Re: [PATCH] procattr.c: Use __BIONIC__ instead of __ANDROID__

On Thursday, May 11, 2017, Tom Cherry via Selinux wrote: > This check is not specific to Android devices. If libselinux were used > with Bionic on a normal Linux system this check would still be needed. > > Signed-off-by: Tom Cherry > >

[PATCH] procattr.c: Use __BIONIC__ instead of __ANDROID__

This check is not specific to Android devices. If libselinux were used with Bionic on a normal Linux system this check would still be needed. Signed-off-by: Tom Cherry --- libselinux/src/procattr.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git

Re: [PATCH v3 1/2] selinux: add brief info to policydb

On 5/11/2017 1:22 PM, Stephen Smalley wrote: > On Thu, 2017-05-11 at 08:56 -0700, Casey Schaufler wrote: >> On 5/11/2017 5:59 AM, Sebastien Buisson wrote: >>> Add policybrief field to struct policydb. It holds a brief info >>> of the policydb, in the following form: >>> <0 or 1 for enforce>:<0 or

Re: [PATCH v3 1/2] selinux: add brief info to policydb

On Thu, 2017-05-11 at 08:56 -0700, Casey Schaufler wrote: > On 5/11/2017 5:59 AM, Sebastien Buisson wrote: > > Add policybrief field to struct policydb. It holds a brief info > > of the policydb, in the following form: > > <0 or 1 for enforce>:<0 or 1 for checkreqprot>:= > > Policy brief is

Re: [PATCH v3 1/2] selinux: add brief info to policydb

On 5/11/2017 5:59 AM, Sebastien Buisson wrote: > Add policybrief field to struct policydb. It holds a brief info > of the policydb, in the following form: > <0 or 1 for enforce>:<0 or 1 for checkreqprot>:= > Policy brief is computed every time the policy is loaded, and when > enforce or

Re: [PATCH 5/9] libsepol: Add ibendport ocontext handling

On 5/10/2017 2:05 PM, Stephen Smalley wrote: > On Tue, 2017-05-09 at 23:50 +0300, Dan Jurgens wrote: >> From: Daniel Jurgens >> >> --- a/libsepol/include/sepol/policydb/services.h >> +++ b/libsepol/include/sepol/policydb/services.h >> @@ -199,6 +199,16 @@ extern int

Re: [PATCH 5/9] libsepol: Add ibendport ocontext handling

Like I mentioned for patch 2, kernel_to_cil.c and kernel_to_conf.c need to be updated. Jim On 05/09/2017 04:50 PM, Dan Jurgens wrote: From: Daniel Jurgens Add support for reading, writing, and copying IB end port ocontext data. Also add support for querying a IB end

Re: [PATCH 2/9] libsepol: Add ibpkey ocontext handling

libsepol now has the functionality to write cil or a policy.conf from a kernel policy, so kernel_to_cil.c and kernel_to_conf.c need to be updated as well. Doing that shouldn't be any more complicated than what was done for module_to_c. Jim On 05/09/2017 04:50 PM, Dan Jurgens wrote: From:

Re: [PATCH v3 1/2] selinux: add brief info to policydb

On Thu, 2017-05-11 at 21:59 +0900, Sebastien Buisson wrote: > Add policybrief field to struct policydb. It holds a brief info > of the policydb, in the following form: > <0 or 1 for enforce>:<0 or 1 for checkreqprot>:= > Policy brief is computed every time the policy is loaded, and when > enforce

Re: [PATCH v2 1/2] selinux: add brief info to policydb

2017-05-05 20:33 GMT+02:00 Casey Schaufler : > How do you see policy_brief being used by a modules > with dynamic policy? Policy's brief is computed on the binary representation every time the policy is loaded, and when enforce or checkreqprot are changed. It should not be

[PATCH v3 2/2] selinux: expose policy brief via selinuxfs

Expose policy brief via selinuxfs. Signed-off-by: Sebastien Buisson --- security/selinux/selinuxfs.c | 26 ++ 1 file changed, 26 insertions(+) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index 8c9f5b7..50f69c5 100644 ---

[PATCH v3 1/2] selinux: add brief info to policydb

Add policybrief field to struct policydb. It holds a brief info of the policydb, in the following form: <0 or 1 for enforce>:<0 or 1 for checkreqprot>:= Policy brief is computed every time the policy is loaded, and when enforce or checkreqprot are changed. Add security_policy_brief hook to give