src/basic/securebits-util.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   Copyright © 2017 Yu Watanabe
   4 ***/
   5
   6 #include <errno.h>
   7 #include <stdio.h>
   8
   9 #include "alloc-util.h"
  10 #include "extract-word.h"
  11 #include "securebits.h"
  12 #include "securebits-util.h"
  13 #include "string-util.h"
  14
  15 int secure_bits_to_string_alloc(int i, char **s) {
  16         _cleanup_free_ char *str = NULL;
  17         size_t len;
  18         int r;
  19
  20         assert(s);
  21
  22         r = asprintf(&str, "%s%s%s%s%s%s",
  23                      (i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "",
  24                      (i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "",
  25                      (i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "",
  26                      (i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "",
  27                      (i & (1 << SECURE_NOROOT)) ? "noroot " : "",
  28                      (i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : "");
  29         if (r < 0)
  30                 return -ENOMEM;
  31
  32         len = strlen(str);
  33         if (len != 0)
  34                 str[len - 1] = '\0';
  35
  36         *s = TAKE_PTR(str);
  37
  38         return 0;
  39 }
  40
  41 int secure_bits_from_string(const char *s) {
  42         int secure_bits = 0;
  43         const char *p;
  44         int r;
  45
  46         for (p = s;;) {
  47                 _cleanup_free_ char *word = NULL;
  48
  49                 r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
  50                 if (r == -ENOMEM)
  51                         return r;
  52                 if (r <= 0)
  53                         break;
  54
  55                 if (streq(word, "keep-caps"))
  56                         secure_bits |= 1 << SECURE_KEEP_CAPS;
  57                 else if (streq(word, "keep-caps-locked"))
  58                         secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED;
  59                 else if (streq(word, "no-setuid-fixup"))
  60                         secure_bits |= 1 << SECURE_NO_SETUID_FIXUP;
  61                 else if (streq(word, "no-setuid-fixup-locked"))
  62                         secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED;
  63                 else if (streq(word, "noroot"))
  64                         secure_bits |= 1 << SECURE_NOROOT;
  65                 else if (streq(word, "noroot-locked"))
  66                         secure_bits |= 1 << SECURE_NOROOT_LOCKED;
  67         }
  68
  69         return secure_bits;
  70 }