2007-08-11 11:01:41 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibsepol/include/sepol/handle.h libsepol-2.0.5/include/sepol/handle.h
|
|
|
|
|
--- nsalibsepol/include/sepol/handle.h 2007-07-16 14:20:40.000000000 -0400
|
|
|
|
|
+++ libsepol-2.0.5/include/sepol/handle.h 2007-08-10 09:42:16.000000000 -0400
|
|
|
|
|
@@ -7,6 +7,10 @@
|
|
|
|
|
/* Create and return a sepol handle. */
|
|
|
|
|
sepol_handle_t *sepol_handle_create(void);
|
|
|
|
|
|
|
|
|
|
+/* Set whether or not to disable dontaudits, 0 is default and does
|
|
|
|
|
+ * not disable dontaudits, 1 disables them */
|
|
|
|
|
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit);
|
|
|
|
|
+
|
|
|
|
|
/* Destroy a sepol handle. */
|
|
|
|
|
void sepol_handle_destroy(sepol_handle_t *);
|
|
|
|
|
|
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibsepol/src/expand.c libsepol-2.0.5/src/expand.c
|
|
|
|
|
--- nsalibsepol/src/expand.c 2007-07-16 14:20:41.000000000 -0400
|
|
|
|
|
+++ libsepol-2.0.5/src/expand.c 2007-08-10 09:42:16.000000000 -0400
|
|
|
|
|
@@ -1367,6 +1367,8 @@
|
|
|
|
|
} else if (specified & AVRULE_AUDITDENY) {
|
|
|
|
|
spec = AVTAB_AUDITDENY;
|
|
|
|
|
} else if (specified & AVRULE_DONTAUDIT) {
|
|
|
|
|
+ if (handle->disable_dontaudit)
|
|
|
|
|
+ return EXPAND_RULE_SUCCESS;
|
|
|
|
|
spec = AVTAB_AUDITDENY;
|
|
|
|
|
} else if (specified & AVRULE_NEVERALLOW) {
|
|
|
|
|
spec = AVTAB_NEVERALLOW;
|
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.c libsepol-2.0.5/src/handle.c
|
|
|
|
|
--- nsalibsepol/src/handle.c 2007-07-16 14:20:41.000000000 -0400
|
|
|
|
|
+++ libsepol-2.0.5/src/handle.c 2007-08-10 09:42:16.000000000 -0400
|
|
|
|
|
@@ -1,4 +1,5 @@
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
+#include <assert.h>
|
|
|
|
|
#include "handle.h"
|
2007-03-28 18:55:21 +00:00
|
|
|
#include "debug.h"
|
|
|
|
|
|
2007-08-11 11:01:41 +00:00
|
|
|
@@ -13,9 +14,18 @@
|
|
|
|
|
sh->msg_callback = sepol_msg_default_handler;
|
|
|
|
|
sh->msg_callback_arg = NULL;
|
2007-03-28 18:55:21 +00:00
|
|
|
|
2007-08-11 11:01:41 +00:00
|
|
|
+ /* by default do not disable dontaudits */
|
|
|
|
|
+ sh->disable_dontaudit = 0;
|
2007-03-28 18:55:21 +00:00
|
|
|
+
|
2007-08-11 11:01:41 +00:00
|
|
|
return sh;
|
2007-03-28 18:55:21 +00:00
|
|
|
}
|
|
|
|
|
|
2007-08-11 11:01:41 +00:00
|
|
|
+void sepol_set_disable_dontaudit(sepol_handle_t * sh, int disable_dontaudit)
|
2007-03-28 18:55:21 +00:00
|
|
|
+{
|
2007-08-11 11:01:41 +00:00
|
|
|
+ assert(sh !=NULL);
|
|
|
|
|
+ sh->disable_dontaudit = disable_dontaudit;
|
2007-03-28 18:55:21 +00:00
|
|
|
+}
|
|
|
|
|
+
|
2007-08-11 11:01:41 +00:00
|
|
|
void sepol_handle_destroy(sepol_handle_t * sh)
|
2007-03-28 18:55:21 +00:00
|
|
|
{
|
2007-08-11 11:01:41 +00:00
|
|
|
free(sh);
|
|
|
|
|
diff --exclude-from=exclude -N -u -r nsalibsepol/src/handle.h libsepol-2.0.5/src/handle.h
|
|
|
|
|
--- nsalibsepol/src/handle.h 2007-07-16 14:20:40.000000000 -0400
|
|
|
|
|
+++ libsepol-2.0.5/src/handle.h 2007-08-10 09:42:16.000000000 -0400
|
|
|
|
|
@@ -14,6 +14,9 @@
|
|
|
|
|
void (*msg_callback) (void *varg,
|
|
|
|
|
sepol_handle_t * handle, const char *fmt, ...);
|
|
|
|
|
void *msg_callback_arg;
|
2007-03-28 18:55:21 +00:00
|
|
|
+
|
2007-08-11 11:01:41 +00:00
|
|
|
+ int disable_dontaudit;
|
2007-03-28 18:55:21 +00:00
|
|
|
+
|
2007-08-11 11:01:41 +00:00
|
|
|
};
|
2007-03-28 18:55:21 +00:00
|
|
|
|
|
|
|
|
#endif
|
2007-08-11 11:01:41 +00:00
|
|
|
diff --exclude-from=exclude -N -u -r nsalibsepol/src/libsepol.map libsepol-2.0.5/src/libsepol.map
|
|
|
|
|
--- nsalibsepol/src/libsepol.map 2007-07-16 14:20:41.000000000 -0400
|
|
|
|
|
+++ libsepol-2.0.5/src/libsepol.map 2007-08-10 09:42:16.000000000 -0400
|
|
|
|
|
@@ -12,5 +12,6 @@
|
|
|
|
|
sepol_policydb_*; sepol_set_policydb_from_file;
|
|
|
|
|
sepol_policy_kern_*;
|
|
|
|
|
sepol_policy_file_*;
|
|
|
|
|
+ sepol_set_disable_dontaudit;
|
|
|
|
|
local: *;
|
|
|
|
|
};
|
