static ldp_xml_parser::NaivePolicyChecker policy_checker;
static const char* get_str(const char* const szstr) {
- return (szstr != NULL) ? szstr : "";
-}
-
-static const char** get_strv(const char *s, const char** result) {
- int i = 0;
- unsigned k = 0;
- if (s) {
- while (s[i] && k < KDBUS_CONN_MAX_NAMES + 1) {
- char c;
- while ((c = s[i++]) && ' ' != c);
- result[k++] = s;
- s += i;
- i = 0;
- }
- if (k >= KDBUS_CONN_MAX_NAMES + 1)
- return NULL;
- if (k)
- result[k++] = NULL;
- }
- if (!k) {
- result[0] = "";
- result[1] = NULL;
- }
- return result;
+ return (szstr != NULL) ? szstr : "";
}
int __internal_init(bool bus_type, const char* const config_name)
{
- ldp_xml_parser::XmlParser p;
+ ldp_xml_parser::XmlParser p;
p.registerAdapter(policy_checker.generateAdapter());
- auto err = p.parsePolicy(bus_type, get_str(config_name));
- return err.get();
+ auto err = p.parsePolicy(bus_type, get_str(config_name));
+ return err.get();
}
pthread_mutex_t g_mutex = PTHREAD_MUTEX_INITIALIZER;
const char* const member,
int type)
{
- const char* names[KDBUS_CONN_MAX_NAMES+1];
- const char** ns = get_strv(destination, names);
- if (!ns) {
+ ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND);
+ if (!matcher.addNames(destination)) {
if (tslog::verbose())
- std::cout << "Destination too long: "<<destination<<std::endl;
+ std::cout << "Destination too long: " << destination << std::endl;
return false;
}
- return static_cast<int>(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND));
+ return static_cast<int>(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::SEND));
}
int __internal_can_send_multi_dest(bool bus_type,
- const uid_t user,
- const gid_t group,
- const char* const label,
- const char** const destination,
- const char* const path,
- const char* const interface,
- const char* const member,
- int type)
+ const uid_t user,
+ const gid_t group,
+ const char* const label,
+ const char** const destination,
+ const char* const path,
+ const char* const interface,
+ const char* const member,
+ int type)
{
- return static_cast<int>(policy_checker.check(bus_type, user, group, label, destination, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND));
+ int i = 0;
+ ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::SEND);
+ if (destination)
+ while (destination[i++]) {
+ matcher.addName(destination[i]);
+ }
+ return static_cast<int>(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::SEND));
}
int __internal_can_recv(bool bus_type,
- const uid_t user,
- const gid_t group,
- const char* const label,
- const char* const sender,
- const char* const path,
- const char* const interface,
- const char* const member,
- int type)
+ const uid_t user,
+ const gid_t group,
+ const char* const label,
+ const char* const sender,
+ const char* const path,
+ const char* const interface,
+ const char* const member,
+ int type)
{
- const char* names[KDBUS_CONN_MAX_NAMES+1];
- const char** ns = get_strv(sender, names);
- return static_cast<int>(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::RECEIVE));
+ ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast<ldp_xml_parser::MessageType>(type), ldp_xml_parser::MessageDirection::RECEIVE);
+ if (!matcher.addNames(sender)) {
+ if (tslog::verbose())
+ std::cout << "Sender too long: " << sender << std::endl;
+ return false;
+ }
+ return static_cast<int>(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::RECEIVE));
}
int __internal_can_own(bool bus_type,
- const uid_t user,
- const gid_t group,
- const char* const label,
- const char* const service)
+ const uid_t user,
+ const gid_t group,
+ const char* const label,
+ const char* const service)
{
return static_cast<int>(policy_checker.check(bus_type, user, group, label, service));
}
#include "naive_policy_checker.hpp"
#include "cynara.hpp"
#include "tslog.hpp"
+
using namespace ldp_xml_parser;
+static void __log_item(const MatchItemSR& item)
+{
+ char tmp[MAX_LOG_LINE];
+ const char* i_str = item.toString(tmp);
+ std::cout << "checkpolicy for ownership: " << i_str <<std::endl;
+}
+
+static void __log_item(const ItemOwn& item)
+{
+ char tmp[MAX_LOG_LINE];
+ const char* i_str = item.toString(tmp);
+ std::cout << "checkpolicy for: " << i_str <<std::endl;
+}
+
DbAdapter& NaivePolicyChecker::generateAdapter() {
if (!m_adapter)
m_adapter = new DbAdapter (m_bus_db[0], m_bus_db[1]);
return *m_adapter;
}
-Decision NaivePolicyChecker::checkPolicy(const NaivePolicyDb::Policy& policy,
- const Item& item,
- const char*& privilege)
-{
- if (tslog::verbose()) {
- char tmp[MAX_LOG_LINE];
- const char* i_str = item.toString(tmp);
- std::cout << "checkpolicy for: " << i_str <<std::endl;
- }
- for (auto i : policy) {
- if (tslog::verbose()) {
- char tmp[MAX_LOG_LINE];
- const char* i_str = i->toString(tmp);
- std::cout << "-readed: " << i_str <<std::endl;
- }
- if (i->match(&item)) {
- if (tslog::verbose()) {
- char tmp[MAX_LOG_LINE];
- const char* i_str = i->toString(tmp);
- std::cout << "-matched: " << i_str <<std::endl;
- }
- privilege = i->getPrivilege();
- return i->getDecision();
- }
- }
-
- return Decision::ANY;
-}
-
NaivePolicyDb& NaivePolicyChecker::getPolicyDb(bool type) {
return m_bus_db[type];
}
uid_t uid,
const char* label,
const char* privilege) {
-
char uid_str[17];
if (tslog::verbose()) {
- std::cout<<"----Decision made\n";
+ std::cout << "----Decision made\n";
}
switch (decision)
{
- case Decision::ALLOW:
- return DecisionResult::ALLOW;
- case Decision::ANY:
- case Decision::DENY:
- return DecisionResult::DENY;
- case Decision::CHECK:
- {
- std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid);
- ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str);
- if (ret == ldp_cynara::CynaraResult::ALLOW)
+ case Decision::ALLOW:
return DecisionResult::ALLOW;
- else if (ret == ldp_cynara::CynaraResult::DENY)
+ case Decision::ANY:
+ case Decision::DENY:
return DecisionResult::DENY;
- else
- return DecisionResult::CYNARA_ERROR;
- }
+ case Decision::CHECK:
+ {
+ std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid);
+ ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str);
+ if (ret == ldp_cynara::CynaraResult::ALLOW)
+ return DecisionResult::ALLOW;
+ else if (ret == ldp_cynara::CynaraResult::DENY)
+ return DecisionResult::DENY;
+ else
+ return DecisionResult::CYNARA_ERROR;
+ }
}
-
return DecisionResult::DENY;
}
delete m_adapter;
}
-DecisionResult NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, const Item& item) {
+
+
+DecisionResult NaivePolicyChecker::check(bool bus_type,
+ uid_t uid,
+ gid_t gid,
+ const char* const label,
+ const char* const name) {
+ return this->checkItemOwn(bus_type, uid, gid, label, name, ItemType::OWN);
+}
+
+DecisionResult NaivePolicyChecker::check(bool bus_type,
+ uid_t uid,
+ gid_t gid,
+ const char* const label,
+ MatchItemSR& matcher,
+ ItemType type) {
+ return this->checkItemSR(bus_type, uid, gid, label, matcher, type);
+}
+
+Decision NaivePolicyChecker::checkPolicySR(const NaivePolicyDb::PolicySR& policy,
+ const MatchItemSR& item,
+ const char*& privilege)
+{
+ if (tslog::verbose()) {
+ __log_item(item);
+ }
+ for (auto i : policy) {
+ if (tslog::verbose()) {
+ char tmp[MAX_LOG_LINE];
+ const char* i_str = i->getDecision().toString(tmp);
+ std::cout << "-readed: " << i_str;
+ i_str = i->toString(tmp);
+ std::cout << " " << i_str <<std::endl;
+ }
+ if (i->match(item)) {
+ if (tslog::verbose()) {
+ char tmp[MAX_LOG_LINE];
+ const char* i_str = i->getDecision().toString(tmp);
+ std::cout << "-matched: " << i_str;
+ const char* i_str2 = i->toString(tmp);
+ std::cout << " " << i_str2 <<std::endl;
+ }
+ privilege = i->getDecision().getPrivilege();
+ return i->getDecision().getDecision();
+ }
+ }
+ return Decision::ANY;
+}
+
+Decision NaivePolicyChecker::checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy, const ItemOwn& item, const char*& privilege) {
+ if (tslog::verbose()) {
+ __log_item(item);
+ }
+ const char *name = item.getName();
+ const struct TreeNode *node = policy.getTreeRoot();
+ int childIndex = 0;
+ assert(node);
+ Decision ret = Decision::ANY;
+ while ((name != NULL) && (*name != '\0')) {
+ childIndex = char_map[*name];
+ if (childIndex > 64) {
+ /* name contains forbidden char */
+ privilege = NULL;
+ return Decision::DENY;
+ }
+ /* Current node is prefix, remeber decision */
+ if (node->__is_prefix) {
+ ret = node->__decisionItem.getDecision();;
+ privilege = node->__decisionItem.getPrivilege();
+ }
+ /* Node for this letter dont exist */
+ if (node->children[childIndex] == NULL) {
+ goto out;
+ } else { /* if it exists check for next letter in its child */
+ node = node->children[childIndex];
+ }
+ name++;
+ }
+out:
+ if (ret == Decision::ANY) {
+ privilege = node->__decisionItem.getPrivilege();
+ return node->__decisionItem.getDecision();
+ } else {
+ return ret;
+ }
+}
+
+DecisionResult NaivePolicyChecker::checkItemOwn(bool bus_type, uid_t uid, gid_t gid, const char* label, const ItemOwn& item, const ItemType type) {
NaivePolicyDb& policy_db = getPolicyDb(bus_type);
- ItemType type = item.getType();
Decision ret = Decision::ANY;
const char* privilege;
- const NaivePolicyDb::Policy* curr_policy = NULL;
-
+ const NaivePolicyDb::PolicyOwn* curr_policy = NULL;
if (ret == Decision::ANY) {
- curr_policy = policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY));
- if (curr_policy)
- ret = checkPolicy(*curr_policy, item, privilege);
+ if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), curr_policy))
+ ret = checkPolicyOwn(*curr_policy, item, privilege);
}
-
if (ret == Decision::ANY) {
- curr_policy = policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid));
- if (curr_policy)
- ret = checkPolicy(*curr_policy, item, privilege);
+ if (policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid), curr_policy))
+ ret = checkPolicyOwn(*curr_policy, item, privilege);
}
-
if (ret == Decision::ANY) {
- curr_policy = policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid));
- if (curr_policy)
- ret = checkPolicy(*curr_policy, item, privilege);
+ if (policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid), curr_policy))
+ ret = checkPolicyOwn(*curr_policy, item, privilege);
}
-
if (ret == Decision::ANY) {
- curr_policy = policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT));
- if (curr_policy)
- ret = checkPolicy(*curr_policy, item, privilege);
+ if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), curr_policy))
+ ret = checkPolicyOwn(*curr_policy, item, privilege);
}
-
- if (ret != Decision::ANY)
+ if (ret != Decision::ANY) {
return parseDecision(ret, uid, label, privilege);
- else
+ } else {
return DecisionResult::DENY;
-}
-
-DecisionResult NaivePolicyChecker::check(bool bus_type,
- uid_t uid,
- gid_t gid,
- const char* const label,
- const char* const name) {
- try {
- ItemOwn item = ItemOwn(name);
- return checkItem(bus_type, uid, gid, label, item);
- } catch (std::runtime_error& err) {
- if (tslog::enabled())
- std::cout << err.what() << std::endl;
}
- return DecisionResult::DENY;
}
-DecisionResult NaivePolicyChecker::check(bool bus_type,
- uid_t uid,
- gid_t gid,
- const char* const label,
- const char** const names,
- const char* const interface,
- const char* const member,
- const char* const path,
- MessageType message_type,
- MessageDirection message_dir) {
- try {
- ItemSendReceive item = ItemSendReceive(names, interface, member, path, message_type, message_dir);
- return checkItem(bus_type, uid, gid, label, item);
- } catch (std::runtime_error& err) {
- if (tslog::enabled())
- std::cout << err.what() << std::endl;
+
+DecisionResult NaivePolicyChecker::checkItemSR(bool bus_type, uid_t uid, gid_t gid, const char* label, const MatchItemSR& item, const ItemType type) {
+ NaivePolicyDb& policy_db = getPolicyDb(bus_type);
+ Decision ret = Decision::ANY;
+ const char* privilege;
+ const NaivePolicyDb::PolicySR* curr_policy = NULL;
+ if (ret == Decision::ANY) {
+ if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), curr_policy))
+ ret = checkPolicySR(*curr_policy, item, privilege);
}
- return DecisionResult::DENY;
+ if (ret == Decision::ANY) {
+ if (policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid), curr_policy))
+ ret = checkPolicySR(*curr_policy, item, privilege);
+ }
+ if (ret == Decision::ANY) {
+ if (policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid), curr_policy))
+ ret = checkPolicySR(*curr_policy, item, privilege);
+ }
+ if (ret == Decision::ANY) {
+ if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), curr_policy))
+ ret = checkPolicySR(*curr_policy, item, privilege);
+ }
+ if (ret != Decision::ANY)
+ return parseDecision(ret, uid, label, privilege);
+ else
+ return DecisionResult::DENY;
}
NaivePolicyDb m_bus_db[2];
DbAdapter* m_adapter;
NaivePolicyDb& getPolicyDb(bool type);
- Decision checkPolicy(const NaivePolicyDb::Policy& policy,
- const Item& item,
+
+ Decision checkPolicySR(const NaivePolicyDb::PolicySR& policy,
+ const MatchItemSR& item,
+ const char*& privilege);
+
+ Decision checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy,
+ const ItemOwn& item,
const char*& privilege);
+
DecisionResult parseDecision(Decision decision,
uid_t uid,
const char* label,
const char* privilege);
- DecisionResult checkItem(bool bus_type,
+
+ DecisionResult checkItemSR(bool bus_type,
uid_t uid,
gid_t gid,
const char* label,
- const Item& item);
+ const MatchItemSR& item,
+ const ItemType type);
+
+ DecisionResult checkItemOwn(bool bus_type,
+ uid_t uid,
+ gid_t gid,
+ const char* label,
+ const ItemOwn& item,
+ const ItemType type);
public:
~NaivePolicyChecker();
DbAdapter& generateAdapter();
DecisionResult check(bool bus_type,
- uid_t uid,
- gid_t gid,
- const char* const label,
- const char* const name);
+ uid_t uid,
+ gid_t gid,
+ const char* const label,
+ const char* const name);
DecisionResult check(bool bus_type,
- uid_t uid,
- gid_t gid,
- const char* const label,
- const char** const names,
- const char* const interface,
- const char* const member,
- const char* const path,
- MessageType message_type,
- MessageDirection message_dir);
+ uid_t uid,
+ gid_t gid,
+ const char* const label,
+ MatchItemSR& matcher,
+ ItemType type);
};
}
#endif
#include "naive_policy_db.hpp"
-#include <cstdlib>
+#include "cynara.hpp"
#include "tslog.hpp"
using namespace ldp_xml_parser;
-NaivePolicyDb::Policy::PolicyConstIterator::PolicyConstIterator(const std::vector<Item*>& items, int position)
+
+
+NaivePolicyDb::~NaivePolicyDb() {
+}
+
+NaivePolicyDb::PolicyOwn::PolicyOwn(){
+ treeRootPtr = new struct TreeNode;
+ treeRootPtr->__decisionItem = {Decision::ANY, NULL};
+ treeRootPtr->__nameChar = '\0';
+ treeRootPtr->__is_prefix = false;
+ for (int i = 0; i < MAX_CHILDREN; i++) {
+ treeRootPtr->children[i] = NULL;
+ }
+}
+
+NaivePolicyDb::PolicyOwn::~PolicyOwn(){
+ nodeRemove(&treeRootPtr);
+}
+
+void NaivePolicyDb::PolicyOwn::nodeRemove(TreeNode **node){
+ if (!*node) {
+ return;
+ }
+ for (int i = 0 ; i < MAX_CHILDREN; i++) {
+ if ((*node)->children[i] != NULL) {
+ nodeRemove(&(*node)->children[i]);
+ }
+ }
+ delete *node;
+ *node = NULL;
+}
+
+void NaivePolicyDb::addItem(const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ ItemSendReceive* const item) {
+ if (tslog::enabled()) {
+ char tmp[MAX_LOG_LINE];
+ const char* i_str = item->toString(tmp);
+ std::cout << "Add item: " << i_str << std::endl;
+ }
+
+ const MessageDirection dir = item->getDirection();
+ if (dir == MessageDirection::SEND) {
+ addItem(m_send_set, policy_type, policy_type_value, item);
+ } else if (dir == MessageDirection::RECEIVE) {
+ addItem(m_receive_set, policy_type, policy_type_value, item);
+ } else {
+ addItem(m_send_set, policy_type, policy_type_value, item);
+ addItem(m_receive_set, policy_type, policy_type_value, item);
+ }
+}
+
+void NaivePolicyDb::addItem(const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ ItemOwn* const item) {
+ if (tslog::enabled()) {
+ char tmp[MAX_LOG_LINE];
+ const char* i_str = item->toString(tmp);
+ std::cout << "Add item: " << i_str << std::endl;
+ }
+
+ addItem(m_own_set, policy_type, policy_type_value, item);
+}
+
+
+
+bool NaivePolicyDb::getPolicy(const ItemType item_type,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const NaivePolicyDb::PolicyOwn*& policy) const {
+ return this->getPolicyOwn(m_own_set, policy_type, policy_type_value, policy);
+}
+
+bool NaivePolicyDb::getPolicy(const ItemType item_type,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const NaivePolicyDb::PolicySR*& policy) const {
+ switch (item_type) {
+ case ItemType::SEND:
+ return this->getPolicySR(m_send_set, policy_type, policy_type_value, policy);
+ case ItemType::RECEIVE:
+ return this->getPolicySR(m_receive_set, policy_type, policy_type_value, policy);
+ default:
+ return false;
+ }
+}
+
+
+NaivePolicyDb::PolicySR::PolicyConstIterator::PolicyConstIterator(const std::vector< ItemSendReceive* > & items, int position)
: m_items(items), m_index(position) {
}
- Item* const& NaivePolicyDb::Policy::PolicyConstIterator::operator*() const {
+ItemSendReceive* const& NaivePolicyDb::PolicySR::PolicyConstIterator::operator*() const {
return m_items[m_index];
}
-NaivePolicyDb::Policy::PolicyConstIterator& NaivePolicyDb::Policy::PolicyConstIterator::operator++() {
+
+typename NaivePolicyDb::PolicySR::PolicyConstIterator& NaivePolicyDb::PolicySR::PolicyConstIterator::operator++() {
if (m_index >= 0)
--m_index;
return *this;
}
-bool NaivePolicyDb::Policy::PolicyConstIterator::operator!=(const PolicyConstIterator& it) const {
+
+bool NaivePolicyDb::PolicySR::PolicyConstIterator::operator!=(const PolicyConstIterator& it) const {
return m_index != it.m_index;
}
-NaivePolicyDb::Policy::PolicyIterator::PolicyIterator(std::vector<Item*>& items, int position)
+
+NaivePolicyDb::PolicySR::PolicyIterator::PolicyIterator(std::vector< ItemSendReceive* > & items, int position)
: m_items(items), m_index(position) {
}
-Item*& NaivePolicyDb::Policy::PolicyIterator::operator*() {
+
+ItemSendReceive*& NaivePolicyDb::PolicySR::PolicyIterator::operator*() {
return m_items[m_index];
}
-NaivePolicyDb::Policy::PolicyIterator& NaivePolicyDb::Policy::PolicyIterator::operator++() {
+
+typename NaivePolicyDb::PolicySR::PolicyIterator& NaivePolicyDb::PolicySR::PolicyIterator::operator++() {
if (m_index >= 0)
--m_index;
return *this;
}
-bool NaivePolicyDb::Policy::PolicyIterator::operator!=(const PolicyIterator& it) const {
+
+bool NaivePolicyDb::PolicySR::PolicyIterator::operator!=(const PolicyIterator& it) const {
return m_index != it.m_index;
}
-NaivePolicyDb::Policy::PolicyIterator NaivePolicyDb::Policy::begin() {
+
+NaivePolicyDb::PolicySR::PolicyIterator NaivePolicyDb::PolicySR::begin() {
int s = m_items.size() - 1;
- return NaivePolicyDb::Policy::PolicyIterator(m_items, s);
+ return NaivePolicyDb::PolicySR::PolicyIterator(m_items, s);
}
-NaivePolicyDb::Policy::PolicyIterator NaivePolicyDb::Policy::end() {
- return NaivePolicyDb::Policy::PolicyIterator(m_items, -1);
+
+
+NaivePolicyDb::PolicySR::PolicyIterator NaivePolicyDb::PolicySR::end() {
+ return NaivePolicyDb::PolicySR::PolicyIterator(m_items, -1);
}
-NaivePolicyDb::Policy::PolicyConstIterator NaivePolicyDb::Policy::begin() const {
+
+
+NaivePolicyDb::PolicySR::PolicyConstIterator NaivePolicyDb::PolicySR::begin() const {
int s = m_items.size() - 1;
- return NaivePolicyDb::Policy::PolicyConstIterator(m_items, s);
+ return NaivePolicyDb::PolicySR::PolicyConstIterator(m_items, s);
}
-NaivePolicyDb::Policy::PolicyConstIterator NaivePolicyDb::Policy::end() const {
- return NaivePolicyDb::Policy::PolicyConstIterator(m_items, -1);
+
+
+NaivePolicyDb::PolicySR::PolicyConstIterator NaivePolicyDb::PolicySR::end() const {
+ return NaivePolicyDb::PolicySR::PolicyConstIterator(m_items, -1);
}
-void NaivePolicyDb::Policy::addItem(Item* item) {
+
+void NaivePolicyDb::PolicySR::addItem(ItemSendReceive* item) {
m_items.push_back(item);
}
-NaivePolicyDb::~NaivePolicyDb() {
+const struct TreeNode* NaivePolicyDb::PolicyOwn::getTreeRoot() const{
+ assert(treeRootPtr);
+ return treeRootPtr;
}
+void NaivePolicyDb::PolicyOwn::addItem(ItemOwn* item) {
+ const char *name = item->getName();
-const NaivePolicyDb::Policy* NaivePolicyDb::getPolicy(const ItemType item_type,
- const PolicyType policy_type,
- const PolicyTypeValue policy_type_value) {
- PolicyTypeSet* set = NULL;
- switch (item_type) {
- case ItemType::OWN:
- set = &m_own_set;
- break;
- case ItemType::SEND:
- set = &m_send_set;
- break;
- case ItemType::RECEIVE:
- set = &m_receive_set;
- break;
- default:
- break;
+ if (!name) {
+ return;
}
+
+ struct TreeNode *node = treeRootPtr;
+ assert(node);
+
+ const char *tmp = name;
+ while (tmp && *tmp != '\0') {
+ if (char_map[*tmp] > 64) {
+ /* Forbidden char */
+ return;
+ }
+ tmp++;
+ }
+ int childIndex = 0;
+ while (name && *name != '\0') {
+ childIndex = char_map[*name];
+ if (node->children[childIndex] == NULL) {
+ node->children[childIndex] = new struct TreeNode;
+ node->children[childIndex]->__decisionItem = {Decision::ANY, NULL};
+ node->children[childIndex]->__nameChar = *name;
+ node->children[childIndex]->__is_prefix = false;
+ for (int k = 0; k < MAX_CHILDREN; k++) {
+ node->children[childIndex]->children[k] = NULL;
+ }
+
+ node = node->children[childIndex];
+ } else {
+ node = node->children[childIndex];
+ }
+ name++;
+ }
+ node->__decisionItem = item->getDecision();
+ node->__is_prefix = item->isPrefix();
+}
+
+
+bool NaivePolicyDb::getPolicySR(const NaivePolicyDb::PolicyTypeSetSR& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const NaivePolicyDb::PolicySR*& policy) const
+{
if (tslog::enabled())
- std::cout<<"---policy_type =";
- switch (policy_type) {
- case PolicyType::CONTEXT:
- if (tslog::enabled())
- std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl;
- return &set->context[static_cast<std::size_t>(policy_type_value.context) ];
- case PolicyType::USER:
- if (tslog::enabled())
- std::cout << "USER =" << (int)policy_type_value.user << std::endl;
- return &set->user[policy_type_value.user];
- case PolicyType::GROUP:
- if (tslog::enabled())
- std::cout << "GROUP = " << (int)policy_type_value.group << std::endl;
- return &set->group[policy_type_value.group];
+ std::cout << "---policy_type =";
+ try {
+ switch (policy_type) {
+ case PolicyType::CONTEXT:
+ if (tslog::enabled())
+ std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl;
+ policy = &set.context[static_cast<std::size_t>(policy_type_value.context) ];
+ return true;
+ case PolicyType::USER:
+ if (tslog::enabled())
+ std::cout << "USER =" << (int)policy_type_value.user << std::endl;
+ policy = &set.user.at(policy_type_value.user);
+ return true;
+ case PolicyType::GROUP:
+ if (tslog::enabled())
+ std::cout << "GROUP = " << (int)policy_type_value.group << std::endl;
+ policy = &set.group.at(policy_type_value.group);
+ return true;
+ }
+ } catch (std::out_of_range&)
+ {
+ if (tslog::verbose())
+ std::cout << "GetPolicy: Out of Range exception\n";
}
if (tslog::enabled())
std::cout << "NO POLICY\n";
- return NULL;
+ return false;
}
-void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSet& set,
- const PolicyType policy_type,
- const PolicyTypeValue policy_type_value,
- Item* const item) {
+
+void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetSR& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ ItemSendReceive* const item) {
switch (policy_type) {
case PolicyType::CONTEXT:
set.context[static_cast<std::size_t>(policy_type_value.context)].addItem(item);
}
}
-void NaivePolicyDb::addItem(const PolicyType policy_type,
- const PolicyTypeValue policy_type_value,
- Item* const item) {
- const ItemSendReceive* it;
- if (tslog::enabled()) {
- char tmp[MAX_LOG_LINE];
- const char* i_str = item->toString(tmp);
- std::cout<<"Add item: "<< i_str <<std::endl;
+bool NaivePolicyDb::getPolicyOwn(const NaivePolicyDb::PolicyTypeSetOwn& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const NaivePolicyDb::PolicyOwn*& policy) const
+{
+ if (tslog::enabled())
+ std::cout << "---policy_type =";
+ try {
+ switch (policy_type) {
+ case PolicyType::CONTEXT:
+ if (tslog::enabled())
+ std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl;
+ policy = &set.context[static_cast<std::size_t>(policy_type_value.context) ];
+ return true;
+ case PolicyType::USER:
+ if (tslog::enabled())
+ std::cout << "USER =" << (int)policy_type_value.user << std::endl;
+ policy = &set.user.at(policy_type_value.user);
+ return true;
+ case PolicyType::GROUP:
+ if (tslog::enabled())
+ std::cout << "GROUP = " << (int)policy_type_value.group << std::endl;
+ policy = &set.group.at(policy_type_value.group);
+ return true;
+ }
+ } catch (std::out_of_range&)
+ {
+ if (tslog::verbose())
+ std::cout << "GetPolicy: Out of Range exception\n";
}
+ if (tslog::enabled())
+ std::cout << "NO POLICY\n";
+ return false;
+}
- if (dynamic_cast<const ItemOwn*>(item))
- addItem(m_own_set, policy_type, policy_type_value, item);
- else if ((it = dynamic_cast<const ItemSendReceive*>(item))) {
- const MessageDirection dir = it->getDirection();
- if (dir == MessageDirection::SEND)
- addItem(m_send_set, policy_type, policy_type_value, item);
- else if (dir == MessageDirection::RECEIVE)
- addItem(m_receive_set, policy_type, policy_type_value, item);
- else {
- addItem(m_send_set, policy_type, policy_type_value, item);
- addItem(m_receive_set, policy_type, policy_type_value, item);
- }
+
+void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetOwn& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ ItemOwn* const item) {
+ switch (policy_type) {
+ case PolicyType::CONTEXT:
+ set.context[static_cast<std::size_t>(policy_type_value.context)].addItem(item);
+ break;
+ case PolicyType::USER:
+ set.user[policy_type_value.user].addItem(item);
+ break;
+ case PolicyType::GROUP:
+ set.group[policy_type_value.group].addItem(item);
+ break;
}
}
{
class NaivePolicyDb {
public:
- class Policy {
+ class PolicySR {
private:
- std::vector<Item*> m_items;
+ std::vector<ItemSendReceive*> m_items;
public:
class PolicyConstIterator {
private:
- const std::vector<Item*>& m_items;
+ const std::vector<ItemSendReceive*>& m_items;
int m_index;
public:
- PolicyConstIterator(const std::vector<Item*>& items, int position);
- Item* const& operator*() const;
+ PolicyConstIterator(const std::vector<ItemSendReceive*>& items, int position);
+ ItemSendReceive* const& operator*() const;
PolicyConstIterator& operator++();
bool operator!=(const PolicyConstIterator& it) const;
};
class PolicyIterator {
private:
- std::vector<Item*>& m_items;
+ std::vector<ItemSendReceive*>& m_items;
int m_index;
public:
- PolicyIterator(std::vector<Item*>& items, int position);
- Item*& operator*();
+ PolicyIterator(std::vector<ItemSendReceive*>& items, int position);
+ ItemSendReceive*& operator*();
PolicyIterator& operator++();
bool operator!=(const PolicyIterator& it) const;
};
PolicyIterator end();
PolicyConstIterator begin() const;
PolicyConstIterator end() const;
- void addItem(Item* item);
+ void addItem(ItemSendReceive* item);
+ };
+
+
+ class PolicyOwn {
+ private:
+ struct TreeNode *treeRootPtr = NULL;
+ void nodeRemove(TreeNode **node);
+ public:
+ PolicyOwn();
+ ~PolicyOwn();
+ void addItem(ItemOwn* item);
+ const TreeNode* getTreeRoot() const;
};
~NaivePolicyDb();
- const Policy* getPolicy(const ItemType item_type,
- const PolicyType policy_type,
- const PolicyTypeValue policy_type_value);
+ bool getPolicy(const ItemType item_type,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const PolicyOwn*& policy) const;
+
+ bool getPolicy(const ItemType item_type,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const PolicySR*& policy) const;
void addItem(const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
- Item* const item);
+ ItemOwn* const item);
+
+ void addItem(const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ ItemSendReceive* const item);
+
private:
- struct PolicyTypeSet {
- Policy context[static_cast<std::size_t>(ContextType::MAX)];
- std::map<uid_t, Policy> user;
- std::map<gid_t, Policy> group;
+
+ struct PolicyTypeSetOwn {
+ PolicyOwn context[static_cast<std::size_t>(ContextType::MAX)];
+ std::map<uid_t, PolicyOwn > user;
+ std::map<gid_t, PolicyOwn > group;
+ };
+
+ struct PolicyTypeSetSR {
+ PolicySR context[static_cast<std::size_t>(ContextType::MAX)];
+ std::map<uid_t, PolicySR > user;
+ std::map<gid_t, PolicySR > group;
};
- PolicyTypeSet m_own_set;
- PolicyTypeSet m_send_set;
- PolicyTypeSet m_receive_set;
- void addItem(PolicyTypeSet& set,
- const PolicyType policy_type,
- const PolicyTypeValue policy_type_value,
- Item* const item);
+ PolicyTypeSetOwn m_own_set;
+ PolicyTypeSetSR m_send_set;
+ PolicyTypeSetSR m_receive_set;
+
+ void addItem(PolicyTypeSetSR& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ ItemSendReceive* const item);
+
+ bool getPolicySR(const PolicyTypeSetSR& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const PolicySR*& policy) const;
+
+ void addItem(PolicyTypeSetOwn& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ ItemOwn* const item);
+
+ bool getPolicyOwn(const PolicyTypeSetOwn& set,
+ const PolicyType policy_type,
+ const PolicyTypeValue policy_type_value,
+ const PolicyOwn*& policy) const;
};
}
-
#endif
static const char* message_dir[] = { "ANY", "SEND", "RECEIVE"};
static const char* message_decision[] = {"NO_DECISION", "ALLOW", "DENY", "CHECK"};
-static bool __compare_str(const char* a, const char* b) {
-
- while(*a && *b && *a != ' ' && *b != ' ') {
- if (*a != *b)
- return false;
- a++; b++;
- }
- return ((*a == 0 || *a == ' ') && (*b == 0 || *b != ' '));
-}
-
static MessageType __str_to_message_type(const char* str) {
if (!std::strcmp(str, "method_call"))
return MessageType::METHOD_CALL;
state& t,
bool& attr) {
const char* value = NULL;
- if(v.first == "allow" && t == POLICY) {
+ if (v.first == "allow" && t == POLICY) {
__builder.reset();
__builder.addDecision(Decision::ALLOW);
t = ALLOW_DENY_CHECK;
attr = false;
- } else if(v.first == "deny" && t == POLICY) {
+ } else if (v.first == "deny" && t == POLICY) {
__builder.reset();
__builder.addDecision(Decision::DENY);
t = ALLOW_DENY_CHECK;
attr = false;
- } else if(v.first == "check" && t == POLICY) {
+ } else if (v.first == "check" && t == POLICY) {
__builder.reset();
__builder.addDecision(Decision::CHECK);
t = ALLOW_DENY_CHECK;
attr = false;
- } else if(v.first == "<xmlattr>") {
+ } else if (v.first == "<xmlattr>") {
attr = true;
- } else if(attr && t == POLICY) {
+ } else if (attr && t == POLICY) {
if (v.second.data() != "*")
value = v.second.data().c_str();
- if(v.first == "context") {
- if(std::strcmp(value,"mandatory") == 0 ) {
+ if (v.first == "context") {
+ if (std::strcmp(value, "mandatory") == 0 ) {
policy_type = PolicyType::CONTEXT;
policy_type_value.context = ContextType::MANDATORY;
- } else if(std::strcmp(value, "default") == 0) {
+ } else if (std::strcmp(value, "default") == 0) {
policy_type = PolicyType::CONTEXT;
policy_type_value.context = ContextType::DEFAULT;
}
- } else if(v.first == "user") {
+ } else if (v.first == "user") {
policy_type = PolicyType::USER;
policy_type_value.user = convertToUid(value);
- } else if(v.first == "group") {
+ } else if (v.first == "group") {
policy_type = PolicyType::GROUP;
policy_type_value.group = convertToGid(value);
} else {
if (v.second.data() != "*")
value = v.second.data().c_str();
- if(field_has(v, "send_")) {
+ if (field_has(v, "send_")) {
__builder.addDirection(MessageDirection::SEND);
- } else if(field_has(v, "receive_")) {
+ } else if (field_has(v, "receive_")) {
__builder.addDirection(MessageDirection::RECEIVE);
- } else if(v.first == "own") {
+ } else if (v.first == "own") {
__builder.addOwner(value);
__builder.setPrefix(false);
- } else if(v.first == "own_prefix") {
+ } else if (v.first == "own_prefix") {
__builder.addOwner(value);
__builder.setPrefix(true);
- } else if(v.first == "privilege")
+ } else if (v.first == "privilege") {
__builder.addPrivilege(value);
+ }
- if(field_has(v, "_destination"))
+ if (field_has(v, "_destination"))
__builder.addName(value);
- else if(field_has(v, "_sender"))
+ else if (field_has(v, "_sender"))
__builder.addName(value);
- else if(field_has(v, "_path"))
+ else if (field_has(v, "_path"))
__builder.addPath(value);
- else if(field_has(v, "_interface"))
+ else if (field_has(v, "_interface"))
__builder.addInterface(value);
- else if(field_has(v, "_member"))
+ else if (field_has(v, "_member"))
__builder.addMember(value);
- else if(field_has(v, "_type"))
+ else if (field_has(v, "_type"))
__builder.addMessageType(__str_to_message_type(value));
} else {
attr = false;
bool attr,
int level) {
static const int Q_XML_MAX_LEVEL = 10;
- if(level < Q_XML_MAX_LEVEL) {
+ if (level < Q_XML_MAX_LEVEL) {
for(const auto& v : pt) {
- if(v.first == "<xmlcomment>") { continue; }
+ if (v.first == "<xmlcomment>") { continue; }
state t = tag;
updateDecision(v, policy_type, policy_type_value, t, attr);
xmlTraversal(bus, v.second, t, policy_type, policy_type_value, attr, level + 1);
}
-
- if(!pt.empty() && level > 1) {
- Item* it = __builder.generateItem();
- if (it) {
- if (bus)
- __session_db.addItem(policy_type, policy_type_value, it);
- else
- __system_db.addItem(policy_type, policy_type_value, it);
- }
+ if (!pt.empty() && level > 1) {
+ if (bus)
+ __builder.generateItem(__session_db, policy_type, policy_type_value);
+ else
+ __builder.generateItem(__system_db, policy_type, policy_type_value);
}
}
}
const auto& children = xmlTree.get_child("busconfig");
PolicyType policy_type;
PolicyTypeValue policy_type_value;
- for(const auto& x : children) {
- if(x.first == "policy") {
+ for (const auto& x : children) {
+ if (x.first == "policy") {
__tag_state = POLICY;
__attr = false;
xmlTraversal(bus, x.second, POLICY, policy_type, policy_type_value);
}
}
-Item::Item(Decision decision, const char* privilege, bool isOwner)
- : _decision(decision), _privilege(privilege), _is_owner(isOwner) {
-
+DecisionItem::DecisionItem(Decision decision, const char* privilege)
+ : __decision(decision), __privilege(privilege)
+{
}
-Item::~Item() {
- if (_is_owner) {
- delete[] _privilege;
- }
-}
-
-bool Item::match(const Item& item) const {
- return match(&item);
-}
-
-bool Item::match(const Item* item) const {
- return true;
+DecisionItem::~DecisionItem()
+{
+ if (__privilege)
+ delete[] __privilege;
}
-Decision Item::getDecision() const {
- return _decision;
+Decision DecisionItem::getDecision() const {
+ return __decision;
}
-const char* Item::getPrivilege() const {
- return _privilege;
+const char* DecisionItem::getPrivilege() const {
+ return __privilege;
}
-ItemType Item::getType() const {
+ItemType DecisionItem::getType() const {
return ItemType::GENERIC;
}
-const char* Item::toString(char* str) const {
- snprintf(str, MAX_LOG_LINE, "Item: dec(%s) owner(%d) priv(%s)", __decision_to_str(_decision), _is_owner, _privilege);
+const char* DecisionItem::toString(char* str) const {
+ snprintf(str, MAX_LOG_LINE, "Item: dec(%s) priv(%s)", __decision_to_str(__decision), __privilege);
return str;
}
ItemOwn::ItemOwn(const char* name,
- bool is_prefix,
Decision decision,
const char* privilege)
-: Item(decision, privilege), __name(name), __is_prefix(is_prefix) {
+ : __decision(DecisionItem(decision, privilege)), __name(name) {
}
-ItemOwn::~ItemOwn() {
- if (_is_owner) {
- delete[] __name;
- }
-}
ItemType ItemOwn::getType() const {
return ItemType::OWN;
}
-bool ItemOwn::match(const Item* item) const {
- const ItemOwn* it = dynamic_cast<const ItemOwn*>(item);
- if (!it)
- return false;
- if (__is_prefix) {
- int i = 0;
- if (!__name)
- return false;
+const char* ItemOwn::toString(char* str) const {
+ snprintf(str, MAX_LOG_LINE, "ItemOwn: service(%s), pref(%d)", __name, __is_prefix);
+ return str;
+}
- for (i = 0; __name[i] && it->__name[i]; i++)
- if (__name[i] != it->__name[i])
- return false;
+const char* ItemOwn::getName() const {
+ return __name;
+}
- if (__name[i] != 0)
- return false;
+bool ItemOwn::isPrefix() const {
+ return __is_prefix;
+}
- return true;
- } else if (!__name)
- return true;
- else {
- return std::strcmp(__name, it->__name) == 0;
- }
+const DecisionItem& ItemOwn::getDecision() const {
+ return __decision;
}
-const char* ItemOwn::toString(char* str) const {
- char parent[MAX_LOG_LINE];
- const char* t = Item::toString(parent);
- snprintf(str, MAX_LOG_LINE, "ItemOwn: service(%s), pref(%d) <- %s", __name, __is_prefix, t);
- return str;
+NameSR::NameSR(const char* m, int l) : name(m), len(l)
+{
}
-ItemSendReceive::ItemSendReceive(const char** names,
- const char* interface,
- const char* member, const char* path,
- MessageType type, MessageDirection direction,
- Decision decision,
- const char* privilege)
- : Item(decision, privilege),
- __names(names),
- __interface(interface),
- __member(member),
- __path(path),
- __type(type),
- __direction(direction) {
+MatchItemSR::MatchItemSR(const char* i, const char* me, const char* p, MessageType t, MessageDirection d)
+ : names_num(0), interface(i), member(me), path(p), type(t), direction(d) {
}
-const char* ItemSendReceive::toString(char* str) const {
- char parent[MAX_LOG_LINE];
- char buff[MAX_LOG_LINE];
- char* curr = buff;
- const char* t = Item::toString(parent);
+
+MatchItemSR::~MatchItemSR(){
+}
+
+void MatchItemSR::addName(const char* name) {
+ names[names_num++] = NameSR(name, std::strlen(name));
+}
+
+bool MatchItemSR::addNames(const char* name) {
int i = 0;
- int k = 0;
- while(__names && __names[i]){
- for (k = 0; __names[i][k] && __names[i][k] != ' ';k++){
- *curr = __names[i][k];
- curr +=1;
- }
- *curr = ' ';
- curr += 1;
- i++;
+ int j = 0;
+
+ if (name) {
+ assert((name[i] > 'a'&& name[i] < 'z') || (name[i] > 'A'&& name[i] < 'Z') || (name[i] > '0'&& name[i] < '9'));
+ while (name[i] && names_num < KDBUS_CONN_MAX_NAMES + 1) {
+ char c;
+ int len;
+ j = i;
+ while ((c = name[i++]) && ' ' != c);
+ if (!c) {
+ --i;
+ len = i-j;
+ } else {
+ len = i-j-1;
+ }
+ names[names_num++] = NameSR(name + j, len);
+ }
+ if (names_num >= KDBUS_CONN_MAX_NAMES + 1)
+ return false;
}
- *curr = 0;
- curr += 1;
- snprintf(str, MAX_LOG_LINE, "ItemSR: name(%s), inter(%s), member(%s), path(%s), type(%s), dir(%s) <- %s", buff, __interface, __member, __path, __message_type_to_str(__type), __message_dir_to_str(__direction), t);
+ return true;
+}
+
+ItemSendReceive::ItemSendReceive(const char* name,
+ const char* interface,
+ const char* member,
+ const char* path,
+ MessageType type,
+ MessageDirection direction,
+ Decision decision,
+ const char* privilege)
+ : __name(NameSR(name, name?std::strlen(name):0)),
+ __interface(interface),
+ __member(member),
+ __path(path),
+ __type(type),
+ __direction(direction) {
+}
+
+const char* ItemSendReceive::toString(char* str) const {
+ snprintf(str, MAX_LOG_LINE, "ItemSR: name(%s), inter(%s), member(%s), path(%s), type(%s), dir(%s)", __name.name, __interface, __member, __path, __message_type_to_str(__type), __message_dir_to_str(__direction));
return str;
}
+
ItemSendReceive::~ItemSendReceive() {
- if (_is_owner) {
- delete[] __interface;
- delete[] __member;
- delete[] __path;
-
- if (__names) {
- int i = 0;
- while (__names[i])
- delete[] __names[i++];
- delete[] __names;
- }
+ delete[] __interface;
+ delete[] __member;
+ delete[] __path;
+
+ if (__name.len > 0) {
+ delete[] __name.name;
}
}
-bool ItemSendReceive::match(const Item* item) const {
- const ItemSendReceive* it = dynamic_cast<const ItemSendReceive*>(item);
-
- if (!it)
- return false;
-
- if (__type != MessageType::ANY && __type != it->__type)
+bool ItemSendReceive::match(const MatchItemSR& item) const {
+ if (__type != MessageType::ANY && __type != item.type)
return false;
- if (__direction != it->__direction)
+ if (__direction != item.direction)
return false;
- if (__interface && it->__interface && std::strcmp(__interface, it->__interface))
+ if (__interface && item.interface && std::strcmp(__interface, item.interface))
return false;
- if (__path && it->__path && std::strcmp(__path, it->__path))
+ if (__path && item.path && std::strcmp(__path, item.path))
return false;
- if (__member && it->__member && std::strcmp(__member, it->__member))
+ if (__member && item.member && std::strcmp(__member, item.member))
return false;
- if (__names && __names[0]) {
+ if (__name.len > 0 ) {
int i = 0;
bool f = false;
- if (it->__names) {
- while (it->__names[i]) {
- if (__compare_str(it->__names[i++], __names[0])) {
+ if (item.names_num > 0) {
+ while (i < item.names_num) {
+ if (item.names[i].len == __name.len &&
+ !memcmp(item.names[i].name, __name.name, item.names[i].len)) {
f = true;
break;
}
+ i++;
}
if (!f)
return false;
return __direction;
}
+const DecisionItem& ItemSendReceive::getDecision() const {
+ return __decision;
+}
+
ItemOwn* ItemBuilder::getOwnItem() {
- if (!__current) {
- __current = new ItemOwn();
- prepareItem();
- }
- return dynamic_cast<ItemOwn*>(__current);
+ __current_item_type = ItemType::OWN;
+ return &__current_own;
}
ItemSendReceive* ItemBuilder::getSendReceiveItem() {
- if (!__current) {
- __current = new ItemSendReceive();
- prepareItem();
+ if (!__current_sr) {
+ __current_sr = new ItemSendReceive();
}
- return dynamic_cast<ItemSendReceive*>(__current);
+ __current_item_type = ItemType::SEND;
+ return __current_sr;
}
-ItemBuilder::ItemBuilder() : __current(NULL), __delayed_privilege(NULL) {
+ItemBuilder::ItemBuilder() : __current_own(NULL), __current_sr(NULL) {
}
ItemBuilder::~ItemBuilder(){
- if (__delayed_privilege)
- delete[] __delayed_privilege;
- if (__current)
- delete __current;
+ if (__current_sr)
+ delete __current_sr;
}
void ItemBuilder::reset() {
- if (__delayed_privilege)
- delete[] __delayed_privilege;
- if (__current)
- delete __current;
-
- __current = NULL;
- __delayed_privilege = NULL;
+ __decision.__decision = Decision::ANY;
+ __decision.__privilege = NULL;
+ __current_sr = NULL;
+ __current_own = NULL;
}
char* ItemBuilder::duplicate(const char* str) {
return ret;
}
-void ItemBuilder::prepareItem() {
- __current->_is_owner = true;
- if (__delayed_privilege)
- __current->_privilege = __delayed_privilege;
-
- __current->_decision = __delayed_decision;
- __delayed_privilege = NULL;
-}
-
-Item* ItemBuilder::generateItem() {
- Item* ret = __current;
- __current = NULL;
- __delayed_decision = Decision::ANY;
- __delayed_privilege = NULL;
- return ret;
+void ItemBuilder::generateItem(NaivePolicyDb& db, PolicyType& policy_type, PolicyTypeValue& policy_type_value) {
+ if (__current_item_type == ItemType::OWN) {
+ __current_own.__decision = __decision;
+ db.addItem(policy_type, policy_type_value, &__current_own);
+ } else if (__current_sr) {
+ __current_sr->__decision = __decision;
+ db.addItem(policy_type, policy_type_value, __current_sr);
+ }
+ reset();
}
void ItemBuilder::addOwner(const char* owner) {
void ItemBuilder::addName(const char* name) {
ItemSendReceive* sr = getSendReceiveItem();
- if (sr->__names) {
- delete sr->__names[0];
- delete[] sr->__names;
+ if (sr->__name.len > 0) {
+ delete[] sr->__name.name;
+ sr->__name.len = 0;
}
- if (!name)
- sr->__names = NULL;
- else {
- sr->__names = new const char*[2];
- sr->__names[0] = duplicate(name);
- sr->__names[1] = NULL;
+
+ if (!name) {
+ sr->__name.name = NULL;
+ } else {
+ sr->__name.name = duplicate(name);
+ sr->__name.len = std::strlen(name);
+ }
+}
+
+const char* MatchItemSR::toString(char* str) const {
+ char tmp[MAX_LOG_LINE];
+ tmp[0] = 0;
+ for (int i = 0; i < names_num; i++) {
+ std::strcat(tmp, names[i].name);
+ std::strcat(tmp, " ");
}
+ snprintf(str, MAX_LOG_LINE, "matcher: services(%s), interface(%s), member(%s), path(%s), type(%s), direction(%s)", tmp, interface, member, path, __message_type_to_str(type), __message_dir_to_str(direction) );
+ return str;
}
void ItemBuilder::addInterface(const char* interface) {
}
void ItemBuilder::addPrivilege(const char* privilege) {
- if (!__current)
- __delayed_privilege = duplicate(privilege);
- else
- __current->_privilege = duplicate(privilege);
+ __decision.__privilege = duplicate(privilege);
}
void ItemBuilder::addDecision(Decision decision) {
- if (!__current)
- __delayed_decision = decision;
- else
- __current->_decision = decision;
+ __decision.__decision = decision;
}
void ItemBuilder::setPrefix(bool value) {
#include <boost/tokenizer.hpp>
#include <boost/property_tree/ptree.hpp>
+#include <internal/internal.h>
#include <string>
#define MAX_LOG_LINE 1024
+#define MAX_CHILDREN 65
namespace ldp_xml_parser
{
+
+ const char char_map[128] {65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,
+ 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65,
+ 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 10, 12, 65,
+ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 65, 65, 65, 65, 65, 65,
+ 65, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53,
+ 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 65, 65, 65, 11,
+ 65, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27,
+ 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 65, 65, 65, 65, 65};
+
enum class MessageType : uint8_t {
ANY = 0,
METHOD_CALL,
RECEIVE
};
- enum class ItemType : uint8_t{
+ enum class ItemType : uint8_t {
GENERIC,
OWN,
SEND,
class ItemBuilder;
- class Item {
- protected:
- Decision _decision;
- const char* _privilege;
- bool _is_owner;
+ class DecisionItem {
+ private:
+ Decision __decision;
+ const char* __privilege;
public:
friend class ItemBuilder;
- Item(Decision decision = Decision::ANY, const char* privilege = NULL, bool isOwner = false);
- virtual ~Item();
- virtual bool match(const Item& item) const;
- virtual bool match(const Item* item) const;
- virtual Decision getDecision() const;
- virtual const char* getPrivilege() const;
- virtual ItemType getType() const;
- virtual const char* toString(char* str) const;
+ DecisionItem(Decision decision = Decision::ANY, const char* privilege = NULL);
+ ~DecisionItem();
+ Decision getDecision() const;
+ const char* getPrivilege() const;
+ ItemType getType() const;
+ const char* toString(char* str) const;
};
- class ItemOwn : public Item {
+ class ItemOwn {
private:
+ DecisionItem __decision;
const char* __name;
bool __is_prefix;
public:
friend class ItemBuilder;
ItemOwn(const char* name = NULL,
- bool is_prefix = false,
Decision decision = Decision::ANY,
const char* privilege = NULL);
- virtual ~ItemOwn();
- virtual bool match(const Item* item) const;
- virtual ItemType getType() const;
- virtual const char* toString(char* str) const;
+ bool match(const char* const name) const;
+ ItemType getType() const;
+ const char* toString(char* str) const;
+ const DecisionItem& getDecision() const;
+ const char* getName() const;
+ bool isPrefix() const;
+ };
+
+ struct TreeNode{
+ DecisionItem __decisionItem;
+ char __nameChar;
+ bool __is_prefix;
+ struct TreeNode *children[MAX_CHILDREN];
+ };
+
+ struct NameSR {
+ const char* name;
+ int len;
+ NameSR(const char* m = NULL, int l = 0);
+ };
+
+ struct MatchItemSR {
+ int names_num;
+ NameSR names[KDBUS_CONN_MAX_NAMES+1];
+ const char* interface;
+ const char* member;
+ const char* path;
+ MessageType type;
+ MessageDirection direction;
+ MatchItemSR(const char* i = NULL, const char* me = NULL, const char* p = NULL, MessageType t = MessageType::ANY, MessageDirection d = MessageDirection::ANY);
+ ~MatchItemSR();
+ void addName(const char* name);
+ bool addNames(const char* name);
+ const char* toString(char* str) const;
};
- class ItemSendReceive : public Item {
- const char** __names;
+ class ItemSendReceive {
+ private:
+ DecisionItem __decision;
+ NameSR __name;
const char* __interface;
const char* __member;
const char* __path;
MessageDirection __direction;
public:
friend class ItemBuilder;
- ItemSendReceive(const char** names = NULL,
+ ItemSendReceive(const char* name = NULL,
const char* interface = NULL,
const char* member = NULL,
const char* path = NULL,
MessageDirection direction = MessageDirection::ANY,
Decision decision = Decision::ANY,
const char* privilege = NULL);
- virtual ~ItemSendReceive();
- virtual bool match(const Item* item) const;
+ ~ItemSendReceive();
+ bool match(const MatchItemSR& item) const;
MessageDirection getDirection() const;
- virtual ItemType getType() const;
- virtual const char* toString(char* str) const;
+ ItemType getType() const;
+ const char* toString(char* str) const;
+ const DecisionItem& getDecision() const;
};
+ class NaivePolicyDb;
class ItemBuilder {
private:
- Item* __current;
- Decision __delayed_decision;
- const char* __delayed_privilege;
+ DecisionItem __decision;
+ ItemOwn __current_own;
+ ItemType __current_item_type;
+ ItemSendReceive* __current_sr;
ItemOwn* getOwnItem();
ItemSendReceive* getSendReceiveItem();
char* duplicate(const char* str);
- void prepareItem();
public:
ItemBuilder();
~ItemBuilder();
- Item* generateItem();
+ void generateItem(NaivePolicyDb& db, PolicyType& policy_type, PolicyTypeValue& policy_type_value);
void reset();
void addUser(const char* name);
void addGroup(const char* name);
void setPrefix(bool value);
};
- class NaivePolicyDb;
class DbAdapter {
private:
enum state {