[PATCH 76/77] sepolgen: FIXME Allow sepolgen to handle file name

Daniel J Walsh <dwalsh@xxxxxxxxxx> · Fri, 26 Aug 2011 14:46:29 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


This patch looks good to me. acked.

This patch is needed to be able to compile policy with filetrans rules.

Also add open as a valid command.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5X6gUACgkQrlYvE4MpobN5ZwCfUUH0NMofG6mpVL2iWkQId3cx
TOYAoM162KTczTJktCnSYzOrGFGHTbB6
=Ydc/
-----END PGP SIGNATURE-----
>From 81001ad26c5c3d1c44a301b622960309c04f12dc Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 23 Aug 2011 14:54:56 -0400
Subject: [PATCH 76/77] sepolgen: FIXME Allow sepolgen to handle file name
 transitions

Better changelog and review

NOT-Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
 sepolgen/src/sepolgen/refparser.py |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
index abcd508..1a2eec8 100644
--- a/sepolgen/src/sepolgen/refparser.py
+++ b/sepolgen/src/sepolgen/refparser.py
@@ -243,7 +243,7 @@ def t_refpolicywarn(t):
     t.lexer.lineno += 1
 
 def t_IDENTIFIER(t):
-    r'[a-zA-Z_\$][a-zA-Z0-9_\-\.\$\*]*'
+    r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
     # Handle any keywords
     t.type = reserved.get(t.value,'IDENTIFIER')
     return t
@@ -768,6 +768,7 @@ def p_avrule_def(p):
 
 def p_typerule_def(p):
     '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI
+                    | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI
                     | TYPE_CHANGE names names COLON names IDENTIFIER SEMI
                     | TYPE_MEMBER names names COLON names IDENTIFIER SEMI
     '''
@@ -1044,7 +1045,7 @@ def parse_headers(root, output=None, expand=True, debug=False):
         # of misc_macros. We are just going to pretend that this is an interface
         # to make the expansion work correctly.
         can_exec = refpolicy.Interface("can_exec")
-        av = access.AccessVector(["$1","$2","file","execute_no_trans","read",
+        av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read",
                                   "getattr","lock","execute","ioctl"])
 
         can_exec.children.append(refpolicy.AVRule(av))
-- 
1.7.6





