| Message ID | e9ad0ee8d6894e8493bb099ad2e9b753@bgmail101.nvidia.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Headers | show
Return-Path: <selinux-bounces@tycho.nsa.gov> Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 5A32D60756 for <patchwork-selinux@patchwork.kernel.org>; Mon, 18 Jul 2016 13:08:49 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 42CA12522B for <patchwork-selinux@patchwork.kernel.org>; Mon, 18 Jul 2016 13:08:49 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 3765F26AE3; Mon, 18 Jul 2016 13:08:49 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id D42E72522B for <patchwork-selinux@patchwork.kernel.org>; Mon, 18 Jul 2016 13:08:47 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,384,1464652800"; d="scan'208";a="15660622" IronPort-PHdr: =?us-ascii?q?9a23=3AqmDYmhBIFjqk/vGsbTdMUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSPj/ocbcNUDSrc9gkEXOFd2CrakV06yK4uu9BCQp2tWoiDg6aptCVhsI24?= =?us-ascii?q?09vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6kO74TNaIBjjLw09?= =?us-ascii?q?fr2zQd+KyZjmnL3vs7ToICxwzAKnZr1zKBjk5S7wjeIxxbVYF6Aq1xHSqWFJce?= =?us-ascii?q?kFjUlhJFaUggqurpzopM0rzj5U884F24YAFPyiPvdwcLpDET5zM3wp/J+s8gHZ?= =?us-ascii?q?Sg6C+nsRT35QkxxGBBPI51fmT5zxtW38vfF2niybOYrzRLEwXD2kqKBzVB7vjj?= =?us-ascii?q?xALDM98WfKmp9NirlGqkekrh1734mGe4yRNfxjbubHcMoHSHFddtpAXCxGRIWn?= =?us-ascii?q?Zs0ACPRWJvtSrYT2uw4TqwCjDxKnHuLlx2x0gSrNwaAi0+knWTrD1QgkEsNG5G?= =?us-ascii?q?/Yt/3pJawSVqaz16COwjLdObcekyzw7InObwAJveCHXbU2d9HYj0YoCUmN2k6d?= =?us-ascii?q?rY3jIiO9yvUGs2/d6fFpE+2olTh0hRt2p22OwM4phoDTzrkVw0rF+20twZ01LM?= =?us-ascii?q?e5RmZ9f9+oEZIWvCafYdglCvg+Sn1l7X5pgoYNvoS2KW1TkJk=3D?= X-IPAS-Result: =?us-ascii?q?A2GMAwBO1IxX/wHyM5BbGQEBAQEBgnQtgVIGumQhhgMCgTR?= =?us-ascii?q?MAQEBAQEBAgJiJ4IyBAIBEIITAQEBAQMBAjcMCAIeCwMDAQIDAwEBAQEICwIBA?= =?us-ascii?q?wQBAR8IAQcDAS0BFAkIAgQBBwsFAxUEiA8BBL45AQEBAQEBAQECAQEBAQEBAQE?= =?us-ascii?q?BAQEchiqETYQSEQGFdwEEiB+RBY5YgXKEWYMjhVCQcoNzboYJNn8BAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 18 Jul 2016 13:08:43 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u6ID5tUo019687; Mon, 18 Jul 2016 09:05:55 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u6I9TZqD178007 for <selinux@prometheus.infosec.tycho.ncsc.mil>; Mon, 18 Jul 2016 05:29:35 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u6I9TZ0K026639; Mon, 18 Jul 2016 05:29:35 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1BkAQBKoIxXe0F55NhcGgEBAQGCdIF/BrZkhAiGGgKBMUwBAQEBAQETAQELCwoIIYULAQEBAQM6PwwEAgEICwMDBAEBHwkHMhQJCAIEAQ0FCIgoAQS/DQEBAQEGAQEBAQEBAQEBHoYqhE2EEhEBhXcFiB+RBY5YgXKEWYhzkB6ER26GCTZ/AQEB X-IPAS-Result: A1BkAQBKoIxXe0F55NhcGgEBAQGCdIF/BrZkhAiGGgKBMUwBAQEBAQETAQELCwoIIYULAQEBAQM6PwwEAgEICwMDBAEBHwkHMhQJCAIEAQ0FCIgoAQS/DQEBAQEGAQEBAQEBAQEBHoYqhE2EEhEBhXcFiB+RBY5YgXKEWYhzkB6ER26GCTZ/AQEB X-IronPort-AV: E=Sophos;i="5.28,383,1464667200"; d="scan'208";a="5586235" Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov) ([10.208.41.36]) by goalie.tycho.ncsc.mil with ESMTP; 18 Jul 2016 05:29:28 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3Ai6WI+RRKDvhrI4kKmKq8U5gwk9psv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa64bRON2/xhgRfzUJnB7Loc0qyN4vimBT1LuMzJmUtBWaQEbwUCh8?= =?us-ascii?q?QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnYsExnyfTB4?= =?us-ascii?q?Ov7yUtaLyZ/mj6buqtaKOU1hv3mUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?= =?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD86Fpy8kVarn3Z6Q1S/RjCT0iN20krJnwuQLr?= =?us-ascii?q?URqE5nxaVH4f1BVPHV6BpFvhU5PwtDbqnvZs0ymde8vtRPY7Xirop/NwRRvpjj?= =?us-ascii?q?oXHyIo+2HQzMprheRUpwz39DJlxIuBQYecMfZ3ZOvmfdoARGQJCsdKVyVbA42U?= =?us-ascii?q?aZUOA+sIe+1fqt+u9BM1sRKiCFz0V6vUwThSiyqu0A=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0HfAgC+oIxXe0F55NhcGgEBAQGCdIF/B?= =?us-ascii?q?rZkhAiGGgKBMUwBAQEBAQECAg8BAQsLEiEvgjIVghUBAQEBAzo/DAQCAQgLAwM?= =?us-ascii?q?EAQEfCQcyFAkIAgQBDQUIiCgBBL8NAQEBAQYBAQEBAQEBAQEehiqETYQSEQGFd?= =?us-ascii?q?wWIH5EFjliBcoRZiHOQHoRHboYJNn8BAQE?= X-IPAS-Result: =?us-ascii?q?A0HfAgC+oIxXe0F55NhcGgEBAQGCdIF/BrZkhAiGGgKBMUw?= =?us-ascii?q?BAQEBAQECAg8BAQsLEiEvgjIVghUBAQEBAzo/DAQCAQgLAwMEAQEfCQcyFAkIA?= =?us-ascii?q?gQBDQUIiCgBBL8NAQEBAQYBAQEBAQEBAQEehiqETYQSEQGFdwWIH5EFjliBcoR?= =?us-ascii?q?ZiHOQHoRHboYJNn8BAQE?= X-IronPort-AV: E=Sophos;i="5.28,383,1464652800"; d="scan'208";a="15653317" Received: from hqemgate16.nvidia.com ([216.228.121.65]) by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jul 2016 09:29:27 +0000 Received: from hqpgpgate101.nvidia.com (Not Verified[216.228.121.13]) by hqemgate16.nvidia.com id <B578ca13a0001>; Mon, 18 Jul 2016 02:28:26 -0700 Received: from HQMAIL101.nvidia.com ([172.20.12.94]) by hqpgpgate101.nvidia.com (PGP Universal service); Mon, 18 Jul 2016 02:29:26 -0700 X-PGP-Universal: processed; by hqpgpgate101.nvidia.com on Mon, 18 Jul 2016 02:29:26 -0700 Received: from BGMAIL102.nvidia.com (10.25.59.11) by HQMAIL101.nvidia.com (172.20.187.10) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 18 Jul 2016 09:29:18 +0000 Received: from BGMAIL101.nvidia.com (10.25.59.10) by bgmail102.nvidia.com (10.25.59.11) with Microsoft SMTP Server (TLS) id 15.0.1210.3; Mon, 18 Jul 2016 09:29:15 +0000 Received: from BGMAIL101.nvidia.com ([fe80::b1bc:13a8:5037:fd70]) by bgmail101.nvidia.com ([fe80::b1bc:13a8:5037:fd70%19]) with mapi id 15.00.1210.000; Mon, 18 Jul 2016 09:29:15 +0000 From: Inamdar Sharif <isharif@nvidia.com> To: Stephen Smalley <sds@tycho.nsa.gov>, "selinux@tycho.nsa.gov" <selinux@tycho.nsa.gov> Subject: RE: [PATCH] Extend checkpolicy pathname matching. Thread-Topic: [PATCH] Extend checkpolicy pathname matching. Thread-Index: AQHR3ebgNZ2aUoclI0eadKNHwUTm4aAd8bQA Date: Mon, 18 Jul 2016 09:29:14 +0000 Message-ID: <e9ad0ee8d6894e8493bb099ad2e9b753@bgmail101.nvidia.com> References: <1468511275-23946-1-git-send-email-sds@tycho.nsa.gov> In-Reply-To: <1468511275-23946-1-git-send-email-sds@tycho.nsa.gov> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.24.251.54] MIME-Version: 1.0 Content-Language: en-US X-MIME-Autoconverted: from quoted-printable to 8bit by prometheus.infosec.tycho.ncsc.mil id u6I9TZqD178007 X-Mailman-Approved-At: Mon, 18 Jul 2016 08:45:58 -0400 X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" <selinux.tycho.nsa.gov> List-Unsubscribe: <http://prometheus.infosec.tycho.ncsc.mil/mailman/options/selinux>, <mailto:selinux-request@tycho.nsa.gov?subject=unsubscribe> List-Archive: <http://prometheus.infosec.tycho.ncsc.mil/pipermail/selinux/> List-Post: <mailto:selinux@tycho.nsa.gov> List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help> List-Subscribe: <http://prometheus.infosec.tycho.ncsc.mil/mailman/listinfo/selinux>, <mailto:selinux-request@tycho.nsa.gov?subject=subscribe> Cc: "seandroid-list@tycho.nsa.gov" <seandroid-list@tycho.nsa.gov> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov> X-Virus-Scanned: ClamAV using ClamSMTP |
diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l index 22da338..2f7f221 100644 --- a/checkpolicy/policy_scan.l +++ b/checkpolicy/policy_scan.l @@ -249,9 +249,9 @@ high | HIGH { return(HIGH); } low | LOW { return(LOW); } -"/"({alnum}|[_\.\-/])* { return(PATH); } -\""/"[ !#-~]*\" { return(QPATH); } -\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); } +"/"[^ \n\r\t\f]* { return(PATH); } +\""/"[^\"\n]*\" { return(QPATH); } +\"[^"/"\"\n]+\" { return(FILENAME); } {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } {digit}+|0x{hexval}+ { return(NUMBER); } {alnum}*{letter}{alnum}* { return(FILESYSTEM); }