We were previously on 3.5-rc2, there has been only little changes since
then.
Followed the steps:
repo start update_3.5 .
git merge 3.5 --no-ff # No merge conflicts were found.
lunch && m
repo upload .
# Update METADATA in a separate change.
Test: TH
Change-Id: If88fe90d2cbdb1ba6a279cba8b397cd2c808c6ab
- Reference renamed file: COPYING -> LICENSE in Android.bp
- Fix constext_str calls now returning const char *
- Comment out cil_write_src_info_node which is not used on Android
- Include new selinux_internal.c source file
Bug: 253327909
Test: build and boot on bramble
Test: sediff between current and new policy; no change
Change-Id: I506479befb3c0b99136cd842b2a77a6a8bea18ed
Provide a top level LICENSE file explaining how multiple the SELinux
userspace is released under multiple different licenses. Also ensure
that all the different license files share a consistent file name,
LICENSE, to make it easier for people to identify the license files.
This is to help meet the OpenSSF Best Practices requirements.
Signed-off-by: Paul Moore <paul@paul-moore.com>
Some time ago pandoc started shipping a default css file for html, while
that is nice, it limits the max-width of the body element to 36em. We
have a lot of tables, code examples, etc... in the manual that are too
big for that, requiring constant scrolling.
See https://github.com/jgm/pandoc/blob/master/data/templates/styles.html
for the default used.
While some styling, perhaps even dark/light mode support in the CSS
would be nice, I didn't manage to find a simple way to achieve this, so
for now just disable the CSS.
Expand the arguments for pandoc in the Makefile for better readability.
Signed-off-by: Jonathan Hettwer (bauen1) <j2468h@gmail.com>
It appears that a recent version of pandoc (or the library it uses)
changed where the lists are found in the XML or became more strict.
Move the lists to the right location in the document.
Signed-off-by: Jonathan Hettwer (bauen1) <j2468h@gmail.com>
With the addition of the anon_inode class in the kernel, 'self'
transition rules became useful, but haven't been implemented.
The typetransition, typemember, and typechange statements share the
relevant code, so this patch implements the self keyword in all of them
at the CIL level. It also adds basic coverage for the such 'self' rules
to the secilc test policy.
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
Followed the following steps:
# aosp mirror does not have the upstream tags. Manually mark the
# 3.3 release. See
# https://github.com/SELinuxProject/selinux/releases/tag/3.3
git tag 3.3 7f600c40bc
repo start update_3_3 .
git merge 3.3 --no-ff # No merge conflicts were found.
lunch && m
repo upload .
Bug: 37755687
Test: Build aosp_bramble-userdebug and manually compare the generated
/{system,vendor,product}/etc/selinux* files with their previous
versions. All are identical.
Change-Id: I6a514d7db9a752c44cc61d343f7c1a60f750f317
Update the CIL documentation for the in-statement processing and
duplicate macro and block declarations with block inheritance.
Duplicate macro and block declarations are allowed if they occur as
the result of block inheritance. Document the fact that inherited
macros are overridden by any macros already declared in a
namespace and that declaring a block in a namespace that will
inherit a block with the same name can be used to allow in-statements
to be used on the block.
The new in-statement syntax still supports the old syntax but adds
the ability to specify whether the in-statement should be resolved
before or after block inheritance is resolved.
Signed-off-by: James Carter <jwcart2@gmail.com>
When specifying -o or -f more than once, the previous allocations leak.
Found by scan-build.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
Provide the option "-Q" or "--qualified-names" to indicate that the
policy is using qualified names.
Using qualified names means that declaration names can have "dots"
in them, but blocks, blockinherits, blockabstracts, and in-statements
are not allowed in the policy.
The libsepol function cil_set_qualified_names() is called with the
desired value for the CIL db's "qualified_names" field.
Signed-off-by: James Carter <jwcart2@gmail.com>
Provide the option "-Q" or "--qualified-names" to indicate that the
policy is using qualified names.
Using qualified names means that declaration names can have "dots"
in them, but blocks, blockinherits, blockabstracts, and in-statements
are not allowed in the policy.
The libsepol function cil_set_qualified_names() is called with the
desired value for the CIL db's "qualified_names" field.
Signed-off-by: James Carter <jwcart2@gmail.com>
Provide the option "-Q" or "--qualified-names" to indicate that the
policy is using qualified names.
Using qualified names means that declaration names can have "dots"
in them, but blocks, blockinherits, blockabstracts, and in-statements
are not allowed in the policy.
The libsepol function cil_set_qualified_names() is called with the
desired value for the CIL db's "qualified_names" field.
Signed-off-by: James Carter <jwcart2@gmail.com>
CIL has rules that allow names to be assigned to certain objects
like MLS category sets, MLS levels, MLS ranges, IP addresses, and
class permission sets. These objects can also be named as parameters
for a macro. A call may pass in a name for one of these objects, but
it also may pass in one of the actual objects. These objects are
referred as anonymous arguments.
Add CIL policy that can be used to test whether or not anonymous
arguments are being handled properly in macros. Also test the
equivalent named arguments to help determine if the problem is with
that argument type or just with an anonymous argument of that type.
The anonymouse arguments that are tested are categoryset, level,
levelrange, ipaddr, and classpermission.
Signed-off-by: James Carter <jwcart2@gmail.com>
Acked-by: Nicolas Iooss <nicolas.iooss@m4x.org>
The listing of the order was in the macro section, but it belongs
in the call section.
Move the listing of the order to the call section and provide a
better explanation.
Signed-off-by: James Carter <jwcart2@gmail.com>
In the blockinherit section of the CIL documentation clearly state
the order in which inherited rules are resolved.
That order is:
1) The parent namespaces (if any) where the blockinherit rule is
located with the exception of the global namespace.
2) The parent namespaces of the block being inherited (but not that
block's namespace) with the exception of the global namespace.
3) The global namespace.
Signed-off-by: James Carter <jwcart2@gmail.com>
fread(3) returns zero if |size| is zero. This confuses secilc, and
causes it to fail with a "Failure reading file" error, even though there
is no error.
Add a shortcut that closes and skips an input file if file size is zero.
Signed-off-by: Yi-Yo Chiang <yochiang@google.com>
Change-Id: I9832c62ebf6f716235e871b5e29b0fd70c94b453
secil2tree is the SELinux CIL AST writer. It calls the cil functions
cil_write_parse_ast(), cil_write_build_ast(), or cil_write_resolve_ast()
to write out the parse tree, the CIL AST after the build phase, or the
CIL AST after the resolve phase.
Signed-off-by: James Carter <jwcart2@gmail.com>
Update the documentation for macros, booleans, booleanifs, tunables,
tunableifs, blocks, blockabstracts, blockinherits, and optionals to
tell where these statements can be used and, for those that have
blocks, what statements are not allowed in them.
Signed-off-by: James Carter <jwcart2@gmail.com>
fread(3) returns zero if |size| is zero. This confuses secilc, and
causes it to fail with a "Failure reading file" error, even though there
is no error.
Add a shortcut that closes and skips an input file if file size is zero.
Signed-off-by: Yi-Yo Chiang <yochiang@google.com>
expr "(expr (tunable_id tunable_id))" does not work but "(expr
tunable_id tunable_id)" does work
for example, this works
(tunable test1)
(tunable test2)
(tunableif (or test1 test2)
(true
(allow a b (c (d)))))
but this does not work:
(tunable test1)
(tunable test2)
(tunableif (or (test1 test2))
(true
(allow a b (c (d)))))
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
Since the default pandoc themes either don't highlight everything or
don't fit the black/white color style of the html / pdf I've created my
own.
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
This is done by creating a somewhat rudimentary KDE syntax xml for
pandoc.
The default styles provided by pandoc don't look very good and don't
highlight e.g. the strings marked as builtin.
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
Also fixes the occasional missing brackets as higlighted by my editor,
however the individual examples where not reviewed much closer.
secilc was chosen as language name because the compiler is named secilc
and outside of SELinux the name cil is less searchable and could lead to
confusion.
Signed-off-by: Jonathan Hettwer <j2468h@gmail.com>
