forked from pool/libsepol
Accepting request 781799 from home:jsegitz:branches:security:SELinux
- Update to version 3.0 * cil: Allow validatetrans rules to be resolved * cil: Report disabling an optional block only at high verbose levels * cil: do not dereference perm_value_to_cil when it has not been allocated * cil: fix mlsconstrain segfault * Further improve binary policy optimization * Make an unknown permission an error in CIL * Remove cil_mem_error_handler() function pointer * Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping * Add a function to optimize kernel policy * Add ebitmap_for_each_set_bit macro Dropped fnocommon.patch as it's included upstream OBS-URL: https://build.opensuse.org/request/show/781799 OBS-URL: https://build.opensuse.org/package/show/security:SELinux/libsepol?expand=0&rev=76
This commit is contained in:
Johannes Segitz
Git OBS Bridge
parent
bf1d92df6b
commit
3c5f1f043d
517
fnocommon.patch
517
fnocommon.patch
@ -1,517 +0,0 @@
|
|||||||
commit a96e8c59ecac84096d870b42701a504791a8cc8c
|
|
||||||
Author: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
Date: Thu Jan 23 13:57:13 2020 +0100
|
|
||||||
|
|
||||||
libsepol: fix CIL_KEY_* build errors with -fno-common
|
|
||||||
|
|
||||||
GCC 10 comes with -fno-common enabled by default - fix the CIL_KEY_*
|
|
||||||
global variables to be defined only once in cil.c and declared in the
|
|
||||||
header file correctly with the 'extern' keyword, so that other units
|
|
||||||
including the file don't generate duplicate definitions.
|
|
||||||
|
|
||||||
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
|
||||||
|
|
||||||
Index: libsepol-2.9/cil/src/cil.c
|
|
||||||
===================================================================
|
|
||||||
--- libsepol-2.9.orig/cil/src/cil.c 2020-01-30 14:14:31.719005900 +0000
|
|
||||||
+++ libsepol-2.9/cil/src/cil.c 2020-01-30 14:14:35.819072734 +0000
|
|
||||||
@@ -77,6 +77,168 @@ int cil_sym_sizes[CIL_SYM_ARRAY_NUM][CIL
|
|
||||||
{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
|
|
||||||
};
|
|
||||||
|
|
||||||
+char *CIL_KEY_CONS_T1;
|
|
||||||
+char *CIL_KEY_CONS_T2;
|
|
||||||
+char *CIL_KEY_CONS_T3;
|
|
||||||
+char *CIL_KEY_CONS_R1;
|
|
||||||
+char *CIL_KEY_CONS_R2;
|
|
||||||
+char *CIL_KEY_CONS_R3;
|
|
||||||
+char *CIL_KEY_CONS_U1;
|
|
||||||
+char *CIL_KEY_CONS_U2;
|
|
||||||
+char *CIL_KEY_CONS_U3;
|
|
||||||
+char *CIL_KEY_CONS_L1;
|
|
||||||
+char *CIL_KEY_CONS_L2;
|
|
||||||
+char *CIL_KEY_CONS_H1;
|
|
||||||
+char *CIL_KEY_CONS_H2;
|
|
||||||
+char *CIL_KEY_AND;
|
|
||||||
+char *CIL_KEY_OR;
|
|
||||||
+char *CIL_KEY_NOT;
|
|
||||||
+char *CIL_KEY_EQ;
|
|
||||||
+char *CIL_KEY_NEQ;
|
|
||||||
+char *CIL_KEY_CONS_DOM;
|
|
||||||
+char *CIL_KEY_CONS_DOMBY;
|
|
||||||
+char *CIL_KEY_CONS_INCOMP;
|
|
||||||
+char *CIL_KEY_CONDTRUE;
|
|
||||||
+char *CIL_KEY_CONDFALSE;
|
|
||||||
+char *CIL_KEY_SELF;
|
|
||||||
+char *CIL_KEY_OBJECT_R;
|
|
||||||
+char *CIL_KEY_STAR;
|
|
||||||
+char *CIL_KEY_TCP;
|
|
||||||
+char *CIL_KEY_UDP;
|
|
||||||
+char *CIL_KEY_DCCP;
|
|
||||||
+char *CIL_KEY_SCTP;
|
|
||||||
+char *CIL_KEY_AUDITALLOW;
|
|
||||||
+char *CIL_KEY_TUNABLEIF;
|
|
||||||
+char *CIL_KEY_ALLOW;
|
|
||||||
+char *CIL_KEY_DONTAUDIT;
|
|
||||||
+char *CIL_KEY_TYPETRANSITION;
|
|
||||||
+char *CIL_KEY_TYPECHANGE;
|
|
||||||
+char *CIL_KEY_CALL;
|
|
||||||
+char *CIL_KEY_TUNABLE;
|
|
||||||
+char *CIL_KEY_XOR;
|
|
||||||
+char *CIL_KEY_ALL;
|
|
||||||
+char *CIL_KEY_RANGE;
|
|
||||||
+char *CIL_KEY_GLOB;
|
|
||||||
+char *CIL_KEY_FILE;
|
|
||||||
+char *CIL_KEY_DIR;
|
|
||||||
+char *CIL_KEY_CHAR;
|
|
||||||
+char *CIL_KEY_BLOCK;
|
|
||||||
+char *CIL_KEY_SOCKET;
|
|
||||||
+char *CIL_KEY_PIPE;
|
|
||||||
+char *CIL_KEY_SYMLINK;
|
|
||||||
+char *CIL_KEY_ANY;
|
|
||||||
+char *CIL_KEY_XATTR;
|
|
||||||
+char *CIL_KEY_TASK;
|
|
||||||
+char *CIL_KEY_TRANS;
|
|
||||||
+char *CIL_KEY_TYPE;
|
|
||||||
+char *CIL_KEY_ROLE;
|
|
||||||
+char *CIL_KEY_USER;
|
|
||||||
+char *CIL_KEY_USERATTRIBUTE;
|
|
||||||
+char *CIL_KEY_USERATTRIBUTESET;
|
|
||||||
+char *CIL_KEY_SENSITIVITY;
|
|
||||||
+char *CIL_KEY_CATEGORY;
|
|
||||||
+char *CIL_KEY_CATSET;
|
|
||||||
+char *CIL_KEY_LEVEL;
|
|
||||||
+char *CIL_KEY_LEVELRANGE;
|
|
||||||
+char *CIL_KEY_CLASS;
|
|
||||||
+char *CIL_KEY_IPADDR;
|
|
||||||
+char *CIL_KEY_MAP_CLASS;
|
|
||||||
+char *CIL_KEY_CLASSPERMISSION;
|
|
||||||
+char *CIL_KEY_BOOL;
|
|
||||||
+char *CIL_KEY_STRING;
|
|
||||||
+char *CIL_KEY_NAME;
|
|
||||||
+char *CIL_KEY_SOURCE;
|
|
||||||
+char *CIL_KEY_TARGET;
|
|
||||||
+char *CIL_KEY_LOW;
|
|
||||||
+char *CIL_KEY_HIGH;
|
|
||||||
+char *CIL_KEY_LOW_HIGH;
|
|
||||||
+char *CIL_KEY_GLBLUB;
|
|
||||||
+char *CIL_KEY_HANDLEUNKNOWN;
|
|
||||||
+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
|
|
||||||
+char *CIL_KEY_HANDLEUNKNOWN_DENY;
|
|
||||||
+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
|
|
||||||
+char *CIL_KEY_MACRO;
|
|
||||||
+char *CIL_KEY_IN;
|
|
||||||
+char *CIL_KEY_MLS;
|
|
||||||
+char *CIL_KEY_DEFAULTRANGE;
|
|
||||||
+char *CIL_KEY_BLOCKINHERIT;
|
|
||||||
+char *CIL_KEY_BLOCKABSTRACT;
|
|
||||||
+char *CIL_KEY_CLASSORDER;
|
|
||||||
+char *CIL_KEY_CLASSMAPPING;
|
|
||||||
+char *CIL_KEY_CLASSPERMISSIONSET;
|
|
||||||
+char *CIL_KEY_COMMON;
|
|
||||||
+char *CIL_KEY_CLASSCOMMON;
|
|
||||||
+char *CIL_KEY_SID;
|
|
||||||
+char *CIL_KEY_SIDCONTEXT;
|
|
||||||
+char *CIL_KEY_SIDORDER;
|
|
||||||
+char *CIL_KEY_USERLEVEL;
|
|
||||||
+char *CIL_KEY_USERRANGE;
|
|
||||||
+char *CIL_KEY_USERBOUNDS;
|
|
||||||
+char *CIL_KEY_USERPREFIX;
|
|
||||||
+char *CIL_KEY_SELINUXUSER;
|
|
||||||
+char *CIL_KEY_SELINUXUSERDEFAULT;
|
|
||||||
+char *CIL_KEY_TYPEATTRIBUTE;
|
|
||||||
+char *CIL_KEY_TYPEATTRIBUTESET;
|
|
||||||
+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
|
|
||||||
+char *CIL_KEY_TYPEALIAS;
|
|
||||||
+char *CIL_KEY_TYPEALIASACTUAL;
|
|
||||||
+char *CIL_KEY_TYPEBOUNDS;
|
|
||||||
+char *CIL_KEY_TYPEPERMISSIVE;
|
|
||||||
+char *CIL_KEY_RANGETRANSITION;
|
|
||||||
+char *CIL_KEY_USERROLE;
|
|
||||||
+char *CIL_KEY_ROLETYPE;
|
|
||||||
+char *CIL_KEY_ROLETRANSITION;
|
|
||||||
+char *CIL_KEY_ROLEALLOW;
|
|
||||||
+char *CIL_KEY_ROLEATTRIBUTE;
|
|
||||||
+char *CIL_KEY_ROLEATTRIBUTESET;
|
|
||||||
+char *CIL_KEY_ROLEBOUNDS;
|
|
||||||
+char *CIL_KEY_BOOLEANIF;
|
|
||||||
+char *CIL_KEY_NEVERALLOW;
|
|
||||||
+char *CIL_KEY_TYPEMEMBER;
|
|
||||||
+char *CIL_KEY_SENSALIAS;
|
|
||||||
+char *CIL_KEY_SENSALIASACTUAL;
|
|
||||||
+char *CIL_KEY_CATALIAS;
|
|
||||||
+char *CIL_KEY_CATALIASACTUAL;
|
|
||||||
+char *CIL_KEY_CATORDER;
|
|
||||||
+char *CIL_KEY_SENSITIVITYORDER;
|
|
||||||
+char *CIL_KEY_SENSCAT;
|
|
||||||
+char *CIL_KEY_CONSTRAIN;
|
|
||||||
+char *CIL_KEY_MLSCONSTRAIN;
|
|
||||||
+char *CIL_KEY_VALIDATETRANS;
|
|
||||||
+char *CIL_KEY_MLSVALIDATETRANS;
|
|
||||||
+char *CIL_KEY_CONTEXT;
|
|
||||||
+char *CIL_KEY_FILECON;
|
|
||||||
+char *CIL_KEY_IBPKEYCON;
|
|
||||||
+char *CIL_KEY_IBENDPORTCON;
|
|
||||||
+char *CIL_KEY_PORTCON;
|
|
||||||
+char *CIL_KEY_NODECON;
|
|
||||||
+char *CIL_KEY_GENFSCON;
|
|
||||||
+char *CIL_KEY_NETIFCON;
|
|
||||||
+char *CIL_KEY_PIRQCON;
|
|
||||||
+char *CIL_KEY_IOMEMCON;
|
|
||||||
+char *CIL_KEY_IOPORTCON;
|
|
||||||
+char *CIL_KEY_PCIDEVICECON;
|
|
||||||
+char *CIL_KEY_DEVICETREECON;
|
|
||||||
+char *CIL_KEY_FSUSE;
|
|
||||||
+char *CIL_KEY_POLICYCAP;
|
|
||||||
+char *CIL_KEY_OPTIONAL;
|
|
||||||
+char *CIL_KEY_DEFAULTUSER;
|
|
||||||
+char *CIL_KEY_DEFAULTROLE;
|
|
||||||
+char *CIL_KEY_DEFAULTTYPE;
|
|
||||||
+char *CIL_KEY_ROOT;
|
|
||||||
+char *CIL_KEY_NODE;
|
|
||||||
+char *CIL_KEY_PERM;
|
|
||||||
+char *CIL_KEY_ALLOWX;
|
|
||||||
+char *CIL_KEY_AUDITALLOWX;
|
|
||||||
+char *CIL_KEY_DONTAUDITX;
|
|
||||||
+char *CIL_KEY_NEVERALLOWX;
|
|
||||||
+char *CIL_KEY_PERMISSIONX;
|
|
||||||
+char *CIL_KEY_IOCTL;
|
|
||||||
+char *CIL_KEY_UNORDERED;
|
|
||||||
+char *CIL_KEY_SRC_INFO;
|
|
||||||
+char *CIL_KEY_SRC_CIL;
|
|
||||||
+char *CIL_KEY_SRC_HLL;
|
|
||||||
+
|
|
||||||
static void cil_init_keys(void)
|
|
||||||
{
|
|
||||||
/* Initialize CIL Keys into strpool */
|
|
||||||
Index: libsepol-2.9/cil/src/cil_internal.h
|
|
||||||
===================================================================
|
|
||||||
--- libsepol-2.9.orig/cil/src/cil_internal.h 2020-01-30 14:14:35.819072734 +0000
|
|
||||||
+++ libsepol-2.9/cil/src/cil_internal.h 2020-01-30 14:15:14.843708709 +0000
|
|
||||||
@@ -74,166 +74,166 @@ enum cil_pass {
|
|
||||||
/*
|
|
||||||
Keywords
|
|
||||||
*/
|
|
||||||
-char *CIL_KEY_CONS_T1;
|
|
||||||
-char *CIL_KEY_CONS_T2;
|
|
||||||
-char *CIL_KEY_CONS_T3;
|
|
||||||
-char *CIL_KEY_CONS_R1;
|
|
||||||
-char *CIL_KEY_CONS_R2;
|
|
||||||
-char *CIL_KEY_CONS_R3;
|
|
||||||
-char *CIL_KEY_CONS_U1;
|
|
||||||
-char *CIL_KEY_CONS_U2;
|
|
||||||
-char *CIL_KEY_CONS_U3;
|
|
||||||
-char *CIL_KEY_CONS_L1;
|
|
||||||
-char *CIL_KEY_CONS_L2;
|
|
||||||
-char *CIL_KEY_CONS_H1;
|
|
||||||
-char *CIL_KEY_CONS_H2;
|
|
||||||
-char *CIL_KEY_AND;
|
|
||||||
-char *CIL_KEY_OR;
|
|
||||||
-char *CIL_KEY_NOT;
|
|
||||||
-char *CIL_KEY_EQ;
|
|
||||||
-char *CIL_KEY_NEQ;
|
|
||||||
-char *CIL_KEY_CONS_DOM;
|
|
||||||
-char *CIL_KEY_CONS_DOMBY;
|
|
||||||
-char *CIL_KEY_CONS_INCOMP;
|
|
||||||
-char *CIL_KEY_CONDTRUE;
|
|
||||||
-char *CIL_KEY_CONDFALSE;
|
|
||||||
-char *CIL_KEY_SELF;
|
|
||||||
-char *CIL_KEY_OBJECT_R;
|
|
||||||
-char *CIL_KEY_STAR;
|
|
||||||
-char *CIL_KEY_TCP;
|
|
||||||
-char *CIL_KEY_UDP;
|
|
||||||
-char *CIL_KEY_DCCP;
|
|
||||||
-char *CIL_KEY_SCTP;
|
|
||||||
-char *CIL_KEY_AUDITALLOW;
|
|
||||||
-char *CIL_KEY_TUNABLEIF;
|
|
||||||
-char *CIL_KEY_ALLOW;
|
|
||||||
-char *CIL_KEY_DONTAUDIT;
|
|
||||||
-char *CIL_KEY_TYPETRANSITION;
|
|
||||||
-char *CIL_KEY_TYPECHANGE;
|
|
||||||
-char *CIL_KEY_CALL;
|
|
||||||
-char *CIL_KEY_TUNABLE;
|
|
||||||
-char *CIL_KEY_XOR;
|
|
||||||
-char *CIL_KEY_ALL;
|
|
||||||
-char *CIL_KEY_RANGE;
|
|
||||||
-char *CIL_KEY_GLOB;
|
|
||||||
-char *CIL_KEY_FILE;
|
|
||||||
-char *CIL_KEY_DIR;
|
|
||||||
-char *CIL_KEY_CHAR;
|
|
||||||
-char *CIL_KEY_BLOCK;
|
|
||||||
-char *CIL_KEY_SOCKET;
|
|
||||||
-char *CIL_KEY_PIPE;
|
|
||||||
-char *CIL_KEY_SYMLINK;
|
|
||||||
-char *CIL_KEY_ANY;
|
|
||||||
-char *CIL_KEY_XATTR;
|
|
||||||
-char *CIL_KEY_TASK;
|
|
||||||
-char *CIL_KEY_TRANS;
|
|
||||||
-char *CIL_KEY_TYPE;
|
|
||||||
-char *CIL_KEY_ROLE;
|
|
||||||
-char *CIL_KEY_USER;
|
|
||||||
-char *CIL_KEY_USERATTRIBUTE;
|
|
||||||
-char *CIL_KEY_USERATTRIBUTESET;
|
|
||||||
-char *CIL_KEY_SENSITIVITY;
|
|
||||||
-char *CIL_KEY_CATEGORY;
|
|
||||||
-char *CIL_KEY_CATSET;
|
|
||||||
-char *CIL_KEY_LEVEL;
|
|
||||||
-char *CIL_KEY_LEVELRANGE;
|
|
||||||
-char *CIL_KEY_CLASS;
|
|
||||||
-char *CIL_KEY_IPADDR;
|
|
||||||
-char *CIL_KEY_MAP_CLASS;
|
|
||||||
-char *CIL_KEY_CLASSPERMISSION;
|
|
||||||
-char *CIL_KEY_BOOL;
|
|
||||||
-char *CIL_KEY_STRING;
|
|
||||||
-char *CIL_KEY_NAME;
|
|
||||||
-char *CIL_KEY_SOURCE;
|
|
||||||
-char *CIL_KEY_TARGET;
|
|
||||||
-char *CIL_KEY_LOW;
|
|
||||||
-char *CIL_KEY_HIGH;
|
|
||||||
-char *CIL_KEY_LOW_HIGH;
|
|
||||||
-char *CIL_KEY_HANDLEUNKNOWN;
|
|
||||||
-char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
|
|
||||||
-char *CIL_KEY_HANDLEUNKNOWN_DENY;
|
|
||||||
-char *CIL_KEY_HANDLEUNKNOWN_REJECT;
|
|
||||||
-char *CIL_KEY_MACRO;
|
|
||||||
-char *CIL_KEY_IN;
|
|
||||||
-char *CIL_KEY_MLS;
|
|
||||||
-char *CIL_KEY_DEFAULTRANGE;
|
|
||||||
-char *CIL_KEY_BLOCKINHERIT;
|
|
||||||
-char *CIL_KEY_BLOCKABSTRACT;
|
|
||||||
-char *CIL_KEY_CLASSORDER;
|
|
||||||
-char *CIL_KEY_CLASSMAPPING;
|
|
||||||
-char *CIL_KEY_CLASSPERMISSIONSET;
|
|
||||||
-char *CIL_KEY_COMMON;
|
|
||||||
-char *CIL_KEY_CLASSCOMMON;
|
|
||||||
-char *CIL_KEY_SID;
|
|
||||||
-char *CIL_KEY_SIDCONTEXT;
|
|
||||||
-char *CIL_KEY_SIDORDER;
|
|
||||||
-char *CIL_KEY_USERLEVEL;
|
|
||||||
-char *CIL_KEY_USERRANGE;
|
|
||||||
-char *CIL_KEY_USERBOUNDS;
|
|
||||||
-char *CIL_KEY_USERPREFIX;
|
|
||||||
-char *CIL_KEY_SELINUXUSER;
|
|
||||||
-char *CIL_KEY_SELINUXUSERDEFAULT;
|
|
||||||
-char *CIL_KEY_TYPEATTRIBUTE;
|
|
||||||
-char *CIL_KEY_TYPEATTRIBUTESET;
|
|
||||||
-char *CIL_KEY_EXPANDTYPEATTRIBUTE;
|
|
||||||
-char *CIL_KEY_TYPEALIAS;
|
|
||||||
-char *CIL_KEY_TYPEALIASACTUAL;
|
|
||||||
-char *CIL_KEY_TYPEBOUNDS;
|
|
||||||
-char *CIL_KEY_TYPEPERMISSIVE;
|
|
||||||
-char *CIL_KEY_RANGETRANSITION;
|
|
||||||
-char *CIL_KEY_USERROLE;
|
|
||||||
-char *CIL_KEY_ROLETYPE;
|
|
||||||
-char *CIL_KEY_ROLETRANSITION;
|
|
||||||
-char *CIL_KEY_ROLEALLOW;
|
|
||||||
-char *CIL_KEY_ROLEATTRIBUTE;
|
|
||||||
-char *CIL_KEY_ROLEATTRIBUTESET;
|
|
||||||
-char *CIL_KEY_ROLEBOUNDS;
|
|
||||||
-char *CIL_KEY_BOOLEANIF;
|
|
||||||
-char *CIL_KEY_NEVERALLOW;
|
|
||||||
-char *CIL_KEY_TYPEMEMBER;
|
|
||||||
-char *CIL_KEY_SENSALIAS;
|
|
||||||
-char *CIL_KEY_SENSALIASACTUAL;
|
|
||||||
-char *CIL_KEY_CATALIAS;
|
|
||||||
-char *CIL_KEY_CATALIASACTUAL;
|
|
||||||
-char *CIL_KEY_CATORDER;
|
|
||||||
-char *CIL_KEY_SENSITIVITYORDER;
|
|
||||||
-char *CIL_KEY_SENSCAT;
|
|
||||||
-char *CIL_KEY_CONSTRAIN;
|
|
||||||
-char *CIL_KEY_MLSCONSTRAIN;
|
|
||||||
-char *CIL_KEY_VALIDATETRANS;
|
|
||||||
-char *CIL_KEY_MLSVALIDATETRANS;
|
|
||||||
-char *CIL_KEY_CONTEXT;
|
|
||||||
-char *CIL_KEY_FILECON;
|
|
||||||
-char *CIL_KEY_IBPKEYCON;
|
|
||||||
-char *CIL_KEY_IBENDPORTCON;
|
|
||||||
-char *CIL_KEY_PORTCON;
|
|
||||||
-char *CIL_KEY_NODECON;
|
|
||||||
-char *CIL_KEY_GENFSCON;
|
|
||||||
-char *CIL_KEY_NETIFCON;
|
|
||||||
-char *CIL_KEY_PIRQCON;
|
|
||||||
-char *CIL_KEY_IOMEMCON;
|
|
||||||
-char *CIL_KEY_IOPORTCON;
|
|
||||||
-char *CIL_KEY_PCIDEVICECON;
|
|
||||||
-char *CIL_KEY_DEVICETREECON;
|
|
||||||
-char *CIL_KEY_FSUSE;
|
|
||||||
-char *CIL_KEY_POLICYCAP;
|
|
||||||
-char *CIL_KEY_OPTIONAL;
|
|
||||||
-char *CIL_KEY_DEFAULTUSER;
|
|
||||||
-char *CIL_KEY_DEFAULTROLE;
|
|
||||||
-char *CIL_KEY_DEFAULTTYPE;
|
|
||||||
-char *CIL_KEY_ROOT;
|
|
||||||
-char *CIL_KEY_NODE;
|
|
||||||
-char *CIL_KEY_PERM;
|
|
||||||
-char *CIL_KEY_ALLOWX;
|
|
||||||
-char *CIL_KEY_AUDITALLOWX;
|
|
||||||
-char *CIL_KEY_DONTAUDITX;
|
|
||||||
-char *CIL_KEY_NEVERALLOWX;
|
|
||||||
-char *CIL_KEY_PERMISSIONX;
|
|
||||||
-char *CIL_KEY_IOCTL;
|
|
||||||
-char *CIL_KEY_UNORDERED;
|
|
||||||
-char *CIL_KEY_SRC_INFO;
|
|
||||||
-char *CIL_KEY_SRC_CIL;
|
|
||||||
-char *CIL_KEY_SRC_HLL;
|
|
||||||
+extern char *CIL_KEY_CONS_T1;
|
|
||||||
+extern char *CIL_KEY_CONS_T2;
|
|
||||||
+extern char *CIL_KEY_CONS_T3;
|
|
||||||
+extern char *CIL_KEY_CONS_R1;
|
|
||||||
+extern char *CIL_KEY_CONS_R2;
|
|
||||||
+extern char *CIL_KEY_CONS_R3;
|
|
||||||
+extern char *CIL_KEY_CONS_U1;
|
|
||||||
+extern char *CIL_KEY_CONS_U2;
|
|
||||||
+extern char *CIL_KEY_CONS_U3;
|
|
||||||
+extern char *CIL_KEY_CONS_L1;
|
|
||||||
+extern char *CIL_KEY_CONS_L2;
|
|
||||||
+extern char *CIL_KEY_CONS_H1;
|
|
||||||
+extern char *CIL_KEY_CONS_H2;
|
|
||||||
+extern char *CIL_KEY_AND;
|
|
||||||
+extern char *CIL_KEY_OR;
|
|
||||||
+extern char *CIL_KEY_NOT;
|
|
||||||
+extern char *CIL_KEY_EQ;
|
|
||||||
+extern char *CIL_KEY_NEQ;
|
|
||||||
+extern char *CIL_KEY_CONS_DOM;
|
|
||||||
+extern char *CIL_KEY_CONS_DOMBY;
|
|
||||||
+extern char *CIL_KEY_CONS_INCOMP;
|
|
||||||
+extern char *CIL_KEY_CONDTRUE;
|
|
||||||
+extern char *CIL_KEY_CONDFALSE;
|
|
||||||
+extern char *CIL_KEY_SELF;
|
|
||||||
+extern char *CIL_KEY_OBJECT_R;
|
|
||||||
+extern char *CIL_KEY_STAR;
|
|
||||||
+extern char *CIL_KEY_TCP;
|
|
||||||
+extern char *CIL_KEY_UDP;
|
|
||||||
+extern char *CIL_KEY_DCCP;
|
|
||||||
+extern char *CIL_KEY_SCTP;
|
|
||||||
+extern char *CIL_KEY_AUDITALLOW;
|
|
||||||
+extern char *CIL_KEY_TUNABLEIF;
|
|
||||||
+extern char *CIL_KEY_ALLOW;
|
|
||||||
+extern char *CIL_KEY_DONTAUDIT;
|
|
||||||
+extern char *CIL_KEY_TYPETRANSITION;
|
|
||||||
+extern char *CIL_KEY_TYPECHANGE;
|
|
||||||
+extern char *CIL_KEY_CALL;
|
|
||||||
+extern char *CIL_KEY_TUNABLE;
|
|
||||||
+extern char *CIL_KEY_XOR;
|
|
||||||
+extern char *CIL_KEY_ALL;
|
|
||||||
+extern char *CIL_KEY_RANGE;
|
|
||||||
+extern char *CIL_KEY_GLOB;
|
|
||||||
+extern char *CIL_KEY_FILE;
|
|
||||||
+extern char *CIL_KEY_DIR;
|
|
||||||
+extern char *CIL_KEY_CHAR;
|
|
||||||
+extern char *CIL_KEY_BLOCK;
|
|
||||||
+extern char *CIL_KEY_SOCKET;
|
|
||||||
+extern char *CIL_KEY_PIPE;
|
|
||||||
+extern char *CIL_KEY_SYMLINK;
|
|
||||||
+extern char *CIL_KEY_ANY;
|
|
||||||
+extern char *CIL_KEY_XATTR;
|
|
||||||
+extern char *CIL_KEY_TASK;
|
|
||||||
+extern char *CIL_KEY_TRANS;
|
|
||||||
+extern char *CIL_KEY_TYPE;
|
|
||||||
+extern char *CIL_KEY_ROLE;
|
|
||||||
+extern char *CIL_KEY_USER;
|
|
||||||
+extern char *CIL_KEY_USERATTRIBUTE;
|
|
||||||
+extern char *CIL_KEY_USERATTRIBUTESET;
|
|
||||||
+extern char *CIL_KEY_SENSITIVITY;
|
|
||||||
+extern char *CIL_KEY_CATEGORY;
|
|
||||||
+extern char *CIL_KEY_CATSET;
|
|
||||||
+extern char *CIL_KEY_LEVEL;
|
|
||||||
+extern char *CIL_KEY_LEVELRANGE;
|
|
||||||
+extern char *CIL_KEY_CLASS;
|
|
||||||
+extern char *CIL_KEY_IPADDR;
|
|
||||||
+extern char *CIL_KEY_MAP_CLASS;
|
|
||||||
+extern char *CIL_KEY_CLASSPERMISSION;
|
|
||||||
+extern char *CIL_KEY_BOOL;
|
|
||||||
+extern char *CIL_KEY_STRING;
|
|
||||||
+extern char *CIL_KEY_NAME;
|
|
||||||
+extern char *CIL_KEY_SOURCE;
|
|
||||||
+extern char *CIL_KEY_TARGET;
|
|
||||||
+extern char *CIL_KEY_LOW;
|
|
||||||
+extern char *CIL_KEY_HIGH;
|
|
||||||
+extern char *CIL_KEY_LOW_HIGH;
|
|
||||||
+extern char *CIL_KEY_HANDLEUNKNOWN;
|
|
||||||
+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
|
|
||||||
+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
|
|
||||||
+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
|
|
||||||
+extern char *CIL_KEY_MACRO;
|
|
||||||
+extern char *CIL_KEY_IN;
|
|
||||||
+extern char *CIL_KEY_MLS;
|
|
||||||
+extern char *CIL_KEY_DEFAULTRANGE;
|
|
||||||
+extern char *CIL_KEY_BLOCKINHERIT;
|
|
||||||
+extern char *CIL_KEY_BLOCKABSTRACT;
|
|
||||||
+extern char *CIL_KEY_CLASSORDER;
|
|
||||||
+extern char *CIL_KEY_CLASSMAPPING;
|
|
||||||
+extern char *CIL_KEY_CLASSPERMISSIONSET;
|
|
||||||
+extern char *CIL_KEY_COMMON;
|
|
||||||
+extern char *CIL_KEY_CLASSCOMMON;
|
|
||||||
+extern char *CIL_KEY_SID;
|
|
||||||
+extern char *CIL_KEY_SIDCONTEXT;
|
|
||||||
+extern char *CIL_KEY_SIDORDER;
|
|
||||||
+extern char *CIL_KEY_USERLEVEL;
|
|
||||||
+extern char *CIL_KEY_USERRANGE;
|
|
||||||
+extern char *CIL_KEY_USERBOUNDS;
|
|
||||||
+extern char *CIL_KEY_USERPREFIX;
|
|
||||||
+extern char *CIL_KEY_SELINUXUSER;
|
|
||||||
+extern char *CIL_KEY_SELINUXUSERDEFAULT;
|
|
||||||
+extern char *CIL_KEY_TYPEATTRIBUTE;
|
|
||||||
+extern char *CIL_KEY_TYPEATTRIBUTESET;
|
|
||||||
+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
|
|
||||||
+extern char *CIL_KEY_TYPEALIAS;
|
|
||||||
+extern char *CIL_KEY_TYPEALIASACTUAL;
|
|
||||||
+extern char *CIL_KEY_TYPEBOUNDS;
|
|
||||||
+extern char *CIL_KEY_TYPEPERMISSIVE;
|
|
||||||
+extern char *CIL_KEY_RANGETRANSITION;
|
|
||||||
+extern char *CIL_KEY_USERROLE;
|
|
||||||
+extern char *CIL_KEY_ROLETYPE;
|
|
||||||
+extern char *CIL_KEY_ROLETRANSITION;
|
|
||||||
+extern char *CIL_KEY_ROLEALLOW;
|
|
||||||
+extern char *CIL_KEY_ROLEATTRIBUTE;
|
|
||||||
+extern char *CIL_KEY_ROLEATTRIBUTESET;
|
|
||||||
+extern char *CIL_KEY_ROLEBOUNDS;
|
|
||||||
+extern char *CIL_KEY_BOOLEANIF;
|
|
||||||
+extern char *CIL_KEY_NEVERALLOW;
|
|
||||||
+extern char *CIL_KEY_TYPEMEMBER;
|
|
||||||
+extern char *CIL_KEY_SENSALIAS;
|
|
||||||
+extern char *CIL_KEY_SENSALIASACTUAL;
|
|
||||||
+extern char *CIL_KEY_CATALIAS;
|
|
||||||
+extern char *CIL_KEY_CATALIASACTUAL;
|
|
||||||
+extern char *CIL_KEY_CATORDER;
|
|
||||||
+extern char *CIL_KEY_SENSITIVITYORDER;
|
|
||||||
+extern char *CIL_KEY_SENSCAT;
|
|
||||||
+extern char *CIL_KEY_CONSTRAIN;
|
|
||||||
+extern char *CIL_KEY_MLSCONSTRAIN;
|
|
||||||
+extern char *CIL_KEY_VALIDATETRANS;
|
|
||||||
+extern char *CIL_KEY_MLSVALIDATETRANS;
|
|
||||||
+extern char *CIL_KEY_CONTEXT;
|
|
||||||
+extern char *CIL_KEY_FILECON;
|
|
||||||
+extern char *CIL_KEY_IBPKEYCON;
|
|
||||||
+extern char *CIL_KEY_IBENDPORTCON;
|
|
||||||
+extern char *CIL_KEY_PORTCON;
|
|
||||||
+extern char *CIL_KEY_NODECON;
|
|
||||||
+extern char *CIL_KEY_GENFSCON;
|
|
||||||
+extern char *CIL_KEY_NETIFCON;
|
|
||||||
+extern char *CIL_KEY_PIRQCON;
|
|
||||||
+extern char *CIL_KEY_IOMEMCON;
|
|
||||||
+extern char *CIL_KEY_IOPORTCON;
|
|
||||||
+extern char *CIL_KEY_PCIDEVICECON;
|
|
||||||
+extern char *CIL_KEY_DEVICETREECON;
|
|
||||||
+extern char *CIL_KEY_FSUSE;
|
|
||||||
+extern char *CIL_KEY_POLICYCAP;
|
|
||||||
+extern char *CIL_KEY_OPTIONAL;
|
|
||||||
+extern char *CIL_KEY_DEFAULTUSER;
|
|
||||||
+extern char *CIL_KEY_DEFAULTROLE;
|
|
||||||
+extern char *CIL_KEY_DEFAULTTYPE;
|
|
||||||
+extern char *CIL_KEY_ROOT;
|
|
||||||
+extern char *CIL_KEY_NODE;
|
|
||||||
+extern char *CIL_KEY_PERM;
|
|
||||||
+extern char *CIL_KEY_ALLOWX;
|
|
||||||
+extern char *CIL_KEY_AUDITALLOWX;
|
|
||||||
+extern char *CIL_KEY_DONTAUDITX;
|
|
||||||
+extern char *CIL_KEY_NEVERALLOWX;
|
|
||||||
+extern char *CIL_KEY_PERMISSIONX;
|
|
||||||
+extern char *CIL_KEY_IOCTL;
|
|
||||||
+extern char *CIL_KEY_UNORDERED;
|
|
||||||
+extern char *CIL_KEY_SRC_INFO;
|
|
||||||
+extern char *CIL_KEY_SRC_CIL;
|
|
||||||
+extern char *CIL_KEY_SRC_HLL;
|
|
||||||
|
|
||||||
/*
|
|
||||||
Symbol Table Array Indices
|
|
||||||
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:a34b12b038d121e3e459b1cbaca3c9202e983137819c16baf63658390e3f1d5d
|
|
||||||
size 474861
|
|
||||||
3
libsepol-3.0.tar.gz
Normal file
3
libsepol-3.0.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5b7ae1881909f1048b06f7a0c364c5c8a86ec12e0ec76e740fe9595a6033eb79
|
||||||
|
size 473864
|
||||||
@ -1,3 +1,20 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Mar 3 12:17:04 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
||||||
|
|
||||||
|
- Update to version 3.0
|
||||||
|
* cil: Allow validatetrans rules to be resolved
|
||||||
|
* cil: Report disabling an optional block only at high verbose levels
|
||||||
|
* cil: do not dereference perm_value_to_cil when it has not been allocated
|
||||||
|
* cil: fix mlsconstrain segfault
|
||||||
|
* Further improve binary policy optimization
|
||||||
|
* Make an unknown permission an error in CIL
|
||||||
|
* Remove cil_mem_error_handler() function pointer
|
||||||
|
* Use LIBSEPOL_3.0 and fix sepol_policydb_optimize symbol mapping
|
||||||
|
* Add a function to optimize kernel policy
|
||||||
|
* Add ebitmap_for_each_set_bit macro
|
||||||
|
|
||||||
|
Dropped fnocommon.patch as it's included upstream
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 30 14:11:56 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
Thu Jan 30 14:11:56 UTC 2020 - Johannes Segitz <jsegitz@suse.de>
|
||||||
|
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package libsepol
|
# spec file for package libsepol
|
||||||
#
|
#
|
||||||
# Copyright (c) 2020 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2020 SUSE LLC
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -17,15 +17,14 @@
|
|||||||
|
|
||||||
|
|
||||||
Name: libsepol
|
Name: libsepol
|
||||||
Version: 2.9
|
Version: 3.0
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: SELinux binary policy manipulation library
|
Summary: SELinux binary policy manipulation library
|
||||||
License: LGPL-2.1-or-later
|
License: LGPL-2.1-or-later
|
||||||
Group: Development/Libraries/C and C++
|
Group: Development/Libraries/C and C++
|
||||||
Url: https://github.com/SELinuxProject/selinux/wiki/Releases
|
URL: https://github.com/SELinuxProject/selinux/wiki/Releases
|
||||||
Source: https://github.com/SELinuxProject/selinux/releases/download/20190315/%{name}-%{version}.tar.gz
|
Source: https://github.com/SELinuxProject/selinux/releases/download/20191204/%{name}-%{version}.tar.gz
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Patch0: fnocommon.patch
|
|
||||||
Patch1: remove_cil_mem_error_handler.patch
|
Patch1: remove_cil_mem_error_handler.patch
|
||||||
BuildRequires: flex
|
BuildRequires: flex
|
||||||
BuildRequires: pkgconfig
|
BuildRequires: pkgconfig
|
||||||
@ -88,7 +87,6 @@ policies.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q
|
%setup -q
|
||||||
%patch0 -p1
|
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user