* checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots
@ 2007-02-06 16:31 Caleb Case
2007-02-20 15:25 ` Stephen Smalley
0 siblings, 1 reply; 3+ messages in thread
From: Caleb Case @ 2007-02-06 16:31 UTC (permalink / raw)
To: ccase, sds, kmacmillan, jbrindle, selinux
Class identifiers are now allowed to contain dots. This facilitates the new dot notation for class names used in metapolicy.
---
checkpolicy/policy_parse.y | 5 -----
1 file changed, 5 deletions(-)
Index: selinux-pms-support/checkpolicy/policy_parse.y
===================================================================
--- selinux-pms-support.orig/checkpolicy/policy_parse.y
+++ selinux-pms-support/checkpolicy/policy_parse.y
@@ -929,11 +929,6 @@ static int define_class(void)
yyerror("no class name for class definition?");
return -1;
}
- if (id_has_dot(id)) {
- free(id);
- yyerror("class identifiers may not contain periods");
- return -1;
- }
datum = (class_datum_t *) malloc(sizeof(class_datum_t));
if (!datum) {
yyerror("out of memory");
--
Caleb Case
Tresys Technology
410.290.1411 x144
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots
2007-02-06 16:31 checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots Caleb Case
@ 2007-02-20 15:25 ` Stephen Smalley
2007-02-20 15:49 ` checkpolicy/policy_parse.y:define_class: allow classidentifiers " Joshua Brindle
0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2007-02-20 15:25 UTC (permalink / raw)
To: Caleb Case; +Cc: kmacmillan, jbrindle, selinux
On Tue, 2007-02-06 at 11:31 -0500, Caleb Case wrote:
> Class identifiers are now allowed to contain dots. This facilitates the new dot notation for class names used in metapolicy.
> ---
> checkpolicy/policy_parse.y | 5 -----
> 1 file changed, 5 deletions(-)
>
> Index: selinux-pms-support/checkpolicy/policy_parse.y
> ===================================================================
> --- selinux-pms-support.orig/checkpolicy/policy_parse.y
> +++ selinux-pms-support/checkpolicy/policy_parse.y
> @@ -929,11 +929,6 @@ static int define_class(void)
> yyerror("no class name for class definition?");
> return -1;
> }
> - if (id_has_dot(id)) {
> - free(id);
> - yyerror("class identifiers may not contain periods");
> - return -1;
> - }
> datum = (class_datum_t *) malloc(sizeof(class_datum_t));
> if (!datum) {
> yyerror("out of memory");
I merged this patch to -stable and -trunk, but am now having second
thoughts. Class identifiers with dots in them would pose a problem for
symbol definition generation, no?
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: checkpolicy/policy_parse.y:define_class: allow classidentifiers to contain dots
2007-02-20 15:25 ` Stephen Smalley
@ 2007-02-20 15:49 ` Joshua Brindle
0 siblings, 0 replies; 3+ messages in thread
From: Joshua Brindle @ 2007-02-20 15:49 UTC (permalink / raw)
To: Stephen Smalley, Caleb Case; +Cc: kmacmillan, selinux
> From: Stephen Smalley [mailto:sds@tycho.nsa.gov]
>
> On Tue, 2007-02-06 at 11:31 -0500, Caleb Case wrote:
> > Class identifiers are now allowed to contain dots. This
> facilitates the new dot notation for class names used in metapolicy.
> > ---
> > checkpolicy/policy_parse.y | 5 -----
> > 1 file changed, 5 deletions(-)
> >
> > Index: selinux-pms-support/checkpolicy/policy_parse.y
> > ===================================================================
> > --- selinux-pms-support.orig/checkpolicy/policy_parse.y
> > +++ selinux-pms-support/checkpolicy/policy_parse.y
> > @@ -929,11 +929,6 @@ static int define_class(void)
> > yyerror("no class name for class definition?");
> > return -1;
> > }
> > - if (id_has_dot(id)) {
> > - free(id);
> > - yyerror("class identifiers may not contain periods");
> > - return -1;
> > - }
> > datum = (class_datum_t *) malloc(sizeof(class_datum_t));
> > if (!datum) {
> > yyerror("out of memory");
>
> I merged this patch to -stable and -trunk, but am now having
> second thoughts. Class identifiers with dots in them would
> pose a problem for symbol definition generation, no?
>
Yes, we have patches to refpolicy that replace dots with something else
for symbol definitions. Hopefully this is just a workaround until class
discovery is done and integrated with upstream and the existing object
managers.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-02-20 15:49 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-06 16:31 checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots Caleb Case
2007-02-20 15:25 ` Stephen Smalley
2007-02-20 15:49 ` checkpolicy/policy_parse.y:define_class: allow classidentifiers " Joshua Brindle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.