09c783c9a36cd47216df827c5d2c21ec8cd613e2 - fp2-dev/platform/external/selinux

commit	09c783c9a36cd47216df827c5d2c21ec8cd613e2	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Mon Dec 05 13:28:51 2011 -0500
committer	Eric Paris <eparis@redhat.com>	Tue Mar 27 16:49:31 2012 -0400
tree	cdedfa454771c15e988e777806557b97d16f45e2
parent	339f8079d7b9dd1e0b0138e2d096dc7c60b2092e [diff]

libsepol: checkpolicy: implement new default labeling behaviors

We would like to be able to say that the user, role, or range of a newly
created object should be based on the user, role, or range of either the
source or the target of the creation operation.  aka, for a new file
this could be the user of the creating process or the user or the parent
directory.  This patch implements the new language and the policydb
support to give this information to the kernel.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>

checkpolicy/policy_define.c[diff]
checkpolicy/policy_define.h[diff]
checkpolicy/policy_parse.y[diff]
checkpolicy/policy_scan.l[diff]
libsepol/include/sepol/policydb/policydb.h[diff]
libsepol/src/expand.c[diff]
libsepol/src/link.c[diff]
libsepol/src/policydb.c[diff]
libsepol/src/write.c[diff]

9 files changed

tree: cdedfa454771c15e988e777806557b97d16f45e2

checkpolicy/
libselinux/
libsemanage/
libsepol/
policycoreutils/
scripts/
sepolgen/
.gitignore
Makefile