| Message ID | 20220222135435.31216-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | f0e085f68439 |
| Headers | show |
| Series | [RFC,v2,1/4] libsepol: add sepol_av_perm_to_string | expand |
On Tue, Feb 22, 2022 at 9:05 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > Add a wrapper around the utility function sepol_av_to_string() on the > service internal policy. This allows callers to convert a permission > bit set into a string representation without access to the internal > policy structure. > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> After thinking about it, I am ok with this series. All of the functions that are being exported are used by checkpolicy or audit2why and are from services.c. So for these four patches: Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/include/sepol/policydb/services.h | 9 +++++++++ > libsepol/src/services.c | 6 ++++++ > 2 files changed, 15 insertions(+) > > diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h > index 048f8a5a..44de3863 100644 > --- a/libsepol/include/sepol/policydb/services.h > +++ b/libsepol/include/sepol/policydb/services.h > @@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass, > const char *perm_name, > sepol_access_vector_t *av); > > +/* > + * Return a string representation of the permission av bit associated with > + * tclass. > + * Returns a pointer to an internal buffer, overridden by the next call to > + * this function or sepol_av_to_string(). > + */ > + extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass, > + sepol_access_vector_t av); > + > /* > * Compute a SID to use for labeling a new object in the > * class `tclass' based on a SID pair. > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > index 7becfd1b..b2fb804e 100644 > --- a/libsepol/src/services.c > +++ b/libsepol/src/services.c > @@ -1233,6 +1233,12 @@ out: > return STATUS_ERR; > } > > + const char *sepol_av_perm_to_string(sepol_security_class_t tclass, > + sepol_access_vector_t av) > +{ > + return sepol_av_to_string(policydb, tclass, av); > +} > + > /* > * Write the security context string representation of > * the context associated with `sid' into a dynamically > -- > 2.35.1 >
On Thu, Apr 7, 2022 at 10:54 AM James Carter <jwcart2@gmail.com> wrote: > > On Tue, Feb 22, 2022 at 9:05 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > Add a wrapper around the utility function sepol_av_to_string() on the > > service internal policy. This allows callers to convert a permission > > bit set into a string representation without access to the internal > > policy structure. > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > After thinking about it, I am ok with this series. All of the > functions that are being exported are used by checkpolicy or audit2why > and are from services.c. > > So for these four patches: > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libsepol/include/sepol/policydb/services.h | 9 +++++++++ > > libsepol/src/services.c | 6 ++++++ > > 2 files changed, 15 insertions(+) > > > > diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h > > index 048f8a5a..44de3863 100644 > > --- a/libsepol/include/sepol/policydb/services.h > > +++ b/libsepol/include/sepol/policydb/services.h > > @@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass, > > const char *perm_name, > > sepol_access_vector_t *av); > > > > +/* > > + * Return a string representation of the permission av bit associated with > > + * tclass. > > + * Returns a pointer to an internal buffer, overridden by the next call to > > + * this function or sepol_av_to_string(). > > + */ > > + extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass, > > + sepol_access_vector_t av); > > + > > /* > > * Compute a SID to use for labeling a new object in the > > * class `tclass' based on a SID pair. > > diff --git a/libsepol/src/services.c b/libsepol/src/services.c > > index 7becfd1b..b2fb804e 100644 > > --- a/libsepol/src/services.c > > +++ b/libsepol/src/services.c > > @@ -1233,6 +1233,12 @@ out: > > return STATUS_ERR; > > } > > > > + const char *sepol_av_perm_to_string(sepol_security_class_t tclass, > > + sepol_access_vector_t av) > > +{ > > + return sepol_av_to_string(policydb, tclass, av); > > +} > > + > > /* > > * Write the security context string representation of > > * the context associated with `sid' into a dynamically > > -- > > 2.35.1 > >
diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h index 048f8a5a..44de3863 100644 --- a/libsepol/include/sepol/policydb/services.h +++ b/libsepol/include/sepol/policydb/services.h @@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass, const char *perm_name, sepol_access_vector_t *av); +/* + * Return a string representation of the permission av bit associated with + * tclass. + * Returns a pointer to an internal buffer, overridden by the next call to + * this function or sepol_av_to_string(). + */ + extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass, + sepol_access_vector_t av); + /* * Compute a SID to use for labeling a new object in the * class `tclass' based on a SID pair. diff --git a/libsepol/src/services.c b/libsepol/src/services.c index 7becfd1b..b2fb804e 100644 --- a/libsepol/src/services.c +++ b/libsepol/src/services.c @@ -1233,6 +1233,12 @@ out: return STATUS_ERR; } + const char *sepol_av_perm_to_string(sepol_security_class_t tclass, + sepol_access_vector_t av) +{ + return sepol_av_to_string(policydb, tclass, av); +} + /* * Write the security context string representation of * the context associated with `sid' into a dynamically
Add a wrapper around the utility function sepol_av_to_string() on the service internal policy. This allows callers to convert a permission bit set into a string representation without access to the internal policy structure. Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- libsepol/include/sepol/policydb/services.h | 9 +++++++++ libsepol/src/services.c | 6 ++++++ 2 files changed, 15 insertions(+)