This patch set adds support for using notself and other in AV rules. See patch 3 for more details. Patches 1 and 2 are new patches related to ebitmaps. Patch 3 is a modified version of the patch sent to the list on March 1st. The recent changes are just removing some ebitmap_init() and ebitmap_destroy() calls that are not needed with patch 2. Patch 4 is Christian's patch unmodified. Patch 5 is a new patch that updates the CIL documentation Patch 6 is a new patch that adds a simple policy that can be used to test secilc. Christian Göttsche (1): libsepol: update CIL generation for trivial not-self rules James Carter (5): libsepol: Changes to ebitmap.h to fix compiler warnings libsepol/cil: Do not call ebitmap_init twice for an ebitmap libsepol/cil: Add notself and other support to CIL secilc/docs: Add notself and other keywords to CIL documentation secilc/test: Add notself and other tests libsepol/cil/src/cil.c | 12 ++ libsepol/cil/src/cil_binary.c | 91 +++++++- libsepol/cil/src/cil_build_ast.c | 10 +- libsepol/cil/src/cil_find.c | 246 ++++++++++++++++++---- libsepol/cil/src/cil_internal.h | 4 + libsepol/cil/src/cil_resolve_ast.c | 4 + libsepol/cil/src/cil_verify.c | 3 +- libsepol/include/sepol/policydb/ebitmap.h | 4 +- libsepol/src/module_to_cil.c | 30 ++- secilc/docs/README.md | 1 - secilc/docs/cil_access_vector_rules.md | 244 +++------------------ secilc/docs/cil_reference_guide.md | 9 - secilc/docs/secil.xml | 2 + secilc/test/notself_and_other.cil | 65 ++++++ 14 files changed, 444 insertions(+), 281 deletions(-) create mode 100644 secilc/test/notself_and_other.cil -- 2.39.2
