* RE: Java bindings for SELinux libraries
2007-04-01 14:30 ` Antoine Martin
@ 2007-04-02 14:54 ` Brian M. Williams
2007-04-02 15:43 ` KaiGai Kohei
1 sibling, 0 replies; 5+ messages in thread
From: Brian M. Williams @ 2007-04-02 14:54 UTC (permalink / raw)
To: Karl MacMillan, Dave Quigley; +Cc: selinux, slide, Antoine Martin
> -----Original Message-----
> From: Antoine Martin [mailto:antoine@nagafix.co.uk]
> Sent: Sunday, April 01, 2007 10:30 AM
> To: Karl MacMillan
> Cc: Dave Quigley; selinux@tycho.nsa.gov; slide
> Subject: Re: Java bindings for SELinux libraries
>
> Karl MacMillan wrote:
> > On Thu, 2007-03-29 at 17:20 -0400, Dave Quigley wrote:
> >> Hello,
> >> I was wondering if anyone has written or has seen java bindings
> >> for the selinux userspace libraries? A search through
> google doesn't
> >> yield any good results.
> >>
> >
> > There are not generally available Java bindings of which I am aware.
> > However, the python bindings are done with Swig, which should make
> > producing Java bindings fairly straightforward.
> I have written some JNI stubs for use in a CMS, but never
> took it beyond
> the proof-of-concept stage (for lack of time). It is pretty easy to
> generate the JNI stubs using the sun tools.
> Here is an example for getfilecon:
>
> This is generated by the Sun tools (just had to fill in the blanks):
> #include <jni.h>
> #include <sys/types.h>
> #include <selinux/selinux.h>
>
> JNIEXPORT jstring JNICALL Java_uk_org_devloop_GetFileCon_getfilecon
> (JNIEnv * env, jobject jobj, jstring filename) {
>
> jboolean iscopy;
> const char *mfile = (*env)->GetStringUTFChars(
> env, filename, &iscopy);
>
> security_context_t sc = NULL;
> int ret = getfilecon(mfile, &sc);
> jstring str = (*env)->NewStringUTF (env,sc);
> freecon(sc);
> return (str);
> }
>
> Compile it:
> gcc -o getfilecon.so -Wl,-soname,libgetfilecon.so
> -I/opt/java/jdk1.6/include/ -I/opt/java/jdk1.6/include/linux
> GetFileCon.c -shared -fPIC -lselinux
>
> Then you can use it in Java:
> public class GetFileCon {
> //Native method declaration
> native String getfilecon(String filename);
> //Load the library
> static {
> System.loadLibrary("getfilecon");
> }
>
> public static void main(String args[]) {
> GetFileCon gfc = new GetFileCon();
> String file = ".";
> String buf = gfc.getfilecon(file);
> System.out.println("getfilecon("+file+")="+buf);
> }
> }
>
> Obviously, you wouldn't write a .so for each method to call. this is
> just a PoC.
>
> Antoine
>
Dave,
CDS Framework does have Java bindings for three functions in libselinux
(matchpathcon and related functions). They are available at:
(http://oss.tresys.com/projects/cdsframework/browser/trunk/framework-plu
gin/libselinuxjava). If you checkout CDSFramework and run make or ant
in the libselinux directory it will create the swigified Java files.
Hopefully you can use this as a starting point to do what you need.
Brian
>
>
> > Also, the SLIDE
> > developers (http://oss.tresys.com/projects/slide) may have
> some bindings
> > (CC'd).
> >
> > Karl
> >
> >
> >
> >
> > --
> > This message was distributed to subscribers of the selinux
> mailing list.
> > If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with
> > the words "unsubscribe selinux" without quotes as the message.
> >
>
>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: Java bindings for SELinux libraries
2007-04-01 14:30 ` Antoine Martin
2007-04-02 14:54 ` Brian M. Williams
@ 2007-04-02 15:43 ` KaiGai Kohei
1 sibling, 0 replies; 5+ messages in thread
From: KaiGai Kohei @ 2007-04-02 15:43 UTC (permalink / raw)
To: Antoine Martin; +Cc: Karl MacMillan, Dave Quigley, selinux, slide
Antoine Martin wrote:
> Karl MacMillan wrote:
>> On Thu, 2007-03-29 at 17:20 -0400, Dave Quigley wrote:
>>> Hello,
>>> I was wondering if anyone has written or has seen java bindings
>>> for the selinux userspace libraries? A search through google doesn't
>>> yield any good results.
>>>
>>
>> There are not generally available Java bindings of which I am aware.
>> However, the python bindings are done with Swig, which should make
>> producing Java bindings fairly straightforward.
> I have written some JNI stubs for use in a CMS, but never took it beyond
> the proof-of-concept stage (for lack of time). It is pretty easy to
> generate the JNI stubs using the sun tools.
I tried to implement Java binding via JNI in the past, but I gave up.
The reason was that I didn't know the way to obtain a file descriptor
from Socket typed object in Java.
It's necessary to implement getpeercon() at least, and I wanted to use
this function from java application, so I lost my motivation.
Does anyone know the way to obtain it from Socket typed objects?
> Here is an example for getfilecon:
>
> This is generated by the Sun tools (just had to fill in the blanks):
> #include <jni.h>
> #include <sys/types.h>
> #include <selinux/selinux.h>
>
> JNIEXPORT jstring JNICALL Java_uk_org_devloop_GetFileCon_getfilecon
> (JNIEnv * env, jobject jobj, jstring filename) {
>
> jboolean iscopy;
> const char *mfile = (*env)->GetStringUTFChars(
> env, filename, &iscopy);
>
> security_context_t sc = NULL;
> int ret = getfilecon(mfile, &sc);
> jstring str = (*env)->NewStringUTF (env,sc);
> freecon(sc);
> return (str);
> }
>
> Compile it:
> gcc -o getfilecon.so -Wl,-soname,libgetfilecon.so
> -I/opt/java/jdk1.6/include/ -I/opt/java/jdk1.6/include/linux
> GetFileCon.c -shared -fPIC -lselinux
>
> Then you can use it in Java:
> public class GetFileCon {
> //Native method declaration
> native String getfilecon(String filename);
> //Load the library
> static {
> System.loadLibrary("getfilecon");
> }
>
> public static void main(String args[]) {
> GetFileCon gfc = new GetFileCon();
> String file = ".";
> String buf = gfc.getfilecon(file);
> System.out.println("getfilecon("+file+")="+buf);
> }
> }
>
> Obviously, you wouldn't write a .so for each method to call. this is
> just a PoC.
>
> Antoine
>
>
>
>> Also, the SLIDE
>> developers (http://oss.tresys.com/projects/slide) may have some bindings
>> (CC'd).
>>
>> Karl
>>
>>
>>
>>
>> --
>> This message was distributed to subscribers of the selinux mailing list.
>> If you no longer wish to subscribe, send mail to
>> majordomo@tycho.nsa.gov with
>> the words "unsubscribe selinux" without quotes as the message.
>>
>
>
> --
> This message was distributed to subscribers of the selinux mailing list.
> If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov
> with
> the words "unsubscribe selinux" without quotes as the message.
>
--
KaiGai Kohei <kaigai@kaigai.gr.jp>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread