patch: disallow policy from declaring the type 'self'

Recently we noticed that one may declare a type named "self". The following patch disallows the policy from doing this. checkpolicy/checkmodule will treat "self" as a reserved word.

NOTE: This patch in no way affects the use of "self" as the target within AV rules.

• module_compiler.c 2005-07-06 13:46:23.000000000 -0400 +++ module_compiler.c-new 2005-08-05 11:47:12.000000000 -0400 @@ -262,6 +262,10 @@ type_datum_t *declare_type(unsigned char yyerror("no type/attribute name?"); return NULL; }
  + if (strcmp(id, "self") == 0) {
  + yyerror("'self' is a reserved type name and may not be
  declared.");
  + return NULL;
  + }
  

 	typdatum = (type_datum_t *) malloc(sizeof(type_datum_t));
 	if (!typdatum) {

-- 
Jason Tang / jtang@tresys.com


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.