1*2d543d20SAndroid Build Coastguard Worker /* Copyright (C) 2017 Mellanox Technologies Inc. */
2*2d543d20SAndroid Build Coastguard Worker
3*2d543d20SAndroid Build Coastguard Worker struct semanage_ibpkey;
4*2d543d20SAndroid Build Coastguard Worker struct semanage_ibpkey_key;
5*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_ibpkey record_t;
6*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_ibpkey_key record_key_t;
7*2d543d20SAndroid Build Coastguard Worker #define DBASE_RECORD_DEFINED
8*2d543d20SAndroid Build Coastguard Worker
9*2d543d20SAndroid Build Coastguard Worker struct dbase_file;
10*2d543d20SAndroid Build Coastguard Worker typedef struct dbase_file dbase_t;
11*2d543d20SAndroid Build Coastguard Worker #define DBASE_DEFINED
12*2d543d20SAndroid Build Coastguard Worker
13*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
14*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
15*2d543d20SAndroid Build Coastguard Worker #include <strings.h>
16*2d543d20SAndroid Build Coastguard Worker #include <semanage/handle.h>
17*2d543d20SAndroid Build Coastguard Worker #include "ibpkey_internal.h"
18*2d543d20SAndroid Build Coastguard Worker #include "database_file.h"
19*2d543d20SAndroid Build Coastguard Worker #include "parse_utils.h"
20*2d543d20SAndroid Build Coastguard Worker #include "debug.h"
21*2d543d20SAndroid Build Coastguard Worker
ibpkey_print(semanage_handle_t * handle,semanage_ibpkey_t * ibpkey,FILE * str)22*2d543d20SAndroid Build Coastguard Worker static int ibpkey_print(semanage_handle_t *handle,
23*2d543d20SAndroid Build Coastguard Worker semanage_ibpkey_t *ibpkey, FILE *str)
24*2d543d20SAndroid Build Coastguard Worker {
25*2d543d20SAndroid Build Coastguard Worker char *con_str = NULL;
26*2d543d20SAndroid Build Coastguard Worker char *subnet_prefix_str = NULL;
27*2d543d20SAndroid Build Coastguard Worker
28*2d543d20SAndroid Build Coastguard Worker int low = semanage_ibpkey_get_low(ibpkey);
29*2d543d20SAndroid Build Coastguard Worker int high = semanage_ibpkey_get_high(ibpkey);
30*2d543d20SAndroid Build Coastguard Worker
31*2d543d20SAndroid Build Coastguard Worker if (semanage_ibpkey_get_subnet_prefix(handle, ibpkey, &subnet_prefix_str) != 0)
32*2d543d20SAndroid Build Coastguard Worker goto err;
33*2d543d20SAndroid Build Coastguard Worker
34*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = semanage_ibpkey_get_con(ibpkey);
35*2d543d20SAndroid Build Coastguard Worker
36*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "ibpkeycon %s ", subnet_prefix_str) < 0)
37*2d543d20SAndroid Build Coastguard Worker goto err;
38*2d543d20SAndroid Build Coastguard Worker
39*2d543d20SAndroid Build Coastguard Worker if (low == high) {
40*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%d ", low) < 0)
41*2d543d20SAndroid Build Coastguard Worker goto err;
42*2d543d20SAndroid Build Coastguard Worker } else {
43*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%d - %d ", low, high) < 0)
44*2d543d20SAndroid Build Coastguard Worker goto err;
45*2d543d20SAndroid Build Coastguard Worker }
46*2d543d20SAndroid Build Coastguard Worker
47*2d543d20SAndroid Build Coastguard Worker if (semanage_context_to_string(handle, con, &con_str) < 0)
48*2d543d20SAndroid Build Coastguard Worker goto err;
49*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%s\n", con_str) < 0)
50*2d543d20SAndroid Build Coastguard Worker goto err;
51*2d543d20SAndroid Build Coastguard Worker
52*2d543d20SAndroid Build Coastguard Worker free(subnet_prefix_str);
53*2d543d20SAndroid Build Coastguard Worker free(con_str);
54*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
55*2d543d20SAndroid Build Coastguard Worker
56*2d543d20SAndroid Build Coastguard Worker err:
57*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not print ibpkey range (%s) %u - %u to stream",
58*2d543d20SAndroid Build Coastguard Worker subnet_prefix_str, low, high);
59*2d543d20SAndroid Build Coastguard Worker free(subnet_prefix_str);
60*2d543d20SAndroid Build Coastguard Worker free(con_str);
61*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
62*2d543d20SAndroid Build Coastguard Worker }
63*2d543d20SAndroid Build Coastguard Worker
ibpkey_parse(semanage_handle_t * handle,parse_info_t * info,semanage_ibpkey_t * ibpkey)64*2d543d20SAndroid Build Coastguard Worker static int ibpkey_parse(semanage_handle_t *handle,
65*2d543d20SAndroid Build Coastguard Worker parse_info_t *info, semanage_ibpkey_t *ibpkey)
66*2d543d20SAndroid Build Coastguard Worker {
67*2d543d20SAndroid Build Coastguard Worker int low, high;
68*2d543d20SAndroid Build Coastguard Worker char *str = NULL;
69*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = NULL;
70*2d543d20SAndroid Build Coastguard Worker
71*2d543d20SAndroid Build Coastguard Worker if (parse_skip_space(handle, info) < 0)
72*2d543d20SAndroid Build Coastguard Worker goto err;
73*2d543d20SAndroid Build Coastguard Worker if (!info->ptr)
74*2d543d20SAndroid Build Coastguard Worker goto last;
75*2d543d20SAndroid Build Coastguard Worker
76*2d543d20SAndroid Build Coastguard Worker /* Header */
77*2d543d20SAndroid Build Coastguard Worker if (parse_assert_str(handle, info, "ibpkeycon") < 0)
78*2d543d20SAndroid Build Coastguard Worker goto err;
79*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
80*2d543d20SAndroid Build Coastguard Worker goto err;
81*2d543d20SAndroid Build Coastguard Worker
82*2d543d20SAndroid Build Coastguard Worker /* Subnet Prefix */
83*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
84*2d543d20SAndroid Build Coastguard Worker goto err;
85*2d543d20SAndroid Build Coastguard Worker if (semanage_ibpkey_set_subnet_prefix(handle, ibpkey, str) < 0)
86*2d543d20SAndroid Build Coastguard Worker goto err;
87*2d543d20SAndroid Build Coastguard Worker free(str);
88*2d543d20SAndroid Build Coastguard Worker str = NULL;
89*2d543d20SAndroid Build Coastguard Worker
90*2d543d20SAndroid Build Coastguard Worker /* Range/Pkey */
91*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
92*2d543d20SAndroid Build Coastguard Worker goto err;
93*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_int(handle, info, &low, '-') < 0)
94*2d543d20SAndroid Build Coastguard Worker goto err;
95*2d543d20SAndroid Build Coastguard Worker
96*2d543d20SAndroid Build Coastguard Worker /* If range (-) does not follow immediately, require a space
97*2d543d20SAndroid Build Coastguard Worker * In other words, the space here is optional, but only
98*2d543d20SAndroid Build Coastguard Worker * in the ranged case, not in the single ibpkey case,
99*2d543d20SAndroid Build Coastguard Worker * so do a custom test
100*2d543d20SAndroid Build Coastguard Worker */
101*2d543d20SAndroid Build Coastguard Worker if (*info->ptr && *info->ptr != '-') {
102*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
103*2d543d20SAndroid Build Coastguard Worker goto err;
104*2d543d20SAndroid Build Coastguard Worker }
105*2d543d20SAndroid Build Coastguard Worker
106*2d543d20SAndroid Build Coastguard Worker if (parse_optional_ch(info, '-') != STATUS_NODATA) {
107*2d543d20SAndroid Build Coastguard Worker if (parse_skip_space(handle, info) < 0)
108*2d543d20SAndroid Build Coastguard Worker goto err;
109*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_int(handle, info, &high, ' ') < 0)
110*2d543d20SAndroid Build Coastguard Worker goto err;
111*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
112*2d543d20SAndroid Build Coastguard Worker goto err;
113*2d543d20SAndroid Build Coastguard Worker semanage_ibpkey_set_range(ibpkey, low, high);
114*2d543d20SAndroid Build Coastguard Worker } else {
115*2d543d20SAndroid Build Coastguard Worker semanage_ibpkey_set_pkey(ibpkey, low);
116*2d543d20SAndroid Build Coastguard Worker }
117*2d543d20SAndroid Build Coastguard Worker /* Pkey context */
118*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
119*2d543d20SAndroid Build Coastguard Worker goto err;
120*2d543d20SAndroid Build Coastguard Worker if (semanage_context_from_string(handle, str, &con) < 0) {
121*2d543d20SAndroid Build Coastguard Worker ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
122*2d543d20SAndroid Build Coastguard Worker str, info->filename, info->lineno, info->orig_line);
123*2d543d20SAndroid Build Coastguard Worker goto err;
124*2d543d20SAndroid Build Coastguard Worker }
125*2d543d20SAndroid Build Coastguard Worker if (!con) {
126*2d543d20SAndroid Build Coastguard Worker ERR(handle, "<<none>> context is not valid for ibpkeys (%s: %u):\n%s",
127*2d543d20SAndroid Build Coastguard Worker info->filename,
128*2d543d20SAndroid Build Coastguard Worker info->lineno, info->orig_line);
129*2d543d20SAndroid Build Coastguard Worker goto err;
130*2d543d20SAndroid Build Coastguard Worker }
131*2d543d20SAndroid Build Coastguard Worker free(str);
132*2d543d20SAndroid Build Coastguard Worker str = NULL;
133*2d543d20SAndroid Build Coastguard Worker
134*2d543d20SAndroid Build Coastguard Worker if (semanage_ibpkey_set_con(handle, ibpkey, con) < 0)
135*2d543d20SAndroid Build Coastguard Worker goto err;
136*2d543d20SAndroid Build Coastguard Worker
137*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
138*2d543d20SAndroid Build Coastguard Worker goto err;
139*2d543d20SAndroid Build Coastguard Worker
140*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
141*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
142*2d543d20SAndroid Build Coastguard Worker
143*2d543d20SAndroid Build Coastguard Worker last:
144*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
145*2d543d20SAndroid Build Coastguard Worker return STATUS_NODATA;
146*2d543d20SAndroid Build Coastguard Worker
147*2d543d20SAndroid Build Coastguard Worker err:
148*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not parse ibpkey record");
149*2d543d20SAndroid Build Coastguard Worker free(str);
150*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
151*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
152*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
153*2d543d20SAndroid Build Coastguard Worker }
154*2d543d20SAndroid Build Coastguard Worker
155*2d543d20SAndroid Build Coastguard Worker /* IBPKEY RECORD: FILE extension: method table */
156*2d543d20SAndroid Build Coastguard Worker record_file_table_t SEMANAGE_IBPKEY_FILE_RTABLE = {
157*2d543d20SAndroid Build Coastguard Worker .parse = ibpkey_parse,
158*2d543d20SAndroid Build Coastguard Worker .print = ibpkey_print,
159*2d543d20SAndroid Build Coastguard Worker };
160*2d543d20SAndroid Build Coastguard Worker
ibpkey_file_dbase_init(semanage_handle_t * handle,const char * path_ro,const char * path_rw,dbase_config_t * dconfig)161*2d543d20SAndroid Build Coastguard Worker int ibpkey_file_dbase_init(semanage_handle_t *handle,
162*2d543d20SAndroid Build Coastguard Worker const char *path_ro,
163*2d543d20SAndroid Build Coastguard Worker const char *path_rw,
164*2d543d20SAndroid Build Coastguard Worker dbase_config_t *dconfig)
165*2d543d20SAndroid Build Coastguard Worker {
166*2d543d20SAndroid Build Coastguard Worker if (dbase_file_init(handle,
167*2d543d20SAndroid Build Coastguard Worker path_ro,
168*2d543d20SAndroid Build Coastguard Worker path_rw,
169*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_IBPKEY_RTABLE,
170*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_IBPKEY_FILE_RTABLE, &dconfig->dbase) < 0)
171*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
172*2d543d20SAndroid Build Coastguard Worker
173*2d543d20SAndroid Build Coastguard Worker dconfig->dtable = &SEMANAGE_FILE_DTABLE;
174*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
175*2d543d20SAndroid Build Coastguard Worker }
176*2d543d20SAndroid Build Coastguard Worker
ibpkey_file_dbase_release(dbase_config_t * dconfig)177*2d543d20SAndroid Build Coastguard Worker void ibpkey_file_dbase_release(dbase_config_t *dconfig)
178*2d543d20SAndroid Build Coastguard Worker {
179*2d543d20SAndroid Build Coastguard Worker dbase_file_release(dconfig->dbase);
180*2d543d20SAndroid Build Coastguard Worker }
181