test.te

diff --git a/autotests/folding/test.te.fold b/autotests/folding/test.te.fold new file mode 100644 --- /dev/null +++ b/autotests/folding/test.te.fold @@ -0,0 +1,139 @@ +# Sample SELinux Policy + +## > +## Sample SELinux Policy +## +## > +## > +## This module is not functional, +## but only to test the syntax highlighting. +##

+# Sample SELinux Policy
+
+## <summary>
+##  Sample SELinux Policy
+## </summary>
+## <desc>
+## <p>
+##  This module is not functional,
+##  but only to test the syntax highlighting.
+## </p>
+## </desc>
+## <required val="true">
+##  Depended on by other required modules.
+## </required>
+
+policycap open_perms;
+module myapp 1.0;
+
+require {
+	type httpd_t;
+	type httpd_sys_content_t;
+	type initrc_t;
+	class sock_file write;
+	class unix_stream_socket connectto;
+}
+
+allow httpd_t httpd_sys_content_t:sock_file write;
+allow httpd_t initrc_t:unix_stream_socket connectto;
+
+# Refpolicy
+tunable_policy(`allow_execmem',`
+	/usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df);
+')
+# M4 Macros
+regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
+ifdef(`distro_ubuntu',`
+	unconfined_domain(chkpwd_t)
+')
+
+dominance { gen_dominance(0,decr($1)) };
+neverallow user=_isolated domain=((?!isolated_app).)*
+
+allow consoletype_t self:capability { sys_admin sys_tty_config };
+allow consoletype_t self:msg { send receive };
+
+# sample for administrative user
+user jadmin roles { staff_r sysadm_r };
+# sample for regular user
+user jdoe roles { user_r };
+
+default_user process source;
+default_range process source low;
+
+sid devnull;
+sid sysctl;
+
+common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
+class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
+class class;
+
+sensitivity s0 alias sens0;
+category c0 alias cat0;
+
+mlsconstrain dir { search read ioctl lock }
+	(( h1 dom h2 ) or ( t1 == mcsreadall ) or
+	(( t1 != mcs_constrained_type ) and (t2 == domain)));
+
+attribute_role dpkg_roles;
+roleattribute system_r dpkg_roles;
+
+role system_r types system_t;
+role_transition hello init_script_file_type system_r;
+
+level s0:c0;
+user user_u roles role_r level s1:c1 range s1:c1 - s2:c2;
+range_transition initrc_t auditd_exec_t:process s15:c0.c255 - s20;
+range_transition source target:class s1 - s2 dsd;
+range_transition source target:class s1 ;
+
+attribute filesystem_type;
+type dhcp_etc_t;
+typealias dhcp_etc_t ALIAS { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
+
+bool le_boolean true;
+TUNABLE allow_java_execstack false;
+
+type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
+AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;
+
+optional {
+	neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+	neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+};
+
+if le_boolean {
+	DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
+} else {
+	ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
+	allow untrusted_app perfprofd_data_file:dir r_dir_perms;
+};
+
+sid devnull system_u:object_r:null_device_t:s0
+genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
+
+genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+fs_use_trans devtmpfs system_u:object_r:device_t:s0;
+fs_use_task pipefs u:object_r:pipefs:s0;
+fs_use_xattr xfs u:object_r:labeledfs:s0;
+fs_use_xattr btrfs u:object_r:labeledfs:s0;
+
+portcon tcp 80 u:object_r:http_port:s0;
+portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
+netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);
+
+nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
+nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;
+
+#line 118
+
+# Regular Expressions
+regexp(`Hello(!|\^\^)+', `
+	^\s*(?<hello>\.)
+	(
+		hello[^\s\x12/][1-9]*|  # Hello
+		bye
+	)\s*$
+') 
+"aa/aa(?=sdf sdf)ds(aa aa)df[^ a]"
+"open
+"text\"aaa
+"filename\s\w\%(?=aa)aa"
+"/path\s\w(?=aa)aa"
+
+u:role:type:sen:cat:other
+u:role:type:sen:cat - sen:cat:other
+u:role:type:s0.s1:c0 , c1 - s2.s3:c2.c3,c4:other
+u:role:type:s0,other
+

diff --git a/autotests/input/test.te b/autotests/input/test.te new file mode 100644 --- /dev/null +++ b/autotests/input/test.te @@ -0,0 +1,139 @@ +# Sample SELinux Policy + +##

+## Sample SELinux Policy +##

+## +##

+## This module is not functional, +## but only to test the syntax highlighting. +##

+## +## +## Depended on by other required modules. +## + +policycap open_perms; +module myapp 1.0; + +require { + type httpd_t; + type httpd_sys_content_t; + type initrc_t; + class sock_file write; + class unix_stream_socket connectto; +} + +allow httpd_t httpd_sys_content_t:sock_file write; +allow httpd_t initrc_t:unix_stream_socket connectto; + +# Refpolicy +tunable_policy(`allow_execmem',` + /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df); +') +# M4 Macros +regexp(`GNUs not Unix', `\w$\w+$$', `*** \& *** \1 ***') +ifdef(`distro_ubuntu',` + unconfined_domain(chkpwd_t) +') + +dominance { gen_dominance(0,decr($1)) }; +neverallow user=_isolated domain=((?!isolated_app).)* + +allow consoletype_t self:capability { sys_admin sys_tty_config }; +allow consoletype_t self:msg { send receive }; + +# sample for administrative user +user jadmin roles { staff_r sysadm_r }; +# sample for regular user +user jdoe roles { user_r }; + +default_user process source; +default_range process source low; + +sid devnull; +sid sysctl; + +common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton }; +class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod }; +class class; + +sensitivity s0 alias sens0; +category c0 alias cat0; + +mlsconstrain dir { search read ioctl lock } + (( h1 dom h2 ) or ( t1 == mcsreadall ) or + (( t1 != mcs_constrained_type ) and (t2 == domain))); + +attribute_role dpkg_roles; +roleattribute system_r dpkg_roles; + +role system_r types system_t; +role_transition hello init_script_file_type system_r; + +level s0:c0; +user user_u roles role_r level s1:c1 range s1:c1 - s2:c2; +range_transition initrc_t auditd_exec_t:process s15:c0.c255 - s20; +range_transition source target:class s1 - s2 dsd; +range_transition source target:class s1 ; + +attribute filesystem_type; +type dhcp_etc_t; +typealias dhcp_etc_t ALIAS { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t }; + +bool le_boolean true; +TUNABLE allow_java_execstack false; + +type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t; +AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send; + +optional { + neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl; + neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls; +}; + +if le_boolean { + DONTAUDIT untrusted_app asec_public_file:file { execute execmod }; +} else { + ALLOW untrusted_app perfprofd_data_file:file r_file_perms; + allow untrusted_app perfprofd_data_file:dir r_dir_perms; +}; + +sid devnull system_u:object_r:null_device_t:s0 +genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0) +genfscon rootfs / gen_context(system_u:object_r:root_t,s0) + +genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0 +genfscon selinuxfs / u:object_r:selinuxfs:s0 +fs_use_trans devtmpfs system_u:object_r:device_t:s0; +fs_use_task pipefs u:object_r:pipefs:s0; +fs_use_xattr xfs u:object_r:labeledfs:s0; +fs_use_xattr btrfs u:object_r:labeledfs:s0; + +portcon tcp 80 u:object_r:http_port:s0; +portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0); +netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3); + +nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0; +nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0; + +#line 118 + +# Regular Expressions +regexp(`Hello(!|\^\^)+', ` + ^\s*(?\.) + ( + hello[^\s\x12/][1-9]*| # Hello + bye + )\s*$ +') +"aa/aa(?=sdf sdf)ds(aa aa)df[^ a]" +"open +"text\"aaa +"filename\s\w\%(?=aa)aa" +"/path\s\w(?=aa)aa" + +u:role:type:sen:cat:other +u:role:type:sen:cat - sen:cat:other +u:role:type:s0.s1:c0 , c1 - s2.s3:c2.c3,c4:other +u:role:type:s0,other diff --git a/autotests/reference/test.te.ref b/autotests/reference/test.te.ref new file mode 100644 --- /dev/null +++ b/autotests/reference/test.te.ref @@ -0,0 +1,139 @@ +# Sample SELinux Policy
+
+##

+## Sample SELinux Policy
+##

+##
+##

+## This module is not functional,
+## but only to test the syntax highlighting.
+##

+##
+## val="true">
+## Depended on by other required modules.
+##
+
+policycap open_perms;
+module myapp 1.0;
+
+require {
+ type httpd_t;
+ type httpd_sys_content_t;
+ type initrc_t;
+ class sock_file write;
+ class unix_stream_socket connectto;
+}
+
+allow httpd_t httpd_sys_content_t:sock_file write;
+allow httpd_t initrc_t:unix_stream_socket connectto;
+
+# Refpolicy
+tunable_policy(`allow_execmem',`
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df);
+')
+# M4 Macros
+regexp(`GNUs not Unix', `\w$\w+$$', `*** \& *** \1 ***')
+ifdef(`distro_ubuntu',`
+ unconfined_domain(chkpwd_t)
+')
+
+dominance { gen_dominance(0,decr($1)) };
+neverallow user=_isolated domain=((?!isolated_app).)*
+
+allow consoletype_t self:capability { sys_admin sys_tty_config };
+allow consoletype_t self:msg { send receive };
+
+# sample for administrative user
+user jadmin roles { staff_r sysadm_r };
+# sample for regular user
+user jdoe roles { user_r };
+
+default_user process source;
+default_range process source low;
+
+sid devnull;
+sid sysctl;
+
+common file { ioctl read write create getattr setattr lock relabelfrom relabelto append map unlink link rename execute swapon quotaon mounton };
+class dir inherits file { add_name remove_name reparent search rmdir open audit_access execmod };
+class class;
+
+sensitivity s0 alias sens0;
+category c0 alias cat0;
+
+mlsconstrain dir { search read ioctl lock }
+ (( h1 dom h2 ) or ( t1 == mcsreadall ) or
+ (( t1 != mcs_constrained_type ) and (t2 == domain)));
+
+attribute_role dpkg_roles;
+roleattribute system_r dpkg_roles;
+
+role system_r types system_t;
+role_transition hello init_script_file_type system_r;
+
+level s0:c0;
+user user_u roles role_r level s1:c1 range s1:c1 - s2:c2;
+range_transition initrc_t auditd_exec_t:process s15:c0.c255 - s20;
+range_transition source target:class s1 - s2 dsd;
+range_transition source target:class s1 ;
+
+attribute filesystem_type;
+type dhcp_etc_t;
+typealias dhcp_etc_t ALIAS { etc_dhcp_t etc_dhcpc_t etc_dhcpd_t };
+
+bool le_boolean true;
+TUNABLE allow_java_execstack false;
+
+type_transition root_xdrawable_t input_xevent_t:x_event root_input_xevent_t;
+AUDITALLOW xserver_t { root_xdrawable_t x_domain }:x_drawable send;
+
+optional {
+ neverallow untrusted_app *:{ netlink_route_socket netlink_selinux_socket } ioctl;
+ neverallowxperm shell domain:{ rawip_socket tcp_socket udp_socket } ioctl priv_sock_ioctls;
+};
+
+if le_boolean {
+ DONTAUDIT untrusted_app asec_public_file:file { execute execmod };
+} else {
+ ALLOW untrusted_app perfprofd_data_file:file r_file_perms;
+ allow untrusted_app perfprofd_data_file:dir r_dir_perms;
+};
+
+sid devnull system_u:object_r:null_device_t:s0
+genfscon sysfs /devices/system/cpu/online gen_context(system_u:object_r:cpu_online_t,s0)
+genfscon rootfs / gen_context(system_u:object_r:root_t,s0)
+
+genfscon proc /cpuinfo u:object_r:proc_cpuinfo:s0
+genfscon selinuxfs / u:object_r:selinuxfs:s0
+fs_use_trans devtmpfs system_u:object_r:device_t:s0;
+fs_use_task pipefs u:object_r:pipefs:s0;
+fs_use_xattr xfs u:object_r:labeledfs:s0;
+fs_use_xattr btrfs u:object_r:labeledfs:s0;
+
+portcon tcp 80 u:object_r:http_port:s0;
+portcon udp 1024-65535 gen_context(system_u:object_r:unreserved_port_t, s0);
+netifcon $2 gen_context(system_u:object_r:$1,$3) gen_context(system_u:object_r:unlabeled_t,$3);
+
+nodecon 2001:0DB8:AC10:FE01:: 2001:0DE0:DA88:2222:: system_u:object_r:hello_t:s0;
+nodecon ipv4 127.0.0.2 255.255.255.255 system_u:object_r:node_t:s0;
+
+#line 118
+
+# Regular Expressions
+regexp(`Hello(!|\^\^)+', `
+ ^\s*(?\.)
+ (
+ hello[^\s\x12/][1-9]*| # Hello
+ bye
+ )\s*$
+')
+"aa/aa(?=sdf sdf)ds(aa aa)df[^ a]"
+"open
+"text\"aaa
+"filename\s\w\%(?=aa)aa"
+"/path\s\w(?=aa)aa"
+
+u:role:type:sen:cat:other
+u:role:type:sen:cat - sen:cat:other
+u:role:type:s0.s1:c0 , c1 - s2.s3:c2.c3,c4:other
+u:role:type:s0,other
diff --git a/data/syntax/selinux.xml b/data/syntax/selinux.xml new file mode 100644 --- /dev/null +++ b/data/syntax/selinux.xml @@ -0,0 +1,1623 @@ + + + + + + + + + + + + + + +]> + + + + + + + + + SELF + self + + + FALSE + false + TRUE + true + + + + + ALLOW + allow + NEVERALLOW + neverallow + AUDITALLOW + auditallow + AUDITDENY + auditdeny + DONTAUDIT + dontaudit + ALLOWXPERM + allowxperm + AUDITALLOWXPERM + auditallowxperm + DONTAUDITXPERM + dontauditxperm + NEVERALLOWXPERM + neverallowxperm + + + ATTRIBUTE + attribute + ATTRIBUTE_ROLE + attribute_role + BOOL + bool + CATEGORY + category + COMMON + common + DOMINANCE + dominance + EXPANDATTRIBUTE + expandattribute + MODULE + module + PERMISSIVE + permissive + ROLE + role + ROLEATTRIBUTE + roleattribute + SENSITIVITY + sensitivity + TUNABLE + tunable + TYPE + type + TYPEALIAS + typealias + TYPEATTRIBUTE + typeattribute + TYPEBOUNDS + typebounds + USER + user + + IF + if + ELSE + else + require + REQUIRE + optional + OPTIONAL + + + DEVICETREECON + devicetreecon + FS_USE_TASK + fs_use_task + FS_USE_TRANS + fs_use_trans + FS_USE_XATTR + fs_use_xattr + FSCON + fscon + GENFSCON + genfscon + IBENDPORTCON + ibendportcon + IBPKEYCON + ibpkeycon + IOMEMCON + iomemcon + IOPORTCON + ioportcon + NETIFCON + netifcon + NODECON + nodecon + PCIDEVICECON + pcidevicecon + PIRQCON + pirqcon + PORTCON + portcon + SID + sid + + + CLASS + class + + + LEVEL + level + + + + POLICYCAP + policycap + + + TYPE_CHANGE + type_change + TYPE_MEMBER + type_member + TYPE_TRANSITION + type_transition + + + ROLE_TRANSITION + role_transition + + + RANGE_TRANSITION + range_transition + + + DEFAULT_USER + default_user + DEFAULT_ROLE + default_role + DEFAULT_TYPE + default_type + + + DEFAULT_RANGE + default_range + + + CONSTRAIN + constrain + VALIDATETRANS + validatetrans + MLSCONSTRAIN + mlsconstrain + MLSVALIDATETRANS + mlsvalidatetrans + + + + + ALIAS + alias + CLONE + clone + INHERITS + inherits + ROLES + roles + TYPES + types + + + RANGE + range + + + + SOURCE + source + TARGET + target + + + SAMEUSER + sameuser + + + low-high + LOW-HIGH + high + HIGH + low + LOW + + + + OR + or + AND + and + NOT + not + xor + XOR + eq + EQ + + + eq + EQ + dom + DOM + domby + DOMBY + INCOMP + incomp + + + r1 + R1 + r2 + R2 + r3 + R3 + u1 + U1 + u2 + U2 + u3 + U3 + t1 + T1 + t2 + T2 + t3 + T3 + l1 + L1 + l2 + L2 + h1 + H1 + h2 + H2 + + + + + always_check_network + always_use_network + cgroup_seclabel + extended_socket_class + network_peer_controls + nnp_nosuid_transition + open_perms + redhat1 + + + + + accept + acceptfrom + access + acquire_svc + add + add_child + add_color + add_glyph + add_name + admin + append + associate + attach_queue + audit_access + audit_control + audit_read + audit_write + bell + bind + blend + block_suspend + call + check_context + chfn + chown + chsh + compute_av + compute_create + compute_member + compute_relabel + compute_user + connect + connectto + contains + copy + create + create_files_as + crontab + dac_override + dac_read_search + dccp_recv + dccp_send + debug + delete + destroy + disable + drop + dyntransition + egress + enable + enforce_dest + enqueue + entrypoint + execheap + execmem + execmod + execstack + execute + execute_no_trans + expand + export + force_cursor + fork + forward_in + forward_out + fowner + freeze + fsetid + get_property + get_value + getattr + getcap + getfocus + getgrp + gethost + getopt + getpgid + getpwd + getrlimit + getsched + getserv + getsession + getstat + grab + halt + hide + hide_cursor + impersonate + implement + import + ingress + insert + install + install_module + ioctl + ipc_info + ipc_lock + ipc_owner + kill + lease + link + linux_immutable + list_child + list_property + listen + load_module + load_policy + lock + mac_admin + mac_override + manage + manage_subnet + map + map_create + map_read + map_write + mknod + mmap_zero + module_load + module_request + mount + mounton + name_bind + name_connect + net_admin + net_bind_service + net_broadcast + net_raw + newconn + next_value + nlmsg_read + nlmsg_readpriv + nlmsg_relay + nlmsg_tty_audit + nlmsg_write + nnp_transition + noatsecure + node_bind + nosuid_transition + open + override + passwd + paste + paste_after_confirm + polmatch + prog_load + prog_run + ptrace + query + quotaget + quotamod + quotaon + rawip_recv + rawip_send + read + read_policy + reboot + receive + record + recv + recv_msg + recvfrom + relabelfrom + relabelto + reload + remount + remove + remove_child + remove_color + remove_glyph + remove_name + rename + reparent + rlimitinh + rmdir + rootok + saver_getattr + saver_hide + saver_setattr + saver_show + search + select + send + send_msg + sendto + set_context_mgr + set_property + set_value + setattr + setbool + setcap + setcheckreqprot + setcontext + setcurrent + setenforce + setexec + setfcap + setfocus + setfscreate + setgid + setkeycreate + setopt + setpcap + setpgid + setrlimit + setsched + setsecparam + setsockcreate + setuid + share + shmemgrp + shmemhost + shmempwd + shmemserv + show + show_cursor + shutdown + sigchld + siginh + sigkill + signal + signull + sigstop + start + status + stop + swapon + sys_admin + sys_boot + sys_chroot + sys_module + sys_nice + sys_pacct + sys_ptrace + sys_rawio + sys_resource + sys_time + sys_tty_config + syslog + syslog_console + syslog_mod + syslog_read + tcp_recv + tcp_send + transfer + transition + translate + udp_recv + udp_send + uninstall + unix_read + unix_write + unlink + unmount + update + use + use_as_override + validate_trans + view + wake_alarm + write + + + + + + add_auth + clear_uid + closeDecryptSession + consumeRights + decrypt + duplicate + exist + finalizeDecryptUnit + find + gen_unique_id + get + get_state + grant + initializeDecryptUnit + is_empty + list + openDecryptSession + password + pread + reset + set + setPlaybackStatus + sign + unlock + user_changed + verify + + + + + + ecryptfs + overlayfs + unionfs + + devtmpfs + ramfs + tmpfs + + adfs + affs + afs + apfs + apparmorfs + autofs + bdev + bfs + bpf + btrfs + cachefs + ceph + cgroup2 + cgroup + cifs + coda + coherent + configfs + cpuset + cramfs + debugfs + devfs + devpts + efs + exfat + ext2 + ext3 + ext4 + f2fs + fatx + fuse + fuseblk + fusectl + futexfs + gfs + hfs + hfsplus + hpfs + hugetlbfs + ifs + iso9660 + jffs2 + jffs + jfs + kernfs + lvm2 + minix + mqueue + msdos + ncpfs + nfs4 + nfs + nilfs2 + nilfs + ntfs-3g + ntfs + ocfs + pipefs + proc + procfs + pstore + pstorefs + qnx4 + qnx6 + reiser4 + reiserfs + romfs + rootfs + sdcardfs + securityfs + selinuxfs + shm + smbfs + sockfs + specfs + squashfs + swap + swapfs + sysfs + sysv + tracefs + ubifs + udf + ufs + umsdos + urefs + usbfs + vfat + xenix + xfs + yaffs2 + yaffs + zfs + + + functionfs + inotifyfs + labeledfs + oemfs + + + + + policy_module + gen_require + template + interface + optional_policy + gen_tunable + tunable_policy + gen_user + gen_context + gen_bool + gen_cats + gen_sens + gen_levels + mls_systemlow + mls_systemhigh + mcs_systemlow + mcs_systemhigh + mcs_allcats + ifndef + + + + + __file__ + __line__ + __program__ + builtin + changecom + changequote + changeword + debugfile + debugmode + decr + define + defn + divert + divnum + dnl + dumpdef + errprint + esyscmd + eval + format + ifdef + ifelse + include + incr + index + indir + len + m4exit + m4wrap + maketemp + mkstemp + popdef + pushdef + shift + sinclude + substr + syscmd + sysval + traceon + traceoff + translit + undefine + undivert + m4___file__ + m4___line__ + m4___program__ + m4_builtin + m4_changecom + m4_changequote + m4_changeword + m4_debugfile + m4_debugmode + m4_decr + m4_define + m4_defn + m4_divert + m4_divnum + m4_dnl + m4_dumpdef + m4_errprint + m4_esyscmd + m4_eval + m4_format + m4_ifdef + m4_ifelse + m4_include + m4_incr + m4_index + m4_indir + m4_len + m4_m4exit + m4_m4wrap + m4_maketemp + m4_mkstemp + m4_popdef + m4_pushdef + m4_shift + m4_sinclude + m4_substr + m4_syscmd + m4_sysval + m4_traceon + m4_traceoff + m4_translit + m4_undefine + m4_undivert + + + regexp + patsubst + m4_regexp + m4_patsubst + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +