Merge "libsepol: trigger new RTM_GETLINK behavior"
diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 0000000..5d3177d
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1,40 @@
+# Configuration file for https://circleci.com/
+
+version: 2
+
+jobs:
+ build:
+ docker:
+ # Use a Python image from https://hub.docker.com/r/circleci/python/tags/
+ - image: circleci/python:3.6
+
+ steps:
+ - checkout
+
+ # Install dependencies
+ - run: sudo apt-get update -qq
+ - run: sudo apt-get install -qq bison clang clang-tools flex gawk gettext libaudit-dev libcap-dev libcap-ng-dev libcunit1-dev libdbus-glib-1-dev libpcre3-dev python3-dev python-dev ruby-dev swig xmlto
+
+ - run:
+ name: Setup environment variables
+ command: |
+ echo 'export DESTDIR=$HOME/destdir' >> "$BASH_ENV"
+
+ # Download and install refpolicy headers for sepolgen tests
+ - run:
+ name: Download refpolicy Makefile
+ command: |
+ curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2
+ tar -xvjf refpolicy.tar.bz2
+ sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
+ sudo make -C refpolicy install-headers
+ sudo mkdir -p /etc/selinux
+ echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
+ echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
+ sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py
+
+ # Run clang's scan-build and store the result as artifacts
+ - run: ./scripts/run-scan-build
+ - store_artifacts:
+ path: scripts/output-scan-build
+ destination: output-scan-build
diff --git a/.travis.yml b/.travis.yml
index 7a9e73c..e9f86ba 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -17,10 +17,8 @@
- PYVER=python3.7 RUBYLIBVER=2.6 LINKER=bfd
# Test several Python versions
- - PYVER=python2.7 RUBYLIBVER=2.6
- PYVER=python3.5 RUBYLIBVER=2.6
- PYVER=python3.6 RUBYLIBVER=2.6
- - PYVER=pypy2.7-6.0 RUBYLIBVER=2.6
- PYVER=pypy3.5-6.0 RUBYLIBVER=2.6
# Test several Ruby versions (http://rubies.travis-ci.org/)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000..a3517cb
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,87 @@
+# Contributing to SELinux
+
+Contributing to the SELinux userspace project is a similar process to
+other open source projects. Bug reports, new features to the existing
+code, additional tools, or updated documentation are all welcome.
+
+You can find a list of open issues where you might contribute to the SELinux kernel code at
+https://github.com/SELinuxProject/selinux-kernel/issues or to the SELinux userspace code at
+https://github.com/SELinuxProject/selinux/issues.
+
+See the selinuxproject.org [user resources
+page](http://selinuxproject.org/page/User_Resources) for more
+information on mailing lists, documentation, and other resources.
+
+## Reporting Bugs
+
+All bugs and patches should be submitted to the [SELinux mailing
+list](https://lore.kernel.org/selinux) at selinux@vger.kernel.org.
+
+When reporting bugs please include versions of SELinux related libraries and
+tools (libsepol, libselinux, libsemanage, checkpolicy). If you are
+using a custom policy please include it as well.
+
+## Compiling
+
+There are a number of dependencies required to build the userspace
+tools/libraries. On a Fedora system you can install them with yum:
+
+ # yum install audit-libs-devel bison bzip2-devel dbus-devel dbus-glib-devel flex flex-devel flex-static glib2-devel libcap-devel libcap-ng-devel pam-devel pcre-devel python-devel setools-devel swig ustr-devel
+
+The tools and libraries can be built and installed under a private directory from the top level with make, e.g.
+
+ $ make DESTDIR=~/obj install install-pywrap
+
+## Contributing Code
+
+After obtaining the code of the repository (see below), create a patch
+against the repository, and post that patch to the [SELinux mailing
+list](https://lore.kernel.org/selinux) at selinux@vger.kernel.org. When preparing
+patches, please follow these guidelines:
+
+- Patches should apply with -p1
+- Must apply against HEAD of the master branch
+- Separate large patches into logical patches
+- Patch descriptions must end with your "Signed-off-by" line. This means your
+ code meets the Developer's certificate of origin, see below.
+
+When adding new, large features or tools it is best to discuss the
+design on the mailing list prior to submitting the patch.
+
+## Development Repository
+
+Git is a modern source code management system. For more information
+about Git please see the Git website.
+
+To get an anonymous checkout of the SELinux userland repository you can
+run:
+
+ $ git clone https://github.com/SELinuxProject/selinux.git
+
+# Developer Certificate of Origin
+
+ Developer's Certificate of Origin 1.1
+
+ By making a contribution to this project, I certify that:
+
+ (a) The contribution was created in whole or in part by me and I
+ have the right to submit it under the open source license
+ indicated in the file; or
+
+ (b) The contribution is based upon previous work that, to the best
+ of my knowledge, is covered under an appropriate open source
+ license and I have the right under that license to submit that
+ work with modifications, whether created in whole or in part
+ by me, under the same open source license (unless I am
+ permitted to submit under a different license), as indicated
+ in the file; or
+
+ (c) The contribution was provided directly to me by some other
+ person who certified (a), (b) or (c) and I have not modified
+ it.
+
+ (d) I understand and agree that this project and the contribution
+ are public and that a record of the contribution (including all
+ personal information I submit with it, including my sign-off) is
+ maintained indefinitely and may be redistributed consistent with
+ this project or the open source license(s) involved.
diff --git a/Makefile b/Makefile
index c238dbc..298cd2b 100644
--- a/Makefile
+++ b/Makefile
@@ -16,7 +16,8 @@
-Wstrict-prototypes \
-Wundef \
-Wunused \
- -Wwrite-strings
+ -Wwrite-strings \
+ -fno-common
endif
ifneq ($(DESTDIR),)
diff --git a/checkpolicy/VERSION b/checkpolicy/VERSION
index 8c26915..9f55b2c 100644
--- a/checkpolicy/VERSION
+++ b/checkpolicy/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/checkpolicy/checkmodule.8 b/checkpolicy/checkmodule.8
index e55582f..e597d9d 100644
--- a/checkpolicy/checkmodule.8
+++ b/checkpolicy/checkmodule.8
@@ -59,8 +59,7 @@
.SH "SEE ALSO"
.B semodule(8), semodule_package(8)
-SELinux documentation at http://www.nsa.gov/research/selinux,
-especially "Configuring the SELinux Policy".
+SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki
.SH AUTHOR
diff --git a/checkpolicy/checkpolicy.8 b/checkpolicy/checkpolicy.8
index 8f7dad4..97e10ca 100644
--- a/checkpolicy/checkpolicy.8
+++ b/checkpolicy/checkpolicy.8
@@ -3,7 +3,7 @@
checkpolicy \- SELinux policy compiler
.SH SYNOPSIS
.B checkpolicy
-.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
+.I "[\-b[F]] [\-C] [\-d] [\-U handle_unknown (allow,deny,reject)] [\-M] [\-c policyvers] [\-o output_file|\-] [\-S] [\-t target_platform (selinux,xen)] [\-V] [input_file]"
.br
.SH "DESCRIPTION"
This manual page describes the
@@ -40,7 +40,9 @@
Specify the policy version, defaults to the latest.
.TP
.B \-o,\-\-output filename
-Write a binary policy file to the specified filename.
+Write a policy file (binary, policy.conf, or CIL policy)
+to the specified filename. If - is given as filename,
+write it to standard output.
.TP
.B \-S,\-\-sort
Sort ocontexts before writing out the binary policy. This option makes output of checkpolicy consistent with binary policies created by semanage and secilc.
@@ -48,6 +50,9 @@
.B \-t,\-\-target
Specify the target platform (selinux or xen).
.TP
+.B \-O,\-\-optimize
+Optimize the final kernel policy (remove redundant rules).
+.TP
.B \-V,\-\-version
Show version information.
.TP
@@ -55,8 +60,7 @@
Show usage information.
.SH "SEE ALSO"
-SELinux documentation at http://www.nsa.gov/research/selinux,
-especially "Configuring the SELinux Policy".
+SELinux Reference Policy documentation at https://github.com/SELinuxProject/refpolicy/wiki
.SH AUTHOR
diff --git a/checkpolicy/checkpolicy.c b/checkpolicy/checkpolicy.c
index e0a00f7..7c5b63f 100644
--- a/checkpolicy/checkpolicy.c
+++ b/checkpolicy/checkpolicy.c
@@ -112,7 +112,7 @@
{
printf
("usage: %s [-b[F]] [-C] [-d] [-U handle_unknown (allow,deny,reject)] [-M] "
- "[-c policyvers (%d-%d)] [-o output_file] [-S] "
+ "[-c policyvers (%d-%d)] [-o output_file|-] [-S] "
"[-t target_platform (selinux,xen)] [-V] [input_file]\n",
progname, POLICYDB_VERSION_MIN, POLICYDB_VERSION_MAX);
exit(1);
@@ -390,11 +390,12 @@
struct sepol_av_decision avd;
class_datum_t *cladatum;
const char *file = txtfile;
- char ans[80 + 1], *outfile = NULL, *path, *fstype;
+ char ans[80 + 1], *path, *fstype;
+ const char *outfile = NULL;
size_t scontext_len, pathlen;
unsigned int i;
unsigned int protocol, port;
- unsigned int binary = 0, debug = 0, sort = 0, cil = 0, conf = 0;
+ unsigned int binary = 0, debug = 0, sort = 0, cil = 0, conf = 0, optimize = 0;
struct val_to_name v;
int ret, ch, fd, target = SEPOL_TARGET_SELINUX;
unsigned int nel, uret;
@@ -419,11 +420,12 @@
{"cil", no_argument, NULL, 'C'},
{"conf",no_argument, NULL, 'F'},
{"sort", no_argument, NULL, 'S'},
+ {"optimize", no_argument, NULL, 'O'},
{"help", no_argument, NULL, 'h'},
{NULL, 0, NULL, 0}
};
- while ((ch = getopt_long(argc, argv, "o:t:dbU:MCFSVc:h", long_options, NULL)) != -1) {
+ while ((ch = getopt_long(argc, argv, "o:t:dbU:MCFSVc:Oh", long_options, NULL)) != -1) {
switch (ch) {
case 'o':
outfile = optarg;
@@ -466,6 +468,9 @@
case 'S':
sort = 1;
break;
+ case 'O':
+ optimize = 1;
+ break;
case 'M':
mlspol = 1;
break;
@@ -625,12 +630,25 @@
if (policydb_load_isids(&policydb, &sidtab))
exit(1);
- if (outfile) {
- outfp = fopen(outfile, "w");
- if (!outfp) {
- perror(outfile);
+ if (optimize && policydbp->policy_type == POLICY_KERN) {
+ ret = policydb_optimize(policydbp);
+ if (ret) {
+ fprintf(stderr, "%s: error optimizing policy\n", argv[0]);
exit(1);
}
+ }
+
+ if (outfile) {
+ if (!strcmp(outfile, "-")) {
+ outfp = stdout;
+ outfile = "<STDOUT>";
+ } else {
+ outfp = fopen(outfile, "w");
+ if (!outfp) {
+ perror(outfile);
+ exit(1);
+ }
+ }
policydb.policyvers = policyvers;
@@ -670,7 +688,7 @@
}
}
- if (outfile) {
+ if (outfp != stdout) {
fclose(outfp);
}
} else if (cil) {
diff --git a/checkpolicy/checkpolicy.h b/checkpolicy/checkpolicy.h
index 3868f1f..f127687 100644
--- a/checkpolicy/checkpolicy.h
+++ b/checkpolicy/checkpolicy.h
@@ -1,20 +1,6 @@
#ifndef _CHECKPOLICY_H_
#define _CHECKPOLICY_H_
-#include <sepol/policydb/ebitmap.h>
-
-typedef struct te_assert {
- ebitmap_t stypes;
- ebitmap_t ttypes;
- ebitmap_t tclasses;
- int self;
- sepol_access_vector_t *avp;
- unsigned long line;
- struct te_assert *next;
-} te_assert_t;
-
-te_assert_t *te_assertions;
-
extern unsigned int policyvers;
#endif
diff --git a/checkpolicy/parse_util.c b/checkpolicy/parse_util.c
index 9fda5b4..f2809b4 100644
--- a/checkpolicy/parse_util.c
+++ b/checkpolicy/parse_util.c
@@ -69,9 +69,6 @@
}
queue_destroy(id_queue);
- if (policydb_errors)
- return -1;
-
fclose(yyin);
return 0;
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index db14383..e295bc5 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -2022,7 +2022,7 @@
return -1;
if (avrule_merge_ioctls(&rangehead))
return -1;
- /* flip ranges if these are ommited*/
+ /* flip ranges if these are omitted */
if (omit) {
if (avrule_omit_ioctls(&rangehead))
return -1;
@@ -2189,7 +2189,7 @@
/*
* using definitions found in kernel document ioctl-number.txt
* The kernel components of an ioctl command are:
- * dir, size, driver, and fucntion. Only the driver and function fields
+ * dir, size, driver, and function. Only the driver and function fields
* are considered here
*/
#define IOC_DRIV(x) (x >> 8)
@@ -3377,9 +3377,9 @@
goto bad;
}
- /* We expand the class set into seperate rules. We expand the types
+ /* We expand the class set into separate rules. We expand the types
* just to make sure there are not duplicates. They will get turned
- * into seperate rules later */
+ * into separate rules later */
if (type_set_expand(&stypes, &e_stypes, policydbp, 1))
goto bad;
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index 247bd4e..abb7d88 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -155,7 +155,7 @@
%token PERMISSIVE
%token FILESYSTEM
%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE
-%token LOW_HIGH LOW HIGH
+%token LOW_HIGH LOW HIGH GLBLUB
%left OR
%left XOR
@@ -247,6 +247,8 @@
{if (define_default_range(DEFAULT_TARGET_HIGH)) return -1; }
| DEFAULT_RANGE names TARGET LOW_HIGH ';'
{if (define_default_range(DEFAULT_TARGET_LOW_HIGH)) return -1; }
+ | DEFAULT_RANGE names GLBLUB';'
+ {if (define_default_range(DEFAULT_GLBLUB)) return -1; }
;
opt_mls : mls
|
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index e93ccb6..e2f676e 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -256,6 +256,8 @@
HIGH { return(HIGH); }
low |
LOW { return(LOW); }
+glblub |
+GLBLUB { return(GLBLUB); }
"/"[^ \n\r\t\f]* { return(PATH); }
\""/"[^\"\n]*\" { return(QPATH); }
\"[^"/"\"\n]+\" { return(FILENAME); }
diff --git a/checkpolicy/ru/checkmodule.8 b/checkpolicy/ru/checkmodule.8
index 93e68e7..a1d687e 100644
--- a/checkpolicy/ru/checkmodule.8
+++ b/checkpolicy/ru/checkmodule.8
@@ -46,8 +46,7 @@
.SH "СМОТРИТЕ ТАКЖЕ"
.B semodule(8), semodule_package(8)
-Документация SELinux по адресу http://www.nsa.gov/research/selinux,
-в частности - "Настройка политики SELinux".
+Документация SELinux Reference Policy по адресу https://github.com/SELinuxProject/refpolicy/wiki
.SH АВТОРЫ
diff --git a/checkpolicy/ru/checkpolicy.8 b/checkpolicy/ru/checkpolicy.8
index 2ad39b8..25b0e55 100644
--- a/checkpolicy/ru/checkpolicy.8
+++ b/checkpolicy/ru/checkpolicy.8
@@ -51,9 +51,7 @@
Показать сведения об использовании.
.SH "СМОТРИТЕ ТАКЖЕ"
-Документация SELinux по адресу http://www.nsa.gov/research/selinux,
-в частности - "Настройка политики SELinux".
-
+Документация SELinux Reference Policy по адресу https://github.com/SELinuxProject/refpolicy/wiki
.SH АВТОРЫ
Эта страница руководства была написана Arpad Magosanyi <mag@bunuel.tii.matav.hu>,
diff --git a/dbus/VERSION b/dbus/VERSION
index 8c26915..9f55b2c 100644
--- a/dbus/VERSION
+++ b/dbus/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/dbus/selinux_server.py b/dbus/selinux_server.py
index 98ab53d..be4f455 100644
--- a/dbus/selinux_server.py
+++ b/dbus/selinux_server.py
@@ -19,7 +19,7 @@
#
# The semanage method runs a transaction on a series of semanage commands,
- # these commnds can take the output of customized
+ # these commands can take the output of customized
#
@slip.dbus.polkit.require_auth("org.selinux.semanage")
@dbus.service.method("org.selinux", in_signature='s')
@@ -85,7 +85,10 @@
fd = open("/.autorelabel", "w")
fd.close()
else:
- os.unlink("/.autorelabel")
+ try:
+ os.unlink("/.autorelabel")
+ except FileNotFoundError:
+ pass
def write_selinux_config(self, enforcing=None, policy=None):
path = selinux.selinux_path() + "config"
diff --git a/gui/VERSION b/gui/VERSION
index 8c26915..9f55b2c 100644
--- a/gui/VERSION
+++ b/gui/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/gui/modulesPage.py b/gui/modulesPage.py
index cb856b2..0584acf 100644
--- a/gui/modulesPage.py
+++ b/gui/modulesPage.py
@@ -125,9 +125,10 @@
def delete(self):
store, iter = self.view.get_selection().get_selected()
module = store.get_value(iter, 0)
+ priority = store.get_value(iter, 1)
try:
self.wait()
- status, output = getstatusoutput("semodule -r %s" % module)
+ status, output = getstatusoutput("semodule -X %s -r %s" % (priority, module))
self.ready()
if status != 0:
self.error(output)
diff --git a/gui/polgen.ui b/gui/polgen.ui
index 6a8c067..91b3abc 100644
--- a/gui/polgen.ui
+++ b/gui/polgen.ui
@@ -901,7 +901,7 @@
<object class="GtkTreeView" id="existing_user_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip-text" translatable="yes">Select the user roles that will transiton to the %s domain.</property>
+ <property name="tooltip-text" translatable="yes">Select the user roles that will transition to the %s domain.</property>
<property name="headers_visible">False</property>
</object>
</child>
@@ -1004,7 +1004,7 @@
<object class="GtkTreeView" id="user_transition_treeview">
<property name="visible">True</property>
<property name="can_focus">True</property>
- <property name="tooltip-text" translatable="yes">Select the user roles that will transiton to this applications domains.</property>
+ <property name="tooltip-text" translatable="yes">Select the user roles that will transition to this applications domains.</property>
<property name="headers_visible">False</property>
</object>
</child>
diff --git a/gui/polgengui.py b/gui/polgengui.py
index b1cc993..d284ded 100644
--- a/gui/polgengui.py
+++ b/gui/polgengui.py
@@ -769,7 +769,7 @@
self.syslog_checkbutton.set_active(policy.use_syslog)
def stand_alone(self):
- desktopName = _("Configue SELinux")
+ desktopName = _("Configure SELinux")
self.setupScreen()
self.mainWindow.connect("destroy", self.quit)
diff --git a/gui/system-config-selinux.py b/gui/system-config-selinux.py
index c42301b..3f70122 100644
--- a/gui/system-config-selinux.py
+++ b/gui/system-config-selinux.py
@@ -181,7 +181,7 @@
self.view.get_selection().select_path((0,))
def stand_alone(self):
- desktopName = _("Configue SELinux")
+ desktopName = _("Configure SELinux")
self.setupScreen()
diff --git a/lgtm.yml b/lgtm.yml
new file mode 100644
index 0000000..f80bf14
--- /dev/null
+++ b/lgtm.yml
@@ -0,0 +1,5 @@
+extraction:
+ cpp:
+ index:
+ build_command:
+ - make DESTDIR="$LGTM_WORKSPACE/destdir" install
diff --git a/libselinux/VERSION b/libselinux/VERSION
index 8c26915..9f55b2c 100644
--- a/libselinux/VERSION
+++ b/libselinux/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/libselinux/include/selinux/av_permissions.h b/libselinux/include/selinux/av_permissions.h
deleted file mode 100644
index c1269af..0000000
--- a/libselinux/include/selinux/av_permissions.h
+++ /dev/null
@@ -1,1029 +0,0 @@
-#warning "Please remove any #include of this header in your source code."
-#warning "Instead, use string_to_av_perm() to map the permission name to a value."
-
-/* This file is automatically generated. Do not edit. */
-#define COMMON_FILE__IOCTL 0x00000001UL
-#define COMMON_FILE__READ 0x00000002UL
-#define COMMON_FILE__WRITE 0x00000004UL
-#define COMMON_FILE__CREATE 0x00000008UL
-#define COMMON_FILE__GETATTR 0x00000010UL
-#define COMMON_FILE__SETATTR 0x00000020UL
-#define COMMON_FILE__LOCK 0x00000040UL
-#define COMMON_FILE__RELABELFROM 0x00000080UL
-#define COMMON_FILE__RELABELTO 0x00000100UL
-#define COMMON_FILE__APPEND 0x00000200UL
-#define COMMON_FILE__UNLINK 0x00000400UL
-#define COMMON_FILE__LINK 0x00000800UL
-#define COMMON_FILE__RENAME 0x00001000UL
-#define COMMON_FILE__EXECUTE 0x00002000UL
-#define COMMON_FILE__SWAPON 0x00004000UL
-#define COMMON_FILE__QUOTAON 0x00008000UL
-#define COMMON_FILE__MOUNTON 0x00010000UL
-#define COMMON_SOCKET__IOCTL 0x00000001UL
-#define COMMON_SOCKET__READ 0x00000002UL
-#define COMMON_SOCKET__WRITE 0x00000004UL
-#define COMMON_SOCKET__CREATE 0x00000008UL
-#define COMMON_SOCKET__GETATTR 0x00000010UL
-#define COMMON_SOCKET__SETATTR 0x00000020UL
-#define COMMON_SOCKET__LOCK 0x00000040UL
-#define COMMON_SOCKET__RELABELFROM 0x00000080UL
-#define COMMON_SOCKET__RELABELTO 0x00000100UL
-#define COMMON_SOCKET__APPEND 0x00000200UL
-#define COMMON_SOCKET__BIND 0x00000400UL
-#define COMMON_SOCKET__CONNECT 0x00000800UL
-#define COMMON_SOCKET__LISTEN 0x00001000UL
-#define COMMON_SOCKET__ACCEPT 0x00002000UL
-#define COMMON_SOCKET__GETOPT 0x00004000UL
-#define COMMON_SOCKET__SETOPT 0x00008000UL
-#define COMMON_SOCKET__SHUTDOWN 0x00010000UL
-#define COMMON_SOCKET__RECVFROM 0x00020000UL
-#define COMMON_SOCKET__SENDTO 0x00040000UL
-#define COMMON_SOCKET__RECV_MSG 0x00080000UL
-#define COMMON_SOCKET__SEND_MSG 0x00100000UL
-#define COMMON_SOCKET__NAME_BIND 0x00200000UL
-#define COMMON_IPC__CREATE 0x00000001UL
-#define COMMON_IPC__DESTROY 0x00000002UL
-#define COMMON_IPC__GETATTR 0x00000004UL
-#define COMMON_IPC__SETATTR 0x00000008UL
-#define COMMON_IPC__READ 0x00000010UL
-#define COMMON_IPC__WRITE 0x00000020UL
-#define COMMON_IPC__ASSOCIATE 0x00000040UL
-#define COMMON_IPC__UNIX_READ 0x00000080UL
-#define COMMON_IPC__UNIX_WRITE 0x00000100UL
-#define COMMON_DATABASE__CREATE 0x00000001UL
-#define COMMON_DATABASE__DROP 0x00000002UL
-#define COMMON_DATABASE__GETATTR 0x00000004UL
-#define COMMON_DATABASE__SETATTR 0x00000008UL
-#define COMMON_DATABASE__RELABELFROM 0x00000010UL
-#define COMMON_DATABASE__RELABELTO 0x00000020UL
-#define FILESYSTEM__MOUNT 0x00000001UL
-#define FILESYSTEM__REMOUNT 0x00000002UL
-#define FILESYSTEM__UNMOUNT 0x00000004UL
-#define FILESYSTEM__GETATTR 0x00000008UL
-#define FILESYSTEM__RELABELFROM 0x00000010UL
-#define FILESYSTEM__RELABELTO 0x00000020UL
-#define FILESYSTEM__TRANSITION 0x00000040UL
-#define FILESYSTEM__ASSOCIATE 0x00000080UL
-#define FILESYSTEM__QUOTAMOD 0x00000100UL
-#define FILESYSTEM__QUOTAGET 0x00000200UL
-#define DIR__IOCTL 0x00000001UL
-#define DIR__READ 0x00000002UL
-#define DIR__WRITE 0x00000004UL
-#define DIR__CREATE 0x00000008UL
-#define DIR__GETATTR 0x00000010UL
-#define DIR__SETATTR 0x00000020UL
-#define DIR__LOCK 0x00000040UL
-#define DIR__RELABELFROM 0x00000080UL
-#define DIR__RELABELTO 0x00000100UL
-#define DIR__APPEND 0x00000200UL
-#define DIR__UNLINK 0x00000400UL
-#define DIR__LINK 0x00000800UL
-#define DIR__RENAME 0x00001000UL
-#define DIR__EXECUTE 0x00002000UL
-#define DIR__SWAPON 0x00004000UL
-#define DIR__QUOTAON 0x00008000UL
-#define DIR__MOUNTON 0x00010000UL
-#define DIR__ADD_NAME 0x00020000UL
-#define DIR__REMOVE_NAME 0x00040000UL
-#define DIR__REPARENT 0x00080000UL
-#define DIR__SEARCH 0x00100000UL
-#define DIR__RMDIR 0x00200000UL
-#define DIR__OPEN 0x00400000UL
-#define FILE__IOCTL 0x00000001UL
-#define FILE__READ 0x00000002UL
-#define FILE__WRITE 0x00000004UL
-#define FILE__CREATE 0x00000008UL
-#define FILE__GETATTR 0x00000010UL
-#define FILE__SETATTR 0x00000020UL
-#define FILE__LOCK 0x00000040UL
-#define FILE__RELABELFROM 0x00000080UL
-#define FILE__RELABELTO 0x00000100UL
-#define FILE__APPEND 0x00000200UL
-#define FILE__UNLINK 0x00000400UL
-#define FILE__LINK 0x00000800UL
-#define FILE__RENAME 0x00001000UL
-#define FILE__EXECUTE 0x00002000UL
-#define FILE__SWAPON 0x00004000UL
-#define FILE__QUOTAON 0x00008000UL
-#define FILE__MOUNTON 0x00010000UL
-#define FILE__EXECUTE_NO_TRANS 0x00020000UL
-#define FILE__ENTRYPOINT 0x00040000UL
-#define FILE__EXECMOD 0x00080000UL
-#define FILE__OPEN 0x00100000UL
-#define LNK_FILE__IOCTL 0x00000001UL
-#define LNK_FILE__READ 0x00000002UL
-#define LNK_FILE__WRITE 0x00000004UL
-#define LNK_FILE__CREATE 0x00000008UL
-#define LNK_FILE__GETATTR 0x00000010UL
-#define LNK_FILE__SETATTR 0x00000020UL
-#define LNK_FILE__LOCK 0x00000040UL
-#define LNK_FILE__RELABELFROM 0x00000080UL
-#define LNK_FILE__RELABELTO 0x00000100UL
-#define LNK_FILE__APPEND 0x00000200UL
-#define LNK_FILE__UNLINK 0x00000400UL
-#define LNK_FILE__LINK 0x00000800UL
-#define LNK_FILE__RENAME 0x00001000UL
-#define LNK_FILE__EXECUTE 0x00002000UL
-#define LNK_FILE__SWAPON 0x00004000UL
-#define LNK_FILE__QUOTAON 0x00008000UL
-#define LNK_FILE__MOUNTON 0x00010000UL
-#define CHR_FILE__IOCTL 0x00000001UL
-#define CHR_FILE__READ 0x00000002UL
-#define CHR_FILE__WRITE 0x00000004UL
-#define CHR_FILE__CREATE 0x00000008UL
-#define CHR_FILE__GETATTR 0x00000010UL
-#define CHR_FILE__SETATTR 0x00000020UL
-#define CHR_FILE__LOCK 0x00000040UL
-#define CHR_FILE__RELABELFROM 0x00000080UL
-#define CHR_FILE__RELABELTO 0x00000100UL
-#define CHR_FILE__APPEND 0x00000200UL
-#define CHR_FILE__UNLINK 0x00000400UL
-#define CHR_FILE__LINK 0x00000800UL
-#define CHR_FILE__RENAME 0x00001000UL
-#define CHR_FILE__EXECUTE 0x00002000UL
-#define CHR_FILE__SWAPON 0x00004000UL
-#define CHR_FILE__QUOTAON 0x00008000UL
-#define CHR_FILE__MOUNTON 0x00010000UL
-#define CHR_FILE__EXECUTE_NO_TRANS 0x00020000UL
-#define CHR_FILE__ENTRYPOINT 0x00040000UL
-#define CHR_FILE__EXECMOD 0x00080000UL
-#define CHR_FILE__OPEN 0x00100000UL
-#define BLK_FILE__IOCTL 0x00000001UL
-#define BLK_FILE__READ 0x00000002UL
-#define BLK_FILE__WRITE 0x00000004UL
-#define BLK_FILE__CREATE 0x00000008UL
-#define BLK_FILE__GETATTR 0x00000010UL
-#define BLK_FILE__SETATTR 0x00000020UL
-#define BLK_FILE__LOCK 0x00000040UL
-#define BLK_FILE__RELABELFROM 0x00000080UL
-#define BLK_FILE__RELABELTO 0x00000100UL
-#define BLK_FILE__APPEND 0x00000200UL
-#define BLK_FILE__UNLINK 0x00000400UL
-#define BLK_FILE__LINK 0x00000800UL
-#define BLK_FILE__RENAME 0x00001000UL
-#define BLK_FILE__EXECUTE 0x00002000UL
-#define BLK_FILE__SWAPON 0x00004000UL
-#define BLK_FILE__QUOTAON 0x00008000UL
-#define BLK_FILE__MOUNTON 0x00010000UL
-#define BLK_FILE__OPEN 0x00020000UL
-#define SOCK_FILE__IOCTL 0x00000001UL
-#define SOCK_FILE__READ 0x00000002UL
-#define SOCK_FILE__WRITE 0x00000004UL
-#define SOCK_FILE__CREATE 0x00000008UL
-#define SOCK_FILE__GETATTR 0x00000010UL
-#define SOCK_FILE__SETATTR 0x00000020UL
-#define SOCK_FILE__LOCK 0x00000040UL
-#define SOCK_FILE__RELABELFROM 0x00000080UL
-#define SOCK_FILE__RELABELTO 0x00000100UL
-#define SOCK_FILE__APPEND 0x00000200UL
-#define SOCK_FILE__UNLINK 0x00000400UL
-#define SOCK_FILE__LINK 0x00000800UL
-#define SOCK_FILE__RENAME 0x00001000UL
-#define SOCK_FILE__EXECUTE 0x00002000UL
-#define SOCK_FILE__SWAPON 0x00004000UL
-#define SOCK_FILE__QUOTAON 0x00008000UL
-#define SOCK_FILE__MOUNTON 0x00010000UL
-#define FIFO_FILE__IOCTL 0x00000001UL
-#define FIFO_FILE__READ 0x00000002UL
-#define FIFO_FILE__WRITE 0x00000004UL
-#define FIFO_FILE__CREATE 0x00000008UL
-#define FIFO_FILE__GETATTR 0x00000010UL
-#define FIFO_FILE__SETATTR 0x00000020UL
-#define FIFO_FILE__LOCK 0x00000040UL
-#define FIFO_FILE__RELABELFROM 0x00000080UL
-#define FIFO_FILE__RELABELTO 0x00000100UL
-#define FIFO_FILE__APPEND 0x00000200UL
-#define FIFO_FILE__UNLINK 0x00000400UL
-#define FIFO_FILE__LINK 0x00000800UL
-#define FIFO_FILE__RENAME 0x00001000UL
-#define FIFO_FILE__EXECUTE 0x00002000UL
-#define FIFO_FILE__SWAPON 0x00004000UL
-#define FIFO_FILE__QUOTAON 0x00008000UL
-#define FIFO_FILE__MOUNTON 0x00010000UL
-#define FIFO_FILE__OPEN 0x00020000UL
-#define FD__USE 0x00000001UL
-#define SOCKET__IOCTL 0x00000001UL
-#define SOCKET__READ 0x00000002UL
-#define SOCKET__WRITE 0x00000004UL
-#define SOCKET__CREATE 0x00000008UL
-#define SOCKET__GETATTR 0x00000010UL
-#define SOCKET__SETATTR 0x00000020UL
-#define SOCKET__LOCK 0x00000040UL
-#define SOCKET__RELABELFROM 0x00000080UL
-#define SOCKET__RELABELTO 0x00000100UL
-#define SOCKET__APPEND 0x00000200UL
-#define SOCKET__BIND 0x00000400UL
-#define SOCKET__CONNECT 0x00000800UL
-#define SOCKET__LISTEN 0x00001000UL
-#define SOCKET__ACCEPT 0x00002000UL
-#define SOCKET__GETOPT 0x00004000UL
-#define SOCKET__SETOPT 0x00008000UL
-#define SOCKET__SHUTDOWN 0x00010000UL
-#define SOCKET__RECVFROM 0x00020000UL
-#define SOCKET__SENDTO 0x00040000UL
-#define SOCKET__RECV_MSG 0x00080000UL
-#define SOCKET__SEND_MSG 0x00100000UL
-#define SOCKET__NAME_BIND 0x00200000UL
-#define TCP_SOCKET__IOCTL 0x00000001UL
-#define TCP_SOCKET__READ 0x00000002UL
-#define TCP_SOCKET__WRITE 0x00000004UL
-#define TCP_SOCKET__CREATE 0x00000008UL
-#define TCP_SOCKET__GETATTR 0x00000010UL
-#define TCP_SOCKET__SETATTR 0x00000020UL
-#define TCP_SOCKET__LOCK 0x00000040UL
-#define TCP_SOCKET__RELABELFROM 0x00000080UL
-#define TCP_SOCKET__RELABELTO 0x00000100UL
-#define TCP_SOCKET__APPEND 0x00000200UL
-#define TCP_SOCKET__BIND 0x00000400UL
-#define TCP_SOCKET__CONNECT 0x00000800UL
-#define TCP_SOCKET__LISTEN 0x00001000UL
-#define TCP_SOCKET__ACCEPT 0x00002000UL
-#define TCP_SOCKET__GETOPT 0x00004000UL
-#define TCP_SOCKET__SETOPT 0x00008000UL
-#define TCP_SOCKET__SHUTDOWN 0x00010000UL
-#define TCP_SOCKET__RECVFROM 0x00020000UL
-#define TCP_SOCKET__SENDTO 0x00040000UL
-#define TCP_SOCKET__RECV_MSG 0x00080000UL
-#define TCP_SOCKET__SEND_MSG 0x00100000UL
-#define TCP_SOCKET__NAME_BIND 0x00200000UL
-#define TCP_SOCKET__CONNECTTO 0x00400000UL
-#define TCP_SOCKET__NEWCONN 0x00800000UL
-#define TCP_SOCKET__ACCEPTFROM 0x01000000UL
-#define TCP_SOCKET__NODE_BIND 0x02000000UL
-#define TCP_SOCKET__NAME_CONNECT 0x04000000UL
-#define UDP_SOCKET__IOCTL 0x00000001UL
-#define UDP_SOCKET__READ 0x00000002UL
-#define UDP_SOCKET__WRITE 0x00000004UL
-#define UDP_SOCKET__CREATE 0x00000008UL
-#define UDP_SOCKET__GETATTR 0x00000010UL
-#define UDP_SOCKET__SETATTR 0x00000020UL
-#define UDP_SOCKET__LOCK 0x00000040UL
-#define UDP_SOCKET__RELABELFROM 0x00000080UL
-#define UDP_SOCKET__RELABELTO 0x00000100UL
-#define UDP_SOCKET__APPEND 0x00000200UL
-#define UDP_SOCKET__BIND 0x00000400UL
-#define UDP_SOCKET__CONNECT 0x00000800UL
-#define UDP_SOCKET__LISTEN 0x00001000UL
-#define UDP_SOCKET__ACCEPT 0x00002000UL
-#define UDP_SOCKET__GETOPT 0x00004000UL
-#define UDP_SOCKET__SETOPT 0x00008000UL
-#define UDP_SOCKET__SHUTDOWN 0x00010000UL
-#define UDP_SOCKET__RECVFROM 0x00020000UL
-#define UDP_SOCKET__SENDTO 0x00040000UL
-#define UDP_SOCKET__RECV_MSG 0x00080000UL
-#define UDP_SOCKET__SEND_MSG 0x00100000UL
-#define UDP_SOCKET__NAME_BIND 0x00200000UL
-#define UDP_SOCKET__NODE_BIND 0x00400000UL
-#define RAWIP_SOCKET__IOCTL 0x00000001UL
-#define RAWIP_SOCKET__READ 0x00000002UL
-#define RAWIP_SOCKET__WRITE 0x00000004UL
-#define RAWIP_SOCKET__CREATE 0x00000008UL
-#define RAWIP_SOCKET__GETATTR 0x00000010UL
-#define RAWIP_SOCKET__SETATTR 0x00000020UL
-#define RAWIP_SOCKET__LOCK 0x00000040UL
-#define RAWIP_SOCKET__RELABELFROM 0x00000080UL
-#define RAWIP_SOCKET__RELABELTO 0x00000100UL
-#define RAWIP_SOCKET__APPEND 0x00000200UL
-#define RAWIP_SOCKET__BIND 0x00000400UL
-#define RAWIP_SOCKET__CONNECT 0x00000800UL
-#define RAWIP_SOCKET__LISTEN 0x00001000UL
-#define RAWIP_SOCKET__ACCEPT 0x00002000UL
-#define RAWIP_SOCKET__GETOPT 0x00004000UL
-#define RAWIP_SOCKET__SETOPT 0x00008000UL
-#define RAWIP_SOCKET__SHUTDOWN 0x00010000UL
-#define RAWIP_SOCKET__RECVFROM 0x00020000UL
-#define RAWIP_SOCKET__SENDTO 0x00040000UL
-#define RAWIP_SOCKET__RECV_MSG 0x00080000UL
-#define RAWIP_SOCKET__SEND_MSG 0x00100000UL
-#define RAWIP_SOCKET__NAME_BIND 0x00200000UL
-#define RAWIP_SOCKET__NODE_BIND 0x00400000UL
-#define NODE__TCP_RECV 0x00000001UL
-#define NODE__TCP_SEND 0x00000002UL
-#define NODE__UDP_RECV 0x00000004UL
-#define NODE__UDP_SEND 0x00000008UL
-#define NODE__RAWIP_RECV 0x00000010UL
-#define NODE__RAWIP_SEND 0x00000020UL
-#define NODE__ENFORCE_DEST 0x00000040UL
-#define NODE__DCCP_RECV 0x00000080UL
-#define NODE__DCCP_SEND 0x00000100UL
-#define NODE__RECVFROM 0x00000200UL
-#define NODE__SENDTO 0x00000400UL
-#define NETIF__TCP_RECV 0x00000001UL
-#define NETIF__TCP_SEND 0x00000002UL
-#define NETIF__UDP_RECV 0x00000004UL
-#define NETIF__UDP_SEND 0x00000008UL
-#define NETIF__RAWIP_RECV 0x00000010UL
-#define NETIF__RAWIP_SEND 0x00000020UL
-#define NETIF__DCCP_RECV 0x00000040UL
-#define NETIF__DCCP_SEND 0x00000080UL
-#define NETIF__INGRESS 0x00000100UL
-#define NETIF__EGRESS 0x00000200UL
-#define NETLINK_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_SOCKET__READ 0x00000002UL
-#define NETLINK_SOCKET__WRITE 0x00000004UL
-#define NETLINK_SOCKET__CREATE 0x00000008UL
-#define NETLINK_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_SOCKET__LOCK 0x00000040UL
-#define NETLINK_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_SOCKET__APPEND 0x00000200UL
-#define NETLINK_SOCKET__BIND 0x00000400UL
-#define NETLINK_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_SOCKET__NAME_BIND 0x00200000UL
-#define PACKET_SOCKET__IOCTL 0x00000001UL
-#define PACKET_SOCKET__READ 0x00000002UL
-#define PACKET_SOCKET__WRITE 0x00000004UL
-#define PACKET_SOCKET__CREATE 0x00000008UL
-#define PACKET_SOCKET__GETATTR 0x00000010UL
-#define PACKET_SOCKET__SETATTR 0x00000020UL
-#define PACKET_SOCKET__LOCK 0x00000040UL
-#define PACKET_SOCKET__RELABELFROM 0x00000080UL
-#define PACKET_SOCKET__RELABELTO 0x00000100UL
-#define PACKET_SOCKET__APPEND 0x00000200UL
-#define PACKET_SOCKET__BIND 0x00000400UL
-#define PACKET_SOCKET__CONNECT 0x00000800UL
-#define PACKET_SOCKET__LISTEN 0x00001000UL
-#define PACKET_SOCKET__ACCEPT 0x00002000UL
-#define PACKET_SOCKET__GETOPT 0x00004000UL
-#define PACKET_SOCKET__SETOPT 0x00008000UL
-#define PACKET_SOCKET__SHUTDOWN 0x00010000UL
-#define PACKET_SOCKET__RECVFROM 0x00020000UL
-#define PACKET_SOCKET__SENDTO 0x00040000UL
-#define PACKET_SOCKET__RECV_MSG 0x00080000UL
-#define PACKET_SOCKET__SEND_MSG 0x00100000UL
-#define PACKET_SOCKET__NAME_BIND 0x00200000UL
-#define KEY_SOCKET__IOCTL 0x00000001UL
-#define KEY_SOCKET__READ 0x00000002UL
-#define KEY_SOCKET__WRITE 0x00000004UL
-#define KEY_SOCKET__CREATE 0x00000008UL
-#define KEY_SOCKET__GETATTR 0x00000010UL
-#define KEY_SOCKET__SETATTR 0x00000020UL
-#define KEY_SOCKET__LOCK 0x00000040UL
-#define KEY_SOCKET__RELABELFROM 0x00000080UL
-#define KEY_SOCKET__RELABELTO 0x00000100UL
-#define KEY_SOCKET__APPEND 0x00000200UL
-#define KEY_SOCKET__BIND 0x00000400UL
-#define KEY_SOCKET__CONNECT 0x00000800UL
-#define KEY_SOCKET__LISTEN 0x00001000UL
-#define KEY_SOCKET__ACCEPT 0x00002000UL
-#define KEY_SOCKET__GETOPT 0x00004000UL
-#define KEY_SOCKET__SETOPT 0x00008000UL
-#define KEY_SOCKET__SHUTDOWN 0x00010000UL
-#define KEY_SOCKET__RECVFROM 0x00020000UL
-#define KEY_SOCKET__SENDTO 0x00040000UL
-#define KEY_SOCKET__RECV_MSG 0x00080000UL
-#define KEY_SOCKET__SEND_MSG 0x00100000UL
-#define KEY_SOCKET__NAME_BIND 0x00200000UL
-#define UNIX_STREAM_SOCKET__IOCTL 0x00000001UL
-#define UNIX_STREAM_SOCKET__READ 0x00000002UL
-#define UNIX_STREAM_SOCKET__WRITE 0x00000004UL
-#define UNIX_STREAM_SOCKET__CREATE 0x00000008UL
-#define UNIX_STREAM_SOCKET__GETATTR 0x00000010UL
-#define UNIX_STREAM_SOCKET__SETATTR 0x00000020UL
-#define UNIX_STREAM_SOCKET__LOCK 0x00000040UL
-#define UNIX_STREAM_SOCKET__RELABELFROM 0x00000080UL
-#define UNIX_STREAM_SOCKET__RELABELTO 0x00000100UL
-#define UNIX_STREAM_SOCKET__APPEND 0x00000200UL
-#define UNIX_STREAM_SOCKET__BIND 0x00000400UL
-#define UNIX_STREAM_SOCKET__CONNECT 0x00000800UL
-#define UNIX_STREAM_SOCKET__LISTEN 0x00001000UL
-#define UNIX_STREAM_SOCKET__ACCEPT 0x00002000UL
-#define UNIX_STREAM_SOCKET__GETOPT 0x00004000UL
-#define UNIX_STREAM_SOCKET__SETOPT 0x00008000UL
-#define UNIX_STREAM_SOCKET__SHUTDOWN 0x00010000UL
-#define UNIX_STREAM_SOCKET__RECVFROM 0x00020000UL
-#define UNIX_STREAM_SOCKET__SENDTO 0x00040000UL
-#define UNIX_STREAM_SOCKET__RECV_MSG 0x00080000UL
-#define UNIX_STREAM_SOCKET__SEND_MSG 0x00100000UL
-#define UNIX_STREAM_SOCKET__NAME_BIND 0x00200000UL
-#define UNIX_STREAM_SOCKET__CONNECTTO 0x00400000UL
-#define UNIX_STREAM_SOCKET__NEWCONN 0x00800000UL
-#define UNIX_STREAM_SOCKET__ACCEPTFROM 0x01000000UL
-#define UNIX_DGRAM_SOCKET__IOCTL 0x00000001UL
-#define UNIX_DGRAM_SOCKET__READ 0x00000002UL
-#define UNIX_DGRAM_SOCKET__WRITE 0x00000004UL
-#define UNIX_DGRAM_SOCKET__CREATE 0x00000008UL
-#define UNIX_DGRAM_SOCKET__GETATTR 0x00000010UL
-#define UNIX_DGRAM_SOCKET__SETATTR 0x00000020UL
-#define UNIX_DGRAM_SOCKET__LOCK 0x00000040UL
-#define UNIX_DGRAM_SOCKET__RELABELFROM 0x00000080UL
-#define UNIX_DGRAM_SOCKET__RELABELTO 0x00000100UL
-#define UNIX_DGRAM_SOCKET__APPEND 0x00000200UL
-#define UNIX_DGRAM_SOCKET__BIND 0x00000400UL
-#define UNIX_DGRAM_SOCKET__CONNECT 0x00000800UL
-#define UNIX_DGRAM_SOCKET__LISTEN 0x00001000UL
-#define UNIX_DGRAM_SOCKET__ACCEPT 0x00002000UL
-#define UNIX_DGRAM_SOCKET__GETOPT 0x00004000UL
-#define UNIX_DGRAM_SOCKET__SETOPT 0x00008000UL
-#define UNIX_DGRAM_SOCKET__SHUTDOWN 0x00010000UL
-#define UNIX_DGRAM_SOCKET__RECVFROM 0x00020000UL
-#define UNIX_DGRAM_SOCKET__SENDTO 0x00040000UL
-#define UNIX_DGRAM_SOCKET__RECV_MSG 0x00080000UL
-#define UNIX_DGRAM_SOCKET__SEND_MSG 0x00100000UL
-#define UNIX_DGRAM_SOCKET__NAME_BIND 0x00200000UL
-#define PROCESS__FORK 0x00000001UL
-#define PROCESS__TRANSITION 0x00000002UL
-#define PROCESS__SIGCHLD 0x00000004UL
-#define PROCESS__SIGKILL 0x00000008UL
-#define PROCESS__SIGSTOP 0x00000010UL
-#define PROCESS__SIGNULL 0x00000020UL
-#define PROCESS__SIGNAL 0x00000040UL
-#define PROCESS__PTRACE 0x00000080UL
-#define PROCESS__GETSCHED 0x00000100UL
-#define PROCESS__SETSCHED 0x00000200UL
-#define PROCESS__GETSESSION 0x00000400UL
-#define PROCESS__GETPGID 0x00000800UL
-#define PROCESS__SETPGID 0x00001000UL
-#define PROCESS__GETCAP 0x00002000UL
-#define PROCESS__SETCAP 0x00004000UL
-#define PROCESS__SHARE 0x00008000UL
-#define PROCESS__GETATTR 0x00010000UL
-#define PROCESS__SETEXEC 0x00020000UL
-#define PROCESS__SETFSCREATE 0x00040000UL
-#define PROCESS__NOATSECURE 0x00080000UL
-#define PROCESS__SIGINH 0x00100000UL
-#define PROCESS__SETRLIMIT 0x00200000UL
-#define PROCESS__RLIMITINH 0x00400000UL
-#define PROCESS__DYNTRANSITION 0x00800000UL
-#define PROCESS__SETCURRENT 0x01000000UL
-#define PROCESS__EXECMEM 0x02000000UL
-#define PROCESS__EXECSTACK 0x04000000UL
-#define PROCESS__EXECHEAP 0x08000000UL
-#define PROCESS__SETKEYCREATE 0x10000000UL
-#define PROCESS__SETSOCKCREATE 0x20000000UL
-#define IPC__CREATE 0x00000001UL
-#define IPC__DESTROY 0x00000002UL
-#define IPC__GETATTR 0x00000004UL
-#define IPC__SETATTR 0x00000008UL
-#define IPC__READ 0x00000010UL
-#define IPC__WRITE 0x00000020UL
-#define IPC__ASSOCIATE 0x00000040UL
-#define IPC__UNIX_READ 0x00000080UL
-#define IPC__UNIX_WRITE 0x00000100UL
-#define SEM__CREATE 0x00000001UL
-#define SEM__DESTROY 0x00000002UL
-#define SEM__GETATTR 0x00000004UL
-#define SEM__SETATTR 0x00000008UL
-#define SEM__READ 0x00000010UL
-#define SEM__WRITE 0x00000020UL
-#define SEM__ASSOCIATE 0x00000040UL
-#define SEM__UNIX_READ 0x00000080UL
-#define SEM__UNIX_WRITE 0x00000100UL
-#define MSGQ__CREATE 0x00000001UL
-#define MSGQ__DESTROY 0x00000002UL
-#define MSGQ__GETATTR 0x00000004UL
-#define MSGQ__SETATTR 0x00000008UL
-#define MSGQ__READ 0x00000010UL
-#define MSGQ__WRITE 0x00000020UL
-#define MSGQ__ASSOCIATE 0x00000040UL
-#define MSGQ__UNIX_READ 0x00000080UL
-#define MSGQ__UNIX_WRITE 0x00000100UL
-#define MSGQ__ENQUEUE 0x00000200UL
-#define MSG__SEND 0x00000001UL
-#define MSG__RECEIVE 0x00000002UL
-#define SHM__CREATE 0x00000001UL
-#define SHM__DESTROY 0x00000002UL
-#define SHM__GETATTR 0x00000004UL
-#define SHM__SETATTR 0x00000008UL
-#define SHM__READ 0x00000010UL
-#define SHM__WRITE 0x00000020UL
-#define SHM__ASSOCIATE 0x00000040UL
-#define SHM__UNIX_READ 0x00000080UL
-#define SHM__UNIX_WRITE 0x00000100UL
-#define SHM__LOCK 0x00000200UL
-#define SECURITY__COMPUTE_AV 0x00000001UL
-#define SECURITY__COMPUTE_CREATE 0x00000002UL
-#define SECURITY__COMPUTE_MEMBER 0x00000004UL
-#define SECURITY__CHECK_CONTEXT 0x00000008UL
-#define SECURITY__LOAD_POLICY 0x00000010UL
-#define SECURITY__COMPUTE_RELABEL 0x00000020UL
-#define SECURITY__COMPUTE_USER 0x00000040UL
-#define SECURITY__SETENFORCE 0x00000080UL
-#define SECURITY__SETBOOL 0x00000100UL
-#define SECURITY__SETSECPARAM 0x00000200UL
-#define SECURITY__SETCHECKREQPROT 0x00000400UL
-#define SYSTEM__IPC_INFO 0x00000001UL
-#define SYSTEM__SYSLOG_READ 0x00000002UL
-#define SYSTEM__SYSLOG_MOD 0x00000004UL
-#define SYSTEM__SYSLOG_CONSOLE 0x00000008UL
-#define CAPABILITY__CHOWN 0x00000001UL
-#define CAPABILITY__DAC_OVERRIDE 0x00000002UL
-#define CAPABILITY__DAC_READ_SEARCH 0x00000004UL
-#define CAPABILITY__FOWNER 0x00000008UL
-#define CAPABILITY__FSETID 0x00000010UL
-#define CAPABILITY__KILL 0x00000020UL
-#define CAPABILITY__SETGID 0x00000040UL
-#define CAPABILITY__SETUID 0x00000080UL
-#define CAPABILITY__SETPCAP 0x00000100UL
-#define CAPABILITY__LINUX_IMMUTABLE 0x00000200UL
-#define CAPABILITY__NET_BIND_SERVICE 0x00000400UL
-#define CAPABILITY__NET_BROADCAST 0x00000800UL
-#define CAPABILITY__NET_ADMIN 0x00001000UL
-#define CAPABILITY__NET_RAW 0x00002000UL
-#define CAPABILITY__IPC_LOCK 0x00004000UL
-#define CAPABILITY__IPC_OWNER 0x00008000UL
-#define CAPABILITY__SYS_MODULE 0x00010000UL
-#define CAPABILITY__SYS_RAWIO 0x00020000UL
-#define CAPABILITY__SYS_CHROOT 0x00040000UL
-#define CAPABILITY__SYS_PTRACE 0x00080000UL
-#define CAPABILITY__SYS_PACCT 0x00100000UL
-#define CAPABILITY__SYS_ADMIN 0x00200000UL
-#define CAPABILITY__SYS_BOOT 0x00400000UL
-#define CAPABILITY__SYS_NICE 0x00800000UL
-#define CAPABILITY__SYS_RESOURCE 0x01000000UL
-#define CAPABILITY__SYS_TIME 0x02000000UL
-#define CAPABILITY__SYS_TTY_CONFIG 0x04000000UL
-#define CAPABILITY__MKNOD 0x08000000UL
-#define CAPABILITY__LEASE 0x10000000UL
-#define CAPABILITY__AUDIT_WRITE 0x20000000UL
-#define CAPABILITY__AUDIT_CONTROL 0x40000000UL
-#define CAPABILITY__SETFCAP 0x80000000UL
-#define CAPABILITY2__MAC_OVERRIDE 0x00000001UL
-#define CAPABILITY2__MAC_ADMIN 0x00000002UL
-#define PASSWD__PASSWD 0x00000001UL
-#define PASSWD__CHFN 0x00000002UL
-#define PASSWD__CHSH 0x00000004UL
-#define PASSWD__ROOTOK 0x00000008UL
-#define PASSWD__CRONTAB 0x00000010UL
-#define X_DRAWABLE__CREATE 0x00000001UL
-#define X_DRAWABLE__DESTROY 0x00000002UL
-#define X_DRAWABLE__READ 0x00000004UL
-#define X_DRAWABLE__WRITE 0x00000008UL
-#define X_DRAWABLE__BLEND 0x00000010UL
-#define X_DRAWABLE__GETATTR 0x00000020UL
-#define X_DRAWABLE__SETATTR 0x00000040UL
-#define X_DRAWABLE__LIST_CHILD 0x00000080UL
-#define X_DRAWABLE__ADD_CHILD 0x00000100UL
-#define X_DRAWABLE__REMOVE_CHILD 0x00000200UL
-#define X_DRAWABLE__LIST_PROPERTY 0x00000400UL
-#define X_DRAWABLE__GET_PROPERTY 0x00000800UL
-#define X_DRAWABLE__SET_PROPERTY 0x00001000UL
-#define X_DRAWABLE__MANAGE 0x00002000UL
-#define X_DRAWABLE__OVERRIDE 0x00004000UL
-#define X_DRAWABLE__SHOW 0x00008000UL
-#define X_DRAWABLE__HIDE 0x00010000UL
-#define X_DRAWABLE__SEND 0x00020000UL
-#define X_DRAWABLE__RECEIVE 0x00040000UL
-#define X_SCREEN__GETATTR 0x00000001UL
-#define X_SCREEN__SETATTR 0x00000002UL
-#define X_SCREEN__HIDE_CURSOR 0x00000004UL
-#define X_SCREEN__SHOW_CURSOR 0x00000008UL
-#define X_SCREEN__SAVER_GETATTR 0x00000010UL
-#define X_SCREEN__SAVER_SETATTR 0x00000020UL
-#define X_SCREEN__SAVER_HIDE 0x00000040UL
-#define X_SCREEN__SAVER_SHOW 0x00000080UL
-#define X_GC__CREATE 0x00000001UL
-#define X_GC__DESTROY 0x00000002UL
-#define X_GC__GETATTR 0x00000004UL
-#define X_GC__SETATTR 0x00000008UL
-#define X_GC__USE 0x00000010UL
-#define X_FONT__CREATE 0x00000001UL
-#define X_FONT__DESTROY 0x00000002UL
-#define X_FONT__GETATTR 0x00000004UL
-#define X_FONT__ADD_GLYPH 0x00000008UL
-#define X_FONT__REMOVE_GLYPH 0x00000010UL
-#define X_FONT__USE 0x00000020UL
-#define X_COLORMAP__CREATE 0x00000001UL
-#define X_COLORMAP__DESTROY 0x00000002UL
-#define X_COLORMAP__READ 0x00000004UL
-#define X_COLORMAP__WRITE 0x00000008UL
-#define X_COLORMAP__GETATTR 0x00000010UL
-#define X_COLORMAP__ADD_COLOR 0x00000020UL
-#define X_COLORMAP__REMOVE_COLOR 0x00000040UL
-#define X_COLORMAP__INSTALL 0x00000080UL
-#define X_COLORMAP__UNINSTALL 0x00000100UL
-#define X_COLORMAP__USE 0x00000200UL
-#define X_PROPERTY__CREATE 0x00000001UL
-#define X_PROPERTY__DESTROY 0x00000002UL
-#define X_PROPERTY__READ 0x00000004UL
-#define X_PROPERTY__WRITE 0x00000008UL
-#define X_PROPERTY__APPEND 0x00000010UL
-#define X_PROPERTY__GETATTR 0x00000020UL
-#define X_PROPERTY__SETATTR 0x00000040UL
-#define X_SELECTION__READ 0x00000001UL
-#define X_SELECTION__WRITE 0x00000002UL
-#define X_SELECTION__GETATTR 0x00000004UL
-#define X_SELECTION__SETATTR 0x00000008UL
-#define X_CURSOR__CREATE 0x00000001UL
-#define X_CURSOR__DESTROY 0x00000002UL
-#define X_CURSOR__READ 0x00000004UL
-#define X_CURSOR__WRITE 0x00000008UL
-#define X_CURSOR__GETATTR 0x00000010UL
-#define X_CURSOR__SETATTR 0x00000020UL
-#define X_CURSOR__USE 0x00000040UL
-#define X_CLIENT__DESTROY 0x00000001UL
-#define X_CLIENT__GETATTR 0x00000002UL
-#define X_CLIENT__SETATTR 0x00000004UL
-#define X_CLIENT__MANAGE 0x00000008UL
-#define X_DEVICE__GETATTR 0x00000001UL
-#define X_DEVICE__SETATTR 0x00000002UL
-#define X_DEVICE__USE 0x00000004UL
-#define X_DEVICE__READ 0x00000008UL
-#define X_DEVICE__WRITE 0x00000010UL
-#define X_DEVICE__GETFOCUS 0x00000020UL
-#define X_DEVICE__SETFOCUS 0x00000040UL
-#define X_DEVICE__BELL 0x00000080UL
-#define X_DEVICE__FORCE_CURSOR 0x00000100UL
-#define X_DEVICE__FREEZE 0x00000200UL
-#define X_DEVICE__GRAB 0x00000400UL
-#define X_DEVICE__MANAGE 0x00000800UL
-#define X_SERVER__GETATTR 0x00000001UL
-#define X_SERVER__SETATTR 0x00000002UL
-#define X_SERVER__RECORD 0x00000004UL
-#define X_SERVER__DEBUG 0x00000008UL
-#define X_SERVER__GRAB 0x00000010UL
-#define X_SERVER__MANAGE 0x00000020UL
-#define X_EXTENSION__QUERY 0x00000001UL
-#define X_EXTENSION__USE 0x00000002UL
-#define X_RESOURCE__READ 0x00000001UL
-#define X_RESOURCE__WRITE 0x00000002UL
-#define X_EVENT__SEND 0x00000001UL
-#define X_EVENT__RECEIVE 0x00000002UL
-#define X_SYNTHETIC_EVENT__SEND 0x00000001UL
-#define X_SYNTHETIC_EVENT__RECEIVE 0x00000002UL
-#define NETLINK_ROUTE_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_ROUTE_SOCKET__READ 0x00000002UL
-#define NETLINK_ROUTE_SOCKET__WRITE 0x00000004UL
-#define NETLINK_ROUTE_SOCKET__CREATE 0x00000008UL
-#define NETLINK_ROUTE_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_ROUTE_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_ROUTE_SOCKET__LOCK 0x00000040UL
-#define NETLINK_ROUTE_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_ROUTE_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_ROUTE_SOCKET__APPEND 0x00000200UL
-#define NETLINK_ROUTE_SOCKET__BIND 0x00000400UL
-#define NETLINK_ROUTE_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_ROUTE_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_ROUTE_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_ROUTE_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_ROUTE_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_ROUTE_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_ROUTE_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_ROUTE_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_ROUTE_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_ROUTE_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_ROUTE_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_ROUTE_SOCKET__NLMSG_READ 0x00400000UL
-#define NETLINK_ROUTE_SOCKET__NLMSG_WRITE 0x00800000UL
-#define NETLINK_FIREWALL_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_FIREWALL_SOCKET__READ 0x00000002UL
-#define NETLINK_FIREWALL_SOCKET__WRITE 0x00000004UL
-#define NETLINK_FIREWALL_SOCKET__CREATE 0x00000008UL
-#define NETLINK_FIREWALL_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_FIREWALL_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_FIREWALL_SOCKET__LOCK 0x00000040UL
-#define NETLINK_FIREWALL_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_FIREWALL_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_FIREWALL_SOCKET__APPEND 0x00000200UL
-#define NETLINK_FIREWALL_SOCKET__BIND 0x00000400UL
-#define NETLINK_FIREWALL_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_FIREWALL_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_FIREWALL_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_FIREWALL_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_FIREWALL_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_FIREWALL_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_FIREWALL_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_FIREWALL_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_FIREWALL_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_FIREWALL_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_FIREWALL_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_FIREWALL_SOCKET__NLMSG_READ 0x00400000UL
-#define NETLINK_FIREWALL_SOCKET__NLMSG_WRITE 0x00800000UL
-#define NETLINK_TCPDIAG_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_TCPDIAG_SOCKET__READ 0x00000002UL
-#define NETLINK_TCPDIAG_SOCKET__WRITE 0x00000004UL
-#define NETLINK_TCPDIAG_SOCKET__CREATE 0x00000008UL
-#define NETLINK_TCPDIAG_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_TCPDIAG_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_TCPDIAG_SOCKET__LOCK 0x00000040UL
-#define NETLINK_TCPDIAG_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_TCPDIAG_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_TCPDIAG_SOCKET__APPEND 0x00000200UL
-#define NETLINK_TCPDIAG_SOCKET__BIND 0x00000400UL
-#define NETLINK_TCPDIAG_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_TCPDIAG_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_TCPDIAG_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_TCPDIAG_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_TCPDIAG_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_TCPDIAG_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_TCPDIAG_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_TCPDIAG_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_TCPDIAG_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_TCPDIAG_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_TCPDIAG_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_TCPDIAG_SOCKET__NLMSG_READ 0x00400000UL
-#define NETLINK_TCPDIAG_SOCKET__NLMSG_WRITE 0x00800000UL
-#define NETLINK_NFLOG_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_NFLOG_SOCKET__READ 0x00000002UL
-#define NETLINK_NFLOG_SOCKET__WRITE 0x00000004UL
-#define NETLINK_NFLOG_SOCKET__CREATE 0x00000008UL
-#define NETLINK_NFLOG_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_NFLOG_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_NFLOG_SOCKET__LOCK 0x00000040UL
-#define NETLINK_NFLOG_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_NFLOG_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_NFLOG_SOCKET__APPEND 0x00000200UL
-#define NETLINK_NFLOG_SOCKET__BIND 0x00000400UL
-#define NETLINK_NFLOG_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_NFLOG_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_NFLOG_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_NFLOG_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_NFLOG_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_NFLOG_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_NFLOG_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_NFLOG_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_NFLOG_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_NFLOG_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_NFLOG_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_XFRM_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_XFRM_SOCKET__READ 0x00000002UL
-#define NETLINK_XFRM_SOCKET__WRITE 0x00000004UL
-#define NETLINK_XFRM_SOCKET__CREATE 0x00000008UL
-#define NETLINK_XFRM_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_XFRM_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_XFRM_SOCKET__LOCK 0x00000040UL
-#define NETLINK_XFRM_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_XFRM_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_XFRM_SOCKET__APPEND 0x00000200UL
-#define NETLINK_XFRM_SOCKET__BIND 0x00000400UL
-#define NETLINK_XFRM_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_XFRM_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_XFRM_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_XFRM_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_XFRM_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_XFRM_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_XFRM_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_XFRM_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_XFRM_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_XFRM_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_XFRM_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_XFRM_SOCKET__NLMSG_READ 0x00400000UL
-#define NETLINK_XFRM_SOCKET__NLMSG_WRITE 0x00800000UL
-#define NETLINK_SELINUX_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_SELINUX_SOCKET__READ 0x00000002UL
-#define NETLINK_SELINUX_SOCKET__WRITE 0x00000004UL
-#define NETLINK_SELINUX_SOCKET__CREATE 0x00000008UL
-#define NETLINK_SELINUX_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_SELINUX_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_SELINUX_SOCKET__LOCK 0x00000040UL
-#define NETLINK_SELINUX_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_SELINUX_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_SELINUX_SOCKET__APPEND 0x00000200UL
-#define NETLINK_SELINUX_SOCKET__BIND 0x00000400UL
-#define NETLINK_SELINUX_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_SELINUX_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_SELINUX_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_SELINUX_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_SELINUX_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_SELINUX_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_SELINUX_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_SELINUX_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_SELINUX_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_SELINUX_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_SELINUX_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_AUDIT_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_AUDIT_SOCKET__READ 0x00000002UL
-#define NETLINK_AUDIT_SOCKET__WRITE 0x00000004UL
-#define NETLINK_AUDIT_SOCKET__CREATE 0x00000008UL
-#define NETLINK_AUDIT_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_AUDIT_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_AUDIT_SOCKET__LOCK 0x00000040UL
-#define NETLINK_AUDIT_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_AUDIT_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_AUDIT_SOCKET__APPEND 0x00000200UL
-#define NETLINK_AUDIT_SOCKET__BIND 0x00000400UL
-#define NETLINK_AUDIT_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_AUDIT_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_AUDIT_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_AUDIT_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_AUDIT_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_AUDIT_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_AUDIT_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_AUDIT_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_AUDIT_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_AUDIT_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_AUDIT_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_READ 0x00400000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_WRITE 0x00800000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_RELAY 0x01000000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_READPRIV 0x02000000UL
-#define NETLINK_AUDIT_SOCKET__NLMSG_TTY_AUDIT 0x04000000UL
-#define NETLINK_IP6FW_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_IP6FW_SOCKET__READ 0x00000002UL
-#define NETLINK_IP6FW_SOCKET__WRITE 0x00000004UL
-#define NETLINK_IP6FW_SOCKET__CREATE 0x00000008UL
-#define NETLINK_IP6FW_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_IP6FW_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_IP6FW_SOCKET__LOCK 0x00000040UL
-#define NETLINK_IP6FW_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_IP6FW_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_IP6FW_SOCKET__APPEND 0x00000200UL
-#define NETLINK_IP6FW_SOCKET__BIND 0x00000400UL
-#define NETLINK_IP6FW_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_IP6FW_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_IP6FW_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_IP6FW_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_IP6FW_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_IP6FW_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_IP6FW_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_IP6FW_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_IP6FW_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_IP6FW_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_IP6FW_SOCKET__NAME_BIND 0x00200000UL
-#define NETLINK_IP6FW_SOCKET__NLMSG_READ 0x00400000UL
-#define NETLINK_IP6FW_SOCKET__NLMSG_WRITE 0x00800000UL
-#define NETLINK_DNRT_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_DNRT_SOCKET__READ 0x00000002UL
-#define NETLINK_DNRT_SOCKET__WRITE 0x00000004UL
-#define NETLINK_DNRT_SOCKET__CREATE 0x00000008UL
-#define NETLINK_DNRT_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_DNRT_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_DNRT_SOCKET__LOCK 0x00000040UL
-#define NETLINK_DNRT_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_DNRT_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_DNRT_SOCKET__APPEND 0x00000200UL
-#define NETLINK_DNRT_SOCKET__BIND 0x00000400UL
-#define NETLINK_DNRT_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_DNRT_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_DNRT_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_DNRT_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_DNRT_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_DNRT_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_DNRT_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_DNRT_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_DNRT_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_DNRT_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_DNRT_SOCKET__NAME_BIND 0x00200000UL
-#define DBUS__ACQUIRE_SVC 0x00000001UL
-#define DBUS__SEND_MSG 0x00000002UL
-#define NSCD__GETPWD 0x00000001UL
-#define NSCD__GETGRP 0x00000002UL
-#define NSCD__GETHOST 0x00000004UL
-#define NSCD__GETSTAT 0x00000008UL
-#define NSCD__ADMIN 0x00000010UL
-#define NSCD__SHMEMPWD 0x00000020UL
-#define NSCD__SHMEMGRP 0x00000040UL
-#define NSCD__SHMEMHOST 0x00000080UL
-#define NSCD__GETSERV 0x00000100UL
-#define NSCD__SHMEMSERV 0x00000200UL
-#define ASSOCIATION__SENDTO 0x00000001UL
-#define ASSOCIATION__RECVFROM 0x00000002UL
-#define ASSOCIATION__SETCONTEXT 0x00000004UL
-#define ASSOCIATION__POLMATCH 0x00000008UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__IOCTL 0x00000001UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__READ 0x00000002UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__WRITE 0x00000004UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__CREATE 0x00000008UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__GETATTR 0x00000010UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SETATTR 0x00000020UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__LOCK 0x00000040UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELFROM 0x00000080UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RELABELTO 0x00000100UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__APPEND 0x00000200UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__BIND 0x00000400UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__CONNECT 0x00000800UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__LISTEN 0x00001000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__ACCEPT 0x00002000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__GETOPT 0x00004000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SETOPT 0x00008000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SHUTDOWN 0x00010000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RECVFROM 0x00020000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SENDTO 0x00040000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__RECV_MSG 0x00080000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__SEND_MSG 0x00100000UL
-#define NETLINK_KOBJECT_UEVENT_SOCKET__NAME_BIND 0x00200000UL
-#define APPLETALK_SOCKET__IOCTL 0x00000001UL
-#define APPLETALK_SOCKET__READ 0x00000002UL
-#define APPLETALK_SOCKET__WRITE 0x00000004UL
-#define APPLETALK_SOCKET__CREATE 0x00000008UL
-#define APPLETALK_SOCKET__GETATTR 0x00000010UL
-#define APPLETALK_SOCKET__SETATTR 0x00000020UL
-#define APPLETALK_SOCKET__LOCK 0x00000040UL
-#define APPLETALK_SOCKET__RELABELFROM 0x00000080UL
-#define APPLETALK_SOCKET__RELABELTO 0x00000100UL
-#define APPLETALK_SOCKET__APPEND 0x00000200UL
-#define APPLETALK_SOCKET__BIND 0x00000400UL
-#define APPLETALK_SOCKET__CONNECT 0x00000800UL
-#define APPLETALK_SOCKET__LISTEN 0x00001000UL
-#define APPLETALK_SOCKET__ACCEPT 0x00002000UL
-#define APPLETALK_SOCKET__GETOPT 0x00004000UL
-#define APPLETALK_SOCKET__SETOPT 0x00008000UL
-#define APPLETALK_SOCKET__SHUTDOWN 0x00010000UL
-#define APPLETALK_SOCKET__RECVFROM 0x00020000UL
-#define APPLETALK_SOCKET__SENDTO 0x00040000UL
-#define APPLETALK_SOCKET__RECV_MSG 0x00080000UL
-#define APPLETALK_SOCKET__SEND_MSG 0x00100000UL
-#define APPLETALK_SOCKET__NAME_BIND 0x00200000UL
-#define PACKET__SEND 0x00000001UL
-#define PACKET__RECV 0x00000002UL
-#define PACKET__RELABELTO 0x00000004UL
-#define PACKET__FLOW_IN 0x00000008UL
-#define PACKET__FLOW_OUT 0x00000010UL
-#define PACKET__FORWARD_IN 0x00000020UL
-#define PACKET__FORWARD_OUT 0x00000040UL
-#define KEY__VIEW 0x00000001UL
-#define KEY__READ 0x00000002UL
-#define KEY__WRITE 0x00000004UL
-#define KEY__SEARCH 0x00000008UL
-#define KEY__LINK 0x00000010UL
-#define KEY__SETATTR 0x00000020UL
-#define KEY__CREATE 0x00000040UL
-#define CONTEXT__TRANSLATE 0x00000001UL
-#define CONTEXT__CONTAINS 0x00000002UL
-#define DCCP_SOCKET__IOCTL 0x00000001UL
-#define DCCP_SOCKET__READ 0x00000002UL
-#define DCCP_SOCKET__WRITE 0x00000004UL
-#define DCCP_SOCKET__CREATE 0x00000008UL
-#define DCCP_SOCKET__GETATTR 0x00000010UL
-#define DCCP_SOCKET__SETATTR 0x00000020UL
-#define DCCP_SOCKET__LOCK 0x00000040UL
-#define DCCP_SOCKET__RELABELFROM 0x00000080UL
-#define DCCP_SOCKET__RELABELTO 0x00000100UL
-#define DCCP_SOCKET__APPEND 0x00000200UL
-#define DCCP_SOCKET__BIND 0x00000400UL
-#define DCCP_SOCKET__CONNECT 0x00000800UL
-#define DCCP_SOCKET__LISTEN 0x00001000UL
-#define DCCP_SOCKET__ACCEPT 0x00002000UL
-#define DCCP_SOCKET__GETOPT 0x00004000UL
-#define DCCP_SOCKET__SETOPT 0x00008000UL
-#define DCCP_SOCKET__SHUTDOWN 0x00010000UL
-#define DCCP_SOCKET__RECVFROM 0x00020000UL
-#define DCCP_SOCKET__SENDTO 0x00040000UL
-#define DCCP_SOCKET__RECV_MSG 0x00080000UL
-#define DCCP_SOCKET__SEND_MSG 0x00100000UL
-#define DCCP_SOCKET__NAME_BIND 0x00200000UL
-#define DCCP_SOCKET__NODE_BIND 0x00400000UL
-#define DCCP_SOCKET__NAME_CONNECT 0x00800000UL
-#define MEMPROTECT__MMAP_ZERO 0x00000001UL
-#define DB_DATABASE__CREATE 0x00000001UL
-#define DB_DATABASE__DROP 0x00000002UL
-#define DB_DATABASE__GETATTR 0x00000004UL
-#define DB_DATABASE__SETATTR 0x00000008UL
-#define DB_DATABASE__RELABELFROM 0x00000010UL
-#define DB_DATABASE__RELABELTO 0x00000020UL
-#define DB_DATABASE__ACCESS 0x00000040UL
-#define DB_DATABASE__INSTALL_MODULE 0x00000080UL
-#define DB_DATABASE__LOAD_MODULE 0x00000100UL
-#define DB_DATABASE__GET_PARAM 0x00000200UL
-#define DB_DATABASE__SET_PARAM 0x00000400UL
-#define DB_TABLE__CREATE 0x00000001UL
-#define DB_TABLE__DROP 0x00000002UL
-#define DB_TABLE__GETATTR 0x00000004UL
-#define DB_TABLE__SETATTR 0x00000008UL
-#define DB_TABLE__RELABELFROM 0x00000010UL
-#define DB_TABLE__RELABELTO 0x00000020UL
-#define DB_TABLE__USE 0x00000040UL
-#define DB_TABLE__SELECT 0x00000080UL
-#define DB_TABLE__UPDATE 0x00000100UL
-#define DB_TABLE__INSERT 0x00000200UL
-#define DB_TABLE__DELETE 0x00000400UL
-#define DB_TABLE__LOCK 0x00000800UL
-#define DB_PROCEDURE__CREATE 0x00000001UL
-#define DB_PROCEDURE__DROP 0x00000002UL
-#define DB_PROCEDURE__GETATTR 0x00000004UL
-#define DB_PROCEDURE__SETATTR 0x00000008UL
-#define DB_PROCEDURE__RELABELFROM 0x00000010UL
-#define DB_PROCEDURE__RELABELTO 0x00000020UL
-#define DB_PROCEDURE__EXECUTE 0x00000040UL
-#define DB_PROCEDURE__ENTRYPOINT 0x00000080UL
-#define DB_COLUMN__CREATE 0x00000001UL
-#define DB_COLUMN__DROP 0x00000002UL
-#define DB_COLUMN__GETATTR 0x00000004UL
-#define DB_COLUMN__SETATTR 0x00000008UL
-#define DB_COLUMN__RELABELFROM 0x00000010UL
-#define DB_COLUMN__RELABELTO 0x00000020UL
-#define DB_COLUMN__USE 0x00000040UL
-#define DB_COLUMN__SELECT 0x00000080UL
-#define DB_COLUMN__UPDATE 0x00000100UL
-#define DB_COLUMN__INSERT 0x00000200UL
-#define DB_TUPLE__RELABELFROM 0x00000001UL
-#define DB_TUPLE__RELABELTO 0x00000002UL
-#define DB_TUPLE__USE 0x00000004UL
-#define DB_TUPLE__SELECT 0x00000008UL
-#define DB_TUPLE__UPDATE 0x00000010UL
-#define DB_TUPLE__INSERT 0x00000020UL
-#define DB_TUPLE__DELETE 0x00000040UL
-#define DB_BLOB__CREATE 0x00000001UL
-#define DB_BLOB__DROP 0x00000002UL
-#define DB_BLOB__GETATTR 0x00000004UL
-#define DB_BLOB__SETATTR 0x00000008UL
-#define DB_BLOB__RELABELFROM 0x00000010UL
-#define DB_BLOB__RELABELTO 0x00000020UL
-#define DB_BLOB__READ 0x00000040UL
-#define DB_BLOB__WRITE 0x00000080UL
-#define DB_BLOB__IMPORT 0x00000100UL
-#define DB_BLOB__EXPORT 0x00000200UL
-#define PEER__RECV 0x00000001UL
-#define X_APPLICATION_DATA__PASTE 0x00000001UL
-#define X_APPLICATION_DATA__PASTE_AFTER_CONFIRM 0x00000002UL
-#define X_APPLICATION_DATA__COPY 0x00000004UL
diff --git a/libselinux/include/selinux/avc.h b/libselinux/include/selinux/avc.h
index b4bc6f3..46c5141 100644
--- a/libselinux/include/selinux/avc.h
+++ b/libselinux/include/selinux/avc.h
@@ -37,8 +37,8 @@
* failure, with @errno set to %ENOMEM if insufficient memory was
* available to make the copy, or %EINVAL if the input SID is invalid.
*/
-int avc_sid_to_context(security_id_t sid, char ** ctx);
-int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
+extern int avc_sid_to_context(security_id_t sid, char ** ctx);
+extern int avc_sid_to_context_raw(security_id_t sid, char ** ctx);
/**
* avc_context_to_sid - get SID for context.
@@ -51,8 +51,8 @@
* to the SID structure into the memory referenced by @sid,
* returning %0 on success or -%1 on error with @errno set.
*/
-int avc_context_to_sid(const char * ctx, security_id_t * sid);
-int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
+extern int avc_context_to_sid(const char * ctx, security_id_t * sid);
+extern int avc_context_to_sid_raw(const char * ctx, security_id_t * sid);
/**
* sidget - increment SID reference counter.
@@ -64,7 +64,7 @@
* reference count). Note that avc_context_to_sid() also
* increments reference counts.
*/
-int sidget(security_id_t sid);
+extern int sidget(security_id_t sid);
/**
* sidput - decrement SID reference counter.
@@ -76,7 +76,7 @@
* zero, the SID is invalid, and avc_context_to_sid() must
* be called to obtain a new SID for the security context.
*/
-int sidput(security_id_t sid);
+extern int sidput(security_id_t sid);
/**
* avc_get_initial_sid - get SID for an initial kernel security identifier
@@ -87,7 +87,7 @@
* @name using security_get_initial_context() and then call
* avc_context_to_sid() to get the corresponding SID.
*/
-int avc_get_initial_sid(const char *name, security_id_t * sid);
+extern int avc_get_initial_sid(const char *name, security_id_t * sid);
/*
* AVC entry
@@ -188,11 +188,11 @@
* for those callbacks (see the definition of the callback
* structures above).
*/
-int avc_init(const char *msgprefix,
- const struct avc_memory_callback *mem_callbacks,
- const struct avc_log_callback *log_callbacks,
- const struct avc_thread_callback *thread_callbacks,
- const struct avc_lock_callback *lock_callbacks);
+extern int avc_init(const char *msgprefix,
+ const struct avc_memory_callback *mem_callbacks,
+ const struct avc_log_callback *log_callbacks,
+ const struct avc_thread_callback *thread_callbacks,
+ const struct avc_lock_callback *lock_callbacks);
/**
* avc_open - Initialize the AVC.
@@ -203,7 +203,7 @@
* is set to "avc" and any callbacks desired should be specified via
* selinux_set_callback(). Available options are listed above.
*/
-int avc_open(struct selinux_opt *opts, unsigned nopts);
+extern int avc_open(struct selinux_opt *opts, unsigned nopts);
/**
* avc_cleanup - Remove unused SIDs and AVC entries.
@@ -213,7 +213,7 @@
* AVC entries that reference them. This can be used
* to return memory to the system.
*/
-void avc_cleanup(void);
+extern void avc_cleanup(void);
/**
* avc_reset - Flush the cache and reset statistics.
@@ -223,7 +223,7 @@
* The SID mapping is not affected. Return %0 on success,
* -%1 with @errno set on error.
*/
-int avc_reset(void);
+extern int avc_reset(void);
/**
* avc_destroy - Free all AVC structures.
@@ -234,7 +234,7 @@
* callbacks will not. All SID's will be invalidated.
* User must call avc_init() if further use of AVC is desired.
*/
-void avc_destroy(void);
+extern void avc_destroy(void);
/**
* avc_has_perm_noaudit - Check permissions but perform no auditing.
@@ -257,11 +257,11 @@
* auditing, e.g. in cases where a lock must be held for the check but
* should be released for the auditing.
*/
-int avc_has_perm_noaudit(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass,
- access_vector_t requested,
- struct avc_entry_ref *aeref, struct av_decision *avd);
+extern int avc_has_perm_noaudit(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass,
+ access_vector_t requested,
+ struct avc_entry_ref *aeref, struct av_decision *avd);
/**
* avc_has_perm - Check permissions and perform any appropriate auditing.
@@ -281,9 +281,9 @@
* permissions are granted, -%1 with @errno set to %EACCES if any permissions
* are denied or to another value upon other errors.
*/
-int avc_has_perm(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct avc_entry_ref *aeref, void *auditdata);
+extern int avc_has_perm(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct avc_entry_ref *aeref, void *auditdata);
/**
* avc_audit - Audit the granting or denial of permissions.
@@ -304,9 +304,9 @@
* be performed under a lock, to allow the lock to be released
* before calling the auditing code.
*/
-void avc_audit(security_id_t ssid, security_id_t tsid,
- security_class_t tclass, access_vector_t requested,
- struct av_decision *avd, int result, void *auditdata);
+extern void avc_audit(security_id_t ssid, security_id_t tsid,
+ security_class_t tclass, access_vector_t requested,
+ struct av_decision *avd, int result, void *auditdata);
/**
* avc_compute_create - Compute SID for labeling a new object.
@@ -322,9 +322,9 @@
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
-int avc_compute_create(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass, security_id_t * newsid);
+extern int avc_compute_create(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
/**
* avc_compute_member - Compute SID for polyinstantation.
@@ -340,9 +340,9 @@
* memory referenced by @newsid, returning %0 on success or -%1 on
* error with @errno set.
*/
-int avc_compute_member(security_id_t ssid,
- security_id_t tsid,
- security_class_t tclass, security_id_t * newsid);
+extern int avc_compute_member(security_id_t ssid,
+ security_id_t tsid,
+ security_class_t tclass, security_id_t * newsid);
/*
* security event callback facility
@@ -373,14 +373,14 @@
* @perms based on @tclass. Returns %0 on success or
* -%1 if insufficient memory exists to add the callback.
*/
-int avc_add_callback(int (*callback)
- (uint32_t event, security_id_t ssid,
- security_id_t tsid, security_class_t tclass,
- access_vector_t perms,
- access_vector_t * out_retained),
- uint32_t events, security_id_t ssid,
- security_id_t tsid, security_class_t tclass,
- access_vector_t perms);
+extern int avc_add_callback(int (*callback)
+ (uint32_t event, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms,
+ access_vector_t * out_retained),
+ uint32_t events, security_id_t ssid,
+ security_id_t tsid, security_class_t tclass,
+ access_vector_t perms);
/*
* AVC statistics
@@ -411,7 +411,7 @@
* avc_reset(). See the structure definition for
* details.
*/
-void avc_cache_stats(struct avc_cache_stats *stats);
+extern void avc_cache_stats(struct avc_cache_stats *stats);
/**
* avc_av_stats - log av table statistics.
@@ -420,7 +420,7 @@
* distribution of the access vector table. The audit
* callback is used to print the message.
*/
-void avc_av_stats(void);
+extern void avc_av_stats(void);
/**
* avc_sid_stats - log SID table statistics.
@@ -429,22 +429,22 @@
* distribution of the SID table. The audit callback
* is used to print the message.
*/
-void avc_sid_stats(void);
+extern void avc_sid_stats(void);
/**
* avc_netlink_open - Create a netlink socket and connect to the kernel.
*/
-int avc_netlink_open(int blocking);
+extern int avc_netlink_open(int blocking);
/**
* avc_netlink_loop - Wait for netlink messages from the kernel
*/
-void avc_netlink_loop(void);
+extern void avc_netlink_loop(void);
/**
* avc_netlink_close - Close the netlink socket
*/
-void avc_netlink_close(void);
+extern void avc_netlink_close(void);
/**
* avc_netlink_acquire_fd - Acquire netlink socket fd.
@@ -452,14 +452,14 @@
* Allows the application to manage messages from the netlink socket in
* its own main loop.
*/
-int avc_netlink_acquire_fd(void);
+extern int avc_netlink_acquire_fd(void);
/**
* avc_netlink_release_fd - Release netlink socket fd.
*
* Returns ownership of the netlink socket to the library.
*/
-void avc_netlink_release_fd(void);
+extern void avc_netlink_release_fd(void);
/**
* avc_netlink_check_nb - Check netlink socket for new messages.
@@ -467,43 +467,43 @@
* Called by the application when using avc_netlink_acquire_fd() to
* process kernel netlink events.
*/
-int avc_netlink_check_nb(void);
+extern int avc_netlink_check_nb(void);
/**
* selinux_status_open - Open and map SELinux kernel status page
*
*/
-int selinux_status_open(int fallback);
+extern int selinux_status_open(int fallback);
/**
* selinux_status_close - Unmap and close SELinux kernel status page
*
*/
-void selinux_status_close(void);
+extern void selinux_status_close(void);
/**
* selinux_status_updated - Inform us whether the kernel status has been updated
*
*/
-int selinux_status_updated(void);
+extern int selinux_status_updated(void);
/**
* selinux_status_getenforce - Get the enforce flag value
*
*/
-int selinux_status_getenforce(void);
+extern int selinux_status_getenforce(void);
/**
* selinux_status_policyload - Get the number of policy reloaded
*
*/
-int selinux_status_policyload(void);
+extern int selinux_status_policyload(void);
/**
* selinux_status_deny_unknown - Get the behavior for undefined classes/permissions
*
*/
-int selinux_status_deny_unknown(void);
+extern int selinux_status_deny_unknown(void);
#ifdef __cplusplus
}
diff --git a/libselinux/include/selinux/flask.h b/libselinux/include/selinux/flask.h
deleted file mode 100644
index 8128223..0000000
--- a/libselinux/include/selinux/flask.h
+++ /dev/null
@@ -1,118 +0,0 @@
-/* This file is automatically generated. Do not edit. */
-#ifndef _SELINUX_FLASK_H_
-#define _SELINUX_FLASK_H_
-
-#warning "Please remove any #include's of this header in your source code."
-#warning "Instead, use string_to_security_class() to map the class name to a value."
-
-/*
- * Security object class definitions
- */
-#define SECCLASS_SECURITY 1
-#define SECCLASS_PROCESS 2
-#define SECCLASS_SYSTEM 3
-#define SECCLASS_CAPABILITY 4
-#define SECCLASS_FILESYSTEM 5
-#define SECCLASS_FILE 6
-#define SECCLASS_DIR 7
-#define SECCLASS_FD 8
-#define SECCLASS_LNK_FILE 9
-#define SECCLASS_CHR_FILE 10
-#define SECCLASS_BLK_FILE 11
-#define SECCLASS_SOCK_FILE 12
-#define SECCLASS_FIFO_FILE 13
-#define SECCLASS_SOCKET 14
-#define SECCLASS_TCP_SOCKET 15
-#define SECCLASS_UDP_SOCKET 16
-#define SECCLASS_RAWIP_SOCKET 17
-#define SECCLASS_NODE 18
-#define SECCLASS_NETIF 19
-#define SECCLASS_NETLINK_SOCKET 20
-#define SECCLASS_PACKET_SOCKET 21
-#define SECCLASS_KEY_SOCKET 22
-#define SECCLASS_UNIX_STREAM_SOCKET 23
-#define SECCLASS_UNIX_DGRAM_SOCKET 24
-#define SECCLASS_SEM 25
-#define SECCLASS_MSG 26
-#define SECCLASS_MSGQ 27
-#define SECCLASS_SHM 28
-#define SECCLASS_IPC 29
-#define SECCLASS_PASSWD 30
-#define SECCLASS_X_DRAWABLE 31
-#define SECCLASS_X_SCREEN 32
-#define SECCLASS_X_GC 33
-#define SECCLASS_X_FONT 34
-#define SECCLASS_X_COLORMAP 35
-#define SECCLASS_X_PROPERTY 36
-#define SECCLASS_X_SELECTION 37
-#define SECCLASS_X_CURSOR 38
-#define SECCLASS_X_CLIENT 39
-#define SECCLASS_X_DEVICE 40
-#define SECCLASS_X_SERVER 41
-#define SECCLASS_X_EXTENSION 42
-#define SECCLASS_NETLINK_ROUTE_SOCKET 43
-#define SECCLASS_NETLINK_FIREWALL_SOCKET 44
-#define SECCLASS_NETLINK_TCPDIAG_SOCKET 45
-#define SECCLASS_NETLINK_NFLOG_SOCKET 46
-#define SECCLASS_NETLINK_XFRM_SOCKET 47
-#define SECCLASS_NETLINK_SELINUX_SOCKET 48
-#define SECCLASS_NETLINK_AUDIT_SOCKET 49
-#define SECCLASS_NETLINK_IP6FW_SOCKET 50
-#define SECCLASS_NETLINK_DNRT_SOCKET 51
-#define SECCLASS_DBUS 52
-#define SECCLASS_NSCD 53
-#define SECCLASS_ASSOCIATION 54
-#define SECCLASS_NETLINK_KOBJECT_UEVENT_SOCKET 55
-#define SECCLASS_APPLETALK_SOCKET 56
-#define SECCLASS_PACKET 57
-#define SECCLASS_KEY 58
-#define SECCLASS_CONTEXT 59
-#define SECCLASS_DCCP_SOCKET 60
-#define SECCLASS_MEMPROTECT 61
-#define SECCLASS_DB_DATABASE 62
-#define SECCLASS_DB_TABLE 63
-#define SECCLASS_DB_PROCEDURE 64
-#define SECCLASS_DB_COLUMN 65
-#define SECCLASS_DB_TUPLE 66
-#define SECCLASS_DB_BLOB 67
-#define SECCLASS_PEER 68
-#define SECCLASS_CAPABILITY2 69
-#define SECCLASS_X_RESOURCE 70
-#define SECCLASS_X_EVENT 71
-#define SECCLASS_X_SYNTHETIC_EVENT 72
-#define SECCLASS_X_APPLICATION_DATA 73
-
-/*
- * Security identifier indices for initial entities
- */
-#define SECINITSID_KERNEL 1
-#define SECINITSID_SECURITY 2
-#define SECINITSID_UNLABELED 3
-#define SECINITSID_FS 4
-#define SECINITSID_FILE 5
-#define SECINITSID_FILE_LABELS 6
-#define SECINITSID_INIT 7
-#define SECINITSID_ANY_SOCKET 8
-#define SECINITSID_PORT 9
-#define SECINITSID_NETIF 10
-#define SECINITSID_NETMSG 11
-#define SECINITSID_NODE 12
-#define SECINITSID_IGMP_PACKET 13
-#define SECINITSID_ICMP_SOCKET 14
-#define SECINITSID_TCP_SOCKET 15
-#define SECINITSID_SYSCTL_MODPROBE 16
-#define SECINITSID_SYSCTL 17
-#define SECINITSID_SYSCTL_FS 18
-#define SECINITSID_SYSCTL_KERNEL 19
-#define SECINITSID_SYSCTL_NET 20
-#define SECINITSID_SYSCTL_NET_UNIX 21
-#define SECINITSID_SYSCTL_VM 22
-#define SECINITSID_SYSCTL_DEV 23
-#define SECINITSID_KMOD 24
-#define SECINITSID_POLICY 25
-#define SECINITSID_SCMP_PACKET 26
-#define SECINITSID_DEVNULL 27
-
-#define SECINITSID_NUM 27
-
-#endif
diff --git a/libselinux/include/selinux/get_context_list.h b/libselinux/include/selinux/get_context_list.h
index a15b9c4..db8641a 100644
--- a/libselinux/include/selinux/get_context_list.h
+++ b/libselinux/include/selinux/get_context_list.h
@@ -22,10 +22,10 @@
/* As above, but use the provided MLS level rather than the
default level for the user. */
- int get_ordered_context_list_with_level(const char *user,
- const char *level,
- char * fromcon,
- char *** list);
+ extern int get_ordered_context_list_with_level(const char *user,
+ const char *level,
+ char * fromcon,
+ char *** list);
/* Get the default security context for a user session for 'user'
spawned by 'fromcon' and set *newcon to refer to it. The context
@@ -40,32 +40,32 @@
/* As above, but use the provided MLS level rather than the
default level for the user. */
- int get_default_context_with_level(const char *user,
- const char *level,
- char * fromcon,
- char ** newcon);
+ extern int get_default_context_with_level(const char *user,
+ const char *level,
+ char * fromcon,
+ char ** newcon);
/* Same as get_default_context, but only return a context
that has the specified role. If no reachable context exists
for the user with that role, then return -1. */
- int get_default_context_with_role(const char *user,
- const char *role,
- char * fromcon,
- char ** newcon);
+ extern int get_default_context_with_role(const char *user,
+ const char *role,
+ char * fromcon,
+ char ** newcon);
/* Same as get_default_context, but only return a context
that has the specified role and level. If no reachable context exists
for the user with that role, then return -1. */
- int get_default_context_with_rolelevel(const char *user,
- const char *role,
- const char *level,
- char * fromcon,
- char ** newcon);
+ extern int get_default_context_with_rolelevel(const char *user,
+ const char *role,
+ const char *level,
+ char * fromcon,
+ char ** newcon);
/* Given a list of authorized security contexts for the user,
query the user to select one and set *newcon to refer to it.
Caller must free via freecon.
- Returns 0 on sucess or -1 otherwise. */
+ Returns 0 on success or -1 otherwise. */
extern int query_user_context(char ** list,
char ** newcon);
diff --git a/libselinux/include/selinux/get_default_type.h b/libselinux/include/selinux/get_default_type.h
index 65c5dd4..93f5b27 100644
--- a/libselinux/include/selinux/get_default_type.h
+++ b/libselinux/include/selinux/get_default_type.h
@@ -10,12 +10,12 @@
#endif
/* Return path to default type file. */
- const char *selinux_default_type_path(void);
+ extern const char *selinux_default_type_path(void);
/* Get the default type (domain) for 'role' and set 'type' to refer to it.
Caller must free via free().
Return 0 on success or -1 otherwise. */
- int get_default_type(const char *role, char **type);
+ extern int get_default_type(const char *role, char **type);
#ifdef __cplusplus
}
diff --git a/libselinux/include/selinux/label.h b/libselinux/include/selinux/label.h
index e537aa1..e898360 100644
--- a/libselinux/include/selinux/label.h
+++ b/libselinux/include/selinux/label.h
@@ -73,9 +73,9 @@
* backend. Return value is the created handle on success or NULL with
* @errno set on failure.
*/
-struct selabel_handle *selabel_open(unsigned int backend,
- const struct selinux_opt *opts,
- unsigned nopts);
+extern struct selabel_handle *selabel_open(unsigned int backend,
+ const struct selinux_opt *opts,
+ unsigned nopts);
/**
* selabel_close - Close a labeling handle.
@@ -84,7 +84,7 @@
* Destroy the specified handle, closing files, freeing allocated memory,
* etc. The handle may not be further used after it has been closed.
*/
-void selabel_close(struct selabel_handle *handle);
+extern void selabel_close(struct selabel_handle *handle);
/**
* selabel_lookup - Perform labeling lookup operation.
@@ -99,20 +99,25 @@
* The result is returned in the memory pointed to by @con and must be freed
* by the user with freecon().
*/
-int selabel_lookup(struct selabel_handle *handle, char **con,
- const char *key, int type);
-int selabel_lookup_raw(struct selabel_handle *handle, char **con,
- const char *key, int type);
+extern int selabel_lookup(struct selabel_handle *handle, char **con,
+ const char *key, int type);
+extern int selabel_lookup_raw(struct selabel_handle *handle, char **con,
+ const char *key, int type);
-bool selabel_partial_match(struct selabel_handle *handle, const char *key);
+extern bool selabel_partial_match(struct selabel_handle *handle, const char *key);
-bool selabel_hash_all_partial_matches(struct selabel_handle *rec,
- const char *key, uint8_t* digest);
+extern bool selabel_get_digests_all_partial_matches(struct selabel_handle *rec,
+ const char *key,
+ uint8_t **calculated_digest,
+ uint8_t **xattr_digest,
+ size_t *digest_len);
+extern bool selabel_hash_all_partial_matches(struct selabel_handle *rec,
+ const char *key, uint8_t* digest);
-int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
- const char *key, const char **aliases, int type);
-int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
- const char *key, const char **aliases, int type);
+extern int selabel_lookup_best_match(struct selabel_handle *rec, char **con,
+ const char *key, const char **aliases, int type);
+extern int selabel_lookup_best_match_raw(struct selabel_handle *rec, char **con,
+ const char *key, const char **aliases, int type);
/**
* selabel_digest - Retrieve the SHA1 digest and the list of specfiles used to
@@ -127,9 +132,9 @@
*
* Return %0 on success, -%1 with @errno set on failure.
*/
-int selabel_digest(struct selabel_handle *rec,
- unsigned char **digest, size_t *digest_len,
- char ***specfiles, size_t *num_specfiles);
+extern int selabel_digest(struct selabel_handle *rec,
+ unsigned char **digest, size_t *digest_len,
+ char ***specfiles, size_t *num_specfiles);
enum selabel_cmp_result {
SELABEL_SUBSET,
@@ -148,8 +153,8 @@
* if @h1 is identical to @h2, %SELABEL_SUPERSET if @h1 is a superset
* of @h2, and %SELABEL_INCOMPARABLE if @h1 and @h2 are incomparable.
*/
-enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
- struct selabel_handle *h2);
+extern enum selabel_cmp_result selabel_cmp(struct selabel_handle *h1,
+ struct selabel_handle *h2);
/**
* selabel_stats - log labeling operation statistics.
@@ -159,7 +164,7 @@
* number of unused matching entries, or other operational statistics.
* Message is backend-specific, some backends may not output a message.
*/
-void selabel_stats(struct selabel_handle *handle);
+extern void selabel_stats(struct selabel_handle *handle);
/*
* Type codes used by specific backends
diff --git a/libselinux/include/selinux/restorecon.h b/libselinux/include/selinux/restorecon.h
index 595e772..754b864 100644
--- a/libselinux/include/selinux/restorecon.h
+++ b/libselinux/include/selinux/restorecon.h
@@ -27,8 +27,8 @@
* restorecon_flags options
*/
/*
- * Force the checking of labels even if the stored SHA1
- * digest matches the specfiles SHA1 digest.
+ * Force the checking of labels even if the stored SHA1 digest
+ * matches the specfiles SHA1 digest (requires CAP_SYS_ADMIN).
*/
#define SELINUX_RESTORECON_IGNORE_DIGEST 0x0001
/*
@@ -96,12 +96,17 @@
* See SELINUX_RESTORECON_PROGRESS flag for details.
*/
#define SELINUX_RESTORECON_MASS_RELABEL 0x4000
+/*
+ * Set if no digest is to be read or written (as only processes
+ * running with CAP_SYS_ADMIN can read/write digests).
+ */
+#define SELINUX_RESTORECON_SKIP_DIGEST 0x8000
/**
* selinux_restorecon_set_sehandle - Set the global fc handle.
* @hndl: specifies handle to set as the global fc handle.
*
- * Called by a process that has already called selabel_open(3) with it's
+ * Called by a process that has already called selabel_open(3) with its
* required parameters, or if selinux_restorecon_default_handle(3) has been
* called to set the default selabel_open(3) parameters.
*/
@@ -110,7 +115,7 @@
/**
* selinux_restorecon_default_handle - Sets default selabel_open(3) parameters
* to use the currently loaded policy and
- * file_contexts, also requests the digest.
+ * file_contexts.
*
* Return value is the created handle on success or NULL with @errno set on
* failure.
@@ -134,12 +139,12 @@
extern int selinux_restorecon_set_alt_rootpath(const char *alt_rootpath);
/**
- * selinux_restorecon_xattr - Read/remove RESTORECON_LAST xattr entries.
+ * selinux_restorecon_xattr - Read/remove security.sehash xattr entries.
* @pathname: specifies directory path to check.
* @xattr_flags: specifies the actions to be performed.
* @xattr_list: a linked list of struct dir_xattr structures containing
* the directory, digest and result of the action on the
- * RESTORECON_LAST entry.
+ * security.sehash entry.
*
* selinux_restorecon_xattr(3) will automatically call
* selinux_restorecon_default_handle(3) and selinux_restorecon_set_sehandle(3)
diff --git a/libselinux/include/selinux/selinux.h b/libselinux/include/selinux/selinux.h
index f54f236..7922d96 100644
--- a/libselinux/include/selinux/selinux.h
+++ b/libselinux/include/selinux/selinux.h
@@ -258,7 +258,7 @@
/* Validate a transition. This determines whether a transition from scon to newcon
using tcon as the target for object class tclass is valid in the loaded policy.
This checks against the mlsvalidatetrans and validatetrans constraints in the loaded policy.
- Returns 0 if allowed and -1 if an error occured with errno set */
+ Returns 0 if allowed and -1 if an error occurred with errno set */
extern int security_validatetrans(const char *scon,
const char *tcon,
security_class_t tclass,
@@ -286,11 +286,7 @@
* manipulating it as needed for current boolean settings and/or local
* definitions, and then calling security_load_policy to load it.
*
- * 'preservebools' is a boolean flag indicating whether current
- * policy boolean values should be preserved into the new policy (if 1)
- * or reset to the saved policy settings (if 0). The former case is the
- * default for policy reloads, while the latter case is an option for policy
- * reloads but is primarily for the initial policy load.
+ * 'preservebools' is no longer supported, set to 0.
*/
extern int selinux_mkload_policy(int preservebools);
@@ -316,13 +312,15 @@
char *name;
int value;
} SELboolean;
-/* save a list of booleans in a single transaction. */
+/* save a list of booleans in a single transaction. 'permanent' is no
+ * longer supported, set to 0.
+ */
extern int security_set_boolean_list(size_t boolcnt,
SELboolean * boollist, int permanent);
-/* Load policy boolean settings.
- Path may be NULL, in which case the booleans are loaded from
- the active policy boolean configuration file. */
+/* Load policy boolean settings. Deprecated as local policy booleans no
+ * longer supported. Will always return 0.
+ */
extern int security_load_booleans(char *path);
/* Check the validity of a security context. */
@@ -420,6 +418,9 @@
/* Display an access vector in a string representation. */
extern void print_access_vector(security_class_t tclass, access_vector_t av);
+/* Flush the SELinux class cache, e.g. upon a policy reload. */
+extern void selinux_flush_class_cache(void);
+
/* Set the function used by matchpathcon_init when displaying
errors about the file_contexts configuration. If not set,
then this defaults to fprintf(stderr, fmt, ...). */
@@ -569,8 +570,10 @@
extern const char *selinux_contexts_path(void);
extern const char *selinux_securetty_types_path(void);
extern const char *selinux_booleans_subs_path(void);
+/* Deprecated as local policy booleans no longer supported. */
extern const char *selinux_booleans_path(void);
extern const char *selinux_customizable_types_path(void);
+/* Deprecated as policy ./users no longer supported. */
extern const char *selinux_users_path(void);
extern const char *selinux_usersconf_path(void);
extern const char *selinux_translations_path(void);
@@ -610,13 +613,13 @@
Normally, this is determined automatically during libselinux
initialization, but this is not always possible, e.g. for /sbin/init
which performs the initial mount of selinuxfs. */
-void set_selinuxmnt(const char *mnt);
+extern void set_selinuxmnt(const char *mnt);
/* Check if selinuxfs exists as a kernel filesystem */
-int selinuxfs_exists(void);
+extern int selinuxfs_exists(void);
/* clear selinuxmnt variable and free allocated memory */
-void fini_selinuxmnt(void);
+extern void fini_selinuxmnt(void);
/* Set an appropriate security context based on the filename of a helper
* program, falling back to a new context with the specified type. */
diff --git a/libselinux/man/man3/avc_has_perm.3 b/libselinux/man/man3/avc_has_perm.3
index 3e9fca8..62809f9 100644
--- a/libselinux/man/man3/avc_has_perm.3
+++ b/libselinux/man/man3/avc_has_perm.3
@@ -34,6 +34,36 @@
.in
.
.SH "DESCRIPTION"
+
+Direct use of these functions is generally discouraged in favor of
+the higher level interface
+.BR selinux_check_access(3)
+since the latter automatically handles the dynamic mapping of class
+and permission names to their policy values and proper handling of
+allow_unknown.
+
+When using any of the functions that take policy integer values for
+classes or permissions as inputs, use
+.BR string_to_security_class(3)
+and
+.BR string_to_av_perm(3)
+to map the class and permission names to their policy values.
+These values may change across a policy reload, so they should be
+re-acquired on every use or using a
+.B SELINUX_CB_POLICYLOAD
+callback set via
+.BR selinux_set_callback(3).
+
+An alternative approach is to use
+.BR selinux_set_mapping(3)
+to create a mapping from class and permission index values
+used by the application to the policy values,
+thereby allowing the application to pass its own
+fixed constants for the classes and permissions to
+these functions and internally mapping them on demand.
+However, this also requires setting up a callback as above
+to address policy reloads.
+
.BR avc_entry_ref_init ()
initializes an
.B avc_entry_ref
@@ -146,11 +176,16 @@
netlink by the policy.
.
.SH "AUTHOR"
-Eamon Walsh <ewalsh@tycho.nsa.gov>
+Originally Eamon Walsh. Updated by Stephen Smalley <sds@tycho.nsa.gov>
.
.SH "SEE ALSO"
.ad l
.nh
+.BR selinux_check_access(3),
+.BR string_to_security_class(3),
+.BR string_to_av_perm(3),
+.BR selinux_set_callback(3),
+.BR selinux_set_mapping(3),
.BR avc_init (3),
.BR avc_context_to_sid (3),
.BR avc_cache_stats (3),
diff --git a/libselinux/man/man3/security_compute_av.3 b/libselinux/man/man3/security_compute_av.3
index a7181be..3de1b0f 100644
--- a/libselinux/man/man3/security_compute_av.3
+++ b/libselinux/man/man3/security_compute_av.3
@@ -50,6 +50,39 @@
.BI "int checkPasswdAccess(access_vector_t " requested );
.
.SH "DESCRIPTION"
+
+This family of functions is used to obtain policy decisions from the
+SELinux kernel security server (policy engine). In general, direct use of
+.BR security_compute_av ()
+and its variant interfaces is discouraged in favor of using
+.BR selinux_check_access ()
+since the latter automatically handles the dynamic mapping of class
+and permission names to their policy values, initialization and use of
+the Access Vector Cache (AVC), and proper handling of per-domain and
+global permissive mode and allow_unknown.
+
+When using any of the functions that take policy integer values for
+classes or permissions as inputs, use
+.BR string_to_security_class(3)
+and
+.BR string_to_av_perm(3)
+to map the class and permission names to their policy values.
+These values may change across a policy reload, so they should be
+re-acquired on every use or using a
+.B SELINUX_CB_POLICYLOAD
+callback set via
+.BR selinux_set_callback(3).
+
+An alternative approach is to use
+.BR selinux_set_mapping(3)
+to create a mapping from class and permission index values
+used by the application to the policy values,
+thereby allowing the application to pass its own
+fixed constants for the classes and permissions to
+these functions and internally mapping them on demand.
+However, this also requires setting up a callback as above
+to address policy reloads.
+
.BR security_compute_av ()
queries whether the policy permits the source context
.I scon
@@ -102,13 +135,13 @@
.BR security_compute_user ()
is used to determine the set of user contexts that can be reached from a
source context. It is mainly used by
-.BR get_ordered_context_list ().
+.BR get_ordered_context_list (3).
.BR security_validatetrans ()
is used to determine if a transition from scon to newcon using tcon as the object
is valid for object class tclass. This checks against the mlsvalidatetrans and
validatetrans constraints in the loaded policy. Returns 0 if allowed, and -1
-if an error occured with errno set.
+if an error occurred with errno set.
.BR security_get_initial_context ()
is used to get the context of a kernel initial security identifier specified by
@@ -135,7 +168,9 @@
.I passwd
class.
.BR selinux_check_passwd_access ()
-uses getprevcon() for the source and target security contexts.
+uses
+.BR getprevcon(3)
+for the source and target security contexts.
.BR checkPasswdAccess ()
is a deprecated alias of the
@@ -146,4 +181,10 @@
Returns zero on success or \-1 on error.
.
.SH "SEE ALSO"
-.BR selinux "(8), " getcon "(3), " getfilecon "(3), " get_ordered_context_list "(3)"
+.BR string_to_security_class (3),
+.BR string_to_av_perm (3),
+.BR selinux_set_callback (3),
+.BR selinux_set_mapping (3),
+.BR getprevcon (3),
+.BR get_ordered_context_list (3),
+.BR selinux (8)
diff --git a/libselinux/man/man3/security_load_booleans.3 b/libselinux/man/man3/security_load_booleans.3
index 3b0bbea..25922f1 100644
--- a/libselinux/man/man3/security_load_booleans.3
+++ b/libselinux/man/man3/security_load_booleans.3
@@ -1,13 +1,11 @@
.TH "security_get_boolean_names" "3" "15 November 2004" "dwalsh@redhat.com" "SELinux API Documentation"
.SH "NAME"
-security_load_booleans, security_set_boolean, security_commit_booleans,
+security_set_boolean, security_commit_booleans,
security_get_boolean_names, security_get_boolean_active,
security_get_boolean_pending \- routines for manipulating SELinux boolean values
.
.SH "SYNOPSIS"
.B #include <selinux/selinux.h>
-.sp
-.BI "int security_load_booleans(char *" path ");"
.sp
.BI "int security_get_boolean_names(char ***" names ", int *" len ");"
.sp
@@ -30,10 +28,6 @@
The SELinux API allows for a transaction based update. So you can
set several boolean values and then commit them all at once.
-.BR security_load_booleans ()
-loads policy boolean settings. Path may be NULL, in which case the
-booleans are loaded from the active policy boolean configuration file.
-
.BR security_get_boolean_names ()
provides a list of boolean names, currently supported by the loaded policy.
@@ -47,7 +41,9 @@
sets the pending value for boolean
.BR security_set_boolean_list ()
-saves a list of booleans in a single transaction.
+saves a list of booleans in a single transaction. Note that the
+.BI int " permanent "
+flag is deprecated and should be set to zero.
.BR security_commit_booleans ()
commits all pending values for the booleans.
diff --git a/libselinux/man/man3/selabel_get_digests_all_partial_matches.3 b/libselinux/man/man3/selabel_get_digests_all_partial_matches.3
new file mode 100644
index 0000000..2366375
--- /dev/null
+++ b/libselinux/man/man3/selabel_get_digests_all_partial_matches.3
@@ -0,0 +1,70 @@
+.TH "selabel_get_digests_all_partial_matches" "3" "14 April 2019" "SELinux API documentation"
+
+.SH "NAME"
+selabel_get_digests_all_partial_matches \- retrieve the partial matches digest
+and the xattr digest that applies to the supplied path \- Only supported
+on file backend.
+.
+.SH "SYNOPSIS"
+.B #include <stdbool.h>
+.br
+.B #include <selinux/selinux.h>
+.br
+.B #include <selinux/label.h>
+.sp
+.BI "bool selabel_get_digests_all_partial_matches("
+.in +\w'selabel_get_digests_all_partial_matches('u
+.BI "struct selabel_handle *" hnd ,
+.br
+.BI "const char *" key ,
+.br
+.BI "uint8_t **" calculated_digest ,
+.br
+.BI "uint8_t **" xattr_digest ,
+.br
+.BI "size_t *" digest_len ");"
+.in
+.
+.SH "DESCRIPTION"
+.BR selabel_get_digests_all_partial_matches ()
+retrieves the file_contexts partial matches digest and the xattr digest that
+applies to the supplied path on the handle
+.IR hnd .
+.br
+The
+.IR key
+parameter is the path to retrieve the digests.
+.br
+The
+.IR calculated_digest
+is a pointer to the
+.IR key
+calculated file_contexts digest of all applicable partial matches, or NULL if
+none exist. The caller must
+.BR free (3)
+the buffer.
+.br
+The
+.IR xattr_digest
+is a pointer to the
+.IR key
+.BR xattr (7)
+stored digest, or NULL if it does not exist.
+The caller must
+.BR free (3)
+the buffer.
+.br
+The
+.IR digest_len
+is the length of the digests that will always be returned (even if both are
+NULL). Note that if both digests are returned, they will always be the same length.
+.sp
+.SH "RETURN VALUE"
+TRUE if the digests match or FALSE if they do not or either or both are missing.
+.sp
+.SH "SEE ALSO"
+.BR selinux_restorecon (3),
+.BR selabel_partial_match (3),
+.BR selabel_open (3),
+.BR selinux (8),
+.BR selabel_file (5)
diff --git a/libselinux/man/man3/selinux_binary_policy_path.3 b/libselinux/man/man3/selinux_binary_policy_path.3
index edaa3b8..0153868 100644
--- a/libselinux/man/man3/selinux_binary_policy_path.3
+++ b/libselinux/man/man3/selinux_binary_policy_path.3
@@ -4,7 +4,7 @@
selinux_failsafe_context_path, selinux_removable_context_path,
selinux_default_context_path, selinux_user_contexts_path,
selinux_file_context_path, selinux_media_context_path,
-selinux_contexts_path, selinux_booleans_path \- These functions return the paths to the active SELinux policy configuration
+selinux_contexts_path \- These functions return the paths to the active SELinux policy configuration
directories and files
.
.SH "SYNOPSIS"
@@ -40,8 +40,6 @@
.B const char *selinux_securetty_types_path(void);
.sp
.B const char *selinux_contexts_path(void);
-.sp
-.B const char *selinux_booleans_path(void);
.
.SH "DESCRIPTION"
These functions return the paths to the active policy configuration
@@ -104,9 +102,6 @@
.sp
.BR selinux_securetty_types_path ()
returns the defines tty types for newrole securettys.
-.sp
-.BR selinux_booleans_path ()
-returns the initial policy boolean settings.
.
.SH AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
diff --git a/libselinux/man/man3/selinux_booleans_path.3 b/libselinux/man/man3/selinux_booleans_path.3
deleted file mode 100644
index 175a611..0000000
--- a/libselinux/man/man3/selinux_booleans_path.3
+++ /dev/null
@@ -1 +0,0 @@
-.so man3/selinux_binary_policy_path.3
diff --git a/libselinux/man/man3/selinux_restorecon.3 b/libselinux/man/man3/selinux_restorecon.3
index 1eac6ed..f6e5f2d 100644
--- a/libselinux/man/man3/selinux_restorecon.3
+++ b/libselinux/man/man3/selinux_restorecon.3
@@ -28,39 +28,53 @@
.B SELINUX_RESTORECON_RECURSE
has been set (for descending through directories), then
.BR selinux_restorecon ()
-will write an SHA1 digest of the combined specfiles (see the
+will write an SHA1 digest of specfile entries calculated by
+.BR selabel_get_digests_all_partial_matches (3)
+to an extended attribute of
+.IR security.sehash
+once the relabeling has been completed successfully (see the
.B NOTES
-section for details) to an extended attribute of
-.IR security.restorecon_last
-once the relabeling has been completed successfully. This digest will be
-checked should
+section for details).
+.br
+These digests will be checked should
.BR selinux_restorecon ()
-be rerun
-with the
+be rerun with the
.IR restorecon_flags
.B SELINUX_RESTORECON_RECURSE
-flag set. If any of the specfiles had been updated, the digest
+flag set. If any of the specfile entries had been updated, the digest
will also be updated. However if the digest is the same, no relabeling checks
-will take place (unless the
+will take place.
+.br
+The
+.IR restorecon_flags
+that can be used to manage the usage of the SHA1 digest are:
+.RS
+.B SELINUX_RESTORECON_SKIP_DIGEST
+.br
.B SELINUX_RESTORECON_IGNORE_DIGEST
-flag is set).
+.RE
.sp
.IR restorecon_flags
contains the labeling option/rules as follows:
.sp
.RS
.sp
+.B SELINUX_RESTORECON_SKIP_DIGEST
+Do not check or update any extended attribute
+.IR security.sehash
+entries.
+.sp
.B SELINUX_RESTORECON_IGNORE_DIGEST
force the checking of labels even if the stored SHA1 digest matches the
-specfiles SHA1 digest. The specfiles digest will be written to the
-.IR security.restorecon_last
+specfile entries SHA1 digest. The specfile entries digest will be written to the
+.IR security.sehash
extended attribute once relabeling has been completed successfully provided the
.B SELINUX_RESTORECON_NOCHANGE
flag has not been set.
.sp
.B SELINUX_RESTORECON_NOCHANGE
don't change any file labels (passive check) or update the digest in the
-.IR security.restorecon_last
+.IR security.sehash
extended attribute.
.sp
.B SELINUX_RESTORECON_SET_SPECFILE_CTX
@@ -70,7 +84,7 @@
.sp
.B SELINUX_RESTORECON_RECURSE
change file and directory labels recursively (descend directories)
-and if successful write an SHA1 digest of the combined specfiles to an
+and if successful write an SHA1 digest of the specfile entries to an
extended attribute as described in the
.B NOTES
section.
@@ -182,12 +196,13 @@
.B SELINUX_RESTORECON_RECURSE
flag is set)
.BR selinux_restorecon ()
-will write an SHA1 digest of the specfiles that are processed by
-.BR selabel_open (3)
+will write a calculated SHA1 digest of the specfile entries returned by
+.BR selabel_get_digests_all_partial_matches (3)
to an extended attribute named
-.IR security.restorecon_last
-to the directory specified in the
-.IR pathname .
+.IR security.sehash
+for each directory in the
+.IR pathname
+path.
.IP "2." 4
To check the extended attribute entry use
.BR getfattr (1) ,
@@ -195,40 +210,26 @@
.sp
.RS
.RS
-getfattr -e hex -n security.restorecon_last /
+getfattr -e hex -n security.sehash /
.RE
.RE
.IP "3." 4
-The SHA1 digest is calculated by
-.BR selabel_open (3)
-concatenating the specfiles it reads during initialisation with the
-resulting digest and list of specfiles being retrieved by
-.BR selabel_digest (3).
-.IP "4." 4
-The specfiles consist of the mandatory
-.I file_contexts
-file plus any subs, subs_dist, local and homedir entries (text or binary versions)
-as determined by any
-.BR selabel_open (3)
-options e.g.
-.BR SELABEL_OPT_BASEONLY .
-.sp
-Should any of the specfiles have changed, then when
+Should any of the specfile entries have changed, then when
.BR selinux_restorecon ()
is run again with the
.B SELINUX_RESTORECON_RECURSE
-flag set, a new SHA1 digest will be calculated and all files will be automatically
+flag set, new SHA1 digests will be calculated and all files automatically
relabeled depending on the settings of the
.B SELINUX_RESTORECON_SET_SPECFILE_CTX
flag (provided
.B SELINUX_RESTORECON_NOCHANGE
is not set).
-.IP "5." 4
+.IP "4." 4
.B /sys
and in-memory filesystems do not support the
-.IR security.restorecon_last
+.IR security.sehash
extended attribute and are automatically excluded from any relabeling checks.
-.IP "6." 4
+.IP "5." 4
By default
.B stderr
is used to log output messages and errors. This may be changed by calling
@@ -239,6 +240,8 @@
option.
.
.SH "SEE ALSO"
+.BR selabel_get_digests_all_partial_matches (3),
+.br
.BR selinux_restorecon_set_sehandle (3),
.br
.BR selinux_restorecon_default_handle (3),
diff --git a/libselinux/man/man3/selinux_restorecon_xattr.3 b/libselinux/man/man3/selinux_restorecon_xattr.3
index 516d266..c563268 100644
--- a/libselinux/man/man3/selinux_restorecon_xattr.3
+++ b/libselinux/man/man3/selinux_restorecon_xattr.3
@@ -2,7 +2,7 @@
.SH "NAME"
selinux_restorecon_xattr \- manage default
-.I security.restorecon_last
+.I security.sehash
extended attribute entries added by
.BR selinux_restorecon (3),
.BR setfiles (8)
@@ -29,7 +29,7 @@
.RS
.IR pathname
containing a directory tree to be searched for
-.I security.restorecon_last
+.I security.sehash
extended attribute entries.
.sp
.IR xattr_flags
@@ -119,7 +119,7 @@
.BR selinux_restorecon_xattr (3)
will use the default set of specfiles described in
.BR files_contexts (5)
-to calculate the initial SHA1 digest to be used for comparison.
+to calculate the SHA1 digests to be used for comparison.
To change this default behavior
.BR selabel_open (3)
must be called specifying the required
@@ -143,7 +143,7 @@
and
.B TMPFS
filesystems do not support the
-.IR security.restorecon_last
+.IR security.sehash
extended attribute and are automatically excluded from searches.
.IP "4." 4
By default
diff --git a/libselinux/man/man3/selinux_set_mapping.3 b/libselinux/man/man3/selinux_set_mapping.3
index a93f7b2..4624fbc 100644
--- a/libselinux/man/man3/selinux_set_mapping.3
+++ b/libselinux/man/man3/selinux_set_mapping.3
@@ -19,7 +19,19 @@
.
.SH "DESCRIPTION"
.BR selinux_set_mapping ()
-establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system policy. Use of this function is highly preferred over the generated constants in the libselinux header files, as this method allows the policy's class and permission values to change over time.
+establishes a mapping from a user-provided ordering of object classes and permissions to the numbers actually used by the loaded system policy. If using this function, applications should also set a
+.B SELINUX_CB_POLICYLOAD
+callback via
+.BR selinux_set_callback(3)
+that calls this function again upon a policy reload to re-create the mapping
+in case the class or permission values change in the new policy.
+Generally it is preferred to instead use
+.BR selinux_check_access(3)
+instead of
+.BR avc_has_perm(3)
+or
+.BR security_compute_av(3)
+and not use this function at all.
After the mapping is established, all libselinux functions that operate on class and permission values take the user-provided numbers, which are determined as follows:
@@ -81,8 +93,10 @@
class) will be identified by 1, 2, 4, and 8 respectively. Classes and permissions not listed in the mapping cannot be used.
.
.SH "AUTHOR"
-Eamon Walsh <ewalsh@tycho.nsa.gov>
+Originally Eamon Walsh. Updated by Stephen Smalley <sds@tycho.nsa.gov>
.
.SH "SEE ALSO"
-.BR avc_open (8),
+.BR selinux_check_access (3),
+.BR selinux_set_callback (3),
+.BR avc_has_perm (3),
.BR selinux (8)
diff --git a/libselinux/man/man5/booleans.5 b/libselinux/man/man5/booleans.5
deleted file mode 100644
index 2e9caa7..0000000
--- a/libselinux/man/man5/booleans.5
+++ /dev/null
@@ -1,80 +0,0 @@
-.TH "booleans" "5" "28-Nov-2011" "Security Enhanced Linux" "SELinux configuration"
-.SH "NAME"
-booleans \- The SELinux booleans configuration files
-.
-.SH "DESCRIPTION"
-The \fIbooleans\fR file, if present contains booleans to support a specific distribution.
-.sp
-The \fIbooleans.local\fR file, if present contains locally generated booleans.
-.sp
-Both files contain a list of boolean names and their associated values.
-.sp
-Generally the \fIbooleans\fR and/or \fIbooleans.local\fR files are not present (they have been deprecated). However if there is an SELinux-aware application that uses the libselinux functions listed below, then these files may be present:
-.sp
-.RS
-.BR security_set_boolean_list "(3) "
-.RS
-Writes a \fIbooleans.local\fR file if flag \fIpermanent\fR = \fI1\fR.
-.sp
-.RE
-.RE
-.RS
-.BR security_load_booleans "(3) "
-.RS
-Looks for a \fIbooleans\fR and/or \fIbooleans.local\fR file at \fBselinux_booleans_path\fR(3) unless a specific path is specified as a parameter.
-.RE
-.RE
-.sp
-\fBbooleans\fR(8) has details on booleans and \fBsetsebool\fR(8) describes how booleans can now be set persistent across reboots.
-.sp
-\fBselinux_booleans_path\fR(3) will return the active policy path to these files. The default boolean files are:
-.RS
-.I /etc/selinux/{SELINUXTYPE}/booleans
-.br
-.I /etc/selinux/{SELINUXTYPE}/booleans.local
-.RE
-.sp
-Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
-.
-.SH "FILE FORMAT"
-Both boolean files have the same format and contain one or more boolean names and their value.
-.sp
-The format is:
-.RS
-.I boolean_name
-.I value
-.sp
-.RE
-Where:
-.RS
-.I boolean_name
-.RS
-The name of the boolean.
-.RE
-.I value
-.RS
-The default setting for the boolean. This can be one of the following:
-.RS
-.IR true " | " false " | " 1 " | " 0
-.RE
-.RE
-.RE
-.sp
-Note that if
-.B SETLOCALDEFS
-is set in the SELinux
-.I config
-file (see
-.BR selinux_config "(5)), then " selinux_mkload_policy "(3) will check for a "
-.I booleans.local
-file in the
-.BR selinux_booleans_path (3)
-and also a
-.I local.users
-file (see
-.BR local.users "(5)) in the " selinux_users_path "(3). "
-.
-.SH "SEE ALSO"
-.ad l
-.nh
-.BR selinux "(8), " booleans "(8), " setsebool "(8), " semanage "(8), " selinux_booleans_path "(3), " security_set_boolean_list "(3), " security_load_booleans "(3), " selinux_mkload_policy "(3), " selinux_users_path "(3), " selinux_config "(5), " local.users "(5) "
diff --git a/libselinux/man/man5/local.users.5 b/libselinux/man/man5/local.users.5
deleted file mode 100644
index 94d4673..0000000
--- a/libselinux/man/man5/local.users.5
+++ /dev/null
@@ -1,68 +0,0 @@
-.TH "local.users" "5" "28-Nov-2011" "Security Enhanced Linux" "SELinux configuration"
-.SH "NAME"
-local.users \- The SELinux local users configuration file
-.
-.SH "DESCRIPTION"
-The file contains local user definitions in the form of policy language user statements and is only found on older SELinux systems as it has been deprecated and replaced by the \fBsemange\fR(8) services.
-.sp
-This file is only read by \fBselinux_mkload_policy\fR(3) when \fBSETLOCALDEFS\fR in the SELinux \fIconfig\fR file (see \fBselinux_config\fR(5)) is set to \fI1\fR.
-.sp
-.BR selinux_users_path "(3) "
-will return the active policy path to the directory where this file is located. The default local users file is:
-.RS
-.I /etc/selinux/{SELINUXTYPE}/contexts/users/local.users
-.RE
-.sp
-Where \fI{SELINUXTYPE}\fR is the entry from the selinux configuration file \fIconfig\fR (see \fBselinux_config\fR(5)).
-.
-.SH "FILE FORMAT"
-The file consists of one or more entries terminated with '\fB;\fR', each on a separate line as follows:
-.RS
-\fBuser \fIseuser_id \fBroles \fIrole_id\fR [[\fBlevel \fIlevel\fR] [\fBrange \fIrange\fR]]\fB;\fR
-.RE
-.sp
-Where:
-.RS
-.B user
-.RS
-The user keyword.
-.RE
-.I seuser_id
-.RS
-The SELinux user identifier.
-.RE
-.B roles
-.RS
-The roles keyword.
-.RE
-.I role_id
-.RS
-One or more previously declared role identifiers. Multiple role identifiers consist of a space separated list enclosed in braces '{}'.
-.RE
-.B level
-.RS
-If MLS/MCS is configured, the level keyword.
-.RE
-.I level
-.RS
-The users default security level. Note that only the sensitivity component of the level (e.g. s0) is required.
-.RE
-.B range
-.RS
-If MLS/MCS is configured, the range keyword.
-.RE
-.I range
-.RS
-The current and clearance levels that the user can run. These are separated by a hyphen '\fB-\fR' as shown in the \fBEXAMPLE\fR section.
-.RE
-.RE
-.
-.SH "EXAMPLE"
-# ./users/local.users
-.br
-user test_u roles staff_r level s0 range s0 \- s15:c0.c1023;
-.
-.SH "SEE ALSO"
-.ad l
-.nh
-.BR selinux "(8), " semanage "(8), " selinux_users_path "(3), " selinux_config "(5), " selinux_mkload_policy "(3) "
diff --git a/libselinux/man/man5/secolor.conf.5 b/libselinux/man/man5/secolor.conf.5
index b834577..a3bf2da 100644
--- a/libselinux/man/man5/secolor.conf.5
+++ b/libselinux/man/man5/secolor.conf.5
@@ -123,7 +123,7 @@
.br
range s9\-s9:c0.c1023 = black orange
.br
-range s15:c0.c1023 = black yellow
+range s15\-s15:c0.c1023 = black yellow
.RE
.sp
@@ -165,7 +165,7 @@
.br
user sysadm_u = white black
.br
-range s0:c0.c1023 = black white
+range s0-s0:c0.c1023 = black white
.br
user * = black white
.br
diff --git a/libselinux/man/man8/selinux.8 b/libselinux/man/man8/selinux.8
index e37aee6..3136427 100644
--- a/libselinux/man/man8/selinux.8
+++ b/libselinux/man/man8/selinux.8
@@ -10,7 +10,7 @@
including those based on the concepts of Type Enforcement®, Role-
Based Access Control, and Multi-Level Security. Background
information and technical documentation about SELinux can be found at
-http://www.nsa.gov/research/selinux.
+https://github.com/SELinuxProject.
The
.I /etc/selinux/config
diff --git a/libselinux/man/ru/man5/booleans.5 b/libselinux/man/ru/man5/booleans.5
deleted file mode 100644
index 1471e58..0000000
--- a/libselinux/man/ru/man5/booleans.5
+++ /dev/null
@@ -1,83 +0,0 @@
-.TH "booleans" "5" "28 ноября 2011" "Security Enhanced Linux" "Конфигурация SELinux"
-.SH "ИМЯ"
-booleans \- файлы конфигурации логических переключателей SELinux
-.
-.SH "ОПИСАНИЕ"
-Файл \fIbooleans\fR (если имеется) содержит логические переключатели, обеспечивающие поддержку определённого дистрибутива.
-.sp
-Файл \fIbooleans.local\fR (если имеется) содержит созданные локально логические переключатели.
-.sp
-Оба файла содержат список имён логических переключателей и соответствующих этим именам значений.
-.sp
-Обычно файл \fIbooleans\fR и/или файл \fIbooleans.local\fR отсутствуют (они устарели). Но эти файлы могут присутствовать, если имеется приложение, которое поддерживает SELinux и использует перечисленные далее функции libselinux:
-.sp
-.RS
-.BR security_set_boolean_list "(3) "
-.RS
-Записывает файл \fIbooleans.local\fR, если флаг \fIpermanent\fR = \fI1\fR.
-.sp
-.RE
-.RE
-.RS
-.BR security_load_booleans "(3) "
-.RS
-Выполняет поиск файла \fIbooleans\fR и/или файла \fIbooleans.local\fR по адресу \fBselinux_booleans_path\fR(3) (если в качестве параметра не указан конкретный путь).
-.RE
-.RE
-.sp
-\fBbooleans\fR(8) содержит подробные сведения о логических переключателях, а \fBsetsebool\fR(8) - описание того, как установить логические переключатели, которые не будут сбрасываться при перезагрузках.
-.sp
-\fBselinux_booleans_path\fR(3) вернёт путь активной политики к этим файлам. Файлы логических переключателей по умолчанию:
-.RS
-.I /etc/selinux/{SELINUXTYPE}/booleans
-.br
-.I /etc/selinux/{SELINUXTYPE}/booleans.local
-.RE
-.sp
-Где \fI{SELINUXTYPE}\fR - запись из файла конфигурации selinux \fIconfig\fR (см. \fBselinux_config\fR(5)).
-.
-.SH "ФОРМАТ ФАЙЛА"
-Оба файла имеют один и тот же формат и содержат одно или несколько имён логических переключателей и их значения.
-.sp
-Формат:
-.RS
-.I boolean_name
-.I value
-.sp
-.RE
-Где:
-.RS
-.I boolean_name
-.RS
-Имя логического переключателя.
-.RE
-.I value
-.RS
-Значение логического переключателя по умолчанию. Может быть одним из следующих:
-.RS
-.IR true " | " false " | " 1 " | " 0
-.RE
-.RE
-.RE
-.sp
-Если
-.B SETLOCALDEFS
-указано в файле
-.I config
-SELinux (см.
-.BR selinux_config "(5)), то " selinux_mkload_policy "(3) будет проверять наличие файла "
-.I booleans.local
-по адресу
-.BR selinux_booleans_path (3),
-а также файла
-.I local.users
-(см.
-.BR local.users "(5)) по адресу " selinux_users_path "(3). "
-.
-.SH "СМОТРИТЕ ТАКЖЕ"
-.ad l
-.nh
-.BR selinux "(8), " booleans "(8), " setsebool "(8), " semanage "(8), " selinux_booleans_path "(3), " security_set_boolean_list "(3), " security_load_booleans "(3), " selinux_mkload_policy "(3), " selinux_users_path "(3), " selinux_config "(5), " local.users "(5) "
-
-.SH АВТОРЫ
-Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
diff --git a/libselinux/man/ru/man5/local.users.5 b/libselinux/man/ru/man5/local.users.5
deleted file mode 100644
index ca9f201..0000000
--- a/libselinux/man/ru/man5/local.users.5
+++ /dev/null
@@ -1,72 +0,0 @@
-.TH "local.users" "5" "28 ноября 2011" "Security Enhanced Linux" "Конфигурация SELinux"
-.SH "ИМЯ"
-local.users \- файл конфигурации локальных пользователей SELinux
-.
-.SH "ОПИСАНИЕ"
-Файл содержит определения локальных пользователей в виде инструкций пользователей на языке политики. Этот файл имеется только в старых версиях систем SELinux, так как он устарел и был заменён службами \fBsemanage\fR(8).
-.sp
-\fBselinux_mkload_policy\fR(3) выполняет чтение этого файла только тогда, когда для \fBSETLOCALDEFS\fR в файле \fIconfig\fR SELinux (см. \fBselinux_config\fR(5)) установлено значение \fI1\fR.
-.sp
-.BR selinux_users_path "(3) "
-возвращает путь активной политики к каталогу, в котором расположен файл. Файл локальных пользователей по умолчанию:
-.RS
-.I /etc/selinux/{SELINUXTYPE}/contexts/users/local.users
-.RE
-.sp
-Где \fI{SELINUXTYPE}\fR - запись из файла конфигурации selinux \fIconfig\fR (см. \fBselinux_config\fR(5)).
-.
-.SH "ФОРМАТ ФАЙЛА"
-Файл состоит из одной или нескольких записей, которые заканчиваются '\fB;\fR', каждая на отдельной строке:
-.RS
-\fBuser \fIseuser_id \fBroles \fIrole_id\fR [[\fBlevel \fIlevel\fR] [\fBrange \fIrange\fR]]\fB;\fR
-.RE
-.sp
-Где:
-.RS
-.B user
-.RS
-Ключевое слово user (пользователь).
-.RE
-.I seuser_id
-.RS
-Идентификатор пользователя SELinux.
-.RE
-.B roles
-.RS
-Ключевое слово roles (роли).
-.RE
-.I role_id
-.RS
-Один или несколько ранее объявленных идентификаторов ролей. Несколько идентификаторов ролей - это разделённый пробелами список, который заключён в скобки '{}'.
-.RE
-.B level
-.RS
-Если настроена система MLS/MCS, ключевое слово level (уровень).
-.RE
-.I level
-.RS
-Уровень безопасности пользователя по умолчанию. Обратите внимание, что обязательным является только компонент конфиденциальности уровня (например, s0).
-.RE
-.B range
-.RS
-Если настроена система MLS/MCS, ключевое слово range (диапазон).
-.RE
-.I range
-.RS
-Текущий уровень и уровень допуска пользователя. Они разделены дефисом '\fB-\fR' (как показано в разделе \fBПРИМЕР\fR).
-.RE
-.RE
-.
-.SH "ПРИМЕР"
-# ./users/local.users
-.br
-user test_u roles staff_r level s0 range s0 \- s15:c0.c1023;
-.
-.SH "СМОТРИТЕ ТАКЖЕ"
-.ad l
-.nh
-.BR selinux "(8), " semanage "(8), " selinux_users_path "(3), " selinux_config "(5), " selinux_mkload_policy "(3) "
-
-
-.SH АВТОРЫ
-Перевод на русский язык выполнила Герасименко Олеся <gammaray@basealt.ru>.
diff --git a/libselinux/man/ru/man5/secolor.conf.5 b/libselinux/man/ru/man5/secolor.conf.5
index 4c1236a..bcae80c 100644
--- a/libselinux/man/ru/man5/secolor.conf.5
+++ b/libselinux/man/ru/man5/secolor.conf.5
@@ -121,7 +121,7 @@
.br
range s9\-s9:c0.c1023 = black orange
.br
-range s15:c0.c1023 = black yellow
+range s15\-s15:c0.c1023 = black yellow
.RE
.sp
@@ -163,7 +163,7 @@
.br
user sysadm_u = white black
.br
-range s0:c0.c1023 = black white
+range s0\-s0:c0.c1023 = black white
.br
user * = black white
.br
diff --git a/libselinux/man/ru/man8/selinux.8 b/libselinux/man/ru/man8/selinux.8
index 5cc48df..271809d 100644
--- a/libselinux/man/ru/man8/selinux.8
+++ b/libselinux/man/ru/man8/selinux.8
@@ -9,7 +9,7 @@
включая основанные на концепциях Type Enforcement® (принудительное присвоение типов),
Role-Based Access Control (управление доступом на основе ролей) и Multi-Level Security
(многоуровневая безопасность). Дополнительная информация и техническая документация по
-SELinux доступна по адресу http://www.nsa.gov/research/selinux.
+SELinux доступна по адресу https://github.com/SELinuxProject.
Файл конфигурации
.I /etc/selinux/config
diff --git a/libselinux/src/.gitignore b/libselinux/src/.gitignore
index 4dcc3b3..001f20b 100644
--- a/libselinux/src/.gitignore
+++ b/libselinux/src/.gitignore
@@ -1,4 +1,3 @@
selinux.py
-selinuxswig_wrap.c
-selinuxswig_python_exception.i
+selinuxswig_python_wrap.c
selinuxswig_ruby_wrap.c
diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile
index e9ed038..7f5a5d7 100644
--- a/libselinux/src/Makefile
+++ b/libselinux/src/Makefile
@@ -36,7 +36,7 @@
LIBPC=libselinux.pc
SWIGIF= selinuxswig_python.i selinuxswig_python_exception.i
SWIGRUBYIF= selinuxswig_ruby.i
-SWIGCOUT= selinuxswig_wrap.c
+SWIGCOUT= selinuxswig_python_wrap.c
SWIGPYOUT= selinux.py
SWIGRUBYCOUT= selinuxswig_ruby_wrap.c
SWIGLOBJ:= $(patsubst %.c,$(PYPREFIX)%.lo,$(SWIGCOUT))
@@ -55,7 +55,7 @@
LDLIBS_LIBSEPOLA := -l:libsepol.a
endif
-GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) selinuxswig_python_exception.i
+GENERATED=$(SWIGCOUT) $(SWIGRUBYCOUT) $(SWIGCOUT) selinuxswig_python_exception.i
SRCS= $(filter-out $(GENERATED) audit2why.c, $(sort $(wildcard *.c)))
MAX_STACK_SIZE=32768
@@ -125,25 +125,18 @@
SRCS:= $(filter-out label_backends_android.c, $(SRCS))
endif
-SWIG = swig -Wall -python -o $(SWIGCOUT) -outdir ./ $(DISABLE_FLAGS)
-
SWIGRUBY = swig -Wall -ruby -o $(SWIGRUBYCOUT) -outdir ./ $(DISABLE_FLAGS)
all: $(LIBA) $(LIBSO) $(LIBPC)
-pywrap: all $(SWIGFILES) $(AUDIT2WHYSO)
+pywrap: all selinuxswig_python_exception.i
+ CFLAGS="$(CFLAGS) $(SWIG_CFLAGS)" $(PYTHON) setup.py build_ext
rubywrap: all $(SWIGRUBYSO)
-$(SWIGLOBJ): $(SWIGCOUT)
- $(CC) $(CFLAGS) $(SWIG_CFLAGS) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
$(SWIGRUBYLOBJ): $(SWIGRUBYCOUT)
$(CC) $(CFLAGS) $(SWIG_CFLAGS) $(RUBYINC) -fPIC -DSHARED -c -o $@ $<
-$(SWIGSO): $(SWIGLOBJ)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $< -lselinux $(PYLIBS)
-
$(SWIGRUBYSO): $(SWIGRUBYLOBJ)
$(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(RUBYLIBS)
@@ -158,32 +151,18 @@
$(LIBPC): $(LIBPC).in ../VERSION
sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):; s:@PCRE_MODULE@:$(PCRE_MODULE):' < $< > $@
-selinuxswig_python_exception.i: ../include/selinux/selinux.h
+selinuxswig_python_exception.i: exception.sh ../include/selinux/selinux.h
bash -e exception.sh > $@ || (rm -f $@ ; false)
-$(AUDIT2WHYLOBJ): audit2why.c
- $(CC) $(filter-out -Werror, $(CFLAGS)) $(PYINC) -fPIC -DSHARED -c -o $@ $<
-
-$(AUDIT2WHYSO): $(AUDIT2WHYLOBJ) $(LIBSEPOLA)
- $(CC) $(CFLAGS) $(LDFLAGS) -L. -shared -o $@ $^ -lselinux $(LDLIBS_LIBSEPOLA) $(PYLIBS) -Wl,-soname,audit2why.so,--version-script=audit2why.map,-z,defs
-
%.o: %.c policy.h
$(CC) $(CFLAGS) $(TLSFLAGS) -c -o $@ $<
%.lo: %.c policy.h
$(CC) $(CFLAGS) -fPIC -DSHARED -c -o $@ $<
-$(SWIGCOUT): $(SWIGIF)
- $(SWIG) $<
-
-$(SWIGPYOUT): $(SWIGCOUT)
-
$(SWIGRUBYCOUT): $(SWIGRUBYIF)
$(SWIGRUBY) $<
-swigify: $(SWIGIF)
- $(SWIG) $<
-
install: all
test -d $(DESTDIR)$(LIBDIR) || install -m 755 -d $(DESTDIR)$(LIBDIR)
install -m 644 $(LIBA) $(DESTDIR)$(LIBDIR)
@@ -194,10 +173,9 @@
ln -sf --relative $(DESTDIR)$(SHLIBDIR)/$(LIBSO) $(DESTDIR)$(LIBDIR)/$(TARGET)
install-pywrap: pywrap
- test -d $(DESTDIR)$(PYTHONLIBDIR)/selinux || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR)/selinux
- install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
- install -m 755 $(AUDIT2WHYSO) $(DESTDIR)$(PYTHONLIBDIR)/selinux/audit2why$(PYCEXT)
+ $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)`
install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py
+ ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT)
install-rubywrap: rubywrap
test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL)
@@ -208,6 +186,8 @@
clean-pywrap:
-rm -f $(SWIGLOBJ) $(SWIGSO) $(AUDIT2WHYLOBJ) $(AUDIT2WHYSO)
+ $(PYTHON) setup.py clean
+ -rm -rf build *~ \#* *pyc .#*
clean-rubywrap:
-rm -f $(SWIGRUBYLOBJ) $(SWIGRUBYSO)
diff --git a/libselinux/src/avc_internal.c b/libselinux/src/avc_internal.c
index 49cecc9..568a3d9 100644
--- a/libselinux/src/avc_internal.c
+++ b/libselinux/src/avc_internal.c
@@ -23,6 +23,7 @@
#include "callbacks.h"
#include "selinux_netlink.h"
#include "avc_internal.h"
+#include "selinux_internal.h"
#ifndef NETLINK_SELINUX
#define NETLINK_SELINUX 7
@@ -207,6 +208,7 @@
avc_prefix, rc, errno);
return rc;
}
+ selinux_flush_class_cache();
rc = selinux_netlink_policyload(msg->seqno);
if (rc < 0)
return rc;
diff --git a/libselinux/src/booleans.c b/libselinux/src/booleans.c
index ab1e075..ffa8d26 100644
--- a/libselinux/src/booleans.c
+++ b/libselinux/src/booleans.c
@@ -81,8 +81,10 @@
free(namelist);
return rc;
bad_freen:
- for (--i; i >= 0; --i)
- free(n[i]);
+ if (i > 0) {
+ while (i >= 1)
+ free(n[--i]);
+ }
free(n);
bad:
goto out;
@@ -322,175 +324,6 @@
return -1;
}
-static char *strtrim(char *dest, char *source, int size)
-{
- int i = 0;
- char *ptr = source;
- i = 0;
- while (isspace(*ptr) && i < size) {
- ptr++;
- i++;
- }
- strncpy(dest, ptr, size);
- for (i = strlen(dest) - 1; i > 0; i--) {
- if (!isspace(dest[i]))
- break;
- }
- dest[i + 1] = '\0';
- return dest;
-}
-static int process_boolean(char *buffer, char *name, int namesize, int *val)
-{
- char name1[BUFSIZ];
- char *ptr = NULL;
- char *tok;
-
- /* Skip spaces */
- while (isspace(buffer[0]))
- buffer++;
- /* Ignore comments */
- if (buffer[0] == '#')
- return 0;
-
- tok = strtok_r(buffer, "=", &ptr);
- if (!tok) {
- errno = EINVAL;
- return -1;
- }
- strncpy(name1, tok, BUFSIZ - 1);
- strtrim(name, name1, namesize - 1);
-
- tok = strtok_r(NULL, "\0", &ptr);
- if (!tok) {
- errno = EINVAL;
- return -1;
- }
-
- while (isspace(*tok))
- tok++;
-
- *val = -1;
- if (isdigit(tok[0]))
- *val = atoi(tok);
- else if (!strncasecmp(tok, "true", sizeof("true") - 1))
- *val = 1;
- else if (!strncasecmp(tok, "false", sizeof("false") - 1))
- *val = 0;
- if (*val != 0 && *val != 1) {
- errno = EINVAL;
- return -1;
- }
- return 1;
-}
-static int save_booleans(size_t boolcnt, SELboolean * boollist)
-{
- ssize_t len;
- size_t i;
- char outbuf[BUFSIZ];
- char *inbuf = NULL;
-
- /* Open file */
- const char *bool_file = selinux_booleans_path();
- char local_bool_file[PATH_MAX];
- char tmp_bool_file[PATH_MAX];
- FILE *boolf;
- int fd;
- int *used = (int *)malloc(sizeof(int) * boolcnt);
- if (!used) {
- return -1;
- }
- /* zero out used field */
- for (i = 0; i < boolcnt; i++)
- used[i] = 0;
-
- snprintf(tmp_bool_file, sizeof(tmp_bool_file), "%s.XXXXXX", bool_file);
- fd = mkstemp(tmp_bool_file);
- if (fd < 0) {
- free(used);
- return -1;
- }
-
- snprintf(local_bool_file, sizeof(local_bool_file), "%s.local",
- bool_file);
- boolf = fopen(local_bool_file, "re");
- if (boolf != NULL) {
- ssize_t ret;
- size_t size = 0;
- int val;
- char boolname[BUFSIZ-3];
- char *buffer;
- inbuf = NULL;
- __fsetlocking(boolf, FSETLOCKING_BYCALLER);
- while ((len = getline(&inbuf, &size, boolf)) > 0) {
- buffer = strdup(inbuf);
- if (!buffer)
- goto close_remove_fail;
- ret =
- process_boolean(inbuf, boolname, sizeof(boolname),
- &val);
- if (ret != 1) {
- ret = write(fd, buffer, len);
- free(buffer);
- if (ret != len)
- goto close_remove_fail;
- } else {
- free(buffer);
- for (i = 0; i < boolcnt; i++) {
- if (strcmp(boollist[i].name, boolname)
- == 0) {
- snprintf(outbuf, sizeof(outbuf),
- "%s=%d\n", boolname,
- boollist[i].value);
- len = strlen(outbuf);
- used[i] = 1;
- if (write(fd, outbuf, len) !=
- len)
- goto close_remove_fail;
- else
- break;
- }
- }
- if (i == boolcnt) {
- val = !!val;
- snprintf(outbuf, sizeof(outbuf),
- "%s=%d\n", boolname, val);
- len = strlen(outbuf);
- if (write(fd, outbuf, len) != len)
- goto close_remove_fail;
- }
- }
- free(inbuf);
- inbuf = NULL;
- }
- fclose(boolf);
- }
-
- for (i = 0; i < boolcnt; i++) {
- if (used[i] == 0) {
- snprintf(outbuf, sizeof(outbuf), "%s=%d\n",
- boollist[i].name, boollist[i].value);
- len = strlen(outbuf);
- if (write(fd, outbuf, len) != len) {
- close_remove_fail:
- free(inbuf);
- close(fd);
- remove_fail:
- unlink(tmp_bool_file);
- free(used);
- return -1;
- }
- }
-
- }
- if (fchmod(fd, S_IRUSR | S_IWUSR) != 0)
- goto close_remove_fail;
- close(fd);
- if (rename(tmp_bool_file, local_bool_file) != 0)
- goto remove_fail;
-
- free(used);
- return 0;
-}
static void rollback(SELboolean * boollist, int end)
{
int i;
@@ -519,62 +352,18 @@
return -1;
}
+ /* Return error as flag no longer used */
if (permanent)
- return save_booleans(boolcnt, boollist);
+ return -1;
return 0;
}
-int security_load_booleans(char *path)
+
+/* This function is deprecated */
+int security_load_booleans(char *path __attribute__((unused)))
{
- FILE *boolf;
- char *inbuf;
- char localbools[BUFSIZ];
- size_t len = 0, errors = 0;
- int val;
- char name[BUFSIZ];
-
- boolf = fopen(path ? path : selinux_booleans_path(), "re");
- if (boolf == NULL)
- goto localbool;
-
- __fsetlocking(boolf, FSETLOCKING_BYCALLER);
- while (getline(&inbuf, &len, boolf) > 0) {
- int ret = process_boolean(inbuf, name, sizeof(name), &val);
- if (ret == -1)
- errors++;
- if (ret == 1)
- if (security_set_boolean(name, val) < 0) {
- errors++;
- }
- }
- fclose(boolf);
- localbool:
- snprintf(localbools, sizeof(localbools), "%s.local",
- (path ? path : selinux_booleans_path()));
- boolf = fopen(localbools, "re");
-
- if (boolf != NULL) {
- int ret;
- __fsetlocking(boolf, FSETLOCKING_BYCALLER);
- while (getline(&inbuf, &len, boolf) > 0) {
- ret = process_boolean(inbuf, name, sizeof(name), &val);
- if (ret == -1)
- errors++;
- if (ret == 1)
- if (security_set_boolean(name, val) < 0) {
- errors++;
- }
- }
- fclose(boolf);
- }
- if (security_commit_booleans() < 0)
- return -1;
-
- if (errors)
- errno = EINVAL;
- return errors ? -1 : 0;
+ return -1;
}
-
#else
#include <stdlib.h>
diff --git a/libselinux/src/checkAccess.c b/libselinux/src/checkAccess.c
index 16bfcfb..7227ffe 100644
--- a/libselinux/src/checkAccess.c
+++ b/libselinux/src/checkAccess.c
@@ -10,25 +10,12 @@
static pthread_once_t once = PTHREAD_ONCE_INIT;
static int selinux_enabled;
-static int avc_reset_callback(uint32_t event __attribute__((unused)),
- security_id_t ssid __attribute__((unused)),
- security_id_t tsid __attribute__((unused)),
- security_class_t tclass __attribute__((unused)),
- access_vector_t perms __attribute__((unused)),
- access_vector_t *out_retained __attribute__((unused)))
-{
- flush_class_cache();
- return 0;
-}
-
static void avc_init_once(void)
{
selinux_enabled = is_selinux_enabled();
if (selinux_enabled == 1) {
if (avc_open(NULL, 0))
return;
- avc_add_callback(avc_reset_callback, AVC_CALLBACK_RESET,
- 0, 0, 0, 0);
}
}
diff --git a/libselinux/src/exception.sh b/libselinux/src/exception.sh
index d6c8c71..33ceef8 100755
--- a/libselinux/src/exception.sh
+++ b/libselinux/src/exception.sh
@@ -5,7 +5,7 @@
*)
echo "
%exception $1 {
- \$action
+ \$action
if (result < 0) {
PyErr_SetFromErrno(PyExc_OSError);
SWIG_fail;
@@ -15,10 +15,10 @@
;;
esac
}
-if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h
+if ! ${CC:-gcc} -x c -c -I../include -o temp.o - -aux-info temp.aux < ../include/selinux/selinux.h
then
# clang does not support -aux-info so fall back to gcc
- gcc -x c -c -I../include - -aux-info temp.aux < ../include/selinux/selinux.h
+ gcc -x c -c -I../include -o temp.o - -aux-info temp.aux < ../include/selinux/selinux.h
fi
for i in `awk '/<stdin>.*extern int/ { print $6 }' temp.aux`; do except $i ; done
-rm -f -- temp.aux -.o
+rm -f -- temp.aux temp.o
diff --git a/libselinux/src/file_path_suffixes.h b/libselinux/src/file_path_suffixes.h
index 2d3ca49..a557313 100644
--- a/libselinux/src/file_path_suffixes.h
+++ b/libselinux/src/file_path_suffixes.h
@@ -8,10 +8,12 @@
S_(FAILSAFE_CONTEXT, "/contexts/failsafe_context")
S_(DEFAULT_TYPE, "/contexts/default_type")
S_(SECURETTY_TYPES, "/contexts/securetty_types")
+ /* BOOLEANS is deprecated */
S_(BOOLEANS, "/booleans")
S_(MEDIA_CONTEXTS, "/contexts/files/media")
S_(REMOVABLE_CONTEXT, "/contexts/removable_context")
S_(CUSTOMIZABLE_TYPES, "/contexts/customizable_types")
+ /* USERS_DIR is deprecated */
S_(USERS_DIR, "/users/")
S_(SEUSERS, "/seusers")
S_(TRANSLATIONS, "/setrans.conf")
diff --git a/libselinux/src/label.c b/libselinux/src/label.c
index e232eb1..eac6e36 100644
--- a/libselinux/src/label.c
+++ b/libselinux/src/label.c
@@ -282,6 +282,21 @@
return rec->func_partial_match(rec, key);
}
+bool selabel_get_digests_all_partial_matches(struct selabel_handle *rec,
+ const char *key,
+ uint8_t **calculated_digest,
+ uint8_t **xattr_digest,
+ size_t *digest_len)
+{
+ if (!rec->func_get_digests_all_partial_matches)
+ return false;
+
+ return rec->func_get_digests_all_partial_matches(rec, key,
+ calculated_digest,
+ xattr_digest,
+ digest_len);
+}
+
bool selabel_hash_all_partial_matches(struct selabel_handle *rec,
const char *key, uint8_t *digest) {
if (!rec->func_hash_all_partial_matches) {
diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c
index 7bc2dac..280430b 100644
--- a/libselinux/src/label_file.c
+++ b/libselinux/src/label_file.c
@@ -247,7 +247,7 @@
uint32_t stem_len;
int newid;
- /* the length does not inlude the nul */
+ /* the length does not include the nul */
rc = next_entry(&stem_len, mmap_area, sizeof(uint32_t));
if (rc < 0 || !stem_len) {
rc = -1;
@@ -896,10 +896,10 @@
// the allocated array and updates the match count. If match_count is NULL,
// stops early once the 1st match is found.
static const struct spec **lookup_all(struct selabel_handle *rec,
- const char *key,
- int type,
- bool partial,
- size_t *match_count)
+ const char *key,
+ int type,
+ bool partial,
+ size_t *match_count)
{
struct saved_data *data = (struct saved_data *)rec->data;
struct spec *spec_arr = data->spec_arr;
@@ -918,7 +918,8 @@
result = calloc(1, sizeof(struct spec*));
}
if (!result) {
- selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
+ selinux_log(SELINUX_ERROR, "Failed to allocate %zu bytes of data\n",
+ data->nspec * sizeof(struct spec*));
goto finish;
}
@@ -1009,9 +1010,9 @@
}
static struct spec *lookup_common(struct selabel_handle *rec,
- const char *key,
- int type,
- bool partial) {
+ const char *key,
+ int type,
+ bool partial) {
const struct spec **matches = lookup_all(rec, key, type, partial, NULL);
if (!matches) {
return NULL;
@@ -1021,6 +1022,59 @@
return result;
}
+/*
+ * Returns true if the digest of all partial matched contexts is the same as
+ * the one saved by setxattr, otherwise returns false. The length of the SHA1
+ * digest will always be returned. The caller must free any returned digests.
+ */
+static bool get_digests_all_partial_matches(struct selabel_handle *rec,
+ const char *pathname,
+ uint8_t **calculated_digest,
+ uint8_t **xattr_digest,
+ size_t *digest_len)
+{
+ uint8_t read_digest[SHA1_HASH_SIZE];
+ ssize_t read_size = getxattr(pathname, RESTORECON_PARTIAL_MATCH_DIGEST,
+ read_digest, SHA1_HASH_SIZE
+#ifdef __APPLE__
+ , 0, 0
+#endif /* __APPLE __ */
+ );
+ uint8_t hash_digest[SHA1_HASH_SIZE];
+ bool status = selabel_hash_all_partial_matches(rec, pathname,
+ hash_digest);
+
+ *xattr_digest = NULL;
+ *calculated_digest = NULL;
+ *digest_len = SHA1_HASH_SIZE;
+
+ if (read_size == SHA1_HASH_SIZE) {
+ *xattr_digest = calloc(1, SHA1_HASH_SIZE + 1);
+ if (!*xattr_digest)
+ goto oom;
+
+ memcpy(*xattr_digest, read_digest, SHA1_HASH_SIZE);
+ }
+
+ if (status) {
+ *calculated_digest = calloc(1, SHA1_HASH_SIZE + 1);
+ if (!*calculated_digest)
+ goto oom;
+
+ memcpy(*calculated_digest, hash_digest, SHA1_HASH_SIZE);
+ }
+
+ if (status && read_size == SHA1_HASH_SIZE &&
+ memcmp(read_digest, hash_digest, SHA1_HASH_SIZE) == 0)
+ return true;
+
+ return false;
+
+oom:
+ selinux_log(SELINUX_ERROR, "SELinux: %s: Out of memory\n", __func__);
+ return false;
+}
+
static bool hash_all_partial_matches(struct selabel_handle *rec, const char *key, uint8_t *digest)
{
assert(digest);
@@ -1036,11 +1090,11 @@
size_t i;
for (i = 0; i < total_matches; i++) {
char* regex_str = matches[i]->regex_str;
- uint32_t mode = matches[i]->mode;
+ mode_t mode = matches[i]->mode;
char* ctx_raw = matches[i]->lr.ctx_raw;
Sha1Update(&context, regex_str, strlen(regex_str) + 1);
- Sha1Update(&context, &mode, sizeof(uint32_t));
+ Sha1Update(&context, &mode, sizeof(mode_t));
Sha1Update(&context, ctx_raw, strlen(ctx_raw) + 1);
}
@@ -1249,6 +1303,8 @@
rec->func_stats = &stats;
rec->func_lookup = &lookup;
rec->func_partial_match = &partial_match;
+ rec->func_get_digests_all_partial_matches =
+ &get_digests_all_partial_matches;
rec->func_hash_all_partial_matches = &hash_all_partial_matches;
rec->func_lookup_best_match = &lookup_best_match;
rec->func_cmp = &cmp;
diff --git a/libselinux/src/label_file.h b/libselinux/src/label_file.h
index 6f4ee10..baed334 100644
--- a/libselinux/src/label_file.h
+++ b/libselinux/src/label_file.h
@@ -6,6 +6,7 @@
#include <string.h>
#include <sys/stat.h>
+#include <sys/xattr.h>
/*
* regex.h/c were introduced to hold all dependencies on the regular
@@ -31,6 +32,9 @@
#define SELINUX_COMPILED_FCONTEXT_MAX_VERS \
SELINUX_COMPILED_FCONTEXT_REGEX_ARCH
+/* Required selinux_restorecon and selabel_get_digests_all_partial_matches() */
+#define RESTORECON_PARTIAL_MATCH_DIGEST "security.sehash"
+
struct selabel_sub {
char *src;
int slen;
@@ -41,7 +45,7 @@
/* A file security context specification. */
struct spec {
struct selabel_lookup_rec lr; /* holds contexts for lookup result */
- char *regex_str; /* regular expession string for diagnostics */
+ char *regex_str; /* regular expression string for diagnostics */
char *type_str; /* type string for diagnostic messages */
struct regex_data * regex; /* backend dependent regular expression data */
bool regex_compiled; /* bool to indicate if the regex is compiled */
diff --git a/libselinux/src/label_internal.h b/libselinux/src/label_internal.h
index 8add71a..74bf9e0 100644
--- a/libselinux/src/label_internal.h
+++ b/libselinux/src/label_internal.h
@@ -87,6 +87,11 @@
void (*func_close) (struct selabel_handle *h);
void (*func_stats) (struct selabel_handle *h);
bool (*func_partial_match) (struct selabel_handle *h, const char *key);
+ bool (*func_get_digests_all_partial_matches) (struct selabel_handle *h,
+ const char *key,
+ uint8_t **calculated_digest,
+ uint8_t **xattr_digest,
+ size_t *digest_len);
bool (*func_hash_all_partial_matches) (struct selabel_handle *h,
const char *key, uint8_t *digest);
struct selabel_lookup_rec *(*func_lookup_best_match)
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index 20052be..9e75292 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -48,22 +48,18 @@
hidden_def(security_load_policy)
#ifndef ANDROID
-int load_setlocaldefs hidden = 1;
-
#undef max
#define max(a, b) (((a) > (b)) ? (a) : (b))
-int selinux_mkload_policy(int preservebools)
+int selinux_mkload_policy(int preservebools __attribute__((unused)))
{
int kernvers = security_policyvers();
int maxvers = kernvers, minvers = DEFAULT_POLICY_VERSION, vers;
- int setlocaldefs = load_setlocaldefs;
char path[PATH_MAX];
struct stat sb;
- struct utsname uts;
size_t size;
void *map, *data;
- int fd, rc = -1, prot;
+ int fd, rc = -1;
sepol_policydb_t *policydb;
sepol_policy_file_t *pf;
int usesepol = 0;
@@ -77,9 +73,6 @@
int (*policydb_read)(sepol_policydb_t *, sepol_policy_file_t *) = NULL;
int (*policydb_set_vers)(sepol_policydb_t *, unsigned int) = NULL;
int (*policydb_to_image)(sepol_handle_t *, sepol_policydb_t *, void **, size_t *) = NULL;
- int (*genbools_array)(void *data, size_t len, char **names, int *values, int nel) = NULL;
- int (*genusers)(void *data, size_t len, const char *usersdir, void **newdata, size_t * newlen) = NULL;
- int (*genbools)(void *data, size_t len, const char *boolpath) = NULL;
#ifdef SHARED
char *errormsg = NULL;
@@ -110,13 +103,6 @@
DLERR();
policydb_to_image = dlsym(libsepolh, "sepol_policydb_to_image");
DLERR();
- genbools_array = dlsym(libsepolh, "sepol_genbools_array");
- DLERR();
- genusers = dlsym(libsepolh, "sepol_genusers");
- DLERR();
- genbools = dlsym(libsepolh, "sepol_genbools");
- DLERR();
-
#undef DLERR
}
#else
@@ -131,42 +117,11 @@
policydb_read = sepol_policydb_read;
policydb_set_vers = sepol_policydb_set_vers;
policydb_to_image = sepol_policydb_to_image;
- genbools_array = sepol_genbools_array;
- genusers = sepol_genusers;
- genbools = sepol_genbools;
-
#endif
- /*
- * Check whether we need to support local boolean and user definitions.
- */
- if (setlocaldefs) {
- if (access(selinux_booleans_path(), F_OK) == 0)
- goto checkbool;
- snprintf(path, sizeof path, "%s.local", selinux_booleans_path());
- if (access(path, F_OK) == 0)
- goto checkbool;
- snprintf(path, sizeof path, "%s/local.users", selinux_users_path());
- if (access(path, F_OK) == 0)
- goto checkbool;
- /* No local definition files, so disable setlocaldefs. */
- setlocaldefs = 0;
- }
-
-checkbool:
- /*
- * As of Linux 2.6.22, the kernel preserves boolean
- * values across a reload, so we do not need to
- * preserve them in userspace.
- */
- if (preservebools && uname(&uts) == 0 && strverscmp(uts.release, "2.6.22") >= 0)
- preservebools = 0;
-
if (usesepol) {
- maxvers = vers_max();
+ maxvers = max(kernvers, vers_max());
minvers = vers_min();
- if (!setlocaldefs && !preservebools)
- maxvers = max(kernvers, maxvers);
}
vers = maxvers;
@@ -195,12 +150,8 @@
goto close;
}
- prot = PROT_READ;
- if (setlocaldefs || preservebools)
- prot |= PROT_WRITE;
-
size = sb.st_size;
- data = map = mmap(NULL, size, prot, MAP_PRIVATE, fd, 0);
+ data = map = mmap(NULL, size, PROT_READ, MAP_PRIVATE, fd, 0);
if (map == MAP_FAILED) {
fprintf(stderr,
"SELinux: Could not map policy file %s: %s\n",
@@ -239,49 +190,6 @@
policydb_free(policydb);
}
- if (usesepol) {
- if (setlocaldefs) {
- void *olddata = data;
- size_t oldsize = size;
- rc = genusers(olddata, oldsize, selinux_users_path(),
- &data, &size);
- if (rc < 0) {
- /* Fall back to the prior image if genusers failed. */
- data = olddata;
- size = oldsize;
- rc = 0;
- } else {
- if (olddata != map)
- free(olddata);
- }
- }
-
- if (preservebools) {
- int *values, len, i;
- char **names;
- rc = security_get_boolean_names(&names, &len);
- if (!rc) {
- values = malloc(sizeof(int) * len);
- if (!values) {
- free(names);
- goto unmap;
- }
- for (i = 0; i < len; i++)
- values[i] =
- security_get_boolean_active(names[i]);
- (void)genbools_array(data, size, names, values,
- len);
- free(values);
- for (i = 0; i < len; i++)
- free(names[i]);
- free(names);
- }
- } else if (setlocaldefs) {
- (void)genbools(data, size, selinux_booleans_path());
- }
- }
-
-
rc = security_load_policy(data, size);
if (rc)
diff --git a/libselinux/src/regex.c b/libselinux/src/regex.c
index a6fcbbf..770bc3e 100644
--- a/libselinux/src/regex.c
+++ b/libselinux/src/regex.c
@@ -519,6 +519,29 @@
if (pos >= buf_size)
goto truncated;
+ /* Return early if there is no error to format */
+#ifdef USE_PCRE2
+ if (!error_data->error_code) {
+ rc = snprintf(buffer + pos, buf_size - pos, "no error code");
+ if (rc < 0)
+ abort();
+ pos += rc;
+ if (pos >= buf_size)
+ goto truncated;
+ return;
+ }
+#else
+ if (!error_data->error_buffer) {
+ rc = snprintf(buffer + pos, buf_size - pos, "empty error");
+ if (rc < 0)
+ abort();
+ pos += rc;
+ if (pos >= buf_size)
+ goto truncated;
+ return;
+ }
+#endif
+
if (error_data->error_offset > 0) {
#ifdef USE_PCRE2
rc = snprintf(buffer + pos, buf_size - pos, "At offset %zu: ",
@@ -529,10 +552,10 @@
#endif
if (rc < 0)
abort();
+ pos += rc;
+ if (pos >= buf_size)
+ goto truncated;
}
- pos += rc;
- if (pos >= buf_size)
- goto truncated;
#ifdef USE_PCRE2
rc = pcre2_get_error_message(error_data->error_code,
diff --git a/libselinux/src/regex.h b/libselinux/src/regex.h
index eb8ca50..6732b34 100644
--- a/libselinux/src/regex.h
+++ b/libselinux/src/regex.h
@@ -159,8 +159,8 @@
* the buffer.
*
* @arg error_data Error data as returned by regex_prepare_data.
- * @arg buffer String buffer to hold the formated error string.
- * @arg buf_size Total size of the given bufer in bytes.
+ * @arg buffer String buffer to hold the formatted error string.
+ * @arg buf_size Total size of the given buffer in bytes.
*/
void regex_format_error(struct regex_error_data const *error_data, char *buffer,
size_t buf_size) hidden;
diff --git a/libselinux/src/selinux_config.c b/libselinux/src/selinux_config.c
index b06cb63..b16a385 100644
--- a/libselinux/src/selinux_config.c
+++ b/libselinux/src/selinux_config.c
@@ -16,7 +16,6 @@
#define SELINUXDEFAULT "targeted"
#define SELINUXTYPETAG "SELINUXTYPE="
#define SELINUXTAG "SELINUX="
-#define SETLOCALDEFS "SETLOCALDEFS="
#define REQUIRESEUSERS "REQUIRESEUSERS="
/* Indices for file paths arrays. */
@@ -28,10 +27,12 @@
#define USER_CONTEXTS 5
#define FAILSAFE_CONTEXT 6
#define DEFAULT_TYPE 7
+/* BOOLEANS is deprecated */
#define BOOLEANS 8
#define MEDIA_CONTEXTS 9
#define REMOVABLE_CONTEXT 10
#define CUSTOMIZABLE_TYPES 11
+/* USERS_DIR is deprecated */
#define USERS_DIR 12
#define SEUSERS 13
#define TRANSLATIONS 14
@@ -192,10 +193,6 @@
}
free(type);
continue;
- } else if (!strncmp(buf_p, SETLOCALDEFS,
- sizeof(SETLOCALDEFS) - 1)) {
- value = buf_p + sizeof(SETLOCALDEFS) - 1;
- intptr = &load_setlocaldefs;
} else if (!strncmp(buf_p, REQUIRESEUSERS,
sizeof(REQUIRESEUSERS) - 1)) {
value = buf_p + sizeof(REQUIRESEUSERS) - 1;
@@ -410,6 +407,7 @@
hidden_def(selinux_user_contexts_path)
+/* Deprecated as local policy booleans no longer supported. */
const char *selinux_booleans_path(void)
{
return get_path(BOOLEANS);
@@ -417,6 +415,7 @@
hidden_def(selinux_booleans_path)
+/* Deprecated as no longer supported. */
const char *selinux_users_path(void)
{
return get_path(USERS_DIR);
diff --git a/libselinux/src/selinux_internal.h b/libselinux/src/selinux_internal.h
index acd59c7..61b78aa 100644
--- a/libselinux/src/selinux_internal.h
+++ b/libselinux/src/selinux_internal.h
@@ -107,10 +107,8 @@
hidden_proto(security_get_initial_context);
hidden_proto(security_get_initial_context_raw);
hidden_proto(selinux_reset_config);
+hidden_proto(selinux_flush_class_cache);
-hidden void flush_class_cache(void);
-
-extern int load_setlocaldefs hidden;
extern int require_seusers hidden;
extern int selinux_page_size hidden;
diff --git a/libselinux/src/selinux_restorecon.c b/libselinux/src/selinux_restorecon.c
index 5f18923..028d892 100644
--- a/libselinux/src/selinux_restorecon.c
+++ b/libselinux/src/selinux_restorecon.c
@@ -36,17 +36,13 @@
#include "callbacks.h"
#include "selinux_internal.h"
-
-#define RESTORECON_LAST "security.restorecon_last"
-
-#define SYS_PATH "/sys"
-#define SYS_PREFIX SYS_PATH "/"
+#include "label_file.h"
+#include "sha1.h"
#define STAR_COUNT 1024
static struct selabel_handle *fc_sehandle = NULL;
-static unsigned char *fc_digest = NULL;
-static size_t fc_digest_len = 0;
+static bool selabel_no_digest;
static char *rootpath = NULL;
static int rootpathlen;
@@ -77,7 +73,6 @@
bool mass_relabel;
bool set_specctx;
bool add_assoc;
- bool ignore_digest;
bool recurse;
bool userealpath;
bool set_xdev;
@@ -299,57 +294,60 @@
bool delete_all)
{
char *sha1_buf = NULL;
- unsigned char *xattr_value = NULL;
- ssize_t xattr_size;
- size_t i;
+ size_t i, digest_len = 0;
int rc, digest_result;
struct dir_xattr *new_entry;
+ uint8_t *xattr_digest = NULL;
+ uint8_t *calculated_digest = NULL;
if (!directory) {
errno = EINVAL;
return -1;
}
- xattr_value = malloc(fc_digest_len);
- if (!xattr_value)
- goto oom;
+ selabel_get_digests_all_partial_matches(fc_sehandle, directory,
+ &calculated_digest,
+ &xattr_digest, &digest_len);
- xattr_size = getxattr(directory, RESTORECON_LAST, xattr_value,
- fc_digest_len);
- if (xattr_size < 0) {
- free(xattr_value);
+ if (!xattr_digest || !digest_len) {
+ free(calculated_digest);
return 1;
}
/* Convert entry to a hex encoded string. */
- sha1_buf = malloc(xattr_size * 2 + 1);
+ sha1_buf = malloc(digest_len * 2 + 1);
if (!sha1_buf) {
- free(xattr_value);
+ free(xattr_digest);
+ free(calculated_digest);
goto oom;
}
- for (i = 0; i < (size_t)xattr_size; i++)
- sprintf((&sha1_buf[i * 2]), "%02x", xattr_value[i]);
+ for (i = 0; i < digest_len; i++)
+ sprintf((&sha1_buf[i * 2]), "%02x", xattr_digest[i]);
- rc = memcmp(fc_digest, xattr_value, fc_digest_len);
+ rc = memcmp(calculated_digest, xattr_digest, digest_len);
digest_result = rc ? NOMATCH : MATCH;
if ((delete_nonmatch && rc != 0) || delete_all) {
digest_result = rc ? DELETED_NOMATCH : DELETED_MATCH;
- rc = removexattr(directory, RESTORECON_LAST);
+ rc = removexattr(directory, RESTORECON_PARTIAL_MATCH_DIGEST);
if (rc) {
selinux_log(SELINUX_ERROR,
"Error: %s removing xattr \"%s\" from: %s\n",
- strerror(errno), RESTORECON_LAST, directory);
+ strerror(errno),
+ RESTORECON_PARTIAL_MATCH_DIGEST, directory);
digest_result = ERROR;
}
}
- free(xattr_value);
+ free(xattr_digest);
+ free(calculated_digest);
/* Now add entries to link list. */
new_entry = malloc(sizeof(struct dir_xattr));
- if (!new_entry)
+ if (!new_entry) {
+ free(sha1_buf);
goto oom;
+ }
new_entry->next = NULL;
new_entry->directory = strdup(directory);
@@ -736,18 +734,78 @@
goto out1;
}
+struct dir_hash_node {
+ char *path;
+ uint8_t digest[SHA1_HASH_SIZE];
+ struct dir_hash_node *next;
+};
+/*
+ * Returns true if the digest of all partial matched contexts is the same as
+ * the one saved by setxattr. Otherwise returns false and constructs a
+ * dir_hash_node with the newly calculated digest.
+ */
+static bool check_context_match_for_dir(const char *pathname,
+ struct dir_hash_node **new_node,
+ int error)
+{
+ bool status;
+ size_t digest_len = 0;
+ uint8_t *read_digest = NULL;
+ uint8_t *calculated_digest = NULL;
+
+ if (!new_node)
+ return false;
+
+ *new_node = NULL;
+
+ /* status = true if digests match, false otherwise. */
+ status = selabel_get_digests_all_partial_matches(fc_sehandle, pathname,
+ &calculated_digest,
+ &read_digest,
+ &digest_len);
+
+ if (status)
+ goto free;
+
+ /* Save digest of all matched contexts for the current directory. */
+ if (!error && calculated_digest) {
+ *new_node = calloc(1, sizeof(struct dir_hash_node));
+
+ if (!*new_node)
+ goto oom;
+
+ (*new_node)->path = strdup(pathname);
+
+ if (!(*new_node)->path) {
+ free(*new_node);
+ *new_node = NULL;
+ goto oom;
+ }
+ memcpy((*new_node)->digest, calculated_digest, digest_len);
+ (*new_node)->next = NULL;
+ }
+
+free:
+ free(calculated_digest);
+ free(read_digest);
+ return status;
+
+oom:
+ selinux_log(SELINUX_ERROR, "%s: Out of memory\n", __func__);
+ goto free;
+}
+
+
/*
* Public API
*/
/* selinux_restorecon(3) - Main function that is responsible for labeling */
int selinux_restorecon(const char *pathname_orig,
- unsigned int restorecon_flags)
+ unsigned int restorecon_flags)
{
struct rest_flags flags;
- flags.ignore_digest = (restorecon_flags &
- SELINUX_RESTORECON_IGNORE_DIGEST) ? true : false;
flags.nochange = (restorecon_flags &
SELINUX_RESTORECON_NOCHANGE) ? true : false;
flags.verbose = (restorecon_flags &
@@ -777,10 +835,10 @@
flags.warnonnomatch = true;
ignore_mounts = (restorecon_flags &
SELINUX_RESTORECON_IGNORE_MOUNTS) ? true : false;
+ bool ignore_digest = (restorecon_flags &
+ SELINUX_RESTORECON_IGNORE_DIGEST) ? true : false;
+ bool setrestorecondigest = true;
- bool issys;
- bool setrestoreconlast = true; /* TRUE = set xattr RESTORECON_LAST
- * FALSE = don't use xattr */
struct stat sb;
struct statfs sfsb;
FTS *fts;
@@ -788,9 +846,9 @@
char *pathname = NULL, *pathdnamer = NULL, *pathdname, *pathbname;
char *paths[2] = { NULL, NULL };
int fts_flags, error, sverrno;
- char *xattr_value = NULL;
- ssize_t size;
dev_t dev_num = 0;
+ struct dir_hash_node *current = NULL;
+ struct dir_hash_node *head = NULL;
if (flags.verbose && flags.progress)
flags.verbose = false;
@@ -800,11 +858,13 @@
if (!fc_sehandle)
return -1;
- if (fc_digest_len) {
- xattr_value = malloc(fc_digest_len);
- if (!xattr_value)
- return -1;
- }
+ /*
+ * If selabel_no_digest = true then no digest has been requested by
+ * an external selabel_open(3) call.
+ */
+ if (selabel_no_digest ||
+ (restorecon_flags & SELINUX_RESTORECON_SKIP_DIGEST))
+ setrestorecondigest = false;
/*
* Convert passed-in pathname to canonical pathname by resolving
@@ -853,13 +913,9 @@
}
paths[0] = pathname;
- issys = (!strcmp(pathname, SYS_PATH) ||
- !strncmp(pathname, SYS_PREFIX,
- sizeof(SYS_PREFIX) - 1)) ? true : false;
if (lstat(pathname, &sb) < 0) {
if (flags.ignore_noent && errno == ENOENT) {
- free(xattr_value);
free(pathdnamer);
free(pathname);
return 0;
@@ -872,9 +928,9 @@
}
}
- /* Ignore restoreconlast if not a directory */
+ /* Skip digest if not a directory */
if ((sb.st_mode & S_IFDIR) != S_IFDIR)
- setrestoreconlast = false;
+ setrestorecondigest = false;
if (!flags.recurse) {
if (check_excluded(pathname)) {
@@ -886,30 +942,19 @@
goto cleanup;
}
- /* Ignore restoreconlast on /sys */
- if (issys)
- setrestoreconlast = false;
-
- /* Ignore restoreconlast on in-memory filesystems */
- if (setrestoreconlast && statfs(pathname, &sfsb) == 0) {
- if (sfsb.f_type == RAMFS_MAGIC || sfsb.f_type == TMPFS_MAGIC)
- setrestoreconlast = false;
+ /* Obtain fs type */
+ if (statfs(pathname, &sfsb) < 0) {
+ selinux_log(SELINUX_ERROR,
+ "statfs(%s) failed: %s\n",
+ pathname, strerror(errno));
+ error = -1;
+ goto cleanup;
}
- if (setrestoreconlast) {
- size = getxattr(pathname, RESTORECON_LAST, xattr_value,
- fc_digest_len);
-
- if (!flags.ignore_digest && (size_t)size == fc_digest_len &&
- memcmp(fc_digest, xattr_value, fc_digest_len)
- == 0) {
- selinux_log(SELINUX_INFO,
- "Skipping restorecon as matching digest on: %s\n",
- pathname);
- error = 0;
- goto cleanup;
- }
- }
+ /* Skip digest on in-memory filesystems and /sys */
+ if (sfsb.f_type == RAMFS_MAGIC || sfsb.f_type == TMPFS_MAGIC ||
+ sfsb.f_type == SYSFS_MAGIC)
+ setrestorecondigest = false;
if (flags.set_xdev)
fts_flags = FTS_PHYSICAL | FTS_NOCHDIR | FTS_XDEV;
@@ -973,8 +1018,9 @@
fts_set(fts, ftsent, FTS_SKIP);
continue;
case FTS_D:
- if (issys && !selabel_partial_match(fc_sehandle,
- ftsent->fts_path)) {
+ if (sfsb.f_type == SYSFS_MAGIC &&
+ !selabel_partial_match(fc_sehandle,
+ ftsent->fts_path)) {
fts_set(fts, ftsent, FTS_SKIP);
continue;
}
@@ -983,6 +1029,31 @@
fts_set(fts, ftsent, FTS_SKIP);
continue;
}
+
+ if (setrestorecondigest) {
+ struct dir_hash_node *new_node = NULL;
+
+ if (check_context_match_for_dir(ftsent->fts_path,
+ &new_node,
+ error) &&
+ !ignore_digest) {
+ selinux_log(SELINUX_INFO,
+ "Skipping restorecon on directory(%s)\n",
+ ftsent->fts_path);
+ fts_set(fts, ftsent, FTS_SKIP);
+ continue;
+ }
+
+ if (new_node && !error) {
+ if (!current) {
+ current = new_node;
+ head = current;
+ } else {
+ current->next = new_node;
+ current = current->next;
+ }
+ }
+ }
/* fall through */
default:
error |= restorecon_sb(ftsent->fts_path,
@@ -995,13 +1066,24 @@
}
} while ((ftsent = fts_read(fts)) != NULL);
- /* Labeling successful. Mark the top level directory as completed. */
- if (setrestoreconlast && !flags.nochange && !error && fc_digest) {
- error = setxattr(pathname, RESTORECON_LAST, fc_digest,
- fc_digest_len, 0);
- if (!error && flags.verbose)
- selinux_log(SELINUX_INFO,
- "Updated digest for: %s\n", pathname);
+ /*
+ * Labeling successful. Write partial match digests for subdirectories.
+ * TODO: Write digest upon FTS_DP if no error occurs in its descents.
+ */
+ if (setrestorecondigest && !flags.nochange && !error) {
+ current = head;
+ while (current != NULL) {
+ if (setxattr(current->path,
+ RESTORECON_PARTIAL_MATCH_DIGEST,
+ current->digest,
+ SHA1_HASH_SIZE, 0) < 0) {
+ selinux_log(SELINUX_ERROR,
+ "setxattr failed: %s: %s\n",
+ current->path,
+ strerror(errno));
+ }
+ current = current->next;
+ }
}
out:
@@ -1019,7 +1101,15 @@
}
free(pathdnamer);
free(pathname);
- free(xattr_value);
+
+ current = head;
+ while (current != NULL) {
+ struct dir_hash_node *next = current->next;
+
+ free(current->path);
+ free(current);
+ current = next;
+ }
return error;
oom:
@@ -1050,20 +1140,20 @@
void selinux_restorecon_set_sehandle(struct selabel_handle *hndl)
{
char **specfiles;
- size_t num_specfiles;
+ unsigned char *fc_digest;
+ size_t num_specfiles, fc_digest_len;
fc_sehandle = (struct selabel_handle *) hndl;
- /*
- * Read digest if requested in selabel_open(3) and set global params.
- */
+ /* Check if digest requested in selabel_open(3), if so use it. */
if (selabel_digest(fc_sehandle, &fc_digest, &fc_digest_len,
- &specfiles, &num_specfiles) < 0) {
- fc_digest = NULL;
- fc_digest_len = 0;
- }
+ &specfiles, &num_specfiles) < 0)
+ selabel_no_digest = true;
+ else
+ selabel_no_digest = false;
}
+
/*
* selinux_restorecon_default_handle(3) is called to set the global restorecon
* handle by a process if the default params are required.
@@ -1085,6 +1175,7 @@
return NULL;
}
+ selabel_no_digest = false;
return sehandle;
}
@@ -1134,9 +1225,11 @@
return 0;
}
-/* selinux_restorecon_xattr(3) - Find RESTORECON_LAST entries. */
+/* selinux_restorecon_xattr(3)
+ * Find RESTORECON_PARTIAL_MATCH_DIGEST entries.
+ */
int selinux_restorecon_xattr(const char *pathname, unsigned int xattr_flags,
- struct dir_xattr ***xattr_list)
+ struct dir_xattr ***xattr_list)
{
bool recurse = (xattr_flags &
SELINUX_RESTORECON_XATTR_RECURSE) ? true : false;
@@ -1157,7 +1250,7 @@
__selinux_once(fc_once, restorecon_init);
- if (!fc_sehandle || !fc_digest_len)
+ if (!fc_sehandle)
return -1;
if (lstat(pathname, &sb) < 0) {
diff --git a/libselinux/src/selinuxswig_python_exception.i b/libselinux/src/selinuxswig_python_exception.i
new file mode 100644
index 0000000..cf65825
--- /dev/null
+++ b/libselinux/src/selinuxswig_python_exception.i
@@ -0,0 +1,954 @@
+
+%exception is_selinux_enabled {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception is_selinux_mls_enabled {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getcon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setcon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getpidcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getpidcon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getprevcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getprevcon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getexeccon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getexeccon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setexeccon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setexeccon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getfscreatecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getfscreatecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setfscreatecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setfscreatecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getkeycreatecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getkeycreatecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setkeycreatecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setkeycreatecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getsockcreatecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getsockcreatecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setsockcreatecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setsockcreatecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getfilecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getfilecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception lgetfilecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception lgetfilecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception fgetfilecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception fgetfilecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setfilecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setfilecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception lsetfilecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception lsetfilecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception fsetfilecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception fsetfilecon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getpeercon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getpeercon_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_av {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_av_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_av_flags {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_av_flags_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_create_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_create_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_create_name_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_relabel {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_relabel_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_member {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_member_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_user {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_compute_user_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_validatetrans {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_validatetrans_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_load_policy {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_get_initial_context {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_get_initial_context_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_mkload_policy {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_init_load_policy {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_set_boolean_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_load_booleans {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_check_context {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_check_context_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_canonicalize_context {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_canonicalize_context_raw {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_getenforce {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_setenforce {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_reject_unknown {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_deny_unknown {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_get_checkreqprot {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_disable {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_policyvers {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_get_boolean_names {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_get_boolean_pending {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_get_boolean_active {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_set_boolean {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_commit_booleans {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_set_mapping {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception security_av_string {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception matchpathcon_init {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception matchpathcon_init_prefix {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception realpath_not_final {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception matchpathcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception matchpathcon_index {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception matchpathcon_filespec_add {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception matchmediacon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_getenforcemode {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_getpolicytype {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_set_policy_root {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_check_access {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_check_passwd_access {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception checkPasswdAccess {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_check_securetty_context {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinuxfs_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception setexecfilecon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception rpm_execcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception is_context_customizable {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_trans_to_raw_context {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_raw_to_trans_context {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_raw_context_to_color {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getseuserbyname {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception getseuser {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_file_context_verify {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception selinux_lsetfilecon_default {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index ed29dc5..ede5a28 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -21,7 +21,7 @@
*/
struct selinux_status_t
{
- uint32_t version; /* version number of thie structure */
+ uint32_t version; /* version number of this structure */
uint32_t sequence; /* sequence number of seqlock logic */
uint32_t enforcing; /* current setting of enforcing mode */
uint32_t policyload; /* times of policy reloaded */
diff --git a/libselinux/src/setup.py b/libselinux/src/setup.py
new file mode 100644
index 0000000..c8270bd
--- /dev/null
+++ b/libselinux/src/setup.py
@@ -0,0 +1,24 @@
+#!/usr/bin/python3
+
+from distutils.core import Extension, setup
+
+setup(
+ name="selinux",
+ version="3.0",
+ description="SELinux python 3 bindings",
+ author="SELinux Project",
+ author_email="selinux@vger.kernel.org",
+ ext_modules=[
+ Extension('selinux._selinux',
+ sources=['selinuxswig_python.i'],
+ include_dirs=['../include'],
+ library_dirs=['.'],
+ libraries=['selinux']),
+ Extension('selinux.audit2why',
+ sources=['audit2why.c'],
+ include_dirs=['../include'],
+ library_dirs=['.'],
+ libraries=['selinux'],
+ extra_link_args=['-l:libsepol.a', '-Wl,--version-script=audit2why.map'])
+ ],
+)
diff --git a/libselinux/src/sha1.c b/libselinux/src/sha1.c
index d671044..004fcd3 100644
--- a/libselinux/src/sha1.c
+++ b/libselinux/src/sha1.c
@@ -11,7 +11,7 @@
// Modified to:
// - stop symbols being exported for libselinux shared library - October 2015
// Richard Haines <richard_c_haines@btinternet.com>
-// - Not cast the workspace from a byte array to a CHAR64LONG16 due to allignment isses.
+// - Not cast the workspace from a byte array to a CHAR64LONG16 due to alignment isses.
// Fixes:
// sha1.c:73:33: error: cast from 'uint8_t *' (aka 'unsigned char *') to 'CHAR64LONG16 *' increases required alignment from 1 to 4 [-Werror,-Wcast-align]
// CHAR64LONG16* block = (CHAR64LONG16*) workspace;
diff --git a/libselinux/src/stringrep.c b/libselinux/src/stringrep.c
index ad29f76..29757b7 100644
--- a/libselinux/src/stringrep.c
+++ b/libselinux/src/stringrep.c
@@ -93,7 +93,7 @@
if (sscanf(buf, "%hu", &node->value) != 1)
goto err3;
- /* load up permission indicies */
+ /* load up permission indices */
snprintf(path, sizeof path, "%s/class/%s/perms",selinux_mnt,s);
dir = opendir(path);
if (dir == NULL)
@@ -158,7 +158,7 @@
return NULL;
}
-hidden void flush_class_cache(void)
+void selinux_flush_class_cache(void)
{
struct discover_class_node *cur = discover_class_cache, *prev = NULL;
size_t i;
@@ -180,6 +180,8 @@
discover_class_cache = NULL;
}
+hidden_def(selinux_flush_class_cache)
+
security_class_t string_to_security_class(const char *s)
{
struct discover_class_node *node;
@@ -268,7 +270,7 @@
int security_av_string(security_class_t tclass, access_vector_t av, char **res)
{
- unsigned int i = 0;
+ unsigned int i;
size_t len = 5;
access_vector_t tmp = av;
int rc = 0;
@@ -276,19 +278,12 @@
char *ptr;
/* first pass computes the required length */
- while (tmp) {
+ for (i = 0; tmp; tmp >>= 1, i++) {
if (tmp & 1) {
str = security_av_perm_to_string(tclass, av & (1<<i));
if (str)
len += strlen(str) + 1;
- else {
- rc = -1;
- errno = EINVAL;
- goto out;
- }
}
- tmp >>= 1;
- i++;
}
*res = malloc(len);
@@ -298,7 +293,6 @@
}
/* second pass constructs the string */
- i = 0;
tmp = av;
ptr = *res;
@@ -308,12 +302,12 @@
}
ptr += sprintf(ptr, "{ ");
- while (tmp) {
- if (tmp & 1)
- ptr += sprintf(ptr, "%s ", security_av_perm_to_string(
- tclass, av & (1<<i)));
- tmp >>= 1;
- i++;
+ for (i = 0; tmp; tmp >>= 1, i++) {
+ if (tmp & 1) {
+ str = security_av_perm_to_string(tclass, av & (1<<i));
+ if (str)
+ ptr += sprintf(ptr, "%s ", str);
+ }
}
sprintf(ptr, "}");
out:
diff --git a/libselinux/utils/.gitignore b/libselinux/utils/.gitignore
index aba18a3..3ef3437 100644
--- a/libselinux/utils/.gitignore
+++ b/libselinux/utils/.gitignore
@@ -15,6 +15,7 @@
policyvers
sefcontext_compile
selabel_digest
+selabel_get_digests_all_partial_matches
selabel_lookup
selabel_lookup_best_match
selabel_partial_match
diff --git a/libselinux/utils/sefcontext_compile.c b/libselinux/utils/sefcontext_compile.c
index 54600e2..dcb0085 100644
--- a/libselinux/utils/sefcontext_compile.c
+++ b/libselinux/utils/sefcontext_compile.c
@@ -88,7 +88,7 @@
* u32 - spec has meta characters
* u32 - The specs prefix_len if >= SELINUX_COMPILED_FCONTEXT_PREFIX_LEN
* u32 - data length of the pcre regex
- * char - a bufer holding the raw pcre regex info
+ * char - a buffer holding the raw pcre regex info
* u32 - data length of the pcre regex study daya
* char - a buffer holding the raw pcre regex study data
*/
diff --git a/libselinux/utils/selabel_get_digests_all_partial_matches.c b/libselinux/utils/selabel_get_digests_all_partial_matches.c
new file mode 100644
index 0000000..0c2edc6
--- /dev/null
+++ b/libselinux/utils/selabel_get_digests_all_partial_matches.c
@@ -0,0 +1,170 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <getopt.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <fts.h>
+#include <selinux/selinux.h>
+#include <selinux/label.h>
+
+#include "../src/label_file.h"
+
+static __attribute__ ((__noreturn__)) void usage(const char *progname)
+{
+ fprintf(stderr,
+ "usage: %s [-vr] [-f file] path\n\n"
+ "Where:\n\t"
+ "-v Validate file_contxts entries against loaded policy.\n\t"
+ "-r Recursively descend directories.\n\t"
+ "-f Optional file_contexts file (defaults to current policy).\n\t"
+ "path Path to check current SHA1 digest against file_contexts entries.\n\n"
+ "This will check the directory selinux.sehash SHA1 digest for "
+ "<path> against\na newly generated digest based on the "
+ "file_context entries for that node\n(using the regx, mode "
+ "and path entries).\n", progname);
+ exit(1);
+}
+
+int main(int argc, char **argv)
+{
+ int opt, fts_flags;
+ size_t i, digest_len;
+ bool status, recurse = false;
+ FTS *fts;
+ FTSENT *ftsent;
+ char *validate = NULL, *file = NULL;
+ char *paths[2] = { NULL, NULL };
+ uint8_t *xattr_digest = NULL;
+ uint8_t *calculated_digest = NULL;
+ char *sha1_buf = NULL;
+
+ struct selabel_handle *hnd;
+ struct selinux_opt selabel_option[] = {
+ { SELABEL_OPT_PATH, file },
+ { SELABEL_OPT_VALIDATE, validate }
+ };
+
+ if (argc < 2)
+ usage(argv[0]);
+
+ while ((opt = getopt(argc, argv, "f:rv")) > 0) {
+ switch (opt) {
+ case 'f':
+ file = optarg;
+ break;
+ case 'r':
+ recurse = true;
+ break;
+ case 'v':
+ validate = (char *)1;
+ break;
+ default:
+ usage(argv[0]);
+ }
+ }
+
+ if (optind >= argc) {
+ fprintf(stderr, "No pathname specified\n");
+ exit(-1);
+ }
+
+ paths[0] = argv[optind];
+
+ selabel_option[0].value = file;
+ selabel_option[1].value = validate;
+
+ hnd = selabel_open(SELABEL_CTX_FILE, selabel_option, 2);
+ if (!hnd) {
+ fprintf(stderr, "ERROR: selabel_open - Could not obtain "
+ "handle.\n");
+ return -1;
+ }
+
+ fts_flags = FTS_PHYSICAL | FTS_NOCHDIR;
+ fts = fts_open(paths, fts_flags, NULL);
+ if (!fts) {
+ printf("fts error on %s: %s\n",
+ paths[0], strerror(errno));
+ return -1;
+ }
+
+ while ((ftsent = fts_read(fts)) != NULL) {
+ switch (ftsent->fts_info) {
+ case FTS_DP:
+ continue;
+ case FTS_D: {
+
+ xattr_digest = NULL;
+ calculated_digest = NULL;
+ digest_len = 0;
+
+ status = selabel_get_digests_all_partial_matches(hnd,
+ ftsent->fts_path,
+ &calculated_digest,
+ &xattr_digest,
+ &digest_len);
+
+ sha1_buf = calloc(1, digest_len * 2 + 1);
+ if (!sha1_buf) {
+ fprintf(stderr, "Could not calloc buffer ERROR: %s\n",
+ strerror(errno));
+ return -1;
+ }
+
+ if (status) { /* They match */
+ printf("xattr and file_contexts SHA1 digests match for: %s\n",
+ ftsent->fts_path);
+
+ if (calculated_digest) {
+ for (i = 0; i < digest_len; i++)
+ sprintf((&sha1_buf[i * 2]),
+ "%02x",
+ calculated_digest[i]);
+ printf("SHA1 digest: %s\n", sha1_buf);
+ }
+ } else {
+ if (!calculated_digest) {
+ printf("No SHA1 digest available for: %s\n",
+ ftsent->fts_path);
+ printf("as file_context entry is \"<<none>>\"\n");
+ break;
+ }
+
+ printf("The file_context entries for: %s\n",
+ ftsent->fts_path);
+
+ for (i = 0; i < digest_len; i++)
+ sprintf((&sha1_buf[i * 2]), "%02x",
+ calculated_digest[i]);
+ printf("generated SHA1 digest: %s\n", sha1_buf);
+
+ if (!xattr_digest) {
+ printf("however there is no selinux.sehash xattr entry.\n");
+ } else {
+ printf("however it does NOT match the current entry of:\n");
+ for (i = 0; i < digest_len; i++)
+ sprintf((&sha1_buf[i * 2]),
+ "%02x",
+ xattr_digest[i]);
+ printf("%s\n", sha1_buf);
+ }
+
+ free(xattr_digest);
+ free(calculated_digest);
+ free(sha1_buf);
+ }
+ break;
+ }
+ default:
+ break;
+ }
+
+ if (!recurse)
+ break;
+ }
+
+ (void) fts_close(fts);
+ (void) selabel_close(hnd);
+ return 0;
+}
diff --git a/libsemanage/VERSION b/libsemanage/VERSION
index 8c26915..9f55b2c 100644
--- a/libsemanage/VERSION
+++ b/libsemanage/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/libsemanage/include/semanage/handle.h b/libsemanage/include/semanage/handle.h
index c816590..946d69b 100644
--- a/libsemanage/include/semanage/handle.h
+++ b/libsemanage/include/semanage/handle.h
@@ -32,13 +32,13 @@
/* Create and return a semanage handle.
The handle is initially in the disconnected state. */
-semanage_handle_t *semanage_handle_create(void);
+extern semanage_handle_t *semanage_handle_create(void);
/* Deallocate all space associated with a semanage_handle_t, including
* the pointer itself. CAUTION: this function does not disconnect
* from the backend; be sure that a semanage_disconnect() was
* previously called if the handle was connected. */
-void semanage_handle_destroy(semanage_handle_t *);
+extern void semanage_handle_destroy(semanage_handle_t *);
/* This is the type of connection to the store, for now only
* direct is supported */
@@ -51,65 +51,65 @@
* It must be called after semanage_handle_create but before
* semanage_connect. The argument should be the full path to the store.
*/
-void semanage_select_store(semanage_handle_t * handle, char *path,
- enum semanage_connect_type storetype);
+extern void semanage_select_store(semanage_handle_t * handle, char *path,
+ enum semanage_connect_type storetype);
/* Just reload the policy */
-int semanage_reload_policy(semanage_handle_t * handle);
+extern int semanage_reload_policy(semanage_handle_t * handle);
/* set whether to reload the policy or not after a commit,
* 1 for yes (default), 0 for no */
-void semanage_set_reload(semanage_handle_t * handle, int do_reload);
+extern void semanage_set_reload(semanage_handle_t * handle, int do_reload);
/* set whether to rebuild the policy on commit, even if no
* changes were performed.
* 1 for yes, 0 for no (default) */
-void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
+extern void semanage_set_rebuild(semanage_handle_t * handle, int do_rebuild);
/* Fills *compiler_path with the location of the hll compiler sh->conf->compiler_directory_path
* corresponding to lang_ext.
* Upon success returns 0, -1 on error. */
-int semanage_get_hll_compiler_path(semanage_handle_t *sh, char *lang_ext, char **compiler_path);
+extern int semanage_get_hll_compiler_path(semanage_handle_t *sh, char *lang_ext, char **compiler_path);
/* create the store if it does not exist, this only has an effect on
* direct connections and must be called before semanage_connect
* 1 for yes, 0 for no (default) */
-void semanage_set_create_store(semanage_handle_t * handle, int create_store);
+extern void semanage_set_create_store(semanage_handle_t * handle, int create_store);
/*Get whether or not dontaudits will be disabled upon commit */
-int semanage_get_disable_dontaudit(semanage_handle_t * handle);
+extern int semanage_get_disable_dontaudit(semanage_handle_t * handle);
/* Set whether or not to disable dontaudits upon commit */
-void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
+extern void semanage_set_disable_dontaudit(semanage_handle_t * handle, int disable_dontaudit);
/* Set whether or not to execute setfiles to check file contexts upon commit */
-void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts);
+extern void semanage_set_check_contexts(semanage_handle_t * sh, int do_check_contexts);
/* Get the default priority. */
-uint16_t semanage_get_default_priority(semanage_handle_t *sh);
+extern uint16_t semanage_get_default_priority(semanage_handle_t *sh);
/* Set the default priority. */
-int semanage_set_default_priority(semanage_handle_t *sh, uint16_t priority);
+extern int semanage_set_default_priority(semanage_handle_t *sh, uint16_t priority);
/* Check whether policy is managed via libsemanage on this system.
* Must be called prior to trying to connect.
* Return 1 if policy is managed via libsemanage on this system,
* 0 if policy is not managed, or -1 on error.
*/
-int semanage_is_managed(semanage_handle_t *);
+extern int semanage_is_managed(semanage_handle_t *);
/* "Connect" to a manager based on the configuration and
* associate the provided handle with the connection.
* If the connect fails then this function returns a negative value,
* else it returns zero.
*/
-int semanage_connect(semanage_handle_t *);
+extern int semanage_connect(semanage_handle_t *);
/* Disconnect from the manager given by the handle. If already
* disconnected then this function does nothing. Return 0 if
* disconnected properly or already disconnected, negative value on
* error. */
-int semanage_disconnect(semanage_handle_t *);
+extern int semanage_disconnect(semanage_handle_t *);
/* Attempt to obtain a transaction lock on the manager. If another
* process has the lock then this function may block, depending upon
@@ -118,47 +118,47 @@
* Note that if the semanage_handle has not yet obtained a transaction
* lock whenever a writer function is called, there will be an
* implicit call to this function. */
-int semanage_begin_transaction(semanage_handle_t *);
+extern int semanage_begin_transaction(semanage_handle_t *);
/* Attempt to commit all changes since this transaction began. If the
* commit is successful then increment the "policy sequence number"
* and then release the transaction lock. Return that policy number
* afterwards, or -1 on error.
*/
-int semanage_commit(semanage_handle_t *);
+extern int semanage_commit(semanage_handle_t *);
#define SEMANAGE_CAN_READ 1
#define SEMANAGE_CAN_WRITE 2
/* returns SEMANAGE_CAN_READ or SEMANAGE_CAN_WRITE if the store is readable
* or writable, respectively. <0 if an error occurred */
-int semanage_access_check(semanage_handle_t * sh);
+extern int semanage_access_check(semanage_handle_t * sh);
/* returns 0 if not connected, 1 if connected */
-int semanage_is_connected(semanage_handle_t * sh);
+extern int semanage_is_connected(semanage_handle_t * sh);
/* returns 1 if policy is MLS, 0 otherwise. */
-int semanage_mls_enabled(semanage_handle_t *sh);
+extern int semanage_mls_enabled(semanage_handle_t *sh);
/* Change to alternate semanage root path */
-int semanage_set_root(const char *path);
+extern int semanage_set_root(const char *path);
/* Get the current semanage root path */
-const char * semanage_root(void);
+extern const char * semanage_root(void);
/* Get whether or not needless unused branch of tunables would be preserved */
-int semanage_get_preserve_tunables(semanage_handle_t * handle);
+extern int semanage_get_preserve_tunables(semanage_handle_t * handle);
/* Set whether or not to preserve the needless unused branch of tunables */
-void semanage_set_preserve_tunables(semanage_handle_t * handle, int preserve_tunables);
+extern void semanage_set_preserve_tunables(semanage_handle_t * handle, int preserve_tunables);
/* Get the flag value for whether or not caching is ignored for compiled CIL modules from HLL files */
-int semanage_get_ignore_module_cache(semanage_handle_t *handle);
+extern int semanage_get_ignore_module_cache(semanage_handle_t *handle);
/* Set semanage_handle flag for whether or not to ignore caching of compiled CIL modules from HLL files */
-void semanage_set_ignore_module_cache(semanage_handle_t *handle, int ignore_module_cache);
+extern void semanage_set_ignore_module_cache(semanage_handle_t *handle, int ignore_module_cache);
/* set the store root path for semanage output files */
-void semanage_set_store_root(semanage_handle_t *sh, const char *store_root);
+extern void semanage_set_store_root(semanage_handle_t *sh, const char *store_root);
/* META NOTES
*
diff --git a/libsemanage/include/semanage/modules.h b/libsemanage/include/semanage/modules.h
index 4b93e54..ac40393 100644
--- a/libsemanage/include/semanage/modules.h
+++ b/libsemanage/include/semanage/modules.h
@@ -32,11 +32,11 @@
* a transaction
*/
-int semanage_module_install(semanage_handle_t *,
- char *module_data, size_t data_len, char *name, char *ext_lang);
-int semanage_module_install_file(semanage_handle_t *,
- const char *module_name);
-int semanage_module_remove(semanage_handle_t *, char *module_name);
+extern int semanage_module_install(semanage_handle_t *,
+ char *module_data, size_t data_len, char *name, char *ext_lang);
+extern int semanage_module_install_file(semanage_handle_t *,
+ const char *module_name);
+extern int semanage_module_remove(semanage_handle_t *, char *module_name);
/* semanage_module_info is for getting information on installed
modules, only name at this time */
@@ -52,18 +52,18 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_extract(semanage_handle_t *sh,
- semanage_module_key_t *modkey,
- int extract_cil,
- void **mapped_data,
- size_t *data_len,
- semanage_module_info_t **modinfo);
-int semanage_module_list(semanage_handle_t *,
- semanage_module_info_t **, int *num_modules);
-void semanage_module_info_datum_destroy(semanage_module_info_t *);
-semanage_module_info_t *semanage_module_list_nth(semanage_module_info_t * list,
- int n);
-const char *semanage_module_get_name(semanage_module_info_t *);
+extern int semanage_module_extract(semanage_handle_t *sh,
+ semanage_module_key_t *modkey,
+ int extract_cil,
+ void **mapped_data,
+ size_t *data_len,
+ semanage_module_info_t **modinfo);
+extern int semanage_module_list(semanage_handle_t *,
+ semanage_module_info_t **, int *num_modules);
+extern void semanage_module_info_datum_destroy(semanage_module_info_t *);
+extern semanage_module_info_t *semanage_module_list_nth(semanage_module_info_t * list,
+ int n);
+extern const char *semanage_module_get_name(semanage_module_info_t *);
/* Module Info */
@@ -74,8 +74,8 @@
* The @modinfo should be destroyed with semanage_module_info_destroy.
* The caller should call free() on the struct.
*/
-int semanage_module_info_create(semanage_handle_t *sh,
- semanage_module_info_t **modinfo);
+extern int semanage_module_info_create(semanage_handle_t *sh,
+ semanage_module_info_t **modinfo);
/* Frees the members of the module info struct.
*
@@ -83,8 +83,8 @@
*
* The caller should call free() on the struct.
*/
-int semanage_module_info_destroy(semanage_handle_t *handle,
- semanage_module_info_t *modinfo);
+extern int semanage_module_info_destroy(semanage_handle_t *handle,
+ semanage_module_info_t *modinfo);
/* Module Info Getters */
@@ -92,33 +92,33 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_get_priority(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- uint16_t *priority);
+extern int semanage_module_info_get_priority(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ uint16_t *priority);
/* Get @name from @modinfo. Caller should not free @name.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_get_name(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- const char **name);
+extern int semanage_module_info_get_name(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ const char **name);
/* Get @lang_ext from @modinfo. Caller should not free @lang_ext.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_get_lang_ext(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- const char **lang_ext);
+extern int semanage_module_info_get_lang_ext(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ const char **lang_ext);
/* Get @enabled from @modinfo.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_get_enabled(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- int *enabled);
+extern int semanage_module_info_get_enabled(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ int *enabled);
/* Module Info Setters */
@@ -126,33 +126,33 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_set_priority(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- uint16_t priority);
+extern int semanage_module_info_set_priority(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ uint16_t priority);
/* Set @name in @modinfo.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_set_name(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- const char *name);
+extern int semanage_module_info_set_name(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ const char *name);
/* Set @lang_ext in @modinfo.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_set_lang_ext(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- const char *lang_ext);
+extern int semanage_module_info_set_lang_ext(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ const char *lang_ext);
/* Set @enabled in @modinfo.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_info_set_enabled(semanage_handle_t *sh,
- semanage_module_info_t *modinfo,
- int enabled);
+extern int semanage_module_info_set_enabled(semanage_handle_t *sh,
+ semanage_module_info_t *modinfo,
+ int enabled);
/* Module Key */
@@ -163,16 +163,16 @@
* The @modkey should be destroyed with semanage_module_key_destroy.
* The caller should call free() on the struct.
*/
-int semanage_module_key_create(semanage_handle_t *sh,
- semanage_module_key_t **modkey);
+extern int semanage_module_key_create(semanage_handle_t *sh,
+ semanage_module_key_t **modkey);
/* Frees members of the @modkey, but not the struct. The caller should
* call free() on struct.
*
* Returns 0 on success, and -1 on error.
*/
-int semanage_module_key_destroy(semanage_handle_t *sh,
- semanage_module_key_t *modkey);
+extern int semanage_module_key_destroy(semanage_handle_t *sh,
+ semanage_module_key_t *modkey);
/* Module Key Getters */
@@ -180,17 +180,17 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_key_get_name(semanage_handle_t *sh,
- semanage_module_key_t *modkey,
- const char **name);
+extern int semanage_module_key_get_name(semanage_handle_t *sh,
+ semanage_module_key_t *modkey,
+ const char **name);
/* Get @name from @modkey.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_key_get_priority(semanage_handle_t *sh,
- semanage_module_key_t *modkey,
- uint16_t *priority);
+extern int semanage_module_key_get_priority(semanage_handle_t *sh,
+ semanage_module_key_t *modkey,
+ uint16_t *priority);
/* Module Key Setters */
@@ -198,17 +198,17 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_key_set_name(semanage_handle_t *sh,
- semanage_module_key_t *modkey,
- const char *name);
+extern int semanage_module_key_set_name(semanage_handle_t *sh,
+ semanage_module_key_t *modkey,
+ const char *name);
/* Set @priority in @modkey.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_key_set_priority(semanage_handle_t *sh,
- semanage_module_key_t *modkey,
- uint16_t priority);
+extern int semanage_module_key_set_priority(semanage_handle_t *sh,
+ semanage_module_key_t *modkey,
+ uint16_t priority);
/* Set module @enabled status from @modkey. Modules are enabled on a per
* module name basis (across all priorities). @modkey only needs to have
@@ -216,18 +216,18 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_set_enabled(semanage_handle_t *sh,
- const semanage_module_key_t *modkey,
- int enabled);
+extern int semanage_module_set_enabled(semanage_handle_t *sh,
+ const semanage_module_key_t *modkey,
+ int enabled);
/* Lookup @modinfo by @modkey. Caller should use
* semanage_module_info_destroy and free on @modinfo.
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_get_module_info(semanage_handle_t *sh,
- const semanage_module_key_t *modkey,
- semanage_module_info_t **modinfo);
+extern int semanage_module_get_module_info(semanage_handle_t *sh,
+ const semanage_module_key_t *modkey,
+ semanage_module_info_t **modinfo);
/* Create a list of all modules in @modinfos of length @modinfos_len.
* The list will be sorted from high priority to low and alphabetically
@@ -238,9 +238,9 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_list_all(semanage_handle_t *sh,
- semanage_module_info_t **modinfos,
- int *modinfos_len);
+extern int semanage_module_list_all(semanage_handle_t *sh,
+ semanage_module_info_t **modinfos,
+ int *modinfos_len);
/* Install the module indicated by @modinfo with input data from
* @module_data with length @data_len.
@@ -254,21 +254,21 @@
* -2 failure, invalid @modinfo
* -3 failure, error writing file
*/
-int semanage_module_install_info(semanage_handle_t *sh,
- const semanage_module_info_t *modinfo,
- char *data,
- size_t data_len);
+extern int semanage_module_install_info(semanage_handle_t *sh,
+ const semanage_module_info_t *modinfo,
+ char *data,
+ size_t data_len);
/* Remove the module indicated by @modkey.
* @modkey must have key values filled in.
*
* Returns:
* 0 success
- * -1 failure, out of memeory
+ * -1 failure, out of memory
* -2 failure, @module not found or couldn't be removed
*/
-int semanage_module_remove_key(semanage_handle_t *sh,
- const semanage_module_key_t *modkey);
+extern int semanage_module_remove_key(semanage_handle_t *sh,
+ const semanage_module_key_t *modkey);
/* Module Enabled */
@@ -278,8 +278,8 @@
*
* Returns 0 on success and -1 on error.
*/
-int semanage_module_get_enabled(semanage_handle_t *sh,
- const semanage_module_key_t *modkey,
- int *enabled);
+extern int semanage_module_get_enabled(semanage_handle_t *sh,
+ const semanage_module_key_t *modkey,
+ int *enabled);
#endif
diff --git a/libsemanage/include/semanage/port_record.h b/libsemanage/include/semanage/port_record.h
index 20ae4bd..7107480 100644
--- a/libsemanage/include/semanage/port_record.h
+++ b/libsemanage/include/semanage/port_record.h
@@ -16,6 +16,8 @@
#define SEMANAGE_PROTO_UDP 0
#define SEMANAGE_PROTO_TCP 1
+#define SEMANAGE_PROTO_DCCP 2
+#define SEMANAGE_PROTO_SCTP 3
/* Key */
extern int semanage_port_compare(const semanage_port_t * port,
diff --git a/libsemanage/man/man5/semanage.conf.5 b/libsemanage/man/man5/semanage.conf.5
index 8f8de55..8efc7dd 100644
--- a/libsemanage/man/man5/semanage.conf.5
+++ b/libsemanage/man/man5/semanage.conf.5
@@ -121,6 +121,11 @@
Please note that since this option deletes all HLL files, an updated HLL compiler will not be able to recompile the original HLL file into CIL.
In order to compile the original HLL file into CIL, the same HLL file will need to be reinstalled.
+.TP
+.B optimize-policy
+When set to "true", the kernel policy will be optimized upon rebuilds.
+It can be set to either "true" or "false" and by default it is set to "false".
+
.SH "SEE ALSO"
.TP
semanage(8)
diff --git a/libsemanage/src/.gitignore b/libsemanage/src/.gitignore
index dc87c59..b4d4bb3 100644
--- a/libsemanage/src/.gitignore
+++ b/libsemanage/src/.gitignore
@@ -1,4 +1,3 @@
semanageswig_wrap.c
-semanageswig_python_exception.i
semanage.py
semanageswig_ruby_wrap.c
diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile
index e029f09..8a9570c 100644
--- a/libsemanage/src/Makefile
+++ b/libsemanage/src/Makefile
@@ -94,7 +94,7 @@
$(LIBPC): $(LIBPC).in ../VERSION
sed -e 's/@VERSION@/$(VERSION)/; s:@prefix@:$(PREFIX):; s:@libdir@:$(LIBDIR):; s:@includedir@:$(INCLUDEDIR):' < $< > $@
-semanageswig_python_exception.i: ../include/semanage/semanage.h
+semanageswig_python_exception.i: exception.sh $(wildcard ../include/semanage/*.h)
bash -e exception.sh > $@ || (rm -f $@ ; false)
conf-scan.c: conf-scan.l conf-parse.h
diff --git a/libsemanage/src/boolean_internal.h b/libsemanage/src/boolean_internal.h
index ad12b82..dc23c27 100644
--- a/libsemanage/src/boolean_internal.h
+++ b/libsemanage/src/boolean_internal.h
@@ -21,7 +21,7 @@
hidden_proto(semanage_bool_set_name)
hidden_proto(semanage_bool_set_value)
-/* BOOL RECORD: metod table */
+/* BOOL RECORD: method table */
extern record_table_t SEMANAGE_BOOL_RTABLE;
extern int bool_file_dbase_init(semanage_handle_t * handle,
diff --git a/libsemanage/src/booleans_policydb.c b/libsemanage/src/booleans_policydb.c
index 6869d6c..26fcac0 100644
--- a/libsemanage/src/booleans_policydb.c
+++ b/libsemanage/src/booleans_policydb.c
@@ -39,7 +39,7 @@
record_policydb_table_t SEMANAGE_BOOL_POLICYDB_RTABLE = {
.add = NULL,
.modify = NULL,
-/* FIXME: these casts depend on stucts in libsepol matching structs
+/* FIXME: these casts depend on structs in libsepol matching structs
* in libsemanage. This is incredibly fragile - the casting gets
* rid of warnings, but is not type safe.
*/
diff --git a/libsemanage/src/conf-parse.y b/libsemanage/src/conf-parse.y
index b527e89..9bf9364 100644
--- a/libsemanage/src/conf-parse.y
+++ b/libsemanage/src/conf-parse.y
@@ -59,7 +59,7 @@
char *s;
}
-%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED TARGET_PLATFORM COMPILER_DIR IGNORE_MODULE_CACHE STORE_ROOT
+%token MODULE_STORE VERSION EXPAND_CHECK FILE_MODE SAVE_PREVIOUS SAVE_LINKED TARGET_PLATFORM COMPILER_DIR IGNORE_MODULE_CACHE STORE_ROOT OPTIMIZE_POLICY
%token LOAD_POLICY_START SETFILES_START SEFCONTEXT_COMPILE_START DISABLE_GENHOMEDIRCON HANDLE_UNKNOWN USEPASSWD IGNOREDIRS
%token BZIP_BLOCKSIZE BZIP_SMALL REMOVE_HLL
%token VERIFY_MOD_START VERIFY_LINKED_START VERIFY_KERNEL_START BLOCK_END
@@ -95,6 +95,7 @@
| bzip_blocksize
| bzip_small
| remove_hll
+ | optimize_policy
;
module_store: MODULE_STORE '=' ARG {
@@ -268,6 +269,17 @@
free($3);
}
+optimize_policy: OPTIMIZE_POLICY '=' ARG {
+ if (strcasecmp($3, "false") == 0) {
+ current_conf->optimize_policy = 0;
+ } else if (strcasecmp($3, "true") == 0) {
+ current_conf->optimize_policy = 1;
+ } else {
+ yyerror("optimize-policy can only be 'true' or 'false'");
+ }
+ free($3);
+}
+
command_block:
command_start external_opts BLOCK_END {
if (new_external->path == NULL) {
@@ -352,6 +364,7 @@
conf->bzip_small = 0;
conf->ignore_module_cache = 0;
conf->remove_hll = 0;
+ conf->optimize_policy = 0;
conf->save_previous = 0;
conf->save_linked = 0;
diff --git a/libsemanage/src/conf-scan.l b/libsemanage/src/conf-scan.l
index 607bbf0..b06a896 100644
--- a/libsemanage/src/conf-scan.l
+++ b/libsemanage/src/conf-scan.l
@@ -54,6 +54,7 @@
bzip-blocksize return BZIP_BLOCKSIZE;
bzip-small return BZIP_SMALL;
remove-hll return REMOVE_HLL;
+optimize-policy return OPTIMIZE_POLICY;
"[load_policy]" return LOAD_POLICY_START;
"[setfiles]" return SETFILES_START;
"[sefcontext_compile]" return SEFCONTEXT_COMPILE_START;
diff --git a/libsemanage/src/database.h b/libsemanage/src/database.h
index 6a4a164..a1cd32b 100644
--- a/libsemanage/src/database.h
+++ b/libsemanage/src/database.h
@@ -49,7 +49,7 @@
int (*clone) (struct semanage_handle * handle,
const record_t * rec, record_t ** new_rec);
- /* Deallocate record resources. Must sucessfully handle NULL. */
+ /* Deallocate record resources. Must successfully handle NULL. */
void (*free) (record_t * rec);
} record_table_t;
diff --git a/libsemanage/src/direct_api.c b/libsemanage/src/direct_api.c
index 7e097d5..1088a0a 100644
--- a/libsemanage/src/direct_api.c
+++ b/libsemanage/src/direct_api.c
@@ -1461,6 +1461,13 @@
cil_db_destroy(&cildb);
+ /* Remove redundancies in binary policy if requested. */
+ if (sh->conf->optimize_policy) {
+ retval = sepol_policydb_optimize(out);
+ if (retval < 0)
+ goto cleanup;
+ }
+
/* Write the linked policy before merging local changes. */
retval = semanage_write_policydb(sh, out,
SEMANAGE_LINKED);
diff --git a/libsemanage/src/exception.sh b/libsemanage/src/exception.sh
index 97bc2ae..fc1d403 100644
--- a/libsemanage/src/exception.sh
+++ b/libsemanage/src/exception.sh
@@ -9,10 +9,10 @@
}
"
}
-if ! ${CC:-gcc} -x c -c -I../include - -aux-info temp.aux < ../include/semanage/semanage.h
+if ! ${CC:-gcc} -x c -c -I../include -o temp.o - -aux-info temp.aux < ../include/semanage/semanage.h
then
# clang does not support -aux-info so fall back to gcc
- gcc -x c -c -I../include - -aux-info temp.aux < ../include/semanage/semanage.h
+ gcc -x c -c -I../include -o temp.o - -aux-info temp.aux < ../include/semanage/semanage.h
fi
for i in `awk '/extern int/ { print $6 }' temp.aux`; do except $i ; done
-rm -f -- temp.aux -.o
+rm -f -- temp.aux temp.o
diff --git a/libsemanage/src/fcontext_internal.h b/libsemanage/src/fcontext_internal.h
index a6008ea..c7767d0 100644
--- a/libsemanage/src/fcontext_internal.h
+++ b/libsemanage/src/fcontext_internal.h
@@ -26,7 +26,7 @@
hidden_proto(semanage_fcontext_free)
hidden_proto(semanage_fcontext_iterate_local)
-/* FCONTEXT RECORD: metod table */
+/* FCONTEXT RECORD: method table */
extern record_table_t SEMANAGE_FCONTEXT_RTABLE;
extern int fcontext_file_dbase_init(semanage_handle_t * handle,
diff --git a/libsemanage/src/genhomedircon.c b/libsemanage/src/genhomedircon.c
index e5f8d37..d08c88d 100644
--- a/libsemanage/src/genhomedircon.c
+++ b/libsemanage/src/genhomedircon.c
@@ -28,8 +28,10 @@
#include <semanage/fcontexts_policy.h>
#include <sepol/context.h>
#include <sepol/context_record.h>
+#include "fcontext_internal.h"
#include "semanage_store.h"
#include "seuser_internal.h"
+#include "user_internal.h"
#include "debug.h"
#include "utilities.h"
diff --git a/libsemanage/src/handle.c b/libsemanage/src/handle.c
index e5109ae..5e59aef 100644
--- a/libsemanage/src/handle.c
+++ b/libsemanage/src/handle.c
@@ -279,7 +279,7 @@
assert(sh != NULL);
/* This just sets the storename to what the user requests, no
- verification of existance will be done until connect */
+ verification of existence will be done until connect */
free(sh->conf->store_path);
sh->conf->store_path = strdup(storename);
assert(sh->conf->store_path); /* no way to return failure */
diff --git a/libsemanage/src/iface_internal.h b/libsemanage/src/iface_internal.h
index 1f67836..5cb7778 100644
--- a/libsemanage/src/iface_internal.h
+++ b/libsemanage/src/iface_internal.h
@@ -22,7 +22,7 @@
hidden_proto(semanage_iface_set_msgcon)
hidden_proto(semanage_iface_set_name)
-/* IFACE RECORD: metod table */
+/* IFACE RECORD: method table */
extern record_table_t SEMANAGE_IFACE_RTABLE;
extern int iface_policydb_dbase_init(semanage_handle_t * handle,
diff --git a/libsemanage/src/modules.c b/libsemanage/src/modules.c
index fa84d33..1904350 100644
--- a/libsemanage/src/modules.c
+++ b/libsemanage/src/modules.c
@@ -849,7 +849,7 @@
hidden_def(semanage_module_set_enabled)
-/* This function exists only for ABI compatability. It has been deprecated and
+/* This function exists only for ABI compatibility. It has been deprecated and
* should not be used. Instead, use semanage_module_set_enabled() */
int semanage_module_enable(semanage_handle_t *sh, char *module_name)
{
@@ -877,7 +877,7 @@
return rc;
}
-/* This function exists only for ABI compatability. It has been deprecated and
+/* This function exists only for ABI compatibility. It has been deprecated and
* should not be used. Instead, use semanage_module_set_enabled() */
int semanage_module_disable(semanage_handle_t *sh, char *module_name)
{
diff --git a/libsemanage/src/policy.h b/libsemanage/src/policy.h
index f127156..7d59543 100644
--- a/libsemanage/src/policy.h
+++ b/libsemanage/src/policy.h
@@ -31,7 +31,7 @@
struct semanage_policy_table {
/* Returns the current policy serial/commit number
- * A negative number is returned in case of failre */
+ * A negative number is returned in case of failure */
int (*get_serial) (struct semanage_handle *);
/* Destroy a connection */
diff --git a/libsemanage/src/ports_file.c b/libsemanage/src/ports_file.c
index 46ee2f0..4738d46 100644
--- a/libsemanage/src/ports_file.c
+++ b/libsemanage/src/ports_file.c
@@ -84,6 +84,10 @@
semanage_port_set_proto(port, SEMANAGE_PROTO_TCP);
else if (!strcasecmp(str, "udp"))
semanage_port_set_proto(port, SEMANAGE_PROTO_UDP);
+ else if (!strcasecmp(str, "dccp"))
+ semanage_port_set_proto(port, SEMANAGE_PROTO_DCCP);
+ else if (!strcasecmp(str, "sctp"))
+ semanage_port_set_proto(port, SEMANAGE_PROTO_SCTP);
else {
ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
info->filename, info->lineno, info->orig_line);
diff --git a/libsemanage/src/pywrap-test.py b/libsemanage/src/pywrap-test.py
index 5ac48f4..f266f70 100644
--- a/libsemanage/src/pywrap-test.py
+++ b/libsemanage/src/pywrap-test.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
from __future__ import print_function
import sys
diff --git a/libsemanage/src/semanage_conf.h b/libsemanage/src/semanage_conf.h
index c99ac8c..23c4b8b 100644
--- a/libsemanage/src/semanage_conf.h
+++ b/libsemanage/src/semanage_conf.h
@@ -47,6 +47,7 @@
int bzip_small;
int remove_hll;
int ignore_module_cache;
+ int optimize_policy;
char *ignoredirs; /* ";" separated of list for genhomedircon to ignore */
struct external_prog *load_policy;
struct external_prog *setfiles;
diff --git a/libsemanage/src/semanageswig_python.i b/libsemanage/src/semanageswig_python.i
index 8604b8a..8dd79fc 100644
--- a/libsemanage/src/semanageswig_python.i
+++ b/libsemanage/src/semanageswig_python.i
@@ -105,7 +105,7 @@
%apply int *OUTPUT { uint16_t * };
%include <cstring.i>
-/* This is needed to properly mmaped binary data in SWIG */
+/* This is needed to properly mmap binary data in SWIG */
%cstring_output_allocate_size(void **mapped_data, size_t *data_len, munmap(*$1, *$2));
%typemap(in, numinputs=0) char **(char *temp=NULL) {
diff --git a/libsemanage/src/semanageswig_python_exception.i b/libsemanage/src/semanageswig_python_exception.i
new file mode 100644
index 0000000..06c6026
--- /dev/null
+++ b/libsemanage/src/semanageswig_python_exception.i
@@ -0,0 +1,2385 @@
+
+%exception semanage_reload_policy {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_get_hll_compiler_path {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_get_disable_dontaudit {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_set_default_priority {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_is_managed {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_connect {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_disconnect {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_begin_transaction {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_commit {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_access_check {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_is_connected {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_mls_enabled {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_set_root {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_get_preserve_tunables {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_get_ignore_module_cache {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception select {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception pselect {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_install {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_install_file {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_remove {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_destroy {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_get_priority {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_get_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_get_lang_ext {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_get_enabled {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_set_priority {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_set_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_set_lang_ext {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_info_set_enabled {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_key_destroy {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_key_get_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_key_get_priority {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_key_set_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_key_set_priority {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_set_enabled {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_get_module_info {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_list_all {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_install_info {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_remove_key {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_module_get_enabled {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_msg_get_level {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_set_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_get_value {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_set_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_set_prefix {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_set_mlslevel {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_set_mlsrange {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_get_num_roles {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_add_role {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_has_role {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_get_roles {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_set_roles {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_set_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_set_sename {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_set_mlsrange {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_set_user {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_set_role {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_set_type {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_set_mls {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_from_string {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_context_to_string {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_set_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_set_ifcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_set_msgcon {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_get_proto {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_get_low {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_get_high {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_set_con {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_get_subnet_prefix {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_set_subnet_prefix {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_get_low {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_get_high {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_set_con {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_get_ibdev_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_set_ibdev_name {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_get_port {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_set_con {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_get_addr {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_get_addr_bytes {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_set_addr {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_set_addr_bytes {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_get_mask {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_get_mask_bytes {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_set_mask {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_set_mask_bytes {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_get_proto {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_set_con {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_set_active {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_query_active {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_exists_active {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_count_active {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_iterate_active {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_bool_list_active {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_user_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_compare {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_compare2 {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_key_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_key_extract {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_set_expr {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_get_type {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_set_con {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_create {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_clone {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_fcontext_list_homedirs {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_seuser_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_port_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibendport_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_ibpkey_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_iface_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_modify_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_del_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_query_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_exists_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_count_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_iterate_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_list_local {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_query {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_exists {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_count {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_iterate {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
+
+%exception semanage_node_list {
+ $action
+ if (result < 0) {
+ PyErr_SetFromErrno(PyExc_OSError);
+ SWIG_fail;
+ }
+}
+
diff --git a/libsemanage/src/user_internal.h b/libsemanage/src/user_internal.h
index ce1ac31..2fede94 100644
--- a/libsemanage/src/user_internal.h
+++ b/libsemanage/src/user_internal.h
@@ -28,7 +28,7 @@
hidden_proto(semanage_user_exists)
hidden_proto(semanage_user_query)
-/* USER record: metod table */
+/* USER record: method table */
extern record_table_t SEMANAGE_USER_RTABLE;
/* USER BASE record: method table */
diff --git a/libsemanage/src/utilities.c b/libsemanage/src/utilities.c
index ba6dc85..fc5a6a5 100644
--- a/libsemanage/src/utilities.c
+++ b/libsemanage/src/utilities.c
@@ -244,7 +244,7 @@
if (slen == 0)
return NULL;
- /* Count the occurences of search in src and compute the new size */
+ /* Count the occurrences of search in src and compute the new size */
for (p = strstr(src, search); p != NULL; p = strstr(p + slen, search)) {
count++;
if (lim && count >= lim)
diff --git a/libsemanage/src/utilities.h b/libsemanage/src/utilities.h
index ba1ed02..6bbe9f5 100644
--- a/libsemanage/src/utilities.h
+++ b/libsemanage/src/utilities.h
@@ -69,16 +69,16 @@
/**
* @param str the string to semanage_split
- * @return malloc'd string after the first run of charachters that aren't whitespace
+ * @return malloc'd string after the first run of characters that aren't whitespace
*/
char *semanage_split_on_space(const char *str) WARN_UNUSED;
/**
* @param str the string to semanage_split
- * @param delim the string delimiter. NOT a set of charachters that can be
+ * @param delim the string delimiter. NOT a set of characters that can be
* a delimiter.
* if *delim == '\0' behaves as semanage_splitOnSpace()
- * @return a ptr to the first charachter past the delimiter.
+ * @return a ptr to the first character past the delimiter.
* if delim doesn't appear in the string, returns a ptr to the
* trailing null in the string
*/
@@ -102,15 +102,15 @@
const semanage_list_t ** y);
/**
* @param data a target string
- * @param what a charachter
+ * @param what a character
* @returns the number of times the char appears in the string
*/
int semanage_str_count(const char *data, char what);
/**
* @param - a string
- * @param the charachter to trim to
+ * @param the character to trim to
* @return - mangles the string, converting the first
- * occurrance of the charachter to a '\0' from
+ * occurrence of the character to a '\0' from
* the end of the string.
*/
void semanage_rtrim(char *str, char trim_to);
@@ -119,7 +119,7 @@
* @param value being searched for
* @param replacement value that replaces found search values
* @param string being searched and replaced on
- * @param maximum number of value occurences (zero for unlimited)
+ * @param maximum number of value occurrences (zero for unlimited)
* @return newly-allocated string with the replaced values
*/
char *semanage_str_replace(const char *search, const char *replace,
diff --git a/libsemanage/tests/.gitignore b/libsemanage/tests/.gitignore
index f07111d..8a2a866 100644
--- a/libsemanage/tests/.gitignore
+++ b/libsemanage/tests/.gitignore
@@ -1 +1,2 @@
libsemanage-tests
+*.policy
diff --git a/libsemanage/tests/Makefile b/libsemanage/tests/Makefile
index 324766a..69f49a3 100644
--- a/libsemanage/tests/Makefile
+++ b/libsemanage/tests/Makefile
@@ -1,5 +1,6 @@
# Add your test source files here:
SOURCES = $(sort $(wildcard *.c))
+CILS = $(sort $(wildcard *.cil))
###########################################################################
@@ -8,15 +9,19 @@
override CFLAGS += -I../src -I../include
override LDLIBS += -lcunit -lbz2 -laudit -lselinux -lsepol
-OBJECTS = $(SOURCES:.c=.o)
+OBJECTS = $(SOURCES:.c=.o)
+POLICIES = $(CILS:.cil=.policy)
-all: $(EXECUTABLE)
+all: $(EXECUTABLE) $(POLICIES)
$(EXECUTABLE): $(OBJECTS) ../src/libsemanage.a
$(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS)
+%.policy: %.cil
+ ../../secilc/secilc $*.cil -o $*.policy -f /dev/null
+
clean distclean:
- rm -rf $(OBJECTS) $(EXECUTABLE)
+ rm -rf $(OBJECTS) $(POLICIES) $(EXECUTABLE)
test: all
./$(EXECUTABLE)
diff --git a/libsemanage/tests/libsemanage-tests.c b/libsemanage/tests/libsemanage-tests.c
index 048751b..2ae4a21 100644
--- a/libsemanage/tests/libsemanage-tests.c
+++ b/libsemanage/tests/libsemanage-tests.c
@@ -21,6 +21,15 @@
#include "test_semanage_store.h"
#include "test_utilities.h"
+#include "test_handle.h"
+#include "test_bool.h"
+#include "test_fcontext.h"
+#include "test_iface.h"
+#include "test_ibendport.h"
+#include "test_node.h"
+#include "test_port.h"
+#include "test_user.h"
+#include "test_other.h"
#include <CUnit/Basic.h>
#include <CUnit/Console.h>
@@ -59,6 +68,15 @@
DECLARE_SUITE(semanage_store);
DECLARE_SUITE(semanage_utilities);
+ DECLARE_SUITE(handle);
+ DECLARE_SUITE(bool);
+ DECLARE_SUITE(fcontext);
+ DECLARE_SUITE(iface);
+ DECLARE_SUITE(ibendport);
+ DECLARE_SUITE(node);
+ DECLARE_SUITE(port);
+ DECLARE_SUITE(user);
+ DECLARE_SUITE(other);
if (verbose)
CU_basic_set_mode(CU_BRM_VERBOSE);
diff --git a/libsemanage/tests/test_bool.c b/libsemanage/tests/test_bool.c
new file mode 100644
index 0000000..ae80d44
--- /dev/null
+++ b/libsemanage/tests/test_bool.c
@@ -0,0 +1,932 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_bool.h"
+
+#define BOOL_COUNT 3
+#define BOOL1_NAME "first_bool"
+#define BOOL1_VALUE 1
+#define BOOL2_NAME "second_bool"
+#define BOOL2_VALUE 0
+#define BOOL3_NAME "third_bool"
+#define BOOL3_VALUE 0
+#define BOOL_NONEXISTENT "asdf"
+
+/* boolean_record.h */
+void test_bool_key_create(void);
+void test_bool_key_extract(void);
+void test_bool_compare(void);
+void test_bool_compare2(void);
+void test_bool_get_set_name(void);
+void test_bool_get_set_value(void);
+void test_bool_create(void);
+void test_bool_clone(void);
+
+/* booleans_policy.h */
+void test_bool_query(void);
+void test_bool_exists(void);
+void test_bool_count(void);
+void test_bool_iterate(void);
+void test_bool_list(void);
+
+/* booleans_local.h */
+void test_bool_modify_del_local(void);
+void test_bool_query_local(void);
+void test_bool_exists_local(void);
+void test_bool_count_local(void);
+void test_bool_iterate_local(void);
+void test_bool_list_local(void);
+
+extern semanage_handle_t *sh;
+
+int bool_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_bool.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int bool_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could not destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int bool_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "bool_key_create", test_bool_key_create);
+ CU_add_test(suite, "bool_key_extract", test_bool_key_extract);
+ CU_add_test(suite, "bool_compare", test_bool_compare);
+ CU_add_test(suite, "bool_compare2", test_bool_compare2);
+ CU_add_test(suite, "bool_get_set_name", test_bool_get_set_name);
+ CU_add_test(suite, "bool_get_set_value", test_bool_get_set_value);
+ CU_add_test(suite, "bool_create", test_bool_create);
+ CU_add_test(suite, "bool_clone", test_bool_clone);
+
+ CU_add_test(suite, "bool_query", test_bool_query);
+ CU_add_test(suite, "bool_exists", test_bool_exists);
+ CU_add_test(suite, "bool_count", test_bool_count);
+ CU_add_test(suite, "bool_iterate", test_bool_iterate);
+ CU_add_test(suite, "bool_list", test_bool_list);
+
+ CU_add_test(suite, "bool_modify_del_local", test_bool_modify_del_local);
+ CU_add_test(suite, "bool_query_local", test_bool_query_local);
+ CU_add_test(suite, "bool_exists_local", test_bool_exists_local);
+ CU_add_test(suite, "bool_count_local", test_bool_count_local);
+ CU_add_test(suite, "bool_iterate_local", test_bool_iterate_local);
+ CU_add_test(suite, "bool_list_local", test_bool_list_local);
+
+ return 0;
+}
+
+/* Helpers */
+
+semanage_bool_t *get_bool_nth(int idx)
+{
+ int res;
+ semanage_bool_t **records;
+ semanage_bool_t *boolean;
+ unsigned int count;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ res = semanage_bool_list(sh, &records, &count);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
+
+ boolean = records[idx];
+
+ for (unsigned int i = 0; i < count; i++)
+ if (i != (unsigned int) idx)
+ semanage_bool_free(records[i]);
+
+ return boolean;
+}
+
+semanage_bool_t *get_bool_new(void)
+{
+ int res;
+ semanage_bool_t *boolean;
+
+ res = semanage_bool_create(sh, &boolean);
+
+ CU_ASSERT_FATAL(res >= 0);
+
+ return boolean;
+}
+
+semanage_bool_key_t *get_bool_key_nth(int idx)
+{
+ semanage_bool_key_t *key;
+ semanage_bool_t *boolean;
+ int res;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ boolean = get_bool_nth(idx);
+
+ res = semanage_bool_key_extract(sh, boolean, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+semanage_bool_key_t *get_bool_key_from_str(const char *str)
+{
+ semanage_bool_key_t *key;
+ int res;
+
+ if (str == NULL)
+ return NULL;
+
+ res = semanage_bool_key_create(sh, str, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+void add_local_bool(const char *name)
+{
+ semanage_bool_t *boolean;
+ semanage_bool_key_t *key = NULL;
+
+ CU_ASSERT_PTR_NOT_NULL_FATAL(name);
+
+ CU_ASSERT_FATAL(semanage_bool_key_create(sh, name, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_bool_query(sh, key, &boolean) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(boolean);
+
+ CU_ASSERT_FATAL(semanage_bool_modify_local(sh, key, boolean) >= 0);
+}
+
+void delete_local_bool(const char *name)
+{
+ semanage_bool_key_t *key = NULL;
+
+ CU_ASSERT_PTR_NOT_NULL_FATAL(name);
+
+ CU_ASSERT_FATAL(semanage_bool_key_create(sh, name, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_bool_del_local(sh, key) >= 0);
+}
+
+/* Function bool_key_create */
+
+void helper_bool_key_create(level_t level)
+{
+ semanage_bool_key_t *key = NULL;
+
+ setup_handle(level);
+
+ CU_ASSERT(semanage_bool_key_create(sh, "", &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ semanage_bool_key_free(key);
+
+ key = NULL;
+
+ CU_ASSERT(semanage_bool_key_create(sh, "testbool", &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ semanage_bool_key_free(key);
+
+ cleanup_handle(level);
+}
+
+void test_bool_key_create(void)
+{
+ helper_bool_key_create(SH_CONNECT);
+ helper_bool_key_create(SH_TRANS);
+}
+
+/* Function bool_key_extract */
+#define SK_NULL 1
+#define SK_NEW 2
+#define SK_INDEX 3
+#define SK_KEY_NULL 4
+void helper_bool_key_extract(level_t level, int mode)
+{
+ semanage_bool_t *boolean = NULL;
+ semanage_bool_key_t *key = NULL;
+ int res;
+
+ setup_handle(level);
+
+ switch (mode) {
+ case SK_NULL:
+ boolean = NULL;
+ break;
+ case SK_NEW:
+ boolean = get_bool_new();
+ break;
+ case SK_INDEX:
+ boolean = get_bool_nth(0);
+ break;
+ case SK_KEY_NULL:
+ boolean = get_bool_nth(0);
+ break;
+ default:
+ CU_FAIL_FATAL("Invalid mode\n");
+ }
+
+ if (mode == SK_KEY_NULL)
+ res = semanage_bool_key_extract(sh, boolean, NULL);
+ else
+ res = semanage_bool_key_extract(sh, boolean, &key);
+
+ CU_ASSERT(res >= 0);
+
+ res = semanage_bool_compare(boolean, key);
+
+ CU_ASSERT(res == 0);
+
+ semanage_bool_key_free(key);
+ semanage_bool_free(boolean);
+
+ cleanup_handle(level);
+}
+
+void test_bool_key_extract(void)
+{
+ helper_bool_key_extract(SH_CONNECT, SK_INDEX);
+ helper_bool_key_extract(SH_TRANS, SK_INDEX);
+}
+#undef SK_NULL
+#undef SK_NEW
+#undef SK_INDEX
+#undef SK_KEY_NULL
+
+/* Function bool_compare */
+void helper_bool_compare(level_t level, int bool_idx1, int bool_idx2)
+{
+ semanage_bool_t *boolean;
+ semanage_bool_key_t *key;
+ int res;
+
+ setup_handle(level);
+
+ boolean = get_bool_nth(bool_idx1);
+ key = get_bool_key_nth(bool_idx2);
+
+ res = semanage_bool_compare(boolean, key);
+
+ if (bool_idx1 == bool_idx2) {
+ CU_ASSERT(res == 0);
+ } else {
+ CU_ASSERT(res != 0);
+ }
+
+ semanage_bool_free(boolean);
+ semanage_bool_key_free(key);
+ cleanup_handle(level);
+}
+
+void test_bool_compare(void)
+{
+ helper_bool_compare(SH_CONNECT, I_FIRST, I_FIRST);
+ helper_bool_compare(SH_CONNECT, I_FIRST, I_SECOND);
+ helper_bool_compare(SH_CONNECT, I_SECOND, I_FIRST);
+ helper_bool_compare(SH_CONNECT, I_SECOND, I_SECOND);
+
+ helper_bool_compare(SH_TRANS, I_FIRST, I_FIRST);
+ helper_bool_compare(SH_TRANS, I_FIRST, I_SECOND);
+ helper_bool_compare(SH_TRANS, I_SECOND, I_FIRST);
+ helper_bool_compare(SH_TRANS, I_SECOND, I_SECOND);
+}
+
+/* Function bool_compare2 */
+void helper_bool_compare2(level_t level, int bool_idx1, int bool_idx2)
+{
+ semanage_bool_t *bool1;
+ semanage_bool_t *bool2;
+ int res;
+
+ setup_handle(level);
+
+ bool1 = get_bool_nth(bool_idx1);
+ bool2 = get_bool_nth(bool_idx2);
+
+ res = semanage_bool_compare2(bool1, bool2);
+
+ if (bool_idx1 == bool_idx2) {
+ CU_ASSERT(res == 0);
+ } else {
+ CU_ASSERT(res != 0);
+ }
+
+ semanage_bool_free(bool1);
+ semanage_bool_free(bool2);
+ cleanup_handle(level);
+}
+
+void test_bool_compare2(void)
+{
+ helper_bool_compare2(SH_CONNECT, I_FIRST, I_FIRST);
+ helper_bool_compare2(SH_CONNECT, I_FIRST, I_SECOND);
+ helper_bool_compare2(SH_CONNECT, I_SECOND, I_FIRST);
+ helper_bool_compare2(SH_CONNECT, I_SECOND, I_SECOND);
+
+ helper_bool_compare2(SH_TRANS, I_FIRST, I_FIRST);
+ helper_bool_compare2(SH_TRANS, I_FIRST, I_SECOND);
+ helper_bool_compare2(SH_TRANS, I_SECOND, I_FIRST);
+ helper_bool_compare2(SH_TRANS, I_SECOND, I_SECOND);
+}
+
+/* Function bool_get_name, bool_set_name */
+void helper_bool_get_set_name(level_t level, int bool_idx, const char *name)
+{
+ semanage_bool_t *boolean;
+ const char *new_name = NULL;
+
+ setup_handle(level);
+
+ boolean = get_bool_nth(bool_idx);
+
+ CU_ASSERT(semanage_bool_set_name(sh, boolean, name) >= 0);
+
+ new_name = semanage_bool_get_name(boolean);
+
+ CU_ASSERT_PTR_NOT_NULL(new_name);
+ /* Use assert to silence the clang analyzer */
+ assert(new_name);
+ CU_ASSERT_STRING_EQUAL(new_name, name);
+
+ semanage_bool_free(boolean);
+ cleanup_handle(level);
+}
+
+void test_bool_get_set_name(void)
+{
+ helper_bool_get_set_name(SH_CONNECT, I_FIRST, "testbool");
+ helper_bool_get_set_name(SH_CONNECT, I_FIRST, "");
+ helper_bool_get_set_name(SH_CONNECT, I_SECOND, "testbool");
+ helper_bool_get_set_name(SH_CONNECT, I_SECOND, "");
+
+ helper_bool_get_set_name(SH_TRANS, I_FIRST, "testbool");
+ helper_bool_get_set_name(SH_TRANS, I_FIRST, "");
+ helper_bool_get_set_name(SH_TRANS, I_SECOND, "testbool");
+ helper_bool_get_set_name(SH_TRANS, I_SECOND, "");
+}
+
+/* Function bool_get_value, bool_set_value */
+void helper_bool_get_set_value(int bool_idx, int val)
+{
+ semanage_bool_t *boolean;
+ int new_val = 0;
+
+ setup_handle(SH_CONNECT);
+ boolean = get_bool_nth(bool_idx);
+ cleanup_handle(SH_CONNECT);
+
+ semanage_bool_set_value(boolean, val);
+
+ new_val = semanage_bool_get_value(boolean);
+
+ CU_ASSERT(new_val == val);
+
+ semanage_bool_free(boolean);
+}
+
+void test_bool_get_set_value(void)
+{
+ helper_bool_get_set_value(I_FIRST, 1);
+ helper_bool_get_set_value(I_FIRST, 0);
+ helper_bool_get_set_value(I_SECOND, 1);
+ helper_bool_get_set_value(I_SECOND, 0);
+}
+
+/* Function bool_create */
+void helper_bool_create(level_t level)
+{
+ semanage_bool_t *boolean;
+
+ setup_handle(level);
+
+ CU_ASSERT(semanage_bool_create(sh, &boolean) >= 0);
+
+ CU_ASSERT_PTR_NULL(semanage_bool_get_name(boolean));
+ CU_ASSERT(semanage_bool_get_value(boolean) == 0);
+
+ cleanup_handle(level);
+}
+
+void test_bool_create(void)
+{
+ helper_bool_create(SH_HANDLE);
+ helper_bool_create(SH_CONNECT);
+ helper_bool_create(SH_TRANS);
+}
+
+/* Function bool_clone */
+void helper_bool_clone(level_t level, int bool_idx)
+{
+ semanage_bool_t *boolean;
+ semanage_bool_t *boolean_clone;
+ const char *str;
+ const char *str_clone;
+ int val;
+ int val_clone;
+
+ setup_handle(level);
+
+ boolean = get_bool_nth(bool_idx);
+
+ CU_ASSERT(semanage_bool_clone(sh, boolean, &boolean_clone) >= 0);
+
+ str = semanage_bool_get_name(boolean);
+ str_clone = semanage_bool_get_name(boolean_clone);
+
+ CU_ASSERT_STRING_EQUAL(str, str_clone);
+
+ val = semanage_bool_get_value(boolean);
+ val_clone = semanage_bool_get_value(boolean_clone);
+
+ CU_ASSERT_EQUAL(val, val_clone);
+
+ cleanup_handle(level);
+}
+
+void test_bool_clone(void)
+{
+ helper_bool_clone(SH_CONNECT, I_FIRST);
+ helper_bool_clone(SH_CONNECT, I_SECOND);
+
+ helper_bool_clone(SH_TRANS, I_FIRST);
+ helper_bool_clone(SH_TRANS, I_SECOND);
+}
+
+/* Function bool_query */
+void helper_bool_query(level_t level, const char *bool_str, int exp_res)
+{
+ semanage_bool_key_t *key;
+ semanage_bool_t *resp = (void *) 42;
+
+ setup_handle(level);
+
+ key = get_bool_key_from_str(bool_str);
+
+ CU_ASSERT(semanage_bool_query(sh, key, &resp) >= 0);
+
+ if (exp_res >= 0) {
+ const char *name = semanage_bool_get_name(resp);
+ CU_ASSERT_STRING_EQUAL(name, bool_str);
+ } else {
+ CU_ASSERT_PTR_NULL(resp);
+ }
+
+ cleanup_handle(level);
+}
+
+void test_bool_query(void)
+{
+ helper_bool_query(SH_CONNECT, BOOL1_NAME, 1);
+ helper_bool_query(SH_CONNECT, BOOL2_NAME, 1);
+ helper_bool_query(SH_CONNECT, BOOL_NONEXISTENT, -1);
+
+ helper_bool_query(SH_TRANS, BOOL1_NAME, 1);
+ helper_bool_query(SH_TRANS, BOOL2_NAME, 1);
+ helper_bool_query(SH_TRANS, BOOL_NONEXISTENT, -1);
+}
+
+/* Function bool_exists */
+void helper_bool_exists(level_t level, const char *bool_str, int exp_resp)
+{
+ semanage_bool_key_t *key;
+ int resp;
+
+ setup_handle(level);
+
+ key = get_bool_key_from_str(bool_str);
+
+ CU_ASSERT(semanage_bool_exists(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == exp_resp);
+
+ semanage_bool_key_free(key);
+
+ cleanup_handle(level);
+}
+
+void test_bool_exists(void)
+{
+ helper_bool_exists(SH_CONNECT, BOOL1_NAME, 1);
+ helper_bool_exists(SH_CONNECT, BOOL2_NAME, 1);
+ helper_bool_exists(SH_CONNECT, BOOL_NONEXISTENT, 0);
+
+ helper_bool_exists(SH_TRANS, BOOL1_NAME, 1);
+ helper_bool_exists(SH_TRANS, BOOL2_NAME, 1);
+ helper_bool_exists(SH_TRANS, BOOL_NONEXISTENT, 0);
+}
+
+/* Function bool_count */
+void test_bool_count(void)
+{
+ unsigned int resp;
+
+ /* handle */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_bool_count(sh, &resp) < 0);
+ CU_ASSERT(semanage_bool_count(sh, NULL) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ resp = 0;
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_bool_count(sh, &resp) >= 0);
+ CU_ASSERT(resp == BOOL_COUNT);
+ cleanup_handle(SH_CONNECT);
+
+ /* trans */
+ resp = 0;
+ setup_handle(SH_TRANS);
+ CU_ASSERT(semanage_bool_count(sh, &resp) >= 0);
+ CU_ASSERT(resp == BOOL_COUNT);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function bool_iterate */
+unsigned int counter_bool_iterate = 0;
+
+int handler_bool_iterate(const semanage_bool_t *record, void *varg)
+{
+ counter_bool_iterate++;
+ return 0;
+}
+
+void helper_bool_iterate_invalid(void)
+{
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_bool_iterate(sh, &handler_bool_iterate, NULL) < 0);
+ CU_ASSERT(semanage_bool_iterate(sh, NULL, NULL) < 0);
+ cleanup_handle(SH_HANDLE);
+}
+
+void helper_bool_iterate(level_t level)
+{
+ setup_handle(level);
+ counter_bool_iterate = 0;
+ CU_ASSERT(semanage_bool_iterate(sh, &handler_bool_iterate, NULL) >= 0);
+ CU_ASSERT(counter_bool_iterate == BOOL_COUNT);
+ cleanup_handle(level);
+}
+
+void test_bool_iterate(void)
+{
+ helper_bool_iterate_invalid();
+ helper_bool_iterate(SH_CONNECT);
+ helper_bool_iterate(SH_TRANS);
+}
+
+/* Function bool_list */
+void helper_bool_list_invalid(void)
+{
+ semanage_bool_t **records;
+ unsigned int count;
+
+ setup_handle(SH_HANDLE);
+
+ CU_ASSERT(semanage_bool_list(sh, &records, &count) < 0);
+ CU_ASSERT(semanage_bool_list(sh, NULL, &count) < 0);
+ CU_ASSERT(semanage_bool_list(sh, &records, NULL) < 0);
+
+ cleanup_handle(SH_HANDLE);
+}
+
+void helper_bool_list(level_t level)
+{
+ semanage_bool_t **records;
+ unsigned int count;
+
+ setup_handle(level);
+
+ CU_ASSERT(semanage_bool_list(sh, &records, &count) >= 0);
+ CU_ASSERT(count == BOOL_COUNT);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ for (unsigned int i = 0; i < count; i++)
+ semanage_bool_free(records[i]);
+
+ cleanup_handle(level);
+}
+
+void test_bool_list(void)
+{
+ helper_bool_list_invalid();
+ helper_bool_list(SH_CONNECT);
+ helper_bool_list(SH_TRANS);
+}
+
+/* Function bool_modify_local, bool_del_local */
+void helper_bool_modify_del_local(level_t level, const char *name,
+ int old_val, int exp_res)
+{
+ semanage_bool_t *boolean;
+ semanage_bool_t *boolean_local;
+ semanage_bool_key_t *key = NULL;
+ int res;
+ int new_val;
+
+ /* setup */
+ setup_handle(level);
+
+ CU_ASSERT(semanage_bool_key_create(sh, name, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ CU_ASSERT(semanage_bool_query(sh, key, &boolean) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(boolean);
+
+ new_val = !old_val;
+ semanage_bool_set_value(boolean, new_val);
+
+ /* test */
+ res = semanage_bool_modify_local(sh, key, boolean);
+
+ if (exp_res < 0) {
+ CU_ASSERT(res < 0);
+ } else {
+ CU_ASSERT(res >= 0);
+
+ /* write changes to file */
+ if (level == SH_TRANS) {
+ helper_commit();
+ helper_begin_transaction();
+ }
+
+ CU_ASSERT(semanage_bool_query_local(sh, key,
+ &boolean_local) >= 0);
+ CU_ASSERT(semanage_bool_compare2(boolean_local, boolean) == 0);
+ CU_ASSERT(semanage_bool_del_local(sh, key) >= 0);
+ CU_ASSERT(semanage_bool_query_local(sh, key,
+ &boolean_local) < 0);
+ }
+
+ /* cleanup */
+ semanage_bool_key_free(key);
+ semanage_bool_free(boolean);
+
+ cleanup_handle(level);
+}
+
+void test_bool_modify_del_local(void)
+{
+ helper_bool_modify_del_local(SH_CONNECT, BOOL1_NAME, BOOL1_VALUE, -1);
+ helper_bool_modify_del_local(SH_CONNECT, BOOL2_NAME, BOOL2_VALUE, -1);
+ helper_bool_modify_del_local(SH_TRANS, BOOL1_NAME, BOOL1_VALUE, 1);
+ helper_bool_modify_del_local(SH_TRANS, BOOL2_NAME, BOOL2_VALUE, 1);
+}
+
+/* Function bool_query_local */
+void test_bool_query_local(void)
+{
+ semanage_bool_key_t *key = NULL;
+ semanage_bool_t *resp = NULL;
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_bool_key_create(sh, BOOL1_NAME, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ CU_ASSERT(semanage_bool_query_local(sh, key, &resp) < 0);
+ CU_ASSERT_PTR_NULL(resp);
+
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+ CU_ASSERT(semanage_bool_key_create(sh, BOOL1_NAME, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ CU_ASSERT(semanage_bool_query_local(sh, key, &resp) < 0);
+ CU_ASSERT_PTR_NULL(resp);
+
+ add_local_bool(BOOL1_NAME);
+ CU_ASSERT(semanage_bool_query_local(sh, key, &resp) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(resp);
+
+ semanage_bool_key_free(key);
+ CU_ASSERT(semanage_bool_key_create(sh, BOOL2_NAME, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ add_local_bool(BOOL2_NAME);
+ CU_ASSERT(semanage_bool_query_local(sh, key, &resp) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(resp);
+
+ /* cleanup */
+ delete_local_bool(BOOL1_NAME);
+ delete_local_bool(BOOL2_NAME);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function bool_exists_local */
+void test_bool_exists_local(void)
+{
+ int resp = -1;
+ semanage_bool_key_t *key;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ CU_ASSERT(semanage_bool_key_create(sh, BOOL1_NAME, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* test */
+ CU_ASSERT(semanage_bool_exists_local(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == 0);
+
+ add_local_bool(BOOL1_NAME);
+ resp = -1;
+ CU_ASSERT(semanage_bool_exists_local(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == 1);
+
+ delete_local_bool(BOOL1_NAME);
+ resp = -1;
+ CU_ASSERT(semanage_bool_exists_local(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == 0);
+
+ /* cleanup */
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function bool_count_local */
+void test_bool_count_local(void)
+{
+ unsigned int resp;
+ unsigned int init_count;
+
+ /* handle */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_bool_count_local(sh, &resp) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_bool_count_local(sh, &resp) >= 0);
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+
+ CU_ASSERT(semanage_bool_count_local(sh, &resp) >= 0);
+ init_count = resp;
+
+ add_local_bool(BOOL1_NAME);
+ CU_ASSERT(semanage_bool_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == init_count + 1);
+
+ add_local_bool(BOOL2_NAME);
+ CU_ASSERT(semanage_bool_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == init_count + 2);
+
+ delete_local_bool(BOOL2_NAME);
+ CU_ASSERT(semanage_bool_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == init_count + 1);
+
+ delete_local_bool(BOOL1_NAME);
+ CU_ASSERT(semanage_bool_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == init_count);
+
+ /* cleanup */
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function bool_iterate_local */
+unsigned int counter_bool_iterate_local = 0;
+
+int handler_bool_iterate_local(const semanage_bool_t *record, void *varg)
+{
+ counter_bool_iterate_local++;
+ return 0;
+}
+
+void test_bool_iterate_local(void)
+{
+ unsigned int init_count;
+
+ /* handle */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_bool_iterate_local(sh, &handler_bool_iterate_local,
+ NULL) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+
+ counter_bool_iterate_local = 0;
+ CU_ASSERT(semanage_bool_iterate_local(sh, &handler_bool_iterate_local,
+ NULL) >= 0);
+ init_count = counter_bool_iterate_local;
+
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+
+ counter_bool_iterate_local = 0;
+ CU_ASSERT(semanage_bool_iterate_local(sh, &handler_bool_iterate_local,
+ NULL) >= 0);
+ CU_ASSERT(counter_bool_iterate_local == init_count);
+
+ add_local_bool(BOOL1_NAME);
+ counter_bool_iterate_local = 0;
+ CU_ASSERT(semanage_bool_iterate_local(sh, &handler_bool_iterate_local,
+ NULL) >= 0);
+ CU_ASSERT(counter_bool_iterate_local == init_count + 1);
+
+ add_local_bool(BOOL2_NAME);
+ counter_bool_iterate_local = 0;
+ CU_ASSERT(semanage_bool_iterate_local(sh, &handler_bool_iterate_local,
+ NULL) >= 0);
+ CU_ASSERT(counter_bool_iterate_local == init_count + 2);
+
+ /* cleanup */
+ delete_local_bool(BOOL1_NAME);
+ delete_local_bool(BOOL2_NAME);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function bool_list_local */
+void test_bool_list_local(void)
+{
+ semanage_bool_t **records;
+ unsigned int count;
+ unsigned int init_count;
+
+ /* handle */
+ setup_handle(SH_HANDLE);
+
+ CU_ASSERT(semanage_bool_list_local(sh, &records, &count) < 0);
+ CU_ASSERT(semanage_bool_list_local(sh, NULL, &count) < 0);
+ CU_ASSERT(semanage_bool_list_local(sh, &records, NULL) < 0);
+
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+
+ CU_ASSERT(semanage_bool_list_local(sh, &records, &count) >= 0);
+ init_count = count;
+
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+
+ CU_ASSERT(semanage_bool_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == init_count);
+
+ add_local_bool(BOOL1_NAME);
+ CU_ASSERT(semanage_bool_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == init_count + 1);
+ CU_ASSERT_PTR_NOT_NULL(records[0]);
+
+ add_local_bool(BOOL2_NAME);
+ CU_ASSERT(semanage_bool_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == init_count + 2);
+ CU_ASSERT_PTR_NOT_NULL(records[0]);
+ CU_ASSERT_PTR_NOT_NULL(records[1]);
+
+ /* cleanup */
+ delete_local_bool(BOOL1_NAME);
+ delete_local_bool(BOOL2_NAME);
+ cleanup_handle(SH_TRANS);
+}
diff --git a/libsemanage/tests/test_bool.cil b/libsemanage/tests/test_bool.cil
new file mode 100644
index 0000000..4174751
--- /dev/null
+++ b/libsemanage/tests/test_bool.cil
@@ -0,0 +1,24 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap network_peer_controls)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user system_u)
+(userrole system_u object_r)
+(userlevel system_u (s0))
+(userrange system_u ((s0) (s0)))
+(role object_r)
+(roletype object_r test_t)
+(type test_t)
+(sidcontext security (system_u object_r test_t ((s0) (s0))))
+(class test_class (test_perm))
+(classorder (test_class))
+(allow test_t self (test_class (test_perm)))
+(boolean first_bool true)
+(boolean second_bool false)
+(boolean third_bool false)
diff --git a/libsemanage/tests/test_bool.h b/libsemanage/tests/test_bool.h
new file mode 100644
index 0000000..b5b5a60
--- /dev/null
+++ b/libsemanage/tests/test_bool.h
@@ -0,0 +1,31 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_BOOL_H__
+#define __TEST_BOOL_H__
+
+#include <CUnit/Basic.h>
+#include "semanage/semanage.h"
+
+int bool_test_init(void);
+int bool_test_cleanup(void);
+int bool_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_fcontext.c b/libsemanage/tests/test_fcontext.c
new file mode 100644
index 0000000..62af711
--- /dev/null
+++ b/libsemanage/tests/test_fcontext.c
@@ -0,0 +1,1045 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_fcontext.h"
+
+char FCONTEXTS[] =
+ "/etc/selinux(/.*) -s system_u:object_r:first_t:s0\n"
+ "/etc/selinux/targeted -- system_u:object_r:second_t:s0\n"
+ "/etc/selinux(/.*) -b system_u:object_r:third_t:s0\n";
+unsigned int FCONTEXTS_LEN = sizeof(FCONTEXTS);
+
+#define FCONTEXTS_COUNT 3
+
+#define FCONTEXT1_EXPR "/etc/selinux(/.*)"
+#define FCONTEXT1_TYPE SEMANAGE_FCONTEXT_SOCK
+#define FCONTEXT1_CON "system_u:object_r:first_t:s0"
+
+#define FCONTEXT2_EXPR "/etc/selinux/targeted"
+#define FCONTEXT2_TYPE SEMANAGE_FCONTEXT_REG
+#define FCONTEXT2_CON "system_u:object_r:second_t:s0"
+
+#define FCONTEXT3_EXPR "/etc/selinux(/.*)"
+#define FCONTEXT3_TYPE SEMANAGE_FCONTEXT_BLOCK
+#define FCONTEXT3_CON "system_u:object_r:third_t:s0"
+
+#define FCONTEXT_NONEXISTENT_EXPR "/asdf"
+#define FCONTEXT_NONEXISTENT_TYPE SEMANAGE_FCONTEXT_ALL
+
+/* fcontext_record.h */
+void test_fcontext_compare(void);
+void test_fcontext_compare2(void);
+void test_fcontext_key_create(void);
+void test_fcontext_key_extract(void);
+void test_fcontext_get_set_expr(void);
+void test_fcontext_get_set_type(void);
+void test_fcontext_get_type_str(void);
+void test_fcontext_get_set_con(void);
+void test_fcontext_create(void);
+void test_fcontext_clone(void);
+
+/* fcontext_policy.h */
+void test_fcontext_query(void);
+void test_fcontext_exists(void);
+void test_fcontext_count(void);
+void test_fcontext_iterate(void);
+void test_fcontext_list(void);
+
+/* fcontext_local.h */
+void test_fcontext_modify_del_local(void);
+void test_fcontext_query_local(void);
+void test_fcontext_exists_local(void);
+void test_fcontext_count_local(void);
+void test_fcontext_iterate_local(void);
+void test_fcontext_list_local(void);
+
+extern semanage_handle_t *sh;
+
+int get_type(char *t)
+{
+ if (strcmp(t, "--") == 0)
+ return SEMANAGE_FCONTEXT_ALL;
+ else if (strcmp(t, "-f") == 0)
+ return SEMANAGE_FCONTEXT_REG;
+ else if (strcmp(t, "-d") == 0)
+ return SEMANAGE_FCONTEXT_DIR;
+ else if (strcmp(t, "-c") == 0)
+ return SEMANAGE_FCONTEXT_CHAR;
+ else if (strcmp(t, "-b") == 0)
+ return SEMANAGE_FCONTEXT_BLOCK;
+ else if (strcmp(t, "-s") == 0)
+ return SEMANAGE_FCONTEXT_SOCK;
+ else if (strcmp(t, "-l") == 0)
+ return SEMANAGE_FCONTEXT_LINK;
+ else if (strcmp(t, "-p") == 0)
+ return SEMANAGE_FCONTEXT_PIPE;
+ else
+ return -1;
+}
+
+int write_file_contexts(const char *data, unsigned int data_len)
+{
+ FILE *fptr = fopen("test-policy/store/active/file_contexts", "w+");
+
+ if (!fptr) {
+ perror("fopen");
+ return -1;
+ }
+
+ if (fwrite(data, data_len, 1, fptr) != 1) {
+ perror("fwrite");
+ fclose(fptr);
+ return -1;
+ }
+
+ fclose(fptr);
+
+ return 0;
+}
+
+int fcontext_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_fcontext.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ if (write_file_contexts(FCONTEXTS, FCONTEXTS_LEN) < 0) {
+ fprintf(stderr, "Could not write file contexts\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int fcontext_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could not destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int fcontext_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "test_fcontext_compare", test_fcontext_compare);
+ CU_add_test(suite, "test_fcontext_compare2", test_fcontext_compare2);
+ CU_add_test(suite, "test_fcontext_key_create",
+ test_fcontext_key_create);
+ CU_add_test(suite, "test_fcontext_key_extract",
+ test_fcontext_key_extract);
+ CU_add_test(suite, "test_fcontext_get_set_expr",
+ test_fcontext_get_set_expr);
+ CU_add_test(suite, "test_fcontext_get_set_type",
+ test_fcontext_get_set_type);
+ CU_add_test(suite, "test_fcontext_get_type_str",
+ test_fcontext_get_type_str);
+ CU_add_test(suite, "test_fcontext_get_set_con",
+ test_fcontext_get_set_con);
+ CU_add_test(suite, "test_fcontext_create", test_fcontext_create);
+ CU_add_test(suite, "test_fcontext_clone", test_fcontext_clone);
+
+ CU_add_test(suite, "test_fcontext_query", test_fcontext_query);
+ CU_add_test(suite, "test_fcontext_exists", test_fcontext_exists);
+ CU_add_test(suite, "test_fcontext_count", test_fcontext_count);
+ CU_add_test(suite, "test_fcontext_iterate", test_fcontext_iterate);
+ CU_add_test(suite, "test_fcontext_list", test_fcontext_list);
+ CU_add_test(suite, "test_fcontext_modify_del_local",
+ test_fcontext_modify_del_local);
+ CU_add_test(suite, "test_fcontext_query_local",
+ test_fcontext_query_local);
+ CU_add_test(suite, "test_fcontext_exists_local",
+ test_fcontext_exists_local);
+ CU_add_test(suite, "test_fcontext_count_local",
+ test_fcontext_count_local);
+ CU_add_test(suite, "test_fcontext_iterate_local",
+ test_fcontext_iterate_local);
+ CU_add_test(suite, "test_fcontext_list_local",
+ test_fcontext_list_local);
+
+ return 0;
+}
+
+/* Helpers */
+
+semanage_fcontext_t *get_fcontext_new(void)
+{
+ semanage_fcontext_t *fcontext;
+
+ CU_ASSERT_FATAL(semanage_fcontext_create(sh, &fcontext) >= 0);
+
+ return fcontext;
+}
+
+semanage_fcontext_t *get_fcontext_nth(int idx)
+{
+ semanage_fcontext_t **records;
+ semanage_fcontext_t *fcontext;
+ unsigned int count;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ CU_ASSERT_FATAL(semanage_fcontext_list(sh, &records, &count) >= 0);
+ CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
+
+ fcontext = records[idx];
+
+ for (unsigned int i = 0; i < count; i++)
+ if (i != (unsigned int) idx)
+ semanage_fcontext_free(records[i]);
+
+ return fcontext;
+}
+
+semanage_fcontext_key_t *get_fcontext_key_nth(int idx)
+{
+ semanage_fcontext_key_t *key;
+ semanage_fcontext_t *fcontext;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ fcontext = get_fcontext_nth(idx);
+
+ CU_ASSERT_FATAL(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+void add_local_fcontext(int fcontext_idx)
+{
+ semanage_fcontext_t *fcontext;
+ semanage_fcontext_key_t *key = NULL;
+
+ CU_ASSERT_FATAL(fcontext_idx != I_NULL);
+
+ fcontext = get_fcontext_nth(fcontext_idx);
+
+ CU_ASSERT_FATAL(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_fcontext_modify_local(sh, key, fcontext) >= 0);
+}
+
+void delete_local_fcontext(int fcontext_idx)
+{
+ semanage_fcontext_key_t *key = NULL;
+
+ CU_ASSERT_FATAL(fcontext_idx != I_NULL);
+
+ key = get_fcontext_key_nth(fcontext_idx);
+
+ CU_ASSERT_FATAL(semanage_fcontext_del_local(sh, key) >= 0);
+}
+
+semanage_fcontext_key_t *get_fcontext_key_from_str(const char *str, int type)
+{
+ semanage_fcontext_key_t *key;
+ int res;
+
+ if (str == NULL)
+ return NULL;
+
+ res = semanage_fcontext_key_create(sh, str, type, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+/* Function semanage_fcontext_compare */
+void test_fcontext_compare(void)
+{
+ semanage_fcontext_t *fcontext;
+ semanage_fcontext_key_t *key1;
+ semanage_fcontext_key_t *key2;
+ semanage_fcontext_key_t *key3;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ fcontext = get_fcontext_nth(I_FIRST);
+
+ key1 = get_fcontext_key_nth(I_FIRST);
+ key2 = get_fcontext_key_nth(I_SECOND);
+ key3 = get_fcontext_key_nth(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_compare(fcontext, key1) == 0);
+ CU_ASSERT(semanage_fcontext_compare(fcontext, key2) < 0);
+ CU_ASSERT(semanage_fcontext_compare(fcontext, key3) > 0);
+
+ /* cleanup */
+ semanage_fcontext_free(fcontext);
+ semanage_fcontext_key_free(key1);
+ semanage_fcontext_key_free(key2);
+ semanage_fcontext_key_free(key3);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_fcontext_compare2 */
+void test_fcontext_compare2(void)
+{
+ semanage_fcontext_t *fcontext;
+ semanage_fcontext_t *fcontext1;
+ semanage_fcontext_t *fcontext2;
+ semanage_fcontext_t *fcontext3;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ fcontext = get_fcontext_nth(I_FIRST);
+ fcontext1 = get_fcontext_nth(I_FIRST);
+ fcontext2 = get_fcontext_nth(I_SECOND);
+ fcontext3 = get_fcontext_nth(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext1) == 0);
+ CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext2) < 0);
+ CU_ASSERT(semanage_fcontext_compare2(fcontext, fcontext3) > 0);
+
+ /* cleanup */
+ semanage_fcontext_free(fcontext);
+ semanage_fcontext_free(fcontext1);
+ semanage_fcontext_free(fcontext2);
+ semanage_fcontext_free(fcontext3);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_fcontext_key_create */
+void test_fcontext_key_create(void)
+{
+ semanage_fcontext_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_key_create(sh, "", SEMANAGE_FCONTEXT_ALL,
+ &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ semanage_fcontext_key_free(key);
+
+ key = NULL;
+
+ CU_ASSERT(semanage_fcontext_key_create(sh, "testfcontext",
+ SEMANAGE_FCONTEXT_ALL, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ semanage_fcontext_key_free(key);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_fcontext_key_extract */
+void test_fcontext_key_extract(void)
+{
+ semanage_fcontext_t *fcontext;
+ semanage_fcontext_key_t *key;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ fcontext = get_fcontext_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_fcontext_key_free(key);
+ semanage_fcontext_free(fcontext);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_fcontext_get_expr, semanage_fcontext_set_expr */
+void test_fcontext_get_set_expr(void)
+{
+ semanage_fcontext_t *fcontext;
+ const char *expr = NULL;
+ const char *expr_exp = "/asdf";
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ fcontext = get_fcontext_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_set_expr(sh, fcontext, expr_exp) >= 0);
+ expr = semanage_fcontext_get_expr(fcontext);
+ CU_ASSERT_PTR_NOT_NULL(expr);
+ assert(expr);
+ CU_ASSERT_STRING_EQUAL(expr, expr_exp);
+
+ /* cleanup */
+ semanage_fcontext_free(fcontext);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_fcontext_get_type, semanage_fcontext_set_type */
+void test_fcontext_get_set_type(void)
+{
+ semanage_fcontext_t *fcontext;
+ int type_exp = SEMANAGE_FCONTEXT_SOCK;
+ int type;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ fcontext = get_fcontext_nth(I_FIRST);
+
+ /* test */
+ semanage_fcontext_set_type(fcontext, type_exp);
+ type = semanage_fcontext_get_type(fcontext);
+ CU_ASSERT(type == type_exp);
+
+ /* cleanup */
+ semanage_fcontext_free(fcontext);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_fcontext_get_type_str */
+void helper_fcontext_get_type_str(int type, const char *exp_str)
+{
+ CU_ASSERT_STRING_EQUAL(semanage_fcontext_get_type_str(type), exp_str);
+}
+
+void test_fcontext_get_type_str(void)
+{
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_ALL, "all files");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_REG, "regular file");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_DIR, "directory");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_CHAR,
+ "character device");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_BLOCK, "block device");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_SOCK, "socket");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_LINK, "symbolic link");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_PIPE, "named pipe");
+
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_ALL - 1, "????");
+ helper_fcontext_get_type_str(SEMANAGE_FCONTEXT_PIPE + 1, "????");
+}
+
+/* Function semanage_fcontext_get_con, semanage_fcontext_set_con */
+void helper_fcontext_get_set_con(level_t level, int fcontext_idx,
+ const char *con_str)
+{
+ semanage_fcontext_t *fcontext;
+ semanage_context_t *con = NULL;
+ semanage_context_t *new_con = NULL;
+
+ /* setup */
+ setup_handle(level);
+ fcontext = get_fcontext_nth(fcontext_idx);
+
+ if (con_str != NULL) {
+ CU_ASSERT(semanage_context_from_string(sh, con_str, &con) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(con);
+ } else {
+ con = NULL;
+ }
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_set_con(sh, fcontext, con) >= 0);
+ new_con = semanage_fcontext_get_con(fcontext);
+
+ if (con_str != NULL) {
+ CU_ASSERT_CONTEXT_EQUAL(con, new_con);
+ } else {
+ CU_ASSERT_PTR_NULL(new_con);
+ }
+
+ /* cleanup */
+ semanage_fcontext_free(fcontext);
+ cleanup_handle(level);
+}
+
+void test_fcontext_get_set_con(void)
+{
+ helper_fcontext_get_set_con(SH_CONNECT, I_FIRST, NULL);
+ helper_fcontext_get_set_con(SH_CONNECT, I_FIRST,
+ "user_u:role_r:type_t:s0");
+ helper_fcontext_get_set_con(SH_CONNECT, I_SECOND,
+ "user_u:role_r:type_t:s0");
+ helper_fcontext_get_set_con(SH_TRANS, I_FIRST, NULL);
+ helper_fcontext_get_set_con(SH_TRANS, I_FIRST,
+ "user_u:role_r:type_t:s0");
+ helper_fcontext_get_set_con(SH_TRANS, I_SECOND,
+ "user_u:role_r:type_t:s0");
+}
+
+/* Function semanage_fcontext_create */
+void helper_fcontext_create(level_t level)
+{
+ semanage_fcontext_t *fcontext;
+
+ /* setup */
+ setup_handle(level);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_create(sh, &fcontext) >= 0);
+ CU_ASSERT_PTR_NULL(semanage_fcontext_get_expr(fcontext));
+ CU_ASSERT(semanage_fcontext_get_type(fcontext)
+ == SEMANAGE_FCONTEXT_ALL);
+ CU_ASSERT_PTR_NULL(semanage_fcontext_get_con(fcontext));
+
+ /* cleanup */
+ semanage_fcontext_free(fcontext);
+ cleanup_handle(level);
+}
+
+void test_fcontext_create(void)
+{
+ helper_fcontext_create(SH_NULL);
+ helper_fcontext_create(SH_HANDLE);
+ helper_fcontext_create(SH_CONNECT);
+ helper_fcontext_create(SH_TRANS);
+}
+
+/* Function semanage_fcontext_clone */
+void helper_fcontext_clone(level_t level, int fcontext_idx)
+{
+ semanage_fcontext_t *fcontext;
+ semanage_fcontext_t *fcontext_clone;
+ const char *expr;
+ const char *expr_clone;
+ int type;
+ int type_clone;
+ semanage_context_t *con;
+ semanage_context_t *con_clone;
+
+ /* setup */
+ setup_handle(level);
+ fcontext = get_fcontext_nth(fcontext_idx);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_clone(sh, fcontext, &fcontext_clone) >= 0);
+
+ expr = semanage_fcontext_get_expr(fcontext);
+ expr_clone = semanage_fcontext_get_expr(fcontext_clone);
+ CU_ASSERT_STRING_EQUAL(expr, expr_clone);
+
+ type = semanage_fcontext_get_type(fcontext);
+ type_clone = semanage_fcontext_get_type(fcontext_clone);
+ CU_ASSERT_EQUAL(type, type_clone);
+
+ con = semanage_fcontext_get_con(fcontext);
+ con_clone = semanage_fcontext_get_con(fcontext_clone);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_clone);
+
+ /* cleanup */
+ semanage_fcontext_free(fcontext);
+ semanage_fcontext_free(fcontext_clone);
+ cleanup_handle(level);
+}
+
+void test_fcontext_clone(void)
+{
+ helper_fcontext_clone(SH_CONNECT, I_FIRST);
+ helper_fcontext_clone(SH_CONNECT, I_SECOND);
+ helper_fcontext_clone(SH_TRANS, I_FIRST);
+ helper_fcontext_clone(SH_TRANS, I_SECOND);
+}
+
+/* Function semanage_fcontext_query */
+void helper_fcontext_query(level_t level, const char *fcontext_expr,
+ int fcontext_type, int exp_res)
+{
+ semanage_fcontext_key_t *key;
+ semanage_fcontext_t *resp = (void *) 42;
+ int res;
+
+ /* setup */
+ setup_handle(level);
+ key = get_fcontext_key_from_str(fcontext_expr, fcontext_type);
+
+ /* test */
+ res = semanage_fcontext_query(sh, key, &resp);
+
+ if (exp_res >= 0) {
+ CU_ASSERT(res >= 0);
+ const char *expr = semanage_fcontext_get_expr(resp);
+ CU_ASSERT_STRING_EQUAL(expr, fcontext_expr);
+ } else {
+ CU_ASSERT(res < 0);
+ CU_ASSERT(resp == (void *) 42);
+ }
+
+ /* cleanup */
+ cleanup_handle(level);
+}
+
+void test_fcontext_query(void)
+{
+ helper_fcontext_query(SH_CONNECT, FCONTEXT_NONEXISTENT_EXPR,
+ FCONTEXT_NONEXISTENT_TYPE, -1);
+ helper_fcontext_query(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT1_TYPE, -1);
+ helper_fcontext_query(SH_CONNECT, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
+ helper_fcontext_query(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
+ helper_fcontext_query(SH_TRANS, FCONTEXT_NONEXISTENT_EXPR,
+ FCONTEXT_NONEXISTENT_TYPE, -1);
+ helper_fcontext_query(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT1_TYPE, -1);
+ helper_fcontext_query(SH_TRANS, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
+ helper_fcontext_query(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
+}
+
+/* Function semanage_fcontext_exists */
+void helper_fcontext_exists(level_t level, const char *fcontext_expr,
+ int fcontext_type, int exp_resp)
+{
+ semanage_fcontext_key_t *key;
+ int resp;
+
+ /* setup */
+ setup_handle(level);
+ key = get_fcontext_key_from_str(fcontext_expr, fcontext_type);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_exists(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == exp_resp);
+
+ /* cleanup */
+ semanage_fcontext_key_free(key);
+ cleanup_handle(level);
+}
+
+void test_fcontext_exists(void)
+{
+ helper_fcontext_exists(SH_CONNECT, FCONTEXT_NONEXISTENT_EXPR,
+ FCONTEXT_NONEXISTENT_TYPE, 0);
+ helper_fcontext_exists(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT1_TYPE, 0);
+ helper_fcontext_exists(SH_CONNECT, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
+ helper_fcontext_exists(SH_CONNECT, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
+ helper_fcontext_exists(SH_TRANS, FCONTEXT_NONEXISTENT_EXPR,
+ FCONTEXT_NONEXISTENT_TYPE, 0);
+ helper_fcontext_exists(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT1_TYPE, 0);
+ helper_fcontext_exists(SH_TRANS, FCONTEXT1_EXPR, FCONTEXT1_TYPE, 1);
+ helper_fcontext_exists(SH_TRANS, FCONTEXT2_EXPR, FCONTEXT2_TYPE, 1);
+}
+
+/* Function semanage_fcontext_count */
+void test_fcontext_count(void)
+{
+ unsigned int resp;
+
+ /* handle */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_fcontext_count(sh, &resp) < 0);
+ CU_ASSERT(semanage_fcontext_count(sh, NULL) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ resp = 0;
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_fcontext_count(sh, &resp) >= 0);
+ CU_ASSERT(resp == FCONTEXTS_COUNT);
+ cleanup_handle(SH_CONNECT);
+
+ /* trans */
+ resp = 0;
+ setup_handle(SH_TRANS);
+ CU_ASSERT(semanage_fcontext_count(sh, &resp) >= 0);
+ CU_ASSERT(resp == FCONTEXTS_COUNT);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_fcontext_iterate */
+unsigned int counter_fcontext_iterate = 0;
+
+int handler_fcontext_iterate(const semanage_fcontext_t *record, void *varg)
+{
+ CU_ASSERT_PTR_NOT_NULL(record);
+ counter_fcontext_iterate++;
+ return 0;
+}
+
+void helper_fcontext_iterate_invalid(void)
+{
+ /* setup */
+ setup_handle(SH_HANDLE);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_iterate(sh, &handler_fcontext_iterate,
+ NULL) < 0);
+ CU_ASSERT(semanage_fcontext_iterate(sh, NULL, NULL) < 0);
+
+ /* cleanup */
+ cleanup_handle(SH_HANDLE);
+}
+
+void helper_fcontext_iterate(level_t level)
+{
+ /* setup */
+ setup_handle(level);
+ counter_fcontext_iterate = 0;
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_iterate(sh, &handler_fcontext_iterate,
+ NULL) >= 0);
+ CU_ASSERT(counter_fcontext_iterate == FCONTEXTS_COUNT);
+
+ /* cleanup */
+ cleanup_handle(level);
+}
+
+void test_fcontext_iterate(void)
+{
+ helper_fcontext_iterate_invalid();
+ helper_fcontext_iterate(SH_CONNECT);
+ helper_fcontext_iterate(SH_TRANS);
+}
+
+/* Function semanage_fcontext_list */
+void helper_fcontext_list_invalid(void)
+{
+ semanage_fcontext_t **records;
+ unsigned int count;
+
+ /* setup */
+ setup_handle(SH_HANDLE);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_list(sh, &records, &count) < 0);
+ CU_ASSERT(semanage_fcontext_list(sh, NULL, &count) < 0);
+ CU_ASSERT(semanage_fcontext_list(sh, &records, NULL) < 0);
+
+ /* cleanup */
+ cleanup_handle(SH_HANDLE);
+}
+
+void helper_fcontext_list(level_t level)
+{
+ semanage_fcontext_t **records;
+ unsigned int count;
+
+ /* setup */
+ setup_handle(level);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_list(sh, &records, &count) >= 0);
+ CU_ASSERT(count == FCONTEXTS_COUNT);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ for (unsigned int i = 0; i < count; i++)
+ semanage_fcontext_free(records[i]);
+
+ /* cleanup */
+ cleanup_handle(level);
+}
+
+void test_fcontext_list(void)
+{
+ helper_fcontext_list_invalid();
+ helper_fcontext_list(SH_CONNECT);
+ helper_fcontext_list(SH_TRANS);
+}
+
+/* Function semanage_fcontext_modify_local, semanage_fcontext_del_local */
+void helper_fcontext_modify_del_local(level_t level, int fcontext_idx,
+ const char *con_str, int exp_res)
+{
+ semanage_fcontext_t *fcontext;
+ semanage_fcontext_t *fcontext_local;
+ semanage_fcontext_key_t *key = NULL;
+ semanage_context_t *con = NULL;
+ int res;
+
+ /* setup */
+ setup_handle(level);
+ fcontext = get_fcontext_nth(fcontext_idx);
+ CU_ASSERT(semanage_fcontext_key_extract(sh, fcontext, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ if (con_str != NULL) {
+ CU_ASSERT(semanage_context_from_string(sh, con_str, &con) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(con);
+ } else {
+ con = NULL;
+ }
+
+ CU_ASSERT(semanage_fcontext_set_con(sh, fcontext, con) >= 0);
+
+ /* test */
+ res = semanage_fcontext_modify_local(sh, key, fcontext);
+
+ if (exp_res >= 0) {
+ CU_ASSERT(res >= 0);
+
+ if (level == SH_TRANS) {
+ helper_commit();
+ helper_begin_transaction();
+ }
+
+ CU_ASSERT(semanage_fcontext_query_local(sh, key,
+ &fcontext_local) >= 0);
+ CU_ASSERT(semanage_fcontext_compare2(fcontext_local,
+ fcontext) == 0);
+ CU_ASSERT(semanage_fcontext_del_local(sh, key) >= 0);
+ CU_ASSERT(semanage_fcontext_query_local(sh, key,
+ &fcontext_local) < 0);
+ } else {
+ CU_ASSERT(res < 0);
+ }
+
+ /* cleanup */
+ semanage_fcontext_key_free(key);
+ semanage_fcontext_free(fcontext);
+ cleanup_handle(level);
+}
+
+void test_fcontext_modify_del_local(void)
+{
+ helper_fcontext_modify_del_local(SH_CONNECT, I_FIRST,
+ "system_u:object_r:tmp_t:s0", -1);
+ helper_fcontext_modify_del_local(SH_CONNECT, I_SECOND,
+ "system_u:object_r:tmp_t:s0", -1);
+ helper_fcontext_modify_del_local(SH_TRANS, I_FIRST,
+ "system_u:object_r:tmp_t:s0", 1);
+ helper_fcontext_modify_del_local(SH_TRANS, I_SECOND,
+ "system_u:object_r:tmp_t:s0", 1);
+}
+
+/* Function semanage_fcontext_query_local */
+void test_fcontext_query_local(void)
+{
+ semanage_fcontext_key_t *key = NULL;
+ semanage_fcontext_t *resp = NULL;
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+
+ key = get_fcontext_key_nth(I_FIRST);
+ CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) < 0);
+ CU_ASSERT_PTR_NULL(resp);
+
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+
+ key = get_fcontext_key_nth(I_FIRST);
+ CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) < 0);
+ CU_ASSERT_PTR_NULL(resp);
+
+ add_local_fcontext(I_FIRST);
+ CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(resp);
+
+ semanage_fcontext_key_free(key);
+ key = get_fcontext_key_nth(I_SECOND);
+ add_local_fcontext(I_SECOND);
+ CU_ASSERT(semanage_fcontext_query_local(sh, key, &resp) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(resp);
+
+ /* cleanup */
+ delete_local_fcontext(I_FIRST);
+ delete_local_fcontext(I_SECOND);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_fcontext_exists_local */
+void test_fcontext_exists_local(void)
+{
+ int resp = -1;
+ semanage_fcontext_key_t *key;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ key = get_fcontext_key_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == 0);
+
+ add_local_fcontext(I_FIRST);
+ resp = -1;
+
+ CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == 1);
+
+ delete_local_fcontext(I_FIRST);
+ resp = -1;
+
+ CU_ASSERT(semanage_fcontext_exists_local(sh, key, &resp) >= 0);
+ CU_ASSERT(resp == 0);
+
+ resp = -1;
+
+ CU_ASSERT(semanage_fcontext_exists_local(sh, NULL, &resp) >= 0);
+ CU_ASSERT(resp == 0);
+
+ /* cleanup */
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_fcontext_count_local */
+void test_fcontext_count_local(void)
+{
+ unsigned int resp;
+
+ /* handle */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_fcontext_count_local(sh, &resp) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == 0);
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+ CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == 0);
+
+ add_local_fcontext(I_FIRST);
+ CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == 1);
+
+ add_local_fcontext(I_SECOND);
+ CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == 2);
+
+ delete_local_fcontext(I_SECOND);
+ CU_ASSERT(semanage_fcontext_count_local(sh, &resp) >= 0);
+ CU_ASSERT(resp == 1);
+
+ /* cleanup */
+ delete_local_fcontext(I_FIRST);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_fcontext_iterate_local */
+unsigned int counter_fcontext_iterate_local = 0;
+
+int handler_fcontext_iterate_local(const semanage_fcontext_t *record,
+ void *varg)
+{
+ CU_ASSERT_PTR_NOT_NULL(record);
+ counter_fcontext_iterate_local++;
+ return 0;
+}
+
+void test_fcontext_iterate_local(void)
+{
+ /* handle */
+ setup_handle(SH_HANDLE);
+
+ CU_ASSERT(semanage_fcontext_iterate_local(sh,
+ &handler_fcontext_iterate_local, NULL) < 0);
+ CU_ASSERT(semanage_fcontext_iterate_local(sh, NULL, NULL) < 0);
+
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+
+ counter_fcontext_iterate_local = 0;
+ CU_ASSERT(semanage_fcontext_iterate_local(sh,
+ &handler_fcontext_iterate_local, NULL) >= 0);
+ CU_ASSERT(counter_fcontext_iterate_local == 0);
+ CU_ASSERT(semanage_fcontext_iterate_local(sh, NULL, NULL) >= 0);
+
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+
+ counter_fcontext_iterate_local = 0;
+ CU_ASSERT(semanage_fcontext_iterate_local(sh,
+ &handler_fcontext_iterate_local, NULL) >= 0);
+ CU_ASSERT(counter_fcontext_iterate_local == 0);
+
+ add_local_fcontext(I_FIRST);
+ counter_fcontext_iterate_local = 0;
+ CU_ASSERT(semanage_fcontext_iterate_local(sh,
+ &handler_fcontext_iterate_local, NULL) >= 0);
+ CU_ASSERT(counter_fcontext_iterate_local == 1);
+
+ add_local_fcontext(I_SECOND);
+ counter_fcontext_iterate_local = 0;
+ CU_ASSERT(semanage_fcontext_iterate_local(sh,
+ &handler_fcontext_iterate_local, NULL) >= 0);
+ CU_ASSERT(counter_fcontext_iterate_local == 2);
+
+ /* cleanup */
+ delete_local_fcontext(I_FIRST);
+ delete_local_fcontext(I_SECOND);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_fcontext_list_local */
+void test_fcontext_list_local(void)
+{
+ semanage_fcontext_t **records;
+ unsigned int count;
+
+ /* handle */
+ setup_handle(SH_HANDLE);
+
+ CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) < 0);
+ CU_ASSERT(semanage_fcontext_list_local(sh, NULL, &count) < 0);
+ CU_ASSERT(semanage_fcontext_list_local(sh, &records, NULL) < 0);
+
+ cleanup_handle(SH_HANDLE);
+
+ /* connect */
+ setup_handle(SH_CONNECT);
+
+ CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ cleanup_handle(SH_CONNECT);
+
+ /* transaction */
+ setup_handle(SH_TRANS);
+
+ CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ add_local_fcontext(I_FIRST);
+ CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 1);
+ CU_ASSERT_PTR_NOT_NULL(records[0]);
+
+ add_local_fcontext(I_SECOND);
+ CU_ASSERT(semanage_fcontext_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 2);
+ CU_ASSERT_PTR_NOT_NULL(records[0]);
+ CU_ASSERT_PTR_NOT_NULL(records[1]);
+
+ /* cleanup */
+ delete_local_fcontext(I_FIRST);
+ delete_local_fcontext(I_SECOND);
+ cleanup_handle(SH_TRANS);
+}
diff --git a/libsemanage/tests/test_fcontext.cil b/libsemanage/tests/test_fcontext.cil
new file mode 100644
index 0000000..1c62b89
--- /dev/null
+++ b/libsemanage/tests/test_fcontext.cil
@@ -0,0 +1,25 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap network_peer_controls)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user system_u)
+(userrole system_u object_r)
+(userlevel system_u (s0))
+(userrange system_u ((s0) (s0)))
+(role object_r)
+(roletype object_r first_t)
+(roletype object_r second_t)
+(roletype object_r third_t)
+(type first_t)
+(type second_t)
+(type third_t)
+(sidcontext security (system_u object_r first_t ((s0) (s0))))
+(class test_class (test_perm))
+(classorder (test_class))
+(allow first_t self (test_class (test_perm)))
diff --git a/libsemanage/tests/test_fcontext.h b/libsemanage/tests/test_fcontext.h
new file mode 100644
index 0000000..64aba99
--- /dev/null
+++ b/libsemanage/tests/test_fcontext.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_FCONTEXT_H__
+#define __TEST_FCONTEXT_H__
+
+#include <CUnit/Basic.h>
+
+int fcontext_test_init(void);
+int fcontext_test_cleanup(void);
+int fcontext_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_handle.c b/libsemanage/tests/test_handle.c
new file mode 100644
index 0000000..2fab29b
--- /dev/null
+++ b/libsemanage/tests/test_handle.c
@@ -0,0 +1,329 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_handle.h"
+
+void test_handle_create(void);
+void test_connect(void);
+void test_disconnect(void);
+void test_transaction(void);
+void test_commit(void);
+void test_is_connected(void);
+void test_access_check(void);
+void test_is_managed(void);
+void test_mls_enabled(void);
+void test_msg_set_callback(void);
+void test_root(void);
+void test_select_store(void);
+
+extern semanage_handle_t *sh;
+
+int handle_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_handle.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int handle_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could not destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int handle_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "test_handle_create", test_handle_create);
+ CU_add_test(suite, "test_connect", test_connect);
+ CU_add_test(suite, "test_disconnect", test_disconnect);
+ CU_add_test(suite, "test_transaction", test_transaction);
+ CU_add_test(suite, "test_commit", test_commit);
+ CU_add_test(suite, "test_is_connected", test_is_connected);
+ CU_add_test(suite, "test_access_check", test_access_check);
+ CU_add_test(suite, "test_is_managed", test_is_managed);
+ CU_add_test(suite, "test_mls_enabled", test_mls_enabled);
+ CU_add_test(suite, "msg_set_callback", test_msg_set_callback);
+ CU_add_test(suite, "test_root", test_root);
+ CU_add_test(suite, "test_select_store", test_select_store);
+
+ return 0;
+}
+
+/* Function semanage_handle_create */
+void test_handle_create(void)
+{
+ sh = semanage_handle_create();
+ CU_ASSERT_PTR_NOT_NULL(sh);
+ semanage_handle_destroy(sh);
+}
+
+/* Function semanage_connect */
+void test_connect(void)
+{
+ /* test handle created */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_connect(sh) >= 0);
+ CU_ASSERT(semanage_disconnect(sh) >= 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* test invalid store */
+ setup_handle_invalid_store(SH_HANDLE);
+ CU_ASSERT(semanage_connect(sh) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* test normal use */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_connect(sh) >= 0);
+ CU_ASSERT(semanage_disconnect(sh) >= 0);
+ cleanup_handle(SH_HANDLE);
+}
+
+/* Function semanage_disconnect */
+void test_disconnect(void)
+{
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_disconnect(sh) >= 0);
+ cleanup_handle(SH_HANDLE);
+}
+
+/* Function semanage_begin_transaction */
+void test_transaction(void)
+{
+ /* test disconnected */
+ setup_handle(SH_CONNECT);
+ helper_disconnect();
+ CU_ASSERT(semanage_begin_transaction(sh) < 0);
+
+ cleanup_handle(SH_HANDLE);
+
+ /* test normal use */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_begin_transaction(sh) >= 0);
+ CU_ASSERT(semanage_commit(sh) >= 0);
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_commit */
+void test_commit(void)
+{
+ /* test without transaction */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_commit(sh) < 0);
+
+ /* test with transaction */
+ helper_begin_transaction();
+ CU_ASSERT(semanage_commit(sh) >= 0);
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_is_connected */
+void test_is_connected(void)
+{
+ /* test disconnected */
+ setup_handle(SH_HANDLE);
+ CU_ASSERT(semanage_is_connected(sh) == 0);
+
+ /* test connected */
+ helper_connect();
+ CU_ASSERT(semanage_is_connected(sh) == 1);
+
+ /* test in transaction */
+ helper_begin_transaction();
+ CU_ASSERT(semanage_is_connected(sh) == 1);
+
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_access_check */
+void test_access_check(void)
+{
+ int res = 0;
+
+ /* test with handle */
+ setup_handle(SH_HANDLE);
+ res = semanage_access_check(sh);
+ CU_ASSERT(res == 0 || res == SEMANAGE_CAN_READ
+ || res == SEMANAGE_CAN_WRITE);
+ cleanup_handle(SH_HANDLE);
+
+ /* test with invalid store */
+ setup_handle_invalid_store(SH_HANDLE);
+ CU_ASSERT(semanage_access_check(sh) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* test connected */
+ setup_handle(SH_CONNECT);
+ res = semanage_access_check(sh);
+ CU_ASSERT(res == 0 || res == SEMANAGE_CAN_READ
+ || res == SEMANAGE_CAN_WRITE);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_is_managed */
+void test_is_managed(void)
+{
+ int res = 0;
+
+ /* test with handle */
+ setup_handle(SH_HANDLE);
+ res = semanage_is_managed(sh);
+ CU_ASSERT(res == 0 || res == 1);
+
+ /* test connected */
+ helper_connect();
+ res = semanage_is_managed(sh);
+ CU_ASSERT(res < 0);
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_mls_enabled */
+void test_mls_enabled(void)
+{
+ int res = 0;
+
+ /* test with handle */
+ setup_handle(SH_HANDLE);
+ res = semanage_mls_enabled(sh);
+ CU_ASSERT(res == 0 || res == 1);
+ cleanup_handle(SH_HANDLE);
+
+ /* test with invalid store */
+ setup_handle_invalid_store(SH_HANDLE);
+ CU_ASSERT(semanage_mls_enabled(sh) < 0);
+ cleanup_handle(SH_HANDLE);
+
+ /* test connected */
+ setup_handle(SH_CONNECT);
+ res = semanage_mls_enabled(sh);
+ CU_ASSERT(res == 0 || res == 1);
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_set_callback */
+int msg_set_callback_count = 0;
+
+void helper_msg_set_callback(void *varg, semanage_handle_t *handle,
+ const char *fmt, ...)
+{
+ msg_set_callback_count++;
+}
+
+void test_msg_set_callback(void)
+{
+ setup_handle(SH_CONNECT);
+
+ semanage_msg_set_callback(sh, helper_msg_set_callback, NULL);
+
+ /* produce error message */
+ semanage_commit(sh);
+ CU_ASSERT(msg_set_callback_count == 1);
+ semanage_msg_set_callback(sh, NULL, NULL);
+
+ /* produce error message */
+ semanage_commit(sh);
+ CU_ASSERT(msg_set_callback_count == 1);
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_root, semanage_set_root */
+void helper_root(void)
+{
+ const char *root = NULL;
+
+ CU_ASSERT(semanage_set_root("asdf") >= 0);
+ root = semanage_root();
+ CU_ASSERT_STRING_EQUAL(root, "asdf");
+
+ CU_ASSERT(semanage_set_root("") >= 0);
+ root = semanage_root();
+ CU_ASSERT_STRING_EQUAL(root, "");
+}
+
+void test_root(void)
+{
+ /* test without handle */
+ setup_handle(SH_NULL);
+ helper_root();
+
+ /* test with handle */
+ helper_handle_create();
+ helper_root();
+
+ /* test connected */
+ helper_connect();
+ helper_root();
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_select_store */
+void helper_select_store(const char *name, enum semanage_connect_type type,
+ int exp_res)
+{
+ setup_handle(SH_HANDLE);
+
+ /* FIXME: the storename parameter of semanage_select_store should be
+ * 'const char *'
+ */
+ semanage_select_store(sh, (char *) name, type);
+
+ int res = semanage_connect(sh);
+
+ if (exp_res < 0) {
+ CU_ASSERT(res < 0);
+ } else {
+ CU_ASSERT(res >= 0);
+ }
+
+ if (res >= 0)
+ cleanup_handle(SH_CONNECT);
+ else
+ cleanup_handle(SH_HANDLE);
+}
+
+void test_select_store(void)
+{
+ helper_select_store("asdf", SEMANAGE_CON_INVALID - 1, -1);
+ helper_select_store("asdf", SEMANAGE_CON_POLSERV_REMOTE + 1, -1);
+ helper_select_store("", SEMANAGE_CON_DIRECT, 0);
+
+ helper_select_store("asdf", SEMANAGE_CON_INVALID, -1);
+ helper_select_store("asdf", SEMANAGE_CON_DIRECT, 0);
+ helper_select_store("asdf", SEMANAGE_CON_POLSERV_LOCAL, -1);
+ helper_select_store("asdf", SEMANAGE_CON_POLSERV_REMOTE, -1);
+}
diff --git a/libsemanage/tests/test_handle.cil b/libsemanage/tests/test_handle.cil
new file mode 100644
index 0000000..81690b8
--- /dev/null
+++ b/libsemanage/tests/test_handle.cil
@@ -0,0 +1,21 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap network_peer_controls)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user system_u)
+(userrole system_u object_r)
+(userlevel system_u (s0))
+(userrange system_u ((s0) (s0)))
+(role object_r)
+(roletype object_r test_t)
+(type test_t)
+(sidcontext security (system_u object_r test_t ((s0) (s0))))
+(class test_class (test_perm))
+(classorder (test_class))
+(allow test_t self (test_class (test_perm)))
diff --git a/libsemanage/tests/test_handle.h b/libsemanage/tests/test_handle.h
new file mode 100644
index 0000000..f927bd6
--- /dev/null
+++ b/libsemanage/tests/test_handle.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_HANDLE_H__
+#define __TEST_HANDLE_H__
+
+#include <CUnit/Basic.h>
+
+int handle_test_init(void);
+int handle_test_cleanup(void);
+int handle_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_ibendport.c b/libsemanage/tests/test_ibendport.c
new file mode 100644
index 0000000..79a8e2c
--- /dev/null
+++ b/libsemanage/tests/test_ibendport.c
@@ -0,0 +1,525 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_ibendport.h"
+
+#define IBENDPORT_COUNT 3
+#define IBENDPORT_1_NAME "mlx4_0"
+#define IBENDPORT_1_PORT 1
+#define IBENDPORT_1_CON "system_u:object_r:first_ibendport_t:s0"
+#define IBENDPORT_2_NAME "mlx4_1"
+#define IBENDPORT_2_PORT 2
+#define IBENDPORT_2_CON "system_u:object_r:second_ibendport_second_t:s0"
+#define IBENDPORT_3_NAME "mlx4_1"
+#define IBENDPORT_3_PORT 3
+#define IBENDPORT_3_CON "system_u:object_r:third_ibendport_second_t:s0"
+
+/* ibendports_policy.h */
+void test_ibendport_query(void);
+void test_ibendport_exists(void);
+void test_ibendport_count(void);
+void test_ibendport_iterate(void);
+void test_ibendport_list(void);
+
+/* ibendports_local.h */
+void test_ibendport_modify_del_query_local(void);
+void test_ibendport_exists_local(void);
+void test_ibendport_count_local(void);
+void test_ibendport_iterate_local(void);
+void test_ibendport_list_local(void);
+
+extern semanage_handle_t *sh;
+
+int ibendport_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_ibendport.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int ibendport_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could not destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int ibendport_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "ibendport_query", test_ibendport_query);
+ CU_add_test(suite, "ibendport_exists", test_ibendport_exists);
+ CU_add_test(suite, "ibendport_count", test_ibendport_count);
+ CU_add_test(suite, "ibendport_iterate", test_ibendport_iterate);
+ CU_add_test(suite, "ibendport_list", test_ibendport_list);
+
+ CU_add_test(suite, "ibendport_modify_del_query_local",
+ test_ibendport_modify_del_query_local);
+ CU_add_test(suite, "ibendport_exists_local",
+ test_ibendport_exists_local);
+ CU_add_test(suite, "ibendport_count_local", test_ibendport_count_local);
+ CU_add_test(suite, "ibendport_iterate_local",
+ test_ibendport_iterate_local);
+ CU_add_test(suite, "ibendport_list_local", test_ibendport_list_local);
+
+ return 0;
+}
+
+/* Helpers */
+
+semanage_ibendport_t *get_ibendport_nth(int idx)
+{
+ semanage_ibendport_t **records;
+ semanage_ibendport_t *ibendport;
+ unsigned int count;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ CU_ASSERT_FATAL(semanage_ibendport_list(sh, &records, &count) >= 0);
+ CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
+
+ ibendport = records[idx];
+
+ for (unsigned int i = 0; i < count; i++)
+ if (i != (unsigned int) idx)
+ semanage_ibendport_free(records[i]);
+
+ return ibendport;
+}
+
+semanage_ibendport_key_t *get_ibendport_key_nth(int idx)
+{
+ semanage_ibendport_key_t *key;
+ semanage_ibendport_t *ibendport;
+ int res;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ ibendport = get_ibendport_nth(idx);
+
+ res = semanage_ibendport_key_extract(sh, ibendport, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+void add_local_ibendport(int idx)
+{
+ semanage_ibendport_t *ibendport;
+ semanage_ibendport_key_t *key = NULL;
+
+ ibendport = get_ibendport_nth(idx);
+
+ CU_ASSERT_FATAL(semanage_ibendport_key_extract(sh, ibendport,
+ &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_ibendport_modify_local(sh, key,
+ ibendport) >= 0);
+}
+
+void delete_local_ibendport(int idx)
+{
+ semanage_ibendport_key_t *key = NULL;
+ key = get_ibendport_key_nth(idx);
+ CU_ASSERT_FATAL(semanage_ibendport_del_local(sh, key) >= 0);
+}
+
+/* Function semanage_ibendport_query */
+void test_ibendport_query(void)
+{
+ semanage_ibendport_t *ibendport = NULL;
+ semanage_ibendport_t *ibendport_exp = NULL;
+ semanage_ibendport_key_t *key = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con_exp = NULL;
+ char *name;
+ char *name_exp;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key = get_ibendport_key_nth(I_FIRST);
+ ibendport_exp = get_ibendport_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_query(sh, key, &ibendport) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(ibendport);
+
+ CU_ASSERT(semanage_ibendport_get_ibdev_name(sh, ibendport, &name) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(name);
+ CU_ASSERT(semanage_ibendport_get_ibdev_name(sh, ibendport_exp,
+ &name_exp) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(name_exp);
+ assert(name);
+ CU_ASSERT_STRING_EQUAL(name, name_exp);
+
+ CU_ASSERT(semanage_ibendport_get_port(ibendport) ==
+ semanage_ibendport_get_port(ibendport_exp));
+
+ con = semanage_ibendport_get_con(ibendport);
+ con_exp = semanage_ibendport_get_con(ibendport_exp);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(con);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(con_exp);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_exp);
+
+ /* cleanup */
+ free(name);
+ semanage_ibendport_free(ibendport);
+ semanage_ibendport_free(ibendport_exp);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_ibendport_exists */
+void test_ibendport_exists(void)
+{
+ semanage_ibendport_key_t *key1 = NULL;
+ semanage_ibendport_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key1 = get_ibendport_key_nth(I_FIRST);
+ CU_ASSERT(semanage_ibendport_key_create(sh, "asdf", 1, &key2) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_exists(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+
+ CU_ASSERT(semanage_ibendport_exists(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ semanage_ibendport_key_free(key1);
+ semanage_ibendport_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_ibendport_count */
+void test_ibendport_count(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_count(sh, &count) >= 0);
+ CU_ASSERT(count == IBENDPORT_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_ibendport_iterate */
+unsigned int helper_ibendport_iterate_counter = 0;
+
+int helper_ibendport_iterate(const semanage_ibendport_t *ibendport,
+ void *fn_arg)
+{
+ CU_ASSERT(fn_arg == (void *) 42);
+ helper_ibendport_iterate_counter++;
+ return 0;
+}
+
+int helper_ibendport_iterate_error(const semanage_ibendport_t *ibendport,
+ void *fn_arg)
+{
+ CU_ASSERT(fn_arg == (void *) 42);
+ helper_ibendport_iterate_counter++;
+ return -1;
+}
+
+int helper_ibendport_iterate_break(const semanage_ibendport_t *ibendport,
+ void *fn_arg)
+{
+ CU_ASSERT(fn_arg == (void *) 42);
+ helper_ibendport_iterate_counter++;
+ return 1;
+}
+
+void test_ibendport_iterate(void)
+{
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ helper_ibendport_iterate_counter = 0;
+ CU_ASSERT(semanage_ibendport_iterate(sh, helper_ibendport_iterate,
+ (void *) 42) >= 0);
+ CU_ASSERT(helper_ibendport_iterate_counter == IBENDPORT_COUNT);
+
+ /* test function which returns error */
+ helper_ibendport_iterate_counter = 0;
+ CU_ASSERT(semanage_ibendport_iterate(sh, helper_ibendport_iterate_error,
+ (void *) 42) < 0);
+ CU_ASSERT(helper_ibendport_iterate_counter == 1);
+
+ /* test function which requests break */
+ helper_ibendport_iterate_counter = 0;
+ CU_ASSERT(semanage_ibendport_iterate(sh, helper_ibendport_iterate_break,
+ (void *) 42) >= 0);
+ CU_ASSERT(helper_ibendport_iterate_counter == 1);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_ibendport_list */
+void test_ibendport_list(void)
+{
+ semanage_ibendport_t **records = NULL;
+ unsigned int count = 42;
+ char *name = NULL;
+ semanage_context_t *con = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_list(sh, &records, &count) >= 0);
+
+ CU_ASSERT_PTR_NOT_NULL_FATAL(records);
+ assert(records);
+ CU_ASSERT(count == IBENDPORT_COUNT);
+
+ for (unsigned int i = 0; i < count; i++) {
+ CU_ASSERT_PTR_NOT_NULL_FATAL(records[i]);
+ CU_ASSERT(semanage_ibendport_get_ibdev_name(sh, records[i],
+ &name) >= 0);
+ con = semanage_ibendport_get_con(records[i]);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(con);
+ free(name);
+ }
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_ibendport_free(records[i]);
+
+ free(records);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_ibendport_modify_local, semanage_ibendport_del_local,
+ * semanage_ibendport_query_local
+ */
+void test_ibendport_modify_del_query_local(void)
+{
+ semanage_ibendport_t *ibendport;
+ semanage_ibendport_t *ibendport_local;
+ semanage_ibendport_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ ibendport = get_ibendport_nth(I_FIRST);
+ CU_ASSERT(semanage_ibendport_key_extract(sh, ibendport, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_modify_local(sh, key, ibendport) >= 0);
+
+ /* write changes to file */
+ helper_commit();
+ helper_begin_transaction();
+
+ CU_ASSERT(semanage_ibendport_query_local(sh, key,
+ &ibendport_local) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(ibendport_local);
+
+ CU_ASSERT(semanage_ibendport_del_local(sh, key) >= 0);
+ CU_ASSERT(semanage_ibendport_query_local(sh, key,
+ &ibendport_local) < 0);
+
+ /* cleanup */
+ semanage_ibendport_free(ibendport);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_ibendport_exists_local */
+void test_ibendport_exists_local(void)
+{
+ semanage_ibendport_key_t *key1 = NULL;
+ semanage_ibendport_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_ibendport(I_FIRST);
+ key1 = get_ibendport_key_nth(I_FIRST);
+ key2 = get_ibendport_key_nth(I_SECOND);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_exists_local(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+
+ CU_ASSERT(semanage_ibendport_exists_local(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ CU_ASSERT(semanage_ibendport_del_local(sh, key1) >= 0);
+ semanage_ibendport_key_free(key1);
+ semanage_ibendport_key_free(key2);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_ibendport_count_local */
+void test_ibendport_count_local(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ add_local_ibendport(I_FIRST);
+ CU_ASSERT(semanage_ibendport_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ add_local_ibendport(I_SECOND);
+ CU_ASSERT(semanage_ibendport_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 2);
+
+ delete_local_ibendport(I_SECOND);
+ CU_ASSERT(semanage_ibendport_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ delete_local_ibendport(I_FIRST);
+ CU_ASSERT(semanage_ibendport_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ /* cleanup */
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_ibendport_iterate_local */
+unsigned int helper_ibendport_iterate_local_counter = 0;
+
+int helper_ibendport_iterate_local(const semanage_ibendport_t *ibendport,
+ void *fn_arg)
+{
+ CU_ASSERT(fn_arg == (void *) 42);
+ helper_ibendport_iterate_local_counter++;
+ return 0;
+}
+
+int helper_ibendport_iterate_local_error(const semanage_ibendport_t *ibendport,
+ void *fn_arg)
+{
+ CU_ASSERT(fn_arg == (void *) 42);
+ helper_ibendport_iterate_local_counter++;
+ return -1;
+}
+
+int helper_ibendport_iterate_local_break(const semanage_ibendport_t *ibendport,
+ void *fn_arg)
+{
+ CU_ASSERT(fn_arg == (void *) 42);
+ helper_ibendport_iterate_local_counter++;
+ return 1;
+}
+
+void test_ibendport_iterate_local(void)
+{
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_ibendport(I_FIRST);
+ add_local_ibendport(I_SECOND);
+ add_local_ibendport(I_THIRD);
+
+ /* test */
+ helper_ibendport_iterate_local_counter = 0;
+ CU_ASSERT(semanage_ibendport_iterate_local(sh,
+ helper_ibendport_iterate_local, (void *) 42) >= 0);
+ CU_ASSERT(helper_ibendport_iterate_local_counter == 3);
+
+ /* test function which returns error */
+ helper_ibendport_iterate_local_counter = 0;
+ CU_ASSERT(semanage_ibendport_iterate_local(sh,
+ helper_ibendport_iterate_local_error, (void *) 42) < 0);
+ CU_ASSERT(helper_ibendport_iterate_local_counter == 1);
+
+ /* test function which requests break */
+ helper_ibendport_iterate_local_counter = 0;
+ CU_ASSERT(semanage_ibendport_iterate_local(sh,
+ helper_ibendport_iterate_local_break, (void *) 42) >= 0);
+
+ /* cleanup */
+ delete_local_ibendport(I_FIRST);
+ delete_local_ibendport(I_SECOND);
+ delete_local_ibendport(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_ibendport_list_local */
+void test_ibendport_list_local(void)
+{
+ semanage_ibendport_t **records = NULL;
+ unsigned int count = 42;
+ char *name = NULL;
+ semanage_context_t *con = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_ibendport(I_FIRST);
+ add_local_ibendport(I_SECOND);
+ add_local_ibendport(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_ibendport_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(records);
+ assert(records);
+ CU_ASSERT(count == 3);
+
+ for (unsigned int i = 0; i < count; i++) {
+ CU_ASSERT_PTR_NOT_NULL_FATAL(records[i]);
+ CU_ASSERT(semanage_ibendport_get_ibdev_name(sh, records[i],
+ &name) >= 0);
+ con = semanage_ibendport_get_con(records[i]);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(con);
+ free(name);
+ }
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_ibendport_free(records[i]);
+
+ free(records);
+ delete_local_ibendport(I_FIRST);
+ delete_local_ibendport(I_SECOND);
+ delete_local_ibendport(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
diff --git a/libsemanage/tests/test_ibendport.cil b/libsemanage/tests/test_ibendport.cil
new file mode 100644
index 0000000..b786b91
--- /dev/null
+++ b/libsemanage/tests/test_ibendport.cil
@@ -0,0 +1,28 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap network_peer_controls)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user system_u)
+(userrole system_u object_r)
+(userlevel system_u (s0))
+(userrange system_u ((s0) (s0)))
+(role object_r)
+(roletype object_r first_ibendport_t)
+(roletype object_r second_ibendport_t)
+(roletype object_r third_ibendport_t)
+(type first_ibendport_t)
+(type second_ibendport_t)
+(type third_ibendport_t)
+(sidcontext security (system_u object_r first_ibendport_t ((s0) (s0))))
+(class test_class (test_perm))
+(classorder (test_class))
+(allow first_ibendport_t self (test_class (test_perm)))
+(ibendportcon mlx4_0 1 (system_u object_r first_ibendport_t ((s0) (s0))))
+(ibendportcon mlx4_1 2 (system_u object_r second_ibendport_t ((s0) (s0))))
+(ibendportcon mlx4_1 3 (system_u object_r third_ibendport_t ((s0) (s0))))
diff --git a/libsemanage/tests/test_ibendport.h b/libsemanage/tests/test_ibendport.h
new file mode 100644
index 0000000..33d7fbd
--- /dev/null
+++ b/libsemanage/tests/test_ibendport.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_IBENDPORT_H__
+#define __TEST_IBENDPORT_H__
+
+#include <CUnit/Basic.h>
+
+int ibendport_test_init(void);
+int ibendport_test_cleanup(void);
+int ibendport_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_iface.c b/libsemanage/tests/test_iface.c
new file mode 100644
index 0000000..d5d530a
--- /dev/null
+++ b/libsemanage/tests/test_iface.c
@@ -0,0 +1,666 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_iface.h"
+
+#define IFACE_COUNT 3
+
+#define IFACE1_NAME "eth0"
+#define IFACE1_IFCON "system_u:object_r:first_netif_t:s0"
+#define IFACE1_MSGCON IFACE1_IFCON
+
+#define IFACE2_NAME "eth1"
+#define IFACE2_IFCON "system_u:object_r:second_netif_t:s0"
+#define IFACE2_MSGCON IFACE2_IFCON
+
+#define IFACE3_NAME "eth2"
+#define IFACE3_IFCON "system_u:object_r:third_netif_t:s0"
+#define IFACE3_MSGCON IFACE3_IFCON
+
+
+/* iface_record.h */
+void test_iface_compare(void);
+void test_iface_compare2(void);
+void test_iface_key_create(void);
+void test_iface_key_extract(void);
+void test_iface_get_set_name(void);
+void test_iface_get_set_ifcon(void);
+void test_iface_get_set_msgcon(void);
+void test_iface_create(void);
+void test_iface_clone(void);
+
+/* iterfaces_policy.h */
+void test_iface_query(void);
+void test_iface_exists(void);
+void test_iface_count(void);
+void test_iface_iterate(void);
+void test_iface_list(void);
+
+/* interfaces_local.h */
+void test_iface_modify_del_query_local(void);
+void test_iface_exists_local(void);
+void test_iface_count_local(void);
+void test_iface_iterate_local(void);
+void test_iface_list_local(void);
+
+extern semanage_handle_t *sh;
+
+int iface_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_iface.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int iface_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could not destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int iface_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "iface_compare", test_iface_compare);
+ CU_add_test(suite, "iface_compare2", test_iface_compare2);
+ CU_add_test(suite, "iface_key_create", test_iface_key_create);
+ CU_add_test(suite, "iface_key_extract", test_iface_key_extract);
+ CU_add_test(suite, "iface_get_set_name", test_iface_get_set_name);
+ CU_add_test(suite, "iface_get_set_ifcon", test_iface_get_set_ifcon);
+ CU_add_test(suite, "iface_get_set_msgcon", test_iface_get_set_msgcon);
+ CU_add_test(suite, "iface_create)", test_iface_create);
+ CU_add_test(suite, "iface_clone);", test_iface_clone);
+
+ CU_add_test(suite, "iface_query", test_iface_query);
+ CU_add_test(suite, "iface_exists", test_iface_exists);
+ CU_add_test(suite, "iface_count", test_iface_count);
+ CU_add_test(suite, "iface_iterate", test_iface_iterate);
+ CU_add_test(suite, "iface_list", test_iface_list);
+
+ CU_add_test(suite, "iface_modify_del_query_local",
+ test_iface_modify_del_query_local);
+ CU_add_test(suite, "iface_exists_local", test_iface_exists_local);
+ CU_add_test(suite, "iface_count_local", test_iface_count_local);
+ CU_add_test(suite, "iface_iterate_local", test_iface_iterate_local);
+ CU_add_test(suite, "iface_list_local", test_iface_list_local);
+
+ return 0;
+}
+
+/* Helpers */
+
+semanage_iface_t *get_iface_nth(int idx)
+{
+ int res;
+ semanage_iface_t **records;
+ semanage_iface_t *iface;
+ unsigned int count;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ res = semanage_iface_list(sh, &records, &count);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
+
+ iface = records[idx];
+
+ for (unsigned int i = 0; i < count; i++)
+ if (i != (unsigned int) idx)
+ semanage_iface_free(records[i]);
+
+ return iface;
+}
+
+semanage_iface_key_t *get_iface_key_nth(int idx)
+{
+ semanage_iface_key_t *key;
+ semanage_iface_t *iface;
+ int res;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ iface = get_iface_nth(idx);
+ res = semanage_iface_key_extract(sh, iface, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+void add_local_iface(int idx)
+{
+ semanage_iface_t *iface;
+ semanage_iface_key_t *key = NULL;
+
+ iface = get_iface_nth(idx);
+
+ CU_ASSERT_FATAL(semanage_iface_key_extract(sh, iface, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_iface_modify_local(sh, key, iface) >= 0);
+}
+
+void delete_local_iface(int idx)
+{
+ semanage_iface_key_t *key = NULL;
+ key = get_iface_key_nth(idx);
+ CU_ASSERT_FATAL(semanage_iface_del_local(sh, key) >= 0);
+}
+
+/* Function semanage_iface_compare */
+void test_iface_compare(void)
+{
+ semanage_iface_t *iface = NULL;
+ semanage_iface_key_t *key1 = NULL;
+ semanage_iface_key_t *key2 = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ iface = get_iface_nth(I_FIRST);
+ key1 = get_iface_key_nth(I_FIRST);
+ CU_ASSERT(semanage_iface_key_create(sh, "qwerty", &key2) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key2);
+
+ /* test */
+ res = semanage_iface_compare(iface, key1);
+ CU_ASSERT(res == 0);
+ res = semanage_iface_compare(iface, key2);
+ CU_ASSERT(res != 0);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ semanage_iface_key_free(key1);
+ semanage_iface_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_compare2 */
+void test_iface_compare2(void)
+{
+ semanage_iface_t *iface1 = NULL;
+ semanage_iface_t *iface2 = NULL;
+ semanage_iface_t *iface3 = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ iface1 = get_iface_nth(I_FIRST);
+ iface2 = get_iface_nth(I_FIRST);
+ iface3 = get_iface_nth(I_SECOND);
+
+ /* test */
+ res = semanage_iface_compare2(iface1, iface2);
+ CU_ASSERT(res == 0);
+ res = semanage_iface_compare2(iface1, iface3);
+ CU_ASSERT(res != 0);
+
+ /* cleanup */
+ semanage_iface_free(iface1);
+ semanage_iface_free(iface2);
+ semanage_iface_free(iface3);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_create */
+void test_iface_key_create(void)
+{
+ semanage_iface_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_iface_key_create(sh, "asdf", &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_iface_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_extract */
+void test_iface_key_extract(void)
+{
+ semanage_iface_t *iface = NULL;
+ semanage_iface_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ iface = get_iface_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_iface_key_extract(sh, iface, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ semanage_iface_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_get_name, semanage_iface_set_name */
+void test_iface_get_set_name(void)
+{
+ semanage_iface_t *iface = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ iface = get_iface_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_iface_set_name(sh, iface, "my_asdf") == 0);
+ CU_ASSERT_STRING_EQUAL(semanage_iface_get_name(iface), "my_asdf");
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_get_ifcon, semanage_iface_set_ifcon */
+void test_iface_get_set_ifcon(void)
+{
+ semanage_iface_t *iface = NULL;
+ semanage_context_t *con1 = NULL;
+ semanage_context_t *con2 = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ iface = get_iface_nth(I_FIRST);
+ CU_ASSERT(semanage_context_from_string(sh,
+ "my_user_u:my_role_r:my_type_t:s0", &con1) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_iface_set_ifcon(sh, iface, con1) == 0);
+ con2 = semanage_iface_get_ifcon(iface);
+ CU_ASSERT_CONTEXT_EQUAL(con1, con2);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_get_msgcon, semanage_iface_set_msgcon */
+void test_iface_get_set_msgcon(void)
+{
+ semanage_iface_t *iface = NULL;
+ semanage_context_t *con1 = NULL;
+ semanage_context_t *con2 = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ iface = get_iface_nth(I_FIRST);
+ CU_ASSERT(semanage_context_from_string(sh,
+ "my_user_u:my_role_r:my_type_t:s0", &con1) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_iface_set_msgcon(sh, iface, con1) == 0);
+ con2 = semanage_iface_get_msgcon(iface);
+ CU_ASSERT_CONTEXT_EQUAL(con1, con2);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_create */
+void test_iface_create(void)
+{
+ semanage_iface_t *iface = NULL;
+ semanage_context_t *ifcon = NULL;
+ semanage_context_t *msgcon = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_iface_create(sh, &iface) >= 0);
+ CU_ASSERT(semanage_iface_set_name(sh, iface, "asdf") >= 0);
+ CU_ASSERT(semanage_context_from_string(sh, "user_u:role_r:type_t:s0",
+ &ifcon) >= 0);
+ CU_ASSERT(semanage_iface_set_ifcon(sh, iface, ifcon) >= 0);
+ CU_ASSERT(semanage_context_from_string(sh, "user_u:role_r:type_t:s0",
+ &msgcon) >= 0);
+ CU_ASSERT(semanage_iface_set_msgcon(sh, iface, msgcon) >= 0);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_clone */
+void test_iface_clone(void)
+{
+ semanage_iface_t *iface = NULL;
+ semanage_iface_t *iface_clone = NULL;
+ semanage_context_t *ifcon = NULL;
+ semanage_context_t *ifcon2 = NULL;
+ semanage_context_t *msgcon = NULL;
+ semanage_context_t *msgcon2 = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_iface_create(sh, &iface) >= 0);
+ CU_ASSERT(semanage_iface_set_name(sh, iface, "asdf") >= 0);
+ CU_ASSERT(semanage_context_from_string(sh, "user_u:role_r:if_type_t:s0",
+ &ifcon) >= 0);
+ CU_ASSERT(semanage_iface_set_ifcon(sh, iface, ifcon) >= 0);
+ CU_ASSERT(semanage_context_from_string(sh, "user_u:role_r:msg_type_t:s0",
+ &msgcon) >= 0);
+ CU_ASSERT(semanage_iface_set_msgcon(sh, iface, msgcon) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_iface_clone(sh, iface, &iface_clone) >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_iface_get_name(iface_clone), "asdf");
+
+ ifcon2 = semanage_iface_get_ifcon(iface_clone);
+ CU_ASSERT_CONTEXT_EQUAL(ifcon, ifcon2);
+
+ msgcon2 = semanage_iface_get_msgcon(iface_clone);
+ CU_ASSERT_CONTEXT_EQUAL(msgcon, msgcon2);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ semanage_iface_free(iface_clone);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_query */
+void test_iface_query(void)
+{
+ semanage_iface_t *iface = NULL;
+ semanage_iface_t *iface_exp = NULL;
+ semanage_iface_key_t *key = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con_exp = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key = get_iface_key_nth(I_FIRST);
+ iface_exp = get_iface_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_iface_query(sh, key, &iface) >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_iface_get_name(iface),
+ semanage_iface_get_name(iface_exp));
+
+ con = semanage_iface_get_ifcon(iface);
+ con_exp = semanage_iface_get_ifcon(iface_exp);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_exp);
+
+ con = semanage_iface_get_msgcon(iface);
+ con_exp = semanage_iface_get_msgcon(iface_exp);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_exp);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ semanage_iface_free(iface_exp);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_exists */
+void test_iface_exists(void)
+{
+ semanage_iface_key_t *key1 = NULL;
+ semanage_iface_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key1 = get_iface_key_nth(I_FIRST);
+ CU_ASSERT(semanage_iface_key_create(sh, "asdf", &key2) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_iface_exists(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_iface_exists(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ semanage_iface_key_free(key1);
+ semanage_iface_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_count */
+void test_iface_count(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_iface_count(sh, &count) >= 0);
+ CU_ASSERT(count == IFACE_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_iterate */
+
+unsigned int counter_iface_iterate = 0;
+
+int handler_iface_iterate(const semanage_iface_t *record, void *varg)
+{
+ counter_iface_iterate++;
+ return 0;
+}
+
+void test_iface_iterate(void)
+{
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ semanage_iface_iterate(sh, handler_iface_iterate, NULL);
+ CU_ASSERT(counter_iface_iterate == IFACE_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_list */
+void test_iface_list(void)
+{
+ semanage_iface_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_iface_list(sh, &records, &count) >= 0);
+ CU_ASSERT(count == IFACE_COUNT);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ for (unsigned int i = 0; i < count; i++)
+ semanage_iface_free(records[i]);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_iface_modify_local, semanage_iface_del_local,
+ * semanage_iface_query_local
+ */
+void test_iface_modify_del_query_local(void)
+{
+ semanage_iface_t *iface;
+ semanage_iface_t *iface_local;
+ semanage_iface_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ iface = get_iface_nth(I_FIRST);
+ CU_ASSERT(semanage_iface_key_extract(sh, iface, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* test */
+ CU_ASSERT(semanage_iface_modify_local(sh, key, iface) >= 0);
+
+ /* write changes to file */
+ helper_commit();
+ helper_begin_transaction();
+
+ CU_ASSERT(semanage_iface_query_local(sh, key, &iface_local) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(iface_local);
+
+ CU_ASSERT(semanage_iface_del_local(sh, key) >= 0);
+ CU_ASSERT(semanage_iface_query_local(sh, key, &iface_local) < 0);
+
+ /* cleanup */
+ semanage_iface_free(iface);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_iface_exists_local */
+void test_iface_exists_local(void)
+{
+ semanage_iface_key_t *key1 = NULL;
+ semanage_iface_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_iface(I_FIRST);
+ key1 = get_iface_key_nth(I_FIRST);
+ key2 = get_iface_key_nth(I_SECOND);
+
+ /* test */
+ CU_ASSERT(semanage_iface_exists_local(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_iface_exists_local(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ CU_ASSERT(semanage_iface_del_local(sh, key1) >= 0);
+ semanage_iface_key_free(key1);
+ semanage_iface_key_free(key2);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_iface_count_local */
+void test_iface_count_local(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+
+ /* test */
+ CU_ASSERT(semanage_iface_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ add_local_iface(I_FIRST);
+ CU_ASSERT(semanage_iface_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ add_local_iface(I_SECOND);
+ CU_ASSERT(semanage_iface_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 2);
+
+ delete_local_iface(I_SECOND);
+ CU_ASSERT(semanage_iface_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ delete_local_iface(I_FIRST);
+ CU_ASSERT(semanage_iface_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ /* cleanup */
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_iface_iterate_local */
+unsigned int counter_iface_iterate_local = 0;
+
+int handler_iface_iterate_local(const semanage_iface_t *record, void *varg)
+{
+ counter_iface_iterate_local++;
+ return 0;
+}
+
+void test_iface_iterate_local(void)
+{
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_iface(I_FIRST);
+ add_local_iface(I_SECOND);
+ add_local_iface(I_THIRD);
+
+ /* test */
+ semanage_iface_iterate_local(sh, handler_iface_iterate_local, NULL);
+ CU_ASSERT(counter_iface_iterate_local == 3);
+
+ /* cleanup */
+ delete_local_iface(I_FIRST);
+ delete_local_iface(I_SECOND);
+ delete_local_iface(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_iface_list_local */
+void test_iface_list_local(void)
+{
+ semanage_iface_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_iface(I_FIRST);
+ add_local_iface(I_SECOND);
+ add_local_iface(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_iface_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 3);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_iface_free(records[i]);
+
+ delete_local_iface(I_FIRST);
+ delete_local_iface(I_SECOND);
+ delete_local_iface(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
diff --git a/libsemanage/tests/test_iface.cil b/libsemanage/tests/test_iface.cil
new file mode 100644
index 0000000..13fd8f6
--- /dev/null
+++ b/libsemanage/tests/test_iface.cil
@@ -0,0 +1,28 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap network_peer_controls)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user system_u)
+(userrole system_u object_r)
+(userlevel system_u (s0))
+(userrange system_u ((s0) (s0)))
+(role object_r)
+(roletype object_r first_netif_t)
+(roletype object_r second_netif_t)
+(roletype object_r third_netif_t)
+(type first_netif_t)
+(type second_netif_t)
+(type third_netif_t)
+(sidcontext security (system_u object_r first_netif_t ((s0) (s0))))
+(class netif (tcp_recv))
+(classorder (netif))
+(allow first_netif_t self (netif (tcp_recv)))
+(netifcon eth0 (system_u object_r first_netif_t ((s0) (s0))) (system_u object_r first_netif_t ((s0) (s0))))
+(netifcon eth1 (system_u object_r second_netif_t ((s0) (s0))) (system_u object_r second_netif_t ((s0) (s0))))
+(netifcon eth2 (system_u object_r third_netif_t ((s0) (s0))) (system_u object_r third_netif_t ((s0) (s0))))
diff --git a/libsemanage/tests/test_iface.h b/libsemanage/tests/test_iface.h
new file mode 100644
index 0000000..5953e9c
--- /dev/null
+++ b/libsemanage/tests/test_iface.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_IFACE_H__
+#define __TEST_IFACE_H__
+
+#include <CUnit/Basic.h>
+
+int iface_test_init(void);
+int iface_test_cleanup(void);
+int iface_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_node.c b/libsemanage/tests/test_node.c
new file mode 100644
index 0000000..53c2eb6
--- /dev/null
+++ b/libsemanage/tests/test_node.c
@@ -0,0 +1,807 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_node.h"
+
+#define NODE_COUNT 3
+
+#define NODE1_ADDR "192.168.0.0"
+#define NODE1_MASK "255.255.255.0"
+#define NODE1_PROTO SEPOL_PROTO_IP4
+#define NODE1_CONTEXT "system_u:object_r:first_node_t:s0"
+
+#define NODE2_ADDR "2001:db8:85a3::8a2e:370:7334"
+#define NODE2_MASK "2001:db8:85a3::8a2e:370:7334"
+#define NODE2_PROTO SEPOL_PROTO_IP6
+#define NODE2_CONTEXT "system_u:object_r:second_node_t:s0"
+
+#define NODE3_ADDR "127.0.0.1"
+#define NODE3_MASK "255.255.0.0"
+#define NODE3_PROTO SEPOL_PROTO_IP4
+#define NODE3_CONTEXT "system_u:object_r:third_node_t:s0"
+
+/* node_record.h */
+void test_node_compare(void);
+void test_node_compare2(void);
+void test_node_key_create(void);
+void test_node_key_extract(void);
+void test_node_get_set_addr(void);
+void test_node_get_set_addr_bytes(void);
+void test_node_get_set_mask(void);
+void test_node_get_set_mask_bytes(void);
+void test_node_get_set_proto(void);
+void test_node_get_proto_str(void);
+void test_node_get_set_con(void);
+void test_node_create(void);
+void test_node_clone(void);
+
+/* nodes_policy.h */
+void test_node_query(void);
+void test_node_exists(void);
+void test_node_count(void);
+void test_node_iterate(void);
+void test_node_list(void);
+
+/* nodes_local.h */
+void test_node_modify_del_query_local(void);
+void test_node_exists_local(void);
+void test_node_count_local(void);
+void test_node_iterate_local(void);
+void test_node_list_local(void);
+
+extern semanage_handle_t *sh;
+
+int node_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_node.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int node_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int node_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "node_compare", test_node_compare);
+ CU_add_test(suite, "node_compare2", test_node_compare2);
+ CU_add_test(suite, "node_key_create", test_node_key_create);
+ CU_add_test(suite, "node_key_extract", test_node_key_extract);
+ CU_add_test(suite, "node_get_set_addr", test_node_get_set_addr);
+ CU_add_test(suite, "node_get_set_addr_bytes",
+ test_node_get_set_addr_bytes);
+ CU_add_test(suite, "node_get_set_mask", test_node_get_set_mask);
+ CU_add_test(suite, "node_get_set_mask_bytes",
+ test_node_get_set_mask_bytes);
+ CU_add_test(suite, "node_get_set_proto", test_node_get_set_proto);
+ CU_add_test(suite, "node_get_proto_str", test_node_get_proto_str);
+ CU_add_test(suite, "node_get_set_con", test_node_get_set_con);
+ CU_add_test(suite, "node_create", test_node_create);
+ CU_add_test(suite, "node_clone", test_node_clone);
+
+ CU_add_test(suite, "node_query", test_node_query);
+ CU_add_test(suite, "node_exists", test_node_exists);
+ CU_add_test(suite, "node_count", test_node_count);
+ CU_add_test(suite, "node_iterate", test_node_iterate);
+ CU_add_test(suite, "node_list", test_node_list);
+
+ CU_add_test(suite, "node_modify_del_query_local",
+ test_node_modify_del_query_local);
+ CU_add_test(suite, "node_exists_local", test_node_exists_local);
+ CU_add_test(suite, "node_count_local", test_node_count_local);
+ CU_add_test(suite, "node_iterate_local", test_node_iterate_local);
+ CU_add_test(suite, "node_list_local", test_node_list_local);
+
+ return 0;
+}
+
+/* Helpers */
+
+semanage_node_t *get_node_nth(int idx)
+{
+ semanage_node_t **records;
+ semanage_node_t *node;
+ unsigned int count;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ CU_ASSERT_FATAL(semanage_node_list(sh, &records, &count) >= 0);
+ CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
+
+ node = records[idx];
+
+ for (unsigned int i = 0; i < count; i++)
+ if (i != (unsigned int) idx)
+ semanage_node_free(records[i]);
+
+ return node;
+}
+
+semanage_node_key_t *get_node_key_nth(int idx)
+{
+ semanage_node_key_t *key;
+ semanage_node_t *node;
+ int res;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ node = get_node_nth(idx);
+
+ res = semanage_node_key_extract(sh, node, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+void add_local_node(int idx)
+{
+ semanage_node_t *node;
+ semanage_node_key_t *key = NULL;
+
+ node = get_node_nth(idx);
+
+ CU_ASSERT_FATAL(semanage_node_key_extract(sh, node, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_node_modify_local(sh, key, node) >= 0);
+}
+
+void delete_local_node(int idx)
+{
+ semanage_node_key_t *key = NULL;
+
+ key = get_node_key_nth(idx);
+
+ CU_ASSERT_FATAL(semanage_node_del_local(sh, key) >= 0);
+}
+
+/* Function semanage_node_compare */
+void test_node_compare(void)
+{
+ semanage_node_t *node = NULL;
+ semanage_node_key_t *key1 = NULL;
+ semanage_node_key_t *key2 = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ node = get_node_nth(I_FIRST);
+ key1 = get_node_key_nth(I_FIRST);
+ CU_ASSERT(semanage_node_key_create(sh, "192.168.0.1", "255.255.0.0",
+ SEMANAGE_PROTO_IP4, &key2) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key2);
+
+ /* test */
+ res = semanage_node_compare(node, key1);
+ CU_ASSERT(res == 0);
+ res = semanage_node_compare(node, key2);
+ CU_ASSERT(res != 0);
+
+ /* cleanup */
+ semanage_node_free(node);
+ semanage_node_key_free(key1);
+ semanage_node_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_compare2 */
+void test_node_compare2(void)
+{
+ semanage_node_t *node1 = NULL;
+ semanage_node_t *node2 = NULL;
+ semanage_node_t *node3 = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ node1 = get_node_nth(I_FIRST);
+ node2 = get_node_nth(I_FIRST);
+ node3 = get_node_nth(I_SECOND);
+
+ /* test */
+ res = semanage_node_compare2(node1, node2);
+ CU_ASSERT(res == 0);
+ res = semanage_node_compare2(node1, node3);
+ CU_ASSERT(res != 0);
+
+ /* cleanup */
+ semanage_node_free(node1);
+ semanage_node_free(node2);
+ semanage_node_free(node3);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_key_create */
+void test_node_key_create(void)
+{
+ semanage_node_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_node_key_create(sh, "127.0.0.1", "255.255.255.255",
+ SEMANAGE_PROTO_IP4, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_node_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_key_extract */
+void test_node_key_extract(void)
+{
+ semanage_node_t *node = NULL;
+ semanage_node_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ node = get_node_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_node_key_extract(sh, node, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_node_free(node);
+ semanage_node_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_get_addr, semanage_node_set_addr */
+void test_node_get_set_addr(void)
+{
+ semanage_node_t *node = NULL;
+ char *addr = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_node_set_addr(sh, node, SEMANAGE_PROTO_IP4,
+ "192.168.0.1") == 0);
+ CU_ASSERT(semanage_node_get_addr(sh, node, &addr) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(addr);
+ assert(addr);
+ CU_ASSERT_STRING_EQUAL(addr, "192.168.0.1");
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_get_addr_bytes, semanage_node_set_addr_bytes */
+void test_node_get_set_addr_bytes(void)
+{
+ semanage_node_t *node = NULL;
+ char addr1[] = { 192, 168, 0, 1 };
+ size_t addr1_size = sizeof(addr1);
+ char *addr2 = NULL;
+ size_t addr2_size = 0;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_node_set_addr_bytes(sh, node, addr1,
+ addr1_size) == 0);
+ CU_ASSERT(semanage_node_get_addr_bytes(sh, node, &addr2,
+ &addr2_size) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(addr2);
+ assert(addr2);
+
+ for (size_t i = 0; i < addr2_size; i++)
+ CU_ASSERT(addr1[i] == addr2[i]);
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_get_mask, semanage_node_set_mask */
+void test_node_get_set_mask(void)
+{
+ semanage_node_t *node = NULL;
+ char *mask = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_node_set_mask(sh, node, SEMANAGE_PROTO_IP4,
+ "255.255.255.0") == 0);
+ CU_ASSERT(semanage_node_get_mask(sh, node, &mask) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(mask);
+ assert(mask);
+ CU_ASSERT_STRING_EQUAL(mask, "255.255.255.0");
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_get_mask_bytes, semanage_node_set_mask_bytes */
+void test_node_get_set_mask_bytes(void)
+{
+ semanage_node_t *node = NULL;
+ char mask1[] = { 255, 255, 255, 0 };
+ size_t mask1_size = sizeof(mask1);
+ char *mask2 = NULL;
+ size_t mask2_size = 0;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_node_set_mask_bytes(sh, node, mask1,
+ mask1_size) == 0);
+ CU_ASSERT(semanage_node_get_mask_bytes(sh, node, &mask2,
+ &mask2_size) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(mask2);
+ assert(mask2);
+
+ for (size_t i = 0; i < mask2_size; i++)
+ CU_ASSERT(mask1[i] == mask2[i]);
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_get_proto, semanage_node_set_proto */
+void test_node_get_set_proto(void)
+{
+ semanage_node_t *node = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+
+ /* test */
+ semanage_node_set_proto(node, SEMANAGE_PROTO_IP4);
+ CU_ASSERT(semanage_node_get_proto(node) == SEMANAGE_PROTO_IP4);
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_get_proto_str */
+void test_node_get_proto_str(void)
+{
+ CU_ASSERT_STRING_EQUAL(semanage_node_get_proto_str(SEMANAGE_PROTO_IP4),
+ "ipv4");
+ CU_ASSERT_STRING_EQUAL(semanage_node_get_proto_str(SEMANAGE_PROTO_IP6),
+ "ipv6");
+}
+
+/* Function semanage_node_get_con, semanage_node_set_con */
+void test_node_get_set_con(void)
+{
+ semanage_node_t *node = NULL;
+ semanage_context_t *con1 = NULL;
+ semanage_context_t *con2 = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+ CU_ASSERT(semanage_context_from_string(sh,
+ "my_user_u:my_role_r:my_type_t:s0", &con1) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_node_set_con(sh, node, con1) == 0);
+ con2 = semanage_node_get_con(node);
+ CU_ASSERT_CONTEXT_EQUAL(con1, con2);
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_create */
+void test_node_create(void)
+{
+ semanage_node_t *node = NULL;
+ semanage_context_t *con = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+ CU_ASSERT(semanage_node_set_addr(sh, node, SEMANAGE_PROTO_IP4,
+ "127.0.0.1") >= 0);
+ CU_ASSERT(semanage_node_set_mask(sh, node, SEMANAGE_PROTO_IP4,
+ "255.255.255.0") >= 0);
+ semanage_node_set_proto(node, SEMANAGE_PROTO_IP4);
+ CU_ASSERT(semanage_context_from_string(sh, "user_u:role_r:type_t:s0",
+ &con) >= 0);
+ CU_ASSERT(semanage_node_set_con(sh, node, con) >= 0);
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_clone */
+void test_node_clone(void)
+{
+ semanage_node_t *node = NULL;
+ semanage_node_t *node_clone = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con2 = NULL;
+ const char *addr1 = "127.0.0.1";
+ char *addr2 = NULL;
+ const char *mask1 = "255.255.255.0";
+ char *mask2 = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_node_create(sh, &node) >= 0);
+ CU_ASSERT(semanage_node_set_addr(sh, node, SEMANAGE_PROTO_IP4,
+ addr1) >= 0);
+ CU_ASSERT(semanage_node_set_mask(sh, node, SEMANAGE_PROTO_IP4,
+ mask1) >= 0);
+ semanage_node_set_proto(node, SEMANAGE_PROTO_IP4);
+ CU_ASSERT(semanage_context_from_string(sh, "user_u:role_r:type_t:s0",
+ &con) >= 0);
+ CU_ASSERT(semanage_node_set_con(sh, node, con) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_node_clone(sh, node, &node_clone) >= 0);
+
+ CU_ASSERT(semanage_node_get_addr(sh, node_clone, &addr2) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(addr2);
+ assert(addr2);
+ CU_ASSERT_STRING_EQUAL(addr1, addr2);
+
+ CU_ASSERT(semanage_node_get_mask(sh, node_clone, &mask2) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(mask2);
+ assert(mask2);
+ CU_ASSERT_STRING_EQUAL(mask1, mask2);
+
+ CU_ASSERT(semanage_node_get_proto(node_clone) == SEMANAGE_PROTO_IP4);
+
+ con2 = semanage_node_get_con(node_clone);
+ CU_ASSERT_CONTEXT_EQUAL(con, con2);
+
+ /* cleanup */
+ semanage_node_free(node);
+ semanage_node_free(node_clone);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_query */
+void test_node_query(void)
+{
+ semanage_node_t *node = NULL;
+ semanage_node_t *node_exp = NULL;
+ semanage_node_key_t *key = NULL;
+ char *str = NULL;
+ char *str_exp = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con_exp = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key = get_node_key_nth(I_FIRST);
+ node_exp = get_node_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_node_query(sh, key, &node) >= 0);
+
+ CU_ASSERT(semanage_node_get_addr(sh, node, &str) >= 0);
+ CU_ASSERT(semanage_node_get_addr(sh, node_exp, &str_exp) >= 0);
+ CU_ASSERT_STRING_EQUAL(str, str_exp);
+ free(str);
+ free(str_exp);
+
+ CU_ASSERT(semanage_node_get_mask(sh, node, &str) >= 0);
+ CU_ASSERT(semanage_node_get_mask(sh, node_exp, &str_exp) >= 0);
+ CU_ASSERT_STRING_EQUAL(str, str_exp);
+ free(str);
+ free(str_exp);
+
+ CU_ASSERT(semanage_node_get_proto(node) ==
+ semanage_node_get_proto(node_exp));
+
+ con = semanage_node_get_con(node);
+ con_exp = semanage_node_get_con(node_exp);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_exp);
+
+ /* cleanup */
+ semanage_node_free(node);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_exists */
+void test_node_exists(void)
+{
+ semanage_node_key_t *key1 = NULL;
+ semanage_node_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key1 = get_node_key_nth(I_FIRST);
+ CU_ASSERT(semanage_node_key_create(sh, "1.2.3.4", "255.255.0.0",
+ SEMANAGE_PROTO_IP4, &key2) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_node_exists(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_node_exists(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ semanage_node_key_free(key1);
+ semanage_node_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_count */
+void test_node_count(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_node_count(sh, &count) >= 0);
+ CU_ASSERT(count == NODE_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_iterate */
+unsigned int counter_node_iterate = 0;
+
+int handler_node_iterate(const semanage_node_t *record, void *varg)
+{
+ counter_node_iterate++;
+ return 0;
+}
+
+void test_node_iterate(void)
+{
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ semanage_node_iterate(sh, handler_node_iterate, NULL);
+ CU_ASSERT(counter_node_iterate == NODE_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_list */
+void test_node_list(void)
+{
+ semanage_node_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_node_list(sh, &records, &count) >= 0);
+ CU_ASSERT(count == NODE_COUNT);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ for (unsigned int i = 0; i < count; i++)
+ semanage_node_free(records[i]);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_node_modify_local, semanage_node_del_local,
+ * semanage_node_query_local
+ */
+void test_node_modify_del_query_local(void)
+{
+ semanage_node_t *node;
+ semanage_node_t *node_local;
+ semanage_node_t *node_tmp;
+ semanage_node_key_t *key = NULL;
+ semanage_node_key_t *key_tmp = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ node = get_node_nth(I_FIRST);
+ CU_ASSERT(semanage_node_key_extract(sh, node, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* add second record, so that semanage_node_compare2_qsort
+ * will be called
+ */
+ node_tmp = get_node_nth(I_FIRST);
+
+ CU_ASSERT(semanage_node_set_addr(sh, node_tmp, SEMANAGE_PROTO_IP4,
+ "10.0.0.1") >= 0);
+ CU_ASSERT(semanage_node_key_extract(sh, node_tmp, &key_tmp) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key_tmp);
+
+ /* test */
+ CU_ASSERT(semanage_node_modify_local(sh, key, node) >= 0);
+ CU_ASSERT(semanage_node_modify_local(sh, key_tmp, node_tmp) >= 0);
+
+ /* write changes to file */
+ helper_commit();
+ helper_begin_transaction();
+
+ CU_ASSERT(semanage_node_query_local(sh, key, &node_local) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(node_local);
+
+ CU_ASSERT(semanage_node_del_local(sh, key) >= 0);
+ CU_ASSERT(semanage_node_del_local(sh, key_tmp) >= 0);
+
+ CU_ASSERT(semanage_node_query_local(sh, key, &node_local) < 0);
+
+ /* cleanup */
+ semanage_node_free(node);
+ semanage_node_free(node_tmp);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_node_exists_local */
+void test_node_exists_local(void)
+{
+ semanage_node_key_t *key1 = NULL;
+ semanage_node_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_node(I_FIRST);
+ key1 = get_node_key_nth(I_FIRST);
+ key2 = get_node_key_nth(I_SECOND);
+
+ /* test */
+ CU_ASSERT(semanage_node_exists_local(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_node_exists_local(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ CU_ASSERT(semanage_node_del_local(sh, key1) >= 0);
+ semanage_node_key_free(key1);
+ semanage_node_key_free(key2);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_node_count_local */
+void test_node_count_local(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+
+ /* test */
+ CU_ASSERT(semanage_node_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ add_local_node(I_FIRST);
+ CU_ASSERT(semanage_node_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ add_local_node(I_SECOND);
+ CU_ASSERT(semanage_node_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 2);
+
+ delete_local_node(I_SECOND);
+ CU_ASSERT(semanage_node_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ delete_local_node(I_FIRST);
+ CU_ASSERT(semanage_node_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ /* cleanup */
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_node_iterate_local */
+unsigned int counter_node_iterate_local = 0;
+
+int handler_node_iterate_local(const semanage_node_t *record, void *varg)
+{
+ counter_node_iterate_local++;
+ return 0;
+}
+
+void test_node_iterate_local(void)
+{
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_node(I_FIRST);
+ add_local_node(I_SECOND);
+ add_local_node(I_THIRD);
+
+ /* test */
+ semanage_node_iterate_local(sh, handler_node_iterate_local, NULL);
+ CU_ASSERT(counter_node_iterate_local == 3);
+
+ /* cleanup */
+ delete_local_node(I_FIRST);
+ delete_local_node(I_SECOND);
+ delete_local_node(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_node_list_local */
+void test_node_list_local(void)
+{
+ semanage_node_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_node(I_FIRST);
+ add_local_node(I_SECOND);
+ add_local_node(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_node_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 3);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_node_free(records[i]);
+
+ delete_local_node(I_FIRST);
+ delete_local_node(I_SECOND);
+ delete_local_node(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
diff --git a/libsemanage/tests/test_node.cil b/libsemanage/tests/test_node.cil
new file mode 100644
index 0000000..1638cd1
--- /dev/null
+++ b/libsemanage/tests/test_node.cil
@@ -0,0 +1,28 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap network_peer_controls)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user system_u)
+(userrole system_u object_r)
+(userlevel system_u (s0))
+(userrange system_u ((s0) (s0)))
+(role object_r)
+(roletype object_r first_node_t)
+(roletype object_r second_node_t)
+(roletype object_r third_node_t)
+(type first_node_t)
+(type second_node_t)
+(type third_node_t)
+(sidcontext security (system_u object_r first_node_t ((s0) (s0))))
+(class node (tcp_recv))
+(classorder (node))
+(allow first_node_t self (node (tcp_recv)))
+(nodecon (192.168.0.0) (255.255.255.0) (system_u object_r first_node_t ((s0) (s0))))
+(nodecon (2001:db8:85a3::8a2e:370:7334) (2001:db8:85a3::8a2e:370:7334) (system_u object_r second_node_t ((s0) (s0))))
+(nodecon (127.0.0.1) (255.255.0.0) (system_u object_r third_node_t ((s0) (s0))))
diff --git a/libsemanage/tests/test_node.h b/libsemanage/tests/test_node.h
new file mode 100644
index 0000000..5b32940
--- /dev/null
+++ b/libsemanage/tests/test_node.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_NODE_H__
+#define __TEST_NODE_H__
+
+#include <CUnit/Basic.h>
+
+int node_test_init(void);
+int node_test_cleanup(void);
+int node_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_other.c b/libsemanage/tests/test_other.c
new file mode 100644
index 0000000..c4ee0ed
--- /dev/null
+++ b/libsemanage/tests/test_other.c
@@ -0,0 +1,120 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_other.h"
+
+/* context_record.h */
+void test_semanage_context(void);
+
+/* debug.h */
+void test_debug(void);
+
+extern semanage_handle_t *sh;
+
+int other_test_init(void)
+{
+ return 0;
+}
+
+int other_test_cleanup(void)
+{
+ return 0;
+}
+
+int other_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "semanage_context", test_semanage_context);
+ CU_add_test(suite, "debug", test_debug);
+
+ return 0;
+}
+
+/* Function semanage_context_get_user, semanage_context_set_user,
+ * semanage_context_get_role, semanage_context_set_role,
+ * semanage_context_get_type, semanage_context_set_type,
+ * semanage_context_get_mls, semanage_context_set_mls,
+ * semanage_context_create, semanage_context_clone,
+ * semanage_context_free, semanage_context_from_string
+ * semanage_context_to_string
+ */
+void test_semanage_context(void)
+{
+ semanage_context_t *con = NULL;
+ semanage_context_t *con_clone = NULL;
+ char *str = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_context_create(sh, &con) >= 0);
+
+ CU_ASSERT(semanage_context_set_user(sh, con, "user_u") >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_user(con), "user_u");
+ CU_ASSERT(semanage_context_set_role(sh, con, "role_r") >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_role(con), "role_r");
+ CU_ASSERT(semanage_context_set_type(sh, con, "type_t") >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_type(con), "type_t");
+ CU_ASSERT(semanage_context_set_mls(sh, con, "s0") >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_mls(con), "s0");
+
+ CU_ASSERT(semanage_context_to_string(sh, con, &str) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(str);
+ assert(str);
+ CU_ASSERT_STRING_EQUAL(str, "user_u:role_r:type_t:s0");
+
+ CU_ASSERT(semanage_context_from_string(sh, "my_u:my_r:my_t:s0",
+ &con) >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_user(con), "my_u");
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_role(con), "my_r");
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_type(con), "my_t");
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_mls(con), "s0");
+
+ CU_ASSERT(semanage_context_clone(sh, con, &con_clone) >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_user(con_clone), "my_u");
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_role(con_clone), "my_r");
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_type(con_clone), "my_t");
+ CU_ASSERT_STRING_EQUAL(semanage_context_get_mls(con_clone), "s0");
+
+ /* cleanup */
+ semanage_context_free(con);
+ semanage_context_free(con_clone);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_msg_default_handler */
+void test_debug(void)
+{
+ semanage_module_info_t *modinfo = NULL;
+
+ /* setup */
+ sh = semanage_handle_create();
+ CU_ASSERT_PTR_NOT_NULL(sh);
+ CU_ASSERT(semanage_connect(sh) >= 0);
+ CU_ASSERT(semanage_module_info_create(sh, &modinfo) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_module_info_set_priority(sh, modinfo, -42) < 0);
+
+ /* cleanup */
+ CU_ASSERT(semanage_disconnect(sh) >= 0);
+ semanage_handle_destroy(sh);
+}
diff --git a/libsemanage/tests/test_other.h b/libsemanage/tests/test_other.h
new file mode 100644
index 0000000..40d2dcf
--- /dev/null
+++ b/libsemanage/tests/test_other.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_OTHER_H__
+#define __TEST_OTHER_H__
+
+#include <CUnit/Basic.h>
+
+int other_test_init(void);
+int other_test_cleanup(void);
+int other_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_port.c b/libsemanage/tests/test_port.c
new file mode 100644
index 0000000..0408be4
--- /dev/null
+++ b/libsemanage/tests/test_port.c
@@ -0,0 +1,909 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_port.h"
+
+#define PORT_COUNT 3
+
+#define PORT1_LOW 80
+#define PORT1_HIGH 80
+#define PORT1_PROTO SEPOL_PROTO_TCP
+
+#define PORT2_LOW 1
+#define PORT2_HIGH 1023
+#define PORT2_PROTO SEPOL_PROTO_UDP
+
+#define PORT3_LOW 12345
+#define PORT3_HIGH 12345
+#define PORT3_PROTO SEPOL_PROTO_TCP
+
+/* port_record.h */
+void test_port_compare(void);
+void test_port_compare2(void);
+void test_port_key_create(void);
+void test_port_key_extract(void);
+void test_port_get_set_proto(void);
+void test_port_get_proto_str(void);
+void test_port_get_set_port(void);
+void test_port_get_set_con(void);
+void test_port_create(void);
+void test_port_clone(void);
+
+/* ports_policy.h */
+void test_port_query(void);
+void test_port_exists(void);
+void test_port_count(void);
+void test_port_iterate(void);
+void test_port_list(void);
+
+/* ports_local.h */
+void test_port_modify_del_local(void);
+void test_port_query_local(void);
+void test_port_exists_local(void);
+void test_port_count_local(void);
+void test_port_iterate_local(void);
+void test_port_list_local(void);
+
+/* internal */
+void test_port_validate_local(void);
+
+extern semanage_handle_t *sh;
+
+int port_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_port.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int port_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could not destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int port_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "port_compare", test_port_compare);
+ CU_add_test(suite, "port_compare2", test_port_compare2);
+ CU_add_test(suite, "port_key_create", test_port_key_create);
+ CU_add_test(suite, "port_key_extract", test_port_key_extract);
+ CU_add_test(suite, "port_get_set_proto", test_port_get_set_proto);
+ CU_add_test(suite, "port_get_proto_str", test_port_get_proto_str);
+ CU_add_test(suite, "port_get_set_port", test_port_get_set_port);
+ CU_add_test(suite, "port_get_set_con", test_port_get_set_con);
+ CU_add_test(suite, "port_create", test_port_create);
+ CU_add_test(suite, "port_clone", test_port_clone);
+
+ CU_add_test(suite, "port_query", test_port_query);
+ CU_add_test(suite, "port_exists", test_port_exists);
+ CU_add_test(suite, "port_count", test_port_count);
+ CU_add_test(suite, "port_iterate", test_port_iterate);
+ CU_add_test(suite, "port_list", test_port_list);
+
+ CU_add_test(suite, "port_modify_del_local", test_port_modify_del_local);
+ CU_add_test(suite, "port_query_local", test_port_query_local);
+ CU_add_test(suite, "port_exists_local", test_port_exists_local);
+ CU_add_test(suite, "port_count_local", test_port_count_local);
+ CU_add_test(suite, "port_iterate_local", test_port_iterate_local);
+ CU_add_test(suite, "port_list_local", test_port_list_local);
+
+ CU_add_test(suite, "port_validate_local", test_port_validate_local);
+
+ return 0;
+}
+
+/* Helpers */
+
+semanage_port_t *get_port_nth(int idx)
+{
+ int res;
+ semanage_port_t **records;
+ semanage_port_t *port;
+ unsigned int count;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ res = semanage_port_list(sh, &records, &count);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
+
+ port = records[idx];
+
+ for (unsigned int i = 0; i < count; i++)
+ if (i != (unsigned int) idx)
+ semanage_port_free(records[i]);
+
+ return port;
+}
+
+semanage_port_key_t *get_port_key_nth(int idx)
+{
+ semanage_port_key_t *key;
+ semanage_port_t *port;
+ int res;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ port = get_port_nth(idx);
+
+ res = semanage_port_key_extract(sh, port, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+void add_local_port(int port_idx)
+{
+ semanage_port_t *port;
+ semanage_port_key_t *key = NULL;
+
+ CU_ASSERT_FATAL(port_idx != I_NULL);
+
+ port = get_port_nth(port_idx);
+
+ CU_ASSERT_FATAL(semanage_port_key_extract(sh, port, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_port_modify_local(sh, key, port) >= 0);
+}
+
+void delete_local_port(int port_idx)
+{
+ semanage_port_key_t *key = NULL;
+
+ CU_ASSERT_FATAL(port_idx != I_NULL);
+
+ key = get_port_key_nth(port_idx);
+
+ CU_ASSERT_FATAL(semanage_port_del_local(sh, key) >= 0);
+}
+
+/* Function semanage_port_compare */
+void helper_port_compare(int idx1, int idx2)
+{
+ semanage_port_t *port = NULL;
+ semanage_port_key_t *key = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ port = get_port_nth(idx1);
+ key = get_port_key_nth(idx2);
+
+ /* test */
+ res = semanage_port_compare(port, key);
+
+ if (idx1 == idx2) {
+ CU_ASSERT(res == 0);
+ } else {
+ CU_ASSERT(res != 0);
+ }
+
+ /* cleanup */
+ semanage_port_free(port);
+ semanage_port_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+void test_port_compare(void)
+{
+ helper_port_compare(I_FIRST, I_FIRST);
+ helper_port_compare(I_FIRST, I_SECOND);
+ helper_port_compare(I_SECOND, I_FIRST);
+ helper_port_compare(I_SECOND, I_SECOND);
+}
+
+/* Function semanage_port_compare2 */
+void helper_port_compare2(int idx1, int idx2)
+{
+ semanage_port_t *port1 = NULL;
+ semanage_port_t *port2 = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ port1 = get_port_nth(idx1);
+ port2 = get_port_nth(idx2);
+
+ /* test */
+ res = semanage_port_compare2(port1, port2);
+
+ if (idx1 == idx2) {
+ CU_ASSERT(res == 0);
+ } else {
+ CU_ASSERT(res != 0);
+ }
+
+ /* cleanup */
+ semanage_port_free(port1);
+ semanage_port_free(port2);
+ cleanup_handle(SH_CONNECT);
+}
+
+void test_port_compare2(void)
+{
+ helper_port_compare2(I_FIRST, I_FIRST);
+ helper_port_compare2(I_FIRST, I_SECOND);
+ helper_port_compare2(I_SECOND, I_FIRST);
+ helper_port_compare2(I_SECOND, I_SECOND);
+}
+
+/* Function semanage_port_create */
+void test_port_key_create(void)
+{
+ semanage_port_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_port_key_create(sh, 1000, 1200, 0, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_port_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_extract */
+void test_port_key_extract(void)
+{
+ semanage_port_t *port = NULL;
+ semanage_port_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ port = get_port_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_port_key_extract(sh, port, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_port_free(port);
+ semanage_port_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_get_proto, semanage_port_set_proto */
+void helper_port_get_set_proto(int idx)
+{
+ semanage_port_t *port = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ port = get_port_nth(idx);
+
+ /* test */
+ semanage_port_set_proto(port, 0);
+ CU_ASSERT(semanage_port_get_proto(port) == 0);
+ semanage_port_set_proto(port, 1);
+ CU_ASSERT(semanage_port_get_proto(port) == 1);
+
+ /* cleanup */
+ semanage_port_free(port);
+ cleanup_handle(SH_CONNECT);
+}
+
+void test_port_get_set_proto(void)
+{
+ helper_port_get_set_proto(I_FIRST);
+ helper_port_get_set_proto(I_SECOND);
+}
+
+/* Function semanage_port_get_proto_str */
+void test_port_get_proto_str(void)
+{
+ const char *str = NULL;
+
+ str = semanage_port_get_proto_str(-1);
+ CU_ASSERT_STRING_EQUAL(str, "???");
+
+ str = semanage_port_get_proto_str(0);
+ CU_ASSERT_STRING_EQUAL(str, "udp");
+
+ str = semanage_port_get_proto_str(1);
+ CU_ASSERT_STRING_EQUAL(str, "tcp");
+
+ str = semanage_port_get_proto_str(2);
+ CU_ASSERT_STRING_EQUAL(str, "dccp");
+
+ str = semanage_port_get_proto_str(3);
+ CU_ASSERT_STRING_EQUAL(str, "sctp");
+
+ str = semanage_port_get_proto_str(4);
+ CU_ASSERT_STRING_EQUAL(str, "???");
+}
+
+/* Function semanage_port_get_low, semanage_port_get_high, */
+/* semanage_port_set_port, semanage_port_set_range */
+void test_port_get_set_port(void)
+{
+ semanage_port_t *port = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ port = get_port_nth(I_FIRST);
+
+ /* test */
+ semanage_port_set_port(port, 1000);
+ CU_ASSERT(semanage_port_get_low(port) == 1000);
+ CU_ASSERT(semanage_port_get_high(port) == 1000);
+
+ semanage_port_set_range(port, 1000, 1200);
+ CU_ASSERT(semanage_port_get_low(port) == 1000);
+ CU_ASSERT(semanage_port_get_high(port) == 1200);
+
+ /* cleanup */
+ semanage_port_free(port);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_get_con, semanage_port_set_con */
+void test_port_get_set_con(void)
+{
+ semanage_port_t *port = NULL;
+ semanage_port_t *port_tmp = NULL;
+ semanage_context_t *con1 = NULL;
+ semanage_context_t *con2 = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ port = get_port_nth(I_FIRST);
+ port_tmp = get_port_nth(I_SECOND);
+ con1 = semanage_port_get_con(port_tmp);
+
+ /* test */
+ CU_ASSERT(semanage_port_set_con(sh, port, con1) >= 0);
+ con2 = semanage_port_get_con(port);
+ CU_ASSERT_CONTEXT_EQUAL(con1, con2);
+
+ /* cleanup */
+ semanage_port_free(port);
+ semanage_port_free(port_tmp);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_create */
+void test_port_create(void)
+{
+ semanage_port_t *port = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_port_create(sh, &port) >= 0);
+ CU_ASSERT(semanage_port_get_low(port) == 0);
+ CU_ASSERT(semanage_port_get_high(port) == 0);
+ CU_ASSERT(semanage_port_get_con(port) == NULL);
+ CU_ASSERT(semanage_port_get_proto(port) == 0);
+
+ /* cleanup */
+ semanage_port_free(port);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_clone */
+void test_port_clone(void)
+{
+ semanage_port_t *port = NULL;
+ semanage_port_t *port_clone = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con2 = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_port_create(sh, &port) >= 0);
+ semanage_port_set_range(port, 1000, 1200);
+ semanage_port_set_proto(port, 1);
+ semanage_context_from_string(sh, "user_u:role_r:type_t:s0", &con);
+ semanage_port_set_con(sh, port, con);
+
+ /* test */
+ CU_ASSERT(semanage_port_clone(sh, port, &port_clone) >= 0);
+ CU_ASSERT(semanage_port_get_low(port_clone) == 1000);
+ CU_ASSERT(semanage_port_get_high(port_clone) == 1200);
+ CU_ASSERT(semanage_port_get_proto(port_clone) == 1);
+
+ con2 = semanage_port_get_con(port_clone);
+ CU_ASSERT_CONTEXT_EQUAL(con, con2);
+
+ /* cleanup */
+ semanage_port_free(port);
+ semanage_port_free(port_clone);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_query */
+void test_port_query(void)
+{
+ semanage_port_t *port = NULL;
+ semanage_port_t *port_exp = NULL;
+ semanage_port_key_t *key = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con_exp = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key = get_port_key_nth(I_FIRST);
+ port_exp = get_port_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_port_query(sh, key, &port) >= 0);
+ CU_ASSERT(semanage_port_get_low(port) ==
+ semanage_port_get_low(port_exp));
+ CU_ASSERT(semanage_port_get_high(port) ==
+ semanage_port_get_high(port_exp));
+ CU_ASSERT(semanage_port_get_proto(port) ==
+ semanage_port_get_proto(port_exp));
+
+ con = semanage_port_get_con(port);
+ con_exp = semanage_port_get_con(port_exp);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_exp);
+
+ /* cleanup */
+ semanage_port_free(port);
+ semanage_port_free(port_exp);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_exists */
+void test_port_exists(void)
+{
+ semanage_port_key_t *key1 = NULL;
+ semanage_port_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key1 = get_port_key_nth(I_FIRST);
+ CU_ASSERT(semanage_port_key_create(sh, 123, 456, 0, &key2) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_port_exists(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_port_exists(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ semanage_port_key_free(key1);
+ semanage_port_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_count */
+void test_port_count(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_port_count(sh, &count) >= 0);
+ CU_ASSERT(count == PORT_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_iterate */
+unsigned int counter_port_iterate = 0;
+
+int handler_port_iterate(const semanage_port_t *record, void *varg)
+{
+ counter_port_iterate++;
+ return 0;
+}
+
+void test_port_iterate(void)
+{
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ semanage_port_iterate(sh, handler_port_iterate, NULL);
+ CU_ASSERT(counter_port_iterate == PORT_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_list */
+void test_port_list(void)
+{
+ semanage_port_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_port_list(sh, &records, &count) >= 0);
+ CU_ASSERT(count == PORT_COUNT);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_port_free(records[i]);
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_port_modify_local, semanage_port_del_local */
+void test_port_modify_del_local(void)
+{
+ semanage_port_t *port;
+ semanage_port_t *port_local;
+ semanage_port_key_t *key = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con_local = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ port = get_port_nth(I_FIRST);
+ semanage_context_from_string(sh, "user_u:role_r:type_t:s0", &con);
+ semanage_port_set_con(sh, port, con);
+ CU_ASSERT(semanage_port_key_extract(sh, port, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* test */
+ CU_ASSERT(semanage_port_modify_local(sh, key, port) >= 0);
+ CU_ASSERT(semanage_port_query_local(sh, key, &port_local) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(port_local);
+
+ con_local = semanage_port_get_con(port_local);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_local);
+
+ CU_ASSERT(semanage_port_del_local(sh, key) >= 0);
+ CU_ASSERT(semanage_port_query_local(sh, key, &port_local) < 0);
+
+ /* cleanup */
+ semanage_port_free(port);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_port_query_local */
+void test_port_query_local(void)
+{
+ semanage_port_t *port = NULL;
+ semanage_port_t *port_exp = NULL;
+ semanage_port_key_t *key = NULL;
+ semanage_context_t *con = NULL;
+ semanage_context_t *con_exp = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_port(I_FIRST);
+ key = get_port_key_nth(I_FIRST);
+ port_exp = get_port_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_port_query_local(sh, key, &port) >= 0);
+ CU_ASSERT(semanage_port_get_low(port) ==
+ semanage_port_get_low(port_exp));
+ CU_ASSERT(semanage_port_get_high(port) ==
+ semanage_port_get_high(port_exp));
+ CU_ASSERT(semanage_port_get_proto(port) ==
+ semanage_port_get_proto(port_exp));
+
+ con = semanage_port_get_con(port);
+ con_exp = semanage_port_get_con(port_exp);
+ CU_ASSERT_CONTEXT_EQUAL(con, con_exp);
+
+ /* cleanup */
+ delete_local_port(I_FIRST);
+ semanage_port_free(port);
+ semanage_port_free(port_exp);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_port_exists_local */
+void test_port_exists_local(void)
+{
+ semanage_port_key_t *key1 = NULL;
+ semanage_port_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_port(I_FIRST);
+ key1 = get_port_key_nth(I_FIRST);
+ key2 = get_port_key_nth(I_SECOND);
+
+ /* test */
+ CU_ASSERT(semanage_port_exists_local(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_port_exists_local(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ delete_local_port(I_FIRST);
+ semanage_port_key_free(key1);
+ semanage_port_key_free(key2);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_port_count_local */
+void test_port_count_local(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+
+ /* test */
+ CU_ASSERT(semanage_port_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ add_local_port(I_FIRST);
+ CU_ASSERT(semanage_port_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ add_local_port(I_SECOND);
+ CU_ASSERT(semanage_port_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 2);
+
+ delete_local_port(I_SECOND);
+ CU_ASSERT(semanage_port_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 1);
+
+ delete_local_port(I_FIRST);
+ CU_ASSERT(semanage_port_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 0);
+
+ /* cleanup */
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_port_iterate_local */
+unsigned int counter_port_iterate_local = 0;
+
+int handler_port_iterate_local(const semanage_port_t *record, void *varg)
+{
+ counter_port_iterate_local++;
+ return 0;
+}
+
+void test_port_iterate_local(void)
+{
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_port(I_FIRST);
+ add_local_port(I_SECOND);
+ add_local_port(I_THIRD);
+
+ /* test */
+ semanage_port_iterate_local(sh, handler_port_iterate_local, NULL);
+ CU_ASSERT(counter_port_iterate_local == 3);
+
+ /* cleanup */
+ delete_local_port(I_FIRST);
+ delete_local_port(I_SECOND);
+ delete_local_port(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_port_list_local */
+void test_port_list_local(void)
+{
+ semanage_port_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_port(I_FIRST);
+ add_local_port(I_SECOND);
+ add_local_port(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_port_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 3);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_port_free(records[i]);
+
+ delete_local_port(I_FIRST);
+ delete_local_port(I_SECOND);
+ delete_local_port(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Internal function semanage_port_validate_local */
+void helper_port_validate_local_noport(void)
+{
+ semanage_port_key_t *key = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_port(I_FIRST);
+ helper_commit();
+ key = get_port_key_nth(I_FIRST);
+ CU_ASSERT(semanage_port_exists_local(sh, key, &resp) >= 0);
+ CU_ASSERT(resp);
+
+ /* test */
+ helper_begin_transaction();
+ delete_local_port(I_FIRST);
+ helper_commit();
+
+ /* cleanup */
+ helper_begin_transaction();
+ delete_local_port(I_FIRST);
+ cleanup_handle(SH_TRANS);
+}
+
+void helper_port_validate_local_oneport(void)
+{
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_port(I_FIRST);
+
+ /* test */
+ helper_commit();
+
+ /* cleanup */
+ helper_begin_transaction();
+ delete_local_port(I_FIRST);
+ cleanup_handle(SH_TRANS);
+}
+
+void helper_port_validate_local_twoports(void)
+{
+ semanage_port_key_t *key1 = NULL;
+ semanage_port_key_t *key2 = NULL;
+ semanage_port_t *port1 = NULL;
+ semanage_port_t *port2 = NULL;
+ semanage_context_t *con1 = NULL;
+ semanage_context_t *con2 = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ CU_ASSERT(semanage_port_key_create(sh, 101, 200, 0, &key1) >= 0);
+ CU_ASSERT(semanage_port_key_create(sh, 201, 300, 0, &key2) >= 0);
+ CU_ASSERT(semanage_port_create(sh, &port1) >= 0);
+ CU_ASSERT(semanage_port_create(sh, &port2) >= 0);
+
+ semanage_port_set_range(port1, 101, 200);
+ semanage_port_set_range(port2, 201, 300);
+ semanage_port_set_proto(port1, 0);
+ semanage_port_set_proto(port2, 0);
+
+ CU_ASSERT(semanage_context_from_string(sh,
+ "system_u:object_r:user_home_t:s0", &con1) >= 0);
+ CU_ASSERT(semanage_context_from_string(sh,
+ "system_u:object_r:user_tmp_t:s0", &con2) >= 0);
+
+ semanage_port_set_con(sh, port1, con1);
+ semanage_port_set_con(sh, port2, con2);
+
+ CU_ASSERT(semanage_port_modify_local(sh, key1, port1) >= 0);
+ CU_ASSERT(semanage_port_modify_local(sh, key2, port2) >= 0);
+
+ /* test */
+ helper_commit();
+
+ /* cleanup */
+ helper_begin_transaction();
+ CU_ASSERT(semanage_port_del_local(sh, key1) >= 0);
+ CU_ASSERT(semanage_port_del_local(sh, key2) >= 0);
+ semanage_port_key_free(key1);
+ semanage_port_key_free(key2);
+ semanage_port_free(port1);
+ semanage_port_free(port2);
+ cleanup_handle(SH_TRANS);
+}
+
+void helper_port_validate_local_proto(void)
+{
+ semanage_port_key_t *key1 = NULL;
+ semanage_port_key_t *key2 = NULL;
+ semanage_port_key_t *key3 = NULL;
+ semanage_port_t *port1 = NULL;
+ semanage_port_t *port2 = NULL;
+ semanage_port_t *port3 = NULL;
+ semanage_context_t *con1 = NULL;
+ semanage_context_t *con2 = NULL;
+ semanage_context_t *con3 = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+
+ CU_ASSERT(semanage_port_key_create(sh, 101, 200, 0, &key1) >= 0);
+ CU_ASSERT(semanage_port_key_create(sh, 51, 250, 1, &key2) >= 0);
+ CU_ASSERT(semanage_port_key_create(sh, 201, 300, 0, &key3) >= 0);
+
+ CU_ASSERT(semanage_port_create(sh, &port1) >= 0);
+ CU_ASSERT(semanage_port_create(sh, &port2) >= 0);
+ CU_ASSERT(semanage_port_create(sh, &port3) >= 0);
+
+ semanage_port_set_range(port1, 101, 200);
+ semanage_port_set_range(port2, 51, 250);
+ semanage_port_set_range(port3, 201, 300);
+
+ semanage_port_set_proto(port1, 0);
+ semanage_port_set_proto(port2, 0);
+ semanage_port_set_proto(port3, 0);
+
+ CU_ASSERT(semanage_context_from_string(sh,
+ "system_u:object_r:user_home_t:s0", &con1) >= 0);
+ CU_ASSERT(semanage_context_from_string(sh,
+ "system_u:object_r:user_home_t:s0", &con2) >= 0);
+ CU_ASSERT(semanage_context_from_string(sh,
+ "system_u:object_r:user_tmp_t:s0", &con3) >= 0);
+
+ semanage_port_set_con(sh, port1, con1);
+ semanage_port_set_con(sh, port2, con2);
+ semanage_port_set_con(sh, port3, con3);
+
+ CU_ASSERT(semanage_port_modify_local(sh, key1, port1) >= 0);
+ CU_ASSERT(semanage_port_modify_local(sh, key2, port2) >= 0);
+ CU_ASSERT(semanage_port_modify_local(sh, key3, port3) >= 0);
+
+ /* test */
+ helper_commit();
+
+ /* cleanup */
+ CU_ASSERT(semanage_port_del_local(sh, key1) >= 0);
+ CU_ASSERT(semanage_port_del_local(sh, key2) >= 0);
+ CU_ASSERT(semanage_port_del_local(sh, key3) >= 0);
+ semanage_port_key_free(key1);
+ semanage_port_key_free(key2);
+ semanage_port_key_free(key3);
+ semanage_port_free(port1);
+ semanage_port_free(port2);
+ semanage_port_free(port3);
+ cleanup_handle(SH_TRANS);
+}
+
+void test_port_validate_local(void)
+{
+ helper_port_validate_local_noport();
+ helper_port_validate_local_oneport();
+ helper_port_validate_local_twoports();
+}
diff --git a/libsemanage/tests/test_port.cil b/libsemanage/tests/test_port.cil
new file mode 100644
index 0000000..7e07a61
--- /dev/null
+++ b/libsemanage/tests/test_port.cil
@@ -0,0 +1,27 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user system_u)
+(userrole system_u object_r)
+(userlevel system_u (s0))
+(userrange system_u ((s0) (s0)))
+(role object_r)
+(roletype object_r first_port_t)
+(roletype object_r second_port_t)
+(roletype object_r third_port_t)
+(type first_port_t)
+(type second_port_t)
+(type third_port_t)
+(sidcontext security (system_u object_r first_port_t ((s0) (s0))))
+(class file (open))
+(classorder (file))
+(allow first_port_t self (file (open)))
+(portcon tcp 80 (system_u object_r first_port_t ((s0) (s0))))
+(portcon udp (1 1023) (system_u object_r second_port_t ((s0) (s0))))
+(portcon tcp 12345 (system_u object_r third_port_t ((s0) (s0))))
diff --git a/libsemanage/tests/test_port.h b/libsemanage/tests/test_port.h
new file mode 100644
index 0000000..ad26f90
--- /dev/null
+++ b/libsemanage/tests/test_port.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_PORT_H__
+#define __TEST_PORT_H__
+
+#include <CUnit/Basic.h>
+
+int port_test_init(void);
+int port_test_cleanup(void);
+int port_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_semanage_store.c b/libsemanage/tests/test_semanage_store.c
index b324d50..9208536 100644
--- a/libsemanage/tests/test_semanage_store.c
+++ b/libsemanage/tests/test_semanage_store.c
@@ -43,7 +43,7 @@
#include <unistd.h>
#include <CUnit/Basic.h>
-semanage_handle_t *sh = NULL;
+extern semanage_handle_t *sh;
const char *rootpath = "./test-policy";
const char *polpath = "./test-policy/store/";
const char *readlockpath = "./test-policy/store/semanage.read.LOCK";
diff --git a/libsemanage/tests/test_user.c b/libsemanage/tests/test_user.c
new file mode 100644
index 0000000..cd08203
--- /dev/null
+++ b/libsemanage/tests/test_user.c
@@ -0,0 +1,690 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#include "utilities.h"
+#include "test_user.h"
+
+#define USER_COUNT 3
+
+/* user_record.h */
+void test_user_compare(void);
+void test_user_compare2(void);
+void test_user_key_create(void);
+void test_user_key_extract(void);
+void test_user_get_set_name(void);
+void test_user_get_set_prefix(void);
+void test_user_get_set_mlslevel(void);
+void test_user_get_set_mlsrange(void);
+void test_user_roles(void);
+void test_user_create(void);
+void test_user_clone(void);
+
+/* users_policy.h */
+void test_user_query(void);
+void test_user_exists(void);
+void test_user_count(void);
+void test_user_iterate(void);
+void test_user_list(void);
+
+/* users_local.h */
+void test_user_modify_del_query_local(void);
+void test_user_exists_local(void);
+void test_user_count_local(void);
+void test_user_iterate_local(void);
+void test_user_list_local(void);
+
+extern semanage_handle_t *sh;
+
+int user_test_init(void)
+{
+ if (create_test_store() < 0) {
+ fprintf(stderr, "Could not create test store\n");
+ return 1;
+ }
+
+ if (write_test_policy_from_file("test_user.policy") < 0) {
+ fprintf(stderr, "Could not write test policy\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int user_test_cleanup(void)
+{
+ if (destroy_test_store() < 0) {
+ fprintf(stderr, "Could not destroy test store\n");
+ return 1;
+ }
+
+ return 0;
+}
+
+int user_add_tests(CU_pSuite suite)
+{
+ CU_add_test(suite, "user_compare", test_user_compare);
+ CU_add_test(suite, "user_compare2", test_user_compare2);
+ CU_add_test(suite, "user_key_create", test_user_key_create);
+ CU_add_test(suite, "user_key_extract", test_user_key_extract);
+ CU_add_test(suite, "user_get_set_name", test_user_get_set_name);
+ CU_add_test(suite, "user_get_set_prefix", test_user_get_set_prefix);
+ CU_add_test(suite, "user_get_set_mlslevel", test_user_get_set_mlslevel);
+ CU_add_test(suite, "user_get_set_mlsrange", test_user_get_set_mlsrange);
+ CU_add_test(suite, "user_roles", test_user_roles);
+ CU_add_test(suite, "user_create", test_user_create);
+ CU_add_test(suite, "user_clone", test_user_clone);
+
+ CU_add_test(suite, "user_query", test_user_query);
+ CU_add_test(suite, "user_exists", test_user_exists);
+ CU_add_test(suite, "user_count", test_user_count);
+ CU_add_test(suite, "user_iterate", test_user_iterate);
+ CU_add_test(suite, "user_list", test_user_list);
+
+ CU_add_test(suite, "user_modify_del_query_local",
+ test_user_modify_del_query_local);
+ CU_add_test(suite, "user_exists_local", test_user_exists_local);
+ CU_add_test(suite, "user_count_local", test_user_count_local);
+ CU_add_test(suite, "user_iterate_local", test_user_iterate_local);
+ CU_add_test(suite, "user_list_local", test_user_list_local);
+
+ return 0;
+}
+
+/* Helpers */
+
+semanage_user_t *get_user_nth(int idx)
+{
+ int res;
+ semanage_user_t **records;
+ semanage_user_t *user;
+ unsigned int count;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ res = semanage_user_list(sh, &records, &count);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_FATAL(count >= (unsigned int) idx + 1);
+
+ user = records[idx];
+
+ for (unsigned int i = 0; i < count; i++)
+ if (i != (unsigned int) idx)
+ semanage_user_free(records[i]);
+
+ return user;
+}
+
+semanage_user_key_t *get_user_key_nth(int idx)
+{
+ semanage_user_key_t *key;
+ semanage_user_t *user;
+ int res;
+
+ if (idx == I_NULL)
+ return NULL;
+
+ user = get_user_nth(idx);
+
+ res = semanage_user_key_extract(sh, user, &key);
+
+ CU_ASSERT_FATAL(res >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ return key;
+}
+
+void add_local_user(int user_idx)
+{
+ semanage_user_t *user;
+ semanage_user_key_t *key = NULL;
+
+ CU_ASSERT_FATAL(user_idx != I_NULL);
+
+ user = get_user_nth(user_idx);
+
+ CU_ASSERT_FATAL(semanage_user_key_extract(sh, user, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(key);
+
+ CU_ASSERT_FATAL(semanage_user_modify_local(sh, key, user) >= 0);
+}
+
+void delete_local_user(int user_idx)
+{
+ semanage_user_key_t *key = NULL;
+
+ CU_ASSERT_FATAL(user_idx != I_NULL);
+
+ key = get_user_key_nth(user_idx);
+
+ CU_ASSERT_FATAL(semanage_user_del_local(sh, key) >= 0);
+}
+
+/* Function semanage_user_compare */
+void test_user_compare(void)
+{
+ semanage_user_t *user = NULL;
+ semanage_user_key_t *key1 = NULL;
+ semanage_user_key_t *key2 = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ user = get_user_nth(I_FIRST);
+ key1 = get_user_key_nth(I_FIRST);
+ key2 = get_user_key_nth(I_SECOND);
+
+ /* test */
+ res = semanage_user_compare(user, key1);
+ CU_ASSERT(res == 0);
+ res = semanage_user_compare(user, key2);
+ CU_ASSERT(res != 0);
+
+ /* cleanup */
+ semanage_user_free(user);
+ semanage_user_key_free(key1);
+ semanage_user_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_compare2 */
+void test_user_compare2(void)
+{
+ semanage_user_t *user1 = NULL;
+ semanage_user_t *user2 = NULL;
+ semanage_user_t *user3 = NULL;
+ int res = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ user1 = get_user_nth(I_FIRST);
+ user2 = get_user_nth(I_FIRST);
+ user3 = get_user_nth(I_SECOND);
+
+ /* test */
+ res = semanage_user_compare2(user1, user2);
+ CU_ASSERT(res == 0);
+ res = semanage_user_compare2(user1, user3);
+ CU_ASSERT(res != 0);
+
+ /* cleanup */
+ semanage_user_free(user1);
+ semanage_user_free(user2);
+ semanage_user_free(user3);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_key_create */
+void test_user_key_create(void)
+{
+ semanage_user_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_user_key_create(sh, "asdf", &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_user_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_key_extract */
+void test_user_key_extract(void)
+{
+ semanage_user_t *user = NULL;
+ semanage_user_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ user = get_user_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_user_key_extract(sh, user, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* cleanup */
+ semanage_user_free(user);
+ semanage_user_key_free(key);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_get_name, semanage_user_set_name */
+void test_user_get_set_name(void)
+{
+ semanage_user_t *user = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_user_create(sh, &user) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_user_set_name(sh, user, "user_u") == 0);
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_name(user), "user_u");
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_get_prefix, semanage_user_set_prefix */
+void test_user_get_set_prefix(void)
+{
+ semanage_user_t *user = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_user_create(sh, &user) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_user_set_prefix(sh, user, "user") == 0);
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_prefix(user), "user");
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_get_mlslevel, semanage_user_set_mlslevel */
+void test_user_get_set_mlslevel(void)
+{
+ semanage_user_t *user = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_user_create(sh, &user) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_user_set_mlslevel(sh, user, "s0") == 0);
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_mlslevel(user), "s0");
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_get_mlsrange, semanage_user_set_mlsrange */
+void test_user_get_set_mlsrange(void)
+{
+ semanage_user_t *user = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_user_create(sh, &user) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_user_set_mlsrange(sh, user, "s0-s15") == 0);
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_mlsrange(user), "s0-s15");
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_get_num_roles, semanage_user_add_role,
+ * semanage_user_del_role, semanage_user_has_role, semanage_user_get_roles
+ * semanage_user_set_roles
+ */
+void test_user_roles(void)
+{
+ semanage_user_t *user = NULL;
+ const char **roles_arr = NULL;
+ unsigned int num_roles = 42;
+ const char *new_roles_arr[] = { "new_role_r", "new_my_role_r" };
+ unsigned int new_num_roles = 2;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_user_create(sh, &user) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_user_get_num_roles(user) == 0);
+
+ CU_ASSERT(semanage_user_add_role(sh, user, "role_r") == 0);
+ CU_ASSERT(semanage_user_get_num_roles(user) == 1);
+
+ CU_ASSERT(semanage_user_has_role(user, "role_r"));
+ CU_ASSERT(!semanage_user_has_role(user, "my_role_r"));
+
+ CU_ASSERT(semanage_user_add_role(sh, user, "my_role_r") == 0);
+ CU_ASSERT(semanage_user_get_num_roles(user) == 2);
+
+ CU_ASSERT(semanage_user_get_roles(sh, user, &roles_arr,
+ &num_roles) >= 0);
+ CU_ASSERT(num_roles == 2);
+ CU_ASSERT_STRING_EQUAL(roles_arr[0], "role_r");
+ CU_ASSERT_STRING_EQUAL(roles_arr[1], "my_role_r");
+
+ CU_ASSERT(semanage_user_set_roles(sh, user, new_roles_arr,
+ new_num_roles) >= 0);
+
+ CU_ASSERT(semanage_user_has_role(user, "new_role_r"));
+ CU_ASSERT(semanage_user_has_role(user, "new_my_role_r"));
+
+ CU_ASSERT(!semanage_user_has_role(user, "role_r"));
+ CU_ASSERT(!semanage_user_has_role(user, "my_role_r"));
+
+ semanage_user_del_role(user, "new_my_role_r");
+ CU_ASSERT(semanage_user_get_num_roles(user) == 1);
+
+ semanage_user_del_role(user, "new_role_r");
+ CU_ASSERT(semanage_user_get_num_roles(user) == 0);
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_create */
+void test_user_create(void)
+{
+ semanage_user_t *user = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_user_create(sh, &user) >= 0);
+ CU_ASSERT(semanage_user_set_name(sh, user, "user_u") >= 0);
+ CU_ASSERT(semanage_user_set_prefix(sh, user, "user") >= 0);
+ CU_ASSERT(semanage_user_set_mlslevel(sh, user, "s0") >= 0);
+ CU_ASSERT(semanage_user_set_mlsrange(sh, user, "s0-s15") >= 0);
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_clone */
+void test_user_clone(void)
+{
+ semanage_user_t *user = NULL;
+ semanage_user_t *user_clone = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ CU_ASSERT(semanage_user_create(sh, &user) >= 0);
+ CU_ASSERT(semanage_user_set_name(sh, user, "user_u") >= 0);
+ CU_ASSERT(semanage_user_set_prefix(sh, user, "user") >= 0);
+ CU_ASSERT(semanage_user_set_mlslevel(sh, user, "s0") >= 0);
+ CU_ASSERT(semanage_user_set_mlsrange(sh, user, "s0-s15") >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_user_clone(sh, user, &user_clone) >= 0);
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_name(user), "user_u");
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_prefix(user), "user");
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_mlslevel(user), "s0");
+ CU_ASSERT_STRING_EQUAL(semanage_user_get_mlsrange(user), "s0-s15");
+
+ /* cleanup */
+ semanage_user_free(user);
+ semanage_user_free(user_clone);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_query */
+void test_user_query(void)
+{
+ semanage_user_t *user = NULL;
+ semanage_user_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key = get_user_key_nth(I_FIRST);
+
+ /* test */
+ CU_ASSERT(semanage_user_query(sh, key, &user) >= 0);
+
+ /* TODO: test values */
+ CU_ASSERT_PTR_NOT_NULL(user);
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_exists */
+void test_user_exists(void)
+{
+ semanage_user_key_t *key1 = NULL;
+ semanage_user_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+ key1 = get_user_key_nth(I_FIRST);
+ CU_ASSERT(semanage_user_key_create(sh, "asdf", &key2) >= 0);
+
+ /* test */
+ CU_ASSERT(semanage_user_exists(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_user_exists(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ semanage_user_key_free(key1);
+ semanage_user_key_free(key2);
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_count */
+void test_user_count(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_user_count(sh, &count) >= 0);
+ CU_ASSERT(count == USER_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_iterate */
+unsigned int counter_user_iterate = 0;
+
+int handler_user_iterate(const semanage_user_t *record, void *varg)
+{
+ counter_user_iterate++;
+ return 0;
+}
+
+void test_user_iterate(void)
+{
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ semanage_user_iterate(sh, handler_user_iterate, NULL);
+ CU_ASSERT(counter_user_iterate == USER_COUNT);
+
+ /* cleanup */
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_list */
+void test_user_list(void)
+{
+ semanage_user_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_CONNECT);
+
+ /* test */
+ CU_ASSERT(semanage_user_list(sh, &records, &count) >= 0);
+ CU_ASSERT(count == USER_COUNT);
+
+ /* TODO: check real values */
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_user_free(records[i]);
+
+ cleanup_handle(SH_CONNECT);
+}
+
+/* Function semanage_user_modify_local, semanage_user_del_local,
+ * semanage_user_query_local
+ */
+void test_user_modify_del_query_local(void)
+{
+ semanage_user_t *user;
+ semanage_user_t *user_local;
+ semanage_user_key_t *key = NULL;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ user = get_user_nth(I_FIRST);
+ CU_ASSERT(semanage_user_key_extract(sh, user, &key) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key);
+
+ /* test */
+ CU_ASSERT(semanage_user_modify_local(sh, key, user) >= 0);
+
+ /* write changes to file */
+ helper_commit();
+ helper_begin_transaction();
+
+ CU_ASSERT(semanage_user_query_local(sh, key, &user_local) >= 0);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(user_local);
+ CU_ASSERT(semanage_user_del_local(sh, key) >= 0);
+ CU_ASSERT(semanage_user_query_local(sh, key, &user_local) < 0);
+
+ /* cleanup */
+ semanage_user_free(user);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_user_exists_local */
+void test_user_exists_local(void)
+{
+ semanage_user_t *user = NULL;
+ semanage_user_key_t *key1 = NULL;
+ semanage_user_key_t *key2 = NULL;
+ int resp = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_user(I_FIRST);
+ key1 = get_user_key_nth(I_FIRST);
+ CU_ASSERT(semanage_user_key_create(sh, "asdf", &key2) >= 0);
+ CU_ASSERT_PTR_NOT_NULL(key2);
+
+ /* test */
+ CU_ASSERT(semanage_user_exists_local(sh, key1, &resp) >= 0);
+ CU_ASSERT(resp);
+ CU_ASSERT(semanage_user_exists_local(sh, key2, &resp) >= 0);
+ CU_ASSERT(!resp);
+
+ /* cleanup */
+ CU_ASSERT(semanage_user_del_local(sh, key1) >= 0);
+ semanage_user_free(user);
+ semanage_user_key_free(key1);
+ semanage_user_key_free(key2);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_user_count_local */
+void test_user_count_local(void)
+{
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_user(I_FIRST);
+ add_local_user(I_SECOND);
+ add_local_user(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_user_count_local(sh, &count) >= 0);
+ CU_ASSERT(count == 3);
+
+ /* cleanup */
+ delete_local_user(I_FIRST);
+ delete_local_user(I_SECOND);
+ delete_local_user(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_user_iterate_local */
+unsigned int counter_user_iterate_local = 0;
+
+int handler_user_iterate_local(const semanage_user_t *record, void *varg)
+{
+ counter_user_iterate_local++;
+ return 0;
+}
+
+void test_user_iterate_local(void)
+{
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_user(I_FIRST);
+ add_local_user(I_SECOND);
+ add_local_user(I_THIRD);
+
+ /* test */
+ semanage_user_iterate_local(sh, handler_user_iterate_local, NULL);
+ CU_ASSERT(counter_user_iterate_local == 3);
+
+ /* cleanup */
+ delete_local_user(I_FIRST);
+ delete_local_user(I_SECOND);
+ delete_local_user(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
+
+/* Function semanage_user_list_local */
+void test_user_list_local(void)
+{
+ semanage_user_t **records = NULL;
+ unsigned int count = 42;
+
+ /* setup */
+ setup_handle(SH_TRANS);
+ add_local_user(I_FIRST);
+ add_local_user(I_SECOND);
+ add_local_user(I_THIRD);
+
+ /* test */
+ CU_ASSERT(semanage_user_list_local(sh, &records, &count) >= 0);
+ CU_ASSERT(count == 3);
+
+ for (unsigned int i = 0; i < count; i++)
+ CU_ASSERT_PTR_NOT_NULL(records[i]);
+
+ /* cleanup */
+ for (unsigned int i = 0; i < count; i++)
+ semanage_user_free(records[i]);
+
+ delete_local_user(I_FIRST);
+ delete_local_user(I_SECOND);
+ delete_local_user(I_THIRD);
+ cleanup_handle(SH_TRANS);
+}
diff --git a/libsemanage/tests/test_user.cil b/libsemanage/tests/test_user.cil
new file mode 100644
index 0000000..1c65b9f
--- /dev/null
+++ b/libsemanage/tests/test_user.cil
@@ -0,0 +1,27 @@
+(typeattribute cil_gen_require)
+(roleattribute cil_gen_require)
+(handleunknown allow)
+(mls true)
+(policycap network_peer_controls)
+(policycap open_perms)
+(sid security)
+(sidorder (security))
+(sensitivity s0)
+(sensitivityorder (s0))
+(user first_u)
+(user second_u)
+(user third_u)
+(userrole first_u object_r)
+(userlevel first_u (s0))
+(userlevel second_u (s0))
+(userlevel third_u (s0))
+(userrange first_u ((s0) (s0)))
+(userrange second_u ((s0) (s0)))
+(userrange third_u ((s0) (s0)))
+(role object_r)
+(roletype object_r test_t)
+(type test_t)
+(sidcontext security (first_u object_r test_t ((s0) (s0))))
+(class test_class (test_perm))
+(classorder (test_class))
+(allow test_t self (test_class (test_perm)))
diff --git a/libsemanage/tests/test_user.h b/libsemanage/tests/test_user.h
new file mode 100644
index 0000000..014a84a
--- /dev/null
+++ b/libsemanage/tests/test_user.h
@@ -0,0 +1,30 @@
+/*
+ * Authors: Jan Zarsky <jzarsky@redhat.com>
+ *
+ * Copyright (C) 2019 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+#ifndef __TEST_USER_H__
+#define __TEST_USER_H__
+
+#include <CUnit/Basic.h>
+
+int user_test_init(void);
+int user_test_cleanup(void);
+int user_add_tests(CU_pSuite suite);
+
+#endif
diff --git a/libsemanage/tests/test_utilities.c b/libsemanage/tests/test_utilities.c
index 601508c..3360940 100644
--- a/libsemanage/tests/test_utilities.c
+++ b/libsemanage/tests/test_utilities.c
@@ -34,6 +34,8 @@
#include <string.h>
#include <unistd.h>
+#include "utilities.h"
+
void test_semanage_is_prefix(void);
void test_semanage_split_on_space(void);
void test_semanage_split(void);
@@ -140,18 +142,22 @@
if (!str) {
CU_FAIL
("semanage_split_on_space: unable to perform test, no memory");
+ return;
}
temp = semanage_split_on_space(str);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(temp);
CU_ASSERT_STRING_EQUAL(temp, "bar baz");
free(str);
str = temp;
temp = semanage_split_on_space(str);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(temp);
CU_ASSERT_STRING_EQUAL(temp, "baz");
free(str);
str = temp;
temp = semanage_split_on_space(str);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(temp);
CU_ASSERT_STRING_EQUAL(temp, "");
free(str);
free(temp);
@@ -168,21 +174,25 @@
return;
}
temp = semanage_split(str, NULL);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(temp);
CU_ASSERT_STRING_EQUAL(temp, "foo2 foo:bar:");
free(str);
str = temp;
temp = semanage_split(str, "");
+ CU_ASSERT_PTR_NOT_NULL_FATAL(temp);
CU_ASSERT_STRING_EQUAL(temp, "foo:bar:");
free(str);
str = temp;
temp = semanage_split(str, ":");
+ CU_ASSERT_PTR_NOT_NULL_FATAL(temp);
CU_ASSERT_STRING_EQUAL(temp, "bar:");
free(str);
str = temp;
temp = semanage_split(str, ":");
+ CU_ASSERT_PTR_NOT_NULL_FATAL(temp);
CU_ASSERT_STRING_EQUAL(temp, "");
free(str);
free(temp);
@@ -298,14 +308,17 @@
CU_FAIL_FATAL("Temporary file was not created, aborting test.");
}
tok = semanage_findval(fname, "one", NULL);
+ CU_ASSERT_PTR_NOT_NULL_FATAL(tok);
CU_ASSERT_STRING_EQUAL(tok, "");
free(tok);
rewind(fptr);
tok = semanage_findval(fname, "one", "");
+ CU_ASSERT_PTR_NOT_NULL_FATAL(tok);
CU_ASSERT_STRING_EQUAL(tok, "");
free(tok);
rewind(fptr);
tok = semanage_findval(fname, "sigma", "=");
+ CU_ASSERT_PTR_NOT_NULL_FATAL(tok);
CU_ASSERT_STRING_EQUAL(tok, "foo");
free(tok);
}
diff --git a/libsemanage/tests/utilities.c b/libsemanage/tests/utilities.c
index 7cc726c..1839321 100644
--- a/libsemanage/tests/utilities.c
+++ b/libsemanage/tests/utilities.c
@@ -1,6 +1,7 @@
/* Authors: Christopher Ashworth <cashworth@tresys.com>
*
* Copyright (C) 2006 Tresys Technology, LLC
+ * Copyright (C) 2019 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -17,16 +18,261 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
-/* The purpose of this file is to provide some functions commonly needed
+/* The purpose of this file is to provide some functions commonly needed
* by our unit tests.
*/
#include "utilities.h"
+int test_store_enabled = 0;
+
+semanage_handle_t *sh = NULL;
+
/* Silence any error output caused by our tests
- * by using this dummy function to catch messages.
+ * by using this dummy function to catch messages.
*/
-void test_msg_handler(void *varg,
- semanage_handle_t * handle, const char *fmt, ...)
+void test_msg_handler(void *varg, semanage_handle_t *handle, const char *fmt,
+ ...)
{
}
+
+int create_test_store() {
+ FILE *fptr;
+
+ if (mkdir("test-policy", 0700) < 0)
+ return -1;
+
+ if (mkdir("test-policy/store", 0700) < 0)
+ return -1;
+
+ if (mkdir("test-policy/store/active", 0700) < 0)
+ return -1;
+
+ if (mkdir("test-policy/store/active/modules", 0700) < 0)
+ return -1;
+
+ if (mkdir("test-policy/etc", 0700) < 0)
+ return -1;
+
+ if (mkdir("test-policy/etc/selinux", 0700) < 0)
+ return -1;
+
+ fptr = fopen("test-policy/etc/selinux/semanage.conf", "w+");
+
+ if (!fptr)
+ return -1;
+
+ fclose(fptr);
+
+ enable_test_store();
+ return 0;
+}
+
+void disable_test_store(void) {
+ test_store_enabled = 0;
+}
+
+void enable_test_store(void) {
+ test_store_enabled = 1;
+}
+
+int write_test_policy(char *data, size_t data_len) {
+ FILE *fptr = fopen("test-policy/store/active/policy.kern", "wb+");
+
+ if (!fptr) {
+ perror("fopen");
+ return -1;
+ }
+
+ if (fwrite(data, data_len, 1, fptr) != 1) {
+ perror("fwrite");
+ fclose(fptr);
+ return -1;
+ }
+
+ fclose(fptr);
+
+ return 0;
+}
+
+int write_test_policy_from_file(const char *filename) {
+ char *buf = NULL;
+ size_t len = 0;
+ FILE *fptr = fopen(filename, "rb");
+
+ if (!fptr) {
+ perror("fopen");
+ return -1;
+ }
+
+ fseek(fptr, 0, SEEK_END);
+ len = ftell(fptr);
+ fseek(fptr, 0, SEEK_SET);
+
+ buf = (char *) malloc(len);
+
+ if (!buf) {
+ perror("malloc");
+ fclose(fptr);
+ return -1;
+ }
+
+ fread(buf, len, 1, fptr);
+ fclose(fptr);
+
+ return write_test_policy(buf, len);
+}
+
+int write_test_policy_src(unsigned char *data, unsigned int data_len) {
+ if (mkdir("test-policy/store/active/modules/100", 0700) < 0)
+ return -1;
+
+ if (mkdir("test-policy/store/active/modules/100/base", 0700) < 0)
+ return -1;
+
+ FILE *fptr = fopen("test-policy/store/active/modules/100/base/cil",
+ "w+");
+
+ if (!fptr) {
+ perror("fopen");
+ return -1;
+ }
+
+ if (fwrite(data, data_len, 1, fptr) != 1) {
+ perror("fwrite");
+ fclose(fptr);
+ return -1;
+ }
+
+ fclose(fptr);
+
+ fptr = fopen("test-policy/store/active/modules/100/base/lang_ext",
+ "w+");
+
+ if (!fptr) {
+ perror("fopen");
+ return -1;
+ }
+
+ if (fwrite("cil", sizeof("cil"), 1, fptr) != 1) {
+ perror("fwrite");
+ fclose(fptr);
+ return -1;
+ }
+
+ fclose(fptr);
+
+ return 0;
+}
+
+int destroy_test_store() {
+ FTS *ftsp = NULL;
+ FTSENT *curr = NULL;
+ int ret = 0;
+
+ disable_test_store();
+
+ char *files[] = { (char *) "test-policy", NULL };
+
+ ftsp = fts_open(files, FTS_NOCHDIR | FTS_PHYSICAL | FTS_XDEV, NULL);
+
+ if (!ftsp)
+ return -1;
+
+ while ((curr = fts_read(ftsp)))
+ switch (curr->fts_info) {
+ case FTS_DP:
+ case FTS_F:
+ case FTS_SL:
+ case FTS_SLNONE:
+ case FTS_DEFAULT:
+ if (remove(curr->fts_accpath) < 0)
+ ret = -1;
+ default:
+ break;
+ }
+
+ fts_close(ftsp);
+
+ return ret;
+}
+
+void helper_handle_create(void) {
+ if (test_store_enabled)
+ semanage_set_root("test-policy");
+
+ sh = semanage_handle_create();
+ CU_ASSERT_PTR_NOT_NULL(sh);
+
+ semanage_msg_set_callback(sh, test_msg_handler, NULL);
+
+ if (test_store_enabled) {
+ semanage_set_create_store(sh, 1);
+ semanage_set_reload(sh, 0);
+ semanage_set_store_root(sh, "");
+ semanage_select_store(sh, (char *) "store",
+ SEMANAGE_CON_DIRECT);
+ }
+}
+
+void helper_handle_destroy(void) {
+ semanage_handle_destroy(sh);
+}
+
+void helper_connect(void) {
+ CU_ASSERT(semanage_connect(sh) >= 0);
+}
+
+void helper_disconnect(void) {
+ CU_ASSERT(semanage_disconnect(sh) >= 0);
+}
+
+void helper_begin_transaction(void) {
+ CU_ASSERT(semanage_begin_transaction(sh) >= 0);
+}
+
+void helper_commit(void) {
+ CU_ASSERT(semanage_commit(sh) >= 0);
+}
+
+void setup_handle(level_t level) {
+ if (level >= SH_NULL)
+ sh = NULL;
+
+ if (level >= SH_HANDLE)
+ helper_handle_create();
+
+ if (level >= SH_CONNECT)
+ helper_connect();
+
+ if (level >= SH_TRANS)
+ helper_begin_transaction();
+}
+
+void cleanup_handle(level_t level) {
+ if (level >= SH_TRANS)
+ helper_commit();
+
+ if (level >= SH_CONNECT)
+ helper_disconnect();
+
+ if (level >= SH_HANDLE)
+ helper_handle_destroy();
+
+ if (level >= SH_NULL)
+ sh = NULL;
+}
+
+void setup_handle_invalid_store(level_t level) {
+ CU_ASSERT(level >= SH_HANDLE);
+
+ helper_handle_create();
+
+ semanage_select_store(sh, (char *) "", SEMANAGE_CON_INVALID);
+
+ if (level >= SH_CONNECT)
+ helper_connect();
+
+ if (level >= SH_TRANS)
+ helper_begin_transaction();
+}
diff --git a/libsemanage/tests/utilities.h b/libsemanage/tests/utilities.h
index 781867d..db4dabf 100644
--- a/libsemanage/tests/utilities.h
+++ b/libsemanage/tests/utilities.h
@@ -1,6 +1,7 @@
/* Authors: Christopher Ashworth <cashworth@tresys.com>
*
* Copyright (C) 2006 Tresys Technology, LLC
+ * Copyright (C) 2019 Red Hat, Inc.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
@@ -17,7 +18,81 @@
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*/
-#include "handle.h"
+#ifndef __UTILITIES_H__
+#define __UTILITIES_H__
-void test_msg_handler(void *varg, semanage_handle_t * handle, const char *fmt,
+#include <stdio.h>
+#include <stdlib.h>
+#include <stdarg.h>
+#include <fts.h>
+#include <assert.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <CUnit/Basic.h>
+
+#include "semanage/semanage.h"
+
+#define CU_ASSERT_CONTEXT_EQUAL(CON1,CON2) \
+ do { \
+ char *__str; \
+ char *__str2; \
+ CU_ASSERT(semanage_context_to_string(sh, CON1, &__str) >= 0); \
+ CU_ASSERT(semanage_context_to_string(sh, CON2, &__str2) >= 0); \
+ CU_ASSERT_STRING_EQUAL(__str, __str2); \
+ } while (0)
+
+
+/* Override CU_*_FATAL() in order to help static analyzers by really asserting that an assertion holds */
+#ifdef __CHECKER__
+
+#undef CU_ASSERT_FATAL
+#define CU_ASSERT_FATAL(value) do { \
+ int _value = (value); \
+ CU_ASSERT(_value); \
+ assert(_value); \
+ } while (0)
+
+#undef CU_FAIL_FATAL
+#define CU_FAIL_FATAL(msg) do { \
+ CU_FAIL(msg); \
+ assert(0); \
+ } while (0)
+
+#undef CU_ASSERT_PTR_NOT_NULL_FATAL
+#define CU_ASSERT_PTR_NOT_NULL_FATAL(value) do { \
+ const void *_value = (value); \
+ CU_ASSERT_PTR_NOT_NULL(_value); \
+ assert(_value != NULL); \
+ } while (0)
+
+#endif /* __CHECKER__ */
+
+#define I_NULL -1
+#define I_FIRST 0
+#define I_SECOND 1
+#define I_THIRD 2
+
+typedef enum { SH_NULL, SH_HANDLE, SH_CONNECT, SH_TRANS } level_t;
+
+void test_msg_handler(void *varg, semanage_handle_t *handle, const char *fmt,
...);
+
+void setup_handle(level_t level);
+void cleanup_handle(level_t level);
+void setup_handle_invalid_store(level_t level);
+
+void helper_handle_create(void);
+void helper_handle_destroy(void);
+void helper_connect(void);
+void helper_disconnect(void);
+void helper_begin_transaction(void);
+void helper_commit(void);
+
+int create_test_store(void);
+int write_test_policy_from_file(const char *filename);
+int write_test_policy_src(unsigned char *data, unsigned int data_len);
+int destroy_test_store(void);
+void enable_test_store(void);
+void disable_test_store(void);
+
+#endif
diff --git a/libsepol/Android.bp b/libsepol/Android.bp
index 71935a9..0f63ee3 100644
--- a/libsepol/Android.bp
+++ b/libsepol/Android.bp
@@ -26,8 +26,6 @@
"src/debug.c",
"src/ebitmap.c",
"src/expand.c",
- "src/genbools.c",
- "src/genusers.c",
"src/handle.c",
"src/hashtab.c",
"src/hierarchy.c",
@@ -42,6 +40,7 @@
"src/module_to_cil.c",
"src/node_record.c",
"src/nodes.c",
+ "src/optimize.c",
"src/polcaps.c",
"src/policydb.c",
"src/policydb_convert.c",
diff --git a/libsepol/VERSION b/libsepol/VERSION
index 8c26915..9f55b2c 100644
--- a/libsepol/VERSION
+++ b/libsepol/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/libsepol/cil/src/cil.c b/libsepol/cil/src/cil.c
index 2a7ec06..d222ad3 100644
--- a/libsepol/cil/src/cil.c
+++ b/libsepol/cil/src/cil.c
@@ -77,6 +77,168 @@
{1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1}
};
+char *CIL_KEY_CONS_T1;
+char *CIL_KEY_CONS_T2;
+char *CIL_KEY_CONS_T3;
+char *CIL_KEY_CONS_R1;
+char *CIL_KEY_CONS_R2;
+char *CIL_KEY_CONS_R3;
+char *CIL_KEY_CONS_U1;
+char *CIL_KEY_CONS_U2;
+char *CIL_KEY_CONS_U3;
+char *CIL_KEY_CONS_L1;
+char *CIL_KEY_CONS_L2;
+char *CIL_KEY_CONS_H1;
+char *CIL_KEY_CONS_H2;
+char *CIL_KEY_AND;
+char *CIL_KEY_OR;
+char *CIL_KEY_NOT;
+char *CIL_KEY_EQ;
+char *CIL_KEY_NEQ;
+char *CIL_KEY_CONS_DOM;
+char *CIL_KEY_CONS_DOMBY;
+char *CIL_KEY_CONS_INCOMP;
+char *CIL_KEY_CONDTRUE;
+char *CIL_KEY_CONDFALSE;
+char *CIL_KEY_SELF;
+char *CIL_KEY_OBJECT_R;
+char *CIL_KEY_STAR;
+char *CIL_KEY_TCP;
+char *CIL_KEY_UDP;
+char *CIL_KEY_DCCP;
+char *CIL_KEY_SCTP;
+char *CIL_KEY_AUDITALLOW;
+char *CIL_KEY_TUNABLEIF;
+char *CIL_KEY_ALLOW;
+char *CIL_KEY_DONTAUDIT;
+char *CIL_KEY_TYPETRANSITION;
+char *CIL_KEY_TYPECHANGE;
+char *CIL_KEY_CALL;
+char *CIL_KEY_TUNABLE;
+char *CIL_KEY_XOR;
+char *CIL_KEY_ALL;
+char *CIL_KEY_RANGE;
+char *CIL_KEY_GLOB;
+char *CIL_KEY_FILE;
+char *CIL_KEY_DIR;
+char *CIL_KEY_CHAR;
+char *CIL_KEY_BLOCK;
+char *CIL_KEY_SOCKET;
+char *CIL_KEY_PIPE;
+char *CIL_KEY_SYMLINK;
+char *CIL_KEY_ANY;
+char *CIL_KEY_XATTR;
+char *CIL_KEY_TASK;
+char *CIL_KEY_TRANS;
+char *CIL_KEY_TYPE;
+char *CIL_KEY_ROLE;
+char *CIL_KEY_USER;
+char *CIL_KEY_USERATTRIBUTE;
+char *CIL_KEY_USERATTRIBUTESET;
+char *CIL_KEY_SENSITIVITY;
+char *CIL_KEY_CATEGORY;
+char *CIL_KEY_CATSET;
+char *CIL_KEY_LEVEL;
+char *CIL_KEY_LEVELRANGE;
+char *CIL_KEY_CLASS;
+char *CIL_KEY_IPADDR;
+char *CIL_KEY_MAP_CLASS;
+char *CIL_KEY_CLASSPERMISSION;
+char *CIL_KEY_BOOL;
+char *CIL_KEY_STRING;
+char *CIL_KEY_NAME;
+char *CIL_KEY_SOURCE;
+char *CIL_KEY_TARGET;
+char *CIL_KEY_LOW;
+char *CIL_KEY_HIGH;
+char *CIL_KEY_LOW_HIGH;
+char *CIL_KEY_GLBLUB;
+char *CIL_KEY_HANDLEUNKNOWN;
+char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+char *CIL_KEY_HANDLEUNKNOWN_DENY;
+char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+char *CIL_KEY_MACRO;
+char *CIL_KEY_IN;
+char *CIL_KEY_MLS;
+char *CIL_KEY_DEFAULTRANGE;
+char *CIL_KEY_BLOCKINHERIT;
+char *CIL_KEY_BLOCKABSTRACT;
+char *CIL_KEY_CLASSORDER;
+char *CIL_KEY_CLASSMAPPING;
+char *CIL_KEY_CLASSPERMISSIONSET;
+char *CIL_KEY_COMMON;
+char *CIL_KEY_CLASSCOMMON;
+char *CIL_KEY_SID;
+char *CIL_KEY_SIDCONTEXT;
+char *CIL_KEY_SIDORDER;
+char *CIL_KEY_USERLEVEL;
+char *CIL_KEY_USERRANGE;
+char *CIL_KEY_USERBOUNDS;
+char *CIL_KEY_USERPREFIX;
+char *CIL_KEY_SELINUXUSER;
+char *CIL_KEY_SELINUXUSERDEFAULT;
+char *CIL_KEY_TYPEATTRIBUTE;
+char *CIL_KEY_TYPEATTRIBUTESET;
+char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+char *CIL_KEY_TYPEALIAS;
+char *CIL_KEY_TYPEALIASACTUAL;
+char *CIL_KEY_TYPEBOUNDS;
+char *CIL_KEY_TYPEPERMISSIVE;
+char *CIL_KEY_RANGETRANSITION;
+char *CIL_KEY_USERROLE;
+char *CIL_KEY_ROLETYPE;
+char *CIL_KEY_ROLETRANSITION;
+char *CIL_KEY_ROLEALLOW;
+char *CIL_KEY_ROLEATTRIBUTE;
+char *CIL_KEY_ROLEATTRIBUTESET;
+char *CIL_KEY_ROLEBOUNDS;
+char *CIL_KEY_BOOLEANIF;
+char *CIL_KEY_NEVERALLOW;
+char *CIL_KEY_TYPEMEMBER;
+char *CIL_KEY_SENSALIAS;
+char *CIL_KEY_SENSALIASACTUAL;
+char *CIL_KEY_CATALIAS;
+char *CIL_KEY_CATALIASACTUAL;
+char *CIL_KEY_CATORDER;
+char *CIL_KEY_SENSITIVITYORDER;
+char *CIL_KEY_SENSCAT;
+char *CIL_KEY_CONSTRAIN;
+char *CIL_KEY_MLSCONSTRAIN;
+char *CIL_KEY_VALIDATETRANS;
+char *CIL_KEY_MLSVALIDATETRANS;
+char *CIL_KEY_CONTEXT;
+char *CIL_KEY_FILECON;
+char *CIL_KEY_IBPKEYCON;
+char *CIL_KEY_IBENDPORTCON;
+char *CIL_KEY_PORTCON;
+char *CIL_KEY_NODECON;
+char *CIL_KEY_GENFSCON;
+char *CIL_KEY_NETIFCON;
+char *CIL_KEY_PIRQCON;
+char *CIL_KEY_IOMEMCON;
+char *CIL_KEY_IOPORTCON;
+char *CIL_KEY_PCIDEVICECON;
+char *CIL_KEY_DEVICETREECON;
+char *CIL_KEY_FSUSE;
+char *CIL_KEY_POLICYCAP;
+char *CIL_KEY_OPTIONAL;
+char *CIL_KEY_DEFAULTUSER;
+char *CIL_KEY_DEFAULTROLE;
+char *CIL_KEY_DEFAULTTYPE;
+char *CIL_KEY_ROOT;
+char *CIL_KEY_NODE;
+char *CIL_KEY_PERM;
+char *CIL_KEY_ALLOWX;
+char *CIL_KEY_AUDITALLOWX;
+char *CIL_KEY_DONTAUDITX;
+char *CIL_KEY_NEVERALLOWX;
+char *CIL_KEY_PERMISSIONX;
+char *CIL_KEY_IOCTL;
+char *CIL_KEY_UNORDERED;
+char *CIL_KEY_SRC_INFO;
+char *CIL_KEY_SRC_CIL;
+char *CIL_KEY_SRC_HLL;
+
static void cil_init_keys(void)
{
/* Initialize CIL Keys into strpool */
@@ -227,6 +389,7 @@
CIL_KEY_LOW = cil_strpool_add("low");
CIL_KEY_HIGH = cil_strpool_add("high");
CIL_KEY_LOW_HIGH = cil_strpool_add("low-high");
+ CIL_KEY_GLBLUB = cil_strpool_add("glblub");
CIL_KEY_ROOT = cil_strpool_add("<root>");
CIL_KEY_NODE = cil_strpool_add("<node>");
CIL_KEY_PERM = cil_strpool_add("perm");
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 77ffc36..4cf6f48 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -1608,7 +1608,7 @@
continue;
}
- // if we got here, i is the end of this range (either becuase the func
+ // if we got here, i is the end of this range (either because the func
// is 0xff or the next bit isn't set). The next time around we are
// going to need a start a new range
high = i;
@@ -1665,7 +1665,7 @@
sepol_obj = pdb->class_val_to_struct[avtab_key->target_class - 1];
- // setting the data for an extended avtab isn't really neccessary because
+ // setting the data for an extended avtab isn't really necessary because
// it is ignored by the kernel. However, neverallow checking requires that
// the data value be set, so set it for that to work.
rc = __perm_str_to_datum(CIL_KEY_IOCTL, sepol_obj, &data);
@@ -4152,7 +4152,7 @@
int rc = SEPOL_ERR;
// these flags should get set in __cil_policydb_create. However, for
- // backwards compatability, it is possible that __cil_policydb_create is
+ // backwards compatibility, it is possible that __cil_policydb_create is
// never called. So, they must also be set here.
pdb->handle_unknown = db->handle_unknown;
pdb->mls = db->mls;
@@ -5043,11 +5043,13 @@
hashtab_destroy(avrulex_ioctl_table);
free(type_value_to_cil);
free(class_value_to_cil);
- /* Range is because libsepol values start at 1. */
- for (i=1; i < db->num_classes+1; i++) {
- free(perm_value_to_cil[i]);
+ if (perm_value_to_cil != NULL) {
+ /* Range is because libsepol values start at 1. */
+ for (i=1; i < db->num_classes+1; i++) {
+ free(perm_value_to_cil[i]);
+ }
+ free(perm_value_to_cil);
}
- free(perm_value_to_cil);
cil_list_destroy(&neverallows, CIL_FALSE);
return rc;
diff --git a/libsepol/cil/src/cil_binary.h b/libsepol/cil/src/cil_binary.h
index 5367feb..1004df4 100644
--- a/libsepol/cil/src/cil_binary.h
+++ b/libsepol/cil/src/cil_binary.h
@@ -49,11 +49,11 @@
/**
* Create a pre allocated binary policydb from the cil db.
*
- * It is assumed that pdb has been allocated and initialzed so that fields such
- * as policy type and version are set appropriately. It is reccomended that
+ * It is assumed that pdb has been allocated and initialized so that fields such
+ * as policy type and version are set appropriately. It is recommended that
* instead of calling this, one instead calls cil_binary_create, which will
* properly allocate and initialize the pdb and then calls this function. This
- * funcion is used to maintain binary backwards compatability.
+ * function is used to maintain binary backwards compatibility.
*
* @param[in] db The cil database.
* @param[in] pdb The policy database.
@@ -126,7 +126,7 @@
/**
* Insert cil typepermissive structure into sepol policydb.
- * The function looks up the perviously inserted type and flips the bit
+ * The function looks up the previously inserted type and flips the bit
* in the permssive types bitmap that corresponds to that type's value.
*
* @param[in] pdb The policy database to insert the typepermissive into.
diff --git a/libsepol/cil/src/cil_build_ast.c b/libsepol/cil/src/cil_build_ast.c
index b90b0f6..307b1ee 100644
--- a/libsepol/cil/src/cil_build_ast.c
+++ b/libsepol/cil/src/cil_build_ast.c
@@ -5894,7 +5894,7 @@
CIL_SYN_STRING,
CIL_SYN_STRING | CIL_SYN_LIST,
CIL_SYN_STRING,
- CIL_SYN_STRING,
+ CIL_SYN_STRING | CIL_SYN_END,
CIL_SYN_END
};
int syntax_len = sizeof(syntax)/sizeof(*syntax);
@@ -5917,8 +5917,8 @@
}
object = parse_current->next->next->data;
- range = parse_current->next->next->next->data;
if (object == CIL_KEY_SOURCE) {
+ range = parse_current->next->next->next->data;
if (range == CIL_KEY_LOW) {
def->object_range = CIL_DEFAULT_SOURCE_LOW;
} else if (range == CIL_KEY_HIGH) {
@@ -5930,7 +5930,8 @@
rc = SEPOL_ERR;
goto exit;
}
- } else if (parse_current->next->next->data == CIL_KEY_TARGET) {
+ } else if (object == CIL_KEY_TARGET) {
+ range = parse_current->next->next->next->data;
if (range == CIL_KEY_LOW) {
def->object_range = CIL_DEFAULT_TARGET_LOW;
} else if (range == CIL_KEY_HIGH) {
@@ -5942,8 +5943,10 @@
rc = SEPOL_ERR;
goto exit;
}
+ } else if (object == CIL_KEY_GLBLUB) {
+ def->object_range = CIL_DEFAULT_GLBLUB;
} else {
- cil_log(CIL_ERR,"Expected either \'source\' or \'target\'\n");
+ cil_log(CIL_ERR,"Expected \'source\', \'target\', or \'glblub\'\n");
rc = SEPOL_ERR;
goto exit;
}
@@ -6122,7 +6125,7 @@
rc = SEPOL_OK;
goto exit;
} else if (parse_current->data == NULL) {
- /* the only time parenthsis can immediately following parenthesis is if
+ /* the only time parenthesis can immediately following parenthesis is if
* the parent is the root node */
if (parse_current->parent->parent == NULL) {
rc = SEPOL_OK;
@@ -6541,7 +6544,7 @@
// At this point we no longer have any need for parse_current or any of its
// siblings; they have all been converted to the appropriate AST node. The
// full parse tree will get deleted elsewhere, but in an attempt to
- // minimize memory useage (of which the parse tree uses alot), start
+ // minimize memory usage (of which the parse tree uses a lot), start
// deleting the parts we don't need now.
cil_tree_children_destroy(parse_current->parent);
diff --git a/libsepol/cil/src/cil_copy_ast.c b/libsepol/cil/src/cil_copy_ast.c
index 7af00aa..67dd852 100644
--- a/libsepol/cil/src/cil_copy_ast.c
+++ b/libsepol/cil/src/cil_copy_ast.c
@@ -827,7 +827,7 @@
if (!new->is_extended) {
cil_copy_classperms_list(orig->perms.classperms, &new->perms.classperms);
} else {
- if (new->perms.x.permx_str != NULL) {
+ if (orig->perms.x.permx_str != NULL) {
new->perms.x.permx_str = orig->perms.x.permx_str;
} else {
cil_permissionx_init(&new->perms.x.permx);
diff --git a/libsepol/cil/src/cil_fqn.c b/libsepol/cil/src/cil_fqn.c
index 717358a..2e76f87 100644
--- a/libsepol/cil/src/cil_fqn.c
+++ b/libsepol/cil/src/cil_fqn.c
@@ -103,7 +103,7 @@
case CIL_SYM_IPADDRS:
case CIL_SYM_NAMES:
case CIL_SYM_PERMX:
- /* These do not show up in the kernal policy */
+ /* These do not show up in the kernel policy */
break;
case CIL_SYM_POLICYCAPS:
/* Valid policy capability names are defined in libsepol */
diff --git a/libsepol/cil/src/cil_internal.h b/libsepol/cil/src/cil_internal.h
index 6ff3228..9bdcbdd 100644
--- a/libsepol/cil/src/cil_internal.h
+++ b/libsepol/cil/src/cil_internal.h
@@ -74,166 +74,167 @@
/*
Keywords
*/
-char *CIL_KEY_CONS_T1;
-char *CIL_KEY_CONS_T2;
-char *CIL_KEY_CONS_T3;
-char *CIL_KEY_CONS_R1;
-char *CIL_KEY_CONS_R2;
-char *CIL_KEY_CONS_R3;
-char *CIL_KEY_CONS_U1;
-char *CIL_KEY_CONS_U2;
-char *CIL_KEY_CONS_U3;
-char *CIL_KEY_CONS_L1;
-char *CIL_KEY_CONS_L2;
-char *CIL_KEY_CONS_H1;
-char *CIL_KEY_CONS_H2;
-char *CIL_KEY_AND;
-char *CIL_KEY_OR;
-char *CIL_KEY_NOT;
-char *CIL_KEY_EQ;
-char *CIL_KEY_NEQ;
-char *CIL_KEY_CONS_DOM;
-char *CIL_KEY_CONS_DOMBY;
-char *CIL_KEY_CONS_INCOMP;
-char *CIL_KEY_CONDTRUE;
-char *CIL_KEY_CONDFALSE;
-char *CIL_KEY_SELF;
-char *CIL_KEY_OBJECT_R;
-char *CIL_KEY_STAR;
-char *CIL_KEY_TCP;
-char *CIL_KEY_UDP;
-char *CIL_KEY_DCCP;
-char *CIL_KEY_SCTP;
-char *CIL_KEY_AUDITALLOW;
-char *CIL_KEY_TUNABLEIF;
-char *CIL_KEY_ALLOW;
-char *CIL_KEY_DONTAUDIT;
-char *CIL_KEY_TYPETRANSITION;
-char *CIL_KEY_TYPECHANGE;
-char *CIL_KEY_CALL;
-char *CIL_KEY_TUNABLE;
-char *CIL_KEY_XOR;
-char *CIL_KEY_ALL;
-char *CIL_KEY_RANGE;
-char *CIL_KEY_GLOB;
-char *CIL_KEY_FILE;
-char *CIL_KEY_DIR;
-char *CIL_KEY_CHAR;
-char *CIL_KEY_BLOCK;
-char *CIL_KEY_SOCKET;
-char *CIL_KEY_PIPE;
-char *CIL_KEY_SYMLINK;
-char *CIL_KEY_ANY;
-char *CIL_KEY_XATTR;
-char *CIL_KEY_TASK;
-char *CIL_KEY_TRANS;
-char *CIL_KEY_TYPE;
-char *CIL_KEY_ROLE;
-char *CIL_KEY_USER;
-char *CIL_KEY_USERATTRIBUTE;
-char *CIL_KEY_USERATTRIBUTESET;
-char *CIL_KEY_SENSITIVITY;
-char *CIL_KEY_CATEGORY;
-char *CIL_KEY_CATSET;
-char *CIL_KEY_LEVEL;
-char *CIL_KEY_LEVELRANGE;
-char *CIL_KEY_CLASS;
-char *CIL_KEY_IPADDR;
-char *CIL_KEY_MAP_CLASS;
-char *CIL_KEY_CLASSPERMISSION;
-char *CIL_KEY_BOOL;
-char *CIL_KEY_STRING;
-char *CIL_KEY_NAME;
-char *CIL_KEY_SOURCE;
-char *CIL_KEY_TARGET;
-char *CIL_KEY_LOW;
-char *CIL_KEY_HIGH;
-char *CIL_KEY_LOW_HIGH;
-char *CIL_KEY_HANDLEUNKNOWN;
-char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
-char *CIL_KEY_HANDLEUNKNOWN_DENY;
-char *CIL_KEY_HANDLEUNKNOWN_REJECT;
-char *CIL_KEY_MACRO;
-char *CIL_KEY_IN;
-char *CIL_KEY_MLS;
-char *CIL_KEY_DEFAULTRANGE;
-char *CIL_KEY_BLOCKINHERIT;
-char *CIL_KEY_BLOCKABSTRACT;
-char *CIL_KEY_CLASSORDER;
-char *CIL_KEY_CLASSMAPPING;
-char *CIL_KEY_CLASSPERMISSIONSET;
-char *CIL_KEY_COMMON;
-char *CIL_KEY_CLASSCOMMON;
-char *CIL_KEY_SID;
-char *CIL_KEY_SIDCONTEXT;
-char *CIL_KEY_SIDORDER;
-char *CIL_KEY_USERLEVEL;
-char *CIL_KEY_USERRANGE;
-char *CIL_KEY_USERBOUNDS;
-char *CIL_KEY_USERPREFIX;
-char *CIL_KEY_SELINUXUSER;
-char *CIL_KEY_SELINUXUSERDEFAULT;
-char *CIL_KEY_TYPEATTRIBUTE;
-char *CIL_KEY_TYPEATTRIBUTESET;
-char *CIL_KEY_EXPANDTYPEATTRIBUTE;
-char *CIL_KEY_TYPEALIAS;
-char *CIL_KEY_TYPEALIASACTUAL;
-char *CIL_KEY_TYPEBOUNDS;
-char *CIL_KEY_TYPEPERMISSIVE;
-char *CIL_KEY_RANGETRANSITION;
-char *CIL_KEY_USERROLE;
-char *CIL_KEY_ROLETYPE;
-char *CIL_KEY_ROLETRANSITION;
-char *CIL_KEY_ROLEALLOW;
-char *CIL_KEY_ROLEATTRIBUTE;
-char *CIL_KEY_ROLEATTRIBUTESET;
-char *CIL_KEY_ROLEBOUNDS;
-char *CIL_KEY_BOOLEANIF;
-char *CIL_KEY_NEVERALLOW;
-char *CIL_KEY_TYPEMEMBER;
-char *CIL_KEY_SENSALIAS;
-char *CIL_KEY_SENSALIASACTUAL;
-char *CIL_KEY_CATALIAS;
-char *CIL_KEY_CATALIASACTUAL;
-char *CIL_KEY_CATORDER;
-char *CIL_KEY_SENSITIVITYORDER;
-char *CIL_KEY_SENSCAT;
-char *CIL_KEY_CONSTRAIN;
-char *CIL_KEY_MLSCONSTRAIN;
-char *CIL_KEY_VALIDATETRANS;
-char *CIL_KEY_MLSVALIDATETRANS;
-char *CIL_KEY_CONTEXT;
-char *CIL_KEY_FILECON;
-char *CIL_KEY_IBPKEYCON;
-char *CIL_KEY_IBENDPORTCON;
-char *CIL_KEY_PORTCON;
-char *CIL_KEY_NODECON;
-char *CIL_KEY_GENFSCON;
-char *CIL_KEY_NETIFCON;
-char *CIL_KEY_PIRQCON;
-char *CIL_KEY_IOMEMCON;
-char *CIL_KEY_IOPORTCON;
-char *CIL_KEY_PCIDEVICECON;
-char *CIL_KEY_DEVICETREECON;
-char *CIL_KEY_FSUSE;
-char *CIL_KEY_POLICYCAP;
-char *CIL_KEY_OPTIONAL;
-char *CIL_KEY_DEFAULTUSER;
-char *CIL_KEY_DEFAULTROLE;
-char *CIL_KEY_DEFAULTTYPE;
-char *CIL_KEY_ROOT;
-char *CIL_KEY_NODE;
-char *CIL_KEY_PERM;
-char *CIL_KEY_ALLOWX;
-char *CIL_KEY_AUDITALLOWX;
-char *CIL_KEY_DONTAUDITX;
-char *CIL_KEY_NEVERALLOWX;
-char *CIL_KEY_PERMISSIONX;
-char *CIL_KEY_IOCTL;
-char *CIL_KEY_UNORDERED;
-char *CIL_KEY_SRC_INFO;
-char *CIL_KEY_SRC_CIL;
-char *CIL_KEY_SRC_HLL;
+extern char *CIL_KEY_CONS_T1;
+extern char *CIL_KEY_CONS_T2;
+extern char *CIL_KEY_CONS_T3;
+extern char *CIL_KEY_CONS_R1;
+extern char *CIL_KEY_CONS_R2;
+extern char *CIL_KEY_CONS_R3;
+extern char *CIL_KEY_CONS_U1;
+extern char *CIL_KEY_CONS_U2;
+extern char *CIL_KEY_CONS_U3;
+extern char *CIL_KEY_CONS_L1;
+extern char *CIL_KEY_CONS_L2;
+extern char *CIL_KEY_CONS_H1;
+extern char *CIL_KEY_CONS_H2;
+extern char *CIL_KEY_AND;
+extern char *CIL_KEY_OR;
+extern char *CIL_KEY_NOT;
+extern char *CIL_KEY_EQ;
+extern char *CIL_KEY_NEQ;
+extern char *CIL_KEY_CONS_DOM;
+extern char *CIL_KEY_CONS_DOMBY;
+extern char *CIL_KEY_CONS_INCOMP;
+extern char *CIL_KEY_CONDTRUE;
+extern char *CIL_KEY_CONDFALSE;
+extern char *CIL_KEY_SELF;
+extern char *CIL_KEY_OBJECT_R;
+extern char *CIL_KEY_STAR;
+extern char *CIL_KEY_TCP;
+extern char *CIL_KEY_UDP;
+extern char *CIL_KEY_DCCP;
+extern char *CIL_KEY_SCTP;
+extern char *CIL_KEY_AUDITALLOW;
+extern char *CIL_KEY_TUNABLEIF;
+extern char *CIL_KEY_ALLOW;
+extern char *CIL_KEY_DONTAUDIT;
+extern char *CIL_KEY_TYPETRANSITION;
+extern char *CIL_KEY_TYPECHANGE;
+extern char *CIL_KEY_CALL;
+extern char *CIL_KEY_TUNABLE;
+extern char *CIL_KEY_XOR;
+extern char *CIL_KEY_ALL;
+extern char *CIL_KEY_RANGE;
+extern char *CIL_KEY_GLOB;
+extern char *CIL_KEY_FILE;
+extern char *CIL_KEY_DIR;
+extern char *CIL_KEY_CHAR;
+extern char *CIL_KEY_BLOCK;
+extern char *CIL_KEY_SOCKET;
+extern char *CIL_KEY_PIPE;
+extern char *CIL_KEY_SYMLINK;
+extern char *CIL_KEY_ANY;
+extern char *CIL_KEY_XATTR;
+extern char *CIL_KEY_TASK;
+extern char *CIL_KEY_TRANS;
+extern char *CIL_KEY_TYPE;
+extern char *CIL_KEY_ROLE;
+extern char *CIL_KEY_USER;
+extern char *CIL_KEY_USERATTRIBUTE;
+extern char *CIL_KEY_USERATTRIBUTESET;
+extern char *CIL_KEY_SENSITIVITY;
+extern char *CIL_KEY_CATEGORY;
+extern char *CIL_KEY_CATSET;
+extern char *CIL_KEY_LEVEL;
+extern char *CIL_KEY_LEVELRANGE;
+extern char *CIL_KEY_CLASS;
+extern char *CIL_KEY_IPADDR;
+extern char *CIL_KEY_MAP_CLASS;
+extern char *CIL_KEY_CLASSPERMISSION;
+extern char *CIL_KEY_BOOL;
+extern char *CIL_KEY_STRING;
+extern char *CIL_KEY_NAME;
+extern char *CIL_KEY_SOURCE;
+extern char *CIL_KEY_TARGET;
+extern char *CIL_KEY_LOW;
+extern char *CIL_KEY_HIGH;
+extern char *CIL_KEY_LOW_HIGH;
+extern char *CIL_KEY_GLBLUB;
+extern char *CIL_KEY_HANDLEUNKNOWN;
+extern char *CIL_KEY_HANDLEUNKNOWN_ALLOW;
+extern char *CIL_KEY_HANDLEUNKNOWN_DENY;
+extern char *CIL_KEY_HANDLEUNKNOWN_REJECT;
+extern char *CIL_KEY_MACRO;
+extern char *CIL_KEY_IN;
+extern char *CIL_KEY_MLS;
+extern char *CIL_KEY_DEFAULTRANGE;
+extern char *CIL_KEY_BLOCKINHERIT;
+extern char *CIL_KEY_BLOCKABSTRACT;
+extern char *CIL_KEY_CLASSORDER;
+extern char *CIL_KEY_CLASSMAPPING;
+extern char *CIL_KEY_CLASSPERMISSIONSET;
+extern char *CIL_KEY_COMMON;
+extern char *CIL_KEY_CLASSCOMMON;
+extern char *CIL_KEY_SID;
+extern char *CIL_KEY_SIDCONTEXT;
+extern char *CIL_KEY_SIDORDER;
+extern char *CIL_KEY_USERLEVEL;
+extern char *CIL_KEY_USERRANGE;
+extern char *CIL_KEY_USERBOUNDS;
+extern char *CIL_KEY_USERPREFIX;
+extern char *CIL_KEY_SELINUXUSER;
+extern char *CIL_KEY_SELINUXUSERDEFAULT;
+extern char *CIL_KEY_TYPEATTRIBUTE;
+extern char *CIL_KEY_TYPEATTRIBUTESET;
+extern char *CIL_KEY_EXPANDTYPEATTRIBUTE;
+extern char *CIL_KEY_TYPEALIAS;
+extern char *CIL_KEY_TYPEALIASACTUAL;
+extern char *CIL_KEY_TYPEBOUNDS;
+extern char *CIL_KEY_TYPEPERMISSIVE;
+extern char *CIL_KEY_RANGETRANSITION;
+extern char *CIL_KEY_USERROLE;
+extern char *CIL_KEY_ROLETYPE;
+extern char *CIL_KEY_ROLETRANSITION;
+extern char *CIL_KEY_ROLEALLOW;
+extern char *CIL_KEY_ROLEATTRIBUTE;
+extern char *CIL_KEY_ROLEATTRIBUTESET;
+extern char *CIL_KEY_ROLEBOUNDS;
+extern char *CIL_KEY_BOOLEANIF;
+extern char *CIL_KEY_NEVERALLOW;
+extern char *CIL_KEY_TYPEMEMBER;
+extern char *CIL_KEY_SENSALIAS;
+extern char *CIL_KEY_SENSALIASACTUAL;
+extern char *CIL_KEY_CATALIAS;
+extern char *CIL_KEY_CATALIASACTUAL;
+extern char *CIL_KEY_CATORDER;
+extern char *CIL_KEY_SENSITIVITYORDER;
+extern char *CIL_KEY_SENSCAT;
+extern char *CIL_KEY_CONSTRAIN;
+extern char *CIL_KEY_MLSCONSTRAIN;
+extern char *CIL_KEY_VALIDATETRANS;
+extern char *CIL_KEY_MLSVALIDATETRANS;
+extern char *CIL_KEY_CONTEXT;
+extern char *CIL_KEY_FILECON;
+extern char *CIL_KEY_IBPKEYCON;
+extern char *CIL_KEY_IBENDPORTCON;
+extern char *CIL_KEY_PORTCON;
+extern char *CIL_KEY_NODECON;
+extern char *CIL_KEY_GENFSCON;
+extern char *CIL_KEY_NETIFCON;
+extern char *CIL_KEY_PIRQCON;
+extern char *CIL_KEY_IOMEMCON;
+extern char *CIL_KEY_IOPORTCON;
+extern char *CIL_KEY_PCIDEVICECON;
+extern char *CIL_KEY_DEVICETREECON;
+extern char *CIL_KEY_FSUSE;
+extern char *CIL_KEY_POLICYCAP;
+extern char *CIL_KEY_OPTIONAL;
+extern char *CIL_KEY_DEFAULTUSER;
+extern char *CIL_KEY_DEFAULTROLE;
+extern char *CIL_KEY_DEFAULTTYPE;
+extern char *CIL_KEY_ROOT;
+extern char *CIL_KEY_NODE;
+extern char *CIL_KEY_PERM;
+extern char *CIL_KEY_ALLOWX;
+extern char *CIL_KEY_AUDITALLOWX;
+extern char *CIL_KEY_DONTAUDITX;
+extern char *CIL_KEY_NEVERALLOWX;
+extern char *CIL_KEY_PERMISSIONX;
+extern char *CIL_KEY_IOCTL;
+extern char *CIL_KEY_UNORDERED;
+extern char *CIL_KEY_SRC_INFO;
+extern char *CIL_KEY_SRC_CIL;
+extern char *CIL_KEY_SRC_HLL;
/*
Symbol Table Array Indices
@@ -941,6 +942,7 @@
CIL_DEFAULT_TARGET_LOW = DEFAULT_TARGET_LOW,
CIL_DEFAULT_TARGET_HIGH = DEFAULT_TARGET_HIGH,
CIL_DEFAULT_TARGET_LOW_HIGH = DEFAULT_TARGET_LOW_HIGH,
+ CIL_DEFAULT_GLBLUB = DEFAULT_GLBLUB,
};
/* Default labeling behavior for range */
diff --git a/libsepol/cil/src/cil_mem.c b/libsepol/cil/src/cil_mem.c
index 12c59be..f73021b 100644
--- a/libsepol/cil/src/cil_mem.c
+++ b/libsepol/cil/src/cil_mem.c
@@ -34,19 +34,6 @@
#include "cil_log.h"
-__attribute__((noreturn)) void cil_default_mem_error_handler(void)
-{
- cil_log(CIL_ERR, "Failed to allocate memory\n");
- exit(1);
-}
-
-void (*cil_mem_error_handler)(void) = &cil_default_mem_error_handler;
-
-void cil_set_mem_error_handler(void (*handler)(void))
-{
- cil_mem_error_handler = handler;
-}
-
void *cil_malloc(size_t size)
{
void *mem = malloc(size);
@@ -54,7 +41,8 @@
if (size == 0) {
return NULL;
}
- (*cil_mem_error_handler)();
+ cil_log(CIL_ERR, "Failed to allocate memory\n");
+ exit(1);
}
return mem;
@@ -64,7 +52,8 @@
{
void *mem = calloc(num_elements, element_size);
if (mem == NULL){
- (*cil_mem_error_handler)();
+ cil_log(CIL_ERR, "Failed to allocate memory\n");
+ exit(1);
}
return mem;
@@ -77,7 +66,8 @@
if (size == 0) {
return NULL;
}
- (*cil_mem_error_handler)();
+ cil_log(CIL_ERR, "Failed to allocate memory\n");
+ exit(1);
}
return mem;
@@ -94,7 +84,8 @@
mem = strdup(str);
if (mem == NULL) {
- (*cil_mem_error_handler)();
+ cil_log(CIL_ERR, "Failed to allocate memory\n");
+ exit(1);
}
return mem;
@@ -110,7 +101,8 @@
va_end(ap);
if (rc == -1) {
- (*cil_mem_error_handler)();
+ cil_log(CIL_ERR, "Failed to allocate memory\n");
+ exit(1);
}
return rc;
diff --git a/libsepol/cil/src/cil_mem.h b/libsepol/cil/src/cil_mem.h
index 902ce13..794f02a 100644
--- a/libsepol/cil/src/cil_mem.h
+++ b/libsepol/cil/src/cil_mem.h
@@ -36,7 +36,6 @@
void *cil_realloc(void *ptr, size_t size);
char *cil_strdup(const char *str);
int cil_asprintf(char **strp, const char *fmt, ...);
-void (*cil_mem_error_handler)(void);
#endif /* CIL_MEM_H_ */
diff --git a/libsepol/cil/src/cil_policy.c b/libsepol/cil/src/cil_policy.c
index 1adf22a..06d7d74 100644
--- a/libsepol/cil/src/cil_policy.c
+++ b/libsepol/cil/src/cil_policy.c
@@ -834,6 +834,9 @@
case CIL_DEFAULT_TARGET_LOW_HIGH:
fprintf(out," %s %s", CIL_KEY_TARGET, CIL_KEY_LOW_HIGH);
break;
+ case CIL_DEFAULT_GLBLUB:
+ fprintf(out," %s", CIL_KEY_GLBLUB);
+ break;
default:
break;
}
diff --git a/libsepol/cil/src/cil_post.c b/libsepol/cil/src/cil_post.c
index 708b432..a0cadfd 100644
--- a/libsepol/cil/src/cil_post.c
+++ b/libsepol/cil/src/cil_post.c
@@ -2309,7 +2309,7 @@
rc = cil_tree_walk(db->ast->root, __cil_post_db_count_helper, NULL, NULL, db);
if (rc != SEPOL_OK) {
- cil_log(CIL_INFO, "Failure during cil databse count helper\n");
+ cil_log(CIL_INFO, "Failure during cil database count helper\n");
goto exit;
}
diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c
index ea08087..8757586 100644
--- a/libsepol/cil/src/cil_resolve_ast.c
+++ b/libsepol/cil/src/cil_resolve_ast.c
@@ -131,18 +131,14 @@
}
}
if (rc != SEPOL_OK) {
- struct cil_list *empty_list;
if (class_flavor == CIL_MAP_CLASS) {
cil_log(CIL_ERR, "Failed to resolve permission %s for map class\n", (char*)curr->data);
- goto exit;
+ } else {
+ cil_log(CIL_ERR, "Failed to resolve permission %s\n", (char*)curr->data);
}
- cil_log(CIL_WARN, "Failed to resolve permission %s\n", (char*)curr->data);
- /* Use an empty list to represent unknown perm */
- cil_list_init(&empty_list, perm_strs->flavor);
- cil_list_append(*perm_datums, CIL_LIST, empty_list);
- } else {
- cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
+ goto exit;
}
+ cil_list_append(*perm_datums, CIL_DATUM, perm_datum);
} else {
cil_list_append(*perm_datums, curr->flavor, curr->data);
}
@@ -1382,7 +1378,7 @@
cil_list_for_each(item, unordered_list->list) {
if (cil_list_contains(merged, item->data)) {
- /* item was declared in an ordered statement, which supercedes
+ /* item was declared in an ordered statement, which supersedes
* all unordered statements */
if (item->flavor == CIL_CLASS) {
cil_log(CIL_WARN, "Ignoring '%s' as it has already been declared in classorder.\n", ((struct cil_class*)(item->data))->datum.name);
@@ -3765,14 +3761,16 @@
enum cil_log_level lvl = CIL_ERR;
if (optstack != NULL) {
- lvl = CIL_WARN;
+ lvl = CIL_INFO;
struct cil_optional *opt = (struct cil_optional *)optstack->data;
struct cil_tree_node *opt_node = opt->datum.nodes->head->data;
- cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
/* disable an optional if something failed to resolve */
opt->enabled = CIL_FALSE;
+ cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
+ cil_tree_log(opt_node, lvl, "Disabling optional '%s'", opt->datum.name);
rc = SEPOL_OK;
+ goto exit;
}
cil_tree_log(node, lvl, "Failed to resolve %s statement", cil_node_to_string(node));
@@ -3988,7 +3986,7 @@
if (changed && (pass > CIL_PASS_CALL1)) {
/* Need to re-resolve because an optional was disabled that contained
* one or more declarations. We only need to reset to the call1 pass
- * because things done in the preceeding passes aren't allowed in
+ * because things done in the preceding passes aren't allowed in
* optionals, and thus can't be disabled.
* Note: set pass to CIL_PASS_CALL1 because the pass++ will increment
* it to CIL_PASS_CALL2
diff --git a/libsepol/cil/src/cil_strpool.c b/libsepol/cil/src/cil_strpool.c
index 97d4c4b..2598bbf 100644
--- a/libsepol/cil/src/cil_strpool.c
+++ b/libsepol/cil/src/cil_strpool.c
@@ -80,8 +80,8 @@
int rc = hashtab_insert(cil_strpool_tab, (hashtab_key_t)strpool_ref->str, strpool_ref);
if (rc != SEPOL_OK) {
pthread_mutex_unlock(&cil_strpool_mutex);
- (*cil_mem_error_handler)();
- pthread_mutex_lock(&cil_strpool_mutex);
+ cil_log(CIL_ERR, "Failed to allocate memory\n");
+ exit(1);
}
}
@@ -104,8 +104,8 @@
cil_strpool_tab = hashtab_create(cil_strpool_hash, cil_strpool_compare, CIL_STRPOOL_TABLE_SIZE);
if (cil_strpool_tab == NULL) {
pthread_mutex_unlock(&cil_strpool_mutex);
- (*cil_mem_error_handler)();
- return;
+ cil_log(CIL_ERR, "Failed to allocate memory\n");
+ exit(1);
}
}
cil_strpool_readers++;
diff --git a/libsepol/cil/src/cil_verify.c b/libsepol/cil/src/cil_verify.c
index 1a21cf4..018514d 100644
--- a/libsepol/cil/src/cil_verify.c
+++ b/libsepol/cil/src/cil_verify.c
@@ -225,6 +225,9 @@
cil_log(CIL_ERR, "u3, r3, and t3 can only be used with (mls)validatetrans rules\n");
goto exit;
}
+ } else if (r_flavor == CIL_LIST) {
+ cil_log(CIL_ERR, "t1, t2, r1, r2, u1, u2 cannot be used on the left side with a list on the right side\n");
+ goto exit;
}
} else {
if (r_flavor == CIL_CONS_U2) {
diff --git a/libsepol/include/sepol/booleans.h b/libsepol/include/sepol/booleans.h
index 2966903..06d2230 100644
--- a/libsepol/include/sepol/booleans.h
+++ b/libsepol/include/sepol/booleans.h
@@ -10,23 +10,10 @@
extern "C" {
#endif
-/*--------------compatibility--------------*/
-
-/* Given an existing binary policy (starting at 'data', with length 'len')
- and a boolean configuration file named by 'boolpath', rewrite the binary
- policy for the boolean settings in the boolean configuration file.
- The binary policy is rewritten in place in memory.
- Returns 0 upon success, or -1 otherwise. */
+/* These two functions are deprecated. See src/deprecated_funcs.c */
extern int sepol_genbools(void *data, size_t len, const char *boolpath);
-
-/* Given an existing binary policy (starting at 'data', with length 'len')
- and boolean settings specified by the parallel arrays ('names', 'values')
- with 'nel' elements, rewrite the binary policy for the boolean settings.
- The binary policy is rewritten in place in memory.
- Returns 0 upon success or -1 otherwise. */
extern int sepol_genbools_array(void *data, size_t len,
char **names, int *values, int nel);
-/*---------------end compatbility------------*/
/* Set the specified boolean */
extern int sepol_bool_set(sepol_handle_t * handle,
diff --git a/libsepol/include/sepol/policydb.h b/libsepol/include/sepol/policydb.h
index 6769b91..792913d 100644
--- a/libsepol/include/sepol/policydb.h
+++ b/libsepol/include/sepol/policydb.h
@@ -100,6 +100,11 @@
extern int sepol_policydb_set_target_platform(sepol_policydb_t * p,
int target_platform);
+/*
+ * Optimize the policy by removing redundant rules.
+ */
+extern int sepol_policydb_optimize(sepol_policydb_t * p);
+
/*
* Read a policydb from a policy file.
* This automatically sets the type and version based on the
diff --git a/libsepol/include/sepol/policydb/context.h b/libsepol/include/sepol/policydb/context.h
index c27c334..37cdc59 100644
--- a/libsepol/include/sepol/policydb/context.h
+++ b/libsepol/include/sepol/policydb/context.h
@@ -92,6 +92,11 @@
return rc;
}
+static inline int mls_context_glblub(context_struct_t *dst, context_struct_t *c1, context_struct_t *c2)
+{
+ return mls_range_glblub(&dst->range, &c1->range, &c2->range);
+}
+
static inline int mls_context_cmp(context_struct_t * c1, context_struct_t * c2)
{
return (mls_level_eq(&c1->range.level[0], &c2->range.level[0]) &&
diff --git a/libsepol/include/sepol/policydb/hashtab.h b/libsepol/include/sepol/policydb/hashtab.h
index ef1bb67..ca5ba862 100644
--- a/libsepol/include/sepol/policydb/hashtab.h
+++ b/libsepol/include/sepol/policydb/hashtab.h
@@ -47,7 +47,7 @@
/*
Creates a new hash table with the specified characteristics.
- Returns NULL if insufficent space is available or
+ Returns NULL if insufficient space is available or
the new hash table otherwise.
*/
extern hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
diff --git a/libsepol/include/sepol/policydb/mls_types.h b/libsepol/include/sepol/policydb/mls_types.h
index a06723b..0ba6d9d 100644
--- a/libsepol/include/sepol/policydb/mls_types.h
+++ b/libsepol/include/sepol/policydb/mls_types.h
@@ -30,8 +30,10 @@
#ifndef _SEPOL_POLICYDB_MLS_TYPES_H_
#define _SEPOL_POLICYDB_MLS_TYPES_H_
+#include <errno.h>
#include <stdint.h>
#include <stdlib.h>
+#include <sys/param.h>
#include <sepol/policydb/ebitmap.h>
#include <sepol/policydb/flask_types.h>
@@ -48,6 +50,30 @@
mls_level_t level[2]; /* low == level[0], high == level[1] */
} mls_range_t;
+static inline int mls_range_glblub(struct mls_range *dst, struct mls_range *r1, struct mls_range *r2)
+{
+ if (r1->level[1].sens < r2->level[0].sens || r2->level[1].sens < r1->level[0].sens) {
+ /* These ranges have no common sensitivities */
+ return -EINVAL;
+ }
+
+ /* Take the greatest of the low */
+ dst->level[0].sens = MAX(r1->level[0].sens, r2->level[0].sens);
+ /* Take the least of the high */
+ dst->level[1].sens = MIN(r1->level[1].sens, r2->level[1].sens);
+
+ if (ebitmap_and(&dst->level[0].cat, &r1->level[0].cat, &r2->level[0].cat) < 0) {
+ return -1;
+ }
+
+ if (ebitmap_and(&dst->level[1].cat, &r1->level[1].cat, &r2->level[1].cat) < 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+
static inline int mls_level_cpy(struct mls_level *dst, struct mls_level *src)
{
diff --git a/libsepol/include/sepol/policydb/policydb.h b/libsepol/include/sepol/policydb/policydb.h
index c5b88b4..36e5137 100644
--- a/libsepol/include/sepol/policydb/policydb.h
+++ b/libsepol/include/sepol/policydb/policydb.h
@@ -130,6 +130,7 @@
#define DEFAULT_TARGET_LOW 4
#define DEFAULT_TARGET_HIGH 5
#define DEFAULT_TARGET_LOW_HIGH 6
+#define DEFAULT_GLBLUB 7
char default_range;
} class_datum_t;
@@ -636,6 +637,8 @@
extern int policydb_reindex_users(policydb_t * p);
+extern int policydb_optimize(policydb_t * p);
+
extern void policydb_destroy(policydb_t * p);
extern int policydb_load_isids(policydb_t * p, sidtab_t * s);
@@ -739,10 +742,11 @@
#define POLICYDB_VERSION_XEN_DEVICETREE 30 /* Xen-specific */
#define POLICYDB_VERSION_XPERMS_IOCTL 30 /* Linux-specific */
#define POLICYDB_VERSION_INFINIBAND 31 /* Linux-specific */
+#define POLICYDB_VERSION_GLBLUB 32
/* Range of policy versions we understand*/
#define POLICYDB_VERSION_MIN POLICYDB_VERSION_BASE
-#define POLICYDB_VERSION_MAX POLICYDB_VERSION_INFINIBAND
+#define POLICYDB_VERSION_MAX POLICYDB_VERSION_GLBLUB
/* Module versions and specific changes*/
#define MOD_POLICYDB_VERSION_BASE 4
@@ -763,9 +767,10 @@
#define MOD_POLICYDB_VERSION_CONSTRAINT_NAMES 17
#define MOD_POLICYDB_VERSION_XPERMS_IOCTL 18
#define MOD_POLICYDB_VERSION_INFINIBAND 19
+#define MOD_POLICYDB_VERSION_GLBLUB 20
#define MOD_POLICYDB_VERSION_MIN MOD_POLICYDB_VERSION_BASE
-#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_INFINIBAND
+#define MOD_POLICYDB_VERSION_MAX MOD_POLICYDB_VERSION_GLBLUB
#define POLICYDB_CONFIG_MLS 1
diff --git a/libsepol/include/sepol/policydb/services.h b/libsepol/include/sepol/policydb/services.h
index 6ef27a8..048f8a5 100644
--- a/libsepol/include/sepol/policydb/services.h
+++ b/libsepol/include/sepol/policydb/services.h
@@ -30,12 +30,6 @@
extern int sepol_set_policydb(policydb_t * p);
extern int sepol_set_sidtab(sidtab_t * s);
-/* Modify a policydb for boolean settings. */
-int sepol_genbools_policydb(policydb_t * policydb, const char *booleans);
-
-/* Modify a policydb for user settings. */
-int sepol_genusers_policydb(policydb_t * policydb, const char *usersdir);
-
/* Load the security policy. This initializes the policydb
and sidtab based on the provided binary policy. */
extern int sepol_load_policy(void *data, size_t len);
@@ -66,7 +60,7 @@
/*
* Same as above, but also returns the constraint expression calculations
* whether allowed or denied in a buffer. This buffer is allocated by
- * this call and must be free'd by the caller using free(3). The contraint
+ * this call and must be free'd by the caller using free(3). The constraint
* buffer will contain any constraints in infix notation.
* If the SHOW_GRANTED flag is set it will show granted and denied
* constraints. The default is to show only denied constraints.
diff --git a/libsepol/include/sepol/users.h b/libsepol/include/sepol/users.h
index ad23f89..70158ac 100644
--- a/libsepol/include/sepol/users.h
+++ b/libsepol/include/sepol/users.h
@@ -10,23 +10,12 @@
extern "C" {
#endif
-/*---------compatibility------------*/
-
-/* Given an existing binary policy (starting at 'data with length 'len')
- and user configurations living in 'usersdir', generate a new binary
- policy for the new user configurations. Sets '*newdata' and '*newlen'
- to refer to the new binary policy image. */
+/* These two functions are deprecated. See src/deprecated_funcs.c */
extern int sepol_genusers(void *data, size_t len,
const char *usersdir,
void **newdata, size_t * newlen);
-
-/* Enable or disable deletion of users by sepol_genusers(3) when
- a user in original binary policy image is not defined by the
- new user configurations. Defaults to disabled. */
extern void sepol_set_delusers(int on);
-/*--------end compatibility----------*/
-
/* Modify the user, or add it, if the key is not found */
extern int sepol_user_modify(sepol_handle_t * handle,
sepol_policydb_t * policydb,
diff --git a/libsepol/man/man3/sepol_genbools.3 b/libsepol/man/man3/sepol_genbools.3
deleted file mode 100644
index 5363383..0000000
--- a/libsepol/man/man3/sepol_genbools.3
+++ /dev/null
@@ -1,30 +0,0 @@
-.TH "sepol_genbools" "3" "11 August 2004" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation"
-.SH "NAME"
-sepol_genbools \- Rewrite a binary policy with different boolean settings
-.SH "SYNOPSIS"
-.B #include <sepol/sepol.h>
-.sp
-.BI "int sepol_genbools(void *" data ", size_t "len ", const char *" boolpath );
-.br
-.BI "int sepol_genbools_array(void *" data ", size_t " len ", char **" names ", int *" values ", int " nel );
-
-.SH "DESCRIPTION"
-.B sepol_genbools
-rewrites a binary policy stored in the memory region described by
-(data, len) to use the boolean settings specified in the file named by
-boolpath. The boolean settings are specified by name=value lines
-where value may be 0 or false to disable or 1 or true to enable. The
-binary policy is rewritten in place in memory.
-
-.B sepol_genbools_array
-does likewise, but obtains the boolean settings from the parallel arrays
-(names, values) with nel elements each.
-
-.SH "RETURN VALUE"
-Returns 0 on success or \-1 otherwise, with errno set appropriately.
-An errno of ENOENT indicates that the boolean file did not exist.
-An errno of EINVAL indicates that one or more booleans listed in the
-boolean file was undefined in the policy or had an invalid value specified;
-in this case, the binary policy is still rewritten but any invalid
-boolean settings are ignored.
-
diff --git a/libsepol/man/man3/sepol_genusers.3 b/libsepol/man/man3/sepol_genusers.3
deleted file mode 100644
index 1f820ff..0000000
--- a/libsepol/man/man3/sepol_genusers.3
+++ /dev/null
@@ -1,54 +0,0 @@
-.TH "sepol_genusers" "3" "15 March 2005" "sds@tycho.nsa.gov" "SE Linux binary policy API documentation"
-.SH "NAME"
-sepol_genusers \- Generate a new binary policy image with a customized user configuration
-.SH "SYNOPSIS"
-.B #include <sepol/sepol.h>
-.sp
-.BI "int sepol_genusers(void *" data ", size_t "len ", const char *" usersdir ", void *" newdata ", size_t *" newlen);
-.sp
-.BI "void sepol_set_delusers(int " on ");"
-
-.SH "DESCRIPTION"
-.B sepol_genusers
-generates a new binary policy image from
-an existing binary policy image stored in the memory region described by
-the starting address
-.I data
-and the length
-.I len
-and a pair of user configuration files named
-.B system.users
-and
-.B local.users
-from the directory specified by
-.I usersdir.
-The resulting binary policy is placed into dynamically allocated
-memory and the variables
-.I newdata
-and
-.I newlen
-are set to refer to the new binary image's starting address and length.
-The original binary policy image is not modified.
-
-By default,
-.B sepol_genusers
-will preserve user entries that are defined in the original binary policy image
-but not defined in the user configuration files. If such user entries
-should instead by omitted entirely from the new binary policy image, then
-the
-.B sepol_set_delusers
-function may be called with
-.I on
-set to 1 prior to calling
-.B sepol_genusers
-in order to enable deletion of such users.
-
-.SH "RETURN VALUE"
-Returns 0 on success or \-1 otherwise, with errno set appropriately.
-An errno of ENOENT indicates that one or both of the user
-configuration files did not exist. An errno of EINVAL indicates that
-either the original binary policy image or the generated one were
-invalid. An errno of ENOMEM indicates that insufficient memory was
-available to process the original binary policy image or to generate
-the new policy image. Invalid entries in the user configuration files
-are skipped with a warning.
diff --git a/libsepol/src/avrule_block.c b/libsepol/src/avrule_block.c
index 5a873af..a9832d0 100644
--- a/libsepol/src/avrule_block.c
+++ b/libsepol/src/avrule_block.c
@@ -157,7 +157,7 @@
scope_datum_t *scope =
(scope_datum_t *) hashtab_search(p->scope[symbol_table].table, id);
avrule_decl_t *decl;
- uint32_t len = scope->decl_ids_len;
+ uint32_t len;
if (scope == NULL) {
return 0;
@@ -166,6 +166,7 @@
return 0;
}
+ len = scope->decl_ids_len;
if (len < 1) {
return 0;
}
diff --git a/libsepol/src/conditional.c b/libsepol/src/conditional.c
index 2883aeb..823b649 100644
--- a/libsepol/src/conditional.c
+++ b/libsepol/src/conditional.c
@@ -359,7 +359,7 @@
ne = NULL;
e = cn->expr;
- /* becuase it's RPN look at last element */
+ /* because it's RPN look at last element */
while (e->next != NULL) {
ne = e;
e = e->next;
diff --git a/libsepol/src/context.c b/libsepol/src/context.c
index a88937f..e81b28c 100644
--- a/libsepol/src/context.c
+++ b/libsepol/src/context.c
@@ -38,7 +38,6 @@
role_datum_t *role;
user_datum_t *usrdatum;
ebitmap_t types, roles;
- int ret = 1;
ebitmap_init(&types);
ebitmap_init(&roles);
@@ -75,7 +74,7 @@
if (!mls_context_isvalid(p, c))
return 0;
- return ret;
+ return 1;
}
/*
diff --git a/libsepol/src/deprecated_funcs.c b/libsepol/src/deprecated_funcs.c
new file mode 100644
index 0000000..d0dab7d
--- /dev/null
+++ b/libsepol/src/deprecated_funcs.c
@@ -0,0 +1,50 @@
+#include <stdio.h>
+#include "debug.h"
+
+/*
+ * Need to keep these stubs for the libsepol interfaces exported in
+ * libsepol.map.in, as they are part of the shared library ABI.
+ */
+
+static const char *msg = "Deprecated interface";
+
+/*
+ * These two functions are deprecated and referenced in:
+ * include/libsepol/users.h
+ */
+int sepol_genusers(void *data __attribute((unused)),
+ size_t len __attribute((unused)),
+ const char *usersdir __attribute((unused)),
+ void **newdata __attribute((unused)),
+ size_t *newlen __attribute((unused)))
+{
+ WARN(NULL, "%s", msg);
+ return -1;
+}
+
+void sepol_set_delusers(int on __attribute((unused)))
+{
+ WARN(NULL, "%s", msg);
+}
+
+/*
+ * These two functions are deprecated and referenced in:
+ * include/libsepol/booleans.h
+ */
+int sepol_genbools(void *data __attribute((unused)),
+ size_t len __attribute((unused)),
+ const char *booleans __attribute((unused)))
+{
+ WARN(NULL, "%s", msg);
+ return -1;
+}
+
+int sepol_genbools_array(void *data __attribute((unused)),
+ size_t len __attribute((unused)),
+ char **names __attribute((unused)),
+ int *values __attribute((unused)),
+ int nel __attribute((unused)))
+{
+ WARN(NULL, "%s", msg);
+ return -1;
+}
diff --git a/libsepol/src/ebitmap.c b/libsepol/src/ebitmap.c
index 76e6e41..6c9951b 100644
--- a/libsepol/src/ebitmap.c
+++ b/libsepol/src/ebitmap.c
@@ -455,7 +455,7 @@
}
if (count && l->startbit + MAPSIZE != e->highbit) {
printf
- ("security: ebitmap: hight bit %u has not the expected value %zu\n",
+ ("security: ebitmap: high bit %u has not the expected value %zu\n",
e->highbit, l->startbit + MAPSIZE);
goto bad;
}
diff --git a/libsepol/src/genbools.c b/libsepol/src/genbools.c
deleted file mode 100644
index d4a2df6..0000000
--- a/libsepol/src/genbools.c
+++ /dev/null
@@ -1,279 +0,0 @@
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-
-#include <sepol/policydb/policydb.h>
-#include <sepol/policydb/conditional.h>
-
-#include "debug.h"
-#include "private.h"
-#include "dso.h"
-
-/* -- Deprecated -- */
-
-static char *strtrim(char *dest, char *source, int size)
-{
- int i = 0;
- char *ptr = source;
- i = 0;
- while (isspace(*ptr) && i < size) {
- ptr++;
- i++;
- }
- strncpy(dest, ptr, size);
- for (i = strlen(dest) - 1; i > 0; i--) {
- if (!isspace(dest[i]))
- break;
- }
- dest[i + 1] = '\0';
- return dest;
-}
-
-static int process_boolean(char *buffer, char *name, int namesize, int *val)
-{
- char name1[BUFSIZ];
- char *ptr = NULL;
- char *tok;
-
- /* Skip spaces */
- while (isspace(buffer[0]))
- buffer++;
- /* Ignore comments */
- if (buffer[0] == '#')
- return 0;
-
- tok = strtok_r(buffer, "=", &ptr);
- if (!tok) {
- ERR(NULL, "illegal boolean definition %s", buffer);
- return -1;
- }
- strncpy(name1, tok, BUFSIZ - 1);
- strtrim(name, name1, namesize - 1);
-
- tok = strtok_r(NULL, "\0", &ptr);
- if (!tok) {
- ERR(NULL, "illegal boolean definition %s=%s", name, buffer);
- return -1;
- }
-
- while (isspace(*tok))
- tok++;
-
- *val = -1;
- if (isdigit(tok[0]))
- *val = atoi(tok);
- else if (!strncasecmp(tok, "true", sizeof("true") - 1))
- *val = 1;
- else if (!strncasecmp(tok, "false", sizeof("false") - 1))
- *val = 0;
- if (*val != 0 && *val != 1) {
- ERR(NULL, "illegal value for boolean %s=%s", name, tok);
- return -1;
- }
- return 1;
-}
-
-static int load_booleans(struct policydb *policydb, const char *path,
- int *changesp)
-{
- FILE *boolf;
- char *buffer = NULL;
- char localbools[BUFSIZ];
- char name[BUFSIZ];
- int val;
- int errors = 0, changes = 0;
- struct cond_bool_datum *datum;
-
- boolf = fopen(path, "r");
- if (boolf == NULL)
- goto localbool;
-
-#ifdef __APPLE__
- if ((buffer = (char *)malloc(255 * sizeof(char))) == NULL) {
- ERR(NULL, "out of memory");
- return -1;
- }
-
- while(fgets(buffer, 255, boolf) != NULL) {
-#else
- size_t size = 0;
- while (getline(&buffer, &size, boolf) > 0) {
-#endif
- int ret = process_boolean(buffer, name, sizeof(name), &val);
- if (ret == -1)
- errors++;
- if (ret == 1) {
- datum = hashtab_search(policydb->p_bools.table, name);
- if (!datum) {
- ERR(NULL, "unknown boolean %s", name);
- errors++;
- continue;
- }
- if (datum->state != val) {
- datum->state = val;
- changes++;
- }
- }
- }
- fclose(boolf);
- localbool:
- snprintf(localbools, sizeof(localbools), "%s.local", path);
- boolf = fopen(localbools, "r");
- if (boolf != NULL) {
-
-#ifdef __APPLE__
-
- while(fgets(buffer, 255, boolf) != NULL) {
-#else
-
- while (getline(&buffer, &size, boolf) > 0) {
-#endif
- int ret =
- process_boolean(buffer, name, sizeof(name), &val);
- if (ret == -1)
- errors++;
- if (ret == 1) {
- datum =
- hashtab_search(policydb->p_bools.table,
- name);
- if (!datum) {
- ERR(NULL, "unknown boolean %s", name);
- errors++;
- continue;
- }
- if (datum->state != val) {
- datum->state = val;
- changes++;
- }
- }
- }
- fclose(boolf);
- }
- free(buffer);
- if (errors)
- errno = EINVAL;
- *changesp = changes;
- return errors ? -1 : 0;
-}
-
-int sepol_genbools(void *data, size_t len, const char *booleans)
-{
- struct policydb policydb;
- struct policy_file pf;
- int rc, changes = 0;
-
- if (policydb_init(&policydb))
- goto err;
- if (policydb_from_image(NULL, data, len, &policydb) < 0)
- goto err;
-
- if (load_booleans(&policydb, booleans, &changes) < 0) {
- WARN(NULL, "error while reading %s", booleans);
- }
-
- if (!changes)
- goto out;
-
- if (evaluate_conds(&policydb) < 0) {
- ERR(NULL, "error while re-evaluating conditionals");
- errno = EINVAL;
- goto err_destroy;
- }
-
- policy_file_init(&pf);
- pf.type = PF_USE_MEMORY;
- pf.data = data;
- pf.len = len;
- rc = policydb_write(&policydb, &pf);
- if (rc) {
- ERR(NULL, "unable to write new binary policy image");
- errno = EINVAL;
- goto err_destroy;
- }
-
- out:
- policydb_destroy(&policydb);
- return 0;
-
- err_destroy:
- policydb_destroy(&policydb);
-
- err:
- return -1;
-}
-
-int hidden sepol_genbools_policydb(policydb_t * policydb, const char *booleans)
-{
- int rc, changes = 0;
-
- rc = load_booleans(policydb, booleans, &changes);
- if (!rc && changes)
- rc = evaluate_conds(policydb);
- if (rc)
- errno = EINVAL;
- return rc;
-}
-
-/* -- End Deprecated -- */
-
-int sepol_genbools_array(void *data, size_t len, char **names, int *values,
- int nel)
-{
- struct policydb policydb;
- struct policy_file pf;
- int rc, i, errors = 0;
- struct cond_bool_datum *datum;
-
- /* Create policy database from image */
- if (policydb_init(&policydb))
- goto err;
- if (policydb_from_image(NULL, data, len, &policydb) < 0)
- goto err;
-
- for (i = 0; i < nel; i++) {
- datum = hashtab_search(policydb.p_bools.table, names[i]);
- if (!datum) {
- ERR(NULL, "boolean %s no longer in policy", names[i]);
- errors++;
- continue;
- }
- if (values[i] != 0 && values[i] != 1) {
- ERR(NULL, "illegal value %d for boolean %s",
- values[i], names[i]);
- errors++;
- continue;
- }
- datum->state = values[i];
- }
-
- if (evaluate_conds(&policydb) < 0) {
- ERR(NULL, "error while re-evaluating conditionals");
- errno = EINVAL;
- goto err_destroy;
- }
-
- policy_file_init(&pf);
- pf.type = PF_USE_MEMORY;
- pf.data = data;
- pf.len = len;
- rc = policydb_write(&policydb, &pf);
- if (rc) {
- ERR(NULL, "unable to write binary policy");
- errno = EINVAL;
- goto err_destroy;
- }
- if (errors) {
- errno = EINVAL;
- goto err_destroy;
- }
-
- policydb_destroy(&policydb);
- return 0;
-
- err_destroy:
- policydb_destroy(&policydb);
-
- err:
- return -1;
-}
diff --git a/libsepol/src/genusers.c b/libsepol/src/genusers.c
deleted file mode 100644
index c375c66..0000000
--- a/libsepol/src/genusers.c
+++ /dev/null
@@ -1,343 +0,0 @@
-#include <stdio.h>
-
-#include <stdlib.h>
-#include <ctype.h>
-#include <errno.h>
-#include <limits.h>
-
-#include <sepol/policydb/policydb.h>
-
-#ifndef __APPLE__
-#include <stdio_ext.h>
-#endif
-
-#include <stdarg.h>
-
-#include "debug.h"
-#include "private.h"
-#include "dso.h"
-#include "mls.h"
-
-/* -- Deprecated -- */
-
-void sepol_set_delusers(int on __attribute((unused)))
-{
- WARN(NULL, "Deprecated interface");
-}
-
-#undef BADLINE
-#define BADLINE() { \
- ERR(NULL, "invalid entry %s (%s:%u)", \
- buffer, path, lineno); \
- continue; \
-}
-
-static int load_users(struct policydb *policydb, const char *path)
-{
- FILE *fp;
- char *buffer = NULL, *p, *q, oldc;
- ssize_t nread;
- unsigned lineno = 0, islist = 0, bit;
- user_datum_t *usrdatum;
- role_datum_t *roldatum;
- ebitmap_node_t *rnode;
-
- fp = fopen(path, "r");
- if (fp == NULL)
- return -1;
-
-#ifdef __APPLE__
- if ((buffer = (char *)malloc(255 * sizeof(char))) == NULL) {
- ERR(NULL, "out of memory");
- return -1;
- }
-
- while(fgets(buffer, 255, fp) != NULL) {
- nread = strlen(buffer);
-#else
- size_t len = 0;
- __fsetlocking(fp, FSETLOCKING_BYCALLER);
- while ((nread = getline(&buffer, &len, fp)) > 0) {
-#endif
-
- lineno++;
- if (buffer[nread - 1] == '\n')
- buffer[nread - 1] = 0;
- p = buffer;
- while (*p && isspace(*p))
- p++;
- if (!(*p) || *p == '#')
- continue;
-
- if (strncasecmp(p, "user", 4))
- BADLINE();
- p += 4;
- if (!isspace(*p))
- BADLINE();
- while (*p && isspace(*p))
- p++;
- if (!(*p))
- BADLINE();
- q = p;
- while (*p && !isspace(*p))
- p++;
- if (!(*p))
- BADLINE();
- *p++ = 0;
-
- usrdatum = hashtab_search(policydb->p_users.table, q);
- if (usrdatum) {
- /* Replacing an existing user definition. */
- ebitmap_destroy(&usrdatum->roles.roles);
- ebitmap_init(&usrdatum->roles.roles);
- } else {
- char *id = strdup(q);
-
- if (!id) {
- ERR(NULL, "out of memory");
- free(buffer);
- fclose(fp);
- return -1;
- }
-
- /* Adding a new user definition. */
- usrdatum = malloc(sizeof(user_datum_t));
- if (!usrdatum) {
- ERR(NULL, "out of memory");
- free(buffer);
- free(id);
- fclose(fp);
- return -1;
- }
-
- user_datum_init(usrdatum);
- usrdatum->s.value = ++policydb->p_users.nprim;
- if (hashtab_insert(policydb->p_users.table,
- id, (hashtab_datum_t) usrdatum)) {
- ERR(NULL, "out of memory");
- free(buffer);
- free(id);
- user_datum_destroy(usrdatum);
- free(usrdatum);
- fclose(fp);
- return -1;
- }
- }
-
- while (*p && isspace(*p))
- p++;
- if (!(*p))
- BADLINE();
- if (strncasecmp(p, "roles", 5))
- BADLINE();
- p += 5;
- if (!isspace(*p))
- BADLINE();
- while (*p && isspace(*p))
- p++;
- if (!(*p))
- BADLINE();
- if (*p == '{') {
- islist = 1;
- p++;
- } else
- islist = 0;
-
- oldc = 0;
- do {
- while (*p && isspace(*p))
- p++;
- if (!(*p))
- break;
-
- q = p;
- while (*p && *p != ';' && *p != '}' && !isspace(*p))
- p++;
- if (!(*p))
- break;
- if (*p == '}')
- islist = 0;
- oldc = *p;
- *p++ = 0;
- if (!q[0])
- break;
-
- roldatum = hashtab_search(policydb->p_roles.table, q);
- if (!roldatum) {
- ERR(NULL, "undefined role %s (%s:%u)",
- q, path, lineno);
- continue;
- }
- /* Set the role and every role it dominates */
- ebitmap_for_each_positive_bit(&roldatum->dominates, rnode, bit) {
- if (ebitmap_set_bit
- (&usrdatum->roles.roles, bit, 1)) {
- ERR(NULL, "out of memory");
- free(buffer);
- fclose(fp);
- return -1;
- }
- }
- } while (islist);
- if (oldc == 0)
- BADLINE();
-
- if (policydb->mls) {
- context_struct_t context;
- char *scontext, *r, *s;
-
- while (*p && isspace(*p))
- p++;
- if (!(*p))
- BADLINE();
- if (strncasecmp(p, "level", 5))
- BADLINE();
- p += 5;
- if (!isspace(*p))
- BADLINE();
- while (*p && isspace(*p))
- p++;
- if (!(*p))
- BADLINE();
- q = p;
- while (*p && (!isspace(*p) || strncasecmp(p + 1, "range", 5)))
- p++;
- if (!(*p) || p == q)
- BADLINE();
- *p = 0;
- p++;
-
- scontext = malloc(p - q);
- if (!scontext) {
- ERR(NULL, "out of memory");
- free(buffer);
- fclose(fp);
- return -1;
- }
- r = scontext;
- s = q;
- while (*s) {
- if (!isspace(*s))
- *r++ = *s;
- s++;
- }
- *r = 0;
- r = scontext;
-
- context_init(&context);
- if (mls_context_to_sid(policydb, oldc, &r, &context) <
- 0) {
- ERR(NULL, "invalid level %s (%s:%u)", scontext,
- path, lineno);
- free(scontext);
- continue;
-
- }
- free(scontext);
- memcpy(&usrdatum->dfltlevel, &context.range.level[0],
- sizeof(usrdatum->dfltlevel));
-
- if (strncasecmp(p, "range", 5))
- BADLINE();
- p += 5;
- if (!isspace(*p))
- BADLINE();
- while (*p && isspace(*p))
- p++;
- if (!(*p))
- BADLINE();
- q = p;
- while (*p && *p != ';')
- p++;
- if (!(*p))
- BADLINE();
- *p++ = 0;
-
- scontext = malloc(p - q);
- if (!scontext) {
- ERR(NULL, "out of memory");
- free(buffer);
- fclose(fp);
- return -1;
- }
- r = scontext;
- s = q;
- while (*s) {
- if (!isspace(*s))
- *r++ = *s;
- s++;
- }
- *r = 0;
- r = scontext;
-
- context_init(&context);
- if (mls_context_to_sid(policydb, oldc, &r, &context) <
- 0) {
- ERR(NULL, "invalid range %s (%s:%u)", scontext,
- path, lineno);
- free(scontext);
- continue;
- }
- free(scontext);
- memcpy(&usrdatum->range, &context.range,
- sizeof(usrdatum->range));
- }
- }
-
- free(buffer);
- fclose(fp);
- return 0;
-}
-
-int sepol_genusers(void *data, size_t len,
- const char *usersdir, void **newdata, size_t * newlen)
-{
- struct policydb policydb;
- char path[PATH_MAX];
-
- /* Construct policy database */
- if (policydb_init(&policydb))
- goto err;
- if (policydb_from_image(NULL, data, len, &policydb) < 0)
- goto err;
-
- /* Load locally defined users. */
- snprintf(path, sizeof path, "%s/local.users", usersdir);
- if (load_users(&policydb, path) < 0)
- goto err_destroy;
-
- /* Write policy database */
- if (policydb_to_image(NULL, &policydb, newdata, newlen) < 0)
- goto err_destroy;
-
- policydb_destroy(&policydb);
- return 0;
-
- err_destroy:
- policydb_destroy(&policydb);
-
- err:
- return -1;
-}
-
-int hidden sepol_genusers_policydb(policydb_t * policydb, const char *usersdir)
-{
- char path[PATH_MAX];
-
- /* Load locally defined users. */
- snprintf(path, sizeof path, "%s/local.users", usersdir);
- if (load_users(policydb, path) < 0) {
- ERR(NULL, "unable to load local.users: %s", strerror(errno));
- return -1;
- }
-
- if (policydb_reindex_users(policydb) < 0) {
- ERR(NULL, "unable to reindex users: %s", strerror(errno));
- return -1;
-
- }
-
- return 0;
-}
-
-/* -- End Deprecated -- */
diff --git a/libsepol/src/kernel_to_cil.c b/libsepol/src/kernel_to_cil.c
index 320af37..ca2e4a9 100644
--- a/libsepol/src/kernel_to_cil.c
+++ b/libsepol/src/kernel_to_cil.c
@@ -108,10 +108,12 @@
return str;
exit:
- while ((new_val = strs_stack_pop(stack)) != NULL) {
- free(new_val);
+ if (stack) {
+ while ((new_val = strs_stack_pop(stack)) != NULL) {
+ free(new_val);
+ }
+ strs_stack_destroy(&stack);
}
- strs_stack_destroy(&stack);
return NULL;
}
@@ -251,10 +253,12 @@
return str;
exit:
- while ((new_val = strs_stack_pop(stack)) != NULL) {
- free(new_val);
+ if (stack) {
+ while ((new_val = strs_stack_pop(stack)) != NULL) {
+ free(new_val);
+ }
+ strs_stack_destroy(&stack);
}
- strs_stack_destroy(&stack);
return NULL;
}
@@ -698,6 +702,9 @@
case DEFAULT_TARGET_LOW_HIGH:
dft = "target low-high";
break;
+ case DEFAULT_GLBLUB:
+ dft = "glblub";
+ break;
default:
sepol_log_err("Unknown default type value: %i", class->default_range);
return -1;
diff --git a/libsepol/src/kernel_to_conf.c b/libsepol/src/kernel_to_conf.c
index 4f84ee8..b496616 100644
--- a/libsepol/src/kernel_to_conf.c
+++ b/libsepol/src/kernel_to_conf.c
@@ -106,10 +106,12 @@
return str;
exit:
- while ((new_val = strs_stack_pop(stack)) != NULL) {
- free(new_val);
+ if (stack) {
+ while ((new_val = strs_stack_pop(stack)) != NULL) {
+ free(new_val);
+ }
+ strs_stack_destroy(&stack);
}
- strs_stack_destroy(&stack);
return NULL;
}
@@ -247,10 +249,12 @@
return str;
exit:
- while ((new_val = strs_stack_pop(stack)) != NULL) {
- free(new_val);
+ if (stack) {
+ while ((new_val = strs_stack_pop(stack)) != NULL) {
+ free(new_val);
+ }
+ strs_stack_destroy(&stack);
}
- strs_stack_destroy(&stack);
return NULL;
}
@@ -448,8 +452,12 @@
if (i < num_sids) {
sid = (char *)sid_to_str[i];
} else {
- snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
+ snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
sid = strdup(unknown);
+ if (!sid) {
+ rc = -1;
+ goto exit;
+ }
}
rc = strs_add_at_index(strs, sid, i);
if (rc != 0) {
@@ -669,6 +677,9 @@
case DEFAULT_TARGET_LOW_HIGH:
dft = "target low-high";
break;
+ case DEFAULT_GLBLUB:
+ dft = "glblub";
+ break;
default:
sepol_log_err("Unknown default type value: %i", class->default_range);
return -1;
@@ -792,6 +803,10 @@
j = level->level->sens - 1;
if (!sens_alias_map[j]) {
sens_alias_map[j] = strdup(name);
+ if (!sens_alias_map[j]) {
+ rc = -1;
+ goto exit;
+ }
} else {
alias = sens_alias_map[j];
sens_alias_map[j] = create_str("%s %s", 2, alias, name);
@@ -919,6 +934,10 @@
j = cat->s.value - 1;
if (!cat_alias_map[j]) {
cat_alias_map[j] = strdup(name);
+ if (!cat_alias_map[j]) {
+ rc = -1;
+ goto exit;
+ }
} else {
alias = cat_alias_map[j];
cat_alias_map[j] = create_str("%s %s", 2, alias, name);
@@ -2364,7 +2383,7 @@
if (i < num_sids) {
sid = (char *)sid_to_str[i];
} else {
- snprintf(unknown, 18, "%s%u", "UNKNOWN", i);
+ snprintf(unknown, sizeof(unknown), "%s%u", "UNKNOWN", i);
sid = unknown;
}
diff --git a/libsepol/src/libsepol.map.in b/libsepol/src/libsepol.map.in
index d879016..f4946a7 100644
--- a/libsepol/src/libsepol.map.in
+++ b/libsepol/src/libsepol.map.in
@@ -59,3 +59,8 @@
sepol_polcap_getnum;
sepol_polcap_getname;
} LIBSEPOL_1.0;
+
+LIBSEPOL_3.0 {
+ global:
+ sepol_policydb_optimize;
+} LIBSEPOL_1.1;
diff --git a/libsepol/src/link.c b/libsepol/src/link.c
index 0ded480..83bbc8a 100644
--- a/libsepol/src/link.c
+++ b/libsepol/src/link.c
@@ -65,7 +65,7 @@
char *dest_class_name;
char dest_class_req; /* flag indicating the class was not declared */
uint32_t symbol_num;
- /* used to report the name of the module if dependancy error occurs */
+ /* used to report the name of the module if dependency error occurs */
policydb_t **decl_to_mod;
/* error reporting fields */
@@ -2172,7 +2172,7 @@
* decl. If the block has an else decl, enable.
*
* This will correctly handle all dependencies, including mutual and
- * cicular. The only downside is that it is slow.
+ * circular. The only downside is that it is slow.
*/
static int enable_avrules(link_state_t * state, policydb_t * pol)
{
diff --git a/libsepol/src/mls.c b/libsepol/src/mls.c
index 63ad1bc..6ff9a84 100644
--- a/libsepol/src/mls.c
+++ b/libsepol/src/mls.c
@@ -643,6 +643,8 @@
return mls_context_cpy_high(newcontext, tcontext);
case DEFAULT_TARGET_LOW_HIGH:
return mls_context_cpy(newcontext, tcontext);
+ case DEFAULT_GLBLUB:
+ return mls_context_glblub(newcontext, scontext, tcontext);
}
/* Fallthrough */
diff --git a/libsepol/src/module.c b/libsepol/src/module.c
index 219355f..3b8a0a5 100644
--- a/libsepol/src/module.c
+++ b/libsepol/src/module.c
@@ -124,8 +124,10 @@
return -1;
rc = module_package_init(*p);
- if (rc < 0)
+ if (rc < 0) {
free(*p);
+ *p = NULL;
+ }
return rc;
}
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index da62c8a..e20c3d4 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -54,6 +54,7 @@
#include "kernel_to_common.h"
#include "private.h"
+#include "module_internal.h"
#ifdef __GNUC__
# define UNUSED(x) UNUSED_ ## x __attribute__((__unused__))
@@ -1322,7 +1323,7 @@
// length = length of parameters +
// length of operator +
- // 1 space preceeding each parameter +
+ // 1 space preceding each parameter +
// 2 parens around the whole expression
// + null terminator
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
@@ -1852,7 +1853,7 @@
// length = length of parameters +
// length of operator +
- // 1 space preceeding each parameter +
+ // 1 space preceding each parameter +
// 2 parens around the whole expression
// + null terminator
len = strlen(val1) + strlen(val2) + strlen(op) + (num_params * 1) + 2 + 1;
@@ -2032,6 +2033,7 @@
case DEFAULT_TARGET_LOW: dflt = "target low"; break;
case DEFAULT_TARGET_HIGH: dflt = "target high"; break;
case DEFAULT_TARGET_LOW_HIGH: dflt = "target low-high"; break;
+ case DEFAULT_GLBLUB: dflt = "glblub"; break;
default:
log_err("Unknown default range value: %i", class->default_range);
rc = -1;
diff --git a/libsepol/src/optimize.c b/libsepol/src/optimize.c
new file mode 100644
index 0000000..1e5e97e
--- /dev/null
+++ b/libsepol/src/optimize.c
@@ -0,0 +1,378 @@
+/*
+ * Author: Ondrej Mosnacek <omosnacek@gmail.com>
+ *
+ * Copyright (C) 2019 Red Hat Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+/*
+ * Binary policy optimization.
+ *
+ * Defines the policydb_optimize() function, which finds and removes
+ * redundant rules from the binary policy to reduce its size and potentially
+ * improve rule matching times. Only rules that are already covered by a
+ * more general rule are removed. The resulting policy is functionally
+ * equivalent to the original one.
+ */
+
+#include <sepol/policydb/policydb.h>
+#include <sepol/policydb/conditional.h>
+
+/* builds map: type/attribute -> {all attributes that are a superset of it} */
+static ebitmap_t *build_type_map(const policydb_t *p)
+{
+ unsigned int i, k;
+ ebitmap_t *map = malloc(p->p_types.nprim * sizeof(ebitmap_t));
+ if (!map)
+ return NULL;
+
+ for (i = 0; i < p->p_types.nprim; i++) {
+ if (p->type_val_to_struct[i] &&
+ p->type_val_to_struct[i]->flavor != TYPE_ATTRIB) {
+ if (ebitmap_cpy(&map[i], &p->type_attr_map[i]))
+ goto err;
+ } else {
+ ebitmap_t *types_i = &p->attr_type_map[i];
+
+ ebitmap_init(&map[i]);
+ for (k = 0; k < p->p_types.nprim; k++) {
+ ebitmap_t *types_k = &p->attr_type_map[k];
+
+ if (ebitmap_contains(types_k, types_i)) {
+ if (ebitmap_set_bit(&map[i], k, 1))
+ goto err;
+ }
+ }
+ }
+ }
+ return map;
+err:
+ for (k = 0; k <= i; k++)
+ ebitmap_destroy(&map[k]);
+ free(map);
+ return NULL;
+}
+
+static void destroy_type_map(const policydb_t *p, ebitmap_t *type_map)
+{
+ unsigned int i;
+ for (i = 0; i < p->p_types.nprim; i++)
+ ebitmap_destroy(&type_map[i]);
+ free(type_map);
+}
+
+static int process_xperms(uint32_t *p1, const uint32_t *p2)
+{
+ size_t i;
+ int ret = 1;
+
+ for (i = 0; i < EXTENDED_PERMS_LEN; i++) {
+ p1[i] &= ~p2[i];
+ if (p1[i] != 0)
+ ret = 0;
+ }
+ return ret;
+}
+
+static int process_avtab_datum(uint16_t specified,
+ avtab_datum_t *d1, const avtab_datum_t *d2)
+{
+ /* inverse logic needed for AUDITDENY rules */
+ if (specified & AVTAB_AUDITDENY)
+ return (d1->data |= ~d2->data) == UINT32_C(0xFFFFFFFF);
+
+ if (specified & AVTAB_AV)
+ return (d1->data &= ~d2->data) == 0;
+
+ if (specified & AVTAB_XPERMS) {
+ avtab_extended_perms_t *x1 = d1->xperms;
+ const avtab_extended_perms_t *x2 = d2->xperms;
+
+ if (x1->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
+ if (x2->specified == AVTAB_XPERMS_IOCTLFUNCTION) {
+ if (x1->driver != x2->driver)
+ return 0;
+ return process_xperms(x1->perms, x2->perms);
+ }
+ if (x2->specified == AVTAB_XPERMS_IOCTLDRIVER)
+ return xperm_test(x1->driver, x2->perms);
+ } else if (x1->specified == AVTAB_XPERMS_IOCTLDRIVER) {
+ if (x2->specified == AVTAB_XPERMS_IOCTLFUNCTION)
+ return 0;
+
+ if (x2->specified == AVTAB_XPERMS_IOCTLDRIVER)
+ return process_xperms(x1->perms, x2->perms);
+ }
+ return 0;
+ }
+ return 0;
+}
+
+/* checks if avtab contains a rule that covers the given rule */
+static int is_avrule_redundant(avtab_ptr_t entry, avtab_t *tab,
+ const ebitmap_t *type_map, unsigned char not_cond)
+{
+ unsigned int i, k, s_idx, t_idx;
+ ebitmap_node_t *snode, *tnode;
+ avtab_datum_t *d1, *d2;
+ avtab_key_t key;
+
+ /* we only care about AV rules */
+ if (!(entry->key.specified & (AVTAB_AV|AVTAB_XPERMS)))
+ return 0;
+
+ s_idx = entry->key.source_type - 1;
+ t_idx = entry->key.target_type - 1;
+
+ key.target_class = entry->key.target_class;
+ key.specified = entry->key.specified;
+
+ d1 = &entry->datum;
+
+ ebitmap_for_each_positive_bit(&type_map[s_idx], snode, i) {
+ key.source_type = i + 1;
+
+ ebitmap_for_each_positive_bit(&type_map[t_idx], tnode, k) {
+ if (not_cond && s_idx == i && t_idx == k)
+ continue;
+
+ key.target_type = k + 1;
+
+ d2 = avtab_search(tab, &key);
+ if (!d2)
+ continue;
+
+ if (process_avtab_datum(key.specified, d1, d2))
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int is_type_attr(policydb_t *p, unsigned int id)
+{
+ return p->type_val_to_struct[id]->flavor == TYPE_ATTRIB;
+}
+
+static int is_avrule_with_attr(avtab_ptr_t entry, policydb_t *p)
+{
+ unsigned int s_idx = entry->key.source_type - 1;
+ unsigned int t_idx = entry->key.target_type - 1;
+
+ return is_type_attr(p, s_idx) || is_type_attr(p, t_idx);
+}
+
+/* checks if conditional list contains a rule that covers the given rule */
+static int is_cond_rule_redundant(avtab_ptr_t e1, cond_av_list_t *list,
+ const ebitmap_t *type_map)
+{
+ unsigned int s1, t1, c1, k1, s2, t2, c2, k2;
+
+ /* we only care about AV rules */
+ if (!(e1->key.specified & (AVTAB_AV|AVTAB_XPERMS)))
+ return 0;
+
+ s1 = e1->key.source_type - 1;
+ t1 = e1->key.target_type - 1;
+ c1 = e1->key.target_class;
+ k1 = e1->key.specified;
+
+ for (; list; list = list->next) {
+ avtab_ptr_t e2 = list->node;
+
+ s2 = e2->key.source_type - 1;
+ t2 = e2->key.target_type - 1;
+ c2 = e2->key.target_class;
+ k2 = e2->key.specified;
+
+ if (k1 != k2 || c1 != c2)
+ continue;
+
+ if (s1 == s2 && t1 == t2)
+ continue;
+ if (!ebitmap_get_bit(&type_map[s1], s2))
+ continue;
+ if (!ebitmap_get_bit(&type_map[t1], t2))
+ continue;
+
+ if (process_avtab_datum(k1, &e1->datum, &e2->datum))
+ return 1;
+ }
+ return 0;
+}
+
+static void optimize_avtab(policydb_t *p, const ebitmap_t *type_map)
+{
+ avtab_t *tab = &p->te_avtab;
+ unsigned int i;
+ avtab_ptr_t *cur;
+
+ for (i = 0; i < tab->nslot; i++) {
+ cur = &tab->htable[i];
+ while (*cur) {
+ if (is_avrule_redundant(*cur, tab, type_map, 1)) {
+ /* redundant rule -> remove it */
+ avtab_ptr_t tmp = *cur;
+
+ *cur = tmp->next;
+ if (tmp->key.specified & AVTAB_XPERMS)
+ free(tmp->datum.xperms);
+ free(tmp);
+
+ tab->nel--;
+ } else {
+ /* rule not redundant -> move to next rule */
+ cur = &(*cur)->next;
+ }
+ }
+ }
+}
+
+/* find redundant rules in (*cond) and put them into (*del) */
+static void optimize_cond_av_list(cond_av_list_t **cond, cond_av_list_t **del,
+ policydb_t *p, const ebitmap_t *type_map)
+{
+ cond_av_list_t **listp = cond;
+ cond_av_list_t *pcov = NULL;
+ cond_av_list_t **pcov_cur;
+
+ /*
+ * Separate out all "potentially covering" rules (src or tgt is an attr)
+ * and move them to the end of the list. This is needed to avoid
+ * polynomial complexity when almost all rules are expanded.
+ */
+ while (*cond) {
+ if (is_avrule_with_attr((*cond)->node, p)) {
+ cond_av_list_t *tmp = *cond;
+
+ *cond = tmp->next;
+ tmp->next = pcov;
+ pcov = tmp;
+ } else {
+ cond = &(*cond)->next;
+ }
+ }
+ /* link the "potentially covering" rules to the end of the list */
+ *cond = pcov;
+
+ /* now go through the list and find the redundant rules */
+ cond = listp;
+ pcov_cur = &pcov;
+ while (*cond) {
+ /* needed because pcov itself may get deleted */
+ if (*cond == pcov)
+ pcov_cur = cond;
+ /*
+ * First check if covered by an unconditional rule, then also
+ * check if covered by another rule in the same list.
+ */
+ if (is_avrule_redundant((*cond)->node, &p->te_avtab, type_map, 0) ||
+ is_cond_rule_redundant((*cond)->node, *pcov_cur, type_map)) {
+ cond_av_list_t *tmp = *cond;
+
+ *cond = tmp->next;
+ tmp->next = *del;
+ *del = tmp;
+ } else {
+ cond = &(*cond)->next;
+ }
+ }
+}
+
+static void optimize_cond_avtab(policydb_t *p, const ebitmap_t *type_map)
+{
+ avtab_t *tab = &p->te_cond_avtab;
+ unsigned int i;
+ avtab_ptr_t *cur;
+ cond_node_t **cond;
+ cond_av_list_t **avcond, *del = NULL;
+
+ /* First go through all conditionals and collect redundant rules. */
+ cond = &p->cond_list;
+ while (*cond) {
+ optimize_cond_av_list(&(*cond)->true_list, &del, p, type_map);
+ optimize_cond_av_list(&(*cond)->false_list, &del, p, type_map);
+ /* TODO: maybe also check for rules present in both lists */
+
+ /* nothing left in both lists -> remove the whole conditional */
+ if (!(*cond)->true_list && !(*cond)->false_list) {
+ cond_node_t *cond_tmp = *cond;
+
+ *cond = cond_tmp->next;
+ cond_node_destroy(cond_tmp);
+ free(cond_tmp);
+ } else {
+ cond = &(*cond)->next;
+ }
+ }
+
+ if (!del)
+ return;
+
+ /*
+ * Now go through the whole cond_avtab and remove all rules that are
+ * found in the 'del' list.
+ */
+ for (i = 0; i < tab->nslot; i++) {
+ cur = &tab->htable[i];
+ while (*cur) {
+ int redundant = 0;
+ avcond = &del;
+ while (*avcond) {
+ if ((*avcond)->node == *cur) {
+ cond_av_list_t *cond_tmp = *avcond;
+
+ *avcond = cond_tmp->next;
+ free(cond_tmp);
+ redundant = 1;
+ break;
+ } else {
+ avcond = &(*avcond)->next;
+ }
+ }
+ if (redundant) {
+ avtab_ptr_t tmp = *cur;
+
+ *cur = tmp->next;
+ if (tmp->key.specified & AVTAB_XPERMS)
+ free(tmp->datum.xperms);
+ free(tmp);
+
+ tab->nel--;
+ } else {
+ cur = &(*cur)->next;
+ }
+ }
+ }
+}
+
+int policydb_optimize(policydb_t *p)
+{
+ ebitmap_t *type_map;
+
+ if (p->policy_type != POLICY_KERN)
+ return -1;
+
+ type_map = build_type_map(p);
+ if (!type_map)
+ return -1;
+
+ optimize_avtab(p, type_map);
+ optimize_cond_avtab(p, type_map);
+
+ destroy_type_map(p, type_map);
+ return 0;
+}
diff --git a/libsepol/src/policydb.c b/libsepol/src/policydb.c
index 69bcb4d..67037b6 100644
--- a/libsepol/src/policydb.c
+++ b/libsepol/src/policydb.c
@@ -195,6 +195,13 @@
.target_platform = SEPOL_TARGET_SELINUX,
},
{
+ .type = POLICY_KERN,
+ .version = POLICYDB_VERSION_GLBLUB,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_IBENDPORT + 1,
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
+ {
.type = POLICY_BASE,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -307,6 +314,13 @@
.target_platform = SEPOL_TARGET_SELINUX,
},
{
+ .type = POLICY_BASE,
+ .version = MOD_POLICYDB_VERSION_GLBLUB,
+ .sym_num = SYM_NUM,
+ .ocon_num = OCON_IBENDPORT + 1,
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
+ {
.type = POLICY_MOD,
.version = MOD_POLICYDB_VERSION_BASE,
.sym_num = SYM_NUM,
@@ -418,6 +432,14 @@
.ocon_num = 0,
.target_platform = SEPOL_TARGET_SELINUX,
},
+ {
+ .type = POLICY_MOD,
+ .version = MOD_POLICYDB_VERSION_GLBLUB,
+ .sym_num = SYM_NUM,
+ .ocon_num = 0,
+ .target_platform = SEPOL_TARGET_SELINUX,
+ },
+
};
#if 0
diff --git a/libsepol/src/policydb_public.c b/libsepol/src/policydb_public.c
index e721842..747a43f 100644
--- a/libsepol/src/policydb_public.c
+++ b/libsepol/src/policydb_public.c
@@ -169,6 +169,11 @@
return 0;
}
+int sepol_policydb_optimize(sepol_policydb_t * p)
+{
+ return policydb_optimize(&p->p);
+}
+
int sepol_policydb_read(sepol_policydb_t * p, sepol_policy_file_t * pf)
{
return policydb_read(&p->p, &pf->pf, 0);
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
index 303a138..3758436 100644
--- a/libsepol/src/services.c
+++ b/libsepol/src/services.c
@@ -1134,13 +1134,13 @@
scontext = sepol_sidtab_search(sidtab, ssid);
if (!scontext) {
- ERR(NULL, "unrecognized SID %d", ssid);
+ ERR(NULL, "unrecognized source SID %d", ssid);
rc = -EINVAL;
goto out;
}
tcontext = sepol_sidtab_search(sidtab, tsid);
if (!tcontext) {
- ERR(NULL, "unrecognized SID %d", tsid);
+ ERR(NULL, "unrecognized target SID %d", tsid);
rc = -EINVAL;
goto out;
}
@@ -1170,13 +1170,13 @@
scontext = sepol_sidtab_search(sidtab, ssid);
if (!scontext) {
- ERR(NULL, "unrecognized SID %d", ssid);
+ ERR(NULL, "unrecognized source SID %d", ssid);
rc = -EINVAL;
goto out;
}
tcontext = sepol_sidtab_search(sidtab, tsid);
if (!tcontext) {
- ERR(NULL, "unrecognized SID %d", tsid);
+ ERR(NULL, "unrecognized target SID %d", tsid);
rc = -EINVAL;
goto out;
}
diff --git a/libsepol/src/write.c b/libsepol/src/write.c
index bfbf318..b9890b4 100644
--- a/libsepol/src/write.c
+++ b/libsepol/src/write.c
@@ -46,6 +46,11 @@
#include "private.h"
#include "mls.h"
+#define glblub_version ((p->policy_type == POLICY_KERN && \
+ p->policyvers >= POLICYDB_VERSION_GLBLUB) || \
+ (p->policy_type == POLICY_BASE && \
+ p->policyvers >= MOD_POLICYDB_VERSION_GLBLUB))
+
struct policy_data {
struct policy_file *fp;
struct policydb *p;
@@ -1034,6 +1039,13 @@
p->policyvers >= MOD_POLICYDB_VERSION_NEW_OBJECT_DEFAULTS)) {
buf[0] = cpu_to_le32(cladatum->default_user);
buf[1] = cpu_to_le32(cladatum->default_role);
+ if (!glblub_version && cladatum->default_range == DEFAULT_GLBLUB) {
+ WARN(fp->handle,
+ "class %s default_range set to GLBLUB but policy version is %d (%d required), discarding",
+ p->p_class_val_to_name[cladatum->s.value - 1], p->policyvers,
+ p->policy_type == POLICY_KERN? POLICYDB_VERSION_GLBLUB:MOD_POLICYDB_VERSION_GLBLUB);
+ cladatum->default_range = 0;
+ }
buf[2] = cpu_to_le32(cladatum->default_range);
items = put_entry(buf, sizeof(uint32_t), 3, fp);
if (items != 3)
diff --git a/libsepol/tests/helpers.h b/libsepol/tests/helpers.h
index 10d3909..fa84cfa 100644
--- a/libsepol/tests/helpers.h
+++ b/libsepol/tests/helpers.h
@@ -24,9 +24,38 @@
#include <sepol/policydb/policydb.h>
#include <sepol/policydb/conditional.h>
+#include <CUnit/Basic.h>
/* helper functions */
+/* Override CU_*_FATAL() in order to help static analyzers by really asserting that an assertion holds */
+#ifdef __CHECKER__
+
+#include <assert.h>
+
+#undef CU_ASSERT_FATAL
+#define CU_ASSERT_FATAL(value) do { \
+ int _value = (value); \
+ CU_ASSERT(_value); \
+ assert(_value); \
+ } while (0)
+
+#undef CU_FAIL_FATAL
+#define CU_FAIL_FATAL(msg) do { \
+ CU_FAIL(msg); \
+ assert(0); \
+ } while (0)
+
+#undef CU_ASSERT_PTR_NOT_NULL_FATAL
+#define CU_ASSERT_PTR_NOT_NULL_FATAL(value) do { \
+ const void *_value = (value); \
+ CU_ASSERT_PTR_NOT_NULL(_value); \
+ assert(_value != NULL); \
+ } while (0)
+
+#endif /* __CHECKER__ */
+
+
/* Load a source policy into p. policydb_init will called within this function.
*
* Example: test_load_policy(p, POLICY_BASE, 1, "foo", "base.conf") will load the
diff --git a/libsepol/tests/policies/test-deps/base-metreq.conf b/libsepol/tests/policies/test-deps/base-metreq.conf
index bfb4c56..3e2f840 100644
--- a/libsepol/tests/policies/test-deps/base-metreq.conf
+++ b/libsepol/tests/policies/test-deps/base-metreq.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-deps/base-notmetreq.conf b/libsepol/tests/policies/test-deps/base-notmetreq.conf
index f2630e7..8ff3d20 100644
--- a/libsepol/tests/policies/test-deps/base-notmetreq.conf
+++ b/libsepol/tests/policies/test-deps/base-notmetreq.conf
@@ -341,7 +341,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-deps/small-base.conf b/libsepol/tests/policies/test-deps/small-base.conf
index 7c1cbe4..1411e62 100644
--- a/libsepol/tests/policies/test-deps/small-base.conf
+++ b/libsepol/tests/policies/test-deps/small-base.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-expander/alias-base.conf b/libsepol/tests/policies/test-expander/alias-base.conf
index 4ed46d2..57d4520 100644
--- a/libsepol/tests/policies/test-expander/alias-base.conf
+++ b/libsepol/tests/policies/test-expander/alias-base.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-expander/role-base.conf b/libsepol/tests/policies/test-expander/role-base.conf
index b43389f..a603390 100644
--- a/libsepol/tests/policies/test-expander/role-base.conf
+++ b/libsepol/tests/policies/test-expander/role-base.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-expander/small-base.conf b/libsepol/tests/policies/test-expander/small-base.conf
index 7c5d77a..20005e3 100644
--- a/libsepol/tests/policies/test-expander/small-base.conf
+++ b/libsepol/tests/policies/test-expander/small-base.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-expander/user-base.conf b/libsepol/tests/policies/test-expander/user-base.conf
index b60672f..1f84fd7 100644
--- a/libsepol/tests/policies/test-expander/user-base.conf
+++ b/libsepol/tests/policies/test-expander/user-base.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-hooks/cmp_policy.conf b/libsepol/tests/policies/test-hooks/cmp_policy.conf
index ec1e234..1eccf4a 100644
--- a/libsepol/tests/policies/test-hooks/cmp_policy.conf
+++ b/libsepol/tests/policies/test-hooks/cmp_policy.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-hooks/small-base.conf b/libsepol/tests/policies/test-hooks/small-base.conf
index ec1e234..1eccf4a 100644
--- a/libsepol/tests/policies/test-hooks/small-base.conf
+++ b/libsepol/tests/policies/test-hooks/small-base.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/policies/test-linker/small-base.conf b/libsepol/tests/policies/test-linker/small-base.conf
index 3a66f91..2bc1465 100644
--- a/libsepol/tests/policies/test-linker/small-base.conf
+++ b/libsepol/tests/policies/test-linker/small-base.conf
@@ -346,7 +346,7 @@
}
#
-# Define the access vector interpretation for controling capabilies
+# Define the access vector interpretation for controlling capabilities
#
class capability
diff --git a/libsepol/tests/test-common.c b/libsepol/tests/test-common.c
index e6619ed..f690635 100644
--- a/libsepol/tests/test-common.c
+++ b/libsepol/tests/test-common.c
@@ -26,6 +26,8 @@
#include <CUnit/Basic.h>
+#include "helpers.h"
+
void test_sym_presence(policydb_t * p, const char *id, int sym_type, unsigned int scope_type, unsigned int *decls, unsigned int len)
{
scope_datum_t *scope;
@@ -228,13 +230,16 @@
unsigned int i;
type_datum_t *attr;
- if (decl)
+ if (decl) {
attr = hashtab_search(decl->p_types.table, id);
- else
+ if (attr == NULL)
+ printf("could not find attr %s in decl %d\n", id, decl->decl_id);
+ } else {
attr = hashtab_search(p->p_types.table, id);
+ if (attr == NULL)
+ printf("could not find attr %s in policy\n", id);
+ }
- if (attr == NULL)
- printf("could not find attr %s in decl %d\n", id, decl->decl_id);
CU_ASSERT_FATAL(attr != NULL);
CU_ASSERT(attr->flavor == TYPE_ATTRIB);
CU_ASSERT(attr->primary == 1);
diff --git a/libsepol/tests/test-deps.c b/libsepol/tests/test-deps.c
index f495087..f4ab09b 100644
--- a/libsepol/tests/test-deps.c
+++ b/libsepol/tests/test-deps.c
@@ -66,6 +66,8 @@
#include <sepol/debug.h>
#include <sepol/handle.h>
+#include "helpers.h"
+
#define BASE_MODREQ_TYPE_GLOBAL 0
#define BASE_MODREQ_ATTR_GLOBAL 1
#define BASE_MODREQ_OBJ_GLOBAL 2
@@ -126,7 +128,7 @@
* symbols. It is capable of testing 2 scenarios - the dependencies are met
* and the dependencies are not met.
*
- * Paramaters:
+ * Parameters:
* req_met boolean indicating whether the base policy meets the
* requirements for the modules global block.
* b index of the base policy in the global bases_met array.
@@ -209,7 +211,7 @@
* symbols. It is capable of testing 2 scenarios - the dependencies are met
* and the dependencies are not met.
*
- * Paramaters:
+ * Parameters:
* req_met boolean indicating whether the base policy meets the
* requirements for the modules global block.
* b index of the base policy in the global bases_met array.
diff --git a/libsepol/tests/test-downgrade.c b/libsepol/tests/test-downgrade.c
index 963f3fa..f1b0ebb 100644
--- a/libsepol/tests/test-downgrade.c
+++ b/libsepol/tests/test-downgrade.c
@@ -97,7 +97,7 @@
* Output: None
*
* Description:
- * Tests the backward compatability of MLS and Non-MLS binary policy versions.
+ * Tests the backward compatibility of MLS and Non-MLS binary policy versions.
*/
void test_downgrade(void)
{
diff --git a/libsepol/tests/test-downgrade.h b/libsepol/tests/test-downgrade.h
index 10a7c3b..4105def 100644
--- a/libsepol/tests/test-downgrade.h
+++ b/libsepol/tests/test-downgrade.h
@@ -65,7 +65,7 @@
*
* Output: None
*
- * Description: Tests the backward compatability of MLS and Non-MLS binary
+ * Description: Tests the backward compatibility of MLS and Non-MLS binary
* policy versions.
*/
void test_downgrade(void);
diff --git a/libsepol/tests/test-expander-attr-map.c b/libsepol/tests/test-expander-attr-map.c
index b2f59ae..a974454 100644
--- a/libsepol/tests/test-expander-attr-map.c
+++ b/libsepol/tests/test-expander-attr-map.c
@@ -21,6 +21,7 @@
#include "test-expander-attr-map.h"
#include "test-common.h"
+#include "helpers.h"
#include <sepol/policydb/policydb.h>
#include <CUnit/Basic.h>
@@ -30,7 +31,7 @@
void test_expander_attr_mapping(void)
{
- /* note that many cases are ommitted because they don't make sense
+ /* note that many cases are omitted because they don't make sense
(i.e. declaring in an optional and then using it in the base) or
because declare in optional then require in a different optional
logic still doesn't work */
diff --git a/libsepol/tests/test-expander-roles.c b/libsepol/tests/test-expander-roles.c
index aba3c9b..74c781b 100644
--- a/libsepol/tests/test-expander-roles.c
+++ b/libsepol/tests/test-expander-roles.c
@@ -22,6 +22,7 @@
#include "test-expander-roles.h"
#include "test-common.h"
+#include "helpers.h"
#include <sepol/policydb/policydb.h>
#include <CUnit/Basic.h>
diff --git a/libsepol/tests/test-expander-users.c b/libsepol/tests/test-expander-users.c
index 9d9c7a6..ab2265c 100644
--- a/libsepol/tests/test-expander-users.c
+++ b/libsepol/tests/test-expander-users.c
@@ -21,6 +21,7 @@
*/
#include "test-expander-users.h"
+#include "helpers.h"
#include <sepol/policydb/policydb.h>
#include <CUnit/Basic.h>
diff --git a/libsepol/tests/test-linker-cond-map.c b/libsepol/tests/test-linker-cond-map.c
index 712d991..b02e788 100644
--- a/libsepol/tests/test-linker-cond-map.c
+++ b/libsepol/tests/test-linker-cond-map.c
@@ -93,7 +93,7 @@
/* these tests look at booleans and conditionals in the base only
* to ensure that they aren't altered or removed during the link process */
- /* bool existance and state, global scope */
+ /* bool existence and state, global scope */
d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_b");
decls[0] = d->decl_id;
test_sym_presence(base, "g_b_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
@@ -103,7 +103,7 @@
bools[0].expr_type = COND_BOOL;
test_cond_expr_mapping(base, d, bools, 1);
- /* bool existance and state, optional scope */
+ /* bool existence and state, optional scope */
d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_b");
decls[0] = d->decl_id;
test_sym_presence(base, "o1_b_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
@@ -121,7 +121,7 @@
unsigned int decls[1];
test_cond_expr_t bools[3];
- /* bool existance and state, module 1 global scope */
+ /* bool existence and state, module 1 global scope */
d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m1");
decls[0] = d->decl_id;
test_sym_presence(base, "g_m1_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
@@ -131,7 +131,7 @@
bools[0].expr_type = COND_BOOL;
test_cond_expr_mapping(base, d, bools, 1);
- /* bool existance and state, module 1 optional scope */
+ /* bool existence and state, module 1 optional scope */
d = test_find_decl_by_sym(base, SYM_TYPES, "tag_o1_m1");
decls[0] = d->decl_id;
test_sym_presence(base, "o1_m1_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
@@ -141,7 +141,7 @@
bools[0].expr_type = COND_BOOL;
test_cond_expr_mapping(base, d, bools, 1);
- /* bool existance and state, module 2 global scope */
+ /* bool existence and state, module 2 global scope */
d = test_find_decl_by_sym(base, SYM_TYPES, "tag_g_m2");
decls[0] = d->decl_id;
test_sym_presence(base, "g_m2_bool_1", SYM_BOOLS, SCOPE_DECL, decls, 1);
diff --git a/mcstrans/VERSION b/mcstrans/VERSION
index 8c26915..9f55b2c 100644
--- a/mcstrans/VERSION
+++ b/mcstrans/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/mcstrans/man/Makefile b/mcstrans/man/Makefile
index 0f8d34f..7171381 100644
--- a/mcstrans/man/Makefile
+++ b/mcstrans/man/Makefile
@@ -2,15 +2,23 @@
LINGUAS ?= ru
PREFIX ?= /usr
MANDIR ?= $(PREFIX)/share/man
+MAN5SUBDIR ?= man5
+MAN5DIR ?= $(MANDIR)/$(MAN5SUBDIR)
MAN8SUBDIR ?= man8
MAN8DIR ?= $(MANDIR)/$(MAN8SUBDIR)
all:
install: all
+ mkdir -p $(DESTDIR)$(MAN5DIR)
mkdir -p $(DESTDIR)$(MAN8DIR)
+ install -m 644 man5/*.5 $(DESTDIR)$(MAN5DIR)
install -m 644 man8/*.8 $(DESTDIR)$(MAN8DIR)
for lang in $(LINGUAS) ; do \
+ if [ -e $${lang}/man5 ] ; then \
+ mkdir -p $(DESTDIR)$(MANDIR)/$${lang}/$(MAN5SUBDIR) ; \
+ install -m 644 $${lang}/man5/*.5 $(DESTDIR)$(MANDIR)/$${lang}/$(MAN5SUBDIR) ; \
+ fi ; \
if [ -e $${lang}/man8 ] ; then \
mkdir -p $(DESTDIR)$(MANDIR)/$${lang}/$(MAN8SUBDIR) ; \
install -m 644 $${lang}/man8/*.8 $(DESTDIR)$(MANDIR)/$${lang}/$(MAN8SUBDIR) ; \
@@ -19,4 +27,5 @@
clean:
-rm -f *~ \#*
+ -rm -f man5/*~ man5/\#*
-rm -f man8/*~ man8/\#*
diff --git a/mcstrans/man/man8/setrans.conf.8 b/mcstrans/man/man5/setrans.conf.5
similarity index 97%
rename from mcstrans/man/man8/setrans.conf.8
rename to mcstrans/man/man5/setrans.conf.5
index b760992..4949a50 100644
--- a/mcstrans/man/man8/setrans.conf.8
+++ b/mcstrans/man/man5/setrans.conf.5
@@ -1,4 +1,4 @@
-.TH "setrans.conf" "8" "13 July 2010" "txtoth@gmail.com" "setrans.conf documentation"
+.TH "setrans.conf" "5" "13 July 2010" "txtoth@gmail.com" "setrans.conf documentation"
.SH "NAME"
setrans.conf \- translation configuration file for MCS/MLS SELinux systems
diff --git a/mcstrans/man/man8/mcstransd.8 b/mcstrans/man/man8/mcstransd.8
index 64774a5..9a5922b 100644
--- a/mcstrans/man/man8/mcstransd.8
+++ b/mcstrans/man/man8/mcstransd.8
@@ -29,4 +29,4 @@
/etc/selinux/{SELINUXTYPE}/setrans.conf
.SH "SEE ALSO"
-.BR mcs (8),
+.BR setrans.conf (5), mcs (8)
diff --git a/mcstrans/man/ru/man8/setrans.conf.8 b/mcstrans/man/ru/man5/setrans.conf.5
similarity index 98%
rename from mcstrans/man/ru/man8/setrans.conf.8
rename to mcstrans/man/ru/man5/setrans.conf.5
index 9141def..724b206 100644
--- a/mcstrans/man/ru/man8/setrans.conf.8
+++ b/mcstrans/man/ru/man5/setrans.conf.5
@@ -1,4 +1,4 @@
-.TH "setrans.conf" "8" "13 июля 2010" "txtoth@gmail.com" "Документация по setrans.conf"
+.TH "setrans.conf" "5" "13 июля 2010" "txtoth@gmail.com" "Документация по setrans.conf"
.SH "ИМЯ"
setrans.conf \- файл конфигурации преобразования для систем MCS/MLS SELinux
diff --git a/mcstrans/man/ru/man8/mcstransd.8 b/mcstrans/man/ru/man8/mcstransd.8
index 90247c3..4cd68c1 100644
--- a/mcstrans/man/ru/man8/mcstransd.8
+++ b/mcstrans/man/ru/man8/mcstransd.8
@@ -23,7 +23,7 @@
/etc/selinux/{SELINUXTYPE}/setrans.conf
.SH "СМОТРИТЕ ТАКЖЕ"
-.BR mcs (8)
+.BR setrans.conf (5), mcs (8)
.SH "АВТОРЫ"
Эта man-страница написана Dan Walsh <dwalsh@redhat.com>.
diff --git a/mcstrans/share/examples/default/setrans.conf b/mcstrans/share/examples/default/setrans.conf
index eb181d2..d2bc8a1 100644
--- a/mcstrans/share/examples/default/setrans.conf
+++ b/mcstrans/share/examples/default/setrans.conf
@@ -1,7 +1,7 @@
#
# Multi-Level Security translation table for SELinux
-#
-# Uncomment the following to disable translation libary
+#
+# Uncomment the following to disable translation library
# disable=1
#
# Objects can be labeled with one of 16 levels and be categorized with 0-1023
diff --git a/mcstrans/share/examples/include/setrans.conf b/mcstrans/share/examples/include/setrans.conf
index 4e7b40e..4c7ecf1 100644
--- a/mcstrans/share/examples/include/setrans.conf
+++ b/mcstrans/share/examples/include/setrans.conf
@@ -1,7 +1,7 @@
#
# Multi-Level Security translation table for SELinux
-#
-# Uncomment the following to disable translation libary
+#
+# Uncomment the following to disable translation library
# disable=1
#
# Objects can be labeled with one of 16 levels and be categorized with 0-1023
@@ -10,6 +10,6 @@
# Users can modify this table to translate the MLS labels for different purpose.
#
-# Demonstrate Include by moving everthing to an include file
+# Demonstrate Include by moving everything to an include file
#
Include=/etc/selinux/mls/setrans.d/include-example
diff --git a/mcstrans/share/examples/include/setrans.d/include-example b/mcstrans/share/examples/include/setrans.d/include-example
index eb181d2..d2bc8a1 100644
--- a/mcstrans/share/examples/include/setrans.d/include-example
+++ b/mcstrans/share/examples/include/setrans.d/include-example
@@ -1,7 +1,7 @@
#
# Multi-Level Security translation table for SELinux
-#
-# Uncomment the following to disable translation libary
+#
+# Uncomment the following to disable translation library
# disable=1
#
# Objects can be labeled with one of 16 levels and be categorized with 0-1023
diff --git a/mcstrans/share/examples/nato/setrans.d/rel.conf b/mcstrans/share/examples/nato/setrans.d/rel.conf
index c1eca29..21f8a79 100644
--- a/mcstrans/share/examples/nato/setrans.d/rel.conf
+++ b/mcstrans/share/examples/nato/setrans.d/rel.conf
@@ -9,7 +9,7 @@
Prefix=RELEASEABLE TO
Default=c200.c511
-~c200.c511=EVERBODY
+~c200.c511=EVERYBODY
~c200,~c205,~c219,~c223,~c239,~c257,~c258,~c261,~c268,~c269,~c274,~c278,~c288,~c298,~c300,~c308,~c310,~c331,~c332,~c333,~c365,~c366,~c378,~c381,~c387,~c406,~c407,~c423,~c430=NATO
@@ -748,4 +748,4 @@
~c200,~c444=ZI # Zimbabwe
~c200,~c444=ZWE # Zimbabwe
-#UNCLASSIFIED
\ No newline at end of file
+#UNCLASSIFIED
diff --git a/mcstrans/share/examples/urcsts-via-include/secolor.conf b/mcstrans/share/examples/urcsts-via-include/secolor.conf
index d35b3c6..3b3f543 100644
--- a/mcstrans/share/examples/urcsts-via-include/secolor.conf
+++ b/mcstrans/share/examples/urcsts-via-include/secolor.conf
@@ -17,5 +17,5 @@
range s5-s5:c0.c1023 = white blue
range s7-s7:c0.c1023 = black red
range s9-s9:c0.c1023 = black orange
-range s15:c0.c1023 = black yellow
+range s15-s15:c0.c1023 = black yellow
diff --git a/mcstrans/share/examples/urcsts-via-include/setrans.conf b/mcstrans/share/examples/urcsts-via-include/setrans.conf
index 6b578d8..5998183 100644
--- a/mcstrans/share/examples/urcsts-via-include/setrans.conf
+++ b/mcstrans/share/examples/urcsts-via-include/setrans.conf
@@ -1,7 +1,7 @@
#
# Multi-Level Security translation table for SELinux
-#
-# Uncomment the following to disable translation libary
+#
+# Uncomment the following to disable translation library
# disable=1
#
# Objects can be labeled with one of 16 levels and be categorized with 0-1023
@@ -10,6 +10,6 @@
# Users can modify this table to translate the MLS labels for different purpose.
#
-# Demonstrate Include by moving everthing to an include file
+# Demonstrate Include by moving everything to an include file
#
Include=/etc/selinux/mls/setrans.d/*.conf
diff --git a/mcstrans/share/examples/urcsts/secolor.conf b/mcstrans/share/examples/urcsts/secolor.conf
index d35b3c6..3b3f543 100644
--- a/mcstrans/share/examples/urcsts/secolor.conf
+++ b/mcstrans/share/examples/urcsts/secolor.conf
@@ -17,5 +17,5 @@
range s5-s5:c0.c1023 = white blue
range s7-s7:c0.c1023 = black red
range s9-s9:c0.c1023 = black orange
-range s15:c0.c1023 = black yellow
+range s15-s15:c0.c1023 = black yellow
diff --git a/mcstrans/src/mcscolor.c b/mcstrans/src/mcscolor.c
index 6ea1aa9..4ee0db5 100644
--- a/mcstrans/src/mcscolor.c
+++ b/mcstrans/src/mcscolor.c
@@ -134,12 +134,12 @@
}
while (ptr) {
- if (fnmatch(ptr->pattern, component, 0) == 0) {
- if (idx == COLOR_RANGE) {
- if (check_dominance(ptr->pattern, raw) == 0)
- return &ptr->color;
- } else
- return &ptr->color;
+ if (idx == COLOR_RANGE) {
+ if (check_dominance(ptr->pattern, raw) == 0)
+ return &ptr->color;
+ } else {
+ if (fnmatch(ptr->pattern, component, 0) == 0)
+ return &ptr->color;
}
ptr = ptr->next;
}
@@ -211,7 +211,7 @@
/* Process line from color file.
- May modify the data pointed to by the buffer paremeter */
+ May modify the data pointed to by the buffer parameter */
static int process_color(char *buffer, int line) {
char rule[10], pat[256], f[256], b[256];
uint32_t i, fg, bg;
diff --git a/mcstrans/src/mcstrans.service b/mcstrans/src/mcstrans.service
index 8976b97..0952943 100644
--- a/mcstrans/src/mcstrans.service
+++ b/mcstrans/src/mcstrans.service
@@ -1,5 +1,6 @@
[Unit]
Description=Translates SELinux MCS/MLS labels to human readable form
+Documentation=man:mcstransd(8)
ConditionSecurity=selinux
[Service]
diff --git a/policycoreutils/VERSION b/policycoreutils/VERSION
index 8c26915..9f55b2c 100644
--- a/policycoreutils/VERSION
+++ b/policycoreutils/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/policycoreutils/hll/pp/pp.c b/policycoreutils/hll/pp/pp.c
index 98969eb..1d86728 100644
--- a/policycoreutils/hll/pp/pp.c
+++ b/policycoreutils/hll/pp/pp.c
@@ -50,7 +50,7 @@
{
fprintf(stderr, "Usage: %s [OPTIONS] [IN_FILE [OUT_FILE]]\n", progname);
fprintf(stderr, "\n");
- fprintf(stderr, "Read an SELinux policy package (.pp) and output the equivilent CIL.\n");
+ fprintf(stderr, "Read an SELinux policy package (.pp) and output the equivalent CIL.\n");
fprintf(stderr, "If IN_FILE is not provided or is -, read SELinux policy package from\n");
fprintf(stderr, "standard input. If OUT_FILE is not provided or is -, output CIL to\n");
fprintf(stderr, "standard output.\n");
diff --git a/policycoreutils/load_policy/load_policy.c b/policycoreutils/load_policy/load_policy.c
index 2707d6f..322ed00 100644
--- a/policycoreutils/load_policy/load_policy.c
+++ b/policycoreutils/load_policy/load_policy.c
@@ -77,7 +77,7 @@
}
}
else {
- ret = selinux_mkload_policy(1);
+ ret = selinux_mkload_policy(0);
}
if (ret < 0) {
fprintf(stderr, _("%s: Can't load policy: %s\n"),
diff --git a/policycoreutils/man/man5/selinux_config.5 b/policycoreutils/man/man5/selinux_config.5
index dbfec55..1ffade1 100644
--- a/policycoreutils/man/man5/selinux_config.5
+++ b/policycoreutils/man/man5/selinux_config.5
@@ -11,10 +11,8 @@
.IP "2." 4
The policy name or type that forms a path to the policy to be loaded and its supporting configuration files.
.IP "3." 4
-How local users and booleans will be managed when the policy is loaded (note that this function was used by older releases of SELinux and is now deprecated).
-.IP "4." 4
How SELinux-aware login applications should behave if no valid SELinux users are configured.
-.IP "5." 4
+.IP "4." 4
Whether the system is to be relabeled or not.
.RE
@@ -34,8 +32,6 @@
.br
\fBSELINUXTYPE = \fIpolicy_name\fR
.br
-\fBSETLOCALDEFS = \fI0\fR | \fI1\fR
-.br
\fBREQUIREUSERS = \fI0\fR | \fI1\fR
.br
\fBAUTORELABEL = \fI0\fR | \fI1\fR
@@ -88,13 +84,6 @@
.RE
.RE
.sp
-.B SETLOCALDEFS
-.RS
-This entry is deprecated and should be removed or set to \fI0\fR.
-.sp
-If set to \fI1\fR, then \fBselinux_mkload_policy\fR(3) will read the local customization for booleans (see \fBbooleans\fR(5)) and users (see \fBlocal.users\fR(5)).
-.RE
-.sp
.B REQUIRESEUSERS
.RS
This optional entry can be used to fail a login if there is no matching or default entry in the
@@ -138,4 +127,4 @@
.RE
.SH "SEE ALSO"
-.BR selinux "(8), " sestatus "(8), " selinux_path "(3), " selinux_policy_root_path "(3), " selinux_binary_policy_path "(3), " getseuserbyname "(3), " PAM "(8), " fixfiles "(8), " selinux_mkload_policy "(3), " selinux_getpolicytype "(3), " security_policyvers "(3), " selinux_getenforcemode "(3), " seusers "(5), " booleans "(5), " local.users "(5) "
+.BR selinux "(8), " sestatus "(8), " selinux_path "(3), " selinux_policy_root_path "(3), " selinux_binary_policy_path "(3), " getseuserbyname "(3), " PAM "(8), " fixfiles "(8), " selinux_mkload_policy "(3), " selinux_getpolicytype "(3), " security_policyvers "(3), " selinux_getenforcemode "(3), " seusers "(5) "
diff --git a/policycoreutils/man/ru/man5/selinux_config.5 b/policycoreutils/man/ru/man5/selinux_config.5
index 93dcc58..40039e5 100644
--- a/policycoreutils/man/ru/man5/selinux_config.5
+++ b/policycoreutils/man/ru/man5/selinux_config.5
@@ -34,8 +34,6 @@
.br
\fBSELINUXTYPE = \fIpolicy_name\fR
.br
-\fBSETLOCALDEFS = \fI0\fR | \fI1\fR
-.br
\fBREQUIREUSERS = \fI0\fR | \fI1\fR
.br
\fBAUTORELABEL = \fI0\fR | \fI1\fR
@@ -88,13 +86,6 @@
.RE
.RE
.sp
-.B SETLOCALDEFS
-.RS
-Эта запись устарела. Следует её удалить или задать для неё значение \fI0\fR.
-.sp
-Если задано значение \fI1\fR, \fBselinux_mkload_policy\fR(3) выполнит чтение логических переключателей (см. \fBbooleans\fR(5)) и пользователей (см. \fBlocal.users\fR(5)) в локальной настройке.
-.RE
-.sp
.B REQUIRESEUSERS
.RS
Эта необязательная запись позволяет сделать попытку входа неудачной, если в файле
@@ -138,7 +129,7 @@
.RE
.SH "СМОТРИТЕ ТАКЖЕ"
-.BR selinux "(8), " sestatus "(8), " selinux_path "(3), " selinux_policy_root_path "(3), " selinux_binary_policy_path "(3), " getseuserbyname "(3), " PAM "(8), " fixfiles "(8), " selinux_mkload_policy "(3), " selinux_getpolicytype "(3), " security_policyvers "(3), " selinux_getenforcemode "(3), " seusers "(5), " booleans "(5), " local.users "(5) "
+.BR selinux "(8), " sestatus "(8), " selinux_path "(3), " selinux_policy_root_path "(3), " selinux_binary_policy_path "(3), " getseuserbyname "(3), " PAM "(8), " fixfiles "(8), " selinux_mkload_policy "(3), " selinux_getpolicytype "(3), " security_policyvers "(3), " selinux_getenforcemode "(3), " seusers "(5) "
.SH АВТОРЫ
diff --git a/policycoreutils/newrole/hashtab.h b/policycoreutils/newrole/hashtab.h
index 3790f0a..ad5559b 100644
--- a/policycoreutils/newrole/hashtab.h
+++ b/policycoreutils/newrole/hashtab.h
@@ -49,7 +49,7 @@
/*
Creates a new hash table with the specified characteristics.
- Returns NULL if insufficent space is available or
+ Returns NULL if insufficient space is available or
the new hash table otherwise.
*/
extern hashtab_t hashtab_create(unsigned int (*hash_value) (hashtab_t h,
diff --git a/policycoreutils/newrole/newrole.c b/policycoreutils/newrole/newrole.c
index 077496d..e70051b 100644
--- a/policycoreutils/newrole/newrole.c
+++ b/policycoreutils/newrole/newrole.c
@@ -621,7 +621,7 @@
#ifdef NAMESPACE_PRIV
/**
* This function will set the uid values to be that of caller's uid, and
- * will drop any privilages which maybe have been raised.
+ * will drop any privilege which may have been raised.
*/
static int transition_to_caller_uid()
{
@@ -718,7 +718,7 @@
fprintf(stderr, _("Error! Could not open %s.\n"), ttyn);
return fd;
}
- /* this craziness is to make sure we cann't block on open and deadlock */
+ /* this craziness is to make sure we can't block on open and deadlock */
rc = fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) & ~O_NONBLOCK);
if (rc) {
fprintf(stderr, _("Error! Could not clear O_NONBLOCK on %s\n"), ttyn);
@@ -1053,7 +1053,7 @@
/*
* Step 0: Setup
*
- * Do some intial setup, including dropping capabilities, checking
+ * Do some initial setup, including dropping capabilities, checking
* if it makes sense to continue to run newrole, and setting up
* a scrubbed environment.
*/
diff --git a/policycoreutils/po/af.po b/policycoreutils/po/af.po
index e4a6e09..904bb73 100644
--- a/policycoreutils/po/af.po
+++ b/policycoreutils/po/af.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/aln.po b/policycoreutils/po/aln.po
index 507644c..f6174a4 100644
--- a/policycoreutils/po/aln.po
+++ b/policycoreutils/po/aln.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/am.po b/policycoreutils/po/am.po
index db49486..593c3bf 100644
--- a/policycoreutils/po/am.po
+++ b/policycoreutils/po/am.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ar.po b/policycoreutils/po/ar.po
index b03fb78..2c8b4c8 100644
--- a/policycoreutils/po/ar.po
+++ b/policycoreutils/po/ar.po
@@ -1631,7 +1631,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1657,7 +1657,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1881,7 +1881,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3730,7 +3730,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3956,7 +3956,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/as.po b/policycoreutils/po/as.po
index 4689a67..8b7155b 100644
--- a/policycoreutils/po/as.po
+++ b/policycoreutils/po/as.po
@@ -1682,7 +1682,7 @@
msgstr "<b>পৰিবৰ্তন কৰিবলে স্থায়ী ভূমিকা বাছক:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s ডমেইনলে স্থানান্তৰ হোৱা ব্যৱহাৰকাৰী ভূমিকাসমূহ বাছক।"
#: ../gui/polgen.glade:928
@@ -1710,7 +1710,7 @@
msgstr "<b>%s লে পৰিবৰ্তন হোৱা ব্যৱহাৰকাৰী ভূমিকাসমূহ বাছক (_r):</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "চিহ্নিত এপ্লিকেচন ডমেইনত ৰূপান্তৰযোগ্য ব্যৱহাৰকাৰীৰ ভূমিকা নিৰ্বাচন কৰক"
#: ../gui/polgen.glade:1056
@@ -1950,7 +1950,7 @@
msgstr "এক্সেকিউটেবল উল্লেখ কৰা আৱশ্যক"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux বিন্যাস কৰক"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4009,7 +4009,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"নাম কোনো খালি ঠাই নথকাকৈ আল্ফা নিউমাৰিক হব লাগিব। বিকল্প \"-n MODULENAME\" "
@@ -4249,7 +4249,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ast.po b/policycoreutils/po/ast.po
index 1a5bc23..84ecf57 100644
--- a/policycoreutils/po/ast.po
+++ b/policycoreutils/po/ast.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/az.po b/policycoreutils/po/az.po
index 1936f49..5819b64 100644
--- a/policycoreutils/po/az.po
+++ b/policycoreutils/po/az.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/bal.po b/policycoreutils/po/bal.po
index 31b8576..fd19eea 100644
--- a/policycoreutils/po/bal.po
+++ b/policycoreutils/po/bal.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/be.po b/policycoreutils/po/be.po
index e9c7007..ca6d42b 100644
--- a/policycoreutils/po/be.po
+++ b/policycoreutils/po/be.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/bg.po b/policycoreutils/po/bg.po
index 1e71e74..33e707d 100644
--- a/policycoreutils/po/bg.po
+++ b/policycoreutils/po/bg.po
@@ -1677,7 +1677,7 @@
msgstr "<b>Изберете съществуваща роля за промяна:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1703,7 +1703,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1940,7 +1940,7 @@
msgstr "Трябва да въведете изпълним файл"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Конфигуриране на "
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3826,7 +3826,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Името трябва да е от букви и цифри без интервали. Разгледайте ползването на "
@@ -4061,7 +4061,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/bn.po b/policycoreutils/po/bn.po
index 1db7396..ab70a07 100644
--- a/policycoreutils/po/bn.po
+++ b/policycoreutils/po/bn.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/bn_BD.po b/policycoreutils/po/bn_BD.po
index b4f0bfa..695e615 100644
--- a/policycoreutils/po/bn_BD.po
+++ b/policycoreutils/po/bn_BD.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/bn_IN.po b/policycoreutils/po/bn_IN.po
index 3d3cd0b..9909aa3 100644
--- a/policycoreutils/po/bn_IN.po
+++ b/policycoreutils/po/bn_IN.po
@@ -1675,7 +1675,7 @@
msgstr "<b>পরিবর্তনের উদ্দেশ্যে কোনো উপস্থিত ভূমিকা নির্বাচন করুন:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s ডোমেইনে স্থানান্তরের জন্য ব্যবহারকারী ভূমিকা নির্বাচন করুন।"
#: ../gui/polgen.glade:928
@@ -1701,7 +1701,7 @@
msgstr "<b>যে সমস্ত user_roles %s-এ রূপান্তরিত হবে সেগুলি নির্বাচন করুন:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
"চিহ্নিত অ্যাপ্লিকেশন ডোমেইনের মধ্যে রূপান্তরযোগ্য ব্যবহারকারীর ভূমিকা নির্বাচন করুন"
@@ -1943,7 +1943,7 @@
msgstr "এক্সেকিউটেবল উল্লেখ করা আবশ্যক"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux কনফিগার করুন"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3828,7 +3828,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"শূণ্যস্থান বিনা অক্ষর ও সংখ্যা বিশিষ্ট নাম হওয়া আবশ্যক। \"-n MODULENAME\" বিকল্পের "
@@ -4063,7 +4063,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/bo.po b/policycoreutils/po/bo.po
index 8664488..e7f79f5 100644
--- a/policycoreutils/po/bo.po
+++ b/policycoreutils/po/bo.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/br.po b/policycoreutils/po/br.po
index 5c08944..9aafc40 100644
--- a/policycoreutils/po/br.po
+++ b/policycoreutils/po/br.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/brx.po b/policycoreutils/po/brx.po
index 3d6ccd2..bb71d88 100644
--- a/policycoreutils/po/brx.po
+++ b/policycoreutils/po/brx.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/bs.po b/policycoreutils/po/bs.po
index ec4c1d3..689948c 100644
--- a/policycoreutils/po/bs.po
+++ b/policycoreutils/po/bs.po
@@ -1632,7 +1632,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1658,7 +1658,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1882,7 +1882,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3731,7 +3731,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3957,7 +3957,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ca.po b/policycoreutils/po/ca.po
index 401e16f..c1ec98b 100644
--- a/policycoreutils/po/ca.po
+++ b/policycoreutils/po/ca.po
@@ -1654,7 +1654,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1680,7 +1680,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1904,7 +1904,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3753,7 +3753,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3979,7 +3979,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/cs.po b/policycoreutils/po/cs.po
index 91d764b..75c6251 100644
--- a/policycoreutils/po/cs.po
+++ b/policycoreutils/po/cs.po
@@ -1627,7 +1627,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1653,7 +1653,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1877,7 +1877,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3726,7 +3726,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3952,7 +3952,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/cy.po b/policycoreutils/po/cy.po
index c7ff335..34b7460 100644
--- a/policycoreutils/po/cy.po
+++ b/policycoreutils/po/cy.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/da.po b/policycoreutils/po/da.po
index 402c612..e8ef6f9 100644
--- a/policycoreutils/po/da.po
+++ b/policycoreutils/po/da.po
@@ -1632,7 +1632,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1658,7 +1658,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1882,7 +1882,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3731,7 +3731,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3957,7 +3957,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/de.po b/policycoreutils/po/de.po
index f7ac23c..747719c 100644
--- a/policycoreutils/po/de.po
+++ b/policycoreutils/po/de.po
@@ -1709,7 +1709,7 @@
msgstr "<b>Wählen Sie eine vorhandene Rolle zum Bearbeiten:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "Wählen Sie die Benutzerrollen, die in die %s-Domain wechseln werden."
#: ../gui/polgen.glade:928
@@ -1737,7 +1737,7 @@
msgstr "<b>Wählen Sie die Benutzer_rollen, die nach %s wechseln werden:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
"Wählen Sie die Benutzerrollen, die in diese Anwendungsdomains wechseln "
"werden."
@@ -1986,7 +1986,7 @@
msgstr "Sie müssen eine ausführbare Datei angeben"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux konfigurieren"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4106,7 +4106,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Name muss alphanumerisch ohne Leerzeichen sein. Verwenden Sie ggf. die "
@@ -4346,7 +4346,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/dz.po b/policycoreutils/po/dz.po
index 9a6ca3d..1df09b2 100644
--- a/policycoreutils/po/dz.po
+++ b/policycoreutils/po/dz.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/el.po b/policycoreutils/po/el.po
index d9844d0..39627b4 100644
--- a/policycoreutils/po/el.po
+++ b/policycoreutils/po/el.po
@@ -1626,7 +1626,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1652,7 +1652,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1876,7 +1876,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3725,7 +3725,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3951,7 +3951,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/en_GB.po b/policycoreutils/po/en_GB.po
index b7312f5..34c7352 100644
--- a/policycoreutils/po/en_GB.po
+++ b/policycoreutils/po/en_GB.po
@@ -1630,7 +1630,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1656,7 +1656,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1880,7 +1880,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3729,7 +3729,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3955,7 +3955,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/eo.po b/policycoreutils/po/eo.po
index 5370565..8855298 100644
--- a/policycoreutils/po/eo.po
+++ b/policycoreutils/po/eo.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/es.po b/policycoreutils/po/es.po
index 1bf427a..0321281 100644
--- a/policycoreutils/po/es.po
+++ b/policycoreutils/po/es.po
@@ -1703,7 +1703,7 @@
msgstr "<b>Elija la función existente a modificar:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
"Elija los roles de usuario que harán la transición hacia el dominio %s."
@@ -1732,7 +1732,7 @@
msgstr "<b>Elija las funciones de usuario que harán la transición a %s:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
"Elija las funciones de usuario que harán la transición a estos dominios de "
"aplicaciones."
@@ -1976,7 +1976,7 @@
msgstr "Debe ingresar un ejecutable"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Configurar SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4050,7 +4050,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"El nombre deber ser de tipo alfanumérico y sin espacios. Considere utilizar "
@@ -4288,7 +4288,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/es_MX.po b/policycoreutils/po/es_MX.po
index 1e3e7b2..8d9fc09 100644
--- a/policycoreutils/po/es_MX.po
+++ b/policycoreutils/po/es_MX.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/et.po b/policycoreutils/po/et.po
index a89b95f..605247b 100644
--- a/policycoreutils/po/et.po
+++ b/policycoreutils/po/et.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/eu.po b/policycoreutils/po/eu.po
index bde9697..d6ee3d1 100644
--- a/policycoreutils/po/eu.po
+++ b/policycoreutils/po/eu.po
@@ -1626,7 +1626,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1652,7 +1652,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1876,7 +1876,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Konfiguratu SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3725,7 +3725,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3953,7 +3953,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/fa.po b/policycoreutils/po/fa.po
index 7d33e83..778aa61 100644
--- a/policycoreutils/po/fa.po
+++ b/policycoreutils/po/fa.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/fi.po b/policycoreutils/po/fi.po
index 93a94e9..8bb1012 100644
--- a/policycoreutils/po/fi.po
+++ b/policycoreutils/po/fi.po
@@ -1638,7 +1638,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1664,7 +1664,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1888,7 +1888,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3737,7 +3737,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3964,7 +3964,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/fr.po b/policycoreutils/po/fr.po
index 5c797c9..0867545 100644
--- a/policycoreutils/po/fr.po
+++ b/policycoreutils/po/fr.po
@@ -1712,7 +1712,7 @@
msgstr "<b>Sélectionner le rôle existant à modifier :</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
"Sélectionnez les rôles utilisateur qui transitionneront vers le domaine %s."
@@ -1742,7 +1742,7 @@
"<b>Sélectionnez les rôle utilisateur qui transitionneront vers %s :</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
"Sélectionnez les rôles utilisateur qui transitionneront verss ce domaine "
"applicatif."
@@ -1993,7 +1993,7 @@
msgstr "Vous devez entrer un exécutable"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Configurer SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4147,7 +4147,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Le nom doit être alphanumérique sans espaces. Pensez à utiliser l'option « -"
@@ -4386,7 +4386,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ga.po b/policycoreutils/po/ga.po
index 683287b..48fc2c1 100644
--- a/policycoreutils/po/ga.po
+++ b/policycoreutils/po/ga.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/gl.po b/policycoreutils/po/gl.po
index 15fbe4a..c0165f1 100644
--- a/policycoreutils/po/gl.po
+++ b/policycoreutils/po/gl.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/gu.po b/policycoreutils/po/gu.po
index bf08113..6400b8c 100644
--- a/policycoreutils/po/gu.po
+++ b/policycoreutils/po/gu.po
@@ -1670,7 +1670,7 @@
msgstr "<b>બદલવા માટે હાલની ભૂમિકાને પસંદ કરો:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "વપરાશકર્તા ભૂમિકાને પસંદ કરો કે જે %s ડોમેઇનમાં પરિવહન કરશે."
#: ../gui/polgen.glade:928
@@ -1698,7 +1698,7 @@
msgstr "<b>વપરાશકર્તા ભૂમિકાઓ પસંદ કરો કે જે %s માં પરિવહન કરશે: (_r)</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "વપરાશકર્તા ભૂમિકાઓ પસંદ કરો કે જે કાર્યક્રમ ડોમેઈનોમાં પરિવહન કરશે."
#: ../gui/polgen.glade:1056
@@ -1936,7 +1936,7 @@
msgstr "તમારે એક્ઝેક્યુટેબલ દાખલ કરવી જ પડશે"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux રૂપરેખાંકિત કરો"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3965,7 +3965,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"નામ ખાલી જગ્યા વગરનું આલ્ફા ન્યૂમેરીક હોવુ જ જોઇએ. વિકલ્પ \"-n MODULENAME\" ને વાપરવાનું "
@@ -4205,7 +4205,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/he.po b/policycoreutils/po/he.po
index 9e3af00..b34f259 100644
--- a/policycoreutils/po/he.po
+++ b/policycoreutils/po/he.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/hi.po b/policycoreutils/po/hi.po
index 34a5224..0c4bf3c 100644
--- a/policycoreutils/po/hi.po
+++ b/policycoreutils/po/hi.po
@@ -1663,7 +1663,7 @@
msgstr "<b>बदलने के लिए मौजूदा भूमिका चुनें:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "उन उपयोक्ता भूमिकाओं को चुनें जो %s डोमेन में संक्रमित किया जाएगा"
#: ../gui/polgen.glade:928
@@ -1691,7 +1691,7 @@
msgstr "<b>उन उपयोक्ता_भूमिका को चुनें जो %s में संक्रमित किया जाएगा:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "उपयोक्ता भूमिका चुनें जो कि इस अनुप्रयोग डोमेन में संक्रमित करेगा."
#: ../gui/polgen.glade:1056
@@ -1931,7 +1931,7 @@
msgstr "आप जरूर एक एक्सक्यूटेबल दें"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux विन्यस्त करें"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"नाम को वर्णांकिक होना चाहिए बिना किसी स्थान के. option \"-n MODULENAME\" का "
@@ -4186,7 +4186,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/hr.po b/policycoreutils/po/hr.po
index 9e7db25..d198e91 100644
--- a/policycoreutils/po/hr.po
+++ b/policycoreutils/po/hr.po
@@ -1631,7 +1631,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1657,7 +1657,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1881,7 +1881,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3730,7 +3730,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3956,7 +3956,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/hu.po b/policycoreutils/po/hu.po
index e358401..9b1c56e 100644
--- a/policycoreutils/po/hu.po
+++ b/policycoreutils/po/hu.po
@@ -1693,7 +1693,7 @@
msgstr "<b>Válasszon létező szerepkört a módosításhoz:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
"Válassza ki a felhasználói szerepköröket amik átmenetet képeznek ehhez a "
"területhez: %s."
@@ -1724,7 +1724,7 @@
"<b>Válasszon felhasználói sze_repeket amik átmenetet képeznek ehhez %s:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
"Válasszon felhasználói szerepköröket amik átmenetet képeznek ehhez az "
"alkalmazás területhez."
@@ -1974,7 +1974,7 @@
msgstr "Meg kell adnia egy végrehajtható állományt"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux beállítása"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4240,7 +4240,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"A névnek alfanumerikusnak kell lennie szóközök nélkül. Vagy alkalmazza az \"-"
@@ -4481,7 +4481,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/hy.po b/policycoreutils/po/hy.po
index 0bc535d..29faeb7 100644
--- a/policycoreutils/po/hy.po
+++ b/policycoreutils/po/hy.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ia.po b/policycoreutils/po/ia.po
index ca47314..a6bd42e 100644
--- a/policycoreutils/po/ia.po
+++ b/policycoreutils/po/ia.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/id.po b/policycoreutils/po/id.po
index 8bd451c..a569be2 100644
--- a/policycoreutils/po/id.po
+++ b/policycoreutils/po/id.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ilo.po b/policycoreutils/po/ilo.po
index 07c416a..9265100 100644
--- a/policycoreutils/po/ilo.po
+++ b/policycoreutils/po/ilo.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/is.po b/policycoreutils/po/is.po
index 0ded88a..dacee22 100644
--- a/policycoreutils/po/is.po
+++ b/policycoreutils/po/is.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/it.po b/policycoreutils/po/it.po
index 0ec9bff..d7ab4a1 100644
--- a/policycoreutils/po/it.po
+++ b/policycoreutils/po/it.po
@@ -1679,7 +1679,7 @@
msgstr "<b>Selezionare una regola esistente da modificare:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "Selezionare le regole utente che transiteranno verso il dominio %s."
#: ../gui/polgen.glade:928
@@ -1707,7 +1707,7 @@
msgstr "<b>Selezionare user_roles che transiterà verso %s:</b> "
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1946,7 +1946,7 @@
msgstr "Inserire un'eseguibile"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Configurare SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3986,7 +3986,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Il nome deve essere alfanumerico senza spazi. Considerare l'utilizzo "
@@ -4225,7 +4225,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ja.po b/policycoreutils/po/ja.po
index b9487c1..19cf603 100644
--- a/policycoreutils/po/ja.po
+++ b/policycoreutils/po/ja.po
@@ -1692,7 +1692,7 @@
msgstr "<b>修正する既存のロールを選択:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s ドメインに移行するユーザーロールを選択します。"
#: ../gui/polgen.glade:928
@@ -1720,7 +1720,7 @@
msgstr "<b>%s に移行するユーザーロールの選択 (_R):</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "このアプリケーションドメインに移行するユーザーロールを選択します"
#: ../gui/polgen.glade:1056
@@ -1960,7 +1960,7 @@
msgstr "実行ファイルを記入する必要があります"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux の設定"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4098,7 +4098,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"名前は空白の無い英数字でなければなりません。オプション \"-n モジュール名\" の"
@@ -4338,7 +4338,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ka.po b/policycoreutils/po/ka.po
index b6e3ffd..fa51697 100644
--- a/policycoreutils/po/ka.po
+++ b/policycoreutils/po/ka.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/kk.po b/policycoreutils/po/kk.po
index 1eabf04..32eebf6 100644
--- a/policycoreutils/po/kk.po
+++ b/policycoreutils/po/kk.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/km.po b/policycoreutils/po/km.po
index e91ea5c..9fcc685 100644
--- a/policycoreutils/po/km.po
+++ b/policycoreutils/po/km.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/kn.po b/policycoreutils/po/kn.po
index a528c7e..e1a426a 100644
--- a/policycoreutils/po/kn.po
+++ b/policycoreutils/po/kn.po
@@ -1680,7 +1680,7 @@
msgstr "<b>ಮಾರ್ಪಡಿಸಲು ಈಗಿರುವ ಪಾತ್ರವನ್ನು ಆರಿಸಿ:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s ಡೊಮೈನ್ಗೆ ಪರಿವರ್ತಿತಗೊಳ್ಳುವ ಬಳಕೆದಾರ ಪಾತ್ರಗಳನ್ನು ಆರಿಸಿ."
#: ../gui/polgen.glade:928
@@ -1708,7 +1708,7 @@
msgstr "<b>%s ಗೆ ಪರಿವರ್ತಿತಗೊಳ್ಳುವ ಬಳಕೆದಾರ_ಪಾತ್ರಗಳನ್ನು ಆರಿಸಿ:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "ಈ ಅನ್ವಯ ಡೊಮೈನ್ಗಳಿಗೆ ಪರಿವರ್ತಿತಗೊಳ್ಳುವ ಬಳಕೆದಾರ ಪಾತ್ರಗಳನ್ನು ಆರಿಸಿ."
#: ../gui/polgen.glade:1056
@@ -1951,7 +1951,7 @@
msgstr "ನೀವು ಒಂದು ಕಾರ್ಯಗೊಳಿಸಬಹುದಾದ್ದನ್ನು ನಮೂದಿಸಬೇಕು"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux ಅನ್ನು ಸಂರಚಿಸು"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4060,7 +4060,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"ಹೆಸರು ವರ್ಣಮಾಲೆ ಮತ್ತು ಅಂಕೆ ಎರಡನ್ನೂ ಹೊಂದಿರಬೇಕು ಹಾಗು ಖಾಲಿ ಜಾಗಗಳಿರಬಾರದು. \"-n "
@@ -4301,7 +4301,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ko.po b/policycoreutils/po/ko.po
index 49c34e5..9e00978 100644
--- a/policycoreutils/po/ko.po
+++ b/policycoreutils/po/ko.po
@@ -1669,7 +1669,7 @@
msgstr "<b>수정할 기존 역할 선택:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s 도메인으로 전환할 사용자 역할을 선택합니다."
#: ../gui/polgen.glade:928
@@ -1697,7 +1697,7 @@
msgstr "<b>%s로 전환할 사용자 역할을 선택(_R):</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "이 애플리케이션 도메인으로 전환할 사용자 역할을 선택합니다."
#: ../gui/polgen.glade:1056
@@ -1935,7 +1935,7 @@
msgstr "실행 파일을 입력해야 합니다"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux 설정 "
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4018,7 +4018,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"이름은 공백이 없는 영문 숫자로 구성되어야 합니다. \"-n MODULENAME\" 옵션의 사"
@@ -4255,7 +4255,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ks.po b/policycoreutils/po/ks.po
index 59c9404..0e2cbb9 100644
--- a/policycoreutils/po/ks.po
+++ b/policycoreutils/po/ks.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ku.po b/policycoreutils/po/ku.po
index 9d9f1df..ee99d9f 100644
--- a/policycoreutils/po/ku.po
+++ b/policycoreutils/po/ku.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ky.po b/policycoreutils/po/ky.po
index c5fdd2f..925ea8a 100644
--- a/policycoreutils/po/ky.po
+++ b/policycoreutils/po/ky.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/la.po b/policycoreutils/po/la.po
index dc61a42..92a3213 100644
--- a/policycoreutils/po/la.po
+++ b/policycoreutils/po/la.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/lo.po b/policycoreutils/po/lo.po
index 91003c8..fa05b70 100644
--- a/policycoreutils/po/lo.po
+++ b/policycoreutils/po/lo.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/lt.po b/policycoreutils/po/lt.po
index c811075..1d77779 100644
--- a/policycoreutils/po/lt.po
+++ b/policycoreutils/po/lt.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/lt_LT.po b/policycoreutils/po/lt_LT.po
index 3eebb68..3f69e40 100644
--- a/policycoreutils/po/lt_LT.po
+++ b/policycoreutils/po/lt_LT.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/lv.po b/policycoreutils/po/lv.po
index 6bb48a3..c7e1b45 100644
--- a/policycoreutils/po/lv.po
+++ b/policycoreutils/po/lv.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/lv_LV.po b/policycoreutils/po/lv_LV.po
index e5c3799..5b2afd2 100644
--- a/policycoreutils/po/lv_LV.po
+++ b/policycoreutils/po/lv_LV.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/mai.po b/policycoreutils/po/mai.po
index 63e9b9a..d137fe3 100644
--- a/policycoreutils/po/mai.po
+++ b/policycoreutils/po/mai.po
@@ -1627,7 +1627,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1653,7 +1653,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1877,7 +1877,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3726,7 +3726,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3952,7 +3952,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/mg.po b/policycoreutils/po/mg.po
index 4192aec..45b508a 100644
--- a/policycoreutils/po/mg.po
+++ b/policycoreutils/po/mg.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/mk.po b/policycoreutils/po/mk.po
index 9e58dcd..fe6e114 100644
--- a/policycoreutils/po/mk.po
+++ b/policycoreutils/po/mk.po
@@ -1638,7 +1638,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1664,7 +1664,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1888,7 +1888,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3737,7 +3737,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3963,7 +3963,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ml.po b/policycoreutils/po/ml.po
index dc07ee8..e1b1270 100644
--- a/policycoreutils/po/ml.po
+++ b/policycoreutils/po/ml.po
@@ -1664,7 +1664,7 @@
msgstr "<b>മാറ്റം വരുത്തുന്നതിനായി നിലവിലുള്ളൊരു നിയമനം തെരഞ്ഞെടുക്കുക:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s ഡൊമെയിനിലേക്ക് ഉപയോക്താവിന്റെ ഏതെല്ലാം ജോലികള് മാറുന്നു എന്നു് തെരഞ്ഞെടുക്കുക."
#: ../gui/polgen.glade:928
@@ -1692,7 +1692,7 @@
msgstr "<b>%s മാറുന്ന ഉപയോക്താവിന്റെ നിയമനങ്ങള് തെരഞ്ഞെടുക്കുക.:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
"ഉപയോക്താവ് ഏത് ജോലികളില് നിന്നും ഈ പ്രയോഗങ്ങളുടെ ഡൊമെയിനുകളിലേക്ക് മാറുന്നു എന്ന് തിരഞ്ഞെടുക്കുക"
@@ -1933,7 +1933,7 @@
msgstr "പ്രവര്ത്തനത്തിലുള്ളത് പറഞ്ഞിരിക്കണം"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux ക്രമികരിക്കുക"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4025,7 +4025,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"പേരില് സ്പെയിസുകളില്ലാതെ ആല്ഫാ ന്യൂമെറിക് അക്ഷരങ്ങള് നല്കുക. \"-n MODULENAME\" ഐച്ഛികം "
@@ -4265,7 +4265,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/mn.po b/policycoreutils/po/mn.po
index 9d1342b..7040ba4 100644
--- a/policycoreutils/po/mn.po
+++ b/policycoreutils/po/mn.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/mr.po b/policycoreutils/po/mr.po
index cfc3b88..fe3758d 100644
--- a/policycoreutils/po/mr.po
+++ b/policycoreutils/po/mr.po
@@ -1668,7 +1668,7 @@
msgstr "<b>संपादनकरीता अस्तित्वातील भूमिका पसंत करा:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s डोमेनकरीता स्थानांतर करण्याजोगी वापरकर्ता भूमिकाची नीवड करा."
#: ../gui/polgen.glade:928
@@ -1696,7 +1696,7 @@
msgstr "<b>%s करीता स्थानांतरनजोगी user_roles ची नीवड करा:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "या ॲप्लिकेशन डोमेनकरीता स्थानांतरन करण्याजोगी वापरकर्ता भूमिका निवडा."
#: ../gui/polgen.glade:1056
@@ -1936,7 +1936,7 @@
msgstr "एक्जीक्यूटेबल देणे आवश्यक"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux संरचीत करा"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3968,7 +3968,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"विना मोकळी जागा नाव अल्फा न्युमेरिक असायला पाहिजे. पर्याय \"-n MODULENAME\" याचा "
@@ -4208,7 +4208,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ms.po b/policycoreutils/po/ms.po
index 4b2f210..7de7fa0 100644
--- a/policycoreutils/po/ms.po
+++ b/policycoreutils/po/ms.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/my.po b/policycoreutils/po/my.po
index 37eb16a..2fd7f75 100644
--- a/policycoreutils/po/my.po
+++ b/policycoreutils/po/my.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/nb.po b/policycoreutils/po/nb.po
index 410a43e..f78a07b 100644
--- a/policycoreutils/po/nb.po
+++ b/policycoreutils/po/nb.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/nds.po b/policycoreutils/po/nds.po
index 1a1547c..e131dcc 100644
--- a/policycoreutils/po/nds.po
+++ b/policycoreutils/po/nds.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ne.po b/policycoreutils/po/ne.po
index c74d665..b0a1fda 100644
--- a/policycoreutils/po/ne.po
+++ b/policycoreutils/po/ne.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/nl.po b/policycoreutils/po/nl.po
index 3d3b111..cb51b7c 100644
--- a/policycoreutils/po/nl.po
+++ b/policycoreutils/po/nl.po
@@ -1641,7 +1641,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1667,7 +1667,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1891,7 +1891,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3740,7 +3740,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3966,7 +3966,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/nn.po b/policycoreutils/po/nn.po
index e89e353..dea0002 100644
--- a/policycoreutils/po/nn.po
+++ b/policycoreutils/po/nn.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/nso.po b/policycoreutils/po/nso.po
index 5684f24..b7ceef6 100644
--- a/policycoreutils/po/nso.po
+++ b/policycoreutils/po/nso.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/or.po b/policycoreutils/po/or.po
index 3f3e921..01e8ac7 100644
--- a/policycoreutils/po/or.po
+++ b/policycoreutils/po/or.po
@@ -1668,7 +1668,7 @@
msgstr "<b>ପରିବର୍ତ୍ତନ କରିବା ପାଇଁ ସ୍ଥିତବାନ ଭୂମିକା ବାଛନ୍ତୁ:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "ଚାଳକ ଭୂମିକାଗୁଡିକୁ ଚୟନ କରନ୍ତୁ ଯିଏ %s ପରିସରକୁ ସକର୍ମ କରିବ।"
#: ../gui/polgen.glade:928
@@ -1696,7 +1696,7 @@
msgstr "<b>%s କୁ ପରିବର୍ତ୍ତିତ ହେବାକୁ ଥିବା ଚାଳକ ଭୂମିକା ବାଛନ୍ତୁ (_r):</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "ଚାଳକ ଭୂମିକା ଗୁଡିକୁ ଚୟନ କରନ୍ତୁ ଯିଏ ଏହି ପ୍ରୟୋଗ ପରିସରଗୁଡିକୁ ସକର୍ମ କରିବ।"
#: ../gui/polgen.glade:1056
@@ -1936,7 +1936,7 @@
msgstr "ଆପଣ ଗୋଟିଏ ନିଷ୍ପାଦ୍ୟ ଭରଣ କରିବା ଉଚିତ"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux ବିନ୍ୟାସ କରନ୍ତୁ"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3970,7 +3970,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"ନାମଟି ନିଶ୍ଚିତ ଭାବରେ ଖାଲିସ୍ଥାନ ନଥିବା ଏବଂ ସାଂକ୍ଷରିକ ହୋଇଥିବା ଉଚିତ। \"-n MODULENAME\" "
@@ -4210,7 +4210,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/pa.po b/policycoreutils/po/pa.po
index 845642e..9635cb6 100644
--- a/policycoreutils/po/pa.po
+++ b/policycoreutils/po/pa.po
@@ -1658,7 +1658,7 @@
msgstr "<b>ਤਬਦੀਲ ਕਰਨ ਲਈ ਮੌਜੀਦਾ ਰੋਲ ਚੁਣੋ:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "ਯੂਜ਼ਰ ਰੋਲ ਚੁਣੋ ਜੋ %s ਡੋਮੇਨ ਵਿੱਚ ਤਬਦੀਲ ਹੋਵੇਗਾ।"
#: ../gui/polgen.glade:928
@@ -1686,7 +1686,7 @@
msgstr "<b>user_roles ਚੁਣੋ ਜੋ %s ਵਿੱਚ ਤਬਦੀਲ ਹੋਵੇਗਾ:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "ਉਪਭੋਗੀ ਰੋਲ ਚੁਣੋ ਜੋ ਇਸ ਕਾਰਜ ਡੋਮੇਨਾਂ ਵਿੱਚ ਤਬਦੀਲ ਹੋਵੇਗਾ।"
#: ../gui/polgen.glade:1056
@@ -1926,7 +1926,7 @@
msgstr "ਤੁਹਾਨੂੰ ਇੱਕ ਐਗਜ਼ੀਕਿਊਟੇਬਲ ਦੇਣਾ ਚਾਹੀਦਾ ਹੈ"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux ਸੰਰਚਨਾ"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3925,7 +3925,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr "ਨਾਂ ਅਲਫਾ ਨੁਮੈਰਿਕ ਹੋਣਾ ਜਰੂਰੀ ਹੈ। ਚੋਣ \"-n MODULENAME\" ਦੀ ਵਰਤੋਂ ਕਰੋ"
@@ -4163,7 +4163,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/pl.po b/policycoreutils/po/pl.po
index 6764d70..193af55 100644
--- a/policycoreutils/po/pl.po
+++ b/policycoreutils/po/pl.po
@@ -1678,7 +1678,7 @@
msgstr "<b>Wybór istniejącej roli do zmodyfikowania:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "Wybór roli użytkownika, które przemienić do domeny %s."
#: ../gui/polgen.glade:928
@@ -1706,7 +1706,7 @@
msgstr "<b>Wybór ról użytkownika, do których przemienić %s:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "Wybór ról użytkownika, które przemienić do tych domen aplikacji."
#: ../gui/polgen.glade:1056
@@ -1947,7 +1947,7 @@
msgstr "Należy podać plik wykonywalny"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Skonfiguruj SELinuksa"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4010,7 +4010,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Nazwa musi być alfanumeryczna bez spacji. Proszę rozważyć użycie opcji \"-n "
@@ -4245,7 +4245,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/policycoreutils.pot b/policycoreutils/po/policycoreutils.pot
index be2f1eb..18fcdcc 100644
--- a/policycoreutils/po/policycoreutils.pot
+++ b/policycoreutils/po/policycoreutils.pot
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/pt.po b/policycoreutils/po/pt.po
index b969142..6a74f34 100644
--- a/policycoreutils/po/pt.po
+++ b/policycoreutils/po/pt.po
@@ -1653,7 +1653,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1679,7 +1679,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1903,7 +1903,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3752,7 +3752,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3978,7 +3978,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/pt_BR.po b/policycoreutils/po/pt_BR.po
index bea6ff5..9c2771b 100644
--- a/policycoreutils/po/pt_BR.po
+++ b/policycoreutils/po/pt_BR.po
@@ -1695,7 +1695,7 @@
msgstr "<b>Selecione função existente para modificar:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "Selecionar as funções de usuário que transitarão para o domínio %s."
#: ../gui/polgen.glade:928
@@ -1721,7 +1721,7 @@
msgstr "<b>Selecione user_roles que transitarão para %s</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
"Selecionar funções de usuários que transitarão para estes domínios de "
"aplicativos."
@@ -1957,7 +1957,7 @@
msgstr "Você deve inserir um executável"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Configurar SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3972,7 +3972,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"O nome deve ser alfa numérico sem espaços. Considere o uso da opção \"-n "
@@ -4208,7 +4208,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ro.po b/policycoreutils/po/ro.po
index ffee45d..6ea8b3a 100644
--- a/policycoreutils/po/ro.po
+++ b/policycoreutils/po/ro.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ru.po b/policycoreutils/po/ru.po
index 96987b6..afa0b0d 100644
--- a/policycoreutils/po/ru.po
+++ b/policycoreutils/po/ru.po
@@ -1676,7 +1676,7 @@
msgstr "<b>Выберите роль для изменения:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "Выберите роли для переноса в домен %s."
#: ../gui/polgen.glade:928
@@ -1704,7 +1704,7 @@
msgstr "<b>Выберите роли, которые будут перенесены в %s:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "Выберите роли, которые будут перенесены в программные домены."
#: ../gui/polgen.glade:1056
@@ -1943,7 +1943,7 @@
msgstr "Необходимо указать исполняемый файл"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Настроить SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4023,7 +4023,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Имя может содержать буквы и цифры без пробелов. Рекомендуется использовать "
@@ -4263,7 +4263,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/si.po b/policycoreutils/po/si.po
index 34a766f..0b82f24 100644
--- a/policycoreutils/po/si.po
+++ b/policycoreutils/po/si.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/si_LK.po b/policycoreutils/po/si_LK.po
index 2890914..ea6721f 100644
--- a/policycoreutils/po/si_LK.po
+++ b/policycoreutils/po/si_LK.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/sk.po b/policycoreutils/po/sk.po
index 9888086..3ffa737 100644
--- a/policycoreutils/po/sk.po
+++ b/policycoreutils/po/sk.po
@@ -1627,7 +1627,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1653,7 +1653,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1877,7 +1877,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3726,7 +3726,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3952,7 +3952,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/sl.po b/policycoreutils/po/sl.po
index 31807dd..cc83cb2 100644
--- a/policycoreutils/po/sl.po
+++ b/policycoreutils/po/sl.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/sq.po b/policycoreutils/po/sq.po
index 21c15f0..d5f9ea9 100644
--- a/policycoreutils/po/sq.po
+++ b/policycoreutils/po/sq.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/sr.po b/policycoreutils/po/sr.po
index b7d900e..2eac72c 100644
--- a/policycoreutils/po/sr.po
+++ b/policycoreutils/po/sr.po
@@ -1634,7 +1634,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1660,7 +1660,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1884,7 +1884,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3733,7 +3733,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3959,7 +3959,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/sr@latin.po b/policycoreutils/po/sr@latin.po
index 93b28d4..9417e54 100644
--- a/policycoreutils/po/sr@latin.po
+++ b/policycoreutils/po/sr@latin.po
@@ -1635,7 +1635,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1661,7 +1661,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1885,7 +1885,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3734,7 +3734,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3960,7 +3960,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/sv.po b/policycoreutils/po/sv.po
index fddabf4..4486700 100644
--- a/policycoreutils/po/sv.po
+++ b/policycoreutils/po/sv.po
@@ -1673,7 +1673,7 @@
msgstr "<b>Välj en befintlig roll att ändra:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "Välj användarrollerna som skall övergå till domänen %s."
#: ../gui/polgen.glade:928
@@ -1701,7 +1701,7 @@
msgstr "<b>Välj användarrollerna som skall övergå till domänen %s:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "Välj användarrollerna som kan övergå till detta programs domäner."
#: ../gui/polgen.glade:1056
@@ -1940,7 +1940,7 @@
msgstr "Du måste ange ett körbart program"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Konfigurera SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4006,7 +4006,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Namn måste vara alfanumeriska utan blanktecken. Överväg att använda flagga "
@@ -4245,7 +4245,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ta.po b/policycoreutils/po/ta.po
index 9f91a5c..e551f03 100644
--- a/policycoreutils/po/ta.po
+++ b/policycoreutils/po/ta.po
@@ -1673,7 +1673,7 @@
msgstr "<b>முன்பே உள்ள பங்குகளில் மாற்றம் செய்ய வேண்டியவற்றைத் தேர்ந்தெடுக்கவும்:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s டொமைனுக்கு நிலைமாறும் பயனர் பங்குகளைத் தேர்ந்தெடுக்கவும்."
#: ../gui/polgen.glade:928
@@ -1701,7 +1701,7 @@
msgstr "<b>%s க்கு நிலைமாறும் user_roles ஐத் தேர்ந்தெடுக்கவும்:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "இந்த பயன்பாடுகளின் செயற்களங்களுக்கு மற்றொன்றுக்கு மாறாத பயனர் பங்குகளை தேர்ந்தெடு."
#: ../gui/polgen.glade:1056
@@ -1941,7 +1941,7 @@
msgstr "ஒரு இயக்கத்தக்கதை உள்ளிட வேண்டும்"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinuxஐ அமைவாக்கம் செய்யவும்"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4038,7 +4038,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"பெயரில் இடைவெளி இருக்கக்கூடாது, எண்களும் எழுத்துகளும் இருக்க வேண்டும். \"-n MODULENAME"
@@ -4278,7 +4278,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/te.po b/policycoreutils/po/te.po
index 91321c3..f22ead1 100644
--- a/policycoreutils/po/te.po
+++ b/policycoreutils/po/te.po
@@ -1658,7 +1658,7 @@
msgstr "<b>సవరించుటకు వున్న పాత్రను యెంపికచేయి:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "%s డొమైన్కు బదిలీ అగు వాడుకరి పాత్రలను యెంపికచేయి."
#: ../gui/polgen.glade:928
@@ -1686,7 +1686,7 @@
msgstr "<b>%s కు బదీలీ అయ్యే వాడుకరి-పాత్రలు యెంపికచేయి:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "ఈ అనువర్తనాల డొమైన్స్కు బదిలీకరించబోవు వినియోగదారి దస్త్రాలను ఎంపికచేయుము"
#: ../gui/polgen.glade:1056
@@ -1924,7 +1924,7 @@
msgstr "మీరు తప్పక ఒక నిర్వర్తినిని ప్రవేశపెట్టవలెను"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "SELinux ను ఆకృతీకరించుము"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3907,7 +3907,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr "పేరు ఖాళీలు లేకుండా అల్ఫాన్యూమరిక్ అయివుండాలి. \"-n MODULENAME\" ఐచ్చికం వుపయోగించుము."
@@ -4142,7 +4142,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/tg.po b/policycoreutils/po/tg.po
index c67e7eb..8075acd 100644
--- a/policycoreutils/po/tg.po
+++ b/policycoreutils/po/tg.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/th.po b/policycoreutils/po/th.po
index faa7475..b23787a 100644
--- a/policycoreutils/po/th.po
+++ b/policycoreutils/po/th.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/tl.po b/policycoreutils/po/tl.po
index 3332653..b045a2b 100644
--- a/policycoreutils/po/tl.po
+++ b/policycoreutils/po/tl.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/tr.po b/policycoreutils/po/tr.po
index 269e42c..e814ab3 100644
--- a/policycoreutils/po/tr.po
+++ b/policycoreutils/po/tr.po
@@ -1624,7 +1624,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1650,7 +1650,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1874,7 +1874,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3723,7 +3723,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3949,7 +3949,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/uk.po b/policycoreutils/po/uk.po
index 2938d05..77ebdc0 100644
--- a/policycoreutils/po/uk.po
+++ b/policycoreutils/po/uk.po
@@ -1675,7 +1675,7 @@
msgstr "<b>Виберіть вже створену роль для внесення змін:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "Виберіть ролі користувача, які переводитимуть до домену %s."
#: ../gui/polgen.glade:928
@@ -1703,7 +1703,7 @@
msgstr "<b>Виберіть user_roles які переводитимуть до %s:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "Виберіть ролі користувачів, які слід перенести у домени програм."
#: ../gui/polgen.glade:1056
@@ -1944,7 +1944,7 @@
msgstr "Слід вказати виконуваний файл"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "Налаштовування SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -4138,7 +4138,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
"Назва має складатися з літер і цифр, без пробілів. Вам варто скористатися "
@@ -4378,7 +4378,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/ur.po b/policycoreutils/po/ur.po
index 0ede3e6..c3b77f2 100644
--- a/policycoreutils/po/ur.po
+++ b/policycoreutils/po/ur.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/vi.po b/policycoreutils/po/vi.po
index fa87a1d..b999ad0 100644
--- a/policycoreutils/po/vi.po
+++ b/policycoreutils/po/vi.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/vi_VN.po b/policycoreutils/po/vi_VN.po
index c444825..ef0280c 100644
--- a/policycoreutils/po/vi_VN.po
+++ b/policycoreutils/po/vi_VN.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/wo.po b/policycoreutils/po/wo.po
index 8713a24..4ec507c 100644
--- a/policycoreutils/po/wo.po
+++ b/policycoreutils/po/wo.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/xh.po b/policycoreutils/po/xh.po
index e199788..90eae45 100644
--- a/policycoreutils/po/xh.po
+++ b/policycoreutils/po/xh.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/zh_CN.GB2312.po b/policycoreutils/po/zh_CN.GB2312.po
index f56bae3..b2cceed 100644
--- a/policycoreutils/po/zh_CN.GB2312.po
+++ b/policycoreutils/po/zh_CN.GB2312.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/zh_CN.po b/policycoreutils/po/zh_CN.po
index 03946d3..297af9a 100644
--- a/policycoreutils/po/zh_CN.po
+++ b/policycoreutils/po/zh_CN.po
@@ -1644,7 +1644,7 @@
msgstr "<b>选择现有角色进行修改:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "选择要转换到 %s 域的用户角色。"
#: ../gui/polgen.glade:928
@@ -1672,7 +1672,7 @@
msgstr "<b>选择要转换成 %s 的 user_roles:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "选择要转换成这个程序域的用户角色。"
#: ../gui/polgen.glade:1056
@@ -1900,7 +1900,7 @@
msgstr "您必须输入 executable"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "配置 SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3824,7 +3824,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr "名称必须是数字字母组合,且没有空格。请考虑使用选项 \"-n MODULENAME\"。"
@@ -4057,7 +4057,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/zh_HK.po b/policycoreutils/po/zh_HK.po
index dc7dae8..440dbde 100644
--- a/policycoreutils/po/zh_HK.po
+++ b/policycoreutils/po/zh_HK.po
@@ -1622,7 +1622,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1648,7 +1648,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1872,7 +1872,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3721,7 +3721,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3947,7 +3947,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/zh_TW.Big5.po b/policycoreutils/po/zh_TW.Big5.po
index afc86a8..047f973 100644
--- a/policycoreutils/po/zh_TW.Big5.po
+++ b/policycoreutils/po/zh_TW.Big5.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/zh_TW.po b/policycoreutils/po/zh_TW.po
index 9f84d79..ea5620f 100644
--- a/policycoreutils/po/zh_TW.po
+++ b/policycoreutils/po/zh_TW.po
@@ -1654,7 +1654,7 @@
msgstr "<b>選擇欲修改的既有角色:</b>"
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr "選擇將會轉換至 %s 區域的使用者角色。"
#: ../gui/polgen.glade:928
@@ -1682,7 +1682,7 @@
msgstr "<b>選擇將會轉換至 %s 的 user_roles:</b>"
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr "選擇將會轉換至此應用程式區域的使用者角色。"
#: ../gui/polgen.glade:1056
@@ -1916,7 +1916,7 @@
msgstr "您必須輸入一個可執行檔"
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr "配置 SELinux"
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3854,7 +3854,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr "名稱必須是字母數字,並且不包含空格。請考慮使用 \"-n MODULENAME\" 選項"
@@ -4089,7 +4089,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/po/zu.po b/policycoreutils/po/zu.po
index b306041..06cab62 100644
--- a/policycoreutils/po/zu.po
+++ b/policycoreutils/po/zu.po
@@ -1623,7 +1623,7 @@
msgstr ""
#: ../gui/polgen.glade:908
-msgid "Select the user roles that will transiton to the %s domain."
+msgid "Select the user roles that will transition to the %s domain."
msgstr ""
#: ../gui/polgen.glade:928
@@ -1649,7 +1649,7 @@
msgstr ""
#: ../gui/polgen.glade:1019
-msgid "Select the user roles that will transiton to this applications domains."
+msgid "Select the user roles that will transition to this applications domains."
msgstr ""
#: ../gui/polgen.glade:1056
@@ -1873,7 +1873,7 @@
msgstr ""
#: ../gui/polgengui.py:756 ../gui/system-config-selinux.py:180
-msgid "Configue SELinux"
+msgid "Configure SELinux"
msgstr ""
#: ../gui/portsPage.py:51 ../gui/system-config-selinux.glade:2528
@@ -3722,7 +3722,7 @@
#: ../sepolicy/sepolicy/generate.py:333
msgid ""
-"Name must be alpha numberic with no spaces. Consider using option \"-n "
+"Name must be alpha numeric with no spaces. Consider using option \"-n "
"MODULENAME\""
msgstr ""
@@ -3948,7 +3948,7 @@
#: ../sepolicy/sepolicy/sepolicy.glade:826
msgid ""
-"Select Make Path Recursive iff you want to apply this label to all children "
+"Select Make Path Recursive if you want to apply this label to all children "
"of the specified directory path. objects under the directory to have this "
"label."
msgstr ""
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
index b277958..5d77703 100755
--- a/policycoreutils/scripts/fixfiles
+++ b/policycoreutils/scripts/fixfiles
@@ -67,7 +67,7 @@
}
#
-# Get the default label returned from the kernel for a file with a lable the
+# Get the default label returned from the kernel for a file with a label the
# kernel does not understand
#
get_undefined_type() {
@@ -111,7 +111,7 @@
FORCEFLAG=""
RPMFILES=""
PREFC=""
-RESTORE_MODE="DEFAULT"
+RESTORE_MODE=""
SETFILES=/sbin/setfiles
RESTORECON=/sbin/restorecon
FILESYSTEMSRW=`get_rw_labeled_mounts`
@@ -213,16 +213,17 @@
OPTION=$1
shift
-case "$RESTORE_MODE" in
- PREFC)
- diff_filecontext $*
- return
- ;;
- BOOTTIME)
+# [-B | -N time ]
+if [ -n "$BOOTTIME" ]; then
newer $BOOTTIME $*
return
- ;;
-esac
+fi
+
+# -C PREVIOUS_FILECONTEXT
+if [ "$RESTORE_MODE" == PREFC ]; then
+ diff_filecontext $*
+ return
+fi
[ -x /usr/sbin/genhomedircon ] && /usr/sbin/genhomedircon
@@ -238,7 +239,7 @@
FILEPATH)
${RESTORECON} ${VERBOSE} ${EXCLUDEDIRS} ${FORCEFLAG} $* -R -- "$FILEPATH"
;;
- DEFAULT)
+ *)
if [ -n "${FILESYSTEMSRW}" ]; then
LogReadOnly
echo "${OPTION}ing `echo ${FILESYSTEMSRW}`"
@@ -271,7 +272,7 @@
relabel() {
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
usage
exit 1
fi
@@ -302,18 +303,18 @@
case "$1" in
restore) restore Relabel;;
check) VERBOSE="-v"; restore Check -n;;
- verify) restore Verify -n;;
+ verify) VERBOSE="-v"; restore Verify -n;;
relabel) relabel;;
onboot)
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" -a "$RESTORE_MODE" != DEFAULT ]; then
usage
exit 1
fi
> /.autorelabel || exit $?
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
- # Force full relabel if / does not have a label on it
- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
+ # Force full relabel if SELinux is not enabled
+ selinuxenabled || echo -F > /.autorelabel
echo "System will relabel on next boot"
;;
*)
@@ -343,7 +344,7 @@
fi
set_restore_mode() {
- if [ "$RESTORE_MODE" != DEFAULT ]; then
+ if [ -n "$RESTORE_MODE" ]; then
# can't specify two different modes
usage
exit 1
@@ -356,7 +357,7 @@
case "$i" in
B)
BOOTTIME=`/bin/who -b | awk '{print $3}'`
- set_restore_mode BOOTTIME
+ set_restore_mode DEFAULT
;;
N)
BOOTTIME=$OPTARG
diff --git a/policycoreutils/semodule/semodule.c b/policycoreutils/semodule/semodule.c
index a76797f..a1f75e1 100644
--- a/policycoreutils/semodule/semodule.c
+++ b/policycoreutils/semodule/semodule.c
@@ -22,6 +22,7 @@
#include <libgen.h>
#include <limits.h>
+#include <sepol/cil/cil.h>
#include <semanage/modules.h>
enum client_modes {
@@ -238,7 +239,7 @@
set_mode(LIST_M, optarg);
break;
case 'v':
- verbose = 1;
+ verbose++;
break;
case 'r':
set_mode(REMOVE_M, optarg);
@@ -350,6 +351,8 @@
}
parse_command_line(argc, argv);
+ cil_set_log_level(CIL_ERR + verbose);
+
if (build)
commit = 1;
diff --git a/policycoreutils/setfiles/restore.c b/policycoreutils/setfiles/restore.c
index 9dea565..d3335d1 100644
--- a/policycoreutils/setfiles/restore.c
+++ b/policycoreutils/setfiles/restore.c
@@ -17,40 +17,37 @@
char **exclude_list;
int exclude_count;
-struct restore_opts *r_opts;
-
void restore_init(struct restore_opts *opts)
{
int rc;
- r_opts = opts;
struct selinux_opt selinux_opts[] = {
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
+ { SELABEL_OPT_PATH, opts->selabel_opt_path },
+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
};
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
- if (!r_opts->hnd) {
- perror(r_opts->selabel_opt_path);
+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
+ if (!opts->hnd) {
+ perror(opts->selabel_opt_path);
exit(1);
}
- r_opts->restorecon_flags = 0;
- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
- r_opts->progress | r_opts->set_specctx |
- r_opts->add_assoc | r_opts->ignore_digest |
- r_opts->recurse | r_opts->userealpath |
- r_opts->xdev | r_opts->abort_on_error |
- r_opts->syslog_changes | r_opts->log_matches |
- r_opts->ignore_noent | r_opts->ignore_mounts |
- r_opts->mass_relabel;
+ opts->restorecon_flags = 0;
+ opts->restorecon_flags = opts->nochange | opts->verbose |
+ opts->progress | opts->set_specctx |
+ opts->add_assoc | opts->ignore_digest |
+ opts->recurse | opts->userealpath |
+ opts->xdev | opts->abort_on_error |
+ opts->syslog_changes | opts->log_matches |
+ opts->ignore_noent | opts->ignore_mounts |
+ opts->mass_relabel;
/* Use setfiles, restorecon and restorecond own handles */
- selinux_restorecon_set_sehandle(r_opts->hnd);
+ selinux_restorecon_set_sehandle(opts->hnd);
- if (r_opts->rootpath) {
- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
+ if (opts->rootpath) {
+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
if (rc) {
fprintf(stderr,
"selinux_restorecon_set_alt_rootpath error: %s.\n",
@@ -81,7 +78,6 @@
size_t i = 0;
int len, rc, errors;
- r_opts = opts;
memset(&globbuf, 0, sizeof(globbuf));
errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
@@ -96,7 +92,7 @@
if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
continue;
rc = selinux_restorecon(globbuf.gl_pathv[i],
- r_opts->restorecon_flags);
+ opts->restorecon_flags);
if (rc < 0)
errors = rc;
}
diff --git a/policycoreutils/setfiles/restorecon.8 b/policycoreutils/setfiles/restorecon.8
index 0f81db4..bbfc83f 100644
--- a/policycoreutils/setfiles/restorecon.8
+++ b/policycoreutils/setfiles/restorecon.8
@@ -100,7 +100,7 @@
.B \-D
Set or update any directory SHA1 digests. Use this option to
enable usage of the
-.IR security.restorecon_last
+.IR security.sehash
extended attribute.
.TP
.B \-m
@@ -184,10 +184,10 @@
.B restorecon
will cause it to store a SHA1 digest of the default specfiles set in an extended
attribute named
-.IR security.restorecon_last
-on the directory specified in each
+.IR security.sehash
+on each directory specified in
.IR pathname \ ...
-once the relabeling has been completed successfully. This digest will be
+once the relabeling has been completed successfully. These digests will be
checked should
.B restorecon
.B \-D
@@ -204,7 +204,7 @@
and provided the
.B \-n
option is NOT set and recursive mode is set, files will be relabeled as
-required with the digest then being updated provided there are no errors.
+required with the digests then being updated provided there are no errors.
.SH "AUTHOR"
This man page was written by Dan Walsh <dwalsh@redhat.com>.
diff --git a/policycoreutils/setfiles/restorecon_xattr.8 b/policycoreutils/setfiles/restorecon_xattr.8
index 65b28ea..e04528e 100644
--- a/policycoreutils/setfiles/restorecon_xattr.8
+++ b/policycoreutils/setfiles/restorecon_xattr.8
@@ -1,7 +1,7 @@
.TH "restorecon_xattr" "8" "24 Sept 2016" "" "SELinux User Command"
.SH "NAME"
restorecon_xattr \- manage
-.I security.restorecon_last
+.I security.sehash
extended attribute entries added by
.BR setfiles (8)
or
@@ -24,7 +24,7 @@
.SH "DESCRIPTION"
.B restorecon_xattr
will display the SHA1 digests added to extended attributes
-.I security.restorecon_last
+.I security.sehash
or delete the attribute completely. These attributes are set by
.BR restorecon (8)
or
@@ -43,7 +43,7 @@
and
.B TMPFS
filesystems do not support the
-.I security.restorecon_last
+.I security.sehash
extended attribute and are automatically excluded from searches.
.sp
By default
@@ -62,12 +62,12 @@
.TP
.B \-d
delete all non-matching
-.I security.restorecon_last
+.I security.sehash
directory digest entries.
.TP
.B \-D
delete all
-.I security.restorecon_last
+.I security.sehash
directory digest entries.
.TP
.B \-m
@@ -87,7 +87,10 @@
recursively descend directories.
.TP
.B \-v
-display SHA1 digest generated by specfile set.
+display SHA1 digest generated by specfile set (Note that this digest is not
+used to match the
+.I security.sehash
+directory digest entries, and is shown for reference only).
.TP
.B \-e
.I directory
@@ -101,11 +104,6 @@
.I specfile
containing file context entries as described in
.BR file_contexts (5).
-This will be used by
-.BR selabel_open (3)
-to retrieve the set of labeling entries, with the SHA1 digest being
-retrieved by
-.BR selabel_digest (3).
If the option is not specified, then the default file_contexts will be used.
.SH "ARGUMENTS"
diff --git a/policycoreutils/setfiles/restorecon_xattr.c b/policycoreutils/setfiles/restorecon_xattr.c
index 91c087f..59b1f74 100644
--- a/policycoreutils/setfiles/restorecon_xattr.c
+++ b/policycoreutils/setfiles/restorecon_xattr.c
@@ -27,7 +27,7 @@
"-D Delete all digest entries.\n\t"
"-e Directory to exclude (repeat option for more than one directory).\n\t"
"-f Optional specfile for calculating the digest.\n\t"
- "pathname Path to search for xattr \"security.restorecon_last\" entries.\n\n",
+ "pathname Path to search for xattr \"security.sehash\" entries.\n\n",
progname);
exit(-1);
}
diff --git a/policycoreutils/setfiles/setfiles.8 b/policycoreutils/setfiles/setfiles.8
index ccaaf4d..c9f8be0 100644
--- a/policycoreutils/setfiles/setfiles.8
+++ b/policycoreutils/setfiles/setfiles.8
@@ -90,7 +90,7 @@
.B \-D
Set or update any directory SHA1 digests. Use this option to
enable usage of the
-.IR security.restorecon_last
+.IR security.sehash
extended attribute.
.TP
.B \-l
@@ -228,10 +228,10 @@
will cause it to store a SHA1 digest of the
.B spec_file
set in an extended attribute named
-.IR security.restorecon_last
-on the directory specified in each
+.IR security.sehash
+on each directory specified in
.IR pathname \ ...
-once the relabeling has been completed successfully. This digest will be
+once the relabeling has been completed successfully. These digests will be
checked should
.B setfiles
.B \-D
@@ -250,7 +250,7 @@
.IR pathname \ ...
and provided the
.B \-n
-option is NOT set, files will be relabeled as required with the digest then
+option is NOT set, files will be relabeled as required with the digests then
being updated provided there are no errors.
.SH "AUTHOR"
diff --git a/python/VERSION b/python/VERSION
index 8c26915..9f55b2c 100644
--- a/python/VERSION
+++ b/python/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen
index be2d093..4a71cda 100644
--- a/python/audit2allow/sepolgen-ifgen
+++ b/python/audit2allow/sepolgen-ifgen
@@ -53,7 +53,7 @@
parser.add_option("-a", "--attribute_info", dest="attribute_info")
parser.add_option("-p", "--policy", dest="policy_path")
parser.add_option("-v", "--verbose", action="store_true", default=False,
- help="print debuging output")
+ help="print debugging output")
parser.add_option("-d", "--debug", action="store_true", default=False,
help="extra debugging output")
parser.add_option("--attr-helper", default=ATTR_HELPER,
@@ -126,7 +126,7 @@
else:
log = None
- # Get the attibutes from the binary
+ # Get the attributes from the binary
attrs = None
if not options.no_attrs:
attrs = get_attrs(options.policy_path, options.attr_helper)
diff --git a/python/chcat/chcat b/python/chcat/chcat
index ba39868..fdd2e46 100755
--- a/python/chcat/chcat
+++ b/python/chcat/chcat
@@ -115,7 +115,6 @@
errors = 0
sensitivity = newcat[0]
cat = newcat[1]
- cmd = 'chcon -l %s' % sensitivity
for f in objects:
(rc, c) = selinux.getfilecon(f)
con = c.split(":")[3:]
diff --git a/python/semanage/semanage b/python/semanage/semanage
index 144cc00..b2fabea 100644
--- a/python/semanage/semanage
+++ b/python/semanage/semanage
@@ -73,9 +73,6 @@
usage_boolean = "semanage boolean [-h] [-n] [-N] [-S STORE] ["
usage_boolean_dict = {' --modify': ('(', '--on', '|', '--off', ')', 'boolean'), ' --list': ('-C',), ' --extract': ('',), ' --deleteall': ('',)}
-
-
-
class CheckRole(argparse.Action):
def __call__(self, parser, namespace, value, option_string=None):
@@ -237,7 +234,7 @@
def parser_add_range(parser, name):
- parser.add_argument('-r', '--range', default="s0",
+ parser.add_argument('-r', '--range', default='',
help=_('''
MLS/MCS Security Range (MLS/MCS Systems only)
SELinux Range for SELinux login mapping
@@ -248,7 +245,7 @@
def parser_add_proto(parser, name):
parser.add_argument('-p', '--proto', help=_('''
- Protocol for the specified port (tcp|udp) or internet protocol
+ Protocol for the specified port (tcp|udp|dccp|sctp) or internet protocol
version for the specified node (ipv4|ipv6).
'''))
@@ -737,6 +734,11 @@
if args.action == "list":
OBJECT.list(args.noheading)
+ elif args.action == "deleteall":
+ OBJECT.deleteall()
+ elif args.action == "extract":
+ for i in OBJECT.customized():
+ print("permissive %s" % str(i))
elif args.type is not None:
if args.action == "add":
OBJECT.add(args.type)
@@ -752,9 +754,9 @@
pgroup = permissiveParser.add_mutually_exclusive_group(required=True)
parser_add_add(pgroup, "permissive")
parser_add_delete(pgroup, "permissive")
+ parser_add_deleteall(pgroup, "permissive")
+ parser_add_extract(pgroup, "permissive")
parser_add_list(pgroup, "permissive")
- #TODO: probably should be also added => need to implement own option handling
- #parser_add_deleteall(pgroup)
parser_add_noheading(permissiveParser, "permissive")
parser_add_noreload(permissiveParser, "permissive")
@@ -778,7 +780,7 @@
def handleExport(args):
- manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey"]
+ manageditems = ["boolean", "login", "interface", "user", "port", "node", "fcontext", "module", "ibendport", "ibpkey", "permissive"]
for i in manageditems:
print("%s -D" % i)
for i in manageditems:
@@ -906,7 +908,7 @@
def make_io_args(args):
- # import/export backward compability
+ # import/export backward compatibility
args_origin = ["-S", "-o", "-i", "targeted", "minimum", "mls"]
args_file = []
args_ie = []
diff --git a/python/semanage/semanage-permissive.8 b/python/semanage/semanage-permissive.8
index 1999a45..5c3364f 100644
--- a/python/semanage/semanage-permissive.8
+++ b/python/semanage/semanage-permissive.8
@@ -2,7 +2,7 @@
.SH "NAME"
.B semanage\-permissive \- SELinux Policy Management permissive mapping tool
.SH "SYNOPSIS"
-.B semanage permissive [\-h] (\-a | \-d | \-l) [\-n] [\-N] [\-S STORE] [type]
+.B semanage permissive [\-h] [\-n] [\-N] [\-S STORE] (\-\-add TYPE | \-\-delete TYPE | \-\-deleteall | \-\-extract | \-\-list)
.SH "DESCRIPTION"
semanage is used to configure certain elements of SELinux policy without requiring modification to or recompilation from policy sources. semanage permissive adds or removes a SELinux Policy permissive module.
@@ -18,9 +18,15 @@
.I \-d, \-\-delete
Delete a record of the specified object type
.TP
+.I \-D, \-\-deleteall
+Remove all local customizations of permissive domains
+.TP
.I \-l, \-\-list
List records of the specified object type
.TP
+.I \-E, \-\-extract
+Extract customizable commands, for use within a transaction
+.TP
.I \-n, \-\-noheading
Do not print heading when listing the specified object type
.TP
diff --git a/python/semanage/semanage-port.8 b/python/semanage/semanage-port.8
index a21287c..12ec14c 100644
--- a/python/semanage/semanage-port.8
+++ b/python/semanage/semanage-port.8
@@ -49,7 +49,7 @@
MLS/MCS Security Range (MLS/MCS Systems only) SELinux Range for SELinux login mapping defaults to the SELinux user record range. SELinux Range for SELinux user defaults to s0.
.TP
.I \-p PROTO, \-\-proto PROTO
-Protocol for the specified port (tcp|udp) or internet protocol version for the specified node (ipv4|ipv6).
+Protocol for the specified port (tcp|udp|dccp|sctp) or internet protocol version for the specified node (ipv4|ipv6).
.SH EXAMPLE
.nf
diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index 13fdf53..0e9ce29 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -380,7 +380,7 @@
def customized(self):
all = self.get_all()
if len(all) == 0:
- return
+ return []
return ["-d %s" % x[0] for x in [t for t in all if t[1] == 0]]
def list(self, heading=1, locallist=0):
@@ -478,6 +478,9 @@
l.append(name.split("permissive_")[1])
return l
+ def customized(self):
+ return ["-a %s" % x for x in sorted(self.get_all())]
+
def list(self, heading=1, locallist=0):
all = [y["name"] for y in [x for x in sepolicy.info(sepolicy.TYPE) if x["permissive"]]]
if len(all) == 0:
@@ -1055,17 +1058,23 @@
pass
def __genkey(self, port, proto):
- if proto == "tcp":
- proto_d = SEMANAGE_PROTO_TCP
+ protocols = {"tcp": SEMANAGE_PROTO_TCP,
+ "udp": SEMANAGE_PROTO_UDP,
+ "sctp": SEMANAGE_PROTO_SCTP,
+ "dccp": SEMANAGE_PROTO_DCCP}
+
+ if proto in protocols.keys():
+ proto_d = protocols[proto]
else:
- if proto == "udp":
- proto_d = SEMANAGE_PROTO_UDP
- else:
- raise ValueError(_("Protocol udp or tcp is required"))
+ raise ValueError(_("Protocol has to be one of udp, tcp, dccp or sctp"))
if port == "":
raise ValueError(_("Port is required"))
- ports = port.split("-")
+ if isinstance(port, str):
+ ports = port.split('-', 1)
+ else:
+ ports = (port,)
+
if len(ports) == 1:
high = low = int(ports[0])
else:
@@ -1849,7 +1858,7 @@
if addr == "":
raise ValueError(_("Node Address is required"))
- # verify valid comination
+ # verify valid combination
if len(mask) == 0 or mask[0] == "/":
i = IP(addr + mask)
newaddr = i.strNormal(0)
diff --git a/python/sepolgen/HACKING b/python/sepolgen/HACKING
index a0ec323..f7d0777 100644
--- a/python/sepolgen/HACKING
+++ b/python/sepolgen/HACKING
@@ -24,7 +24,7 @@
This representation can be used as output from the parser to represent
the reference policy interfaces. It can also be used to generate
-policy by building up the relevent data structures and then outputting
+policy by building up the relevant data structures and then outputting
them. See sepolgen.policygen and sepolgen.output for information on how
this can be done.
@@ -75,5 +75,3 @@
information about the object classes - including information flow. It
is separated to keep the core from being concerned about the details
of the object classes.
-
-[selist]: http://www.nsa.gov/research/selinux/info/list.cfm
diff --git a/python/sepolgen/VERSION b/python/sepolgen/VERSION
index 8c26915..9f55b2c 100644
--- a/python/sepolgen/VERSION
+++ b/python/sepolgen/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/python/sepolgen/src/sepolgen/access.py b/python/sepolgen/src/sepolgen/access.py
index ba80f93..791b9e8 100644
--- a/python/sepolgen/src/sepolgen/access.py
+++ b/python/sepolgen/src/sepolgen/access.py
@@ -23,7 +23,7 @@
SELinux - at the most basic level - represents access as
the 4-tuple subject (type or context), target (type or context),
object class, permission. The policy language elaborates this basic
-access to faciliate more concise rules (e.g., allow rules can have multiple
+access to facilitate more concise rules (e.g., allow rules can have multiple
source or target types - see refpolicy for more information).
This module has objects for representing the most basic access (AccessVector)
@@ -37,12 +37,12 @@
from selinux import audit2why
def is_idparam(id):
- """Determine if an id is a paramater in the form $N, where N is
+ """Determine if an id is a parameter in the form $N, where N is
an integer.
Returns:
- True if the id is a paramater
- False if the id is not a paramater
+ True if the id is a parameter
+ False if the id is not a parameter
"""
if len(id) > 1 and id[0] == '$':
try:
@@ -167,7 +167,7 @@
def avrule_to_access_vectors(avrule):
"""Convert an avrule into a list of access vectors.
- AccessVectors and AVRules are similary, but differ in that
+ AccessVectors and AVRules are similarly, but differ in that
an AVRule can more than one source type, target type, and
object class. This function expands a single avrule into a
list of one or more AccessVectors representing the access
@@ -223,7 +223,7 @@
def __len__(self):
"""Return the number of unique access vectors in the set.
- Because of the inernal representation of the access vector set,
+ Because of the internal representation of the access vector set,
__len__ is not a constant time operation. Worst case is O(N)
where N is the number of unique access vectors, but the common
case is probably better.
@@ -317,7 +317,7 @@
class RoleTypeSet:
"""A non-overlapping set of role type statements.
- This clas allows the incremental addition of role type statements and
+ This class allows the incremental addition of role type statements and
maintains a non-overlapping list of statements.
"""
def __init__(self):
diff --git a/python/sepolgen/src/sepolgen/interfaces.py b/python/sepolgen/src/sepolgen/interfaces.py
index f4d3e5c..eadf3a3 100644
--- a/python/sepolgen/src/sepolgen/interfaces.py
+++ b/python/sepolgen/src/sepolgen/interfaces.py
@@ -33,7 +33,7 @@
class Param:
"""
- Object representing a paramater for an interface.
+ Object representing a parameter for an interface.
"""
def __init__(self):
self.__name = ""
@@ -66,7 +66,7 @@
# The entries are identical - we're done
if type == p.type:
return
- # Hanldle implicitly typed objects (like process)
+ # Handle implicitly typed objects (like process)
if (type == refpolicy.SRC_TYPE or type == refpolicy.TGT_TYPE) and \
(p.type == refpolicy.TGT_TYPE or p.type == refpolicy.SRC_TYPE):
#print name, refpolicy.field_to_str[p.type]
@@ -104,9 +104,9 @@
def av_extract_params(av, params):
- """Extract the paramaters from an access vector.
+ """Extract the parameters from an access vector.
- Extract the paramaters (in the form $N) from an access
+ Extract the parameters (in the form $N) from an access
vector, storing them as Param objects in a dictionary.
Some attempt is made at resolving conflicts with other
entries in the dict, but if an unresolvable conflict is
@@ -132,7 +132,7 @@
allow fingerd_t $1:process sigchld;
')
- Here the usage seems ambigious, but it is not. $1 is still domain
+ Here the usage seems ambiguous, but it is not. $1 is still domain
and therefore should be returned as a SRC_TYPE.
Returns:
@@ -245,7 +245,7 @@
# this will include indirect access from typeattribute
# statements.
self.access = access.AccessVectorSet()
- # Paramaters are stored in a dictionary (key: param name
+ # Parameters are stored in a dictionary (key: param name
# value: Param object).
self.params = { }
if interface:
@@ -284,13 +284,13 @@
self.add_av(av)
- # Extract paramaters from roles
+ # Extract parameters from roles
for role in interface.roles():
if role_extract_params(role, self.params):
pass
#print "found conflicting role param %s for interface %s" % \
# (role.name, interface.name)
- # Extract paramaters from type rules
+ # Extract parameters from type rules
for rule in interface.typerules():
if type_rule_extract_params(rule, self.params):
pass
diff --git a/python/sepolgen/src/sepolgen/matching.py b/python/sepolgen/src/sepolgen/matching.py
index 6f86359..a2f2d1b 100644
--- a/python/sepolgen/src/sepolgen/matching.py
+++ b/python/sepolgen/src/sepolgen/matching.py
@@ -149,7 +149,7 @@
prov - [AccessVector] The access provided. This is the potential
match that is being evaluated for req.
Returns:
- 0 : Exact match between the acess vectors.
+ 0 : Exact match between the access vectors.
< 0 : The prov av does not provide all of the access in req.
A smaller value indicates that the access is further.
diff --git a/python/sepolgen/src/sepolgen/module.py b/python/sepolgen/src/sepolgen/module.py
index 8766dd9..745364c 100644
--- a/python/sepolgen/src/sepolgen/module.py
+++ b/python/sepolgen/src/sepolgen/module.py
@@ -95,7 +95,7 @@
module compiler (checkmodule) and module packager (semodule_package).
You are likely interested in the create_module_package method.
- Several options are controlled via paramaters (only effects the
+ Several options are controlled via parameters (only effects the
non-refpol builds):
.mls [boolean] Generate an MLS module (by passed -M to
diff --git a/python/sepolgen/src/sepolgen/objectmodel.py b/python/sepolgen/src/sepolgen/objectmodel.py
index d05d721..84955f7 100644
--- a/python/sepolgen/src/sepolgen/objectmodel.py
+++ b/python/sepolgen/src/sepolgen/objectmodel.py
@@ -47,7 +47,7 @@
# All of the permissions in SELinux can be described in terms of
# information flow. For example, a read of a file is a flow of
# information from that file to the process reading. Viewing
-# permissions in these terms can be used to model a varity of
+# permissions in these terms can be used to model a variety of
# security properties.
#
# Here we have some infrastructure for understanding permissions
@@ -70,7 +70,7 @@
FLOW_WRITE = 2
FLOW_BOTH = FLOW_READ | FLOW_WRITE
-# These are used by the parser and for nice disply of the directions
+# These are used by the parser and for nice display of the directions
str_to_dir = { "n" : FLOW_NONE, "r" : FLOW_READ, "w" : FLOW_WRITE, "b" : FLOW_BOTH }
dir_to_str = { FLOW_NONE : "n", FLOW_READ : "r", FLOW_WRITE : "w", FLOW_BOTH : "b" }
@@ -106,7 +106,7 @@
"""Read the permission mappings from a file. This reads the format used
by Apol in the setools suite.
"""
- # This parsing is deliberitely picky and bails at the least error. It
+ # This parsing is deliberately picky and bails at the least error. It
# is assumed that the permission map file will be shipped as part
# of sepolgen and not user modified, so this is a reasonable design
# choice. If user supplied permission mappings are needed the parser
@@ -124,7 +124,7 @@
cur = self.classes[c]
else:
if len(fields) != 3:
- raise ValueError("error in object classs permissions")
+ raise ValueError("error in object class permissions")
if cur is None:
raise ValueError("permission outside of class")
pm = PermMap(fields[0], str_to_dir[fields[1]], int(fields[2]))
diff --git a/python/sepolgen/src/sepolgen/policygen.py b/python/sepolgen/src/sepolgen/policygen.py
index 319da15..8f0ce26 100644
--- a/python/sepolgen/src/sepolgen/policygen.py
+++ b/python/sepolgen/src/sepolgen/policygen.py
@@ -54,7 +54,7 @@
permission access vector rules. By default only allow rules
are generated. The methods .set_gen_refpol, .set_gen_requires
and .set_gen_xperms turns on interface generation,
- requires generation, and xperms rules genration respectively.
+ requires generation, and xperms rules generation respectively.
PolicyGenerator can also optionally add comments explaining
why a particular access was allowed based on the audit
@@ -70,7 +70,7 @@
"""Initialize a PolicyGenerator with an optional
existing module.
- If the module paramater is not None then access
+ If the module parameter is not None then access
will be added to the passed in module. Otherwise
a new reference policy module will be created.
"""
@@ -339,7 +339,7 @@
def hack_check_ifs(self, ifs):
# FIXME: Disable interfaces we can't call - this is a hack.
- # Because we don't handle roles, multiple paramaters, etc.,
+ # Because we don't handle roles, multiple parameters, etc.,
# etc., we must make certain we can actually use a returned
# interface.
for x in ifs.interfaces.values():
@@ -347,7 +347,7 @@
params.extend(x.params.values())
params.sort(key=lambda param: param.num, reverse=True)
for i in range(len(params)):
- # Check that the paramater position matches
+ # Check that the parameter position matches
# the number (e.g., $1 is the first arg). This
# will fail if the parser missed something.
if (i + 1) != params[i].num:
diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
index f506dc3..2e521a0 100644
--- a/python/sepolgen/src/sepolgen/refparser.py
+++ b/python/sepolgen/src/sepolgen/refparser.py
@@ -207,7 +207,7 @@
t_SQUOTE = r'\''
t_OBRACE = r'\{'
t_CBRACE = r'\}'
-# This will handle spurios extra ';' via the +
+# This will handle spurious extra ';' via the +
t_SEMI = r'\;+'
t_COLON = r'\:'
t_OPAREN = r'\('
diff --git a/python/sepolgen/src/sepolgen/refpolicy.py b/python/sepolgen/src/sepolgen/refpolicy.py
index e3dd33a..43cecfc 100644
--- a/python/sepolgen/src/sepolgen/refpolicy.py
+++ b/python/sepolgen/src/sepolgen/refpolicy.py
@@ -177,7 +177,7 @@
The walktree function iterates over a tree containing Nodes and
leaf objects. The iteration can perform a depth first or a breadth
first traversal of the tree (controlled by the depthfirst
- paramater. The passed in node will be returned.
+ parameter. The passed in node will be returned.
This function will only work correctly for trees - arbitrary graphs
will likely cause infinite looping.
@@ -242,7 +242,7 @@
def list_to_comma_str(s):
l = len(s)
if l < 1:
- raise ValueError("cannot conver 0 len set to comma string")
+ raise ValueError("cannot convert 0 len set to comma string")
return ", ".join(s)
diff --git a/python/sepolgen/src/sepolgen/util.py b/python/sepolgen/src/sepolgen/util.py
index f5b66d0..bd68d81 100644
--- a/python/sepolgen/src/sepolgen/util.py
+++ b/python/sepolgen/src/sepolgen/util.py
@@ -79,8 +79,8 @@
Otherwise a random element will be returned (as sets are not ordered).
"""
if not len(s):
- raise IndexError("empty containter")
-
+ raise IndexError("empty container")
+
if sorted:
l = set_to_list(s)
l.sort()
@@ -119,7 +119,7 @@
"""Class used when implementing rich comparison.
Inherit from this class if you want to have a rich
- comparison withing the class, afterwards implement
+ comparison within the class, afterwards implement
_compare function within your class."""
def _compare(self, other, method):
diff --git a/python/sepolgen/tests/test_refpolicy.py b/python/sepolgen/tests/test_refpolicy.py
index 64c48df..4b50c8a 100644
--- a/python/sepolgen/tests/test_refpolicy.py
+++ b/python/sepolgen/tests/test_refpolicy.py
@@ -36,7 +36,7 @@
class TestXpermSet(unittest.TestCase):
def test_init(self):
- """ Test that all atttributes are correctly initialized. """
+ """ Test that all attributes are correctly initialized. """
s1 = refpolicy.XpermSet()
self.assertEqual(s1.complement, False)
self.assertEqual(s1.ranges, [])
diff --git a/python/sepolicy/sepolicy.py b/python/sepolicy/sepolicy.py
index 1934cd8..7b22306 100755
--- a/python/sepolicy/sepolicy.py
+++ b/python/sepolicy/sepolicy.py
@@ -25,6 +25,7 @@
import sys
import selinux
import sepolicy
+from multiprocessing import Pool
from sepolicy import get_os_version, get_conditionals, get_conditionals_format_text
import argparse
PROGNAME = "policycoreutils"
@@ -326,8 +327,13 @@
gui.set_defaults(func=gui_run)
+def manpage_work(domain, path, root, source_files, web):
+ from sepolicy.manpage import ManPage
+ m = ManPage(domain, path, root, source_files, web)
+ print(m.get_man_page_path())
+
def manpage(args):
- from sepolicy.manpage import ManPage, HTMLManPages, manpage_domains, manpage_roles, gen_domains
+ from sepolicy.manpage import HTMLManPages, manpage_domains, manpage_roles, gen_domains
path = args.path
if not args.policy and args.root != "/":
@@ -340,9 +346,11 @@
else:
test_domains = args.domain
+ p = Pool()
for domain in test_domains:
- m = ManPage(domain, path, args.root, args.source_files, args.web)
- print(m.get_man_page_path())
+ p.apply_async(manpage_work, [domain, path, args.root, args.source_files, args.web])
+ p.close()
+ p.join()
if args.web:
HTMLManPages(manpage_roles, manpage_domains, path, args.os)
diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py
index 6aed31b..e454097 100644
--- a/python/sepolicy/sepolicy/__init__.py
+++ b/python/sepolicy/sepolicy/__init__.py
@@ -539,7 +539,6 @@
path += "/"
except IndexError:
print("try failed got an IndexError")
- pass
try:
pat = re.compile(r"%s$" % reg)
diff --git a/python/sepolicy/sepolicy/booleans.py b/python/sepolicy/sepolicy/booleans.py
index ad07ab0..59c444b 100644
--- a/python/sepolicy/sepolicy/booleans.py
+++ b/python/sepolicy/sepolicy/booleans.py
@@ -1,7 +1,7 @@
# Copyright (C) 2012 Red Hat
# see file 'COPYING' for use and warranty information
#
-# setrans is a tool for analyzing process transistions in SELinux policy
+# setrans is a tool for analyzing process transitions in SELinux policy
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff --git a/python/sepolicy/sepolicy/communicate.py b/python/sepolicy/sepolicy/communicate.py
index 3740022..238f9ab 100755
--- a/python/sepolicy/sepolicy/communicate.py
+++ b/python/sepolicy/sepolicy/communicate.py
@@ -1,7 +1,7 @@
# Copyright (C) 2012 Red Hat
# see file 'COPYING' for use and warranty information
#
-# setrans is a tool for analyzing process transistions in SELinux policy
+# setrans is a tool for analyzing process transitions in SELinux policy
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff --git a/python/sepolicy/sepolicy/generate.py b/python/sepolicy/sepolicy/generate.py
index 019e783..e8d07e7 100644
--- a/python/sepolicy/sepolicy/generate.py
+++ b/python/sepolicy/sepolicy/generate.py
@@ -26,7 +26,6 @@
import sepolicy
from sepolicy import get_all_types, get_all_attributes, get_all_roles
import time
-import platform
from .templates import executable
from .templates import boolean
@@ -341,7 +340,7 @@
(self.generate_root_user_types, self.generate_root_user_rules),
(self.generate_new_types, self.generate_new_rules))
if not re.match(r"^[a-zA-Z0-9-_]+$", name):
- raise ValueError(_("Name must be alpha numberic with no spaces. Consider using option \"-n MODULENAME\""))
+ raise ValueError(_("Name must be alpha numeric with no spaces. Consider using option \"-n MODULENAME\""))
if type == CGI:
self.name = "httpd_%s_script" % name
@@ -1178,8 +1177,7 @@
newsh += re.sub("TEMPLATETYPE", self.name, t1)
newsh += self.generate_user_sh()
- if (platform.linux_distribution(full_distribution_name=0)[0] in ("redhat", "centos", "SuSE", "fedora", "mandrake", "mandriva")):
- newsh += re.sub("TEMPLATEFILE", self.file_name, script.rpm)
+ newsh += re.sub("TEMPLATEFILE", self.file_name, script.rpm)
return newsh
@@ -1379,7 +1377,6 @@
out += "%s # %s\n" % (self.write_if(out_dir), _("Interface file"))
out += "%s # %s\n" % (self.write_fc(out_dir), _("File Contexts file"))
if self.type != NEWTYPE:
- if (platform.linux_distribution(full_distribution_name=0)[0] in ("redhat", "centos", "SuSE", "fedora", "mandrake", "mandriva")):
- out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
+ out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
out += "%s # %s\n" % (self.write_sh(out_dir), _("Setup Script"))
return out
diff --git a/python/sepolicy/sepolicy/gui.py b/python/sepolicy/sepolicy/gui.py
index 00fd7a1..1e86422 100644
--- a/python/sepolicy/sepolicy/gui.py
+++ b/python/sepolicy/sepolicy/gui.py
@@ -1023,7 +1023,7 @@
self.delete_button.set_sensitive(True)
# Clear the tree to prepare for a new selection otherwise
self.executable_files_liststore.clear()
- # data will pile up everytime the user selects a new item from the drop down menu
+ # data will pile up every time the user selects a new item from the drop down menu
self.network_in_liststore.clear()
self.network_out_liststore.clear()
self.boolean_liststore.clear()
@@ -1894,7 +1894,7 @@
tree.set_value(iter, 2, fclass)
def restore_to_default(self, *args):
- print("restore to defualt clicked...")
+ print("restore to default clicked...")
def invalid_entry_retry(self, *args):
self.closewindow(self.error_check_window)
diff --git a/python/sepolicy/sepolicy/interface.py b/python/sepolicy/sepolicy/interface.py
index 583091a..187419f 100644
--- a/python/sepolicy/sepolicy/interface.py
+++ b/python/sepolicy/sepolicy/interface.py
@@ -196,7 +196,7 @@
from subprocess import getstatusoutput
basedir = os.path.dirname(if_file) + "/"
filename = os.path.basename(if_file).split(".")[0]
- rc, output = getstatusoutput("python /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % basedir + filename)
+ rc, output = getstatusoutput("/usr/bin/python3 /usr/share/selinux/devel/include/support/segenxml.py -w -m %s" % (basedir + filename))
if rc != 0:
sys.stderr.write("\n Could not proceed selected interface file.\n")
sys.stderr.write("\n%s" % output)
diff --git a/python/sepolicy/sepolicy/manpage.py b/python/sepolicy/sepolicy/manpage.py
index 1d36796..4426081 100755
--- a/python/sepolicy/sepolicy/manpage.py
+++ b/python/sepolicy/sepolicy/manpage.py
@@ -782,7 +782,7 @@
for e in equiv:
self.fd.write(r"""
.PP
-%(domainname)s policy stores data with multiple different file context types under the %(equiv)s directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv dirctory you would execute the following command:
+%(domainname)s policy stores data with multiple different file context types under the %(equiv)s directory. If you would like to store the data in a different directory you can use the semanage command to create an equivalence mapping. If you wanted to store this data under the /srv directory you would execute the following command:
.PP
.B semanage fcontext -a -e %(equiv)s /srv/%(alt)s
.br
@@ -962,7 +962,7 @@
if "bin_t" in entrypoints:
entrypoints.remove("bin_t")
self.fd.write("""
-All executeables with the default executable label, usually stored in /usr/bin and /usr/sbin.""")
+All executables with the default executable label, usually stored in /usr/bin and /usr/sbin.""")
paths = []
for entrypoint in entrypoints:
diff --git a/python/sepolicy/sepolicy/network.py b/python/sepolicy/sepolicy/network.py
index 34267d9..ff308fa 100755
--- a/python/sepolicy/sepolicy/network.py
+++ b/python/sepolicy/sepolicy/network.py
@@ -1,7 +1,7 @@
# Copyright (C) 2012 Red Hat
# see file 'COPYING' for use and warranty information
#
-# setrans is a tool for analyzing process transistions in SELinux policy
+# setrans is a tool for analyzing process transitions in SELinux policy
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff --git a/python/sepolicy/sepolicy/transition.py b/python/sepolicy/sepolicy/transition.py
index 6414a76..2d4d8d3 100755
--- a/python/sepolicy/sepolicy/transition.py
+++ b/python/sepolicy/sepolicy/transition.py
@@ -1,7 +1,7 @@
# Copyright (C) 2011 Red Hat
# see file 'COPYING' for use and warranty information
#
-# setrans is a tool for analyzing process transistions in SELinux policy
+# setrans is a tool for analyzing process transitions in SELinux policy
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
diff --git a/python/sepolicy/setup.py b/python/sepolicy/setup.py
index 4bd8353..fa60ef6 100644
--- a/python/sepolicy/setup.py
+++ b/python/sepolicy/setup.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/python3
# Author: Thomas Liu <tliu@redhat.com>
# Author: Dan Walsh <dwalsh@redhat.com>
@@ -6,7 +6,7 @@
setup(
name="sepolicy",
- version="1.1",
+ version="3.0",
description="Python SELinux Policy Analyses bindings",
author="Daniel Walsh",
author_email="dwalsh@redhat.com",
diff --git a/restorecond/VERSION b/restorecond/VERSION
index 8c26915..9f55b2c 100644
--- a/restorecond/VERSION
+++ b/restorecond/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/restorecond/restore.c b/restorecond/restore.c
index f6e3000..b93b5fd 100644
--- a/restorecond/restore.c
+++ b/restorecond/restore.c
@@ -12,39 +12,36 @@
char **exclude_list;
int exclude_count;
-struct restore_opts *r_opts;
-
void restore_init(struct restore_opts *opts)
{
int rc;
- r_opts = opts;
struct selinux_opt selinux_opts[] = {
- { SELABEL_OPT_VALIDATE, r_opts->selabel_opt_validate },
- { SELABEL_OPT_PATH, r_opts->selabel_opt_path },
- { SELABEL_OPT_DIGEST, r_opts->selabel_opt_digest }
+ { SELABEL_OPT_VALIDATE, opts->selabel_opt_validate },
+ { SELABEL_OPT_PATH, opts->selabel_opt_path },
+ { SELABEL_OPT_DIGEST, opts->selabel_opt_digest }
};
- r_opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
- if (!r_opts->hnd) {
- perror(r_opts->selabel_opt_path);
+ opts->hnd = selabel_open(SELABEL_CTX_FILE, selinux_opts, 3);
+ if (!opts->hnd) {
+ perror(opts->selabel_opt_path);
exit(1);
}
- r_opts->restorecon_flags = 0;
- r_opts->restorecon_flags = r_opts->nochange | r_opts->verbose |
- r_opts->progress | r_opts->set_specctx |
- r_opts->add_assoc | r_opts->ignore_digest |
- r_opts->recurse | r_opts->userealpath |
- r_opts->xdev | r_opts->abort_on_error |
- r_opts->syslog_changes | r_opts->log_matches |
- r_opts->ignore_noent | r_opts->ignore_mounts;
+ opts->restorecon_flags = 0;
+ opts->restorecon_flags = opts->nochange | opts->verbose |
+ opts->progress | opts->set_specctx |
+ opts->add_assoc | opts->ignore_digest |
+ opts->recurse | opts->userealpath |
+ opts->xdev | opts->abort_on_error |
+ opts->syslog_changes | opts->log_matches |
+ opts->ignore_noent | opts->ignore_mounts;
/* Use setfiles, restorecon and restorecond own handles */
- selinux_restorecon_set_sehandle(r_opts->hnd);
+ selinux_restorecon_set_sehandle(opts->hnd);
- if (r_opts->rootpath) {
- rc = selinux_restorecon_set_alt_rootpath(r_opts->rootpath);
+ if (opts->rootpath) {
+ rc = selinux_restorecon_set_alt_rootpath(opts->rootpath);
if (rc) {
fprintf(stderr,
"selinux_restorecon_set_alt_rootpath error: %s.\n",
@@ -75,7 +72,6 @@
size_t i = 0;
int len, rc, errors;
- r_opts = opts;
memset(&globbuf, 0, sizeof(globbuf));
errors = glob(name, GLOB_TILDE | GLOB_PERIOD |
@@ -90,7 +86,7 @@
if (len > 0 && strcmp(&globbuf.gl_pathv[i][len], "/..") == 0)
continue;
rc = selinux_restorecon(globbuf.gl_pathv[i],
- r_opts->restorecon_flags);
+ opts->restorecon_flags);
if (rc < 0)
errors = rc;
}
diff --git a/restorecond/restorecond.service b/restorecond/restorecond.service
index 6bce99d..0e4ea72 100644
--- a/restorecond/restorecond.service
+++ b/restorecond/restorecond.service
@@ -1,5 +1,6 @@
[Unit]
Description=Restorecon maintaining path file context
+Documentation=man:restorecond(8)
ConditionPathExists=/etc/selinux/restorecond.conf
ConditionSecurity=selinux
diff --git a/restorecond/user.c b/restorecond/user.c
index 714aae7..8f93230 100644
--- a/restorecond/user.c
+++ b/restorecond/user.c
@@ -125,7 +125,7 @@
&bytes_read, NULL);
if (! bytes_read) {
- /* Sesssion/Terminal Ended */
+ /* Session/Terminal Ended */
exit(0);
}
diff --git a/sandbox/VERSION b/sandbox/VERSION
index 8c26915..9f55b2c 100644
--- a/sandbox/VERSION
+++ b/sandbox/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/sandbox/sandbox b/sandbox/sandbox
index 1dec07a..ca5f1e0 100644
--- a/sandbox/sandbox
+++ b/sandbox/sandbox
@@ -339,7 +339,7 @@
default=False, help=_("run complete desktop session within sandbox"))
parser.add_option("-s", "--shred", action="store_true", dest="shred",
- default=False, help=_("Shred content before tempory directories are removed"))
+ default=False, help=_("Shred content before temporary directories are removed"))
parser.add_option("-X", dest="X_ind",
action="callback", callback=self.__x_callback,
diff --git a/sandbox/seunshare.c b/sandbox/seunshare.c
index 289fcf7..9707a45 100644
--- a/sandbox/seunshare.c
+++ b/sandbox/seunshare.c
@@ -290,7 +290,7 @@
}
/*
- If path is empy or ends with "/." or "/.. return -1 else return 0;
+ If path is empty or ends with "/." or "/.. return -1 else return 0;
*/
static int bad_path(const char *path) {
const char *ptr;
@@ -410,7 +410,7 @@
/* remove runtime temporary directory */
if ((uid_t)setfsuid(0) != 0) {
- /* setfsuid does not return errror, but this check makes code checkers happy */
+ /* setfsuid does not return error, but this check makes code checkers happy */
rc++;
}
diff --git a/scripts/run-scan-build b/scripts/run-scan-build
index 88fe551..ae5aa48 100755
--- a/scripts/run-scan-build
+++ b/scripts/run-scan-build
@@ -22,7 +22,11 @@
# Build and analyze
make -C .. CC=clang clean distclean -j"$(nproc)"
-scan-build -analyze-headers -o "$OUTPUTDIR" make -C .. CC=clang DESTDIR="$DESTDIR" install install-pywrap install-rubywrap all test
+scan-build -analyze-headers -o "$OUTPUTDIR" make -C .. \
+ CC=clang \
+ DESTDIR="$DESTDIR" \
+ CFLAGS="-O2 -Wall -D__CHECKER__ -I$DESTDIR/usr/include" \
+ install install-pywrap install-rubywrap all test
# Reduce the verbosity in order to keep the message from scan-build saying
# "scan-build: Run 'scan-view /.../output-scan-build/2018-...' to examine bug reports.
diff --git a/secilc/COPYING b/secilc/COPYING
index 03a9905..a427727 100644
--- a/secilc/COPYING
+++ b/secilc/COPYING
@@ -1,4 +1,4 @@
-All files are licensed under the FreeBSD license, excepet for thid party
+All files are licensed under the FreeBSD license, except for third party
components, which are subject to their respective licenses as specified in
their source files.
diff --git a/secilc/VERSION b/secilc/VERSION
index 8c26915..9f55b2c 100644
--- a/secilc/VERSION
+++ b/secilc/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/secilc/docs/cil_class_and_permission_statements.md b/secilc/docs/cil_class_and_permission_statements.md
index 290af50..308c86d 100644
--- a/secilc/docs/cil_class_and_permission_statements.md
+++ b/secilc/docs/cil_class_and_permission_statements.md
@@ -113,7 +113,7 @@
**Examples:**
-This example defines a set of permissions for the `binder` class indentifier:
+This example defines a set of permissions for the `binder` class identifier:
(class binder (impersonate call set_context_mgr transfer receive))
@@ -179,7 +179,7 @@
**Unordered Classorder Statement:**
-If users do not have knowledge of the existing [`classorder`](#classorder), the `unordered` keyword may be used in a [`classorder`](#classorder) statement. The [classes](#class) in an unordered statement are appended to the existing [`classorder`](#classorder). A class in an ordered statement always supercedes the class redeclaration in an unordered statement. The `unordered` keyword must be the first item in the [`classorder`](#classorder) listing.
+If users do not have knowledge of the existing [`classorder`](#classorder), the `unordered` keyword may be used in a [`classorder`](#classorder) statement. The [classes](#class) in an unordered statement are appended to the existing [`classorder`](#classorder). A class in an ordered statement always supersedes the class redeclaration in an unordered statement. The `unordered` keyword must be the first item in the [`classorder`](#classorder) listing.
**Example:**
diff --git a/secilc/docs/cil_context_statement.md b/secilc/docs/cil_context_statement.md
index 57ad3c6..6081275 100644
--- a/secilc/docs/cil_context_statement.md
+++ b/secilc/docs/cil_context_statement.md
@@ -3,7 +3,7 @@
Contexts are formed using previously declared parameters and may be named or anonymous where:
-- Named - The context is declared with a context identifer that is used as a reference.
+- Named - The context is declared with a context identifier that is used as a reference.
- Anonymous - They are defined within the CIL labeling statement using user, role etc. identifiers.
@@ -65,7 +65,7 @@
/system/bin/run-as -- u:object_r:runas.exec:s0-s0
-This example uses an anonymous context where the previously declared `user role type levelrange` identifiers are used to specifiy two [`portcon`](cil_network_labeling_statements.md#portcon) statements:
+This example uses an anonymous context where the previously declared `user role type levelrange` identifiers are used to specify two [`portcon`](cil_network_labeling_statements.md#portcon) statements:
(portcon udp 1024 (test.user object_r test.process ((s0) (s1))))
(portcon tcp 1024 (test.user object_r test.process (system_low system_high)))
diff --git a/secilc/docs/cil_default_object_statements.md b/secilc/docs/cil_default_object_statements.md
index 73d84d6..80ccabe 100644
--- a/secilc/docs/cil_default_object_statements.md
+++ b/secilc/docs/cil_default_object_statements.md
@@ -143,11 +143,11 @@
defaultrange
------------
-Allows the default level or range to be taken from the source or target context when computing a new context for the object [`class`](cil_class_and_permission_statements.md#class) identifier. Requires policy version 27.
+Allows the default level or range to be taken from the source, target, or both contexts when computing a new context for the object [`class`](cil_class_and_permission_statements.md#class) identifier. Requires policy version 27. glblub as the default requires policy version 32.
**Statement definition:**
- (defaultrange class_id default range)
+ (defaultrange class_id default <range>)
**Where:**
@@ -167,11 +167,11 @@
</tr>
<tr class="odd">
<td align="left"><p><code>default</code></p></td>
-<td align="left"><p>A keyword of either <code>source</code> or <code>target</code>.</p></td>
+<td align="left"><p>A keyword of either <code>source</code>, <code>target</code>, or <code>glblub</code>.</p></td>
</tr>
<tr class="even">
<td align="left"><p><code>range</code></p></td>
-<td align="left"><p>A keyword of either <code>low</code>, <code>high</code> or <code>low-high</code>.</p></td>
+<td align="left"><p>A keyword of either <code>low</code>, <code>high</code>, or <code>low-high</code>.</p></td>
</tr>
</tbody>
</table>
@@ -181,3 +181,7 @@
When creating a new `file` object, the appropriate `range` component of the new security context will be taken from the `target` context:
(defaultrange file target low_high)
+
+MLS userspace object managers may need to compute the common parts of a range such that the object is created with the range common to the subject and containing object:
+
+ (defaultrange db_table glblub)
diff --git a/secilc/docs/cil_policy_config_statements.md b/secilc/docs/cil_policy_config_statements.md
index 392976f..48e29d6 100644
--- a/secilc/docs/cil_policy_config_statements.md
+++ b/secilc/docs/cil_policy_config_statements.md
@@ -97,7 +97,7 @@
</tr>
<tr class="even">
<td align="left"><p><code>policycap_id</code></p></td>
-<td align="left"><p>The <code>policycap</code> identifer (e.g. <code>open_perms</code>).</p></td>
+<td align="left"><p>The <code>policycap</code> identifier (e.g. <code>open_perms</code>).</p></td>
</tr>
</tbody>
</table>
diff --git a/secilc/docs/cil_reference_guide.md b/secilc/docs/cil_reference_guide.md
index d179c3c..1b1fccc 100644
--- a/secilc/docs/cil_reference_guide.md
+++ b/secilc/docs/cil_reference_guide.md
@@ -57,7 +57,7 @@
ipaddr
macro
policycap
-2. Explicit anonymous declarations - These are currently restricted to IP addesses where they can be declared directly in statements by enclosing them within parentheses e.g. `(127.0.0.1)` or `(::1)`. See the [Network Labeling Statements](#network_labeling) section for examples.
+2. Explicit anonymous declarations - These are currently restricted to IP addresses where they can be declared directly in statements by enclosing them within parentheses e.g. `(127.0.0.1)` or `(::1)`. See the [Network Labeling Statements](#network_labeling) section for examples.
3. Anonymous declarations - These have been previously declared and the object already exists, therefore they may be referenced by their name or identifier within statements. For example the following declare all the components required to specify a context:
@@ -224,7 +224,7 @@
(classpermissionset cps_1 (security (not (load_policy setenforce))))
- This example includes all permissions in the associated [`classpermissionset`](cil_class_and_permission_statements.md#classpermissionset) identifer `security_all_perms`:
+ This example includes all permissions in the associated [`classpermissionset`](cil_class_and_permission_statements.md#classpermissionset) identifier `security_all_perms`:
(class security (compute_av compute_create compute_member check_context load_policy
compute_relabel compute_user setenforce setbool setsecparam setcheckreqprot
diff --git a/secilc/docs/cil_role_statements.md b/secilc/docs/cil_role_statements.md
index d92f628..c1e457a 100644
--- a/secilc/docs/cil_role_statements.md
+++ b/secilc/docs/cil_role_statements.md
@@ -310,7 +310,7 @@
**Example:**
-In this example the role `test` cannot have greater priviledges than `unconfined.role`:
+In this example the role `test` cannot have greater privileges than `unconfined.role`:
(role test)
diff --git a/secilc/docs/cil_user_statements.md b/secilc/docs/cil_user_statements.md
index 4075187..bbd76ef 100644
--- a/secilc/docs/cil_user_statements.md
+++ b/secilc/docs/cil_user_statements.md
@@ -222,7 +222,7 @@
userrange
---------
-Associates a previously declared [`user`](cil_user_statements.md#user) identifer with a previously declared [`levelrange`](cil_mls_labeling_statements.md#levelrange) identifier. The [`levelrange`](cil_mls_labeling_statements.md#levelrange) may be named or anonymous.
+Associates a previously declared [`user`](cil_user_statements.md#user) identifier with a previously declared [`levelrange`](cil_mls_labeling_statements.md#levelrange) identifier. The [`levelrange`](cil_mls_labeling_statements.md#levelrange) may be named or anonymous.
**Statement definition:**
@@ -281,7 +281,7 @@
userbounds
----------
-Defines a hierarchical relationship between users where the child user cannot have more priviledges than the parent.
+Defines a hierarchical relationship between users where the child user cannot have more privileges than the parent.
Notes:
@@ -318,7 +318,7 @@
**Example:**
-The user `test` cannot have greater priviledges than `unconfined.user`:
+The user `test` cannot have greater privileges than `unconfined.user`:
(user test)
diff --git a/secilc/secilc.8.xml b/secilc/secilc.8.xml
index e08a962..2b734f0 100644
--- a/secilc/secilc.8.xml
+++ b/secilc/secilc.8.xml
@@ -96,6 +96,11 @@
</varlistentry>
<varlistentry>
+ <term><option>-O, --optimize</option></term>
+ <listitem><para>Optimize final policy (remove redundant rules).</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>-v, --verbose</option></term>
<listitem><para>Increment verbosity level.</para></listitem>
</varlistentry>
diff --git a/secilc/secilc.c b/secilc/secilc.c
index ad6862b..186c5a7 100644
--- a/secilc/secilc.c
+++ b/secilc/secilc.c
@@ -68,6 +68,7 @@
printf(" -G, --expand-generated Expand and remove auto-generated attributes\n");
printf(" -X, --expand-size <SIZE> Expand type attributes with fewer than <SIZE>\n");
printf(" members.\n");
+ printf(" -O, --optimize optimize final policy\n");
printf(" -v, --verbose increment verbosity level\n");
printf(" -h, --help display usage information\n");
exit(1);
@@ -97,6 +98,7 @@
int policyvers = POLICYDB_VERSION_MAX;
int attrs_expand_generated = 0;
int attrs_expand_size = -1;
+ int optimize = 0;
int opt_char;
int opt_index = 0;
char *fc_buf = NULL;
@@ -117,12 +119,13 @@
{"filecontexts", required_argument, 0, 'f'},
{"expand-generated", no_argument, 0, 'G'},
{"expand-size", required_argument, 0, 'X'},
+ {"optimize", no_argument, 0, 'O'},
{0, 0, 0, 0}
};
int i;
while (1) {
- opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNc:GX:", long_opts, &opt_index);
+ opt_char = getopt_long(argc, argv, "o:f:U:hvt:M:PDmNOc:GX:n", long_opts, &opt_index);
if (opt_char == -1) {
break;
}
@@ -211,6 +214,9 @@
}
break;
}
+ case 'O':
+ optimize = 1;
+ break;
case 'h':
usage(argv[0]);
case '?':
@@ -294,6 +300,14 @@
goto exit;
}
+ if (optimize) {
+ rc = sepol_policydb_optimize(pdb);
+ if (rc != SEPOL_OK) {
+ fprintf(stderr, "Failed to optimize policydb\n");
+ goto exit;
+ }
+ }
+
if (output == NULL) {
int size = snprintf(NULL, 0, "policy.%d", policyvers);
output = malloc((size + 1) * sizeof(char));
diff --git a/semodule-utils/VERSION b/semodule-utils/VERSION
index 8c26915..9f55b2c 100644
--- a/semodule-utils/VERSION
+++ b/semodule-utils/VERSION
@@ -1 +1 @@
-2.9
+3.0
diff --git a/semodule-utils/semodule_package/semodule_unpackage.c b/semodule-utils/semodule_package/semodule_unpackage.c
index c9124c0..b8c4fbc 100644
--- a/semodule-utils/semodule_package/semodule_unpackage.c
+++ b/semodule-utils/semodule_package/semodule_unpackage.c
@@ -55,7 +55,7 @@
ppfile = argv[1];
modfile = argv[2];
- if (argc >= 3)
+ if (argc >= 4)
fcfile = argv[3];
if (file_to_policy_file(ppfile, &in, "r"))
