Improve highlighting of SELinux CIL policies & file contexts
ClosedPublic

Authored by nibags on Apr 5 2018, 7:21 AM.

Details

Summary

Depends on D15089

Remove code incorporated in the selinux.xml file (which is accessed by IncludeRules). In addition, this improves the highlight of regular expressions.

SELinux CIL Policies:

  • Moves to "selinux.xml" access vectors permissions and filesystem (keywords), the highlighting of IPs and RegExp, etc. In addition, this adds Android permissions and improve IPv6 detection.
  • Improves the highlighting of file contexts (now "type" is highlighted with a different color).
  • Fix permissions list in "ioctl" kind (permissionx) and "call" statements. Although this is not completely resolved, for example, it is difficult to know if the keyword "call", at the beginning of a block, is a statement or a permission.
  • Add "sctp" protocol keyword and policy capabilities keywords (defined in "selinux.xml").

SELinux File Context:

  • Move to "selinux.xml" functions, RegExp, comments, quotes of macros, etc.
  • Simplify code.
  • Improves the detection of file contexts. Now the detection of valid contexts and valid levels/ranges is more accurate.
  • Add keywords from the Reference Policy, built-in in M 4 macros and some relevant statements (defined in "selinux.xml").
  • Add some file names (in "extensions") of policy configuration files (Ex: "service_contexts" & "property_contexts" are configuration files for Android policies).
NOTE: I included the changes in this old diff that I duplicated by mistake in D14526 (originally it contained the changes to SELinux that are here).

Diff Detail

Repository
R216 Syntax Highlighting
Branch
add-selinux
Lint
No Linters Available
Unit
No Unit Test Coverage
Build Status
Buildable 2386
Build 2404: arc lint + arc unit
nibags created this revision.Apr 5 2018, 7:21 AM
Restricted Application added a project: Frameworks. · View Herald TranscriptApr 5 2018, 7:21 AM
Restricted Application added a subscriber: Frameworks. · View Herald Transcript
nibags requested review of this revision.Apr 5 2018, 7:21 AM
nibags updated this revision to Diff 32240.Apr 15 2018, 11:59 PM
  • AppArmor 2.13.0 Released: allow 'if exists' in Include rules

Out of curiosity: why are you putting multiple items in the same line on the keyword lists? This bloats up the diff and makes a real review so much harder... :/

nibags updated this revision to Diff 32260.Apr 16 2018, 9:03 AM
  • SELinux CIL: Add binaries and float.

I thought it would be better if the keywords used fewer lines in the file.
If it's more comfortable I can restore it to how it was before...

nibags updated this revision to Diff 32563.Apr 19 2018, 1:36 PM
  • Restore keywords
nibags changed the visibility from "Public (No Login Required)" to "No One".Jul 10 2018, 5:30 AM
nibags changed the edit policy from "All Users" to "No One".
Restricted Application removed a subscriber: Frameworks. · View Herald TranscriptJul 10 2018, 5:30 AM
nibags updated this revision to Diff 38870.Jul 31 2018, 6:40 PM

AppArmor: update syntax and various improvements/fixes. Undo update of SELinux.

Restricted Application added a project: Kate. · View Herald TranscriptJul 31 2018, 6:40 PM
nibags retitled this revision from Optimize AppArmor & SELinux highlighting and improve regex to AppArmor: update syntax and various improvements/fixes.Jul 31 2018, 6:44 PM
nibags edited the summary of this revision. (Show Details)
nibags changed the visibility from "No One" to "All Users".
nibags changed the edit policy from "No One" to "All Users".
nibags changed the visibility from "All Users" to "No One".Jul 31 2018, 8:57 PM
nibags changed the edit policy from "All Users" to "No One".
nibags updated this revision to Diff 40473.Aug 26 2018, 4:25 PM
  • Improve highlighting of SELinux CIL policies & SELinux file contexts
nibags updated this revision to Diff 40475.Aug 26 2018, 5:41 PM
  • Remove selinux.xml & test.te
nibags retitled this revision from AppArmor: update syntax and various improvements/fixes to Improve highlighting of SELinux CIL policies & file contexts.Aug 26 2018, 5:45 PM
nibags edited the summary of this revision. (Show Details)
nibags edited the test plan for this revision. (Show Details)
nibags edited the summary of this revision. (Show Details)Aug 26 2018, 6:11 PM
nibags changed the visibility from "No One" to "Public (No Login Required)".
nibags changed the edit policy from "No One" to "All Users".
nibags edited the summary of this revision. (Show Details)
cullmann accepted this revision.Aug 27 2018, 5:47 PM

Feel free to commit.

This revision is now accepted and ready to land.Aug 27 2018, 5:47 PM
nibags updated this revision to Diff 40766.Aug 31 2018, 1:24 PM
  • Update according to the latest change of "selinux.xml" (only single-line strings and better MLS/MCS levels detection).