1 2 /* 3 * Author : Stephen Smalley, <sds@tycho.nsa.gov> 4 */ 5 6 /* Updated: David Caplan, <dac@tresys.com> 7 * 8 * Added conditional policy language extensions 9 * 10 * Jason Tang <jtang@tresys.com> 11 * 12 * Added support for binary policy modules 13 * 14 * Copyright (C) 2003-5 Tresys Technology, LLC 15 * Copyright (C) 2017 Mellanox Technologies Inc. 16 * This program is free software; you can redistribute it and/or modify 17 * it under the terms of the GNU General Public License as published by 18 * the Free Software Foundation, version 2. 19 */ 20 21 /* FLASK */ 22 23 %{ 24 #include <sys/types.h> 25 #include <limits.h> 26 #include <stdint.h> 27 #include <string.h> 28 29 typedef int (* require_func_t)(void); 30 31 #ifdef ANDROID 32 #include "policy_parse.h" 33 #else 34 #include "y.tab.h" 35 #endif 36 37 static char linebuf[2][255]; 38 static unsigned int lno = 0; 39 int yywarn(const char *msg); 40 41 void set_source_file(const char *name); 42 43 char source_file[PATH_MAX]; 44 unsigned long source_lineno = 1; 45 46 unsigned long policydb_lineno = 1; 47 48 unsigned int policydb_errors = 0; 49 %} 50 51 %option noinput nounput noyywrap 52 53 %array 54 letter [A-Za-z] 55 digit [0-9] 56 alnum [a-zA-Z0-9] 57 hexval [0-9A-Fa-f] 58 59 %% 60 \n.* { strncpy(linebuf[lno], yytext+1, 255); 61 linebuf[lno][254] = 0; 62 lno = 1 - lno; 63 policydb_lineno++; 64 source_lineno++; 65 yyless(1); } 66 CLONE | 67 clone { return(CLONE); } 68 COMMON | 69 common { return(COMMON); } 70 CLASS | 71 class { return(CLASS); } 72 CONSTRAIN | 73 constrain { return(CONSTRAIN); } 74 VALIDATETRANS | 75 validatetrans { return(VALIDATETRANS); } 76 INHERITS | 77 inherits { return(INHERITS); } 78 SID | 79 sid { return(SID); } 80 ROLE | 81 role { return(ROLE); } 82 ROLES | 83 roles { return(ROLES); } 84 ROLEATTRIBUTE | 85 roleattribute { return(ROLEATTRIBUTE);} 86 ATTRIBUTE_ROLE | 87 attribute_role { return(ATTRIBUTE_ROLE);} 88 TYPES | 89 types { return(TYPES); } 90 TYPEALIAS | 91 typealias { return(TYPEALIAS); } 92 TYPEATTRIBUTE | 93 typeattribute { return(TYPEATTRIBUTE); } 94 TYPEBOUNDS | 95 typebounds { return(TYPEBOUNDS); } 96 TYPE | 97 type { return(TYPE); } 98 BOOL | 99 bool { return(BOOL); } 100 TUNABLE | 101 tunable { return(TUNABLE); } 102 IF | 103 if { return(IF); } 104 ELSE | 105 else { return(ELSE); } 106 ALIAS | 107 alias { return(ALIAS); } 108 ATTRIBUTE | 109 attribute { return(ATTRIBUTE); } 110 EXPANDATTRIBUTE | 111 expandattribute { return(EXPANDATTRIBUTE); } 112 TYPE_TRANSITION | 113 type_transition { return(TYPE_TRANSITION); } 114 TYPE_MEMBER | 115 type_member { return(TYPE_MEMBER); } 116 TYPE_CHANGE | 117 type_change { return(TYPE_CHANGE); } 118 ROLE_TRANSITION | 119 role_transition { return(ROLE_TRANSITION); } 120 RANGE_TRANSITION | 121 range_transition { return(RANGE_TRANSITION); } 122 SENSITIVITY | 123 sensitivity { return(SENSITIVITY); } 124 DOMINANCE | 125 dominance { return(DOMINANCE); } 126 CATEGORY | 127 category { return(CATEGORY); } 128 LEVEL | 129 level { return(LEVEL); } 130 RANGE | 131 range { return(RANGE); } 132 MLSCONSTRAIN | 133 mlsconstrain { return(MLSCONSTRAIN); } 134 MLSVALIDATETRANS | 135 mlsvalidatetrans { return(MLSVALIDATETRANS); } 136 USER | 137 user { return(USER); } 138 NEVERALLOW | 139 neverallow { return(NEVERALLOW); } 140 ALLOW | 141 allow { return(ALLOW); } 142 AUDITALLOW | 143 auditallow { return(AUDITALLOW); } 144 AUDITDENY | 145 auditdeny { return(AUDITDENY); } 146 DONTAUDIT | 147 dontaudit { return(DONTAUDIT); } 148 ALLOWXPERM | 149 allowxperm { return(ALLOWXPERM); } 150 AUDITALLOWXPERM | 151 auditallowxperm { return(AUDITALLOWXPERM); } 152 DONTAUDITXPERM | 153 dontauditxperm { return(DONTAUDITXPERM); } 154 NEVERALLOWXPERM | 155 neverallowxperm { return(NEVERALLOWXPERM); } 156 SOURCE | 157 source { return(SOURCE); } 158 TARGET | 159 target { return(TARGET); } 160 SAMEUSER | 161 sameuser { return(SAMEUSER);} 162 module|MODULE { return(MODULE); } 163 require|REQUIRE { return(REQUIRE); } 164 optional|OPTIONAL { return(OPTIONAL); } 165 OR | 166 or { return(OR);} 167 AND | 168 and { return(AND);} 169 NOT | 170 not { return(NOT);} 171 xor | 172 XOR { return(XOR); } 173 eq | 174 EQ { return(EQUALS);} 175 true | 176 TRUE { return(CTRUE); } 177 false | 178 FALSE { return(CFALSE); } 179 dom | 180 DOM { return(DOM);} 181 domby | 182 DOMBY { return(DOMBY);} 183 INCOMP | 184 incomp { return(INCOMP);} 185 fscon | 186 FSCON { return(FSCON);} 187 ibpkeycon | 188 IBPKEYCON { return(IBPKEYCON);} 189 ibendportcon | 190 IBENDPORTCON { return(IBENDPORTCON);} 191 portcon | 192 PORTCON { return(PORTCON);} 193 netifcon | 194 NETIFCON { return(NETIFCON);} 195 nodecon | 196 NODECON { return(NODECON);} 197 pirqcon | 198 PIRQCON { return(PIRQCON);} 199 iomemcon | 200 IOMEMCON { return(IOMEMCON);} 201 ioportcon | 202 IOPORTCON { return(IOPORTCON);} 203 pcidevicecon | 204 PCIDEVICECON { return(PCIDEVICECON);} 205 devicetreecon | 206 DEVICETREECON { return(DEVICETREECON);} 207 fs_use_xattr | 208 FS_USE_XATTR { return(FSUSEXATTR);} 209 fs_use_task | 210 FS_USE_TASK { return(FSUSETASK);} 211 fs_use_trans | 212 FS_USE_TRANS { return(FSUSETRANS);} 213 genfscon | 214 GENFSCON { return(GENFSCON);} 215 r1 | 216 R1 { return(R1); } 217 r2 | 218 R2 { return(R2); } 219 r3 | 220 R3 { return(R3); } 221 u1 | 222 U1 { return(U1); } 223 u2 | 224 U2 { return(U2); } 225 u3 | 226 U3 { return(U3); } 227 t1 | 228 T1 { return(T1); } 229 t2 | 230 T2 { return(T2); } 231 t3 | 232 T3 { return(T3); } 233 l1 | 234 L1 { return(L1); } 235 l2 | 236 L2 { return(L2); } 237 h1 | 238 H1 { return(H1); } 239 h2 | 240 H2 { return(H2); } 241 policycap | 242 POLICYCAP { return(POLICYCAP); } 243 permissive | 244 PERMISSIVE { return(PERMISSIVE); } 245 default_user | 246 DEFAULT_USER { return(DEFAULT_USER); } 247 default_role | 248 DEFAULT_ROLE { return(DEFAULT_ROLE); } 249 default_type | 250 DEFAULT_TYPE { return(DEFAULT_TYPE); } 251 default_range | 252 DEFAULT_RANGE { return(DEFAULT_RANGE); } 253 low-high | 254 LOW-HIGH { return(LOW_HIGH); } 255 high | 256 HIGH { return(HIGH); } 257 low | 258 LOW { return(LOW); } 259 "/"[^ \n\r\t\f]* { return(PATH); } 260 \""/"[^\"\n]*\" { return(QPATH); } 261 \"[^"/"\"\n]+\" { return(FILENAME); } 262 {letter}({alnum}|[_\-])*([\.]?({alnum}|[_\-]))* { return(IDENTIFIER); } 263 {digit}+|0x{hexval}+ { return(NUMBER); } 264 {alnum}*{letter}{alnum}* { return(FILESYSTEM); } 265 {digit}{1,3}(\.{digit}{1,3}){3} { return(IPV4_ADDR); } 266 {hexval}{0,4}":"{hexval}{0,4}":"({hexval}|[:.])* { return(IPV6_ADDR); } 267 {digit}+(\.({alnum}|[_.])*)? { return(VERSION_IDENTIFIER); } 268 #line[ ]1[ ]\"[^\n]*\" { set_source_file(yytext+9); } 269 #line[ ]{digit}+ { source_lineno = atoi(yytext+6)-1; } 270 #[^\n]* { /* delete comments */ } 271 [ \t\f]+ { /* delete whitespace */ } 272 "==" { return(EQUALS); } 273 "!=" { return (NOTEQUAL); } 274 "&&" { return (AND); } 275 "||" { return (OR); } 276 "!" { return (NOT); } 277 "^" { return (XOR); } 278 "," | 279 ":" | 280 ";" | 281 "(" | 282 ")" | 283 "{" | 284 "}" | 285 "[" | 286 "-" | 287 "." | 288 "]" | 289 "~" | 290 "*" { return(yytext[0]); } 291 . { yywarn("unrecognized character");} 292 %% 293 int yyerror(const char *msg) 294 { 295 if (source_file[0]) 296 fprintf(stderr, "%s:%ld:", 297 source_file, source_lineno); 298 else 299 fprintf(stderr, "(unknown source)::"); 300 fprintf(stderr, "ERROR '%s' at token '%s' on line %ld:\n%s\n%s\n", 301 msg, 302 yytext, 303 policydb_lineno, 304 linebuf[0], linebuf[1]); 305 policydb_errors++; 306 return -1; 307 } 308 309 int yywarn(const char *msg) 310 { 311 if (source_file[0]) 312 fprintf(stderr, "%s:%ld:", 313 source_file, source_lineno); 314 else 315 fprintf(stderr, "(unknown source)::"); 316 fprintf(stderr, "WARNING '%s' at token '%s' on line %ld:\n%s\n%s\n", 317 msg, 318 yytext, 319 policydb_lineno, 320 linebuf[0], linebuf[1]); 321 return 0; 322 } 323 324 void set_source_file(const char *name) 325 { 326 source_lineno = 1; 327 strncpy(source_file, name, sizeof(source_file)-1); 328 source_file[sizeof(source_file)-1] = '\0'; 329 if (strlen(source_file) && source_file[strlen(source_file)-1] == '"') 330 source_file[strlen(source_file)-1] = '\0'; 331 } 332