Main Page | Namespace List | Class Hierarchy | Alphabetical List | Class List | Directories | File List | Class Members | File Members | Related Pages | Search for 
libapol / src

role-query.c

Go to the documentation of this file.
00001 /**
00002  * @file
00003  *
00004  * Provides a way for setools to make queries about roles within a
00005  * policy.  The caller obtains a query object, fills in its
00006  * parameters, and then runs the query; it obtains a vector of
00007  * results.  Searches are conjunctive -- all fields of the search
00008  * query must match for a datum to be added to the results query.
00009  *
00010  * @author Jeremy A. Mowery jmowery@tresys.com
00011  * @author Jason Tang  jtang@tresys.com
00012  *
00013  * Copyright (C) 2006-2007 Tresys Technology, LLC
00014  *
00015  *  This library is free software; you can redistribute it and/or
00016  *  modify it under the terms of the GNU Lesser General Public
00017  *  License as published by the Free Software Foundation; either
00018  *  version 2.1 of the License, or (at your option) any later version.
00019  *
00020  *  This library is distributed in the hope that it will be useful,
00021  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00022  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00023  *  Lesser General Public License for more details.
00024  *
00025  *  You should have received a copy of the GNU Lesser General Public
00026  *  License along with this library; if not, write to the Free Software
00027  *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
00028  */
00029 
00030 #include "policy-query-internal.h"
00031 
00032 #include <errno.h>
00033 
00034 struct apol_role_query
00035 {
00036         char *role_name, *type_name;
00037         unsigned int flags;
00038         regex_t *role_regex, *type_regex;
00039 };
00040 
00041 /******************** role queries ********************/
00042 
00043 int apol_role_get_by_query(const apol_policy_t * p, apol_role_query_t * r, apol_vector_t ** v)
00044 {
00045         qpol_iterator_t *iter = NULL, *type_iter = NULL;
00046         int retval = -1, append_role;
00047         *v = NULL;
00048         if (qpol_policy_get_role_iter(p->p, &iter) < 0) {
00049                 return -1;
00050         }
00051         if ((*v = apol_vector_create(NULL)) == NULL) {
00052                 ERR(p, "%s", strerror(errno));
00053                 goto cleanup;
00054         }
00055         for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
00056                 qpol_role_t *role;
00057                 if (qpol_iterator_get_item(iter, (void **)&role) < 0) {
00058                         goto cleanup;
00059                 }
00060                 append_role = 1;
00061                 if (r != NULL) {
00062                         const char *role_name;
00063                         int compval;
00064                         if (qpol_role_get_name(p->p, role, &role_name) < 0) {
00065                                 goto cleanup;
00066                         }
00067                         compval = apol_compare(p, role_name, r->role_name, r->flags, &(r->role_regex));
00068                         if (compval < 0) {
00069                                 goto cleanup;
00070                         } else if (compval == 0) {
00071                                 continue;
00072                         }
00073                         if (r->type_name == NULL || r->type_name[0] == '\0') {
00074                                 goto end_of_query;
00075                         }
00076                         if (qpol_role_get_type_iter(p->p, role, &type_iter) < 0) {
00077                                 goto cleanup;
00078                         }
00079                         append_role = 0;
00080                         for (; !qpol_iterator_end(type_iter); qpol_iterator_next(type_iter)) {
00081                                 qpol_type_t *type;
00082                                 if (qpol_iterator_get_item(type_iter, (void **)&type) < 0) {
00083                                         goto cleanup;
00084                                 }
00085                                 compval = apol_compare_type(p, type, r->type_name, r->flags, &(r->type_regex));
00086                                 if (compval < 0) {
00087                                         goto cleanup;
00088                                 } else if (compval == 1) {
00089                                         append_role = 1;
00090                                         break;
00091                                 }
00092                         }
00093                         qpol_iterator_destroy(&type_iter);
00094                 }
00095               end_of_query:
00096                 if (append_role && apol_vector_append(*v, role)) {
00097                         ERR(p, "%s", strerror(ENOMEM));
00098                         goto cleanup;
00099                 }
00100         }
00101 
00102         retval = 0;
00103       cleanup:
00104         if (retval != 0) {
00105                 apol_vector_destroy(v);
00106         }
00107         qpol_iterator_destroy(&iter);
00108         qpol_iterator_destroy(&type_iter);
00109         return retval;
00110 }
00111 
00112 apol_role_query_t *apol_role_query_create(void)
00113 {
00114         return calloc(1, sizeof(apol_role_query_t));
00115 }
00116 
00117 void apol_role_query_destroy(apol_role_query_t ** r)
00118 {
00119         if (*r != NULL) {
00120                 free((*r)->role_name);
00121                 free((*r)->type_name);
00122                 apol_regex_destroy(&(*r)->role_regex);
00123                 apol_regex_destroy(&(*r)->type_regex);
00124                 free(*r);
00125                 *r = NULL;
00126         }
00127 }
00128 
00129 int apol_role_query_set_role(const apol_policy_t * p, apol_role_query_t * r, const char *name)
00130 {
00131         return apol_query_set(p, &r->role_name, &r->role_regex, name);
00132 }
00133 
00134 int apol_role_query_set_type(const apol_policy_t * p, apol_role_query_t * r, const char *name)
00135 {
00136         return apol_query_set(p, &r->type_name, &r->type_regex, name);
00137 }
00138 
00139 int apol_role_query_set_regex(const apol_policy_t * p, apol_role_query_t * r, int is_regex)
00140 {
00141         return apol_query_set_regex(p, &r->flags, is_regex);
00142 }
00143 
00144 int apol_role_has_type(const apol_policy_t * p, const qpol_role_t * r, const qpol_type_t * t)
00145 {
00146         qpol_iterator_t *iter = NULL;
00147         qpol_type_t *tmp_type;
00148         uint32_t type_value, t_type_value;
00149         int retval = -1;
00150 
00151         if (qpol_type_get_value(p->p, t, &t_type_value) < 0 || qpol_role_get_type_iter(p->p, r, &iter) < 0) {
00152                 goto cleanup;
00153         }
00154 
00155         for (; !qpol_iterator_end(iter); qpol_iterator_next(iter)) {
00156                 qpol_iterator_get_item(iter, (void **)(&tmp_type));
00157                 qpol_type_get_value(p->p, tmp_type, &type_value);
00158                 if (t_type_value == type_value) {
00159                         retval = 1;
00160                         goto cleanup;
00161                 }
00162         }
00163         retval = 0;
00164       cleanup:
00165         qpol_iterator_destroy(&iter);
00166         return retval;
00167 }