Re: [PATCH 0/2] secilc/docs: add syntax highlighting for cil examples

From: bauen1 <j2468h@googlemail.com>
To: James Carter <jwcart2@gmail.com>, bauen1 <j2468h@googlemail.com>
Cc: SElinux list <selinux@vger.kernel.org>
Subject: Re: [PATCH 0/2] secilc/docs: add syntax highlighting for cil examples
Date: Thu, 4 Feb 2021 22:28:57 +0100	[thread overview]
Message-ID: <82ba2e85-54f6-5a7b-2bc4-b49bc509de18@gmail.com> (raw)
In-Reply-To: <CAP+JOzQ6Vv7dFJfqBUe5SO596UVQ3-SzJ_Vi50nLf7fv6ofTVQ@mail.gmail.com>

On 2/4/21 9:17 PM, James Carter wrote:
> I notice on page 10:
> (block unconfined
>     (user user)
>    ...
> 
> That the second user (which is the name of the user) is highlighted as
> well as the user keyword.
> 
> Similar thing happens further done on page 10 with the rule:
> (portcon udp 12345 (unconfined.user object_r unconfined.object ((s0) (s0(c0)))))
> 
> The "user" part of "unconfined.user" is highlighted.
> 
> "unconfined.user" is used in other examples as well.
> 
> Changing the first statement to be (user user1) would be fine, but I
> would like "unconfined.user" to remain as is.
> I am not sure how hard it would be to fix that.
> 

I thought this would be harder, but just highlighting the first cil keyword in a block is actually very easy, and I can rework the patch to do just that.

It becomes more difficult when trying to add (some) highlighting to everything else since keywords are reused as names very often (I do that by design even):

Some examples from the guide:

(macro all ((type x))
    (allow x bin_t (policy.file (execute)))
    (allowx x bin_t (ioctl policy.file (range 0x1000 0x11FF)))
)
(call all (bin_t))

(mlsvalidatetrans file (domby l1 h2))

(defaultrole char target)

(type t1)
(allow bb.t2 bb.t1 (policy.file (read write execute))))))

In the above e.g. all is name, but is usually a keyword with a very important meaning, so imho it should be highlighted, in a lesser way this also goes for t1, or domby, ...

The only way I avoid highlighting _all_ names as keywords is to implement a lot of the CIL grammar in the syntax highlighter, but I'm not really sure if it's worth the effort.
It could be done for some keywords, e.g. constraints, filecon.

A better alternative might be to just highlight less, e.g. drop `low`, `low-high` keywords entirely.

I've uploaded another version with some small fixes and a debug color theme to better show what-is-what:

https://glados.bauen1.xyz/misc_stuff_might_disappear/CIL_Reference_Guide2.html

and with more keywords removed:

https://glados.bauen1.xyz/misc_stuff_might_disappear/CIL_Reference_Guide3.html

; only in version 2: file is considered a keyword (builtin), but this should normally only be the case in filecon statements, here it references a class
(mlsvalidatetrans file (domby l1 h2))

; all, t1, low is considered a keyword (builtin), but is a name
(call all (bin_t))
(type t1)
(userlevel u5 low)

; but here t2, t1 are no longer highlighted erroneously.
(allow bb.t2 bb.t1 (policy.file (read write execute)))

I think Version 3 only has mismatches in the example policy due to usage of `all`, `t1` and `t2` as names, so that might be the way to go.

> I am not sure if this matters to anyone, but if the document is
> printed, the syntax highlighting (particularly for the comments) might
> make it a little bit hard to read.

pandoc can still be run without syntax highlighting (--no-highlight) if you want to actually print the document in greyscale. 

It also looks like I messed up when sending the patches, patch 1, the least problematic one ironically, got lost somewhere.

-- 
bauen1
https://dn42.bauen1.xyz/