James Carter 9e81e611c7 libsepol: Fix neverallow checking to also check the other types when ...

self is included in a target type set.

When neverallow checking was refactored in commit 9e6840e, self
was not handled correctly. The assumption was made that self only
appeared by itself as a target type, when it may appear in a list of
types. Because of this, if self appears in a target type set of a
neverallow, the other types in the type set are not checked.

Example:

allow TYPE1 TYPE2:CLASS1 { PERM1 };
neverallow TYPE1 {TYPE2 self}:CLASS1 { PERM1 };

The old assertion checking would not find a violation in the rules
above because the target type TYPE2 would be ignored.

This fix will cause all of the types in a target list that includes
self to be checked.

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>

2016-11-30 10:19:02 -05:00

..

cil

libsepol/cil: Add ability to write policy.conf file from CIL AST

2016-11-30 10:18:12 -05:00

include

libsepol,libselinux,audit2allow: teach audit2why about type bounds failures

2016-11-29 15:53:59 -05:00

man

Laurent Bigonville patch to fix various minor manpage issues and correct section numbering.

2013-10-24 13:58:37 -04:00

src

libsepol: Fix neverallow checking to also check the other types when

2016-11-30 10:19:02 -05:00

tests

libsepol/tests: use LDFLAGS when linking

2016-11-29 08:45:26 -05:00

utils

libsepol: Android/MacOS X build support

2012-06-28 11:21:15 -04:00

.gitignore

libsepol: build cil into libsepol

2014-08-26 08:03:31 -04:00

COPYING

initial import from svn trunk revision 2950

2008-08-19 15:30:36 -04:00

Makefile

libsepol: build cil into libsepol

2014-08-26 08:03:31 -04:00

VERSION

Update VERSION and ChangeLog files for 2.6 final release.

2016-10-14 11:31:26 -04:00