digit = "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" ; digit-and-zero = digit | "0" ; number = digit , digit-and-zero* ; medrina = "(" , "Medrina" , number , number , ")" ;
(Medrina 1 0)
ruleConclusion = "Allow" | "AllowImmediately" | "Deny" | "DenyImmediately" ;
ruleConclusionE = "(" , "Conclusion" , ruleConclusion , ")" ;
(Conclusion Allow)
matchSubjectE = "True" | "False" | "(" , "WithAllRolesFrom" , name* , ")" | "(" , "WithAnyRolesFrom" , name* , ")" | "(" , "Or" , matchSubjectE , matchSubjectE , ")" | "(" , "And" , matchSubjectE , matchSubjectE , ")" ; matchSubject = "(" , "MatchSubject" , matchSubjectE , ")" ;
(MatchSubject [And (Or [WithAnyRolesFrom x y z] [WithAllRolesFrom a b]) (Or True False)])
attribute = "(" , "Attribute" , name , name , ")" ; matchObjectE = "True" | "False" | "(" , "WithType" , name , ")" | "(" , "WithAllAttributesFrom" , attribute* , ")" | "(" , "WithAnyAttributesFrom" , attribute* , ")" | "(" , "Or" , matchObjectE , matchObjectE , ")" | "(" , "And" , matchObjectE , matchObjectE , ")" ; matchObject = "(" , "MatchObject" , matchObjectE , ")" ;
(MatchObject [And (Or [WithType a] [WithType b]) (WithAllAttributesFrom [attribute x z] [attribute y b]) (Or True False)])
ruleConclusion = "Allow" | "AllowImmediately" | "Deny" | "DenyImmediately" ; ruleConclusionE = "(" , "Conclusion" , ruleConclusion , ")" ; matchSubjectE = "True" | "False" | "(" , "WithAllRolesFrom" , name* , ")" | "(" , "WithAnyRolesFrom" , name* , ")" | "(" , "Or" , matchSubjectE , matchSubjectE , ")" | "(" , "And" , matchSubjectE , matchSubjectE , ")" ; matchSubject = "(" , "MatchSubject" , matchSubjectE , ")" ; attribute = "(" , "Attribute" , name , name , ")" ; matchObjectE = "True" | "False" | "(" , "WithType" , name , ")" | "(" , "WithAllAttributesFrom" , attribute* , ")" | "(" , "WithAnyAttributesFrom" , attribute* , ")" | "(" , "Or" , matchObjectE , matchObjectE , ")" | "(" , "And" , matchObjectE , matchObjectE , ")" ; matchObject = "(" , "MatchObject" , matchObjectE , ")" ; matchActionE = "True" | "False" | "(" , "WithName" , name , ")" | "(" , "Or" , matchActionE , matchActionE , ")" | "(" , "And" , matchActionE , matchActionE , ")" ; matchAction = "(" , "MatchAction" , matchActionE , ")" ; ruleName = "(" , "Name" , name , ")" ; ruleDescription = "(" , "Description" , quoted , ")" ; ruleElement = ruleName? | ruleDescription? | ruleConclusionE | matchSubject | matchObject | matchAction ; rule = "(" , "Rule" , ruleElement* , ")" ; quoted = <Any s-expression quoted string> ; name = <A valid Lanark dotted name> ; digit = "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" ; digit-and-zero = digit | "0" ; number = digit , digit-and-zero* ; medrina = "(" , "Medrina" , number , number , ")" ; policy = medrina , rule* ;
matchActionE = "True" | "False" | "(" , "WithName" , name , ")" | "(" , "Or" , matchActionE , matchActionE , ")" | "(" , "And" , matchActionE , matchActionE , ")" ; matchAction = "(" , "MatchAction" , matchActionE , ")" ;
(MatchAction [And (Or [WithName a] [WithName b]) (Or True False)])
ruleName = "(" , "Name" , name , ")" ; ruleDescription = "(" , "Description" , quoted , ")" ; ruleElement = ruleName? | ruleDescription? | ruleConclusionE | matchSubject | matchObject | matchAction ; rule = "(" , "Rule" , ruleElement* , ")" ;
[Rule [Name rule0] [Description "A rule."] [Conclusion Deny] [MatchSubject [And (Or [WithAnyRolesFrom x y z] [WithAllRolesFrom a b]) (Or True False)]] [MatchObject [And (Or [WithType a] [WithType b]) (Or True False)]] [MatchAction [And (Or [WithName a] [WithName b]) (Or True False)]] ]
ruleConclusion = "Allow" | "AllowImmediately" | "Deny" | "DenyImmediately" ; ruleConclusionE = "(" , "Conclusion" , ruleConclusion , ")" ; matchSubjectE = "True" | "False" | "(" , "WithAllRolesFrom" , name* , ")" | "(" , "WithAnyRolesFrom" , name* , ")" | "(" , "Or" , matchSubjectE , matchSubjectE , ")" | "(" , "And" , matchSubjectE , matchSubjectE , ")" ; matchSubject = "(" , "MatchSubject" , matchSubjectE , ")" ; attribute = "(" , "Attribute" , name , name , ")" ; matchObjectE = "True" | "False" | "(" , "WithType" , name , ")" | "(" , "WithAllAttributesFrom" , attribute* , ")" | "(" , "WithAnyAttributesFrom" , attribute* , ")" | "(" , "Or" , matchObjectE , matchObjectE , ")" | "(" , "And" , matchObjectE , matchObjectE , ")" ; matchObject = "(" , "MatchObject" , matchObjectE , ")" ; matchActionE = "True" | "False" | "(" , "WithName" , name , ")" | "(" , "Or" , matchActionE , matchActionE , ")" | "(" , "And" , matchActionE , matchActionE , ")" ; matchAction = "(" , "MatchAction" , matchActionE , ")" ; ruleName = "(" , "Name" , name , ")" ; ruleDescription = "(" , "Description" , quoted , ")" ; ruleElement = ruleName? | ruleDescription? | ruleConclusionE | matchSubject | matchObject | matchAction ; rule = "(" , "Rule" , ruleElement* , ")" ; quoted = <Any s-expression quoted string> ; name = <A valid Lanark dotted name> ; digit = "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9" ; digit-and-zero = digit | "0" ; number = digit , digit-and-zero* ; medrina = "(" , "Medrina" , number , number , ")" ; policy = medrina , rule* ;