diff options
Diffstat (limited to 'policychecker/rules.xsl')
-rw-r--r-- | policychecker/rules.xsl | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/policychecker/rules.xsl b/policychecker/rules.xsl index bc306d9..a899113 100644 --- a/policychecker/rules.xsl +++ b/policychecker/rules.xsl @@ -205,4 +205,57 @@ </sch:rule> </sch:pattern> + <sch:pattern name="Unknown keywords"> + <sch:rule context="policy"> + <sch:report test="not (@context or @at_console or @user or @group)">Unknown keyword. Allowed attributes: context, at_console, user, group.</sch:report> + </sch:rule> + <sch:rule context="allow|deny"> + <sch:report test="not (@send_interface or @send_member or @send_error or @send_broadcast or @send_destination or @send_destination_prefix or @send_type or @send_path or @send_requested_reply or @receive_interface or @receive_member or @receive_error or @receive_sender or @receive_type or @receive_path or @receive_requested_reply or @eavesdrop or @own or @own_prefix or @user or @group or @min_fds or @max_fds)"> + Unknown keyword. Allowed attributes are: + - send_interface, send_member, send_error, send_broadcast, send_destination, send_destination_prefix, send_type, send_path, send_requested_reply + - receive_interface, receive_member, receive_error, receive_sender, receive_type, receive_path, receive_requested_reply + - eavesdrop + - own, own_prefix + - user, group + - min_fds, max_fds + </sch:report> + </sch:rule> + <sch:rule context="check"> + <sch:report test="not (@send_interface or @send_member or @send_error or @send_broadcast or @send_destination or @send_destination_prefix or @send_type or @send_path or @send_requested_reply or @receive_interface or @receive_member or @receive_error or @receive_sender or @receive_type or @receive_path or @receive_requested_reply or @eavesdrop or @own or @own_prefix or @user or @group or @min_fds or @max_fds or @privilege)"> + Unknown keyword. Allowed attributes are: + - send_interface, send_member, send_error, send_broadcast, send_destination, send_destination_prefix, send_type, send_path, send_requested_reply + - receive_interface, receive_member, receive_error, receive_sender, receive_type, receive_path, receive_requested_reply + - eavesdrop + - own, own_prefix + - user, group + - privilege + - min_fds, max_fds + </sch:report> + </sch:rule> + </sch:pattern> + + <sch:pattern name="Unknown attribute values"> + <sch:rule context="policy[@at_console]"> + <sch:report test="@at_console != 'true' and @at_console != 'false'">Allowed values for at_console: "true", "false".</sch:report> + </sch:rule> + <sch:rule context="allow[@send_broadcast]|deny[@send_broadcast]|check[@send_broadcast]"> + <sch:report test="@send_broadcast != 'true' and @send_broadcast != 'false'">Allowed values for send_broadcast: "true", "false".</sch:report> + </sch:rule> + <sch:rule context="allow[@send_requested_reply]|deny[@send_requested_reply]|check[@send_requested_reply]"> + <sch:report test="@send_requested_reply != 'true' and @send_requested_reply != 'false'">Allowed values for send_requested_reply: "true", "false".</sch:report> + </sch:rule> + <sch:rule context="allow[@receive_requested_reply]|deny[@receive_requested_reply]|check[@receive_requested_reply]"> + <sch:report test="@receive_requested_reply != 'true' and @receive_requested_reply != 'false'">Allowed values for receive_requested_reply: "true", "false".</sch:report> + </sch:rule> + <sch:rule context="allow[@eavesdrop]|deny[@eavesdrop]|check[@eavesdrop]"> + <sch:report test="@eavesdrop != 'true' and @eavesdrop != 'false'">Allowed values for eavesdrop: "true", "false".</sch:report> + </sch:rule> + <sch:rule context="allow[@send_type]|deny[@send_type]|check[@send_type]"> + <sch:report test="@send_type != 'method_call' and @send_type != 'method_return' and @send_type != 'signal' and @send_type != 'error'">Allowed values for send_type: "method_call", "method_return", "signal, "error".</sch:report> + </sch:rule> + <sch:rule context="allow[@receive_type]|deny[@receive_type]|check[@receive_type]"> + <sch:report test="@receive_type != 'method_call' and @receive_type != 'method_return' and @receive_type != 'signal' and @receive_type != 'error'">Allowed values for receive_type: "method_call", "method_return", "signal, "error".</sch:report> + </sch:rule> + </sch:pattern> + </sch:schema> |