53bb2a11c23b774f096701bab759c6ab9ec52ea1 |
|
17-Aug-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
checkpolicy,libselinux,libsepol,policycoreutils: Update my email address Update my email address since epoch.ncsc.mil no longer exists. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/avtab.c
|
f5602f5ff980435ee2aefed35ba643310ceeac25 |
|
01-Dec-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol/cil: Add support for neverallowx Add a new statement, neverallowx, which has the same syntax as allowx: (neverallowx foo bar (ioctl file (range 0x2000 0x20FF))) (allowx foo bar (ioctl file (0x20A0))) ; this fails Much of the changes just move functions around or split functions up to ease the sharing of avrule and avrulex comparisons with neverallows. This refactoring also modifies the avrule struct to include a union of either class permission information for standard avrules or extended permission information for extended avrules, also done to support sharing code. This also changes assertion.c and avtab.c to allow check_assertion_avtab_match to work with extended avrules. Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/avtab.c
|
011da992da63f5a11eb43309f40aeeb085957bcf |
|
28-Aug-2015 |
Steve Lawrence <slawrence@tresys.com> |
libsepol: fix memory leak when destroying avtab containing extended avrules Signed-off-by: Steve Lawrence <slawrence@tresys.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/avtab.c
|
915fa8f08f4f9a4c437ee8280a4e641872ea59dd |
|
12-Jun-2015 |
Jeff Vander Stoep <jeffv@google.com> |
checkpolicy: switch operations to extended perms The ioctl operations code is being renamed to the more generic "extended permissions." This commit brings the policy compiler up to date with the kernel patch. Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
/external/selinux/libsepol/src/avtab.c
|
80bc7ee8faaddfa7a650994fa82a57f41a9e7475 |
|
22-Apr-2015 |
Jeff Vander Stoep <jeffv@google.com> |
Add support for ioctl command whitelisting Adds support for new policy statements whitelisting individual ioctl commands. Ioctls provide many of the operations necessary for driver control. The typical driver supports a device specific set of operations accessible by the ioctl system call and specified by the command argument. SELinux provides per operation access control to many system operations e.g. chown, kill, setuid, ipc_lock, etc. Ioclts on the other hand are granted on a per file descriptor basis using the ioctl permission, meaning that the set of operations provided by the driver are granted on an all-or-nothing basis. In some cases this may be acceptable, but often the same driver provides a large and diverse set of operations such as benign and necessary functionality as well as dangerous capabilities or access to system information that should be restricted. Example policy: allow <source> <target>:<class> { 0x8900-0x8905 0x8910 } auditallow <source> <target>:<class> 0x8901 The ioctl permission is still required in order to make an ioctl call. If no individual ioctl commands are specified, only the ioctl permission is checked by the kernel - i.e. status quo. This allows ioctl whitelisting to done in a targeted manner, protecting desired drivers without requiring every ioctl command to be known and specified before use and otherwise allowing existing policy to be used as-is. This only implements ioctl whitelisting support for monolithic kernel policies built via checkpolicy. Support for modules and CIL remains to be done. Bug: 19419509 Change-Id: I198e8c9279b94d8ce4ae5625018daa99577ee970 Signed-off-by: Jeff Vander Stoep <jeffv@google.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/avtab.c
|
acb2a9beded6bd29471ffaa517316c0497f24e15 |
|
15-Jan-2015 |
John Brooks <john.brooks@jolla.com> |
Tweak avtab hash table parameters for better performance Using the Fedora 20 targeted policy, running check_assertions requires an avtab with around 22 million elements. With the default limit of 4096 buckets, performance is abysmal: it takes more than an hour to populate the hash. Profiling shows most of that time under avtab_search_node. This patch increases the hash from 13 to 20 bits and to a maximum of 1048576 buckets. The time for check_assertions on that policy is reduced to about 3 minutes, which is enough to re-enable those checks as part of the build process. A full size table will allocate 4-8 MB of memory, up from 16-32 KB. In a cursory review, these tables are usually short-lived and only 1-3 are allocated together. Compared to the cost of entries in this table (up to 1 GB using the same policy), this isn't a significant increase. Signed-off-by: John Brooks <john.brooks@jolla.com>
/external/selinux/libsepol/src/avtab.c
|
798950e055e04cbea0464fb83cab406ee8d35154 |
|
15-Jan-2015 |
John Brooks <john.brooks@jolla.com> |
Use a better hash function for libsepol's avtab This function, based on murmurhash3, has much better distribution than the original. Using the current default of 4096 buckets, there are many fewer collisions: Before: 2893000 entries and 4096/4096 buckets used, longest chain length 1649 After: 2732000 entries and 4096/4096 buckets used, longest chain length 764 The difference becomes much more significant when buckets are increased. A naive attempt to expand the current function to larger outputs doesn't yield any significant improvement; so this function is a prerequisite for increasing the bucket size. Signed-off-by: John Brooks <john.brooks@jolla.com>
/external/selinux/libsepol/src/avtab.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsepol/src/avtab.c
|