Check the return value of malloc() to avoid null pointer reference.
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Acked-by: James Carter <jwcart2@gmail.com>
Provide the option "-Q" or "--qualified-names" to indicate that the
policy is using qualified names.
Using qualified names means that declaration names can have "dots"
in them, but blocks, blockinherits, blockabstracts, and in-statements
are not allowed in the policy.
The libsepol function cil_set_qualified_names() is called with the
desired value for the CIL db's "qualified_names" field.
Signed-off-by: James Carter <jwcart2@gmail.com>
Added "-G, --expand_generated" option to specify that all automatically
generated attributes should be expanded and removed.
Added "-X, --expand_size <SIZE>" option to specify which attributes
are expanded when building a kernel policy. All attributes that have
less types assigned to it than SIZE will be expanded when writing AV
rules.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
The program secil2conf uses the libsepol function
cil_write_policy_conf() to create a policy.conf file from CIL policy.
By default a file called "policy.conf" will be created, but the "-o"
option can be used to write to a different file. The "-M" option can
be used to override the mls statement in CIL. The "-P" option will
cause tunables to be treated as booleans.
Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
Huaxin Lu
Christian Göttsche
James Carter
James Carter
Nicolas Iooss