refparser.py revision 3f1446944eef99734bf4caef093b7fc1de51c747
113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Authors: Karl MacMillan <kmacmillan@mentalrootkit.com> 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Copyright (C) 2006-2007 Red Hat 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# see file 'COPYING' for use and warranty information 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is free software; you can redistribute it and/or 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# modify it under the terms of the GNU General Public License as 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# published by the Free Software Foundation; version 2 only 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This program is distributed in the hope that it will be useful, 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# but WITHOUT ANY WARRANTY; without even the implied warranty of 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# GNU General Public License for more details. 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# You should have received a copy of the GNU General Public License 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# along with this program; if not, write to the Free Software 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# OVERVIEW 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This is a parser for the refpolicy policy "language" - i.e., the 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# normal SELinux policy language plus the refpolicy style M4 macro 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# constructs on top of that base language. This parser is primarily 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# aimed at parsing the policy headers in order to create an abstract 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# policy representation suitable for generating policy. 2813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 2913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Both the lexer and parser are included in this file. The are implemented 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# using the Ply library (included with sepolgen). 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport sys 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport os 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport re 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport traceback 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport refpolicy 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport access 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport defaults 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport lex 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleimport yacc 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# lexer 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletokens = ( 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # basic tokens, punctuation 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TICK', 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'SQUOTE', 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'OBRACE', 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'CBRACE', 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'SEMI', 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'COLON', 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'OPAREN', 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'CPAREN', 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'COMMA', 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'MINUS', 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TILDE', 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ASTERISK', 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'AMP', 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'BAR', 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'EXPL', 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'EQUAL', 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IDENTIFIER', 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NUMBER', 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'PATH', 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IPV6_ADDR', 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # reserved words 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # module 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'MODULE', 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'POLICY_MODULE', 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'REQUIRE', 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # flask 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'SID', 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'GENFSCON', 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FS_USE_XATTR', 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FS_USE_TRANS', 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FS_USE_TASK', 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'PORTCON', 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NODECON', 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NETIFCON', 866341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'PIRQCON', 876341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'IOMEMCON', 886341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'IOPORTCON', 896341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'PCIDEVICECON', 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # object classes 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'CLASS', 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # types and attributes 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPEATTRIBUTE', 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE', 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ATTRIBUTE', 9613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ALIAS', 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPEALIAS', 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # conditional policy 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'BOOL', 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TRUE', 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'FALSE', 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IF', 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ELSE', 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # users and roles 10513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ROLE', 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPES', 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # rules 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ALLOW', 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'DONTAUDIT', 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'AUDITALLOW', 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'NEVERALLOW', 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE_TRANSITION', 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE_CHANGE', 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TYPE_MEMBER', 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'RANGE_TRANSITION', 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ROLE_TRANSITION', 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # refpolicy keywords 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'OPT_POLICY', 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'INTERFACE', 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TUNABLE_POLICY', 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'GEN_REQ', 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'TEMPLATE', 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'GEN_CONTEXT', 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # m4 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IFELSE', 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IFDEF', 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'IFNDEF', 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'DEFINE' 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ) 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# All reserved keywords - see t_IDENTIFIER for how these are matched in 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# the lexer. 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlereserved = { 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # module 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'module' : 'MODULE', 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'policy_module' : 'POLICY_MODULE', 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'require' : 'REQUIRE', 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # flask 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'sid' : 'SID', 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'genfscon' : 'GENFSCON', 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'fs_use_xattr' : 'FS_USE_XATTR', 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'fs_use_trans' : 'FS_USE_TRANS', 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'fs_use_task' : 'FS_USE_TASK', 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'portcon' : 'PORTCON', 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'nodecon' : 'NODECON', 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'netifcon' : 'NETIFCON', 1476341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pirqcon' : 'PIRQCON', 1486341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'iomemcon' : 'IOMEMCON', 1496341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'ioportcon' : 'IOPORTCON', 1506341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pcidevicecon' : 'PCIDEVICECON', 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # object classes 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'class' : 'CLASS', 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # types and attributes 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'typeattribute' : 'TYPEATTRIBUTE', 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type' : 'TYPE', 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'attribute' : 'ATTRIBUTE', 15713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'alias' : 'ALIAS', 15813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'typealias' : 'TYPEALIAS', 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # conditional policy 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'bool' : 'BOOL', 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'true' : 'TRUE', 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'false' : 'FALSE', 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'if' : 'IF', 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'else' : 'ELSE', 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # users and roles 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'role' : 'ROLE', 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'types' : 'TYPES', 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # rules 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'allow' : 'ALLOW', 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'dontaudit' : 'DONTAUDIT', 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'auditallow' : 'AUDITALLOW', 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'neverallow' : 'NEVERALLOW', 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type_transition' : 'TYPE_TRANSITION', 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type_change' : 'TYPE_CHANGE', 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'type_member' : 'TYPE_MEMBER', 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'range_transition' : 'RANGE_TRANSITION', 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'role_transition' : 'ROLE_TRANSITION', 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # refpolicy keywords 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'optional_policy' : 'OPT_POLICY', 18013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'interface' : 'INTERFACE', 18113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'tunable_policy' : 'TUNABLE_POLICY', 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'gen_require' : 'GEN_REQ', 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'template' : 'TEMPLATE', 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'gen_context' : 'GEN_CONTEXT', 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # M4 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ifelse' : 'IFELSE', 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ifndef' : 'IFNDEF', 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'ifdef' : 'IFDEF', 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'define' : 'DEFINE' 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# The ply lexer allows definition of tokens in 2 ways: regular expressions 19313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# or functions. 19413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Simple regex tokens 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_TICK = r'\`' 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_SQUOTE = r'\'' 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_OBRACE = r'\{' 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_CBRACE = r'\}' 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This will handle spurios extra ';' via the + 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_SEMI = r'\;+' 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_COLON = r'\:' 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_OPAREN = r'\(' 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_CPAREN = r'\)' 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_COMMA = r'\,' 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_MINUS = r'\-' 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_TILDE = r'\~' 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_ASTERISK = r'\*' 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_AMP = r'\&' 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_BAR = r'\|' 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_EXPL = r'\!' 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_EQUAL = r'\=' 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_NUMBER = r'[0-9\.]+' 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_PATH = r'/[a-zA-Z0-9)_\.\*/]*' 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#t_IPV6_ADDR = r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]{0,4}:)*' 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Ignore whitespace - this is a special token for ply that more efficiently 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ignores uninteresting tokens. 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlet_ignore = " \t" 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# More complex tokens 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_IPV6_ADDR(t): 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]|:)*' 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This is a function simply to force it sooner into 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # the regex list 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return t 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_m4comment(t): 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'dnl.*\n' 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore all comments 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += 1 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_refpolicywarn1(t): 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'define.*refpolicywarn\(.*\n' 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore refpolicywarn statements - they sometimes 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # contain text that we can't parse. 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.skip(1) 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_refpolicywarn(t): 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'refpolicywarn\(.*\n' 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore refpolicywarn statements - they sometimes 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # contain text that we can't parse. 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += 1 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_IDENTIFIER(t): 246de311acdc976f8a8ec186d99181782e56b12b454Eric Paris r'[a-zA-Z_\$\"][a-zA-Z0-9_\-\.\$\*\"]*' 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Handle any keywords 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.type = reserved.get(t.value,'IDENTIFIER') 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return t 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_comment(t): 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'\#.*\n' 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Ignore all comments 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += 1 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_error(t): 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print "Illegal character '%s'" % t.value[0] 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.skip(1) 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef t_newline(t): 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r'\n+' 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.lexer.lineno += len(t.value) 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Parser 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Global data used during parsing - making it global is easier than 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# passing the state through the parsing functions. 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# m is the top-level data structure (stands for modules). 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlem = None 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# error is either None (indicating no error) or a string error message. 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleerror = None 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleparse_file = "" 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# spt is the support macros (e.g., obj/perm sets) - it is an instance of 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# refpolicy.SupportMacros and should always be present during parsing 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# though it may not contain any macros. 28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlespt = None 28252f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillansuccess = True 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# utilities 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef collect(stmts, parent, val=None): 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if stmts is None: 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for s in stmts: 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if s is None: 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.parent = parent 29213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if val is not None: 29313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parent.children.insert(0, (val, s)) 29413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 29513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parent.children.insert(0, s) 29613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 29713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef expand(ids, s): 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for id in ids: 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if spt.has_key(id): 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.update(spt.by_name(id)) 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.add(id) 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Top-level non-terminal 30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_statements(p): 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''statements : statement 30713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | statements statement 30813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | empty 30913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 31013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2 and p[1]: 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.children.append(p[1]) 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) > 2 and p[2]: 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.children.append(p[2]) 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_statement(p): 31613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''statement : interface 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | template 31813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | obj_perm_set 31913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | policy 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | policy_module_stmt 32113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | module_stmt 32213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 32313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 32413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 32513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_empty(p): 32613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'empty :' 32713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 32813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 32913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 33013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Reference policy language constructs 33113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 33213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# This is for the policy module statement (e.g., policy_module(foo,1.2.0)). 33413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# We have a separate terminal for either the basic language module statement 33513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# and interface calls to make it easier to identifier. 33613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_policy_module_stmt(p): 33713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'policy_module_stmt : POLICY_MODULE OPAREN IDENTIFIER COMMA NUMBER CPAREN' 33813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.ModuleDeclaration() 33913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.name = p[3] 34013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.version = p[5] 34113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.refpolicy = True 34213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = m 34313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface(p): 34513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface : INTERFACE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 34613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 34713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.Interface(p[4]) 34813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x) 34913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = x 35013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_template(p): 35213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''template : TEMPLATE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 35313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 35413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 35513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.Template(p[4]) 35613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x) 35713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = x 35813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_define(p): 36013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''define : DEFINE OPAREN TICK IDENTIFIER SQUOTE CPAREN''' 36113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This is for defining single M4 values (to be used later in ifdef statements). 36213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Example: define(`sulogin_no_pam'). We don't currently do anything with these 36313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # but we should in the future when we correctly resolve ifdef statements. 36413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = None 36513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_stmts(p): 36713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_stmts : policy 36813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | interface_stmts policy 36913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | empty 37013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 37113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2 and p[1]: 37213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 37313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) > 2: 37413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not p[1]: 37513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[2]: 37613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[2] 37713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif not p[2]: 37813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 37913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 38013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + p[2] 38113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 38213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_optional_policy(p): 38313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''optional_policy : OPT_POLICY OPAREN TICK interface_stmts SQUOTE CPAREN 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | OPT_POLICY OPAREN TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o = refpolicy.OptionalPolicy() 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[4], o, val=True) 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 7: 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], o, val=False) 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [o] 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_tunable_policy(p): 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''tunable_policy : TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.TunablePolicy() 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x.cond_expr = p[4] 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x, val=True) 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 11: 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[12], x, val=False) 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [x] 40213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_ifelse(p): 40413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''ifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 40513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 40613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# x = refpolicy.IfDef(p[4]) 40813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# v = True 40913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# collect(p[8], x, val=v) 41013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# if len(p) > 12: 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# collect(p[12], x, val=False) 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# p[0] = [x] 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_ifdef(p): 41713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''ifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 41813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle x = refpolicy.IfDef(p[4]) 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == 'ifdef': 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle v = True 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle v = False 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[8], x, val=v) 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 12: 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[12], x, val=False) 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [x] 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_call(p): 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_call : IDENTIFIER OPAREN interface_call_param_list CPAREN 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER OPAREN CPAREN 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER OPAREN interface_call_param_list CPAREN SEMI''' 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Allow spurious semi-colons at the end of interface calls 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i = refpolicy.InterfaceCall(ifname=p[1]) 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 4: 43813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle i.args.extend(p[3]) 43913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = i 44013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_call_param(p): 44213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_call_param : IDENTIFIER 44313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER MINUS IDENTIFIER 44413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_set 44513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TRUE 44613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FALSE 44713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 44813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Intentionally let single identifiers pass through 44913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # List means set, non-list identifier 45013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 45113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 45213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 45313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1], "-" + p[3]] 45413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 45513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_interface_call_param_list(p): 45613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''interface_call_param_list : interface_call_param 45713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | interface_call_param_list COMMA interface_call_param 45813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 45913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 46013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 46113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 46213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + [p[3]] 46313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_obj_perm_set(p): 46613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'obj_perm_set : DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK names SQUOTE CPAREN' 46713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.ObjPermSet(p[4]) 46813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.perms = p[8] 46913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 47013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 47113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 47213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Basic SELinux policy language 47313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 47413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 47513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_policy(p): 47613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''policy : policy_stmt 47713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | optional_policy 47813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | tunable_policy 47913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ifdef 48013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ifelse 48113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | conditional 48213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 48313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 48413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_policy_stmt(p): 48613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''policy_stmt : gen_require 48713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | avrule_def 48813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typerule_def 48913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typeattribute_def 49013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | interface_call 49113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_def 49213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_allow 49313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | type_def 49413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | typealias_def 49513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | attribute_def 49613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | range_transition_def 49713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | role_transition_def 49813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | bool 49913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | define 50013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | initial_sid 50113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | genfscon 50213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | fs_use 50313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | portcon 50413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nodecon 50513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | netifcon 5066341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | pirqcon 5076341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | iomemcon 5086341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | ioportcon 5096341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | pcidevicecon 51013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 51113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1]: 51213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 51313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 51413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_module_stmt(p): 51513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'module_stmt : MODULE IDENTIFIER NUMBER SEMI' 51613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.ModuleDeclaration() 51713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.name = p[2] 51813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.version = p[3] 51913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.refpolicy = False 52013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = m 52113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 52213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_gen_require(p): 52313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''gen_require : GEN_REQ OPAREN TICK requires SQUOTE CPAREN 52413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | REQUIRE OBRACE requires CBRACE''' 52513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # We ignore the require statements - they are redundant data from our point-of-view. 52613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # Checkmodule will verify them later anyway so we just assume that they match what 52713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # is in the rest of the interface. 52813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 52913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_requires(p): 53113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''requires : require 53213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | requires require 53313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ifdef 53413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | requires ifdef 53513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 53613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 53713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 53813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_require(p): 53913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''require : TYPE comma_list SEMI 54013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ROLE comma_list SEMI 54113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ATTRIBUTE comma_list SEMI 54213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | CLASS comma_list SEMI 54313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | BOOL comma_list SEMI 54413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 54513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 54613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 54713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_security_context(p): 54813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''security_context : IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER 54913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER COLON mls_range_def''' 55013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # This will likely need some updates to handle complex levels 55113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.SecurityContext() 55213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.user = p[1] 55313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.role = p[3] 55413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.type = p[5] 55513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 6: 55613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.level = p[7] 55713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 55813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 55913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 56013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_gen_context(p): 56113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''gen_context : GEN_CONTEXT OPAREN security_context COMMA mls_range_def CPAREN 56213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 56313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # We actually store gen_context statements in a SecurityContext 56413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # object - it knows how to output either a bare context or a 56513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # gen_context statement. 56613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = p[3] 56713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.level = p[5] 56813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 56913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 57013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_context(p): 57213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''context : security_context 57313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | gen_context 57413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 57513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 57613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 57713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_initial_sid(p): 57813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''initial_sid : SID IDENTIFIER context''' 57913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.InitialSid() 58013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.name = p[2] 58113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.context = p[3] 58213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 58313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 58413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_genfscon(p): 58513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''genfscon : GENFSCON IDENTIFIER PATH context''' 58613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 58713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g = refpolicy.GenfsCon() 58813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g.filesystem = p[2] 58913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g.path = p[3] 59013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle g.context = p[4] 59113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = g 59313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 59413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_fs_use(p): 59513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''fs_use : FS_USE_XATTR IDENTIFIER context SEMI 59613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FS_USE_TASK IDENTIFIER context SEMI 59713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | FS_USE_TRANS IDENTIFIER context SEMI 59813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 59913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f = refpolicy.FilesystemUse() 60013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == "fs_use_xattr": 60113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = refpolicy.FilesystemUse.XATTR 60213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == "fs_use_task": 60313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = refpolicy.FilesystemUse.TASK 60413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == "fs_use_trans": 60513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.type = refpolicy.FilesystemUse.TRANS 60613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 60713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.filesystem = p[2] 60813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle f.context = p[3] 60913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 61013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = f 61113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 61213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_portcon(p): 61313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''portcon : PORTCON IDENTIFIER NUMBER context 61413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | PORTCON IDENTIFIER NUMBER MINUS NUMBER context''' 61513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = refpolicy.PortCon() 61613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.port_type = p[2] 61713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 5: 61813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.port_number = p[3] 61913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.context = p[4] 62013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 62113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.port_number = p[3] + "-" + p[4] 62213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.context = p[5] 62313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = c 62513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 62613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nodecon(p): 62713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nodecon : NODECON NUMBER NUMBER context 62813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NODECON IPV6_ADDR IPV6_ADDR context 62913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 63013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n = refpolicy.NodeCon() 63113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.start = p[2] 63213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.end = p[3] 63313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.context = p[4] 63413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = n 63613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 63713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_netifcon(p): 63813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'netifcon : NETIFCON IDENTIFIER context context' 63913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n = refpolicy.NetifCon() 64013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.interface = p[2] 64113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.interface_context = p[3] 64213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle n.packet_context = p[4] 64313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 64413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = n 64513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6466341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_pirqcon(p): 6476341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pirqcon : PIRQCON NUMBER context' 6486341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.PirqCon() 6496341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.pirq_number = p[2] 6506341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 6516341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6526341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 6536341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6546341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_iomemcon(p): 6556341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi '''iomemcon : IOMEMCON NUMBER context 6566341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | IOMEMCON NUMBER MINUS NUMBER context''' 6576341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.IomemCon() 6586341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi if len(p) == 4: 6596341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.device_mem = p[2] 6606341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 6616341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi else: 6626341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.device_mem = p[2] + "-" + p[3] 6636341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[4] 6646341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6656341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 6666341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6676341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_ioportcon(p): 6686341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi '''ioportcon : IOPORTCON NUMBER context 6696341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi | IOPORTCON NUMBER MINUS NUMBER context''' 6706341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.IoportCon() 6716341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi if len(p) == 4: 6726341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.ioport = p[2] 6736341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 6746341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi else: 6756341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.ioport = p[2] + "-" + p[3] 6766341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[4] 6776341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6786341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 6796341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6806341f6a4926b46f36ba9a05736460da53bd95557pjnuzzidef p_pcidevicecon(p): 6816341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 'pcidevicecon : PCIDEVICECON NUMBER context' 6826341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c = refpolicy.PciDeviceCon() 6836341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.device = p[2] 6846341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi c.context = p[3] 6856341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 6866341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi p[0] = c 6876341f6a4926b46f36ba9a05736460da53bd95557pjnuzzi 68813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_mls_range_def(p): 68913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''mls_range_def : mls_level_def MINUS mls_level_def 69013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | mls_level_def 69113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 69213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 69313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 2: 69413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[0] + "-" + p[3] 69513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 69613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_mls_level_def(p): 69713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''mls_level_def : IDENTIFIER COLON comma_list 69813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER 69913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 70013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 70113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 2: 70213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[0] + ":" + ",".join(p[3]) 70313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 70413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_type_def(p): 70513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''type_def : TYPE IDENTIFIER COMMA comma_list SEMI 70613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE IDENTIFIER SEMI 70713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE IDENTIFIER ALIAS names SEMI 70813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE IDENTIFIER ALIAS names COMMA comma_list SEMI 70913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 71013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.Type(p[2]) 71113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 6: 71213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[3] == ',': 71313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.attributes.update(p[4]) 71413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 71513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.aliases = p[4] 71613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) > 4: 71713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.aliases = p[4] 71813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 8: 71913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.attributes.update(p[6]) 72013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 72113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 72213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_attribute_def(p): 72313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'attribute_def : ATTRIBUTE IDENTIFIER SEMI' 72413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.Attribute(p[2]) 72513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = a 72613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 72713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_typealias_def(p): 72813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'typealias_def : TYPEALIAS IDENTIFIER ALIAS names SEMI' 72913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.TypeAlias() 73013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.type = p[2] 73113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.aliases = p[4] 73213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 73313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 73413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_role_def(p): 73513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''role_def : ROLE IDENTIFIER TYPES comma_list SEMI 73613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | ROLE IDENTIFIER SEMI''' 73713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r = refpolicy.Role() 73813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.role = p[2] 73913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 4: 74013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.types.update(p[4]) 74113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = r 74213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 74313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_role_allow(p): 74413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'role_allow : ALLOW names names SEMI' 74513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r = refpolicy.RoleAllow() 74613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.src_roles = p[2] 74713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle r.tgt_roles = p[3] 74813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = r 74913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 75013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_avrule_def(p): 75113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''avrule_def : ALLOW names names COLON names names SEMI 75213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | DONTAUDIT names names COLON names names SEMI 75313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | AUDITALLOW names names COLON names names SEMI 75413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | NEVERALLOW names names COLON names names SEMI 75513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 75613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a = refpolicy.AVRule() 75713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == 'dontaudit': 75813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = refpolicy.AVRule.DONTAUDIT 75913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == 'auditallow': 76013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = refpolicy.AVRule.AUDITALLOW 76113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == 'neverallow': 76213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.rule_type = refpolicy.AVRule.NEVERALLOW 76313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.src_types = p[2] 76413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.tgt_types = p[3] 76513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.obj_classes = p[5] 76613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle a.perms = p[6] 76713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = a 76813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 76913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_typerule_def(p): 77013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''typerule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI 771de311acdc976f8a8ec186d99181782e56b12b454Eric Paris | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI 77213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_CHANGE names names COLON names IDENTIFIER SEMI 77313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TYPE_MEMBER names names COLON names IDENTIFIER SEMI 77413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 77513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.TypeRule() 77613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[1] == 'type_change': 77713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.rule_type = refpolicy.TypeRule.TYPE_CHANGE 77813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif p[1] == 'type_member': 77913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.rule_type = refpolicy.TypeRule.TYPE_MEMBER 78013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.src_types = p[2] 78113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.tgt_types = p[3] 78213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.obj_classes = p[5] 78313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.dest_type = p[6] 78413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 78513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 78613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_bool(p): 78713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''bool : BOOL IDENTIFIER TRUE SEMI 78813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | BOOL IDENTIFIER FALSE SEMI''' 78913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b = refpolicy.Bool() 79013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b.name = p[2] 79113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if p[3] == "true": 79213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b.state = True 79313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 79413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle b.state = False 79513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = b 79613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 79713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_conditional(p): 79813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' conditional : IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE 79913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE ELSE OBRACE interface_stmts CBRACE 80013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 80113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c = refpolicy.Conditional() 80213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle c.cond_expr = p[3] 80313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[6], c, val=True) 80413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 8: 80513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle collect(p[10], c, val=False) 80613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [c] 80713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 80813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_typeattribute_def(p): 80913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''typeattribute_def : TYPEATTRIBUTE IDENTIFIER comma_list SEMI''' 81013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t = refpolicy.TypeAttribute() 81113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.type = p[2] 81213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle t.attributes.update(p[3]) 81313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = t 81413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 81513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_range_transition_def(p): 81613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI 81713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | RANGE_TRANSITION names names names SEMI''' 81813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 81913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 82013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_role_transition_def(p): 82113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''role_transition_def : ROLE_TRANSITION names names names SEMI''' 82213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 82313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 82413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_cond_expr(p): 82513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''cond_expr : IDENTIFIER 82613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | EXPL cond_expr 82713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr AMP AMP cond_expr 82813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr BAR BAR cond_expr 82913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr EQUAL EQUAL cond_expr 83013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | cond_expr EXPL EQUAL cond_expr 83113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 83213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle l = len(p) 83313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if l == 2: 83413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 83513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif l == 3: 83613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] + p[2] 83713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 83813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + [p[2] + p[3]] + p[4] 83913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 84013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 84113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 84213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Basic terminals 84313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 84413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 84513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Identifiers and lists of identifiers. These must 84613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# be handled somewhat gracefully. Names returns an IdSet and care must 84713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# be taken that this is _assigned_ to an object to correctly update 84813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# all of the flags (as opposed to using update). The other terminals 84913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# return list - this is to preserve ordering if it is important for 85013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# parsing (for example, interface_call must retain the ordering). Other 85113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# times the list should be used to update an IdSet. 85213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 85313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_names(p): 85413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''names : identifier 85513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_set 85613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | asterisk 85713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TILDE identifier 85813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | TILDE nested_id_set 85913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | IDENTIFIER MINUS IDENTIFIER 86013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 86113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s = refpolicy.IdSet() 86213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) < 3: 86313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle expand(p[1], s) 86413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(p) == 3: 86513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle expand(p[2], s) 86613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.compliment = True 86713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 86813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle expand([p[1]]) 86913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle s.add("-" + p[3]) 87013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = s 87113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_identifier(p): 87313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'identifier : IDENTIFIER' 87413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 87513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 87613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_asterisk(p): 87713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 'asterisk : ASTERISK' 87813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [p[1]] 87913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nested_id_set(p): 88113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nested_id_set : OBRACE nested_id_list CBRACE 88213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 88313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[2] 88413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 88513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nested_id_list(p): 88613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nested_id_list : nested_id_element 88713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_list nested_id_element 88813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 88913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 89013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 89113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 89213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] + p[2] 89313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 89413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_nested_id_element(p): 89513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''nested_id_element : identifier 89613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | MINUS IDENTIFIER 89713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | nested_id_set 89813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 89913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) == 2: 90013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 90113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 90213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # For now just leave the '-' 90313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle str = "-" + p[2] 90413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = [str] 90513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 90613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_comma_list(p): 90713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''comma_list : nested_id_list 90813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | comma_list COMMA nested_id_list 90913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ''' 91013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(p) > 2: 91113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[1] = p[1] + p[3] 91213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle p[0] = p[1] 91313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 91413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_optional_semi(p): 91513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle '''optional_semi : SEMI 91613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle | empty''' 91713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle pass 91813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 91913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 92013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 92113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# Interface to the parser 92213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle# 92313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 92413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef p_error(tok): 92552f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan global error, parse_file, success, parser 92613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle error = "%s: Syntax error on line %d %s [type=%s]" % (parse_file, tok.lineno, tok.value, tok.type) 92713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle print error 92813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle success = False 92913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 93013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef prep_spt(spt): 93113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not spt: 93213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return { } 93313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle map = {} 93413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for x in spt: 93513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle map[x.name] = x 93613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 93713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleparser = None 93813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlelexer = None 93913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef create_globals(module, support, debug): 94013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle global parser, lexer, m, spt 94152f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan 94213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not parser: 94313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle lexer = lex.lex() 94413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parser = yacc.yacc(method="LALR", debug=debug, write_tables=0) 94513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 94613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if module is not None: 94713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = module 94813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 94913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.Module() 95013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 95113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if not support: 95213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = refpolicy.SupportMacros() 95313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 95413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = support 95513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 95613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef parse(text, module=None, support=None, debug=False): 95713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle create_globals(module, support, debug) 95852f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan global error, parser, lexer, success 95952f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan 96052f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan success = True 96113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 96213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle try: 96352f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan parser.parse(text, debug=debug, lexer=lexer) 96413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except Exception, e: 96552f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan parser = None 96652f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan lexer = None 96713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle error = "internal parser error: %s" % str(e) + "\n" + traceback.format_exc() 96813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 96952f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan if not success: 97052f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan # force the parser and lexer to be rebuilt - we have some problems otherwise 97152f9d9f2ad3225e44f9fd55722b49231f060e2f3Karl MacMillan parser = None 97213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle msg = 'could not parse text: "%s"' % error 97313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError(msg) 97413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return m 97513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 97613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef list_headers(root): 97713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules = [] 97813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle support_macros = None 97913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 98013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for dirpath, dirnames, filenames in os.walk(root): 98113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for name in filenames: 98213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modname = os.path.splitext(name) 98313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle filename = os.path.join(dirpath, name) 98413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 98513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if modname[1] == '.spt': 98613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if name == "obj_perm_sets.spt": 98713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle support_macros = filename 98813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif len(re.findall("patterns", modname[0])): 98913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules.append((modname[0], filename)) 99013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle elif modname[1] == '.if': 99113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules.append((modname[0], filename)) 99213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return (modules, support_macros) 99413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledef parse_headers(root, output=None, expand=True, debug=False): 99713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle import util 99813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 99913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers = refpolicy.Headers() 100013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 100113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules = [] 100213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle support_macros = None 100313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 100413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if os.path.isfile(root): 100513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle name = os.path.split(root)[1] 100613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if name == '': 100713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError("Invalid file name %s" % root) 100813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modname = os.path.splitext(name) 100913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules.append((modname[0], root)) 101013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle all_modules, support_macros = list_headers(defaults.headers()) 101113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 101213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle modules, support_macros = list_headers(root) 101313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 101413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if expand and not support_macros: 101513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError("could not find support macros (obj_perm_sets.spt)") 101613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 101713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def o(msg): 101813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if output: 101913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle output.write(msg) 102013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 102113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle def parse_file(f, module, spt=None): 102213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle global parse_file 102313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if debug: 102413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("parsing file %s\n" % f) 102513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle try: 102613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fd = open(f) 102713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle txt = fd.read() 102813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fd.close() 102913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file = f 103013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse(txt, module, spt, debug) 103113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except IOError, e: 103213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 103313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except ValueError, e: 103413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle raise ValueError("error parsing file %s: %s" % (f, str(e))) 103513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 103613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = None 103713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if support_macros: 103813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("Parsing support macros (%s): " % support_macros) 103913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle spt = refpolicy.SupportMacros() 104013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file(support_macros, spt) 104113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers.children.append(spt) 104313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 104413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # FIXME: Total hack - add in can_exec rather than parse the insanity 104513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # of misc_macros. We are just going to pretend that this is an interface 104613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle # to make the expansion work correctly. 104713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle can_exec = refpolicy.Interface("can_exec") 10483f1446944eef99734bf4caef093b7fc1de51c747Eric Paris av = access.AccessVector(["$1","$2","file","execute_no_trans","open", "read", 104913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle "getattr","lock","execute","ioctl"]) 105013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle can_exec.children.append(refpolicy.AVRule(av)) 105213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers.children.append(can_exec) 105313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("done.\n") 105513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if output and not debug: 105713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle status = util.ConsoleProgressBar(sys.stdout, steps=len(modules)) 105813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle status.start("Parsing interface files") 105913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 106013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle failures = [] 106113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle for x in modules: 106213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m = refpolicy.Module() 106313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle m.name = x[0] 106413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle try: 106513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if expand: 106613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file(x[1], m, spt) 106713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle else: 106813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle parse_file(x[1], m) 106913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle except ValueError, e: 107013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o(str(e) + "\n") 107113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle failures.append(x[1]) 107213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle continue 107313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 107413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle headers.children.append(m) 107513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if output and not debug: 107613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle status.step() 107713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 107813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if len(failures): 107913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle o("failed to parse some headers: %s" % ", ".join(failures)) 108013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 108113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return headers 1082