Changeset 234
- Timestamp:
- 04/19/07 13:55:35 (2 years ago)
- Files:
-
- upstream/selinux/checkpolicy/ChangeLog (modified) (1 diff)
- upstream/selinux/checkpolicy/VERSION (modified) (1 diff)
- upstream/selinux/checkpolicy/checkmodule.8 (modified) (3 diffs)
- upstream/selinux/checkpolicy/test/Makefile (modified) (1 diff)
- upstream/selinux/libselinux/ChangeLog (modified) (1 diff)
- upstream/selinux/libselinux/VERSION (modified) (1 diff)
- upstream/selinux/libselinux/include/selinux/avc.h (modified) (1 diff)
- upstream/selinux/libselinux/include/selinux/selinux.h (modified) (1 diff)
- upstream/selinux/libselinux/man/man3/avc_context_to_sid.3 (modified) (3 diffs)
- upstream/selinux/libselinux/man/man3/avc_get_initial_context.3 (added)
- upstream/selinux/libselinux/man/man3/security_compute_av.3 (modified) (3 diffs)
- upstream/selinux/libselinux/man/man3/security_get_initial_context.3 (added)
- upstream/selinux/libselinux/man/man8/matchpathcon.8 (modified) (1 diff)
- upstream/selinux/libselinux/src/avc.c (modified) (2 diffs)
- upstream/selinux/libselinux/src/avc_internal.c (modified) (2 diffs)
- upstream/selinux/libselinux/src/get_initial_context.c (added)
- upstream/selinux/libselinux/src/selinux_internal.h (modified) (1 diff)
- upstream/selinux/libselinux/src/selinuxswig.i (modified) (1 diff)
- upstream/selinux/libselinux/src/selinuxswig_wrap.c (modified) (3 diffs)
- upstream/selinux/libselinux/utils/getsebool.c (modified) (3 diffs)
- upstream/selinux/libsepol/ChangeLog (modified) (1 diff)
- upstream/selinux/libsepol/VERSION (modified) (1 diff)
- upstream/selinux/libsepol/include/sepol/policydb/expand.h (modified) (1 diff)
- upstream/selinux/libsepol/src/expand.c (modified) (2 diffs)
- upstream/selinux/policycoreutils/ChangeLog (modified) (1 diff)
- upstream/selinux/policycoreutils/VERSION (modified) (1 diff)
- upstream/selinux/policycoreutils/audit2allow/sepolgen-ifgen (modified) (2 diffs)
- upstream/selinux/policycoreutils/secon/Makefile (modified) (1 diff)
- upstream/selinux/policycoreutils/semanage/seobject.py (modified) (1 diff)
- upstream/selinux/sepolgen/ChangeLog (modified) (1 diff)
- upstream/selinux/sepolgen/VERSION (modified) (1 diff)
- upstream/selinux/sepolgen/src/sepolgen/interfaces.py (modified) (2 diffs)
- upstream/selinux/sepolgen/src/sepolgen/matching.py (modified) (1 diff)
- upstream/selinux/sepolgen/src/sepolgen/refparser.py (modified) (15 diffs)
- upstream/selinux/sepolgen/src/sepolgen/refpolicy.py (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
upstream/selinux/checkpolicy/ChangeLog
r222 r234 1 2.0.2 2007-04-12 2 * Merged checkmodule man page fix from Dan Walsh. 3 1 4 2.0.1 2007-02-20 2 5 * Merged patch to allow dots in class identifiers from Caleb Case. upstream/selinux/checkpolicy/VERSION
r222 r234 1 2.0. 11 2.0.2 upstream/selinux/checkpolicy/checkmodule.8
r10 r234 4 4 .SH SYNOPSIS 5 5 .B checkmodule 6 .I "[-b] [- d] [-m] [-M] [-o output_file] [input_file]"6 .I "[-b] [-m] [-M] [-V] [-o output_file] [input_file]" 7 7 .SH "DESCRIPTION" 8 8 This manual page describes the … … 26 26 module file. This option is a development/debugging aid. 27 27 .TP 28 .B \-d29 Enter debug mode after loading the policy. This option is a30 development/debugging aid.31 .TP32 28 .B \-m 33 29 Generate a non-base policy module. … … 35 31 .B \-M 36 32 Enable the MLS/MCS support when checking and compiling the policy module. 33 .TP 34 .B \-V 35 Show policy versions created by this program 37 36 .TP 38 37 .B \-o filename upstream/selinux/checkpolicy/test/Makefile
r10 r234 10 10 override CFLAGS += -I$(INCLUDEDIR) 11 11 12 LDLIBS=-lfl -lse linux $(LIBDIR)/libsepol.a -L$(LIBDIR)12 LDLIBS=-lfl -lsepol -lselinux $(LIBDIR)/libsepol.a -L$(LIBDIR) 13 13 14 14 all: dispol dismod upstream/selinux/libselinux/ChangeLog
r222 r234 1 2.0.13 2007-04-12 2 * Merged rpm_execcon python binding fix, matchpathcon man page fix, and getsebool -a handling for EACCES from Dan Walsh. 3 4 2.0.12 2007-04-09 5 * Merged support for getting initial contexts from James Carter. 6 7 2.0.11 2007-04-05 8 * Merged userspace AVC patch to follow kernel's behavior for permissive mode in caching previous denials from Eamon Walsh. 9 10 11 2.0.10 2007-04-05 12 * Merged sidput(NULL) patch from Eamon Walsh. 13 1 14 2.0.9 2007-03-30 2 15 * Merged class/av string conversion and avc_compute_create patch from Eamon Walsh. upstream/selinux/libselinux/VERSION
r222 r234 1 2.0. 91 2.0.13 upstream/selinux/libselinux/include/selinux/avc.h
r222 r234 78 78 */ 79 79 int sidput(security_id_t sid); 80 81 /** 82 * avc_get_initial_sid - get SID for an initial kernel security identifier 83 * @name: input name of initial kernel security identifier 84 * @sid: pointer to a SID reference 85 * 86 * Get the context for an initial kernel security identifier specified by 87 * @name using security_get_initial_context() and then call 88 * avc_context_to_sid() to get the corresponding SID. 89 */ 90 int avc_get_initial_sid(const char * name, security_id_t * sid); 80 91 81 92 /* upstream/selinux/libselinux/include/selinux/selinux.h
r222 r234 189 189 /* Load a policy configuration. */ 190 190 extern int security_load_policy(void *data, size_t len); 191 192 /* Get the context of an initial kernel security identifier by name. 193 Caller must free via freecon */ 194 extern int security_get_initial_context(const char * name, 195 security_context_t * con); 196 extern int security_get_initial_context_raw(const char * name, 197 security_context_t * con); 191 198 192 199 /* upstream/selinux/libselinux/man/man3/avc_context_to_sid.3
r222 r234 4 4 .TH "avc_context_to_sid" "3" "27 May 2004" "" "SE Linux API documentation" 5 5 .SH "NAME" 6 avc_context_to_sid, avc_sid_to_context, sidput, sidget \- obtain and manipulate SELinux security ID's.6 avc_context_to_sid, avc_sid_to_context, sidput, sidget, avc_get_initial_sid \- obtain and manipulate SELinux security ID's. 7 7 .SH "SYNOPSIS" 8 8 .B #include <selinux/selinux.h> … … 17 17 .sp 18 18 .BI "int sidput(security_id_t " sid ");" 19 .sp 20 .BI "int avc_get_initial_sid(const char *" name ", security_id_t *" sid ");" 21 .sp 19 22 .SH "DESCRIPTION" 20 23 Security ID's (SID's) are reference-counted, opaque representations of security contexts. … … 45 48 by 1. If the count ever reaches zero, the SID becomes 46 49 invalid and must not be used any further. 50 51 .B avc_get_initial_sid 52 returns a SID for the kernel initial security identifier specified by 53 .I name 47 54 48 55 .SH "RETURN VALUE" upstream/selinux/libselinux/man/man3/security_compute_av.3
r222 r234 1 1 .TH "security_compute_av" "3" "1 January 2004" "russell@coker.com.au" "SE Linux API documentation" 2 2 .SH "NAME" 3 security_compute_av, security_compute_create, security_compute_relabel, security_compute_user \- query 3 security_compute_av, security_compute_create, security_compute_relabel, 4 security_compute_user, security_get_initial_context \- query 4 5 the SELinux policy database in the kernel. 5 6 … … 16 17 .sp 17 18 .BI "int security_compute_user(security_context_t "scon ", const char *" username ", security_context_t **" con ); 19 .sp 20 .BI "int security_get_initial_context(const char *" name ", security_context_t 21 "con ); 18 22 .sp 19 23 .BI "int checkPasswdAccess(access_vector_t " requested ); … … 45 49 .B get_ordered_context_list. 46 50 51 .B security_get_initial_context 52 is used to get the context of a kernel initial security identifier specified by 53 .I name 54 47 55 .B checkPasswdAccess 48 56 This functions is a helper functions that allows you to check for a permission in the passwd class. checkPasswdAccess uses getprevcon() for the source and target security contexts. upstream/selinux/libselinux/man/man8/matchpathcon.8
r222 r234 29 29 .SH "SEE ALSO" 30 30 .BR selinux "(8), " 31 .BR mat hpathcon "(3), "31 .BR matchpathcon "(3), " upstream/selinux/libselinux/src/avc.c
r222 r234 273 273 { 274 274 int rc; 275 if (!sid) 276 return 0; 275 277 avc_get_lock(avc_lock); 276 278 rc = sid_dec_refcnt(sid); 277 279 avc_release_lock(avc_lock); 280 return rc; 281 } 282 283 int avc_get_initial_sid(const char * name, security_id_t * sid) 284 { 285 int rc; 286 security_context_t con; 287 288 rc = security_get_initial_context_raw(name, &con); 289 if (rc < 0) 290 return rc; 291 rc = avc_context_to_sid_raw(con, sid); 292 293 freecon(con); 294 278 295 return rc; 279 296 } … … 983 1000 denied = requested & ~(ae->avd.allowed); 984 1001 985 if ((!requested || denied) && avc_enforcing) { 986 errno = EACCES; 987 rc = -1; 1002 if (!requested || denied) { 1003 if (avc_enforcing) { 1004 errno = EACCES; 1005 rc = -1; 1006 } else 1007 ae->avd.allowed |= requested; 988 1008 } 989 1009 upstream/selinux/libselinux/src/avc_internal.c
r222 r234 164 164 avc_prefix, msg->val); 165 165 avc_enforcing = msg->val; 166 if (avc_enforcing && (rc = avc_ss_reset(0)) < 0) { 167 avc_log 168 ("%s: cache reset returned %d (errno %d)\n", 169 avc_prefix, rc, errno); 170 goto out; 171 } 166 172 break; 167 173 } … … 264 270 avc_prefix, msg->val); 265 271 avc_enforcing = msg->val; 272 if (avc_enforcing && (ret = avc_ss_reset(0)) < 0) { 273 avc_log 274 ("%s: cache reset returned %d (errno %d)\n", 275 avc_prefix, ret, errno); 276 goto out; 277 } 266 278 break; 267 279 } upstream/selinux/libselinux/src/selinux_internal.h
r222 r234 77 77 hidden_proto(selinux_raw_to_trans_context); 78 78 hidden_proto(selinux_trans_to_raw_context); 79 hidden_proto(security_get_initial_context); 80 hidden_proto(security_get_initial_context_raw); 79 81 80 82 extern int load_setlocaldefs hidden; upstream/selinux/libselinux/src/selinuxswig.i
r222 r234 116 116 extern int selinux_check_passwd_access(access_vector_t requested); 117 117 extern int checkPasswdAccess(access_vector_t requested); 118 119 // This tells SWIG to treat char ** as a special case 120 %typemap(python,in) char ** { 121 /* Check if is a list */ 122 if (PyList_Check($input)) { 123 int size = PyList_Size($input); 124 int i = 0; 125 $1 = (char **) malloc((size+1)*sizeof(char *)); 126 if ($1 == NULL) { 127 PyErr_SetString(PyExc_MemoryError,"Out of memory"); 128 return NULL; 129 } 130 for (i = 0; i < size; i++) { 131 PyObject *o = PyList_GetItem($input,i); 132 if (PyString_Check(o)) 133 $1[i] = PyString_AsString(PyList_GetItem($input,i)); 134 else { 135 PyErr_SetString(PyExc_TypeError,"list must contain strings"); 136 free($1); 137 return NULL; 138 } 139 } 140 $1[i] = 0; 141 } else { 142 PyErr_SetString(PyExc_TypeError,"not a list"); 143 return NULL; 144 } 145 } 146 118 147 extern int rpm_execcon(unsigned int verified, 119 148 const char *filename, 120 char * const argv[], char *const envp[]);149 char **, char **); 121 150 122 151 extern int is_context_customizable (security_context_t scontext); upstream/selinux/libselinux/src/selinuxswig_wrap.c
r222 r234 4146 4146 unsigned int arg1 ; 4147 4147 char *arg2 = (char *) 0 ; 4148 char **arg3 ;4149 char **arg4 ;4148 char **arg3 = (char **) 0 ; 4149 char **arg4 = (char **) 0 ; 4150 4150 int result; 4151 4151 unsigned int val1 ; … … 4154 4154 char *buf2 = 0 ; 4155 4155 int alloc2 = 0 ; 4156 void *argp3 = 0 ;4157 int res3 = 0 ;4158 void *argp4 = 0 ;4159 int res4 = 0 ;4160 4156 PyObject * obj0 = 0 ; 4161 4157 PyObject * obj1 = 0 ; … … 4174 4170 } 4175 4171 arg2 = (char *)(buf2); 4176 res3 = SWIG_ConvertPtr(obj2, &argp3,SWIGTYPE_p_p_char, 0 | 0 ); 4177 if (!SWIG_IsOK(res3)) { 4178 SWIG_exception_fail(SWIG_ArgError(res3), "in method '" "rpm_execcon" "', argument " "3"" of type '" "char *const []""'"); 4179 } 4180 arg3 = (char **)(argp3); 4181 res4 = SWIG_ConvertPtr(obj3, &argp4,SWIGTYPE_p_p_char, 0 | 0 ); 4182 if (!SWIG_IsOK(res4)) { 4183 SWIG_exception_fail(SWIG_ArgError(res4), "in method '" "rpm_execcon" "', argument " "4"" of type '" "char *const []""'"); 4184 } 4185 arg4 = (char **)(argp4); 4186 result = (int)rpm_execcon(arg1,(char const *)arg2,(char *const (*))arg3,(char *const (*))arg4); 4172 { 4173 /* Check if is a list */ 4174 if (PyList_Check(obj2)) { 4175 int size = PyList_Size(obj2); 4176 int i = 0; 4177 arg3 = (char **) malloc((size+1)*sizeof(char *)); 4178 if (arg3 == NULL) { 4179 PyErr_SetString(PyExc_MemoryError,"Out of memory"); 4180 return NULL; 4181 } 4182 for (i = 0; i < size; i++) { 4183 PyObject *o = PyList_GetItem(obj2,i); 4184 if (PyString_Check(o)) 4185 arg3[i] = PyString_AsString(PyList_GetItem(obj2,i)); 4186 else { 4187 PyErr_SetString(PyExc_TypeError,"list must contain strings"); 4188 free(arg3); 4189 return NULL; 4190 } 4191 } 4192 arg3[i] = 0; 4193 } else { 4194 PyErr_SetString(PyExc_TypeError,"not a list"); 4195 return NULL; 4196 } 4197 } 4198 { 4199 /* Check if is a list */ 4200 if (PyList_Check(obj3)) { 4201 int size = PyList_Size(obj3); 4202 int i = 0; 4203 arg4 = (char **) malloc((size+1)*sizeof(char *)); 4204 if (arg4 == NULL) { 4205 PyErr_SetString(PyExc_MemoryError,"Out of memory"); 4206 return NULL; 4207 } 4208 for (i = 0; i < size; i++) { 4209 PyObject *o = PyList_GetItem(obj3,i); 4210 if (PyString_Check(o)) 4211 arg4[i] = PyString_AsString(PyList_GetItem(obj3,i)); 4212 else { 4213 PyErr_SetString(PyExc_TypeError,"list must contain strings"); 4214 free(arg4); 4215 return NULL; 4216 } 4217 } 4218 arg4[i] = 0; 4219 } else { 4220 PyErr_SetString(PyExc_TypeError,"not a list"); 4221 return NULL; 4222 } 4223 } 4224 result = (int)rpm_execcon(arg1,(char const *)arg2,arg3,arg4); 4187 4225 resultobj = SWIG_From_int((int)(result)); 4188 4226 if (alloc2 == SWIG_NEWOBJ) free((char*)buf2); upstream/selinux/libselinux/utils/getsebool.c
r10 r234 15 15 int main(int argc, char **argv) 16 16 { 17 int i, rc = 0, active, pending, len = 0, opt;17 int i, get_all = 0, rc = 0, active, pending, len = 0, opt; 18 18 char **names; 19 19 … … 40 40 return 0; 41 41 } 42 get_all = 1; 42 43 break; 43 44 default: … … 73 74 active = security_get_boolean_active(names[i]); 74 75 if (active < 0) { 76 if (get_all && errno == EACCES) 77 continue; 75 78 fprintf(stderr, "Error getting active value for %s\n", 76 79 names[i]); upstream/selinux/libsepol/ChangeLog
r222 r234 1 2.0.3 2007-04-13 2 * Merged add boolmap argument to expand_module_avrules() from Chris PeBenito. 3 1 4 2.0.2 2007-03-30 2 5 * Merged fix from Karl to remap booleans at expand time to upstream/selinux/libsepol/VERSION
r222 r234 1 2.0. 21 2.0.3 upstream/selinux/libsepol/include/sepol/policydb/expand.h
r10 r234 31 31 32 32 /* 33 * Expand only the avrules for a module. It is valid for this function to 34 * expand base into itself (i.e. base == out); the typemap for this special 35 * case should map type[i] to i+1. This function optionally expands neverallow 36 * rules. If neverallow rules are expanded, there is no need to copy them and 37 * doing so could cause duplicate entries when base == out. If the neverallow 38 * rules are not expanded, they are just copied to the destination policy so 39 * that assertion checking can be performed after expand. No assertion or 40 * hierarchy checking is performed by this function. 33 * Expand only the avrules for a module. It is valid for this function 34 * to expand base into itself (i.e. base == out); the typemap for 35 * this special case should map type[i] to i+1. Likewise the boolmap 36 * should map bool[i] to i + 1. This function optionally expands 37 * neverallow rules. If neverallow rules are expanded, there is no 38 * need to copy them and doing so could cause duplicate entries when 39 * base == out. If the neverallow rules are not expanded, they are 40 * just copied to the destination policy so that assertion checking 41 * can be performed after expand. No assertion or hierarchy checking 42 * is performed by this function. 41 43 */ 42 44 extern int expand_module_avrules(sepol_handle_t * handle, policydb_t * base, 43 policydb_t * out, uint32_t * typemap, 45 policydb_t * out, uint32_t * typemap, uint32_t * boolmap, 44 46 int verbose, int expand_neverallow); 45 47 /* upstream/selinux/libsepol/src/expand.c
r222 r234 2199 2199 */ 2200 2200 int expand_module_avrules(sepol_handle_t * handle, policydb_t * base, 2201 policydb_t * out, uint32_t * typemap, int verbose, 2201 policydb_t * out, uint32_t * typemap, 2202 uint32_t * boolmap, int verbose, 2202 2203 int expand_neverallow) 2203 2204 { … … 2209 2210 state.out = out; 2210 2211 state.typemap = typemap; 2212 state.boolmap = boolmap; 2211 2213 state.handle = handle; 2212 2214 state.verbose = verbose; upstream/selinux/policycoreutils/ChangeLog
r222 r234 1 2.0.9 2007-04-12 2 * Merged seobject setransRecords patch to return the first alias from Xavier Toth. 3 4 2.0.8 2007-04-10 5 * Merged updates to sepolgen-ifgen from Karl MacMillan. 6 1 7 2.0.7 2007-03-01 2 8 * Merged restorecond init script LSB compliance patch from Steve Grubb. upstream/selinux/policycoreutils/VERSION
r222 r234 1 2.0. 71 2.0.9 upstream/selinux/policycoreutils/audit2allow/sepolgen-ifgen
r222 r234 46 46 help="location of the interface header files") 47 47 parser.add_option("-v", "--verbose", action="store_true", default=False, 48 help="print debuging output") 48 help="print debuging output") 49 parser.add_option("-d", "--debug", action="store_true", default=False, 50 help="extra debugging output") 49 51 options, args = parser.parse_args() 50 52 … … 68 70 69 71 try: 70 headers = refparser.parse_headers(options.headers, output=log )72 headers = refparser.parse_headers(options.headers, output=log, debug=options.debug) 71 73 except ValueError, e: 72 74 print "error parsing headers" upstream/selinux/policycoreutils/secon/Makefile
r10 r234 10 10 CFLAGS ?= $(WARNS) -O1 11 11 override CFLAGS += -DVERSION=\"$(VERSION)\" -I$(INCLUDEDIR) 12 LDLIBS = -lse linux -L$(LIBDIR)12 LDLIBS = -lsepol -lselinux -L$(LIBDIR) 13 13 14 14 all: secon upstream/selinux/policycoreutils/semanage/seobject.py
r222 r234 155 155 self.comments.append(r) 156 156 continue 157 self.ddict[i[0]] = i[1] 157 if self.ddict.has_key(i[0]) == 0: 158 self.ddict[i[0]] = i[1] 158 159 159 160 def get_all(self): upstream/selinux/sepolgen/ChangeLog
r222 r234 1 1.0.8 2007-04-10 2 * Merged updates to sepolgen parser and tools from Karl MacMillan. 3 This includes improved debugging support, handling of interface 4 calls with list parameters, support for role transition rules, 5 updated range transition rule support, and looser matching. 6 1 7 1.0.7 2007-03-26 2 8 * Merged patch to discard self from types when generating requires from Karl MacMillan. upstream/selinux/sepolgen/VERSION
r222 r234 1 1.0. 71 1.0.8 upstream/selinux/sepolgen/src/sepolgen/interfaces.py
r222 r234 366 366 return None 367 367 else: 368 return ifcall.args[num - 1] 368 arg = ifcall.args[num - 1] 369 if isinstance(arg, list): 370 return arg 371 else: 372 return [arg] 369 373 else: 370 return id374 return [id] 371 375 372 376 def map_add_av(self, ifv, av, ifcall): 373 src_type = self.map_param(av.src_type, ifcall)374 if src_type is None:377 src_types = self.map_param(av.src_type, ifcall) 378 if src_types is None: 375 379 return 376 380 377 tgt_type = self.map_param(av.tgt_type, ifcall)378 if tgt_type is None:381 tgt_types = self.map_param(av.tgt_type, ifcall) 382 if tgt_types is None: 379 383 return 380 384 381 obj_class = self.map_param(av.obj_class, ifcall)382 if obj_class is None:385 obj_classes = self.map_param(av.obj_class, ifcall) 386 if obj_classes is None: 383 387 return 384 388 … … 389 393 continue 390 394 else: 391 new_perms. add(p)395 new_perms.update(p) 392 396 if len(new_perms) == 0: 393 397 return 394 398 395 ifv.access.add(src_type, tgt_type, obj_class, new_perms) 396 397 399 for src_type in src_types: 400 for tgt_type in tgt_types: 401 for obj_class in obj_classes: 402 ifv.access.add(src_type, tgt_type, obj_class, new_perms) 398 403 399 404 def do_expand_ifcalls(self, interface, if_by_name): upstream/selinux/sepolgen/src/sepolgen/matching.py
r222 r234 51 51 52 52 class MatchList: 53 DEFAULT_THRESHOLD = 1 0053 DEFAULT_THRESHOLD = 120 54 54 def __init__(self): 55 55 # Match objects that pass the threshold upstream/selinux/sepolgen/src/sepolgen/refparser.py
r222 r234 36 36 import refpolicy 37 37 import access 38 import defaults 38 39 39 40 import lex … … 60 61 'TILDE', 61 62 'ASTERISK', 62 'PERIOD',63 63 'AMP', 64 64 'BAR', … … 90 90 'TYPE_MEMBER', 91 91 'RANGE_TRANSITION', 92 'ROLE_TRANSITION', 92 93 # refpolicy keywords 93 94 'OPT_POLICY', … … 96 97 'GEN_REQ', 97 98 'TEMPLATE', 98 'REFPOLICYWARN',99 99 # m4 100 100 'IFDEF', … … 129 129 'type_member' : 'TYPE_MEMBER', 130 130 'range_transition' : 'RANGE_TRANSITION', 131 'role_transition' : 'ROLE_TRANSITION', 131 132 # refpolicy keywords 132 133 'optional_policy' : 'OPT_POLICY', … … 135 136 'gen_require' : 'GEN_REQ', 136 137 'template' : 'TEMPLATE', 137 'refpolicywarn' : 'REFPOLICYWARN',138 138 # M4 139 139 'ifndef' : 'IFNDEF', … … 159 159 t_TILDE = r'\~' 160 160 t_ASTERISK = r'\*' 161 t_PERIOD = r'\.'162 161 t_AMP = r'\&' 163 162 t_BAR = r'\|' … … 176 175 t.lineno += 1 177 176 177 def t_refpolicywarn(t): 178 r'refpolicywarn\(.*\n' 179 # Ignore refpolicywarn statements - they sometimes 180 # contain text that we can't parse. 181 t.lineno += 1 182 178 183 def t_IDENTIFIER(t): 179 r'[a-zA-Z_\$ \-][a-zA-Z0-9_\.\$\*]*'184 r'[a-zA-Z_\$][a-zA-Z0-9_\.\$\*]*' 180 185 # Handle any keywords 181 186 t.type = reserved.get(t.value,'IDENTIFIER') … … 312 317 p[0] = [str] 313 318 319 def p_interface_call_param(p): 320 '''interface_call_param : IDENTIFIER 321 | IDENTIFIER MINUS IDENTIFIER 322 | nested_id_set 323 ''' 324 # Intentionally let single identifiers pass through 325 # List means set, non-list identifier 326 if len(p) == 2: 327 p[0] = p[1] 328 else: 329 p[0] = [p[1], "-" + p[3]] 330 331 def p_interface_call_param_list(p): 332 '''interface_call_param_list : interface_call_param 333 | interface_call_param_list COMMA interface_call_param 334 ''' 335 if len(p) == 2: 336 p[0] = [p[1]] 337 else: 338 p[0] = p[1] + [p[3]] 339 340 314 341 def p_comma_list(p): 315 342 '''comma_list : nested_id_list … … 407 434 p[0] = [x] 408 435 409 def p_refpolicywarn_stmts(p):410 '''refpolicywarn_stmts : names411 | refpolicywarn_stmts names412 | OPAREN413 | refpolicywarn_stmts OPAREN414 | CPAREN415 | refpolicywarn_stmts CPAREN416 | PERIOD417 | refpolicywarn_stmts PERIOD418 '''419 420 def p_refpolicywarn(p):421 '''refpolicywarn : REFPOLICYWARN OPAREN TICK refpolicywarn_stmts SQUOTE CPAREN'''422 pass423 424 436 def p_interface_call(p): 425 'interface_call : IDENTIFIER OPAREN comma_list CPAREN'437 'interface_call : IDENTIFIER OPAREN interface_call_param_list CPAREN' 426 438 i = refpolicy.InterfaceCall(ifname=p[1]) 427 439 … … 456 468 | type_def 457 469 | typealias_def 458 | refpolicywarn459 470 | attribute_def 460 471 | range_transition_def 472 | role_transition_def 461 473 ''' 462 474 p[0] = [p[1]] … … 593 605 594 606 def p_range_transition_def(p): 595 '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI''' 607 '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI 608 | RANGE_TRANSITION names names names SEMI''' 609 pass 610 611 def p_role_transition_def(p): 612 '''role_transition_def : ROLE_TRANSITION names names names SEMI''' 596 613 pass 597 614 … … 641 658 if error is not None: 642 659 msg = 'could not parse text: "%s"' % error 643 print msg644 660 raise ValueError(msg) 645 661 return m … … 685 701 modname = os.path.splitext(name) 686 702 modules.append((modname[0], root)) 687 all_modules, support_macros = list_headers( DEFAULT_HEADERS_ROOT)703 all_modules, support_macros = list_headers(defaults.headers()) 688 704 else: 689 705 modules, support_macros = list_headers(root) … … 742 758 else: 743 759 parse_file(x[1], m) 744 except ValueError: 760 except ValueError, e: 761 o(str(e) + "\n") 745 762 failures.append(x[1]) 746 763 continue upstream/selinux/sepolgen/src/sepolgen/refpolicy.py
r222 r234 580 580 self.comments = [] 581 581 582 def to_string(self):583 return self.to_string()584 585 582 def matches(self, other): 586 583 if self.ifname != other.ifname: … … 597 594 i = 0 598 595 for a in self.args: 596 if isinstance(a, list): 597 str = list_to_space_str(a) 598 else: 599 str = a 600 599 601 if i != 0: 600 s = s + ", %s" % a602 s = s + ", %s" % str 601 603 else: 602 s = s + a604 s = s + str 603 605 i += 1 604 606 return s + ")"
