;
+ result = (int)security_get_boolean_names(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* list = PyList_New(*arg2);
+ int i;
+ for (i = 0; i < *arg2; i++) {
+ PyList_SetItem(list, i, PyString_FromString((*arg1)[i]));
+ }
+ resultobj = SWIG_Python_AppendOutput(resultobj, list);
+ }
+ {
+ int i;
+ if (*arg1) {
+ for (i = 0; i < *arg2; i++) {
+ free((*arg1)[i]);
+ }
+ free(*arg1);
+ }
+ }
+ return resultobj;
+fail:
+ {
+ int i;
+ if (*arg1) {
+ for (i = 0; i < *arg2; i++) {
+ free((*arg1)[i]);
+ }
+ free(*arg1);
+ }
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_boolean_pending(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_boolean_pending",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_pending" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_boolean_pending((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_get_boolean_active(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_get_boolean_active",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_get_boolean_active" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)security_get_boolean_active((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_set_boolean(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int arg2 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_set_boolean",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_set_boolean" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_set_boolean" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ result = (int)security_set_boolean((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_commit_booleans(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":security_commit_booleans")) SWIG_fail;
+ result = (int)security_commit_booleans();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_name_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char *arg2 = (char *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_class_mapping_name_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_name_set" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_class_mapping_name_set" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ if (arg2) {
+ size_t size = strlen((const char *)((const char *)(arg2))) + 1;
+ arg1->name = (char const *)(char *)memcpy((char *)malloc((size)*sizeof(char)), arg2, sizeof(char)*(size));
+ } else {
+ arg1->name = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_name_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_class_mapping_name_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_name_get" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ result = (char *) ((arg1)->name);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_perms_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char **arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_class_mapping_perms_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_perms_set" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_p_char, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_class_mapping_perms_set" "', argument " "2"" of type '" "char const *[sizeof(access_vector_t)*8+1]""'");
+ }
+ arg2 = (char **)(argp2);
+ {
+ if (arg2) {
+ size_t ii = 0;
+ for (; ii < (size_t)sizeof(access_vector_t)*8+1; ++ii) arg1->perms[ii] = arg2[ii];
+ } else {
+ SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in variable '""perms""' of type '""char const *[sizeof(access_vector_t)*8+1]""'");
+ }
+ }
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_mapping_perms_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ char **result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_class_mapping_perms_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_class_mapping_perms_get" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ result = (char **)(char **) ((arg1)->perms);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_p_char, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_security_class_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_security_class_mapping")) SWIG_fail;
+ result = (struct security_class_mapping *)(struct security_class_mapping *) calloc(1, sizeof(struct security_class_mapping));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_class_mapping, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_security_class_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_security_class_mapping",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_security_class_mapping" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *security_class_mapping_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_security_class_mapping, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_selinux_set_mapping(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_class_mapping *arg1 = (struct security_class_mapping *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_set_mapping",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_class_mapping, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_set_mapping" "', argument " "1"" of type '" "struct security_class_mapping *""'");
+ }
+ arg1 = (struct security_class_mapping *)(argp1);
+ result = (int)selinux_set_mapping(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_string_to_security_class(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_class_t result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:string_to_security_class",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "string_to_security_class" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (security_class_t)string_to_security_class((char const *)arg1);
+ resultobj = SWIG_From_unsigned_SS_short((unsigned short)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_class_to_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ char *result = 0 ;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_class_to_string",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_class_to_string" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ result = (char *)security_class_to_string(arg1);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_av_perm_to_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ access_vector_t arg2 ;
+ char *result = 0 ;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_av_perm_to_string",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_av_perm_to_string" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_av_perm_to_string" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ result = (char *)security_av_perm_to_string(arg1,arg2);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_string_to_av_perm(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ char *arg2 = (char *) 0 ;
+ access_vector_t result;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:string_to_av_perm",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "string_to_av_perm" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "string_to_av_perm" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (access_vector_t)string_to_av_perm(arg1,(char const *)arg2);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_av_string(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ access_vector_t arg2 ;
+ char **arg3 = (char **) 0 ;
+ int result;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ char *temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_av_string",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "security_av_string" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_av_string" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ result = (int)security_av_string(arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_print_access_vector(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_class_t arg1 ;
+ access_vector_t arg2 ;
+ unsigned short val1 ;
+ int ecode1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:print_access_vector",&obj0,&obj1)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_short(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "print_access_vector" "', argument " "1"" of type '" "security_class_t""'");
+ }
+ arg1 = (security_class_t)(val1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "print_access_vector" "', argument " "2"" of type '" "access_vector_t""'");
+ }
+ arg2 = (access_vector_t)(val2);
+ print_access_vector(arg1,arg2);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_set_matchpathcon_flags(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ unsigned int arg1 ;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:set_matchpathcon_flags",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "set_matchpathcon_flags" "', argument " "1"" of type '" "unsigned int""'");
+ }
+ arg1 = (unsigned int)(val1);
+ set_matchpathcon_flags(arg1);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:matchpathcon_init",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)matchpathcon_init((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_init_prefix(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon_init_prefix",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_init_prefix" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "matchpathcon_init_prefix" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ result = (int)matchpathcon_init_prefix((char const *)arg1,(char const *)arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_fini(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":matchpathcon_fini")) SWIG_fail;
+ matchpathcon_fini();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ mode_t arg2 ;
+ security_context_t *arg3 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ security_context_t temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon" "', argument " "2"" of type '" "mode_t""'");
+ }
+ arg2 = (mode_t)(val2);
+ result = (int)matchpathcon((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ freecon(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_index(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ mode_t arg2 ;
+ security_context_t *arg3 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ security_context_t temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:matchpathcon_index",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_index" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon_index" "', argument " "2"" of type '" "mode_t""'");
+ }
+ arg2 = (mode_t)(val2);
+ result = (int)matchpathcon_index((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ freecon(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_filespec_add(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ ino_t arg1 ;
+ int arg2 ;
+ char *arg3 = (char *) 0 ;
+ int result;
+ void *argp1 ;
+ int res1 = 0 ;
+ int val2 ;
+ int ecode2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOO:matchpathcon_filespec_add",&obj0,&obj1,&obj2)) SWIG_fail;
+ {
+ res1 = SWIG_ConvertPtr(obj0, &argp1, SWIGTYPE_p_ino_t, 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_filespec_add" "', argument " "1"" of type '" "ino_t""'");
+ }
+ if (!argp1) {
+ SWIG_exception_fail(SWIG_ValueError, "invalid null reference " "in method '" "matchpathcon_filespec_add" "', argument " "1"" of type '" "ino_t""'");
+ } else {
+ arg1 = *((ino_t *)(argp1));
+ }
+ }
+ ecode2 = SWIG_AsVal_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "matchpathcon_filespec_add" "', argument " "2"" of type '" "int""'");
+ }
+ arg2 = (int)(val2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "matchpathcon_filespec_add" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ result = (int)matchpathcon_filespec_add(arg1,arg2,(char const *)arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_filespec_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":matchpathcon_filespec_destroy")) SWIG_fail;
+ matchpathcon_filespec_destroy();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_filespec_eval(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":matchpathcon_filespec_eval")) SWIG_fail;
+ matchpathcon_filespec_eval();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchpathcon_checkmatches(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:matchpathcon_checkmatches",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchpathcon_checkmatches" "', argument " "1"" of type '" "char *""'");
+ }
+ arg1 = (char *)(buf1);
+ matchpathcon_checkmatches(arg1);
+ resultobj = SWIG_Py_Void();
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_matchmediacon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:matchmediacon",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "matchmediacon" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)matchmediacon((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_getenforcemode(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int *arg1 = (int *) 0 ;
+ int result;
+ int temp1 ;
+ int res1 = SWIG_TMPOBJ ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":selinux_getenforcemode")) SWIG_fail;
+ result = (int)selinux_getenforcemode(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (SWIG_IsTmpObj(res1)) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_From_int((*arg1)));
+ } else {
+ int new_flags = SWIG_IsNewObj(res1) ? (SWIG_POINTER_OWN | 0 ) : 0 ;
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj((void*)(arg1), SWIGTYPE_p_int, new_flags));
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_getpolicytype(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char **arg1 = (char **) 0 ;
+ int result;
+ char *temp1 = 0 ;
+
+ arg1 = &temp1;
+ if (!PyArg_ParseTuple(args,(char *)":selinux_getpolicytype")) SWIG_fail;
+ result = (int)selinux_getpolicytype(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ free(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_policy_root(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_policy_root")) SWIG_fail;
+ result = (char *)selinux_policy_root();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_binary_policy_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_binary_policy_path")) SWIG_fail;
+ result = (char *)selinux_binary_policy_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_failsafe_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_failsafe_context_path")) SWIG_fail;
+ result = (char *)selinux_failsafe_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_removable_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_removable_context_path")) SWIG_fail;
+ result = (char *)selinux_removable_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_default_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_default_context_path")) SWIG_fail;
+ result = (char *)selinux_default_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_user_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_user_contexts_path")) SWIG_fail;
+ result = (char *)selinux_user_contexts_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_path")) SWIG_fail;
+ result = (char *)selinux_file_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_homedir_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_homedir_path")) SWIG_fail;
+ result = (char *)selinux_file_context_homedir_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_local_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_file_context_local_path")) SWIG_fail;
+ result = (char *)selinux_file_context_local_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_homedir_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_homedir_context_path")) SWIG_fail;
+ result = (char *)selinux_homedir_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_media_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_media_context_path")) SWIG_fail;
+ result = (char *)selinux_media_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_x_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_x_context_path")) SWIG_fail;
+ result = (char *)selinux_x_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_contexts_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_contexts_path")) SWIG_fail;
+ result = (char *)selinux_contexts_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_securetty_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_securetty_types_path")) SWIG_fail;
+ result = (char *)selinux_securetty_types_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_booleans_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_booleans_path")) SWIG_fail;
+ result = (char *)selinux_booleans_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_customizable_types_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_customizable_types_path")) SWIG_fail;
+ result = (char *)selinux_customizable_types_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_users_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_users_path")) SWIG_fail;
+ result = (char *)selinux_users_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_usersconf_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_usersconf_path")) SWIG_fail;
+ result = (char *)selinux_usersconf_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_translations_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_translations_path")) SWIG_fail;
+ result = (char *)selinux_translations_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_netfilter_context_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_netfilter_context_path")) SWIG_fail;
+ result = (char *)selinux_netfilter_context_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_path")) SWIG_fail;
+ result = (char *)selinux_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_check_passwd_access(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ access_vector_t arg1 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_passwd_access",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "selinux_check_passwd_access" "', argument " "1"" of type '" "access_vector_t""'");
+ }
+ arg1 = (access_vector_t)(val1);
+ result = (int)selinux_check_passwd_access(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_checkPasswdAccess(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ access_vector_t arg1 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:checkPasswdAccess",&obj0)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "checkPasswdAccess" "', argument " "1"" of type '" "access_vector_t""'");
+ }
+ arg1 = (access_vector_t)(val1);
+ result = (int)checkPasswdAccess(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_check_securetty_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_check_securetty_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_check_securetty_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_check_securetty_context(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_set_selinuxmnt(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:set_selinuxmnt",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "set_selinuxmnt" "', argument " "1"" of type '" "char *""'");
+ }
+ arg1 = (char *)(buf1);
+ set_selinuxmnt(arg1);
+ resultobj = SWIG_Py_Void();
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_rpm_execcon(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ unsigned int arg1 ;
+ char *arg2 = (char *) 0 ;
+ char **arg3 ;
+ char **arg4 ;
+ int result;
+ unsigned int val1 ;
+ int ecode1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:rpm_execcon",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ ecode1 = SWIG_AsVal_unsigned_SS_int(obj0, &val1);
+ if (!SWIG_IsOK(ecode1)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode1), "in method '" "rpm_execcon" "', argument " "1"" of type '" "unsigned int""'");
+ }
+ arg1 = (unsigned int)(val1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "rpm_execcon" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check(obj2)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size(obj2);
+
+ arg3 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem(obj2, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem(obj2, i);
+ arg3[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy(arg3[i], PyString_AsString(s));
+ }
+ arg3[size] = NULL;
+ }
+ {
+ int i, size;
+ PyObject * s;
+
+ if (!PySequence_Check(obj3)) {
+ PyErr_SetString(PyExc_ValueError, "Expected a sequence");
+ return NULL;
+ }
+
+ size = PySequence_Size(obj3);
+
+ arg4 = (char**) malloc(size + 1);
+
+ for(i = 0; i < size; i++) {
+ if (!PyString_Check(PySequence_GetItem(obj3, i))) {
+ PyErr_SetString(PyExc_ValueError, "Sequence must contain only strings");
+ return NULL;
+ }
+ }
+
+ for(i = 0; i < size; i++) {
+ s = PySequence_GetItem(obj3, i);
+ arg4[i] = (char*) malloc(PyString_Size(s) + 1);
+ strcpy(arg4[i], PyString_AsString(s));
+ }
+ arg4[size] = NULL;
+ }
+ result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ int i = 0;
+ while(arg3[i]) {
+ free(arg3[i]);
+ i++;
+ }
+ free(arg3);
+ }
+ {
+ int i = 0;
+ while(arg4[i]) {
+ free(arg4[i]);
+ i++;
+ }
+ free(arg4);
+ }
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ int i = 0;
+ while(arg3[i]) {
+ free(arg3[i]);
+ i++;
+ }
+ free(arg3);
+ }
+ {
+ int i = 0;
+ while(arg4[i]) {
+ free(arg4[i]);
+ i++;
+ }
+ free(arg4);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_is_context_customizable(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:is_context_customizable",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "is_context_customizable" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)is_context_customizable(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_trans_to_raw_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_trans_to_raw_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_trans_to_raw_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_trans_to_raw_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_raw_to_trans_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_raw_to_trans_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_raw_to_trans_context" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)selinux_raw_to_trans_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_getseuserbyname(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char **arg2 = (char **) 0 ;
+ char **arg3 = (char **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ char *temp2 = 0 ;
+ char *temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"O:getseuserbyname",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "getseuserbyname" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)getseuserbyname((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ free(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ free(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_cmp(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) (security_context_t)0 ;
+ security_context_t arg2 = (security_context_t) (security_context_t)0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_file_context_cmp",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_file_context_cmp" "', argument " "1"" of type '" "security_context_t const""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "selinux_file_context_cmp" "', argument " "2"" of type '" "security_context_t const""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)selinux_file_context_cmp(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_file_context_verify(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ mode_t arg2 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:selinux_file_context_verify",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_file_context_verify" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "selinux_file_context_verify" "', argument " "2"" of type '" "mode_t""'");
+ }
+ arg2 = (mode_t)(val2);
+ result = (int)selinux_file_context_verify((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_lsetfilecon_default(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:selinux_lsetfilecon_default",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "selinux_lsetfilecon_default" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)selinux_lsetfilecon_default((char const *)arg1);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_ctx_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_id_ctx_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_set" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "security_id_ctx_set" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ if (arg1->ctx) free((char*)arg1->ctx);
+ if (arg2) {
+ size_t size = strlen((const char *)(arg2)) + 1;
+ arg1->ctx = (security_context_t)(char *)memcpy((char *)malloc((size)*sizeof(char)), (const char *)(arg2), sizeof(char)*(size));
+ } else {
+ arg1->ctx = 0;
+ }
+ resultobj = SWIG_Py_Void();
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_ctx_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ security_context_t result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_id_ctx_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_ctx_get" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ result = (security_context_t) ((arg1)->ctx);
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_refcnt_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:security_id_refcnt_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_set" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "security_id_refcnt_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->refcnt = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_security_id_refcnt_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:security_id_refcnt_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "security_id_refcnt_get" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ result = (unsigned int) ((arg1)->refcnt);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_security_id")) SWIG_fail;
+ result = (struct security_id *)(struct security_id *) calloc(1, sizeof(struct security_id));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_security_id, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_security_id(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct security_id *arg1 = (struct security_id *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_security_id",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_security_id" "', argument " "1"" of type '" "struct security_id *""'");
+ }
+ arg1 = (struct security_id *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *security_id_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_security_id, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_sid_to_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)avc_sid_to_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_sid_to_context_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_sid_to_context_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_sid_to_context_raw" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)avc_sid_to_context_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_context_to_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)avc_context_to_sid(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_context_to_sid_raw(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t arg1 = (security_context_t) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_context_to_sid_raw",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_context_to_sid_raw" "', argument " "1"" of type '" "security_context_t""'");
+ }
+ arg1 = (security_context_t)(buf1);
+ result = (int)avc_context_to_sid_raw(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_sidget(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:sidget",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidget" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)sidget(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_sidput(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:sidput",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "sidput" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ result = (int)sidput(arg1);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_get_initial_sid(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_id_t *arg2 = (security_id_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_id_t temp2 ;
+ PyObject * obj0 = 0 ;
+
+ {
+ arg2 = &temp2;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_get_initial_sid",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_get_initial_sid" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)avc_get_initial_sid((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_NewPointerObj(*arg2, SWIGTYPE_p_security_id, 0));
+ } else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ struct avc_entry *arg2 = (struct avc_entry *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_entry_ref_ae_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_set" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_avc_entry, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_entry_ref_ae_set" "', argument " "2"" of type '" "struct avc_entry *""'");
+ }
+ arg2 = (struct avc_entry *)(argp2);
+ if (arg1) (arg1)->ae = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_entry_ref_ae_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ struct avc_entry *result = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_entry_ref_ae_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_entry_ref_ae_get" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ result = (struct avc_entry *) ((arg1)->ae);
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry, 0 | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_entry_ref")) SWIG_fail;
+ result = (struct avc_entry_ref *)(struct avc_entry_ref *) calloc(1, sizeof(struct avc_entry_ref));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_entry_ref(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_entry_ref *arg1 = (struct avc_entry_ref *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_entry_ref",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_entry_ref, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_entry_ref" "', argument " "1"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg1 = (struct avc_entry_ref *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_entry_ref_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_entry_ref, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *(*arg2)(size_t) = (void *(*)(size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_malloc_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_size_t__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_malloc_set" "', argument " "2"" of type '" "void *(*)(size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_malloc = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_malloc_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *(*result)(size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_malloc_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_malloc_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ result = (void *(*)(size_t)) ((arg1)->func_malloc);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_size_t__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_memory_callback_func_free_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_set" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_memory_callback_func_free_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_free = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_memory_callback_func_free_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_memory_callback_func_free_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_memory_callback_func_free_get" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_free);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_memory_callback")) SWIG_fail;
+ result = (struct avc_memory_callback *)(struct avc_memory_callback *) calloc(1, sizeof(struct avc_memory_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_memory_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_memory_callback *arg1 = (struct avc_memory_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_memory_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_memory_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_memory_callback" "', argument " "1"" of type '" "struct avc_memory_callback *""'");
+ }
+ arg1 = (struct avc_memory_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_memory_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_memory_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*arg2)(char const *,...) = (void (*)(char const *,...)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_log_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_set" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_q_const__char_v_______void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_log_set" "', argument " "2"" of type '" "void (*)(char const *,...)""'");
+ }
+ }
+ if (arg1) (arg1)->func_log = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_log_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*result)(char const *,...) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_log_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_log_get" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ result = (void (*)(char const *,...)) ((arg1)->func_log);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_q_const__char_v_______void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*arg2)(void *,security_class_t,char *,size_t) = (void (*)(void *,security_class_t,char *,size_t)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_log_callback_func_audit_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_set" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_log_callback_func_audit_set" "', argument " "2"" of type '" "void (*)(void *,security_class_t,char *,size_t)""'");
+ }
+ }
+ if (arg1) (arg1)->func_audit = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_log_callback_func_audit_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void (*result)(void *,security_class_t,char *,size_t) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_log_callback_func_audit_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_log_callback_func_audit_get" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ result = (void (*)(void *,security_class_t,char *,size_t)) ((arg1)->func_audit);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void_unsigned_short_p_char_size_t__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_log_callback")) SWIG_fail;
+ result = (struct avc_log_callback *)(struct avc_log_callback *) calloc(1, sizeof(struct avc_log_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_log_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_log_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_log_callback *arg1 = (struct avc_log_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_log_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_log_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_log_callback" "', argument " "1"" of type '" "struct avc_log_callback *""'");
+ }
+ arg1 = (struct avc_log_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_log_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_log_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *(*arg2)(void (*)(void)) = (void *(*)(void (*)(void))) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_create_thread_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_f_void__void__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_create_thread_set" "', argument " "2"" of type '" "void *(*)(void (*)(void))""'");
+ }
+ }
+ if (arg1) (arg1)->func_create_thread = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_create_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *(*result)(void (*)(void)) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_create_thread_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_create_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ result = (void *(*)(void (*)(void))) ((arg1)->func_create_thread);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_f_void__void__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_thread_callback_func_stop_thread_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_thread_callback_func_stop_thread_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_stop_thread = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_thread_callback_func_stop_thread_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_thread_callback_func_stop_thread_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_thread_callback_func_stop_thread_get" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_stop_thread);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_thread_callback")) SWIG_fail;
+ result = (struct avc_thread_callback *)(struct avc_thread_callback *) calloc(1, sizeof(struct avc_thread_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_thread_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_thread_callback *arg1 = (struct avc_thread_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_thread_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_thread_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_thread_callback" "', argument " "1"" of type '" "struct avc_thread_callback *""'");
+ }
+ arg1 = (struct avc_thread_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_thread_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_thread_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *(*arg2)(void) = (void *(*)(void)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_alloc_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_void__p_void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_alloc_lock_set" "', argument " "2"" of type '" "void *(*)(void)""'");
+ }
+ }
+ if (arg1) (arg1)->func_alloc_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_alloc_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *(*result)(void) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_alloc_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_alloc_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void *(*)(void)) ((arg1)->func_alloc_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_void__p_void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_get_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_get_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_get_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_get_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_get_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_get_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_get_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_release_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_release_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_release_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_release_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_release_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_release_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_release_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*arg2)(void *) = (void (*)(void *)) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_lock_callback_func_free_lock_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ {
+ int res = SWIG_ConvertFunctionPtr(obj1, (void**)(&arg2), SWIGTYPE_p_f_p_void__void);
+ if (!SWIG_IsOK(res)) {
+ SWIG_exception_fail(SWIG_ArgError(res), "in method '" "avc_lock_callback_func_free_lock_set" "', argument " "2"" of type '" "void (*)(void *)""'");
+ }
+ }
+ if (arg1) (arg1)->func_free_lock = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_lock_callback_func_free_lock_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void (*result)(void *) = 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_lock_callback_func_free_lock_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_lock_callback_func_free_lock_get" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ result = (void (*)(void *)) ((arg1)->func_free_lock);
+ resultobj = SWIG_NewFunctionPtrObj((void *)(result), SWIGTYPE_p_f_p_void__void);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_lock_callback")) SWIG_fail;
+ result = (struct avc_lock_callback *)(struct avc_lock_callback *) calloc(1, sizeof(struct avc_lock_callback));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_lock_callback(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_lock_callback *arg1 = (struct avc_lock_callback *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_lock_callback",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_lock_callback, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_lock_callback" "', argument " "1"" of type '" "struct avc_lock_callback *""'");
+ }
+ arg1 = (struct avc_lock_callback *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_lock_callback_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_lock_callback, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_init(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ struct avc_memory_callback *arg2 = (struct avc_memory_callback *) 0 ;
+ struct avc_log_callback *arg3 = (struct avc_log_callback *) 0 ;
+ struct avc_thread_callback *arg4 = (struct avc_thread_callback *) 0 ;
+ struct avc_lock_callback *arg5 = (struct avc_lock_callback *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ void *argp3 = 0 ;
+ int res3 = 0 ;
+ void *argp4 = 0 ;
+ int res4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOO:avc_init",&obj0,&obj1,&obj2,&obj3,&obj4)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_init" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_avc_memory_callback, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_init" "', argument " "2"" of type '" "struct avc_memory_callback const *""'");
+ }
+ arg2 = (struct avc_memory_callback *)(argp2);
+ res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_avc_log_callback, 0 | 0 );
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "avc_init" "', argument " "3"" of type '" "struct avc_log_callback const *""'");
+ }
+ arg3 = (struct avc_log_callback *)(argp3);
+ res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_avc_thread_callback, 0 | 0 );
+ if (!SWIG_IsOK(res4)) {
+ SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "avc_init" "', argument " "4"" of type '" "struct avc_thread_callback const *""'");
+ }
+ arg4 = (struct avc_thread_callback *)(argp4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_lock_callback, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_init" "', argument " "5"" of type '" "struct avc_lock_callback const *""'");
+ }
+ arg5 = (struct avc_lock_callback *)(argp5);
+ result = (int)avc_init((char const *)arg1,(struct avc_memory_callback const *)arg2,(struct avc_log_callback const *)arg3,(struct avc_thread_callback const *)arg4,(struct avc_lock_callback const *)arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_open(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct selinux_opt *arg1 = (struct selinux_opt *) 0 ;
+ unsigned int arg2 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_open",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_selinux_opt, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_open" "', argument " "1"" of type '" "struct selinux_opt *""'");
+ }
+ arg1 = (struct selinux_opt *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_open" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ result = (int)avc_open(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cleanup(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_cleanup")) SWIG_fail;
+ avc_cleanup();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_reset(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ int result;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_reset")) SWIG_fail;
+ result = (int)avc_reset();
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_destroy(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_destroy")) SWIG_fail;
+ avc_destroy();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_has_perm_noaudit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct avc_entry_ref *arg5 = (struct avc_entry_ref *) 0 ;
+ struct av_decision *arg6 = (struct av_decision *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ void *argp6 = 0 ;
+ int res6 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+ PyObject * obj5 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOOO:avc_has_perm_noaudit",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_has_perm_noaudit" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_has_perm_noaudit" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_has_perm_noaudit" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_has_perm_noaudit" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_has_perm_noaudit" "', argument " "5"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg5 = (struct avc_entry_ref *)(argp5);
+ res6 = SWIG_ConvertPtr(obj5, &argp6,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res6)) {
+ SWIG_exception_fail(SWIG_ArgError(res6), "in method '" "avc_has_perm_noaudit" "', argument " "6"" of type '" "struct av_decision *""'");
+ }
+ arg6 = (struct av_decision *)(argp6);
+ result = (int)avc_has_perm_noaudit(arg1,arg2,arg3,arg4,arg5,arg6);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_has_perm(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct avc_entry_ref *arg5 = (struct avc_entry_ref *) 0 ;
+ void *arg6 = (void *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ int res6 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+ PyObject * obj5 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOOO:avc_has_perm",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_has_perm" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_has_perm" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_has_perm" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_has_perm" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_avc_entry_ref, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_has_perm" "', argument " "5"" of type '" "struct avc_entry_ref *""'");
+ }
+ arg5 = (struct avc_entry_ref *)(argp5);
+ res6 = SWIG_ConvertPtr(obj5,SWIG_as_voidptrptr(&arg6), 0, 0);
+ if (!SWIG_IsOK(res6)) {
+ SWIG_exception_fail(SWIG_ArgError(res6), "in method '" "avc_has_perm" "', argument " "6"" of type '" "void *""'");
+ }
+ result = (int)avc_has_perm(arg1,arg2,arg3,arg4,arg5,arg6);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_audit(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ access_vector_t arg4 ;
+ struct av_decision *arg5 = (struct av_decision *) 0 ;
+ int arg6 ;
+ void *arg7 = (void *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ unsigned int val4 ;
+ int ecode4 = 0 ;
+ void *argp5 = 0 ;
+ int res5 = 0 ;
+ int val6 ;
+ int ecode6 = 0 ;
+ int res7 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+ PyObject * obj4 = 0 ;
+ PyObject * obj5 = 0 ;
+ PyObject * obj6 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OOOOOOO:avc_audit",&obj0,&obj1,&obj2,&obj3,&obj4,&obj5,&obj6)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_audit" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_audit" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_audit" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ ecode4 = SWIG_AsVal_unsigned_SS_int(obj3, &val4);
+ if (!SWIG_IsOK(ecode4)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode4), "in method '" "avc_audit" "', argument " "4"" of type '" "access_vector_t""'");
+ }
+ arg4 = (access_vector_t)(val4);
+ res5 = SWIG_ConvertPtr(obj4, &argp5,SWIGTYPE_p_av_decision, 0 | 0 );
+ if (!SWIG_IsOK(res5)) {
+ SWIG_exception_fail(SWIG_ArgError(res5), "in method '" "avc_audit" "', argument " "5"" of type '" "struct av_decision *""'");
+ }
+ arg5 = (struct av_decision *)(argp5);
+ ecode6 = SWIG_AsVal_int(obj5, &val6);
+ if (!SWIG_IsOK(ecode6)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode6), "in method '" "avc_audit" "', argument " "6"" of type '" "int""'");
+ }
+ arg6 = (int)(val6);
+ res7 = SWIG_ConvertPtr(obj6,SWIG_as_voidptrptr(&arg7), 0, 0);
+ if (!SWIG_IsOK(res7)) {
+ SWIG_exception_fail(SWIG_ArgError(res7), "in method '" "avc_audit" "', argument " "7"" of type '" "void *""'");
+ }
+ avc_audit(arg1,arg2,arg3,arg4,arg5,arg6,arg7);
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_compute_create(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ security_id_t *arg4 = (security_id_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_id_t temp4 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:avc_compute_create",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_compute_create" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_compute_create" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_compute_create" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)avc_compute_create(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_compute_member(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_id_t arg1 = (security_id_t) 0 ;
+ security_id_t arg2 = (security_id_t) 0 ;
+ security_class_t arg3 ;
+ security_id_t *arg4 = (security_id_t *) 0 ;
+ int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ void *argp2 = 0 ;
+ int res2 = 0 ;
+ unsigned short val3 ;
+ int ecode3 = 0 ;
+ security_id_t temp4 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:avc_compute_member",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_compute_member" "', argument " "1"" of type '" "security_id_t""'");
+ }
+ arg1 = (security_id_t)(argp1);
+ res2 = SWIG_ConvertPtr(obj1, &argp2,SWIGTYPE_p_security_id, 0 | 0 );
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "avc_compute_member" "', argument " "2"" of type '" "security_id_t""'");
+ }
+ arg2 = (security_id_t)(argp2);
+ ecode3 = SWIG_AsVal_unsigned_SS_short(obj2, &val3);
+ if (!SWIG_IsOK(ecode3)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode3), "in method '" "avc_compute_member" "', argument " "3"" of type '" "security_class_t""'");
+ }
+ arg3 = (security_class_t)(val3);
+ result = (int)avc_compute_member(arg1,arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_lookups_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_lookups_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_lookups_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_lookups_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_lookups = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_lookups_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_lookups_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_lookups_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_lookups);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_hits_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_hits_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_hits_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_hits_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_hits = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_hits_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_hits_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_hits_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_hits);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_misses_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_misses_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_misses_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_misses_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_misses = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_misses_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_misses_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_misses_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_misses);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_discards_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_entry_discards_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_discards_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_entry_discards_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->entry_discards = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_entry_discards_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_entry_discards_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_entry_discards_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->entry_discards);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_lookups_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_lookups_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_lookups_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_lookups_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_lookups = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_lookups_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_lookups_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_lookups_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_lookups);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_hits_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_hits_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_hits_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_hits_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_hits = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_hits_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_hits_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_hits_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_hits);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_probes_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_probes_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_probes_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_probes_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_probes = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_probes_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_probes_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_probes_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_probes);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_misses_set(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int arg2 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ unsigned int val2 ;
+ int ecode2 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"OO:avc_cache_stats_cav_misses_set",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_misses_set" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ ecode2 = SWIG_AsVal_unsigned_SS_int(obj1, &val2);
+ if (!SWIG_IsOK(ecode2)) {
+ SWIG_exception_fail(SWIG_ArgError(ecode2), "in method '" "avc_cache_stats_cav_misses_set" "', argument " "2"" of type '" "unsigned int""'");
+ }
+ arg2 = (unsigned int)(val2);
+ if (arg1) (arg1)->cav_misses = arg2;
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_cache_stats_cav_misses_get(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ unsigned int result;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:avc_cache_stats_cav_misses_get",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, 0 | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "avc_cache_stats_cav_misses_get" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ result = (unsigned int) ((arg1)->cav_misses);
+ resultobj = SWIG_From_unsigned_SS_int((unsigned int)(result));
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_new_avc_cache_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":new_avc_cache_stats")) SWIG_fail;
+ result = (struct avc_cache_stats *)(struct avc_cache_stats *) calloc(1, sizeof(struct avc_cache_stats));
+ resultobj = SWIG_NewPointerObj(SWIG_as_voidptr(result), SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_NEW | 0 );
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_delete_avc_cache_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ struct avc_cache_stats *arg1 = (struct avc_cache_stats *) 0 ;
+ void *argp1 = 0 ;
+ int res1 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)"O:delete_avc_cache_stats",&obj0)) SWIG_fail;
+ res1 = SWIG_ConvertPtr(obj0, &argp1,SWIGTYPE_p_avc_cache_stats, SWIG_POINTER_DISOWN | 0 );
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "delete_avc_cache_stats" "', argument " "1"" of type '" "struct avc_cache_stats *""'");
+ }
+ arg1 = (struct avc_cache_stats *)(argp1);
+ free((char *) arg1);
+
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *avc_cache_stats_swigregister(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *obj;
+ if (!PyArg_ParseTuple(args,(char*)"O|swigregister", &obj)) return NULL;
+ SWIG_TypeNewClientData(SWIGTYPE_p_avc_cache_stats, SWIG_NewClientData(obj));
+ return SWIG_Py_Void();
+}
+
+SWIGINTERN PyObject *_wrap_avc_av_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_av_stats")) SWIG_fail;
+ avc_av_stats();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_avc_sid_stats(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+
+ if (!PyArg_ParseTuple(args,(char *)":avc_sid_stats")) SWIG_fail;
+ avc_sid_stats();
+ resultobj = SWIG_Py_Void();
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_selinux_default_type_path(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *result = 0 ;
+
+ if (!PyArg_ParseTuple(args,(char *)":selinux_default_type_path")) SWIG_fail;
+ result = (char *)selinux_default_type_path();
+ resultobj = SWIG_FromCharPtr((const char *)result);
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_type(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char **arg2 = (char **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ char *temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:get_default_type",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_type" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)get_default_type((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ free(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_ordered_context_list(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_context_t **arg3 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t *temp3 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ {
+ arg3 = &temp3;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OO:get_ordered_context_list",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_ordered_context_list" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)get_ordered_context_list((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i;
+
+ if (*arg3) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg3)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ resultobj = plist;
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ {
+ if (*arg3) freeconary(*arg3);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_ordered_context_list_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 = (security_context_t) 0 ;
+ security_context_t **arg4 = (security_context_t **) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ security_context_t *temp4 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ {
+ arg4 = &temp4;
+ }
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_ordered_context_list_with_level",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_ordered_context_list_with_level" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_ordered_context_list_with_level" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_ordered_context_list_with_level" "', argument " "3"" of type '" "security_context_t""'");
+ }
+ arg3 = (security_context_t)(buf3);
+ result = (int)get_ordered_context_list_with_level((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ {
+ PyObject* plist;
+ int i;
+
+ if (*arg4) {
+ plist = PyList_New(result);
+ for (i = 0; i < result; i++) {
+ PyList_SetItem(plist, i, PyString_FromString((*arg4)[i]));
+ }
+ } else {
+ plist = PyList_New(0);
+ }
+ /* Only return the Python list, don't need to return the length anymore */
+ resultobj = plist;
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ {
+ if (*arg4) freeconary(*arg4);
+ }
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ {
+ if (*arg4) freeconary(*arg4);
+ }
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t arg2 = (security_context_t) 0 ;
+ security_context_t *arg3 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ security_context_t temp3 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+
+ arg3 = &temp3;
+ if (!PyArg_ParseTuple(args,(char *)"OO:get_default_context",&obj0,&obj1)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context" "', argument " "2"" of type '" "security_context_t""'");
+ }
+ arg2 = (security_context_t)(buf2);
+ result = (int)get_default_context((char const *)arg1,arg2,arg3);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg3) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg3));
+ freecon(*arg3);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_level(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 = (security_context_t) 0 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_level",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_level" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_level" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_level" "', argument " "3"" of type '" "security_context_t""'");
+ }
+ arg3 = (security_context_t)(buf3);
+ result = (int)get_default_context_with_level((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_role(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ security_context_t arg3 = (security_context_t) 0 ;
+ security_context_t *arg4 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ security_context_t temp4 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+
+ arg4 = &temp4;
+ if (!PyArg_ParseTuple(args,(char *)"OOO:get_default_context_with_role",&obj0,&obj1,&obj2)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_role" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_role" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_role" "', argument " "3"" of type '" "security_context_t""'");
+ }
+ arg3 = (security_context_t)(buf3);
+ result = (int)get_default_context_with_role((char const *)arg1,(char const *)arg2,arg3,arg4);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg4) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg4));
+ freecon(*arg4);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_get_default_context_with_rolelevel(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ char *arg2 = (char *) 0 ;
+ char *arg3 = (char *) 0 ;
+ security_context_t arg4 = (security_context_t) 0 ;
+ security_context_t *arg5 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ int res2 ;
+ char *buf2 = 0 ;
+ int alloc2 = 0 ;
+ int res3 ;
+ char *buf3 = 0 ;
+ int alloc3 = 0 ;
+ int res4 ;
+ char *buf4 = 0 ;
+ int alloc4 = 0 ;
+ security_context_t temp5 = 0 ;
+ PyObject * obj0 = 0 ;
+ PyObject * obj1 = 0 ;
+ PyObject * obj2 = 0 ;
+ PyObject * obj3 = 0 ;
+
+ arg5 = &temp5;
+ if (!PyArg_ParseTuple(args,(char *)"OOOO:get_default_context_with_rolelevel",&obj0,&obj1,&obj2,&obj3)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "get_default_context_with_rolelevel" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ res2 = SWIG_AsCharPtrAndSize(obj1, &buf2, NULL, &alloc2);
+ if (!SWIG_IsOK(res2)) {
+ SWIG_exception_fail(SWIG_ArgError(res2), "in method '" "get_default_context_with_rolelevel" "', argument " "2"" of type '" "char const *""'");
+ }
+ arg2 = (char *)(buf2);
+ res3 = SWIG_AsCharPtrAndSize(obj2, &buf3, NULL, &alloc3);
+ if (!SWIG_IsOK(res3)) {
+ SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "get_default_context_with_rolelevel" "', argument " "3"" of type '" "char const *""'");
+ }
+ arg3 = (char *)(buf3);
+ res4 = SWIG_AsCharPtrAndSize(obj3, &buf4, NULL, &alloc4);
+ if (!SWIG_IsOK(res4)) {
+ SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "get_default_context_with_rolelevel" "', argument " "4"" of type '" "security_context_t""'");
+ }
+ arg4 = (security_context_t)(buf4);
+ result = (int)get_default_context_with_rolelevel((char const *)arg1,(char const *)arg2,(char const *)arg3,arg4,arg5);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg5) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg5));
+ freecon(*arg5);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ if (alloc2 == SWIG_NEWOBJ) free((char*)buf2);
+ if (alloc3 == SWIG_NEWOBJ) free((char*)buf3);
+ if (alloc4 == SWIG_NEWOBJ) free((char*)buf4);
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_query_user_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ security_context_t *arg1 = (security_context_t *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ security_context_t temp1 = 0 ;
+ security_context_t temp2 = 0 ;
+
+ arg1 = &temp1;
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)":query_user_context")) SWIG_fail;
+ result = (int)query_user_context(arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg1) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg1));
+ freecon(*arg1);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ return resultobj;
+fail:
+ return NULL;
+}
+
+
+SWIGINTERN PyObject *_wrap_manual_user_enter_context(PyObject *SWIGUNUSEDPARM(self), PyObject *args) {
+ PyObject *resultobj = 0;
+ char *arg1 = (char *) 0 ;
+ security_context_t *arg2 = (security_context_t *) 0 ;
+ int result;
+ int res1 ;
+ char *buf1 = 0 ;
+ int alloc1 = 0 ;
+ security_context_t temp2 = 0 ;
+ PyObject * obj0 = 0 ;
+
+ arg2 = &temp2;
+ if (!PyArg_ParseTuple(args,(char *)"O:manual_user_enter_context",&obj0)) SWIG_fail;
+ res1 = SWIG_AsCharPtrAndSize(obj0, &buf1, NULL, &alloc1);
+ if (!SWIG_IsOK(res1)) {
+ SWIG_exception_fail(SWIG_ArgError(res1), "in method '" "manual_user_enter_context" "', argument " "1"" of type '" "char const *""'");
+ }
+ arg1 = (char *)(buf1);
+ result = (int)manual_user_enter_context((char const *)arg1,arg2);
+ resultobj = SWIG_From_int((int)(result));
+ if (*arg2) {
+ resultobj = SWIG_Python_AppendOutput(resultobj, SWIG_FromCharPtr(*arg2));
+ freecon(*arg2);
+ }
+ else {
+ Py_INCREF(Py_None);
+ resultobj = SWIG_Python_AppendOutput(resultobj, Py_None);
+ }
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return resultobj;
+fail:
+ if (alloc1 == SWIG_NEWOBJ) free((char*)buf1);
+ return NULL;
+}
+
+
+static PyMethodDef SwigMethods[] = {
+ { (char *)"is_selinux_enabled", _wrap_is_selinux_enabled, METH_VARARGS, NULL},
+ { (char *)"is_selinux_mls_enabled", _wrap_is_selinux_mls_enabled, METH_VARARGS, NULL},
+ { (char *)"getcon", _wrap_getcon, METH_VARARGS, NULL},
+ { (char *)"getcon_raw", _wrap_getcon_raw, METH_VARARGS, NULL},
+ { (char *)"setcon", _wrap_setcon, METH_VARARGS, NULL},
+ { (char *)"setcon_raw", _wrap_setcon_raw, METH_VARARGS, NULL},
+ { (char *)"getpidcon", _wrap_getpidcon, METH_VARARGS, NULL},
+ { (char *)"getpidcon_raw", _wrap_getpidcon_raw, METH_VARARGS, NULL},
+ { (char *)"getprevcon", _wrap_getprevcon, METH_VARARGS, NULL},
+ { (char *)"getprevcon_raw", _wrap_getprevcon_raw, METH_VARARGS, NULL},
+ { (char *)"getexeccon", _wrap_getexeccon, METH_VARARGS, NULL},
+ { (char *)"getexeccon_raw", _wrap_getexeccon_raw, METH_VARARGS, NULL},
+ { (char *)"setexeccon", _wrap_setexeccon, METH_VARARGS, NULL},
+ { (char *)"setexeccon_raw", _wrap_setexeccon_raw, METH_VARARGS, NULL},
+ { (char *)"getfscreatecon", _wrap_getfscreatecon, METH_VARARGS, NULL},
+ { (char *)"getfscreatecon_raw", _wrap_getfscreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"setfscreatecon", _wrap_setfscreatecon, METH_VARARGS, NULL},
+ { (char *)"setfscreatecon_raw", _wrap_setfscreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"getkeycreatecon", _wrap_getkeycreatecon, METH_VARARGS, NULL},
+ { (char *)"getkeycreatecon_raw", _wrap_getkeycreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"setkeycreatecon", _wrap_setkeycreatecon, METH_VARARGS, NULL},
+ { (char *)"setkeycreatecon_raw", _wrap_setkeycreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"getsockcreatecon", _wrap_getsockcreatecon, METH_VARARGS, NULL},
+ { (char *)"getsockcreatecon_raw", _wrap_getsockcreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"setsockcreatecon", _wrap_setsockcreatecon, METH_VARARGS, NULL},
+ { (char *)"setsockcreatecon_raw", _wrap_setsockcreatecon_raw, METH_VARARGS, NULL},
+ { (char *)"getfilecon", _wrap_getfilecon, METH_VARARGS, NULL},
+ { (char *)"getfilecon_raw", _wrap_getfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"lgetfilecon", _wrap_lgetfilecon, METH_VARARGS, NULL},
+ { (char *)"lgetfilecon_raw", _wrap_lgetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"fgetfilecon", _wrap_fgetfilecon, METH_VARARGS, NULL},
+ { (char *)"fgetfilecon_raw", _wrap_fgetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"setfilecon", _wrap_setfilecon, METH_VARARGS, NULL},
+ { (char *)"setfilecon_raw", _wrap_setfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"lsetfilecon", _wrap_lsetfilecon, METH_VARARGS, NULL},
+ { (char *)"lsetfilecon_raw", _wrap_lsetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"fsetfilecon", _wrap_fsetfilecon, METH_VARARGS, NULL},
+ { (char *)"fsetfilecon_raw", _wrap_fsetfilecon_raw, METH_VARARGS, NULL},
+ { (char *)"getpeercon", _wrap_getpeercon, METH_VARARGS, NULL},
+ { (char *)"getpeercon_raw", _wrap_getpeercon_raw, METH_VARARGS, NULL},
+ { (char *)"av_decision_allowed_set", _wrap_av_decision_allowed_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_allowed_get", _wrap_av_decision_allowed_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_decided_set", _wrap_av_decision_decided_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_decided_get", _wrap_av_decision_decided_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditallow_set", _wrap_av_decision_auditallow_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditallow_get", _wrap_av_decision_auditallow_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditdeny_set", _wrap_av_decision_auditdeny_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_auditdeny_get", _wrap_av_decision_auditdeny_get, METH_VARARGS, NULL},
+ { (char *)"av_decision_seqno_set", _wrap_av_decision_seqno_set, METH_VARARGS, NULL},
+ { (char *)"av_decision_seqno_get", _wrap_av_decision_seqno_get, METH_VARARGS, NULL},
+ { (char *)"new_av_decision", _wrap_new_av_decision, METH_VARARGS, NULL},
+ { (char *)"delete_av_decision", _wrap_delete_av_decision, METH_VARARGS, NULL},
+ { (char *)"av_decision_swigregister", av_decision_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_type_set", _wrap_selinux_opt_type_set, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_type_get", _wrap_selinux_opt_type_get, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_value_set", _wrap_selinux_opt_value_set, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_value_get", _wrap_selinux_opt_value_get, METH_VARARGS, NULL},
+ { (char *)"new_selinux_opt", _wrap_new_selinux_opt, METH_VARARGS, NULL},
+ { (char *)"delete_selinux_opt", _wrap_delete_selinux_opt, METH_VARARGS, NULL},
+ { (char *)"selinux_opt_swigregister", selinux_opt_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_log_set", _wrap_selinux_callback_func_log_set, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_log_get", _wrap_selinux_callback_func_log_get, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_audit_set", _wrap_selinux_callback_func_audit_set, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_audit_get", _wrap_selinux_callback_func_audit_get, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_validate_set", _wrap_selinux_callback_func_validate_set, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_func_validate_get", _wrap_selinux_callback_func_validate_get, METH_VARARGS, NULL},
+ { (char *)"new_selinux_callback", _wrap_new_selinux_callback, METH_VARARGS, NULL},
+ { (char *)"delete_selinux_callback", _wrap_delete_selinux_callback, METH_VARARGS, NULL},
+ { (char *)"selinux_callback_swigregister", selinux_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_get_callback", _wrap_selinux_get_callback, METH_VARARGS, NULL},
+ { (char *)"selinux_set_callback", _wrap_selinux_set_callback, METH_VARARGS, NULL},
+ { (char *)"security_compute_av", _wrap_security_compute_av, METH_VARARGS, NULL},
+ { (char *)"security_compute_av_raw", _wrap_security_compute_av_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_create", _wrap_security_compute_create, METH_VARARGS, NULL},
+ { (char *)"security_compute_create_raw", _wrap_security_compute_create_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_relabel", _wrap_security_compute_relabel, METH_VARARGS, NULL},
+ { (char *)"security_compute_relabel_raw", _wrap_security_compute_relabel_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_member", _wrap_security_compute_member, METH_VARARGS, NULL},
+ { (char *)"security_compute_member_raw", _wrap_security_compute_member_raw, METH_VARARGS, NULL},
+ { (char *)"security_compute_user", _wrap_security_compute_user, METH_VARARGS, NULL},
+ { (char *)"security_compute_user_raw", _wrap_security_compute_user_raw, METH_VARARGS, NULL},
+ { (char *)"security_load_policy", _wrap_security_load_policy, METH_VARARGS, NULL},
+ { (char *)"security_get_initial_context", _wrap_security_get_initial_context, METH_VARARGS, NULL},
+ { (char *)"security_get_initial_context_raw", _wrap_security_get_initial_context_raw, METH_VARARGS, NULL},
+ { (char *)"selinux_mkload_policy", _wrap_selinux_mkload_policy, METH_VARARGS, NULL},
+ { (char *)"selinux_init_load_policy", _wrap_selinux_init_load_policy, METH_VARARGS, NULL},
+ { (char *)"SELboolean_name_set", _wrap_SELboolean_name_set, METH_VARARGS, NULL},
+ { (char *)"SELboolean_name_get", _wrap_SELboolean_name_get, METH_VARARGS, NULL},
+ { (char *)"SELboolean_value_set", _wrap_SELboolean_value_set, METH_VARARGS, NULL},
+ { (char *)"SELboolean_value_get", _wrap_SELboolean_value_get, METH_VARARGS, NULL},
+ { (char *)"new_SELboolean", _wrap_new_SELboolean, METH_VARARGS, NULL},
+ { (char *)"delete_SELboolean", _wrap_delete_SELboolean, METH_VARARGS, NULL},
+ { (char *)"SELboolean_swigregister", SELboolean_swigregister, METH_VARARGS, NULL},
+ { (char *)"security_set_boolean_list", _wrap_security_set_boolean_list, METH_VARARGS, NULL},
+ { (char *)"security_load_booleans", _wrap_security_load_booleans, METH_VARARGS, NULL},
+ { (char *)"security_check_context", _wrap_security_check_context, METH_VARARGS, NULL},
+ { (char *)"security_check_context_raw", _wrap_security_check_context_raw, METH_VARARGS, NULL},
+ { (char *)"security_canonicalize_context", _wrap_security_canonicalize_context, METH_VARARGS, NULL},
+ { (char *)"security_canonicalize_context_raw", _wrap_security_canonicalize_context_raw, METH_VARARGS, NULL},
+ { (char *)"security_getenforce", _wrap_security_getenforce, METH_VARARGS, NULL},
+ { (char *)"security_setenforce", _wrap_security_setenforce, METH_VARARGS, NULL},
+ { (char *)"security_disable", _wrap_security_disable, METH_VARARGS, NULL},
+ { (char *)"security_policyvers", _wrap_security_policyvers, METH_VARARGS, NULL},
+ { (char *)"security_get_boolean_names", _wrap_security_get_boolean_names, METH_VARARGS, NULL},
+ { (char *)"security_get_boolean_pending", _wrap_security_get_boolean_pending, METH_VARARGS, NULL},
+ { (char *)"security_get_boolean_active", _wrap_security_get_boolean_active, METH_VARARGS, NULL},
+ { (char *)"security_set_boolean", _wrap_security_set_boolean, METH_VARARGS, NULL},
+ { (char *)"security_commit_booleans", _wrap_security_commit_booleans, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_name_set", _wrap_security_class_mapping_name_set, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_name_get", _wrap_security_class_mapping_name_get, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_perms_set", _wrap_security_class_mapping_perms_set, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_perms_get", _wrap_security_class_mapping_perms_get, METH_VARARGS, NULL},
+ { (char *)"new_security_class_mapping", _wrap_new_security_class_mapping, METH_VARARGS, NULL},
+ { (char *)"delete_security_class_mapping", _wrap_delete_security_class_mapping, METH_VARARGS, NULL},
+ { (char *)"security_class_mapping_swigregister", security_class_mapping_swigregister, METH_VARARGS, NULL},
+ { (char *)"selinux_set_mapping", _wrap_selinux_set_mapping, METH_VARARGS, NULL},
+ { (char *)"string_to_security_class", _wrap_string_to_security_class, METH_VARARGS, NULL},
+ { (char *)"security_class_to_string", _wrap_security_class_to_string, METH_VARARGS, NULL},
+ { (char *)"security_av_perm_to_string", _wrap_security_av_perm_to_string, METH_VARARGS, NULL},
+ { (char *)"string_to_av_perm", _wrap_string_to_av_perm, METH_VARARGS, NULL},
+ { (char *)"security_av_string", _wrap_security_av_string, METH_VARARGS, NULL},
+ { (char *)"print_access_vector", _wrap_print_access_vector, METH_VARARGS, NULL},
+ { (char *)"set_matchpathcon_flags", _wrap_set_matchpathcon_flags, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_init", _wrap_matchpathcon_init, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_init_prefix", _wrap_matchpathcon_init_prefix, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_fini", _wrap_matchpathcon_fini, METH_VARARGS, NULL},
+ { (char *)"matchpathcon", _wrap_matchpathcon, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_index", _wrap_matchpathcon_index, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_filespec_add", _wrap_matchpathcon_filespec_add, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_filespec_destroy", _wrap_matchpathcon_filespec_destroy, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_filespec_eval", _wrap_matchpathcon_filespec_eval, METH_VARARGS, NULL},
+ { (char *)"matchpathcon_checkmatches", _wrap_matchpathcon_checkmatches, METH_VARARGS, NULL},
+ { (char *)"matchmediacon", _wrap_matchmediacon, METH_VARARGS, NULL},
+ { (char *)"selinux_getenforcemode", _wrap_selinux_getenforcemode, METH_VARARGS, NULL},
+ { (char *)"selinux_getpolicytype", _wrap_selinux_getpolicytype, METH_VARARGS, NULL},
+ { (char *)"selinux_policy_root", _wrap_selinux_policy_root, METH_VARARGS, NULL},
+ { (char *)"selinux_binary_policy_path", _wrap_selinux_binary_policy_path, METH_VARARGS, NULL},
+ { (char *)"selinux_failsafe_context_path", _wrap_selinux_failsafe_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_removable_context_path", _wrap_selinux_removable_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_default_context_path", _wrap_selinux_default_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_user_contexts_path", _wrap_selinux_user_contexts_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_path", _wrap_selinux_file_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_homedir_path", _wrap_selinux_file_context_homedir_path, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_local_path", _wrap_selinux_file_context_local_path, METH_VARARGS, NULL},
+ { (char *)"selinux_homedir_context_path", _wrap_selinux_homedir_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_media_context_path", _wrap_selinux_media_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_x_context_path", _wrap_selinux_x_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_contexts_path", _wrap_selinux_contexts_path, METH_VARARGS, NULL},
+ { (char *)"selinux_securetty_types_path", _wrap_selinux_securetty_types_path, METH_VARARGS, NULL},
+ { (char *)"selinux_booleans_path", _wrap_selinux_booleans_path, METH_VARARGS, NULL},
+ { (char *)"selinux_customizable_types_path", _wrap_selinux_customizable_types_path, METH_VARARGS, NULL},
+ { (char *)"selinux_users_path", _wrap_selinux_users_path, METH_VARARGS, NULL},
+ { (char *)"selinux_usersconf_path", _wrap_selinux_usersconf_path, METH_VARARGS, NULL},
+ { (char *)"selinux_translations_path", _wrap_selinux_translations_path, METH_VARARGS, NULL},
+ { (char *)"selinux_netfilter_context_path", _wrap_selinux_netfilter_context_path, METH_VARARGS, NULL},
+ { (char *)"selinux_path", _wrap_selinux_path, METH_VARARGS, NULL},
+ { (char *)"selinux_check_passwd_access", _wrap_selinux_check_passwd_access, METH_VARARGS, NULL},
+ { (char *)"checkPasswdAccess", _wrap_checkPasswdAccess, METH_VARARGS, NULL},
+ { (char *)"selinux_check_securetty_context", _wrap_selinux_check_securetty_context, METH_VARARGS, NULL},
+ { (char *)"set_selinuxmnt", _wrap_set_selinuxmnt, METH_VARARGS, NULL},
+ { (char *)"rpm_execcon", _wrap_rpm_execcon, METH_VARARGS, NULL},
+ { (char *)"is_context_customizable", _wrap_is_context_customizable, METH_VARARGS, NULL},
+ { (char *)"selinux_trans_to_raw_context", _wrap_selinux_trans_to_raw_context, METH_VARARGS, NULL},
+ { (char *)"selinux_raw_to_trans_context", _wrap_selinux_raw_to_trans_context, METH_VARARGS, NULL},
+ { (char *)"getseuserbyname", _wrap_getseuserbyname, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_cmp", _wrap_selinux_file_context_cmp, METH_VARARGS, NULL},
+ { (char *)"selinux_file_context_verify", _wrap_selinux_file_context_verify, METH_VARARGS, NULL},
+ { (char *)"selinux_lsetfilecon_default", _wrap_selinux_lsetfilecon_default, METH_VARARGS, NULL},
+ { (char *)"security_id_ctx_set", _wrap_security_id_ctx_set, METH_VARARGS, NULL},
+ { (char *)"security_id_ctx_get", _wrap_security_id_ctx_get, METH_VARARGS, NULL},
+ { (char *)"security_id_refcnt_set", _wrap_security_id_refcnt_set, METH_VARARGS, NULL},
+ { (char *)"security_id_refcnt_get", _wrap_security_id_refcnt_get, METH_VARARGS, NULL},
+ { (char *)"new_security_id", _wrap_new_security_id, METH_VARARGS, NULL},
+ { (char *)"delete_security_id", _wrap_delete_security_id, METH_VARARGS, NULL},
+ { (char *)"security_id_swigregister", security_id_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_sid_to_context", _wrap_avc_sid_to_context, METH_VARARGS, NULL},
+ { (char *)"avc_sid_to_context_raw", _wrap_avc_sid_to_context_raw, METH_VARARGS, NULL},
+ { (char *)"avc_context_to_sid", _wrap_avc_context_to_sid, METH_VARARGS, NULL},
+ { (char *)"avc_context_to_sid_raw", _wrap_avc_context_to_sid_raw, METH_VARARGS, NULL},
+ { (char *)"sidget", _wrap_sidget, METH_VARARGS, NULL},
+ { (char *)"sidput", _wrap_sidput, METH_VARARGS, NULL},
+ { (char *)"avc_get_initial_sid", _wrap_avc_get_initial_sid, METH_VARARGS, NULL},
+ { (char *)"avc_entry_ref_ae_set", _wrap_avc_entry_ref_ae_set, METH_VARARGS, NULL},
+ { (char *)"avc_entry_ref_ae_get", _wrap_avc_entry_ref_ae_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_entry_ref", _wrap_new_avc_entry_ref, METH_VARARGS, NULL},
+ { (char *)"delete_avc_entry_ref", _wrap_delete_avc_entry_ref, METH_VARARGS, NULL},
+ { (char *)"avc_entry_ref_swigregister", avc_entry_ref_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_malloc_set", _wrap_avc_memory_callback_func_malloc_set, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_malloc_get", _wrap_avc_memory_callback_func_malloc_get, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_free_set", _wrap_avc_memory_callback_func_free_set, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_func_free_get", _wrap_avc_memory_callback_func_free_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_memory_callback", _wrap_new_avc_memory_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_memory_callback", _wrap_delete_avc_memory_callback, METH_VARARGS, NULL},
+ { (char *)"avc_memory_callback_swigregister", avc_memory_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_log_set", _wrap_avc_log_callback_func_log_set, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_log_get", _wrap_avc_log_callback_func_log_get, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_audit_set", _wrap_avc_log_callback_func_audit_set, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_func_audit_get", _wrap_avc_log_callback_func_audit_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_log_callback", _wrap_new_avc_log_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_log_callback", _wrap_delete_avc_log_callback, METH_VARARGS, NULL},
+ { (char *)"avc_log_callback_swigregister", avc_log_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_create_thread_set", _wrap_avc_thread_callback_func_create_thread_set, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_create_thread_get", _wrap_avc_thread_callback_func_create_thread_get, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_stop_thread_set", _wrap_avc_thread_callback_func_stop_thread_set, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_func_stop_thread_get", _wrap_avc_thread_callback_func_stop_thread_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_thread_callback", _wrap_new_avc_thread_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_thread_callback", _wrap_delete_avc_thread_callback, METH_VARARGS, NULL},
+ { (char *)"avc_thread_callback_swigregister", avc_thread_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_alloc_lock_set", _wrap_avc_lock_callback_func_alloc_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_alloc_lock_get", _wrap_avc_lock_callback_func_alloc_lock_get, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_get_lock_set", _wrap_avc_lock_callback_func_get_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_get_lock_get", _wrap_avc_lock_callback_func_get_lock_get, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_release_lock_set", _wrap_avc_lock_callback_func_release_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_release_lock_get", _wrap_avc_lock_callback_func_release_lock_get, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_free_lock_set", _wrap_avc_lock_callback_func_free_lock_set, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_func_free_lock_get", _wrap_avc_lock_callback_func_free_lock_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_lock_callback", _wrap_new_avc_lock_callback, METH_VARARGS, NULL},
+ { (char *)"delete_avc_lock_callback", _wrap_delete_avc_lock_callback, METH_VARARGS, NULL},
+ { (char *)"avc_lock_callback_swigregister", avc_lock_callback_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_init", _wrap_avc_init, METH_VARARGS, NULL},
+ { (char *)"avc_open", _wrap_avc_open, METH_VARARGS, NULL},
+ { (char *)"avc_cleanup", _wrap_avc_cleanup, METH_VARARGS, NULL},
+ { (char *)"avc_reset", _wrap_avc_reset, METH_VARARGS, NULL},
+ { (char *)"avc_destroy", _wrap_avc_destroy, METH_VARARGS, NULL},
+ { (char *)"avc_has_perm_noaudit", _wrap_avc_has_perm_noaudit, METH_VARARGS, NULL},
+ { (char *)"avc_has_perm", _wrap_avc_has_perm, METH_VARARGS, NULL},
+ { (char *)"avc_audit", _wrap_avc_audit, METH_VARARGS, NULL},
+ { (char *)"avc_compute_create", _wrap_avc_compute_create, METH_VARARGS, NULL},
+ { (char *)"avc_compute_member", _wrap_avc_compute_member, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_lookups_set", _wrap_avc_cache_stats_entry_lookups_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_lookups_get", _wrap_avc_cache_stats_entry_lookups_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_hits_set", _wrap_avc_cache_stats_entry_hits_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_hits_get", _wrap_avc_cache_stats_entry_hits_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_misses_set", _wrap_avc_cache_stats_entry_misses_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_misses_get", _wrap_avc_cache_stats_entry_misses_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_discards_set", _wrap_avc_cache_stats_entry_discards_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_entry_discards_get", _wrap_avc_cache_stats_entry_discards_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_lookups_set", _wrap_avc_cache_stats_cav_lookups_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_lookups_get", _wrap_avc_cache_stats_cav_lookups_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_hits_set", _wrap_avc_cache_stats_cav_hits_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_hits_get", _wrap_avc_cache_stats_cav_hits_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_probes_set", _wrap_avc_cache_stats_cav_probes_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_probes_get", _wrap_avc_cache_stats_cav_probes_get, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_misses_set", _wrap_avc_cache_stats_cav_misses_set, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_cav_misses_get", _wrap_avc_cache_stats_cav_misses_get, METH_VARARGS, NULL},
+ { (char *)"new_avc_cache_stats", _wrap_new_avc_cache_stats, METH_VARARGS, NULL},
+ { (char *)"delete_avc_cache_stats", _wrap_delete_avc_cache_stats, METH_VARARGS, NULL},
+ { (char *)"avc_cache_stats_swigregister", avc_cache_stats_swigregister, METH_VARARGS, NULL},
+ { (char *)"avc_av_stats", _wrap_avc_av_stats, METH_VARARGS, NULL},
+ { (char *)"avc_sid_stats", _wrap_avc_sid_stats, METH_VARARGS, NULL},
+ { (char *)"selinux_default_type_path", _wrap_selinux_default_type_path, METH_VARARGS, NULL},
+ { (char *)"get_default_type", _wrap_get_default_type, METH_VARARGS, NULL},
+ { (char *)"get_ordered_context_list", _wrap_get_ordered_context_list, METH_VARARGS, NULL},
+ { (char *)"get_ordered_context_list_with_level", _wrap_get_ordered_context_list_with_level, METH_VARARGS, NULL},
+ { (char *)"get_default_context", _wrap_get_default_context, METH_VARARGS, NULL},
+ { (char *)"get_default_context_with_level", _wrap_get_default_context_with_level, METH_VARARGS, NULL},
+ { (char *)"get_default_context_with_role", _wrap_get_default_context_with_role, METH_VARARGS, NULL},
+ { (char *)"get_default_context_with_rolelevel", _wrap_get_default_context_with_rolelevel, METH_VARARGS, NULL},
+ { (char *)"query_user_context", _wrap_query_user_context, METH_VARARGS, NULL},
+ { (char *)"manual_user_enter_context", _wrap_manual_user_enter_context, METH_VARARGS, NULL},
+ { NULL, NULL, 0, NULL }
+};
+
+
+/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (BEGIN) -------- */
+
+static swig_type_info _swigt__p_SELboolean = {"_p_SELboolean", "SELboolean *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_av_decision = {"_p_av_decision", "struct av_decision *|av_decision *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_cache_stats = {"_p_avc_cache_stats", "struct avc_cache_stats *|avc_cache_stats *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_entry = {"_p_avc_entry", "struct avc_entry *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_entry_ref = {"_p_avc_entry_ref", "struct avc_entry_ref *|avc_entry_ref *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_lock_callback = {"_p_avc_lock_callback", "struct avc_lock_callback *|avc_lock_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_log_callback = {"_p_avc_log_callback", "struct avc_log_callback *|avc_log_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_memory_callback = {"_p_avc_memory_callback", "struct avc_memory_callback *|avc_memory_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_avc_thread_callback = {"_p_avc_thread_callback", "struct avc_thread_callback *|avc_thread_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_char = {"_p_char", "char *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_int_p_q_const__char_v_______int = {"_p_f_int_p_q_const__char_v_______int", "int (*)(int,char const *,...)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_f_void__void__p_void = {"_p_f_p_f_void__void__p_void", "void *(*)(void (*)(void))", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_p_char__int = {"_p_f_p_p_char__int", "int (*)(char **)|int (*)(security_context_t *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_q_const__char_v_______void = {"_p_f_p_q_const__char_v_______void", "void (*)(char const *,...)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void__void = {"_p_f_p_void__void", "void (*)(void *)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void_unsigned_short_p_char_size_t__int = {"_p_f_p_void_unsigned_short_p_char_size_t__int", "int (*)(void *,unsigned short,char *,size_t)|int (*)(void *,security_class_t,char *,size_t)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_p_void_unsigned_short_p_char_size_t__void = {"_p_f_p_void_unsigned_short_p_char_size_t__void", "void (*)(void *,unsigned short,char *,size_t)|void (*)(void *,security_class_t,char *,size_t)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_size_t__p_void = {"_p_f_size_t__p_void", "void *(*)(size_t)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_f_void__p_void = {"_p_f_void__p_void", "void *(*)(void)", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_ino_t = {"_p_ino_t", "ino_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_int = {"_p_int", "int *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_char = {"_p_p_char", "char **|security_context_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_p_char = {"_p_p_p_char", "char ***|security_context_t **", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_p_security_id = {"_p_p_security_id", "struct security_id **|security_id_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_security_class_mapping = {"_p_security_class_mapping", "struct security_class_mapping *|security_class_mapping *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_security_id = {"_p_security_id", "security_id_t|struct security_id *|security_id *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_selinux_callback = {"_p_selinux_callback", "union selinux_callback *|selinux_callback *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_selinux_opt = {"_p_selinux_opt", "struct selinux_opt *|selinux_opt *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_int = {"_p_unsigned_int", "unsigned int *|access_vector_t *|mode_t *|pid_t *", 0, 0, (void*)0, 0};
+static swig_type_info _swigt__p_unsigned_short = {"_p_unsigned_short", "security_class_t *|unsigned short *", 0, 0, (void*)0, 0};
+
+static swig_type_info *swig_type_initial[] = {
+ &_swigt__p_SELboolean,
+ &_swigt__p_av_decision,
+ &_swigt__p_avc_cache_stats,
+ &_swigt__p_avc_entry,
+ &_swigt__p_avc_entry_ref,
+ &_swigt__p_avc_lock_callback,
+ &_swigt__p_avc_log_callback,
+ &_swigt__p_avc_memory_callback,
+ &_swigt__p_avc_thread_callback,
+ &_swigt__p_char,
+ &_swigt__p_f_int_p_q_const__char_v_______int,
+ &_swigt__p_f_p_f_void__void__p_void,
+ &_swigt__p_f_p_p_char__int,
+ &_swigt__p_f_p_q_const__char_v_______void,
+ &_swigt__p_f_p_void__void,
+ &_swigt__p_f_p_void_unsigned_short_p_char_size_t__int,
+ &_swigt__p_f_p_void_unsigned_short_p_char_size_t__void,
+ &_swigt__p_f_size_t__p_void,
+ &_swigt__p_f_void__p_void,
+ &_swigt__p_ino_t,
+ &_swigt__p_int,
+ &_swigt__p_p_char,
+ &_swigt__p_p_p_char,
+ &_swigt__p_p_security_id,
+ &_swigt__p_security_class_mapping,
+ &_swigt__p_security_id,
+ &_swigt__p_selinux_callback,
+ &_swigt__p_selinux_opt,
+ &_swigt__p_unsigned_int,
+ &_swigt__p_unsigned_short,
+};
+
+static swig_cast_info _swigc__p_SELboolean[] = { {&_swigt__p_SELboolean, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_av_decision[] = { {&_swigt__p_av_decision, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_cache_stats[] = { {&_swigt__p_avc_cache_stats, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_entry[] = { {&_swigt__p_avc_entry, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_entry_ref[] = { {&_swigt__p_avc_entry_ref, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_lock_callback[] = { {&_swigt__p_avc_lock_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_log_callback[] = { {&_swigt__p_avc_log_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_memory_callback[] = { {&_swigt__p_avc_memory_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_avc_thread_callback[] = { {&_swigt__p_avc_thread_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_char[] = { {&_swigt__p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_int_p_q_const__char_v_______int[] = { {&_swigt__p_f_int_p_q_const__char_v_______int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_f_void__void__p_void[] = { {&_swigt__p_f_p_f_void__void__p_void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_p_char__int[] = { {&_swigt__p_f_p_p_char__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_q_const__char_v_______void[] = { {&_swigt__p_f_p_q_const__char_v_______void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_void__void[] = { {&_swigt__p_f_p_void__void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_void_unsigned_short_p_char_size_t__int[] = { {&_swigt__p_f_p_void_unsigned_short_p_char_size_t__int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_p_void_unsigned_short_p_char_size_t__void[] = { {&_swigt__p_f_p_void_unsigned_short_p_char_size_t__void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_size_t__p_void[] = { {&_swigt__p_f_size_t__p_void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_f_void__p_void[] = { {&_swigt__p_f_void__p_void, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_ino_t[] = { {&_swigt__p_ino_t, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_int[] = { {&_swigt__p_int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_char[] = { {&_swigt__p_p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_p_char[] = { {&_swigt__p_p_p_char, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_p_security_id[] = { {&_swigt__p_p_security_id, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_security_class_mapping[] = { {&_swigt__p_security_class_mapping, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_security_id[] = { {&_swigt__p_security_id, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_selinux_callback[] = { {&_swigt__p_selinux_callback, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_selinux_opt[] = { {&_swigt__p_selinux_opt, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_int[] = { {&_swigt__p_unsigned_int, 0, 0, 0},{0, 0, 0, 0}};
+static swig_cast_info _swigc__p_unsigned_short[] = { {&_swigt__p_unsigned_short, 0, 0, 0},{0, 0, 0, 0}};
+
+static swig_cast_info *swig_cast_initial[] = {
+ _swigc__p_SELboolean,
+ _swigc__p_av_decision,
+ _swigc__p_avc_cache_stats,
+ _swigc__p_avc_entry,
+ _swigc__p_avc_entry_ref,
+ _swigc__p_avc_lock_callback,
+ _swigc__p_avc_log_callback,
+ _swigc__p_avc_memory_callback,
+ _swigc__p_avc_thread_callback,
+ _swigc__p_char,
+ _swigc__p_f_int_p_q_const__char_v_______int,
+ _swigc__p_f_p_f_void__void__p_void,
+ _swigc__p_f_p_p_char__int,
+ _swigc__p_f_p_q_const__char_v_______void,
+ _swigc__p_f_p_void__void,
+ _swigc__p_f_p_void_unsigned_short_p_char_size_t__int,
+ _swigc__p_f_p_void_unsigned_short_p_char_size_t__void,
+ _swigc__p_f_size_t__p_void,
+ _swigc__p_f_void__p_void,
+ _swigc__p_ino_t,
+ _swigc__p_int,
+ _swigc__p_p_char,
+ _swigc__p_p_p_char,
+ _swigc__p_p_security_id,
+ _swigc__p_security_class_mapping,
+ _swigc__p_security_id,
+ _swigc__p_selinux_callback,
+ _swigc__p_selinux_opt,
+ _swigc__p_unsigned_int,
+ _swigc__p_unsigned_short,
+};
+
+
+/* -------- TYPE CONVERSION AND EQUIVALENCE RULES (END) -------- */
+
+static swig_const_info swig_const_table[] = {
+{0, 0, 0, 0.0, 0, 0}};
+
+#ifdef __cplusplus
+}
+#endif
+/* -----------------------------------------------------------------------------
+ * Type initialization:
+ * This problem is tough by the requirement that no dynamic
+ * memory is used. Also, since swig_type_info structures store pointers to
+ * swig_cast_info structures and swig_cast_info structures store pointers back
+ * to swig_type_info structures, we need some lookup code at initialization.
+ * The idea is that swig generates all the structures that are needed.
+ * The runtime then collects these partially filled structures.
+ * The SWIG_InitializeModule function takes these initial arrays out of
+ * swig_module, and does all the lookup, filling in the swig_module.types
+ * array with the correct data and linking the correct swig_cast_info
+ * structures together.
+ *
+ * The generated swig_type_info structures are assigned staticly to an initial
+ * array. We just loop through that array, and handle each type individually.
+ * First we lookup if this type has been already loaded, and if so, use the
+ * loaded structure instead of the generated one. Then we have to fill in the
+ * cast linked list. The cast data is initially stored in something like a
+ * two-dimensional array. Each row corresponds to a type (there are the same
+ * number of rows as there are in the swig_type_initial array). Each entry in
+ * a column is one of the swig_cast_info structures for that type.
+ * The cast_initial array is actually an array of arrays, because each row has
+ * a variable number of columns. So to actually build the cast linked list,
+ * we find the array of casts associated with the type, and loop through it
+ * adding the casts to the list. The one last trick we need to do is making
+ * sure the type pointer in the swig_cast_info struct is correct.
+ *
+ * First off, we lookup the cast->type name to see if it is already loaded.
+ * There are three cases to handle:
+ * 1) If the cast->type has already been loaded AND the type we are adding
+ * casting info to has not been loaded (it is in this module), THEN we
+ * replace the cast->type pointer with the type pointer that has already
+ * been loaded.
+ * 2) If BOTH types (the one we are adding casting info to, and the
+ * cast->type) are loaded, THEN the cast info has already been loaded by
+ * the previous module so we just ignore it.
+ * 3) Finally, if cast->type has not already been loaded, then we add that
+ * swig_cast_info to the linked list (because the cast->type) pointer will
+ * be correct.
+ * ----------------------------------------------------------------------------- */
+
+#ifdef __cplusplus
+extern "C" {
+#if 0
+} /* c-mode */
+#endif
+#endif
+
+#if 0
+#define SWIGRUNTIME_DEBUG
+#endif
+
+
+SWIGRUNTIME void
+SWIG_InitializeModule(void *clientdata) {
+ size_t i;
+ swig_module_info *module_head, *iter;
+ int found;
+
+ clientdata = clientdata;
+
+ /* check to see if the circular list has been setup, if not, set it up */
+ if (swig_module.next==0) {
+ /* Initialize the swig_module */
+ swig_module.type_initial = swig_type_initial;
+ swig_module.cast_initial = swig_cast_initial;
+ swig_module.next = &swig_module;
+ }
+
+ /* Try and load any already created modules */
+ module_head = SWIG_GetModule(clientdata);
+ if (!module_head) {
+ /* This is the first module loaded for this interpreter */
+ /* so set the swig module into the interpreter */
+ SWIG_SetModule(clientdata, &swig_module);
+ module_head = &swig_module;
+ } else {
+ /* the interpreter has loaded a SWIG module, but has it loaded this one? */
+ found=0;
+ iter=module_head;
+ do {
+ if (iter==&swig_module) {
+ found=1;
+ break;
+ }
+ iter=iter->next;
+ } while (iter!= module_head);
+
+ /* if the is found in the list, then all is done and we may leave */
+ if (found) return;
+ /* otherwise we must add out module into the list */
+ swig_module.next = module_head->next;
+ module_head->next = &swig_module;
+ }
+
+ /* Now work on filling in swig_module.types */
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: size %d\n", swig_module.size);
+#endif
+ for (i = 0; i < swig_module.size; ++i) {
+ swig_type_info *type = 0;
+ swig_type_info *ret;
+ swig_cast_info *cast;
+
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name);
+#endif
+
+ /* if there is another module already loaded */
+ if (swig_module.next != &swig_module) {
+ type = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, swig_module.type_initial[i]->name);
+ }
+ if (type) {
+ /* Overwrite clientdata field */
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: found type %s\n", type->name);
+#endif
+ if (swig_module.type_initial[i]->clientdata) {
+ type->clientdata = swig_module.type_initial[i]->clientdata;
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: found and overwrite type %s \n", type->name);
+#endif
+ }
+ } else {
+ type = swig_module.type_initial[i];
+ }
+
+ /* Insert casting types */
+ cast = swig_module.cast_initial[i];
+ while (cast->type) {
+ /* Don't need to add information already in the list */
+ ret = 0;
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: look cast %s\n", cast->type->name);
+#endif
+ if (swig_module.next != &swig_module) {
+ ret = SWIG_MangledTypeQueryModule(swig_module.next, &swig_module, cast->type->name);
+#ifdef SWIGRUNTIME_DEBUG
+ if (ret) printf("SWIG_InitializeModule: found cast %s\n", ret->name);
+#endif
+ }
+ if (ret) {
+ if (type == swig_module.type_initial[i]) {
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: skip old type %s\n", ret->name);
+#endif
+ cast->type = ret;
+ ret = 0;
+ } else {
+ /* Check for casting already in the list */
+ swig_cast_info *ocast = SWIG_TypeCheck(ret->name, type);
+#ifdef SWIGRUNTIME_DEBUG
+ if (ocast) printf("SWIG_InitializeModule: skip old cast %s\n", ret->name);
+#endif
+ if (!ocast) ret = 0;
+ }
+ }
+
+ if (!ret) {
+#ifdef SWIGRUNTIME_DEBUG
+ printf("SWIG_InitializeModule: adding cast %s\n", cast->type->name);
+#endif
+ if (type->cast) {
+ type->cast->prev = cast;
+ cast->next = type->cast;
+ }
+ type->cast = cast;
+ }
+ cast++;
+ }
+ /* Set entry in modules->types array equal to the type */
+ swig_module.types[i] = type;
+ }
+ swig_module.types[i] = 0;
+
+#ifdef SWIGRUNTIME_DEBUG
+ printf("**** SWIG_InitializeModule: Cast List ******\n");
+ for (i = 0; i < swig_module.size; ++i) {
+ int j = 0;
+ swig_cast_info *cast = swig_module.cast_initial[i];
+ printf("SWIG_InitializeModule: type %d %s\n", i, swig_module.type_initial[i]->name);
+ while (cast->type) {
+ printf("SWIG_InitializeModule: cast type %s\n", cast->type->name);
+ cast++;
+ ++j;
+ }
+ printf("---- Total casts: %d\n",j);
+ }
+ printf("**** SWIG_InitializeModule: Cast List ******\n");
+#endif
+}
+
+/* This function will propagate the clientdata field of type to
+* any new swig_type_info structures that have been added into the list
+* of equivalent types. It is like calling
+* SWIG_TypeClientData(type, clientdata) a second time.
+*/
+SWIGRUNTIME void
+SWIG_PropagateClientData(void) {
+ size_t i;
+ swig_cast_info *equiv;
+ static int init_run = 0;
+
+ if (init_run) return;
+ init_run = 1;
+
+ for (i = 0; i < swig_module.size; i++) {
+ if (swig_module.types[i]->clientdata) {
+ equiv = swig_module.types[i]->cast;
+ while (equiv) {
+ if (!equiv->converter) {
+ if (equiv->type && !equiv->type->clientdata)
+ SWIG_TypeClientData(equiv->type, swig_module.types[i]->clientdata);
+ }
+ equiv = equiv->next;
+ }
+ }
+ }
+}
+
+#ifdef __cplusplus
+#if 0
+{
+ /* c-mode */
+#endif
+}
+#endif
+
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+ /* Python-specific SWIG API */
+#define SWIG_newvarlink() SWIG_Python_newvarlink()
+#define SWIG_addvarlink(p, name, get_attr, set_attr) SWIG_Python_addvarlink(p, name, get_attr, set_attr)
+#define SWIG_InstallConstants(d, constants) SWIG_Python_InstallConstants(d, constants)
+
+ /* -----------------------------------------------------------------------------
+ * global variable support code.
+ * ----------------------------------------------------------------------------- */
+
+ typedef struct swig_globalvar {
+ char *name; /* Name of global variable */
+ PyObject *(*get_attr)(void); /* Return the current value */
+ int (*set_attr)(PyObject *); /* Set the value */
+ struct swig_globalvar *next;
+ } swig_globalvar;
+
+ typedef struct swig_varlinkobject {
+ PyObject_HEAD
+ swig_globalvar *vars;
+ } swig_varlinkobject;
+
+ SWIGINTERN PyObject *
+ swig_varlink_repr(swig_varlinkobject *SWIGUNUSEDPARM(v)) {
+ return PyString_FromString("<Swig global variables>");
+ }
+
+ SWIGINTERN PyObject *
+ swig_varlink_str(swig_varlinkobject *v) {
+ PyObject *str = PyString_FromString("(");
+ swig_globalvar *var;
+ for (var = v->vars; var; var=var->next) {
+ PyString_ConcatAndDel(&str,PyString_FromString(var->name));
+ if (var->next) PyString_ConcatAndDel(&str,PyString_FromString(", "));
+ }
+ PyString_ConcatAndDel(&str,PyString_FromString(")"));
+ return str;
+ }
+
+ SWIGINTERN int
+ swig_varlink_print(swig_varlinkobject *v, FILE *fp, int SWIGUNUSEDPARM(flags)) {
+ PyObject *str = swig_varlink_str(v);
+ fprintf(fp,"Swig global variables ");
+ fprintf(fp,"%s\n", PyString_AsString(str));
+ Py_DECREF(str);
+ return 0;
+ }
+
+ SWIGINTERN void
+ swig_varlink_dealloc(swig_varlinkobject *v) {
+ swig_globalvar *var = v->vars;
+ while (var) {
+ swig_globalvar *n = var->next;
+ free(var->name);
+ free(var);
+ var = n;
+ }
+ }
+
+ SWIGINTERN PyObject *
+ swig_varlink_getattr(swig_varlinkobject *v, char *n) {
+ PyObject *res = NULL;
+ swig_globalvar *var = v->vars;
+ while (var) {
+ if (strcmp(var->name,n) == 0) {
+ res = (*var->get_attr)();
+ break;
+ }
+ var = var->next;
+ }
+ if (res == NULL && !PyErr_Occurred()) {
+ PyErr_SetString(PyExc_NameError,"Unknown C global variable");
+ }
+ return res;
+ }
+
+ SWIGINTERN int
+ swig_varlink_setattr(swig_varlinkobject *v, char *n, PyObject *p) {
+ int res = 1;
+ swig_globalvar *var = v->vars;
+ while (var) {
+ if (strcmp(var->name,n) == 0) {
+ res = (*var->set_attr)(p);
+ break;
+ }
+ var = var->next;
+ }
+ if (res == 1 && !PyErr_Occurred()) {
+ PyErr_SetString(PyExc_NameError,"Unknown C global variable");
+ }
+ return res;
+ }
+
+ SWIGINTERN PyTypeObject*
+ swig_varlink_type(void) {
+ static char varlink__doc__[] = "Swig var link object";
+ static PyTypeObject varlink_type;
+ static int type_init = 0;
+ if (!type_init) {
+ const PyTypeObject tmp
+ = {
+ PyObject_HEAD_INIT(NULL)
+ 0, /* Number of items in variable part (ob_size) */
+ (char *)"swigvarlink", /* Type name (tp_name) */
+ sizeof(swig_varlinkobject), /* Basic size (tp_basicsize) */
+ 0, /* Itemsize (tp_itemsize) */
+ (destructor) swig_varlink_dealloc, /* Deallocator (tp_dealloc) */
+ (printfunc) swig_varlink_print, /* Print (tp_print) */
+ (getattrfunc) swig_varlink_getattr, /* get attr (tp_getattr) */
+ (setattrfunc) swig_varlink_setattr, /* Set attr (tp_setattr) */
+ 0, /* tp_compare */
+ (reprfunc) swig_varlink_repr, /* tp_repr */
+ 0, /* tp_as_number */
+ 0, /* tp_as_sequence */
+ 0, /* tp_as_mapping */
+ 0, /* tp_hash */
+ 0, /* tp_call */
+ (reprfunc)swig_varlink_str, /* tp_str */
+ 0, /* tp_getattro */
+ 0, /* tp_setattro */
+ 0, /* tp_as_buffer */
+ 0, /* tp_flags */
+ varlink__doc__, /* tp_doc */
+ 0, /* tp_traverse */
+ 0, /* tp_clear */
+ 0, /* tp_richcompare */
+ 0, /* tp_weaklistoffset */
+#if PY_VERSION_HEX >= 0x02020000
+ 0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0, /* tp_iter -> tp_weaklist */
+#endif
+#if PY_VERSION_HEX >= 0x02030000
+ 0, /* tp_del */
+#endif
+#ifdef COUNT_ALLOCS
+ 0,0,0,0 /* tp_alloc -> tp_next */
+#endif
+ };
+ varlink_type = tmp;
+ varlink_type.ob_type = &PyType_Type;
+ type_init = 1;
+ }
+ return &varlink_type;
+ }
+
+ /* Create a variable linking object for use later */
+ SWIGINTERN PyObject *
+ SWIG_Python_newvarlink(void) {
+ swig_varlinkobject *result = PyObject_NEW(swig_varlinkobject, swig_varlink_type());
+ if (result) {
+ result->vars = 0;
+ }
+ return ((PyObject*) result);
+ }
+
+ SWIGINTERN void
+ SWIG_Python_addvarlink(PyObject *p, char *name, PyObject *(*get_attr)(void), int (*set_attr)(PyObject *p)) {
+ swig_varlinkobject *v = (swig_varlinkobject *) p;
+ swig_globalvar *gv = (swig_globalvar *) malloc(sizeof(swig_globalvar));
+ if (gv) {
+ size_t size = strlen(name)+1;
+ gv->name = (char *)malloc(size);
+ if (gv->name) {
+ strncpy(gv->name,name,size);
+ gv->get_attr = get_attr;
+ gv->set_attr = set_attr;
+ gv->next = v->vars;
+ }
+ }
+ v->vars = gv;
+ }
+
+ SWIGINTERN PyObject *
+ SWIG_globals(void) {
+ static PyObject *_SWIG_globals = 0;
+ if (!_SWIG_globals) _SWIG_globals = SWIG_newvarlink();
+ return _SWIG_globals;
+ }
+
+ /* -----------------------------------------------------------------------------
+ * constants/methods manipulation
+ * ----------------------------------------------------------------------------- */
+
+ /* Install Constants */
+ SWIGINTERN void
+ SWIG_Python_InstallConstants(PyObject *d, swig_const_info constants[]) {
+ PyObject *obj = 0;
+ size_t i;
+ for (i = 0; constants[i].type; ++i) {
+ switch(constants[i].type) {
+ case SWIG_PY_POINTER:
+ obj = SWIG_NewPointerObj(constants[i].pvalue, *(constants[i]).ptype,0);
+ break;
+ case SWIG_PY_BINARY:
+ obj = SWIG_NewPackedObj(constants[i].pvalue, constants[i].lvalue, *(constants[i].ptype));
+ break;
+ default:
+ obj = 0;
+ break;
+ }
+ if (obj) {
+ PyDict_SetItemString(d, constants[i].name, obj);
+ Py_DECREF(obj);
+ }
+ }
+ }
+
+ /* -----------------------------------------------------------------------------*/
+ /* Fix SwigMethods to carry the callback ptrs when needed */
+ /* -----------------------------------------------------------------------------*/
+
+ SWIGINTERN void
+ SWIG_Python_FixMethods(PyMethodDef *methods,
+ swig_const_info *const_table,
+ swig_type_info **types,
+ swig_type_info **types_initial) {
+ size_t i;
+ for (i = 0; methods[i].ml_name; ++i) {
+ const char *c = methods[i].ml_doc;
+ if (c && (c = strstr(c, "swig_ptr: "))) {
+ int j;
+ swig_const_info *ci = 0;
+ const char *name = c + 10;
+ for (j = 0; const_table[j].type; ++j) {
+ if (strncmp(const_table[j].name, name,
+ strlen(const_table[j].name)) == 0) {
+ ci = &(const_table[j]);
+ break;
+ }
+ }
+ if (ci) {
+ size_t shift = (ci->ptype) - types;
+ swig_type_info *ty = types_initial[shift];
+ size_t ldoc = (c - methods[i].ml_doc);
+ size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
+ char *ndoc = (char*)malloc(ldoc + lptr + 10);
+ if (ndoc) {
+ char *buff = ndoc;
+ void *ptr = (ci->type == SWIG_PY_POINTER) ? ci->pvalue : 0;
+ if (ptr) {
+ strncpy(buff, methods[i].ml_doc, ldoc);
+ buff += ldoc;
+ strncpy(buff, "swig_ptr: ", 10);
+ buff += 10;
+ SWIG_PackVoidPtr(buff, ptr, ty->name, lptr);
+ methods[i].ml_doc = ndoc;
+ }
+ }
+ }
+ }
+ }
+ }
+
+#ifdef __cplusplus
+}
+#endif
+
+/* -----------------------------------------------------------------------------*
+ * Partial Init method
+ * -----------------------------------------------------------------------------*/
+
+#ifdef __cplusplus
+extern "C"
+#endif
+SWIGEXPORT void SWIG_init(void) {
+ PyObject *m, *d;
+
+ /* Fix SwigMethods to carry the callback ptrs when needed */
+ SWIG_Python_FixMethods(SwigMethods, swig_const_table, swig_types, swig_type_initial);
+
+ m = Py_InitModule((char *) SWIG_name, SwigMethods);
+ d = PyModule_GetDict(m);
+
+ SWIG_InitializeModule(0);
+ SWIG_InstallConstants(d,swig_const_table);
+
+
+ SWIG_Python_SetConstant(d, "SELINUX_CB_LOG",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "SELINUX_CB_AUDIT",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SELINUX_CB_VALIDATE",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "SELINUX_ERROR",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "SELINUX_WARNING",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SELINUX_INFO",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "SELINUX_AVC",SWIG_From_int((int)(3)));
+ SWIG_Python_SetConstant(d, "MATCHPATHCON_BASEONLY",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "MATCHPATHCON_NOTRANS",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "MATCHPATHCON_VALIDATE",SWIG_From_int((int)(4)));
+ SWIG_Python_SetConstant(d, "AVC_OPT_UNUSED",SWIG_From_int((int)(0)));
+ SWIG_Python_SetConstant(d, "AVC_OPT_SETENFORCE",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_GRANT",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_TRY_REVOKE",SWIG_From_int((int)(2)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_REVOKE",SWIG_From_int((int)(4)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_RESET",SWIG_From_int((int)(8)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITALLOW_ENABLE",SWIG_From_int((int)(16)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITALLOW_DISABLE",SWIG_From_int((int)(32)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITDENY_ENABLE",SWIG_From_int((int)(64)));
+ SWIG_Python_SetConstant(d, "AVC_CALLBACK_AUDITDENY_DISABLE",SWIG_From_int((int)(128)));
+ SWIG_Python_SetConstant(d, "AVC_CACHE_STATS",SWIG_From_int((int)(1)));
+ SWIG_Python_SetConstant(d, "SELINUX_DEFAULTUSER",SWIG_FromCharPtr("user_u"));
+}
+
diff --git a/libselinux/src/setenforce.c b/libselinux/src/setenforce.c
new file mode 100644
index 0000000..e5e7612
--- /dev/null
+++ b/libselinux/src/setenforce.c
@@ -0,0 +1,37 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include <stdio.h>
+#include <limits.h>
+
+int security_setenforce(int value)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return -1;
+ }
+
+ snprintf(path, sizeof path, "%s/enforce", selinux_mnt);
+ fd = open(path, O_RDWR);
+ if (fd < 0)
+ return -1;
+
+ snprintf(buf, sizeof buf, "%d", value);
+ ret = write(fd, buf, strlen(buf));
+ close(fd);
+ if (ret < 0)
+ return -1;
+
+ return 0;
+}
+
+hidden_def(security_setenforce)
diff --git a/libselinux/src/setfilecon.c b/libselinux/src/setfilecon.c
new file mode 100644
index 0000000..8c633ef
--- /dev/null
+++ b/libselinux/src/setfilecon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/xattr.h>
+#include "selinux_internal.h"
+#include "policy.h"
+
+int setfilecon_raw(const char *path, security_context_t context)
+{
+ return setxattr(path, XATTR_NAME_SELINUX, context, strlen(context) + 1,
+ 0);
+}
+
+hidden_def(setfilecon_raw)
+
+int setfilecon(const char *path, security_context_t context)
+{
+ int ret;
+ security_context_t rcontext = context;
+
+ if (selinux_trans_to_raw_context(context, &rcontext))
+ return -1;
+
+ ret = setfilecon_raw(path, rcontext);
+
+ freecon(rcontext);
+
+ return ret;
+}
diff --git a/libselinux/src/setrans_client.c b/libselinux/src/setrans_client.c
new file mode 100644
index 0000000..a02f407
--- /dev/null
+++ b/libselinux/src/setrans_client.c
@@ -0,0 +1,345 @@
+/* Author: Trusted Computer Solutions, Inc.
+ *
+ * Modified:
+ * Yuichi Nakamura <ynakam@hitachisoft.jp>
+ - Stubs are used when DISABLE_SETRANS is defined,
+ it is to reduce size for such as embedded devices.
+*/
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <sys/un.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <netdb.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include <unistd.h>
+#include "dso.h"
+#include "selinux_internal.h"
+#include "setrans_internal.h"
+
+#ifndef DISABLE_SETRANS
+static int mls_enabled = -1;
+
+// Simple cache
+static __thread security_context_t prev_t2r_trans = NULL;
+static __thread security_context_t prev_t2r_raw = NULL;
+static __thread security_context_t prev_r2t_trans = NULL;
+static __thread security_context_t prev_r2t_raw = NULL;
+
+/*
+ * setransd_open
+ *
+ * This function opens a socket to the setransd.
+ * Returns: on success, a file descriptor ( >= 0 ) to the socket
+ * on error, a negative value
+ */
+static int setransd_open(void)
+{
+ struct sockaddr_un addr;
+ int fd;
+#ifdef SOCK_CLOEXEC
+ fd = socket(PF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
+ if (fd < 0 && errno == EINVAL)
+#endif
+ {
+ fd = socket(PF_UNIX, SOCK_STREAM, 0);
+ if (fd >= 0)
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+ }
+ if (fd < 0)
+ return -1;
+
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, SETRANS_UNIX_SOCKET, sizeof(addr.sun_path));
+ if (connect(fd, (struct sockaddr *)&addr, sizeof(addr)) < 0) {
+ close(fd);
+ return -1;
+ }
+
+ return fd;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+send_request(int fd, uint32_t function, const char *data1, const char *data2)
+{
+ struct msghdr msgh;
+ struct iovec iov[5];
+ uint32_t data1_size;
+ uint32_t data2_size;
+ ssize_t count, expected;
+ unsigned int i;
+
+ if (fd < 0)
+ return -1;
+
+ if (!data1)
+ data1 = "";
+ if (!data2)
+ data2 = "";
+
+ data1_size = strlen(data1) + 1;
+ data2_size = strlen(data2) + 1;
+
+ iov[0].iov_base = &function;
+ iov[0].iov_len = sizeof(function);
+ iov[1].iov_base = &data1_size;
+ iov[1].iov_len = sizeof(data1_size);
+ iov[2].iov_base = &data2_size;
+ iov[2].iov_len = sizeof(data2_size);
+ iov[3].iov_base = (char *)data1;
+ iov[3].iov_len = data1_size;
+ iov[4].iov_base = (char *)data2;
+ iov[4].iov_len = data2_size;
+ memset(&msgh, 0, sizeof(msgh));
+ msgh.msg_iov = iov;
+ msgh.msg_iovlen = sizeof(iov) / sizeof(iov[0]);
+
+ expected = 0;
+ for (i = 0; i < sizeof(iov) / sizeof(iov[0]); i++)
+ expected += iov[i].iov_len;
+
+ while (((count = sendmsg(fd, &msgh, MSG_NOSIGNAL)) < 0)
+ && (errno == EINTR)) ;
+ if (count < 0 || count != expected)
+ return -1;
+
+ return 0;
+}
+
+/* Returns: 0 on success, <0 on failure */
+static int
+receive_response(int fd, uint32_t function, char **outdata, int32_t * ret_val)
+{
+ struct iovec resp_hdr[3];
+ uint32_t func;
+ uint32_t data_size;
+ char *data;
+ struct iovec resp_data;
+ ssize_t count;
+
+ if (fd < 0)
+ return -1;
+
+ resp_hdr[0].iov_base = &func;
+ resp_hdr[0].iov_len = sizeof(func);
+ resp_hdr[1].iov_base = &data_size;
+ resp_hdr[1].iov_len = sizeof(data_size);
+ resp_hdr[2].iov_base = ret_val;
+ resp_hdr[2].iov_len = sizeof(*ret_val);
+
+ while (((count = readv(fd, resp_hdr, 3)) < 0) && (errno == EINTR)) ;
+ if (count != (sizeof(func) + sizeof(data_size) + sizeof(*ret_val))) {
+ return -1;
+ }
+
+ if (func != function || !data_size || data_size > MAX_DATA_BUF) {
+ return -1;
+ }
+
+ data = malloc(data_size);
+ if (!data) {
+ return -1;
+ }
+
+ resp_data.iov_base = data;
+ resp_data.iov_len = data_size;
+
+ while (((count = readv(fd, &resp_data, 1))) < 0 && (errno == EINTR)) ;
+ if (count < 0 || (uint32_t) count != data_size ||
+ data[data_size - 1] != '\0') {
+ free(data);
+ return -1;
+ }
+ *outdata = data;
+ return 0;
+}
+
+static int raw_to_trans_context(char *raw, char **transp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *transp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+
+ ret = send_request(fd, RAW_TO_TRANS_CONTEXT, raw, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, RAW_TO_TRANS_CONTEXT, transp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+ out:
+ close(fd);
+ return ret;
+}
+
+static int trans_to_raw_context(char *trans, char **rawp)
+{
+ int ret;
+ int32_t ret_val;
+ int fd;
+
+ *rawp = NULL;
+
+ fd = setransd_open();
+ if (fd < 0)
+ return fd;
+ ret = send_request(fd, TRANS_TO_RAW_CONTEXT, trans, NULL);
+ if (ret)
+ goto out;
+
+ ret = receive_response(fd, TRANS_TO_RAW_CONTEXT, rawp, &ret_val);
+ if (ret)
+ goto out;
+
+ ret = ret_val;
+ out:
+ close(fd);
+ return ret;
+}
+
+hidden void fini_context_translations(void)
+{
+ free(prev_r2t_trans);
+ free(prev_r2t_raw);
+ free(prev_t2r_trans);
+ free(prev_t2r_raw);
+}
+
+hidden int init_context_translations(void)
+{
+ mls_enabled = is_selinux_mls_enabled();
+ return 0;
+}
+
+int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp)
+{
+ if (!trans) {
+ *rawp = NULL;
+ return 0;
+ }
+
+ if (!mls_enabled) {
+ *rawp = strdup(trans);
+ goto out;
+ }
+
+ if (prev_t2r_trans && strcmp(prev_t2r_trans, trans) == 0) {
+ *rawp = strdup(prev_t2r_raw);
+ } else {
+ free(prev_t2r_trans);
+ prev_t2r_trans = NULL;
+ free(prev_t2r_raw);
+ prev_t2r_raw = NULL;
+ if (trans_to_raw_context(trans, rawp))
+ *rawp = strdup(trans);
+ if (*rawp) {
+ prev_t2r_trans = strdup(trans);
+ if (!prev_t2r_trans)
+ goto out;
+ prev_t2r_raw = strdup(*rawp);
+ if (!prev_t2r_raw) {
+ free(prev_t2r_trans);
+ prev_t2r_trans = NULL;
+ }
+ }
+ }
+ out:
+ return *rawp ? 0 : -1;
+}
+
+hidden_def(selinux_trans_to_raw_context)
+
+int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp)
+{
+ if (!raw) {
+ *transp = NULL;
+ return 0;
+ }
+
+ if (!mls_enabled) {
+ *transp = strdup(raw);
+ goto out;
+ }
+
+ if (prev_r2t_raw && strcmp(prev_r2t_raw, raw) == 0) {
+ *transp = strdup(prev_r2t_trans);
+ } else {
+ free(prev_r2t_raw);
+ prev_r2t_raw = NULL;
+ free(prev_r2t_trans);
+ prev_r2t_trans = NULL;
+ if (raw_to_trans_context(raw, transp))
+ *transp = strdup(raw);
+ if (*transp) {
+ prev_r2t_raw = strdup(raw);
+ if (!prev_r2t_raw)
+ goto out;
+ prev_r2t_trans = strdup(*transp);
+ if (!prev_r2t_trans) {
+ free(prev_r2t_raw);
+ prev_r2t_raw = NULL;
+ }
+ }
+ }
+ out:
+ return *transp ? 0 : -1;
+}
+
+hidden_def(selinux_raw_to_trans_context)
+#else /*DISABLE_SETRANS*/
+
+hidden void fini_context_translations(void)
+{
+}
+
+hidden int init_context_translations(void)
+{
+ return 0;
+}
+
+int selinux_trans_to_raw_context(security_context_t trans,
+ security_context_t * rawp)
+{
+ if (!trans) {
+ *rawp = NULL;
+ return 0;
+ }
+
+ *rawp = strdup(trans);
+
+ return *rawp ? 0 : -1;
+}
+
+hidden_def(selinux_trans_to_raw_context)
+
+int selinux_raw_to_trans_context(security_context_t raw,
+ security_context_t * transp)
+{
+ if (!raw) {
+ *transp = NULL;
+ return 0;
+ }
+ *transp = strdup(raw);
+
+ return *transp ? 0 : -1;
+}
+
+hidden_def(selinux_raw_to_trans_context)
+#endif /*DISABLE_SETRANS*/
diff --git a/libselinux/src/setrans_internal.h b/libselinux/src/setrans_internal.h
new file mode 100644
index 0000000..4e04b54
--- /dev/null
+++ b/libselinux/src/setrans_internal.h
@@ -0,0 +1,10 @@
+/* Author: Trusted Computer Solutions, Inc. */
+
+#define SETRANS_UNIX_SOCKET "/var/run/setrans/.setrans-unix"
+
+#define RAW_TO_TRANS_CONTEXT 2
+#define TRANS_TO_RAW_CONTEXT 3
+#define MAX_DATA_BUF 8192
+
+extern int init_context_translations(void);
+extern void fini_context_translations(void);
diff --git a/libselinux/src/seusers.c b/libselinux/src/seusers.c
new file mode 100644
index 0000000..d6fb29b
--- /dev/null
+++ b/libselinux/src/seusers.c
@@ -0,0 +1,245 @@
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdio.h>
+#include <stdio_ext.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/context.h>
+#include "selinux_internal.h"
+
+/* Process line from seusers.conf and split into its fields.
+ Returns 0 on success, -1 on comments, and -2 on error. */
+static int process_seusers(const char *buffer,
+ char **luserp,
+ char **seuserp, char **levelp, int mls_enabled)
+{
+ char *newbuf = strdup(buffer);
+ char *luser = NULL, *seuser = NULL, *level = NULL;
+ char *start, *end;
+ int mls_found = 1;
+
+ if (!newbuf)
+ goto err;
+
+ start = newbuf;
+ while (isspace(*start))
+ start++;
+ if (*start == '#' || *start == 0) {
+ free(newbuf);
+ return -1; /* Comment or empty line, skip over */
+ }
+ end = strchr(start, ':');
+ if (!end)
+ goto err;
+ *end = 0;
+
+ luser = strdup(start);
+ if (!luser)
+ goto err;
+
+ start = end + 1;
+ end = strchr(start, ':');
+ if (!end) {
+ mls_found = 0;
+
+ end = start;
+ while (*end && !isspace(*end))
+ end++;
+ }
+ *end = 0;
+
+ seuser = strdup(start);
+ if (!seuser)
+ goto err;
+
+ if (!strcmp(seuser, ""))
+ goto err;
+
+ /* Skip MLS if disabled, or missing. */
+ if (!mls_enabled || !mls_found)
+ goto out;
+
+ start = ++end;
+ while (*end && !isspace(*end))
+ end++;
+ *end = 0;
+
+ level = strdup(start);
+ if (!level)
+ goto err;
+
+ if (!strcmp(level, ""))
+ goto err;
+
+ out:
+ free(newbuf);
+ *luserp = luser;
+ *seuserp = seuser;
+ *levelp = level;
+ return 0;
+ err:
+ free(newbuf);
+ free(luser);
+ free(seuser);
+ free(level);
+ return -2; /* error */
+}
+
+int require_seusers hidden = 0;
+
+#include <pwd.h>
+#include <grp.h>
+
+static gid_t get_default_gid(const char *name) {
+ struct passwd pwstorage, *pwent = NULL;
+ gid_t gid = -1;
+ /* Allocate space for the getpwnam_r buffer */
+ long rbuflen = sysconf(_SC_GETPW_R_SIZE_MAX);
+ if (rbuflen <= 0) return -1;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL) return -1;
+
+ int retval = getpwnam_r(name, &pwstorage, rbuf, rbuflen, &pwent);
+ if (retval == 0 && pwent) {
+ gid = pwent->pw_gid;
+ }
+ free(rbuf);
+ return gid;
+}
+
+static int check_group(const char *group, const char *name, const gid_t gid) {
+ int match = 0;
+ int i, ng = 0;
+ gid_t *groups = NULL;
+ struct group gbuf, *grent = NULL;
+
+ long rbuflen = sysconf(_SC_GETGR_R_SIZE_MAX);
+ if (rbuflen <= 0)
+ return 0;
+ char *rbuf = malloc(rbuflen);
+ if (rbuf == NULL)
+ return 0;
+
+ if (getgrnam_r(group, &gbuf, rbuf, rbuflen,
+ &grent) != 0)
+ goto done;
+
+ if (getgrouplist(name, gid, NULL, &ng) < 0) {
+ groups = (gid_t *) malloc(sizeof (gid_t) * ng);
+ if (!groups) goto done;
+ if (getgrouplist(name, gid, groups, &ng) < 0) goto done;
+ }
+
+ for (i = 0; i < ng; i++) {
+ if (grent->gr_gid == groups[i]) {
+ match = 1;
+ goto done;
+ }
+ }
+
+ done:
+ free(groups);
+ free(rbuf);
+ return match;
+}
+
+int getseuserbyname(const char *name, char **r_seuser, char **r_level)
+{
+ FILE *cfg = NULL;
+ size_t size = 0;
+ char *buffer = NULL;
+ int rc;
+ unsigned long lineno = 0;
+ int mls_enabled = is_selinux_mls_enabled();
+
+ char *username = NULL;
+ char *seuser = NULL;
+ char *level = NULL;
+ char *groupseuser = NULL;
+ char *grouplevel = NULL;
+ char *defaultseuser = NULL;
+ char *defaultlevel = NULL;
+
+ gid_t gid = get_default_gid(name);
+
+ cfg = fopen(selinux_usersconf_path(), "r");
+ if (!cfg)
+ goto nomatch;
+
+ __fsetlocking(cfg, FSETLOCKING_BYCALLER);
+ while (getline(&buffer, &size, cfg) > 0) {
+ ++lineno;
+ rc = process_seusers(buffer, &username, &seuser, &level,
+ mls_enabled);
+ if (rc == -1)
+ continue; /* comment, skip */
+ if (rc == -2) {
+ fprintf(stderr, "%s: error on line %lu, skipping...\n",
+ selinux_usersconf_path(), lineno);
+ continue;
+ }
+
+ if (!strcmp(username, name))
+ break;
+
+ if (username[0] == '%' &&
+ !groupseuser &&
+ check_group(&username[1], name, gid)) {
+ groupseuser = seuser;
+ grouplevel = level;
+ } else {
+ if (!defaultseuser &&
+ !strcmp(username, "__default__")) {
+ defaultseuser = seuser;
+ defaultlevel = level;
+ } else {
+ free(seuser);
+ free(level);
+ }
+ }
+ free(username);
+ username = NULL;
+ seuser = NULL;
+ }
+
+ free(buffer);
+ fclose(cfg);
+
+ if (seuser) {
+ free(username);
+ free(defaultseuser);
+ free(defaultlevel);
+ free(groupseuser);
+ free(grouplevel);
+ *r_seuser = seuser;
+ *r_level = level;
+ return 0;
+ }
+
+ if (groupseuser) {
+ free(defaultseuser);
+ free(defaultlevel);
+ *r_seuser = groupseuser;
+ *r_level = grouplevel;
+ return 0;
+ }
+
+ if (defaultseuser) {
+ *r_seuser = defaultseuser;
+ *r_level = defaultlevel;
+ return 0;
+ }
+
+ nomatch:
+ if (require_seusers)
+ return -1;
+
+ /* Fall back to the Linux username and no level. */
+ *r_seuser = strdup(name);
+ if (!(*r_seuser))
+ return -1;
+ *r_level = NULL;
+ return 0;
+}
diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
new file mode 100644
index 0000000..19c5bb6
--- /dev/null
+++ b/libselinux/src/stringrep.c
@@ -0,0 +1,576 @@
+/*
+ * String representation support for classes and permissions.
+ */
+#include <sys/stat.h>
+#include <dirent.h>
+#include <fcntl.h>
+#include <limits.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stddef.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <stdint.h>
+#include <ctype.h>
+#include <selinux/flask.h>
+#include <selinux/av_permissions.h>
+#include "selinux_internal.h"
+#include "policy.h"
+#include "mapping.h"
+
+#define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0]))
+
+/* The following code looks complicated, but it really is not. What it
+ does is to generate two variables. The first is basically a struct
+ of arrays. The second is the real array of structures which would
+ have used string pointers. But instead it now uses an offset value
+ into the first structure. Strings are accessed indirectly by an
+ explicit addition of the string index and the base address of the
+ structure with the strings (all type safe). The advantage is that
+ there are no relocations necessary in the array with the data as it
+ would be the case with string pointers. This has advantages at
+ load time, the data section is smaller, and it is read-only. */
+#define L1(line) L2(line)
+#define L2(line) str##line
+static const union av_perm_to_string_data {
+ struct {
+#define S_(c, v, s) char L1(__LINE__)[sizeof(s)];
+#include "av_perm_to_string.h"
+#undef S_
+ };
+ char str[0];
+} av_perm_to_string_data = {
+ {
+#define S_(c, v, s) s,
+#include "av_perm_to_string.h"
+#undef S_
+ }
+};
+static const struct av_perm_to_string {
+ uint16_t tclass;
+ uint16_t nameidx;
+ uint32_t value;
+} av_perm_to_string[] = {
+#define S_(c, v, s) { c, offsetof(union av_perm_to_string_data, L1(__LINE__)), v },
+#include "av_perm_to_string.h"
+#undef S_
+};
+
+#undef L1
+#undef L2
+
+#define L1(line) L2(line)
+#define L2(line) str##line
+static const union class_to_string_data {
+ struct {
+#define S_(s) char L1(__LINE__)[sizeof(s)];
+#include "class_to_string.h"
+#undef S_
+ };
+ char str[0];
+} class_to_string_data = {
+ {
+#define S_(s) s,
+#include "class_to_string.h"
+#undef S_
+ }
+};
+static const uint16_t class_to_string[] = {
+#define S_(s) offsetof(union class_to_string_data, L1(__LINE__)),
+#include "class_to_string.h"
+#undef S_
+};
+
+#undef L1
+#undef L2
+
+static const union common_perm_to_string_data {
+ struct {
+#define L1(line) L2(line)
+#define L2(line) str##line
+#define S_(s) char L1(__LINE__)[sizeof(s)];
+#define TB_(s)
+#define TE_(s)
+#include "common_perm_to_string.h"
+#undef S_
+#undef L1
+#undef L2
+ };
+ char str[0];
+} common_perm_to_string_data = {
+ {
+#define S_(s) s,
+#include "common_perm_to_string.h"
+#undef S_
+#undef TB_
+#undef TE_
+ }
+};
+static const union common_perm_to_string {
+ struct {
+#define TB_(s) struct {
+#define TE_(s) } s##_part;
+#define S_(s) uint16_t L1(__LINE__)
+#define L1(l) L2(l)
+#define L2(l) field_##l;
+#include "common_perm_to_string.h"
+#undef TB_
+#undef TE_
+#undef S_
+#undef L1
+#undef L2
+ };
+ uint16_t data[0];
+} common_perm_to_string = {
+ {
+#define TB_(s) {
+#define TE_(s) },
+#define S_(s) offsetof(union common_perm_to_string_data, L1(__LINE__)),
+#define L1(line) L2(line)
+#define L2(line) str##line
+#include "common_perm_to_string.h"
+#undef TB_
+#undef TE_
+#undef S_
+#undef L1
+#undef L2
+ }
+};
+
+static const struct av_inherit {
+ uint16_t tclass;
+ uint16_t common_pts_idx;
+ uint32_t common_base;
+} av_inherit[] = {
+#define S_(c, i, b) { c, offsetof(union common_perm_to_string, common_##i##_perm_to_string_part)/sizeof(uint16_t), b },
+#include "av_inherit.h"
+#undef S_
+};
+
+#define NCLASSES ARRAY_SIZE(class_to_string)
+#define NVECTORS ARRAY_SIZE(av_perm_to_string)
+#define MAXVECTORS 8*sizeof(access_vector_t)
+
+extern int obj_class_compat;
+
+struct discover_class_node {
+ char *name;
+ security_class_t value;
+ char **perms;
+
+ struct discover_class_node *next;
+};
+
+static struct discover_class_node *discover_class_cache = NULL;
+
+static struct discover_class_node * get_class_cache_entry_name(const char *s)
+{
+ struct discover_class_node *node = discover_class_cache;
+
+ for (; node != NULL && strcmp(s,node->name) != 0; node = node->next);
+
+ return node;
+}
+
+static struct discover_class_node * get_class_cache_entry_value(security_class_t c)
+{
+ struct discover_class_node *node = discover_class_cache;
+
+ for (; node != NULL && c != node->value; node = node->next);
+
+ return node;
+}
+
+static struct discover_class_node * discover_class(const char *s)
+{
+ int fd, ret;
+ char path[PATH_MAX];
+ char buf[20];
+ DIR *dir;
+ struct dirent *dentry;
+ size_t i;
+
+ struct discover_class_node *node;
+
+ if (!selinux_mnt) {
+ errno = ENOENT;
+ return NULL;
+ }
+
+ /* allocate a node */
+ node = malloc(sizeof(struct discover_class_node));
+ if (node == NULL)
+ return NULL;
+
+ /* allocate array for perms */
+ node->perms = calloc(NVECTORS,sizeof(char*));
+ if (node->perms == NULL)
+ goto err1;
+
+ /* load up the name */
+ node->name = strdup(s);
+ if (node->name == NULL)
+ goto err2;
+
+ /* load up class index */
+ snprintf(path, sizeof path, "%s/class/%s/index", selinux_mnt,s);
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ goto err3;
+
+ memset(buf, 0, sizeof(buf));
+ ret = read(fd, buf, sizeof(buf) - 1);
+ close(fd);
+ if (ret < 0)
+ goto err3;
+
+ if (sscanf(buf, "%u", (unsigned int*)&node->value) != 1)
+ goto err3;
+
+ /* load up permission indicies */
+ snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s);
+ dir = opendir(path);
+ if (dir == NULL)
+ goto err3;
+
+ dentry = readdir(dir);
+ while (dentry != NULL) {
+ unsigned int value;
+ struct stat m;
+
+ snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
+ if (stat(path,&m) < 0)
+ goto err4;
+
+ if (m.st_mode & S_IFDIR) {
+ dentry = readdir(dir);
+ continue;
+ }
+
+ fd = open(path, O_RDONLY);
+ if (fd < 0)
+ goto err4;
+
+ memset(buf, 0, sizeof(buf));
+ ret = read(fd, buf, sizeof(buf) - 1);
+ close(fd);
+ if (ret < 0)
+ goto err4;
+
+ if (sscanf(buf, "%u", &value) != 1)
+ goto err4;
+
+ node->perms[value-1] = strdup(dentry->d_name);
+ if (node->perms[value-1] == NULL)
+ goto err4;
+
+ dentry = readdir(dir);
+ }
+ closedir(dir);
+
+ node->next = discover_class_cache;
+ discover_class_cache = node;
+
+ return node;
+
+err4:
+ closedir(dir);
+ for (i=0; i<NVECTORS; i++)
+ free(node->perms[i]);
+err3:
+ free(node->name);
+err2:
+ free(node->perms);
+err1:
+ free(node);
+ return NULL;
+}
+
+void flush_class_cache(void)
+{
+ struct discover_class_node *cur = discover_class_cache, *prev = NULL;
+ size_t i;
+
+ while (cur != NULL) {
+ free(cur->name);
+
+ for (i=0 ; i<MAXVECTORS ; i++)
+ free(cur->perms[i]);
+
+ free(cur->perms);
+
+ prev = cur;
+ cur = cur->next;
+
+ free(prev);
+ }
+
+ discover_class_cache = NULL;
+}
+
+static security_class_t string_to_security_class_compat(const char *s)
+{
+ unsigned int val;
+
+ if (isdigit(s[0])) {
+ val = atoi(s);
+ if (val > 0 && val < NCLASSES)
+ return map_class(val);
+ } else {
+ for (val = 0; val < NCLASSES; val++) {
+ if (strcmp(s, (class_to_string_data.str
+ + class_to_string[val])) == 0)
+ return map_class(val);
+ }
+ }
+
+ errno = EINVAL;
+ return 0;
+}
+
+static access_vector_t string_to_av_perm_compat(security_class_t kclass, const char *s)
+{
+ const uint16_t *common_pts_idx = 0;
+ access_vector_t perm, common_base = 0;
+ unsigned int i;
+
+ for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+ if (av_inherit[i].tclass == kclass) {
+ common_pts_idx =
+ &common_perm_to_string.data[av_inherit[i].
+ common_pts_idx];
+ common_base = av_inherit[i].common_base;
+ break;
+ }
+ }
+
+ i = 0;
+ perm = 1;
+ while (perm < common_base) {
+ if (strcmp
+ (s,
+ common_perm_to_string_data.str + common_pts_idx[i]) == 0)
+ return perm;
+ perm <<= 1;
+ i++;
+ }
+
+ for (i = 0; i < NVECTORS; i++) {
+ if ((av_perm_to_string[i].tclass == kclass) &&
+ (strcmp(s, (av_perm_to_string_data.str
+ + av_perm_to_string[i].nameidx)) == 0))
+ return av_perm_to_string[i].value;
+ }
+
+ errno = EINVAL;
+ return 0;
+}
+
+static const char *security_class_to_string_compat(security_class_t tclass)
+{
+ if (tclass > 0 && tclass < NCLASSES)
+ return class_to_string_data.str + class_to_string[tclass];
+
+ errno = EINVAL;
+ return NULL;
+}
+
+static const char *security_av_perm_to_string_compat(security_class_t tclass,
+ access_vector_t av)
+{
+ const uint16_t *common_pts_idx = 0;
+ access_vector_t common_base = 0;
+ unsigned int i;
+
+ if (!av)
+ return NULL;
+
+ for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+ if (av_inherit[i].tclass == tclass) {
+ common_pts_idx =
+ &common_perm_to_string.data[av_inherit[i].
+ common_pts_idx];
+ common_base = av_inherit[i].common_base;
+ break;
+ }
+ }
+
+ if (av < common_base) {
+ i = 0;
+ while (!(av & 1)) {
+ av >>= 1;
+ i++;
+ }
+ return common_perm_to_string_data.str + common_pts_idx[i];
+ }
+
+ for (i = 0; i < NVECTORS; i++) {
+ if (av_perm_to_string[i].tclass == tclass &&
+ av_perm_to_string[i].value == av)
+ return av_perm_to_string_data.str
+ + av_perm_to_string[i].nameidx;
+ }
+
+ errno = EINVAL;
+ return NULL;
+}
+
+security_class_t string_to_security_class(const char *s)
+{
+ struct discover_class_node *node;
+
+ if (obj_class_compat)
+ return string_to_security_class_compat(s);
+
+ node = get_class_cache_entry_name(s);
+ if (node == NULL) {
+ node = discover_class(s);
+
+ if (node == NULL) {
+ errno = EINVAL;
+ return 0;
+ }
+ }
+
+ return map_class(node->value);
+}
+
+access_vector_t string_to_av_perm(security_class_t tclass, const char *s)
+{
+ struct discover_class_node *node;
+ security_class_t kclass = unmap_class(tclass);
+
+ if (obj_class_compat)
+ return map_perm(tclass, string_to_av_perm_compat(kclass, s));
+
+ node = get_class_cache_entry_value(kclass);
+ if (node != NULL) {
+ size_t i;
+ for (i=0; i<MAXVECTORS && node->perms[i] != NULL; i++)
+ if (strcmp(node->perms[i],s) == 0)
+ return map_perm(tclass, 1<<i);
+ }
+
+ errno = EINVAL;
+ return 0;
+}
+
+const char *security_class_to_string(security_class_t tclass)
+{
+ struct discover_class_node *node;
+
+ tclass = unmap_class(tclass);
+
+ if (obj_class_compat)
+ return security_class_to_string_compat(tclass);
+
+ node = get_class_cache_entry_value(tclass);
+ if (node == NULL)
+ return security_class_to_string_compat(tclass);
+ else
+ return node->name;
+}
+
+const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t av)
+{
+ struct discover_class_node *node;
+ size_t i;
+
+ av = unmap_perm(tclass, av);
+ tclass = unmap_class(tclass);
+
+ if (obj_class_compat)
+ return security_av_perm_to_string_compat(tclass,av);
+
+ node = get_class_cache_entry_value(tclass);
+ if (av && node)
+ for (i = 0; i<MAXVECTORS; i++)
+ if ((1<<i) & av)
+ return node->perms[i];
+
+ return security_av_perm_to_string_compat(tclass,av);
+}
+
+int security_av_string(security_class_t tclass, access_vector_t av, char **res)
+{
+ unsigned int i = 0;
+ size_t len = 5;
+ access_vector_t tmp = av;
+ int rc = 0;
+ const char *str;
+ char *ptr;
+
+ /* first pass computes the required length */
+ while (tmp) {
+ if (tmp & 1) {
+ str = security_av_perm_to_string(tclass, av & (1<<i));
+ if (str)
+ len += strlen(str) + 1;
+ else {
+ rc = -1;
+ errno = EINVAL;
+ goto out;
+ }
+ }
+ tmp >>= 1;
+ i++;
+ }
+
+ *res = malloc(len);
+ if (!*res) {
+ rc = -1;
+ goto out;
+ }
+
+ /* second pass constructs the string */
+ i = 0;
+ tmp = av;
+ ptr = *res;
+
+ if (!av) {
+ sprintf(ptr, "null");
+ goto out;
+ }
+
+ ptr += sprintf(ptr, "{ ");
+ while (tmp) {
+ if (tmp & 1)
+ ptr += sprintf(ptr, "%s ", security_av_perm_to_string(
+ tclass, av & (1<<i)));
+ tmp >>= 1;
+ i++;
+ }
+ sprintf(ptr, "}");
+out:
+ return rc;
+}
+
+void print_access_vector(security_class_t tclass, access_vector_t av)
+{
+ const char *permstr;
+ access_vector_t bit = 1;
+
+ if (av == 0) {
+ printf(" null");
+ return;
+ }
+
+ printf(" {");
+
+ while (av) {
+ if (av & bit) {
+ permstr = security_av_perm_to_string(tclass, bit);
+ if (!permstr)
+ break;
+ printf(" %s", permstr);
+ av &= ~bit;
+ }
+ bit <<= 1;
+ }
+
+ if (av)
+ printf(" 0x%x", av);
+ printf(" }");
+}
diff --git a/libselinux/utils/Makefile b/libselinux/utils/Makefile
new file mode 100644
index 0000000..a2c0a53
--- /dev/null
+++ b/libselinux/utils/Makefile
@@ -0,0 +1,32 @@
+# Installation directories.
+PREFIX ?= $(DESTDIR)/usr
+LIBDIR ?= $(PREFIX)/lib
+BINDIR ?= $(PREFIX)/sbin
+
+CFLAGS ?= -Wall
+override CFLAGS += -I../include -D_GNU_SOURCE $(EMFLAGS)
+LDLIBS += -L../src -lselinux -L$(LIBDIR)
+
+TARGETS=$(patsubst %.c,%,$(wildcard *.c))
+ifeq ($(DISABLE_AVC),y)
+ UNUSED_TARGETS+=compute_av compute_create compute_member compute_relabel
+endif
+ifeq ($(DISABLE_BOOL),y)
+ UNUSED_TARGETS+=getsebool togglesebool
+endif
+TARGETS:= $(filter-out $(UNUSED_TARGETS), $(TARGETS))
+
+all: $(TARGETS)
+
+install: all
+ -mkdir -p $(BINDIR)
+ install -m 755 $(TARGETS) $(BINDIR)
+
+clean:
+ rm -f $(TARGETS) *.o
+
+indent:
+ ../../scripts/Lindent $(wildcard *.[ch])
+
+relabel:
+
diff --git a/libselinux/utils/avcstat.c b/libselinux/utils/avcstat.c
new file mode 100644
index 0000000..772118a
--- /dev/null
+++ b/libselinux/utils/avcstat.c
@@ -0,0 +1,234 @@
+/*
+ * avcstat - Display SELinux avc statistics.
+ *
+ * Copyright (C) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2,
+ * as published by the Free Software Foundation.
+ *
+ */
+#include <stdio.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <stdarg.h>
+#include <errno.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <signal.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/ioctl.h>
+#include <linux/limits.h>
+
+#define DEF_STAT_FILE "/avc/cache_stats"
+#define DEF_BUF_SIZE 8192
+#define HEADERS "lookups hits misses allocations reclaims frees"
+
+struct avc_cache_stats {
+ unsigned long long lookups;
+ unsigned long long hits;
+ unsigned long long misses;
+ unsigned long long allocations;
+ unsigned long long reclaims;
+ unsigned long long frees;
+};
+
+static int interval;
+static int rows;
+static char *progname;
+static char buf[DEF_BUF_SIZE];
+
+/* selinuxfs mount point */
+extern char *selinux_mnt;
+
+static void die(const char *msg, ...)
+{
+ va_list args;
+
+ fputs("ERROR: ", stderr);
+
+ va_start(args, msg);
+ vfprintf(stderr, msg, args);
+ va_end(args);
+
+ if (errno)
+ fprintf(stderr, ": %s", strerror(errno));
+
+ fputc('\n', stderr);
+ exit(1);
+}
+
+static void usage(void)
+{
+ printf("\nUsage: %s [-c] [-f status_file] [interval]\n\n", progname);
+ printf
+ ("Display SELinux AVC statistics. If the interval parameter is specified, the\n");
+ printf
+ ("program will loop, displaying updated statistics every \'interval\' seconds.\n");
+ printf
+ ("Relative values are displayed by default. Use the -c option to specify the\n");
+ printf
+ ("display of cumulative values. The -f option specifies the location of the\n");
+ printf("AVC statistics file, defaulting to \'%s%s\'.\n\n", selinux_mnt,
+ DEF_STAT_FILE);
+}
+
+static void set_window_rows(void)
+{
+ int ret;
+ struct winsize ws;
+
+ ret = ioctl(fileno(stdout), TIOCGWINSZ, &ws);
+ if (ret < 0 || ws.ws_row < 3)
+ ws.ws_row = 24;
+ rows = ws.ws_row;
+}
+
+static void sighandler(int num)
+{
+ if (num == SIGWINCH)
+ set_window_rows();
+}
+
+int main(int argc, char **argv)
+{
+ struct avc_cache_stats tot, rel, last;
+ int fd, i, cumulative = 0;
+ struct sigaction sa;
+ char avcstatfile[PATH_MAX];
+ snprintf(avcstatfile, sizeof avcstatfile, "%s%s", selinux_mnt,
+ DEF_STAT_FILE);
+ progname = basename(argv[0]);
+
+ memset(&last, 0, sizeof(last));
+
+ while ((i = getopt(argc, argv, "cf:h?-")) != -1) {
+ switch (i) {
+ case 'c':
+ cumulative = 1;
+ break;
+ case 'f':
+ strncpy(avcstatfile, optarg, sizeof avcstatfile);
+ break;
+ case 'h':
+ case '-':
+ usage();
+ exit(0);
+ default:
+ usage();
+ die("unrecognized parameter", i);
+ }
+ }
+
+ if (optind < argc) {
+ char *arg = argv[optind];
+ unsigned int n = strtoul(arg, NULL, 10);
+
+ if (errno == ERANGE) {
+ usage();
+ die("invalid interval \'%s\'", arg);
+ }
+ if (n == 0) {
+ usage();
+ exit(0);
+ }
+ interval = n;
+ }
+
+ sa.sa_handler = sighandler;
+ sa.sa_flags = SA_RESTART;
+
+ i = sigaction(SIGWINCH, &sa, NULL);
+ if (i < 0)
+ die("sigaction");
+
+ set_window_rows();
+ fd = open(avcstatfile, O_RDONLY);
+ if (fd < 0)
+ die("open: \'%s\'", avcstatfile);
+
+ for (i = 0;; i++) {
+ char *line;
+ ssize_t ret, parsed = 0;
+
+ memset(buf, 0, DEF_BUF_SIZE);
+ ret = read(fd, buf, DEF_BUF_SIZE);
+ if (ret < 0)
+ die("read");
+
+ if (ret == 0)
+ die("read: \'%s\': unexpected end of file",
+ avcstatfile);
+
+ line = strtok(buf, "\n");
+ if (!line)
+ die("unable to parse \'%s\': end of line not found",
+ avcstatfile);
+
+ if (strcmp(line, HEADERS))
+ die("unable to parse \'%s\': invalid headers",
+ avcstatfile);
+
+ if (!i || !(i % (rows - 2)))
+ printf("%10s %10s %10s %10s %10s %10s\n", "lookups",
+ "hits", "misses", "allocs", "reclaims", "frees");
+
+ memset(&tot, 0, sizeof(tot));
+
+ while ((line = strtok(NULL, "\n"))) {
+ struct avc_cache_stats tmp;
+
+ ret = sscanf(line, "%llu %llu %llu %llu %llu %llu",
+ &tmp.lookups,
+ &tmp.hits,
+ &tmp.misses,
+ &tmp.allocations,
+ &tmp.reclaims, &tmp.frees);
+ if (ret != 6)
+ die("unable to parse \'%s\': scan error",
+ avcstatfile);
+
+ tot.lookups += tmp.lookups;
+ tot.hits += tmp.hits;
+ tot.misses += tmp.misses;
+ tot.allocations += tmp.allocations;
+ tot.reclaims += tmp.reclaims;
+ tot.frees += tmp.frees;
+ parsed = 1;
+ }
+
+ if (!parsed)
+ die("unable to parse \'%s\': no data", avcstatfile);
+
+ if (cumulative || (!cumulative && !i))
+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n",
+ tot.lookups, tot.hits, tot.misses,
+ tot.allocations, tot.reclaims, tot.frees);
+ else {
+ rel.lookups = tot.lookups - last.lookups;
+ rel.hits = tot.hits - last.hits;
+ rel.misses = tot.misses - last.misses;
+ rel.allocations = tot.allocations - last.allocations;
+ rel.reclaims = tot.reclaims - last.reclaims;
+ rel.frees = tot.frees - last.frees;
+ printf("%10Lu %10Lu %10Lu %10Lu %10Lu %10Lu\n",
+ rel.lookups, rel.hits, rel.misses,
+ rel.allocations, rel.reclaims, rel.frees);
+ }
+
+ if (!interval)
+ break;
+
+ memcpy(&last, &tot, sizeof(last));
+ sleep(interval);
+
+ ret = lseek(fd, 0, 0);
+ if (ret < 0)
+ die("lseek");
+ }
+
+ close(fd);
+ return 0;
+}
diff --git a/libselinux/utils/compute_av.c b/libselinux/utils/compute_av.c
new file mode 100644
index 0000000..574fa6e
--- /dev/null
+++ b/libselinux/utils/compute_av.c
@@ -0,0 +1,55 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ struct av_decision avd;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_av(argv[1], argv[2], tclass, 1, &avd);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_av failed\n", argv[0]);
+ exit(3);
+ }
+
+ printf("allowed=");
+ print_access_vector(tclass, avd.allowed);
+ printf("\n");
+
+ if (avd.decided != ~0U) {
+ printf("decided=");
+ print_access_vector(tclass, avd.decided);
+ printf("\n");
+ }
+
+ if (avd.auditallow) {
+ printf("auditallow=");
+ print_access_vector(tclass, avd.auditallow);
+ printf("\n");
+ }
+
+ if (avd.auditdeny != ~0U) {
+ printf("auditdeny");
+ print_access_vector(tclass, avd.auditdeny);
+ printf("\n");
+ }
+
+ exit(0);
+}
diff --git a/libselinux/utils/compute_create.c b/libselinux/utils/compute_create.c
new file mode 100644
index 0000000..4abc29f
--- /dev/null
+++ b/libselinux/utils/compute_create.c
@@ -0,0 +1,36 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_create(argv[1], argv[2], tclass, &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_create failed\n",
+ argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/compute_member.c b/libselinux/utils/compute_member.c
new file mode 100644
index 0000000..14edd45
--- /dev/null
+++ b/libselinux/utils/compute_member.c
@@ -0,0 +1,36 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "Invalid class '%s'\n", argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_member(argv[1], argv[2], tclass, &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_member failed\n",
+ argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/compute_relabel.c b/libselinux/utils/compute_relabel.c
new file mode 100644
index 0000000..970750e
--- /dev/null
+++ b/libselinux/utils/compute_relabel.c
@@ -0,0 +1,36 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ security_class_t tclass;
+ int ret;
+
+ if (argc != 4) {
+ fprintf(stderr, "usage: %s scontext tcontext tclass\n",
+ argv[0]);
+ exit(1);
+ }
+
+ tclass = string_to_security_class(argv[3]);
+ if (!tclass) {
+ fprintf(stderr, "%s: invalid class '%s'\n", argv[0], argv[3]);
+ exit(2);
+ }
+
+ ret = security_compute_relabel(argv[1], argv[2], tclass, &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_relabel failed\n",
+ argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/compute_user.c b/libselinux/utils/compute_user.c
new file mode 100644
index 0000000..cae62b2
--- /dev/null
+++ b/libselinux/utils/compute_user.c
@@ -0,0 +1,38 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char **buf, **ptr;
+ int ret;
+
+ if (argc != 3) {
+ fprintf(stderr, "usage: %s context user\n", argv[0]);
+ exit(1);
+ }
+
+ ret = security_compute_user(argv[1], argv[2], &buf);
+ if (ret < 0) {
+ fprintf(stderr, "%s: security_compute_user(%s,%s) failed\n",
+ argv[0], argv[1], argv[2]);
+ exit(2);
+ }
+
+ if (!buf[0]) {
+ printf("none\n");
+ exit(0);
+ }
+
+ for (ptr = buf; *ptr; ptr++) {
+ printf("%s\n", *ptr);
+ }
+ freeconary(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/getconlist.c b/libselinux/utils/getconlist.c
new file mode 100644
index 0000000..4f473e4
--- /dev/null
+++ b/libselinux/utils/getconlist.c
@@ -0,0 +1,73 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+void usage(char *name, char *detail, int rc)
+{
+ fprintf(stderr, "usage: %s [-l level] user [context]\n", name);
+ if (detail)
+ fprintf(stderr, "%s: %s\n", name, detail);
+ exit(rc);
+}
+
+int main(int argc, char **argv)
+{
+ security_context_t *list, usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL;
+ int ret, i, opt;
+
+ while ((opt = getopt(argc, argv, "l:")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+ }
+
+ if (((argc - optind) < 1) || ((argc - optind) > 2))
+ usage(argv[0], "invalid number of arguments", 2);
+
+ /* If selinux isn't available, bail out. */
+ if (!is_selinux_enabled()) {
+ fprintf(stderr,
+ "getconlist may be used only on a SELinux kernel.\n");
+ return 1;
+ }
+
+ user = argv[optind];
+
+ /* If a context wasn't passed, use the current context. */
+ if (((argc - optind) < 2)) {
+ if (getcon(&cur_context) < 0) {
+ fprintf(stderr, "Couldn't get current context.\n");
+ return 2;
+ }
+ } else
+ cur_context = argv[optind + 1];
+
+ /* Get the list and print it */
+ if (level)
+ ret =
+ get_ordered_context_list_with_level(user, level,
+ cur_context, &list);
+ else
+ ret = get_ordered_context_list(user, cur_context, &list);
+ if (ret != -1) {
+ for (i = 0; list[i]; i++)
+ puts(list[i]);
+ freeconary(list);
+ }
+
+ free(usercon);
+
+ return 0;
+}
diff --git a/libselinux/utils/getdefaultcon.c b/libselinux/utils/getdefaultcon.c
new file mode 100644
index 0000000..93762c1
--- /dev/null
+++ b/libselinux/utils/getdefaultcon.c
@@ -0,0 +1,80 @@
+#include <unistd.h>
+#include <sys/types.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+#include <ctype.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+void usage(char *name, char *detail, int rc)
+{
+ fprintf(stderr, "usage: %s [-l level] user fromcon\n", name);
+ if (detail)
+ fprintf(stderr, "%s: %s\n", name, detail);
+ exit(rc);
+}
+
+int main(int argc, char **argv)
+{
+ security_context_t usercon = NULL, cur_context = NULL;
+ char *user = NULL, *level = NULL, *role=NULL, *seuser=NULL, *dlevel=NULL;
+ int ret, opt;
+
+ while ((opt = getopt(argc, argv, "l:r:")) > 0) {
+ switch (opt) {
+ case 'l':
+ level = strdup(optarg);
+ break;
+ case 'r':
+ role = strdup(optarg);
+ break;
+ default:
+ usage(argv[0], "invalid option", 1);
+ }
+ }
+
+ if (((argc - optind) < 1) || ((argc - optind) > 2))
+ usage(argv[0], "invalid number of arguments", 2);
+
+ /* If selinux isn't available, bail out. */
+ if (!is_selinux_enabled()) {
+ fprintf(stderr,
+ "%s may be used only on a SELinux kernel.\n", argv[0]);
+ return 1;
+ }
+
+ user = argv[optind];
+
+ /* If a context wasn't passed, use the current context. */
+ if (((argc - optind) < 2)) {
+ if (getcon(&cur_context) < 0) {
+ fprintf(stderr, "Couldn't get current context.\n");
+ return 2;
+ }
+ } else
+ cur_context = argv[optind + 1];
+
+ if ((ret = getseuserbyname(user, &seuser, &dlevel)) == 0) {
+ if (! level) level=dlevel;
+ if (role != NULL && role[0])
+ ret=get_default_context_with_rolelevel(seuser, role, level,cur_context,&usercon);
+ else
+ ret=get_default_context_with_level(seuser, level, cur_context,&usercon);
+ }
+ if (ret < 0)
+ perror(argv[0]);
+ else
+ printf("%s: %s from %s %s %s %s -> %s\n", argv[0], user, cur_context, seuser, role, level, usercon);
+
+
+ free(role);
+ free(seuser);
+ if (level != dlevel) free(level);
+ free(dlevel);
+ free(usercon);
+
+ return 0;
+}
diff --git a/libselinux/utils/getenforce.c b/libselinux/utils/getenforce.c
new file mode 100644
index 0000000..891c7b7
--- /dev/null
+++ b/libselinux/utils/getenforce.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc __attribute__ ((unused)), char **argv)
+{
+ int rc;
+
+ rc = is_selinux_enabled();
+ if (rc < 0) {
+ fputs("getenforce: is_selinux_enabled() failed", stderr);
+ return 2;
+ }
+ if (rc == 1) {
+ rc = security_getenforce();
+ if (rc < 0) {
+ fputs("getenforce: getenforce() failed", stderr);
+ return 2;
+ }
+
+ if (rc)
+ puts("Enforcing");
+ else
+ puts("Permissive");
+ } else {
+ puts("Disabled");
+ }
+
+ return 0;
+}
diff --git a/libselinux/utils/getfilecon.c b/libselinux/utils/getfilecon.c
new file mode 100644
index 0000000..a7a51ab
--- /dev/null
+++ b/libselinux/utils/getfilecon.c
@@ -0,0 +1,27 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ char *buf;
+ int rc, i;
+
+ if (argc < 2) {
+ fprintf(stderr, "usage: %s path...\n", argv[0]);
+ exit(1);
+ }
+
+ for (i = 1; i < argc; i++) {
+ rc = getfilecon(argv[i], &buf);
+ if (rc < 0) {
+ fprintf(stderr, "%s: getfilecon(%s) failed\n", argv[0],
+ argv[i]);
+ exit(2);
+ }
+ printf("%s\t%s\n", argv[i], buf);
+ freecon(buf);
+ }
+ exit(0);
+}
diff --git a/libselinux/utils/getpidcon.c b/libselinux/utils/getpidcon.c
new file mode 100644
index 0000000..3df0da1
--- /dev/null
+++ b/libselinux/utils/getpidcon.c
@@ -0,0 +1,31 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ pid_t pid;
+ char *buf;
+ int rc;
+
+ if (argc != 2) {
+ fprintf(stderr, "usage: %s pid\n", argv[0]);
+ exit(1);
+ }
+
+ if (sscanf(argv[1], "%d", &pid) != 1) {
+ fprintf(stderr, "%s: invalid pid %s\n", argv[0], argv[1]);
+ exit(2);
+ }
+
+ rc = getpidcon(pid, &buf);
+ if (rc < 0) {
+ fprintf(stderr, "%s: getpidcon() failed\n", argv[0]);
+ exit(3);
+ }
+
+ printf("%s\n", buf);
+ freecon(buf);
+ exit(0);
+}
diff --git a/libselinux/utils/getsebool.c b/libselinux/utils/getsebool.c
new file mode 100644
index 0000000..cab2bb9
--- /dev/null
+++ b/libselinux/utils/getsebool.c
@@ -0,0 +1,105 @@
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr, "usage: %s -a or %s boolean...\n", progname, progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int i, get_all = 0, rc = 0, active, pending, len = 0, opt;
+ char **names;
+
+ while ((opt = getopt(argc, argv, "a")) > 0) {
+ switch (opt) {
+ case 'a':
+ if (argc > 2)
+ usage(argv[0]);
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n",
+ argv[0]);
+ return 1;
+ }
+ errno = 0;
+ rc = security_get_boolean_names(&names, &len);
+ if (rc) {
+ fprintf(stderr,
+ "%s: Unable to get boolean names: %s\n",
+ argv[0], strerror(errno));
+ return 1;
+ }
+ if (!len) {
+ printf("No booleans\n");
+ return 0;
+ }
+ get_all = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
+ return 1;
+ }
+
+ if (!len) {
+ if (argc < 2)
+ usage(argv[0]);
+ len = argc - 1;
+ names = malloc(sizeof(char *) * len);
+ if (!names) {
+ fprintf(stderr, "%s: out of memory\n", argv[0]);
+ return 2;
+ }
+ for (i = 0; i < len; i++) {
+ names[i] = strdup(argv[i + 1]);
+ if (!names[i]) {
+ fprintf(stderr, "%s: out of memory\n",
+ argv[0]);
+ return 2;
+ }
+ }
+ }
+
+ for (i = 0; i < len; i++) {
+ active = security_get_boolean_active(names[i]);
+ if (active < 0) {
+ if (get_all && errno == EACCES)
+ continue;
+ fprintf(stderr, "Error getting active value for %s\n",
+ names[i]);
+ rc = -1;
+ goto out;
+ }
+ pending = security_get_boolean_pending(names[i]);
+ if (pending < 0) {
+ fprintf(stderr, "Error getting pending value for %s\n",
+ names[i]);
+ rc = -1;
+ goto out;
+ }
+ if (pending != active) {
+ printf("%s --> %s pending: %s\n", names[i],
+ (active ? "on" : "off"),
+ (pending ? "on" : "off"));
+ } else {
+ printf("%s --> %s\n", names[i],
+ (active ? "on" : "off"));
+ }
+ }
+
+ out:
+ for (i = 0; i < len; i++)
+ free(names[i]);
+ free(names);
+ return rc;
+}
diff --git a/libselinux/utils/getseuser.c b/libselinux/utils/getseuser.c
new file mode 100644
index 0000000..1e7ed76
--- /dev/null
+++ b/libselinux/utils/getseuser.c
@@ -0,0 +1,40 @@
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+#include <selinux/get_context_list.h>
+
+int main(int argc, char **argv)
+{
+ char *seuser = NULL, *level = NULL;
+ security_context_t *contextlist;
+ int rc, n, i;
+
+ if (argc != 3) {
+ fprintf(stderr, "usage: %s linuxuser fromcon\n", argv[0]);
+ exit(1);
+ }
+
+ rc = getseuserbyname(argv[1], &seuser, &level);
+ if (rc) {
+ fprintf(stderr, "getseuserbyname failed: %s\n",
+ strerror(errno));
+ exit(2);
+ }
+ printf("seuser: %s, level %s\n", seuser, level);
+ n = get_ordered_context_list_with_level(seuser, level, argv[2],
+ &contextlist);
+ if (n <= 0) {
+ fprintf(stderr,
+ "get_ordered_context_list_with_level failed: %s\n",
+ strerror(errno));
+ exit(3);
+ }
+ free(seuser);
+ free(level);
+ for (i = 0; i < n; i++)
+ printf("Context %d\t%s\n", i, contextlist[i]);
+ freeconary(contextlist);
+ exit(0);
+}
diff --git a/libselinux/utils/matchpathcon.c b/libselinux/utils/matchpathcon.c
new file mode 100644
index 0000000..5276d24
--- /dev/null
+++ b/libselinux/utils/matchpathcon.c
@@ -0,0 +1,143 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/errno.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr,
+ "usage: %s [-N] [-n] [-f file_contexts] [-p prefix] [-Vq] path...\n",
+ progname);
+ exit(1);
+}
+
+int printmatchpathcon(char *path, int header, int mode)
+{
+ char *buf;
+ int rc = matchpathcon(path, mode, &buf);
+ if (rc < 0) {
+ fprintf(stderr, "matchpathcon(%s) failed: %s\n", path,
+ strerror(errno));
+ return 1;
+ }
+ if (header)
+ printf("%s\t%s\n", path, buf);
+ else
+ printf("%s\n", buf);
+
+ freecon(buf);
+ return 0;
+}
+
+int main(int argc, char **argv)
+{
+ int i, init = 0;
+ int header = 1, opt;
+ int verify = 0;
+ int notrans = 0;
+ int error = 0;
+ int quiet = 0;
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ while ((opt = getopt(argc, argv, "Nnf:p:Vq")) > 0) {
+ switch (opt) {
+ case 'n':
+ header = 0;
+ break;
+ case 'V':
+ verify = 1;
+ break;
+ case 'N':
+ notrans = 1;
+ set_matchpathcon_flags(MATCHPATHCON_NOTRANS);
+ break;
+ case 'f':
+ if (init) {
+ fprintf(stderr,
+ "%s: -f and -p are exclusive\n",
+ argv[0]);
+ exit(1);
+ }
+ init = 1;
+ if (matchpathcon_init(optarg)) {
+ fprintf(stderr,
+ "Error while processing %s: %s\n",
+ optarg,
+ errno ? strerror(errno) : "invalid");
+ exit(1);
+ }
+ break;
+ case 'p':
+ if (init) {
+ fprintf(stderr,
+ "%s: -f and -p are exclusive\n",
+ argv[0]);
+ exit(1);
+ }
+ init = 1;
+ if (matchpathcon_init_prefix(NULL, optarg)) {
+ fprintf(stderr,
+ "Error while processing %s: %s\n",
+ optarg,
+ errno ? strerror(errno) : "invalid");
+ exit(1);
+ }
+ break;
+ case 'q':
+ quiet = 1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+ for (i = optind; i < argc; i++) {
+ int mode = 0;
+ struct stat buf;
+ if (lstat(argv[i], &buf) == 0)
+ mode = buf.st_mode;
+
+ if (verify) {
+ if (quiet) {
+ if (selinux_file_context_verify(argv[i], 0))
+ continue;
+ else
+ exit(1);
+ }
+ if (selinux_file_context_verify(argv[i], 0)) {
+ printf("%s verified.\n", argv[i]);
+ } else {
+ security_context_t con;
+ int rc;
+ error = 1;
+ if (notrans)
+ rc = lgetfilecon_raw(argv[i], &con);
+ else
+ rc = lgetfilecon(argv[i], &con);
+
+ if (rc >= 0) {
+ printf("%s has context %s, should be ",
+ argv[i], con);
+ printmatchpathcon(argv[i], 0, mode);
+ freecon(con);
+ } else {
+ printf
+ ("actual context unknown: %s, should be ",
+ strerror(errno));
+ printmatchpathcon(argv[i], 0, mode);
+ }
+ }
+ } else {
+ error |= printmatchpathcon(argv[i], header, mode);
+ }
+ }
+ matchpathcon_fini();
+ return error;
+}
diff --git a/libselinux/utils/policyvers.c b/libselinux/utils/policyvers.c
new file mode 100644
index 0000000..0309d7d
--- /dev/null
+++ b/libselinux/utils/policyvers.c
@@ -0,0 +1,18 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc __attribute__ ((unused)), char **argv)
+{
+ int rc;
+
+ rc = security_policyvers();
+ if (rc < 0) {
+ fprintf(stderr, "%s: policyvers() failed\n", argv[0]);
+ exit(2);
+ }
+
+ printf("%d\n", rc);
+ exit(0);
+}
diff --git a/libselinux/utils/selinux_check_securetty_context.c b/libselinux/utils/selinux_check_securetty_context.c
new file mode 100644
index 0000000..95bfb7f
--- /dev/null
+++ b/libselinux/utils/selinux_check_securetty_context.c
@@ -0,0 +1,35 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <getopt.h>
+#include <errno.h>
+#include <string.h>
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <sys/errno.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr, "usage: %s tty_context...\n", progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int i;
+ if (argc < 2)
+ usage(argv[0]);
+
+ for (i = 1; i < argc; i++) {
+ switch (selinux_check_securetty_context(argv[i])) {
+ case 0:
+ printf("%s securetty.\n", argv[i]);
+ break;
+ default:
+ printf("%s not securetty.\n", argv[i]);
+ break;
+ }
+ }
+ return 0;
+}
diff --git a/libselinux/utils/selinuxenabled.c b/libselinux/utils/selinuxenabled.c
new file mode 100644
index 0000000..04ea778
--- /dev/null
+++ b/libselinux/utils/selinuxenabled.c
@@ -0,0 +1,9 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(void)
+{
+ return !is_selinux_enabled();
+}
diff --git a/libselinux/utils/setenforce.c b/libselinux/utils/setenforce.c
new file mode 100644
index 0000000..e45b804
--- /dev/null
+++ b/libselinux/utils/setenforce.c
@@ -0,0 +1,42 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <ctype.h>
+#include <string.h>
+#include <strings.h>
+#include <selinux/selinux.h>
+
+void usage(const char *progname)
+{
+ fprintf(stderr, "usage: %s [ Enforcing | Permissive | 1 | 0 ]\n",
+ progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int rc = 0;
+ if (argc != 2) {
+ usage(argv[0]);
+ }
+
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
+ return 1;
+ }
+ if (strlen(argv[1]) == 1 && (argv[1][0] == '0' || argv[1][0] == '1')) {
+ rc = security_setenforce(atoi(argv[1]));
+ } else {
+ if (strcasecmp(argv[1], "enforcing") == 0) {
+ rc = security_setenforce(1);
+ } else if (strcasecmp(argv[1], "permissive") == 0) {
+ rc = security_setenforce(0);
+ } else
+ usage(argv[0]);
+ }
+ if (rc < 0) {
+ fprintf(stderr, "%s: setenforce() failed\n", argv[0]);
+ return 2;
+ }
+ return 0;
+}
diff --git a/libselinux/utils/setfilecon.c b/libselinux/utils/setfilecon.c
new file mode 100644
index 0000000..d69af84
--- /dev/null
+++ b/libselinux/utils/setfilecon.c
@@ -0,0 +1,24 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <selinux/selinux.h>
+
+int main(int argc, char **argv)
+{
+ int rc, i;
+
+ if (argc < 3) {
+ fprintf(stderr, "usage: %s context path...\n", argv[0]);
+ exit(1);
+ }
+
+ for (i = 2; i < argc; i++) {
+ rc = setfilecon(argv[i], argv[1]);
+ if (rc < 0) {
+ fprintf(stderr, "%s: setfilecon(%s,%s) failed\n",
+ argv[0], argv[i], argv[1]);
+ exit(2);
+ }
+ }
+ exit(0);
+}
diff --git a/libselinux/utils/togglesebool.c b/libselinux/utils/togglesebool.c
new file mode 100644
index 0000000..680ed8d
--- /dev/null
+++ b/libselinux/utils/togglesebool.c
@@ -0,0 +1,97 @@
+#include <unistd.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <libgen.h>
+#include <errno.h>
+#include <selinux/selinux.h>
+#include <syslog.h>
+#include <pwd.h>
+#include <string.h>
+
+/* Attempt to rollback the transaction. No need to check error
+ codes since this is rolling back something that blew up. */
+void rollback(int argc, char **argv)
+{
+ int i;
+
+ for (i = 1; i < argc; i++)
+ security_set_boolean(argv[i],
+ security_get_boolean_active(argv[i]));
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+
+ int rc, i, commit = 0;
+
+ if (is_selinux_enabled() <= 0) {
+ fprintf(stderr, "%s: SELinux is disabled\n", argv[0]);
+ return 1;
+ }
+
+ if (argc < 2) {
+ printf("Usage: %s boolname1 [boolname2 ...]\n",
+ basename(argv[0]));
+ return 1;
+ }
+
+ for (i = 1; i < argc; i++) {
+ printf("%s: ", argv[i]);
+ rc = security_get_boolean_active(argv[i]);
+ switch (rc) {
+ case 1:
+ if (security_set_boolean(argv[i], 0) >= 0) {
+ printf("inactive\n");
+ commit++;
+ } else {
+ printf("%s - rolling back all changes\n",
+ strerror(errno));
+ rollback(i, argv);
+ }
+ break;
+ case 0:
+ if (security_set_boolean(argv[i], 1) >= 0) {
+ printf("active\n");
+ commit++;
+ } else {
+ printf("%s - rolling back all changes\n",
+ strerror(errno));
+ rollback(i, argv);
+ }
+ break;
+ default:
+ if (errno == ENOENT)
+ printf
+ ("Boolean does not exist - rolling back all changes.\n");
+ else
+ printf("%s - rolling back all changes.\n",
+ strerror(errno));
+ rollback(i, argv);
+ break; /* Not reached. */
+ }
+ }
+
+ if (commit > 0) {
+ if (security_commit_booleans() < 0) {
+ printf("Commit failed. (%s) No change to booleans.\n",
+ strerror(errno));
+ } else {
+ /* syslog all the changes */
+ struct passwd *pwd = getpwuid(getuid());
+ for (i = 1; i < argc; i++) {
+ if (pwd && pwd->pw_name)
+ syslog(LOG_NOTICE,
+ "The %s policy boolean was toggled by %s",
+ argv[i], pwd->pw_name);
+ else
+ syslog(LOG_NOTICE,
+ "The %s policy boolean was toggled by uid:%d",
+ argv[i], getuid());
+
+ }
+ return 0;
+ }
+ }
+ return 1;
+}