1*2d543d20SAndroid Build Coastguard Worker /* Copyright (C) 2005 Red Hat, Inc. */
2*2d543d20SAndroid Build Coastguard Worker
3*2d543d20SAndroid Build Coastguard Worker struct semanage_node;
4*2d543d20SAndroid Build Coastguard Worker struct semanage_node_key;
5*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_node record_t;
6*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_node_key record_key_t;
7*2d543d20SAndroid Build Coastguard Worker #define DBASE_RECORD_DEFINED
8*2d543d20SAndroid Build Coastguard Worker
9*2d543d20SAndroid Build Coastguard Worker struct dbase_file;
10*2d543d20SAndroid Build Coastguard Worker typedef struct dbase_file dbase_t;
11*2d543d20SAndroid Build Coastguard Worker #define DBASE_DEFINED
12*2d543d20SAndroid Build Coastguard Worker
13*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
14*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
15*2d543d20SAndroid Build Coastguard Worker #include <strings.h>
16*2d543d20SAndroid Build Coastguard Worker #include <semanage/handle.h>
17*2d543d20SAndroid Build Coastguard Worker #include "node_internal.h"
18*2d543d20SAndroid Build Coastguard Worker #include "database_file.h"
19*2d543d20SAndroid Build Coastguard Worker #include "parse_utils.h"
20*2d543d20SAndroid Build Coastguard Worker #include "debug.h"
21*2d543d20SAndroid Build Coastguard Worker
node_print(semanage_handle_t * handle,semanage_node_t * node,FILE * str)22*2d543d20SAndroid Build Coastguard Worker static int node_print(semanage_handle_t * handle,
23*2d543d20SAndroid Build Coastguard Worker semanage_node_t * node, FILE * str)
24*2d543d20SAndroid Build Coastguard Worker {
25*2d543d20SAndroid Build Coastguard Worker
26*2d543d20SAndroid Build Coastguard Worker char *con_str = NULL;
27*2d543d20SAndroid Build Coastguard Worker char *addr = NULL;
28*2d543d20SAndroid Build Coastguard Worker char *mask = NULL;
29*2d543d20SAndroid Build Coastguard Worker
30*2d543d20SAndroid Build Coastguard Worker int proto = semanage_node_get_proto(node);
31*2d543d20SAndroid Build Coastguard Worker const char *proto_str = semanage_node_get_proto_str(proto);
32*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = semanage_node_get_con(node);
33*2d543d20SAndroid Build Coastguard Worker
34*2d543d20SAndroid Build Coastguard Worker if (semanage_node_get_addr(handle, node, &addr) < 0)
35*2d543d20SAndroid Build Coastguard Worker goto err;
36*2d543d20SAndroid Build Coastguard Worker
37*2d543d20SAndroid Build Coastguard Worker if (semanage_node_get_mask(handle, node, &mask) < 0)
38*2d543d20SAndroid Build Coastguard Worker goto err;
39*2d543d20SAndroid Build Coastguard Worker
40*2d543d20SAndroid Build Coastguard Worker if (semanage_context_to_string(handle, con, &con_str) < 0)
41*2d543d20SAndroid Build Coastguard Worker goto err;
42*2d543d20SAndroid Build Coastguard Worker
43*2d543d20SAndroid Build Coastguard Worker if (fprintf
44*2d543d20SAndroid Build Coastguard Worker (str, "nodecon %s %s %s %s\n", proto_str, addr, mask, con_str) < 0)
45*2d543d20SAndroid Build Coastguard Worker goto err;
46*2d543d20SAndroid Build Coastguard Worker
47*2d543d20SAndroid Build Coastguard Worker free(addr);
48*2d543d20SAndroid Build Coastguard Worker free(mask);
49*2d543d20SAndroid Build Coastguard Worker free(con_str);
50*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
51*2d543d20SAndroid Build Coastguard Worker
52*2d543d20SAndroid Build Coastguard Worker err:
53*2d543d20SAndroid Build Coastguard Worker free(addr);
54*2d543d20SAndroid Build Coastguard Worker free(mask);
55*2d543d20SAndroid Build Coastguard Worker free(con_str);
56*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not print node to stream");
57*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
58*2d543d20SAndroid Build Coastguard Worker }
59*2d543d20SAndroid Build Coastguard Worker
node_parse(semanage_handle_t * handle,parse_info_t * info,semanage_node_t * node)60*2d543d20SAndroid Build Coastguard Worker static int node_parse(semanage_handle_t * handle,
61*2d543d20SAndroid Build Coastguard Worker parse_info_t * info, semanage_node_t * node)
62*2d543d20SAndroid Build Coastguard Worker {
63*2d543d20SAndroid Build Coastguard Worker
64*2d543d20SAndroid Build Coastguard Worker int proto;
65*2d543d20SAndroid Build Coastguard Worker char *str = NULL;
66*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = NULL;
67*2d543d20SAndroid Build Coastguard Worker
68*2d543d20SAndroid Build Coastguard Worker if (parse_skip_space(handle, info) < 0)
69*2d543d20SAndroid Build Coastguard Worker goto err;
70*2d543d20SAndroid Build Coastguard Worker if (!info->ptr)
71*2d543d20SAndroid Build Coastguard Worker goto last;
72*2d543d20SAndroid Build Coastguard Worker
73*2d543d20SAndroid Build Coastguard Worker /* Header */
74*2d543d20SAndroid Build Coastguard Worker if (parse_assert_str(handle, info, "nodecon") < 0)
75*2d543d20SAndroid Build Coastguard Worker goto err;
76*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
77*2d543d20SAndroid Build Coastguard Worker goto err;
78*2d543d20SAndroid Build Coastguard Worker
79*2d543d20SAndroid Build Coastguard Worker /* Protocol */
80*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
81*2d543d20SAndroid Build Coastguard Worker goto err;
82*2d543d20SAndroid Build Coastguard Worker if (!strcasecmp(str, "ipv4"))
83*2d543d20SAndroid Build Coastguard Worker proto = SEMANAGE_PROTO_IP4;
84*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "ipv6"))
85*2d543d20SAndroid Build Coastguard Worker proto = SEMANAGE_PROTO_IP6;
86*2d543d20SAndroid Build Coastguard Worker else {
87*2d543d20SAndroid Build Coastguard Worker ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
88*2d543d20SAndroid Build Coastguard Worker info->filename, info->lineno, info->orig_line);
89*2d543d20SAndroid Build Coastguard Worker goto err;
90*2d543d20SAndroid Build Coastguard Worker }
91*2d543d20SAndroid Build Coastguard Worker free(str);
92*2d543d20SAndroid Build Coastguard Worker str = NULL;
93*2d543d20SAndroid Build Coastguard Worker
94*2d543d20SAndroid Build Coastguard Worker semanage_node_set_proto(node, proto);
95*2d543d20SAndroid Build Coastguard Worker
96*2d543d20SAndroid Build Coastguard Worker /* Address */
97*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
98*2d543d20SAndroid Build Coastguard Worker goto err;
99*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
100*2d543d20SAndroid Build Coastguard Worker goto err;
101*2d543d20SAndroid Build Coastguard Worker if (semanage_node_set_addr(handle, node, proto, str) < 0)
102*2d543d20SAndroid Build Coastguard Worker goto err;
103*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
104*2d543d20SAndroid Build Coastguard Worker goto err;
105*2d543d20SAndroid Build Coastguard Worker free(str);
106*2d543d20SAndroid Build Coastguard Worker str = NULL;
107*2d543d20SAndroid Build Coastguard Worker
108*2d543d20SAndroid Build Coastguard Worker /* Netmask */
109*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
110*2d543d20SAndroid Build Coastguard Worker goto err;
111*2d543d20SAndroid Build Coastguard Worker if (semanage_node_set_mask(handle, node, proto, str) < 0)
112*2d543d20SAndroid Build Coastguard Worker goto err;
113*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
114*2d543d20SAndroid Build Coastguard Worker goto err;
115*2d543d20SAndroid Build Coastguard Worker free(str);
116*2d543d20SAndroid Build Coastguard Worker str = NULL;
117*2d543d20SAndroid Build Coastguard Worker
118*2d543d20SAndroid Build Coastguard Worker /* Port context */
119*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
120*2d543d20SAndroid Build Coastguard Worker goto err;
121*2d543d20SAndroid Build Coastguard Worker if (semanage_context_from_string(handle, str, &con) < 0) {
122*2d543d20SAndroid Build Coastguard Worker ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
123*2d543d20SAndroid Build Coastguard Worker str, info->filename, info->lineno, info->orig_line);
124*2d543d20SAndroid Build Coastguard Worker goto err;
125*2d543d20SAndroid Build Coastguard Worker }
126*2d543d20SAndroid Build Coastguard Worker if (con == NULL) {
127*2d543d20SAndroid Build Coastguard Worker ERR(handle, "<<none>> context is not valid "
128*2d543d20SAndroid Build Coastguard Worker "for nodes (%s: %u):\n%s", info->filename,
129*2d543d20SAndroid Build Coastguard Worker info->lineno, info->orig_line);
130*2d543d20SAndroid Build Coastguard Worker goto err;
131*2d543d20SAndroid Build Coastguard Worker }
132*2d543d20SAndroid Build Coastguard Worker free(str);
133*2d543d20SAndroid Build Coastguard Worker str = NULL;
134*2d543d20SAndroid Build Coastguard Worker
135*2d543d20SAndroid Build Coastguard Worker if (semanage_node_set_con(handle, node, con) < 0)
136*2d543d20SAndroid Build Coastguard Worker goto err;
137*2d543d20SAndroid Build Coastguard Worker
138*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
139*2d543d20SAndroid Build Coastguard Worker goto err;
140*2d543d20SAndroid Build Coastguard Worker
141*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
142*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
143*2d543d20SAndroid Build Coastguard Worker
144*2d543d20SAndroid Build Coastguard Worker last:
145*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
146*2d543d20SAndroid Build Coastguard Worker return STATUS_NODATA;
147*2d543d20SAndroid Build Coastguard Worker
148*2d543d20SAndroid Build Coastguard Worker err:
149*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not parse node record");
150*2d543d20SAndroid Build Coastguard Worker free(str);
151*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
152*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
153*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
154*2d543d20SAndroid Build Coastguard Worker }
155*2d543d20SAndroid Build Coastguard Worker
156*2d543d20SAndroid Build Coastguard Worker /* NODE RECORD: FILE extension: method table */
157*2d543d20SAndroid Build Coastguard Worker record_file_table_t SEMANAGE_NODE_FILE_RTABLE = {
158*2d543d20SAndroid Build Coastguard Worker .parse = node_parse,
159*2d543d20SAndroid Build Coastguard Worker .print = node_print,
160*2d543d20SAndroid Build Coastguard Worker };
161*2d543d20SAndroid Build Coastguard Worker
node_file_dbase_init(semanage_handle_t * handle,const char * path_ro,const char * path_rw,dbase_config_t * dconfig)162*2d543d20SAndroid Build Coastguard Worker int node_file_dbase_init(semanage_handle_t * handle,
163*2d543d20SAndroid Build Coastguard Worker const char *path_ro,
164*2d543d20SAndroid Build Coastguard Worker const char *path_rw,
165*2d543d20SAndroid Build Coastguard Worker dbase_config_t * dconfig)
166*2d543d20SAndroid Build Coastguard Worker {
167*2d543d20SAndroid Build Coastguard Worker
168*2d543d20SAndroid Build Coastguard Worker if (dbase_file_init(handle,
169*2d543d20SAndroid Build Coastguard Worker path_ro,
170*2d543d20SAndroid Build Coastguard Worker path_rw,
171*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_NODE_RTABLE,
172*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_NODE_FILE_RTABLE, &dconfig->dbase) < 0)
173*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
174*2d543d20SAndroid Build Coastguard Worker
175*2d543d20SAndroid Build Coastguard Worker dconfig->dtable = &SEMANAGE_FILE_DTABLE;
176*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
177*2d543d20SAndroid Build Coastguard Worker }
178*2d543d20SAndroid Build Coastguard Worker
node_file_dbase_release(dbase_config_t * dconfig)179*2d543d20SAndroid Build Coastguard Worker void node_file_dbase_release(dbase_config_t * dconfig)
180*2d543d20SAndroid Build Coastguard Worker {
181*2d543d20SAndroid Build Coastguard Worker
182*2d543d20SAndroid Build Coastguard Worker dbase_file_release(dconfig->dbase);
183*2d543d20SAndroid Build Coastguard Worker }
184