-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I want to make this code available to audit2why/audit2allow, setroubleshoot and potentially system-config-selinux. I have two questions, Is there a way for audit2why to figure out whether an AVC would be dontaudited by the current policy? If we add audit2why python bindings should I put it in libselinux? sepolgen? Attached .h file describes functions and constants. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkeDzlcACgkQrlYvE4MpobPCjwCgueX3P6iolC2wjwhRGoYRR5pT S98An21rXxPf//hNoP1iDivDJw9AlhsL =cTHu -----END PGP SIGNATURE-----
#include <selinux/selinux.h>
#define BADSCON -1
#define BADTCON -2
#define BADTCLASS -3
#define BADPERM -4
#define BADCOMPUTE -5
#define NOPOLICY -6
#define ALLOWED 0
#define TERULE 1
#define BOOLEAN 2
#define CONSTRAINT 3
#define RBAC 4
struct boolean_t {
char *name;
int active;
};
extern void policy_finish(void);
extern int policy_init(const char *init_path);
extern int audit2why(const security_context_t scon, const security_context_t tcon, char *tclassstr, char *permstr, struct boolean_t **bools);
Attachment:
audit2why.h.sig
Description: Binary data
