rpms/checkpolicy
7
0
Fork 0
Code Issues Pull Requests Releases Activity
209 Commits 7 Branches 14 Tags 450 KiB
65b44362fe
Commit Graph

200 Commits

Author SHA1 Message Date
Dan Walsh
5bae77199e * add missing ; to attribute_role_def 
*Redo filename/filesystem syntax to support filename trans
 2011-08-18 06:51:40 -04:00
Dan Walsh
920355cc3a Update to upstream 2011-07-28 11:38:45 -04:00
Dan Walsh
5eaf35502b Update to upstream 
* Wrap file names in filename transitions with quotes by Steve Lawrence.
	* Allow filesystem names to start with a digit by James Carter.
	* Add support for using the last path compnent in type transitions by Eric
 2011-05-23 18:25:07 -04:00
Dan Walsh
49877e7556 Fixes for filename transition code 2011-04-21 11:32:36 -04:00
Dan Walsh
f530d30afa Add "-" ass a file type 2011-04-15 14:10:50 -04:00
Dan Walsh
66140a0889 Latest patches 2011-04-12 13:12:30 -04:00
Dan Walsh
9d5bc6c8bd Patches from Eric Paris 
We just use random numbers to make menu selections.  Use #defines and
names that make some sense instead.
 2011-03-29 15:42:16 -04:00
Dennis Gilmore
ab345be6df - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 02:16:59 -06:00
Dan Walsh
2cb151d87e - Add James Carters Patch 
*This patch is needed because some filesystem names (such as 9p) start
  with a digit.
 2011-01-12 16:49:06 -05:00
Dan Walsh
5ea14e8ebf - Latest update from NSA 
* Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
 2010-12-21 16:41:10 -05:00
Dan Walsh
acd4c1a5bb - Rebuild to make sure it will build in Fedora 2010-12-08 11:56:11 -05:00
Dan Walsh
8bd7fb29dd - Rebuild to make sure it will build in Fedora 2010-12-08 11:37:45 -05:00
Daniel J Walsh
ff8894ce82 - Latest update from NSA 
Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
- Allow policy version to be one number
 2010-06-16 12:11:21 +00:00
Daniel J Walsh
7c6d84d139 - Latest update from NSA 
Add support for building Xen policies from Paul Nuzzi.
Add long options to checkpolicy and checkmodule by Guido Trentalancia
    <guido@trentalancia.com>
 2009-12-01 22:50:19 +00:00
Jesse Keating
377ab91c67 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-24 18:52:16 +00:00
Jesse Keating
6cd52708e4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-24 07:15:25 +00:00
Daniel J Walsh
69181ce9f3 - Latest update from NSA 
Fix alias field in module format, caused by boundary format change from
    Caleb Case.
 2009-02-18 21:54:40 +00:00
Daniel J Walsh
31c67841df - Rebuild with new libsepol 2008-07-08 12:08:04 +00:00
Daniel J Walsh
f0fa1b8c8a - Rebuild with new libsepol 2008-07-08 12:05:35 +00:00
Tom Callaway
4325162102 fix license tag 2008-05-28 21:41:21 +00:00
Daniel J Walsh
d9e3ea1a9d - Latest update from NSA 
Update checkpolicy for user and role mapping support from Joshua Brindle.
 2008-05-28 15:15:49 +00:00
Daniel J Walsh
a17aa67c97 - Allow modules with 4 sections or more 2008-05-06 18:22:18 +00:00
Daniel J Walsh
1ca4c44086 - Latest update from NSA 
Add permissive domain support from Eric Paris.
 2008-03-27 17:39:08 +00:00
Daniel J Walsh
3181c033e3 - Latest update from NSA 
Split out non-grammar parts of policy_parse.yacc into policy_define.c and
    policy_define.h from Todd C. Miller.
Initialize struct policy_file before using it, from Todd C. Miller.
Remove unused define, move variable out of .y file, simplify COND_ERR, from
    Todd C. Miller.
 2008-03-14 00:24:03 +00:00
Daniel J Walsh
164c17c9c1 - Latest update from NSA 
Split out non-grammar parts of policy_parse.yacc into policy_define.c and
    policy_define.h from Todd C. Miller.
Initialize struct policy_file before using it, from Todd C. Miller.
Remove unused define, move variable out of .y file, simplify COND_ERR, from
    Todd C. Miller.
 2008-03-13 23:47:55 +00:00
Daniel J Walsh
e22ff16832 - Latest update from NSA 
Use yyerror2() where appropriate from Todd C. Miller.
- Build against latest libsepol
 2008-02-28 21:57:00 +00:00
Daniel J Walsh
35299999e4 - Start shipping sedismod and sedispol 2008-02-22 19:33:37 +00:00
Daniel J Walsh
88d15070c2 - Latest update from NSA 
Update dispol for libsepol avtab changes from Stephen Smalley.
 2008-02-04 19:06:00 +00:00
Daniel J Walsh
d793dcb07e - Latest update from NSA 
Update dispol for libsepol avtab changes from Stephen Smalley.
 2008-02-04 17:24:34 +00:00
Daniel J Walsh
1257a8cea9 - Latest update from NSA 
Deprecate role dominance in parser.
 2008-01-25 16:19:00 +00:00
Daniel J Walsh
2cb30aa859 - Update to use libsepol-static library 2008-01-23 20:19:17 +00:00
Daniel J Walsh
4dd1371296 - Update to use libsepol-static library 2008-01-21 21:42:58 +00:00
Daniel J Walsh
5c3895bc13 - Latest update from NSA 
Initialize the source file name from the command line argument so that
    checkpolicy/checkmodule report something more useful than "unknown
    source".
Merged remove use of REJECT and trailing context in lex rules; make ipv4
    address parsing like ipv6 from James Carter.
 2007-11-15 18:41:43 +00:00
Daniel J Walsh
5d693896f6 Merged handle unknown policydb flag support from Eric Paris. Adds new 
command line options -U {allow, reject, deny} for selecting the flag
    when a base module or kernel policy is built.
 2007-09-19 00:20:03 +00:00
Jesse Keating
3667d6eef5 - Rebuild for selinux ppc32 issue. 2007-08-29 04:03:17 +00:00
Daniel J Walsh
7b1ac7a22c - Rebuild with the latest libsepol 2007-06-18 18:20:26 +00:00
Daniel J Walsh
4bd6947fff - Latest update from NSA 
Merged fix for segfault on duplicate require of sensitivity from Caleb
    Case.
Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
 2007-06-04 19:21:50 +00:00
Daniel J Walsh
7b7e59092d - Latest update from NSA 
Merged checkmodule man page fix from Dan Walsh.
 2007-04-12 20:05:28 +00:00
Daniel J Walsh
ebb6b2e693 - Rebuild with new libsepol 2007-03-30 16:14:13 +00:00
Daniel J Walsh
7f274195c4 - Rebuild with new libsepol 2007-03-29 18:01:38 +00:00
Daniel J Walsh
c1870cdf3a - Latest update from NSA 
Merged patch to allow dots in class identifiers from Caleb Case.
 2007-02-20 14:59:15 +00:00
Daniel J Walsh
1ec43fbb6a - Latest update from NSA 
Merged patch to use new libsepol error codes by Karl MacMillan.
Updated version for stable branch.
 2007-02-07 21:42:36 +00:00
Daniel J Walsh
efbbda85bd - Rebuild for new libraries 2006-11-28 19:04:15 +00:00
Daniel J Walsh
f9c5836922 - Latest update from NSA 
Collapse user identifiers and identifiers together.
 2006-11-28 18:56:56 +00:00
Daniel J Walsh
c2957dde68 - Latest update from NSA 
Collapse user identifiers and identifiers together.
 2006-11-14 14:50:36 +00:00
Daniel J Walsh
9e6b63128e - Latest update from NSA 
Updated version for release.
 2006-11-03 21:45:02 +00:00
Daniel J Walsh
2fc5612c93 - Latest update from NSA 
Merged user and range_transition support for modules from Darrel Goeddel
 2006-09-29 14:22:59 +00:00
Daniel J Walsh
39e4bfb0e8 - Latest update from NSA 
merged range_transition enhancements and user module format changes from
    Darrel Goeddel
Merged symtab datum patch from Karl MacMillan.
 2006-09-06 18:16:16 +00:00
Jesse Keating
d6c461cca2 bumped for rebuild 2006-07-12 04:47:50 +00:00
Daniel J Walsh
0962a544c8 - Latest upgrade from NSA 
Lindent.
Merged patch to remove TE rule conflict checking from the parser from
    Joshua Brindle. This can only be done properly by the expander.
Merged patch to make checkpolicy/checkmodule handling of
    duplicate/conflicting TE rules the same as the expander from Joshua
    Brindle.
Merged optionals in base take 2 patch set from Joshua Brindle.
 2006-07-05 10:43:21 +00:00
Daniel J Walsh
0b33b45a9e - Latest upgrade from NSA 
Merged compiler cleanup patch from Karl MacMillan.
Merged fix warnings patch from Karl MacMillan.
 2006-05-24 03:11:52 +00:00
Daniel J Walsh
a7c8fb25b4 - Latest upgrade from NSA 
Changed require_class to reject permissions that have not been declared if
    building a base module.
 2006-04-05 17:46:41 +00:00
Daniel J Walsh
cb354e0254 - Latest upgrade from NSA 
Fixed checkmodule to call link_modules prior to expand_module to handle
    optionals.
Fixed require_class to avoid shadowing permissions already defined in an
    inherited common definition.
 2006-03-28 20:07:42 +00:00
Daniel J Walsh
d914ad5a8c - Rebuild with new libsepol 2006-03-27 22:13:22 +00:00
Daniel J Walsh
01a9ba841e - Latest upgrade from NSA 
Moved processing of role and user require statements to 2nd pass.
 2006-03-23 16:14:03 +00:00
Daniel J Walsh
af7b9d6c00 - Latest upgrade from NSA 
Updated version for release.
Fixed bug in role dominance (define_role_dom).
 2006-03-17 18:36:26 +00:00
Daniel J Walsh
dcec148fc4 - Latest upgrade from NSA 
Added a check for failure to declare each sensitivity in a level
    definition.
Changed to clone level data for aliased sensitivities to avoid double free
    upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
 2006-02-17 20:00:08 +00:00
Daniel J Walsh
d0cfe1d1ab - Latest upgrade from NSA 
Added a check for failure to declare each sensitivity in a level
    definition.
Changed to clone level data for aliased sensitivities to avoid double free
    upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
 2006-02-16 18:44:15 +00:00
Daniel J Walsh
6d151699a3 - Latest upgrade from NSA 
Merged optionals in base patch from Joshua Brindle.
 2006-02-13 19:31:17 +00:00
Daniel J Walsh
bc40ef4345 - Need to build again 2006-02-13 15:28:42 +00:00
Jesse Keating
f6e3697d00 bump for bug in double-long on ppc(64) 2006-02-11 02:15:00 +00:00
Daniel J Walsh
7cb707226a - Latest upgrade from NSA 
Merged sepol_av_to_string patch from Joshua Brindle.
 2006-02-07 15:33:17 +00:00
Jesse Keating
6c329b1c58 bump for new gcc/glibc 2006-02-07 11:14:04 +00:00
Daniel J Walsh
41344977f8 - Rebuild to get latest libsepol 2006-01-13 22:33:16 +00:00
Daniel J Walsh
d8a7f7e3b2 - Rebuild to get latest libsepol 2006-01-05 22:02:52 +00:00
Daniel J Walsh
7f0d3160ab - Rebuild to get latest libsepol 2006-01-05 21:58:33 +00:00
Daniel J Walsh
55423c321d - Rebuild to get latest libsepol 2006-01-04 18:55:25 +00:00
Daniel J Walsh
b1640a4ffb - Rebuild to get latest libsepol 2005-12-16 14:18:43 +00:00
Jesse Keating
aba9acb9b5 gcc update bump 2005-12-09 22:39:58 +00:00
Daniel J Walsh
6300e4418d - Latest upgrade from NSA 2005-12-09 18:24:24 +00:00
Daniel J Walsh
428c7aa7cd - Latest upgrade from NSA 
Merged checkmodule man page from Dan Walsh, and edited it.
 2005-12-04 13:13:34 +00:00
Daniel J Walsh
e8c9487983 - Latest upgrade from NSA 
Added error checking of all ebitmap_set_bit calls for out of memory
    conditions.
Merged removal of compatibility handling of netlink classes (requirement
    that policies with newer versions include the netlink class
    definitions, remapping of fine-grained netlink classes in newer source
    policies to single netlink class when generating older policies) from
    George Coker.
 2005-12-01 20:02:47 +00:00
Daniel J Walsh
671fd361f0 - Rebuild to get latest libsepol 2005-11-10 02:44:34 +00:00
Daniel J Walsh
647b078eee - Rebuild to get latest libsepol 2005-11-08 23:42:05 +00:00
Daniel J Walsh
72ae42ae01 - Rebuild to get latest libsepol 2005-11-07 14:50:52 +00:00
Daniel J Walsh
6b2bcc3c72 - Rebuild to get latest libsepol 2005-11-03 15:48:45 +00:00
Daniel J Walsh
a7259909df - Rebuild to get latest libsepol 2005-10-31 21:03:46 +00:00
Daniel J Walsh
e003d30798 - Rebuild to get latest libsepol 2005-10-28 19:25:01 +00:00
Daniel J Walsh
f4574040bd - Latest upgrade from NSA 
Merged dismod fix from Joshua Brindle.
 2005-10-25 19:18:26 +00:00
Daniel J Walsh
33c5c28812 - Latest upgrade from NSA 
Removed obsolete cond_check_type_rules() function and call and
    cond_optimize_lists() call from checkpolicy.c; these are handled during
    parsing and expansion now.
Updated calls to expand_module for interface change.
Changed checkmodule to verify that expand_module succeeds when building
    base modules.
Merged module compiler fixes from Joshua Brindle.
Removed direct calls to hierarchy_check_constraints() and
    check_assertions() from checkpolicy since they are now called
    internally by expand_module().
 2005-10-21 18:48:50 +00:00
Daniel J Walsh
af4dd8d071 - Latest upgrade from NSA 
Removed obsolete cond_check_type_rules() function and call and
    cond_optimize_lists() call from checkpolicy.c; these are handled during
    parsing and expansion now.
Updated calls to expand_module for interface change.
Changed checkmodule to verify that expand_module succeeds when building
    base modules.
Merged module compiler fixes from Joshua Brindle.
Removed direct calls to hierarchy_check_constraints() and
    check_assertions() from checkpolicy since they are now called
    internally by expand_module().
 2005-10-20 20:34:02 +00:00
Daniel J Walsh
acfce4cb75 - Latest upgrade from NSA 
Updated for changes to sepol policydb_index_others interface.
 2005-10-18 18:27:54 +00:00
Daniel J Walsh
b1c24f328b - Latest upgrade from NSA 
Updated for changes to sepol expand_module and link_modules interfaces.
Sat Oct 15 2005 Dan Walsh <dwalsh@redhat.com> 1.27.9-2
- Rebuild to get latest libsepol
 2005-10-18 14:17:02 +00:00
Daniel J Walsh
f0af6ae6b8 - Rebuild to get latest libsepol 2005-10-15 12:27:09 +00:00
Daniel J Walsh
571771b17d - Latest upgrade from NSA 
Merged support for require blocks inside conditionals from Joshua Brindle
    (Tresys).
 2005-10-14 12:31:36 +00:00
Karsten Hopp
c7eb5fa60e - add buildrequirement for libselinux-devel for dispol 2005-10-12 12:02:45 +00:00
Daniel J Walsh
1b6c428fd8 - Latest upgrade from NSA 
Updated for changes to libsepol.
 2005-10-10 13:00:20 +00:00
Daniel J Walsh
e191585b52 - Rebuild to get latest libsepol 2005-10-07 14:19:15 +00:00
Daniel J Walsh
b8c325caf1 - Latest upgrade from NSA 
Merged several bug fixes from Joshua Brindle (Tresys).
 2005-10-06 16:08:53 +00:00
Daniel J Walsh
43314203eb - Latest upgrade from NSA 
Merged MLS in modules patch from Joshua Brindle (Tresys).
 2005-10-04 18:02:36 +00:00
Daniel J Walsh
1bc86e3fa3 - Rebuild to get latest libsepol 2005-10-03 13:23:30 +00:00
Daniel J Walsh
e21e3bfb9d - Latest upgrade from NSA 
Merged error handling improvement in checkmodule from Karl MacMillan
    (Tresys).
 2005-09-29 01:18:06 +00:00
Daniel J Walsh
d3c90af390 - Latest upgrade from NSA 
Merged bugfix for dup role transition error messages from Karl MacMillan
    (Tresys).
 2005-09-27 19:00:56 +00:00
Daniel J Walsh
c95e46a95f - Rebuild to get latest libsepol 2005-09-21 18:23:46 +00:00
Daniel J Walsh
e34019964c - Latest upgrade from NSA 
Fixed parse_categories handling of undefined category.
 2005-09-21 14:18:23 +00:00
Daniel J Walsh
ba974b169b - Latest upgrade from NSA 
Merged bug fix for role dominance handling from Darrel Goeddel (TCS).
Wed Sep 14 2005 Dan Walsh <dwalsh@redhat.com> 1.26-2
- Rebuild to get latest libsepol
 2005-09-17 11:40:23 +00:00
Daniel J Walsh
a9313a61a4 - Rebuild to get latest libsepol 2005-09-15 14:55:49 +00:00
Daniel J Walsh
af1d472265 - Rebuild to get latest libsepol 2005-09-14 19:36:33 +00:00
Daniel J Walsh
7ba2db9576 - Latest upgrade from NSA 
Updated version for release.
- Rebuild to get latest libsepol
 2005-09-12 20:30:47 +00:00
Daniel J Walsh
edf32bd45a - Rebuild to get latest libsepol 2005-09-01 16:17:07 +00:00