mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-23 06:22:15 +00:00
Extend checkpolicy pathname matching.
checkpolicy currently imposes arbitrary limits on pathnames used in genfscon and other statements. This prevents specifying certain paths in /proc such as those containing comma (,) characters. Generalize the PATH, QPATH, and FILENAME patterns to support most legal pathnames. For simplicity, we do not support pathnames containing newlines or quotes. Reported-by: Inamdar Sharif <isharif@nvidia.com> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
c983674138
commit
2c1979f0a6
@ -249,9 +249,9 @@ high |
|
||||
HIGH { return(HIGH); }
|
||||
low |
|
||||
LOW { return(LOW); }
|
||||
"/"({alnum}|[_\.\-/])* { return(PATH); }
|
||||
\""/"[ !#-~]*\" { return(QPATH); }
|
||||
\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); }
|
||||
"/"[^ \n\r\t\f]* { return(PATH); }
|
||||
\""/"[^\"\n]*\" { return(QPATH); }
|
||||
\"[^"/"\"\n]+\" { return(FILENAME); }
|
||||
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
||||
{digit}+|0x{hexval}+ { return(NUMBER); }
|
||||
{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
|
||||
|
Loading…
Reference in New Issue
Block a user