77779d2ca5a0c6efd113ff34cee432d5bb951f09 |
|
10-Sep-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsepol/cil: Add userattribute{set} functionality This adds a userattribute statement that may be used in userroles and constraints. The syntax is the same as typeattributset. Also, disallow roleattributes where roles are accepted in contexts. Specify a userattribute (userattribute foo) Add users to the set foo (userattributeset foo (u1 u2)) Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_binary.h
|
bea07710d0c269e28215f871494dace902b05ac1 |
|
11-Jun-2015 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Track number of classes and number of types and attributes. These values are stored in the CIL db so they can be used to determine how much memory is needed for mapping libsepol values to CIL data. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_binary.h
|
beb01ceb49d561dfeac03898d9dd12c724ed5e1c |
|
10-Jun-2015 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Refactored CIL neverallow checking and reporting. Use the libsepol neverallow checking to determine if a given neverallow rule is violated. If a violation is found, use the function cil_find_matching_avrule_in_ast() to find the AST node of the particular rule that violates the neverallow. This allows CIL to provide a more informative error message that includes the file and line number of the node and all of its parents. Example error report: Neverallow check failed at line 31285 of cil.conf.neverallow (neverallow typeset4 self (memprotect (mmap_zero))) <root> booleanif at line 152094 of cil.conf.neverallow true at line 152095 of cil.conf.neverallow allow at line 152096 of cil.conf.neverallow (allow ada_t self (memprotect (mmap_zero))) Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_binary.h
|
8147bc762241b899444e43557c45f7f79c707502 |
|
13-Feb-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol: clean up the CIL API - No longer require the caller to create a sepol_policydb. CIL is now responsible for that - Since the user is no longer responsible for creating the policydb, two functions are added to let CIL know how it should configure the policydb, to set the policy version and the target platform - Some functions, like cil_compile, do not need a policydb. Additionally some functions, like cil_filecons_to_string use the policydb, but could be rewritten to not require it. In these cases, remove the policydb from the API, and rewrite functions so they don't depend on it. The only function that uses a policydb is cil_build_policydb - Add functions and symbolic versioning to maintain binary backwards compatability. API backwards compatability is not maintained Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil_binary.h
|
bb0f8beff890195cfd459c67230c6130c86b3214 |
|
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit 'b19eafb97feb6389d78e1693f276fc5b10e25bd6' as 'libsepol/cil'
|