[checkpolicy] Fix checkpolicy to ignore '"' in filename trans rules
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 20 14:06:33 UTC 2011
commit 0708d417f5992c96f65912d1a6554df8fe042dc4
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Sep 20 10:06:14 2011 -0400
Fix checkpolicy to ignore '"' in filename trans rules
checkpolicy-rhat.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
checkpolicy.spec | 9 +++++++--
2 files changed, 49 insertions(+), 2 deletions(-)
---
diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index e69de29..971e35f 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -0,0 +1,42 @@
+diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
+index 49ac15f..1e3ef6f 100644
+--- a/checkpolicy/policy_parse.y
++++ b/checkpolicy/policy_parse.y
+@@ -353,7 +353,7 @@ cond_rule_def : cond_transition_def
+ | require_block
+ { $$ = NULL; }
+ ;
+-cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
++cond_transition_def : TYPE_TRANSITION names names ':' names identifier '\"' filename '\"' ';'
+ { $$ = define_cond_filename_trans() ;
+ if ($$ == COND_ERR) return -1;}
+ | TYPE_TRANSITION names names ':' names identifier ';'
+@@ -391,7 +391,7 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
+ { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
+ if ($$ == COND_ERR) return -1; }
+ ;
+-transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
++transition_def : TYPE_TRANSITION names names ':' names identifier '\"' filename '\"' ';'
+ {if (define_filename_trans()) return -1; }
+ | TYPE_TRANSITION names names ':' names identifier ';'
+ {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
+diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
+index a61e0db..2ba5971 100644
+--- a/checkpolicy/policy_scan.l
++++ b/checkpolicy/policy_scan.l
+@@ -227,7 +227,6 @@ PERMISSIVE { return(PERMISSIVE); }
+ {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
+ {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
+ {digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); }
+-\"({alnum}|[_\.\-])+\" { return(FILENAME); }
+ {alnum}* { return(FILENAME); }
+ \.({alnum}|[_\.\-])* { return(FILENAME); }
+ {letter}+([-_\.]|{alnum})+ { return(FILENAME); }
+@@ -253,6 +252,7 @@ PERMISSIVE { return(PERMISSIVE); }
+ "-" |
+ "." |
+ "]" |
++"\"" |
+ "~" |
+ "*" { return(yytext[0]); }
+ . { yywarn("unrecognized character");}
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 91f66b1..11257b3 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -2,10 +2,11 @@
Summary: SELinux policy compiler
Name: checkpolicy
Version: 2.1.5
-Release: 1%{?dist}
+Release: 2%{?dist}
License: GPLv2
Group: Development/System
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
+Patch: checkpolicy-rhat.patch
BuildRoot: %{_tmppath}/%{name}-buildroot
BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel
@@ -26,6 +27,7 @@ Only required for building policies.
%prep
%setup -q
+%patch -p2 -b .rhat
%build
make clean
@@ -53,7 +55,10 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/sedispol
%changelog
-* Mon Sep 19 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-0
+* Tue Sep 20 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-2
+- Fix checkpolicy to ignore '"' in filename trans rules
+
+* Mon Sep 19 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.5-1
-Update to upstream
* Separate tunable from boolean during compile.
More information about the scm-commits
mailing list