Dennis Gilmore
d2e9a9d648
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
2013-08-02 23:45:36 -05:00
Dan Walsh
4ca411361a
Fix a segmentation fault if the --handle-unknown option was set without
...
arguments.
- Thanks to Alexandre Rebert and his team at Carnegie Mellon University
for detecting this crash.
2013-07-16 12:36:38 -04:00
Dan Walsh
b640f10250
":" should be allowed for file trans names
2013-07-16 12:35:19 -04:00
Dan Walsh
9e5a835ab1
":" should be allowed for file trans names
2013-03-19 19:41:27 -04:00
Dan Walsh
6bfe32f6aa
":" should be allowed for file trans names
2013-03-19 10:48:10 -04:00
Dan Walsh
7a5e44fa80
Space should be allowed for file trans names
2013-03-12 08:43:39 -04:00
Dan Walsh
02cf4abf2d
Update to upstream
...
* Fix errors found by coverity
* implement default type policy syntax
* Free allocated memory when clean up / exit.
2013-02-07 13:40:56 -05:00
Dan Walsh
889f900222
Update to latest patches from eparis/Upstream
...
- checkpolicy: libsepol: implement default type policy syntax
-
- We currently have a mechanism in which the default user, role, and range
- can be picked up from the source or the target object. This implements
- the same thing for types. The kernel will override this with type
- transition rules and similar. This is just the default if nothing
- specific is given.
2013-01-05 11:08:17 -05:00
Dan Walsh
13d5e7a515
Update to latest patches from eparis/Upstream
...
- checkpolicy: libsepol: implement default type policy syntax
-
- We currently have a mechanism in which the default user, role, and range
- can be picked up from the source or the target object. This implements
- the same thing for types. The kernel will override this with type
- transition rules and similar. This is just the default if nothing
- specific is given.
2013-01-05 11:02:10 -05:00
Dan Walsh
c662668dab
Rebuild with fixed libsepol
2013-01-05 07:09:43 -05:00
rhatdan
aa082595d2
Rebuild with fixed libsepol
2012-09-25 15:42:44 -04:00
rhatdan
1057df92ca
Update to upstream
...
* fd leak reading policy
* check return code on ebitmap_set_bit
2012-09-13 13:29:17 -04:00
Dan Walsh
1796244eeb
Rebuild to grab latest libsepol
2012-07-30 11:21:22 -04:00
Dan Walsh
04deb1acb8
Rebuild to grab latest libsepol
2012-07-24 14:04:15 -04:00
Dennis Gilmore
c25bf4dc69
- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
2012-07-18 13:53:20 -05:00
Dan Walsh
f5401fa228
Update to upstream
...
* sepolgen: We need to support files that have a + in them
* Android/MacOS X build support
2012-07-04 07:24:23 -04:00
Dan Walsh
fbd2801c70
Rebuild to get latest libsepol which fixes the file_name transition problems
2012-04-23 21:10:43 -04:00
Dan Walsh
c856d94691
Recompile with libsepol that has support for ptrace_child
2012-04-17 17:06:35 -04:00
Dan Walsh
1ef68435f0
Allow checkpolicy to use + in a file name
2012-04-03 18:51:45 -04:00
Dan Walsh
9f8377e4c3
Update to upstream
...
* implement new default labeling behaviors for usr, role, range
* Fix dead links to www.nsa.gov/selinux
2012-03-29 15:28:08 -04:00
Dan Walsh
9a3ff63515
Fix man page to link to www.nsa.giv/research/selinux
2012-01-16 12:13:04 -05:00
Dan Walsh
102b87e2ac
Fix man page to link to www.nsa.giv/research/selinux
2012-01-16 12:12:18 -05:00
Dennis Gilmore
2bf4af1966
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
2012-01-12 17:17:07 -06:00
Dan Walsh
ab9a33402e
Update to upstream
...
* add ignoredirs config for genhomedircon
* Fallback_user_level can be NULL if you are not using MLS
2011-12-21 18:06:58 +00:00
Dan Walsh
629e1bb095
Update to upstream
...
* add new helper to translate class sets into bitmaps
2011-12-21 17:59:06 +00:00
Dan Walsh
228c1db0c3
default_rules should be optional
2011-12-21 13:35:19 +00:00
Dan Walsh
ca712cbf0b
Rebuild with latest libsepol
2011-12-16 06:23:11 -05:00
Dan Walsh
62a79399e3
Upgrade to upstream
...
* dis* fixed signed vs unsigned errors
* dismod: fix unused parameter errors
* test: Makefile: include -W and -Werror
* allow ~ in filename transition rules
Allow policy to specify the source of target for generating the default user,role
or mls label for a new target.
2011-12-15 16:32:47 -05:00
Dan Walsh
5ea3e823bf
Upgrade to upstream
...
* dis* fixed signed vs unsigned errors
* dismod: fix unused parameter errors
* test: Makefile: include -W and -Werror
* allow ~ in filename transition rules
Allow policy to specify the source of target for generating the default user,role
or mls label for a new target.
2011-12-15 14:30:26 -05:00
Dan Walsh
e9ff6dfd95
Allow ~ in a filename
2011-11-14 11:35:35 -05:00
Dan Walsh
1e7f3c93f0
Upgrade to upstream
...
* Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"
* drop libsepol dynamic link in checkpolicy
2011-11-04 09:27:03 -04:00
Dan Walsh
0708d417f5
Fix checkpolicy to ignore '"' in filename trans rules
2011-09-20 10:06:14 -04:00
Dan Walsh
84d179aabd
Update to upstream
...
* Separate tunable from boolean during compile.
2011-09-19 06:44:54 -04:00
Dan Walsh
253cdcd5ea
Update to upstream
...
* Separate tunable from boolean during compile.
2011-09-19 06:43:53 -04:00
Dan Walsh
68f262fbdb
Update to upstream
...
* checkpolicy: fix spacing in output message
2011-08-30 16:15:26 -04:00
Dan Walsh
e87652be15
* add missing ; to attribute_role_def
...
*Redo filename/filesystem syntax to support filename trans
2011-08-18 07:00:03 -04:00
Dan Walsh
5bae77199e
* add missing ; to attribute_role_def
...
*Redo filename/filesystem syntax to support filename trans
2011-08-18 06:51:40 -04:00
Dan Walsh
920355cc3a
Update to upstream
2011-07-28 11:38:45 -04:00
Dan Walsh
5eaf35502b
Update to upstream
...
* Wrap file names in filename transitions with quotes by Steve Lawrence.
* Allow filesystem names to start with a digit by James Carter.
* Add support for using the last path compnent in type transitions by Eric
2011-05-23 18:25:07 -04:00
Dan Walsh
49877e7556
Fixes for filename transition code
2011-04-21 11:32:36 -04:00
Dan Walsh
f530d30afa
Add "-" ass a file type
2011-04-15 14:10:50 -04:00
Dan Walsh
66140a0889
Latest patches
2011-04-12 13:12:30 -04:00
Dan Walsh
9d5bc6c8bd
Patches from Eric Paris
...
We just use random numbers to make menu selections. Use #defines and
names that make some sense instead.
2011-03-29 15:42:16 -04:00
Dennis Gilmore
ab345be6df
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
2011-02-08 02:16:59 -06:00
Dan Walsh
2cb151d87e
- Add James Carters Patch
...
*This patch is needed because some filesystem names (such as 9p) start
with a digit.
2011-01-12 16:49:06 -05:00
Dan Walsh
5ea14e8ebf
- Latest update from NSA
...
* Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
2010-12-21 16:41:10 -05:00
Dan Walsh
acd4c1a5bb
- Rebuild to make sure it will build in Fedora
2010-12-08 11:56:11 -05:00
Dan Walsh
8bd7fb29dd
- Rebuild to make sure it will build in Fedora
2010-12-08 11:37:45 -05:00
Daniel J Walsh
ff8894ce82
- Latest update from NSA
...
Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
- Allow policy version to be one number
2010-06-16 12:11:21 +00:00
Daniel J Walsh
7c6d84d139
- Latest update from NSA
...
Add support for building Xen policies from Paul Nuzzi.
Add long options to checkpolicy and checkmodule by Guido Trentalancia
<guido@trentalancia.com>
2009-12-01 22:50:19 +00:00
Jesse Keating
377ab91c67
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
2009-07-24 18:52:16 +00:00
Jesse Keating
6cd52708e4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
2009-02-24 07:15:25 +00:00
Daniel J Walsh
69181ce9f3
- Latest update from NSA
...
Fix alias field in module format, caused by boundary format change from
Caleb Case.
2009-02-18 21:54:40 +00:00
Daniel J Walsh
31c67841df
- Rebuild with new libsepol
2008-07-08 12:08:04 +00:00
Daniel J Walsh
f0fa1b8c8a
- Rebuild with new libsepol
2008-07-08 12:05:35 +00:00
Tom Callaway
4325162102
fix license tag
2008-05-28 21:41:21 +00:00
Daniel J Walsh
d9e3ea1a9d
- Latest update from NSA
...
Update checkpolicy for user and role mapping support from Joshua Brindle.
2008-05-28 15:15:49 +00:00
Daniel J Walsh
a17aa67c97
- Allow modules with 4 sections or more
2008-05-06 18:22:18 +00:00
Daniel J Walsh
1ca4c44086
- Latest update from NSA
...
Add permissive domain support from Eric Paris.
2008-03-27 17:39:08 +00:00
Daniel J Walsh
3181c033e3
- Latest update from NSA
...
Split out non-grammar parts of policy_parse.yacc into policy_define.c and
policy_define.h from Todd C. Miller.
Initialize struct policy_file before using it, from Todd C. Miller.
Remove unused define, move variable out of .y file, simplify COND_ERR, from
Todd C. Miller.
2008-03-14 00:24:03 +00:00
Daniel J Walsh
164c17c9c1
- Latest update from NSA
...
Split out non-grammar parts of policy_parse.yacc into policy_define.c and
policy_define.h from Todd C. Miller.
Initialize struct policy_file before using it, from Todd C. Miller.
Remove unused define, move variable out of .y file, simplify COND_ERR, from
Todd C. Miller.
2008-03-13 23:47:55 +00:00
Daniel J Walsh
e22ff16832
- Latest update from NSA
...
Use yyerror2() where appropriate from Todd C. Miller.
- Build against latest libsepol
2008-02-28 21:57:00 +00:00
Daniel J Walsh
35299999e4
- Start shipping sedismod and sedispol
2008-02-22 19:33:37 +00:00
Daniel J Walsh
88d15070c2
- Latest update from NSA
...
Update dispol for libsepol avtab changes from Stephen Smalley.
2008-02-04 19:06:00 +00:00
Daniel J Walsh
d793dcb07e
- Latest update from NSA
...
Update dispol for libsepol avtab changes from Stephen Smalley.
2008-02-04 17:24:34 +00:00
Daniel J Walsh
1257a8cea9
- Latest update from NSA
...
Deprecate role dominance in parser.
2008-01-25 16:19:00 +00:00
Daniel J Walsh
2cb30aa859
- Update to use libsepol-static library
2008-01-23 20:19:17 +00:00
Daniel J Walsh
4dd1371296
- Update to use libsepol-static library
2008-01-21 21:42:58 +00:00
Daniel J Walsh
5c3895bc13
- Latest update from NSA
...
Initialize the source file name from the command line argument so that
checkpolicy/checkmodule report something more useful than "unknown
source".
Merged remove use of REJECT and trailing context in lex rules; make ipv4
address parsing like ipv6 from James Carter.
2007-11-15 18:41:43 +00:00
Daniel J Walsh
5d693896f6
Merged handle unknown policydb flag support from Eric Paris. Adds new
...
command line options -U {allow, reject, deny} for selecting the flag
when a base module or kernel policy is built.
2007-09-19 00:20:03 +00:00
Jesse Keating
3667d6eef5
- Rebuild for selinux ppc32 issue.
2007-08-29 04:03:17 +00:00
Daniel J Walsh
7b1ac7a22c
- Rebuild with the latest libsepol
2007-06-18 18:20:26 +00:00
Daniel J Walsh
4bd6947fff
- Latest update from NSA
...
Merged fix for segfault on duplicate require of sensitivity from Caleb
Case.
Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
2007-06-04 19:21:50 +00:00
Daniel J Walsh
7b7e59092d
- Latest update from NSA
...
Merged checkmodule man page fix from Dan Walsh.
2007-04-12 20:05:28 +00:00
Daniel J Walsh
ebb6b2e693
- Rebuild with new libsepol
2007-03-30 16:14:13 +00:00
Daniel J Walsh
7f274195c4
- Rebuild with new libsepol
2007-03-29 18:01:38 +00:00
Daniel J Walsh
c1870cdf3a
- Latest update from NSA
...
Merged patch to allow dots in class identifiers from Caleb Case.
2007-02-20 14:59:15 +00:00
Daniel J Walsh
1ec43fbb6a
- Latest update from NSA
...
Merged patch to use new libsepol error codes by Karl MacMillan.
Updated version for stable branch.
2007-02-07 21:42:36 +00:00
Daniel J Walsh
efbbda85bd
- Rebuild for new libraries
2006-11-28 19:04:15 +00:00
Daniel J Walsh
f9c5836922
- Latest update from NSA
...
Collapse user identifiers and identifiers together.
2006-11-28 18:56:56 +00:00
Daniel J Walsh
c2957dde68
- Latest update from NSA
...
Collapse user identifiers and identifiers together.
2006-11-14 14:50:36 +00:00
Daniel J Walsh
9e6b63128e
- Latest update from NSA
...
Updated version for release.
2006-11-03 21:45:02 +00:00
Daniel J Walsh
2fc5612c93
- Latest update from NSA
...
Merged user and range_transition support for modules from Darrel Goeddel
2006-09-29 14:22:59 +00:00
Daniel J Walsh
39e4bfb0e8
- Latest update from NSA
...
merged range_transition enhancements and user module format changes from
Darrel Goeddel
Merged symtab datum patch from Karl MacMillan.
2006-09-06 18:16:16 +00:00
Jesse Keating
d6c461cca2
bumped for rebuild
2006-07-12 04:47:50 +00:00
Daniel J Walsh
0962a544c8
- Latest upgrade from NSA
...
Lindent.
Merged patch to remove TE rule conflict checking from the parser from
Joshua Brindle. This can only be done properly by the expander.
Merged patch to make checkpolicy/checkmodule handling of
duplicate/conflicting TE rules the same as the expander from Joshua
Brindle.
Merged optionals in base take 2 patch set from Joshua Brindle.
2006-07-05 10:43:21 +00:00
Daniel J Walsh
0b33b45a9e
- Latest upgrade from NSA
...
Merged compiler cleanup patch from Karl MacMillan.
Merged fix warnings patch from Karl MacMillan.
2006-05-24 03:11:52 +00:00
Daniel J Walsh
a7c8fb25b4
- Latest upgrade from NSA
...
Changed require_class to reject permissions that have not been declared if
building a base module.
2006-04-05 17:46:41 +00:00
Daniel J Walsh
cb354e0254
- Latest upgrade from NSA
...
Fixed checkmodule to call link_modules prior to expand_module to handle
optionals.
Fixed require_class to avoid shadowing permissions already defined in an
inherited common definition.
2006-03-28 20:07:42 +00:00
Daniel J Walsh
d914ad5a8c
- Rebuild with new libsepol
2006-03-27 22:13:22 +00:00
Daniel J Walsh
01a9ba841e
- Latest upgrade from NSA
...
Moved processing of role and user require statements to 2nd pass.
2006-03-23 16:14:03 +00:00
Daniel J Walsh
af7b9d6c00
- Latest upgrade from NSA
...
Updated version for release.
Fixed bug in role dominance (define_role_dom).
2006-03-17 18:36:26 +00:00
Daniel J Walsh
dcec148fc4
- Latest upgrade from NSA
...
Added a check for failure to declare each sensitivity in a level
definition.
Changed to clone level data for aliased sensitivities to avoid double free
upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
2006-02-17 20:00:08 +00:00
Daniel J Walsh
d0cfe1d1ab
- Latest upgrade from NSA
...
Added a check for failure to declare each sensitivity in a level
definition.
Changed to clone level data for aliased sensitivities to avoid double free
upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
2006-02-16 18:44:15 +00:00
Daniel J Walsh
6d151699a3
- Latest upgrade from NSA
...
Merged optionals in base patch from Joshua Brindle.
2006-02-13 19:31:17 +00:00
Daniel J Walsh
bc40ef4345
- Need to build again
2006-02-13 15:28:42 +00:00
Jesse Keating
f6e3697d00
bump for bug in double-long on ppc(64)
2006-02-11 02:15:00 +00:00
Daniel J Walsh
7cb707226a
- Latest upgrade from NSA
...
Merged sepol_av_to_string patch from Joshua Brindle.
2006-02-07 15:33:17 +00:00
Jesse Keating
6c329b1c58
bump for new gcc/glibc
2006-02-07 11:14:04 +00:00
Daniel J Walsh
41344977f8
- Rebuild to get latest libsepol
2006-01-13 22:33:16 +00:00