Add a wrapper around the utility function sepol_av_to_string() on the
service internal policy. This allows callers to convert a permission
bit set into a string representation without access to the internal
policy structure.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
libsepol/include/sepol/policydb/services.h | 9 +++++++++
libsepol/src/services.c | 6 ++++++
2 files changed, 15 insertions(+)
diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h
index 048f8a5a..44de3863 100644
--- a/libsepol/include/sepol/policydb/services.h
+++ b/libsepol/include/sepol/policydb/services.h
@@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass,
const char *perm_name,
sepol_access_vector_t *av);
+/*
+ * Return a string representation of the permission av bit associated with
+ * tclass.
+ * Returns a pointer to an internal buffer, overridden by the next call to
+ * this function or sepol_av_to_string().
+ */
+ extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
+ sepol_access_vector_t av);
+
/*
* Compute a SID to use for labeling a new object in the
* class `tclass' based on a SID pair.
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 7becfd1b..b2fb804e 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1233,6 +1233,12 @@ out:
return STATUS_ERR;
}
+ const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
+ sepol_access_vector_t av)
+{
+ return sepol_av_to_string(policydb, tclass, av);
+}
+
/*
* Write the security context string representation of
* the context associated with `sid' into a dynamically
--
2.34.1
