History log of /external/selinux/checkpolicy/policy_scan.l
Revision Date Author Comments (<<< Hide modified files) (Show modified files >>>)
99fc177b5af4e1e8855d42d2d01cb93ac7f9d14b 18-Sep-2015 Jeff Vander Stoep <jeffv@google.com> Add neverallow support for ioctl extended permissions

Neverallow rules for ioctl extended permissions will pass in two
cases:
1. If extended permissions exist for the source-target-class set
the test will pass if the neverallow values are excluded.
2. If extended permissions do not exist for the source-target-class
set the test will pass if the ioctl permission is not granted.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Nick Kralevich <nnk@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/policy_scan.l
915fa8f08f4f9a4c437ee8280a4e641872ea59dd 12-Jun-2015 Jeff Vander Stoep <jeffv@google.com> checkpolicy: switch operations to extended perms

The ioctl operations code is being renamed to the more generic
"extended permissions." This commit brings the policy compiler
up to date with the kernel patch.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
/external/selinux/checkpolicy/policy_scan.l
f0290677091e7eee4a3724a2a86ede9e11f93802 17-Mar-2015 Daniel De Graaf <dgdegra@tycho.nsa.gov> libsepol, checkpolicy: add device tree ocontext nodes to Xen policy

In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
/external/selinux/checkpolicy/policy_scan.l
aab2d9f904bf34fdeb6037a76083ce79392c9a82 17-Mar-2015 Daniel De Graaf <dgdegra@tycho.nsa.gov> checkpolicy: Expand allowed character set in paths

In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.

Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
/external/selinux/checkpolicy/policy_scan.l
560af476b89b30410b64e53f78d6d16ce462561d 10-Mar-2015 Stephen Smalley <sds@tycho.nsa.gov> checkpolicy: Fix precedence between number and filesystem tokens.

When the FILESYSTEM token was added to support filesystem names that
start with a digit (e.g. 9p), it was given higher precedence than
NUMBER and therefore all values specified in hex (with 0x prefix)
in policy will incorrectly match FILESYSTEM and yield a syntax error.
This breaks use of iomem ranges in Xen policy and will break ioctl
command ranges in a future SELinux policy version. Switch the
precedence. This does mean that you cannot currently have a filesystem
with a name that happens to be 0x followed by a hexval but hopefully
that isn't an issue.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/policy_scan.l
c4a4a1a7ed42c167a7d4bae06a1fffa8c6c9cb8d 14-Sep-2014 Nicolas Iooss <nicolas.iooss@m4x.org> Fix gcc -Wstrict-prototypes warnings

In C, defining a function with () means "any number of parameters", not
"no parameter". Use (void) instead where applicable and add unused
parameters when needed.

Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/policy_scan.l
832e7017f881f0a66e24170b7a2ff1cd9b113239 14-Sep-2014 Nicolas Iooss <nicolas.iooss@m4x.org> checkpolicy: constify the message written by yyerror and yywarn

Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/policy_scan.l
0e00684f695ea503ef06ff52861d7772acf9ef40 05-Mar-2014 Stephen Smalley <sds@tycho.nsa.gov> Report source file and line information for neverallow failures.

Change-Id: I0def97a5f2f6097e2dad7bcd5395b8fa740d7073
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/policy_scan.l
4d2dd334114d12623c1249fc07463714b6151873 09-Oct-2013 Dan Walsh <dwalsh@redhat.com> Allow " " and ":" in file name transtions

We have added a couple of file name transtitions that required a space and a colon.
/external/selinux/checkpolicy/policy_scan.l
693f5241fdd5ae7e89d4312b85443c0fc1b1a57d 18-Dec-2012 Eric Paris <eparis@redhat.com> checkpolicy: libsepol: implement default type policy syntax

We currently have a mechanism in which the default user, role, and range
can be picked up from the source or the target object. This implements
the same thing for types. The kernel will override this with type
transition rules and similar. This is just the default if nothing
specific is given.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/policy_scan.l
da752cabb5b25974ef6b45274a59344d594a2130 23-Feb-2012 Stephen Smalley <sds@tycho.nsa.gov> checkpolicy: Android/MacOS X build support

Android/MacOS X build support for checkpolicy.
Create a Android.mk file for Android build integration.
Introduce DARWIN ifdefs for building on MacOS X.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/policy_scan.l
0eed03e7561a979dfd29201180a201a911ac51a6 04-Apr-2012 Dan Walsh <dwalsh@redhat.com> checkpolicy: sepolgen: We need to support files that have a + in them

Filenames can have a +, so we should be able to parse and handle those
files.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/policy_scan.l
09c783c9a36cd47216df827c5d2c21ec8cd613e2 05-Dec-2011 Eric Paris <eparis@redhat.com> libsepol: checkpolicy: implement new default labeling behaviors

We would like to be able to say that the user, role, or range of a newly
created object should be based on the user, role, or range of either the
source or the target of the creation operation. aka, for a new file
this could be the user of the creating process or the user or the parent
directory. This patch implements the new language and the policydb
support to give this information to the kernel.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/policy_scan.l
b6ccfd7c9135109f3876c067c314f03bd67cbc39 14-Nov-2011 Eric Paris <eparis@redhat.com> checkpolicy: allow ~ in filename transition rules

We found that we wanted a filename transition rule for ld.so.cache~
however ~ was not a valid character in a filename.

Fix-from: Miroslav Grepl <mgrepl@redhat.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/policy_scan.l
fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65 02-Nov-2011 Eric Paris <eparis@redhat.com> Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"

This reverts commit d72a9ec825ef2a8723510f62292cf2adfd4a2a6c. It should
never have been added. It breaks the correct wrapping of filenames in "
/external/selinux/checkpolicy/policy_scan.l
80f26c5ee865993264ef638480c6a05ab574f7c0 01-Sep-2011 Harry Ciao <qingtao.cao@windriver.com> checkpolicy: Separate tunable from boolean during compile.

Both boolean and tunable keywords are processed by define_bool_tunable(),
argument 0 and 1 would be passed for boolean and tunable respectively.
For tunable, a TUNABLE flag would be set in cond_bool_datum_t.flags.

Note, when creating an if-else conditional we can not know if the
tunable identifier is indeed a tunable(for example, a boolean may be
misused in tunable_policy() or vice versa), thus the TUNABLE flag
for cond_node_t would be calculated and used in expansion when all
booleans/tunables copied during link.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/policy_scan.l
d72a9ec825ef2a8723510f62292cf2adfd4a2a6c 12-Apr-2011 Dan Walsh <dwalsh@redhat.com> checkpolicy: Redo filename/filesystem syntax to support filename trans rules

In order to support filenames, which might start with "." or filesystems
that start with a number we need to rework the matching rules a little
bit. Since the new filename rule is so permissive it must be moved to
the bottom of the matching list to not cover other definitions.

Signed-of-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/policy_scan.l
16675b7f96b7a61ac64180b1824ec04984b72b3b 25-Jul-2011 Harry Ciao <qingtao.cao@windriver.com> Add role attribute support when compiling modules.

1. Add a uint32_t "flavor" field and an ebitmap "roles" to the
role_datum_t structure;

2. Add a new "attribute_role" statement and its handler to declare
a role attribute;

3. Modify declare_role() to setup role_datum_t.flavor according
to the isattr argument;

4. Add a new "roleattribute" rule and its handler, which will record
the regular role's (policy value - 1) into the role attribute's
role_datum_t.roles ebitmap;

5. Modify the syntax for the role-types rule only to define the
role-type associations;

6. Add a new role-attr rule to support the declaration of a single
role, and optionally the role attribute that the role belongs to;

7. Check if the new_role used in role-transition rule is a regular role;

8. Support to require a role attribute;

9. Modify symtab_insert() to allow multiple declarations only for
the regular role, while a role attribute can't be declared more than once
and can't share a same name with another regular role.

Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/policy_scan.l
17ac87ce8374ee635062ee0d9c4176231d3a87bc 12-Jan-2011 James Carter <jwcart2@tycho.nsa.gov> checkpolicy: Allow filesystem names to start with a digit

The patch below allows filesystem names in fs_use_* and genfscon
statements to start with a digit, but still requires at least one
character to be a letter. A new token type for filesystem names is
created since these names having nothing to do with SELinux.

This patch is needed because some filesystem names (such as 9p) start
with a digit.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/policy_scan.l
b42e15ffd5163effe3b2cb910685a5956a00defc 16-May-2011 Steve Lawrence <slawrence@tresys.com> checkpolicy: wrap file names in filename trans with quotes

This wraps the filename token in quotes to make parsing easier and more
clear. The quotes are stripped off before being passed to checkpolicy.
The quote wrapping is only used by filename transitions. This changes
the filename transition syntax to the following:

type_transition source target : object default_type "filename";

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/policy_scan.l
cb271f7d4c1957950f4d1197b4973722705fb5b3 16-May-2011 Steve Lawrence <slawrence@tresys.com> Revert "checkpolicy: use a better identifier for filenames"

This reverts commit d4c230386653db49d8e8116b603efcce4423df70.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/policy_scan.l
d4c230386653db49d8e8116b603efcce4423df70 29-Apr-2011 Daniel J Walsh <dwalsh@redhat.com> checkpolicy: use a better identifier for filenames

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/policy_scan.l
79d10a8f9889ce0458ff0592ccaf83b273608eb2 29-Sep-2009 Paul Nuzzi <pjnuzzi@tycho.ncsc.mil> checkpolicy: Add support for multiple target OSes

Updated patch of checkpolicy based on input.

On Tue, 2009-09-15 at 12:37 -0400, pjnuzzi wrote:
> Add support for multiple target OSes by adding the -t target option to
> checkpolicy. Implemented the new Xen ocontext identifiers pirqcon,
> pcidevicecon, iomemcon and ioportcon.
>
> Signed-off-by: Paul Nuzzi <pjnuzzi@tycho.ncsc.mil>
>
> ---

checkpolicy/checkpolicy.c | 20 ++-
checkpolicy/policy_define.c | 272
++++++++++++++++++++++++++++++++++++++++++++
checkpolicy/policy_define.h | 4
checkpolicy/policy_parse.y | 29 ++++
checkpolicy/policy_scan.l | 10 +
5 files changed, 330 insertions(+), 5 deletions(-)

Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/checkpolicy/policy_scan.l
d5286d7169d13779dae3c745e55969a173634c33 14-Oct-2008 Stephen Smalley <sds@tycho.nsa.gov> Genfscon 'dash' issue

On Tue, 2008-10-14 at 02:00 +0000, korkishko Tymur wrote:
> I have checked policy_parse.y. It has following rule for genfscon:
>
> genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
> {if (define_genfs_context(1)) return -1;}
> | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
> {if (define_genfs_context(1)) return -1;}
> | GENFSCON identifier path security_context_def
> {if (define_genfs_context(0)) return -1;}
>
> The rule for path definition (in policy_scan.l) has already included '-' (dash):
>
> "/"({alnum}|[_.-/])* { return(PATH); }
>
> In my understanding (maybe wrong), path is parsed first (and path might include '-') and only then separate '-' is parsed.
> But it still produces an error if path definition is correct and includes '-'.
>
> Any ideas/patches how to fix grammar rules are welcomed.

This looks like a bug in policy_scan.l - we are not escaping (via
backslash) special characters in the pattern and thus the "-" (dash) is
being interpreted rather than taken literally. The same would seemingly
apply for "." (dot), and would seem relevant not only to PATH but also
for IDENTIFIER. The patch below seems to fix this issue for me:
/external/selinux/checkpolicy/policy_scan.l
45728407d60a5297deac7aa65fd92adf2412d5f7 08-Oct-2008 Joshua Brindle <method@manicmethod.com> Author: KaiGai Kohei
Email: kaigai@ak.jp.nec.com
Subject: Thread/Child-Domain Assignment (rev.2)
Date: Tue, 05 Aug 2008 14:55:52 +0900

[2/3] thread-context-checkpolicy.2.patch
It enables to support TYPEBOUNDS statement and to expand
existing hierarchies implicitly.

Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com>
--
module_compiler.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++
policy_define.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++-
policy_define.h | 1
policy_parse.y | 5 ++
policy_scan.l | 2 +
5 files changed, 186 insertions(+), 1 deletion(-)

Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/checkpolicy/policy_scan.l
13cd4c8960688af11ad23b4c946149015c80d549 19-Aug-2008 Joshua Brindle <method@manicmethod.com> initial import from svn trunk revision 2950
/external/selinux/checkpolicy/policy_scan.l