[checkpolicy/f16] Allow ~ in FILENAMEs

Daniel J Walsh dwalsh at fedoraproject.org
Mon Nov 14 16:42:23 UTC 2011 

commit 79788149dd5e9f77c526a3456736acc039cdcc5a
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Mon Nov 14 11:42:20 2011 -0500

    Allow ~ in FILENAMEs

 checkpolicy-rhat.patch |   58 +++++++++++++++++++++++++----------------------
 checkpolicy.spec       |    5 +++-
 2 files changed, 35 insertions(+), 28 deletions(-)
---
diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index 0e33433..57a9153 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -1,21 +1,7 @@
-diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c
-index fdf2d92..0e08965 100644
---- a/checkpolicy/test/dispol.c
-+++ b/checkpolicy/test/dispol.c
-@@ -365,7 +365,7 @@ static void display_filename_trans(policydb_t *p, FILE *fp)
- 		display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
- 		display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
- 		display_id(p, fp, SYM_TYPES, ft->otype - 1, "");
--		fprintf(fp, "%s\n", ft->name);
-+		fprintf(fp, " %s\n", ft->name);
- 	}
- }
- 
-diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
-index 49ac15f..1e3ef6f 100644
---- a/checkpolicy/policy_parse.y
-+++ b/checkpolicy/policy_parse.y
-@@ -353,7 +353,7 @@ cond_rule_def           : cond_transition_def
+diff -up checkpolicy-2.1.3/policy_parse.y.rhat checkpolicy-2.1.3/policy_parse.y
+--- checkpolicy-2.1.3/policy_parse.y.rhat	2011-08-18 06:47:32.000000000 -0400
++++ checkpolicy-2.1.3/policy_parse.y	2011-11-14 11:37:40.727277673 -0500
+@@ -348,7 +348,7 @@ cond_rule_def           : cond_transitio
  			| require_block
  			{ $$ = NULL; }
                          ;
@@ -24,7 +10,7 @@ index 49ac15f..1e3ef6f 100644
                          { $$ = define_cond_filename_trans() ;
                            if ($$ == COND_ERR) return -1;}
  			| TYPE_TRANSITION names names ':' names identifier ';'
-@@ -391,7 +391,7 @@ cond_dontaudit_def	: DONTAUDIT names names ':' names names ';'
+@@ -386,7 +386,7 @@ cond_dontaudit_def	: DONTAUDIT names nam
  			{ $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
                            if ($$ == COND_ERR) return -1; }
  		        ;
@@ -33,19 +19,25 @@ index 49ac15f..1e3ef6f 100644
  			{if (define_filename_trans()) return -1; }
  			| TYPE_TRANSITION names names ':' names identifier ';'
                          {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
-diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
-index a61e0db..2ba5971 100644
---- a/checkpolicy/policy_scan.l
-+++ b/checkpolicy/policy_scan.l
-@@ -227,7 +227,6 @@ PERMISSIVE			{ return(PERMISSIVE); }
+diff -up checkpolicy-2.1.3/policy_scan.l.rhat checkpolicy-2.1.3/policy_scan.l
+--- checkpolicy-2.1.3/policy_scan.l.rhat	2011-08-18 06:47:32.000000000 -0400
++++ checkpolicy-2.1.3/policy_scan.l	2011-11-14 11:39:07.764330673 -0500
+@@ -225,11 +225,10 @@ PERMISSIVE			{ return(PERMISSIVE); }
  {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
  {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
  {digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
 -\"({alnum}|[_\.\-])+\"		{ return(FILENAME); }
  {alnum}*                        { return(FILENAME); }
- \.({alnum}|[_\.\-])*	        { return(FILENAME); }
- {letter}+([-_\.]|{alnum})+      { return(FILENAME); }
-@@ -253,6 +252,7 @@ PERMISSIVE			{ return(PERMISSIVE); }
+-\.({alnum}|[_\.\-])*	        { return(FILENAME); }
+-{letter}+([-_\.]|{alnum})+      { return(FILENAME); }
+-([_\.]){alnum}+                 { return(FILENAME); }
++\.({alnum}|[_\.\-\~])*	        { return(FILENAME); }
++{letter}+([-_\.\~]|{alnum})+      { return(FILENAME); }
++([_\.\~]){alnum}+                 { return(FILENAME); }
+ #line[ ]1[ ]\"[^\n]*\"		{ set_source_file(yytext+9); }
+ #line[ ]{digit}+	        { source_lineno = atoi(yytext+6)-1; }
+ #[^\n]*                         { /* delete comments */ }
+@@ -251,6 +250,7 @@ PERMISSIVE			{ return(PERMISSIVE); }
  "-" |
  "." |
  "]" |
@@ -53,3 +45,15 @@ index a61e0db..2ba5971 100644
  "~" |
  "*"				{ return(yytext[0]); } 
  .                               { yywarn("unrecognized character");}
+diff -up checkpolicy-2.1.3/test/dispol.c.rhat checkpolicy-2.1.3/test/dispol.c
+--- checkpolicy-2.1.3/test/dispol.c.rhat	2011-08-18 06:47:32.000000000 -0400
++++ checkpolicy-2.1.3/test/dispol.c	2011-11-14 11:37:40.726277672 -0500
+@@ -365,7 +365,7 @@ static void display_filename_trans(polic
+ 		display_id(p, fp, SYM_TYPES, ft->ttype - 1, "");
+ 		display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":");
+ 		display_id(p, fp, SYM_TYPES, ft->otype - 1, "");
+-		fprintf(fp, "%s\n", ft->name);
++		fprintf(fp, " %s\n", ft->name);
+ 	}
+ }
+ 
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 57178de..33d5c77 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -2,7 +2,7 @@
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.1.3
-Release: 1.2%{?dist}
+Release: 1.3%{?dist}
 License: GPLv2
 Group: Development/System
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -55,6 +55,9 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
+* Mon Nov 14 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-1.3
+- Allow ~ in FILENAMEs
+
 * Wed Sep 21 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-1.2
 - Try again

More information about the scm-commits mailing list