policy_scan.l revision b42e15ffd5163effe3b2cb910685a5956a00defc
1 2/* 3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 4 */ 5 6/* Updated: David Caplan, <dac@tresys.com> 7 * 8 * Added conditional policy language extensions 9 * 10 * Jason Tang <jtang@tresys.com> 11 * 12 * Added support for binary policy modules 13 * 14 * Copyright (C) 2003-5 Tresys Technology, LLC 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation, version 2. 18 */ 19 20/* FLASK */ 21 22%{ 23#include <sys/types.h> 24#include <limits.h> 25#include <stdint.h> 26#include <string.h> 27 28typedef int (* require_func_t)(); 29 30#include "y.tab.h" 31 32static char linebuf[2][255]; 33static unsigned int lno = 0; 34int yywarn(char *msg); 35 36void set_source_file(const char *name); 37 38char source_file[PATH_MAX]; 39unsigned long source_lineno = 1; 40 41unsigned long policydb_lineno = 1; 42 43unsigned int policydb_errors = 0; 44%} 45 46%option noinput nounput 47 48%array 49letter [A-Za-z] 50digit [0-9] 51alnum [a-zA-Z0-9] 52hexval [0-9A-Fa-f] 53 54%% 55\n.* { strncpy(linebuf[lno], yytext+1, 255); 56 linebuf[lno][254] = 0; 57 lno = 1 - lno; 58 policydb_lineno++; 59 source_lineno++; 60 yyless(1); } 61CLONE | 62clone { return(CLONE); } 63COMMON | 64common { return(COMMON); } 65CLASS | 66class { return(CLASS); } 67CONSTRAIN | 68constrain { return(CONSTRAIN); } 69VALIDATETRANS | 70validatetrans { return(VALIDATETRANS); } 71INHERITS | 72inherits { return(INHERITS); } 73SID | 74sid { return(SID); } 75ROLE | 76role { return(ROLE); } 77ROLES | 78roles { return(ROLES); } 79TYPES | 80types { return(TYPES); } 81TYPEALIAS | 82typealias { return(TYPEALIAS); } 83TYPEATTRIBUTE | 84typeattribute { return(TYPEATTRIBUTE); } 85TYPEBOUNDS | 86typebounds { return(TYPEBOUNDS); } 87TYPE | 88type { return(TYPE); } 89BOOL | 90bool { return(BOOL); } 91IF | 92if { return(IF); } 93ELSE | 94else { return(ELSE); } 95ALIAS | 96alias { return(ALIAS); } 97ATTRIBUTE | 98attribute { return(ATTRIBUTE); } 99TYPE_TRANSITION | 100type_transition { return(TYPE_TRANSITION); } 101TYPE_MEMBER | 102type_member { return(TYPE_MEMBER); } 103TYPE_CHANGE | 104type_change { return(TYPE_CHANGE); } 105ROLE_TRANSITION | 106role_transition { return(ROLE_TRANSITION); } 107RANGE_TRANSITION | 108range_transition { return(RANGE_TRANSITION); } 109SENSITIVITY | 110sensitivity { return(SENSITIVITY); } 111DOMINANCE | 112dominance { return(DOMINANCE); } 113CATEGORY | 114category { return(CATEGORY); } 115LEVEL | 116level { return(LEVEL); } 117RANGE | 118range { return(RANGE); } 119MLSCONSTRAIN | 120mlsconstrain { return(MLSCONSTRAIN); } 121MLSVALIDATETRANS | 122mlsvalidatetrans { return(MLSVALIDATETRANS); } 123USER | 124user { return(USER); } 125NEVERALLOW | 126neverallow { return(NEVERALLOW); } 127ALLOW | 128allow { return(ALLOW); } 129AUDITALLOW | 130auditallow { return(AUDITALLOW); } 131AUDITDENY | 132auditdeny { return(AUDITDENY); } 133DONTAUDIT | 134dontaudit { return(DONTAUDIT); } 135SOURCE | 136source { return(SOURCE); } 137TARGET | 138target { return(TARGET); } 139SAMEUSER | 140sameuser { return(SAMEUSER);} 141module|MODULE { return(MODULE); } 142require|REQUIRE { return(REQUIRE); } 143optional|OPTIONAL { return(OPTIONAL); } 144OR | 145or { return(OR);} 146AND | 147and { return(AND);} 148NOT | 149not { return(NOT);} 150xor | 151XOR { return(XOR); } 152eq | 153EQ { return(EQUALS);} 154true | 155TRUE { return(CTRUE); } 156false | 157FALSE { return(CFALSE); } 158dom | 159DOM { return(DOM);} 160domby | 161DOMBY { return(DOMBY);} 162INCOMP | 163incomp { return(INCOMP);} 164fscon | 165FSCON { return(FSCON);} 166portcon | 167PORTCON { return(PORTCON);} 168netifcon | 169NETIFCON { return(NETIFCON);} 170nodecon | 171NODECON { return(NODECON);} 172pirqcon | 173PIRQCON { return(PIRQCON);} 174iomemcon | 175IOMEMCON { return(IOMEMCON);} 176ioportcon | 177IOPORTCON { return(IOPORTCON);} 178pcidevicecon | 179PCIDEVICECON { return(PCIDEVICECON);} 180fs_use_xattr | 181FS_USE_XATTR { return(FSUSEXATTR);} 182fs_use_task | 183FS_USE_TASK { return(FSUSETASK);} 184fs_use_trans | 185FS_USE_TRANS { return(FSUSETRANS);} 186genfscon | 187GENFSCON { return(GENFSCON);} 188r1 | 189R1 { return(R1); } 190r2 | 191R2 { return(R2); } 192r3 | 193R3 { return(R3); } 194u1 | 195U1 { return(U1); } 196u2 | 197U2 { return(U2); } 198u3 | 199U3 { return(U3); } 200t1 | 201T1 { return(T1); } 202t2 | 203T2 { return(T2); } 204t3 | 205T3 { return(T3); } 206l1 | 207L1 { return(L1); } 208l2 | 209L2 { return(L2); } 210h1 | 211H1 { return(H1); } 212h2 | 213H2 { return(H2); } 214policycap | 215POLICYCAP { return(POLICYCAP); } 216permissive | 217PERMISSIVE { return(PERMISSIVE); } 218"/"({alnum}|[_\.\-/])* { return(PATH); } 219\"({alnum}|[_\.\-])+\" { return(FILENAME); } 220{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } 221{digit}+|0x{hexval}+ { return(NUMBER); } 222{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } 223{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } 224{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } 225#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } 226#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } 227#[^\n]* { /* delete comments */ } 228[ \t\f]+ { /* delete whitespace */ } 229"==" { return(EQUALS); } 230"!=" { return (NOTEQUAL); } 231"&&" { return (AND); } 232"||" { return (OR); } 233"!" { return (NOT); } 234"^" { return (XOR); } 235"," | 236":" | 237";" | 238"(" | 239")" | 240"{" | 241"}" | 242"[" | 243"-" | 244"." | 245"]" | 246"~" | 247"*" { return(yytext[0]); } 248. { yywarn("unrecognized character");} 249%% 250int yyerror(char *msg) 251{ 252 if (source_file[0]) 253 fprintf(stderr, "%s:%ld:", 254 source_file, source_lineno); 255 else 256 fprintf(stderr, "(unknown source)::"); 257 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", 258 msg, 259 yytext, 260 policydb_lineno, 261 linebuf[0], linebuf[1]); 262 policydb_errors++; 263 return -1; 264} 265 266int yywarn(char *msg) 267{ 268 if (source_file[0]) 269 fprintf(stderr, "%s:%ld:", 270 source_file, source_lineno); 271 else 272 fprintf(stderr, "(unknown source)::"); 273 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", 274 msg, 275 yytext, 276 policydb_lineno, 277 linebuf[0], linebuf[1]); 278 return 0; 279} 280 281void set_source_file(const char *name) 282{ 283 source_lineno = 1; 284 strncpy(source_file, name, sizeof(source_file)-1); 285 source_file[sizeof(source_file)-1] = '\0'; 286} 287