tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge remote-tracking branch 'aosp/upstream-master' into mymerge

Browse source 
Test: Builds.
Change-Id: I5069d965a008bb9b27a6652794ea76131949f35f
This commit is contained in:
Dan Cashman 2017-09-19 14:24:46 -07:00
commit 8f76b0cd3e
51 changed files with 174 additions and 54 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
Makefile
View file

@ -6,6 +6,16 @@ DISTCLEANSUBDIRS=libselinux libsemanage
ifeq ($(DEBUG),1)
export CFLAGS = -g3 -O0 -gdwarf-2 -fno-strict-aliasing -Wall -Wshadow -Werror
export LDFLAGS = -g
else
export CFLAGS ?= -O2 -Werror -Wall -Wextra \
-Wmissing-format-attribute \
-Wmissing-noreturn \
-Wpointer-arith \
-Wshadow \
-Wstrict-prototypes \
-Wundef \
-Wunused \
-Wwrite-strings
endif
ifneq ($(DESTDIR),)

2
checkpolicy/checkmodule.8
View file

@ -64,4 +64,4 @@ especially "Configuring the SELinux Policy".
This manual page was copied from the checkpolicy man page
written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
and edited by Dan Walsh <dwalsh@redhat.com>.
The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
The program was written by Stephen Smalley <sds@tycho.nsa.gov>.

4
checkpolicy/checkpolicy.8
View file

@ -58,5 +58,5 @@ especially "Configuring the SELinux Policy".
.SH AUTHOR
This manual page was written by Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
and edited by Stephen Smalley <sds@epoch.ncsc.mil>.
The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
and edited by Stephen Smalley <sds@tycho.nsa.gov>.
The program was written by Stephen Smalley <sds@tycho.nsa.gov>.

2
checkpolicy/checkpolicy.c
View file

@ -1,6 +1,6 @@
/*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*

2
checkpolicy/policy_define.c
View file

@ -1,5 +1,5 @@
/*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*

2
checkpolicy/policy_parse.y
View file

@ -1,6 +1,6 @@
/*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*

2
checkpolicy/policy_scan.l
View file

@ -1,6 +1,6 @@
/*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/* Updated: David Caplan, <dac@tresys.com>

2
checkpolicy/queue.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
checkpolicy/queue.h
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libselinux/src/avc.c
View file

@ -4,7 +4,7 @@
* Author : Eamon Walsh <ewalsh@epoch.ncsc.mil>
*
* Derived from the kernel AVC implementation by
* Stephen Smalley <sds@epoch.ncsc.mil> and
* Stephen Smalley <sds@tycho.nsa.gov> and
* James Morris <jmorris@redhat.com>.
*/
#include <selinux/avc.h>

1
libsepol/cil/include/cil/cil.h
View file

@ -50,6 +50,7 @@ extern int cil_userprefixes_to_string(cil_db_t *db, char **out, size_t *size);
extern int cil_selinuxusers_to_string(cil_db_t *db, char **out, size_t *size);
extern int cil_filecons_to_string(cil_db_t *db, char **out, size_t *size);
extern void cil_set_disable_dontaudit(cil_db_t *db, int disable_dontaudit);
extern void cil_set_multiple_decls(cil_db_t *db, int multiple_decls);
extern void cil_set_disable_neverallow(cil_db_t *db, int disable_neverallow);
extern void cil_set_preserve_tunables(cil_db_t *db, int preserve_tunables);
extern int cil_set_handle_unknown(cil_db_t *db, int handle_unknown);

5
libsepol/cil/src/cil.c
View file

@ -1691,6 +1691,11 @@ void cil_set_mls(struct cil_db *db, int mls)
db->mls = mls;
}
void cil_set_multiple_decls(struct cil_db *db, int multiple_decls)
{
db->multiple_decls = multiple_decls;
}
void cil_set_target_platform(struct cil_db *db, int target_platform)
{
db->target_platform = target_platform;

50
libsepol/cil/src/cil_build_ast.c
View file

@ -82,10 +82,33 @@ exit:
return rc;
}
int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor)
/*
* Determine whether or not multiple declarations of the same key can share a
* datum, given the new datum and the one already present in a given symtab.
*/
int cil_is_datum_multiple_decl(__attribute__((unused)) struct cil_symtab_datum *cur,
__attribute__((unused)) struct cil_symtab_datum *old,
enum cil_flavor f)
{
int rc = CIL_FALSE;
switch (f) {
case CIL_TYPE:
case CIL_TYPEATTRIBUTE:
/* type and typeattribute statements insert empty datums, ret true */
rc = CIL_TRUE;
break;
default:
break;
}
return rc;
}
int cil_gen_node(struct cil_db *db, struct cil_tree_node *ast_node, struct cil_symtab_datum *datum, hashtab_key_t key, enum cil_sym_index sflavor, enum cil_flavor nflavor)
{
int rc = SEPOL_ERR;
symtab_t *symtab = NULL;
struct cil_symtab_datum *prev;
rc = __cil_verify_name((const char*)key);
if (rc != SEPOL_OK) {
@ -103,15 +126,26 @@ int cil_gen_node(__attribute__((unused)) struct cil_db *db, struct cil_tree_node
if (symtab != NULL) {
rc = cil_symtab_insert(symtab, (hashtab_key_t)key, datum, ast_node);
if (rc == SEPOL_EEXIST) {
cil_log(CIL_ERR, "Re-declaration of %s %s\n",
cil_node_to_string(ast_node), key);
if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) {
if (sflavor == CIL_SYM_BLOCKS) {
struct cil_tree_node *node = datum->nodes->head->data;
cil_tree_log(node, CIL_ERR, "Previous declaration");
if (!db->multiple_decls ||
cil_symtab_get_datum(symtab, (hashtab_key_t)key, &prev) != SEPOL_OK ||
!cil_is_datum_multiple_decl(datum, prev, nflavor)) {
/* multiple_decls not ok, ret error */
cil_log(CIL_ERR, "Re-declaration of %s %s\n",
cil_node_to_string(ast_node), key);
if (cil_symtab_get_datum(symtab, key, &datum) == SEPOL_OK) {
if (sflavor == CIL_SYM_BLOCKS) {
struct cil_tree_node *node = datum->nodes->head->data;
cil_tree_log(node, CIL_ERR, "Previous declaration");
}
}
goto exit;
}
goto exit;
/* multiple_decls is enabled and works for this datum type, add node */
cil_list_append(prev->nodes, CIL_NODE, ast_node);
ast_node->data = prev;
cil_symtab_datum_destroy(datum);
free(datum);
}
}

1
libsepol/cil/src/cil_internal.h
View file

@ -316,6 +316,7 @@ struct cil_db {
int preserve_tunables;
int handle_unknown;
int mls;
int multiple_decls;
int target_platform;
int policy_version;
};

2
libsepol/cil/src/cil_policy.c
View file

@ -775,7 +775,7 @@ static void cil_classes_to_policy(FILE *out, struct cil_list *classorder)
}
}
static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, char *kind)
static void cil_defaults_to_policy(FILE *out, struct cil_list *defaults, const char *kind)
{
struct cil_list_item *i1, *i2, *i3;
struct cil_default *def;

55
libsepol/cil/src/cil_post.c
View file

@ -1297,6 +1297,55 @@ static int cil_typeattribute_used(struct cil_typeattribute *attr, struct cil_db
return CIL_TRUE;
}
static void __mark_neverallow_attrs(struct cil_list *expr_list)
{
struct cil_list_item *curr;
cil_list_for_each(curr, expr_list) {
if (curr->flavor == CIL_DATUM) {
if (NODE(curr->data)->flavor == CIL_TYPEATTRIBUTE) {
struct cil_typeattribute *attr = curr->data;
if (strstr(DATUM(attr)->name, TYPEATTR_INFIX)) {
__mark_neverallow_attrs(attr->expr_list);
} else {
attr->used |= CIL_ATTR_NEVERALLOW;
}
}
} else if (curr->flavor == CIL_LIST) {
__mark_neverallow_attrs(curr->data);
}
}
}
static int __cil_post_db_neverallow_attr_helper(struct cil_tree_node *node, uint32_t *finished, __attribute__((unused)) void *extra_args)
{
switch (node->flavor) {
case CIL_BLOCK: {
struct cil_block *blk = node->data;
if (blk->is_abstract == CIL_TRUE) {
*finished = CIL_TREE_SKIP_HEAD;
}
break;
}
case CIL_MACRO: {
*finished = CIL_TREE_SKIP_HEAD;
break;
}
case CIL_TYPEATTRIBUTE: {
struct cil_typeattribute *attr = node->data;
if ((attr->used & CIL_ATTR_NEVERALLOW) &&
strstr(DATUM(attr)->name, TYPEATTR_INFIX)) {
__mark_neverallow_attrs(attr->expr_list);
}
break;
}
default:
break;
}
return SEPOL_OK;
}
static int __cil_post_db_attr_helper(struct cil_tree_node *node, uint32_t *finished, void *extra_args)
{
int rc = SEPOL_ERR;
@ -2031,6 +2080,12 @@ static int cil_post_db(struct cil_db *db)
goto exit;
}
rc = cil_tree_walk(db->ast->root, __cil_post_db_neverallow_attr_helper, NULL, NULL, db);
if (rc != SEPOL_OK) {
cil_log(CIL_INFO, "Failed to mark attributes used by generated attributes used in neverallow rules\n");
goto exit;
}
rc = cil_tree_walk(db->ast->root, __cil_post_db_attr_helper, NULL, NULL, db);
if (rc != SEPOL_OK) {
cil_log(CIL_INFO, "Failed to create attribute bitmaps\n");

1
libsepol/cil/src/cil_strpool.c
View file

@ -119,6 +119,7 @@ void cil_strpool_destroy(void)
if (cil_strpool_readers == 0) {
hashtab_map(cil_strpool_tab, cil_strpool_entry_destroy, NULL);
hashtab_destroy(cil_strpool_tab);
cil_strpool_tab = NULL;
}
pthread_mutex_unlock(&cil_strpool_mutex);
}

2
libsepol/include/sepol/policydb/avtab.h
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>

2
libsepol/include/sepol/policydb/constraint.h
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/include/sepol/policydb/context.h
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/include/sepol/policydb/ebitmap.h
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/include/sepol/policydb/flask_types.h
View file

@ -1,7 +1,7 @@
/* -*- linux-c -*- */
/*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SEPOL_POLICYDB_FLASK_TYPES_H_

2
libsepol/include/sepol/policydb/hashtab.h
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/include/sepol/policydb/mls_types.h
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
*

2
libsepol/include/sepol/policydb/policydb.h
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated: Joshua Brindle <jbrindle@tresys.com>

2
libsepol/include/sepol/policydb/services.h
View file

@ -2,7 +2,7 @@
/* -*- linux-c -*- */
/*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
#ifndef _SEPOL_POLICYDB_SERVICES_H_

2
libsepol/include/sepol/policydb/sidtab.h
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/include/sepol/policydb/symtab.h
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/man/man3/sepol_genbools.3
View file

@ -1,4 +1,4 @@
.TH "sepol_genbools" "3" "11 August 2004" "sds@epoch.ncsc.mil" "SE Linux binary policy API documentation"
.TH "sepol_genbools" "3" "11 August 2004" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation"
.SH "NAME"
sepol_genbools \- Rewrite a binary policy with different boolean settings
.SH "SYNOPSIS"

2
libsepol/man/man8/genpolbools.8
View file

@ -1,4 +1,4 @@
.TH "genpolbools" "8" "11 August 2004" "sds@epoch.ncsc.mil" "SELinux Command Line documentation"
.TH "genpolbools" "8" "11 August 2004" "sds@tycho.nsa.gov" "SELinux Command Line documentation"
.SH "NAME"
genpolbools \- Rewrite a binary policy with different boolean settings
.SH "SYNOPSIS"

2
libsepol/src/avtab.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated: Yuichi Nakamura <ynakam@hitachisoft.jp>

2
libsepol/src/ebitmap.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/src/hashtab.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated : Karl MacMillan <kmacmillan@mentalrootkit.com>

2
libsepol/src/kernel_to_cil.c
View file

@ -2788,7 +2788,7 @@ static int write_selinux_ibpkey_rules_to_cil(FILE *out, struct policydb *pdb)
{
struct ocontext *ibpkeycon;
char subnet_prefix_str[INET6_ADDRSTRLEN];
struct in6_addr subnet_prefix = {0};
struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT;
uint16_t low;
uint16_t high;
char low_high_str[44]; /* 2^64 <= 20 digits so "(low high)" <= 44 chars */

2
libsepol/src/kernel_to_conf.c
View file

@ -2649,7 +2649,7 @@ static int write_selinux_ibpkey_rules_to_conf(FILE *out, struct policydb *pdb)
{
struct ocontext *ibpkeycon;
char subnet_prefix_str[INET6_ADDRSTRLEN];
struct in6_addr subnet_prefix = {0};
struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT;
uint16_t low;
uint16_t high;
char low_high_str[44]; /* 2^64 <= 20 digits so "low-high" <= 44 chars */

1
libsepol/src/libsepol.map.in
View file

@ -49,6 +49,7 @@ LIBSEPOL_1.1 {
cil_set_mls;
cil_set_attrs_expand_generated;
cil_set_attrs_expand_size;
cil_set_multiple_decls;
cil_write_policy_conf;
sepol_ppfile_to_module_package;
sepol_module_package_to_cil;

2
libsepol/src/mls.c
View file

@ -1,4 +1,4 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
*

2
libsepol/src/mls.h
View file

@ -1,4 +1,4 @@
/* Author: Stephen Smalley, <sds@epoch.ncsc.mil>
/* Author: Stephen Smalley, <sds@tycho.nsa.gov>
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>
*
* Support for enhanced MLS infrastructure.

2
libsepol/src/module_to_cil.c
View file

@ -2687,7 +2687,7 @@ static int ocontext_selinux_ibpkey_to_cil(struct policydb *pdb,
int rc = -1;
struct ocontext *ibpkeycon;
char subnet_prefix_str[INET6_ADDRSTRLEN];
struct in6_addr subnet_prefix = {0};
struct in6_addr subnet_prefix = IN6ADDR_ANY_INIT;
uint16_t high;
uint16_t low;

2
libsepol/src/policydb.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>

2
libsepol/src/services.c
View file

@ -1,6 +1,6 @@
/*
* Author : Stephen Smalley, <sds@epoch.ncsc.mil>
* Author : Stephen Smalley, <sds@tycho.nsa.gov>
*/
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>

2
libsepol/src/sidtab.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/src/symtab.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
libsepol/src/write.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/*
* Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com>

2
policycoreutils/load_policy/load_policy.8
View file

@ -39,4 +39,4 @@ Initial policy load failed and enforcing mode requested
.SH AUTHORS
.nf
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
The program was written by Stephen Smalley <sds@epoch.ncsc.mil>.
The program was written by Stephen Smalley <sds@tycho.nsa.gov>.

2
policycoreutils/newrole/hashtab.c
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
policycoreutils/newrole/hashtab.h
View file

@ -1,5 +1,5 @@
/* Author : Stephen Smalley, <sds@epoch.ncsc.mil> */
/* Author : Stephen Smalley, <sds@tycho.nsa.gov> */
/* FLASK */

2
policycoreutils/setfiles/setfiles.8
View file

@ -255,7 +255,7 @@ being updated provided there are no errors.
.SH "AUTHOR"
This man page was written by Russell Coker <russell@coker.com.au>.
The program was written by Stephen Smalley <sds@epoch.ncsc.mil>
The program was written by Stephen Smalley <sds@tycho.nsa.gov>
.SH "SEE ALSO"
.BR restorecon (8),

11
restorecond/restorecond.c
View file

@ -103,7 +103,10 @@ static int write_pid_file(void)
pidfile = 0;
return 1;
}
(void)write(pidfd, val, (unsigned int)len);
if (write(pidfd, val, (unsigned int)len) != len) {
syslog(LOG_ERR, "Unable to write to pidfile (%s)", strerror(errno));
return 1;
}
close(pidfd);
return 0;
}
@ -204,8 +207,10 @@ int main(int argc, char **argv)
watch_file = server_watch_file;
read_config(master_fd, watch_file);
if (!debug_mode)
daemon(0, 0);
if (!debug_mode) {
if (daemon(0, 0) < 0)
exitApp("daemon");
}
write_pid_file();

2
secilc/docs/cil_role_statements.md
View file

@ -84,7 +84,7 @@ This example will declare [`role`](cil_role_statements.md#role) and [`type`](cil
roleattribute
-------------
Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`typeattributeset`](cil_type_statements.md#typeattributeset) statement.
Declares a role attribute identifier in the current namespace. The identifier may have zero or more [`role`](cil_role_statements.md#role) and [`roleattribute`](cil_role_statements.md#roleattribute) identifiers associated to it via the [`roleattributeset`](cil_role_statements.md#roleattributeset) statement.
**Statement definition:**

9
secilc/secilc.c
View file

@ -63,6 +63,7 @@ static __attribute__((__noreturn__)) void usage(const char *prog)
printf(" statement if present in the policy\n");
printf(" -D, --disable-dontaudit do not add dontaudit rules to the binary policy\n");
printf(" -P, --preserve-tunables treat tunables as booleans\n");
printf(" -m, --multiple-decls allow some statements to be re-declared\n");
printf(" -N, --disable-neverallow do not check neverallow rules\n");
printf(" -G, --expand-generated Expand and remove auto-generated attributes\n");
printf(" -X, --expand-size <SIZE> Expand type attributes with fewer than <SIZE>\n");
@ -89,6 +90,7 @@ int main(int argc, char *argv[])
int target = SEPOL_TARGET_SELINUX;
int mls = -1;
int disable_dontaudit = 0;
int multiple_decls = 0;
int disable_neverallow = 0;
int preserve_tunables = 0;
int handle_unknown = -1;
@ -108,6 +110,7 @@ int main(int argc, char *argv[])
{"policyversion", required_argument, 0, 'c'},
{"handle-unknown", required_argument, 0, 'U'},
{"disable-dontaudit", no_argument, 0, 'D'},
{"multiple-decls", no_argument, 0, 'm'},
{"disable-neverallow", no_argument, 0, 'N'},
{"preserve-tunables", no_argument, 0, 'P'},
{"output", required_argument, 0, 'o'},
@ -119,7 +122,7 @@ int main(int argc, char *argv[])
int i;
while (1) {
opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDNc:GX:", long_opts, &opt_index);
opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index);
if (opt_char == -1) {
break;
}
@ -175,6 +178,9 @@ int main(int argc, char *argv[])
case 'D':
disable_dontaudit = 1;
break;
case 'm':
multiple_decls = 1;
break;
case 'N':
disable_neverallow = 1;
break;
@ -223,6 +229,7 @@ int main(int argc, char *argv[])
cil_db_init(&db);
cil_set_disable_dontaudit(db, disable_dontaudit);
cil_set_multiple_decls(db, multiple_decls);
cil_set_disable_neverallow(db, disable_neverallow);
cil_set_preserve_tunables(db, preserve_tunables);
if (handle_unknown != -1) {