From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Cc: xen-devel@lists.xenproject.org
Subject: [PATCH 1/3] checkpolicy: Expand allowed character set in paths
Date: Tue, 17 Mar 2015 16:43:22 -0400 [thread overview]
Message-ID: <1426625004-7152-2-git-send-email-dgdegra@tycho.nsa.gov> (raw)
In-Reply-To: <1426625004-7152-1-git-send-email-dgdegra@tycho.nsa.gov>
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l | 1 +
2 files changed, 4 insertions(+)
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index 15c8997..e5210bd 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -81,6 +81,7 @@ typedef int (* require_func_t)(int pass);
%type <require_func> require_decl_def
%token PATH
+%token QPATH
%token FILENAME
%token CLONE
%token COMMON
@@ -805,6 +806,8 @@ filesystem : FILESYSTEM
;
path : PATH
{ if (insert_id(yytext,0)) return -1; }
+ | QPATH
+ { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
;
filename : FILENAME
{ yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 648e1d6..6763c38 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -240,6 +240,7 @@ HIGH { return(HIGH); }
low |
LOW { return(LOW); }
"/"({alnum}|[_\.\-/])* { return(PATH); }
+\""/"[ !#-~]*\" { return(QPATH); }
\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); }
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
{digit}+|0x{hexval}+ { return(NUMBER); }
--
2.1.0
WARNING: multiple messages have this Message-ID (diff)
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
To: selinux@tycho.nsa.gov
Cc: xen-devel@lists.xenproject.org, Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: [PATCH 1/3] checkpolicy: Expand allowed character set in paths
Date: Tue, 17 Mar 2015 16:43:22 -0400 [thread overview]
Message-ID: <1426625004-7152-2-git-send-email-dgdegra@tycho.nsa.gov> (raw)
In-Reply-To: <1426625004-7152-1-git-send-email-dgdegra@tycho.nsa.gov>
In order to support paths containing spaces or other characters, allow a
quoted string with these characters to be parsed as a path in addition
to the existing unquoted string.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
---
checkpolicy/policy_parse.y | 3 +++
checkpolicy/policy_scan.l | 1 +
2 files changed, 4 insertions(+)
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
index 15c8997..e5210bd 100644
--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
@@ -81,6 +81,7 @@ typedef int (* require_func_t)(int pass);
%type <require_func> require_decl_def
%token PATH
+%token QPATH
%token FILENAME
%token CLONE
%token COMMON
@@ -805,6 +806,8 @@ filesystem : FILESYSTEM
;
path : PATH
{ if (insert_id(yytext,0)) return -1; }
+ | QPATH
+ { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
;
filename : FILENAME
{ yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; }
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
index 648e1d6..6763c38 100644
--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
@@ -240,6 +240,7 @@ HIGH { return(HIGH); }
low |
LOW { return(LOW); }
"/"({alnum}|[_\.\-/])* { return(PATH); }
+\""/"[ !#-~]*\" { return(QPATH); }
\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); }
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
{digit}+|0x{hexval}+ { return(NUMBER); }
--
2.1.0
next prev parent reply other threads:[~2015-03-17 20:43 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-17 20:43 [PATCH v3 0/3] Xen/FLASK policy updates for device contexts Daniel De Graaf
2015-03-17 20:43 ` Daniel De Graaf [this message]
2015-03-17 20:43 ` [PATCH 1/3] checkpolicy: Expand allowed character set in paths Daniel De Graaf
2015-03-17 20:43 ` [PATCH 2/3] libsepol, checkpolicy: widen Xen IOMEM ocontext entries Daniel De Graaf
2015-03-17 20:43 ` Daniel De Graaf
2015-03-17 20:43 ` [PATCH 3/3] libsepol, checkpolicy: add device tree ocontext nodes to Xen policy Daniel De Graaf
2015-03-17 20:43 ` Daniel De Graaf
2015-03-18 12:38 ` [PATCH v3 0/3] Xen/FLASK policy updates for device contexts Stephen Smalley
2015-03-20 16:59 ` Richard Haines
2015-03-20 16:59 ` Richard Haines
2015-03-23 13:20 ` Steve Lawrence
2015-03-23 13:20 ` Steve Lawrence
2015-03-23 14:22 ` Richard Haines
2015-03-23 14:22 ` Richard Haines
-- strict thread matches above, loose matches on Subject: below --
2015-03-12 20:40 [PATCH v2 " Daniel De Graaf
2015-03-12 20:40 ` [PATCH 1/3] checkpolicy: Expand allowed character set in paths Daniel De Graaf
2015-03-12 20:40 ` Daniel De Graaf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1426625004-7152-2-git-send-email-dgdegra@tycho.nsa.gov \
--to=dgdegra@tycho.nsa.gov \
--cc=selinux@tycho.nsa.gov \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.