Allow ~ as a valid part of a filename in sepolgen

This commit is contained in:
Dan Walsh 2011-11-16 11:26:11 -05:00
parent 35a1c24b59
commit 97d6c28e36
2 changed files with 35 additions and 24 deletions

View File

@ -1,26 +1,8 @@
diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py diff --git a/sepolgen/src/sepolgen/audit.py b/sepolgen/src/sepolgen/audit.py
index 898fbc3..631bab5 100644 index 898fbc3..9fdfafa 100644
--- a/sepolgen/src/sepolgen/audit.py --- a/sepolgen/src/sepolgen/audit.py
+++ b/sepolgen/src/sepolgen/audit.py +++ b/sepolgen/src/sepolgen/audit.py
@@ -68,6 +68,17 @@ def get_dmesg_msgs(): @@ -127,6 +127,9 @@ class PathMessage(AuditMessage):
stdout=subprocess.PIPE).communicate()[0]
return output
+def get_log_msgs():
+ """Obtain all of the avc and policy load messages from /var/log/messages.
+
+ Returns:
+ string contain all of the audit messages returned by /var/log/messages.
+ """
+ import subprocess
+ output = subprocess.Popen(["/bin/grep", "avc", "/var/log/messages"],
+ stdout=subprocess.PIPE).communicate()[0]
+ return output
+
# Classes representing audit messages
class AuditMessage:
@@ -127,6 +138,9 @@ class PathMessage(AuditMessage):
if fields[0] == "path": if fields[0] == "path":
self.path = fields[1][1:-1] self.path = fields[1][1:-1]
return return
@ -30,7 +12,7 @@ index 898fbc3..631bab5 100644
class AVCMessage(AuditMessage): class AVCMessage(AuditMessage):
"""AVC message representing an access denial or granted message. """AVC message representing an access denial or granted message.
@@ -168,6 +182,8 @@ class AVCMessage(AuditMessage): @@ -168,6 +171,8 @@ class AVCMessage(AuditMessage):
self.name = "" self.name = ""
self.accesses = [] self.accesses = []
self.denial = True self.denial = True
@ -39,7 +21,7 @@ index 898fbc3..631bab5 100644
def __parse_access(self, recs, start): def __parse_access(self, recs, start):
# This is kind of sucky - the access that is in a space separated # This is kind of sucky - the access that is in a space separated
@@ -229,7 +245,31 @@ class AVCMessage(AuditMessage): @@ -229,7 +234,31 @@ class AVCMessage(AuditMessage):
if not found_src or not found_tgt or not found_class or not found_access: if not found_src or not found_tgt or not found_class or not found_access:
raise ValueError("AVC message in invalid format [%s]\n" % self.message) raise ValueError("AVC message in invalid format [%s]\n" % self.message)
@ -72,7 +54,7 @@ index 898fbc3..631bab5 100644
class PolicyLoadMessage(AuditMessage): class PolicyLoadMessage(AuditMessage):
"""Audit message indicating that the policy was reloaded.""" """Audit message indicating that the policy was reloaded."""
def __init__(self, message): def __init__(self, message):
@@ -472,10 +512,10 @@ class AuditParser: @@ -472,10 +501,10 @@ class AuditParser:
if avc_filter: if avc_filter:
if avc_filter.filter(avc): if avc_filter.filter(avc):
av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass, av_set.add(avc.scontext.type, avc.tcontext.type, avc.tclass,
@ -181,3 +163,29 @@ index 0e6b502..4882999 100644
self.module.children.append(rule) self.module.children.append(rule)
diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py
index 955784d..9a79340 100644
--- a/sepolgen/src/sepolgen/refparser.py
+++ b/sepolgen/src/sepolgen/refparser.py
@@ -245,7 +245,7 @@ def t_refpolicywarn(t):
t.lexer.lineno += 1
def t_IDENTIFIER(t):
- r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*'
+ r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"~]*'
# Handle any keywords
t.type = reserved.get(t.value,'IDENTIFIER')
return t
diff --git a/sepolgen/src/sepolgen/yacc.py b/sepolgen/src/sepolgen/yacc.py
index 58332de..2f3c09d 100644
--- a/sepolgen/src/sepolgen/yacc.py
+++ b/sepolgen/src/sepolgen/yacc.py
@@ -594,7 +594,7 @@ class MiniProduction:
pass
# regex matching identifiers
-_is_identifier = re.compile(r'^[a-zA-Z0-9_-]+$')
+_is_identifier = re.compile(r'^[a-zA-Z0-9_-~]+$')
# -----------------------------------------------------------------------------
# add_production()

View File

@ -7,7 +7,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 2.1.8 Version: 2.1.8
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv2 License: GPLv2
Group: System Environment/Base Group: System Environment/Base
# Based on git repository with tag 20101221 # Based on git repository with tag 20101221
@ -352,6 +352,9 @@ fi
/bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || : /bin/systemctl try-restart restorecond.service >/dev/null 2>&1 || :
%changelog %changelog
* Wed Nov 16 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-5
- Allow ~ as a valid part of a filename in sepolgen
* Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4 * Fri Nov 11 2011 Dan Walsh <dwalsh@redhat.com> - 2.1.8-4
- sandbox init script should always return 0 - sandbox init script should always return 0
- sandbox command needs to check range of categories and report error if not big enough - sandbox command needs to check range of categories and report error if not big enough