checkpolicy: add front-end support for disjoint attributes

Support specifying disjoint attributes rules.

The following two blocks are equivalent and prevent at compile time that
any type can be associated with more than one of the listed attributes:

    disjoint_attributes attr1, attr2, attr3;

    disjoint_attributes attr1, attr2;
    disjoint_attributes attr1, attr3;
    disjoint_attributes attr2, attr3;

Accept more than two attributes with a rule to avoid quadratic growth of
necessary statements for a group of attributes.

Signed-off-by: Christian Göttsche <[email protected]>
---
v4:
   rename to disjoint_attributes

Author: cgzones

checkpolicy/policy_define.c

@@ -1253,6 +1253,72 @@ int expand_attrib(void)
 	return rc;
 }
 
+int define_disjoint_attributes(void)
+{
+	char *id = NULL;
+	disjoint_attributes_rule_t *dattr = NULL;
+	int rc = -1;
+
+	if (pass == 1) {
+		while ((id = queue_remove(id_queue)))
+			free(id);
+		return 0;
+	}
+
+	dattr = malloc(sizeof(disjoint_attributes_rule_t));
+	if (!dattr) {
+		yyerror("Out of memory!");
+		goto exit;
+	}
+
+	ebitmap_init(&dattr->attrs);
+
+	while ((id = queue_remove(id_queue))) {
+		const type_datum_t *attr;
+
+		if (!is_id_in_scope(SYM_TYPES, id)) {
+			yyerror2("attribute %s is not within scope", id);
+			goto exit;
+		}
+
+		attr = hashtab_search(policydbp->p_types.table, id);
+		if (!attr) {
+			yyerror2("attribute %s is not declared", id);
+			goto exit;
+		}
+
+		if (attr->flavor != TYPE_ATTRIB) {
+			yyerror2("%s is a type, not an attribute", id);
+			goto exit;
+		}
+
+		if (ebitmap_get_bit(&dattr->attrs, attr->s.value - 1)) {
+			yyerror2("attribute %s used multiple times", id);
+			goto exit;
+		}
+
+		if (ebitmap_set_bit(&dattr->attrs, attr->s.value - 1, TRUE)) {
+			yyerror("Out of memory!");
+			goto exit;
+		}
+
+		free(id);
+	}
+
+	dattr->next = policydbp->disjoint_attributes;
+	policydbp->disjoint_attributes = dattr;
+
+	dattr = NULL;
+	rc = 0;
+exit:
+	if (dattr) {
+		ebitmap_destroy(&dattr->attrs);
+		free(dattr);
+	}
+	free(id);
+	return rc;
+}
+
 static int add_aliases_to_type(type_datum_t * type)
 {
 	char *id;

checkpolicy/policy_define.h

@@ -68,6 +68,7 @@ int define_type(int alias);
 int define_user(void);
 int define_validatetrans(constraint_expr_t *expr);
 int expand_attrib(void);
+int define_disjoint_attributes(void);
 int insert_id(const char *id,int push);
 int insert_separator(int push);
 uintptr_t define_cexpr(uint32_t expr_type, uintptr_t arg1, uintptr_t arg2);

checkpolicy/policy_parse.y

@@ -102,6 +102,7 @@ typedef int (* require_func_t)(int pass);
 %token ALIAS
 %token ATTRIBUTE
 %token EXPANDATTRIBUTE
+%token DISJOINTATTRIBUTES
 %token BOOL
 %token TUNABLE
 %token IF
@@ -318,6 +319,7 @@ rbac_decl		: attribute_role_def
 			;
 te_decl			: attribute_def
                         | expandattribute_def
+                        | disjointattributes_def
                         | type_def
                         | typealias_def
                         | typeattribute_def
@@ -335,6 +337,9 @@ attribute_def           : ATTRIBUTE identifier ';'
 expandattribute_def     : EXPANDATTRIBUTE names bool_val ';'
                         { if (expand_attrib()) YYABORT;}
                         ;
+disjointattributes_def : DISJOINTATTRIBUTES identifier ',' id_comma_list ';'
+                        { if (define_disjoint_attributes()) return -1;}
+                        ;
 type_def		: TYPE identifier alias_def opt_attr_list ';'
                         {if (define_type(1)) YYABORT;}
 	                | TYPE identifier opt_attr_list ';'

checkpolicy/policy_scan.l

@@ -137,6 +137,8 @@ ATTRIBUTE |
 attribute			{ return(ATTRIBUTE); }
 EXPANDATTRIBUTE |
 expandattribute                 { return(EXPANDATTRIBUTE); }
+DISJOINT_ATTRIBUTES |
+disjoint_attributes		{ return(DISJOINTATTRIBUTES); }
 TYPE_TRANSITION |
 type_transition			{ return(TYPE_TRANSITION); }
 TYPE_MEMBER |

checkpolicy/tests/policy_allonce.conf

@@ -18,6 +18,7 @@ attribute ATTR1;
 attribute ATTR2;
 expandattribute ATTR1 true;
 expandattribute ATTR2 false;
+disjoint_attributes ATTR1, ATTR2;
 type TYPE1;
 type TYPE2, ATTR1;
 type TYPE3 alias { TYPEALIAS3A TYPEALIAS3B };