18c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 28c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 38c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 48c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 58c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 68c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 78c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 88c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 98c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Support for enhanced MLS infrastructure. 108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: David Caplan, <dac@tresys.com> 128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Added conditional policy language extensions 148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: Joshua Brindle <jbrindle@tresys.com> 168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Karl MacMillan <kmacmillan@mentalrootkit.com> 178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Jason Tang <jtang@tresys.com> 188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Added support for binary policy modules 208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2003 - 2008 Tresys Technology, LLC 238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2007 Red Hat Inc. 248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * This program is free software; you can redistribute it and/or modify 258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * it under the terms of the GNU General Public License as published by 268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the Free Software Foundation, version 2. 278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* FLASK */ 308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%{ 328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/types.h> 338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <assert.h> 348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdarg.h> 358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdint.h> 368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdio.h> 378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdlib.h> 388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <string.h> 398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/socket.h> 408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <netinet/in.h> 418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <arpa/inet.h> 428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdlib.h> 438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/expand.h> 458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/policydb.h> 468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/services.h> 478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/conditional.h> 488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/flask.h> 498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/hierarchy.h> 508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/polcaps.h> 518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "queue.h" 528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "checkpolicy.h" 538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "module_compiler.h" 548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "policy_define.h" 558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern policydb_t *policydbp; 578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern unsigned int pass; 588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern char yytext[]; 608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int yylex(void); 618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int yywarn(char *msg); 628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int yyerror(char *msg); 638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypedef int (* require_func_t)(); 658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%} 678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%union { 698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int val; 708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android uintptr_t valptr; 718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android void *ptr; 728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android require_func_t require_func; 738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> cond_expr cond_expr_prim cond_pol_list cond_else 768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> cond_allow_def cond_auditallow_def cond_auditdeny_def cond_dontaudit_def 778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> cond_transition_def cond_te_avtab_def cond_rule_def 788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> role_def roles 798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <valptr> cexpr cexpr_prim op role_mls_op 808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <val> ipv4_addr_def number 818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <require_func> require_decl_def 828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token PATH 848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FILENAME 858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CLONE 868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token COMMON 878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CLASS 888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CONSTRAIN 898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token VALIDATETRANS 908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token INHERITS 918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SID 928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLE 938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLEATTRIBUTE 948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ATTRIBUTE_ROLE 958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLES 968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPEALIAS 978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPEATTRIBUTE 988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPEBOUNDS 998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE 1008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPES 1018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ALIAS 1028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ATTRIBUTE 1038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token BOOL 104cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley%token TUNABLE 1058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IF 1068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ELSE 1078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE_TRANSITION 1088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE_MEMBER 1098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE_CHANGE 1108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLE_TRANSITION 1118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token RANGE_TRANSITION 1128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SENSITIVITY 1138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token DOMINANCE 1148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token DOM DOMBY INCOMP 1158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CATEGORY 1168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token LEVEL 1178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token RANGE 1188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token MLSCONSTRAIN 1198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token MLSVALIDATETRANS 1208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token USER 1218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NEVERALLOW 1228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ALLOW 1238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token AUDITALLOW 1248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token AUDITDENY 1258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token DONTAUDIT 1268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SOURCE 1278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TARGET 1288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SAMEUSER 1298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FSCON PORTCON NETIFCON NODECON 1308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token PIRQCON IOMEMCON IOPORTCON PCIDEVICECON 1318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FSUSEXATTR FSUSETASK FSUSETRANS 1328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token GENFSCON 1338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token U1 U2 U3 R1 R2 R3 T1 T2 T3 L1 L2 H1 H2 1348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NOT AND OR XOR 1358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CTRUE CFALSE 1368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IDENTIFIER 1378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NUMBER 1388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token EQUALS 1398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NOTEQUAL 1408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IPV4_ADDR 1418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IPV6_ADDR 1428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL 1438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token POLICYCAP 1448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token PERMISSIVE 1458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FILESYSTEM 146968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE 147ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley%token LOW_HIGH LOW HIGH 1488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left OR 1508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left XOR 1518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left AND 1528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%right NOT 1538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left EQUALS NOTEQUAL 1548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%% 1558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpolicy : base_policy 1568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | module_policy 1578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidbase_policy : { if (define_policy(pass, 0) == -1) return -1; } 1598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android classes initial_sids access_vectors 1608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; } 1618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }} 162ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley opt_default_rules opt_mls te_rbac users opt_constraints 1638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;} 1648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}} 1658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts 1668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidclasses : class_def 1688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | classes class_def 1698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidclass_def : CLASS identifier 1718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_class()) return -1;} 1728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sids : initial_sid_def 1748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | initial_sids initial_sid_def 1758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sid_def : SID identifier 1778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_initial_sid()) return -1;} 1788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidaccess_vectors : opt_common_perms av_perms 1808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_common_perms : common_perms 1828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 1838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcommon_perms : common_perms_def 1858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | common_perms common_perms_def 1868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcommon_perms_def : COMMON identifier '{' identifier_list '}' 1888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_common_perms()) return -1;} 1898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidav_perms : av_perms_def 1918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | av_perms av_perms_def 1928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidav_perms_def : CLASS identifier '{' identifier_list '}' 1948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_av_perms(FALSE)) return -1;} 1958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CLASS identifier INHERITS identifier 1968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_av_perms(TRUE)) return -1;} 1978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CLASS identifier INHERITS identifier '{' identifier_list '}' 1988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_av_perms(TRUE)) return -1;} 1998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 200ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalleyopt_default_rules : default_rules 201ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | 202ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley ; 203ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalleydefault_rules : default_user_def 204ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | default_role_def 205968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley | default_type_def 206ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | default_range_def 207ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | default_rules default_user_def 208ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | default_rules default_role_def 209968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley | default_rules default_type_def 210ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | default_rules default_range_def 211ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley ; 212ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalleydefault_user_def : DEFAULT_USER names SOURCE ';' 213ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_user(DEFAULT_SOURCE)) return -1; } 214ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | DEFAULT_USER names TARGET ';' 215ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_user(DEFAULT_TARGET)) return -1; } 216ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley ; 217ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalleydefault_role_def : DEFAULT_ROLE names SOURCE ';' 218ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_role(DEFAULT_SOURCE)) return -1; } 219ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | DEFAULT_ROLE names TARGET ';' 220ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_role(DEFAULT_TARGET)) return -1; } 221ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley ; 222968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalleydefault_type_def : DEFAULT_TYPE names SOURCE ';' 223968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley {if (define_default_type(DEFAULT_SOURCE)) return -1; } 224968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley | DEFAULT_TYPE names TARGET ';' 225968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley {if (define_default_type(DEFAULT_TARGET)) return -1; } 226968aed00ed981987cf96dcfd7640e6dcde5c03a0Stephen Smalley ; 227ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalleydefault_range_def : DEFAULT_RANGE names SOURCE LOW ';' 228ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_range(DEFAULT_SOURCE_LOW)) return -1; } 229ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | DEFAULT_RANGE names SOURCE HIGH ';' 230ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_range(DEFAULT_SOURCE_HIGH)) return -1; } 231ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | DEFAULT_RANGE names SOURCE LOW_HIGH ';' 232ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_range(DEFAULT_SOURCE_LOW_HIGH)) return -1; } 233ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | DEFAULT_RANGE names TARGET LOW ';' 234ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_range(DEFAULT_TARGET_LOW)) return -1; } 235ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | DEFAULT_RANGE names TARGET HIGH ';' 236ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_range(DEFAULT_TARGET_HIGH)) return -1; } 237ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley | DEFAULT_RANGE names TARGET LOW_HIGH ';' 238ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley {if (define_default_range(DEFAULT_TARGET_LOW_HIGH)) return -1; } 239ba8e9924f575e267f1503b7669fe3120d68d4e1fStephen Smalley ; 2408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_mls : mls 2418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 2428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmls : sensitivities dominance opt_categories levels mlspolicy 2448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidsensitivities : sensitivity_def 2468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | sensitivities sensitivity_def 2478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidsensitivity_def : SENSITIVITY identifier alias_def ';' 2498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_sens()) return -1;} 2508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SENSITIVITY identifier ';' 2518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_sens()) return -1;} 2528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidalias_def : ALIAS names 2548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddominance : DOMINANCE identifier 2568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_dominance()) return -1;} 2578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | DOMINANCE '{' identifier_list '}' 2588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_dominance()) return -1;} 2598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_categories : categories 2618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 2628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcategories : category_def 2648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | categories category_def 2658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcategory_def : CATEGORY identifier alias_def ';' 2678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_category()) return -1;} 2688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CATEGORY identifier ';' 2698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_category()) return -1;} 2708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidlevels : level_def 2728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | levels level_def 2738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidlevel_def : LEVEL identifier ':' id_comma_list ';' 2758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_level()) return -1;} 2768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | LEVEL identifier ';' 2778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_level()) return -1;} 2788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlspolicy : mlspolicy_decl 2808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | mlspolicy mlspolicy_decl 2818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlspolicy_decl : mlsconstraint_def 2838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | mlsvalidatetrans_def 2848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlsconstraint_def : MLSCONSTRAIN names names cexpr ';' 2868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_constraint((constraint_expr_t*)$4)) return -1; } 2878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlsvalidatetrans_def : MLSVALIDATETRANS names cexpr ';' 2898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 2908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_rbac : te_rbac_decl 2928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | te_rbac te_rbac_decl 2938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_rbac_decl : te_decl 2958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | rbac_decl 2968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_stmt_def 2978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | optional_block 2988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | policycap_def 2998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ';' 3008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrbac_decl : attribute_role_def 3028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_type_def 3038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_dominance 3048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_trans_def 3058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_allow_def 3068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | roleattribute_def 3078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_attr_def 3088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_decl : attribute_def 3108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | type_def 3118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | typealias_def 3128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | typeattribute_def 3138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | typebounds_def 3148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | bool_def 315cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley | tunable_def 3168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | transition_def 3178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | range_trans_def 3188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | te_avtab_def 3198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | permissive_def 3208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidattribute_def : ATTRIBUTE identifier ';' 3228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_attrib()) return -1;} 3238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtype_def : TYPE identifier alias_def opt_attr_list ';' 3258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_type(1)) return -1;} 3268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE identifier opt_attr_list ';' 3278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_type(0)) return -1;} 3288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypealias_def : TYPEALIAS identifier alias_def ';' 3308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_typealias()) return -1;} 3318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypeattribute_def : TYPEATTRIBUTE identifier id_comma_list ';' 3338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_typeattribute()) return -1;} 3348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypebounds_def : TYPEBOUNDS identifier id_comma_list ';' 3368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_typebounds()) return -1;} 3378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_attr_list : ',' id_comma_list 3398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 3408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidbool_def : BOOL identifier bool_val ';' 342cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley { if (define_bool_tunable(0)) return -1; } 3438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 344cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalleytunable_def : TUNABLE identifier bool_val ';' 345cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley { if (define_bool_tunable(1)) return -1; } 346cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley ; 3478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidbool_val : CTRUE 3488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("T",0)) return -1; } 3498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CFALSE 3508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("F",0)) return -1; } 3518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_stmt_def : IF cond_expr '{' cond_pol_list '}' cond_else 3538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (pass == 2) { if (define_conditional((cond_expr_t*)$2, (avrule_t*)$4, (avrule_t*)$6) < 0) return -1; }} 3548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_else : ELSE '{' cond_pol_list '}' 3568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $3; } 3578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 3588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = NULL; } 3598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_expr : '(' cond_expr ')' 3608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $2;} 3618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NOT cond_expr 3628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_NOT, $2, 0); 3638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr AND cond_expr 3658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_AND, $1, $3); 3668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr OR cond_expr 3688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_OR, $1, $3); 3698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr XOR cond_expr 3718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_XOR, $1, $3); 3728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr EQUALS cond_expr 3748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_EQ, $1, $3); 3758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr NOTEQUAL cond_expr 3778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_NEQ, $1, $3); 3788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr_prim 3808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_expr_prim : identifier 3838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_BOOL,0, 0); 3848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 3858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_pol_list : cond_pol_list cond_rule_def 3878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_pol_list((avrule_t *)$1, (avrule_t *)$2); } 3888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 3898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = NULL; } 3908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_rule_def : cond_transition_def 3928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_te_avtab_def 3948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_block 3968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = NULL; } 3978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 3998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_filename_trans() ; 4008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 4018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_TRANSITION names names ':' names identifier ';' 4028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_compute_type(AVRULE_TRANSITION) ; 4038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 4048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_MEMBER names names ':' names identifier ';' 4058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_compute_type(AVRULE_MEMBER) ; 4068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 4078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_CHANGE names names ':' names identifier ';' 4088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_compute_type(AVRULE_CHANGE) ; 4098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 4108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_te_avtab_def : cond_allow_def 4128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 4138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_auditallow_def 4148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 4158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_auditdeny_def 4168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 4178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_dontaudit_def 4188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 4198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_allow_def : ALLOW names names ':' names names ';' 4218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_ALLOWED) ; 4228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 4238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_auditallow_def : AUDITALLOW names names ':' names names ';' 4258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_AUDITALLOW) ; 4268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 4278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_auditdeny_def : AUDITDENY names names ':' names names ';' 4298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_AUDITDENY) ; 4308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 4318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_dontaudit_def : DONTAUDIT names names ':' names names ';' 4338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT); 4348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 4358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtransition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 4388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_filename_trans()) return -1; } 4398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_TRANSITION names names ':' names identifier ';' 4408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_compute_type(AVRULE_TRANSITION)) return -1;} 4418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_MEMBER names names ':' names identifier ';' 4428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_compute_type(AVRULE_MEMBER)) return -1;} 4438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_CHANGE names names ':' names identifier ';' 4448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_compute_type(AVRULE_CHANGE)) return -1;} 4458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrange_trans_def : RANGE_TRANSITION names names mls_range_def ';' 4478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_range_trans(0)) return -1; } 4488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | RANGE_TRANSITION names names ':' names mls_range_def ';' 4498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_range_trans(1)) return -1; } 4508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_avtab_def : allow_def 4528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | auditallow_def 4538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | auditdeny_def 4548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | dontaudit_def 4558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | neverallow_def 4568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidallow_def : ALLOW names names ':' names names ';' 4588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_ALLOWED)) return -1; } 4598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidauditallow_def : AUDITALLOW names names ':' names names ';' 4618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_AUDITALLOW)) return -1; } 4628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidauditdeny_def : AUDITDENY names names ':' names names ';' 4648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_AUDITDENY)) return -1; } 4658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddontaudit_def : DONTAUDIT names names ':' names names ';' 4678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_DONTAUDIT)) return -1; } 4688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidneverallow_def : NEVERALLOW names names ':' names names ';' 4708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_NEVERALLOW)) return -1; } 4718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidattribute_role_def : ATTRIBUTE_ROLE identifier ';' 4738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_attrib_role()) return -1; } 474cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley ; 4758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_type_def : ROLE identifier TYPES names ';' 4768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_types()) return -1;} 4778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_attr_def : ROLE identifier opt_attr_list ';' 4798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_attr()) return -1;} 4808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_dominance : DOMINANCE '{' roles '}' 4828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_trans_def : ROLE_TRANSITION names names identifier ';' 4848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_trans(0)) return -1; } 4858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ROLE_TRANSITION names names ':' names identifier ';' 4868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_trans(1)) return -1;} 4878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_allow_def : ALLOW names names ';' 4898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_allow()) return -1; } 4908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidroles : role_def 4928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 4938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | roles role_def 4948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = merge_roles_dom((role_datum_t*)$1, (role_datum_t*)$2); if ($$ == 0) return -1;} 4958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_def : ROLE identifier_push ';' 4978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {$$ = define_role_dom(NULL); if ($$ == 0) return -1;} 4988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ROLE identifier_push '{' roles '}' 4998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {$$ = define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;} 5008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidroleattribute_def : ROLEATTRIBUTE identifier id_comma_list ';' 5028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_roleattribute()) return -1;} 5038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_constraints : constraints 5058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 5068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidconstraints : constraint_decl 5088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | constraints constraint_decl 5098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidconstraint_decl : constraint_def 5118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | validatetrans_def 5128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidconstraint_def : CONSTRAIN names names cexpr ';' 5148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_constraint((constraint_expr_t*)$4)) return -1; } 5158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidvalidatetrans_def : VALIDATETRANS names cexpr ';' 5178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 5188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcexpr : '(' cexpr ')' 5208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $2; } 5218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NOT cexpr 5228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NOT, $2, 0); 5238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cexpr AND cexpr 5258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_AND, $1, $3); 5268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cexpr OR cexpr 5288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_OR, $1, $3); 5298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cexpr_prim 5318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 5328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcexpr_prim : U1 op U2 5348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, $2); 5358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R1 role_mls_op R2 5378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 5388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T1 op T2 5408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2); 5418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | U1 op { if (insert_separator(1)) return -1; } names_push 5438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_USER, $2); 5448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | U2 op { if (insert_separator(1)) return -1; } names_push 5468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_TARGET), $2); 5478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | U3 op { if (insert_separator(1)) return -1; } names_push 5498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_XTARGET), $2); 5508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R1 op { if (insert_separator(1)) return -1; } names_push 5528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, $2); 5538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R2 op { if (insert_separator(1)) return -1; } names_push 5558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), $2); 5568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R3 op { if (insert_separator(1)) return -1; } names_push 5588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_XTARGET), $2); 5598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T1 op { if (insert_separator(1)) return -1; } names_push 5618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, $2); 5628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T2 op { if (insert_separator(1)) return -1; } names_push 5648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), $2); 5658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T3 op { if (insert_separator(1)) return -1; } names_push 5678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_XTARGET), $2); 5688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SAMEUSER 5708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, CEXPR_EQ); 5718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SOURCE ROLE { if (insert_separator(1)) return -1; } names_push 5738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, CEXPR_EQ); 5748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TARGET ROLE { if (insert_separator(1)) return -1; } names_push 5768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), CEXPR_EQ); 5778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ROLE role_mls_op 5798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 5808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SOURCE TYPE { if (insert_separator(1)) return -1; } names_push 5828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, CEXPR_EQ); 5838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TARGET TYPE { if (insert_separator(1)) return -1; } names_push 5858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), CEXPR_EQ); 5868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L1 role_mls_op L2 5888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1L2, $2); 5898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L1 role_mls_op H2 5918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H2, $2); 5928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | H1 role_mls_op L2 5948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1L2, $2); 5958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | H1 role_mls_op H2 5978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1H2, $2); 5988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L1 role_mls_op H1 6008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H1, $2); 6018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 6028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L2 role_mls_op H2 6038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L2H2, $2); 6048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 6058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidop : EQUALS 6078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_EQ; } 6088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NOTEQUAL 6098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_NEQ; } 6108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_mls_op : op 6128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 6138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | DOM 6148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_DOM; } 6158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | DOMBY 6168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_DOMBY; } 6178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | INCOMP 6188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_INCOMP; } 6198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidusers : user_def 6218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | users user_def 6228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiduser_def : USER identifier ROLES names opt_mls_user ';' 6248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_user()) return -1;} 6258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_mls_user : LEVEL mls_level_def RANGE mls_range_def 6278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sid_contexts : initial_sid_context_def 6308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | initial_sid_contexts initial_sid_context_def 6318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sid_context_def : SID identifier security_context_def 6338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_initial_sid_context()) return -1;} 6348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_dev_contexts : dev_contexts | 6368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddev_contexts : dev_context_def 6388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | dev_contexts dev_context_def 6398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddev_context_def : pirq_context_def | 6418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android iomem_context_def | 6428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ioport_context_def | 6438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pci_context_def 6448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpirq_context_def : PIRQCON number security_context_def 6468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_pirq_context($2)) return -1;} 6478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidiomem_context_def : IOMEMCON number security_context_def 6498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_iomem_context($2,$2)) return -1;} 6508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | IOMEMCON number '-' number security_context_def 6518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_iomem_context($2,$4)) return -1;} 6528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidioport_context_def : IOPORTCON number security_context_def 6548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ioport_context($2,$2)) return -1;} 6558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | IOPORTCON number '-' number security_context_def 6568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ioport_context($2,$4)) return -1;} 6578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpci_context_def : PCIDEVICECON number security_context_def 6598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_pcidevice_context($2)) return -1;} 6608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_fs_contexts : fs_contexts 6628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_contexts : fs_context_def 6658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | fs_contexts fs_context_def 6668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_context_def : FSCON number number security_context_def security_context_def 6688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_context($2,$3)) return -1;} 6698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnet_contexts : opt_port_contexts opt_netif_contexts opt_node_contexts 6718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_port_contexts : port_contexts 6738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidport_contexts : port_context_def 6768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | port_contexts port_context_def 6778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidport_context_def : PORTCON identifier number security_context_def 6798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_port_context($3,$3)) return -1;} 6808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | PORTCON identifier number '-' number security_context_def 6818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_port_context($3,$5)) return -1;} 6828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_netif_contexts : netif_contexts 6848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnetif_contexts : netif_context_def 6878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | netif_contexts netif_context_def 6888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnetif_context_def : NETIFCON identifier security_context_def security_context_def 6908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_netif_context()) return -1;} 6918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_node_contexts : node_contexts 6938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnode_contexts : node_context_def 6968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | node_contexts node_context_def 6978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnode_context_def : NODECON ipv4_addr_def ipv4_addr_def security_context_def 6998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ipv4_node_context()) return -1;} 7008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NODECON ipv6_addr ipv6_addr security_context_def 7018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ipv6_node_context()) return -1;} 7028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_fs_uses : fs_uses 7048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 7058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_uses : fs_use_def 7078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | fs_uses fs_use_def 7088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_use_def : FSUSEXATTR filesystem security_context_def ';' 7108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;} 7118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | FSUSETASK identifier security_context_def ';' 7128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;} 7138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | FSUSETRANS identifier security_context_def ';' 7148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_use(SECURITY_FS_USE_TRANS)) return -1;} 7158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_genfs_contexts : genfs_contexts 7178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 7188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidgenfs_contexts : genfs_context_def 7208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | genfs_contexts genfs_context_def 7218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidgenfs_context_def : GENFSCON filesystem path '-' identifier security_context_def 7238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_genfs_context(1)) return -1;} 7248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def 7258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_genfs_context(1)) return -1;} 7268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | GENFSCON filesystem path security_context_def 7278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_genfs_context(0)) return -1;} 7288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidipv4_addr_def : IPV4_ADDR 7308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidsecurity_context_def : identifier ':' identifier ':' identifier opt_mls_range_def 7338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_mls_range_def : ':' mls_range_def 7358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 7368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmls_range_def : mls_level_def '-' mls_level_def 7388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 7398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | mls_level_def 7408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 7418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmls_level_def : identifier ':' id_comma_list 7438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 7448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier 7458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 7468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidid_comma_list : identifier 7488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | id_comma_list ',' identifier 7498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtilde : '~' 7518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidasterisk : '*' 7538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnames : identifier 7558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_separator(0)) return -1; } 7568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | nested_id_set 7578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_separator(0)) return -1; } 7588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | asterisk 7598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("*", 0)) return -1; 7608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_separator(0)) return -1; } 7618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde identifier 7628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("~", 0)) return -1; 7638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_separator(0)) return -1; } 7648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde nested_id_set 7658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("~", 0)) return -1; 7668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_separator(0)) return -1; } 7678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier '-' { if (insert_id("-", 0)) return -1; } identifier 7688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_separator(0)) return -1; } 7698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtilde_push : tilde 7718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("~", 1)) return -1; } 7728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidasterisk_push : asterisk 7748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("*", 1)) return -1; } 7758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnames_push : identifier_push 7778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | '{' identifier_list_push '}' 7788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | asterisk_push 7798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde_push identifier_push 7808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde_push '{' identifier_list_push '}' 7818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier_list_push : identifier_push 7838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier_list_push identifier_push 7848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier_push : IDENTIFIER 7868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext, 1)) return -1; } 7878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier_list : identifier 7898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier_list identifier 7908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnested_id_set : '{' nested_id_list '}' 7928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnested_id_list : nested_id_element | nested_id_list nested_id_element 7948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; } identifier | nested_id_set 7968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier : IDENTIFIER 7988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfilesystem : FILESYSTEM 8018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 8028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | IDENTIFIER 8038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 8048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpath : PATH 8068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 8078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfilename : FILENAME 8098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } 8108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnumber : NUMBER 8128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = strtoul(yytext,NULL,0); } 8138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidipv6_addr : IPV6_ADDR 8158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 8168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpolicycap_def : POLICYCAP identifier ';' 8188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_polcap()) return -1;} 8198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpermissive_def : PERMISSIVE identifier ';' 8218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_permissive()) return -1;} 8228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 8238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/*********** module grammar below ***********/ 8248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 8258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmodule_policy : module_def avrules_block 8268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_avrule_block(pass) == -1) return -1; 8278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_index_others(NULL, policydbp, 0)) return -1; 8288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 8298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmodule_def : MODULE identifier version_identifier ';' 8318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_policy(pass, 1) == -1) return -1; } 8328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidversion_identifier : VERSION_IDENTIFIER 8348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 8358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | number 8368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 8378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ipv4_addr_def /* version can look like ipv4 address */ 8388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrules_block : avrule_decls avrule_user_defs 8408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrule_decls : avrule_decls avrule_decl 8428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | avrule_decl 8438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrule_decl : rbac_decl 8458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | te_decl 8468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_stmt_def 8478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_block 8488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | optional_block 8498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ';' 8508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_block : REQUIRE '{' require_list '}' 8528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_list : require_list require_decl 8548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_decl 8558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_decl : require_class ';' 8578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_decl_def require_id_list ';' 8588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_class : CLASS identifier names 8608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (require_class(pass)) return -1; } 8618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_decl_def : ROLE { $$ = require_role; } 8638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE { $$ = require_type; } 8648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ATTRIBUTE { $$ = require_attribute; } 8658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ATTRIBUTE_ROLE { $$ = require_attribute_role; } 8668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | USER { $$ = require_user; } 8678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | BOOL { $$ = require_bool; } 868cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley | TUNABLE { $$ = require_tunable; } 8698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SENSITIVITY { $$ = require_sens; } 8708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CATEGORY { $$ = require_cat; } 8718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_id_list : identifier 8738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if ($<require_func>0 (pass)) return -1; } 8748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_id_list ',' identifier 8758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if ($<require_func>0 (pass)) return -1; } 8768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidoptional_block : optional_decl '{' avrules_block '}' 8788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_avrule_block(pass) == -1) return -1; } 8798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android optional_else 8808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_optional(pass) == -1) return -1; } 8818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidoptional_else : else_decl '{' avrules_block '}' 8838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_avrule_block(pass) == -1) return -1; } 8848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 8858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidoptional_decl : OPTIONAL 8878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (begin_optional(pass) == -1) return -1; } 8888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidelse_decl : ELSE 8908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (begin_optional_else(pass) == -1) return -1; } 8918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrule_user_defs : user_def avrule_user_defs 8938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 8948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 895