RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux/libsepol/src
History
Steve Lawrence 11fccc48cd libsepol: with pp to CIL, always write auditadm_r and secadm_r roles 
to the base module

In fedora and refpolicy, the auditadm_r and secadm_r roles can be in
either the base module or a non-base module, or they could be in both.
This means that it is possible for duplicate role declarations to exist.
CIL does not allow duplicate declarations of anything, but there is no
way for the pp compiler to know if the roles are declared in which
module, or if they are in both when compiling a single module. This
means we cannot use the same hack that we use for user_r, staff_r, etc.,
to generate CIL role declarations (i.e. only create role declarations
for these when defined in base).

So only for these two roles, always declare them as part of base,
regardless of where or if they are defined. This means that turning off
the auditadm module will never remove the auditamd_r role (likewise for
secadm), whereas right now, in some cases it would. This also means that
role allow rules will still exist for these roles even with the modules
removed. However, this is okay because the roles would not have any
types associated with them so no access would be allowed.

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
Reported-by: Miroslav Grepl <mgrepl@redhat.com>
 		2015-05-29 09:46:25 -04:00
..
Makefile Build libsepol with -O2 2015-01-15 10:44:01 -05:00
assertion.c Allow libsepol C++ static library on device. 2015-01-20 10:31:15 -05:00
av_permissions.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
avrule_block.c libsepol: coverity fixes 2013-02-05 20:14:45 -05:00
avtab.c Add support for ioctl command whitelisting 2015-04-23 08:30:33 -04:00
boolean_internal.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
boolean_record.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
booleans.c Author: "Justin P. Mattock" 2010-12-08 18:13:46 -05:00
conditional.c libsepol: Write and read TUNABLE flags in related data structures. 2011-09-16 11:54:01 -04:00
constraint.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
context.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
context.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
context_internal.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
context_record.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
debug.c Author: "Justin P. Mattock" 2010-12-08 18:13:46 -05:00
debug.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
dso.h libsepol: Don't use symbol versioning for static object files 2015-04-15 15:20:20 -04:00
ebitmap.c libsepol: Move ebitmap_* functions from mcstrans to libsepol 2011-11-02 15:37:11 -04:00
expand.c Add support for ioctl command whitelisting 2015-04-23 08:30:33 -04:00
genbools.c libsepol: coverity fixes 2013-02-05 20:14:45 -05:00
genusers.c libsepol: coverity fixes 2013-02-05 20:14:45 -05:00
handle.c libsepol: libsemanage: policycoreutils: Create a new preserve_tunables flag in sepol_handle_t. 2011-09-16 11:54:02 -04:00
handle.h libsepol: libsemanage: policycoreutils: Create a new preserve_tunables flag in sepol_handle_t. 2011-09-16 11:54:02 -04:00
hashtab.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
hierarchy.c libsepol: Fix memory leak issues found by Klocwork 2013-02-05 20:14:50 -05:00
iface_internal.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
iface_record.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
interfaces.c Author: "Justin P. Mattock" 2010-12-08 18:13:46 -05:00
libsepol.map.in libsepol: add function to generate CIL from a module policydb 2015-04-01 13:09:21 -04:00
libsepol.pc.in updated libselinux pkgconfig does not work correctly on lib64 machines. 2010-03-06 18:06:43 -05:00
link.c libsepol: bool_copy_callback set state on creation 2015-03-19 14:33:47 -04:00
mls.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
mls.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
module.c libsepol: coverity fixes 2013-02-05 20:14:45 -05:00
module_internal.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
module_to_cil.c libsepol: with pp to CIL, always write auditadm_r and secadm_r roles 2015-05-29 09:46:25 -04:00
node_internal.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
node_record.c libsepol: Android/MacOS X build support 2012-06-28 11:21:15 -04:00
nodes.c Author: "Justin P. Mattock" 2010-12-08 18:13:46 -05:00
polcaps.c libsepol: Add always_check_network policy capability 2012-09-12 14:30:24 -04:00
policydb.c Add support for ioctl command whitelisting 2015-04-23 08:30:33 -04:00
policydb_convert.c libsepol: Fix memory leak issues found by Klocwork 2013-02-05 20:14:50 -05:00
policydb_internal.h libsepol: fix most gcc -Wwrite-strings warnings 2014-10-02 09:56:15 -04:00
policydb_public.c libsepol: add function to libsepol for setting target_platform 2014-08-26 08:02:16 -04:00
port_internal.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
port_record.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
ports.c Author: "Justin P. Mattock" 2010-12-08 18:13:46 -05:00
private.h libsepol: Android/MacOS X build support 2012-06-28 11:21:15 -04:00
roles.c Author: "Justin P. Mattock" 2010-12-08 18:13:46 -05:00
services.c libsepol: fix most gcc -Wwrite-strings warnings 2014-10-02 09:56:15 -04:00
sidtab.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
symtab.c libsepol: Fix memory leak issues found by Klocwork 2013-02-05 20:14:50 -05:00
user_internal.h initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
user_record.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
users.c Add role attribute support when expanding role_set_t. 2011-07-25 10:09:43 -04:00
util.c initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
write.c libsepol: Binary modules do not support ioctl rules. 2015-04-24 14:24:04 -04:00