From patchwork Sat Jan 16 11:33:09 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 8048961 Return-Path: X-Original-To: patchwork-selinux@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 2E91E9F6FA for ; Sat, 16 Jan 2016 11:36:45 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 8183520306 for ; Sat, 16 Jan 2016 11:36:44 +0000 (UTC) Received: from emvm-gh1-uea09.nsa.gov (emvm-gh1-uea09.nsa.gov [63.239.67.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 090DC202FF for ; Sat, 16 Jan 2016 11:36:42 +0000 (UTC) X-TM-IMSS-Message-ID: <8dc49a630000ded5@nsa.gov> Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov ([10.208.42.194]) with ESMTP (TREND IMSS SMTP Service 7.1) id 8dc49a630000ded5 ; Sat, 16 Jan 2016 06:36:36 -0500 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u0GBXeUD022706; Sat, 16 Jan 2016 06:33:50 -0500 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u0GBXcI7169347 for ; Sat, 16 Jan 2016 06:33:38 -0500 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u0GBXbk3022695 for ; Sat, 16 Jan 2016 06:33:38 -0500 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1ARAQCOKZpWnCIeaIFeGQEBAQEQAQICAYNZbYhWsRiEHodvAQEBAQEBEgEBAQEBCAsJCSGEYwEFgQk/ElcZiBsEAcAyhlWJI3+EGgWXGYVIij+MWY5dgi4MgjVxhSyBSwEBAQ X-IPAS-Result: A1ARAQCOKZpWnCIeaIFeGQEBAQEQAQICAYNZbYhWsRiEHodvAQEBAQEBEgEBAQEBCAsJCSGEYwEFgQk/ElcZiBsEAcAyhlWJI3+EGgWXGYVIij+MWY5dgi4MgjVxhSyBSwEBAQ X-IronPort-AV: E=Sophos;i="5.22,304,1449550800"; d="scan'208";a="5107708" Received: from emvm-gh1-uea08.nsa.gov ([10.208.42.193]) by goalie.tycho.ncsc.mil with ESMTP; 16 Jan 2016 06:33:37 -0500 X-TM-IMSS-Message-ID: <2137f3de000677ab@nsa.gov> Received: from mx1.polytechnique.org (mx1.polytechnique.org [129.104.30.34]) by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1; TLSv1/SSLv3 ADH-AES256-SHA (256/256)) id 2137f3de000677ab ; Sat, 16 Jan 2016 06:33:07 -0500 Received: from iosakhe.numericable.fr (89-156-121-7.rev.numericable.fr [89.156.121.7]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 9A19856480E for ; Sat, 16 Jan 2016 12:33:34 +0100 (CET) From: Nicolas Iooss To: selinux@tycho.nsa.gov Subject: [PATCH 2/2] sepolgen: Support latest refpolicy interfaces Date: Sat, 16 Jan 2016 12:33:09 +0100 Message-Id: <1452943989-11913-2-git-send-email-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.7.0 In-Reply-To: <1452943989-11913-1-git-send-email-nicolas.iooss@m4x.org> References: <1452943989-11913-1-git-send-email-nicolas.iooss@m4x.org> X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Jan 16 12:33:34 2016 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org X-TM-AS-MML: disable X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Some refpolicy interfaces use: * "$" character in paths, for example in kernel/selinux.if: genfscon selinuxfs /booleans/$2 gen_context(system_u:object_r:$1,s0) * empty members in ifelse statement, for example in system/init.if: ifelse(`$5',`',`',` ... ') Modify sepolgen/refparser grammar accordingly. This fixes the following syntax errors reported by sepolgen-ifgen: /usr/share/selinux/refpolicy/include/kernel/selinux.if: Syntax error on line 43 gen_context [type=GEN_CONTEXT] /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on line 1416 ' [type=SQUOTE] /usr/share/selinux/refpolicy/include/system/init.if: Syntax error on line 1422 ' [type=SQUOTE] Signed-off-by: Nicolas Iooss --- sepolgen/src/sepolgen/refparser.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sepolgen/src/sepolgen/refparser.py b/sepolgen/src/sepolgen/refparser.py index 3132c6fe7109..9b1d0c8f458d 100644 --- a/sepolgen/src/sepolgen/refparser.py +++ b/sepolgen/src/sepolgen/refparser.py @@ -219,7 +219,7 @@ t_BAR = r'\|' t_EXPL = r'\!' t_EQUAL = r'\=' t_NUMBER = r'[0-9\.]+' -t_PATH = r'/[a-zA-Z0-9)_\.\*/]*' +t_PATH = r'/[a-zA-Z0-9)_\.\*/\$]*' #t_IPV6_ADDR = r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]{0,4}:)*' # Ignore whitespace - this is a special token for ply that more efficiently @@ -417,6 +417,7 @@ def p_tunable_policy(p): def p_ifelse(p): '''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi + | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi ''' # x = refpolicy.IfDef(p[4]) # v = True