+++ /dev/null
-#
-# Define the access vectors.
-#
-# class class_name { permission_name ... }
-
-class xen
-{
- scheduler
- settime
- tbufcontrol
- readconsole
- clearconsole
- perfcontrol
- mtrr_add
- mtrr_del
- mtrr_read
- microcode
- physinfo
- quirk
- writeconsole
- readapic
- writeapic
- privprofile
- nonprivprofile
- kexec
- firmware
- sleep
- frequency
- getidle
- debug
- getcpuinfo
- heap
- pm_op
- mca_op
- lockprof
- cpupool_op
- sched_op
-}
-
-class domain
-{
- setvcpucontext
- pause
- unpause
- resume
- create
- transition
- max_vcpus
- destroy
- setvcpuaffinity
- getvcpuaffinity
- scheduler
- getdomaininfo
- getvcpuinfo
- getvcpucontext
- setdomainmaxmem
- setdomainhandle
- setdebugging
- hypercall
- settime
- set_target
- shutdown
- setaddrsize
- getaddrsize
- trigger
- getextvcpucontext
- setextvcpucontext
- getvcpuextstate
- setvcpuextstate
- getpodtarget
- setpodtarget
- set_misc_info
- set_virq_handler
-}
-
-class domain2
-{
- relabelfrom
- relabelto
- relabelself
-}
-
-class hvm
-{
- sethvmc
- gethvmc
- setparam
- getparam
- pcilevel
- irqlevel
- pciroute
- bind_irq
- cacheattr
- trackdirtyvram
- hvmctl
- mem_event
- mem_sharing
-}
-
-class event
-{
- bind
- send
- status
- notify
- create
- reset
-}
-
-class grant
-{
- map_read
- map_write
- unmap
- transfer
- setup
- copy
- query
-}
-
-class mmu
-{
- map_read
- map_write
- pageinfo
- pagelist
- adjust
- stat
- translategp
- updatemp
- physmap
- pinpage
- mfnlist
- memorymap
- remote_remap
-}
-
-class shadow
-{
- disable
- enable
- logdirty
-}
-
-class resource
-{
- add
- remove
- use
- add_irq
- remove_irq
- add_ioport
- remove_ioport
- add_iomem
- remove_iomem
- stat_device
- add_device
- remove_device
- plug
- unplug
- setup
-}
-
-class security
-{
- compute_av
- compute_create
- compute_member
- check_context
- load_policy
- compute_relabel
- compute_user
- setenforce
- setbool
- setsecparam
- add_ocontext
- del_ocontext
-}
+++ /dev/null
-# FLASK
-
-#
-# Define initial security identifiers
-#
-sid xen
-sid dom0
-sid domio
-sid domxen
-sid unlabeled
-sid security
-sid ioport
-sid iomem
-sid irq
-sid device
-# FLASK
+++ /dev/null
-#!/bin/sh -
-#
-
-# FLASK
-
-set -e
-
-awk=$1
-shift
-
-# output files
-av_permissions="include/av_permissions.h"
-av_perm_to_string="include/av_perm_to_string.h"
-
-cat $* | $awk "
-BEGIN {
- outfile = \"$av_permissions\"
- avpermfile = \"$av_perm_to_string\"
- "'
- nextstate = "COMMON_OR_AV";
- printf("/* This file is automatically generated. Do not edit. */\n") > outfile;
- printf("/* This file is automatically generated. Do not edit. */\n") > avpermfile;
-;
- }
-/^[ \t]*#/ {
- next;
- }
-$1 == "class" {
- if (nextstate != "COMMON_OR_AV" &&
- nextstate != "CLASS_OR_CLASS-OPENBRACKET")
- {
- printf("Parse error: Unexpected class definition on line %d\n", NR);
- next;
- }
-
- tclass = $2;
-
- if (tclass in av_defined)
- {
- printf("Duplicate access vector definition for %s on line %d\n", tclass, NR);
- next;
- }
- av_defined[tclass] = 1;
-
- permission = 1;
-
- nextstate = "INHERITS_OR_CLASS-OPENBRACKET";
- next;
- }
-$1 == "{" {
- if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET" &&
- nextstate != "CLASS_OR_CLASS-OPENBRACKET" &&
- nextstate != "COMMON-OPENBRACKET")
- {
- printf("Parse error: Unexpected { on line %d\n", NR);
- next;
- }
-
- if (nextstate == "INHERITS_OR_CLASS-OPENBRACKET")
- nextstate = "CLASS-CLOSEBRACKET";
-
- if (nextstate == "CLASS_OR_CLASS-OPENBRACKET")
- nextstate = "CLASS-CLOSEBRACKET";
-
- if (nextstate == "COMMON-OPENBRACKET")
- nextstate = "COMMON-CLOSEBRACKET";
- }
-/[a-z][a-z_]*/ {
- if (nextstate != "COMMON-CLOSEBRACKET" &&
- nextstate != "CLASS-CLOSEBRACKET")
- {
- printf("Parse error: Unexpected symbol %s on line %d\n", $1, NR);
- next;
- }
-
- if (nextstate == "COMMON-CLOSEBRACKET")
- {
- if ((common_name,$1) in common_perms)
- {
- printf("Duplicate permission %s for common %s on line %d.\n", $1, common_name, NR);
- next;
- }
-
- common_perms[common_name,$1] = permission;
-
- printf("#define COMMON_%s__%s", toupper(common_name), toupper($1)) > outfile;
-
- printf(" S_(\"%s\")\n", $1) > cpermfile;
- }
- else
- {
- if ((tclass,$1) in av_perms)
- {
- printf("Duplicate permission %s for %s on line %d.\n", $1, tclass, NR);
- next;
- }
-
- av_perms[tclass,$1] = permission;
-
- printf("#define %s__%s", toupper(tclass), toupper($1)) > outfile;
-
- printf(" S_(SECCLASS_%s, %s__%s, \"%s\")\n", toupper(tclass), toupper(tclass), toupper($1), $1) > avpermfile;
- }
-
- spaces = 40 - (length($1) + length(tclass));
- if (spaces < 1)
- spaces = 1;
-
- for (i = 0; i < spaces; i++)
- printf(" ") > outfile;
- printf("0x%08xUL\n", permission) > outfile;
- permission = permission * 2;
- }
-$1 == "}" {
- if (nextstate != "CLASS-CLOSEBRACKET" &&
- nextstate != "COMMON-CLOSEBRACKET")
- {
- printf("Parse error: Unexpected } on line %d\n", NR);
- next;
- }
-
- if (nextstate == "COMMON-CLOSEBRACKET")
- {
- common_base[common_name] = permission;
- printf("TE_(common_%s_perm_to_string)\n\n", common_name) > cpermfile;
- }
-
- printf("\n") > outfile;
-
- nextstate = "COMMON_OR_AV";
- }
-END {
- if (nextstate != "COMMON_OR_AV" && nextstate != "CLASS_OR_CLASS-OPENBRACKET")
- printf("Parse error: Unexpected end of file\n");
-
- }'
-
-# FLASK
+++ /dev/null
-#!/bin/sh -
-#
-
-# FLASK
-
-set -e
-
-awk=$1
-shift 1
-
-# output file
-output_file="include/flask.h"
-debug_file="include/class_to_string.h"
-debug_file2="include/initial_sid_to_string.h"
-
-cat $* | $awk "
-BEGIN {
- outfile = \"$output_file\"
- debugfile = \"$debug_file\"
- debugfile2 = \"$debug_file2\"
- "'
- nextstate = "CLASS";
-
- printf("/* This file is automatically generated. Do not edit. */\n") > outfile;
-
- printf("#ifndef _SELINUX_FLASK_H_\n") > outfile;
- printf("#define _SELINUX_FLASK_H_\n") > outfile;
- printf("\n/*\n * Security object class definitions\n */\n") > outfile;
- printf("/* This file is automatically generated. Do not edit. */\n") > debugfile;
- printf("/*\n * Security object class definitions\n */\n") > debugfile;
- printf(" S_(\"null\")\n") > debugfile;
- printf("/* This file is automatically generated. Do not edit. */\n") > debugfile2;
- printf("static char *initial_sid_to_string[] =\n{\n") > debugfile2;
- printf(" \"null\",\n") > debugfile2;
- }
-/^[ \t]*#/ {
- next;
- }
-$1 == "class" {
- if (nextstate != "CLASS")
- {
- printf("Parse error: Unexpected class definition on line %d\n", NR);
- next;
- }
-
- if ($2 in class_found)
- {
- printf("Duplicate class definition for %s on line %d.\n", $2, NR);
- next;
- }
- class_found[$2] = 1;
-
- class_value++;
-
- printf("#define SECCLASS_%s", toupper($2)) > outfile;
- for (i = 0; i < 40 - length($2); i++)
- printf(" ") > outfile;
- printf("%d\n", class_value) > outfile;
-
- printf(" S_(\"%s\")\n", $2) > debugfile;
- }
-$1 == "sid" {
- if (nextstate == "CLASS")
- {
- nextstate = "SID";
- printf("\n/*\n * Security identifier indices for initial entities\n */\n") > outfile;
- }
-
- if ($2 in sid_found)
- {
- printf("Duplicate SID definition for %s on line %d.\n", $2, NR);
- next;
- }
- sid_found[$2] = 1;
- sid_value++;
-
- printf("#define SECINITSID_%s", toupper($2)) > outfile;
- for (i = 0; i < 37 - length($2); i++)
- printf(" ") > outfile;
- printf("%d\n", sid_value) > outfile;
- printf(" \"%s\",\n", $2) > debugfile2;
- }
-END {
- if (nextstate != "SID")
- printf("Parse error: Unexpected end of file\n");
-
- printf("\n#define SECINITSID_NUM") > outfile;
- for (i = 0; i < 34; i++)
- printf(" ") > outfile;
- printf("%d\n", sid_value) > outfile;
- printf("\n#endif\n") > outfile;
- printf("};\n\n") > debugfile2;
- }'
-
-# FLASK
+++ /dev/null
-# FLASK
-
-#
-# Define the security object classes
-#
-
-# Classes marked as userspace are classes
-# for userspace object managers
-
-class xen
-class domain
-class domain2
-class hvm
-class mmu
-class resource
-class shadow
-class event
-class grant
-class security
-
-# FLASK
--- /dev/null
+#
+# Define the access vectors.
+#
+# class class_name { permission_name ... }
+
+class xen
+{
+ scheduler
+ settime
+ tbufcontrol
+ readconsole
+ clearconsole
+ perfcontrol
+ mtrr_add
+ mtrr_del
+ mtrr_read
+ microcode
+ physinfo
+ quirk
+ writeconsole
+ readapic
+ writeapic
+ privprofile
+ nonprivprofile
+ kexec
+ firmware
+ sleep
+ frequency
+ getidle
+ debug
+ getcpuinfo
+ heap
+ pm_op
+ mca_op
+ lockprof
+ cpupool_op
+ sched_op
+}
+
+class domain
+{
+ setvcpucontext
+ pause
+ unpause
+ resume
+ create
+ transition
+ max_vcpus
+ destroy
+ setvcpuaffinity
+ getvcpuaffinity
+ scheduler
+ getdomaininfo
+ getvcpuinfo
+ getvcpucontext
+ setdomainmaxmem
+ setdomainhandle
+ setdebugging
+ hypercall
+ settime
+ set_target
+ shutdown
+ setaddrsize
+ getaddrsize
+ trigger
+ getextvcpucontext
+ setextvcpucontext
+ getvcpuextstate
+ setvcpuextstate
+ getpodtarget
+ setpodtarget
+ set_misc_info
+ set_virq_handler
+}
+
+class domain2
+{
+ relabelfrom
+ relabelto
+ relabelself
+}
+
+class hvm
+{
+ sethvmc
+ gethvmc
+ setparam
+ getparam
+ pcilevel
+ irqlevel
+ pciroute
+ bind_irq
+ cacheattr
+ trackdirtyvram
+ hvmctl
+ mem_event
+ mem_sharing
+}
+
+class event
+{
+ bind
+ send
+ status
+ notify
+ create
+ reset
+}
+
+class grant
+{
+ map_read
+ map_write
+ unmap
+ transfer
+ setup
+ copy
+ query
+}
+
+class mmu
+{
+ map_read
+ map_write
+ pageinfo
+ pagelist
+ adjust
+ stat
+ translategp
+ updatemp
+ physmap
+ pinpage
+ mfnlist
+ memorymap
+ remote_remap
+}
+
+class shadow
+{
+ disable
+ enable
+ logdirty
+}
+
+class resource
+{
+ add
+ remove
+ use
+ add_irq
+ remove_irq
+ add_ioport
+ remove_ioport
+ add_iomem
+ remove_iomem
+ stat_device
+ add_device
+ remove_device
+ plug
+ unplug
+ setup
+}
+
+class security
+{
+ compute_av
+ compute_create
+ compute_member
+ check_context
+ load_policy
+ compute_relabel
+ compute_user
+ setenforce
+ setbool
+ setsecparam
+ add_ocontext
+ del_ocontext
+}
--- /dev/null
+# FLASK
+
+#
+# Define initial security identifiers
+#
+sid xen
+sid dom0
+sid domio
+sid domxen
+sid unlabeled
+sid security
+sid ioport
+sid iomem
+sid irq
+sid device
+# FLASK
--- /dev/null
+#!/bin/sh -
+#
+
+# FLASK
+
+set -e
+
+awk=$1
+shift
+
+# output files
+av_permissions="include/av_permissions.h"
+av_perm_to_string="include/av_perm_to_string.h"
+
+cat $* | $awk "
+BEGIN {
+ outfile = \"$av_permissions\"
+ avpermfile = \"$av_perm_to_string\"
+ "'
+ nextstate = "COMMON_OR_AV";
+ printf("/* This file is automatically generated. Do not edit. */\n") > outfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > avpermfile;
+;
+ }
+/^[ \t]*#/ {
+ next;
+ }
+$1 == "class" {
+ if (nextstate != "COMMON_OR_AV" &&
+ nextstate != "CLASS_OR_CLASS-OPENBRACKET")
+ {
+ printf("Parse error: Unexpected class definition on line %d\n", NR);
+ next;
+ }
+
+ tclass = $2;
+
+ if (tclass in av_defined)
+ {
+ printf("Duplicate access vector definition for %s on line %d\n", tclass, NR);
+ next;
+ }
+ av_defined[tclass] = 1;
+
+ permission = 1;
+
+ nextstate = "INHERITS_OR_CLASS-OPENBRACKET";
+ next;
+ }
+$1 == "{" {
+ if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET" &&
+ nextstate != "CLASS_OR_CLASS-OPENBRACKET" &&
+ nextstate != "COMMON-OPENBRACKET")
+ {
+ printf("Parse error: Unexpected { on line %d\n", NR);
+ next;
+ }
+
+ if (nextstate == "INHERITS_OR_CLASS-OPENBRACKET")
+ nextstate = "CLASS-CLOSEBRACKET";
+
+ if (nextstate == "CLASS_OR_CLASS-OPENBRACKET")
+ nextstate = "CLASS-CLOSEBRACKET";
+
+ if (nextstate == "COMMON-OPENBRACKET")
+ nextstate = "COMMON-CLOSEBRACKET";
+ }
+/[a-z][a-z_]*/ {
+ if (nextstate != "COMMON-CLOSEBRACKET" &&
+ nextstate != "CLASS-CLOSEBRACKET")
+ {
+ printf("Parse error: Unexpected symbol %s on line %d\n", $1, NR);
+ next;
+ }
+
+ if (nextstate == "COMMON-CLOSEBRACKET")
+ {
+ if ((common_name,$1) in common_perms)
+ {
+ printf("Duplicate permission %s for common %s on line %d.\n", $1, common_name, NR);
+ next;
+ }
+
+ common_perms[common_name,$1] = permission;
+
+ printf("#define COMMON_%s__%s", toupper(common_name), toupper($1)) > outfile;
+
+ printf(" S_(\"%s\")\n", $1) > cpermfile;
+ }
+ else
+ {
+ if ((tclass,$1) in av_perms)
+ {
+ printf("Duplicate permission %s for %s on line %d.\n", $1, tclass, NR);
+ next;
+ }
+
+ av_perms[tclass,$1] = permission;
+
+ printf("#define %s__%s", toupper(tclass), toupper($1)) > outfile;
+
+ printf(" S_(SECCLASS_%s, %s__%s, \"%s\")\n", toupper(tclass), toupper(tclass), toupper($1), $1) > avpermfile;
+ }
+
+ spaces = 40 - (length($1) + length(tclass));
+ if (spaces < 1)
+ spaces = 1;
+
+ for (i = 0; i < spaces; i++)
+ printf(" ") > outfile;
+ printf("0x%08xUL\n", permission) > outfile;
+ permission = permission * 2;
+ }
+$1 == "}" {
+ if (nextstate != "CLASS-CLOSEBRACKET" &&
+ nextstate != "COMMON-CLOSEBRACKET")
+ {
+ printf("Parse error: Unexpected } on line %d\n", NR);
+ next;
+ }
+
+ if (nextstate == "COMMON-CLOSEBRACKET")
+ {
+ common_base[common_name] = permission;
+ printf("TE_(common_%s_perm_to_string)\n\n", common_name) > cpermfile;
+ }
+
+ printf("\n") > outfile;
+
+ nextstate = "COMMON_OR_AV";
+ }
+END {
+ if (nextstate != "COMMON_OR_AV" && nextstate != "CLASS_OR_CLASS-OPENBRACKET")
+ printf("Parse error: Unexpected end of file\n");
+
+ }'
+
+# FLASK
--- /dev/null
+#!/bin/sh -
+#
+
+# FLASK
+
+set -e
+
+awk=$1
+shift 1
+
+# output file
+output_file="include/flask.h"
+debug_file="include/class_to_string.h"
+debug_file2="include/initial_sid_to_string.h"
+
+cat $* | $awk "
+BEGIN {
+ outfile = \"$output_file\"
+ debugfile = \"$debug_file\"
+ debugfile2 = \"$debug_file2\"
+ "'
+ nextstate = "CLASS";
+
+ printf("/* This file is automatically generated. Do not edit. */\n") > outfile;
+
+ printf("#ifndef _SELINUX_FLASK_H_\n") > outfile;
+ printf("#define _SELINUX_FLASK_H_\n") > outfile;
+ printf("\n/*\n * Security object class definitions\n */\n") > outfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > debugfile;
+ printf("/*\n * Security object class definitions\n */\n") > debugfile;
+ printf(" S_(\"null\")\n") > debugfile;
+ printf("/* This file is automatically generated. Do not edit. */\n") > debugfile2;
+ printf("static char *initial_sid_to_string[] =\n{\n") > debugfile2;
+ printf(" \"null\",\n") > debugfile2;
+ }
+/^[ \t]*#/ {
+ next;
+ }
+$1 == "class" {
+ if (nextstate != "CLASS")
+ {
+ printf("Parse error: Unexpected class definition on line %d\n", NR);
+ next;
+ }
+
+ if ($2 in class_found)
+ {
+ printf("Duplicate class definition for %s on line %d.\n", $2, NR);
+ next;
+ }
+ class_found[$2] = 1;
+
+ class_value++;
+
+ printf("#define SECCLASS_%s", toupper($2)) > outfile;
+ for (i = 0; i < 40 - length($2); i++)
+ printf(" ") > outfile;
+ printf("%d\n", class_value) > outfile;
+
+ printf(" S_(\"%s\")\n", $2) > debugfile;
+ }
+$1 == "sid" {
+ if (nextstate == "CLASS")
+ {
+ nextstate = "SID";
+ printf("\n/*\n * Security identifier indices for initial entities\n */\n") > outfile;
+ }
+
+ if ($2 in sid_found)
+ {
+ printf("Duplicate SID definition for %s on line %d.\n", $2, NR);
+ next;
+ }
+ sid_found[$2] = 1;
+ sid_value++;
+
+ printf("#define SECINITSID_%s", toupper($2)) > outfile;
+ for (i = 0; i < 37 - length($2); i++)
+ printf(" ") > outfile;
+ printf("%d\n", sid_value) > outfile;
+ printf(" \"%s\",\n", $2) > debugfile2;
+ }
+END {
+ if (nextstate != "SID")
+ printf("Parse error: Unexpected end of file\n");
+
+ printf("\n#define SECINITSID_NUM") > outfile;
+ for (i = 0; i < 34; i++)
+ printf(" ") > outfile;
+ printf("%d\n", sid_value) > outfile;
+ printf("\n#endif\n") > outfile;
+ printf("};\n\n") > debugfile2;
+ }'
+
+# FLASK
--- /dev/null
+# FLASK
+
+#
+# Define the security object classes
+#
+
+# Classes marked as userspace are classes
+# for userspace object managers
+
+class xen
+class domain
+class domain2
+class hvm
+class mmu
+class resource
+class shadow
+class event
+class grant
+class security
+
+# FLASK
projects / xen.git / commitdiff