66 lines
2.8 KiB
Diff
66 lines
2.8 KiB
Diff
policy_parse.y | 14 ++++++++++----
|
|
policy_scan.l | 1 +
|
|
2 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
|
|
index 8d1bc37..0777238 100644
|
|
--- a/checkpolicy/policy_parse.y
|
|
+++ b/checkpolicy/policy_parse.y
|
|
@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
|
|
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
|
|
%token POLICYCAP
|
|
%token PERMISSIVE
|
|
+%token FILESYSTEM
|
|
|
|
%left OR
|
|
%left XOR
|
|
@@ -637,7 +638,7 @@ opt_fs_uses : fs_uses
|
|
fs_uses : fs_use_def
|
|
| fs_uses fs_use_def
|
|
;
|
|
-fs_use_def : FSUSEXATTR identifier security_context_def ';'
|
|
+fs_use_def : FSUSEXATTR filesystem security_context_def ';'
|
|
{if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
|
|
| FSUSETASK identifier security_context_def ';'
|
|
{if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
|
|
@@ -650,11 +651,11 @@ opt_genfs_contexts : genfs_contexts
|
|
genfs_contexts : genfs_context_def
|
|
| genfs_contexts genfs_context_def
|
|
;
|
|
-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
|
|
+genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
|
|
{if (define_genfs_context(1)) return -1;}
|
|
- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
|
|
+ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
|
|
{if (define_genfs_context(1)) return -1;}
|
|
- | GENFSCON identifier path security_context_def
|
|
+ | GENFSCON filesystem path security_context_def
|
|
{if (define_genfs_context(0)) return -1;}
|
|
;
|
|
ipv4_addr_def : IPV4_ADDR
|
|
@@ -728,6 +729,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; }
|
|
identifier : IDENTIFIER
|
|
{ if (insert_id(yytext,0)) return -1; }
|
|
;
|
|
+filesystem : FILESYSTEM
|
|
+ { if (insert_id(yytext,0)) return -1; }
|
|
+ | IDENTIFIER
|
|
+ { if (insert_id(yytext,0)) return -1; }
|
|
+ ;
|
|
path : PATH
|
|
{ if (insert_id(yytext,0)) return -1; }
|
|
;
|
|
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
|
|
index 48128a8..65aff8d 100644
|
|
--- a/checkpolicy/policy_scan.l
|
|
+++ b/checkpolicy/policy_scan.l
|
|
@@ -217,6 +217,7 @@ permissive |
|
|
PERMISSIVE { return(PERMISSIVE); }
|
|
"/"({alnum}|[_\.\-/])* { return(PATH); }
|
|
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
|
+{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
|
|
{digit}+|0x{hexval}+ { return(NUMBER); }
|
|
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
|
|
{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
|
|
|