From: "Frank Mayer" <mayerf@tresys.com>
To: <selinux@tycho.nsa.gov>
Cc: "'David Caplan'" <dac@tresys.com>
Subject: RE: checkpolicy and login names [patch]
Date: Thu, 26 Sep 2002 13:57:25 -0400 [thread overview]
Message-ID: <006201c26586$2f24a930$6600a8c0@columbia.tresys.com> (raw)
In-Reply-To: <GBEAJBKHFOBIBBJBCGAGIEKJCFAA.dac@tresys.com>
[-- Attachment #1: Type: text/plain, Size: 310 bytes --]
Attached is a patch to checkpolicy that expands the syntax of user names
to include "." and "-" characters. User names are now a distinct syntax
(actually a superset) from other identifiers. One should be able to add
more character to what's allowed in user names without impacting other
identifiers. Frank
[-- Attachment #2: cp.patch --]
[-- Type: application/octet-stream, Size: 2876 bytes --]
diff -ruN checkpolicy/policy_parse.y checkpolicy.new/policy_parse.y
--- checkpolicy/policy_parse.y Thu Sep 26 13:43:16 2002
+++ checkpolicy.new/policy_parse.y Thu Sep 26 13:41:49 2002
@@ -99,6 +99,7 @@
%token U1 U2 R1 R2 T1 T2
%token NOT AND OR
%token IDENTIFIER
+%token USER_IDENTIFIER
%token NUMBER
%token EQUALS
%token NOTEQUAL
@@ -322,10 +323,10 @@
| T1 op T2
{ $$ = (int) define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2);
if ($$ == 0) return -1; }
- | U1 op { if (insert_separator(1)) return -1; } names_push
+ | U1 op { if (insert_separator(1)) return -1; } user_names_push
{ $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_USER, $2);
if ($$ == 0) return -1; }
- | U2 op { if (insert_separator(1)) return -1; } names_push
+ | U2 op { if (insert_separator(1)) return -1; } user_names_push
{ $$ = (int) define_cexpr(CEXPR_NAMES, CEXPR_USER | CEXPR_TARGET, $2);
if ($$ == 0) return -1; }
| R1 op { if (insert_separator(1)) return -1; } names_push
@@ -377,7 +378,10 @@
users : user_def
| users user_def
;
-user_def : USER identifier ROLES names opt_user_ranges ';'
+user_id : identifier
+ | user_identifier
+ ;
+user_def : USER user_id ROLES names opt_user_ranges ';'
{if (define_user()) return -1;}
;
opt_user_ranges : RANGES user_ranges
@@ -470,7 +474,7 @@
$$ = addr;
}
;
-security_context_def : identifier ':' identifier ':' identifier opt_mls_range_def
+security_context_def : user_id ':' identifier ':' identifier opt_mls_range_def
;
opt_mls_range_def : ':' mls_range_def
|
@@ -536,6 +540,21 @@
identifier : IDENTIFIER
{ if (insert_id(yytext,0)) return -1; }
;
+user_identifier : USER_IDENTIFIER
+ { if (insert_id(yytext,0)) return -1; }
+ ;
+user_identifier_push : USER_IDENTIFIER
+ { if (insert_id(yytext, 1)) return -1; }
+ ;
+useridentifier_list_push : user_identifier_push
+ | identifier_list_push user_identifier_push
+ ;
+user_names_push : names_push
+ | user_identifier_push
+ | '{' useridentifier_list_push '}'
+ | tilde_push user_identifier_push
+ | tilde_push '{' useridentifier_list_push '}'
+ ;
path : PATH
{ if (insert_id(yytext,0)) return -1; }
;
diff -ruN checkpolicy/policy_scan.l checkpolicy.new/policy_scan.l
--- checkpolicy/policy_scan.l Thu Sep 26 13:43:17 2002
+++ checkpolicy.new/policy_scan.l Thu Sep 26 13:41:49 2002
@@ -132,6 +132,7 @@
T2 { return(T2); }
"/"({letter}|{digit}|_|"."|"-"|"/")* { return(PATH); }
{letter}({letter}|{digit}|_)* { return(IDENTIFIER); }
+{letter}({letter}|{digit}|_|"."|"-")* { return(USER_IDENTIFIER); }
{digit}{digit}* { return(NUMBER); }
#[^\n]* { /* delete comments */ }
[ \t\f]+ { /* delete whitespace */ }
next prev parent reply other threads:[~2002-09-26 17:56 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-09-22 20:12 SElinux newbie seeks starter paper(s) Michael Zimmermann
2002-09-22 21:50 ` Carsten Grohmann
2002-09-22 23:33 ` Russell Coker
2002-09-23 6:57 ` Michael Zimmermann
2002-09-23 7:52 ` Tom
2002-09-23 9:14 ` Carsten Grohmann
[not found] ` <20020923091936.37F28174004@mail.vegaa.de>
2002-09-23 10:22 ` Deutsche Liste Michael Zimmermann
2002-09-23 12:22 ` SElinux newbie seeks starter paper(s) Stephen Smalley
2002-09-23 13:41 ` Tom
2002-09-24 13:18 ` Frank Mayer
2002-09-24 14:32 ` checkpolicy and login names david caplan
2002-09-24 16:52 ` Stephen Smalley
2002-09-24 17:00 ` Russell Coker
2002-09-24 17:40 ` david caplan
2002-09-26 17:57 ` Frank Mayer [this message]
2002-09-26 18:21 ` checkpolicy and login names [patch] Frank Mayer
2002-09-26 18:49 ` Frank Mayer
2002-09-26 18:57 ` Frank Mayer
2002-09-27 19:33 ` Stephen Smalley
[not found] ` <20020925092730.GB17419@snoopy.apana.org.au>
2002-09-25 10:49 ` checkpolicy and login names Russell Coker
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='006201c26586$2f24a930$6600a8c0@columbia.tresys.com' \
--to=mayerf@tresys.com \
--cc=dac@tresys.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.