diff --git a/.gitignore b/.gitignore index fcde530..caf1ccf 100644 --- a/.gitignore +++ b/.gitignore @@ -80,3 +80,4 @@ checkpolicy-2.0.22.tgz /checkpolicy-2.1.0.tgz /checkpolicy-2.1.1.tgz /checkpolicy-2.1.3.tgz +/checkpolicy-2.1.4.tgz diff --git a/checkpolicy-rhat.patch b/checkpolicy-rhat.patch index 8c9533a..ce29809 100644 --- a/checkpolicy-rhat.patch +++ b/checkpolicy-rhat.patch @@ -1,13 +1,149 @@ -diff --git a/checkpolicy/test/dispol.c b/checkpolicy/test/dispol.c -index fdf2d92..0e08965 100644 ---- a/checkpolicy/test/dispol.c -+++ b/checkpolicy/test/dispol.c -@@ -365,7 +365,7 @@ static void display_filename_trans(policydb_t *p, FILE *fp) - display_id(p, fp, SYM_TYPES, ft->ttype - 1, ""); - display_id(p, fp, SYM_CLASSES, ft->tclass - 1, ":"); - display_id(p, fp, SYM_TYPES, ft->otype - 1, ""); -- fprintf(fp, "%s\n", ft->name); -+ fprintf(fp, " %s\n", ft->name); +diff --git a/checkpolicy/module_compiler.c b/checkpolicy/module_compiler.c +index 1c1d1d5..81ccb00 100644 +--- a/checkpolicy/module_compiler.c ++++ b/checkpolicy/module_compiler.c +@@ -1045,7 +1045,7 @@ int require_user(int pass) } } +-int require_bool(int pass) ++static int require_bool_tunable(int pass, int is_tunable) + { + char *id = queue_remove(id_queue); + cond_bool_datum_t *booldatum = NULL; +@@ -1063,6 +1063,8 @@ int require_bool(int pass) + yyerror("Out of memory!"); + return -1; + } ++ if (is_tunable) ++ booldatum->flags |= COND_BOOL_FLAGS_TUNABLE; + retval = + require_symbol(SYM_BOOLS, id, (hashtab_datum_t *) booldatum, + &booldatum->s.value, &booldatum->s.value); +@@ -1094,6 +1096,16 @@ int require_bool(int pass) + } + } + ++int require_bool(int pass) ++{ ++ return require_bool_tunable(pass, 0); ++} ++ ++int require_tunable(int pass) ++{ ++ return require_bool_tunable(pass, 1); ++} ++ + int require_sens(int pass) + { + char *id = queue_remove(id_queue); +@@ -1328,6 +1340,8 @@ void append_cond_list(cond_list_t * cond) + tmp = tmp->next) ; + tmp->next = cond->avfalse_list; + } ++ ++ old_cond->flags |= (cond->flags & COND_NODE_FLAGS_TUNABLE); + } + + void append_avrule(avrule_t * avrule) +diff --git a/checkpolicy/module_compiler.h b/checkpolicy/module_compiler.h +index 45a21cd..72c2d9b 100644 +--- a/checkpolicy/module_compiler.h ++++ b/checkpolicy/module_compiler.h +@@ -58,6 +58,7 @@ int require_attribute(int pass); + int require_attribute_role(int pass); + int require_user(int pass); + int require_bool(int pass); ++int require_tunable(int pass); + int require_sens(int pass); + int require_cat(int pass); + +diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c +index ded27f7..1bf669c 100644 +--- a/checkpolicy/policy_define.c ++++ b/checkpolicy/policy_define.c +@@ -1494,7 +1494,7 @@ avrule_t *define_cond_compute_type(int which) + return avrule; + } + +-int define_bool(void) ++int define_bool_tunable(int is_tunable) + { + char *id, *bool_value; + cond_bool_datum_t *datum; +@@ -1524,6 +1524,8 @@ int define_bool(void) + return -1; + } + memset(datum, 0, sizeof(cond_bool_datum_t)); ++ if (is_tunable) ++ datum->flags |= COND_BOOL_FLAGS_TUNABLE; + ret = declare_symbol(SYM_BOOLS, id, datum, &value, &value); + switch (ret) { + case -3:{ +diff --git a/checkpolicy/policy_define.h b/checkpolicy/policy_define.h +index fc8cd4d..92a9be7 100644 +--- a/checkpolicy/policy_define.h ++++ b/checkpolicy/policy_define.h +@@ -21,7 +21,7 @@ cond_expr_t *define_cond_expr(uint32_t expr_type, void *arg1, void* arg2); + int define_attrib(void); + int define_attrib_role(void); + int define_av_perms(int inherits); +-int define_bool(void); ++int define_bool_tunable(int is_tunable); + int define_category(void); + int define_class(void); + int define_common_perms(void); +diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y +index 0a17bdc..49ac15f 100644 +--- a/checkpolicy/policy_parse.y ++++ b/checkpolicy/policy_parse.y +@@ -101,6 +101,7 @@ typedef int (* require_func_t)(); + %token ALIAS + %token ATTRIBUTE + %token BOOL ++%token TUNABLE + %token IF + %token ELSE + %token TYPE_TRANSITION +@@ -269,6 +270,7 @@ te_decl : attribute_def + | typeattribute_def + | typebounds_def + | bool_def ++ | tunable_def + | transition_def + | range_trans_def + | te_avtab_def +@@ -295,8 +297,11 @@ opt_attr_list : ',' id_comma_list + | + ; + bool_def : BOOL identifier bool_val ';' +- {if (define_bool()) return -1;} ++ { if (define_bool_tunable(0)) return -1; } + ; ++tunable_def : TUNABLE identifier bool_val ';' ++ { if (define_bool_tunable(1)) return -1; } ++ ; + bool_val : CTRUE + { if (insert_id("T",0)) return -1; } + | CFALSE +@@ -820,6 +825,7 @@ require_decl_def : ROLE { $$ = require_role; } + | ATTRIBUTE_ROLE { $$ = require_attribute_role; } + | USER { $$ = require_user; } + | BOOL { $$ = require_bool; } ++ | TUNABLE { $$ = require_tunable; } + | SENSITIVITY { $$ = require_sens; } + | CATEGORY { $$ = require_cat; } + ; +diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l +index ed27bbe..a61e0db 100644 +--- a/checkpolicy/policy_scan.l ++++ b/checkpolicy/policy_scan.l +@@ -92,6 +92,8 @@ TYPE | + type { return(TYPE); } + BOOL | + bool { return(BOOL); } ++TUNABLE | ++tunable { return(TUNABLE); } + IF | + if { return(IF); } + ELSE | diff --git a/checkpolicy.spec b/checkpolicy.spec index 008c850..062263f 100644 --- a/checkpolicy.spec +++ b/checkpolicy.spec @@ -1,7 +1,7 @@ -%define libsepolver 2.1.0-1 +%define libsepolver 2.1.2-1 Summary: SELinux policy compiler Name: checkpolicy -Version: 2.1.3 +Version: 2.1.4 Release: 1%{?dist} License: GPLv2 Group: Development/System @@ -53,6 +53,10 @@ rm -rf ${RPM_BUILD_ROOT} %{_bindir}/sedispol %changelog +* Tue Aug 30 2011 Dan Walsh - 2.1.4-0 +-Update to upstream + * checkpolicy: fix spacing in output message + * Thu Aug 18 2011 Dan Walsh - 2.1.3-0 * add missing ; to attribute_role_def *Redo filename/filesystem syntax to support filename trans diff --git a/sources b/sources index b73aaa1..15d747b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -5b025df9f12bd873b3bb815c50fb9172 checkpolicy-2.1.3.tgz +1b6184a442ce788f00652f45ab6464e8 checkpolicy-2.1.4.tgz