d/patches: cherry-pick upstream fixes
Christian Göttsche
1 year, 1 month ago
0 | From: Daniel Burgener <dburgener@linux.microsoft.com> | |
1 | Date: Thu, 16 Mar 2023 15:41:34 -0400 | |
2 | Subject: Clean up message for W-11 so that it's clearer. | |
3 | Applied-Upstream: https://github.com/SELinuxProject/selint/commit/cf48b46eba1825b97a76d09c01de2986c9c08bd6 | |
4 | ||
5 | The type is "required" at the point of the message, not "declared", and | |
6 | "own module" sounds like "the module declaring the type", but we mean | |
7 | the module where the interface is. | |
8 | --- | |
9 | src/if_checks.c | 4 ++-- | |
10 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
11 | ||
12 | diff --git a/src/if_checks.c b/src/if_checks.c | |
13 | index 414ec65..d49ce16 100644 | |
14 | --- a/src/if_checks.c | |
15 | +++ b/src/if_checks.c | |
16 | @@ -504,7 +504,7 @@ struct check_result *check_required_declaration_own(const struct | |
17 | if (!modname_orig_decl) { | |
18 | return make_check_result('W', | |
19 | W_ID_IF_DECL_NOT_OWN, | |
20 | - "Definition of declared %s %s not found in any module", | |
21 | + "Definition of required %s %s not found in any module", | |
22 | decl_flavor_to_string(flavor), | |
23 | name); | |
24 | } | |
25 | @@ -520,7 +520,7 @@ struct check_result *check_required_declaration_own(const struct | |
26 | ||
27 | return make_check_result('W', | |
28 | W_ID_IF_DECL_NOT_OWN, | |
29 | - "Definition of declared %s %s not found in own module, but in module %s", | |
30 | + "Definition of required %s %s not found in this interface's module, but in module %s", | |
31 | decl_flavor_to_string(flavor), | |
32 | name, | |
33 | modname_orig_decl); |
0 | From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | |
1 | Date: Mon, 20 Mar 2023 14:28:30 +0100 | |
2 | Subject: Allow forward slash in quoted string token | |
3 | Applied-Upstream: https://github.com/SELinuxProject/selint/commit/5aa17d1f645264285bc4e1a27651ff5b83429dc6 | |
4 | ||
5 | Needed for genfscon partial paths. | |
6 | --- | |
7 | src/lex.l | 2 +- | |
8 | 1 file changed, 1 insertion(+), 1 deletion(-) | |
9 | ||
10 | diff --git a/src/lex.l b/src/lex.l | |
11 | index aaa1519..6d18611 100644 | |
12 | --- a/src/lex.l | |
13 | +++ b/src/lex.l | |
14 | @@ -157,7 +157,7 @@ userdebug_or_eng { return USERDEBUG_OR_ENG; } | |
15 | [0-9a-zA-Z\$\/][a-zA-Z0-9_\$\*\/\-]* { yylval->string = xstrdup(yytext); return NUM_STRING; } | |
16 | [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} { yylval->string = xstrdup(yytext); return IPV4; } | |
17 | ([0-9A-Fa-f]{1,4})?\:([0-9A-Fa-f\:])*\:([0-9A-Fa-f]{1,4})?(\:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})? { yylval->string = xstrdup(yytext); return IPV6; } | |
18 | -\"[a-zA-Z0-9_\.\-\:~\$\[\]]*\" { yylval->string = xstrdup(yytext); return QUOTED_STRING; } | |
19 | +\"[a-zA-Z0-9_\.\-\:~\$\[\]\/]*\" { yylval->string = xstrdup(yytext); return QUOTED_STRING; } | |
20 | \-[\-ldbcsp][ \t] { return FILE_TYPE_SPECIFIER; } | |
21 | \( { return OPEN_PAREN; } | |
22 | \) { return CLOSE_PAREN; } |
0 | From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com> | |
1 | Date: Mon, 20 Mar 2023 14:29:09 +0100 | |
2 | Subject: Support genfscon partial paths to be a quoted string | |
3 | Applied-Upstream: https://github.com/SELinuxProject/selint/commit/20ef6ffbefb85e371f3ec9c173086f2491f0b991 | |
4 | ||
5 | Required if the path contains a dot. | |
6 | --- | |
7 | src/parse.y | 15 ++++++++++----- | |
8 | tests/sample_policy_files/uncommon.te | 1 + | |
9 | 2 files changed, 11 insertions(+), 5 deletions(-) | |
10 | ||
11 | diff --git a/src/parse.y b/src/parse.y | |
12 | index 6f15d13..0fb9c30 100644 | |
13 | --- a/src/parse.y | |
14 | +++ b/src/parse.y | |
15 | @@ -178,6 +178,7 @@ | |
16 | %type<sl> xperm_items | |
17 | %type<sl> spt_contents | |
18 | %type<sl> spt_content | |
19 | +%type<string> string_or_quoted_string | |
20 | %type<string> sl_item | |
21 | %type<string> xperm_item | |
22 | %type<sl> arg_list | |
23 | @@ -484,16 +485,20 @@ strings: | |
24 | sl_item { $$ = sl_from_str_consume($1); } | |
25 | ; | |
26 | ||
27 | -sl_item: | |
28 | +string_or_quoted_string: | |
29 | STRING | |
30 | | | |
31 | + QUOTED_STRING | |
32 | + ; | |
33 | + | |
34 | +sl_item: | |
35 | + string_or_quoted_string | |
36 | + | | |
37 | DASH STRING { $$ = xmalloc(sizeof(char) * (strlen($2) + 2)); | |
38 | $$[0] = '-'; | |
39 | $$[1] = '\0'; | |
40 | strcat($$, $2); | |
41 | free($2);} | |
42 | - | | |
43 | - QUOTED_STRING | |
44 | ; | |
45 | ||
46 | comma_string_list: | |
47 | @@ -869,9 +874,9 @@ tunable_block: | |
48 | ; | |
49 | ||
50 | genfscon: | |
51 | - GENFSCON STRING STRING genfscon_context { free($2); free($3); } | |
52 | + GENFSCON STRING string_or_quoted_string genfscon_context { free($2); free($3); } | |
53 | | | |
54 | - GENFSCON NUM_STRING STRING genfscon_context { free($2); free($3); } | |
55 | + GENFSCON NUM_STRING string_or_quoted_string genfscon_context { free($2); free($3); } | |
56 | ; | |
57 | ||
58 | genfscon_context: | |
59 | diff --git a/tests/sample_policy_files/uncommon.te b/tests/sample_policy_files/uncommon.te | |
60 | index b437cd4..0131ffc 100644 | |
61 | --- a/tests/sample_policy_files/uncommon.te | |
62 | +++ b/tests/sample_policy_files/uncommon.te | |
63 | @@ -20,6 +20,7 @@ portcon udp 7007 gen_context(system_u:object_r:afs_bos_port_t,s0,s1:c0.c225) | |
64 | portcon udp 7007-7008 gen_context(system_u:object_r:afs_bos_port_t,s0) | |
65 | fs_use_trans devtmpfs gen_context(system_u:object_r:device_t,s0); | |
66 | genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0) | |
67 | +genfscon cgroup "/system.slice" -d gen_context(system_u:object_r:cgroup_system_slice_t,s0) | |
68 | fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0); | |
69 | fs_use_task eventpollfs gen_context(system_u:object_r:fs_t,s0); | |
70 |