mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-17 03:34:33 +00:00
f5602f5ff9
Add a new statement, neverallowx, which has the same syntax as allowx: (neverallowx foo bar (ioctl file (range 0x2000 0x20FF))) (allowx foo bar (ioctl file (0x20A0))) ; this fails Much of the changes just move functions around or split functions up to ease the sharing of avrule and avrulex comparisons with neverallows. This refactoring also modifies the avrule struct to include a union of either class permission information for standard avrules or extended permission information for extended avrules, also done to support sharing code. This also changes assertion.c and avtab.c to allow check_assertion_avtab_match to work with extended avrules. Signed-off-by: Steve Lawrence <slawrence@tresys.com> |
||
---|---|---|
.. | ||
include/cil | ||
src | ||
test | ||
.gitignore |