58962eb3d847bd4bfd37c6790d13f361bbe543f9 |
|
15-May-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol,checkpolicy: add binary module support for xperms Presently we support xperms rules in source policy and in CIL modules. The binary policy module format however was never extended for xperms. This limitation inhibits use of xperms in refpolicy-based policy modules (including the selinux-testsuite policy). Update libsepol to support linking, reading, and writing a new binary policy module version that supports xperms rules. Update dismod to display xperms rules in binary policy modules. Also, to support use of a non-base binary policy module with a newer version on a system using a base policy module with an older version, automatically upgrade the version during module linking. This facilitates usage of newer features in non-base modules without requiring rebuilding the base module. Tests: 1. Add an allowxperms rule to the selinux-testsuite policy and confirm that it is properly written to the binary policy module (displayed by dismod), converted to CIL (the latter was already supported), and included in the kernel policy (via dispol and kernel test). 2. Use semodule_link and semodule_expand to manually link and expand all of the .pp files via libsepol, and confirm that the allowxperms rule is correctly propagated to the kernel policy. This test is required to exercise the legacy link/expand code path for binary modules that predated CIL. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/test/dismod.c
|
ef61dd7d4b6d9acb480201670a4c540ba6521fa4 |
|
05-Mar-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: add noreturn attribute to usage() While at it, make usage() static and mark its argument as const. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/checkpolicy/test/dismod.c
|
0551fb1080249d89811c888f4f09f1ae49bb4bc6 |
|
26-Feb-2015 |
Emre Can Kucukoglu <eckucukoglu@gmail.com> |
checkpolicy: fgets function warnings fix for dismod and dispol Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/test/dismod.c
|
ed7a6ba24ad3241e696fa7bc9bb56bb4f373147b |
|
16-Dec-2014 |
dcashman <dcashman@google.com> |
Allow libsepol C++ static library on device. Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/test/dismod.c
|
c4a4a1a7ed42c167a7d4bae06a1fffa8c6c9cb8d |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
Fix gcc -Wstrict-prototypes warnings In C, defining a function with () means "any number of parameters", not "no parameter". Use (void) instead where applicable and add unused parameters when needed. Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
7dcb7a594698124940d148f00f85be90c6757d7f |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix most gcc -Wwrite-strings warnings Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
c27a54775d42025e2249c8ee5e3a56ca38859661 |
|
29-Nov-2012 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: Fix errors found by coverity Couple of memory leaks and a couple of dead code spots. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
58179a99884b54537ee5b367abdd4c3918198501 |
|
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: dismod: fix unused parameter errors Either by dropping the parameter or marking it as unused depending on what works. We can't redefine hashtab_map callbacks as they must take all three options, so just mark those unused. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
44d8a2fed985858669d415ebe028d71768dd6652 |
|
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: dis* fixed signed vs unsigned errors A number of places we used unsigned variables and compared them against signed variables. This patch makes everything unsigned. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
f1b004bf7d2453bda1a8076270f5c56b7ad90f56 |
|
20-Apr-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: fix dispol/dismod display for filename trans rules The formatting of dismod/dispol display of filename trans rules didn't make a lot of sense. Make them more like the original rules. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
516cb2a264448421bff692f47f61e8cf2a74237e |
|
28-Mar-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: add support for using last path component in type transition rules This patch adds support for using the last path component as part of the information in making labeling decisions for new objects. A example rule looks like so: type_transition unconfined_t etc_t:file system_conf_t eric; This rule says if unconfined_t creates a file in a directory labeled etc_t and the last path component is "eric" (no globbing, no matching magic, just exact strcmp) it should be labeled system_conf_t. The kernel and policy representation does not have support for such rules in conditionals, and thus policy explicitly notes that fact if such a rule is added to a conditional. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
4ce7d734e8b8b243fc232c93d34690f9fdf67711 |
|
28-Mar-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: use #define for dismod selections We just use random numbers to make menu selections. Use #defines and names that make some sense instead. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
f89d4aca9c9423fe7e0428900cedca0ab60ec70c |
|
25-Mar-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Userspace: display the class in role_transition rule Add support to display the class field in the role_transition rule in the checkpolicy/test/dismod program. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
f997295da3e6377899ca31c05f92819eab7d3ea7 |
|
08-Dec-2010 |
Justin P. Mattock <justinmattock@gmail.com> |
Author: "Justin P. Mattock" Email: justinmattock@gmail.com Subject: checkpolicy Fix error: variable 'newattr' set but not used(and others as well) Date: Tue, 6 Jul 2010 15:23:28 -0700 The below patch fixes some warning messages Im receiving with GCC:(in this case some are erros due to -Werror) policy_define.c: In function 'define_type': policy_define.c:1216:6: error: variable 'newattr' set but not used cc1: all warnings being treated as errors Signed-off-by: Justin P. Mattock <justinmattock@gmail.com> Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/checkpolicy/test/dismod.c
|