On Thu, 2012-08-23 at 22:34 -0400, Joshua Brindle wrote:
> William Roberts wrote:
> > I am working on a tool for parsing, and allowing overrides to occur in
> > seapp_contexts. I also want it to check the output selectors against
> > the compiled binary. After looking at sepol, it wasn't quite clear to
> > me how to get going with it. Can anyone give me function calls to do
> > something like this?
> >
> > 1. Load the compiled binary
>
> look at checkpolicy/test/dispol.c for examples. requires you to be
> statically linked against libsepol.
>
> fd = open(argv[1], O_RDONLY);
> if (fd < 0) {
> ... }
> if (fstat(fd, &sb) < 0) {
> ... }
> map =
> mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_PRIVATE,
> fd, 0);
> if (map == MAP_FAILED) {
> ... }
> policy_file_init(&pf);
> pf.type = PF_USE_MEMORY;
> pf.data = map;
> pf.len = sb.st_size;
> if (policydb_init(&policydb)) {
> ... }
> ret = policydb_read(&policydb, &pf, 1);
>
>
> > 2. Check to see if a boolean exists
>
> bool = hashtab_search(policydb->p_bools.table, "some_boolean");
> if (bool == null) {
> //no such boolean
> }
libsemanage and/or libselinux/src/audit2why.c shows how to do this more
cleanly using the sepol_* interfaces.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
