diff options
| author |   Chris PeBenito <pebenito@gentoo.org> | 2004-01-17 19:04:10 +0000 |
|---|---|---|
| committer | Chris PeBenito <pebenito@gentoo.org> | 2004-01-17 19:04:10 +0000 |
| commit | 333dd54949ca2d0a384d40619242e3674452f867 (patch) | |
| tree | 019f57b4287330a330f0ddb05382116941d0e8fa /sys-apps/checkpolicy/files | |
| parent | resolv.conf permissions again, took method from debian (diff) | |
| download | historical-333dd54949ca2d0a384d40619242e3674452f867.tar.gz historical-333dd54949ca2d0a384d40619242e3674452f867.tar.bz2 historical-333dd54949ca2d0a384d40619242e3674452f867.zip | |
Add patch to exclude types in TE rules
Diffstat (limited to 'sys-apps/checkpolicy/files')
| -rw-r--r-- | sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff | 82 | ||||
| -rw-r--r-- | sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 | 1 |
2 files changed, 83 insertions, 0 deletions
diff --git a/sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff b/sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff new file mode 100644 index 000000000000..f0cf8157cf50 --- /dev/null +++ b/sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff @@ -0,0 +1,82 @@ +diff -ruN checkpolicy.old/policy_parse.y checkpolicy/policy_parse.y +--- checkpolicy.old/policy_parse.y 2003-10-15 07:15:18.431551648 -0400 ++++ checkpolicy/policy_parse.y 2003-10-15 07:19:00.550784392 -0400 +@@ -1,6 +1,10 @@ + + /* + * Author : Stephen Smalley, <sds@epoch.ncsc.mil> ++ * ++ * Modified October 14, 2003 David Caplan, <dac@tresys.com> ++ * - allow exclusion of types and attributes in type/attribute lists ++ * + */ + + /* FLASK */ +@@ -1660,6 +1664,7 @@ + { + type_datum_t *t; + unsigned int i; ++ int add = TRUE; + + if (strcmp(id, "*") == 0) { + /* set all types */ +@@ -1674,14 +1679,27 @@ + for (i = 0; i < policydbp->p_types.nprim; i++) { + if (ebitmap_get_bit(set, i)) + ebitmap_set_bit(set, i, FALSE); +- else ++ else + ebitmap_set_bit(set, i, TRUE); + } + free(id); + return 0; + } + +- t = hashtab_search(policydbp->p_types.table, id); ++ /* see if we want to exclude type/attribute */ ++ if (id[0] == '-') { ++ if (strlen(id) == 1) { ++ sprintf(errormsg, "illegal identifier %s", id); ++ yyerror(errormsg); ++ free(id); ++ return -1; ++ } ++ add = FALSE; ++ t = hashtab_search(policydbp->p_types.table, id+1); ++ } else { ++ t = hashtab_search(policydbp->p_types.table, id); ++ } ++ + if (!t) { + sprintf(errormsg, "unknown type %s", id); + yyerror(errormsg); +@@ -1693,12 +1711,13 @@ + /* set all types with this attribute */ + for (i = ebitmap_startbit(&t->types); i < ebitmap_length(&t->types); i++) { + if (!ebitmap_get_bit(&t->types, i)) +- continue; +- ebitmap_set_bit(set, i, TRUE); ++ continue; ++ /* set or clear bit depending on add */ ++ ebitmap_set_bit(set, i, add); + } + } else { +- /* set one type */ +- ebitmap_set_bit(set, t->value - 1, TRUE); ++ /* set or clear (depending on add) one type */ ++ ebitmap_set_bit(set, t->value - 1, add); + } + + free(id); +diff -ruN checkpolicy.old/policy_scan.l checkpolicy/policy_scan.l +--- checkpolicy.old/policy_scan.l 2003-10-15 07:15:18.426552408 -0400 ++++ checkpolicy/policy_scan.l 2003-10-15 07:10:39.149009048 -0400 +@@ -127,7 +127,7 @@ + t2 | + T2 { return(T2); } + "/"({letter}|{digit}|_|"."|"-"|"/")* { return(PATH); } +-{letter}({letter}|{digit}|_)* { return(IDENTIFIER); } ++({letter}|"-")({letter}|{digit}|_)* { return(IDENTIFIER); } + {letter}({letter}|{digit}|_|"."|"-")* { return(USER_IDENTIFIER); } + {digit}{digit}* { return(NUMBER); } + #[^\n]* { /* delete comments */ } diff --git a/sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 b/sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 new file mode 100644 index 000000000000..e7d618ba2532 --- /dev/null +++ b/sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 @@ -0,0 +1 @@ +MD5 126851036aba68c53a115f32758d6e38 checkpolicy-1.4.tgz 68703 |