1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
from os.path import basename
import re
import sys
# A very limited parser whose job is to process the compatibility mapping
# files and retrieve type and attribute information until proper support is
# built into libsepol
# get the text in the next matching parens
class MiniCilParser:
def __init__(self, policyFile):
self.types = set() # types declared in mapping
self.pubtypes = set()
self.expandtypeattributes = {}
self.typeattributes = set() # attributes declared in mapping
self.typeattributesets = {} # sets defined in mapping
self.rTypeattributesets = {} # reverse mapping of above sets
self.apiLevel = None
with open(policyFile, 'r') as infile:
s = self._getNextStmt(infile)
while s:
self._parseStmt(s)
s = self._getNextStmt(infile)
fn = basename(policyFile)
m = re.match(r"(\d+\.\d+).+\.cil", fn)
if m:
self.apiLevel = m.group(1)
def unparse(self):
def wrapParens(stmt):
return "(" + stmt + ")"
def joinWrapParens(entries):
return wrapParens(" ".join(entries))
result = ""
for ty in sorted(self.types):
result += joinWrapParens(["type", ty]) + "\n"
for ta in sorted(self.typeattributes):
result += joinWrapParens(["typeattribute", ta]) + "\n"
for eta in sorted(self.expandtypeattributes.items(),
key=lambda x: x[0]):
result += joinWrapParens(
["expandtypeattribute", wrapParens(eta[0]), eta[1]]) + "\n"
for tas in sorted(self.typeattributesets.items(), key=lambda x: x[0]):
result += joinWrapParens(
["typeattributeset", tas[0],
joinWrapParens(sorted(tas[1]))]) + "\n"
return result
def _getNextStmt(self, infile):
parens = 0
s = ""
c = infile.read(1)
# get to first statement
while c and c != "(":
c = infile.read(1)
parens += 1
c = infile.read(1)
while c and parens != 0:
s += c
c = infile.read(1)
if c == ';':
# comment, get rid of rest of the line
while c != '\n':
c = infile.read(1)
elif c == '(':
parens += 1
elif c == ')':
parens -= 1
return s
def _parseType(self, stmt):
m = re.match(r"type\s+(.+)", stmt)
self.types.add(m.group(1))
return
def _parseExpandtypeattribute(self, stmt):
m = re.match(r"expandtypeattribute\s+\((.+)\)\s+(true|false)", stmt)
self.expandtypeattributes[m.group(1)] = m.group(2)
return
def _parseTypeattribute(self, stmt):
m = re.match(r"typeattribute\s+(.+)", stmt)
self.typeattributes.add(m.group(1))
return
def _parseTypeattributeset(self, stmt):
m = re.match(r"typeattributeset\s+(.+?)\s+\((.+?)\)", stmt, flags = re.M |re.S)
ta = m.group(1)
# this isn't proper expression parsing, but will do for our
# current use
tas = m.group(2).split()
if self.typeattributesets.get(ta) is None:
self.typeattributesets[ta] = set()
self.typeattributesets[ta].update(set(tas))
for t in tas:
if self.rTypeattributesets.get(t) is None:
self.rTypeattributesets[t] = set()
self.rTypeattributesets[t].update([ta])
# check to see if this typeattributeset is a versioned public type
pub = re.match(r"(\w+)_\d+_\d+", ta)
if pub is not None:
self.pubtypes.add(pub.group(1))
return
def _parseStmt(self, stmt):
if re.match(r"type\s+.+", stmt):
self._parseType(stmt)
elif re.match(r"typeattribute\s+.+", stmt):
self._parseTypeattribute(stmt)
elif re.match(r"typeattributeset\s+.+", stmt):
self._parseTypeattributeset(stmt)
elif re.match(r"expandtypeattribute\s+.+", stmt):
self._parseExpandtypeattribute(stmt)
return
if __name__ == '__main__':
f = sys.argv[1]
p = MiniCilParser(f)
|
