1 2/* 3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 4 */ 5 6/* Updated: David Caplan, <dac@tresys.com> 7 * 8 * Added conditional policy language extensions 9 * 10 * Jason Tang <jtang@tresys.com> 11 * 12 * Added support for binary policy modules 13 * 14 * Copyright (C) 2003-5 Tresys Technology, LLC 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation, version 2. 18 */ 19 20/* FLASK */ 21 22%{ 23#include <sys/types.h> 24#include <limits.h> 25#include <stdint.h> 26#include <string.h> 27 28typedef int (* require_func_t)(); 29 30#ifdef ANDROID 31#include "policy_parse.h" 32#else 33#include "y.tab.h" 34#endif 35 36static char linebuf[2][255]; 37static unsigned int lno = 0; 38int yywarn(char *msg); 39 40void set_source_file(const char *name); 41 42char source_file[PATH_MAX]; 43unsigned long source_lineno = 1; 44 45unsigned long policydb_lineno = 1; 46 47unsigned int policydb_errors = 0; 48%} 49 50%option noinput nounput noyywrap 51 52%array 53letter [A-Za-z] 54digit [0-9] 55alnum [a-zA-Z0-9] 56hexval [0-9A-Fa-f] 57 58%% 59\n.* { strncpy(linebuf[lno], yytext+1, 255); 60 linebuf[lno][254] = 0; 61 lno = 1 - lno; 62 policydb_lineno++; 63 source_lineno++; 64 yyless(1); } 65CLONE | 66clone { return(CLONE); } 67COMMON | 68common { return(COMMON); } 69CLASS | 70class { return(CLASS); } 71CONSTRAIN | 72constrain { return(CONSTRAIN); } 73VALIDATETRANS | 74validatetrans { return(VALIDATETRANS); } 75INHERITS | 76inherits { return(INHERITS); } 77SID | 78sid { return(SID); } 79ROLE | 80role { return(ROLE); } 81ROLES | 82roles { return(ROLES); } 83ROLEATTRIBUTE | 84roleattribute { return(ROLEATTRIBUTE);} 85ATTRIBUTE_ROLE | 86attribute_role { return(ATTRIBUTE_ROLE);} 87TYPES | 88types { return(TYPES); } 89TYPEALIAS | 90typealias { return(TYPEALIAS); } 91TYPEATTRIBUTE | 92typeattribute { return(TYPEATTRIBUTE); } 93TYPEBOUNDS | 94typebounds { return(TYPEBOUNDS); } 95TYPE | 96type { return(TYPE); } 97BOOL | 98bool { return(BOOL); } 99TUNABLE | 100tunable { return(TUNABLE); } 101IF | 102if { return(IF); } 103ELSE | 104else { return(ELSE); } 105ALIAS | 106alias { return(ALIAS); } 107ATTRIBUTE | 108attribute { return(ATTRIBUTE); } 109TYPE_TRANSITION | 110type_transition { return(TYPE_TRANSITION); } 111TYPE_MEMBER | 112type_member { return(TYPE_MEMBER); } 113TYPE_CHANGE | 114type_change { return(TYPE_CHANGE); } 115ROLE_TRANSITION | 116role_transition { return(ROLE_TRANSITION); } 117RANGE_TRANSITION | 118range_transition { return(RANGE_TRANSITION); } 119SENSITIVITY | 120sensitivity { return(SENSITIVITY); } 121DOMINANCE | 122dominance { return(DOMINANCE); } 123CATEGORY | 124category { return(CATEGORY); } 125LEVEL | 126level { return(LEVEL); } 127RANGE | 128range { return(RANGE); } 129MLSCONSTRAIN | 130mlsconstrain { return(MLSCONSTRAIN); } 131MLSVALIDATETRANS | 132mlsvalidatetrans { return(MLSVALIDATETRANS); } 133USER | 134user { return(USER); } 135NEVERALLOW | 136neverallow { return(NEVERALLOW); } 137ALLOW | 138allow { return(ALLOW); } 139AUDITALLOW | 140auditallow { return(AUDITALLOW); } 141AUDITDENY | 142auditdeny { return(AUDITDENY); } 143DONTAUDIT | 144dontaudit { return(DONTAUDIT); } 145SOURCE | 146source { return(SOURCE); } 147TARGET | 148target { return(TARGET); } 149SAMEUSER | 150sameuser { return(SAMEUSER);} 151module|MODULE { return(MODULE); } 152require|REQUIRE { return(REQUIRE); } 153optional|OPTIONAL { return(OPTIONAL); } 154OR | 155or { return(OR);} 156AND | 157and { return(AND);} 158NOT | 159not { return(NOT);} 160xor | 161XOR { return(XOR); } 162eq | 163EQ { return(EQUALS);} 164true | 165TRUE { return(CTRUE); } 166false | 167FALSE { return(CFALSE); } 168dom | 169DOM { return(DOM);} 170domby | 171DOMBY { return(DOMBY);} 172INCOMP | 173incomp { return(INCOMP);} 174fscon | 175FSCON { return(FSCON);} 176portcon | 177PORTCON { return(PORTCON);} 178netifcon | 179NETIFCON { return(NETIFCON);} 180nodecon | 181NODECON { return(NODECON);} 182pirqcon | 183PIRQCON { return(PIRQCON);} 184iomemcon | 185IOMEMCON { return(IOMEMCON);} 186ioportcon | 187IOPORTCON { return(IOPORTCON);} 188pcidevicecon | 189PCIDEVICECON { return(PCIDEVICECON);} 190fs_use_xattr | 191FS_USE_XATTR { return(FSUSEXATTR);} 192fs_use_task | 193FS_USE_TASK { return(FSUSETASK);} 194fs_use_trans | 195FS_USE_TRANS { return(FSUSETRANS);} 196genfscon | 197GENFSCON { return(GENFSCON);} 198r1 | 199R1 { return(R1); } 200r2 | 201R2 { return(R2); } 202r3 | 203R3 { return(R3); } 204u1 | 205U1 { return(U1); } 206u2 | 207U2 { return(U2); } 208u3 | 209U3 { return(U3); } 210t1 | 211T1 { return(T1); } 212t2 | 213T2 { return(T2); } 214t3 | 215T3 { return(T3); } 216l1 | 217L1 { return(L1); } 218l2 | 219L2 { return(L2); } 220h1 | 221H1 { return(H1); } 222h2 | 223H2 { return(H2); } 224policycap | 225POLICYCAP { return(POLICYCAP); } 226permissive | 227PERMISSIVE { return(PERMISSIVE); } 228default_user | 229DEFAULT_USER { return(DEFAULT_USER); } 230default_role | 231DEFAULT_ROLE { return(DEFAULT_ROLE); } 232default_range | 233DEFAULT_RANGE { return(DEFAULT_RANGE); } 234low-high | 235LOW-HIGH { return(LOW_HIGH); } 236high | 237HIGH { return(HIGH); } 238low | 239LOW { return(LOW); } 240"/"({alnum}|[_\.\-/])* { return(PATH); } 241\"({alnum}|[_\.\-\+\~])+\" { return(FILENAME); } 242{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } 243{alnum}*{letter}{alnum}* { return(FILESYSTEM); } 244{digit}+|0x{hexval}+ { return(NUMBER); } 245{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } 246{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } 247{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } 248#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } 249#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } 250#[^\n]* { /* delete comments */ } 251[ \t\f]+ { /* delete whitespace */ } 252"==" { return(EQUALS); } 253"!=" { return (NOTEQUAL); } 254"&&" { return (AND); } 255"||" { return (OR); } 256"!" { return (NOT); } 257"^" { return (XOR); } 258"," | 259":" | 260";" | 261"(" | 262")" | 263"{" | 264"}" | 265"[" | 266"-" | 267"." | 268"]" | 269"~" | 270"*" { return(yytext[0]); } 271. { yywarn("unrecognized character");} 272%% 273int yyerror(char *msg) 274{ 275 if (source_file[0]) 276 fprintf(stderr, "%s:%ld:", 277 source_file, source_lineno); 278 else 279 fprintf(stderr, "(unknown source)::"); 280 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", 281 msg, 282 yytext, 283 policydb_lineno, 284 linebuf[0], linebuf[1]); 285 policydb_errors++; 286 return -1; 287} 288 289int yywarn(char *msg) 290{ 291 if (source_file[0]) 292 fprintf(stderr, "%s:%ld:", 293 source_file, source_lineno); 294 else 295 fprintf(stderr, "(unknown source)::"); 296 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", 297 msg, 298 yytext, 299 policydb_lineno, 300 linebuf[0], linebuf[1]); 301 return 0; 302} 303 304void set_source_file(const char *name) 305{ 306 source_lineno = 1; 307 strncpy(source_file, name, sizeof(source_file)-1); 308 source_file[sizeof(source_file)-1] = '\0'; 309} 310