analyze: fully move "security" verb to analyze-security.[ch]

author Lennart Poettering <lennart@poettering.net>

Mon, 21 Feb 2022 13:06:15 +0000 (14:06 +0100)

committer Lennart Poettering <lennart@poettering.net>

Mon, 21 Feb 2022 16:22:23 +0000 (17:22 +0100)
author Lennart Poettering <lennart@poettering.net>
Mon, 21 Feb 2022 13:06:15 +0000 (14:06 +0100)
committer Lennart Poettering <lennart@poettering.net>
Mon, 21 Feb 2022 16:22:23 +0000 (17:22 +0100)
diff --git a/src/analyze/analyze-security.c b/src/analyze/analyze-security.c

index 3ee7644a89f8bbd0e812ebded15ca752f68832ba..642c4f5d1c29a47a7867d71e95461765b7fb96be 100644 (file)
--- a/src/analyze/analyze-security.c
+++ b/src/analyze/analyze-security.c
@@ -3,6 +3,7 @@
  #include <sys/utsname.h>
  
  #include "af-list.h"
+#include "analyze.h"
  #include "analyze-security.h"
  #include "analyze-verify.h"
  #include "bus-error.h"
@@ -11,6 +12,8 @@
  #include "bus-util.h"
  #include "copy.h"
  #include "env-util.h"
+#include "fd-util.h"
+#include "fileio.h"
  #include "format-table.h"
  #include "in-addr-prefix-util.h"
  #include "locale-util.h"
@@ -2753,7 +2756,7 @@ static int offline_security_checks(char **filenames,
          return r;
  }
  
-int analyze_security(sd_bus *bus,
+static int analyze_security(sd_bus *bus,
                       char **units,
                       JsonVariant *policy,
                       UnitFileScope scope,
@@ -2886,3 +2889,51 @@ int analyze_security(sd_bus *bus,
          }
          return ret;
  }
+
+int do_security(int argc, char *argv[], void *userdata) {
+        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
+        _cleanup_(json_variant_unrefp) JsonVariant *policy = NULL;
+        int r;
+        unsigned line, column;
+
+        if (!arg_offline) {
+                r = acquire_bus(&bus, NULL);
+                if (r < 0)
+                        return bus_log_connect_error(r, arg_transport);
+        }
+
+        pager_open(arg_pager_flags);
+
+        if (arg_security_policy) {
+                r = json_parse_file(/*f=*/ NULL, arg_security_policy, /*flags=*/ 0, &policy, &line, &column);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to parse '%s' at %u:%u: %m", arg_security_policy, line, column);
+        } else {
+                _cleanup_fclose_ FILE *f = NULL;
+                _cleanup_free_ char *pp = NULL;
+
+                r = search_and_fopen_nulstr("systemd-analyze-security.policy", "re", /*root=*/ NULL, CONF_PATHS_NULSTR("systemd"), &f, &pp);
+                if (r < 0 && r != -ENOENT)
+                        return r;
+
+                if (f) {
+                        r = json_parse_file(f, pp, /*flags=*/ 0, &policy, &line, &column);
+                        if (r < 0)
+                                return log_error_errno(r, "[%s:%u:%u] Failed to parse JSON policy: %m", pp, line, column);
+                }
+        }
+
+        return analyze_security(bus,
+                                strv_skip(argv, 1),
+                                policy,
+                                arg_scope,
+                                arg_man,
+                                arg_generators,
+                                arg_offline,
+                                arg_threshold,
+                                arg_root,
+                                arg_profile,
+                                arg_json_format_flags,
+                                arg_pager_flags,
+                                /*flags=*/ 0);
+}
diff --git a/src/analyze/analyze-security.h b/src/analyze/analyze-security.h

index 07483248eebb704ec5db6c4f5b635741b265e4f0..84436c7dadc9c27f0873a851a2cda5c8578ba6ec 100644 (file)
--- a/src/analyze/analyze-security.h
+++ b/src/analyze/analyze-security.h
@@ -1,30 +1,10 @@
  /* SPDX-License-Identifier: LGPL-2.1-or-later */
  #pragma once
  
-#include <stdbool.h>
-
-#include "sd-bus.h"
-
-#include "json.h"
-#include "pager.h"
-#include "unit-file.h"
-
  typedef enum AnalyzeSecurityFlags {
          ANALYZE_SECURITY_SHORT             = 1 << 0,
          ANALYZE_SECURITY_ONLY_LOADED       = 1 << 1,
          ANALYZE_SECURITY_ONLY_LONG_RUNNING = 1 << 2,
  } AnalyzeSecurityFlags;
  
-int analyze_security(sd_bus *bus,
-                     char **units,
-                     JsonVariant *policy,
-                     UnitFileScope scope,
-                     bool check_man,
-                     bool run_generators,
-                     bool offline,
-                     unsigned threshold,
-                     const char *root,
-                     const char *profile,
-                     JsonFormatFlags json_format_flags,
-                     PagerFlags pager_flags,
-                     AnalyzeSecurityFlags flags);
+int do_security(int argc, char *argv[], void *userdata);
diff --git a/src/analyze/analyze.c b/src/analyze/analyze.c

index 9ff0f6dcf41f260f4a70a1a0a509d83d726532e6..b2aaf65338ca09a380d7e4f9544aa24f356be2f6 100644 (file)
--- a/src/analyze/analyze.c
+++ b/src/analyze/analyze.c
@@ -91,19 +91,19 @@ BusTransport arg_transport = BUS_TRANSPORT_LOCAL;
  const char *arg_host = NULL;
  UnitFileScope arg_scope = UNIT_FILE_SYSTEM;
  static RecursiveErrors arg_recursive_errors = RECURSIVE_ERRORS_YES;
-static bool arg_man = true;
-static bool arg_generators = false;
+bool arg_man = true;
+bool arg_generators = false;
  char *arg_root = NULL;
  static char *arg_image = NULL;
-static char *arg_security_policy = NULL;
-static bool arg_offline = false;
-static unsigned arg_threshold = 100;
+char *arg_security_policy = NULL;
+bool arg_offline = false;
+unsigned arg_threshold = 100;
  unsigned arg_iterations = 1;
  usec_t arg_base_time = USEC_INFINITY;
  static char *arg_unit = NULL;
-static JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
+JsonFormatFlags arg_json_format_flags = JSON_FORMAT_OFF;
  bool arg_quiet = false;
-static char *arg_profile = NULL;
+char *arg_profile = NULL;
  
  STATIC_DESTRUCTOR_REGISTER(arg_dot_from_patterns, strv_freep);
  STATIC_DESTRUCTOR_REGISTER(arg_dot_to_patterns, strv_freep);
@@ -230,54 +230,6 @@ static int do_verify(int argc, char *argv[], void *userdata) {
          return verify_units(filenames, arg_scope, arg_man, arg_generators, arg_recursive_errors, arg_root);
  }
  
-static int do_security(int argc, char *argv[], void *userdata) {
-        _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
-        _cleanup_(json_variant_unrefp) JsonVariant *policy = NULL;
-        int r;
-        unsigned line, column;
-
-        if (!arg_offline) {
-                r = acquire_bus(&bus, NULL);
-                if (r < 0)
-                        return bus_log_connect_error(r, arg_transport);
-        }
-
-        pager_open(arg_pager_flags);
-
-        if (arg_security_policy) {
-                r = json_parse_file(/*f=*/ NULL, arg_security_policy, /*flags=*/ 0, &policy, &line, &column);
-                if (r < 0)
-                        return log_error_errno(r, "Failed to parse '%s' at %u:%u: %m", arg_security_policy, line, column);
-        } else {
-                _cleanup_fclose_ FILE *f = NULL;
-                _cleanup_free_ char *pp = NULL;
-
-                r = search_and_fopen_nulstr("systemd-analyze-security.policy", "re", /*root=*/ NULL, CONF_PATHS_NULSTR("systemd"), &f, &pp);
-                if (r < 0 && r != -ENOENT)
-                        return r;
-
-                if (f) {
-                        r = json_parse_file(f, pp, /*flags=*/ 0, &policy, &line, &column);
-                        if (r < 0)
-                                return log_error_errno(r, "[%s:%u:%u] Failed to parse JSON policy: %m", pp, line, column);
-                }
-        }
-
-        return analyze_security(bus,
-                                strv_skip(argv, 1),
-                                policy,
-                                arg_scope,
-                                arg_man,
-                                arg_generators,
-                                arg_offline,
-                                arg_threshold,
-                                arg_root,
-                                arg_profile,
-                                arg_json_format_flags,
-                                arg_pager_flags,
-                                /*flags=*/ 0);
-}
-
  static int do_elf_inspection(int argc, char *argv[], void *userdata) {
          pager_open(arg_pager_flags);
  
diff --git a/src/analyze/analyze.h b/src/analyze/analyze.h

index 57740acc8c32945378a048259f26f7f445e393a0..94eec410621a486c66042280db92ef1ce658d544 100644 (file)
--- a/src/analyze/analyze.h
+++ b/src/analyze/analyze.h
@@ -4,6 +4,7 @@
  #include <stdbool.h>
  
  #include "bus-util.h"
+#include "json.h"
  #include "pager.h"
  #include "time-util.h"
  #include "unit-file.h"
@@ -21,10 +22,17 @@ extern PagerFlags arg_pager_flags;
  extern BusTransport arg_transport;
  extern const char *arg_host;
  extern UnitFileScope arg_scope;
+extern bool arg_man;
+extern bool arg_generators;
  extern char *arg_root;
+extern char *arg_security_policy;
+extern bool arg_offline;
+extern unsigned arg_threshold;
  extern unsigned arg_iterations;
  extern usec_t arg_base_time;
+extern JsonFormatFlags arg_json_format_flags;
  extern bool arg_quiet;
+extern char *arg_profile;
  
  int acquire_bus(sd_bus **bus, bool *use_full_bus);
author	Lennart Poettering <lennart@poettering.net>
	Mon, 21 Feb 2022 13:06:15 +0000 (14:06 +0100)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 21 Feb 2022 16:22:23 +0000 (17:22 +0100)
src/analyze/analyze-security.c		patch \| blob \| blame \| history
src/analyze/analyze-security.h		patch \| blob \| blame \| history
src/analyze/analyze.c		patch \| blob \| blame \| history
src/analyze/analyze.h		patch \| blob \| blame \| history