From e76867515be3bc296174aeb26c7996a0939a2a8c Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Mon, 20 Jan 2014 03:53:48 -0500 Subject: [PATCH] libsemanage: allow to disable audit support Upstream-Status: Pending Signed-off-by: Wenzong Fan --- src/Makefile | 10 +++++++++- src/seusers_local.c | 13 +++++++++++++ tests/Makefile | 10 +++++++++- 3 files changed, 31 insertions(+), 2 deletions(-) diff --git a/src/Makefile b/src/Makefile index a0eb374..afc4437 100644 --- a/src/Makefile +++ b/src/Makefile @@ -26,6 +26,14 @@ ifeq ($(DEBUG),1) export LDFLAGS ?= -g endif +DISABLE_AUDIT ?= n +ifeq ($(DISABLE_AUDIT),y) + LIBAUDIT = + CFLAGS += -DDISABLE_AUDIT +else + LIBAUDIT = -laudit +endif + LEX = flex LFLAGS = -s YACC = bison @@ -89,7 +97,7 @@ $(LIBA): $(OBJS) $(RANLIB) $@ $(LIBSO): $(LOBJS) - $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol -laudit -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs + $(CC) $(CFLAGS) $(LDFLAGS) -shared -o $@ $^ -lsepol $(LIBAUDIT) -lselinux -lbz2 -Wl,-soname,$(LIBSO),--version-script=libsemanage.map,-z,defs ln -sf $@ $(TARGET) $(LIBPC): $(LIBPC).in ../VERSION diff --git a/src/seusers_local.c b/src/seusers_local.c index 6508ec0..1b26956 100644 --- a/src/seusers_local.c +++ b/src/seusers_local.c @@ -8,7 +8,11 @@ typedef struct semanage_seuser record_t; #include #include + +#ifndef DISABLE_AUDIT #include +#endif + #include #include "user_internal.h" #include "seuser_internal.h" @@ -55,6 +59,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) return roles; } +#ifndef DISABLE_AUDIT static int semanage_seuser_audit(semanage_handle_t * handle, const semanage_seuser_t * seuser, const semanage_seuser_t * previous, @@ -119,6 +124,7 @@ err: free(proles); return rc; } +#endif int semanage_seuser_modify_local(semanage_handle_t * handle, const semanage_seuser_key_t * key, @@ -163,8 +169,11 @@ int semanage_seuser_modify_local(semanage_handle_t * handle, (void) semanage_seuser_query(handle, key, &previous); handle->msg_callback = callback; rc = dbase_modify(handle, dconfig, key, new); + +#ifndef DISABLE_AUDIT if (semanage_seuser_audit(handle, new, previous, AUDIT_ROLE_ASSIGN, rc == 0) < 0) rc = -1; +#endif err: if (previous) semanage_seuser_free(previous); @@ -180,8 +189,12 @@ int semanage_seuser_del_local(semanage_handle_t * handle, dbase_config_t *dconfig = semanage_seuser_dbase_local(handle); rc = dbase_del(handle, dconfig, key); semanage_seuser_query(handle, key, &seuser); + +#ifndef DISABLE_AUDIT if (semanage_seuser_audit(handle, NULL, seuser, AUDIT_ROLE_REMOVE, rc == 0) < 0) rc = -1; +#endif + if (seuser) semanage_seuser_free(seuser); return rc; diff --git a/tests/Makefile b/tests/Makefile index 69f49a3..f914492 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -4,10 +4,18 @@ CILS = $(sort $(wildcard *.cil)) ########################################################################### +DISABLE_AUDIT ?= n +ifeq ($(DISABLE_AUDIT),y) + LIBAUDIT = + CFLAGS += -DDISABLE_AUDIT +else + LIBAUDIT = -laudit +endif + EXECUTABLE = libsemanage-tests CFLAGS += -g -O0 -Wall -W -Wundef -Wmissing-noreturn -Wmissing-format-attribute -Wno-unused-parameter override CFLAGS += -I../src -I../include -override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol +override LDLIBS += -lcunit -lbz2 $(LIBAUDIT) -lselinux -lsepol OBJECTS = $(SOURCES:.c=.o) POLICIES = $(CILS:.cil=.policy) -- 2.17.1