[checkpolicy/f16] Fix checkpolicy to ignore '"' in filename trans rules

Daniel J Walsh dwalsh at fedoraproject.org
Tue Sep 20 14:11:11 UTC 2011 

commit 219f605627a9b444cf6515bc314cee28d73f798c
Author: Dan Walsh <dwalsh at redhat.com>
Date:   Tue Sep 20 10:10:55 2011 -0400

    Fix checkpolicy to ignore '"' in filename trans rules

 checkpolicy-rhat.patch |   42 ++++++++++++++++++++++++++++++++++++++++++
 checkpolicy.spec       |    7 +++++--
 2 files changed, 47 insertions(+), 2 deletions(-)
---
diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch
index 8c9533a..0e33433 100644
--- a/checkpolicy-rhat.patch
+++ b/checkpolicy-rhat.patch
@@ -11,3 +11,45 @@ index fdf2d92..0e08965 100644
  	}
  }
  
+diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
+index 49ac15f..1e3ef6f 100644
+--- a/checkpolicy/policy_parse.y
++++ b/checkpolicy/policy_parse.y
+@@ -353,7 +353,7 @@ cond_rule_def           : cond_transition_def
+ 			| require_block
+ 			{ $$ = NULL; }
+                         ;
+-cond_transition_def	: TYPE_TRANSITION names names ':' names identifier filename ';'
++cond_transition_def	: TYPE_TRANSITION names names ':' names identifier '\"' filename '\"' ';'
+                         { $$ = define_cond_filename_trans() ;
+                           if ($$ == COND_ERR) return -1;}
+ 			| TYPE_TRANSITION names names ':' names identifier ';'
+@@ -391,7 +391,7 @@ cond_dontaudit_def	: DONTAUDIT names names ':' names names ';'
+ 			{ $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
+                           if ($$ == COND_ERR) return -1; }
+ 		        ;
+-transition_def		: TYPE_TRANSITION  names names ':' names identifier filename ';'
++transition_def		: TYPE_TRANSITION  names names ':' names identifier '\"' filename '\"' ';'
+ 			{if (define_filename_trans()) return -1; }
+ 			| TYPE_TRANSITION names names ':' names identifier ';'
+                         {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
+diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
+index a61e0db..2ba5971 100644
+--- a/checkpolicy/policy_scan.l
++++ b/checkpolicy/policy_scan.l
+@@ -227,7 +227,6 @@ PERMISSIVE			{ return(PERMISSIVE); }
+ {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
+ {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
+ {digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
+-\"({alnum}|[_\.\-])+\"		{ return(FILENAME); }
+ {alnum}*                        { return(FILENAME); }
+ \.({alnum}|[_\.\-])*	        { return(FILENAME); }
+ {letter}+([-_\.]|{alnum})+      { return(FILENAME); }
+@@ -253,6 +252,7 @@ PERMISSIVE			{ return(PERMISSIVE); }
+ "-" |
+ "." |
+ "]" |
++"\"" |
+ "~" |
+ "*"				{ return(yytext[0]); } 
+ .                               { yywarn("unrecognized character");}
diff --git a/checkpolicy.spec b/checkpolicy.spec
index 008c850..4cd6d16 100644
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@@ -2,7 +2,7 @@
 Summary: SELinux policy compiler
 Name: checkpolicy
 Version: 2.1.3
-Release: 1%{?dist}
+Release: 1.1%{?dist}
 License: GPLv2
 Group: Development/System
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@@ -53,7 +53,10 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol
 
 %changelog
-* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-0
+* Tue Sep 20 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-1.1
+- Fix checkpolicy to ignore '"' in filename trans rules
+
+* Thu Aug 18 2011 Dan Walsh <dwalsh at redhat.com> - 2.1.3-1
 	* add missing ; to attribute_role_def
 	*Redo filename/filesystem syntax to support filename trans

More information about the scm-commits mailing list