From owner-p4-projects@FreeBSD.ORG Thu Jan 25 15:12:43 2007 Return-Path: X-Original-To: p4-projects@freebsd.org Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id 2314316A405; Thu, 25 Jan 2007 15:12:43 +0000 (UTC) X-Original-To: perforce@freebsd.org Delivered-To: perforce@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 019DA16A400 for ; Thu, 25 Jan 2007 15:12:43 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (repoman.freebsd.org [69.147.83.41]) by mx1.freebsd.org (Postfix) with ESMTP id E5E5C13C455 for ; Thu, 25 Jan 2007 15:12:42 +0000 (UTC) (envelope-from millert@freebsd.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.6/8.13.6) with ESMTP id l0PFCgeS054103 for ; Thu, 25 Jan 2007 15:12:42 GMT (envelope-from millert@freebsd.org) Received: (from perforce@localhost) by repoman.freebsd.org (8.13.6/8.13.4/Submit) id l0PFCgYG054097 for perforce@freebsd.org; Thu, 25 Jan 2007 15:12:42 GMT (envelope-from millert@freebsd.org) Date: Thu, 25 Jan 2007 15:12:42 GMT Message-Id: <200701251512.l0PFCgYG054097@repoman.freebsd.org> X-Authentication-Warning: repoman.freebsd.org: perforce set sender to millert@freebsd.org using -f From: Todd Miller To: Perforce Change Reviews Cc: Subject: PERFORCE change 113509 for review X-BeenThere: p4-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: p4 projects tree changes List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Jan 2007 15:12:43 -0000 http://perforce.freebsd.org/chv.cgi?CH=113509 Change 113509 by millert@millert_macbook on 2007/01/25 15:12:01 Update to checkpolicy-1.34.0 from the NSA web site. Affected files ... .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/ChangeLog#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/VERSION#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/policy_parse.y#5 edit .. //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/policy_scan.l#3 edit Differences ... ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/ChangeLog#5 (text+ko) ==== @@ -1,3 +1,9 @@ +1.34.0 2007-01-18 + * Updated version for stable branch. + +1.33.1 2006-11-13 + * Collapse user identifiers and identifiers together. + 1.32 2006-10-17 * Updated version for release. ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/VERSION#5 (text+ko) ==== @@ -1,1 +1,1 @@ -1.32 +1.34.0 ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/policy_parse.y#5 (text+ko) ==== @@ -190,7 +190,6 @@ %token NOT AND OR XOR %token CTRUE CFALSE %token IDENTIFIER -%token USER_IDENTIFIER %token NUMBER %token EQUALS %token NOTEQUAL @@ -522,13 +521,13 @@ | T1 op T2 { $$ = define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2); if ($$ == 0) return -1; } - | U1 op { if (insert_separator(1)) return -1; } user_names_push + | U1 op { if (insert_separator(1)) return -1; } names_push { $$ = define_cexpr(CEXPR_NAMES, CEXPR_USER, $2); if ($$ == 0) return -1; } - | U2 op { if (insert_separator(1)) return -1; } user_names_push + | U2 op { if (insert_separator(1)) return -1; } names_push { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_TARGET), $2); if ($$ == 0) return -1; } - | U3 op { if (insert_separator(1)) return -1; } user_names_push + | U3 op { if (insert_separator(1)) return -1; } names_push { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_XTARGET), $2); if ($$ == 0) return -1; } | R1 op { if (insert_separator(1)) return -1; } names_push @@ -603,10 +602,7 @@ users : user_def | users user_def ; -user_id : identifier - | user_identifier - ; -user_def : USER user_id ROLES names opt_mls_user ';' +user_def : USER identifier ROLES names opt_mls_user ';' {if (define_user()) return -1;} ; opt_mls_user : LEVEL mls_level_def RANGE mls_range_def @@ -698,7 +694,7 @@ $$ = addr; } ; -security_context_def : user_id ':' identifier ':' identifier opt_mls_range_def +security_context_def : identifier ':' identifier ':' identifier opt_mls_range_def ; opt_mls_range_def : ':' mls_range_def | @@ -766,23 +762,6 @@ identifier : IDENTIFIER { if (insert_id(yytext,0)) return -1; } ; -user_identifier : USER_IDENTIFIER - { if (insert_id(yytext,0)) return -1; } - ; -user_identifier_push : USER_IDENTIFIER - { if (insert_id(yytext, 1)) return -1; } - ; -user_identifier_list_push : user_identifier_push - | identifier_list_push user_identifier_push - | user_identifier_list_push identifier_push - | user_identifier_list_push user_identifier_push - ; -user_names_push : names_push - | user_identifier_push - | '{' user_identifier_list_push '}' - | tilde_push user_identifier_push - | tilde_push '{' user_identifier_list_push '}' - ; path : PATH { if (insert_id(yytext,0)) return -1; } ; ==== //depot/projects/trustedbsd/sedarwin8/policies/sedarwin/programs/checkpolicy/policy_scan.l#3 (text+ko) ==== @@ -200,12 +200,11 @@ h2 | H2 { return(H2); } "/"({letter}|{digit}|_|"."|"-"|"/")* { return(PATH); } -{letter}({letter}|{digit}|_|".")* { if (is_valid_identifier(yytext)) +{letter}({letter}|{digit}|_|"."|"-")* { if (is_valid_identifier(yytext)) return(IDENTIFIER); else REJECT; } -{letter}({letter}|{digit}|_|"."|"-")* { return(USER_IDENTIFIER); } {digit}{digit}* { return(NUMBER); } {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|":"|".")* { return(IPV6_ADDR); } {version}/([ \t\f]*;) { return(VERSION_IDENTIFIER); }