|
 |
c86e2e8 |
diff -up libselinux-2.0.77/include/selinux/avc.h.jx libselinux-2.0.77/include/selinux/avc.h
|
|
|
c86e2e8 |
--- libselinux-2.0.77/include/selinux/avc.h.jx 2009-01-27 14:47:32.000000000 -0500
|
|
|
c86e2e8 |
+++ libselinux-2.0.77/include/selinux/avc.h 2009-03-02 13:58:11.000000000 -0500
|
|
|
c86e2e8 |
@@ -427,6 +427,29 @@ void avc_av_stats(void);
|
|
|
c86e2e8 |
*/
|
|
|
c86e2e8 |
void avc_sid_stats(void);
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
+/**
|
|
|
c86e2e8 |
+ * avc_netlink_acquire_fd - Acquire netlink socket fd.
|
|
|
c86e2e8 |
+ *
|
|
|
c86e2e8 |
+ * Allows the application to manage messages from the netlink socket in
|
|
|
c86e2e8 |
+ * its own main loop.
|
|
|
c86e2e8 |
+ */
|
|
|
c86e2e8 |
+int avc_netlink_acquire_fd(void);
|
|
|
c86e2e8 |
+
|
|
|
c86e2e8 |
+/**
|
|
|
c86e2e8 |
+ * avc_netlink_release_fd - Release netlink socket fd.
|
|
|
c86e2e8 |
+ *
|
|
|
c86e2e8 |
+ * Returns ownership of the netlink socket to the library.
|
|
|
c86e2e8 |
+ */
|
|
|
c86e2e8 |
+void avc_netlink_release_fd(void);
|
|
|
c86e2e8 |
+
|
|
|
c86e2e8 |
+/**
|
|
|
c86e2e8 |
+ * avc_netlink_check_nb - Check netlink socket for new messages.
|
|
|
c86e2e8 |
+ *
|
|
|
c86e2e8 |
+ * Called by the application when using avc_netlink_acquire_fd() to
|
|
|
c86e2e8 |
+ * process kernel netlink events.
|
|
|
c86e2e8 |
+ */
|
|
|
c86e2e8 |
+int avc_netlink_check_nb(void);
|
|
|
c86e2e8 |
+
|
|
|
c86e2e8 |
#ifdef __cplusplus
|
|
|
c86e2e8 |
}
|
|
|
c86e2e8 |
#endif
|
|
|
c86e2e8 |
diff -up libselinux-2.0.77/src/avc.c.jx libselinux-2.0.77/src/avc.c
|
|
|
c86e2e8 |
--- libselinux-2.0.77/src/avc.c.jx 2009-01-27 14:47:32.000000000 -0500
|
|
|
c86e2e8 |
+++ libselinux-2.0.77/src/avc.c 2009-03-02 13:58:11.000000000 -0500
|
|
|
c86e2e8 |
@@ -812,7 +812,7 @@ int avc_has_perm_noaudit(security_id_t s
|
|
|
c86e2e8 |
access_vector_t denied;
|
|
|
c86e2e8 |
struct avc_entry_ref ref;
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
- if (!avc_using_threads) {
|
|
|
c86e2e8 |
+ if (!avc_using_threads && !avc_app_main_loop) {
|
|
|
c86e2e8 |
(void)avc_netlink_check_nb();
|
|
|
c86e2e8 |
}
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
diff -up libselinux-2.0.77/src/avc_internal.c.jx libselinux-2.0.77/src/avc_internal.c
|
|
|
c86e2e8 |
--- libselinux-2.0.77/src/avc_internal.c.jx 2009-01-27 14:47:32.000000000 -0500
|
|
|
c86e2e8 |
+++ libselinux-2.0.77/src/avc_internal.c 2009-03-02 13:58:11.000000000 -0500
|
|
|
c86e2e8 |
@@ -34,6 +34,7 @@ void (*avc_func_log) (const char *, ...)
|
|
|
c86e2e8 |
void (*avc_func_audit) (void *, security_class_t, char *, size_t) = NULL;
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
int avc_using_threads = 0;
|
|
|
c86e2e8 |
+int avc_app_main_loop = 0;
|
|
|
c86e2e8 |
void *(*avc_func_create_thread) (void (*)(void)) = NULL;
|
|
|
c86e2e8 |
void (*avc_func_stop_thread) (void *) = NULL;
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
@@ -250,3 +251,15 @@ void avc_netlink_loop(void)
|
|
|
c86e2e8 |
"%s: netlink thread: errors encountered, terminating\n",
|
|
|
c86e2e8 |
avc_prefix);
|
|
|
c86e2e8 |
}
|
|
|
c86e2e8 |
+
|
|
|
c86e2e8 |
+int avc_netlink_acquire_fd(void)
|
|
|
c86e2e8 |
+{
|
|
|
c86e2e8 |
+ avc_app_main_loop = 1;
|
|
|
c86e2e8 |
+
|
|
|
c86e2e8 |
+ return fd;
|
|
|
c86e2e8 |
+}
|
|
|
c86e2e8 |
+
|
|
|
c86e2e8 |
+void avc_netlink_release_fd(void)
|
|
|
c86e2e8 |
+{
|
|
|
c86e2e8 |
+ avc_app_main_loop = 0;
|
|
|
c86e2e8 |
+}
|
|
|
c86e2e8 |
diff -up libselinux-2.0.77/src/avc_internal.h.jx libselinux-2.0.77/src/avc_internal.h
|
|
|
c86e2e8 |
--- libselinux-2.0.77/src/avc_internal.h.jx 2009-01-27 14:47:32.000000000 -0500
|
|
|
c86e2e8 |
+++ libselinux-2.0.77/src/avc_internal.h 2009-03-02 13:58:11.000000000 -0500
|
|
|
c86e2e8 |
@@ -35,6 +35,7 @@ extern void (*avc_func_log) (const char
|
|
|
c86e2e8 |
extern void (*avc_func_audit) (void *, security_class_t, char *, size_t)hidden;
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
extern int avc_using_threads hidden;
|
|
|
c86e2e8 |
+extern int avc_app_main_loop hidden;
|
|
|
c86e2e8 |
extern void *(*avc_func_create_thread) (void (*)(void))hidden;
|
|
|
c86e2e8 |
extern void (*avc_func_stop_thread) (void *)hidden;
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
@@ -184,7 +185,6 @@ int avc_ss_set_auditdeny(security_id_t s
|
|
|
c86e2e8 |
/* netlink kernel message code */
|
|
|
c86e2e8 |
extern int avc_netlink_trouble hidden;
|
|
|
c86e2e8 |
int avc_netlink_open(int blocking) hidden;
|
|
|
c86e2e8 |
-int avc_netlink_check_nb(void) hidden;
|
|
|
c86e2e8 |
void avc_netlink_loop(void) hidden;
|
|
|
c86e2e8 |
void avc_netlink_close(void) hidden;
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
diff -up libselinux-2.0.77/src/selinuxswig.i.jx libselinux-2.0.77/src/selinuxswig.i
|
|
|
c86e2e8 |
--- libselinux-2.0.77/src/selinuxswig.i.jx 2009-03-02 13:58:11.000000000 -0500
|
|
|
c86e2e8 |
+++ libselinux-2.0.77/src/selinuxswig.i 2009-03-02 14:07:42.000000000 -0500
|
|
|
c86e2e8 |
@@ -78,6 +78,11 @@
|
|
|
c86e2e8 |
%ignore selinux_set_mapping;
|
|
|
c86e2e8 |
%ignore security_id;
|
|
|
c86e2e8 |
|
|
|
c86e2e8 |
+/* Ignore netlink stuff for now */
|
|
|
c86e2e8 |
+%ignore avc_netlink_acquire_fd;
|
|
|
c86e2e8 |
+%ignore avc_netlink_release_fd;
|
|
|
c86e2e8 |
+%ignore avc_netlink_check_nb;
|
|
|
c86e2e8 |
+
|
|
|
c86e2e8 |
%include "../include/selinux/selinux.h"
|
|
|
c86e2e8 |
%include "../include/selinux/avc.h"
|
|
|
c86e2e8 |
%include "../include/selinux/get_default_type.h"
|