blob: f913b6d430eeb8d84d2b444c5eb68182bea49058 [file] [log] [blame]
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (C) 2016 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Packs schema for the Brillo Developer Kit.
-->
<grammar xmlns="http://relaxng.org/ns/structure/1.0" datatypeLibrary="http://www.w3.org/2001/XMLSchema-datatypes">
<start combine="choice">
<ref name="Packs"/>
</start>
<!-- When updating PackName, also update targets.rng:TargetPackName. -->
<define name="PackName">
<data type="token">
<param name="pattern">([_\w]+\.)*([_\w]+)</param>
<param name="maxLength">128</param>
</data>
</define>
<!-- When a pack is defined, it cannot include namespacing. -->
<define name="LocalPackName">
<data type="token">
<param name="pattern">[_\w]+</param>
<param name="maxLength">128</param>
</data>
</define>
<define name="PathType">
<data type="token">
<param name="maxLength">4096</param>
</data>
</define>
<define name="PackOperation">
<attribute name="pack">
<ref name="PackName"/>
</attribute>
</define>
<define name="PackOperations">
<choice>
<element name="requires">
<!-- When a pack @requires a name, that name must be discoverable
among the unique name of packs or provideѕ by another pack.
-->
<ref name="PackOperation"/>
</element>
<element name="provides">
<!-- When a pack @provides a name, the name must not have a
pack with the given provides name. When another pack
requires the 'provides' name, if this pack is explicitly
included, then it will fill the dependency.
The bdk tool will provide possible "provides" targets
for any given unfulfilled dependency.
-->
<ref name="PackOperation"/>
</element>
</choice>
</define>
<define name="PosixFileCapabilitiesValues">
<list>
<zeroOrMore>
<choice>
<value type="token">CAP_CHOWN</value>
<value type="token">CAP_DAC_OVERRIDE</value>
<value type="token">CAP_DAC_READ_SEARCH</value>
<value type="token">CAP_FOWNER</value>
<value type="token">CAP_FSETID</value>
<value type="token">CAP_FS_MASK</value>
<value type="token">CAP_KILL</value>
<value type="token">CAP_SETGID</value>
<value type="token">CAP_SETUID</value>
<value type="token">CAP_SETPCAP</value>
<value type="token">CAP_LINUX_IMMUTABLE</value>
<value type="token">CAP_NET_BIND_SERVICE</value>
<value type="token">CAP_NET_BROADCAST</value>
<value type="token">CAP_NET_ADMIN</value>
<value type="token">CAP_NET_RAW</value>
<value type="token">CAP_IPC_LOCK</value>
<value type="token">CAP_IPC_OWNER</value>
<value type="token">CAP_SYS_MODULE</value>
<value type="token">CAP_SYS_RAWIO</value>
<value type="token">CAP_SYS_CHROOT</value>
<value type="token">CAP_SYS_PTRACE</value>
<value type="token">CAP_SYS_PACCT</value>
<value type="token">CAP_SYS_ADMIN</value>
<value type="token">CAP_SYS_BOOT</value>
<value type="token">CAP_SYS_NICE</value>
<value type="token">CAP_SYS_RESOURCE</value>
<value type="token">CAP_SYS_TIME</value>
<value type="token">CAP_SYS_TTY_CONFIG</value>
<value type="token">CAP_MKNOD</value>
<value type="token">CAP_LEASE</value>
</choice>
</zeroOrMore>
</list>
</define>
<define name="SetAclAttributes">
<optional><attribute name="user"><data type="token"/></attribute></optional>
<optional><attribute name="group"><data type="token"/></attribute></optional>
<optional><attribute name="selabel"><data type="token"/></attribute></optional>
<optional>
<attribute name="perms">
<choice>
<!-- octal -->
<data type="token">
<param name="pattern">0[0-7][0-7][0-7]</param>
</data>
<!-- TODO: add a non-octal choice -->
</choice>
</attribute>
</optional>
<optional>
<!-- Space separated list of capabilities using human-readable names. -->
<attribute name="fcaps">
<ref name="PosixFileCapabilitiesValues"/>
</attribute>
</optional>
</define>
<define name="PackCopy">
<element name="copy">
<!-- TODO(wad): for consideration:
<choice>
<group>
<attribute name="to" .../>
<element name="set-acl" .../>
</group>
<attribute name="profile">
<choice>
<value type="token">executable</value>
<value type="token">data</value>
<value type="token"test_data</value>
</choice>
</attribute>
</choice>
-->
<choice>
<empty/>
<element name="set-acl">
<empty/>
<ref name="SetAclAttributes"/>
</element>
</choice>
<attribute name="to">
<ref name="PathType"/>
</attribute>
<attribute name="from">
<ref name="PathType"/>
</attribute>
<optional>
<attribute name="recurse">
<choice>
<value type="token">true</value>
<value type="token">false</value>
</choice>
</attribute>
</optional>
</element>
</define>
<define name="PackConfig">
<attribute name="path"><data type="token"/></attribute>
<attribute name="type">
<choice>
<value type="token">kernel-fragment</value>
<value type="token">sepolicy</value>
</choice>
</attribute>
</define>
<define name="PackActions">
<choice>
<ref name="PackCopy"/>
<element name="config">
<ref name="PackConfig"/>
</element>
</choice>
</define>
<define name="Packs">
<element name="packs">
<optional>
<group>
<attribute name="version">
<choice>
<value type="integer">1</value>
</choice>
</attribute>
</group>
</optional>
<choice>
<group>
<oneOrMore>
<element name="pack">
<!-- A pack cannot subnamespace itself. -->
<!-- If this is onerous, we can relax this requirement. -->
<attribute name="name"><ref name="LocalPackName"/></attribute>
<optional>
<element name="defaults">
<optional>
<element name="copy">
<choice>
<empty/>
<element name="set-acl">
<ref name="SetAclAttributes"/>
</element>
</choice>
<optional>
<attribute name="to">
<ref name="PathType"/>
</attribute>
</optional>
<optional>
<attribute name="from">
<ref name="PathType"/>
</attribute>
</optional>
</element>
</optional>
</element>
</optional>
<zeroOrMore>
<choice>
<ref name="PackOperations"/>
<ref name="PackActions"/>
</choice>
</zeroOrMore>
</element>
</oneOrMore>
</group>
<group>
<attribute name="path">
<data type="token"/>
</attribute>
</group>
</choice>
<attribute name="namespace">
<ref name="PackName"/>
</attribute>
</element>
</define>
</grammar>