-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This patch looks good to me. acked.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk6wR8cACgkQrlYvE4MpobPqnACgyF+TlIsus7iNJ3BapNqqQYcQ
I7MAn3qdeWiS+i0di3sQhk058yL+W2lf
=lE90
-----END PGP SIGNATURE-----
>From c3ba40d2e17186d702a6ea2b83e185603dafa06f Mon Sep 17 00:00:00 2001
From: Dan Walsh <dwalsh@xxxxxxxxxx>
Date: Tue, 20 Sep 2011 09:52:57 -0400
Subject: [PATCH 01/63] checkpolicy: the " is not part of the filename for
trans rules
Policy decided that all filenames needed to be wrapped in " in the
filename trans rules. But we weren't doing anything with those in the
language syntax and instead just passed the " to the kernel as if the
filename in question were actually \"file\". Add the " to the policy
grammer.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
checkpolicy/policy_parse.y | 4 ++--
checkpolicy/policy_scan.l | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index 49ac15f..1e3ef6f 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -353,7 +353,7 @@ cond_rule_def : cond_transition_def
| require_block
{ $$ = NULL; }
;
-cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
+cond_transition_def : TYPE_TRANSITION names names ':' names identifier '\"' filename '\"' ';'
{ $$ = define_cond_filename_trans() ;
if ($$ == COND_ERR) return -1;}
| TYPE_TRANSITION names names ':' names identifier ';'
@@ -391,7 +391,7 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
{ $$ = define_cond_te_avtab(AVRULE_DONTAUDIT);
if ($$ == COND_ERR) return -1; }
;
-transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
+transition_def : TYPE_TRANSITION names names ':' names identifier '\"' filename '\"' ';'
{if (define_filename_trans()) return -1; }
| TYPE_TRANSITION names names ':' names identifier ';'
{if (define_compute_type(AVRULE_TRANSITION)) return -1;}
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index a61e0db..2ba5971 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -227,7 +227,6 @@ PERMISSIVE { return(PERMISSIVE); }
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); }
-\"({alnum}|[_\.\-])+\" { return(FILENAME); }
{alnum}* { return(FILENAME); }
\.({alnum}|[_\.\-])* { return(FILENAME); }
{letter}+([-_\.]|{alnum})+ { return(FILENAME); }
@@ -253,6 +252,7 @@ PERMISSIVE { return(PERMISSIVE); }
"-" |
"." |
"]" |
+"\"" |
"~" |
"*" { return(yytext[0]); }
. { yywarn("unrecognized character");}
--
1.7.7
