Tree - rpms/libsepol - src.fedoraproject.org

psss / rpms / libsepol

Forked from rpms/libsepol 5 years ago
Files

Commit: b08149358f2a73f45a5fd43deea03528b660c884
Blob Blame History Raw
diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/handle.h libsepol-2.0.5/include/sepol/handle.h
--- nsalibsepol/include/sepol/handle.h	2007-07-16 14:20:40.000000000 -0400
+++ libsepol-2.0.5/include/sepol/handle.h	2007-08-10 09:42:16.000000000 -0400
@@ -7,6 +7,10 @@
 /* Create and return a sepol handle. */
 sepol_handle_t *sepol_handle_create(void);
 
+/* Set whether or not to disable dontaudits, 0 is default and does 
+ * not disable dontaudits, 1 disables them */
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
+
 /* Destroy a sepol handle. */
 void sepol_handle_destroy(sepol_handle_t *);
 
diff --exclude-from=exclude -N -u -r nsalibsepol/src/expand.c libsepol-2.0.5/src/expand.c
--- nsalibsepol/src/expand.c	2007-07-16 14:20:41.000000000 -0400
+++ libsepol-2.0.5/src/expand.c	2007-08-10 09:42:16.000000000 -0400
@@ -1367,6 +1367,8 @@
 	} else if (specified & AVRULE_AUDITDENY) {
 		spec = AVTAB_AUDITDENY;
 	} else if (specified & AVRULE_DONTAUDIT) {
+		if (handle->disable_dontaudit)
+			return EXPAND_RULE_SUCCESS;
 		spec = AVTAB_AUDITDENY;
 	} else if (specified & AVRULE_NEVERALLOW) {
 		spec = AVTAB_NEVERALLOW;
diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.c libsepol-2.0.5/src/handle.c
--- nsalibsepol/src/handle.c	2007-07-16 14:20:41.000000000 -0400
+++ libsepol-2.0.5/src/handle.c	2007-08-10 09:42:16.000000000 -0400
@@ -1,4 +1,5 @@
 #include <stdlib.h>
+#include <assert.h>
 #include "handle.h"
 #include "debug.h"
 
@@ -13,9 +14,18 @@
 	sh->msg_callback = sepol_msg_default_handler;
 	sh->msg_callback_arg = NULL;
 
+	/* by default do not disable dontaudits */
+	sh->disable_dontaudit = 0;
+
 	return sh;
 }
 
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
+{
+	assert(sh !=NULL);
+	sh->disable_dontaudit = disable_dontaudit;
+}
+
 void sepol_handle_destroy(sepol_handle_t * sh)
 {
 	free(sh);
diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.h libsepol-2.0.5/src/handle.h
--- nsalibsepol/src/handle.h	2007-07-16 14:20:40.000000000 -0400
+++ libsepol-2.0.5/src/handle.h	2007-08-10 09:42:16.000000000 -0400
@@ -14,6 +14,9 @@
 	void (*msg_callback) (void *varg,
 			      sepol_handle_t * handle, const char *fmt, ...);
 	void *msg_callback_arg;
+
+	int disable_dontaudit;
+
 };
 
 #endif
diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-2.0.5/src/libsepol.map
--- nsalibsepol/src/libsepol.map	2007-07-16 14:20:41.000000000 -0400
+++ libsepol-2.0.5/src/libsepol.map	2007-08-10 09:42:16.000000000 -0400
@@ -12,5 +12,6 @@
 	sepol_policydb_*; sepol_set_policydb_from_file; 
 	sepol_policy_kern_*;
 	sepol_policy_file_*;
+	sepol_set_disable_dontaudit;
   local: *;
 };
psss / rpms / libsepol

Source Code

Files
