This patch set adds support for using notself and other in AV rules. See patch 3 for more details. Patches 1-4, 6-7 are the same as the patches from April 12th, see: https://lore.kernel.org/selinux/20230412210406.522892-1-jwcart2@xxxxxxxxx/ Patch 5 updates Christian's patch to use ERR() instead of log_err(), see: https://lore.kernel.org/selinux/20230602130608.24586-4-cgzones@xxxxxxxxxxxxxx/ Nothing else has changed. Christian Göttsche (1): libsepol: update CIL generation for trivial not-self rules James Carter (6): libsepol: Changes to ebitmap.h to fix compiler warnings libsepol/cil: Do not call ebitmap_init twice for an ebitmap libsepol/cil: Add notself and other support to CIL libsepol: Use ERR() instead of log_err() secilc/docs: Add notself and other keywords to CIL documentation secilc/test: Add notself and other tests libsepol/cil/src/cil.c | 12 ++ libsepol/cil/src/cil_binary.c | 91 +++++++- libsepol/cil/src/cil_build_ast.c | 10 +- libsepol/cil/src/cil_find.c | 246 ++++++++++++++++++---- libsepol/cil/src/cil_internal.h | 4 + libsepol/cil/src/cil_resolve_ast.c | 4 + libsepol/cil/src/cil_verify.c | 3 +- libsepol/include/sepol/policydb/ebitmap.h | 4 +- libsepol/src/module_to_cil.c | 30 ++- secilc/docs/README.md | 1 - secilc/docs/cil_access_vector_rules.md | 244 +++------------------ secilc/docs/cil_reference_guide.md | 9 - secilc/docs/secil.xml | 2 + secilc/test/notself_and_other.cil | 65 ++++++ 14 files changed, 444 insertions(+), 281 deletions(-) create mode 100644 secilc/test/notself_and_other.cil -- 2.41.0
