policy_scan.l revision d5286d7169d13779dae3c745e55969a173634c33 
1
2/*
3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
4 */
5
6/* Updated: David Caplan, <dac@tresys.com>
7 *
8 * 	Added conditional policy language extensions
9 *
10 *          Jason Tang    <jtang@tresys.com>
11 *
12 *	Added support for binary policy modules
13 *
14 * Copyright (C) 2003-5 Tresys Technology, LLC
15 *	This program is free software; you can redistribute it and/or modify
16 *  	it under the terms of the GNU General Public License as published by
17 *	the Free Software Foundation, version 2.
18 */
19
20/* FLASK */
21
22%{
23#include <sys/types.h>
24#include <limits.h>
25#include <stdint.h>
26#include <string.h>
27
28typedef int (* require_func_t)();
29
30#include "y.tab.h"
31
32static char linebuf[2][255];
33static unsigned int lno = 0;
34int yywarn(char *msg);
35
36void set_source_file(const char *name);
37
38char source_file[PATH_MAX];
39unsigned long source_lineno = 1;
40
41unsigned long policydb_lineno = 1;
42
43unsigned int policydb_errors = 0;
44%}
45
46%option noinput nounput
47
48%array
49letter  [A-Za-z]
50digit   [0-9]
51alnum   [a-zA-Z0-9]
52hexval	[0-9A-Fa-f]
53
54%%
55\n.*				{ strncpy(linebuf[lno], yytext+1, 255);
56                                  linebuf[lno][254] = 0;
57                                  lno = 1 - lno;
58                                  policydb_lineno++;
59				  source_lineno++;
60                                  yyless(1); }
61CLONE |
62clone				{ return(CLONE); }
63COMMON |
64common				{ return(COMMON); }
65CLASS |
66class				{ return(CLASS); }
67CONSTRAIN |
68constrain			{ return(CONSTRAIN); }
69VALIDATETRANS |
70validatetrans			{ return(VALIDATETRANS); }
71INHERITS |
72inherits			{ return(INHERITS); }
73SID |
74sid				{ return(SID); }
75ROLE |
76role				{ return(ROLE); }
77ROLES |
78roles				{ return(ROLES); }
79TYPES |
80types				{ return(TYPES); }
81TYPEALIAS |
82typealias			{ return(TYPEALIAS); }
83TYPEATTRIBUTE |
84typeattribute			{ return(TYPEATTRIBUTE); }
85TYPEBOUNDS |
86typebounds			{ return(TYPEBOUNDS); }
87TYPE |
88type				{ return(TYPE); }
89BOOL |
90bool                            { return(BOOL); }
91IF |
92if				{ return(IF); }
93ELSE |
94else				{ return(ELSE); }
95ALIAS |
96alias				{ return(ALIAS); }
97ATTRIBUTE |
98attribute			{ return(ATTRIBUTE); }
99TYPE_TRANSITION |
100type_transition			{ return(TYPE_TRANSITION); }
101TYPE_MEMBER |
102type_member			{ return(TYPE_MEMBER); }
103TYPE_CHANGE |
104type_change			{ return(TYPE_CHANGE); }
105ROLE_TRANSITION |
106role_transition			{ return(ROLE_TRANSITION); }
107RANGE_TRANSITION |
108range_transition		{ return(RANGE_TRANSITION); }
109SENSITIVITY |
110sensitivity			{ return(SENSITIVITY); }
111DOMINANCE |
112dominance			{ return(DOMINANCE); }
113CATEGORY |
114category			{ return(CATEGORY); }
115LEVEL |
116level				{ return(LEVEL); }
117RANGE |
118range				{ return(RANGE); }
119MLSCONSTRAIN |
120mlsconstrain			{ return(MLSCONSTRAIN); }
121MLSVALIDATETRANS |
122mlsvalidatetrans		{ return(MLSVALIDATETRANS); }
123USER |
124user				{ return(USER); }
125NEVERALLOW |
126neverallow		        { return(NEVERALLOW); }
127ALLOW |
128allow			        { return(ALLOW); }
129AUDITALLOW |
130auditallow		        { return(AUDITALLOW); }
131AUDITDENY |
132auditdeny		        { return(AUDITDENY); }
133DONTAUDIT |
134dontaudit                       { return(DONTAUDIT); }
135SOURCE |
136source			        { return(SOURCE); }
137TARGET |
138target			        { return(TARGET); }
139SAMEUSER |
140sameuser			{ return(SAMEUSER);}
141module|MODULE                   { return(MODULE); }
142require|REQUIRE                 { return(REQUIRE); }
143optional|OPTIONAL               { return(OPTIONAL); }
144OR |
145or     			        { return(OR);}
146AND |
147and				{ return(AND);}
148NOT |
149not				{ return(NOT);}
150xor |
151XOR                             { return(XOR); }
152eq |
153EQ				{ return(EQUALS);}
154true |
155TRUE                            { return(CTRUE); }
156false |
157FALSE                           { return(CFALSE); }
158dom |
159DOM				{ return(DOM);}
160domby |
161DOMBY				{ return(DOMBY);}
162INCOMP |
163incomp				{ return(INCOMP);}
164fscon |
165FSCON                           { return(FSCON);}
166portcon |
167PORTCON				{ return(PORTCON);}
168netifcon |
169NETIFCON			{ return(NETIFCON);}
170nodecon |
171NODECON				{ return(NODECON);}
172fs_use_xattr |
173FS_USE_XATTR			{ return(FSUSEXATTR);}
174fs_use_task |
175FS_USE_TASK                     { return(FSUSETASK);}
176fs_use_trans |
177FS_USE_TRANS                    { return(FSUSETRANS);}
178genfscon |
179GENFSCON                        { return(GENFSCON);}
180r1 |
181R1				{ return(R1); }
182r2 |
183R2				{ return(R2); }
184r3 |
185R3				{ return(R3); }
186u1 |
187U1				{ return(U1); }
188u2 |
189U2				{ return(U2); }
190u3 |
191U3				{ return(U3); }
192t1 |
193T1				{ return(T1); }
194t2 |
195T2				{ return(T2); }
196t3 |
197T3				{ return(T3); }
198l1 |
199L1				{ return(L1); }
200l2 |
201L2				{ return(L2); }
202h1 |
203H1				{ return(H1); }
204h2 |
205H2				{ return(H2); }
206policycap |
207POLICYCAP			{ return(POLICYCAP); }
208permissive |
209PERMISSIVE			{ return(PERMISSIVE); }
210"/"({alnum}|[_\.\-/])*	        { return(PATH); }
211{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
212{digit}+                        { return(NUMBER); }
213{digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
214{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
215{digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
216#line[ ]1[ ]\"[^\n]*\"		{ set_source_file(yytext+9); }
217#line[ ]{digit}+	        { source_lineno = atoi(yytext+6)-1; }
218#[^\n]*                         { /* delete comments */ }
219[ \t\f]+			{ /* delete whitespace */ }
220"==" 				{ return(EQUALS); }
221"!="				{ return (NOTEQUAL); }
222"&&"				{ return (AND); }
223"||"				{ return (OR); }
224"!"				{ return (NOT); }
225"^"                             { return (XOR); }
226"," |
227":" |
228";" |
229"(" |
230")" |
231"{" |
232"}" |
233"[" |
234"-" |
235"." |
236"]" |
237"~" |
238"*"				{ return(yytext[0]); }
239.                               { yywarn("unrecognized character");}
240%%
241int yyerror(char *msg)
242{
243	if (source_file[0])
244		fprintf(stderr, "%s:%ld:",
245			source_file, source_lineno);
246	else
247		fprintf(stderr, "(unknown source)::");
248	fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n",
249			msg,
250			yytext,
251			policydb_lineno,
252			linebuf[0], linebuf[1]);
253	policydb_errors++;
254	return -1;
255}
256
257int yywarn(char *msg)
258{
259	if (source_file[0])
260		fprintf(stderr, "%s:%ld:",
261			source_file, source_lineno);
262	else
263		fprintf(stderr, "(unknown source)::");
264	fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n",
265			msg,
266			yytext,
267			policydb_lineno,
268			linebuf[0], linebuf[1]);
269	return 0;
270}
271
272void set_source_file(const char *name)
273{
274	source_lineno = 1;
275	strncpy(source_file, name, sizeof(source_file)-1);
276	source_file[sizeof(source_file)-1] = '\0';
277}
278