| Message ID | 20200225200219.6163-9-william.c.roberts@intel.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [01/17] security_load_booleans: update return comment | expand |
On Tue, Feb 25, 2020 at 3:03 PM <bill.c.roberts@gmail.com> wrote: > diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h > index e531f927be1e..3704eabc7545 100644 > --- a/libselinux/include/selinux/selinux.h > +++ b/libselinux/include/selinux/selinux.h > @@ -603,7 +603,8 @@ extern int selinux_check_access(const char * scon, const char * tcon, const char > /* Check a permission in the passwd class. > Return 0 if granted or -1 otherwise. */ > extern int selinux_check_passwd_access(access_vector_t requested); > -extern int checkPasswdAccess(access_vector_t requested); > +extern int checkPasswdAccess(access_vector_t requested) > + __attribute__ ((deprecated("Use selinux_check_passwd_access"))); I'd actually recommend deprecating that one too and recommending the use of selinux_check_access() instead. That way they get dynamic lookup of the permission and handling of per-domain permissive and handle_unknown settings. Only drawback is that they have to call getprevcon_raw() themselves first and pass it in.
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index e531f927be1e..3704eabc7545 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h @@ -603,7 +603,8 @@ extern int selinux_check_access(const char * scon, const char * tcon, const char /* Check a permission in the passwd class. Return 0 if granted or -1 otherwise. */ extern int selinux_check_passwd_access(access_vector_t requested); -extern int checkPasswdAccess(access_vector_t requested); +extern int checkPasswdAccess(access_vector_t requested) + __attribute__ ((deprecated("Use selinux_check_passwd_access"))); /* Check if the tty_context is defined as a securetty Return 0 if secure, < 0 otherwise. */