Changeset 1939
- Timestamp:
- 02/18/08 12:19:45 (9 months ago)
- Files:
-
- branches/dictionary_changes/resources/cdsframework.spt (modified) (1 diff)
- branches/dictionary_changes/resources/dictionary/dictionary.fdic (modified) (11 diffs, 1 prop)
- branches/dictionary_changes/resources/link/search_bin.flnk (added)
- branches/dictionary_changes/resources/link/sys_state.flnk (added)
- branches/dictionary_changes/src/com/tresys/framework/compiler/ParserBase.java (added)
- branches/dictionary_changes/src/com/tresys/framework/compiler/dictionary/DictionaryParser.jj (modified) (9 diffs, 2 props)
- branches/dictionary_changes/src/com/tresys/framework/compiler/linkage/flnkage/Ability.java (modified) (5 diffs)
- branches/dictionary_changes/src/com/tresys/framework/compiler/linkage/flnkage/FLNKParser.jj (modified) (5 diffs, 1 prop)
- branches/dictionary_changes/src/com/tresys/framework/compiler/policy/AccessBoolean.java (modified) (3 diffs)
- branches/dictionary_changes/src/com/tresys/framework/compiler/policy/Comment.java (modified) (1 diff)
- branches/dictionary_changes/src/com/tresys/framework/compiler/policy/Export.java (modified) (10 diffs)
- branches/dictionary_changes/src/com/tresys/framework/compiler/policy/PolicyParser.jj (modified) (9 diffs)
- branches/dictionary_changes/src/com/tresys/framework/compiler/systemResources/SystemResourcesParser.jj (modified) (3 diffs)
- branches/dictionary_changes/src/com/tresys/framework/compiler/translator/TranslatorSELinux.java (modified) (7 diffs)
- branches/dictionary_changes/src/com/tresys/framework/plugin/builder/SELinuxSystem.java (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/dictionary_changes/resources/cdsframework.spt
r1591 r1939 7 7 libs_use_ld_so($1) 8 8 libs_use_shared_libs($1) 9 miscfiles_read_localization($1) 9 10 role system_r types $1; 10 11 ') branches/dictionary_changes/resources/dictionary/dictionary.fdic
- Property svn:executable deleted
r1938 r1939 76 76 } 77 77 new 78 [desc : "Create new file in directory"]78 [desc : "Create new file or directory in directory w/type transition"] 79 79 { 80 80 resource { 81 81 dir { read getattr lock search ioctl add_name remove_name write } 82 file { create } 83 lnk_file { create } 82 84 } 83 85 transition { 84 86 dir 85 87 file 88 lnk_file 86 89 } 87 90 } … … 124 127 write 125 128 [desc: "Write to file"] 126 [backflow : 1]129 [backflow : 0] 127 130 { 128 131 resource { … … 133 136 append_only 134 137 [desc: "Append existing files"] 135 [backflow : 1]138 [backflow : 0] 136 139 { 137 140 resource { … … 140 143 } 141 144 } 142 } 143 } 144 145 rdef namedPipes 145 new 146 [desc:"Create new file w/type transition"] 147 [backflow : 0 ] 148 { 149 resource { 150 file { create } 151 lnk_file { create } 152 } 153 transition { 154 file 155 lnk_file 156 } 157 } 158 } 159 } 160 161 rdef namedPipesDir 146 162 [desc: "named pipe and the directory it lives in"] 147 163 { … … 188 204 } 189 205 206 rdef namedPipeFile 207 [desc: "A named pipe file"] 208 { 209 requires { file } 210 owner { 211 resource { 212 fifo_file { append create getattr ioctl link lock read rename setattr unlink write } 213 } 214 } 215 read { 216 default { read } 217 read 218 [desc: "Read data from a named pipe"] 219 [backflow : 0] 220 { 221 resource { 222 fifo_file { read getattr } 223 } 224 } 225 } 226 write { 227 default { create write } 228 write 229 [desc: "Write to a named pipe"] 230 [backflow : 1] 231 { 232 resource { 233 fifo_file { write setattr } 234 } 235 } 236 new 237 [desc: "Create a named pipe and w/type transition"] 238 [backflow : 1] 239 { 240 resource { 241 fifo_file { create unlink setattr } 242 } 243 transition { 244 fifo_file 245 } 246 } 247 } 248 } 249 190 250 rdef unnamedPipes 191 251 [desc: "Unnamed pipes as domain private resources"] … … 225 285 } 226 286 227 rdef unnamed UnixStreams287 rdef unnamedStreamSockets 228 288 [desc: "Unnamed Unix domain stream sockets as private resources in a domain "] 229 289 { … … 265 325 } 266 326 267 rdef unnamed UnixDatagrams327 rdef unnamedDatagramSockets 268 328 [desc: "Unnamed Unix domain datagram sockets as private resources in a domain"] 269 329 { … … 306 366 } 307 367 308 rdef unixStreamSockets368 rdef streamSocketDir 309 369 [desc: "Unix stream sockets with socket files and the directory they live in"] 310 370 { … … 338 398 } 339 399 340 rdef unixDatagramSockets 400 rdef streamSocketFile 401 [desc: "Unix stream socket file"] 402 { 403 requires { file } 404 owner { 405 resource { 406 sock_file { create getattr unlink write } 407 } 408 self { 409 unix_stream_socket { accept bind connect connectto create write listen read shutdown } 410 } 411 } 412 readwrite { 413 default { read } 414 read 415 [desc: "Read data from Unix stream sockets"] 416 { 417 resource { 418 dir { search } 419 sock_file { getattr read write } 420 } 421 self { 422 unix_stream_socket { connect create read write accept bind listen shutdown } 423 } 424 other readwrite { 425 unix_stream_socket { connectto } 426 } 427 } 428 new 429 [desc: "Create a new stream socket"] 430 { 431 resource { 432 sock_file { create unlink } 433 } 434 transition { 435 sock_file 436 } 437 438 } 439 } 440 } 441 442 rdef datagramSocketDir 341 443 [desc: "Unix datagram sockets with sockfiles and the directory they live in"] 342 444 { … … 391 493 } 392 494 } 495 } 496 } 497 498 rdef datagramSocketFile 499 [desc: "Unix datagram socket file"] 500 { 501 requires { file } 502 owner { 503 resource { 504 sock_file { create getattr unlink write } 505 } 506 self { 507 unix_dgram_socket { bind create write read recv_msg send_msg sendto shutdown } 508 } 509 } 510 read { 511 default { read } 512 read 513 [desc: "Read from Unix datagram sockets"] 514 [backflow : 1] 515 { 516 self { 517 unix_dgram_socket { create read } 518 } 519 other write { 520 unix_dgram_socket { read } 521 } 522 } 523 } 524 write { 525 default { write } 526 write 527 [desc: "Write data to Unix datagram sockets"] 528 [backflow : 1] 529 { 530 resource { 531 sock_file { write } 532 } 533 self { 534 unix_dgram_socket { bind create sendto shutdown write } 535 } 536 } 537 new 538 [desc: "Create and delete socket files"] 539 [backflow : 1] 540 { 541 resource { 542 sock_file { create unlink } 543 } 544 transition { 545 sock_file 546 } 547 } 548 393 549 } 394 550 } … … 582 738 } 583 739 end resource { 584 file { entrypoint }740 file { entrypoint read getattr } 585 741 } 586 742 start start { branches/dictionary_changes/src/com/tresys/framework/compiler/dictionary/DictionaryParser.jj
- Property svn:eol-style set to native
- Property svn:executable deleted
r1938 r1939 33 33 34 34 import com.tresys.framework.compiler.ErrorHandler; 35 import com.tresys.framework.compiler.ParserBase; 35 36 import com.tresys.framework.compiler.Utility; 36 37 import com.tresys.framework.compiler.systemResources.SystemResourceTypes; … … 42 43 */ 43 44 public final class DictionaryParser 45 extends ParserBase 44 46 { 45 47 … … 47 49 //private static Dictionary genDictionary; 48 50 private Dictionary dictionary; 49 private ErrorHandler errorHandler; 50 51 /** 52 * Sends an error message to the designated errorHandler. 53 * 54 * @param tok Token which caused error 55 * @param errmsg Error message to display 56 */ 57 private void errorGenerate (Token tok, String errmsg) 58 { 59 errorHandler.Error(errmsg, tok.beginLine, tok.beginColumn, tok.endColumn); 60 } 61 62 /** 63 * Sends a warning to the designated errorHandler. 64 * 65 * @param tok Token which caused error 66 * @param errmsg Error message to display 67 */ 68 private void warnGenerate(Token tok, String errmsg) 69 { 70 errorHandler.Warning(errmsg, tok.beginLine, tok.beginColumn, tok.endColumn); 71 } 51 72 52 73 53 private String parseErrorMessage(ParseException e) … … 88 68 } 89 69 90 if (e.expectedTokenSequences[i][j] == ID)70 if (e.expectedTokenSequences[i][j] == ID) 91 71 expected += "An identifier starting with a letter or underscore"; 92 72 else 93 73 expected += e.tokenImage[e.expectedTokenSequences[i][j]]; 94 74 95 75 if (i != (e.expectedTokenSequences.length - 1) && 96 76 e.expectedTokenSequences[i][e.expectedTokenSequences[i].length - 1] != 0) … … 124 104 return message; 125 105 } 126 127 /**128 * Used to convert raw characters to their escaped version129 * when these raw version cannot be used as part of an ASCII130 * string literal.131 *132 * @param str String to process.133 */134 private String add_escapes(String str)135 {136 String retval = new String ();137 char[] chars = str.toCharArray();138 // for (char ch: chars) {139 for (int i = 0; i < chars.length; i++)140 {141 char ch = chars[i];142 switch (ch)143 {144 case 0 :145 continue;146 case '\b':147 retval += ("\\b");148 continue;149 case '\t':150 retval += ("\\t");151 continue;152 case '\n':153 retval += ("\\n");154 continue;155 case '\f':156 retval += ("\\f");157 continue;158 case '\r':159 retval += ("\\r");160 continue;161 case '\"':162 retval += ("\\\"");163 continue;164 case '\'':165 retval += ("\\\'");166 continue;167 case '\\':168 retval += ("\\\\");169 continue;170 default:171 if (ch < 0x20 || ch > 0x7e)172 {173 String s = "0000" + Integer.toString(ch, 16);174 retval += ("\\u" + s.substring(s.length() - 4, s.length()));175 }176 else177 {178 retval += (ch);179 }180 continue;181 }182 }183 return retval;184 }185 186 private final Token addHandlerToToken(Token tok)187 {188 tok.setErrorHandler (errorHandler);189 return tok;190 }191 106 192 107 public DictionaryParser(Dictionary dict) … … 204 119 public void Parse(Reader dictReader, ErrorHandler handler) 205 120 { 206 errorHandler = handler;121 m_errorHandler = handler; 207 122 208 123 try … … 213 128 catch (TokenMgrError e) 214 129 { 215 errorHandler.CriticalError("Error tokenizing dictionary file: " + e.getMessage());130 m_errorHandler.CriticalError("Error tokenizing dictionary file: " + e.getMessage()); 216 131 } 217 132 … … 230 145 { 231 146 if (tme.ErrorLine > -1) 232 errorHandler.Error(tme.getMessage(), tme.ErrorLine, tme.ErrorColumn, tme.ErrorColumn + tme.ErrorAfter.length());147 m_errorHandler.Error(tme.getMessage(), tme.ErrorLine, tme.ErrorColumn, tme.ErrorColumn + tme.ErrorAfter.length()); 233 148 else 234 errorHandler.ErrorNowhere("Error tokenizing dictionary file: " + tme.getMessage());149 m_errorHandler.ErrorNowhere("Error tokenizing dictionary file: " + tme.getMessage()); 235 150 } 236 151 catch(Exception e) … … 567 482 Utility.Debug("Creating control Rdef \"" + tokFname.image 568 483 + tokControl.image + "\""); 569 return (new Rdef(new Token(tokFname.image + tokControl.image, tokFname.beginLine, tokControl.endLine, tokFname.beginColumn, tokControl.endColumn, errorHandler), true));484 return (new Rdef(new Token(tokFname.image + tokControl.image, tokFname.beginLine, tokControl.endLine, tokFname.beginColumn, tokControl.endColumn, m_errorHandler), true)); 570 485 } 571 486 Utility.Debug("Creating Rdef \"" + tokFname.image + "\""); branches/dictionary_changes/src/com/tresys/framework/compiler/linkage/flnkage/Ability.java
r1884 r1939 29 29 protected AccessTarget accessTarget; 30 30 31 protected final Map interfaceMap ;31 protected final Map interfaceMap = new HashMap (); 32 32 33 33 private final AbstractToken token; … … 37 37 public Ability (Ability i_copyMe) 38 38 { 39 interfaceMap = new HashMap();40 39 NameValuePairs = new TreeMap/*<String, NameValuePair<?>>*/(); 41 40 … … 49 48 { 50 49 token = nameToken; 51 interfaceMap = new HashMap();52 50 NameValuePairs = new TreeMap/*<String, NameValuePair<?>>*/(); 53 51 } … … 116 114 public Map GetPermVectors() 117 115 { 116 if (accessTarget == null) 117 return null; 118 118 119 return accessTarget.GetPermVectors(); 119 120 } … … 134 135 135 136 /*for (PermVector pv:at.GetPermVectors().values())*/ 136 Iterator iter = accessTarget.GetPermVectors().values().iterator(); 137 while(iter.hasNext()) 137 for (Iterator iter = accessTarget.GetPermVectors().values().iterator(); iter.hasNext(); ) 138 138 { 139 139 PermVector pv = (PermVector) iter.next(); 140 if (pv.getPermissions().isEmpty())140 if (pv.getPermissions().isEmpty()) 141 141 { 142 142 pv.getObjectClassToken().Error( branches/dictionary_changes/src/com/tresys/framework/compiler/linkage/flnkage/FLNKParser.jj
- Property svn:eol-style set to native
r1903 r1939 25 25 26 26 import com.tresys.framework.compiler.ErrorHandler; 27 import com.tresys.framework.compiler.ParserBase; 27 28 import com.tresys.framework.compiler.policy.BaseDomain; 28 29 import com.tresys.framework.compiler.policy.BaseResource; … … 45 46 */ 46 47 public class FLNKParser 48 extends ParserBase 47 49 { 48 50 // Policy object that will be filled as parsing occurs 49 private ErrorHandler m_errorHandler;50 51 private IPolicyPartCreator m_creator; 51 52 … … 54 55 private Vector abilities; 55 56 56 /**57 * Sends an error message to the designated errorHandler.58 *59 * @param tok Token which caused error60 * @param errmsg Error message to display61 */62 private void errorGenerate (Token tok, String errmsg)63 {64 m_errorHandler.Error(errmsg, tok.beginLine, tok.beginColumn, tok.endColumn);65 }66 67 57 public Vector getAllBaseDomains() 68 58 { … … 80 70 } 81 71 82 /**83 * Sends a warning to the designated errorHandler.84 *85 * @param tok Token which caused error86 * @param errmsg Error message to display87 */88 private void warnGenerate(Token tok, String errmsg)89 {90 m_errorHandler.Warning(errmsg, tok.beginLine, tok.beginColumn, tok.endColumn);91 }92 93 private final Token addHandlerToToken(Token tok)94 {95 tok.setErrorHandler (m_errorHandler);96 return tok;97 }98 99 72 private String parseErrorMessage(ParseException e) 100 73 { … … 141 114 } 142 115 143 /**144 * Used to convert raw characters to their escaped version145 * when these raw version cannot be used as part of an ASCII146 * string literal.147 *148 * @param str String to process.149 */150 private String add_escapes(String str) {151 String retval = new String ();152 char[] chars = str.toCharArray();153 // for (char ch: chars) {154 for (int i = 0; i < chars.length; i++)155 {156 char ch = chars[i];157 switch (ch) {158 case 0 :159 continue;160 case '\b':161 retval += ("\\b");162 continue;163 case '\t':164 retval += ("\\t");165 continue;166 case '\n':167 retval += ("\\n");168 continue;169 case '\f':170 retval += ("\\f");171 continue;172 case '\r':173 retval += ("\\r");174 continue;175 case '\"':176 retval += ("\\\"");177 continue;178 case '\'':179 retval += ("\\\'");180 continue;181 case '\\':182 retval += ("\\\\");183 continue;184 default:185 if (ch < 0x20 || ch > 0x7e) {186 String s = "0000" + Integer.toString(ch, 16);187 retval += ("\\u" + s.substring(s.length() - 4, s.length()));188 } else {189 retval += (ch);190 }191 continue;192 }193 }194 return retval;195 }196 116 197 117 public Token makeTokenString(Token tok) branches/dictionary_changes/src/com/tresys/framework/compiler/policy/AccessBoolean.java
r1825 r1939 3 3 * Authors: Brian Williams <bwilliams@tresys.com> 4 4 * 5 * Version: @version@ 5 * $Rev$ 6 * $Date$ 6 7 */ 7 8 … … 11 12 import java.util.Map; 12 13 14 import com.tresys.framework.compiler.AbstractToken; 13 15 import com.tresys.framework.compiler.IPolicyVisitor; 14 16 15 public class AccessBoolean extends Access { 17 public class AccessBoolean 18 extends Access 19 { 16 20 17 public AccessBoolean (IDomain dom, Conditional cond, Integer verb,18 Token token, Token bool, Boolean activeOnBool){19 super (dom, cond, verb, token, bool, activeOnBool);21 public AccessBoolean (IDomain dom, Conditional cond, Integer verb, AbstractToken token, AbstractToken bool, Boolean activeOnBool) 22 { 23 super (dom, cond, verb, token, bool, activeOnBool); 20 24 } 21 25 22 public void Accept (IPolicyVisitor i_visitor)26 public void Accept (IPolicyVisitor i_visitor) 23 27 {} 24 28 … … 27 31 return true; 28 32 } 29 33 30 34 public void ResetToDefaults () 31 35 {} 32 36 33 37 public void ClearAccess () 34 38 {} 35 39 36 40 public Collection GetAccessDefns () 37 41 { 38 42 return null; 39 43 } 40 44 41 45 public void SetAccessDefns (Collection i_accessDefns) 42 //throws VerbMismatchException, UnrevokableException46 // throws VerbMismatchException, UnrevokableException 43 47 {} 44 45 public boolean Validate() {46 // If the domain and the resource have the same parent, there are no constraints47 Domain domainParent = getDomain().getParent();48 48 49 if(domainParent != null) { 49 public boolean Validate () 50 { 51 // If the domain and the resource have the same parent, there are no 52 // constraints 53 Domain domainParent = getDomain ().getParent (); 50 54 51 Map/*<Component, Access>*/parentAccesses = domainParent.GetAccessMap(m_verb.intValue()); 55 if (domainParent != null) 56 { 52 57 53 if(parentAccesses.isEmpty()) { 58 Map/* <Component, Access> */parentAccesses = domainParent.GetAccessMap (m_verb.intValue ()); 59 60 if (parentAccesses.isEmpty ()) 61 { 54 62 Token 55 .Warning ("Constraint violation: Child domain has attempted to exceed parent domain \""56 + domainParent.getName ()63 .Warning ("Constraint violation: Child domain has attempted to exceed parent domain \"" 64 + domainParent.getName () 57 65 + "\"'s access to interface \"" 58 + getResource ().getName() + "\"");66 + getResource ().getName () + "\""); 59 67 return false; 60 68 } 61 69 62 Access parentToResource = (Access) parentAccesses 63 .get(getResource()); 70 Access parentToResource = (Access) parentAccesses.get (getResource ()); 64 71 65 if (parentToResource == null) {66 Token67 .Warning("Constraint violation: Child domain has attempted to exceed parent domain \""68 + domainParent.getName ()72 if (parentToResource == null) 73 { 74 Token.Warning ("Constraint violation: Child domain has attempted to exceed parent domain \"" 75 + domainParent.getName () 69 76 + "\"'s access to resource \"" 70 + getResource ().getName() + "\"");77 + getResource ().getName () + "\""); 71 78 return false; 72 79 } 73 80 74 if (parentToResource.m_bool != null75 && !parentToResource.m_bool.equals(m_bool)){81 if (parentToResource.m_bool != null && !parentToResource.m_bool.equals (m_bool)) 82 { 76 83 Token 77 .Warning ("Constraint violation: Parent's permission on resource are wrapped in the boolean "84 .Warning ("Constraint violation: Parent's permission on resource are wrapped in the boolean " 78 85 + parentToResource.m_bool 79 86 + ", child permission must also be wrapped by the same boolean"); branches/dictionary_changes/src/com/tresys/framework/compiler/policy/Comment.java
r1825 r1939 1 /* Copyright (C) 2005-2006 Tresys Technology, LLC 1 /* 2 * Copyright (C) 2005-2006 Tresys Technology, LLC 2 3 * License: refer to COPYING file for license information. 3 4 * Authors: Dave Sugar <dsugar@tresys.com> 4 5 * 5 * Version: @version@ 6 * $Rev$ 7 * $Date$ 6 8 */ 7 9 8 10 package com.tresys.framework.compiler.policy; 9 11 12 import com.tresys.framework.compiler.AbstractToken; 10 13 import com.tresys.framework.compiler.IPolicyVisitable; 11 14 import com.tresys.framework.compiler.IPolicyVisitor; 12 15 13 public class Comment 14 implements IPolicyVisitable 16 public class Comment 17 implements IPolicyVisitable 15 18 { 16 19 final private String m_sCommentText; 17 20 18 final private Token m_Token;21 final private AbstractToken m_Token; 19 22 20 public Comment(String i_sText, Token i_tok) { 23 public Comment (String i_sText, AbstractToken i_tok) 24 { 21 25 m_sCommentText = i_sText; 22 26 m_Token = i_tok; 23 27 } 24 28 25 public void Accept(IPolicyVisitor i_visitor) { 26 i_visitor.Visit(this); 29 public void Accept (IPolicyVisitor i_visitor) 30 { 31 i_visitor.Visit (this); 27 32 } 28 33 29 public Token GetNameToken() { 34 public AbstractToken GetNameToken () 35 { 30 36 return m_Token; 31 37 } 32 38 33 public String GetCommentText() { 39 public String GetCommentText () 40 { 34 41 return m_sCommentText; 35 42 } branches/dictionary_changes/src/com/tresys/framework/compiler/policy/Export.java
r1825 r1939 1 /* Copyright (C) 2005-2006 Tresys Technology, LLC 1 /* 2 * Copyright (C) 2005-2006 Tresys Technology, LLC 2 3 * License: refer to COPYING file for license information. 3 4 * Author: Spencer Shimko <sshimko@tresys.com> … … 5 6 * 6 7 * Export.java: SEFramework policy language exported interface class 7 * Version: @version@ 8 * 9 * $Rev$ 10 * $Date$ 8 11 */ 9 12 package com.tresys.framework.compiler.policy; 10 13 14 import com.tresys.framework.compiler.AbstractToken; 11 15 import com.tresys.framework.compiler.Utility; 12 16 import com.tresys.framework.compiler.dictionary.AccessDefn; … … 20 24 21 25 /** 22 * This class represents an export statement in the SEFramework policy 23 * language. It includes all information pertinent to the exportation 24 * of an interface such as resource, access verb (read, 25 * write, etc), and any tweaks. 26 * This class represents an export statement in the SEFramework pol