Gitiles
Code Review Sign In
review.blissroms.org / platform_external_selinux / 99fc177b5af4e1e8855d42d2d01cb93ac7f9d14b
commit99fc177b5af4e1e8855d42d2d01cb93ac7f9d14b[log] [tgz]
authorJeff Vander Stoep <jeffv@google.com>Fri Sep 18 12:57:56 2015 -0700
committerStephen Smalley <sds@tycho.nsa.gov>Tue Sep 22 10:52:47 2015 -0400
treef4cb5624b7176e497086bcd4e1bfc46ab78349e3
parentfe2ff880587f556f63523925a21a49aad6157d8b [diff]
Add neverallow support for ioctl extended permissions

Neverallow rules for ioctl extended permissions will pass in two
cases:
1. If extended permissions exist for the source-target-class set
   the test will pass if the neverallow values are excluded.
2. If extended permissions do not exist for the source-target-class
   set the test will pass if the ioctl permission is not granted.

Signed-off-by: Jeff Vander Stoep <jeffv@google.com>
Acked-by:  Nick Kralevich <nnk@google.com>
Acked-by:  Stephen Smalley <sds@tycho.nsa.gov>
10 files changed
tree: f4cb5624b7176e497086bcd4e1bfc46ab78349e3
  1. checkpolicy/
  2. libselinux/
  3. libsemanage/
  4. libsepol/
  5. policycoreutils/
  6. scripts/
  7. secilc/
  8. sepolgen/
  9. .gitignore
  10. Android.mk
  11. CleanSpec.mk
  12. Makefile
  13. README