rpms/policycoreutils
7
0
Fork 0
Code Issues Pull Requests Releases Activity

sepolgen-ifgen: allow M4 escaped filenames

Browse Source 
When a file name in type transition rule used in an interface is same as
a keyword, it needs to be M4 escaped so that the keyword is not expanded
by M4, e.g.

-	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
+	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")

But sepolgen-ifgen could not parse such string:

    # sepolgen-ifgen
    Illegal character '`'

This change allows M4 escaping inside quoted strings and fixed described
problem.

https://bugzilla.redhat.com/show_bug.cgi?id=2254206

Resolves: RHEL-45544
This commit is contained in:
Petr Lautrbach 2024-08-20 11:02:43 +02:00
parent c3b4e1a0d4
commit ab1421e02c
3 changed files with 49 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch Normal file
View File

@ -0,0 +1,44 @@
From dc3eca6bd964e545fda4a1e19d07c26a347c5d9a Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Mon, 19 Aug 2024 19:51:51 +0200
Subject: [PATCH] sepolgen-ifgen: allow M4 escaped filenames
Content-type: text/plain
When a file name in type transition rule used in an interface is same as
a keyword, it needs to be M4 escaped so that the keyword is not expanded
by M4, e.g.
- filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
+ filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")
But sepolgen-ifgen could not parse such string:
# sepolgen-ifgen
Illegal character '`'
This change allows M4 escaping inside quoted strings and fixed described
problem.
https://bugzilla.redhat.com/show_bug.cgi?id=2254206
Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
python/sepolgen/src/sepolgen/refparser.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
index e261d3f78f87..9622ee9a29ce 100644
--- a/python/sepolgen/src/sepolgen/refparser.py
+++ b/python/sepolgen/src/sepolgen/refparser.py
@@ -261,7 +261,7 @@ def t_IDENTIFIER(t):
return t
def t_FILENAME(t):
- r'\"[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\"'
+ r'\"`*[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\'*\"'
# Handle any keywords
t.type = reserved.get(t.value,'FILENAME')
return t
--
2.46.0

3
changelog
View File

@ -1,3 +1,6 @@
* Tue Aug 20 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-2
- sepolgen-ifgen: allow M4 escaped filenames
* Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1 * Thu Jun 27 2024 Petr Lautrbach <lautrbach@redhat.com> - 3.7-1
- SELinux userspace 3.7 release - SELinux userspace 3.7 release

3
policycoreutils.spec
View File

@ -11,7 +11,7 @@
Summary: SELinux policy core utilities Summary: SELinux policy core utilities
Name: policycoreutils Name: policycoreutils
Version: 3.7 Version: 3.7
Release: 1%{?dist} Release: 2%{?dist}
License: GPL-2.0-or-later License: GPL-2.0-or-later
# https://github.com/SELinuxProject/selinux/wiki/Releases # https://github.com/SELinuxProject/selinux/wiki/Releases
Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/selinux-3.7.tar.gz Source0: https://github.com/SELinuxProject/selinux/releases/download/3.7/selinux-3.7.tar.gz
@ -43,6 +43,7 @@ Patch0002: 0002-sepolicy-generate-Handle-more-reserved-port-types.patch
Patch0003: 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch Patch0003: 0003-sandbox-Use-matchbox-window-manager-instead-of-openb.patch
Patch0004: 0004-Use-SHA-2-instead-of-SHA-1.patch Patch0004: 0004-Use-SHA-2-instead-of-SHA-1.patch
Patch0005: 0005-python-sepolicy-Fix-spec-file-dependencies.patch Patch0005: 0005-python-sepolicy-Fix-spec-file-dependencies.patch
Patch0006: 0006-sepolgen-ifgen-allow-M4-escaped-filenames.patch
# Patch list end # Patch list end
Obsoletes: policycoreutils < 2.0.61-2 Obsoletes: policycoreutils < 2.0.61-2