xref: /aosp_15_r20/external/selinux/libsemanage/src/database_policydb.c (revision 2d543d20722ada2425b5bdab9d0d1d29470e7bba)

/* Copyright (C) 2005 Red Hat, Inc. */

/* Object: dbase_policydb_t (Policy)
 * Implements: dbase_t (Database)
 */

struct dbase_policydb;
typedef struct dbase_policydb dbase_t;
#define DBASE_DEFINED

#include <stdlib.h>
#include <stddef.h>
#include <string.h>
#include <stdio.h>
#include <stdio_ext.h>
#include <errno.h>

#include <sepol/policydb.h>

#include "database_policydb.h"
#include "semanage_store.h"
#include "handle.h"
#include "debug.h"

/* POLICYDB dbase */
struct dbase_policydb {

        /* Backing path for read-only[0] and transaction[1] */
        const char *path[2];

	/* Base record table */
	record_table_t *rtable;

	/* Policy extensions */
	record_policydb_table_t *rptable;

	sepol_policydb_t *policydb;

	int cache_serial;
	int modified;
	int attached;
};

static void dbase_policydb_drop_cache(dbase_policydb_t * dbase)
{

	if (dbase->cache_serial >= 0) {
		sepol_policydb_free(dbase->policydb);
		dbase->cache_serial = -1;
		dbase->modified = 0;
	}
}

static int dbase_policydb_set_serial(semanage_handle_t * handle,
				     dbase_policydb_t * dbase)
{

	int cache_serial = handle->funcs->get_serial(handle);
	if (cache_serial < 0) {
		ERR(handle, "could not update cache serial");
		return STATUS_ERR;
	}

	dbase->cache_serial = cache_serial;
	return STATUS_SUCCESS;
}

static int dbase_policydb_needs_resync(semanage_handle_t * handle,
				       dbase_policydb_t * dbase)
{

	int cache_serial;

	if (dbase->cache_serial < 0)
		return 1;

	cache_serial = handle->funcs->get_serial(handle);
	if (cache_serial < 0)
		return 1;

	if (cache_serial != dbase->cache_serial) {
		dbase_policydb_drop_cache(dbase);
		dbase->cache_serial = -1;
		return 1;
	}
	return 0;
}

static int dbase_policydb_cache(semanage_handle_t * handle,
				dbase_policydb_t * dbase)
{

	FILE *fp = NULL;
	sepol_policydb_t *policydb = NULL;
	sepol_policy_file_t *pf = NULL;
	const char *fname = NULL;

	/* Check if cache is needed */
	if (dbase->attached)
		return STATUS_SUCCESS;

	if (!dbase_policydb_needs_resync(handle, dbase))
		return STATUS_SUCCESS;

	fname = dbase->path[handle->is_in_transaction];

	if (sepol_policydb_create(&policydb) < 0) {
		ERR(handle, "could not create policydb object");
		goto err;
	}

	/* Try opening file
	 * ENOENT is not fatal - we just create an empty policydb */
	fp = fopen(fname, "rb");
	if (fp == NULL && errno != ENOENT) {
		ERR(handle, "could not open %s for reading: %s",
		    fname, strerror(errno));
		goto err;
	}

	/* If the file was opened successfully, read a policydb */
	if (fp != NULL) {
		__fsetlocking(fp, FSETLOCKING_BYCALLER);
		if (sepol_policy_file_create(&pf) < 0) {
			ERR(handle, "could not create policy file object");
			goto err;
		}

		sepol_policy_file_set_fp(pf, fp);
		sepol_policy_file_set_handle(pf, handle->sepolh);

		if (sepol_policydb_read(policydb, pf) < 0)
			goto err;

		sepol_policy_file_free(pf);
		fclose(fp);
		fp = NULL;
	}

	/* Update cache serial */
	if (dbase_policydb_set_serial(handle, dbase) < 0)
		goto err;

	/* Update the database policydb */
	dbase->policydb = policydb;
	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not cache policy database");
	if (fp)
		fclose(fp);
	sepol_policydb_free(policydb);
	sepol_policy_file_free(pf);
	return STATUS_ERR;
}

static int dbase_policydb_flush(semanage_handle_t * handle
				__attribute__ ((unused)),
				dbase_policydb_t * dbase)
{

	if (!dbase->modified)
		return STATUS_SUCCESS;

	dbase->modified = 0;

	/* Stub */
	return STATUS_ERR;
}

/* Check if modified */
static int dbase_policydb_is_modified(dbase_policydb_t * dbase)
{

	return dbase->modified;
}

int dbase_policydb_init(semanage_handle_t * handle,
			const char *path_ro,
			const char *path_rw,
			record_table_t * rtable,
			record_policydb_table_t * rptable,
			dbase_policydb_t ** dbase)
{

	dbase_policydb_t *tmp_dbase =
	    (dbase_policydb_t *) malloc(sizeof(dbase_policydb_t));

	if (!tmp_dbase)
		goto omem;

	tmp_dbase->path[0] = path_ro;
	tmp_dbase->path[1] = path_rw;
	tmp_dbase->rtable = rtable;
	tmp_dbase->rptable = rptable;
	tmp_dbase->policydb = NULL;
	tmp_dbase->cache_serial = -1;
	tmp_dbase->modified = 0;
	tmp_dbase->attached = 0;
	*dbase = tmp_dbase;

	return STATUS_SUCCESS;

      omem:
	ERR(handle, "out of memory, could not initialize policy database");
	free(tmp_dbase);

	return STATUS_ERR;
}

/* Release dbase resources */
void dbase_policydb_release(dbase_policydb_t * dbase)
{

	dbase_policydb_drop_cache(dbase);
	free(dbase);
}

/* Attach to a shared policydb.
 * This implies drop_cache(),
 * and prevents flush() and drop_cache()
 * until detached. */
void dbase_policydb_attach(dbase_policydb_t * dbase,
			   sepol_policydb_t * policydb)
{

	dbase->attached = 1;
	dbase_policydb_drop_cache(dbase);
	dbase->policydb = policydb;
}

/* Detach from a shared policdb.
 * This implies drop_cache. */
void dbase_policydb_detach(dbase_policydb_t * dbase)
{

	dbase->attached = 0;
	dbase->modified = 0;
}

static int dbase_policydb_add(semanage_handle_t * handle,
			      dbase_policydb_t * dbase,
			      const record_key_t * key, const record_t * data)
{

	if (dbase->rptable->add(handle->sepolh, dbase->policydb, key, data) < 0)
		goto err;

	dbase->modified = 1;
	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not add record to the database");
	return STATUS_ERR;
}

static int dbase_policydb_set(semanage_handle_t * handle,
			      dbase_policydb_t * dbase,
			      const record_key_t * key, const record_t * data)
{

	if (dbase->rptable->set(handle->sepolh, dbase->policydb, key, data) < 0)
		goto err;

	dbase->modified = 1;
	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not set record value");
	return STATUS_ERR;
}

static int dbase_policydb_modify(semanage_handle_t * handle,
				 dbase_policydb_t * dbase,
				 const record_key_t * key,
				 const record_t * data)
{

	if (dbase->rptable->modify(handle->sepolh,
				   dbase->policydb, key, data) < 0)
		goto err;

	dbase->modified = 1;
	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not modify record value");
	return STATUS_ERR;
}

static int dbase_policydb_del(semanage_handle_t * handle
				__attribute__ ((unused)),
			      dbase_policydb_t * dbase
				__attribute__ ((unused)),
			      const record_key_t * key
				__attribute__ ((unused)))
{

	/* Stub */
	return STATUS_ERR;
}

static int dbase_policydb_clear(semanage_handle_t * handle
				__attribute__ ((unused)),
				dbase_policydb_t * dbase
				__attribute__ ((unused)))
{

	/* Stub */
	return STATUS_ERR;
}

static int dbase_policydb_query(semanage_handle_t * handle,
				dbase_policydb_t * dbase,
				const record_key_t * key, record_t ** response)
{

	if (dbase->rptable->query(handle->sepolh,
				  dbase->policydb, key, response) < 0)
		goto err;

	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not query record value");
	return STATUS_ERR;
}

static int dbase_policydb_exists(semanage_handle_t * handle,
				 dbase_policydb_t * dbase,
				 const record_key_t * key, int *response)
{

	if (dbase->rptable->exists(handle->sepolh,
				   dbase->policydb, key, response) < 0)
		goto err;

	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not check if record exists");
	return STATUS_ERR;
}

static int dbase_policydb_count(semanage_handle_t * handle,
				dbase_policydb_t * dbase,
				unsigned int *response)
{

	if (dbase->rptable->count(handle->sepolh,
				  dbase->policydb, response) < 0)
		goto err;

	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not count the database records");
	return STATUS_ERR;
}

static int dbase_policydb_iterate(semanage_handle_t * handle,
				  dbase_policydb_t * dbase,
				  int (*fn) (const record_t * record,
					     void *fn_arg), void *arg)
{

	if (dbase->rptable->iterate(handle->sepolh,
				    dbase->policydb, fn, arg) < 0)
		goto err;

	return STATUS_SUCCESS;

      err:
	ERR(handle, "could not iterate over records");
	return STATUS_ERR;
}

struct list_handler_arg {
	semanage_handle_t *handle;
	record_table_t *rtable;
	record_t **records;
	int pos;
};

static int list_handler(const record_t * record, void *varg)
{

	struct list_handler_arg *arg = (struct list_handler_arg *)varg;

	if (arg->rtable->clone(arg->handle, record, &arg->records[arg->pos]) <
	    0)
		return -1;
	arg->pos++;
	return 0;
}

static int dbase_policydb_list(semanage_handle_t * handle,
			       dbase_t * dbase,
			       record_t *** records, unsigned int *count)
{

	record_t **tmp_records = NULL;
	unsigned int tmp_count;
	struct list_handler_arg list_arg;
	list_arg.pos = 0;
	list_arg.rtable = dbase->rtable;
	list_arg.handle = handle;

	if (dbase->rptable->count(handle->sepolh,
				  dbase->policydb, &tmp_count) < 0)
		goto err;

	if (tmp_count > 0) {
		tmp_records = (record_t **)
		    calloc(tmp_count, sizeof(record_t *));

		if (tmp_records == NULL)
			goto omem;

		list_arg.records = tmp_records;

		if (dbase->rptable->iterate(handle->sepolh,
					    dbase->policydb, list_handler,
					    &list_arg) < 0) {
			ERR(handle, "list handler could not extract record");
			goto err;
		}
	}

	*records = tmp_records;
	*count = tmp_count;
	return STATUS_SUCCESS;

      omem:
	ERR(handle, "out of memory");

      err:
	if (tmp_records) {
		for (; list_arg.pos >= 0; list_arg.pos--)
			dbase->rtable->free(tmp_records[list_arg.pos]);
		free(tmp_records);
	}
	ERR(handle, "could not list records");
	return STATUS_ERR;
}

static record_table_t *dbase_policydb_get_rtable(dbase_policydb_t * dbase)
{

	return dbase->rtable;
}

/* POLICYDB dbase - method table implementation */
dbase_table_t SEMANAGE_POLICYDB_DTABLE = {

	/* Cache/Transactions */
	.cache = dbase_policydb_cache,
	.drop_cache = dbase_policydb_drop_cache,
	.flush = dbase_policydb_flush,
	.is_modified = dbase_policydb_is_modified,

	/* Database Functionality */
	.iterate = dbase_policydb_iterate,
	.exists = dbase_policydb_exists,
	.list = dbase_policydb_list,
	.add = dbase_policydb_add,
	.set = dbase_policydb_set,
	.del = dbase_policydb_del,
	.clear = dbase_policydb_clear,
	.modify = dbase_policydb_modify,
	.query = dbase_policydb_query,
	.count = dbase_policydb_count,

	/* Polymorphism */
	.get_rtable = dbase_policydb_get_rtable
};