rpms/libsepol
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
343 Commits 40 Branches 211 Tags 1.2 MiB
41713144e1
Commit Graph

316 Commits

Author SHA1 Message Date
Petr Lautrbach
5ec2ad1fb2 libsepol-2.5-8 
- Add missing return to sepol_node_query()
- Add missing <stdarg.h> include
 2016-07-14 10:36:41 +02:00
Petr Lautrbach
44e2d26a69 libsepol-2.5-7 
- Correctly detect unknown classes in sepol_string_to_security_class
- Sort object files for deterministic linking order
- Fix neverallowxperm checking on attributes
- Remove libsepol.map when cleaning
- Add high-level language line marking support to CIL
 2016-06-23 12:27:14 +02:00
Petr Lautrbach
0a1d1e58aa libsepol-2.5-6 
- Change logic of bounds checking to match change in kernel
- Fix multiple spelling errors
 2016-05-06 16:04:28 +02:00
Petr Lautrbach
d88ffa19a4 libsepol-2.5-5 
- Only apply bounds checking to source types in rules
- Fix CIL and not add an attribute as a type in the attr_type_map
 2016-05-02 07:52:38 +02:00
Petr Lautrbach
29e9ab01e1 Don't use -S git in autosetup as it requires git in a buildroot 
Fixes:

+ '[' 0 -ne 0 ']'
+ cd libsepol-2.5
+ /usr/bin/chmod -Rf a+rX,u+w,g-w,o-w .
+ /usr/bin/git init -q
/var/tmp/rpm-tmp.yCRSdD: line 42: /usr/bin/git: No such file or directory
error: Bad exit status from /var/tmp/rpm-tmp.yCRSdD (%prep)
    Bad exit status from /var/tmp/rpm-tmp.yCRSdD (%prep)
 2016-04-29 12:06:32 +02:00
Petr Lautrbach
71b1a80d94 libsepol-2.5-4 
- Build policy on systems not supporting DCCP protocol
- Fix extended permissions neverallow checking
- Fix CIL neverallow and bounds checking
- Android.mk: Add -D_GNU_SOURCE to common_cflags
 2016-04-29 11:49:05 +02:00
Petr Lautrbach
6bf5b06538 Use %autosetup to simplify updates 2016-04-29 11:47:41 +02:00
Petr Lautrbach
a7ec325b44 libsepol-2.5-3 
- Fix bug in CIL when resetting classes
- Add support for portcon dccp protocol
 2016-04-08 20:27:32 +02:00
Petr Lautrbach
154778f82c libsepol-2.5-2.fc24 
- Use fully versioned arch-specific requires

https://fedoraproject.org/wiki/Packaging:Guidelines#Requiring_Base_Package
 2016-02-28 11:29:04 +01:00
Petr Lautrbach
0861542f57 libsepol-2.5-1 
- Update to upstream release 2016-02-23
 2016-02-23 21:31:12 +01:00
Petr Lautrbach
3febb8cf9a libsepol-2.5-0.1.rc1 
Update to upstream rc1 release 2016-01-07
 2016-02-21 14:34:14 +01:00
Dennis Gilmore
a554107a85 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild 2016-02-04 03:54:18 +00:00
Petr Lautrbach
8b5abd72f1 Revert "Improve compatibility with Python 3 SWIG bindings" 
The patch introduced new issues and memory leaks.

This reverts commit cb8eded90a.
 2015-09-01 16:41:48 +02:00
Michal Srb
cb8eded90a Improve compatibility with Python 3 SWIG bindings 
- Resolves: rhbz#1247714
 2015-08-25 13:00:18 +02:00
Adam Jackson
cc880287e2 Pass ldflags to make so hardening works 2015-08-14 14:52:55 -04:00
Petr Lautrbach
5e480567c8 Update to upstream release 2.4 2015-07-20 17:41:51 +02:00
Dennis Gilmore
658aaff9c8 - Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild 2015-06-17 17:15:19 +00:00
Peter Robinson
0d1fcdd0f7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild 2014-08-17 05:56:54 +00:00
Tom Callaway
2ec04ef185 fix license handling 2014-07-18 15:21:33 -04:00
Dennis Gilmore
be60b4fdd2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild 2014-06-07 00:24:46 -05:00
Dan Walsh
4704b23dcb Update to upstream 
* Improve error message for name-based transition conflicts.
	* Revert libsepol: filename_trans: use some better sorting to compare and merge.
	* Report source file and line information for neverallow failures.
	* Fix valgrind errors in constraint_expr_eval_reason from Richard Haines.
	* Add sepol_validate_transition_reason_buffer function from Richard Haines.
 2014-05-06 14:17:40 -04:00
Dan Walsh
ee7b363d01 Update to upstream 
- Richard Haines patch V1 Allow constraint denials to be determined.
- Add separate role declarations as required by modern checkpolicy.
 2013-10-31 09:19:31 -04:00
Dan Walsh
5c767f8d24 Update to upstream 
- Richard Haines patch V1 Allow constraint denials to be determined.
- Add separate role declarations as required by modern checkpolicy.
 2013-10-31 09:17:42 -04:00
Dennis Gilmore
e7d43c0ef0 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild 2013-08-03 01:58:02 -05:00
Dan Walsh
8f8f3fb514 Update to upstream 
* filename_trans: use some better sorting to compare and merge
	* coverity fixes
	* implement default type policy syntax
	* Fix memory leak issues found by Klocwork
- Add CONTRAINT_NAMES to the kernel
 2013-02-07 12:24:09 -05:00
Dan Walsh
1a48e42dcf Update to latest patches from eparis/Upstream 2013-01-27 19:55:20 -05:00
Dan Walsh
d002148307 Update to latest patches from eparis/Upstream 2013-01-25 09:32:52 -05:00
Dan Walsh
6e6c78000d Update to latest patches from eparis/Upstream 2013-01-25 09:21:55 -05:00
Dan Walsh
7a2ea3adf4 Fix libsepol.stack messages in audit2allow/audit2why 2013-01-08 13:30:18 -05:00
Dan Walsh
0df3b08ca9 Update to latest patches from eparis/Upstream 2013-01-04 17:17:25 -05:00
Dan Walsh
a3698bbb34 Update Richard Haines patch to show constraint information 2012-11-27 16:31:35 -05:00
Dan Walsh
0557b38137 Add sepol_compute_av_reason_buffer patch from Richard Haines 2012-11-19 09:10:41 -05:00
rhatdan
eb4908df1b Revert patch that was attempting to expand filetrans attributes, but is breaking filetrans rules 2012-09-19 16:09:53 -04:00
rhatdan
7a85deddcf Update to upstream 
* fix neverallow checking on attributes
	* Move context_copy() after switch block in ocontext_copy_*().
	* check for missing initial SID labeling statement.
	* Add always_check_network policy capability
	* role_fix_callback skips out-of-scope roles during expansion.
 2012-09-13 12:32:09 -04:00
Dan Walsh
99ee75724c Try new patches 2012-07-30 11:11:54 -04:00
Dan Walsh
f204e024f1 Try new patches 2012-07-30 11:10:02 -04:00
Dan Walsh
feedd04d81 Revert patches 2012-07-24 13:52:32 -04:00
Dan Walsh
4b02553992 Revert patches 2012-07-24 13:52:08 -04:00
Dan Walsh
fa3013007e Revert patches 2012-07-24 13:50:59 -04:00
Dennis Gilmore
03f17d27e6 - Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild 2012-07-19 16:10:21 -05:00
Dan Walsh
5f329cea08 Update to upstream 
* reserve policycapability for redhat testing of ptrace child
	* cosmetic changes to make the source easier to read
	* prepend instead of append to filename_trans list
	* Android/MacOS X build support
	* allocate enough space to hold filename in trans rules
 2012-07-04 07:19:41 -04:00
Dan Walsh
96e6f72927 Fix off by one error that is causing file_name transition rules to be expanded 
- incorrectly on i686 machines
 2012-04-23 18:20:41 -04:00
Dan Walsh
9d04e817bf Add support for ptrace_child 2012-04-17 13:12:15 -04:00
Dan Walsh
a195d32913 Update to upstream 
* checkpolicy: implement new default labeling behaviors
 2012-03-29 14:28:13 -04:00
Dennis Gilmore
46942f6c6f - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild 2012-01-13 02:24:42 -06:00
Dan Walsh
ee95801ed9 Update to match eparis pool 2011-12-21 13:33:01 +00:00
Dan Walsh
f39b887832 Additional fix for default transitioning labeling for semodule 2011-12-15 17:06:11 -05:00
Dan Walsh
b413b6e9e9 Add Eparis patch for handling of default transition labeling 2011-12-15 15:05:59 -05:00
Dan Walsh
39e091adf3 Update to upstream 
* regenerate .pc on VERSION change
	* Move ebitmap_* functions from mcstrans to libsepol
	* expand: do filename_trans type comparison on mapped representation
 2011-11-04 08:55:31 -04:00
Dan Walsh
878dae3299 The filename_trans code had a bug where duplicate detection was being 
done between the unmapped type value of a new rule and the type value of
rules already in policy.  This meant that duplicates were not being
silently dropped and were instead outputting a message that there was a
problem.  It made things hard because the message WAS using the mapped
type to convert to the string representation, so it didn't look like a
dup!
 2011-10-31 16:34:33 -04:00
Dan Walsh
07e78442e3 Update to upstream 
* Skip writing role attributes for policy.X and
	* Indicate when boolean is indeed a tunable.
	* Separate tunable from boolean during compile.
	* Write and read TUNABLE flags in related
	* Copy and check the cond_bool_datum_t.flags during link.
	* Permanently discard disabled branches of tunables in
	* Skip tunable identifier and cond_node_t in expansion.
	* Create a new preserve_tunables flag
	* Preserve tunables when required by semodule program.
	* setools expects expand_module_avrules to be an exported
	* tree: default make target to all not
 2011-09-19 06:48:59 -04:00
Dan Walsh
ed26f06a29 Add patch to handle preserving tunables 2011-09-14 22:40:27 -04:00
Dan Walsh
3c75a3b3ff export expand_module_avrules 2011-09-01 17:07:56 -04:00
Dan Walsh
6eec04097e Update to upstream 
* Only call role_fix_callback for base.p_roles during expansion.
	* use mapped role number instead of module role number
 2011-08-18 06:58:25 -04:00
Dan Walsh
a98ce44d26 Update to upstream 
* Release, minor version bump
 2011-07-28 11:35:27 -04:00
Dan Walsh
b7b88e49b7 Update to upstream 
* Warn if filename_trans rules are dropped by Steve Lawrence.
 2011-05-03 09:40:22 -04:00
Dan Walsh
1a403b0896 Fixes for new role_transition class field by Eric Paris. 2011-04-21 11:25:56 -04:00
Dan Walsh
6e97542597 Update to upstream 
* Fixes for new role_transition class field by Eric Paris.
	* Add libsepol support for filename_trans rules by Eric Paris.
 2011-04-14 08:52:33 -04:00
Dan Walsh
554824b9da Latest patches 2011-04-12 13:11:15 -04:00
Dan Walsh
53af5b6865 re-add Erics patch for filename transitions 
Update to upstream
	* Add new class field in role_transition by Harry Ciao.
 2011-04-12 10:36:13 -04:00
Dan Walsh
a3a7288b5c * Give correct names to mount points in load_policy by Dan Walsh. 
* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
 2011-04-12 10:03:13 -04:00
Dan Walsh
92502fe369 Apply Eparis Patch 
This patch add libsepol support for filename_trans rules.  These rules
allow on to make labeling decisions for new objects based partially on
the last path component.  They are stored in a list.  If we find that
the number of rules grows to an significant size I will likely choose to
store these in a hash, both in libsepol and in the kernel.  But as long
as the number of such rules stays small, this should be good.
 2011-03-29 15:27:36 -04:00
Dennis Gilmore
65043ab531 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild 2011-02-08 05:21:04 -06:00
Dan Walsh
60894b281e - Upgrade to latest from NSA 
* Fix compliation under GCC 4.6 by Justin Mattock
 2010-12-22 14:56:26 -05:00
Dan Walsh
9788767c5c - Upgrade to latest from NSA 
* Fix compliation under GCC 4.6 by Justin Mattock
 2010-12-21 16:43:33 -05:00
Dan Horák
a7387c80ed - Fix libsepol.pc file 2010-06-17 07:38:54 +00:00
Daniel J Walsh
83e7a5b3fa - Resolve specfile problems Resolves: #555835 2010-01-28 21:04:22 +00:00
Daniel J Walsh
90faed0461 - Resolve specfile problems Resolves: #555835 2010-01-28 21:03:34 +00:00
Daniel J Walsh
aca479dae3 - Upgrade to latest from NSA 
Fixed typo in error message from Manoj Srivastava.
 2009-11-18 22:16:47 +00:00
Daniel J Walsh
a5bd29455e - Upgrade to latest from NSA 
Add pkgconfig file from Eamon Walsh.
 2009-11-02 18:11:36 +00:00
Daniel J Walsh
7f9cab778e - Upgrade to latest from NSA 
Add pkgconfig file from Eamon Walsh.
 2009-11-02 18:00:00 +00:00
Daniel J Walsh
31a56530a4 - Upgrade to latest from NSA 
Add support for building Xen policies from Paul Nuzzi.
 2009-10-29 19:27:40 +00:00
Daniel J Walsh
ad2013ee23 - Upgrade to latest from NSA 
Check last offset in the module package against the file size. Reported by
    Manoj Srivastava for bug filed by Max Kellermann.
 2009-09-08 13:08:11 +00:00
Jesse Keating
be396c6d8c - Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild 2009-07-25 08:36:05 +00:00
Daniel J Walsh
cd4e504b6b - Upgrade to latest from NSA 
Add method to check disable dontaudit flag from Christopher Pardy.
 2009-07-07 19:33:40 +00:00
Daniel J Walsh
4ce335c44c - Upgrade to latest from NSA 
Fix boolean state smashing from Joshua Brindle.
 2009-03-25 20:37:52 +00:00
Daniel J Walsh
a2f29b67b1 - Fix license specification to be LGPL instead of GPL 2009-03-05 20:17:12 +00:00
Jesse Keating
47d254b60b - Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild 2009-02-25 18:02:46 +00:00
Daniel J Walsh
848ca5cad6 - Upgrade to latest from NSA 
Fix alias field in module format, caused by boundary format change from
    Caleb Case.
 2009-02-18 21:47:17 +00:00
Daniel J Walsh
d13ce1e89d - Upgrade to latest from NSA 
Add bounds support from KaiGai Kohei.
Fix invalid aliases bug from Joshua Brindle.
 2008-11-07 14:11:04 +00:00
Daniel J Walsh
f25671b55a - Upgrade to latest from NSA 
Revert patch that removed expand_rule.
 2008-09-30 13:31:29 +00:00
Daniel J Walsh
962484ceef - Upgrade to latest from NSA 
Allow require then declare in the source policy from Joshua Brindle.
 2008-07-07 17:51:57 +00:00
Daniel J Walsh
38eb295021 - Upgrade to latest from NSA 
Fix mls_semantic_level_expand() to handle a user require w/o MLS
    information from Stephen Smalley.
 2008-06-22 13:52:55 +00:00
Daniel J Walsh
d7c858894a - Upgrade to latest from NSA 
Fix endianness bug in the handling of network node addresses from Stephen
    Smalley. Only affects big endian platforms. Bug reported by John Weeks
    of Sun upon policy mismatch between x86 and sparc.
 2008-06-11 12:16:46 +00:00
Daniel J Walsh
073e5ba19d - Upgrade to latest from NSA 
Merge user and role mapping support from Joshua Brindle.
 2008-05-28 14:18:54 +00:00
Daniel J Walsh
0f848837f2 - Upgrade to latest from NSA 
Merge user and role mapping support from Joshua Brindle.
 2008-05-28 14:16:58 +00:00
Daniel J Walsh
5249d73d8d - Upgrade to latest from NSA 
Fix mls_level_convert() to gracefully handle an empty user
    declaration/require from Stephen Smalley.
Belatedly merge test for policy downgrade from Todd Miller.
 2008-05-19 17:19:04 +00:00
Daniel J Walsh
f21dcfb077 - Upgrade to latest from NSA 
Add permissive domain support from Eric Paris.
 2008-03-27 17:22:50 +00:00
Daniel J Walsh
c5d82f51bd - Upgrade to latest from NSA 
Drop unused ->buffer field from struct policy_file.
Add policy_file_init() initalizer for struct policy_file and use it, from
    Todd C. Miller.
 2008-03-13 23:46:46 +00:00
Daniel J Walsh
e6e6048d2a - Upgrade to latest from NSA 
Accept "Flask" as an alternate identifier string in kernel policies from
    Stephen Smalley.
Add support for open_perms policy capability from Eric Paris.
 2008-02-28 21:02:13 +00:00
Daniel J Walsh
c24f89b2b2 - Upgrade to latest from NSA 
Fix invalid memory allocation in policydb_index_others() from Jason Tang.
 2008-02-20 18:48:48 +00:00
Daniel J Walsh
d0df7f69ca - Upgrade to latest from NSA 
Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the
    kernel avtab to libsepol from Stephen Smalley.
 2008-02-04 17:22:25 +00:00
Daniel J Walsh
8f9d76f061 - Upgrade to latest from NSA 
Add support for consuming avrule_blocks during expansion to reduce peak
    memory usage.
 2008-02-02 21:41:20 +00:00
Daniel J Walsh
0ca4a0a26c - Upgrade to latest from NSA 
Add support for consuming avrule_blocks during expansion to reduce peak
    memory usage.
 2008-02-02 21:39:44 +00:00
Daniel J Walsh
3e3efa7317 - Fixed for spec review 2008-01-21 20:56:18 +00:00
Daniel J Walsh
0ab5c85098 - Fixed for spec review 2008-01-21 20:42:49 +00:00
Daniel J Walsh
66f43a65e2 - Upgrade to latest from NSA 
Added support for policy capabilities from Todd Miller.
Prevent generation of policy.18 with MLS enabled from Todd Miller.
 2008-01-11 18:52:04 +00:00
Daniel J Walsh
a98dcaf709 - Upgrade to latest from NSA 
print module magic number in hex on mismatch, from Todd Miller.
 2007-12-11 02:53:58 +00:00
Daniel J Walsh
f823e8b3e9 - Upgrade to latest from NSA 
clarify and reduce neverallow error reporting from Stephen Smalley.
 2007-11-30 20:09:52 +00:00
Daniel J Walsh
54e869d983 - Upgrade to latest from NSA 
Reject self aliasing at link time from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
    Smalley.
Fixed bug in require checking from Stephen Smalley.
Added user hierarchy checking from Todd Miller.
 2007-11-06 17:55:04 +00:00