Creates a empty file disable_dontaudit in the polciy directory
(/etc/selinux/<policytype>). Checks for the existance of this file to
set the sepol disable don't audit upon handle creation. Also provides
the function "int semanage_get_disable_dontaudit()" which returns the
don't audit property of the current policy.
Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx>
diff -r selinux/libsemanage/include/semanage/handle.h selinux.old/libsemanage/include/semanage/handle.h
72,74d71
< /* Get the whether or not dontaudits are disabled upon commit */
< int semanage_get_disable_dontudit();
<
Only in selinux/libsemanage/src: boolean_record.o
Only in selinux/libsemanage/src: booleans_activedb.o
Only in selinux/libsemanage/src: booleans_active.o
Only in selinux/libsemanage/src: booleans_file.o
Only in selinux/libsemanage/src: booleans_local.o
Only in selinux/libsemanage/src: booleans_policydb.o
Only in selinux/libsemanage/src: booleans_policy.o
Only in selinux/libsemanage/src: context_record.o
Only in selinux/libsemanage/src: database_activedb.o
Only in selinux/libsemanage/src: database_file.o
Only in selinux/libsemanage/src: database_join.o
Only in selinux/libsemanage/src: database_llist.o
Only in selinux/libsemanage/src: database.o
Only in selinux/libsemanage/src: database_policydb.o
Only in selinux/libsemanage/src: debug.o
Only in selinux/libsemanage/src: direct_api.o
Only in selinux/libsemanage/src: fcontext_record.o
Only in selinux/libsemanage/src: fcontexts_file.o
Only in selinux/libsemanage/src: fcontexts_local.o
Only in selinux/libsemanage/src: fcontexts_policy.o
diff -r selinux/libsemanage/src/handle.c selinux.old/libsemanage/src/handle.c
30d29
< #include <unistd.h>
80,82d78
< /* Set disable dontaudit */
< sepol_set_disable_dontaudit(sh->sepolh,semanage_get_disable_dontaudit())
<
117,135d112
< int semanage_get_disable_dontaudit()
< {
< /*get the policy type*/
< char *poltype;
< selinux_getpolicytype(&poltype);
< /*create a pathname*/
< char path[255];
< strcpy(path,"/etc/selinux/");
< strcat(path,poltype);
< strcat(path,"/disable_dontaudit");
< /*free the string poltype string*/
< free(poltype);
< /*check for the files existance*/
< if (access(path,F_OK) == 0)
< return 1;
< else
< return 0;
< }
<
141,158d117
< /*get the policy type*/
< char *poltype;
< selinux_getpolicytype(&poltype);
< /*create a pathname*/
< char path[255];
< strcpy(path,"/etc/selinux/");
< strcat(path,poltype);
< strcat(path,"/disable_dontaudit");
< /*free the string poltype string*/
< free(poltype);
< /*touch or delete the file*/
< if (disable_dontaudit != 0){
< FILE *touch;
< touch = fopen(path,"w");
< fclose(touch);
< }else
< remove(path);
<
Only in selinux/libsepol/tests: debug.o
