Menu
▾
▴
[Selinux-commits] SF.net SVN: selinux: [2588] branches/stable/1_0
|
From: <ssm...@us...> - 2007-09-27 13:10:14
|
Revision: 2588
http://selinux.svn.sourceforge.net/selinux/?rev=2588&view=rev
Author: ssmalley
Date: 2007-09-27 06:10:10 -0700 (Thu, 27 Sep 2007)
Log Message:
-----------
applied r2517:2518 (disable dontaudit support) from trunk
Modified Paths:
--------------
branches/stable/1_0/libsemanage/include/semanage/handle.h
branches/stable/1_0/libsemanage/src/handle.c
branches/stable/1_0/libsemanage/src/libsemanage.map
branches/stable/1_0/libsepol/include/sepol/handle.h
branches/stable/1_0/libsepol/src/expand.c
branches/stable/1_0/libsepol/src/handle.c
branches/stable/1_0/libsepol/src/handle.h
branches/stable/1_0/libsepol/src/libsepol.map
branches/stable/1_0/policycoreutils/semodule/semodule.c
Modified: branches/stable/1_0/libsemanage/include/semanage/handle.h
===================================================================
--- branches/stable/1_0/libsemanage/include/semanage/handle.h 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsemanage/include/semanage/handle.h 2007-09-27 13:10:10 UTC (rev 2588)
@@ -69,6 +69,9 @@
* 1 for yes, 0 for no (default) */
void semanage_set_create_store(semanage_handle_t * handle, int create_store);
+/* Set whether or not to disable dontaudits upon commit */
+void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
+
/* Check whether policy is managed via libsemanage on this system.
* Must be called prior to trying to connect.
* Return 1 if policy is managed via libsemanage on this system,
Modified: branches/stable/1_0/libsemanage/src/handle.c
===================================================================
--- branches/stable/1_0/libsemanage/src/handle.c 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsemanage/src/handle.c 2007-09-27 13:10:10 UTC (rev 2588)
@@ -109,6 +109,14 @@
return;
}
+void semanage_set_disable_dontaudit(semanage_handle_t * sh, int disable_dontaudit)
+{
+ assert(sh != NULL);
+
+ sepol_set_disable_dontaudit(sh->sepolh, disable_dontaudit);
+ return;
+}
+
int semanage_is_connected(semanage_handle_t * sh)
{
assert(sh != NULL);
Modified: branches/stable/1_0/libsemanage/src/libsemanage.map
===================================================================
--- branches/stable/1_0/libsemanage/src/libsemanage.map 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsemanage/src/libsemanage.map 2007-09-27 13:10:10 UTC (rev 2588)
@@ -13,6 +13,6 @@
semanage_iface_*; semanage_port_*; semanage_context_*;
semanage_node_*;
semanage_fcontext_*; semanage_access_check; semanage_set_create_store;
- semanage_is_connected;
+ semanage_is_connected; semanage_set_disable_dontaudit;
local: *;
};
Modified: branches/stable/1_0/libsepol/include/sepol/handle.h
===================================================================
--- branches/stable/1_0/libsepol/include/sepol/handle.h 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsepol/include/sepol/handle.h 2007-09-27 13:10:10 UTC (rev 2588)
@@ -7,6 +7,10 @@
/* Create and return a sepol handle. */
sepol_handle_t *sepol_handle_create(void);
+/* Set whether or not to disable dontaudits, 0 is default and does
+ * not disable dontaudits, 1 disables them */
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
+
/* Destroy a sepol handle. */
void sepol_handle_destroy(sepol_handle_t *);
Modified: branches/stable/1_0/libsepol/src/expand.c
===================================================================
--- branches/stable/1_0/libsepol/src/expand.c 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsepol/src/expand.c 2007-09-27 13:10:10 UTC (rev 2588)
@@ -1366,6 +1366,8 @@
} else if (specified & AVRULE_AUDITDENY) {
spec = AVTAB_AUDITDENY;
} else if (specified & AVRULE_DONTAUDIT) {
+ if (handle->disable_dontaudit)
+ return EXPAND_RULE_SUCCESS;
spec = AVTAB_AUDITDENY;
} else if (specified & AVRULE_NEVERALLOW) {
spec = AVTAB_NEVERALLOW;
Modified: branches/stable/1_0/libsepol/src/handle.c
===================================================================
--- branches/stable/1_0/libsepol/src/handle.c 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsepol/src/handle.c 2007-09-27 13:10:10 UTC (rev 2588)
@@ -1,4 +1,5 @@
#include <stdlib.h>
+#include <assert.h>
#include "handle.h"
#include "debug.h"
@@ -13,9 +14,18 @@
sh->msg_callback = sepol_msg_default_handler;
sh->msg_callback_arg = NULL;
+ /* by default do not disable dontaudits */
+ sh->disable_dontaudit = 0;
+
return sh;
}
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
+{
+ assert(sh !=NULL);
+ sh->disable_dontaudit = disable_dontaudit;
+}
+
void sepol_handle_destroy(sepol_handle_t * sh)
{
free(sh);
Modified: branches/stable/1_0/libsepol/src/handle.h
===================================================================
--- branches/stable/1_0/libsepol/src/handle.h 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsepol/src/handle.h 2007-09-27 13:10:10 UTC (rev 2588)
@@ -14,6 +14,9 @@
void (*msg_callback) (void *varg,
sepol_handle_t * handle, const char *fmt, ...);
void *msg_callback_arg;
+
+ int disable_dontaudit;
+
};
#endif
Modified: branches/stable/1_0/libsepol/src/libsepol.map
===================================================================
--- branches/stable/1_0/libsepol/src/libsepol.map 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/libsepol/src/libsepol.map 2007-09-27 13:10:10 UTC (rev 2588)
@@ -12,5 +12,6 @@
sepol_policydb_*; sepol_set_policydb_from_file;
sepol_policy_kern_*;
sepol_policy_file_*;
+ sepol_set_disable_dontaudit;
local: *;
};
Modified: branches/stable/1_0/policycoreutils/semodule/semodule.c
===================================================================
--- branches/stable/1_0/policycoreutils/semodule/semodule.c 2007-09-25 12:15:19 UTC (rev 2587)
+++ branches/stable/1_0/policycoreutils/semodule/semodule.c 2007-09-27 13:10:10 UTC (rev 2588)
@@ -44,6 +44,7 @@
static int no_reload;
static int create_store;
static int build;
+static int disable_dontaudit;
static semanage_handle_t *sh = NULL;
static char *store;
@@ -131,6 +132,7 @@
printf(" -n,--noreload do not reload policy after commit\n");
printf(" -h,--help print this message and quit\n");
printf(" -v,--verbose be verbose\n");
+ printf(" -D,--disable_dontaudit Remove dontaudits from policy\n");
}
/* Sets the global mode variable to new_mode, but only if no other
@@ -173,6 +175,7 @@
{"reload", 0, NULL, 'R'},
{"noreload", 0, NULL, 'n'},
{"build", 0, NULL, 'B'},
+ {"disable_dontaudit", 0, NULL, 'D'},
{NULL, 0, NULL, 0}
};
int i;
@@ -181,7 +184,7 @@
no_reload = 0;
create_store = 0;
while ((i =
- getopt_long(argc, argv, "s:b:hi:lvqr:u:RnB", opts,
+ getopt_long(argc, argv, "s:b:hi:lvqr:u:RnBD", opts,
NULL)) != -1) {
switch (i) {
case 'b':
@@ -218,6 +221,9 @@
case 'B':
build = 1;
break;
+ case 'D':
+ disable_dontaudit = 1;
+ break;
case '?':
default:{
usage(argv[0]);
@@ -441,6 +447,8 @@
semanage_set_reload(sh, 0);
if (build)
semanage_set_rebuild(sh, 1);
+ if (disable_dontaudit)
+ semanage_set_disable_dontaudit(sh, 1);
result = semanage_commit(sh);
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
