• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 
2 /*
3  * Author : Stephen Smalley, <sds@tycho.nsa.gov>
4  */
5 
6 /* Updated: David Caplan, <dac@tresys.com>
7  *
8  * 	Added conditional policy language extensions
9  *
10  *          Jason Tang    <jtang@tresys.com>
11  *
12  *	Added support for binary policy modules
13  *
14  * Copyright (C) 2003-5 Tresys Technology, LLC
15  * Copyright (C) 2017 Mellanox Technologies Inc.
16  *	This program is free software; you can redistribute it and/or modify
17  *  	it under the terms of the GNU General Public License as published by
18  *	the Free Software Foundation, version 2.
19  */
20 
21 /* FLASK */
22 
23 %{
24 #include <sys/types.h>
25 #include <limits.h>
26 #include <stdint.h>
27 #include <string.h>
28 
29 typedef int (* require_func_t)(void);
30 
31 #ifdef ANDROID
32 #include "policy_parse.h"
33 #else
34 #include "y.tab.h"
35 #endif
36 
37 static char linebuf[2][255];
38 static unsigned int lno = 0;
39 int werror = 0;
40 int yyerror(const char *msg);
41 int yywarn(const char *msg);
42 
43 void set_source_file(const char *name);
44 
45 char source_file[PATH_MAX];
46 unsigned long source_lineno = 1;
47 
48 unsigned long policydb_lineno = 1;
49 
50 unsigned int policydb_errors = 0;
51 %}
52 
53 %option noinput nounput noyywrap
54 
55 %array
56 letter  [A-Za-z]
57 digit   [0-9]
58 alnum   [a-zA-Z0-9]
59 hexval	[0-9A-Fa-f]
60 
61 %%
62 \n.*				{
63 #if defined(__GNUC__) && __GNUC__ >= 8
64 #pragma GCC diagnostic push
65 #pragma GCC diagnostic ignored "-Wstringop-truncation"
66 #endif
67 				  strncpy(linebuf[lno], yytext+1, 255);
68 #if defined(__GNUC__) && __GNUC__ >= 8
69 #pragma GCC diagnostic pop
70 #endif
71 				  linebuf[lno][254] = 0;
72 				  lno = 1 - lno;
73 				  policydb_lineno++;
74 				  if (source_lineno == ULONG_MAX)
75 				      yywarn("source line number overflow");
76 				  else
77 				      source_lineno++;
78 				  yyless(1);
79 				}
80 CLONE |
81 clone				{ return(CLONE); }
82 COMMON |
83 common				{ return(COMMON); }
84 CLASS |
85 class				{ return(CLASS); }
86 CONSTRAIN |
87 constrain			{ return(CONSTRAIN); }
88 VALIDATETRANS |
89 validatetrans			{ return(VALIDATETRANS); }
90 INHERITS |
91 inherits			{ return(INHERITS); }
92 SID |
93 sid				{ return(SID); }
94 ROLE |
95 role				{ return(ROLE); }
96 ROLES |
97 roles				{ return(ROLES); }
98 ROLEATTRIBUTE |
99 roleattribute			{ return(ROLEATTRIBUTE);}
100 ATTRIBUTE_ROLE |
101 attribute_role			{ return(ATTRIBUTE_ROLE);}
102 TYPES |
103 types				{ return(TYPES); }
104 TYPEALIAS |
105 typealias			{ return(TYPEALIAS); }
106 TYPEATTRIBUTE |
107 typeattribute			{ return(TYPEATTRIBUTE); }
108 TYPEBOUNDS |
109 typebounds			{ return(TYPEBOUNDS); }
110 TYPE |
111 type				{ return(TYPE); }
112 BOOL |
113 bool                            { return(BOOL); }
114 TUNABLE |
115 tunable				{ return(TUNABLE); }
116 IF |
117 if				{ return(IF); }
118 ELSE |
119 else				{ return(ELSE); }
120 ALIAS |
121 alias				{ return(ALIAS); }
122 ATTRIBUTE |
123 attribute			{ return(ATTRIBUTE); }
124 EXPANDATTRIBUTE |
125 expandattribute                 { return(EXPANDATTRIBUTE); }
126 TYPE_TRANSITION |
127 type_transition			{ return(TYPE_TRANSITION); }
128 TYPE_MEMBER |
129 type_member			{ return(TYPE_MEMBER); }
130 TYPE_CHANGE |
131 type_change			{ return(TYPE_CHANGE); }
132 ROLE_TRANSITION |
133 role_transition			{ return(ROLE_TRANSITION); }
134 RANGE_TRANSITION |
135 range_transition		{ return(RANGE_TRANSITION); }
136 SENSITIVITY |
137 sensitivity			{ return(SENSITIVITY); }
138 DOMINANCE |
139 dominance			{ return(DOMINANCE); }
140 CATEGORY |
141 category			{ return(CATEGORY); }
142 LEVEL |
143 level				{ return(LEVEL); }
144 RANGE |
145 range				{ return(RANGE); }
146 MLSCONSTRAIN |
147 mlsconstrain			{ return(MLSCONSTRAIN); }
148 MLSVALIDATETRANS |
149 mlsvalidatetrans		{ return(MLSVALIDATETRANS); }
150 USER |
151 user				{ return(USER); }
152 NEVERALLOW |
153 neverallow		        { return(NEVERALLOW); }
154 ALLOW |
155 allow			        { return(ALLOW); }
156 AUDITALLOW |
157 auditallow		        { return(AUDITALLOW); }
158 AUDITDENY |
159 auditdeny		        { return(AUDITDENY); }
160 DONTAUDIT |
161 dontaudit                       { return(DONTAUDIT); }
162 ALLOWXPERM |
163 allowxperm			{ return(ALLOWXPERM); }
164 AUDITALLOWXPERM |
165 auditallowxperm			{ return(AUDITALLOWXPERM); }
166 DONTAUDITXPERM |
167 dontauditxperm			{ return(DONTAUDITXPERM); }
168 NEVERALLOWXPERM |
169 neverallowxperm			{ return(NEVERALLOWXPERM); }
170 SOURCE |
171 source			        { return(SOURCE); }
172 TARGET |
173 target			        { return(TARGET); }
174 SAMEUSER |
175 sameuser			{ return(SAMEUSER);}
176 module|MODULE                   { return(MODULE); }
177 require|REQUIRE                 { return(REQUIRE); }
178 optional|OPTIONAL               { return(OPTIONAL); }
179 OR |
180 or     			        { return(OR);}
181 AND |
182 and				{ return(AND);}
183 NOT |
184 not				{ return(NOT);}
185 xor |
186 XOR                             { return(XOR); }
187 eq |
188 EQ				{ return(EQUALS);}
189 true |
190 TRUE                            { return(CTRUE); }
191 false |
192 FALSE                           { return(CFALSE); }
193 dom |
194 DOM				{ return(DOM);}
195 domby |
196 DOMBY				{ return(DOMBY);}
197 INCOMP |
198 incomp				{ return(INCOMP);}
199 fscon |
200 FSCON                           { return(FSCON);}
201 ibpkeycon |
202 IBPKEYCON			{ return(IBPKEYCON);}
203 ibendportcon |
204 IBENDPORTCON			{ return(IBENDPORTCON);}
205 portcon |
206 PORTCON				{ return(PORTCON);}
207 netifcon |
208 NETIFCON			{ return(NETIFCON);}
209 nodecon |
210 NODECON				{ return(NODECON);}
211 pirqcon |
212 PIRQCON  		        { return(PIRQCON);}
213 iomemcon |
214 IOMEMCON            		{ return(IOMEMCON);}
215 ioportcon |
216 IOPORTCON           		{ return(IOPORTCON);}
217 pcidevicecon |
218 PCIDEVICECON           		{ return(PCIDEVICECON);}
219 devicetreecon |
220 DEVICETREECON           	{ return(DEVICETREECON);}
221 fs_use_xattr |
222 FS_USE_XATTR			{ return(FSUSEXATTR);}
223 fs_use_task |
224 FS_USE_TASK                     { return(FSUSETASK);}
225 fs_use_trans |
226 FS_USE_TRANS                    { return(FSUSETRANS);}
227 genfscon |
228 GENFSCON                        { return(GENFSCON);}
229 r1 |
230 R1				{ return(R1); }
231 r2 |
232 R2				{ return(R2); }
233 r3 |
234 R3				{ return(R3); }
235 u1 |
236 U1				{ return(U1); }
237 u2 |
238 U2				{ return(U2); }
239 u3 |
240 U3				{ return(U3); }
241 t1 |
242 T1				{ return(T1); }
243 t2 |
244 T2				{ return(T2); }
245 t3 |
246 T3				{ return(T3); }
247 l1 |
248 L1				{ return(L1); }
249 l2 |
250 L2				{ return(L2); }
251 h1 |
252 H1				{ return(H1); }
253 h2 |
254 H2				{ return(H2); }
255 policycap |
256 POLICYCAP			{ return(POLICYCAP); }
257 permissive |
258 PERMISSIVE			{ return(PERMISSIVE); }
259 default_user |
260 DEFAULT_USER			{ return(DEFAULT_USER); }
261 default_role |
262 DEFAULT_ROLE			{ return(DEFAULT_ROLE); }
263 default_type |
264 DEFAULT_TYPE			{ return(DEFAULT_TYPE); }
265 default_range |
266 DEFAULT_RANGE			{ return(DEFAULT_RANGE); }
267 low-high |
268 LOW-HIGH			{ return(LOW_HIGH); }
269 high |
270 HIGH				{ return(HIGH); }
271 low |
272 LOW				{ return(LOW); }
273 glblub |
274 GLBLUB				{ return(GLBLUB); }
275 "/"[^ \n\r\t\f]*	        { return(PATH); }
276 \""/"[^\"\n]*\" 		{ return(QPATH); }
277 \"[^"/"\"\n]+\"	{ return(FILENAME); }
278 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))*	{ return(IDENTIFIER); }
279 {digit}+|0x{hexval}+            { return(NUMBER); }
280 {alnum}*{letter}{alnum}*        { return(FILESYSTEM); }
281 {digit}{1,3}(\.{digit}{1,3}){3}    { return(IPV4_ADDR); }
282 {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])*  { return(IPV6_ADDR); }
283 {digit}+(\.({alnum}|[_.])*)?    { return(VERSION_IDENTIFIER); }
284 #line[ ]1[ ]\"[^\n]*\"		{ set_source_file(yytext+9); }
285 #line[ ]{digit}+	        {
286 				  errno = 0;
287 				  source_lineno = strtoul(yytext+6, NULL, 10) - 1;
288 				  if (errno) {
289 				    yywarn("source line number too big");
290 				  }
291 				}
292 #[^\n]*                         { /* delete comments */ }
293 [ \t\f]+			{ /* delete whitespace */ }
294 "==" 				{ return(EQUALS); }
295 "!="				{ return (NOTEQUAL); }
296 "&&"				{ return (AND); }
297 "||"				{ return (OR); }
298 "!"				{ return (NOT); }
299 "^"                             { return (XOR); }
300 "," |
301 ":" |
302 ";" |
303 "(" |
304 ")" |
305 "{" |
306 "}" |
307 "[" |
308 "-" |
309 "." |
310 "]" |
311 "~" |
312 "*"				{ return(yytext[0]); }
313 .                               { yyerror("unrecognized character");}
314 %%
315 int yyerror(const char *msg)
316 {
317 	if (source_file[0])
318 		fprintf(stderr, "%s:%lu:",
319 			source_file, source_lineno);
320 	else
321 		fprintf(stderr, "(unknown source)::");
322 	fprintf(stderr, "ERROR '%s' at token '%s' on line %lu:\n%s\n%s\n",
323 			msg,
324 			yytext,
325 			policydb_lineno,
326 			linebuf[0], linebuf[1]);
327 	policydb_errors++;
328 	return -1;
329 }
330 
331 int yywarn(const char *msg)
332 {
333 	if (werror)
334 		return yyerror(msg);
335 
336 	if (source_file[0])
337 		fprintf(stderr, "%s:%lu:",
338 			source_file, source_lineno);
339 	else
340 		fprintf(stderr, "(unknown source)::");
341 	fprintf(stderr, "WARNING '%s' at token '%s' on line %lu:\n%s\n%s\n",
342 			msg,
343 			yytext,
344 			policydb_lineno,
345 			linebuf[0], linebuf[1]);
346 	return 0;
347 }
348 
349 void set_source_file(const char *name)
350 {
351 	source_lineno = 1;
352 	strncpy(source_file, name, sizeof(source_file)-1);
353 	source_file[sizeof(source_file)-1] = '\0';
354 	if (strlen(source_file) && source_file[strlen(source_file)-1] == '"')
355 		source_file[strlen(source_file)-1] = '\0';
356 }
357