RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-30 01:12:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

sepolgen: understand role attributes

Browse Source 
Parse and handle role attributes in sepolgen.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
This commit is contained in:
Miroslav Grepl 2013-01-09 10:15:59 -05:00 committed by Eric Paris
parent 1d403326ae
commit 3dd13f7d08
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
sepolgen/src/sepolgen/refparser.py
View File

@ -91,8 +91,10 @@ tokens = (
'CLASS',
# types and attributes
'TYPEATTRIBUTE',
'ROLEATTRIBUTE',
'TYPE',
'ATTRIBUTE',
'ATTRIBUTE_ROLE',
'ALIAS',
'TYPEALIAS',
# conditional policy
@ -153,8 +155,10 @@ reserved = {
'class' : 'CLASS',
# types and attributes
'typeattribute' : 'TYPEATTRIBUTE',
'roleattribute' : 'ROLEATTRIBUTE',
'type' : 'TYPE',
'attribute' : 'ATTRIBUTE',
'attribute_role' : 'ATTRIBUTE_ROLE',
'alias' : 'ALIAS',
'typealias' : 'TYPEALIAS',
# conditional policy
@ -489,6 +493,7 @@ def p_policy_stmt(p):
| avrule_def
| typerule_def
| typeattribute_def
| roleattribute_def
| interface_call
| role_def
| role_allow
@ -496,6 +501,7 @@ def p_policy_stmt(p):
| type_def
| typealias_def
| attribute_def
| attribute_role_def
| range_transition_def
| role_transition_def
| bool
@ -542,6 +548,7 @@ def p_require(p):
'''require : TYPE comma_list SEMI
| ROLE comma_list SEMI
| ATTRIBUTE comma_list SEMI
| ATTRIBUTE_ROLE comma_list SEMI
| CLASS comma_list SEMI
| BOOL comma_list SEMI
'''
@ -727,6 +734,11 @@ def p_attribute_def(p):
a = refpolicy.Attribute(p[2])
p[0] = a
def p_attribute_role_def(p):
'attribute_role_def : ATTRIBUTE_ROLE IDENTIFIER SEMI'
a = refpolicy.Attribute_Role(p[2])
p[0] = a
def p_typealias_def(p):
'typealias_def : TYPEALIAS IDENTIFIER ALIAS names SEMI'
t = refpolicy.TypeAlias()
@ -819,6 +831,13 @@ def p_typeattribute_def(p):
t.attributes.update(p[3])
p[0] = t
def p_roleattribute_def(p):
'''roleattribute_def : ROLEATTRIBUTE IDENTIFIER comma_list SEMI'''
t = refpolicy.RoleAttribute()
t.role = p[2]
t.roleattributes.update(p[3])
p[0] = t
def p_range_transition_def(p):
'''range_transition_def : RANGE_TRANSITION names names COLON names mls_range_def SEMI
| RANGE_TRANSITION names names names SEMI'''

27
sepolgen/src/sepolgen/refpolicy.py
View File

@ -117,6 +117,10 @@ class Node(PolicyBase):
"""Iterate over all of the TypeAttribute children of this Interface."""
return itertools.ifilter(lambda x: isinstance(x, TypeAttribute), walktree(self))
def roleattributes(self):
"""Iterate over all of the RoleAttribute children of this Interface."""
return itertools.ifilter(lambda x: isinstance(x, RoleAttribute), walktree(self))
def requires(self):
return itertools.ifilter(lambda x: isinstance(x, Require), walktree(self))
@ -356,6 +360,20 @@ class TypeAttribute(Leaf):
def to_string(self):
return "typeattribute %s %s;" % (self.type, self.attributes.to_comma_str())
class RoleAttribute(Leaf):
"""SElinux roleattribute statement.
This class represents a roleattribute statement.
"""
def __init__(self, parent=None):
Leaf.__init__(self, parent)
self.role = ""
self.roleattributes = IdSet()
def to_string(self):
return "roleattribute %s %s;" % (self.role, self.roleattributes.to_comma_str())
class Role(Leaf):
def __init__(self, parent=None):
Leaf.__init__(self, parent)
@ -400,6 +418,15 @@ class Attribute(Leaf):
def to_string(self):
return "attribute %s;" % self.name
class Attribute_Role(Leaf):
def __init__(self, name="", parent=None):
Leaf.__init__(self, parent)
self.name = name
def to_string(self):
return "attribute_role %s;" % self.name
# Classes representing rules
class AVRule(Leaf):