vim/vim-7.0-filetype_apparmor.patch

Index: vim71/runtime/filetype.vim
===================================================================
--- vim71.orig/runtime/filetype.vim
+++ vim71/runtime/filetype.vim
@@ -110,6 +110,10 @@ au BufNewFile,BufRead proftpd.conf*		cal
 au BufNewFile,BufRead .htaccess			 setf apache
 au BufNewFile,BufRead httpd.conf*,srm.conf*,access.conf*,apache.conf*,apache2.conf*,/etc/apache2/*.conf* call s:StarSetf('apache')
 
+" AppArmor
+au BufNewFile,BufRead */etc/apparmor.d/*	setf apparmor
+au BufNewFile,BufRead */etc/apparmor/profiles/*	setf apparmor
+
 " XA65 MOS6510 cross assembler
 au BufNewFile,BufRead *.a65			setf a65
 
Index: vim71/runtime/syntax/apparmor.vim
===================================================================
--- /dev/null
+++ vim71/runtime/syntax/apparmor.vim
@@ -0,0 +1,170 @@
+" $Id$
+"
+" ----------------------------------------------------------------------
+"    Copyright (c) 2005 Novell, Inc. All Rights Reserved.
+"    Copyright (c) 2006 Christian Boltz. All Rights Reserved.
+"      
+"    This program is free software; you can redistribute it and/or
+"    modify it under the terms of version 2 of the GNU General Public
+"    License as published by the Free Software Foundation.
+"      
+"    This program is distributed in the hope that it will be useful,
+"    but WITHOUT ANY WARRANTY; without even the implied warranty of
+"    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+"    GNU General Public License for more details.
+"      
+"    You should have received a copy of the GNU General Public License
+"    along with this program; if not, contact Novell, Inc.
+"      
+"    To contact Novell about this file by physical or electronic mail, 
+"    you may find current contact information at www.novell.com.
+"
+"    To contact Christian Boltz about this file by physical or electronic
+"    mail, you may find current contact information at www.cboltz.de.
+" ----------------------------------------------------------------------
+"
+" stick this file into ~/.vim/syntax/ and add these commands into your .vimrc 
+" to have vim automagically use this syntax file for these directories:
+"
+" autocmd BufNewFile,BufRead /etc/apparmor.d/*        set syntax=apparmor
+" autocmd BufNewFile,BufRead /etc/apparmor/profiles/* set syntax=apparmor
+
+
+" color setup...
+
+" adjust colors according to the background
+
+" switching colors depending on the background color doesn't work
+" unfortunately, so we use colors that work with light and dark background.
+" Patches welcome ;-)
+
+"if &background == "light"
+" light background
+	hi sdProfileName ctermfg=lightblue
+	hi sdHatName ctermfg=darkblue
+	hi sdGlob       ctermfg=darkmagenta
+	hi sdEntryWriteExec     ctermfg=black ctermbg=yellow
+	hi sdEntryUX     ctermfg=darkred cterm=underline
+	hi sdEntryCUX     ctermfg=darkred
+	hi sdEntryIX     ctermfg=darkcyan
+	hi sdEntryM     ctermfg=darkcyan
+	hi sdEntryPX     ctermfg=darkgreen cterm=underline
+	hi sdEntryCPX     ctermfg=darkgreen
+	hi sdEntryW     ctermfg=darkyellow
+	hi sdCap	ctermfg=lightblue
+	hi sdNetwork	ctermfg=lightblue
+	hi sdNetworkDanger ctermfg=darkred
+	hi sdCapKey	cterm=underline ctermfg=lightblue
+	hi sdCapDanger ctermfg=darkred
+	hi def link sdEntryR Normal
+	hi def link sdEntryK Normal
+	hi def link sdFlags Normal
+	hi sdEntryChangeProfile     ctermfg=darkgreen cterm=underline
+"else 
+" dark background
+"	hi sdProfileName ctermfg=white
+"	hi sdHatName ctermfg=white
+"	hi sdGlob       ctermfg=magenta
+"	hi sdEntryWriteExec     ctermfg=black ctermbg=yellow
+"	hi sdEntryUX     ctermfg=red cterm=underline
+"	hi sdEntryCUX     ctermfg=red
+"	hi sdEntryIX     ctermfg=cyan
+"	hi sdEntryM     ctermfg=cyan
+"	hi sdEntryPX     ctermfg=green cterm=underline
+"	hi sdEntryCPX     ctermfg=green
+"	hi sdEntryW     ctermfg=yellow
+"	hi sdCap	ctermfg=lightblue
+"	hi sdCapKey	cterm=underline ctermfg=lightblue
+"	hi def link sdEntryR Normal
+"	hi def link sdFlags Normal
+"	hi sdCapDanger ctermfg=red
+"endif
+
+hi def link sdInclude     Include
+high def link sdComment     Comment
+high def link sdFlagKey     TODO
+high def link sdError      ErrorMsg
+
+
+" always sync from the start.  should be relatively quick since we don't have
+" that many rules and profiles shouldn't be _extremely_ large...
+ syn sync fromstart
+
+syn keyword	sdFlagKey	complain audit debug
+
+" highlight some invalid syntax
+"syn match sdError /\v.+$/  " causes false positives on '}' :-(
+syn match sdError /{/ contained
+syn match sdError /}/
+syn match sdError /^.*$/ "highlight all non-valid lines as error
+
+syn match sdGlob /\v\?|\*|\{.*,.*\}|[[^\]]\+\]|\@\{[a-zA-Z]*\}/
+
+syn cluster sdEntry contains=sdEntryWriteExec,sdEntryR,sdEntryW,sdEntryIX,sdEntryPX,sdEntryCPX,sdEntryUX,sdEntryCUX,sdEntryM,sdCap
+
+
+" Capability line
+syn keyword  sdCapKey          chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease
+syn keyword sdCapDanger	       sys_admin
+
+syn match  sdCap /\v^\s*capability\s+\S+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdCapKey,sdCapDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" Network line
+" Syntax: network domain (inet, ...) type (stream, ...) protocol (tcp, ...)
+syn keyword sdNetworkDanger raw
+syn match  sdNetwork         /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(stream|dgram|seqpacket|raw|rdm|packet))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/ contains=sdNetworkDanger nextgroup=@sdEntry,sdComment,sdError,sdInclude
+"syn match  sdNetworkDanger   /\v^\s*network(\s+(inet|ax25|ipx|appletalk|netrom|bridge|atmpvc|x25|inet6|rose|netbeui|security|key|packet|ash|econet|atmsvc|sna|irda|pppox|wanpipe|bluetooth))?(\s+(raw))?(\s+(tcp|udp|icmp))?,(\s*$|(\s*#.*$)\@=)/
+
+syn match   sdEntryChangeProfile    /\v^\s*change_profile\s+(\/|\@\{\S*\})\S*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" file permissions
+"
+" write + exec/mmap - danger!
+" known bug: accepts 'aw' to keep things simple
+syn match  sdEntryWriteExec /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|a|m|k|[iuUpP]x)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" ux(mr) - unconstrained entry, flag the line red
+syn match  sdEntryUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" Ux(mr) - like ux + clean environment
+syn match  sdEntryCUX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Ux)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" px(mr) - standard exec entry, flag the line blue
+syn match  sdEntryPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" Px(mr) - like px + clean environment
+syn match  sdEntryCPX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|Px)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" ix(mr) - standard exec entry, flag the line green
+syn match  sdEntryIX /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k|ix)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" mr - mmap with PROT_EXEC
+syn match  sdEntryM /\v^\s*(\/|\@\{\S*\})\S*\s+(r|m|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" if we've got u or i without x, it's an error
+syn match  sdError /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k|u|p|i)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" write + append is an error also
+syn match  sdError /\v^\s*(\/|\@\{\S*\})\S*\s+([lrkupi]*w[lrkupi]*a[lrkupi]*|[lrkupi]*a[lrkupi]*w[lrkupi]*)\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" write entry, flag the line yellow
+syn match  sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|w|k)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+" append entry, flag the line yellow
+syn match  sdEntryW /\v^\s*(\/|\@\{\S*\})\S*\s+(l|r|k|a)+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError,sdInclude
+
+" read entry + locking, currently no highlighting
+syn match  sdEntryK /\v^\s*(\/|\@\{\S*\})\S*\s+[rlk]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError
+" read entry, no highlighting
+syn match  sdEntryR /\v^\s*(\/|\@\{\S*\})\S*\s+[rl]+\s*,(\s*$|(\s*#.*$)\@=)/ contains=sdGlob nextgroup=@sdEntry,sdComment,sdError
+
+syn match sdProfileName /\v^\/\S+\s+(flags\=\(\S+\)\s+)=\{/ contains=sdProfileStart,sdHatName,sdFlags
+syn match sdProfileStart /{/ contained 
+syn match sdProfileEnd /}/ " contained
+syn match sdHatName /\v^\s+\^\S+\s+(flags\=\(\S+\)\s+)=\{/ contains=sdProfileStart,sdFlags
+syn match sdHatStart /{/ contained 
+syn match sdHatEnd /}/ contained
+syn match sdFlags /\vflags\=\(\S+\)/ contained contains=sdFlagKey
+
+syn match sdComment /\s*#.*$/
+syn match sdInclude /\s*#include.*$/
+
+" basic profile block...
+" \s+ does not work in end=, therefore using \s\s*
+syn region Normal start=/\v^\s*\^\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdProfileEnd end=/^}\s*$/ contains=sdProfileName,Hat,@sdEntry,sdComment,sdError,sdInclude
+syn region Hat start=/\v^\s+\^\S+\s+(flags\=\(\S+\)\s+)=\{/ matchgroup=sdHatEnd end=/^\s\s*}\s*$/ contained contains=sdHatName,@sdEntry,sdComment,sdError,sdInclude
+