Joshua Brindle wrote:
> On Thu, 2005-04-07 at 16:29 -0500, Darrel Goeddel wrote:
> 
>>Joshua Brindle wrote:
>>
>>>On Thu, 2005-04-07 at 11:30 -0500, Darrel Goeddel wrote:
>>>
>>>
>>>>Stephen Smalley wrote:
>>
>>>>>The original hierarchy patch also collapsed the identifier and
>>>>>user_identifier together, thereby allowing "-" to occur in any
>>>>>identifier.  As a result, if someone specifies s0-s9 in the policy
>>>>>without whitespace, it will be incorrectly interpreted as an attempt to
>>>>>specify a level named "s0-s9".  Further, nothing prevents someone from
>>>>>defining a level or category name that includes a "-" presently.
>>>>>Options are to revert the change from the original patch that collapsed
>>>>>identifier and user_identifier together (only adding "." to identifier,
>>>>>not "-") or to add further handling to the action routines to deal with
>>>>>it.
>>>>>
>>>
>>>
> 
> Ok, here is a patch against cvs (includes Darrel's MLS changes). It
> builds MLS and non-MLS policies with and without type and role
> hierarchies so this should be good to go, let me know if there are any
> other problems.
> 
> Joshua

Thanks for merging my changes into the main patch.  I have a few additions in 
the attached patch, which is relative to your latest patch.

I had a possible double free in define_category.  I added back the declaration 
for is_valid_identifier in policy_scan.l to avoid a warning.  I also removed 
including '-' as a valid character in the standard IDENTIFIER (this is what we 
were after, right?).  There are a few tweaks to the policy Makefile.  The first 
is changing "s9 : c0.c127" to "s9:c0.c127" - I thought that was a bit more 
readable.  The second is changing MLS=n to MLS=y in the makefile when running 
the mlsconvert target.

-- 

Darrel