Switch from deprecated AUDITDENY to DONTAUDIT

This commit is contained in:
topjohnwu 2018-11-29 06:42:04 -05:00
parent 51e9ff59de
commit 9b170f2b4f
4 changed files with 8 additions and 7 deletions

View File

@ -16,8 +16,8 @@ int sepol_auditallow(const char *s, const char *t, const char *c, const char *p)
return add_rule(s, t, c, p, AVTAB_AUDITALLOW, 0); return add_rule(s, t, c, p, AVTAB_AUDITALLOW, 0);
} }
int sepol_auditdeny(const char *s, const char *t, const char *c, const char *p) { int sepol_dontaudit(const char *s, const char *t, const char *c, const char *p) {
// printf("auditdeny %s %s %s %s\n", s, t, c, p); // printf("dontaudit %s %s %s %s\n", s, t, c, p);
return add_rule(s, t, c, p, AVTAB_AUDITDENY, 0); return add_rule(s, t, c, p, AVTAB_AUDITDENY, 0);
} }

View File

@ -15,7 +15,7 @@
static const char *type_msg_1 = static const char *type_msg_1 =
"Type 1:\n" "Type 1:\n"
"\"<rule_name> source_type target_type class perm_set\"\n" "\"<rule_name> source_type target_type class perm_set\"\n"
"Rules: allow, deny, auditallow, auditdeny\n"; "Rules: allow, deny, auditallow, dontaudit\n";
static const char *type_msg_2 = static const char *type_msg_2 =
"Type 2:\n" "Type 2:\n"
@ -135,7 +135,7 @@ static int parse_pattern_1(int action, const char *action_str, char *stmt) {
action_func = sepol_auditallow; action_func = sepol_auditallow;
break; break;
case 3: case 3:
action_func = sepol_auditdeny; action_func = sepol_dontaudit;
break; break;
default: default:
return 1; return 1;
@ -418,7 +418,7 @@ static void parse_statement(char *statement) {
add_action("allow", 1, 0) add_action("allow", 1, 0)
add_action("deny", 1, 1) add_action("deny", 1, 1)
add_action("auditallow", 1, 2) add_action("auditallow", 1, 2)
add_action("auditdeny", 1, 3) add_action("dontaudit", 1, 3)
add_action("allowxperm", 2, 0) add_action("allowxperm", 2, 0)
add_action("auditallowxperm", 2, 1) add_action("auditallowxperm", 2, 1)
add_action("dontauditxperm", 2, 2) add_action("dontauditxperm", 2, 2)

View File

@ -30,7 +30,7 @@ void destroy_policydb();
int sepol_allow(const char *s, const char *t, const char *c, const char *p); int sepol_allow(const char *s, const char *t, const char *c, const char *p);
int sepol_deny(const char *s, const char *t, const char *c, const char *p); int sepol_deny(const char *s, const char *t, const char *c, const char *p);
int sepol_auditallow(const char *s, const char *t, const char *c, const char *p); int sepol_auditallow(const char *s, const char *t, const char *c, const char *p);
int sepol_auditdeny(const char *s, const char *t, const char *c, const char *p); int sepol_dontaudit(const char *s, const char *t, const char *c, const char *p);
int sepol_typetrans(const char *s, const char *t, const char *c, const char *d); int sepol_typetrans(const char *s, const char *t, const char *c, const char *d);
int sepol_typechange(const char *s, const char *t, const char *c, const char *d); int sepol_typechange(const char *s, const char *t, const char *c, const char *d);
int sepol_typemember(const char *s, const char *t, const char *c, const char *d); int sepol_typemember(const char *s, const char *t, const char *c, const char *d);

View File

@ -115,7 +115,8 @@ static avtab_ptr_t get_avtab_node(avtab_key_t *key, avtab_extended_perms_t *xper
static int add_avrule(avtab_key_t *key, int p, int not) { static int add_avrule(avtab_key_t *key, int p, int not) {
avtab_ptr_t node = get_avtab_node(key, NULL); avtab_ptr_t node = get_avtab_node(key, NULL);
if (not) { // Support DONTAUDIT (AUDITDENY is inverted)
if (AVTAB_AUDITDENY == node->key.specified == !not) {
if (p < 0) if (p < 0)
node->datum.data = 0U; node->datum.data = 0U;
else else