From mboxrd@z Thu Jan 1 00:00:00 1970 Message-ID: <5501CD9E.4020805@tycho.nsa.gov> Date: Thu, 12 Mar 2015 13:32:14 -0400 From: Daniel De Graaf MIME-Version: 1.0 To: Julien Grall , selinux@tycho.nsa.gov Subject: Re: [Xen-devel] [PATCH 2/4] Add device tree ocontext nodes to Xen policy References: <1426180350-16259-1-git-send-email-dgdegra@tycho.nsa.gov> <1426180350-16259-3-git-send-email-dgdegra@tycho.nsa.gov> <5501CC8B.2040303@linaro.org> In-Reply-To: <5501CC8B.2040303@linaro.org> Content-Type: text/plain; charset=windows-1252; format=flowed Cc: xen-devel@lists.xenproject.org List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: On 03/12/2015 01:27 PM, Julien Grall wrote: > Hi Daniel, > > On 12/03/15 17:12, Daniel De Graaf wrote: >> ; >> +dtree_context_def : DEVICETREECON path security_context_def >> + {if (define_devicetree_context()) return -1;} >> + ; > > The regex for matching the device tree path is different from a path. > > the pathname convention is: > > node-name@unit-address > > The characters allowed for node-name/unit-name are: > 0-9 a-z A-Z , . _ + - > > Although the @unit-address may be ommitted. > > So the regex should be something like: > "/"({alnum}|['\._\+\-@])* This is addressed in patch 4, where a quoted version of the path expression is added which allows these characters (and others). -- Daniel De Graaf National Security Agency From mboxrd@z Thu Jan 1 00:00:00 1970 From: Daniel De Graaf Subject: Re: [PATCH 2/4] Add device tree ocontext nodes to Xen policy Date: Thu, 12 Mar 2015 13:32:14 -0400 Message-ID: <5501CD9E.4020805@tycho.nsa.gov> References: <1426180350-16259-1-git-send-email-dgdegra@tycho.nsa.gov> <1426180350-16259-3-git-send-email-dgdegra@tycho.nsa.gov> <5501CC8B.2040303@linaro.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; Format="flowed" Content-Transfer-Encoding: 7bit Return-path: Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1YW6yW-00048m-2a for xen-devel@lists.xenproject.org; Thu, 12 Mar 2015 17:32:48 +0000 In-Reply-To: <5501CC8B.2040303@linaro.org> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xen.org Errors-To: xen-devel-bounces@lists.xen.org To: Julien Grall , selinux@tycho.nsa.gov Cc: xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org On 03/12/2015 01:27 PM, Julien Grall wrote: > Hi Daniel, > > On 12/03/15 17:12, Daniel De Graaf wrote: >> ; >> +dtree_context_def : DEVICETREECON path security_context_def >> + {if (define_devicetree_context()) return -1;} >> + ; > > The regex for matching the device tree path is different from a path. > > the pathname convention is: > > node-name@unit-address > > The characters allowed for node-name/unit-name are: > 0-9 a-z A-Z , . _ + - > > Although the @unit-address may be ommitted. > > So the regex should be something like: > "/"({alnum}|['\._\+\-@])* This is addressed in patch 4, where a quoted version of the path expression is added which allows these characters (and others). -- Daniel De Graaf National Security Agency