mbox series

[0/5,v2] Fix/add optional file type handling for genfscon rules

Message ID 20211110144727.1467744-1-jwcart2@gmail.com (mailing list archive)
Headers show
Series Fix/add optional file type handling for genfscon rules | expand

Message

James Carter Nov. 10, 2021, 2:47 p.m. UTC 
genfscon rules have always supported an optional file type, but when
the ability for writing a policy.conf file from a kernel policy was
added to libsepol it did not include that support. Support for the
optional file type was also left out of CIL genfscon rules.

This patch set fixes these problems.

Patch 1 adds support for writing the optional file type in genfscon rules
when writing a policy.conf file from a kernel policy.

Patches 2-5 adds support in CIL for handling an optional file type
in genfscon rules, updates the CIL documentation, and adds support
when writing out CIL from a kernel policy or module as well. 

James Carter (5):
  libsepol: Add support for file types in writing out policy.conf
  libsepol/cil: Refactor filecon file type handling
  libsepol/cil: Allow optional file type in genfscon rules
  secilc/docs: Document the optional file type for genfscon rules
  libsepol: Write out genfscon file type when writing out CIL policy

 libsepol/cil/src/cil.c                      |  6 ++-
 libsepol/cil/src/cil_binary.c               | 37 +++++++++++++
 libsepol/cil/src/cil_build_ast.c            | 49 +++++++++++++++---
 libsepol/cil/src/cil_internal.h             |  5 +-
 libsepol/cil/src/cil_write_ast.c            | 57 +++++++++++++++++----
 libsepol/src/kernel_to_cil.c                | 35 ++++++++++++-
 libsepol/src/kernel_to_conf.c               | 35 ++++++++++++-
 libsepol/src/module_to_cil.c                | 27 +++++++++-
 secilc/docs/cil_file_labeling_statements.md | 10 +++-
 9 files changed, 234 insertions(+), 27 deletions(-)