From b42e15ffd5163effe3b2cb910685a5956a00defc Mon Sep 17 00:00:00 2001
From: Steve Lawrence <slawrence@tresys.com>
Date: Mon, 16 May 2011 08:40:00 -0400
Subject: [PATCH] checkpolicy: wrap file names in filename trans with quotes

This wraps the filename token in quotes to make parsing easier and more
clear. The quotes are stripped off before being passed to checkpolicy.
The quote wrapping is only used by filename transitions.  This changes
the filename transition syntax to the following:

    type_transition source target : object default_type "filename";

Signed-off-by: Steve Lawrence <slawrence@tresys.com>
---
 checkpolicy/policy_parse.y | 8 ++++++--
 checkpolicy/policy_scan.l  | 1 +
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index 34e485d4..d135e087 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -81,6 +81,7 @@ typedef int (* require_func_t)();
 %type <require_func> require_decl_def
 
 %token PATH
+%token FILENAME
 %token CLONE
 %token COMMON
 %token CLASS
@@ -341,7 +342,7 @@ cond_rule_def           : cond_transition_def
 			| require_block
 			{ $$ = NULL; }
                         ;
-cond_transition_def	: TYPE_TRANSITION names names ':' names identifier identifier ';'
+cond_transition_def	: TYPE_TRANSITION names names ':' names identifier filename ';'
                         { $$ = define_cond_filename_trans() ;
                           if ($$ == COND_ERR) return -1;}
 			| TYPE_TRANSITION names names ':' names identifier ';'
@@ -380,7 +381,7 @@ cond_dontaudit_def	: DONTAUDIT names names ':' names names ';'
                           if ($$ == COND_ERR) return -1; }
 		        ;
 			;
-transition_def		: TYPE_TRANSITION  names names ':' names identifier identifier ';'
+transition_def		: TYPE_TRANSITION  names names ':' names identifier filename ';'
 			{if (define_filename_trans()) return -1; }
 			| TYPE_TRANSITION names names ':' names identifier ';'
                         {if (define_compute_type(AVRULE_TRANSITION)) return -1;}
@@ -739,6 +740,9 @@ identifier		: IDENTIFIER
 path     		: PATH
 			{ if (insert_id(yytext,0)) return -1; }
 			;
+filename		: FILENAME
+			{ yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
+			;
 number			: NUMBER 
 			{ $$ = strtoul(yytext,NULL,0); }
 			;
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 48128a88..d727f1c4 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -216,6 +216,7 @@ POLICYCAP			{ return(POLICYCAP); }
 permissive |
 PERMISSIVE			{ return(PERMISSIVE); }
 "/"({alnum}|[_\.\-/])*	        { return(PATH); }
+\"({alnum}|[_\.\-])+\"			{ return(FILENAME); }
 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
 {digit}+|0x{hexval}+            { return(NUMBER); }
 {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }