The caller obtains a query object, fills in its parameters, and then runs the query; it obtains a vector of results. Searches are conjunctive -- all fields of the search query must match for a datum to be added to the results query.
Jason Tang jtang@tresys.com
This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
Definition in file role-query.c.
#include "policy-query-internal.h"
#include <errno.h>
Go to the source code of this file.
Classes | |
| struct | apol_role_query |
Functions | |
| int | apol_role_get_by_query (const apol_policy_t *p, apol_role_query_t *r, apol_vector_t **v) |
| Execute a query against all roles within the policy. | |
| apol_role_query_t * | apol_role_query_create (void) |
| Allocate and return a new role query structure. | |
| void | apol_role_query_destroy (apol_role_query_t **r) |
| Deallocate all memory associated with the referenced role query, and then set it to NULL. | |
| int | apol_role_query_set_role (const apol_policy_t *p, apol_role_query_t *r, const char *name) |
| Set a role query to return only roles that match this name. | |
| int | apol_role_query_set_type (const apol_policy_t *p, apol_role_query_t *r, const char *name) |
| Set a role query to return only roles containing this type or one of its aliases. | |
| int | apol_role_query_set_regex (const apol_policy_t *p, apol_role_query_t *r, int is_regex) |
| Set a role query to use regular expression searching for all of its fields. | |
| int | apol_role_has_type (const apol_policy_t *p, const qpol_role_t *r, const qpol_type_t *t) |
| See if the role passed in includes the type that is the second parameter. | |
|
||||||||||||||||
|
Execute a query against all roles within the policy.
Definition at line 43 of file role-query.c. References apol_compare(), apol_compare_type(), apol_policy_t, apol_role_query_t, apol_vector_append(), apol_vector_create(), apol_vector_destroy(), apol_vector_t, ERR, apol_role_query::flags, apol_policy::p, qpol_iterator_destroy(), qpol_iterator_end(), qpol_iterator_get_item(), qpol_iterator_next(), qpol_iterator_t, qpol_policy_get_role_iter(), qpol_role_get_name(), qpol_role_get_type_iter(), qpol_role_t, qpol_type_t, apol_role_query::role_name, apol_role_query::role_regex, apol_role_query::type_name, and apol_role_query::type_regex. Referenced by apol_context_validate_partial(), apol_types_relation_common_roles(), apol_types_relation_common_users(), attribs_wo_rules_run(), domains_wo_roles_run(), filter_view_get_policy_roles(), find_domains_run(), imp_range_trans_run(), inc_dom_trans_run(), policy_view_stats_update(), role_basic(), role_regex(), roles_wo_allow_run(), roles_wo_types_run(), roles_wo_users_run(), and unreachable_doms_run(). 00044 {
00045 qpol_iterator_t *iter = NULL, *type_iter = NULL;
00046 int retval = -1, append_role;
00047 *v = NULL;
00048 if (qpol_policy_get_role_iter(p->p, &iter) < 0) {
00049 return -1;
00050 }
00051 if ((*v = apol_vector_create(NULL)) == NULL) {
00052 ERR(p, "%s", strerror(errno));
00053 goto cleanup;
00054 }
00055 for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
00056 qpol_role_t *role;
00057 if (qpol_iterator_get_item(iter, (void **)&role) < 0) {
00058 goto cleanup;
00059 }
00060 append_role = 1;
00061 if (r != NULL) {
00062 const char *role_name;
00063 int compval;
00064 if (qpol_role_get_name(p->p, role, &role_name) < 0) {
00065 goto cleanup;
00066 }
00067 compval = apol_compare(p, role_name, r->role_name, r->flags, &(r->role_regex));
00068 if (compval < 0) {
00069 goto cleanup;
00070 } else if (compval == 0) {
00071 continue;
00072 }
00073 if (r->type_name == NULL || r->type_name[0] == '\0') {
00074 goto end_of_query;
00075 }
00076 if (qpol_role_get_type_iter(p->p, role, &type_iter) < 0) {
00077 goto cleanup;
00078 }
00079 append_role = 0;
00080 for (; !qpol_iterator_end(type_iter); qpol_iterator_next(type_iter)) {
00081 qpol_type_t *type;
00082 if (qpol_iterator_get_item(type_iter, (void **)&type) < 0) {
00083 goto cleanup;
00084 }
00085 compval = apol_compare_type(p, type, r->type_name, r->flags, &(r->type_regex));
00086 if (compval < 0) {
00087 goto cleanup;
00088 } else if (compval == 1) {
00089 append_role = 1;
00090 break;
00091 }
00092 }
00093 qpol_iterator_destroy(&type_iter);
00094 }
00095 end_of_query:
00096 if (append_role && apol_vector_append(*v, role)) {
00097 ERR(p, "%s", strerror(ENOMEM));
00098 goto cleanup;
00099 }
00100 }
00101
00102 retval = 0;
00103 cleanup:
00104 if (retval != 0) {
00105 apol_vector_destroy(v);
00106 }
00107 qpol_iterator_destroy(&iter);
00108 qpol_iterator_destroy(&type_iter);
00109 return retval;
00110 }
|
|
|
Allocate and return a new role query structure. All fields are initialized, such that running this blank query results in returning all roles within the policy. The caller must call apol_role_query_destroy() upon the return value afterwards.
Definition at line 112 of file role-query.c. References apol_role_query_t. Referenced by apol_context_validate_partial(), apol_types_relation_common_roles(), apol_types_relation_common_users(), attribs_wo_rules_run(), domains_wo_roles_run(), find_domains_run(), imp_range_trans_run(), inc_dom_trans_run(), role_basic(), role_regex(), and unreachable_doms_run(). 00113 {
00114 return calloc(1, sizeof(apol_role_query_t));
00115 }
|
|
|
Deallocate all memory associated with the referenced role query, and then set it to NULL. This function does nothing if the query is already NULL.
Definition at line 117 of file role-query.c. References apol_regex_destroy(), and apol_role_query_t. Referenced by apol_context_validate_partial(), apol_types_relation_common_roles(), apol_types_relation_common_users(), attribs_wo_rules_run(), domains_wo_roles_run(), find_domains_run(), imp_range_trans_run(), inc_dom_trans_run(), role_basic(), role_regex(), and unreachable_doms_run(). 00118 {
00119 if (*r != NULL) {
00120 free((*r)->role_name);
00121 free((*r)->type_name);
00122 apol_regex_destroy(&(*r)->role_regex);
00123 apol_regex_destroy(&(*r)->type_regex);
00124 free(*r);
00125 *r = NULL;
00126 }
00127 }
|
|
||||||||||||||||
|
Set a role query to return only roles that match this name. This function duplicates the incoming name.
Definition at line 129 of file role-query.c. References apol_policy_t, apol_query_set(), apol_role_query_t, apol_role_query::role_name, and apol_role_query::role_regex. Referenced by apol_context_validate_partial(), role_basic(), and role_regex(). 00130 {
00131 return apol_query_set(p, &r->role_name, &r->role_regex, name);
00132 }
|
|
||||||||||||||||
|
Set a role query to return only roles containing this type or one of its aliases. This function duplicates the incoming name.
Definition at line 134 of file role-query.c. References apol_policy_t, apol_query_set(), apol_role_query_t, apol_role_query::type_name, and apol_role_query::type_regex. Referenced by apol_context_validate_partial(), apol_types_relation_common_roles(), apol_types_relation_common_users(), attribs_wo_rules_run(), domains_wo_roles_run(), find_domains_run(), imp_range_trans_run(), inc_dom_trans_run(), role_basic(), role_regex(), and unreachable_doms_run(). 00135 {
00136 return apol_query_set(p, &r->type_name, &r->type_regex, name);
00137 }
|
|
||||||||||||||||
|
Set a role query to use regular expression searching for all of its fields. Strings will be treated as regexes instead of literals.
Definition at line 139 of file role-query.c. References apol_policy_t, apol_query_set_regex(), apol_role_query_t, and apol_role_query::flags. Referenced by role_regex(). 00140 {
00141 return apol_query_set_regex(p, &r->flags, is_regex);
00142 }
|
|
||||||||||||||||
|
See if the role passed in includes the type that is the second parameter.
Definition at line 144 of file role-query.c. References apol_policy_t, apol_policy::p, qpol_iterator_destroy(), qpol_iterator_end(), qpol_iterator_get_item(), qpol_iterator_next(), qpol_iterator_t, qpol_role_get_type_iter(), qpol_type_get_value(), and qpol_type_t. 00145 {
00146 qpol_iterator_t *iter = NULL;
00147 qpol_type_t *tmp_type;
00148 uint32_t type_value, t_type_value;
00149 int retval = -1;
00150
00151 if (qpol_type_get_value(p->p, t, &t_type_value) < 0 || qpol_role_get_type_iter(p->p, r, &iter) < 0) {
00152 goto cleanup;
00153 }
00154
00155 for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
00156 qpol_iterator_get_item(iter, (void **)(&tmp_type));
00157 qpol_type_get_value(p->p, tmp_type, &type_value);
00158 if (t_type_value == type_value) {
00159 retval = 1;
00160 goto cleanup;
00161 }
00162 }
00163 retval = 0;
00164 cleanup:
00165 qpol_iterator_destroy(&iter);
00166 return retval;
00167 }
|
