Add a wrapper around the utility function sepol_av_to_string() on the service internal policy. This allows callers to convert a permission bit set into a string representation without access to the internal policy structure. Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libsepol/include/sepol/policydb/services.h | 9 +++++++++ libsepol/src/services.c | 6 ++++++ 2 files changed, 15 insertions(+) diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h index 048f8a5a..44de3863 100644 --- a/libsepol/include/sepol/policydb/services.h +++ b/libsepol/include/sepol/policydb/services.h @@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass, const char *perm_name, sepol_access_vector_t *av); +/* + * Return a string representation of the permission av bit associated with + * tclass. + * Returns a pointer to an internal buffer, overridden by the next call to + * this function or sepol_av_to_string(). + */ + extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass, + sepol_access_vector_t av); + /* * Compute a SID to use for labeling a new object in the * class `tclass' based on a SID pair. diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 7becfd1b..b2fb804e 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -1233,6 +1233,12 @@ out: return STATUS_ERR; } + const char *sepol_av_perm_to_string(sepol_security_class_t tclass, + sepol_access_vector_t av) +{ + return sepol_av_to_string(policydb, tclass, av); +} + /* * Write the security context string representation of * the context associated with `sid' into a dynamically -- 2.35.1