mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-12 09:05:00 +00:00
e4bc1b223d
By default only the effective branch of a tunable conditional would be expanded and written to raw policy, while all needless unused branches would be discarded. Add a new option '-P' or "--preserve_tunables" to the semodule program. By default it is 0, if set to 1 then the above preserve_tunables flag in the sepol_handle_t would be set to 1 accordingly. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
35 lines
1.3 KiB
C
35 lines
1.3 KiB
C
#ifndef _SEPOL_HANDLE_H_
|
|
#define _SEPOL_HANDLE_H_
|
|
|
|
struct sepol_handle;
|
|
typedef struct sepol_handle sepol_handle_t;
|
|
|
|
/* Create and return a sepol handle. */
|
|
sepol_handle_t *sepol_handle_create(void);
|
|
|
|
/* Get whether or not dontaudits will be disabled, same values as
|
|
* specified by set_disable_dontaudit. This value reflects the state
|
|
* your system will be set to upon commit, not necessarily its
|
|
* current state.*/
|
|
int sepol_get_disable_dontaudit(sepol_handle_t * sh);
|
|
|
|
/* Set whether or not to disable dontaudits, 0 is default and does
|
|
* not disable dontaudits, 1 disables them */
|
|
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
|
|
|
|
/* Set whether module_expand() should consume the base policy passed in.
|
|
* This should reduce the amount of memory required to expand the policy. */
|
|
void sepol_set_expand_consume_base(sepol_handle_t * sh, int consume_base);
|
|
|
|
/* Destroy a sepol handle. */
|
|
void sepol_handle_destroy(sepol_handle_t *);
|
|
|
|
/* Get whether or not needless unused branch of tunables would be preserved */
|
|
int sepol_get_preserve_tunables(sepol_handle_t * sh);
|
|
|
|
/* Set whether or not to preserve the needless unused branch of tunables,
|
|
* 0 is default and discard such branch, 1 preserves them */
|
|
void sepol_set_preserve_tunables(sepol_handle_t * sh, int preserve_tunables);
|
|
|
|
#endif
|