Changeset 2045
- Timestamp:
- 04/03/08 11:57:08 (8 months ago)
- Files:
-
- branches/networking/resources/dictionary/dictionary.fdic (modified) (1 diff)
- branches/networking/src/com/tresys/framework/compiler/dictionary/DictionaryParser.jj (modified) (5 diffs)
- branches/networking/src/com/tresys/framework/compiler/dictionary/DictionaryValidator.java (modified) (1 diff)
- branches/networking/src/com/tresys/framework/compiler/dictionary/Rdef.java (modified) (4 diffs)
- branches/networking/src/com/tresys/framework/compiler/policy/SystemResourceValidator.java (modified) (5 diffs)
- branches/networking/src/com/tresys/framework/compiler/systemResources/IPTablesNetworkResource.java (added)
- branches/networking/src/com/tresys/framework/compiler/systemResources/LabeledNetworkResource.java (added)
- branches/networking/src/com/tresys/framework/compiler/systemResources/NetworkInfo.java (added)
- branches/networking/src/com/tresys/framework/compiler/systemResources/NetworkResource.java (modified) (2 diffs)
- branches/networking/src/com/tresys/framework/compiler/systemResources/SystemResourceTypes.java (modified) (1 diff)
- branches/networking/src/com/tresys/framework/compiler/systemResources/SystemResourcesParser.jj (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/networking/resources/dictionary/dictionary.fdic
r2019 r2045 159 159 } 160 160 161 162 rdef ipsec 163 [desc: "A Labeled Networking (ipsec) configured network connection"] 164 { 165 requires { ipsec } 166 owner { 167 resource { 168 #TODO: I don't think this is correct, but the dictionary parser requires something here 169 association { polmatch } 170 } 171 } 172 read { 173 default { read } 174 read 175 [desc: "Read data over UDP network connection"] 176 [backflow: 2] 177 { 178 resource {} 179 other write { 180 association { recvfrom } 181 } 182 } 183 } 184 185 write { 186 default { write } 187 write 188 [desc: "Write data over UDP network connection"] 189 [backflow: 2] 190 { 191 self { 192 association { sendto } 193 } 194 } 195 } 196 197 readwrite { 198 default { connrw } 199 connrw 200 [desc: "read and write over TCP network connection"] 201 { 202 resource { 203 association { recvfrom } 204 } 205 self { 206 association { sendto } 207 } 208 } 209 } 210 } 211 212 rdef secmark 213 [desc: "An IPTables (secmark} configured network connection"] 214 { 215 requires { secmark } 216 owner { 217 resource { 218 #TODO: I don't think this is correct, but the dictionary parser requires something here 219 packet { send recv } 220 } 221 } 222 read { 223 default { read } 224 read 225 [desc : "read data over network connection"] 226 [backflow: 2] 227 { 228 resource { 229 packet { recv } 230 } 231 } 232 } 233 234 write { 235 default { write } 236 write 237 [desc : "write data over network connection"] 238 [backflow: 1] 239 { 240 resource { 241 packet { send } 242 } 243 } 244 } 245 246 readwrite { 247 default { networkrw } 248 networkrw 249 [desc : "read and write over network connection"] 250 { 251 resource { 252 packet { send recv } 253 } 254 } 255 } 256 } 257 161 258 rdef namedPipesDir 162 259 [desc: "named pipe and the directory it lives in"] branches/networking/src/com/tresys/framework/compiler/dictionary/DictionaryParser.jj
r1949 r2045 226 226 <REQ_BLOCK> TOKEN: { 227 227 <DIR : "dir"> 228 |<NETWORK : " network">228 |<NETWORK : "secmark"|"ipsec"> 229 229 |<FILE : "file"> 230 230 |<REQ_RBRACE : "}"> { … … 655 655 { 656 656 if (dobj.GetSysResourceState(SystemResourceTypes.dir) == SysResourceState.Yes 657 || dobj.GetSysResourceState(SystemResourceTypes.network) == SysResourceState.Yes 658 || dobj.GetSysResourceState (SystemResourceTypes.file) == SysResourceState.Yes) 657 || dobj.GetSysResourceState (SystemResourceTypes.file) == SysResourceState.Yes 658 || dobj.GetSysResourceState(SystemResourceTypes.ipsec) == SysResourceState.Yes 659 || dobj.GetSysResourceState(SystemResourceTypes.secmark) == SysResourceState.Yes ) 659 660 { 660 661 errorGenerate(req, "Requires already defined for this Rdef"); … … 675 676 | tokNetwork = <NETWORK> 676 677 { 677 if (dobj.GetSysResourceState(SystemResourceTypes.network) == SysResourceState.No) 678 { 679 dobj.SetSysResourceState(SystemResourceTypes.network,SysResourceState.Yes); 678 679 int nTypeID = SystemResourceTypes.getTypeID (tokNetwork.image); 680 if (dobj.GetSysResourceState(nTypeID) == SysResourceState.No) 681 { 682 dobj.SetSysResourceState(nTypeID,SysResourceState.Yes); 680 683 } 681 684 else … … 716 719 { 717 720 if (dobj.GetSysResourceState (SystemResourceTypes.dir) == SysResourceState.Optional 718 || dobj.GetSysResourceState (SystemResourceTypes.network) == SysResourceState.Optional 719 || dobj.GetSysResourceState (SystemResourceTypes.file) == SysResourceState.Optional) 721 || dobj.GetSysResourceState (SystemResourceTypes.file) == SysResourceState.Optional 722 || dobj.GetSysResourceState (SystemResourceTypes.ipsec) == SysResourceState.Optional 723 || dobj.GetSysResourceState (SystemResourceTypes.secmark) == SysResourceState.Optional ) 720 724 { 721 725 errorGenerate(opt, "Optionals already defined for this Rdef"); … … 736 740 | tokNetwork = <NETWORK> 737 741 { 738 if (dobj.GetSysResourceState(SystemResourceTypes.network) == SysResourceState.No) 739 { 740 dobj.SetSysResourceState(SystemResourceTypes.network,SysResourceState.Optional); 742 int nTypeID = SystemResourceTypes.getTypeID (tokNetwork.image); 743 if (dobj.GetSysResourceState (nTypeID) == SysResourceState.No) 744 { 745 dobj.SetSysResourceState (nTypeID,SysResourceState.Optional); 741 746 } 742 747 else branches/networking/src/com/tresys/framework/compiler/dictionary/DictionaryValidator.java
r1949 r2045 80 80 { 81 81 // i_rdef.GetToken ().Error ("No Owner specified"); 82 m_errHandler.ProjectError ( "No Owner specified");82 m_errHandler.ProjectError (i_rdef.toString () + ": No Owner specified"); 83 83 } 84 84 } branches/networking/src/com/tresys/framework/compiler/dictionary/Rdef.java
r2029 r2045 60 60 61 61 // the state of system resources 62 private int /* SysResourceState */[] sysResStates;62 private final int /* SysResourceState */[] sysResStates = new int [SystemResourceTypes.Size]; 63 63 64 64 /** … … 76 76 accessAllResource = new HashMap/* <String, PermVector> */(); 77 77 78 sysResStates = new int /* SysResourceState */[SystemResourceTypes.Size];78 // sysResStates = new int /* SysResourceState */[SystemResourceTypes.Size]; 79 79 // for (SystemResourceTypes st:SystemResourceTypes.values()) 80 80 for (int i = 0; i < SystemResourceTypes.Size; i++) … … 100 100 public void SetSysResourceState (int /* SystemResourceTypes */type, int /* SysResourceState */state) 101 101 { 102 if (type >= SystemResourceTypes.Size) 103 throw new IllegalArgumentException (); 102 104 sysResStates[type] = state; 103 105 } … … 112 114 public int /* SysResourceState */GetSysResourceState (int /* SystemResourceTypes */type) 113 115 { 116 if (type >= SystemResourceTypes.Size) 117 throw new IllegalArgumentException (); 114 118 return sysResStates[type]; 115 119 } branches/networking/src/com/tresys/framework/compiler/policy/SystemResourceValidator.java
r2030 r2045 30 30 import com.tresys.framework.compiler.systemResources.DirResource; 31 31 import com.tresys.framework.compiler.systemResources.FileResource; 32 import com.tresys.framework.compiler.systemResources.NetworkResource; 32 33 import com.tresys.framework.compiler.systemResources.SystemResource; 33 34 import com.tresys.framework.compiler.systemResources.SystemResourceTypes; … … 116 117 if (dobject.GetSysResourceState(SystemResourceTypes.dir) == SysResourceState.Yes 117 118 || dobject.GetSysResourceState(SystemResourceTypes.file) == SysResourceState.Yes 118 || dobject.GetSysResourceState(SystemResourceTypes.network) == SysResourceState.Yes) 119 || dobject.GetSysResourceState(SystemResourceTypes.ipsec) == SysResourceState.Yes 120 || dobject.GetSysResourceState(SystemResourceTypes.secmark) == SysResourceState.Yes) 119 121 { 120 122 boolean dirFound = false; … … 137 139 buildParentPaths (i_component, sr); 138 140 } 141 if (sr instanceof NetworkResource) 142 { 143 netFound = true; 144 } 139 145 } 140 146 } … … 173 179 } 174 180 } 175 else if (dobject.GetSysResourceState(SystemResourceTypes.network) == SysResourceState.Yes) 181 else if (dobject.GetSysResourceState(SystemResourceTypes.ipsec) == SysResourceState.Yes 182 || dobject.GetSysResourceState(SystemResourceTypes.secmark) == SysResourceState.Yes) 176 183 { 177 184 if (!netFound) … … 217 224 if (dobject.GetSysResourceState(SystemResourceTypes.dir) == SysResourceState.Yes 218 225 || dobject.GetSysResourceState(SystemResourceTypes.file) == SysResourceState.Yes 219 || dobject.GetSysResourceState(SystemResourceTypes.network) == SysResourceState.Yes) 226 // || dobject.GetSysResourceState(SystemResourceTypes.ipsec) == SysResourceState.Yes 227 // || dobject.GetSysResourceState(SystemResourceTypes.secmark) == SysResourceState.Yes 228 ) 220 229 { 221 230 if (res.GetSystemResources(dobject) != null) branches/networking/src/com/tresys/framework/compiler/systemResources/NetworkResource.java
r1825 r2045 9 9 package com.tresys.framework.compiler.systemResources; 10 10 11 import com.tresys.framework.compiler.dictionary.IDictionaryObject; 12 11 13 //import com.tresys.framework.compiler.dictionary.Extern; 12 14 … … 14 16 * This class represents network resources. 15 17 */ 16 //public final class NetworkResource extends SystemResource { 17 /** 18 * NetworkResource constructor takes a interface name 19 * and builds a NetworkResource. 20 * 21 * @param _interface Interface name. 22 * @param type The type of the system resource. 23 * @param _extern The Extern this resource is associated with. 24 */ 25 //public NetworkResource(String _interface, Extern _extern) { 26 // super(_interface, SystemResourceTypes.network, _extern); 27 // } 28 //public NetworkResource(String _interface) { 29 // super(_interface, SystemResourceTypes.network, _extern); 30 // } 31 //} 18 public abstract class NetworkResource 19 extends SystemResource 20 { 21 22 23 protected NetworkResource (String i_sName, int i_nType, IDictionaryObject i_do) 24 { 25 super (i_sName, i_nType, i_do); 26 } 27 } branches/networking/src/com/tresys/framework/compiler/systemResources/SystemResourceTypes.java
r1949 r2045 23 23 * @see Targets 24 24 */ 25 public interfaceSystemResourceTypes25 public abstract class SystemResourceTypes 26 26 { 27 27 public final static int dir = 0; 28 29 28 public final static int file = 1; 30 29 31 public final static int network = 2; 32 33 public static final int Size = 3; 30 // network stuff 31 // public final static int network = 2; 32 public final static int ipsec = 2; 33 public final static int secmark = 3; 34 35 public static final int Size = 4; 36 37 public static int getTypeID (String i_sType) 38 { 39 if (i_sType.equals ("dir")) 40 return dir; 41 if (i_sType.equals ("file")) 42 return file; 43 if (i_sType.equals ("ipsec")) 44 return ipsec; 45 if (i_sType.equals ("secmark")) 46 return secmark; 47 48 return 0; 49 } 34 50 } branches/networking/src/com/tresys/framework/compiler/systemResources/SystemResourcesParser.jj
r2030 r2045 40 40 41 41 import java.io.Reader; 42 import java.util.Iterator; 42 43 import java.util.Map; 43 44 import java.util.HashMap; 45 import java.util.Vector; 44 46 45 47 /*@SuppressWarnings({"unchecked","unused","serial"})*/ … … 187 189 /* DEFAULT: Default lexical State rdef level reserved words */ 188 190 TOKEN: { 189 <LBRACE : "{"> { SwitchTo (++depth == 2 ? NORES_STATE : DEFAULT); }191 <LBRACE : "{"> { SwitchTo (++depth >= 2 ? NORES_STATE : DEFAULT); } 190 192 |<RBRACE : "}"> { depth--; } 191 193 } … … 205 207 )* 206 208 "\""> 207 |<NR_RBRACE : "}"> { depth--; SwitchTo(DEFAULT); } 209 |<NR_RBRACE : "}"> { SwitchTo(--depth < 2 ? DEFAULT : NORES_STATE); } 210 |<NR_LBRACE : "{" > { depth++; } 208 211 |<NETWORK : "network"> 209 212 |<COLON : ":"> 213 |<PROTOCOL : "udp" | "tcp" > 214 |<DEVICE : <ALPHA>(<ALPHA>|<DIGITS>)+ > 215 // |<IP : (["0"-"9"]){3}"."(["0"-"9"]){3}"."(["0"-"9"]){3}"."(["0"-"9"]){3} > 216 |<IP : <DIGITS>"."<DIGITS>"."<DIGITS>"."<DIGITS> > 217 |<PORT : <DIGITS> > 210 218 } 211 219 … … 309 317 } 310 318 <LBRACE> 311 (RdefPath(comp, dobj) )+319 (RdefPath(comp, dobj)|RdefNetwork(comp, dobj))+ 312 320 <NR_RBRACE> 313 321 } … … 337 345 } 338 346 347 void RdefNetwork (ComponentWithDictObjects comp, IDictionaryObject dobj): 348 { 349 Token dev, ip, port, protocol; 350 String ipAddr = null, sDevice = null; 351 352 Vector ports = new Vector (); 353 NetworkInfo localInfo; 354 NetworkInfo remoteInfo; 355 Token errTok = null; 356 } 357 { 358 LOOKAHEAD(4) 359 // ipsec 360 ( 361 <NR_LBRACE> 362 ip = <IP> 363 { 364 ipAddr = ip.image; 365 errTok = ip; 366 } 367 <NR_RBRACE> 368 <NR_LBRACE> 369 (port = <PORT> 370 { 371 ports.add (port.image); 372 })* 373 <NR_RBRACE> 374 { 375 int [] aports = null; 376 if (ports.size () > 0) 377 { 378 aports = new int [ports.size ()]; 379 int i = 0; 380 for (Iterator itr = ports.iterator (); itr.hasNext (); i++) 381 { 382 aports[i] = Integer.parseInt (itr.next ().toString ()); 383 } 384 } 385 localInfo = new NetworkInfo (null, ipAddr, aports); 386 NetworkResource network = new LabeledNetworkResource (localInfo, dobj); 387 if (!policy.Add (comp, dobj, network)) 388 { 389 errorGenerate (errTok, "A single system resource cannot be associated with multiple components", ErrorHandler.ERROR_DUPLICATE_FILE, comp.getName ()); 390 } 391 } 392 ) 393 | 394 // secmark 395 ( 396 <NR_LBRACE> 397 (dev = <DEVICE> 398 { 399 sDevice = dev.image; 400 if (errTok == null) 401 errTok = dev; 402 } 403 )? 404 <NR_RBRACE> 405 <NR_LBRACE> 406 (ip = <IP> 407 { 408 ipAddr = ip.image; 409 if (errTok == null) 410 errTok = ip; 411 } 412 )? 413 <NR_RBRACE> 414 <NR_LBRACE> 415 (port = <PORT> 416 { 417 ports.add (port.image); 418 { 419 if (errTok == null) 420 errTok = port; 421 } 422 })* 423 <NR_RBRACE> 424 { 425 { 426 int [] aports = null; 427 if (ports.size () > 0) 428 { 429 aports = new int [ports.size ()]; 430 int i = 0; 431 for (Iterator itr = ports.iterator (); itr.hasNext (); i++) 432 { 433 aports[i] = Integer.parseInt (itr.next ().toString ()); 434 } 435 } 436 localInfo = new NetworkInfo (sDevice, ipAddr, aports); 437 } 438 439 sDevice = null; 440 ipAddr = null; 441 ports.clear (); 442 } 443 <NR_LBRACE> 444 (dev = <DEVICE> 445 { 446 sDevice = dev.image; 447 if (errTok == null) 448 errTok = dev; 449 })? 450 <NR_RBRACE> 451 <NR_LBRACE> 452 (ip = <IP> 453 { 454 ipAddr = ip.image; 455 if (errTok == null) 456 errTok = ip; 457 })? 458 <NR_RBRACE> 459 <NR_LBRACE> 460 (port = <PORT> 461 { 462 ports.add (port.image); 463 if (errTok == null) 464 errTok = port; 465 })* 466 <NR_RBRACE> 467 { 468 { 469 int [] aports = null; 470 if (ports.size () > 0) 471 { 472 aports = new int [ports.size ()]; 473 int i = 0; 474 for (Iterator itr = ports.iterator (); itr.hasNext (); i++) 475 { 476 aports[i] = Integer.parseInt (itr.next ().toString ()); 477 } 478 } 479 remoteInfo = new NetworkInfo (sDevice, ipAddr, aports); 480 } 481 } 482 <NR_LBRACE> 483 protocol = <PROTOCOL> 484 { 485 if (errTok == null) 486 errTok = protocol; 487 } 488 <NR_RBRACE> 489 { 490 NetworkResource network = new IPTablesNetworkResource (localInfo, remoteInfo, protocol.image, dobj); 491 if (!policy.Add (comp, dobj, network)) 492 { 493 errorGenerate (errTok, "A single system resource cannot be associated with multiple components", ErrorHandler.ERROR_DUPLICATE_FILE, comp.getName ()); 494 } 495 } 496 ) 497 } 498 339 499 /** 340 500 * Parses a directory name … … 378 538 Map attributes = new HashMap (); 379 539 attributes.put (ErrorHandler.ATTR_PATH, sPath); 380 errorGenerate (tokDir, "A single system resource cannot be associated with multiple components: " + sPath, ErrorHandler.ERROR_DUPLICATE_FILE, comp.getName () );540 errorGenerate (tokDir, "A single system resource cannot be associated with multiple components: " + sPath, ErrorHandler.ERROR_DUPLICATE_FILE, comp.getName (), attributes); 381 541 } 382 542 }
