mirror of
https://github.com/SELinuxProject/selinux
synced 2025-01-09 23:19:26 +00:00
86a2f899cb
This patch adds the ability to check on the value of the disable_dontaudit flag in the sepol handle. In the past the only way to know the value of this was to directly read the values from the handle. The get function provides a setter-getter symmetry similar to other functions found in libsepol. Signed-off-by: Christopher Pardy <cpardy@redhat.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
28 lines
976 B
C
28 lines
976 B
C
#ifndef _SEPOL_HANDLE_H_
|
|
#define _SEPOL_HANDLE_H_
|
|
|
|
struct sepol_handle;
|
|
typedef struct sepol_handle sepol_handle_t;
|
|
|
|
/* Create and return a sepol handle. */
|
|
sepol_handle_t *sepol_handle_create(void);
|
|
|
|
/* Get whether or not dontaudits will be disabled, same values as
|
|
* specified by set_disable_dontaudit. This value reflects the state
|
|
* your system will be set to upon commit, not necessarily its
|
|
* current state.*/
|
|
int sepol_get_disable_dontaudit(sepol_handle_t * sh);
|
|
|
|
/* Set whether or not to disable dontaudits, 0 is default and does
|
|
* not disable dontaudits, 1 disables them */
|
|
void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
|
|
|
|
/* Set whether module_expand() should consume the base policy passed in.
|
|
* This should reduce the amount of memory required to expand the policy. */
|
|
void sepol_set_expand_consume_base(sepol_handle_t * sh, int consume_base);
|
|
|
|
/* Destroy a sepol handle. */
|
|
void sepol_handle_destroy(sepol_handle_t *);
|
|
|
|
#endif
|