-
Notifications
You must be signed in to change notification settings - Fork 369
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge commit 'b19eafb97feb6389d78e1693f276fc5b10e25bd6' as 'libsepol/…
…cil'
- Loading branch information
Showing
108 changed files
with
76,146 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| *.swp | ||
| *.gcda | ||
| *.gcno | ||
| *.o | ||
| *.a | ||
| src/cil_lexer.c | ||
| unit_tests | ||
| cov | ||
| secilc | ||
| docs/pdf/ | ||
| docs/html/ | ||
| docs/man8/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| All files are licensed under the FreeBSD license, excepet for thid party | ||
| components, which are subject to their respective licenses as specified in | ||
| their source files. | ||
|
|
||
| FreeBSD License | ||
|
|
||
| Copyright 2011 Tresys Technology, LLC. All rights reserved. | ||
|
|
||
| Redistribution and use in source and binary forms, with or without | ||
| modification, are permitted provided that the following conditions are met: | ||
|
|
||
| 1. Redistributions of source code must retain the above copyright notice, | ||
| this list of conditions and the following disclaimer. | ||
|
|
||
| 2. Redistributions in binary form must reproduce the above copyright notice, | ||
| this list of conditions and the following disclaimer in the documentation | ||
| and/or other materials provided with the distribution. | ||
|
|
||
| THIS SOFTWARE IS PROVIDED BY TRESYS TECHNOLOGY, LLC ``AS IS'' AND ANY EXPRESS | ||
| OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF | ||
| MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO | ||
| EVENT SHALL TRESYS TECHNOLOGY, LLC OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, | ||
| INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, | ||
| BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, | ||
| DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF | ||
| LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE | ||
| OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF | ||
| ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | ||
|
|
||
| The views and conclusions contained in the software and documentation are those | ||
| of the authors and should not be interpreted as representing official policies, | ||
| either expressed or implied, of Tresys Technology, LLC. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| PREFIX ?= $(DESTDIR)/usr | ||
| LIBDIR ?= $(PREFIX)/lib | ||
| SHLIBDIR ?= $(DESTDIR)/lib | ||
| INCLUDEDIR ?= $(PREFIX)/include | ||
| SRCDIR ?= ./src | ||
| TESTDIR ?= ./test | ||
| UNITDIR ?= $(TESTDIR)/unit | ||
| LIBCILDIR ?= $(SRCDIR) | ||
|
|
||
| LEX = flex | ||
|
|
||
| DEBUG = 0 | ||
|
|
||
| SECILC = secilc | ||
|
|
||
| UNIT = unit_tests | ||
|
|
||
| SECILC_SRCS := secilc.c | ||
| SECILC_OBJS := $(patsubst %.c,%.o,$(SECILC_SRCS)) | ||
|
|
||
| TEST_SRCS := $(wildcard $(UNITDIR)/*.c) | ||
| TEST_OBJS := $(patsubst %.c,%.o,$(TEST_SRCS)) | ||
|
|
||
| LIBCIL_GENERATED := $(LIBCILDIR)/cil_lexer.c | ||
| LIBCIL_SRCS := $(wildcard $(LIBCILDIR)/*.c) $(LIBCIL_GENERATED) | ||
| LIBCIL_OBJS := $(patsubst %.c,%.o,$(LIBCIL_SRCS)) | ||
| LIBCIL_INCLUDES := $(wildcard $(LIBCILDIR)/*.h) | ||
|
|
||
| LIBCIL_STATIC := $(SRCDIR)/libcil.a | ||
|
|
||
| LIBSEPOL_STATIC = /usr/lib/libsepol.a | ||
|
|
||
| LIBS = | ||
| LDFLAGS = | ||
| COVCFLAGS = -fprofile-arcs -ftest-coverage -O0 | ||
|
|
||
| CFLAGS ?= -Wall -Wshadow -Wextra -Wundef -Wmissing-format-attribute -Wcast-align -Wstrict-prototypes -Wpointer-arith -Wunused | ||
|
|
||
| ifeq ($(DEBUG),1) | ||
| override CFLAGS += -g3 -O0 -gdwarf-2 -fno-strict-aliasing -DDEBUG | ||
| override LDFLAGS += -g | ||
| else | ||
| override CFLAGS += -O2 | ||
| endif | ||
|
|
||
| override CFLAGS += -I./include -I$(INCLUDEDIR) -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 | ||
|
|
||
| ARCH := $(patsubst i%86,i386,$(shell uname -m)) | ||
| ifneq (,$(filter i386,$(ARCH))) | ||
| TLSFLAGS += -mno-tls-direct-seg-refs | ||
| endif | ||
| ifneq (,$(filter x86_64,$(ARCH))) | ||
| override LDFLAGS += -I/usr/lib64 | ||
| override LIBSEPOL_STATIC = /usr/lib64/libsepol.a | ||
| endif | ||
|
|
||
| all: $(SECILC) | ||
|
|
||
| %.o: %.c $(LIBCIL_INCLUDES) | ||
| $(CC) $(CFLAGS) -c -o $@ $< | ||
|
|
||
| $(LIBCIL_STATIC): $(LIBCIL_OBJS) | ||
| $(AR) rcs $@ $^ | ||
| ranlib $@ | ||
|
|
||
| $(LIBCIL_GENERATED): $(LIBCILDIR)/cil_lexer.l | ||
| $(LEX) -t $< > $@ | ||
|
|
||
| $(UNIT): $(TEST_OBJS) $(LIBCIL_STATIC) | ||
| $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS) | ||
|
|
||
| $(SECILC): $(SECILC_OBJS) $(LIBCIL_STATIC) | ||
| $(CC) $(CFLAGS) -o $@ $^ $(LIBCIL_STATIC) $(LIBSEPOL_STATIC) $(LDFLAGS) | ||
|
|
||
| unit: $(SECILC) $(UNIT) | ||
|
|
||
| # Requires lcov 1.9+ (--ignore-errors) | ||
| coverage: CFLAGS += $(COVCFLAGS) | ||
| coverage: clean unit | ||
| ./unit_tests | ||
| test -d cov || mkdir cov | ||
| lcov --directory src --capture --output-file cov/app.info --ignore-errors source -b src | ||
| lcov --remove cov/app.info '/usr/include/*' --remove cov/app.info 'sepol/*' --output-file cov/app.info | ||
| genhtml -o ./cov/html ./cov/app.info | ||
|
|
||
| test: $(SECILC) | ||
| ./$(SECILC) test/policy.cil | ||
|
|
||
| clean: | ||
| rm -f $(SECILC) | ||
| rm -f $(LIBCIL_STATIC) | ||
| rm -f $(TEST_OBJS) $(SECILC_OBJS) | ||
| rm -rf cov src/*.gcda src/*.gcno *.gcda *.gcno | ||
| rm -f $(LIBCIL_OBJS) | ||
|
|
||
| bare: clean | ||
| rm -f $(LIBCIL_GENERATED) | ||
| rm -f $(UNIT) | ||
| rm -f policy.* | ||
| rm -f file_contexts | ||
|
|
||
| .PHONY: all bare clean coverage test unit |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,75 @@ | ||
| SELinux Common Intermediate Language (CIL) Compiler | ||
|
|
||
| INTRODUCTION | ||
|
|
||
| The SELinux CIL Compiler is a compiler that converts the CIL language as | ||
| described on the CIL design wiki into a kernel binary policy file. | ||
| Please see the CIL Design Wiki at: | ||
| http://github.com/SELinuxProject/cil/wiki/ | ||
| for more information about the goals and features on the CIL language. | ||
|
|
||
| DEPENDENCIES | ||
|
|
||
| gcc >= 4.5.1 | ||
| libsepol-static >= 2.1.4 | ||
| lcov >= 1.9 | ||
| flex >= 2.5.35 | ||
|
|
||
|
|
||
| BUILD STEPS | ||
|
|
||
| Open a terminal client and execute the following command to download the source code: | ||
|
|
||
| git clone https://github.com/SELinuxProject/cil.git | ||
|
|
||
| Change directory into the "cil" directory. | ||
| Run "make" with one of the following targets: | ||
|
|
||
| make | ||
| Build the CIL compiler (secilc) | ||
|
|
||
| make unit | ||
| Build the unit_test application to run unit tests | ||
|
|
||
| make coverage | ||
| Build the unit test binary and create coverage reports | ||
|
|
||
| make clean | ||
| Remove temporary build files | ||
|
|
||
| make bare | ||
| Remove temporary build files and compile binaries | ||
|
|
||
|
|
||
| USAGE | ||
|
|
||
| Execute 'secilc' with any number of CIL files as arguments. A binary policy and | ||
| file_contexts file will be created. | ||
|
|
||
| Use the '--help' option for more details. | ||
|
|
||
|
|
||
| DOCUMENTATION | ||
|
|
||
| There is a Docbook CIL Reference Guide in the docs directory, to build | ||
| this in HTML and PDF format change to the docs directory and run: | ||
| make html pdf | ||
|
|
||
| There is also an secilc man page that can be built with: | ||
| make man | ||
|
|
||
| The documents will be located in the docs/html, docs/pdf and docs/man8 | ||
| directories. | ||
|
|
||
| To build the html and manpage the xmlto package is required. | ||
| To build the pdf document the xmlto and dblatex packages are required. | ||
|
|
||
|
|
||
| KNOWN ISSUES | ||
|
|
||
| - Blocks inside of macros causes undefined behavior | ||
|
|
||
| - Policy must be well formed. For example, invalid usage of | ||
| sensitivities/categories/levels may create an unloaded binary | ||
|
|
||
| - Recursive limits are not handled |
Oops, something went wrong.