diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y index 8274d36c..34e485d4 100644 --- a/checkpolicy/policy_parse.y +++ b/checkpolicy/policy_parse.y @@ -81,7 +81,6 @@ typedef int (* require_func_t)(); %type require_decl_def %token PATH -%token FILENAME %token CLONE %token COMMON %token CLASS @@ -342,7 +341,7 @@ cond_rule_def : cond_transition_def | require_block { $$ = NULL; } ; -cond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' +cond_transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';' { $$ = define_cond_filename_trans() ; if ($$ == COND_ERR) return -1;} | TYPE_TRANSITION names names ':' names identifier ';' @@ -380,9 +379,10 @@ cond_dontaudit_def : DONTAUDIT names names ':' names names ';' { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT); if ($$ == COND_ERR) return -1; } ; -transition_def : TYPE_TRANSITION names names ':' names identifier filename';' - {if (define_filename_trans()) return -1; } - |TYPE_TRANSITION names names ':' names identifier ';' + ; +transition_def : TYPE_TRANSITION names names ':' names identifier identifier ';' + {if (define_filename_trans()) return -1; } + | TYPE_TRANSITION names names ':' names identifier ';' {if (define_compute_type(AVRULE_TRANSITION)) return -1;} | TYPE_MEMBER names names ':' names identifier ';' {if (define_compute_type(AVRULE_MEMBER)) return -1;} @@ -645,7 +645,7 @@ opt_fs_uses : fs_uses fs_uses : fs_use_def | fs_uses fs_use_def ; -fs_use_def : FSUSEXATTR filename security_context_def ';' +fs_use_def : FSUSEXATTR identifier security_context_def ';' {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;} | FSUSETASK identifier security_context_def ';' {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;} @@ -658,11 +658,11 @@ opt_genfs_contexts : genfs_contexts genfs_contexts : genfs_context_def | genfs_contexts genfs_context_def ; -genfs_context_def : GENFSCON filename path '-' identifier security_context_def +genfs_context_def : GENFSCON identifier path '-' identifier security_context_def {if (define_genfs_context(1)) return -1;} - | GENFSCON filename path '-' '-' {insert_id("-", 0);} security_context_def + | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def {if (define_genfs_context(1)) return -1;} - | GENFSCON filename path security_context_def + | GENFSCON identifier path security_context_def {if (define_genfs_context(0)) return -1;} ; ipv4_addr_def : IPV4_ADDR @@ -739,17 +739,6 @@ identifier : IDENTIFIER path : PATH { if (insert_id(yytext,0)) return -1; } ; -filename : FILENAME - { if (insert_id(yytext,0)) return -1; } - | NUMBER - { if (insert_id(yytext,0)) return -1; } - | IPV4_ADDR - { if (insert_id(yytext,0)) return -1; } - | VERSION_IDENTIFIER - { if (insert_id(yytext,0)) return -1; } - | IDENTIFIER - { if (insert_id(yytext,0)) return -1; } - ; number : NUMBER { $$ = strtoul(yytext,NULL,0); } ; diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index 427c1895..48128a88 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -218,12 +218,9 @@ PERMISSIVE { return(PERMISSIVE); } "/"({alnum}|[_\.\-/])* { return(PATH); } {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {digit}+|0x{hexval}+ { return(NUMBER); } -{alnum}* { return(FILENAME); } {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } {digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } -{alnum}+([_\.]|{alnum})+ { return(FILENAME); } -([_\.]){alnum}+ { return(FILENAME); } #line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } #line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } #[^\n]* { /* delete comments */ }