add pix transition mode

parser/immunix.h

@@ -34,13 +34,22 @@
 #define AA_EXEC_MMAP			(1 << 6)
 
 #define AA_CHANGE_PROFILE		(1 << 26)
-#define AA_EXEC_INHERIT 		(1 << 27)
-#define AA_EXEC_UNCONFINED		(1 << 28)
-#define AA_EXEC_PROFILE			(1 << 29)
-#define AA_EXEC_UNSAFE			(1 << 30)
-#define AA_EXEC_MODIFIERS		(AA_EXEC_INHERIT | \
-					 AA_EXEC_UNCONFINED | \
-					 AA_EXEC_PROFILE)
+
+#define AA_EXEC_UNSAFE			(1 << 27)
+#define AA_EXEC_MOD_SHIFT		28
+#define AA_EXEC_MOD_0			(1 << 28)
+#define AA_EXEC_MOD_1			(1 << 29)
+#define AA_EXEC_MOD_2			(1 << 30)
+#define AA_ERROR_BIT			(1 << 31)
+
+#define AA_EXEC_MODIFIERS		(AA_EXEC_MOD_0 | \
+					 AA_EXEC_MOD_1 | \
+					 AA_EXEC_MOD_2)
+
+#define AA_EXEC_UNCONFINED		(AA_EXEC_MOD_2)
+#define AA_EXEC_INHERIT			(AA_EXEC_MOD_0)
+#define AA_EXEC_PROFILE			(AA_EXEC_MOD_1)
+#define AA_EXEC_PROFILE_OR_INHERIT	(AA_EXEC_MOD_0 | AA_EXEC_MOD_1)
 
 
 /* Network subdomain extensions.  */
@@ -79,12 +88,15 @@ enum pattern_t {
 #define HAS_MAY_LINK(mode)		((mode) & AA_MAY_LINK)
 #define HAS_MAY_LOCK(mode)		((mode) & AA_MAY_LOCK)
 #define HAS_EXEC_MMAP(mode) 		((mode) & AA_EXEC_MMAP)
-#define HAS_EXEC_INHERIT(mode)		((mode) & AA_EXEC_INHERIT)
-#define HAS_EXEC_PROFILE(mode)		((mode) & AA_EXEC_PROFILE)
-#define HAS_EXEC_UNCONFINED(mode)	((mode) & AA_EXEC_UNCONFINED)
+#define HAS_EXEC_INHERIT(mode)		(((mode) & AA_EXEC_MODIFIERS) == \
+					 AA_EXEC_INHERIT)
+#define HAS_EXEC_PROFILE(mode)		(((mode) & AA_EXEC_MODIFIERS) == \
+					 AA_EXEC_PROFILE)
+#define HAS_EXEC_UNCONFINED(mode)	(((mode) & AA_EXEC_MODIFIERS) == \
+					 AA_EXEC_UNCONFINED)
+#define HAS_EXEC_PROFILE_OR_INHERIT(mode) (((mode) & AA_EXEC_MODIFIERS) == \
+					   AA_EXEC_PROFILE_OR_INHERIT)
 #define HAS_EXEC_UNSAFE(mode) 		((mode) & AA_EXEC_UNSAFE)
 #define HAS_CHANGE_PROFILE(mode)	((mode) & AA_CHANGE_PROFILE)
 
-#define SINGLE_BIT_SET(X) (!((X) & ((X) - 1)))
-#define AA_EXEC_SINGLE_MODIFIER_SET(X) SINGLE_BIT_SET(((X) & AA_EXEC_MODIFIERS))
 #endif				/* ! _IMMUNIX_H */

parser/libapparmor_re/regexp.y

@@ -871,9 +871,8 @@ State *DFA::verify_perms(void)
     for (States::iterator i = states.begin(); i != states.end(); i++) {
 	uint32_t accept = accept_perms(*i);
 	if (*i == start || accept) {
-	    if ((accept & AA_EXEC_MODIFIERS) &&
-		!AA_EXEC_SINGLE_MODIFIER_SET(accept))
-		return *i;
+	    if (accept & AA_ERROR_BIT)
+		    return *i;
 	}
     }
     return NULL;
@@ -1493,9 +1492,11 @@ extern "C" void aare_delete_ruleset(aare_ruleset_t *rules)
     }
 }
 
-#define ACCUMULATING_FLAGS \
-	(AA_MAY_READ | AA_MAY_WRITE | AA_MAY_APPEND | AA_MAY_EXEC | \
-	 AA_MAY_LINK | AA_MAY_LOCK | AA_EXEC_MMAP | AA_CHANGE_PROFILE)
+static inline int diff_qualifiers(uint32_t perm1, uint32_t perm2)
+{
+	return ((perm1 & AA_EXEC_MODIFIERS) && (perm2 & AA_EXEC_MODIFIERS) &&
+		(perm1 & AA_EXEC_MODIFIERS) != (perm2 & AA_EXEC_MODIFIERS));
+}
 
 /**
  * Compute the permission flags that this state corresponds to. If we
@@ -1507,24 +1508,44 @@ uint32_t accept_perms(State *state)
     uint32_t perms = 0, exact_match_perms = 0;
 
     for (State::iterator i = state->begin(); i != state->end(); i++) {
-	if (MatchFlag *match = dynamic_cast<MatchFlag *>(*i)) {
-		perms |= match->flag;
-		if (dynamic_cast<ExactMatchFlag *>(match))
-			exact_match_perms |= match->flag;
-	}
+	    MatchFlag *match;
+	    if (!(match= dynamic_cast<MatchFlag *>(*i)))
+		continue;
+	    if (dynamic_cast<ExactMatchFlag *>(match)) {
+		    if (diff_qualifiers(exact_match_perms, match->flag))
+			    exact_match_perms |= AA_ERROR_BIT;
+		    exact_match_perms |= match->flag;
+	    } else {
+		    if (diff_qualifiers(perms, match->flag))
+			    perms |= AA_ERROR_BIT;
+		    perms |= match->flag;
+	    }
     }
 
-    if (exact_match_perms & ~ACCUMULATING_FLAGS)
-	perms = (exact_match_perms & ~ACCUMULATING_FLAGS) |
-		(perms & ACCUMULATING_FLAGS);
-
+    if (exact_match_perms & AA_EXEC_MODIFIERS)
+	    perms = exact_match_perms | (perms & ~AA_EXEC_MODIFIERS);
+    else {
+if (exact_match_perms)
+fprintf(stderr, "exact match perms without exec modifiers!!!\n");
+	    perms |= exact_match_perms;
+    }
+if ((perms & AA_EXEC_MODIFIERS) > AA_EXEC_PROFILE_OR_INHERIT) fprintf(stderr, "bad accept perm 0x%x\n", perms);
+ if (perms & AA_ERROR_BIT) {
+     fprintf(stderr, "error bit 0x%x\n", perms);
+     exit(255);
+}
+ /*
+     if (perms & ~AA_VALID_PERMS)
+ 	yyerror(_("Internal error accumulated invalid perm 0x%llx\n"), perms);
+ */
     return perms;
 }
 
 extern "C" int aare_add_rule(aare_ruleset_t *rules, char *rule, uint32_t perms)
 {
-    static MatchFlag *match_flags[sizeof(perms) * 8];
-    static ExactMatchFlag *exact_match_flags[sizeof(perms) * 8];
+    static MatchFlag *match_flags[sizeof(perms) * 8 - 4 + 8];
+    static MatchFlag *exec_match_flags[8];
+    static ExactMatchFlag *exact_match_flags[8];
     Node *tree, *accept;
     int exact_match;
 
@@ -1533,6 +1554,9 @@ extern "C" int aare_add_rule(aare_ruleset_t *rules, char *rule, uint32_t perms)
     if (regexp_parse(&tree, rule))
 	return 0;
 
+if ((perms & AA_EXEC_MODIFIERS) > AA_EXEC_PROFILE_OR_INHERIT) fprintf(stderr, "bad accept perm 0x%x when adding rule\n", perms);
+ if ((perms & AA_MAY_EXEC) && !(perms & AA_EXEC_MODIFIERS))
+     fprintf(stderr, "Rule with exec bits and not exec modifiers\n\t 0x%x %s\n", perms, rule);
     /*
      * Check if we have an expression with or without wildcards. This
      * determines how exec modifiers are merged in accept_perms() based
@@ -1552,19 +1576,29 @@ extern "C" int aare_add_rule(aare_ruleset_t *rules, char *rule, uint32_t perms)
 	flip_tree(tree);
 
     accept = NULL;
-    for (unsigned int n = 0; perms && n < sizeof(perms) * 8; n++) {
+    for (unsigned int n = 0; perms && n < (sizeof(perms) * 8) - 4; n++) {
 	uint32_t mask = 1 << n;
 
 	if (perms & mask) {
 	    perms &= ~mask;
 
 	    Node *flag;
-	    if (exact_match && (mask & ~ACCUMULATING_FLAGS)) {
-		    if (exact_match_flags[n])
-			flag = exact_match_flags[n]->dup();
-		    else {
-			exact_match_flags[n] = new ExactMatchFlag(mask);
-			flag = exact_match_flags[n];
+	    if ((mask & AA_MAY_EXEC) && (perms & AA_EXEC_MODIFIERS)) {
+		    int index = (perms & AA_EXEC_MODIFIERS) >> AA_EXEC_MOD_SHIFT;
+		    if (exact_match) {
+			    if (exact_match_flags[index])
+				    flag = exact_match_flags[index]->dup();
+			    else {
+				    exact_match_flags[index] = new ExactMatchFlag(mask | (perms & AA_EXEC_MODIFIERS));
+				    flag = exact_match_flags[index];
+			    }
+		    } else {
+			    if (exec_match_flags[index])
+				    flag = exec_match_flags[index]->dup();
+			    else {
+				    exec_match_flags[index] = new MatchFlag(mask | (perms & AA_EXEC_MODIFIERS));
+				    flag = exec_match_flags[index];
+			    }
 		    }
 	    } else {
 		    if (match_flags[n])
@@ -1585,7 +1619,6 @@ extern "C" int aare_add_rule(aare_ruleset_t *rules, char *rule, uint32_t perms)
     return 1;
 }
 
-#undef ACCUMULATING_FLAGS
 
 /* create a dfa from the ruleset
  * returns: buffer contain dfa tables, @size set to the size of the tables

parser/parser_lex.l

@@ -53,7 +53,8 @@ COLON		:
 END_OF_RULE	[,]
 SEPERATOR 	{UP}
 RANGE		-
-MODES 		([RrWwaLlMmk]|([Pp][Xx])|([Uu][Xx])|([Ii][Xx]))+
+MODE_CHARS 	([RrWwaLlMmk])|([Pp][Xx])|([Uu][Xx])|([Ii][Xx])|([Pp][Ii][Xx])
+MODES		{MODE_CHARS}+
 WS		[[:blank:]]
 NUMBER		[[:digit:]]+
 ID 		[^ \t\n"!,]|(,[^ \t\n"!])

parser/parser_merge.c

@@ -88,25 +88,21 @@ static int process_file_entries(struct codomain *cod)
 	qsort(table, count, sizeof(struct cod_entry *), file_comp);
 	table[count] = NULL;
 
-#define CHECK_CONFLICT_UNSAFE(a, b) \
-	((HAS_EXEC_UNSAFE(a) ^ HAS_EXEC_UNSAFE(b)) && \
-	 ((HAS_EXEC_PROFILE(a) && HAS_EXEC_PROFILE(b)) || \
-	  (HAS_EXEC_UNCONFINED(a) && HAS_EXEC_UNCONFINED(b))))
+#define X_CONFLICT(a, b) \
+	(HAS_MAY_EXEC(a) && HAS_MAY_EXEC(b) && \
+	 (((a) & (AA_EXEC_MODIFIERS | AA_EXEC_UNSAFE)) != \
+	  ((b) & (AA_EXEC_MODIFIERS | AA_EXEC_UNSAFE))))
 
 	/* walk the sorted table merging similar entries */
 	for (cur = table[0], next = table[1], n = 1; next != NULL; n++, next = table[n]) {
 		if (file_comp(&cur, &next) == 0) {
-			int conflict = CHECK_CONFLICT_UNSAFE(cur->mode, next->mode);
-
-			cur->mode |= next->mode;
 			/* check for merged x consistency */
-			if (HAS_MAY_EXEC(cur->mode) &&
-			    (!AA_EXEC_SINGLE_MODIFIER_SET(cur->mode) ||
-			     conflict)) {
+			if (X_CONFLICT(cur->mode, next->mode)) {
 				PERROR(_("profile %s: has merged rule %s with multiple x modifiers\n"),
 				       cod->name, cur->name);
 				return 0;
 			}
+			cur->mode |= next->mode;
 			free(next->name);
 			free(next);
 			table[n] = NULL;

parser/parser_misc.c

@@ -430,11 +430,10 @@ int parse_mode(const char *str_mode)
 	/* The 'check' int is a bit of a kludge, but we need some context
 	   when we're doing permission checking */
 
-#define IS_DIFF_QUAL(q) (qual && qual != (q) ? TRUE : (qual = (q), FALSE))
+#define IS_DIFF_QUAL(mode, q) (((mode) & AA_MAY_EXEC) && (((mode) & (AA_EXEC_MODIFIERS | AA_EXEC_UNSAFE)) != (q)))
 
 	int mode = 0;
 	const char *p;
-	char qual = 0;
 
 	PDEBUG("Parsing mode: %s\n", str_mode);
 
@@ -446,6 +445,7 @@ int parse_mode(const char *str_mode)
 		char this = *p;
 		char next = *(p + 1);
 		char lower;
+		int tmode = 0;
 
 reeval:
 		switch (this) {
@@ -480,61 +480,60 @@ reeval:
 
 		case COD_INHERIT_CHAR:
 			PDEBUG("Parsing mode: found INHERIT\n");
-			if (next != COD_EXEC_CHAR && tolower(next) != COD_EXEC_CHAR) {
-				yyerror(_("Exec qualifier 'i' must be followed by 'x'"));
-			} else if (IS_DIFF_QUAL(this)) {
+			if (IS_DIFF_QUAL(mode, AA_EXEC_INHERIT)) {
 				yyerror(_("Exec qualifier 'i' invalid, conflicting qualifier already specified"));
 			} else {
 				if (next != tolower(next))
 					warn_uppercase();
-				mode |=
-				    (AA_EXEC_INHERIT | AA_MAY_EXEC);
+				mode |= (AA_EXEC_INHERIT | AA_MAY_EXEC);
 				p++;	/* skip 'x' */
 			}
 			break;
 
 		case COD_UNSAFE_UNCONFINED_CHAR:
-			mode |= AA_EXEC_UNSAFE;
+			tmode = AA_EXEC_UNSAFE;
 			pwarn(_("Unconfined exec qualifier (%c%c) allows some dangerous environment variables "
 				"to be passed to the unconfined process; 'man 5 apparmor.d' for details.\n"),
 			      COD_UNSAFE_UNCONFINED_CHAR, COD_EXEC_CHAR);
 			/* fall through */
 		case COD_UNCONFINED_CHAR:
 			PDEBUG("Parsing mode: found UNCONFINED\n");
-			if (next != COD_EXEC_CHAR && tolower(next) != COD_EXEC_CHAR) {
-				yyerror(_("Exec qualifier '%c' must be followed by 'x'"),
-					this);
-			} else if (IS_DIFF_QUAL(this)) {
+			if (IS_DIFF_QUAL(mode, tmode | AA_EXEC_UNCONFINED)) {
 				yyerror(_("Exec qualifier '%c' invalid, conflicting qualifier already specified"),
 					this);
 			} else {
 				if (next != tolower(next))
 					warn_uppercase();
-				mode |=
-				    (AA_EXEC_UNCONFINED |
-				     AA_MAY_EXEC);
+				mode |= tmode | AA_EXEC_UNCONFINED |
+				    AA_MAY_EXEC;
 				p++;	/* skip 'x' */
 			}
+			tmode = 0;
 			break;
 
 		case COD_UNSAFE_PROFILE_CHAR:
-			mode |= AA_EXEC_UNSAFE;
+			tmode = AA_EXEC_UNSAFE;
 			/* fall through */
 		case COD_PROFILE_CHAR:
 			PDEBUG("Parsing mode: found PROFILE\n");
-			if (next != COD_EXEC_CHAR && tolower(next) != COD_EXEC_CHAR) {
-				yyerror(_("Exec qualifier '%c' must be followed by 'x'"),
-					this);
-			} else if (IS_DIFF_QUAL(this)) {
+			if (tolower(next) == COD_INHERIT_CHAR) {
+				if (IS_DIFF_QUAL(mode, tmode | AA_EXEC_PROFILE_OR_INHERIT)) {
+					yyerror(_("Exec qualifier '%c%c' invalid, conflicting qualifier already specified"), this, next);
+				} else {
+					mode |= tmode | AA_MAY_EXEC |
+					    AA_EXEC_PROFILE_OR_INHERIT;
+					p += 2;		/* skip x */
+				}
+			} else if (IS_DIFF_QUAL(mode, tmode | AA_EXEC_PROFILE)) {
 				yyerror(_("Exec qualifier '%c' invalid, conflicting qualifier already specified"),
 					this);
 			} else {
 				if (next != tolower(next))
 					warn_uppercase();
-				mode |=
-				    (AA_EXEC_PROFILE | AA_MAY_EXEC);
+				mode |= tmode | AA_EXEC_PROFILE | AA_MAY_EXEC;
 				p++;	/* skip 'x' */
 			}
+			tmode = 0;
 			break;
 
 		case COD_MMAP_CHAR:

parser/parser_regex.c

@@ -497,7 +497,7 @@ static int process_dfa_entry(aare_ruleset_t *dfarules, struct cod_entry *entry)
 	/* ix implies m but the apparmor module does not add m bit to
 	 * dfa states like it does for pcre
 	 */
-	if (entry->mode & AA_EXEC_INHERIT)
+	if ((entry->mode & AA_EXEC_MODIFIERS) == AA_EXEC_INHERIT)
 		entry->mode |= AA_EXEC_MMAP;
 	if (!aare_add_rule(dfarules, tbuf, entry->mode))
 		ret = FALSE;

parser/tst/simple_tests/simple_bad_34.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rIUx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_1.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rp,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_10.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls Urx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_11.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rpux,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_12.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rPux,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_13.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rpUx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_14.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rPUx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_15.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rppx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_16.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rpPx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_17.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rPpx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_18.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rPPx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_19.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls ripx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_2.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rP,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_20.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls riPx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_21.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rIpx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_22.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rIPx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_23.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rupx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_24.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls ruPx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_25.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rUpx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_26.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rUPx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_27.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls ruix,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_28.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls ruIx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_29.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rUix,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_3.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls ri,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_30.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rUIx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_31.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls riux,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_32.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls riUx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_33.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION only pix is allowed as a multiple x modifier
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rIux,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_4.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls ru,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_5.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls rU,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_6.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls prx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_7.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls irx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_8.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls irx,
+}
+

parser/tst/simple_tests/simple_bad_x_mods_9.sd

@@ -0,0 +1,9 @@
+#
+#=DESCRIPTION x modifiers can not appear by themselves
+#=EXRESULT FAIL
+#
+/usr/bin/foo {
+  #include <includes/files>
+  /bin/ls urx,
+}
+

parser/tst/simple_tests/simple_ok_pix_1.sd

@@ -0,0 +1,10 @@
+#
+#=DESCRIPTION test pix
+#=EXRESULT PASS
+#
+/usr/bin/foo {
+  /bin/cat pix,
+  /bin/foo Pix,
+  /bin/bar pIx,
+  /bin/a   PIx,
+}