With the addition of the anon_inode class in the kernel, 'self' transition rules became useful, but haven't been implemented. This series implements the self keyword support in the CIL & TE languages and the module policydb format. The kernel policydb format doesn't need any changes, as type transitions are always expanded in the kernel policydb. The patches have been tested using the following WIP beakerlib/tmt test: https://src.fedoraproject.org/fork/omos/tests/selinux/blob/self-in-tt/f/libsepol/self-keyword-in-type-transitions Ondrej Mosnacek (2): libsepol/cil: add support for self keyword in type transitions libsepol,checkpolicy: add support for self keyword in type transitions checkpolicy/policy_define.c | 42 +++++- libsepol/cil/src/cil_binary.c | 168 +++++++++++++++------ libsepol/cil/src/cil_resolve_ast.c | 25 ++- libsepol/include/sepol/policydb/policydb.h | 4 +- libsepol/src/expand.c | 69 ++++++--- libsepol/src/link.c | 1 + libsepol/src/module_to_cil.c | 30 ++-- libsepol/src/policydb.c | 33 +++- libsepol/src/write.c | 19 ++- secilc/test/policy.cil | 3 + 10 files changed, 293 insertions(+), 101 deletions(-) -- 2.35.1
