• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 /*
3  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
4  */
5 
6 /* Updated: David Caplan, <dac@tresys.com>
7  *
8  * 	Added conditional policy language extensions
9  *
10  *          Jason Tang    <jtang@tresys.com>
11  *
12  *	Added support for binary policy modules
13  *
14  * Copyright (C) 2003-5 Tresys Technology, LLC
15  * Copyright (C) 2017 Mellanox Technologies Inc.
16  *	This program is free software; you can redistribute it and/or modify
17  *  	it under the terms of the GNU General Public License as published by
18  *	the Free Software Foundation, version 2.
19  */
20 
21 /* FLASK */
22 
23 %{
24 #include <sys/types.h>
25 #include <limits.h>
26 #include <stdint.h>
27 #include <string.h>
28 
29 typedef int (* require_func_t)(void);
30 
31 #ifdef ANDROID
32 #include "policy_parse.h"
33 #else
34 #include "y.tab.h"
35 #endif
36 
37 static char linebuf[2][255];
38 static unsigned int lno = 0;
39 int werror = 0;
40 int yyerror(const char *msg);
41 int yywarn(const char *msg);
42 
43 void set_source_file(const char *name);
44 
45 char source_file[PATH_MAX];
46 unsigned long source_lineno = 1;
47 
48 unsigned long policydb_lineno = 1;
49 
50 unsigned int policydb_errors = 0;
51 %}
52 
53 %option noinput nounput noyywrap
54 
55 %array
56 letter  [A-Za-z]
57 digit   [0-9]
58 alnum   [a-zA-Z0-9]
59 hexval	[0-9A-Fa-f]
60 
61 %%
62 \n.*				{
63 				  strncpy(linebuf[lno], yytext+1, 255);
64 				  linebuf[lno][254] = 0;
65 				  lno = 1 - lno;
66 				  policydb_lineno++;
67 				  if (source_lineno == ULONG_MAX)
68 				      yywarn("source line number overflow");
69 				  else
70 				      source_lineno++;
71 				  yyless(1);
72 				}
73 CLONE |
74 clone				{ return(CLONE); }
75 COMMON |
76 common				{ return(COMMON); }
77 CLASS |
78 class				{ return(CLASS); }
79 CONSTRAIN |
80 constrain			{ return(CONSTRAIN); }
81 VALIDATETRANS |
82 validatetrans			{ return(VALIDATETRANS); }
83 INHERITS |
84 inherits			{ return(INHERITS); }
85 SID |
86 sid				{ return(SID); }
87 ROLE |
88 role				{ return(ROLE); }
89 ROLES |
90 roles				{ return(ROLES); }
91 ROLEATTRIBUTE |
92 roleattribute			{ return(ROLEATTRIBUTE);}
93 ATTRIBUTE_ROLE |
94 attribute_role			{ return(ATTRIBUTE_ROLE);}
95 TYPES |
96 types				{ return(TYPES); }
97 TYPEALIAS |
98 typealias			{ return(TYPEALIAS); }
99 TYPEATTRIBUTE |
100 typeattribute			{ return(TYPEATTRIBUTE); }
101 TYPEBOUNDS |
102 typebounds			{ return(TYPEBOUNDS); }
103 TYPE |
104 type				{ return(TYPE); }
105 BOOL |
106 bool                            { return(BOOL); }
107 TUNABLE |
108 tunable				{ return(TUNABLE); }
109 IF |
110 if				{ return(IF); }
111 ELSE |
112 else				{ return(ELSE); }
113 ALIAS |
114 alias				{ return(ALIAS); }
115 ATTRIBUTE |
116 attribute			{ return(ATTRIBUTE); }
117 EXPANDATTRIBUTE |
118 expandattribute                 { return(EXPANDATTRIBUTE); }
119 TYPE_TRANSITION |
120 type_transition			{ return(TYPE_TRANSITION); }
121 TYPE_MEMBER |
122 type_member			{ return(TYPE_MEMBER); }
123 TYPE_CHANGE |
124 type_change			{ return(TYPE_CHANGE); }
125 ROLE_TRANSITION |
126 role_transition			{ return(ROLE_TRANSITION); }
127 RANGE_TRANSITION |
128 range_transition		{ return(RANGE_TRANSITION); }
129 SENSITIVITY |
130 sensitivity			{ return(SENSITIVITY); }
131 DOMINANCE |
132 dominance			{ return(DOMINANCE); }
133 CATEGORY |
134 category			{ return(CATEGORY); }
135 LEVEL |
136 level				{ return(LEVEL); }
137 RANGE |
138 range				{ return(RANGE); }
139 MLSCONSTRAIN |
140 mlsconstrain			{ return(MLSCONSTRAIN); }
141 MLSVALIDATETRANS |
142 mlsvalidatetrans		{ return(MLSVALIDATETRANS); }
143 USER |
144 user				{ return(USER); }
145 NEVERALLOW |
146 neverallow		        { return(NEVERALLOW); }
147 ALLOW |
148 allow			        { return(ALLOW); }
149 AUDITALLOW |
150 auditallow		        { return(AUDITALLOW); }
151 AUDITDENY |
152 auditdeny		        { return(AUDITDENY); }
153 DONTAUDIT |
154 dontaudit                       { return(DONTAUDIT); }
155 ALLOWXPERM |
156 allowxperm			{ return(ALLOWXPERM); }
157 AUDITALLOWXPERM |
158 auditallowxperm			{ return(AUDITALLOWXPERM); }
159 DONTAUDITXPERM |
160 dontauditxperm			{ return(DONTAUDITXPERM); }
161 NEVERALLOWXPERM |
162 neverallowxperm			{ return(NEVERALLOWXPERM); }
163 SOURCE |
164 source			        { return(SOURCE); }
165 TARGET |
166 target			        { return(TARGET); }
167 SAMEUSER |
168 sameuser			{ return(SAMEUSER);}
169 module|MODULE                   { return(MODULE); }
170 require|REQUIRE                 { return(REQUIRE); }
171 optional|OPTIONAL               { return(OPTIONAL); }
172 OR |
173 or     			        { return(OR);}
174 AND |
175 and				{ return(AND);}
176 NOT |
177 not				{ return(NOT);}
178 xor |
179 XOR                             { return(XOR); }
180 eq |
181 EQ				{ return(EQUALS);}
182 true |
183 TRUE                            { return(CTRUE); }
184 false |
185 FALSE                           { return(CFALSE); }
186 dom |
187 DOM				{ return(DOM);}
188 domby |
189 DOMBY				{ return(DOMBY);}
190 INCOMP |
191 incomp				{ return(INCOMP);}
192 fscon |
193 FSCON                           { return(FSCON);}
194 ibpkeycon |
195 IBPKEYCON			{ return(IBPKEYCON);}
196 ibendportcon |
197 IBENDPORTCON			{ return(IBENDPORTCON);}
198 portcon |
199 PORTCON				{ return(PORTCON);}
200 netifcon |
201 NETIFCON			{ return(NETIFCON);}
202 nodecon |
203 NODECON				{ return(NODECON);}
204 pirqcon |
205 PIRQCON  		        { return(PIRQCON);}
206 iomemcon |
207 IOMEMCON            		{ return(IOMEMCON);}
208 ioportcon |
209 IOPORTCON           		{ return(IOPORTCON);}
210 pcidevicecon |
211 PCIDEVICECON           		{ return(PCIDEVICECON);}
212 devicetreecon |
213 DEVICETREECON           	{ return(DEVICETREECON);}
214 fs_use_xattr |
215 FS_USE_XATTR			{ return(FSUSEXATTR);}
216 fs_use_task |
217 FS_USE_TASK                     { return(FSUSETASK);}
218 fs_use_trans |
219 FS_USE_TRANS                    { return(FSUSETRANS);}
220 genfscon |
221 GENFSCON                        { return(GENFSCON);}
222 r1 |
223 R1				{ return(R1); }
224 r2 |
225 R2				{ return(R2); }
226 r3 |
227 R3				{ return(R3); }
228 u1 |
229 U1				{ return(U1); }
230 u2 |
231 U2				{ return(U2); }
232 u3 |
233 U3				{ return(U3); }
234 t1 |
235 T1				{ return(T1); }
236 t2 |
237 T2				{ return(T2); }
238 t3 |
239 T3				{ return(T3); }
240 l1 |
241 L1				{ return(L1); }
242 l2 |
243 L2				{ return(L2); }
244 h1 |
245 H1				{ return(H1); }
246 h2 |
247 H2				{ return(H2); }
248 policycap |
249 POLICYCAP			{ return(POLICYCAP); }
250 permissive |
251 PERMISSIVE			{ return(PERMISSIVE); }
252 default_user |
253 DEFAULT_USER			{ return(DEFAULT_USER); }
254 default_role |
255 DEFAULT_ROLE			{ return(DEFAULT_ROLE); }
256 default_type |
257 DEFAULT_TYPE			{ return(DEFAULT_TYPE); }
258 default_range |
259 DEFAULT_RANGE			{ return(DEFAULT_RANGE); }
260 low-high |
261 LOW-HIGH			{ return(LOW_HIGH); }
262 high |
263 HIGH				{ return(HIGH); }
264 low |
265 LOW				{ return(LOW); }
266 glblub |
267 GLBLUB				{ return(GLBLUB); }
268 "/"[^ \n\r\t\f]*	        { return(PATH); }
269 \""/"[^\"\n]*\" 		{ return(QPATH); }
270 \"[^"/"\"\n]+\"	{ return(FILENAME); }
271 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
272 {digit}+|0x{hexval}+            { return(NUMBER); }
273 {alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
274 {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
275 {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
276 {digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
277 #line[ ]1[ ]\"[^\n]*\"		{ set_source_file(yytext+9); }
278 #line[ ]{digit}+	        {
279 				  errno = 0;
280 				  source_lineno = strtoul(yytext+6, NULL, 10) - 1;
281 				  if (errno) {
282 				    yywarn("source line number too big");
283 				  }
284 				}
285 #[^\n]*                         { /* delete comments */ }
286 [ \t\f]+			{ /* delete whitespace */ }
287 "==" 				{ return(EQUALS); }
288 "!="				{ return (NOTEQUAL); }
289 "&&"				{ return (AND); }
290 "||"				{ return (OR); }
291 "!"				{ return (NOT); }
292 "^"                             { return (XOR); }
293 "," |
294 ":" |
295 ";" |
296 "(" |
297 ")" |
298 "{" |
299 "}" |
300 "[" |
301 "-" |
302 "." |
303 "]" |
304 "~" |
305 "*"				{ return(yytext[0]); }
306 .                               { yyerror("unrecognized character");}
307 %%
308 int yyerror(const char *msg)
309 {
310 	if (source_file[0])
311 		fprintf(stderr, "%s:%ld:",
312 			source_file, source_lineno);
313 	else
314 		fprintf(stderr, "(unknown source)::");
315 	fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n",
316 			msg,
317 			yytext,
318 			policydb_lineno,
319 			linebuf[0], linebuf[1]);
320 	policydb_errors++;
321 	return -1;
322 }
323 
324 int yywarn(const char *msg)
325 {
326 	if (werror)
327 		return yyerror(msg);
328 
329 	if (source_file[0])
330 		fprintf(stderr, "%s:%ld:",
331 			source_file, source_lineno);
332 	else
333 		fprintf(stderr, "(unknown source)::");
334 	fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n",
335 			msg,
336 			yytext,
337 			policydb_lineno,
338 			linebuf[0], linebuf[1]);
339 	return 0;
340 }
341 
342 void set_source_file(const char *name)
343 {
344 	source_lineno = 1;
345 	strncpy(source_file, name, sizeof(source_file)-1);
346 	source_file[sizeof(source_file)-1] = '\0';
347 	if (strlen(source_file) && source_file[strlen(source_file)-1] == '"')
348 		source_file[strlen(source_file)-1] = '\0';
349 }
350