diff --git a/autotests/folding/test.cil.fold b/autotests/folding/test.cil.fold
--- a/autotests/folding/test.cil.fold
+++ b/autotests/folding/test.cil.fold
@@ -62,6 +62,8 @@
(allow unconfined.process self (file (read write)))
(allow process httpd.object (file (read write)))
+(defaultrange db_table glblub)
+
; Paths
"/system/(foo|bar)/[^/]*/(hi){2,6}(.*)?"
"/pa\12th.*a+b?"
@@ -143,7 +145,8 @@
(genfscon selinuxfs / selinuxfs_context)
)
-; ioctl & call
+; ioctl & call: due to the way in which the highlighter treats the parenthesis blocks
+; (each level of different color), it is not possible to differentiate between statement and permission.
(allowx x bin_t (ioctl policy.file (range 0x1000 0x11FF))) ; ioctl kind
(ioctl read
find connectto) ; kind or permission?
diff --git a/autotests/folding/test.te.fold b/autotests/folding/test.te.fold
--- a/autotests/folding/test.te.fold
+++ b/autotests/folding/test.te.fold
@@ -29,7 +29,7 @@
# Refpolicy
tunable_policy(`allow_execmem',`
- /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df);
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,a,b);
')
# M4 Macros
regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
@@ -50,6 +50,7 @@
default_user process source;
default_range process source low;
+default_range name GLBLUB;
sid devnull;
sid sysctl;
diff --git a/autotests/html/test.cil.html b/autotests/html/test.cil.html
--- a/autotests/html/test.cil.html
+++ b/autotests/html/test.cil.html
@@ -68,6 +68,8 @@
(allow unconfined.process self (file (read write)))
(allow process httpd.object (file (read write)))
+(defaultrange db_table glblub)
+
; Paths
"/system/(foo|bar)/[^/]*/(hi){2,6}(.*)?"
"/pa\12th.*a+b?"
@@ -149,7 +151,8 @@
(genfscon selinuxfs / selinuxfs_context)
)
-; ioctl & call
+; ioctl & call: due to the way in which the highlighter treats the parenthesis blocks
+; (each level of different color), it is not possible to differentiate between statement and permission.
(allowx x bin_t (ioctl policy.file (range 0x1000 0x11FF))) ; ioctl kind
(ioctl read
find connectto) ; kind or permission?
diff --git a/autotests/html/test.te.html b/autotests/html/test.te.html
--- a/autotests/html/test.te.html
+++ b/autotests/html/test.te.html
@@ -35,7 +35,7 @@
# Refpolicy
tunable_policy(`allow_execmem',`
- /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df);
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,a,b);
')
# M4 Macros
regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
@@ -56,6 +56,7 @@
default_user process source;
default_range process source low;
+default_range name GLBLUB;
sid devnull;
sid sysctl;
diff --git a/autotests/input/test.cil b/autotests/input/test.cil
--- a/autotests/input/test.cil
+++ b/autotests/input/test.cil
@@ -62,6 +62,8 @@
(allow unconfined.process self (file (read write)))
(allow process httpd.object (file (read write)))
+(defaultrange db_table glblub)
+
; Paths
"/system/(foo|bar)/[^/]*/(hi){2,6}(.*)?"
"/pa\12th.*a+b?"
@@ -143,7 +145,8 @@
(genfscon selinuxfs / selinuxfs_context)
)
-; ioctl & call
+; ioctl & call: due to the way in which the highlighter treats the parenthesis blocks
+; (each level of different color), it is not possible to differentiate between statement and permission.
(allowx x bin_t (ioctl policy.file (range 0x1000 0x11FF))) ; ioctl kind
(ioctl read
find connectto) ; kind or permission?
diff --git a/autotests/input/test.te b/autotests/input/test.te
--- a/autotests/input/test.te
+++ b/autotests/input/test.te
@@ -29,7 +29,7 @@
# Refpolicy
tunable_policy(`allow_execmem',`
- /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df);
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,a,b);
')
# M4 Macros
regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
@@ -50,6 +50,7 @@
default_user process source;
default_range process source low;
+default_range name GLBLUB;
sid devnull;
sid sysctl;
diff --git a/autotests/reference/test.cil.ref b/autotests/reference/test.cil.ref
--- a/autotests/reference/test.cil.ref
+++ b/autotests/reference/test.cil.ref
@@ -62,6 +62,8 @@
(allow unconfined.process self (file (read write)))
(allow process httpd.object (file (read write)))
+(defaultrange db_table glblub)
+
; Paths
"/system/(foo|bar)/[^/]*/(hi){2,6}(.*)?"
"/pa\12th.*a+b?"
@@ -143,7 +145,8 @@
(genfscon selinuxfs / selinuxfs_context)
)
-; ioctl & call
+; ioctl & call: due to the way in which the highlighter treats the parenthesis blocks
+; (each level of different color), it is not possible to differentiate between statement and permission.
(allowx x bin_t (ioctl policy.file (range 0x1000 0x11FF))) ; ioctl kind
(ioctl read
find connectto) ; kind or permission?
diff --git a/autotests/reference/test.te.ref b/autotests/reference/test.te.ref
--- a/autotests/reference/test.te.ref
+++ b/autotests/reference/test.te.ref
@@ -29,7 +29,7 @@
# Refpolicy
tunable_policy(`allow_execmem',`
- /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,fdf,df);
+ /usr/share/holas(/.*)? -- gen_context(system_u:object_r:holas_t,s0,a,b);
')
# M4 Macros
regexp(`GNUs not Unix', `\w\(\w+\)$', `*** \& *** \1 ***')
@@ -50,6 +50,7 @@
default_user process source;
default_range process source low;
+default_range name GLBLUB;
sid devnull;
sid sysctl;
diff --git a/data/syntax/selinux-cil.xml b/data/syntax/selinux-cil.xml
--- a/data/syntax/selinux-cil.xml
+++ b/data/syntax/selinux-cil.xml
@@ -36,11 +36,12 @@
Based on the Scheme syntax highlighting file (scheme.xml),
created by Dominik Haumann (dhaumann@kde.org) & licensed under MIT.
- Last update: secilc 2.8
+ Last update: secilc 3.0
More details about CIL:
https://github.com/SELinuxProject/selinux/tree/master/secilc/docs
Change log:
+ * Version 5 [10-Dec-2019]: Add "glblub" keyword (defaultrange).
* Version 4 [03-Oct-2019]: Replace unnecessary WordDetect rules.
* Version 3 [02-Apr-2019]: Remove one indentation.
* Version 2 [28-Aug-2018]:
@@ -54,7 +55,7 @@
-->
- source
- target
+ - glblub
- low
- high
- low-high
@@ -372,7 +374,7 @@
-
+
diff --git a/data/syntax/selinux.xml b/data/syntax/selinux.xml
--- a/data/syntax/selinux.xml
+++ b/data/syntax/selinux.xml
@@ -21,7 +21,7 @@
==========================================================================================
This file is part of the KDE's KSyntaxHighlighting framework.
- Copyright (c) 2018 Nibaldo González S. (nibgonz@gmail.com)
+ Copyright (c) 2018-2019 Nibaldo González S. (nibgonz@gmail.com)
Permission is hereby granted, free of charge, to any person obtaining a copy of this
software and associated documentation files (the "Software"), to deal in the Software
@@ -40,7 +40,7 @@
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
==========================================================================================
- Last update: checkpolicy 2.8, Policy Version 31
+ Last update: checkpolicy 3.0
Obtained from the SELinux checkpolicy parser:
https://github.com/SELinuxProject/selinux/blob/master/checkpolicy/policy_parse.y
https://github.com/SELinuxProject/selinux/blob/master/checkpolicy/policy_scan.l
@@ -55,14 +55,17 @@
file contexts are highlighted by "selinux-fc.xml".
Change log:
+ * Version 3 [10-Dec-2019]:
+ - Add "glblub" keyword (default_range).
+ - Update permissions list.
* Version 2 [09-Sep-2018]:
- Update itemData's style for the new Solarized color schemes.
* Version 1 [28-Aug-2018, by Nibaldo González]:
- Initial version. Syntax based on checkpolicy v2.8.
-->
HIGH
- low
- LOW
+ - glblub
+ - GLBLUB
@@ -358,6 +363,7 @@
- admin
- append
- associate
+ - association
- attach_queue
- audit_access
- audit_control
@@ -454,7 +460,7 @@
- load_module
- load_policy
- lock
- - mac_admin
+ - mac_admin
- mac_override
- manage
- manage_subnet
@@ -592,20 +598,25 @@
- tcp_send
- transfer
- transition
- - translate
- udp_recv
- udp_send
- uninstall
- unix_read
- unix_write
- unlink
- unmount
+ - unused_perm
- update
- use
- use_as_override
- validate_trans
- view
- wake_alarm
+ - watch
+ - watch_mount
+ - watch_reads
+ - watch_sb
+ - watch_with_perm
- write
@@ -1277,7 +1288,7 @@
-
+