search

garyttierney / secsp

SELinux C-style Policy Language
MIT License
4 stars 1 forks source link

Grammar design: file context specifications #68

Open garyttierney opened 5 years ago

garyttierney commented 5 years ago

Tracking issue for filecon in secsp.

Some ideas:

file_context "/usr/lib64(/.*)?" -f my_context;
file_contexts {
     "/usr/lib64(/.*)?" -f my_context;
}
garyttierney commented 5 years ago

Currently implemented solution:

file_context_spec
    : file_context_spec_item
    | file_context_spec_block;

file_context_ftype: 'file' | 'dir' | 'char' | 'block' | 'socket' | 'pipe' | 'symlink' | 'any';
file_context_spec_item : 'filecon' file_context_spec_atom ';' ;

file_context_spec_block : 'filecon' '{' (file_context_spec_atom ';' )* '}';
file_context_spec_atom: STRING_LITERAL (STRING_LITERAL)? file_context_ftype expr;

And examples:

filecon "/usr/lib64(/.*)?" file my_context;
filecon {
     "/usr/lib64" "(/.*)?" file my_context;
     "/usr/share" "/html" any system_r:object_r:public_html_t;
}