From: Dan Cashman
Signed-off-by: Daniel Cashman
---
libsepol/cil/include/cil/cil.h | 7 +++
1 file changed, 7 insertions(+)
diff --git a/libsepol/cil/include/cil/cil.h b/libsepol/cil/include/cil/cil.h
index 4507892c..86117f24 100644
--- a/libsepol/cil/include/cil/cil.h
+++ b/libsepol/cil
From: Dan Cashman
Signed-off-by: Dan Cashman
Change-Id: I5a72f2e6c339baee8ebc07e3e9176296320e2c80
---
libsepol/cil/include/cil/cil.h | 1 +
libsepol/cil/src/cil.c | 5 +
libsepol/cil/src/cil_build_ast.c | 46 ++--
libsepol/cil/src/cil_intern
From: Dan Cashman
In Android O, the SELinux policy was split from a monolithic policy
created at build-time for each device into two main components, one
on /system and one on /vendor, which get combined at boot. This
introduced several new challenges, including the creation of a need
to maintai
From: Dan Cashman
Modify cil_gen_node() to check to see if the cil_db supports multiple
declarations, and if so, to check whether or not the
repeated symbol is eligible to share the existing, already-stored datum. The
only types considered so far are CIL_TYPE and CIL_TYPEATTRIBUTE, both of
which
From: Dan Cashman
The file_contexts labeling backend, specified in label_file.c, currently assumes
that only one path will be specified as an option to selabel_open(). The split
of platform and non-platform policy on device, however, will necessitate the
loading of two disparate policy files. R
From: Dan Cashman
The file_contexts labeling backend, specified in label_file.c, currently assumes
that only one path will be specified as an option to selabel_open(). The split
of platform and non-platform policy on device, however, will necessitate the
loading of two disparate policy files. R
From: Dan Cashman
The file_contexts labeling backend, specified in label_file.c, currently assumes
that only one path will be specified as an option to selabel_open(). The split
of platform and non-platform policy on device, however, will necessitate the
loading of two disparate policy files. R
underlying
value.
Alternatively, a different field could be used rather than overwriting the
'used' field, attrib structs could be un-shared, or duplicate declarations
could just be skipped rather than sticking around in the tree.
Signed-off-by: Daniel Cashman
---
libsepol/cil/src/cil_bi
Hello,
I would like to write a patch that would expose, via selinuxfs, the
mapping between secids in the kernel and security contexts to
user-space, but before doing so wanted to get some feedback as to
whether or not such an endeavor could have any support upstream. The
direct motivation for thi
On 12/15/2015 07:00 AM, Stephen Smalley wrote:
> On 12/14/2015 05:57 PM, Roberts, William C wrote:
>>
If I understand correctly, the goal here is to avoid the lookup from
pid to context. If we somehow Had the context or a token to a context
during the ipc transaction to userspa
From: dcashman
The getprocattrcon functions currently do not do any validation of the supplied
pid argument. This argument is nonsensical for negative pid values and is also
not specified for an input value of zero. This is an error-prone convention and
should be changed. This is evidenced by
On 02/23/2016 12:24 PM, Daniel Cashman wrote:
> From: dcashman
>
> getpidcon documentation does not specify that a pid of 0 refers to the
> current process, and getcon exists specifically to provide this
> functionality, and getpidcon(getpid()) would provide it as well.
> D
ect managers.
Signed-off-by: Daniel Cashman
---
libselinux/src/procattr.c | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index c20f003..eee4612 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/
From: dcashman
Signed-off-by: Daniel Cashman
---
libselinux/src/procattr.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libselinux/src/procattr.c b/libselinux/src/procattr.c
index 527a0a5..c20f003 100644
--- a/libselinux/src/procattr.c
+++ b/libselinux/src
From: dcashman
cil_gen_policy() appears to exist to generate a policy.conf corresponding to the
original SELinux HLL from a cil_db struct. All of libsepol/cil/src/cil_policy.c
appears to exist to support this functionality. This patchset provides some
fixes for issues encountered when trying to
From: dcashman
cil_gen_policy() creates two sets of sid declarations from CIL policy
due to the combination of sidorder iteration and the CIL_SID case in the
AST walk. Remove the sidorder iteration.
Signed-off-by: Daniel Cashman
---
libsepol/cil/src/cil_policy.c | 4
1 file changed, 4
From: dcashman
Avoid a "No roles associated with user" error produced by
cil_userrole_to_policy() when a userrole mapping is present in CIL policy.
Signed-off-by: Daniel Cashman
---
libsepol/cil/src/cil_policy.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
di
From: dcashman
cil_flavor enums stored in cil_list_items are not pointers, but rather
the actual enum value. Remove pointer dereferences on this value to
avoid segfaults.
Signed-off-by: Daniel Cashman
---
libsepol/cil/src/cil_policy.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions
: Daniel Cashman
---
libsepol/cil/src/cil_policy.c | 7 +--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index d8ef151..78b135e 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -1301,11
ability, but the existing cil_expr_to_policy() function has many other
consumers.
Signed-off-by: Daniel Cashman
---
libsepol/cil/src/cil_policy.c | 211 +-
1 file changed, 210 insertions(+), 1 deletion(-)
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol
On 09/08/2016 01:30 PM, Daniel Cashman wrote:
> From: dcashman
>
> cil_gen_policy() appears to exist to generate a policy.conf corresponding to
> the
> original SELinux HLL from a cil_db struct. All of
> libsepol/cil/src/cil_policy.c
> appears to exist to support this
On 09/09/2016 07:35 AM, James Carter wrote:
> On 09/09/2016 08:29 AM, James Carter wrote:
>> On 09/08/2016 04:37 PM, Daniel Cashman wrote:
>>> On 09/08/2016 01:30 PM, Daniel Cashman wrote:
>>>> From: dcashman
>>>>
>>>> cil_gen_policy() appears
On 10/03/2016 12:52 PM, James Carter wrote:
> Checkpolicy has an option to produce CIL output and is dependent on
> the policydb-to-CIL conversion in libsepol for that option. Add
> support for converting extended permissions to CIL so that checlpolicy
> can generate CIL.
>
> Signed-off-by: James
cil_db_destroy() on each.
Signed-off-by: Daniel Cashman
---
libsepol/cil/src/cil_strpool.c | 28
1 file changed, 24 insertions(+), 4 deletions(-)
diff --git a/libsepol/cil/src/cil_strpool.c b/libsepol/cil/src/cil_strpool.c
index ad2a334..5b7df8c 100644
--- a/libsepol/cil/src
From: dcashman
Test: Untested patch.
Bug: https://code.google.com/p/android/issues/detail?id=226519
Change-Id: Icaf992ba1487098f2c4f16ac1017012f611281e9
Signed-off-by: Daniel Cashman
---
libsepol/cil/src/cil_binary.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/libsepol/cil/src
25 matches
Mail list logo