Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / selinux / de311acdc976f8a8ec186d99181782e56b12b454 / . / checkpolicy / policy_scan.l
blob: ed27bbe79962b668285e839a2c73b87c594219e9 [file] [log] [blame]
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]1
2/*
3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
4 */
5
6/* Updated: David Caplan, <dac@tresys.com>
7 *
8 * Added conditional policy language extensions
9 *
10 * Jason Tang <jtang@tresys.com>
11 *
12 * Added support for binary policy modules
13 *
14 * Copyright (C) 2003-5 Tresys Technology, LLC
15 * This program is free software; you can redistribute it and/or modify
16 * it under the terms of the GNU General Public License as published by
17 * the Free Software Foundation, version 2.
18 */
19
20/* FLASK */
21
22%{
23#include <sys/types.h>
24#include <limits.h>
25#include <stdint.h>
26#include <string.h>
27
28typedef int (* require_func_t)();
29
30#include "y.tab.h"
31
32static char linebuf[2][255];
33static unsigned int lno = 0;
34int yywarn(char *msg);
35
36void set_source_file(const char *name);
37
38char source_file[PATH_MAX];
39unsigned long source_lineno = 1;
40
41unsigned long policydb_lineno = 1;
42
43unsigned int policydb_errors = 0;
44%}
45
46%option noinput nounput
47
48%array
49letter [A-Za-z]
50digit [0-9]
51alnum [a-zA-Z0-9]
52hexval [0-9A-Fa-f]
53
54%%
55\n.* { strncpy(linebuf[lno], yytext+1, 255);
56 linebuf[lno][254] = 0;
57 lno = 1 - lno;
58 policydb_lineno++;
59 source_lineno++;
60 yyless(1); }
61CLONE |
62clone { return(CLONE); }
63COMMON |
64common { return(COMMON); }
65CLASS |
66class { return(CLASS); }
67CONSTRAIN |
68constrain { return(CONSTRAIN); }
69VALIDATETRANS |
70validatetrans { return(VALIDATETRANS); }
71INHERITS |
72inherits { return(INHERITS); }
73SID |
74sid { return(SID); }
75ROLE |
76role { return(ROLE); }
77ROLES |
78roles { return(ROLES); }
Harry Ciao16675b72011-07-25 09:23:54 +0800[diff] [blame]79ROLEATTRIBUTE |
80roleattribute { return(ROLEATTRIBUTE);}
81ATTRIBUTE_ROLE |
82attribute_role { return(ATTRIBUTE_ROLE);}
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]83TYPES |
84types { return(TYPES); }
85TYPEALIAS |
86typealias { return(TYPEALIAS); }
87TYPEATTRIBUTE |
88typeattribute { return(TYPEATTRIBUTE); }
Joshua Brindle45728402008-10-08 06:56:51 -0400[diff] [blame]89TYPEBOUNDS |
90typebounds { return(TYPEBOUNDS); }
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]91TYPE |
92type { return(TYPE); }
93BOOL |
94bool { return(BOOL); }
95IF |
96if { return(IF); }
97ELSE |
98else { return(ELSE); }
99ALIAS |
100alias { return(ALIAS); }
101ATTRIBUTE |
102attribute { return(ATTRIBUTE); }
103TYPE_TRANSITION |
104type_transition { return(TYPE_TRANSITION); }
105TYPE_MEMBER |
106type_member { return(TYPE_MEMBER); }
107TYPE_CHANGE |
108type_change { return(TYPE_CHANGE); }
109ROLE_TRANSITION |
110role_transition { return(ROLE_TRANSITION); }
111RANGE_TRANSITION |
112range_transition { return(RANGE_TRANSITION); }
113SENSITIVITY |
114sensitivity { return(SENSITIVITY); }
115DOMINANCE |
116dominance { return(DOMINANCE); }
117CATEGORY |
118category { return(CATEGORY); }
119LEVEL |
120level { return(LEVEL); }
121RANGE |
122range { return(RANGE); }
123MLSCONSTRAIN |
124mlsconstrain { return(MLSCONSTRAIN); }
125MLSVALIDATETRANS |
126mlsvalidatetrans { return(MLSVALIDATETRANS); }
127USER |
128user { return(USER); }
129NEVERALLOW |
130neverallow { return(NEVERALLOW); }
131ALLOW |
132allow { return(ALLOW); }
133AUDITALLOW |
134auditallow { return(AUDITALLOW); }
135AUDITDENY |
136auditdeny { return(AUDITDENY); }
137DONTAUDIT |
138dontaudit { return(DONTAUDIT); }
139SOURCE |
140source { return(SOURCE); }
141TARGET |
142target { return(TARGET); }
143SAMEUSER |
144sameuser { return(SAMEUSER);}
145module|MODULE { return(MODULE); }
146require|REQUIRE { return(REQUIRE); }
147optional|OPTIONAL { return(OPTIONAL); }
148OR |
149or { return(OR);}
150AND |
151and { return(AND);}
152NOT |
153not { return(NOT);}
154xor |
155XOR { return(XOR); }
156eq |
157EQ { return(EQUALS);}
158true |
159TRUE { return(CTRUE); }
160false |
161FALSE { return(CFALSE); }
162dom |
163DOM { return(DOM);}
164domby |
165DOMBY { return(DOMBY);}
166INCOMP |
167incomp { return(INCOMP);}
168fscon |
169FSCON { return(FSCON);}
170portcon |
171PORTCON { return(PORTCON);}
172netifcon |
173NETIFCON { return(NETIFCON);}
174nodecon |
175NODECON { return(NODECON);}
Paul Nuzzi79d10a82009-09-29 10:06:26 -0400[diff] [blame]176pirqcon |
177PIRQCON { return(PIRQCON);}
178iomemcon |
179IOMEMCON { return(IOMEMCON);}
180ioportcon |
181IOPORTCON { return(IOPORTCON);}
182pcidevicecon |
183PCIDEVICECON { return(PCIDEVICECON);}
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]184fs_use_xattr |
185FS_USE_XATTR { return(FSUSEXATTR);}
186fs_use_task |
187FS_USE_TASK { return(FSUSETASK);}
188fs_use_trans |
189FS_USE_TRANS { return(FSUSETRANS);}
190genfscon |
191GENFSCON { return(GENFSCON);}
192r1 |
193R1 { return(R1); }
194r2 |
195R2 { return(R2); }
196r3 |
197R3 { return(R3); }
198u1 |
199U1 { return(U1); }
200u2 |
201U2 { return(U2); }
202u3 |
203U3 { return(U3); }
204t1 |
205T1 { return(T1); }
206t2 |
207T2 { return(T2); }
208t3 |
209T3 { return(T3); }
210l1 |
211L1 { return(L1); }
212l2 |
213L2 { return(L2); }
214h1 |
215H1 { return(H1); }
216h2 |
217H2 { return(H2); }
218policycap |
219POLICYCAP { return(POLICYCAP); }
220permissive |
221PERMISSIVE { return(PERMISSIVE); }
Stephen Smalleyd5286d72008-10-14 10:57:24 -0400[diff] [blame]222"/"({alnum}|[_\.\-/])* { return(PATH); }
223{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); }
Paul Nuzzi79d10a82009-09-29 10:06:26 -0400[diff] [blame]224{digit}+|0x{hexval}+ { return(NUMBER); }
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]225{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); }
226{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); }
227{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); }
Dan Walshd72a9ec2011-04-12 09:54:46 -0400[diff] [blame]228\"({alnum}|[_\.\-])+\" { return(FILENAME); }
229{alnum}* { return(FILENAME); }
230\.({alnum}|[_\.\-])* { return(FILENAME); }
231{letter}+([-_\.]|{alnum})+ { return(FILENAME); }
232([_\.]){alnum}+ { return(FILENAME); }
Joshua Brindle13cd4c82008-08-19 15:30:36 -0400[diff] [blame]233#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); }
234#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; }
235#[^\n]* { /* delete comments */ }
236[ \t\f]+ { /* delete whitespace */ }
237"==" { return(EQUALS); }
238"!=" { return (NOTEQUAL); }
239"&&" { return (AND); }
240"||" { return (OR); }
241"!" { return (NOT); }
242"^" { return (XOR); }
243"," |
244":" |
245";" |
246"(" |
247")" |
248"{" |
249"}" |
250"[" |
251"-" |
252"." |
253"]" |
254"~" |
255"*" { return(yytext[0]); }
256. { yywarn("unrecognized character");}
257%%
258int yyerror(char *msg)
259{
260 if (source_file[0])
261 fprintf(stderr, "%s:%ld:",
262 source_file, source_lineno);
263 else
264 fprintf(stderr, "(unknown source)::");
265 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n",
266 msg,
267 yytext,
268 policydb_lineno,
269 linebuf[0], linebuf[1]);
270 policydb_errors++;
271 return -1;
272}
273
274int yywarn(char *msg)
275{
276 if (source_file[0])
277 fprintf(stderr, "%s:%ld:",
278 source_file, source_lineno);
279 else
280 fprintf(stderr, "(unknown source)::");
281 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n",
282 msg,
283 yytext,
284 policydb_lineno,
285 linebuf[0], linebuf[1]);
286 return 0;
287}
288
289void set_source_file(const char *name)
290{
291 source_lineno = 1;
292 strncpy(source_file, name, sizeof(source_file)-1);
293 source_file[sizeof(source_file)-1] = '\0';
294}