From: Christopher Pardy <cpardy@redhat.com>
To: selinux@tycho.nsa.gov
Subject: [Patch 1/2] libsepol: method to check disable dontaudit flag.
Date: Mon, 06 Jul 2009 10:42:15 -0400 [thread overview]
Message-ID: <4A520D47.4040708@redhat.com> (raw)
In-Reply-To: <1246888326.28321.26.camel@moss-pluto.epoch.ncsc.mil>
[-- Attachment #1: Type: text/plain, Size: 2298 bytes --]
This patch adds the ability to check on the value of the disable_dontaudit flag in the sepol handle. In the past the only way to know the value of this was to directly read the values from the handle. The get function provides a setter-getter symmetry similar to other functions found in libsepol.
Signed-off-by: Christopher Pardy <cpardy@redhat.com>
---
libsepol/include/sepol/handle.h | 6 ++++++
libsepol/src/handle.c | 6 ++++++
libsepol/src/libsepol.map | 1 +
3 files changed, 13 insertions(+)
diff -urN selinux.orig/libsepol/include/sepol/handle.h selinux/libsepol/include/sepol/handle.h
--- selinux.orig/libsepol/include/sepol/handle.h 2009-07-01 21:05:26.823235749 -0400
+++ selinux/libsepol/include/sepol/handle.h 2009-07-01 21:08:33.277237031 -0400
@@ -7,6 +7,12 @@
/* Create and return a sepol handle. */
sepol_handle_t *sepol_handle_create(void);
+/* Get whether or not dontaudits will be disabled, same values as
+ * specified by disable dont audit. This value reflects the state
+ * your system will be set to upon commit, not nessesarily it's
+ * current state.*/
+int sepol_get_disable_dontaudit(sepol_handle_t * sh);
+
/* Set whether or not to disable dontaudits, 0 is default and does
* not disable dontaudits, 1 disables them */
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
diff -urN selinux.orig/libsepol/src/handle.c selinux/libsepol/src/handle.c
--- selinux.orig/libsepol/src/handle.c 2009-07-01 21:05:26.854236864 -0400
+++ selinux/libsepol/src/handle.c 2009-07-01 21:07:15.532236991 -0400
@@ -21,6 +21,12 @@
return sh;
}
+int sepol_get_disable_dontaudit(sepol_handle_t *sh)
+{
+ assert(sh !=NULL);
+ return sh->disable_dontaudit;
+}
+
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
{
assert(sh !=NULL);
diff -urN selinux.orig/libsepol/src/libsepol.map selinux/libsepol/src/libsepol.map
--- selinux.orig/libsepol/src/libsepol.map 2009-07-01 21:05:26.848236011 -0400
+++ selinux/libsepol/src/libsepol.map 2009-07-01 21:07:45.948485729 -0400
@@ -12,6 +12,7 @@
sepol_policydb_*; sepol_set_policydb_from_file;
sepol_policy_kern_*;
sepol_policy_file_*;
+ sepol_get_disable_dontaudit;
sepol_set_disable_dontaudit;
sepol_set_expand_consume_base;
local: *;
[-- Attachment #2: selinux.patch1 --]
[-- Type: text/plain, Size: 1768 bytes --]
diff -urN selinux.orig/libsepol/include/sepol/handle.h selinux/libsepol/include/sepol/handle.h
--- selinux.orig/libsepol/include/sepol/handle.h 2009-07-01 21:05:26.823235749 -0400
+++ selinux/libsepol/include/sepol/handle.h 2009-07-01 21:08:33.277237031 -0400
@@ -7,6 +7,12 @@
/* Create and return a sepol handle. */
sepol_handle_t *sepol_handle_create(void);
+/* Get whether or not dontaudits will be disabled, same values as
+ * specified by disable dont audit. This value reflects the state
+ * your system will be set to upon commit, not nessesarily it's
+ * current state.*/
+int sepol_get_disable_dontaudit(sepol_handle_t * sh);
+
/* Set whether or not to disable dontaudits, 0 is default and does
* not disable dontaudits, 1 disables them */
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
diff -urN selinux.orig/libsepol/src/handle.c selinux/libsepol/src/handle.c
--- selinux.orig/libsepol/src/handle.c 2009-07-01 21:05:26.854236864 -0400
+++ selinux/libsepol/src/handle.c 2009-07-01 21:07:15.532236991 -0400
@@ -21,6 +21,12 @@
return sh;
}
+int sepol_get_disable_dontaudit(sepol_handle_t *sh)
+{
+ assert(sh !=NULL);
+ return sh->disable_dontaudit;
+}
+
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
{
assert(sh !=NULL);
diff -urN selinux.orig/libsepol/src/libsepol.map selinux/libsepol/src/libsepol.map
--- selinux.orig/libsepol/src/libsepol.map 2009-07-01 21:05:26.848236011 -0400
+++ selinux/libsepol/src/libsepol.map 2009-07-01 21:07:45.948485729 -0400
@@ -12,6 +12,7 @@
sepol_policydb_*; sepol_set_policydb_from_file;
sepol_policy_kern_*;
sepol_policy_file_*;
+ sepol_get_disable_dontaudit;
sepol_set_disable_dontaudit;
sepol_set_expand_consume_base;
local: *;
next prev parent reply other threads:[~2009-07-06 14:42 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-01 13:32 [Fwd: [Patch] libsemanage: remember and retrieve dontaudit settings] Christopher Pardy
2009-07-01 14:06 ` Stephen Smalley
2009-07-01 14:16 ` Stephen Smalley
2009-07-01 15:52 ` Christopher Pardy
2009-07-01 17:01 ` Stephen Smalley
2009-07-01 16:47 ` Daniel J Walsh
2009-07-01 15:57 ` Daniel J Walsh
2009-07-01 17:04 ` Stephen Smalley
2009-07-01 17:16 ` Daniel J Walsh
2009-07-01 17:40 ` Daniel J Walsh
2009-07-02 2:08 ` Re:[Patch 0/2] libsemanage: remember and retrieve dontaudit settings Christopher Pardy
2009-07-02 2:11 ` [Patch 1/2] " Christopher Pardy
2009-07-02 12:39 ` Stephen Smalley
2009-07-02 13:40 ` Christopher Pardy
2009-07-02 2:13 ` [Patch 2/2] " Christopher Pardy
2009-07-02 12:46 ` Stephen Smalley
2009-07-02 13:55 ` Christopher Pardy
2009-07-02 14:13 ` Stephen Smalley
2009-07-02 14:30 ` Christopher Pardy
2009-07-02 14:35 ` Stephen Smalley
2009-07-02 15:32 ` [Patch 2/2] libsemanage: create a don't audit flag Christopher Pardy
2009-07-02 17:09 ` Stephen Smalley
2009-07-06 12:26 ` Christopher Pardy
2009-07-06 12:31 ` Christopher Pardy
2009-07-06 13:46 ` Stephen Smalley
2009-07-06 13:52 ` Stephen Smalley
2009-07-06 14:42 ` Christopher Pardy [this message]
2009-07-06 14:54 ` [Patch 2/2] libsemanage: maintain disable dontaudit state between handle commits Christopher Pardy
2009-07-06 15:03 ` Stephen Smalley
2009-07-06 15:17 ` Daniel J Walsh
2009-07-06 15:54 ` Christopher Pardy
2009-07-06 16:55 ` Stephen Smalley
2009-07-06 17:37 ` [Patch 2/2 v2] " Christopher Pardy
2009-07-06 18:07 ` Stephen Smalley
2009-07-06 18:12 ` Stephen Smalley
2009-07-06 19:10 ` [Patch 2/2 v3] " Christopher Pardy
2009-07-06 19:30 ` Stephen Smalley
2009-07-07 11:45 ` Stephen Smalley
2009-07-07 12:47 ` Christopher Pardy
2009-07-07 12:54 ` Stephen Smalley
2009-07-07 13:48 ` [Patch 2/2 v4] " Christopher Pardy
2009-07-07 14:20 ` Stephen Smalley
2009-07-07 14:41 ` Christopher Pardy
2009-07-07 14:53 ` Stephen Smalley
2009-07-07 14:59 ` Joshua Brindle
2009-07-07 16:07 ` Christopher Pardy
2009-07-07 16:55 ` Stephen Smalley
2009-07-07 17:30 ` [Patch 2/2 v6] " Christopher Pardy
2009-07-06 17:41 ` [Patch 3/2] semodule: maintain old functionality Christopher Pardy
2009-07-06 17:49 ` Joshua Brindle
2009-07-06 18:01 ` [Patch 3/2 v2] " Christopher Pardy
2009-07-02 14:16 ` [Patch 2/2] libsemanage, libselinux: Get don't audit settings from handle and remember settings after commit Christopher Pardy
2009-07-02 12:33 ` Re:[Patch 0/2] libsemanage: remember and retrieve dontaudit settings Stephen Smalley
2009-07-02 14:01 ` [Patch " Christopher Pardy
2009-07-02 12:40 ` Stephen Smalley
2009-07-01 19:19 ` [Fwd: [Patch] libsemanage: remember and retrieve dontaudit settings] Joshua Brindle
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A520D47.4040708@redhat.com \
--to=cpardy@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.