From 895811c77cb228db2ff58bebed4536f1be89ed1e Mon Sep 17 00:00:00 2001 From: Kazimierz Krosman Date: Mon, 29 Aug 2016 13:05:05 +0200 Subject: [PATCH] Revert "revert changes:revert commit id dc3048a8de00c01514c14ef465a87b8ca9a7c704" This reverts commit 1b4d4f2311ae31440417fafd3233177d39bfd768. This revert is not nessesary- it requiers only simple fix. Change-Id: I4591012edd0d039b1eb7bb382cf0b34b8e5e6771 --- src/internal/internal.cpp | 98 ++++----- src/internal/naive_policy_checker.cpp | 253 +++++++++++++--------- src/internal/naive_policy_checker.hpp | 45 ++-- src/internal/naive_policy_db.cpp | 318 +++++++++++++++++++++------- src/internal/naive_policy_db.hpp | 95 ++++++--- src/internal/policy.cpp | 384 ++++++++++++++++------------------ src/internal/policy.hpp | 108 +++++++--- 7 files changed, 791 insertions(+), 510 deletions(-) mode change 100755 => 100644 src/internal/internal.cpp mode change 100755 => 100644 src/internal/naive_policy_checker.cpp mode change 100755 => 100644 src/internal/naive_policy_checker.hpp mode change 100755 => 100644 src/internal/naive_policy_db.cpp mode change 100755 => 100644 src/internal/naive_policy_db.hpp mode change 100755 => 100644 src/internal/policy.cpp mode change 100755 => 100644 src/internal/policy.hpp diff --git a/src/internal/internal.cpp b/src/internal/internal.cpp old mode 100755 new mode 100644 index 84f25b1..ff19d1b --- a/src/internal/internal.cpp +++ b/src/internal/internal.cpp @@ -27,38 +27,15 @@ static ldp_xml_parser::NaivePolicyChecker policy_checker; static const char* get_str(const char* const szstr) { - return (szstr != NULL) ? szstr : ""; -} - -static const char** get_strv(const char *s, const char** result) { - int i = 0; - unsigned k = 0; - if (s) { - while (s[i] && k < KDBUS_CONN_MAX_NAMES + 1) { - char c; - while ((c = s[i++]) && ' ' != c); - result[k++] = s; - s += i; - i = 0; - } - if (k >= KDBUS_CONN_MAX_NAMES + 1) - return NULL; - if (k) - result[k++] = NULL; - } - if (!k) { - result[0] = ""; - result[1] = NULL; - } - return result; + return (szstr != NULL) ? szstr : ""; } int __internal_init(bool bus_type, const char* const config_name) { - ldp_xml_parser::XmlParser p; + ldp_xml_parser::XmlParser p; p.registerAdapter(policy_checker.generateAdapter()); - auto err = p.parsePolicy(bus_type, get_str(config_name)); - return err.get(); + auto err = p.parsePolicy(bus_type, get_str(config_name)); + return err.get(); } pthread_mutex_t g_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -98,49 +75,58 @@ int __internal_can_send(bool bus_type, const char* const member, int type) { - const char* names[KDBUS_CONN_MAX_NAMES+1]; - const char** ns = get_strv(destination, names); - if (!ns) { + ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND); + if (!matcher.addNames(destination)) { if (tslog::verbose()) - std::cout << "Destination too long: "<(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND)); + return static_cast(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::SEND)); } int __internal_can_send_multi_dest(bool bus_type, - const uid_t user, - const gid_t group, - const char* const label, - const char** const destination, - const char* const path, - const char* const interface, - const char* const member, - int type) + const uid_t user, + const gid_t group, + const char* const label, + const char** const destination, + const char* const path, + const char* const interface, + const char* const member, + int type) { - return static_cast(policy_checker.check(bus_type, user, group, label, destination, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND)); + int i = 0; + ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND); + if (destination) + while (destination[i++]) { + matcher.addName(destination[i]); + } + return static_cast(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::SEND)); } int __internal_can_recv(bool bus_type, - const uid_t user, - const gid_t group, - const char* const label, - const char* const sender, - const char* const path, - const char* const interface, - const char* const member, - int type) + const uid_t user, + const gid_t group, + const char* const label, + const char* const sender, + const char* const path, + const char* const interface, + const char* const member, + int type) { - const char* names[KDBUS_CONN_MAX_NAMES+1]; - const char** ns = get_strv(sender, names); - return static_cast(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::RECEIVE)); + ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::RECEIVE); + if (!matcher.addNames(sender)) { + if (tslog::verbose()) + std::cout << "Sender too long: " << sender << std::endl; + return false; + } + return static_cast(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::RECEIVE)); } int __internal_can_own(bool bus_type, - const uid_t user, - const gid_t group, - const char* const label, - const char* const service) + const uid_t user, + const gid_t group, + const char* const label, + const char* const service) { return static_cast(policy_checker.check(bus_type, user, group, label, service)); } diff --git a/src/internal/naive_policy_checker.cpp b/src/internal/naive_policy_checker.cpp old mode 100755 new mode 100644 index bc2a75d..ca07111 --- a/src/internal/naive_policy_checker.cpp +++ b/src/internal/naive_policy_checker.cpp @@ -1,8 +1,23 @@ #include "naive_policy_checker.hpp" #include "cynara.hpp" #include "tslog.hpp" + using namespace ldp_xml_parser; +static void __log_item(const MatchItemSR& item) +{ + char tmp[MAX_LOG_LINE]; + const char* i_str = item.toString(tmp); + std::cout << "checkpolicy for ownership: " << i_str <toString(tmp); - std::cout << "-readed: " << i_str <match(&item)) { - if (tslog::verbose()) { - char tmp[MAX_LOG_LINE]; - const char* i_str = i->toString(tmp); - std::cout << "-matched: " << i_str <getPrivilege(); - return i->getDecision(); - } - } - - return Decision::ANY; -} - NaivePolicyDb& NaivePolicyChecker::getPolicyDb(bool type) { return m_bus_db[type]; } @@ -47,31 +33,29 @@ DecisionResult NaivePolicyChecker::parseDecision(Decision decision, uid_t uid, const char* label, const char* privilege) { - char uid_str[17]; if (tslog::verbose()) { - std::cout<<"----Decision made\n"; + std::cout << "----Decision made\n"; } switch (decision) { - case Decision::ALLOW: - return DecisionResult::ALLOW; - case Decision::ANY: - case Decision::DENY: - return DecisionResult::DENY; - case Decision::CHECK: - { - std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid); - ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str); - if (ret == ldp_cynara::CynaraResult::ALLOW) + case Decision::ALLOW: return DecisionResult::ALLOW; - else if (ret == ldp_cynara::CynaraResult::DENY) + case Decision::ANY: + case Decision::DENY: return DecisionResult::DENY; - else - return DecisionResult::CYNARA_ERROR; - } + case Decision::CHECK: + { + std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid); + ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str); + if (ret == ldp_cynara::CynaraResult::ALLOW) + return DecisionResult::ALLOW; + else if (ret == ldp_cynara::CynaraResult::DENY) + return DecisionResult::DENY; + else + return DecisionResult::CYNARA_ERROR; + } } - return DecisionResult::DENY; } @@ -79,74 +63,145 @@ NaivePolicyChecker::~NaivePolicyChecker() { delete m_adapter; } -DecisionResult NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, const Item& item) { + + +DecisionResult NaivePolicyChecker::check(bool bus_type, + uid_t uid, + gid_t gid, + const char* const label, + const char* const name) { + return this->checkItemOwn(bus_type, uid, gid, label, name, ItemType::OWN); +} + +DecisionResult NaivePolicyChecker::check(bool bus_type, + uid_t uid, + gid_t gid, + const char* const label, + MatchItemSR& matcher, + ItemType type) { + return this->checkItemSR(bus_type, uid, gid, label, matcher, type); +} + +Decision NaivePolicyChecker::checkPolicySR(const NaivePolicyDb::PolicySR& policy, + const MatchItemSR& item, + const char*& privilege) +{ + if (tslog::verbose()) { + __log_item(item); + } + for (auto i : policy) { + if (tslog::verbose()) { + char tmp[MAX_LOG_LINE]; + const char* i_str = i->getDecision().toString(tmp); + std::cout << "-readed: " << i_str; + i_str = i->toString(tmp); + std::cout << " " << i_str <match(item)) { + if (tslog::verbose()) { + char tmp[MAX_LOG_LINE]; + const char* i_str = i->getDecision().toString(tmp); + std::cout << "-matched: " << i_str; + const char* i_str2 = i->toString(tmp); + std::cout << " " << i_str2 <getDecision().getPrivilege(); + return i->getDecision().getDecision(); + } + } + return Decision::ANY; +} + +Decision NaivePolicyChecker::checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy, const ItemOwn& item, const char*& privilege) { + if (tslog::verbose()) { + __log_item(item); + } + const char *name = item.getName(); + const struct TreeNode *node = policy.getTreeRoot(); + int childIndex = 0; + assert(node); + Decision ret = Decision::ANY; + while ((name != NULL) && (*name != '\0')) { + childIndex = char_map[*name]; + if (childIndex > 64) { + /* name contains forbidden char */ + privilege = NULL; + return Decision::DENY; + } + /* Current node is prefix, remeber decision */ + if (node->__is_prefix) { + ret = node->__decisionItem.getDecision();; + privilege = node->__decisionItem.getPrivilege(); + } + /* Node for this letter dont exist */ + if (node->children[childIndex] == NULL) { + goto out; + } else { /* if it exists check for next letter in its child */ + node = node->children[childIndex]; + } + name++; + } +out: + if (ret == Decision::ANY) { + privilege = node->__decisionItem.getPrivilege(); + return node->__decisionItem.getDecision(); + } else { + return ret; + } +} + +DecisionResult NaivePolicyChecker::checkItemOwn(bool bus_type, uid_t uid, gid_t gid, const char* label, const ItemOwn& item, const ItemType type) { NaivePolicyDb& policy_db = getPolicyDb(bus_type); - ItemType type = item.getType(); Decision ret = Decision::ANY; const char* privilege; - const NaivePolicyDb::Policy* curr_policy = NULL; - + const NaivePolicyDb::PolicyOwn* curr_policy = NULL; if (ret == Decision::ANY) { - curr_policy = policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY)); - if (curr_policy) - ret = checkPolicy(*curr_policy, item, privilege); + if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), curr_policy)) + ret = checkPolicyOwn(*curr_policy, item, privilege); } - if (ret == Decision::ANY) { - curr_policy = policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid)); - if (curr_policy) - ret = checkPolicy(*curr_policy, item, privilege); + if (policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid), curr_policy)) + ret = checkPolicyOwn(*curr_policy, item, privilege); } - if (ret == Decision::ANY) { - curr_policy = policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid)); - if (curr_policy) - ret = checkPolicy(*curr_policy, item, privilege); + if (policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid), curr_policy)) + ret = checkPolicyOwn(*curr_policy, item, privilege); } - if (ret == Decision::ANY) { - curr_policy = policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT)); - if (curr_policy) - ret = checkPolicy(*curr_policy, item, privilege); + if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), curr_policy)) + ret = checkPolicyOwn(*curr_policy, item, privilege); } - - if (ret != Decision::ANY) + if (ret != Decision::ANY) { return parseDecision(ret, uid, label, privilege); - else + } else { return DecisionResult::DENY; -} - -DecisionResult NaivePolicyChecker::check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - const char* const name) { - try { - ItemOwn item = ItemOwn(name); - return checkItem(bus_type, uid, gid, label, item); - } catch (std::runtime_error& err) { - if (tslog::enabled()) - std::cout << err.what() << std::endl; } - return DecisionResult::DENY; } -DecisionResult NaivePolicyChecker::check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - const char** const names, - const char* const interface, - const char* const member, - const char* const path, - MessageType message_type, - MessageDirection message_dir) { - try { - ItemSendReceive item = ItemSendReceive(names, interface, member, path, message_type, message_dir); - return checkItem(bus_type, uid, gid, label, item); - } catch (std::runtime_error& err) { - if (tslog::enabled()) - std::cout << err.what() << std::endl; + +DecisionResult NaivePolicyChecker::checkItemSR(bool bus_type, uid_t uid, gid_t gid, const char* label, const MatchItemSR& item, const ItemType type) { + NaivePolicyDb& policy_db = getPolicyDb(bus_type); + Decision ret = Decision::ANY; + const char* privilege; + const NaivePolicyDb::PolicySR* curr_policy = NULL; + if (ret == Decision::ANY) { + if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), curr_policy)) + ret = checkPolicySR(*curr_policy, item, privilege); } - return DecisionResult::DENY; + if (ret == Decision::ANY) { + if (policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid), curr_policy)) + ret = checkPolicySR(*curr_policy, item, privilege); + } + if (ret == Decision::ANY) { + if (policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid), curr_policy)) + ret = checkPolicySR(*curr_policy, item, privilege); + } + if (ret == Decision::ANY) { + if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), curr_policy)) + ret = checkPolicySR(*curr_policy, item, privilege); + } + if (ret != Decision::ANY) + return parseDecision(ret, uid, label, privilege); + else + return DecisionResult::DENY; } diff --git a/src/internal/naive_policy_checker.hpp b/src/internal/naive_policy_checker.hpp old mode 100755 new mode 100644 index 7e351a3..a54302d --- a/src/internal/naive_policy_checker.hpp +++ b/src/internal/naive_policy_checker.hpp @@ -26,36 +26,47 @@ namespace ldp_xml_parser NaivePolicyDb m_bus_db[2]; DbAdapter* m_adapter; NaivePolicyDb& getPolicyDb(bool type); - Decision checkPolicy(const NaivePolicyDb::Policy& policy, - const Item& item, + + Decision checkPolicySR(const NaivePolicyDb::PolicySR& policy, + const MatchItemSR& item, + const char*& privilege); + + Decision checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy, + const ItemOwn& item, const char*& privilege); + DecisionResult parseDecision(Decision decision, uid_t uid, const char* label, const char* privilege); - DecisionResult checkItem(bool bus_type, + + DecisionResult checkItemSR(bool bus_type, uid_t uid, gid_t gid, const char* label, - const Item& item); + const MatchItemSR& item, + const ItemType type); + + DecisionResult checkItemOwn(bool bus_type, + uid_t uid, + gid_t gid, + const char* label, + const ItemOwn& item, + const ItemType type); public: ~NaivePolicyChecker(); DbAdapter& generateAdapter(); DecisionResult check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - const char* const name); + uid_t uid, + gid_t gid, + const char* const label, + const char* const name); DecisionResult check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - const char** const names, - const char* const interface, - const char* const member, - const char* const path, - MessageType message_type, - MessageDirection message_dir); + uid_t uid, + gid_t gid, + const char* const label, + MatchItemSR& matcher, + ItemType type); }; } #endif diff --git a/src/internal/naive_policy_db.cpp b/src/internal/naive_policy_db.cpp old mode 100755 new mode 100644 index bccf9e3..a623059 --- a/src/internal/naive_policy_db.cpp +++ b/src/internal/naive_policy_db.cpp @@ -1,110 +1,252 @@ #include "naive_policy_db.hpp" -#include +#include "cynara.hpp" #include "tslog.hpp" using namespace ldp_xml_parser; -NaivePolicyDb::Policy::PolicyConstIterator::PolicyConstIterator(const std::vector& items, int position) + + +NaivePolicyDb::~NaivePolicyDb() { +} + +NaivePolicyDb::PolicyOwn::PolicyOwn(){ + treeRootPtr = new struct TreeNode; + treeRootPtr->__decisionItem = {Decision::ANY, NULL}; + treeRootPtr->__nameChar = '\0'; + treeRootPtr->__is_prefix = false; + for (int i = 0; i < MAX_CHILDREN; i++) { + treeRootPtr->children[i] = NULL; + } +} + +NaivePolicyDb::PolicyOwn::~PolicyOwn(){ + nodeRemove(&treeRootPtr); +} + +void NaivePolicyDb::PolicyOwn::nodeRemove(TreeNode **node){ + if (!*node) { + return; + } + for (int i = 0 ; i < MAX_CHILDREN; i++) { + if ((*node)->children[i] != NULL) { + nodeRemove(&(*node)->children[i]); + } + } + delete *node; + *node = NULL; +} + +void NaivePolicyDb::addItem(const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + ItemSendReceive* const item) { + if (tslog::enabled()) { + char tmp[MAX_LOG_LINE]; + const char* i_str = item->toString(tmp); + std::cout << "Add item: " << i_str << std::endl; + } + + const MessageDirection dir = item->getDirection(); + if (dir == MessageDirection::SEND) { + addItem(m_send_set, policy_type, policy_type_value, item); + } else if (dir == MessageDirection::RECEIVE) { + addItem(m_receive_set, policy_type, policy_type_value, item); + } else { + addItem(m_send_set, policy_type, policy_type_value, item); + addItem(m_receive_set, policy_type, policy_type_value, item); + } +} + +void NaivePolicyDb::addItem(const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + ItemOwn* const item) { + if (tslog::enabled()) { + char tmp[MAX_LOG_LINE]; + const char* i_str = item->toString(tmp); + std::cout << "Add item: " << i_str << std::endl; + } + + addItem(m_own_set, policy_type, policy_type_value, item); +} + + + +bool NaivePolicyDb::getPolicy(const ItemType item_type, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + const NaivePolicyDb::PolicyOwn*& policy) const { + return this->getPolicyOwn(m_own_set, policy_type, policy_type_value, policy); +} + +bool NaivePolicyDb::getPolicy(const ItemType item_type, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + const NaivePolicyDb::PolicySR*& policy) const { + switch (item_type) { + case ItemType::SEND: + return this->getPolicySR(m_send_set, policy_type, policy_type_value, policy); + case ItemType::RECEIVE: + return this->getPolicySR(m_receive_set, policy_type, policy_type_value, policy); + default: + return false; + } +} + + +NaivePolicyDb::PolicySR::PolicyConstIterator::PolicyConstIterator(const std::vector< ItemSendReceive* > & items, int position) : m_items(items), m_index(position) { } - Item* const& NaivePolicyDb::Policy::PolicyConstIterator::operator*() const { +ItemSendReceive* const& NaivePolicyDb::PolicySR::PolicyConstIterator::operator*() const { return m_items[m_index]; } -NaivePolicyDb::Policy::PolicyConstIterator& NaivePolicyDb::Policy::PolicyConstIterator::operator++() { + +typename NaivePolicyDb::PolicySR::PolicyConstIterator& NaivePolicyDb::PolicySR::PolicyConstIterator::operator++() { if (m_index >= 0) --m_index; return *this; } -bool NaivePolicyDb::Policy::PolicyConstIterator::operator!=(const PolicyConstIterator& it) const { + +bool NaivePolicyDb::PolicySR::PolicyConstIterator::operator!=(const PolicyConstIterator& it) const { return m_index != it.m_index; } -NaivePolicyDb::Policy::PolicyIterator::PolicyIterator(std::vector& items, int position) + +NaivePolicyDb::PolicySR::PolicyIterator::PolicyIterator(std::vector< ItemSendReceive* > & items, int position) : m_items(items), m_index(position) { } -Item*& NaivePolicyDb::Policy::PolicyIterator::operator*() { + +ItemSendReceive*& NaivePolicyDb::PolicySR::PolicyIterator::operator*() { return m_items[m_index]; } -NaivePolicyDb::Policy::PolicyIterator& NaivePolicyDb::Policy::PolicyIterator::operator++() { + +typename NaivePolicyDb::PolicySR::PolicyIterator& NaivePolicyDb::PolicySR::PolicyIterator::operator++() { if (m_index >= 0) --m_index; return *this; } -bool NaivePolicyDb::Policy::PolicyIterator::operator!=(const PolicyIterator& it) const { + +bool NaivePolicyDb::PolicySR::PolicyIterator::operator!=(const PolicyIterator& it) const { return m_index != it.m_index; } -NaivePolicyDb::Policy::PolicyIterator NaivePolicyDb::Policy::begin() { + +NaivePolicyDb::PolicySR::PolicyIterator NaivePolicyDb::PolicySR::begin() { int s = m_items.size() - 1; - return NaivePolicyDb::Policy::PolicyIterator(m_items, s); + return NaivePolicyDb::PolicySR::PolicyIterator(m_items, s); } -NaivePolicyDb::Policy::PolicyIterator NaivePolicyDb::Policy::end() { - return NaivePolicyDb::Policy::PolicyIterator(m_items, -1); + + +NaivePolicyDb::PolicySR::PolicyIterator NaivePolicyDb::PolicySR::end() { + return NaivePolicyDb::PolicySR::PolicyIterator(m_items, -1); } -NaivePolicyDb::Policy::PolicyConstIterator NaivePolicyDb::Policy::begin() const { + + +NaivePolicyDb::PolicySR::PolicyConstIterator NaivePolicyDb::PolicySR::begin() const { int s = m_items.size() - 1; - return NaivePolicyDb::Policy::PolicyConstIterator(m_items, s); + return NaivePolicyDb::PolicySR::PolicyConstIterator(m_items, s); } -NaivePolicyDb::Policy::PolicyConstIterator NaivePolicyDb::Policy::end() const { - return NaivePolicyDb::Policy::PolicyConstIterator(m_items, -1); + + +NaivePolicyDb::PolicySR::PolicyConstIterator NaivePolicyDb::PolicySR::end() const { + return NaivePolicyDb::PolicySR::PolicyConstIterator(m_items, -1); } -void NaivePolicyDb::Policy::addItem(Item* item) { + +void NaivePolicyDb::PolicySR::addItem(ItemSendReceive* item) { m_items.push_back(item); } -NaivePolicyDb::~NaivePolicyDb() { +const struct TreeNode* NaivePolicyDb::PolicyOwn::getTreeRoot() const{ + assert(treeRootPtr); + return treeRootPtr; } +void NaivePolicyDb::PolicyOwn::addItem(ItemOwn* item) { + const char *name = item->getName(); -const NaivePolicyDb::Policy* NaivePolicyDb::getPolicy(const ItemType item_type, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value) { - PolicyTypeSet* set = NULL; - switch (item_type) { - case ItemType::OWN: - set = &m_own_set; - break; - case ItemType::SEND: - set = &m_send_set; - break; - case ItemType::RECEIVE: - set = &m_receive_set; - break; - default: - break; + if (!name) { + return; } + + struct TreeNode *node = treeRootPtr; + assert(node); + + const char *tmp = name; + while (tmp && *tmp != '\0') { + if (char_map[*tmp] > 64) { + /* Forbidden char */ + return; + } + tmp++; + } + int childIndex = 0; + while (name && *name != '\0') { + childIndex = char_map[*name]; + if (node->children[childIndex] == NULL) { + node->children[childIndex] = new struct TreeNode; + node->children[childIndex]->__decisionItem = {Decision::ANY, NULL}; + node->children[childIndex]->__nameChar = *name; + node->children[childIndex]->__is_prefix = false; + for (int k = 0; k < MAX_CHILDREN; k++) { + node->children[childIndex]->children[k] = NULL; + } + + node = node->children[childIndex]; + } else { + node = node->children[childIndex]; + } + name++; + } + node->__decisionItem = item->getDecision(); + node->__is_prefix = item->isPrefix(); +} + + +bool NaivePolicyDb::getPolicySR(const NaivePolicyDb::PolicyTypeSetSR& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + const NaivePolicyDb::PolicySR*& policy) const +{ if (tslog::enabled()) - std::cout<<"---policy_type ="; - switch (policy_type) { - case PolicyType::CONTEXT: - if (tslog::enabled()) - std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl; - return &set->context[static_cast(policy_type_value.context) ]; - case PolicyType::USER: - if (tslog::enabled()) - std::cout << "USER =" << (int)policy_type_value.user << std::endl; - return &set->user[policy_type_value.user]; - case PolicyType::GROUP: - if (tslog::enabled()) - std::cout << "GROUP = " << (int)policy_type_value.group << std::endl; - return &set->group[policy_type_value.group]; + std::cout << "---policy_type ="; + try { + switch (policy_type) { + case PolicyType::CONTEXT: + if (tslog::enabled()) + std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl; + policy = &set.context[static_cast(policy_type_value.context) ]; + return true; + case PolicyType::USER: + if (tslog::enabled()) + std::cout << "USER =" << (int)policy_type_value.user << std::endl; + policy = &set.user.at(policy_type_value.user); + return true; + case PolicyType::GROUP: + if (tslog::enabled()) + std::cout << "GROUP = " << (int)policy_type_value.group << std::endl; + policy = &set.group.at(policy_type_value.group); + return true; + } + } catch (std::out_of_range&) + { + if (tslog::verbose()) + std::cout << "GetPolicy: Out of Range exception\n"; } if (tslog::enabled()) std::cout << "NO POLICY\n"; - return NULL; + return false; } -void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSet& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - Item* const item) { + +void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetSR& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + ItemSendReceive* const item) { switch (policy_type) { case PolicyType::CONTEXT: set.context[static_cast(policy_type_value.context)].addItem(item); @@ -118,28 +260,56 @@ void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSet& set, } } -void NaivePolicyDb::addItem(const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - Item* const item) { - const ItemSendReceive* it; - if (tslog::enabled()) { - char tmp[MAX_LOG_LINE]; - const char* i_str = item->toString(tmp); - std::cout<<"Add item: "<< i_str <(item)) - addItem(m_own_set, policy_type, policy_type_value, item); - else if ((it = dynamic_cast(item))) { - const MessageDirection dir = it->getDirection(); - if (dir == MessageDirection::SEND) - addItem(m_send_set, policy_type, policy_type_value, item); - else if (dir == MessageDirection::RECEIVE) - addItem(m_receive_set, policy_type, policy_type_value, item); - else { - addItem(m_send_set, policy_type, policy_type_value, item); - addItem(m_receive_set, policy_type, policy_type_value, item); - } + +void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetOwn& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + ItemOwn* const item) { + switch (policy_type) { + case PolicyType::CONTEXT: + set.context[static_cast(policy_type_value.context)].addItem(item); + break; + case PolicyType::USER: + set.user[policy_type_value.user].addItem(item); + break; + case PolicyType::GROUP: + set.group[policy_type_value.group].addItem(item); + break; } } diff --git a/src/internal/naive_policy_db.hpp b/src/internal/naive_policy_db.hpp old mode 100755 new mode 100644 index fdbd0c1..3b8a655 --- a/src/internal/naive_policy_db.hpp +++ b/src/internal/naive_policy_db.hpp @@ -24,28 +24,28 @@ namespace ldp_xml_parser { class NaivePolicyDb { public: - class Policy { + class PolicySR { private: - std::vector m_items; + std::vector m_items; public: class PolicyConstIterator { private: - const std::vector& m_items; + const std::vector& m_items; int m_index; public: - PolicyConstIterator(const std::vector& items, int position); - Item* const& operator*() const; + PolicyConstIterator(const std::vector& items, int position); + ItemSendReceive* const& operator*() const; PolicyConstIterator& operator++(); bool operator!=(const PolicyConstIterator& it) const; }; class PolicyIterator { private: - std::vector& m_items; + std::vector& m_items; int m_index; public: - PolicyIterator(std::vector& items, int position); - Item*& operator*(); + PolicyIterator(std::vector& items, int position); + ItemSendReceive*& operator*(); PolicyIterator& operator++(); bool operator!=(const PolicyIterator& it) const; }; @@ -54,33 +54,78 @@ namespace ldp_xml_parser PolicyIterator end(); PolicyConstIterator begin() const; PolicyConstIterator end() const; - void addItem(Item* item); + void addItem(ItemSendReceive* item); + }; + + + class PolicyOwn { + private: + struct TreeNode *treeRootPtr = NULL; + void nodeRemove(TreeNode **node); + public: + PolicyOwn(); + ~PolicyOwn(); + void addItem(ItemOwn* item); + const TreeNode* getTreeRoot() const; }; ~NaivePolicyDb(); - const Policy* getPolicy(const ItemType item_type, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value); + bool getPolicy(const ItemType item_type, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + const PolicyOwn*& policy) const; + + bool getPolicy(const ItemType item_type, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + const PolicySR*& policy) const; void addItem(const PolicyType policy_type, const PolicyTypeValue policy_type_value, - Item* const item); + ItemOwn* const item); + + void addItem(const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + ItemSendReceive* const item); + private: - struct PolicyTypeSet { - Policy context[static_cast(ContextType::MAX)]; - std::map user; - std::map group; + + struct PolicyTypeSetOwn { + PolicyOwn context[static_cast(ContextType::MAX)]; + std::map user; + std::map group; + }; + + struct PolicyTypeSetSR { + PolicySR context[static_cast(ContextType::MAX)]; + std::map user; + std::map group; }; - PolicyTypeSet m_own_set; - PolicyTypeSet m_send_set; - PolicyTypeSet m_receive_set; - void addItem(PolicyTypeSet& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - Item* const item); + PolicyTypeSetOwn m_own_set; + PolicyTypeSetSR m_send_set; + PolicyTypeSetSR m_receive_set; + + void addItem(PolicyTypeSetSR& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + ItemSendReceive* const item); + + bool getPolicySR(const PolicyTypeSetSR& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + const PolicySR*& policy) const; + + void addItem(PolicyTypeSetOwn& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + ItemOwn* const item); + + bool getPolicyOwn(const PolicyTypeSetOwn& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + const PolicyOwn*& policy) const; }; } - #endif diff --git a/src/internal/policy.cpp b/src/internal/policy.cpp old mode 100755 new mode 100644 index 20076e5..9bcdb63 --- a/src/internal/policy.cpp +++ b/src/internal/policy.cpp @@ -11,16 +11,6 @@ static const char* message_type[] = { "ANY", "METHOD_CALL", "METHOD_RETURN", "ER static const char* message_dir[] = { "ANY", "SEND", "RECEIVE"}; static const char* message_decision[] = {"NO_DECISION", "ALLOW", "DENY", "CHECK"}; -static bool __compare_str(const char* a, const char* b) { - - while(*a && *b && *a != ' ' && *b != ' ') { - if (*a != *b) - return false; - a++; b++; - } - return ((*a == 0 || *a == ' ') && (*b == 0 || *b != ' ')); -} - static MessageType __str_to_message_type(const char* str) { if (!std::strcmp(str, "method_call")) return MessageType::METHOD_CALL; @@ -89,39 +79,39 @@ void DbAdapter::updateDecision(const boost::property_tree::ptree::value_type& v, state& t, bool& attr) { const char* value = NULL; - if(v.first == "allow" && t == POLICY) { + if (v.first == "allow" && t == POLICY) { __builder.reset(); __builder.addDecision(Decision::ALLOW); t = ALLOW_DENY_CHECK; attr = false; - } else if(v.first == "deny" && t == POLICY) { + } else if (v.first == "deny" && t == POLICY) { __builder.reset(); __builder.addDecision(Decision::DENY); t = ALLOW_DENY_CHECK; attr = false; - } else if(v.first == "check" && t == POLICY) { + } else if (v.first == "check" && t == POLICY) { __builder.reset(); __builder.addDecision(Decision::CHECK); t = ALLOW_DENY_CHECK; attr = false; - } else if(v.first == "") { + } else if (v.first == "") { attr = true; - } else if(attr && t == POLICY) { + } else if (attr && t == POLICY) { if (v.second.data() != "*") value = v.second.data().c_str(); - if(v.first == "context") { - if(std::strcmp(value,"mandatory") == 0 ) { + if (v.first == "context") { + if (std::strcmp(value, "mandatory") == 0 ) { policy_type = PolicyType::CONTEXT; policy_type_value.context = ContextType::MANDATORY; - } else if(std::strcmp(value, "default") == 0) { + } else if (std::strcmp(value, "default") == 0) { policy_type = PolicyType::CONTEXT; policy_type_value.context = ContextType::DEFAULT; } - } else if(v.first == "user") { + } else if (v.first == "user") { policy_type = PolicyType::USER; policy_type_value.user = convertToUid(value); - } else if(v.first == "group") { + } else if (v.first == "group") { policy_type = PolicyType::GROUP; policy_type_value.group = convertToGid(value); } else { @@ -132,30 +122,31 @@ void DbAdapter::updateDecision(const boost::property_tree::ptree::value_type& v, if (v.second.data() != "*") value = v.second.data().c_str(); - if(field_has(v, "send_")) { + if (field_has(v, "send_")) { __builder.addDirection(MessageDirection::SEND); - } else if(field_has(v, "receive_")) { + } else if (field_has(v, "receive_")) { __builder.addDirection(MessageDirection::RECEIVE); - } else if(v.first == "own") { + } else if (v.first == "own") { __builder.addOwner(value); __builder.setPrefix(false); - } else if(v.first == "own_prefix") { + } else if (v.first == "own_prefix") { __builder.addOwner(value); __builder.setPrefix(true); - } else if(v.first == "privilege") + } else if (v.first == "privilege") { __builder.addPrivilege(value); + } - if(field_has(v, "_destination")) + if (field_has(v, "_destination")) __builder.addName(value); - else if(field_has(v, "_sender")) + else if (field_has(v, "_sender")) __builder.addName(value); - else if(field_has(v, "_path")) + else if (field_has(v, "_path")) __builder.addPath(value); - else if(field_has(v, "_interface")) + else if (field_has(v, "_interface")) __builder.addInterface(value); - else if(field_has(v, "_member")) + else if (field_has(v, "_member")) __builder.addMember(value); - else if(field_has(v, "_type")) + else if (field_has(v, "_type")) __builder.addMessageType(__str_to_message_type(value)); } else { attr = false; @@ -171,22 +162,18 @@ void DbAdapter::xmlTraversal(bool bus, bool attr, int level) { static const int Q_XML_MAX_LEVEL = 10; - if(level < Q_XML_MAX_LEVEL) { + if (level < Q_XML_MAX_LEVEL) { for(const auto& v : pt) { - if(v.first == "") { continue; } + if (v.first == "") { continue; } state t = tag; updateDecision(v, policy_type, policy_type_value, t, attr); xmlTraversal(bus, v.second, t, policy_type, policy_type_value, attr, level + 1); } - - if(!pt.empty() && level > 1) { - Item* it = __builder.generateItem(); - if (it) { - if (bus) - __session_db.addItem(policy_type, policy_type_value, it); - else - __system_db.addItem(policy_type, policy_type_value, it); - } + if (!pt.empty() && level > 1) { + if (bus) + __builder.generateItem(__session_db, policy_type, policy_type_value); + else + __builder.generateItem(__system_db, policy_type, policy_type_value); } } } @@ -195,8 +182,8 @@ void DbAdapter::updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::ve const auto& children = xmlTree.get_child("busconfig"); PolicyType policy_type; PolicyTypeValue policy_type_value; - for(const auto& x : children) { - if(x.first == "policy") { + for (const auto& x : children) { + if (x.first == "policy") { __tag_state = POLICY; __attr = false; xmlTraversal(bus, x.second, POLICY, policy_type, policy_type_value); @@ -206,169 +193,159 @@ void DbAdapter::updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::ve } } -Item::Item(Decision decision, const char* privilege, bool isOwner) - : _decision(decision), _privilege(privilege), _is_owner(isOwner) { - +DecisionItem::DecisionItem(Decision decision, const char* privilege) + : __decision(decision), __privilege(privilege) +{ } -Item::~Item() { - if (_is_owner) { - delete[] _privilege; - } -} - -bool Item::match(const Item& item) const { - return match(&item); -} - -bool Item::match(const Item* item) const { - return true; +DecisionItem::~DecisionItem() +{ + if (__privilege) + delete[] __privilege; } -Decision Item::getDecision() const { - return _decision; +Decision DecisionItem::getDecision() const { + return __decision; } -const char* Item::getPrivilege() const { - return _privilege; +const char* DecisionItem::getPrivilege() const { + return __privilege; } -ItemType Item::getType() const { +ItemType DecisionItem::getType() const { return ItemType::GENERIC; } -const char* Item::toString(char* str) const { - snprintf(str, MAX_LOG_LINE, "Item: dec(%s) owner(%d) priv(%s)", __decision_to_str(_decision), _is_owner, _privilege); +const char* DecisionItem::toString(char* str) const { + snprintf(str, MAX_LOG_LINE, "Item: dec(%s) priv(%s)", __decision_to_str(__decision), __privilege); return str; } ItemOwn::ItemOwn(const char* name, - bool is_prefix, Decision decision, const char* privilege) -: Item(decision, privilege), __name(name), __is_prefix(is_prefix) { + : __decision(DecisionItem(decision, privilege)), __name(name) { } -ItemOwn::~ItemOwn() { - if (_is_owner) { - delete[] __name; - } -} ItemType ItemOwn::getType() const { return ItemType::OWN; } -bool ItemOwn::match(const Item* item) const { - const ItemOwn* it = dynamic_cast(item); - if (!it) - return false; - if (__is_prefix) { - int i = 0; - if (!__name) - return false; +const char* ItemOwn::toString(char* str) const { + snprintf(str, MAX_LOG_LINE, "ItemOwn: service(%s), pref(%d)", __name, __is_prefix); + return str; +} - for (i = 0; __name[i] && it->__name[i]; i++) - if (__name[i] != it->__name[i]) - return false; +const char* ItemOwn::getName() const { + return __name; +} - if (__name[i] != 0) - return false; +bool ItemOwn::isPrefix() const { + return __is_prefix; +} - return true; - } else if (!__name) - return true; - else { - return std::strcmp(__name, it->__name) == 0; - } +const DecisionItem& ItemOwn::getDecision() const { + return __decision; } -const char* ItemOwn::toString(char* str) const { - char parent[MAX_LOG_LINE]; - const char* t = Item::toString(parent); - snprintf(str, MAX_LOG_LINE, "ItemOwn: service(%s), pref(%d) <- %s", __name, __is_prefix, t); - return str; +NameSR::NameSR(const char* m, int l) : name(m), len(l) +{ } -ItemSendReceive::ItemSendReceive(const char** names, - const char* interface, - const char* member, const char* path, - MessageType type, MessageDirection direction, - Decision decision, - const char* privilege) - : Item(decision, privilege), - __names(names), - __interface(interface), - __member(member), - __path(path), - __type(type), - __direction(direction) { +MatchItemSR::MatchItemSR(const char* i, const char* me, const char* p, MessageType t, MessageDirection d) + : names_num(0), interface(i), member(me), path(p), type(t), direction(d) { } -const char* ItemSendReceive::toString(char* str) const { - char parent[MAX_LOG_LINE]; - char buff[MAX_LOG_LINE]; - char* curr = buff; - const char* t = Item::toString(parent); + +MatchItemSR::~MatchItemSR(){ +} + +void MatchItemSR::addName(const char* name) { + names[names_num++] = NameSR(name, std::strlen(name)); +} + +bool MatchItemSR::addNames(const char* name) { int i = 0; - int k = 0; - while(__names && __names[i]){ - for (k = 0; __names[i][k] && __names[i][k] != ' ';k++){ - *curr = __names[i][k]; - curr +=1; - } - *curr = ' '; - curr += 1; - i++; + int j = 0; + + if (name) { + assert((name[i] > 'a'&& name[i] < 'z') || (name[i] > 'A'&& name[i] < 'Z') || (name[i] > '0'&& name[i] < '9')); + while (name[i] && names_num < KDBUS_CONN_MAX_NAMES + 1) { + char c; + int len; + j = i; + while ((c = name[i++]) && ' ' != c); + if (!c) { + --i; + len = i-j; + } else { + len = i-j-1; + } + names[names_num++] = NameSR(name + j, len); + } + if (names_num >= KDBUS_CONN_MAX_NAMES + 1) + return false; } - *curr = 0; - curr += 1; - snprintf(str, MAX_LOG_LINE, "ItemSR: name(%s), inter(%s), member(%s), path(%s), type(%s), dir(%s) <- %s", buff, __interface, __member, __path, __message_type_to_str(__type), __message_dir_to_str(__direction), t); + return true; +} + +ItemSendReceive::ItemSendReceive(const char* name, + const char* interface, + const char* member, + const char* path, + MessageType type, + MessageDirection direction, + Decision decision, + const char* privilege) + : __name(NameSR(name, name?std::strlen(name):0)), + __interface(interface), + __member(member), + __path(path), + __type(type), + __direction(direction) { +} + +const char* ItemSendReceive::toString(char* str) const { + snprintf(str, MAX_LOG_LINE, "ItemSR: name(%s), inter(%s), member(%s), path(%s), type(%s), dir(%s)", __name.name, __interface, __member, __path, __message_type_to_str(__type), __message_dir_to_str(__direction)); return str; } + ItemSendReceive::~ItemSendReceive() { - if (_is_owner) { - delete[] __interface; - delete[] __member; - delete[] __path; - - if (__names) { - int i = 0; - while (__names[i]) - delete[] __names[i++]; - delete[] __names; - } + delete[] __interface; + delete[] __member; + delete[] __path; + + if (__name.len > 0) { + delete[] __name.name; } } -bool ItemSendReceive::match(const Item* item) const { - const ItemSendReceive* it = dynamic_cast(item); - - if (!it) - return false; - - if (__type != MessageType::ANY && __type != it->__type) +bool ItemSendReceive::match(const MatchItemSR& item) const { + if (__type != MessageType::ANY && __type != item.type) return false; - if (__direction != it->__direction) + if (__direction != item.direction) return false; - if (__interface && it->__interface && std::strcmp(__interface, it->__interface)) + if (__interface && item.interface && std::strcmp(__interface, item.interface)) return false; - if (__path && it->__path && std::strcmp(__path, it->__path)) + if (__path && item.path && std::strcmp(__path, item.path)) return false; - if (__member && it->__member && std::strcmp(__member, it->__member)) + if (__member && item.member && std::strcmp(__member, item.member)) return false; - if (__names && __names[0]) { + if (__name.len > 0 ) { int i = 0; bool f = false; - if (it->__names) { - while (it->__names[i]) { - if (__compare_str(it->__names[i++], __names[0])) { + if (item.names_num > 0) { + while (i < item.names_num) { + if (item.names[i].len == __name.len && + !memcmp(item.names[i].name, __name.name, item.names[i].len)) { f = true; break; } + i++; } if (!f) return false; @@ -390,40 +367,36 @@ MessageDirection ItemSendReceive::getDirection() const { return __direction; } +const DecisionItem& ItemSendReceive::getDecision() const { + return __decision; +} + ItemOwn* ItemBuilder::getOwnItem() { - if (!__current) { - __current = new ItemOwn(); - prepareItem(); - } - return dynamic_cast(__current); + __current_item_type = ItemType::OWN; + return &__current_own; } ItemSendReceive* ItemBuilder::getSendReceiveItem() { - if (!__current) { - __current = new ItemSendReceive(); - prepareItem(); + if (!__current_sr) { + __current_sr = new ItemSendReceive(); } - return dynamic_cast(__current); + __current_item_type = ItemType::SEND; + return __current_sr; } -ItemBuilder::ItemBuilder() : __current(NULL), __delayed_privilege(NULL) { +ItemBuilder::ItemBuilder() : __current_own(NULL), __current_sr(NULL) { } ItemBuilder::~ItemBuilder(){ - if (__delayed_privilege) - delete[] __delayed_privilege; - if (__current) - delete __current; + if (__current_sr) + delete __current_sr; } void ItemBuilder::reset() { - if (__delayed_privilege) - delete[] __delayed_privilege; - if (__current) - delete __current; - - __current = NULL; - __delayed_privilege = NULL; + __decision.__decision = Decision::ANY; + __decision.__privilege = NULL; + __current_sr = NULL; + __current_own = NULL; } char* ItemBuilder::duplicate(const char* str) { @@ -442,21 +415,15 @@ char* ItemBuilder::duplicate(const char* str) { return ret; } -void ItemBuilder::prepareItem() { - __current->_is_owner = true; - if (__delayed_privilege) - __current->_privilege = __delayed_privilege; - - __current->_decision = __delayed_decision; - __delayed_privilege = NULL; -} - -Item* ItemBuilder::generateItem() { - Item* ret = __current; - __current = NULL; - __delayed_decision = Decision::ANY; - __delayed_privilege = NULL; - return ret; +void ItemBuilder::generateItem(NaivePolicyDb& db, PolicyType& policy_type, PolicyTypeValue& policy_type_value) { + if (__current_item_type == ItemType::OWN) { + __current_own.__decision = __decision; + db.addItem(policy_type, policy_type_value, &__current_own); + } else if (__current_sr) { + __current_sr->__decision = __decision; + db.addItem(policy_type, policy_type_value, __current_sr); + } + reset(); } void ItemBuilder::addOwner(const char* owner) { @@ -468,17 +435,28 @@ void ItemBuilder::addOwner(const char* owner) { void ItemBuilder::addName(const char* name) { ItemSendReceive* sr = getSendReceiveItem(); - if (sr->__names) { - delete sr->__names[0]; - delete[] sr->__names; + if (sr->__name.len > 0) { + delete[] sr->__name.name; + sr->__name.len = 0; } - if (!name) - sr->__names = NULL; - else { - sr->__names = new const char*[2]; - sr->__names[0] = duplicate(name); - sr->__names[1] = NULL; + + if (!name) { + sr->__name.name = NULL; + } else { + sr->__name.name = duplicate(name); + sr->__name.len = std::strlen(name); + } +} + +const char* MatchItemSR::toString(char* str) const { + char tmp[MAX_LOG_LINE]; + tmp[0] = 0; + for (int i = 0; i < names_num; i++) { + std::strcat(tmp, names[i].name); + std::strcat(tmp, " "); } + snprintf(str, MAX_LOG_LINE, "matcher: services(%s), interface(%s), member(%s), path(%s), type(%s), direction(%s)", tmp, interface, member, path, __message_type_to_str(type), __message_dir_to_str(direction) ); + return str; } void ItemBuilder::addInterface(const char* interface) { @@ -507,17 +485,11 @@ void ItemBuilder::addDirection(MessageDirection direction) { } void ItemBuilder::addPrivilege(const char* privilege) { - if (!__current) - __delayed_privilege = duplicate(privilege); - else - __current->_privilege = duplicate(privilege); + __decision.__privilege = duplicate(privilege); } void ItemBuilder::addDecision(Decision decision) { - if (!__current) - __delayed_decision = decision; - else - __current->_decision = decision; + __decision.__decision = decision; } void ItemBuilder::setPrefix(bool value) { diff --git a/src/internal/policy.hpp b/src/internal/policy.hpp old mode 100755 new mode 100644 index e76e3f2..55834cc --- a/src/internal/policy.hpp +++ b/src/internal/policy.hpp @@ -18,11 +18,23 @@ #include #include +#include #include #define MAX_LOG_LINE 1024 +#define MAX_CHILDREN 65 namespace ldp_xml_parser { + + const char char_map[128] {65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, + 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, + 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 10, 12, 65, + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 65, 65, 65, 65, 65, 65, + 65, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, + 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 65, 65, 65, 11, + 65, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, + 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 65, 65, 65, 65, 65}; + enum class MessageType : uint8_t { ANY = 0, METHOD_CALL, @@ -37,7 +49,7 @@ namespace ldp_xml_parser RECEIVE }; - enum class ItemType : uint8_t{ + enum class ItemType : uint8_t { GENERIC, OWN, SEND, @@ -80,41 +92,70 @@ namespace ldp_xml_parser class ItemBuilder; - class Item { - protected: - Decision _decision; - const char* _privilege; - bool _is_owner; + class DecisionItem { + private: + Decision __decision; + const char* __privilege; public: friend class ItemBuilder; - Item(Decision decision = Decision::ANY, const char* privilege = NULL, bool isOwner = false); - virtual ~Item(); - virtual bool match(const Item& item) const; - virtual bool match(const Item* item) const; - virtual Decision getDecision() const; - virtual const char* getPrivilege() const; - virtual ItemType getType() const; - virtual const char* toString(char* str) const; + DecisionItem(Decision decision = Decision::ANY, const char* privilege = NULL); + ~DecisionItem(); + Decision getDecision() const; + const char* getPrivilege() const; + ItemType getType() const; + const char* toString(char* str) const; }; - class ItemOwn : public Item { + class ItemOwn { private: + DecisionItem __decision; const char* __name; bool __is_prefix; public: friend class ItemBuilder; ItemOwn(const char* name = NULL, - bool is_prefix = false, Decision decision = Decision::ANY, const char* privilege = NULL); - virtual ~ItemOwn(); - virtual bool match(const Item* item) const; - virtual ItemType getType() const; - virtual const char* toString(char* str) const; + bool match(const char* const name) const; + ItemType getType() const; + const char* toString(char* str) const; + const DecisionItem& getDecision() const; + const char* getName() const; + bool isPrefix() const; + }; + + struct TreeNode{ + DecisionItem __decisionItem; + char __nameChar; + bool __is_prefix; + struct TreeNode *children[MAX_CHILDREN]; + }; + + struct NameSR { + const char* name; + int len; + NameSR(const char* m = NULL, int l = 0); + }; + + struct MatchItemSR { + int names_num; + NameSR names[KDBUS_CONN_MAX_NAMES+1]; + const char* interface; + const char* member; + const char* path; + MessageType type; + MessageDirection direction; + MatchItemSR(const char* i = NULL, const char* me = NULL, const char* p = NULL, MessageType t = MessageType::ANY, MessageDirection d = MessageDirection::ANY); + ~MatchItemSR(); + void addName(const char* name); + bool addNames(const char* name); + const char* toString(char* str) const; }; - class ItemSendReceive : public Item { - const char** __names; + class ItemSendReceive { + private: + DecisionItem __decision; + NameSR __name; const char* __interface; const char* __member; const char* __path; @@ -122,7 +163,7 @@ namespace ldp_xml_parser MessageDirection __direction; public: friend class ItemBuilder; - ItemSendReceive(const char** names = NULL, + ItemSendReceive(const char* name = NULL, const char* interface = NULL, const char* member = NULL, const char* path = NULL, @@ -130,26 +171,28 @@ namespace ldp_xml_parser MessageDirection direction = MessageDirection::ANY, Decision decision = Decision::ANY, const char* privilege = NULL); - virtual ~ItemSendReceive(); - virtual bool match(const Item* item) const; + ~ItemSendReceive(); + bool match(const MatchItemSR& item) const; MessageDirection getDirection() const; - virtual ItemType getType() const; - virtual const char* toString(char* str) const; + ItemType getType() const; + const char* toString(char* str) const; + const DecisionItem& getDecision() const; }; + class NaivePolicyDb; class ItemBuilder { private: - Item* __current; - Decision __delayed_decision; - const char* __delayed_privilege; + DecisionItem __decision; + ItemOwn __current_own; + ItemType __current_item_type; + ItemSendReceive* __current_sr; ItemOwn* getOwnItem(); ItemSendReceive* getSendReceiveItem(); char* duplicate(const char* str); - void prepareItem(); public: ItemBuilder(); ~ItemBuilder(); - Item* generateItem(); + void generateItem(NaivePolicyDb& db, PolicyType& policy_type, PolicyTypeValue& policy_type_value); void reset(); void addUser(const char* name); void addGroup(const char* name); @@ -165,7 +208,6 @@ namespace ldp_xml_parser void setPrefix(bool value); }; - class NaivePolicyDb; class DbAdapter { private: enum state { -- 2.7.4