Changeset 292

Timestamp:

07/11/07 14:45:49 (1 year ago)

Author:

mgoldman

Message:

upstream updated 2007-07-11

Files:

• upstream/selinux/checkpolicy/ChangeLog (modified) (1 diff)
• upstream/selinux/checkpolicy/Makefile (modified) (1 diff)
• upstream/selinux/checkpolicy/VERSION (modified) (1 diff)
• upstream/selinux/checkpolicy/checkmodule.8 (modified) (1 diff)
• upstream/selinux/checkpolicy/checkpolicy.8 (modified) (1 diff)
• upstream/selinux/checkpolicy/module_compiler.c (modified) (2 diffs)
• upstream/selinux/libselinux/ChangeLog (modified) (1 diff)
• upstream/selinux/libselinux/Makefile (modified) (1 diff)
• upstream/selinux/libselinux/VERSION (modified) (1 diff)
• upstream/selinux/libselinux/include/Makefile (modified) (1 diff)
• upstream/selinux/libselinux/include/selinux/avc.h (modified) (20 diffs)
• upstream/selinux/libselinux/include/selinux/label.h (added)
• upstream/selinux/libselinux/include/selinux/selinux.h (modified) (20 diffs)
• upstream/selinux/libselinux/man/Makefile (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/avc_add_callback.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/avc_cache_stats.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/avc_compute_create.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/avc_context_to_sid.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/avc_has_perm.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/avc_init.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/freecon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/get_ordered_context_list.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/getcon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/getexeccon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/getfilecon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/getfscreatecon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/getseuserbyname.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/is_selinux_enabled.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/matchmediacon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/matchpathcon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/security_check_context.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/security_class_to_string.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/security_compute_av.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/security_getenforce.3 (modified) (2 diffs)
• upstream/selinux/libselinux/man/man3/security_load_policy.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/security_policyvers.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/selabel_close.3 (added)
• upstream/selinux/libselinux/man/man3/selabel_lookup.3 (added)
• upstream/selinux/libselinux/man/man3/selabel_open.3 (added)
• upstream/selinux/libselinux/man/man3/selabel_stats.3 (added)
• upstream/selinux/libselinux/man/man3/selinux_check_securetty_context.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/selinux_getenforcemode.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/selinux_policy_root.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man3/selinux_set_callback.3 (added)
• upstream/selinux/libselinux/man/man3/setfilecon.3 (modified) (1 diff)
• upstream/selinux/libselinux/man/man5 (added)
• upstream/selinux/libselinux/man/man5/selabel_file.5 (added)
• upstream/selinux/libselinux/man/man5/selabel_media.5 (added)
• upstream/selinux/libselinux/man/man5/selabel_x.5 (added)
• upstream/selinux/libselinux/man/man8/matchpathcon.8 (modified) (1 diff)
• upstream/selinux/libselinux/src/Makefile (modified) (4 diffs)
• upstream/selinux/libselinux/src/avc.c (modified) (8 diffs)
• upstream/selinux/libselinux/src/avc_internal.c (modified) (2 diffs)
• upstream/selinux/libselinux/src/avc_internal.h (modified) (1 diff)
• upstream/selinux/libselinux/src/callbacks.c (added)
• upstream/selinux/libselinux/src/callbacks.h (added)
• upstream/selinux/libselinux/src/checkAccess.c (modified) (1 diff)
• upstream/selinux/libselinux/src/compute_av.c (modified) (3 diffs)
• upstream/selinux/libselinux/src/compute_create.c (modified) (2 diffs)
• upstream/selinux/libselinux/src/compute_member.c (modified) (2 diffs)
• upstream/selinux/libselinux/src/compute_relabel.c (modified) (2 diffs)
• upstream/selinux/libselinux/src/fgetfilecon.c (modified) (1 diff)
• upstream/selinux/libselinux/src/fsetfilecon.c (modified) (1 diff)
• upstream/selinux/libselinux/src/getfilecon.c (modified) (1 diff)
• upstream/selinux/libselinux/src/init.c (modified) (5 diffs)
• upstream/selinux/libselinux/src/label.c (added)
• upstream/selinux/libselinux/src/label_file.c (added)
• upstream/selinux/libselinux/src/label_internal.h (added)
• upstream/selinux/libselinux/src/label_media.c (added)
• upstream/selinux/libselinux/src/label_x.c (added)
• upstream/selinux/libselinux/src/lgetfilecon.c (modified) (1 diff)
• upstream/selinux/libselinux/src/load_policy.c (modified) (9 diffs)
• upstream/selinux/libselinux/src/mapping.c (added)
• upstream/selinux/libselinux/src/mapping.h (added)
• upstream/selinux/libselinux/src/matchpathcon.c (modified) (14 diffs)
• upstream/selinux/libselinux/src/policy.h (modified) (1 diff)
• upstream/selinux/libselinux/src/policyvers.c (modified) (1 diff)
• upstream/selinux/libselinux/src/selinux.py (modified) (4 diffs)
• upstream/selinux/libselinux/src/selinuxswig.i (modified) (2 diffs)
• upstream/selinux/libselinux/src/selinuxswig_python.i (added)
• upstream/selinux/libselinux/src/selinuxswig_wrap.c (modified) (45 diffs)
• upstream/selinux/libselinux/src/setrans_client.c (modified) (3 diffs)
• upstream/selinux/libselinux/src/stringrep.c (added)
• upstream/selinux/libselinux/utils/Makefile (modified) (2 diffs)
• upstream/selinux/libsemanage/ChangeLog (modified) (1 diff)
• upstream/selinux/libsemanage/VERSION (modified) (1 diff)
• upstream/selinux/libsemanage/include/Makefile (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_bool.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_bool_set_active.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_count.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_del.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_exists.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_fcontext.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_iface.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_iterate.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_list.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_modify.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_node.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_port.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_query.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_seuser.3 (modified) (1 diff)
• upstream/selinux/libsemanage/man/man3/semanage_user.3 (modified) (1 diff)
• upstream/selinux/libsemanage/src/Makefile (modified) (1 diff)
• upstream/selinux/libsemanage/src/booleans_activedb.c (modified) (2 diffs)
• upstream/selinux/libsemanage/src/direct_api.c (modified) (1 diff)
• upstream/selinux/libsepol/ChangeLog (modified) (1 diff)
• upstream/selinux/libsepol/VERSION (modified) (1 diff)
• upstream/selinux/libsepol/include/Makefile (modified) (1 diff)
• upstream/selinux/libsepol/man/man3/sepol_check_context.3 (modified) (1 diff)
• upstream/selinux/libsepol/src/Makefile (modified) (1 diff)
• upstream/selinux/libsepol/src/context.c (modified) (1 diff)
• upstream/selinux/libsepol/src/context_record.c (modified) (2 diffs)
• upstream/selinux/libsepol/src/sidtab.c (modified) (1 diff)
• upstream/selinux/libsepol/utils/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/ChangeLog (modified) (1 diff)
• upstream/selinux/policycoreutils/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/VERSION (modified) (1 diff)
• upstream/selinux/policycoreutils/audit2why/Makefile (modified) (3 diffs)
• upstream/selinux/policycoreutils/load_policy/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/load_policy/load_policy.8 (modified) (1 diff)
• upstream/selinux/policycoreutils/load_policy/load_policy.c (modified) (4 diffs)
• upstream/selinux/policycoreutils/newrole/Makefile (modified) (3 diffs)
• upstream/selinux/policycoreutils/newrole/hashtab.c (added)
• upstream/selinux/policycoreutils/newrole/hashtab.h (added)
• upstream/selinux/policycoreutils/newrole/newrole.1 (modified) (3 diffs)
• upstream/selinux/policycoreutils/newrole/newrole.c (modified) (7 diffs)
• upstream/selinux/policycoreutils/restorecond/Makefile (modified) (2 diffs)
• upstream/selinux/policycoreutils/restorecond/restorecond.init (modified) (1 diff)
• upstream/selinux/policycoreutils/run_init/Makefile (modified) (2 diffs)
• upstream/selinux/policycoreutils/scripts/chcat (modified) (2 diffs)
• upstream/selinux/policycoreutils/scripts/fixfiles (modified) (1 diff)
• upstream/selinux/policycoreutils/scripts/genhomedircon (modified) (9 diffs)
• upstream/selinux/policycoreutils/secon/Makefile (modified) (2 diffs)
• upstream/selinux/policycoreutils/semanage/semanage (modified) (1 diff)
• upstream/selinux/policycoreutils/semodule/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/semodule_deps/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/semodule_expand/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/semodule_link/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/semodule_package/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/sestatus/Makefile (modified) (2 diffs)
• upstream/selinux/policycoreutils/setfiles/Makefile (modified) (2 diffs)
• upstream/selinux/policycoreutils/setfiles/restorecon.8 (added)
• upstream/selinux/policycoreutils/setfiles/setfiles.c (modified) (23 diffs)
• upstream/selinux/policycoreutils/setsebool/Makefile (modified) (1 diff)
• upstream/selinux/policycoreutils/setsebool/setsebool.c (modified) (6 diffs)
• upstream/selinux/scripts (added)
• upstream/selinux/scripts/Lindent (added)
• upstream/selinux/scripts/selinux-maint (added)

upstream/selinux/checkpolicy/ChangeLog

@@ +1 @@
+2.0.3 2007-05-31
+        * Merged fix for segfault on duplicate require of sensitivity from Caleb Case.
+        * Merged fix for dead URLs in checkpolicy man pages from Dan Walsh.
+
-2.0.2 2007-04-12
-        * Merged checkmodule man page fix from Dan Walsh.

upstream/selinux/checkpolicy/Makefile

@@ -59 +59 @@
-
-indent:
-
+scripts/

upstream/selinux/checkpolicy/VERSION

@@ -1 @@
-2
+3

upstream/selinux/checkpolicy/checkmodule.8

@@ -48 +48 @@
-.SH "SEE ALSO"
-.B semodule(8), semodule_package(8)
-/docs.html
+
-especially "Configuring the SELinux Policy".
-

upstream/selinux/checkpolicy/checkpolicy.8

@@ -35 +35 @@
-
-.SH "SEE ALSO"
-/docs.html
+
-especially "Configuring the SELinux Policy".
-

upstream/selinux/checkpolicy/module_compiler.c

@@ -143 +143 @@
-                                                      key);
-                assert(s != NULL);
-
+
+
+
+
+
+
-        } else if (retval == -2) {
-                return -2;
@@ -497 +502 @@
-                                                      key);
-                assert(s != NULL);
-
+
+
+
+
+
+
-        } else if (retval == -2) {
-                /* ignore require statements if that symbol was

upstream/selinux/libselinux/ChangeLog

@@ +1 @@
+2.0.24 2007-09-07
+        * Fix for getfilecon() for zero-length contexts from Stephen Smalley.
+
+2.0.23 2007-06-22
+        * Refactored SWIG bindings from James Athey.
+
+2.0.22 2007-06-20
+        * Labeling and callback interface patches from Eamon Walsh.
+
+2.0.21 2007-06-11
+        * Class and permission mapping support patches from Eamon Walsh.
+
+2.0.20 2007-06-07
+        * Object class discovery support patches from Chris PeBenito.
+
+2.0.19 2007-06-05
+        * Refactoring and errno support in string representation code.
+
+2.0.18 2007-05-31
+        * Merged patch to reduce size of libselinux and remove need for libsepol for embedded systems from Yuichi Nakamura.
+          This patch also turns the link-time dependency on libsepol into a runtime (dlopen) dependency even in the non-embedded case.
+
+2.0.17 2007-05-31
+        * Updated Lindent script and reindented two header files.
+
+2.0.16 2007-05-09
+        * Merged additional swig python bindings from Dan Walsh.
+
+2.0.15 2007-04-27
+        * Merged helpful message when selinuxfs mount fails patch from Dax Kelson.
+
+2.0.14 2007-04-24
+        * Merged build fix for avc_internal.c from Joshua Brindle.
+
-2.0.13 2007-04-12
-        * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh.

upstream/selinux/libselinux/Makefile

@@ +1 @@
+DISABLE_AVC ?= n
+DISABLE_SETRANS ?= n
+DISABLE_RPM ?= n
+DISABLE_BOOL ?= n
+ifeq ($(EMBEDDED),y)
+        override DISABLE_AVC=y
+        override DISABLE_SETRANS=y
+        override DISABLE_RPM=y
+        override DISABLE_BOOL=y
+endif
+ifeq ($(DISABLE_BOOL),y)
+        EMFLAGS+= -DDISABLE_BOOL
+endif
+ifeq ($(DISABLE_SETRANS),y)
+        EMFLAGS+= -DDISABLE_SETRANS
+endif
+export DISABLE_AVC DISABLE_SETRANS DISABLE_RPM DISABLE_BOOL EMFLAGS
+
-all: 
-        $(MAKE) -C src 

upstream/selinux/libselinux/VERSION

@@ -1 @@
-13
+24

upstream/selinux/libselinux/include/Makefile

@@ -8 +8 @@
-
-indent:
-
+scripts/
-

upstream/selinux/libselinux/include/selinux/avc.h

@@ -19 +19 @@
- * SID format and operations
- */
-       
-       
-       
-       
-       
+
+
+
+
+
-
-#define SECSID_WILD (security_id_t)NULL /* unspecified SID */
@@ -38 +38 @@
- * available to make the copy, or %EINVAL if the input SID is invalid.
- */
-       
-       
+
+
-
-/**
@@ -52 +52 @@
- * returning %0 on success or -%1 on error with @errno set.  
- */
-       
-       
+
+
-
-/**
@@ -65 +65 @@
- * increments reference counts.
- */
-       
+
-
-/**
@@ -77 +77 @@
- * be called to obtain a new SID for the security context.
- */
-       
+
-
-/**
@@ -88 +88 @@
- * avc_context_to_sid() to get the corresponding SID.
- */
-       int avc_get_initial_sid(const char * 
+int avc_get_initial_sid(const char *
-
-/*
- * AVC entry
- */
-       
-       
-       
-       
+
+
+
+
-
-/**
@@ -120 +120 @@
- * If no locking callbacks are passed, no locking will take place.
- */
-       
-       
-       
-       
-       
-       
-       
-       
-
-       
-       
-       
-       
-       
-       
-       
-       
-
-       
-       
-       
-       
-       
-       
-       
-
-       
-       
-       
-       
-       
-       
-       
-       
-       
-       
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
-/*
@@ -176 +176 @@
- * structures above).
- */
-       
-       
-       
-       
-       
+
+
+
+
+
-
-/**
@@ -190 +190 @@
- * to return memory to the system.
- */
-       
+
-
-/**
@@ -200 +200 @@
- * -%1 with @errno set on error.
- */
-       
+
-
-/**
@@ -211 +211 @@
- * User must call avc_init() if further use of AVC is desired.
- */
-       
+
-
-/**
@@ -234 +234 @@
- * should be released for the auditing.
- */
-
-
-
-
-
-
+
+
+
+
+
-
-/**
@@ -259 +258 @@
- * are denied or to another value upon other errors.
- */
-       
-       
-       
+
+
+
-
-/**
@@ -282 +281 @@
- * before calling the auditing code.
- */
-       
-       
-       
+
+
+
-
-/**
@@ -300 +299 @@
- * error with @errno set.  
- */
-
-
-
-
+
+
+
-
-/* 
@@ -334 +332 @@
- * -%1 if insufficient memory exists to add the callback.
- */
-       
-       
-       
-       
-       
-       
-       
-       
+
+
+
+
+
+
+
+
-
-/*
@@ -352 +350 @@
-#define AVC_CACHE_STATS     1
-
-       
-       
-       
-       
-       
-       
-       
-       
-       
-       
+
+
+
+
+
+
+
+
+
+
-
-/**
@@ -372 +370 @@
- * details.
- */
-       
+
-
-/**
@@ -381 +379 @@
- * callback is used to print the message.
- */
-       
+
-
-/**
@@ -390 +388 @@
- * is used to print the message.
- */
-       
+
-
-#ifdef __cplusplus

upstream/selinux/libselinux/include/selinux/selinux.h

@@ -10 +10 @@
-
-/* Return 1 if we are running on a SELinux kernel, or 0 if not or -1 if we get an error. */
-       
+
-/* Return 1 if we are running on a SELinux MLS kernel, or 0 otherwise. */
-       
-
-       
+
+
+
-
-/* Free the memory allocated for a context by any of the below get* calls. */
-       
+
-
-/* Free the memory allocated for a context array by security_compute_user. */
-       
+
-
-/* Wrappers for the /proc/pid/attr API. */
@@ -26 +26 @@
-/* Get current context, and set *con to refer to it.
-   Caller must free via freecon. */
-       
-       
+
+
-
-/* Set the current security context to con.  
@@ -37 +37 @@
-   as a result of a setcon() unless policy allows it to use descriptors opened
-   by the old context. */
-       
-       
+
+
-
-/* Get context of process identified by pid, and 
-   set *con to refer to it.  Caller must free via freecon. */
-       
-       
+
+
-
-/* Get previous context (prior to last exec), and set *con to refer to it.
-   Caller must free via freecon. */
-       
-       
+
+
-
-/* Get exec context, and set *con to refer to it.
-   Sets *con to NULL if no exec context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-       
-       
+
+
-
-/* Set exec security context for the next execve. 
-   Call with NULL if you want to reset to the default. */
-       
-       
+
+
-
-/* Get fscreate context, and set *con to refer to it.
-   Sets *con to NULL if no fs create context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-       
-       
+
+
-
-/* Set the fscreate security context for subsequent file creations.
-   Call with NULL if you want to reset to the default. */
-       
-       
+
+
-
-/* Get keycreate context, and set *con to refer to it.
-   Sets *con to NULL if no key create context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-       
-       
+
+
-
-/* Set the keycreate security context for subsequent key creations.
-   Call with NULL if you want to reset to the default. */
-       
-       
+
+
-
-/* Get sockcreate context, and set *con to refer to it.
-   Sets *con to NULL if no socket create context has been set, i.e. using default.
-   If non-NULL, caller must free via freecon. */
-