diff options
Diffstat (limited to 'libqpol/src/policy_scan.l')
-rw-r--r-- | libqpol/src/policy_scan.l | 320 |
1 files changed, 320 insertions, 0 deletions
diff --git a/libqpol/src/policy_scan.l b/libqpol/src/policy_scan.l new file mode 100644 index 0000000..75485f3 --- /dev/null +++ b/libqpol/src/policy_scan.l @@ -0,0 +1,320 @@ +/** + * @file policy_parse.y + * + * This file is based upon checkpolicy/policy_scan.l fram NSA's SVN + * repository. It has been modified to support older policy formats. + * + * Author : Stephen Smalley, <sds@epoch.ncsc.mil> + * + * Updated: David Caplan, <dac@tresys.com> + * + * Added conditional policy language extensions + * + * Jason Tang <jtang@tresys.com> + * + * Added support for binary policy modules + * + * Copyright (C) 2003-5 Tresys Technology, LLC + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, version 2. + */ + +/* FLASK */ + +%{ +#undef YY_INPUT +#define YY_INPUT(b, r, ms) (r = qpol_src_yyinput(b, ms)) +%} + +%{ +#include <sys/types.h> +#include <limits.h> +#include <stdint.h> +#include <string.h> + +typedef int (* require_func_t)(); + +#include "policy_parse.h" + +static char linebuf[2][255]; +static unsigned int lno = 0; +int yywarn(char *msg); + +void set_source_file(const char *name); + +char source_file[PATH_MAX]; +unsigned long source_lineno = 1; + +unsigned long policydb_lineno = 1; + +unsigned int policydb_errors = 0; + +/* redefine input so we can read from a string */ +/* borrowed from O'Reilly lex and yacc pg 157 */ +extern char qpol_src_input[]; +extern char *qpol_src_inputptr;/* current position in myinput */ +extern char *qpol_src_inputlim;/* end of data */ +int qpol_src_yyinput(char *buf, int max_size); + +%} + +%option nounput +%option noyywrap + +%array +letter [A-Za-z] +digit [0-9] +alnum [a-zA-Z0-9] +hexval [0-9A-Fa-f] + +%% +\n.* { strncpy(linebuf[lno], yytext+1, 255); + linebuf[lno][254] = 0; + lno = 1 - lno; + policydb_lineno++; + source_lineno++; + yyless(1); } +CLONE | +clone { return(CLONE); } +COMMON | +common { return(COMMON); } +CLASS | +class { return(CLASS); } +CONSTRAIN | +constrain { return(CONSTRAIN); } +VALIDATETRANS | +validatetrans { return(VALIDATETRANS); } +INHERITS | +inherits { return(INHERITS); } +SID | +sid { return(SID); } +ROLE | +role { return(ROLE); } +ROLES | +roles { return(ROLES); } +TYPES | +types { return(TYPES); } +TYPEALIAS | +typealias { return(TYPEALIAS); } +TYPEATTRIBUTE | +typeattribute { return(TYPEATTRIBUTE); } +TYPEBOUNDS | +typebounds { return(TYPEBOUNDS); } +TYPE | +type { return(TYPE); } +BOOL | +bool { return(BOOL); } +IF | +if { return(IF); } +ELSE | +else { return(ELSE); } +ALIAS | +alias { return(ALIAS); } +ATTRIBUTE | +attribute { return(ATTRIBUTE); } +TYPE_TRANSITION | +type_transition { return(TYPE_TRANSITION); } +TYPE_MEMBER | +type_member { return(TYPE_MEMBER); } +TYPE_CHANGE | +type_change { return(TYPE_CHANGE); } +ROLE_TRANSITION | +role_transition { return(ROLE_TRANSITION); } +RANGE_TRANSITION | +range_transition { return(RANGE_TRANSITION); } +SENSITIVITY | +sensitivity { return(SENSITIVITY); } +DOMINANCE | +dominance { return(DOMINANCE); } +CATEGORY | +category { return(CATEGORY); } +LEVEL | +level { return(LEVEL); } +RANGE | +range { return(RANGE); } +MLSCONSTRAIN | +mlsconstrain { return(MLSCONSTRAIN); } +MLSVALIDATETRANS | +mlsvalidatetrans { return(MLSVALIDATETRANS); } +USER | +user { return(USER); } +NEVERALLOW | +neverallow { return(NEVERALLOW); } +ALLOW | +allow { return(ALLOW); } +AUDITALLOW | +auditallow { return(AUDITALLOW); } +AUDITDENY | +auditdeny { return(AUDITDENY); } +DONTAUDIT | +dontaudit { return(DONTAUDIT); } +SOURCE | +source { return(SOURCE); } +TARGET | +target { return(TARGET); } +SAMEUSER | +sameuser { return(SAMEUSER);} +module|MODULE { return(MODULE); } +require|REQUIRE { return(REQUIRE); } +optional|OPTIONAL { return(OPTIONAL); } +OR | +or { return(OR);} +AND | +and { return(AND);} +NOT | +not { return(NOT);} +xor | +XOR { return(XOR); } +eq | +EQ { return(EQUALS);} +true | +TRUE { return(CTRUE); } +false | +FALSE { return(CFALSE); } +dom | +DOM { return(DOM);} +domby | +DOMBY { return(DOMBY);} +INCOMP | +incomp { return(INCOMP);} +fscon | +FSCON { return(FSCON);} +portcon | +PORTCON { return(PORTCON);} +netifcon | +NETIFCON { return(NETIFCON);} +nodecon | +NODECON { return(NODECON);} +fs_use_psid | +FS_USE_PSID { return(FSUSEPSID);} +pirqcon | +PIRQCON { return(PIRQCON);} +iomemcon | +IOMEMCON { return(IOMEMCON);} +ioportcon | +IOPORTCON { return(IOPORTCON);} +pcidevicecon | +PCIDEVICECON { return(PCIDEVICECON);} +fs_use_xattr | +FS_USE_XATTR { return(FSUSEXATTR);} +fs_use_task | +FS_USE_TASK { return(FSUSETASK);} +fs_use_trans | +FS_USE_TRANS { return(FSUSETRANS);} +genfscon | +GENFSCON { return(GENFSCON);} +r1 | +R1 { return(R1); } +r2 | +R2 { return(R2); } +r3 | +R3 { return(R3); } +u1 | +U1 { return(U1); } +u2 | +U2 { return(U2); } +u3 | +U3 { return(U3); } +t1 | +T1 { return(T1); } +t2 | +T2 { return(T2); } +t3 | +T3 { return(T3); } +l1 | +L1 { return(L1); } +l2 | +L2 { return(L2); } +h1 | +H1 { return(H1); } +h2 | +H2 { return(H2); } +policycap | +POLICYCAP { return(POLICYCAP); } +permissive | +PERMISSIVE { return(PERMISSIVE); } +"/"({alnum}|[_\.\-/])* { return(PATH); } +{letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } +{digit}+|0x{hexval}+ { return(NUMBER); } +{digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } +{hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } +{digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } +#line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } +#line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } +#[^\n]* { /* delete comments */ } +[ \t\f]+ { /* delete whitespace */ } +"==" { return(EQUALS); } +"!=" { return (NOTEQUAL); } +"&&" { return (AND); } +"||" { return (OR); } +"!" { return (NOT); } +"^" { return (XOR); } +"," | +":" | +";" | +"(" | +")" | +"{" | +"}" | +"[" | +"-" | +"." | +"]" | +"~" | +"*" { return(yytext[0]); } +. { yywarn("unrecognized character");} +%% +int yyerror(char *msg) +{ + if (source_file[0]) + fprintf(stderr, "%s:%ld:", + source_file, source_lineno); + else + fprintf(stderr, "(unknown source)::"); + fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", + msg, + yytext, + policydb_lineno, + linebuf[0], linebuf[1]); + policydb_errors++; + return -1; +} + +int yywarn(char *msg) +{ + if (source_file[0]) + fprintf(stderr, "%s:%ld:", + source_file, source_lineno); + else + fprintf(stderr, "(unknown source)::"); + fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", + msg, + yytext, + policydb_lineno, + linebuf[0], linebuf[1]); + return 0; +} + +void set_source_file(const char *name) +{ + source_lineno = 1; + strncpy(source_file, name, sizeof(source_file)-1); + source_file[sizeof(source_file)-1] = '\0'; +} + +int qpol_src_yyinput(char *buf, int max_size) +{ + int n = max_size < (qpol_src_inputlim - qpol_src_inputptr) ? max_size : (qpol_src_inputlim - qpol_src_inputptr); + if (n > 0) { + memcpy(buf, qpol_src_inputptr, n); + qpol_src_inputptr += n; + } + + return n; +} + +void init_scanner(void) +{ + yy_flush_buffer(YY_CURRENT_BUFFER); +} |