| 58962eb3d847bd4bfd37c6790d13f361bbe543f9 |
|
15-May-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol,checkpolicy: add binary module support for xperms
Presently we support xperms rules in source policy and in CIL modules.
The binary policy module format however was never extended for xperms.
This limitation inhibits use of xperms in refpolicy-based policy modules
(including the selinux-testsuite policy). Update libsepol to support
linking, reading, and writing a new binary policy module version that
supports xperms rules. Update dismod to display xperms rules in binary
policy modules.
Also, to support use of a non-base binary policy module with a newer
version on a system using a base policy module with an older version,
automatically upgrade the version during module linking. This facilitates
usage of newer features in non-base modules without requiring rebuilding
the base module.
Tests:
1. Add an allowxperms rule to the selinux-testsuite policy and
confirm that it is properly written to the binary policy module
(displayed by dismod), converted to CIL (the latter was already supported),
and included in the kernel policy (via dispol and kernel test).
2. Use semodule_link and semodule_expand to manually link and expand
all of the .pp files via libsepol, and confirm that the allowxperms rule
is correctly propagated to the kernel policy. This test is required to
exercise the legacy link/expand code path for binary modules that predated
CIL.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/test/dismod.c
|
| ef61dd7d4b6d9acb480201670a4c540ba6521fa4 |
|
05-Mar-2017 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: add noreturn attribute to usage()
While at it, make usage() static and mark its argument as const.
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/checkpolicy/test/dismod.c
|
| 0551fb1080249d89811c888f4f09f1ae49bb4bc6 |
|
26-Feb-2015 |
Emre Can Kucukoglu <eckucukoglu@gmail.com> |
checkpolicy: fgets function warnings fix for dismod and dispol
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/test/dismod.c
|
| ed7a6ba24ad3241e696fa7bc9bb56bb4f373147b |
|
16-Dec-2014 |
dcashman <dcashman@google.com> |
Allow libsepol C++ static library on device.
Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/checkpolicy/test/dismod.c
|
| c4a4a1a7ed42c167a7d4bae06a1fffa8c6c9cb8d |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
Fix gcc -Wstrict-prototypes warnings
In C, defining a function with () means "any number of parameters", not
"no parameter". Use (void) instead where applicable and add unused
parameters when needed.
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
| 7dcb7a594698124940d148f00f85be90c6757d7f |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
checkpolicy: fix most gcc -Wwrite-strings warnings
Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
| c27a54775d42025e2249c8ee5e3a56ca38859661 |
|
29-Nov-2012 |
Dan Walsh <dwalsh@redhat.com> |
checkpolicy: Fix errors found by coverity
Couple of memory leaks and a couple of dead code spots.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
| 58179a99884b54537ee5b367abdd4c3918198501 |
|
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: dismod: fix unused parameter errors
Either by dropping the parameter or marking it as unused depending on
what works. We can't redefine hashtab_map callbacks as they must take all
three options, so just mark those unused.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
| 44d8a2fed985858669d415ebe028d71768dd6652 |
|
03-Nov-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: dis* fixed signed vs unsigned errors
A number of places we used unsigned variables and compared them against
signed variables. This patch makes everything unsigned.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
| f1b004bf7d2453bda1a8076270f5c56b7ad90f56 |
|
20-Apr-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: fix dispol/dismod display for filename trans rules
The formatting of dismod/dispol display of filename trans rules didn't
make a lot of sense. Make them more like the original rules.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/checkpolicy/test/dismod.c
|
| 516cb2a264448421bff692f47f61e8cf2a74237e |
|
28-Mar-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: add support for using last path component in type transition rules
This patch adds support for using the last path component as part of the
information in making labeling decisions for new objects. A example
rule looks like so:
type_transition unconfined_t etc_t:file system_conf_t eric;
This rule says if unconfined_t creates a file in a directory labeled
etc_t and the last path component is "eric" (no globbing, no matching
magic, just exact strcmp) it should be labeled system_conf_t.
The kernel and policy representation does not have support for such
rules in conditionals, and thus policy explicitly notes that fact if
such a rule is added to a conditional.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
| 4ce7d734e8b8b243fc232c93d34690f9fdf67711 |
|
28-Mar-2011 |
Eric Paris <eparis@redhat.com> |
checkpolicy: use #define for dismod selections
We just use random numbers to make menu selections. Use #defines and
names that make some sense instead.
Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
| f89d4aca9c9423fe7e0428900cedca0ab60ec70c |
|
25-Mar-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Userspace: display the class in role_transition rule
Add support to display the class field in the role_transition rule
in the checkpolicy/test/dismod program.
Signed-off-by: Harry Ciao <qingtao.cao@windriver.com>
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
| f997295da3e6377899ca31c05f92819eab7d3ea7 |
|
08-Dec-2010 |
Justin P. Mattock <justinmattock@gmail.com> |
Author: "Justin P. Mattock"
Email: justinmattock@gmail.com
Subject: checkpolicy Fix error: variable 'newattr' set but not used(and others as well)
Date: Tue, 6 Jul 2010 15:23:28 -0700
The below patch fixes some warning messages Im receiving
with GCC:(in this case some are erros due to -Werror)
policy_define.c: In function 'define_type':
policy_define.c:1216:6: error: variable 'newattr' set but not used
cc1: all warnings being treated as errors
Signed-off-by: Justin P. Mattock <justinmattock@gmail.com>
Signed-off-by: Chad Sellers <csellers@tresys.com>
/external/selinux/checkpolicy/test/dismod.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/checkpolicy/test/dismod.c
|