1 2/* 3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 4 */ 5 6/* Updated: David Caplan, <dac@tresys.com> 7 * 8 * Added conditional policy language extensions 9 * 10 * Jason Tang <jtang@tresys.com> 11 * 12 * Added support for binary policy modules 13 * 14 * Copyright (C) 2003-5 Tresys Technology, LLC 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation, version 2. 18 */ 19 20/* FLASK */ 21 22%{ 23#include <sys/types.h> 24#include <limits.h> 25#include <stdint.h> 26#include <string.h> 27 28typedef int (* require_func_t)(); 29 30#ifdef ANDROID 31#include "policy_parse.h" 32#else 33#include "y.tab.h" 34#endif 35 36static char linebuf[2][255]; 37static unsigned int lno = 0; 38int yywarn(char *msg); 39 40void set_source_file(const char *name); 41 42char source_file[PATH_MAX]; 43unsigned long source_lineno = 1; 44 45unsigned long policydb_lineno = 1; 46 47unsigned int policydb_errors = 0; 48%} 49 50%option noinput nounput noyywrap 51 52%array 53letter [A-Za-z] 54digit [0-9] 55alnum [a-zA-Z0-9] 56hexval [0-9A-Fa-f] 57 58%% 59\n.* { strncpy(linebuf[lno], yytext+1, 255); 60 linebuf[lno][254] = 0; 61 lno = 1 - lno; 62 policydb_lineno++; 63 source_lineno++; 64 yyless(1); } 65CLONE | 66clone { return(CLONE); } 67COMMON | 68common { return(COMMON); } 69CLASS | 70class { return(CLASS); } 71CONSTRAIN | 72constrain { return(CONSTRAIN); } 73VALIDATETRANS | 74validatetrans { return(VALIDATETRANS); } 75INHERITS | 76inherits { return(INHERITS); } 77SID | 78sid { return(SID); } 79ROLE | 80role { return(ROLE); } 81ROLES | 82roles { return(ROLES); } 83ROLEATTRIBUTE | 84roleattribute { return(ROLEATTRIBUTE);} 85ATTRIBUTE_ROLE | 86attribute_role { return(ATTRIBUTE_ROLE);} 87TYPES | 88types { return(TYPES); } 89TYPEALIAS | 90typealias { return(TYPEALIAS); } 91TYPEATTRIBUTE | 92typeattribute { return(TYPEATTRIBUTE); } 93TYPEBOUNDS | 94typebounds { return(TYPEBOUNDS); } 95TYPE | 96type { return(TYPE); } 97BOOL | 98bool { return(BOOL); } 99TUNABLE | 100tunable { return(TUNABLE); } 101IF | 102if { return(IF); } 103ELSE | 104else { return(ELSE); } 105ALIAS | 106alias { return(ALIAS); } 107ATTRIBUTE | 108attribute { return(ATTRIBUTE); } 109TYPE_TRANSITION | 110type_transition { return(TYPE_TRANSITION); } 111TYPE_MEMBER | 112type_member { return(TYPE_MEMBER); } 113TYPE_CHANGE | 114type_change { return(TYPE_CHANGE); } 115ROLE_TRANSITION | 116role_transition { return(ROLE_TRANSITION); } 117RANGE_TRANSITION | 118range_transition { return(RANGE_TRANSITION); } 119SENSITIVITY | 120sensitivity { return(SENSITIVITY); } 121DOMINANCE | 122dominance { return(DOMINANCE); } 123CATEGORY | 124category { return(CATEGORY); } 125LEVEL | 126level { return(LEVEL); } 127RANGE | 128range { return(RANGE); } 129MLSCONSTRAIN | 130mlsconstrain { return(MLSCONSTRAIN); } 131MLSVALIDATETRANS | 132mlsvalidatetrans { return(MLSVALIDATETRANS); } 133USER | 134user { return(USER); } 135NEVERALLOW | 136neverallow { return(NEVERALLOW); } 137ALLOW | 138allow { return(ALLOW); } 139AUDITALLOW | 140auditallow { return(AUDITALLOW); } 141AUDITDENY | 142auditdeny { return(AUDITDENY); } 143DONTAUDIT | 144dontaudit { return(DONTAUDIT); } 145SOURCE | 146source { return(SOURCE); } 147TARGET | 148target { return(TARGET); } 149SAMEUSER | 150sameuser { return(SAMEUSER);} 151module|MODULE { return(MODULE); } 152require|REQUIRE { return(REQUIRE); } 153optional|OPTIONAL { return(OPTIONAL); } 154OR | 155or { return(OR);} 156AND | 157and { return(AND);} 158NOT | 159not { return(NOT);} 160xor | 161XOR { return(XOR); } 162eq | 163EQ { return(EQUALS);} 164true | 165TRUE { return(CTRUE); } 166false | 167FALSE { return(CFALSE); } 168dom | 169DOM { return(DOM);} 170domby | 171DOMBY { return(DOMBY);} 172INCOMP | 173incomp { return(INCOMP);} 174fscon | 175FSCON { return(FSCON);} 176portcon | 177PORTCON { return(PORTCON);} 178netifcon | 179NETIFCON { return(NETIFCON);} 180nodecon | 181NODECON { return(NODECON);} 182pirqcon | 183PIRQCON { return(PIRQCON);} 184iomemcon | 185IOMEMCON { return(IOMEMCON);} 186ioportcon | 187IOPORTCON { return(IOPORTCON);} 188pcidevicecon | 189PCIDEVICECON { return(PCIDEVICECON);} 190fs_use_xattr | 191FS_USE_XATTR { return(FSUSEXATTR);} 192fs_use_task | 193FS_USE_TASK { return(FSUSETASK);} 194fs_use_trans | 195FS_USE_TRANS { return(FSUSETRANS);} 196genfscon | 197GENFSCON { return(GENFSCON);} 198r1 | 199R1 { return(R1); } 200r2 | 201R2 { return(R2); } 202r3 | 203R3 { return(R3); } 204u1 | 205U1 { return(U1); } 206u2 | 207U2 { return(U2); } 208u3 | 209U3 { return(U3); } 210t1 | 211T1 { return(T1); } 212t2 | 213T2 { return(T2); } 214t3 | 215T3 { return(T3); } 216l1 | 217L1 { return(L1); } 218l2 | 219L2 { return(L2); } 220h1 | 221H1 { return(H1); } 222h2 | 223H2 { return(H2); } 224policycap | 225POLICYCAP { return(POLICYCAP); } 226permissive | 227PERMISSIVE { return(PERMISSIVE); } 228"/"({alnum}|[_\.\-/])* { return(PATH); } 229\"({alnum}|[_\.\-\~])+\" { return(FILENAME); } 230{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } 231{alnum}*{letter}{alnum}* { return(FILESYSTEM); } 232{digit}+|0x{hexval}+ { return(NUMBER); } 233{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } 234{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } 235{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } 236#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } 237#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } 238#[^\n]* { /* delete comments */ } 239[ \t\f]+ { /* delete whitespace */ } 240"==" { return(EQUALS); } 241"!=" { return (NOTEQUAL); } 242"&&" { return (AND); } 243"||" { return (OR); } 244"!" { return (NOT); } 245"^" { return (XOR); } 246"," | 247":" | 248";" | 249"(" | 250")" | 251"{" | 252"}" | 253"[" | 254"-" | 255"." | 256"]" | 257"~" | 258"*" { return(yytext[0]); } 259. { yywarn("unrecognized character");} 260%% 261int yyerror(char *msg) 262{ 263 if (source_file[0]) 264 fprintf(stderr, "%s:%ld:", 265 source_file, source_lineno); 266 else 267 fprintf(stderr, "(unknown source)::"); 268 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", 269 msg, 270 yytext, 271 policydb_lineno, 272 linebuf[0], linebuf[1]); 273 policydb_errors++; 274 return -1; 275} 276 277int yywarn(char *msg) 278{ 279 if (source_file[0]) 280 fprintf(stderr, "%s:%ld:", 281 source_file, source_lineno); 282 else 283 fprintf(stderr, "(unknown source)::"); 284 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", 285 msg, 286 yytext, 287 policydb_lineno, 288 linebuf[0], linebuf[1]); 289 return 0; 290} 291 292void set_source_file(const char *name) 293{ 294 source_lineno = 1; 295 strncpy(source_file, name, sizeof(source_file)-1); 296 source_file[sizeof(source_file)-1] = '\0'; 297} 298