From patchwork Sun Sep 24 17:04:55 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 9968095 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id D48D96020C for ; Sun, 24 Sep 2017 17:10:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id AEE1B28C22 for ; Sun, 24 Sep 2017 17:10:22 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A32D228C2F; Sun, 24 Sep 2017 17:10:22 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00, RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1 Received: from ucol19pa09.eemsg.mail.mil (ucol19pa09.eemsg.mail.mil [214.24.24.82]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 09BF028C31 for ; Sun, 24 Sep 2017 17:10:20 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.42,433,1500940800"; d="scan'208";a="533618697" Received: from emsm-gh1-uea11.ncsc.mil ([214.29.60.3]) by ucol19pa09.eemsg.mail.mil with ESMTP; 24 Sep 2017 17:09:32 +0000 Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea11.NCSC.MIL with ESMTP; 24 Sep 2017 17:09:32 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8OH9T09023822; Sun, 24 Sep 2017 13:09:29 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id v8OH8Eg7143985 for ; Sun, 24 Sep 2017 13:08:14 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id v8OH8ElX023536 for ; Sun, 24 Sep 2017 13:08:14 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A1A+BQCJ5cdZZCYbGNZcg18oAyEBWVcnj?= =?us-ascii?q?wqPBpo8E4lOVwECAQEBAQECBBwUiEiIYYFSAwEBlyqSN4QRhzSDK4ICgVGJTIE?= =?us-ascii?q?ShQgfBaEfgi6SIZMTSJR+gTmBZTIhMlGESgELAXiBUHSFWoIzAQEB?= X-IPAS-Result: =?us-ascii?q?A1A+BQCJ5cdZZCYbGNZcg18oAyEBWVcnjwqPBpo8E4lOVwE?= =?us-ascii?q?CAQEBAQECBBwUiEiIYYFSAwEBlyqSN4QRhzSDK4ICgVGJTIEShQgfBaEfgi6SI?= =?us-ascii?q?ZMTSJR+gTmBZTIhMlGESgELAXiBUHSFWoIzAQEB?= X-IronPort-AV: E=Sophos;i="5.42,433,1500955200"; d="scan'208";a="62100" Received: from emsm-gh1-uea10.ncsc.mil ([214.29.60.34]) by goalie.tycho.ncsc.mil with ESMTP; 24 Sep 2017 13:07:33 -0400 Received: from upbd19pa05.eemsg.mail.mil ([214.24.27.38]) by EMSM-GH1-UEA10.NCSC.MIL with ESMTP; 24 Sep 2017 17:07:32 +0000 X-EEMSG-check-005: 0 X-EEMSG-check-006: 000-001;b05be6d5-e40b-4f28-8fcc-9450729926e0 Authentication-Results: upbd19pa05.eemsg.mail.mil; dkim=neutral (message not signed) header.i=none X-EEMSG-check-008: 249002274|UPBD19PA05_EEMSG_MP5.csd.disa.mil X-EEMSG-SBRS: 3.5 X-EEMSG-ORIG-IP: 129.104.30.34 X-EEMSG-check-002: true X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A0CiAgAS5sdZhyIeaIFcHQYMgzCBfSePCo8GmjwTiU5CFQECAQEBAQEBARMBAQEKCwkIKC+HaYhhgVIEAalghBGHNIMrggKBUYlMgRKFCB8FoR+CLpIhkxNIlH6BOTWBMDIhMlGESgELAYJIdIVagjMBAQE X-IPAS-Result: A0CiAgAS5sdZhyIeaIFcHQYMgzCBfSePCo8GmjwTiU5CFQECAQEBAQEBARMBAQEKCwkIKC+HaYhhgVIEAalghBGHNIMrggKBUYlMgRKFCB8FoR+CLpIhkxNIlH6BOTWBMDIhMlGESgELAYJIdIVagjMBAQE Received: from mx1.polytechnique.org ([129.104.30.34]) by upbd19pa05.eemsg.mail.mil with ESMTP; 24 Sep 2017 17:07:07 +0000 Received: from localhost.localdomain (abo-251-56-69.avi.modulonet.fr [85.69.56.251]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 3E7A5564806 for ; Sun, 24 Sep 2017 19:05:32 +0200 (CEST) From: Nicolas Iooss To: selinux@tycho.nsa.gov Date: Sun, 24 Sep 2017 19:04:55 +0200 Message-Id: <20170924170456.5531-1-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.14.1 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sun Sep 24 19:05:32 2017 +0200 (CEST)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org Subject: [PATCH 1/2] sepolicy: ignore comments and empty lines in file_contexts.subs_dist X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP In refpolicy, file_contexts.subs_dist begins with comments: # This file can is used to configure base path aliases as in: # # /aliased_path /original_path_as_configured_in_file_contexts # The first line gets parsed in read_file_equiv even though it is not a valid path substitution and the second line triggers an exception when accessing f[1]: IndexError: list index out of range Parse substitutions only for lines which are not comment. Signed-off-by: Nicolas Iooss --- python/sepolicy/sepolicy/__init__.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/python/sepolicy/sepolicy/__init__.py b/python/sepolicy/sepolicy/__init__.py index d41fc6ae1543..bf2494a813c8 100644 --- a/python/sepolicy/sepolicy/__init__.py +++ b/python/sepolicy/sepolicy/__init__.py @@ -526,10 +526,10 @@ def find_entrypoint_path(exe, exclude_list=[]): def read_file_equiv(edict, fc_path, modify): try: with open(fc_path, "r") as fd: - fc = fd.readlines() - for e in fc: + for e in fd: f = e.split() - edict[f[0]] = {"equiv": f[1], "modify": modify} + if f and not f[0].startswith('#'): + edict[f[0]] = {"equiv": f[1], "modify": modify} except OSError as e: if e.errno != errno.ENOENT: raise