From 20e460bdb40a42037580bedeb8dae7f17b02c296 Mon Sep 17 00:00:00 2001 From: Adrian Szyndela Date: Tue, 5 Feb 2019 17:27:43 +0100 Subject: [PATCH] refactoring: remove user and group from access PolicySet Additionally, this adds specialized method for getting different policies to get rid of artificial parameterization with PolicyType and PolicyTypeValue. Change-Id: Ib22191aafc8d2823cb52af9b5e61ccf31d207acf --- src/internal/naive_policy_checker.cpp | 12 +++--- src/internal/naive_policy_db.cpp | 77 +++++++++++++++++++++-------------- src/internal/naive_policy_db.hpp | 27 ++++++++---- 3 files changed, 71 insertions(+), 45 deletions(-) diff --git a/src/internal/naive_policy_checker.cpp b/src/internal/naive_policy_checker.cpp index 2ba566d..82fdb2c 100755 --- a/src/internal/naive_policy_checker.cpp +++ b/src/internal/naive_policy_checker.cpp @@ -44,12 +44,12 @@ DecisionItem NaivePolicyChecker::checkItemAccess(bool bus_type, const MatchItemA { const NaivePolicyDb& policy_db = getPolicyDb(bus_type); - DecisionItem ret = policy_db.getDecisionItem(PolicyType::CONTEXT, ContextType::MANDATORY, item); + DecisionItem ret = policy_db.getDecisionItemContextMandatory(item); // access rules can be defined only in default/mandatory context // defining them elsewhere is considered as policy syntax error by dbus-daemon // thus, no checking in user or group policies if (ret.getDecision() == Decision::ANY) - ret = policy_db.getDecisionItem(PolicyType::CONTEXT, ContextType::DEFAULT, item); + ret = policy_db.getDecisionItemContextDefault(item); return ret; } @@ -86,16 +86,16 @@ template DecisionItem NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const T& item) { const NaivePolicyDb& policy_db = getPolicyDb(bus_type); - DecisionItem ret = policy_db.getDecisionItem(PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), item); + DecisionItem ret = policy_db.getDecisionItemContextMandatory(item); if (ret.getDecision() == Decision::ANY) - ret = policy_db.getDecisionItem(PolicyType::USER, PolicyTypeValue(uid), item); + ret = policy_db.getDecisionItemUser(uid, item); if (ret.getDecision() == Decision::ANY) ret = checkGroupPolicies(policy_db, uid, gid, item); if (ret.getDecision() == Decision::ANY) - ret = policy_db.getDecisionItem(PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), item); + ret = policy_db.getDecisionItemContextDefault(item); return ret; } @@ -107,7 +107,7 @@ DecisionItem NaivePolicyChecker::checkGroupPolicies(const NaivePolicyDb& policy_ return Decision::ANY; for (const auto sgid : *sgroups) { - DecisionItem ret = policy_db.getDecisionItem(PolicyType::GROUP, PolicyTypeValue(sgid), item); + DecisionItem ret = policy_db.getDecisionItemGroup(sgid, item); if (ret.getDecision() != Decision::ANY) return ret; diff --git a/src/internal/naive_policy_db.cpp b/src/internal/naive_policy_db.cpp index 70b61eb..a982bcd 100755 --- a/src/internal/naive_policy_db.cpp +++ b/src/internal/naive_policy_db.cpp @@ -40,7 +40,7 @@ namespace ldp_xml_parser { */ #define DEF_GET_POLICY_SET(T, field) \ template <> struct NaivePolicyDb::MatchPolicy { \ - typedef decltype(field)::type policy_type; \ + typedef decltype(field)::policy_type policy_type; \ typedef decltype(field) policy_set_type; \ }; \ template <> \ @@ -125,19 +125,47 @@ void NaivePolicyDb::printContent() const #undef PRINT_MAP } -template -DecisionItem NaivePolicyDb::getDecisionItem(PolicyType policy_type, - PolicyTypeValue policy_type_value, - const T &item) const { - auto policy = getPolicySet().getPolicy(policy_type, policy_type_value); +template +DecisionItem NaivePolicyDb::getDecisionItem(const T &item, + const P *(PS::*f)(Args ... args) const, + Args ...args) const +{ + const auto &policySet = getPolicySet(); + typedef typename std::remove_reference::type PolicySetType; + + auto policy = (policySet.*f)(args...); if (nullptr == policy) return Decision::ANY; - tslog::log_verbose("Checking ", MatchPolicy::policy_type::name, " policy for: ", item, "\n"); + tslog::log_verbose("Checking ", PolicySetType::policy_type::name, " policy for: ", item, "\n"); return policy->getDecisionItem(item); } +template +DecisionItem NaivePolicyDb::getDecisionItemContextMandatory(const T &item) const +{ + return getDecisionItem(item, &MatchPolicy::policy_set_type::getPolicyContextMandatory); +} + +template +DecisionItem NaivePolicyDb::getDecisionItemContextDefault(const T &item) const +{ + return getDecisionItem(item, &MatchPolicy::policy_set_type::getPolicyContextDefault); +} + +template +DecisionItem NaivePolicyDb::getDecisionItemUser(uid_t uid, const T &item) const +{ + return getDecisionItem(item, &MatchPolicy::policy_set_type::getPolicyUser, uid); +} + +template +DecisionItem NaivePolicyDb::getDecisionItemGroup(gid_t gid, const T &item) const +{ + return getDecisionItem(item, &MatchPolicy::policy_set_type::getPolicyGroup, gid); +} + void NaivePolicyDb::updateSupplementaryGroups(const VGid &groups, uid_t uid, gid_t gid) const { auto &vsend = m_send_set.getMapGroup(uid); @@ -361,27 +389,6 @@ P &NaivePolicyDb::PolicySet::getPolicyContext(ContextType type) return contextDefault; } -template -const P *NaivePolicyDb::PolicySet::getPolicy(const PolicyType policy_type, - const PolicyTypeValue policy_type_value) const -{ - switch (policy_type) { - case PolicyType::CONTEXT: - if (ContextType::MANDATORY == policy_type_value.context) - return getPolicyContextMandatory(); - assert(ContextType::DEFAULT == policy_type_value.context); - return getPolicyContextDefault(); - case PolicyType::USER: - return UG::getPolicyUser(policy_type_value.user); - case PolicyType::GROUP: - return UG::getPolicyGroup(policy_type_value.group); - default: - tslog::log("---policy_type = NO POLICY\n"); - } - - return nullptr; -} - template template void NaivePolicyDb::PolicySet::addItem(const PolicyType policy_type, const PolicyTypeValue policy_type_value, @@ -435,8 +442,6 @@ DecisionItem NaivePolicyDb::PolicySR::getDecisionItem(const TM &item) co } return Decision::ANY; } -template DecisionItem NaivePolicyDb::PolicySR::getDecisionItem(const MatchItemSend &item) const; -template DecisionItem NaivePolicyDb::PolicySR::getDecisionItem(const MatchItemReceive &item) const; /****************** NaivePolicyDb::PolicyOwn ************************/ void NaivePolicyDb::PolicyOwn::addItem(ItemOwn &item) { @@ -494,7 +499,8 @@ void NaivePolicyDb::PolicyAccess::printContent() const { /* Explicit instantiation is needed for used public template methods defined in this file. */ #define T_INSTANTIATION(T) \ - template DecisionItem NaivePolicyDb::getDecisionItem(PolicyType policy_type, PolicyTypeValue policy_type_value, const T &item) const; \ + template DecisionItem NaivePolicyDb::getDecisionItemContextMandatory(const T &) const; \ + template DecisionItem NaivePolicyDb::getDecisionItemContextDefault(const T &) const; \ template const NaivePolicyDb::VGid *NaivePolicyDb::getGroups(uid_t, gid_t) const; T_INSTANTIATION(MatchItemOwn) @@ -502,4 +508,13 @@ T_INSTANTIATION(MatchItemSend) T_INSTANTIATION(MatchItemReceive) T_INSTANTIATION(MatchItemAccess) +#define T_INSTANTIATION2(T) \ + template DecisionItem NaivePolicyDb::getDecisionItemUser(uid_t, const T &) const; \ + template DecisionItem NaivePolicyDb::getDecisionItemGroup(gid_t, const T &) const; + +T_INSTANTIATION2(MatchItemOwn) +T_INSTANTIATION2(MatchItemSend) +T_INSTANTIATION2(MatchItemReceive) + #undef T_INSTANTIATION +#undef T_INSTANTIATION2 diff --git a/src/internal/naive_policy_db.hpp b/src/internal/naive_policy_db.hpp index cc14b68..2e6fbc2 100755 --- a/src/internal/naive_policy_db.hpp +++ b/src/internal/naive_policy_db.hpp @@ -137,7 +137,7 @@ namespace ldp_xml_parser mutable std::map mapGroup; public: - typedef P type; + typedef P policy_type; /** Adds given item to policy * \param[in] policy_type Policy type * \param[in] policy_type_value Policy type value @@ -157,9 +157,6 @@ namespace ldp_xml_parser VGid &getMapGroup(uid_t uid) const { return mapGroup[uid]; } void clearMapGroup() { mapGroup.clear(); } - - const P *getPolicy(const PolicyType policy_type, - const PolicyTypeValue policy_type_value) const; }; /** Set of ownership policies */ @@ -169,7 +166,7 @@ namespace ldp_xml_parser /** Set of receive policies */ PolicySet m_receive_set; /** Set of bus access policies */ - PolicySet m_access_set; + PolicySet m_access_set; /* A mutex for mapGroups within sets */ mutable pthread_mutex_t mutexGroup = PTHREAD_MUTEX_INITIALIZER; @@ -180,12 +177,29 @@ namespace ldp_xml_parser template const typename MatchPolicy::policy_set_type &getPolicySet() const; + template ::policy_type, + typename PS = typename MatchPolicy::policy_set_type, + typename ...Args> + DecisionItem getDecisionItem(const T &item, + const P *(PS::*f)(Args ... args) const, + Args ...args) const; + void updateSupplementaryGroups(const VGid &groups, uid_t uid, gid_t gid) const; void updateSupplementaryGroupsOwn(const VGid &groups, uid_t uid, gid_t gid) const; public: void printContent() const; template + DecisionItem getDecisionItemContextMandatory(const T &item) const; + template + DecisionItem getDecisionItemContextDefault(const T &item) const; + template + DecisionItem getDecisionItemUser(uid_t uid, const T &item) const; + template + DecisionItem getDecisionItemGroup(gid_t gid, const T &item) const; + + template const VGid *getGroups(uid_t uid, gid_t gid) const; void initializeGroups(uid_t uid, gid_t gid); @@ -226,9 +240,6 @@ namespace ldp_xml_parser const PolicyTypeValue policy_type_value, ItemAccess &item); - template - DecisionItem getDecisionItem(PolicyType policy_type, PolicyTypeValue policy_type_value, - const T &item) const; }; } #endif -- 2.7.4