From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
 by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id s92E6BKZ002432
 for <selinux@tycho.nsa.gov>; Thu, 2 Oct 2014 10:06:11 -0400
Message-ID: <542D5BCC.6040909@tresys.com>
Date: Thu, 2 Oct 2014 10:06:04 -0400
From: Steve Lawrence <slawrence@tresys.com>
MIME-Version: 1.0
To: Yuli Khodorkovskiy <ykhodorkovskiy@tresys.com>, SELinux List
 <selinux@tycho.nsa.gov>
Subject: Re: [PATCH 0/3] pp2cil fixes based on feedback
References: <1412255410-15537-1-git-send-email-ykhodorkovskiy@tresys.com>
In-Reply-To: <1412255410-15537-1-git-send-email-ykhodorkovskiy@tresys.com>
Content-Type: text/plain; charset="windows-1252"
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
 <selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>

On 10/02/2014 09:10 AM, Yuli Khodorkovskiy wrote:
> This patchset provides fixes to the pp2cil tool based on feedback for 
> 2014-08-26-rc1. 
> 
> An issue was encountered in 2014-08-26-rc1 with missing roles [1].
> Role declarations will now be printed in base and modules, where
> before only module role declarations were printed. Also, roletype
> statements will only be created when a role or a type are in the
> correct scope. As a result of these changes, policies that declare
> roles mulitple times in different modules will result in pp2cil
> generating duplicate roles. Since CIL does not allow identical role
> delcarations in different modules, current policies must be rebuilt
> with a refpolicy patch that removes duplicate role declarations [2].
> 
> A bug in creating filecon statements was also fixed where a missing 
> trailing newline in .fc files would cause parsing issues.
> 
> Finally, generated typeattribute/sets will now be printed immediately 
> unless they are in avrule conditionals/blocks. The special case will 
> have generated typeattributes/sets to be printed after the 
> conditionals/blocks are printed.
> 
> [1] http://marc.info/?l=selinux&m=140983712508791&w=2
> [2] https://github.com/TresysTechnology/refpolicy/commit/330b0fc3331d3b836691464734c96f3da3044490
> 
> 
> Yuli Khodorkovskiy (3):
>   policycoreutils/hll/pp: Fix role/roletype scoping
>   policycoreutils/hll/pp: fix '\n' parsing in filecon statements
>   policycoreutils/hll/pp: change printing behavior of typeattribute/sets
> 
>  policycoreutils/hll/pp/pp.c | 763 ++++++++++++++++++++++++++++++--------------
>  1 file changed, 529 insertions(+), 234 deletions(-)
> 

All 3 patches Acked-by: Steve Lawrence <slawrence@tresys.com>