113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Support for enhanced MLS infrastructure. 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Updated: David Caplan, <dac@tresys.com> 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Added conditional policy language extensions 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Updated: Joshua Brindle <jbrindle@tresys.com> 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Karl MacMillan <kmacmillan@mentalrootkit.com> 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Jason Tang <jtang@tresys.com> 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Added support for binary policy modules 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2003 - 2008 Tresys Technology, LLC 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Copyright (C) 2007 Red Hat Inc. 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This program is free software; you can redistribute it and/or modify 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * it under the terms of the GNU General Public License as published by 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * the Free Software Foundation, version 2. 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* FLASK */ 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%{ 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/types.h> 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <assert.h> 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdarg.h> 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdint.h> 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <string.h> 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sys/socket.h> 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <netinet/in.h> 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <arpa/inet.h> 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/expand.h> 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/policydb.h> 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/services.h> 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/conditional.h> 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/flask.h> 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/hierarchy.h> 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb/polcaps.h> 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "queue.h" 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "checkpolicy.h" 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "module_compiler.h" 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "policy_define.h" 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleextern policydb_t *policydbp; 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleextern unsigned int pass; 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleextern char yytext[]; 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleextern int yylex(void); 61832e7017f881f0a66e24170b7a2ff1cd9b113239Nicolas Ioossextern int yywarn(const char *msg); 62832e7017f881f0a66e24170b7a2ff1cd9b113239Nicolas Ioossextern int yyerror(const char *msg); 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 64c4a4a1a7ed42c167a7d4bae06a1fffa8c6c9cb8dNicolas Ioosstypedef int (* require_func_t)(int pass); 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%} 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%union { 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int val; 7082030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf uint64_t val64; 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle uintptr_t valptr; 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle void *ptr; 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle require_func_t require_func; 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%type <ptr> cond_expr cond_expr_prim cond_pol_list cond_else 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%type <ptr> cond_allow_def cond_auditallow_def cond_auditdeny_def cond_dontaudit_def 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%type <ptr> cond_transition_def cond_te_avtab_def cond_rule_def 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%type <ptr> role_def roles 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%type <valptr> cexpr cexpr_prim op role_mls_op 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%type <val> ipv4_addr_def number 8282030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf%type <val64> number64 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%type <require_func> require_decl_def 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token PATH 86aab2d9f904bf34fdeb6037a76083ce79392c9a82Daniel De Graaf%token QPATH 87b42e15ffd5163effe3b2cb910685a5956a00defcSteve Lawrence%token FILENAME 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token CLONE 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token COMMON 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token CLASS 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token CONSTRAIN 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token VALIDATETRANS 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token INHERITS 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token SID 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token ROLE 9616675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao%token ROLEATTRIBUTE 9716675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao%token ATTRIBUTE_ROLE 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token ROLES 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TYPEALIAS 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TYPEATTRIBUTE 10145728407d60a5297deac7aa65fd92adf2412d5f7Joshua Brindle%token TYPEBOUNDS 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TYPE 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TYPES 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token ALIAS 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token ATTRIBUTE 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token BOOL 10780f26c5ee865993264ef638480c6a05ab574f7c0Harry Ciao%token TUNABLE 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token IF 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token ELSE 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TYPE_TRANSITION 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TYPE_MEMBER 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TYPE_CHANGE 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token ROLE_TRANSITION 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token RANGE_TRANSITION 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token SENSITIVITY 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token DOMINANCE 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token DOM DOMBY INCOMP 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token CATEGORY 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token LEVEL 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token RANGE 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token MLSCONSTRAIN 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token MLSVALIDATETRANS 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token USER 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token NEVERALLOW 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token ALLOW 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token AUDITALLOW 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token AUDITDENY 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token DONTAUDIT 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token SOURCE 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token TARGET 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token SAMEUSER 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token FSCON PORTCON NETIFCON NODECON 133f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf%token PIRQCON IOMEMCON IOPORTCON PCIDEVICECON DEVICETREECON 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token FSUSEXATTR FSUSETASK FSUSETRANS 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token GENFSCON 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token U1 U2 U3 R1 R2 R3 T1 T2 T3 L1 L2 H1 H2 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token NOT AND OR XOR 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token CTRUE CFALSE 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token IDENTIFIER 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token NUMBER 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token EQUALS 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token NOTEQUAL 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token IPV4_ADDR 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token IPV6_ADDR 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token POLICYCAP 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%token PERMISSIVE 14817ac87ce8374ee635062ee0d9c4176231d3a87bcJames Carter%token FILESYSTEM 149693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE 15009c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris%token LOW_HIGH LOW HIGH 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%left OR 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%left XOR 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%left AND 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%right NOT 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%left EQUALS NOTEQUAL 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle%% 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlepolicy : base_policy 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | module_policy 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlebase_policy : { if (define_policy(pass, 0) == -1) return -1; } 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle classes initial_sids access_vectors 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; } 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }} 16509c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris opt_default_rules opt_mls te_rbac users opt_constraints 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;} 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}} 16879d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclasses : class_def 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | classes class_def 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleclass_def : CLASS identifier 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_class()) return -1;} 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleinitial_sids : initial_sid_def 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | initial_sids initial_sid_def 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleinitial_sid_def : SID identifier 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_initial_sid()) return -1;} 18113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleaccess_vectors : opt_common_perms av_perms 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_common_perms : common_perms 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecommon_perms : common_perms_def 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | common_perms common_perms_def 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecommon_perms_def : COMMON identifier '{' identifier_list '}' 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_common_perms()) return -1;} 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleav_perms : av_perms_def 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | av_perms av_perms_def 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleav_perms_def : CLASS identifier '{' identifier_list '}' 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_av_perms(FALSE)) return -1;} 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | CLASS identifier INHERITS identifier 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_av_perms(TRUE)) return -1;} 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | CLASS identifier INHERITS identifier '{' identifier_list '}' 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_av_perms(TRUE)) return -1;} 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 20309c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Parisopt_default_rules : default_rules 20409c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | 20509c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris ; 20609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Parisdefault_rules : default_user_def 20709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | default_role_def 208693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris | default_type_def 20909c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | default_range_def 21009c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | default_rules default_user_def 21109c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | default_rules default_role_def 212693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris | default_rules default_type_def 21309c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | default_rules default_range_def 21409c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris ; 21509c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Parisdefault_user_def : DEFAULT_USER names SOURCE ';' 21609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_user(DEFAULT_SOURCE)) return -1; } 21709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | DEFAULT_USER names TARGET ';' 21809c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_user(DEFAULT_TARGET)) return -1; } 21909c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris ; 22009c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Parisdefault_role_def : DEFAULT_ROLE names SOURCE ';' 22109c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_role(DEFAULT_SOURCE)) return -1; } 22209c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | DEFAULT_ROLE names TARGET ';' 22309c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_role(DEFAULT_TARGET)) return -1; } 22409c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris ; 225693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Parisdefault_type_def : DEFAULT_TYPE names SOURCE ';' 226693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris {if (define_default_type(DEFAULT_SOURCE)) return -1; } 227693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris | DEFAULT_TYPE names TARGET ';' 228693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris {if (define_default_type(DEFAULT_TARGET)) return -1; } 229693f5241fdd5ae7e89d4312b85443c0fc1b1a57dEric Paris ; 23009c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Parisdefault_range_def : DEFAULT_RANGE names SOURCE LOW ';' 23109c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_range(DEFAULT_SOURCE_LOW)) return -1; } 23209c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | DEFAULT_RANGE names SOURCE HIGH ';' 23309c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_range(DEFAULT_SOURCE_HIGH)) return -1; } 23409c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | DEFAULT_RANGE names SOURCE LOW_HIGH ';' 23509c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_range(DEFAULT_SOURCE_LOW_HIGH)) return -1; } 23609c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | DEFAULT_RANGE names TARGET LOW ';' 23709c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_range(DEFAULT_TARGET_LOW)) return -1; } 23809c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | DEFAULT_RANGE names TARGET HIGH ';' 23909c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_range(DEFAULT_TARGET_HIGH)) return -1; } 24009c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris | DEFAULT_RANGE names TARGET LOW_HIGH ';' 24109c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris {if (define_default_range(DEFAULT_TARGET_LOW_HIGH)) return -1; } 24209c783c9a36cd47216df827c5d2c21ec8cd613e2Eric Paris ; 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_mls : mls 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemls : sensitivities dominance opt_categories levels mlspolicy 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlesensitivities : sensitivity_def 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | sensitivities sensitivity_def 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlesensitivity_def : SENSITIVITY identifier alias_def ';' 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_sens()) return -1;} 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | SENSITIVITY identifier ';' 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_sens()) return -1;} 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlealias_def : ALIAS names 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledominance : DOMINANCE identifier 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_dominance()) return -1;} 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | DOMINANCE '{' identifier_list '}' 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_dominance()) return -1;} 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_categories : categories 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecategories : category_def 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | categories category_def 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecategory_def : CATEGORY identifier alias_def ';' 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_category()) return -1;} 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | CATEGORY identifier ';' 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_category()) return -1;} 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlelevels : level_def 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | levels level_def 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlelevel_def : LEVEL identifier ':' id_comma_list ';' 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_level()) return -1;} 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | LEVEL identifier ';' 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_level()) return -1;} 28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemlspolicy : mlspolicy_decl 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | mlspolicy mlspolicy_decl 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemlspolicy_decl : mlsconstraint_def 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | mlsvalidatetrans_def 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemlsconstraint_def : MLSCONSTRAIN names names cexpr ';' 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_constraint((constraint_expr_t*)$4)) return -1; } 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemlsvalidatetrans_def : MLSVALIDATETRANS names cexpr ';' 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlete_rbac : te_rbac_decl 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | te_rbac te_rbac_decl 29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlete_rbac_decl : te_decl 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | rbac_decl 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_stmt_def 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | optional_block 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | policycap_def 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ';' 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 30416675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciaorbac_decl : attribute_role_def 30516675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao | role_type_def 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_dominance 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_trans_def 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_allow_def 30916675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao | roleattribute_def 31016675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao | role_attr_def 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlete_decl : attribute_def 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | type_def 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typealias_def 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typeattribute_def 31645728407d60a5297deac7aa65fd92adf2412d5f7Joshua Brindle | typebounds_def 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | bool_def 31880f26c5ee865993264ef638480c6a05ab574f7c0Harry Ciao | tunable_def 31913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | transition_def 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | range_trans_def 32113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | te_avtab_def 32213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | permissive_def 32313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 32413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleattribute_def : ATTRIBUTE identifier ';' 32513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_attrib()) return -1;} 32613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 32713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletype_def : TYPE identifier alias_def opt_attr_list ';' 32813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_type(1)) return -1;} 32913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE identifier opt_attr_list ';' 33013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_type(0)) return -1;} 33113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 33213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletypealias_def : TYPEALIAS identifier alias_def ';' 33313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_typealias()) return -1;} 33413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 33513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletypeattribute_def : TYPEATTRIBUTE identifier id_comma_list ';' 33613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_typeattribute()) return -1;} 33713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 33845728407d60a5297deac7aa65fd92adf2412d5f7Joshua Brindletypebounds_def : TYPEBOUNDS identifier id_comma_list ';' 33945728407d60a5297deac7aa65fd92adf2412d5f7Joshua Brindle {if (define_typebounds()) return -1;} 34045728407d60a5297deac7aa65fd92adf2412d5f7Joshua Brindle ; 34113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_attr_list : ',' id_comma_list 34213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 34313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 34413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlebool_def : BOOL identifier bool_val ';' 34580f26c5ee865993264ef638480c6a05ab574f7c0Harry Ciao { if (define_bool_tunable(0)) return -1; } 34613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 34780f26c5ee865993264ef638480c6a05ab574f7c0Harry Ciaotunable_def : TUNABLE identifier bool_val ';' 34880f26c5ee865993264ef638480c6a05ab574f7c0Harry Ciao { if (define_bool_tunable(1)) return -1; } 34980f26c5ee865993264ef638480c6a05ab574f7c0Harry Ciao ; 35013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlebool_val : CTRUE 35113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id("T",0)) return -1; } 35213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | CFALSE 35313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id("F",0)) return -1; } 35413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 35513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_stmt_def : IF cond_expr '{' cond_pol_list '}' cond_else 35613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (pass == 2) { if (define_conditional((cond_expr_t*)$2, (avrule_t*)$4, (avrule_t*)$6) < 0) return -1; }} 35713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 35813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_else : ELSE '{' cond_pol_list '}' 35913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $3; } 36013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | /* empty */ 36113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = NULL; } 362387dc6342e72c63817695bfc3324173b28f9ca78Scapelli ; 36313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_expr : '(' cond_expr ')' 36413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $2;} 36513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NOT cond_expr 36613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_expr(COND_NOT, $2, 0); 36713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 36813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr AND cond_expr 36913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_expr(COND_AND, $1, $3); 37013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 37113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr OR cond_expr 37213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_expr(COND_OR, $1, $3); 37313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 37413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr XOR cond_expr 37513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_expr(COND_XOR, $1, $3); 37613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 37713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr EQUALS cond_expr 37813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_expr(COND_EQ, $1, $3); 37913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 38013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr NOTEQUAL cond_expr 38113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_expr(COND_NEQ, $1, $3); 38213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 38313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr_prim 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_expr_prim : identifier 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_expr(COND_BOOL,0, 0); 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1; } 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_pol_list : cond_pol_list cond_rule_def 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_pol_list((avrule_t *)$1, (avrule_t *)$2); } 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | /* empty */ 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = NULL; } 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_rule_def : cond_transition_def 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_te_avtab_def 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | require_block 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = NULL; } 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 402b42e15ffd5163effe3b2cb910685a5956a00defcSteve Lawrencecond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 403516cb2a264448421bff692f47f61e8cf2a74237eEric Paris { $$ = define_cond_filename_trans() ; 404516cb2a264448421bff692f47f61e8cf2a74237eEric Paris if ($$ == COND_ERR) return -1;} 405516cb2a264448421bff692f47f61e8cf2a74237eEric Paris | TYPE_TRANSITION names names ':' names identifier ';' 40613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_compute_type(AVRULE_TRANSITION) ; 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1;} 40813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_MEMBER names names ':' names identifier ';' 40913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_compute_type(AVRULE_MEMBER) ; 41013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1;} 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_CHANGE names names ':' names identifier ';' 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_compute_type(AVRULE_CHANGE) ; 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1;} 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_te_avtab_def : cond_allow_def 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 41713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_auditallow_def 41813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_auditdeny_def 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_dontaudit_def 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_allow_def : ALLOW names names ':' names names ';' 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_te_avtab(AVRULE_ALLOWED) ; 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1; } 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_auditallow_def : AUDITALLOW names names ':' names names ';' 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_te_avtab(AVRULE_AUDITALLOW) ; 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1; } 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_auditdeny_def : AUDITDENY names names ':' names names ';' 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_te_avtab(AVRULE_AUDITDENY) ; 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1; } 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecond_dontaudit_def : DONTAUDIT names names ':' names names ';' 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT); 43813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == COND_ERR) return -1; } 43913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 440fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris ; 441b42e15ffd5163effe3b2cb910685a5956a00defcSteve Lawrencetransition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 442cb271f7d4c1957950f4d1197b4973722705fb5b3Steve Lawrence {if (define_filename_trans()) return -1; } 443cb271f7d4c1957950f4d1197b4973722705fb5b3Steve Lawrence | TYPE_TRANSITION names names ':' names identifier ';' 44413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_compute_type(AVRULE_TRANSITION)) return -1;} 44513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_MEMBER names names ':' names identifier ';' 44613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_compute_type(AVRULE_MEMBER)) return -1;} 44713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_CHANGE names names ':' names identifier ';' 44813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_compute_type(AVRULE_CHANGE)) return -1;} 44913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 45013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerange_trans_def : RANGE_TRANSITION names names mls_range_def ';' 45113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_range_trans(0)) return -1; } 45213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | RANGE_TRANSITION names names ':' names mls_range_def ';' 45313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_range_trans(1)) return -1; } 45413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 45513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlete_avtab_def : allow_def 45613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | auditallow_def 45713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | auditdeny_def 45813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | dontaudit_def 45913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | neverallow_def 46080bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | operation_allow_def 46180bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | operation_auditallow_def 46280bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | operation_dontaudit_def 46313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 46413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleallow_def : ALLOW names names ':' names names ';' 46513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_te_avtab(AVRULE_ALLOWED)) return -1; } 46613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 46713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleauditallow_def : AUDITALLOW names names ':' names names ';' 46813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_te_avtab(AVRULE_AUDITALLOW)) return -1; } 46913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 47013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleauditdeny_def : AUDITDENY names names ':' names names ';' 47113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_te_avtab(AVRULE_AUDITDENY)) return -1; } 47213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 47313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledontaudit_def : DONTAUDIT names names ':' names names ';' 47413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_te_avtab(AVRULE_DONTAUDIT)) return -1; } 47513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 47613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleneverallow_def : NEVERALLOW names names ':' names names ';' 47713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_te_avtab(AVRULE_NEVERALLOW)) return -1; } 47813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 47980bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepoperation_allow_def : ALLOW names names ':' names operations ';' 48080bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep {if (define_te_avtab_operation(AVRULE_OPNUM_ALLOWED)) return -1; } 48180bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 48280bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepoperation_auditallow_def: AUDITALLOW names names ':' names operations ';' 48380bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep {if (define_te_avtab_operation(AVRULE_OPNUM_AUDITALLOW)) return -1; } 48480bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 48580bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepoperation_dontaudit_def : DONTAUDIT names names ':' names operations ';' 48680bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep {if (define_te_avtab_operation(AVRULE_OPNUM_DONTAUDIT)) return -1; } 48780bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 48816675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciaoattribute_role_def : ATTRIBUTE_ROLE identifier ';' 48916675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao {if (define_attrib_role()) return -1; } 4905619635063741e1c8c9cf53a8746dd29be0cda79Dan Walsh ; 49113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerole_type_def : ROLE identifier TYPES names ';' 49213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_role_types()) return -1;} 49316675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao ; 49416675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciaorole_attr_def : ROLE identifier opt_attr_list ';' 49516675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao {if (define_role_attr()) return -1;} 49613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 49713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerole_dominance : DOMINANCE '{' roles '}' 49813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 49913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerole_trans_def : ROLE_TRANSITION names names identifier ';' 500e95f358e3bbe850e5c99f56f8521abe1f5a6210bHarry Ciao {if (define_role_trans(0)) return -1; } 501e95f358e3bbe850e5c99f56f8521abe1f5a6210bHarry Ciao | ROLE_TRANSITION names names ':' names identifier ';' 502e95f358e3bbe850e5c99f56f8521abe1f5a6210bHarry Ciao {if (define_role_trans(1)) return -1;} 50313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 50413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerole_allow_def : ALLOW names names ';' 50513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_role_allow()) return -1; } 50613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 50713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleroles : role_def 50813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 50913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | roles role_def 51013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = merge_roles_dom((role_datum_t*)$1, (role_datum_t*)$2); if ($$ == 0) return -1;} 51113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 51213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerole_def : ROLE identifier_push ';' 51313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {$$ = define_role_dom(NULL); if ($$ == 0) return -1;} 51413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ROLE identifier_push '{' roles '}' 51513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {$$ = define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;} 51613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 51716675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciaoroleattribute_def : ROLEATTRIBUTE identifier id_comma_list ';' 51816675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao {if (define_roleattribute()) return -1;} 51916675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao ; 52013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_constraints : constraints 52113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 52213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 52313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleconstraints : constraint_decl 52413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | constraints constraint_decl 52513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 52613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleconstraint_decl : constraint_def 52713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | validatetrans_def 52813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 52913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleconstraint_def : CONSTRAIN names names cexpr ';' 53013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_constraint((constraint_expr_t*)$4)) return -1; } 53113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 53213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevalidatetrans_def : VALIDATETRANS names cexpr ';' 53313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 53413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 53513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecexpr : '(' cexpr ')' 53613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $2; } 53713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NOT cexpr 53813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NOT, $2, 0); 53913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 54013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cexpr AND cexpr 54113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_AND, $1, $3); 54213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 54313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cexpr OR cexpr 54413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_OR, $1, $3); 54513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 54613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cexpr_prim 54713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 54813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 54913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlecexpr_prim : U1 op U2 55013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, $2); 55113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 55213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | R1 role_mls_op R2 55313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 55413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 55513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | T1 op T2 55613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2); 55713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 55813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | U1 op { if (insert_separator(1)) return -1; } names_push 55913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, CEXPR_USER, $2); 56013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 56113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | U2 op { if (insert_separator(1)) return -1; } names_push 56213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_TARGET), $2); 56313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 56413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | U3 op { if (insert_separator(1)) return -1; } names_push 56513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_XTARGET), $2); 56613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 56713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | R1 op { if (insert_separator(1)) return -1; } names_push 56813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, $2); 56913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 57013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | R2 op { if (insert_separator(1)) return -1; } names_push 57113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), $2); 57213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 57313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | R3 op { if (insert_separator(1)) return -1; } names_push 57413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_XTARGET), $2); 57513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 57613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | T1 op { if (insert_separator(1)) return -1; } names_push 57713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, $2); 57813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 57913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | T2 op { if (insert_separator(1)) return -1; } names_push 58013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), $2); 58113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 58213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | T3 op { if (insert_separator(1)) return -1; } names_push 58313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_XTARGET), $2); 58413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 58513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | SAMEUSER 58613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, CEXPR_EQ); 58713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 58813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | SOURCE ROLE { if (insert_separator(1)) return -1; } names_push 58913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, CEXPR_EQ); 59013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 59113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TARGET ROLE { if (insert_separator(1)) return -1; } names_push 59213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), CEXPR_EQ); 59313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 59413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ROLE role_mls_op 59513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 59613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 59713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | SOURCE TYPE { if (insert_separator(1)) return -1; } names_push 59813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, CEXPR_EQ); 59913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 60013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TARGET TYPE { if (insert_separator(1)) return -1; } names_push 60113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), CEXPR_EQ); 60213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 60313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | L1 role_mls_op L2 60413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1L2, $2); 60513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 60613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | L1 role_mls_op H2 60713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H2, $2); 60813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 60913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | H1 role_mls_op L2 61013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1L2, $2); 61113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 61213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | H1 role_mls_op H2 61313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1H2, $2); 61413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 61513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | L1 role_mls_op H1 61613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H1, $2); 61713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 61813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | L2 role_mls_op H2 61913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L2H2, $2); 62013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if ($$ == 0) return -1; } 62113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 62213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleop : EQUALS 62313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = CEXPR_EQ; } 62413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NOTEQUAL 62513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = CEXPR_NEQ; } 62613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 62713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerole_mls_op : op 62813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = $1; } 62913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | DOM 63013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = CEXPR_DOM; } 63113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | DOMBY 63213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = CEXPR_DOMBY; } 63313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | INCOMP 63413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = CEXPR_INCOMP; } 63513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 63613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleusers : user_def 63713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | users user_def 63813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 63913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleuser_def : USER identifier ROLES names opt_mls_user ';' 64013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_user()) return -1;} 64113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 64213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_mls_user : LEVEL mls_level_def RANGE mls_range_def 64313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 64413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 64513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleinitial_sid_contexts : initial_sid_context_def 64613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | initial_sid_contexts initial_sid_context_def 64713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 64813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleinitial_sid_context_def : SID identifier security_context_def 64913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_initial_sid_context()) return -1;} 65013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 65179d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzziopt_dev_contexts : dev_contexts | 65279d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ; 65379d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzidev_contexts : dev_context_def 65479d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi | dev_contexts dev_context_def 65579d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ; 65679d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzidev_context_def : pirq_context_def | 65779d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi iomem_context_def | 65879d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ioport_context_def | 659f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf pci_context_def | 660f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf dtree_context_def 66179d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ; 66279d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzipirq_context_def : PIRQCON number security_context_def 66379d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi {if (define_pirq_context($2)) return -1;} 66479d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ; 66582030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graafiomem_context_def : IOMEMCON number64 security_context_def 66679d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi {if (define_iomem_context($2,$2)) return -1;} 66782030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf | IOMEMCON number64 '-' number64 security_context_def 66879d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi {if (define_iomem_context($2,$4)) return -1;} 66979d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ; 67079d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzziioport_context_def : IOPORTCON number security_context_def 67179d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi {if (define_ioport_context($2,$2)) return -1;} 67279d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi | IOPORTCON number '-' number security_context_def 67379d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi {if (define_ioport_context($2,$4)) return -1;} 67479d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ; 67579d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzipci_context_def : PCIDEVICECON number security_context_def 67679d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi {if (define_pcidevice_context($2)) return -1;} 67779d10a8f9889ce0458ff0592ccaf83b273608eb2Paul Nuzzi ; 678f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graafdtree_context_def : DEVICETREECON path security_context_def 679f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf {if (define_devicetree_context()) return -1;} 680f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf ; 68113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_fs_contexts : fs_contexts 68213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 68313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 68413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefs_contexts : fs_context_def 68513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | fs_contexts fs_context_def 68613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 68713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefs_context_def : FSCON number number security_context_def security_context_def 68813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_fs_context($2,$3)) return -1;} 68913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 69013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenet_contexts : opt_port_contexts opt_netif_contexts opt_node_contexts 69113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 69213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_port_contexts : port_contexts 69313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 69413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 69513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleport_contexts : port_context_def 69613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | port_contexts port_context_def 69713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 69813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleport_context_def : PORTCON identifier number security_context_def 69913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_port_context($3,$3)) return -1;} 70013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | PORTCON identifier number '-' number security_context_def 70113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_port_context($3,$5)) return -1;} 70213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 70313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_netif_contexts : netif_contexts 70413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 70513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 70613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenetif_contexts : netif_context_def 70713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | netif_contexts netif_context_def 70813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 70913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenetif_context_def : NETIFCON identifier security_context_def security_context_def 71013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_netif_context()) return -1;} 71113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 71213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_node_contexts : node_contexts 71313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 71413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 71513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenode_contexts : node_context_def 71613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | node_contexts node_context_def 71713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 71813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenode_context_def : NODECON ipv4_addr_def ipv4_addr_def security_context_def 71913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_ipv4_node_context()) return -1;} 72013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NODECON ipv6_addr ipv6_addr security_context_def 72113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_ipv6_node_context()) return -1;} 72213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 72313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_fs_uses : fs_uses 72413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 72513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 72613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlefs_uses : fs_use_def 72713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | fs_uses fs_use_def 72813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 729fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Parisfs_use_def : FSUSEXATTR filesystem security_context_def ';' 73013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;} 73113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FSUSETASK identifier security_context_def ';' 73213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;} 73313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FSUSETRANS identifier security_context_def ';' 73413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_fs_use(SECURITY_FS_USE_TRANS)) return -1;} 73513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 73613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_genfs_contexts : genfs_contexts 73713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 73813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 73913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlegenfs_contexts : genfs_context_def 74013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | genfs_contexts genfs_context_def 74113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 742fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Parisgenfs_context_def : GENFSCON filesystem path '-' identifier security_context_def 74313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_genfs_context(1)) return -1;} 744fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def 74513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_genfs_context(1)) return -1;} 746fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris | GENFSCON filesystem path security_context_def 74713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_genfs_context(0)) return -1;} 74813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 74913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleipv4_addr_def : IPV4_ADDR 75013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id(yytext,0)) return -1; } 75113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 75280bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepoperations : operation 75380bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep { if (insert_separator(0)) return -1; } 75480bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | nested_operation_set 75580bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep { if (insert_separator(0)) return -1; } 75680bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | tilde operation 75780bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep { if (insert_id("~", 0)) return -1; } 75880bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | tilde nested_operation_set 75980bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep { if (insert_id("~", 0)) return -1; 76080bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep if (insert_separator(0)) return -1; } 76180bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 76280bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepnested_operation_set : '{' nested_operation_list '}' 76380bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 76480bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepnested_operation_list : nested_operation_element 76580bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | nested_operation_list nested_operation_element 76680bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 76780bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepnested_operation_element: operation '-' { if (insert_id("-", 0)) return -1; } operation 76880bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | operation 76980bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep | nested_operation_set 77080bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 77180bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoepoperation : number 77280bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep { if (insert_id(yytext,0)) return -1; } 77380bc7ee8faaddfa7a650994fa82a57f41a9e7475Jeff Vander Stoep ; 77413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlesecurity_context_def : identifier ':' identifier ':' identifier opt_mls_range_def 77513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 77613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleopt_mls_range_def : ':' mls_range_def 77713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | 77813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 77913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemls_range_def : mls_level_def '-' mls_level_def 78013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (insert_separator(0)) return -1;} 78113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | mls_level_def 78213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (insert_separator(0)) return -1;} 78313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 78413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemls_level_def : identifier ':' id_comma_list 78513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (insert_separator(0)) return -1;} 78613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | identifier 78713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (insert_separator(0)) return -1;} 78813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 78913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleid_comma_list : identifier 79013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | id_comma_list ',' identifier 79113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 79213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletilde : '~' 79313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 79413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleasterisk : '*' 79513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 79613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenames : identifier 79713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_separator(0)) return -1; } 79813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_set 79913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_separator(0)) return -1; } 80013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | asterisk 80113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id("*", 0)) return -1; 80213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (insert_separator(0)) return -1; } 80313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | tilde identifier 80413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id("~", 0)) return -1; 80513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (insert_separator(0)) return -1; } 80613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | tilde nested_id_set 80713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id("~", 0)) return -1; 80813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (insert_separator(0)) return -1; } 80913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | identifier '-' { if (insert_id("-", 0)) return -1; } identifier 81013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_separator(0)) return -1; } 81113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 81213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletilde_push : tilde 81313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id("~", 1)) return -1; } 81413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 81513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleasterisk_push : asterisk 81613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id("*", 1)) return -1; } 81713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 81813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenames_push : identifier_push 81913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | '{' identifier_list_push '}' 82013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | asterisk_push 82113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | tilde_push identifier_push 82213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | tilde_push '{' identifier_list_push '}' 82313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 82413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleidentifier_list_push : identifier_push 82513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | identifier_list_push identifier_push 82613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 82713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleidentifier_push : IDENTIFIER 82813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id(yytext, 1)) return -1; } 82913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 83013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleidentifier_list : identifier 83113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | identifier_list identifier 83213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 83313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenested_id_set : '{' nested_id_list '}' 83413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 83513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenested_id_list : nested_id_element | nested_id_list nested_id_element 83613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 83713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; } identifier | nested_id_set 83813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 83913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleidentifier : IDENTIFIER 84013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id(yytext,0)) return -1; } 84113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 842fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Parisfilesystem : FILESYSTEM 843fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris { if (insert_id(yytext,0)) return -1; } 844d72a9ec825ef2a8723510f62292cf2adfd4a2a6cDan Walsh | IDENTIFIER 845d72a9ec825ef2a8723510f62292cf2adfd4a2a6cDan Walsh { if (insert_id(yytext,0)) return -1; } 846d72a9ec825ef2a8723510f62292cf2adfd4a2a6cDan Walsh ; 847fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Parispath : PATH 848fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris { if (insert_id(yytext,0)) return -1; } 849aab2d9f904bf34fdeb6037a76083ce79392c9a82Daniel De Graaf | QPATH 850aab2d9f904bf34fdeb6037a76083ce79392c9a82Daniel De Graaf { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } 851fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris ; 852fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Parisfilename : FILENAME 853fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } 854fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65Eric Paris ; 85513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlenumber : NUMBER 85613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { $$ = strtoul(yytext,NULL,0); } 85713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 85882030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graafnumber64 : NUMBER 85982030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf { $$ = strtoull(yytext,NULL,0); } 86082030de5dc8d08a9417842156293c65fef9dc70cDaniel De Graaf ; 86113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleipv6_addr : IPV6_ADDR 86213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id(yytext,0)) return -1; } 86313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 86413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlepolicycap_def : POLICYCAP identifier ';' 86513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_polcap()) return -1;} 86613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 86713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlepermissive_def : PERMISSIVE identifier ';' 86813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle {if (define_permissive()) return -1;} 86913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/*********** module grammar below ***********/ 87113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemodule_policy : module_def avrules_block 87313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (end_avrule_block(pass) == -1) return -1; 87413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (policydb_index_others(NULL, policydbp, 0)) return -1; 87513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 87613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 87713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlemodule_def : MODULE identifier version_identifier ';' 87813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (define_policy(pass, 1) == -1) return -1; } 87913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 88013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleversion_identifier : VERSION_IDENTIFIER 88113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (insert_id(yytext,0)) return -1; } 882c61b6934dd7b1c871001c049eddf4a4e57b604e8Daniel J Walsh | number 883c61b6934dd7b1c871001c049eddf4a4e57b604e8Daniel J Walsh { if (insert_id(yytext,0)) return -1; } 88413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ipv4_addr_def /* version can look like ipv4 address */ 88513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 88613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleavrules_block : avrule_decls avrule_user_defs 88713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 88813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleavrule_decls : avrule_decls avrule_decl 88913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | avrule_decl 89013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 89113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleavrule_decl : rbac_decl 89213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | te_decl 89313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_stmt_def 89413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | require_block 89513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | optional_block 89613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ';' 89713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 89813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerequire_block : REQUIRE '{' require_list '}' 89913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 90013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerequire_list : require_list require_decl 90113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | require_decl 90213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 90313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerequire_decl : require_class ';' 90413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | require_decl_def require_id_list ';' 90513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 90613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerequire_class : CLASS identifier names 90713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (require_class(pass)) return -1; } 90813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 90913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerequire_decl_def : ROLE { $$ = require_role; } 91013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE { $$ = require_type; } 91113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ATTRIBUTE { $$ = require_attribute; } 91216675b7f96b7a61ac64180b1824ec04984b72b3bHarry Ciao | ATTRIBUTE_ROLE { $$ = require_attribute_role; } 91313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | USER { $$ = require_user; } 91413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | BOOL { $$ = require_bool; } 91580f26c5ee865993264ef638480c6a05ab574f7c0Harry Ciao | TUNABLE { $$ = require_tunable; } 91613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | SENSITIVITY { $$ = require_sens; } 91713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | CATEGORY { $$ = require_cat; } 91813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 91913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlerequire_id_list : identifier 92013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if ($<require_func>0 (pass)) return -1; } 92113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | require_id_list ',' identifier 92213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if ($<require_func>0 (pass)) return -1; } 92313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 92413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleoptional_block : optional_decl '{' avrules_block '}' 92513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (end_avrule_block(pass) == -1) return -1; } 92613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle optional_else 92713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (end_optional(pass) == -1) return -1; } 92813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 92913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleoptional_else : else_decl '{' avrules_block '}' 93013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (end_avrule_block(pass) == -1) return -1; } 93113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | /* empty */ 93213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 93313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleoptional_decl : OPTIONAL 93413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (begin_optional(pass) == -1) return -1; } 93513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 93613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleelse_decl : ELSE 93713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle { if (begin_optional_else(pass) == -1) return -1; } 93813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 93913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleavrule_user_defs : user_def avrule_user_defs 94013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | /* empty */ 94113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ; 942