1089665e31a647a5f0ba2eabe8ac6232b384bed9 |
|
04-May-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Add attribute expansion options This commit adds attribute expansion statements to the policy language allowing compiler defaults to be overridden. Always expands an attribute example: expandattribute { foo } true; CIL example: (expandtypeattribute (foo) true) Never expand an attribute example: expandattribute { bar } false; CIL example: (expandtypeattribute (bar) false) Adding the annotations directly to policy was chosen over other methods as it is consistent with how targeted runtime optimizations are specified in other languages. For example, in C the "inline" command. Motivation expandattribute true: Android has been moving away from a monolithic policy binary to a two part split policy representing the Android platform and the underlying vendor-provided hardware interface. The goal is a stable API allowing these two parts to be updated independently of each other. Attributes provide an important mechanism for compatibility. For example, when the vendor provides a HAL for the platform, permissions needed by clients of the HAL can be granted to an attribute. Clients need only be assigned the attribute and do not need to be aware of the underlying types and permissions being granted. Inheriting permissions via attribute creates a convenient mechanism for independence between vendor and platform policy, but results in the creation of many attributes, and the potential for performance issues when processes are clients of many HALs. [1] Annotating these attributes for expansion at compile time allows us to retain the compatibility benefits of using attributes without the performance costs. [2] expandattribute false: Commit 0be23c3f15fd added the capability to aggresively remove unused attributes. This is generally useful as too many attributes assigned to a type results in lengthy policy look up times when there is a cache miss. However, removing attributes can also result in loss of information used in external tests. On Android, we're considering stripping neverallow rules from on-device policy. This is consistent with the kernel policy binary which also did not contain neverallows. Removing neverallow rules results in a 5-10% decrease in on-device policy build and load and a policy size decrease of ~250k. Neverallow rules are still asserted at build time and during device certification (CTS). If neverallow rules are absent when secilc is run, some attributes are being stripped from policy and neverallow tests in CTS may be violated. [3] This change retains the aggressive attribute stripping behavior but adds an override mechanism to preserve attributes marked as necessary. [1] https://github.com/SELinuxProject/cil/issues/9 [2] Annotating all HAL client attributes for expansion resulted in system_server's dropping from 19 attributes to 8. Because these attributes were not widely applied to other types, the final policy size change was negligible. [3] data_file_type and service_manager_type are stripped from AOSP policy when using secilc's -G option. This impacts 11 neverallow tests in CTS. Test: Build and boot Marlin with all hal_*_client attributes marked for expansion. Verify (using seinfo and sesearch) that permissions are correctly expanded from attributes to types. Test: Mark types being stripped by secilc with "preserve" and verify that they are retained in policy and applied to the same types. Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
0be23c3f15fdbef35a57d8586aeeae9b1f7606cc |
|
12-Apr-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Add ability to expand some attributes in binary policy Originally, all type attributes were expanded when building a binary policy. As the policy grew, binary policy sizes became too large, so changes were made to keep attributes in the binary policy to minimize policy size. Keeping attributes works well as long as each type does not have too many attributes. If an access check fails for types t1 and t2, then additional checks must be made for every attribute that t1 is a member of against t2 and all the attributes that t2 is a member of. This is O(n*m) behavior and there are cases now where this is becoming a performance issue. Attributes are more aggressively removed than before. An attribute will now be removed if it only appears in rules where attributes are always expanded (typetransition, typechange, typemember, roletransition, rangetransition, roletype, and AV Rules with self). Attributes that are used in constraints are always kept because the attribute name is stored for debugging purposes in the binary policy. Attributes that are used in neverallow rules, but not in other AV rules, will be kept unless the attribute is auto-generated. Attributes that are only used in AV rules other than neverallow rules are kept unless the number of types assigned to them is less than the value of attrs_expand_size in the CIL db. The default is 1, which means that any attribute that has no types assigned to it will be expanded (and the rule removed from the policy), which is CIL's current behavior. The value can be set using the function cil_set_attrs_expand_size(). Auto-generated attributes that are used only in neverallow rules are always expanded. The rest are kept by default, but if the value of attrs_expand_generated in the CIL db is set to true, they will be expanded. The function cil_set_attrs_expand_generated() can be used to set the value. When creating the binary policy, CIL will expand all attributes that are being removed and it will expand all attributes with less members than the value specified by attrs_expand_size. So even if an attribute is used in a constraint or neverallow and the attribute itself will be included in the binary policy, it will be expanded when writing AV rules if it has less members than attrs_expand_size. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
6707526f1f0ee255342f275651d46f800d18a334 |
|
17-Mar-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: avoid freeing uninitialized values cil_resolve_ast() begins by checking whether one of its parameters is NULL and "goto exit;" when it is the case. As extra_args has not been initialized there, this leads to calling cil_destroy_tree_node_stack(), __cil_ordered_lists_destroy()... on garbage values. In practise this cannot happen because cil_resolve_ast() is only called by cil_compile() after cil_build_ast() succeeded. As the if condition exists nonetheless, fix the body of the if block in order to silence a warning reported by clang Static Analyzer. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
ddaf0afec7c640c752979de2ed7ff8991aaef6f8 |
|
27-Feb-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: do not dereference args before checking it was not null Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
7fe9a7be312b6889840f8e05db16da848aca0e10 |
|
19-Feb-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: use __cil_ordered_lists_destroy() to free unordered_classorder_lists In cil_resolve_ast, unordered_classorder_lists is a list of cil_ordered_list. It needs to be destroyed with __cil_ordered_lists_destroy() to free all associated memory. This has been tested with the following policy: (class CLASS1 ()) (class CLASS2 ()) (classorder (unordered CLASS1)) (classorder (CLASS2)) This memory leak has been found by running clang's Address Sanitizer on a set of policies generated by American Fuzzy Lop. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
9edcf28a042f406cfb5eee50daafb6f3c18e4181 |
|
08-Feb-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Destroy cil_tree_node stacks when finished resolving AST CIL uses separate cil_tree_node stacks for optionals and blocks to check for statements not allowed in optionals or blocks and to know which optional to disable when necessary. But these stacks were not being destroyed when exiting cil_resolve_ast(). This is not a problem normally because the stacks will be empty, but this is not the case when exiting with an error. Destroy both tree node stacks when exiting to ensure that they are empty. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
2eefb20d8ff47d764e5127de2879be9e8eac4d33 |
|
02-Nov-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Exit with an error for an unknown map permission Nicholas Iooss discovered that using an unknown permission with a map class will cause a segfault. CIL will only give a warning when it fails to resolve an unknown permission to support the use of policy module packages that use permissions that don't exit on the current system. When resolving the unknown map class permission an empty list is used to represent the unknown permission. When it is evaluated later the list is assumed to be a permission and a segfault occurs. There is no reason to allow unknown class map permissions because the class maps and permissions are defined by the policy. Exit with an error when failing to resolve a class map permission. Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
410634d650aef93750e58420d4d04588a6dbf43a |
|
18-Oct-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Verify neither child nor parent in a bounds is an attribute Nicolas Iooss found while fuzzing secilc with AFL that using an attribute as a child in a typebounds statement will cause a segfault. This happens because the child datum is assumed to be part of a cil_type struct when it is really part of a cil_typeattribute struct. The check to verify that it is a type and not an attribute comes after it is used. This bug effects user and role bounds as well because they do not check whether a datum refers to an attribute or not. Add checks to verify that neither the child nor the parent datum refer to an attribute before using them in user, role, and type bounds. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
0fcc430add4c1b5514e402f09001b07c75458344 |
|
18-Oct-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Verify alias in aliasactual statement is really an alias Nicolas Iooss found while fuzzing secilc with AFL that the statement "(sensitivityaliasactual SENS SENS)" will cause a segfault. The segfault occurs because when the aliasactual is resolved the first identifier is assumed to refer to an alias structure, but it is not. Add a check to verify that the datum retrieved is actually an alias and exit with an error if it is not. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
da51020d6f334e02498f9deb470159675923ac29 |
|
18-Oct-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Use an empty list to represent an unknown permission Nicolas Iooss found while fuzzing secilc with AFL that the statement "(classpermissionset CPERM (CLASS (and unknow PERM)))" will cause a segfault. In order to support a policy module package using a permission that does not exist on the system it is loaded on, CIL will only give a warning when it fails to resolve an unknown permission. CIL itself will just ignore the unknown permission. This means that an expression like "(and UNKNOWN p1)" will look like "(and p1)" to CIL, but, since syntax checking has already been done, CIL won't know that the expression is not well-formed. When the expression is evaluated a segfault will occur because all expressions are assumed to be well-formed at evaluation time. Use an empty list to represent an unknown permission so that expressions will continue to be well-formed and expression evaluation will work but the unknown permission will still be ignored. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
f1ba58a199fff4e146206e83048a083c7a61677c |
|
03-Oct-2016 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: make cil_resolve_name() fail for '.' This CIL policy makes secilc crash with a NULL pointer dereference: (class CLASS (PERM)) (classorder (CLASS)) (sid SID) (sidorder (SID)) (user USER) (role ROLE) (type TYPE) (category CAT) (categoryorder (CAT)) (sensitivity SENS) (sensitivityorder (SENS)) (sensitivitycategory SENS (CAT)) (allow TYPE self (CLASS (PERM))) (roletype ROLE TYPE) (userrole USER ROLE) (userlevel USER (SENS)) (userrange USER ((SENS)(SENS (CAT)))) (sidcontext SID (USER ROLE TYPE ((SENS)(SENS)))) (allow . self (CLASS (PERM))) Using "." in the allow statement makes strtok_r() return NULL in cil_resolve_name() and this result is then used in a call to cil_symtab_get_datum(), which is thus invalid. Instead of crashing, make secilc fail with an error message. This bug has been found by fuzzing secilc with american fuzzy lop. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
c303ca910add05bb5fc9f515d880b393f02d695c |
|
29-Sep-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Check for too many permissions in classes and commons Fixes bug found by Nicolas Iooss as described below in the way suggested by Steve Lawrence. Nicolass reported: When compiling a CIL policy with more than 32 items in a class (e.g. in (class capability (chown ...)) with many items), cil_classorder_to_policydb() overflows perm_value_to_cil[class_index] array. As this array is allocated on the heap through calloc(PERMS_PER_CLASS+1, sizeof(...)), this makes secilc crash with the following message: *** Error in `/usr/bin/secilc': double free or corruption (!prev): 0x000000000062be80 *** ======= Backtrace: ========= /usr/lib/libc.so.6(+0x70c4b)[0x7ffff76a7c4b] /usr/lib/libc.so.6(+0x76fe6)[0x7ffff76adfe6] /usr/lib/libc.so.6(+0x777de)[0x7ffff76ae7de] /lib/libsepol.so.1(+0x14fbda)[0x7ffff7b24bda] /lib/libsepol.so.1(+0x152db8)[0x7ffff7b27db8] /lib/libsepol.so.1(cil_build_policydb+0x63)[0x7ffff7af8723] /usr/bin/secilc[0x40273b] /usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7ffff7657291] /usr/bin/secilc[0x402f7a] This bug has been found by fuzzing secilc with american fuzzy lop. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
46e157b470db724631598f00bf340ff066e219f8 |
|
28-Jul-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Warn instead of fail if permission is not resolve If a policy module package has been created with a policy that contains a permission and then is used on a system without that permission CIL will fail with an error when it cannot resolve the permission. This will prevent the installation on policy and the user will not know that the policy has not been installed. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
46b3a555981927b47d6a19bd941ccd99085cce18 |
|
05-May-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Replace cil_log() calls with cil_tree_log() Replace all calls to cil_log() that print path information with a call to cil_tree_log() which will also print information about any high-level sources. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
172ce53ffa793e69632923b5323fc8c2220b3294 |
|
05-Feb-2016 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol: fix __attribute__((unused)) annotations clang warns about variables which are used in a function body even though they were marked __attribute__((unused)). For example: interfaces.c:129:2: error: 'handle' was marked unused but was used [-Werror,-Wused-but-marked-unused] handle = NULL; ^ interfaces.c:233:2: error: 'handle' was marked unused but was used [-Werror,-Wused-but-marked-unused] handle = NULL; ^ Remove these warnings either by removing meaningless assigments or by removing the attribute. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
f5602f5ff980435ee2aefed35ba643310ceeac25 |
|
01-Dec-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Add support for neverallowx Add a new statement, neverallowx, which has the same syntax as allowx: (neverallowx foo bar (ioctl file (range 0x2000 0x20FF))) (allowx foo bar (ioctl file (0x20A0))) ; this fails Much of the changes just move functions around or split functions up to ease the sharing of avrule and avrulex comparisons with neverallows. This refactoring also modifies the avrule struct to include a union of either class permission information for standard avrules or extended permission information for extended avrules, also done to support sharing code. This also changes assertion.c and avtab.c to allow check_assertion_avtab_match to work with extended avrules. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
71dd7b71338e832da8e446d565e6cd871b8a08f6 |
|
10-Nov-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
secilc: Add support for unordered classes Resolves https://github.com/SELinuxProject/cil/issues/3 An 'unordered' keyword provides the ability to append classes to the current list of ordered classes. This allows users to not need knowledge of existing classes when creating a class and fixes dependencies on classes when removing a module. This enables userspace object managers with custom objects to be modularized. If a class is declared in both an unordered and ordered statement, then the ordered statement will supercede the unordered declaration. Example usage: ; Appends new_class to the existing list of classes (class new_class ()) (classorder (unordered new_class)) Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
551d834c3905d8f7b39772452ecdb5a1d131cea0 |
|
15-Sep-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: improve recursion detection Add support for detecting recursive blockinherits, and print a trace of the detected loop. Output will look something like this upon detection: Recursive blockinherit found: test.cil:42: block a test.cil:43: blockinherit b test.cil:36: block b test.cil:37: blockinherit c test.cil:39: block c test.cil:40: blockinherit a Additionally, improve support for detecting recursive macros/calls. Due to the way calls are copied, the existing code only detected recursion with call depth of three or more. Smaller depths, like (macro m () (call m)) were not detected and caused a segfault. The callstack that was used for this was not sufficient, so that is removed and replaced with a method similar to the block recursion detection. A similar trace is also displayed for recursive macros/calls. Also, cleanup sidorder, classorder, catorder, sensorder, and in lists at the end of resolve, fixing a potential memory leak if errors occur during resolve. Signed-off-by: Steve Lawrence <slawrence@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
77779d2ca5a0c6efd113ff34cee432d5bb951f09 |
|
10-Sep-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsepol/cil: Add userattribute{set} functionality This adds a userattribute statement that may be used in userroles and constraints. The syntax is the same as typeattributset. Also, disallow roleattributes where roles are accepted in contexts. Specify a userattribute (userattribute foo) Add users to the set foo (userattributeset foo (u1 u2)) Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
b6e519e54261d14d553a28bcd1fed88f96752c26 |
|
10-Sep-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: fix blockinherit copying segfault and add macro restrictions When we copy a blockinherit statement, we perform actions that assume the blockinherit statement was already resolved. However, this isn't the case if the statement was copied from a tunableif or an in-statement, since those are resolve before blockinherits and blocks. So when copying a blockinherit that hasn't been resolved, ignore the code that associates blocks with the blockinherit; that will all be handled when the copied blockinherit is actually resolved later. Additionally, restrict block, blockabstract, and blockinherit statements from appearing in macros. These statements are all resolved before macros due to ordering issues, so they must not appear inside macros. Note that in addition to doing the checks in build_ast, they are also done in resolve_ast. This is because an in-statement could copy a block statement into a macro, which we would not know about until after the in-statement was resolved. Signed-off-by: Steve Lawrence <slawrence@tresys.com> Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
ef93dfe0393c4a60483c3f7729dd98a2f886606a |
|
28-Aug-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: add ioctl whitelist support Add three new extended avrule statements with the following syntax: (allowx source_type target_type permissionx) (auditallowx source_type target_type permissionx) (dontauditx source_type target_type permissionx) source_type - type, typeattribute, or typealias target_type - type, typeattribute, typealias, or "self" keyword permissionx - named or anonymous permissionx statement, which has the syntax: (permissionx name (kind object expression)) name - unique identifier of the permissionx statement kind - must be "ioctl"; could be extended in the future object - class or classmap expression - standard CIL expression containing hexadecimal values, prefixed with '0x', and the expression keywords 'or', 'xor', 'and', 'not', 'range', or 'all'. Values must be between 0x0000 and 0xFFFF. Values may also be provided in decimal, or in octal if starting with '0'. For example: (allowx src_t tgt_t (ioctl cls (0x1111 0x1222 0x1333))) (allowx src_t tgt_t (ioctl cls (range 0x1400 0x14FF))) (allowx src_t tgt_t (ioctl cls (and (range 0x1600 0x19FF) (not (range 0x1750 0x175F))))) (permissionx ioctl_nodebug (ioctl cls (not (range 0x2010 0x2013)))) (allowx src_t tgt_t ioctl_nodebug) Signed-off-by: Steve Lawrence <slawrence@tresys.com> Acked-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
5eae956abf90ccd832e04697f436e2dfeb8e4c25 |
|
22-Jul-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Improve resolution error messages In some cases, if a statement failed to resolve inside an optional, we would still log a failed to resolve error message, even though the optional was disabled and everything successfully compiled. This was confusing. Additionally, if a resolution failure occurred outside of an optional, the error message did not include the actual name that could not be resolved--it only logged the statement type (e.g. allow, booleanif, etc.) and file/line number. This patch removes resolution error messages which should not always be printed, as well as improves the resolution failure message to also print the last name that was attempted to be resolved. Also makes some less important error messages INFO rather than WARN, which tended to just clutter things and hide actual error messages. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
1e2b2e57e5dba4e7a2768c0e4690dcdcb044cea5 |
|
22-May-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsepol/cil: Do not allow categories/sensitivities inside blocks Fixes https://github.com/SELinuxProject/cil/issues/2. Sensitivities and categories generated from blocks use dots to indicate namespacing. This could result in categories that contain ambiguous ranges with categories declared in blocks. Example: (category c0) (category c2) (block c0 (category (c2)) (filecon ... (s0 (c2))) ) The above policy results in the filecontext: ... s0:c0.c2. The categories c0.c2 could be interpreted as a range between c0 and c2 or it could be the namespaced category c0.c2. Therefore, categories are no longer allowed inside blocks to eliminate this ambiguity. This patch also disallows sensitivites in blocks for consistency with category behavior. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
f0290677091e7eee4a3724a2a86ede9e11f93802 |
|
17-Mar-2015 |
Daniel De Graaf <dgdegra@tycho.nsa.gov> |
libsepol, checkpolicy: add device tree ocontext nodes to Xen policy In Xen on ARM, device tree nodes identified by a path (string) need to be labeled by the security policy. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
28ae74e112a031e1aeb22a2083568a881491b6db |
|
18-Feb-2015 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '76ba6eaa7333483a8cc0c73a7880f7acf99c2656'
|
72dc45bf5488a957d9db32531749a55fea414619 |
|
03-Dec-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '80afe7b2ce0b06f93b6b3a07e58cab1aee8afc91'
|
450a3ea21694aafebb46254716c1a7aa0243c09f |
|
06-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '847aa150e30e6147c28ed9807fae4dc232b5a8fe'
|
bbbd58e1252a06550810ae6f7b40b867841da918 |
|
02-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit 'a3abb2c05301b24ad2f8307d07734d89ddf808d8' into merge
|
bb0f8beff890195cfd459c67230c6130c86b3214 |
|
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit 'b19eafb97feb6389d78e1693f276fc5b10e25bd6' as 'libsepol/cil'
|