- Add James Carters Patch

*This patch is needed because some filesystem names (such as 9p) start with a digit.
2011-01-12 16:55:45 -05:00 · 2011-01-12 16:50:32 -05:00
4 changed files with 84 additions and 4 deletions
--- a/.gitignore
+++ b/.gitignore
@ -74,3 +74,4 @@ checkpolicy-2.0.19.tgz
 checkpolicy-2.0.20.tgz
 checkpolicy-2.0.21.tgz
 checkpolicy-2.0.22.tgz
+/checkpolicy-2.0.23.tgz
--- a/checkpolicy-filesystem.patch
+++ b/checkpolicy-filesystem.patch
@ -0,0 +1,65 @@
+ policy_parse.y |   14 ++++++++++----
+ policy_scan.l  |    1 +
+ 2 files changed, 11 insertions(+), 4 deletions(-)
+
+diff --git a/checkpolicy/policy_parse.y b/checkpolicy/policy_parse.y
+index 8d1bc37..0777238 100644
+--- a/checkpolicy/policy_parse.y
+++ b/checkpolicy/policy_parse.y
+@@ -138,6 +138,7 @@ typedef int (* require_func_t)();
+ %token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL
+ %token POLICYCAP
+ %token PERMISSIVE
+%token FILESYSTEM
+ 
+ %left OR
+ %left XOR
+@@ -637,7 +638,7 @@ opt_fs_uses             : fs_uses
+ fs_uses                 : fs_use_def
+                         | fs_uses fs_use_def
+                         ;
+-fs_use_def              : FSUSEXATTR identifier security_context_def ';'
+fs_use_def              : FSUSEXATTR filesystem security_context_def ';'
+                         {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;}
+                         | FSUSETASK identifier security_context_def ';'
+                         {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;}
+@@ -650,11 +651,11 @@ opt_genfs_contexts      : genfs_contexts
+ genfs_contexts          : genfs_context_def
+                         | genfs_contexts genfs_context_def
+                         ;
+-genfs_context_def	: GENFSCON identifier path '-' identifier security_context_def
+genfs_context_def	: GENFSCON filesystem path '-' identifier security_context_def
+ 			{if (define_genfs_context(1)) return -1;}
+-			| GENFSCON identifier path '-' '-' {insert_id("-", 0);} security_context_def
+			| GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def
+ 			{if (define_genfs_context(1)) return -1;}
+-                        | GENFSCON identifier path security_context_def
+                        | GENFSCON filesystem path security_context_def
+ 			{if (define_genfs_context(0)) return -1;}
+ 			;
+ ipv4_addr_def		: IPV4_ADDR
+@@ -728,6 +729,11 @@ nested_id_element       : identifier | '-' { if (insert_id("-", 0)) return -1; }
+ identifier		: IDENTIFIER
+ 			{ if (insert_id(yytext,0)) return -1; }
+ 			;
+filesystem		: FILESYSTEM
+                        { if (insert_id(yytext,0)) return -1; }
+                        | IDENTIFIER
+			{ if (insert_id(yytext,0)) return -1; }
+                        ;
+ path     		: PATH
+ 			{ if (insert_id(yytext,0)) return -1; }
+ 			;
+diff --git a/checkpolicy/policy_scan.l b/checkpolicy/policy_scan.l
+index 48128a8..65aff8d 100644
+--- a/checkpolicy/policy_scan.l
+++ b/checkpolicy/policy_scan.l
+@@ -217,6 +217,7 @@ permissive |
+ PERMISSIVE			{ return(PERMISSIVE); }
+ "/"({alnum}|[_\.\-/])*	        { return(PATH); }
+ {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
+{alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
+ {digit}+|0x{hexval}+            { return(NUMBER); }
+ {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
+ {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
+
--- a/checkpolicy.spec
+++ b/checkpolicy.spec
@ -1,15 +1,16 @@
 %define libsepolver 2.0.39-1
 Summary: SELinux policy compiler
 Name: checkpolicy
-Version: 2.0.22
-Release: 1%{?dist}
+Version: 2.0.23
+Release: 2%{?dist}
 License: GPLv2
 Group: Development/System
 Source: http://www.nsa.gov/selinux/archives/%{name}-%{version}.tgz
 Patch: checkpolicy-rhat.patch
+Patch2: checkpolicy-filesystem.patch

 BuildRoot: %{_tmppath}/%{name}-buildroot
-BuildRequires: byacc bison flex libsepol-static >= %{libsepolver} libselinux-devel
+BuildRequires: byacc bison flex flex-static libsepol-static >= %{libsepolver} libselinux-devel

 %description
 Security-enhanced Linux is a feature of the Linux® kernel and a number
@ -28,6 +29,7 @@ Only required for building policies.
 %prep
 %setup -q
 %patch -p1 -b .rhat
+%patch2 -p2 -b .filesystem

 %build
 make clean
@ -55,6 +57,18 @@ rm -rf ${RPM_BUILD_ROOT}
 %{_bindir}/sedispol

 %changelog
+* Wed Jan 12 2011 Dan Walsh <dwalsh@redhat.com> - 2.0.23-2
+- Add James Carters Patch
+  *This patch is needed because some filesystem names (such as 9p) start
+  with a digit.
+
+* Tue Dec 21 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.23-1
+- Latest update from NSA
+  * Remove unused variables to fix compliation under GCC 4.6 by Justin Mattock
+
+* Wed Dec 8 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-2
+- Rebuild to make sure it will build in Fedora 
+
 * Mon Jun 16 2010 Dan Walsh <dwalsh@redhat.com> - 2.0.22-1
 - Latest update from NSA
 	* Update checkmodule man page and usage by Daniel Walsh and Steve Lawrence
--- a/2
+++ b/2
@ -1 +1 @@
-b144f4049d87a32027e29d11a144427b  checkpolicy-2.0.22.tgz
+19a9e3593b88aaddddba288070351e2e  checkpolicy-2.0.23.tgz
Author	SHA1	Message	Date
Dan Walsh	321be5db13	- Add James Carters Patch *This patch is needed because some filesystem names (such as 9p) start with a digit.	2011-01-12 16:55:45 -05:00
Dan Walsh	cfd54c73b4	- Add James Carters Patch *This patch is needed because some filesystem names (such as 9p) start with a digit.	2011-01-12 16:50:32 -05:00