Jason Tang jtang@tresys.com
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file rbac_internal.h.
Go to the source code of this file.
Typedefs | |
| typedef poldiff_role_allow_summary | poldiff_role_allow_summary_t |
| typedef poldiff_role_trans_summary | poldiff_role_trans_summary_t |
Functions | |
| poldiff_role_allow_summary_t * | role_allow_create (void) |
| Allocate and return a new poldiff_role_allow_summary_t object. | |
| void | role_allow_destroy (poldiff_role_allow_summary_t **ras) |
| Deallocate all space associated with a poldiff_role_allow_summary_t object, including the pointer itself. | |
| int | role_allow_reset (poldiff_t *diff) |
| Reset the state of all role allow rule differences. | |
| apol_vector_t * | role_allow_get_items (poldiff_t *diff, const apol_policy_t *policy) |
| Get a vector of all role allow rules from the given policy, sorted by source name. | |
| int | role_allow_comp (const void *x, const void *y, const poldiff_t *diff) |
| Compare two pseudo_role_allow_t objects, determining if they have the same source name or not. | |
| int | role_allow_new_diff (poldiff_t *diff, poldiff_form_e form, const void *item) |
| Create, initialize, and insert a new semantic difference entry for a role allow rule. | |
| int | role_allow_deep_diff (poldiff_t *diff, const void *x, const void *y) |
| Compute the semantic difference of two role allow rules for which the compare callback returns 0. | |
| poldiff_role_trans_summary_t * | role_trans_create (void) |
| Allocate and return a new poldiff_role_trans_summary_t object. | |
| void | role_trans_destroy (poldiff_role_trans_summary_t **rts) |
| Deallocate all space associated with a poldiff_role_trans_summary_t object, including the pointer itself. | |
| int | role_trans_reset (poldiff_t *diff) |
| Reset the state of all role_transition rule differences. | |
| apol_vector_t * | role_trans_get_items (poldiff_t *diff, const apol_policy_t *policy) |
| Get a vector of all role_transition rules from the given policy, sorted by source name. | |
| int | role_trans_comp (const void *x, const void *y, const poldiff_t *diff) |
| Compare two pseudo_role_trans_t objects, determining if they have the same source name and target or not. | |
| int | role_trans_new_diff (poldiff_t *diff, poldiff_form_e form, const void *item) |
| Create, initialize, and insert a new semantic difference entry for a role_transition rule. | |
| int | role_trans_deep_diff (poldiff_t *diff, const void *x, const void *y) |
| Compute the semantic difference of two role_transition rules for which the compare callback returns 0. | |
|
|
Definition at line 34 of file rbac_internal.h. Referenced by role_allow_create(), and role_allow_destroy(). |
|
|
Definition at line 35 of file rbac_internal.h. Referenced by role_trans_create(), and role_trans_destroy(). |
|
|
Allocate and return a new poldiff_role_allow_summary_t object.
Definition at line 243 of file rbac_diff.c. References apol_vector_create(), poldiff_role_allow_summary_t, role_allow_destroy(), and role_allow_free(). Referenced by poldiff_create(), and role_allow_reset(). 00244 {
00245 poldiff_role_allow_summary_t *ras = calloc(1, sizeof(*ras));
00246 if (ras == NULL) {
00247 return NULL;
00248 }
00249 if ((ras->diffs = apol_vector_create(role_allow_free)) == NULL) {
00250 role_allow_destroy(&ras);
00251 return NULL;
00252 }
00253 return ras;
00254 }
|
|
|
Deallocate all space associated with a poldiff_role_allow_summary_t object, including the pointer itself. If the pointer is already NULL then do nothing.
Definition at line 256 of file rbac_diff.c. References apol_vector_destroy(), and poldiff_role_allow_summary_t. Referenced by poldiff_destroy(), role_allow_create(), and role_allow_reset(). 00257 {
00258 if (ras != NULL && *ras != NULL) {
00259 apol_vector_destroy(&(*ras)->diffs);
00260 free(*ras);
00261 *ras = NULL;
00262 }
00263 }
|
|
|
Reset the state of all role allow rule differences.
Definition at line 376 of file rbac_diff.c. References diff, ERR, poldiff_t, role_allow_create(), role_allow_destroy(), and poldiff::role_allow_diffs. 00377 {
00378 int error = 0;
00379
00380 if (diff == NULL) {
00381 ERR(diff, "%s", strerror(EINVAL));
00382 errno = EINVAL;
00383 return -1;
00384 }
00385
00386 role_allow_destroy(&diff->role_allow_diffs);
00387 diff->role_allow_diffs = role_allow_create();
00388 if (diff->role_allow_diffs == NULL) {
00389 error = errno;
00390 ERR(diff, "%s", strerror(error));
00391 errno = error;
00392 return -1;
00393 }
00394
00395 return 0;
00396 }
|
|
||||||||||||
|
Get a vector of all role allow rules from the given policy, sorted by source name.
Definition at line 291 of file rbac_diff.c. References apol_bst_create(), apol_bst_destroy(), apol_bst_get_vector(), apol_bst_insert_and_get(), apol_bst_t, apol_policy_get_qpol(), apol_policy_t, apol_str_strcmp(), apol_vector_append_unique(), apol_vector_create_from_iter(), apol_vector_create_with_capacity(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, diff, ERR, poldiff_t, pseudo_role_allow_t, qpol_iterator_destroy(), qpol_iterator_t, qpol_policy_get_role_allow_iter(), qpol_policy_t, qpol_role_allow_get_source_role(), qpol_role_allow_get_target_role(), qpol_role_allow_t, qpol_role_get_name(), qpol_role_t, role_allow_free_item(), and role_allow_source_comp(). 00292 {
00293 qpol_iterator_t *iter = NULL;
00294 apol_vector_t *tmp = NULL, *v = NULL;
00295 int error = 0, retv;
00296 size_t i;
00297 apol_bst_t *bst = NULL;
00298 pseudo_role_allow_t *pra = NULL;
00299 const qpol_role_t *sr = NULL, *tr = NULL;
00300 const char *sr_name = NULL, *tr_name = NULL;
00301 const qpol_role_allow_t *qra = NULL;
00302 qpol_policy_t *q = apol_policy_get_qpol(policy);
00303
00304 if (qpol_policy_get_role_allow_iter(q, &iter) < 0) {
00305 return NULL;
00306 }
00307
00308 tmp = apol_vector_create_from_iter(iter, NULL);
00309 if (tmp == NULL) {
00310 error = errno;
00311 ERR(diff, "%s", strerror(error));
00312 qpol_iterator_destroy(&iter);
00313 errno = error;
00314 return NULL;
00315 }
00316 qpol_iterator_destroy(&iter);
00317
00318 bst = apol_bst_create(role_allow_source_comp, role_allow_free_item);
00319
00320 for (i = 0; i < apol_vector_get_size(tmp); i++) {
00321 qra = apol_vector_get_element(tmp, i);
00322 if (!(pra = calloc(1, sizeof(*pra))) || (!(pra->target_roles = apol_vector_create_with_capacity(1, NULL)))) {
00323 error = errno;
00324 ERR(diff, "%s", strerror(error));
00325 goto err;
00326 }
00327 if (qpol_role_allow_get_source_role(q, qra, &sr) || qpol_role_get_name(q, sr, &sr_name)) {
00328 error = errno;
00329 ERR(diff, "%s", strerror(error));
00330 goto err;
00331 }
00332 sr = NULL;
00333 if (qpol_role_allow_get_target_role(q, qra, &tr) || qpol_role_get_name(q, tr, &tr_name)) {
00334 error = errno;
00335 ERR(diff, "%s", strerror(error));
00336 goto err;
00337 }
00338 tr = NULL;
00339 pra->source_role = sr_name;
00340 retv = apol_bst_insert_and_get(bst, (void **)&pra, NULL);
00341 if (retv < 0) {
00342 error = errno;
00343 ERR(diff, "%s", strerror(error));
00344 goto err;
00345 }
00346 apol_vector_append_unique(pra->target_roles, (void *)tr_name, apol_str_strcmp, NULL);
00347 pra = NULL;
00348 }
00349 apol_vector_destroy(&tmp);
00350
00351 v = apol_bst_get_vector(bst, 1);
00352 if (!v) {
00353 error = errno;
00354 ERR(diff, "%s", strerror(error));
00355 goto err;
00356 }
00357 apol_bst_destroy(&bst);
00358
00359 return v;
00360
00361 err:
00362 role_allow_free_item(pra);
00363 apol_bst_destroy(&bst);
00364 errno = error;
00365 return NULL;
00366 }
|
|
||||||||||||||||
|
Compare two pseudo_role_allow_t objects, determining if they have the same source name or not.
|
|
||||||||||||||||
|
Create, initialize, and insert a new semantic difference entry for a role allow rule.
Definition at line 428 of file rbac_diff.c. References poldiff_role_allow::added_roles, apol_vector_append(), apol_vector_cat(), diff, poldiff_role_allow_summary::diffs, ERR, make_ra_diff(), poldiff_role_allow_summary::num_added, poldiff_role_allow_summary::num_removed, poldiff_role_allow_t, poldiff_t, pseudo_role_allow_t, poldiff_role_allow::removed_roles, poldiff::role_allow_diffs, role_allow_free(), pseudo_role_allow::source_role, and pseudo_role_allow::target_roles. 00429 {
00430 pseudo_role_allow_t *ra = (pseudo_role_allow_t *) item;
00431 poldiff_role_allow_t *pra;
00432 int error;
00433
00434 pra = make_ra_diff(diff, form, ra->source_role);
00435 if (pra == NULL) {
00436 return -1;
00437 }
00438 int rt;
00439 if (form == POLDIFF_FORM_ADDED) {
00440 rt = apol_vector_cat(pra->added_roles, ra->target_roles);
00441 } else {
00442 rt = apol_vector_cat(pra->removed_roles, ra->target_roles);
00443 }
00444 if (rt < 0) {
00445 error = errno;
00446 ERR(diff, "%s", strerror(error));
00447 role_allow_free(pra);
00448 errno = error;
00449 return -1;
00450 }
00451 if (apol_vector_append(diff->role_allow_diffs->diffs, pra) < 0) {
00452 error = errno;
00453 ERR(diff, "%s", strerror(error));
00454 role_allow_free(pra);
00455 errno = error;
00456 return -1;
00457 }
00458 if (form == POLDIFF_FORM_ADDED) {
00459 diff->role_allow_diffs->num_added++;
00460 } else {
00461 diff->role_allow_diffs->num_removed++;
00462 }
00463 return 0;
00464 }
|
|
||||||||||||||||
|
Compute the semantic difference of two role allow rules for which the compare callback returns 0. If a difference is found then allocate, initialize, and insert a new semantic difference entry for that role allow rule.
Definition at line 466 of file rbac_diff.c. References poldiff_role_allow::added_roles, apol_str_strcmp(), apol_vector_append(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_sort(), apol_vector_t, diff, poldiff_role_allow_summary::diffs, ERR, make_ra_diff(), poldiff_role_allow_summary::num_modified, poldiff_role_allow::orig_roles, POLDIFF_FORM_MODIFIED, poldiff_role_allow_t, poldiff_t, pseudo_role_allow_t, poldiff_role_allow::removed_roles, poldiff::role_allow_diffs, role_allow_free(), pseudo_role_allow::source_role, and pseudo_role_allow::target_roles. 00467 {
00468 const pseudo_role_allow_t *p1 = x;
00469 const pseudo_role_allow_t *p2 = y;
00470 apol_vector_t *v1 = NULL, *v2 = NULL;
00471 char *role1, *role2;
00472 poldiff_role_allow_t *pra = NULL;
00473 size_t i, j;
00474 int retval = -1, error = 0, compval;
00475
00476 v1 = p1->target_roles;
00477 v2 = p2->target_roles;
00478
00479 apol_vector_sort(v1, apol_str_strcmp, NULL);
00480 apol_vector_sort(v2, apol_str_strcmp, NULL);
00481 for (i = j = 0; i < apol_vector_get_size(v1);) {
00482 if (j >= apol_vector_get_size(v2))
00483 break;
00484 role1 = (char *)apol_vector_get_element(v1, i);
00485 role2 = (char *)apol_vector_get_element(v2, j);
00486 compval = strcmp(role1, role2);
00487 if (pra == NULL) {
00488 if ((pra = make_ra_diff(diff, POLDIFF_FORM_MODIFIED, p1->source_role)) == NULL) {
00489 error = errno;
00490 goto cleanup;
00491 }
00492 }
00493 if (compval < 0) {
00494 if (apol_vector_append(pra->removed_roles, role1) < 0) {
00495 error = errno;
00496 ERR(diff, "%s", strerror(error));
00497 goto cleanup;
00498 }
00499 i++;
00500 } else if (compval > 0) {
00501 if (apol_vector_append(pra->added_roles, role2) < 0) {
00502 error = errno;
00503 ERR(diff, "%s", strerror(error));
00504 goto cleanup;
00505 }
00506 j++;
00507 } else {
00508 if (apol_vector_append(pra->orig_roles, role1) < 0) {
00509 error = errno;
00510 ERR(diff, "%s", strerror(error));
00511 goto cleanup;
00512 }
00513 i++;
00514 j++;
00515 }
00516 }
00517 for (; i < apol_vector_get_size(v1); i++) {
00518 role1 = (char *)apol_vector_get_element(v1, i);
00519 if (pra == NULL) {
00520 if ((pra = make_ra_diff(diff, POLDIFF_FORM_MODIFIED, p1->source_role)) == NULL) {
00521 error = errno;
00522 goto cleanup;
00523 }
00524 }
00525 if (apol_vector_append(pra->removed_roles, role1) < 0) {
00526 error = errno;
00527 free(role1);
00528 ERR(diff, "%s", strerror(error));
00529 goto cleanup;
00530 }
00531 }
00532 for (; j < apol_vector_get_size(v2); j++) {
00533 role2 = (char *)apol_vector_get_element(v2, j);
00534 if (pra == NULL) {
00535 if ((pra = make_ra_diff(diff, POLDIFF_FORM_MODIFIED, p1->source_role)) == NULL) {
00536 error = errno;
00537 goto cleanup;
00538 }
00539 }
00540 if (apol_vector_append(pra->added_roles, role2) < 0) {
00541 error = errno;
00542 free(role2);
00543 ERR(diff, "%s", strerror(error));
00544 goto cleanup;
00545 }
00546 }
00547 if (apol_vector_get_size(pra->added_roles) || apol_vector_get_size(pra->removed_roles)) {
00548 apol_vector_sort(pra->removed_roles, apol_str_strcmp, NULL);
00549 apol_vector_sort(pra->added_roles, apol_str_strcmp, NULL);
00550 apol_vector_sort(pra->orig_roles, apol_str_strcmp, NULL);
00551 if (apol_vector_append(diff->role_allow_diffs->diffs, pra) < 0) {
00552 error = errno;
00553 ERR(diff, "%s", strerror(error));
00554 goto cleanup;
00555 }
00556 diff->role_allow_diffs->num_modified++;
00557 } else {
00558 role_allow_free(pra);
00559 pra = NULL;
00560 }
00561 retval = 0;
00562 cleanup:
00563 if (retval != 0) {
00564 role_allow_free(pra);
00565 }
00566 errno = error;
00567 return retval;
00568 }
|
|
|
Allocate and return a new poldiff_role_trans_summary_t object.
Definition at line 698 of file rbac_diff.c. References apol_vector_create(), poldiff_role_trans_summary_t, role_trans_destroy(), and role_trans_free(). Referenced by poldiff_create(), and role_trans_reset(). 00699 {
00700 poldiff_role_trans_summary_t *rts = calloc(1, sizeof(*rts));
00701 if (rts == NULL) {
00702 return NULL;
00703 }
00704 if ((rts->diffs = apol_vector_create(role_trans_free)) == NULL) {
00705 role_trans_destroy(&rts);
00706 return NULL;
00707 }
00708 return rts;
00709 }
|
|
|
Deallocate all space associated with a poldiff_role_trans_summary_t object, including the pointer itself. If the pointer is already NULL then do nothing.
Definition at line 711 of file rbac_diff.c. References apol_vector_destroy(), and poldiff_role_trans_summary_t. Referenced by poldiff_destroy(), role_trans_create(), and role_trans_reset(). 00712 {
00713 if (rts != NULL && *rts != NULL) {
00714 apol_vector_destroy(&(*rts)->diffs);
00715 free(*rts);
00716 *rts = NULL;
00717 }
00718 }
|
|
|
Reset the state of all role_transition rule differences.
Definition at line 720 of file rbac_diff.c. References diff, ERR, poldiff_t, role_trans_create(), role_trans_destroy(), and poldiff::role_trans_diffs. 00721 {
00722 int error = 0;
00723
00724 if (diff == NULL) {
00725 ERR(diff, "%s", strerror(EINVAL));
00726 errno = EINVAL;
00727 return -1;
00728 }
00729
00730 role_trans_destroy(&diff->role_trans_diffs);
00731 diff->role_trans_diffs = role_trans_create();
00732 if (diff->role_trans_diffs == NULL) {
00733 error = errno;
00734 ERR(diff, "%s", strerror(error));
00735 errno = error;
00736 return -1;
00737 }
00738
00739 return 0;
00740 }
|
|
||||||||||||
|
Get a vector of all role_transition rules from the given policy, sorted by source name.
Definition at line 785 of file rbac_diff.c. References apol_policy_get_qpol(), apol_policy_t, apol_vector_append(), apol_vector_create(), apol_vector_destroy(), apol_vector_sort_uniquify(), apol_vector_t, diff, ERR, poldiff::orig_pol, POLDIFF_POLICY_ORIG, poldiff_t, pseudo_role_trans_comp(), pseudo_role_trans_t, qpol_iterator_destroy(), qpol_iterator_end(), qpol_iterator_get_item(), qpol_iterator_next(), qpol_iterator_t, qpol_policy_get_role_trans_iter(), qpol_policy_t, qpol_role_get_name(), qpol_role_t, qpol_role_trans_get_default_role(), qpol_role_trans_get_source_role(), qpol_role_trans_get_target_type(), qpol_role_trans_t, qpol_type_get_isattr(), qpol_type_get_type_iter(), qpol_type_t, role_trans_free_item(), and type_map_lookup(). 00786 {
00787 qpol_iterator_t *iter = NULL, *attr_types = NULL;
00788 apol_vector_t *v = NULL;
00789 const qpol_role_trans_t *qrt = NULL;
00790 pseudo_role_trans_t *tmp_prt = NULL;
00791 const char *tmp_name = NULL;
00792 const qpol_role_t *tmp_role = NULL;
00793 const qpol_type_t *tmp_type = NULL;
00794 qpol_policy_t *q = apol_policy_get_qpol(policy);
00795 int error = 0, which_pol;
00796 unsigned char isattr = 0;
00797
00798 which_pol = (policy == diff->orig_pol ? POLDIFF_POLICY_ORIG : POLDIFF_POLICY_MOD);
00799 if (qpol_policy_get_role_trans_iter(q, &iter)) {
00800 error = errno;
00801 goto err;
00802 }
00803 v = apol_vector_create(role_trans_free_item);
00804 if (!v) {
00805 error = errno;
00806 ERR(diff, "%s", strerror(error));
00807 goto err;
00808 }
00809 for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
00810 isattr = 0;
00811 if (qpol_iterator_get_item(iter, (void **)&qrt) < 0) {
00812 error = errno;
00813 ERR(diff, "%s", strerror(error));
00814 goto err;
00815 }
00816 if (qpol_role_trans_get_target_type(q, qrt, &tmp_type) < 0) {
00817 error = errno;
00818 goto err;
00819 }
00820 qpol_type_get_isattr(q, tmp_type, &isattr);
00821 if (isattr) {
00822 qpol_type_get_type_iter(q, tmp_type, &attr_types);
00823 for (; !qpol_iterator_end(attr_types); qpol_iterator_next(attr_types)) {
00824 qpol_iterator_get_item(attr_types, (void **)&tmp_type);
00825 if (!(tmp_prt = calloc(1, sizeof(*tmp_prt)))) {
00826 error = errno;
00827 ERR(diff, "%s", strerror(error));
00828 goto err;
00829 }
00830 tmp_prt->pseudo_target = type_map_lookup(diff, tmp_type, which_pol);
00831 qpol_role_trans_get_source_role(q, qrt, &tmp_role);
00832 qpol_role_get_name(q, tmp_role, &tmp_name);
00833 tmp_prt->source_role = tmp_name;
00834 qpol_role_trans_get_default_role(q, qrt, &tmp_role);
00835 qpol_role_get_name(q, tmp_role, &tmp_name);
00836 tmp_prt->default_role = tmp_name;
00837 if (apol_vector_append(v, tmp_prt)) {
00838 error = errno;
00839 ERR(diff, "%s", strerror(error));
00840 goto err;
00841 }
00842 tmp_prt = NULL;
00843 }
00844 qpol_iterator_destroy(&attr_types);
00845 } else {
00846 if (!(tmp_prt = calloc(1, sizeof(*tmp_prt)))) {
00847 error = errno;
00848 ERR(diff, "%s", strerror(error));
00849 goto err;
00850 }
00851 tmp_prt->pseudo_target = type_map_lookup(diff, tmp_type, which_pol);
00852 qpol_role_trans_get_source_role(q, qrt, &tmp_role);
00853 qpol_role_get_name(q, tmp_role, &tmp_name);
00854 tmp_prt->source_role = tmp_name;
00855 qpol_role_trans_get_default_role(q, qrt, &tmp_role);
00856 qpol_role_get_name(q, tmp_role, &tmp_name);
00857 tmp_prt->default_role = tmp_name;
00858 if (apol_vector_append(v, tmp_prt)) {
00859 error = errno;
00860 ERR(diff, "%s", strerror(error));
00861 goto err;
00862 }
00863 tmp_prt = NULL;
00864 }
00865 }
00866 qpol_iterator_destroy(&iter);
00867 apol_vector_sort_uniquify(v, pseudo_role_trans_comp, diff);
00868
00869 return v;
00870
00871 err:
00872 qpol_iterator_destroy(&iter);
00873 qpol_iterator_destroy(&attr_types);
00874 apol_vector_destroy(&v);
00875 free(tmp_prt);
00876 errno = error;
00877 return NULL;
00878 }
|
|
||||||||||||||||
|
Compare two pseudo_role_trans_t objects, determining if they have the same source name and target or not.
|
|
||||||||||||||||
|
Create, initialize, and insert a new semantic difference entry for a role_transition rule.
Definition at line 920 of file rbac_diff.c. References apol_vector_append(), pseudo_role_trans::default_role, diff, poldiff_role_trans_summary::diffs, ERR, make_rt_diff(), poldiff_role_trans::mod_default, poldiff_role_trans_summary::num_added, poldiff_role_trans_summary::num_added_type, poldiff_role_trans_summary::num_removed, poldiff_role_trans_summary::num_removed_type, poldiff_role_trans::orig_default, POLDIFF_FORM_ADD_TYPE, POLDIFF_FORM_ADDED, POLDIFF_FORM_MODIFIED, POLDIFF_FORM_NONE, POLDIFF_FORM_REMOVE_TYPE, POLDIFF_FORM_REMOVED, POLDIFF_POLICY_MOD, POLDIFF_POLICY_ORIG, poldiff_role_trans_t, poldiff_t, pseudo_role_trans_t, pseudo_role_trans::pseudo_target, poldiff::role_trans_diffs, role_trans_free(), pseudo_role_trans::source_role, and type_map_get_name(). 00921 {
00922 const pseudo_role_trans_t *rt = item;
00923 poldiff_role_trans_t *prt = NULL;
00924 const char *tgt_name = NULL;
00925 int error = 0;
00926
00927 /* get tgt_name from type_map */
00928 switch (form) {
00929 case POLDIFF_FORM_ADDED:
00930 {
00931 tgt_name = type_map_get_name(diff, rt->pseudo_target, POLDIFF_POLICY_MOD);
00932 if (type_map_get_name(diff, rt->pseudo_target, POLDIFF_POLICY_ORIG) == NULL) {
00933 form = POLDIFF_FORM_ADD_TYPE;
00934 }
00935 break;
00936 }
00937 case POLDIFF_FORM_REMOVED:
00938 {
00939 tgt_name = type_map_get_name(diff, rt->pseudo_target, POLDIFF_POLICY_ORIG);
00940 if (type_map_get_name(diff, rt->pseudo_target, POLDIFF_POLICY_MOD) == NULL) {
00941 form = POLDIFF_FORM_REMOVE_TYPE;
00942 }
00943 break;
00944 }
00945 case POLDIFF_FORM_MODIFIED: /* not supported here */
00946 case POLDIFF_FORM_NONE:
00947 default:
00948 {
00949 assert(0);
00950 return -1;
00951 }
00952 }
00953 assert(tgt_name != NULL);
00954
00955 /* create a new diff */
00956 prt = make_rt_diff(diff, form, rt->source_role, tgt_name);
00957 if (!prt)
00958 return -1;
00959
00960 /* set the appropriate default */
00961 switch (form) {
00962 case POLDIFF_FORM_ADDED:
00963 case POLDIFF_FORM_ADD_TYPE:
00964 {
00965 prt->mod_default = rt->default_role;
00966 break;
00967 }
00968 case POLDIFF_FORM_REMOVED:
00969 case POLDIFF_FORM_REMOVE_TYPE:
00970 {
00971 prt->orig_default = rt->default_role;
00972 break;
00973 }
00974 default:
00975 {
00976 /* not reachable */
00977 assert(0);
00978 }
00979 }
00980 if (apol_vector_append(diff->role_trans_diffs->diffs, prt)) {
00981 error = errno;
00982 ERR(diff, "%s", strerror(error));
00983 role_trans_free(prt);
00984 errno = error;
00985 return -1;
00986 };
00987
00988 /* increment appropriate counter */
00989 switch (form) {
00990 case POLDIFF_FORM_ADDED:
00991 {
00992 diff->role_trans_diffs->num_added++;
00993 break;
00994 }
00995 case POLDIFF_FORM_ADD_TYPE:
00996 {
00997 diff->role_trans_diffs->num_added_type++;
00998 break;
00999 }
01000 case POLDIFF_FORM_REMOVED:
01001 {
01002 diff->role_trans_diffs->num_removed++;
01003 break;
01004 }
01005 case POLDIFF_FORM_REMOVE_TYPE:
01006 {
01007 diff->role_trans_diffs->num_removed_type++;
01008 break;
01009 }
01010 default:
01011 {
01012 /* not reachable */
01013 assert(0);
01014 }
01015 }
01016
01017 return 0;
01018 }
|
|
||||||||||||||||
|
Compute the semantic difference of two role_transition rules for which the compare callback returns 0. If a difference is found then allocate, initialize, and insert a new semantic difference entry for that role_transition rule.
Definition at line 1020 of file rbac_diff.c. References apol_vector_append(), pseudo_role_trans::default_role, diff, poldiff_role_trans_summary::diffs, ERR, make_rt_diff(), poldiff_role_trans::mod_default, poldiff_role_trans_summary::num_modified, poldiff_role_trans::orig_default, POLDIFF_FORM_MODIFIED, POLDIFF_POLICY_ORIG, poldiff_role_trans_t, poldiff_t, pseudo_role_trans_t, pseudo_role_trans::pseudo_target, poldiff::role_trans_diffs, role_trans_free(), pseudo_role_trans::source_role, and type_map_get_name(). 01021 {
01022 const pseudo_role_trans_t *prt1 = x;
01023 const pseudo_role_trans_t *prt2 = y;
01024 const char *default1 = NULL, *default2 = NULL;
01025 poldiff_role_trans_t *rt = NULL;
01026 const char *tgt = NULL;
01027 int error = 0;
01028
01029 default1 = prt1->default_role;
01030 default2 = prt2->default_role;
01031
01032 if (!strcmp(default1, default2))
01033 return 0; /* no difference */
01034
01035 tgt = type_map_get_name(diff, prt1->pseudo_target, POLDIFF_POLICY_ORIG);
01036 assert(tgt != NULL);
01037 rt = make_rt_diff(diff, POLDIFF_FORM_MODIFIED, prt1->source_role, tgt);
01038 if (!rt)
01039 return -1; /* errors already reported */
01040 rt->orig_default = default1;
01041 rt->mod_default = default2;
01042 if (apol_vector_append(diff->role_trans_diffs->diffs, rt)) {
01043 error = errno;
01044 ERR(diff, "%s", strerror(error));
01045 role_trans_free(rt);
01046 errno = error;
01047 return -1;
01048 };
01049 diff->role_trans_diffs->num_modified++;
01050
01051 return 0;
01052 }
|
