f9ae34a40440d194b60fbd1ce570b8b094f1a94d |
|
09-May-2017 |
James Carter <jwcart2@tycho.nsa.gov> |
libsepol: Expand attributes with TYPE_FLAGS_EXPAND_ATTR_TRUE set Commit 1089665e31a647a5f0ba2eabe8ac6232b384bed9 (Add attribute expansion options) adds an expandattribute rule to the policy.conf language which sets a type_datum flag. Currently the flag is used only when writing out CIL policy from a policy.conf. Make use of the flag when expanding policy to expand policy rules and remove all type associations for an attribute that has TYPE_FLAGS_EXPAND_ATTR_TRUE set. (The attribute will remain in the policy, but have no types associated with it.) Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
58962eb3d847bd4bfd37c6790d13f361bbe543f9 |
|
15-May-2017 |
Stephen Smalley <sds@tycho.nsa.gov> |
libsepol,checkpolicy: add binary module support for xperms Presently we support xperms rules in source policy and in CIL modules. The binary policy module format however was never extended for xperms. This limitation inhibits use of xperms in refpolicy-based policy modules (including the selinux-testsuite policy). Update libsepol to support linking, reading, and writing a new binary policy module version that supports xperms rules. Update dismod to display xperms rules in binary policy modules. Also, to support use of a non-base binary policy module with a newer version on a system using a base policy module with an older version, automatically upgrade the version during module linking. This facilitates usage of newer features in non-base modules without requiring rebuilding the base module. Tests: 1. Add an allowxperms rule to the selinux-testsuite policy and confirm that it is properly written to the binary policy module (displayed by dismod), converted to CIL (the latter was already supported), and included in the kernel policy (via dispol and kernel test). 2. Use semodule_link and semodule_expand to manually link and expand all of the .pp files via libsepol, and confirm that the allowxperms rule is correctly propagated to the kernel policy. This test is required to exercise the legacy link/expand code path for binary modules that predated CIL. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
c046d974c5513c5bc1c29f964177e2fac4004544 |
|
19-Mar-2015 |
Thomas Hurd <thurd@tresys.com> |
libsepol: bool_copy_callback set state on creation Boolean states are only written on a declaration. If a module is turned off which includes a tunable declaration that is required in another module, the state is never set. This patch sets the state when the booldatum is created so that an uninitialized memory read does not occur in cond_write_bool and write garbage to the link binary. This can cause a failure in cond_read_bool when running semodule_expand. Signed-off-by: Thomas Hurd <thurd@tresys.com>
/external/selinux/libsepol/src/link.c
|
ed7a6ba24ad3241e696fa7bc9bb56bb4f373147b |
|
16-Dec-2014 |
dcashman <dcashman@google.com> |
Allow libsepol C++ static library on device. Change-Id: I7da601767c3a4ebed7274e33304d8b589a9115fe Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
14c0564641e6c8be386f117c2b0f09434121226f |
|
14-Sep-2014 |
Nicolas Iooss <nicolas.iooss@m4x.org> |
libsepol: fix most gcc -Wwrite-strings warnings gcc puts literal strings lie in read-only memory. On x86_64, trying to write to them triggers a segmentation fault. To detect such issues at build time, variables holding a pointer to such strings should be "const char*". "gcc -Wwrite-strings" warns when using non-const pointers to literal strings. Remove gcc warnings by adding const to local variables and argumens of internal functions. This does *not* fix this warning: policydb_public.c:208:10: warning: passing argument 2 of 'hashtab_search' discards 'const' qualifier from pointer target type return (hashtab_search(p->p.p_classes.table, PACKET_CLASS_NAME) == ^ In file included from ../include/sepol/policydb/symtab.h:16:0, from ../include/sepol/policydb/policydb.h:60, from policydb_public.c:4: ../include/sepol/policydb/hashtab.h:98:24: note: expected 'hashtab_key_t' but argument is of type 'const char *' extern hashtab_datum_t hashtab_search(hashtab_t h, const hashtab_key_t k); ^ Moreover the "const" word in hashtab_search prototype does not make the second parameter "const char*" but "char* const". Acked-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
a80a48cb1907162b1fce8f0af38d062fca39a635 |
|
24-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Fix for binary policy modules. They do not retain the neverallow source information so we must not assume that source_filename is set. Either need a new binary module format if we want to propagate this information for modular builds or get rid of binary modules. Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
ef24ade029329a6e9981bd1de2ba7b9ea48e1c79 |
|
05-Mar-2014 |
Stephen Smalley <sds@tycho.nsa.gov> |
Report source file and line information for neverallow failures. Change-Id: I0def97a5f2f6097e2dad7bcd5395b8fa740d7073 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
/external/selinux/libsepol/src/link.c
|
92788715dc793f805b0ae56844216b844a34ea22 |
|
10-Jan-2013 |
Alice Chu <alice.chu@sta.samsung.com> |
libsepol: Fix memory leak issues found by Klocwork Signed-off-by: Eric Paris <eparis@redhat.com>
/external/selinux/libsepol/src/link.c
|
693f5241fdd5ae7e89d4312b85443c0fc1b1a57d |
|
18-Dec-2012 |
Eric Paris <eparis@redhat.com> |
checkpolicy: libsepol: implement default type policy syntax We currently have a mechanism in which the default user, role, and range can be picked up from the source or the target object. This implements the same thing for types. The kernel will override this with type transition rules and similar. This is just the default if nothing specific is given. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
afe88d8c69543b2ebd6e25efdaab76f40ea4d3c7 |
|
11-Dec-2012 |
Eric Paris <eparis@redhat.com> |
libsepol: coverity fixes Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
09c783c9a36cd47216df827c5d2c21ec8cd613e2 |
|
05-Dec-2011 |
Eric Paris <eparis@redhat.com> |
libsepol: checkpolicy: implement new default labeling behaviors We would like to be able to say that the user, role, or range of a newly created object should be based on the user, role, or range of either the source or the target of the creation operation. aka, for a new file this could be the user of the creating process or the user or the parent directory. This patch implements the new language and the policydb support to give this information to the kernel. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
d9d583759595e522a0ebfb56f74ee2a274d48d19 |
|
01-Sep-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
libsepol: Copy and check the cond_bool_datum_t.flags during link. Copy the TUNABLE flag for cond_bool_datum_t during link, and check if there is a mismatch between boolean/tunable declaration and usage among modules. If this is the case, bail out with errors. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Dan Walsh <dwalsh@redhat.com>
/external/selinux/libsepol/src/link.c
|
c3f5d75c3234ea2b03c7eba9eb18b550efcc1605 |
|
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Support adding one role attribute into another. When the link process is completed, the types type_set_t and roles ebitmap in a role attribute are settled, then we could go on to scan all role attributes in the base->p_roles.table checking if any non-zero bit in its roles ebitmap is indeed another role attribute. If this is the case, then we need to escalate the roles ebitmap of the sub role attribute into that of the parent, and remove the sub role attribute from parent's roles ebitmap. Since sub-attribute's roles ebitmap may further contain other role attributes, we need to re-scan the updated parent's roles ebitmap. Also if a loop dependency is detected, no escalation of sub-attribute's roles ebitmap is needed. Note, although in the link stage all role identifiers defined in any block/decl of any module would be copied into the base->p_roles.table, the role-attribute relationships could still be recorded in the decl's local symtab[SYM_ROLES] table(see get_local_role()), so before all above escalation of sub role attribute's roles ebitmap into that of parent ever happens, all decl in the base->global list except the global block would have to be traversed so as to populate potential role-attribute relationships from decl up to the base module. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
bff13595230dbd41692a98482ff3323078ae7d03 |
|
25-Jul-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Add role attribute support when linking modules. Make the flavor flag and the roles ebitmap in role_datum_t structure properly handled during module link process: 1. the flavor flag is copied into the base module; 2. if both the current module and the base module have defined or required the same role, check if there is a discrepency in flavor; 3. remap the roles ebitmap and merge into its counterpart in the base module; Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
6eeb71538ea29b639ac7549831cd1aa4da32722a |
|
12-Apr-2011 |
Eric Paris <eparis@redhat.com> |
libsepol: add support for filenametrans rule This patch adds libsepol support for filename_trans rules. These rules allow one to make labeling decisions for new objects based partially on the last path component. They are stored in a list. If we find that the number of rules grows to an significant size I will likely choose to store these in a hash, both in libsepol and in the kernel. But as long as the number of such rules stays small, this should be good. Signed-off-by: Eric Paris <eparis@redhat.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
6db9b74210197f792a52038abbd10e946e99e49d |
|
25-Mar-2011 |
Harry Ciao <qingtao.cao@windriver.com> |
Userspace: handle the class in role_trans_rule Add class support to various functions to handle role_trans_rule_t structures. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com>
/external/selinux/libsepol/src/link.c
|
3df79fc5ebf08a35aaa095b2ee3fd24b3ece6ae5 |
|
21-Mar-2009 |
Joshua Brindle <method@manicmethod.com> |
Author: Joshua Brindle Email: method@manicmethod.com Subject: libsepol: fix boolean state smashing Date: Wed, 18 Mar 2009 10:47:34 -0400 If a boolean is encountered in a require block before the place where it is declared it currently gets created with the state set to false no matter what the declared state was. This only affects booleans in modules where the boolean was also required in another module. Patch below: Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libsepol/src/link.c
|
f470207454f5f6ce539aa543e5168a07d667254b |
|
08-Oct-2008 |
Joshua Brindle <method@manicmethod.com> |
Author: KaiGai Kohei Email: kaigai@ak.jp.nec.com Subject: Thread/Child-Domain Assignment (rev.6) Date: Tue, 07 Oct 2008 15:39:45 +0900 >> Hmm.... >> It seems to me what you pointed out is a bug of my patch. It prevents to deliver >> actual number of type/attribute symbols to policy file, but it is unclear why does >> it makes libsepol ignore the policyvers. >> (I guess it may be a separated matter.) >> >>> Rather than trying to calculate the length without attributes I just removed >>> the attribute check. This causes attributes to be written for all versions, >>> but this should not cause any problems at all. >> The reason why I injected such an ad-hoc code is that we cannot decide the policy >> version written when type_attr_remove() is invoked. >> Is it impossible to move it to policydb_write()? >> It is invoked after the policyvers is fixed by caller. > > It isn't impossible. You are going to have to make it walk to type > symbol table to calculate the length without attributes, then write > that length instead of the total symtab length. The attached patch enables to fixup the number of type/attribute entries to be written. The type_attr_uncount() decrements the number of attribute entries skipped at type_write(). At first, I had a plan to invoke type_attr_remove() with hashtab_map_remove_on_error(), but it means the given policydb structure is modified at policydb_write() and implicit changes to external interface. Differences from the previous version are here: Signed-off-by: Joshua Brindle <method@manicmethod.com>
/external/selinux/libsepol/src/link.c
|
13cd4c8960688af11ad23b4c946149015c80d549 |
|
19-Aug-2008 |
Joshua Brindle <method@manicmethod.com> |
initial import from svn trunk revision 2950
/external/selinux/libsepol/src/link.c
|