PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` 3 KlfxI@sddlZddlZddlZddlZddlmZddlmZddlmZddlmZddlm Z dZ dddd d!d"d#d$d%d&d'd(d)d*d+d,d-d.d/d0d1d2d3d4d5d6d7d8d9d:d;dd?d@dAdBdCdDdEdFdGdHdIdJdKdLdMdOdNdPdQ4Z dRZ dSZ dTZdUZdVZdWZdXZdYZdZZd[Zd\Zd]Zd^Zd_Zd`ZdaZdbZdcZddZdedfZdgdhZ didjZ!dkdlZ"dmdnZ#dodpZ$dqdrZ%dsdtZ&dudvZ'da(da)dwa*da+dxa,d dydzZ-d{d|Z.d}d~Z/ddZ0ddZ1ddZ2ddZ3ddZ4ddZ5ddZ6ddZ7ddZ8ddZ9ddZ:ddZ;ddZddZ?ddZ@ddZAddZBddZCddZDddZEddZFddZGddZHddZIddZJddZKddZLddZMddZNddZOddZPdd„ZQddĄZRddƄZSddȄZTddʄZUdd̄ZVdd΄ZWddЄZXdd҄ZYddԄZZddքZ[dd؄Z\ddڄZ]dd܄Z^ddބZ_ddZ`ddZaddZbddZcddZdddZeddZfddZgddZhddZiddZjddZkddZlddZmddZnddZodapdaqddZrd ddZsddZtd ddZudS( N)access)defaults)lex) refpolicy)yaccTICKSQUOTEOBRACECBRACESEMICOLONOPARENCPARENCOMMAMINUSTILDEASTERISKAMPBAREXPLEQUALFILENAME IDENTIFIERNUMBERPATH IPV6_ADDRMODULE POLICY_MODULEREQUIRESIDGENFSCON FS_USE_XATTR FS_USE_TRANS FS_USE_TASKPORTCONNODECONNETIFCONPIRQCONIOMEMCON IOPORTCON PCIDEVICECON DEVICETREECONCLASS TYPEATTRIBUTE ROLEATTRIBUTETYPE ATTRIBUTEATTRIBUTE_ROLEALIAS TYPEALIASBOOLTRUEFALSEIFELSEROLETYPESALLOW DONTAUDIT AUDITALLOW NEVERALLOW PERMISSIVE TYPEBOUNDSTYPE_TRANSITION TYPE_CHANGE TYPE_MEMBERRANGE_TRANSITIONROLE_TRANSITION OPT_POLICY INTERFACETUNABLE_POLICYGEN_REQTEMPLATE GEN_CONTEXTIFELSEIFDEFIFNDEFDEFINE)4moduleZ policy_moduleZrequireZsidZgenfscon fs_use_xattr fs_use_trans fs_use_taskZportconZnodeconZnetifconZpirqconZiomemconZ ioportconZ pcideviceconZ devicetreeconclassZ typeattributeZ roleattributetypeZ attributeZattribute_rolealiasZ typealiasbooltrueZfalseifelseroletypesZallow dontaudit auditallow neverallowZ permissiveZ typeboundsZtype_transition type_change type_memberZrange_transitionZrole_transitionZoptional_policy interfaceZtunable_policyZ gen_requiretemplateZ gen_contextZifelseZifndefifdefZdefinez\`z\'z\{z\}z\;+z\:z\(z\)z\,z\-z\~z\*z\&z\|z\!z\=z[0-9\.]+z/[a-zA-Z0-9)_\.\*/\$]*z cCs|S)z2[a-fA-F0-9]{0,4}:[a-fA-F0-9]{0,4}:([a-fA-F0-9]|:)*)trfrf/usr/lib/python3.6/refparser.py t_IPV6_ADDRsricCs|jjd7_dS)zdnl.*\nrN)lexerlineno)rgrfrfrh t_m4commentsrlcCs|jddS)zdefine.*refpolicywarn\(.*\nrN)skip)rgrfrfrht_refpolicywarn1srncCs|jjd7_dS)zrefpolicywarn\(.*\nrN)rjrk)rgrfrfrht_refpolicywarnsrocCstj|jd|_|S)z#[a-zA-Z_\$][a-zA-Z0-9_\-\+\.\$\*~]*r)reservedgetvaluerV)rgrfrfrh t_IDENTIFIERsrscCstj|jd|_|S)z\"[a-zA-Z0-9_\-\+\.\$\*~ :]+\"r)rprqrrrV)rgrfrfrh t_FILENAMEsrtcCs|jjd7_dS)z\#.*\nrN)rjrk)rgrfrfrh t_comment srucCs td|jd|jddS)NzIllegal character '%s'rr)printrrrm)rgrfrfrht_errorsrwcCs|jjt|j7_dS)z\n+N)rjrklenrr)rgrfrfrh t_newlinesryTcCsX|dkr dSxF|D]>}|dkr q||_|dk rB|jjd||fq|jjd|qWdS)Nr)parentchildreninsert)Zstmtsr{valsrfrfrhcollect-s rcCs8x2|D]*}tj|r&|jtj|q|j|qWdS)N)sptZhas_keyupdateZby_nameadd)Zidsridrfrfrhexpand9s  rcCsNt|dkr&|dr&tjj|dn$t|dkrJ|drJtjj|ddS)z^statements : statement | statements statement | empty rN)rxmr|append)prfrfrh p_statementsAsrcCs|d|d<dS)zstatement : interface | template | obj_perm_set | policy | policy_module_stmt | module_stmt rrNrf)rrfrfrh p_statementKsrcCsdS)zempty :Nrf)rrfrfrhp_emptyUsrcCs.tj}|d|_|d|_d|_||d<dS)zHpolicy_module_stmt : POLICY_MODULE OPAREN IDENTIFIER COMMA NUMBER CPARENTrN)rModuleDeclarationnameversion)rrrfrfrhp_policy_module_stmt`s   rcCs(tj|d}t|d|||d<dS)zainterface : INTERFACE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN rN)r Interfacer)rxrfrfrh p_interfacehsrcCs(tj|d}t|d|||d<dS)ztemplate : TEMPLATE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN | DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN rrrN)rZTemplater)rrrfrfrh p_templateosrcCs d|d<dS)z4define : DEFINE OPAREN TICK IDENTIFIER SQUOTE CPARENNrrf)rrfrfrhp_definewsrcCszt|dkr"|dr"|d|d<nTt|dkrv|dsL|drv|d|d<n*|dsb|d|d<n|d|d|d<dS)zlinterface_stmts : policy | interface_stmts policy | empty rrrN)rx)rrfrfrhp_interface_stmts~s rcCsFtj}t|d|ddt|dkr8t|d|dd|g|d<dS) zoptional_policy : OPT_POLICY OPAREN TICK interface_stmts SQUOTE CPAREN | OPT_POLICY OPAREN TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN rT)r~rFrN)rZOptionalPolicyrrx)rorfrfrhp_optional_policys  rcCsPtj}|d|_t|d|ddt|dkrBt|d|dd|g|d<d S) ztunable_policy : TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN | TUNABLE_POLICY OPAREN TICK cond_expr SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN rrT)r~ FrN)rZ TunablePolicy cond_exprrrx)rrrfrfrhp_tunable_policys   rcCsdS)aifelse : IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK IDENTIFIER SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi | IFELSE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK SQUOTE COMMA TICK interface_stmts SQUOTE COMMA TICK interface_stmts SQUOTE CPAREN optional_semi Nrf)rrfrfrhp_ifelses rcCsbtj|d}|ddkr d}nd}t|d||dt|dkrTt|d|dd|g|d <d S) aJifdef : IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi | IFNDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi | IFDEF OPAREN TICK IDENTIFIER SQUOTE COMMA TICK statements SQUOTE COMMA TICK statements SQUOTE CPAREN optional_semi rrreTFr)r~rrN)rZIfDefrrx)rrvrfrfrhp_ifdefs  rcCs8tj|dd}t|dkr,|jj|d||d<dS)zinterface_call : IDENTIFIER OPAREN interface_call_param_list CPAREN | IDENTIFIER OPAREN CPAREN | IDENTIFIER OPAREN interface_call_param_list CPAREN SEMIr)ZifnamerrrN)rZ InterfaceCallrxargsextend)rirfrfrhp_interface_calls rcCs6t|dkr|d|d<n|dd|dg|d<dS)zinterface_call_param : IDENTIFIER | IDENTIFIER MINUS IDENTIFIER | nested_id_set | TRUE | FALSE | FILENAME rrr-rN)rx)rrfrfrhp_interface_call_params rcCs6t|dkr|dg|d<n|d|dg|d<dS)zinterface_call_param_list : interface_call_param | interface_call_param_list COMMA interface_call_param rrrrN)rx)rrfrfrhp_interface_call_param_lists rcCs$tj|d}|d|_||d<dS)zRobj_perm_set : DEFINE OPAREN TICK IDENTIFIER SQUOTE COMMA TICK names SQUOTE CPARENrrrN)rZ ObjPermSetperms)rrrfrfrhp_obj_perm_sets rcCs|d|d<dS)zpolicy : policy_stmt | optional_policy | tunable_policy | ifdef | ifelse | conditional rrNrf)rrfrfrhp_policysrcCs|dr|dg|d<dS)apolicy_stmt : gen_require | avrule_def | typerule_def | typebound_def | typeattribute_def | roleattribute_def | interface_call | role_def | role_allow | permissive | type_def | typealias_def | attribute_def | attribute_role_def | range_transition_def | role_transition_def | bool | define | initial_sid | genfscon | fs_use | portcon | nodecon | netifcon | pirqcon | iomemcon | ioportcon | pcidevicecon | devicetreecon rrNrf)rrfrfrh p_policy_stmtsrcCs.tj}|d|_|d|_d|_||d<dS)z+module_stmt : MODULE IDENTIFIER NUMBER SEMIrrFrN)rrrr)rrrfrfrh p_module_stmts   rcCsdS)zlgen_require : GEN_REQ OPAREN TICK requires SQUOTE CPAREN | REQUIRE OBRACE requires CBRACENrf)rrfrfrh p_gen_require!srcCsdS)zsrequires : require | requires require | ifdef | requires ifdef Nrf)rrfrfrh p_requires)srcCsdS)zrequire : TYPE comma_list SEMI | ROLE comma_list SEMI | ATTRIBUTE comma_list SEMI | ATTRIBUTE_ROLE comma_list SEMI | CLASS comma_list SEMI | BOOL comma_list SEMI Nrf)rrfrfrh p_require1srcCsHtj}|d|_|d|_|d|_t|dkr<|d|_||d<dS)zsecurity_context : IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER | IDENTIFIER COLON IDENTIFIER COLON IDENTIFIER COLON mls_range_defrrrrrN)rZSecurityContextuserr\rVrxlevel)rrrfrfrhp_security_context;s     rcCs|d}|d|_||d<dS)zQgen_context : GEN_CONTEXT OPAREN security_context COMMA mls_range_def CPAREN rrrN)r)rrrfrfrh p_gen_contextHs rcCs|d|d<dS)zr? src_types tgt_types obj_classesr)rrrfrfrh p_avrule_defs          rcCsttj}|ddkr tjj|_n|ddkr6tjj|_|d|_|d|_|d|_|d|_|d|_ ||d <d S) atyperule_def : TYPE_TRANSITION names names COLON names IDENTIFIER SEMI | TYPE_TRANSITION names names COLON names IDENTIFIER FILENAME SEMI | TYPE_TRANSITION names names COLON names IDENTIFIER IDENTIFIER SEMI | TYPE_CHANGE names names COLON names IDENTIFIER SEMI | TYPE_MEMBER names names COLON names IDENTIFIER SEMI rrarbrrrrrrN) rZTypeRulerCrrDrrrZ dest_type file_name)rrgrfrfrhp_typerule_def*s         rcCs.tj}|d|_|jj|d||d<dS)z5typebound_def : TYPEBOUNDS IDENTIFIER comma_list SEMIrrrN)rZ TypeBoundrVrr)rrgrfrfrhp_typebound_def=s rcCs8tj}|d|_|ddkr&d|_nd|_||d<dS)zIbool : BOOL IDENTIFIER TRUE SEMI | BOOL IDENTIFIER FALSE SEMIrrrYTFrN)rZBoolrstate)rbrfrfrhp_boolDs   rcCsPtj}|d|_t|d|ddt|dkrBt|d|dd|g|d<d S) z conditional : IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE | IF OPAREN cond_expr CPAREN OBRACE interface_stmts CBRACE ELSE OBRACE interface_stmts CBRACE rrT)r~r FrN)rZ Conditionalrrrx)rrrfrfrh p_conditionalOs   rcCs.tj}|d|_|jj|d||d<dS)zddlm}tj}g}d}tjj|r|tjj|d}|dkrLtd|tjj |} |j | d|ft t j \} }n t |\}}|r| rtdfdddfd d } d} |r8d |tj} | || |jj | tjd } tjd dddddddddg }| jj tj||jj | drd rd|jtjt|d}|jdg}x|D]}tj}|d|_y*|r| |d|| n| |d|WnFtk r}z(t|d|j |dwnWYdd}~XnX|jj |rn rn|jqnWt|r:ddj||S)Nr)utilrzzInvalid file name %srz1could not find support macros (obj_perm_sets.spt)csrj|dS)N)write)r)outputrfrhr3szparse_headers..ocsrd|y.t|}|j}|j|at|||WnTtk r^}zdSd}~Xn6tk r}ztd|t|fWYdd}~XnXdS)Nzparsing file %s zerror parsing file %s: %s)openreadcloserr IOErrorrr)rrQrfdZtxtr)rrrfrhr7s z!parse_headers..parse_filezParsing support macros (%s): can_execz$1z$2fileZexecute_no_transr"r#getattrlockZexecuteZioctlzdone. )ZstepszParsing interface filesr z failed to parse some headers: %sz, )N)rzrrZHeadersrrisfilesplitrrrrrheadersrr|rrZ AccessVectorrZConsoleProgressBarsysstdoutrxrrrrstepr)rr!rrrr-rrrrZ all_modulesrrr'avZstatusZfailuresrrrrf)rrr!rh parse_headerssb                 r2)Irr r r r r rrrrrrrrrrrrrrrrrrr r!r"r#r$r%r&r'r(r)r*r+r,r-r.r/r0r1r2r3r4r5r6r7r8r9r:r;r<r=r>r?r@rArBrCrDrErFrGrHrIrJrKrLrMrNrOrP)N)NNF)NTF)vr.rrr rzrrrrrtokensrpZt_TICKZt_SQUOTEZt_OBRACEZt_CBRACEZt_SEMIZt_COLONZt_OPARENZt_CPARENZt_COMMAZt_MINUSZt_TILDEZ t_ASTERISKZt_AMPZt_BARZt_EXPLZt_EQUALZt_NUMBERZt_PATHZt_ignorerirlrnrorsrtrurwryrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrjrr rr2rfrfrfrh s               "