checkseapp, seapp_contexts: drop sebool= support.
SELinux policy booleans are prohibited in AOSP, so we can drop the support for the sebool= input selector. Change-Id: I5ae31247b2f68d90f6ae4c8830458f22c4ffc854 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
534fb0711d
commit
884ee2a61c
2 changed files with 0 additions and 33 deletions
|
@ -5,7 +5,6 @@
|
||||||
# seinfo (string)
|
# seinfo (string)
|
||||||
# name (string)
|
# name (string)
|
||||||
# path (string)
|
# path (string)
|
||||||
# sebool (string)
|
|
||||||
# isSystemServer=true can only be used once.
|
# isSystemServer=true can only be used once.
|
||||||
# An unspecified isSystemServer defaults to false.
|
# An unspecified isSystemServer defaults to false.
|
||||||
# isOwner=true will only match for the owner/primary user.
|
# isOwner=true will only match for the owner/primary user.
|
||||||
|
@ -27,7 +26,6 @@
|
||||||
# (6) Specified seinfo= string before unspecified seinfo= string.
|
# (6) Specified seinfo= string before unspecified seinfo= string.
|
||||||
# (7) Specified name= string before unspecified name= string.
|
# (7) Specified name= string before unspecified name= string.
|
||||||
# (8) Specified path= string before unspecified path= string.
|
# (8) Specified path= string before unspecified path= string.
|
||||||
# (9) Specified sebool= string before unspecified sebool= string.
|
|
||||||
#
|
#
|
||||||
# Outputs:
|
# Outputs:
|
||||||
# domain (string)
|
# domain (string)
|
||||||
|
|
|
@ -165,7 +165,6 @@ key_map rules[] = {
|
||||||
{ .name = "seinfo", .type = dt_string, .dir = dir_in, .data = NULL },
|
{ .name = "seinfo", .type = dt_string, .dir = dir_in, .data = NULL },
|
||||||
{ .name = "name", .type = dt_string, .dir = dir_in, .data = NULL },
|
{ .name = "name", .type = dt_string, .dir = dir_in, .data = NULL },
|
||||||
{ .name = "path", .type = dt_string, .dir = dir_in, .data = NULL },
|
{ .name = "path", .type = dt_string, .dir = dir_in, .data = NULL },
|
||||||
{ .name = "sebool", .type = dt_string, .dir = dir_in, .data = NULL },
|
|
||||||
/*Outputs*/
|
/*Outputs*/
|
||||||
{ .name = "domain", .type = dt_string, .dir = dir_out, .data = NULL },
|
{ .name = "domain", .type = dt_string, .dir = dir_out, .data = NULL },
|
||||||
{ .name = "type", .type = dt_string, .dir = dir_out, .data = NULL },
|
{ .name = "type", .type = dt_string, .dir = dir_out, .data = NULL },
|
||||||
|
@ -248,11 +247,9 @@ static int key_map_validate(key_map *m, int lineno) {
|
||||||
|
|
||||||
int rc = 1;
|
int rc = 1;
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
int resp;
|
|
||||||
char *key = m->name;
|
char *key = m->name;
|
||||||
char *value = m->data;
|
char *value = m->data;
|
||||||
data_type type = m->type;
|
data_type type = m->type;
|
||||||
sepol_bool_key_t *se_key;
|
|
||||||
|
|
||||||
log_info("Validating %s=%s\n", key, value);
|
log_info("Validating %s=%s\n", key, value);
|
||||||
|
|
||||||
|
@ -284,34 +281,6 @@ static int key_map_validate(key_map *m, int lineno) {
|
||||||
if (!pol.policy_file) {
|
if (!pol.policy_file) {
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
else if (!strcasecmp(key, "sebool")) {
|
|
||||||
|
|
||||||
ret = sepol_bool_key_create(pol.handle, value, &se_key);
|
|
||||||
if (ret < 0) {
|
|
||||||
log_error("Could not create selinux boolean key, error: %s\n",
|
|
||||||
strerror(errno));
|
|
||||||
rc = 0;
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
ret = sepol_bool_exists(pol.handle, pol.db, se_key, &resp);
|
|
||||||
if (ret < 0) {
|
|
||||||
log_error("Could not check selinux boolean, error: %s\n",
|
|
||||||
strerror(errno));
|
|
||||||
rc = 0;
|
|
||||||
sepol_bool_key_free(se_key);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(!resp) {
|
|
||||||
log_error("Could not find selinux boolean \"%s\" on line: %d in file: %s\n",
|
|
||||||
value, lineno, out_file_name);
|
|
||||||
rc = 0;
|
|
||||||
sepol_bool_key_free(se_key);
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
sepol_bool_key_free(se_key);
|
|
||||||
}
|
|
||||||
else if (!strcasecmp(key, "type") || !strcasecmp(key, "domain")) {
|
else if (!strcasecmp(key, "type") || !strcasecmp(key, "domain")) {
|
||||||
|
|
||||||
if(!check_type(pol.db, value)) {
|
if(!check_type(pol.db, value)) {
|
||||||
|
|
Loading…
Reference in a new issue