checkseapp, seapp_contexts: drop sebool= support.

SELinux policy booleans are prohibited in AOSP, so we can drop the
support for the sebool= input selector.

Change-Id: I5ae31247b2f68d90f6ae4c8830458f22c4ffc854
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2015-02-13 15:56:19 -05:00 committed by Nick Kralevich
parent 534fb0711d
commit 884ee2a61c
2 changed files with 0 additions and 33 deletions

View file

@ -5,7 +5,6 @@
# seinfo (string) # seinfo (string)
# name (string) # name (string)
# path (string) # path (string)
# sebool (string)
# isSystemServer=true can only be used once. # isSystemServer=true can only be used once.
# An unspecified isSystemServer defaults to false. # An unspecified isSystemServer defaults to false.
# isOwner=true will only match for the owner/primary user. # isOwner=true will only match for the owner/primary user.
@ -27,7 +26,6 @@
# (6) Specified seinfo= string before unspecified seinfo= string. # (6) Specified seinfo= string before unspecified seinfo= string.
# (7) Specified name= string before unspecified name= string. # (7) Specified name= string before unspecified name= string.
# (8) Specified path= string before unspecified path= string. # (8) Specified path= string before unspecified path= string.
# (9) Specified sebool= string before unspecified sebool= string.
# #
# Outputs: # Outputs:
# domain (string) # domain (string)

View file

@ -165,7 +165,6 @@ key_map rules[] = {
{ .name = "seinfo", .type = dt_string, .dir = dir_in, .data = NULL }, { .name = "seinfo", .type = dt_string, .dir = dir_in, .data = NULL },
{ .name = "name", .type = dt_string, .dir = dir_in, .data = NULL }, { .name = "name", .type = dt_string, .dir = dir_in, .data = NULL },
{ .name = "path", .type = dt_string, .dir = dir_in, .data = NULL }, { .name = "path", .type = dt_string, .dir = dir_in, .data = NULL },
{ .name = "sebool", .type = dt_string, .dir = dir_in, .data = NULL },
/*Outputs*/ /*Outputs*/
{ .name = "domain", .type = dt_string, .dir = dir_out, .data = NULL }, { .name = "domain", .type = dt_string, .dir = dir_out, .data = NULL },
{ .name = "type", .type = dt_string, .dir = dir_out, .data = NULL }, { .name = "type", .type = dt_string, .dir = dir_out, .data = NULL },
@ -248,11 +247,9 @@ static int key_map_validate(key_map *m, int lineno) {
int rc = 1; int rc = 1;
int ret = 1; int ret = 1;
int resp;
char *key = m->name; char *key = m->name;
char *value = m->data; char *value = m->data;
data_type type = m->type; data_type type = m->type;
sepol_bool_key_t *se_key;
log_info("Validating %s=%s\n", key, value); log_info("Validating %s=%s\n", key, value);
@ -284,34 +281,6 @@ static int key_map_validate(key_map *m, int lineno) {
if (!pol.policy_file) { if (!pol.policy_file) {
goto out; goto out;
} }
else if (!strcasecmp(key, "sebool")) {
ret = sepol_bool_key_create(pol.handle, value, &se_key);
if (ret < 0) {
log_error("Could not create selinux boolean key, error: %s\n",
strerror(errno));
rc = 0;
goto out;
}
ret = sepol_bool_exists(pol.handle, pol.db, se_key, &resp);
if (ret < 0) {
log_error("Could not check selinux boolean, error: %s\n",
strerror(errno));
rc = 0;
sepol_bool_key_free(se_key);
goto out;
}
if(!resp) {
log_error("Could not find selinux boolean \"%s\" on line: %d in file: %s\n",
value, lineno, out_file_name);
rc = 0;
sepol_bool_key_free(se_key);
goto out;
}
sepol_bool_key_free(se_key);
}
else if (!strcasecmp(key, "type") || !strcasecmp(key, "domain")) { else if (!strcasecmp(key, "type") || !strcasecmp(key, "domain")) {
if(!check_type(pol.db, value)) { if(!check_type(pol.db, value)) {