return (szstr != NULL) ? szstr : "";
}
-int __internal_init(BusType bus_type, const char* const config_name)
+int __internal_init_serialized(BusType bus_type, const char *config_name, const char *serialized_filename)
{
- auto ok = policy_checker(bus_type).initDb(get_str(config_name));
+ auto ok = policy_checker(bus_type).initDb(get_str(config_name), serialized_filename);
if (tslog::enabled())
memory_dump(bus_type);
return ok ? 0 : -1;
}
+int __internal_init(BusType bus_type, const char* const config_name)
+{
+ return __internal_init_serialized(bus_type, config_name, nullptr);
+}
+
+int __internal_init_auto_serialized(BusType bus_type, const char *config_name)
+{
+ return __internal_init_serialized(bus_type, config_name, std::string(config_name).append(".serialized").c_str());
+}
+
pthread_mutex_t g_mutex = PTHREAD_MUTEX_INITIALIZER;
void memory_dump(BusType bus_type)
*/
int __internal_init(BusType bus_type, const char* const config_name);
+/** Initializes policies from given serialized policy configuration file name
+ * but in case of failure uses provided XML policy configuration file name
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] config_name Configuration file name
+ * \param[in] serialized_filename Serialized policy file name
+ */
+int __internal_init_serialized(BusType bus_type,
+ const char* const config_name,
+ const char *serialized_filename);
+
+/** Tries to initialize policy from serialized policy file name made up from
+ * standard XML policy file name by adding ".serialized" suffix to it.
+ * In case of failure initializes policy from given XML policy file name
+ * \param[in] bus_type Bus type (system/session)
+ * \param[in] config_name XML configuration file name
+ */
+int __internal_init_auto_serialized(BusType bus_type, const char* const config_name);
+
/** Inits tslog. */
void __internal_init_once(void);
#include "cynara.hpp"
#include "tslog.hpp"
#include "groups_proxy.hpp"
+#include "serializer.hpp"
/**
* \file
/* insert supplementary group */
for (const auto group : groups) {
- if (getPolicyDb().existsPolicyForGroup<MatchItemSend>(group))
+ if (m_bus_db.existsPolicyForGroup<MatchItemSend>(group))
vsend.push_back(group);
- if (getPolicyDb().existsPolicyForGroup<MatchItemReceive>(group))
+ if (m_bus_db.existsPolicyForGroup<MatchItemReceive>(group))
vrecv.push_back(group);
vaccess.push_back(group); // no filtering, it will be used once
}
vown.push_back(gid);
} else {
for (const auto group : groups) {
- if (getPolicyDb().existsPolicyForGroup<MatchItemOwn>(group))
+ if (m_bus_db.existsPolicyForGroup<MatchItemOwn>(group))
vown.push_back(group);
}
}
DecisionItem NaivePolicyChecker::checkItemAccess(const MatchItemAccess& item)
{
- const ldp_xml::StorageBackendXML &policy_db = getPolicyDb();
-
- DecisionItem ret = policy_db.getDecisionItemContextMandatory(item);
+ DecisionItem ret = m_bus_db.getDecisionItemContextMandatory(item);
// access rules can be defined only in default/mandatory context
// defining them elsewhere is considered as policy syntax error by dbus-daemon
// thus, no checking in user or group policies
if (ret.getDecision() == Decision::ANY)
- ret = policy_db.getDecisionItemContextDefault(item);
+ ret = m_bus_db.getDecisionItemContextDefault(item);
return ret;
}
template<typename T>
DecisionItem NaivePolicyChecker::checkItem(uid_t uid, gid_t gid, const T& item) {
- const ldp_xml::StorageBackendXML &policy_db = getPolicyDb();
-
- DecisionItem ret = policy_db.getDecisionItemContextMandatory(item);
+ DecisionItem ret = m_bus_db.getDecisionItemContextMandatory(item);
if (ret.getDecision() == Decision::ANY)
- ret = policy_db.getDecisionItemUser(uid, item);
+ ret = m_bus_db.getDecisionItemUser(uid, item);
if (ret.getDecision() == Decision::ANY)
ret = checkGroupPolicies<T>(uid, gid, item);
if (ret.getDecision() == Decision::ANY)
- ret = policy_db.getDecisionItemContextDefault(item);
+ ret = m_bus_db.getDecisionItemContextDefault(item);
return ret;
}
return Decision::ANY;
for (const auto sgid : *sgroups) {
- DecisionItem ret = getPolicyDb().getDecisionItemGroup(sgid, item);
+ DecisionItem ret = m_bus_db.getDecisionItemGroup(sgid, item);
if (ret.getDecision() != Decision::ANY)
return ret;
pthread_mutex_unlock(&mutexGroup);
}
-bool NaivePolicyChecker::initDb(const char *config_name)
+bool NaivePolicyChecker::initDb(const char *config_name, const char *serialized_filename)
{
- return getPolicyDb().init(config_name);
+ m_bus_db.release();
+
+ if (serialized_filename) {
+ if (m_bus_db.init(serialized_filename))
+ return true;
+ }
+
+ // fallback - we have only XML files
+ return m_bus_db.initFromXML(config_name);
}
void NaivePolicyChecker::printContent()
{
- getPolicyDb().printContent();
+ m_bus_db.printContent();
for (const auto &mapGroup : mapGroups) {
std::cerr << std::endl << "---- mapGroup ----" << std::endl;
#include "policy.hpp"
#include "global_nodestruct.hpp"
-#include "storage_backend_xml.hpp"
+#include "storage_backend_serialized.hpp"
+
+#include <map>
+#include <vector>
namespace ldp_xml_parser
{
private:
/** Policy database */
- ldp_xml::StorageBackendXML m_bus_db;
+ ldp_serialized::StorageBackendSerialized m_bus_db;
/** Parses delivered decision. In case of Decision::CHECK calls cynara.
* \param[in] decision Decision from checkers
/** Retrieves policy db
* \return Returns reference to the policy db
*/
- ldp_xml::StorageBackendXML &getPolicyDb() { return m_bus_db; }
- const ldp_xml::StorageBackendXML &getPolicyDb() const { return m_bus_db; }
+ const decltype(m_bus_db) &getPolicyDb() const { return m_bus_db; }
/** Clears all db data, useful for reloading configuration
* during testing.
*/
- bool initDb(const char *filename);
+ bool initDb(const char *config_name, const char *serialized_filename = nullptr);
void updateGroupDb(uid_t uid, gid_t gid);
#include "policy.hpp"
#include "naive_policy_checker.hpp"
#include "tslog.hpp"
+#include "storage_backend_xml.hpp"
#include <cstdlib>
#include <sys/types.h>
uint8_t* Serializer::serialize(const std::string config_path, size_t &size) {
// SYSTEM_BUS here because something had to be choosen
__internal_init_once();
- if (__internal_init(BusType::SYSTEM_BUS, config_path.c_str()) != 0)
+ ldp_xml::StorageBackendXML xmlStorage;
+
+ if (!xmlStorage.init(config_path.c_str())) {
cout << "internal_init error" << endl;
+ return nullptr;
+ }
- return serialize(policy_checker_system().getPolicyDb(), size);
+ return serialize(xmlStorage, size);
}
void Serializer::serialize(const std::string config_path, ostream &output) {
#include "serialized_convert.hpp"
#include "tslog.hpp"
#include "transaction_guard.hpp"
+#include "serializer.hpp"
#include "include/fb_generated.h"
size_t length{0};
const FB::File *file{nullptr};
+ std::unique_ptr<ldp_xml_parser::Serializer> serializer;
+
void releaseMMap();
void releaseFD();
public:
bool init(const char *filename, bool verify);
bool init(const FB::File *f);
+ bool initFromXML(const char *config_name);
void release();
void printContent() const;
releaseFD();
}
+ if (nullptr != serializer.get()) {
+ serializer.reset(nullptr);
+ }
+
file = nullptr;
}
return true;
}
+bool StorageBackendSerialized::StorageBackendSerializedImpl::initFromXML(const char *config_name) {
+ assert(nullptr == file);
+ assert(nullptr == serializer.get());
+
+ serializer.reset(new ldp_xml_parser::Serializer());
+
+ size_t serialized_size;
+ uint8_t *data = serializer->serialize(config_name, serialized_size);
+ if (nullptr == data)
+ return false;
+
+ return init(FB::GetFile(data));
+}
+
void StorageBackendSerialized::StorageBackendSerializedImpl::printContent() const {
std::cerr << *file;
}
return pimpl->init(f);
}
+bool StorageBackendSerialized::initFromXML(const char *config_name) {
+ return pimpl->initFromXML(config_name);
+}
+
void StorageBackendSerialized::release() {
pimpl->release();
}
bool init(const char *filename, bool verify = false);
bool init(const FB::File *file);
+ bool initFromXML(const char *config_name);
void release();
void printContent() const;
dbuspolicy_init_once();
}
if (!init_once[bus_type]) {
- rp = __internal_init(bus_type, (bus_type == SYSTEM_BUS) ? system_bus_conf_file_primary() : session_bus_conf_file_primary());
+ rp = __internal_init_auto_serialized(bus_type, (bus_type == SYSTEM_BUS) ? system_bus_conf_file_primary() : session_bus_conf_file_primary());
if (rp < 0)
rs = __internal_init(bus_type, (bus_type == SYSTEM_BUS) ? SYSTEM_BUS_CONF_FILE_SECONDARY : SESSION_BUS_CONF_FILE_SECONDARY);
else