mirror of
https://github.com/SELinuxProject/selinux
synced 2025-03-01 07:50:38 +00:00
16675b7f96
1. Add a uint32_t "flavor" field and an ebitmap "roles" to the role_datum_t structure; 2. Add a new "attribute_role" statement and its handler to declare a role attribute; 3. Modify declare_role() to setup role_datum_t.flavor according to the isattr argument; 4. Add a new "roleattribute" rule and its handler, which will record the regular role's (policy value - 1) into the role attribute's role_datum_t.roles ebitmap; 5. Modify the syntax for the role-types rule only to define the role-type associations; 6. Add a new role-attr rule to support the declaration of a single role, and optionally the role attribute that the role belongs to; 7. Check if the new_role used in role-transition rule is a regular role; 8. Support to require a role attribute; 9. Modify symtab_insert() to allow multiple declarations only for the regular role, while a role attribute can't be declared more than once and can't share a same name with another regular role. Signed-off-by: Harry Ciao <qingtao.cao@windriver.com> Signed-off-by: Steve Lawrence <slawrence@tresys.com> |
||
|---|---|---|
| .. | ||
| policydb | ||
| boolean_record.h | ||
| booleans.h | ||
| context_record.h | ||
| context.h | ||
| debug.h | ||
| errcodes.h | ||
| handle.h | ||
| iface_record.h | ||
| interfaces.h | ||
| module.h | ||
| node_record.h | ||
| nodes.h | ||
| policydb.h | ||
| port_record.h | ||
| ports.h | ||
| roles.h | ||
| sepol.h | ||
| user_record.h | ||
| users.h | ||