fb237459c84ef843828988a953e06826435dfcae |
|
28-Nov-2016 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol: detect duplicated symbol IDs A valid policy would not have two symbols (classes, roles, users...) sharing the same unique identifier. Make policydb_read() rejects such policy files. When ..._val_to_name translation tables were allocated with malloc(), change to calloc() in order to initialize the tables with NULLs. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
/external/selinux/libsepol/src/conditional.c
|
fbf77104c30f51ed927de2493730c8f1fbd4cb33 |
|
19-Aug-2016 |
William Roberts <william.c.roberts@intel.com> |
libsepol: port str_read from kernel Rather than duplicating the following sequence: 1. Read len from file 2. alloc up space based on 1 3. read the contents into the buffer from 2 4. null terminate the buffer from 2 Use the str_read() function that is in the kernel, which collapses steps 2 and 4. This not only reduces redundant code, but also has the side-affect of providing a central check on zero_or_saturated lengths from step 1 when generating string values. Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libsepol/src/conditional.c
|
8673854fb8b7006e92a4b1ce338ed229b0e1a9f6 |
|
16-Aug-2016 |
William Roberts <william.c.roberts@intel.com> |
libsepol: fix overflow and 0 length allocations Throughout libsepol, values taken from sepolicy are used in places where length == 0 or length == <saturated> matter, find and fix these. Also, correct any type mismatches noticed along the way. Signed-off-by: William Roberts <william.c.roberts@intel.com>
/external/selinux/libsepol/src/conditional.c
|
b0be2a06b7b377cfc3134bb7ebadc9cf9d070992 |
|
01-Sep-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
libsepol: Write and read TUNABLE flags in related data structures. All flags in cond_bool_datum_t and cond_node_t structures are written or read for policy modules which version is no less than MOD_POLICYDB_VERSION_TUNABLE_SEP. Note, for cond_node_t the TUNABLE flag bit would be used only at expand, however, it won't hurt to read/write this field for modules(potentially for future usage). Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/conditional.c
|
80f26c5ee865993264ef638480c6a05ab574f7c0 |
|
01-Sep-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
checkpolicy: Separate tunable from boolean during compile. Both boolean and tunable keywords are processed by define_bool_tunable(), argument 0 and 1 would be passed for boolean and tunable respectively. For tunable, a TUNABLE flag would be set in cond_bool_datum_t.flags. Note, when creating an if-else conditional we can not know if the tunable identifier is indeed a tunable(for example, a boolean may be misused in tunable_policy() or vice versa), thus the TUNABLE flag for cond_node_t would be calculated and used in expansion when all booleans/tunables copied during link. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/conditional.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsepol/src/conditional.c
|