1 /* Tokens for Rule-based Classification Engine (RBCE) and
2 * Consolidated RBCE module code (combined)
4 * Copyright (C) Hubertus Franke, IBM Corp. 2003
5 * (C) Chandra Seetharaman, IBM Corp. 2003
6 * (C) Vivek Kashyap, IBM Corp. 2004
8 * Latest version, more details at http://ckrm.sf.net
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
15 * This program is distributed in the hope that it would be useful, but
16 * WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
22 #include <linux/parser.h>
23 #include <linux/ctype.h>
61 int token_to_ruleop[TOKEN_INVALID + 1] = {
62 [TOKEN_PATH] = RBCE_RULE_CMD_PATH,
63 [TOKEN_CMD] = RBCE_RULE_CMD,
64 [TOKEN_ARGS] = RBCE_RULE_ARGS,
65 [TOKEN_RUID_EQ] = RBCE_RULE_REAL_UID,
66 [TOKEN_RUID_LT] = RBCE_RULE_REAL_UID,
67 [TOKEN_RUID_GT] = RBCE_RULE_REAL_UID,
68 [TOKEN_RUID_NOT] = RBCE_RULE_REAL_UID,
69 [TOKEN_RGID_EQ] = RBCE_RULE_REAL_GID,
70 [TOKEN_RGID_LT] = RBCE_RULE_REAL_GID,
71 [TOKEN_RGID_GT] = RBCE_RULE_REAL_GID,
72 [TOKEN_RGID_NOT] = RBCE_RULE_REAL_GID,
73 [TOKEN_EUID_EQ] = RBCE_RULE_EFFECTIVE_UID,
74 [TOKEN_EUID_LT] = RBCE_RULE_EFFECTIVE_UID,
75 [TOKEN_EUID_GT] = RBCE_RULE_EFFECTIVE_UID,
76 [TOKEN_EUID_NOT] = RBCE_RULE_EFFECTIVE_UID,
77 [TOKEN_EGID_EQ] = RBCE_RULE_EFFECTIVE_GID,
78 [TOKEN_EGID_LT] = RBCE_RULE_EFFECTIVE_GID,
79 [TOKEN_EGID_GT] = RBCE_RULE_EFFECTIVE_GID,
80 [TOKEN_EGID_NOT] = RBCE_RULE_EFFECTIVE_GID,
81 [TOKEN_XID_EQ] = RBCE_RULE_XID,
82 [TOKEN_XID_LT] = RBCE_RULE_XID,
83 [TOKEN_XID_GT] = RBCE_RULE_XID,
84 [TOKEN_XID_NOT] = RBCE_RULE_XID,
85 [TOKEN_TAG] = RBCE_RULE_APP_TAG,
86 [TOKEN_IPV4] = RBCE_RULE_IPV4,
87 [TOKEN_IPV6] = RBCE_RULE_IPV6,
88 [TOKEN_DEP] = RBCE_RULE_DEP_RULE,
89 [TOKEN_DEP_ADD] = RBCE_RULE_DEP_RULE,
90 [TOKEN_DEP_DEL] = RBCE_RULE_DEP_RULE,
91 [TOKEN_ORDER] = RBCE_RULE_INVALID,
92 [TOKEN_CLASS] = RBCE_RULE_INVALID,
93 [TOKEN_STATE] = RBCE_RULE_INVALID,
97 TOKEN_OP_EQUAL = RBCE_EQUAL,
98 TOKEN_OP_NOT = RBCE_NOT,
99 TOKEN_OP_LESS_THAN = RBCE_LESS_THAN,
100 TOKEN_OP_GREATER_THAN = RBCE_GREATER_THAN,
109 enum op_token token_to_operator[TOKEN_INVALID + 1] = {
110 [TOKEN_PATH] = TOKEN_OP_EQUAL,
111 [TOKEN_CMD] = TOKEN_OP_EQUAL,
112 [TOKEN_ARGS] = TOKEN_OP_EQUAL,
113 [TOKEN_RUID_EQ] = TOKEN_OP_EQUAL,
114 [TOKEN_RUID_LT] = TOKEN_OP_LESS_THAN,
115 [TOKEN_RUID_GT] = TOKEN_OP_GREATER_THAN,
116 [TOKEN_RUID_NOT] = TOKEN_OP_NOT,
117 [TOKEN_RGID_EQ] = TOKEN_OP_EQUAL,
118 [TOKEN_RGID_LT] = TOKEN_OP_LESS_THAN,
119 [TOKEN_RGID_GT] = TOKEN_OP_GREATER_THAN,
120 [TOKEN_RGID_NOT] = TOKEN_OP_NOT,
121 [TOKEN_EUID_EQ] = TOKEN_OP_EQUAL,
122 [TOKEN_EUID_LT] = TOKEN_OP_LESS_THAN,
123 [TOKEN_EUID_GT] = TOKEN_OP_GREATER_THAN,
124 [TOKEN_EUID_NOT] = TOKEN_OP_NOT,
125 [TOKEN_EGID_EQ] = TOKEN_OP_EQUAL,
126 [TOKEN_EGID_LT] = TOKEN_OP_LESS_THAN,
127 [TOKEN_EGID_GT] = TOKEN_OP_GREATER_THAN,
128 [TOKEN_EGID_NOT] = TOKEN_OP_NOT,
129 [TOKEN_XID_EQ] = TOKEN_OP_EQUAL,
130 [TOKEN_XID_LT] = TOKEN_OP_LESS_THAN,
131 [TOKEN_XID_GT] = TOKEN_OP_GREATER_THAN,
132 [TOKEN_XID_NOT] = TOKEN_OP_NOT,
133 [TOKEN_TAG] = TOKEN_OP_EQUAL,
134 [TOKEN_IPV4] = TOKEN_OP_EQUAL,
135 [TOKEN_IPV6] = TOKEN_OP_EQUAL,
136 [TOKEN_DEP] = TOKEN_OP_DEP,
137 [TOKEN_DEP_ADD] = TOKEN_OP_DEP_ADD,
138 [TOKEN_DEP_DEL] = TOKEN_OP_DEP_DEL,
139 [TOKEN_ORDER] = TOKEN_OP_ORDER,
140 [TOKEN_CLASS] = TOKEN_OP_CLASS,
141 [TOKEN_STATE] = TOKEN_OP_STATE
144 static match_table_t tokens = {
145 {TOKEN_PATH, "path=%s"},
146 {TOKEN_CMD, "cmd=%s"},
147 {TOKEN_ARGS, "args=%s"},
148 {TOKEN_RUID_EQ, "uid=%d"},
149 {TOKEN_RUID_LT, "uid<%d"},
150 {TOKEN_RUID_GT, "uid>%d"},
151 {TOKEN_RUID_NOT, "uid!%d"},
152 {TOKEN_RGID_EQ, "gid=%d"},
153 {TOKEN_RGID_LT, "gid<%d"},
154 {TOKEN_RGID_GT, "gid>%d"},
155 {TOKEN_RGID_NOT, "gid!d"},
156 {TOKEN_EUID_EQ, "euid=%d"},
157 {TOKEN_EUID_LT, "euid<%d"},
158 {TOKEN_EUID_GT, "euid>%d"},
159 {TOKEN_EUID_NOT, "euid!%d"},
160 {TOKEN_EGID_EQ, "egid=%d"},
161 {TOKEN_EGID_LT, "egid<%d"},
162 {TOKEN_EGID_GT, "egid>%d"},
163 {TOKEN_EGID_NOT, "egid!%d"},
164 {TOKEN_XID_EQ, "xid=%d"},
165 {TOKEN_XID_LT, "xid<%d"},
166 {TOKEN_XID_GT, "xid>%d"},
167 {TOKEN_XID_NOT, "xid!%d"},
168 {TOKEN_TAG, "tag=%s"},
169 {TOKEN_IPV4, "ipv4=%s"},
170 {TOKEN_IPV6, "ipv6=%s"},
171 {TOKEN_DEP, "depend=%s"},
172 {TOKEN_DEP_ADD, "+depend=%s"},
173 {TOKEN_DEP_DEL, "-depend=%s"},
174 {TOKEN_ORDER, "order=%d"},
175 {TOKEN_CLASS, "class=%s"},
176 {TOKEN_STATE, "state=%d"},
177 {TOKEN_INVALID, NULL}
181 * return -EINVAL in case of failures
182 * returns number of terms in terms on success.
187 rules_parse(char *rule_defn, struct rbce_rule_term **rterms, int *term_mask)
189 char *p, *rp = rule_defn;
190 int option, i = 0, nterms;
191 struct rbce_rule_term *terms;
200 if (*rp == '>' || *rp == '<' || *rp == '=' || *rp == '!') {
209 terms = kmalloc(nterms * sizeof(struct rbce_rule_term), GFP_KERNEL);
214 while ((p = strsep(&rule_defn, ",")) != NULL) {
216 substring_t args[MAX_OPT_ARGS];
219 while (*p && isspace(*p))
224 token = match_token(p, tokens, args);
226 terms[i].op = token_to_ruleop[token];
227 terms[i].operator = token_to_operator[token];
236 // all these tokens can be specified only once
237 if (*term_mask & (1 << terms[i].op)) {
241 /*FALLTHRU*/ case TOKEN_CLASS:
245 terms[i].u.string = args->from;
268 // all these tokens can be specified only once
269 if (*term_mask & (1 << terms[i].op)) {
273 /*FALLTHRU*/ case TOKEN_ORDER:
275 if (match_int(args, &option)) {
279 terms[i].u.id = option;
285 *term_mask |= (1 << terms[i].op);
295 for (i = 0; i < nterms; i++) {
296 printk("token: i %d; op %d, operator %d, str %ld\n",
297 i, terms[i].op, terms[i].operator, terms[i].u.id);