113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Copyright (C) 2005 Red Hat, Inc. */ 213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Object: dbase_policydb_t (Policy) 413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * Implements: dbase_t (Database) 513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle */ 613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestruct dbase_policydb; 813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindletypedef struct dbase_policydb dbase_t; 913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#define DBASE_DEFINED 1013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdlib.h> 1213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stddef.h> 1313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <string.h> 1413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio.h> 1513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <stdio_ext.h> 1613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <errno.h> 1713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 1813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include <sepol/policydb.h> 1913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "database_policydb.h" 2113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "semanage_store.h" 2213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "handle.h" 2313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle#include "debug.h" 2413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 2513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* POLICYDB dbase */ 2613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestruct dbase_policydb { 2713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case /* Backing path for read-only[0] and transaction[1] */ 29e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case const char *path[2]; 3013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Base record table */ 3213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_table_t *rtable; 3313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Policy extensions */ 3513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_policydb_table_t *rptable; 3613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policydb_t *policydb; 3813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 3913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int cache_serial; 4013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int modified; 4113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int attached; 4213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 4313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic void dbase_policydb_drop_cache(dbase_policydb_t * dbase) 4513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 4613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 4713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->cache_serial >= 0) { 4813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policydb_free(dbase->policydb); 4913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->cache_serial = -1; 5013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->modified = 0; 5113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 5213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 5313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_set_serial(semanage_handle_t * handle, 5513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase) 5613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 5713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 5813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int cache_serial = handle->funcs->get_serial(handle); 5913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cache_serial < 0) { 6013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not update cache serial"); 6113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 6213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 6313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->cache_serial = cache_serial; 6513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 6613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 6713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 6813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_needs_resync(semanage_handle_t * handle, 6913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase) 7013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 7113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int cache_serial; 7313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->cache_serial < 0) 7513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 7613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 7713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle cache_serial = handle->funcs->get_serial(handle); 7813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cache_serial < 0) 7913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 8013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (cache_serial != dbase->cache_serial) { 8213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_drop_cache(dbase); 8313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->cache_serial = -1; 8413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 1; 8513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 8613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 8713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 8813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 8913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_cache(semanage_handle_t * handle, 9013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase) 9113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 9213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle FILE *fp = NULL; 9413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policydb_t *policydb = NULL; 9513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policy_file_t *pf = NULL; 96e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case const char *fname = NULL; 9713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 9813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Check if cache is needed */ 9913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->attached) 10013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 10113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!dbase_policydb_needs_resync(handle, dbase)) 10313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 10413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 105e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case fname = dbase->path[handle->is_in_transaction]; 10613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 10713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sepol_policydb_create(&policydb) < 0) { 10813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not create policydb object"); 10913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 11013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 11113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 11213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Try opening file 11313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * ENOENT is not fatal - we just create an empty policydb */ 11413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fp = fopen(fname, "rb"); 11513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (fp == NULL && errno != ENOENT) { 11613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not open %s for reading: %s", 11713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fname, strerror(errno)); 11813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 11913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 12013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* If the file was opened successfully, read a policydb */ 12213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (fp != NULL) { 12313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle __fsetlocking(fp, FSETLOCKING_BYCALLER); 12413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sepol_policy_file_create(&pf) < 0) { 12513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not create policy file object"); 12613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 12713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 12813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 12913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policy_file_set_fp(pf, fp); 13013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policy_file_set_handle(pf, handle->sepolh); 13113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (sepol_policydb_read(policydb, pf) < 0) 13313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 13413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 13513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policy_file_free(pf); 13613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(fp); 13713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fp = NULL; 13813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 13913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Update cache serial */ 14113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase_policydb_set_serial(handle, dbase) < 0) 14213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 14313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Update the database policydb */ 14513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb = policydb; 14613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 14713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 14813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 14913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not cache policy database"); 15013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (fp) 15113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle fclose(fp); 15213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policydb_free(policydb); 15313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policy_file_free(pf); 15413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 15513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 15613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 157f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattockstatic int dbase_policydb_flush(semanage_handle_t * handle 158f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock __attribute__ ((unused)), 15913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase) 16013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 16113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!dbase->modified) 16313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 16413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->modified = 0; 16613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 16713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Stub */ 16813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle handle = NULL; 16913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 17013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 17113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Check if modified */ 17313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_is_modified(dbase_policydb_t * dbase) 17413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 17513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return dbase->modified; 17713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 17813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 17913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindleint dbase_policydb_init(semanage_handle_t * handle, 180e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case const char *path_ro, 181e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case const char *path_rw, 18213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_table_t * rtable, 18313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_policydb_table_t * rptable, 18413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t ** dbase) 18513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 18613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 18713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t *tmp_dbase = 18813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle (dbase_policydb_t *) malloc(sizeof(dbase_policydb_t)); 18913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 19013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (!tmp_dbase) 19113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto omem; 19213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 193e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case tmp_dbase->path[0] = path_ro; 194e37fa2f63be89afab9b5f5ddfedbd589d0676c4eCaleb Case tmp_dbase->path[1] = path_rw; 19513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp_dbase->rtable = rtable; 19613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp_dbase->rptable = rptable; 19713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp_dbase->policydb = NULL; 19813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp_dbase->cache_serial = -1; 19913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp_dbase->modified = 0; 20013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp_dbase->attached = 0; 20113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *dbase = tmp_dbase; 20213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 20413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle omem: 20613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "out of memory, could not initialize policy database"); 20713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(tmp_dbase); 20813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 20913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 21013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 21113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Release dbase resources */ 21313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid dbase_policydb_release(dbase_policydb_t * dbase) 21413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 21513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 21613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_drop_cache(dbase); 21713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle free(dbase); 21813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 21913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Attach to a shared policydb. 22113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This implies drop_cache(), 22213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * and prevents flush() and drop_cache() 22313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * until detached. */ 22413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid dbase_policydb_attach(dbase_policydb_t * dbase, 22513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle sepol_policydb_t * policydb) 22613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 22713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 22813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->attached = 1; 22913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_drop_cache(dbase); 23013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb = policydb; 23113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 23213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* Detach from a shared policdb. 23413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle * This implies drop_cache. */ 23513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlevoid dbase_policydb_detach(dbase_policydb_t * dbase) 23613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 23713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 23813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->attached = 0; 23913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->modified = 0; 24013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 24113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_add(semanage_handle_t * handle, 24313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase, 24413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const record_key_t * key, const record_t * data) 24513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 24613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 24713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->add(handle->sepolh, dbase->policydb, key, data) < 0) 24813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 24913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->modified = 1; 25113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 25213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 25413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not add record to the database"); 25513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 25613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 25713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 25813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_set(semanage_handle_t * handle, 25913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase, 26013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const record_key_t * key, const record_t * data) 26113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 26213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->set(handle->sepolh, dbase->policydb, key, data) < 0) 26413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 26513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->modified = 1; 26713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 26813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 26913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 27013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not set record value"); 27113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 27213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 27313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 27413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_modify(semanage_handle_t * handle, 27513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase, 27613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const record_key_t * key, 27713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const record_t * data) 27813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 27913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->modify(handle->sepolh, 28113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb, key, data) < 0) 28213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 28313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->modified = 1; 28513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 28613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 28713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 28813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not modify record value"); 28913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 29013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 29113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 292f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattockstatic int dbase_policydb_del(semanage_handle_t * handle 293f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock __attribute__ ((unused)), 294f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock dbase_policydb_t * dbase 295f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock __attribute__ ((unused)), 296f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock const record_key_t * key 297f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock __attribute__ ((unused))) 29813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 29913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 30013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Stub */ 30113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle key = NULL; 30213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle handle = NULL; 30313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase = NULL; 30413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 30513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 30613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 307f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattockstatic int dbase_policydb_clear(semanage_handle_t * handle 308f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock __attribute__ ((unused)), 309f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock dbase_policydb_t * dbase 310f7dd4ca760de5f2dfa962749dddf8a99587f2257Justin P. Mattock __attribute__ ((unused))) 31113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 31213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 31313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Stub */ 31413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle handle = NULL; 31513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase = NULL; 31613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 31713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 31813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 31913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_query(semanage_handle_t * handle, 32013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase, 32113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const record_key_t * key, record_t ** response) 32213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 32313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 32413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->query(handle->sepolh, 32513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb, key, response) < 0) 32613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 32713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 32813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 32913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 33113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not query record value"); 33213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 33313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 33413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 33513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_exists(semanage_handle_t * handle, 33613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase, 33713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle const record_key_t * key, int *response) 33813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 33913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->exists(handle->sepolh, 34113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb, key, response) < 0) 34213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 34313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 34513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 34613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 34713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not check if record exists"); 34813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 34913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 35013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_count(semanage_handle_t * handle, 35213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase, 35313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int *response) 35413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 35513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 35613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->count(handle->sepolh, 35713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb, response) < 0) 35813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 35913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 36113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 36313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not count the database records"); 36413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 36513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 36613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 36713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_iterate(semanage_handle_t * handle, 36813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_policydb_t * dbase, 36913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int (*fn) (const record_t * record, 37013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle void *fn_arg), void *arg) 37113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 37213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->iterate(handle->sepolh, 37413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb, fn, arg) < 0) 37513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 37613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 37813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 37913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 38013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not iterate over records"); 38113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 38213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 38313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 38413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestruct list_handler_arg { 38513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle semanage_handle_t *handle; 38613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_table_t *rtable; 38713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_t **records; 38813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle int pos; 38913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 39013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int list_handler(const record_t * record, void *varg) 39213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 39313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct list_handler_arg *arg = (struct list_handler_arg *)varg; 39513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 39613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (arg->rtable->clone(arg->handle, record, &arg->records[arg->pos]) < 39713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 0) 39813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return -1; 39913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle arg->pos++; 40013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return 0; 40113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 40213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic int dbase_policydb_list(semanage_handle_t * handle, 40413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase_t * dbase, 40513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_t *** records, unsigned int *count) 40613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 40713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 40813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle record_t **tmp_records = NULL; 40913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle unsigned int tmp_count; 41013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle struct list_handler_arg list_arg; 41113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle list_arg.pos = 0; 41213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle list_arg.rtable = dbase->rtable; 41313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle list_arg.handle = handle; 41413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->count(handle->sepolh, 41613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb, &tmp_count) < 0) 41713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 41813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 41913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (tmp_count > 0) { 42013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle tmp_records = (record_t **) 42113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle calloc(tmp_count, sizeof(record_t *)); 42213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 42313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (tmp_records == NULL) 42413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto omem; 42513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 42613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle list_arg.records = tmp_records; 42713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 42813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle if (dbase->rptable->iterate(handle->sepolh, 42913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle dbase->policydb, list_handler, 43013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle &list_arg) < 0) { 43113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "list handler could not extract record"); 43213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle goto err; 43313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 43413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle } 43513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 43613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *records = tmp_records; 43713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle *count = tmp_count; 43813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_SUCCESS; 43913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle omem: 44113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "out of memory"); 44213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 44313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle err: 4442276a2fa51517ead7f4cf028263dee4b5e2bb46aEric Paris if (tmp_records) { 4452276a2fa51517ead7f4cf028263dee4b5e2bb46aEric Paris for (; list_arg.pos >= 0; list_arg.pos--) 4462276a2fa51517ead7f4cf028263dee4b5e2bb46aEric Paris dbase->rtable->free(tmp_records[list_arg.pos]); 4472276a2fa51517ead7f4cf028263dee4b5e2bb46aEric Paris free(tmp_records); 4482276a2fa51517ead7f4cf028263dee4b5e2bb46aEric Paris } 44913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle ERR(handle, "could not list records"); 45013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return STATUS_ERR; 45113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 45213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 45313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindlestatic record_table_t *dbase_policydb_get_rtable(dbase_policydb_t * dbase) 45413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle{ 45513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 45613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle return dbase->rtable; 45713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle} 45813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 45913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle/* POLICYDB dbase - method table implementation */ 46013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindledbase_table_t SEMANAGE_POLICYDB_DTABLE = { 46113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Cache/Transactions */ 46313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .cache = dbase_policydb_cache, 46413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .drop_cache = dbase_policydb_drop_cache, 46513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .flush = dbase_policydb_flush, 46613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .is_modified = dbase_policydb_is_modified, 46713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 46813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Database Functionality */ 46913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .iterate = dbase_policydb_iterate, 47013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .exists = dbase_policydb_exists, 47113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .list = dbase_policydb_list, 47213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .add = dbase_policydb_add, 47313cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .set = dbase_policydb_set, 47413cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .del = dbase_policydb_del, 47513cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .clear = dbase_policydb_clear, 47613cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .modify = dbase_policydb_modify, 47713cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .query = dbase_policydb_query, 47813cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .count = dbase_policydb_count, 47913cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle 48013cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle /* Polymorphism */ 48113cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle .get_rtable = dbase_policydb_get_rtable 48213cd4c8960688af11ad23b4c946149015c80d54Joshua Brindle}; 483