[PATCH] sepolgen-ifgen: allow M4 escaped filenames

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] sepolgen-ifgen: allow M4 escaped filenames
@ 2024-08-19 18:21 Petr Lautrbach
  2024-08-27 11:28 ` [PATCH v2] " Petr Lautrbach
  0 siblings, 1 reply; 5+ messages in thread
From: Petr Lautrbach @ 2024-08-19 18:21 UTC (permalink / raw)
  To: selinux; +Cc: Petr Lautrbach

When a file name in type transition rule used in an interface is same as
a keyword, it needs to be M4 escaped so that the keyword is not expanded
by M4, e.g.

-	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
+	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "``interface''")

But sepolgen-ifgen could not parse such string:

    # sepolgen-ifgen
    Illegal character '`'

This change allows M4 escaping inside quoted strings and fixed described
problem.

https://bugzilla.redhat.com/show_bug.cgi?id=2254206

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---
 python/sepolgen/src/sepolgen/refparser.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
index e261d3f78f87..9622ee9a29ce 100644
--- a/python/sepolgen/src/sepolgen/refparser.py
+++ b/python/sepolgen/src/sepolgen/refparser.py
@@ -261,7 +261,7 @@ def t_IDENTIFIER(t):
     return t
 
 def t_FILENAME(t):
-    r'\"[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\"'
+    r'\"`*[a-zA-Z0-9_\-\+\.\$\*~ :\[\]]+\'*\"'
     # Handle any keywords
     t.type = reserved.get(t.value,'FILENAME')
     return t
-- 
2.46.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* [PATCH v2] sepolgen-ifgen: allow M4 escaped filenames
  2024-08-19 18:21 [PATCH] sepolgen-ifgen: allow M4 escaped filenames Petr Lautrbach
@ 2024-08-27 11:28 ` Petr Lautrbach
  2024-12-17 12:13   ` Petr Lautrbach
  2024-12-17 19:34   ` James Carter
  0 siblings, 2 replies; 5+ messages in thread
From: Petr Lautrbach @ 2024-08-27 11:28 UTC (permalink / raw)
  To: selinux; +Cc: Petr Lautrbach

When a file name in type transition rule used in an interface is same as
a keyword, it needs to be M4 escaped so that the keyword is not expanded
by M4, e.g.

-	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
+	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, ``"interface"'')

But sepolgen-ifgen could not parse such string:

    # sepolgen-ifgen
    Illegal character '`'

This change allows M4 escaping inside quoted strings and fixed described
problem.

https://bugzilla.redhat.com/show_bug.cgi?id=2254206

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
---

change to v1:

- use ``"..."'' instead of "``..''" - sugested in https://github.com/SELinuxProject/selint/pull/291 by
  @cgzones

- controls right number of openning and closing quotes

 python/sepolgen/src/sepolgen/refparser.py | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
index e261d3f78f87..c8a3eb54d679 100644
--- a/python/sepolgen/src/sepolgen/refparser.py
+++ b/python/sepolgen/src/sepolgen/refparser.py
@@ -486,7 +486,7 @@ def p_interface_call_param(p):
                             | nested_id_set
                             | TRUE
                             | FALSE
-                            | FILENAME
+                            | quoted_filename
     '''
     # Intentionally let single identifiers pass through
     # List means set, non-list identifier
@@ -1027,6 +1027,11 @@ def p_optional_semi(p):
                    | empty'''
     pass
 
+def p_quoted_filename(p):
+    '''quoted_filename : TICK quoted_filename SQUOTE
+                       | FILENAME
+    '''
+    p[0] = p[1]
 
 #
 # Interface to the parser
-- 
2.46.0


^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] sepolgen-ifgen: allow M4 escaped filenames
  2024-08-27 11:28 ` [PATCH v2] " Petr Lautrbach
@ 2024-12-17 12:13   ` Petr Lautrbach
  2024-12-17 19:34   ` James Carter
  1 sibling, 0 replies; 5+ messages in thread
From: Petr Lautrbach @ 2024-12-17 12:13 UTC (permalink / raw)
  To: selinux

Petr Lautrbach <lautrbach@redhat.com> writes:

> When a file name in type transition rule used in an interface is same as
> a keyword, it needs to be M4 escaped so that the keyword is not expanded
> by M4, e.g.
>
> -	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
> +	filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, ``"interface"'')
>
> But sepolgen-ifgen could not parse such string:
>
>     # sepolgen-ifgen
>     Illegal character '`'
>
> This change allows M4 escaping inside quoted strings and fixed described
> problem.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2254206
>
> Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>

If there's no objection I would like to merge before tomorrows rc3.

Petr



> ---
>
> change to v1:
>
> - use ``"..."'' instead of "``..''" - sugested in https://github.com/SELinuxProject/selint/pull/291 by
>   @cgzones
>
> - controls right number of openning and closing quotes
>
>  python/sepolgen/src/sepolgen/refparser.py | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
> index e261d3f78f87..c8a3eb54d679 100644
> --- a/python/sepolgen/src/sepolgen/refparser.py
> +++ b/python/sepolgen/src/sepolgen/refparser.py
> @@ -486,7 +486,7 @@ def p_interface_call_param(p):
>                              | nested_id_set
>                              | TRUE
>                              | FALSE
> -                            | FILENAME
> +                            | quoted_filename
>      '''
>      # Intentionally let single identifiers pass through
>      # List means set, non-list identifier
> @@ -1027,6 +1027,11 @@ def p_optional_semi(p):
>                     | empty'''
>      pass
>  
> +def p_quoted_filename(p):
> +    '''quoted_filename : TICK quoted_filename SQUOTE
> +                       | FILENAME
> +    '''
> +    p[0] = p[1]
>  
>  #
>  # Interface to the parser
> -- 
> 2.46.0


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] sepolgen-ifgen: allow M4 escaped filenames
  2024-08-27 11:28 ` [PATCH v2] " Petr Lautrbach
  2024-12-17 12:13   ` Petr Lautrbach
@ 2024-12-17 19:34   ` James Carter
  2024-12-17 20:25     ` James Carter
  1 sibling, 1 reply; 5+ messages in thread
From: James Carter @ 2024-12-17 19:34 UTC (permalink / raw)
  To: Petr Lautrbach; +Cc: selinux

On Tue, Aug 27, 2024 at 7:32 AM Petr Lautrbach <lautrbach@redhat.com> wrote:
>
> When a file name in type transition rule used in an interface is same as
> a keyword, it needs to be M4 escaped so that the keyword is not expanded
> by M4, e.g.
>
> -       filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
> +       filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, ``"interface"'')
>
> But sepolgen-ifgen could not parse such string:
>
>     # sepolgen-ifgen
>     Illegal character '`'
>
> This change allows M4 escaping inside quoted strings and fixed described
> problem.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=2254206
>
> Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>

Sorry, I don't know how I missed this patch earlier.

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>
> change to v1:
>
> - use ``"..."'' instead of "``..''" - sugested in https://github.com/SELinuxProject/selint/pull/291 by
>   @cgzones
>
> - controls right number of openning and closing quotes
>
>  python/sepolgen/src/sepolgen/refparser.py | 7 ++++++-
>  1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
> index e261d3f78f87..c8a3eb54d679 100644
> --- a/python/sepolgen/src/sepolgen/refparser.py
> +++ b/python/sepolgen/src/sepolgen/refparser.py
> @@ -486,7 +486,7 @@ def p_interface_call_param(p):
>                              | nested_id_set
>                              | TRUE
>                              | FALSE
> -                            | FILENAME
> +                            | quoted_filename
>      '''
>      # Intentionally let single identifiers pass through
>      # List means set, non-list identifier
> @@ -1027,6 +1027,11 @@ def p_optional_semi(p):
>                     | empty'''
>      pass
>
> +def p_quoted_filename(p):
> +    '''quoted_filename : TICK quoted_filename SQUOTE
> +                       | FILENAME
> +    '''
> +    p[0] = p[1]
>
>  #
>  # Interface to the parser
> --
> 2.46.0
>
>

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH v2] sepolgen-ifgen: allow M4 escaped filenames
  2024-12-17 19:34   ` James Carter
@ 2024-12-17 20:25     ` James Carter
  0 siblings, 0 replies; 5+ messages in thread
From: James Carter @ 2024-12-17 20:25 UTC (permalink / raw)
  To: Petr Lautrbach; +Cc: selinux

On Tue, Dec 17, 2024 at 2:34 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Tue, Aug 27, 2024 at 7:32 AM Petr Lautrbach <lautrbach@redhat.com> wrote:
> >
> > When a file name in type transition rule used in an interface is same as
> > a keyword, it needs to be M4 escaped so that the keyword is not expanded
> > by M4, e.g.
> >
> > -       filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, "interface")
> > +       filetrans_pattern($1, virt_var_run_t, virtinterfaced_var_run_t, dir, ``"interface"'')
> >
> > But sepolgen-ifgen could not parse such string:
> >
> >     # sepolgen-ifgen
> >     Illegal character '`'
> >
> > This change allows M4 escaping inside quoted strings and fixed described
> > problem.
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=2254206
> >
> > Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
>
> Sorry, I don't know how I missed this patch earlier.
>
> Acked-by: James Carter <jwcart2@gmail.com>
>

Merged.
Thanks,
Jim

> > ---
> >
> > change to v1:
> >
> > - use ``"..."'' instead of "``..''" - sugested in https://github.com/SELinuxProject/selint/pull/291 by
> >   @cgzones
> >
> > - controls right number of openning and closing quotes
> >
> >  python/sepolgen/src/sepolgen/refparser.py | 7 ++++++-
> >  1 file changed, 6 insertions(+), 1 deletion(-)
> >
> > diff --git a/python/sepolgen/src/sepolgen/refparser.py b/python/sepolgen/src/sepolgen/refparser.py
> > index e261d3f78f87..c8a3eb54d679 100644
> > --- a/python/sepolgen/src/sepolgen/refparser.py
> > +++ b/python/sepolgen/src/sepolgen/refparser.py
> > @@ -486,7 +486,7 @@ def p_interface_call_param(p):
> >                              | nested_id_set
> >                              | TRUE
> >                              | FALSE
> > -                            | FILENAME
> > +                            | quoted_filename
> >      '''
> >      # Intentionally let single identifiers pass through
> >      # List means set, non-list identifier
> > @@ -1027,6 +1027,11 @@ def p_optional_semi(p):
> >                     | empty'''
> >      pass
> >
> > +def p_quoted_filename(p):
> > +    '''quoted_filename : TICK quoted_filename SQUOTE
> > +                       | FILENAME
> > +    '''
> > +    p[0] = p[1]
> >
> >  #
> >  # Interface to the parser
> > --
> > 2.46.0
> >
> >

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2024-12-17 20:25 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-19 18:21 [PATCH] sepolgen-ifgen: allow M4 escaped filenames Petr Lautrbach
2024-08-27 11:28 ` [PATCH v2] " Petr Lautrbach
2024-12-17 12:13   ` Petr Lautrbach
2024-12-17 19:34   ` James Carter
2024-12-17 20:25     ` James Carter

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.