source-git / libsemanage

Clone
Source Code
GIT

Blame src/database_policydb.c

c8 c8s master
  1.   c8s
  2.   src
  3.   database_policydb.c
Blob History Raw
Packit 366192 
/* Copyright (C) 2005 Red Hat, Inc. */
Packit 366192
Packit 366192 
/* Object: dbase_policydb_t (Policy)
Packit 366192 
 * Implements: dbase_t (Database)
Packit 366192 
 */
Packit 366192
Packit 366192 
struct dbase_policydb;
Packit 366192 
typedef struct dbase_policydb dbase_t;
Packit 366192 
#define DBASE_DEFINED
Packit 366192
Packit 366192 
#include <stdlib.h>
Packit 366192 
#include <stddef.h>
Packit 366192 
#include <string.h>
Packit 366192 
#include <stdio.h>
Packit 366192 
#include <stdio_ext.h>
Packit 366192 
#include <errno.h>
Packit 366192
Packit 366192 
#include <sepol/policydb.h>
Packit 366192
Packit 366192 
#include "database_policydb.h"
Packit 366192 
#include "semanage_store.h"
Packit 366192 
#include "handle.h"
Packit 366192 
#include "debug.h"
Packit 366192
Packit 366192 
/* POLICYDB dbase */
Packit 366192 
struct dbase_policydb {
Packit 366192
Packit 366192 
        /* Backing path for read-only[0] and transaction[1] */
Packit 366192 
        const char *path[2];
Packit 366192
Packit 366192 
	/* Base record table */
Packit 366192 
	record_table_t *rtable;
Packit 366192
Packit 366192 
	/* Policy extensions */
Packit 366192 
	record_policydb_table_t *rptable;
Packit 366192
Packit 366192 
	sepol_policydb_t *policydb;
Packit 366192
Packit 366192 
	int cache_serial;
Packit 366192 
	int modified;
Packit 366192 
	int attached;
Packit 366192 
};
Packit 366192
Packit 366192 
static void dbase_policydb_drop_cache(dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->cache_serial >= 0) {
Packit 366192 
		sepol_policydb_free(dbase->policydb);
Packit 366192 
		dbase->cache_serial = -1;
Packit 366192 
		dbase->modified = 0;
Packit 366192 
	}
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_set_serial(semanage_handle_t * handle,
Packit 366192 
				     dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	int cache_serial = handle->funcs->get_serial(handle);
Packit 366192 
	if (cache_serial < 0) {
Packit 366192 
		ERR(handle, "could not update cache serial");
Packit 366192 
		return STATUS_ERR;
Packit 366192 
	}
Packit 366192
Packit 366192 
	dbase->cache_serial = cache_serial;
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_needs_resync(semanage_handle_t * handle,
Packit 366192 
				       dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	int cache_serial;
Packit 366192
Packit 366192 
	if (dbase->cache_serial < 0)
Packit 366192 
		return 1;
Packit 366192
Packit 366192 
	cache_serial = handle->funcs->get_serial(handle);
Packit 366192 
	if (cache_serial < 0)
Packit 366192 
		return 1;
Packit 366192
Packit 366192 
	if (cache_serial != dbase->cache_serial) {
Packit 366192 
		dbase_policydb_drop_cache(dbase);
Packit 366192 
		dbase->cache_serial = -1;
Packit 366192 
		return 1;
Packit 366192 
	}
Packit 366192 
	return 0;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_cache(semanage_handle_t * handle,
Packit 366192 
				dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	FILE *fp = NULL;
Packit 366192 
	sepol_policydb_t *policydb = NULL;
Packit 366192 
	sepol_policy_file_t *pf = NULL;
Packit 366192 
	const char *fname = NULL;
Packit 366192
Packit 366192 
	/* Check if cache is needed */
Packit 366192 
	if (dbase->attached)
Packit 366192 
		return STATUS_SUCCESS;
Packit 366192
Packit 366192 
	if (!dbase_policydb_needs_resync(handle, dbase))
Packit 366192 
		return STATUS_SUCCESS;
Packit 366192
Packit 366192 
	fname = dbase->path[handle->is_in_transaction];
Packit 366192
Packit 366192 
	if (sepol_policydb_create(&policydb) < 0) {
Packit 366192 
		ERR(handle, "could not create policydb object");
Packit 366192 
		goto err;
Packit 366192 
	}
Packit 366192
Packit 366192 
	/* Try opening file
Packit 366192 
	 * ENOENT is not fatal - we just create an empty policydb */
Packit 366192 
	fp = fopen(fname, "rb");
Packit 366192 
	if (fp == NULL && errno != ENOENT) {
Packit 366192 
		ERR(handle, "could not open %s for reading: %s",
Packit 366192 
		    fname, strerror(errno));
Packit 366192 
		goto err;
Packit 366192 
	}
Packit 366192
Packit 366192 
	/* If the file was opened successfully, read a policydb */
Packit 366192 
	if (fp != NULL) {
Packit 366192 
		__fsetlocking(fp, FSETLOCKING_BYCALLER);
Packit 366192 
		if (sepol_policy_file_create(&pf) < 0) {
Packit 366192 
			ERR(handle, "could not create policy file object");
Packit 366192 
			goto err;
Packit 366192 
		}
Packit 366192
Packit 366192 
		sepol_policy_file_set_fp(pf, fp);
Packit 366192 
		sepol_policy_file_set_handle(pf, handle->sepolh);
Packit 366192
Packit 366192 
		if (sepol_policydb_read(policydb, pf) < 0)
Packit 366192 
			goto err;
Packit 366192
Packit 366192 
		sepol_policy_file_free(pf);
Packit 366192 
		fclose(fp);
Packit 366192 
		fp = NULL;
Packit 366192 
	}
Packit 366192
Packit 366192 
	/* Update cache serial */
Packit 366192 
	if (dbase_policydb_set_serial(handle, dbase) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	/* Update the database policydb */
Packit 366192 
	dbase->policydb = policydb;
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not cache policy database");
Packit 366192 
	if (fp)
Packit 366192 
		fclose(fp);
Packit 366192 
	sepol_policydb_free(policydb);
Packit 366192 
	sepol_policy_file_free(pf);
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_flush(semanage_handle_t * handle
Packit 366192 
				__attribute__ ((unused)),
Packit 366192 
				dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (!dbase->modified)
Packit 366192 
		return STATUS_SUCCESS;
Packit 366192
Packit 366192 
	dbase->modified = 0;
Packit 366192
Packit 366192 
	/* Stub */
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
/* Check if modified */
Packit 366192 
static int dbase_policydb_is_modified(dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	return dbase->modified;
Packit 366192 
}
Packit 366192
Packit 366192 
int dbase_policydb_init(semanage_handle_t * handle,
Packit 366192 
			const char *path_ro,
Packit 366192 
			const char *path_rw,
Packit 366192 
			record_table_t * rtable,
Packit 366192 
			record_policydb_table_t * rptable,
Packit 366192 
			dbase_policydb_t ** dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	dbase_policydb_t *tmp_dbase =
Packit 366192 
	    (dbase_policydb_t *) malloc(sizeof(dbase_policydb_t));
Packit 366192
Packit 366192 
	if (!tmp_dbase)
Packit 366192 
		goto omem;
Packit 366192
Packit 366192 
	tmp_dbase->path[0] = path_ro;
Packit 366192 
	tmp_dbase->path[1] = path_rw;
Packit 366192 
	tmp_dbase->rtable = rtable;
Packit 366192 
	tmp_dbase->rptable = rptable;
Packit 366192 
	tmp_dbase->policydb = NULL;
Packit 366192 
	tmp_dbase->cache_serial = -1;
Packit 366192 
	tmp_dbase->modified = 0;
Packit 366192 
	tmp_dbase->attached = 0;
Packit 366192 
	*dbase = tmp_dbase;
Packit 366192
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      omem:
Packit 366192 
	ERR(handle, "out of memory, could not initialize policy database");
Packit 366192 
	free(tmp_dbase);
Packit 366192
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
/* Release dbase resources */
Packit 366192 
void dbase_policydb_release(dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	dbase_policydb_drop_cache(dbase);
Packit 366192 
	free(dbase);
Packit 366192 
}
Packit 366192
Packit 366192 
/* Attach to a shared policydb.
Packit 366192 
 * This implies drop_cache(),
Packit 366192 
 * and prevents flush() and drop_cache()
Packit 366192 
 * until detached. */
Packit 366192 
void dbase_policydb_attach(dbase_policydb_t * dbase,
Packit 366192 
			   sepol_policydb_t * policydb)
Packit 366192 
{
Packit 366192
Packit 366192 
	dbase->attached = 1;
Packit 366192 
	dbase_policydb_drop_cache(dbase);
Packit 366192 
	dbase->policydb = policydb;
Packit 366192 
}
Packit 366192
Packit 366192 
/* Detach from a shared policdb.
Packit 366192 
 * This implies drop_cache. */
Packit 366192 
void dbase_policydb_detach(dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	dbase->attached = 0;
Packit 366192 
	dbase->modified = 0;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_add(semanage_handle_t * handle,
Packit 366192 
			      dbase_policydb_t * dbase,
Packit 366192 
			      const record_key_t * key, const record_t * data)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->rptable->add(handle->sepolh, dbase->policydb, key, data) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	dbase->modified = 1;
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not add record to the database");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_set(semanage_handle_t * handle,
Packit 366192 
			      dbase_policydb_t * dbase,
Packit 366192 
			      const record_key_t * key, const record_t * data)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->rptable->set(handle->sepolh, dbase->policydb, key, data) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	dbase->modified = 1;
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not set record value");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_modify(semanage_handle_t * handle,
Packit 366192 
				 dbase_policydb_t * dbase,
Packit 366192 
				 const record_key_t * key,
Packit 366192 
				 const record_t * data)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->rptable->modify(handle->sepolh,
Packit 366192 
				   dbase->policydb, key, data) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	dbase->modified = 1;
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not modify record value");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_del(semanage_handle_t * handle
Packit 366192 
				__attribute__ ((unused)),
Packit 366192 
			      dbase_policydb_t * dbase
Packit 366192 
				__attribute__ ((unused)),
Packit 366192 
			      const record_key_t * key
Packit 366192 
				__attribute__ ((unused)))
Packit 366192 
{
Packit 366192
Packit 366192 
	/* Stub */
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_clear(semanage_handle_t * handle
Packit 366192 
				__attribute__ ((unused)),
Packit 366192 
				dbase_policydb_t * dbase
Packit 366192 
				__attribute__ ((unused)))
Packit 366192 
{
Packit 366192
Packit 366192 
	/* Stub */
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_query(semanage_handle_t * handle,
Packit 366192 
				dbase_policydb_t * dbase,
Packit 366192 
				const record_key_t * key, record_t ** response)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->rptable->query(handle->sepolh,
Packit 366192 
				  dbase->policydb, key, response) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not query record value");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_exists(semanage_handle_t * handle,
Packit 366192 
				 dbase_policydb_t * dbase,
Packit 366192 
				 const record_key_t * key, int *response)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->rptable->exists(handle->sepolh,
Packit 366192 
				   dbase->policydb, key, response) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not check if record exists");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_count(semanage_handle_t * handle,
Packit 366192 
				dbase_policydb_t * dbase,
Packit 366192 
				unsigned int *response)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->rptable->count(handle->sepolh,
Packit 366192 
				  dbase->policydb, response) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not count the database records");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_iterate(semanage_handle_t * handle,
Packit 366192 
				  dbase_policydb_t * dbase,
Packit 366192 
				  int (*fn) (const record_t * record,
Packit 366192 
					     void *fn_arg), void *arg)
Packit 366192 
{
Packit 366192
Packit 366192 
	if (dbase->rptable->iterate(handle->sepolh,
Packit 366192 
				    dbase->policydb, fn, arg) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      err:
Packit 366192 
	ERR(handle, "could not iterate over records");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
struct list_handler_arg {
Packit 366192 
	semanage_handle_t *handle;
Packit 366192 
	record_table_t *rtable;
Packit 366192 
	record_t **records;
Packit 366192 
	int pos;
Packit 366192 
};
Packit 366192
Packit 366192 
static int list_handler(const record_t * record, void *varg)
Packit 366192 
{
Packit 366192
Packit 366192 
	struct list_handler_arg *arg = (struct list_handler_arg *)varg;
Packit 366192
Packit 366192 
	if (arg->rtable->clone(arg->handle, record, &arg->records[arg->pos]) <
Packit 366192 
	    0)
Packit 366192 
		return -1;
Packit 366192 
	arg->pos++;
Packit 366192 
	return 0;
Packit 366192 
}
Packit 366192
Packit 366192 
static int dbase_policydb_list(semanage_handle_t * handle,
Packit 366192 
			       dbase_t * dbase,
Packit 366192 
			       record_t *** records, unsigned int *count)
Packit 366192 
{
Packit 366192
Packit 366192 
	record_t **tmp_records = NULL;
Packit 366192 
	unsigned int tmp_count;
Packit 366192 
	struct list_handler_arg list_arg;
Packit 366192 
	list_arg.pos = 0;
Packit 366192 
	list_arg.rtable = dbase->rtable;
Packit 366192 
	list_arg.handle = handle;
Packit 366192
Packit 366192 
	if (dbase->rptable->count(handle->sepolh,
Packit 366192 
				  dbase->policydb, &tmp_count) < 0)
Packit 366192 
		goto err;
Packit 366192
Packit 366192 
	if (tmp_count > 0) {
Packit 366192 
		tmp_records = (record_t **)
Packit 366192 
		    calloc(tmp_count, sizeof(record_t *));
Packit 366192
Packit 366192 
		if (tmp_records == NULL)
Packit 366192 
			goto omem;
Packit 366192
Packit 366192 
		list_arg.records = tmp_records;
Packit 366192
Packit 366192 
		if (dbase->rptable->iterate(handle->sepolh,
Packit 366192 
					    dbase->policydb, list_handler,
Packit 366192 
					    &list_arg) < 0) {
Packit 366192 
			ERR(handle, "list handler could not extract record");
Packit 366192 
			goto err;
Packit 366192 
		}
Packit 366192 
	}
Packit 366192
Packit 366192 
	*records = tmp_records;
Packit 366192 
	*count = tmp_count;
Packit 366192 
	return STATUS_SUCCESS;
Packit 366192
Packit 366192 
      omem:
Packit 366192 
	ERR(handle, "out of memory");
Packit 366192
Packit 366192 
      err:
Packit 366192 
	if (tmp_records) {
Packit 366192 
		for (; list_arg.pos >= 0; list_arg.pos--)
Packit 366192 
			dbase->rtable->free(tmp_records[list_arg.pos]);
Packit 366192 
		free(tmp_records);
Packit 366192 
	}
Packit 366192 
	ERR(handle, "could not list records");
Packit 366192 
	return STATUS_ERR;
Packit 366192 
}
Packit 366192
Packit 366192 
static record_table_t *dbase_policydb_get_rtable(dbase_policydb_t * dbase)
Packit 366192 
{
Packit 366192
Packit 366192 
	return dbase->rtable;
Packit 366192 
}
Packit 366192
Packit 366192 
/* POLICYDB dbase - method table implementation */
Packit 366192 
dbase_table_t SEMANAGE_POLICYDB_DTABLE = {
Packit 366192
Packit 366192 
	/* Cache/Transactions */
Packit 366192 
	.cache = dbase_policydb_cache,
Packit 366192 
	.drop_cache = dbase_policydb_drop_cache,
Packit 366192 
	.flush = dbase_policydb_flush,
Packit 366192 
	.is_modified = dbase_policydb_is_modified,
Packit 366192
Packit 366192 
	/* Database Functionality */
Packit 366192 
	.iterate = dbase_policydb_iterate,
Packit 366192 
	.exists = dbase_policydb_exists,
Packit 366192 
	.list = dbase_policydb_list,
Packit 366192 
	.add = dbase_policydb_add,
Packit 366192 
	.set = dbase_policydb_set,
Packit 366192 
	.del = dbase_policydb_del,
Packit 366192 
	.clear = dbase_policydb_clear,
Packit 366192 
	.modify = dbase_policydb_modify,
Packit 366192 
	.query = dbase_policydb_query,
Packit 366192 
	.count = dbase_policydb_count,
Packit 366192
Packit 366192 
	/* Polymorphism */
Packit 366192 
	.get_rtable = dbase_policydb_get_rtable
Packit 366192 
};

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation