policy_scan.l revision f0290677091e7eee4a3724a2a86ede9e11f93802
1 2/* 3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 4 */ 5 6/* Updated: David Caplan, <dac@tresys.com> 7 * 8 * Added conditional policy language extensions 9 * 10 * Jason Tang <jtang@tresys.com> 11 * 12 * Added support for binary policy modules 13 * 14 * Copyright (C) 2003-5 Tresys Technology, LLC 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation, version 2. 18 */ 19 20/* FLASK */ 21 22%{ 23#include <sys/types.h> 24#include <limits.h> 25#include <stdint.h> 26#include <string.h> 27 28typedef int (* require_func_t)(void); 29 30#ifdef ANDROID 31#include "policy_parse.h" 32#else 33#include "y.tab.h" 34#endif 35 36static char linebuf[2][255]; 37static unsigned int lno = 0; 38int yywarn(const char *msg); 39 40void set_source_file(const char *name); 41 42char source_file[PATH_MAX]; 43unsigned long source_lineno = 1; 44 45unsigned long policydb_lineno = 1; 46 47unsigned int policydb_errors = 0; 48%} 49 50%option noinput nounput noyywrap 51 52%array 53letter [A-Za-z] 54digit [0-9] 55alnum [a-zA-Z0-9] 56hexval [0-9A-Fa-f] 57 58%% 59\n.* { strncpy(linebuf[lno], yytext+1, 255); 60 linebuf[lno][254] = 0; 61 lno = 1 - lno; 62 policydb_lineno++; 63 source_lineno++; 64 yyless(1); } 65CLONE | 66clone { return(CLONE); } 67COMMON | 68common { return(COMMON); } 69CLASS | 70class { return(CLASS); } 71CONSTRAIN | 72constrain { return(CONSTRAIN); } 73VALIDATETRANS | 74validatetrans { return(VALIDATETRANS); } 75INHERITS | 76inherits { return(INHERITS); } 77SID | 78sid { return(SID); } 79ROLE | 80role { return(ROLE); } 81ROLES | 82roles { return(ROLES); } 83ROLEATTRIBUTE | 84roleattribute { return(ROLEATTRIBUTE);} 85ATTRIBUTE_ROLE | 86attribute_role { return(ATTRIBUTE_ROLE);} 87TYPES | 88types { return(TYPES); } 89TYPEALIAS | 90typealias { return(TYPEALIAS); } 91TYPEATTRIBUTE | 92typeattribute { return(TYPEATTRIBUTE); } 93TYPEBOUNDS | 94typebounds { return(TYPEBOUNDS); } 95TYPE | 96type { return(TYPE); } 97BOOL | 98bool { return(BOOL); } 99TUNABLE | 100tunable { return(TUNABLE); } 101IF | 102if { return(IF); } 103ELSE | 104else { return(ELSE); } 105ALIAS | 106alias { return(ALIAS); } 107ATTRIBUTE | 108attribute { return(ATTRIBUTE); } 109TYPE_TRANSITION | 110type_transition { return(TYPE_TRANSITION); } 111TYPE_MEMBER | 112type_member { return(TYPE_MEMBER); } 113TYPE_CHANGE | 114type_change { return(TYPE_CHANGE); } 115ROLE_TRANSITION | 116role_transition { return(ROLE_TRANSITION); } 117RANGE_TRANSITION | 118range_transition { return(RANGE_TRANSITION); } 119SENSITIVITY | 120sensitivity { return(SENSITIVITY); } 121DOMINANCE | 122dominance { return(DOMINANCE); } 123CATEGORY | 124category { return(CATEGORY); } 125LEVEL | 126level { return(LEVEL); } 127RANGE | 128range { return(RANGE); } 129MLSCONSTRAIN | 130mlsconstrain { return(MLSCONSTRAIN); } 131MLSVALIDATETRANS | 132mlsvalidatetrans { return(MLSVALIDATETRANS); } 133USER | 134user { return(USER); } 135NEVERALLOW | 136neverallow { return(NEVERALLOW); } 137ALLOW | 138allow { return(ALLOW); } 139AUDITALLOW | 140auditallow { return(AUDITALLOW); } 141AUDITDENY | 142auditdeny { return(AUDITDENY); } 143DONTAUDIT | 144dontaudit { return(DONTAUDIT); } 145SOURCE | 146source { return(SOURCE); } 147TARGET | 148target { return(TARGET); } 149SAMEUSER | 150sameuser { return(SAMEUSER);} 151module|MODULE { return(MODULE); } 152require|REQUIRE { return(REQUIRE); } 153optional|OPTIONAL { return(OPTIONAL); } 154OR | 155or { return(OR);} 156AND | 157and { return(AND);} 158NOT | 159not { return(NOT);} 160xor | 161XOR { return(XOR); } 162eq | 163EQ { return(EQUALS);} 164true | 165TRUE { return(CTRUE); } 166false | 167FALSE { return(CFALSE); } 168dom | 169DOM { return(DOM);} 170domby | 171DOMBY { return(DOMBY);} 172INCOMP | 173incomp { return(INCOMP);} 174fscon | 175FSCON { return(FSCON);} 176portcon | 177PORTCON { return(PORTCON);} 178netifcon | 179NETIFCON { return(NETIFCON);} 180nodecon | 181NODECON { return(NODECON);} 182pirqcon | 183PIRQCON { return(PIRQCON);} 184iomemcon | 185IOMEMCON { return(IOMEMCON);} 186ioportcon | 187IOPORTCON { return(IOPORTCON);} 188pcidevicecon | 189PCIDEVICECON { return(PCIDEVICECON);} 190devicetreecon | 191DEVICETREECON { return(DEVICETREECON);} 192fs_use_xattr | 193FS_USE_XATTR { return(FSUSEXATTR);} 194fs_use_task | 195FS_USE_TASK { return(FSUSETASK);} 196fs_use_trans | 197FS_USE_TRANS { return(FSUSETRANS);} 198genfscon | 199GENFSCON { return(GENFSCON);} 200r1 | 201R1 { return(R1); } 202r2 | 203R2 { return(R2); } 204r3 | 205R3 { return(R3); } 206u1 | 207U1 { return(U1); } 208u2 | 209U2 { return(U2); } 210u3 | 211U3 { return(U3); } 212t1 | 213T1 { return(T1); } 214t2 | 215T2 { return(T2); } 216t3 | 217T3 { return(T3); } 218l1 | 219L1 { return(L1); } 220l2 | 221L2 { return(L2); } 222h1 | 223H1 { return(H1); } 224h2 | 225H2 { return(H2); } 226policycap | 227POLICYCAP { return(POLICYCAP); } 228permissive | 229PERMISSIVE { return(PERMISSIVE); } 230default_user | 231DEFAULT_USER { return(DEFAULT_USER); } 232default_role | 233DEFAULT_ROLE { return(DEFAULT_ROLE); } 234default_type | 235DEFAULT_TYPE { return(DEFAULT_TYPE); } 236default_range | 237DEFAULT_RANGE { return(DEFAULT_RANGE); } 238low-high | 239LOW-HIGH { return(LOW_HIGH); } 240high | 241HIGH { return(HIGH); } 242low | 243LOW { return(LOW); } 244"/"({alnum}|[_\.\-/])* { return(PATH); } 245\""/"[ !#-~]*\" { return(QPATH); } 246\"({alnum}|[_\.\-\+\~\: ])+\" { return(FILENAME); } 247{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } 248{digit}+|0x{hexval}+ { return(NUMBER); } 249{alnum}*{letter}{alnum}* { return(FILESYSTEM); } 250{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } 251{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } 252{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } 253#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } 254#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } 255#[^\n]* { /* delete comments */ } 256[ \t\f]+ { /* delete whitespace */ } 257"==" { return(EQUALS); } 258"!=" { return (NOTEQUAL); } 259"&&" { return (AND); } 260"||" { return (OR); } 261"!" { return (NOT); } 262"^" { return (XOR); } 263"," | 264":" | 265";" | 266"(" | 267")" | 268"{" | 269"}" | 270"[" | 271"-" | 272"." | 273"]" | 274"~" | 275"*" { return(yytext[0]); } 276. { yywarn("unrecognized character");} 277%% 278int yyerror(const char *msg) 279{ 280 if (source_file[0]) 281 fprintf(stderr, "%s:%ld:", 282 source_file, source_lineno); 283 else 284 fprintf(stderr, "(unknown source)::"); 285 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", 286 msg, 287 yytext, 288 policydb_lineno, 289 linebuf[0], linebuf[1]); 290 policydb_errors++; 291 return -1; 292} 293 294int yywarn(const char *msg) 295{ 296 if (source_file[0]) 297 fprintf(stderr, "%s:%ld:", 298 source_file, source_lineno); 299 else 300 fprintf(stderr, "(unknown source)::"); 301 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", 302 msg, 303 yytext, 304 policydb_lineno, 305 linebuf[0], linebuf[1]); 306 return 0; 307} 308 309void set_source_file(const char *name) 310{ 311 source_lineno = 1; 312 strncpy(source_file, name, sizeof(source_file)-1); 313 source_file[sizeof(source_file)-1] = '\0'; 314 if (strlen(source_file) && source_file[strlen(source_file)-1] == '"') 315 source_file[strlen(source_file)-1] = '\0'; 316} 317