[0/7,v2] Add support for notself and other to CIL

Message ID	20230809204046.110783-1-jwcart2@gmail.com (mailing list archive)
Headers	show Return-Path: <selinux-owner@vger.kernel.org> From: James Carter <jwcart2@gmail.com> To: selinux@vger.kernel.org Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com, James Carter <jwcart2@gmail.com> Subject: [PATCH 0/7 v2] Add support for notself and other to CIL Date: Wed, 9 Aug 2023 16:40:39 -0400 Message-ID: <20230809204046.110783-1-jwcart2@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	Add support for notself and other to CIL \| expand [0/7,v2] Add support for notself and other to CIL [1/7,v2] libsepol: Changes to ebitmap.h to fix compiler warnings [2/7,v2] libsepol/cil: Do not call ebitmap_init twice for an ebitmap [3/7,v2] libsepol/cil: Add notself and other support to CIL [4/7,v2] libsepol: update CIL generation for trivial not-self rules [5/7,v2] libsepol: Use ERR() instead of log_err() [6/7,v2] secilc/docs: Add notself and other keywords to CIL documentation [7/7,v2] secilc/test: Add notself and other tests

Message ID

20230809204046.110783-1-jwcart2@gmail.com (mailing list archive)

Headers

From: James Carter <jwcart2@gmail.com>
To: selinux@vger.kernel.org
Cc: dburgener@linux.microsoft.com, cgzones@googlemail.com,
        James Carter <jwcart2@gmail.com>
Subject: [PATCH 0/7 v2] Add support for notself and other to CIL
Date: Wed,  9 Aug 2023 16:40:39 -0400
Message-ID: <20230809204046.110783-1-jwcart2@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

Add support for notself and other to CIL | expand

Message

James Carter Aug. 9, 2023, 8:40 p.m. UTC

This patch set adds support for using notself and other in AV rules.
See patch 3 for more details.

Patches 1-4, 6-7 are the same as the patches from April 12th, see:
https://lore.kernel.org/selinux/20230412210406.522892-1-jwcart2@gmail.com/

Patch 5 updates Christian's patch to use ERR() instead of log_err(), see:
https://lore.kernel.org/selinux/20230602130608.24586-4-cgzones@googlemail.com/

Nothing else has changed.

Christian Göttsche (1):
  libsepol: update CIL generation for trivial not-self rules

James Carter (6):
  libsepol: Changes to ebitmap.h to fix compiler warnings
  libsepol/cil: Do not call ebitmap_init twice for an ebitmap
  libsepol/cil: Add notself and other support to CIL
  libsepol: Use ERR() instead of log_err()
  secilc/docs: Add notself and other keywords to CIL documentation
  secilc/test: Add notself and other tests

 libsepol/cil/src/cil.c                    |  12 ++
 libsepol/cil/src/cil_binary.c             |  91 +++++++-
 libsepol/cil/src/cil_build_ast.c          |  10 +-
 libsepol/cil/src/cil_find.c               | 246 ++++++++++++++++++----
 libsepol/cil/src/cil_internal.h           |   4 +
 libsepol/cil/src/cil_resolve_ast.c        |   4 +
 libsepol/cil/src/cil_verify.c             |   3 +-
 libsepol/include/sepol/policydb/ebitmap.h |   4 +-
 libsepol/src/module_to_cil.c              |  30 ++-
 secilc/docs/README.md                     |   1 -
 secilc/docs/cil_access_vector_rules.md    | 244 +++------------------
 secilc/docs/cil_reference_guide.md        |   9 -
 secilc/docs/secil.xml                     |   2 +
 secilc/test/notself_and_other.cil         |  65 ++++++
 14 files changed, 444 insertions(+), 281 deletions(-)
 create mode 100644 secilc/test/notself_and_other.cil