This is done by creating a somewhat rudimentary KDE syntax xml for pandoc. The default styles provided by pandoc don't look very good and don't highlight e.g. the strings marked as builtin. Signed-off-by: Jonathan Hettwer <j2468h@xxxxxxxxx> --- v3: No changes secilc/docs/Makefile | 10 +- secilc/docs/secil.xml | 236 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 242 insertions(+), 4 deletions(-) create mode 100644 secilc/docs/secil.xml diff --git a/secilc/docs/Makefile b/secilc/docs/Makefile index 79a165ba..a91bcde0 100644 --- a/secilc/docs/Makefile +++ b/secilc/docs/Makefile @@ -28,6 +28,8 @@ FILE_LIST ?= cil_introduction.md \ PANDOC_FILE_LIST = $(addprefix $(TMPDIR)/,$(FILE_LIST)) +PANDOC_HIGHLIGHT_STYLE="pygments" + PDF_OUT=CIL_Reference_Guide.pdf HTML_OUT=CIL_Reference_Guide.html PANDOC = pandoc @@ -54,13 +56,13 @@ $(TMPDIR)/policy.cil: $(TESTDIR)/policy.cil $(SED) -i '1i Example Policy\n=========\n```secil' $@ echo '```' >> $@ -html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil +html: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml mkdir -p $(HTMLDIR) - $(PANDOC) -t html $^ -o $(HTMLDIR)/$(HTML_OUT) + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --metadata title="CIL Reference Guide" -t html $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(HTMLDIR)/$(HTML_OUT) -pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil +pdf: $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil secil.xml mkdir -p $(PDFDIR) - $(PANDOC) --standalone --toc $^ -o $(PDFDIR)/$(PDF_OUT) + $(PANDOC) --highlight-style=$(PANDOC_HIGHLIGHT_STYLE) --syntax-definition=secil.xml --standalone --toc $(PANDOC_FILE_LIST) $(TMPDIR)/policy.cil -o $(PDFDIR)/$(PDF_OUT) clean: rm -rf $(HTMLDIR) diff --git a/secilc/docs/secil.xml b/secilc/docs/secil.xml new file mode 100644 index 00000000..daa80ded --- /dev/null +++ b/secilc/docs/secil.xml @@ -0,0 +1,236 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!-- https://docs.kde.org/trunk5/en/applications/katepart/highlight.html#katehighlight-xml-format --> +<!DOCTYPE language SYSTEM "language.dtd"> +<language name="secil" section="Sources" extensions="*.cil" version="1" kateversion="2.4"> + <!-- + The keywords where extracted from libsepol/cil/src/cil.c sorted into the + right lists and sorted alphabetically + --> + <list name="keywords_blockstart"> + <item>allow</item> + <item>allowx</item> + <item>auditallow</item> + <item>auditallowx</item> + <item>block</item> + <item>blockabstract</item> + <item>boolean</item> + <item>booleanif</item> + <item>category</item> + <item>categoryalias</item> + <item>categoryaliasactual</item> + <item>categoryorder</item> + <item>categoryset</item> + <item>class</item> + <item>classcommon</item> + <item>classmap</item> + <item>classmapping</item> + <item>classorder</item> + <item>classpermission</item> + <item>classpermissionset</item> + <item>common</item> + <item>constrain</item> + <item>context</item> + <item>defaultrange</item> + <item>defaultrole</item> + <item>defaulttype</item> + <item>defaultuser</item> + <item>devicetreecon</item> + <item>dontaudit</item> + <item>dontauditx</item> + <item>expandtypeattribute</item> + <item>false</item> + <item>filecon</item> + <item>fsuse</item> + <item>genfscon</item> + <item>handleunknown</item> + <item>ibendportcon</item> + <item>ibpkeycon</item> + <item>ioctl</item> + <item>iomemcon</item> + <item>ioportcon</item> + <item>ipaddr</item> + <item>level</item> + <item>levelrange</item> + <item>mls</item> + <item>mlsconstrain</item> + <item>mlsvalidatetrans</item> + <item>netifcon</item> + <item>neverallow</item> + <item>neverallowx</item> + <item>nodecon</item> + <item>optional</item> + <item>pcidevicecon</item> + <item>perm</item> + <item>permissionx</item> + <item>pirqcon</item> + <item>policycap</item> + <item>portcon</item> + <item>rangetransition</item> + <item>role</item> + <item>roleallow</item> + <item>roleattribute</item> + <item>roleattributeset</item> + <item>rolebounds</item> + <item>roletransition</item> + <item>roletype</item> + <item>selinuxuser</item> + <item>selinuxuserdefault</item> + <item>sensitivity</item> + <item>sensitivityalias</item> + <item>sensitivityaliasactual</item> + <item>sensitivitycategory</item> + <item>sensitivityorder</item> + <item>sid</item> + <item>sidcontext</item> + <item>sidorder</item> + <item>true</item> + <item>tunable</item> + <item>tunableif</item> + <item>type</item> + <item>typealias</item> + <item>typealiasactual</item> + <item>typeattribute</item> + <item>typeattributeset</item> + <item>typebounds</item> + <item>typechange</item> + <item>typemember</item> + <item>typepermissive</item> + <item>typetransition</item> + <item>unordered</item> + <item>user</item> + <item>userattribute</item> + <item>userattributeset</item> + <item>userbounds</item> + <item>userlevel</item> + <item>userprefix</item> + <item>userrange</item> + <item>userrole</item> + <item>validatetrans</item> + </list> + + <list name="function"> + <item>blockinherit</item> + <item>call</item> + <item>in</item> + <item>macro</item> + </list> + + <list name="operators"> + <item>and</item> + <item>dom</item> + <item>domby</item> + <item>eq</item> + <item>incomp</item> + <item>neq</item> + <item>not</item> + <item>or</item> + <item>range</item> + <item>xor</item> + </list> + + <!-- list of "magic" functions or values --> + <list name="builtins"> + <item>*</item> + <item>all</item> + <item>dccp</item> + <item>false</item> + <item>h1</item> + <item>h2</item> + <item>l1</item> + <item>l2</item> + <item>object_r</item> + <item>r1</item> + <item>r2</item> + <item>r3</item> + <item>sctp</item> + <item>self</item> + <item>t1</item> + <item>t2</item> + <item>t3</item> + <item>tcp</item> + <item>true</item> + <item>u1</item> + <item>u2</item> + <item>u3</item> + <item>udp</item> + + <!-- + Excluded because they lead to a lot of false-positives + <item>allow</item> + <item>any</item> + <item>char</item> + <item>deny</item> + <item>dir</item> + <item>file</item> + <item>glblub</item> + <item>high</item> + <item>low-high</item> + <item>low</item> + <item>pipe</item> + <item>reject</item> + <item>socket</item> + <item>source</item> + <item>symlink</item> + <item>target</item> + <item>task</item> + <item>trans</item> + <item>xattr</item> + --> + </list> + <highlighting> + <contexts> + <context name="Normal" attribute="Normal" lineEndContext="#stay"> + <DetectChar attribute="Brackets" context="BlockStart" char="("/> + + <DetectChar attribute="Comment" context="Comment" char=";"/> + </context> + <context name="BlockStart" attribute="Normal" lineEndContext="#stay"> + <keyword attribute="Keyword" context="Block" String="keywords_blockstart"/> + <keyword attribute="Function" context="Block" String="function"/> + <keyword attribute="Operator" context="Block" String="operators"/> + + <DetectChar attribute="Comment" context="Comment" char=";"/> + </context> + <context name="Block" attribute="Normal" lineEndContext="#stay"> + <keyword attribute="Builtin" context="#stay" String="builtins"/> + + <DetectChar attribute="Comment" context="Comment" char=";"/> + <DetectChar attribute="String" context="String" char="""/> + + <DetectChar attribute="Brackets" context="BlockStart" char="("/> + <DetectChar attribute="Brackets" context="#pop" char=")"/> + </context> + + <!-- single line comment --> + <context name="Comment" attribute="Comment" lineEndContext="#pop"></context> + + <!-- string / name --> + <context name="String" attribute="String" lineEndContext="#stay"> + <RegExpr attribute="Char" context="#stay" String="#\\."/> + + <!-- allow escaping " or similiar --> + <HlCStringChar attribute="String Char" context="#stay"/> + + <DetectChar attribute="String" context="#pop" char="""/> + </context> + </contexts> + <itemDatas> + <itemData name="Normal" defStyleNum="dsNormal" /> + <itemData name="Keyword" defStyleNum="dsKeyword"/> + <itemData name="Function" defStyleNum="dsFunction"/> + <itemData name="Operator" defStyleNum="dsOperator"/> + <itemData name="Builtin" defStyleNum="dsBuiltIn"/> + + <itemData name="Comment" defStyleNum="dsComment"/> + + <itemData name="String" defStyleNum="dsString"/> + <itemData name="String Char" defStyleNum="dsSpecialChar"/> + </itemDatas> + </highlighting> + <general> + <comments> + <comment name="singleLine" start=";"/> + </comments> + <keywords casesensitive="1" weakDeliminator="."/> + </general> +</language> -- 2.30.0