On Wed, May 17, 2017 at 8:43 AM, Sebastien Buisson
<sbuisson@gmail.com> wrote:
> 2017-05-17 17:34 GMT+02:00 William Roberts <bill.c.robe...@gmail.com>:
>>>>>> Is there a particular reason to not just return policybrief_len here as
>>>>>>
On Wed, May 17, 2017 at 8:24 AM, Sebastien Buisson
<sbuisson@gmail.com> wrote:
> 2017-05-17 17:09 GMT+02:00 William Roberts <bill.c.robe...@gmail.com>:
>> On Wed, May 17, 2017 at 7:59 AM, Sebastien Buisson
>> <sbuisson@gmail.com> wrote:
>>> 201
On Wed, May 17, 2017 at 7:59 AM, Sebastien Buisson
wrote:
> 2017-05-16 22:40 GMT+02:00 Stephen Smalley :
>>> + strcpy(*brief, policydb.policybrief);
>>> + /* *len is the length of the output string */
>>> + *len = policybrief_len - 1;
>>
>>
On Fri, May 12, 2017 at 3:22 PM, Paul Moore wrote:
>
> On Thu, May 11, 2017 at 4:45 PM, Casey Schaufler
> wrote:
> > On 5/11/2017 1:22 PM, Stephen Smalley wrote:
> >> On Thu, 2017-05-11 at 08:56 -0700, Casey Schaufler wrote:
> >>> On 5/11/2017 5:59
On Fri, May 12, 2017 at 3:22 PM, Paul Moore wrote:
> On Thu, May 11, 2017 at 4:45 PM, Casey Schaufler
> wrote:
> > On 5/11/2017 1:22 PM, Stephen Smalley wrote:
> >> On Thu, 2017-05-11 at 08:56 -0700, Casey Schaufler wrote:
> >>> On 5/11/2017 5:59 AM,
On Fri, May 12, 2017 at 11:01 AM, Tom Cherry wrote:
> On Fri, May 12, 2017 at 6:22 AM, Stephen Smalley
> wrote:
> > On Thu, 2017-05-11 at 16:50 -0700, Tom Cherry via Selinux wrote:
> >> This check is not specific to Android devices. If libselinux were
>
On Fri, May 12, 2017 at 1:26 PM, Nicolas Iooss
wrote:
> Hi,
>
> Currently libselinux/src/label.c defines selabel_subs_init() like this [1]:
>
> struct selabel_sub *selabel_subs_init(/* ... */)
> {
> /* ... */
> while (fgets_unlocked(buf, sizeof(buf)
On Thursday, May 11, 2017, Tom Cherry via Selinux
wrote:
> This check is not specific to Android devices. If libselinux were used
> with Bionic on a normal Linux system this check would still be needed.
>
> Signed-off-by: Tom Cherry >
>
On Tue, May 9, 2017 at 7:54 AM, Stephen Smalley wrote:
> commit 16c123f4b1f3c8d20b3f597df161d7e635620923 ("libselinux:
> support ANDROID_HOST=1 on Mac") split up warning flags in
> CFLAGS based on compiler support in a manner that could lead to
> including a subset that is
On Apr 7, 2017 13:16, "Dennis Sherrell"
wrote:
In a thread ending with Nick Kravelich's contact infirmation, it was
written:
"
If you write top secret data it should stay top secret even if you're
writing to a folder that is normally reserved for secret data, or
sed, the selinux policy is your least
concern. Under treble it ends up in different DM verity protected images.
I looked at the other site and decided it was looking at the technical
problem and not the policy problem at all.
On Fri, Apr 7, 2017 at 11:23 AM, William Roberts <bill.c.robe.
On Apr 7, 2017 11:41, "Nick Kralevich" wrote:
When a file is created in a directory, the default label for the file
is based on the label of the enclosing directory (unless something
like setfscreatecon is used). For example:
bullhead:/ # cd /data/misc/zoneinfo/
On Fri, Apr 7, 2017 at 11:02 AM, Tom Jones
wrote:
> I like that, but I wonder at its scope. Would an update to the OS be
> allowed to update the policy? For example, Microsoft ships updates to the
> Windows O/S 2 times (at least) per month. Would that type of update
On Apr 3, 2017 21:35, "Rahmadi Trimananda" wrote:
Umm, how's the easiest way to permit that one? Do I need to create a local
policy or can I just use a command line? Sorry I am really a newbie. :)
That would be a command, but the logs you provided should be enough.
I am
On Apr 3, 2017 19:57, "William Roberts" <bill.c.robe...@gmail.com> wrote:
On Apr 3, 2017 19:35, "Rahmadi Trimananda" <rtrim...@uci.edu> wrote:
I have more error messages from /var/log/audit/audit.log if this is of any
use for you. And yeah, it works in permissi
:1274): auid=1001 uid=1001 gid=1001
ses=11 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=2190
comm="javac" exe="/usr/lib/jvm/jdk-8-oracle-arm32-vfp-hflt/bin javac" sig=11
That's what we're looking for. Looks like MLS issues, but I'd let some
ate.lock"
dev="tmpfs" ino=1816 scontext=system_u:system_r:alsa_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_lock_t:s0 tclass=file permissive=1
I don't see anything that would prevent running javac offhand, perhaps
others more versed in the desktop side can help tomorrow morning.
Ma
Do you see any "avc: denied" messages in dmesg/syslog? If so send them.
On Apr 3, 2017 16:28, "Rahmadi Trimananda" wrote:
> Hi All,
>
> I am trying to run javac and java on my Raspbian while SELinux is enabled.
> However, I keep getting "Segmentation fault", even when I just
On Feb 27, 2017 2:16 PM, "William Roberts" <bill.c.robe...@gmail.com> wrote:
On Feb 27, 2017 12:42, "Nicolas Iooss" <nicolas.io...@m4x.org> wrote:
clang's static analyzer reports "Argument with 'nonnull' attribute
passed null" in append_str(),
On Feb 27, 2017 12:42, "Nicolas Iooss" wrote:
clang's static analyzer reports "Argument with 'nonnull' attribute
passed null" in append_str(), because argument t may be NULL but is used
in a call to memcpy().
Make append_str() do nothing when called with t=NULL.
On Tue, Feb 21, 2017 at 10:58 AM, Natanael Copa wrote:
> This makes it possible to build libselinux with the external libtfs for
> systems which does not implement the non-standard fts. For example musl
> libc.
>
> make FTS_LDFLAGS=-lfts
The way this was done before for
On Wed, Jan 4, 2017 at 2:02 PM, Nicolas Iooss wrote:
> When sepol_polcap_getname() is called with a negative capnum, it
> dereferences polcap_names[capnum] which produces a segmentation fault
> most of the time.
>
> For information, here is a gdb session when hll/pp loads a
On Mon, Dec 12, 2016 at 1:19 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Mon, Dec 12, 2016 at 12:16 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On 12/11/2016 07:25 PM, William Roberts wrote:
>>> I'll test it tomorrow on Mac OS for you if yo
On Mon, Dec 12, 2016 at 12:16 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 12/11/2016 07:25 PM, William Roberts wrote:
>> I'll test it tomorrow on Mac OS for you if you want?
>
> It would be good if someone were to test it on MacOS, particularly
> whichever versi
I'll test it tomorrow on Mac OS for you if you want?
On Dec 11, 2016 3:22 PM, "Nick Kralevich" <n...@google.com> wrote:
> I don't know. I didn't test this change on a Mac.
>
> -- Nick
>
> On Sun, Dec 11, 2016 at 1:39 PM, William Roberts <bill.c.robe...@gma
Do you know if "re" poses any Mac issues? I would assume not, but I've
never checked.
On Dec 11, 2016 09:32, "Nick Kralevich" wrote:
Makes libselinux safer and less likely to leak file descriptors when
used as part of a multithreaded program.
Signed-off-by: Nick Kralevich
016 10:46 AM, William Roberts wrote:
>> Ill submit a patch for expand_terule_helper() as well, do we want to
>> retain the assert(0); property on the 2 if/else if/else calsues? Do we
>> just want to assume that specified is OK since it has never hit the
>> assert? Do we want
On Thu, Nov 17, 2016 at 5:36 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 11/16/2016 04:47 PM, william.c.robe...@intel.com wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> General clean up for expand_avrule_helper:
>> 1. Minimize
On Wed, Nov 16, 2016 at 12:57 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 11/16/2016 03:37 PM, William Roberts wrote:
>> On Wed, Nov 16, 2016 at 11:50 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>> On 11/16/2016 02:32 PM, William Roberts wrote:
>&g
On Wed, Nov 16, 2016 at 11:48 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 11/16/2016 02:46 PM, Stephen Smalley wrote:
>> On 11/16/2016 02:12 PM, william.c.robe...@intel.com wrote:
>>> From: William Roberts <william.c.robe...@intel.com>
>>>
>&g
On Wed, Nov 16, 2016 at 11:50 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 11/16/2016 02:32 PM, William Roberts wrote:
>> sediff reports no delta between policies built on master and these 2 patches.
>
> Not possible. checkpolicy segfaults with these patches.
>
sediff reports no delta between policies built on master and these 2 patches.
On Wed, Nov 16, 2016 at 11:12 AM, <william.c.robe...@intel.com> wrote:
> From: William Roberts <william.c.robe...@intel.com>
>
> General clean up for expand_avrule_helper:
> 1. Stop convert
On Wed, Nov 16, 2016 at 5:54 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 11/15/2016 07:42 PM, william.c.robe...@intel.com wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> The combining logic for dontaudit rules was wrong, cau
On Nov 15, 2016 4:43 PM, <william.c.robe...@intel.com> wrote:
>
> From: William Roberts <william.c.robe...@intel.com>
>
> The combining logic for dontaudit rules was wrong, causing
> a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p;
> rule.
> memset(, 0, sizeof avdatum);
> + /*
> +* AUDITDENY and DONTAUDIT are &= assigned, versus |= for
> +* others. Initialize the data accordingly.
> +*/
> + avdatum.data = (key->specified &
> +
On Tue, Nov 15, 2016 at 3:21 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Tue, Nov 15, 2016 at 1:53 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On 11/15/2016 04:42 PM, william.c.robe...@intel.com wrote:
>>> From: William Robert
On Tue, Nov 15, 2016 at 1:17 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 11/15/2016 04:06 PM, william.c.robe...@intel.com wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> The combining logic for dontaudit rules was wrong, cau
> > a dontaudit A B:C *; rule to be clobbered by a dontaudit A B:C p;
> > rule.
> >
> > This is a reimplimation of 6201bb5e2 that avoids the cumbersome
> > pointer assignments on alloced.
> >
> > Reported-by: Nick Kralevich <n...@google.com>
> >
too.
>
> -- Nick
>
> On Tue, Nov 15, 2016 at 9:10 AM, William Roberts
> <bill.c.robe...@gmail.com> wrote:
> > For bit setting in constant time, one could always clear the bit(s) and
or
> > in what you want. I think that logic might be applicable here. I could
take
>
For bit setting in constant time, one could always clear the bit(s) and or
in what you want. I think that logic might be applicable here. I could take
a stab at looking at it today, if no one has anything better by tomorrow
well just merge yours as is. Does that sound reasonable?
On Nov 15, 2016
provides
much value.
>
> Nicolas
>
> [1]
> https://github.com/SELinuxProject/selinux/blob/master/libselinux/src/selinuxswig_python.i#L11
> [2] http://www.swig.org/Doc3.0/SWIGDocumentation.html
>
>
> On Mon, Nov 14, 2016 at 11:15 PM, William Roberts <bill.c.robe...@gmail.com
For a more long term solution, why not just give swig a header file
(you can ifdef on SWIG for anything to omit), or write the interface
file by hand. I ended up using a hybrid approach for one my projects
(the build system is a mess):
On Nov 9, 2016 08:33, "David Graziano"
wrote:
>
> On Mon, Nov 7, 2016 at 4:23 PM, Paul Moore wrote:
> > On Mon, Nov 7, 2016 at 3:46 PM, David Graziano
> > wrote:
> >> This patch adds support for generic
On Mon, Nov 7, 2016 at 2:07 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
> On 07/11/16 22:19, William Roberts wrote:
>> On Nov 7, 2016 13:03, "Stephen Smalley" <s...@tycho.nsa.gov
>> <mailto:s...@tycho.nsa.gov>> wrote:
>>>
>>> On 1
On Nov 7, 2016 13:03, "Stephen Smalley" wrote:
>
> On 11/05/2016 05:24 PM, Nicolas Iooss wrote:
> > When compiling libselinux with CC=clang, "make pywrap" reports the
> > following message:
> >
> > bash exception.sh > selinuxswig_python_exception.i
> > clang-3.9:
On Tue, Nov 1, 2016 at 2:23 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> We're gonna cross, I just sent this out as well, as well as noreturn
> fixes for utils.
>
Never-mind, a gitfoo mistake ended up in my favor of ditching my version of this
and rebasing on top of
On Tue, Nov 1, 2016 at 1:59 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 11/01/2016 04:54 PM, William Roberts wrote:
>> On Tue, Nov 1, 2016 at 1:55 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>> On 11/01/2016 04:32 PM, William Roberts wrote:
>&
Nicolas,
Let us know if this works for you, I am unable to test it at the
moment on Linux.
I did test this on Mac, its OK.
On Tue, Nov 1, 2016 at 1:23 PM, <william.c.robe...@intel.com> wrote:
> From: William Roberts <william.c.robe...@intel.com>
>
> As reported by Nic
is bigger than a nlmsghdr...
I'll send a test patch out in bit.
On Tue, Nov 1, 2016 at 12:48 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Tue, Nov 1, 2016 at 11:06 AM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
>> Hello,
>>
>> After this commit, lib
> to put the lines which add these two options to the compiler command
> lines into a "ifeq ($(OS), Darwin)" block, if they are indeed targeted
> to MacOS?
I'll look into this, likely needs to be Darwin and clang
>
> Thanks,
> Nicolas
>
> On 17/10/16
Ack on this, I've had similar issues in Android that I patched up in the
Android specific tooling.
On Oct 30, 2016 14:28, "Nicolas Iooss" wrote:
> When running sepolgen tests on a Linux 4.7 kernel, one test fails with
> the following message:
>
>
On Fri, Oct 14, 2016 at 10:32 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 10/14/2016 10:15 AM, William Roberts wrote:
>> Is it to be expected that checkfc would actually fail on refpolicy?
>>
>> $ ./checkfc ../refpolicy/policy.30 ../refpolicy/file_
16 at 9:08 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and
> it only took 4 seconds.
>
> On Fri, Oct 14, 2016 at 9:07 AM, William Roberts
> <bill.c.robe...@gmail.com> wrote:
>> Likely
Yeah I just exported CHECKPOLICY to be the one from the AOSP tree and
it only took 4 seconds.
On Fri, Oct 14, 2016 at 9:07 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> Likely not, I see it compiling version 29 and I am on ubuntu which is
> way out of date with this stuff
t;s...@tycho.nsa.gov> wrote:
> On 10/14/2016 09:02 AM, William Roberts wrote:
>> Looks like make MONOLITHIC=y policy to get the binary policy file
>>
>> Is it normal for checkpolicy to take 5 minutes?
>
> No, at least not with a modern checkpolicy. Are you usin
5ba0 error 4 in libsepol.so.1[7f5dff4d+95000]
>> [10489.509501] pp[24320]: segfault at 0 ip 7f6067bec544 sp
>> 7fff17b0e5c0 error 4 in libsepol.so.1[7f6067bdb000+95000]
>> #
>>
>> I also tested checkmodule and checkpolicy with AFL, but nothing sofar.
>
> I
Thanks for fuzzing stuff, it helps with code robustness. However, in
my opinion, this is only the first step. I'm a firm believer if you
find it,
you should at least take a stab at fixing it. Analyzing these inputs
and understanding what broke and having a patch helps aid
in the correct fix.
On Thu, Sep 29, 2016 at 2:54 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/29/2016 02:46 PM, William Roberts wrote:
>> On Thu, Sep 29, 2016 at 2:44 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>> On 09/29/2016 02:15 PM, William Roberts wrote:
>&g
do you have the corresponding changes to checkfc on AOSP?
On Thu, Sep 29, 2016 at 7:39 AM, Janis Danisevskis wrote:
> We use the same lookup function for service contexts
> that we use for property contexts. However, property
> contexts are namespace based and only compare
On Wed, Sep 28, 2016 at 5:34 PM, Nicolas Iooss <nicolas.io...@m4x.org> wrote:
> On 28/09/16 23:06, William Roberts wrote:
>> On Sep 28, 2016 17:02, "Nicolas Iooss" <nicolas.io...@m4x.org
>> <mailto:nicolas.io...@m4x.org>> wrote:
>>>
>
On Sep 28, 2016 17:07, "Joshua Brindle" <brin...@quarksecurity.com> wrote:
>
> William Roberts wrote:
>>
>> On Sep 28, 2016 16:54, "Joshua Brindle"<brin...@quarksecurity.com>
wrote:
>>>
>>> Joshua Brindle wrote:
>>>
On Sep 28, 2016 17:02, "Nicolas Iooss" wrote:
>
> When compiling a CIL policy with more than 32 items in a class (e.g. in
> (class capability (chown ...)) with many items),
> cil_classorder_to_policydb() overflows perm_value_to_cil[class_index]
> array. As this array is
On Sep 28, 2016 16:54, "Joshua Brindle" <brin...@quarksecurity.com> wrote:
>
> Joshua Brindle wrote:
>>
>> William Roberts wrote:
>>>
>>> From commit 35d702 on
>>> https://github.com/williamcroberts/selinux/tree/fix-mac
>>>
&g
On Wed, Sep 28, 2016 at 12:42 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/28/2016 12:25 PM, William Roberts wrote:
>> On Wed, Sep 28, 2016 at 12:17 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>> On 09/28/2016 12:04 PM, Janis Danisevskis wrote:
>&g
On Wed, Sep 28, 2016 at 12:04 PM, Janis Danisevskis wrote:
> We use the same lookup function for service contexts
> that we use for property contexts. However, property
> contexts are namespace based and only compare the
> prefix. This may lead to service associations with
> a
On Wed, Sep 28, 2016 at 11:53 AM, <william.c.robe...@intel.com> wrote:
> From: William Roberts <william.c.robe...@intel.com>
>
> When building for Android, this error manifests itself:
>
> label_file.c:570:7: error: unused variable ‘subs_file’
> [-Werror=unuse
On Wed, Sep 28, 2016 at 11:51 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/28/2016 11:26 AM, william.c.robe...@intel.com wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> Build option DISABLE_BOOL=y is not being used, and is
On Wed, Sep 28, 2016 at 11:24 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/28/2016 11:13 AM, William Roberts wrote:
>> On Wed, Sep 28, 2016 at 11:10 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>> On 09/28/2016 11:00 AM, William Roberts wrote:
&g
On Wed, Sep 28, 2016 at 11:10 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/28/2016 11:00 AM, William Roberts wrote:
>> Same thing for DISABLE_BOOL, should that die or be fixed?
>
> Would that be useful for the Android device/target build, since they
> don't sup
Does anyone actualy use this, this currently doesn't build:
compute_av.c: In function ‘security_compute_av_flags_raw’:
compute_av.c:65:28: error: suggest braces around empty body in an ‘if’
statement [-Werror=empty-body]
map_decision(tclass, avd);
^
cc1: all
>>> Don't you actually want to also pick up utils/sefcontext_compile?
>>> That is built and used on the build host. And I'm not sure why we'd
>>> drop the other SUBDIRS.
>>
>> You'll start running into linking issues if things that use
>> libselinux, use something not
>> in the build host IIRC.
On Tue, Sep 27, 2016 at 12:08 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/27/2016 03:03 PM, William Roberts wrote:
>> On Tue, Sep 27, 2016 at 11:51 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>>> On 09/27/2016 02:43 PM, William Roberts wrote:
>&g
On Tue, Sep 27, 2016 at 11:51 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/27/2016 02:43 PM, William Roberts wrote:
>> On Sep 27, 2016 10:00, "Stephen Smalley" <s...@tycho.nsa.gov
>> <mailto:s...@tycho.nsa.gov>> wrote:
>>>
>>>
On Sep 27, 2016 10:00, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>
> On 09/27/2016 11:08 AM, William Roberts wrote:
> > On Tue, Sep 27, 2016 at 7:11 AM, Stephen Smalley <s...@tycho.nsa.gov>
wrote:
> >> On 09/26/2016 04:53 PM, william.c.robe...@i
On Tue, Sep 27, 2016 at 7:03 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/26/2016 04:55 PM, William Roberts wrote:
>> On Mon, Sep 26, 2016 at 1:53 PM, <william.c.robe...@intel.com> wrote:
>>> From: William Roberts <william.c.robe...@intel.com&g
On Tue, Sep 27, 2016 at 7:11 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/26/2016 04:53 PM, william.c.robe...@intel.com wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> To build the selinux host configuration, specify
>>
On Sep 27, 2016 07:52, "Jason Zaman" wrote:
>
> I just remembered that travis-ci has OSX stuff now.
> https://docs.travis-ci.com/user/osx-ci-environment/
>
> Maybe we should setup a .travis.yml for selinux to build all these
> possible configurations going forward?
At least
On Mon, Sep 26, 2016 at 1:53 PM, <william.c.robe...@intel.com> wrote:
> From: William Roberts <william.c.robe...@intel.com>
>
> To build the selinux host configuration, specify
> ANDROID_HOST=y on the Make command line.
>
> eg)
> make ANDROID_HOST=y
&
On Mon, Sep 26, 2016 at 1:33 PM, <william.c.robe...@intel.com> wrote:
> From: William Roberts <william.c.robe...@intel.com>
>
> To build the selinux host configuration, specify
> ANDROID_HOST=y on the Make command line.
>
> eg)
> make ANDROID_HOST=y
&
On Mon, Sep 26, 2016 at 12:10 PM, Stephen Smalley wrote:
> On 09/26/2016 01:33 PM, william.c.robe...@intel.com wrote:
>> Below, are the last two majore patches to close the Android fork.
>>
>> Patch "libselinux: add ifdef'ing for ANDROID and BUILD_HOST" I
>> combined into 1
On Mon, Sep 26, 2016 at 10:33 AM, wrote:
> Below, are the last two majore patches to close the Android fork.
>
> Patch "libselinux: add ifdef'ing for ANDROID and BUILD_HOST" I
> combined into 1 patch since some ANDROID and BUILD_HOST defines
> are on the same line, I
On Mon, Sep 26, 2016 at 10:43 AM, Stephen Smalley wrote:
> On 09/26/2016 10:22 AM, Janis Danisevskis wrote:
>> The "-r" flag of sefcontext_compile now causes it to omit the
>> precompiled regular expressions from the output.
>
> The code itself looks ok, aside from William's
On Mon, Sep 26, 2016 at 10:43 AM, Stephen Smalley wrote:
> On 09/26/2016 10:22 AM, Janis Danisevskis wrote:
>> The "-r" flag of sefcontext_compile now causes it to omit the
>> precompiled regular expressions from the output.
>
> The code itself looks ok, aside from William's
On Mon, Sep 26, 2016 at 8:05 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/24/2016 01:10 PM, william.c.robe...@intel.com wrote:
>> From: William Roberts <william.c.robe...@intel.com>
>>
>> Nothing was being used from the stdio_ext.h header file, so
>&
iling list.
Thanks all for the input provided, and Josh for your late night mac help!
On Fri, Sep 23, 2016 at 1:44 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Fri, Sep 23, 2016 at 1:24 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On 09/23/2016 04:01 PM, Joshua Bri
On Fri, Sep 23, 2016 at 1:24 PM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
> On 09/23/2016 04:01 PM, Joshua Brindle wrote:
>> William Roberts wrote:
>>> On Fri, Sep 23, 2016 at 6:57 AM, Joshua Brindle
>>> <brin...@quarksecurity.com> wrote:
>>>>
On Sep 23, 2016 13:01, "Joshua Brindle" <brin...@quarksecurity.com> wrote:
>
> William Roberts wrote:
>>
>> On Fri, Sep 23, 2016 at 6:57 AM, Joshua Brindle
>> <brin...@quarksecurity.com> wrote:
>>>
>>> William Roberts wro
On Fri, Sep 23, 2016 at 6:57 AM, Joshua Brindle
<brin...@quarksecurity.com> wrote:
> William Roberts wrote:
>>
>> On Sep 22, 2016 9:18 PM, "Jeffrey Vander Stoep"<je...@google.com> wrote:
>>>
>>> Remember to test on the Mac build. About a year
Haines has done a lot of
work to reduce the diff between upstream and the Android fork. Hopefully
that will reduce your effort.
Yeah I'm quite concerned about the Mac build, does anyone on here have
access to a Mac for testing?
>
> On Thu, Sep 22, 2016 at 6:39 PM William Roberts <
On Thu, Sep 22, 2016 at 6:34 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> So I have been working the last couple of days to understand what it
> would take to kill external/libselinux (the Android Fork) and fixup
> upstream so most of the delta is in. The only thin
:
Patches that matter ( I don't know how to make pretty little git summaries):
commit e017f48acd2791a6aa62b4ed0c0b44256b26651f
Author: William Roberts <william.c.robe...@intel.com>
Date: Wed Sep 21 16:06:37 2016 -0700
libselinux: add The Android fork files
Another thing I noticed rectifying the Android tree is that the
selinux/Android.mk upstream is empty, but the secondary levels are
present, any reason that hasn't been pushed?
On Wed, Sep 21, 2016 at 2:53 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Wed, Sep 21, 2016 a
On Wed, Sep 21, 2016 at 2:48 PM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Sep 21, 2016 13:16, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>>
>> On 09/21/2016 04:11 PM, William Roberts wrote:
>> > On Sep 21, 2016 13:06, "
On Sep 21, 2016 13:16, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>
> On 09/21/2016 04:11 PM, William Roberts wrote:
> > On Sep 21, 2016 13:06, "Stephen Smalley" <s...@tycho.nsa.gov
> > <mailto:s...@tycho.nsa.gov>> wrote:
&g
I'd like to see the -r flip change in by then, so no official release
is cut with that behavior.
Also, I was looking at the help output for -r, and its quite
confusing, I cant tell if -r includes or omits, verbatim output:
-r Include precompiled regular expressions in the output.
On Sep 19, 2016 22:25, "Jason Zaman" <ja...@perfinion.com> wrote:
>
> On 20 Sep 2016 12:50 pm, "William Roberts" <bill.c.robe...@gmail.com>
wrote:
> >
> > On Sep 19, 2016 21:16, "Jason Zaman" <ja...@perfinion.com> wrote:
>
On Sep 19, 2016 21:16, "Jason Zaman" <ja...@perfinion.com> wrote:
>
> On 20 Sep 2016 5:47 am, <william.c.robe...@intel.com> wrote:
> >
> > From: William Roberts <william.c.robe...@intel.com>
> >
> > THIS IS WIP...
> >
> > Rath
On Fri, Sep 16, 2016 at 11:44 AM, Janis Danisevskis wrote:
> I don't really care much about the behavior of sefcontext_compile. I just
> thought making the default behavior the safest would be the best option.
> Before android is using it, I will have to sync the (now modified
On Fri, Sep 16, 2016 at 8:04 AM, William Roberts
<bill.c.robe...@gmail.com> wrote:
> On Fri, Sep 16, 2016 at 8:00 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote:
>> On 09/16/2016 10:44 AM, William Roberts wrote:
>>> On Fri, Sep 16, 2016 at 7:41 AM, William Roberts
On Sep 16, 2016 08:12, "Stephen Smalley" <s...@tycho.nsa.gov> wrote:
>
> On 09/16/2016 11:08 AM, William Roberts wrote:
> > On Fri, Sep 16, 2016 at 7:41 AM, Stephen Smalley <s...@tycho.nsa.gov>
wrote:
> >> On 09/16/2016 09:08 AM, Janis Danisevskis wrote:
101 - 200 of 233 matches
Mail list logo