It is highly recommended that one should have at least a basic knowledge of Antlr, Lexer and Parsers, Tree Walker etc. For a light introduction of Antlr, Policy writing, Grammer or Lexer and Parsers etc and some operational basics please read our previous post at

  • http://imsciences.edu.pk/serg/2010/07/antlr-introduction/
  • http://imsciences.edu.pk/serg/2010/07/setting-up-antlr-3-1-in-eclipse-3-5-for-windows/

The policy input expected by our grammar is as follows

restrict (”edu.ringlet.Ringlet” as Ringlet, “android.permission.SMS_SEND” as SMS) :

Ringlet.sentSms() < 5; -> allow(Ringlet, SMS) ;


1.    This is our Grammar file which specifies the rules(syntax and Semantics) of our high-level policy language. In this file the Lexer scans our language into tokens then the parser generates a tree out of the tokens to get some meaning out of it

grammar XL1;

options

{


2.    The Target language specified is Java

language = Java;


3.    This will output our grammar into an Abstract Syntax Tree

output=AST;

ASTLabelType=CommonTree;

}


4.    Explicit Token used in negation of a term

tokens

{

NEGATION;

}

@header

{

package com.serg.policywritingtool;

}

@lexer::header

{

package com.serg.policywritingtool;

}

5.    This is our main ‘policy rule’, which determines what input we should be expecting and in which order

policy

: (mode ‘(””‘ appname ‘”‘ ‘as’ app ‘,’ ‘”‘ permname’”‘ ‘as’ perm ‘)’ ‘:’

statement+ ‘->’ policyeffect ‘(’app ‘,’ perm ‘)’ ‘;’ )+ ;

6.    The Following Subrules used in the policy rule determines which input is a possible one and which is not. The first input rule ‘mode’ specifies that it can take lexer rule RES(explained below) only as input

Mode

: RES

;

7.    The appname rule takes IDENT followed by .IDENT or _IDENT.(the + sign states that this should occur at least one time)

Appname


8.    IDENT is discussed below

: IDENT(’.’ IDENT | ‘_’ IDENT)+

;

app

: IDENT+

;


9.    The appname rule takes IDENT followed by .IDENT or _IDENT (the + sign states that this should occur at least one time)

permname

10. IDENT is discussed below

: IDENT(’.’ IDENT | ‘_’ IDENT)+

;

perm

: IDENT+

;


11. Statement rule specifies that it takes expression rule followed by a semi-colon ‘;’ as input

Statement

:   expression ‘;’

;


12. Expression rule then specifies it takes two realtaions with an AND or OR in between

Expression

: relation ((’AND’^ | ‘OR’^)relation)*

;

13. Realtion rule then specifies it takes two relations with an AND or OR in between

relation : add((’='^ | ‘!=’^ | ‘<’^ | ‘<=’^ | ‘>’^ | ‘>=’^) add)*

;

14. Expression add then specifies it takes two mult terms  with a + or – in between

add

: mult((’+'^ | ‘-’^) mult)*

;

15. Expression mult then specifies it takes two unary terms  with a * or / in between

mult

: unary((’*'^ | ‘/’^ | ‘mod’^) unary)*

;

unary

: (’+'! | negation^)* not

;

16. Any ‘-’ sign of a negation entered should be converted to our explicit Token defined

Negation

: ‘-’ -> NEGATION

;

17. To neagte a logical operator the string literal ‘not’ is used

not

: ‘not’? term

;

18. A term is specified to be either an integer. app.method() name or can take the string literals (true or false)

Term

:  app’.'method  | ‘(’! expression ‘)’! |INTEGER | TRUE | FALSE

;

method

: IDENT+’()’

;

19. Policyeffect can only take lexer rules ALLOW or DENY as input

Policyeffect

: ALLOW | DENY

;

Policy identification

20. RES(a lexer rule) can only contain the string literals ‘restrict’ or ‘unrestrict’ anything else will give an error.

RES

: ‘restrict’ | ‘unrestrict’

;

21. Lexer rule DENY can only take string literal deny as input

DENY

: ‘deny’

;

22. Lexer rule ALLOW can only take string literal allow as input

ALLOW

: ‘allow’

;

23. Lexer rule TRUE can only take string literal true as input

TRUE

: ‘true’

;

24. Lexer rule FASLE can only take string literal false as input

FALSE

: ‘false’

;

25. INTEGER rule specifies the input to be one or more integers from 0 to 9

INTEGER

: ‘0′..’9′+

;

26. WS is a whitespace character rule specifying space or end of line etc

WS

: (’ ‘|’\n’|'\t’|'\r’|'\f’)+ {$channel=HIDDEN;}

;

27. The lexer rule IDENT specifies that the input should be a sequence of one or more letters(small or upper case)

IDENT

: (’a’..’z'|’A’..’Z')+

;

28. COMMENT rule allows us to add line comments in our high level language

COMMENT

: ‘//’ .* (’\n’|'\r’){$channel=HIDDEN;}

;

29. Similar as COMMENT but for multiple lines

MULTICOMMENT

: ‘/*’ .* ‘*/’ {$channel=HIDDEN;}

;

Courtesy of Fawad Shah, Owais Akram, Bahar Ali and Mir Nauman Tahir

Leave a Reply


(Required)

(Required)