rpms
/
checkpolicy
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
254 Commits 40 Branches 153 Tags 738 KiB
Commit Graph

240 Commits

Author SHA1 Message Date
Dennis Gilmore dd6f1ef617 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-06 23:34:12 -05:00
Dan Walsh 946ad38fd1 Update to upstream 
* Add Android support for building dispol.
	* Report source file and line information for neverallow failures.
	* Prevent incompatible option combinations for checkmodule.
	* Drop -lselinux from LDLIBS for test programs; not used.
	* Add debug feature to display constraints/validatetrans from Richard Haines.
 2014-05-06 14:20:14 -04:00
Dan Walsh 60787b1d18 Update to upstream 
* Fix hyphen usage in man pages from Laurent Bigonville.
	* handle-unknown / -U required argument fix from Laurent Bigonville.
	* Support overriding Makefile PATH and LIBDIR from Laurent Bigonville.
	* Support space and : in filenames from Dan Walsh.
 2013-10-31 09:23:42 -04:00
Dan Walsh eddfbe52c6 UPdate to upstream 2013-10-31 09:21:49 -04:00
Dennis Gilmore d2e9a9d648 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-02 23:45:36 -05:00
Dan Walsh 4ca411361a Fix a segmentation fault if the --handle-unknown option was set without 
arguments.
- Thanks to Alexandre Rebert and his team at Carnegie Mellon University
for detecting this crash.
 2013-07-16 12:36:38 -04:00
Dan Walsh b640f10250 ":" should be allowed for file trans names 2013-07-16 12:35:19 -04:00
Dan Walsh 9e5a835ab1 ":" should be allowed for file trans names 2013-03-19 19:41:27 -04:00
Dan Walsh 6bfe32f6aa ":" should be allowed for file trans names 2013-03-19 10:48:10 -04:00
Dan Walsh 7a5e44fa80 Space should be allowed for file trans names 2013-03-12 08:43:39 -04:00
Dan Walsh 02cf4abf2d Update to upstream 
* Fix errors found by coverity
        * implement default type policy syntax
        * Free allocated memory when clean up / exit.
 2013-02-07 13:40:56 -05:00
Dan Walsh 889f900222 Update to latest patches from eparis/Upstream 
-   checkpolicy: libsepol: implement default type policy syntax
-
-   We currently have a mechanism in which the default user, role, and range
-   can be picked up from the source or the target object.  This implements
-   the same thing for types.  The kernel will override this with type
-   transition rules and similar.  This is just the default if nothing
-   specific is given.
 2013-01-05 11:08:17 -05:00
Dan Walsh 13d5e7a515 Update to latest patches from eparis/Upstream 
-   checkpolicy: libsepol: implement default type policy syntax
-
-   We currently have a mechanism in which the default user, role, and range
-   can be picked up from the source or the target object.  This implements
-   the same thing for types.  The kernel will override this with type
-   transition rules and similar.  This is just the default if nothing
-   specific is given.
 2013-01-05 11:02:10 -05:00
Dan Walsh c662668dab Rebuild with fixed libsepol 2013-01-05 07:09:43 -05:00
rhatdan aa082595d2 Rebuild with fixed libsepol 2012-09-25 15:42:44 -04:00
rhatdan 1057df92ca Update to upstream 
* fd leak reading policy
	* check return code on ebitmap_set_bit
 2012-09-13 13:29:17 -04:00
Dan Walsh 1796244eeb Rebuild to grab latest libsepol 2012-07-30 11:21:22 -04:00
Dan Walsh 04deb1acb8 Rebuild to grab latest libsepol 2012-07-24 14:04:15 -04:00
Dennis Gilmore c25bf4dc69 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-18 13:53:20 -05:00
Dan Walsh f5401fa228 Update to upstream 
* sepolgen: We need to support files that have a + in them
	* Android/MacOS X build support
 2012-07-04 07:24:23 -04:00
Dan Walsh fbd2801c70 Rebuild to get latest libsepol which fixes the file_name transition problems 2012-04-23 21:10:43 -04:00
Dan Walsh c856d94691 Recompile with libsepol that has support for ptrace_child 2012-04-17 17:06:35 -04:00
Dan Walsh 1ef68435f0 Allow checkpolicy to use + in a file name 2012-04-03 18:51:45 -04:00
Dan Walsh 9f8377e4c3 Update to upstream 
* implement new default labeling behaviors for usr, role, range
	* Fix dead links to www.nsa.gov/selinux
 2012-03-29 15:28:08 -04:00
Dan Walsh 9a3ff63515 Fix man page to link to www.nsa.giv/research/selinux 2012-01-16 12:13:04 -05:00
Dan Walsh 102b87e2ac Fix man page to link to www.nsa.giv/research/selinux 2012-01-16 12:12:18 -05:00
Dennis Gilmore 2bf4af1966 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-12 17:17:07 -06:00
Dan Walsh ab9a33402e Update to upstream 
* add ignoredirs config for genhomedircon
	* Fallback_user_level can be NULL if you are not using MLS
 2011-12-21 18:06:58 +00:00
Dan Walsh 629e1bb095 Update to upstream 
* add new helper to translate class sets into bitmaps
 2011-12-21 17:59:06 +00:00
Dan Walsh 228c1db0c3 default_rules should be optional 2011-12-21 13:35:19 +00:00
Dan Walsh ca712cbf0b Rebuild with latest libsepol 2011-12-16 06:23:11 -05:00
Dan Walsh 62a79399e3 Upgrade to upstream 
* dis* fixed signed vs unsigned errors
	* dismod: fix unused parameter errors
	* test: Makefile: include -W and -Werror
	* allow ~ in filename transition rules
Allow policy to specify the source of target for generating the default user,role
or mls label for a new target.
 2011-12-15 16:32:47 -05:00
Dan Walsh 5ea3e823bf Upgrade to upstream 
* dis* fixed signed vs unsigned errors
	* dismod: fix unused parameter errors
	* test: Makefile: include -W and -Werror
	* allow ~ in filename transition rules
Allow policy to specify the source of target for generating the default user,role
or mls label for a new target.
 2011-12-15 14:30:26 -05:00
Dan Walsh e9ff6dfd95 Allow ~ in a filename 2011-11-14 11:35:35 -05:00
Dan Walsh 1e7f3c93f0 Upgrade to upstream 
* Revert "checkpolicy: Redo filename/filesystem syntax to support filename trans rules"
	* drop libsepol dynamic link in checkpolicy
 2011-11-04 09:27:03 -04:00
Dan Walsh 0708d417f5 Fix checkpolicy to ignore '"' in filename trans rules 2011-09-20 10:06:14 -04:00
Dan Walsh 84d179aabd Update to upstream 
* Separate tunable from boolean during compile.
 2011-09-19 06:44:54 -04:00
Dan Walsh 253cdcd5ea Update to upstream 
* Separate tunable from boolean during compile.
 2011-09-19 06:43:53 -04:00
Dan Walsh 68f262fbdb Update to upstream 
* checkpolicy: fix spacing in output message
 2011-08-30 16:15:26 -04:00
Dan Walsh e87652be15 * add missing ; to attribute_role_def 
*Redo filename/filesystem syntax to support filename trans
 2011-08-18 07:00:03 -04:00
Dan Walsh 5bae77199e * add missing ; to attribute_role_def 
*Redo filename/filesystem syntax to support filename trans
 2011-08-18 06:51:40 -04:00
Dan Walsh 920355cc3a Update to upstream 2011-07-28 11:38:45 -04:00
Dan Walsh 5eaf35502b Update to upstream 
* Wrap file names in filename transitions with quotes by Steve Lawrence.
	* Allow filesystem names to start with a digit by James Carter.
	* Add support for using the last path compnent in type transitions by Eric
 2011-05-23 18:25:07 -04:00
Dan Walsh 49877e7556 Fixes for filename transition code 2011-04-21 11:32:36 -04:00
Dan Walsh f530d30afa Add "-" ass a file type 2011-04-15 14:10:50 -04:00
Dan Walsh 66140a0889 Latest patches 2011-04-12 13:12:30 -04:00
Dan Walsh 9d5bc6c8bd Patches from Eric Paris 
We just use random numbers to make menu selections.  Use #defines and
names that make some sense instead.
 2011-03-29 15:42:16 -04:00
Dennis Gilmore ab345be6df - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 02:16:59 -06:00
Dan Walsh 2cb151d87e - Add James Carters Patch 
*This patch is needed because some filesystem names (such as 9p) start
  with a digit.
 2011-01-12 16:49:06 -05:00
Dan Walsh 5ea14e8ebf - Latest update from NSA 
* Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
 2010-12-21 16:41:10 -05:00
Dan Walsh acd4c1a5bb - Rebuild to make sure it will build in Fedora 2010-12-08 11:56:11 -05:00
Dan Walsh 8bd7fb29dd - Rebuild to make sure it will build in Fedora 2010-12-08 11:37:45 -05:00
Daniel J Walsh ff8894ce82 - Latest update from NSA 
Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
- Allow policy version to be one number
 2010-06-16 12:11:21 +00:00
Daniel J Walsh 7c6d84d139 - Latest update from NSA 
Add support for building Xen policies from Paul Nuzzi.
Add long options to checkpolicy and checkmodule by Guido Trentalancia
    <guido@trentalancia.com>
 2009-12-01 22:50:19 +00:00
Jesse Keating 377ab91c67 - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-24 18:52:16 +00:00
Jesse Keating 6cd52708e4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-24 07:15:25 +00:00
Daniel J Walsh 69181ce9f3 - Latest update from NSA 
Fix alias field in module format, caused by boundary format change from
    Caleb Case.
 2009-02-18 21:54:40 +00:00
Daniel J Walsh 31c67841df - Rebuild with new libsepol 2008-07-08 12:08:04 +00:00
Daniel J Walsh f0fa1b8c8a - Rebuild with new libsepol 2008-07-08 12:05:35 +00:00
Tom Callaway 4325162102 fix license tag 2008-05-28 21:41:21 +00:00
Daniel J Walsh d9e3ea1a9d - Latest update from NSA 
Update checkpolicy for user and role mapping support from Joshua Brindle.
 2008-05-28 15:15:49 +00:00
Daniel J Walsh a17aa67c97 - Allow modules with 4 sections or more 2008-05-06 18:22:18 +00:00
Daniel J Walsh 1ca4c44086 - Latest update from NSA 
Add permissive domain support from Eric Paris.
 2008-03-27 17:39:08 +00:00
Daniel J Walsh 3181c033e3 - Latest update from NSA 
Split out non-grammar parts of policy_parse.yacc into policy_define.c and
    policy_define.h from Todd C. Miller.
Initialize struct policy_file before using it, from Todd C. Miller.
Remove unused define, move variable out of .y file, simplify COND_ERR, from
    Todd C. Miller.
 2008-03-14 00:24:03 +00:00
Daniel J Walsh 164c17c9c1 - Latest update from NSA 
Split out non-grammar parts of policy_parse.yacc into policy_define.c and
    policy_define.h from Todd C. Miller.
Initialize struct policy_file before using it, from Todd C. Miller.
Remove unused define, move variable out of .y file, simplify COND_ERR, from
    Todd C. Miller.
 2008-03-13 23:47:55 +00:00
Daniel J Walsh e22ff16832 - Latest update from NSA 
Use yyerror2() where appropriate from Todd C. Miller.
- Build against latest libsepol
 2008-02-28 21:57:00 +00:00
Daniel J Walsh 35299999e4 - Start shipping sedismod and sedispol 2008-02-22 19:33:37 +00:00
Daniel J Walsh 88d15070c2 - Latest update from NSA 
Update dispol for libsepol avtab changes from Stephen Smalley.
 2008-02-04 19:06:00 +00:00
Daniel J Walsh d793dcb07e - Latest update from NSA 
Update dispol for libsepol avtab changes from Stephen Smalley.
 2008-02-04 17:24:34 +00:00
Daniel J Walsh 1257a8cea9 - Latest update from NSA 
Deprecate role dominance in parser.
 2008-01-25 16:19:00 +00:00
Daniel J Walsh 2cb30aa859 - Update to use libsepol-static library 2008-01-23 20:19:17 +00:00
Daniel J Walsh 4dd1371296 - Update to use libsepol-static library 2008-01-21 21:42:58 +00:00
Daniel J Walsh 5c3895bc13 - Latest update from NSA 
Initialize the source file name from the command line argument so that
    checkpolicy/checkmodule report something more useful than "unknown
    source".
Merged remove use of REJECT and trailing context in lex rules; make ipv4
    address parsing like ipv6 from James Carter.
 2007-11-15 18:41:43 +00:00
Daniel J Walsh 5d693896f6 Merged handle unknown policydb flag support from Eric Paris. Adds new 
command line options -U {allow, reject, deny} for selecting the flag
    when a base module or kernel policy is built.
 2007-09-19 00:20:03 +00:00
Jesse Keating 3667d6eef5 - Rebuild for selinux ppc32 issue. 2007-08-29 04:03:17 +00:00
Daniel J Walsh 7b1ac7a22c - Rebuild with the latest libsepol 2007-06-18 18:20:26 +00:00
Daniel J Walsh 4bd6947fff - Latest update from NSA 
Merged fix for segfault on duplicate require of sensitivity from Caleb
    Case.
Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
 2007-06-04 19:21:50 +00:00
Daniel J Walsh 7b7e59092d - Latest update from NSA 
Merged checkmodule man page fix from Dan Walsh.
 2007-04-12 20:05:28 +00:00
Daniel J Walsh ebb6b2e693 - Rebuild with new libsepol 2007-03-30 16:14:13 +00:00
Daniel J Walsh 7f274195c4 - Rebuild with new libsepol 2007-03-29 18:01:38 +00:00
Daniel J Walsh c1870cdf3a - Latest update from NSA 
Merged patch to allow dots in class identifiers from Caleb Case.
 2007-02-20 14:59:15 +00:00
Daniel J Walsh 1ec43fbb6a - Latest update from NSA 
Merged patch to use new libsepol error codes by Karl MacMillan.
Updated version for stable branch.
 2007-02-07 21:42:36 +00:00
Daniel J Walsh efbbda85bd - Rebuild for new libraries 2006-11-28 19:04:15 +00:00
Daniel J Walsh f9c5836922 - Latest update from NSA 
Collapse user identifiers and identifiers together.
 2006-11-28 18:56:56 +00:00
Daniel J Walsh c2957dde68 - Latest update from NSA 
Collapse user identifiers and identifiers together.
 2006-11-14 14:50:36 +00:00
Daniel J Walsh 9e6b63128e - Latest update from NSA 
Updated version for release.
 2006-11-03 21:45:02 +00:00
Daniel J Walsh 2fc5612c93 - Latest update from NSA 
Merged user and range_transition support for modules from Darrel Goeddel
 2006-09-29 14:22:59 +00:00
Daniel J Walsh 39e4bfb0e8 - Latest update from NSA 
merged range_transition enhancements and user module format changes from
    Darrel Goeddel
Merged symtab datum patch from Karl MacMillan.
 2006-09-06 18:16:16 +00:00
Jesse Keating d6c461cca2 bumped for rebuild 2006-07-12 04:47:50 +00:00
Daniel J Walsh 0962a544c8 - Latest upgrade from NSA 
Lindent.
Merged patch to remove TE rule conflict checking from the parser from
    Joshua Brindle. This can only be done properly by the expander.
Merged patch to make checkpolicy/checkmodule handling of
    duplicate/conflicting TE rules the same as the expander from Joshua
    Brindle.
Merged optionals in base take 2 patch set from Joshua Brindle.
 2006-07-05 10:43:21 +00:00
Daniel J Walsh 0b33b45a9e - Latest upgrade from NSA 
Merged compiler cleanup patch from Karl MacMillan.
Merged fix warnings patch from Karl MacMillan.
 2006-05-24 03:11:52 +00:00
Daniel J Walsh a7c8fb25b4 - Latest upgrade from NSA 
Changed require_class to reject permissions that have not been declared if
    building a base module.
 2006-04-05 17:46:41 +00:00
Daniel J Walsh cb354e0254 - Latest upgrade from NSA 
Fixed checkmodule to call link_modules prior to expand_module to handle
    optionals.
Fixed require_class to avoid shadowing permissions already defined in an
    inherited common definition.
 2006-03-28 20:07:42 +00:00
Daniel J Walsh d914ad5a8c - Rebuild with new libsepol 2006-03-27 22:13:22 +00:00
Daniel J Walsh 01a9ba841e - Latest upgrade from NSA 
Moved processing of role and user require statements to 2nd pass.
 2006-03-23 16:14:03 +00:00
Daniel J Walsh af7b9d6c00 - Latest upgrade from NSA 
Updated version for release.
Fixed bug in role dominance (define_role_dom).
 2006-03-17 18:36:26 +00:00
Daniel J Walsh dcec148fc4 - Latest upgrade from NSA 
Added a check for failure to declare each sensitivity in a level
    definition.
Changed to clone level data for aliased sensitivities to avoid double free
    upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
 2006-02-17 20:00:08 +00:00
Daniel J Walsh d0cfe1d1ab - Latest upgrade from NSA 
Added a check for failure to declare each sensitivity in a level
    definition.
Changed to clone level data for aliased sensitivities to avoid double free
    upon sens_destroy. Bug reported by Kevin Carr of Tresys Technology.
 2006-02-16 18:44:15 +00:00
Daniel J Walsh 6d151699a3 - Latest upgrade from NSA 
Merged optionals in base patch from Joshua Brindle.
 2006-02-13 19:31:17 +00:00
Daniel J Walsh bc40ef4345 - Need to build again 2006-02-13 15:28:42 +00:00