Changeset View
Changeset View
Standalone View
Standalone View
data/syntax/selinux.xml
- This file was added.
1 | <?xml version="1.0" encoding="UTF-8"?> | ||||
---|---|---|---|---|---|
2 | <!DOCTYPE language SYSTEM "language.dtd" | ||||
3 | [ | ||||
4 | <!ENTITY identifier "[a-zA-Z][\w\-]*(\.?[\w\-])*"> | ||||
5 | <!ENTITY versionIdentifier "\d+(\.[\d_\.]*)?"> | ||||
6 | <!-- Documentation --> | ||||
7 | <!ENTITY tagName "([a-zA-Z_]([\w\-\.]*\w)?:)?[a-zA-Z_]([\w\-\.]*\w)?"> | ||||
8 | <!-- PCRE 2 RegExp --> | ||||
9 | <!ENTITY specialChars "*?.+"> | ||||
10 | <!ENTITY capGroup "\?(<[\=!]|P?<\w+>|'\w+'|[\=!:>\|R&\-#])"> <!-- Capturing & Groups --> | ||||
11 | <!-- M4 Macros --> | ||||
12 | <!ENTITY m4Args "\$([1-9]\d*|0|[\#\*\@]|\{([1-9]\d*|0)\})"> | ||||
13 | <!ENTITY m4Quotes "`'‘’“”"> <!-- Default Quotes (`') & Other Common Quotes --> | ||||
14 | <!-- For File Contexts --> | ||||
15 | <!ENTITY identifierWithArg "([a-zA-Z]|&m4Args;)(\.?([\w\-]|&m4Args;))*"> | ||||
16 | <!ENTITY mlsLevel "&identifierWithArg;(:&identifierWithArg;(\s*,\s*&identifierWithArg;)*)?"> | ||||
17 | ]> | ||||
18 | | ||||
19 | <!-- | ||||
20 | SELinux Security Policies Syntax Highlighting Definition for Kate | ||||
21 | ========================================================================================== | ||||
22 | This file is part of the KDE's KSyntaxHighlighting framework. | ||||
23 | | ||||
24 | Copyright (c) 2018 Nibaldo González S. (nibgonz@gmail.com) | ||||
25 | | ||||
26 | Permission is hereby granted, free of charge, to any person obtaining a copy of this | ||||
27 | software and associated documentation files (the "Software"), to deal in the Software | ||||
28 | without restriction, including without limitation the rights to use, copy, modify, merge, | ||||
29 | publish, distribute, sublicense, and/or sell copies of the Software, and to permit | ||||
30 | persons to whom the Software is furnished to do so, subject to the following conditions: | ||||
31 | | ||||
32 | The above copyright notice and this permission notice shall be included | ||||
33 | in all copies or substantial portions of the Software. | ||||
34 | | ||||
35 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, | ||||
36 | INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A | ||||
37 | PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR | ||||
38 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN | ||||
39 | AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION | ||||
40 | WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||||
41 | ========================================================================================== | ||||
42 | | ||||
43 | Last update: checkpolicy 2.8, Policy Version 31 | ||||
44 | Obtained from the SELinux checkpolicy parser: | ||||
45 | https://github.com/SELinuxProject/selinux/blob/master/checkpolicy/policy_parse.y | ||||
46 | https://github.com/SELinuxProject/selinux/blob/master/checkpolicy/policy_scan.l | ||||
47 | More details: | ||||
48 | https://selinuxproject.org/page/PolicyLanguage#Kernel_Policy_Language | ||||
49 | https://selinuxproject.org/page/Category:Notebook | ||||
50 | | ||||
51 | NOTE: | ||||
52 | - This file depends on "selinux-cil.xml" and "selinux-fc.xml". | ||||
53 | - Only the most relevant policy build files and config. files are highlighted by | ||||
54 | default, since some have very generic names. Files with definition of | ||||
55 | file contexts are highlighted by "selinux-fc.xml". | ||||
56 | | ||||
57 | Change log: | ||||
58 | * Version 1 [28-Aug-2018, by Nibaldo González]: | ||||
59 | - Initial version. Syntax based on checkpolicy v2.8. | ||||
60 | --> | ||||
61 | | ||||
62 | <language name="SELinux Policy" | ||||
63 | version="1" | ||||
64 | kateversion="5.0" | ||||
65 | section="Sources" | ||||
66 | extensions="*.te;*.if;*.spt;policy.conf;access_vectors;mls;mcs;mls_macros;te_macros;policy_capabilities;seapp_contexts;port_contexts" | ||||
67 | priority="6" | ||||
68 | mimetype="" | ||||
69 | author="Nibaldo González (nibgonz@gmail.com)" | ||||
70 | license="MIT"> | ||||
71 | | ||||
72 | <highlighting> | ||||
73 | | ||||
74 | <list name="self"> | ||||
75 | <item>SELF</item> | ||||
76 | <item>self</item> | ||||
77 | </list> | ||||
78 | <list name="booleans"> | ||||
79 | <item>FALSE</item> | ||||
80 | <item>false</item> | ||||
81 | <item>TRUE</item> | ||||
82 | <item>true</item> | ||||
83 | </list> | ||||
84 | | ||||
85 | <!-- Statements --> | ||||
86 | <list name="statements_access"> | ||||
87 | <item>ALLOW</item> | ||||
88 | <item>allow</item> | ||||
89 | <item>NEVERALLOW</item> | ||||
90 | <item>neverallow</item> | ||||
91 | <item>AUDITALLOW</item> | ||||
92 | <item>auditallow</item> | ||||
93 | <item>AUDITDENY</item> | ||||
94 | <item>auditdeny</item> | ||||
95 | <item>DONTAUDIT</item> | ||||
96 | <item>dontaudit</item> | ||||
97 | <item>ALLOWXPERM</item> | ||||
98 | <item>allowxperm</item> | ||||
99 | <item>AUDITALLOWXPERM</item> | ||||
100 | <item>auditallowxperm</item> | ||||
101 | <item>DONTAUDITXPERM</item> | ||||
102 | <item>dontauditxperm</item> | ||||
103 | <item>NEVERALLOWXPERM</item> | ||||
104 | <item>neverallowxperm</item> | ||||
105 | </list> | ||||
106 | <list name="statements"> | ||||
107 | <item>ATTRIBUTE</item> | ||||
108 | <item>attribute</item> | ||||
109 | <item>ATTRIBUTE_ROLE</item> | ||||
110 | <item>attribute_role</item> | ||||
111 | <item>BOOL</item> | ||||
112 | <item>bool</item> | ||||
113 | <item>CATEGORY</item> | ||||
114 | <item>category</item> | ||||
115 | <item>COMMON</item> | ||||
116 | <item>common</item> | ||||
117 | <item>DOMINANCE</item> | ||||
118 | <item>dominance</item> | ||||
119 | <item>EXPANDATTRIBUTE</item> | ||||
120 | <item>expandattribute</item> | ||||
121 | <item>MODULE</item> | ||||
122 | <item>module</item> | ||||
123 | <item>PERMISSIVE</item> | ||||
124 | <item>permissive</item> | ||||
125 | <item>ROLE</item> | ||||
126 | <item>role</item> | ||||
127 | <item>ROLEATTRIBUTE</item> | ||||
128 | <item>roleattribute</item> | ||||
129 | <item>SENSITIVITY</item> | ||||
130 | <item>sensitivity</item> | ||||
131 | <item>TUNABLE</item> | ||||
132 | <item>tunable</item> | ||||
133 | <item>TYPE</item> | ||||
134 | <item>type</item> | ||||
135 | <item>TYPEALIAS</item> | ||||
136 | <item>typealias</item> | ||||
137 | <item>TYPEATTRIBUTE</item> | ||||
138 | <item>typeattribute</item> | ||||
139 | <item>TYPEBOUNDS</item> | ||||
140 | <item>typebounds</item> | ||||
141 | <item>USER</item> | ||||
142 | <item>user</item> | ||||
143 | <!-- Conditional --> | ||||
144 | <item>IF</item> | ||||
145 | <item>if</item> | ||||
146 | <item>ELSE</item> | ||||
147 | <item>else</item> | ||||
148 | <item>require</item> | ||||
149 | <item>REQUIRE</item> | ||||
150 | <item>optional</item> | ||||
151 | <item>OPTIONAL</item> | ||||
152 | </list> | ||||
153 | <list name="statements_fc"> | ||||
154 | <item>DEVICETREECON</item> | ||||
155 | <item>devicetreecon</item> | ||||
156 | <item>FS_USE_TASK</item> | ||||
157 | <item>fs_use_task</item> | ||||
158 | <item>FS_USE_TRANS</item> | ||||
159 | <item>fs_use_trans</item> | ||||
160 | <item>FS_USE_XATTR</item> | ||||
161 | <item>fs_use_xattr</item> | ||||
162 | <item>FSCON</item> | ||||
163 | <item>fscon</item> | ||||
164 | <item>GENFSCON</item> | ||||
165 | <item>genfscon</item> | ||||
166 | <item>IBENDPORTCON</item> | ||||
167 | <item>ibendportcon</item> | ||||
168 | <item>IBPKEYCON</item> | ||||
169 | <item>ibpkeycon</item> | ||||
170 | <item>IOMEMCON</item> | ||||
171 | <item>iomemcon</item> | ||||
172 | <item>IOPORTCON</item> | ||||
173 | <item>ioportcon</item> | ||||
174 | <item>NETIFCON</item> | ||||
175 | <item>netifcon</item> | ||||
176 | <item>NODECON</item> | ||||
177 | <item>nodecon</item> | ||||
178 | <item>PCIDEVICECON</item> | ||||
179 | <item>pcidevicecon</item> | ||||
180 | <item>PIRQCON</item> | ||||
181 | <item>pirqcon</item> | ||||
182 | <item>PORTCON</item> | ||||
183 | <item>portcon</item> | ||||
184 | <item>SID</item> | ||||
185 | <item>sid</item> | ||||
186 | </list> | ||||
187 | <list name="statements_def"> | ||||
188 | <item>CLASS</item> | ||||
189 | <item>class</item> | ||||
190 | </list> | ||||
191 | <list name="statements_mls_level_def"> | ||||
192 | <item>LEVEL</item> | ||||
193 | <item>level</item> | ||||
194 | </list> | ||||
195 | <!-- Statements with special contexts --> | ||||
196 | <list name="statements_policycap"> | ||||
197 | <item>POLICYCAP</item> | ||||
198 | <item>policycap</item> | ||||
199 | </list> | ||||
200 | <list name="statements_type"> | ||||
201 | <item>TYPE_CHANGE</item> | ||||
202 | <item>type_change</item> | ||||
203 | <item>TYPE_MEMBER</item> | ||||
204 | <item>type_member</item> | ||||
205 | <item>TYPE_TRANSITION</item> | ||||
206 | <item>type_transition</item> | ||||
207 | </list> | ||||
208 | <list name="statements_role_transition"> | ||||
209 | <item>ROLE_TRANSITION</item> | ||||
210 | <item>role_transition</item> | ||||
211 | </list> | ||||
212 | <list name="statements_range_transition"> | ||||
213 | <item>RANGE_TRANSITION</item> | ||||
214 | <item>range_transition</item> | ||||
215 | </list> | ||||
216 | <list name="statements_default"> | ||||
217 | <item>DEFAULT_USER</item> | ||||
218 | <item>default_user</item> | ||||
219 | <item>DEFAULT_ROLE</item> | ||||
220 | <item>default_role</item> | ||||
221 | <item>DEFAULT_TYPE</item> | ||||
222 | <item>default_type</item> | ||||
223 | </list> | ||||
224 | <list name="statements_default_range"> | ||||
225 | <item>DEFAULT_RANGE</item> | ||||
226 | <item>default_range</item> | ||||
227 | </list> | ||||
228 | <list name="statements_cexpr"> | ||||
229 | <item>CONSTRAIN</item> | ||||
230 | <item>constrain</item> | ||||
231 | <item>VALIDATETRANS</item> | ||||
232 | <item>validatetrans</item> | ||||
233 | <item>MLSCONSTRAIN</item> | ||||
234 | <item>mlsconstrain</item> | ||||
235 | <item>MLSVALIDATETRANS</item> | ||||
236 | <item>mlsvalidatetrans</item> | ||||
237 | </list> | ||||
238 | | ||||
239 | <!-- Other reserved keywords --> | ||||
240 | <list name="keywords"> | ||||
241 | <item>ALIAS</item> | ||||
242 | <item>alias</item> | ||||
243 | <item>CLONE</item> <!-- Deprecated --> | ||||
244 | <item>clone</item> | ||||
245 | <item>INHERITS</item> | ||||
246 | <item>inherits</item> | ||||
247 | <item>ROLES</item> | ||||
248 | <item>roles</item> | ||||
249 | <item>TYPES</item> | ||||
250 | <item>types</item> | ||||
251 | </list> | ||||
252 | <list name="mls_range_def"> | ||||
253 | <item>RANGE</item> | ||||
254 | <item>range</item> | ||||
255 | </list> | ||||
256 | | ||||
257 | <list name="source_target"> | ||||
258 | <item>SOURCE</item> | ||||
259 | <item>source</item> | ||||
260 | <item>TARGET</item> | ||||
261 | <item>target</item> | ||||
262 | </list> | ||||
263 | <list name="sameuser"> | ||||
264 | <item>SAMEUSER</item> | ||||
265 | <item>sameuser</item> | ||||
266 | </list> | ||||
267 | <list name="range"> | ||||
268 | <item>low-high</item> | ||||
269 | <item>LOW-HIGH</item> | ||||
270 | <item>high</item> | ||||
271 | <item>HIGH</item> | ||||
272 | <item>low</item> | ||||
273 | <item>LOW</item> | ||||
274 | </list> | ||||
275 | | ||||
276 | <list name="cond_operators"> | ||||
277 | <item>OR</item> | ||||
278 | <item>or</item> | ||||
279 | <item>AND</item> | ||||
280 | <item>and</item> | ||||
281 | <item>NOT</item> | ||||
282 | <item>not</item> | ||||
283 | <item>xor</item> | ||||
284 | <item>XOR</item> | ||||
285 | <item>eq</item> | ||||
286 | <item>EQ</item> | ||||
287 | </list> | ||||
288 | <list name="cexpr_operators"> | ||||
289 | <item>eq</item> | ||||
290 | <item>EQ</item> | ||||
291 | <item>dom</item> | ||||
292 | <item>DOM</item> | ||||
293 | <item>domby</item> | ||||
294 | <item>DOMBY</item> | ||||
295 | <item>INCOMP</item> | ||||
296 | <item>incomp</item> | ||||
297 | </list> | ||||
298 | <list name="cexpr_keywords"> | ||||
299 | <item>r1</item> | ||||
300 | <item>R1</item> | ||||
301 | <item>r2</item> | ||||
302 | <item>R2</item> | ||||
303 | <item>r3</item> | ||||
304 | <item>R3</item> | ||||
305 | <item>u1</item> | ||||
306 | <item>U1</item> | ||||
307 | <item>u2</item> | ||||
308 | <item>U2</item> | ||||
309 | <item>u3</item> | ||||
310 | <item>U3</item> | ||||
311 | <item>t1</item> | ||||
312 | <item>T1</item> | ||||
313 | <item>t2</item> | ||||
314 | <item>T2</item> | ||||
315 | <item>t3</item> | ||||
316 | <item>T3</item> | ||||
317 | <item>l1</item> | ||||
318 | <item>L1</item> | ||||
319 | <item>l2</item> | ||||
320 | <item>L2</item> | ||||
321 | <item>h1</item> | ||||
322 | <item>H1</item> | ||||
323 | <item>h2</item> | ||||
324 | <item>H2</item> | ||||
325 | </list> | ||||
326 | | ||||
327 | <!-- Policy Capabilities: /sys/fs/selinux/policy_capabilities/ | ||||
328 | More details: https://selinuxproject.org/page/NB_LSM#SELinux_Filesystem --> | ||||
329 | <list name="policy_capabilities"> | ||||
330 | <item>always_check_network</item> | ||||
331 | <item>always_use_network</item> | ||||
332 | <item>cgroup_seclabel</item> | ||||
333 | <item>extended_socket_class</item> | ||||
334 | <item>network_peer_controls</item> | ||||
335 | <item>nnp_nosuid_transition</item> | ||||
336 | <item>open_perms</item> | ||||
337 | <item>redhat1</item> | ||||
338 | </list> | ||||
339 | | ||||
340 | <!-- Access Vectors Permissions. | ||||
341 | More details: | ||||
342 | https://selinuxproject.org/page/ObjectClassesPerms | ||||
343 | Permissions & Classes: | ||||
344 | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/security/selinux/include/classmap.h | ||||
345 | https://github.com/SELinuxProject/refpolicy/blob/master/policy/flask/access_vectors --> | ||||
346 | <list name="av_permissions"> | ||||
347 | <item>accept</item> | ||||
348 | <item>acceptfrom</item> | ||||
349 | <item>access</item> | ||||
350 | <item>acquire_svc</item> | ||||
351 | <item>add</item> | ||||
352 | <item>add_child</item> | ||||
353 | <item>add_color</item> | ||||
354 | <item>add_glyph</item> | ||||
355 | <item>add_name</item> | ||||
356 | <item>admin</item> | ||||
357 | <item>append</item> | ||||
358 | <item>associate</item> | ||||
359 | <item>attach_queue</item> | ||||
360 | <item>audit_access</item> | ||||
361 | <item>audit_control</item> | ||||
362 | <item>audit_read</item> | ||||
363 | <item>audit_write</item> | ||||
364 | <item>bell</item> | ||||
365 | <item>bind</item> | ||||
366 | <item>blend</item> | ||||
367 | <item>block_suspend</item> | ||||
368 | <item>call</item> | ||||
369 | <item>check_context</item> | ||||
370 | <item>chfn</item> | ||||
371 | <item>chown</item> | ||||
372 | <item>chsh</item> | ||||
373 | <item>compute_av</item> | ||||
374 | <item>compute_create</item> | ||||
375 | <item>compute_member</item> | ||||
376 | <item>compute_relabel</item> | ||||
377 | <item>compute_user</item> | ||||
378 | <item>connect</item> | ||||
379 | <item>connectto</item> | ||||
380 | <item>contains</item> | ||||
381 | <item>copy</item> | ||||
382 | <item>create</item> | ||||
383 | <item>create_files_as</item> | ||||
384 | <item>crontab</item> | ||||
385 | <item>dac_override</item> | ||||
386 | <item>dac_read_search</item> | ||||
387 | <item>dccp_recv</item> | ||||
388 | <item>dccp_send</item> | ||||
389 | <item>debug</item> | ||||
390 | <item>delete</item> | ||||
391 | <item>destroy</item> | ||||
392 | <item>disable</item> | ||||
393 | <item>drop</item> | ||||
394 | <item>dyntransition</item> | ||||
395 | <item>egress</item> | ||||
396 | <item>enable</item> | ||||
397 | <item>enforce_dest</item> | ||||
398 | <item>enqueue</item> | ||||
399 | <item>entrypoint</item> | ||||
400 | <item>execheap</item> | ||||
401 | <item>execmem</item> | ||||
402 | <item>execmod</item> | ||||
403 | <item>execstack</item> | ||||
404 | <item>execute</item> | ||||
405 | <item>execute_no_trans</item> | ||||
406 | <item>expand</item> | ||||
407 | <item>export</item> | ||||
408 | <item>force_cursor</item> | ||||
409 | <item>fork</item> | ||||
410 | <item>forward_in</item> | ||||
411 | <item>forward_out</item> | ||||
412 | <item>fowner</item> | ||||
413 | <item>freeze</item> | ||||
414 | <item>fsetid</item> | ||||
415 | <item>get_property</item> | ||||
416 | <item>get_value</item> | ||||
417 | <item>getattr</item> | ||||
418 | <item>getcap</item> | ||||
419 | <item>getfocus</item> | ||||
420 | <item>getgrp</item> | ||||
421 | <item>gethost</item> | ||||
422 | <item>getopt</item> | ||||
423 | <item>getpgid</item> | ||||
424 | <item>getpwd</item> | ||||
425 | <item>getrlimit</item> | ||||
426 | <item>getsched</item> | ||||
427 | <item>getserv</item> | ||||
428 | <item>getsession</item> | ||||
429 | <item>getstat</item> | ||||
430 | <item>grab</item> | ||||
431 | <item>halt</item> | ||||
432 | <item>hide</item> | ||||
433 | <item>hide_cursor</item> | ||||
434 | <item>impersonate</item> | ||||
435 | <item>implement</item> | ||||
436 | <item>import</item> | ||||
437 | <item>ingress</item> | ||||
438 | <item>insert</item> | ||||
439 | <item>install</item> | ||||
440 | <item>install_module</item> | ||||
441 | <item>ioctl</item> | ||||
442 | <item>ipc_info</item> | ||||
443 | <item>ipc_lock</item> | ||||
444 | <item>ipc_owner</item> | ||||
445 | <item>kill</item> | ||||
446 | <item>lease</item> | ||||
447 | <item>link</item> | ||||
448 | <item>linux_immutable</item> | ||||
449 | <item>list_child</item> | ||||
450 | <item>list_property</item> | ||||
451 | <item>listen</item> | ||||
452 | <item>load_module</item> | ||||
453 | <item>load_policy</item> | ||||
454 | <item>lock</item> | ||||
455 | <item>mac_admin</item> <!-- Unused by SELinux --> | ||||
456 | <item>mac_override</item> <!-- Unused by SELinux --> | ||||
457 | <item>manage</item> | ||||
458 | <item>manage_subnet</item> | ||||
459 | <item>map</item> | ||||
460 | <item>map_create</item> | ||||
461 | <item>map_read</item> | ||||
462 | <item>map_write</item> | ||||
463 | <item>mknod</item> | ||||
464 | <item>mmap_zero</item> | ||||
465 | <item>module_load</item> | ||||
466 | <item>module_request</item> | ||||
467 | <item>mount</item> | ||||
468 | <item>mounton</item> | ||||
469 | <item>name_bind</item> | ||||
470 | <item>name_connect</item> | ||||
471 | <item>net_admin</item> | ||||
472 | <item>net_bind_service</item> | ||||
473 | <item>net_broadcast</item> | ||||
474 | <item>net_raw</item> | ||||
475 | <item>newconn</item> | ||||
476 | <item>next_value</item> | ||||
477 | <item>nlmsg_read</item> | ||||
478 | <item>nlmsg_readpriv</item> | ||||
479 | <item>nlmsg_relay</item> | ||||
480 | <item>nlmsg_tty_audit</item> | ||||
481 | <item>nlmsg_write</item> | ||||
482 | <item>nnp_transition</item> | ||||
483 | <item>noatsecure</item> | ||||
484 | <item>node_bind</item> | ||||
485 | <item>nosuid_transition</item> | ||||
486 | <item>open</item> | ||||
487 | <item>override</item> | ||||
488 | <item>passwd</item> | ||||
489 | <item>paste</item> | ||||
490 | <item>paste_after_confirm</item> | ||||
491 | <item>polmatch</item> | ||||
492 | <item>prog_load</item> | ||||
493 | <item>prog_run</item> | ||||
494 | <item>ptrace</item> | ||||
495 | <item>query</item> | ||||
496 | <item>quotaget</item> | ||||
497 | <item>quotamod</item> | ||||
498 | <item>quotaon</item> | ||||
499 | <item>rawip_recv</item> | ||||
500 | <item>rawip_send</item> | ||||
501 | <item>read</item> | ||||
502 | <item>read_policy</item> | ||||
503 | <item>reboot</item> | ||||
504 | <item>receive</item> | ||||
505 | <item>record</item> | ||||
506 | <item>recv</item> | ||||
507 | <item>recv_msg</item> | ||||
508 | <item>recvfrom</item> | ||||
509 | <item>relabelfrom</item> | ||||
510 | <item>relabelto</item> | ||||
511 | <item>reload</item> | ||||
512 | <item>remount</item> | ||||
513 | <item>remove</item> | ||||
514 | <item>remove_child</item> | ||||
515 | <item>remove_color</item> | ||||
516 | <item>remove_glyph</item> | ||||
517 | <item>remove_name</item> | ||||
518 | <item>rename</item> | ||||
519 | <item>reparent</item> | ||||
520 | <item>rlimitinh</item> | ||||
521 | <item>rmdir</item> | ||||
522 | <item>rootok</item> | ||||
523 | <item>saver_getattr</item> | ||||
524 | <item>saver_hide</item> | ||||
525 | <item>saver_setattr</item> | ||||
526 | <item>saver_show</item> | ||||
527 | <item>search</item> | ||||
528 | <item>select</item> | ||||
529 | <item>send</item> | ||||
530 | <item>send_msg</item> | ||||
531 | <item>sendto</item> | ||||
532 | <item>set_context_mgr</item> | ||||
533 | <item>set_property</item> | ||||
534 | <item>set_value</item> | ||||
535 | <item>setattr</item> | ||||
536 | <item>setbool</item> | ||||
537 | <item>setcap</item> | ||||
538 | <item>setcheckreqprot</item> | ||||
539 | <item>setcontext</item> | ||||
540 | <item>setcurrent</item> | ||||
541 | <item>setenforce</item> | ||||
542 | <item>setexec</item> | ||||
543 | <item>setfcap</item> | ||||
544 | <item>setfocus</item> | ||||
545 | <item>setfscreate</item> | ||||
546 | <item>setgid</item> | ||||
547 | <item>setkeycreate</item> | ||||
548 | <item>setopt</item> | ||||
549 | <item>setpcap</item> | ||||
550 | <item>setpgid</item> | ||||
551 | <item>setrlimit</item> | ||||
552 | <item>setsched</item> | ||||
553 | <item>setsecparam</item> | ||||
554 | <item>setsockcreate</item> | ||||
555 | <item>setuid</item> | ||||
556 | <item>share</item> | ||||
557 | <item>shmemgrp</item> | ||||
558 | <item>shmemhost</item> | ||||
559 | <item>shmempwd</item> | ||||
560 | <item>shmemserv</item> | ||||
561 | <item>show</item> | ||||
562 | <item>show_cursor</item> | ||||
563 | <item>shutdown</item> | ||||
564 | <item>sigchld</item> | ||||
565 | <item>siginh</item> | ||||
566 | <item>sigkill</item> | ||||
567 | <item>signal</item> | ||||
568 | <item>signull</item> | ||||
569 | <item>sigstop</item> | ||||
570 | <item>start</item> | ||||
571 | <item>status</item> | ||||
572 | <item>stop</item> | ||||
573 | <item>swapon</item> | ||||
574 | <item>sys_admin</item> | ||||
575 | <item>sys_boot</item> | ||||
576 | <item>sys_chroot</item> | ||||
577 | <item>sys_module</item> | ||||
578 | <item>sys_nice</item> | ||||
579 | <item>sys_pacct</item> | ||||
580 | <item>sys_ptrace</item> | ||||
581 | <item>sys_rawio</item> | ||||
582 | <item>sys_resource</item> | ||||
583 | <item>sys_time</item> | ||||
584 | <item>sys_tty_config</item> | ||||
585 | <item>syslog</item> | ||||
586 | <item>syslog_console</item> | ||||
587 | <item>syslog_mod</item> | ||||
588 | <item>syslog_read</item> | ||||
589 | <item>tcp_recv</item> | ||||
590 | <item>tcp_send</item> | ||||
591 | <item>transfer</item> | ||||
592 | <item>transition</item> | ||||
593 | <item>translate</item> | ||||
594 | <item>udp_recv</item> | ||||
595 | <item>udp_send</item> | ||||
596 | <item>uninstall</item> | ||||
597 | <item>unix_read</item> | ||||
598 | <item>unix_write</item> | ||||
599 | <item>unlink</item> | ||||
600 | <item>unmount</item> | ||||
601 | <item>update</item> | ||||
602 | <item>use</item> | ||||
603 | <item>use_as_override</item> | ||||
604 | <item>validate_trans</item> | ||||
605 | <item>view</item> | ||||
606 | <item>wake_alarm</item> | ||||
607 | <item>write</item> | ||||
608 | <!-- Deprecated: flow_in, flow_out, get_param, set_param --> | ||||
609 | </list> | ||||
610 | | ||||
611 | <!-- Additional AV Permissions for Android. | ||||
612 | Permissions & Classes: | ||||
613 | https://android.googlesource.com/platform/system/sepolicy/+/master/private/access_vectors | ||||
614 | https://android.googlesource.com/platform/system/security/+/master/keystore/permissions.cpp | ||||
615 | More details: | ||||
616 | https://selinuxproject.org/page/NB_SEforAndroid_1#Android_Classes_and_Permissions --> | ||||
617 | <list name="av_permissions_android"> | ||||
618 | <item>add_auth</item> | ||||
619 | <item>clear_uid</item> | ||||
620 | <item>closeDecryptSession</item> | ||||
621 | <item>consumeRights</item> | ||||
622 | <item>decrypt</item> | ||||
623 | <item>duplicate</item> | ||||
624 | <item>exist</item> | ||||
625 | <item>finalizeDecryptUnit</item> | ||||
626 | <item>find</item> | ||||
627 | <item>gen_unique_id</item> | ||||
628 | <item>get</item> | ||||
629 | <item>get_state</item> | ||||
630 | <item>grant</item> | ||||
631 | <item>initializeDecryptUnit</item> | ||||
632 | <item>is_empty</item> | ||||
633 | <item>list</item> | ||||
634 | <item>openDecryptSession</item> | ||||
635 | <item>password</item> | ||||
636 | <item>pread</item> | ||||
637 | <item>reset</item> | ||||
638 | <item>set</item> | ||||
639 | <item>setPlaybackStatus</item> | ||||
640 | <item>sign</item> | ||||
641 | <item>unlock</item> | ||||
642 | <item>user_changed</item> | ||||
643 | <item>verify</item> | ||||
644 | </list> | ||||
645 | | ||||
646 | <!-- FS & VFS Types --> | ||||
647 | <list name="filesystem"> | ||||
648 | <!-- Stackable FS --> | ||||
649 | <item>ecryptfs</item> | ||||
650 | <item>overlayfs</item> | ||||
651 | <item>unionfs</item> | ||||
652 | <!-- Specialpurpose FS --> | ||||
653 | <item>devtmpfs</item> | ||||
654 | <item>ramfs</item> | ||||
655 | <item>tmpfs</item> | ||||
656 | <!-- Block-based, Network & Pseudo FS --> | ||||
657 | <item>adfs</item> | ||||
658 | <item>affs</item> | ||||
659 | <item>afs</item> | ||||
660 | <item>apfs</item> | ||||
661 | <item>apparmorfs</item> | ||||
662 | <item>autofs</item> | ||||
663 | <item>bdev</item> | ||||
664 | <item>bfs</item> | ||||
665 | <item>bpf</item> | ||||
666 | <item>btrfs</item> | ||||
667 | <item>cachefs</item> | ||||
668 | <item>ceph</item> | ||||
669 | <item>cgroup2</item> | ||||
670 | <item>cgroup</item> | ||||
671 | <item>cifs</item> | ||||
672 | <item>coda</item> | ||||
673 | <item>coherent</item> | ||||
674 | <item>configfs</item> | ||||
675 | <item>cpuset</item> | ||||
676 | <item>cramfs</item> | ||||
677 | <item>debugfs</item> | ||||
678 | <item>devfs</item> | ||||
679 | <item>devpts</item> | ||||
680 | <item>efs</item> | ||||
681 | <item>exfat</item> | ||||
682 | <item>ext2</item> | ||||
683 | <item>ext3</item> | ||||
684 | <item>ext4</item> | ||||
685 | <item>f2fs</item> | ||||
686 | <item>fatx</item> | ||||
687 | <item>fuse</item> | ||||
688 | <item>fuseblk</item> | ||||
689 | <item>fusectl</item> | ||||
690 | <item>futexfs</item> | ||||
691 | <item>gfs</item> | ||||
692 | <item>hfs</item> | ||||
693 | <item>hfsplus</item> | ||||
694 | <item>hpfs</item> | ||||
695 | <item>hugetlbfs</item> | ||||
696 | <item>ifs</item> | ||||
697 | <item>iso9660</item> | ||||
698 | <item>jffs2</item> | ||||
699 | <item>jffs</item> | ||||
700 | <item>jfs</item> | ||||
701 | <item>kernfs</item> | ||||
702 | <item>lvm2</item> | ||||
703 | <item>minix</item> | ||||
704 | <item>mqueue</item> | ||||
705 | <item>msdos</item> | ||||
706 | <item>ncpfs</item> | ||||
707 | <item>nfs4</item> | ||||
708 | <item>nfs</item> | ||||
709 | <item>nilfs2</item> | ||||
710 | <item>nilfs</item> | ||||
711 | <item>ntfs-3g</item> | ||||
712 | <item>ntfs</item> | ||||
713 | <item>ocfs</item> | ||||
714 | <item>pipefs</item> | ||||
715 | <item>proc</item> | ||||
716 | <item>procfs</item> | ||||
717 | <item>pstore</item> | ||||
718 | <item>pstorefs</item> | ||||
719 | <item>qnx4</item> | ||||
720 | <item>qnx6</item> | ||||
721 | <item>reiser4</item> | ||||
722 | <item>reiserfs</item> | ||||
723 | <item>romfs</item> | ||||
724 | <item>rootfs</item> | ||||
725 | <item>sdcardfs</item> | ||||
726 | <item>securityfs</item> | ||||
727 | <item>selinuxfs</item> | ||||
728 | <item>shm</item> | ||||
729 | <item>smbfs</item> | ||||
730 | <item>sockfs</item> | ||||
731 | <item>specfs</item> | ||||
732 | <item>squashfs</item> | ||||
733 | <item>swap</item> | ||||
734 | <item>swapfs</item> | ||||
735 | <item>sysfs</item> | ||||
736 | <item>sysv</item> | ||||
737 | <item>tracefs</item> | ||||
738 | <item>ubifs</item> | ||||
739 | <item>udf</item> | ||||
740 | <item>ufs</item> | ||||
741 | <item>umsdos</item> | ||||
742 | <item>urefs</item> | ||||
743 | <item>usbfs</item> | ||||
744 | <item>vfat</item> | ||||
745 | <item>xenix</item> | ||||
746 | <item>xfs</item> | ||||
747 | <item>yaffs2</item> | ||||
748 | <item>yaffs</item> | ||||
749 | <item>zfs</item> | ||||
750 | <!-- Not included: ext, usbdevfs, xiafs --> | ||||
751 | <!-- Others --> | ||||
752 | <item>functionfs</item> | ||||
753 | <item>inotifyfs</item> | ||||
754 | <item>labeledfs</item> | ||||
755 | <item>oemfs</item> | ||||
756 | </list> | ||||
757 | | ||||
758 | <!-- Keywords/Functions provided by SELinux Reference Policy --> | ||||
759 | <list name="refpolicy_keywords"> | ||||
760 | <item>policy_module</item> | ||||
761 | <item>gen_require</item> | ||||
762 | <item>template</item> | ||||
763 | <item>interface</item> | ||||
764 | <item>optional_policy</item> | ||||
765 | <item>gen_tunable</item> | ||||
766 | <item>tunable_policy</item> | ||||
767 | <item>gen_user</item> | ||||
768 | <item>gen_context</item> | ||||
769 | <item>gen_bool</item> | ||||
770 | <item>gen_cats</item> | ||||
771 | <item>gen_sens</item> | ||||
772 | <item>gen_levels</item> | ||||
773 | <item>mls_systemlow</item> | ||||
774 | <item>mls_systemhigh</item> | ||||
775 | <item>mcs_systemlow</item> | ||||
776 | <item>mcs_systemhigh</item> | ||||
777 | <item>mcs_allcats</item> | ||||
778 | <item>ifndef</item> | ||||
779 | </list> | ||||
780 | | ||||
781 | <!-- M4 Built-in Keywords (obtained from "m4.xml") --> | ||||
782 | <list name="m4_builtin"> | ||||
783 | <item>__file__</item> | ||||
784 | <item>__line__</item> | ||||
785 | <item>__program__</item> | ||||
786 | <item>builtin</item> | ||||
787 | <item>changecom</item> | ||||
788 | <item>changequote</item> | ||||
789 | <item>changeword</item> | ||||
790 | <item>debugfile</item> | ||||
791 | <item>debugmode</item> | ||||
792 | <item>decr</item> | ||||
793 | <item>define</item> | ||||
794 | <item>defn</item> | ||||
795 | <item>divert</item> | ||||
796 | <item>divnum</item> | ||||
797 | <item>dnl</item> | ||||
798 | <item>dumpdef</item> | ||||
799 | <item>errprint</item> | ||||
800 | <item>esyscmd</item> | ||||
801 | <item>eval</item> | ||||
802 | <item>format</item> | ||||
803 | <item>ifdef</item> | ||||
804 | <item>ifelse</item> | ||||
805 | <item>include</item> | ||||
806 | <item>incr</item> | ||||
807 | <item>index</item> | ||||
808 | <item>indir</item> | ||||
809 | <item>len</item> | ||||
810 | <item>m4exit</item> | ||||
811 | <item>m4wrap</item> | ||||
812 | <item>maketemp</item> | ||||
813 | <item>mkstemp</item> | ||||
814 | <item>popdef</item> | ||||
815 | <item>pushdef</item> | ||||
816 | <item>shift</item> | ||||
817 | <item>sinclude</item> | ||||
818 | <item>substr</item> | ||||
819 | <item>syscmd</item> | ||||
820 | <item>sysval</item> | ||||
821 | <item>traceon</item> | ||||
822 | <item>traceoff</item> | ||||
823 | <item>translit</item> | ||||
824 | <item>undefine</item> | ||||
825 | <item>undivert</item> | ||||
826 | <item>m4___file__</item> | ||||
827 | <item>m4___line__</item> | ||||
828 | <item>m4___program__</item> | ||||
829 | <item>m4_builtin</item> | ||||
830 | <item>m4_changecom</item> | ||||
831 | <item>m4_changequote</item> | ||||
832 | <item>m4_changeword</item> | ||||
833 | <item>m4_debugfile</item> | ||||
834 | <item>m4_debugmode</item> | ||||
835 | <item>m4_decr</item> | ||||
836 | <item>m4_define</item> | ||||
837 | <item>m4_defn</item> | ||||
838 | <item>m4_divert</item> | ||||
839 | <item>m4_divnum</item> | ||||
840 | <item>m4_dnl</item> | ||||
841 | <item>m4_dumpdef</item> | ||||
842 | <item>m4_errprint</item> | ||||
843 | <item>m4_esyscmd</item> | ||||
844 | <item>m4_eval</item> | ||||
845 | <item>m4_format</item> | ||||
846 | <item>m4_ifdef</item> | ||||
847 | <item>m4_ifelse</item> | ||||
848 | <item>m4_include</item> | ||||
849 | <item>m4_incr</item> | ||||
850 | <item>m4_index</item> | ||||
851 | <item>m4_indir</item> | ||||
852 | <item>m4_len</item> | ||||
853 | <item>m4_m4exit</item> | ||||
854 | <item>m4_m4wrap</item> | ||||
855 | <item>m4_maketemp</item> | ||||
856 | <item>m4_mkstemp</item> | ||||
857 | <item>m4_popdef</item> | ||||
858 | <item>m4_pushdef</item> | ||||
859 | <item>m4_shift</item> | ||||
860 | <item>m4_sinclude</item> | ||||
861 | <item>m4_substr</item> | ||||
862 | <item>m4_syscmd</item> | ||||
863 | <item>m4_sysval</item> | ||||
864 | <item>m4_traceon</item> | ||||
865 | <item>m4_traceoff</item> | ||||
866 | <item>m4_translit</item> | ||||
867 | <item>m4_undefine</item> | ||||
868 | <item>m4_undivert</item> | ||||
869 | </list> | ||||
870 | <list name="m4_builtin_regexp"> | ||||
871 | <item>regexp</item> | ||||
872 | <item>patsubst</item> | ||||
873 | <item>m4_regexp</item> | ||||
874 | <item>m4_patsubst</item> | ||||
875 | </list> | ||||
876 | | ||||
877 | <contexts> | ||||
878 | | ||||
879 | <context name="_normal" attribute="Normal Text" lineEndContext="#stay"> | ||||
880 | <IncludeRules context="_m4_preprocessor"/> | ||||
881 | <IncludeRules context="_find_all_comments"/> | ||||
882 | <IncludeRules context="_m4_special_arguments"/> | ||||
883 | | ||||
884 | <!-- Content Quoted (M4). | ||||
885 | NOTE: The default quotes (`text') are highlighted, | ||||
886 | but another type of quotation mark can be used. --> | ||||
887 | <IncludeRules context="_m4_string_simple"/> <!-- `simple text' --> | ||||
888 | <IncludeRules context="_m4_quotes"/> <!-- &m4Quotes; --> | ||||
889 | | ||||
890 | <DetectChar context="_quoted" attribute="Text Quoted" char="""/> | ||||
891 | <DetectChar context="_path" attribute="Path" char="/"/> | ||||
892 | <RegExpr context="_input_sel" attribute="Input Selector" String="\b&identifier;(?=\s*\=\s*[^\s\=,;\}\)\]#!\^:])"/> | ||||
893 | | ||||
894 | <!-- Keywords & Statements --> | ||||
895 | <keyword context="#stay" attribute="Booleans" String="booleans"/> | ||||
896 | <keyword context="#stay" attribute="Special Keys" String="self"/> | ||||
897 | <keyword context="_statement_policycap" attribute="Policy Config. Statements" String="statements_policycap"/> | ||||
898 | <!-- Highlight class --> | ||||
899 | <keyword context="_statement_find_class" attribute="Access Keys" String="statements_access"/> | ||||
900 | <keyword context="_statement_find_class" attribute="Statements" String="statements_type"/> | ||||
901 | <keyword context="_statement_find_class" attribute="Statements" String="statements_role_transition"/> | ||||
902 | <!-- Special contexts in statements --> | ||||
903 | <keyword context="_statement_range_transition" attribute="Statements" String="statements_range_transition"/> | ||||
904 | <keyword context="_statement_default" attribute="Statements" String="statements_default"/> | ||||
905 | <keyword context="_statement_default_range" attribute="Statements" String="statements_default_range"/> | ||||
906 | <keyword context="_statement_cexpr" attribute="Statements" String="statements_cexpr"/> | ||||
907 | <!-- Detect identifier after statement --> | ||||
908 | <keyword context="_find_identifier" attribute="Statements" String="statements_def"/> | ||||
909 | <keyword context="_find_mls_level" attribute="Statements" String="statements_mls_level_def"/> | ||||
910 | <keyword context="_find_mls_level_range" attribute="Statements" String="mls_range_def"/> | ||||
911 | | ||||
912 | <keyword context="#stay" attribute="Statements" String="statements"/> | ||||
913 | <keyword context="#stay" attribute="Statements" String="statements_fc"/> | ||||
914 | <keyword context="#stay" attribute="Statements" String="keywords"/> | ||||
915 | <keyword context="#stay" attribute="Expression Keys" String="cond_operators"/> | ||||
916 | | ||||
917 | <!-- Keywords/Functions of M4 & Reference Policy --> | ||||
918 | <WordDetect context="_function_gen_context" attribute="Refpolicy Keywords" String="gen_context"/> | ||||
919 | <IncludeRules context="_refpolicy_keywords"/> | ||||
920 | <IncludeRules context="_m4_builtin_keywords"/> | ||||
921 | <RegExpr context="#stay" attribute="Function" String="\b&identifier;(?=\()"/> | ||||
922 | | ||||
923 | <!-- IP Addresses --> | ||||
924 | <IncludeRules context="_ip_addr"/> | ||||
925 | | ||||
926 | <!-- Keywords: Access Vectors Permissions & Filesystem --> | ||||
927 | <IncludeRules context="_av_permissions"/> | ||||
928 | <IncludeRules context="_filesystem"/> | ||||
929 | | ||||
930 | <!-- Boolean Operators --> | ||||
931 | <Detect2Chars context="#stay" attribute="Boolean Operators" char="=" char1="="/> | ||||
932 | <Detect2Chars context="#stay" attribute="Boolean Operators" char="!" char1="="/> | ||||
933 | <Detect2Chars context="#stay" attribute="Boolean Operators" char="&" char1="&"/> | ||||
934 | <Detect2Chars context="#stay" attribute="Boolean Operators" char="|" char1="|"/> | ||||
935 | <AnyChar context="#stay" attribute="Boolean Operators" String="!^"/> | ||||
936 | | ||||
937 | <!-- Symbols/Operators --> | ||||
938 | <DetectChar context="#stay" attribute="Operator" char="{" beginRegion="Bracket"/> | ||||
939 | <DetectChar context="#stay" attribute="Operator" char="}" endRegion="Bracket"/> | ||||
940 | <DetectChar context="#stay" char="(" beginRegion="ParenthesesBlock"/> | ||||
941 | <DetectChar context="#stay" char=")" endRegion="ParenthesesBlock"/> | ||||
942 | | ||||
943 | <Detect2Chars context="#stay" attribute="Operator" char="-" char1=">"/> | ||||
944 | <AnyChar context="#stay" attribute="Operator" String="~[]"/> | ||||
945 | <AnyChar context="#stay" attribute="Symbol" String=",;:-"/> | ||||
946 | | ||||
947 | <IncludeRules context="_common_special_char"/> | ||||
948 | <IncludeRules context="_line_continue_escape"/> | ||||
949 | | ||||
950 | <!-- File Contexts --> | ||||
951 | <RegExpr context="_file_contexts" attribute="File Contexts" String="\b&identifierWithArg;(:&identifierWithArg;){2}(:&mlsLevel;(\s*\-\s*&mlsLevel;)?)?\b" lookAhead="true"/> | ||||
952 | | ||||
953 | <!-- This avoids highlighting numbers in identifiers --> | ||||
954 | <RegExpr context="#stay" String="&identifier;"/> | ||||
955 | <!-- Numbers --> | ||||
956 | <RegExpr context="#stay" attribute="Number" String="\b&versionIdentifier;"/> | ||||
957 | <HlCHex context="#stay" attribute="Hexadecimal"/> | ||||
958 | <Float context="#stay" attribute="Number"/> | ||||
959 | <Int context="#stay" attribute="Number"/> | ||||
960 | | ||||
961 | <RegExpr context="#stay" attribute="Reserved Keywords" String="(\s|^)\-[bcdpls\-](?=\s|$)"/> | ||||
962 | <DetectChar context="#stay" attribute="Symbol" char="."/> | ||||
963 | </context> | ||||
964 | | ||||
965 | <!-- Statements --> | ||||
966 | | ||||
967 | <!-- Highlight class after ":", in some statements --> | ||||
968 | <context name="_statement_find_class" attribute="Normal Text" lineEndContext="#stay"> | ||||
969 | <DetectChar context="#pop!_class" attribute="Symbol" char=":"/> | ||||
970 | <DetectChar context="#pop" attribute="Symbol" char=";" lookAhead="true"/> <!-- End rule --> | ||||
971 | <IncludeRules context="_normal"/> | ||||
972 | </context> | ||||
973 | <context name="_class" attribute="Normal Text" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
974 | <!-- Class --> | ||||
975 | <RegExpr context="#pop" attribute="Class" String="\s*&identifier;(?=[^:\w\-\.,]|$)"/> | ||||
976 | </context> | ||||
977 | | ||||
978 | <!-- Special keywords in some statements --> | ||||
979 | <context name="_statement_default" attribute="Normal Text" lineEndContext="#stay"> | ||||
980 | <keyword context="#stay" attribute="Reserved Keywords" String="source_target"/> | ||||
981 | <DetectChar context="#pop" attribute="Symbol" char=";" lookAhead="true"/> | ||||
982 | <IncludeRules context="_normal"/> | ||||
983 | </context> | ||||
984 | <context name="_statement_default_range" attribute="Normal Text" lineEndContext="#stay"> | ||||
985 | <keyword context="#stay" attribute="Range" String="range"/> | ||||
986 | <IncludeRules context="_statement_default"/> | ||||
987 | </context> | ||||
988 | <context name="_statement_cexpr" attribute="Normal Text" lineEndContext="#stay"> | ||||
989 | <keyword context="#stay" attribute="Expression Keys" String="cexpr_operators"/> | ||||
990 | <keyword context="#stay" attribute="Special Keys" String="cexpr_keywords"/> | ||||
991 | <keyword context="#stay" attribute="Reserved Keywords" String="source_target"/> | ||||
992 | <keyword context="#stay" attribute="Reserved Keywords" String="sameuser"/> | ||||
993 | <DetectChar context="#pop" attribute="Symbol" char=";" lookAhead="true"/> | ||||
994 | <IncludeRules context="_normal"/> | ||||
995 | </context> | ||||
996 | <context name="_statement_policycap" attribute="Normal Text" lineEndContext="#stay"> | ||||
997 | <IncludeRules context="_policy_capabilities"/> | ||||
998 | <DetectChar context="#pop" attribute="Symbol" char=";" lookAhead="true"/> | ||||
999 | <IncludeRules context="_normal"/> | ||||
1000 | </context> | ||||
1001 | | ||||
1002 | <!-- RANGE_TRANSITION: Highlight level/range and fix class after ":" --> | ||||
1003 | <context name="_statement_range_transition" attribute="Normal Text" lineEndContext="#stay"> | ||||
1004 | <DetectChar context="#pop" attribute="Symbol" char=";" lookAhead="true"/> | ||||
1005 | <RegExpr context="_class_range_transition_statement" String="&identifierWithArg;\s*:\s*&identifierWithArg;\s+[a-zA-Z\$]" lookAhead="true"/> | ||||
1006 | | ||||
1007 | <RegExpr context="#pop!_mls_level_range" String="&identifierWithArg;(\s*:\s*&identifierWithArg;(\s*,\s*&identifierWithArg;)*)?\s+\-\s+&identifierWithArg;(\s*:\s*&identifierWithArg;(\s*,\s*&identifierWithArg;)*)?" lookAhead="true"/> | ||||
1008 | <RegExpr context="#pop!_mls_level_range" String="&identifierWithArg;(\s*:\s*&identifierWithArg;(\s*,\s*&identifierWithArg;)*)?(\s*\-\s*&identifierWithArg;(\s*:\s*&identifierWithArg;(\s*,\s*&identifierWithArg;)*)?)?(?=\s*;)" lookAhead="true"/> | ||||
1009 | <IncludeRules context="_normal"/> | ||||
1010 | </context> | ||||
1011 | <context name="_class_range_transition_statement" attribute="Normal Text" lineEndContext="#pop"> | ||||
1012 | <DetectChar context="#pop!_class" attribute="Symbol" char=":"/> | ||||
1013 | <IncludeRules context="_m4_special_arguments"/> | ||||
1014 | <keyword context="#stay" attribute="Special Keys" String="self"/> | ||||
1015 | </context> | ||||
1016 | | ||||
1017 | <!-- Detect identifier (highlight it as "Normal Text") --> | ||||
1018 | <context name="_find_identifier" attribute="Normal Text" lineEndContext="#stay" fallthrough="true" fallthroughContext="#pop"> | ||||
1019 | <IncludeRules context="_default_find_identifier"/> | ||||
1020 | <RegExpr context="#pop" attribute="Normal Text" String="&identifier;"/> | ||||
1021 | </context> | ||||
1022 | <context name="_default_find_identifier" attribute="Normal Text" lineEndContext="#stay"> | ||||
1023 | <DetectSpaces context="#stay"/> | ||||
1024 | <IncludeRules context="_m4_preprocessor"/> | ||||
1025 | <IncludeRules context="_find_all_comments"/> | ||||
1026 | <RegExpr context="#pop" attribute="Function" String="\b&identifier;(?=\()" lookAhead="true"/> | ||||
1027 | </context> | ||||
1028 | | ||||
1029 | <!-- Detect MLS/MCS Level (s0.s1:c0,c1) --> | ||||
1030 | <context name="_find_mls_level" attribute="Normal Text" lineEndContext="#stay" fallthrough="true" fallthroughContext="#pop"> | ||||
1031 | <IncludeRules context="_default_find_identifier"/> | ||||
1032 | <RegExpr context="#pop!_mls_level" String="&identifierWithArg;" lookAhead="true"/> | ||||
1033 | </context> | ||||
1034 | <!-- Detect MLS/MCS Range (s0:c0 - s1:c1) --> | ||||
1035 | <context name="_find_mls_level_range" attribute="Normal Text" lineEndContext="#stay" fallthrough="true" fallthroughContext="#pop"> | ||||
1036 | <IncludeRules context="_default_find_identifier"/> | ||||
1037 | <RegExpr context="#pop!_mls_level_range" String="&identifierWithArg;" lookAhead="true"/> | ||||
1038 | </context> | ||||
1039 | <!-- MLS/MCS Range: Sensitivity:Category - Sensitivity:Category --> | ||||
1040 | <context name="_mls_level_range" attribute="MLS/MCS Level/Range" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1041 | <RegExpr context="#pop!_mls_level_range_cat" attribute="Symbol" String=":(?=&identifierWithArg;)"/> <!-- Find Category --> | ||||
1042 | <RegExpr context="#pop!_mls_level" attribute="Symbol" String="\s*\-\s*(?=&mlsLevel;)"/> <!-- Find Range --> | ||||
1043 | <RegExpr context="#stay" attribute="Symbol" String="\.(?=&identifierWithArg;)"/> | ||||
1044 | <IncludeRules context="_default_mls_level"/> | ||||
1045 | </context> | ||||
1046 | <context name="_mls_level_range_cat" attribute="MLS/MCS Level/Range" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1047 | <RegExpr context="#pop!_mls_level" attribute="Symbol" String="\s*\-\s*(?=&mlsLevel;)"/> <!-- Find Range --> | ||||
1048 | <RegExpr context="#stay" attribute="Symbol" String="(\.|\s*,\s*)(?=&identifierWithArg;)"/> | ||||
1049 | <IncludeRules context="_default_mls_level"/> | ||||
1050 | </context> | ||||
1051 | <!-- MLS/MCS Level: Sensitivity:Category --> | ||||
1052 | <context name="_mls_level" attribute="MLS/MCS Level/Range" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1053 | <RegExpr context="#pop!_mls_level_cat" attribute="Symbol" String=":(?=&identifierWithArg;)"/> <!-- Find Category --> | ||||
1054 | <RegExpr context="#stay" attribute="Symbol" String="\.(?=&identifierWithArg;)"/> | ||||
1055 | <IncludeRules context="_default_mls_level"/> | ||||
1056 | </context> | ||||
1057 | <context name="_mls_level_cat" attribute="MLS/MCS Level/Range" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1058 | <RegExpr context="#stay" attribute="Symbol" String="(\.|\s*,\s*)(?=&identifierWithArg;)"/> | ||||
1059 | <IncludeRules context="_default_mls_level"/> | ||||
1060 | </context> | ||||
1061 | <context name="_default_mls_level" attribute="MLS/MCS Level/Range" lineEndContext="#pop"> | ||||
1062 | <RegExpr context="#stay" attribute="MLS/MCS Level/Range" String="\w+"/> | ||||
1063 | <DetectChar context="#stay" attribute="MLS/MCS Level/Range" char="-"/> | ||||
1064 | <IncludeRules context="_m4_special_arguments"/> | ||||
1065 | </context> | ||||
1066 | | ||||
1067 | <!-- Double Quotes String (does not support line breaks and line continuation escape) --> | ||||
1068 | <context name="_quoted" attribute="Text Quoted" | ||||
1069 | lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_filename_quoted"> | ||||
1070 | <RegExpr context="#pop!_path_quoted" attribute="Text Quoted" String="[^"/]*/" lookAhead="true"/> <!-- Find path --> | ||||
1071 | </context> | ||||
1072 | <context name="_filename_quoted" attribute="Text Quoted" lineEndContext="#pop"> | ||||
1073 | <DetectChar context="#pop" attribute="Text Quoted" char="""/> | ||||
1074 | <IncludeRules context="_m4_special_arguments"/> | ||||
1075 | <RegExpr context="#stay" attribute="Text Quoted Open" String="[^\s"\\](?=\s*$)"/> | ||||
1076 | </context> | ||||
1077 | <context name="_path_quoted" attribute="Text Quoted" lineEndContext="#pop"> | ||||
1078 | <DetectChar context="#pop" attribute="Text Quoted" char="""/> | ||||
1079 | <!-- Quote escaped is not allowed? (see line 260-261 in "selinux/checkpolicy/policy_scan.l") --> | ||||
1080 | <IncludeRules context="_m4_special_arguments"/> | ||||
1081 | <IncludeRules context="_regex_quoted"/> | ||||
1082 | <RegExpr context="#stay" attribute="Text Quoted Open" String="[^\s"\[\(\\](?=\s*$)"/> | ||||
1083 | </context> | ||||
1084 | | ||||
1085 | <!-- Path --> | ||||
1086 | <context name="_path" attribute="Path" lineEndContext="#pop"> | ||||
1087 | <DetectSpaces context="#pop" lookAhead="true"/> | ||||
1088 | <IncludeRules context="_m4_special_arguments"/> | ||||
1089 | <IncludeRules context="_regex"/> | ||||
1090 | </context> | ||||
1091 | | ||||
1092 | <!-- Input Selectors: selector=value | ||||
1093 | NOTE: "seapp_contexts" in the Android policy use this. --> | ||||
1094 | <context name="_input_sel" attribute="Normal Text" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1095 | <DetectSpaces context="#stay"/> | ||||
1096 | <DetectChar context="#stay" attribute="Symbol" char="="/> | ||||
1097 | <keyword context="#pop" attribute="Booleans" String="booleans"/> | ||||
1098 | <keyword context="#pop" attribute="Special Keys" String="self"/> | ||||
1099 | <DetectChar context="#pop" char=""" lookAhead="true"/> | ||||
1100 | <RegExpr context="#pop" attribute="Normal Text" String="&identifier;(?=[,;]?(\s|$))"/> | ||||
1101 | <!-- Find RegExp --> | ||||
1102 | <AnyChar context="#pop!_path" String="[(" lookAhead="true"/> | ||||
1103 | <RegExpr context="#pop!_path" String="[^\=\s"\{\}\[\]\(\);#]+[\{\[\(\*\+\?]" lookAhead="true"/> | ||||
1104 | <RegExpr context="#pop!_path" String="[^\=\s"\{\}\[\]\(\);#\d]+\." lookAhead="true"/> | ||||
1105 | </context> | ||||
1106 | | ||||
1107 | <!-- Special functions of Refpolicy --> | ||||
1108 | <context name="_function_gen_context" attribute="Normal Text" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1109 | <DetectChar context="#pop!_function_gen_context_find_fc" attribute="Normal Text" char="(" beginRegion="ParenthesesBlock"/> | ||||
1110 | </context> | ||||
1111 | <context name="_function_gen_context_find_fc" attribute="File Contexts" | ||||
1112 | lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_function_gen_context_content"> | ||||
1113 | <RegExpr context="_file_contexts" String="&identifierWithArg;(:&identifierWithArg;){2}\b" lookAhead="true"/> | ||||
1114 | <DetectSpaces context="#stay"/> | ||||
1115 | </context> | ||||
1116 | <context name="_function_gen_context_content" attribute="File Contexts" lineEndContext="#pop"> | ||||
1117 | <DetectChar context="#pop" attribute="Normal Text" char=")" endRegion="ParenthesesBlock"/> | ||||
1118 | <AnyChar context="#stay" attribute="Normal Text" String=".:-"/> | ||||
1119 | <AnyChar context="#stay" attribute="Symbol" String=",;"/> | ||||
1120 | <IncludeRules context="_m4_special_arguments"/> | ||||
1121 | <IncludeRules context="_find_all_comments"/> | ||||
1122 | <IncludeRules context="_common_special_char"/> | ||||
1123 | <IncludeRules context="_line_continue_escape"/> | ||||
1124 | </context> | ||||
1125 | | ||||
1126 | <!-- File Contexts. | ||||
1127 | NOTE: File contexts with spaces before and after each ":" are not highlighted. --> | ||||
1128 | <!-- user:role:type --> | ||||
1129 | <context name="_file_contexts" attribute="File Contexts" lineEndContext="#pop"> | ||||
1130 | <DetectChar context="#pop!_fc_role" attribute="Symbol" char=":"/> | ||||
1131 | <IncludeRules context="_m4_special_arguments"/> | ||||
1132 | </context> | ||||
1133 | <context name="_fc_role" attribute="File Contexts" lineEndContext="#pop"> | ||||
1134 | <DetectChar context="#pop!_fc_type" attribute="Symbol" char=":"/> | ||||
1135 | <IncludeRules context="_m4_special_arguments"/> | ||||
1136 | </context> | ||||
1137 | <context name="_fc_type" attribute="File Contexts (Type Enforcement)" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_after_fc"> | ||||
1138 | <RegExpr context="#pop!_fc_level_range" attribute="Symbol" String=":(?=&mlsLevel;)"/> <!-- Find Level/Range --> | ||||
1139 | <RegExpr context="#stay" attribute="File Contexts (Type Enforcement)" String="\.?[\w\-]+"/> | ||||
1140 | <RegExpr context="#stay" attribute="File Contexts (Type Enforcement)" String="\.(?=\$)"/> | ||||
1141 | <IncludeRules context="_m4_special_arguments"/> | ||||
1142 | </context> | ||||
1143 | <!-- (MLS/MCS) user:role:type:level --> | ||||
1144 | <context name="_fc_level_range" attribute="File Contexts" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_after_fc"> | ||||
1145 | <RegExpr context="#pop!_fc_level_range_cat" attribute="Symbol" String=":(?=&identifierWithArg;)"/> <!-- Find Category --> | ||||
1146 | <RegExpr context="#pop!_fc_level" attribute="Symbol" String="\s*\-\s*(?=&mlsLevel;)"/> <!-- Find Range --> | ||||
1147 | <RegExpr context="#stay" attribute="Symbol" String="\.(?=&identifierWithArg;)"/> | ||||
1148 | <IncludeRules context="_default_fc_level"/> | ||||
1149 | </context> | ||||
1150 | <context name="_fc_level_range_cat" attribute="File Contexts" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_after_fc"> | ||||
1151 | <RegExpr context="#pop!_fc_level" attribute="Symbol" String="\s*\-\s*(?=&mlsLevel;)"/> <!-- Find Range --> | ||||
1152 | <RegExpr context="#stay" attribute="Symbol" String="(\.|\s*,\s*)(?=&identifierWithArg;)"/> | ||||
1153 | <IncludeRules context="_default_fc_level"/> | ||||
1154 | </context> | ||||
1155 | <!-- (MLS/MCS) user:role:type:level-level --> | ||||
1156 | <context name="_fc_level" attribute="File Contexts" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_after_fc"> | ||||
1157 | <RegExpr context="#pop!_fc_level_cat" attribute="Symbol" String=":(?=&identifierWithArg;)"/> <!-- Find Category --> | ||||
1158 | <RegExpr context="#stay" attribute="Symbol" String="\.(?=&identifierWithArg;)"/> | ||||
1159 | <IncludeRules context="_default_fc_level"/> | ||||
1160 | </context> | ||||
1161 | <context name="_fc_level_cat" attribute="File Contexts" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_after_fc"> | ||||
1162 | <RegExpr context="#stay" attribute="Symbol" String="(\.|\s*,\s*)(?=&identifierWithArg;)"/> | ||||
1163 | <IncludeRules context="_default_fc_level"/> | ||||
1164 | </context> | ||||
1165 | <context name="_default_fc_level" attribute="File Contexts" lineEndContext="#pop"> | ||||
1166 | <RegExpr context="#stay" attribute="File Contexts" String="\w+"/> | ||||
1167 | <DetectChar context="#stay" attribute="File Contexts" char="-"/> | ||||
1168 | <IncludeRules context="_m4_special_arguments"/> | ||||
1169 | </context> | ||||
1170 | | ||||
1171 | <context name="_after_fc" attribute="Normal Text" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1172 | <RegExpr context="#stay" attribute="Symbol" String=":(?=&identifierWithArg;)"/> | ||||
1173 | <RegExpr context="#stay" attribute="Normal Text" String="&identifier;"/> | ||||
1174 | <IncludeRules context="_m4_special_arguments"/> | ||||
1175 | </context> | ||||
1176 | | ||||
1177 | <!-- | ||||
1178 | ======================================== | ||||
1179 | Comments & Documentation | ||||
1180 | ======================================== --> | ||||
1181 | | ||||
1182 | <context name="_find_comments" attribute="Normal Text" lineEndContext="#stay"> | ||||
1183 | <Detect2Chars context="_doc_comment" attribute="Documentation" char="#" char1="#"/> | ||||
1184 | <DetectChar context="_comment" attribute="Comment" char="#"/> | ||||
1185 | </context> | ||||
1186 | <context name="_find_all_comments" attribute="Normal Text" lineEndContext="#stay"> | ||||
1187 | <IncludeRules context="_find_comments"/> | ||||
1188 | <!-- For Macros --> | ||||
1189 | <RegExpr context="_comment" attribute="Comment" String="\bdnl(?!\.?[\w\-])"/> | ||||
1190 | </context> | ||||
1191 | | ||||
1192 | <context name="_comment" attribute="Comment" lineEndContext="#pop"> | ||||
1193 | <DetectSpaces /> | ||||
1194 | <LineContinue context="#pop" attribute="Comment"/> | ||||
1195 | <IncludeRules context="##Alerts"/> | ||||
1196 | <IncludeRules context="##Modelines"/> | ||||
1197 | <IncludeRules context="_default_comment"/> | ||||
1198 | </context> | ||||
1199 | <context name="_doc_comment" attribute="Documentation" lineEndContext="#pop"> | ||||
1200 | <IncludeRules context="_find_tags"/> | ||||
1201 | <IncludeRules context="_find_entityrefs"/> | ||||
1202 | <LineContinue context="#pop" attribute="Documentation"/> | ||||
1203 | <IncludeRules context="_comment"/> | ||||
1204 | </context> | ||||
1205 | | ||||
1206 | <context name="_find_tags" attribute="Documentation" lineEndContext="#pop"> | ||||
1207 | <RegExpr context="_element_tag" attribute="Doc. Element Tag" String="<\s*&tagName;" beginRegion="DocElement"/> | ||||
1208 | <RegExpr context="#stay" attribute="Doc. Element Tag" String="</\s*&tagName;\s*>" endRegion="DocElement"/> | ||||
1209 | </context> | ||||
1210 | <context name="_find_entityrefs" attribute="Documentation" lineEndContext="#pop"> | ||||
1211 | <RegExpr context="#stay" attribute="Doc. EntityRef" String="&(#[0-9]+|#[xX][0-9A-Fa-f]+|[a-zA-Z_]([\w\-]*\w)?);"/> | ||||
1212 | </context> | ||||
1213 | | ||||
1214 | <context name="_element_tag" attribute="Documentation" lineEndContext="#pop"> | ||||
1215 | <Detect2Chars context="#pop" attribute="Doc. Element Tag" char="/" char1=">" endRegion="DocElement"/> | ||||
1216 | <DetectChar context="#pop" attribute="Doc. Element Tag" char=">"/> | ||||
1217 | <RegExpr context="_attribute" attribute="Doc. Attribute" String="\s&tagName;"/> | ||||
1218 | <RegExpr context="#pop" attribute="Error" String="\S"/> | ||||
1219 | </context> | ||||
1220 | <context name="_attribute" attribute="Documentation" lineEndContext="#pop"> | ||||
1221 | <DetectChar context="#pop!_value" attribute="Documentation" char="="/> | ||||
1222 | <RegExpr context="#stay" attribute="Doc. Attribute" String="\s&tagName;"/> | ||||
1223 | <RegExpr context="#pop" attribute="Error" String="\S"/> | ||||
1224 | </context> | ||||
1225 | <context name="_value" attribute="Documentation" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1226 | <RegExpr context="#pop!_value_dq" attribute="Doc. Value" String="\s*""/> | ||||
1227 | <RegExpr context="#pop!_value_sq" attribute="Doc. Value" String="\s*'"/> | ||||
1228 | <RegExpr context="#stay" attribute="Error" String="\s*\S+"/> | ||||
1229 | </context> | ||||
1230 | <context name="_value_dq" attribute="Doc. Value" lineEndContext="#pop"> | ||||
1231 | <RegExpr context="#pop" attribute="Error" String="\S(?=\s*$)"/> | ||||
1232 | <DetectChar context="#pop" attribute="Doc. Value" char="""/> | ||||
1233 | <IncludeRules context="_find_entityrefs"/> | ||||
1234 | </context> | ||||
1235 | <context name="_value_sq" attribute="Doc. Value" lineEndContext="#pop"> | ||||
1236 | <RegExpr context="#pop" attribute="Error" String="\S(?=\s*$)"/> | ||||
1237 | <DetectChar context="#pop" attribute="Doc. Value" char="'"/> | ||||
1238 | <IncludeRules context="_find_entityrefs"/> | ||||
1239 | </context> | ||||
1240 | | ||||
1241 | <!-- | ||||
1242 | ==================================================================== | ||||
1243 | Common Rules for Syntax Highlighting of SELinux Policies | ||||
1244 | ==================================================================== | ||||
1245 | NOTE: The following contexts are also used by "selinux-fc.xml" | ||||
1246 | and "selinux-cil.xml". --> | ||||
1247 | | ||||
1248 | <!-- Default Comment (only for single line comments!) --> | ||||
1249 | <context name="_default_comment" attribute="Normal Text" lineEndContext="#pop"> | ||||
1250 | <!-- URLs --> | ||||
1251 | <RegExpr context="#stay" attribute="URL in Comment" String="\bhttps?://[^\s<>"'`]*[^\s<>"'`\}\)\]\.,;\|]"/> | ||||
1252 | <!-- Email (Source: http://emailregex.com) --> | ||||
1253 | <RegExpr context="#stay" attribute="URL in Comment" String="(([^<>\(\)\[\]\\\.,;:\s@"]+(\.[^<>\(\)\[\]\\\.,;:\s@"]+)*)|("[^"]+"))@((\[\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}])|(([a-zA-Z\-\d]+\.)+[a-zA-Z]{2,}))\b"/> | ||||
1254 | </context> | ||||
1255 | | ||||
1256 | <!-- IP Addresses --> | ||||
1257 | <context name="_ip_addr" attribute="Normal Text" lineEndContext="#stay"> | ||||
1258 | <!-- IPv4 --> | ||||
1259 | <RegExpr context="#stay" attribute="IP Address" String="\b((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\b"/> | ||||
1260 | <!-- IPv6 (Source: https://community.helpsystems.com/forums/intermapper/miscellaneous-topics/5acc4fcf-fa83-e511-80cf-0050568460e4 ) --> | ||||
1261 | <RegExpr context="#stay" attribute="IP Address" String="((\b([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(\b([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(\b([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3})|:))|(\b([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(\b([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(\b([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(\b([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)(\.(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)){3}))|:)))"/> <!-- End: (\%\w+\b)? --> | ||||
1262 | <!-- NOTE: IPv6 in the SELinux parser ("selinux/checkpolicy/policy_scan.l"): "([\da-fA-F]{0,4}:){2}[\da-fA-F:\.]*" --> | ||||
1263 | </context> | ||||
1264 | | ||||
1265 | <!-- AV Permissions Keywords --> | ||||
1266 | <context name="_av_permissions" attribute="Normal Text" lineEndContext="#stay"> | ||||
1267 | <keyword context="#stay" attribute="AV Permissions" String="av_permissions"/> | ||||
1268 | <keyword context="#stay" attribute="Android AV Permissions" String="av_permissions_android"/> | ||||
1269 | </context> | ||||
1270 | | ||||
1271 | <!-- Policy Capabilities --> | ||||
1272 | <context name="_policy_capabilities" attribute="Normal Text" lineEndContext="#stay"> | ||||
1273 | <keyword context="#stay" attribute="Policy Capability" String="policy_capabilities"/> | ||||
1274 | </context> | ||||
1275 | | ||||
1276 | <!-- Filsystem Keywords --> | ||||
1277 | <context name="_filesystem" attribute="Normal Text" lineEndContext="#stay"> | ||||
1278 | <keyword context="#stay" attribute="Filesystem" String="filesystem"/> | ||||
1279 | </context> | ||||
1280 | | ||||
1281 | <!-- Special Characters --> | ||||
1282 | <context name="_common_special_char" attribute="Normal Text" lineEndContext="#stay"> | ||||
1283 | <DetectChar context="#stay" attribute="Special Char" char="*"/> | ||||
1284 | </context> | ||||
1285 | <!-- Line-Continuation Escape --> | ||||
1286 | <context name="_line_continue_escape" attribute="Normal Text" lineEndContext="#stay"> | ||||
1287 | <LineContinue context="#stay" attribute="Escape Char"/> | ||||
1288 | </context> | ||||
1289 | | ||||
1290 | <!-- SELinux Reference Policy Keywords --> | ||||
1291 | <context name="_refpolicy_keywords" attribute="Normal Text" lineEndContext="#stay"> | ||||
1292 | <keyword context="#stay" attribute="Refpolicy Keywords" String="refpolicy_keywords"/> | ||||
1293 | </context> | ||||
1294 | <context name="_refpolicy_keywords_fc" attribute="Normal Text" lineEndContext="#stay"> | ||||
1295 | <keyword context="#stay" attribute="Refpolicy Keywords (in FC files)" String="refpolicy_keywords"/> | ||||
1296 | </context> | ||||
1297 | | ||||
1298 | <!-- Statements with Definition of File Contexts --> | ||||
1299 | <context name="_statements_file_contexts" attribute="Normal Text" lineEndContext="#stay"> | ||||
1300 | <keyword context="#stay" attribute="Statements" String="statements_fc"/> | ||||
1301 | </context> | ||||
1302 | | ||||
1303 | <!-- SELinux M4 Macros --> | ||||
1304 | | ||||
1305 | <context name="_m4_special_arguments" attribute="Normal Text" lineEndContext="#stay"> | ||||
1306 | <RegExpr context="#stay" attribute="M4 Special Arguments" String="&m4Args;"/> | ||||
1307 | </context> | ||||
1308 | <context name="_m4_quotes" attribute="Normal Text" lineEndContext="#stay"> | ||||
1309 | <AnyChar context="#stay" attribute="Default M4 Quote" String="&m4Quotes;"/> | ||||
1310 | </context> | ||||
1311 | | ||||
1312 | <context name="_m4_builtin_keywords" attribute="Normal Text" lineEndContext="#stay"> | ||||
1313 | <keyword context="_function_regexp" attribute="M4 Built-in Keywords" String="m4_builtin_regexp"/> | ||||
1314 | <keyword context="#stay" attribute="M4 Built-in Keywords" String="m4_builtin"/> | ||||
1315 | </context> | ||||
1316 | | ||||
1317 | <!-- #line --> | ||||
1318 | <context name="_m4_preprocessor" attribute="Normal Text" lineEndContext="#stay"> | ||||
1319 | <RegExpr context="_m4_preprocessor_line_num" attribute="M4 Preprocessor" String="#line[ ](?=\d)"/> | ||||
1320 | </context> | ||||
1321 | <context name="_m4_preprocessor_line_num" attribute="M4 Preprocessor" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1322 | <!-- #line 1 "source" --> | ||||
1323 | <Detect2Chars context="_m4_preprocessor_line_source_file" attribute="M4 Preprocessor" char="1" char1=" "/> | ||||
1324 | <Int context="#pop" attribute="M4 Preprocessor"/> | ||||
1325 | </context> | ||||
1326 | <context name="_m4_preprocessor_line_source_file" attribute="M4 Preprocessor" | ||||
1327 | lineEndContext="#pop#pop" fallthrough="true" fallthroughContext="#pop#pop"> | ||||
1328 | <RangeDetect context="#pop#pop" attribute="M4 Preprocessor" char=""" char1="""/> | ||||
1329 | </context> | ||||
1330 | | ||||
1331 | <!-- "regexp" function in M4 --> | ||||
1332 | <context name="_function_regexp" attribute="Normal Text" lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop"> | ||||
1333 | <DetectChar context="#pop!_function_regexp_content" attribute="Normal Text" char="(" beginRegion="ParenthesesBlock"/> | ||||
1334 | </context> | ||||
1335 | <context name="_function_regexp_content" attribute="Normal Text" lineEndContext="#stay"> | ||||
1336 | <DetectChar context="#pop" attribute="Normal Text" char=")" endRegion="ParenthesesBlock"/> | ||||
1337 | <DetectChar context="#stay" attribute="Normal Text" char=","/> | ||||
1338 | <!-- Default Quote: `text' --> | ||||
1339 | <RegExpr context="_simple_string_regexp" attribute="Text Quoted" String="`(?=(&m4Args;|[\w\-\s])*')"/> | ||||
1340 | <IncludeRules context="_m4_quotes"/> | ||||
1341 | | ||||
1342 | <IncludeRules context="_m4_special_arguments"/> | ||||
1343 | <IncludeRules context="_regex_general_otherquote"/> | ||||
1344 | <IncludeRules context="_find_all_comments"/> | ||||
1345 | </context> | ||||
1346 | <context name="_simple_string_regexp" attribute="Text Quoted" lineEndContext="#pop"> | ||||
1347 | <DetectChar context="#pop" attribute="Text Quoted" char="'"/> | ||||
1348 | <IncludeRules context="_m4_special_arguments"/> | ||||
1349 | </context> | ||||
1350 | | ||||
1351 | <!-- Highlight simple string using the default quotes: `text' --> | ||||
1352 | <context name="_m4_string_simple" attribute="Normal Text" lineEndContext="#stay"> | ||||
1353 | <DetectChar context="_find_m4_string_simple" char="`" lookAhead="true"/> | ||||
1354 | </context> | ||||
1355 | <context name="_find_m4_string_simple" attribute="Text Quoted" lineEndContext="#pop"> | ||||
1356 | <RegExpr context="#pop!_block_quoted_simple" attribute="Text Quoted" String="`(?=(&m4Args;|[\w\-\.\s]|\(\))*')"/> | ||||
1357 | <DetectChar context="#pop" attribute="Default M4 Quote" char="`"/> <!-- &m4Quotes; --> | ||||
1358 | </context> | ||||
1359 | <context name="_block_quoted_simple" attribute="Text Quoted" lineEndContext="#pop"> | ||||
1360 | <DetectChar context="#pop" attribute="Text Quoted" char="'"/> | ||||
1361 | <IncludeRules context="_m4_special_arguments"/> | ||||
1362 | </context> | ||||
1363 | | ||||
1364 | <!-- | ||||
1365 | ================================= | ||||
1366 | PCRE2 RegExp | ||||
1367 | ================================= --> | ||||
1368 | | ||||
1369 | <context name="_default_regex" attribute="Normal Text" lineEndContext="#stay"> | ||||
1370 | <IncludeRules context="_special_chars"/> | ||||
1371 | <IncludeRules context="_brackets_error"/> | ||||
1372 | <IncludeRules context="_quantification_brackets"/> | ||||
1373 | </context> | ||||
1374 | | ||||
1375 | <!-- SELinux RegExp --> | ||||
1376 | <!-- For paths: not allow spaces & line breaks --> | ||||
1377 | <context name="_regex" attribute="Normal Text" lineEndContext="#stay"> | ||||
1378 | <IncludeRules context="_default_regex"/> | ||||
1379 | <DetectChar context="_square_brackets" attribute="RegExp Brackets" char="["/> | ||||
1380 | <DetectChar context="_round_brackets" attribute="RegExp Brackets" char="("/> | ||||
1381 | </context> | ||||
1382 | <!-- For double quote string ("str"): allow spaces, but not line breaks --> | ||||
1383 | <context name="_regex_quoted" attribute="Normal Text" lineEndContext="#stay"> | ||||
1384 | <IncludeRules context="_default_regex"/> | ||||
1385 | <DetectChar context="_square_brackets_quoted" attribute="RegExp Brackets" char="["/> | ||||
1386 | <DetectChar context="_round_brackets_quoted" attribute="RegExp Brackets" char="("/> | ||||
1387 | </context> | ||||
1388 | | ||||
1389 | <!-- General RegExp: | ||||
1390 | - Allow escapes unsupported by SELinux. | ||||
1391 | - Do not end with a quote. | ||||
1392 | - Allow spaces & line breaks. | ||||
1393 | - Allow comments in round brackets. --> | ||||
1394 | <context name="_regex_general_otherquote" attribute="Normal Text" lineEndContext="#stay"> | ||||
1395 | <IncludeRules context="_line_continue_escape"/> | ||||
1396 | <IncludeRules context="_fix_escape"/> | ||||
1397 | <IncludeRules context="_default_regex"/> | ||||
1398 | <DetectChar context="_square_brackets_otherquote" attribute="RegExp Brackets" char="["/> | ||||
1399 | <DetectChar context="_round_brackets_otherquote" attribute="RegExp Brackets" char="("/> | ||||
1400 | </context> | ||||
1401 | | ||||
1402 | <context name="_special_chars" attribute="Normal Text" lineEndContext="#stay"> | ||||
1403 | <AnyChar context="#stay" attribute="Special Char" String="&specialChars;"/> | ||||
1404 | <IncludeRules context="_escape"/> | ||||
1405 | </context> | ||||
1406 | | ||||
1407 | <!-- Escapes --> | ||||
1408 | <context name="_escape" attribute="Normal Text" lineEndContext="#stay"> | ||||
1409 | <!-- Escapes Not Supported by SELinux --> | ||||
1410 | <RegExpr context="#stay" attribute="Error" String="\\([LlUu]|N\{\w+\})"/> | ||||
1411 | <!-- Hexadecimal --> | ||||
1412 | <RegExpr context="#stay" attribute="Escape Char" String="\\x(\{[\da-fA-F]+\}|[\da-fA-F]{2})"/> | ||||
1413 | <!-- Octal. NOTE: only ASCII chars. for \ddd --> | ||||
1414 | <RegExpr context="#stay" attribute="Escape Char" String="\\(o\{[0-7]+\}|[0-3][0-7]{0,2}|[4-7][0-7]?)"/> | ||||
1415 | <!-- References --> | ||||
1416 | <RegExpr context="#stay" attribute="Escape Char" String="\\[kg](<\w+>|'\w+'|\{\w+\})"/> | ||||
1417 | <RegExpr context="#stay" attribute="Escape Char" String="\\g(<[\+\-]?\d+>|'[\+\-]?\d+'|\{[\+\-]?\d+\}|[\+\-]?\d)"/> | ||||
1418 | <!-- Category Properties --> | ||||
1419 | <RegExpr context="#stay" attribute="Escape Char" String="\\[pP](C[cfnos]?|L[lmotu&]?|M[cen]?|N[dlo]?|P[cdefios]?|S[ckmo]?|Z[lps]?)"/> | ||||
1420 | <RegExpr context="#stay" attribute="Escape Char" String="\\[pP]\{(Xan|Xps|Xsp|Xuc|Xwd|C[cfnos]?|L[lmotu&]?|M[cen]?|N[dlo]?|P[cdefios]?|S[ckmo]?|Z[lps]?)\}"/> | ||||
1421 | <!-- Script Names --> | ||||
1422 | <RegExpr context="#stay" attribute="Escape Char" String="\\[pP]\{(Ahom|Anatolian_Hieroglyphs|Arabic|Armenian|Avestan|Balinese|Bamum|Bassa_Vah|Batak|Bengali|Bopomofo|Brahmi|Braille|Buginese|Buhid|Canadian_Aboriginal|Carian|Caucasian_Albanian|Chakma|Cham|Cherokee|Common|Coptic|Cuneiform|Cypriot|Cyrillic|Deseret|Devanagari|Duployan|Egyptian_Hieroglyphs|Elbasan|Ethiopic|Georgian|Glagolitic|Gothic|Grantha|Greek|Gujarati|Gurmukhi|Han|Hangul|Hanunoo|Hatran|Hebrew|Hiragana|Imperial_Aramaic|Inherited|Inscriptional_Pahlavi|Inscriptional_Parthian|Javanese|Kaithi|Kannada|Katakana|Kayah_Li|Kharoshthi|Khmer|Khojki|Khudawadi|Lao|Latin|Lepcha|Limbu|Linear_A|Linear_B|Lisu|Lycian|Lydian|Mahajani|Malayalam|Mandaic|Manichaean|Meetei_Mayek|Mende_Kikakui|Meroitic_Cursive|Meroitic_Hieroglyphs|Miao|Modi|Mongolian|Mro|Multani|Myanmar|Nabataean|New_Tai_Lue|Nko|Ogham|Ol_Chiki|Old_Hungarian|Old_Italic|Old_North_Arabian|Old_Permic|Old_Persian|Old_South_Arabian|Old_Turkic|Oriya|Osmanya|Pahawh_Hmong|Palmyrene|Pau_Cin_Hau|Phags_Pa|Phoenician|Psalter_Pahlavi|Rejang|Runic|Samaritan|Saurashtra|Sharada|Shavian|Siddham|SignWriting|Sinhala|Sora_Sompeng|Sundanese|Syloti_Nagri|Syriac|Tagalog|Tagbanwa|Tai_Le|Tai_Tham|Tai_Viet|Takri|Tamil|Telugu|Thaana|Thai|Tibetan|Tifinagh|Tirhuta|Ugaritic|Vai|Warang_Citi|Yi)\}"/> | ||||
1423 | <!-- Escaped Characters --> | ||||
1424 | <RegExpr context="#stay" attribute="Escape Char" String="\\(Q.*\\E|c[a-zA-Z])"/> | ||||
1425 | <!-- Reserved characters --> | ||||
1426 | <RegExpr context="#stay" attribute="Escape Char" String="\\[\ssSdDwWbBAZcCtrnaefvxhGHKNQRVXpPz\d]"/> | ||||
1427 | <!-- Punctuation Characters --> | ||||
1428 | <RegExpr context="#stay" attribute="Escape Char" String="\\[[:punct:]]"/> | ||||
1429 | <RegExpr context="#stay" attribute="Escape Char" String="\\[\041-\057\072-\100\133-\140\173-\176]"/> | ||||
1430 | </context> | ||||
1431 | <context name="_fix_escape" attribute="Normal Text" lineEndContext="#stay"> | ||||
1432 | <AnyChar context="#stay" attribute="Special Char" String="^$"/> | ||||
1433 | <RegExpr context="#stay" attribute="Escape Char" String="\\(u[\da-fA-F]{4}|[LlUu]|N\{\w+\}|[0-7]{1,3})"/> | ||||
1434 | </context> | ||||
1435 | | ||||
1436 | <!-- Special Characters in Groups: (?...). Also see: &capGroup; --> | ||||
1437 | <context name="_special_group_round_brackets" attribute="Normal Text" lineEndContext="#stay"> | ||||
1438 | <!-- References & Option Settings --> | ||||
1439 | <RegExpr context="#stay" attribute="Special Char of Brackets" String="\?(&|P[>\=])\w+(?=\))"/> | ||||
1440 | <RegExpr context="#stay" attribute="Special Char of Brackets" String="\?(xx|[iJmnsUxR]|C\d*|C"[^\s"]*"|[\-\+]?\d+)(?=\))"/> | ||||
1441 | <!-- Conditional Patterns --> | ||||
1442 | <RegExpr context="#stay" attribute="Special Char of Brackets" String="\?\((Rn?|R&\w+|[\+\-]?\d+|<\w+>|'\w+'|VERSION>?\=\d+(\.\d+)*|\w+)\)"/> | ||||
1443 | <RegExpr context="#stay" attribute="Special Char of Brackets" String="\?(?=\()"/> | ||||
1444 | </context> | ||||
1445 | | ||||
1446 | <!-- {n} {min,} {,max} {min,max} --> | ||||
1447 | <context name="_quantification_brackets" attribute="Normal Text" lineEndContext="#stay"> | ||||
1448 | <RegExpr context="_quantification_brackets_content" attribute="RegExp Brackets" String="\{(?=(\d+(,\d*)?|,\d+)\})"/> | ||||
1449 | </context> | ||||
1450 | <context name="_quantification_brackets_content" attribute="RegExp Brackets Content" lineEndContext="#pop"> | ||||
1451 | <DetectChar context="#stay" attribute="Special Char of Brackets" char=","/> | ||||
1452 | <DetectChar context="#pop" attribute="RegExp Brackets" char="}"/> | ||||
1453 | </context> | ||||
1454 | | ||||
1455 | <!-- Groups: [ ] and ( ) --> | ||||
1456 | <context name="_default_square_brackets" attribute="RegExp Brackets Content" lineEndContext="#stay"> | ||||
1457 | <DetectChar context="#stay" attribute="Error" char="["/> | ||||
1458 | <IncludeRules context="_special_chars"/> | ||||
1459 | </context> | ||||
1460 | <context name="_default_round_brackets" attribute="RegExp Brackets Content" lineEndContext="#stay"> | ||||
1461 | <DetectChar context="#stay" attribute="Special Char of Brackets" char="|"/> | ||||
1462 | <IncludeRules context="_default_regex"/> | ||||
1463 | </context> | ||||
1464 | <context name="_brackets_error" attribute="Normal Text" lineEndContext="#stay"> | ||||
1465 | <Detect2Chars context="#stay" attribute="Error" char="[" char1="]"/> | ||||
1466 | </context> | ||||
1467 | | ||||
1468 | <!-- Groups Brackets in Paths (do not allow spaces and line breaks) --> | ||||
1469 | <context name="_square_brackets" attribute="RegExp Brackets Content" | ||||
1470 | lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_square_brackets_content"> | ||||
1471 | <!-- Negative Characters --> | ||||
1472 | <RegExpr context="#pop!_square_brackets_content" attribute="Special Char of Brackets" String="\^(?=[^\s\]])"/> | ||||
1473 | </context> | ||||
1474 | <context name="_square_brackets_content" attribute="RegExp Brackets Content" lineEndContext="#pop"> | ||||
1475 | <DetectChar context="#pop" attribute="RegExp Brackets" char="]"/> | ||||
1476 | <DetectSpaces context="#pop" lookAhead="true"/> | ||||
1477 | <RegExpr context="#stay" attribute="Open RegExp Brackets" String="[^\s\[\]\\](?=\s|$)"/> | ||||
1478 | <IncludeRules context="_default_square_brackets"/> | ||||
1479 | </context> | ||||
1480 | | ||||
1481 | <context name="_round_brackets" attribute="RegExp Brackets Content" | ||||
1482 | lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_round_brackets_content"> | ||||
1483 | <IncludeRules context="_special_group_round_brackets"/> | ||||
1484 | <RegExpr context="#pop!_round_brackets_content" attribute="Special Char of Brackets" String="&capGroup;(?=[^\)\s])"/> | ||||
1485 | <DetectChar context="#pop!_round_brackets_content" char="?"/> | ||||
1486 | </context> | ||||
1487 | <context name="_round_brackets_content" attribute="RegExp Brackets Content" lineEndContext="#pop"> | ||||
1488 | <DetectChar context="#pop" attribute="RegExp Brackets" char=")"/> | ||||
1489 | <DetectSpaces context="#pop" lookAhead="true"/> | ||||
1490 | <RegExpr context="#stay" attribute="Open RegExp Brackets" String="[^\s\[\(\)\\](?=\s|$)"/> | ||||
1491 | <IncludeRules context="_default_round_brackets"/> | ||||
1492 | <DetectChar context="_square_brackets" attribute="RegExp Brackets" char="["/> | ||||
1493 | <DetectChar context="_round_brackets" attribute="RegExp Brackets" char="("/> | ||||
1494 | </context> | ||||
1495 | | ||||
1496 | <!-- Groups Brackets in Double Quoted Strings (allow spaces, but not line breaks) --> | ||||
1497 | <context name="_square_brackets_quoted" attribute="RegExp Brackets Content" | ||||
1498 | lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_square_brackets_quoted_content"> | ||||
1499 | <RegExpr context="#pop!_square_brackets_quoted_content" attribute="Special Char of Brackets" String="\^(?=[^\]])"/> | ||||
1500 | </context> | ||||
1501 | <context name="_square_brackets_quoted_content" attribute="RegExp Brackets Content" lineEndContext="#pop"> | ||||
1502 | <DetectChar context="#pop" attribute="RegExp Brackets" char="]"/> | ||||
1503 | <DetectChar context="#pop" char=""" lookAhead="true"/> | ||||
1504 | <RegExpr context="#stay" attribute="Open RegExp Brackets" String="[^\s\[\]"\\](?=\s*("|$))"/> | ||||
1505 | <IncludeRules context="_default_square_brackets"/> | ||||
1506 | </context> | ||||
1507 | | ||||
1508 | <context name="_round_brackets_quoted" attribute="RegExp Brackets Content" | ||||
1509 | lineEndContext="#pop" fallthrough="true" fallthroughContext="#pop!_round_brackets_quoted_content"> | ||||
1510 | <IncludeRules context="_special_group_round_brackets"/> | ||||
1511 | <RegExpr context="#pop!_round_brackets_quoted_content" attribute="Special Char of Brackets" String="&capGroup;(?=[^\)])"/> | ||||
1512 | <DetectChar context="#pop!_round_brackets_quoted_content" char="?"/> | ||||
1513 | </context> | ||||
1514 | <context name="_round_brackets_quoted_content" attribute="RegExp Brackets Content" lineEndContext="#pop"> | ||||
1515 | <DetectChar context="#pop" attribute="RegExp Brackets" char=")"/> | ||||
1516 | <DetectChar context="#pop" char=""" lookAhead="true"/> | ||||
1517 | <RegExpr context="#stay" attribute="Open RegExp Brackets" String="[^\s\[\(\)"\\](?=\s*("|$))"/> | ||||
1518 | <IncludeRules context="_default_round_brackets"/> | ||||
1519 | <DetectChar context="_square_brackets_quoted" attribute="RegExp Brackets" char="["/> | ||||
1520 | <DetectChar context="_round_brackets_quoted" attribute="RegExp Brackets" char="("/> | ||||
1521 | </context> | ||||
1522 | | ||||
1523 | <!-- Groups Brackets in Unknown Quotes (allow spaces and line breaks) --> | ||||
1524 | <context name="_square_brackets_otherquote" attribute="RegExp Brackets Content" | ||||
1525 | lineEndContext="#pop!_square_brackets_otherquote_content" fallthrough="true" fallthroughContext="#pop!_square_brackets_otherquote_content"> | ||||
1526 | <RegExpr context="#pop!_square_brackets_otherquote_content" attribute="Special Char of Brackets" String="\^(?=[^\]]|$)"/> | ||||
1527 | </context> | ||||
1528 | <context name="_square_brackets_otherquote_content" attribute="RegExp Brackets Content" lineEndContext="#stay"> | ||||
1529 | <DetectChar context="#pop" attribute="RegExp Brackets" char="]"/> | ||||
1530 | <IncludeRules context="_default_square_brackets"/> | ||||
1531 | </context> | ||||
1532 | | ||||
1533 | <context name="_round_brackets_otherquote" attribute="RegExp Brackets Content" | ||||
1534 | lineEndContext="#pop!_round_brackets_otherquote_content" fallthrough="true" fallthroughContext="#pop!_round_brackets_otherquote_content"> | ||||
1535 | <IncludeRules context="_special_group_round_brackets"/> | ||||
1536 | <RegExpr context="#pop!_round_brackets_otherquote_content" attribute="Special Char of Brackets" String="&capGroup;(?=[^\)]|$)"/> | ||||
1537 | <DetectChar context="#pop!_round_brackets_otherquote_content" char="?"/> | ||||
1538 | </context> | ||||
1539 | <context name="_round_brackets_otherquote_content" attribute="RegExp Brackets Content" lineEndContext="#stay"> | ||||
1540 | <DetectChar context="#pop" attribute="RegExp Brackets" char=")"/> | ||||
1541 | <IncludeRules context="_fix_escape"/> | ||||
1542 | <IncludeRules context="_default_round_brackets"/> | ||||
1543 | <IncludeRules context="_line_continue_escape"/> | ||||
1544 | <DetectChar context="_square_brackets_otherquote" attribute="RegExp Brackets" char="["/> | ||||
1545 | <DetectChar context="_round_brackets_otherquote" attribute="RegExp Brackets" char="("/> | ||||
1546 | <RegExpr context="_comment" attribute="Comment" String="(^|\s)\#"/> | ||||
1547 | </context> | ||||
1548 | | ||||
1549 | </contexts> | ||||
1550 | | ||||
1551 | <itemDatas> | ||||
1552 | <itemData name="Normal Text" defStyleNum="dsNormal" spellChecking="false"/> | ||||
1553 | <itemData name="Comment" defStyleNum="dsComment"/> | ||||
1554 | <itemData name="URL in Comment" defStyleNum="dsComment" underline="1" spellChecking="false"/> | ||||
1555 | <itemData name="Path" defStyleNum="dsNormal" spellChecking="false"/> | ||||
1556 | <itemData name="Text Quoted" defStyleNum="dsString" spellChecking="false"/> | ||||
1557 | | ||||
1558 | <itemData name="IP Address" defStyleNum="dsFloat" spellChecking="false"/> | ||||
1559 | <itemData name="AV Permissions" defStyleNum="dsVerbatimString" spellChecking="false"/> | ||||
1560 | <itemData name="Android AV Permissions" defStyleNum="dsVerbatimString" italic="1" spellChecking="false"/> | ||||
1561 | <itemData name="Policy Capability" defStyleNum="dsPreprocessor" spellChecking="false"/> | ||||
1562 | <itemData name="Filesystem" defStyleNum="dsNormal" italic="1" spellChecking="false"/> | ||||
1563 | | ||||
1564 | <itemData name="Statements" defStyleNum="dsKeyword" spellChecking="false"/> | ||||
1565 | <itemData name="Policy Config. Statements" defStyleNum="dsPreprocessor" bold="1" spellChecking="false"/> | ||||
1566 | <itemData name="Access Keys" defStyleNum="dsWarning" bold="1" spellChecking="false"/> | ||||
1567 | <itemData name="Expression Keys" defStyleNum="dsVariable" bold="1" spellChecking="false"/> | ||||
1568 | <itemData name="Boolean Operators" defStyleNum="dsVariable" bold="1" spellChecking="false"/> | ||||
1569 | <itemData name="Special Keys" defStyleNum="dsOthers" spellChecking="false"/> | ||||
1570 | <itemData name="Reserved Keywords" defStyleNum="dsKeyword" spellChecking="false"/> | ||||
1571 | | ||||
1572 | <itemData name="Booleans" defStyleNum="dsExtension" bold="1" spellChecking="false"/> | ||||
1573 | <itemData name="Range" defStyleNum="dsDecVal" bold="1" spellChecking="false"/> | ||||
1574 | <itemData name="Class" defStyleNum="dsDataType" spellChecking="false"/> | ||||
1575 | <itemData name="MLS/MCS Level/Range" defStyleNum="dsDocumentation" spellChecking="false"/> | ||||
1576 | <itemData name="File Contexts" defStyleNum="dsOthers" spellChecking="false"/> | ||||
1577 | <itemData name="File Contexts (Type Enforcement)" defStyleNum="dsChar" spellChecking="false"/> | ||||
1578 | <itemData name="Input Selector" defStyleNum="dsAttribute" spellChecking="false"/> | ||||
1579 | <itemData name="Operator" defStyleNum="dsKeyword" spellChecking="false"/> | ||||
1580 | <itemData name="Symbol" defStyleNum="dsOperator" spellChecking="false"/> | ||||
1581 | <itemData name="Number" defStyleNum="dsDecVal" spellChecking="false"/> | ||||
1582 | <itemData name="Hexadecimal" defStyleNum="dsBaseN" spellChecking="false"/> | ||||
1583 | | ||||
1584 | <!-- Documentation --> | ||||
1585 | <itemData name="Documentation" defStyleNum="dsComment"/> | ||||
1586 | <itemData name="Doc. Element Tag" defStyleNum="dsAnnotation" bold="1" spellChecking="false"/> | ||||
1587 | <itemData name="Doc. EntityRef" defStyleNum="dsInformation" spellChecking="false"/> | ||||
1588 | <itemData name="Doc. Attribute" defStyleNum="dsAttribute" spellChecking="false"/> | ||||
1589 | <itemData name="Doc. Value" defStyleNum="dsString" spellChecking="false"/> | ||||
1590 | | ||||
1591 | <!-- Reference Policy --> | ||||
1592 | <itemData name="Function" defStyleNum="dsFunction" spellChecking="false"/> | ||||
1593 | <itemData name="Refpolicy Keywords" defStyleNum="dsFunction" italic="1" spellChecking="false"/> | ||||
1594 | <itemData name="Refpolicy Keywords (in FC files)" defStyleNum="dsNormal" bold="1" spellChecking="false"/> | ||||
1595 | <!-- M4 Macros --> | ||||
1596 | <itemData name="M4 Built-in Keywords" defStyleNum="dsBuiltIn" spellChecking="false"/> | ||||
1597 | <itemData name="M4 Special Arguments" defStyleNum="dsVariable" spellChecking="false"/> | ||||
1598 | <itemData name="M4 Preprocessor" defStyleNum="dsPreprocessor" spellChecking="false"/> | ||||
1599 | <itemData name="Default M4 Quote" defStyleNum="dsString" bold="1" spellChecking="false"/> | ||||
1600 | | ||||
1601 | <!-- RegExp --> | ||||
1602 | <itemData name="Escape Char" defStyleNum="dsChar" spellChecking="false"/> | ||||
1603 | <itemData name="Special Char" defStyleNum="dsSpecialChar" spellChecking="false"/> | ||||
1604 | <itemData name="Special Char of Brackets" defStyleNum="dsAnnotation" spellChecking="false"/> | ||||
1605 | <itemData name="RegExp Brackets" defStyleNum="dsSpecialString" spellChecking="false"/> | ||||
1606 | <itemData name="RegExp Brackets Content" defStyleNum="dsSpecialString" spellChecking="false"/> | ||||
1607 | <itemData name="Open RegExp Brackets" defStyleNum="dsSpecialString" underline="1" spellChecking="false"/> | ||||
1608 | <itemData name="Text Quoted Open" defStyleNum="dsString" underline="1" spellChecking="false"/> | ||||
1609 | | ||||
1610 | <itemData name="Error" defStyleNum="dsError" spellChecking="false"/> | ||||
1611 | </itemDatas> | ||||
1612 | | ||||
1613 | </highlighting> | ||||
1614 | | ||||
1615 | <general> | ||||
1616 | <keywords casesensitive="true" additionalDeliminator=""'`" weakDeliminator="-"/> | ||||
1617 | <comments> | ||||
1618 | <comment name="singleLine" start="#"/> | ||||
1619 | </comments> | ||||
1620 | </general> | ||||
1621 | | ||||
1622 | </language> | ||||
1623 | <!-- kate: replace-tabs off; tab-width 3; indent-width 3; remove-trailing-spaces mod; dynamic-word-wrap off; --> |