It is highly recommended that one should have at least a basic knowledge of Antlr, Lexer and Parsers, Tree Walker etc. For a light introduction of Antlr, Policy writing, Grammer or Lexer and Parsers etc and some operational basics please read our previous post at

The policy input expected by our grammar is as follows

restrict (“edu.ringlet.Ringlet” as Ringlet, “android.permission.SMS_SEND” as SMS) :

Ringlet.sentSms() < 5; -> allow(Ringlet, SMS) ;

1.    This is our Grammar file which specifies the rules(syntax and Semantics) of our high-level policy language. In this file the Lexer scans our language into tokens then the parser generates a tree out of the tokens to get some meaning out of it

grammar XL1;

options

{


2.    The Target language specified is Java

language = Java;


3.    This will output our grammar into an Abstract Syntax Tree

output=AST;

ASTLabelType=CommonTree;

}


4.    Explicit Token used in negation of a term

tokens

{

NEGATION;

}

@header

{

package com.serg.policywritingtool;

}

@lexer::header

{

package com.serg.policywritingtool;

}

5.    This is our main ‘policy rule’, which determines what input we should be expecting and in which order

policy

: (mode ‘(””‘ appname ‘”‘ ‘as’ app ‘,’ ‘”‘ permname'”‘ ‘as’ perm ‘)’ ‘:’

statement+ ‘->’ policyeffect ‘(‘app ‘,’ perm ‘)’ ‘;’ )+ ;

6.    The Following Subrules used in the policy rule determines which input is a possible one and which is not. The first input rule ‘mode’ specifies that it can take lexer rule RES(explained below) only as input

Mode

: RES

;

7.    The appname rule takes IDENT followed by .IDENT or _IDENT.(the + sign states that this should occur at least one time)

Appname


8.    IDENT is discussed below

: IDENT(‘.’ IDENT | ‘_’ IDENT)+

;

app

: IDENT+

;


9.    The appname rule takes IDENT followed by .IDENT or _IDENT (the + sign states that this should occur at least one time)

permname

10. IDENT is discussed below

: IDENT(‘.’ IDENT | ‘_’ IDENT)+

;

perm

: IDENT+

;


11. Statement rule specifies that it takes expression rule followed by a semi-colon ‘;’ as input

Statement

:   expression ‘;’

;


12. Expression rule then specifies it takes two realtaions with an AND or OR in between

Expression

: relation ((‘AND’^ | ‘OR’^)relation)*

;

13. Realtion rule then specifies it takes two relations with an AND or OR in between

relation : add((‘=’^ | ‘!=’^ | ‘<‘^ | ‘<=’^ | ‘>’^ | ‘>=’^) add)*

;

14. Expression add then specifies it takes two mult terms  with a + or – in between

add

: mult((‘+’^ | ‘-‘^) mult)*

;

15. Expression mult then specifies it takes two unary terms  with a * or / in between

mult

: unary((‘*’^ | ‘/’^ | ‘mod’^) unary)*

;

unary

: (‘+’! | negation^)* not

;

16. Any ‘-‘ sign of a negation entered should be converted to our explicit Token defined

Negation

: ‘-‘ -> NEGATION

;

17. To neagte a logical operator the string literal ‘not’ is used

not

: ‘not’? term

;

18. A term is specified to be either an integer. app.method() name or can take the string literals (true or false)

Term

:  app’.’method  | ‘(‘! expression ‘)’! |INTEGER | TRUE | FALSE

;

method

: IDENT+'()’

;

19. Policyeffect can only take lexer rules ALLOW or DENY as input

Policyeffect

: ALLOW | DENY

;

Policy identification

20. RES(a lexer rule) can only contain the string literals ‘restrict’ or ‘unrestrict’ anything else will give an error.

RES

: ‘restrict’ | ‘unrestrict’

;

21. Lexer rule DENY can only take string literal deny as input

DENY

: ‘deny’

;

22. Lexer rule ALLOW can only take string literal allow as input

ALLOW

: ‘allow’

;

23. Lexer rule TRUE can only take string literal true as input

TRUE

: ‘true’

;

24. Lexer rule FASLE can only take string literal false as input

FALSE

: ‘false’

;

25. INTEGER rule specifies the input to be one or more integers from 0 to 9

INTEGER

: ‘0’..’9’+

;

26. WS is a whitespace character rule specifying space or end of line etc

WS

: (‘ ‘|’\n’|’\t’|’\r’|’\f’)+ {$channel=HIDDEN;}

;

27. The lexer rule IDENT specifies that the input should be a sequence of one or more letters(small or upper case)

IDENT

: (‘a’..’z’|’A’..’Z’)+

;

28. COMMENT rule allows us to add line comments in our high level language

COMMENT

: ‘//’ .* (‘\n’|’\r’){$channel=HIDDEN;}

;

29. Similar as COMMENT but for multiple lines

MULTICOMMENT

: ‘/*’ .* ‘*/’ {$channel=HIDDEN;}

;

Advertisements