[selinux-policy: 242/3172] do dtd verification on xml. fix current xml to be valid
Daniel J Walsh
dwalsh at fedoraproject.org
Thu Oct 7 19:25:52 UTC 2010
commit 004db90d3f8ddf05f4e0d1c75a8c96a41b016685
Author: Chris PeBenito <cpebenito at tresys.com>
Date: Wed Jun 1 18:34:34 2005 +0000
do dtd verification on xml. fix current xml to be valid
refpolicy/Makefile | 10 ++++++++--
refpolicy/policy/modules/apps/gpg.if | 1 +
refpolicy/policy/modules/kernel/corenetwork.if | 13 ++++++++++---
3 files changed, 19 insertions(+), 5 deletions(-)
---
diff --git a/refpolicy/Makefile b/refpolicy/Makefile
index 30a66db..ad47766 100644
--- a/refpolicy/Makefile
+++ b/refpolicy/Makefile
@@ -44,6 +44,7 @@ SBINDIR := $(PREFIX)/sbin
CHECKPOLICY := $(BINDIR)/checkpolicy
LOADPOLICY := $(SBINDIR)/load_policy
SETFILES := $(SBINDIR)/setfiles
+XMLLINT := $(BINDIR)/xmllint
# enable MLS if requested.
ifeq ($(MLS),y)
@@ -270,11 +271,16 @@ xml: policy.xml
policy.xml: $(ALL_INTERFACES) tmp/generated_definitions.conf
@echo "Creating $@"
- $(QUIET) echo "<policy>" > $@
+ $(QUIET) echo '<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>' > $@
+ $(QUIET) echo '<!DOCTYPE policy SYSTEM "policy.dtd">' >> $@
+ $(QUIET) echo "<policy>" >> $@
# process this through m4 to eliminate the generated definitions.
# currently these are only in corenetwork.if
- $(QUIET) m4 $^ | egrep -h "^##[[:space:]]" | sed -e 's/^##[[:space:]]//g' >> $@
+ $(QUIET) m4 $^ | egrep -h "^##[[:blank:]]" | sed -e 's/^##[[:blank:]]//g' >> $@
$(QUIET) echo "</policy>" >> $@
+ $(QUIET) if test -x $(XMLLINT) && test -f policy.dtd; then \
+ $(XMLLINT) --noout --dtdvalid policy.dtd $@ ;\
+ fi
########################################
#
diff --git a/refpolicy/policy/modules/apps/gpg.if b/refpolicy/policy/modules/apps/gpg.if
index 960d24e..562a1dc 100644
--- a/refpolicy/policy/modules/apps/gpg.if
+++ b/refpolicy/policy/modules/apps/gpg.if
@@ -335,3 +335,4 @@ dontaudit $1_gpg_pinentry_t cifs_t:file write;
dontaudit $1_gpg_pinentry_t { sysctl_t sysctl_kernel_t }:dir { getattr search };
') dnl end TODO
') dnl end gpg_per_userdomain_template
+
diff --git a/refpolicy/policy/modules/kernel/corenetwork.if b/refpolicy/policy/modules/kernel/corenetwork.if
index 035e1a3..9a58221 100644
--- a/refpolicy/policy/modules/kernel/corenetwork.if
+++ b/refpolicy/policy/modules/kernel/corenetwork.if
@@ -2,9 +2,16 @@
## <summary>Policy controlling access to network objects</summary>
ifdef(`interface_pass',`',`
-#######################################
-#
-# corenetwork_network_tcp_on_general_interface(domain)
+########################################
+## <interface name="corenetwork_network_tcp_on_general_interface">
+## <description>
+## Send and receive TCP network traffic on the general interfaces.
+## </description>
+## <parameter name="domain">
+## The type of the process performing this action.
+## </parameter>
+## <infoflow type="both" weight="10"/>
+## </interface>
#
define(`corenetwork_network_tcp_on_general_interface',`
requires_block_template(`$0'_depend)
More information about the scm-commits
mailing list