1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
From 1633f72579e3b79d055759256b71e4169627889b Mon Sep 17 00:00:00 2001
From: Wenzong Fan <wenzong.fan@windriver.com>
Date: Mon, 20 Jan 2014 03:53:48 -0500
Subject: [PATCH] libsemanage: allow to disable audit support
Upstream-Status: Pending
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
---
src/Makefile | 10 +++++++++-
src/seusers_local.c | 13 +++++++++++++
tests/Makefile | 10 +++++++++-
3 files changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/Makefile b/src/Makefile
index 3bd1e20..483e818 100644
--- a/src/Makefile
+++ b/src/Makefile
@@ -26,6 +26,14 @@ ifeq ($(DEBUG),1)
export LDFLAGS = -g
endif
+DISABLE_AUDIT ?= n
+ifeq ($(DISABLE_AUDIT),y)
+ LIBAUDIT =
+ CFLAGS += -DDISABLE_AUDIT
+else
+ LIBAUDIT = -laudit
+endif
+
LEX = flex
LFLAGS = -s
YACC = bison
@@ -88,7 +96,7 @@ $(LIBA): $(OBJS)
$(RANLIB) $@
$(LIBSO): $(LOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
+ $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs
ln -sf $@ $(TARGET)
$(LIBPC): $(LIBPC).in ../VERSION
diff --git a/src/seusers_local.c b/src/seusers_local.c
index 3e2761c..8bc6b83 100644
--- a/src/seusers_local.c
+++ b/src/seusers_local.c
@@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t;
#include <sepol/policydb.h>
#include <sepol/context.h>
+
+#ifndef DISABLE_AUDIT
#include <libaudit.h>
+#endif
+
#include <errno.h>
#include "user_internal.h"
#include "seuser_internal.h"
@@ -55,6 +59,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
return roles;
}
+#ifndef DISABLE_AUDIT
static int semanage_seuser_audit(semanage_handle_t * handle,
const semanage_seuser_t * seuser,
const semanage_seuser_t * previous,
@@ -119,6 +124,7 @@ err:
free(proles);
return rc;
}
+#endif
int semanage_seuser_modify_local(semanage_handle_t * handle,
const semanage_seuser_key_t * key,
@@ -163,8 +169,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle,
(void) semanage_seuser_query(handle, key, &previous);
handle->msg_callback = callback;
rc = dbase_modify(handle, dconfig, key, new);
+
+#ifndef DISABLE_AUDIT
if (semanage_seuser_audit(handle, new, previous, AUDIT_ROLE_ASSIGN, rc == 0) < 0)
rc = -1;
+#endif
err:
if (previous)
semanage_seuser_free(previous);
@@ -180,8 +189,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle,
dbase_config_t *dconfig = semanage_seuser_dbase_local(handle);
rc = dbase_del(handle, dconfig, key);
semanage_seuser_query(handle, key, &seuser);
+
+#ifndef DISABLE_AUDIT
if (semanage_seuser_audit(handle, NULL, seuser, AUDIT_ROLE_REMOVE, rc == 0) < 0)
rc = -1;
+#endif
+
if (seuser)
semanage_seuser_free(seuser);
return rc;
diff --git a/tests/Makefile b/tests/Makefile
index 69f49a3..f914492 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -4,10 +4,18 @@ CILS = $(sort $(wildcard *.cil))
###########################################################################
+DISABLE_AUDIT ?= n
+ifeq ($(DISABLE_AUDIT),y)
+ LIBAUDIT =
+ CFLAGS += -DDISABLE_AUDIT
+else
+ LIBAUDIT = -laudit
+endif
+
EXECUTABLE = libsemanage-tests
CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter
override CFLAGS += -I../src -I../include
-override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol
+override LDLIBS += -lcunit -lbz2 $(LIBAUDIT) -lselinux -lsepol
OBJECTS = $(SOURCES:.c=.o)
POLICIES = $(CILS:.cil=.policy)
--
2.7.4
|
