1 2/* 3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 4 */ 5 6/* Updated: David Caplan, <dac@tresys.com> 7 * 8 * Added conditional policy language extensions 9 * 10 * Jason Tang <jtang@tresys.com> 11 * 12 * Added support for binary policy modules 13 * 14 * Copyright (C) 2003-5 Tresys Technology, LLC 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation, version 2. 18 */ 19 20/* FLASK */ 21 22%{ 23#include <sys/types.h> 24#include <limits.h> 25#include <stdint.h> 26#include <string.h> 27 28typedef int (* require_func_t)(); 29 30#ifdef ANDROID 31#include "policy_parse.h" 32#else 33#include "y.tab.h" 34#endif 35 36static char linebuf[2][255]; 37static unsigned int lno = 0; 38int yywarn(char *msg); 39 40void set_source_file(const char *name); 41 42char source_file[PATH_MAX]; 43unsigned long source_lineno = 1; 44 45unsigned long policydb_lineno = 1; 46 47unsigned int policydb_errors = 0; 48%} 49 50%option noinput nounput noyywrap 51 52%array 53letter [A-Za-z] 54digit [0-9] 55alnum [a-zA-Z0-9] 56hexval [0-9A-Fa-f] 57 58%% 59\n.* { strncpy(linebuf[lno], yytext+1, 255); 60 linebuf[lno][254] = 0; 61 lno = 1 - lno; 62 policydb_lineno++; 63 source_lineno++; 64 yyless(1); } 65CLONE | 66clone { return(CLONE); } 67COMMON | 68common { return(COMMON); } 69CLASS | 70class { return(CLASS); } 71CONSTRAIN | 72constrain { return(CONSTRAIN); } 73VALIDATETRANS | 74validatetrans { return(VALIDATETRANS); } 75INHERITS | 76inherits { return(INHERITS); } 77SID | 78sid { return(SID); } 79ROLE | 80role { return(ROLE); } 81ROLES | 82roles { return(ROLES); } 83ROLEATTRIBUTE | 84roleattribute { return(ROLEATTRIBUTE);} 85ATTRIBUTE_ROLE | 86attribute_role { return(ATTRIBUTE_ROLE);} 87TYPES | 88types { return(TYPES); } 89TYPEALIAS | 90typealias { return(TYPEALIAS); } 91TYPEATTRIBUTE | 92typeattribute { return(TYPEATTRIBUTE); } 93TYPEBOUNDS | 94typebounds { return(TYPEBOUNDS); } 95TYPE | 96type { return(TYPE); } 97BOOL | 98bool { return(BOOL); } 99TUNABLE | 100tunable { return(TUNABLE); } 101IF | 102if { return(IF); } 103ELSE | 104else { return(ELSE); } 105ALIAS | 106alias { return(ALIAS); } 107ATTRIBUTE | 108attribute { return(ATTRIBUTE); } 109TYPE_TRANSITION | 110type_transition { return(TYPE_TRANSITION); } 111TYPE_MEMBER | 112type_member { return(TYPE_MEMBER); } 113TYPE_CHANGE | 114type_change { return(TYPE_CHANGE); } 115ROLE_TRANSITION | 116role_transition { return(ROLE_TRANSITION); } 117RANGE_TRANSITION | 118range_transition { return(RANGE_TRANSITION); } 119SENSITIVITY | 120sensitivity { return(SENSITIVITY); } 121DOMINANCE | 122dominance { return(DOMINANCE); } 123CATEGORY | 124category { return(CATEGORY); } 125LEVEL | 126level { return(LEVEL); } 127RANGE | 128range { return(RANGE); } 129MLSCONSTRAIN | 130mlsconstrain { return(MLSCONSTRAIN); } 131MLSVALIDATETRANS | 132mlsvalidatetrans { return(MLSVALIDATETRANS); } 133USER | 134user { return(USER); } 135NEVERALLOW | 136neverallow { return(NEVERALLOW); } 137ALLOW | 138allow { return(ALLOW); } 139AUDITALLOW | 140auditallow { return(AUDITALLOW); } 141AUDITDENY | 142auditdeny { return(AUDITDENY); } 143DONTAUDIT | 144dontaudit { return(DONTAUDIT); } 145SOURCE | 146source { return(SOURCE); } 147TARGET | 148target { return(TARGET); } 149SAMEUSER | 150sameuser { return(SAMEUSER);} 151module|MODULE { return(MODULE); } 152require|REQUIRE { return(REQUIRE); } 153optional|OPTIONAL { return(OPTIONAL); } 154OR | 155or { return(OR);} 156AND | 157and { return(AND);} 158NOT | 159not { return(NOT);} 160xor | 161XOR { return(XOR); } 162eq | 163EQ { return(EQUALS);} 164true | 165TRUE { return(CTRUE); } 166false | 167FALSE { return(CFALSE); } 168dom | 169DOM { return(DOM);} 170domby | 171DOMBY { return(DOMBY);} 172INCOMP | 173incomp { return(INCOMP);} 174fscon | 175FSCON { return(FSCON);} 176portcon | 177PORTCON { return(PORTCON);} 178netifcon | 179NETIFCON { return(NETIFCON);} 180nodecon | 181NODECON { return(NODECON);} 182pirqcon | 183PIRQCON { return(PIRQCON);} 184iomemcon | 185IOMEMCON { return(IOMEMCON);} 186ioportcon | 187IOPORTCON { return(IOPORTCON);} 188pcidevicecon | 189PCIDEVICECON { return(PCIDEVICECON);} 190fs_use_xattr | 191FS_USE_XATTR { return(FSUSEXATTR);} 192fs_use_task | 193FS_USE_TASK { return(FSUSETASK);} 194fs_use_trans | 195FS_USE_TRANS { return(FSUSETRANS);} 196genfscon | 197GENFSCON { return(GENFSCON);} 198r1 | 199R1 { return(R1); } 200r2 | 201R2 { return(R2); } 202r3 | 203R3 { return(R3); } 204u1 | 205U1 { return(U1); } 206u2 | 207U2 { return(U2); } 208u3 | 209U3 { return(U3); } 210t1 | 211T1 { return(T1); } 212t2 | 213T2 { return(T2); } 214t3 | 215T3 { return(T3); } 216l1 | 217L1 { return(L1); } 218l2 | 219L2 { return(L2); } 220h1 | 221H1 { return(H1); } 222h2 | 223H2 { return(H2); } 224policycap | 225POLICYCAP { return(POLICYCAP); } 226permissive | 227PERMISSIVE { return(PERMISSIVE); } 228default_user | 229DEFAULT_USER { return(DEFAULT_USER); } 230default_role | 231DEFAULT_ROLE { return(DEFAULT_ROLE); } 232default_type | 233DEFAULT_TYPE { return(DEFAULT_TYPE); } 234default_range | 235DEFAULT_RANGE { return(DEFAULT_RANGE); } 236low-high | 237LOW-HIGH { return(LOW_HIGH); } 238high | 239HIGH { return(HIGH); } 240low | 241LOW { return(LOW); } 242"/"({alnum}|[_\.\-/])* { return(PATH); } 243\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); } 244{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } 245{alnum}*{letter}{alnum}* { return(FILESYSTEM); } 246{digit}+|0x{hexval}+ { return(NUMBER); } 247{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } 248{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } 249{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } 250#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } 251#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } 252#[^\n]* { /* delete comments */ } 253[ \t\f]+ { /* delete whitespace */ } 254"==" { return(EQUALS); } 255"!=" { return (NOTEQUAL); } 256"&&" { return (AND); } 257"||" { return (OR); } 258"!" { return (NOT); } 259"^" { return (XOR); } 260"," | 261":" | 262";" | 263"(" | 264")" | 265"{" | 266"}" | 267"[" | 268"-" | 269"." | 270"]" | 271"~" | 272"*" { return(yytext[0]); } 273. { yywarn("unrecognized character");} 274%% 275int yyerror(char *msg) 276{ 277 if (source_file[0]) 278 fprintf(stderr, "%s:%ld:", 279 source_file, source_lineno); 280 else 281 fprintf(stderr, "(unknown source)::"); 282 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", 283 msg, 284 yytext, 285 policydb_lineno, 286 linebuf[0], linebuf[1]); 287 policydb_errors++; 288 return -1; 289} 290 291int yywarn(char *msg) 292{ 293 if (source_file[0]) 294 fprintf(stderr, "%s:%ld:", 295 source_file, source_lineno); 296 else 297 fprintf(stderr, "(unknown source)::"); 298 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", 299 msg, 300 yytext, 301 policydb_lineno, 302 linebuf[0], linebuf[1]); 303 return 0; 304} 305 306void set_source_file(const char *name) 307{ 308 source_lineno = 1; 309 strncpy(source_file, name, sizeof(source_file)-1); 310 source_file[sizeof(source_file)-1] = '\0'; 311 if (strlen(source_file) && source_file[strlen(source_file)-1] == '"') 312 source_file[strlen(source_file)-1] = '\0'; 313} 314