topjohnwu/selinux
1
0
Fork 0
mirror of https://github.com/topjohnwu/selinux.git synced 2024-12-11 13:26:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
1e2b2e57e5
selinux/libsepol
History
Yuli Khodorkovskiy 1e2b2e57e5 libsepol/cil: Do not allow categories/sensitivities inside blocks 
Fixes https://github.com/SELinuxProject/cil/issues/2.

Sensitivities and categories generated from blocks use dots to indicate
namespacing. This could result in categories that contain ambiguous
ranges with categories declared in blocks.

Example:

    (category c0)
    (category c2)
    (block c0
        (category (c2))
        (filecon ... (s0 (c2)))
    )

The above policy results in the filecontext: ... s0:c0.c2. The categories c0.c2
could be interpreted as a range between c0 and c2 or it could be the namespaced
category c0.c2. Therefore, categories are no longer allowed inside blocks to
eliminate this ambiguity.

This patch also disallows sensitivites in blocks for consistency with category
behavior.

Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>
2015-05-27 14:00:01 -04:00
..
cil libsepol/cil: Do not allow categories/sensitivities inside blocks 2015-05-27 14:00:01 -04:00
include Add support for ioctl command whitelisting 2015-04-23 08:30:33 -04:00
man
src Replace fmemopen() with internal function in libsepol. 2015-05-08 10:58:09 -04:00
tests libsepol/tests: fix gcc -Warray-bounds warning 2014-10-02 09:56:45 -04:00
utils
.gitignore libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
Android.mk libsepol, secilc: Fix build for Android 2015-04-02 12:01:10 -04:00
ChangeLog Update libsepol ChangeLog. 2015-05-08 11:03:13 -04:00
COPYING
Makefile libsepol: build cil into libsepol 2014-08-26 08:03:31 -04:00
VERSION Bump to final release 2015-02-02 09:38:10 -05:00