/* Copyright (C) 2005 Red Hat, Inc. */ /* Object: dbase_policydb_t (Policy) * Implements: dbase_t (Database) */ struct dbase_policydb; typedef struct dbase_policydb dbase_t; #define DBASE_DEFINED #include #include #include #include #include #include #include #include "database_policydb.h" #include "semanage_store.h" #include "handle.h" #include "debug.h" /* POLICYDB dbase */ struct dbase_policydb { /* Backing path for read-only[0] and transaction[1] */ const char *path[2]; /* Base record table */ record_table_t *rtable; /* Policy extensions */ record_policydb_table_t *rptable; sepol_policydb_t *policydb; int cache_serial; int modified; int attached; }; static void dbase_policydb_drop_cache(dbase_policydb_t * dbase) { if (dbase->cache_serial >= 0) { sepol_policydb_free(dbase->policydb); dbase->cache_serial = -1; dbase->modified = 0; } } static int dbase_policydb_set_serial(semanage_handle_t * handle, dbase_policydb_t * dbase) { int cache_serial = handle->funcs->get_serial(handle); if (cache_serial < 0) { ERR(handle, "could not update cache serial"); return STATUS_ERR; } dbase->cache_serial = cache_serial; return STATUS_SUCCESS; } static int dbase_policydb_needs_resync(semanage_handle_t * handle, dbase_policydb_t * dbase) { int cache_serial; if (dbase->cache_serial < 0) return 1; cache_serial = handle->funcs->get_serial(handle); if (cache_serial < 0) return 1; if (cache_serial != dbase->cache_serial) { dbase_policydb_drop_cache(dbase); dbase->cache_serial = -1; return 1; } return 0; } static int dbase_policydb_cache(semanage_handle_t * handle, dbase_policydb_t * dbase) { FILE *fp = NULL; sepol_policydb_t *policydb = NULL; sepol_policy_file_t *pf = NULL; const char *fname = NULL; /* Check if cache is needed */ if (dbase->attached) return STATUS_SUCCESS; if (!dbase_policydb_needs_resync(handle, dbase)) return STATUS_SUCCESS; fname = dbase->path[handle->is_in_transaction]; if (sepol_policydb_create(&policydb) < 0) { ERR(handle, "could not create policydb object"); goto err; } /* Try opening file * ENOENT is not fatal - we just create an empty policydb */ fp = fopen(fname, "rb"); if (fp == NULL && errno != ENOENT) { ERR(handle, "could not open %s for reading: %s", fname, strerror(errno)); goto err; } /* If the file was opened successfully, read a policydb */ if (fp != NULL) { __fsetlocking(fp, FSETLOCKING_BYCALLER); if (sepol_policy_file_create(&pf) < 0) { ERR(handle, "could not create policy file object"); goto err; } sepol_policy_file_set_fp(pf, fp); sepol_policy_file_set_handle(pf, handle->sepolh); if (sepol_policydb_read(policydb, pf) < 0) goto err; sepol_policy_file_free(pf); fclose(fp); fp = NULL; } /* Update cache serial */ if (dbase_policydb_set_serial(handle, dbase) < 0) goto err; /* Update the database policydb */ dbase->policydb = policydb; return STATUS_SUCCESS; err: ERR(handle, "could not cache policy database"); if (fp) fclose(fp); sepol_policydb_free(policydb); sepol_policy_file_free(pf); return STATUS_ERR; } static int dbase_policydb_flush(semanage_handle_t * handle __attribute__ ((unused)), dbase_policydb_t * dbase) { if (!dbase->modified) return STATUS_SUCCESS; dbase->modified = 0; /* Stub */ return STATUS_ERR; } /* Check if modified */ static int dbase_policydb_is_modified(dbase_policydb_t * dbase) { return dbase->modified; } int dbase_policydb_init(semanage_handle_t * handle, const char *path_ro, const char *path_rw, record_table_t * rtable, record_policydb_table_t * rptable, dbase_policydb_t ** dbase) { dbase_policydb_t *tmp_dbase = (dbase_policydb_t *) malloc(sizeof(dbase_policydb_t)); if (!tmp_dbase) goto omem; tmp_dbase->path[0] = path_ro; tmp_dbase->path[1] = path_rw; tmp_dbase->rtable = rtable; tmp_dbase->rptable = rptable; tmp_dbase->policydb = NULL; tmp_dbase->cache_serial = -1; tmp_dbase->modified = 0; tmp_dbase->attached = 0; *dbase = tmp_dbase; return STATUS_SUCCESS; omem: ERR(handle, "out of memory, could not initialize policy database"); free(tmp_dbase); return STATUS_ERR; } /* Release dbase resources */ void dbase_policydb_release(dbase_policydb_t * dbase) { dbase_policydb_drop_cache(dbase); free(dbase); } /* Attach to a shared policydb. * This implies drop_cache(), * and prevents flush() and drop_cache() * until detached. */ void dbase_policydb_attach(dbase_policydb_t * dbase, sepol_policydb_t * policydb) { dbase->attached = 1; dbase_policydb_drop_cache(dbase); dbase->policydb = policydb; } /* Detach from a shared policdb. * This implies drop_cache. */ void dbase_policydb_detach(dbase_policydb_t * dbase) { dbase->attached = 0; dbase->modified = 0; } static int dbase_policydb_add(semanage_handle_t * handle, dbase_policydb_t * dbase, const record_key_t * key, const record_t * data) { if (dbase->rptable->add(handle->sepolh, dbase->policydb, key, data) < 0) goto err; dbase->modified = 1; return STATUS_SUCCESS; err: ERR(handle, "could not add record to the database"); return STATUS_ERR; } static int dbase_policydb_set(semanage_handle_t * handle, dbase_policydb_t * dbase, const record_key_t * key, const record_t * data) { if (dbase->rptable->set(handle->sepolh, dbase->policydb, key, data) < 0) goto err; dbase->modified = 1; return STATUS_SUCCESS; err: ERR(handle, "could not set record value"); return STATUS_ERR; } static int dbase_policydb_modify(semanage_handle_t * handle, dbase_policydb_t * dbase, const record_key_t * key, const record_t * data) { if (dbase->rptable->modify(handle->sepolh, dbase->policydb, key, data) < 0) goto err; dbase->modified = 1; return STATUS_SUCCESS; err: ERR(handle, "could not modify record value"); return STATUS_ERR; } static int dbase_policydb_del(semanage_handle_t * handle __attribute__ ((unused)), dbase_policydb_t * dbase __attribute__ ((unused)), const record_key_t * key __attribute__ ((unused))) { /* Stub */ return STATUS_ERR; } static int dbase_policydb_clear(semanage_handle_t * handle __attribute__ ((unused)), dbase_policydb_t * dbase __attribute__ ((unused))) { /* Stub */ return STATUS_ERR; } static int dbase_policydb_query(semanage_handle_t * handle, dbase_policydb_t * dbase, const record_key_t * key, record_t ** response) { if (dbase->rptable->query(handle->sepolh, dbase->policydb, key, response) < 0) goto err; return STATUS_SUCCESS; err: ERR(handle, "could not query record value"); return STATUS_ERR; } static int dbase_policydb_exists(semanage_handle_t * handle, dbase_policydb_t * dbase, const record_key_t * key, int *response) { if (dbase->rptable->exists(handle->sepolh, dbase->policydb, key, response) < 0) goto err; return STATUS_SUCCESS; err: ERR(handle, "could not check if record exists"); return STATUS_ERR; } static int dbase_policydb_count(semanage_handle_t * handle, dbase_policydb_t * dbase, unsigned int *response) { if (dbase->rptable->count(handle->sepolh, dbase->policydb, response) < 0) goto err; return STATUS_SUCCESS; err: ERR(handle, "could not count the database records"); return STATUS_ERR; } static int dbase_policydb_iterate(semanage_handle_t * handle, dbase_policydb_t * dbase, int (*fn) (const record_t * record, void *fn_arg), void *arg) { if (dbase->rptable->iterate(handle->sepolh, dbase->policydb, fn, arg) < 0) goto err; return STATUS_SUCCESS; err: ERR(handle, "could not iterate over records"); return STATUS_ERR; } struct list_handler_arg { semanage_handle_t *handle; record_table_t *rtable; record_t **records; int pos; }; static int list_handler(const record_t * record, void *varg) { struct list_handler_arg *arg = (struct list_handler_arg *)varg; if (arg->rtable->clone(arg->handle, record, &arg->records[arg->pos]) < 0) return -1; arg->pos++; return 0; } static int dbase_policydb_list(semanage_handle_t * handle, dbase_t * dbase, record_t *** records, unsigned int *count) { record_t **tmp_records = NULL; unsigned int tmp_count; struct list_handler_arg list_arg; list_arg.pos = 0; list_arg.rtable = dbase->rtable; list_arg.handle = handle; if (dbase->rptable->count(handle->sepolh, dbase->policydb, &tmp_count) < 0) goto err; if (tmp_count > 0) { tmp_records = (record_t **) calloc(tmp_count, sizeof(record_t *)); if (tmp_records == NULL) goto omem; list_arg.records = tmp_records; if (dbase->rptable->iterate(handle->sepolh, dbase->policydb, list_handler, &list_arg) < 0) { ERR(handle, "list handler could not extract record"); goto err; } } *records = tmp_records; *count = tmp_count; return STATUS_SUCCESS; omem: ERR(handle, "out of memory"); err: if (tmp_records) { for (; list_arg.pos >= 0; list_arg.pos--) dbase->rtable->free(tmp_records[list_arg.pos]); free(tmp_records); } ERR(handle, "could not list records"); return STATUS_ERR; } static record_table_t *dbase_policydb_get_rtable(dbase_policydb_t * dbase) { return dbase->rtable; } /* POLICYDB dbase - method table implementation */ dbase_table_t SEMANAGE_POLICYDB_DTABLE = { /* Cache/Transactions */ .cache = dbase_policydb_cache, .drop_cache = dbase_policydb_drop_cache, .flush = dbase_policydb_flush, .is_modified = dbase_policydb_is_modified, /* Database Functionality */ .iterate = dbase_policydb_iterate, .exists = dbase_policydb_exists, .list = dbase_policydb_list, .add = dbase_policydb_add, .set = dbase_policydb_set, .del = dbase_policydb_del, .clear = dbase_policydb_clear, .modify = dbase_policydb_modify, .query = dbase_policydb_query, .count = dbase_policydb_count, /* Polymorphism */ .get_rtable = dbase_policydb_get_rtable };