From 1b4d4f2311ae31440417fafd3233177d39bfd768 Mon Sep 17 00:00:00 2001 From: "sanghyeok.oh" Date: Mon, 29 Aug 2016 14:03:54 +0900 Subject: [PATCH] revert changes:revert commit id dc3048a8de00c01514c14ef465a87b8ca9a7c704 previous submit has bug, and revert it "Prefix tree search for ownership rules, removed virtual methods." id : dc3048a8de00c01514c14ef465a87b8ca9a7c704 Change-Id: I0a73eab24c95f1a6cc3a4e37a9ffb0d2da943e3f Signed-off-by: sanghyeok.oh --- src/internal/internal.cpp | 98 +++++---- src/internal/naive_policy_checker.cpp | 253 +++++++++------------- src/internal/naive_policy_checker.hpp | 45 ++-- src/internal/naive_policy_db.cpp | 318 +++++++--------------------- src/internal/naive_policy_db.hpp | 95 +++------ src/internal/policy.cpp | 384 ++++++++++++++++++---------------- src/internal/policy.hpp | 108 +++------- 7 files changed, 510 insertions(+), 791 deletions(-) mode change 100644 => 100755 src/internal/internal.cpp mode change 100644 => 100755 src/internal/naive_policy_checker.cpp mode change 100644 => 100755 src/internal/naive_policy_checker.hpp mode change 100644 => 100755 src/internal/naive_policy_db.cpp mode change 100644 => 100755 src/internal/naive_policy_db.hpp mode change 100644 => 100755 src/internal/policy.cpp mode change 100644 => 100755 src/internal/policy.hpp diff --git a/src/internal/internal.cpp b/src/internal/internal.cpp old mode 100644 new mode 100755 index ff19d1b..84f25b1 --- a/src/internal/internal.cpp +++ b/src/internal/internal.cpp @@ -27,15 +27,38 @@ static ldp_xml_parser::NaivePolicyChecker policy_checker; static const char* get_str(const char* const szstr) { - return (szstr != NULL) ? szstr : ""; + return (szstr != NULL) ? szstr : ""; +} + +static const char** get_strv(const char *s, const char** result) { + int i = 0; + unsigned k = 0; + if (s) { + while (s[i] && k < KDBUS_CONN_MAX_NAMES + 1) { + char c; + while ((c = s[i++]) && ' ' != c); + result[k++] = s; + s += i; + i = 0; + } + if (k >= KDBUS_CONN_MAX_NAMES + 1) + return NULL; + if (k) + result[k++] = NULL; + } + if (!k) { + result[0] = ""; + result[1] = NULL; + } + return result; } int __internal_init(bool bus_type, const char* const config_name) { - ldp_xml_parser::XmlParser p; + ldp_xml_parser::XmlParser p; p.registerAdapter(policy_checker.generateAdapter()); - auto err = p.parsePolicy(bus_type, get_str(config_name)); - return err.get(); + auto err = p.parsePolicy(bus_type, get_str(config_name)); + return err.get(); } pthread_mutex_t g_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -75,58 +98,49 @@ int __internal_can_send(bool bus_type, const char* const member, int type) { - ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND); - if (!matcher.addNames(destination)) { + const char* names[KDBUS_CONN_MAX_NAMES+1]; + const char** ns = get_strv(destination, names); + if (!ns) { if (tslog::verbose()) - std::cout << "Destination too long: " << destination << std::endl; + std::cout << "Destination too long: "<(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::SEND)); + return static_cast(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND)); } int __internal_can_send_multi_dest(bool bus_type, - const uid_t user, - const gid_t group, - const char* const label, - const char** const destination, - const char* const path, - const char* const interface, - const char* const member, - int type) + const uid_t user, + const gid_t group, + const char* const label, + const char** const destination, + const char* const path, + const char* const interface, + const char* const member, + int type) { - int i = 0; - ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND); - if (destination) - while (destination[i++]) { - matcher.addName(destination[i]); - } - return static_cast(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::SEND)); + return static_cast(policy_checker.check(bus_type, user, group, label, destination, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::SEND)); } int __internal_can_recv(bool bus_type, - const uid_t user, - const gid_t group, - const char* const label, - const char* const sender, - const char* const path, - const char* const interface, - const char* const member, - int type) + const uid_t user, + const gid_t group, + const char* const label, + const char* const sender, + const char* const path, + const char* const interface, + const char* const member, + int type) { - ldp_xml_parser::MatchItemSR matcher(interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::RECEIVE); - if (!matcher.addNames(sender)) { - if (tslog::verbose()) - std::cout << "Sender too long: " << sender << std::endl; - return false; - } - return static_cast(policy_checker.check(bus_type, user, group, label, matcher, ldp_xml_parser::ItemType::RECEIVE)); + const char* names[KDBUS_CONN_MAX_NAMES+1]; + const char** ns = get_strv(sender, names); + return static_cast(policy_checker.check(bus_type, user, group, label, ns, interface, member, path, static_cast(type), ldp_xml_parser::MessageDirection::RECEIVE)); } int __internal_can_own(bool bus_type, - const uid_t user, - const gid_t group, - const char* const label, - const char* const service) + const uid_t user, + const gid_t group, + const char* const label, + const char* const service) { return static_cast(policy_checker.check(bus_type, user, group, label, service)); } diff --git a/src/internal/naive_policy_checker.cpp b/src/internal/naive_policy_checker.cpp old mode 100644 new mode 100755 index ca07111..bc2a75d --- a/src/internal/naive_policy_checker.cpp +++ b/src/internal/naive_policy_checker.cpp @@ -1,23 +1,8 @@ #include "naive_policy_checker.hpp" #include "cynara.hpp" #include "tslog.hpp" - using namespace ldp_xml_parser; -static void __log_item(const MatchItemSR& item) -{ - char tmp[MAX_LOG_LINE]; - const char* i_str = item.toString(tmp); - std::cout << "checkpolicy for ownership: " << i_str <toString(tmp); + std::cout << "-readed: " << i_str <match(&item)) { + if (tslog::verbose()) { + char tmp[MAX_LOG_LINE]; + const char* i_str = i->toString(tmp); + std::cout << "-matched: " << i_str <getPrivilege(); + return i->getDecision(); + } + } + + return Decision::ANY; +} + NaivePolicyDb& NaivePolicyChecker::getPolicyDb(bool type) { return m_bus_db[type]; } @@ -33,29 +47,31 @@ DecisionResult NaivePolicyChecker::parseDecision(Decision decision, uid_t uid, const char* label, const char* privilege) { + char uid_str[17]; if (tslog::verbose()) { - std::cout << "----Decision made\n"; + std::cout<<"----Decision made\n"; } switch (decision) { - case Decision::ALLOW: + case Decision::ALLOW: + return DecisionResult::ALLOW; + case Decision::ANY: + case Decision::DENY: + return DecisionResult::DENY; + case Decision::CHECK: + { + std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid); + ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str); + if (ret == ldp_cynara::CynaraResult::ALLOW) return DecisionResult::ALLOW; - case Decision::ANY: - case Decision::DENY: + else if (ret == ldp_cynara::CynaraResult::DENY) return DecisionResult::DENY; - case Decision::CHECK: - { - std::snprintf(uid_str, sizeof(uid_str) - 1, "%lu", (unsigned long)uid); - ldp_cynara::CynaraResult ret = ldp_cynara::Cynara::check(label, privilege, uid_str); - if (ret == ldp_cynara::CynaraResult::ALLOW) - return DecisionResult::ALLOW; - else if (ret == ldp_cynara::CynaraResult::DENY) - return DecisionResult::DENY; - else - return DecisionResult::CYNARA_ERROR; - } + else + return DecisionResult::CYNARA_ERROR; + } } + return DecisionResult::DENY; } @@ -63,145 +79,74 @@ NaivePolicyChecker::~NaivePolicyChecker() { delete m_adapter; } - - -DecisionResult NaivePolicyChecker::check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - const char* const name) { - return this->checkItemOwn(bus_type, uid, gid, label, name, ItemType::OWN); -} - -DecisionResult NaivePolicyChecker::check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - MatchItemSR& matcher, - ItemType type) { - return this->checkItemSR(bus_type, uid, gid, label, matcher, type); -} - -Decision NaivePolicyChecker::checkPolicySR(const NaivePolicyDb::PolicySR& policy, - const MatchItemSR& item, - const char*& privilege) -{ - if (tslog::verbose()) { - __log_item(item); - } - for (auto i : policy) { - if (tslog::verbose()) { - char tmp[MAX_LOG_LINE]; - const char* i_str = i->getDecision().toString(tmp); - std::cout << "-readed: " << i_str; - i_str = i->toString(tmp); - std::cout << " " << i_str <match(item)) { - if (tslog::verbose()) { - char tmp[MAX_LOG_LINE]; - const char* i_str = i->getDecision().toString(tmp); - std::cout << "-matched: " << i_str; - const char* i_str2 = i->toString(tmp); - std::cout << " " << i_str2 <getDecision().getPrivilege(); - return i->getDecision().getDecision(); - } - } - return Decision::ANY; -} - -Decision NaivePolicyChecker::checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy, const ItemOwn& item, const char*& privilege) { - if (tslog::verbose()) { - __log_item(item); - } - const char *name = item.getName(); - const struct TreeNode *node = policy.getTreeRoot(); - int childIndex = 0; - assert(node); - Decision ret = Decision::ANY; - while ((name != NULL) && (*name != '\0')) { - childIndex = char_map[*name]; - if (childIndex > 64) { - /* name contains forbidden char */ - privilege = NULL; - return Decision::DENY; - } - /* Current node is prefix, remeber decision */ - if (node->__is_prefix) { - ret = node->__decisionItem.getDecision();; - privilege = node->__decisionItem.getPrivilege(); - } - /* Node for this letter dont exist */ - if (node->children[childIndex] == NULL) { - goto out; - } else { /* if it exists check for next letter in its child */ - node = node->children[childIndex]; - } - name++; - } -out: - if (ret == Decision::ANY) { - privilege = node->__decisionItem.getPrivilege(); - return node->__decisionItem.getDecision(); - } else { - return ret; - } -} - -DecisionResult NaivePolicyChecker::checkItemOwn(bool bus_type, uid_t uid, gid_t gid, const char* label, const ItemOwn& item, const ItemType type) { +DecisionResult NaivePolicyChecker::checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, const Item& item) { NaivePolicyDb& policy_db = getPolicyDb(bus_type); + ItemType type = item.getType(); Decision ret = Decision::ANY; const char* privilege; - const NaivePolicyDb::PolicyOwn* curr_policy = NULL; + const NaivePolicyDb::Policy* curr_policy = NULL; + if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), curr_policy)) - ret = checkPolicyOwn(*curr_policy, item, privilege); + curr_policy = policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY)); + if (curr_policy) + ret = checkPolicy(*curr_policy, item, privilege); } + if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid), curr_policy)) - ret = checkPolicyOwn(*curr_policy, item, privilege); + curr_policy = policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid)); + if (curr_policy) + ret = checkPolicy(*curr_policy, item, privilege); } + if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid), curr_policy)) - ret = checkPolicyOwn(*curr_policy, item, privilege); + curr_policy = policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid)); + if (curr_policy) + ret = checkPolicy(*curr_policy, item, privilege); } + if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), curr_policy)) - ret = checkPolicyOwn(*curr_policy, item, privilege); + curr_policy = policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT)); + if (curr_policy) + ret = checkPolicy(*curr_policy, item, privilege); } - if (ret != Decision::ANY) { + + if (ret != Decision::ANY) return parseDecision(ret, uid, label, privilege); - } else { + else return DecisionResult::DENY; - } } - -DecisionResult NaivePolicyChecker::checkItemSR(bool bus_type, uid_t uid, gid_t gid, const char* label, const MatchItemSR& item, const ItemType type) { - NaivePolicyDb& policy_db = getPolicyDb(bus_type); - Decision ret = Decision::ANY; - const char* privilege; - const NaivePolicyDb::PolicySR* curr_policy = NULL; - if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::MANDATORY), curr_policy)) - ret = checkPolicySR(*curr_policy, item, privilege); - } - if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::USER, PolicyTypeValue(uid), curr_policy)) - ret = checkPolicySR(*curr_policy, item, privilege); - } - if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::GROUP, PolicyTypeValue(gid), curr_policy)) - ret = checkPolicySR(*curr_policy, item, privilege); +DecisionResult NaivePolicyChecker::check(bool bus_type, + uid_t uid, + gid_t gid, + const char* const label, + const char* const name) { + try { + ItemOwn item = ItemOwn(name); + return checkItem(bus_type, uid, gid, label, item); + } catch (std::runtime_error& err) { + if (tslog::enabled()) + std::cout << err.what() << std::endl; } - if (ret == Decision::ANY) { - if (policy_db.getPolicy(type, PolicyType::CONTEXT, PolicyTypeValue(ContextType::DEFAULT), curr_policy)) - ret = checkPolicySR(*curr_policy, item, privilege); + return DecisionResult::DENY; +} + +DecisionResult NaivePolicyChecker::check(bool bus_type, + uid_t uid, + gid_t gid, + const char* const label, + const char** const names, + const char* const interface, + const char* const member, + const char* const path, + MessageType message_type, + MessageDirection message_dir) { + try { + ItemSendReceive item = ItemSendReceive(names, interface, member, path, message_type, message_dir); + return checkItem(bus_type, uid, gid, label, item); + } catch (std::runtime_error& err) { + if (tslog::enabled()) + std::cout << err.what() << std::endl; } - if (ret != Decision::ANY) - return parseDecision(ret, uid, label, privilege); - else - return DecisionResult::DENY; + return DecisionResult::DENY; } diff --git a/src/internal/naive_policy_checker.hpp b/src/internal/naive_policy_checker.hpp old mode 100644 new mode 100755 index a54302d..7e351a3 --- a/src/internal/naive_policy_checker.hpp +++ b/src/internal/naive_policy_checker.hpp @@ -26,47 +26,36 @@ namespace ldp_xml_parser NaivePolicyDb m_bus_db[2]; DbAdapter* m_adapter; NaivePolicyDb& getPolicyDb(bool type); - - Decision checkPolicySR(const NaivePolicyDb::PolicySR& policy, - const MatchItemSR& item, - const char*& privilege); - - Decision checkPolicyOwn(const NaivePolicyDb::PolicyOwn& policy, - const ItemOwn& item, + Decision checkPolicy(const NaivePolicyDb::Policy& policy, + const Item& item, const char*& privilege); - DecisionResult parseDecision(Decision decision, uid_t uid, const char* label, const char* privilege); - - DecisionResult checkItemSR(bool bus_type, + DecisionResult checkItem(bool bus_type, uid_t uid, gid_t gid, const char* label, - const MatchItemSR& item, - const ItemType type); - - DecisionResult checkItemOwn(bool bus_type, - uid_t uid, - gid_t gid, - const char* label, - const ItemOwn& item, - const ItemType type); + const Item& item); public: ~NaivePolicyChecker(); DbAdapter& generateAdapter(); DecisionResult check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - const char* const name); + uid_t uid, + gid_t gid, + const char* const label, + const char* const name); DecisionResult check(bool bus_type, - uid_t uid, - gid_t gid, - const char* const label, - MatchItemSR& matcher, - ItemType type); + uid_t uid, + gid_t gid, + const char* const label, + const char** const names, + const char* const interface, + const char* const member, + const char* const path, + MessageType message_type, + MessageDirection message_dir); }; } #endif diff --git a/src/internal/naive_policy_db.cpp b/src/internal/naive_policy_db.cpp old mode 100644 new mode 100755 index a623059..bccf9e3 --- a/src/internal/naive_policy_db.cpp +++ b/src/internal/naive_policy_db.cpp @@ -1,252 +1,110 @@ #include "naive_policy_db.hpp" -#include "cynara.hpp" +#include #include "tslog.hpp" using namespace ldp_xml_parser; - - -NaivePolicyDb::~NaivePolicyDb() { -} - -NaivePolicyDb::PolicyOwn::PolicyOwn(){ - treeRootPtr = new struct TreeNode; - treeRootPtr->__decisionItem = {Decision::ANY, NULL}; - treeRootPtr->__nameChar = '\0'; - treeRootPtr->__is_prefix = false; - for (int i = 0; i < MAX_CHILDREN; i++) { - treeRootPtr->children[i] = NULL; - } -} - -NaivePolicyDb::PolicyOwn::~PolicyOwn(){ - nodeRemove(&treeRootPtr); -} - -void NaivePolicyDb::PolicyOwn::nodeRemove(TreeNode **node){ - if (!*node) { - return; - } - for (int i = 0 ; i < MAX_CHILDREN; i++) { - if ((*node)->children[i] != NULL) { - nodeRemove(&(*node)->children[i]); - } - } - delete *node; - *node = NULL; -} - -void NaivePolicyDb::addItem(const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - ItemSendReceive* const item) { - if (tslog::enabled()) { - char tmp[MAX_LOG_LINE]; - const char* i_str = item->toString(tmp); - std::cout << "Add item: " << i_str << std::endl; - } - - const MessageDirection dir = item->getDirection(); - if (dir == MessageDirection::SEND) { - addItem(m_send_set, policy_type, policy_type_value, item); - } else if (dir == MessageDirection::RECEIVE) { - addItem(m_receive_set, policy_type, policy_type_value, item); - } else { - addItem(m_send_set, policy_type, policy_type_value, item); - addItem(m_receive_set, policy_type, policy_type_value, item); - } -} - -void NaivePolicyDb::addItem(const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - ItemOwn* const item) { - if (tslog::enabled()) { - char tmp[MAX_LOG_LINE]; - const char* i_str = item->toString(tmp); - std::cout << "Add item: " << i_str << std::endl; - } - - addItem(m_own_set, policy_type, policy_type_value, item); -} - - - -bool NaivePolicyDb::getPolicy(const ItemType item_type, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const NaivePolicyDb::PolicyOwn*& policy) const { - return this->getPolicyOwn(m_own_set, policy_type, policy_type_value, policy); -} - -bool NaivePolicyDb::getPolicy(const ItemType item_type, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const NaivePolicyDb::PolicySR*& policy) const { - switch (item_type) { - case ItemType::SEND: - return this->getPolicySR(m_send_set, policy_type, policy_type_value, policy); - case ItemType::RECEIVE: - return this->getPolicySR(m_receive_set, policy_type, policy_type_value, policy); - default: - return false; - } -} - - -NaivePolicyDb::PolicySR::PolicyConstIterator::PolicyConstIterator(const std::vector< ItemSendReceive* > & items, int position) +NaivePolicyDb::Policy::PolicyConstIterator::PolicyConstIterator(const std::vector& items, int position) : m_items(items), m_index(position) { } -ItemSendReceive* const& NaivePolicyDb::PolicySR::PolicyConstIterator::operator*() const { + Item* const& NaivePolicyDb::Policy::PolicyConstIterator::operator*() const { return m_items[m_index]; } - -typename NaivePolicyDb::PolicySR::PolicyConstIterator& NaivePolicyDb::PolicySR::PolicyConstIterator::operator++() { +NaivePolicyDb::Policy::PolicyConstIterator& NaivePolicyDb::Policy::PolicyConstIterator::operator++() { if (m_index >= 0) --m_index; return *this; } - -bool NaivePolicyDb::PolicySR::PolicyConstIterator::operator!=(const PolicyConstIterator& it) const { +bool NaivePolicyDb::Policy::PolicyConstIterator::operator!=(const PolicyConstIterator& it) const { return m_index != it.m_index; } - -NaivePolicyDb::PolicySR::PolicyIterator::PolicyIterator(std::vector< ItemSendReceive* > & items, int position) +NaivePolicyDb::Policy::PolicyIterator::PolicyIterator(std::vector& items, int position) : m_items(items), m_index(position) { } - -ItemSendReceive*& NaivePolicyDb::PolicySR::PolicyIterator::operator*() { +Item*& NaivePolicyDb::Policy::PolicyIterator::operator*() { return m_items[m_index]; } - -typename NaivePolicyDb::PolicySR::PolicyIterator& NaivePolicyDb::PolicySR::PolicyIterator::operator++() { +NaivePolicyDb::Policy::PolicyIterator& NaivePolicyDb::Policy::PolicyIterator::operator++() { if (m_index >= 0) --m_index; return *this; } - -bool NaivePolicyDb::PolicySR::PolicyIterator::operator!=(const PolicyIterator& it) const { +bool NaivePolicyDb::Policy::PolicyIterator::operator!=(const PolicyIterator& it) const { return m_index != it.m_index; } - -NaivePolicyDb::PolicySR::PolicyIterator NaivePolicyDb::PolicySR::begin() { +NaivePolicyDb::Policy::PolicyIterator NaivePolicyDb::Policy::begin() { int s = m_items.size() - 1; - return NaivePolicyDb::PolicySR::PolicyIterator(m_items, s); + return NaivePolicyDb::Policy::PolicyIterator(m_items, s); } - - -NaivePolicyDb::PolicySR::PolicyIterator NaivePolicyDb::PolicySR::end() { - return NaivePolicyDb::PolicySR::PolicyIterator(m_items, -1); +NaivePolicyDb::Policy::PolicyIterator NaivePolicyDb::Policy::end() { + return NaivePolicyDb::Policy::PolicyIterator(m_items, -1); } - - -NaivePolicyDb::PolicySR::PolicyConstIterator NaivePolicyDb::PolicySR::begin() const { +NaivePolicyDb::Policy::PolicyConstIterator NaivePolicyDb::Policy::begin() const { int s = m_items.size() - 1; - return NaivePolicyDb::PolicySR::PolicyConstIterator(m_items, s); + return NaivePolicyDb::Policy::PolicyConstIterator(m_items, s); } - - -NaivePolicyDb::PolicySR::PolicyConstIterator NaivePolicyDb::PolicySR::end() const { - return NaivePolicyDb::PolicySR::PolicyConstIterator(m_items, -1); +NaivePolicyDb::Policy::PolicyConstIterator NaivePolicyDb::Policy::end() const { + return NaivePolicyDb::Policy::PolicyConstIterator(m_items, -1); } - -void NaivePolicyDb::PolicySR::addItem(ItemSendReceive* item) { +void NaivePolicyDb::Policy::addItem(Item* item) { m_items.push_back(item); } +NaivePolicyDb::~NaivePolicyDb() { -const struct TreeNode* NaivePolicyDb::PolicyOwn::getTreeRoot() const{ - assert(treeRootPtr); - return treeRootPtr; } -void NaivePolicyDb::PolicyOwn::addItem(ItemOwn* item) { - const char *name = item->getName(); - - if (!name) { - return; - } - - struct TreeNode *node = treeRootPtr; - assert(node); - const char *tmp = name; - while (tmp && *tmp != '\0') { - if (char_map[*tmp] > 64) { - /* Forbidden char */ - return; - } - tmp++; - } - int childIndex = 0; - while (name && *name != '\0') { - childIndex = char_map[*name]; - if (node->children[childIndex] == NULL) { - node->children[childIndex] = new struct TreeNode; - node->children[childIndex]->__decisionItem = {Decision::ANY, NULL}; - node->children[childIndex]->__nameChar = *name; - node->children[childIndex]->__is_prefix = false; - for (int k = 0; k < MAX_CHILDREN; k++) { - node->children[childIndex]->children[k] = NULL; - } - - node = node->children[childIndex]; - } else { - node = node->children[childIndex]; - } - name++; +const NaivePolicyDb::Policy* NaivePolicyDb::getPolicy(const ItemType item_type, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value) { + PolicyTypeSet* set = NULL; + switch (item_type) { + case ItemType::OWN: + set = &m_own_set; + break; + case ItemType::SEND: + set = &m_send_set; + break; + case ItemType::RECEIVE: + set = &m_receive_set; + break; + default: + break; } - node->__decisionItem = item->getDecision(); - node->__is_prefix = item->isPrefix(); -} - - -bool NaivePolicyDb::getPolicySR(const NaivePolicyDb::PolicyTypeSetSR& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const NaivePolicyDb::PolicySR*& policy) const -{ if (tslog::enabled()) - std::cout << "---policy_type ="; - try { - switch (policy_type) { - case PolicyType::CONTEXT: - if (tslog::enabled()) - std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl; - policy = &set.context[static_cast(policy_type_value.context) ]; - return true; - case PolicyType::USER: - if (tslog::enabled()) - std::cout << "USER =" << (int)policy_type_value.user << std::endl; - policy = &set.user.at(policy_type_value.user); - return true; - case PolicyType::GROUP: - if (tslog::enabled()) - std::cout << "GROUP = " << (int)policy_type_value.group << std::endl; - policy = &set.group.at(policy_type_value.group); - return true; - } - } catch (std::out_of_range&) - { - if (tslog::verbose()) - std::cout << "GetPolicy: Out of Range exception\n"; + std::cout<<"---policy_type ="; + switch (policy_type) { + case PolicyType::CONTEXT: + if (tslog::enabled()) + std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl; + return &set->context[static_cast(policy_type_value.context) ]; + case PolicyType::USER: + if (tslog::enabled()) + std::cout << "USER =" << (int)policy_type_value.user << std::endl; + return &set->user[policy_type_value.user]; + case PolicyType::GROUP: + if (tslog::enabled()) + std::cout << "GROUP = " << (int)policy_type_value.group << std::endl; + return &set->group[policy_type_value.group]; } if (tslog::enabled()) std::cout << "NO POLICY\n"; - return false; + return NULL; } - -void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetSR& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - ItemSendReceive* const item) { +void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSet& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + Item* const item) { switch (policy_type) { case PolicyType::CONTEXT: set.context[static_cast(policy_type_value.context)].addItem(item); @@ -260,56 +118,28 @@ void NaivePolicyDb::addItem(NaivePolicyDb::PolicyTypeSetSR& set, } } +void NaivePolicyDb::addItem(const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + Item* const item) { + const ItemSendReceive* it; -bool NaivePolicyDb::getPolicyOwn(const NaivePolicyDb::PolicyTypeSetOwn& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const NaivePolicyDb::PolicyOwn*& policy) const -{ - if (tslog::enabled()) - std::cout << "---policy_type ="; - try { - switch (policy_type) { - case PolicyType::CONTEXT: - if (tslog::enabled()) - std::cout << "CONTEXT =" << (int)policy_type_value.context << std::endl; - policy = &set.context[static_cast(policy_type_value.context) ]; - return true; - case PolicyType::USER: - if (tslog::enabled()) - std::cout << "USER =" << (int)policy_type_value.user << std::endl; - policy = &set.user.at(policy_type_value.user); - return true; - case PolicyType::GROUP: - if (tslog::enabled()) - std::cout << "GROUP = " << (int)policy_type_value.group << std::endl; - policy = &set.group.at(policy_type_value.group); - return true; - } - } catch (std::out_of_range&) - { - if (tslog::verbose()) - std::cout << "GetPolicy: Out of Range exception\n"; + if (tslog::enabled()) { + char tmp[MAX_LOG_LINE]; + const char* i_str = item->toString(tmp); + std::cout<<"Add item: "<< i_str <(policy_type_value.context)].addItem(item); - break; - case PolicyType::USER: - set.user[policy_type_value.user].addItem(item); - break; - case PolicyType::GROUP: - set.group[policy_type_value.group].addItem(item); - break; + if (dynamic_cast(item)) + addItem(m_own_set, policy_type, policy_type_value, item); + else if ((it = dynamic_cast(item))) { + const MessageDirection dir = it->getDirection(); + if (dir == MessageDirection::SEND) + addItem(m_send_set, policy_type, policy_type_value, item); + else if (dir == MessageDirection::RECEIVE) + addItem(m_receive_set, policy_type, policy_type_value, item); + else { + addItem(m_send_set, policy_type, policy_type_value, item); + addItem(m_receive_set, policy_type, policy_type_value, item); + } } } diff --git a/src/internal/naive_policy_db.hpp b/src/internal/naive_policy_db.hpp old mode 100644 new mode 100755 index 3b8a655..fdbd0c1 --- a/src/internal/naive_policy_db.hpp +++ b/src/internal/naive_policy_db.hpp @@ -24,28 +24,28 @@ namespace ldp_xml_parser { class NaivePolicyDb { public: - class PolicySR { + class Policy { private: - std::vector m_items; + std::vector m_items; public: class PolicyConstIterator { private: - const std::vector& m_items; + const std::vector& m_items; int m_index; public: - PolicyConstIterator(const std::vector& items, int position); - ItemSendReceive* const& operator*() const; + PolicyConstIterator(const std::vector& items, int position); + Item* const& operator*() const; PolicyConstIterator& operator++(); bool operator!=(const PolicyConstIterator& it) const; }; class PolicyIterator { private: - std::vector& m_items; + std::vector& m_items; int m_index; public: - PolicyIterator(std::vector& items, int position); - ItemSendReceive*& operator*(); + PolicyIterator(std::vector& items, int position); + Item*& operator*(); PolicyIterator& operator++(); bool operator!=(const PolicyIterator& it) const; }; @@ -54,78 +54,33 @@ namespace ldp_xml_parser PolicyIterator end(); PolicyConstIterator begin() const; PolicyConstIterator end() const; - void addItem(ItemSendReceive* item); - }; - - - class PolicyOwn { - private: - struct TreeNode *treeRootPtr = NULL; - void nodeRemove(TreeNode **node); - public: - PolicyOwn(); - ~PolicyOwn(); - void addItem(ItemOwn* item); - const TreeNode* getTreeRoot() const; + void addItem(Item* item); }; ~NaivePolicyDb(); - bool getPolicy(const ItemType item_type, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const PolicyOwn*& policy) const; - - bool getPolicy(const ItemType item_type, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const PolicySR*& policy) const; + const Policy* getPolicy(const ItemType item_type, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value); void addItem(const PolicyType policy_type, const PolicyTypeValue policy_type_value, - ItemOwn* const item); - - void addItem(const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - ItemSendReceive* const item); - + Item* const item); private: - - struct PolicyTypeSetOwn { - PolicyOwn context[static_cast(ContextType::MAX)]; - std::map user; - std::map group; - }; - - struct PolicyTypeSetSR { - PolicySR context[static_cast(ContextType::MAX)]; - std::map user; - std::map group; + struct PolicyTypeSet { + Policy context[static_cast(ContextType::MAX)]; + std::map user; + std::map group; }; - PolicyTypeSetOwn m_own_set; - PolicyTypeSetSR m_send_set; - PolicyTypeSetSR m_receive_set; - - void addItem(PolicyTypeSetSR& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - ItemSendReceive* const item); - - bool getPolicySR(const PolicyTypeSetSR& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const PolicySR*& policy) const; - - void addItem(PolicyTypeSetOwn& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - ItemOwn* const item); - - bool getPolicyOwn(const PolicyTypeSetOwn& set, - const PolicyType policy_type, - const PolicyTypeValue policy_type_value, - const PolicyOwn*& policy) const; + PolicyTypeSet m_own_set; + PolicyTypeSet m_send_set; + PolicyTypeSet m_receive_set; + void addItem(PolicyTypeSet& set, + const PolicyType policy_type, + const PolicyTypeValue policy_type_value, + Item* const item); }; } + #endif diff --git a/src/internal/policy.cpp b/src/internal/policy.cpp old mode 100644 new mode 100755 index 9bcdb63..20076e5 --- a/src/internal/policy.cpp +++ b/src/internal/policy.cpp @@ -11,6 +11,16 @@ static const char* message_type[] = { "ANY", "METHOD_CALL", "METHOD_RETURN", "ER static const char* message_dir[] = { "ANY", "SEND", "RECEIVE"}; static const char* message_decision[] = {"NO_DECISION", "ALLOW", "DENY", "CHECK"}; +static bool __compare_str(const char* a, const char* b) { + + while(*a && *b && *a != ' ' && *b != ' ') { + if (*a != *b) + return false; + a++; b++; + } + return ((*a == 0 || *a == ' ') && (*b == 0 || *b != ' ')); +} + static MessageType __str_to_message_type(const char* str) { if (!std::strcmp(str, "method_call")) return MessageType::METHOD_CALL; @@ -79,39 +89,39 @@ void DbAdapter::updateDecision(const boost::property_tree::ptree::value_type& v, state& t, bool& attr) { const char* value = NULL; - if (v.first == "allow" && t == POLICY) { + if(v.first == "allow" && t == POLICY) { __builder.reset(); __builder.addDecision(Decision::ALLOW); t = ALLOW_DENY_CHECK; attr = false; - } else if (v.first == "deny" && t == POLICY) { + } else if(v.first == "deny" && t == POLICY) { __builder.reset(); __builder.addDecision(Decision::DENY); t = ALLOW_DENY_CHECK; attr = false; - } else if (v.first == "check" && t == POLICY) { + } else if(v.first == "check" && t == POLICY) { __builder.reset(); __builder.addDecision(Decision::CHECK); t = ALLOW_DENY_CHECK; attr = false; - } else if (v.first == "") { + } else if(v.first == "") { attr = true; - } else if (attr && t == POLICY) { + } else if(attr && t == POLICY) { if (v.second.data() != "*") value = v.second.data().c_str(); - if (v.first == "context") { - if (std::strcmp(value, "mandatory") == 0 ) { + if(v.first == "context") { + if(std::strcmp(value,"mandatory") == 0 ) { policy_type = PolicyType::CONTEXT; policy_type_value.context = ContextType::MANDATORY; - } else if (std::strcmp(value, "default") == 0) { + } else if(std::strcmp(value, "default") == 0) { policy_type = PolicyType::CONTEXT; policy_type_value.context = ContextType::DEFAULT; } - } else if (v.first == "user") { + } else if(v.first == "user") { policy_type = PolicyType::USER; policy_type_value.user = convertToUid(value); - } else if (v.first == "group") { + } else if(v.first == "group") { policy_type = PolicyType::GROUP; policy_type_value.group = convertToGid(value); } else { @@ -122,31 +132,30 @@ void DbAdapter::updateDecision(const boost::property_tree::ptree::value_type& v, if (v.second.data() != "*") value = v.second.data().c_str(); - if (field_has(v, "send_")) { + if(field_has(v, "send_")) { __builder.addDirection(MessageDirection::SEND); - } else if (field_has(v, "receive_")) { + } else if(field_has(v, "receive_")) { __builder.addDirection(MessageDirection::RECEIVE); - } else if (v.first == "own") { + } else if(v.first == "own") { __builder.addOwner(value); __builder.setPrefix(false); - } else if (v.first == "own_prefix") { + } else if(v.first == "own_prefix") { __builder.addOwner(value); __builder.setPrefix(true); - } else if (v.first == "privilege") { + } else if(v.first == "privilege") __builder.addPrivilege(value); - } - if (field_has(v, "_destination")) + if(field_has(v, "_destination")) __builder.addName(value); - else if (field_has(v, "_sender")) + else if(field_has(v, "_sender")) __builder.addName(value); - else if (field_has(v, "_path")) + else if(field_has(v, "_path")) __builder.addPath(value); - else if (field_has(v, "_interface")) + else if(field_has(v, "_interface")) __builder.addInterface(value); - else if (field_has(v, "_member")) + else if(field_has(v, "_member")) __builder.addMember(value); - else if (field_has(v, "_type")) + else if(field_has(v, "_type")) __builder.addMessageType(__str_to_message_type(value)); } else { attr = false; @@ -162,18 +171,22 @@ void DbAdapter::xmlTraversal(bool bus, bool attr, int level) { static const int Q_XML_MAX_LEVEL = 10; - if (level < Q_XML_MAX_LEVEL) { + if(level < Q_XML_MAX_LEVEL) { for(const auto& v : pt) { - if (v.first == "") { continue; } + if(v.first == "") { continue; } state t = tag; updateDecision(v, policy_type, policy_type_value, t, attr); xmlTraversal(bus, v.second, t, policy_type, policy_type_value, attr, level + 1); } - if (!pt.empty() && level > 1) { - if (bus) - __builder.generateItem(__session_db, policy_type, policy_type_value); - else - __builder.generateItem(__system_db, policy_type, policy_type_value); + + if(!pt.empty() && level > 1) { + Item* it = __builder.generateItem(); + if (it) { + if (bus) + __session_db.addItem(policy_type, policy_type_value, it); + else + __system_db.addItem(policy_type, policy_type_value, it); + } } } } @@ -182,8 +195,8 @@ void DbAdapter::updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::ve const auto& children = xmlTree.get_child("busconfig"); PolicyType policy_type; PolicyTypeValue policy_type_value; - for (const auto& x : children) { - if (x.first == "policy") { + for(const auto& x : children) { + if(x.first == "policy") { __tag_state = POLICY; __attr = false; xmlTraversal(bus, x.second, POLICY, policy_type, policy_type_value); @@ -193,159 +206,169 @@ void DbAdapter::updateDb(bool bus, boost::property_tree::ptree& xmlTree, std::ve } } -DecisionItem::DecisionItem(Decision decision, const char* privilege) - : __decision(decision), __privilege(privilege) -{ +Item::Item(Decision decision, const char* privilege, bool isOwner) + : _decision(decision), _privilege(privilege), _is_owner(isOwner) { + } -DecisionItem::~DecisionItem() -{ - if (__privilege) - delete[] __privilege; +Item::~Item() { + if (_is_owner) { + delete[] _privilege; + } +} + +bool Item::match(const Item& item) const { + return match(&item); +} + +bool Item::match(const Item* item) const { + return true; } -Decision DecisionItem::getDecision() const { - return __decision; +Decision Item::getDecision() const { + return _decision; } -const char* DecisionItem::getPrivilege() const { - return __privilege; +const char* Item::getPrivilege() const { + return _privilege; } -ItemType DecisionItem::getType() const { +ItemType Item::getType() const { return ItemType::GENERIC; } -const char* DecisionItem::toString(char* str) const { - snprintf(str, MAX_LOG_LINE, "Item: dec(%s) priv(%s)", __decision_to_str(__decision), __privilege); +const char* Item::toString(char* str) const { + snprintf(str, MAX_LOG_LINE, "Item: dec(%s) owner(%d) priv(%s)", __decision_to_str(_decision), _is_owner, _privilege); return str; } ItemOwn::ItemOwn(const char* name, + bool is_prefix, Decision decision, const char* privilege) - : __decision(DecisionItem(decision, privilege)), __name(name) { +: Item(decision, privilege), __name(name), __is_prefix(is_prefix) { } +ItemOwn::~ItemOwn() { + if (_is_owner) { + delete[] __name; + } +} ItemType ItemOwn::getType() const { return ItemType::OWN; } +bool ItemOwn::match(const Item* item) const { + const ItemOwn* it = dynamic_cast(item); + if (!it) + return false; -const char* ItemOwn::toString(char* str) const { - snprintf(str, MAX_LOG_LINE, "ItemOwn: service(%s), pref(%d)", __name, __is_prefix); - return str; -} - -const char* ItemOwn::getName() const { - return __name; -} - -bool ItemOwn::isPrefix() const { - return __is_prefix; -} + if (__is_prefix) { + int i = 0; + if (!__name) + return false; -const DecisionItem& ItemOwn::getDecision() const { - return __decision; -} + for (i = 0; __name[i] && it->__name[i]; i++) + if (__name[i] != it->__name[i]) + return false; -NameSR::NameSR(const char* m, int l) : name(m), len(l) -{ -} + if (__name[i] != 0) + return false; -MatchItemSR::MatchItemSR(const char* i, const char* me, const char* p, MessageType t, MessageDirection d) - : names_num(0), interface(i), member(me), path(p), type(t), direction(d) { + return true; + } else if (!__name) + return true; + else { + return std::strcmp(__name, it->__name) == 0; + } } -MatchItemSR::~MatchItemSR(){ +const char* ItemOwn::toString(char* str) const { + char parent[MAX_LOG_LINE]; + const char* t = Item::toString(parent); + snprintf(str, MAX_LOG_LINE, "ItemOwn: service(%s), pref(%d) <- %s", __name, __is_prefix, t); + return str; } -void MatchItemSR::addName(const char* name) { - names[names_num++] = NameSR(name, std::strlen(name)); +ItemSendReceive::ItemSendReceive(const char** names, + const char* interface, + const char* member, const char* path, + MessageType type, MessageDirection direction, + Decision decision, + const char* privilege) + : Item(decision, privilege), + __names(names), + __interface(interface), + __member(member), + __path(path), + __type(type), + __direction(direction) { } - -bool MatchItemSR::addNames(const char* name) { +const char* ItemSendReceive::toString(char* str) const { + char parent[MAX_LOG_LINE]; + char buff[MAX_LOG_LINE]; + char* curr = buff; + const char* t = Item::toString(parent); int i = 0; - int j = 0; - - if (name) { - assert((name[i] > 'a'&& name[i] < 'z') || (name[i] > 'A'&& name[i] < 'Z') || (name[i] > '0'&& name[i] < '9')); - while (name[i] && names_num < KDBUS_CONN_MAX_NAMES + 1) { - char c; - int len; - j = i; - while ((c = name[i++]) && ' ' != c); - if (!c) { - --i; - len = i-j; - } else { - len = i-j-1; - } - names[names_num++] = NameSR(name + j, len); - } - if (names_num >= KDBUS_CONN_MAX_NAMES + 1) - return false; + int k = 0; + while(__names && __names[i]){ + for (k = 0; __names[i][k] && __names[i][k] != ' ';k++){ + *curr = __names[i][k]; + curr +=1; + } + *curr = ' '; + curr += 1; + i++; } - return true; -} - -ItemSendReceive::ItemSendReceive(const char* name, - const char* interface, - const char* member, - const char* path, - MessageType type, - MessageDirection direction, - Decision decision, - const char* privilege) - : __name(NameSR(name, name?std::strlen(name):0)), - __interface(interface), - __member(member), - __path(path), - __type(type), - __direction(direction) { -} - -const char* ItemSendReceive::toString(char* str) const { - snprintf(str, MAX_LOG_LINE, "ItemSR: name(%s), inter(%s), member(%s), path(%s), type(%s), dir(%s)", __name.name, __interface, __member, __path, __message_type_to_str(__type), __message_dir_to_str(__direction)); + *curr = 0; + curr += 1; + snprintf(str, MAX_LOG_LINE, "ItemSR: name(%s), inter(%s), member(%s), path(%s), type(%s), dir(%s) <- %s", buff, __interface, __member, __path, __message_type_to_str(__type), __message_dir_to_str(__direction), t); return str; } - ItemSendReceive::~ItemSendReceive() { - delete[] __interface; - delete[] __member; - delete[] __path; - - if (__name.len > 0) { - delete[] __name.name; + if (_is_owner) { + delete[] __interface; + delete[] __member; + delete[] __path; + + if (__names) { + int i = 0; + while (__names[i]) + delete[] __names[i++]; + delete[] __names; + } } } -bool ItemSendReceive::match(const MatchItemSR& item) const { - if (__type != MessageType::ANY && __type != item.type) +bool ItemSendReceive::match(const Item* item) const { + const ItemSendReceive* it = dynamic_cast(item); + + if (!it) + return false; + + if (__type != MessageType::ANY && __type != it->__type) return false; - if (__direction != item.direction) + if (__direction != it->__direction) return false; - if (__interface && item.interface && std::strcmp(__interface, item.interface)) + if (__interface && it->__interface && std::strcmp(__interface, it->__interface)) return false; - if (__path && item.path && std::strcmp(__path, item.path)) + if (__path && it->__path && std::strcmp(__path, it->__path)) return false; - if (__member && item.member && std::strcmp(__member, item.member)) + if (__member && it->__member && std::strcmp(__member, it->__member)) return false; - if (__name.len > 0 ) { + if (__names && __names[0]) { int i = 0; bool f = false; - if (item.names_num > 0) { - while (i < item.names_num) { - if (item.names[i].len == __name.len && - !memcmp(item.names[i].name, __name.name, item.names[i].len)) { + if (it->__names) { + while (it->__names[i]) { + if (__compare_str(it->__names[i++], __names[0])) { f = true; break; } - i++; } if (!f) return false; @@ -367,36 +390,40 @@ MessageDirection ItemSendReceive::getDirection() const { return __direction; } -const DecisionItem& ItemSendReceive::getDecision() const { - return __decision; -} - ItemOwn* ItemBuilder::getOwnItem() { - __current_item_type = ItemType::OWN; - return &__current_own; + if (!__current) { + __current = new ItemOwn(); + prepareItem(); + } + return dynamic_cast(__current); } ItemSendReceive* ItemBuilder::getSendReceiveItem() { - if (!__current_sr) { - __current_sr = new ItemSendReceive(); + if (!__current) { + __current = new ItemSendReceive(); + prepareItem(); } - __current_item_type = ItemType::SEND; - return __current_sr; + return dynamic_cast(__current); } -ItemBuilder::ItemBuilder() : __current_own(NULL), __current_sr(NULL) { +ItemBuilder::ItemBuilder() : __current(NULL), __delayed_privilege(NULL) { } ItemBuilder::~ItemBuilder(){ - if (__current_sr) - delete __current_sr; + if (__delayed_privilege) + delete[] __delayed_privilege; + if (__current) + delete __current; } void ItemBuilder::reset() { - __decision.__decision = Decision::ANY; - __decision.__privilege = NULL; - __current_sr = NULL; - __current_own = NULL; + if (__delayed_privilege) + delete[] __delayed_privilege; + if (__current) + delete __current; + + __current = NULL; + __delayed_privilege = NULL; } char* ItemBuilder::duplicate(const char* str) { @@ -415,15 +442,21 @@ char* ItemBuilder::duplicate(const char* str) { return ret; } -void ItemBuilder::generateItem(NaivePolicyDb& db, PolicyType& policy_type, PolicyTypeValue& policy_type_value) { - if (__current_item_type == ItemType::OWN) { - __current_own.__decision = __decision; - db.addItem(policy_type, policy_type_value, &__current_own); - } else if (__current_sr) { - __current_sr->__decision = __decision; - db.addItem(policy_type, policy_type_value, __current_sr); - } - reset(); +void ItemBuilder::prepareItem() { + __current->_is_owner = true; + if (__delayed_privilege) + __current->_privilege = __delayed_privilege; + + __current->_decision = __delayed_decision; + __delayed_privilege = NULL; +} + +Item* ItemBuilder::generateItem() { + Item* ret = __current; + __current = NULL; + __delayed_decision = Decision::ANY; + __delayed_privilege = NULL; + return ret; } void ItemBuilder::addOwner(const char* owner) { @@ -435,28 +468,17 @@ void ItemBuilder::addOwner(const char* owner) { void ItemBuilder::addName(const char* name) { ItemSendReceive* sr = getSendReceiveItem(); - if (sr->__name.len > 0) { - delete[] sr->__name.name; - sr->__name.len = 0; + if (sr->__names) { + delete sr->__names[0]; + delete[] sr->__names; } - - if (!name) { - sr->__name.name = NULL; - } else { - sr->__name.name = duplicate(name); - sr->__name.len = std::strlen(name); - } -} - -const char* MatchItemSR::toString(char* str) const { - char tmp[MAX_LOG_LINE]; - tmp[0] = 0; - for (int i = 0; i < names_num; i++) { - std::strcat(tmp, names[i].name); - std::strcat(tmp, " "); + if (!name) + sr->__names = NULL; + else { + sr->__names = new const char*[2]; + sr->__names[0] = duplicate(name); + sr->__names[1] = NULL; } - snprintf(str, MAX_LOG_LINE, "matcher: services(%s), interface(%s), member(%s), path(%s), type(%s), direction(%s)", tmp, interface, member, path, __message_type_to_str(type), __message_dir_to_str(direction) ); - return str; } void ItemBuilder::addInterface(const char* interface) { @@ -485,11 +507,17 @@ void ItemBuilder::addDirection(MessageDirection direction) { } void ItemBuilder::addPrivilege(const char* privilege) { - __decision.__privilege = duplicate(privilege); + if (!__current) + __delayed_privilege = duplicate(privilege); + else + __current->_privilege = duplicate(privilege); } void ItemBuilder::addDecision(Decision decision) { - __decision.__decision = decision; + if (!__current) + __delayed_decision = decision; + else + __current->_decision = decision; } void ItemBuilder::setPrefix(bool value) { diff --git a/src/internal/policy.hpp b/src/internal/policy.hpp old mode 100644 new mode 100755 index 55834cc..e76e3f2 --- a/src/internal/policy.hpp +++ b/src/internal/policy.hpp @@ -18,23 +18,11 @@ #include #include -#include #include #define MAX_LOG_LINE 1024 -#define MAX_CHILDREN 65 namespace ldp_xml_parser { - - const char char_map[128] {65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, - 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, - 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 65, 10, 12, 65, - 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 65, 65, 65, 65, 65, 65, - 65, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, - 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 65, 65, 65, 11, - 65, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, - 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 65, 65, 65, 65, 65}; - enum class MessageType : uint8_t { ANY = 0, METHOD_CALL, @@ -49,7 +37,7 @@ namespace ldp_xml_parser RECEIVE }; - enum class ItemType : uint8_t { + enum class ItemType : uint8_t{ GENERIC, OWN, SEND, @@ -92,70 +80,41 @@ namespace ldp_xml_parser class ItemBuilder; - class DecisionItem { - private: - Decision __decision; - const char* __privilege; + class Item { + protected: + Decision _decision; + const char* _privilege; + bool _is_owner; public: friend class ItemBuilder; - DecisionItem(Decision decision = Decision::ANY, const char* privilege = NULL); - ~DecisionItem(); - Decision getDecision() const; - const char* getPrivilege() const; - ItemType getType() const; - const char* toString(char* str) const; + Item(Decision decision = Decision::ANY, const char* privilege = NULL, bool isOwner = false); + virtual ~Item(); + virtual bool match(const Item& item) const; + virtual bool match(const Item* item) const; + virtual Decision getDecision() const; + virtual const char* getPrivilege() const; + virtual ItemType getType() const; + virtual const char* toString(char* str) const; }; - class ItemOwn { + class ItemOwn : public Item { private: - DecisionItem __decision; const char* __name; bool __is_prefix; public: friend class ItemBuilder; ItemOwn(const char* name = NULL, + bool is_prefix = false, Decision decision = Decision::ANY, const char* privilege = NULL); - bool match(const char* const name) const; - ItemType getType() const; - const char* toString(char* str) const; - const DecisionItem& getDecision() const; - const char* getName() const; - bool isPrefix() const; - }; - - struct TreeNode{ - DecisionItem __decisionItem; - char __nameChar; - bool __is_prefix; - struct TreeNode *children[MAX_CHILDREN]; - }; - - struct NameSR { - const char* name; - int len; - NameSR(const char* m = NULL, int l = 0); - }; - - struct MatchItemSR { - int names_num; - NameSR names[KDBUS_CONN_MAX_NAMES+1]; - const char* interface; - const char* member; - const char* path; - MessageType type; - MessageDirection direction; - MatchItemSR(const char* i = NULL, const char* me = NULL, const char* p = NULL, MessageType t = MessageType::ANY, MessageDirection d = MessageDirection::ANY); - ~MatchItemSR(); - void addName(const char* name); - bool addNames(const char* name); - const char* toString(char* str) const; + virtual ~ItemOwn(); + virtual bool match(const Item* item) const; + virtual ItemType getType() const; + virtual const char* toString(char* str) const; }; - class ItemSendReceive { - private: - DecisionItem __decision; - NameSR __name; + class ItemSendReceive : public Item { + const char** __names; const char* __interface; const char* __member; const char* __path; @@ -163,7 +122,7 @@ namespace ldp_xml_parser MessageDirection __direction; public: friend class ItemBuilder; - ItemSendReceive(const char* name = NULL, + ItemSendReceive(const char** names = NULL, const char* interface = NULL, const char* member = NULL, const char* path = NULL, @@ -171,28 +130,26 @@ namespace ldp_xml_parser MessageDirection direction = MessageDirection::ANY, Decision decision = Decision::ANY, const char* privilege = NULL); - ~ItemSendReceive(); - bool match(const MatchItemSR& item) const; + virtual ~ItemSendReceive(); + virtual bool match(const Item* item) const; MessageDirection getDirection() const; - ItemType getType() const; - const char* toString(char* str) const; - const DecisionItem& getDecision() const; + virtual ItemType getType() const; + virtual const char* toString(char* str) const; }; - class NaivePolicyDb; class ItemBuilder { private: - DecisionItem __decision; - ItemOwn __current_own; - ItemType __current_item_type; - ItemSendReceive* __current_sr; + Item* __current; + Decision __delayed_decision; + const char* __delayed_privilege; ItemOwn* getOwnItem(); ItemSendReceive* getSendReceiveItem(); char* duplicate(const char* str); + void prepareItem(); public: ItemBuilder(); ~ItemBuilder(); - void generateItem(NaivePolicyDb& db, PolicyType& policy_type, PolicyTypeValue& policy_type_value); + Item* generateItem(); void reset(); void addUser(const char* name); void addGroup(const char* name); @@ -208,6 +165,7 @@ namespace ldp_xml_parser void setPrefix(bool value); }; + class NaivePolicyDb; class DbAdapter { private: enum state { -- 2.7.4