mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-05 01:56:27 +00:00
1e2b2e57e5
Fixes https://github.com/SELinuxProject/cil/issues/2. Sensitivities and categories generated from blocks use dots to indicate namespacing. This could result in categories that contain ambiguous ranges with categories declared in blocks. Example: (category c0) (category c2) (block c0 (category (c2)) (filecon ... (s0 (c2))) ) The above policy results in the filecontext: ... s0:c0.c2. The categories c0.c2 could be interpreted as a range between c0 and c2 or it could be the namespaced category c0.c2. Therefore, categories are no longer allowed inside blocks to eliminate this ambiguity. This patch also disallows sensitivites in blocks for consistency with category behavior. Signed-off-by: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com> |
||
---|---|---|
.. | ||
include/cil | ||
src | ||
test | ||
.gitignore |