2 * Copyright (c) 2016-2019 Samsung Electronics Co., Ltd All Rights Reserved
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
19 * \ingroup Implementation
23 #ifndef _NAIVE_DECISIONER_H
24 #define _NAIVE_DECISIONER_H
27 #include "global_nodestruct.hpp"
28 #include "storage_backend_serialized.hpp"
29 #include "serializer.hpp"
35 namespace ldp_xml_parser
37 typedef std::vector<gid_t> VGid;
39 /* Class which checks rights in policies retrieved from policy db
40 * \ingroup Implementation
42 class NaivePolicyChecker {
45 /** Policy database */
46 ldp_serialized::StorageBackendSerialized m_bus_db;
47 /** Serializer - provides serialized data in case no serialized data file is found */
48 std::unique_ptr<ldp_serializer::Serializer> serializer;
50 /** Parses delivered decision. In case of Decision::CHECK calls cynara.
51 * \param[in] decision Decision from checkers
52 * \param[in] uid User id
53 * \param[in] label User label
54 * \return Returns deny=0, allow=1 or cynara error
55 * \ingroup Implementation
57 DecisionResult parseDecision(const DecisionItem& decision,
59 const char* label) const;
61 /** Checks policy for a given own, send or receive item
62 * \param[in] uid User id
63 * \param[in] gid User group id
64 * \param[in] item Item to check
65 * \return Returns deny=0, allow=1 or cynara error
66 * \ingroup Implementation
69 DecisionItem checkItem(uid_t uid,
73 /** Checks policy for a given access item
74 * \param[in] item Item to check
75 * \return Returns deny=0, allow=1 or cynara error
76 * \ingroup Implementation
78 DecisionItem checkItemAccess(const MatchItemAccess &item);
81 DecisionItem checkGroupPolicies(uid_t uid,
85 /* group maps management */
86 std::map<uid_t, VGid> mapGroups[MatchItemTypes::count];
87 /* A mutex for mapGroups */
88 pthread_mutex_t mutexGroup = PTHREAD_MUTEX_INITIALIZER;
91 VGid &getMapGroup(uid_t uid);
93 void updateSupplementaryGroups(const VGid &groups, uid_t uid, gid_t gid);
94 void updateSupplementaryGroupsOwn(const VGid &groups, uid_t uid, gid_t gid);
97 /** Retrieves policy db
98 * \return Returns reference to the policy db
100 const decltype(m_bus_db) &getPolicyDb() const { return m_bus_db; }
102 /** Clears all db data, useful for reloading configuration
105 bool initDb(const char *config_name, const char *serialized_filename = nullptr);
107 void updateGroupDb(uid_t uid, gid_t gid);
109 template <typename T>
110 const VGid *getGroups(uid_t uid, gid_t gid);
112 /** Prints to stderr the structures and the amount of their memory */
115 /** Checks access/open policy for given item
116 * \param[in] uid User id
117 * \param[in] gid User group id
118 * \return Returns deny=0, allow=1 or cynara error
119 * \ingroup Implementation
121 DecisionResult check(uid_t bus_owner,
124 const char* const label);
126 /** Checks send/receive/ownership policy for given item
127 * \param[in] uid User id
128 * \param[in] gid User group id
129 * \param[in] label User label
130 * \param[in] matchItem MatchItem to check
131 * \return Returns deny=0, allow=1 or cynara error
132 * \ingroup Implementation
134 template <typename T>
135 DecisionResult check(uid_t uid,
137 const char* const label,
142 DCL_NODESTRUCT_GLOBAL(ldp_xml_parser::NaivePolicyChecker, policy_checker_system)
143 DCL_NODESTRUCT_GLOBAL(ldp_xml_parser::NaivePolicyChecker, policy_checker_session)
projects / platform / core / system / libdbuspolicy.git / blob