Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2314] trunk/libselinux
|
From: <ssm...@us...> - 2007-03-30 18:44:47
|
Revision: 2314
http://svn.sourceforge.net/selinux/?rev=2314&view=rev
Author: ssmalley
Date: 2007-03-30 11:44:39 -0700 (Fri, 30 Mar 2007)
Log Message:
-----------
Author: Eamon Walsh
Email: ew...@ty...
Subject: libselinux: string and compute_create functions (resend)
Date: Fri, 30 Mar 2007 14:34:17 -0400
Some new interfaces for libselinux, supporting userspace object managers:
1. class,av to string functions, completing the set.
2. "avc_compute_create" convenience interface to security_compute_create,
taking userspace AVC SID's instead of security context strings.
3. man pages for these.
Resending patch 1, was whitespace damaged.
Modified Paths:
--------------
trunk/libselinux/include/selinux/selinux.h
trunk/libselinux/src/avc.c
Modified: trunk/libselinux/include/selinux/selinux.h
===================================================================
--- trunk/libselinux/include/selinux/selinux.h 2007-03-30 16:27:41 UTC (rev 2313)
+++ trunk/libselinux/include/selinux/selinux.h 2007-03-30 18:44:39 UTC (rev 2314)
@@ -277,13 +277,21 @@
/* Common helpers */
-/* Return the security class value for a given class name. */
+/* Convert between security class values and string names */
extern security_class_t string_to_security_class(const char *name);
+ extern const char *security_class_to_string(security_class_t cls);
-/* Return an access vector for a given class and permission name. */
+/* Convert between individual access vector permissions and string names */
+ extern const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t perm);
extern access_vector_t string_to_av_perm(security_class_t tclass,
const char *name);
+/* Returns an access vector in a string representation. User must free the
+ * returned string via free(). */
+ extern int security_av_string(security_class_t tclass,
+ access_vector_t av, char **result);
+
/* Display an access vector in a string representation. */
extern void print_access_vector(security_class_t tclass,
access_vector_t av);
Modified: trunk/libselinux/src/avc.c
===================================================================
--- trunk/libselinux/src/avc.c 2007-03-30 16:27:41 UTC (rev 2313)
+++ trunk/libselinux/src/avc.c 2007-03-30 18:44:39 UTC (rev 2314)
@@ -1338,6 +1338,105 @@
return 0;
}
+const char *security_class_to_string(security_class_t tclass)
+{
+ tclass = (tclass > 0 && tclass < NCLASSES) ? tclass : 0;
+ return class_to_string_data.str + class_to_string[tclass];
+}
+
+const char *security_av_perm_to_string(security_class_t tclass,
+ access_vector_t av)
+{
+ const uint16_t *common_pts_idx = 0;
+ access_vector_t common_base = 0;
+ unsigned int i;
+
+ if (!av)
+ return NULL;
+
+ for (i = 0; i < ARRAY_SIZE(av_inherit); i++) {
+ if (av_inherit[i].tclass == tclass) {
+ common_pts_idx =
+ &common_perm_to_string.data[av_inherit[i].
+ common_pts_idx];
+ common_base = av_inherit[i].common_base;
+ break;
+ }
+ }
+
+ if (av < common_base) {
+ i = 0;
+ while (!(av & 1)) {
+ av >>= 1;
+ i++;
+ }
+ return common_perm_to_string_data.str + common_pts_idx[i];
+ }
+
+ for (i = 0; i < NVECTORS; i++) {
+ if (av_perm_to_string[i].tclass == tclass &&
+ av_perm_to_string[i].value == av)
+ return av_perm_to_string_data.str
+ + av_perm_to_string[i].nameidx;
+ }
+
+ return NULL;
+}
+
+int security_av_string(security_class_t tclass, access_vector_t av, char **res)
+{
+ unsigned int i = 0;
+ size_t len = 5;
+ access_vector_t tmp = av;
+ int rc = 0;
+ const char *str;
+ char *ptr;
+
+ /* first pass computes the required length */
+ while (tmp) {
+ if (tmp & 1) {
+ str = security_av_perm_to_string(tclass, av & (1<<i));
+ if (str)
+ len += strlen(str) + 1;
+ else {
+ rc = -1;
+ errno = EINVAL;
+ goto out;
+ }
+ }
+ tmp >>= 1;
+ i++;
+ }
+
+ *res = malloc(len);
+ if (!*res) {
+ rc = -1;
+ goto out;
+ }
+
+ /* second pass constructs the string */
+ i = 0;
+ tmp = av;
+ ptr = *res;
+
+ if (!av) {
+ sprintf(ptr, "null");
+ goto out;
+ }
+
+ ptr += sprintf(ptr, "{ ");
+ while (tmp) {
+ if (tmp & 1)
+ ptr += sprintf(ptr, "%s ", security_av_perm_to_string(
+ tclass, av & (1<<i)));
+ tmp >>= 1;
+ i++;
+ }
+ sprintf(ptr, "}");
+out:
+ return rc;
+}
+
void print_access_vector(security_class_t tclass, access_vector_t av)
{
const uint16_t *common_pts_idx = 0;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
