Menu
▾
▴
selinux-commits
|
From: <ssm...@us...> - 2007-02-20 13:43:42
|
Revision: 2239
http://svn.sourceforge.net/selinux/?rev=2239&view=rev
Author: ssmalley
Date: 2007-02-20 05:43:22 -0800 (Tue, 20 Feb 2007)
Log Message:
-----------
Author: Caleb Case
Email: cc...@tr...
Subject: checkpolicy/policy_parse.y:define_class: allow class identifiers to contain dots
Date: Tue, 6 Feb 2007 11:31:20 -0500
Class identifiers are now allowed to contain dots. This facilitates the new dot notation for class names used in metapolicy.
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2007-02-20 13:40:44 UTC (rev 2238)
+++ trunk/checkpolicy/policy_parse.y 2007-02-20 13:43:22 UTC (rev 2239)
@@ -930,11 +930,6 @@
yyerror("no class name for class definition?");
return -1;
}
- if (id_has_dot(id)) {
- free(id);
- yyerror("class identifiers may not contain periods");
- return -1;
- }
datum = (class_datum_t *) malloc(sizeof(class_datum_t));
if (!datum) {
yyerror("out of memory");
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-01-03 15:24:04
|
Revision: 2718
http://selinux.svn.sourceforge.net/selinux/?rev=2718&view=rev
Author: millertc
Date: 2008-01-03 07:24:01 -0800 (Thu, 03 Jan 2008)
Log Message:
-----------
Add missing prototype for define_polcap().
Signed-off-by: Todd C. Miller <tm...@tr...>
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-01-02 21:41:51 UTC (rev 2717)
+++ trunk/checkpolicy/policy_parse.y 2008-01-03 15:24:01 UTC (rev 2718)
@@ -125,6 +125,7 @@
static int define_netif_context(void);
static int define_ipv4_node_context(void);
static int define_ipv6_node_context(void);
+static int define_polcap(void);
typedef int (* require_func_t)();
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mad...@us...> - 2008-01-24 20:42:57
|
Revision: 2756
http://selinux.svn.sourceforge.net/selinux/?rev=2756&view=rev
Author: madmethod
Date: 2008-01-24 12:42:54 -0800 (Thu, 24 Jan 2008)
Log Message:
-----------
Author: Joshua Brindle
Email: me...@ma...
Subject: role dominance
Date: Tue, 08 Jan 2008 15:48:34 -0500
Joshua Brindle wrote:
> Stephen Smalley wrote:
>> On Mon, 2008-01-07 at 10:41 -0500, Joshua Brindle wrote:
>>
>>> While working on policyrep we've found that role dominance is pretty
>>> difficult to implement correctly, and apparently there is some
>>> ambiguity about how it works. The main problem we are running into
>>> now is that converting the role bitmaps of an old module
>>> (compatibility) back to a role dominance statement is very difficult.
>>>
>>
>> And likely unnecessary. It isn't required that a conversion yield the
>> same source representation, but only that it yield the same end result
>> when you ultimately generate a kernel binary policy. Or are you saying
>> that you can't even do the latter?
>>
>>
>
> The latter is possible.
>
>>> Also it seems like noone has really used role dominance. During
>>> conversations about it here Chris PeBenito suggests that he wants
>>> something like it for refpolicy but a role attribute kind of system
>>> may be much simpler and easier to implement/understand.
>>>
>>> Thoughts?
>>>
>>
>> Any language feature that isn't actually being used should probably be
>> deprecated.
>>
>
> I vote for deprecation in the current compiler and no implementation
> in policyrep. If we want to add role attribute that would be fine too.
> Chris wants some way to group roles and I never really thought role
> dominance was the right way to do it.
>
Patch below to deprecate role dominance. I think we should throw a
warning in policyrep if we see anything in the dominates field of the
role datum and continue without support. Chris suggests that he'd like
role attributes so we can put that on the todo list to implement.
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-01-24 20:38:56 UTC (rev 2755)
+++ trunk/checkpolicy/policy_parse.y 2008-01-24 20:42:54 UTC (rev 2756)
@@ -2563,6 +2563,8 @@
return (role_datum_t *) 1; /* any non-NULL value */
}
+ yywarn("Role dominance has been deprecated");
+
role_id = queue_remove(id_queue);
if (!is_id_in_scope(SYM_ROLES, role_id)) {
yyerror2("role %s is not within scope", role_id);
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <mil...@us...> - 2008-02-28 15:38:41
|
Revision: 2819
http://selinux.svn.sourceforge.net/selinux/?rev=2819&view=rev
Author: millertc
Date: 2008-02-28 07:38:39 -0800 (Thu, 28 Feb 2008)
Log Message:
-----------
Author: Todd C. Miller <tm...@tr...>
Subject: PATCH: use yyerror2() in checkpolicy parser
Date: Wednesday, February 27, 2008 4:42 PM
policy_parse.y defines a yyerror2() which takes a variables number
of arguments, but much of the code does not take advantage of it.
This diff just replaces sprintf() + yyerror() with yyerror2().
Signed-off-by: Todd C. Miller <tm...@tr...>
Acked-by: Stephen Smalley <sd...@ty...>
policy_parse.y | 274 ++++++++++++++++++---------------------------------------
1 file changed, 90 insertions(+), 184 deletions(-)
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-02-27 20:28:20 UTC (rev 2818)
+++ trunk/checkpolicy/policy_parse.y 2008-02-28 15:38:39 UTC (rev 2819)
@@ -1035,8 +1035,7 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg, "duplicate initial SID %s", id);
- yyerror(errormsg);
+ yyerror2("duplicate initial SID %s", id);
goto bad;
}
}
@@ -1079,9 +1078,7 @@
}
comdatum = hashtab_search(policydbp->p_commons.table, id);
if (comdatum) {
- snprintf(errormsg, ERRORMSG_LEN,
- "duplicate declaration for common %s\n", id);
- yyerror(errormsg);
+ yyerror2("duplicate declaration for common %s\n", id);
return -1;
}
comdatum = (common_datum_t *) malloc(sizeof(common_datum_t));
@@ -1126,10 +1123,8 @@
(hashtab_datum_t) perdatum);
if (ret == SEPOL_EEXIST) {
- sprintf(errormsg,
- "duplicate permission %s in common %s", perm,
- id);
- yyerror(errormsg);
+ yyerror2("duplicate permission %s in common %s", perm,
+ id);
goto bad_perm;
}
if (ret == SEPOL_ENOMEM) {
@@ -1178,8 +1173,7 @@
cladatum = (class_datum_t *) hashtab_search(policydbp->p_classes.table,
(hashtab_key_t) id);
if (!cladatum) {
- sprintf(errormsg, "class %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("class %s is not defined", id);
goto bad;
}
free(id);
@@ -1205,8 +1199,7 @@
(hashtab_key_t) id);
if (!comdatum) {
- sprintf(errormsg, "common %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("common %s is not defined", id);
goto bad;
}
cladatum->comkey = id;
@@ -1243,10 +1236,8 @@
permissions.table,
(hashtab_key_t) id);
if (perdatum2) {
- sprintf(errormsg,
- "permission %s conflicts with an inherited permission",
- id);
- yyerror(errormsg);
+ yyerror2("permission %s conflicts with an "
+ "inherited permission", id);
goto bad;
}
}
@@ -1255,8 +1246,7 @@
(hashtab_datum_t) perdatum);
if (ret == SEPOL_EEXIST) {
- sprintf(errormsg, "duplicate permission %s", id);
- yyerror(errormsg);
+ yyerror2("duplicate permission %s", id);
goto bad;
}
if (ret == SEPOL_ENOMEM) {
@@ -1434,18 +1424,14 @@
(level_datum_t *) hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!datum) {
- sprintf(errormsg,
- "unknown sensitivity %s used in dominance definition",
- id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in dominance "
+ "definition", id);
free(id);
return -1;
}
if (datum->level->sens != 0) {
- sprintf(errormsg,
- "sensitivity %s occurs multiply in dominance definition",
- id);
- yyerror(errormsg);
+ yyerror2("sensitivity %s occurs multiply in dominance "
+ "definition", id);
free(id);
return -1;
}
@@ -1630,17 +1616,13 @@
levdatum = (level_datum_t *) hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg,
- "unknown sensitivity %s used in level definition", id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in level definition", id);
free(id);
return -1;
}
if (ebitmap_length(&levdatum->level->cat)) {
- sprintf(errormsg,
- "sensitivity %s used in multiple level definitions",
- id);
- yyerror(errormsg);
+ yyerror2("sensitivity %s used in multiple level definitions",
+ id);
free(id);
return -1;
}
@@ -1664,9 +1646,7 @@
(hashtab_key_t)
id_start);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s",
- id_start);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_start);
free(id);
return -1;
}
@@ -1677,17 +1657,14 @@
(hashtab_key_t)
id_end);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s",
- id_end);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_end);
free(id);
return -1;
}
range_end = cdatum->s.value - 1;
if (range_end < range_start) {
- sprintf(errormsg, "category range is invalid");
- yyerror(errormsg);
+ yyerror2("category range is invalid");
free(id);
return -1;
}
@@ -1810,10 +1787,8 @@
}
t = hashtab_search(policydbp->p_types.table, id);
if (!t || t->flavor == TYPE_ATTRIB) {
- sprintf(errormsg,
- "unknown type %s, or it was already declared as an attribute",
- id);
- yyerror(errormsg);
+ yyerror2("unknown type %s, or it was already declared as an "
+ "attribute", id);
free(id);
return -1;
}
@@ -1844,8 +1819,7 @@
}
t = hashtab_search(policydbp->p_types.table, id);
if (!t || t->flavor == TYPE_ATTRIB) {
- sprintf(errormsg, "unknown type %s", id);
- yyerror(errormsg);
+ yyerror2("unknown type %s", id);
free(id);
return -1;
}
@@ -1858,16 +1832,14 @@
}
attr = hashtab_search(policydbp->p_types.table, id);
if (!attr) {
- sprintf(errormsg, "attribute %s is not declared", id);
/* treat it as a fatal error */
- yyerror(errormsg);
+ yyerror2("attribute %s is not declared", id);
free(id);
return -1;
}
if (attr->flavor != TYPE_ATTRIB) {
- sprintf(errormsg, "%s is a type, not an attribute", id);
- yyerror(errormsg);
+ yyerror2("%s is a type, not an attribute", id);
free(id);
return -1;
}
@@ -1920,18 +1892,15 @@
}
attr = hashtab_search(policydbp->p_types.table, id);
if (!attr) {
- sprintf(errormsg, "attribute %s is not declared", id);
-
/* treat it as a fatal error */
- yyerror(errormsg);
+ yyerror2("attribute %s is not declared", id);
return -1;
} else {
newattr = 0;
}
if (attr->flavor != TYPE_ATTRIB) {
- sprintf(errormsg, "%s is a type, not an attribute", id);
- yyerror(errormsg);
+ yyerror2("%s is a type, not an attribute", id);
return -1;
}
@@ -1998,8 +1967,7 @@
}
t = hashtab_search(policydbp->p_types.table, id);
if (!t) {
- snprintf(errormsg, ERRORMSG_LEN, "unknown type %s", id);
- yyerror(errormsg);
+ yyerror2("unknown type %s", id);
free(id);
return -1;
}
@@ -2059,8 +2027,7 @@
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
- sprintf(errormsg, "unknown class %s", id);
- yyerror(errormsg);
+ yyerror2("unknown class %s", id);
goto bad;
}
if (ebitmap_set_bit(&tclasses, cladatum->s.value - 1, TRUE)) {
@@ -2083,8 +2050,7 @@
datum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
(hashtab_key_t) id);
if (!datum || datum->flavor == TYPE_ATTRIB) {
- sprintf(errormsg, "unknown type %s", id);
- yyerror(errormsg);
+ yyerror2("unknown type %s", id);
goto bad;
}
@@ -2300,8 +2266,7 @@
}
cladatum = hashtab_search(policydbp->p_classes.table, id);
if (!cladatum) {
- sprintf(errormsg, "unknown class %s used in rule", id);
- yyerror(errormsg);
+ yyerror2("unknown class %s used in rule", id);
ret = -1;
goto out;
}
@@ -2365,19 +2330,17 @@
}
}
if (!perdatum) {
- sprintf(errormsg,
- "permission %s is not defined for class %s",
- id, policydbp->p_class_val_to_name[i]);
if (!suppress)
- yyerror(errormsg);
+ yyerror2("permission %s is not defined"
+ " for class %s", id,
+ policydbp->p_class_val_to_name[i]);
continue;
} else
if (!is_perm_in_scope
(id, policydbp->p_class_val_to_name[i])) {
if (!suppress) {
- yyerror2
- ("permission %s of class %s is not within scope",
- id,
+ yyerror2("permission %s of class %s is"
+ " not within scope", id,
policydbp->p_class_val_to_name[i]);
}
continue;
@@ -2769,9 +2732,7 @@
}
role = hashtab_search(policydbp->p_roles.table, id);
if (!role) {
- sprintf(errormsg,
- "unknown role %s used in transition definition", id);
- yyerror(errormsg);
+ yyerror2("unknown role %s used in transition definition", id);
goto bad;
}
@@ -2791,12 +2752,9 @@
for (tr = policydbp->role_tr; tr; tr = tr->next) {
if (tr->role == (i + 1) && tr->type == (j + 1)) {
- sprintf(errormsg,
- "duplicate role transition for (%s,%s)",
- role_val_to_name(i + 1),
- policydbp->
- p_type_val_to_name[j]);
- yyerror(errormsg);
+ yyerror2("duplicate role transition for (%s,%s)",
+ role_val_to_name(i + 1),
+ policydbp->p_type_val_to_name[j]);
goto bad;
}
}
@@ -2983,9 +2941,8 @@
(class_datum_t *) hashtab_search(policydbp->p_classes.table,
(hashtab_key_t) id);
if (!cladatum) {
- sprintf(errormsg, "class %s is not defined", id);
+ yyerror2("class %s is not defined", id);
ebitmap_destroy(&classmap);
- yyerror(errormsg);
free(id);
return -1;
}
@@ -3043,10 +3000,8 @@
id);
}
if (!perdatum) {
- sprintf(errormsg,
- "permission %s is not defined",
- id);
- yyerror(errormsg);
+ yyerror2("permission %s is not"
+ " defined", id);
free(id);
ebitmap_destroy(&classmap);
return -1;
@@ -3126,9 +3081,8 @@
(class_datum_t *) hashtab_search(policydbp->p_classes.table,
(hashtab_key_t) id);
if (!cladatum) {
- sprintf(errormsg, "class %s is not defined", id);
+ yyerror2("class %s is not defined", id);
ebitmap_destroy(&classmap);
- yyerror(errormsg);
free(id);
return -1;
}
@@ -3258,9 +3212,7 @@
(hashtab_key_t)
id);
if (!user) {
- sprintf(errormsg, "unknown user %s",
- id);
- yyerror(errormsg);
+ yyerror2("unknown user %s", id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3279,9 +3231,7 @@
(hashtab_key_t)
id);
if (!role) {
- sprintf(errormsg, "unknown role %s",
- id);
- yyerror(errormsg);
+ yyerror2("unknown role %s", id);
constraint_expr_destroy(expr);
return 0;
}
@@ -3510,10 +3460,8 @@
table,
(hashtab_key_t) id);
if (!bool_var) {
- sprintf(errormsg,
- "unknown boolean %s in conditional expression",
- id);
- yyerror(errormsg);
+ yyerror2("unknown boolean %s in conditional expression",
+ id);
free(expr);
free(id);
return NULL;
@@ -3552,8 +3500,7 @@
}
r = hashtab_search(policydbp->p_roles.table, id);
if (!r) {
- sprintf(errormsg, "unknown role %s", id);
- yyerror(errormsg);
+ yyerror2("unknown role %s", id);
free(id);
return -1;
}
@@ -3587,31 +3534,27 @@
(hashtab_key_t)
id_start);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_start);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_start);
return -1;
}
range_start = cdatum->s.value - 1;
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id_end);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_end);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_end);
return -1;
}
range_end = cdatum->s.value - 1;
if (range_end < range_start) {
- sprintf(errormsg, "category range is invalid");
- yyerror(errormsg);
+ yyerror2("category range is invalid");
return -1;
}
} else {
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id);
return -1;
}
range_start = range_end = cdatum->s.value - 1;
@@ -3621,11 +3564,10 @@
if (!ebitmap_get_bit(&levdatum->level->cat, i)) {
uint32_t level_value = levdatum->level->sens - 1;
policydb_index_others(NULL, policydbp, 0);
- sprintf(errormsg, "category %s can not be associated "
- "with level %s",
- policydbp->p_cat_val_to_name[i],
- policydbp->p_sens_val_to_name[level_value]);
- yyerror(errormsg);
+ yyerror2("category %s can not be associated "
+ "with level %s",
+ policydbp->p_cat_val_to_name[i],
+ policydbp->p_sens_val_to_name[level_value]);
return -1;
}
if (ebitmap_set_bit(cats, i, TRUE)) {
@@ -3655,8 +3597,7 @@
(hashtab_key_t)
id_start);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_start);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_start);
return -1;
}
range_start = cdatum->s.value;
@@ -3664,8 +3605,7 @@
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id_end);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id_end);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id_end);
return -1;
}
range_end = cdatum->s.value;
@@ -3673,8 +3613,7 @@
cdatum = (cat_datum_t *) hashtab_search(policydbp->p_cats.table,
(hashtab_key_t) id);
if (!cdatum) {
- sprintf(errormsg, "unknown category %s", id);
- yyerror(errormsg);
+ yyerror2("unknown category %s", id);
return -1;
}
range_start = range_end = cdatum->s.value;
@@ -3744,9 +3683,8 @@
hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg, "unknown sensitivity %s used in user"
- " level definition", id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in user"
+ " level definition", id);
free(id);
return -1;
}
@@ -3770,10 +3708,8 @@
hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg,
- "unknown sensitivity %s used in user range definition",
- id);
- yyerror(errormsg);
+ yyerror2("unknown sensitivity %s used in user"
+ " range definition", id);
free(id);
return -1;
}
@@ -3854,8 +3790,7 @@
usrdatum = (user_datum_t *) hashtab_search(policydbp->p_users.table,
(hashtab_key_t) id);
if (!usrdatum) {
- sprintf(errormsg, "user %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("user %s is not defined", id);
free(id);
goto bad;
}
@@ -3878,8 +3813,7 @@
role = (role_datum_t *) hashtab_search(policydbp->p_roles.table,
(hashtab_key_t) id);
if (!role) {
- sprintf(errormsg, "role %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("role %s is not defined", id);
free(id);
return -1;
}
@@ -3902,9 +3836,7 @@
typdatum = (type_datum_t *) hashtab_search(policydbp->p_types.table,
(hashtab_key_t) id);
if (!typdatum || typdatum->flavor == TYPE_ATTRIB) {
- sprintf(errormsg, "type %s is not defined or is an attribute",
- id);
- yyerror(errormsg);
+ yyerror2("type %s is not defined or is an attribute", id);
free(id);
return -1;
}
@@ -3928,9 +3860,7 @@
hashtab_search(policydbp->p_levels.table,
(hashtab_key_t) id);
if (!levdatum) {
- sprintf(errormsg, "Sensitivity %s is not "
- "defined", id);
- yyerror(errormsg);
+ yyerror2("Sensitivity %s is not defined", id);
free(id);
return -1;
}
@@ -4000,15 +3930,12 @@
}
if (!c) {
- sprintf(errormsg, "SID %s is not defined", id);
- yyerror(errormsg);
+ yyerror2("SID %s is not defined", id);
free(id);
return -1;
}
if (c->context[0].user) {
- sprintf(errormsg, "The context for SID %s is multiply defined",
- id);
- yyerror(errormsg);
+ yyerror2("The context for SID %s is multiply defined", id);
free(id);
return -1;
}
@@ -4061,9 +3988,8 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg, "duplicate entry for file system %s",
- newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate entry for file system %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
context_destroy(&newc->context[1]);
free(newc->u.name);
@@ -4108,8 +4034,7 @@
} else if ((strcmp(id, "udp") == 0) || (strcmp(id, "UDP") == 0)) {
protocol = IPPROTO_UDP;
} else {
- sprintf(errormsg, "unrecognized protocol %s", id);
- yyerror(errormsg);
+ yyerror2("unrecognized protocol %s", id);
free(newc);
return -1;
}
@@ -4119,9 +4044,7 @@
newc->u.port.high_port = high;
if (low > high) {
- sprintf(errormsg, "low port %d exceeds high port %d", low,
- high);
- yyerror(errormsg);
+ yyerror2("low port %d exceeds high port %d", low, high);
free(newc);
return -1;
}
@@ -4142,15 +4065,13 @@
if (protocol != prot2)
continue;
if (low == low2 && high == high2) {
- sprintf(errormsg,
- "duplicate portcon entry for %s %d-%d ", id,
- low, high);
+ yyerror2("duplicate portcon entry for %s %d-%d ", id,
+ low, high);
goto bad;
}
if (low2 <= low && high2 >= high) {
- sprintf(errormsg,
- "portcon entry for %s %d-%d hidden by earlier entry for %d-%d",
- id, low, high, low2, high2);
+ yyerror2("portcon entry for %s %d-%d hidden by earlier "
+ "entry for %d-%d", id, low, high, low2, high2);
goto bad;
}
}
@@ -4163,7 +4084,6 @@
return 0;
bad:
- yyerror(errormsg);
free(newc);
return -1;
}
@@ -4206,10 +4126,8 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg,
- "duplicate entry for network interface %s",
- newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate entry for network interface %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
context_destroy(&newc->context[1]);
free(newc->u.name);
@@ -4420,10 +4338,8 @@
for (c = head; c; c = c->next) {
if (!strcmp(newc->u.name, c->u.name)) {
- sprintf(errormsg,
- "duplicate fs_use entry for filesystem type %s",
- newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate fs_use entry for filesystem type %s",
+ newc->u.name);
context_destroy(&newc->context[0]);
free(newc->u.name);
free(newc);
@@ -4489,8 +4405,7 @@
if (!type)
goto fail;
if (type[1] != 0) {
- sprintf(errormsg, "invalid type %s", type);
- yyerror(errormsg);
+ yyerror2("invalid type %s", type);
goto fail;
}
switch (type[0]) {
@@ -4516,8 +4431,7 @@
newc->v.sclass = SECCLASS_FILE;
break;
default:
- sprintf(errormsg, "invalid type %s", type);
- yyerror(errormsg);
+ yyerror2("invalid type %s", type);
goto fail;
}
}
@@ -4530,10 +4444,8 @@
if (!strcmp(newc->u.name, c->u.name) &&
(!newc->v.sclass || !c->v.sclass
|| newc->v.sclass == c->v.sclass)) {
- sprintf(errormsg,
- "duplicate entry for genfs entry (%s, %s)",
- fstype, newc->u.name);
- yyerror(errormsg);
+ yyerror2("duplicate entry for genfs entry (%s, %s)",
+ fstype, newc->u.name);
goto fail;
}
len = strlen(newc->u.name);
@@ -4627,8 +4539,7 @@
cladatum = hashtab_search(policydbp->p_classes.table,
id);
if (!cladatum) {
- sprintf(errormsg, "unknown class %s", id);
- yyerror(errormsg);
+ yyerror2("unknown class %s", id);
goto out;
}
@@ -4640,9 +4551,8 @@
cladatum = hashtab_search(policydbp->p_classes.table,
"process");
if (!cladatum) {
- sprintf(errormsg, "could not find process class for "
- "legacy range_transition statement\n");
- yyerror(errormsg);
+ yyerror2("could not find process class for "
+ "legacy range_transition statement");
goto out;
}
@@ -4657,10 +4567,8 @@
for (l = 0; l < 2; l++) {
levdatum = hashtab_search(policydbp->p_levels.table, id);
if (!levdatum) {
- sprintf(errormsg,
- "unknown level %s used in range_transition "
- "definition", id);
- yyerror(errormsg);
+ yyerror2("unknown level %s used in range_transition "
+ "definition", id);
free(id);
goto out;
}
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
|
From: <jwc...@us...> - 2008-05-05 15:12:30
|
Revision: 2878
http://selinux.svn.sourceforge.net/selinux/?rev=2878&view=rev
Author: jwcarter
Date: 2008-05-05 08:12:17 -0700 (Mon, 05 May 2008)
Log Message:
-----------
Fixes a regression in the policy compilier from when ipv4 parsing was added. This patch expresses the fact that a valid version number can look like an IPv4 address.
Modified Paths:
--------------
trunk/checkpolicy/policy_parse.y
Modified: trunk/checkpolicy/policy_parse.y
===================================================================
--- trunk/checkpolicy/policy_parse.y 2008-05-05 14:45:13 UTC (rev 2877)
+++ trunk/checkpolicy/policy_parse.y 2008-05-05 15:12:17 UTC (rev 2878)
@@ -723,6 +723,7 @@
;
version_identifier : VERSION_IDENTIFIER
{ if (insert_id(yytext,0)) return -1; }
+ | ipv4_addr_def /* version can look like ipv4 address */
;
avrules_block : avrule_decls avrule_user_defs
;
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X