RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-03-07 18:57:31 +00:00
Code Issues Packages Projects Releases Wiki Activity
5b6e6254b5
selinux/libsepol
History
James Carter 5b6e6254b5 libsepol: Do a more thorough validation of constraints 
When validating a policydb, do a more thorough validation of the
constraints.
 - No permissions if it is a (mls)validatetrans.
 - Only mlsvalidatetrans can use u3, r3, and t3.
 - Expressions not involving types should have an empty type set.
 - Only "==" and "!=" are allowed when there are names.
 - If names are not used in an expression then both the names bitmap
   and the type set should be empty.
 - Only roles and mls expressions can used "dom", "domby", and "incomp".
 - An mls expression cannot use names.
 - If the expression is "not", "and", or "or", then the names bitmap
   and the type set should be empty.

Signed-off-by: James Carter <jwcart2@gmail.com>
2022-03-11 10:10:53 -05:00
..
cil libsepol/cil: Limit the amount of reporting for context rule conflicts 2022-02-24 10:39:45 -05:00
fuzz libsepol: add libfuzz based fuzzer for reading binary policies 2021-12-15 12:48:28 -05:00
include libsepol: Add 'ioctl_skip_cloexec' policy capability 2022-03-03 12:10:47 -05:00
man selinux: Update manpages after removing legacy boolean and user code 2019-07-29 23:46:47 +02:00
src libsepol: Do a more thorough validation of constraints 2022-03-11 10:10:53 -05:00
tests ci: run the tests under ASan/UBsan on GHActions 2022-01-06 10:34:33 -05:00
utils libsepol: build: follow standard semantics for DESTDIR and PREFIX 2018-02-14 15:59:36 +01:00
.gitignore
COPYING
Makefile
VERSION Update VERSIONs to 3.3 for release. 2021-10-21 16:31:23 +02:00