| b1d94562953947f85fd79f20bc4477aa5e01e2c4 |
|
01-Apr-2015 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Add support for generating CIL
Add support to checkpolicy and checkmodule for generating CIL as their
output.
Add new options "-C" and "--cil" to specify CIL as the output format.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/checkpolicy.c
|
| b1bbd3030be095b5e5c49c6f899ed8071fb05f30 |
|
10-Dec-2014 |
Dan Albert <danalbert@google.com> |
Clear errno before call to strtol(3).
Since strtol(3) doesn't clear errno on success, anything that sets
errno prior to this call will make it look like the call failed. This
happens when built with ASAN.
Signed-off-by: Dan Albert <danalbert@google.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| 5af8c5adb274cc45d3a41ce9b1ab2c7573463d74 |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix gcc -Wunused-variable warnings
Add __attribute__ ((unused)) to unused function parameters.
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| c4a4a1a7ed42c167a7d4bae06a1fffa8c6c9cb8d |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter". Use (void) instead where applicable and add unused
parameters when needed.
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| 7dcb7a594698124940d148f00f85be90c6757d7f |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| 581d3eb1281f7c970376649f5027df012269935a |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix gcc -Wsign-compare warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| ab9cbb1f8ef92f1db9dfac2ca7354acaf01fde83 |
|
03-Nov-2013 |
Richard Haines <richard_c_haines@btinternet.com> |
checkpolicy: Add debug feature to display constraints / validatetrans
Allow mls/constraint mls/validatetrans constraints to be displayed
in debug mode. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined
types/attributes will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| f6a03f1a3c5a545c1c3fd2914feb78b84d8012ae |
|
06-Jul-2013 |
Laurent Bigonville <bigon@bigon.be> |
--handle-unknown option takes a required argument
Fix a segmentation fault if the --handle-unknown option was set without
arguments.
Thanks to Alexandre Rebert and his team at Carnegie Mellon University
for detecting this crash.
/external/selinux/checkpolicy/checkpolicy.c
|
| da752cabb5b25974ef6b45274a59344d594a2130 |
|
23-Feb-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
checkpolicy: Android/MacOS X build support
Android/MacOS X build support for checkpolicy.
Create a Android.mk file for Android build integration.
Introduce DARWIN ifdefs for building on MacOS X.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| bf57d2349edec2cfe3d43eb71567a6b851bfc6cd |
|
02-Nov-2009 |
Guido Trentalancia <guido@trentalancia.com> |
Patch for Ticket #1 [1672486] (checkpolicy/checkmodule)
This patch is proposed to solve Ticket #1 [1672486] (command line
binaries should support --version and --help).
It adds handling of -h, -V and the long formats --help and --version to
all binaries (checkpolicy/checkmodule).
It also adds handling of long options for some of the available options.
Manual pages have also been updated accordingly (and a few undocumented
options have been documented).
Guido Trentalancia
Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| f830d96a482af21c4b9328f5efd1cafcec5890e2 |
|
14-Oct-2009 |
Joshua Brindle <method@manicmethod.com> |
Author: Joshua Brindle
Email: method@manicmethod.com
Subject: libsepol: Add support for multiple target OSes
Date: Tue, 13 Oct 2009 15:56:39 -0400
Paul Nuzzi wrote:
> On Wed, 2009-09-16 at 09:58 -0400, Joshua Brindle wrote:
>> I'd rather have separate ocontext structs for each system. That way it
>> is very easy to understand which ones apply to which system and you
>> don't get a crazy out of context ocontext struct.
>>
>
> I looked into having separate ocontext structs but that would involve
> changing a lot of files making the patch much larger and more intrusive.
>
>>> } u;
>>> union {
>>> uint32_t sclass; /* security class for genfs */
>>> @@ -313,6 +323,17 @@ typedef struct genfs {
>>> #define OCON_NODE6 6 /* IPv6 nodes */
>>> #define OCON_NUM 7
>>>
>>> +/* object context array indices for Xen */
>>> +#define OCON_ISID 0 /* initial SIDs */
>>> +#define OCON_PIRQ 1 /* physical irqs */
>>> +#define OCON_IOPORT 2 /* io ports */
>>> +#define OCON_IOMEM 3 /* io memory */
>>> +#define OCON_DEVICE 4 /* pci devices */
>>> +#define OCON_DUMMY1 5 /* reserved */
>>> +#define OCON_DUMMY2 6 /* reserved */
>>> +#define OCON_NUM 7
>>> +
>>> +
>>>
>> Should these be namespaced? What if<random other system> has io port
>> objects? You'd have to align them with each other and you have a mess of
>> keeping the numbers the same (you already do this with OCON_ISID)
>
> Variables have been namespaced and there is no more overlap with
> OCON_ISID.
>
>> Also we are relying on having the same number of OCON's which isn't good
>> I don't think. As much as I hate the policydb_compat_info (read: alot)
>> why aren't we using that to say how many ocons a xen policy really has?
>
> OCON_NUM is now dynamically read through policydb_compat_info.
>
>
>> This is messy, why not an ocontext_selinux_free() and
>> ocontext_xen_free() (note: I realize the xen_free() one won't do
>> anything except freep the ocontext_t)
>>
>
> done.
>
>>> len = buf[1];
>>> - if (len != strlen(target_str)&&
>>> - (!alt_target_str || len != strlen(alt_target_str))) {
>>> - ERR(fp->handle, "policydb string length %zu does not match "
>>> - "expected length %zu", len, strlen(target_str));
>>> + if (len> 32) {
>>>
>> magic number 32?
>
> #defined.
>
> Thanks for your input. Below is the updated patch for libsepol.
>
Acked-by: Joshua Brindle <method@manicmethod.com>
for the entire patchset with the following diff on top:
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 76d8ed3..e76bb1a 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -100,8 +100,8 @@ unsigned int policyvers = POLICYDB_VERSION_MAX;
void usage(char *progname)
{
printf
- ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M]"
- "[-c policyvers (%d-%d)] [-o output_file] [-t platform]"
+ ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject)] [-M]"
+ "[-c policyvers (%d-%d)] [-o output_file] [-t target_platform (selinux,xen)]"
"[input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| 79d10a8f9889ce0458ff0592ccaf83b273608eb2 |
|
29-Sep-2009 |
Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> |
checkpolicy: Add support for multiple target OSes
Updated patch of checkpolicy based on input.
On Tue, 2009-09-15 at 12:37 -0400, pjnuzzi wrote:
> Add support for multiple target OSes by adding the -t target option to
> checkpolicy. Implemented the new Xen ocontext identifiers pirqcon,
> pcidevicecon, iomemcon and ioportcon.
>
> Signed-off-by: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
>
> ---
checkpolicy/checkpolicy.c | 20 ++-
checkpolicy/policy_define.c | 272
++++++++++++++++++++++++++++++++++++++++++++
checkpolicy/policy_define.h | 4
checkpolicy/policy_parse.y | 29 ++++
checkpolicy/policy_scan.l | 10 +
5 files changed, 330 insertions(+), 5 deletions(-)
Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/checkpolicy/checkpolicy.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/checkpolicy/checkpolicy.c
|