[checkpolicy/f14/master] - Add James Carters Patch *This patch is needed because some filesystem names (such as 9p) start
Daniel J Walsh
dwalsh at fedoraproject.org
Wed Jan 12 21:55:54 UTC 2011
commit 321be5db1356bb33232fe0fee3f3565981011811
Author: Dan Walsh <dwalsh at redhat.com>
Date: Wed Jan 12 16:55:45 2011 -0500
- Add James Carters Patch
*This patch is needed because some filesystem names (such as 9p) start
with a digit.
checkpolicy-filesystem.patch | 65 ++++++++++++++++++++++++++++++++++++++++++
1 files changed, 65 insertions(+), 0 deletions(-)
---
diff --git a/checkpolicy-filesystem.patch b/checkpolicy-filesystem.patch
new file mode 100644
index 0000000..c1f2442
--- /dev/null
+++ b/checkpolicy-filesystem.patch
@@ -0,0 +1,65 @@
+ policy_parse.y | 14 ++++++++++----
+ policy_scan.l | 1 +
+ 2 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
+index 8d1bc37..0777238 100644
+--- a/checkpolicy/policy_parse.y
++++ b/checkpolicy/policy_parse.y
+@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
+ %token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
+ %token POLICYCAP
+ %token PERMISSIVE
++%token FILESYSTEM
+
+ %left OR
+ %left XOR
+@@ -637,7 +638,7 @@ opt_fs_uses : fs_uses
+ fs_uses : fs_use_def
+ | fs_uses fs_use_def
+ ;
+-fs_use_def : FSUSEXATTR identifier security_context_def ';'
++fs_use_def : FSUSEXATTR filesystem security_context_def ';'
+ {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
+ | FSUSETASK identifier security_context_def ';'
+ {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
+@@ -650,11 +651,11 @@ opt_genfs_contexts : genfs_contexts
+ genfs_contexts : genfs_context_def
+ | genfs_contexts genfs_context_def
+ ;
+-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
++genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
+ {if (define_genfs_context(1)) return -1;}
+- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
++ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
+ {if (define_genfs_context(1)) return -1;}
+- | GENFSCON identifier path security_context_def
++ | GENFSCON filesystem path security_context_def
+ {if (define_genfs_context(0)) return -1;}
+ ;
+ ipv4_addr_def : IPV4_ADDR
+@@ -728,6 +729,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; }
+ identifier : IDENTIFIER
+ { if (insert_id(yytext,0)) return -1; }
+ ;
++filesystem : FILESYSTEM
++ { if (insert_id(yytext,0)) return -1; }
++ | IDENTIFIER
++ { if (insert_id(yytext,0)) return -1; }
++ ;
+ path : PATH
+ { if (insert_id(yytext,0)) return -1; }
+ ;
+diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
+index 48128a8..65aff8d 100644
+--- a/checkpolicy/policy_scan.l
++++ b/checkpolicy/policy_scan.l
+@@ -217,6 +217,7 @@ permissive |
+ PERMISSIVE { return(PERMISSIVE); }
+ "/"({alnum}|[_\.\-/])* { return(PATH); }
+ {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
++{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
+ {digit}+|0x{hexval}+ { return(NUMBER); }
+ {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
+ {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
+
More information about the scm-commits
mailing list