[policycoreutils] Allow ~ as a valid part of a filename in sepolgen

Daniel J Walsh dwalsh at fedoraproject.org
Wed Nov 16 16:26:15 UTC 2011 

commit 97d6c28e36cff06534ddadc9de5e0ed1f1f69dcc
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Wed Nov 16 11:26:11 2011 -0500

    Allow ~ as a valid part of a filename in sepolgen

 policycoreutils-sepolgen.patch |   54 +++++++++++++++++++++++-----------------
 policycoreutils.spec           |    5 +++-
 2 files changed, 35 insertions(+), 24 deletions(-)
---
diff --git a/policycoreutils-sepolgen.patch b/policycoreutils-sepolgen.patch
index d6fdfdb..0482ee2 100644
--- a/policycoreutils-sepolgen.patch
+++ b/policycoreutils-sepolgen.patch
@@ -1,26 +1,8 @@
 diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
-index 898fbc3..631bab5 100644
+index 898fbc3..9fdfafa 100644
 --- a/sepolgen/src/sepolgen/audit.py
 +++ b/sepolgen/src/sepolgen/audit.py
-@@ -68,6 +68,17 @@ def get_dmesg_msgs():
-                               stdout=subprocess.PIPE).communicate()[0]
-     return output
- 
-+def get_log_msgs():
-+    """Obtain all of the avc and policy load messages from /var/log/messages.
-+
-+    Returns:
-+       string contain all of the audit messages returned by /var/log/messages.
-+    """
-+    import subprocess
-+    output = subprocess.Popen(["/bin/grep", "avc",  "/var/log/messages"],
-+                              stdout=subprocess.PIPE).communicate()[0]
-+    return output
-+
- # Classes representing audit messages
- 
- class AuditMessage:
-@@ -127,6 +138,9 @@ class PathMessage(AuditMessage):
+@@ -127,6 +127,9 @@ class PathMessage(AuditMessage):
              if fields[0] == "path":
                  self.path = fields[1][1:-1]
                  return
@@ -30,7 +12,7 @@ index 898fbc3..631bab5 100644
  
  class AVCMessage(AuditMessage):
      """AVC message representing an access denial or granted message.
-@@ -168,6 +182,8 @@ class AVCMessage(AuditMessage):
+@@ -168,6 +171,8 @@ class AVCMessage(AuditMessage):
          self.name = ""
          self.accesses = []
          self.denial = True
@@ -39,7 +21,7 @@ index 898fbc3..631bab5 100644
  
      def __parse_access(self, recs, start):
          # This is kind of sucky - the access that is in a space separated
-@@ -229,7 +245,31 @@ class AVCMessage(AuditMessage):
+@@ -229,7 +234,31 @@ class AVCMessage(AuditMessage):
  
          if not found_src or not found_tgt or not found_class or not found_access:
              raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@@ -72,7 +54,7 @@ index 898fbc3..631bab5 100644
  class PolicyLoadMessage(AuditMessage):
      """Audit message indicating that the policy was reloaded."""
      def __init__(self, message):
-@@ -472,10 +512,10 @@ class AuditParser:
+@@ -472,10 +501,10 @@ class AuditParser:
              if avc_filter:
                  if avc_filter.filter(avc):
                      av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
@@ -181,3 +163,29 @@ index 0e6b502..4882999 100644
              self.module.children.append(rule)
  
  
+diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
+index 955784d..9a79340 100644
+--- a/sepolgen/src/sepolgen/refparser.py
++++ b/sepolgen/src/sepolgen/refparser.py
+@@ -245,7 +245,7 @@ def t_refpolicywarn(t):
+     t.lexer.lineno += 1
+ 
+ def t_IDENTIFIER(t):
+-    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
++    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*'
+     # Handle any keywords
+     t.type = reserved.get(t.value,'IDENTIFIER')
+     return t
+diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py
+index 58332de..2f3c09d 100644
+--- a/sepolgen/src/sepolgen/yacc.py
++++ b/sepolgen/src/sepolgen/yacc.py
+@@ -594,7 +594,7 @@ class MiniProduction:
+     pass
+ 
+ # regex matching identifiers
+-_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
++_is_identifier = re.compile(r'^[a-zA-Z0-9_-~]+$')
+ 
+ # -----------------------------------------------------------------------------
+ # add_production()
diff --git a/policycoreutils.spec b/policycoreutils.spec
index fc43712..6098c28 100644
--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@@ -7,7 +7,7 @@
 Summary: SELinux policy core utilities
 Name:	 policycoreutils
 Version: 2.1.8
-Release: 4%{?dist}
+Release: 5%{?dist}
 License: GPLv2
 Group:	 System Environment/Base
 # Based on git repository with tag 20101221
@@ -352,6 +352,9 @@ fi
 /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
 
 %changelog
+* Wed Nov 16 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-5
+- Allow ~ as a valid part of a filename in sepolgen
+
 * Fri Nov 11 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.8-4
 - sandbox init script should always return 0
 - sandbox command needs to check range of categories and report error if not big enough

More information about the scm-commits mailing list