sepolgen-ifgen: allow M4 escaped filenames

When a file name in type transition rule used in an interface is same as a keyword, it needs to be M4 escaped so that the keyword is not expanded by M4, e.g. - filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface") + filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''") But sepolgen-ifgen could not parse such string: # sepolgen-ifgen Illegal character '`' This change allows M4 escaping inside quoted strings and fixed described problem. https://bugzilla.redhat.com/show_bug.cgi?id=2254206 Resolves: RHEL-45544
2024-08-20 11:02:43 +02:00 · 2024-08-20 11:02:43 +02:00 · ab1421e02c
commit ab1421e02c
parent c3b4e1a0d4
3 changed files with 49 additions and 1 deletions
--- a/0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch
+++ b/0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch
@ -0,0 +1,44 @@
+From dc3eca6bd964e545fda4a1e19d07c26a347c5d9a Mon Sep 17 00:00:00 2001
+From: Petr Lautrbach <lautrbach@redhat.com>
+Date: Mon, 19 Aug 2024 19:51:51 +0200
+Subject: [PATCH] sepolgen-ifgen: allow M4 escaped filenames
+Content-type: text/plain
+
+When a file name in type transition rule used in an interface is same as
+a keyword, it needs to be M4 escaped so that the keyword is not expanded
+by M4, e.g.
+
+-	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
+	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")
+
+But sepolgen-ifgen could not parse such string:
+
+    # sepolgen-ifgen
+    Illegal character '`'
+
+This change allows M4 escaping inside quoted strings and fixed described
+problem.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2254206
+
+Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
+---
+ python/sepolgen/src/sepolgen/refparser.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
+index e261d3f78f87..9622ee9a29ce 100644
+--- a/python/sepolgen/src/sepolgen/refparser.py
+++ b/python/sepolgen/src/sepolgen/refparser.py
+@@ -261,7 +261,7 @@ def t_IDENTIFIER(t):
+     return t
+ 
+ def t_FILENAME(t):
+-    r'\"[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\"'
+    r'\"`*[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\'*\"'
+     # Handle any keywords
+     t.type = reserved.get(t.value,'FILENAME')
+     return t
+-- 
+2.46.0
+
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+* Tue Aug 20 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-2
+- sepolgen-ifgen: allow M4 escaped filenames
+
 * Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
 - SELinux userspace 3.7 release

--- a/policycoreutils.spec
+++ b/policycoreutils.spec
@ -11,7 +11,7 @@
 Summary: SELinux policy core utilities
 Name:    policycoreutils
 Version: 3.7
-Release: 1%{?dist}
+Release: 2%{?dist}
 License: GPL-2.0-or-later
 # https://github.com/SELinuxProject/selinux/wiki/Releases
 Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/selinux-3.7.tar.gz
@ -43,6 +43,7 @@ Patch0002: 0002-sepolicy-generate-Handle-more-reserved-port-types.patch
 Patch0003: 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
 Patch0004: 0004-Use-SHA-2-instead-of-SHA-1.patch
 Patch0005: 0005-python-sepolicy-Fix-spec-file-dependencies.patch
+Patch0006: 0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch
 # Patch list end

 Obsoletes: policycoreutils < 2.0.61-2