a58c158840adfad1cfb6259aa3a39c229557a570 |
|
12-Apr-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Add ability to expand some attributes in binary policy Originally, all type attributes were expanded when building a binary policy. As the policy grew, binary policy sizes became too large, so changes were made to keep attributes in the binary policy to minimize policy size. Keeping attributes works well as long as each type does not have too many attributes. If an access check fails for types t1 and t2, then additional checks must be made for every attribute that t1 is a member of against t2 and all the attributes that t2 is a member of. This is O(n*m) behavior and there are cases now where this is becoming a performance issue. Attributes are more aggressively removed than before. An attribute will now be removed if it only appears in rules where attributes are always expanded (typetransition, typechange, typemember, roletransition, rangetransition, roletype, and AV Rules with self). Attributes that are used in constraints are always kept because the attribute name is stored for debugging purposes in the binary policy. Attributes that are used in neverallow rules, but not in other AV rules, will be kept unless the attribute is auto-generated. Attributes that are only used in AV rules other than neverallow rules are kept unless the number of types assigned to them is less than the value of attrs_expand_size in the CIL db. The default is 1, which means that any attribute that has no types assigned to it will be expanded (and the rule removed from the policy), which is CIL's current behavior. The value can be set using the function cil_set_attrs_expand_size(). Auto-generated attributes that are used only in neverallow rules are always expanded. The rest are kept by default, but if the value of attrs_expand_generated in the CIL db is set to true, they will be expanded. The function cil_set_attrs_expand_generated() can be used to set the value. When creating the binary policy, CIL will expand all attributes that are being removed and it will expand all attributes with less members than the value specified by attrs_expand_size. So even if an attribute is used in a constraint or neverallow and the attribute itself will be included in the binary policy, it will be expanded when writing AV rules if it has less members than attrs_expand_size. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov> (cherry-picked from commit 0be23c3f15fdbef35a57d8586aeeae9b1f7606cc) Bug: 36508258 Test: Build and boot Marlin Change-Id: Id655faa8d5cbcf3606f53b0aa0c10680eaafebef
/external/selinux/libsepol/cil/src/cil.c
|
3fe4499f7d554fee8d1f474fd7f0aec646ea403a |
|
28-Nov-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Add ability to write policy.conf file from CIL AST The ability to create a policy.conf file from the CIL AST has been a desire from the beginning to assist in debugging and for general flexibility. Some work towards this end was started early in CIL's history, but cil_policy.c has not been remotely functional in a long time. Until now. The function cil_write_policy_conf() will write a policy.conf file from a CIL AST after cil_build_ast(), cil_resolve_ast(), cil_fqn_qualify(), and cil_post_process() have been called. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
2d1380f8115643441aff6ffce77b214579b8cbfd |
|
31-Oct-2016 |
Jason Zaman <jason@perfinion.com> |
libsepol: Add symver with explicit version to build with ld.gold The blank default symver fails to compile with ld.gold. This updates the symver from blank to LIBSEPOL_1.0. The dynamic linker will first look for the symbol with the explicit version specified. If there is none, it will pick the first listed symbol so there is no breakage. This also matches how symvers are defined in libsemanage. Signed-off-by: Jason Zaman <jason@perfinion.com>
/external/selinux/libsepol/cil/src/cil.c
|
46b3a555981927b47d6a19bd941ccd99085cce18 |
|
05-May-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Replace cil_log() calls with cil_tree_log() Replace all calls to cil_log() that print path information with a call to cil_tree_log() which will also print information about any high-level sources. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
875a6bcbe8885c927122c6931b3a01d821e04b10 |
|
05-May-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Add high-level language line marking support Adds support for tracking original file and line numbers for better error reporting when a high-level language is translated into CIL. This adds a field called "hll_line" to struct cil_tree_node which increases memory usage by 5%. Syntax: ;;* lm(s|x) LINENO FILENAME (CIL STATEMENTS) ;;* lme lms is used when each of the following CIL statements corresponds to a line in the original file. lmx is used when the following CIL statements are all expanded from a single high-level language line. lme ends a line mark block. Example: ;;* lms 1 foo.hll (CIL-1) (CIL-2) ;;* lme ;;* lmx 10 bar.hll (CIL-3) (CIL-4) ;;* lms 100 baz.hll (CIL-5) (CIL-6) ;;* lme (CIL-7) ;;* lme CIL-1 is from line 1 of foo.hll CIL-2 is from line 2 of foo.hll CIL-3 is from line 10 of bar.hll CIL-4 is from line 10 of bar.hll CIL-5 is from line 100 of baz.hll CIL-6 is from line 101 of baz.hll CIL-7 is from line 10 of bar.hll Based on work originally done by Yuli Khodorkovskiy of Tresys. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
3895fbbe0cf2ec52d6b6eda66084b6e9f8d88fb2 |
|
06-Apr-2016 |
Richard Haines <richard_c_haines@btinternet.com> |
selinux: Add support for portcon dccp protocol This adds CIL and checkpolicy support for the (portcon dccp ...) statement. The kernel already handles name_bind and name_connect permissions for the dccp_socket class. Signed-off-by: Richard Haines <richard_c_haines@btinternet.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
f5602f5ff980435ee2aefed35ba643310ceeac25 |
|
01-Dec-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Add support for neverallowx Add a new statement, neverallowx, which has the same syntax as allowx: (neverallowx foo bar (ioctl file (range 0x2000 0x20FF))) (allowx foo bar (ioctl file (0x20A0))) ; this fails Much of the changes just move functions around or split functions up to ease the sharing of avrule and avrulex comparisons with neverallows. This refactoring also modifies the avrule struct to include a union of either class permission information for standard avrules or extended permission information for extended avrules, also done to support sharing code. This also changes assertion.c and avtab.c to allow check_assertion_avtab_match to work with extended avrules. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil.c
|
71dd7b71338e832da8e446d565e6cd871b8a08f6 |
|
10-Nov-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
secilc: Add support for unordered classes Resolves https://github.com/SELinuxProject/cil/issues/3 An 'unordered' keyword provides the ability to append classes to the current list of ordered classes. This allows users to not need knowledge of existing classes when creating a class and fixes dependencies on classes when removing a module. This enables userspace object managers with custom objects to be modularized. If a class is declared in both an unordered and ordered statement, then the ordered statement will supercede the unordered declaration. Example usage: ; Appends new_class to the existing list of classes (class new_class ()) (classorder (unordered new_class)) Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
77779d2ca5a0c6efd113ff34cee432d5bb951f09 |
|
10-Sep-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsepol/cil: Add userattribute{set} functionality This adds a userattribute statement that may be used in userroles and constraints. The syntax is the same as typeattributset. Also, disallow roleattributes where roles are accepted in contexts. Specify a userattribute (userattribute foo) Add users to the set foo (userattributeset foo (u1 u2)) Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
ef93dfe0393c4a60483c3f7729dd98a2f886606a |
|
28-Aug-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: add ioctl whitelist support Add three new extended avrule statements with the following syntax: (allowx source_type target_type permissionx) (auditallowx source_type target_type permissionx) (dontauditx source_type target_type permissionx) source_type - type, typeattribute, or typealias target_type - type, typeattribute, typealias, or "self" keyword permissionx - named or anonymous permissionx statement, which has the syntax: (permissionx name (kind object expression)) name - unique identifier of the permissionx statement kind - must be "ioctl"; could be extended in the future object - class or classmap expression - standard CIL expression containing hexadecimal values, prefixed with '0x', and the expression keywords 'or', 'xor', 'and', 'not', 'range', or 'all'. Values must be between 0x0000 and 0xFFFF. Values may also be provided in decimal, or in octal if starting with '0'. For example: (allowx src_t tgt_t (ioctl cls (0x1111 0x1222 0x1333))) (allowx src_t tgt_t (ioctl cls (range 0x1400 0x14FF))) (allowx src_t tgt_t (ioctl cls (and (range 0x1600 0x19FF) (not (range 0x1750 0x175F))))) (permissionx ioctl_nodebug (ioctl cls (not (range 0x2010 0x2013)))) (allowx src_t tgt_t ioctl_nodebug) Signed-off-by: Steve Lawrence <slawrence@tresys.com> Acked-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
5eae956abf90ccd832e04697f436e2dfeb8e4c25 |
|
22-Jul-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Improve resolution error messages In some cases, if a statement failed to resolve inside an optional, we would still log a failed to resolve error message, even though the optional was disabled and everything successfully compiled. This was confusing. Additionally, if a resolution failure occurred outside of an optional, the error message did not include the actual name that could not be resolved--it only logged the statement type (e.g. allow, booleanif, etc.) and file/line number. This patch removes resolution error messages which should not always be printed, as well as improves the resolution failure message to also print the last name that was attempted to be resolved. Also makes some less important error messages INFO rather than WARN, which tended to just clutter things and hide actual error messages. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil.c
|
bea07710d0c269e28215f871494dace902b05ac1 |
|
11-Jun-2015 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Track number of classes and number of types and attributes. These values are stored in the CIL db so they can be used to determine how much memory is needed for mapping libsepol values to CIL data. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
16796d8dc19cffe55896b75e4a88832f2a25450b |
|
15-Apr-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsepol: Don't use symbol versioning for static object files Libraries such as libqpol that link with libsepol statically do not understand the symbolic versioning in libsepol. This patch disables the symbolic versioning in libsepol if building the static library or building for Android. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil.c
|
cacf51cef0f4d5ccbb7bc896b768519ec68a2ef1 |
|
02-Apr-2015 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol, secilc: Fix build for Android The Android build does not like the symbol versioning introduced by commit 8147bc7; the build fails with: host SharedLib: libsepol (out/host/linux-x86/obj/lib/libsepol.so) prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8//x86_64-linux/bin/ld: error: symbol cil_build_policydb has undefined version prebuilts/gcc/linux-x86/host/x86_64-linux-glibc2.15-4.8//x86_64-linux/bin/ld: error: symbol cil_build_policydb has undefined version LIBSEPOL_1.1 clang: error: linker command failed with exit code 1 (use -v to see invocation) Omit the versioned symbols and simply use the current interfaces when building on Android. Commit 36f62b7 also broke the Android build by moving secilc out of libsepol, because the libsepol headers were not installed by the Android.mk file. Export the required libsepol headers for use by secilc and adjust secilc to pick them up from the right location on Android. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
f0290677091e7eee4a3724a2a86ede9e11f93802 |
|
17-Mar-2015 |
Daniel De Graaf <dgdegra@tycho.nsa.gov> |
libsepol, checkpolicy: add device tree ocontext nodes to Xen policy In Xen on ARM, device tree nodes identified by a path (string) need to be labeled by the security policy. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil.c
|
8147bc762241b899444e43557c45f7f79c707502 |
|
13-Feb-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol: clean up the CIL API - No longer require the caller to create a sepol_policydb. CIL is now responsible for that - Since the user is no longer responsible for creating the policydb, two functions are added to let CIL know how it should configure the policydb, to set the policy version and the target platform - Some functions, like cil_compile, do not need a policydb. Additionally some functions, like cil_filecons_to_string use the policydb, but could be rewritten to not require it. In these cases, remove the policydb from the API, and rewrite functions so they don't depend on it. The only function that uses a policydb is cil_build_policydb - Add functions and symbolic versioning to maintain binary backwards compatability. API backwards compatability is not maintained Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil.c
|
28ae74e112a031e1aeb22a2083568a881491b6db |
|
18-Feb-2015 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '76ba6eaa7333483a8cc0c73a7880f7acf99c2656'
|
72dc45bf5488a957d9db32531749a55fea414619 |
|
03-Dec-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '80afe7b2ce0b06f93b6b3a07e58cab1aee8afc91'
|
bbbd58e1252a06550810ae6f7b40b867841da918 |
|
02-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit 'a3abb2c05301b24ad2f8307d07734d89ddf808d8' into merge
|
bb0f8beff890195cfd459c67230c6130c86b3214 |
|
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit 'b19eafb97feb6389d78e1693f276fc5b10e25bd6' as 'libsepol/cil'
|