c046d974c5513c5bc1c29f964177e2fac4004544 |
|
19-Mar-2015 |
Thomas Hurd <thurd@tresys.com> |
libsepol: bool_copy_callback set state on creation Boolean states are only written on a declaration. If a module is turned off which includes a tunable declaration that is required in another module, the state is never set. This patch sets the state when the booldatum is created so that an uninitialized memory read does not occur in cond_write_bool and write garbage to the link binary. This can cause a failure in cond_read_bool when running semodule_expand. Signed-off-by: Thomas Hurd <thurd@tresys.com>
/external/selinux/libsepol/src/link.c
|
ed7a6ba24ad3241e696fa7bc9bb56bb4f373147b |
|
16-Dec-2014 |
dcashman <dcashman@google.com> |
Allow libsepol C++ static library on device. Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
14c0564641e6c8be386f117c2b0f09434121226f |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol: fix most gcc -Wwrite-strings warnings gcc puts literal strings lie in read-only memory. On x86_64, trying to write to them triggers a segmentation fault. To detect such issues at build time, variables holding a pointer to such strings should be "const char*". "gcc -Wwrite-strings" warns when using non-const pointers to literal strings. Remove gcc warnings by adding const to local variables and argumens of internal functions. This does *not* fix this warning: policydb_public.c:208:10: warning: passing argument 2 of 'hashtab_search' discards 'const' qualifier from pointer target type return (hashtab_search(p->p.p_classes.table, PACKET_CLASS_NAME) == ^ In file included from ../include/sepol/policydb/symtab.h:16:0, from ../include/sepol/policydb/policydb.h:60, from policydb_public.c:4: ../include/sepol/policydb/hashtab.h:98:24: note: expected 'hashtab_key_t' but argument is of type 'const char *' extern hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t k); ^ Moreover the "const" word in hashtab_search prototype does not make the second parameter "const char*" but "char* const". Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
a80a48cb1907162b1fce8f0af38d062fca39a635 |
|
24-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix for binary policy modules. They do not retain the neverallow source information so we must not assume that source_filename is set. Either need a new binary module format if we want to propagate this information for modular builds or get rid of binary modules. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
ef24ade029329a6e9981bd1de2ba7b9ea48e1c79 |
|
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Report source file and line information for neverallow failures. Change-Id: I0def97a5f2f6097e2dad7bcd5395b8fa740d7073 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
92788715dc793f805b0ae56844216b844a34ea22 |
|
10-Jan-2013 |
Alice Chu <alice.chu@sta.samsung.com> |
libsepol: Fix memory leak issues found by Klocwork Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsepol/src/link.c
|
693f5241fdd5ae7e89d4312b85443c0fc1b1a57d |
|
18-Dec-2012 |
Eric Paris <eparis@redhat.com> |
checkpolicy: libsepol: implement default type policy syntax We currently have a mechanism in which the default user, role, and range can be picked up from the source or the target object. This implements the same thing for types. The kernel will override this with type transition rules and similar. This is just the default if nothing specific is given. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7 |
|
11-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libsepol: coverity fixes Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
09c783c9a36cd47216df827c5d2c21ec8cd613e2 |
|
05-Dec-2011 |
Eric Paris <eparis@redhat.com> |
libsepol: checkpolicy: implement new default labeling behaviors We would like to be able to say that the user, role, or range of a newly created object should be based on the user, role, or range of either the source or the target of the creation operation. aka, for a new file this could be the user of the creating process or the user or the parent directory. This patch implements the new language and the policydb support to give this information to the kernel. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
d9d583759595e522a0ebfb56f74ee2a274d48d19 |
|
01-Sep-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
libsepol: Copy and check the cond_bool_datum_t.flags during link. Copy the TUNABLE flag for cond_bool_datum_t during link, and check if there is a mismatch between boolean/tunable declaration and usage among modules. If this is the case, bail out with errors. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
c3f5d75c3234ea2b03c7eba9eb18b550efcc1605 |
|
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Support adding one role attribute into another. When the link process is completed, the types type_set_t and roles ebitmap in a role attribute are settled, then we could go on to scan all role attributes in the base->p_roles.table checking if any non-zero bit in its roles ebitmap is indeed another role attribute. If this is the case, then we need to escalate the roles ebitmap of the sub role attribute into that of the parent, and remove the sub role attribute from parent's roles ebitmap. Since sub-attribute's roles ebitmap may further contain other role attributes, we need to re-scan the updated parent's roles ebitmap. Also if a loop dependency is detected, no escalation of sub-attribute's roles ebitmap is needed. Note, although in the link stage all role identifiers defined in any block/decl of any module would be copied into the base->p_roles.table, the role-attribute relationships could still be recorded in the decl's local symtab[SYM_ROLES] table(see get_local_role()), so before all above escalation of sub role attribute's roles ebitmap into that of parent ever happens, all decl in the base->global list except the global block would have to be traversed so as to populate potential role-attribute relationships from decl up to the base module. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
bff13595230dbd41692a98482ff3323078ae7d03 |
|
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Add role attribute support when linking modules. Make the flavor flag and the roles ebitmap in role_datum_t structure properly handled during module link process: 1. the flavor flag is copied into the base module; 2. if both the current module and the base module have defined or required the same role, check if there is a discrepency in flavor; 3. remap the roles ebitmap and merge into its counterpart in the base module; Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
6eeb71538ea29b639ac7549831cd1aa4da32722a |
|
12-Apr-2011 |
Eric Paris <eparis@redhat.com> |
libsepol: add support for filenametrans rule This patch adds libsepol support for filename_trans rules. These rules allow one to make labeling decisions for new objects based partially on the last path component. They are stored in a list. If we find that the number of rules grows to an significant size I will likely choose to store these in a hash, both in libsepol and in the kernel. But as long as the number of such rules stays small, this should be good. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
6db9b74210197f792a52038abbd10e946e99e49d |
|
25-Mar-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Userspace: handle the class in role_trans_rule Add class support to various functions to handle role_trans_rule_t structures. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
3df79fc5ebf08a35aaa095b2ee3fd24b3ece6ae5 |
|
21-Mar-2009 |
Joshua Brindle <method@manicmethod.com> |
Author: Joshua Brindle Email: method@manicmethod.com Subject: libsepol: fix boolean state smashing Date: Wed, 18 Mar 2009 10:47:34 -0400 If a boolean is encountered in a require block before the place where it is declared it currently gets created with the state set to false no matter what the declared state was. This only affects booleans in modules where the boolean was also required in another module. Patch below: Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libsepol/src/link.c
|
f470207454f5f6ce539aa543e5168a07d667254b |
|
08-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: KaiGai Kohei Email: kaigai@ak.jp.nec.com Subject: Thread/Child-Domain Assignment (rev.6) Date: Tue, 07 Oct 2008 15:39:45 +0900 >> Hmm.... >> It seems to me what you pointed out is a bug of my patch. It prevents to deliver >> actual number of type/attribute symbols to policy file, but it is unclear why does >> it makes libsepol ignore the policyvers. >> (I guess it may be a separated matter.) >> >>> Rather than trying to calculate the length without attributes I just removed >>> the attribute check. This causes attributes to be written for all versions, >>> but this should not cause any problems at all. >> The reason why I injected such an ad-hoc code is that we cannot decide the policy >> version written when type_attr_remove() is invoked. >> Is it impossible to move it to policydb_write()? >> It is invoked after the policyvers is fixed by caller. > > It isn't impossible. You are going to have to make it walk to type > symbol table to calculate the length without attributes, then write > that length instead of the total symtab length. The attached patch enables to fixup the number of type/attribute entries to be written. The type_attr_uncount() decrements the number of attribute entries skipped at type_write(). At first, I had a plan to invoke type_attr_remove() with hashtab_map_remove_on_error(), but it means the given policydb structure is modified at policydb_write() and implicit changes to external interface. Differences from the previous version are here: Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libsepol/src/link.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsepol/src/link.c
|