Commit Graph

162 Commits

Author SHA1 Message Date
Dan Walsh
8f8f3fb514 Update to upstream
* filename_trans: use some better sorting to compare and merge
	* coverity fixes
	* implement default type policy syntax
	* Fix memory leak issues found by Klocwork
- Add CONTRAINT_NAMES to the kernel
2013-02-07 12:24:09 -05:00
rhatdan
7a85deddcf Update to upstream
* fix neverallow checking on attributes
	* Move context_copy() after switch block in ocontext_copy_*().
	* check for missing initial SID labeling statement.
	* Add always_check_network policy capability
	* role_fix_callback skips out-of-scope roles during expansion.
2012-09-13 12:32:09 -04:00
Dan Walsh
5f329cea08 Update to upstream
* reserve policycapability for redhat testing of ptrace child
	* cosmetic changes to make the source easier to read
	* prepend instead of append to filename_trans list
	* Android/MacOS X build support
	* allocate enough space to hold filename in trans rules
2012-07-04 07:19:41 -04:00
Dan Walsh
a195d32913 Update to upstream
* checkpolicy: implement new default labeling behaviors
2012-03-29 14:28:13 -04:00
Dan Walsh
58df885532 Remove old source from sources file 2011-11-04 09:06:17 -04:00
Dan Walsh
39e091adf3 Update to upstream
* regenerate .pc on VERSION change
	* Move ebitmap_* functions from mcstrans to libsepol
	* expand: do filename_trans type comparison on mapped representation
2011-11-04 08:55:31 -04:00
Dan Walsh
07e78442e3 Update to upstream
* Skip writing role attributes for policy.X and
	* Indicate when boolean is indeed a tunable.
	* Separate tunable from boolean during compile.
	* Write and read TUNABLE flags in related
	* Copy and check the cond_bool_datum_t.flags during link.
	* Permanently discard disabled branches of tunables in
	* Skip tunable identifier and cond_node_t in expansion.
	* Create a new preserve_tunables flag
	* Preserve tunables when required by semodule program.
	* setools expects expand_module_avrules to be an exported
	* tree: default make target to all not
2011-09-19 06:48:59 -04:00
Dan Walsh
6eec04097e Update to upstream
* Only call role_fix_callback for base.p_roles during expansion.
	* use mapped role number instead of module role number
2011-08-18 06:58:25 -04:00
Dan Walsh
a98ce44d26 Update to upstream
* Release, minor version bump
2011-07-28 11:35:27 -04:00
Dan Walsh
b7b88e49b7 Update to upstream
* Warn if filename_trans rules are dropped by Steve Lawrence.
2011-05-03 09:40:22 -04:00
Dan Walsh
6e97542597 Update to upstream
* Fixes for new role_transition class field by Eric Paris.
	* Add libsepol support for filename_trans rules by Eric Paris.
2011-04-14 08:52:33 -04:00
Dan Walsh
a3a7288b5c * Give correct names to mount points in load_policy by Dan Walsh.
* Make sure selinux state is reported correctly if selinux is disabled or
	fails to load by Dan Walsh.
	* Fix crash if selinux_key_create was never called by Dan Walsh.
	* Add new file_context.subs_dist for distro specific filecon substitutions
	by Dan Walsh.
	* Update man pages for selinux_color_* functions by Richard Haines.
2011-04-12 10:03:13 -04:00
Dan Walsh
9788767c5c - Upgrade to latest from NSA
* Fix compliation under GCC 4.6 by Justin Mattock
2010-12-21 16:43:33 -05:00
Daniel J Walsh
aca479dae3 - Upgrade to latest from NSA
Fixed typo in error message from Manoj Srivastava.
2009-11-18 22:16:47 +00:00
Daniel J Walsh
a5bd29455e - Upgrade to latest from NSA
Add pkgconfig file from Eamon Walsh.
2009-11-02 18:11:36 +00:00
Daniel J Walsh
31a56530a4 - Upgrade to latest from NSA
Add support for building Xen policies from Paul Nuzzi.
2009-10-29 19:27:40 +00:00
Daniel J Walsh
ad2013ee23 - Upgrade to latest from NSA
Check last offset in the module package against the file size. Reported by
    Manoj Srivastava for bug filed by Max Kellermann.
2009-09-08 13:08:11 +00:00
Daniel J Walsh
cd4e504b6b - Upgrade to latest from NSA
Add method to check disable dontaudit flag from Christopher Pardy.
2009-07-07 19:33:40 +00:00
Daniel J Walsh
4ce335c44c - Upgrade to latest from NSA
Fix boolean state smashing from Joshua Brindle.
2009-03-25 20:37:52 +00:00
Daniel J Walsh
848ca5cad6 - Upgrade to latest from NSA
Fix alias field in module format, caused by boundary format change from
    Caleb Case.
2009-02-18 21:47:17 +00:00
Daniel J Walsh
d13ce1e89d - Upgrade to latest from NSA
Add bounds support from KaiGai Kohei.
Fix invalid aliases bug from Joshua Brindle.
2008-11-07 14:11:04 +00:00
Daniel J Walsh
f25671b55a - Upgrade to latest from NSA
Revert patch that removed expand_rule.
2008-09-30 13:31:29 +00:00
Daniel J Walsh
962484ceef - Upgrade to latest from NSA
Allow require then declare in the source policy from Joshua Brindle.
2008-07-07 17:51:57 +00:00
Daniel J Walsh
38eb295021 - Upgrade to latest from NSA
Fix mls_semantic_level_expand() to handle a user require w/o MLS
    information from Stephen Smalley.
2008-06-22 13:52:55 +00:00
Daniel J Walsh
d7c858894a - Upgrade to latest from NSA
Fix endianness bug in the handling of network node addresses from Stephen
    Smalley. Only affects big endian platforms. Bug reported by John Weeks
    of Sun upon policy mismatch between x86 and sparc.
2008-06-11 12:16:46 +00:00
Daniel J Walsh
073e5ba19d - Upgrade to latest from NSA
Merge user and role mapping support from Joshua Brindle.
2008-05-28 14:18:54 +00:00
Daniel J Walsh
5249d73d8d - Upgrade to latest from NSA
Fix mls_level_convert() to gracefully handle an empty user
    declaration/require from Stephen Smalley.
Belatedly merge test for policy downgrade from Todd Miller.
2008-05-19 17:19:04 +00:00
Daniel J Walsh
f21dcfb077 - Upgrade to latest from NSA
Add permissive domain support from Eric Paris.
2008-03-27 17:22:50 +00:00
Daniel J Walsh
c5d82f51bd - Upgrade to latest from NSA
Drop unused ->buffer field from struct policy_file.
Add policy_file_init() initalizer for struct policy_file and use it, from
    Todd C. Miller.
2008-03-13 23:46:46 +00:00
Daniel J Walsh
e6e6048d2a - Upgrade to latest from NSA
Accept "Flask" as an alternate identifier string in kernel policies from
    Stephen Smalley.
Add support for open_perms policy capability from Eric Paris.
2008-02-28 21:02:13 +00:00
Daniel J Walsh
c24f89b2b2 - Upgrade to latest from NSA
Fix invalid memory allocation in policydb_index_others() from Jason Tang.
2008-02-20 18:48:48 +00:00
Daniel J Walsh
d0df7f69ca - Upgrade to latest from NSA
Port of Yuichi Nakamura's tune avtab to reduce memory usage patch from the
    kernel avtab to libsepol from Stephen Smalley.
2008-02-04 17:22:25 +00:00
Daniel J Walsh
8f9d76f061 - Upgrade to latest from NSA
Add support for consuming avrule_blocks during expansion to reduce peak
    memory usage.
2008-02-02 21:41:20 +00:00
Daniel J Walsh
66f43a65e2 - Upgrade to latest from NSA
Added support for policy capabilities from Todd Miller.
Prevent generation of policy.18 with MLS enabled from Todd Miller.
2008-01-11 18:52:04 +00:00
Daniel J Walsh
a98dcaf709 - Upgrade to latest from NSA
print module magic number in hex on mismatch, from Todd Miller.
2007-12-11 02:53:58 +00:00
Daniel J Walsh
f823e8b3e9 - Upgrade to latest from NSA
clarify and reduce neverallow error reporting from Stephen Smalley.
2007-11-30 20:09:52 +00:00
Daniel J Walsh
54e869d983 - Upgrade to latest from NSA
Reject self aliasing at link time from Stephen Smalley.
Allow handle_unknown in base to be overridden by semanage.conf from Stephen
    Smalley.
Fixed bug in require checking from Stephen Smalley.
Added user hierarchy checking from Todd Miller.
2007-11-06 17:55:04 +00:00
Daniel J Walsh
cd3ee0bcf9 Pass CFLAGS to CC even on link command, per Dennis Gilmore. 2007-09-27 00:23:36 +00:00
Daniel J Walsh
340f7ecf02 - Upgrade to latest from NSA
Merged support for the handle_unknown policydb flag from Eric Paris.
2007-09-18 20:29:51 +00:00
Daniel J Walsh
e034fd16cd - Upgrade to latest from NSA
Moved next_entry and put_entry out-of-line to reduce code size from Ulrich
    Drepper.
Fixed module_package_read_offsets bug introduced by the prior patch.
2007-08-31 12:42:21 +00:00
Daniel J Walsh
b08149358f - Upgrade to latest from NSA
Eliminate unaligned accesses from policy reading code from Stephen Smalley.
2007-08-23 20:54:04 +00:00
Daniel J Walsh
7a9ae4d69d - Upgrade to latest from NSA
Allow dontaudits to be turned off during policy expansion
2007-08-20 23:20:34 +00:00
Daniel J Walsh
58a8c31c4d - Upgrade to latest from NSA
Fix sepol_context_clone to handle a NULL context correctly. This happens
    for e.g. semanage_fcontext_set_con(sh, fcontext, NULL) to set the file
    context entry to "<<none>>".
- Apply patch from Joshua Brindle to disable dontaudit rules
2007-08-11 11:01:41 +00:00
Daniel J Walsh
63e1b4a423 - Upgrade to latest from NSA
Merged error handling patch from Eamon Walsh.
2007-06-21 14:42:58 +00:00
Daniel J Walsh
d036a5297d - Upgrade to latest from NSA
Merged add boolmap argument to expand_module_avrules() from Chris PeBenito.
2007-04-17 12:35:30 +00:00
Daniel J Walsh
53a0908255 - Upgrade to latest from NSA
Merged fix from Karl to remap booleans at expand time to avoid holes in the
    symbol table.
2007-03-30 16:05:14 +00:00
Daniel J Walsh
91512f93d1 - Upgrade to latest from NSA
Merged libsepol segfault fix from Stephen Smalley for when sensitivities
    are required but not present in the base.
Merged patch to add errcodes.h to libsepol by Karl MacMillan.
Fri Jan 19 2007 Dan Walsh <dwalsh@redhat.com> 1.16.0-1
- Upgrade to latest from NSA
Updated version for stable branch.
2007-02-07 17:18:00 +00:00
Daniel J Walsh
7e8492d68d - Upgrade to latest from NSA
Updated version for stable branch.
2007-01-19 13:55:32 +00:00
Daniel J Walsh
e5a8dba063 - Upgrade to latest from NSA
Merged patch to compile wit -fPIC instead of -fpic from Manoj Srivastava to
    prevent hitting the global offest table limit. Patch changed to include
    libselinux and libsemanage in addition to libselinux.
2006-11-28 14:28:05 +00:00
Daniel J Walsh
a92b818305 - Upgrade to latest from NSA
Merged fix from Karl MacMillan for a segfault when linking non-MLS modules
    with users in them.
2006-11-01 15:06:55 +00:00