commit: a164a2d6e18255bbc842d3cee8edb63882e9e2c2
Author: Peter Morrow <pemorrow <AT> linux <DOT> microsoft <DOT> com>
AuthorDate: Tue Dec 15 15:19:30 2020 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Jan 10 21:52:17 2021 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=a164a2d6
selinux: add selinux_get_all_booleans() interface
Allow the caller to read the state of selinuxfs booleans.
Signed-off-by: Peter Morrow <pemorrow <AT> linux.microsoft.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>
policy/modules/kernel/selinux.if | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/policy/modules/kernel/selinux.if b/policy/modules/kernel/selinux.if
index bf70d3c4..43eebcd0 100644
--- a/policy/modules/kernel/selinux.if
+++ b/policy/modules/kernel/selinux.if
@@ -444,6 +444,30 @@ interface(`selinux_set_all_booleans',`
}
')
+########################################
+## <summary>
+## Allow caller to get the state of all Booleans to
+## view conditional portions of the policy.
+## </summary>
+## <param name="domain">
+## <summary>
+## Domain allowed access.
+## </summary>
+## </param>
+## <rolecap/>
+#
+interface(`selinux_get_all_booleans',`
+ gen_require(`
+ type security_t;
+ attribute boolean_type;
+ ')
+
+ dev_search_sysfs($1)
+
+ allow $1 security_t:dir list_dir_perms;
+ allow $1 boolean_type:file read_file_perms;
+')
+
########################################
## <summary>
## Allow caller to set SELinux access vector cache parameters.
