1
2/*
3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
4 */
5
6/* Updated: David Caplan, <dac@tresys.com>
7 *
8 * 	Added conditional policy language extensions
9 *
10 *          Jason Tang    <jtang@tresys.com>
11 *
12 *	Added support for binary policy modules
13 *
14 * Copyright (C) 2003-5 Tresys Technology, LLC
15 *	This program is free software; you can redistribute it and/or modify
16 *  	it under the terms of the GNU General Public License as published by
17 *	the Free Software Foundation, version 2.
18 */
19
20/* FLASK */
21
22%{
23#include <sys/types.h>
24#include <limits.h>
25#include <stdint.h>
26#include <string.h>
27
28typedef int (* require_func_t)();
29
30#ifdef ANDROID
31#include "policy_parse.h"
32#else
33#include "y.tab.h"
34#endif
35
36static char linebuf[2][255];
37static unsigned int lno = 0;
38int yywarn(char *msg);
39
40void set_source_file(const char *name);
41
42char source_file[PATH_MAX];
43unsigned long source_lineno = 1;
44
45unsigned long policydb_lineno = 1;
46
47unsigned int policydb_errors = 0;
48%}
49
50%option noinput nounput noyywrap
51
52%array
53letter  [A-Za-z]
54digit   [0-9]
55alnum   [a-zA-Z0-9]
56hexval	[0-9A-Fa-f]
57
58%%
59\n.*				{ strncpy(linebuf[lno], yytext+1, 255);
60                                  linebuf[lno][254] = 0;
61                                  lno = 1 - lno;
62                                  policydb_lineno++;
63				  source_lineno++;
64                                  yyless(1); }
65CLONE |
66clone				{ return(CLONE); }
67COMMON |
68common				{ return(COMMON); }
69CLASS |
70class				{ return(CLASS); }
71CONSTRAIN |
72constrain			{ return(CONSTRAIN); }
73VALIDATETRANS |
74validatetrans			{ return(VALIDATETRANS); }
75INHERITS |
76inherits			{ return(INHERITS); }
77SID |
78sid				{ return(SID); }
79ROLE |
80role				{ return(ROLE); }
81ROLES |
82roles				{ return(ROLES); }
83ROLEATTRIBUTE |
84roleattribute			{ return(ROLEATTRIBUTE);}
85ATTRIBUTE_ROLE |
86attribute_role			{ return(ATTRIBUTE_ROLE);}
87TYPES |
88types				{ return(TYPES); }
89TYPEALIAS |
90typealias			{ return(TYPEALIAS); }
91TYPEATTRIBUTE |
92typeattribute			{ return(TYPEATTRIBUTE); }
93TYPEBOUNDS |
94typebounds			{ return(TYPEBOUNDS); }
95TYPE |
96type				{ return(TYPE); }
97BOOL |
98bool                            { return(BOOL); }
99TUNABLE |
100tunable				{ return(TUNABLE); }
101IF |
102if				{ return(IF); }
103ELSE |
104else				{ return(ELSE); }
105ALIAS |
106alias				{ return(ALIAS); }
107ATTRIBUTE |
108attribute			{ return(ATTRIBUTE); }
109TYPE_TRANSITION |
110type_transition			{ return(TYPE_TRANSITION); }
111TYPE_MEMBER |
112type_member			{ return(TYPE_MEMBER); }
113TYPE_CHANGE |
114type_change			{ return(TYPE_CHANGE); }
115ROLE_TRANSITION |
116role_transition			{ return(ROLE_TRANSITION); }
117RANGE_TRANSITION |
118range_transition		{ return(RANGE_TRANSITION); }
119SENSITIVITY |
120sensitivity			{ return(SENSITIVITY); }
121DOMINANCE |
122dominance			{ return(DOMINANCE); }
123CATEGORY |
124category			{ return(CATEGORY); }
125LEVEL |
126level				{ return(LEVEL); }
127RANGE |
128range				{ return(RANGE); }
129MLSCONSTRAIN |
130mlsconstrain			{ return(MLSCONSTRAIN); }
131MLSVALIDATETRANS |
132mlsvalidatetrans		{ return(MLSVALIDATETRANS); }
133USER |
134user				{ return(USER); }
135NEVERALLOW |
136neverallow		        { return(NEVERALLOW); }
137ALLOW |
138allow			        { return(ALLOW); }
139AUDITALLOW |
140auditallow		        { return(AUDITALLOW); }
141AUDITDENY |
142auditdeny		        { return(AUDITDENY); }
143DONTAUDIT |
144dontaudit                       { return(DONTAUDIT); }
145SOURCE |
146source			        { return(SOURCE); }
147TARGET |
148target			        { return(TARGET); }
149SAMEUSER |
150sameuser			{ return(SAMEUSER);}
151module|MODULE                   { return(MODULE); }
152require|REQUIRE                 { return(REQUIRE); }
153optional|OPTIONAL               { return(OPTIONAL); }
154OR |
155or     			        { return(OR);}
156AND |
157and				{ return(AND);}
158NOT |
159not				{ return(NOT);}
160xor |
161XOR                             { return(XOR); }
162eq |
163EQ				{ return(EQUALS);}
164true |
165TRUE                            { return(CTRUE); }
166false |
167FALSE                           { return(CFALSE); }
168dom |
169DOM				{ return(DOM);}
170domby |
171DOMBY				{ return(DOMBY);}
172INCOMP |
173incomp				{ return(INCOMP);}
174fscon |
175FSCON                           { return(FSCON);}
176portcon |
177PORTCON				{ return(PORTCON);}
178netifcon |
179NETIFCON			{ return(NETIFCON);}
180nodecon |
181NODECON				{ return(NODECON);}
182pirqcon |
183PIRQCON  		        { return(PIRQCON);}
184iomemcon |
185IOMEMCON            		{ return(IOMEMCON);}
186ioportcon |
187IOPORTCON           		{ return(IOPORTCON);}
188pcidevicecon |
189PCIDEVICECON           		{ return(PCIDEVICECON);}
190fs_use_xattr |
191FS_USE_XATTR			{ return(FSUSEXATTR);}
192fs_use_task |
193FS_USE_TASK                     { return(FSUSETASK);}
194fs_use_trans |
195FS_USE_TRANS                    { return(FSUSETRANS);}
196genfscon |
197GENFSCON                        { return(GENFSCON);}
198r1 |
199R1				{ return(R1); }
200r2 |
201R2				{ return(R2); }
202r3 |
203R3				{ return(R3); }
204u1 |
205U1				{ return(U1); }
206u2 |
207U2				{ return(U2); }
208u3 |
209U3				{ return(U3); }
210t1 |
211T1				{ return(T1); }
212t2 |
213T2				{ return(T2); }
214t3 |
215T3				{ return(T3); }
216l1 |
217L1				{ return(L1); }
218l2 |
219L2				{ return(L2); }
220h1 |
221H1				{ return(H1); }
222h2 |
223H2				{ return(H2); }
224policycap |
225POLICYCAP			{ return(POLICYCAP); }
226permissive |
227PERMISSIVE			{ return(PERMISSIVE); }
228default_user |
229DEFAULT_USER			{ return(DEFAULT_USER); }
230default_role |
231DEFAULT_ROLE			{ return(DEFAULT_ROLE); }
232default_type |
233DEFAULT_TYPE			{ return(DEFAULT_TYPE); }
234default_range |
235DEFAULT_RANGE			{ return(DEFAULT_RANGE); }
236low-high |
237LOW-HIGH			{ return(LOW_HIGH); }
238high |
239HIGH				{ return(HIGH); }
240low |
241LOW				{ return(LOW); }
242"/"({alnum}|[_\.\-/])*	        { return(PATH); }
243\"({alnum}|[_\.\-\+\~\: ])+\"	{ return(FILENAME); }
244{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
245{alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
246{digit}+|0x{hexval}+            { return(NUMBER); }
247{digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
248{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
249{digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
250#line[ ]1[ ]\"[^\n]*\"		{ set_source_file(yytext+9); }
251#line[ ]{digit}+	        { source_lineno = atoi(yytext+6)-1; }
252#[^\n]*                         { /* delete comments */ }
253[ \t\f]+			{ /* delete whitespace */ }
254"==" 				{ return(EQUALS); }
255"!="				{ return (NOTEQUAL); }
256"&&"				{ return (AND); }
257"||"				{ return (OR); }
258"!"				{ return (NOT); }
259"^"                             { return (XOR); }
260"," |
261":" |
262";" |
263"(" |
264")" |
265"{" |
266"}" |
267"[" |
268"-" |
269"." |
270"]" |
271"~" |
272"*"				{ return(yytext[0]); }
273.                               { yywarn("unrecognized character");}
274%%
275int yyerror(char *msg)
276{
277	if (source_file[0])
278		fprintf(stderr, "%s:%ld:",
279			source_file, source_lineno);
280	else
281		fprintf(stderr, "(unknown source)::");
282	fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n",
283			msg,
284			yytext,
285			policydb_lineno,
286			linebuf[0], linebuf[1]);
287	policydb_errors++;
288	return -1;
289}
290
291int yywarn(char *msg)
292{
293	if (source_file[0])
294		fprintf(stderr, "%s:%ld:",
295			source_file, source_lineno);
296	else
297		fprintf(stderr, "(unknown source)::");
298	fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n",
299			msg,
300			yytext,
301			policydb_lineno,
302			linebuf[0], linebuf[1]);
303	return 0;
304}
305
306void set_source_file(const char *name)
307{
308	source_lineno = 1;
309	strncpy(source_file, name, sizeof(source_file)-1);
310	source_file[sizeof(source_file)-1] = '\0';
311	if (strlen(source_file) && source_file[strlen(source_file)-1] == '"')
312		source_file[strlen(source_file)-1] = '\0';
313}
314