From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id t2CHSB1h002079 for ; Thu, 12 Mar 2015 13:28:11 -0400 Received: by widem10 with SMTP id em10so34900422wid.2 for ; Thu, 12 Mar 2015 10:28:06 -0700 (PDT) Message-ID: <5501CC8B.2040303@linaro.org> Date: Thu, 12 Mar 2015 17:27:39 +0000 From: Julien Grall MIME-Version: 1.0 To: Daniel De Graaf , selinux@tycho.nsa.gov Subject: Re: [Xen-devel] [PATCH 2/4] Add device tree ocontext nodes to Xen policy References: <1426180350-16259-1-git-send-email-dgdegra@tycho.nsa.gov> <1426180350-16259-3-git-send-email-dgdegra@tycho.nsa.gov> In-Reply-To: <1426180350-16259-3-git-send-email-dgdegra@tycho.nsa.gov> Content-Type: text/plain; charset=windows-1252 Cc: xen-devel@lists.xenproject.org List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: Hi Daniel, On 12/03/15 17:12, Daniel De Graaf wrote: > ; > +dtree_context_def : DEVICETREECON path security_context_def > + {if (define_devicetree_context()) return -1;} > + ; The regex for matching the device tree path is different from a path. the pathname convention is: node-name@unit-address The characters allowed for node-name/unit-name are: 0-9 a-z A-Z , . _ + - Although the @unit-address may be ommitted. So the regex should be something like: "/"({alnum}|['\._\+\-@])* Regards, -- Julien Grall From mboxrd@z Thu Jan 1 00:00:00 1970 From: Julien Grall Subject: Re: [PATCH 2/4] Add device tree ocontext nodes to Xen policy Date: Thu, 12 Mar 2015 17:27:39 +0000 Message-ID: <5501CC8B.2040303@linaro.org> References: <1426180350-16259-1-git-send-email-dgdegra@tycho.nsa.gov> <1426180350-16259-3-git-send-email-dgdegra@tycho.nsa.gov> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YW6tz-0002jE-TO for xen-devel@lists.xenproject.org; Thu, 12 Mar 2015 17:28:08 +0000 Received: by wivr20 with SMTP id r20so49655144wiv.5 for ; Thu, 12 Mar 2015 10:28:06 -0700 (PDT) In-Reply-To: <1426180350-16259-3-git-send-email-dgdegra@tycho.nsa.gov> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Daniel De Graaf , selinux@tycho.nsa.gov Cc: xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org Hi Daniel, On 12/03/15 17:12, Daniel De Graaf wrote: > ; > +dtree_context_def : DEVICETREECON path security_context_def > + {if (define_devicetree_context()) return -1;} > + ; The regex for matching the device tree path is different from a path. the pathname convention is: node-name@unit-address The characters allowed for node-name/unit-name are: 0-9 a-z A-Z , . _ + - Although the @unit-address may be ommitted. So the regex should be something like: "/"({alnum}|['\._\+\-@])* Regards, -- Julien Grall