Re: [PATCH] sepolgen: parse gen_tunable as bool

Christian Göttsche <cgzones@xxxxxxxxxxxxxx> · Thu, 28 May 2020 14:54:48 +0200

Am Mi., 27. Mai 2020 um 17:04 Uhr schrieb Stephen Smalley
<stephen.smalley.work@xxxxxxxxx>:
>
> On Tue, May 5, 2020 at 3:03 PM Christian Göttsche
> <cgzones@xxxxxxxxxxxxxx> wrote:
> >
> > Currently sepolgen-ifgen parses a gen_tunable statement as interface
> > and reports:
> >
> >     Missing interface definition for gen_tunable
> >
> > Add grammar for gen_tunable statements in the refparser
> >
> > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
>
> This looks correct to me but I don't see that warning/error when
> running sepolgen-ifgen without this patch.
> Is this reproducible?
>

It should be when running in verbose mode. (running against Refpolicy)

> > ---
> >  python/sepolgen/src/sepolgen/refparser.py | 14 ++++++++++++++
> >  1 file changed, 14 insertions(+)
> >
> > diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
> > index 2e521a0f..be7e7890 100644
> > --- a/python/sepolgen/src/sepolgen/refparser.py
> > +++ b/python/sepolgen/src/sepolgen/refparser.py
> > @@ -126,6 +126,7 @@ tokens = (
> >      'GEN_REQ',
> >      'TEMPLATE',
> >      'GEN_CONTEXT',
> > +    'GEN_TUNABLE',
> >      #   m4
> >      'IFELSE',
> >      'IFDEF',
> > @@ -192,6 +193,7 @@ reserved = {
> >      'gen_require' : 'GEN_REQ',
> >      'template' : 'TEMPLATE',
> >      'gen_context' : 'GEN_CONTEXT',
> > +    'gen_tunable' : 'GEN_TUNABLE',
> >      # M4
> >      'ifelse' : 'IFELSE',
> >      'ifndef' : 'IFNDEF',
> > @@ -518,6 +520,7 @@ def p_policy_stmt(p):
> >                     | range_transition_def
> >                     | role_transition_def
> >                     | bool
> > +                   | gen_tunable
> >                     | define
> >                     | initial_sid
> >                     | genfscon
> > @@ -844,6 +847,17 @@ def p_bool(p):
> >          b.state = False
> >      p[0] = b
> >
> > +def p_gen_tunable(p):
> > +    '''gen_tunable : GEN_TUNABLE OPAREN IDENTIFIER COMMA TRUE CPAREN
> > +                   | GEN_TUNABLE OPAREN IDENTIFIER COMMA FALSE CPAREN'''
> > +    b = refpolicy.Bool()
> > +    b.name = p[3]
> > +    if p[5] == "true":
> > +        b.state = True
> > +    else:
> > +        b.state = False
> > +    p[0] = b
> > +
> >  def p_conditional(p):
> >      ''' conditional : IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE
> >                      | IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE ELSE OBRACE interface_stmts CBRACE
> > --
> > 2.26.2
> >