[1/2] libsepol: add sepol_av_perm_to_string

Commit Message

Christian Göttsche Feb. 4, 2022, 1:35 p.m. UTC

Add a wrapper around the utility function sepol_av_to_string() on the
service internal policy.  This allows callers to convert a permission
bit set into a string representation without access to the internal
policy structure.

Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
 libsepol/include/sepol/policydb/services.h | 9 +++++++++
 libsepol/src/services.c                    | 6 ++++++
 2 files changed, 15 insertions(+)

Patch

diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h
index 048f8a5a..44de3863 100644
--- a/libsepol/include/sepol/policydb/services.h
+++ b/libsepol/include/sepol/policydb/services.h
@@ -103,6 +103,15 @@  extern int sepol_string_to_av_perm(sepol_security_class_t tclass,
 					const char *perm_name,
 					sepol_access_vector_t *av);
 
+/*
+ * Return a string representation of the permission av bit associated with
+ * tclass.
+ * Returns a pointer to an internal buffer, overridden by the next call to
+ * this function or sepol_av_to_string().
+ */
+ extern const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
+					sepol_access_vector_t av);
+
 /*
  * Compute a SID to use for labeling a new object in the 
  * class `tclass' based on a SID pair.  
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 7becfd1b..b2fb804e 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1233,6 +1233,12 @@  out:
 	return STATUS_ERR;
 }
 
+ const char *sepol_av_perm_to_string(sepol_security_class_t tclass,
+					sepol_access_vector_t av)
+{
+	return sepol_av_to_string(policydb, tclass, av);
+}
+
 /*
  * Write the security context string representation of 
  * the context associated with `sid' into a dynamically