RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
selinux/libsepol
History
James Carter 3e4a902010 libsepol/cil: Add CIL bounds checking and reporting. 
Use the libsepol bounds checking to check for and report user and
role bounds violations.

For type bounds checking, use libsepol bounds checking to determine
if there is a violation for a given type. For each violation display
an error message that includes the CIL AST from the root node to the
node of the rule causing the violation.

Example error report:
Child type b_t3_c exceeds bounds of parent b_t3
  (allow b_t3_c b_tc (file (write)))
    <root>
    booleanif at line 148633 of cil.conf.bounds
    true at line 148634 of cil.conf.bounds
    allow at line 148636 of cil.conf.bounds
      (allow b_t3_c b_tc (file (read write)))

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
 		2015-06-22 10:03:16 -04:00
..
cil libsepol/cil: Add CIL bounds checking and reporting. 2015-06-22 10:03:16 -04:00
include libsepol: Refactored bounds (hierarchy) checking code 2015-06-22 09:44:55 -04:00
man Laurent Bigonville patch to fix various minor manpage issues and correct section numbering. 2013-10-24 13:58:37 -04:00
src libsepol: Refactored bounds (hierarchy) checking code 2015-06-22 09:44:55 -04:00
tests libsepol/tests: fix gcc -Warray-bounds warning 2014-10-02 09:56:45 -04:00
utils libsepol: Android/MacOS X build support 2012-06-28 11:21:15 -04:00
.gitignore libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
Android.mk libsepol/cil: Add function to search the CIL AST for an AV rule. 2015-06-22 10:03:07 -04:00
COPYING initial import from svn trunk revision 2950 2008-08-19 15:30:36 -04:00
ChangeLog Update checkpolicy and libsepol ChangeLogs. 2015-06-15 09:23:20 -04:00
Makefile libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
VERSION Bump to final release 2015-02-02 09:38:10 -05:00