tequilaOS/platform_external_selinux
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

checkpolicy: wrap file names in filename trans with quotes

Browse source 
This wraps the filename token in quotes to make parsing easier and more
clear. The quotes are stripped off before being passed to checkpolicy.
The quote wrapping is only used by filename transitions.  This changes
the filename transition syntax to the following:

    type_transition source target : object default_type "filename";

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
This commit is contained in:
Steve Lawrence 2011-05-16 08:40:00 -04:00
parent cb271f7d4c
commit b42e15ffd5
2 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
checkpolicy/policy_parse.y
View file

@ -81,6 +81,7 @@ typedef int (* require_func_t)();
%type <require_func> require_decl_def %type <require_func> require_decl_def
%token PATH %token PATH
%token FILENAME
%token CLONE %token CLONE
%token COMMON %token COMMON
%token CLASS %token CLASS
@ -341,7 +342,7 @@ cond_rule_def : cond_transition_def
| require_block | require_block
{ $$ = NULL; } { $$ = NULL; }
; ;
cond_transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';' cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
{ $$ = define_cond_filename_trans() ; { $$ = define_cond_filename_trans() ;
if ($$ == COND_ERR) return -1;} if ($$ == COND_ERR) return -1;}
| TYPE_TRANSITION names names ':' names identifier ';' | TYPE_TRANSITION names names ':' names identifier ';'
@ -380,7 +381,7 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
if ($$ == COND_ERR) return -1; } if ($$ == COND_ERR) return -1; }
; ;
; ;
transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';' transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
{if (define_filename_trans()) return -1; } {if (define_filename_trans()) return -1; }
| TYPE_TRANSITION names names ':' names identifier ';' | TYPE_TRANSITION names names ':' names identifier ';'
{if (define_compute_type(AVRULE_TRANSITION)) return -1;} {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
@ -739,6 +740,9 @@ identifier : IDENTIFIER
path : PATH path : PATH
{ if (insert_id(yytext,0)) return -1; } { if (insert_id(yytext,0)) return -1; }
; ;
filename : FILENAME
{ yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
;
number : NUMBER number : NUMBER
{ $$ = strtoul(yytext,NULL,0); } { $$ = strtoul(yytext,NULL,0); }
; ;

1
checkpolicy/policy_scan.l
View file

@ -216,6 +216,7 @@ POLICYCAP { return(POLICYCAP); }
permissive | permissive |
PERMISSIVE { return(PERMISSIVE); } PERMISSIVE { return(PERMISSIVE); }
"/"({alnum}|[_\.\-/])* { return(PATH); } "/"({alnum}|[_\.\-/])* { return(PATH); }
\"({alnum}|[_\.\-])+\" { return(FILENAME); }
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
{digit}+|0x{hexval}+ { return(NUMBER); } {digit}+|0x{hexval}+ { return(NUMBER); }
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }