| 099223bd1f08ce0bc897f1a9f47852621bc946c9 |
12-Jun-2015 |
Dan Albert <danalbert@google.com> |
Fix -Wreturn-type issues.
--089e013a1a2abb8ecf0518469d04
Content-Type: text/plain; charset=UTF-8
assert() only prevents -Wreturn-type from firing if asserts are
enabled. Use abort() so we don't do unexpected things even if we use
-UNDEBUG.
<div dir="ltr"><div>assert() only prevents -Wreturn-type from firing if asserts are</div><div>enabled. Use abort() so we don't do unexpected things even if we use</div><div>-UNDEBUG.</div></div>
From b53ad041daa53f511baccc860b6fe6993590aa87 Mon Sep 17 00:00:00 2001
From: Dan Albert <danalbert@google.com>
Date: Wed, 10 Jun 2015 17:01:23 -0700
Subject: [PATCH] Fix -Wreturn-type issues.
To: selinux@tycho.nsa.gov
Cc: nnk@google.com,
sds@tycho.nsa.gov
assert() only prevents -Wreturn-type from firing if asserts are
enabled. Use abort() so we don't do unexpected things even if we use
-UNDEBUG.
(cherry picked from commit 93b2e5fa0763425f950598442a91fcab9314094b)
Change-Id: I271a0d10470a4479f81402a8bedd68a3e24d9466
odule_compiler.c
|
| 1670cb6aa53ae0954c0e896607434f6f0d2abc51 |
13-May-2015 |
Jeffrey Vander Stoep <jeffv@google.com> |
Merge "Update checkpolicy ChangeLog." into mnc-dev
|
| 15ccea779b0c4502143572dd2672e0193f08f271 |
28-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update checkpolicy ChangeLog.
(cherry picked from commit 34e196c3c2ed894084e79cb2a237d1a1cbcd7eed)
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| 553fab17e0a5489e95e858e156abff27c238089e |
28-Apr-2015 |
Jeff Vander Stoep <jeffv@google.com> |
dispol: display operations as ranges
Displays operations ranges more concisely. E.g.
{ 0x8901-0x8930 }
instead of
{ 0x8901 0x8902 0x8903 0x8904 80x8905 0x0806 ... 0x8930 }
(cherry picked from commit 7f1ec68362a36f1a63350295f2f9f7f420a55996)
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
est/dispol.c
|
| 11f2e159f616a4a79e51a896ae132eedf11453b1 |
23-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| 6dafd3ded969e66d56586fe49754db3d6f3bd38c |
23-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
dispol: Extend to display operations.
Also drop expanding of rules; just display the rules in their
original form. I think expansion was a relic of an older policy
version where we did not preserve attributes in the kernel policy.
In any event, it seems more useful to display the rules unmodified.
Change-Id: I85095a35cfb48138cd9cf01cde6dd0330e342c61
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
est/dispol.c
|
| a2ceeba03c11523c05655d8a13cca462f0f7b607 |
23-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libsepol and checkpolicy ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| 80bc7ee8faaddfa7a650994fa82a57f41a9e7475 |
22-Apr-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Add support for ioctl command whitelisting
Adds support for new policy statements whitelisting individual ioctl
commands. Ioctls provide many of the operations necessary for driver control.
The typical driver supports a device specific set of operations accessible
by the ioctl system call and specified by the command argument. SELinux
provides per operation access control to many system operations e.g. chown,
kill, setuid, ipc_lock, etc. Ioclts on the other hand are granted on a per
file descriptor basis using the ioctl permission, meaning that the set of
operations provided by the driver are granted on an all-or-nothing basis.
In some cases this may be acceptable, but often the same driver provides a
large and diverse set of operations such as benign and necessary functionality
as well as dangerous capabilities or access to system information that should
be restricted.
Example policy:
allow <source> <target>:<class> { 0x8900-0x8905 0x8910 }
auditallow <source> <target>:<class> 0x8901
The ioctl permission is still required in order to make an ioctl call. If no
individual ioctl commands are specified, only the ioctl permission is
checked by the kernel - i.e. status quo. This allows ioctl whitelisting to
done in a targeted manner, protecting desired drivers without requiring every
ioctl command to be known and specified before use and otherwise allowing
existing policy to be used as-is.
This only implements ioctl whitelisting support for monolithic kernel policies
built via checkpolicy. Support for modules and CIL remains to be done.
Bug: 19419509
Change-Id: I198e8c9279b94d8ce4ae5625018daa99577ee970
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
olicy_define.c
olicy_define.h
olicy_parse.y
|
| c0064fb732ed83b364c75d012aebcb0b1ac392a6 |
02-Apr-2015 |
James Carter <jwcart2@tycho.nsa.gov> |
Update ChangeLogs.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
hangeLog
|
| b1d94562953947f85fd79f20bc4477aa5e01e2c4 |
01-Apr-2015 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Add support for generating CIL
Add support to checkpolicy and checkmodule for generating CIL as their
output.
Add new options "-C" and "--cil" to specify CIL as the output format.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
heckmodule.8
heckmodule.c
heckpolicy.8
heckpolicy.c
|
| 3057bcf6a012fff3ef86e05e6f5065138898d649 |
18-Mar-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| f0290677091e7eee4a3724a2a86ede9e11f93802 |
17-Mar-2015 |
Daniel De Graaf <dgdegra@tycho.nsa.gov> |
libsepol, checkpolicy: add device tree ocontext nodes to Xen policy
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
|
| 82030de5dc8d08a9417842156293c65fef9dc70c |
17-Mar-2015 |
Daniel De Graaf <dgdegra@tycho.nsa.gov> |
libsepol, checkpolicy: widen Xen IOMEM ocontext entries
This expands IOMEMCON device context entries to 64 bits. This change is
required to support static I/O memory range labeling for systems with
over 16TB of physical address space. The policy version number change
is shared with the next patch.
While this makes no changes to SELinux policy, a new SELinux policy
compatibility entry was added in order to avoid breaking compilation of
an SELinux policy without explicitly specifying the policy version.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
olicy_define.c
olicy_define.h
olicy_parse.y
|
| aab2d9f904bf34fdeb6037a76083ce79392c9a82 |
17-Mar-2015 |
Daniel De Graaf <dgdegra@tycho.nsa.gov> |
checkpolicy: Expand allowed character set in paths
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
olicy_parse.y
olicy_scan.l
|
| 93e557cab6deeec09a9dc3294dba2a830ce27587 |
10-Mar-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| 560af476b89b30410b64e53f78d6d16ce462561d |
10-Mar-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
checkpolicy: Fix precedence between number and filesystem tokens.
When the FILESYSTEM token was added to support filesystem names that
start with a digit (e.g. 9p), it was given higher precedence than
NUMBER and therefore all values specified in hex (with 0x prefix)
in policy will incorrectly match FILESYSTEM and yield a syntax error.
This breaks use of iomem ranges in Xen policy and will break ioctl
command ranges in a future SELinux policy version. Switch the
precedence. This does mean that you cannot currently have a filesystem
with a name that happens to be 0x followed by a hexval but hopefully
that isn't an issue.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
olicy_scan.l
|
| 68ed273fde09e9ab24761373567d91f461d246cc |
26-Feb-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| 0551fb1080249d89811c888f4f09f1ae49bb4bc6 |
26-Feb-2015 |
Emre Can Kucukoglu <eckucukoglu@gmail.com> |
checkpolicy: fgets function warnings fix for dismod and dispol
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
est/dismod.c
est/dispol.c
|
| f0c9966f881211dcde89cfcad93f0360a71f959a |
02-Feb-2015 |
Steve Lawrence <slawrence@tresys.com> |
Bump to final release
hangeLog
ERSION
|
| 37b7248edc2eda4176a430db48c30a5477af3d0b |
21-Jan-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| c540479a3630b54837a6e4808a95cd322db1fc1c |
20-Nov-2014 |
Dan Albert <danalbert@google.com> |
Global C++11 compatibility.
Our build system compiles flex/bison as C++ rather than C, but a few
projects add `-x c` to their flags, forcing the compiler to compile
them as C. This causes the compiler to reject the global C++ standard
flag, so we need to explicitly provide a C standard flag to override
it.
Bug: 18466763
Change-Id: I49a6aeecf4abc563bd77127778b6d214e3851037
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
|
| 3f121151ca752c6a3e74cc6e9e9c8aa42e2e4af4 |
20-Jan-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libsepol and checkpolicy ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| ed7a6ba24ad3241e696fa7bc9bb56bb4f373147b |
16-Dec-2014 |
dcashman <dcashman@google.com> |
Allow libsepol C++ static library on device.
Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
olicy_define.c
est/dismod.c
|
| b1bbd3030be095b5e5c49c6f899ed8071fb05f30 |
10-Dec-2014 |
Dan Albert <danalbert@google.com> |
Clear errno before call to strtol(3).
Since strtol(3) doesn't clear errno on success, anything that sets
errno prior to this call will make it look like the call failed. This
happens when built with ASAN.
Signed-off-by: Dan Albert <danalbert@google.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
heckpolicy.c
|
| 823ebc8c6b89cb6531fcd943ddb8059bd8743dd9 |
02-Dec-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 7
hangeLog
ERSION
|
| 07e75a9cc711b46e4c691defbb570624d2c5b2d7 |
12-Nov-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 6
hangeLog
ERSION
|
| d1db56c52bf35039f37e809ae74052c484158874 |
29-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 5
hangeLog
ERSION
|
| 6280387034812da544cd8b13dbdc91078af7d731 |
06-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump to release candidate 4
hangeLog
ERSION
|
| ff5bbe6dcf79fc074b1379bed5cc5fdb32ede8aa |
01-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump VERSION/ChangeLog for release candidate 3
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
| 387dc6342e72c63817695bfc3324173b28f9ca78 |
18-Sep-2014 |
Scapelli <steven.capelli@hotmail.it> |
Add missing semicolon to parser rule "cond_else"
Acked-by: Steve Lawrence <slawrence@tresys.com>
olicy_parse.y
|
| 5af8c5adb274cc45d3a41ce9b1ab2c7573463d74 |
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix gcc -Wunused-variable warnings
Add __attribute__ ((unused)) to unused function parameters.
Acked-by: Steve Lawrence <slawrence@tresys.com>
heckpolicy.c
odule_compiler.c
olicy_define.c
|
| c4a4a1a7ed42c167a7d4bae06a1fffa8c6c9cb8d |
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter". Use (void) instead where applicable and add unused
parameters when needed.
Acked-by: Steve Lawrence <slawrence@tresys.com>
heckpolicy.c
olicy_parse.y
olicy_scan.l
est/dismod.c
est/dispol.c
|
| 7dcb7a594698124940d148f00f85be90c6757d7f |
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
heckmodule.c
heckpolicy.c
olicy_define.c
olicy_define.h
est/dismod.c
est/dispol.c
|
| 581d3eb1281f7c970376649f5027df012269935a |
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix gcc -Wsign-compare warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
heckpolicy.c
odule_compiler.c
olicy_define.c
|
| 832e7017f881f0a66e24170b7a2ff1cd9b113239 |
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: constify the message written by yyerror and yywarn
Acked-by: Steve Lawrence <slawrence@tresys.com>
odule_compiler.c
olicy_define.c
olicy_parse.y
olicy_scan.l
|
| 8db96d0cb4feb1323488a5e04a3d4623ba22ffce |
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: add printf format attribute to relevant functions
Once __attribute__ ((format(printf, 1, 2))) is added to yyerror2,
"gcc -Wformat -Wformat-security" shows some issues. Fix them.
Acked-by: Steve Lawrence <slawrence@tresys.com>
odule_compiler.c
olicy_define.c
|
| 8f9d3a7c95249116473b8d9d56f0a040e231a83c |
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Fix typos in ChangeLog and Versions
hangeLog
ERSION
|
| 79fd2d06abf2e6e4e566e5fc57ae7a44e0b5dc7e |
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Bump versions and update ChangeLog
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
| 1e6482134b9dc2e4480a1cecaf1d366c9d42b0e7 |
06-May-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Bump version and update ChangeLog for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
| 53e1304103b758640bb62b2434ff6eaec0fac8ba |
08-Apr-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Add support for building dispol program.
This is a program for displaying the contents of a binary policy file.
Change-Id: Iba94d6b13ac1abbc084da5631dc2bf4107e548d1
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
ndroid.mk
|
| 35b3c259a7770538b4fd702007f726ef93f155a3 |
25-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
2.3-rc1 (release candidate 1).
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
| 84c9c828a0e40370057a9dc62c722ec248f72b55 |
24-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update ChangeLogs.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| e91b5d2ad050043519f6d8a95e4102f93458269b |
11-Mar-2014 |
Nick Kralevich <nnk@google.com> |
Maybe fix darwin compile error.
external/checkpolicy/policy_define.c:63: error: 'PATH_MAX' undeclared here (not in a function)
[deleted]
make: *** [out/host/darwin-x86/obj/EXECUTABLES/checkpolicy_intermediates/policy_define.o] Error 1
make: *** Waiting for unfinished jobs....
Change-Id: If3795c7e62ed0d685ad07047f46014f77b87b4a8
olicy_define.c
|
| 0e00684f695ea503ef06ff52861d7772acf9ef40 |
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Report source file and line information for neverallow failures.
Change-Id: I0def97a5f2f6097e2dad7bcd5395b8fa740d7073
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
olicy_define.c
olicy_scan.l
|
| 8c5171d76e47756cc19af793638990aa41971454 |
20-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update checkpolicy/ChangeLog.
hangeLog
|
| bfb806120a0c973ba89f9070d499510216eb8409 |
20-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Prevent incompatible option combinations.
checkmodule -m and -b are fundamentally incompatible with each other,
so reject attempts to use them together.
Resolves
https://bugzilla.redhat.com/show_bug.cgi?id=1064603
Also fix the error message for -m with -U to use stderr.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
heckmodule.c
|
| 2001fa0e9d00655aa7e335a24144157b606f3552 |
20-Feb-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
dismod and dispol do not use libselinux.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
est/Makefile
|
| 534f5a74bb96ef66e7a7a13da827915d6d9360c0 |
06-Nov-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update libsepol and checkpolicy ChangeLog.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
|
| ab9cbb1f8ef92f1db9dfac2ca7354acaf01fde83 |
03-Nov-2013 |
Richard Haines <richard_c_haines@btinternet.com> |
checkpolicy: Add debug feature to display constraints / validatetrans
Allow mls/constraint mls/validatetrans constraints to be displayed
in debug mode. If POLICY_KERN version is >=
POLICYDB_VERSION_CONSTRAINT_NAMES then the policy defined
types/attributes will be returned.
Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
heckpolicy.c
|
| 7c4bb77999e6fab77547feb404a032ecc917e1b6 |
30-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Version bump for release.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
| a08010023b9fe66e8df5c187a53d93bfb0f2b939 |
25-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Update ChangeLogs and bump VERSIONs to an intermediate value.
2.1.99 is just a placeholder to distinguish it from the prior release.
2.2 will be the released version. Switching to 2-component versions.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
hangeLog
ERSION
|
| f458b7607618ad3d95568b595065c745c3c69022 |
24-Oct-2013 |
Stephen Smalley <sds@tycho.nsa.gov> |
Merge branch 'fedora' into master-merge
Conflicts:
libselinux/src/Makefile
libselinux/src/selinux_config.c
policycoreutils/audit2allow/audit2allow.1
policycoreutils/scripts/fixfiles.8
policycoreutils/semanage/semanage.8
policycoreutils/sepolicy/Makefile
policycoreutils/sepolicy/sepolicy/transition.py
policycoreutils/setsebool/setsebool.8
|
| 2540b20096bed9a4f2581548ad37c3dae8654512 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Laurent Bigonville patch to fix various minor manpage issues and correct section numbering.
heckmodule.8
heckpolicy.8
|
| 4d2dd334114d12623c1249fc07463714b6151873 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Allow " " and ":" in file name transtions
We have added a couple of file name transtitions that required a space and a colon.
olicy_scan.l
|
| f44a218e5c565d88cb7391ad059aba9547b8b73f |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
handle-unknown should be an optional argument
heckpolicy.c
|
| a8b3340288cb5252b2a8844e4892c066d5b8fdf5 |
09-Oct-2013 |
Dan Walsh <dwalsh@redhat.com> |
Laurent Bigonville patch to allow overriding PATH Definitions in Makefiles
est/Makefile
|
| f6a03f1a3c5a545c1c3fd2914feb78b84d8012ae |
06-Jul-2013 |
Laurent Bigonville <bigon@bigon.be> |
--handle-unknown option takes a required argument
Fix a segmentation fault if the --handle-unknown option was set without
arguments.
Thanks to Alexandre Rebert and his team at Carnegie Mellon University
for detecting this crash.
heckmodule.c
heckpolicy.c
|
| f074bb337cce1c4421b61a1e45672093a9a41e09 |
10-May-2013 |
Laurent Bigonville <bigon@bigon.be> |
checkpolicy: Fix cases where hyphen were used as minus sign in manpages
heckmodule.8
heckpolicy.8
|
| c78d729fc9ac5b27c7a723ae884cb112aff31d9e |
10-May-2013 |
Laurent Bigonville <bigon@bigon.be> |
checkpolicy: Allow overriding LIBDIR in test/Makefile
est/Makefile
|
| e9410c9b0622c05761002994dfbd0746bbe6aaf7 |
01-Feb-2013 |
Eric Paris <eparis@redhat.com> |
VERSION BUMP FOR UPSTREAM PUSH
hangeLog
ERSION
|
| ab995a59b2a91750a47920d9fe2cecc5bbb61b03 |
09-Jan-2013 |
Alice Chu <alice.chu@sta.samsung.com> |
checkpolicy: Free allocated memory when clean up / exit.
Number of error paths and failures do not clean up memory. Try to make
it better.
Signed-off-by: Eric Paris <eparis@redhat.com>
olicy_define.c
|
| 693f5241fdd5ae7e89d4312b85443c0fc1b1a57d |
18-Dec-2012 |
Eric Paris <eparis@redhat.com> |
checkpolicy: libsepol: implement default type policy syntax
We currently have a mechanism in which the default user, role, and range
can be picked up from the source or the target object. This implements
the same thing for types. The kernel will override this with type
transition rules and similar. This is just the default if nothing
specific is given.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
|
| c27a54775d42025e2249c8ee5e3a56ca38859661 |
29-Nov-2012 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: Fix errors found by coverity
Couple of memory leaks and a couple of dead code spots.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_define.c
est/dismod.c
|
| 8638197342f77d66b3e21ee93009060886020064 |
13-Sep-2012 |
Eric Paris <eparis@redhat.com> |
Version bumps for upstream push
hangeLog
ERSION
|
| 873c1766510f82481beb83a07fdf03235d4f4dfe |
03-Jul-2012 |
Eric Paris <eparis@redhat.com> |
checkpolicy: check return code on ebitmap_set_bit
This can fail due to ENOMEM. Check and return code and return error if
necessary.
Signed-off-by: Eric Paris <eparis@redhat.com>
olicy_define.c
|
| 87e8d46f2934d2d5591b44b29f308adb93f4b128 |
03-Jul-2012 |
Eric Paris <eparis@redhat.com> |
policycoreutils: checkmodule: fd leak reading policy
We never closed the fd to the policy file. Close this fd as soon as we
are finished with it.
Signed-off-by: Eric Paris <eparis@redhat.com>
heckmodule.c
|
| f05a71b92d94771ed976a7c74e5fa378d02b590b |
28-Jun-2012 |
Eric Paris <eparis@redhat.com> |
Version bumps for upstream push
hangeLog
ERSION
|
| da752cabb5b25974ef6b45274a59344d594a2130 |
23-Feb-2012 |
Stephen Smalley <sds@tycho.nsa.gov> |
checkpolicy: Android/MacOS X build support
Android/MacOS X build support for checkpolicy.
Create a Android.mk file for Android build integration.
Introduce DARWIN ifdefs for building on MacOS X.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
ndroid.mk
heckpolicy.c
olicy_define.c
olicy_scan.l
|
| 0eed03e7561a979dfd29201180a201a911ac51a6 |
04-Apr-2012 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: sepolgen: We need to support files that have a + in them
Filenames can have a +, so we should be able to parse and handle those
files.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_scan.l
|
| 7a86fe1a3decc4c05598eb3f9339175251cd5447 |
28-Mar-2012 |
Eric Paris <eparis@redhat.com> |
bump version and changelog for upstream push
hangeLog
ERSION
|
| 18e3a8d3966f6974d2ac83904890ad00dd6c6b28 |
16-Jan-2012 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: libselinux: Fix dead links to www.nsa.gov/selinux
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
heckmodule.8
heckpolicy.8
|
| 09c783c9a36cd47216df827c5d2c21ec8cd613e2 |
05-Dec-2011 |
Eric Paris <eparis@redhat.com> |
libsepol: checkpolicy: implement new default labeling behaviors
We would like to be able to say that the user, role, or range of a newly
created object should be based on the user, role, or range of either the
source or the target of the creation operation. aka, for a new file
this could be the user of the creating process or the user or the parent
directory. This patch implements the new language and the policydb
support to give this information to the kernel.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
|
| 339f8079d7b9dd1e0b0138e2d096dc7c60b2092e |
21-Dec-2011 |
Eric Paris <eparis@redhat.com> |
update VERSION and Changelog for public push
hangeLog
ERSION
|
| b39e8cab3c8d635a0fd0c3f67e6ecd0b0aff71f9 |
05-Dec-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: add new helper to translate class sets into bitmaps
We use the exact same logic a bunch of places in policy_define.c to
translate a class set into a bitmap. Make this into a helper function.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_define.c
|
| d65c02f066fe8590fb5b5ea7479e47fde06eeb36 |
05-Dec-2011 |
Eric Paris <eparis@redhat.com> |
bump version and changelog
hangeLog
ERSION
|
| b6ccfd7c9135109f3876c067c314f03bd67cbc39 |
14-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: allow ~ in filename transition rules
We found that we wanted a filename transition rule for ld.so.cache~
however ~ was not a valid character in a filename.
Fix-from: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_scan.l
|
| f00d41574779ef2f91ffc089d29f12f183f7d205 |
02-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: test: Makefile: include -W and -Werror
Include the same error type options we build everything else with.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
est/Makefile
|
| 58179a99884b54537ee5b367abdd4c3918198501 |
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: dismod: fix unused parameter errors
Either by dropping the parameter or marking it as unused depending on
what works. We can't redefine hashtab_map callbacks as they must take all
three options, so just mark those unused.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
est/dismod.c
|
| 44d8a2fed985858669d415ebe028d71768dd6652 |
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: dis* fixed signed vs unsigned errors
A number of places we used unsigned variables and compared them against
signed variables. This patch makes everything unsigned.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
est/dismod.c
est/dispol.c
|
| 14e4b70b933a330fc1e63bf0ac5ebab4f9664062 |
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
Bump Version and Changelog for commit
hangeLog
ERSION
|
| 1d274aca2dca306d7dd6e37d81e54e278d175a9d |
31-Oct-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: drop libsepol dynamic link in checkpolicy
Checkpolicy was using the static link to libsepol, but also defining a
dynamic link (that wasn't needed). This confuses gdb. Drop the dynamic
link request.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
est/Makefile
|
| fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65 |
02-Nov-2011 |
Eric Paris <eparis@redhat.com> |
Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"
This reverts commit d72a9ec825ef2a8723510f62292cf2adfd4a2a6c. It should
never have been added. It breaks the correct wrapping of filenames in "
olicy_parse.y
olicy_scan.l
|
| 418dbc70e8e7b6b313a0a23455d24256c6807a46 |
16-Sep-2011 |
Eric Paris <eparis@redhat.com> |
Bump version and changelog for all components.
hangeLog
ERSION
|
| 80f26c5ee865993264ef638480c6a05ab574f7c0 |
01-Sep-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
checkpolicy: Separate tunable from boolean during compile.
Both boolean and tunable keywords are processed by define_bool_tunable(),
argument 0 and 1 would be passed for boolean and tunable respectively.
For tunable, a TUNABLE flag would be set in cond_bool_datum_t.flags.
Note, when creating an if-else conditional we can not know if the
tunable identifier is indeed a tunable(for example, a boolean may be
misused in tunable_policy() or vice versa), thus the TUNABLE flag
for cond_node_t would be calculated and used in expansion when all
booleans/tunables copied during link.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
odule_compiler.c
odule_compiler.h
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
|
| 1f8cf403be49dd8b918e2ff21969a6a47928d672 |
26-Aug-2011 |
Eric Paris <eparis@redhat.com> |
update changelog and versions for 2011-08-26
hangeLog
ERSION
|
| e759841c08eb97bf7c8f7cd3197fe7758cd4cba6 |
18-Aug-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: fix spacing in output message
The output formatting had two items crammed together without a space.
Add a space.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
est/dispol.c
|
| 6b6b475dcfe77dbf3d37b4f6e4fee3539346f359 |
17-Aug-2011 |
Eric Paris <eparis@redhat.com> |
update changelog and VERSION for latest changes
hangeLog
ERSION
|
| 5619635063741e1c8c9cf53a8746dd29be0cda79 |
09-Aug-2011 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: add missing ; to attribute_role_def
The commit to add role attributes forgot a ; in policy_parse.y for
attribute_role_def. Add the missing ;
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_parse.y
|
| d72a9ec825ef2a8723510f62292cf2adfd4a2a6c |
12-Apr-2011 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: Redo filename/filesystem syntax to support filename trans rules
In order to support filenames, which might start with "." or filesystems
that start with a number we need to rework the matching rules a little
bit. Since the new filename rule is so permissive it must be moved to
the bottom of the matching list to not cover other definitions.
Signed-of-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
olicy_parse.y
olicy_scan.l
|
| 78b4b56857145367256ece69b78c89146e1a423d |
02-Aug-2011 |
Eric Paris <eparis@redhat.com> |
Made updates to checkpolicy libselinux and policycoreutils so update
version and changelogs
Signed-off-by: Eric Paris <eparis@redhat.com>
hangeLog
ERSION
|
| 2f921b58324c76fb4d45df60842d7074d8407add |
14-Jul-2010 |
Jason Axelson <jaxelson@referentia.com> |
checkmodule: Add note to checkmodule man page about old versions
Note that you cannot build a module with an older policy version.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
heckmodule.8
|
| bbad2cb655ba444e088cbbfc5e841214d15054dd |
20-Apr-2011 |
Eric Paris <eparis@redhat.com> |
Repo: update .gitignore
update .gitignore to include files that are normally created when
working and building inside the git repo
Sigend-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
gitignore
est/.gitignore
|
| aec2e0265cabe74730d8950aae21be31f632337f |
20-Apr-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: dispol: print role transition rules
There was no way to print all of the role transition rules in dispol.
Add that support.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
est/dispol.c
|
| 510003b63f3abd3039b1d154cab24fc13be0c581 |
01-Aug-2011 |
Eric Paris <eparis@redhat.com> |
Minor version bump for updates as of 2011-08-01
checkpolicy
libselinux
libsemanage
libsepol
policycoreutils
Signed-off-by: Eric Paris <eparis@redhat.com>
hangeLog
ERSION
|
| f1b004bf7d2453bda1a8076270f5c56b7ad90f56 |
20-Apr-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: fix dispol/dismod display for filename trans rules
The formatting of dismod/dispol display of filename trans rules didn't
make a lot of sense. Make them more like the original rules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
est/dismod.c
est/dispol.c
|
| 44121f662411dbc17bf2e196911c655ee6969d59 |
26-Jul-2011 |
Steve Lawrence <slawrence@tresys.com> |
Minor version bump for release
Bump checkpolicy to 2.1.0
Bump libselinux to 2.1.0
Bump libsepol to 2.1.0
Bump libsemanage to 2.1.0
Bump policycoreutils to 2.1.0
Bump sepolgen to 1.1.0
hangeLog
ERSION
|
| 5050408bf1de9d5ea4e11467621fd687ea899ac3 |
25-Jul-2011 |
Steve Lawrence <slawrence@tresys.com> |
Revision version bump
Bump checkpolicy to 2.0.26
Bump libsepol to 2.0.46
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
| c3f5d75c3234ea2b03c7eba9eb18b550efcc1605 |
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Support adding one role attribute into another.
When the link process is completed, the types type_set_t and roles
ebitmap in a role attribute are settled, then we could go on to scan
all role attributes in the base->p_roles.table checking if any non-zero
bit in its roles ebitmap is indeed another role attribute.
If this is the case, then we need to escalate the roles ebitmap of
the sub role attribute into that of the parent, and remove the sub role
attribute from parent's roles ebitmap.
Since sub-attribute's roles ebitmap may further contain other role
attributes, we need to re-scan the updated parent's roles ebitmap.
Also if a loop dependency is detected, no escalation of sub-attribute's
roles ebitmap is needed.
Note, although in the link stage all role identifiers defined in any
block/decl of any module would be copied into the base->p_roles.table,
the role-attribute relationships could still be recorded in the decl's
local symtab[SYM_ROLES] table(see get_local_role()), so before all above
escalation of sub role attribute's roles ebitmap into that of parent ever
happens, all decl in the base->global list except the global block would
have to be traversed so as to populate potential role-attribute
relationships from decl up to the base module.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_define.c
|
| 3592ebea1a5beb390a520c09747d3699867af9de |
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Add role attribute support when expanding role_set_t.
When the rolemap and pointer to the base module are available, if
a non-zero bit in role_set_t.roles is a role attribute, expand it
before remap.
Note, during module compile the rolemap may not be available, the
potential duplicates of a regular role and the role attribute that
the regular role belongs to could be properly handled by
copy_role_allow() and copy_role_trans() during module expansion.
Take advantage of the role_val_to_struct[] of the base module, since
when role_set_expand() is invoked, the role_val_to_struct[] of the
out module may have not been established yet.
Also cleanup the error handling of role_set_expand().
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_define.c
|
| 16675b7f96b7a61ac64180b1824ec04984b72b3b |
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Add role attribute support when compiling modules.
1. Add a uint32_t "flavor" field and an ebitmap "roles" to the
role_datum_t structure;
2. Add a new "attribute_role" statement and its handler to declare
a role attribute;
3. Modify declare_role() to setup role_datum_t.flavor according
to the isattr argument;
4. Add a new "roleattribute" rule and its handler, which will record
the regular role's (policy value - 1) into the role attribute's
role_datum_t.roles ebitmap;
5. Modify the syntax for the role-types rule only to define the
role-type associations;
6. Add a new role-attr rule to support the declaration of a single
role, and optionally the role attribute that the role belongs to;
7. Check if the new_role used in role-transition rule is a regular role;
8. Support to require a role attribute;
9. Modify symtab_insert() to allow multiple declarations only for
the regular role, while a role attribute can't be declared more than once
and can't share a same name with another regular role.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
odule_compiler.c
odule_compiler.h
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
|
| 0acd0eae51089f01b814c5473afbcfe8b0f26d47 |
16-May-2011 |
Steve Lawrence <slawrence@tresys.com> |
Revision version bump
Bump checkpolicy to 2.0.26
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
| 17ac87ce8374ee635062ee0d9c4176231d3a87bc |
12-Jan-2011 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Allow filesystem names to start with a digit
The patch below allows filesystem names in fs_use_* and genfscon
statements to start with a digit, but still requires at least one
character to be a letter. A new token type for filesystem names is
created since these names having nothing to do with SELinux.
This patch is needed because some filesystem names (such as 9p) start
with a digit.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_parse.y
olicy_scan.l
|
| b42e15ffd5163effe3b2cb910685a5956a00defc |
16-May-2011 |
Steve Lawrence <slawrence@tresys.com> |
checkpolicy: wrap file names in filename trans with quotes
This wraps the filename token in quotes to make parsing easier and more
clear. The quotes are stripped off before being passed to checkpolicy.
The quote wrapping is only used by filename transitions. This changes
the filename transition syntax to the following:
type_transition source target : object default_type "filename";
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_parse.y
olicy_scan.l
|
| cb271f7d4c1957950f4d1197b4973722705fb5b3 |
16-May-2011 |
Steve Lawrence <slawrence@tresys.com> |
Revert "checkpolicy: use a better identifier for filenames"
This reverts commit d4c230386653db49d8e8116b603efcce4423df70.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_parse.y
olicy_scan.l
|
| 2ecb2bfdde598f77dbfdb94c04ade56f65f5a434 |
29-Apr-2011 |
Steve Lawrence <slawrence@tresys.com> |
Revision version bump
Bump checkpolicy to 2.0.25
Bump libsepol to 2.0.45
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
| c61b6934dd7b1c871001c049eddf4a4e57b604e8 |
29-Apr-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
checkpolicy: allow version of single digit
currently policy will not build if I define a module as 1
policy_module(dan,1) Fails
policy_module(dan,1.0) works
The attached patch makes the first one work.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_parse.y
|
| d4c230386653db49d8e8116b603efcce4423df70 |
29-Apr-2011 |
Daniel J Walsh <dwalsh@redhat.com> |
checkpolicy: use a better identifier for filenames
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_parse.y
olicy_scan.l
|
| 516cb2a264448421bff692f47f61e8cf2a74237e |
28-Mar-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: add support for using last path component in type transition rules
This patch adds support for using the last path component as part of the
information in making labeling decisions for new objects. A example
rule looks like so:
type_transition unconfined_t etc_t:file system_conf_t eric;
This rule says if unconfined_t creates a file in a directory labeled
etc_t and the last path component is "eric" (no globbing, no matching
magic, just exact strcmp) it should be labeled system_conf_t.
The kernel and policy representation does not have support for such
rules in conditionals, and thus policy explicitly notes that fact if
such a rule is added to a conditional.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
odule_compiler.c
odule_compiler.h
olicy_define.c
olicy_define.h
olicy_parse.y
est/dismod.c
est/dispol.c
|
| 4ce7d734e8b8b243fc232c93d34690f9fdf67711 |
28-Mar-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: use #define for dismod selections
We just use random numbers to make menu selections. Use #defines and
names that make some sense instead.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
est/dismod.c
|
| c7512cf11cc9c4de2be8381a5fefe2b2d5f4bf5f |
11-Apr-2011 |
Steve Lawrence <slawrence@tresys.com> |
Revision version bump
Bump checkpolicy to 2.0.24
Bump libselinux to 2.0.102
Bump libsepol to 2.0.43
Bump policycoreutils to 2.0.86
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
hangeLog
ERSION
|
| f89d4aca9c9423fe7e0428900cedca0ab60ec70c |
25-Mar-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Userspace: display the class in role_transition rule
Add support to display the class field in the role_transition rule
in the checkpolicy/test/dismod program.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
est/dismod.c
|
| e95f358e3bbe850e5c99f56f8521abe1f5a6210b |
25-Mar-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Userspace: role_transition parser to handle class field
Handle the class field in the role_transition rule. If no class is
specified, then it would be set to the "process" class by default.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
olicy_define.c
olicy_define.h
olicy_parse.y
|
| d17ed0d90d100acb4d270613d12988f909cc1c3f |
16-Dec-2010 |
Chad Sellers <csellers@tresys.com> |
bump checkpolicy to 2.0.23
bump libselinux to 2.0.98
bump libsepol to 2.0.42
bump libsemanage to 2.0.46
Signed-off-by: Chad Sellers <csellers@tresys.com>
hangeLog
ERSION
|
| f997295da3e6377899ca31c05f92819eab7d3ea7 |
08-Dec-2010 |
Justin P. Mattock <justinmattock@gmail.com> |
Author: "Justin P. Mattock"
Email: justinmattock@gmail.com
Subject: checkpolicy Fix error: variable 'newattr' set but not used(and others as well)
Date: Tue, 6 Jul 2010 15:23:28 -0700
The below patch fixes some warning messages Im receiving
with GCC:(in this case some are erros due to -Werror)
policy_define.c: In function 'define_type':
policy_define.c:1216:6: error: variable 'newattr' set but not used
cc1: all warnings being treated as errors
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Chad Sellers <csellers@tresys.com>
olicy_define.c
est/dismod.c
|
| fe19c7a6acf984f20875bbc1c3735e9796fc98ca |
14-Jun-2010 |
Chad Sellers <csellers@tresys.com> |
bump libselinux to 2.0.96 and checkpolicy to 2.0.22
Signed-off-by: Chad Sellers <csellers@tresys.com>
hangeLog
ERSION
|
| 8867e1694fd6ca972581d56c725859fdf87b0e10 |
14-Jun-2010 |
Steve Lawrence <slawrence@tresys.com> |
Author: Steve Lawrence
Email: slawrence@tresys.com
Subject: Minor fixup of checkmodule man page.
Date: Fri, 11 Jun 2010 15:25:58 -0400
On Mon, 2010-05-03 at 13:45 -0400, Daniel J Walsh wrote:
> Quality Engineering is going through all commands on the system looking
> for mismatches between man page/usage and actual code.
>
> It found that checkmodule had a -d option that is unused and undocumented -h
Reviewed-by: Steve Lawrence <slawrence@tresys.com>
I'd just add the long --help option to the man page for completeness:
Signed-off-by: Chad Sellers <csellers@tresys.com>
heckmodule.8
|
| 36fe4c35ee6b86d11db92f047120b3e38ff64fa9 |
14-Jun-2010 |
Daniel J Walsh <dwalsh@redhat.com> |
Author: Daniel J Walsh
Email: dwalsh@redhat.com
Subject: Minor fixup of checkmodule man page.
Date: Mon, 03 May 2010 13:45:30 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Quality Engineering is going through all commands on the system looking
for mismatches between man page/usage and actual code.
It found that checkmodule had a -d option that is unused and undocumented -h
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAkvfC7oACgkQrlYvE4MpobNPrACg0uP02CWYPs9YcdU87jts9YqT
hMAAn2QA1UWZpGLvvU4yxStmhUU1Kg1+
=topF
-----END PGP SIGNATURE-----
Signed-off-by: Chad Sellers <csellers@tresys.com>
heckmodule.8
heckmodule.c
|
| 32cf5d539b4b4852d9de966578eae3ad5560cd63 |
27-Nov-2009 |
Joshua Brindle <method@manicmethod.com> |
bump checkpolicy to 2.0.21, libselinux to 2.0.90 and sepolgen to 1.0.19
hangeLog
ERSION
|
| bf57d2349edec2cfe3d43eb71567a6b851bfc6cd |
02-Nov-2009 |
Guido Trentalancia <guido@trentalancia.com> |
Patch for Ticket #1 [1672486] (checkpolicy/checkmodule)
This patch is proposed to solve Ticket #1 [1672486] (command line
binaries should support --version and --help).
It adds handling of -h, -V and the long formats --help and --version to
all binaries (checkpolicy/checkmodule).
It also adds handling of long options for some of the available options.
Manual pages have also been updated accordingly (and a few undocumented
options have been documented).
Guido Trentalancia
Signed-off-by: Joshua Brindle <method@manicmethod.com>
heckmodule.8
heckmodule.c
heckpolicy.8
heckpolicy.c
|
| f3c3bbd16ae72a627bda0a51ce4f1fbda36d49fe |
14-Oct-2009 |
Joshua Brindle <method@manicmethod.com> |
bump checkpolicy to 2.0.20, libsepol to 2.0.39, sepolgen to 1.0.18
hangeLog
ERSION
|
| f830d96a482af21c4b9328f5efd1cafcec5890e2 |
14-Oct-2009 |
Joshua Brindle <method@manicmethod.com> |
Author: Joshua Brindle
Email: method@manicmethod.com
Subject: libsepol: Add support for multiple target OSes
Date: Tue, 13 Oct 2009 15:56:39 -0400
Paul Nuzzi wrote:
> On Wed, 2009-09-16 at 09:58 -0400, Joshua Brindle wrote:
>> I'd rather have separate ocontext structs for each system. That way it
>> is very easy to understand which ones apply to which system and you
>> don't get a crazy out of context ocontext struct.
>>
>
> I looked into having separate ocontext structs but that would involve
> changing a lot of files making the patch much larger and more intrusive.
>
>>> } u;
>>> union {
>>> uint32_t sclass; /* security class for genfs */
>>> @@ -313,6 +323,17 @@ typedef struct genfs {
>>> #define OCON_NODE6 6 /* IPv6 nodes */
>>> #define OCON_NUM 7
>>>
>>> +/* object context array indices for Xen */
>>> +#define OCON_ISID 0 /* initial SIDs */
>>> +#define OCON_PIRQ 1 /* physical irqs */
>>> +#define OCON_IOPORT 2 /* io ports */
>>> +#define OCON_IOMEM 3 /* io memory */
>>> +#define OCON_DEVICE 4 /* pci devices */
>>> +#define OCON_DUMMY1 5 /* reserved */
>>> +#define OCON_DUMMY2 6 /* reserved */
>>> +#define OCON_NUM 7
>>> +
>>> +
>>>
>> Should these be namespaced? What if<random other system> has io port
>> objects? You'd have to align them with each other and you have a mess of
>> keeping the numbers the same (you already do this with OCON_ISID)
>
> Variables have been namespaced and there is no more overlap with
> OCON_ISID.
>
>> Also we are relying on having the same number of OCON's which isn't good
>> I don't think. As much as I hate the policydb_compat_info (read: alot)
>> why aren't we using that to say how many ocons a xen policy really has?
>
> OCON_NUM is now dynamically read through policydb_compat_info.
>
>
>> This is messy, why not an ocontext_selinux_free() and
>> ocontext_xen_free() (note: I realize the xen_free() one won't do
>> anything except freep the ocontext_t)
>>
>
> done.
>
>>> len = buf[1];
>>> - if (len != strlen(target_str)&&
>>> - (!alt_target_str || len != strlen(alt_target_str))) {
>>> - ERR(fp->handle, "policydb string length %zu does not match "
>>> - "expected length %zu", len, strlen(target_str));
>>> + if (len> 32) {
>>>
>> magic number 32?
>
> #defined.
>
> Thanks for your input. Below is the updated patch for libsepol.
>
Acked-by: Joshua Brindle <method@manicmethod.com>
for the entire patchset with the following diff on top:
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index 76d8ed3..e76bb1a 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -100,8 +100,8 @@ unsigned int policyvers = POLICYDB_VERSION_MAX;
void usage(char *progname)
{
printf
- ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M]"
- "[-c policyvers (%d-%d)] [-o output_file] [-t platform]"
+ ("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject)] [-M]"
+ "[-c policyvers (%d-%d)] [-o output_file] [-t target_platform (selinux,xen)]"
"[input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
Signed-off-by: Joshua Brindle <method@manicmethod.com>
heckpolicy.c
|
| 79d10a8f9889ce0458ff0592ccaf83b273608eb2 |
29-Sep-2009 |
Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> |
checkpolicy: Add support for multiple target OSes
Updated patch of checkpolicy based on input.
On Tue, 2009-09-15 at 12:37 -0400, pjnuzzi wrote:
> Add support for multiple target OSes by adding the -t target option to
> checkpolicy. Implemented the new Xen ocontext identifiers pirqcon,
> pcidevicecon, iomemcon and ioportcon.
>
> Signed-off-by: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
>
> ---
checkpolicy/checkpolicy.c | 20 ++-
checkpolicy/policy_define.c | 272
++++++++++++++++++++++++++++++++++++++++++++
checkpolicy/policy_define.h | 4
checkpolicy/policy_parse.y | 29 ++++
checkpolicy/policy_scan.l | 10 +
5 files changed, 330 insertions(+), 5 deletions(-)
Signed-off-by: Joshua Brindle <method@manicmethod.com>
heckpolicy.c
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
|
| 4e23951fe6e31c5cc46af316daa5d90f06b0cab8 |
17-Feb-2009 |
Joshua Brindle <method@manicmethod.com> |
bump checkpolicy to 2.0.19
hangeLog
ERSION
|
| f7917ea9cf6af752de98a1e742152d813028c669 |
10-Feb-2009 |
Caleb Case <ccase@tresys.com> |
aliases for the boundry format
The boundry format mapped the primary field to a boolean in the
properties bitmap. This is appropriate for the kernel policy, but in
modular policy the primary field may be an integer that indicates the
primary type that is being aliased. In this case, the primary value cannot
be assumed to be boolean.
This patch creates a new module format that writes out the primary value
as was done before the boundry format.
Signed-off-by: Caleb Case <ccase@tresys.com>
Signed-off-by: Joshua Brindle <method@manicmethod.com>
odule_compiler.c
olicy_define.c
|
| 3d431ae08f5349b906879f7a6abd0e2bbd182e92 |
14-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
bump libselinux and checkpolicy versions
hangeLog
ERSION
|
| d5286d7169d13779dae3c745e55969a173634c33 |
14-Oct-2008 |
Stephen Smalley <sds@tycho.nsa.gov> |
Genfscon 'dash' issue
On Tue, 2008-10-14 at 02:00 +0000, korkishko Tymur wrote:
> I have checked policy_parse.y. It has following rule for genfscon:
>
> genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
> {if (define_genfs_context(1)) return -1;}
> | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
> {if (define_genfs_context(1)) return -1;}
> | GENFSCON identifier path security_context_def
> {if (define_genfs_context(0)) return -1;}
>
> The rule for path definition (in policy_scan.l) has already included '-' (dash):
>
> "/"({alnum}|[_.-/])* { return(PATH); }
>
> In my understanding (maybe wrong), path is parsed first (and path might include '-') and only then separate '-' is parsed.
> But it still produces an error if path definition is correct and includes '-'.
>
> Any ideas/patches how to fix grammar rules are welcomed.
This looks like a bug in policy_scan.l - we are not escaping (via
backslash) special characters in the pattern and thus the "-" (dash) is
being interpreted rather than taken literally. The same would seemingly
apply for "." (dot), and would seem relevant not only to PATH but also
for IDENTIFIER. The patch below seems to fix this issue for me:
olicy_scan.l
|
| b04f2af251a5400342fabcc05ce3b280e85a8e0d |
09-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
bump checkpolicy to 2.0.17 and libsepol to 2.0.34
hangeLog
ERSION
|
| 45728407d60a5297deac7aa65fd92adf2412d5f7 |
08-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: KaiGai Kohei
Email: kaigai@ak.jp.nec.com
Subject: Thread/Child-Domain Assignment (rev.2)
Date: Tue, 05 Aug 2008 14:55:52 +0900
[2/3] thread-context-checkpolicy.2.patch
It enables to support TYPEBOUNDS statement and to expand
existing hierarchies implicitly.
Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
--
module_compiler.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++
policy_define.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
policy_define.h | 1
policy_parse.y | 5 ++
policy_scan.l | 2 +
5 files changed, 186 insertions(+), 1 deletion(-)
Signed-off-by: Joshua Brindle <method@manicmethod.com>
odule_compiler.c
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
OPYING
hangeLog
akefile
ERSION
heckmodule.8
heckmodule.c
heckpolicy.8
heckpolicy.c
heckpolicy.h
odule_compiler.c
odule_compiler.h
arse_util.c
arse_util.h
olicy_define.c
olicy_define.h
olicy_parse.y
olicy_scan.l
ueue.c
ueue.h
est/Makefile
est/dismod.c
est/dispol.c
|