[0/6] Add support for notself and other to CIL

Message

James Carter April 12, 2023, 9:04 p.m. UTC

This patch set adds support for using notself and other in AV rules.
See patch 3 for more details.

Patches 1 and 2 are new patches related to ebitmaps.

Patch 3 is a modified version of the patch sent to the list on March 1st.
The recent changes are just removing some ebitmap_init() and ebitmap_destroy()
calls that are not needed with patch 2.

Patch 4 is Christian's patch unmodified.

Patch 5 is a new patch that updates the CIL documentation

Patch 6 is a new patch that adds a simple policy that can be used to test secilc.

Christian Göttsche (1):
  libsepol: update CIL generation for trivial not-self rules

James Carter (5):
  libsepol: Changes to ebitmap.h to fix compiler warnings
  libsepol/cil: Do not call ebitmap_init twice for an ebitmap
  libsepol/cil: Add notself and other support to CIL
  secilc/docs: Add notself and other keywords to CIL documentation
  secilc/test: Add notself and other tests

 libsepol/cil/src/cil.c                    |  12 ++
 libsepol/cil/src/cil_binary.c             |  91 +++++++-
 libsepol/cil/src/cil_build_ast.c          |  10 +-
 libsepol/cil/src/cil_find.c               | 246 ++++++++++++++++++----
 libsepol/cil/src/cil_internal.h           |   4 +
 libsepol/cil/src/cil_resolve_ast.c        |   4 +
 libsepol/cil/src/cil_verify.c             |   3 +-
 libsepol/include/sepol/policydb/ebitmap.h |   4 +-
 libsepol/src/module_to_cil.c              |  30 ++-
 secilc/docs/README.md                     |   1 -
 secilc/docs/cil_access_vector_rules.md    | 244 +++------------------
 secilc/docs/cil_reference_guide.md        |   9 -
 secilc/docs/secil.xml                     |   2 +
 secilc/test/notself_and_other.cil         |  65 ++++++
 14 files changed, 444 insertions(+), 281 deletions(-)
 create mode 100644 secilc/test/notself_and_other.cil