Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 1 | |
| 2 | /* |
| 3 | * Author : Stephen Smalley, <sds@epoch.ncsc.mil> |
| 4 | */ |
| 5 | |
| 6 | /* Updated: David Caplan, <dac@tresys.com> |
| 7 | * |
| 8 | * Added conditional policy language extensions |
| 9 | * |
| 10 | * Jason Tang <jtang@tresys.com> |
| 11 | * |
| 12 | * Added support for binary policy modules |
| 13 | * |
| 14 | * Copyright (C) 2003-5 Tresys Technology, LLC |
| 15 | * This program is free software; you can redistribute it and/or modify |
| 16 | * it under the terms of the GNU General Public License as published by |
| 17 | * the Free Software Foundation, version 2. |
| 18 | */ |
| 19 | |
| 20 | /* FLASK */ |
| 21 | |
| 22 | %{ |
| 23 | #include <sys/types.h> |
| 24 | #include <limits.h> |
| 25 | #include <stdint.h> |
| 26 | #include <string.h> |
| 27 | |
| 28 | typedef int (* require_func_t)(); |
| 29 | |
Stephen Smalley | da752ca | 2012-02-23 10:14:13 -0500 | [diff] [blame] | 30 | #ifdef ANDROID |
| 31 | #include "policy_parse.h" |
| 32 | #else |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 33 | #include "y.tab.h" |
Stephen Smalley | da752ca | 2012-02-23 10:14:13 -0500 | [diff] [blame] | 34 | #endif |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 35 | |
| 36 | static char linebuf[2][255]; |
| 37 | static unsigned int lno = 0; |
| 38 | int yywarn(char *msg); |
| 39 | |
| 40 | void set_source_file(const char *name); |
| 41 | |
| 42 | char source_file[PATH_MAX]; |
| 43 | unsigned long source_lineno = 1; |
| 44 | |
| 45 | unsigned long policydb_lineno = 1; |
| 46 | |
| 47 | unsigned int policydb_errors = 0; |
| 48 | %} |
| 49 | |
Stephen Smalley | da752ca | 2012-02-23 10:14:13 -0500 | [diff] [blame] | 50 | %option noinput nounput noyywrap |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 51 | |
| 52 | %array |
| 53 | letter [A-Za-z] |
| 54 | digit [0-9] |
| 55 | alnum [a-zA-Z0-9] |
| 56 | hexval [0-9A-Fa-f] |
| 57 | |
| 58 | %% |
| 59 | \n.* { strncpy(linebuf[lno], yytext+1, 255); |
| 60 | linebuf[lno][254] = 0; |
| 61 | lno = 1 - lno; |
| 62 | policydb_lineno++; |
| 63 | source_lineno++; |
| 64 | yyless(1); } |
| 65 | CLONE | |
| 66 | clone { return(CLONE); } |
| 67 | COMMON | |
| 68 | common { return(COMMON); } |
| 69 | CLASS | |
| 70 | class { return(CLASS); } |
| 71 | CONSTRAIN | |
| 72 | constrain { return(CONSTRAIN); } |
| 73 | VALIDATETRANS | |
| 74 | validatetrans { return(VALIDATETRANS); } |
| 75 | INHERITS | |
| 76 | inherits { return(INHERITS); } |
| 77 | SID | |
| 78 | sid { return(SID); } |
| 79 | ROLE | |
| 80 | role { return(ROLE); } |
| 81 | ROLES | |
| 82 | roles { return(ROLES); } |
Harry Ciao | 16675b7 | 2011-07-25 09:23:54 +0800 | [diff] [blame] | 83 | ROLEATTRIBUTE | |
| 84 | roleattribute { return(ROLEATTRIBUTE);} |
| 85 | ATTRIBUTE_ROLE | |
| 86 | attribute_role { return(ATTRIBUTE_ROLE);} |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 87 | TYPES | |
| 88 | types { return(TYPES); } |
| 89 | TYPEALIAS | |
| 90 | typealias { return(TYPEALIAS); } |
| 91 | TYPEATTRIBUTE | |
| 92 | typeattribute { return(TYPEATTRIBUTE); } |
Joshua Brindle | 4572840 | 2008-10-08 06:56:51 -0400 | [diff] [blame] | 93 | TYPEBOUNDS | |
| 94 | typebounds { return(TYPEBOUNDS); } |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 95 | TYPE | |
| 96 | type { return(TYPE); } |
| 97 | BOOL | |
| 98 | bool { return(BOOL); } |
Harry Ciao | 80f26c5 | 2011-09-01 11:29:41 +0800 | [diff] [blame] | 99 | TUNABLE | |
| 100 | tunable { return(TUNABLE); } |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 101 | IF | |
| 102 | if { return(IF); } |
| 103 | ELSE | |
| 104 | else { return(ELSE); } |
| 105 | ALIAS | |
| 106 | alias { return(ALIAS); } |
| 107 | ATTRIBUTE | |
| 108 | attribute { return(ATTRIBUTE); } |
| 109 | TYPE_TRANSITION | |
| 110 | type_transition { return(TYPE_TRANSITION); } |
| 111 | TYPE_MEMBER | |
| 112 | type_member { return(TYPE_MEMBER); } |
| 113 | TYPE_CHANGE | |
| 114 | type_change { return(TYPE_CHANGE); } |
| 115 | ROLE_TRANSITION | |
| 116 | role_transition { return(ROLE_TRANSITION); } |
| 117 | RANGE_TRANSITION | |
| 118 | range_transition { return(RANGE_TRANSITION); } |
| 119 | SENSITIVITY | |
| 120 | sensitivity { return(SENSITIVITY); } |
| 121 | DOMINANCE | |
| 122 | dominance { return(DOMINANCE); } |
| 123 | CATEGORY | |
| 124 | category { return(CATEGORY); } |
| 125 | LEVEL | |
| 126 | level { return(LEVEL); } |
| 127 | RANGE | |
| 128 | range { return(RANGE); } |
| 129 | MLSCONSTRAIN | |
| 130 | mlsconstrain { return(MLSCONSTRAIN); } |
| 131 | MLSVALIDATETRANS | |
| 132 | mlsvalidatetrans { return(MLSVALIDATETRANS); } |
| 133 | USER | |
| 134 | user { return(USER); } |
| 135 | NEVERALLOW | |
| 136 | neverallow { return(NEVERALLOW); } |
| 137 | ALLOW | |
| 138 | allow { return(ALLOW); } |
| 139 | AUDITALLOW | |
| 140 | auditallow { return(AUDITALLOW); } |
| 141 | AUDITDENY | |
| 142 | auditdeny { return(AUDITDENY); } |
| 143 | DONTAUDIT | |
| 144 | dontaudit { return(DONTAUDIT); } |
| 145 | SOURCE | |
| 146 | source { return(SOURCE); } |
| 147 | TARGET | |
| 148 | target { return(TARGET); } |
| 149 | SAMEUSER | |
| 150 | sameuser { return(SAMEUSER);} |
| 151 | module|MODULE { return(MODULE); } |
| 152 | require|REQUIRE { return(REQUIRE); } |
| 153 | optional|OPTIONAL { return(OPTIONAL); } |
| 154 | OR | |
| 155 | or { return(OR);} |
| 156 | AND | |
| 157 | and { return(AND);} |
| 158 | NOT | |
| 159 | not { return(NOT);} |
| 160 | xor | |
| 161 | XOR { return(XOR); } |
| 162 | eq | |
| 163 | EQ { return(EQUALS);} |
| 164 | true | |
| 165 | TRUE { return(CTRUE); } |
| 166 | false | |
| 167 | FALSE { return(CFALSE); } |
| 168 | dom | |
| 169 | DOM { return(DOM);} |
| 170 | domby | |
| 171 | DOMBY { return(DOMBY);} |
| 172 | INCOMP | |
| 173 | incomp { return(INCOMP);} |
| 174 | fscon | |
| 175 | FSCON { return(FSCON);} |
| 176 | portcon | |
| 177 | PORTCON { return(PORTCON);} |
| 178 | netifcon | |
| 179 | NETIFCON { return(NETIFCON);} |
| 180 | nodecon | |
| 181 | NODECON { return(NODECON);} |
Paul Nuzzi | 79d10a8 | 2009-09-29 10:06:26 -0400 | [diff] [blame] | 182 | pirqcon | |
| 183 | PIRQCON { return(PIRQCON);} |
| 184 | iomemcon | |
| 185 | IOMEMCON { return(IOMEMCON);} |
| 186 | ioportcon | |
| 187 | IOPORTCON { return(IOPORTCON);} |
| 188 | pcidevicecon | |
| 189 | PCIDEVICECON { return(PCIDEVICECON);} |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 190 | fs_use_xattr | |
| 191 | FS_USE_XATTR { return(FSUSEXATTR);} |
| 192 | fs_use_task | |
| 193 | FS_USE_TASK { return(FSUSETASK);} |
| 194 | fs_use_trans | |
| 195 | FS_USE_TRANS { return(FSUSETRANS);} |
| 196 | genfscon | |
| 197 | GENFSCON { return(GENFSCON);} |
| 198 | r1 | |
| 199 | R1 { return(R1); } |
| 200 | r2 | |
| 201 | R2 { return(R2); } |
| 202 | r3 | |
| 203 | R3 { return(R3); } |
| 204 | u1 | |
| 205 | U1 { return(U1); } |
| 206 | u2 | |
| 207 | U2 { return(U2); } |
| 208 | u3 | |
| 209 | U3 { return(U3); } |
| 210 | t1 | |
| 211 | T1 { return(T1); } |
| 212 | t2 | |
| 213 | T2 { return(T2); } |
| 214 | t3 | |
| 215 | T3 { return(T3); } |
| 216 | l1 | |
| 217 | L1 { return(L1); } |
| 218 | l2 | |
| 219 | L2 { return(L2); } |
| 220 | h1 | |
| 221 | H1 { return(H1); } |
| 222 | h2 | |
| 223 | H2 { return(H2); } |
| 224 | policycap | |
| 225 | POLICYCAP { return(POLICYCAP); } |
| 226 | permissive | |
| 227 | PERMISSIVE { return(PERMISSIVE); } |
Eric Paris | 09c783c | 2011-12-05 13:28:51 -0500 | [diff] [blame] | 228 | default_user | |
| 229 | DEFAULT_USER { return(DEFAULT_USER); } |
| 230 | default_role | |
| 231 | DEFAULT_ROLE { return(DEFAULT_ROLE); } |
| 232 | default_range | |
| 233 | DEFAULT_RANGE { return(DEFAULT_RANGE); } |
| 234 | low-high | |
| 235 | LOW-HIGH { return(LOW_HIGH); } |
| 236 | high | |
| 237 | HIGH { return(HIGH); } |
| 238 | low | |
| 239 | LOW { return(LOW); } |
Stephen Smalley | d5286d7 | 2008-10-14 10:57:24 -0400 | [diff] [blame] | 240 | "/"({alnum}|[_\.\-/])* { return(PATH); } |
Dan Walsh | 0eed03e | 2012-04-03 18:56:20 -0400 | [diff] [blame] | 241 | \"({alnum}|[_\.\-\+\~])+\" { return(FILENAME); } |
Stephen Smalley | d5286d7 | 2008-10-14 10:57:24 -0400 | [diff] [blame] | 242 | {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } |
Eric Paris | fdeecca | 2011-11-02 13:03:59 -0400 | [diff] [blame] | 243 | {alnum}*{letter}{alnum}* { return(FILESYSTEM); } |
Paul Nuzzi | 79d10a8 | 2009-09-29 10:06:26 -0400 | [diff] [blame] | 244 | {digit}+|0x{hexval}+ { return(NUMBER); } |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 245 | {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } |
| 246 | {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } |
| 247 | {digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } |
Joshua Brindle | 13cd4c8 | 2008-08-19 15:30:36 -0400 | [diff] [blame] | 248 | #line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } |
| 249 | #line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } |
| 250 | #[^\n]* { /* delete comments */ } |
| 251 | [ \t\f]+ { /* delete whitespace */ } |
| 252 | "==" { return(EQUALS); } |
| 253 | "!=" { return (NOTEQUAL); } |
| 254 | "&&" { return (AND); } |
| 255 | "||" { return (OR); } |
| 256 | "!" { return (NOT); } |
| 257 | "^" { return (XOR); } |
| 258 | "," | |
| 259 | ":" | |
| 260 | ";" | |
| 261 | "(" | |
| 262 | ")" | |
| 263 | "{" | |
| 264 | "}" | |
| 265 | "[" | |
| 266 | "-" | |
| 267 | "." | |
| 268 | "]" | |
| 269 | "~" | |
| 270 | "*" { return(yytext[0]); } |
| 271 | . { yywarn("unrecognized character");} |
| 272 | %% |
| 273 | int yyerror(char *msg) |
| 274 | { |
| 275 | if (source_file[0]) |
| 276 | fprintf(stderr, "%s:%ld:", |
| 277 | source_file, source_lineno); |
| 278 | else |
| 279 | fprintf(stderr, "(unknown source)::"); |
| 280 | fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", |
| 281 | msg, |
| 282 | yytext, |
| 283 | policydb_lineno, |
| 284 | linebuf[0], linebuf[1]); |
| 285 | policydb_errors++; |
| 286 | return -1; |
| 287 | } |
| 288 | |
| 289 | int yywarn(char *msg) |
| 290 | { |
| 291 | if (source_file[0]) |
| 292 | fprintf(stderr, "%s:%ld:", |
| 293 | source_file, source_lineno); |
| 294 | else |
| 295 | fprintf(stderr, "(unknown source)::"); |
| 296 | fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", |
| 297 | msg, |
| 298 | yytext, |
| 299 | policydb_lineno, |
| 300 | linebuf[0], linebuf[1]); |
| 301 | return 0; |
| 302 | } |
| 303 | |
| 304 | void set_source_file(const char *name) |
| 305 | { |
| 306 | source_lineno = 1; |
| 307 | strncpy(source_file, name, sizeof(source_file)-1); |
| 308 | source_file[sizeof(source_file)-1] = '\0'; |
| 309 | } |