{
const NaivePolicyDb& policy_db = getPolicyDb(bus_type);
- DecisionItem ret = policy_db.getDecisionItem(PolicyType::CONTEXT, ContextType::MANDATORY, item);
+ DecisionItem ret = policy_db.getDecisionItemContextMandatory(item);
// access rules can be defined only in default/mandatory context
// defining them elsewhere is considered as policy syntax error by dbus-daemon
// thus, no checking in user or group policies
if (ret.getDecision() == Decision::ANY)
- ret = policy_db.getDecisionItem(PolicyType::CONTEXT, ContextType::DEFAULT, item);
+ ret = policy_db.getDecisionItemContextDefault(item);
return ret;
}
DecisionItem NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const T& item) {
const NaivePolicyDb& policy_db = getPolicyDb(bus_type);
- DecisionItem ret = policy_db.getDecisionItem(PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), item);
+ DecisionItem ret = policy_db.getDecisionItemContextMandatory(item);
if (ret.getDecision() == Decision::ANY)
- ret = policy_db.getDecisionItem(PolicyType::USER, PolicyTypeValue(uid), item);
+ ret = policy_db.getDecisionItemUser(uid, item);
if (ret.getDecision() == Decision::ANY)
ret = checkGroupPolicies<T>(policy_db, uid, gid, item);
if (ret.getDecision() == Decision::ANY)
- ret = policy_db.getDecisionItem(PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), item);
+ ret = policy_db.getDecisionItemContextDefault(item);
return ret;
}
return Decision::ANY;
for (const auto sgid : *sgroups) {
- DecisionItem ret = policy_db.getDecisionItem(PolicyType::GROUP, PolicyTypeValue(sgid), item);
+ DecisionItem ret = policy_db.getDecisionItemGroup(sgid, item);
if (ret.getDecision() != Decision::ANY)
return ret;
*/
#define DEF_GET_POLICY_SET(T, field) \
template <> struct NaivePolicyDb::MatchPolicy<T> { \
- typedef decltype(field)::type policy_type; \
+ typedef decltype(field)::policy_type policy_type; \
typedef decltype(field) policy_set_type; \
}; \
template <> \
#undef PRINT_MAP
}
-template <typename T>
-DecisionItem NaivePolicyDb::getDecisionItem(PolicyType policy_type,
- PolicyTypeValue policy_type_value,
- const T &item) const {
- auto policy = getPolicySet<T>().getPolicy(policy_type, policy_type_value);
+template <typename T, typename P, typename PS, typename ...Args>
+DecisionItem NaivePolicyDb::getDecisionItem(const T &item,
+ const P *(PS::*f)(Args ... args) const,
+ Args ...args) const
+{
+ const auto &policySet = getPolicySet<T>();
+ typedef typename std::remove_reference<decltype(policySet)>::type PolicySetType;
+
+ auto policy = (policySet.*f)(args...);
if (nullptr == policy)
return Decision::ANY;
- tslog::log_verbose("Checking ", MatchPolicy<T>::policy_type::name, " policy for: ", item, "\n");
+ tslog::log_verbose("Checking ", PolicySetType::policy_type::name, " policy for: ", item, "\n");
return policy->getDecisionItem(item);
}
+template <typename T>
+DecisionItem NaivePolicyDb::getDecisionItemContextMandatory(const T &item) const
+{
+ return getDecisionItem<T>(item, &MatchPolicy<T>::policy_set_type::getPolicyContextMandatory);
+}
+
+template <typename T>
+DecisionItem NaivePolicyDb::getDecisionItemContextDefault(const T &item) const
+{
+ return getDecisionItem<T>(item, &MatchPolicy<T>::policy_set_type::getPolicyContextDefault);
+}
+
+template <typename T>
+DecisionItem NaivePolicyDb::getDecisionItemUser(uid_t uid, const T &item) const
+{
+ return getDecisionItem<T>(item, &MatchPolicy<T>::policy_set_type::getPolicyUser, uid);
+}
+
+template <typename T>
+DecisionItem NaivePolicyDb::getDecisionItemGroup(gid_t gid, const T &item) const
+{
+ return getDecisionItem<T>(item, &MatchPolicy<T>::policy_set_type::getPolicyGroup, gid);
+}
+
void NaivePolicyDb::updateSupplementaryGroups(const VGid &groups, uid_t uid, gid_t gid) const
{
auto &vsend = m_send_set.getMapGroup(uid);
return contextDefault;
}
-template <typename P, typename UG>
-const P *NaivePolicyDb::PolicySet<P, UG>::getPolicy(const PolicyType policy_type,
- const PolicyTypeValue policy_type_value) const
-{
- switch (policy_type) {
- case PolicyType::CONTEXT:
- if (ContextType::MANDATORY == policy_type_value.context)
- return getPolicyContextMandatory();
- assert(ContextType::DEFAULT == policy_type_value.context);
- return getPolicyContextDefault();
- case PolicyType::USER:
- return UG::getPolicyUser(policy_type_value.user);
- case PolicyType::GROUP:
- return UG::getPolicyGroup(policy_type_value.group);
- default:
- tslog::log("---policy_type = NO POLICY\n");
- }
-
- return nullptr;
-}
-
template <typename P, typename UG> template <typename T>
void NaivePolicyDb::PolicySet<P, UG>::addItem(const PolicyType policy_type,
const PolicyTypeValue policy_type_value,
}
return Decision::ANY;
}
-template DecisionItem NaivePolicyDb::PolicySR<ItemSend, MatchItemSend>::getDecisionItem(const MatchItemSend &item) const;
-template DecisionItem NaivePolicyDb::PolicySR<ItemReceive, MatchItemReceive>::getDecisionItem(const MatchItemReceive &item) const;
/****************** NaivePolicyDb::PolicyOwn ************************/
void NaivePolicyDb::PolicyOwn::addItem(ItemOwn &item) {
/* Explicit instantiation is needed for used public template methods defined in this file.
*/
#define T_INSTANTIATION(T) \
- template DecisionItem NaivePolicyDb::getDecisionItem<T>(PolicyType policy_type, PolicyTypeValue policy_type_value, const T &item) const; \
+ template DecisionItem NaivePolicyDb::getDecisionItemContextMandatory<T>(const T &) const; \
+ template DecisionItem NaivePolicyDb::getDecisionItemContextDefault<T>(const T &) const; \
template const NaivePolicyDb::VGid *NaivePolicyDb::getGroups<T>(uid_t, gid_t) const;
T_INSTANTIATION(MatchItemOwn)
T_INSTANTIATION(MatchItemReceive)
T_INSTANTIATION(MatchItemAccess)
+#define T_INSTANTIATION2(T) \
+ template DecisionItem NaivePolicyDb::getDecisionItemUser<T>(uid_t, const T &) const; \
+ template DecisionItem NaivePolicyDb::getDecisionItemGroup<T>(gid_t, const T &) const;
+
+T_INSTANTIATION2(MatchItemOwn)
+T_INSTANTIATION2(MatchItemSend)
+T_INSTANTIATION2(MatchItemReceive)
+
#undef T_INSTANTIATION
+#undef T_INSTANTIATION2
mutable std::map<gid_t, VGid> mapGroup;
public:
- typedef P type;
+ typedef P policy_type;
/** Adds given item to policy
* \param[in] policy_type Policy type
* \param[in] policy_type_value Policy type value
VGid &getMapGroup(uid_t uid) const { return mapGroup[uid]; }
void clearMapGroup() { mapGroup.clear(); }
-
- const P *getPolicy(const PolicyType policy_type,
- const PolicyTypeValue policy_type_value) const;
};
/** Set of ownership policies */
/** Set of receive policies */
PolicySet<PolicyReceive> m_receive_set;
/** Set of bus access policies */
- PolicySet<PolicyAccess> m_access_set;
+ PolicySet<PolicyAccess, NoUserAndGroupContext> m_access_set;
/* A mutex for mapGroups within sets */
mutable pthread_mutex_t mutexGroup = PTHREAD_MUTEX_INITIALIZER;
template <typename T>
const typename MatchPolicy<T>::policy_set_type &getPolicySet() const;
+ template <typename T,
+ typename P = typename MatchPolicy<T>::policy_type,
+ typename PS = typename MatchPolicy<T>::policy_set_type,
+ typename ...Args>
+ DecisionItem getDecisionItem(const T &item,
+ const P *(PS::*f)(Args ... args) const,
+ Args ...args) const;
+
void updateSupplementaryGroups(const VGid &groups, uid_t uid, gid_t gid) const;
void updateSupplementaryGroupsOwn(const VGid &groups, uid_t uid, gid_t gid) const;
public:
void printContent() const;
template <typename T>
+ DecisionItem getDecisionItemContextMandatory(const T &item) const;
+ template <typename T>
+ DecisionItem getDecisionItemContextDefault(const T &item) const;
+ template <typename T>
+ DecisionItem getDecisionItemUser(uid_t uid, const T &item) const;
+ template <typename T>
+ DecisionItem getDecisionItemGroup(gid_t gid, const T &item) const;
+
+ template <typename T>
const VGid *getGroups(uid_t uid, gid_t gid) const;
void initializeGroups(uid_t uid, gid_t gid);
const PolicyTypeValue policy_type_value,
ItemAccess &item);
- template <typename T>
- DecisionItem getDecisionItem(PolicyType policy_type, PolicyTypeValue policy_type_value,
- const T &item) const;
};
}
#endif