| Message ID | 90473e07-fe79-18d8-4772-52deb4f8e1bd@gmail.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [v2,1/3] secilc/docs: use fenced code blocks for cil examples | expand |
On Sat, Feb 6, 2021 at 4:05 PM bauen1 <j2468h@googlemail.com> wrote: > > This is done by creating a somewhat rudimentary KDE syntax xml for > pandoc. > > The default styles provided by pandoc don't look very good and don't > highlight e.g. the strings marked as builtin. > > Signed-off-by: Jonathan Hettwer <j2468h@gmail.com> > --- > secilc/docs/Makefile | 10 +- > secilc/docs/secil.xml | 236 ++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 242 insertions(+), 4 deletions(-) > create mode 100644 secilc/docs/secil.xml > > diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile > index 79a165ba..a91bcde0 100644 > --- a/secilc/docs/Makefile > +++ b/secilc/docs/Makefile > @@ -28,6 +28,8 @@ FILE_LIST ?= cil_introduction.md \ > > PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) > > +PANDOC_HIGHLIGHT_STYLE="pygments" > + > PDF_OUT=CIL_Reference_Guide.pdf > HTML_OUT=CIL_Reference_Guide.html > PANDOC = pandoc > @@ -54,13 +56,13 @@ $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil > $(SED) -i '1i Example Policy\n=========\n```secil' $@ > echo '```' >> $@ > > -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > mkdir -p $(HTMLDIR) > - $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --metadata title="CIL Reference Guide" -t html $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(HTMLDIR)/$(HTML_OUT) > > -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > mkdir -p $(PDFDIR) > - $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --toc $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(PDFDIR)/$(PDF_OUT) > > clean: > rm -rf $(HTMLDIR) > diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml > new file mode 100644 > index 00000000..daa80ded > --- /dev/null > +++ b/secilc/docs/secil.xml > @@ -0,0 +1,236 @@ > +<?xml version="1.0" encoding="UTF-8"?> > +<!-- https://docs.kde.org/trunk5/en/applications/katepart/highlight.html#katehighlight-xml-format --> > +<!DOCTYPE language SYSTEM "language.dtd"> > +<language name="secil" section="Sources" extensions="*.cil" version="1" kateversion="2.4"> > + <!-- > + The keywords where extracted from libsepol/cil/src/cil.c sorted into the > + right lists and sorted alphabetically > + --> > + <list name="keywords_blockstart"> > + <item>allow</item> > + <item>allowx</item> > + <item>auditallow</item> > + <item>auditallowx</item> > + <item>block</item> > + <item>blockabstract</item> > + <item>boolean</item> > + <item>booleanif</item> > + <item>category</item> > + <item>categoryalias</item> > + <item>categoryaliasactual</item> > + <item>categoryorder</item> > + <item>categoryset</item> > + <item>class</item> > + <item>classcommon</item> > + <item>classmap</item> > + <item>classmapping</item> > + <item>classorder</item> > + <item>classpermission</item> > + <item>classpermissionset</item> > + <item>common</item> > + <item>constrain</item> > + <item>context</item> > + <item>defaultrange</item> > + <item>defaultrole</item> > + <item>defaulttype</item> > + <item>defaultuser</item> > + <item>devicetreecon</item> > + <item>dontaudit</item> > + <item>dontauditx</item> > + <item>expandtypeattribute</item> > + <item>false</item> > + <item>filecon</item> > + <item>fsuse</item> > + <item>genfscon</item> > + <item>handleunknown</item> > + <item>ibendportcon</item> > + <item>ibpkeycon</item> > + <item>ioctl</item> > + <item>iomemcon</item> > + <item>ioportcon</item> > + <item>ipaddr</item> > + <item>level</item> > + <item>levelrange</item> > + <item>mls</item> > + <item>mlsconstrain</item> > + <item>mlsvalidatetrans</item> > + <item>netifcon</item> > + <item>neverallow</item> > + <item>neverallowx</item> > + <item>nodecon</item> > + <item>optional</item> > + <item>pcidevicecon</item> > + <item>perm</item> > + <item>permissionx</item> > + <item>pirqcon</item> > + <item>policycap</item> > + <item>portcon</item> > + <item>rangetransition</item> > + <item>role</item> > + <item>roleallow</item> > + <item>roleattribute</item> > + <item>roleattributeset</item> > + <item>rolebounds</item> > + <item>roletransition</item> > + <item>roletype</item> > + <item>selinuxuser</item> > + <item>selinuxuserdefault</item> > + <item>sensitivity</item> > + <item>sensitivityalias</item> > + <item>sensitivityaliasactual</item> > + <item>sensitivitycategory</item> > + <item>sensitivityorder</item> > + <item>sid</item> > + <item>sidcontext</item> > + <item>sidorder</item> > + <item>true</item> > + <item>tunable</item> > + <item>tunableif</item> > + <item>type</item> > + <item>typealias</item> > + <item>typealiasactual</item> > + <item>typeattribute</item> > + <item>typeattributeset</item> > + <item>typebounds</item> > + <item>typechange</item> > + <item>typemember</item> > + <item>typepermissive</item> > + <item>typetransition</item> > + <item>unordered</item> > + <item>user</item> > + <item>userattribute</item> > + <item>userattributeset</item> > + <item>userbounds</item> > + <item>userlevel</item> > + <item>userprefix</item> > + <item>userrange</item> > + <item>userrole</item> > + <item>validatetrans</item> > + </list> > + > + <list name="function"> > + <item>blockinherit</item> > + <item>call</item> > + <item>in</item> > + <item>macro</item> > + </list> > + I am not sure it adds a lot to have these as separate colors. Also, when call is used as a permission, it is highlighted. It would be nice if that could be fixed. Thanks, Jim > + <list name="operators"> > + <item>and</item> > + <item>dom</item> > + <item>domby</item> > + <item>eq</item> > + <item>incomp</item> > + <item>neq</item> > + <item>not</item> > + <item>or</item> > + <item>range</item> > + <item>xor</item> > + </list> > + > + <!-- list of "magic" functions or values --> > + <list name="builtins"> > + <item>*</item> > + <item>all</item> > + <item>dccp</item> > + <item>false</item> > + <item>h1</item> > + <item>h2</item> > + <item>l1</item> > + <item>l2</item> > + <item>object_r</item> > + <item>r1</item> > + <item>r2</item> > + <item>r3</item> > + <item>sctp</item> > + <item>self</item> > + <item>t1</item> > + <item>t2</item> > + <item>t3</item> > + <item>tcp</item> > + <item>true</item> > + <item>u1</item> > + <item>u2</item> > + <item>u3</item> > + <item>udp</item> > + > + <!-- > + Excluded because they lead to a lot of false-positives > + <item>allow</item> > + <item>any</item> > + <item>char</item> > + <item>deny</item> > + <item>dir</item> > + <item>file</item> > + <item>glblub</item> > + <item>high</item> > + <item>low-high</item> > + <item>low</item> > + <item>pipe</item> > + <item>reject</item> > + <item>socket</item> > + <item>source</item> > + <item>symlink</item> > + <item>target</item> > + <item>task</item> > + <item>trans</item> > + <item>xattr</item> > + --> > + </list> > + <highlighting> > + <contexts> > + <context name="Normal" attribute="Normal" lineEndContext="#stay"> > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + </context> > + <context name="BlockStart" attribute="Normal" lineEndContext="#stay"> > + <keyword attribute="Keyword" context="Block" String="keywords_blockstart"/> > + <keyword attribute="Function" context="Block" String="function"/> > + <keyword attribute="Operator" context="Block" String="operators"/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + </context> > + <context name="Block" attribute="Normal" lineEndContext="#stay"> > + <keyword attribute="Builtin" context="#stay" String="builtins"/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + <DetectChar attribute="String" context="String" char="""/> > + > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > + <DetectChar attribute="Brackets" context="#pop" char=")"/> > + </context> > + > + <!-- single line comment --> > + <context name="Comment" attribute="Comment" lineEndContext="#pop"></context> > + > + <!-- string / name --> > + <context name="String" attribute="String" lineEndContext="#stay"> > + <RegExpr attribute="Char" context="#stay" String="#\\."/> > + > + <!-- allow escaping " or similiar --> > + <HlCStringChar attribute="String Char" context="#stay"/> > + > + <DetectChar attribute="String" context="#pop" char="""/> > + </context> > + </contexts> > + <itemDatas> > + <itemData name="Normal" defStyleNum="dsNormal" /> > + <itemData name="Keyword" defStyleNum="dsKeyword"/> > + <itemData name="Function" defStyleNum="dsFunction"/> > + <itemData name="Operator" defStyleNum="dsOperator"/> > + <itemData name="Builtin" defStyleNum="dsBuiltIn"/> > + > + <itemData name="Comment" defStyleNum="dsComment"/> > + > + <itemData name="String" defStyleNum="dsString"/> > + <itemData name="String Char" defStyleNum="dsSpecialChar"/> > + </itemDatas> > + </highlighting> > + <general> > + <comments> > + <comment name="singleLine" start=";"/> > + </comments> > + <keywords casesensitive="1" weakDeliminator="."/> > + </general> > +</language> > -- > 2.30.0 >
On 2/8/21 6:43 PM, James Carter wrote: > On Sat, Feb 6, 2021 at 4:05 PM bauen1 <j2468h@googlemail.com> wrote: >> >> + <list name="function"> >> + <item>blockinherit</item> >> + <item>call</item> >> + <item>in</item> >> + <item>macro</item> >> + </list> >> + > > I am not sure it adds a lot to have these as separate colors. I would at least like to have `macro`, `call` and `blockinherit` as separate colors, as these behave very differently from "normal" keywords / statements and more like function calls from a programming language. They are usually also quite important when looking over policy so I think it's warranted. I'm less sure about the arrangement of `in`, but due to its special interaction I've also included it. > Also, when call is used as a permission, it is highlighted. It would > be nice if that could be fixed. I don't think this could be fixed easily, the same is also true if e.g. `allow` (a keyword) is used as permission, e.g. (allow t1 (file (call))) (allow t1 (file (allow))) This is harder to fix as currently the syntax has no concept of what a "permission" is and I don't want to make things too complicated.
On Mon, Feb 8, 2021 at 2:35 PM bauen1 <j2468h@googlemail.com> wrote: > > On 2/8/21 6:43 PM, James Carter wrote: > > On Sat, Feb 6, 2021 at 4:05 PM bauen1 <j2468h@googlemail.com> wrote: > >> > >> + <list name="function"> > >> + <item>blockinherit</item> > >> + <item>call</item> > >> + <item>in</item> > >> + <item>macro</item> > >> + </list> > >> + > > > > I am not sure it adds a lot to have these as separate colors. > > I would at least like to have `macro`, `call` and `blockinherit` as separate colors, as these behave very differently from "normal" keywords / statements and more like function calls from a programming language. > They are usually also quite important when looking over policy so I think it's warranted. > > I'm less sure about the arrangement of `in`, but due to its special interaction I've also included it. > I can live with it. > > Also, when call is used as a permission, it is highlighted. It would > > be nice if that could be fixed. > > I don't think this could be fixed easily, the same is also true if e.g. `allow` (a keyword) is used as permission, e.g. > > (allow t1 (file (call))) > (allow t1 (file (allow))) > > This is harder to fix as currently the syntax has no concept of what a "permission" is and I don't want to make things too complicated. > It's pretty minor, so don't worry about fixing it. Thanks, Jim > -- > bauen1 > https://dn42.bauen1.xyz/
On Sat, Feb 6, 2021 at 4:05 PM bauen1 <j2468h@googlemail.com> wrote: > > This is done by creating a somewhat rudimentary KDE syntax xml for > pandoc. > > The default styles provided by pandoc don't look very good and don't > highlight e.g. the strings marked as builtin. > > Signed-off-by: Jonathan Hettwer <j2468h@gmail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > secilc/docs/Makefile | 10 +- > secilc/docs/secil.xml | 236 ++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 242 insertions(+), 4 deletions(-) > create mode 100644 secilc/docs/secil.xml > > diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile > index 79a165ba..a91bcde0 100644 > --- a/secilc/docs/Makefile > +++ b/secilc/docs/Makefile > @@ -28,6 +28,8 @@ FILE_LIST ?= cil_introduction.md \ > > PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) > > +PANDOC_HIGHLIGHT_STYLE="pygments" > + > PDF_OUT=CIL_Reference_Guide.pdf > HTML_OUT=CIL_Reference_Guide.html > PANDOC = pandoc > @@ -54,13 +56,13 @@ $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil > $(SED) -i '1i Example Policy\n=========\n```secil' $@ > echo '```' >> $@ > > -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > mkdir -p $(HTMLDIR) > - $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --metadata title="CIL Reference Guide" -t html $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(HTMLDIR)/$(HTML_OUT) > > -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > mkdir -p $(PDFDIR) > - $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --toc $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(PDFDIR)/$(PDF_OUT) > > clean: > rm -rf $(HTMLDIR) > diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml > new file mode 100644 > index 00000000..daa80ded > --- /dev/null > +++ b/secilc/docs/secil.xml > @@ -0,0 +1,236 @@ > +<?xml version="1.0" encoding="UTF-8"?> > +<!-- https://docs.kde.org/trunk5/en/applications/katepart/highlight.html#katehighlight-xml-format --> > +<!DOCTYPE language SYSTEM "language.dtd"> > +<language name="secil" section="Sources" extensions="*.cil" version="1" kateversion="2.4"> > + <!-- > + The keywords where extracted from libsepol/cil/src/cil.c sorted into the > + right lists and sorted alphabetically > + --> > + <list name="keywords_blockstart"> > + <item>allow</item> > + <item>allowx</item> > + <item>auditallow</item> > + <item>auditallowx</item> > + <item>block</item> > + <item>blockabstract</item> > + <item>boolean</item> > + <item>booleanif</item> > + <item>category</item> > + <item>categoryalias</item> > + <item>categoryaliasactual</item> > + <item>categoryorder</item> > + <item>categoryset</item> > + <item>class</item> > + <item>classcommon</item> > + <item>classmap</item> > + <item>classmapping</item> > + <item>classorder</item> > + <item>classpermission</item> > + <item>classpermissionset</item> > + <item>common</item> > + <item>constrain</item> > + <item>context</item> > + <item>defaultrange</item> > + <item>defaultrole</item> > + <item>defaulttype</item> > + <item>defaultuser</item> > + <item>devicetreecon</item> > + <item>dontaudit</item> > + <item>dontauditx</item> > + <item>expandtypeattribute</item> > + <item>false</item> > + <item>filecon</item> > + <item>fsuse</item> > + <item>genfscon</item> > + <item>handleunknown</item> > + <item>ibendportcon</item> > + <item>ibpkeycon</item> > + <item>ioctl</item> > + <item>iomemcon</item> > + <item>ioportcon</item> > + <item>ipaddr</item> > + <item>level</item> > + <item>levelrange</item> > + <item>mls</item> > + <item>mlsconstrain</item> > + <item>mlsvalidatetrans</item> > + <item>netifcon</item> > + <item>neverallow</item> > + <item>neverallowx</item> > + <item>nodecon</item> > + <item>optional</item> > + <item>pcidevicecon</item> > + <item>perm</item> > + <item>permissionx</item> > + <item>pirqcon</item> > + <item>policycap</item> > + <item>portcon</item> > + <item>rangetransition</item> > + <item>role</item> > + <item>roleallow</item> > + <item>roleattribute</item> > + <item>roleattributeset</item> > + <item>rolebounds</item> > + <item>roletransition</item> > + <item>roletype</item> > + <item>selinuxuser</item> > + <item>selinuxuserdefault</item> > + <item>sensitivity</item> > + <item>sensitivityalias</item> > + <item>sensitivityaliasactual</item> > + <item>sensitivitycategory</item> > + <item>sensitivityorder</item> > + <item>sid</item> > + <item>sidcontext</item> > + <item>sidorder</item> > + <item>true</item> > + <item>tunable</item> > + <item>tunableif</item> > + <item>type</item> > + <item>typealias</item> > + <item>typealiasactual</item> > + <item>typeattribute</item> > + <item>typeattributeset</item> > + <item>typebounds</item> > + <item>typechange</item> > + <item>typemember</item> > + <item>typepermissive</item> > + <item>typetransition</item> > + <item>unordered</item> > + <item>user</item> > + <item>userattribute</item> > + <item>userattributeset</item> > + <item>userbounds</item> > + <item>userlevel</item> > + <item>userprefix</item> > + <item>userrange</item> > + <item>userrole</item> > + <item>validatetrans</item> > + </list> > + > + <list name="function"> > + <item>blockinherit</item> > + <item>call</item> > + <item>in</item> > + <item>macro</item> > + </list> > + > + <list name="operators"> > + <item>and</item> > + <item>dom</item> > + <item>domby</item> > + <item>eq</item> > + <item>incomp</item> > + <item>neq</item> > + <item>not</item> > + <item>or</item> > + <item>range</item> > + <item>xor</item> > + </list> > + > + <!-- list of "magic" functions or values --> > + <list name="builtins"> > + <item>*</item> > + <item>all</item> > + <item>dccp</item> > + <item>false</item> > + <item>h1</item> > + <item>h2</item> > + <item>l1</item> > + <item>l2</item> > + <item>object_r</item> > + <item>r1</item> > + <item>r2</item> > + <item>r3</item> > + <item>sctp</item> > + <item>self</item> > + <item>t1</item> > + <item>t2</item> > + <item>t3</item> > + <item>tcp</item> > + <item>true</item> > + <item>u1</item> > + <item>u2</item> > + <item>u3</item> > + <item>udp</item> > + > + <!-- > + Excluded because they lead to a lot of false-positives > + <item>allow</item> > + <item>any</item> > + <item>char</item> > + <item>deny</item> > + <item>dir</item> > + <item>file</item> > + <item>glblub</item> > + <item>high</item> > + <item>low-high</item> > + <item>low</item> > + <item>pipe</item> > + <item>reject</item> > + <item>socket</item> > + <item>source</item> > + <item>symlink</item> > + <item>target</item> > + <item>task</item> > + <item>trans</item> > + <item>xattr</item> > + --> > + </list> > + <highlighting> > + <contexts> > + <context name="Normal" attribute="Normal" lineEndContext="#stay"> > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + </context> > + <context name="BlockStart" attribute="Normal" lineEndContext="#stay"> > + <keyword attribute="Keyword" context="Block" String="keywords_blockstart"/> > + <keyword attribute="Function" context="Block" String="function"/> > + <keyword attribute="Operator" context="Block" String="operators"/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + </context> > + <context name="Block" attribute="Normal" lineEndContext="#stay"> > + <keyword attribute="Builtin" context="#stay" String="builtins"/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + <DetectChar attribute="String" context="String" char="""/> > + > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > + <DetectChar attribute="Brackets" context="#pop" char=")"/> > + </context> > + > + <!-- single line comment --> > + <context name="Comment" attribute="Comment" lineEndContext="#pop"></context> > + > + <!-- string / name --> > + <context name="String" attribute="String" lineEndContext="#stay"> > + <RegExpr attribute="Char" context="#stay" String="#\\."/> > + > + <!-- allow escaping " or similiar --> > + <HlCStringChar attribute="String Char" context="#stay"/> > + > + <DetectChar attribute="String" context="#pop" char="""/> > + </context> > + </contexts> > + <itemDatas> > + <itemData name="Normal" defStyleNum="dsNormal" /> > + <itemData name="Keyword" defStyleNum="dsKeyword"/> > + <itemData name="Function" defStyleNum="dsFunction"/> > + <itemData name="Operator" defStyleNum="dsOperator"/> > + <itemData name="Builtin" defStyleNum="dsBuiltIn"/> > + > + <itemData name="Comment" defStyleNum="dsComment"/> > + > + <itemData name="String" defStyleNum="dsString"/> > + <itemData name="String Char" defStyleNum="dsSpecialChar"/> > + </itemDatas> > + </highlighting> > + <general> > + <comments> > + <comment name="singleLine" start=";"/> > + </comments> > + <keywords casesensitive="1" weakDeliminator="."/> > + </general> > +</language> > -- > 2.30.0 >
On Sat, Feb 6, 2021 at 4:05 PM bauen1 <j2468h@googlemail.com> wrote: > > This is done by creating a somewhat rudimentary KDE syntax xml for > pandoc. > > The default styles provided by pandoc don't look very good and don't > highlight e.g. the strings marked as builtin. > > Signed-off-by: Jonathan Hettwer <j2468h@gmail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > secilc/docs/Makefile | 10 +- > secilc/docs/secil.xml | 236 ++++++++++++++++++++++++++++++++++++++++++ > 2 files changed, 242 insertions(+), 4 deletions(-) > create mode 100644 secilc/docs/secil.xml > > diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile > index 79a165ba..a91bcde0 100644 > --- a/secilc/docs/Makefile > +++ b/secilc/docs/Makefile > @@ -28,6 +28,8 @@ FILE_LIST ?= cil_introduction.md \ > > PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) > > +PANDOC_HIGHLIGHT_STYLE="pygments" > + > PDF_OUT=CIL_Reference_Guide.pdf > HTML_OUT=CIL_Reference_Guide.html > PANDOC = pandoc > @@ -54,13 +56,13 @@ $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil > $(SED) -i '1i Example Policy\n=========\n```secil' $@ > echo '```' >> $@ > > -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > mkdir -p $(HTMLDIR) > - $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --metadata title="CIL Reference Guide" -t html $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(HTMLDIR)/$(HTML_OUT) > > -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > +pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > mkdir -p $(PDFDIR) > - $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --toc $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(PDFDIR)/$(PDF_OUT) > > clean: > rm -rf $(HTMLDIR) > diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml > new file mode 100644 > index 00000000..daa80ded > --- /dev/null > +++ b/secilc/docs/secil.xml > @@ -0,0 +1,236 @@ > +<?xml version="1.0" encoding="UTF-8"?> > +<!-- https://docs.kde.org/trunk5/en/applications/katepart/highlight.html#katehighlight-xml-format --> > +<!DOCTYPE language SYSTEM "language.dtd"> > +<language name="secil" section="Sources" extensions="*.cil" version="1" kateversion="2.4"> > + <!-- > + The keywords where extracted from libsepol/cil/src/cil.c sorted into the > + right lists and sorted alphabetically > + --> > + <list name="keywords_blockstart"> > + <item>allow</item> > + <item>allowx</item> > + <item>auditallow</item> > + <item>auditallowx</item> > + <item>block</item> > + <item>blockabstract</item> > + <item>boolean</item> > + <item>booleanif</item> > + <item>category</item> > + <item>categoryalias</item> > + <item>categoryaliasactual</item> > + <item>categoryorder</item> > + <item>categoryset</item> > + <item>class</item> > + <item>classcommon</item> > + <item>classmap</item> > + <item>classmapping</item> > + <item>classorder</item> > + <item>classpermission</item> > + <item>classpermissionset</item> > + <item>common</item> > + <item>constrain</item> > + <item>context</item> > + <item>defaultrange</item> > + <item>defaultrole</item> > + <item>defaulttype</item> > + <item>defaultuser</item> > + <item>devicetreecon</item> > + <item>dontaudit</item> > + <item>dontauditx</item> > + <item>expandtypeattribute</item> > + <item>false</item> > + <item>filecon</item> > + <item>fsuse</item> > + <item>genfscon</item> > + <item>handleunknown</item> > + <item>ibendportcon</item> > + <item>ibpkeycon</item> > + <item>ioctl</item> > + <item>iomemcon</item> > + <item>ioportcon</item> > + <item>ipaddr</item> > + <item>level</item> > + <item>levelrange</item> > + <item>mls</item> > + <item>mlsconstrain</item> > + <item>mlsvalidatetrans</item> > + <item>netifcon</item> > + <item>neverallow</item> > + <item>neverallowx</item> > + <item>nodecon</item> > + <item>optional</item> > + <item>pcidevicecon</item> > + <item>perm</item> > + <item>permissionx</item> > + <item>pirqcon</item> > + <item>policycap</item> > + <item>portcon</item> > + <item>rangetransition</item> > + <item>role</item> > + <item>roleallow</item> > + <item>roleattribute</item> > + <item>roleattributeset</item> > + <item>rolebounds</item> > + <item>roletransition</item> > + <item>roletype</item> > + <item>selinuxuser</item> > + <item>selinuxuserdefault</item> > + <item>sensitivity</item> > + <item>sensitivityalias</item> > + <item>sensitivityaliasactual</item> > + <item>sensitivitycategory</item> > + <item>sensitivityorder</item> > + <item>sid</item> > + <item>sidcontext</item> > + <item>sidorder</item> > + <item>true</item> > + <item>tunable</item> > + <item>tunableif</item> > + <item>type</item> > + <item>typealias</item> > + <item>typealiasactual</item> > + <item>typeattribute</item> > + <item>typeattributeset</item> > + <item>typebounds</item> > + <item>typechange</item> > + <item>typemember</item> > + <item>typepermissive</item> > + <item>typetransition</item> > + <item>unordered</item> > + <item>user</item> > + <item>userattribute</item> > + <item>userattributeset</item> > + <item>userbounds</item> > + <item>userlevel</item> > + <item>userprefix</item> > + <item>userrange</item> > + <item>userrole</item> > + <item>validatetrans</item> > + </list> > + > + <list name="function"> > + <item>blockinherit</item> > + <item>call</item> > + <item>in</item> > + <item>macro</item> > + </list> > + > + <list name="operators"> > + <item>and</item> > + <item>dom</item> > + <item>domby</item> > + <item>eq</item> > + <item>incomp</item> > + <item>neq</item> > + <item>not</item> > + <item>or</item> > + <item>range</item> > + <item>xor</item> > + </list> > + > + <!-- list of "magic" functions or values --> > + <list name="builtins"> > + <item>*</item> > + <item>all</item> > + <item>dccp</item> > + <item>false</item> > + <item>h1</item> > + <item>h2</item> > + <item>l1</item> > + <item>l2</item> > + <item>object_r</item> > + <item>r1</item> > + <item>r2</item> > + <item>r3</item> > + <item>sctp</item> > + <item>self</item> > + <item>t1</item> > + <item>t2</item> > + <item>t3</item> > + <item>tcp</item> > + <item>true</item> > + <item>u1</item> > + <item>u2</item> > + <item>u3</item> > + <item>udp</item> > + > + <!-- > + Excluded because they lead to a lot of false-positives > + <item>allow</item> > + <item>any</item> > + <item>char</item> > + <item>deny</item> > + <item>dir</item> > + <item>file</item> > + <item>glblub</item> > + <item>high</item> > + <item>low-high</item> > + <item>low</item> > + <item>pipe</item> > + <item>reject</item> > + <item>socket</item> > + <item>source</item> > + <item>symlink</item> > + <item>target</item> > + <item>task</item> > + <item>trans</item> > + <item>xattr</item> > + --> > + </list> > + <highlighting> > + <contexts> > + <context name="Normal" attribute="Normal" lineEndContext="#stay"> > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + </context> > + <context name="BlockStart" attribute="Normal" lineEndContext="#stay"> > + <keyword attribute="Keyword" context="Block" String="keywords_blockstart"/> > + <keyword attribute="Function" context="Block" String="function"/> > + <keyword attribute="Operator" context="Block" String="operators"/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + </context> > + <context name="Block" attribute="Normal" lineEndContext="#stay"> > + <keyword attribute="Builtin" context="#stay" String="builtins"/> > + > + <DetectChar attribute="Comment" context="Comment" char=";"/> > + <DetectChar attribute="String" context="String" char="""/> > + > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > + <DetectChar attribute="Brackets" context="#pop" char=")"/> > + </context> > + > + <!-- single line comment --> > + <context name="Comment" attribute="Comment" lineEndContext="#pop"></context> > + > + <!-- string / name --> > + <context name="String" attribute="String" lineEndContext="#stay"> > + <RegExpr attribute="Char" context="#stay" String="#\\."/> > + > + <!-- allow escaping " or similiar --> > + <HlCStringChar attribute="String Char" context="#stay"/> > + > + <DetectChar attribute="String" context="#pop" char="""/> > + </context> > + </contexts> > + <itemDatas> > + <itemData name="Normal" defStyleNum="dsNormal" /> > + <itemData name="Keyword" defStyleNum="dsKeyword"/> > + <itemData name="Function" defStyleNum="dsFunction"/> > + <itemData name="Operator" defStyleNum="dsOperator"/> > + <itemData name="Builtin" defStyleNum="dsBuiltIn"/> > + > + <itemData name="Comment" defStyleNum="dsComment"/> > + > + <itemData name="String" defStyleNum="dsString"/> > + <itemData name="String Char" defStyleNum="dsSpecialChar"/> > + </itemDatas> > + </highlighting> > + <general> > + <comments> > + <comment name="singleLine" start=";"/> > + </comments> > + <keywords casesensitive="1" weakDeliminator="."/> > + </general> > +</language> > -- > 2.30.0 >
On Thu, Feb 11, 2021 at 6:35 PM James Carter <jwcart2@gmail.com> wrote: > > On Sat, Feb 6, 2021 at 4:05 PM bauen1 <j2468h@googlemail.com> wrote: > > > > This is done by creating a somewhat rudimentary KDE syntax xml for > > pandoc. > > > > The default styles provided by pandoc don't look very good and don't > > highlight e.g. the strings marked as builtin. > > > > Signed-off-by: Jonathan Hettwer <j2468h@gmail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Applied. Thanks, Jim > > --- > > secilc/docs/Makefile | 10 +- > > secilc/docs/secil.xml | 236 ++++++++++++++++++++++++++++++++++++++++++ > > 2 files changed, 242 insertions(+), 4 deletions(-) > > create mode 100644 secilc/docs/secil.xml > > > > diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile > > index 79a165ba..a91bcde0 100644 > > --- a/secilc/docs/Makefile > > +++ b/secilc/docs/Makefile > > @@ -28,6 +28,8 @@ FILE_LIST ?= cil_introduction.md \ > > > > PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) > > > > +PANDOC_HIGHLIGHT_STYLE="pygments" > > + > > PDF_OUT=CIL_Reference_Guide.pdf > > HTML_OUT=CIL_Reference_Guide.html > > PANDOC = pandoc > > @@ -54,13 +56,13 @@ $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil > > $(SED) -i '1i Example Policy\n=========\n```secil' $@ > > echo '```' >> $@ > > > > -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > > +html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > > mkdir -p $(HTMLDIR) > > - $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) > > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --metadata title="CIL Reference Guide" -t html $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(HTMLDIR)/$(HTML_OUT) > > > > -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil > > +pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml > > mkdir -p $(PDFDIR) > > - $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) > > + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --toc $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(PDFDIR)/$(PDF_OUT) > > > > clean: > > rm -rf $(HTMLDIR) > > diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml > > new file mode 100644 > > index 00000000..daa80ded > > --- /dev/null > > +++ b/secilc/docs/secil.xml > > @@ -0,0 +1,236 @@ > > +<?xml version="1.0" encoding="UTF-8"?> > > +<!-- https://docs.kde.org/trunk5/en/applications/katepart/highlight.html#katehighlight-xml-format --> > > +<!DOCTYPE language SYSTEM "language.dtd"> > > +<language name="secil" section="Sources" extensions="*.cil" version="1" kateversion="2.4"> > > + <!-- > > + The keywords where extracted from libsepol/cil/src/cil.c sorted into the > > + right lists and sorted alphabetically > > + --> > > + <list name="keywords_blockstart"> > > + <item>allow</item> > > + <item>allowx</item> > > + <item>auditallow</item> > > + <item>auditallowx</item> > > + <item>block</item> > > + <item>blockabstract</item> > > + <item>boolean</item> > > + <item>booleanif</item> > > + <item>category</item> > > + <item>categoryalias</item> > > + <item>categoryaliasactual</item> > > + <item>categoryorder</item> > > + <item>categoryset</item> > > + <item>class</item> > > + <item>classcommon</item> > > + <item>classmap</item> > > + <item>classmapping</item> > > + <item>classorder</item> > > + <item>classpermission</item> > > + <item>classpermissionset</item> > > + <item>common</item> > > + <item>constrain</item> > > + <item>context</item> > > + <item>defaultrange</item> > > + <item>defaultrole</item> > > + <item>defaulttype</item> > > + <item>defaultuser</item> > > + <item>devicetreecon</item> > > + <item>dontaudit</item> > > + <item>dontauditx</item> > > + <item>expandtypeattribute</item> > > + <item>false</item> > > + <item>filecon</item> > > + <item>fsuse</item> > > + <item>genfscon</item> > > + <item>handleunknown</item> > > + <item>ibendportcon</item> > > + <item>ibpkeycon</item> > > + <item>ioctl</item> > > + <item>iomemcon</item> > > + <item>ioportcon</item> > > + <item>ipaddr</item> > > + <item>level</item> > > + <item>levelrange</item> > > + <item>mls</item> > > + <item>mlsconstrain</item> > > + <item>mlsvalidatetrans</item> > > + <item>netifcon</item> > > + <item>neverallow</item> > > + <item>neverallowx</item> > > + <item>nodecon</item> > > + <item>optional</item> > > + <item>pcidevicecon</item> > > + <item>perm</item> > > + <item>permissionx</item> > > + <item>pirqcon</item> > > + <item>policycap</item> > > + <item>portcon</item> > > + <item>rangetransition</item> > > + <item>role</item> > > + <item>roleallow</item> > > + <item>roleattribute</item> > > + <item>roleattributeset</item> > > + <item>rolebounds</item> > > + <item>roletransition</item> > > + <item>roletype</item> > > + <item>selinuxuser</item> > > + <item>selinuxuserdefault</item> > > + <item>sensitivity</item> > > + <item>sensitivityalias</item> > > + <item>sensitivityaliasactual</item> > > + <item>sensitivitycategory</item> > > + <item>sensitivityorder</item> > > + <item>sid</item> > > + <item>sidcontext</item> > > + <item>sidorder</item> > > + <item>true</item> > > + <item>tunable</item> > > + <item>tunableif</item> > > + <item>type</item> > > + <item>typealias</item> > > + <item>typealiasactual</item> > > + <item>typeattribute</item> > > + <item>typeattributeset</item> > > + <item>typebounds</item> > > + <item>typechange</item> > > + <item>typemember</item> > > + <item>typepermissive</item> > > + <item>typetransition</item> > > + <item>unordered</item> > > + <item>user</item> > > + <item>userattribute</item> > > + <item>userattributeset</item> > > + <item>userbounds</item> > > + <item>userlevel</item> > > + <item>userprefix</item> > > + <item>userrange</item> > > + <item>userrole</item> > > + <item>validatetrans</item> > > + </list> > > + > > + <list name="function"> > > + <item>blockinherit</item> > > + <item>call</item> > > + <item>in</item> > > + <item>macro</item> > > + </list> > > + > > + <list name="operators"> > > + <item>and</item> > > + <item>dom</item> > > + <item>domby</item> > > + <item>eq</item> > > + <item>incomp</item> > > + <item>neq</item> > > + <item>not</item> > > + <item>or</item> > > + <item>range</item> > > + <item>xor</item> > > + </list> > > + > > + <!-- list of "magic" functions or values --> > > + <list name="builtins"> > > + <item>*</item> > > + <item>all</item> > > + <item>dccp</item> > > + <item>false</item> > > + <item>h1</item> > > + <item>h2</item> > > + <item>l1</item> > > + <item>l2</item> > > + <item>object_r</item> > > + <item>r1</item> > > + <item>r2</item> > > + <item>r3</item> > > + <item>sctp</item> > > + <item>self</item> > > + <item>t1</item> > > + <item>t2</item> > > + <item>t3</item> > > + <item>tcp</item> > > + <item>true</item> > > + <item>u1</item> > > + <item>u2</item> > > + <item>u3</item> > > + <item>udp</item> > > + > > + <!-- > > + Excluded because they lead to a lot of false-positives > > + <item>allow</item> > > + <item>any</item> > > + <item>char</item> > > + <item>deny</item> > > + <item>dir</item> > > + <item>file</item> > > + <item>glblub</item> > > + <item>high</item> > > + <item>low-high</item> > > + <item>low</item> > > + <item>pipe</item> > > + <item>reject</item> > > + <item>socket</item> > > + <item>source</item> > > + <item>symlink</item> > > + <item>target</item> > > + <item>task</item> > > + <item>trans</item> > > + <item>xattr</item> > > + --> > > + </list> > > + <highlighting> > > + <contexts> > > + <context name="Normal" attribute="Normal" lineEndContext="#stay"> > > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > > + > > + <DetectChar attribute="Comment" context="Comment" char=";"/> > > + </context> > > + <context name="BlockStart" attribute="Normal" lineEndContext="#stay"> > > + <keyword attribute="Keyword" context="Block" String="keywords_blockstart"/> > > + <keyword attribute="Function" context="Block" String="function"/> > > + <keyword attribute="Operator" context="Block" String="operators"/> > > + > > + <DetectChar attribute="Comment" context="Comment" char=";"/> > > + </context> > > + <context name="Block" attribute="Normal" lineEndContext="#stay"> > > + <keyword attribute="Builtin" context="#stay" String="builtins"/> > > + > > + <DetectChar attribute="Comment" context="Comment" char=";"/> > > + <DetectChar attribute="String" context="String" char="""/> > > + > > + <DetectChar attribute="Brackets" context="BlockStart" char="("/> > > + <DetectChar attribute="Brackets" context="#pop" char=")"/> > > + </context> > > + > > + <!-- single line comment --> > > + <context name="Comment" attribute="Comment" lineEndContext="#pop"></context> > > + > > + <!-- string / name --> > > + <context name="String" attribute="String" lineEndContext="#stay"> > > + <RegExpr attribute="Char" context="#stay" String="#\\."/> > > + > > + <!-- allow escaping " or similiar --> > > + <HlCStringChar attribute="String Char" context="#stay"/> > > + > > + <DetectChar attribute="String" context="#pop" char="""/> > > + </context> > > + </contexts> > > + <itemDatas> > > + <itemData name="Normal" defStyleNum="dsNormal" /> > > + <itemData name="Keyword" defStyleNum="dsKeyword"/> > > + <itemData name="Function" defStyleNum="dsFunction"/> > > + <itemData name="Operator" defStyleNum="dsOperator"/> > > + <itemData name="Builtin" defStyleNum="dsBuiltIn"/> > > + > > + <itemData name="Comment" defStyleNum="dsComment"/> > > + > > + <itemData name="String" defStyleNum="dsString"/> > > + <itemData name="String Char" defStyleNum="dsSpecialChar"/> > > + </itemDatas> > > + </highlighting> > > + <general> > > + <comments> > > + <comment name="singleLine" start=";"/> > > + </comments> > > + <keywords casesensitive="1" weakDeliminator="."/> > > + </general> > > +</language> > > -- > > 2.30.0 > >
diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile index 79a165ba..a91bcde0 100644 --- a/secilc/docs/Makefile +++ b/secilc/docs/Makefile @@ -28,6 +28,8 @@ FILE_LIST ?= cil_introduction.md \ PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) +PANDOC_HIGHLIGHT_STYLE="pygments" + PDF_OUT=CIL_Reference_Guide.pdf HTML_OUT=CIL_Reference_Guide.html PANDOC = pandoc @@ -54,13 +56,13 @@ $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil $(SED) -i '1i Example Policy\n=========\n```secil' $@ echo '```' >> $@ -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil +html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml mkdir -p $(HTMLDIR) - $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --metadata title="CIL Reference Guide" -t html $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(HTMLDIR)/$(HTML_OUT) -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil +pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml mkdir -p $(PDFDIR) - $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --toc $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(PDFDIR)/$(PDF_OUT) clean: rm -rf $(HTMLDIR) diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml new file mode 100644 index 00000000..daa80ded --- /dev/null +++ b/secilc/docs/secil.xml @@ -0,0 +1,236 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- https://docs.kde.org/trunk5/en/applications/katepart/highlight.html#katehighlight-xml-format --> +<!DOCTYPE language SYSTEM "language.dtd"> +<language name="secil" section="Sources" extensions="*.cil" version="1" kateversion="2.4"> + <!-- + The keywords where extracted from libsepol/cil/src/cil.c sorted into the + right lists and sorted alphabetically + --> + <list name="keywords_blockstart"> + <item>allow</item> + <item>allowx</item> + <item>auditallow</item> + <item>auditallowx</item> + <item>block</item> + <item>blockabstract</item> + <item>boolean</item> + <item>booleanif</item> + <item>category</item> + <item>categoryalias</item> + <item>categoryaliasactual</item> + <item>categoryorder</item> + <item>categoryset</item> + <item>class</item> + <item>classcommon</item> + <item>classmap</item> + <item>classmapping</item> + <item>classorder</item> + <item>classpermission</item> + <item>classpermissionset</item> + <item>common</item> + <item>constrain</item> + <item>context</item> + <item>defaultrange</item> + <item>defaultrole</item> + <item>defaulttype</item> + <item>defaultuser</item> + <item>devicetreecon</item> + <item>dontaudit</item> + <item>dontauditx</item> + <item>expandtypeattribute</item> + <item>false</item> + <item>filecon</item> + <item>fsuse</item> + <item>genfscon</item> + <item>handleunknown</item> + <item>ibendportcon</item> + <item>ibpkeycon</item> + <item>ioctl</item> + <item>iomemcon</item> + <item>ioportcon</item> + <item>ipaddr</item> + <item>level</item> + <item>levelrange</item> + <item>mls</item> + <item>mlsconstrain</item> + <item>mlsvalidatetrans</item> + <item>netifcon</item> + <item>neverallow</item> + <item>neverallowx</item> + <item>nodecon</item> + <item>optional</item> + <item>pcidevicecon</item> + <item>perm</item> + <item>permissionx</item> + <item>pirqcon</item> + <item>policycap</item> + <item>portcon</item> + <item>rangetransition</item> + <item>role</item> + <item>roleallow</item> + <item>roleattribute</item> + <item>roleattributeset</item> + <item>rolebounds</item> + <item>roletransition</item> + <item>roletype</item> + <item>selinuxuser</item> + <item>selinuxuserdefault</item> + <item>sensitivity</item> + <item>sensitivityalias</item> + <item>sensitivityaliasactual</item> + <item>sensitivitycategory</item> + <item>sensitivityorder</item> + <item>sid</item> + <item>sidcontext</item> + <item>sidorder</item> + <item>true</item> + <item>tunable</item> + <item>tunableif</item> + <item>type</item> + <item>typealias</item> + <item>typealiasactual</item> + <item>typeattribute</item> + <item>typeattributeset</item> + <item>typebounds</item> + <item>typechange</item> + <item>typemember</item> + <item>typepermissive</item> + <item>typetransition</item> + <item>unordered</item> + <item>user</item> + <item>userattribute</item> + <item>userattributeset</item> + <item>userbounds</item> + <item>userlevel</item> + <item>userprefix</item> + <item>userrange</item> + <item>userrole</item> + <item>validatetrans</item> + </list> + + <list name="function"> + <item>blockinherit</item> + <item>call</item> + <item>in</item> + <item>macro</item> + </list> + + <list name="operators"> + <item>and</item> + <item>dom</item> + <item>domby</item> + <item>eq</item> + <item>incomp</item> + <item>neq</item> + <item>not</item> + <item>or</item> + <item>range</item> + <item>xor</item> + </list> + + <!-- list of "magic" functions or values --> + <list name="builtins"> + <item>*</item> + <item>all</item> + <item>dccp</item> + <item>false</item> + <item>h1</item> + <item>h2</item> + <item>l1</item> + <item>l2</item> + <item>object_r</item> + <item>r1</item> + <item>r2</item> + <item>r3</item> + <item>sctp</item> + <item>self</item> + <item>t1</item> + <item>t2</item> + <item>t3</item> + <item>tcp</item> + <item>true</item> + <item>u1</item> + <item>u2</item> + <item>u3</item> + <item>udp</item> + + <!-- + Excluded because they lead to a lot of false-positives + <item>allow</item> + <item>any</item> + <item>char</item> + <item>deny</item> + <item>dir</item> + <item>file</item> + <item>glblub</item> + <item>high</item> + <item>low-high</item> + <item>low</item> + <item>pipe</item> + <item>reject</item> + <item>socket</item> + <item>source</item> + <item>symlink</item> + <item>target</item> + <item>task</item> + <item>trans</item> + <item>xattr</item> + --> + </list> + <highlighting> + <contexts> + <context name="Normal" attribute="Normal" lineEndContext="#stay"> + <DetectChar attribute="Brackets" context="BlockStart" char="("/> + + <DetectChar attribute="Comment" context="Comment" char=";"/> + </context> + <context name="BlockStart" attribute="Normal" lineEndContext="#stay"> + <keyword attribute="Keyword" context="Block" String="keywords_blockstart"/> + <keyword attribute="Function" context="Block" String="function"/> + <keyword attribute="Operator" context="Block" String="operators"/> + + <DetectChar attribute="Comment" context="Comment" char=";"/> + </context> + <context name="Block" attribute="Normal" lineEndContext="#stay"> + <keyword attribute="Builtin" context="#stay" String="builtins"/> + + <DetectChar attribute="Comment" context="Comment" char=";"/> + <DetectChar attribute="String" context="String" char="""/> + + <DetectChar attribute="Brackets" context="BlockStart" char="("/> + <DetectChar attribute="Brackets" context="#pop" char=")"/> + </context> + + <!-- single line comment --> + <context name="Comment" attribute="Comment" lineEndContext="#pop"></context> + + <!-- string / name --> + <context name="String" attribute="String" lineEndContext="#stay"> + <RegExpr attribute="Char" context="#stay" String="#\\."/> + + <!-- allow escaping " or similiar --> + <HlCStringChar attribute="String Char" context="#stay"/> + + <DetectChar attribute="String" context="#pop" char="""/> + </context> + </contexts> + <itemDatas> + <itemData name="Normal" defStyleNum="dsNormal" /> + <itemData name="Keyword" defStyleNum="dsKeyword"/> + <itemData name="Function" defStyleNum="dsFunction"/> + <itemData name="Operator" defStyleNum="dsOperator"/> + <itemData name="Builtin" defStyleNum="dsBuiltIn"/> + + <itemData name="Comment" defStyleNum="dsComment"/> + + <itemData name="String" defStyleNum="dsString"/> + <itemData name="String Char" defStyleNum="dsSpecialChar"/> + </itemDatas> + </highlighting> + <general> + <comments> + <comment name="singleLine" start=";"/> + </comments> + <keywords casesensitive="1" weakDeliminator="."/> + </general> +</language>
This is done by creating a somewhat rudimentary KDE syntax xml for pandoc. The default styles provided by pandoc don't look very good and don't highlight e.g. the strings marked as builtin. Signed-off-by: Jonathan Hettwer <j2468h@gmail.com> --- secilc/docs/Makefile | 10 +- secilc/docs/secil.xml | 236 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 242 insertions(+), 4 deletions(-) create mode 100644 secilc/docs/secil.xml