Navigation

← Previous Changeset
Next Changeset →

Changeset 335

Timestamp:

09/24/07 12:30:39 (1 year ago)

Author:

mgoldman

Message:

Rebased to revision 2585

Files:

upstream/selinux/checkpolicy/ChangeLog (modified) (1 diff)
upstream/selinux/checkpolicy/VERSION (modified) (1 diff)
upstream/selinux/checkpolicy/checkmodule.c (modified) (8 diffs)
upstream/selinux/checkpolicy/checkpolicy.c (modified) (5 diffs)
upstream/selinux/checkpolicy/policy_parse.y (modified) (1 diff)
upstream/selinux/checkpolicy/test/dismod.c (modified) (3 diffs)
upstream/selinux/checkpolicy/test/dispol.c (modified) (3 diffs)
upstream/selinux/libselinux/ChangeLog (modified) (1 diff)
upstream/selinux/libselinux/Makefile (modified) (2 diffs)
upstream/selinux/libselinux/VERSION (modified) (1 diff)
upstream/selinux/libselinux/include/selinux/av_permissions.h (modified) (4 diffs)
upstream/selinux/libselinux/include/selinux/flask.h (modified) (1 diff)
upstream/selinux/libselinux/include/selinux/selinux.h (modified) (1 diff)
upstream/selinux/libselinux/man/man3/avc_add_callback.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/avc_cache_stats.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/avc_compute_create.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/avc_context_to_sid.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/avc_has_perm.3 (modified) (4 diffs)
upstream/selinux/libselinux/man/man3/avc_init.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/context_new.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/freecon.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/get_ordered_context_list.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/getcon.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/getexeccon.3 (modified) (3 diffs)
upstream/selinux/libselinux/man/man3/getfilecon.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/getfscreatecon.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/getseuserbyname.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/is_context_customizable.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/matchmediacon.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/matchpathcon.3 (modified) (7 diffs)
upstream/selinux/libselinux/man/man3/security_class_to_string.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/security_compute_av.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/security_getenforce.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/security_load_booleans.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/selabel_lookup.3 (modified) (3 diffs)
upstream/selinux/libselinux/man/man3/selabel_open.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/selabel_stats.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/selinux_binary_policy_path.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/selinux_getenforcemode.3 (modified) (2 diffs)
upstream/selinux/libselinux/man/man3/selinux_policy_root.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/selinux_set_callback.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man3/setfilecon.3 (modified) (1 diff)
upstream/selinux/libselinux/man/man5/selabel_file.5 (modified) (2 diffs)
upstream/selinux/libselinux/man/man5/selabel_media.5 (modified) (2 diffs)
upstream/selinux/libselinux/man/man5/selabel_x.5 (modified) (2 diffs)
upstream/selinux/libselinux/man/man8/matchpathcon.8 (modified) (1 diff)
upstream/selinux/libselinux/man/man8/selinux.8 (modified) (2 diffs)
upstream/selinux/libselinux/src/Makefile (modified) (2 diffs)
upstream/selinux/libselinux/src/avc_internal.c (modified) (1 diff)
upstream/selinux/libselinux/src/fgetfilecon.c (modified) (1 diff)
upstream/selinux/libselinux/src/file_path_suffixes.h (modified) (1 diff)
upstream/selinux/libselinux/src/getfilecon.c (modified) (1 diff)
upstream/selinux/libselinux/src/label_internal.h (modified) (1 diff)
upstream/selinux/libselinux/src/label_x.c (modified) (1 diff)
upstream/selinux/libselinux/src/lgetfilecon.c (modified) (1 diff)
upstream/selinux/libselinux/src/mapping.h (modified) (1 diff)
upstream/selinux/libselinux/src/matchpathcon.c (modified) (2 diffs)
upstream/selinux/libselinux/src/selinux.py (modified) (1 diff)
upstream/selinux/libselinux/src/selinux_config.c (modified) (2 diffs)
upstream/selinux/libselinux/src/selinux_internal.h (modified) (1 diff)
upstream/selinux/libselinux/src/selinuxswig_python.i (modified) (1 diff)
upstream/selinux/libselinux/src/selinuxswig_wrap.c (modified) (4 diffs)
upstream/selinux/libselinux/src/stringrep.c (modified) (4 diffs)
upstream/selinux/libsemanage/ChangeLog (modified) (1 diff)
upstream/selinux/libsemanage/VERSION (modified) (1 diff)
upstream/selinux/libsemanage/include/semanage/handle.h (modified) (1 diff)
upstream/selinux/libsemanage/src/Makefile (modified) (2 diffs)
upstream/selinux/libsemanage/src/conf-parse.y (modified) (6 diffs)
upstream/selinux/libsemanage/src/conf-scan.l (modified) (1 diff)
upstream/selinux/libsemanage/src/debug.c (modified) (3 diffs)
upstream/selinux/libsemanage/src/direct_api.c (modified) (2 diffs)
upstream/selinux/libsemanage/src/handle.c (modified) (1 diff)
upstream/selinux/libsemanage/src/libsemanage.map (modified) (1 diff)
upstream/selinux/libsemanage/src/semanage.py (modified) (3 diffs)
upstream/selinux/libsemanage/src/semanage_conf.h (modified) (1 diff)
upstream/selinux/libsemanage/src/semanage_store.c (modified) (28 diffs)
upstream/selinux/libsemanage/src/semanage_store.h (modified) (1 diff)
upstream/selinux/libsemanage/src/semanageswig_wrap.c (modified) (73 diffs)
upstream/selinux/libsemanage/tests/Makefile (modified) (1 diff)
upstream/selinux/libsemanage/tests/libsemanage-tests.c (modified) (2 diffs)
upstream/selinux/libsepol/ChangeLog (modified) (1 diff)
upstream/selinux/libsepol/VERSION (modified) (1 diff)
upstream/selinux/libsepol/include/sepol/handle.h (modified) (1 diff)
upstream/selinux/libsepol/include/sepol/policydb/policydb.h (modified) (2 diffs)
upstream/selinux/libsepol/src/Makefile (modified) (1 diff)
upstream/selinux/libsepol/src/avtab.c (modified) (8 diffs)
upstream/selinux/libsepol/src/conditional.c (modified) (9 diffs)
upstream/selinux/libsepol/src/context_record.c (modified) (1 diff)
upstream/selinux/libsepol/src/ebitmap.c (modified) (5 diffs)
upstream/selinux/libsepol/src/expand.c (modified) (2 diffs)
upstream/selinux/libsepol/src/handle.c (modified) (2 diffs)
upstream/selinux/libsepol/src/handle.h (modified) (1 diff)
upstream/selinux/libsepol/src/libsepol.map (modified) (1 diff)
upstream/selinux/libsepol/src/module.c (modified) (18 diffs)
upstream/selinux/libsepol/src/policydb.c (modified) (82 diffs)
upstream/selinux/libsepol/src/private.h (modified) (3 diffs)
upstream/selinux/libsepol/src/services.c (modified) (1 diff)
upstream/selinux/libsepol/src/write.c (modified) (1 diff)
upstream/selinux/policycoreutils/ChangeLog (modified) (1 diff)
upstream/selinux/policycoreutils/VERSION (modified) (1 diff)
upstream/selinux/policycoreutils/newrole/Makefile (modified) (1 diff)
upstream/selinux/policycoreutils/restorecon (deleted)
upstream/selinux/policycoreutils/run_init/Makefile (modified) (1 diff)
upstream/selinux/policycoreutils/scripts/Makefile (modified) (1 diff)
upstream/selinux/policycoreutils/scripts/chcat (modified) (2 diffs)
upstream/selinux/policycoreutils/scripts/fixfiles (modified) (2 diffs)
upstream/selinux/policycoreutils/scripts/genhomedircon (deleted)
upstream/selinux/policycoreutils/scripts/genhomedircon.8 (deleted)
upstream/selinux/policycoreutils/semanage/semanage (modified) (1 diff)
upstream/selinux/policycoreutils/semodule/semodule.c (modified) (8 diffs)
upstream/selinux/policycoreutils/setfiles/setfiles.c (modified) (1 diff)
upstream/selinux/sepolgen/ChangeLog (modified) (1 diff)
upstream/selinux/sepolgen/VERSION (modified) (1 diff)
upstream/selinux/sepolgen/src/sepolgen/audit.py (modified) (2 diffs)
upstream/selinux/sepolgen/src/sepolgen/refparser.py (modified) (34 diffs)
upstream/selinux/sepolgen/src/sepolgen/refpolicy.py (modified) (19 diffs)
upstream/selinux/sepolgen/tests/test_audit.py (modified) (3 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

upstream/selinux/checkpolicy/ChangeLog

r292	r335
	1	2.0.4 2007-09-18
	2	* Merged handle unknown policydb flag support from Eric Paris.
	3	Adds new command line options -U {allow, reject, deny} for selecting
	4	the flag when a base module or kernel policy is built.
	5
1	6	2.0.3 2007-05-31
2	7	* Merged fix for segfault on duplicate require of sensitivity from Caleb Case.

upstream/selinux/checkpolicy/VERSION

r292 r335

1 2.0.3
1 2.0.4

upstream/selinux/checkpolicy/checkmodule.c

r10	r335
40	40
41	41	extern int mlspol;
	42	extern int handle_unknown;
42	43
43	44	static char *txtfile = "policy.conf";
…	…
122	123	p->policy_type = policy_type;
123	124	p->policyvers = policyvers;
	125	p->handle_unknown = handle_unknown;
124	126
125	127	pf.type = PF_USE_STDIO;
…	…
136	138	static void usage(char *progname)
137	139	{
138		printf("usage: %s [-V] [-b] [-m] [-M] [-o FILE] [INPUT]\n", progname);
	140	printf("usage: %s [-V] [-b] [-U handle_unknown] [-m] [-M] [-o FILE] [INPUT]\n", progname);
139	141	printf("Build base and policy modules.\n");
140	142	printf("Options:\n");
…	…
143	145	printf(" -V show policy versions created by this program\n");
144	146	printf(" -b treat input as a binary policy file\n");
	147	printf(" -U OPTION How to handle unknown classes and permissions\n");
	148	printf(" deny: Deny unknown kernel checks\n");
	149	printf(" reject: Reject loading of policy with unknowns\n");
	150	printf(" allow: Allow unknown kernel checks\n");
145	151	printf(" -m build a policy module instead of a base module\n");
146	152	printf(" -M enable MLS policy\n");
…	…
157	163	policydb_t modpolicydb;
158	164
159		while ((ch = getopt(argc, argv, "ho:dbVmM")) != EOF) {
	165	while ((ch = getopt(argc, argv, "ho:dbVU:mM")) != EOF) {
160	166	switch (ch) {
161	167	case 'h':
…	…
172	178	show_version = 1;
173	179	break;
	180	case 'U':
	181	if (!strcasecmp(optarg, "deny")) {
	182	handle_unknown = DENY_UNKNOWN;
	183	break;
	184	}
	185	if (!strcasecmp(optarg, "reject")) {
	186	handle_unknown = REJECT_UNKNOWN;
	187	break;
	188	}
	189	if (!strcasecmp(optarg, "allow")) {
	190	handle_unknown = ALLOW_UNKNOWN;
	191	break;
	192	}
	193	usage(argv[0]);
174	194	case 'm':
175	195	policy_type = POLICY_MOD;
…	…
188	208	MOD_POLICYDB_VERSION_MIN, MOD_POLICYDB_VERSION_MAX);
189	209	exit(0);
	210	}
	211
	212	if (handle_unknown && (policy_type != POLICY_BASE)) {
	213	printf("Handling of unknown classes and permissions is only ");
	214	printf("valid in the base module\n");
	215	exit(1);
190	216	}
191	217
…	…
215	241	modpolicydb.policy_type = policy_type;
216	242	modpolicydb.mls = mlspol;
	243	modpolicydb.handle_unknown = handle_unknown;
217	244
218	245	if (read_source_policy(&modpolicydb, file, argv[0]) == -1) {

upstream/selinux/checkpolicy/checkpolicy.c

r10	r335
91	91	extern policydb_t *policydbp;
92	92	extern int mlspol;
	93	extern int handle_unknown;
93	94
94	95	static char *txtfile = "policy.conf";
…	…
100	101	{
101	102	printf
102		("usage: %s [-b] [-d] [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
	103	("usage: %s [-b] [-d] [-U handle_unknown (allow,deny,reject) [-M] [-c policyvers (%d-%d)] [-o output_file] [input_file]\n",
103	104	progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
104	105	exit(1);
…	…
391	392	struct policy_file pf;
392	393
393		while ((ch = getopt(argc, argv, "o:dbMVc:")) != EOF) {
	394	while ((ch = getopt(argc, argv, "o:dbU:MVc:")) != EOF) {
394	395	switch (ch) {
395	396	case 'o':
…	…
406	407	show_version = 1;
407	408	break;
	409	case 'U':
	410	if (!strcasecmp(optarg, "deny")) {
	411	handle_unknown = DENY_UNKNOWN;
	412	break;
	413	}
	414	if (!strcasecmp(optarg, "allow")) {
	415	handle_unknown = ALLOW_UNKNOWN;
	416	break;
	417	}
	418	if (!strcasecmp(optarg, "reject")) {
	419	handle_unknown = REJECT_UNKNOWN;
	420	break;
	421	}
	422	usage(argv[0]);
408	423	case 'M':
409	424	mlspol = 1;
…	…
516	531	/* Let sepol know if we are dealing with MLS support */
517	532	parse_policy.mls = mlspol;
	533	parse_policy.handle_unknown = handle_unknown;
518	534
519	535	policydbp = &parse_policy;

upstream/selinux/checkpolicy/policy_parse.y

r222 r335

68 68 char *curfile = 0;
69 69 int mlspol = 0;
70 int handle_unknown = 0;
70 71
71 72 extern unsigned long policydb_lineno;

upstream/selinux/checkpolicy/test/dismod.c

r10	r335
666	666	}
667	667
	668	int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
	669	{
	670	if (policydb->handle_unknown == ALLOW_UNKNOWN)
	671	fprintf(out_fp, "Allow unknown classes and perms\n");
	672	else if (policydb->handle_unknown == DENY_UNKNOWN)
	673	fprintf(out_fp, "Deny unknown classes and perms\n");
	674	else if (policydb->handle_unknown == REJECT_UNKNOWN)
	675	fprintf(out_fp, "Reject unknown classes and perms\n");
	676	return 0;
	677	}
	678
668	679	static int read_policy(char filename, policydb_t policy)
669	680	{
…	…
772	783	printf("b) Display avrule declarations\n");
773	784	printf("l) Link in a module\n");
	785	printf("u) Display the unknown handling setting\n");
774	786	printf("\n");
775	787	printf("f) set output file\n");
…	…
879	891	fprintf(out_fp, "avrule block declarations:\n");
880	892	display_avblock(6, 0, &policydb, out_fp);
	893	break;
	894	case 'u':
	895	case 'U':
	896	display_handle_unknown(&policydb, out_fp);
881	897	break;
882	898	case 'f':

upstream/selinux/checkpolicy/test/dispol.c

r10	r335
274	274	}
275	275
	276	int display_handle_unknown(policydb_t * policydb, FILE * out_fp)
	277	{
	278	if (policydb->handle_unknown == ALLOW_UNKNOWN)
	279	fprintf(out_fp, "Allow unknown classes and permisions\n");
	280	else if (policydb->handle_unknown == DENY_UNKNOWN)
	281	fprintf(out_fp, "Deny unknown classes and permisions\n");
	282	else if (policydb->handle_unknown == REJECT_UNKNOWN)
	283	fprintf(out_fp, "Reject unknown classes and permisions\n");
	284	return 0;
	285	}
	286
276	287	int change_bool(char name, int state, policydb_t p, FILE * fp)
277	288	{
…	…
299	310	printf("7) change a boolean value\n");
300	311	printf("\n");
	312	printf("u) display unknown handling setting\n");
301	313	printf("f) set output file\n");
302	314	printf("m) display menu\n");
…	…
409	421	change_bool(name, state, &policydb, out_fp);
410	422	free(name);
	423	break;
	424	case 'u':
	425	case 'U':
	426	display_handle_unknown(&policydb, out_fp);
411	427	break;
412	428	case 'f':

upstream/selinux/libselinux/ChangeLog

r292	r335
	1	2.0.35 2007-09-24
	2	* Make netlink socket close-on-exec to avoid descriptor leakage from Dan Walsh.
	3	* Pass CFLAGS when using gcc for linking from Dennis Gilmore.
	4
	5	2.0.34 2007-09-18
	6	* Fix selabel option flag setting for 64-bit from Stephen Smalley.
	7
	8	2.0.33 2007-09-12
	9	* Re-map a getxattr return value of 0 to a getfilecon return value of -1 with errno EOPNOTSUPP from Stephen Smalley.
	10	* Fall back to the compat code for security_class_to_string and security_av_perm_to_string from Stephen Smalley.
	11
	12	2.0.32 2007-09-10
	13	* Fix swig binding for rpm_execcon from James Athey.
	14
	15	2.0.31 2007-08-23
	16	* Fix file_contexts.homedirs path from Todd Miller.
	17
	18	2.0.30 2007-08-06
	19	* Fix segfault resulting from uninitialized print-callback pointer.
	20
	21	2.0.29 2007-08-02
	22	* Added x_contexts path function patch from Eamon Walsh.
	23
	24	2.0.28 2007-08-01
	25	* Fix build for EMBEDDED=y from Yuichi Nakamura.
	26
	27	2.0.27 2007-07-25
	28	* Fix markup problems in selinux man pages from Dan Walsh.
	29
	30	2.0.26 2007-07-23
	31	* Updated av_permissions.h and flask.h to include new nscd permissions from Dan Walsh.
	32	* Added swigify to top-level Makefile from Dan Walsh.
	33
	34	2.0.25 2007-07-23
	35	* Fix for string_to_security_class segfault on x86_64 from Stephen
	36	Smalley.
	37
1	38	2.0.24 2007-09-07
2	39	* Fix for getfilecon() for zero-length contexts from Stephen Smalley.

upstream/selinux/libselinux/Makefile

r292	r335
8	8	override DISABLE_RPM=y
9	9	override DISABLE_BOOL=y
	10	endif
	11	ifeq ($(DISABLE_AVC),y)
	12	EMFLAGS+= -DDISABLE_AVC
10	13	endif
11	14	ifeq ($(DISABLE_BOOL),y)
…	…
20	23	$(MAKE) -C src
21	24	$(MAKE) -C utils
	25
	26	swigify: all
	27	$(MAKE) -C src swigify
22	28
23	29	pywrap:

upstream/selinux/libselinux/VERSION

r292 r335

1 2.0.24
1 2.0.35

upstream/selinux/libselinux/include/selinux/av_permissions.h

r141	r335
291	291	#define NODE__RAWIP_SEND 0x00000020UL
292	292	#define NODE__ENFORCE_DEST 0x00000040UL
	293	#define NODE__DCCP_RECV 0x00000080UL
	294	#define NODE__DCCP_SEND 0x00000100UL
293	295	#define NETIF__TCP_RECV 0x00000001UL
294	296	#define NETIF__TCP_SEND 0x00000002UL
…	…
297	299	#define NETIF__RAWIP_RECV 0x00000010UL
298	300	#define NETIF__RAWIP_SEND 0x00000020UL
	301	#define NETIF__DCCP_RECV 0x00000040UL
	302	#define NETIF__DCCP_SEND 0x00000080UL
299	303	#define NETLINK_SOCKET__IOCTL 0x00000001UL
300	304	#define NETLINK_SOCKET__READ 0x00000002UL
…	…
838	842	#define NSCD__SHMEMGRP 0x00000040UL
839	843	#define NSCD__SHMEMHOST 0x00000080UL
	844	#define NSCD__GETSERV 0x00000100UL
	845	#define NSCD__SHMEMSERV 0x00000200UL
840	846	#define ASSOCIATION__SENDTO 0x00000001UL
841	847	#define ASSOCIATION__RECVFROM 0x00000002UL
…	…
898	904	#define CONTEXT__TRANSLATE 0x00000001UL
899	905	#define CONTEXT__CONTAINS 0x00000002UL
	906	#define DCCP_SOCKET__IOCTL 0x00000001UL
	907	#define DCCP_SOCKET__READ 0x00000002UL
	908	#define DCCP_SOCKET__WRITE 0x00000004UL
	909	#define DCCP_SOCKET__CREATE 0x00000008UL
	910	#define DCCP_SOCKET__GETATTR 0x00000010UL
	911	#define DCCP_SOCKET__SETATTR 0x00000020UL
	912	#define DCCP_SOCKET__LOCK 0x00000040UL
	913	#define DCCP_SOCKET__RELABELFROM 0x00000080UL
	914	#define DCCP_SOCKET__RELABELTO 0x00000100UL
	915	#define DCCP_SOCKET__APPEND 0x00000200UL
	916	#define DCCP_SOCKET__BIND 0x00000400UL
	917	#define DCCP_SOCKET__CONNECT 0x00000800UL
	918	#define DCCP_SOCKET__LISTEN 0x00001000UL
	919	#define DCCP_SOCKET__ACCEPT 0x00002000UL
	920	#define DCCP_SOCKET__GETOPT 0x00004000UL
	921	#define DCCP_SOCKET__SETOPT 0x00008000UL
	922	#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
	923	#define DCCP_SOCKET__RECVFROM 0x00020000UL
	924	#define DCCP_SOCKET__SENDTO 0x00040000UL
	925	#define DCCP_SOCKET__RECV_MSG 0x00080000UL
	926	#define DCCP_SOCKET__SEND_MSG 0x00100000UL
	927	#define DCCP_SOCKET__NAME_BIND 0x00200000UL
	928	#define DCCP_SOCKET__NODE_BIND 0x00400000UL
	929	#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
	930	#define MEMPROTECT__MMAP_ZERO 0x00000001UL

upstream/selinux/libselinux/include/selinux/flask.h

r84	r335
65	65	#define SECCLASS_KEY 58
66	66	#define SECCLASS_CONTEXT 59
	67	#define SECCLASS_DCCP_SOCKET 60
	68	#define SECCLASS_MEMPROTECT 61
67	69
68	70	/*

upstream/selinux/libselinux/include/selinux/selinux.h

r292	r335
455	455	extern const char *selinux_homedir_context_path(void);
456	456	extern const char *selinux_media_context_path(void);
	457	extern const char *selinux_x_context_path(void);
457	458	extern const char *selinux_contexts_path(void);
458	459	extern const char *selinux_securetty_types_path(void);

upstream/selinux/libselinux/man/man3/avc_add_callback.3

r292	r335
7	7	.SH "SYNOPSIS"
8	8	.B #include <selinux/selinux.h>
9		.br
	9
10	10	.B #include <selinux/avc.h>
11	11	.sp
…	…
13	13	.in +\w'int avc_add_callback(int (*callback)('u
14	14	.BI "security_id_t " ssid ,
15		.br
	15
16	16	.BI "security_id_t " tsid ,
17		.br
	17
18	18	.BI "security_class_t " tclass ,
19		.br
	19
20	20	.BI "access_vector_t " perms ,
21		.br
	21
22	22	.BI "access_vector_t *" out_retained "),"
23	23	.in
24	24	.in +\w'int avc_add_callback('u
25	25	.BI "uint32_t " events ", security_id_t " ssid ,
26		.br
	26
27	27	.BI "security_id_t " tsid ", security_class_t " tclass ,
28		.br
	28
29	29	.BI "access_vector_t " perms ");"
30	30	.in

upstream/selinux/libselinux/man/man3/avc_cache_stats.3

r292 r335

7 7 .SH "SYNOPSIS"
8 8 .B #include <selinux/selinux.h>
9 .br
9
10 10 .B #include <selinux/avc.h>
11 11 .sp
upstream/selinux/libselinux/man/man3/avc_compute_create.3

r292 r335

7 7 .SH "SYNOPSIS"
8 8 .B #include <selinux/selinux.h>
9 .br
9
10 10 .B #include <selinux/avc.h>
11 11 .sp
upstream/selinux/libselinux/man/man3/avc_context_to_sid.3

r292 r335

7 7 .SH "SYNOPSIS"
8 8 .B #include <selinux/selinux.h>
9 .br
9
10 10 .B #include <selinux/avc.h>
11 11 .sp

upstream/selinux/libselinux/man/man3/avc_has_perm.3

r292	r335
7	7	.SH "SYNOPSIS"
8	8	.B #include <selinux/selinux.h>
9		.br
	9
10	10	.B #include <selinux/avc.h>
11	11	.sp
…	…
15	15	.in +\w'int avc_has_perm('u
16	16	.BI "security_class_t " tclass ", access_vector_t " requested ,
17		.br
	17
18	18	.BI "struct avc_entry_ref " aeref ", void " auditdata ");"
19	19	.in
…	…
22	22	.in +\w'int avc_has_perm('u
23	23	.BI "security_class_t " tclass ", access_vector_t " requested ,
24		.br
	24
25	25	.BI "struct avc_entry_ref " aeref ", struct av_decision " avd ");"
26	26	.in
…	…
29	29	.in +\w'void avc_audit('u
30	30	.BI "security_class_t " tclass ", access_vector_t " requested ,
31		.br
	31
32	32	.BI "struct av_decision " avd ", int " result ", void " auditdata ");"
33	33	.in

upstream/selinux/libselinux/man/man3/avc_init.3

r292	r335
7	7	.SH "SYNOPSIS"
8	8	.B #include <selinux/selinux.h>
9		.br
	9
10	10	.B #include <selinux/avc.h>
11	11	.sp
…	…
13	13	.in +\w'int avc_init('u
14	14	.BI "const struct avc_memory_callback *" mem_callbacks ,
15		.br
	15
16	16	.BI "const struct avc_log_callback *" log_callbacks ,
17		.br
	17
18	18	.BI "const struct avc_thread_callback *" thread_callbacks ,
19		.br
	19
20	20	.BI "const struct avc_lock_callback *" lock_callbacks ");"
21	21	.in

upstream/selinux/libselinux/man/man3/context_new.3

r222	r335
5	5	.SH "SYNOPSIS"
6	6	.B #include <selinux/context.h>
7		.br
	7
8	8	.B "context_t context_new(const char *" context_str );
9		.br
	9
10	10	.B "const char * context_str(context_t " con );
11		.br
	11
12	12	.B "void context_free(context_t " con );
13		.br
	13
14	14	.B "const char * context_type_get(context_t " con );
15		.br
	15
16	16	.B "const char * context_range_get(context_t " con );
17		.br
	17
18	18	.B "const char * context_role_get(context_t " con );
19		.br
	19
20	20	.B "const char * context_user_get(context_t " con );
21		.br
	21
22	22	.B "const char * context_type_set(context_t " con ", const char* " type);
23		.br
	23
24	24	.B "const char * context_range_set(context_t " con ", const char* " range);
25		.br
	25
26	26	.B "const char * context_role_set(context_t " con ", const char* " role );
27		.br
	27
28	28	.B "const char * context_user_set(context_t " con ", const char* " user );
29	29

upstream/selinux/libselinux/man/man3/freecon.3

r292 r335

6 6 .sp
7 7 .BI "void freecon(security_context_t "con );
8 .br
8
9 9 .BI "void freeconary(security_context_t *" con );
10 10
upstream/selinux/libselinux/man/man3/get_ordered_context_list.3

r292 r335

5 5 .SH "SYNOPSIS"
6 6 .B #include <selinux/selinux.h>
7 .br
7
8 8 .B #include <selinux/get_context_list.h>
9 9 .sp

upstream/selinux/libselinux/man/man3/getcon.3

r292	r335
2	2	.SH "NAME"
3	3	getcon, getprevcon, getpidcon \- get SELinux security context of a process.
4		.br
	4
5	5	getpeercon - get security context of a peer socket.
6		.br
	6
7	7	setcon - set current security context of a process.
8	8	.SH "SYNOPSIS"
…	…
10	10	.sp
11	11	.BI "int getcon(security_context_t *" context );
12		.br
	12
13	13	.BI "int getprevcon(security_context_t *" context );
14		.br
	14
15	15	.BI "int getpidcon(pid_t " pid ", security_context_t *" context );
16		.br
	16
17	17	.BI "int getpeercon(int " fd ", security_context_t *" context);
18		.br
	18
19	19	.BI "int setcon(security_context_t " context);
20	20

upstream/selinux/libselinux/man/man3/getexeccon.3

r292	r335
2	2	.SH "NAME"
3	3	getexeccon, setexeccon \- get or set the SELinux security context used for executing a new process.
4		.br
	4
5	5	rpm_execcon \- run a helper for rpm in an appropriate security context
6	6
…	…
9	9	.sp
10	10	.BI "int getexeccon(security_context_t *" context );
11		.br
	11
12	12	.BI "int setexeccon(security_context_t "context );
13

r222	r335
68	68	char *curfile = 0;
69	69	int mlspol = 0;
	70	int handle_unknown = 0;
70	71
71	72	extern unsigned long policydb_lineno;

r292	r335
6	6	.sp
7	7	.BI "void freecon(security_context_t "con );
8		.br
	8
9	9	.BI "void freeconary(security_context_t *" con );
10	10

r292	r335
5	5	.SH "SYNOPSIS"
6	6	.B #include <selinux/selinux.h>
7		.br
	7
8	8	.B #include <selinux/get_context_list.h>
9	9	.sp