From b3bfd10ccde997e99d0b41a398852cbbefbbd2e8 Mon Sep 17 00:00:00 2001
From: Peter Morrow <pemorrow@linux.microsoft.com>
Date: Tue, 15 Dec 2020 15:19:30 +0000
Subject: [PATCH] selinux: add selinux_get_all_booleans() interface

Allow the caller to read the state of selinuxfs booleans.

Signed-off-by: Peter Morrow <pemorrow@linux.microsoft.com>
---
 policy/modules/kernel/selinux.if | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index bf70d3c45..43eebcd0f 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -444,6 +444,30 @@ interface(`selinux_set_all_booleans',`
 	}
 ')
 
+########################################
+## <summary>
+##  Allow caller to get the state of all Booleans to
+##  view conditional portions of the policy.
+## </summary>
+## <param name="domain">
+##  <summary>
+##  Domain allowed access.
+##  </summary>
+## </param>
+## <rolecap/>
+#
+interface(`selinux_get_all_booleans',`
+	gen_require(`
+		type security_t;
+		attribute boolean_type;
+	')
+
+	dev_search_sysfs($1)
+
+	allow $1 security_t:dir list_dir_perms;
+	allow $1 boolean_type:file read_file_perms;
+')
+
 ########################################
 ## <summary>
 ##	Allow caller to set SELinux access vector cache parameters.