]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
07d46372 | 2 | /*** |
96b2fb93 | 3 | Copyright © 2017 Yu Watanabe |
07d46372 YW |
4 | ***/ |
5 | ||
6 | #include <errno.h> | |
dccca82b | 7 | #include <stdio.h> |
07d46372 YW |
8 | |
9 | #include "alloc-util.h" | |
10 | #include "extract-word.h" | |
11 | #include "securebits.h" | |
12 | #include "securebits-util.h" | |
13 | #include "string-util.h" | |
14 | ||
15 | int secure_bits_to_string_alloc(int i, char **s) { | |
16 | _cleanup_free_ char *str = NULL; | |
17 | size_t len; | |
18 | int r; | |
19 | ||
20 | assert(s); | |
21 | ||
22 | r = asprintf(&str, "%s%s%s%s%s%s", | |
23 | (i & (1 << SECURE_KEEP_CAPS)) ? "keep-caps " : "", | |
24 | (i & (1 << SECURE_KEEP_CAPS_LOCKED)) ? "keep-caps-locked " : "", | |
25 | (i & (1 << SECURE_NO_SETUID_FIXUP)) ? "no-setuid-fixup " : "", | |
26 | (i & (1 << SECURE_NO_SETUID_FIXUP_LOCKED)) ? "no-setuid-fixup-locked " : "", | |
27 | (i & (1 << SECURE_NOROOT)) ? "noroot " : "", | |
28 | (i & (1 << SECURE_NOROOT_LOCKED)) ? "noroot-locked " : ""); | |
29 | if (r < 0) | |
30 | return -ENOMEM; | |
31 | ||
32 | len = strlen(str); | |
33 | if (len != 0) | |
34 | str[len - 1] = '\0'; | |
35 | ||
ae2a15bc | 36 | *s = TAKE_PTR(str); |
07d46372 YW |
37 | |
38 | return 0; | |
39 | } | |
40 | ||
41 | int secure_bits_from_string(const char *s) { | |
42 | int secure_bits = 0; | |
43 | const char *p; | |
44 | int r; | |
45 | ||
46 | for (p = s;;) { | |
47 | _cleanup_free_ char *word = NULL; | |
48 | ||
49 | r = extract_first_word(&p, &word, NULL, EXTRACT_QUOTES); | |
50 | if (r == -ENOMEM) | |
51 | return r; | |
52 | if (r <= 0) | |
53 | break; | |
54 | ||
55 | if (streq(word, "keep-caps")) | |
56 | secure_bits |= 1 << SECURE_KEEP_CAPS; | |
57 | else if (streq(word, "keep-caps-locked")) | |
58 | secure_bits |= 1 << SECURE_KEEP_CAPS_LOCKED; | |
59 | else if (streq(word, "no-setuid-fixup")) | |
60 | secure_bits |= 1 << SECURE_NO_SETUID_FIXUP; | |
61 | else if (streq(word, "no-setuid-fixup-locked")) | |
62 | secure_bits |= 1 << SECURE_NO_SETUID_FIXUP_LOCKED; | |
63 | else if (streq(word, "noroot")) | |
64 | secure_bits |= 1 << SECURE_NOROOT; | |
65 | else if (streq(word, "noroot-locked")) | |
66 | secure_bits |= 1 << SECURE_NOROOT_LOCKED; | |
67 | } | |
68 | ||
69 | return secure_bits; | |
70 | } |