libsepol: add sepol_av_perm_to_string

Add a wrapper around the utility function sepol_av_to_string() on the service internal policy. This allows callers to convert a permission bit set into a string representation without access to the internal policy structure. Acked-by: James Carter <jwcart2@gmail.com> Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
2022-02-22 14:54:32 +01:00 · 2022-02-22 14:54:32 +01:00 · f0e085f684
commit f0e085f684
parent 73562de8fc
2 changed files with 15 additions and 0 deletions
--- a/libsepol/include/sepol/policydb/services.h
+++ b/libsepol/include/sepol/policydb/services.h
@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass,
 					const char *perm_name,
 					sepol_access_vector_t *av);

+/*
+ * Return a string representation of the permission av bit associated with
+ * tclass.
+ * Returns a pointer to an internal buffer, overridden by the next call to
+ * this function or sepol_av_to_string().
+ */
+ extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
+					sepol_access_vector_t av);
+
 /*
 * Compute a SID to use for labeling a new object in the 
 * class `tclass' based on a SID pair.  
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@ -1233,6 +1233,12 @@ out:
 	return STATUS_ERR;
 }

+ const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
+					sepol_access_vector_t av)
+{
+	return sepol_av_to_string(policydb, tclass, av);
+}
+
 /*
 * Write the security context string representation of 
 * the context associated with `sid' into a dynamically