rpms/checkpolicy
7
0
Fork 0
Code Issues Pull Requests Releases Activity

default_rules should be optional

Browse Source
This commit is contained in:
Dan Walsh 2011-12-21 13:35:19 +00:00
parent ca712cbf0b
commit 228c1db0c3
2 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
checkpolicy-rhat.patch
View File

@ -292,7 +292,7 @@ index 92a9be7..ccbe56f 100644
int define_compute_type(int which);
int define_conditional(cond_expr_t *expr, avrule_t *t_list, avrule_t *f_list );
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index d808111..3b7357f 100644
index d808111..d92cc32 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -143,6 +143,8 @@ typedef int (* require_func_t)();
@ -309,14 +309,17 @@ index d808111..3b7357f 100644
{ if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; }
else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }}
- opt_mls te_rbac users opt_constraints
+ default_rules opt_mls te_rbac users opt_constraints
+ opt_default_rules opt_mls te_rbac users opt_constraints
{ if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;}
else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}}
initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts
@@ -195,6 +197,36 @@ av_perms_def : CLASS identifier '{' identifier_list '}'
@@ -195,6 +197,39 @@ av_perms_def : CLASS identifier '{' identifier_list '}'
| CLASS identifier INHERITS identifier '{' identifier_list '}'
{if (define_av_perms(TRUE)) return -1;}
;
+opt_default_rules : default_rules
+ |
+ ;
+default_rules : default_user_def
+ | default_role_def
+ | default_range_def

5
checkpolicy.spec
View File

@ -3,7 +3,7 @@
Summary: SELinux policy compiler
Name: checkpolicy
Version: 2.1.7
Release: 2%{?dist}
Release: 3%{?dist}
License: GPLv2
Group: Development/System
Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
@ -56,6 +56,9 @@ rm -rf ${RPM_BUILD_ROOT}
%{_bindir}/sedispol
%changelog
* Wed Dec 21 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-3
- default_rules should be optional
* Thu Dec 15 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.7-2
- Rebuild with latest libsepol