192153db43c59e5ca460b2a8cd4605de91cfd511 |
|
06-Feb-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Make print_error_msg() static The function print_error_msg() in module_compiler.c is not called externally, so make it static. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
5d56c2679d3fff113c76bd8bd7846628a2e46f04 |
|
31-Jan-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Remove uneeded return check in require_symbol() Since symtab_insert() no longer returns -2 in the case of a declaration of an identifier followed by a require of the same symbol, remove the uneeded check. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
b6f3e0086fdf0ffb8a5e1ff34245596bc67007f3 |
|
31-Jan-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Improve check for identifier flavor mismatch An identifier flavor mismatch occurs when an identifier is declared or required as a regular role or type in one place but as an attribute in another place. Currently there is only a check for an identifier flavor mismatch when a type has already been declared and there is a require of the same type in the same scope. There are no checks if the require comes first and there are no checks for roles. Check for an identifier flavor mismatch for both roles and types whenever a declaration or requirement tries to add an identifier that is already in the symtab. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
d676e7ce3c618c9f3ce8d50fce9ef64772e1e677 |
|
31-Jan-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Move common require and declare code into new function Move common code from declare_symbol() and require_symbol() to a new function named create_symbol(). Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
a7a0678999e3b1fd4b36743d8a3c909dc7a2ded4 |
|
31-Jan-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Cleanup error messages Add the new function print_error_msg() to print an error message based on the local error number and symbol_type. Remove the duplicate switch statements used throughout module_complier.c to display error messages. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
a141c0d19fccd1f19203e5e80ddbc74380636012 |
|
31-Jan-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Create common function for user declares and requires Move common code out of declare_user() and require_user() into the new function create_user(). Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
bd0576805769a93075a79315598c4c54f55778ed |
|
31-Jan-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Create common function for role declares and requires Move common code out of declare_role() and require_role_or_attribute() into the new function create_role(). Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
daaaf28bfb66c2c56cfdf500916356c0ef0373a4 |
|
31-Jan-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
checkpolicy: Create common function for type declares and requires Move common code out of declare_type() and require_type_or_attribute() into the new function create_type(). Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/checkpolicy/module_compiler.c
|
93b2e5fa0763425f950598442a91fcab9314094b |
|
12-Jun-2015 |
Dan Albert <danalbert@google.com> |
Fix -Wreturn-type issues. --089e013a1a2abb8ecf0518469d04 Content-Type: text/plain; charset=UTF-8 assert() only prevents -Wreturn-type from firing if asserts are enabled. Use abort() so we don't do unexpected things even if we use -UNDEBUG. <div dir="ltr"><div>assert() only prevents -Wreturn-type from firing if asserts are</div><div>enabled. Use abort() so we don't do unexpected things even if we use</div><div>-UNDEBUG.</div></div> From b53ad041daa53f511baccc860b6fe6993590aa87 Mon Sep 17 00:00:00 2001 From: Dan Albert <danalbert@google.com> Date: Wed, 10 Jun 2015 17:01:23 -0700 Subject: [PATCH] Fix -Wreturn-type issues. To: selinux@tycho.nsa.gov Cc: nnk@google.com, sds@tycho.nsa.gov assert() only prevents -Wreturn-type from firing if asserts are enabled. Use abort() so we don't do unexpected things even if we use -UNDEBUG.
/external/selinux/checkpolicy/module_compiler.c
|
5af8c5adb274cc45d3a41ce9b1ab2c7573463d74 |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix gcc -Wunused-variable warnings Add __attribute__ ((unused)) to unused function parameters. Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/module_compiler.c
|
581d3eb1281f7c970376649f5027df012269935a |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix gcc -Wsign-compare warnings Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/module_compiler.c
|
832e7017f881f0a66e24170b7a2ff1cd9b113239 |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: constify the message written by yyerror and yywarn Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/module_compiler.c
|
8db96d0cb4feb1323488a5e04a3d4623ba22ffce |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: add printf format attribute to relevant functions Once __attribute__ ((format(printf, 1, 2))) is added to yyerror2, "gcc -Wformat -Wformat-security" shows some issues. Fix them. Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/module_compiler.c
|
80f26c5ee865993264ef638480c6a05ab574f7c0 |
|
01-Sep-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
checkpolicy: Separate tunable from boolean during compile. Both boolean and tunable keywords are processed by define_bool_tunable(), argument 0 and 1 would be passed for boolean and tunable respectively. For tunable, a TUNABLE flag would be set in cond_bool_datum_t.flags. Note, when creating an if-else conditional we can not know if the tunable identifier is indeed a tunable(for example, a boolean may be misused in tunable_policy() or vice versa), thus the TUNABLE flag for cond_node_t would be calculated and used in expansion when all booleans/tunables copied during link. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/module_compiler.c
|
16675b7f96b7a61ac64180b1824ec04984b72b3b |
|
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Add role attribute support when compiling modules. 1. Add a uint32_t "flavor" field and an ebitmap "roles" to the role_datum_t structure; 2. Add a new "attribute_role" statement and its handler to declare a role attribute; 3. Modify declare_role() to setup role_datum_t.flavor according to the isattr argument; 4. Add a new "roleattribute" rule and its handler, which will record the regular role's (policy value - 1) into the role attribute's role_datum_t.roles ebitmap; 5. Modify the syntax for the role-types rule only to define the role-type associations; 6. Add a new role-attr rule to support the declaration of a single role, and optionally the role attribute that the role belongs to; 7. Check if the new_role used in role-transition rule is a regular role; 8. Support to require a role attribute; 9. Modify symtab_insert() to allow multiple declarations only for the regular role, while a role attribute can't be declared more than once and can't share a same name with another regular role. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/module_compiler.c
|
516cb2a264448421bff692f47f61e8cf2a74237e |
|
28-Mar-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: add support for using last path component in type transition rules This patch adds support for using the last path component as part of the information in making labeling decisions for new objects. A example rule looks like so: type_transition unconfined_t etc_t:file system_conf_t eric; This rule says if unconfined_t creates a file in a directory labeled etc_t and the last path component is "eric" (no globbing, no matching magic, just exact strcmp) it should be labeled system_conf_t. The kernel and policy representation does not have support for such rules in conditionals, and thus policy explicitly notes that fact if such a rule is added to a conditional. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/module_compiler.c
|
f7917ea9cf6af752de98a1e742152d813028c669 |
|
10-Feb-2009 |
Caleb Case <ccase@tresys.com> |
aliases for the boundry format The boundry format mapped the primary field to a boolean in the properties bitmap. This is appropriate for the kernel policy, but in modular policy the primary field may be an integer that indicates the primary type that is being aliased. In this case, the primary value cannot be assumed to be boolean. This patch creates a new module format that writes out the primary value as was done before the boundry format. Signed-off-by: Caleb Case <ccase@tresys.com> Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/checkpolicy/module_compiler.c
|
45728407d60a5297deac7aa65fd92adf2412d5f7 |
|
08-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: KaiGai Kohei Email: kaigai@ak.jp.nec.com Subject: Thread/Child-Domain Assignment (rev.2) Date: Tue, 05 Aug 2008 14:55:52 +0900 [2/3] thread-context-checkpolicy.2.patch It enables to support TYPEBOUNDS statement and to expand existing hierarchies implicitly. Signed-off-by: KaiGai Kohei <kaigai@ak.jp.nec.com> -- module_compiler.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++ policy_define.c | 93 +++++++++++++++++++++++++++++++++++++++++++++++++++++- policy_define.h | 1 policy_parse.y | 5 ++ policy_scan.l | 2 + 5 files changed, 186 insertions(+), 1 deletion(-) Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/checkpolicy/module_compiler.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/checkpolicy/module_compiler.c
|