policy_scan.l revision fdeeccaa0ec11a5a549c60fc2da1f4dcd8eb5c65 
1
2/*
3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil>
4 */
5
6/* Updated: David Caplan, <dac@tresys.com>
7 *
8 * 	Added conditional policy language extensions
9 *
10 *          Jason Tang    <jtang@tresys.com>
11 *
12 *	Added support for binary policy modules
13 *
14 * Copyright (C) 2003-5 Tresys Technology, LLC
15 *	This program is free software; you can redistribute it and/or modify
16 *  	it under the terms of the GNU General Public License as published by
17 *	the Free Software Foundation, version 2.
18 */
19
20/* FLASK */
21
22%{
23#include <sys/types.h>
24#include <limits.h>
25#include <stdint.h>
26#include <string.h>
27
28typedef int (* require_func_t)();
29
30#include "y.tab.h"
31
32static char linebuf[2][255];
33static unsigned int lno = 0;
34int yywarn(char *msg);
35
36void set_source_file(const char *name);
37
38char source_file[PATH_MAX];
39unsigned long source_lineno = 1;
40
41unsigned long policydb_lineno = 1;
42
43unsigned int policydb_errors = 0;
44%}
45
46%option noinput nounput
47
48%array
49letter  [A-Za-z]
50digit   [0-9]
51alnum   [a-zA-Z0-9]
52hexval	[0-9A-Fa-f]
53
54%%
55\n.*				{ strncpy(linebuf[lno], yytext+1, 255);
56                                  linebuf[lno][254] = 0;
57                                  lno = 1 - lno;
58                                  policydb_lineno++;
59				  source_lineno++;
60                                  yyless(1); }
61CLONE |
62clone				{ return(CLONE); }
63COMMON |
64common				{ return(COMMON); }
65CLASS |
66class				{ return(CLASS); }
67CONSTRAIN |
68constrain			{ return(CONSTRAIN); }
69VALIDATETRANS |
70validatetrans			{ return(VALIDATETRANS); }
71INHERITS |
72inherits			{ return(INHERITS); }
73SID |
74sid				{ return(SID); }
75ROLE |
76role				{ return(ROLE); }
77ROLES |
78roles				{ return(ROLES); }
79ROLEATTRIBUTE |
80roleattribute			{ return(ROLEATTRIBUTE);}
81ATTRIBUTE_ROLE |
82attribute_role			{ return(ATTRIBUTE_ROLE);}
83TYPES |
84types				{ return(TYPES); }
85TYPEALIAS |
86typealias			{ return(TYPEALIAS); }
87TYPEATTRIBUTE |
88typeattribute			{ return(TYPEATTRIBUTE); }
89TYPEBOUNDS |
90typebounds			{ return(TYPEBOUNDS); }
91TYPE |
92type				{ return(TYPE); }
93BOOL |
94bool                            { return(BOOL); }
95TUNABLE |
96tunable				{ return(TUNABLE); }
97IF |
98if				{ return(IF); }
99ELSE |
100else				{ return(ELSE); }
101ALIAS |
102alias				{ return(ALIAS); }
103ATTRIBUTE |
104attribute			{ return(ATTRIBUTE); }
105TYPE_TRANSITION |
106type_transition			{ return(TYPE_TRANSITION); }
107TYPE_MEMBER |
108type_member			{ return(TYPE_MEMBER); }
109TYPE_CHANGE |
110type_change			{ return(TYPE_CHANGE); }
111ROLE_TRANSITION |
112role_transition			{ return(ROLE_TRANSITION); }
113RANGE_TRANSITION |
114range_transition		{ return(RANGE_TRANSITION); }
115SENSITIVITY |
116sensitivity			{ return(SENSITIVITY); }
117DOMINANCE |
118dominance			{ return(DOMINANCE); }
119CATEGORY |
120category			{ return(CATEGORY); }
121LEVEL |
122level				{ return(LEVEL); }
123RANGE |
124range				{ return(RANGE); }
125MLSCONSTRAIN |
126mlsconstrain			{ return(MLSCONSTRAIN); }
127MLSVALIDATETRANS |
128mlsvalidatetrans		{ return(MLSVALIDATETRANS); }
129USER |
130user				{ return(USER); }
131NEVERALLOW |
132neverallow		        { return(NEVERALLOW); }
133ALLOW |
134allow			        { return(ALLOW); }
135AUDITALLOW |
136auditallow		        { return(AUDITALLOW); }
137AUDITDENY |
138auditdeny		        { return(AUDITDENY); }
139DONTAUDIT |
140dontaudit                       { return(DONTAUDIT); }
141SOURCE |
142source			        { return(SOURCE); }
143TARGET |
144target			        { return(TARGET); }
145SAMEUSER |
146sameuser			{ return(SAMEUSER);}
147module|MODULE                   { return(MODULE); }
148require|REQUIRE                 { return(REQUIRE); }
149optional|OPTIONAL               { return(OPTIONAL); }
150OR |
151or     			        { return(OR);}
152AND |
153and				{ return(AND);}
154NOT |
155not				{ return(NOT);}
156xor |
157XOR                             { return(XOR); }
158eq |
159EQ				{ return(EQUALS);}
160true |
161TRUE                            { return(CTRUE); }
162false |
163FALSE                           { return(CFALSE); }
164dom |
165DOM				{ return(DOM);}
166domby |
167DOMBY				{ return(DOMBY);}
168INCOMP |
169incomp				{ return(INCOMP);}
170fscon |
171FSCON                           { return(FSCON);}
172portcon |
173PORTCON				{ return(PORTCON);}
174netifcon |
175NETIFCON			{ return(NETIFCON);}
176nodecon |
177NODECON				{ return(NODECON);}
178pirqcon |
179PIRQCON  		        { return(PIRQCON);}
180iomemcon |
181IOMEMCON            		{ return(IOMEMCON);}
182ioportcon |
183IOPORTCON           		{ return(IOPORTCON);}
184pcidevicecon |
185PCIDEVICECON           		{ return(PCIDEVICECON);}
186fs_use_xattr |
187FS_USE_XATTR			{ return(FSUSEXATTR);}
188fs_use_task |
189FS_USE_TASK                     { return(FSUSETASK);}
190fs_use_trans |
191FS_USE_TRANS                    { return(FSUSETRANS);}
192genfscon |
193GENFSCON                        { return(GENFSCON);}
194r1 |
195R1				{ return(R1); }
196r2 |
197R2				{ return(R2); }
198r3 |
199R3				{ return(R3); }
200u1 |
201U1				{ return(U1); }
202u2 |
203U2				{ return(U2); }
204u3 |
205U3				{ return(U3); }
206t1 |
207T1				{ return(T1); }
208t2 |
209T2				{ return(T2); }
210t3 |
211T3				{ return(T3); }
212l1 |
213L1				{ return(L1); }
214l2 |
215L2				{ return(L2); }
216h1 |
217H1				{ return(H1); }
218h2 |
219H2				{ return(H2); }
220policycap |
221POLICYCAP			{ return(POLICYCAP); }
222permissive |
223PERMISSIVE			{ return(PERMISSIVE); }
224"/"({alnum}|[_\.\-/])*	        { return(PATH); }
225\"({alnum}|[_\.\-])+\"			{ return(FILENAME); }
226{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
227{alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
228{digit}+|0x{hexval}+            { return(NUMBER); }
229{digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
230{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
231{digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
232#line[ ]1[ ]\"[^\n]*\"		{ set_source_file(yytext+9); }
233#line[ ]{digit}+	        { source_lineno = atoi(yytext+6)-1; }
234#[^\n]*                         { /* delete comments */ }
235[ \t\f]+			{ /* delete whitespace */ }
236"==" 				{ return(EQUALS); }
237"!="				{ return (NOTEQUAL); }
238"&&"				{ return (AND); }
239"||"				{ return (OR); }
240"!"				{ return (NOT); }
241"^"                             { return (XOR); }
242"," |
243":" |
244";" |
245"(" |
246")" |
247"{" |
248"}" |
249"[" |
250"-" |
251"." |
252"]" |
253"~" |
254"*"				{ return(yytext[0]); }
255.                               { yywarn("unrecognized character");}
256%%
257int yyerror(char *msg)
258{
259	if (source_file[0])
260		fprintf(stderr, "%s:%ld:",
261			source_file, source_lineno);
262	else
263		fprintf(stderr, "(unknown source)::");
264	fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n",
265			msg,
266			yytext,
267			policydb_lineno,
268			linebuf[0], linebuf[1]);
269	policydb_errors++;
270	return -1;
271}
272
273int yywarn(char *msg)
274{
275	if (source_file[0])
276		fprintf(stderr, "%s:%ld:",
277			source_file, source_lineno);
278	else
279		fprintf(stderr, "(unknown source)::");
280	fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n",
281			msg,
282			yytext,
283			policydb_lineno,
284			linebuf[0], linebuf[1]);
285	return 0;
286}
287
288void set_source_file(const char *name)
289{
290	source_lineno = 1;
291	strncpy(source_file, name, sizeof(source_file)-1);
292	source_file[sizeof(source_file)-1] = '\0';
293}
294