16cd6a6acSopenharmony_ci 26cd6a6acSopenharmony_ci/* 36cd6a6acSopenharmony_ci * Author : Stephen Smalley, <sds@tycho.nsa.gov> 46cd6a6acSopenharmony_ci */ 56cd6a6acSopenharmony_ci 66cd6a6acSopenharmony_ci/* 76cd6a6acSopenharmony_ci * Updated: Trusted Computer Solutions, Inc. <dgoeddel@trustedcs.com> 86cd6a6acSopenharmony_ci * 96cd6a6acSopenharmony_ci * Support for enhanced MLS infrastructure. 106cd6a6acSopenharmony_ci * 116cd6a6acSopenharmony_ci * Updated: David Caplan, <dac@tresys.com> 126cd6a6acSopenharmony_ci * 136cd6a6acSopenharmony_ci * Added conditional policy language extensions 146cd6a6acSopenharmony_ci * 156cd6a6acSopenharmony_ci * Updated: Joshua Brindle <jbrindle@tresys.com> 166cd6a6acSopenharmony_ci * Karl MacMillan <kmacmillan@mentalrootkit.com> 176cd6a6acSopenharmony_ci * Jason Tang <jtang@tresys.com> 186cd6a6acSopenharmony_ci * 196cd6a6acSopenharmony_ci * Added support for binary policy modules 206cd6a6acSopenharmony_ci * 216cd6a6acSopenharmony_ci * Copyright (C) 2004-2005 Trusted Computer Solutions, Inc. 226cd6a6acSopenharmony_ci * Copyright (C) 2003 - 2008 Tresys Technology, LLC 236cd6a6acSopenharmony_ci * Copyright (C) 2007 Red Hat Inc. 246cd6a6acSopenharmony_ci * Copyright (C) 2017 Mellanox Technologies Inc. 256cd6a6acSopenharmony_ci * This program is free software; you can redistribute it and/or modify 266cd6a6acSopenharmony_ci * it under the terms of the GNU General Public License as published by 276cd6a6acSopenharmony_ci * the Free Software Foundation, version 2. 286cd6a6acSopenharmony_ci */ 296cd6a6acSopenharmony_ci 306cd6a6acSopenharmony_ci/* FLASK */ 316cd6a6acSopenharmony_ci 326cd6a6acSopenharmony_ci%{ 336cd6a6acSopenharmony_ci#include <sys/types.h> 346cd6a6acSopenharmony_ci#include <assert.h> 356cd6a6acSopenharmony_ci#include <stdarg.h> 366cd6a6acSopenharmony_ci#include <stdint.h> 376cd6a6acSopenharmony_ci#include <stdio.h> 386cd6a6acSopenharmony_ci#include <stdlib.h> 396cd6a6acSopenharmony_ci#include <string.h> 406cd6a6acSopenharmony_ci#include <sys/socket.h> 416cd6a6acSopenharmony_ci#include <netinet/in.h> 426cd6a6acSopenharmony_ci#include <arpa/inet.h> 436cd6a6acSopenharmony_ci#include <stdlib.h> 446cd6a6acSopenharmony_ci 456cd6a6acSopenharmony_ci#include <sepol/policydb/expand.h> 466cd6a6acSopenharmony_ci#include <sepol/policydb/policydb.h> 476cd6a6acSopenharmony_ci#include <sepol/policydb/services.h> 486cd6a6acSopenharmony_ci#include <sepol/policydb/conditional.h> 496cd6a6acSopenharmony_ci#include <sepol/policydb/hierarchy.h> 506cd6a6acSopenharmony_ci#include <sepol/policydb/polcaps.h> 516cd6a6acSopenharmony_ci#include "queue.h" 526cd6a6acSopenharmony_ci#include "checkpolicy.h" 536cd6a6acSopenharmony_ci#include "module_compiler.h" 546cd6a6acSopenharmony_ci#include "policy_define.h" 556cd6a6acSopenharmony_ci 566cd6a6acSopenharmony_ciextern policydb_t *policydbp; 576cd6a6acSopenharmony_ciextern unsigned int pass; 586cd6a6acSopenharmony_ci 596cd6a6acSopenharmony_ciextern char yytext[]; 606cd6a6acSopenharmony_ciextern int yylex(void); 616cd6a6acSopenharmony_ciextern int yywarn(const char *msg); 626cd6a6acSopenharmony_ciextern int yyerror(const char *msg); 636cd6a6acSopenharmony_ci 646cd6a6acSopenharmony_citypedef int (* require_func_t)(int pass); 656cd6a6acSopenharmony_ci 666cd6a6acSopenharmony_ci%} 676cd6a6acSopenharmony_ci 686cd6a6acSopenharmony_ci%union { 696cd6a6acSopenharmony_ci unsigned int val; 706cd6a6acSopenharmony_ci uint64_t val64; 716cd6a6acSopenharmony_ci uintptr_t valptr; 726cd6a6acSopenharmony_ci void *ptr; 736cd6a6acSopenharmony_ci require_func_t require_func; 746cd6a6acSopenharmony_ci} 756cd6a6acSopenharmony_ci 766cd6a6acSopenharmony_ci%type <ptr> cond_expr cond_expr_prim cond_pol_list cond_else 776cd6a6acSopenharmony_ci%type <ptr> cond_allow_def cond_auditallow_def cond_auditdeny_def cond_dontaudit_def 786cd6a6acSopenharmony_ci%type <ptr> cond_transition_def cond_te_avtab_def cond_rule_def 796cd6a6acSopenharmony_ci%type <ptr> role_def roles 806cd6a6acSopenharmony_ci%type <valptr> cexpr cexpr_prim op role_mls_op 816cd6a6acSopenharmony_ci%type <val> ipv4_addr_def number 826cd6a6acSopenharmony_ci%type <val64> number64 836cd6a6acSopenharmony_ci%type <require_func> require_decl_def 846cd6a6acSopenharmony_ci 856cd6a6acSopenharmony_ci%token PATH 866cd6a6acSopenharmony_ci%token QPATH 876cd6a6acSopenharmony_ci%token FILENAME 886cd6a6acSopenharmony_ci%token CLONE 896cd6a6acSopenharmony_ci%token COMMON 906cd6a6acSopenharmony_ci%token CLASS 916cd6a6acSopenharmony_ci%token CONSTRAIN 926cd6a6acSopenharmony_ci%token VALIDATETRANS 936cd6a6acSopenharmony_ci%token INHERITS 946cd6a6acSopenharmony_ci%token SID 956cd6a6acSopenharmony_ci%token ROLE 966cd6a6acSopenharmony_ci%token ROLEATTRIBUTE 976cd6a6acSopenharmony_ci%token ATTRIBUTE_ROLE 986cd6a6acSopenharmony_ci%token ROLES 996cd6a6acSopenharmony_ci%token TYPEALIAS 1006cd6a6acSopenharmony_ci%token TYPEATTRIBUTE 1016cd6a6acSopenharmony_ci%token TYPEBOUNDS 1026cd6a6acSopenharmony_ci%token TYPE 1036cd6a6acSopenharmony_ci%token TYPES 1046cd6a6acSopenharmony_ci%token ALIAS 1056cd6a6acSopenharmony_ci%token ATTRIBUTE 1066cd6a6acSopenharmony_ci%token EXPANDATTRIBUTE 1076cd6a6acSopenharmony_ci%token BOOL 1086cd6a6acSopenharmony_ci%token TUNABLE 1096cd6a6acSopenharmony_ci%token IF 1106cd6a6acSopenharmony_ci%token ELSE 1116cd6a6acSopenharmony_ci%token TYPE_TRANSITION 1126cd6a6acSopenharmony_ci%token TYPE_MEMBER 1136cd6a6acSopenharmony_ci%token TYPE_CHANGE 1146cd6a6acSopenharmony_ci%token ROLE_TRANSITION 1156cd6a6acSopenharmony_ci%token RANGE_TRANSITION 1166cd6a6acSopenharmony_ci%token SENSITIVITY 1176cd6a6acSopenharmony_ci%token DOMINANCE 1186cd6a6acSopenharmony_ci%token DOM DOMBY INCOMP 1196cd6a6acSopenharmony_ci%token CATEGORY 1206cd6a6acSopenharmony_ci%token LEVEL 1216cd6a6acSopenharmony_ci%token RANGE 1226cd6a6acSopenharmony_ci%token MLSCONSTRAIN 1236cd6a6acSopenharmony_ci%token MLSVALIDATETRANS 1246cd6a6acSopenharmony_ci%token USER 1256cd6a6acSopenharmony_ci%token NEVERALLOW 1266cd6a6acSopenharmony_ci%token ALLOW 1276cd6a6acSopenharmony_ci%token AUDITALLOW 1286cd6a6acSopenharmony_ci%token AUDITDENY 1296cd6a6acSopenharmony_ci%token DONTAUDIT 1306cd6a6acSopenharmony_ci%token ALLOWXPERM 1316cd6a6acSopenharmony_ci%token AUDITALLOWXPERM 1326cd6a6acSopenharmony_ci%token DONTAUDITXPERM 1336cd6a6acSopenharmony_ci%token NEVERALLOWXPERM 1346cd6a6acSopenharmony_ci%token SOURCE 1356cd6a6acSopenharmony_ci%token TARGET 1366cd6a6acSopenharmony_ci%token SAMEUSER 1376cd6a6acSopenharmony_ci%token FSCON PORTCON NETIFCON NODECON 1386cd6a6acSopenharmony_ci%token IBPKEYCON 1396cd6a6acSopenharmony_ci%token IBENDPORTCON 1406cd6a6acSopenharmony_ci%token PIRQCON IOMEMCON IOPORTCON PCIDEVICECON DEVICETREECON 1416cd6a6acSopenharmony_ci%token FSUSEXATTR FSUSETASK FSUSETRANS 1426cd6a6acSopenharmony_ci%token GENFSCON 1436cd6a6acSopenharmony_ci%token U1 U2 U3 R1 R2 R3 T1 T2 T3 L1 L2 H1 H2 1446cd6a6acSopenharmony_ci%token NOT AND OR XOR 1456cd6a6acSopenharmony_ci%token CTRUE CFALSE 1466cd6a6acSopenharmony_ci%token IDENTIFIER 1476cd6a6acSopenharmony_ci%token NUMBER 1486cd6a6acSopenharmony_ci%token EQUALS 1496cd6a6acSopenharmony_ci%token NOTEQUAL 1506cd6a6acSopenharmony_ci%token IPV4_ADDR 1516cd6a6acSopenharmony_ci%token IPV6_ADDR 1526cd6a6acSopenharmony_ci%token MODULE VERSION_IDENTIFIER REQUIRE OPTIONAL 1536cd6a6acSopenharmony_ci%token POLICYCAP 1546cd6a6acSopenharmony_ci%token PERMISSIVE 1556cd6a6acSopenharmony_ci%token FILESYSTEM 1566cd6a6acSopenharmony_ci%token DEFAULT_USER DEFAULT_ROLE DEFAULT_TYPE DEFAULT_RANGE 1576cd6a6acSopenharmony_ci%token LOW_HIGH LOW HIGH GLBLUB 1586cd6a6acSopenharmony_ci 1596cd6a6acSopenharmony_ci%left OR 1606cd6a6acSopenharmony_ci%left XOR 1616cd6a6acSopenharmony_ci%left AND 1626cd6a6acSopenharmony_ci%right NOT 1636cd6a6acSopenharmony_ci%left EQUALS NOTEQUAL 1646cd6a6acSopenharmony_ci%% 1656cd6a6acSopenharmony_cipolicy : base_policy 1666cd6a6acSopenharmony_ci | module_policy 1676cd6a6acSopenharmony_ci ; 1686cd6a6acSopenharmony_cibase_policy : { if (define_policy(pass, 0) == -1) return -1; } 1696cd6a6acSopenharmony_ci classes initial_sids access_vectors 1706cd6a6acSopenharmony_ci { if (pass == 1) { if (policydb_index_classes(policydbp)) return -1; } 1716cd6a6acSopenharmony_ci else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1; }} 1726cd6a6acSopenharmony_ci opt_default_rules opt_mls te_rbac users opt_constraints 1736cd6a6acSopenharmony_ci { if (pass == 1) { if (policydb_index_bools(policydbp)) return -1;} 1746cd6a6acSopenharmony_ci else if (pass == 2) { if (policydb_index_others(NULL, policydbp, 0)) return -1;}} 1756cd6a6acSopenharmony_ci initial_sid_contexts opt_fs_contexts opt_fs_uses opt_genfs_contexts net_contexts opt_dev_contexts opt_ibpkey_contexts opt_ibendport_contexts 1766cd6a6acSopenharmony_ci ; 1776cd6a6acSopenharmony_ciclasses : class_def 1786cd6a6acSopenharmony_ci | classes class_def 1796cd6a6acSopenharmony_ci ; 1806cd6a6acSopenharmony_ciclass_def : CLASS identifier 1816cd6a6acSopenharmony_ci {if (define_class()) return -1;} 1826cd6a6acSopenharmony_ci ; 1836cd6a6acSopenharmony_ciinitial_sids : initial_sid_def 1846cd6a6acSopenharmony_ci | initial_sids initial_sid_def 1856cd6a6acSopenharmony_ci ; 1866cd6a6acSopenharmony_ciinitial_sid_def : SID identifier 1876cd6a6acSopenharmony_ci {if (define_initial_sid()) return -1;} 1886cd6a6acSopenharmony_ci ; 1896cd6a6acSopenharmony_ciaccess_vectors : opt_common_perms av_perms 1906cd6a6acSopenharmony_ci ; 1916cd6a6acSopenharmony_ciopt_common_perms : common_perms 1926cd6a6acSopenharmony_ci | 1936cd6a6acSopenharmony_ci ; 1946cd6a6acSopenharmony_cicommon_perms : common_perms_def 1956cd6a6acSopenharmony_ci | common_perms common_perms_def 1966cd6a6acSopenharmony_ci ; 1976cd6a6acSopenharmony_cicommon_perms_def : COMMON identifier '{' identifier_list '}' 1986cd6a6acSopenharmony_ci {if (define_common_perms()) return -1;} 1996cd6a6acSopenharmony_ci ; 2006cd6a6acSopenharmony_ciav_perms : av_perms_def 2016cd6a6acSopenharmony_ci | av_perms av_perms_def 2026cd6a6acSopenharmony_ci ; 2036cd6a6acSopenharmony_ciav_perms_def : CLASS identifier '{' identifier_list '}' 2046cd6a6acSopenharmony_ci {if (define_av_perms(FALSE)) return -1;} 2056cd6a6acSopenharmony_ci | CLASS identifier INHERITS identifier 2066cd6a6acSopenharmony_ci {if (define_av_perms(TRUE)) return -1;} 2076cd6a6acSopenharmony_ci | CLASS identifier INHERITS identifier '{' identifier_list '}' 2086cd6a6acSopenharmony_ci {if (define_av_perms(TRUE)) return -1;} 2096cd6a6acSopenharmony_ci ; 2106cd6a6acSopenharmony_ciopt_default_rules : default_rules 2116cd6a6acSopenharmony_ci | 2126cd6a6acSopenharmony_ci ; 2136cd6a6acSopenharmony_cidefault_rules : default_user_def 2146cd6a6acSopenharmony_ci | default_role_def 2156cd6a6acSopenharmony_ci | default_type_def 2166cd6a6acSopenharmony_ci | default_range_def 2176cd6a6acSopenharmony_ci | default_rules default_user_def 2186cd6a6acSopenharmony_ci | default_rules default_role_def 2196cd6a6acSopenharmony_ci | default_rules default_type_def 2206cd6a6acSopenharmony_ci | default_rules default_range_def 2216cd6a6acSopenharmony_ci ; 2226cd6a6acSopenharmony_cidefault_user_def : DEFAULT_USER names SOURCE ';' 2236cd6a6acSopenharmony_ci {if (define_default_user(DEFAULT_SOURCE)) return -1; } 2246cd6a6acSopenharmony_ci | DEFAULT_USER names TARGET ';' 2256cd6a6acSopenharmony_ci {if (define_default_user(DEFAULT_TARGET)) return -1; } 2266cd6a6acSopenharmony_ci ; 2276cd6a6acSopenharmony_cidefault_role_def : DEFAULT_ROLE names SOURCE ';' 2286cd6a6acSopenharmony_ci {if (define_default_role(DEFAULT_SOURCE)) return -1; } 2296cd6a6acSopenharmony_ci | DEFAULT_ROLE names TARGET ';' 2306cd6a6acSopenharmony_ci {if (define_default_role(DEFAULT_TARGET)) return -1; } 2316cd6a6acSopenharmony_ci ; 2326cd6a6acSopenharmony_cidefault_type_def : DEFAULT_TYPE names SOURCE ';' 2336cd6a6acSopenharmony_ci {if (define_default_type(DEFAULT_SOURCE)) return -1; } 2346cd6a6acSopenharmony_ci | DEFAULT_TYPE names TARGET ';' 2356cd6a6acSopenharmony_ci {if (define_default_type(DEFAULT_TARGET)) return -1; } 2366cd6a6acSopenharmony_ci ; 2376cd6a6acSopenharmony_cidefault_range_def : DEFAULT_RANGE names SOURCE LOW ';' 2386cd6a6acSopenharmony_ci {if (define_default_range(DEFAULT_SOURCE_LOW)) return -1; } 2396cd6a6acSopenharmony_ci | DEFAULT_RANGE names SOURCE HIGH ';' 2406cd6a6acSopenharmony_ci {if (define_default_range(DEFAULT_SOURCE_HIGH)) return -1; } 2416cd6a6acSopenharmony_ci | DEFAULT_RANGE names SOURCE LOW_HIGH ';' 2426cd6a6acSopenharmony_ci {if (define_default_range(DEFAULT_SOURCE_LOW_HIGH)) return -1; } 2436cd6a6acSopenharmony_ci | DEFAULT_RANGE names TARGET LOW ';' 2446cd6a6acSopenharmony_ci {if (define_default_range(DEFAULT_TARGET_LOW)) return -1; } 2456cd6a6acSopenharmony_ci | DEFAULT_RANGE names TARGET HIGH ';' 2466cd6a6acSopenharmony_ci {if (define_default_range(DEFAULT_TARGET_HIGH)) return -1; } 2476cd6a6acSopenharmony_ci | DEFAULT_RANGE names TARGET LOW_HIGH ';' 2486cd6a6acSopenharmony_ci {if (define_default_range(DEFAULT_TARGET_LOW_HIGH)) return -1; } 2496cd6a6acSopenharmony_ci | DEFAULT_RANGE names GLBLUB';' 2506cd6a6acSopenharmony_ci {if (define_default_range(DEFAULT_GLBLUB)) return -1; } 2516cd6a6acSopenharmony_ci ; 2526cd6a6acSopenharmony_ciopt_mls : mls 2536cd6a6acSopenharmony_ci | 2546cd6a6acSopenharmony_ci ; 2556cd6a6acSopenharmony_cimls : sensitivities dominance opt_categories levels mlspolicy 2566cd6a6acSopenharmony_ci ; 2576cd6a6acSopenharmony_cisensitivities : sensitivity_def 2586cd6a6acSopenharmony_ci | sensitivities sensitivity_def 2596cd6a6acSopenharmony_ci ; 2606cd6a6acSopenharmony_cisensitivity_def : SENSITIVITY identifier alias_def ';' 2616cd6a6acSopenharmony_ci {if (define_sens()) return -1;} 2626cd6a6acSopenharmony_ci | SENSITIVITY identifier ';' 2636cd6a6acSopenharmony_ci {if (define_sens()) return -1;} 2646cd6a6acSopenharmony_ci ; 2656cd6a6acSopenharmony_cialias_def : ALIAS names 2666cd6a6acSopenharmony_ci ; 2676cd6a6acSopenharmony_cidominance : DOMINANCE identifier 2686cd6a6acSopenharmony_ci {if (define_dominance()) return -1;} 2696cd6a6acSopenharmony_ci | DOMINANCE '{' identifier_list '}' 2706cd6a6acSopenharmony_ci {if (define_dominance()) return -1;} 2716cd6a6acSopenharmony_ci ; 2726cd6a6acSopenharmony_ciopt_categories : categories 2736cd6a6acSopenharmony_ci | 2746cd6a6acSopenharmony_ci ; 2756cd6a6acSopenharmony_cicategories : category_def 2766cd6a6acSopenharmony_ci | categories category_def 2776cd6a6acSopenharmony_ci ; 2786cd6a6acSopenharmony_cicategory_def : CATEGORY identifier alias_def ';' 2796cd6a6acSopenharmony_ci {if (define_category()) return -1;} 2806cd6a6acSopenharmony_ci | CATEGORY identifier ';' 2816cd6a6acSopenharmony_ci {if (define_category()) return -1;} 2826cd6a6acSopenharmony_ci ; 2836cd6a6acSopenharmony_cilevels : level_def 2846cd6a6acSopenharmony_ci | levels level_def 2856cd6a6acSopenharmony_ci ; 2866cd6a6acSopenharmony_cilevel_def : LEVEL identifier ':' id_comma_list ';' 2876cd6a6acSopenharmony_ci {if (define_level()) return -1;} 2886cd6a6acSopenharmony_ci | LEVEL identifier ';' 2896cd6a6acSopenharmony_ci {if (define_level()) return -1;} 2906cd6a6acSopenharmony_ci ; 2916cd6a6acSopenharmony_cimlspolicy : mlspolicy_decl 2926cd6a6acSopenharmony_ci | mlspolicy mlspolicy_decl 2936cd6a6acSopenharmony_ci ; 2946cd6a6acSopenharmony_cimlspolicy_decl : mlsconstraint_def 2956cd6a6acSopenharmony_ci | mlsvalidatetrans_def 2966cd6a6acSopenharmony_ci ; 2976cd6a6acSopenharmony_cimlsconstraint_def : MLSCONSTRAIN names names cexpr ';' 2986cd6a6acSopenharmony_ci { if (define_constraint((constraint_expr_t*)$4)) return -1; } 2996cd6a6acSopenharmony_ci ; 3006cd6a6acSopenharmony_cimlsvalidatetrans_def : MLSVALIDATETRANS names cexpr ';' 3016cd6a6acSopenharmony_ci { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 3026cd6a6acSopenharmony_ci ; 3036cd6a6acSopenharmony_cite_rbac : te_rbac_decl 3046cd6a6acSopenharmony_ci | te_rbac te_rbac_decl 3056cd6a6acSopenharmony_ci ; 3066cd6a6acSopenharmony_cite_rbac_decl : te_decl 3076cd6a6acSopenharmony_ci | rbac_decl 3086cd6a6acSopenharmony_ci | cond_stmt_def 3096cd6a6acSopenharmony_ci | optional_block 3106cd6a6acSopenharmony_ci | policycap_def 3116cd6a6acSopenharmony_ci | ';' 3126cd6a6acSopenharmony_ci ; 3136cd6a6acSopenharmony_cirbac_decl : attribute_role_def 3146cd6a6acSopenharmony_ci | role_type_def 3156cd6a6acSopenharmony_ci | role_dominance 3166cd6a6acSopenharmony_ci | role_trans_def 3176cd6a6acSopenharmony_ci | role_allow_def 3186cd6a6acSopenharmony_ci | roleattribute_def 3196cd6a6acSopenharmony_ci | role_attr_def 3206cd6a6acSopenharmony_ci ; 3216cd6a6acSopenharmony_cite_decl : attribute_def 3226cd6a6acSopenharmony_ci | expandattribute_def 3236cd6a6acSopenharmony_ci | type_def 3246cd6a6acSopenharmony_ci | typealias_def 3256cd6a6acSopenharmony_ci | typeattribute_def 3266cd6a6acSopenharmony_ci | typebounds_def 3276cd6a6acSopenharmony_ci | bool_def 3286cd6a6acSopenharmony_ci | tunable_def 3296cd6a6acSopenharmony_ci | transition_def 3306cd6a6acSopenharmony_ci | range_trans_def 3316cd6a6acSopenharmony_ci | te_avtab_def 3326cd6a6acSopenharmony_ci | permissive_def 3336cd6a6acSopenharmony_ci ; 3346cd6a6acSopenharmony_ciattribute_def : ATTRIBUTE identifier ';' 3356cd6a6acSopenharmony_ci { if (define_attrib()) return -1;} 3366cd6a6acSopenharmony_ci ; 3376cd6a6acSopenharmony_ciexpandattribute_def : EXPANDATTRIBUTE names bool_val ';' 3386cd6a6acSopenharmony_ci { if (expand_attrib()) return -1;} 3396cd6a6acSopenharmony_ci ; 3406cd6a6acSopenharmony_citype_def : TYPE identifier alias_def opt_attr_list ';' 3416cd6a6acSopenharmony_ci {if (define_type(1)) return -1;} 3426cd6a6acSopenharmony_ci | TYPE identifier opt_attr_list ';' 3436cd6a6acSopenharmony_ci {if (define_type(0)) return -1;} 3446cd6a6acSopenharmony_ci ; 3456cd6a6acSopenharmony_citypealias_def : TYPEALIAS identifier alias_def ';' 3466cd6a6acSopenharmony_ci {if (define_typealias()) return -1;} 3476cd6a6acSopenharmony_ci ; 3486cd6a6acSopenharmony_citypeattribute_def : TYPEATTRIBUTE identifier id_comma_list ';' 3496cd6a6acSopenharmony_ci {if (define_typeattribute()) return -1;} 3506cd6a6acSopenharmony_ci ; 3516cd6a6acSopenharmony_citypebounds_def : TYPEBOUNDS identifier id_comma_list ';' 3526cd6a6acSopenharmony_ci {if (define_typebounds()) return -1;} 3536cd6a6acSopenharmony_ci ; 3546cd6a6acSopenharmony_ciopt_attr_list : ',' id_comma_list 3556cd6a6acSopenharmony_ci | 3566cd6a6acSopenharmony_ci ; 3576cd6a6acSopenharmony_cibool_def : BOOL identifier bool_val ';' 3586cd6a6acSopenharmony_ci { if (define_bool_tunable(0)) return -1; } 3596cd6a6acSopenharmony_ci ; 3606cd6a6acSopenharmony_citunable_def : TUNABLE identifier bool_val ';' 3616cd6a6acSopenharmony_ci { if (define_bool_tunable(1)) return -1; } 3626cd6a6acSopenharmony_ci ; 3636cd6a6acSopenharmony_cibool_val : CTRUE 3646cd6a6acSopenharmony_ci { if (insert_id("T",0)) return -1; } 3656cd6a6acSopenharmony_ci | CFALSE 3666cd6a6acSopenharmony_ci { if (insert_id("F",0)) return -1; } 3676cd6a6acSopenharmony_ci ; 3686cd6a6acSopenharmony_cicond_stmt_def : IF cond_expr '{' cond_pol_list '}' cond_else 3696cd6a6acSopenharmony_ci { if (pass == 2) { if (define_conditional((cond_expr_t*)$2, (avrule_t*)$4, (avrule_t*)$6) < 0) return -1; }} 3706cd6a6acSopenharmony_ci ; 3716cd6a6acSopenharmony_cicond_else : ELSE '{' cond_pol_list '}' 3726cd6a6acSopenharmony_ci { $$ = $3; } 3736cd6a6acSopenharmony_ci | /* empty */ 3746cd6a6acSopenharmony_ci { $$ = NULL; } 3756cd6a6acSopenharmony_ci ; 3766cd6a6acSopenharmony_cicond_expr : '(' cond_expr ')' 3776cd6a6acSopenharmony_ci { $$ = $2;} 3786cd6a6acSopenharmony_ci | NOT cond_expr 3796cd6a6acSopenharmony_ci { $$ = define_cond_expr(COND_NOT, $2, 0); 3806cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 3816cd6a6acSopenharmony_ci | cond_expr AND cond_expr 3826cd6a6acSopenharmony_ci { $$ = define_cond_expr(COND_AND, $1, $3); 3836cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 3846cd6a6acSopenharmony_ci | cond_expr OR cond_expr 3856cd6a6acSopenharmony_ci { $$ = define_cond_expr(COND_OR, $1, $3); 3866cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 3876cd6a6acSopenharmony_ci | cond_expr XOR cond_expr 3886cd6a6acSopenharmony_ci { $$ = define_cond_expr(COND_XOR, $1, $3); 3896cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 3906cd6a6acSopenharmony_ci | cond_expr EQUALS cond_expr 3916cd6a6acSopenharmony_ci { $$ = define_cond_expr(COND_EQ, $1, $3); 3926cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 3936cd6a6acSopenharmony_ci | cond_expr NOTEQUAL cond_expr 3946cd6a6acSopenharmony_ci { $$ = define_cond_expr(COND_NEQ, $1, $3); 3956cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 3966cd6a6acSopenharmony_ci | cond_expr_prim 3976cd6a6acSopenharmony_ci { $$ = $1; } 3986cd6a6acSopenharmony_ci ; 3996cd6a6acSopenharmony_cicond_expr_prim : identifier 4006cd6a6acSopenharmony_ci { $$ = define_cond_expr(COND_BOOL,0, 0); 4016cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1; } 4026cd6a6acSopenharmony_ci ; 4036cd6a6acSopenharmony_cicond_pol_list : cond_pol_list cond_rule_def 4046cd6a6acSopenharmony_ci { $$ = define_cond_pol_list((avrule_t *)$1, (avrule_t *)$2); } 4056cd6a6acSopenharmony_ci | /* empty */ 4066cd6a6acSopenharmony_ci { $$ = NULL; } 4076cd6a6acSopenharmony_ci ; 4086cd6a6acSopenharmony_cicond_rule_def : cond_transition_def 4096cd6a6acSopenharmony_ci { $$ = $1; } 4106cd6a6acSopenharmony_ci | cond_te_avtab_def 4116cd6a6acSopenharmony_ci { $$ = $1; } 4126cd6a6acSopenharmony_ci | require_block 4136cd6a6acSopenharmony_ci { $$ = NULL; } 4146cd6a6acSopenharmony_ci ; 4156cd6a6acSopenharmony_cicond_transition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 4166cd6a6acSopenharmony_ci { $$ = define_cond_filename_trans() ; 4176cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1;} 4186cd6a6acSopenharmony_ci | TYPE_TRANSITION names names ':' names identifier ';' 4196cd6a6acSopenharmony_ci { $$ = define_cond_compute_type(AVRULE_TRANSITION) ; 4206cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1;} 4216cd6a6acSopenharmony_ci | TYPE_MEMBER names names ':' names identifier ';' 4226cd6a6acSopenharmony_ci { $$ = define_cond_compute_type(AVRULE_MEMBER) ; 4236cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1;} 4246cd6a6acSopenharmony_ci | TYPE_CHANGE names names ':' names identifier ';' 4256cd6a6acSopenharmony_ci { $$ = define_cond_compute_type(AVRULE_CHANGE) ; 4266cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1;} 4276cd6a6acSopenharmony_ci ; 4286cd6a6acSopenharmony_cicond_te_avtab_def : cond_allow_def 4296cd6a6acSopenharmony_ci { $$ = $1; } 4306cd6a6acSopenharmony_ci | cond_auditallow_def 4316cd6a6acSopenharmony_ci { $$ = $1; } 4326cd6a6acSopenharmony_ci | cond_auditdeny_def 4336cd6a6acSopenharmony_ci { $$ = $1; } 4346cd6a6acSopenharmony_ci | cond_dontaudit_def 4356cd6a6acSopenharmony_ci { $$ = $1; } 4366cd6a6acSopenharmony_ci ; 4376cd6a6acSopenharmony_cicond_allow_def : ALLOW names names ':' names names ';' 4386cd6a6acSopenharmony_ci { $$ = define_cond_te_avtab(AVRULE_ALLOWED) ; 4396cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1; } 4406cd6a6acSopenharmony_ci ; 4416cd6a6acSopenharmony_cicond_auditallow_def : AUDITALLOW names names ':' names names ';' 4426cd6a6acSopenharmony_ci { $$ = define_cond_te_avtab(AVRULE_AUDITALLOW) ; 4436cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1; } 4446cd6a6acSopenharmony_ci ; 4456cd6a6acSopenharmony_cicond_auditdeny_def : AUDITDENY names names ':' names names ';' 4466cd6a6acSopenharmony_ci { $$ = define_cond_te_avtab(AVRULE_AUDITDENY) ; 4476cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1; } 4486cd6a6acSopenharmony_ci ; 4496cd6a6acSopenharmony_cicond_dontaudit_def : DONTAUDIT names names ':' names names ';' 4506cd6a6acSopenharmony_ci { $$ = define_cond_te_avtab(AVRULE_DONTAUDIT); 4516cd6a6acSopenharmony_ci if ($$ == COND_ERR) return -1; } 4526cd6a6acSopenharmony_ci ; 4536cd6a6acSopenharmony_ci ; 4546cd6a6acSopenharmony_citransition_def : TYPE_TRANSITION names names ':' names identifier filename ';' 4556cd6a6acSopenharmony_ci {if (define_filename_trans()) return -1; } 4566cd6a6acSopenharmony_ci | TYPE_TRANSITION names names ':' names identifier ';' 4576cd6a6acSopenharmony_ci {if (define_compute_type(AVRULE_TRANSITION)) return -1;} 4586cd6a6acSopenharmony_ci | TYPE_MEMBER names names ':' names identifier ';' 4596cd6a6acSopenharmony_ci {if (define_compute_type(AVRULE_MEMBER)) return -1;} 4606cd6a6acSopenharmony_ci | TYPE_CHANGE names names ':' names identifier ';' 4616cd6a6acSopenharmony_ci {if (define_compute_type(AVRULE_CHANGE)) return -1;} 4626cd6a6acSopenharmony_ci ; 4636cd6a6acSopenharmony_cirange_trans_def : RANGE_TRANSITION names names mls_range_def ';' 4646cd6a6acSopenharmony_ci { if (define_range_trans(0)) return -1; } 4656cd6a6acSopenharmony_ci | RANGE_TRANSITION names names ':' names mls_range_def ';' 4666cd6a6acSopenharmony_ci { if (define_range_trans(1)) return -1; } 4676cd6a6acSopenharmony_ci ; 4686cd6a6acSopenharmony_cite_avtab_def : allow_def 4696cd6a6acSopenharmony_ci | auditallow_def 4706cd6a6acSopenharmony_ci | auditdeny_def 4716cd6a6acSopenharmony_ci | dontaudit_def 4726cd6a6acSopenharmony_ci | neverallow_def 4736cd6a6acSopenharmony_ci | xperm_allow_def 4746cd6a6acSopenharmony_ci | xperm_auditallow_def 4756cd6a6acSopenharmony_ci | xperm_dontaudit_def 4766cd6a6acSopenharmony_ci | xperm_neverallow_def 4776cd6a6acSopenharmony_ci ; 4786cd6a6acSopenharmony_ciallow_def : ALLOW names names ':' names names ';' 4796cd6a6acSopenharmony_ci {if (define_te_avtab(AVRULE_ALLOWED)) return -1; } 4806cd6a6acSopenharmony_ci ; 4816cd6a6acSopenharmony_ciauditallow_def : AUDITALLOW names names ':' names names ';' 4826cd6a6acSopenharmony_ci {if (define_te_avtab(AVRULE_AUDITALLOW)) return -1; } 4836cd6a6acSopenharmony_ci ; 4846cd6a6acSopenharmony_ciauditdeny_def : AUDITDENY names names ':' names names ';' 4856cd6a6acSopenharmony_ci {if (define_te_avtab(AVRULE_AUDITDENY)) return -1; } 4866cd6a6acSopenharmony_ci ; 4876cd6a6acSopenharmony_cidontaudit_def : DONTAUDIT names names ':' names names ';' 4886cd6a6acSopenharmony_ci {if (define_te_avtab(AVRULE_DONTAUDIT)) return -1; } 4896cd6a6acSopenharmony_ci ; 4906cd6a6acSopenharmony_cineverallow_def : NEVERALLOW names names ':' names names ';' 4916cd6a6acSopenharmony_ci {if (define_te_avtab(AVRULE_NEVERALLOW)) return -1; } 4926cd6a6acSopenharmony_ci ; 4936cd6a6acSopenharmony_cixperm_allow_def : ALLOWXPERM names names ':' names identifier xperms ';' 4946cd6a6acSopenharmony_ci {if (define_te_avtab_extended_perms(AVRULE_XPERMS_ALLOWED)) return -1; } 4956cd6a6acSopenharmony_ci ; 4966cd6a6acSopenharmony_cixperm_auditallow_def : AUDITALLOWXPERM names names ':' names identifier xperms ';' 4976cd6a6acSopenharmony_ci {if (define_te_avtab_extended_perms(AVRULE_XPERMS_AUDITALLOW)) return -1; } 4986cd6a6acSopenharmony_ci ; 4996cd6a6acSopenharmony_cixperm_dontaudit_def : DONTAUDITXPERM names names ':' names identifier xperms ';' 5006cd6a6acSopenharmony_ci {if (define_te_avtab_extended_perms(AVRULE_XPERMS_DONTAUDIT)) return -1; } 5016cd6a6acSopenharmony_ci ; 5026cd6a6acSopenharmony_cixperm_neverallow_def : NEVERALLOWXPERM names names ':' names identifier xperms ';' 5036cd6a6acSopenharmony_ci {if (define_te_avtab_extended_perms(AVRULE_XPERMS_NEVERALLOW)) return -1; } 5046cd6a6acSopenharmony_ci ; 5056cd6a6acSopenharmony_ciattribute_role_def : ATTRIBUTE_ROLE identifier ';' 5066cd6a6acSopenharmony_ci {if (define_attrib_role()) return -1; } 5076cd6a6acSopenharmony_ci ; 5086cd6a6acSopenharmony_cirole_type_def : ROLE identifier TYPES names ';' 5096cd6a6acSopenharmony_ci {if (define_role_types()) return -1;} 5106cd6a6acSopenharmony_ci ; 5116cd6a6acSopenharmony_cirole_attr_def : ROLE identifier opt_attr_list ';' 5126cd6a6acSopenharmony_ci {if (define_role_attr()) return -1;} 5136cd6a6acSopenharmony_ci ; 5146cd6a6acSopenharmony_cirole_dominance : DOMINANCE '{' roles '}' 5156cd6a6acSopenharmony_ci ; 5166cd6a6acSopenharmony_cirole_trans_def : ROLE_TRANSITION names names identifier ';' 5176cd6a6acSopenharmony_ci {if (define_role_trans(0)) return -1; } 5186cd6a6acSopenharmony_ci | ROLE_TRANSITION names names ':' names identifier ';' 5196cd6a6acSopenharmony_ci {if (define_role_trans(1)) return -1;} 5206cd6a6acSopenharmony_ci ; 5216cd6a6acSopenharmony_cirole_allow_def : ALLOW names names ';' 5226cd6a6acSopenharmony_ci {if (define_role_allow()) return -1; } 5236cd6a6acSopenharmony_ci ; 5246cd6a6acSopenharmony_ciroles : role_def 5256cd6a6acSopenharmony_ci { $$ = $1; } 5266cd6a6acSopenharmony_ci | roles role_def 5276cd6a6acSopenharmony_ci { $$ = merge_roles_dom((role_datum_t*)$1, (role_datum_t*)$2); if ($$ == 0) return -1;} 5286cd6a6acSopenharmony_ci ; 5296cd6a6acSopenharmony_cirole_def : ROLE identifier_push ';' 5306cd6a6acSopenharmony_ci {$$ = define_role_dom(NULL); if ($$ == 0) return -1;} 5316cd6a6acSopenharmony_ci | ROLE identifier_push '{' roles '}' 5326cd6a6acSopenharmony_ci {$$ = define_role_dom((role_datum_t*)$4); if ($$ == 0) return -1;} 5336cd6a6acSopenharmony_ci ; 5346cd6a6acSopenharmony_ciroleattribute_def : ROLEATTRIBUTE identifier id_comma_list ';' 5356cd6a6acSopenharmony_ci {if (define_roleattribute()) return -1;} 5366cd6a6acSopenharmony_ci ; 5376cd6a6acSopenharmony_ciopt_constraints : constraints 5386cd6a6acSopenharmony_ci | 5396cd6a6acSopenharmony_ci ; 5406cd6a6acSopenharmony_ciconstraints : constraint_decl 5416cd6a6acSopenharmony_ci | constraints constraint_decl 5426cd6a6acSopenharmony_ci ; 5436cd6a6acSopenharmony_ciconstraint_decl : constraint_def 5446cd6a6acSopenharmony_ci | validatetrans_def 5456cd6a6acSopenharmony_ci ; 5466cd6a6acSopenharmony_ciconstraint_def : CONSTRAIN names names cexpr ';' 5476cd6a6acSopenharmony_ci { if (define_constraint((constraint_expr_t*)$4)) return -1; } 5486cd6a6acSopenharmony_ci ; 5496cd6a6acSopenharmony_civalidatetrans_def : VALIDATETRANS names cexpr ';' 5506cd6a6acSopenharmony_ci { if (define_validatetrans((constraint_expr_t*)$3)) return -1; } 5516cd6a6acSopenharmony_ci ; 5526cd6a6acSopenharmony_cicexpr : '(' cexpr ')' 5536cd6a6acSopenharmony_ci { $$ = $2; } 5546cd6a6acSopenharmony_ci | NOT cexpr 5556cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NOT, $2, 0); 5566cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5576cd6a6acSopenharmony_ci | cexpr AND cexpr 5586cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_AND, $1, $3); 5596cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5606cd6a6acSopenharmony_ci | cexpr OR cexpr 5616cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_OR, $1, $3); 5626cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5636cd6a6acSopenharmony_ci | cexpr_prim 5646cd6a6acSopenharmony_ci { $$ = $1; } 5656cd6a6acSopenharmony_ci ; 5666cd6a6acSopenharmony_cicexpr_prim : U1 op U2 5676cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, $2); 5686cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5696cd6a6acSopenharmony_ci | R1 role_mls_op R2 5706cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 5716cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5726cd6a6acSopenharmony_ci | T1 op T2 5736cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_TYPE, $2); 5746cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5756cd6a6acSopenharmony_ci | U1 op { if (insert_separator(1)) return -1; } names_push 5766cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, CEXPR_USER, $2); 5776cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5786cd6a6acSopenharmony_ci | U2 op { if (insert_separator(1)) return -1; } names_push 5796cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_TARGET), $2); 5806cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5816cd6a6acSopenharmony_ci | U3 op { if (insert_separator(1)) return -1; } names_push 5826cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_USER | CEXPR_XTARGET), $2); 5836cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5846cd6a6acSopenharmony_ci | R1 op { if (insert_separator(1)) return -1; } names_push 5856cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, $2); 5866cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5876cd6a6acSopenharmony_ci | R2 op { if (insert_separator(1)) return -1; } names_push 5886cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), $2); 5896cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5906cd6a6acSopenharmony_ci | R3 op { if (insert_separator(1)) return -1; } names_push 5916cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_XTARGET), $2); 5926cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5936cd6a6acSopenharmony_ci | T1 op { if (insert_separator(1)) return -1; } names_push 5946cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, $2); 5956cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5966cd6a6acSopenharmony_ci | T2 op { if (insert_separator(1)) return -1; } names_push 5976cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), $2); 5986cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 5996cd6a6acSopenharmony_ci | T3 op { if (insert_separator(1)) return -1; } names_push 6006cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_XTARGET), $2); 6016cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6026cd6a6acSopenharmony_ci | SAMEUSER 6036cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_USER, CEXPR_EQ); 6046cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6056cd6a6acSopenharmony_ci | SOURCE ROLE { if (insert_separator(1)) return -1; } names_push 6066cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, CEXPR_ROLE, CEXPR_EQ); 6076cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6086cd6a6acSopenharmony_ci | TARGET ROLE { if (insert_separator(1)) return -1; } names_push 6096cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_ROLE | CEXPR_TARGET), CEXPR_EQ); 6106cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6116cd6a6acSopenharmony_ci | ROLE role_mls_op 6126cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_ROLE, $2); 6136cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6146cd6a6acSopenharmony_ci | SOURCE TYPE { if (insert_separator(1)) return -1; } names_push 6156cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, CEXPR_TYPE, CEXPR_EQ); 6166cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6176cd6a6acSopenharmony_ci | TARGET TYPE { if (insert_separator(1)) return -1; } names_push 6186cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_NAMES, (CEXPR_TYPE | CEXPR_TARGET), CEXPR_EQ); 6196cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6206cd6a6acSopenharmony_ci | L1 role_mls_op L2 6216cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1L2, $2); 6226cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6236cd6a6acSopenharmony_ci | L1 role_mls_op H2 6246cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H2, $2); 6256cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6266cd6a6acSopenharmony_ci | H1 role_mls_op L2 6276cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1L2, $2); 6286cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6296cd6a6acSopenharmony_ci | H1 role_mls_op H2 6306cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_H1H2, $2); 6316cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6326cd6a6acSopenharmony_ci | L1 role_mls_op H1 6336cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L1H1, $2); 6346cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6356cd6a6acSopenharmony_ci | L2 role_mls_op H2 6366cd6a6acSopenharmony_ci { $$ = define_cexpr(CEXPR_ATTR, CEXPR_L2H2, $2); 6376cd6a6acSopenharmony_ci if ($$ == 0) return -1; } 6386cd6a6acSopenharmony_ci ; 6396cd6a6acSopenharmony_ciop : EQUALS 6406cd6a6acSopenharmony_ci { $$ = CEXPR_EQ; } 6416cd6a6acSopenharmony_ci | NOTEQUAL 6426cd6a6acSopenharmony_ci { $$ = CEXPR_NEQ; } 6436cd6a6acSopenharmony_ci ; 6446cd6a6acSopenharmony_cirole_mls_op : op 6456cd6a6acSopenharmony_ci { $$ = $1; } 6466cd6a6acSopenharmony_ci | DOM 6476cd6a6acSopenharmony_ci { $$ = CEXPR_DOM; } 6486cd6a6acSopenharmony_ci | DOMBY 6496cd6a6acSopenharmony_ci { $$ = CEXPR_DOMBY; } 6506cd6a6acSopenharmony_ci | INCOMP 6516cd6a6acSopenharmony_ci { $$ = CEXPR_INCOMP; } 6526cd6a6acSopenharmony_ci ; 6536cd6a6acSopenharmony_ciusers : user_def 6546cd6a6acSopenharmony_ci | users user_def 6556cd6a6acSopenharmony_ci ; 6566cd6a6acSopenharmony_ciuser_def : USER identifier ROLES names opt_mls_user ';' 6576cd6a6acSopenharmony_ci {if (define_user()) return -1;} 6586cd6a6acSopenharmony_ci ; 6596cd6a6acSopenharmony_ciopt_mls_user : LEVEL mls_level_def RANGE mls_range_def 6606cd6a6acSopenharmony_ci | 6616cd6a6acSopenharmony_ci ; 6626cd6a6acSopenharmony_ciinitial_sid_contexts : initial_sid_context_def 6636cd6a6acSopenharmony_ci | initial_sid_contexts initial_sid_context_def 6646cd6a6acSopenharmony_ci ; 6656cd6a6acSopenharmony_ciinitial_sid_context_def : SID identifier security_context_def 6666cd6a6acSopenharmony_ci {if (define_initial_sid_context()) return -1;} 6676cd6a6acSopenharmony_ci ; 6686cd6a6acSopenharmony_ciopt_dev_contexts : dev_contexts | 6696cd6a6acSopenharmony_ci ; 6706cd6a6acSopenharmony_cidev_contexts : dev_context_def 6716cd6a6acSopenharmony_ci | dev_contexts dev_context_def 6726cd6a6acSopenharmony_ci ; 6736cd6a6acSopenharmony_cidev_context_def : pirq_context_def | 6746cd6a6acSopenharmony_ci iomem_context_def | 6756cd6a6acSopenharmony_ci ioport_context_def | 6766cd6a6acSopenharmony_ci pci_context_def | 6776cd6a6acSopenharmony_ci dtree_context_def 6786cd6a6acSopenharmony_ci ; 6796cd6a6acSopenharmony_cipirq_context_def : PIRQCON number security_context_def 6806cd6a6acSopenharmony_ci {if (define_pirq_context($2)) return -1;} 6816cd6a6acSopenharmony_ci ; 6826cd6a6acSopenharmony_ciiomem_context_def : IOMEMCON number64 security_context_def 6836cd6a6acSopenharmony_ci {if (define_iomem_context($2,$2)) return -1;} 6846cd6a6acSopenharmony_ci | IOMEMCON number64 '-' number64 security_context_def 6856cd6a6acSopenharmony_ci {if (define_iomem_context($2,$4)) return -1;} 6866cd6a6acSopenharmony_ci ; 6876cd6a6acSopenharmony_ciioport_context_def : IOPORTCON number security_context_def 6886cd6a6acSopenharmony_ci {if (define_ioport_context($2,$2)) return -1;} 6896cd6a6acSopenharmony_ci | IOPORTCON number '-' number security_context_def 6906cd6a6acSopenharmony_ci {if (define_ioport_context($2,$4)) return -1;} 6916cd6a6acSopenharmony_ci ; 6926cd6a6acSopenharmony_cipci_context_def : PCIDEVICECON number security_context_def 6936cd6a6acSopenharmony_ci {if (define_pcidevice_context($2)) return -1;} 6946cd6a6acSopenharmony_ci ; 6956cd6a6acSopenharmony_cidtree_context_def : DEVICETREECON path security_context_def 6966cd6a6acSopenharmony_ci {if (define_devicetree_context()) return -1;} 6976cd6a6acSopenharmony_ci ; 6986cd6a6acSopenharmony_ciopt_fs_contexts : fs_contexts 6996cd6a6acSopenharmony_ci | 7006cd6a6acSopenharmony_ci ; 7016cd6a6acSopenharmony_cifs_contexts : fs_context_def 7026cd6a6acSopenharmony_ci | fs_contexts fs_context_def 7036cd6a6acSopenharmony_ci ; 7046cd6a6acSopenharmony_cifs_context_def : FSCON number number security_context_def security_context_def 7056cd6a6acSopenharmony_ci {if (define_fs_context($2,$3)) return -1;} 7066cd6a6acSopenharmony_ci ; 7076cd6a6acSopenharmony_cinet_contexts : opt_port_contexts opt_netif_contexts opt_node_contexts 7086cd6a6acSopenharmony_ci ; 7096cd6a6acSopenharmony_ciopt_port_contexts : port_contexts 7106cd6a6acSopenharmony_ci | 7116cd6a6acSopenharmony_ci ; 7126cd6a6acSopenharmony_ciport_contexts : port_context_def 7136cd6a6acSopenharmony_ci | port_contexts port_context_def 7146cd6a6acSopenharmony_ci ; 7156cd6a6acSopenharmony_ciport_context_def : PORTCON identifier number security_context_def 7166cd6a6acSopenharmony_ci {if (define_port_context($3,$3)) return -1;} 7176cd6a6acSopenharmony_ci | PORTCON identifier number '-' number security_context_def 7186cd6a6acSopenharmony_ci {if (define_port_context($3,$5)) return -1;} 7196cd6a6acSopenharmony_ci ; 7206cd6a6acSopenharmony_ciopt_ibpkey_contexts : ibpkey_contexts 7216cd6a6acSopenharmony_ci | 7226cd6a6acSopenharmony_ci ; 7236cd6a6acSopenharmony_ciibpkey_contexts : ibpkey_context_def 7246cd6a6acSopenharmony_ci | ibpkey_contexts ibpkey_context_def 7256cd6a6acSopenharmony_ci ; 7266cd6a6acSopenharmony_ciibpkey_context_def : IBPKEYCON ipv6_addr number security_context_def 7276cd6a6acSopenharmony_ci {if (define_ibpkey_context($3,$3)) return -1;} 7286cd6a6acSopenharmony_ci | IBPKEYCON ipv6_addr number '-' number security_context_def 7296cd6a6acSopenharmony_ci {if (define_ibpkey_context($3,$5)) return -1;} 7306cd6a6acSopenharmony_ci ; 7316cd6a6acSopenharmony_ciopt_ibendport_contexts : ibendport_contexts 7326cd6a6acSopenharmony_ci | 7336cd6a6acSopenharmony_ci ; 7346cd6a6acSopenharmony_ciibendport_contexts : ibendport_context_def 7356cd6a6acSopenharmony_ci | ibendport_contexts ibendport_context_def 7366cd6a6acSopenharmony_ci ; 7376cd6a6acSopenharmony_ciibendport_context_def : IBENDPORTCON identifier number security_context_def 7386cd6a6acSopenharmony_ci {if (define_ibendport_context($3)) return -1;} 7396cd6a6acSopenharmony_ci ; 7406cd6a6acSopenharmony_ciopt_netif_contexts : netif_contexts 7416cd6a6acSopenharmony_ci | 7426cd6a6acSopenharmony_ci ; 7436cd6a6acSopenharmony_cinetif_contexts : netif_context_def 7446cd6a6acSopenharmony_ci | netif_contexts netif_context_def 7456cd6a6acSopenharmony_ci ; 7466cd6a6acSopenharmony_cinetif_context_def : NETIFCON identifier security_context_def security_context_def 7476cd6a6acSopenharmony_ci {if (define_netif_context()) return -1;} 7486cd6a6acSopenharmony_ci ; 7496cd6a6acSopenharmony_ciopt_node_contexts : node_contexts 7506cd6a6acSopenharmony_ci | 7516cd6a6acSopenharmony_ci ; 7526cd6a6acSopenharmony_cinode_contexts : node_context_def 7536cd6a6acSopenharmony_ci | node_contexts node_context_def 7546cd6a6acSopenharmony_ci ; 7556cd6a6acSopenharmony_cinode_context_def : NODECON ipv4_addr_def ipv4_addr_def security_context_def 7566cd6a6acSopenharmony_ci {if (define_ipv4_node_context()) return -1;} 7576cd6a6acSopenharmony_ci | NODECON ipv6_addr ipv6_addr security_context_def 7586cd6a6acSopenharmony_ci {if (define_ipv6_node_context()) return -1;} 7596cd6a6acSopenharmony_ci ; 7606cd6a6acSopenharmony_ciopt_fs_uses : fs_uses 7616cd6a6acSopenharmony_ci | 7626cd6a6acSopenharmony_ci ; 7636cd6a6acSopenharmony_cifs_uses : fs_use_def 7646cd6a6acSopenharmony_ci | fs_uses fs_use_def 7656cd6a6acSopenharmony_ci ; 7666cd6a6acSopenharmony_cifs_use_def : FSUSEXATTR filesystem security_context_def ';' 7676cd6a6acSopenharmony_ci {if (define_fs_use(SECURITY_FS_USE_XATTR)) return -1;} 7686cd6a6acSopenharmony_ci | FSUSETASK identifier security_context_def ';' 7696cd6a6acSopenharmony_ci {if (define_fs_use(SECURITY_FS_USE_TASK)) return -1;} 7706cd6a6acSopenharmony_ci | FSUSETRANS identifier security_context_def ';' 7716cd6a6acSopenharmony_ci {if (define_fs_use(SECURITY_FS_USE_TRANS)) return -1;} 7726cd6a6acSopenharmony_ci ; 7736cd6a6acSopenharmony_ciopt_genfs_contexts : genfs_contexts 7746cd6a6acSopenharmony_ci | 7756cd6a6acSopenharmony_ci ; 7766cd6a6acSopenharmony_cigenfs_contexts : genfs_context_def 7776cd6a6acSopenharmony_ci | genfs_contexts genfs_context_def 7786cd6a6acSopenharmony_ci ; 7796cd6a6acSopenharmony_cigenfs_context_def : GENFSCON filesystem path '-' identifier security_context_def 7806cd6a6acSopenharmony_ci {if (define_genfs_context(1)) return -1;} 7816cd6a6acSopenharmony_ci | GENFSCON filesystem path '-' '-' {insert_id("-", 0);} security_context_def 7826cd6a6acSopenharmony_ci {if (define_genfs_context(1)) return -1;} 7836cd6a6acSopenharmony_ci | GENFSCON filesystem path security_context_def 7846cd6a6acSopenharmony_ci {if (define_genfs_context(0)) return -1;} 7856cd6a6acSopenharmony_ci ; 7866cd6a6acSopenharmony_ciipv4_addr_def : IPV4_ADDR 7876cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 7886cd6a6acSopenharmony_ci ; 7896cd6a6acSopenharmony_cixperms : xperm 7906cd6a6acSopenharmony_ci { if (insert_separator(0)) return -1; } 7916cd6a6acSopenharmony_ci | nested_xperm_set 7926cd6a6acSopenharmony_ci { if (insert_separator(0)) return -1; } 7936cd6a6acSopenharmony_ci | tilde xperm 7946cd6a6acSopenharmony_ci { if (insert_id("~", 0)) return -1; } 7956cd6a6acSopenharmony_ci | tilde nested_xperm_set 7966cd6a6acSopenharmony_ci { if (insert_id("~", 0)) return -1; 7976cd6a6acSopenharmony_ci if (insert_separator(0)) return -1; } 7986cd6a6acSopenharmony_ci ; 7996cd6a6acSopenharmony_cinested_xperm_set : '{' nested_xperm_list '}' 8006cd6a6acSopenharmony_ci ; 8016cd6a6acSopenharmony_cinested_xperm_list : nested_xperm_element 8026cd6a6acSopenharmony_ci | nested_xperm_list nested_xperm_element 8036cd6a6acSopenharmony_ci ; 8046cd6a6acSopenharmony_cinested_xperm_element: xperm '-' { if (insert_id("-", 0)) return -1; } xperm 8056cd6a6acSopenharmony_ci | xperm 8066cd6a6acSopenharmony_ci | nested_xperm_set 8076cd6a6acSopenharmony_ci ; 8086cd6a6acSopenharmony_cixperm : number 8096cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 8106cd6a6acSopenharmony_ci ; 8116cd6a6acSopenharmony_cisecurity_context_def : identifier ':' identifier ':' identifier opt_mls_range_def 8126cd6a6acSopenharmony_ci ; 8136cd6a6acSopenharmony_ciopt_mls_range_def : ':' mls_range_def 8146cd6a6acSopenharmony_ci | 8156cd6a6acSopenharmony_ci ; 8166cd6a6acSopenharmony_cimls_range_def : mls_level_def '-' mls_level_def 8176cd6a6acSopenharmony_ci {if (insert_separator(0)) return -1;} 8186cd6a6acSopenharmony_ci | mls_level_def 8196cd6a6acSopenharmony_ci {if (insert_separator(0)) return -1;} 8206cd6a6acSopenharmony_ci ; 8216cd6a6acSopenharmony_cimls_level_def : identifier ':' id_comma_list 8226cd6a6acSopenharmony_ci {if (insert_separator(0)) return -1;} 8236cd6a6acSopenharmony_ci | identifier 8246cd6a6acSopenharmony_ci {if (insert_separator(0)) return -1;} 8256cd6a6acSopenharmony_ci ; 8266cd6a6acSopenharmony_ciid_comma_list : identifier 8276cd6a6acSopenharmony_ci | id_comma_list ',' identifier 8286cd6a6acSopenharmony_ci ; 8296cd6a6acSopenharmony_citilde : '~' 8306cd6a6acSopenharmony_ci ; 8316cd6a6acSopenharmony_ciasterisk : '*' 8326cd6a6acSopenharmony_ci ; 8336cd6a6acSopenharmony_cinames : identifier 8346cd6a6acSopenharmony_ci { if (insert_separator(0)) return -1; } 8356cd6a6acSopenharmony_ci | nested_id_set 8366cd6a6acSopenharmony_ci { if (insert_separator(0)) return -1; } 8376cd6a6acSopenharmony_ci | asterisk 8386cd6a6acSopenharmony_ci { if (insert_id("*", 0)) return -1; 8396cd6a6acSopenharmony_ci if (insert_separator(0)) return -1; } 8406cd6a6acSopenharmony_ci | tilde identifier 8416cd6a6acSopenharmony_ci { if (insert_id("~", 0)) return -1; 8426cd6a6acSopenharmony_ci if (insert_separator(0)) return -1; } 8436cd6a6acSopenharmony_ci | tilde nested_id_set 8446cd6a6acSopenharmony_ci { if (insert_id("~", 0)) return -1; 8456cd6a6acSopenharmony_ci if (insert_separator(0)) return -1; } 8466cd6a6acSopenharmony_ci | identifier '-' { if (insert_id("-", 0)) return -1; } identifier 8476cd6a6acSopenharmony_ci { if (insert_separator(0)) return -1; } 8486cd6a6acSopenharmony_ci ; 8496cd6a6acSopenharmony_citilde_push : tilde 8506cd6a6acSopenharmony_ci { if (insert_id("~", 1)) return -1; } 8516cd6a6acSopenharmony_ci ; 8526cd6a6acSopenharmony_ciasterisk_push : asterisk 8536cd6a6acSopenharmony_ci { if (insert_id("*", 1)) return -1; } 8546cd6a6acSopenharmony_ci ; 8556cd6a6acSopenharmony_cinames_push : identifier_push 8566cd6a6acSopenharmony_ci | '{' identifier_list_push '}' 8576cd6a6acSopenharmony_ci | asterisk_push 8586cd6a6acSopenharmony_ci | tilde_push identifier_push 8596cd6a6acSopenharmony_ci | tilde_push '{' identifier_list_push '}' 8606cd6a6acSopenharmony_ci ; 8616cd6a6acSopenharmony_ciidentifier_list_push : identifier_push 8626cd6a6acSopenharmony_ci | identifier_list_push identifier_push 8636cd6a6acSopenharmony_ci ; 8646cd6a6acSopenharmony_ciidentifier_push : IDENTIFIER 8656cd6a6acSopenharmony_ci { if (insert_id(yytext, 1)) return -1; } 8666cd6a6acSopenharmony_ci ; 8676cd6a6acSopenharmony_ciidentifier_list : identifier 8686cd6a6acSopenharmony_ci | identifier_list identifier 8696cd6a6acSopenharmony_ci ; 8706cd6a6acSopenharmony_cinested_id_set : '{' nested_id_list '}' 8716cd6a6acSopenharmony_ci ; 8726cd6a6acSopenharmony_cinested_id_list : nested_id_element | nested_id_list nested_id_element 8736cd6a6acSopenharmony_ci ; 8746cd6a6acSopenharmony_cinested_id_element : identifier | '-' { if (insert_id("-", 0)) return -1; } identifier | nested_id_set 8756cd6a6acSopenharmony_ci ; 8766cd6a6acSopenharmony_ciidentifier : IDENTIFIER 8776cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 8786cd6a6acSopenharmony_ci ; 8796cd6a6acSopenharmony_cifilesystem : FILESYSTEM 8806cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 8816cd6a6acSopenharmony_ci | IDENTIFIER 8826cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 8836cd6a6acSopenharmony_ci ; 8846cd6a6acSopenharmony_cipath : PATH 8856cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 8866cd6a6acSopenharmony_ci | QPATH 8876cd6a6acSopenharmony_ci { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } 8886cd6a6acSopenharmony_ci ; 8896cd6a6acSopenharmony_cifilename : FILENAME 8906cd6a6acSopenharmony_ci { yytext[strlen(yytext) - 1] = '\0'; if (insert_id(yytext + 1,0)) return -1; } 8916cd6a6acSopenharmony_ci ; 8926cd6a6acSopenharmony_cinumber : NUMBER 8936cd6a6acSopenharmony_ci { unsigned long x; 8946cd6a6acSopenharmony_ci errno = 0; 8956cd6a6acSopenharmony_ci x = strtoul(yytext, NULL, 0); 8966cd6a6acSopenharmony_ci if (errno) 8976cd6a6acSopenharmony_ci return -1; 8986cd6a6acSopenharmony_ci#if ULONG_MAX > UINT_MAX 8996cd6a6acSopenharmony_ci if (x > UINT_MAX) 9006cd6a6acSopenharmony_ci return -1; 9016cd6a6acSopenharmony_ci#endif 9026cd6a6acSopenharmony_ci $$ = (unsigned int) x; 9036cd6a6acSopenharmony_ci } 9046cd6a6acSopenharmony_ci ; 9056cd6a6acSopenharmony_cinumber64 : NUMBER 9066cd6a6acSopenharmony_ci { unsigned long long x; 9076cd6a6acSopenharmony_ci errno = 0; 9086cd6a6acSopenharmony_ci x = strtoull(yytext, NULL, 0); 9096cd6a6acSopenharmony_ci if (errno) 9106cd6a6acSopenharmony_ci return -1; 9116cd6a6acSopenharmony_ci $$ = (uint64_t) x; 9126cd6a6acSopenharmony_ci } 9136cd6a6acSopenharmony_ci ; 9146cd6a6acSopenharmony_ciipv6_addr : IPV6_ADDR 9156cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 9166cd6a6acSopenharmony_ci ; 9176cd6a6acSopenharmony_cipolicycap_def : POLICYCAP identifier ';' 9186cd6a6acSopenharmony_ci {if (define_polcap()) return -1;} 9196cd6a6acSopenharmony_ci ; 9206cd6a6acSopenharmony_cipermissive_def : PERMISSIVE identifier ';' 9216cd6a6acSopenharmony_ci {if (define_permissive()) return -1;} 9226cd6a6acSopenharmony_ci 9236cd6a6acSopenharmony_ci/*********** module grammar below ***********/ 9246cd6a6acSopenharmony_ci 9256cd6a6acSopenharmony_cimodule_policy : module_def avrules_block 9266cd6a6acSopenharmony_ci { if (end_avrule_block(pass) == -1) return -1; 9276cd6a6acSopenharmony_ci if (policydb_index_others(NULL, policydbp, 0)) return -1; 9286cd6a6acSopenharmony_ci } 9296cd6a6acSopenharmony_ci ; 9306cd6a6acSopenharmony_cimodule_def : MODULE identifier version_identifier ';' 9316cd6a6acSopenharmony_ci { if (define_policy(pass, 1) == -1) return -1; } 9326cd6a6acSopenharmony_ci ; 9336cd6a6acSopenharmony_civersion_identifier : VERSION_IDENTIFIER 9346cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 9356cd6a6acSopenharmony_ci | number 9366cd6a6acSopenharmony_ci { if (insert_id(yytext,0)) return -1; } 9376cd6a6acSopenharmony_ci | ipv4_addr_def /* version can look like ipv4 address */ 9386cd6a6acSopenharmony_ci ; 9396cd6a6acSopenharmony_ciavrules_block : avrule_decls avrule_user_defs 9406cd6a6acSopenharmony_ci ; 9416cd6a6acSopenharmony_ciavrule_decls : avrule_decls avrule_decl 9426cd6a6acSopenharmony_ci | avrule_decl 9436cd6a6acSopenharmony_ci ; 9446cd6a6acSopenharmony_ciavrule_decl : rbac_decl 9456cd6a6acSopenharmony_ci | te_decl 9466cd6a6acSopenharmony_ci | cond_stmt_def 9476cd6a6acSopenharmony_ci | require_block 9486cd6a6acSopenharmony_ci | optional_block 9496cd6a6acSopenharmony_ci | ';' 9506cd6a6acSopenharmony_ci ; 9516cd6a6acSopenharmony_cirequire_block : REQUIRE '{' require_list '}' 9526cd6a6acSopenharmony_ci ; 9536cd6a6acSopenharmony_cirequire_list : require_list require_decl 9546cd6a6acSopenharmony_ci | require_decl 9556cd6a6acSopenharmony_ci ; 9566cd6a6acSopenharmony_cirequire_decl : require_class ';' 9576cd6a6acSopenharmony_ci | require_decl_def require_id_list ';' 9586cd6a6acSopenharmony_ci ; 9596cd6a6acSopenharmony_cirequire_class : CLASS identifier names 9606cd6a6acSopenharmony_ci { if (require_class(pass)) return -1; } 9616cd6a6acSopenharmony_ci ; 9626cd6a6acSopenharmony_cirequire_decl_def : ROLE { $$ = require_role; } 9636cd6a6acSopenharmony_ci | TYPE { $$ = require_type; } 9646cd6a6acSopenharmony_ci | ATTRIBUTE { $$ = require_attribute; } 9656cd6a6acSopenharmony_ci | ATTRIBUTE_ROLE { $$ = require_attribute_role; } 9666cd6a6acSopenharmony_ci | USER { $$ = require_user; } 9676cd6a6acSopenharmony_ci | BOOL { $$ = require_bool; } 9686cd6a6acSopenharmony_ci | TUNABLE { $$ = require_tunable; } 9696cd6a6acSopenharmony_ci | SENSITIVITY { $$ = require_sens; } 9706cd6a6acSopenharmony_ci | CATEGORY { $$ = require_cat; } 9716cd6a6acSopenharmony_ci ; 9726cd6a6acSopenharmony_cirequire_id_list : identifier 9736cd6a6acSopenharmony_ci { if ($<require_func>0 (pass)) return -1; } 9746cd6a6acSopenharmony_ci | require_id_list ',' identifier 9756cd6a6acSopenharmony_ci { if ($<require_func>0 (pass)) return -1; } 9766cd6a6acSopenharmony_ci ; 9776cd6a6acSopenharmony_cioptional_block : optional_decl '{' avrules_block '}' 9786cd6a6acSopenharmony_ci { if (end_avrule_block(pass) == -1) return -1; } 9796cd6a6acSopenharmony_ci optional_else 9806cd6a6acSopenharmony_ci { if (end_optional(pass) == -1) return -1; } 9816cd6a6acSopenharmony_ci ; 9826cd6a6acSopenharmony_cioptional_else : else_decl '{' avrules_block '}' 9836cd6a6acSopenharmony_ci { if (end_avrule_block(pass) == -1) return -1; } 9846cd6a6acSopenharmony_ci | /* empty */ 9856cd6a6acSopenharmony_ci ; 9866cd6a6acSopenharmony_cioptional_decl : OPTIONAL 9876cd6a6acSopenharmony_ci { if (begin_optional(pass) == -1) return -1; } 9886cd6a6acSopenharmony_ci ; 9896cd6a6acSopenharmony_cielse_decl : ELSE 9906cd6a6acSopenharmony_ci { if (begin_optional_else(pass) == -1) return -1; } 9916cd6a6acSopenharmony_ci ; 9926cd6a6acSopenharmony_ciavrule_user_defs : user_def avrule_user_defs 9936cd6a6acSopenharmony_ci | /* empty */ 9946cd6a6acSopenharmony_ci ; 995