[PATCH 54/63] libselinux: simple interface for access checks

   This patch looks good to me. acked.

From a3937807d751496b4a374c56429ba70b11fbfd5e Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@...>
Date: Thu, 20 Oct 2011 15:14:08 -0400
Subject: [PATCH 54/63] libselinux: simple interface for access checks

Some programs, like passwd, need to do simeple one time access checks.
Rather than set up a full avc cache and use that infrastructure they
were directly using security_compute_av.  A problem with this approach
is the lack of audit on denials.  This patch creates a new interface
that is simple to use and which will still listen to things like
permissive and output audit messages on denials.

Signed-off-by: Eric Paris <eparis@...>
---
 libselinux/include/selinux/selinux.h      |   19 +++++++++++++++++
 libselinux/man/man3/security_compute_av.3 |    5 ++++
 libselinux/src/checkAccess.c              |   32 +++++++++++++++++++++++++++++
 3 files changed, 56 insertions(+), 0 deletions(-)

diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index d766645..826ed71 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
 <at>  <at>  -513,6 +513,25  <at>  <at>  extern const char *selinux_colors_path(void);
 extern const char *selinux_netfilter_context_path(void);