Joshua Brindle 25ce102907 Add security_validatetrans support ... It seems validatetrans support was never added to libselinux, despite being added to selinuxfs in kernel version 4.5 There is a utility to test, however the targeted policy has no validatetrans rules so some must be added: $ cat validatetrans.cil (mlsvalidatetrans db_table (and (or (or (or (eq l1 l2) (and (eq t3 unconfined_t) (domby l1 l2))) (and (eq t3 unconfined_t) (dom l1 l2))) (and (eq t3 unconfined_t) (incomp l1 l2))) (or (or (or (eq l1 h2) (and (eq t3 unconfined_t) (domby h1 h2))) (and (eq t3 unconfined_t) (dom h1 h2))) (and (eq t3 unconfined_t) (incomp h1 h2))))) $ sudo semodule -i validatetrans.cil $ ./validatetrans system_u:system_r:kernel_t:s0 system_u:system_r:init_t:s0:c0 db_table system_u:system_r: # invalid context here opening /sys/fs/selinux/validatetrans security_validatetrans returned -1 errno: Invalid argument $ ./validatetrans system_u:system_r:kernel_t:s0 system_u:system_r:init_t:s0:c0 db_table system_u:system_r:init_t:s0 opening /sys/fs/selinux/validatetrans security_validatetrans returned -1 errno: Operation not permitted $ ./validatetrans system_u:system_r:kernel_t:s0 system_u:system_r:init_t:s0:c0 db_table system_u:system_r:unconfined_t:s0 opening /sys/fs/selinux/validatetrans security_validatetrans returned 0 errno: Success Signed-off-by: Joshua Brindle <joshua.brindle@crunchydata.com>		2019-04-09 06:51:02 -07:00
..
.gitignore	Add security_validatetrans support	2019-04-09 06:51:02 -07:00
avcstat.c	libselinux: avcstat: fix build warning	2018-05-08 08:11:58 -04:00
compute_av.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
compute_create.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
compute_member.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
compute_relabel.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
compute_user.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
getconlist.c	libselinux: remove unused variable usercon	2018-04-17 13:55:57 -07:00
getdefaultcon.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
getenforce.c	libselinux: use -W and -Werror in utils	2011-12-05 16:14:17 -05:00
getfilecon.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
getpidcon.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
getsebool.c	libselinux: getsebool: always free names	2017-04-12 14:46:02 -04:00
getseuser.c	Get rid of security_context_t and fix const declarations.	2014-02-19 16:11:48 -05:00
Makefile	Makefile: add -Wstrict-overflow=5 to CFLAGS	2018-12-31 08:06:29 -08:00
matchpathcon.c	libselinux: Change matchpathcon usage to match with matchpathcon manpage	2019-02-04 22:11:22 +01:00
policyvers.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
sefcontext_compile.c	libselinux/utils: add noreturn to sefcontext_compile	2016-10-18 13:51:23 -04:00
selabel_digest.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
selabel_lookup_best_match.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
selabel_lookup.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
selabel_partial_match.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
selinux_check_access.c	libselinux/utils: add noreturn attribute to selinux_check_access's usage	2017-05-05 13:07:04 -04:00
selinux_check_securetty_context.c	libselinux: include errno.h instead of sys/errno.h	2017-01-09 16:00:22 -05:00
selinuxenabled.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
selinuxexeccon.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
setenforce.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
setfilecon.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
togglesebool.c	libselinux/utils: fix all the noreturn errors	2016-11-01 17:29:49 -04:00
validatetrans.c	Add security_validatetrans support	2019-04-09 06:51:02 -07:00