18c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 28c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 38c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 48c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 58c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 68c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* 78c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 88c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 98c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Support for enhanced MLS infrastructure. 108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: David Caplan, <dac@tresys.com> 128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Added conditional policy language extensions 148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Updated: Joshua Brindle <jbrindle@tresys.com> 168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Karl MacMillan <kmacmillan@mentalrootkit.com> 178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Jason Tang <jtang@tresys.com> 188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Added support for binary policy modules 208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * 218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2003 - 2008 Tresys Technology, LLC 238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * Copyright (C) 2007 Red Hat Inc. 248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * This program is free software; you can redistribute it and/or modify 258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * it under the terms of the GNU General Public License as published by 268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android * the Free Software Foundation, version 2. 278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android */ 288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/* FLASK */ 308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%{ 328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/types.h> 338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <assert.h> 348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdarg.h> 358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdint.h> 368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdio.h> 378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdlib.h> 388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <string.h> 398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sys/socket.h> 408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <netinet/in.h> 418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <arpa/inet.h> 428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <stdlib.h> 438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/expand.h> 458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/policydb.h> 468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/services.h> 478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/conditional.h> 488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/flask.h> 498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/hierarchy.h> 508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include <sepol/policydb/polcaps.h> 518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "queue.h" 528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "checkpolicy.h" 538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "module_compiler.h" 548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android#include "policy_define.h" 558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern policydb_t *policydbp; 578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern unsigned int pass; 588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern char yytext[]; 608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int yylex(void); 618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int yywarn(char *msg); 628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidextern int yyerror(char *msg); 638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypedef int (* require_func_t)(); 658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%} 678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%union { 698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android unsigned int val; 708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android uintptr_t valptr; 718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android void *ptr; 728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android require_func_t require_func; 738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android} 748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> cond_expr cond_expr_prim cond_pol_list cond_else 768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> cond_allow_def cond_auditallow_def cond_auditdeny_def cond_dontaudit_def 778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> cond_transition_def cond_te_avtab_def cond_rule_def 788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <ptr> role_def roles 798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <valptr> cexpr cexpr_prim op role_mls_op 808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <val> ipv4_addr_def number 818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%type <require_func> require_decl_def 828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token PATH 848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FILENAME 858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CLONE 868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token COMMON 878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CLASS 888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CONSTRAIN 898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token VALIDATETRANS 908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token INHERITS 918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SID 928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLE 938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLEATTRIBUTE 948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ATTRIBUTE_ROLE 958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLES 968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPEALIAS 978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPEATTRIBUTE 988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPEBOUNDS 998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE 1008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPES 1018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ALIAS 1028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ATTRIBUTE 1038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token BOOL 104cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley%token TUNABLE 1058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IF 1068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ELSE 1078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE_TRANSITION 1088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE_MEMBER 1098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TYPE_CHANGE 1108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ROLE_TRANSITION 1118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token RANGE_TRANSITION 1128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SENSITIVITY 1138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token DOMINANCE 1148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token DOM DOMBY INCOMP 1158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CATEGORY 1168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token LEVEL 1178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token RANGE 1188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token MLSCONSTRAIN 1198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token MLSVALIDATETRANS 1208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token USER 1218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NEVERALLOW 1228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token ALLOW 1238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token AUDITALLOW 1248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token AUDITDENY 1258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token DONTAUDIT 1268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SOURCE 1278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token TARGET 1288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token SAMEUSER 1298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FSCON PORTCON NETIFCON NODECON 1308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token PIRQCON IOMEMCON IOPORTCON PCIDEVICECON 1318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FSUSEXATTR FSUSETASK FSUSETRANS 1328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token GENFSCON 1338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token U1 U2 U3 R1 R2 R3 T1 T2 T3 L1 L2 H1 H2 1348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NOT AND OR XOR 1358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token CTRUE CFALSE 1368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IDENTIFIER 1378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NUMBER 1388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token EQUALS 1398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token NOTEQUAL 1408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IPV4_ADDR 1418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token IPV6_ADDR 1428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL 1438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token POLICYCAP 1448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token PERMISSIVE 1458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%token FILESYSTEM 1468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 1478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left OR 1488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left XOR 1498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left AND 1508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%right NOT 1518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%left EQUALS NOTEQUAL 1528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android%% 1538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpolicy : base_policy 1548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | module_policy 1558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidbase_policy : { if (define_policy(pass, 0) == -1) return -1; } 1578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android classes initial_sids access_vectors 1588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; } 1598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }} 1608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android opt_mls te_rbac users opt_constraints 1618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;} 1628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}} 1638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts 1648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidclasses : class_def 1668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | classes class_def 1678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidclass_def : CLASS identifier 1698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_class()) return -1;} 1708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sids : initial_sid_def 1728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | initial_sids initial_sid_def 1738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sid_def : SID identifier 1758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_initial_sid()) return -1;} 1768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidaccess_vectors : opt_common_perms av_perms 1788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_common_perms : common_perms 1808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 1818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcommon_perms : common_perms_def 1838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | common_perms common_perms_def 1848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcommon_perms_def : COMMON identifier '{' identifier_list '}' 1868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_common_perms()) return -1;} 1878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidav_perms : av_perms_def 1898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | av_perms av_perms_def 1908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidav_perms_def : CLASS identifier '{' identifier_list '}' 1928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_av_perms(FALSE)) return -1;} 1938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CLASS identifier INHERITS identifier 1948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_av_perms(TRUE)) return -1;} 1958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CLASS identifier INHERITS identifier '{' identifier_list '}' 1968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_av_perms(TRUE)) return -1;} 1978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 1988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_mls : mls 1998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 2008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmls : sensitivities dominance opt_categories levels mlspolicy 2028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidsensitivities : sensitivity_def 2048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | sensitivities sensitivity_def 2058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidsensitivity_def : SENSITIVITY identifier alias_def ';' 2078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_sens()) return -1;} 2088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SENSITIVITY identifier ';' 2098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_sens()) return -1;} 2108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidalias_def : ALIAS names 2128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddominance : DOMINANCE identifier 2148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_dominance()) return -1;} 2158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | DOMINANCE '{' identifier_list '}' 2168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_dominance()) return -1;} 2178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_categories : categories 2198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 2208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcategories : category_def 2228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | categories category_def 2238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcategory_def : CATEGORY identifier alias_def ';' 2258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_category()) return -1;} 2268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CATEGORY identifier ';' 2278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_category()) return -1;} 2288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidlevels : level_def 2308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | levels level_def 2318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidlevel_def : LEVEL identifier ':' id_comma_list ';' 2338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_level()) return -1;} 2348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | LEVEL identifier ';' 2358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_level()) return -1;} 2368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlspolicy : mlspolicy_decl 2388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | mlspolicy mlspolicy_decl 2398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlspolicy_decl : mlsconstraint_def 2418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | mlsvalidatetrans_def 2428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlsconstraint_def : MLSCONSTRAIN names names cexpr ';' 2448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_constraint((constraint_expr_t*)$4)) return -1; } 2458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmlsvalidatetrans_def : MLSVALIDATETRANS names cexpr ';' 2478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 2488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_rbac : te_rbac_decl 2508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | te_rbac te_rbac_decl 2518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_rbac_decl : te_decl 2538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | rbac_decl 2548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_stmt_def 2558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | optional_block 2568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | policycap_def 2578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ';' 2588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrbac_decl : attribute_role_def 2608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_type_def 2618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_dominance 2628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_trans_def 2638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_allow_def 2648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | roleattribute_def 2658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | role_attr_def 2668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_decl : attribute_def 2688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | type_def 2698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | typealias_def 2708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | typeattribute_def 2718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | typebounds_def 2728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | bool_def 273cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley | tunable_def 2748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | transition_def 2758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | range_trans_def 2768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | te_avtab_def 2778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | permissive_def 2788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidattribute_def : ATTRIBUTE identifier ';' 2808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_attrib()) return -1;} 2818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtype_def : TYPE identifier alias_def opt_attr_list ';' 2838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_type(1)) return -1;} 2848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE identifier opt_attr_list ';' 2858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_type(0)) return -1;} 2868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypealias_def : TYPEALIAS identifier alias_def ';' 2888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_typealias()) return -1;} 2898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypeattribute_def : TYPEATTRIBUTE identifier id_comma_list ';' 2918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_typeattribute()) return -1;} 2928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtypebounds_def : TYPEBOUNDS identifier id_comma_list ';' 2948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_typebounds()) return -1;} 2958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_attr_list : ',' id_comma_list 2978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 2988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 2998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidbool_def : BOOL identifier bool_val ';' 300cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley { if (define_bool_tunable(0)) return -1; } 3018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 302cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalleytunable_def : TUNABLE identifier bool_val ';' 303cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley { if (define_bool_tunable(1)) return -1; } 304cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley ; 3058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidbool_val : CTRUE 3068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("T",0)) return -1; } 3078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CFALSE 3088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("F",0)) return -1; } 3098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_stmt_def : IF cond_expr '{' cond_pol_list '}' cond_else 3118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (pass == 2) { if (define_conditional((cond_expr_t*)$2, (avrule_t*)$4, (avrule_t*)$6) < 0) return -1; }} 3128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_else : ELSE '{' cond_pol_list '}' 3148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $3; } 3158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 3168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = NULL; } 3178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_expr : '(' cond_expr ')' 3188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $2;} 3198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NOT cond_expr 3208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_NOT, $2, 0); 3218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr AND cond_expr 3238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_AND, $1, $3); 3248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr OR cond_expr 3268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_OR, $1, $3); 3278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr XOR cond_expr 3298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_XOR, $1, $3); 3308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr EQUALS cond_expr 3328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_EQ, $1, $3); 3338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr NOTEQUAL cond_expr 3358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_NEQ, $1, $3); 3368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 3378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_expr_prim 3388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_expr_prim : identifier 3418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_expr(COND_BOOL,0, 0); 3428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 3438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_pol_list : cond_pol_list cond_rule_def 3458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_pol_list((avrule_t *)$1, (avrule_t *)$2); } 3468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 3478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = NULL; } 3488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_rule_def : cond_transition_def 3508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_te_avtab_def 3528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_block 3548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = NULL; } 3558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 3578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_filename_trans() ; 3588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 3598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_TRANSITION names names ':' names identifier ';' 3608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_compute_type(AVRULE_TRANSITION) ; 3618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 3628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_MEMBER names names ':' names identifier ';' 3638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_compute_type(AVRULE_MEMBER) ; 3648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 3658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_CHANGE names names ':' names identifier ';' 3668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_compute_type(AVRULE_CHANGE) ; 3678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1;} 3688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_te_avtab_def : cond_allow_def 3708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_auditallow_def 3728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_auditdeny_def 3748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_dontaudit_def 3768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 3778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_allow_def : ALLOW names names ':' names names ';' 3798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_ALLOWED) ; 3808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 3818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_auditallow_def : AUDITALLOW names names ':' names names ';' 3838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_AUDITALLOW) ; 3848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 3858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_auditdeny_def : AUDITDENY names names ':' names names ';' 3878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_AUDITDENY) ; 3888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 3898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcond_dontaudit_def : DONTAUDIT names names ':' names names ';' 3918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT); 3928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == COND_ERR) return -1; } 3938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 3958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtransition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 3968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_filename_trans()) return -1; } 3978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_TRANSITION names names ':' names identifier ';' 3988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_compute_type(AVRULE_TRANSITION)) return -1;} 3998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_MEMBER names names ':' names identifier ';' 4008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_compute_type(AVRULE_MEMBER)) return -1;} 4018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE_CHANGE names names ':' names identifier ';' 4028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_compute_type(AVRULE_CHANGE)) return -1;} 4038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrange_trans_def : RANGE_TRANSITION names names mls_range_def ';' 4058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_range_trans(0)) return -1; } 4068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | RANGE_TRANSITION names names ':' names mls_range_def ';' 4078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_range_trans(1)) return -1; } 4088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidte_avtab_def : allow_def 4108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | auditallow_def 4118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | auditdeny_def 4128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | dontaudit_def 4138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | neverallow_def 4148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidallow_def : ALLOW names names ':' names names ';' 4168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_ALLOWED)) return -1; } 4178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidauditallow_def : AUDITALLOW names names ':' names names ';' 4198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_AUDITALLOW)) return -1; } 4208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidauditdeny_def : AUDITDENY names names ':' names names ';' 4228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_AUDITDENY)) return -1; } 4238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddontaudit_def : DONTAUDIT names names ':' names names ';' 4258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_DONTAUDIT)) return -1; } 4268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidneverallow_def : NEVERALLOW names names ':' names names ';' 4288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_te_avtab(AVRULE_NEVERALLOW)) return -1; } 4298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidattribute_role_def : ATTRIBUTE_ROLE identifier ';' 4318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_attrib_role()) return -1; } 432cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley ; 4338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_type_def : ROLE identifier TYPES names ';' 4348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_types()) return -1;} 4358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_attr_def : ROLE identifier opt_attr_list ';' 4378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_attr()) return -1;} 4388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_dominance : DOMINANCE '{' roles '}' 4408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_trans_def : ROLE_TRANSITION names names identifier ';' 4428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_trans(0)) return -1; } 4438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ROLE_TRANSITION names names ':' names identifier ';' 4448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_trans(1)) return -1;} 4458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_allow_def : ALLOW names names ';' 4478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_role_allow()) return -1; } 4488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidroles : role_def 4508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 4518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | roles role_def 4528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = merge_roles_dom((role_datum_t*)$1, (role_datum_t*)$2); if ($$ == 0) return -1;} 4538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_def : ROLE identifier_push ';' 4558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {$$ = define_role_dom(NULL); if ($$ == 0) return -1;} 4568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ROLE identifier_push '{' roles '}' 4578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {$$ = define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;} 4588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidroleattribute_def : ROLEATTRIBUTE identifier id_comma_list ';' 4608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_roleattribute()) return -1;} 4618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_constraints : constraints 4638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 4648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidconstraints : constraint_decl 4668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | constraints constraint_decl 4678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidconstraint_decl : constraint_def 4698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | validatetrans_def 4708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidconstraint_def : CONSTRAIN names names cexpr ';' 4728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_constraint((constraint_expr_t*)$4)) return -1; } 4738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidvalidatetrans_def : VALIDATETRANS names cexpr ';' 4758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 4768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcexpr : '(' cexpr ')' 4788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $2; } 4798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NOT cexpr 4808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NOT, $2, 0); 4818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 4828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cexpr AND cexpr 4838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_AND, $1, $3); 4848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 4858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cexpr OR cexpr 4868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_OR, $1, $3); 4878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 4888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cexpr_prim 4898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 4908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 4918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidcexpr_prim : U1 op U2 4928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, $2); 4938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 4948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R1 role_mls_op R2 4958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 4968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 4978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T1 op T2 4988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2); 4998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | U1 op { if (insert_separator(1)) return -1; } names_push 5018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_USER, $2); 5028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | U2 op { if (insert_separator(1)) return -1; } names_push 5048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_TARGET), $2); 5058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | U3 op { if (insert_separator(1)) return -1; } names_push 5078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_XTARGET), $2); 5088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R1 op { if (insert_separator(1)) return -1; } names_push 5108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, $2); 5118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R2 op { if (insert_separator(1)) return -1; } names_push 5138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), $2); 5148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | R3 op { if (insert_separator(1)) return -1; } names_push 5168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_XTARGET), $2); 5178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T1 op { if (insert_separator(1)) return -1; } names_push 5198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, $2); 5208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T2 op { if (insert_separator(1)) return -1; } names_push 5228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), $2); 5238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | T3 op { if (insert_separator(1)) return -1; } names_push 5258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_XTARGET), $2); 5268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SAMEUSER 5288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, CEXPR_EQ); 5298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SOURCE ROLE { if (insert_separator(1)) return -1; } names_push 5318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, CEXPR_EQ); 5328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TARGET ROLE { if (insert_separator(1)) return -1; } names_push 5348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), CEXPR_EQ); 5358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ROLE role_mls_op 5378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 5388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SOURCE TYPE { if (insert_separator(1)) return -1; } names_push 5408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, CEXPR_EQ); 5418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TARGET TYPE { if (insert_separator(1)) return -1; } names_push 5438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), CEXPR_EQ); 5448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L1 role_mls_op L2 5468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1L2, $2); 5478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L1 role_mls_op H2 5498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H2, $2); 5508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | H1 role_mls_op L2 5528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1L2, $2); 5538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | H1 role_mls_op H2 5558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1H2, $2); 5568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L1 role_mls_op H1 5588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H1, $2); 5598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | L2 role_mls_op H2 5618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L2H2, $2); 5628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if ($$ == 0) return -1; } 5638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidop : EQUALS 5658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_EQ; } 5668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NOTEQUAL 5678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_NEQ; } 5688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrole_mls_op : op 5708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = $1; } 5718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | DOM 5728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_DOM; } 5738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | DOMBY 5748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_DOMBY; } 5758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | INCOMP 5768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = CEXPR_INCOMP; } 5778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidusers : user_def 5798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | users user_def 5808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiduser_def : USER identifier ROLES names opt_mls_user ';' 5828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_user()) return -1;} 5838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_mls_user : LEVEL mls_level_def RANGE mls_range_def 5858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 5868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sid_contexts : initial_sid_context_def 5888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | initial_sid_contexts initial_sid_context_def 5898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidinitial_sid_context_def : SID identifier security_context_def 5918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_initial_sid_context()) return -1;} 5928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_dev_contexts : dev_contexts | 5948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddev_contexts : dev_context_def 5968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | dev_contexts dev_context_def 5978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 5988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androiddev_context_def : pirq_context_def | 5998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android iomem_context_def | 6008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ioport_context_def | 6018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android pci_context_def 6028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpirq_context_def : PIRQCON number security_context_def 6048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_pirq_context($2)) return -1;} 6058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidiomem_context_def : IOMEMCON number security_context_def 6078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_iomem_context($2,$2)) return -1;} 6088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | IOMEMCON number '-' number security_context_def 6098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_iomem_context($2,$4)) return -1;} 6108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidioport_context_def : IOPORTCON number security_context_def 6128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ioport_context($2,$2)) return -1;} 6138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | IOPORTCON number '-' number security_context_def 6148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ioport_context($2,$4)) return -1;} 6158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpci_context_def : PCIDEVICECON number security_context_def 6178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_pcidevice_context($2)) return -1;} 6188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_fs_contexts : fs_contexts 6208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_contexts : fs_context_def 6238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | fs_contexts fs_context_def 6248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_context_def : FSCON number number security_context_def security_context_def 6268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_context($2,$3)) return -1;} 6278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnet_contexts : opt_port_contexts opt_netif_contexts opt_node_contexts 6298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_port_contexts : port_contexts 6318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidport_contexts : port_context_def 6348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | port_contexts port_context_def 6358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidport_context_def : PORTCON identifier number security_context_def 6378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_port_context($3,$3)) return -1;} 6388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | PORTCON identifier number '-' number security_context_def 6398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_port_context($3,$5)) return -1;} 6408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_netif_contexts : netif_contexts 6428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnetif_contexts : netif_context_def 6458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | netif_contexts netif_context_def 6468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnetif_context_def : NETIFCON identifier security_context_def security_context_def 6488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_netif_context()) return -1;} 6498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_node_contexts : node_contexts 6518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnode_contexts : node_context_def 6548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | node_contexts node_context_def 6558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnode_context_def : NODECON ipv4_addr_def ipv4_addr_def security_context_def 6578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ipv4_node_context()) return -1;} 6588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | NODECON ipv6_addr ipv6_addr security_context_def 6598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_ipv6_node_context()) return -1;} 6608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_fs_uses : fs_uses 6628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_uses : fs_use_def 6658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | fs_uses fs_use_def 6668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfs_use_def : FSUSEXATTR filesystem security_context_def ';' 6688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;} 6698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | FSUSETASK identifier security_context_def ';' 6708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;} 6718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | FSUSETRANS identifier security_context_def ';' 6728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_fs_use(SECURITY_FS_USE_TRANS)) return -1;} 6738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_genfs_contexts : genfs_contexts 6758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidgenfs_contexts : genfs_context_def 6788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | genfs_contexts genfs_context_def 6798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidgenfs_context_def : GENFSCON filesystem path '-' identifier security_context_def 6818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_genfs_context(1)) return -1;} 6828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def 6838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_genfs_context(1)) return -1;} 6848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | GENFSCON filesystem path security_context_def 6858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_genfs_context(0)) return -1;} 6868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidipv4_addr_def : IPV4_ADDR 6888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 6898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidsecurity_context_def : identifier ':' identifier ':' identifier opt_mls_range_def 6918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidopt_mls_range_def : ':' mls_range_def 6938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | 6948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 6958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmls_range_def : mls_level_def '-' mls_level_def 6968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 6978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | mls_level_def 6988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 6998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmls_level_def : identifier ':' id_comma_list 7018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 7028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier 7038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (insert_separator(0)) return -1;} 7048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidid_comma_list : identifier 7068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | id_comma_list ',' identifier 7078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtilde : '~' 7098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidasterisk : '*' 7118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnames : identifier 7138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_separator(0)) return -1; } 7148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | nested_id_set 7158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_separator(0)) return -1; } 7168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | asterisk 7178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("*", 0)) return -1; 7188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_separator(0)) return -1; } 7198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde identifier 7208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("~", 0)) return -1; 7218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_separator(0)) return -1; } 7228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde nested_id_set 7238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("~", 0)) return -1; 7248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (insert_separator(0)) return -1; } 7258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier '-' { if (insert_id("-", 0)) return -1; } identifier 7268c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_separator(0)) return -1; } 7278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidtilde_push : tilde 7298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("~", 1)) return -1; } 7308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidasterisk_push : asterisk 7328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id("*", 1)) return -1; } 7338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnames_push : identifier_push 7358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | '{' identifier_list_push '}' 7368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | asterisk_push 7378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde_push identifier_push 7388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | tilde_push '{' identifier_list_push '}' 7398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier_list_push : identifier_push 7418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier_list_push identifier_push 7428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier_push : IDENTIFIER 7448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext, 1)) return -1; } 7458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier_list : identifier 7478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | identifier_list identifier 7488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnested_id_set : '{' nested_id_list '}' 7508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnested_id_list : nested_id_element | nested_id_list nested_id_element 7528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7538c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; } identifier | nested_id_set 7548c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7558c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androididentifier : IDENTIFIER 7568c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7578c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7588c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfilesystem : FILESYSTEM 7598c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7608c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | IDENTIFIER 7618c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7628c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7638c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpath : PATH 7648c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7658c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7668c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidfilename : FILENAME 7678c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } 7688c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7698c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidnumber : NUMBER 7708c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { $$ = strtoul(yytext,NULL,0); } 7718c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7728c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidipv6_addr : IPV6_ADDR 7738c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7748c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7758c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpolicycap_def : POLICYCAP identifier ';' 7768c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_polcap()) return -1;} 7778c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7788c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidpermissive_def : PERMISSIVE identifier ';' 7798c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android {if (define_permissive()) return -1;} 7808c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 7818c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android/*********** module grammar below ***********/ 7828c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android 7838c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmodule_policy : module_def avrules_block 7848c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_avrule_block(pass) == -1) return -1; 7858c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android if (policydb_index_others(NULL, policydbp, 0)) return -1; 7868c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android } 7878c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7888c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidmodule_def : MODULE identifier version_identifier ';' 7898c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (define_policy(pass, 1) == -1) return -1; } 7908c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7918c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidversion_identifier : VERSION_IDENTIFIER 7928c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7938c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | number 7948c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (insert_id(yytext,0)) return -1; } 7958c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ipv4_addr_def /* version can look like ipv4 address */ 7968c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7978c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrules_block : avrule_decls avrule_user_defs 7988c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 7998c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrule_decls : avrule_decls avrule_decl 8008c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | avrule_decl 8018c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8028c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrule_decl : rbac_decl 8038c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | te_decl 8048c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | cond_stmt_def 8058c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_block 8068c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | optional_block 8078c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ';' 8088c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8098c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_block : REQUIRE '{' require_list '}' 8108c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8118c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_list : require_list require_decl 8128c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_decl 8138c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8148c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_decl : require_class ';' 8158c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_decl_def require_id_list ';' 8168c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8178c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_class : CLASS identifier names 8188c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (require_class(pass)) return -1; } 8198c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8208c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_decl_def : ROLE { $$ = require_role; } 8218c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | TYPE { $$ = require_type; } 8228c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ATTRIBUTE { $$ = require_attribute; } 8238c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | ATTRIBUTE_ROLE { $$ = require_attribute_role; } 8248c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | USER { $$ = require_user; } 8258c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | BOOL { $$ = require_bool; } 826cd88c5c44f93ca14828bdae024fae6e0287ba71dStephen Smalley | TUNABLE { $$ = require_tunable; } 8278c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | SENSITIVITY { $$ = require_sens; } 8288c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | CATEGORY { $$ = require_cat; } 8298c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8308c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidrequire_id_list : identifier 8318c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if ($<require_func>0 (pass)) return -1; } 8328c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | require_id_list ',' identifier 8338c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if ($<require_func>0 (pass)) return -1; } 8348c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8358c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidoptional_block : optional_decl '{' avrules_block '}' 8368c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_avrule_block(pass) == -1) return -1; } 8378c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android optional_else 8388c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_optional(pass) == -1) return -1; } 8398c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8408c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidoptional_else : else_decl '{' avrules_block '}' 8418c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (end_avrule_block(pass) == -1) return -1; } 8428c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 8438c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8448c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidoptional_decl : OPTIONAL 8458c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (begin_optional(pass) == -1) return -1; } 8468c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8478c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidelse_decl : ELSE 8488c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android { if (begin_optional_else(pass) == -1) return -1; } 8498c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 8508c48de15b1afeb1cd01a753195a29b1a7811dbfSE Androidavrule_user_defs : user_def avrule_user_defs 8518c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android | /* empty */ 8528c48de15b1afeb1cd01a753195a29b1a7811dbfSE Android ; 853