diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y index 34e485d4..d135e087 100644 --- a/checkpolicy/policy_parse.y +++ b/checkpolicy/policy_parse.y @@ -81,6 +81,7 @@ typedef int (* require_func_t)(); %type require_decl_def %token PATH +%token FILENAME %token CLONE %token COMMON %token CLASS @@ -341,7 +342,7 @@ cond_rule_def : cond_transition_def | require_block { $$ = NULL; } ; -cond_transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';' +cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' { $$ = define_cond_filename_trans() ; if ($$ == COND_ERR) return -1;} | TYPE_TRANSITION names names ':' names identifier ';' @@ -380,7 +381,7 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';' if ($$ == COND_ERR) return -1; } ; ; -transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';' +transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' {if (define_filename_trans()) return -1; } | TYPE_TRANSITION names names ':' names identifier ';' {if (define_compute_type(AVRULE_TRANSITION)) return -1;} @@ -739,6 +740,9 @@ identifier : IDENTIFIER path : PATH { if (insert_id(yytext,0)) return -1; } ; +filename : FILENAME + { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } + ; number : NUMBER { $$ = strtoul(yytext,NULL,0); } ; diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index 48128a88..d727f1c4 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -216,6 +216,7 @@ POLICYCAP { return(POLICYCAP); } permissive | PERMISSIVE { return(PERMISSIVE); } "/"({alnum}|[_\.\-/])* { return(PATH); } +\"({alnum}|[_\.\-])+\" { return(FILENAME); } {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {digit}+|0x{hexval}+ { return(NUMBER); } {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }