James Carter 9e81e611c7 libsepol: Fix neverallow checking to also check the other types when ... self is included in a target type set. When neverallow checking was refactored in commit 9e6840e, self was not handled correctly. The assumption was made that self only appeared by itself as a target type, when it may appear in a list of types. Because of this, if self appears in a target type set of a neverallow, the other types in the type set are not checked. Example: allow TYPE1 TYPE2:CLASS1 { PERM1 }; neverallow TYPE1 {TYPE2 self}:CLASS1 { PERM1 }; The old assertion checking would not find a violation in the rules above because the target type TYPE2 would be ignored. This fix will cause all of the types in a target list that includes self to be checked. Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>		2016-11-30 10:19:02 -05:00
..
cil	libsepol/cil: Add ability to write policy.conf file from CIL AST	2016-11-30 10:18:12 -05:00
include	libsepol,libselinux,audit2allow: teach audit2why about type bounds failures	2016-11-29 15:53:59 -05:00
man	Laurent Bigonville patch to fix various minor manpage issues and correct section numbering.	2013-10-24 13:58:37 -04:00
src	libsepol: Fix neverallow checking to also check the other types when	2016-11-30 10:19:02 -05:00
tests	libsepol/tests: use LDFLAGS when linking	2016-11-29 08:45:26 -05:00
utils	libsepol: Android/MacOS X build support	2012-06-28 11:21:15 -04:00
.gitignore	libsepol: build cil into libsepol	2014-08-26 08:03:31 -04:00
COPYING	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
Makefile	libsepol: build cil into libsepol	2014-08-26 08:03:31 -04:00
VERSION	Update VERSION and ChangeLog files for 2.6 final release.	2016-10-14 11:31:26 -04:00