1 #include <linux/parser.h>
2 #include <linux/ctype.h>
40 int token_to_ruleop[TOKEN_INVALID + 1] = {
41 [TOKEN_PATH] = RBCE_RULE_CMD_PATH,
42 [TOKEN_CMD] = RBCE_RULE_CMD,
43 [TOKEN_ARGS] = RBCE_RULE_ARGS,
44 [TOKEN_RUID_EQ] = RBCE_RULE_REAL_UID,
45 [TOKEN_RUID_LT] = RBCE_RULE_REAL_UID,
46 [TOKEN_RUID_GT] = RBCE_RULE_REAL_UID,
47 [TOKEN_RUID_NOT] = RBCE_RULE_REAL_UID,
48 [TOKEN_RGID_EQ] = RBCE_RULE_REAL_GID,
49 [TOKEN_RGID_LT] = RBCE_RULE_REAL_GID,
50 [TOKEN_RGID_GT] = RBCE_RULE_REAL_GID,
51 [TOKEN_RGID_NOT] = RBCE_RULE_REAL_GID,
52 [TOKEN_EUID_EQ] = RBCE_RULE_EFFECTIVE_UID,
53 [TOKEN_EUID_LT] = RBCE_RULE_EFFECTIVE_UID,
54 [TOKEN_EUID_GT] = RBCE_RULE_EFFECTIVE_UID,
55 [TOKEN_EUID_NOT] = RBCE_RULE_EFFECTIVE_UID,
56 [TOKEN_EGID_EQ] = RBCE_RULE_EFFECTIVE_GID,
57 [TOKEN_EGID_LT] = RBCE_RULE_EFFECTIVE_GID,
58 [TOKEN_EGID_GT] = RBCE_RULE_EFFECTIVE_GID,
59 [TOKEN_EGID_NOT] = RBCE_RULE_EFFECTIVE_GID,
60 [TOKEN_XID_EQ] = RBCE_RULE_XID,
61 [TOKEN_XID_LT] = RBCE_RULE_XID,
62 [TOKEN_XID_GT] = RBCE_RULE_XID,
63 [TOKEN_XID_NOT] = RBCE_RULE_XID,
64 [TOKEN_TAG] = RBCE_RULE_APP_TAG,
65 [TOKEN_IPV4] = RBCE_RULE_IPV4,
66 [TOKEN_IPV6] = RBCE_RULE_IPV6,
67 [TOKEN_DEP] = RBCE_RULE_DEP_RULE,
68 [TOKEN_DEP_ADD] = RBCE_RULE_DEP_RULE,
69 [TOKEN_DEP_DEL] = RBCE_RULE_DEP_RULE,
70 [TOKEN_ORDER] = RBCE_RULE_INVALID,
71 [TOKEN_CLASS] = RBCE_RULE_INVALID,
72 [TOKEN_STATE] = RBCE_RULE_INVALID,
76 TOKEN_OP_EQUAL = RBCE_EQUAL,
77 TOKEN_OP_NOT = RBCE_NOT,
78 TOKEN_OP_LESS_THAN = RBCE_LESS_THAN,
79 TOKEN_OP_GREATER_THAN = RBCE_GREATER_THAN,
88 enum op_token token_to_operator[TOKEN_INVALID + 1] = {
89 [TOKEN_PATH] = TOKEN_OP_EQUAL,
90 [TOKEN_CMD] = TOKEN_OP_EQUAL,
91 [TOKEN_ARGS] = TOKEN_OP_EQUAL,
92 [TOKEN_RUID_EQ] = TOKEN_OP_EQUAL,
93 [TOKEN_RUID_LT] = TOKEN_OP_LESS_THAN,
94 [TOKEN_RUID_GT] = TOKEN_OP_GREATER_THAN,
95 [TOKEN_RUID_NOT] = TOKEN_OP_NOT,
96 [TOKEN_RGID_EQ] = TOKEN_OP_EQUAL,
97 [TOKEN_RGID_LT] = TOKEN_OP_LESS_THAN,
98 [TOKEN_RGID_GT] = TOKEN_OP_GREATER_THAN,
99 [TOKEN_RGID_NOT] = TOKEN_OP_NOT,
100 [TOKEN_EUID_EQ] = TOKEN_OP_EQUAL,
101 [TOKEN_EUID_LT] = TOKEN_OP_LESS_THAN,
102 [TOKEN_EUID_GT] = TOKEN_OP_GREATER_THAN,
103 [TOKEN_EUID_NOT] = TOKEN_OP_NOT,
104 [TOKEN_EGID_EQ] = TOKEN_OP_EQUAL,
105 [TOKEN_EGID_LT] = TOKEN_OP_LESS_THAN,
106 [TOKEN_EGID_GT] = TOKEN_OP_GREATER_THAN,
107 [TOKEN_EGID_NOT] = TOKEN_OP_NOT,
108 [TOKEN_XID_EQ] = TOKEN_OP_EQUAL,
109 [TOKEN_XID_LT] = TOKEN_OP_LESS_THAN,
110 [TOKEN_XID_GT] = TOKEN_OP_GREATER_THAN,
111 [TOKEN_XID_NOT] = TOKEN_OP_NOT,
112 [TOKEN_TAG] = TOKEN_OP_EQUAL,
113 [TOKEN_IPV4] = TOKEN_OP_EQUAL,
114 [TOKEN_IPV6] = TOKEN_OP_EQUAL,
115 [TOKEN_DEP] = TOKEN_OP_DEP,
116 [TOKEN_DEP_ADD] = TOKEN_OP_DEP_ADD,
117 [TOKEN_DEP_DEL] = TOKEN_OP_DEP_DEL,
118 [TOKEN_ORDER] = TOKEN_OP_ORDER,
119 [TOKEN_CLASS] = TOKEN_OP_CLASS,
120 [TOKEN_STATE] = TOKEN_OP_STATE
123 static match_table_t tokens = {
124 {TOKEN_PATH, "path=%s"},
125 {TOKEN_CMD, "cmd=%s"},
126 {TOKEN_ARGS, "args=%s"},
127 {TOKEN_RUID_EQ, "uid=%d"},
128 {TOKEN_RUID_LT, "uid<%d"},
129 {TOKEN_RUID_GT, "uid>%d"},
130 {TOKEN_RUID_NOT, "uid!%d"},
131 {TOKEN_RGID_EQ, "gid=%d"},
132 {TOKEN_RGID_LT, "gid<%d"},
133 {TOKEN_RGID_GT, "gid>%d"},
134 {TOKEN_RGID_NOT, "gid!d"},
135 {TOKEN_EUID_EQ, "euid=%d"},
136 {TOKEN_EUID_LT, "euid<%d"},
137 {TOKEN_EUID_GT, "euid>%d"},
138 {TOKEN_EUID_NOT, "euid!%d"},
139 {TOKEN_EGID_EQ, "egid=%d"},
140 {TOKEN_EGID_LT, "egid<%d"},
141 {TOKEN_EGID_GT, "egid>%d"},
142 {TOKEN_EGID_NOT, "egid!%d"},
143 {TOKEN_XID_EQ, "xid=%d"},
144 {TOKEN_XID_LT, "xid<%d"},
145 {TOKEN_XID_GT, "xid>%d"},
146 {TOKEN_XID_NOT, "xid!%d"},
147 {TOKEN_TAG, "tag=%s"},
148 {TOKEN_IPV4, "ipv4=%s"},
149 {TOKEN_IPV6, "ipv6=%s"},
150 {TOKEN_DEP, "depend=%s"},
151 {TOKEN_DEP_ADD, "+depend=%s"},
152 {TOKEN_DEP_DEL, "-depend=%s"},
153 {TOKEN_ORDER, "order=%d"},
154 {TOKEN_CLASS, "class=%s"},
155 {TOKEN_STATE, "state=%d"},
156 {TOKEN_INVALID, NULL}
160 * return -EINVAL in case of failures
161 * returns number of terms in terms on success.
166 rules_parse(char *rule_defn, struct rbce_rule_term **rterms, int *term_mask)
168 char *p, *rp = rule_defn;
169 int option, i = 0, nterms;
170 struct rbce_rule_term *terms;
179 if (*rp == '>' || *rp == '<' || *rp == '=') {
188 terms = kmalloc(nterms * sizeof(struct rbce_rule_term), GFP_KERNEL);
193 while ((p = strsep(&rule_defn, ",")) != NULL) {
195 substring_t args[MAX_OPT_ARGS];
198 while (*p && isspace(*p))
203 token = match_token(p, tokens, args);
205 terms[i].op = token_to_ruleop[token];
206 terms[i].operator = token_to_operator[token];
215 // all these tokens can be specified only once
216 if (*term_mask & (1 << terms[i].op)) {
220 /*FALLTHRU*/ case TOKEN_CLASS:
224 terms[i].u.string = args->from;
247 // all these tokens can be specified only once
248 if (*term_mask & (1 << terms[i].op)) {
252 /*FALLTHRU*/ case TOKEN_ORDER:
254 if (match_int(args, &option)) {
258 terms[i].u.id = option;
264 *term_mask |= (1 << terms[i].op);
274 for (i = 0; i < nterms; i++) {
275 printk("token: i %d; op %d, operator %d, str %ld\n",
276 i, terms[i].op, terms[i].operator, terms[i].u.id);