Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Class Members | File Members | Related Pages | Search for 

sefs_query Class Reference

#include <query.hh>

List of all members.

Detailed Description

This class represents a query into a (subclass of) fclist.

Create a query, fill in all accessors are needed, and then run the query. All fields must match for an entry to be returned. Where a fclist does not support a particular criterion (e.g., inode numbers for fcfile) that portion of the query is considered to be matching.

Definition at line 57 of file query.hh.


Public Member Functions

 sefs_query ()
 Allocate and return a new sefs query structure.
 ~sefs_query ()
void user (const char *name) throw (std::bad_alloc)
 Set a sefs query to match only entries with contexts with the user name.
void role (const char *name) throw (std::bad_alloc)
 Set a sefs query to match only entries with contexts with the role name.
void type (const char *name, bool indirect) throw (std::bad_alloc)
 Set a sefs query to match only entries with contexts with the type name.
void range (const char *name, int match) throw (std::bad_alloc)
 Set a sefs query to match only entries with contexts with a range of range.
void objectClass (uint32_t objclass)
 Set a sefs query to match only entries with object class objclass.
void objectClass (const char *name)
 Set a sefs query to match only entries with object class name.
void path (const char *str) throw (std::bad_alloc)
 Set a sefs query to match only entries with path path.
void inode (ino64_t ino)
 Set a sefs query to match only entries with a given inode number.
void dev (const char *str) throw (std::bad_alloc)
 Set a sefs query to match only entries with a given device name.
void regex (bool r)
 Set a sefs query to use regular expression matching for string fields.

Private Member Functions

void compile () throw (std::bad_alloc, std::invalid_argument)
 Compile the regular expressions stored within this query object.

Private Attributes

char * _user
char * _role
char * _type
char * _range
char * _path
char * _dev
uint32_t _objclass
bool _indirect
bool _regex
bool _recursive
int _rangeMatch
ino64_t _inode
bool _recompiled
regex_t * _reuser
regex_t * _rerole
regex_t * _retype
regex_t * _rerange
regex_t * _repath
regex_t * _redev

Friends

class sefs_db
class sefs_fcfile
class sefs_filesystem

Constructor & Destructor Documentation

sefs_query::sefs_query  ) 
 

Allocate and return a new sefs query structure.

All fields are initialized, such that running this blank query results in returning all entries within a fclist.

Definition at line 38 of file query.cc.

References _dev, _indirect, _inode, _objclass, _path, _range, _recompiled, _recursive, _redev, _regex, _repath, _rerange, _rerole, _retype, _reuser, _role, _type, and _user.

00039 {
00040         _user = _role = _type = _range = NULL;
00041         _path = _dev = NULL;
00042         _objclass = QPOL_CLASS_ALL;
00043         _indirect = _regex = _recursive = false;
00044         _inode = 0;
00045         _recompiled = false;
00046         _reuser = _rerole = _retype = _rerange = _repath = _redev = NULL;
00047 }

sefs_query::~sefs_query  ) 
 

Definition at line 49 of file query.cc.

References _dev, _path, _range, _redev, _repath, _rerange, _rerole, _retype, _reuser, _role, _type, and _user.

00050 {
00051         free(_user);
00052         free(_role);
00053         free(_type);
00054         free(_range);
00055         free(_path);
00056         free(_dev);
00057         if (_recompiled)
00058         {
00059                 regfree(_reuser);
00060                 free(_reuser);
00061                 regfree(_rerole);
00062                 free(_rerole);
00063                 regfree(_retype);
00064                 free(_retype);
00065                 regfree(_rerange);
00066                 free(_rerange);
00067                 regfree(_repath);
00068                 free(_repath);
00069                 regfree(_redev);
00070                 free(_redev);
00071         }
00072 }

Member Function Documentation

void sefs_query::user const char *  name  )  throw (std::bad_alloc)
 

Set a sefs query to match only entries with contexts with the user name.

Parameters:
name Limit query to only contexts with this user, or NULL to clear this field. The string will be duplicated.
Exceptions:
std::bad_alloc Out of memory.

Definition at line 74 of file query.cc.

Referenced by fcfile_query(), main(), and sefs_query_set_user().

00075 {
00076         if (name != _user)
00077         {
00078                 free(_user);
00079                 _user = NULL;
00080                 if (name != NULL && *name != '\0' && (_user = strdup(name)) == NULL)
00081                 {
00082                         throw std::bad_alloc();
00083                 }
00084         }
00085 }

void sefs_query::role const char *  name  )  throw (std::bad_alloc)
 

Set a sefs query to match only entries with contexts with the role name.

Parameters:
name Limit query to only contexts with this role, or NULL to clear this field. The string will be duplicated.
Exceptions:
std::bad_alloc Out of memory.

Definition at line 87 of file query.cc.

Referenced by fcfile_query(), main(), and sefs_query_set_role().

00088 {
00089         if (name != _role)
00090         {
00091                 free(_role);
00092                 _role = NULL;
00093                 if (name != NULL && *name != '\0' && (_role = strdup(name)) == NULL)
00094                 {
00095                         throw std::bad_alloc();
00096                 }
00097         }
00098 }

void sefs_query::type const char *  name,
bool  indirect
throw (std::bad_alloc)
 

Set a sefs query to match only entries with contexts with the type name.

Parameters:
name Limit query to only contexts with this type, or NULL to clear this field. The string will be duplicated.
indirect If true and if the fclist queried has access to a policy, also match contexts with types in attribute name or types which are an alias for name. If a policy is not available, this field is ignored, and exact string matching is used instead. This paramater is ignored if name is NULL.
Exceptions:
std::bad_alloc Out of memory.
See also:
sefs_fclist::associatePolicy() to associate a policy with a fclist.

Definition at line 100 of file query.cc.

Referenced by fcfile_query(), main(), and sefs_query_set_type().

00101 {
00102         if (name != _type)
00103         {
00104                 free(_type);
00105                 _type = NULL;
00106                 if (name != NULL && *name != '\0')
00107                 {
00108                         if ((_type = strdup(name)) == NULL)
00109                         {
00110                                 throw std::bad_alloc();
00111                         }
00112                         _indirect = indirect;
00113                 }
00114         }
00115 }

void sefs_query::range const char *  name,
int  match
throw (std::bad_alloc)
 

Set a sefs query to match only entries with contexts with a range of range.

If the fclist is not MLS then name and match will be ignored.

Parameters:
name Limit query to only contexts matching this string representing the MLS range, or NULL to clear this field. The string will be duplicated.
match If non-zero and the fclist queried has access to a policy, match the range using the specified semantics; this should be one of APOL_QUERY_SUB, APOL_QUERY_SUPER, or APOL_QUERY_EXACT. (The range string will be converted automatically into an apol_mls_range_t object.) If a policy is not available or match is zero, exact string matching is used instead. Note, if a policy is available the regex flag is ignored if match is non-zero. This parameter is ignored if range is NULL.
Exceptions:
std::bad_alloc Out of memory.
See also:
sefs_fclist::associatePolicy() to associate a policy with a fclist.

Definition at line 117 of file query.cc.

Referenced by fcfile_query(), main(), and sefs_query_set_range().

00118 {
00119         if (name != _range)
00120         {
00121                 free(_range);
00122                 _range = NULL;
00123                 if (name != NULL && *name != '\0')
00124                 {
00125                         if ((_range = strdup(name)) == NULL)
00126                         {
00127                                 throw std::bad_alloc();
00128                         }
00129                         _rangeMatch = match;
00130                 }
00131         }
00132 }

void sefs_query::objectClass uint32_t  objclass  ) 
 

Set a sefs query to match only entries with object class objclass.

Note: If the query is run against a fcfile, then entries without explicit object classes (i.e., no explicit --, -d, etc.) will always match irrespective of the query's object class field.

Parameters:
Numeric identifier for an objclass, one of QPOL_CLASS_FILE, QPOL_CLASS_DIR, etc., as defined in <qpol/genfscon_query.h>. Use QPOL_CLASS_ALL to match all object classes.

Definition at line 134 of file query.cc.

References _objclass.

Referenced by fcfile_query(), main(), sefs_query_set_object_class(), and sefs_query_set_object_class_str().

00135 {
00136         _objclass = objclass;
00137 }

void sefs_query::objectClass const char *  name  ) 
 

Set a sefs query to match only entries with object class name.

The name parameter is not affected by regex().

Parameters:
name Limit query to only entries with this object class, or NULL to clear this field. The incoming string must be legal according to apol_str_to_objclass().
See also:
objectClass(uint32_t) for note about fcfiles.

Definition at line 139 of file query.cc.

References _objclass, and apol_str_to_objclass().

00140 {
00141         if (name == NULL || *name == '\0' || strcmp(name, "any") == 0)
00142         {
00143                 _objclass = QPOL_CLASS_ALL;
00144         }
00145         else
00146         {
00147                 uint32_t o = apol_str_to_objclass(name);
00148                 if (o != QPOL_CLASS_ALL)
00149                 {
00150                         _objclass = o;
00151                 }
00152         }
00153 }

void sefs_query::path const char *  str  )  throw (std::bad_alloc)
 

Set a sefs query to match only entries with path path.

Note: If the query is run against a fcfile, the behavior of matching paths is slightly different. For each of fcfile's entries, that entry's regular expression is matched against path. This is the reverse for other types of fclist, where path matches an entry's path if path is a substring. (If sefs_query::regex() is set to true, path is instead treated as a regular expression.)

Parameters:
str Limit query to only entries containing this path, or NULL to clear this field. The string will be duplicated.
Exceptions:
std::bad_alloc Out of memory.

Definition at line 155 of file query.cc.

Referenced by fcfile_query(), main(), and sefs_query_set_path().

00156 {
00157         if (str != _path)
00158         {
00159                 free(_path);
00160                 _path = NULL;
00161                 if (str != NULL && *str != '\0' && (_path = strdup(str)) == NULL)
00162                 {
00163                         throw std::bad_alloc();
00164                 }
00165         }
00166 }

void sefs_query::inode ino64_t  ino  ) 
 

Set a sefs query to match only entries with a given inode number.

Parameters:
ino Limit query to only entries with this inode number, or 0 to clear this field.

Definition at line 168 of file query.cc.

References _inode.

Referenced by fcfile_query(), and sefs_query_set_inode().

00169 {
00170         _inode = ino;
00171 }

void sefs_query::dev const char *  str  )  throw (std::bad_alloc)
 

Set a sefs query to match only entries with a given device name.

Parameters:
str Limit query to only entries with this device name, or NULL to clear this string. The string will be duplicated.
Exceptions:
std::bad_alloc Out of memory.
See also:
sefs_filesystem::getDevName() to convert between dev_t and a name.

Definition at line 173 of file query.cc.

Referenced by fcfile_query(), and sefs_query_set_dev().

00174 {
00175         if (str != _dev)
00176         {
00177                 free(_dev);
00178                 _dev = NULL;
00179                 if (str != NULL && *str != '\0' && (_dev = strdup(str)) == NULL)
00180                 {
00181                         throw std::bad_alloc();
00182                 }
00183         }
00184 }

void sefs_query::regex bool  r  ) 
 

Set a sefs query to use regular expression matching for string fields.

Parameters:
r If true then use regular expression matching; otherwise use only exact string matching.

Definition at line 186 of file query.cc.

References _regex.

Referenced by fcfile_query(), main(), and sefs_query_set_regex().

00187 {
00188         _regex = r;
00189 }

void sefs_query::compile  )  throw (std::bad_alloc, std::invalid_argument) [private]
 

Compile the regular expressions stored within this query object.

It is safe to call this function multiple times.

Exceptions:
std::bad_alloc Out of memory.
std::invalid_argument One or more invalid regular expressions is invalid.

Definition at line 193 of file query.cc.

References _dev, _path, _range, _recompiled, _redev, _repath, _rerange, _rerole, _retype, _reuser, _role, _type, and _user.

00194 {
00195         if (_recompiled)
00196         {
00197                 regfree(_reuser);
00198                 regfree(_rerole);
00199                 regfree(_retype);
00200                 regfree(_rerange);
00201                 regfree(_repath);
00202                 regfree(_redev);
00203         }
00204         else
00205         {
00206                 if ((_reuser = static_cast < regex_t * >(malloc(sizeof(*_reuser)))) == NULL)
00207                 {
00208                         throw std::bad_alloc();
00209                 }
00210                 if ((_rerole = static_cast < regex_t * >(malloc(sizeof(*_rerole)))) == NULL)
00211                 {
00212                         throw std::bad_alloc();
00213                 }
00214                 if ((_retype = static_cast < regex_t * >(malloc(sizeof(*_retype)))) == NULL)
00215                 {
00216                         throw std::bad_alloc();
00217                 }
00218                 if ((_rerange = static_cast < regex_t * >(malloc(sizeof(*_rerange)))) == NULL)
00219                 {
00220                         throw std::bad_alloc();
00221                 }
00222                 if ((_repath = static_cast < regex_t * >(malloc(sizeof(*_repath)))) == NULL)
00223                 {
00224                         throw std::bad_alloc();
00225                 }
00226                 if ((_redev = static_cast < regex_t * >(malloc(sizeof(*_redev)))) == NULL)
00227                 {
00228                         throw std::bad_alloc();
00229                 }
00230         }
00231         char errbuf[1024] = { '\0' };
00232         int regretv;
00233         const char *s = (_user == NULL ? "" : _user);
00234         if ((regretv = regcomp(_reuser, s, REG_EXTENDED | REG_NOSUB)))
00235         {
00236                 regerror(regretv, _reuser, errbuf, 1024);
00237                 throw std::invalid_argument(errbuf);
00238         }
00239         s = (_role == NULL ? "" : _role);
00240         if ((regretv = regcomp(_rerole, s, REG_EXTENDED | REG_NOSUB)))
00241         {
00242                 regerror(regretv, _reuser, errbuf, 1024);
00243                 throw std::invalid_argument(errbuf);
00244         }
00245         s = (_type == NULL ? "" : _type);
00246         if ((regretv = regcomp(_retype, s, REG_EXTENDED | REG_NOSUB)))
00247         {
00248                 regerror(regretv, _reuser, errbuf, 1024);
00249                 throw std::invalid_argument(errbuf);
00250         }
00251         s = (_range == NULL ? "" : _range);
00252         if ((regretv = regcomp(_rerange, s, REG_EXTENDED | REG_NOSUB)))
00253         {
00254                 regerror(regretv, _reuser, errbuf, 1024);
00255                 throw std::invalid_argument(errbuf);
00256         }
00257         s = (_path == NULL ? "" : _path);
00258         if ((regretv = regcomp(_repath, s, REG_EXTENDED | REG_NOSUB)))
00259         {
00260                 regerror(regretv, _reuser, errbuf, 1024);
00261                 throw std::invalid_argument(errbuf);
00262         }
00263         s = (_dev == NULL ? "" : _dev);
00264         if ((regretv = regcomp(_redev, s, REG_EXTENDED | REG_NOSUB)))
00265         {
00266                 regerror(regretv, _reuser, errbuf, 1024);
00267                 throw std::invalid_argument(errbuf);
00268         }
00269         _recompiled = true;
00270 }

Friends And Related Function Documentation

friend class sefs_db [friend]
 

Definition at line 59 of file query.hh.

friend class sefs_fcfile [friend]
 

Definition at line 60 of file query.hh.

friend class sefs_filesystem [friend]
 

Definition at line 61 of file query.hh.

Member Data Documentation

char* sefs_query::_user [private]
 

Definition at line 216 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

char * sefs_query::_role [private]
 

Definition at line 216 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

char * sefs_query::_type [private]
 

Definition at line 216 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

char * sefs_query::_range [private]
 

Definition at line 216 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

char * sefs_query::_path [private]
 

Definition at line 216 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

char * sefs_query::_dev [private]
 

Definition at line 216 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

uint32_t sefs_query::_objclass [private]
 

Definition at line 217 of file query.hh.

Referenced by objectClass(), and sefs_query().

bool sefs_query::_indirect [private]
 

Definition at line 218 of file query.hh.

Referenced by sefs_query().

bool sefs_query::_regex [private]
 

Definition at line 218 of file query.hh.

Referenced by regex(), and sefs_query().

bool sefs_query::_recursive [private]
 

Definition at line 218 of file query.hh.

Referenced by sefs_query().

int sefs_query::_rangeMatch [private]
 

Definition at line 219 of file query.hh.

ino64_t sefs_query::_inode [private]
 

Definition at line 220 of file query.hh.

Referenced by inode(), and sefs_query().

bool sefs_query::_recompiled [private]
 

Definition at line 221 of file query.hh.

Referenced by compile(), and sefs_query().

regex_t* sefs_query::_reuser [private]
 

Definition at line 222 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

regex_t * sefs_query::_rerole [private]
 

Definition at line 222 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

regex_t * sefs_query::_retype [private]
 

Definition at line 222 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

regex_t * sefs_query::_rerange [private]
 

Definition at line 222 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

regex_t * sefs_query::_repath [private]
 

Definition at line 222 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

regex_t * sefs_query::_redev [private]
 

Definition at line 222 of file query.hh.

Referenced by compile(), sefs_query(), and ~sefs_query().

The documentation for this class was generated from the following files: