Merge pull request #325 from pdmorrow/selinux_getbools

selinux: add selinux_get_all_booleans() interface
This commit is contained in:
Chris PeBenito 2020-12-15 11:10:12 -05:00 committed by GitHub
commit 2a660fb6f6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 24 additions and 0 deletions

View File

@ -444,6 +444,30 @@ interface(`selinux_set_all_booleans',`
}
')
########################################
## <summary>
## Allow caller to get the state of all Booleans to
## view conditional portions of the policy.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`selinux_get_all_booleans',`
gen_require(`
type security_t;
attribute boolean_type;
')
dev_search_sysfs($1)
allow $1 security_t:dir list_dir_perms;
allow $1 boolean_type:file read_file_perms;
')
########################################
## <summary>
## Allow caller to set SELinux access vector cache parameters.