Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Class Members | File Members | Related Pages | Search for 
libpoldiff / src

poldiff_internal.h File Reference

Detailed Description

Protected interface for computing semantic policy difference.

Author:
Jeremy A. Mowery jmowery@tresys.com

Jason Tang jtang@tresys.com

Copyright (C) 2006-2007 Tresys Technology, LLC

This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version.

This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details.

You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA

Definition in file poldiff_internal.h.

#include <poldiff/poldiff.h>
#include <apol/bst.h>
#include "attrib_internal.h"
#include "avrule_internal.h"
#include "bool_internal.h"
#include "cat_internal.h"
#include "class_internal.h"
#include "level_internal.h"
#include "range_internal.h"
#include "range_trans_internal.h"
#include "rbac_internal.h"
#include "role_internal.h"
#include "terule_internal.h"
#include "user_internal.h"
#include "type_internal.h"
#include "type_map_internal.h"

Go to the source code of this file.


Classes

struct  poldiff

Defines

#define POLDIFF_MSG_ERR   1
#define POLDIFF_MSG_WARN   2
#define POLDIFF_MSG_INFO   3
#define ERR(handle, format,)   poldiff_handle_msg(handle, POLDIFF_MSG_ERR, format, __VA_ARGS__)
#define WARN(handle, format,)   poldiff_handle_msg(handle, POLDIFF_MSG_WARN, format, __VA_ARGS__)
#define INFO(handle, format,)   poldiff_handle_msg(handle, POLDIFF_MSG_INFO, format, __VA_ARGS__)

Typedefs

typedef apol_vector_t *(* poldiff_get_items_fn_t )(poldiff_t *diff, const apol_policy_t *policy)
 Callback function signature for getting a vector of all unique items of a given kind in a policy.
typedef int(* poldiff_item_comp_fn_t )(const void *x, const void *y, const poldiff_t *diff)
 Callback function signature for quickly comparing two items to determine if they are semantically the same item.
typedef int(* poldiff_new_diff_fn_t )(poldiff_t *diff, poldiff_form_e form, const void *item)
 Callback function signature for creating, initializing and inserting a new semantic difference entry for an item.
typedef int(* poldiff_deep_diff_fn_t )(poldiff_t *diff, const void *x, const void *y)
 Callback function signature for computing the semantic difference of two items for which the compare callback returns 0.
typedef int(* poldiff_reset_fn_t )(poldiff_t *diff)
 Callback function signature for resetting the diff results for an item.

Enumerations

enum  avrule_offset_e {
  AVRULE_OFFSET_ALLOW = 0, AVRULE_OFFSET_AUDITALLOW, AVRULE_OFFSET_DONTAUDIT, AVRULE_OFFSET_NEVERALLOW,
  AVRULE_OFFSET_MAX
}
enum  terule_offset_e { TERULE_OFFSET_CHANGE = 0, TERULE_OFFSET_MEMBER, TERULE_OFFSET_TRANS, TERULE_OFFSET_MAX }

Functions

 __attribute__ ((format(printf, 3, 4))) extern void poldiff_handle_msg(const poldiff_t *p
 Write a message to the callback stored within a poldiff error handler.
int poldiff_build_bsts (poldiff_t *diff)
 Build the BST for classes, permissions, and booleans if the policies have changed.

Variables

int level
int const char * fmt

Define Documentation

#define POLDIFF_MSG_ERR   1
 

Definition at line 199 of file poldiff_internal.h.

Referenced by poldiff_handle_default_callback().

#define POLDIFF_MSG_WARN   2
 

Definition at line 200 of file poldiff_internal.h.

Referenced by poldiff_handle_default_callback().

#define POLDIFF_MSG_INFO   3
 

Definition at line 201 of file poldiff_internal.h.

Referenced by poldiff_handle_default_callback().

#define ERR handle,
format   )     poldiff_handle_msg(handle, POLDIFF_MSG_ERR, format, __VA_ARGS__)
 

Definition at line 220 of file poldiff_internal.h.

#define WARN handle,
format   )     poldiff_handle_msg(handle, POLDIFF_MSG_WARN, format, __VA_ARGS__)
 

Definition at line 221 of file poldiff_internal.h.

#define INFO handle,
format   )     poldiff_handle_msg(handle, POLDIFF_MSG_INFO, format, __VA_ARGS__)
 

Definition at line 222 of file poldiff_internal.h.

Typedef Documentation

typedef apol_vector_t*(* poldiff_get_items_fn_t)(poldiff_t *diff, const apol_policy_t *policy)
 

Callback function signature for getting a vector of all unique items of a given kind in a policy.

The vector must be sorted prior to returning from this function.

Parameters:
diff Policy diff error handler.
policy The policy from which to get the items.
Returns:
a newly allocated vector of all unique items of the appropriate kind on success, or NULL on error; if the call fails, errno will be set.

Definition at line 138 of file poldiff_internal.h.

typedef int(* poldiff_item_comp_fn_t)(const void *x, const void *y, const poldiff_t *diff)
 

Callback function signature for quickly comparing two items to determine if they are semantically the same item.

This operation should quickly determine if the two are obviously different or not.

Parameters:
x The item from the original policy.
y The item from the modified policy.
diff The policy difference structure associated with both items.
Returns:
Expected return value from this function is < 0, 0, or > 0 if item x is respectively less than, equal to, or greater than item y. This must be able to return a defined stable ordering for all items not semantically equivalent.

Definition at line 156 of file poldiff_internal.h.

typedef int(* poldiff_new_diff_fn_t)(poldiff_t *diff, poldiff_form_e form, const void *item)
 

Callback function signature for creating, initializing and inserting a new semantic difference entry for an item.

Parameters:
diff The policy difference structure to which to add the entry.
form The form of the difference, one of POLDIFF_FORM_ADDED or POLDIFF_FORM_REMOVED.
item Item for which the entry is being created.
Returns:
Expected return value from this function is 0 on success and < 0 on error; if the call fails, it is expected to set errno and to leave the policy difference structure unchanged.

Definition at line 169 of file poldiff_internal.h.

typedef int(* poldiff_deep_diff_fn_t)(poldiff_t *diff, const void *x, const void *y)
 

Callback function signature for computing the semantic difference of two items for which the compare callback returns 0.

This function should calculate the difference of any properties of the items and if a difference is found to allocate, initialize, and insert an new semantic difference entry for that item.

Parameters:
diff The policy difference structure associated with both items and to which to add an entry if needed.
x The item from the original policy.
y The item from the modified policy.
Returns:
Expected return value from this function is 0 on success and < 0 on error; if the call fails, it is expected to set errno and to leave the policy difference structure unchanged.

Definition at line 185 of file poldiff_internal.h.

typedef int(* poldiff_reset_fn_t)(poldiff_t *diff)
 

Callback function signature for resetting the diff results for an item.

called when mapping of the symbols used by the diff change.

Parameters:
diff The policy difference structure containing the diffs to reset.
Returns:
0 on success and < 0 on error; if the call fails, it is expected to set errno.

Definition at line 195 of file poldiff_internal.h.

Enumeration Type Documentation

enum avrule_offset_e
 

Enumeration values:
AVRULE_OFFSET_ALLOW 
AVRULE_OFFSET_AUDITALLOW 
AVRULE_OFFSET_DONTAUDIT 
AVRULE_OFFSET_NEVERALLOW 
AVRULE_OFFSET_MAX 

Definition at line 36 of file poldiff_internal.h.

00037         {
00038                 AVRULE_OFFSET_ALLOW = 0, AVRULE_OFFSET_AUDITALLOW,
00039                 AVRULE_OFFSET_DONTAUDIT, AVRULE_OFFSET_NEVERALLOW,
00040                 AVRULE_OFFSET_MAX
00041         } avrule_offset_e;

enum terule_offset_e
 

Enumeration values:
TERULE_OFFSET_CHANGE 
TERULE_OFFSET_MEMBER 
TERULE_OFFSET_TRANS 
TERULE_OFFSET_MAX 

Definition at line 43 of file poldiff_internal.h.

00044         {
00045                 TERULE_OFFSET_CHANGE = 0, TERULE_OFFSET_MEMBER,
00046                 TERULE_OFFSET_TRANS,
00047                 TERULE_OFFSET_MAX
00048         } terule_offset_e;

Function Documentation

__attribute__ (format(printf, 3, 4))   )  const
 

Write a message to the callback stored within a poldiff error handler.

If the msg_callback field is empty then suppress the message.

Parameters:
p Error reporting handler. If NULL then write message to stderr.
level Severity of message, one of POLDIFF_MSG_ERR, POLDIFF_MSG_WARN, or POLDIFF_MSG_INFO.
fmt Format string to print, using syntax of printf(3).

int poldiff_build_bsts poldiff_t diff  ) 
 

Build the BST for classes, permissions, and booleans if the policies have changed.

This effectively provides a partial mapping of rules from one policy to the other.

Parameters:
diff Policy difference structure containing policies to diff.
Returns:
0 on success, < 0 on error.

Definition at line 657 of file poldiff.c.

References apol_bool_get_by_query(), apol_bst_create(), apol_bst_insert_and_get(), apol_class_get_by_query(), apol_perm_get_by_query(), apol_policy_get_qpol(), apol_policy_t, apol_str_strcmp(), apol_vector_destroy(), apol_vector_get_element(), apol_vector_get_size(), apol_vector_t, poldiff::bool_bst, poldiff::class_bst, diff, ERR, poldiff::mod_pol, poldiff::orig_pol, poldiff::perm_bst, poldiff_t, qpol_bool_get_name(), qpol_bool_t, qpol_class_get_name(), qpol_class_t, and qpol_policy_t.

Referenced by avrule_get_items(), and terule_get_items().

00658 {
00659         apol_vector_t *classes[2] = { NULL, NULL };
00660         apol_vector_t *perms[2] = { NULL, NULL };
00661         apol_vector_t *bools[2] = { NULL, NULL };
00662         size_t i, j;
00663         const qpol_class_t *cls;
00664         qpol_bool_t *qbool;
00665         const char *name;
00666         char *new_name;
00667         int retval = -1, error = 0;
00668         if (diff->class_bst != NULL) {
00669                 return 0;
00670         }
00671         if ((diff->class_bst = apol_bst_create(apol_str_strcmp, free)) == NULL ||
00672             (diff->perm_bst = apol_bst_create(apol_str_strcmp, free)) == NULL ||
00673             (diff->bool_bst = apol_bst_create(apol_str_strcmp, free)) == NULL) {
00674                 error = errno;
00675                 ERR(diff, "%s", strerror(error));
00676                 goto cleanup;
00677         }
00678         for (i = 0; i < 2; i++) {
00679                 apol_policy_t *p = (i == 0 ? diff->orig_pol : diff->mod_pol);
00680                 qpol_policy_t *q = apol_policy_get_qpol(p);
00681                 if (apol_class_get_by_query(p, NULL, &classes[i]) < 0 ||
00682                     apol_perm_get_by_query(p, NULL, &perms[i]) < 0 || apol_bool_get_by_query(p, NULL, &bools[i]) < 0) {
00683                         error = errno;
00684                         goto cleanup;
00685                 }
00686                 for (j = 0; j < apol_vector_get_size(classes[i]); j++) {
00687                         cls = apol_vector_get_element(classes[i], j);
00688                         if (qpol_class_get_name(q, cls, &name) < 0) {
00689                                 error = errno;
00690                                 goto cleanup;
00691                         }
00692                         if ((new_name = strdup(name)) == NULL ||
00693                             apol_bst_insert_and_get(diff->class_bst, (void **)&new_name, NULL) < 0) {
00694                                 error = errno;
00695                                 ERR(diff, "%s", strerror(error));
00696                                 goto cleanup;
00697                         }
00698                 }
00699                 for (j = 0; j < apol_vector_get_size(perms[i]); j++) {
00700                         name = (char *)apol_vector_get_element(perms[i], j);
00701                         if ((new_name = strdup(name)) == NULL ||
00702                             apol_bst_insert_and_get(diff->perm_bst, (void **)&new_name, NULL) < 0) {
00703                                 error = errno;
00704                                 ERR(diff, "%s", strerror(error));
00705                                 goto cleanup;
00706                         }
00707                 }
00708                 for (j = 0; j < apol_vector_get_size(bools[i]); j++) {
00709                         qbool = (qpol_bool_t *) apol_vector_get_element(bools[i], j);
00710                         if (qpol_bool_get_name(q, qbool, &name) < 0) {
00711                                 error = errno;
00712                                 goto cleanup;
00713                         }
00714                         if ((new_name = strdup(name)) == NULL ||
00715                             apol_bst_insert_and_get(diff->bool_bst, (void **)&new_name, NULL) < 0) {
00716                                 error = errno;
00717                                 ERR(diff, "%s", strerror(error));
00718                                 goto cleanup;
00719                         }
00720                 }
00721         }
00722         retval = 0;
00723       cleanup:
00724         apol_vector_destroy(&classes[0]);
00725         apol_vector_destroy(&classes[1]);
00726         apol_vector_destroy(&perms[0]);
00727         apol_vector_destroy(&perms[1]);
00728         apol_vector_destroy(&bools[0]);
00729         apol_vector_destroy(&bools[1]);
00730         errno = error;
00731         return retval;
00732 }

Variable Documentation

int level
 

Definition at line 214 of file poldiff_internal.h.

int const char* fmt
 

Definition at line 214 of file poldiff_internal.h.