diff -urpN selinux.orig2/libsemanage/include/semanage/handle.h selinux.orig3/libsemanage/include/semanage/handle.h --- selinux.orig2/libsemanage/include/semanage/handle.h 2009-07-01 21:15:17.224235939 -0400 +++ selinux.orig3/libsemanage/include/semanage/handle.h 2009-07-07 09:37:35.888570766 -0400 @@ -69,7 +69,13 @@ void semanage_set_rebuild(semanage_handl * 1 for yes, 0 for no (default) */ void semanage_set_create_store(semanage_handle_t * handle, int create_store); -/* Set whether or not to disable dontaudits upon commit */ +/*Get whether or not to dontaudits will be disabled upon commit */ +int semanage_get_disable_dontaudit(semanage_handle_t * handle); + +/* Set whether or not to disable dontaudits upon commit + * Sets errno to 0 if successful. Otherwise sets errno + * to any of the errors specified by fopen,fclose, or remove. + */ void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit); /* Check whether policy is managed via libsemanage on this system. diff -urpN selinux.orig2/libsemanage/src/direct_api.c selinux.orig3/libsemanage/src/direct_api.c --- selinux.orig2/libsemanage/src/direct_api.c 2009-07-01 21:15:17.264236347 -0400 +++ selinux.orig3/libsemanage/src/direct_api.c 2009-07-07 09:19:28.174321784 -0400 @@ -293,6 +293,46 @@ static int semanage_direct_begintrans(se return 0; } +/*********Dont audit functions*************/ + +/* Creates, removes, and tests for the existance of a dont audit flag. + */ + +int get_disable_dontaudit_flag(void) +{ + const char *path; + + path = semanage_fname(SEMANAGE_DISABLE_DONTAUDIT); + if(access(path,F_OK) == 0) + return 1; + else + return 0; +} + +int set_disable_dontaudit_flag(int setting) +{ + const char *path; + int retcode; + + retcode = 0; + + path = semanage_fname(SEMANAGE_DISABLE_DONTAUDIT); + if(setting == 1){ + FILE *touch; + touch = fopen(path,"w"); + if (touch != NULL) + if(fclose(touch) != 0) + retcode = -1; + else + retcode = -1; + }else + if(remove(path) == -1 && errno != ENOENT) + retcode = -1 + + return retcode; +} + + /********************* utility functions *********************/ /* Takes a module stored in 'module_data' and parses its headers. diff -urpN selinux.orig2/libsemanage/src/direct_api.h selinux.orig3/libsemanage/src/direct_api.h --- selinux.orig2/libsemanage/src/direct_api.h 2009-07-01 21:15:17.270235734 -0400 +++ selinux.orig3/libsemanage/src/direct_api.h 2009-07-07 08:50:24.620326359 -0400 @@ -39,6 +39,11 @@ int semanage_direct_access_check(struct int semanage_direct_mls_enabled(struct semanage_handle *sh); +int get_disable_dontaudit_flag(void); + +/*returns a 0 on success*/ +int set_disable_dontaudit_flag(int setting); + #include #include ssize_t bunzip(FILE *f, char **data); diff -urpN selinux.orig2/libsemanage/src/handle.c selinux.orig3/libsemanage/src/handle.c --- selinux.orig2/libsemanage/src/handle.c 2009-07-01 21:15:17.288238017 -0400 +++ selinux.orig3/libsemanage/src/handle.c 2009-07-07 09:44:23.677572218 -0400 @@ -23,6 +23,7 @@ #include +#include #include #include #include @@ -59,6 +60,9 @@ semanage_handle_t *semanage_handle_creat goto err; sepol_msg_set_callback(sh->sepolh, semanage_msg_relay_handler, sh); + /*set the disable dontaudit flag to system defaults*/ + sepol_set_disable_dontaudit(sh->sepolh,get_disable_dontaudit_flag()); + /* By default do not rebuild the policy on commit * If any changes are made, this flag is ignored */ sh->do_rebuild = 0; @@ -66,6 +70,7 @@ semanage_handle_t *semanage_handle_creat /* By default always reload policy after commit if SELinux is enabled. */ sh->do_reload = (is_selinux_enabled() > 0); + /* By default do not create store */ sh->create_store = 0; @@ -110,11 +115,22 @@ void semanage_set_create_store(semanage_ return; } +int semanage_get_disable_dontaudit(semanage_handle_t * sh) +{ + assert(sh != NULL); + + return sepol_get_disable_dontaudit(sh->sepolh); +} + void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit) { assert(sh != NULL); + if(set_disable_dontaudit_flag(disable_dontaudit) == 0){ + sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit); + errno = 0; + }else + ERR(sh,"Could not set disable dontaudit flag of handle."); - sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit); return; } @@ -264,9 +280,10 @@ int semanage_commit(semanage_handle_t * assert(sh != NULL && sh->funcs != NULL && sh->funcs->commit != NULL); if (!sh->is_in_transaction) { ERR(sh, - "Will not commit because caller does not have a tranaction lock yet."); + "Will not commit because caller does not have a transaction lock yet."); return -1; } + set_disable_dontaudit_flag(sepol_get_disable_dontaudit(sh->sepolh)); retval = sh->funcs->commit(sh); sh->is_in_transaction = 0; sh->modules_modified = 0; diff -urpN selinux.orig2/libsemanage/src/libsemanage.map selinux.orig3/libsemanage/src/libsemanage.map --- selinux.orig2/libsemanage/src/libsemanage.map 2009-07-01 21:15:17.290237650 -0400 +++ selinux.orig3/libsemanage/src/libsemanage.map 2009-07-06 13:26:53.591167982 -0400 @@ -15,7 +15,7 @@ LIBSEMANAGE_1.0 { semanage_iface_*; semanage_port_*; semanage_context_*; semanage_node_*; semanage_fcontext_*; semanage_access_check; semanage_set_create_store; - semanage_is_connected; semanage_set_disable_dontaudit; + semanage_is_connected; semanage_get_disable_dontaudit; semanage_set_disable_dontaudit; semanage_mls_enabled; local: *; }; diff -urpN selinux.orig2/libsemanage/src/semanage_store.c selinux.orig3/libsemanage/src/semanage_store.c --- selinux.orig2/libsemanage/src/semanage_store.c 2009-07-01 21:15:17.271236564 -0400 +++ selinux.orig3/libsemanage/src/semanage_store.c 2009-07-06 13:26:53.598164077 -0400 @@ -114,6 +114,7 @@ static const char *semanage_sandbox_path "/users_extra", "/netfilter_contexts", "/file_contexts.homedirs", + "/disable_dontaudit", }; /* A node used in a linked list of file contexts; used for sorting. diff -urpN selinux.orig2/libsemanage/src/semanage_store.h selinux.orig3/libsemanage/src/semanage_store.h --- selinux.orig2/libsemanage/src/semanage_store.h 2009-07-01 21:15:17.262235597 -0400 +++ selinux.orig3/libsemanage/src/semanage_store.h 2009-07-06 13:26:53.626166474 -0400 @@ -58,6 +58,7 @@ enum semanage_sandbox_defs { SEMANAGE_USERS_EXTRA, SEMANAGE_NC, SEMANAGE_FC_HOMEDIRS, + SEMANAGE_DISABLE_DONTAUDIT, SEMANAGE_STORE_NUM_PATHS };