| 53bb2a11c23b774f096701bab759c6ab9ec52ea1 |
|
17-Aug-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
checkpolicy,libselinux,libsepol,policycoreutils: Update my email address
Update my email address since epoch.ncsc.mil no longer exists.
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/avtab.c
|
| f5602f5ff980435ee2aefed35ba643310ceeac25 |
|
01-Dec-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Add support for neverallowx
Add a new statement, neverallowx, which has the same syntax as allowx:
(neverallowx foo bar (ioctl file (range 0x2000 0x20FF)))
(allowx foo bar (ioctl file (0x20A0))) ; this fails
Much of the changes just move functions around or split functions up to
ease the sharing of avrule and avrulex comparisons with neverallows.
This refactoring also modifies the avrule struct to include a union of
either class permission information for standard avrules or extended
permission information for extended avrules, also done to support
sharing code.
This also changes assertion.c and avtab.c to allow
check_assertion_avtab_match to work with extended avrules.
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/avtab.c
|
| 011da992da63f5a11eb43309f40aeeb085957bcf |
|
28-Aug-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol: fix memory leak when destroying avtab containing extended avrules
Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/avtab.c
|
| 915fa8f08f4f9a4c437ee8280a4e641872ea59dd |
|
12-Jun-2015 |
Jeff Vander Stoep <jeffv@google.com> |
checkpolicy: switch operations to extended perms
The ioctl operations code is being renamed to the more generic
"extended permissions." This commit brings the policy compiler
up to date with the kernel patch.
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
/external/selinux/libsepol/src/avtab.c
|
| 80bc7ee8faaddfa7a650994fa82a57f41a9e7475 |
|
22-Apr-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Add support for ioctl command whitelisting
Adds support for new policy statements whitelisting individual ioctl
commands. Ioctls provide many of the operations necessary for driver control.
The typical driver supports a device specific set of operations accessible
by the ioctl system call and specified by the command argument. SELinux
provides per operation access control to many system operations e.g. chown,
kill, setuid, ipc_lock, etc. Ioclts on the other hand are granted on a per
file descriptor basis using the ioctl permission, meaning that the set of
operations provided by the driver are granted on an all-or-nothing basis.
In some cases this may be acceptable, but often the same driver provides a
large and diverse set of operations such as benign and necessary functionality
as well as dangerous capabilities or access to system information that should
be restricted.
Example policy:
allow <source> <target>:<class> { 0x8900-0x8905 0x8910 }
auditallow <source> <target>:<class> 0x8901
The ioctl permission is still required in order to make an ioctl call. If no
individual ioctl commands are specified, only the ioctl permission is
checked by the kernel - i.e. status quo. This allows ioctl whitelisting to
done in a targeted manner, protecting desired drivers without requiring every
ioctl command to be known and specified before use and otherwise allowing
existing policy to be used as-is.
This only implements ioctl whitelisting support for monolithic kernel policies
built via checkpolicy. Support for modules and CIL remains to be done.
Bug: 19419509
Change-Id: I198e8c9279b94d8ce4ae5625018daa99577ee970
Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/avtab.c
|
| acb2a9beded6bd29471ffaa517316c0497f24e15 |
|
15-Jan-2015 |
John Brooks <john.brooks@jolla.com> |
Tweak avtab hash table parameters for better performance
Using the Fedora 20 targeted policy, running check_assertions requires
an avtab with around 22 million elements. With the default limit of 4096
buckets, performance is abysmal: it takes more than an hour to populate
the hash. Profiling shows most of that time under avtab_search_node.
This patch increases the hash from 13 to 20 bits and to a maximum of
1048576 buckets. The time for check_assertions on that policy is reduced
to about 3 minutes, which is enough to re-enable those checks as part of
the build process.
A full size table will allocate 4-8 MB of memory, up from 16-32 KB. In a
cursory review, these tables are usually short-lived and only 1-3 are
allocated together. Compared to the cost of entries in this table (up to
1 GB using the same policy), this isn't a significant increase.
Signed-off-by: John Brooks <john.brooks@jolla.com>
/external/selinux/libsepol/src/avtab.c
|
| 798950e055e04cbea0464fb83cab406ee8d35154 |
|
15-Jan-2015 |
John Brooks <john.brooks@jolla.com> |
Use a better hash function for libsepol's avtab
This function, based on murmurhash3, has much better distribution than
the original. Using the current default of 4096 buckets, there are many
fewer collisions:
Before:
2893000 entries and 4096/4096 buckets used, longest chain length 1649
After:
2732000 entries and 4096/4096 buckets used, longest chain length 764
The difference becomes much more significant when buckets are increased.
A naive attempt to expand the current function to larger outputs doesn't
yield any significant improvement; so this function is a prerequisite
for increasing the bucket size.
Signed-off-by: John Brooks <john.brooks@jolla.com>
/external/selinux/libsepol/src/avtab.c
|
| 13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsepol/src/avtab.c
|