From: Daniel De Graaf <dgdegra@tycho.nsa.gov> To: selinux@tycho.nsa.gov Cc: xen-devel@lists.xenproject.org Subject: [PATCH 1/3] checkpolicy: Expand allowed character set in paths Date: Tue, 17 Mar 2015 16:43:22 -0400 [thread overview] Message-ID: <1426625004-7152-2-git-send-email-dgdegra@tycho.nsa.gov> (raw) In-Reply-To: <1426625004-7152-1-git-send-email-dgdegra@tycho.nsa.gov> In order to support paths containing spaces or other characters, allow a quoted string with these characters to be parsed as a path in addition to the existing unquoted string. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- checkpolicy/policy_parse.y | 3 +++ checkpolicy/policy_scan.l | 1 + 2 files changed, 4 insertions(+) diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y index 15c8997..e5210bd 100644 --- a/checkpolicy/policy_parse.y +++ b/checkpolicy/policy_parse.y @@ -81,6 +81,7 @@ typedef int (* require_func_t)(int pass); %type <require_func> require_decl_def %token PATH +%token QPATH %token FILENAME %token CLONE %token COMMON @@ -805,6 +806,8 @@ filesystem : FILESYSTEM ; path : PATH { if (insert_id(yytext,0)) return -1; } + | QPATH + { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } ; filename : FILENAME { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index 648e1d6..6763c38 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -240,6 +240,7 @@ HIGH { return(HIGH); } low | LOW { return(LOW); } "/"({alnum}|[_\.\-/])* { return(PATH); } +\""/"[ !#-~]*\" { return(QPATH); } \"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); } {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {digit}+|0x{hexval}+ { return(NUMBER); } -- 2.1.0
WARNING: multiple messages have this Message-ID (diff)
From: Daniel De Graaf <dgdegra@tycho.nsa.gov> To: selinux@tycho.nsa.gov Cc: xen-devel@lists.xenproject.org, Daniel De Graaf <dgdegra@tycho.nsa.gov> Subject: [PATCH 1/3] checkpolicy: Expand allowed character set in paths Date: Tue, 17 Mar 2015 16:43:22 -0400 [thread overview] Message-ID: <1426625004-7152-2-git-send-email-dgdegra@tycho.nsa.gov> (raw) In-Reply-To: <1426625004-7152-1-git-send-email-dgdegra@tycho.nsa.gov> In order to support paths containing spaces or other characters, allow a quoted string with these characters to be parsed as a path in addition to the existing unquoted string. Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov> --- checkpolicy/policy_parse.y | 3 +++ checkpolicy/policy_scan.l | 1 + 2 files changed, 4 insertions(+) diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y index 15c8997..e5210bd 100644 --- a/checkpolicy/policy_parse.y +++ b/checkpolicy/policy_parse.y @@ -81,6 +81,7 @@ typedef int (* require_func_t)(int pass); %type <require_func> require_decl_def %token PATH +%token QPATH %token FILENAME %token CLONE %token COMMON @@ -805,6 +806,8 @@ filesystem : FILESYSTEM ; path : PATH { if (insert_id(yytext,0)) return -1; } + | QPATH + { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } ; filename : FILENAME { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index 648e1d6..6763c38 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -240,6 +240,7 @@ HIGH { return(HIGH); } low | LOW { return(LOW); } "/"({alnum}|[_\.\-/])* { return(PATH); } +\""/"[ !#-~]*\" { return(QPATH); } \"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); } {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {digit}+|0x{hexval}+ { return(NUMBER); } -- 2.1.0
next prev parent reply other threads:[~2015-03-17 20:43 UTC|newest] Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top 2015-03-17 20:43 [PATCH v3 0/3] Xen/FLASK policy updates for device contexts Daniel De Graaf 2015-03-17 20:43 ` Daniel De Graaf [this message] 2015-03-17 20:43 ` [PATCH 1/3] checkpolicy: Expand allowed character set in paths Daniel De Graaf 2015-03-17 20:43 ` [PATCH 2/3] libsepol, checkpolicy: widen Xen IOMEM ocontext entries Daniel De Graaf 2015-03-17 20:43 ` Daniel De Graaf 2015-03-17 20:43 ` [PATCH 3/3] libsepol, checkpolicy: add device tree ocontext nodes to Xen policy Daniel De Graaf 2015-03-17 20:43 ` Daniel De Graaf 2015-03-18 12:38 ` [PATCH v3 0/3] Xen/FLASK policy updates for device contexts Stephen Smalley 2015-03-20 16:59 ` Richard Haines 2015-03-20 16:59 ` Richard Haines 2015-03-23 13:20 ` Steve Lawrence 2015-03-23 13:20 ` Steve Lawrence 2015-03-23 14:22 ` Richard Haines 2015-03-23 14:22 ` Richard Haines -- strict thread matches above, loose matches on Subject: below -- 2015-03-12 20:40 [PATCH v2 " Daniel De Graaf 2015-03-12 20:40 ` [PATCH 1/3] checkpolicy: Expand allowed character set in paths Daniel De Graaf 2015-03-12 20:40 ` Daniel De Graaf
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1426625004-7152-2-git-send-email-dgdegra@tycho.nsa.gov \ --to=dgdegra@tycho.nsa.gov \ --cc=selinux@tycho.nsa.gov \ --cc=xen-devel@lists.xenproject.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.