Index: checkpolicy/policy_parse.y =================================================================== RCS file: /nfshome/pal/CVS/selinux-usr/checkpolicy/policy_parse.y,v retrieving revision 1.10 diff -u -r1.10 policy_parse.y --- checkpolicy/policy_parse.y 9 Jan 2004 14:05:01 -0000 1.10 +++ checkpolicy/policy_parse.y 14 Jan 2004 21:08:32 -0000 @@ -520,6 +520,8 @@ | tilde nested_id_set { if (insert_id("~", 0)) return -1; if (insert_separator(0)) return -1; } + | identifier '-' { if (insert_id("-", 0)) return -1; } identifier + { if (insert_separator(0)) return -1; } ; tilde_push : tilde { if (insert_id("~", 1)) return -1; } @@ -546,7 +548,7 @@ ; nested_id_list : nested_id_element | nested_id_list nested_id_element ; -nested_id_element : identifier | nested_id_set +nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; } identifier | nested_id_set ; identifier : IDENTIFIER { if (insert_id(yytext,0)) return -1; } @@ -1661,7 +1663,8 @@ static int set_types(ebitmap_t *set, - char *id) + char *id, + int *add) { type_datum_t *t; unsigned int i; @@ -1686,6 +1689,12 @@ return 0; } + if (strcmp(id, "-") == 0) { + *add = 0; + free(id); + return 0; + } + t = hashtab_search(policydbp->p_types.table, id); if (!t) { sprintf(errormsg, "unknown type %s", id); @@ -1695,18 +1704,19 @@ } if (t->isattr) { - /* set all types with this attribute */ + /* set or clear all types with this attribute */ for (i = ebitmap_startbit(&t->types); i < ebitmap_length(&t->types); i++) { if (!ebitmap_get_bit(&t->types, i)) continue; - ebitmap_set_bit(set, i, TRUE); + ebitmap_set_bit(set, i, *add); } } else { - /* set one type */ - ebitmap_set_bit(set, t->value - 1, TRUE); + /* set or clear one type */ + ebitmap_set_bit(set, t->value - 1, *add); } free(id); + *add = 1; return 0; } @@ -1720,7 +1730,7 @@ class_datum_t *cladatum; ebitmap_t stypes, ttypes, tclasses; __u32 newtype = 0; - int ret; + int ret, add = 1; unsigned int i, j, k; if (pass == 1) { @@ -1740,12 +1750,12 @@ ebitmap_init(&tclasses); while ((id = queue_remove(id_queue))) { - if (set_types(&stypes, id)) + if (set_types(&stypes, id, &add)) return -1; } while ((id = queue_remove(id_queue))) { - if (set_types(&ttypes, id)) + if (set_types(&ttypes, id, &add)) return -1; } @@ -1967,7 +1977,7 @@ ebitmap_t stypes, ttypes, tclasses; access_vector_t *avp; unsigned int i, j, hiclass; - int self = 0; + int self = 0, add = 1; te_assert_t *newassert; if (pass == 1) { @@ -1987,7 +1997,7 @@ ebitmap_init(&tclasses); while ((id = queue_remove(id_queue))) { - if (set_types(&stypes, id)) + if (set_types(&stypes, id, &add)) return -1; } @@ -1996,7 +2006,7 @@ self = 1; continue; } - if (set_types(&ttypes, id)) + if (set_types(&ttypes, id, &add)) return -1; } @@ -2139,7 +2149,7 @@ { role_datum_t *role; char *role_id, *id; - int ret; + int ret, add = 1; if (pass == 1) { while ((id = queue_remove(id_queue))) @@ -2174,7 +2184,7 @@ free(role_id); while ((id = queue_remove(id_queue))) { - if (set_types(&role->types, id)) + if (set_types(&role->types, id, &add)) return -1; } @@ -2328,6 +2338,7 @@ ebitmap_t roles, types; struct role_trans *tr = 0; unsigned int i, j; + int add = 1; if (pass == 1) { while ((id = queue_remove(id_queue))) @@ -2348,7 +2359,7 @@ } while ((id = queue_remove(id_queue))) { - if (set_types(&types, id)) + if (set_types(&types, id, &add)) return -1; } @@ -2589,6 +2600,7 @@ role_datum_t *role; char *id; __u32 val; + int add = 1; if (pass == 1) { if (expr_type == CEXPR_NAMES) { @@ -2678,7 +2690,7 @@ } val = role->value; } else if (expr->attr & CEXPR_TYPE) { - if (set_types(&expr->names, id)) { + if (set_types(&expr->names, id, &add)) { free(expr); return 0; }