Codebase list selint / 930df81
d/patches: cherry-pick upstream fixes Christian Göttsche 1 year, 1 month ago
4 changed file(s) with 131 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+34
-0
debian/patches/0002-Clean-up-message-for-W-11-so-that-it-s-clearer.patch less more
0 From: Daniel Burgener <dburgener@linux.microsoft.com>
1 Date: Thu, 16 Mar 2023 15:41:34 -0400
2 Subject: Clean up message for W-11 so that it's clearer.
3 Applied-Upstream: https://github.com/SELinuxProject/selint/commit/cf48b46eba1825b97a76d09c01de2986c9c08bd6
4
5 The type is "required" at the point of the message, not "declared", and
6 "own module" sounds like "the module declaring the type", but we mean
7 the module where the interface is.
8 ---
9 src/if_checks.c | 4 ++--
10 1 file changed, 2 insertions(+), 2 deletions(-)
11
12 diff --git a/src/if_checks.c b/src/if_checks.c
13 index 414ec65..d49ce16 100644
14 --- a/src/if_checks.c
15 +++ b/src/if_checks.c
16 @@ -504,7 +504,7 @@ struct check_result *check_required_declaration_own(const struct
17 if (!modname_orig_decl) {
18 return make_check_result('W',
19 W_ID_IF_DECL_NOT_OWN,
20 - "Definition of declared %s %s not found in any module",
21 + "Definition of required %s %s not found in any module",
22 decl_flavor_to_string(flavor),
23 name);
24 }
25 @@ -520,7 +520,7 @@ struct check_result *check_required_declaration_own(const struct
26
27 return make_check_result('W',
28 W_ID_IF_DECL_NOT_OWN,
29 - "Definition of declared %s %s not found in own module, but in module %s",
30 + "Definition of required %s %s not found in this interface's module, but in module %s",
31 decl_flavor_to_string(flavor),
32 name,
33 modname_orig_decl);
+23
-0
debian/patches/0003-Allow-forward-slash-in-quoted-string-token.patch less more
0 From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
1 Date: Mon, 20 Mar 2023 14:28:30 +0100
2 Subject: Allow forward slash in quoted string token
3 Applied-Upstream: https://github.com/SELinuxProject/selint/commit/5aa17d1f645264285bc4e1a27651ff5b83429dc6
4
5 Needed for genfscon partial paths.
6 ---
7 src/lex.l | 2 +-
8 1 file changed, 1 insertion(+), 1 deletion(-)
9
10 diff --git a/src/lex.l b/src/lex.l
11 index aaa1519..6d18611 100644
12 --- a/src/lex.l
13 +++ b/src/lex.l
14 @@ -157,7 +157,7 @@ userdebug_or_eng { return USERDEBUG_OR_ENG; }
15 [0-9a-zA-Z\$\/][a-zA-Z0-9_\$\*\/\-]* { yylval->string = xstrdup(yytext); return NUM_STRING; }
16 [0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3} { yylval->string = xstrdup(yytext); return IPV4; }
17 ([0-9A-Fa-f]{1,4})?\:([0-9A-Fa-f\:])*\:([0-9A-Fa-f]{1,4})?(\:[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})? { yylval->string = xstrdup(yytext); return IPV6; }
18 -\"[a-zA-Z0-9_\.\-\:~\$\[\]]*\" { yylval->string = xstrdup(yytext); return QUOTED_STRING; }
19 +\"[a-zA-Z0-9_\.\-\:~\$\[\]\/]*\" { yylval->string = xstrdup(yytext); return QUOTED_STRING; }
20 \-[\-ldbcsp][ \t] { return FILE_TYPE_SPECIFIER; }
21 \( { return OPEN_PAREN; }
22 \) { return CLOSE_PAREN; }
+71
-0
debian/patches/0004-Support-genfscon-partial-paths-to-be-a-quoted-string.patch less more
0 From: =?utf-8?q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
1 Date: Mon, 20 Mar 2023 14:29:09 +0100
2 Subject: Support genfscon partial paths to be a quoted string
3 Applied-Upstream: https://github.com/SELinuxProject/selint/commit/20ef6ffbefb85e371f3ec9c173086f2491f0b991
4
5 Required if the path contains a dot.
6 ---
7 src/parse.y | 15 ++++++++++-----
8 tests/sample_policy_files/uncommon.te | 1 +
9 2 files changed, 11 insertions(+), 5 deletions(-)
10
11 diff --git a/src/parse.y b/src/parse.y
12 index 6f15d13..0fb9c30 100644
13 --- a/src/parse.y
14 +++ b/src/parse.y
15 @@ -178,6 +178,7 @@
16 %type<sl> xperm_items
17 %type<sl> spt_contents
18 %type<sl> spt_content
19 +%type<string> string_or_quoted_string
20 %type<string> sl_item
21 %type<string> xperm_item
22 %type<sl> arg_list
23 @@ -484,16 +485,20 @@ strings:
24 sl_item { $$ = sl_from_str_consume($1); }
25 ;
26
27 -sl_item:
28 +string_or_quoted_string:
29 STRING
30 |
31 + QUOTED_STRING
32 + ;
33 +
34 +sl_item:
35 + string_or_quoted_string
36 + |
37 DASH STRING { $$ = xmalloc(sizeof(char) * (strlen($2) + 2));
38 $$[0] = '-';
39 $$[1] = '\0';
40 strcat($$, $2);
41 free($2);}
42 - |
43 - QUOTED_STRING
44 ;
45
46 comma_string_list:
47 @@ -869,9 +874,9 @@ tunable_block:
48 ;
49
50 genfscon:
51 - GENFSCON STRING STRING genfscon_context { free($2); free($3); }
52 + GENFSCON STRING string_or_quoted_string genfscon_context { free($2); free($3); }
53 |
54 - GENFSCON NUM_STRING STRING genfscon_context { free($2); free($3); }
55 + GENFSCON NUM_STRING string_or_quoted_string genfscon_context { free($2); free($3); }
56 ;
57
58 genfscon_context:
59 diff --git a/tests/sample_policy_files/uncommon.te b/tests/sample_policy_files/uncommon.te
60 index b437cd4..0131ffc 100644
61 --- a/tests/sample_policy_files/uncommon.te
62 +++ b/tests/sample_policy_files/uncommon.te
63 @@ -20,6 +20,7 @@ portcon udp 7007 gen_context(system_u:object_r:afs_bos_port_t,s0,s1:c0.c225)
64 portcon udp 7007-7008 gen_context(system_u:object_r:afs_bos_port_t,s0)
65 fs_use_trans devtmpfs gen_context(system_u:object_r:device_t,s0);
66 genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
67 +genfscon cgroup "/system.slice" -d gen_context(system_u:object_r:cgroup_system_slice_t,s0)
68 fs_use_xattr btrfs gen_context(system_u:object_r:fs_t,s0);
69 fs_use_task eventpollfs gen_context(system_u:object_r:fs_t,s0);
70
+3
-0
debian/patches/series less more
00 0001-tests-skip-valgrind-tests-if-valgrind-is-not-availab.patch
1 0002-Clean-up-message-for-W-11-so-that-it-s-clearer.patch
2 0003-Allow-forward-slash-in-quoted-string-token.patch
3 0004-Support-genfscon-partial-paths-to-be-a-quoted-string.patch