|
|
2cb151d |
policy_parse.y | 14 ++++++++++----
|
|
|
2cb151d |
policy_scan.l | 1 +
|
|
|
2cb151d |
2 files changed, 11 insertions(+), 4 deletions(-)
|
|
|
2cb151d |
|
|
|
2cb151d |
diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
|
|
|
2cb151d |
index 8d1bc37..0777238 100644
|
|
|
2cb151d |
--- a/checkpolicy/policy_parse.y
|
|
|
2cb151d |
+++ b/checkpolicy/policy_parse.y
|
|
|
2cb151d |
@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
|
|
|
2cb151d |
%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
|
|
|
2cb151d |
%token POLICYCAP
|
|
|
2cb151d |
%token PERMISSIVE
|
|
|
2cb151d |
+%token FILESYSTEM
|
|
|
2cb151d |
|
|
|
2cb151d |
%left OR
|
|
|
2cb151d |
%left XOR
|
|
|
2cb151d |
@@ -637,7 +638,7 @@ opt_fs_uses : fs_uses
|
|
|
2cb151d |
fs_uses : fs_use_def
|
|
|
2cb151d |
| fs_uses fs_use_def
|
|
|
2cb151d |
;
|
|
|
2cb151d |
-fs_use_def : FSUSEXATTR identifier security_context_def ';'
|
|
|
2cb151d |
+fs_use_def : FSUSEXATTR filesystem security_context_def ';'
|
|
|
2cb151d |
{if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
|
|
|
2cb151d |
| FSUSETASK identifier security_context_def ';'
|
|
|
2cb151d |
{if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
|
|
|
2cb151d |
@@ -650,11 +651,11 @@ opt_genfs_contexts : genfs_contexts
|
|
|
2cb151d |
genfs_contexts : genfs_context_def
|
|
|
2cb151d |
| genfs_contexts genfs_context_def
|
|
|
2cb151d |
;
|
|
|
2cb151d |
-genfs_context_def : GENFSCON identifier path '-' identifier security_context_def
|
|
|
2cb151d |
+genfs_context_def : GENFSCON filesystem path '-' identifier security_context_def
|
|
|
2cb151d |
{if (define_genfs_context(1)) return -1;}
|
|
|
2cb151d |
- | GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
|
|
|
2cb151d |
+ | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
|
|
|
2cb151d |
{if (define_genfs_context(1)) return -1;}
|
|
|
2cb151d |
- | GENFSCON identifier path security_context_def
|
|
|
2cb151d |
+ | GENFSCON filesystem path security_context_def
|
|
|
2cb151d |
{if (define_genfs_context(0)) return -1;}
|
|
|
2cb151d |
;
|
|
|
2cb151d |
ipv4_addr_def : IPV4_ADDR
|
|
|
2cb151d |
@@ -728,6 +729,11 @@ nested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; }
|
|
|
2cb151d |
identifier : IDENTIFIER
|
|
|
2cb151d |
{ if (insert_id(yytext,0)) return -1; }
|
|
|
2cb151d |
;
|
|
|
2cb151d |
+filesystem : FILESYSTEM
|
|
|
2cb151d |
+ { if (insert_id(yytext,0)) return -1; }
|
|
|
2cb151d |
+ | IDENTIFIER
|
|
|
2cb151d |
+ { if (insert_id(yytext,0)) return -1; }
|
|
|
2cb151d |
+ ;
|
|
|
2cb151d |
path : PATH
|
|
|
2cb151d |
{ if (insert_id(yytext,0)) return -1; }
|
|
|
2cb151d |
;
|
|
|
2cb151d |
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
|
|
|
2cb151d |
index 48128a8..65aff8d 100644
|
|
|
2cb151d |
--- a/checkpolicy/policy_scan.l
|
|
|
2cb151d |
+++ b/checkpolicy/policy_scan.l
|
|
|
2cb151d |
@@ -217,6 +217,7 @@ permissive |
|
|
|
2cb151d |
PERMISSIVE { return(PERMISSIVE); }
|
|
|
2cb151d |
"/"({alnum}|[_\.\-/])* { return(PATH); }
|
|
|
2cb151d |
{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
|
|
|
2cb151d |
+{alnum}*{letter}{alnum}* { return(FILESYSTEM); }
|
|
|
2cb151d |
{digit}+|0x{hexval}+ { return(NUMBER); }
|
|
|
2cb151d |
{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
|
|
|
2cb151d |
{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
|
|
|
2cb151d |
|