| 1089665e31a647a5f0ba2eabe8ac6232b384bed9 |
|
04-May-2017 |
Jeff Vander Stoep <jeffv@google.com> |
Add attribute expansion options
This commit adds attribute expansion statements to the policy
language allowing compiler defaults to be overridden.
Always expands an attribute example:
expandattribute { foo } true;
CIL example:
(expandtypeattribute (foo) true)
Never expand an attribute example:
expandattribute { bar } false;
CIL example:
(expandtypeattribute (bar) false)
Adding the annotations directly to policy was chosen over other
methods as it is consistent with how targeted runtime optimizations
are specified in other languages. For example, in C the "inline"
command.
Motivation
expandattribute true:
Android has been moving away from a monolithic policy binary to
a two part split policy representing the Android platform and the
underlying vendor-provided hardware interface. The goal is a stable
API allowing these two parts to be updated independently of each
other. Attributes provide an important mechanism for compatibility.
For example, when the vendor provides a HAL for the platform,
permissions needed by clients of the HAL can be granted to an
attribute. Clients need only be assigned the attribute and do not
need to be aware of the underlying types and permissions being
granted.
Inheriting permissions via attribute creates a convenient mechanism
for independence between vendor and platform policy, but results
in the creation of many attributes, and the potential for performance
issues when processes are clients of many HALs. [1] Annotating these
attributes for expansion at compile time allows us to retain the
compatibility benefits of using attributes without the performance
costs. [2]
expandattribute false:
Commit 0be23c3f15fd added the capability to aggresively remove unused
attributes. This is generally useful as too many attributes assigned
to a type results in lengthy policy look up times when there is a
cache miss. However, removing attributes can also result in loss of
information used in external tests. On Android, we're considering
stripping neverallow rules from on-device policy. This is consistent
with the kernel policy binary which also did not contain neverallows.
Removing neverallow rules results in a 5-10% decrease in on-device
policy build and load and a policy size decrease of ~250k. Neverallow
rules are still asserted at build time and during device
certification (CTS). If neverallow rules are absent when secilc is
run, some attributes are being stripped from policy and neverallow
tests in CTS may be violated. [3] This change retains the aggressive
attribute stripping behavior but adds an override mechanism to
preserve attributes marked as necessary.
[1] https://github.com/SELinuxProject/cil/issues/9
[2] Annotating all HAL client attributes for expansion resulted in
system_server's dropping from 19 attributes to 8. Because these
attributes were not widely applied to other types, the final
policy size change was negligible.
[3] data_file_type and service_manager_type are stripped from AOSP
policy when using secilc's -G option. This impacts 11 neverallow
tests in CTS.
Test: Build and boot Marlin with all hal_*_client attributes marked
for expansion. Verify (using seinfo and sesearch) that permissions
are correctly expanded from attributes to types.
Test: Mark types being stripped by secilc with "preserve" and verify
that they are retained in policy and applied to the same types.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 0be23c3f15fdbef35a57d8586aeeae9b1f7606cc |
|
12-Apr-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Add ability to expand some attributes in binary policy
Originally, all type attributes were expanded when building a binary
policy. As the policy grew, binary policy sizes became too large, so
changes were made to keep attributes in the binary policy to minimize
policy size.
Keeping attributes works well as long as each type does not have too
many attributes. If an access check fails for types t1 and t2, then
additional checks must be made for every attribute that t1 is a member
of against t2 and all the attributes that t2 is a member of. This is
O(n*m) behavior and there are cases now where this is becoming a
performance issue.
Attributes are more aggressively removed than before. An attribute
will now be removed if it only appears in rules where attributes are
always expanded (typetransition, typechange, typemember, roletransition,
rangetransition, roletype, and AV Rules with self).
Attributes that are used in constraints are always kept because the
attribute name is stored for debugging purposes in the binary policy.
Attributes that are used in neverallow rules, but not in other AV rules,
will be kept unless the attribute is auto-generated.
Attributes that are only used in AV rules other than neverallow rules
are kept unless the number of types assigned to them is less than the
value of attrs_expand_size in the CIL db. The default is 1, which means
that any attribute that has no types assigned to it will be expanded (and
the rule removed from the policy), which is CIL's current behavior. The
value can be set using the function cil_set_attrs_expand_size().
Auto-generated attributes that are used only in neverallow rules are
always expanded. The rest are kept by default, but if the value of
attrs_expand_generated in the CIL db is set to true, they will be
expanded. The function cil_set_attrs_expand_generated() can be used
to set the value.
When creating the binary policy, CIL will expand all attributes that
are being removed and it will expand all attributes with less members
than the value specified by attrs_expand_size. So even if an attribute
is used in a constraint or neverallow and the attribute itself will be
included in the binary policy, it will be expanded when writing AV
rules if it has less members than attrs_expand_size.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 6707526f1f0ee255342f275651d46f800d18a334 |
|
17-Mar-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: avoid freeing uninitialized values
cil_resolve_ast() begins by checking whether one of its parameters is
NULL and "goto exit;" when it is the case. As extra_args has not been
initialized there, this leads to calling cil_destroy_tree_node_stack(),
__cil_ordered_lists_destroy()... on garbage values.
In practise this cannot happen because cil_resolve_ast() is only called
by cil_compile() after cil_build_ast() succeeded. As the if condition
exists nonetheless, fix the body of the if block in order to silence a
warning reported by clang Static Analyzer.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| ddaf0afec7c640c752979de2ed7ff8991aaef6f8 |
|
27-Feb-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: do not dereference args before checking it was not null
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 7fe9a7be312b6889840f8e05db16da848aca0e10 |
|
19-Feb-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: use __cil_ordered_lists_destroy() to free unordered_classorder_lists
In cil_resolve_ast, unordered_classorder_lists is a list of
cil_ordered_list. It needs to be destroyed with
__cil_ordered_lists_destroy() to free all associated memory.
This has been tested with the following policy:
(class CLASS1 ())
(class CLASS2 ())
(classorder (unordered CLASS1))
(classorder (CLASS2))
This memory leak has been found by running clang's Address Sanitizer on
a set of policies generated by American Fuzzy Lop.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 9edcf28a042f406cfb5eee50daafb6f3c18e4181 |
|
08-Feb-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Destroy cil_tree_node stacks when finished resolving AST
CIL uses separate cil_tree_node stacks for optionals and blocks to
check for statements not allowed in optionals or blocks and to know
which optional to disable when necessary. But these stacks were not
being destroyed when exiting cil_resolve_ast(). This is not a problem
normally because the stacks will be empty, but this is not the case
when exiting with an error.
Destroy both tree node stacks when exiting to ensure that they are
empty.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 2eefb20d8ff47d764e5127de2879be9e8eac4d33 |
|
02-Nov-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Exit with an error for an unknown map permission
Nicholas Iooss discovered that using an unknown permission with a
map class will cause a segfault.
CIL will only give a warning when it fails to resolve an unknown
permission to support the use of policy module packages that use
permissions that don't exit on the current system. When resolving
the unknown map class permission an empty list is used to represent
the unknown permission. When it is evaluated later the list is
assumed to be a permission and a segfault occurs.
There is no reason to allow unknown class map permissions because
the class maps and permissions are defined by the policy.
Exit with an error when failing to resolve a class map permission.
Reported-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 410634d650aef93750e58420d4d04588a6dbf43a |
|
18-Oct-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Verify neither child nor parent in a bounds is an attribute
Nicolas Iooss found while fuzzing secilc with AFL that using an attribute
as a child in a typebounds statement will cause a segfault.
This happens because the child datum is assumed to be part of a cil_type
struct when it is really part of a cil_typeattribute struct. The check to
verify that it is a type and not an attribute comes after it is used.
This bug effects user and role bounds as well because they do not check
whether a datum refers to an attribute or not.
Add checks to verify that neither the child nor the parent datum refer
to an attribute before using them in user, role, and type bounds.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 0fcc430add4c1b5514e402f09001b07c75458344 |
|
18-Oct-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Verify alias in aliasactual statement is really an alias
Nicolas Iooss found while fuzzing secilc with AFL that the statement
"(sensitivityaliasactual SENS SENS)" will cause a segfault.
The segfault occurs because when the aliasactual is resolved the first
identifier is assumed to refer to an alias structure, but it is not.
Add a check to verify that the datum retrieved is actually an alias
and exit with an error if it is not.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| da51020d6f334e02498f9deb470159675923ac29 |
|
18-Oct-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Use an empty list to represent an unknown permission
Nicolas Iooss found while fuzzing secilc with AFL that the statement
"(classpermissionset CPERM (CLASS (and unknow PERM)))" will cause a
segfault.
In order to support a policy module package using a permission that
does not exist on the system it is loaded on, CIL will only give a
warning when it fails to resolve an unknown permission. CIL itself will
just ignore the unknown permission. This means that an expression like
"(and UNKNOWN p1)" will look like "(and p1)" to CIL, but, since syntax
checking has already been done, CIL won't know that the expression is not
well-formed. When the expression is evaluated a segfault will occur
because all expressions are assumed to be well-formed at evaluation time.
Use an empty list to represent an unknown permission so that expressions
will continue to be well-formed and expression evaluation will work but
the unknown permission will still be ignored.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| f1ba58a199fff4e146206e83048a083c7a61677c |
|
03-Oct-2016 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol/cil: make cil_resolve_name() fail for '.'
This CIL policy makes secilc crash with a NULL pointer dereference:
(class CLASS (PERM))
(classorder (CLASS))
(sid SID)
(sidorder (SID))
(user USER)
(role ROLE)
(type TYPE)
(category CAT)
(categoryorder (CAT))
(sensitivity SENS)
(sensitivityorder (SENS))
(sensitivitycategory SENS (CAT))
(allow TYPE self (CLASS (PERM)))
(roletype ROLE TYPE)
(userrole USER ROLE)
(userlevel USER (SENS))
(userrange USER ((SENS)(SENS (CAT))))
(sidcontext SID (USER ROLE TYPE ((SENS)(SENS))))
(allow . self (CLASS (PERM)))
Using "." in the allow statement makes strtok_r() return NULL in
cil_resolve_name() and this result is then used in a call to
cil_symtab_get_datum(), which is thus invalid.
Instead of crashing, make secilc fail with an error message.
This bug has been found by fuzzing secilc with american fuzzy lop.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| c303ca910add05bb5fc9f515d880b393f02d695c |
|
29-Sep-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Check for too many permissions in classes and commons
Fixes bug found by Nicolas Iooss as described below in the way suggested by Steve Lawrence.
Nicolass reported:
When compiling a CIL policy with more than 32 items in a class (e.g. in
(class capability (chown ...)) with many items),
cil_classorder_to_policydb() overflows perm_value_to_cil[class_index]
array. As this array is allocated on the heap through
calloc(PERMS_PER_CLASS+1, sizeof(...)), this makes secilc crash with the
following message:
*** Error in `/usr/bin/secilc': double free or corruption (!prev): 0x000000000062be80 ***
======= Backtrace: =========
/usr/lib/libc.so.6(+0x70c4b)[0x7ffff76a7c4b]
/usr/lib/libc.so.6(+0x76fe6)[0x7ffff76adfe6]
/usr/lib/libc.so.6(+0x777de)[0x7ffff76ae7de]
/lib/libsepol.so.1(+0x14fbda)[0x7ffff7b24bda]
/lib/libsepol.so.1(+0x152db8)[0x7ffff7b27db8]
/lib/libsepol.so.1(cil_build_policydb+0x63)[0x7ffff7af8723]
/usr/bin/secilc[0x40273b]
/usr/lib/libc.so.6(__libc_start_main+0xf1)[0x7ffff7657291]
/usr/bin/secilc[0x402f7a]
This bug has been found by fuzzing secilc with american fuzzy lop.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 46e157b470db724631598f00bf340ff066e219f8 |
|
28-Jul-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Warn instead of fail if permission is not resolve
If a policy module package has been created with a policy that contains
a permission and then is used on a system without that permission CIL
will fail with an error when it cannot resolve the permission.
This will prevent the installation on policy and the user will not
know that the policy has not been installed.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 46b3a555981927b47d6a19bd941ccd99085cce18 |
|
05-May-2016 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol/cil: Replace cil_log() calls with cil_tree_log()
Replace all calls to cil_log() that print path information with a
call to cil_tree_log() which will also print information about any
high-level sources.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 172ce53ffa793e69632923b5323fc8c2220b3294 |
|
05-Feb-2016 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol: fix __attribute__((unused)) annotations
clang warns about variables which are used in a function body even
though they were marked __attribute__((unused)). For example:
interfaces.c:129:2: error: 'handle' was marked unused but was used
[-Werror,-Wused-but-marked-unused]
handle = NULL;
^
interfaces.c:233:2: error: 'handle' was marked unused but was used
[-Werror,-Wused-but-marked-unused]
handle = NULL;
^
Remove these warnings either by removing meaningless assigments or by
removing the attribute.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| f5602f5ff980435ee2aefed35ba643310ceeac25 |
|
01-Dec-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Add support for neverallowx
Add a new statement, neverallowx, which has the same syntax as allowx:
(neverallowx foo bar (ioctl file (range 0x2000 0x20FF)))
(allowx foo bar (ioctl file (0x20A0))) ; this fails
Much of the changes just move functions around or split functions up to
ease the sharing of avrule and avrulex comparisons with neverallows.
This refactoring also modifies the avrule struct to include a union of
either class permission information for standard avrules or extended
permission information for extended avrules, also done to support
sharing code.
This also changes assertion.c and avtab.c to allow
check_assertion_avtab_match to work with extended avrules.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 71dd7b71338e832da8e446d565e6cd871b8a08f6 |
|
10-Nov-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
secilc: Add support for unordered classes
Resolves https://github.com/SELinuxProject/cil/issues/3
An 'unordered' keyword provides the ability to append classes to the current
list of ordered classes. This allows users to not need knowledge of existing
classes when creating a class and fixes dependencies on classes when removing a
module. This enables userspace object managers with custom objects to be
modularized.
If a class is declared in both an unordered and ordered statement, then the
ordered statement will supercede the unordered declaration.
Example usage:
; Appends new_class to the existing list of classes
(class new_class ())
(classorder (unordered new_class))
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 551d834c3905d8f7b39772452ecdb5a1d131cea0 |
|
15-Sep-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: improve recursion detection
Add support for detecting recursive blockinherits, and print a trace of
the detected loop. Output will look something like this upon detection:
Recursive blockinherit found:
test.cil:42: block a
test.cil:43: blockinherit b
test.cil:36: block b
test.cil:37: blockinherit c
test.cil:39: block c
test.cil:40: blockinherit a
Additionally, improve support for detecting recursive macros/calls. Due
to the way calls are copied, the existing code only detected recursion
with call depth of three or more. Smaller depths, like
(macro m ()
(call m))
were not detected and caused a segfault. The callstack that was used for
this was not sufficient, so that is removed and replaced with a method
similar to the block recursion detection. A similar trace is also
displayed for recursive macros/calls.
Also, cleanup sidorder, classorder, catorder, sensorder, and in lists at
the end of resolve, fixing a potential memory leak if errors occur
during resolve.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 77779d2ca5a0c6efd113ff34cee432d5bb951f09 |
|
10-Sep-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsepol/cil: Add userattribute{set} functionality
This adds a userattribute statement that may be used in userroles and
constraints. The syntax is the same as typeattributset.
Also, disallow roleattributes where roles are accepted in contexts.
Specify a userattribute
(userattribute foo)
Add users to the set foo
(userattributeset foo (u1 u2))
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| b6e519e54261d14d553a28bcd1fed88f96752c26 |
|
10-Sep-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: fix blockinherit copying segfault and add macro restrictions
When we copy a blockinherit statement, we perform actions that assume
the blockinherit statement was already resolved. However, this isn't the
case if the statement was copied from a tunableif or an in-statement,
since those are resolve before blockinherits and blocks. So when
copying a blockinherit that hasn't been resolved, ignore the code that
associates blocks with the blockinherit; that will all be handled when
the copied blockinherit is actually resolved later.
Additionally, restrict block, blockabstract, and blockinherit statements
from appearing in macros. These statements are all resolved before
macros due to ordering issues, so they must not appear inside macros.
Note that in addition to doing the checks in build_ast, they are also
done in resolve_ast. This is because an in-statement could copy a block
statement into a macro, which we would not know about until after the
in-statement was resolved.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| ef93dfe0393c4a60483c3f7729dd98a2f886606a |
|
28-Aug-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: add ioctl whitelist support
Add three new extended avrule statements with the following syntax:
(allowx source_type target_type permissionx)
(auditallowx source_type target_type permissionx)
(dontauditx source_type target_type permissionx)
source_type - type, typeattribute, or typealias
target_type - type, typeattribute, typealias, or "self" keyword
permissionx - named or anonymous permissionx statement, which has the syntax:
(permissionx name (kind object expression))
name - unique identifier of the permissionx statement
kind - must be "ioctl"; could be extended in the future
object - class or classmap
expression - standard CIL expression containing hexadecimal values,
prefixed with '0x', and the expression keywords 'or', 'xor', 'and',
'not', 'range', or 'all'. Values must be between 0x0000 and 0xFFFF.
Values may also be provided in decimal, or in octal if starting with '0'.
For example:
(allowx src_t tgt_t (ioctl cls (0x1111 0x1222 0x1333)))
(allowx src_t tgt_t (ioctl cls (range 0x1400 0x14FF)))
(allowx src_t tgt_t (ioctl cls (and (range 0x1600 0x19FF) (not (range 0x1750 0x175F)))))
(permissionx ioctl_nodebug (ioctl cls (not (range 0x2010 0x2013))))
(allowx src_t tgt_t ioctl_nodebug)
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Acked-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 5eae956abf90ccd832e04697f436e2dfeb8e4c25 |
|
22-Jul-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Improve resolution error messages
In some cases, if a statement failed to resolve inside an optional, we
would still log a failed to resolve error message, even though the
optional was disabled and everything successfully compiled. This was
confusing. Additionally, if a resolution failure occurred outside of an
optional, the error message did not include the actual name that could
not be resolved--it only logged the statement type (e.g. allow,
booleanif, etc.) and file/line number.
This patch removes resolution error messages which should not always be
printed, as well as improves the resolution failure message to also
print the last name that was attempted to be resolved. Also makes some
less important error messages INFO rather than WARN, which tended to
just clutter things and hide actual error messages.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 1e2b2e57e5dba4e7a2768c0e4690dcdcb044cea5 |
|
22-May-2015 |
Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
libsepol/cil: Do not allow categories/sensitivities inside blocks
Fixes https://github.com/SELinuxProject/cil/issues/2.
Sensitivities and categories generated from blocks use dots to indicate
namespacing. This could result in categories that contain ambiguous
ranges with categories declared in blocks.
Example:
(category c0)
(category c2)
(block c0
(category (c2))
(filecon ... (s0 (c2)))
)
The above policy results in the filecontext: ... s0:c0.c2. The categories c0.c2
could be interpreted as a range between c0 and c2 or it could be the namespaced
category c0.c2. Therefore, categories are no longer allowed inside blocks to
eliminate this ambiguity.
This patch also disallows sensitivites in blocks for consistency with category
behavior.
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| f0290677091e7eee4a3724a2a86ede9e11f93802 |
|
17-Mar-2015 |
Daniel De Graaf <dgdegra@tycho.nsa.gov> |
libsepol, checkpolicy: add device tree ocontext nodes to Xen policy
In Xen on ARM, device tree nodes identified by a path (string) need to
be labeled by the security policy.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
/external/selinux/libsepol/cil/src/cil_resolve_ast.c
|
| 28ae74e112a031e1aeb22a2083568a881491b6db |
|
18-Feb-2015 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '76ba6eaa7333483a8cc0c73a7880f7acf99c2656'
|
| 72dc45bf5488a957d9db32531749a55fea414619 |
|
03-Dec-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '80afe7b2ce0b06f93b6b3a07e58cab1aee8afc91'
|
| 450a3ea21694aafebb46254716c1a7aa0243c09f |
|
06-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit '847aa150e30e6147c28ed9807fae4dc232b5a8fe'
|
| bbbd58e1252a06550810ae6f7b40b867841da918 |
|
02-Oct-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit 'a3abb2c05301b24ad2f8307d07734d89ddf808d8' into merge
|
| bb0f8beff890195cfd459c67230c6130c86b3214 |
|
26-Aug-2014 |
Steve Lawrence <slawrence@tresys.com> |
Merge commit 'b19eafb97feb6389d78e1693f276fc5b10e25bd6' as 'libsepol/cil'
|