mirror of
https://github.com/SELinuxProject/selinux
synced 2025-03-03 16:57:30 +00:00
f42d013eec
- Create role declarations no matter if the declaration is in base or
a module. Since CIL does not permit role re-declarations, this change
will break existing policies that have the same role declared in multiple
modules. To fix this, the policies will need to change the role to be
defined in a single place.
- Pass around the avrule_decl stack rather than just the most recent
decl. The full stack is needed to determine if identifiers are in
scope
- Only create roletype statements for a role and a type in two cases:
1) The role is declared/required and the type is declared/required in
the same scope or an ancestor scope of the role
2) The type is declared/required and the role is declared/required in
an ancestor scope of the type
Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
Acked-by: Steve Lawrence <slawrence@tresys.com>
|
||
|---|---|---|
| .. | ||
| .tx | ||
| audit2allow | ||
| gui | ||
| hll | ||
| load_policy | ||
| man | ||
| mcstrans | ||
| newrole | ||
| po | ||
| restorecond | ||
| run_init | ||
| sandbox | ||
| scripts | ||
| secon | ||
| semanage | ||
| semodule | ||
| semodule_deps | ||
| semodule_expand | ||
| semodule_link | ||
| semodule_package | ||
| sepolgen-ifgen | ||
| sepolicy | ||
| sestatus | ||
| setfiles | ||
| setsebool | ||
| .gitignore | ||
| ChangeLog | ||
| COPYING | ||
| Makefile | ||
| VERSION | ||