All of lore.kernel.org
 help / color / mirror / Atom feed
* checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots
@ 2007-02-06 16:31 Caleb Case
  2007-02-20 15:25 ` Stephen Smalley
  0 siblings, 1 reply; 3+ messages in thread
From: Caleb Case @ 2007-02-06 16:31 UTC (permalink / raw)
  To: ccase, sds, kmacmillan, jbrindle, selinux

Class identifiers are now allowed to contain dots.  This facilitates the new dot notation for class names used in metapolicy.
---
 checkpolicy/policy_parse.y |    5 -----
 1 file changed, 5 deletions(-)

Index: selinux-pms-support/checkpolicy/policy_parse.y
===================================================================
--- selinux-pms-support.orig/checkpolicy/policy_parse.y
+++ selinux-pms-support/checkpolicy/policy_parse.y
@@ -929,11 +929,6 @@ static int define_class(void)
 		yyerror("no class name for class definition?");
 		return -1;
 	}
-	if (id_has_dot(id)) {
-		free(id);
-		yyerror("class identifiers may not contain periods");
-		return -1;
-	}
 	datum = (class_datum_t *) malloc(sizeof(class_datum_t));
 	if (!datum) {
 		yyerror("out of memory");

-- 
Caleb Case
Tresys Technology
410.290.1411 x144


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots
  2007-02-06 16:31 checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots Caleb Case
@ 2007-02-20 15:25 ` Stephen Smalley
  2007-02-20 15:49   ` checkpolicy/policy_parse.y:define_class: allow classidentifiers " Joshua Brindle
  0 siblings, 1 reply; 3+ messages in thread
From: Stephen Smalley @ 2007-02-20 15:25 UTC (permalink / raw)
  To: Caleb Case; +Cc: kmacmillan, jbrindle, selinux

On Tue, 2007-02-06 at 11:31 -0500, Caleb Case wrote:
> Class identifiers are now allowed to contain dots.  This facilitates the new dot notation for class names used in metapolicy.
> ---
>  checkpolicy/policy_parse.y |    5 -----
>  1 file changed, 5 deletions(-)
> 
> Index: selinux-pms-support/checkpolicy/policy_parse.y
> ===================================================================
> --- selinux-pms-support.orig/checkpolicy/policy_parse.y
> +++ selinux-pms-support/checkpolicy/policy_parse.y
> @@ -929,11 +929,6 @@ static int define_class(void)
>  		yyerror("no class name for class definition?");
>  		return -1;
>  	}
> -	if (id_has_dot(id)) {
> -		free(id);
> -		yyerror("class identifiers may not contain periods");
> -		return -1;
> -	}
>  	datum = (class_datum_t *) malloc(sizeof(class_datum_t));
>  	if (!datum) {
>  		yyerror("out of memory");

I merged this patch to -stable and -trunk, but am now having second
thoughts.  Class identifiers with dots in them would pose a problem for
symbol definition generation, no?

-- 
Stephen Smalley
National Security Agency


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread
* RE: checkpolicy/policy_parse.y:define_class: allow classidentifiers to contain dots
  2007-02-20 15:25 ` Stephen Smalley
@ 2007-02-20 15:49   ` Joshua Brindle
  0 siblings, 0 replies; 3+ messages in thread
From: Joshua Brindle @ 2007-02-20 15:49 UTC (permalink / raw)
  To: Stephen Smalley, Caleb Case; +Cc: kmacmillan, selinux

> From: Stephen Smalley [mailto:sds@tycho.nsa.gov] 
> 
> On Tue, 2007-02-06 at 11:31 -0500, Caleb Case wrote:
> > Class identifiers are now allowed to contain dots.  This 
> facilitates the new dot notation for class names used in metapolicy.
> > ---
> >  checkpolicy/policy_parse.y |    5 -----
> >  1 file changed, 5 deletions(-)
> > 
> > Index: selinux-pms-support/checkpolicy/policy_parse.y
> > ===================================================================
> > --- selinux-pms-support.orig/checkpolicy/policy_parse.y
> > +++ selinux-pms-support/checkpolicy/policy_parse.y
> > @@ -929,11 +929,6 @@ static int define_class(void)
> >  		yyerror("no class name for class definition?");
> >  		return -1;
> >  	}
> > -	if (id_has_dot(id)) {
> > -		free(id);
> > -		yyerror("class identifiers may not contain periods");
> > -		return -1;
> > -	}
> >  	datum = (class_datum_t *) malloc(sizeof(class_datum_t));
> >  	if (!datum) {
> >  		yyerror("out of memory");
> 
> I merged this patch to -stable and -trunk, but am now having 
> second thoughts.  Class identifiers with dots in them would 
> pose a problem for symbol definition generation, no?
> 

Yes, we have patches to refpolicy that replace dots with something else
for symbol definitions. Hopefully this is just a workaround until class
discovery is done and integrated with upstream and the existing object
managers.


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2007-02-20 15:49 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2007-02-06 16:31 checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots Caleb Case
2007-02-20 15:25 ` Stephen Smalley
2007-02-20 15:49   ` checkpolicy/policy_parse.y:define_class: allow classidentifiers " Joshua Brindle

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.