These patches depend on the 16 patch set that refactors and fixes assertion checking. The first patch is based on patches by Christian Göttsche <cgzones@xxxxxxxxxxxxxx> sent to the list on November 23rd. His patch adding support to checkpolicy is meant to be used with these patches. The second patch adds support for not-self rules to CIL. Currently, it works for all access vector rules, but I am not sure if that is needed or wise. James Carter (2): libsepol: Add not self support for neverallow rules libsepol/cil: Add notself and minusself support to CIL libsepol/cil/src/cil.c | 12 ++ libsepol/cil/src/cil_binary.c | 91 ++++++++- libsepol/cil/src/cil_build_ast.c | 10 +- libsepol/cil/src/cil_find.c | 206 ++++++++++++++++++--- libsepol/cil/src/cil_internal.h | 4 + libsepol/cil/src/cil_resolve_ast.c | 4 + libsepol/cil/src/cil_verify.c | 3 +- libsepol/include/sepol/policydb/policydb.h | 3 +- libsepol/src/assertion.c | 144 +++++++++++--- 9 files changed, 467 insertions(+), 64 deletions(-) -- 2.31.1
