from gcc.
- split function declaration and implementation
- delt with unsigned/signed comparison in Cynara
backend
Change-Id: I1b77af78292915efa9e850d32445c97d5893c513
#define NETHER_CYNARA_INTERNET_PRIVILEGE "http://tizen.org/privilege/internet"
-static const std::string cynaraErrorCodeToString(int cynaraErrorCode)
-{
- char errorString[512];
- int ret;
-
- if((ret = cynara_strerror(cynaraErrorCode, errorString, 512)) == CYNARA_API_SUCCESS)
- return (std::string(errorString, strlen(errorString)));
- else
- return ("Failed to get error string representation, code="+ret);
-}
+const std::string cynaraErrorCodeToString(int cynaraErrorCode);
class NetherManager;
NetherVerdict verdict;
};
-static const std::string dumpPolicyEntry(const PolicyEntry &entry)
-{
- std::stringstream stream;
- stream << "UID=";
- if(entry.uid == NETHER_INVALID_UID)
- stream << "*";
- else
- stream << entry.uid;
- stream << " GID=";
- if(entry.gid == NETHER_INVALID_GID)
- stream << "*";
- else stream << entry.gid;
- stream << " SECCTX=";
- if(entry.securityContext.empty())
- stream << "*";
- else
- stream << entry.securityContext;
- stream << " VERDICT=";
- stream << verdictToString(entry.verdict);
-
- return (stream.str());
-}
+const std::string dumpPolicyEntry(const PolicyEntry &entry);
class NetherFileBackend : public NetherPolicyBackend
{
/**
* @file
* @author Roman Kubiak (r.kubiak@samsung.com)
- * @brief utility functions
+ * @brief utility functions declarations
*/
#ifndef NETHER_UTILS_H
#define NETHER_UTILS_H
#include "nether_Types.h"
+
void decodePacket(NetherPacket &packet, unsigned char *payload);
void decodeIPv4Packet(NetherPacket &packet, unsigned char *payload);
void decodeIPv6Packet(NetherPacket &packet, unsigned char *payload);
void decodeUdp(NetherPacket &packet, unsigned char *payload);
std::string ipAddressToString(const char *src, enum NetherProtocolType type);
-static NetherVerdict stringToVerdict(char *verdictAsString)
-{
- if(verdictAsString)
- {
- if(strncasecmp(verdictAsString, "allow_log", 9) == 0)
- return (NetherVerdict::allowAndLog);
- if(strncasecmp(verdictAsString, "allow", 6) == 0)
- return (NetherVerdict::allow);
- if(strncasecmp(verdictAsString, "deny", 4) == 0)
- return (NetherVerdict::deny);
- }
- return (NetherVerdict::allowAndLog);
-}
-
-static NetherPolicyBackendType stringToBackendType(char *backendAsString)
-{
- if(strcasecmp(backendAsString, "cynara") == 0)
- return (NetherPolicyBackendType::cynaraBackend);
- if(strcasecmp(backendAsString, "file") == 0)
- return (NetherPolicyBackendType::fileBackend);
- if(strcasecmp(backendAsString, "dummy") == 0)
- return (NetherPolicyBackendType::dummyBackend);
-
- return (NetherPolicyBackendType::dummyBackend);
-}
-
-static NetherLogBackendType stringToLogBackendType(char *backendAsString)
-{
- if(strcasecmp(backendAsString, "stderr") == 0)
- return (NetherLogBackendType::stderrBackend);
- if(strcasecmp(backendAsString, "syslog") == 0)
- return (NetherLogBackendType::syslogBackend);
- if(strcasecmp(backendAsString, "journal") == 0)
- return (NetherLogBackendType::journalBackend);
- if(strcasecmp(backendAsString, "file") == 0)
- return (NetherLogBackendType::logfileBackend);
- if(strcasecmp(backendAsString, "null") == 0)
- return (NetherLogBackendType::nullBackend);
-
- return (NetherLogBackendType::nullBackend);
-}
-
-static std::string logBackendTypeToString(const NetherLogBackendType backendType)
-{
- switch(backendType)
- {
- case NetherLogBackendType::stderrBackend:
- return ("stderr");
- case NetherLogBackendType::syslogBackend:
- return ("syslog");
- case NetherLogBackendType::journalBackend:
- return ("journal");
- case NetherLogBackendType::logfileBackend:
- return ("file");
- case NetherLogBackendType::nullBackend:
- return ("null");
- }
- return ("null");
-}
-
-static std::string backendTypeToString(const NetherPolicyBackendType backendType)
-{
- switch(backendType)
- {
- case NetherPolicyBackendType::cynaraBackend:
- return ("cynara");
- case NetherPolicyBackendType::fileBackend:
- return ("file");
- case NetherPolicyBackendType::dummyBackend:
- default:
- return ("dummy");
- }
-}
-
-static std::string verdictToString(const NetherVerdict verdict)
-{
- switch(verdict)
- {
- case NetherVerdict::allow:
- return ("ALLOW");
- case NetherVerdict::allowAndLog:
- return ("ALLOW_LOG");
- case NetherVerdict::deny:
- return ("DENY");
- case NetherVerdict::noVerdictYet:
- return ("NO_VERDICT_YET");
- }
- return ("NO_VERDICT_YET");
-}
-
-static std::string transportToString(const NetherTransportType transportType)
-{
- switch(transportType)
- {
- case NetherTransportType::TCP:
- return ("TCP");
- case NetherTransportType::UDP:
- return ("UDP");
- case NetherTransportType::ICMP:
- return ("ICMP");
- case NetherTransportType::IGMP:
- return ("IGMP");
- case NetherTransportType::unknownTransportType:
- default:
- return ("UNKNOWN");
- }
-}
-
-static std::string protocolToString(const NetherProtocolType protocolType)
-{
- switch(protocolType)
- {
- case NetherProtocolType::IPv4:
- return ("IPv4");
- case NetherProtocolType::IPv6:
- return ("IPv6");
- default:
- return ("UNKNOWN");
- }
-}
-
-static std::string packetToString(const NetherPacket &packet)
-{
- std::stringstream stream;
- stream << "ID=";
- stream << packet.id;
- stream << " SECCTX=";
- stream << packet.securityContext;
- stream << " UID=";
- stream << packet.uid;
- stream << " GID=";
- stream << packet.gid;
- stream << " PROTO=";
- stream << protocolToString(packet.protocolType);
- stream << " TRANSPORT=";
- stream << transportToString(packet.transportType);
- stream << " SADDR=";
- stream << ipAddressToString(&packet.localAddress[0], packet.protocolType);
- stream << ":";
- stream << packet.localPort;
- stream << " DADDR=";
- stream << ipAddressToString(&packet.remoteAddress[0], packet.protocolType);
- stream << ":";
- stream << packet.remotePort;
- return (stream.str());
-}
-
-template<typename ... Args>
-std::string stringFormat(const char* format, Args ... args)
-{
- size_t size = snprintf(nullptr, 0, format, args ...) + 1; // Extra space for '\0'
- std::unique_ptr<char[]> buf(new char[ size ]);
- snprintf(buf.get(), size, format, args ...);
- return std::string(buf.get(), buf.get() + size - 1); // We don't want the '\0' inside
-}
+NetherVerdict stringToVerdict(char *verdictAsString);
+NetherPolicyBackendType stringToBackendType(char *backendAsString);
+NetherLogBackendType stringToLogBackendType(char *backendAsString);
+std::string logBackendTypeToString(const NetherLogBackendType backendType);
+std::string backendTypeToString(const NetherPolicyBackendType backendType);
+std::string verdictToString(const NetherVerdict verdict);
+std::string transportToString(const NetherTransportType transportType);
+std::string protocolToString(const NetherProtocolType protocolType);
+std::string packetToString(const NetherPacket &packet);
+template<typename ... Args> std::string stringFormat(const char* format, Args ... args);
#endif // NETHER_UTILS_H
#ifdef HAVE_CYNARA
+const std::string cynaraErrorCodeToString(int cynaraErrorCode)
+{
+ char errorString[512];
+ int ret;
+
+ if((ret = cynara_strerror(cynaraErrorCode, errorString, 512)) == CYNARA_API_SUCCESS)
+ return (std::string(errorString, strlen(errorString)));
+ else
+ return ("Failed to get error string representation, code="+ret);
+}
+
NetherCynaraBackend::NetherCynaraBackend(const NetherConfig &netherConfig)
: NetherPolicyBackend(netherConfig), currentCynaraDescriptor(0),
cynaraLastResult(CYNARA_API_UNKNOWN_ERROR)
{
cynara_check_id checkId;
- cynaraLastResult = cynara_async_check_cache(cynaraContext, packet.securityContext.c_str(), "", std::to_string(packet.uid).c_str(), NETHER_CYNARA_INTERNET_PRIVILEGE);
+ cynaraLastResult = cynara_async_check_cache(cynaraContext,
+ packet.securityContext.c_str(),
+ "",
+ std::to_string(packet.uid).c_str(),
+ NETHER_CYNARA_INTERNET_PRIVILEGE);
LOGD("cynara_async_check_cache ctx=" << packet.securityContext.c_str() << " user=" << std::to_string(packet.uid).c_str() << " privilege=" << NETHER_CYNARA_INTERNET_PRIVILEGE);
&checkId,
&checkCallback,
this);
+
if(cynaraLastResult == CYNARA_API_SUCCESS)
{
responseQueue[checkId] = packet.id;
void NetherCynaraBackend::setCynaraVerdict(cynara_check_id checkId, int cynaraResult)
{
- u_int32_t packetId = 0;
- if((packetId = responseQueue[checkId]) >= 0)
- {
- responseQueue[checkId] = -1;
-
- if(cynaraResult == CYNARA_API_ACCESS_ALLOWED)
- castVerdict(packetId, NetherVerdict::allow);
- else
- castVerdict(packetId, NetherVerdict::deny);
+ u_int32_t packetId = responseQueue[checkId];
- return;
- }
+ if(cynaraResult == CYNARA_API_ACCESS_ALLOWED)
+ castVerdict(packetId, NetherVerdict::allow);
+ else
+ castVerdict(packetId, NetherVerdict::deny);
- LOGW("checkId=" << checkId << " has no assosiated packetId");
+ return;
}
int NetherCynaraBackend::getDescriptor()
#include "nether_FileBackend.h"
+const std::string dumpPolicyEntry(const PolicyEntry &entry)
+{
+ std::stringstream stream;
+ stream << "UID=";
+ if(entry.uid == NETHER_INVALID_UID)
+ stream << "*";
+ else
+ stream << entry.uid;
+ stream << " GID=";
+ if(entry.gid == NETHER_INVALID_GID)
+ stream << "*";
+ else stream << entry.gid;
+ stream << " SECCTX=";
+ if(entry.securityContext.empty())
+ stream << "*";
+ else
+ stream << entry.securityContext;
+ stream << " VERDICT=";
+ stream << verdictToString(entry.verdict);
+
+ return (stream.str());
+}
+
NetherFileBackend::NetherFileBackend(const NetherConfig &netherConfig)
: NetherPolicyBackend(netherConfig)
{
return ("(unknown)");
}
}
+
+template<typename ... Args>
+std::string stringFormat(const char* format, Args ... args)
+{
+ size_t size = snprintf(nullptr, 0, format, args ...) + 1; // Extra space for '\0'
+ std::unique_ptr<char[]> buf(new char[ size ]);
+ snprintf(buf.get(), size, format, args ...);
+ return std::string(buf.get(), buf.get() + size - 1); // We don't want the '\0' inside
+}
--- /dev/null
+/*
+ * Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+ *
+ * Contact: Roman Kubiak (r.kubiak@samsung.com)
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License
+ */
+
+/**
+ * @file
+ * @author Roman Kubiak (r.kubiak@samsung.com)
+ * @brief utility functions implementation
+ */
+
+#include "nether_Utils.h"
+
+NetherVerdict stringToVerdict(char *verdictAsString)
+{
+ if(verdictAsString)
+ {
+ if(strncasecmp(verdictAsString, "allow_log", 9) == 0)
+ return (NetherVerdict::allowAndLog);
+ if(strncasecmp(verdictAsString, "allow", 6) == 0)
+ return (NetherVerdict::allow);
+ if(strncasecmp(verdictAsString, "deny", 4) == 0)
+ return (NetherVerdict::deny);
+ }
+ return (NetherVerdict::allowAndLog);
+}
+
+NetherPolicyBackendType stringToBackendType(char *backendAsString)
+{
+ if(strcasecmp(backendAsString, "cynara") == 0)
+ return (NetherPolicyBackendType::cynaraBackend);
+ if(strcasecmp(backendAsString, "file") == 0)
+ return (NetherPolicyBackendType::fileBackend);
+ if(strcasecmp(backendAsString, "dummy") == 0)
+ return (NetherPolicyBackendType::dummyBackend);
+
+ return (NetherPolicyBackendType::dummyBackend);
+}
+
+NetherLogBackendType stringToLogBackendType(char *backendAsString)
+{
+ if(strcasecmp(backendAsString, "stderr") == 0)
+ return (NetherLogBackendType::stderrBackend);
+ if(strcasecmp(backendAsString, "syslog") == 0)
+ return (NetherLogBackendType::syslogBackend);
+ if(strcasecmp(backendAsString, "journal") == 0)
+ return (NetherLogBackendType::journalBackend);
+ if(strcasecmp(backendAsString, "file") == 0)
+ return (NetherLogBackendType::logfileBackend);
+ if(strcasecmp(backendAsString, "null") == 0)
+ return (NetherLogBackendType::nullBackend);
+
+ return (NetherLogBackendType::nullBackend);
+}
+
+std::string logBackendTypeToString(const NetherLogBackendType backendType)
+{
+ switch(backendType)
+ {
+ case NetherLogBackendType::stderrBackend:
+ return ("stderr");
+ case NetherLogBackendType::syslogBackend:
+ return ("syslog");
+ case NetherLogBackendType::journalBackend:
+ return ("journal");
+ case NetherLogBackendType::logfileBackend:
+ return ("file");
+ case NetherLogBackendType::nullBackend:
+ return ("null");
+ }
+ return ("null");
+}
+
+std::string backendTypeToString(const NetherPolicyBackendType backendType)
+{
+ switch(backendType)
+ {
+ case NetherPolicyBackendType::cynaraBackend:
+ return ("cynara");
+ case NetherPolicyBackendType::fileBackend:
+ return ("file");
+ case NetherPolicyBackendType::dummyBackend:
+ default:
+ return ("dummy");
+ }
+}
+
+std::string verdictToString(const NetherVerdict verdict)
+{
+ switch(verdict)
+ {
+ case NetherVerdict::allow:
+ return ("ALLOW");
+ case NetherVerdict::allowAndLog:
+ return ("ALLOW_LOG");
+ case NetherVerdict::deny:
+ return ("DENY");
+ case NetherVerdict::noVerdictYet:
+ return ("NO_VERDICT_YET");
+ }
+ return ("NO_VERDICT_YET");
+}
+
+std::string transportToString(const NetherTransportType transportType)
+{
+ switch(transportType)
+ {
+ case NetherTransportType::TCP:
+ return ("TCP");
+ case NetherTransportType::UDP:
+ return ("UDP");
+ case NetherTransportType::ICMP:
+ return ("ICMP");
+ case NetherTransportType::IGMP:
+ return ("IGMP");
+ case NetherTransportType::unknownTransportType:
+ default:
+ return ("UNKNOWN");
+ }
+}
+
+std::string protocolToString(const NetherProtocolType protocolType)
+{
+ switch(protocolType)
+ {
+ case NetherProtocolType::IPv4:
+ return ("IPv4");
+ case NetherProtocolType::IPv6:
+ return ("IPv6");
+ default:
+ return ("UNKNOWN");
+ }
+}
+
+std::string packetToString(const NetherPacket &packet)
+{
+ std::stringstream stream;
+ stream << "ID=";
+ stream << packet.id;
+ stream << " SECCTX=";
+ stream << packet.securityContext;
+ stream << " UID=";
+ stream << packet.uid;
+ stream << " GID=";
+ stream << packet.gid;
+ stream << " PROTO=";
+ stream << protocolToString(packet.protocolType);
+ stream << " TRANSPORT=";
+ stream << transportToString(packet.transportType);
+ stream << " SADDR=";
+ stream << ipAddressToString(&packet.localAddress[0], packet.protocolType);
+ stream << ":";
+ stream << packet.localPort;
+ stream << " DADDR=";
+ stream << ipAddressToString(&packet.remoteAddress[0], packet.protocolType);
+ stream << ":";
+ stream << packet.remotePort;
+ return (stream.str());
+}