diff options
Diffstat (limited to 'policychecker/rules.xsl')
| -rw-r--r-- | policychecker/rules.xsl | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl index 7f20b0f..bc306d9 100644 --- a/policychecker/rules.xsl +++ b/policychecker/rules.xsl @@ -64,6 +64,14 @@ <sch:let name="dest_name" value="@own_prefix"/> <sch:assert test="//policy[@context='default']/deny[@own_prefix = $dest_name]">For each allow own_prefix you must add a deny own_prefix in default context.</sch:assert> </sch:rule> + <sch:rule context="deny[@own]"> + <sch:let name="dest_name" value="@own"/> + <sch:assert test="//policy/allow[@own = $dest_name] or //policy/check[@own = $dest_name]">"deny own" present, but no "allow own" or "check own" for that name.</sch:assert> + </sch:rule> + <sch:rule context="deny[@own_prefix]"> + <sch:let name="dest_name" value="@own_prefix"/> + <sch:assert test="//policy/allow[@own_prefix = $dest_name] or //policy/check[@own_prefix = $dest_name]">"deny own_prefix" present, but no "allow own_prefix" or "check own_prefix" for that name.</sch:assert> + </sch:rule> </sch:pattern> <sch:pattern name="Unconstrained allow in default context (or mandatory)"> |