libsepol: add sepol_av_perm_to_string

Add a wrapper around the utility function sepol_av_to_string() on the
service internal policy.  This allows callers to convert a permission
bit set into a string representation without access to the internal
policy structure.

Acked-by: James Carter <jwcart2@gmail.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche 2022-02-22 14:54:32 +01:00 committed by James Carter
parent 73562de8fc
commit f0e085f684
2 changed files with 15 additions and 0 deletions

View file

@ -103,6 +103,15 @@ extern int sepol_string_to_av_perm(sepol_security_class_t tclass,
const char *perm_name, const char *perm_name,
sepol_access_vector_t *av); sepol_access_vector_t *av);
/*
* Return a string representation of the permission av bit associated with
* tclass.
* Returns a pointer to an internal buffer, overridden by the next call to
* this function or sepol_av_to_string().
*/
extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
sepol_access_vector_t av);
/* /*
* Compute a SID to use for labeling a new object in the * Compute a SID to use for labeling a new object in the
* class `tclass' based on a SID pair. * class `tclass' based on a SID pair.

View file

@ -1233,6 +1233,12 @@ out:
return STATUS_ERR; return STATUS_ERR;
} }
const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
sepol_access_vector_t av)
{
return sepol_av_to_string(policydb, tclass, av);
}
/* /*
* Write the security context string representation of * Write the security context string representation of
* the context associated with `sid' into a dynamically * the context associated with `sid' into a dynamically