--- /dev/null
+/**
+ \mainpage Libdbuspolicy documentation
+
+\section intro_sec Introduction
+
+Dbuspolicy is library which allows to check policies for ownership, send and receive rules.
+
+\section Implementation
+
+\subsection step1 Step 1: Init
+
+Policy is parsed from xml file/files and added to policy databases. In send/receive policy rules are stored in vector, in ownership policy as a prefix tree.
+Handle to policy db is created.
+
+\subsection step2 Step 2: Looking for rule
+
+Depending on the type of query(ownership/send/receive) distinct functions are called to check policy. First policies of each types (MANDATORY, user, group, DEFAULT) are accesed by checker.\n
+Then each of them is searched for given item. At the end returned decision is parsed. In case of decision CHECK Cynara is run.
+
+
+\section desc_sec Description
+
+Libdbuspolicy uses dbus-daemon logics. Policies are created from policy section from dbus .conf files.
+Config file syntax is precisely described in section "CONFIGURATION FILE" at:
+<a href="https://dbus.freedesktop.org/doc/dbus-daemon.1.html">dbus-daemon documentation</a>. \n
+ An example of syntax is shown below:
+
+\code{.xml}
+
+ <policy context="default">
+ <!-- All users can connect to system bus -->
+ <allow user="*"/>
+
+ <!-- Holes must be punched in service configuration files for
+ name ownership and sending method calls -->
+ <allow own="*"/>
+ <allow send_type="method_call"/>
+
+ <!-- Signals and reply messages (method returns, errors) are allowed
+ by default -->
+ <allow send_type="signal"/>
+ <allow send_requested_reply="true" send_type="method_return"/>
+ <allow send_requested_reply="true" send_type="error"/>
+
+ <!-- All messages may be received by default -->
+ <allow receive_type="method_call"/>
+ <allow receive_type="method_return"/>
+ <allow receive_type="error"/>
+ <allow receive_type="signal"/>
+
+ <!-- Allow anyone to talk to the message bus -->
+ <allow send_destination="org.freedesktop.DBus"/>
+ <!-- But disallow some specific bus services -->
+ <deny send_destination="org.freedesktop.DBus"
+ send_interface="org.freedesktop.DBus"
+ send_member="UpdateActivationEnvironment"/>
+ </policy>
+
+
+\endcode
+
+
+ */
GENERATE_MAN = NO
GENERATE_RTF = NO
CASE_SENSE_NAMES = NO
-INPUT = src/dbuspolicy1/libdbuspolicy1.h
+INPUT = doc/main_page.dox src/internal/ src/dbuspolicy1 src/libdbuspolicy1.c
+EXCLUDE = src/internal/xml_policy.hpp
JAVADOC_AUTOBRIEF = YES
EXTRACT_PRIVATE = YES
EXTRACT_STATIC = YES
TYPEDEF_HIDES_STRUCT = YES
-INLINE_SOURCES = YES
-REFERENCED_BY_RELATION = YES
-REFERENCES_RELATION = YES
-SEARCHENGINE = NO
-COMPACT_LATEX = YES
+REFERENCED_BY_RELATION = NO
+REFERENCES_RELATION = NO
+SEARCHENGINE = YES
+COMPACT_LATEX = YES
LATEX_HIDE_INDICES = YES
+HAVE_DOT = NO
+EXTRACT_ALL = YES
+RECURSIVE = NO
+QUIET = YES
+CALL_GRAPH = NO
+CALLER_GRAPH = NO
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-
-/**
- * \file libdbuspolicy1.h
+/** API usually used in libdbus/libglib.
+ \defgroup API API
*/
#ifndef _LIBDBUSPOLICY1_H_
#define _LIBDBUSPOLICY1_H_
struct udesc;
-/*!
- Initialize libdbuspolicy configuration context
- \param bus_path path to the kdbus bus (system or session)
+/**
+ * Initialize libdbuspolicy configuration context
+ * \param[in] bus_path path to the kdbus bus (system or session)
- \note This function should be called only on well known kdbus buses
- - the system bus (/sys/fs/kdbus/0-system/bus) and session bus
- (/sys/fs/kdbus/getuid()-user/bus). If any other bus is specified
- function will not succeed.
+ * \note This function should be called only on well known kdbus buses
+ * - the system bus (/sys/fs/kdbus/0-system/bus) and session bus
+ * (/sys/fs/kdbus/getuid()-user/bus). If any other bus is specified
+ * function will not succeed.
- \return On success pointer to configuration context is returned. On
- error NULL is returned.
+ * \return On success pointer to configuration context is returned. On
+ * error NULL is returned.
+ * \ingroup API
*/
void* dbuspolicy1_init(const char *bus_path);
-/*!
- Free libdbuspolicy configuration context
- \param configuration pointer with policy configuration acquired using dbuspolicy1_init
+/**
+ * Free libdbuspolicy configuration context
+ * \ingroup API
+ * \param[in] configuration Pointer with policy configuration acquired using dbuspolicy1_init
*/
void dbuspolicy1_free(void* configuration);
-/*!
- Check policy for outgoing message
- \param configuration pointer with policy configuration
- \param destination list of message destinations
- \param sender list of message sender names
- \param path path
- \param interface interface name
- \param member member name
- \param message_type message type
- \param error_name (future implementation)
- \param reply_serial (future implementation)
- \param requested_reply (future implementation)
+/**
+ * Check policy for outgoing message
+ * \ingroup API
+ * \param[in] configuration Pointer with policy configuration
+ * \param[in] destination List of message destinations
+ * \param[in] sender List of message sender names
+ * \param[in] path Path
+ * \param[in] interface Interface name
+ * \param[in] member Member name
+ * \param[in] message_type Message type
+ * \param[in] error_name (future implementation)
+ * \param[in] reply_serial (future implementation)
+ * \param[in] requested_reply (future implementation)
+ * \return Allow/deny or negative error code
*/
int dbuspolicy1_check_out(void* configuration,
const char *destination,
int reply_serial,
int requested_reply);
-/*!
- Check policy for incoming message
- \param configuration pointer with policy configuration
- \param destination list of message destinations
- \param sender list of message sender names
- \param sender_label sender label (should be manually extracted from incomming message)
- \param sender_uid sender uid (should be manually extracted from incomming message)
- \param sender_gid sender gid (should be manually extracted from incomming message)
- \param path path
- \param interface interface name
- \param member member name
- \param message_type message type
- \param error_name (future implementation)
- \param reply_serial (future implementation)
- \param requested_reply (future implementation)
+/** Check policy for incoming message
+ * \ingroup API
+ * \param[in] configuration Pointer with policy configuration
+ * \param[in] destination List of message destinations
+ * \param[in] sender List of message sender names
+ * \param[in] sender_label Sender label (should be manually extracted from incoming message)
+ * \param[in] sender_uid Sender uid (should be manually extracted from incoming message)
+ * \param[in] sender_gid Sender gid (should be manually extracted from incoming message)
+ * \param[in] path Path
+ * \param[in] interface Interface name
+ * \param[in] member Member name
+ * \param[in] message_type Message type
+ * \param[in] error_name (future implementation)
+ * \param[in] reply_serial (future implementation)
+ * \param[in] requested_reply (future implementation)
+ * \returns Allow/deny or negative error code
*/
int dbuspolicy1_check_in(void* configuration,
const char *destination,
int reply_serial,
int requested_reply);
-/*!
- Check policy for service ownership
- \param configuration pointer with policy configuration
- \param service service name
+/**
+ * Check policy for service ownership
+ * \ingroup API
+ * \param[in] configuration Pointer with policy configuration
+ * \param[in] service Service name
+ * \returns Allow/deny or negative error code
*/
int dbuspolicy1_can_own(void* configuration, const char* const service);
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+/**
+ * \file
+ * \ingroup Implementation
+ */
#include <iostream>
#include <string>
* limitations under the License.
*/
+
+/**
+ \defgroup Implementation Implementation
+ Internal implementation of policy.
+ */
+/**
+ * \file
+ * \ingroup Implementation
+ */
#ifndef _LIBDBUSPOLICY1_INTERNAL_H_
#define _LIBDBUSPOLICY1_INTERNAL_H_
#define KDBUS_CONN_MAX_NAMES 256
+/** Initializes policies from given policy configuration file name
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] config_name Configuration file name
+ */
int __internal_init(bool bus_type, const char* const config_name);
+
+/** Inits tslog. */
void __internal_init_once(void);
+
extern pthread_mutex_t g_mutex;
+
+/** Flushes logs. */
void __internal_init_flush_logs(void);
+
+/** Enables logger mutex */
void __internal_enter(void);
+
+/** Disables logger mutex */
void __internal_exit(void);
+/** Checks if user can send message to given location.
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] user User id
+ * \param[in] group User group id
+ * \param[in] label Sender label
+ * \param[in] destination Message destination
+ * \param[in] path Path
+ * \param[in] interface Interface name
+ * \param[in] member Member name
+ * \param[in] type Message type
+ * \return 1 on allow, 0 on deny, negative error code otherwise
+ */
int __internal_can_send(bool bus_type,
const uid_t user,
const gid_t group,
const char* const member,
int type);
+/** Checks if user can send messages (multiple destinations).
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] user User id
+ * \param[in] group User group id
+ * \param[in] label Sender label
+ * \param[in] destination Message destination
+ * \param[in] path Path
+ * \param[in] interface Interface name
+ * \param[in] member Member name
+ * \param[in] type Message type
+ * \return 1 on allow, 0 on deny, negative error code otherwise
+ */
int __internal_can_send_multi_dest(bool bus_type,
const uid_t user,
const gid_t group,
const char* const member,
int type);
+/** Check if user can receive messages.
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] user User id
+ * \param[in] group User group id
+ * \param[in] label User label
+ * \param[in] sender Sender of received message
+ * \param[in] path Path
+ * \param[in] interface Interface name
+ * \param[in] member Member name
+ * \param[in] type Message type
+ * \return 1 on allow, 0 on deny, negative error code otherwise
+ */
int __internal_can_recv(bool bus_type,
uid_t user,
gid_t group,
const char* const member,
int type);
+/** Checks if given user can own interface with given label
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] user User id
+ * \param[in] group User group id
+ * \param[in] label Label given to Cynara
+ * \param[in] service Name to own
+ * \return 1 on allow, 0 on deny, negative error code otherwise
+ */
int __internal_can_own(bool bus_type,
uid_t user,
gid_t group,
#define TABSIZE(...) (::arraySizeDetail::size(__VA_ARGS__))
namespace {
+ /** Contains error code and string corresponding to it */
class ErrCode {
int m_err;
std::string m_err_str;
#include "cynara.hpp"
#include "tslog.hpp"
+/**
+ * \file
+ * \ingroup Implementation
+ */
+
using namespace ldp_xml_parser;
static void __log_item(const MatchItemSR& item)
+
+
+
+
DecisionResult NaivePolicyChecker::check(bool bus_type,
uid_t uid,
gid_t gid,
return Decision::ANY;
}
-Decision NaivePolicyChecker::checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy, const ItemOwn& item, const char*& privilege) {
+Decision NaivePolicyChecker::checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy, const ItemOwn& item, const char*& privilege)
+{
if (tslog::verbose()) {
- __log_item(item);
+ std::cout << "Checking policy for name: " << std::string(!(item.getName()) ? item.getName() : "NULL") << std::endl;
}
+
const char *name = item.getName();
const struct TreeNode *node = policy.getTreeRoot();
int childIndex = 0;
childIndex = char_map[*name];
if (childIndex > 64) {
/* name contains forbidden char */
+ if (tslog::verbose()) {
+ std::cout << "Name: " << std::string(!(item.getName()) ? (item.getName()) : "NULL") << " contains forbidden character!" << std::endl;
+ }
privilege = NULL;
return Decision::DENY;
}
}
name++;
}
+
return node->__decisionItem.getDecision();
}
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+
+/**
+ * \file
+ * \ingroup Implementation
+ */
+
+
#ifndef _NAIVE_DECISIONER_H
#define _NAIVE_DECISIONER_H
namespace ldp_xml_parser
{
+ /* Class which checks rights in policies retrieved from policy db
+ * \ingroup Implementation
+ */
class NaivePolicyChecker {
private:
+
+ /** Policy databases for system and session bus */
NaivePolicyDb m_bus_db[2];
+
+ /** Adapter to policies database */
DbAdapter* m_adapter;
+
+ /** Retrieves policy db
+ * \param[in] type Type of database (system/session bus)
+ * \return Returns reference to chosen bus policy db
+ * \ingroup Implementation
+ */
NaivePolicyDb& getPolicyDb(bool type);
+ /** Checks send/receive policy for given item
+ * \param[in] policy Policy to check
+ * \param[in] item Item to check
+ * \param[in] privilege Privilege string
+ * \return Returns decision retrieved from policy
+ * \ingroup Implementation
+ * \callgraph
+ */
Decision checkPolicySR(const NaivePolicyDb::PolicySR& policy,
const MatchItemSR& item,
const char*& privilege);
+ /** Checks ownership policy for given item
+ * \param[in] policy Policy to check
+ * \param[in] item Item to check
+ * \param[in] privilege Privilege string
+ * \return Returns decision retrieved from policy
+ * \ingroup Implementation
+ */
Decision checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy,
const ItemOwn& item,
const char*& privilege);
+ /** Parses delivered decision. In case of Decision::CHECK calls cynara.
+ * \param[in] decision Decision from checkers
+ * \param[in] uid User id
+ * \param[in] label User label
+ * \param[in] privilege Privilege string
+ * \return Returns deny=0, allow=1 or cynara error
+ * \ingroup Implementation
+ */
DecisionResult parseDecision(Decision decision,
uid_t uid,
const char* label,
const char* privilege);
+ /** Checks send/receive policy for given item
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] uid User id
+ * \param[in] gid User group id
+ * \param[in] label User label
+ * \param[in] item Item to check
+ * \param[in] type Item type
+ * \return Returns deny=0, allow=1 or cynara error
+ * \ingroup Implementation
+ */
DecisionResult checkItemSR(bool bus_type,
uid_t uid,
gid_t gid,
const MatchItemSR& item,
const ItemType type);
+ /** Checks send/receive policy for given item
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] uid User id
+ * \param[in] gid User group id
+ * \param[in] label User label
+ * \param[in] item Item to check
+ * \param[in] type Item type
+ * \return Returns deny=0, allow=1 or cynara error
+ * \ingroup Implementation
+ */
DecisionResult checkItemOwn(bool bus_type,
uid_t uid,
gid_t gid,
const ItemType type);
public:
~NaivePolicyChecker();
+
+ /** Generates adapter for db with policies
+ * \ingroup Implementation
+ */
DbAdapter& generateAdapter();
+
+ /** Checks ownership policy for given item
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] uid User id
+ * \param[in] gid User group id
+ * \param[in] label User label
+ * \param[in] name Name to own
+ * \return Returns deny=0, allow=1 or cynara error
+ * \ingroup Implementation
+ */
DecisionResult check(bool bus_type,
uid_t uid,
gid_t gid,
const char* const label,
const char* const name);
+
+ /** Checks send/receive policy for given item
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] uid User id
+ * \param[in] gid User group id
+ * \param[in] label User label
+ * \param[in] matcher Structure with multiple names to check
+ * \param[in] type Item type
+ * \return Returns deny=0, allow=1 or cynara error
+ * \ingroup Implementation
+ */
DecisionResult check(bool bus_type,
uid_t uid,
gid_t gid,
#include "cynara.hpp"
#include "tslog.hpp"
+/**
+ * \file
+ * \ingroup Implementation
+ */
+
using namespace ldp_xml_parser;
assert(treeRootPtr);
return treeRootPtr;
}
+
void NaivePolicyDb::PolicyOwn::addItem(ItemOwn* item) {
const char *name = item->getName();
-
+ if (tslog::enabled()){
+ if(name)
+ std::cout << "Adding item: " << name << " with decision: " << (int) item->getDecision().getDecision() << std::endl;
+ else
+ std::cout << "Adding item: NULL with decision: " << (int) item->getDecision().getDecision() << std::endl;
+ }
if (!name) {
/* For '*' name*/
if(item->getDecision().getDecision() != Decision::ANY){
node->__is_prefix = item->isPrefix();
}
-
bool NaivePolicyDb::getPolicySR(const NaivePolicyDb::PolicyTypeSetSR& set,
const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
#include <vector>
#include "policy.hpp"
+
+/**
+ * \file
+ * \ingroup Implementation
+ */
+
namespace ldp_xml_parser
{
+ /** Database class, contains policies for ownership and send/receive */
class NaivePolicyDb {
public:
+ /** Class containing policy with send/receive rules */
class PolicySR {
private:
+ /** Vector with policy items */
std::vector<ItemSendReceive*> m_items;
public:
+ /** Iterator used to get access to policy items */
class PolicyConstIterator {
private:
+ /** Vector with policy items */
const std::vector<ItemSendReceive*>& m_items;
+ /** Assistant iterator */
int m_index;
public:
+ /** Public method allowing access to policy items */
PolicyConstIterator(const std::vector<ItemSendReceive*>& items, int position);
ItemSendReceive* const& operator*() const;
PolicyConstIterator& operator++();
bool operator!=(const PolicyConstIterator& it) const;
};
-
+ /** Iterator used to get access to policy items */
class PolicyIterator {
private:
+ /** Vector with policy items */
std::vector<ItemSendReceive*>& m_items;
+ /** Assistant iterator */
int m_index;
public:
PolicyIterator(std::vector<ItemSendReceive*>& items, int position);
PolicyIterator end();
PolicyConstIterator begin() const;
PolicyConstIterator end() const;
+
+ /** Adds given item to policy.
+ * \param[in] item Item to add to policy
+ */
void addItem(ItemSendReceive* item);
};
-
+ /** Class containing policy with ownership rules */
class PolicyOwn {
private:
+ /** Pointer to policy tree root */
struct TreeNode *treeRootPtr = NULL;
+
+ /** Removes given node and its descendants
+ * \param[in] node Node to remove from tree
+ */
void nodeRemove(TreeNode **node);
public:
PolicyOwn();
~PolicyOwn();
+ /** Adds given item to tree by retrieving its name, decision and checking is it prefix.
+ * \param[in] item Item to add to policy
+ */
void addItem(ItemOwn* item);
+
+ /** Retrieves policy tree root
+ * \return Pointer to tree root
+ */
const TreeNode* getTreeRoot() const;
};
~NaivePolicyDb();
+ /** Gets policy with ownership rules from DB
+ * \param[in] item_type Item Type
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[out] policy Received policy
+ * \return True if there is such policy, false elsewhere
+ */
bool getPolicy(const ItemType item_type,
const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
const PolicyOwn*& policy) const;
+ /** Gets policy with send/receive rules from DB
+ * \param[in] item_type Item Type
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[out] policy Received policy
+ * \return True if there is such policy, false elsewhere
+ */
bool getPolicy(const ItemType item_type,
const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
const PolicySR*& policy) const;
+ /** Adds item to ownership policy
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[in] item Item to add
+ */
void addItem(const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
ItemOwn* const item);
+ /** Adds item to send/receive policy
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[in] item Item to add
+ */
void addItem(const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
ItemSendReceive* const item);
private:
-
+ /** Contains maps for different ownership policy types (uid, gid, DEFAULT, MANDATORY) */
struct PolicyTypeSetOwn {
+ /** Policies for all contexts */
PolicyOwn context[static_cast<std::size_t>(ContextType::MAX)];
+ /** Map with policies for different users */
std::map<uid_t, PolicyOwn > user;
+ /** Map with policies for different groups */
std::map<gid_t, PolicyOwn > group;
};
+ /** Contains maps for different send/receive policy types (uid, gid, DEFAULT, MANDATORY) */
struct PolicyTypeSetSR {
+ /** Policies for all contexts */
PolicySR context[static_cast<std::size_t>(ContextType::MAX)];
+ /** Map with policies for different users */
std::map<uid_t, PolicySR > user;
+ /** Map with policies for different groups */
std::map<gid_t, PolicySR > group;
};
+ /** Set of ownership policies */
PolicyTypeSetOwn m_own_set;
+ /** Set of send policies */
PolicyTypeSetSR m_send_set;
+ /** Set of receive policies */
PolicyTypeSetSR m_receive_set;
+ /** Adds given item to send/receive policy
+ * \param[in] set Set to add item to
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[in] item Item to add
+ */
void addItem(PolicyTypeSetSR& set,
const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
ItemSendReceive* const item);
+ /** Gets requested policy from send/receive policies
+ * \param[in] set Set to add item to
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[out] policy Received policy
+ * \return False if there is no such policy, true elsewhere
+ */
bool getPolicySR(const PolicyTypeSetSR& set,
const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
const PolicySR*& policy) const;
+ /** Adds given item to ownership policy
+ * \param[in] set Set to add item to
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[in] item Item to add
+ */
void addItem(PolicyTypeSetOwn& set,
const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
ItemOwn* const item);
+ /** Gets requested policy from ownership policies
+ * \param[in] set Set to add item to
+ * \param[in] policy_type Policy type
+ * \param[in] policy_type_value Policy type value
+ * \param[out] policy Received policy
+ * \return False if there is no such policy, true elsewhere
+ */
bool getPolicyOwn(const PolicyTypeSetOwn& set,
const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
+/**
+ * \file
+ * \ingroup Implementation
+ */
+
#include "policy.hpp"
#include "naive_policy_db.hpp"
#include "tslog.hpp"
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+
+
+/**
+ * \file
+ * \ingroup Implementation
+ */
+
#ifndef _POLICY_H
#define _POLICY_H
#include <boost/property_tree/ptree.hpp>
#include <internal/internal.h>
#include <string>
+
#define MAX_LOG_LINE 1024
+/** Maximum tree node children. It is connected with proper characters which can be used in name.*/
#define MAX_CHILDREN 65
namespace ldp_xml_parser
{
-
+ /** Char map used in ownership policy. Single character from given name is mapped to index of tree node child*/
const char char_map[128] {65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,
65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,
65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 10, 12, 65,
54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 65, 65, 65, 11,
65, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 65, 65, 65, 65, 65};
-
+ /** Type of sent message*/
enum class MessageType : uint8_t {
ANY = 0,
METHOD_CALL,
SIGNAL
};
+ /** Sent message direction */
enum class MessageDirection : uint8_t {
ANY,
SEND,
RECEIVE
};
+ /** Item type. (different items have different content of class */
enum class ItemType : uint8_t {
GENERIC,
OWN,
RECEIVE
};
+ /** Policy type, either context, user or group */
enum class PolicyType : uint8_t {
CONTEXT,
USER,
GROUP
};
+ /** Context type for context policy type */
enum class ContextType : uint8_t {
DEFAULT,
MANDATORY,
MAX
};
+ /** Decision returned by policy checkers. Is parsed later */
enum class Decision : uint8_t {
ANY,
ALLOW,
CHECK
};
+ /** Final decision of libdbus policy. Either allow, deny or error code */
enum class DecisionResult : int8_t {
CYNARA_ERROR = -3,
DENY = 0,
ALLOW
};
+ /** Contains value corresponding to each of policy types */
union PolicyTypeValue {
PolicyTypeValue();
PolicyTypeValue(ContextType type);
class ItemBuilder;
+ /** Class contains decision and privilege string */
class DecisionItem {
private:
Decision __decision;
const char* toString(char* str) const;
};
+ /** Class contains info about ownership policy item */
class ItemOwn {
private:
DecisionItem __decision;
bool isPrefix() const;
};
+ /** Node of tree used in ownership policy. */
struct TreeNode{
DecisionItem __decisionItem;
char __nameChar;
struct TreeNode *children[MAX_CHILDREN];
};
+ /** Name structure for send/receive policy */
struct NameSR {
const char* name;
int len;
NameSR(const char* m = NULL, int l = 0);
};
+ /** Struct which allows to contain multiple connection names then compared in s/r policy checker */
struct MatchItemSR {
int names_num;
NameSR names[KDBUS_CONN_MAX_NAMES+1];
const char* toString(char* str) const;
};
+ /** Class contains info about item send/receive */
class ItemSendReceive {
private:
DecisionItem __decision;
};
class NaivePolicyDb;
+
+ /** Allows to create items from given name, decision etc. */
class ItemBuilder {
private:
DecisionItem __decision;
void setPrefix(bool value);
};
+ /** Adapter which allows to access policy db. Contains references to system and session db. */
class DbAdapter {
private:
enum state {
+/**
+ * \file
+ * \ingroup Implementation
+ */
+
#include "tslog.hpp"
namespace tslog {
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+/**
+ * \file
+ * \ingroup Implementation
+ */
#ifndef _TSLOG_HPP
#define _TSLOG_HPP
namespace tslog
{
-
+ /** Checks value of environmental variable with given name */
bool get_log_env(char const *name);
+ /** Checks environmental variables and sets global variable defining if logs are enabled */
void init();
+ /** Checks if logs are enabled */
bool enabled();
+
+ /** Checks if verbosity is enabled */
bool verbose();
}
+/**
+ * \file
+ * \ingroup Implementation
+ */
#include "xml_parser.hpp"
std::set<std::string> ldp_xml_parser::XmlParser::__parsed;
* See the License for the specific language governing permissions and
* limitations under the License.
*/
+/**
+ * \file
+ * \ingroup Implementation
+ */
#ifndef _XML_PARSER_HPP
#define _XML_PARSER_HPP
namespace ldp_xml_parser
{
+ /** Class which have methods parsing policy rules contained in xml files */
class XmlParser : boost::noncopyable
{
public:
+ /** Parses given config file for declared bus type */
ErrCode parsePolicy(bool bus,
std::string const &fname) {
ErrCode err = parse(bus, fname);
return err;
}
-
+ /** Registers DBAdapter */
void registerAdapter(DbAdapter& adapter) {
__adapter = &adapter;
}
private:
- //IO operation
+ /** Vector containing parsed policy */
static std::set<std::string> __parsed;
+ /** Adapter which allows to acces parsed policies */
DbAdapter* __adapter;
- //Data obtained from XML
+ /** Parses config file and all files included in it */
ErrCode parse(bool bus, std::string const &filename) {
ErrCode err;
std::vector<std::string> incl_files;
}
return err;
}
-
+ /** Parses given xml file and files included in it */
ErrCode parse(bool bus, bool first, const std::string& filename, std::vector<std::string>& included_files) {
std::pair<ErrCode, std::string> errparam;
std::vector<std::string> incl_dirs;
return errparam.first;
}
- //Get all the .conf files within included subdirectory, POSIX style as boost::filesystem is not header-only
+ /** Get all the .conf files within included subdirectory, POSIX style as boost::filesystem is not header-only */
void getIncludedFiles(const std::string& filename, const std::string& incldir, std::vector<std::string>& files) {
DIR *dir;
struct dirent *ent;
std::cout << "could not open directory " << dname << '\n';
}
}
-
+ /** Acceses given configuration file/files */
std::pair<ErrCode, std::string> parseXml(bool bus, const std::string& filename, std::vector<std::string>& incl_dirs) {
std::pair<ErrCode, std::string> ret;
static bool configuration_bus_type(struct kconn const *configuration) { return configuration != g_conn; }
-/**
- * dbuspolicy1_can_send
- * @param: <>
- * @return: <>
- *
- * Description.
- **/
DBUSPOLICY1_EXPORT int dbuspolicy1_check_out(void* configuration,
const char *destination,
const char *sender,
return r;
}
-/**
- * dbuspolicy1_can_send
- * @param: <>
- * @return: <>
- *
- * Description.
- **/
DBUSPOLICY1_EXPORT int dbuspolicy1_check_in(void* configuration,
const char *destination,
const char *sender,
return r;
}
-/**
- * dbuspolicy1_can_send
- * @param: <>
- * @return: <>
- *
- * Description.
- **/
DBUSPOLICY1_EXPORT int dbuspolicy1_can_own(void* configuration, const char* const service)
{
int r;
projects / platform / core / system / libdbuspolicy.git / commitdiff