]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/basic/securebits-util.c
tree-wide: beautify remaining copyright statements
[thirdparty/systemd.git] / src / basic / securebits-util.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
07d46372 2/***
96b2fb93 3 Copyright © 2017 Yu Watanabe
07d46372
YW
4***/
5
6#include <errno.h>
dccca82b 7#include <stdio.h>
07d46372
YW
8
9#include "alloc-util.h"
10#include "extract-word.h"
11#include "securebits.h"
12#include "securebits-util.h"
13#include "string-util.h"
14
15int secure_bits_to_string_alloc(int i, char **s) {
16 _cleanup_free_ char *str = NULL;
17 size_t len;
18 int r;
19
20 assert(s);
21
22 r = asprintf(&str, "%s%s%s%s%s%s",
23 (i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "",
24 (i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "",
25 (i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "",
26 (i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "",
27 (i & (1 << SECURE_NOROOT)) ? "noroot " : "",
28 (i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : "");
29 if (r < 0)
30 return -ENOMEM;
31
32 len = strlen(str);
33 if (len != 0)
34 str[len - 1] = '\0';
35
ae2a15bc 36 *s = TAKE_PTR(str);
07d46372
YW
37
38 return 0;
39}
40
41int secure_bits_from_string(const char *s) {
42 int secure_bits = 0;
43 const char *p;
44 int r;
45
46 for (p = s;;) {
47 _cleanup_free_ char *word = NULL;
48
49 r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES);
50 if (r == -ENOMEM)
51 return r;
52 if (r <= 0)
53 break;
54
55 if (streq(word, "keep-caps"))
56 secure_bits |= 1 << SECURE_KEEP_CAPS;
57 else if (streq(word, "keep-caps-locked"))
58 secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED;
59 else if (streq(word, "no-setuid-fixup"))
60 secure_bits |= 1 << SECURE_NO_SETUID_FIXUP;
61 else if (streq(word, "no-setuid-fixup-locked"))
62 secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED;
63 else if (streq(word, "noroot"))
64 secure_bits |= 1 << SECURE_NOROOT;
65 else if (streq(word, "noroot-locked"))
66 secure_bits |= 1 << SECURE_NOROOT_LOCKED;
67 }
68
69 return secure_bits;
70}