mirror of
https://github.com/SELinuxProject/selinux
synced 2024-12-23 14:32:08 +00:00
checkpolicy: wrap file names in filename trans with quotes
This wraps the filename token in quotes to make parsing easier and more clear. The quotes are stripped off before being passed to checkpolicy. The quote wrapping is only used by filename transitions. This changes the filename transition syntax to the following: type_transition source target : object default_type "filename"; Signed-off-by: Steve Lawrence <slawrence@tresys.com>
This commit is contained in:
parent
cb271f7d4c
commit
b42e15ffd5
@ -81,6 +81,7 @@ typedef int (* require_func_t)();
|
||||
%type <require_func> require_decl_def
|
||||
|
||||
%token PATH
|
||||
%token FILENAME
|
||||
%token CLONE
|
||||
%token COMMON
|
||||
%token CLASS
|
||||
@ -341,7 +342,7 @@ cond_rule_def : cond_transition_def
|
||||
| require_block
|
||||
{ $$ = NULL; }
|
||||
;
|
||||
cond_transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';'
|
||||
cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
|
||||
{ $$ = define_cond_filename_trans() ;
|
||||
if ($$ == COND_ERR) return -1;}
|
||||
| TYPE_TRANSITION names names ':' names identifier ';'
|
||||
@ -380,7 +381,7 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';'
|
||||
if ($$ == COND_ERR) return -1; }
|
||||
;
|
||||
;
|
||||
transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';'
|
||||
transition_def : TYPE_TRANSITION names names ':' names identifier filename ';'
|
||||
{if (define_filename_trans()) return -1; }
|
||||
| TYPE_TRANSITION names names ':' names identifier ';'
|
||||
{if (define_compute_type(AVRULE_TRANSITION)) return -1;}
|
||||
@ -739,6 +740,9 @@ identifier : IDENTIFIER
|
||||
path : PATH
|
||||
{ if (insert_id(yytext,0)) return -1; }
|
||||
;
|
||||
filename : FILENAME
|
||||
{ yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
|
||||
;
|
||||
number : NUMBER
|
||||
{ $$ = strtoul(yytext,NULL,0); }
|
||||
;
|
||||
|
@ -216,6 +216,7 @@ POLICYCAP { return(POLICYCAP); }
|
||||
permissive |
|
||||
PERMISSIVE { return(PERMISSIVE); }
|
||||
"/"({alnum}|[_\.\-/])* { return(PATH); }
|
||||
\"({alnum}|[_\.\-])+\" { return(FILENAME); }
|
||||
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
||||
{digit}+|0x{hexval}+ { return(NUMBER); }
|
||||
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
|
||||
|
Loading…
Reference in New Issue
Block a user