RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-05 04:59:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
6015b05d06
selinux/libsepol
History
James Carter 6015b05d06
libsepol: Properly handle types associated to role attributes 
Types associated to role attributes in optional blocks are not
associated with the roles that have that attribute. The problem
is that role_fix_callback is called before the avrule_decls are
walked.

Example/
  class CLASS1
  sid kernel
  class CLASS1 { PERM1 }
  type TYPE1;
  type TYPE1A;
  allow TYPE1 self : CLASS1 PERM1;
  attribute_role ROLE_ATTR1A;
  role ROLE1;
  role ROLE1A;
  roleattribute ROLE1A ROLE_ATTR1A;
  role ROLE1 types TYPE1;
  optional {
    require {
      class CLASS1 PERM1;
    }
    role ROLE_ATTR1A types TYPE1A;
  }
  user USER1 roles ROLE1;
  sid kernel USER1:ROLE1:TYPE1

In this example ROLE1A will not have TYPE1A associated to it.

Call role_fix_callback() after the avrule_decls are walked.

Signed-off-by: James Carter <jwcart2@gmail.com>
2021-03-15 21:48:07 +01:00
..
cil libsepol/cil: fix NULL pointer dereference in cil_fill_ipaddr 2021-02-27 21:39:18 +01:00
include libsepol: Create function ebitmap_highest_set_bit() 2021-02-19 16:30:11 +01:00
man selinux: Update manpages after removing legacy boolean and user code 2019-07-29 23:46:47 +02:00
src libsepol: Properly handle types associated to role attributes 2021-03-15 21:48:07 +01:00
tests libsepol/tests: drop ncurses dependency 2020-05-04 10:31:44 +02:00
utils libsepol: build: follow standard semantics for DESTDIR and PREFIX 2018-02-14 15:59:36 +01:00
.gitignore
COPYING
Makefile
VERSION Update VERSIONs to 3.2 for release. 2021-03-04 16:42:59 +01:00