summaryrefslogtreecommitdiff
path: root/policychecker/rules.xsl
diff options
context:
space:
mode:
Diffstat (limited to 'policychecker/rules.xsl')
-rw-r--r--policychecker/rules.xsl53
1 files changed, 53 insertions, 0 deletions
diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl
index bc306d9..a899113 100644
--- a/policychecker/rules.xsl
+++ b/policychecker/rules.xsl
@@ -205,4 +205,57 @@
</sch:rule>
</sch:pattern>
+ <sch:pattern name="Unknown keywords">
+ <sch:rule context="policy">
+ <sch:report test="not (@context or @at_console or @user or @group)">Unknown keyword. Allowed attributes: context, at_console, user, group.</sch:report>
+ </sch:rule>
+ <sch:rule context="allow|deny">
+ <sch:report test="not (@send_interface or @send_member or @send_error or @send_broadcast or @send_destination or @send_destination_prefix or @send_type or @send_path or @send_requested_reply or @receive_interface or @receive_member or @receive_error or @receive_sender or @receive_type or @receive_path or @receive_requested_reply or @eavesdrop or @own or @own_prefix or @user or @group or @min_fds or @max_fds)">
+ Unknown keyword. Allowed attributes are:
+ - send_interface, send_member, send_error, send_broadcast, send_destination, send_destination_prefix, send_type, send_path, send_requested_reply
+ - receive_interface, receive_member, receive_error, receive_sender, receive_type, receive_path, receive_requested_reply
+ - eavesdrop
+ - own, own_prefix
+ - user, group
+ - min_fds, max_fds
+ </sch:report>
+ </sch:rule>
+ <sch:rule context="check">
+ <sch:report test="not (@send_interface or @send_member or @send_error or @send_broadcast or @send_destination or @send_destination_prefix or @send_type or @send_path or @send_requested_reply or @receive_interface or @receive_member or @receive_error or @receive_sender or @receive_type or @receive_path or @receive_requested_reply or @eavesdrop or @own or @own_prefix or @user or @group or @min_fds or @max_fds or @privilege)">
+ Unknown keyword. Allowed attributes are:
+ - send_interface, send_member, send_error, send_broadcast, send_destination, send_destination_prefix, send_type, send_path, send_requested_reply
+ - receive_interface, receive_member, receive_error, receive_sender, receive_type, receive_path, receive_requested_reply
+ - eavesdrop
+ - own, own_prefix
+ - user, group
+ - privilege
+ - min_fds, max_fds
+ </sch:report>
+ </sch:rule>
+ </sch:pattern>
+
+ <sch:pattern name="Unknown attribute values">
+ <sch:rule context="policy[@at_console]">
+ <sch:report test="@at_console != 'true' and @at_console != 'false'">Allowed values for at_console: "true", "false".</sch:report>
+ </sch:rule>
+ <sch:rule context="allow[@send_broadcast]|deny[@send_broadcast]|check[@send_broadcast]">
+ <sch:report test="@send_broadcast != 'true' and @send_broadcast != 'false'">Allowed values for send_broadcast: "true", "false".</sch:report>
+ </sch:rule>
+ <sch:rule context="allow[@send_requested_reply]|deny[@send_requested_reply]|check[@send_requested_reply]">
+ <sch:report test="@send_requested_reply != 'true' and @send_requested_reply != 'false'">Allowed values for send_requested_reply: "true", "false".</sch:report>
+ </sch:rule>
+ <sch:rule context="allow[@receive_requested_reply]|deny[@receive_requested_reply]|check[@receive_requested_reply]">
+ <sch:report test="@receive_requested_reply != 'true' and @receive_requested_reply != 'false'">Allowed values for receive_requested_reply: "true", "false".</sch:report>
+ </sch:rule>
+ <sch:rule context="allow[@eavesdrop]|deny[@eavesdrop]|check[@eavesdrop]">
+ <sch:report test="@eavesdrop != 'true' and @eavesdrop != 'false'">Allowed values for eavesdrop: "true", "false".</sch:report>
+ </sch:rule>
+ <sch:rule context="allow[@send_type]|deny[@send_type]|check[@send_type]">
+ <sch:report test="@send_type != 'method_call' and @send_type != 'method_return' and @send_type != 'signal' and @send_type != 'error'">Allowed values for send_type: "method_call", "method_return", "signal, "error".</sch:report>
+ </sch:rule>
+ <sch:rule context="allow[@receive_type]|deny[@receive_type]|check[@receive_type]">
+ <sch:report test="@receive_type != 'method_call' and @receive_type != 'method_return' and @receive_type != 'signal' and @receive_type != 'error'">Allowed values for receive_type: "method_call", "method_return", "signal, "error".</sch:report>
+ </sch:rule>
+ </sch:pattern>
+
</sch:schema>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 18:03:19 +0000