tequilaOS/platform_system_sepolicy
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Fix the neverallow parser so it can parse comments" into main

Browse source
This commit is contained in:
Ellen Arteca 2024-04-25 17:11:37 +00:00 committed by Gerrit Code Review
commit 1c90737732
1 changed files with 18 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
tools/sepolicy-analyze/neverallow.c
View file

@ -382,21 +382,25 @@ static int check_neverallows(policydb_t *policydb, char *text, char *end)
char *p, *start;
int result;
int non_comment_len = 0, cur_non_comment_len = 0;
char *cur_non_comment_text = calloc(1, (end - text) + 1);
char *non_comment_text = cur_non_comment_text;
if (!cur_non_comment_text)
goto err;
p = text;
bool in_comment = false;
while (p < end) {
while (p < end && isspace(*p))
p++;
if (*p == '#') {
while (p < end && *p != '\n')
p++;
continue;
if (*p == '#') in_comment = true;
if (!in_comment || *p == '\n') *cur_non_comment_text++ = *p;
if (*p == '\n') in_comment = false;
++p;
}
p = non_comment_text;
end = cur_non_comment_text;
while (p < end) {
while (p < end && isspace(*p)) p++;
start = p;
while (p < end && !isspace(*p))
p++;
while (p < end && !isspace(*p)) p++;
len = p - start;
if (len != keyword_size || strncmp(start, keyword, keyword_size))
continue;
@ -437,8 +441,10 @@ static int check_neverallows(policydb_t *policydb, char *text, char *end)
result = check_assertions(NULL, policydb, neverallows);
avrule_list_destroy(neverallows);
free(non_comment_text);
return result;
err:
free(non_comment_text);
if (errno == ENOMEM) {
fprintf(stderr, "Out of memory while parsing neverallow rules\n");
} else