[checkpolicy/f16] Fix checkpolicy to ignore '"' in filename trans rules
Daniel J Walsh
dwalsh at fedoraproject.org
Tue Sep 20 14:11:11 UTC 2011
commit 219f605627a9b444cf6515bc314cee28d73f798c
Author: Dan Walsh <dwalsh at redhat.com>
Date: Tue Sep 20 10:10:55 2011 -0400
Fix checkpolicy to ignore '"' in filename trans rules
checkpolicy-rhat.patch | 42 ++++++++++++++++++++++++++++++++++++++++++
checkpolicy.spec | 7 +++++--
2 files changed, 47 insertions(+), 2 deletions(-)
---
diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index 8c9533a..0e33433 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -11,3 +11,45 @@ index fdf2d92..0e08965 100644
}
}
+diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
+index 49ac15f..1e3ef6f 100644
+--- a/checkpolicy/policy_parse.y
++++ b/checkpolicy/policy_parse.y
+@@ -353,7 +353,7 @@ cond_rule_def : cond_transition_def
+ | require_block
+ { $$ = NULL; }
+ ;
+-cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
++cond_transition_def : TYPE_TRANSITION names names ':' names identifier '\"' filename '\"' ';'
+ { $$ = define_cond_filename_trans() ;
+ if ($$ == COND_ERR) return -1;}
+ | TYPE_TRANSITION names names ':' names identifier ';'
+@@ -391,7 +391,7 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
+ { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
+ if ($$ == COND_ERR) return -1; }
+ ;
+-transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
++transition_def : TYPE_TRANSITION names names ':' names identifier '\"' filename '\"' ';'
+ {if (define_filename_trans()) return -1; }
+ | TYPE_TRANSITION names names ':' names identifier ';'
+ {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
+diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
+index a61e0db..2ba5971 100644
+--- a/checkpolicy/policy_scan.l
++++ b/checkpolicy/policy_scan.l
+@@ -227,7 +227,6 @@ PERMISSIVE { return(PERMISSIVE); }
+ {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
+ {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
+ {digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); }
+-\"({alnum}|[_\.\-])+\" { return(FILENAME); }
+ {alnum}* { return(FILENAME); }
+ \.({alnum}|[_\.\-])* { return(FILENAME); }
+ {letter}+([-_\.]|{alnum})+ { return(FILENAME); }
+@@ -253,6 +252,7 @@ PERMISSIVE { return(PERMISSIVE); }
+ "-" |
+ "." |
+ "]" |
++"\"" |
+ "~" |
+ "*" { return(yytext[0]); }
+ . { yywarn("unrecognized character");}
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 008c850..4cd6d16 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -2,7 +2,7 @@
Summary: SELinux policy compiler
Name: checkpolicy
Version: 2.1.3
-Release: 1%{?dist}
+Release: 1.1%{?dist}
License: GPLv2
Group: Development/System
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -53,7 +53,10 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/sedispol
%changelog
-* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-0
+* Tue Sep 20 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-1.1
+- Fix checkpolicy to ignore '"' in filename trans rules
+
+* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-1
* add missing ; to attribute_role_def
*Redo filename/filesystem syntax to support filename trans
More information about the scm-commits
mailing list