RepoMirrors/setools
1
0
Fork 0
mirror of https://github.com/SELinuxProject/setools synced 2025-03-20 01:56:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
868 Commits 8 Branches 22 Tags 3.8 MiB
f012d55b11
Commit Graph

97 Commits

Author SHA1 Message Date
Chris PeBenito
f012d55b11 policyrep: Convert TE rules to direct sepol structure access. 2018-06-15 20:26:49 -04:00
Chris PeBenito
71cfccce06 RoleAllow/Transition: Convert to direct sepol structure access. 2018-06-15 20:26:49 -04:00
Chris PeBenito
f3f174df9e Constraint: Convert to direct sepol structure use. 2018-06-15 20:26:49 -04:00
Chris PeBenito
f39347d81f Bounds: Convert to direct sepol structure use. Add iterator. 2018-06-15 20:26:49 -04:00
Chris PeBenito
42ccafcdcc policy_extend.c: Remove unused variable. 2018-06-15 20:26:49 -04:00
Chris PeBenito
5cba00bcdf FileNameTERule: Convert to direct sepol data structure access. Add iterator. 2018-06-15 20:26:49 -04:00
Chris PeBenito
23d42f162f MLSRule: Convert to direct sepol structure access. Add iterator. 2018-06-15 20:26:49 -04:00
Chris PeBenito
3d4b03691d Context: Convert to direct sepol structure access. 2018-06-15 20:26:49 -04:00
Chris PeBenito
32d67a4c9a Default: Convert to direct sepol structure access. 2018-06-15 20:26:49 -04:00
Chris PeBenito
42ec9f751a User: Convert to direct sepol structure access. Add iterator 2018-06-15 20:26:49 -04:00
Chris PeBenito
d2896d6a53 Role: Convert to direct sepol structure access. Add iterators. 2018-06-15 20:26:49 -04:00
Chris PeBenito
c45205c5b0 policyrep: Convert type and typeattrs to direct sepol structure access. 
Add iterators.
 2018-06-15 20:26:49 -04:00
Chris PeBenito
d476f22055 policyrep: Convert MLS symbols and levels/ranges to direct sepol structure access. 
Add iterators.
 2018-06-15 20:26:49 -04:00
Chris PeBenito
8260b9b166 Boolean: Convert to direct sepol structure access. Add iterator. 2018-06-15 20:26:49 -04:00
Chris PeBenito
680664ba66 PolicyCapability: Convert to direct sepol structure access. Add iterator. 2018-06-15 20:26:49 -04:00
Chris PeBenito
a06d4a9476 Genfscon: Revise to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
80a95bd414 FSUse: Revise to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
bb5004df2d policyrep: Revise initial SIDs to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
2dd1e9366a policyrep: Revise network contexts to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
9c053cc5fe policyrep: Revise Xen contexts to directly use sepol data structures. 2018-06-15 20:26:49 -04:00
Chris PeBenito
3e2cf79f81 Additional C cleanups. 2018-06-15 20:26:49 -04:00
Chris PeBenito
42001334fe SELinuxPolicy: Revise invalid policy errors. 2018-06-15 20:26:49 -04:00
Chris PeBenito
8b0e93c0d6 Remove source policy loading support and module loading support. 2018-06-15 20:26:49 -04:00
Chris PeBenito
880e8f26d2 libqpol: Revise logging callback. 
Process va_args into final message prior to hitting the handler in cython.
 2018-06-15 20:26:49 -04:00
Chris PeBenito
86214e6601 libqpol: Fix incorrect const usage in qpol_policy_get_semantic_level_by_name(). 2018-06-15 20:26:49 -04:00
Laurent Bigonville
e41adf0164 Fix build failure with GCC 7 due to possible truncation of snprintf output 
setools fails to build under GCC7 -Wformat -Werror with the following error:

x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -O2 -fdebug-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -Wformat -Werror=format-security -Wno-sign-compare -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Ilibqpol -Ilibqpol/include -I/usr/include/python3.6m -c libqpol/policy_extend.c -o build/temp.linux-amd64-3.6/libqpol/policy_extend.o -Werror -Wextra -Waggregate-return -Wfloat-equal -Wformat -Wformat=2 -Winit-self -Wmissing-format-attribute -Wmissing-include-dirs -Wnested-externs -Wold-style-definition -Wpointer-arith -Wredundant-decls -Wstrict-prototypes -Wunknown-pragmas -Wwrite-strings -Wno-missing-field-initializers -Wno-unused-parameter -Wno-cast-qual -Wno-shadow -Wno-unreachable-code -fno-exceptions
libqpol/policy_extend.c: In function 'policy_extend':
libqpol/policy_extend.c:161:27: error: '%04zd' directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                           ^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                      ^~~~~~~~~~~

Increase the size of the buffer to avoid collisions

Closes: https://github.com/TresysTechnology/setools/issues/174
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
 2017-09-26 16:36:59 +02:00
Petr Lautrbach
2ac588919d bswap_* macros are defined in byteswap.h 
Fixes ImportError on s390x:
/usr/lib64/python3.6/site-packages/setools/policyrep/_qpol.cpython-36m-s390x-linux-gnu.so: undefined symbol: bswap_32
 2017-08-10 08:23:47 +02:00
Karl MacMillan
e743d2a0ea Ftrules hashtab (#164) 
* Search for libsepol in /usr/local

* Support filename transition and range transitions rules in the new hashtable storage of libsepol

* Fix off-by-one bug in traversing hashtables and minor compile fixes under Fedora 25.

* Remove debugging.

* The policy_define.c that uses hashtables was not setting the otype for filetrans_rules. This
appears intentional (the hashtable is just being filled out to detect duplicates based on the comments),
but for qpol was causing problems.
 2017-01-23 18:27:22 -05:00
Chris PeBenito
6eaf7a26f5 libqpol: Remove unused syntactic rule functions. 2016-05-20 10:31:18 -04:00
Nicolas Iooss
2e028845ad
libqpol: fix typos in documentation comments 
clang warns about unknown documentation commands, which are spelling
errors:

    libqpol/include/qpol/cond_query.h:87:5: error: unknown command tag
    name 'returm'; did you mean 'return'?
    [-Werror,-Wdocumentation-unknown-command]
     *  @returm 0 on success and < 0 on failure; if the call fails,
        ^~~~~~~
         return
 2016-05-04 23:14:27 +02:00
Chris PeBenito
9dc79ce672 qpol: Do not try to infer policy version on source policies. 
Version is a compile-time setting.  The policy can also be downgraded
or may not use newer policy version features.

Set source policies to maximum supported policy version supported by
libsepol.
 2016-04-26 10:12:03 -04:00
Chris PeBenito
5e16d57988 Remove duplicate linux_types.h. 2016-04-25 14:21:45 -04:00
Chris PeBenito
b7377f03d7 Merge pull request #132 from jbrindle/master 
move linux_types header to libqpol
 2016-04-25 13:49:13 -04:00
Joshua Brindle
b7b313a086 move linux_types header to libqpol 2016-04-25 12:14:40 -04:00
Chris PeBenito
fa13413eec Move linux_types.h to libqpol directory. 2016-04-25 11:09:51 -04:00
Chris PeBenito
95ac39792d Fix build error. 
Missed a util.h reference.
 2016-04-22 14:46:55 -04:00
Chris PeBenito
458ea44809 Remove stale util.h in qpol. 2016-04-22 14:24:37 -04:00
Chris PeBenito
a7fe3639ec Remove bzip2 dependency. 
This was needed for bzipped .pp files, but loading modules is no longer
supported.
 2016-04-22 13:48:39 -04:00
Joshua Brindle
ac1550cc20 remove QPOL_POLICY_OPTION_MATCH_SYSTEM defines 2016-04-22 09:33:14 -04:00
Joshua Brindle
d6996d1f09 use c99 type for uint64_t 2016-04-22 09:16:30 -04:00
Joshua Brindle
9fbfeb43d2 symtab_datum is only 32 bits so casting triggers increase alignment warning, cast to void first to avoid that 2016-04-22 09:16:30 -04:00
Joshua Brindle
42fb95a9c9 headers and types not present on Darwin either wrapped or added in linux_types.h 2016-04-22 09:16:27 -04:00
Joshua Brindle
9a89d9b63b remove LIBSELINUX dependency, deprecated functions, and remove symbol map 2016-04-22 09:15:16 -04:00
Chris PeBenito
1147d00797 Implement DCCP protocol support for portcons. 2016-04-06 13:01:28 -04:00
Chris PeBenito
e7f12a17d8 Reduce diff size between files copied from checkpolicy and libqpol. 
Try to make future updates easier.
 2016-03-28 16:34:35 -04:00
Chris PeBenito
e70e670664 libqpol: fix merge error (duplicate code a few lines up) 2016-03-28 13:57:41 -04:00
Steve Lawrence
21864a7ea6 Change extended avrules to be more similar to normal avrules 
- Add an iterator to extract the extended permissions rather than
  returning only a string
- Add queries for determining if an avrule is extended, and what its
  type the extended avrule is (e.g. ioctl)
- Removed tests, but should probably revert that change and make sure
  they still work
- Fixed some warnings about unsigned/signed comparisons with ebitmaps
- Updates seinfo and sesearch to support new extended avrule changes

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
 2016-03-21 10:57:21 -04:00
Richard Haines
dd29dc9c43 setools-V4: libqpol policy V30 updates (xen/xperm statements) 
Updated libqpol services to use the latest checkpolicy 2.4 source
files to support Xen and extended permissions (allowxperm etc.).

TODO: Add support for querying the xperm values.

Signed-off-by: Richard Haines <richard_c_haines@btinternet.com>
 2016-03-21 10:56:37 -04:00
Chris PeBenito
faeccd0360 libqpol: stop processing types when building type attribute map 
Fix originally from Richard Haines.
 2016-03-21 10:56:37 -04:00
Chris PeBenito
699ce33cd7 policyrep: add typebounds rules 
Closes #66
 2016-02-05 13:53:30 -05:00