aboutsummaryrefslogtreecommitdiffstats
path: root/tools/flask
diff options
context:
space:
mode:
Diffstat (limited to 'tools/flask')
-rw-r--r--tools/flask/policy/policy/flask/Makefile2
-rw-r--r--tools/flask/policy/policy/flask/access_vectors17
-rw-r--r--tools/flask/policy/policy/flask/mkaccess_vector.sh89
3 files changed, 2 insertions, 106 deletions
diff --git a/tools/flask/policy/policy/flask/Makefile b/tools/flask/policy/policy/flask/Makefile
index 970b9fedce..5f57e88810 100644
--- a/tools/flask/policy/policy/flask/Makefile
+++ b/tools/flask/policy/policy/flask/Makefile
@@ -14,7 +14,7 @@ FLASK_H_DEPEND = security_classes initial_sids
AV_H_DEPEND = access_vectors
FLASK_H_FILES = class_to_string.h flask.h initial_sid_to_string.h
-AV_H_FILES = av_inherit.h common_perm_to_string.h av_perm_to_string.h av_permissions.h
+AV_H_FILES = av_perm_to_string.h av_permissions.h
ALL_H_FILES = $(FLASK_H_FILES) $(AV_H_FILES)
all: $(ALL_H_FILES)
diff --git a/tools/flask/policy/policy/flask/access_vectors b/tools/flask/policy/policy/flask/access_vectors
index 5901911d18..a884312b01 100644
--- a/tools/flask/policy/policy/flask/access_vectors
+++ b/tools/flask/policy/policy/flask/access_vectors
@@ -1,22 +1,7 @@
#
-# Define common prefixes for access vectors
-#
-# common common_name { permission_name ... }
-
-#
-# Define a common prefix for file access vectors.
-#
-
-
-#
# Define the access vectors.
#
-# class class_name [ inherits common_name ] { permission_name ... }
-
-
-#
-# Define the access vector interpretation for file-related objects.
-#
+# class class_name { permission_name ... }
class xen
{
diff --git a/tools/flask/policy/policy/flask/mkaccess_vector.sh b/tools/flask/policy/policy/flask/mkaccess_vector.sh
index b5da734b04..43a60a79e3 100644
--- a/tools/flask/policy/policy/flask/mkaccess_vector.sh
+++ b/tools/flask/policy/policy/flask/mkaccess_vector.sh
@@ -10,50 +10,21 @@ shift
# output files
av_permissions="av_permissions.h"
-av_inherit="av_inherit.h"
-common_perm_to_string="common_perm_to_string.h"
av_perm_to_string="av_perm_to_string.h"
cat $* | $awk "
BEGIN {
outfile = \"$av_permissions\"
- inheritfile = \"$av_inherit\"
- cpermfile = \"$common_perm_to_string\"
avpermfile = \"$av_perm_to_string\"
"'
nextstate = "COMMON_OR_AV";
printf("/* This file is automatically generated. Do not edit. */\n") > outfile;
- printf("/* This file is automatically generated. Do not edit. */\n") > inheritfile;
- printf("/* This file is automatically generated. Do not edit. */\n") > cpermfile;
printf("/* This file is automatically generated. Do not edit. */\n") > avpermfile;
;
}
/^[ \t]*#/ {
next;
}
-$1 == "common" {
- if (nextstate != "COMMON_OR_AV")
- {
- printf("Parse error: Unexpected COMMON definition on line %d\n", NR);
- next;
- }
-
- if ($2 in common_defined)
- {
- printf("Duplicate COMMON definition for %s on line %d.\n", $2, NR);
- next;
- }
- common_defined[$2] = 1;
-
- tclass = $2;
- common_name = $2;
- permission = 1;
-
- printf("TB_(common_%s_perm_to_string)\n", $2) > cpermfile;
-
- nextstate = "COMMON-OPENBRACKET";
- next;
- }
$1 == "class" {
if (nextstate != "COMMON_OR_AV" &&
nextstate != "CLASS_OR_CLASS-OPENBRACKET")
@@ -71,62 +42,11 @@ $1 == "class" {
}
av_defined[tclass] = 1;
- inherits = "";
permission = 1;
nextstate = "INHERITS_OR_CLASS-OPENBRACKET";
next;
}
-$1 == "inherits" {
- if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET")
- {
- printf("Parse error: Unexpected INHERITS definition on line %d\n", NR);
- next;
- }
-
- if (!($2 in common_defined))
- {
- printf("COMMON %s is not defined (line %d).\n", $2, NR);
- next;
- }
-
- inherits = $2;
- permission = common_base[$2];
-
- for (combined in common_perms)
- {
- split(combined,separate, SUBSEP);
- if (separate[1] == inherits)
- {
- inherited_perms[common_perms[combined]] = separate[2];
- }
- }
-
- j = 1;
- for (i in inherited_perms) {
- ind[j] = i + 0;
- j++;
- }
- n = asort(ind);
- for (i = 1; i <= n; i++) {
- perm = inherited_perms[ind[i]];
- printf("#define %s__%s", toupper(tclass), toupper(perm)) > outfile;
- spaces = 40 - (length(perm) + length(tclass));
- if (spaces < 1)
- spaces = 1;
- for (j = 0; j < spaces; j++)
- printf(" ") > outfile;
- printf("0x%08xUL\n", ind[i]) > outfile;
- }
- printf("\n") > outfile;
- for (i in ind) delete ind[i];
- for (i in inherited_perms) delete inherited_perms[i];
-
- printf(" S_(SECCLASS_%s, %s, 0x%08xUL)\n", toupper(tclass), inherits, permission) > inheritfile;
-
- nextstate = "CLASS_OR_CLASS-OPENBRACKET";
- next;
- }
$1 == "{" {
if (nextstate != "INHERITS_OR_CLASS-OPENBRACKET" &&
nextstate != "CLASS_OR_CLASS-OPENBRACKET" &&
@@ -177,15 +97,6 @@ $1 == "{" {
av_perms[tclass,$1] = permission;
- if (inherits != "")
- {
- if ((inherits,$1) in common_perms)
- {
- printf("Permission %s in %s on line %d conflicts with common permission.\n", $1, tclass, inherits, NR);
- next;
- }
- }
-
printf("#define %s__%s", toupper(tclass), toupper($1)) > outfile;
printf(" S_(SECCLASS_%s, %s__%s, \"%s\")\n", toupper(tclass), toupper(tclass), toupper($1), $1) > avpermfile;
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 13:30:02 +0000