1 Nov 2011 20:47
[PATCH 54/63] libselinux: simple interface for access checks
This patch looks good to me. acked.
From a3937807d751496b4a374c56429ba70b11fbfd5e Mon Sep 17 00:00:00 2001 From: Dan Walsh <dwalsh@...> Date: Thu, 20 Oct 2011 15:14:08 -0400 Subject: [PATCH 54/63] libselinux: simple interface for access checks Some programs, like passwd, need to do simeple one time access checks. Rather than set up a full avc cache and use that infrastructure they were directly using security_compute_av. A problem with this approach is the lack of audit on denials. This patch creates a new interface that is simple to use and which will still listen to things like permissive and output audit messages on denials. Signed-off-by: Eric Paris <eparis@...> --- libselinux/include/selinux/selinux.h | 19 +++++++++++++++++ libselinux/man/man3/security_compute_av.3 | 5 ++++ libselinux/src/checkAccess.c | 32 +++++++++++++++++++++++++++++ 3 files changed, 56 insertions(+), 0 deletions(-) diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h index d766645..826ed71 100644 --- a/libselinux/include/selinux/selinux.h +++ b/libselinux/include/selinux/selinux.h <at> <at> -513,6 +513,25 <at> <at> extern const char *selinux_colors_path(void); extern const char *selinux_netfilter_context_path(void);(Continue reading)
RSS Feed