113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Copyright (C) 2006-2007 Red Hat 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# see file 'COPYING' for use and warranty information 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is free software; you can redistribute it and/or 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# modify it under the terms of the GNU General Public License as 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# published by the Free Software Foundation; version 2 only 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is distributed in the hope that it will be useful, 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# but WITHOUT ANY WARRANTY; without even the implied warranty of 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# GNU General Public License for more details. 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# You should have received a copy of the GNU General Public License 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# along with this program; if not, write to the Free Software 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# OVERVIEW 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This is a parser for the refpolicy policy "language" - i.e., the 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# normal SELinux policy language plus the refpolicy style M4 macro 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# constructs on top of that base language. This parser is primarily 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# aimed at parsing the policy headers in order to create an abstract 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# policy representation suitable for generating policy. 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Both the lexer and parser are included in this file. The are implemented 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# using the Ply library (included with sepolgen). 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport sys 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport os 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport re 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport traceback 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport refpolicy 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport access 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport defaults 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport lex 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport yacc 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# lexer 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletokens = ( 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # basic tokens, punctuation 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TICK', 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'SQUOTE', 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'OBRACE', 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'CBRACE', 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'SEMI', 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'COLON', 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'OPAREN', 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'CPAREN', 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'COMMA', 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'MINUS', 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TILDE', 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ASTERISK', 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'AMP', 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'BAR', 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'EXPL', 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'EQUAL', 6817cc87e56b0241688c119f774f103622b002e0aeDan Walsh 'FILENAME', 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IDENTIFIER', 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NUMBER', 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'PATH', 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IPV6_ADDR', 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # reserved words 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # module 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'MODULE', 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'POLICY_MODULE', 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'REQUIRE', 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # flask 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'SID', 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'GENFSCON', 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FS_USE_XATTR', 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FS_USE_TRANS', 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FS_USE_TASK', 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'PORTCON', 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NODECON', 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NETIFCON', 876341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'PIRQCON', 886341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'IOMEMCON', 896341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'IOPORTCON', 906341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'PCIDEVICECON', 91f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 'DEVICETREECON', 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # object classes 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'CLASS', 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # types and attributes 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPEATTRIBUTE', 963dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl 'ROLEATTRIBUTE', 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE', 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ATTRIBUTE', 993dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl 'ATTRIBUTE_ROLE', 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ALIAS', 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPEALIAS', 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # conditional policy 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'BOOL', 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TRUE', 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FALSE', 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IF', 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ELSE', 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # users and roles 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ROLE', 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPES', 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # rules 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ALLOW', 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'DONTAUDIT', 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'AUDITALLOW', 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NEVERALLOW', 1169cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56Dan Walsh 'PERMISSIVE', 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE_TRANSITION', 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE_CHANGE', 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE_MEMBER', 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'RANGE_TRANSITION', 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ROLE_TRANSITION', 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # refpolicy keywords 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'OPT_POLICY', 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'INTERFACE', 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TUNABLE_POLICY', 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'GEN_REQ', 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TEMPLATE', 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'GEN_CONTEXT', 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # m4 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IFELSE', 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IFDEF', 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IFNDEF', 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'DEFINE' 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ) 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# All reserved keywords - see t_IDENTIFIER for how these are matched in 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# the lexer. 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlereserved = { 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # module 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'module' : 'MODULE', 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'policy_module' : 'POLICY_MODULE', 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'require' : 'REQUIRE', 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # flask 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'sid' : 'SID', 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'genfscon' : 'GENFSCON', 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'fs_use_xattr' : 'FS_USE_XATTR', 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'fs_use_trans' : 'FS_USE_TRANS', 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'fs_use_task' : 'FS_USE_TASK', 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'portcon' : 'PORTCON', 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'nodecon' : 'NODECON', 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'netifcon' : 'NETIFCON', 1526341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pirqcon' : 'PIRQCON', 1536341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'iomemcon' : 'IOMEMCON', 1546341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'ioportcon' : 'IOPORTCON', 1556341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pcidevicecon' : 'PCIDEVICECON', 156f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 'devicetreecon' : 'DEVICETREECON', 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # object classes 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'class' : 'CLASS', 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # types and attributes 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'typeattribute' : 'TYPEATTRIBUTE', 1613dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl 'roleattribute' : 'ROLEATTRIBUTE', 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type' : 'TYPE', 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'attribute' : 'ATTRIBUTE', 1643dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl 'attribute_role' : 'ATTRIBUTE_ROLE', 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'alias' : 'ALIAS', 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'typealias' : 'TYPEALIAS', 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # conditional policy 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'bool' : 'BOOL', 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'true' : 'TRUE', 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'false' : 'FALSE', 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'if' : 'IF', 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'else' : 'ELSE', 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # users and roles 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'role' : 'ROLE', 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'types' : 'TYPES', 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # rules 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'allow' : 'ALLOW', 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'dontaudit' : 'DONTAUDIT', 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'auditallow' : 'AUDITALLOW', 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'neverallow' : 'NEVERALLOW', 1819cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56Dan Walsh 'permissive' : 'PERMISSIVE', 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type_transition' : 'TYPE_TRANSITION', 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type_change' : 'TYPE_CHANGE', 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type_member' : 'TYPE_MEMBER', 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'range_transition' : 'RANGE_TRANSITION', 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'role_transition' : 'ROLE_TRANSITION', 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # refpolicy keywords 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'optional_policy' : 'OPT_POLICY', 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'interface' : 'INTERFACE', 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'tunable_policy' : 'TUNABLE_POLICY', 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'gen_require' : 'GEN_REQ', 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'template' : 'TEMPLATE', 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'gen_context' : 'GEN_CONTEXT', 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # M4 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ifelse' : 'IFELSE', 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ifndef' : 'IFNDEF', 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ifdef' : 'IFDEF', 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'define' : 'DEFINE' 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# The ply lexer allows definition of tokens in 2 ways: regular expressions 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# or functions. 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Simple regex tokens 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_TICK = r'\`' 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_SQUOTE = r'\'' 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_OBRACE = r'\{' 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_CBRACE = r'\}' 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This will handle spurios extra ';' via the + 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_SEMI = r'\;+' 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_COLON = r'\:' 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_OPAREN = r'\(' 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_CPAREN = r'\)' 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_COMMA = r'\,' 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_MINUS = r'\-' 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_TILDE = r'\~' 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_ASTERISK = r'\*' 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_AMP = r'\&' 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_BAR = r'\|' 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_EXPL = r'\!' 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_EQUAL = r'\=' 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_NUMBER = r'[0-9\.]+' 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_PATH = r'/[a-zA-Z0-9)_\.\*/]*' 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#t_IPV6_ADDR = r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]{0,4}:)*' 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Ignore whitespace - this is a special token for ply that more efficiently 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ignores uninteresting tokens. 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_ignore = " \t" 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# More complex tokens 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_IPV6_ADDR(t): 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]|:)*' 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This is a function simply to force it sooner into 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # the regex list 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return t 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_m4comment(t): 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'dnl.*\n' 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore all comments 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += 1 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_refpolicywarn1(t): 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'define.*refpolicywarn\(.*\n' 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore refpolicywarn statements - they sometimes 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # contain text that we can't parse. 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.skip(1) 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_refpolicywarn(t): 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'refpolicywarn\(.*\n' 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore refpolicywarn statements - they sometimes 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # contain text that we can't parse. 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += 1 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_IDENTIFIER(t): 25517cc87e56b0241688c119f774f103622b002e0aeDan Walsh r'[a-zA-Z_\$][a-zA-Z0-9_\-\+\.\$\*~]*' 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Handle any keywords 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.type = reserved.get(t.value,'IDENTIFIER') 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return t 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26017cc87e56b0241688c119f774f103622b002e0aeDan Walshdef t_FILENAME(t): 26117cc87e56b0241688c119f774f103622b002e0aeDan Walsh r'\"[a-zA-Z0-9_\-\+\.\$\*~ :]+\"' 26217cc87e56b0241688c119f774f103622b002e0aeDan Walsh # Handle any keywords 26317cc87e56b0241688c119f774f103622b002e0aeDan Walsh t.type = reserved.get(t.value,'FILENAME') 26417cc87e56b0241688c119f774f103622b002e0aeDan Walsh return t 26517cc87e56b0241688c119f774f103622b002e0aeDan Walsh 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_comment(t): 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'\#.*\n' 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore all comments 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += 1 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_error(t): 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print "Illegal character '%s'" % t.value[0] 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.skip(1) 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_newline(t): 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'\n+' 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += len(t.value) 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Parser 28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Global data used during parsing - making it global is easier than 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# passing the state through the parsing functions. 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# m is the top-level data structure (stands for modules). 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlem = None 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# error is either None (indicating no error) or a string error message. 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleerror = None 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleparse_file = "" 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# spt is the support macros (e.g., obj/perm sets) - it is an instance of 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# refpolicy.SupportMacros and should always be present during parsing 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# though it may not contain any macros. 29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlespt = None 29752f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillansuccess = True 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# utilities 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef collect(stmts, parent, val=None): 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if stmts is None: 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for s in stmts: 30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if s is None: 30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.parent = parent 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if val is not None: 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parent.children.insert(0, (val, s)) 30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parent.children.insert(0, s) 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef expand(ids, s): 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for id in ids: 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if spt.has_key(id): 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.update(spt.by_name(id)) 31613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.add(id) 31813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 31913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Top-level non-terminal 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_statements(p): 32113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''statements : statement 32213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | statements statement 32313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | empty 32413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 32513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2 and p[1]: 32613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.children.append(p[1]) 32713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) > 2 and p[2]: 32813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.children.append(p[2]) 32913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_statement(p): 33113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''statement : interface 33213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | template 33313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | obj_perm_set 33413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | policy 33513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | policy_module_stmt 33613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | module_stmt 33713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 33813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 33913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_empty(p): 34113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'empty :' 34213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 34313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 34513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Reference policy language constructs 34613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 34713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This is for the policy module statement (e.g., policy_module(foo,1.2.0)). 34913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# We have a separate terminal for either the basic language module statement 35013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# and interface calls to make it easier to identifier. 35113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_policy_module_stmt(p): 35213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'policy_module_stmt : POLICY_MODULE OPAREN IDENTIFIER COMMA NUMBER CPAREN' 35313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.ModuleDeclaration() 35413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.name = p[3] 35513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.version = p[5] 35613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.refpolicy = True 35713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = m 35813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface(p): 36013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface : INTERFACE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 36113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 36213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.Interface(p[4]) 36313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x) 36413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = x 36513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_template(p): 36713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''template : TEMPLATE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 36813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 36913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 37013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.Template(p[4]) 37113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x) 37213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = x 37313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_define(p): 37513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''define : DEFINE OPAREN TICK IDENTIFIER SQUOTE CPAREN''' 37613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This is for defining single M4 values (to be used later in ifdef statements). 37713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Example: define(`sulogin_no_pam'). We don't currently do anything with these 37813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # but we should in the future when we correctly resolve ifdef statements. 37913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = None 38013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 38113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_stmts(p): 38213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_stmts : policy 38313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | interface_stmts policy 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | empty 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2 and p[1]: 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) > 2: 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not p[1]: 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[2]: 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[2] 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif not p[2]: 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + p[2] 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_optional_policy(p): 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''optional_policy : OPT_POLICY OPAREN TICK interface_stmts SQUOTE CPAREN 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | OPT_POLICY OPAREN TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o = refpolicy.OptionalPolicy() 40213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[4], o, val=True) 40313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 7: 40413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], o, val=False) 40513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [o] 40613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_tunable_policy(p): 40813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''tunable_policy : TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 40913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 41013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.TunablePolicy() 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x.cond_expr = p[4] 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x, val=True) 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 11: 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[12], x, val=False) 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [x] 41713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_ifelse(p): 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# x = refpolicy.IfDef(p[4]) 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# v = True 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# collect(p[8], x, val=v) 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# if len(p) > 12: 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# collect(p[12], x, val=False) 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# p[0] = [x] 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_ifdef(p): 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.IfDef(p[4]) 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == 'ifdef': 43813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle v = True 43913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 44013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle v = False 44113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x, val=v) 44213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 12: 44313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[12], x, val=False) 44413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [x] 44513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_call(p): 44713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_call : IDENTIFIER OPAREN interface_call_param_list CPAREN 44813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER OPAREN CPAREN 44913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER OPAREN interface_call_param_list CPAREN SEMI''' 45013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Allow spurious semi-colons at the end of interface calls 45113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = refpolicy.InterfaceCall(ifname=p[1]) 45213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 4: 45313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.args.extend(p[3]) 45413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = i 45513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 45613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_call_param(p): 45713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_call_param : IDENTIFIER 45813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER MINUS IDENTIFIER 45913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_set 46013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TRUE 46113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FALSE 46217cc87e56b0241688c119f774f103622b002e0aeDan Walsh | FILENAME 46313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 46413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Intentionally let single identifiers pass through 46513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # List means set, non-list identifier 46613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 46713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 46813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 46913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1], "-" + p[3]] 47013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 47113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_call_param_list(p): 47213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_call_param_list : interface_call_param 47313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | interface_call_param_list COMMA interface_call_param 47413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 47513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 47613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 47713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 47813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + [p[3]] 47913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_obj_perm_set(p): 48213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'obj_perm_set : DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK names SQUOTE CPAREN' 48313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.ObjPermSet(p[4]) 48413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.perms = p[8] 48513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 48613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 48813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Basic SELinux policy language 48913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 49013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 49113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_policy(p): 49213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''policy : policy_stmt 49313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | optional_policy 49413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | tunable_policy 49513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ifdef 49613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ifelse 49713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | conditional 49813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 49913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 50013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 50113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_policy_stmt(p): 50213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''policy_stmt : gen_require 50313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | avrule_def 50413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typerule_def 50513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typeattribute_def 5063dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl | roleattribute_def 50713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | interface_call 50813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_def 50913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_allow 5109cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56Dan Walsh | permissive 51113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | type_def 51213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typealias_def 51313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | attribute_def 5143dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl | attribute_role_def 51513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | range_transition_def 51613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_transition_def 51713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | bool 51813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | define 51913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | initial_sid 52013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | genfscon 52113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | fs_use 52213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | portcon 52313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nodecon 52413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | netifcon 5256341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | pirqcon 5266341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | iomemcon 5276341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | ioportcon 5286341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | pcidevicecon 529f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf | devicetreecon 53013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 53113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1]: 53213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 53313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_module_stmt(p): 53513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'module_stmt : MODULE IDENTIFIER NUMBER SEMI' 53613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.ModuleDeclaration() 53713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.name = p[2] 53813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.version = p[3] 53913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.refpolicy = False 54013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = m 54113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 54213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_gen_require(p): 54313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''gen_require : GEN_REQ OPAREN TICK requires SQUOTE CPAREN 54413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | REQUIRE OBRACE requires CBRACE''' 54513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # We ignore the require statements - they are redundant data from our point-of-view. 54613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Checkmodule will verify them later anyway so we just assume that they match what 54713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # is in the rest of the interface. 54813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 54913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 55013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_requires(p): 55113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''requires : require 55213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | requires require 55313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ifdef 55413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | requires ifdef 55513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 55613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 55713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 55813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_require(p): 55913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''require : TYPE comma_list SEMI 56013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ROLE comma_list SEMI 56113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ATTRIBUTE comma_list SEMI 5623dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl | ATTRIBUTE_ROLE comma_list SEMI 56313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | CLASS comma_list SEMI 56413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | BOOL comma_list SEMI 56513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 56613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 56713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 56813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_security_context(p): 56913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''security_context : IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER 57013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER COLON mls_range_def''' 57113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This will likely need some updates to handle complex levels 57213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.SecurityContext() 57313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.user = p[1] 57413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.role = p[3] 57513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.type = p[5] 57613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 6: 57713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.level = p[7] 57813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 58013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 58113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_gen_context(p): 58213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''gen_context : GEN_CONTEXT OPAREN security_context COMMA mls_range_def CPAREN 58313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 58413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # We actually store gen_context statements in a SecurityContext 58513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # object - it knows how to output either a bare context or a 58613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # gen_context statement. 58713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = p[3] 58813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.level = p[5] 58913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 59113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_context(p): 59313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''context : security_context 59413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | gen_context 59513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 59613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 59713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_initial_sid(p): 59913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''initial_sid : SID IDENTIFIER context''' 60013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.InitialSid() 60113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.name = p[2] 60213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.context = p[3] 60313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 60413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 60513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_genfscon(p): 60613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''genfscon : GENFSCON IDENTIFIER PATH context''' 60713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 60813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g = refpolicy.GenfsCon() 60913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g.filesystem = p[2] 61013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g.path = p[3] 61113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g.context = p[4] 61213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 61313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = g 61413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 61513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_fs_use(p): 61613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''fs_use : FS_USE_XATTR IDENTIFIER context SEMI 61713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FS_USE_TASK IDENTIFIER context SEMI 61813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FS_USE_TRANS IDENTIFIER context SEMI 61913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 62013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f = refpolicy.FilesystemUse() 62113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == "fs_use_xattr": 62213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = refpolicy.FilesystemUse.XATTR 62313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == "fs_use_task": 62413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = refpolicy.FilesystemUse.TASK 62513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == "fs_use_trans": 62613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = refpolicy.FilesystemUse.TRANS 62713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.filesystem = p[2] 62913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.context = p[3] 63013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = f 63213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_portcon(p): 63413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''portcon : PORTCON IDENTIFIER NUMBER context 63513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | PORTCON IDENTIFIER NUMBER MINUS NUMBER context''' 63613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = refpolicy.PortCon() 63713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.port_type = p[2] 63813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 5: 63913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.port_number = p[3] 64013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.context = p[4] 64113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 64213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.port_number = p[3] + "-" + p[4] 64313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.context = p[5] 64413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 64513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = c 64613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 64713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nodecon(p): 64813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nodecon : NODECON NUMBER NUMBER context 64913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NODECON IPV6_ADDR IPV6_ADDR context 65013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 65113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n = refpolicy.NodeCon() 65213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.start = p[2] 65313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.end = p[3] 65413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.context = p[4] 65513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 65613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = n 65713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 65813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_netifcon(p): 65913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'netifcon : NETIFCON IDENTIFIER context context' 66013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n = refpolicy.NetifCon() 66113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.interface = p[2] 66213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.interface_context = p[3] 66313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.packet_context = p[4] 66413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 66513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = n 66613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6676341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_pirqcon(p): 6686341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pirqcon : PIRQCON NUMBER context' 6696341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.PirqCon() 6706341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.pirq_number = p[2] 6716341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 6726341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6736341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 6746341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6756341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_iomemcon(p): 6766341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi '''iomemcon : IOMEMCON NUMBER context 6776341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | IOMEMCON NUMBER MINUS NUMBER context''' 6786341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.IomemCon() 6796341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi if len(p) == 4: 6806341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.device_mem = p[2] 6816341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 6826341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi else: 6836341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.device_mem = p[2] + "-" + p[3] 6846341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[4] 6856341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6866341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 6876341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6886341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_ioportcon(p): 6896341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi '''ioportcon : IOPORTCON NUMBER context 6906341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | IOPORTCON NUMBER MINUS NUMBER context''' 6916341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.IoportCon() 6926341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi if len(p) == 4: 6936341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.ioport = p[2] 6946341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 6956341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi else: 6966341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.ioport = p[2] + "-" + p[3] 6976341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[4] 6986341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6996341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 7006341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 7016341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_pcidevicecon(p): 7026341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pcidevicecon : PCIDEVICECON NUMBER context' 7036341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.PciDeviceCon() 7046341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.device = p[2] 7056341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 7066341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 7076341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 7086341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 709f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graafdef p_devicetreecon(p): 710f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 'devicetreecon : DEVICETREECON NUMBER context' 711f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf c = refpolicy.DevicetTeeCon() 712f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf c.path = p[2] 713f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf c.context = p[3] 714f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 715f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf p[0] = c 716f0290677091e7eee4a3724a2a86ede9e11f93802Daniel De Graaf 71713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_mls_range_def(p): 71813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''mls_range_def : mls_level_def MINUS mls_level_def 71913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | mls_level_def 72013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 72113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 72213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 2: 72313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[0] + "-" + p[3] 72413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 72513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_mls_level_def(p): 72613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''mls_level_def : IDENTIFIER COLON comma_list 72713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER 72813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 72913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 73013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 2: 73113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[0] + ":" + ",".join(p[3]) 73213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 73313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_type_def(p): 73413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''type_def : TYPE IDENTIFIER COMMA comma_list SEMI 73513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE IDENTIFIER SEMI 73613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE IDENTIFIER ALIAS names SEMI 73713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE IDENTIFIER ALIAS names COMMA comma_list SEMI 73813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 73913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.Type(p[2]) 74013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 6: 74113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[3] == ',': 74213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.attributes.update(p[4]) 74313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 74413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.aliases = p[4] 74513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) > 4: 74613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.aliases = p[4] 74713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 8: 74813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.attributes.update(p[6]) 74913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 75013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 75113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_attribute_def(p): 75213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'attribute_def : ATTRIBUTE IDENTIFIER SEMI' 75313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.Attribute(p[2]) 75413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = a 75513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7563dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepldef p_attribute_role_def(p): 7573dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl 'attribute_role_def : ATTRIBUTE_ROLE IDENTIFIER SEMI' 7583dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl a = refpolicy.Attribute_Role(p[2]) 7593dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl p[0] = a 7603dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl 76113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_typealias_def(p): 76213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'typealias_def : TYPEALIAS IDENTIFIER ALIAS names SEMI' 76313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.TypeAlias() 76413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.type = p[2] 76513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.aliases = p[4] 76613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 76713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 76813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_role_def(p): 76913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''role_def : ROLE IDENTIFIER TYPES comma_list SEMI 77013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ROLE IDENTIFIER SEMI''' 77113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r = refpolicy.Role() 77213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.role = p[2] 77313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 4: 77413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.types.update(p[4]) 77513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = r 77613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 77713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_role_allow(p): 77813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'role_allow : ALLOW names names SEMI' 77913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r = refpolicy.RoleAllow() 78013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.src_roles = p[2] 78113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.tgt_roles = p[3] 78213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = r 78313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7849cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56Dan Walshdef p_permissive(p): 7859cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56Dan Walsh 'permissive : PERMISSIVE names SEMI' 7869cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56Dan Walsh t.skip(1) 7879cbd404ceb6c87483a4b8b2718b8d9ed8e4e6b56Dan Walsh 78813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_avrule_def(p): 78913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''avrule_def : ALLOW names names COLON names names SEMI 79013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | DONTAUDIT names names COLON names names SEMI 79113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | AUDITALLOW names names COLON names names SEMI 79213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NEVERALLOW names names COLON names names SEMI 79313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 79413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 79513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == 'dontaudit': 79613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = refpolicy.AVRule.DONTAUDIT 79713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == 'auditallow': 79813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = refpolicy.AVRule.AUDITALLOW 79913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == 'neverallow': 80013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = refpolicy.AVRule.NEVERALLOW 80113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types = p[2] 80213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types = p[3] 80313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes = p[5] 80413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms = p[6] 80513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = a 80613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 80713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_typerule_def(p): 80813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI 80917cc87e56b0241688c119f774f103622b002e0aeDan Walsh | TYPE_TRANSITION names names COLON names IDENTIFIER FILENAME SEMI 810de311acdc976f8a8ec186d99181782e56b12b454Eric Paris | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI 81113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_CHANGE names names COLON names IDENTIFIER SEMI 81213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_MEMBER names names COLON names IDENTIFIER SEMI 81313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 81413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.TypeRule() 81513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == 'type_change': 81613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.rule_type = refpolicy.TypeRule.TYPE_CHANGE 81713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == 'type_member': 81813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.rule_type = refpolicy.TypeRule.TYPE_MEMBER 81913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.src_types = p[2] 82013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.tgt_types = p[3] 82113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.obj_classes = p[5] 82213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.dest_type = p[6] 82317cc87e56b0241688c119f774f103622b002e0aeDan Walsh t.file_name = p[7] 82413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 82513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 82613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_bool(p): 82713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''bool : BOOL IDENTIFIER TRUE SEMI 82813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | BOOL IDENTIFIER FALSE SEMI''' 82913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b = refpolicy.Bool() 83013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b.name = p[2] 83113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[3] == "true": 83213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b.state = True 83313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 83413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b.state = False 83513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = b 83613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 83713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_conditional(p): 83813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' conditional : IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE 83913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE ELSE OBRACE interface_stmts CBRACE 84013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 84113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = refpolicy.Conditional() 84213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.cond_expr = p[3] 84313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[6], c, val=True) 84413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 8: 84513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[10], c, val=False) 84613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [c] 84713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 84813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_typeattribute_def(p): 84913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''typeattribute_def : TYPEATTRIBUTE IDENTIFIER comma_list SEMI''' 85013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.TypeAttribute() 85113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.type = p[2] 85213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.attributes.update(p[3]) 85313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 85413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8553dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepldef p_roleattribute_def(p): 8563dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl '''roleattribute_def : ROLEATTRIBUTE IDENTIFIER comma_list SEMI''' 8573dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl t = refpolicy.RoleAttribute() 8583dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl t.role = p[2] 8593dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl t.roleattributes.update(p[3]) 8603dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl p[0] = t 8613dd13f7d0859b3f8b97700f5c24651af4807af49Miroslav Grepl 86213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_range_transition_def(p): 86313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI 86413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | RANGE_TRANSITION names names names SEMI''' 86513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 86613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 86713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_role_transition_def(p): 86813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''role_transition_def : ROLE_TRANSITION names names names SEMI''' 86913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 87013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_cond_expr(p): 87213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''cond_expr : IDENTIFIER 87313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | EXPL cond_expr 87413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr AMP AMP cond_expr 87513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr BAR BAR cond_expr 87613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr EQUAL EQUAL cond_expr 87713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr EXPL EQUAL cond_expr 87813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 87913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l = len(p) 88013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if l == 2: 88113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 88213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif l == 3: 88313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] + p[2] 88413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 88513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + [p[2] + p[3]] + p[4] 88613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 88913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Basic terminals 89013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 89113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 89213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Identifiers and lists of identifiers. These must 89313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# be handled somewhat gracefully. Names returns an IdSet and care must 89413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# be taken that this is _assigned_ to an object to correctly update 89513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# all of the flags (as opposed to using update). The other terminals 89613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# return list - this is to preserve ordering if it is important for 89713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# parsing (for example, interface_call must retain the ordering). Other 89813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# times the list should be used to update an IdSet. 89913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 90013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_names(p): 90113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''names : identifier 90213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_set 90313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | asterisk 90413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TILDE identifier 90513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TILDE nested_id_set 90613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER MINUS IDENTIFIER 90713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 90813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.IdSet() 90913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) < 3: 91013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle expand(p[1], s) 91113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) == 3: 91213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle expand(p[2], s) 91313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.compliment = True 91413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 91513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle expand([p[1]]) 91613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.add("-" + p[3]) 91713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 91813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 91913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_identifier(p): 92013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'identifier : IDENTIFIER' 92113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 92213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 92313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_asterisk(p): 92413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'asterisk : ASTERISK' 92513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 92613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 92713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nested_id_set(p): 92813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nested_id_set : OBRACE nested_id_list CBRACE 92913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 93013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[2] 93113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 93213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nested_id_list(p): 93313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nested_id_list : nested_id_element 93413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_list nested_id_element 93513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 93613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 93713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 93813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 93913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + p[2] 94013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 94113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nested_id_element(p): 94213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nested_id_element : identifier 94313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | MINUS IDENTIFIER 94413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_set 94513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 94613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 94713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 94813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 94913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # For now just leave the '-' 95013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle str = "-" + p[2] 95113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [str] 95213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 95313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_comma_list(p): 95413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''comma_list : nested_id_list 95513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | comma_list COMMA nested_id_list 95613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 95713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 2: 95813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[1] = p[1] + p[3] 95913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 96013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 96113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_optional_semi(p): 96213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''optional_semi : SEMI 96313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | empty''' 96413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 96513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 96613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 96713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 96813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Interface to the parser 96913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 97013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 97113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_error(tok): 97252f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan global error, parse_file, success, parser 97313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle error = "%s: Syntax error on line %d %s [type=%s]" % (parse_file, tok.lineno, tok.value, tok.type) 97413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print error 97513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle success = False 97613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 97713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef prep_spt(spt): 97813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not spt: 97913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return { } 98013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle map = {} 98113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for x in spt: 98213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle map[x.name] = x 98313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 98413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleparser = None 98513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlelexer = None 98613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef create_globals(module, support, debug): 98713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle global parser, lexer, m, spt 98852f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan 98913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not parser: 99013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lexer = lex.lex() 99113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parser = yacc.yacc(method="LALR", debug=debug, write_tables=0) 99213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if module is not None: 99413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = module 99513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 99613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.Module() 99713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not support: 99913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = refpolicy.SupportMacros() 100013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 100113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = support 100213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 100313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef parse(text, module=None, support=None, debug=False): 100413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle create_globals(module, support, debug) 100552f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan global error, parser, lexer, success 100652f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan 100752f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan success = True 100813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 100913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle try: 101052f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan parser.parse(text, debug=debug, lexer=lexer) 101113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except Exception, e: 101252f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan parser = None 101352f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan lexer = None 101413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle error = "internal parser error: %s" % str(e) + "\n" + traceback.format_exc() 101513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 101652f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan if not success: 101752f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan # force the parser and lexer to be rebuilt - we have some problems otherwise 101852f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan parser = None 101913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle msg = 'could not parse text: "%s"' % error 102013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError(msg) 102113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return m 102213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 102313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef list_headers(root): 102413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules = [] 102513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle support_macros = None 102613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 102713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for dirpath, dirnames, filenames in os.walk(root): 102813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for name in filenames: 102913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modname = os.path.splitext(name) 103013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle filename = os.path.join(dirpath, name) 103113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 103213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if modname[1] == '.spt': 103313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if name == "obj_perm_sets.spt": 103413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle support_macros = filename 103513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(re.findall("patterns", modname[0])): 103613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules.append((modname[0], filename)) 103713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif modname[1] == '.if': 103813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules.append((modname[0], filename)) 103913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (modules, support_macros) 104113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef parse_headers(root, output=None, expand=True, debug=False): 104413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle import util 104513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers = refpolicy.Headers() 104713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules = [] 104913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle support_macros = None 105013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if os.path.isfile(root): 105213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name = os.path.split(root)[1] 105313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if name == '': 105413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError("Invalid file name %s" % root) 105513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modname = os.path.splitext(name) 105613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules.append((modname[0], root)) 105713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle all_modules, support_macros = list_headers(defaults.headers()) 105813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 105913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules, support_macros = list_headers(root) 106013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 106113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if expand and not support_macros: 106213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError("could not find support macros (obj_perm_sets.spt)") 106313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 106413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def o(msg): 106513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if output: 106613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle output.write(msg) 106713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 106813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def parse_file(f, module, spt=None): 106913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle global parse_file 107013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if debug: 107113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("parsing file %s\n" % f) 107213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle try: 107313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fd = open(f) 107413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle txt = fd.read() 107513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fd.close() 107613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file = f 107713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse(txt, module, spt, debug) 107813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except IOError, e: 107913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 108013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except ValueError, e: 108113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError("error parsing file %s: %s" % (f, str(e))) 108213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 108313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = None 108413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if support_macros: 108513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("Parsing support macros (%s): " % support_macros) 108613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = refpolicy.SupportMacros() 108713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file(support_macros, spt) 108813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 108913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers.children.append(spt) 109013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 109113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # FIXME: Total hack - add in can_exec rather than parse the insanity 109213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # of misc_macros. We are just going to pretend that this is an interface 109313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # to make the expansion work correctly. 109413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle can_exec = refpolicy.Interface("can_exec") 10953f1446944eef99734bf4caef093b7fc1de51c747Eric Paris av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read", 109613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "getattr","lock","execute","ioctl"]) 109713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 109813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle can_exec.children.append(refpolicy.AVRule(av)) 109913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers.children.append(can_exec) 110013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 110113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("done.\n") 110213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 110313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if output and not debug: 110413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle status = util.ConsoleProgressBar(sys.stdout, steps=len(modules)) 110513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle status.start("Parsing interface files") 110613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 110713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle failures = [] 110813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for x in modules: 110913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.Module() 111013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.name = x[0] 111113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle try: 111213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if expand: 111313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file(x[1], m, spt) 111413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 111513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file(x[1], m) 111613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except ValueError, e: 111713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o(str(e) + "\n") 111813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle failures.append(x[1]) 111913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue 112013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 112113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers.children.append(m) 112213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if output and not debug: 112313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle status.step() 112413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 112513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(failures): 112613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("failed to parse some headers: %s" % ", ".join(failures)) 112713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 112813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return headers 1129