On 02/24/2015 11:45 AM, Steve Lawrence wrote: > On 02/24/2015 10:43 AM, Stephen Smalley wrote: >> From: Nick Kralevich <nnk@xxxxxxxxxx> >> >> restorecon on file names with newlines are not handled properly. >> Use PCRE_DOTALL so that dots in regular expressions match all >> characters, and don't exclude the newline character. >> >> See https://www.mail-archive.com/seandroid-list@xxxxxxxxxxxxx/msg02001.html >> for background. >> >> Change-Id: I0dde8f2567305f746d19ebd75a9e2add7406eb9a >> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> >> --- >> libselinux/src/label_file.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c >> index 71b085a..9d116eb 100644 >> --- a/libselinux/src/label_file.c >> +++ b/libselinux/src/label_file.c >> @@ -129,7 +129,7 @@ static int compile_regex(struct saved_data *data, struct spec *spec, const char >> *cp = '\0'; >> >> /* Compile the regular expression. */ >> - spec->regex = pcre_compile(anchored_regex, 0, &tmperrbuf, &erroff, NULL); >> + spec->regex = pcre_compile(anchored_regex, PCRE_DOTALL, &tmperrbuf, &erroff, NULL); >> free(anchored_regex); >> if (!spec->regex) { >> if (errbuf) >> > > Do we need a similar change in sefcontext_compile.c? It also looks like > mcstrans compiles regular expressions, but I don't think those are > related to matching paths. Yes for sefcontext_compile.c (doesn't exist in Android's libselinux, which does not yet include the file_contexts.bin support). _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
