checkpolicy/checkpolicy-filesystem.patch

66 lines
2.8 KiB
Diff
Raw Normal View History

policy_parse.y | 14 ++++++++++----
policy_scan.l | 1 +
2 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index 8d1bc37..0777238 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
%token POLICYCAP
%token PERMISSIVE
+%token FILESYSTEM
%left OR
%left XOR
@@ -637,7 +638,7 @@ opt_fs_uses : fs_uses
fs_uses : fs_use_def
| fs_uses fs_use_def
;
-fs_use_def : FSUSEXATTR identifier security_context_def ';'
+fs_use_def : FSUSEXATTR filesystem security_context_def ';'
{if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
| FSUSETASK identifier security_context_def ';'
{if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
@@ -650,11 +651,11 @@ opt_genfs_contexts : genfs_contexts
genfs_contexts : genfs_context_def
| genfs_contexts genfs_context_def
;
-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
+genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
{if (define_genfs_context(1)) return -1;}
- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
+ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
{if (define_genfs_context(1)) return -1;}
- | GENFSCON identifier path security_context_def
+ | GENFSCON filesystem path security_context_def
{if (define_genfs_context(0)) return -1;}
;
ipv4_addr_def : IPV4_ADDR
@@ -728,6 +729,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; }
identifier : IDENTIFIER
{ if (insert_id(yytext,0)) return -1; }
;
+filesystem : FILESYSTEM
+ { if (insert_id(yytext,0)) return -1; }
+ | IDENTIFIER
+ { if (insert_id(yytext,0)) return -1; }
+ ;
path : PATH
{ if (insert_id(yytext,0)) return -1; }
;
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 48128a8..65aff8d 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -217,6 +217,7 @@ permissive |
PERMISSIVE { return(PERMISSIVE); }
"/"({alnum}|[_\.\-/])* { return(PATH); }
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
+{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
{digit}+|0x{hexval}+ { return(NUMBER); }
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }