import sys, commands, os, re

obj="(\{[^\}]*\}|[^ \t:]*)"
allow_regexp="allow[ \t]+%s[ \t]*%s[ \t]*:[ \t]*%s[ \t]*%s" % (obj, obj, obj, obj)

class accessTrans:
    def __init__(self):
        self.dict={}
        fd=open("/usr/share/selinux/refpolicy/include/obj_perm_sets.spt")
        records=fd.read().split("\n")
        regexp="^define *\(`([^']*)' *, *` *\{([^}]*)}'"
        for r in records:
            m=re.match(regexp,r)
            if m!=None:
                self.dict[m.groups()[0]] = m.groups()[1].split()
        fd.close()
    def get(self, var):
        l=[]
        for v in var:
            if v in self.dict.keys():
                l += self.dict[v]
            else:
                if v not in ("{", "}"):
                    l.append(v)
        return l

class interfaces:
    def __init__(self):
        self.dict={}
        trans=accessTrans()
        awk_file="extract-interface.awk"
        if os.path.exists(awk_file):
            rc=commands.getstatusoutput("awk -f %s /usr/share/selinux/refpolicy/include/*.if" % awk_file) 
        else:
            rc=commands.getstatusoutput("awk -f /usr/share/selinux/refpolicy/%s /usr/share/selinux/refpolicy/include/*.if" % awk_file)
        if rc[0] == 0:
            regexp="([^ \t]*)[ \t]+([^ \t]*)[ \t]+%s" % allow_regexp
            records=rc[1].split("\n")
            for r in records:
                m=re.match(regexp,r)
                if m==None:
                    continue
                else:
                    val=m.groups()
                file=os.path.basename(val[0]).split(".")[0]
                iface=val[1]
                Scon=val[2].split()
                Tcon=val[3].split()
                Class=val[4].split()
                Access=trans.get(val[5].split())
                for s in Scon:
                    for t in Tcon:
                        for c in Class:
                            if (s, t, c) not in self.dict.keys():
                                self.dict[(s, t, c)]=[]
                            self.dict[(s, t, c)].append((Access, file, iface))
    def out(self):
        keys=self.dict.keys()
        keys.sort()
        for k in keys:
            print k
            for i in self.dict[k]:
                print "\t", i
                
    def match(self, Scon, Tcon, Class, Access):
        keys=self.dict.keys()
        if (Scon, Tcon, Class) in keys:
            return self.dict[(Scon, Tcon, Class)]
        if ("$1", Tcon, Class) in keys:
            return self.dict[("$1", Tcon, Class)]
        if (Scon, "$1", Class) in keys:
            return self.dict[("$1", Tcon, Class)]
        else:
            return None
        
iface=interfaces()
dict={}
dict["__allow_rules__"]=[]
rec=sys.stdin.readline()
while len(rec):
	r=rec.strip(";\n")
        m=re.match(allow_regexp,r)
        if m==None:
            continue
        else:
            val=m.groups()
        Scon=val[0]
        Tcon=val[1]
        Class=val[2]
        Access=val[3]
        m=iface.match(Scon,Tcon,Class,Access)
        if m == None:
            print  r
        else:
            file=m[0][1]
            print"# Replace next allow rule with one of the following\n# %s "% r
            print "\ngen_require(`%s', `" % m[0][1]
            for i in m:
                if file != i[1]:
                    print "')\ngen_require(`%s', `" % i[1]
                    file = i[1]
                print "\t%s(%s)" % (i[2], Scon)
            print "')"

	rec=sys.stdin.readline()