This patch adds the ability to check on the value of the disable_dontaudit flag in the sepol handle. In the past the only way to know the value of this was to directly read the values from the handle. The get function provides a setter-getter symmetry similar to other functions found in libsepol.
Signed-off-by: Christopher Pardy <cpardy@xxxxxxxxxx>
---
libsepol/include/sepol/handle.h | 6 ++++++
libsepol/src/handle.c | 6 ++++++
libsepol/src/libsepol.map | 1 +
3 files changed, 13 insertions(+)
diff -urN selinux.orig/libsepol/include/sepol/handle.h selinux/libsepol/include/sepol/handle.h
--- selinux.orig/libsepol/include/sepol/handle.h 2009-07-01 21:05:26.823235749 -0400
+++ selinux/libsepol/include/sepol/handle.h 2009-07-01 21:08:33.277237031 -0400
@@ -7,6 +7,12 @@
/* Create and return a sepol handle. */
sepol_handle_t *sepol_handle_create(void);
+/* Get whether or not dontaudits will be disabled, same values as
+ * specified by disable dont audit. This value reflects the state
+ * your system will be set to upon commit, not nessesarily it's
+ * current state.*/
+int sepol_get_disable_dontaudit(sepol_handle_t * sh);
+
/* Set whether or not to disable dontaudits, 0 is default and does
* not disable dontaudits, 1 disables them */
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
diff -urN selinux.orig/libsepol/src/handle.c selinux/libsepol/src/handle.c
--- selinux.orig/libsepol/src/handle.c 2009-07-01 21:05:26.854236864 -0400
+++ selinux/libsepol/src/handle.c 2009-07-01 21:07:15.532236991 -0400
@@ -21,6 +21,12 @@
return sh;
}
+int sepol_get_disable_dontaudit(sepol_handle_t *sh)
+{
+ assert(sh !=NULL);
+ return sh->disable_dontaudit;
+}
+
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
{
assert(sh !=NULL);
diff -urN selinux.orig/libsepol/src/libsepol.map selinux/libsepol/src/libsepol.map
--- selinux.orig/libsepol/src/libsepol.map 2009-07-01 21:05:26.848236011 -0400
+++ selinux/libsepol/src/libsepol.map 2009-07-01 21:07:45.948485729 -0400
@@ -12,6 +12,7 @@
sepol_policydb_*; sepol_set_policydb_from_file;
sepol_policy_kern_*;
sepol_policy_file_*;
+ sepol_get_disable_dontaudit;
sepol_set_disable_dontaudit;
sepol_set_expand_consume_base;
local: *;
diff -urN selinux.orig/libsepol/include/sepol/handle.h selinux/libsepol/include/sepol/handle.h
--- selinux.orig/libsepol/include/sepol/handle.h 2009-07-01 21:05:26.823235749 -0400
+++ selinux/libsepol/include/sepol/handle.h 2009-07-01 21:08:33.277237031 -0400
@@ -7,6 +7,12 @@
/* Create and return a sepol handle. */
sepol_handle_t *sepol_handle_create(void);
+/* Get whether or not dontaudits will be disabled, same values as
+ * specified by disable dont audit. This value reflects the state
+ * your system will be set to upon commit, not nessesarily it's
+ * current state.*/
+int sepol_get_disable_dontaudit(sepol_handle_t * sh);
+
/* Set whether or not to disable dontaudits, 0 is default and does
* not disable dontaudits, 1 disables them */
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
diff -urN selinux.orig/libsepol/src/handle.c selinux/libsepol/src/handle.c
--- selinux.orig/libsepol/src/handle.c 2009-07-01 21:05:26.854236864 -0400
+++ selinux/libsepol/src/handle.c 2009-07-01 21:07:15.532236991 -0400
@@ -21,6 +21,12 @@
return sh;
}
+int sepol_get_disable_dontaudit(sepol_handle_t *sh)
+{
+ assert(sh !=NULL);
+ return sh->disable_dontaudit;
+}
+
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
{
assert(sh !=NULL);
diff -urN selinux.orig/libsepol/src/libsepol.map selinux/libsepol/src/libsepol.map
--- selinux.orig/libsepol/src/libsepol.map 2009-07-01 21:05:26.848236011 -0400
+++ selinux/libsepol/src/libsepol.map 2009-07-01 21:07:45.948485729 -0400
@@ -12,6 +12,7 @@
sepol_policydb_*; sepol_set_policydb_from_file;
sepol_policy_kern_*;
sepol_policy_file_*;
+ sepol_get_disable_dontaudit;
sepol_set_disable_dontaudit;
sepol_set_expand_consume_base;
local: *;
