Accepting request 781799 from home:jsegitz:branches:security:SELinux
- Update to version 3.0 * cil: Allow validatetrans rules to be resolved * cil: Report disabling an optional block only at high verbose levels * cil: do not dereference perm_value_to_cil when it has not been allocated * cil: fix mlsconstrain segfault * Further improve binary policy optimization * Make an unknown permission an error in CIL * Remove cil_mem_error_handler() function pointer * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping * Add a function to optimize kernel policy * Add ebitmap_for_each_set_bit macro Dropped fnocommon.patch as it's included upstream OBS-URL: https://build.opensuse.org/request/show/781799 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=76
This commit is contained in:
parent
bf1d92df6b
commit
3c5f1f043d
517
fnocommon.patch
517
fnocommon.patch
@ -1,517 +0,0 @@
|
||||
commit a96e8c59ecac84096d870b42701a504791a8cc8c
|
||||
Author: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
Date: Thu Jan 23 13:57:13 2020 +0100
|
||||
|
||||
libsepol: fix CIL_KEY_* build errors with -fno-common
|
||||
|
||||
GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
|
||||
global variables to be defined only once in cil.c and declared in the
|
||||
header file correctly with the 'extern' keyword, so that other units
|
||||
including the file don't generate duplicate definitions.
|
||||
|
||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
||||
|
||||
Index: libsepol-2.9/cil/src/cil.c
|
||||
===================================================================
|
||||
--- libsepol-2.9.orig/cil/src/cil.c 2020-01-30 14:14:31.719005900 +0000
|
||||
+++ libsepol-2.9/cil/src/cil.c 2020-01-30 14:14:35.819072734 +0000
|
||||
@@ -77,6 +77,168 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL
|
||||
{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
||||
};
|
||||
|
||||
+char *CIL_KEY_CONS_T1;
|
||||
+char *CIL_KEY_CONS_T2;
|
||||
+char *CIL_KEY_CONS_T3;
|
||||
+char *CIL_KEY_CONS_R1;
|
||||
+char *CIL_KEY_CONS_R2;
|
||||
+char *CIL_KEY_CONS_R3;
|
||||
+char *CIL_KEY_CONS_U1;
|
||||
+char *CIL_KEY_CONS_U2;
|
||||
+char *CIL_KEY_CONS_U3;
|
||||
+char *CIL_KEY_CONS_L1;
|
||||
+char *CIL_KEY_CONS_L2;
|
||||
+char *CIL_KEY_CONS_H1;
|
||||
+char *CIL_KEY_CONS_H2;
|
||||
+char *CIL_KEY_AND;
|
||||
+char *CIL_KEY_OR;
|
||||
+char *CIL_KEY_NOT;
|
||||
+char *CIL_KEY_EQ;
|
||||
+char *CIL_KEY_NEQ;
|
||||
+char *CIL_KEY_CONS_DOM;
|
||||
+char *CIL_KEY_CONS_DOMBY;
|
||||
+char *CIL_KEY_CONS_INCOMP;
|
||||
+char *CIL_KEY_CONDTRUE;
|
||||
+char *CIL_KEY_CONDFALSE;
|
||||
+char *CIL_KEY_SELF;
|
||||
+char *CIL_KEY_OBJECT_R;
|
||||
+char *CIL_KEY_STAR;
|
||||
+char *CIL_KEY_TCP;
|
||||
+char *CIL_KEY_UDP;
|
||||
+char *CIL_KEY_DCCP;
|
||||
+char *CIL_KEY_SCTP;
|
||||
+char *CIL_KEY_AUDITALLOW;
|
||||
+char *CIL_KEY_TUNABLEIF;
|
||||
+char *CIL_KEY_ALLOW;
|
||||
+char *CIL_KEY_DONTAUDIT;
|
||||
+char *CIL_KEY_TYPETRANSITION;
|
||||
+char *CIL_KEY_TYPECHANGE;
|
||||
+char *CIL_KEY_CALL;
|
||||
+char *CIL_KEY_TUNABLE;
|
||||
+char *CIL_KEY_XOR;
|
||||
+char *CIL_KEY_ALL;
|
||||
+char *CIL_KEY_RANGE;
|
||||
+char *CIL_KEY_GLOB;
|
||||
+char *CIL_KEY_FILE;
|
||||
+char *CIL_KEY_DIR;
|
||||
+char *CIL_KEY_CHAR;
|
||||
+char *CIL_KEY_BLOCK;
|
||||
+char *CIL_KEY_SOCKET;
|
||||
+char *CIL_KEY_PIPE;
|
||||
+char *CIL_KEY_SYMLINK;
|
||||
+char *CIL_KEY_ANY;
|
||||
+char *CIL_KEY_XATTR;
|
||||
+char *CIL_KEY_TASK;
|
||||
+char *CIL_KEY_TRANS;
|
||||
+char *CIL_KEY_TYPE;
|
||||
+char *CIL_KEY_ROLE;
|
||||
+char *CIL_KEY_USER;
|
||||
+char *CIL_KEY_USERATTRIBUTE;
|
||||
+char *CIL_KEY_USERATTRIBUTESET;
|
||||
+char *CIL_KEY_SENSITIVITY;
|
||||
+char *CIL_KEY_CATEGORY;
|
||||
+char *CIL_KEY_CATSET;
|
||||
+char *CIL_KEY_LEVEL;
|
||||
+char *CIL_KEY_LEVELRANGE;
|
||||
+char *CIL_KEY_CLASS;
|
||||
+char *CIL_KEY_IPADDR;
|
||||
+char *CIL_KEY_MAP_CLASS;
|
||||
+char *CIL_KEY_CLASSPERMISSION;
|
||||
+char *CIL_KEY_BOOL;
|
||||
+char *CIL_KEY_STRING;
|
||||
+char *CIL_KEY_NAME;
|
||||
+char *CIL_KEY_SOURCE;
|
||||
+char *CIL_KEY_TARGET;
|
||||
+char *CIL_KEY_LOW;
|
||||
+char *CIL_KEY_HIGH;
|
||||
+char *CIL_KEY_LOW_HIGH;
|
||||
+char *CIL_KEY_GLBLUB;
|
||||
+char *CIL_KEY_HANDLEUNKNOWN;
|
||||
+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
|
||||
+char *CIL_KEY_HANDLEUNKNOWN_DENY;
|
||||
+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
|
||||
+char *CIL_KEY_MACRO;
|
||||
+char *CIL_KEY_IN;
|
||||
+char *CIL_KEY_MLS;
|
||||
+char *CIL_KEY_DEFAULTRANGE;
|
||||
+char *CIL_KEY_BLOCKINHERIT;
|
||||
+char *CIL_KEY_BLOCKABSTRACT;
|
||||
+char *CIL_KEY_CLASSORDER;
|
||||
+char *CIL_KEY_CLASSMAPPING;
|
||||
+char *CIL_KEY_CLASSPERMISSIONSET;
|
||||
+char *CIL_KEY_COMMON;
|
||||
+char *CIL_KEY_CLASSCOMMON;
|
||||
+char *CIL_KEY_SID;
|
||||
+char *CIL_KEY_SIDCONTEXT;
|
||||
+char *CIL_KEY_SIDORDER;
|
||||
+char *CIL_KEY_USERLEVEL;
|
||||
+char *CIL_KEY_USERRANGE;
|
||||
+char *CIL_KEY_USERBOUNDS;
|
||||
+char *CIL_KEY_USERPREFIX;
|
||||
+char *CIL_KEY_SELINUXUSER;
|
||||
+char *CIL_KEY_SELINUXUSERDEFAULT;
|
||||
+char *CIL_KEY_TYPEATTRIBUTE;
|
||||
+char *CIL_KEY_TYPEATTRIBUTESET;
|
||||
+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
|
||||
+char *CIL_KEY_TYPEALIAS;
|
||||
+char *CIL_KEY_TYPEALIASACTUAL;
|
||||
+char *CIL_KEY_TYPEBOUNDS;
|
||||
+char *CIL_KEY_TYPEPERMISSIVE;
|
||||
+char *CIL_KEY_RANGETRANSITION;
|
||||
+char *CIL_KEY_USERROLE;
|
||||
+char *CIL_KEY_ROLETYPE;
|
||||
+char *CIL_KEY_ROLETRANSITION;
|
||||
+char *CIL_KEY_ROLEALLOW;
|
||||
+char *CIL_KEY_ROLEATTRIBUTE;
|
||||
+char *CIL_KEY_ROLEATTRIBUTESET;
|
||||
+char *CIL_KEY_ROLEBOUNDS;
|
||||
+char *CIL_KEY_BOOLEANIF;
|
||||
+char *CIL_KEY_NEVERALLOW;
|
||||
+char *CIL_KEY_TYPEMEMBER;
|
||||
+char *CIL_KEY_SENSALIAS;
|
||||
+char *CIL_KEY_SENSALIASACTUAL;
|
||||
+char *CIL_KEY_CATALIAS;
|
||||
+char *CIL_KEY_CATALIASACTUAL;
|
||||
+char *CIL_KEY_CATORDER;
|
||||
+char *CIL_KEY_SENSITIVITYORDER;
|
||||
+char *CIL_KEY_SENSCAT;
|
||||
+char *CIL_KEY_CONSTRAIN;
|
||||
+char *CIL_KEY_MLSCONSTRAIN;
|
||||
+char *CIL_KEY_VALIDATETRANS;
|
||||
+char *CIL_KEY_MLSVALIDATETRANS;
|
||||
+char *CIL_KEY_CONTEXT;
|
||||
+char *CIL_KEY_FILECON;
|
||||
+char *CIL_KEY_IBPKEYCON;
|
||||
+char *CIL_KEY_IBENDPORTCON;
|
||||
+char *CIL_KEY_PORTCON;
|
||||
+char *CIL_KEY_NODECON;
|
||||
+char *CIL_KEY_GENFSCON;
|
||||
+char *CIL_KEY_NETIFCON;
|
||||
+char *CIL_KEY_PIRQCON;
|
||||
+char *CIL_KEY_IOMEMCON;
|
||||
+char *CIL_KEY_IOPORTCON;
|
||||
+char *CIL_KEY_PCIDEVICECON;
|
||||
+char *CIL_KEY_DEVICETREECON;
|
||||
+char *CIL_KEY_FSUSE;
|
||||
+char *CIL_KEY_POLICYCAP;
|
||||
+char *CIL_KEY_OPTIONAL;
|
||||
+char *CIL_KEY_DEFAULTUSER;
|
||||
+char *CIL_KEY_DEFAULTROLE;
|
||||
+char *CIL_KEY_DEFAULTTYPE;
|
||||
+char *CIL_KEY_ROOT;
|
||||
+char *CIL_KEY_NODE;
|
||||
+char *CIL_KEY_PERM;
|
||||
+char *CIL_KEY_ALLOWX;
|
||||
+char *CIL_KEY_AUDITALLOWX;
|
||||
+char *CIL_KEY_DONTAUDITX;
|
||||
+char *CIL_KEY_NEVERALLOWX;
|
||||
+char *CIL_KEY_PERMISSIONX;
|
||||
+char *CIL_KEY_IOCTL;
|
||||
+char *CIL_KEY_UNORDERED;
|
||||
+char *CIL_KEY_SRC_INFO;
|
||||
+char *CIL_KEY_SRC_CIL;
|
||||
+char *CIL_KEY_SRC_HLL;
|
||||
+
|
||||
static void cil_init_keys(void)
|
||||
{
|
||||
/* Initialize CIL Keys into strpool */
|
||||
Index: libsepol-2.9/cil/src/cil_internal.h
|
||||
===================================================================
|
||||
--- libsepol-2.9.orig/cil/src/cil_internal.h 2020-01-30 14:14:35.819072734 +0000
|
||||
+++ libsepol-2.9/cil/src/cil_internal.h 2020-01-30 14:15:14.843708709 +0000
|
||||
@@ -74,166 +74,166 @@ enum cil_pass {
|
||||
/*
|
||||
Keywords
|
||||
*/
|
||||
-char *CIL_KEY_CONS_T1;
|
||||
-char *CIL_KEY_CONS_T2;
|
||||
-char *CIL_KEY_CONS_T3;
|
||||
-char *CIL_KEY_CONS_R1;
|
||||
-char *CIL_KEY_CONS_R2;
|
||||
-char *CIL_KEY_CONS_R3;
|
||||
-char *CIL_KEY_CONS_U1;
|
||||
-char *CIL_KEY_CONS_U2;
|
||||
-char *CIL_KEY_CONS_U3;
|
||||
-char *CIL_KEY_CONS_L1;
|
||||
-char *CIL_KEY_CONS_L2;
|
||||
-char *CIL_KEY_CONS_H1;
|
||||
-char *CIL_KEY_CONS_H2;
|
||||
-char *CIL_KEY_AND;
|
||||
-char *CIL_KEY_OR;
|
||||
-char *CIL_KEY_NOT;
|
||||
-char *CIL_KEY_EQ;
|
||||
-char *CIL_KEY_NEQ;
|
||||
-char *CIL_KEY_CONS_DOM;
|
||||
-char *CIL_KEY_CONS_DOMBY;
|
||||
-char *CIL_KEY_CONS_INCOMP;
|
||||
-char *CIL_KEY_CONDTRUE;
|
||||
-char *CIL_KEY_CONDFALSE;
|
||||
-char *CIL_KEY_SELF;
|
||||
-char *CIL_KEY_OBJECT_R;
|
||||
-char *CIL_KEY_STAR;
|
||||
-char *CIL_KEY_TCP;
|
||||
-char *CIL_KEY_UDP;
|
||||
-char *CIL_KEY_DCCP;
|
||||
-char *CIL_KEY_SCTP;
|
||||
-char *CIL_KEY_AUDITALLOW;
|
||||
-char *CIL_KEY_TUNABLEIF;
|
||||
-char *CIL_KEY_ALLOW;
|
||||
-char *CIL_KEY_DONTAUDIT;
|
||||
-char *CIL_KEY_TYPETRANSITION;
|
||||
-char *CIL_KEY_TYPECHANGE;
|
||||
-char *CIL_KEY_CALL;
|
||||
-char *CIL_KEY_TUNABLE;
|
||||
-char *CIL_KEY_XOR;
|
||||
-char *CIL_KEY_ALL;
|
||||
-char *CIL_KEY_RANGE;
|
||||
-char *CIL_KEY_GLOB;
|
||||
-char *CIL_KEY_FILE;
|
||||
-char *CIL_KEY_DIR;
|
||||
-char *CIL_KEY_CHAR;
|
||||
-char *CIL_KEY_BLOCK;
|
||||
-char *CIL_KEY_SOCKET;
|
||||
-char *CIL_KEY_PIPE;
|
||||
-char *CIL_KEY_SYMLINK;
|
||||
-char *CIL_KEY_ANY;
|
||||
-char *CIL_KEY_XATTR;
|
||||
-char *CIL_KEY_TASK;
|
||||
-char *CIL_KEY_TRANS;
|
||||
-char *CIL_KEY_TYPE;
|
||||
-char *CIL_KEY_ROLE;
|
||||
-char *CIL_KEY_USER;
|
||||
-char *CIL_KEY_USERATTRIBUTE;
|
||||
-char *CIL_KEY_USERATTRIBUTESET;
|
||||
-char *CIL_KEY_SENSITIVITY;
|
||||
-char *CIL_KEY_CATEGORY;
|
||||
-char *CIL_KEY_CATSET;
|
||||
-char *CIL_KEY_LEVEL;
|
||||
-char *CIL_KEY_LEVELRANGE;
|
||||
-char *CIL_KEY_CLASS;
|
||||
-char *CIL_KEY_IPADDR;
|
||||
-char *CIL_KEY_MAP_CLASS;
|
||||
-char *CIL_KEY_CLASSPERMISSION;
|
||||
-char *CIL_KEY_BOOL;
|
||||
-char *CIL_KEY_STRING;
|
||||
-char *CIL_KEY_NAME;
|
||||
-char *CIL_KEY_SOURCE;
|
||||
-char *CIL_KEY_TARGET;
|
||||
-char *CIL_KEY_LOW;
|
||||
-char *CIL_KEY_HIGH;
|
||||
-char *CIL_KEY_LOW_HIGH;
|
||||
-char *CIL_KEY_HANDLEUNKNOWN;
|
||||
-char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
|
||||
-char *CIL_KEY_HANDLEUNKNOWN_DENY;
|
||||
-char *CIL_KEY_HANDLEUNKNOWN_REJECT;
|
||||
-char *CIL_KEY_MACRO;
|
||||
-char *CIL_KEY_IN;
|
||||
-char *CIL_KEY_MLS;
|
||||
-char *CIL_KEY_DEFAULTRANGE;
|
||||
-char *CIL_KEY_BLOCKINHERIT;
|
||||
-char *CIL_KEY_BLOCKABSTRACT;
|
||||
-char *CIL_KEY_CLASSORDER;
|
||||
-char *CIL_KEY_CLASSMAPPING;
|
||||
-char *CIL_KEY_CLASSPERMISSIONSET;
|
||||
-char *CIL_KEY_COMMON;
|
||||
-char *CIL_KEY_CLASSCOMMON;
|
||||
-char *CIL_KEY_SID;
|
||||
-char *CIL_KEY_SIDCONTEXT;
|
||||
-char *CIL_KEY_SIDORDER;
|
||||
-char *CIL_KEY_USERLEVEL;
|
||||
-char *CIL_KEY_USERRANGE;
|
||||
-char *CIL_KEY_USERBOUNDS;
|
||||
-char *CIL_KEY_USERPREFIX;
|
||||
-char *CIL_KEY_SELINUXUSER;
|
||||
-char *CIL_KEY_SELINUXUSERDEFAULT;
|
||||
-char *CIL_KEY_TYPEATTRIBUTE;
|
||||
-char *CIL_KEY_TYPEATTRIBUTESET;
|
||||
-char *CIL_KEY_EXPANDTYPEATTRIBUTE;
|
||||
-char *CIL_KEY_TYPEALIAS;
|
||||
-char *CIL_KEY_TYPEALIASACTUAL;
|
||||
-char *CIL_KEY_TYPEBOUNDS;
|
||||
-char *CIL_KEY_TYPEPERMISSIVE;
|
||||
-char *CIL_KEY_RANGETRANSITION;
|
||||
-char *CIL_KEY_USERROLE;
|
||||
-char *CIL_KEY_ROLETYPE;
|
||||
-char *CIL_KEY_ROLETRANSITION;
|
||||
-char *CIL_KEY_ROLEALLOW;
|
||||
-char *CIL_KEY_ROLEATTRIBUTE;
|
||||
-char *CIL_KEY_ROLEATTRIBUTESET;
|
||||
-char *CIL_KEY_ROLEBOUNDS;
|
||||
-char *CIL_KEY_BOOLEANIF;
|
||||
-char *CIL_KEY_NEVERALLOW;
|
||||
-char *CIL_KEY_TYPEMEMBER;
|
||||
-char *CIL_KEY_SENSALIAS;
|
||||
-char *CIL_KEY_SENSALIASACTUAL;
|
||||
-char *CIL_KEY_CATALIAS;
|
||||
-char *CIL_KEY_CATALIASACTUAL;
|
||||
-char *CIL_KEY_CATORDER;
|
||||
-char *CIL_KEY_SENSITIVITYORDER;
|
||||
-char *CIL_KEY_SENSCAT;
|
||||
-char *CIL_KEY_CONSTRAIN;
|
||||
-char *CIL_KEY_MLSCONSTRAIN;
|
||||
-char *CIL_KEY_VALIDATETRANS;
|
||||
-char *CIL_KEY_MLSVALIDATETRANS;
|
||||
-char *CIL_KEY_CONTEXT;
|
||||
-char *CIL_KEY_FILECON;
|
||||
-char *CIL_KEY_IBPKEYCON;
|
||||
-char *CIL_KEY_IBENDPORTCON;
|
||||
-char *CIL_KEY_PORTCON;
|
||||
-char *CIL_KEY_NODECON;
|
||||
-char *CIL_KEY_GENFSCON;
|
||||
-char *CIL_KEY_NETIFCON;
|
||||
-char *CIL_KEY_PIRQCON;
|
||||
-char *CIL_KEY_IOMEMCON;
|
||||
-char *CIL_KEY_IOPORTCON;
|
||||
-char *CIL_KEY_PCIDEVICECON;
|
||||
-char *CIL_KEY_DEVICETREECON;
|
||||
-char *CIL_KEY_FSUSE;
|
||||
-char *CIL_KEY_POLICYCAP;
|
||||
-char *CIL_KEY_OPTIONAL;
|
||||
-char *CIL_KEY_DEFAULTUSER;
|
||||
-char *CIL_KEY_DEFAULTROLE;
|
||||
-char *CIL_KEY_DEFAULTTYPE;
|
||||
-char *CIL_KEY_ROOT;
|
||||
-char *CIL_KEY_NODE;
|
||||
-char *CIL_KEY_PERM;
|
||||
-char *CIL_KEY_ALLOWX;
|
||||
-char *CIL_KEY_AUDITALLOWX;
|
||||
-char *CIL_KEY_DONTAUDITX;
|
||||
-char *CIL_KEY_NEVERALLOWX;
|
||||
-char *CIL_KEY_PERMISSIONX;
|
||||
-char *CIL_KEY_IOCTL;
|
||||
-char *CIL_KEY_UNORDERED;
|
||||
-char *CIL_KEY_SRC_INFO;
|
||||
-char *CIL_KEY_SRC_CIL;
|
||||
-char *CIL_KEY_SRC_HLL;
|
||||
+extern char *CIL_KEY_CONS_T1;
|
||||
+extern char *CIL_KEY_CONS_T2;
|
||||
+extern char *CIL_KEY_CONS_T3;
|
||||
+extern char *CIL_KEY_CONS_R1;
|
||||
+extern char *CIL_KEY_CONS_R2;
|
||||
+extern char *CIL_KEY_CONS_R3;
|
||||
+extern char *CIL_KEY_CONS_U1;
|
||||
+extern char *CIL_KEY_CONS_U2;
|
||||
+extern char *CIL_KEY_CONS_U3;
|
||||
+extern char *CIL_KEY_CONS_L1;
|
||||
+extern char *CIL_KEY_CONS_L2;
|
||||
+extern char *CIL_KEY_CONS_H1;
|
||||
+extern char *CIL_KEY_CONS_H2;
|
||||
+extern char *CIL_KEY_AND;
|
||||
+extern char *CIL_KEY_OR;
|
||||
+extern char *CIL_KEY_NOT;
|
||||
+extern char *CIL_KEY_EQ;
|
||||
+extern char *CIL_KEY_NEQ;
|
||||
+extern char *CIL_KEY_CONS_DOM;
|
||||
+extern char *CIL_KEY_CONS_DOMBY;
|
||||
+extern char *CIL_KEY_CONS_INCOMP;
|
||||
+extern char *CIL_KEY_CONDTRUE;
|
||||
+extern char *CIL_KEY_CONDFALSE;
|
||||
+extern char *CIL_KEY_SELF;
|
||||
+extern char *CIL_KEY_OBJECT_R;
|
||||
+extern char *CIL_KEY_STAR;
|
||||
+extern char *CIL_KEY_TCP;
|
||||
+extern char *CIL_KEY_UDP;
|
||||
+extern char *CIL_KEY_DCCP;
|
||||
+extern char *CIL_KEY_SCTP;
|
||||
+extern char *CIL_KEY_AUDITALLOW;
|
||||
+extern char *CIL_KEY_TUNABLEIF;
|
||||
+extern char *CIL_KEY_ALLOW;
|
||||
+extern char *CIL_KEY_DONTAUDIT;
|
||||
+extern char *CIL_KEY_TYPETRANSITION;
|
||||
+extern char *CIL_KEY_TYPECHANGE;
|
||||
+extern char *CIL_KEY_CALL;
|
||||
+extern char *CIL_KEY_TUNABLE;
|
||||
+extern char *CIL_KEY_XOR;
|
||||
+extern char *CIL_KEY_ALL;
|
||||
+extern char *CIL_KEY_RANGE;
|
||||
+extern char *CIL_KEY_GLOB;
|
||||
+extern char *CIL_KEY_FILE;
|
||||
+extern char *CIL_KEY_DIR;
|
||||
+extern char *CIL_KEY_CHAR;
|
||||
+extern char *CIL_KEY_BLOCK;
|
||||
+extern char *CIL_KEY_SOCKET;
|
||||
+extern char *CIL_KEY_PIPE;
|
||||
+extern char *CIL_KEY_SYMLINK;
|
||||
+extern char *CIL_KEY_ANY;
|
||||
+extern char *CIL_KEY_XATTR;
|
||||
+extern char *CIL_KEY_TASK;
|
||||
+extern char *CIL_KEY_TRANS;
|
||||
+extern char *CIL_KEY_TYPE;
|
||||
+extern char *CIL_KEY_ROLE;
|
||||
+extern char *CIL_KEY_USER;
|
||||
+extern char *CIL_KEY_USERATTRIBUTE;
|
||||
+extern char *CIL_KEY_USERATTRIBUTESET;
|
||||
+extern char *CIL_KEY_SENSITIVITY;
|
||||
+extern char *CIL_KEY_CATEGORY;
|
||||
+extern char *CIL_KEY_CATSET;
|
||||
+extern char *CIL_KEY_LEVEL;
|
||||
+extern char *CIL_KEY_LEVELRANGE;
|
||||
+extern char *CIL_KEY_CLASS;
|
||||
+extern char *CIL_KEY_IPADDR;
|
||||
+extern char *CIL_KEY_MAP_CLASS;
|
||||
+extern char *CIL_KEY_CLASSPERMISSION;
|
||||
+extern char *CIL_KEY_BOOL;
|
||||
+extern char *CIL_KEY_STRING;
|
||||
+extern char *CIL_KEY_NAME;
|
||||
+extern char *CIL_KEY_SOURCE;
|
||||
+extern char *CIL_KEY_TARGET;
|
||||
+extern char *CIL_KEY_LOW;
|
||||
+extern char *CIL_KEY_HIGH;
|
||||
+extern char *CIL_KEY_LOW_HIGH;
|
||||
+extern char *CIL_KEY_HANDLEUNKNOWN;
|
||||
+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
|
||||
+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
|
||||
+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
|
||||
+extern char *CIL_KEY_MACRO;
|
||||
+extern char *CIL_KEY_IN;
|
||||
+extern char *CIL_KEY_MLS;
|
||||
+extern char *CIL_KEY_DEFAULTRANGE;
|
||||
+extern char *CIL_KEY_BLOCKINHERIT;
|
||||
+extern char *CIL_KEY_BLOCKABSTRACT;
|
||||
+extern char *CIL_KEY_CLASSORDER;
|
||||
+extern char *CIL_KEY_CLASSMAPPING;
|
||||
+extern char *CIL_KEY_CLASSPERMISSIONSET;
|
||||
+extern char *CIL_KEY_COMMON;
|
||||
+extern char *CIL_KEY_CLASSCOMMON;
|
||||
+extern char *CIL_KEY_SID;
|
||||
+extern char *CIL_KEY_SIDCONTEXT;
|
||||
+extern char *CIL_KEY_SIDORDER;
|
||||
+extern char *CIL_KEY_USERLEVEL;
|
||||
+extern char *CIL_KEY_USERRANGE;
|
||||
+extern char *CIL_KEY_USERBOUNDS;
|
||||
+extern char *CIL_KEY_USERPREFIX;
|
||||
+extern char *CIL_KEY_SELINUXUSER;
|
||||
+extern char *CIL_KEY_SELINUXUSERDEFAULT;
|
||||
+extern char *CIL_KEY_TYPEATTRIBUTE;
|
||||
+extern char *CIL_KEY_TYPEATTRIBUTESET;
|
||||
+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
|
||||
+extern char *CIL_KEY_TYPEALIAS;
|
||||
+extern char *CIL_KEY_TYPEALIASACTUAL;
|
||||
+extern char *CIL_KEY_TYPEBOUNDS;
|
||||
+extern char *CIL_KEY_TYPEPERMISSIVE;
|
||||
+extern char *CIL_KEY_RANGETRANSITION;
|
||||
+extern char *CIL_KEY_USERROLE;
|
||||
+extern char *CIL_KEY_ROLETYPE;
|
||||
+extern char *CIL_KEY_ROLETRANSITION;
|
||||
+extern char *CIL_KEY_ROLEALLOW;
|
||||
+extern char *CIL_KEY_ROLEATTRIBUTE;
|
||||
+extern char *CIL_KEY_ROLEATTRIBUTESET;
|
||||
+extern char *CIL_KEY_ROLEBOUNDS;
|
||||
+extern char *CIL_KEY_BOOLEANIF;
|
||||
+extern char *CIL_KEY_NEVERALLOW;
|
||||
+extern char *CIL_KEY_TYPEMEMBER;
|
||||
+extern char *CIL_KEY_SENSALIAS;
|
||||
+extern char *CIL_KEY_SENSALIASACTUAL;
|
||||
+extern char *CIL_KEY_CATALIAS;
|
||||
+extern char *CIL_KEY_CATALIASACTUAL;
|
||||
+extern char *CIL_KEY_CATORDER;
|
||||
+extern char *CIL_KEY_SENSITIVITYORDER;
|
||||
+extern char *CIL_KEY_SENSCAT;
|
||||
+extern char *CIL_KEY_CONSTRAIN;
|
||||
+extern char *CIL_KEY_MLSCONSTRAIN;
|
||||
+extern char *CIL_KEY_VALIDATETRANS;
|
||||
+extern char *CIL_KEY_MLSVALIDATETRANS;
|
||||
+extern char *CIL_KEY_CONTEXT;
|
||||
+extern char *CIL_KEY_FILECON;
|
||||
+extern char *CIL_KEY_IBPKEYCON;
|
||||
+extern char *CIL_KEY_IBENDPORTCON;
|
||||
+extern char *CIL_KEY_PORTCON;
|
||||
+extern char *CIL_KEY_NODECON;
|
||||
+extern char *CIL_KEY_GENFSCON;
|
||||
+extern char *CIL_KEY_NETIFCON;
|
||||
+extern char *CIL_KEY_PIRQCON;
|
||||
+extern char *CIL_KEY_IOMEMCON;
|
||||
+extern char *CIL_KEY_IOPORTCON;
|
||||
+extern char *CIL_KEY_PCIDEVICECON;
|
||||
+extern char *CIL_KEY_DEVICETREECON;
|
||||
+extern char *CIL_KEY_FSUSE;
|
||||
+extern char *CIL_KEY_POLICYCAP;
|
||||
+extern char *CIL_KEY_OPTIONAL;
|
||||
+extern char *CIL_KEY_DEFAULTUSER;
|
||||
+extern char *CIL_KEY_DEFAULTROLE;
|
||||
+extern char *CIL_KEY_DEFAULTTYPE;
|
||||
+extern char *CIL_KEY_ROOT;
|
||||
+extern char *CIL_KEY_NODE;
|
||||
+extern char *CIL_KEY_PERM;
|
||||
+extern char *CIL_KEY_ALLOWX;
|
||||
+extern char *CIL_KEY_AUDITALLOWX;
|
||||
+extern char *CIL_KEY_DONTAUDITX;
|
||||
+extern char *CIL_KEY_NEVERALLOWX;
|
||||
+extern char *CIL_KEY_PERMISSIONX;
|
||||
+extern char *CIL_KEY_IOCTL;
|
||||
+extern char *CIL_KEY_UNORDERED;
|
||||
+extern char *CIL_KEY_SRC_INFO;
|
||||
+extern char *CIL_KEY_SRC_CIL;
|
||||
+extern char *CIL_KEY_SRC_HLL;
|
||||
|
||||
/*
|
||||
Symbol Table Array Indices
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a34b12b038d121e3e459b1cbaca3c9202e983137819c16baf63658390e3f1d5d
|
||||
size 474861
|
3
libsepol-3.0.tar.gz
Normal file
3
libsepol-3.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:5b7ae1881909f1048b06f7a0c364c5c8a86ec12e0ec76e740fe9595a6033eb79
|
||||
size 473864
|
@ -1,3 +1,20 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 3 12:17:04 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
||||
|
||||
- Update to version 3.0
|
||||
* cil: Allow validatetrans rules to be resolved
|
||||
* cil: Report disabling an optional block only at high verbose levels
|
||||
* cil: do not dereference perm_value_to_cil when it has not been allocated
|
||||
* cil: fix mlsconstrain segfault
|
||||
* Further improve binary policy optimization
|
||||
* Make an unknown permission an error in CIL
|
||||
* Remove cil_mem_error_handler() function pointer
|
||||
* Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
|
||||
* Add a function to optimize kernel policy
|
||||
* Add ebitmap_for_each_set_bit macro
|
||||
|
||||
Dropped fnocommon.patch as it's included upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 30 14:11:56 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package libsepol
|
||||
#
|
||||
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2020 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -17,15 +17,14 @@
|
||||
|
||||
|
||||
Name: libsepol
|
||||
Version: 2.9
|
||||
Version: 3.0
|
||||
Release: 0
|
||||
Summary: SELinux binary policy manipulation library
|
||||
License: LGPL-2.1-or-later
|
||||
Group: Development/Libraries/C and C++
|
||||
Url: https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/20190315/%{name}-%{version}.tar.gz
|
||||
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||
Source: https://github.com/SELinuxProject/selinux/releases/download/20191204/%{name}-%{version}.tar.gz
|
||||
Source2: baselibs.conf
|
||||
Patch0: fnocommon.patch
|
||||
Patch1: remove_cil_mem_error_handler.patch
|
||||
BuildRequires: flex
|
||||
BuildRequires: pkgconfig
|
||||
@ -88,7 +87,6 @@ policies.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%patch0 -p1
|
||||
%patch1 -p1
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user