1 2 /* 3 * Author : Stephen Smalley, <sds@epoch.ncsc.mil> 4 */ 5 6 /* Updated: David Caplan, <dac@tresys.com> 7 * 8 * Added conditional policy language extensions 9 * 10 * Jason Tang <jtang@tresys.com> 11 * 12 * Added support for binary policy modules 13 * 14 * Copyright (C) 2003-5 Tresys Technology, LLC 15 * This program is free software; you can redistribute it and/or modify 16 * it under the terms of the GNU General Public License as published by 17 * the Free Software Foundation, version 2. 18 */ 19 20 /* FLASK */ 21 22 %{ 23 #include <sys/types.h> 24 #include <limits.h> 25 #include <stdint.h> 26 #include <string.h> 27 28 typedef int (* require_func_t)(void); 29 30 #ifdef ANDROID 31 #include "policy_parse.h" 32 #else 33 #include "y.tab.h" 34 #endif 35 36 static char linebuf[2][255]; 37 static unsigned int lno = 0; 38 int yywarn(const char *msg); 39 40 void set_source_file(const char *name); 41 42 char source_file[PATH_MAX]; 43 unsigned long source_lineno = 1; 44 45 unsigned long policydb_lineno = 1; 46 47 unsigned int policydb_errors = 0; 48 %} 49 50 %option noinput nounput noyywrap 51 52 %array 53 letter [A-Za-z] 54 digit [0-9] 55 alnum [a-zA-Z0-9] 56 hexval [0-9A-Fa-f] 57 58 %% 59 \n.* { strncpy(linebuf[lno], yytext+1, 255); 60 linebuf[lno][254] = 0; 61 lno = 1 - lno; 62 policydb_lineno++; 63 source_lineno++; 64 yyless(1); } 65 CLONE | 66 clone { return(CLONE); } 67 COMMON | 68 common { return(COMMON); } 69 CLASS | 70 class { return(CLASS); } 71 CONSTRAIN | 72 constrain { return(CONSTRAIN); } 73 VALIDATETRANS | 74 validatetrans { return(VALIDATETRANS); } 75 INHERITS | 76 inherits { return(INHERITS); } 77 SID | 78 sid { return(SID); } 79 ROLE | 80 role { return(ROLE); } 81 ROLES | 82 roles { return(ROLES); } 83 ROLEATTRIBUTE | 84 roleattribute { return(ROLEATTRIBUTE);} 85 ATTRIBUTE_ROLE | 86 attribute_role { return(ATTRIBUTE_ROLE);} 87 TYPES | 88 types { return(TYPES); } 89 TYPEALIAS | 90 typealias { return(TYPEALIAS); } 91 TYPEATTRIBUTE | 92 typeattribute { return(TYPEATTRIBUTE); } 93 TYPEBOUNDS | 94 typebounds { return(TYPEBOUNDS); } 95 TYPE | 96 type { return(TYPE); } 97 BOOL | 98 bool { return(BOOL); } 99 TUNABLE | 100 tunable { return(TUNABLE); } 101 IF | 102 if { return(IF); } 103 ELSE | 104 else { return(ELSE); } 105 ALIAS | 106 alias { return(ALIAS); } 107 ATTRIBUTE | 108 attribute { return(ATTRIBUTE); } 109 EXPANDATTRIBUTE | 110 expandattribute { return(EXPANDATTRIBUTE); } 111 TYPE_TRANSITION | 112 type_transition { return(TYPE_TRANSITION); } 113 TYPE_MEMBER | 114 type_member { return(TYPE_MEMBER); } 115 TYPE_CHANGE | 116 type_change { return(TYPE_CHANGE); } 117 ROLE_TRANSITION | 118 role_transition { return(ROLE_TRANSITION); } 119 RANGE_TRANSITION | 120 range_transition { return(RANGE_TRANSITION); } 121 SENSITIVITY | 122 sensitivity { return(SENSITIVITY); } 123 DOMINANCE | 124 dominance { return(DOMINANCE); } 125 CATEGORY | 126 category { return(CATEGORY); } 127 LEVEL | 128 level { return(LEVEL); } 129 RANGE | 130 range { return(RANGE); } 131 MLSCONSTRAIN | 132 mlsconstrain { return(MLSCONSTRAIN); } 133 MLSVALIDATETRANS | 134 mlsvalidatetrans { return(MLSVALIDATETRANS); } 135 USER | 136 user { return(USER); } 137 NEVERALLOW | 138 neverallow { return(NEVERALLOW); } 139 ALLOW | 140 allow { return(ALLOW); } 141 AUDITALLOW | 142 auditallow { return(AUDITALLOW); } 143 AUDITDENY | 144 auditdeny { return(AUDITDENY); } 145 DONTAUDIT | 146 dontaudit { return(DONTAUDIT); } 147 ALLOWXPERM | 148 allowxperm { return(ALLOWXPERM); } 149 AUDITALLOWXPERM | 150 auditallowxperm { return(AUDITALLOWXPERM); } 151 DONTAUDITXPERM | 152 dontauditxperm { return(DONTAUDITXPERM); } 153 NEVERALLOWXPERM | 154 neverallowxperm { return(NEVERALLOWXPERM); } 155 SOURCE | 156 source { return(SOURCE); } 157 TARGET | 158 target { return(TARGET); } 159 SAMEUSER | 160 sameuser { return(SAMEUSER);} 161 module|MODULE { return(MODULE); } 162 require|REQUIRE { return(REQUIRE); } 163 optional|OPTIONAL { return(OPTIONAL); } 164 OR | 165 or { return(OR);} 166 AND | 167 and { return(AND);} 168 NOT | 169 not { return(NOT);} 170 xor | 171 XOR { return(XOR); } 172 eq | 173 EQ { return(EQUALS);} 174 true | 175 TRUE { return(CTRUE); } 176 false | 177 FALSE { return(CFALSE); } 178 dom | 179 DOM { return(DOM);} 180 domby | 181 DOMBY { return(DOMBY);} 182 INCOMP | 183 incomp { return(INCOMP);} 184 fscon | 185 FSCON { return(FSCON);} 186 portcon | 187 PORTCON { return(PORTCON);} 188 netifcon | 189 NETIFCON { return(NETIFCON);} 190 nodecon | 191 NODECON { return(NODECON);} 192 pirqcon | 193 PIRQCON { return(PIRQCON);} 194 iomemcon | 195 IOMEMCON { return(IOMEMCON);} 196 ioportcon | 197 IOPORTCON { return(IOPORTCON);} 198 pcidevicecon | 199 PCIDEVICECON { return(PCIDEVICECON);} 200 devicetreecon | 201 DEVICETREECON { return(DEVICETREECON);} 202 fs_use_xattr | 203 FS_USE_XATTR { return(FSUSEXATTR);} 204 fs_use_task | 205 FS_USE_TASK { return(FSUSETASK);} 206 fs_use_trans | 207 FS_USE_TRANS { return(FSUSETRANS);} 208 genfscon | 209 GENFSCON { return(GENFSCON);} 210 r1 | 211 R1 { return(R1); } 212 r2 | 213 R2 { return(R2); } 214 r3 | 215 R3 { return(R3); } 216 u1 | 217 U1 { return(U1); } 218 u2 | 219 U2 { return(U2); } 220 u3 | 221 U3 { return(U3); } 222 t1 | 223 T1 { return(T1); } 224 t2 | 225 T2 { return(T2); } 226 t3 | 227 T3 { return(T3); } 228 l1 | 229 L1 { return(L1); } 230 l2 | 231 L2 { return(L2); } 232 h1 | 233 H1 { return(H1); } 234 h2 | 235 H2 { return(H2); } 236 policycap | 237 POLICYCAP { return(POLICYCAP); } 238 permissive | 239 PERMISSIVE { return(PERMISSIVE); } 240 default_user | 241 DEFAULT_USER { return(DEFAULT_USER); } 242 default_role | 243 DEFAULT_ROLE { return(DEFAULT_ROLE); } 244 default_type | 245 DEFAULT_TYPE { return(DEFAULT_TYPE); } 246 default_range | 247 DEFAULT_RANGE { return(DEFAULT_RANGE); } 248 low-high | 249 LOW-HIGH { return(LOW_HIGH); } 250 high | 251 HIGH { return(HIGH); } 252 low | 253 LOW { return(LOW); } 254 "/"[^ \n\r\t\f]* { return(PATH); } 255 \""/"[^\"\n]*\" { return(QPATH); } 256 \"[^"/"\"\n]+\" { return(FILENAME); } 257 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } 258 {digit}+|0x{hexval}+ { return(NUMBER); } 259 {alnum}*{letter}{alnum}* { return(FILESYSTEM); } 260 {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } 261 {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } 262 {digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } 263 #line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } 264 #line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } 265 #[^\n]* { /* delete comments */ } 266 [ \t\f]+ { /* delete whitespace */ } 267 "==" { return(EQUALS); } 268 "!=" { return (NOTEQUAL); } 269 "&&" { return (AND); } 270 "||" { return (OR); } 271 "!" { return (NOT); } 272 "^" { return (XOR); } 273 "," | 274 ":" | 275 ";" | 276 "(" | 277 ")" | 278 "{" | 279 "}" | 280 "[" | 281 "-" | 282 "." | 283 "]" | 284 "~" | 285 "*" { return(yytext[0]); } 286 . { yywarn("unrecognized character");} 287 %% 288 int yyerror(const char *msg) 289 { 290 if (source_file[0]) 291 fprintf(stderr, "%s:%ld:", 292 source_file, source_lineno); 293 else 294 fprintf(stderr, "(unknown source)::"); 295 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", 296 msg, 297 yytext, 298 policydb_lineno, 299 linebuf[0], linebuf[1]); 300 policydb_errors++; 301 return -1; 302 } 303 304 int yywarn(const char *msg) 305 { 306 if (source_file[0]) 307 fprintf(stderr, "%s:%ld:", 308 source_file, source_lineno); 309 else 310 fprintf(stderr, "(unknown source)::"); 311 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", 312 msg, 313 yytext, 314 policydb_lineno, 315 linebuf[0], linebuf[1]); 316 return 0; 317 } 318 319 void set_source_file(const char *name) 320 { 321 source_lineno = 1; 322 strncpy(source_file, name, sizeof(source_file)-1); 323 source_file[sizeof(source_file)-1] = '\0'; 324 if (strlen(source_file) && source_file[strlen(source_file)-1] == '"') 325 source_file[strlen(source_file)-1] = '\0'; 326 } 327