diff options
| author |   Chris PeBenito <pebenito@gentoo.org> | 2004-01-17 19:04:10 +0000 |
|---|---|---|
| committer | Chris PeBenito <pebenito@gentoo.org> | 2004-01-17 19:04:10 +0000 |
| commit | d62a474c021f37b46d70aa78c3b7450062866f88 (patch) | |
| tree | b6f0fe953c67675d39b00520606bc0a15dc8d401 /sys-apps/checkpolicy | |
| parent | resolv.conf permissions again, took method from debian (diff) | |
| download | gentoo-2-d62a474c021f37b46d70aa78c3b7450062866f88.tar.gz gentoo-2-d62a474c021f37b46d70aa78c3b7450062866f88.tar.bz2 gentoo-2-d62a474c021f37b46d70aa78c3b7450062866f88.zip | |
Add patch to exclude types in TE rules
Diffstat (limited to 'sys-apps/checkpolicy')
| -rw-r--r-- | sys-apps/checkpolicy/ChangeLog | 10 | ||||
| -rw-r--r-- | sys-apps/checkpolicy/checkpolicy-1.4-r1.ebuild | 36 | ||||
| -rw-r--r-- | sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff | 82 | ||||
| -rw-r--r-- | sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 | 1 |
4 files changed, 127 insertions, 2 deletions
diff --git a/sys-apps/checkpolicy/ChangeLog b/sys-apps/checkpolicy/ChangeLog index 8a4190671d79..5f3042abd2db 100644 --- a/sys-apps/checkpolicy/ChangeLog +++ b/sys-apps/checkpolicy/ChangeLog @@ -1,6 +1,12 @@ # ChangeLog for sys-apps/checkpolicy -# Copyright 2000-2003 Gentoo Technologies, Inc.; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-apps/checkpolicy/ChangeLog,v 1.11 2003/12/16 20:36:36 pebenito Exp $ +# Copyright 2000-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/checkpolicy/ChangeLog,v 1.12 2004/01/17 19:04:09 pebenito Exp $ + +*checkpolicy-1.4-r1 (17 Jan 2004) + + 17 Jan 2004; Chris PeBenito <pebenito@gentoo.org> checkpolicy-1.4-r1.ebuild, + files/checkpolicy-1.4-negset.diff: + Add patch to exclude types in TE rules. 16 Dec 2003; Chris PeBenito <pebenito@gentoo.org> checkpolicy-1.4.ebuild: Mark stable. diff --git a/sys-apps/checkpolicy/checkpolicy-1.4-r1.ebuild b/sys-apps/checkpolicy/checkpolicy-1.4-r1.ebuild new file mode 100644 index 000000000000..6ea06ec94441 --- /dev/null +++ b/sys-apps/checkpolicy/checkpolicy-1.4-r1.ebuild @@ -0,0 +1,36 @@ +# Copyright 1999-2004 Gentoo Technologies, Inc. +# Distributed under the terms of the GNU General Public License v2 +# $Header: /var/cvsroot/gentoo-x86/sys-apps/checkpolicy/checkpolicy-1.4-r1.ebuild,v 1.1 2004/01/17 19:04:10 pebenito Exp $ + +IUSE="" + +DESCRIPTION="SELinux policy compiler" +HOMEPAGE="http://www.nsa.gov/selinux" +SRC_URI="http://www.nsa.gov/selinux/archives/${P}.tgz" +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~x86 ~ppc ~sparc" + +DEPEND="sys-devel/flex + sys-devel/bison" + +RDEPEND="sec-policy/selinux-base-policy" + +S=${WORKDIR}/${P} + +src_unpack() { + unpack ${A} + + cd ${S} + epatch ${FILESDIR}/checkpolicy-1.4-negset.diff + sed -i -e "s:-Wall:-Wall ${CFLAGS}:g" Makefile +} + +src_compile() { + cd ${S} + emake YACC="bison -y" || die +} + +src_install() { + make DESTDIR="${D}" install +} diff --git a/sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff b/sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff new file mode 100644 index 000000000000..f0cf8157cf50 --- /dev/null +++ b/sys-apps/checkpolicy/files/checkpolicy-1.4-negset.diff @@ -0,0 +1,82 @@ +diff -ruN checkpolicy.old/policy_parse.y checkpolicy/policy_parse.y +--- checkpolicy.old/policy_parse.y 2003-10-15 07:15:18.431551648 -0400 ++++ checkpolicy/policy_parse.y 2003-10-15 07:19:00.550784392 -0400 +@@ -1,6 +1,10 @@ + + /* + * Author : Stephen Smalley, <sds@epoch.ncsc.mil> ++ * ++ * Modified October 14, 2003 David Caplan, <dac@tresys.com> ++ * - allow exclusion of types and attributes in type/attribute lists ++ * + */ + + /* FLASK */ +@@ -1660,6 +1664,7 @@ + { + type_datum_t *t; + unsigned int i; ++ int add = TRUE; + + if (strcmp(id, "*") == 0) { + /* set all types */ +@@ -1674,14 +1679,27 @@ + for (i = 0; i < policydbp->p_types.nprim; i++) { + if (ebitmap_get_bit(set, i)) + ebitmap_set_bit(set, i, FALSE); +- else ++ else + ebitmap_set_bit(set, i, TRUE); + } + free(id); + return 0; + } + +- t = hashtab_search(policydbp->p_types.table, id); ++ /* see if we want to exclude type/attribute */ ++ if (id[0] == '-') { ++ if (strlen(id) == 1) { ++ sprintf(errormsg, "illegal identifier %s", id); ++ yyerror(errormsg); ++ free(id); ++ return -1; ++ } ++ add = FALSE; ++ t = hashtab_search(policydbp->p_types.table, id+1); ++ } else { ++ t = hashtab_search(policydbp->p_types.table, id); ++ } ++ + if (!t) { + sprintf(errormsg, "unknown type %s", id); + yyerror(errormsg); +@@ -1693,12 +1711,13 @@ + /* set all types with this attribute */ + for (i = ebitmap_startbit(&t->types); i < ebitmap_length(&t->types); i++) { + if (!ebitmap_get_bit(&t->types, i)) +- continue; +- ebitmap_set_bit(set, i, TRUE); ++ continue; ++ /* set or clear bit depending on add */ ++ ebitmap_set_bit(set, i, add); + } + } else { +- /* set one type */ +- ebitmap_set_bit(set, t->value - 1, TRUE); ++ /* set or clear (depending on add) one type */ ++ ebitmap_set_bit(set, t->value - 1, add); + } + + free(id); +diff -ruN checkpolicy.old/policy_scan.l checkpolicy/policy_scan.l +--- checkpolicy.old/policy_scan.l 2003-10-15 07:15:18.426552408 -0400 ++++ checkpolicy/policy_scan.l 2003-10-15 07:10:39.149009048 -0400 +@@ -127,7 +127,7 @@ + t2 | + T2 { return(T2); } + "/"({letter}|{digit}|_|"."|"-"|"/")* { return(PATH); } +-{letter}({letter}|{digit}|_)* { return(IDENTIFIER); } ++({letter}|"-")({letter}|{digit}|_)* { return(IDENTIFIER); } + {letter}({letter}|{digit}|_|"."|"-")* { return(USER_IDENTIFIER); } + {digit}{digit}* { return(NUMBER); } + #[^\n]* { /* delete comments */ } diff --git a/sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 b/sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 new file mode 100644 index 000000000000..e7d618ba2532 --- /dev/null +++ b/sys-apps/checkpolicy/files/digest-checkpolicy-1.4-r1 @@ -0,0 +1 @@ +MD5 126851036aba68c53a115f32758d6e38 checkpolicy-1.4.tgz 68703 |