1*2d543d20SAndroid Build Coastguard Worker /* Copyright (C) 2005 Red Hat, Inc. */
2*2d543d20SAndroid Build Coastguard Worker
3*2d543d20SAndroid Build Coastguard Worker struct semanage_port;
4*2d543d20SAndroid Build Coastguard Worker struct semanage_port_key;
5*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_port record_t;
6*2d543d20SAndroid Build Coastguard Worker typedef struct semanage_port_key record_key_t;
7*2d543d20SAndroid Build Coastguard Worker #define DBASE_RECORD_DEFINED
8*2d543d20SAndroid Build Coastguard Worker
9*2d543d20SAndroid Build Coastguard Worker struct dbase_file;
10*2d543d20SAndroid Build Coastguard Worker typedef struct dbase_file dbase_t;
11*2d543d20SAndroid Build Coastguard Worker #define DBASE_DEFINED
12*2d543d20SAndroid Build Coastguard Worker
13*2d543d20SAndroid Build Coastguard Worker #include <stdlib.h>
14*2d543d20SAndroid Build Coastguard Worker #include <stdio.h>
15*2d543d20SAndroid Build Coastguard Worker #include <strings.h>
16*2d543d20SAndroid Build Coastguard Worker #include <semanage/handle.h>
17*2d543d20SAndroid Build Coastguard Worker #include "port_internal.h"
18*2d543d20SAndroid Build Coastguard Worker #include "database_file.h"
19*2d543d20SAndroid Build Coastguard Worker #include "parse_utils.h"
20*2d543d20SAndroid Build Coastguard Worker #include "debug.h"
21*2d543d20SAndroid Build Coastguard Worker
port_print(semanage_handle_t * handle,semanage_port_t * port,FILE * str)22*2d543d20SAndroid Build Coastguard Worker static int port_print(semanage_handle_t * handle,
23*2d543d20SAndroid Build Coastguard Worker semanage_port_t * port, FILE * str)
24*2d543d20SAndroid Build Coastguard Worker {
25*2d543d20SAndroid Build Coastguard Worker
26*2d543d20SAndroid Build Coastguard Worker char *con_str = NULL;
27*2d543d20SAndroid Build Coastguard Worker
28*2d543d20SAndroid Build Coastguard Worker int low = semanage_port_get_low(port);
29*2d543d20SAndroid Build Coastguard Worker int high = semanage_port_get_high(port);
30*2d543d20SAndroid Build Coastguard Worker int proto = semanage_port_get_proto(port);
31*2d543d20SAndroid Build Coastguard Worker const char *proto_str = semanage_port_get_proto_str(proto);
32*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = semanage_port_get_con(port);
33*2d543d20SAndroid Build Coastguard Worker
34*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "portcon %s ", proto_str) < 0)
35*2d543d20SAndroid Build Coastguard Worker goto err;
36*2d543d20SAndroid Build Coastguard Worker
37*2d543d20SAndroid Build Coastguard Worker if (low == high) {
38*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%d ", low) < 0)
39*2d543d20SAndroid Build Coastguard Worker goto err;
40*2d543d20SAndroid Build Coastguard Worker } else {
41*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%d - %d ", low, high) < 0)
42*2d543d20SAndroid Build Coastguard Worker goto err;
43*2d543d20SAndroid Build Coastguard Worker }
44*2d543d20SAndroid Build Coastguard Worker
45*2d543d20SAndroid Build Coastguard Worker if (semanage_context_to_string(handle, con, &con_str) < 0)
46*2d543d20SAndroid Build Coastguard Worker goto err;
47*2d543d20SAndroid Build Coastguard Worker if (fprintf(str, "%s\n", con_str) < 0)
48*2d543d20SAndroid Build Coastguard Worker goto err;
49*2d543d20SAndroid Build Coastguard Worker
50*2d543d20SAndroid Build Coastguard Worker free(con_str);
51*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
52*2d543d20SAndroid Build Coastguard Worker
53*2d543d20SAndroid Build Coastguard Worker err:
54*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not print port range %u - %u (%s) to stream",
55*2d543d20SAndroid Build Coastguard Worker low, high, proto_str);
56*2d543d20SAndroid Build Coastguard Worker free(con_str);
57*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
58*2d543d20SAndroid Build Coastguard Worker }
59*2d543d20SAndroid Build Coastguard Worker
port_parse(semanage_handle_t * handle,parse_info_t * info,semanage_port_t * port)60*2d543d20SAndroid Build Coastguard Worker static int port_parse(semanage_handle_t * handle,
61*2d543d20SAndroid Build Coastguard Worker parse_info_t * info, semanage_port_t * port)
62*2d543d20SAndroid Build Coastguard Worker {
63*2d543d20SAndroid Build Coastguard Worker
64*2d543d20SAndroid Build Coastguard Worker int low, high;
65*2d543d20SAndroid Build Coastguard Worker char *str = NULL;
66*2d543d20SAndroid Build Coastguard Worker semanage_context_t *con = NULL;
67*2d543d20SAndroid Build Coastguard Worker
68*2d543d20SAndroid Build Coastguard Worker if (parse_skip_space(handle, info) < 0)
69*2d543d20SAndroid Build Coastguard Worker goto err;
70*2d543d20SAndroid Build Coastguard Worker if (!info->ptr)
71*2d543d20SAndroid Build Coastguard Worker goto last;
72*2d543d20SAndroid Build Coastguard Worker
73*2d543d20SAndroid Build Coastguard Worker /* Header */
74*2d543d20SAndroid Build Coastguard Worker if (parse_assert_str(handle, info, "portcon") < 0)
75*2d543d20SAndroid Build Coastguard Worker goto err;
76*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
77*2d543d20SAndroid Build Coastguard Worker goto err;
78*2d543d20SAndroid Build Coastguard Worker
79*2d543d20SAndroid Build Coastguard Worker /* Protocol */
80*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
81*2d543d20SAndroid Build Coastguard Worker goto err;
82*2d543d20SAndroid Build Coastguard Worker if (!strcasecmp(str, "tcp"))
83*2d543d20SAndroid Build Coastguard Worker semanage_port_set_proto(port, SEMANAGE_PROTO_TCP);
84*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "udp"))
85*2d543d20SAndroid Build Coastguard Worker semanage_port_set_proto(port, SEMANAGE_PROTO_UDP);
86*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "dccp"))
87*2d543d20SAndroid Build Coastguard Worker semanage_port_set_proto(port, SEMANAGE_PROTO_DCCP);
88*2d543d20SAndroid Build Coastguard Worker else if (!strcasecmp(str, "sctp"))
89*2d543d20SAndroid Build Coastguard Worker semanage_port_set_proto(port, SEMANAGE_PROTO_SCTP);
90*2d543d20SAndroid Build Coastguard Worker else {
91*2d543d20SAndroid Build Coastguard Worker ERR(handle, "invalid protocol \"%s\" (%s: %u):\n%s", str,
92*2d543d20SAndroid Build Coastguard Worker info->filename, info->lineno, info->orig_line);
93*2d543d20SAndroid Build Coastguard Worker goto err;
94*2d543d20SAndroid Build Coastguard Worker }
95*2d543d20SAndroid Build Coastguard Worker free(str);
96*2d543d20SAndroid Build Coastguard Worker str = NULL;
97*2d543d20SAndroid Build Coastguard Worker
98*2d543d20SAndroid Build Coastguard Worker /* Range/Port */
99*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
100*2d543d20SAndroid Build Coastguard Worker goto err;
101*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_int(handle, info, &low, '-') < 0)
102*2d543d20SAndroid Build Coastguard Worker goto err;
103*2d543d20SAndroid Build Coastguard Worker
104*2d543d20SAndroid Build Coastguard Worker /* If range (-) does not follow immediately, require a space
105*2d543d20SAndroid Build Coastguard Worker * In other words, the space here is optional, but only
106*2d543d20SAndroid Build Coastguard Worker * in the ranged case, not in the single port case,
107*2d543d20SAndroid Build Coastguard Worker * so do a custom test */
108*2d543d20SAndroid Build Coastguard Worker if (*(info->ptr) && *(info->ptr) != '-') {
109*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
110*2d543d20SAndroid Build Coastguard Worker goto err;
111*2d543d20SAndroid Build Coastguard Worker }
112*2d543d20SAndroid Build Coastguard Worker
113*2d543d20SAndroid Build Coastguard Worker if (parse_optional_ch(info, '-') != STATUS_NODATA) {
114*2d543d20SAndroid Build Coastguard Worker
115*2d543d20SAndroid Build Coastguard Worker if (parse_skip_space(handle, info) < 0)
116*2d543d20SAndroid Build Coastguard Worker goto err;
117*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_int(handle, info, &high, ' ') < 0)
118*2d543d20SAndroid Build Coastguard Worker goto err;
119*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
120*2d543d20SAndroid Build Coastguard Worker goto err;
121*2d543d20SAndroid Build Coastguard Worker semanage_port_set_range(port, low, high);
122*2d543d20SAndroid Build Coastguard Worker } else
123*2d543d20SAndroid Build Coastguard Worker semanage_port_set_port(port, low);
124*2d543d20SAndroid Build Coastguard Worker
125*2d543d20SAndroid Build Coastguard Worker /* Port context */
126*2d543d20SAndroid Build Coastguard Worker if (parse_fetch_string(handle, info, &str, ' ', 0) < 0)
127*2d543d20SAndroid Build Coastguard Worker goto err;
128*2d543d20SAndroid Build Coastguard Worker if (semanage_context_from_string(handle, str, &con) < 0) {
129*2d543d20SAndroid Build Coastguard Worker ERR(handle, "invalid security context \"%s\" (%s: %u)\n%s",
130*2d543d20SAndroid Build Coastguard Worker str, info->filename, info->lineno, info->orig_line);
131*2d543d20SAndroid Build Coastguard Worker goto err;
132*2d543d20SAndroid Build Coastguard Worker }
133*2d543d20SAndroid Build Coastguard Worker if (con == NULL) {
134*2d543d20SAndroid Build Coastguard Worker ERR(handle, "<<none>> context is not valid "
135*2d543d20SAndroid Build Coastguard Worker "for ports (%s: %u):\n%s", info->filename,
136*2d543d20SAndroid Build Coastguard Worker info->lineno, info->orig_line);
137*2d543d20SAndroid Build Coastguard Worker goto err;
138*2d543d20SAndroid Build Coastguard Worker }
139*2d543d20SAndroid Build Coastguard Worker free(str);
140*2d543d20SAndroid Build Coastguard Worker str = NULL;
141*2d543d20SAndroid Build Coastguard Worker
142*2d543d20SAndroid Build Coastguard Worker if (semanage_port_set_con(handle, port, con) < 0)
143*2d543d20SAndroid Build Coastguard Worker goto err;
144*2d543d20SAndroid Build Coastguard Worker
145*2d543d20SAndroid Build Coastguard Worker if (parse_assert_space(handle, info) < 0)
146*2d543d20SAndroid Build Coastguard Worker goto err;
147*2d543d20SAndroid Build Coastguard Worker
148*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
149*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
150*2d543d20SAndroid Build Coastguard Worker
151*2d543d20SAndroid Build Coastguard Worker last:
152*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
153*2d543d20SAndroid Build Coastguard Worker return STATUS_NODATA;
154*2d543d20SAndroid Build Coastguard Worker
155*2d543d20SAndroid Build Coastguard Worker err:
156*2d543d20SAndroid Build Coastguard Worker ERR(handle, "could not parse port record");
157*2d543d20SAndroid Build Coastguard Worker free(str);
158*2d543d20SAndroid Build Coastguard Worker semanage_context_free(con);
159*2d543d20SAndroid Build Coastguard Worker parse_dispose_line(info);
160*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
161*2d543d20SAndroid Build Coastguard Worker }
162*2d543d20SAndroid Build Coastguard Worker
163*2d543d20SAndroid Build Coastguard Worker /* PORT RECORD: FILE extension: method table */
164*2d543d20SAndroid Build Coastguard Worker record_file_table_t SEMANAGE_PORT_FILE_RTABLE = {
165*2d543d20SAndroid Build Coastguard Worker .parse = port_parse,
166*2d543d20SAndroid Build Coastguard Worker .print = port_print,
167*2d543d20SAndroid Build Coastguard Worker };
168*2d543d20SAndroid Build Coastguard Worker
port_file_dbase_init(semanage_handle_t * handle,const char * path_ro,const char * path_rw,dbase_config_t * dconfig)169*2d543d20SAndroid Build Coastguard Worker int port_file_dbase_init(semanage_handle_t * handle,
170*2d543d20SAndroid Build Coastguard Worker const char *path_ro,
171*2d543d20SAndroid Build Coastguard Worker const char *path_rw,
172*2d543d20SAndroid Build Coastguard Worker dbase_config_t * dconfig)
173*2d543d20SAndroid Build Coastguard Worker {
174*2d543d20SAndroid Build Coastguard Worker
175*2d543d20SAndroid Build Coastguard Worker if (dbase_file_init(handle,
176*2d543d20SAndroid Build Coastguard Worker path_ro,
177*2d543d20SAndroid Build Coastguard Worker path_rw,
178*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_PORT_RTABLE,
179*2d543d20SAndroid Build Coastguard Worker &SEMANAGE_PORT_FILE_RTABLE, &dconfig->dbase) < 0)
180*2d543d20SAndroid Build Coastguard Worker return STATUS_ERR;
181*2d543d20SAndroid Build Coastguard Worker
182*2d543d20SAndroid Build Coastguard Worker dconfig->dtable = &SEMANAGE_FILE_DTABLE;
183*2d543d20SAndroid Build Coastguard Worker return STATUS_SUCCESS;
184*2d543d20SAndroid Build Coastguard Worker }
185*2d543d20SAndroid Build Coastguard Worker
port_file_dbase_release(dbase_config_t * dconfig)186*2d543d20SAndroid Build Coastguard Worker void port_file_dbase_release(dbase_config_t * dconfig)
187*2d543d20SAndroid Build Coastguard Worker {
188*2d543d20SAndroid Build Coastguard Worker
189*2d543d20SAndroid Build Coastguard Worker dbase_file_release(dconfig->dbase);
190*2d543d20SAndroid Build Coastguard Worker }
191