RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-04-01 23:08:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
99fc177b5a
selinux/libsepol/include/sepol/policydb/util.h
Jeff Vander Stoep 99fc177b5a Add neverallow support for ioctl extended permissions 
Neverallow rules for ioctl extended permissions will pass in two
cases:
1. If extended permissions exist for the source-target-class set
   the test will pass if the neverallow values are excluded.
2. If extended permissions do not exist for the source-target-class
   set the test will pass if the ioctl permission is not granted.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by:  Nick Kralevich <nnk@google.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
2015-09-22 10:52:47 -04:00

45 lines
1.4 KiB
C
Raw Blame History

/* Authors: Karl MacMillan <kmacmillan@tresys.com>
*
* A set of utility functions that aid policy decision when dealing
* with hierarchal namespaces.
*
* Copyright (C) 2006 Tresys Technology, LLC
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
#ifndef __SEPOL_UTIL_H__
#define __SEPOL_UTIL_H__
#include <sys/cdefs.h>
__BEGIN_DECLS
extern int add_i_to_a(uint32_t i, uint32_t * cnt, uint32_t ** a);
extern char *sepol_av_to_string(policydb_t * policydbp, uint32_t tclass,
sepol_access_vector_t av);
char *sepol_extended_perms_to_string(avtab_extended_perms_t *xperms);
/*
* The tokenize function may be used to
* replace sscanf
*/
extern int tokenize(char *line_buf, char delim, int num_args, ...);
__END_DECLS
#endif
Reference in New Issue View Git Blame Copy Permalink