From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from jazzdrum.ncsc.mil (zombie.ncsc.mil [144.51.88.131]) by tarius.tycho.ncsc.mil (8.13.1/8.13.1) with SMTP id l32FhgBr010052 for ; Mon, 2 Apr 2007 11:43:42 -0400 Received: from www346.sakura.ne.jp (jazzdrum.ncsc.mil [144.51.5.7]) by jazzdrum.ncsc.mil (8.12.10/8.12.10) with ESMTP id l32Fhdkc025302 for ; Mon, 2 Apr 2007 15:43:40 GMT Message-ID: <46112494.1000201@kaigai.gr.jp> Date: Tue, 03 Apr 2007 00:43:16 +0900 From: KaiGai Kohei MIME-Version: 1.0 To: Antoine Martin CC: Karl MacMillan , Dave Quigley , selinux@tycho.nsa.gov, slide@tresys.com Subject: Re: Java bindings for SELinux libraries References: <1175266261.3102.20.camel@localhost.localdomain> <460FC205.5070704@nagafix.co.uk> In-Reply-To: <460FC205.5070704@nagafix.co.uk> Content-Type: text/plain; charset=ISO-8859-15; format=flowed Sender: owner-selinux@tycho.nsa.gov List-Id: selinux@tycho.nsa.gov Antoine Martin wrote: > Karl MacMillan wrote: >> On Thu, 2007-03-29 at 17:20 -0400, Dave Quigley wrote: >>> Hello, >>> I was wondering if anyone has written or has seen java bindings >>> for the selinux userspace libraries? A search through google doesn't >>> yield any good results. >>> >> >> There are not generally available Java bindings of which I am aware. >> However, the python bindings are done with Swig, which should make >> producing Java bindings fairly straightforward. > I have written some JNI stubs for use in a CMS, but never took it beyond > the proof-of-concept stage (for lack of time). It is pretty easy to > generate the JNI stubs using the sun tools. I tried to implement Java binding via JNI in the past, but I gave up. The reason was that I didn't know the way to obtain a file descriptor from Socket typed object in Java. It's necessary to implement getpeercon() at least, and I wanted to use this function from java application, so I lost my motivation. Does anyone know the way to obtain it from Socket typed objects? > Here is an example for getfilecon: > > This is generated by the Sun tools (just had to fill in the blanks): > #include > #include > #include > > JNIEXPORT jstring JNICALL Java_uk_org_devloop_GetFileCon_getfilecon > (JNIEnv * env, jobject jobj, jstring filename) { > > jboolean iscopy; > const char *mfile = (*env)->GetStringUTFChars( > env, filename, &iscopy); > > security_context_t sc = NULL; > int ret = getfilecon(mfile, &sc); > jstring str = (*env)->NewStringUTF (env,sc); > freecon(sc); > return (str); > } > > Compile it: > gcc -o getfilecon.so -Wl,-soname,libgetfilecon.so > -I/opt/java/jdk1.6/include/ -I/opt/java/jdk1.6/include/linux > GetFileCon.c -shared -fPIC -lselinux > > Then you can use it in Java: > public class GetFileCon { > //Native method declaration > native String getfilecon(String filename); > //Load the library > static { > System.loadLibrary("getfilecon"); > } > > public static void main(String args[]) { > GetFileCon gfc = new GetFileCon(); > String file = "."; > String buf = gfc.getfilecon(file); > System.out.println("getfilecon("+file+")="+buf); > } > } > > Obviously, you wouldn't write a .so for each method to call. this is > just a PoC. > > Antoine > > > >> Also, the SLIDE >> developers (http://oss.tresys.com/projects/slide) may have some bindings >> (CC'd). >> >> Karl >> >> >> >> >> -- >> This message was distributed to subscribers of the selinux mailing list. >> If you no longer wish to subscribe, send mail to >> majordomo@tycho.nsa.gov with >> the words "unsubscribe selinux" without quotes as the message. >> > > > -- > This message was distributed to subscribers of the selinux mailing list. > If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov > with > the words "unsubscribe selinux" without quotes as the message. > -- KaiGai Kohei -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message.