selinux/libsepol/cil
James Carter 3e4a902010 libsepol/cil: Add CIL bounds checking and reporting.
Use the libsepol bounds checking to check for and report user and
role bounds violations.

For type bounds checking, use libsepol bounds checking to determine
if there is a violation for a given type. For each violation display
an error message that includes the CIL AST from the root node to the
node of the rule causing the violation.

Example error report:
Child type b_t3_c exceeds bounds of parent b_t3
  (allow b_t3_c b_tc (file (write)))
    <root>
    booleanif at line 148633 of cil.conf.bounds
    true at line 148634 of cil.conf.bounds
    allow at line 148636 of cil.conf.bounds
      (allow b_t3_c b_tc (file (read write)))

Signed-off-by: James Carter <jwcart2@tycho.nsa.gov>
2015-06-22 10:03:16 -04:00
..
include/cil libsepol: clean up the CIL API 2015-02-27 08:58:52 -05:00
src libsepol/cil: Add CIL bounds checking and reporting. 2015-06-22 10:03:16 -04:00
test libsepol: Move secilc out of libsepol 2015-03-31 12:31:38 -04:00
.gitignore Merge commit '76ba6eaa7333483a8cc0c73a7880f7acf99c2656' 2015-02-18 09:25:20 -05:00