xref: /third_party/selinux/libsepol/src/assertion.c

52 		ERR(handle, "neverallow on line %lu of %s (or line %lu of %s) violated by allow %s %s:%s {%s };",
59 		ERR(handle, "neverallow on line %lu violated by allow %s %s:%s {%s };",
65 		ERR(handle, "neverallow violated by allow %s %s:%s {%s };",
93 static int check_extended_permissions(av_extended_perms_t *neverallow, avtab_extended_perms_t *allow)
96 	if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION)
98 		if (neverallow->driver == allow->driver)
99 			rc = extended_permissions_and(neverallow->perms, allow->perms);
100 	} else if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION)
102 		rc = xperm_test(neverallow->driver, allow->perms);
103 	} else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER)
105 		rc = xperm_test(allow->driver, neverallow->perms);
106 	} else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER)
108 		rc = extended_permissions_and(neverallow->perms, allow->perms);
114 /* Compute which allowed extended permissions violate the neverallow rule */
116 					av_extended_perms_t *neverallow,
120 	if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION)
125 			result->perms[i] = neverallow->perms[i] & allow->perms[i];
126 	} else if ((neverallow->specified == AVRULE_XPERMS_IOCTLFUNCTION)
129 		result->driver = neverallow->driver;
130 		memcpy(result->perms, neverallow->perms, sizeof(result->perms));
131 	} else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER)
136 	} else if ((neverallow->specified == AVRULE_XPERMS_IOCTLDRIVER)
140 			result->perms[i] = neverallow->perms[i] & allow->perms[i];
488 	/* neverallow may have tgts even if it uses SELF */
571 		ERR(handle, "%lu neverallow failures occurred", errors);

Indexes created Thu Nov 07 10:32:03 CST 2024