Re: [RFC PATCH v2 1/4] libsepol: add sepol_av_perm_to_string

James Carter <jwcart2@xxxxxxxxx> · Tue, 12 Apr 2022 14:07:43 -0400

On Thu, Apr 7, 2022 at 10:54 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Tue, Feb 22, 2022 at 9:05 AM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Add a wrapper around the utility function sepol_av_to_string() on the
> > service internal policy.  This allows callers to convert a permission
> > bit set into a string representation without access to the internal
> > policy structure.
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> After thinking about it, I am ok with this series. All of the
> functions that are being exported are used by checkpolicy or audit2why
> and are from services.c.
>
> So for these four patches:
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>

Merged.
Thanks,
Jim

> > ---
> >  libsepol/include/sepol/policydb/services.h | 9 +++++++++
> >  libsepol/src/services.c                    | 6 ++++++
> >  2 files changed, 15 insertions(+)
> >
> > diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h
> > index 048f8a5a..44de3863 100644
> > --- a/libsepol/include/sepol/policydb/services.h
> > +++ b/libsepol/include/sepol/policydb/services.h
> > @@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass,
> >                                         const char *perm_name,
> >                                         sepol_access_vector_t *av);
> >
> > +/*
> > + * Return a string representation of the permission av bit associated with
> > + * tclass.
> > + * Returns a pointer to an internal buffer, overridden by the next call to
> > + * this function or sepol_av_to_string().
> > + */
> > + extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
> > +                                       sepol_access_vector_t av);
> > +
> >  /*
> >   * Compute a SID to use for labeling a new object in the
> >   * class `tclass' based on a SID pair.
> > diff --git a/libsepol/src/services.c b/libsepol/src/services.c
> > index 7becfd1b..b2fb804e 100644
> > --- a/libsepol/src/services.c
> > +++ b/libsepol/src/services.c
> > @@ -1233,6 +1233,12 @@ out:
> >         return STATUS_ERR;
> >  }
> >
> > + const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
> > +                                       sepol_access_vector_t av)
> > +{
> > +       return sepol_av_to_string(policydb, tclass, av);
> > +}
> > +
> >  /*
> >   * Write the security context string representation of
> >   * the context associated with `sid' into a dynamically
> > --
> > 2.35.1
> >